From 4861b77003aa2112f9937d2a59c9a90e5b2aa6d294f47755c1278f594313fd46 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Mon, 9 May 2022 15:04:49 +0000 Subject: [PATCH 001/135] OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=2 --- .gitattributes | 23 + .gitignore | 1 + F00251-change-user-install-location.patch | 58 + PACKAGING-NOTES | 26 + Python-3.10.4.tar.xz | 3 + Python-3.10.4.tar.xz.asc | 16 + README.SUSE | 43 + _multibuild | 4 + baselibs.conf | 3 + bluez-devel-vendor.tar.xz | 3 + bpo-31046_ensurepip_honours_prefix.patch | 163 + distutils-reproducible-compile.patch | 15 + fix_configure_rst.patch | 40 + idle3.appdata.xml | 35 + idle3.desktop | 12 + import_failed.map | 7 + import_failed.py | 23 + macros.python3 | 28 + no-skipif-doctests.patch | 660 ++++ pre_checkin.sh | 78 + python-3.3.0b1-fix_date_time_compiler.patch | 25 + python-3.3.0b1-localpath.patch | 11 + python-3.3.0b1-test-posix_fadvise.patch | 15 + python.keyring | 109 + python310-rpmlintrc | 1 + python310.changes | 2989 +++++++++++++++++++ python310.spec | 1008 +++++++ skip-test_pyobject_freed_is_freed.patch | 14 + skipped_tests.py | 69 + subprocess-raise-timeout.patch | 16 + 30 files changed, 5498 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 F00251-change-user-install-location.patch create mode 100644 PACKAGING-NOTES create mode 100644 Python-3.10.4.tar.xz create mode 100644 Python-3.10.4.tar.xz.asc create mode 100644 README.SUSE create mode 100644 _multibuild create mode 100644 baselibs.conf create mode 100644 bluez-devel-vendor.tar.xz create mode 100644 bpo-31046_ensurepip_honours_prefix.patch create mode 100644 distutils-reproducible-compile.patch create mode 100644 fix_configure_rst.patch create mode 100644 idle3.appdata.xml create mode 100644 idle3.desktop create mode 100644 import_failed.map create mode 100644 import_failed.py create mode 100644 macros.python3 create mode 100644 no-skipif-doctests.patch create mode 100644 pre_checkin.sh create mode 100644 python-3.3.0b1-fix_date_time_compiler.patch create mode 100644 python-3.3.0b1-localpath.patch create mode 100644 python-3.3.0b1-test-posix_fadvise.patch create mode 100644 python.keyring create mode 100644 python310-rpmlintrc create mode 100644 python310.changes create mode 100644 python310.spec create mode 100644 skip-test_pyobject_freed_is_freed.patch create mode 100644 skipped_tests.py create mode 100644 subprocess-raise-timeout.patch diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/F00251-change-user-install-location.patch b/F00251-change-user-install-location.patch new file mode 100644 index 0000000..e69c5a9 --- /dev/null +++ b/F00251-change-user-install-location.patch @@ -0,0 +1,58 @@ +From 910f38d9768d39d4d31426743ae4081ed1ab66b6 Mon Sep 17 00:00:00 2001 +From: Michal Cyprian +Date: Mon, 26 Jun 2017 16:32:56 +0200 +Subject: [PATCH] 00251: Change user install location + +Set values of prefix and exec_prefix in distutils install command +to /usr/local if executable is /usr/bin/python* and RPM build +is not detected to make pip and distutils install into separate location. + +Fedora Change: https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe +--- + Lib/distutils/command/install.py | 15 +++++++++++++-- + Lib/site.py | 9 ++++++++- + 2 files changed, 21 insertions(+), 3 deletions(-) + +--- a/Lib/distutils/command/install.py ++++ b/Lib/distutils/command/install.py +@@ -441,8 +441,19 @@ class install(Command): + raise DistutilsOptionError( + "must not supply exec-prefix without prefix") + +- self.prefix = os.path.normpath(sys.prefix) +- self.exec_prefix = os.path.normpath(sys.exec_prefix) ++ # self.prefix is set to sys.prefix + /local/ ++ # if neither RPM build nor virtual environment is ++ # detected to make pip and distutils install packages ++ # into the separate location. ++ if (not (hasattr(sys, 'real_prefix') or ++ sys.prefix != sys.base_prefix) and ++ 'RPM_BUILD_ROOT' not in os.environ): ++ addition = "/local" ++ else: ++ addition = "" ++ ++ self.prefix = os.path.normpath(sys.prefix) + addition ++ self.exec_prefix = os.path.normpath(sys.exec_prefix) + addition + + else: + if self.exec_prefix is None: +--- a/Lib/site.py ++++ b/Lib/site.py +@@ -380,8 +380,15 @@ def getsitepackages(prefixes=None): + return sitepackages + + def addsitepackages(known_paths, prefixes=None): +- """Add site-packages to sys.path""" ++ """Add site-packages to sys.path ++ ++ '/usr/local' is included in PREFIXES if RPM build is not detected ++ to make packages installed into this location visible. ++ ++ """ + _trace("Processing global site-packages") ++ if ENABLE_USER_SITE and 'RPM_BUILD_ROOT' not in os.environ: ++ PREFIXES.insert(0, "/usr/local") + for sitedir in getsitepackages(prefixes): + if os.path.isdir(sitedir): + addsitedir(sitedir, known_paths) diff --git a/PACKAGING-NOTES b/PACKAGING-NOTES new file mode 100644 index 0000000..e28c88c --- /dev/null +++ b/PACKAGING-NOTES @@ -0,0 +1,26 @@ +Notes for packagers of Python3 +============================== + +0. Faster build turnaround +-------------------------- + +By default, python builds with profile-guided optimization. This needs +an additional run of the test suite and it is generally slow. +PGO build takes around 50 minutes. + +For development, use "--without profileopt" option to disable PGO. This +shortens the build time to ~5 minutes including test suite. + +1. import_failed.map +---------------------- + +This is a mechanism installed as part of python3-base, that places shim modules +on python's path (through a generated zzzz-import-failed-hooks.pth file, so that +it is imported as much at the end as makes sense; and an _import_failed subdir +of /usr/lib/pythonX.Y). Then when the user tries to import a module that is part +of a subpackage, the ImportError will contain a helpful message telling them +which missing subpackage to install. + +This can sometimes cause problems on non-standard configurations, if the pth +gets included too early (for instance if you are using a script to include all +pths by hand in some strange order). Just something to look out for. diff --git a/Python-3.10.4.tar.xz b/Python-3.10.4.tar.xz new file mode 100644 index 0000000..c014894 --- /dev/null +++ b/Python-3.10.4.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:80bf925f571da436b35210886cf79f6eb5fa5d6c571316b73568343451f77a19 +size 19342692 diff --git a/Python-3.10.4.tar.xz.asc b/Python-3.10.4.tar.xz.asc new file mode 100644 index 0000000..304c4a3 --- /dev/null +++ b/Python-3.10.4.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEz9yiRbEEPPKl+Xhl/+h0BBaL2EcFAmI7glkACgkQ/+h0BBaL +2EeuBBAAoOCzPJXjt6RoAYMGpKl3f7HNGRR6q5nyLzyJ2EMOFflsJH7HRyE9c5eO +7EsrD3oO9OMkdY6Ffs7m0pfU6evGRaEAu/gY5ia8DVXjp0pLd8KJFKVKBvMLUsoB +WHM8t1MCCmEq7bPXjqnBW56UEMj8Tq/WzVPtC6nHc3zCbegM1GlrTcE4a6wYsILE +6zaSvmMGFNoER3+AzMSy2JEAYvPHZMhlzHgqjFwwQwBNEio7cKd12f8suwlGOnma +bpFpb6MlOyYXiBQtpEnlnkJH+xRrDKCczXVEgR64CHXF7ZOcuYexzLz+hX+1httd +vNmxcbx3Dd+LQ+QD/8oUqxGbQmz91QvcWR3VGweBdrqLykv4BqPQT5sh9pSj7GP4 ++bzIneAlNvbgZ31oWSAAjSyshtYPoKAK47a45UtGspsDONI2vMnVL4hKnYJPRNPQ +rVTjSZZQrTOvr7v3vnux0uvcg63DdmjkLULdyNgFoQzx1BK+/eQSVDqL3UxSifeg +ev1KtaEQvD71ETdpAmAzTxCQm41F6uQFC68JaAF7Bk5UH8PT1zhyAaTnVWBZ9dYu +2RORSFHib9cILdvql4Kde9ZKyzarcXl81+B3zAa3dehx+cpnbfxk2y+TKD+IAPJy +4727aPUgEceIVH3TtrwJF94vyR3UVPi2IudfGOmI/k2RZ+adjWY= +=4vI+ +-----END PGP SIGNATURE----- diff --git a/README.SUSE b/README.SUSE new file mode 100644 index 0000000..0053bcf --- /dev/null +++ b/README.SUSE @@ -0,0 +1,43 @@ +Python 3 in SUSE +============== + +* Subpackages * + +Python 3 is split into several subpackages, based on external dependencies. +The main package 'python3' has soft dependencies on all subpackages needed to +assemble the standard library; however, these might not all be installed by default. + +If you attempt to import a module that is currently not installed, an ImportError is thrown, +with instructions to install the missing subpackage. Installing the subpackage might result +in installing libraries that the subpackage requires to function. + + +* ensurepip * + +The 'ensurepip' module from Python 3 standard library (PEP 453) is supposed to deploy +a bundled copy of the pip installer. This makes no sense in a managed distribution like SUSE. +Instead, you need to install package 'python3-pip'. Usually this will be installed automatically +with 'python3'. + +Using 'ensurepip' when pip is not installed will result in an ImportError with instructions +to install 'python3-pip'. + + +* Documentation * + +You can find documentation in seprarate packages: python3-doc and +python3-doc-pdf. These contan following documents: + + Tutorial, What's New in Python, Global Module Index, Library Reference, + Macintosh Module Reference, Installing Python Modules, Distributing Python + Modules, Language Reference, Extending and Embedding, Python/C API, + Documenting Python + +The python3-doc package constains many text files from source tarball. + + +* Interactive mode * + +Interactive mode is by default enhanced with of history and command completion. +If you don't like these features, you can unset the PYTHONSTARTUP variable +in your .profile or disable it system wide in /etc/profile.d/python.sh. diff --git a/_multibuild b/_multibuild new file mode 100644 index 0000000..1d50bc4 --- /dev/null +++ b/_multibuild @@ -0,0 +1,4 @@ + + base + doc + diff --git a/baselibs.conf b/baselibs.conf new file mode 100644 index 0000000..67e73d0 --- /dev/null +++ b/baselibs.conf @@ -0,0 +1,3 @@ +python310-base +python310 +libpython3_10-1_0 diff --git a/bluez-devel-vendor.tar.xz b/bluez-devel-vendor.tar.xz new file mode 100644 index 0000000..8c61d7a --- /dev/null +++ b/bluez-devel-vendor.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:d030d6ff641577625745b435f4a45e9025e11143e60d0bba7dddf53e8bf71941 +size 24976 diff --git a/bpo-31046_ensurepip_honours_prefix.patch b/bpo-31046_ensurepip_honours_prefix.patch new file mode 100644 index 0000000..e3bb24d --- /dev/null +++ b/bpo-31046_ensurepip_honours_prefix.patch @@ -0,0 +1,163 @@ +From 5754521af1d51aa8e445cba07a093bbc0c88596d Mon Sep 17 00:00:00 2001 +From: Zackery Spytz +Date: Mon, 16 Dec 2019 18:24:08 -0700 +Subject: [PATCH] bpo-31046: ensurepip does not honour the value of $(prefix) + +Co-Authored-By: Xavier de Gaye +--- + Doc/library/ensurepip.rst | 9 +++-- + Lib/ensurepip/__init__.py | 18 +++++++--- + Lib/test/test_ensurepip.py | 11 ++++++ + Makefile.pre.in | 4 +- + Misc/NEWS.d/next/Build/2019-12-16-17-50-42.bpo-31046.XA-Qfr.rst | 1 + 5 files changed, 34 insertions(+), 9 deletions(-) + create mode 100644 Misc/NEWS.d/next/Build/2019-12-16-17-50-42.bpo-31046.XA-Qfr.rst + +--- a/Doc/library/ensurepip.rst ++++ b/Doc/library/ensurepip.rst +@@ -56,8 +56,9 @@ is at least as recent as the one availab + By default, ``pip`` is installed into the current virtual environment + (if one is active) or into the system site packages (if there is no + active virtual environment). The installation location can be controlled +-through two additional command line options: ++through some additional command line options: + ++* ``--prefix ``: Installs ``pip`` using the given directory prefix. + * ``--root ``: Installs ``pip`` relative to the given root directory + rather than the root of the currently active virtual environment (if any) + or the default root for the current Python installation. +@@ -89,7 +90,7 @@ Module API + Returns a string specifying the available version of pip that will be + installed when bootstrapping an environment. + +-.. function:: bootstrap(root=None, upgrade=False, user=False, \ ++.. function:: bootstrap(root=None, prefix=None, upgrade=False, user=False, \ + altinstall=False, default_pip=False, \ + verbosity=0) + +@@ -99,6 +100,8 @@ Module API + If *root* is ``None``, then installation uses the default install location + for the current environment. + ++ *prefix* specifies the directory prefix to use when installing. ++ + *upgrade* indicates whether or not to upgrade an existing installation + of an earlier version of ``pip`` to the available version. + +@@ -119,6 +122,8 @@ Module API + *verbosity* controls the level of output to :data:`sys.stdout` from the + bootstrapping operation. + ++ .. versionchanged:: 3.9 the *prefix* parameter was added. ++ + .. audit-event:: ensurepip.bootstrap root ensurepip.bootstrap + + .. note:: +--- a/Lib/ensurepip/__init__.py ++++ b/Lib/ensurepip/__init__.py +@@ -113,27 +113,27 @@ def _disable_pip_configuration_settings( + os.environ['PIP_CONFIG_FILE'] = os.devnull + + +-def bootstrap(*, root=None, upgrade=False, user=False, ++def bootstrap(*, root=None, prefix=None, upgrade=False, user=False, + altinstall=False, default_pip=False, + verbosity=0): + """ + Bootstrap pip into the current Python installation (or the given root +- directory). ++ and directory prefix). + + Note that calling this function will alter both sys.path and os.environ. + """ + # Discard the return value +- _bootstrap(root=root, upgrade=upgrade, user=user, ++ _bootstrap(root=root, prefix=prefix, upgrade=upgrade, user=user, + altinstall=altinstall, default_pip=default_pip, + verbosity=verbosity) + + +-def _bootstrap(*, root=None, upgrade=False, user=False, ++def _bootstrap(*, root=None, prefix=None, upgrade=False, user=False, + altinstall=False, default_pip=False, + verbosity=0): + """ + Bootstrap pip into the current Python installation (or the given root +- directory). Returns pip command status code. ++ and directory prefix). Returns pip command status code. + + Note that calling this function will alter both sys.path and os.environ. + """ +@@ -183,6 +183,8 @@ def _bootstrap(*, root=None, upgrade=Fal + args = ["install", "--no-cache-dir", "--no-index", "--find-links", tmpdir] + if root: + args += ["--root", root] ++ if prefix: ++ args += ["--prefix", prefix] + if upgrade: + args += ["--upgrade"] + if user: +@@ -258,6 +260,11 @@ def _main(argv=None): + help="Install everything relative to this alternate root directory.", + ) + parser.add_argument( ++ "--prefix", ++ default=None, ++ help="Install everything using this prefix.", ++ ) ++ parser.add_argument( + "--altinstall", + action="store_true", + default=False, +@@ -276,6 +283,7 @@ def _main(argv=None): + + return _bootstrap( + root=args.root, ++ prefix=args.prefix, + upgrade=args.upgrade, + user=args.user, + verbosity=args.verbosity, +--- a/Lib/test/test_ensurepip.py ++++ b/Lib/test/test_ensurepip.py +@@ -112,6 +112,17 @@ class TestBootstrap(EnsurepipMixin, unit + unittest.mock.ANY, + ) + ++ def test_bootstrapping_with_prefix(self): ++ ensurepip.bootstrap(prefix="/foo/bar/") ++ self.run_pip.assert_called_once_with( ++ [ ++ "install", "--no-cache-dir", "--no-index", "--find-links", ++ unittest.mock.ANY, "--prefix", "/foo/bar/", ++ "setuptools", "pip", ++ ], ++ unittest.mock.ANY, ++ ) ++ + def test_bootstrapping_with_user(self): + ensurepip.bootstrap(user=True) + +--- a/Makefile.pre.in ++++ b/Makefile.pre.in +@@ -1278,7 +1278,7 @@ install: @FRAMEWORKINSTALLFIRST@ commoni + install|*) ensurepip="" ;; \ + esac; \ + $(RUNSHARED) $(PYTHON_FOR_BUILD) -m ensurepip \ +- $$ensurepip --root=$(DESTDIR)/ ; \ ++ $$ensurepip --root=$(DESTDIR)/ --prefix=$(prefix) ; \ + fi + + altinstall: commoninstall +@@ -1288,7 +1288,7 @@ altinstall: commoninstall + install|*) ensurepip="--altinstall" ;; \ + esac; \ + $(RUNSHARED) $(PYTHON_FOR_BUILD) -m ensurepip \ +- $$ensurepip --root=$(DESTDIR)/ ; \ ++ $$ensurepip --root=$(DESTDIR)/ --prefix=$(prefix) ; \ + fi + + commoninstall: check-clean-src @FRAMEWORKALTINSTALLFIRST@ \ +--- /dev/null ++++ b/Misc/NEWS.d/next/Build/2019-12-16-17-50-42.bpo-31046.XA-Qfr.rst +@@ -0,0 +1 @@ ++A directory prefix can now be specified when using :mod:`ensurepip`. diff --git a/distutils-reproducible-compile.patch b/distutils-reproducible-compile.patch new file mode 100644 index 0000000..fd98baa --- /dev/null +++ b/distutils-reproducible-compile.patch @@ -0,0 +1,15 @@ +--- + Lib/distutils/util.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/Lib/distutils/util.py ++++ b/Lib/distutils/util.py +@@ -436,7 +436,7 @@ byte_compile(files, optimize=%r, force=% + else: + from py_compile import compile + +- for file in py_files: ++ for file in sorted(py_files): + if file[-3:] != ".py": + # This lets us be lazy and not filter filenames in + # the "install_lib" command. diff --git a/fix_configure_rst.patch b/fix_configure_rst.patch new file mode 100644 index 0000000..063e99a --- /dev/null +++ b/fix_configure_rst.patch @@ -0,0 +1,40 @@ +--- + Doc/using/configure.rst | 3 --- + Misc/NEWS | 2 +- + 2 files changed, 1 insertion(+), 4 deletions(-) + +--- a/Doc/using/configure.rst ++++ b/Doc/using/configure.rst +@@ -42,7 +42,6 @@ General Options + + See :data:`sys.int_info.bits_per_digit `. + +-.. cmdoption:: --with-cxx-main + .. cmdoption:: --with-cxx-main=COMPILER + + Compile the Python ``main()`` function and link Python executable with C++ +@@ -457,13 +456,11 @@ macOS Options + + See ``Mac/README.rst``. + +-.. cmdoption:: --enable-universalsdk + .. cmdoption:: --enable-universalsdk=SDKDIR + + Create a universal binary build. *SDKDIR* specifies which macOS SDK should + be used to perform the build (default is no). + +-.. cmdoption:: --enable-framework + .. cmdoption:: --enable-framework=INSTALLDIR + + Create a Python.framework rather than a traditional Unix install. Optional +--- a/Misc/NEWS ++++ b/Misc/NEWS +@@ -2038,7 +2038,7 @@ C API + ----- + + - bpo-43795: The list in :ref:`stable-abi-list` now shows the public name +- :c:struct:`PyFrameObject` rather than ``_frame``. The non-existing entry ++ :c:type:`PyFrameObject` rather than ``_frame``. The non-existing entry + ``_node`` no longer appears in the list. + + - bpo-44378: :c:func:`Py_IS_TYPE` no longer uses :c:func:`Py_TYPE` to avoid diff --git a/idle3.appdata.xml b/idle3.appdata.xml new file mode 100644 index 0000000..554b7c4 --- /dev/null +++ b/idle3.appdata.xml @@ -0,0 +1,35 @@ + + + + + idle3.desktop + IDLE3 + CC0 + Python-2.0 + Python 3 Integrated Development and Learning Environment + +

+ IDLE is Python’s Integrated Development and Learning Environment. + The GUI is uniform between Windows, Unix, and Mac OS X. + IDLE provides an easy way to start writing, running, and debugging + Python code. +

+

+ IDLE is written in pure Python, and uses the tkinter GUI toolkit. + It provides: +

+
    +
  • a Python shell window (interactive interpreter) with colorizing of code input, output, and error messages,
    • +
  • a multi-window text editor with multiple undo, Python colorizing, smart indent, call tips, auto completion, and other features,
    • +
  • search within any window, replace within editor windows, and search through multiple files (grep),
    • +
  • a debugger with persistent breakpoints, stepping, and viewing of global and local namespaces.
    • +
+ + https://docs.python.org/3/library/idle.html + + http://in.waw.pl/~zbyszek/fedora/idle3-appdata/idle3-main-window.png + http://in.waw.pl/~zbyszek/fedora/idle3-appdata/idle3-class-browser.png + http://in.waw.pl/~zbyszek/fedora/idle3-appdata/idle3-code-viewer.png + + zbyszek@in.waw.pl + diff --git a/idle3.desktop b/idle3.desktop new file mode 100644 index 0000000..43f5a4c --- /dev/null +++ b/idle3.desktop @@ -0,0 +1,12 @@ +[Desktop Entry] +Version=1.0 +Name=IDLE 3 +GenericName=Python 3 IDE +Comment=Python 3 Integrated Development and Learning Environment +Exec=idle3 %F +TryExec=idle3 +Terminal=false +Type=Application +Icon=idle3 +Categories=Development;IDE; +MimeType=text/x-python; diff --git a/import_failed.map b/import_failed.map new file mode 100644 index 0000000..9f01f41 --- /dev/null +++ b/import_failed.map @@ -0,0 +1,7 @@ +python39-curses: curses _curses _curses_panel +python39-dbm: dbm _dbm _gdbm +python39-idle: idlelib +python39-testsuite: test _ctypes_test _testbuffer _testcapi _testinternalcapi _testimportmultiple _testmultiphase xxlimited +python39-tk: tkinter _tkinter +python39-tools: turtledemo +python39: sqlite3 readline _sqlite3 nis diff --git a/import_failed.py b/import_failed.py new file mode 100644 index 0000000..258b5a5 --- /dev/null +++ b/import_failed.py @@ -0,0 +1,23 @@ +import sys, os +from sysconfig import get_path + +failed_map_path = os.path.join(get_path('stdlib'), '_import_failed', 'import_failed.map') + +if __spec__: + failed_name = __spec__.name +else: + failed_name = __name__ + +with open(failed_map_path) as fd: + for line in fd: + package = line.split(':')[0] + imports = line.split(':')[1] + if failed_name in imports: + raise ImportError(f"""Module '{failed_name}' is not installed. +Use: + sudo zypper install {package} +to install it.""") + +raise ImportError(f"""Module '{failed_name}' is not installed. +It is supposed to be part of python3 distribution, but missing from failed import map. +Please file a bug on the SUSE Bugzilla.""") diff --git a/macros.python3 b/macros.python3 new file mode 100644 index 0000000..2bd193b --- /dev/null +++ b/macros.python3 @@ -0,0 +1,28 @@ +%have_python3 1 + +# commented out legacy macro definitions +#py3_prefix /usr +#py3_incdir /usr/include/python3.5m +#py3_ver 3.5 + +# these should now be provided by macros.python_all +#python3_sitearch /usr/lib64/python3.5/site-packages +#python3_sitelib /usr/lib/python3.5/site-packages +#python3_version 3.5 + +# hard to say if anyone ever used these? +#py3_soflags cpython-35m-x86_64-linux-gnu +#py3_abiflags m +%cpython3_soabi %(python3 -c "import sysconfig; print(sysconfig.get_config_var('SOABI'))") +%py3_soflags %cpython3_soabi + +# compilation macros that might be in use somewhere +%py3_compile(O) \ +find %1 -name '*.pyc' -exec rm -f {} ";"\ +python3 -c "import sys, os, compileall; br='%{buildroot}'; compileall.compile_dir(sys.argv[1], ddir=br and (sys.argv[1][len(os.path.abspath(br)):]+'/') or None)" %1\ +%{-O:\ +find %1 -name '*.pyo' -exec rm -f {} ";"\ +python3 -O -c "import sys, os, compileall; br='%{buildroot}'; compileall.compile_dir(sys.argv[1], ddir=br and (sys.argv[1][len(os.path.abspath(br)):]+'/') or None)" %1\ +} + + diff --git a/no-skipif-doctests.patch b/no-skipif-doctests.patch new file mode 100644 index 0000000..62758d3 --- /dev/null +++ b/no-skipif-doctests.patch @@ -0,0 +1,660 @@ +only in patch2: +unchanged: +--- a/Doc/conf.py ++++ b/Doc/conf.py +@@ -46,7 +46,7 @@ today_fmt = '%B %d, %Y' + highlight_language = 'python3' + + # Minimum version of sphinx required +-needs_sphinx = '1.8' ++needs_sphinx = '1.7.6' + + # Ignore any .rst files in the venv/ directory. + exclude_patterns = ['venv/*', 'README.rst'] +--- a/Doc/library/turtle.rst ++++ b/Doc/library/turtle.rst +@@ -250,7 +250,6 @@ Turtle motion + turtle is headed. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.position() + (0.00,0.00) +@@ -277,7 +276,6 @@ Turtle motion + >>> turtle.goto(0, 0) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.position() + (0.00,0.00) +@@ -296,13 +294,11 @@ Turtle motion + orientation depends on the turtle mode, see :func:`mode`. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.setheading(22) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.heading() + 22.0 +@@ -321,13 +317,11 @@ Turtle motion + orientation depends on the turtle mode, see :func:`mode`. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.setheading(22) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.heading() + 22.0 +@@ -350,13 +344,11 @@ Turtle motion + not change the turtle's orientation. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.goto(0, 0) + + .. doctest:: +- :skipif: _tkinter is None + + >>> tp = turtle.pos() + >>> tp +@@ -380,13 +372,11 @@ Turtle motion + unchanged. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.goto(0, 240) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.position() + (0.00,240.00) +@@ -402,13 +392,11 @@ Turtle motion + Set the turtle's second coordinate to *y*, leave first coordinate unchanged. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.goto(0, 40) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.position() + (0.00,40.00) +@@ -435,7 +423,6 @@ Turtle motion + =================== ==================== + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.setheading(90) + >>> turtle.heading() +@@ -448,14 +435,12 @@ Turtle motion + its start-orientation (which depends on the mode, see :func:`mode`). + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.setheading(90) + >>> turtle.goto(0, -10) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.heading() + 90.0 +@@ -487,7 +472,6 @@ Turtle motion + calculated automatically. May be used to draw regular polygons. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.position() +@@ -516,7 +500,6 @@ Turtle motion + + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.dot() +@@ -534,7 +517,6 @@ Turtle motion + it by calling ``clearstamp(stamp_id)``. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.color("blue") + >>> turtle.stamp() +@@ -550,7 +532,6 @@ Turtle motion + Delete stamp with given *stampid*. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.position() + (150.00,-0.00) +@@ -595,7 +576,6 @@ Turtle motion + undo actions is determined by the size of the undobuffer. + + .. doctest:: +- :skipif: _tkinter is None + + >>> for i in range(4): + ... turtle.fd(50); turtle.lt(80) +@@ -628,7 +608,6 @@ Turtle motion + turtle turn instantly. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.speed() + 3 +@@ -649,7 +628,6 @@ Tell Turtle's state + Return the turtle's current location (x,y) (as a :class:`Vec2D` vector). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.pos() + (440.00,-0.00) +@@ -665,7 +643,6 @@ Tell Turtle's state + orientation which depends on the mode - "standard"/"world" or "logo". + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.goto(10, 10) + >>> turtle.towards(0,0) +@@ -677,7 +654,6 @@ Tell Turtle's state + Return the turtle's x coordinate. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.left(50) +@@ -693,7 +669,6 @@ Tell Turtle's state + Return the turtle's y coordinate. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.left(60) +@@ -710,7 +685,6 @@ Tell Turtle's state + :func:`mode`). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.left(67) +@@ -727,7 +701,6 @@ Tell Turtle's state + other turtle, in turtle step units. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.distance(30,40) +@@ -751,7 +724,6 @@ Settings for measurement + Default value is 360 degrees. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.left(90) +@@ -774,7 +746,6 @@ Settings for measurement + ``degrees(2*math.pi)``. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.left(90) +@@ -785,7 +756,6 @@ Settings for measurement + 1.5707963267948966 + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.degrees(360) +@@ -821,7 +791,6 @@ Drawing state + thickness. If no argument is given, the current pensize is returned. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.pensize() + 1 +@@ -853,7 +822,6 @@ Drawing state + attributes in one statement. + + .. doctest:: +- :skipif: _tkinter is None + :options: +NORMALIZE_WHITESPACE + + >>> turtle.pen(fillcolor="black", pencolor="red", pensize=10) +@@ -876,7 +844,6 @@ Drawing state + Return ``True`` if pen is down, ``False`` if it's up. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.penup() + >>> turtle.isdown() +@@ -917,7 +884,6 @@ Color control + newly set pencolor. + + .. doctest:: +- :skipif: _tkinter is None + + >>> colormode() + 1.0 +@@ -966,7 +932,6 @@ Color control + with the newly set fillcolor. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.fillcolor("violet") + >>> turtle.fillcolor() +@@ -1005,7 +970,6 @@ Color control + with the newly set colors. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.color("red", "green") + >>> turtle.color() +@@ -1022,7 +986,6 @@ Filling + ~~~~~~~ + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.home() +@@ -1032,7 +995,6 @@ Filling + Return fillstate (``True`` if filling, ``False`` else). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.begin_fill() + >>> if turtle.filling(): +@@ -1057,7 +1019,6 @@ Filling + above may be either all yellow or have some white regions. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.color("black", "red") + >>> turtle.begin_fill() +@@ -1075,7 +1036,6 @@ More drawing control + variables to the default values. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.goto(0,-22) + >>> turtle.left(100) +@@ -1127,7 +1087,6 @@ Visibility + drawing observably. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.hideturtle() + +@@ -1138,7 +1097,6 @@ Visibility + Make the turtle visible. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.showturtle() + +@@ -1169,7 +1127,6 @@ Appearance + deal with shapes see Screen method :func:`register_shape`. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.shape() + 'classic' +@@ -1195,7 +1152,6 @@ Appearance + ``resizemode("user")`` is called by :func:`shapesize` when used with arguments. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.resizemode() + 'noresize' +@@ -1219,7 +1175,6 @@ Appearance + of the shapes's outline. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.shapesize() + (1.0, 1.0, 1) +@@ -1244,7 +1199,6 @@ Appearance + heading of the turtle are sheared. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.shape("circle") + >>> turtle.shapesize(5,2) +@@ -1261,7 +1215,6 @@ Appearance + change the turtle's heading (direction of movement). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.reset() + >>> turtle.shape("circle") +@@ -1281,7 +1234,6 @@ Appearance + (direction of movement). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.reset() + >>> turtle.shape("circle") +@@ -1307,7 +1259,6 @@ Appearance + turtle (its direction of movement). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.reset() + >>> turtle.shape("circle") +@@ -1336,7 +1287,6 @@ Appearance + given matrix. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle = Turtle() + >>> turtle.shape("square") +@@ -1352,7 +1302,6 @@ Appearance + can be used to define a new shape or components of a compound shape. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.shape("square") + >>> turtle.shapetransform(4, -1, 0, 2) +@@ -1377,7 +1326,6 @@ Using events + procedural way: + + .. doctest:: +- :skipif: _tkinter is None + + >>> def turn(x, y): + ... left(180) +@@ -1398,7 +1346,6 @@ Using events + ``None``, existing bindings are removed. + + .. doctest:: +- :skipif: _tkinter is None + + >>> class MyTurtle(Turtle): + ... def glow(self,x,y): +@@ -1426,7 +1373,6 @@ Using events + mouse-click event on that turtle. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.ondrag(turtle.goto) + +@@ -1454,7 +1400,6 @@ Special Turtle methods + Return the last recorded polygon. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.begin_poly() +@@ -1474,7 +1419,6 @@ Special Turtle methods + turtle properties. + + .. doctest:: +- :skipif: _tkinter is None + + >>> mick = Turtle() + >>> joe = mick.clone() +@@ -1487,7 +1431,6 @@ Special Turtle methods + return the "anonymous turtle": + + .. doctest:: +- :skipif: _tkinter is None + + >>> pet = getturtle() + >>> pet.fd(50) +@@ -1501,7 +1444,6 @@ Special Turtle methods + TurtleScreen methods can then be called for that object. + + .. doctest:: +- :skipif: _tkinter is None + + >>> ts = turtle.getscreen() + >>> ts +@@ -1519,7 +1461,6 @@ Special Turtle methods + ``None``, the undobuffer is disabled. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.setundobuffer(42) + +@@ -1529,7 +1470,6 @@ Special Turtle methods + Return number of entries in the undobuffer. + + .. doctest:: +- :skipif: _tkinter is None + + >>> while undobufferentries(): + ... undo() +@@ -1552,7 +1492,6 @@ below: + For example: + + .. doctest:: +- :skipif: _tkinter is None + + >>> s = Shape("compound") + >>> poly1 = ((0,0),(10,-5),(0,10),(-10,-5)) +@@ -1563,7 +1502,6 @@ below: + 3. Now add the Shape to the Screen's shapelist and use it: + + .. doctest:: +- :skipif: _tkinter is None + + >>> register_shape("myshape", s) + >>> shape("myshape") +@@ -1583,7 +1521,6 @@ Most of the examples in this section ref + ``screen``. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> screen = Screen() +@@ -1600,7 +1537,6 @@ Window control + Set or return background color of the TurtleScreen. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.bgcolor("orange") + >>> screen.bgcolor() +@@ -1686,7 +1622,6 @@ Window control + distorted. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.reset() + >>> screen.setworldcoordinates(-50,-7.5,50,7.5) +@@ -1697,7 +1632,6 @@ Window control + ... left(45); fd(2) # a regular octagon + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> screen.reset() +@@ -1719,7 +1653,6 @@ Animation control + Optional argument: + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.delay() + 10 +@@ -1741,7 +1674,6 @@ Animation control + :func:`delay`). + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.tracer(8, 25) + >>> dist = 2 +@@ -1778,7 +1710,6 @@ Using screen events + must have the focus. (See method :func:`listen`.) + + .. doctest:: +- :skipif: _tkinter is None + + >>> def f(): + ... fd(50) +@@ -1799,7 +1730,6 @@ Using screen events + must have focus. (See method :func:`listen`.) + + .. doctest:: +- :skipif: _tkinter is None + + >>> def f(): + ... fd(50) +@@ -1824,7 +1754,6 @@ Using screen events + named ``turtle``: + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.onclick(turtle.goto) # Subsequently clicking into the TurtleScreen will + >>> # make the turtle move to the clicked point. +@@ -1844,7 +1773,6 @@ Using screen events + Install a timer that calls *fun* after *t* milliseconds. + + .. doctest:: +- :skipif: _tkinter is None + + >>> running = True + >>> def f(): +@@ -1926,7 +1854,6 @@ Settings and special methods + ============ ========================= =================== + + .. doctest:: +- :skipif: _tkinter is None + + >>> mode("logo") # resets turtle heading to north + >>> mode() +@@ -1941,7 +1868,6 @@ Settings and special methods + values of color triples have to be in the range 0..\ *cmode*. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.colormode(1) + >>> turtle.pencolor(240, 160, 80) +@@ -1962,7 +1888,6 @@ Settings and special methods + do with a Tkinter Canvas. + + .. doctest:: +- :skipif: _tkinter is None + + >>> cv = screen.getcanvas() + >>> cv +@@ -1974,7 +1899,6 @@ Settings and special methods + Return a list of names of all currently available turtle shapes. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.getshapes() + ['arrow', 'blank', 'circle', ..., 'turtle'] +@@ -1998,7 +1922,6 @@ Settings and special methods + coordinates: Install the corresponding polygon shape. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.register_shape("triangle", ((5,-3), (0,5), (-5,-3))) + +@@ -2014,7 +1937,6 @@ Settings and special methods + Return the list of turtles on the screen. + + .. doctest:: +- :skipif: _tkinter is None + + >>> for turtle in screen.turtles(): + ... turtle.color("red") +@@ -2076,7 +1998,6 @@ Methods specific to Screen, not inherite + center window vertically + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.setup (width=200, height=200, startx=0, starty=0) + >>> # sets window to 200x200 pixels, in upper left of screen +@@ -2092,7 +2013,6 @@ Methods specific to Screen, not inherite + Set title of turtle window to *titlestring*. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.title("Welcome to the turtle zoo!") + +@@ -2163,7 +2083,6 @@ Public classes + Example: + + .. doctest:: +- :skipif: _tkinter is None + + >>> poly = ((0,0),(10,-5),(0,10),(-10,-5)) + >>> s = Shape("compound") +@@ -2510,7 +2429,6 @@ Changes since Python 3.0 + + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> for turtle in turtles(): diff --git a/pre_checkin.sh b/pre_checkin.sh new file mode 100644 index 0000000..a2cf992 --- /dev/null +++ b/pre_checkin.sh @@ -0,0 +1,78 @@ +#!/bin/bash + +export LC_ALL=C + +master=python*.spec + +# create import_failed.map from package definitions +pkgname=$(grep python_pkg_name $master |grep define |awk -F' ' '{print $3}') +MAPFILE=import_failed.map +function new_map_line () { + package=$1 + package=$(echo $1 |sed -e "s:%{python_pkg_name}:$pkgname:") + modules=$2 + if [ -z "$package" -o -z "$modules" ]; then + return + fi + if [[ "$package" =~ "-base" ]]; then + return + fi + echo "$package:$modules" >> $MAPFILE.tmp +} + +for spec in *.spec; do + basename=${spec%.spec} + package= + modules= + while read line; do + case $line in + "%files -n "*) + new_map_line $package "$modules" + package=${line#"%files -n "} + modules= + ;; + "%files "*) + new_map_line $package "$modules" + package=$basename-${line#"%files "} + modules= + ;; + "%files") + new_map_line $package "$modules" + package=$basename + modules= + ;; + "%{sitedir}/config-"*) + # ignore + ;; + "%{sitedir}/"*) + word=${line#"%{sitedir}/"} + if ! echo $word | grep -q /; then + modules="$modules $word" + fi + ;; + "%{dynlib "*"}") + word=${line#"%{dynlib "} + word=${word%"}"} + modules="$modules $word" + ;; + esac + done < $spec + new_map_line $package "$modules" +done + +cat $MAPFILE.tmp |sort -u > $MAPFILE +rm $MAPFILE.tmp + +# run test inclusion check +tar xJf Python-*.xz +python3 skipped_tests.py + +# generate baselibs.conf +VERSION=$(grep ^Version $master|awk -F':' '{print $2}' |sed -e 's/ //g') +python_version=${VERSION:0:3} # 3.3 +python_version_abitag=${python_version//./} # 33 +python_version_soname=${python_version//./_} # 3_3 +echo "$pkgname-base" > baselibs.conf +echo "$pkgname" >> baselibs.conf +echo "libpython$python_version_soname-1_0" >> baselibs.conf + diff --git a/python-3.3.0b1-fix_date_time_compiler.patch b/python-3.3.0b1-fix_date_time_compiler.patch new file mode 100644 index 0000000..f69846f --- /dev/null +++ b/python-3.3.0b1-fix_date_time_compiler.patch @@ -0,0 +1,25 @@ +--- + Makefile.pre.in | 7 +++++++ + 1 file changed, 7 insertions(+) + +--- a/Makefile.pre.in ++++ b/Makefile.pre.in +@@ -784,11 +784,18 @@ Modules/getbuildinfo.o: $(PARSER_OBJS) \ + $(DTRACE_OBJS) \ + $(srcdir)/Modules/getbuildinfo.c + $(CC) -c $(PY_CORE_CFLAGS) \ ++ -DDATE="\"`date -u -r Makefile.pre.in +"%b %d %Y"`\"" \ ++ -DTIME="\"`date -u -r Makefile.pre.in +"%T"`\"" \ + -DGITVERSION="\"`LC_ALL=C $(GITVERSION)`\"" \ + -DGITTAG="\"`LC_ALL=C $(GITTAG)`\"" \ + -DGITBRANCH="\"`LC_ALL=C $(GITBRANCH)`\"" \ + -o $@ $(srcdir)/Modules/getbuildinfo.c + ++Python/getcompiler.o: $(srcdir)/Python/getcompiler.c Makefile ++ $(CC) -c $(PY_CORE_CFLAGS) \ ++ -DCOMPILER='"[GCC]"' \ ++ -o $@ $(srcdir)/Python/getcompiler.c ++ + Modules/getpath.o: $(srcdir)/Modules/getpath.c Makefile + $(CC) -c $(PY_CORE_CFLAGS) -DPYTHONPATH='"$(PYTHONPATH)"' \ + -DPREFIX='"$(prefix)"' \ diff --git a/python-3.3.0b1-localpath.patch b/python-3.3.0b1-localpath.patch new file mode 100644 index 0000000..ff9a376 --- /dev/null +++ b/python-3.3.0b1-localpath.patch @@ -0,0 +1,11 @@ +--- a/Lib/site.py ++++ b/Lib/site.py +@@ -76,7 +76,7 @@ import _sitebuiltins + import io + + # Prefixes for site-packages; add additional prefixes like /usr/local here +-PREFIXES = [sys.prefix, sys.exec_prefix] ++PREFIXES = [sys.prefix, sys.exec_prefix, '/usr/local'] + # Enable per user site-packages directory + # set it to False to disable the feature or True to force the feature + ENABLE_USER_SITE = None diff --git a/python-3.3.0b1-test-posix_fadvise.patch b/python-3.3.0b1-test-posix_fadvise.patch new file mode 100644 index 0000000..763441e --- /dev/null +++ b/python-3.3.0b1-test-posix_fadvise.patch @@ -0,0 +1,15 @@ +--- + Lib/test/test_posix.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/Lib/test/test_posix.py ++++ b/Lib/test/test_posix.py +@@ -425,7 +425,7 @@ class PosixTester(unittest.TestCase): + def test_posix_fadvise(self): + fd = os.open(os_helper.TESTFN, os.O_RDONLY) + try: +- posix.posix_fadvise(fd, 0, 0, posix.POSIX_FADV_WILLNEED) ++ posix.posix_fadvise(fd, 0, 0, posix.POSIX_FADV_RANDOM) + finally: + os.close(fd) + diff --git a/python.keyring b/python.keyring new file mode 100644 index 0000000..747bc27 --- /dev/null +++ b/python.keyring @@ -0,0 +1,109 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBFq+ToQBEADRYvIVtbK6owynD3j3nxwpW2KEk/p+aDvtXmc2SR2dBcZ8sFW2 +R5vEsG8d3/D3wgv5pcL3KfNNXQYUnXVbobrFUUWQYc79qIsE3MgiPf5NVOtwKPUR +i5g9YJgKvpBxkQfqp3LYGm9ZBtwo3DVLA3yn7KsazCmAgTNFJYw7ku1XxgmIzY6K +5J30DfbJiqDqj4f9GslCCCCH3qiPnuLG/HUyVLHMpbWlaiy9NI0GcaLxjJewHj9w +W2D2lydkxe5JGo7egUkV3ILcuLVSVKA35SKY27dYqfuyqp9tAzaRbjDYjsYdHA6G +BqrNrKBn/GwlFDPrVdcvN3ZSY2wMLTxWE3Axc/FweuHxFnou/80FwX7F3JD+oEQ6 +rofmcxOBCC7J98I7HZAhP9jBn88XIS2hztbLq8d6rZJZRtcz0k61VR0ddO+TrFmf +9rMYCPgCckRtVxeFIVIabrN1IzKynLFeo040h8hSGswd6YKDOVwjJY6Oa6EmVefZ +a8QSt4+M65RSzH6SEPY008F3nJUAK6MEkzTak+tFltZNrVWu8p2xd1j9nmxAwEhZ +/lgbxLqzYgaUWmfyHeZ8yVA0MhHzdiAL8nVUEdG3KecIq0RWCJLGLWWIjd6KAJl1 +yAmhRYKK/sjPDsL3elHsFACfZbyx3o5GGQNlas1FYoPLWbaNGaJtgFTF2QARAQAB +tCtQYWJsbyBHYWxpbmRvIFNhbGdhZG8gPHBhYmxvZ3NhbEBnbWFpbC5jb20+iQJO +BBMBCgA4FiEEoDXIwZIZuoIezqhrZOYo+NaEaW0FAlq+ToQCGwMFCwkIBwMFFQoJ +CAsFFgIDAQACHgECF4AACgkQZOYo+NaEaW2bmA/+PXIap2udLoUVOHxnsIBdqYwp +sv1Aj5lfIJmNhmxPbHShwp1Jg+w4urxe+2Dj5ofKVlIo1i83bQkvnKJMDXDVuc/K +P6zqhBJ3rT4Q3qx2mzX8bIfQoJ2JHuH4lkP+I7doDcHHRyeNASyk72VdQmU4twNw +Ibn8nSNV6ThKHdoPYzVnO2rZUFcGIqH5HNsvR+B7cc1MBCHsgURYwSVhSePIFGlZ +iasdBD6QQkDSe4QWi7AcJFWFElw4kbOKJWxAWsrEk+tMXJVGRjnmL289EmPCx/vx +BqKy7Mse0yWCSRR3vB+O6TB1S5SgEyEgqlYsfGNv1qf/rfRD4KkyCbNU3LhY1Aim +vJP4pDW+KFxTk2Ks8vrx8gOSd2aFqPeO/pFDrpsF7PD62XwsfoXu4xc5V0Giw7r1 +Nai0nax7kOrldNF8TbbtRjW0jmoC7wLIDujAkwDIOroZ0CXA3N4HVHdSbrHm/urX +nyxJXupXAQNwGx64JCBcbF2fp3Kvu1VAXBEFnd01KaopthHcbG5pA50Kl2Vhe+98 +OdezUX42fHkQpQkB7HgtXfm6W1bw6YRBamrNvs1OoHBYmUjlECpe566IIu25Hc8s +x3qA+6eca7iqizyLG+WyMT8ZIYTWGAS59jxwR4esqGczbbZPSAPHFwLbGv7Wr0Rd +TPu5B0FcKpDkTd4IxQW5Ag0EWr5O2gEQAMjLe4CtbSfofmJrz5wfNkMVsZ81Gbqe +MoYd3dtkJnQYERUj8flzBj3ucaxGJ+Cuf7ybh3naPopKvEI1q0vkcgCDqrEgXK// +jKJbP28uPSMGhOG28q4PbamG55gy5FtM3ezzAxPWWKe9qBpV65GMmFy7eBQx2iJs +yiDIOOQQ4kraS+cTqNFimEXAGLCOQRNLcwIZzwAAHoW7HEpNUfVwaBD9kMlbo1ND +I60IKcNrNcmcmRxhJqfxjj8YBMwcKHO6GBE3AVpaE/+UO9zyr4TH+0YuQUgxKlPW +Dkg5XlkDo0S1GyLY5e9ckIDIlkTdDa2pOkoE2yB5MQCEga3YiHrKUVTTWaxn9XVJ +6x5ZjUF6bgSWGkrG5dUqSYoO1iDMuNVjtiujNyf/rvfj5cNxS7/lgxchhQKZHZXL +WVqxlneeVJ6s0P4+ROVG9ga2Sve7aUJ6wXIewZwulBcV2sE/W/DgxHgLBi53CUQt +vEzFzKvo48GnDqL5VYjA7l0HMYHd4GksCLi8E8U6Cgj+imXiM8voL7pHRZfs8mY8 +udR+UT4e1Scl2MYP2qBJ9/17B/X52B3s1EZdqI/r+hfOyqrhPs+dbAN0mtMPn68+ +nrvY1+nscvrSYEP6ZBlc9Hp2mgJdb6IcTvINXBEeLRjgc3pjViva443pkiFp9Axm +ecOckMKP3uSlABEBAAGJBGwEGAEKACAWIQSgNcjBkhm6gh7OqGtk5ij41oRpbQUC +Wr5O2gIbAgJACRBk5ij41oRpbcF0IAQZAQoAHRYhBM/cokWxBDzypfl4Zf/odAQW +i9hHBQJavk7aAAoJEP/odAQWi9hHr7YP/RCLre1CmOoWYpAtoa1yVCeYMDV6eQgL +B488/BEZHQE1zbrYy16XkhORob3JF/kUMjmJW7XaFF8FrWvRcdj/xaUGbOOEulKg +v+8zWfswYQRiZ4/JlwER4vRLi6fTE89MVER6Fkj2ASD4D2cifY+EztD4flV3sq3s +vIogGFaN9IvdrdeptOVGXs1RmAyoTsiS2mKQ6xsGh8B9ZAm55W8fBOGiSzLX21Xk +Ofdw53BrFQxn3cu/JgIKpdeZxgukcvEAI62B6X+YL6Na4j0eqEGLzsNtU1+xeJlo +WtVvmRwnRHGSxF6fzIZ3mk/p/aFiXAEq/xITCTY6tDv7x7pFE/RpdlJZyNJ+R5Y4 +SQiuDsylxNCa/4G5EB6q+7iVYtbEQ9MnZg2phowEE42tlj0rz8/rvDK3LH3xibot +KHIodCWKlWByxH99u2PuHUQ0c1oCVBUE1KkruMpvI236DpU/dvdq4JLSg/fWrys/ +VIjqLZgsIE5g/KO9XqngWHkLcBLh4CNAmHJ8Iia+s+/rfgsejQWB5uJb6eYg2JjB +4WP1EI0rULM6fdrCNB+MJ36wE2Lnb4bfT0phOMgjjH5/Ki7ZCbkxkOsBs4SRjiS+ +weCsmpAtMqodWY/Cnw9pWSA/qLSRD5/mKeb9SO6OZ/OPfAatwnGHsvZ2sAueC6rR +04W5BfXZWrnJUXQP/id/EKE1Ksp5fKoxSCbkKTCig+Sf5Afwe36yFN+niZBqzn5b +BgL/HIKaZM97oDHersPPANeEgS+JVlBf95iKIYnQbZP43FLVbvOuaINhBIVtFO54 +2Y7EYwl41kP7ILDElVy36KAmdQyBAfrjnZiRA70xShOxApLug1L0lxhR3YfmLwNi +RJ0V6KnYDKf0pfdhO9VFyFFWUojX1usn2SmSsXNizsNtvRqHXzPnX0rbJzZ9+N4O +9k1nxygYFG/2R/jGonVmTjRzcAHrAkNJETMWXMA7/8wRMDwluz8j+cCldey9x8Vk +JwgLGnZSbQtVpcFAnm5r/36Gt+9wc1VWMyrUrVr6Z679aqAbG7PMaeR5h5ygMj1k +VqRTYAUPSk1f8bZKRssQkQwEbp9dVIjm9SsR8VT7/tB+UuB85dABxgHfv3psJRT+ +tL8g9V7kSZqQfcLNGmvEVvr2Zl9NtxwXtsFM2OBprxCenwb+e9Ppm1LjfJG/NE72 +mAnOERfDaiLt4bqNo36Ei5sGCJ4Fx61phzNBXzkdRNM47i8J5UZRKFkE91c99BVM +HKUaY61NRK24fR0zP98ftDU82YFw0VRFJpTeBrO5ivN1MlQxUPzUWxKxMxO+20wa +UOXroEw11Tb4SRLGOla1pCl6lCUPJRy9IzadPDgTr/OTMkob/snt/XLdnV5/uQIN +BFq+TvoBEAC8Oy1g6pPWBbrCMhIq7VWY2fjylJ1fwg5BPXkOKVK1dsGYO4QD7oW9 +L0aSqcFSNFGF9Cl0Ri4TFXZC3hnG4HeSXUWApuKdBLn21H3jba36Ay1oGcGfdm0v +Zght4c6BlMVBpGCw2wIkJbUNEy6InMM+O8CCbbaH3iJkJ4141P7pODHignx5AmZI +conMui4YOhC+IXQXynVEv1Juk7erB1Nh1RcRvsA4lb44HWx49lIwe85ejOmoZ0O3 +6f9NJRer6bV0+rHWmg4IV5Q9h/Gn4IhEDZxA0DZl1RQI7dMgaMbIFbXGq7Kgzstz +EUnOoy29hXodxVmwIsMrAiQUYtwJ9hW+ESsw47+W2iPHVgviGWl7r/SgcgMYmf6m +5kiTBtwU7BQPS9G3zwwP2Rm3AA/6g39Q+tQKjOwi1I8+GZsY2On44Zly7BreBNg5 +4gJgdAGcMOYU9etr050clH3UpTYcAEtX++ahtOKhJgLIPNcIAQNlnifqvU0VYpgw +R4YpZ7hgg+AVDzC73PIM0lFI0XiDuqChbxE+K1jmLXWe5iJF0dzgVTwP+PmsifNZ +Wg3+YxSsS+hDMPQ2xPiQN49gT4JJDHcDuyhHyCGYgyMiVJCsku9KrkubbfVRivyN +ZF2Zfo3f+nbrRxsftz0yjAq8byCvb0V0XOpt4pJ/ddlug9ytRxALNwARAQABiQI2 +BBgBCgAgFiEEoDXIwZIZuoIezqhrZOYo+NaEaW0FAlq+TvoCGwwACgkQZOYo+NaE +aW3urA//UQ/cKQ7HvWjcLphzQOZc+6m5YL0wxvZkSjemU7mqjZdpacteIvRAoers +EqXHc208liIBtNfRzoreXdcXNzie65xXkrRnWoHVH/fTWy4lOnHr2CMXLeHjUgg/ +M6PYi8+sARm05YFB8nsYhlhx3IdLhcfeVVbJedQKO0yL3CK1okT30DUVq5Lq6X/K +DC6AxuJR3D6UMSoT0WLaoX8qbhAp88qLynInfBVL18d97h916WPLTPeP0eHwhwND +bYtKDCMDuKQ9XX5+QsNH0RmbxlX274LHrUMMvkLKxcfCBvP+iuqrBeIuoeVzXYJZ +j7ZJtEH79bW44eecl/CY/STFYgSQ2XGTp2BI2q60wAmtKlNhwxY5ena0FgyFl6Tm +5OBHW/Pwo+ndQJGfbrCyWkTgRay9c8er3gl3GQYIBH6X0kCiG7h/Epj0b5CHOPU5 +hCw0kEB8MB4poTIjeiY+Q01472/lQ68CL3DX158hR5d3XaPSIxAN+qFsfB1o316p +yjxhfK1MD/IfrOgjlggPPnc/KmLkCzpgdwKcZwLCdZq9hYBvF1Zs34HbaVMYbWTK +uxLowtXGU43vatCXXqmPOvl4/g4tZD6rysJDgOrHQnEHzT+Napn07s0BRC0IbbNn +FynUrkr5KMSuRz7Hg7xMApENOrb0nqdHSUJ914ZpuMIS6RhJgGu5Ag0EWr5PIAEQ +ALfh9vPD2B+miHDTMADI8aRZ7g9tnzynZYkk3+2sCiiusetsQQ+HIPJ/ASEJB7On +ane9dyT/LTRhrK9qaxgVMimk2COXB/xyh7Mnw7nJgFU0aRSbtX0vbvQz2suSzrQ6 +9mPKzan28JGoClqB0bw1vwf3VjjxHV2dgD57CmqFPv7kAC/2a56dE+etzXattZAL ++2JWTpmfQ0ePRRadtBm0VahQhnU8x0+jvAVrEawqpVW83ozYFyW/0WInM2J7jHgQ +16OosY4lj5L/DxpVxaArhRFoRfWPXfC37iE8Mou/I95isvPQIhp1wTo4jG0KM02B +oIVbp/QRNBQ6WtpOzvJs1gqQiJJTfqbKJXQ3NDEY9crpVS83HJ+Zv99PNsyNkFjG +QpU84U3ZhsI4ygjdY45mpZueqI1RVcRQdu8Hgvoo/78Q/Sir6gMGop3mVdVo2guI +kFcJrXh0Xk3ech4aVqrmKx/mPXGwOAQU0DAul4RW3fKg1QxQE7Tlw3+95Ee/+q5j +HARL0uDbCJpRO8Sl8NDEuL32n/2Ot6kQeCSHrU7KJRYAkTxkKvr8zNow7hFhHFPE +SnHvTnskI6noh0VY6NwMhmLvhm0wKkRxZPzUNc3sgLvbK1NymIZ9aKCZamzhZrmG +vnblEz/OSLwGUua465H3hM1vvBQiartj7+6ZqWIkSmBPABEBAAGJAjYEGAEKACAW +IQSgNcjBkhm6gh7OqGtk5ij41oRpbQUCWr5PIAIbIAAKCRBk5ij41oRpbWmeEACG ++axtDC8UoNp9ORiYwEWLzZWDuugE+ah7DYYGD4Vs633FXVZW3SgM/bFtJ/0Lg8CF +74jI4LMHyIjDzEjcoItwnhBLix+kUoJTvrY58GPydwekLuw1p4KXLqtRs4fsZbNQ +YTknl4jYtRWoxO98x7tun7Gq2gqmJkIB2uj630fKz5cBk6p6oDFKjzyrHe+V7BiK +3okQPaD4x7hq8OnTy7lOy92ZZAqztS4tNEb4DkYW1MpuwsJ7hbBZitc1siI+FVVb +GjVVGZz6ssXoW67Tz8+VxdWJxNLXlv27eMcj4sme5S0th/YYNA5fRRv6zuzqZAru +YNGLpYYU7JLvZJ+3lCwa5j5ycOGBF0GvsGs6gj6h+CHkjR/BgzAgWC+GgUgslt6q +aH04rWtV6rVz+Y91LcrX5P6OM4anmXD3Gp3kl35AypXb4KyASF19+11RUziD4Z7q +wQEWfbwOltNyZv2lD8s2jPr7P02axWRQUbZAEhxRmvOQev/FZPyCF6gqUo/HxRbQ +y3bzmnipyHSv1DlXNfCFCHvN8kGyZnRWARqIKRg+j9ediJgOUqlLhg6KmrTVxd5v +3Dfv52PW2UODDTM20s3cQGuX/UswzMRwPI/+P44iCMwEKdm7duM/5oisZT9Vhy7g +P15MreFZLcZvUVgjqgy0u57cstyGK1Bo9e2sFcK2fA== +=6Zb4 +-----END PGP PUBLIC KEY BLOCK----- diff --git a/python310-rpmlintrc b/python310-rpmlintrc new file mode 100644 index 0000000..92241ae --- /dev/null +++ b/python310-rpmlintrc @@ -0,0 +1 @@ +addFilter("pem-certificate.*/usr/lib.*/python.*/test/*.pem") diff --git a/python310.changes b/python310.changes new file mode 100644 index 0000000..6649cd9 --- /dev/null +++ b/python310.changes @@ -0,0 +1,2989 @@ +------------------------------------------------------------------- +Thu May 5 14:35:56 UTC 2022 - Matej Cepl + +- Switch primary_interpreter from python38 to python310 + +------------------------------------------------------------------- +Sat Mar 26 22:52:45 UTC 2022 - Matej Cepl + +- Update to 3.10.4: + - bpo-46968: Check for the existence of the “sys/auxv.h” header + in faulthandler to avoid compilation problems in systems + where this header doesn’t exist. Patch by Pablo Galindo + - bpo-23691: Protect the re.finditer() iterator from + re-entering. + - bpo-42369: Fix thread safety of zipfile._SharedFile.tell() to + avoid a “zipfile.BadZipFile: Bad CRC-32 for file” exception + when reading a ZipFile from multiple threads. + - bpo-38256: Fix binascii.crc32() when it is compiled to use + zlib’c crc32 to work properly on inputs 4+GiB in length + instead of returning the wrong result. The workaround prior + to this was to always feed the function data in increments + smaller than 4GiB or to just call the zlib module function. + - bpo-39394: A warning about inline flags not at the start of + the regular expression now contains the position of the flag. + - bpo-47061: Deprecate the various modules listed by PEP 594: + - aifc, asynchat, asyncore, audioop, cgi, cgitb, chunk, crypt, + imghdr, msilib, nntplib, nis, ossaudiodev, pipes, smtpd, + sndhdr, spwd, sunau, telnetlib, uu, xdrlib + - bpo-2604: Fix bug where doctests using globals would fail + when run multiple times. + - bpo-45997: Fix asyncio.Semaphore re-aquiring FIFO order. + - bpo-47022: The asynchat, asyncore and smtpd modules have been + deprecated since at least Python 3.6. Their documentation and + deprecation warnings and have now been updated to note they + will removed in Python 3.12 (PEP 594). + - bpo-46421: Fix a unittest issue where if the command was + invoked as python -m unittest and the filename(s) began with + a dot (.), a ValueError is returned. + - bpo-40296: Fix supporting generic aliases in pydoc. + +- Update to 3.10.3: + - bpo-46940: Avoid overriding AttributeError metadata + information for nested attribute access calls. Patch by Pablo + Galindo. + - bpo-46852: Rename the private undocumented + float.__set_format__() method to float.__setformat__() to fix + a typo introduced in Python 3.7. The method is only used by + test_float. Patch by Victor Stinner. + - bpo-46794: Bump up the libexpat version into 2.4.6 + - bpo-46820: Fix parsing a numeric literal immediately (without + spaces) followed by “not in” keywords, like in 1not in x. Now + the parser only emits a warning, not a syntax error. + - bpo-46762: Fix an assert failure in debug builds when a ‘<’, + ‘>’, or ‘=’ is the last character in an f-string that’s + missing a closing right brace. + - bpo-46724: Make sure that all backwards jumps use the + JUMP_ABSOLUTE instruction, rather than JUMP_FORWARD with an + argument of (2**32)+offset. + - bpo-46732: Correct the docstring for the __bool__() method. + Patch by Jelle Zijlstra. + - bpo-46707: Avoid potential exponential backtracking when + producing some syntax errors involving lots of brackets. + Patch by Pablo Galindo. + - bpo-40479: Add a missing call to va_end() in + Modules/_hashopenssl.c. + - bpo-46615: When iterating over sets internally in + setobject.c, acquire strong references to the resulting items + from the set. This prevents crashes in corner-cases of + various set operations where the set gets mutated. + - bpo-45773: Remove two invalid “peephole” optimizations from + the bytecode compiler. + - bpo-43721: Fix docstrings of getter, setter, and deleter to + clarify that they create a new copy of the property. + - bpo-46503: Fix an assert when parsing some invalid N escape + sequences in f-strings. + - bpo-46417: Fix a race condition on setting a type __bases__ + attribute: the internal function add_subclass() now gets the + PyTypeObject.tp_subclasses member after calling + PyWeakref_NewRef() which can trigger a garbage collection + which can indirectly modify PyTypeObject.tp_subclasses. Patch + by Victor Stinner. + - bpo-46383: Fix invalid signature of _zoneinfo’s module_free + function to resolve a crash on wasm32-emscripten platform. + - bpo-46070: Py_EndInterpreter() now explicitly untracks all + objects currently tracked by the GC. Previously, if an object + was used later by another interpreter, calling + PyObject_GC_UnTrack() on the object crashed if the previous + or the next object of the PyGC_Head structure became + a dangling pointer. Patch by Victor Stinner. + - bpo-46339: Fix a crash in the parser when retrieving the + error text for multi-line f-strings expressions that do not + start in the first line of the string. Patch by Pablo Galindo + - bpo-46240: Correct the error message for unclosed parentheses + when the tokenizer doesn’t reach the end of the source when + the error is reported. Patch by Pablo Galindo + - bpo-46091: Correctly calculate indentation levels for lines + with whitespace character that are ended by line continuation + characters. Patch by Pablo Galindo + - bpo-43253: Fix a crash when closing transports where the + underlying socket handle is already invalid on the Proactor + event loop. + - bpo-47004: Apply bugfixes from importlib_metadata 4.11.3, + including bugfix for EntryPoint.extras, which was returning + match objects and not the extras strings. + - bpo-46985: Upgrade pip wheel bundled with ensurepip (pip + 22.0.4) + - bpo-46968: faulthandler: On Linux 5.14 and newer, dynamically + determine size of signal handler stack size CPython allocates + using getauxval(AT_MINSIGSTKSZ). This changes allows for + Python extension’s request to Linux kernel to use AMX_TILE + instruction set on Sapphire Rapids Xeon processor to succeed, + unblocking use of the ISA in frameworks. + - bpo-46955: Expose asyncio.base_events.Server as + asyncio.Server. Patch by Stefan Zabka. + - bpo-23325: The signal module no longer assumes that SIG_IGN + and SIG_DFL are small int singletons. + - bpo-46932: Update bundled libexpat to 2.4.7 + - bpo-25707: Fixed a file leak in + xml.etree.ElementTree.iterparse() when the iterator is not + exhausted. Patch by Jacob Walls. + - bpo-44886: Inherit asyncio proactor datagram transport from + asyncio.DatagramTransport. + - bpo-46827: Support UDP sockets in asyncio.loop.sock_connect() + for selector-based event loops. Patch by Thomas Grainger. + - bpo-46811: Make test suite support Expat >=2.4.5 + - bpo-46252: Raise TypeError if ssl.SSLSocket is passed to + transport-based APIs. + - bpo-46784: Fix libexpat symbols collisions with user + dynamically loaded or statically linked libexpat in embedded + Python. + - bpo-39327: shutil.rmtree() can now work with VirtualBox + shared folders when running from the guest operating-system. + - bpo-46756: Fix a bug in + urllib.request.HTTPPasswordMgr.find_user_password() and + urllib.request.HTTPPasswordMgrWithPriorAuth.is_authenticated() + which allowed to bypass authorization. For example, access to + URI example.org/foobar was allowed if the user was authorized + for URI example.org/foo. + - bpo-46643: In typing.get_type_hints(), support evaluating + stringified ParamSpecArgs and ParamSpecKwargs annotations. + Patch by Gregory Beauregard. + - bpo-45863: When the tarfile module creates a pax format + archive, it will put an integer representation of timestamps + in the ustar header (if possible) for the benefit of older + unarchivers, in addition to the existing full-precision + timestamps in the pax extended header. + - bpo-46676: Make typing.ParamSpec args and kwargs equal to + themselves. Patch by Gregory Beauregard. + - bpo-46672: Fix NameError in asyncio.gather() when initial + type check fails. + - bpo-46655: In typing.get_type_hints(), support evaluating + bare stringified TypeAlias annotations. Patch by Gregory + Beauregard. + - bpo-45948: Fixed a discrepancy in the C implementation of the + xml.etree.ElementTree module. Now, instantiating an + xml.etree.ElementTree.XMLParser with a target=None keyword + provides a default xml.etree.ElementTree.TreeBuilder target + as the Python implementation does. + - bpo-46521: Fix a bug in the codeop module that was + incorrectly identifying invalid code involving string quotes + as valid code. + - bpo-46581: Brings ParamSpec propagation for GenericAlias in + line with Concatenate (and others). + - bpo-46591: Make the IDLE doc URL on the About IDLE dialog + clickable. + - bpo-46400: expat: Update libexpat from 2.4.1 to 2.4.4 + - bpo-46487: Add the get_write_buffer_limits method to + asyncio.transports.WriteTransport and to the SSL transport. + - bpo-45173: Note the configparser deprecations will be removed + in Python 3.12. + - bpo-46539: In typing.get_type_hints(), support evaluating + stringified ClassVar and Final annotations inside Annotated. + Patch by Gregory Beauregard. + - bpo-46491: Allow typing.Annotated to wrap typing.Final and + typing.ClassVar. Patch by Gregory Beauregard. + - bpo-46436: Fix command-line option -d/--directory in module + http.server which is ignored when combined with command-line + option --cgi. Patch by Géry Ogam. + - bpo-41403: Make mock.patch() raise a TypeError with + a relevant error message on invalid arg. Previously it + allowed a cryptic AttributeError to escape. + - bpo-46474: In importlib.metadata.EntryPoint.pattern, avoid + potential REDoS by limiting ambiguity in consecutive + whitespace. + - bpo-46469: asyncio generic classes now return + types.GenericAlias in __class_getitem__ instead of the same + class. + - bpo-46434: pdb now gracefully handles help when __doc__ is + missing, for example when run with pregenerated optimized + .pyc files. + - bpo-46333: The __eq__() and __hash__() methods of + typing.ForwardRef now honor the module parameter of + typing.ForwardRef. Forward references from different modules + are now differentiated. + - bpo-46246: Add missing __slots__ to + importlib.metadata.DeprecatedList. Patch by Arie Bovenberg. + - bpo-46266: Improve day constants in calendar. + - Now all constants (MONDAY … SUNDAY) are documented, tested, + and added to __all__. + - bpo-46232: The ssl module now handles certificates with bit + strings in DN correctly. + - bpo-43118: Fix a bug in inspect.signature() that was causing + it to fail on some subclasses of classes with + a __text_signature__ referencing module globals. Patch by + Weipeng Hong. + - bpo-26552: Fixed case where failing asyncio.ensure_future() + did not close the coroutine. Patch by Kumar Aditya. + - bpo-21987: Fix an issue with tarfile.TarFile.getmember() + getting a directory name with a trailing slash. + - bpo-20392: Fix inconsistency with uppercase file extensions + in MimeTypes.guess_type(). Patch by Kumar Aditya. + - bpo-46080: Fix exception in argparse help text generation if + a argparse.BooleanOptionalAction argument’s default is + argparse.SUPPRESS and it has help specified. Patch by Felix + Fontein. + - bpo-44439: Fix .write() method of a member file in ZipFile, + when the input data is an object that supports the buffer + protocol, the file length may be wrong. + - bpo-45703: When a namespace package is imported before + another module from the same namespace is created/installed + in a different sys.path location while the program is + running, calling the importlib.invalidate_caches() function + will now also guarantee the new module is noticed. + - bpo-24959: Fix bug where unittest sometimes drops frames from + tracebacks of exceptions raised in tests. + - bpo-44791: Fix substitution of ParamSpec in Concatenate with + different parameter expressions. Substitution with a list of + types returns now a tuple of types. Substitution with + Concatenate returns now a Concatenate with concatenated lists + of arguments. + - bpo-14156: argparse.FileType now supports an argument of ‘-’ + in binary mode, returning the .buffer attribute of + sys.stdin/sys.stdout as appropriate. Modes including ‘x’ and + ‘a’ are treated equivalently to ‘w’ when argument is ‘-’. + Patch contributed by Josh Rosenberg + - bpo-46463: Fixes escape4chm.py script used when building the + CHM documentation file + - bpo-46913: Fix test_faulthandler.test_sigfpe() if Python is + built with undefined behavior sanitizer (UBSAN): disable + UBSAN on the faulthandler_sigfpe() function. Patch by Victor + Stinner. + - bpo-46708: Prevent default asyncio event loop policy + modification warning after test_asyncio execution. + - bpo-46678: The function make_legacy_pyc in + Lib/test/support/import_helper.py no longer fails when + PYTHONPYCACHEPREFIX is set to a directory on a different + device from where tempfiles are stored. + - bpo-46616: Ensures test_importlib.test_windows cleans up + registry keys after completion. + - bpo-44359: test_ftplib now silently ignores socket errors to + prevent logging unhandled threading exceptions. Patch by + Victor Stinner. + - bpo-46542: Fix a Python crash in test_lib2to3 when using + Python built in debug mode: limit the recursion limit. Patch + by Victor Stinner. + - bpo-46576: test_peg_generator now disables compiler + optimization when testing compilation of its own C extensions + to significantly speed up the testing on non-debug builds of + CPython. + - bpo-46542: Fix test_json tests checking for RecursionError: + modify these tests to use support.infinite_recursion(). Patch + by Victor Stinner. + - bpo-13886: Skip test_builtin PTY tests on non-ASCII + characters if the readline module is loaded. The readline + module changes input() behavior, but test_builtin is not + intented to test the readline module. Patch by Victor + Stinner. + - bpo-38472: Fix GCC detection in setup.py when + cross-compiling. The C compiler is now run with LC_ALL=C. + Previously, the detection failed with a German locale. + - bpo-46513: configure no longer uses AC_C_CHAR_UNSIGNED macro + and pyconfig.h no longer defines reserved symbol + __CHAR_UNSIGNED__. + - bpo-45296: Clarify close, quit, and exit in IDLE. In the File + menu, ‘Close’ and ‘Exit’ are now ‘Close Window’ (the current + one) and ‘Exit’ is now ‘Exit IDLE’ (by closing all windows). + In Shell, ‘quit()’ and ‘exit()’ mean ‘close Shell’. If there + are no other windows, this also exits IDLE. + - bpo-45447: Apply IDLE syntax highlighting to pyi files. Patch + by Alex Waygood and Terry Jan Reedy. + - bpo-46433: The internal function _PyType_GetModuleByDef now + correctly handles inheritance patterns involving static + types. + - bpo-14916: Fixed bug in the tokenizer that prevented + PyRun_InteractiveOne from parsing from the provided FD. + +- Remove upstreamed patches: + - support-expat-245.patch + +------------------------------------------------------------------- +Tue Feb 22 05:53:06 UTC 2022 - Steve Kowalik + +- Add patch support-expat-245.patch: + * Support Expat >= 2.4.5 + +------------------------------------------------------------------- +Tue Feb 15 23:05:55 UTC 2022 - Matej Cepl + +- bsc#1195831 Obsolete older "most modern" versions of python + packages (python39 for python310 and so forth). For next + versions it is necessary just to edit the macro. + +------------------------------------------------------------------- +Tue Jan 25 16:09:25 UTC 2022 - Matej Cepl + +- Remove second superfluous BR rpm-build-python + +------------------------------------------------------------------- +Tue Jan 25 16:09:25 UTC 2022 - Matej Cepl + +- Remove second superfluous BR rpm-build-python +- Add fix_configure_rst.patch, which removes duplicate link + targets and make documentation with old Sphinx in SLE +- Skip test_capi (bsc#1195140 and bpo#37169) + +------------------------------------------------------------------- +Wed Jan 19 22:01:51 UTC 2022 - Matej Cepl + +- Update to 3.10.2: + Bugfix only + - bpo#46347 memory leak in PyEval_EvalCodeEx (especially + visible with Cython code) + - and many others + +------------------------------------------------------------------- +Wed Dec 8 13:07:25 UTC 2021 - Matej Cepl + +- Upgrade to 3.10.1 (jsc#SLE-18038): + - PEP 623 – Deprecate and prepare for the removal of the wstr + member in PyUnicodeObject. + - PEP 604 – Allow writing union types as X | Y + - PEP 612 – Parameter Specification Variables + - PEP 626 – Precise line numbers for debugging and other tools. + - PEP 618 – Add Optional Length-Checking To zip. + - bpo-12782: Parenthesized context managers are now officially + allowed. + - PEP 632 – Deprecate distutils module. + - PEP 613 – Explicit Type Aliases + - PEP 634 – Structural Pattern Matching: Specification + - PEP 635 – Structural Pattern Matching: Motivation and + Rationale + - PEP 636 – Structural Pattern Matching: Tutorial + - PEP 644 – Require OpenSSL 1.1.1 or newer + - PEP 624 – Remove Py_UNICODE encoder APIs + - PEP 597 – Add optional EncodingWarning +- Patches readjusted: + - bpo-31046_ensurepip_honours_prefix.patch + - python-3.3.0b1-fix_date_time_compiler.patch + +------------------------------------------------------------------- +Sat Dec 4 18:40:28 UTC 2021 - Matej Cepl + +- Remove pdb_adjust_breakpoints.patch and instead just adjust location + of the test breakpoint in Lib/test/test_pdb.py via sed, because we + have shortened Lib/pdb.py by removing the shebang (bpo#45964). + +------------------------------------------------------------------- +Thu Dec 2 13:51:57 UTC 2021 - Matej Cepl + +- Add pdb_adjust_breakpoints.patch fixing expectd results in + test_pdb_breakpoints_preserved_across_interactive_sessions + (bpo#45964). + +------------------------------------------------------------------- +Mon Nov 29 00:17:07 UTC 2021 - Matej Cepl + +- Remove shebangs from from python-base libraries in _libdir + (bsc#1193179). +- Readjust patches: + - bpo-31046_ensurepip_honours_prefix.patch + - decimal.patch + - python-3.3.0b1-fix_date_time_compiler.patch + +------------------------------------------------------------------- +Tue Nov 16 16:03:43 UTC 2021 - Matej Cepl + +- Move rpm-build-python construct to correct place. + +------------------------------------------------------------------- +Wed Oct 13 08:52:47 UTC 2021 - Dominique Leuenberger + +- BuildRequire rpm-build-python: The provider to inject python(abi) + has been moved there. rpm-build pulls rpm-build-python + automatically in when building anything against python3-base, but + this implies that the initial build of python3-base does not + trigger the automatic installation. + +------------------------------------------------------------------- +Tue Oct 5 22:36:51 UTC 2021 - Matej Cepl + +- Final release of 3.10.0: + Complete list on https://www.python.org/downloads/release/python-3100/, + but highlights are: + - PEP 623 – Deprecate and prepare for the removal of the wstr + member in PyUnicodeObject. + - PEP 604 – Allow writing union types as X | Y + - PEP 612 – Parameter Specification Variables + - PEP 626 – Precise line numbers for debugging and other + tools. + - PEP 618 – Add Optional Length-Checking To zip. + - PEP 632 – Deprecate distutils module. + - PEP 613 – Explicit Type Aliases + - PEP 634 – Structural Pattern Matching: Specification + - PEP 635 – Structural Pattern Matching: Motivation and + Rationale + - PEP 636 – Structural Pattern Matching: Tutorial + - PEP 644 – Require OpenSSL 1.1.1 or newer + - PEP 624 – Remove Py_UNICODE encoder APIs + - PEP 597 – Add optional EncodingWarning + - bpo-12782: Parenthesized context managers are now officially + allowed. + +------------------------------------------------------------------- +Mon Aug 30 12:48:25 UTC 2021 - Matej Cepl + +- Switch on option --with-system-libmpdec (bsc#1189356). + +------------------------------------------------------------------- +Fri Aug 27 13:15:03 UTC 2021 - Andreas Schwab + +- Reenable profileopt with qemu emulation, test_faulthandler is no longer + run during profiling + +------------------------------------------------------------------- +Thu Aug 12 15:11:39 UTC 2021 - Andreas Schwab + +- test_faulthandler is still problematic under qemu linux-user emulation, + disable it there + +------------------------------------------------------------------- +Wed Aug 11 05:57:11 UTC 2021 - Matej Cepl + +- Update to 3.10.0rc1 (the penultimate prerelease), which contains + plenty of small bugfixes among others: + - bpo#38605: from __future__ import annotations (PEP 563) used to be + on this list in previous pre-releases but it has been postponed to + Python 3.11 due to some compatibility concerns. + - bpo-44600: Fix incorrect line numbers while tracing some failed + patterns in match statements. Patch by Charles Burkland. + - plenty of modifications in types.Union + +------------------------------------------------------------------- +Wed Jul 21 13:44:48 UTC 2021 - Matej Cepl + +- Update to 3.10.0b4: + https://docs.python.org/3.10/whatsnew/changelog.html#python-3-10-0-beta-4 +- Remove python3-imp-returntype.patch which has been upstreamed. + +------------------------------------------------------------------- +Mon Jun 7 15:52:44 UTC 2021 - Matej Cepl + +- Update to 3.10.0b2: + - PEP 623 -- Deprecate and prepare for the removal of the wstr + member in PyUnicodeObject. + - PEP 604 -- Allow writing union types as X | Y + - PEP 612 -- Parameter Specification Variables + - PEP 626 -- Precise line numbers for debugging and other + tools. + - PEP 618 -- Add Optional Length-Checking To zip. + - bpo-12782: Parenthesized context managers are now officially + allowed. + - PEP 632 -- Deprecate distutils module. + - PEP 613 -- Explicit Type Aliases + - PEP 634 -- Structural Pattern Matching: Specification + - PEP 635 -- Structural Pattern Matching: Motivation and + Rationale + - PEP 636 -- Structural Pattern Matching: Tutorial + - PEP 644 -- Require OpenSSL 1.1.1 or newer + - PEP 624 -- Remove Py_UNICODE encoder APIs + - PEP 597 -- Add optional EncodingWarning +- Removed patches (assumed upstream): + - sphinx-update-removed-function.patch + +------------------------------------------------------------------- +Sat Jun 5 21:21:38 UTC 2021 - Matej Cepl + +- Revert previous skip over test_capi +- Add skip-test_pyobject_freed_is_freed.patch to skip failing + test on SLE-15. + +------------------------------------------------------------------- +Fri Jun 4 21:36:30 UTC 2021 - Dirk Müller + +- allow build with Sphinx >= 3.x + +------------------------------------------------------------------- +Wed Jun 2 13:12:04 UTC 2021 - Dan Čermák + +- Exclude test_capi on Leap (test fails there) + +------------------------------------------------------------------- +Fri May 21 15:13:59 UTC 2021 - Matej Cepl + +- Stop providing "python" symbol (bsc#1185588), which means + python2 currently. + +------------------------------------------------------------------- +Wed May 5 15:16:58 UTC 2021 - Matej Cepl + +- Update to 3.9.5: + * Security + - bpo-43434: Creating a sqlite3.Connection object now also + produces a sqlite3.connect auditing event. Previously this + event was only produced by sqlite3.connect() calls. Patch + by Erlend E. Aasland. + - bpo-43882: The presence of newline or tab characters in + parts of a URL could allow some forms of attacks. + - Following the controlling specification for URLs defined by + WHATWG urllib.parse() now removes ASCII newlines and tabs + from URLs, preventing such attacks. + - bpo-43472: Ensures interpreter-level audit hooks receive + the cpython.PyInterpreterState_New event when called + through the _xxsubinterpreters module. + - bpo-36384: ipaddress module no longer accepts any leading + zeros in IPv4 address strings. Leading zeros are ambiguous + and interpreted as octal notation by some libraries. For + example the legacy function socket.inet_aton() treats + leading zeros as octal notatation. glibc implementation of + modern inet_pton() does not accept any leading zeros. For + a while the ipaddress module used to accept ambiguous + leading zeros. + - bpo-43075: Fix Regular Expression Denial of Service (ReDoS) + vulnerability in urllib.request.AbstractBasicAuthHandler. + The ReDoS-vulnerable regex has quadratic worst-case + complexity and it allows cause a denial of service when + identifying crafted invalid RFCs. This ReDoS issue is on + the client side and needs remote attackers to control the + HTTP server. + - bpo-42800: Audit hooks are now fired for frame.f_code, + traceback.tb_frame, and generator code/frame attribute + access. + * Core and Builtins + - bpo-43105: Importlib now resolves relative paths when + creating module spec objects from file locations. + - bpo-42924: Fix bytearray repetition incorrectly copying + data from the start of the buffer, even if the data is + offset within the buffer (e.g. after reassigning a slice at + the start of the bytearray to a shorter byte string). + * Library + - bpo-43993: Update bundled pip to 21.1.1. + - bpo-43937: Fixed the turtle module working with non-default + root window. + - bpo-43930: Update bundled pip to 21.1 and setuptools to + 56.0.0 + - bpo-43920: OpenSSL 3.0.0: load_verify_locations() now + returns a consistent error message when cadata contains no + valid certificate. + - bpo-43607: urllib can now convert Windows paths with \\?\ + prefixes into URL paths. + - bpo-43284: platform.win32_ver derives the windows version + from sys.getwindowsversion().platform_version which in turn + derives the version from kernel32.dll (which can be of + a different version than Windows itself). Therefore change + the platform.win32_ver to determine the version using the + platform module’s _syscmd_ver private function to return an + accurate version. + - bpo-42248: [Enum] ensure exceptions raised in _missing__ + are released + - bpo-43799: OpenSSL 3.0.0: define OPENSSL_API_COMPAT 1.1.1 + to suppress deprecation warnings. Python requires OpenSSL + 1.1.1 APIs. + - bpo-43794: Add ssl.OP_IGNORE_UNEXPECTED_EOF constants + (OpenSSL 3.0.0) + - bpo-43789: OpenSSL 3.0.0: Don’t call the password callback + function a second time when first call has signaled an + error condition. + - bpo-43788: The header files for ssl error codes are now + OpenSSL version-specific. Exceptions will now show correct + reason and library codes. The make_ssl_data.py script has + been rewritten to use OpenSSL’s text file with error codes. + - bpo-43655: tkinter dialog windows are now recognized as + dialogs by window managers on macOS and X Window. + - bpo-43534: turtle.textinput() and turtle.numinput() create + now a transient window working on behalf of the canvas + window. + - bpo-43522: Fix problem with hostname_checks_common_name. + OpenSSL does not copy hostflags from struct SSL_CTX to + struct SSL. + - bpo-42967: Allow bytes separator argument in + urllib.parse.parse_qs and urllib.parse.parse_qsl when + parsing str query strings. Previously, this raised + a TypeError. + - bpo-43176: Fixed processing of a dataclass that inherits + from a frozen dataclass with no fields. It is now correctly + detected as an error. + - bpo-41735: Fix thread locks in zlib module may go wrong in + rare case. Patch by Ma Lin. + - bpo-36470: Fix dataclasses with InitVars and replace(). + Patch by Claudiu Popa. + - bpo-32745: Fix a regression in the handling of ctypes’ + ctypes.c_wchar_p type: embedded null characters would cause + a ValueError to be raised. Patch by Zackery Spytz. + * Documentation + - bpo-43959: The documentation on the PyContextVar C-API was + clarified. + - bpo-43938: Update dataclasses documentation to express that + FrozenInstanceError is derived from AttributeError. + - bpo-43755: Update documentation to reflect that + unparenthesized lambda expressions can no longer be the + expression part in an if clause in comprehensions and + generator expressions since Python 3.9. + - bpo-43739: Fixing the example code in + Doc/extending/extending.rst to declare and initialize the + pmodule variable to be of the right type. + * Tests + - bpo-43961: Fix + test_logging.test_namer_rotator_inheritance() on Windows: + use os.replace() rather than os.rename(). Patch by Victor + Stinner. + - bpo-43842: Fix a race condition in the SMTP test of + test_logging. Don’t close a file descriptor (socket) from + a different thread while asyncore.loop() is polling the + file descriptor. Patch by Victor Stinner. + - bpo-43811: Tests multiple OpenSSL versions on GitHub + Actions. Use ccache to speed up testing. + - bpo-43791: OpenSSL 3.0.0: Disable testing of legacy + protocols TLS 1.0 and 1.1. Tests are failing with + TLSV1_ALERT_INTERNAL_ERROR. +- Refreshed patches: + - bpo-31046_ensurepip_honours_prefix.patch + - python-3.3.0b1-fix_date_time_compiler.patch +- Add vendorized files from bluez-devel to enable building support for + Bluetooth. + +------------------------------------------------------------------- +Sun May 2 09:20:06 UTC 2021 - Ben Greiner + +- Make sure to close the import_failed.map file after the exception + has been raised in order to avoid ResourceWarnings when the + failing import is part of a try...except block. + +------------------------------------------------------------------- +Wed Apr 28 16:39:54 UTC 2021 - Matej Cepl + +- Update to 3.9.4: + - bpo#43710: Reverted the fix for https://bugs.python.org/issue42500 + as it changed the PyThreadState struct size and broke the 3.9.x ABI + in the 3.9.3 release (visible on 32-bit platforms using binaries + compiled using an earlier version of Python 3.9.x headers). + - bpo#26053: Fixed bug where the pdb interactive run command echoed + the args from the shell command line, even if those have been + overridden at the pdb prompt. + - bpo#42988 (bsc#1183374) CVE-2021-3426: Remove the getfile + feature of the pydoc module which could be abused to read + arbitrary files on the disk (directory traversal + vulnerability). Moreover, even source code of Python modules + can contain sensitive data like passwords. Vulnerability + reported by David Schwörer. + - bpo#43285: ftplib no longer trusts the IP address value + returned from the server in response to the PASV command by + default. This prevents a malicious FTP server from using the + response to probe IPv4 address and port combinations on the + client network. Code that requires the former vulnerable + behavior may set a trust_server_pasv_ipv4_address attribute + on their ftplib.FTP instances to True to re-enable it. + - bpo#43439: Add audit hooks for gc.get_objects(), + gc.get_referrers() and gc.get_referents(). Patch by Pablo + Galindo. + - bpo#43660: Fix crash that happens when replacing sys.stderr + with a callable that can remove the object while an exception + is being printed. Patch by Pablo Galindo. + - bpo#43555: Report the column offset for SyntaxError for + invalid line continuation characters. Patch by Pablo Galindo. + - bpo#43517: Fix misdetection of circular imports when using + from pkg.mod import attr, which caused false positives in + non-trivial multi-threaded code. + - bpo#35883: Python no longer fails at startup with a fatal + error if a command line argument contains an invalid Unicode + character. The Py_DecodeLocale() function now escapes byte + sequences which would be decoded as Unicode characters + outside the [U+0000; U+10ffff] range. + - bpo#43406: Fix a possible race condition where + PyErr_CheckSignals tries to execute a non-Python signal + handler. + - bpo#42500: Improve handling of exceptions near recursion + limit. Converts a number of Fatal Errors in RecursionErrors. + - bpo#43433: xmlrpc.client.ServerProxy no longer ignores query + and fragment in the URL of the server. + - bpo#35930: Raising an exception raised in a “future” instance + will create reference cycles. + - bpo#43577: Fix deadlock when using ssl.SSLContext debug + callback with ssl.SSLContext.sni_callback(). + - bpo#43521: ast.unparse can now render NaNs and empty sets. + - bpo#43423: subprocess.communicate() no longer raises an + IndexError when there is an empty stdout or stderr IO buffer + during a timeout on Windows. + - bpo#27820: Fixed long-standing bug of smtplib.SMTP where + doing AUTH LOGIN with initial_response_ok=False will fail. + The cause is that SMTP.auth_login _always_ returns a password + if provided with a challenge string, thus non-compliant with + the standard for AUTH LOGIN. Also fixes bug with the test for + smtpd. + - bpo#43332: Improves the networking efficiency of http.client + when using a proxy via set_tunnel(). Fewer small send calls + are made during connection setup. + - bpo#43399: Fix ElementTree.extend not working on iterators + when using the Python implementation + - bpo#43316: The python -m gzip command line application now + properly fails when detecting an unsupported extension. It + exits with a non-zero exit code and prints an error message + to stderr. + - bpo#43260: Fix TextIOWrapper can not flush internal buffer + forever after very large text is written. + - bpo#42782: Fail fast in shutil.move() to avoid creating + destination directories on failure. + - bpo#37193: Fixed memory leak in socketserver.ThreadingMixIn + introduced in Python 3.7. + - bpo#43199: Answer “Why is there no goto?” in the Design and + History FAQ. + - bpo#43407: Clarified that a result from time.monotonic(), + time.perf_counter(), time.process_time(), or + time.thread_time() can be compared with the result from any + following call to the same function - not just the next + immediate call. + - bpo#27646: Clarify that ‘yield from ’ works with any + iterable, not just iterators. + - bpo#36346: Update some deprecated unicode APIs which are + documented as “will be removed in 4.0” to “3.12”. See PEP 623 + for detail. + - bpo#37945: Fix test_getsetlocale_issue1813() of test_locale: + skip the test if setlocale() fails. Patch by Victor Stinner. + - bpo#41561: Add workaround for Ubuntu’s custom OpenSSL + security level policy. + - bpo#43288: Fix test_importlib to correctly skip Unicode file + tests if the fileystem does not support them. + - bpo#43617: Improve configure.ac: Check for presence of + autoconf-archive package and remove our copies of M4 macros. + - bpo#42225: Document that IDLE can fail on Unix either from + misconfigured IP masquerage rules or failure displaying + complex colored (non-ascii) characters. + - bpo#43283: Document why printing to IDLE’s Shell is often + slower than printing to a system terminal and that it can be + made faster by pre-formatting a single string before + printing. + +------------------------------------------------------------------- +Fri Feb 19 16:58:38 UTC 2021 - Matej Cepl + +- Update to 3.9.2: + - bpo#42938 (bsc#1181126): Avoid static buffers when computing + the repr of ctypes.c_double and ctypes.c_longdouble + values. This issue was assigned CVE-2021-3177. + - bpo#42967 (bsc#1182379): Fix web cache poisoning + vulnerability by defaulting the query args separator to &, + and allowing the user to choose a custom separator. This + issue was assigned CVE-2021-23336. +- Upstreamed patches were removed: + - CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch + - bsc1167501-invalid-alignment.patch + - skip_random_failing_tests.patch + - CVE-2019-5010-null-defer-x509-cert-DOS.patch + +------------------------------------------------------------------- +Tue Feb 9 01:37:59 UTC 2021 - Steve Kowalik + +- Add Obsoletes for python3-base when primary interpreter is set to + properly replace it during upgrades. (bsc#1181324) + +------------------------------------------------------------------- +Mon Feb 8 22:02:03 UTC 2021 - Matej Cepl + +- Update to 3.9.1: + Security bugs: + - Prevented potential DoS attack via CPU and RAM exhaustion + when processing malformed Apple Property List files in binary + format. + - The plistlib module no longer accepts entity declarations in + XML plist files to avoid XML vulnerabilities. This should not + affect users as entity declarations are not used in regular + plist files. + - Add volatile to the accumulator variable in + hmac.compare_digest, making constant-time-defeating + optimizations less likely. + Core and Builtins + - Allow assignment expressions in set literals and set + comprehensions as per PEP 572. Patch by Pablo Galindo. + - Fix a regression introduced by the new parser, where an + unparenthesized walrus operator was not allowed within + generator expressions. + - types.GenericAlias objects can now be the targets of + weakrefs. + - Fixed a bug in the PEG parser that was causing crashes in + debug mode. Now errors are checked in left-recursive rules to + avoid cases where such errors do not get handled in time and + appear as long-distance crashes in other places. + - Fixed a possible crash in the PEG parser when checking for + the ‘!=’ token in the barry_as_flufl rule. Patch by Pablo + Galindo. + - Fix handling of errors during creation of PyFunctionObject, + which resulted in operations on uninitialized memory. Patch + by Yonatan Goldschmidt. + - Fix a bug in the parser, where a curly brace following + a primary didn’t fail immediately. This led to invalid + expressions like a {b} to throw a SyntaxError with a wrong + offset, or invalid expressions ending with a curly brace like + a { to not fail immediately in the REPL. + - Fix possible buffer overflow in the new parser when checking + for continuation lines. Patch by Pablo Galindo. + - Run the parser two times. On the first run, disable all the + rules that only generate better error messages to gain + performance. If there’s a parse failure, run the parser + a second time with those enabled. + - Document the default implementation of object.__eq__. + - Fix peephole optimizer misoptimize conditional jump + + JUMP_IF_NOT_EXC_MATCH pair. + - The garbage collector now tracks all user-defined classes. + Patch by Brandt Bucher. + - Fixed potential issues with removing not completely + initialized module from sys.modules when import fails. + - Star-unpacking is now allowed for with item’s targets in the + PEG parser. + - Fixed stack overflow in issubclass() and isinstance() when + getting the __bases__ attribute leads to infinite recursion. + - When loading a native module and a load failure occurs, + prevent a possible UnicodeDecodeError when not running in + a UTF-8 locale by decoding the load error message using the + current locale’s encoding. + - Correctly count control blocks in ‘except’ in compiler. + Ensures that a syntax error, rather a fatal error, occurs for + deeply nested, named exception handlers. + Library + - types.GenericAlias will now raise a TypeError when attempting + to initialize with a keyword argument. Previously, this would + cause the interpreter to crash if the interpreter was + compiled with debug symbols. This does not affect + interpreters compiled for release. Patch by Ken Jin. + - CGIHTTPRequestHandler.run_cgi() HTTP_ACCEPT improperly + parsed. Replace the special purpose getallmatchingheaders + with generic get_all method and add relevant tests. + - inspect.findsource() now raises OSError instead of IndexError + when co_lineno of a code object is greater than the file + length. This can happen, for example, when a file is edited + after it was imported. PR by Irit Katriel. + - Fix handling of trailing comments by inspect.getsource(). + - ChainMap.__iter__ no longer calls __getitem__ on underlying + maps + - TracebackException no longer holds a reference to the + exception’s traceback object. Consequently, instances of + TracebackException for equivalent but non-equal exceptions + now compare as equal. + - We fixed an issue in pickle.whichmodule in which importing + multiprocessing could change the how pickle identifies which + module an object belongs to, potentially breaking the + unpickling of those objects. + - Clarify the error message for asyncio.IncompleteReadError + when expected is None. + - Extracting a symlink from a tarball should succeed and + overwrite the symlink if it already exists. The fix is to + remove the existing file or symlink before extraction. Based + on patch by Chris AtLee, Jeffrey Kintscher, and Senthil + Kumaran. + - Fixed tkinter.ttk.Style.map(). The function accepts now the + representation of the default state as empty sequence (as + returned by Style.map()). The structure of the result is now + the same on all platform and does not depend on the value of + wantobjects. + - Fix various issues with typing.Literal parameter handling + (flatten, deduplicate, use type to cache key). Patch provided + by Yurii Karabas. + - Fix the threading.Thread class at fork: do nothing if the + thread is already stopped (ex: fork called at Python exit). + Previously, an error was logged in the child process. + - The onerror callback from shutil.rmtree now receives correct + function when os.open fails. + - Fix os.sendfile() on illumos. + - Fixed writing binary Plist files larger than 4 GiB. + - The repr() of typing types containing Generic Alias Types + previously did not show the parameterized types in the + GenericAlias. They have now been changed to do so. + - webbrowser: Ignore NotADirectoryError when calling + xdg-settings. + - binhex.binhex() consisently writes macOS 9 line endings. + - Fix a stack overflow error for asyncio Task or Future repr(). + - The overflow occurs under some circumstances when a Task or + Future recursively returns itself. + - Fix memory leak in subprocess.Popen() in case an uid (gid) + specified in user (group, extra_groups) overflows uid_t + (gid_t). + - Improve asyncio.wait function to create the futures set just + one time. + - InvalidFileException and RecursionError are now the only + errors caused by loading malformed binary Plist file + (previously ValueError and TypeError could be raised in some + specific cases). + - Pickling heap types implemented in C with protocols 0 and + 1 raises now an error instead of producing incorrect data. + - plistlib: fix parsing XML plists with hexadecimal integer + values + - Fix an incorrectly formatted error from + _codecs.charmap_decode() when called with a mapped value + outside the range of valid Unicode code points. PR by Max + Bernstein. + - Fix pickling pure Python datetime.time subclasses. Patch by + Dean Inwood. + - Fixed a bug that was causing ctypes.util.find_library() to + return None when triying to locate a library in an + environment when gcc>=9 is available and ldconfig is not. + Patch by Pablo Galindo + - C14N 2.0 serialisation in xml.etree.ElementTree failed for + unprefixed attributes when a default namespace was defined. + - Fix a bug in the symtable module that was causing + module-scope global variables to not be reported as both + local and global. Patch by Pablo Galindo. + - str() for the type attribute of the tkinter.Event object + always returns now the numeric code returned by Tk instead of + the name of the event type. + - fix tkinter.EventType Enum so all members are strings, and + none are tuples + - Fix SQLite3 segfault when backing up closed database. Patch + contributed by Peter David McCormick. + - Fix the tarfile module to write only basename of TAR file to + GZIP compression header. + - Allow ctypes.wintypes to be imported on non-Windows systems. + - shutil.which() now ignores empty entries in PATHEXT instead + of treating them as a match. + - Fix time-of-check/time-of-action issue in + subprocess.Popen.send_signal. + - Fix --outfile for cProfile / profile not writing the output + file in the original directory when the program being + profiled changes the working directory. PR by Anthony + Sottile. + - ZipFile truncates files to avoid corruption when a shorter + comment is provided in append (“a”) mode. Patch by Jan Mazur. + - Fixed KeyError exception when flattening an email to a string + attempts to replace a non-existent Content-Transfer-Encoding + header. + Documentation + - Fix the URL for the IMAP protocol documents. + - Document __format__ functionality for IP addresses. + - Clarify that subscription expressions are also valid for + certain classes and types in the standard library, and for + user-defined classes and types if the classmethod + __class_getitem__() is provided. + - Documented generic alias type and types.GenericAlias. Also + added an entry in glossary for generic types. + - In Programming FAQ “Sequences (Tuples/Lists)” section, add + “How do you remove multiple items from a list”. + - Fix RemovedInSphinx40Warning when building the documentation. + Patch by Dong-hee Na. + - Update the refcounts info of PyType_FromModuleAndSpec. + - Fix tarfile’s extractfile documentation + - Document some restrictions on the default string + representations of numeric classes. + Tests + - Reenable test_gdb on gdb 9.2 and newer: + https://bugzilla.redhat.com/show_bug.cgi?id=1866884 bug is + fixed in gdb 10.1. + - Fix test_asyncio.test_call_later() race condition: don’t + measure asyncio performance in the call_later() unit test. + The test failed randomly on the CI. + - Include _testinternalcapi module in Windows installer for + test suite + - Fix test_logging.test_race_between_set_target_and_flush(): + the test now waits until all threads complete to avoid + leaking running threads. + - Avoid a test failure in test_lib2to3 if the module has + already imported at the time the test executes. Patch by + Pablo Galindo. + - Tests for CJK codecs no longer call eval() on content + received via HTTP. + - Fix test_site.test_license_exists_at_url(): call + urllib.request.urlcleanup() to reset the global + urllib.request._opener. Patch by Victor Stinner. + - test_ssl: skip test_min_max_version_mismatch when TLS 1.0 is + not available + - Add tests for SIGINT handling in the runpy module. + - Fixed a failure in test_tk.test_widgets.ScaleTest happening + when executing the test with Tk 8.6.10. + Build + - Fix a race condition in “make regen-all” when make -jN option + is used to run jobs in parallel. The clinic.py script now + only use atomic write to write files. Moveover, generated + files are now left unchanged if the content does not change, + to not change the file modification time. + - Update Py_UNREACHABLE to use __builtin_unreachable() if only + the compiler is able to use it. Patch by Dong-hee Na. + - Addressed three compiler warnings found by undefined behavior + sanitizer (ubsan). + IDLE + - Fix reporting offset of the RE error in searchengine. + - Get docstrings for IDLE calltips more often by using + inspect.getdoc. + - Mostly finish using ttk widgets, mainly for editor, settings, + and searches. Some patches by Mark Roseman. + - Use ‘IDLE Shell’ as shell title + - Rewrite the Calltips doc section. + - In calltips, stop reminding that ‘/’ marks the end of + positional-only arguments. + - Typing opening and closing parentheses inside the parentheses + of a function call will no longer cause unnecessary + “flashing” off and on of an existing open call-tip, e.g. when + typed in a string literal. + C API + - Fix potential crash in deallocating method objects when + dynamically allocated PyMethodDef’s lifetime is managed + through the self argument of a PyCFunction. + - Py_FileSystemDefaultEncodeErrors and Py_UTF8Mode are + available again in limited API. +- Readjustet and reapplied patches: + - CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch + - bpo-31046_ensurepip_honours_prefix.patch + - python-3.3.0b1-fix_date_time_compiler.patch + - skip_random_failing_tests.patch + - sphinx-update-removed-function.patch + +------------------------------------------------------------------- +Fri Jan 29 17:22:48 UTC 2021 - Matej Cepl + +- Add CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch fixing + bsc#1181126 (CVE-2021-3177) buffer overflow in PyCArg_repr in + _ctypes/callproc.c, which may lead to remote code execution. + +------------------------------------------------------------------- +Tue Jan 5 09:15:36 UTC 2021 - Matej Cepl + +- (bsc#1180125) We really don't Require python-rpm-macros package. + Unnecessary dependency. + +------------------------------------------------------------------- +Wed Dec 16 16:08:42 UTC 2020 - Matej Cepl + +- Make python39-doc building again +- Add no-skipif-doctests.patch, because SLE-15 version of Sphinx + doesn't know about skipif directive in doctests. + +------------------------------------------------------------------- +Sat Dec 12 14:29:33 UTC 2020 - Matej Cepl + +- Update sphinx-update-removed-function.patch patch to the latest + version in python36. + +------------------------------------------------------------------- +Thu Dec 10 00:26:51 UTC 2020 - Benjamin Greiner + +- Last try before this results in an editwar: + * remove importlib_resources and importlib-metadata + provides/obsoletes + * import importlib_resources is not the same as + import importlib.resources, same for metadata + * The backport packages from PyPI needed for older flavors are + specified as such for setuptools or in pyproject.toml. If a + package requires them they typically add them with a python + version qualifier and the packages have their own version + numbers. + +------------------------------------------------------------------- +Sat Dec 5 16:55:12 UTC 2020 - Matej Cepl + +- Add patch sphinx-update-removed-function.patch to no longer call + a now removed function and to make documentation build independent of + the Sphinx version (bsc#1179630, gh#python/cpython#13236). + +------------------------------------------------------------------- +Fri Nov 13 17:20:08 UTC 2020 - Matej Cepl + +- Don't require packages which break build on SLE-15 although we really + don't need them (python3-python-docs-theme and + python3-sphinxcontrib-qthelp). + +------------------------------------------------------------------- +Fri Oct 9 16:05:50 UTC 2020 - Dominique Leuenberger + +- Fix build with RPM 4.16: error: bare words are no longer + supported, please use "...": x86 == ppc. + +------------------------------------------------------------------- +Tue Oct 6 07:30:56 UTC 2020 - Matej Cepl + +- Update to the final version 3.9.0: + Complete changelog with all (many) + changes from previous version is on + https://docs.python.org/release/3.9.0/whatsnew/3.9.html + Changes from the previous RC versions (not that many) are on + https://docs.python.org/release/3.9.0/whatsnew/changelog.html#changelog + +------------------------------------------------------------------- +Fri Sep 25 06:58:03 UTC 2020 - Dominique Leuenberger + +- Buildrequire timezone only for general flavor. It's used in this + flavor for the test suite. + +------------------------------------------------------------------- +Wed Sep 2 14:39:44 UTC 2020 - Matej Cepl + +- Update to 3.9.0rc1: + * Core and Builtins + - bpo-38156: Handle interrupts that come after EOF + correctly in PyOS_StdioReadline. + * Library + - bpo-41497: Fix potential UnicodeDecodeError in dis + module. + - bpo-41490: Update ensurepip to install pip 20.2.1 and + setuptools 49.2.1. + - bpo-41467: On Windows, fix asyncio recv_into() return + value when the socket/pipe is closed (BrokenPipeError): + return 0 rather than an empty byte string (b''). + - bpo-41425: Make tkinter doc example runnable. + - bpo-41384: Raise TclError instead of TypeError when an + unknown option is passed to tkinter.OptionMenu. + - bpo-38731: Fix NameError in command-line interface of + py_compile. + - bpo-41317: Use add_done_callback() in + asyncio.loop.sock_accept() to unsubscribe reader early on + cancellation. + - bpo-41364: Reduce import overhead of uuid. + - bpo-41341: Recursive evaluation of typing.ForwardRef in + get_type_hints. + - bpo-41182: selector: use DefaultSelector based upon + implementation + - bpo-40726: Handle cases where the end_lineno is None on + ast.increment_lineno(). + * Documentation + - bpo-41045: Add documentation for debug feature of + f-strings. + - bpo-41314: Changed the release when from __future__ + import annotations becomes the default from 4.0 to 3.10 + (following a change in PEP 563). + * Windows + - bpo-41492: Fixes the description that appears in UAC + prompts. + - bpo-40948: Improve post-install message to direct people + to the “py” command. + - bpo-41412: The installer will now fail to install on + Windows 7 and Windows 8. Further, the UCRT dependency is + now always downloaded on demand. + - bpo-40741: Update Windows release to include SQLite + 3.32.3. + * IDLE + - bpo-41468: Improve IDLE run crash error message (which + users should never see). + - bpo-41373: Save files loaded with no line ending, as when + blank, or different line endings, by setting its line + ending to the system default. Fix regression in 3.8.4 and + 3.9.0b4. + +------------------------------------------------------------------- +Tue Sep 1 10:15:06 UTC 2020 - Matej Cepl + +- Synchronize formatting and fixes with python38. + +------------------------------------------------------------------- +Thu Aug 20 15:41:28 UTC 2020 - Andreas Schwab + +- Increase testsuite timeout to account for super long running + test_peg_generator + +------------------------------------------------------------------- +Tue Jul 21 09:53:06 UTC 2020 - Callum Farmer + +- Removed CVE-2019-20907_tarfile-inf-loop.patch: fixed in upstream +- Removed recursion.tar: contained in upstream +- Update to 3.9.0b5: + - bpo-41304: Fixes python3x._pth being ignored on Windows, caused + by the fix for bpo-29778 (CVE-2020-15801). + - bpo-41162: Audit hooks are now cleared later during + finalization to avoid missing events. + - bpo-29778: Ensure python3.dll is loaded from correct locations + when Python is embedded (CVE-2020-15523). + - bpo-39603: Prevent http header injection by rejecting control + characters in http.client.putrequest(…). + - bpo-41295: Resolve a regression in CPython 3.8.4 where defining + “__setattr__” in a multi-inheritance setup and + calling up the hierarchy chain could fail if builtins/extension + types were involved in the base types. + - bpo-41247: Always cache the running loop holder when running + asyncio.set_running_loop. + - bpo-41252: Fix incorrect refcounting in + _ssl.c’s _servername_callback(). + - bpo-41215: Use non-NULL default values in the PEG parser + keyword list to overcome a bug that was ' + preventing Python from being properly compiled when using the + XLC compiler. Patch by Pablo Galindo. + - bpo-41218: Python 3.8.3 had a regression where compiling with + ast.PyCF_ALLOW_TOP_LEVEL_AWAIT would + aggressively mark list comprehension with CO_COROUTINE. Now only + list comprehension making use of async/await will tagged as so. + - bpo-41175: Guard against a NULL pointer dereference within + bytearrayobject triggered by the bytearray() + bytearray() operation. + - bpo-39960: The “hackcheck” that prevents sneaking around a type’s + __setattr__() by calling the superclass method was + rewritten to allow C implemented heap types. + - bpo-41288: Unpickling invalid NEWOBJ_EX opcode with the + C implementation raises now UnpicklingError instead of crashing. + - bpo-39017: Avoid infinite loop when reading specially crafted + TAR files using the tarfile module (CVE-2019-20907, bsc#1174091). + - bpo-41235: Fix the error handling in ssl.SSLContext.load_dh_params(). + - bpo-41207: In distutils.spawn, restore expectation that + DistutilsExecError is raised when the command is not found. + - bpo-39168: Remove the __new__ method of typing.Generic. + - bpo-41194: Fix a crash in the _ast module: it can no longer be + loaded more than once. It now uses a global state rather than a module state. + - bpo-39384: Fixed email.contentmanager to allow set_content() to set a + null string. + - bpo-41300: Save files with non-ascii chars. + Fix regression released in 3.9.0b4 and 3.8.4. + - bpo-37765: Add keywords to module name completion list. + Rewrite Completions section of IDLE doc. + - bpo-40170: Revert PyType_HasFeature() change: it reads + again directly the PyTypeObject.tp_flags + member when the limited C API is not used, rather than always calling + PyType_GetFlags() which hides implementation details. + +------------------------------------------------------------------- +Mon Jul 20 12:06:41 UTC 2020 - Matej Cepl + +- Add CVE-2019-20907_tarfile-inf-loop.patch fixing bsc#1174091 + (CVE-2019-20907, bpo#39017) avoiding possible infinite loop + in specifically crafted tarball. + Add recursion.tar as a testing tarball for the patch. + +------------------------------------------------------------------- +Fri Jul 17 07:07:19 UTC 2020 - Callum Farmer + +- Changed bpo-31046_ensurepip_honours_prefix.patch to include fix from py3.8 + +------------------------------------------------------------------- +Thu Jul 16 21:45:50 UTC 2020 - Callum Farmer + +- Spec file fixes +- Re-added subprocess-raise-timeout.patch: now compatible +- Removed bpo34022-stop_hash-based_invalidation_w_SOURCE_DATE_EPOCH.patch: contained in upstream + +------------------------------------------------------------------- +Wed Jul 15 09:10:42 UTC 2020 - Tomáš Chvátal + +- Fix minor issues found in the staging. + +------------------------------------------------------------------- +Wed Jul 15 06:13:33 UTC 2020 - Tomáš Chvátal + +- Do not set ourselves as primary interpreter + +------------------------------------------------------------------- +Tue Jul 14 20:45:11 UTC 2020 - Matej Cepl + +- Update to 3.9.0b4: + - PEP 584, Union Operators in dict + - PEP 585, Type Hinting Generics In Standard Collections + - PEP 593, Flexible function and variable annotations + - PEP 602, Python adopts a stable annual release cadence + - PEP 615, Support for the IANA Time Zone Database in the + Standard Library + - PEP 616, String methods to remove prefixes and suffixes + - PEP 617, New PEG parser for CPython + - bpo#38379, garbage collection does not block on resurrected + objects; + - bpo#38692, os.pidfd_open added that allows process + management without races and signals; + - bpo#39926, Unicode support updated to version 13.0.0; + - bpo#1635741, when Python is initialized multiple times in + the same process, it does not leak memory anymore; + - A number of Python builtins (range, tuple, set, frozenset, + list, dict) are now sped up using PEP 590 vectorcall; + - A number of Python modules (_abc, audioop, _bz2, _codecs, + _contextvars, _crypt, _functools, _json, _locale, operator, + resource, time, _weakref) now use multiphase initialization + as defined by PEP 489; + - A number of standard library modules (audioop, ast, grp, + _hashlib, pwd, _posixsubprocess, random, select, struct, + termios, zlib) are now using the stable ABI defined by + PEP 384. +- Remove upstreamed patches: + - F00102-lib64.patch + - SUSE-FEDORA-multilib.patch + - OBS_dev-shm.patch + - subprocess-raise-timeout.patch + - bpo36302-sort-module-sources.patch + - bpo40784-Fix-sqlite3-deterministic-test.patch + +------------------------------------------------------------------- +Fri Jul 10 10:55:15 UTC 2020 - Tomáš Chvátal + +- Update pre_checkin.sh and regenerate + +------------------------------------------------------------------- +Fri Jul 10 10:11:39 UTC 2020 - Tomáš Chvátal + +- Convert few dependencies to their pkgconfig counterparts + +------------------------------------------------------------------- +Fri Jul 10 10:08:48 UTC 2020 - Tomáš Chvátal + +- Remove release requirement on libpython, it is not really needed + to be equal as the abi changes with versions + +------------------------------------------------------------------- +Fri Jul 10 10:07:50 UTC 2020 - Tomáš Chvátal + +- Add provides python3-bla on all the subpkgs in case we are + primary provider of the functionality + +------------------------------------------------------------------- +Fri Jul 10 10:02:01 UTC 2020 - Tomáš Chvátal + +- Remove unversioned files from devel subpkg too +- Remove main python3 files from -base based whether we are + primary interpreter or not +- Fix idle to be co-installable +- Add condition to be primary to provide/obsolete python3-* +- Fix doc to build in versioned folder so the pythons can be + installed next to each other + +------------------------------------------------------------------- +Fri Jul 10 07:57:10 UTC 2020 - Tomáš Chvátal + +- Revert the full versioning of calls on the macros. These + are generic so they should really just call python3 X + +------------------------------------------------------------------- +Fri Jul 10 07:56:11 UTC 2020 - Tomáš Chvátal + +- For the doc package we can build with generic flavor, we don't + need the our-interpreter based one + +------------------------------------------------------------------- +Fri Jul 10 07:18:53 UTC 2020 - Tomáš Chvátal + +- Add provides for pytohn3X-typing/etc to allow BR on those still + to work when needed + +------------------------------------------------------------------- +Fri Jul 10 07:14:33 UTC 2020 - Tomáš Chvátal + +- Change macros.python3 to use full versioned 3.8 instead of just 3 + for python interpreter + +------------------------------------------------------------------- +Wed Jul 1 11:50:19 UTC 2020 - Tomáš Chvátal + +- Reduce some now unused conditionals + +------------------------------------------------------------------- +Wed Jul 1 11:00:40 UTC 2020 - Tomáš Chvátal + +- Redux the -base dependencies to match up pre-merge layout + +------------------------------------------------------------------- +Wed Jul 1 09:24:39 UTC 2020 - Tomáš Chvátal + +- Generate baselibs in pre-checkin too + +------------------------------------------------------------------- +Wed Jul 1 09:14:33 UTC 2020 - Tomáš Chvátal + +- Generate the importlib-failed using pre_checking again +- Add back the information about skipped tests on the pre_checkin + output + +------------------------------------------------------------------- +Tue Jun 30 07:11:19 UTC 2020 - Tomáš Chvátal + +- Use %python_pkg_name instead of hardcoding python3 where + applicable +- Sort out preamble with spec-cleaner + +------------------------------------------------------------------- +Mon Jun 29 14:36:10 UTC 2020 - Matej Cepl + +- Calculate required variables instead of relying on their continuous manual update + +------------------------------------------------------------------- +Thu Jun 25 10:44:08 UTC 2020 - Tomáš Chvátal + +- Fix the -base module build again to generate only the deps + we need + +------------------------------------------------------------------- +Wed Jun 17 18:42:51 UTC 2020 - Matej Cepl + +- Replace OBS_dev-shm.patch with the upstream PR#20944 + +------------------------------------------------------------------- +Thu Jun 10 14:30:15 UTC 2020 - Tomáš Chvátal + +- Use the %{python_pkg_name} on more places to allow easier + multiversioning +- Switch to _multibuild approach for easier maintenance of this + package. All is now in one spec file with 3 conditionals: + * bcond_with base + * bcond_with doc + * bcond_with general + +------------------------------------------------------------------- +Mon Jun 8 14:26:00 UTC 2020 - Matej Cepl + +- add requires python3-base on libpython subpackage (bsc#1167008) + +------------------------------------------------------------------- +Fri Jun 5 06:08:12 UTC 2020 - Dirk Mueller + +- build against Sphinx 2.x until python is compatible with + Sphinx 3.x (see gh#python/cpython#19397, bpo#40204) + +------------------------------------------------------------------- +Fri May 29 19:59:01 UTC 2020 - Andreas Stieger + +- Fix build with SQLite 3.32 (bpo#40783) + add bpo40784-Fix-sqlite3-deterministic-test.patch + +------------------------------------------------------------------- +Sun May 17 15:37:35 UTC 2020 - Callum Farmer + +- Update to version 3.8.3: + - Complete list of changes is available at + https://docs.python.org/release/3.8.3/whatsnew/changelog.html#python-3-8-3-final, + but most of them are just bugfixes. + - Removed patch CVE-2020-8492-urllib-ReDoS.patch: contained in upstream + +------------------------------------------------------------------- +Thu Apr 16 12:06:01 UTC 2020 - Matej Cepl + +- Add #!BuildIgnore: gdk-pixbuf-loader-rsvg to python3 SPEC + +------------------------------------------------------------------- +Thu Mar 26 15:36:55 UTC 2020 - Matej Cepl + +- Add patch bsc1167501-invalid-alignment.patch + (bsc#1167501, bpo#40052) to fix alignment in abstract.h header file. + +------------------------------------------------------------------- +Wed Mar 11 11:09:41 UTC 2020 - Andreas Schwab + +- Update list of skipped tests for qemu linux-user build, test_setegid + (test.test_os.PosixUidGidTests) is confusing it + +------------------------------------------------------------------- +Thu Mar 5 18:40:29 UTC 2020 - Matej Cepl + +- Update to 3.8.2: + - Complete list of changes is available at + https://docs.python.org/release/3.8.2/whatsnew/changelog.html#python-3-8-2-final, + but most of them are just bugfixes. + - Updated patches: + - F00102-lib64.patch + - OBS_dev-shm.patch + - SUSE-FEDORA-multilib.patch + - subprocess-raise-timeout.patch + +------------------------------------------------------------------- +Sun Feb 9 00:14:24 CET 2020 - Matej Cepl + +- Add CVE-2020-8492-urllib-ReDoS.patch fixing the security bug + "Python urrlib allowed an HTTP server to conduct Regular + Expression Denial of Service (ReDoS)" (bsc#1162367) + +------------------------------------------------------------------- +Sat Feb 8 22:21:10 CET 2020 - Matej Cepl + +- Add Requires: libpython%{so_version} == %{version}-%{release} + to python3-base to keep both packages always synchronized + (bsc#1162224). + +------------------------------------------------------------------- +Mon Feb 3 20:27:54 UTC 2020 - Tomáš Chvátal + +- Do not pull in bluez in base again, explain the cycle, + it needs to be solved by bluez maintainer for us by providing + just the headers separately + +------------------------------------------------------------------- +Mon Feb 3 19:54:25 UTC 2020 - Tomáš Chvátal + +- Reame idle icons to idle3 in order to not conflict with python2 + variant of the package + * renamed the icons + * renamed icon load in desktop file + +------------------------------------------------------------------- +Thu Jan 16 09:50:03 UTC 2020 - Tomáš Chvátal + +- Add importlib_resources provide/obsolete as it is integral + part of the lang since 3.7 release + +------------------------------------------------------------------- +Mon Jan 13 11:10:47 UTC 2020 - Martin Liška + +- Add -fno-semantic-interposition as it brings speed up: + https://fedoraproject.org/wiki/Changes/PythonNoSemanticInterpositionSpeedup + +------------------------------------------------------------------- +Thu Dec 19 16:25:26 CET 2019 - Matej Cepl + +- Update to 3.8.1: + - This is mainly bugfix release and no significant changes to + API are expected. The full changelog is available on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-1 + - Remove bpo-38688_shutil.copytree_prevent-infinite-recursion.patch, + which is included in the upstream tarball. + +------------------------------------------------------------------- +Thu Dec 19 14:57:32 CET 2019 - Matej Cepl + +- Add bpo-31046_ensurepip_honours_prefix.patch which makes + ensurepip to honour the value of $(prefix). Proposed fix for + bpo#31046.. + +------------------------------------------------------------------- +Tue Dec 10 11:07:16 UTC 2019 - Tomáš Chvátal + +- Move bluez-devel dependency to base as it is needed for + socket.AF_BLUETOOTH and otherwise does not work + +------------------------------------------------------------------- +Mon Dec 2 16:52:32 CET 2019 - Matej Cepl + +- Reintroduce QtHelp with the help of the new BR + python-sphinxcontrib-qthelp. + +------------------------------------------------------------------- +Mon Oct 21 18:51:00 UTC 2019 - Stefan Brüns + +- Fix SUSE-FEDORA-multilib.patch, the platform agnostic infix for + library installation is "lib", not "dir". + +------------------------------------------------------------------- +Thu Oct 17 14:19:20 UTC 2019 - Stefan Brüns + +- Move idle subpackage build from python3-base to python3. + appstream-glib required for packaging introduces considerable + extra dependencies and a build loop via rust/librsvg. +- Correct installation of idle IDE icons: + + idle.png is not the target directory + + non-GNOME-specific icons belong into icons/hicolor +- Add required Name key to idle3 desktop file + +------------------------------------------------------------------- +Tue Oct 15 16:39:12 CEST 2019 - Matej Cepl + +- Update to the final release 3.8.0. . + - New Features: + - Assignment expressions + - Positional-only parameters + - Parallel filesystem cache for compiled bytecode files + - Debug build uses the same ABI as release build + - f-strings support = for self-documenting expressions and + debugging + - PEP 578: Python Runtime Audit Hooks + - PEP 587: Python Initialization Configuration + - Vectorcall: a fast calling protocol for CPython + - Pickle protocol 5 with out-of-band data buffers + - New modules: + - importlib.metadata + - Improved modules: + - ast asyncio, builtins, collections, curses, ctypes, + datetime, functools, gc, gettext, gzip, idelib and IDLE, + inspect, io, json.tool, math, mmap, multiprocessing, os, + os.path, pathlib, pickle, plistlib, py_compile, shlex, + shutil, socket, ssl, statistics, sys, tarfile, threading, + tokenize, tkinter, time, typing, unicodedata, unittest, + venv, weakref, xml + - C API improvements + - bdist_winnst command has been deprecated (use bdist_wheel) +- https://docs.python.org/3.8/whatsnew/3.8.html remains rest of + changes including documentation on how to port your programs to + the current version of Python. + +------------------------------------------------------------------- +Mon Oct 14 15:02:08 CEST 2019 - Matej Cepl + +- Add idle3.appdata.xml and idle3.desktop (originally from + Fedora) to make Idle3 full GUI desktop application. + (bsc#1153830) + +------------------------------------------------------------------- +Wed Oct 9 19:09:16 UTC 2019 - Michael Gorse + +- Drop intltool from BuildRequires. Doesn't appear to be used. + +------------------------------------------------------------------- +Wed Oct 9 10:37:59 UTC 2019 - Tomáš Chvátal + +- Add folder version to allow tarball downloads even for beta/rc + releases + +------------------------------------------------------------------- +Tue Oct 8 14:53:54 CEST 2019 - Matej Cepl + +- Revert patches from Fedora (F00102-lib64.patch and + F00251-change-user-install-location.patch) into their original + prisitine Fedora versions, SUSE-FEDORA-multilib.patch refreshed + accordingly. + +------------------------------------------------------------------- +Mon Oct 7 14:33:30 UTC 2019 - Matej Cepl + +- Correct quotation of platsubdir in Lib/distutils/command/install.py + +------------------------------------------------------------------- +Thu Oct 3 13:59:57 CEST 2019 - Matej Cepl + +- Replace python-3.6.0-multilib.patch with two patches from + Fedora (F00102-lib64.patch and + F00251-change-user-install-location.patch), and our own + SUSE-FEDORA-multilib.patch to allow better cooperation with + Fedora and better upstreaming. +- Add OBS_dev-shm.patch fixing bpo#38377 + +------------------------------------------------------------------- +Thu Oct 3 08:39:18 UTC 2019 - Tomáš Chvátal + +- Pull in just gettext and let solver to sort out between: + gettext-runtime-mini and gettext-runtime + +------------------------------------------------------------------- +Wed Oct 2 15:00:09 CEST 2019 - Matej Cepl + +- Update to 3.8.0rc1. Overall changes from 3.7: + - PEP 572, Assignment expressions + - PEP 570, Positional-only arguments + - PEP 587, Python Initialization Configuration (improved + embedding) + - PEP 590, Vectorcall: a fast calling protocol for CPython + - PEP 578, Runtime audit hooks + - PEP 574, Pickle protocol 5 with out-of-band data + - Typing-related: PEP 591 (Final qualifier), PEP 586 (Literal + types), and PEP 589 (TypedDict) + - Parallel filesystem cache for compiled bytecode + - Debug builds share ABI as release builds, also the 'm' ABI + tag was removed (irrelevant since 3.4), bpo#36707 + - f-strings support a handy = specifier for debugging + - continue is now legal in finally: blocks + - on Windows, the default asyncio event loop is now + ProactorEventLoop + - on macOS, the spawn start method is now used by default in + multiprocessing + - multiprocessing can now use shared memory segments to avoid + pickling costs between processes + - typed_ast is merged back to CPython + - LOAD_GLOBAL is now 40% faster + - pickle now uses Protocol 4 by default, improving performance +- Refreshed patches: + - CVE-2019-5010-null-defer-x509-cert-DOS.patch + - python-3.3.0b1-fix_date_time_compiler.patch + - python-3.6.0-multilib.patch + - subprocess-raise-timeout.patch + +------------------------------------------------------------------- +Wed Sep 25 09:46:41 UTC 2019 - Bernhard Wiedemann + +- Add bpo36302-sort-module-sources.patch (boo#1041090) + +------------------------------------------------------------------- +Tue Sep 10 13:43:18 UTC 2019 - Tomáš Chvátal + +- Try harder obsoleting importlib-metadata + +------------------------------------------------------------------- +Sat Aug 31 00:16:47 CEST 2019 - Matej Cepl + +- Update to 3.8.0b4: + Many bugfixes, full list on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-0-beta-4 + +------------------------------------------------------------------- +Thu Aug 29 06:28:15 UTC 2019 - Guillaume GARDET + +- Re-enable test_threading on aarch64 + +------------------------------------------------------------------- +Sat Aug 17 13:21:15 UTC 2019 - John Vandenberg + +- Remove xrpm from subpackage tk description + +------------------------------------------------------------------- +Tue Aug 6 14:24:55 CEST 2019 - Matej Cepl + +- Update to 3.8.0b3: + Many bugfixes, full list on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-0-beta-3 +- Patches reapplied: + - python-3.3.0b1-fix_date_time_compiler.patch + - python-3.3.0b1-test-posix_fadvise.patch + - python-3.6.0-multilib.patch + - subprocess-raise-timeout.patch + +------------------------------------------------------------------- +Tue Jul 23 13:20:49 UTC 2019 - Matej Cepl + +- Add Provides: python3-importlib-metadata + +------------------------------------------------------------------- +Sun Jul 7 19:08:48 CEST 2019 - Matej Cepl + +- Update to 3.8.0b2: + Many bugfixes, full list on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-0-beta-2 +- Patches included in upstream: + - bpo-37169_PyObject_IsFreed.patch +- Patches reapplied: + - 00251-change-user-install-location.patch + - distutils-reproducible-compile.patch + - python-3.3.0b1-localpath.patch + - python-3.6.0-multilib.patch + +------------------------------------------------------------------- +Tue Jul 2 09:03:04 UTC 2019 - Andreas Schwab + +- Update list of skipped tests for qemu linux-user build +- Don't do profiling in qemu linux-user build + +------------------------------------------------------------------- +Wed Jun 5 12:19:09 CEST 2019 - Matej Cepl + +- Update to 3.8.0b1 (changes since 3.7.*): + - PEP 572, Assignment expressions + - PEP 570, Positional-only arguments + - PEP 587, Python Initialization Configuration (improved embedding) + - PEP 590, Vectorcall: a fast calling protocol for CPython + - PEP 578, Runtime audit hooks + - PEP 574, Pickle protocol 5 with out-of-band data + - Typing-related: PEP 591 (Final qualifier), PEP 586 (Literal + types), and PEP 589 (TypedDict) + - Parallel filesystem cache for compiled bytecode + - Debug builds share ABI as release builds + - f-strings support a handy = specifier for debugging + - continue is now legal in finally: blocks + - multiprocessing can now use shared memory segments to avoid + pickling costs between processes + - typed_ast is merged back to CPython + - LOAD_GLOBAL is now 40% faster + - pickle now uses Protocol 4 by default, improving performance +- Remove patches which were included in the upstream: + - 00251-change-user-install-location.patch + - 00316-mark-bdist_wininst-unsupported.patch + - CVE-2019-9947-no-ctrl-char-http.patch + - raise_SIGING_not_handled.patch + +------------------------------------------------------------------- +Wed May 22 10:53:03 UTC 2019 - Martin Liška + +- Set _lto_cflags to nil as the package is using LTO via --enable-lto. + That will prevent to propage LTO for Python modules that are + built in a separate package. + +------------------------------------------------------------------- +Sat May 4 21:29:20 CEST 2019 - Matej Cepl + +- Update to 3.8.0.a3: + - PEP 572: Assignment Expressions. + - Other (mostly small) changes are on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-0-alpha-3 + +------------------------------------------------------------------- +Mon Apr 29 15:40:34 CEST 2019 - Matej Cepl + +- bsc#1130840 (CVE-2019-9947): add CVE-2019-9947-no-ctrl-char-http.patch + Address the issue by disallowing URL paths with embedded + whitespace or control characters through into the underlying + http client request. Such potentially malicious header + injection URLs now cause a ValueError to be raised. + +------------------------------------------------------------------- +Wed Apr 10 10:22:58 CEST 2019 - Matej Cepl + +- Fix metadata of patches. +- Rename boo1071941-make-install-in-sep-loc.patch to + 00251-change-user-install-location.patch which is the original + name, so it can be looked up in the Fedora VCS. + +------------------------------------------------------------------- +Tue Apr 9 04:55:24 UTC 2019 - John Vandenberg + +- Mark distutils bdist_wininst command unsupported + with 00316-mark-bdist_wininst-unsupported.patch +- Remove Windows bdist_wininst executables from runtime package + +------------------------------------------------------------------- +Tue Apr 9 01:21:45 CEST 2019 - Matej Cepl + +- Update to 3.7.3, which is the maintenance release without any + significant changes in API. + - Updated patches: + - CVE-2019-5010-null-defer-x509-cert-DOS.patch + - distutils-reproducible-compile.patch + - python-3.3.0b1-fix_date_time_compiler.patch + - python-3.6.0-multilib.patch + - raise_SIGING_not_handled.patch + +------------------------------------------------------------------ +Wed Mar 20 14:59:58 UTC 2019 - Matěj Cepl + +- Remove building of Qt Develop help files. + +------------------------------------------------------------------- +Fri Mar 15 15:10:30 CET 2019 - Matej Cepl + +- Return distutils-reproducible-compile.patch which is still + missing (still unfinished bpo#29708). + +------------------------------------------------------------------- +Mon Feb 25 23:30:56 CET 2019 - Matej Cepl + +- Update to 3.8.0a2: + * List of all (mostly small) changes are on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-0-alpha-2 + +------------------------------------------------------------------- +Tue Feb 12 10:25:52 CET 2019 - Matej Cepl + +- Build nis module again. + +------------------------------------------------------------------- +Tue Feb 12 10:06:17 CET 2019 - Matej Cepl + +- Update to 3.8.0a1: + * The most visible change so far is probably the + implementation of PEP 572: Assignment Expressions. For + a detailed list of changes, see: + https://docs.python.org/3.8/whatsnew/changelog.html + * Recover building of nis module properly in python3 package +- Update patches: + * CVE-2019-5010-null-defer-x509-cert-DOS.patch + * python-3.3.0b1-fix_date_time_compiler.patch + * python-3.3.0b1-test-posix_fadvise.patch + * python-3.6.0-multilib.patch + * raise_SIGING_not_handled.patch + +------------------------------------------------------------------- +Wed Jan 30 18:07:49 CET 2019 - mcepl@suse.com + +- Put LICENSE file where it belongs (bsc#1121852) + +------------------------------------------------------------------- +Sat Jan 19 16:19:38 CET 2019 - mcepl@suse.com + +- bsc#1122191: add CVE-2019-5010-null-defer-x509-cert-DOS.patch + fixing bpo-35746. + An exploitable denial-of-service vulnerability exists in the + X509 certificate parser of Python.org Python 2.7.11 / 3.7.2. + A specially crafted X509 certificate can cause a NULL pointer + dereference, resulting in a denial of service. An attacker can + initiate or accept TLS connections using crafted certificates + to trigger this vulnerability. + +------------------------------------------------------------------- +Tue Jan 8 12:51:01 UTC 2019 - Tomáš Chvátal + +- Do not require full gettext in order to avoid pulling in the + glib2 as a dependency + +------------------------------------------------------------------- +Tue Jan 8 12:25:27 UTC 2019 - Tomáš Chvátal + +- Update to 3.7.2: + * bugfix release: + https://docs.python.org/3.7/whatsnew/changelog.html#changelog + +------------------------------------------------------------------- +Wed Jan 2 12:51:48 CET 2019 - mcepl@suse.com + +- Stop applying python-3.6.0-multilib-new.patch (which is still + WIP), and apply the old proven python-3.6.0-multilib.patch + instead. + +------------------------------------------------------------------- +Wed Dec 19 19:29:44 UTC 2018 - Todd R + +- Use upstream-recommended %{_rpmconfigdir}/macros.d directory + for the rpm macros. + +------------------------------------------------------------------- +Mon Dec 17 17:24:49 CET 2018 - mcepl@suse.com + +- Upgrade to 3.7.2rc1: + * bugfix release, for the full list of all changes see + https://docs.python.org/3.7/whatsnew/changelog.html#changelog +- Make run of the test suite more verbose + +------------------------------------------------------------------- +Tue Dec 11 01:52:45 UTC 2018 - Jan Engelhardt + +- Write summaries without em dashes. + +------------------------------------------------------------------- +Mon Dec 3 13:27:54 UTC 2018 - Matěj Cepl + +- Remove python-3.3.0b1-curses-panel.patch it is unnecessary anymore. +- Add boo1071941-make-install-in-sep-loc.patch to make pip and + distutils in user environment install into separate location + (boo#1071941) + + Set values of prefix and exec_prefix in distutils install + command to /usr/local if executable is /usr/bin/python* and RPM + build is not detected to make pip and distutils install into + separate location +- Remove finally python-3.3.3-skip-distutils-test_sysconfig_module.patch +- Remove distutils-reproducible-compile.patch which doesn't make + really much difference in reproducibility (see + gh#python/cpython#8057 and discussion there). + +------------------------------------------------------------------- +Sat Dec 1 00:14:28 CET 2018 - mcepl@suse.com + +- Rename Stop_hash-based_invalidation_w_SOURCE_DATE_EPOCH.patch + to bpo34022-stop_hash-based_invalidation_w_SOURCE_DATE_EPOCH.patch + +------------------------------------------------------------------- +Wed Nov 7 12:10:41 CET 2018 - mcepl@suse.com + +- Add dependency on bluez-devel to build support for Bluetooth + (boo#1109998) + +------------------------------------------------------------------- +Tue Nov 6 13:52:45 CET 2018 - mcepl@suse.com + +- Add devhelp subpackage and split qthelp into another + subpackage. + +------------------------------------------------------------------- +Wed Oct 24 12:38:00 UTC 2018 - Matěj Cepl + +- Remove python-3.0b1-record-rpm.patch and + Python-3.0b1-record-rpm.patch, as they are not needed anymore + +------------------------------------------------------------------- +Tue Oct 23 14:14:16 UTC 2018 - Matej Cepl + +- Switch off test_threading for optimization builds. + +------------------------------------------------------------------- +Mon Oct 22 14:41:59 CEST 2018 - mcepl@suse.com + +- Update to python-3.7.1. This is just a brief overview, complete + changelog available at + https://docs.python.org/3.7/whatsnew/changelog.html#python-3-7-1-final: + Library + bpo-34970: Protect tasks weak set manipulation in asyncio.all_tasks() +- Patches already accepted upstream are removed: + * 00307-allow-to-call-Py_Main-after-Py_Initialize.patch + * 00308-tls-1.3.patch +- New patches added: + * Stop_hash-based_invalidation_w_SOURCE_DATE_EPOCH.patch + * raise_SIGING_not_handled.patch +- All other patches refreshed via quilt. + +------------------------------------------------------------------- +Mon Oct 22 12:22:19 UTC 2018 - Matej Cepl + +- Add raise_SIGING_not_handled.patch to fix bsc#1094814 + +------------------------------------------------------------------- +Wed Oct 17 14:04:35 UTC 2018 - Tomáš Chvátal + +- Add patch to fix importlib return types: + * python3-imp-returntype.patch + +------------------------------------------------------------------- +Mon Oct 15 13:46:32 CEST 2018 - mcepl@suse.com + +- bpo-34022 still not completely fixed, so we have to keep + excluding test_cmd_line_script, + test_multiprocessing_main_handling, and test_runpy from the + test suite. + +------------------------------------------------------------------- +Sun Oct 14 15:57:24 UTC 2018 - Matej Cepl + +- Update to python 3.7.1~rc2: + Core and Builtins + bpo-34879: Fix a possible null pointer dereference in + bytesobject.c. Patch by Zackery Spytz. + bpo-34854: Fixed a crash in compiling string annotations + containing a lambda with a keyword-only argument that + doesn’t have a default value. + bpo-34320: Fix dict(od) didn’t copy iteration order of + OrderedDict. + Library + bpo-34769: Fix for async generators not finalizing when event + loop is in debug mode and garbage collector runs in another + thread. + bpo-34922: Fixed integer overflow in the digest() and + hexdigest() methods for the SHAKE algorithm in the hashlib + module. + bpo-34900: Fixed unittest.TestCase.debug() when used to call + test methods with subtests. Patch by Bruno Oliveira. + bpo-34871: Fix inspect module polluted sys.modules when parsing + __text_signature__ of callable. + bpo-34872: Fix self-cancellation in C implementation of + asyncio.Task + bpo-34819: Use a monotonic clock to compute timeouts in + Executor.map() and as_completed(), in order to prevent + timeouts from deviating when the system clock is adjusted. + bpo-34334: In QueueHandler, clear exc_text from LogRecord to + prevent traceback from being written twice. + bpo-6721: Acquire the logging module’s commonly used internal + locks while fork()ing to avoid deadlocks in the child + process. + bpo-34172: Fix a reference issue inside multiprocessing.Pool + that caused the pool to remain alive if it was deleted + without being closed or terminated explicitly. + Documentation + bpo-32174: chm document displays non-ASCII charaters properly on + some MBCS Windows systems. + Tests + bpo-32962: Fixed test_gdb when Python is compiled with flags + -mcet -fcf-protection -O0. + C API + bpo-34910: Ensure that PyObject_Print() always returns -1 on + error. Patch by Zackery Spytz. + +------------------------------------------------------------------- +Fri Oct 12 20:46:58 CEST 2018 - mcepl@suse.com + +- Add Stop_hash-based_invalidation_w_SOURCE_DATE_EPOCH.patch to + fix problems with SOURCE_DATE_EPOCH variable (bpo-34022) + +------------------------------------------------------------------- +Mon Sep 17 09:44:02 UTC 2018 - Tomáš Chvátal + +- Add patch to fix build with tls1.3 supported openssl + * 00308-tls-1.3.patch +- Add patch to fix Py_Main calls after Py_initialize + * 00307-allow-to-call-Py_Main-after-Py_Initialize.patch + +------------------------------------------------------------------- +Mon Sep 3 15:22:42 UTC 2018 - Matěj Cepl + +- Add -fwrapv to OPTS, which is default for python3 anyway + See for example https://github.com/zopefoundation/persistent/issues/86 + for bugs which are caused by avoiding it. + +------------------------------------------------------------------- +Tue Jul 10 11:12:32 UTC 2018 - mcepl@suse.com + +- Fix ownership of _contextvars, _queue, and _xxtestfuzz + +------------------------------------------------------------------- +Tue Jul 3 15:04:48 UTC 2018 - mcepl@suse.com + +- Switch off LTO for distros with older GCC +- Fix %files + +------------------------------------------------------------------- +Fri Jun 29 14:20:03 UTC 2018 - tchvatal@suse.com + +- Add dependency over libuuid-devel + +------------------------------------------------------------------- +Thu Jun 28 10:42:15 UTC 2018 - mimi.vx@gmail.com + +- update to python 3.7.0 + Complete overview of changes is available on + https://docs.python.org/3/whatsnew/3.7.html, these are just + highlights: + * PEP 563, postponed evaluation of type annotations. + * async and await are now reserved keywords. + * New library modules: + contextvars: PEP 567 – Context Variables + dataclasses: PEP 557 – Data Classes + importlib.resources + * New built-in features: + PEP 553, the new breakpoint() function. + * Python data model improvements: + PEP 562, customization of access to module attributes. + PEP 560, core support for typing module and generic types. + the insertion-order preservation nature of dict objects + has been declared to be an official part of the Python + language spec. + * Significant improvements in the standard library: + The asyncio module has received new features, significant + usability and performance improvements. + The time module gained support for functions with + nanosecond resolution. + * CPython implementation improvements: + Avoiding the use of ASCII as a default text encoding: + PEP 538, legacy C locale coercion + PEP 540, forced UTF-8 runtime mode + PEP 552, deterministic .pycs + the new development runtime mode + PEP 565, improved DeprecationWarning handling + * C API improvements: + PEP 539, new C API for thread-local storage + * Documentation improvements: + PEP 545, Python documentation translations + New documentation translations: Japanese, French, and Korean. +- drop python3-sorted_tar.patch +- drop 0001-allow-for-reproducible-builds-of-python-packages.patch +- refresh python-3.6.0-multilib-new.patch +- refresh subprocess-raise-timeout.patch + * new C API for thread-local storage + * Deterministic pyc files + * Built-in breakpoint() + * Data Classes + * Core support for typing module and generic types + * Customization of access to module attributes + * Postponed evaluation of annotations + * Time functions with nanosecond resolution + * Improved DeprecationWarning handling + * Context Variables + * Avoiding the use of ASCII as a default text encoding + (PEP 538, legacy C locale coercion and PEP 540, forced UTF-8 runtime mode) + * The insertion-order preservation nature of dict objects is now + an official part of the Python language spec. + * Notable performance improvements in many areas. + +------------------------------------------------------------------- +Thu May 17 18:26:42 UTC 2018 - hpj@urpla.net + +- disable lto with gcc versions below 7 (results in link failures) + +------------------------------------------------------------------- +Mon Apr 30 15:23:24 UTC 2018 - jengelh@inai.de + +- Use faster find subcommand execution strategies. + +------------------------------------------------------------------- +Fri Apr 20 16:17:29 UTC 2018 - tchvatal@suse.com + +- Do not mention the testsuite disabling in opts as it was moved to + main pkg so base is test-free + +------------------------------------------------------------------- +Tue Apr 17 08:36:08 UTC 2018 - tchvatal@suse.com + +- As we run in main python package do not generate the pre_checkin + from both now + +------------------------------------------------------------------- +Mon Apr 16 14:11:56 UTC 2018 - tchvatal@suse.com + +- Move the tests from base to generic package wrt bsc#1088573 + * We still fail the whole distro if python3 is not build + * The other archs than x86_64 took couple of hours to unblock + build of other software, this way we work around the issue +- Some tests are still run in -base for the LTO tweaking, but at + least it is not run twice + +------------------------------------------------------------------- +Sat Mar 31 19:41:12 UTC 2018 - mimi.vx@gmail.com + +- update to 3.6.5 + * bugfix release + * see Misc/NEWS for details +- drop ctypes-pass-by-value.patch +- drop fix-localeconv-encoding-for-LC_NUMERIC.patch +- refresh python-3.6.0-multilib-new.patch + +------------------------------------------------------------------ +Wed Mar 7 09:16:39 UTC 2018 - adam@mizerski.pl + +- Created %so_major and %so_minor macros +- Put Tools/gdb/libpython.py script into proper place and ship it with devel + subpackage. + +------------------------------------------------------------------- +Tue Feb 20 15:04:56 UTC 2018 - schwab@suse.de + +- ctypes-pass-by-value.patch: Fix pass by value for structs on aarch64 + +------------------------------------------------------------------- +Tue Feb 20 14:28:00 UTC 2018 - bwiedemann@suse.com + +- Add python3-sorted_tar.patch (boo#1081750) + +------------------------------------------------------------------- +Tue Feb 20 14:08:57 UTC 2018 - tchvatal@suse.com + +- Drop python3-tk and python3-idle recommends to reduce python3 + always pulling X stack bsc#1081751 + +------------------------------------------------------------------- +Wed Feb 7 09:10:03 UTC 2018 - tchvatal@suse.com + +- Add patch to fix glibc 2.27 fail bsc#1079761: + * fix-localeconv-encoding-for-LC_NUMERIC.patch + +------------------------------------------------------------------- +Mon Feb 5 17:14:43 UTC 2018 - normand@linux.vnet.ibm.com + +- Update skip_random_failing_tests.patch (for PowerPC) + to avoid test_call_later failure + +------------------------------------------------------------------- +Wed Jan 24 14:35:58 UTC 2018 - jmatejek@suse.com + +- move XML modules and python3-xml provide to python3-base + (fixes bsc#1077230) +- move ensurepip to base + +------------------------------------------------------------------- +Thu Jan 18 12:31:47 UTC 2018 - normand@linux.vnet.ibm.com + +- Add skip_random_failing_tests.patch only for PowerPC + +------------------------------------------------------------------- +Wed Jan 3 12:18:51 UTC 2018 - jmatejek@suse.com + +- update to 3.6.4 + * bugfix release, over a hundred bugs fixed + * see Misc/NEWS for details +- drop upstreamed python3-ncurses-6.0-accessors.patch +- drop PYTHONSTARTUP hooks that cause spurious startup errors + * fixes bsc#1070738 + * the relevant feature (REPL history) is now built into Python itself + +------------------------------------------------------------------- +Sat Dec 2 11:11:46 UTC 2017 - dimstar@opensuse.org + +- Install 2to3-%{python_version} executable (override defattr of + the -tools package). 2to3 (unversioned) is a symlink and does not + carry permissions (bsc#1070853). + +------------------------------------------------------------------- +Thu Nov 16 11:02:18 UTC 2017 - mimi.vx@gmail.com + +- move 2to3 to python3-tools package + +------------------------------------------------------------------- +Wed Oct 11 13:15:23 UTC 2017 - jmatejek@suse.com + +- update to 3.6.3 + * bugfix release, over a hundred bugs fixed + * see Misc/NEWS for details +- drop upstreamed 0001-3.6-bpo-30714-ALPN-changes-for-OpenSSL-1.1.0f-3093.patch + +------------------------------------------------------------------- +Wed Sep 20 09:54:05 UTC 2017 - dmueller@suse.com + +- drop python-2.7-libffi-aarch64.patch: this patches the intree + copy of libffi which is unused/deleted in the line afterwards +- fix build against system libffi: include flags weren't set + so it actually used the in-tree libffi headers. + +------------------------------------------------------------------- +Thu Sep 14 13:23:10 UTC 2017 - vcizek@suse.com + +- Fix test broken with OpenSSL 1.1 (bsc#1042670) + * add 0001-3.6-bpo-30714-ALPN-changes-for-OpenSSL-1.1.0f-3093.patch + +------------------------------------------------------------------- +Tue Sep 5 11:47:05 UTC 2017 - jengelh@inai.de + +- Update RPM group for python documentation. + +------------------------------------------------------------------- +Thu Aug 31 08:39:31 UTC 2017 - schwab@suse.de + +- fix missing %{?armsuffix} + +------------------------------------------------------------------- +Wed Aug 30 13:41:38 UTC 2017 - jmatejek@suse.com + +- distutils-reproducible-compile.patch: ensure distutils order files + before compiling, which works around bsc#1049186 + +------------------------------------------------------------------- +Thu Aug 17 08:59:05 CEST 2017 - kukuk@suse.de + +- Add libnsl-devel build requires for glibc obsoleting libnsl + +------------------------------------------------------------------- +Thu Aug 3 16:09:26 UTC 2017 - jmatejek@suse.com + +- update to 3.6.2 + * bugfix release, over a hundred bugs fixed + * see Misc/NEWS for details +- drop upstreamed test-socket-aead-kernel49.patch +- add Provides: python3-typing (fixes bsc#1050653) +- drop duplicate Provides: python3 + +------------------------------------------------------------------- +Mon Jun 26 12:10:07 UTC 2017 - jmatejek@suse.com + +- drop db-devel from requirements + +------------------------------------------------------------------- +Tue Jun 20 09:26:52 UTC 2017 - asn@cryptomilk.org + +- Add missing link to python library in config dir (bsc#1040164) + +------------------------------------------------------------------- +Thu Mar 23 12:42:59 UTC 2017 - jmatejek@suse.com + +- update to 3.6.1 + * bugfix release, over a hundred bugs fixed + * never add import location's parent directory to sys.path + * switch to git for version control, build changes related to that + * fix "failed to get random numbers" on old kernels (bsc#1029902) + * several crashes and memory leaks corrected + * f-string are no longer accepted as docstrings + +------------------------------------------------------------------- +Mon Mar 13 14:04:22 UTC 2017 - jmatejek@suse.com + +- prevent regenerating AST at build-time more robustly +- add "--without profileopt" and "--without testsuite" options to python3-base + to allow short circuiting when working on the package + +------------------------------------------------------------------- +Sat Feb 25 20:55:57 UTC 2017 - bwiedemann@suse.com + +- Add 0001-allow-for-reproducible-builds-of-python-packages.patch + upstream https://github.com/python/cpython/pull/296 + +------------------------------------------------------------------- +Wed Feb 8 12:30:20 UTC 2017 - jmatejek@suse.com + +- reenable test_socket with AEAD patch (test-socket-aead-kernel49.patch) +- reintroduce %py3_soflags macro (and better named %cpython3_soabi equivalent) + +------------------------------------------------------------------- +Wed Jan 11 14:57:07 UTC 2017 - jmatejek@suse.com + +- update to 3.6.0 + * PEP 498 Formated string literals + * PEP 515 Underscores in numeric literals + * PEP 526 Syntax for variable annotations + * PEP 525 Asynchronous generators + * PEP 530 Asynchronous comprehensions + * PEP 506 New "secrets" module for safe key generation + * less memory consumed by dicts + * dtrace and systemtap support + * improved asyncio module + * better defaults for ssl + * new hashing algorithms in hashlib + * bytecode format changed to allow more optimizations + * "async" and "await" are on track to be reserved words + * StopIteration from generators is deprecated + * support for openssl < 1.0.2 is deprecated + * os.urandom now blocks when getrandom() blocks + * huge number of new features, bugfixes and optimizations + * see https://docs.python.org/3.6/whatsnew/3.6.html for details +- rework multilib patch: drop Python-3.5.0-multilib.patch, implement + upstreamable python-3.6.0-multilib-new.patch +- refresh python-3.3.0b1-localpath.patch, subprocess-raise-timeout.patch +- drop upstreamed Python-3.5.1-fix_lru_cache_copying.patch +- finally drop python-2.6b1-canonicalize2.patch that was not applied in source + and only kept around in case we needed it in the future. (which we don't, as it seems) +- update import_failed map and baselibs +- build ctypes against system libffi + (buildrequire libffi-devel in python3-base) +- add new key to keyring (signed by keys already in keyring) +- introduced common configure section between python3 and python3-base +- moved pyconfig.h and Makefile to devel subpackage as distutils no longer + need it at runtime +- added python-rpm-macros dependency, regenerated macros file, drop macros.python3.py + because it is not used now +- improve summaries and descriptions (fixes bsc#917607) +- enabled Link-Time Optimization, see what happens +- including skipped_tests.py in pre_checkin.sh run +- run specs through spec-cleaner, rearrange sections + +------------------------------------------------------------------- +Fri Apr 22 17:20:29 UTC 2016 - jmatejek@suse.com + +- move _hashlib and _ssl modules and tests to python3-base +- recommend python3 + +------------------------------------------------------------------- +Tue Mar 15 15:05:23 UTC 2016 - schwab@suse.de + +- Skip test_asyncio under qemu_user_space_build + +------------------------------------------------------------------- +Mon Mar 7 20:38:11 UTC 2016 - toddrme2178@gmail.com + +- Add Python-3.5.1-fix_lru_cache_copying.patch + Fix copying the lru_cache() wrapper object. + Fixes deep-copying lru_cache regression, which worked on + previous versions of python but fails on python 3.5. + This fixes a bunch of packages in devel:languages:python3. + See: https://bugs.python.org/issue25447 + +------------------------------------------------------------------- +Sun Jan 24 00:44:08 UTC 2016 - arichardson.kde@gmail.com + +- Build the docs in .qch format as well + +------------------------------------------------------------------- +Wed Dec 9 07:35:20 UTC 2015 - toddrme2178@gmail.com + +- update to 3.5.1 + * bugfix-only release, dozens of bugs fixed +- Drop upstreamed Python-3.5.0-_Py_atomic_xxx-symbols.patch +- "Python3" to "Python 3" in summary + * This seems cleaner and fixes and rpmlint warning + +------------------------------------------------------------------- +Wed Oct 14 20:21:52 UTC 2015 - toddrme2178@gmail.com + +- Add Python-3.5.0-_Py_atomic_xxx-symbols.patch + This fixes a build error for many packages that use the Python, + C-API. + This patch is already accepted upstream and is slated to appear in + python 3.5.1. + +------------------------------------------------------------------- +Tue Sep 29 15:53:24 UTC 2015 - jmatejek@suse.com + +- update to 3.5.0 + * coroutines with async/await syntax + * matrix multiplication operator `@` + * unpacking generalizations + * new modules `typing` and `zipapp` + * type annotations + * .pyo files replaced by custom suffixes for optimization levels in __pycache__ + * support for memory BIO in ssl module + * performance improvements in several modules + * and many more +- removals and behavior changes + * deprecated `__version__` is removed + * support for .pyo files was removed + * system calls are auto-retried on EINTR + * bare generator expressions in function calls now cause SyntaxError + (change "f(x for x in i)" to "f((x for x in i))" to fix) + * removed undocumented `format` member of private `PyMemoryViewObject` struct + * renamed `PyMemAllocator` to `PyMemAllocatorEx` +- redefine %dynlib macro to reflect that modules now have arch+os as part of name +- module `time` is now built-in +- dropped upstreamed patches: + python-3.4.1-fix-faulthandler.patch + python-3.4.3-test-conditional-ssl.patch + python-fix-short-dh.patch (also dropped dh2048.pem required for this patch) +- updated patch Python-3.3.0b2-multilib.patch to Python-3.5.0-multilib.patch +- python-ncurses-6.0-accessors.patch taken from python 2 to fix build failure + with new gcc + ncurses + +------------------------------------------------------------------- +Wed Sep 9 11:51:22 UTC 2015 - dimstar@opensuse.org + +- Add python3-ncurses-6.0-accessors.patch: Fix build with + NCurses 6.0 and OPAQUE_WINDOW set to 1. + +------------------------------------------------------------------- +Mon Aug 24 17:02:08 UTC 2015 - jmatejek@suse.com + +- improve import_failed hook to do the right thing when invoking + missing modules with "python3 -m modulename" (boo#942751) + +------------------------------------------------------------------- +Thu Jul 23 22:08:10 UTC 2015 - fisiu@opensuse.org + +- Build with --enable-loadable-sqlite-extensions to make it works + as geospatial database. + +------------------------------------------------------------------- +Wed Jul 1 07:07:26 UTC 2015 - dimstar@opensuse.org + +- Fix source list for previous change (add dh2048.pem). + +------------------------------------------------------------------- +Wed Jun 24 06:54:30 UTC 2015 - meissner@suse.com + +- dh2048.pem: added generated 2048 dh parameter set to fix + ssl test (bsc#935856) +- python-fix-short-dh.patch: replace the 512 bits dh parameter set + by 2048 bits to fix build with new openssl 1.0.2c (bsc#935856) + +------------------------------------------------------------------- +Tue May 19 14:59:30 UTC 2015 - schwab@suse.de + +- ctypes-libffi-aarch64.patch: remove upstreamed patch +- python-2.7-libffi-aarch64.patch: Fix argument passing in libffi for + aarch64 + +------------------------------------------------------------------- +Thu May 14 10:58:36 UTC 2015 - jmatejek@suse.com + +- drop the PDF subpackage + (removes the massive texlive dependency, and most likely nobody is + using the PDFs anyway) + +------------------------------------------------------------------- +Thu May 14 09:53:29 UTC 2015 - jmatejek@suse.com + +- python-3.4.3-test-conditional-ssl.patch - restore tests failing because + test_urllib was unconditionally importing ssl (without really needing it) +- restore functionality of multilib patch +- drop libffi-ppc64le.diff because upstream completely changed everything + yet again (sorry ppc64 folks :| ) + + +------------------------------------------------------------------- +Fri May 1 15:11:21 UTC 2015 - mailaender@opensuse.org + +- Update to version 3.4.3 +- Drop upstreamed CVE-2014-4650-CGIHTTPServer-traversal.patch + (bpo#21766) + +------------------------------------------------------------------- +Wed Mar 25 10:57:28 UTC 2015 - rguenther@suse.com + +- Add python-3.4.1-fix-faulthandler.patch, upstream patch for bogus + faulthandler which fails with GCC 5. + +------------------------------------------------------------------- +Sun Jan 11 13:01:30 UTC 2015 - p.drouand@gmail.com + +- asyncio has been merged in python3 main package; provide and + obsolete it +- Remove obsolete AUTHORS section +- Remove redundant %clean section + +------------------------------------------------------------------- +Sat Oct 18 20:14:54 UTC 2014 - crrodriguez@opensuse.org + +- Only pkgconfig(x11) is required for build, not the whole + set of packages provided by xorg-x11-devel metapackage. + +------------------------------------------------------------------- +Mon Oct 13 13:38:20 UTC 2014 - jmatejek@suse.com + +- add %python3_version rpm macro for Fedora compatibility +- add missing argument in import_failed, rename Novell Bugzilla + to SUSE Bugzilla + +------------------------------------------------------------------- +Thu Jul 31 17:24:59 UTC 2014 - dimstar@opensuse.org + +- Rename rpmlintrc to %{name}-rpmlintrc. + Follow the packaging guidelines. + +------------------------------------------------------------------- +Wed Jul 23 16:31:02 UTC 2014 - jmatejek@suse.com + +- CVE-2014-4650-CGIHTTPServer-traversal.patch: CGIHTTPServer file + disclosure and directory traversal through URL-encoded characters + (CVE-2014-4650, bnc#885882) + +------------------------------------------------------------------- +Tue Jul 22 13:55:57 UTC 2014 - jmatejek@suse.com + +- drop python-3.4.1-SUSE-ensurepip.patch for compatibility reasons, + reinstate bundled copies of pip and setuptools + (fixes bnc#885662) +- add more files as sources to silence the validator + +------------------------------------------------------------------- +Wed May 21 11:01:56 UTC 2014 - jmatejek@suse.com + +- update to 3.4.1 + * bugfix-only release, over 300 bugs fixed +- drop upstreamed python-3.4.0rc2-sqlite-3.8.4-tests.patch +- drop upstreamed CVE-2014-2667-mkdir.patch +- include Python release manager keyring and signature file + for the source archive (thus renumbering of source files) + (see https://www.python.org/download/#openpgp-public-keys ) +- move ensurepip to python3, because it transitively requires ssl + +------------------------------------------------------------------- +Fri Apr 4 16:21:40 UTC 2014 - jmatejek@suse.com + +- CVE-2014-2667-mkdir.patch: race condition with reseting umask + in os.makedirs + (CVE-2014-2667, bnc#871152) +- updated multilib patch to include ~/.local/lib64 (bnc#637176) + +------------------------------------------------------------------- +Wed Mar 26 15:24:46 UTC 2014 - jmatejek@suse.com + +- raise timeout value for test_subprocess to 10s (might fix + intermittent build failures in OBS) + +------------------------------------------------------------------- +Mon Mar 24 17:29:31 UTC 2014 - dmueller@suse.com + +- remove blacklisting of test_posix on aarch64: qemu bug is fixed + +------------------------------------------------------------------- +Mon Mar 17 18:26:58 UTC 2014 - jmatejek@suse.com + +- update to 3.4.0 final +- drop upstreamed python-3.4rc2-importlib.patch + +------------------------------------------------------------------- +Sun Mar 16 16:33:25 UTC 2014 - schwab@suse.de + +- Only build with profile-opt if profiling is enabled +- Update test exclusion lists: + * test_ctypes no longer fails on arm + * test_io no longer fails on ppc* + * test_multiprocessing has been split in multiple tests + * test_posix and test_signal fail due to qemu bugs + +------------------------------------------------------------------- +Fri Mar 14 20:26:03 UTC 2014 - andreas.stieger@gmx.de + +- Fix build with SQLite 3.8.4 [bnc#867887], fixing SQLite tests, + adding python-2.7.6-sqlite-3.8.4-tests.patch + +------------------------------------------------------------------- +Thu Feb 27 14:08:40 UTC 2014 - jmatejek@suse.com + +- update to 3.4.0 rc2 + * pre-release bugfixes + * improvements to asyncio library +- drop upstreamed tracemalloc_gcov.patch +- python-3.4rc2-importlib.patch fixes backwards-incompatibility + in the reworked importlib module that blocks build of vim + +------------------------------------------------------------------- +Fri Jan 17 18:45:27 UTC 2014 - jmatejek@suse.com + +- initial commit of 3.4.0 beta 3 + * new stdlib modules: pathlib, enum, statistics, tracemalloc + * asynchronous IO with new asyncio module + * introspection data for builtins + * subprocesses no longer inherit open file descriptors + * standardized metadata for packages + * internal hashing changed to SipHash + * new pickle protocol + * improved handling of codecs + * TLS 1.2 support + * major speed improvements for internal unicode handling + * many bugfixes and optimizations +- see porting guide at: + http://docs.python.org/3.4/whatsnew/3.4.html#porting-to-python-3-4 +- moved several modules to -testsuite subpackage +- updated list of binary extensions, refreshed patches +- tracemalloc_gcov.patch fixes profile-based optimization build +- updated packages and pre_checkin.sh to use ~-version notation + for prereleases +- fix-shebangs part of build process moved to common %prep +- drop python-3.3.2-no-REUSEPORT.patch (upstreamed) +- update baselibs for new soname + +- TODOs: + * require python-pip, make ensurepip work with zypper + +------------------------------------------------------------------- +Wed Dec 4 13:21:26 UTC 2013 - matz@suse.de + +- add ppc64le (ELFv2) support for libffi copy for ctypes module +- Adjust Python-3.3.0b2-multilib.patch for ppc64le (make sys.lib be + "lib64"). +- added patches: + * libffi-ppc64le.diff +------------------------------------------------------------------- +Tue Dec 3 09:51:43 UTC 2013 - adrian@suse.de + +- add ppc64le rules + +------------------------------------------------------------------- +Fri Nov 22 13:17:23 UTC 2013 - speilicke@suse.com + +- Add python-3.3.3-skip-distutils-test_sysconfig_module.patch: + + Disable global and distutils sysconfig comparison test, we deviate + from the default depending on optflags + +------------------------------------------------------------------- +Tue Nov 19 14:28:41 UTC 2013 - jmatejek@suse.com + +- update to 3.3.3 + * bugfix-only release + * many SSL-related fixes + * upstream fix for CVE-2013-4238 + * upstream fixes for CVE-2013-1752 +- move example module xxlimited to python3-testsuite +- drop CVE-2013-4238_py33.patch - it is upstreamed +- remove --with-wide-unicode config option, it is now the default + (and only) choice +- don't touch anything between make and makeinstall +- drop python-3.2b2-buildtime-generate.patch - the issue was caused + by touching things between make and makeinstall +- link pycache entries for import_failed hooks properly + +------------------------------------------------------------------- +Tue Oct 15 17:44:08 UTC 2013 - crrodriguez@opensuse.org + +- build with -DOPENSSL_LOAD_CONF for the same reasons + described in the python2 package. + +------------------------------------------------------------------- +Fri Aug 16 11:35:15 UTC 2013 - jmatejek@suse.com + +- handle NULL bytes in certain fields of SSL certificates + (CVE-2013-4238, bnc#834601) + +------------------------------------------------------------------- +Thu Aug 8 14:54:49 UTC 2013 - dvaleev@suse.com + +- Exclue test_faulthandler from tests on powerpc due to bnc#831629 + +------------------------------------------------------------------- +Thu Jun 13 15:05:34 UTC 2013 - jmatejek@suse.com + +- update to 3.3.2 + * bugfix-only release + * fixes several regressions introduced in 3.3.1 +- switch to xz compression +- move _lzma module to python3-base +- python-3.3.2-no-REUSEPORT.patch to fix build on kernels without SO_REUSEPORT + +------------------------------------------------------------------- +Mon Apr 29 22:32:43 UTC 2013 - schwab@suse.de + +- Readd missing bits from ctypes-libffi-aarch64.patch + +------------------------------------------------------------------- +Sat Apr 13 07:56:51 UTC 2013 - idonmez@suse.com + +- Update to version 3.3.1 + * Fix the –enable-profiling configure switch. + * In IDLE, close the replace dialog after it is used. +- Too many bugfixes to list here, + see See http://hg.python.org/cpython/file/v3.3.0/Misc/NEWS +- Refresh Python-3.3.0b2-multilib.patch +- Refresh python-3.2b2-buildtime-generate.patch +- Drop upstream patches: ctypes-libffi-aarch64.patch, + python-3.2.3rc2-pypirc-secure.patch, python-3.3.0-getdents64.patch + +------------------------------------------------------------------- +Mon Apr 8 11:25:30 UTC 2013 - speilicke@suse.com + +- Exclude sqlite/test and tk/test directories from the respective + sub-packages. These are owned by the testsuite sub-package already + +------------------------------------------------------------------- +Fri Apr 5 12:59:20 UTC 2013 - idonmez@suse.com + +- Add Source URL, see https://en.opensuse.org/title=SourceUrls + +------------------------------------------------------------------- +Wed Apr 3 15:36:04 UTC 2013 - jmatejek@suse.com + +- remove spurious modification of python-3.3.0b1-localpath.patch + that would force installation into /usr/local. + this fixes bnc#809831 + +------------------------------------------------------------------- +Thu Mar 28 18:38:51 UTC 2013 - jmatejek@suse.com + +- replace broken movetogetdents64.diff patch with a correct one + from upstream repo (python-3.3.0-getdents64.patch) + +------------------------------------------------------------------- +Fri Mar 1 07:42:21 UTC 2013 - dmueller@suse.com + +- add ctypes-libffi-aarch64.patch: + * import aarch64 support for libffi in _ctypes module +- add aarch64 to the list of lib64 based archs +- add movetogetdents64.diff: + * port to getdents64, as SYS_getdents is not implemented everywhere + +------------------------------------------------------------------- +Tue Feb 26 08:57:55 UTC 2013 - saschpe@suse.de + +- /etc/rpm/macros.python3 is no %config, it is not meant to be changed + by users. +- Add rpmlintrc with some obvious filters + +------------------------------------------------------------------- +Mon Jan 28 18:14:39 UTC 2013 - jmatejek@suse.com + +- update baselibs for new version of libpython3 + +------------------------------------------------------------------- +Thu Nov 29 17:02:37 UTC 2012 - jmatejek@suse.com + +- fix include path in macros (bnc#787526) +- implement failed import handlers for modules that live in + subpackages - e.g. "import ssl" will now throw a sensible error + message telling you to install "python3" + +------------------------------------------------------------------- +Wed Nov 28 17:02:07 UTC 2012 - jmatejek@suse.com + +- merge python3-xml into python3 +- merge python3-2to3 library into python3-base + and the 2to3 binary into python3-devel + (python3-devel is now in conflict with python-2to3, which + will be dropped) +- enable --with-system-expat for python3, making the xml modules + (and thus python3) depend on expat +- reconfigure tests to disable network and GUI resources, which + the upstream apparently thought is a good idea to enable by default. + this fixes build failures in Factory +- add lzma-devel to build the _lzma module +- moved %dynlib macro definition to common section + +------------------------------------------------------------------- +Mon Nov 5 20:01:46 UTC 2012 - coolo@suse.com + +- buildrequire timezone for the test suite + +------------------------------------------------------------------- +Mon Oct 29 18:21:45 UTC 2012 - dmueller@suse.com + +- disable more checks for qemu builds as they use syscalls not + implemented yet + +------------------------------------------------------------------- +Thu Oct 25 08:14:36 UTC 2012 - Rene.vanPaassen@gmail.com + +- exclude test_math for SLE 11; math library fails on negative + gamma function values close to integers and 0, probably + due to imprecision in -lm on SLE_11_SP2. + +------------------------------------------------------------------- +Tue Oct 16 12:15:34 UTC 2012 - coolo@suse.com + +- buildrequire libbz2-devel explicitly + +------------------------------------------------------------------- +Mon Oct 8 14:33:08 UTC 2012 - jmatejek@suse.com + +- remove distutils.cfg (bnc#658604) + * this changes default prefix for distutils to /usr + * see ML for details: +http://lists.opensuse.org/opensuse-packaging/2012-09/msg00254.html + +------------------------------------------------------------------- +Mon Oct 1 08:53:03 UTC 2012 - idonmez@suse.com + +- Update to final 3.3.0 release + * See http://hg.python.org/cpython/file/v3.3.0/Misc/NEWS + +------------------------------------------------------------------- +Thu Sep 27 12:35:01 UTC 2012 - idonmez@suse.com + +- Correct dependency for python3-testsuite, + python3-tkinter -> python3-tk + +------------------------------------------------------------------- +Thu Aug 23 13:08:11 UTC 2012 - jmatejek@suse.com + +- update to 3.3.0 RC1 + +------------------------------------------------------------------- +Fri Aug 3 12:09:34 UTC 2012 - jmatejek@suse.com + +- update to 3.3.0 beta 1 + * flexible string representation, no longer distinguishing + between wide and narrow Unicode builds + * importlib-based import system + * virtualenv support in core + * namespace packages + * explicit Unicode literals for easier porting + * key-sharing dict implementation reduces memory footprint + of OO code + * hash randomization on by default + * many other new bugfixes and features, check NEWS for details + +- pre_checkin.sh now autofills various version strings in specs +- ship hashlib's fallback modules - those uselessly take up space + when real _hashlib.so from python3 is present, but the space wasted + is only 114kB and it provides python3-base with a working hashlib + module. + (also, this fixes bnc#743787) + +------------------------------------------------------------------- +Fri Jul 27 09:02:41 UTC 2012 - dvaleev@suse.com + +- skip test_io on ppc +- drop test_io ppc patch + +------------------------------------------------------------------- +Thu Jun 28 07:57:58 UTC 2012 - saschpe@suse.de + +- Satisfy source_validator by uncommenting an otherwise unused "Patch" + line + +------------------------------------------------------------------- +Tue Jun 12 15:39:08 UTC 2012 - adrian@suse.de + +- fix logic of checks exclusion + +------------------------------------------------------------------- +Fri May 18 11:50:27 UTC 2012 - idonmez@suse.com + +- update to 3.2.3 + * No changes since rc2 + +------------------------------------------------------------------- +Thu Mar 29 15:44:33 UTC 2012 - jmatejek@suse.com + +- update to 3.2.3rc2 + * fixes several security issues: + * CVE-2012-0845, bnc#747125 + * CVE-2012-1150, bnc#751718 + * CVE-2011-4944, bnc#754447 + * CVE-2011-3389, bnc#754677 +- fix for insecure .pypirc (CVE-2011-4944, bnc#754447) +- disable test_gdb because it is broken by our gdb + +------------------------------------------------------------------- +Thu Feb 16 12:33:12 UTC 2012 - dvaleev@suse.com + +- skip broken test_io test on ppc + +------------------------------------------------------------------- +Wed Jan 18 15:49:47 UTC 2012 - jmatejek@suse.com + +- update to 3.2.2 + * bugfix-only release + * reports "linux2" as sys.platform regardless of Linux kernel +- added pre_checkin.sh to copy common spec sections to python3.spec +- added PACKAGING-NOTES with some helpful info for packagers + +------------------------------------------------------------------- +Sun Dec 25 13:25:01 UTC 2011 - idonmez@suse.com + +- Use system ffi, included one is broken see + http://bugs.python.org/issue11729 and + http://bugs.python.org/issue12081 + +------------------------------------------------------------------- +Fri Dec 9 17:19:55 UTC 2011 - jmatejek@suse.com + +- license.opensuse.org-compatible license headers + +------------------------------------------------------------------- +Fri Dec 2 16:46:44 UTC 2011 - coolo@suse.com + +- add automake as buildrequire to avoid implicit dependency + +------------------------------------------------------------------- +Thu Nov 24 12:42:25 UTC 2011 - agraf@suse.com + +- fix ARM build (exclude some test cases which break for us) + +------------------------------------------------------------------- +Tue Aug 16 17:02:22 UTC 2011 - termim@gmail.com + +- use sysconfig module to get py3_incdir, py3_abiflags, + py3_soflags, python3_sitelib and python3_sitearch + +------------------------------------------------------------------- +Mon Jul 18 16:22:31 UTC 2011 - jmatejek@novell.com + +- update to 3.2.1 + * bugfix-only release, no major changes +- fix build on linux3 platform +- remove upstreamed pybench patch +- install /usr/lib directories in all cases to prevent spurious + "directory not owned" in dependent packages + +------------------------------------------------------------------- +Wed Jun 15 14:16:38 UTC 2011 - jmatejek@novell.com + +- replaced dynamic so version with manual so version, because + autobuild does not support autogeneration + +------------------------------------------------------------------- +Tue May 24 13:39:06 UTC 2011 - jmatejek@novell.com + +- generate macros.python3 at compile-time with fixed values +- don't include bogus values in pyconfig.h, as they can break + third-party packages (bnc#673071) + +------------------------------------------------------------------- +Tue May 17 12:52:51 UTC 2011 - jmatejek@novell.com + +- added Obsoletes: python3 < 3.1 so that the transition from + non-split to split packages goes smoothly + +------------------------------------------------------------------- +Fri May 13 12:38:19 UTC 2011 - jmatejek@novell.com + +- fixed RPM macros to use python3 instead of python +- updated to build --with-wide-unicode (for compatibility with + fedora and our own python 2.x series) + +------------------------------------------------------------------- +Thu Apr 21 03:39:25 UTC 2011 - termim@gmail.com + +- fix python3-base build failure due to pybench.py crash by + python-3.2-pybench.patch +- move pyconfig.h from python3-devel to python3-base package to + make python3-base functional again + +------------------------------------------------------------------- +Wed Mar 23 04:26:28 UTC 2011 - termim@gmail.com + +- update to python 3.2 + * stable ABI, ABI-tagged .so files + * concurrent.futures and many other new or upgraded modules + * PYC repository directories ( __pycache__ ) + * python WSGI 1.0.1 + * Unicode 6.0.0 support + * a great number of bugfixes and assorted improvements + +------------------------------------------------------------------- +Tue Feb 8 19:42:17 CET 2011 - matejcik@suse.cz + +- update to python 3.2 RC2 +- renamed python3-demo to python3-tools, because the demo part + became much smaller than the tools part +- added rpm macros + +------------------------------------------------------------------- +Tue Jan 18 14:13:04 UTC 2011 - jmatejek@novell.com + +- update to python 3.2 beta 2, see NEWS for details +- split off -base package with less dependencies, and a shlib-policy + compliant libpython3 package +- mostly rewritten the spec file with more detailed comments +- cleaned up lists of patches + diff --git a/python310.spec b/python310.spec new file mode 100644 index 0000000..8f92977 --- /dev/null +++ b/python310.spec @@ -0,0 +1,1008 @@ +# +# spec file +# +# Copyright (c) 2022 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%global flavor @BUILD_FLAVOR@%{nil} +%if "%{flavor}" == "doc" +%define psuffix -documentation +%bcond_without doc +%bcond_with base +%bcond_with general +%endif +%if "%{flavor}" == "base" +%define psuffix -core +%bcond_with doc +%bcond_without base +%bcond_with general +%endif +%if "%{flavor}" == "" +%define psuffix %{nil} +%bcond_with doc +%bcond_with base +%bcond_without general +%endif + +%if 0%{?sle_version} && 0%{?suse_version} < 1550 +# Obsoleting previous "latest" Python versions +# Next versions will get more lines like for older versions +%define obsolete_python_versioned() \ +Obsoletes: python39%{?1:-%{1}} +%else +%define obsolete_python_versioned() %{nil} +%endif + +# Setting up variables +%define _version %(c=%{version}; echo ${c/[a-z]*/}) +%define tar_suffix %(c=%{_version}; echo ${c#%{_version}}) +%define python_version %(echo %{_version}|cut -d. -f1-2) +# based on the current source tarball +%define python_version_abitag %(c=%{python_version}; echo ${c//./}) +# FIXME %%define python_version_soname %%(c=%%{python_version}; echo ${c//./_}) +%define python_version_soname 3_10 +%if 0%(test -n "%{tar_suffix}" && echo 1) +%define _version %(echo "%{_version}~%{tar_suffix}") +%define tarversion %{version} +%else +%define tarversion %{version} +%endif +%define python_pkg_name python310 +# Will provide the python3-* provides +# Will do the /usr/bin/python3 and all the core links +%define primary_interpreter 1 +# We don't process beta signs well +%define folderversion 3.10.4 +%define tarname Python-%{tarversion} +%define sitedir %{_libdir}/python%{python_version} +# three possible ABI kinds: m - pymalloc, d - debug build; see PEP 3149 +%define abi_kind %{nil} +# python ABI version - used in some file names +%define python_abi %{python_version}%{abi_kind} +# soname ABI tag defined in PEP 3149 +%define abi_tag %{python_version_abitag}%{abi_kind} +# version part of "libpython" package +%define so_major 1 +%define so_minor 0 +%define so_version %{python_version_soname}%{abi_kind}-%{so_major}_%{so_minor} +# rpm and python have different ideas about what is an arch-dependent name, so: +%if "%{__isa_name}" == "ppc" +%define archname %(echo %{_arch} | sed s/ppc/powerpc/) +%else +%define archname %{_arch} +%endif +# our arm has Hardware-Floatingpoint +%if "%{_arch}" == "arm" +%define armsuffix hf +%endif +# Decide whether we want to use mpdecimal +%if 0%{?suse_version} >= 1550 +%bcond_without mpdecimal +%else +%bcond_with mpdecimal +%endif +# pyexpat.cpython-35m-x86_64-linux-gnu +# pyexpat.cpython-35m-powerpc64le-linux-gnu +# pyexpat.cpython-35m-armv7-linux-gnueabihf +# _md5.cpython-38m-x86_64-linux-gnu.so +%define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so +%bcond_without profileopt +Name: %{python_pkg_name}%{psuffix} +Version: 3.10.4 +Release: 0 +Summary: Python 3 Interpreter +License: Python-2.0 +URL: https://www.python.org/ +Source0: http://www.python.org/ftp/python/%{folderversion}/%{tarname}.tar.xz +Source1: http://www.python.org/ftp/python/%{folderversion}/%{tarname}.tar.xz.asc +Source2: baselibs.conf +Source3: README.SUSE +Source7: macros.python3 +Source8: import_failed.py +Source9: import_failed.map +Source10: pre_checkin.sh +Source11: skipped_tests.py +Source19: idle3.desktop +Source20: idle3.appdata.xml +# content of bluez-devel: +# 1. sudo zypper --pkg-cache-dir /tmp install -f -d --no-recommends bluez-devel +# 2. rpm2cpio /tmp/*/*/bluez-devel-*.rpm|cpio -idu +# 3. mkdir Vendor && mv usr/include/* Vendor/ +# 4. tar cJf bluez-devel-vendor.tar.xz Vendor/ +Source21: bluez-devel-vendor.tar.xz +Source98: python310-rpmlintrc +# Tarball is signed by the GPG key of Pablo Galindo Salgado (0x64E628F8D684696D) +# https://keybase.io/pablogsal/pgp_keys.asc?fingerprint=a035c8c19219ba821ecea86b64e628f8d684696d +Source99: python.keyring +# The following files are not used in the build. +# They are listed here to work around missing functionality in rpmbuild, +# which would otherwise exclude them from distributed src.rpm files. +Source100: PACKAGING-NOTES +# PATCH-FEATURE-UPSTREAM F00251-change-user-install-location.patch bsc#[0-9]+ mcepl@suse.com +# Fix installation in /usr/local (boo#1071941), originally from Fedora +# https://src.fedoraproject.org/rpms/python3/blob/master/f/00251-change-user-install-location.patch +# Set values of prefix and exec_prefix in distutils install command +# to /usr/local if executable is /usr/bin/python* and RPM build +# is not detected to make pip and distutils install into separate location +Patch02: F00251-change-user-install-location.patch +# PATCH-FEATURE-UPSTREAM distutils-reproducible-compile.patch gh#python/cpython#8057 mcepl@suse.com +# Improve reproduceability +Patch06: distutils-reproducible-compile.patch +# support finding packages in /usr/local, install to /usr/local by default +Patch07: python-3.3.0b1-localpath.patch +# replace DATE, TIME and COMPILER by fixed definitions to aid reproducible builds +Patch08: python-3.3.0b1-fix_date_time_compiler.patch +# POSIX_FADV_WILLNEED throws EINVAL. Use a different constant in test +Patch09: python-3.3.0b1-test-posix_fadvise.patch +# Raise timeout value for test_subprocess +Patch15: subprocess-raise-timeout.patch +# PATCH-FEATURE-UPSTREAM bpo-31046_ensurepip_honours_prefix.patch bpo#31046 mcepl@suse.com +# ensurepip should honour the value of $(prefix) +Patch29: bpo-31046_ensurepip_honours_prefix.patch +# PATCH-FIX-SLE no-skipif-doctests.patch jsc#SLE-13738 mcepl@suse.com +# SLE-15 version of Sphinx doesn't know about skipif directive in doctests. +Patch33: no-skipif-doctests.patch +# PATCH-FIX-SLE skip-test_pyobject_freed_is_freed.patch mcepl@suse.com +# skip a test failing on SLE-15 +Patch34: skip-test_pyobject_freed_is_freed.patch +# PATCH-FIX-SLE fix_configure_rst.patch bpo#43774 mcepl@suse.com +# remove duplicate link targets and make documentation with old Sphinx in SLE +Patch35: fix_configure_rst.patch +BuildRequires: autoconf-archive +BuildRequires: automake +BuildRequires: fdupes +BuildRequires: gmp-devel +BuildRequires: lzma-devel +BuildRequires: netcfg +BuildRequires: openssl-devel +BuildRequires: pkgconfig +BuildRequires: xz +BuildRequires: pkgconfig(bzip2) +BuildRequires: pkgconfig(expat) +BuildRequires: pkgconfig(libffi) +BuildRequires: pkgconfig(uuid) +BuildRequires: pkgconfig(zlib) +#!BuildIgnore: gdk-pixbuf-loader-rsvg +%if 0%{?suse_version} >= 1550 +# The provider for python(abi) is in rpm-build-python +BuildRequires: rpm-build-python +%endif +%if 0%{?suse_version} >= 1500 +BuildRequires: pkgconfig(libnsl) +BuildRequires: pkgconfig(libtirpc) +%endif +%if %{with mpdecimal} +BuildRequires: mpdecimal-devel +%endif +%if %{with doc} +BuildRequires: python3-Sphinx +%if 0%{?suse_version} >= 1500 +BuildRequires: python3-python-docs-theme >= 2022.1 +%endif +%endif +%if %{with general} +# required for idle3 (.desktop and .appdata.xml files) +BuildRequires: appstream-glib +BuildRequires: gcc-c++ +BuildRequires: gdbm-devel +BuildRequires: gettext +BuildRequires: readline-devel +BuildRequires: sqlite-devel +BuildRequires: timezone +BuildRequires: update-desktop-files +BuildRequires: pkgconfig(ncurses) +BuildRequires: pkgconfig(tk) +BuildRequires: pkgconfig(x11) +Requires: %{python_pkg_name}-base = %{version} +Recommends: %{python_pkg_name}-curses +Recommends: %{python_pkg_name}-dbm +Recommends: %{python_pkg_name}-pip +%obsolete_python_versioned +%if %{primary_interpreter} +Provides: python3 = %{python_version} +%endif +%endif + +%description +Python 3 is modern interpreted, object-oriented programming language, +often compared to Tcl, Perl, Scheme, or Java. You can find an overview +of Python in the documentation and tutorials included in the python3-doc +package. + +This package supplies rich command line features provided by readline, +and sqlite3 support for the interpreter core, thus forming a so called +"extended" runtime. +Installing "python3" is sufficient for the vast majority of usecases. +In addition, recommended packages provide UI toolkit support (python3-curses, +python3-tk), legacy UNIX database bindings (python3-dbm), and the IDLE +development environment (python3-idle). + +%package -n %{python_pkg_name}-tk +Summary: TkInter, a Python Tk Interface +Requires: %{python_pkg_name} = %{version} +%obsolete_python_versioned tk +%if %{primary_interpreter} +Provides: python3-tk = %{version} +%endif + +%description -n %{python_pkg_name}-tk +Python interface to Tk. Tk is the GUI toolkit that comes with Tcl. + +%package -n %{python_pkg_name}-curses +Summary: Python Interface to the (N)Curses Library +Requires: %{python_pkg_name} = %{version} +%obsolete_python_versioned curses +%if %{primary_interpreter} +Provides: python3-curses +%endif + +%description -n %{python_pkg_name}-curses +An easy to use interface to the (n)curses CUI library. CUI stands for +Console User Interface. + +%package -n %{python_pkg_name}-dbm +Summary: Python Interface to the GDBM Library +Requires: %{python_pkg_name} = %{version} +%obsolete_python_versioned dbm +%if %{primary_interpreter} +Provides: python3-dbm +%endif + +%description -n %{python_pkg_name}-dbm +An easy to use interface for Unix DBM databases, and more specifically, +the GNU implementation GDBM. + +%package -n %{python_pkg_name}-idle +Summary: An Integrated Development Environment for Python +Requires: %{python_pkg_name} = %{version} +Requires: %{python_pkg_name}-tk +%obsolete_python_versioned idle +%if %{primary_interpreter} +Provides: python3-idle = %{version} +%endif + +%description -n %{python_pkg_name}-idle +IDLE is a Tkinter based integrated development environment for Python. +It features a multi-window text editor with multiple undo, Python +colorizing, and many other things, as well as a Python shell window and +a debugger. + +%package -n %{python_pkg_name}-doc +Summary: Package Documentation for Python 3 +Enhances: %{python_pkg_name} = %{python_version} +%obsolete_python_versioned doc +%if %{primary_interpreter} +Provides: python3-doc = %{version} +%endif + +%description -n %{python_pkg_name}-doc +Tutorial, Global Module Index, Language Reference, Library Reference, +Extending and Embedding Reference, Python/C API Reference, Documenting +Python, and Macintosh Module Reference in HTML format. + +%package -n %{python_pkg_name}-doc-devhelp +Summary: Additional Package Documentation for Python 3 in devhelp format +%obsolete_python_versioned doc-devhelp +%if %{primary_interpreter} +Provides: python3-doc-devhelp = %{version} +%endif + +%description -n %{python_pkg_name}-doc-devhelp +Tutorial, Global Module Index, Language Reference, Library Reference, +Extending and Embedding Reference, Python/C API Reference, Documenting +Python, and Macintosh Module Reference in format for devhelp. + +%package -n %{python_pkg_name}-base +Summary: Python 3 Interpreter and Stdlib Core +Requires: libpython%{so_version} = %{version} +Recommends: %{python_pkg_name} = %{version} +%obsolete_python_versioned base +#Recommends: python3-ensurepip +# python 3.1 didn't have a separate python-base, so it is wrongly +# not a conflict to have python3-3.1 and python3-base > 3.1 +Obsoletes: python3 < 3.2 +# no Provides, because python3 is obviously provided by package python3 +# python 3.4 provides asyncio +Provides: %{python_pkg_name}-asyncio = %{version} +%obsolete_python_versioned asyncio +# python 3.6 provides typing +Provides: %{python_pkg_name}-typing = %{version} +%obsolete_python_versioned typing +# python3-xml was merged into python3, now moved into -base +Provides: %{python_pkg_name}-xml = %{version} +%if %{primary_interpreter} +Provides: python3-asyncio = %{version} +Obsoletes: python3-asyncio < %{version} +Provides: python3-base = %{version} +Obsoletes: python3-base < %{version} +Provides: python3-typing = %{version} +Obsoletes: python3-typing < %{version} +Provides: python3-xml = %{version} +Obsoletes: python3-xml < %{version} +%endif + +%description -n %{python_pkg_name}-base +Python is an interpreted, object-oriented programming language, and is +often compared to Tcl, Perl, Scheme, or Java. You can find an overview +of Python in the documentation and tutorials included in the python-doc +package. + +This package contains the interpreter core and most commonly used modules +from the standard library. This is sufficient for many usecases, but it +excludes components that depend on external libraries, most notably XML, +database and UI toolkits support. + +%package -n %{python_pkg_name}-tools +Summary: Python Utility and Demonstration Scripts +Requires: %{python_pkg_name}-base = %{version} +Provides: %{python_pkg_name}-2to3 = %{version} +Provides: %{python_pkg_name}-demo = %{version} +%obsolete_python_versioned tools +%if %{primary_interpreter} +Provides: python3-2to3 = %{version} +Provides: python3-demo = %{version} +Provides: python3-tools = %{version} +Obsoletes: python3-2to3 < %{version} +Obsoletes: python3-demo < %{version} +%endif + +%description -n %{python_pkg_name}-tools +A number of scripts that are useful for building, testing or extending Python, +and a set of demonstration programs. + +%package -n %{python_pkg_name}-devel +Summary: Include Files and Libraries Mandatory for Building Python Modules +Requires: %{python_pkg_name}-base = %{version} +%obsolete_python_versioned devel +%if %{primary_interpreter} +Provides: python3-devel = %{version} +%endif + +%description -n %{python_pkg_name}-devel +The Python programming language's interpreter can be extended with +dynamically loaded extensions and can be embedded in other programs. + +This package contains header files, a static library, and development +tools for building Python modules, extending the Python interpreter or +embedding Python in applications. + +This also includes the Python distutils, which were in the Python +package up to version 2.2.2. + +%package -n %{python_pkg_name}-testsuite +Summary: Unit tests for Python and its standard library +Requires: %{python_pkg_name} = %{version} +Requires: %{python_pkg_name}-tk = %{version} +%obsolete_python_versioned testsuite +%if %{primary_interpreter} +Provides: python3-testsuite = %{version} +%endif + +%description -n %{python_pkg_name}-testsuite +Unit tests that are useful for verifying integrity and functionality +of the installed Python interpreter and standard library. +They are a documented part of stdlib, as a module 'test'. + +%package -n libpython%{so_version} +Summary: Python Interpreter shared library +Requires: %{python_pkg_name}-base >= %{version} + +%description -n libpython%{so_version} +Python is an interpreted, object-oriented programming language, and is +often compared to Tcl, Perl, Scheme, or Java. You can find an overview +of Python in the documentation and tutorials included in the python-doc +(HTML) or python-doc-pdf (PDF) packages. + +This package contains libpython3.2 shared library for embedding in +other applications. + +%prep +%setup -q -n %{tarname} +%patch02 -p1 + +%patch06 -p1 +%patch07 -p1 +%patch08 -p1 +%patch09 -p1 +%patch15 -p1 +%patch29 -p1 +%if 0%{?suse_version} <= 1500 +%patch33 -p1 +%endif +%if 0%{?sle_version} && 0%{?sle_version} <= 150300 +%patch34 -p1 +%endif +%patch35 -p1 + +# drop Autoconf version requirement +sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac + +%if %{primary_interpreter} +# fix shebangs - convert /usr/local/bin/python and /usr/bin/env/python to /usr/bin/python3 +for dir in Lib Tools; do + # find *.py, filter to files that contain bad shebangs + # break up "/""usr" like this to prevent replacing with %%{_prefix} + find $dir -name '*.py' -type f -print0 \ + | xargs -0 grep -lE '^#! *(/''usr/.*bin/(env +)?)?python' \ + | xargs sed -r -i -e '1s@^#![[:space:]]*(/''usr/(local/)?bin/(env +)?)?python([0-9]+(\.[0-9]+)?)?@#!%{_bindir}/python3@' +done +%else +# For non-primary Python, just don't bother (bsc#1193179) and remove all +# those shebangs +for dir in Lib Tools; do + find $dir -name '*.py' -type f -exec sed -i '1{/^#!.*python/ d}' '{}' \; +done +# We shortened the file Lib/pdb.py so we have to move the test breakpoint location +sed -i -e '/Breakpoint 3 at ...pdb.py:94/s/94/93/' Lib/test/test_pdb.py +%endif + +# drop in-tree libffi and expat +rm -r Modules/_ctypes/libffi* Modules/_ctypes/darwin +rm -r Modules/expat + +# drop duplicate README from site-packages +rm Lib/site-packages/README.txt + +# Add vendored bluez-devel files +tar xvf %{SOURCE21} + +%build +%if %{with doc} +TODAY_DATE=`date -r %{SOURCE0} "+%%B %%d, %%Y"` +# TODO use not date of tarball but date of latest patch + +cd Doc +sed -i "s/^today = .*/today = '$TODAY_DATE'/" conf.py +%make_build -j1 html + +# Build also devhelp files +sphinx-build -a -b devhelp . build/devhelp +rm -rfv build/devhelp/.doctrees +%else +%define _lto_cflags %{nil} +# use rpm_opt_flags +export OPT="%{optflags} -DOPENSSL_LOAD_CONF -fwrapv $(pkg-config --cflags-only-I libffi) -fno-semantic-interposition" + +touch -r %{SOURCE0} Makefile.pre.in + +autoreconf -fvi + +%if 0%{?sles_version} +sed -e 's/-fprofile-correction//' -i Makefile.pre.in +%endif + +export CFLAGS="%{optflags} -IVendor/" + +%configure \ + --with-platlibdir=%{_lib} \ + --docdir=%{_docdir}/python \ + --enable-ipv6 \ + --enable-shared \ + --with-ensurepip=no \ + --with-system-ffi \ + --with-system-expat \ + --with-lto \ +%if %{with profileopt} + --enable-optimizations \ +%endif +%if %{with mpdecimal} + --with-system-libmpdec \ +%endif + --enable-loadable-sqlite-extensions + +# prevent make from trying to rebuild PYTHON_FOR_GEN stuff +# %%make_build -t Python/Python-ast.c \ + # Include/Python-ast.h \ + # Objects/typeslots.inc \ + # Python/opcode_targets.h \ + # Include/opcode.h +%make_build + +%if %{with general} +%make_build +%endif +%if %{with base} +%if %{with profileopt} + target=profile-opt +%else + target=all +%endif +LD_LIBRARY_PATH=.:$LD_LIBRARY_PATH \ + %make_build $target +%endif +%endif + +%check +%if %{with general} +# exclude test_gdb -- it doesn't run in buildservice anyway, and fails on missing debuginfos +# when you install gdb into your test env +EXCLUDE="test_gdb" +# we patch out the message to recommend zypper in and thus this would fail +EXCLUDE="$EXCLUDE test_pydoc" + +%ifarch %{arm} s390x +# test_multiprocessing_forkserver is racy +EXCLUDE="$EXCLUDE test_multiprocessing_forkserver" +%endif +%ifarch ppc ppc64 ppc64le +# exclue test_faulthandler due to bnc#831629 +EXCLUDE="$EXCLUDE test_faulthandler" +%endif +# some tests break in QEMU +%if 0%{?qemu_user_space_build} +EXCLUDE="$EXCLUDE test_faulthandler test_multiprocessing_forkserver test_multiprocessing_spawn test_os test_posix test_signal test_socket test_subprocess" +%endif + +# This test (part of test_uuid) requires real network interfaces +# so that ifconfig output has "HWaddr ". Some kvm instances +# done have any such interface breaking the uuid module. +EXCLUDE="$EXCLUDE test_uuid" + +# bsc#1195140 and bpo#37169 - test_capi is failing on openSUSE, and not sure why +EXCLUDE="$EXCLUDE test_capi" + +# Limit virtual memory to avoid spurious failures +if test $(ulimit -v) = unlimited || test $(ulimit -v) -gt 10000000; then + ulimit -v 10000000 || : +fi + +export PYTHONPATH="$(pwd -P)/Lib" +# Use timeout, like make target buildbottest +# We cannot run tests parallel, because osc build environment doesn’t +# have /dev/shm +%make_build -j1 test TESTOPTS="-u curses -v -x $EXCLUDE --timeout=3000" +# use network, be verbose: +#make test TESTOPTS="-l -u network -v" +%endif + +%install +%if %{with doc} +export PDOCS=%{buildroot}%{_docdir}/python%{python_version} +mkdir -p $PDOCS +# generated docs +rm Doc/build/*/.buildinfo +cp -r Doc/build/html $PDOCS +# misc +install -d -m 755 $PDOCS/Misc +rm Misc/README.AIX +for i in Misc/* ; do + [ -f $i ] && install -c -m 644 $i $PDOCS/Misc/ +done +# devhelp +mkdir -p %{buildroot}%{_datadir}/gtk-doc/html +cp -r Doc/build/devhelp %{buildroot}%{_datadir}/gtk-doc/html/Python%{python_version} +rm -rf %{buildroot}%{_datadir}/gtk-doc/html/Python%{python_version}/.doctrees +%endif +%if %{with general} +%make_install + +# clean out stuff that is in python-base and subpackages + +find %{buildroot}%{_bindir} -mindepth 1 -not -name "*idle3*" -print -delete +rm %{buildroot}%{_libdir}/lib* +rm -r %{buildroot}%{_libdir}/pkgconfig +rm -r %{buildroot}%{_mandir}/* +rm -r %{buildroot}%{_includedir}/* + +rm -r %{buildroot}%{sitedir}/config* +find %{buildroot}%{sitedir} -name "*.egg-info" -delete +rm -r %{buildroot}%{sitedir}/__pycache__ +rm -r %{buildroot}%{sitedir}/site-packages +rm %{buildroot}%{sitedir}/*.* + +for module in \ + asyncio ctypes collections concurrent distutils email encodings \ + ensurepip html http \ + importlib json logging multiprocessing pydoc_data unittest \ + urllib venv wsgiref lib2to3 test turtledemo \ + xml xmlrpc zoneinfo +do + rm -r %{buildroot}%{sitedir}/$module +done + +for library in \ + array _asyncio audioop binascii _bisect _bz2 cmath _codecs_* \ + _contextvars _crypt _csv _ctypes _datetime _decimal fcntl grp \ + _hashlib _heapq _json _lsprof _lzma math mmap _multibytecodec \ + _multiprocessing _opcode ossaudiodev _pickle _posixshmem \ + _posixsubprocess _queue _random resource select _ssl _socket spwd \ + _statistics _struct syslog termios _testbuffer _testimportmultiple \ + _testmultiphase unicodedata zlib _ctypes_test _testinternalcapi _testcapi \ + xxlimited xxlimited_35 \ + _xxtestfuzz _xxsubinterpreters _elementtree pyexpat _md5 _sha1 \ + _sha256 _sha512 _blake2 _sha3 _uuid _zoneinfo +do + eval rm "%{buildroot}%{sitedir}/lib-dynload/$library.*" +done + +# Idle is not packaged in base due to the appstream-glib dependency +# move idle config into /etc +install -d -m 755 %{buildroot}%{_sysconfdir}/idle%{python_version} +( + cd %{buildroot}/%{sitedir}/idlelib/ + for file in *.def ; do + mv $file %{buildroot}%{_sysconfdir}/idle%{python_version}/ + ln -sf %{_sysconfdir}/idle%{python_version}/$file %{buildroot}/%{sitedir}/idlelib/ + done +) + +# keep just idle3.X +rm %{buildroot}%{_bindir}/idle3 + +# install idle icons +for size in 16 32 48 ; do + install -m 644 -D Lib/idlelib/Icons/idle_${size}.png \ + %{buildroot}%{_datadir}/icons/hicolor/${size}x${size}/apps/idle%{python_version}.png +done + +# install idle desktop file +cp %{SOURCE19} idle%{python_version}.desktop +sed -i -e 's:idle3:idle%{python_version}:g' idle%{python_version}.desktop +install -m 644 -D -t %{buildroot}%{_datadir}/applications idle%{python_version}.desktop +%suse_update_desktop_file idle%{python_version} + +cp %{SOURCE20} idle%{python_version}.appdata.xml +sed -i -e 's:idle3.desktop:idle%{python_version}.desktop:g' idle%{python_version}.appdata.xml +install -m 644 -D -t %{buildroot}%{_datadir}/metainfo idle%{python_version}.appdata.xml +appstream-util validate-relax --nonet %{buildroot}%{_datadir}/metainfo/idle%{python_version}.appdata.xml + +%fdupes %{buildroot}/%{_libdir}/python%{python_version} +%endif +%if %{with base} +%make_install + +# remove .a +find %{buildroot} -name "*.a" -delete + +# install "site-packages" and __pycache__ for third parties +install -d -m 755 %{buildroot}%{sitedir}/site-packages +install -d -m 755 %{buildroot}%{sitedir}/site-packages/__pycache__ +# and their 32bit counterparts explicitly +mkdir -p %{buildroot}%{_prefix}/lib/python%{python_version}/site-packages/__pycache__ + +# cleanup parts that don't belong +for dir in curses dbm sqlite3 tkinter idlelib; do + find "%{buildroot}/%{sitedir}/$dir"/* -maxdepth 0 -name "test" -o -exec rm -rf {} + +done +rm -fv %{buildroot}%{dynlib nis} + +# overwrite the copied binary with a link +ln -sf python%{python_version} %{buildroot}%{_bindir}/python3 + +# decide to ship python3 or just python3.X +%if !%{primary_interpreter} +# base +rm %{buildroot}%{_bindir}/python3 +rm %{buildroot}%{_bindir}/pydoc3 +rm %{buildroot}%{_mandir}/man1/python3.1 +# devel +rm %{buildroot}%{_bindir}/python3-config +rm %{buildroot}%{_libdir}/libpython3.so +rm %{buildroot}%{_libdir}/pkgconfig/{python3,python3-embed}.pc +%endif + +# link shared library instead of static library that tools expect +ln -s ../../libpython%{python_abi}.so %{buildroot}%{_libdir}/python%{python_version}/config-%{python_abi}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}/libpython%{python_abi}.so + +# delete idle3, which has to many packaging dependencies for base +rm %{buildroot}%{_bindir}/idle3* + +# delete the generic 2to3 binary if we are not primary +%if !%{primary_interpreter} +rm %{buildroot}%{_bindir}/2to3 +%endif + +# replace duplicate .pyo/.pyc with hardlinks +%fdupes %{buildroot}/%{sitedir} + +# documentation +export PDOCS=%{buildroot}%{_docdir}/%{name} +install -d -m 755 $PDOCS +install -c -m 644 %{SOURCE3} $PDOCS/ +install -c -m 644 README.rst $PDOCS/ + +# tools +for x in `find Tools/ \( -not -name Makefile \) -print | sort` ; do + test -d $x && ( install -c -m 755 -d $PDOCS/$x ) \ + || ( install -c -m 644 $x $PDOCS/$x ) +done +# gdb script is shipped with devel subpackage +rm -r $PDOCS/Tools/gdb +# clean up the bat files +find "$PDOCS" -name "*.bat" -delete + +# put gdb helper script into place +install -m 755 -D Tools/gdb/libpython.py %{buildroot}%{_datadir}/gdb/auto-load/%{_libdir}/libpython%{python_abi}.so.%{so_major}.%{so_minor}-gdb.py + +# install devel files to /config +#cp Makefile Makefile.pre.in Makefile.pre $RPM_BUILD_ROOT%{sitedir}/config-%{python_abi}/ + +# RPM macros +%if %{primary_interpreter} +mkdir -p %{buildroot}%{_rpmconfigdir}/macros.d/ +install -m 644 %{SOURCE7} %{buildroot}%{_rpmconfigdir}/macros.d/ # macros.python3 +%endif + +# import_failed hooks +FAILDIR=%{buildroot}/%{sitedir}/_import_failed +mkdir $FAILDIR +install -m 644 %{SOURCE8} %{SOURCE9} $FAILDIR # import_failed.* +LD_LIBRARY_PATH=. ./python -c "from py_compile import compile; compile('$FAILDIR/import_failed.py', dfile='%{sitedir}/_import_failed/import_failed.py')" +LD_LIBRARY_PATH=. ./python -O -c "from py_compile import compile; compile('$FAILDIR/import_failed.py', dfile='%{sitedir}/_import_failed/import_failed.py')" +( + cd $FAILDIR + while read package modules; do + for module in $modules; do + ln import_failed.py $module.py + pushd __pycache__ + for i in import_failed*; do + ln $i "$module${i#import_failed}" + done + popd + done + done < %{SOURCE9} +) +echo %{sitedir}/_import_failed > %{buildroot}/%{sitedir}/site-packages/zzzz-import-failed-hooks.pth +%endif + +%if %{with general} +%files -n %{python_pkg_name}-tk +%defattr(644, root, root, 755) +%{sitedir}/tkinter +%exclude %{sitedir}/tkinter/test +%{dynlib _tkinter} + +%files -n %{python_pkg_name}-curses +%defattr(644, root, root, 755) +%{sitedir}/curses +%{dynlib _curses} +%{dynlib _curses_panel} + +%files -n %{python_pkg_name}-dbm +%defattr(644, root, root, 755) +%{sitedir}/dbm +%{dynlib _dbm} +%{dynlib _gdbm} + +%files -n %{python_pkg_name} +%defattr(644, root, root, 755) +%dir %{sitedir} +%dir %{sitedir}/lib-dynload +%{sitedir}/sqlite3 +%exclude %{sitedir}/sqlite3/test +%{dynlib readline} +%{dynlib _sqlite3} +%{dynlib nis} + +%files -n %{python_pkg_name}-idle +%defattr(644, root, root, 755) +%{sitedir}/idlelib +%dir %{_sysconfdir}/idle%{python_version} +%config %{_sysconfdir}/idle%{python_version}/* +%doc Lib/idlelib/NEWS.txt +%doc Lib/idlelib/README.txt +%doc Lib/idlelib/TODO.txt +%doc Lib/idlelib/extend.txt +%doc Lib/idlelib/ChangeLog +%{_bindir}/idle%{python_version} +%{_datadir}/applications/idle%{python_version}.desktop +%{_datadir}/metainfo/idle%{python_version}.appdata.xml +%{_datadir}/icons/hicolor/*/apps/idle%{python_version}.png +%dir %{_datadir}/icons/hicolor +%dir %{_datadir}/icons/hicolor/16x16 +%dir %{_datadir}/icons/hicolor/32x32 +%dir %{_datadir}/icons/hicolor/48x48 +%dir %{_datadir}/icons/hicolor/*/apps +%attr(755, root, root) %{_bindir}/idle%{python_version} +# endif for if general +%endif + +%if %{with doc} +%files -n %{python_pkg_name}-doc +%dir %{_docdir}/python%{python_version} +%doc %{_docdir}/python%{python_version}/Misc +%doc %{_docdir}/python%{python_version}/html + +%files -n %{python_pkg_name}-doc-devhelp +%dir %{_datadir}/gtk-doc +%dir %{_datadir}/gtk-doc/html +%doc %{_datadir}/gtk-doc/html/Python%{python_version} +%endif + +%if %{with base} +%post -n libpython%{so_version} -p /sbin/ldconfig +%postun -n libpython%{so_version} -p /sbin/ldconfig + +%files -n libpython%{so_version} +%defattr(644, root,root) +%{_libdir}/libpython%{python_abi}.so.%{so_major}.%{so_minor} + +%files -n %{python_pkg_name}-tools +%defattr(644, root, root, 755) +%{sitedir}/turtledemo +%if %{primary_interpreter} +%{_bindir}/2to3 +%endif +%attr(755, root, root)%{_bindir}/2to3-%{python_version} +%doc %{_docdir}/%{name}/Tools + +%files -n %{python_pkg_name}-devel +%defattr(644, root, root, 755) +%{_libdir}/libpython%{python_abi}.so +%if %{primary_interpreter} +%{_libdir}/libpython3.so +%endif +%{_libdir}/pkgconfig/* +%{_includedir}/python%{python_abi} +%{sitedir}/config-%{python_abi}-* +%defattr(755, root, root) +%{_bindir}/python%{python_abi}-config +%if %{primary_interpreter} +%{_bindir}/python3-config +%endif +# Own these directories to not depend on gdb +%dir %{_datadir}/gdb +%dir %{_datadir}/gdb/auto-load +%dir %{_datadir}/gdb/auto-load%{_prefix} +%dir %{_datadir}/gdb/auto-load%{_libdir} +%{_datadir}/gdb/auto-load/%{_libdir}/libpython%{python_abi}.so.%{so_major}.%{so_minor}-gdb.py + +%files -n %{python_pkg_name}-testsuite +%defattr(644, root, root, 755) +%{sitedir}/test +%{sitedir}/*/test +%{sitedir}/*/tests +%{dynlib _ctypes_test} +%{dynlib _testbuffer} +%{dynlib _testcapi} +%{dynlib _testinternalcapi} +%{dynlib _testimportmultiple} +%{dynlib _testmultiphase} +%{dynlib xxlimited} +# workaround for missing packages +%dir %{sitedir}/sqlite3 +%dir %{sitedir}/tkinter + +%files -n %{python_pkg_name}-base +%defattr(644, root, root, 755) +# docs +%dir %{_docdir}/%{name} +%doc %{_docdir}/%{name}/README.rst +%license LICENSE +%doc %{_docdir}/%{name}/README.SUSE +%if %{primary_interpreter} +%{_mandir}/man1/python3.1%{?ext_man} +%endif +%{_mandir}/man1/python%{python_version}.1%{?ext_man} +# license text, not a doc because the code can use it at run-time +%{sitedir}/LICENSE.txt +# RPM macros +%if %{primary_interpreter} +%{_rpmconfigdir}/macros.d/macros.python3 +%endif +# binary parts +%dir %{sitedir}/lib-dynload +%{dynlib array} +%{dynlib _asyncio} +%{dynlib audioop} +%{dynlib binascii} +%{dynlib _bisect} +%{dynlib _bz2} +%{dynlib cmath} +%{dynlib _codecs_cn} +%{dynlib _codecs_hk} +%{dynlib _codecs_iso2022} +%{dynlib _codecs_jp} +%{dynlib _codecs_kr} +%{dynlib _codecs_tw} +%{dynlib _contextvars} +%{dynlib _crypt} +%{dynlib _csv} +%{dynlib _ctypes} +%{dynlib _datetime} +%{dynlib _decimal} +%{dynlib _elementtree} +%{dynlib fcntl} +%{dynlib grp} +%{dynlib _hashlib} +%{dynlib _heapq} +%{dynlib _json} +%{dynlib _lsprof} +%{dynlib _lzma} +%{dynlib math} +%{dynlib mmap} +%{dynlib _multibytecodec} +%{dynlib _multiprocessing} +%{dynlib _opcode} +%{dynlib ossaudiodev} +%{dynlib _pickle} +%{dynlib _posixshmem} +%{dynlib _posixsubprocess} +%{dynlib pyexpat} +%{dynlib _queue} +%{dynlib _random} +%{dynlib resource} +%{dynlib select} +%{dynlib _socket} +%{dynlib spwd} +%{dynlib _ssl} +%{dynlib _statistics} +%{dynlib _struct} +%{dynlib syslog} +%{dynlib termios} +%{dynlib unicodedata} +%{dynlib _uuid} +%{dynlib _xxsubinterpreters} +%{dynlib _xxtestfuzz} +%{dynlib xxlimited_35} +%{dynlib zlib} +%{dynlib _zoneinfo} +# hashlib fallback modules +%{dynlib _blake2} +%{dynlib _md5} +%{dynlib _sha1} +%{dynlib _sha256} +%{dynlib _sha512} +%{dynlib _sha3} +# python parts +%dir %{_prefix}/lib/python%{python_version} +%dir %{_prefix}/lib/python%{python_version}/site-packages +%dir %{_prefix}/lib/python%{python_version}/site-packages/__pycache__ +%dir %{sitedir} +%dir %{sitedir}/site-packages +%dir %{sitedir}/site-packages/__pycache__ +%exclude %{sitedir}/*/test +%exclude %{sitedir}/*/tests +%{sitedir}/*.py +%{sitedir}/asyncio +%{sitedir}/ctypes +%{sitedir}/collections +%{sitedir}/concurrent +%{sitedir}/distutils +%{sitedir}/email +%{sitedir}/encodings +%{sitedir}/ensurepip +%{sitedir}/html +%{sitedir}/http +%{sitedir}/importlib +%{sitedir}/json +%{sitedir}/lib2to3 +%{sitedir}/logging +%{sitedir}/multiprocessing +%{sitedir}/pydoc_data +%{sitedir}/unittest +%{sitedir}/urllib +%{sitedir}/venv +%{sitedir}/wsgiref +%{sitedir}/xml +%{sitedir}/xmlrpc +%{sitedir}/zoneinfo +%{sitedir}/__pycache__ +# import-failed hooks +%{sitedir}/_import_failed +%{sitedir}/site-packages/zzzz-import-failed-hooks.pth +# symlinks +%if %{primary_interpreter} +%{_bindir}/python3 +%{_bindir}/pydoc3 +%endif +# executables +%attr(755, root, root) %{_bindir}/pydoc%{python_version} +# %%attr(755, root, root) %%{_bindir}/python%%{python_abi} +%attr(755, root, root) %{_bindir}/python%{python_version} +# endif for if base +%endif + +%changelog diff --git a/skip-test_pyobject_freed_is_freed.patch b/skip-test_pyobject_freed_is_freed.patch new file mode 100644 index 0000000..a13a2da --- /dev/null +++ b/skip-test_pyobject_freed_is_freed.patch @@ -0,0 +1,14 @@ +--- + Lib/test/test_capi.py | 1 + + 1 file changed, 1 insertion(+) + +--- a/Lib/test/test_capi.py ++++ b/Lib/test/test_capi.py +@@ -794,6 +794,7 @@ class PyMemDebugTests(unittest.TestCase) + def test_pyobject_forbidden_bytes_is_freed(self): + self.check_pyobject_is_freed('check_pyobject_forbidden_bytes_is_freed') + ++ @unittest.skip('Failing on Leap 15.*') + def test_pyobject_freed_is_freed(self): + self.check_pyobject_is_freed('check_pyobject_freed_is_freed') + diff --git a/skipped_tests.py b/skipped_tests.py new file mode 100644 index 0000000..47002e6 --- /dev/null +++ b/skipped_tests.py @@ -0,0 +1,69 @@ +#!/usr/bin/python3 +""" +Simple regexp-based skipped test checker. +It lists tests that are mentioned (presumably for exclusion) +in BASE, and in MAIN (presumably for inclusion) +and reports discrepancies. + +This will have a number of +""" + +MAIN = "python39.spec" + +import glob +import re +from os.path import basename + +alltests = set() +qemu_exclusions = set() + +for item in glob.glob("Python-*/Lib/test/test_*"): + testname = basename(item) + if testname.endswith(".py"): + testname = testname[:-3] + alltests.add(testname) + +testre = re.compile(r'[\s"](test_\w+)\b') + +def find_tests_in_spec(specname): + global qemu_exclusions + + found_tests = set() + with open(specname) as spec: + in_qemu = False + for line in spec: + line = line.strip() + if "#" in line: + line = line[:line.index("#")] + tests = set(testre.findall(line)) + found_tests |= tests + if line == "%if 0%{?qemu_user_space_build} > 0": + in_qemu = True + if in_qemu: + if line == "%endif": + in_qemu = False + qemu_exclusions |= tests + return found_tests + +excluded = find_tests_in_spec(MAIN) + +#print("--- excluded tests:", " ".join(sorted(excluded))) +#print("--- included tests:", " ".join(sorted(included))) + +mentioned = excluded +nonexistent = mentioned - alltests +missing = excluded - qemu_exclusions + +print("--- the following tests are excluded for QEMU and not tested in python") +print("--- (that probably means we don't need to worry about them)") +for test in sorted(qemu_exclusions - excluded): + print(test) + +print("--- the following tests might be excluded in python:") +for test in sorted(missing): + print(test) + +if nonexistent: + print("--- the following tests don't exist:") + for test in sorted(nonexistent): + print(test) diff --git a/subprocess-raise-timeout.patch b/subprocess-raise-timeout.patch new file mode 100644 index 0000000..cb39e1a --- /dev/null +++ b/subprocess-raise-timeout.patch @@ -0,0 +1,16 @@ +--- + Lib/test/test_subprocess.py | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/Lib/test/test_subprocess.py ++++ b/Lib/test/test_subprocess.py +@@ -261,7 +261,8 @@ class ProcessTestCase(BaseTestCase): + "time.sleep(3600)"], + # Some heavily loaded buildbots (sparc Debian 3.x) require + # this much time to start and print. +- timeout=3) ++ # OBS might require even more ++ timeout=10) + self.fail("Expected TimeoutExpired.") + self.assertEqual(c.exception.output, b'BDFL') + -- 2.51.1 From 62ccbe2ed87fa70bdf8c68acb6e8357dfbda3659736c6cb13973b7be2e6e168b Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Mon, 9 May 2022 15:12:55 +0000 Subject: [PATCH 002/135] =?UTF-8?q?-=20Update=20to=20pre-release=20version?= =?UTF-8?q?=203.11.0b1:=20=20=20-=20PEP=20657=20=E2=80=93=20Include=20Fine?= =?UTF-8?q?-Grained=20Error=20Locations=20in=20Tracebacks=20=20=20-=20PEP?= =?UTF-8?q?=20654=20=E2=80=93=20Exception=20Groups=20and=20except*=20=20?= =?UTF-8?q?=20-=20PEP=20673=20=E2=80=93=20Self=20Type=20=20=20-=20PEP=2064?= =?UTF-8?q?6=20=E2=80=93=20Variadic=20Generics=20=20=20-=20PEP=20680?= =?UTF-8?q?=E2=80=93=20tomllib:=20Support=20for=20Parsing=20TOML=20in=20th?= =?UTF-8?q?e=20Standard=20Library=20=20=20-=20PEP=20675=E2=80=93=20Arbitra?= =?UTF-8?q?ry=20Literal=20String=20Type=20=20=20-=20PEP=20655=E2=80=93=20M?= =?UTF-8?q?arking=20individual=20TypedDict=20items=20as=20required=20or=20?= =?UTF-8?q?potentially-missing=20=20=20-=20bpo-46752=E2=80=93=20Introduce?= =?UTF-8?q?=20task=20groups=20to=20asyncio=20=20=20-=20The=20Faster=20Cpyt?= =?UTF-8?q?hon=20Project=20is=20already=20yielding=20some=20exciting=20=20?= =?UTF-8?q?=20=20=20results.=20Python=203.11=20is=20up=20to=2010-60%=20fas?= =?UTF-8?q?ter=20than=20Python=20=20=20=20=203.10.=20On=20average,=20we=20?= =?UTF-8?q?measured=20a=201.22x=20speedup=20on=20the=20standard=20=20=20?= =?UTF-8?q?=20=20benchmark=20suite.=20See=20=20=20=20=20https://docs.pytho?= =?UTF-8?q?n.org/3.11/whatsnew/3.11.html#faster-cpython=20=20=20=20=20for?= =?UTF-8?q?=20details.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=3 --- Python-3.10.4.tar.xz | 3 --- Python-3.10.4.tar.xz.asc | 16 ---------------- Python-3.11.0b1.tar.xz | 3 +++ Python-3.11.0b1.tar.xz.asc | 16 ++++++++++++++++ python310.changes | 19 +++++++++++++++++++ python310.spec | 14 +++++++------- 6 files changed, 45 insertions(+), 26 deletions(-) delete mode 100644 Python-3.10.4.tar.xz delete mode 100644 Python-3.10.4.tar.xz.asc create mode 100644 Python-3.11.0b1.tar.xz create mode 100644 Python-3.11.0b1.tar.xz.asc diff --git a/Python-3.10.4.tar.xz b/Python-3.10.4.tar.xz deleted file mode 100644 index c014894..0000000 --- a/Python-3.10.4.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:80bf925f571da436b35210886cf79f6eb5fa5d6c571316b73568343451f77a19 -size 19342692 diff --git a/Python-3.10.4.tar.xz.asc b/Python-3.10.4.tar.xz.asc deleted file mode 100644 index 304c4a3..0000000 --- a/Python-3.10.4.tar.xz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCAAdFiEEz9yiRbEEPPKl+Xhl/+h0BBaL2EcFAmI7glkACgkQ/+h0BBaL -2EeuBBAAoOCzPJXjt6RoAYMGpKl3f7HNGRR6q5nyLzyJ2EMOFflsJH7HRyE9c5eO -7EsrD3oO9OMkdY6Ffs7m0pfU6evGRaEAu/gY5ia8DVXjp0pLd8KJFKVKBvMLUsoB -WHM8t1MCCmEq7bPXjqnBW56UEMj8Tq/WzVPtC6nHc3zCbegM1GlrTcE4a6wYsILE -6zaSvmMGFNoER3+AzMSy2JEAYvPHZMhlzHgqjFwwQwBNEio7cKd12f8suwlGOnma -bpFpb6MlOyYXiBQtpEnlnkJH+xRrDKCczXVEgR64CHXF7ZOcuYexzLz+hX+1httd -vNmxcbx3Dd+LQ+QD/8oUqxGbQmz91QvcWR3VGweBdrqLykv4BqPQT5sh9pSj7GP4 -+bzIneAlNvbgZ31oWSAAjSyshtYPoKAK47a45UtGspsDONI2vMnVL4hKnYJPRNPQ -rVTjSZZQrTOvr7v3vnux0uvcg63DdmjkLULdyNgFoQzx1BK+/eQSVDqL3UxSifeg -ev1KtaEQvD71ETdpAmAzTxCQm41F6uQFC68JaAF7Bk5UH8PT1zhyAaTnVWBZ9dYu -2RORSFHib9cILdvql4Kde9ZKyzarcXl81+B3zAa3dehx+cpnbfxk2y+TKD+IAPJy -4727aPUgEceIVH3TtrwJF94vyR3UVPi2IudfGOmI/k2RZ+adjWY= -=4vI+ ------END PGP SIGNATURE----- diff --git a/Python-3.11.0b1.tar.xz b/Python-3.11.0b1.tar.xz new file mode 100644 index 0000000..96bfb83 --- /dev/null +++ b/Python-3.11.0b1.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:dccac9b03dd3fe5cd10bc547579eb0be81a1d8971ec2a866b03dec5391f5ad25 +size 19416160 diff --git a/Python-3.11.0b1.tar.xz.asc b/Python-3.11.0b1.tar.xz.asc new file mode 100644 index 0000000..bcee99e --- /dev/null +++ b/Python-3.11.0b1.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEz9yiRbEEPPKl+Xhl/+h0BBaL2EcFAmJ1p8MACgkQ/+h0BBaL +2Ed9aBAAqIsXqNNhL3Q8jRpWdckbyiSsTgf7k+nr/yhO6x+XD8TZE5OakOIvCI4h +NnvzAKD+QzaDQAlT+QtrOf2BFK6z8x2k0FwdLZBZGbpY1GAJWRPJhLwqPmo0k6PC +H3wU7sJoKc2Md1s6UHYwoKy1sxYF4a2SjNWPfz+1/pUZoTucR4IEHUdOpzwhCh8k +frms3eu+AlbwSWisYjDLlOsvyfpqteM5pnfSB+XeQQmhjqXkdvOyNopnIpld9yYA +ThM2DcA+uw78xJx866vj9vybBXALJJAFs7L8Ofw0ZzNm7gZdorjvPUzy6+7LI72c +a2qVOKW4ugGILZi4r65abMoL87xSokIsztPlvKN+pbynWKc3Rk46trtn6TDsV7mi +wYNrlkWaeZPg6D200G7VXfNRJ3cSoLTEW5q4bkx5JJClTWd19JpE8xdMN8xd8Cj2 +M7dzkImD6/UeQ87cOmFvg2Qcs/2nRfIfjDjjUTYXMCMof/XJ1Lzrz0y1O2sdfYud +o71oSmkYbKkcO4vJ/H6pOyGjLRS6nhWYbgebRMUp1zghnIibQIXt49+ntSpTT8VZ +9HVskMUb0FzbEuEza7jfeIj33VX9NOBGrpzupgqXnJZRyqmuM+OqNnBL082/uqFU +b0eheOgImRed716X9ZmhPQp1lNBItQk3IxZktLsnDsDKoqNIdQA= +=LzMI +-----END PGP SIGNATURE----- diff --git a/python310.changes b/python310.changes index 6649cd9..bd0ad62 100644 --- a/python310.changes +++ b/python310.changes @@ -1,3 +1,22 @@ +------------------------------------------------------------------- +Mon May 9 15:09:03 UTC 2022 - Matej Cepl + +- Update to pre-release version 3.11.0b1: + - PEP 657 – Include Fine-Grained Error Locations in Tracebacks + - PEP 654 – Exception Groups and except* + - PEP 673 – Self Type + - PEP 646 – Variadic Generics + - PEP 680– tomllib: Support for Parsing TOML in the Standard Library + - PEP 675– Arbitrary Literal String Type + - PEP 655– Marking individual TypedDict items as required or potentially-missing + - bpo-46752– Introduce task groups to asyncio + - The Faster Cpython Project is already yielding some exciting + results. Python 3.11 is up to 10-60% faster than Python + 3.10. On average, we measured a 1.22x speedup on the standard + benchmark suite. See + https://docs.python.org/3.11/whatsnew/3.11.html#faster-cpython + for details. + ------------------------------------------------------------------- Thu May 5 14:35:56 UTC 2022 - Matej Cepl diff --git a/python310.spec b/python310.spec index 8f92977..8b0e498 100644 --- a/python310.spec +++ b/python310.spec @@ -52,19 +52,19 @@ Obsoletes: python39%{?1:-%{1}} # based on the current source tarball %define python_version_abitag %(c=%{python_version}; echo ${c//./}) # FIXME %%define python_version_soname %%(c=%%{python_version}; echo ${c//./_}) -%define python_version_soname 3_10 +%define python_version_soname 3_11 %if 0%(test -n "%{tar_suffix}" && echo 1) %define _version %(echo "%{_version}~%{tar_suffix}") %define tarversion %{version} %else %define tarversion %{version} %endif -%define python_pkg_name python310 +%define python_pkg_name python311 # Will provide the python3-* provides # Will do the /usr/bin/python3 and all the core links -%define primary_interpreter 1 +%define primary_interpreter 0 # We don't process beta signs well -%define folderversion 3.10.4 +%define folderversion 3.11.0 %define tarname Python-%{tarversion} %define sitedir %{_libdir}/python%{python_version} # three possible ABI kinds: m - pymalloc, d - debug build; see PEP 3149 @@ -100,7 +100,7 @@ Obsoletes: python39%{?1:-%{1}} %define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so %bcond_without profileopt Name: %{python_pkg_name}%{psuffix} -Version: 3.10.4 +Version: 3.11.0b1 Release: 0 Summary: Python 3 Interpreter License: Python-2.0 @@ -122,7 +122,7 @@ Source20: idle3.appdata.xml # 3. mkdir Vendor && mv usr/include/* Vendor/ # 4. tar cJf bluez-devel-vendor.tar.xz Vendor/ Source21: bluez-devel-vendor.tar.xz -Source98: python310-rpmlintrc +Source98: python311-rpmlintrc # Tarball is signed by the GPG key of Pablo Galindo Salgado (0x64E628F8D684696D) # https://keybase.io/pablogsal/pgp_keys.asc?fingerprint=a035c8c19219ba821ecea86b64e628f8d684696d Source99: python.keyring @@ -555,7 +555,7 @@ EXCLUDE="$EXCLUDE test_capi" # Limit virtual memory to avoid spurious failures if test $(ulimit -v) = unlimited || test $(ulimit -v) -gt 10000000; then - ulimit -v 10000000 || : + ulimit -v 11000000 || : fi export PYTHONPATH="$(pwd -P)/Lib" -- 2.51.1 From 4cbd00e948b8a2fb40c15890defbd527b65de4506affef5d262fd0892c2fc77d Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Mon, 9 May 2022 15:13:18 +0000 Subject: [PATCH 003/135] Fix baselibs.conf OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=4 --- baselibs.conf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/baselibs.conf b/baselibs.conf index 67e73d0..1793de8 100644 --- a/baselibs.conf +++ b/baselibs.conf @@ -1,3 +1,3 @@ -python310-base -python310 -libpython3_10-1_0 +python311-base +python311 +libpython3_11-1_0 -- 2.51.1 From 887681833e62863655eebaca57dd0c8b2854471487b14f1e371f883ae2aa57c3 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Mon, 9 May 2022 15:17:36 +0000 Subject: [PATCH 004/135] Rename files to comply with the name of the package OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=5 --- python310-rpmlintrc => python311-rpmlintrc | 0 python310.changes => python311.changes | 0 python310.spec => python311.spec | 0 3 files changed, 0 insertions(+), 0 deletions(-) rename python310-rpmlintrc => python311-rpmlintrc (100%) rename python310.changes => python311.changes (100%) rename python310.spec => python311.spec (100%) diff --git a/python310-rpmlintrc b/python311-rpmlintrc similarity index 100% rename from python310-rpmlintrc rename to python311-rpmlintrc diff --git a/python310.changes b/python311.changes similarity index 100% rename from python310.changes rename to python311.changes diff --git a/python310.spec b/python311.spec similarity index 100% rename from python310.spec rename to python311.spec -- 2.51.1 From 5e1455c810fa0fb93e8482fc0e399e7381d5d93fe9efcf00ab909cbbed5202f1 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Tue, 10 May 2022 11:17:42 +0000 Subject: [PATCH 005/135] Readjust patches. OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=6 --- F00251-change-user-install-location.patch | 2 +- bpo-31046_ensurepip_honours_prefix.patch | 12 ++++++------ fix_configure_rst.patch | 8 ++++---- python-3.3.0b1-fix_date_time_compiler.patch | 4 ++-- python-3.3.0b1-test-posix_fadvise.patch | 2 +- subprocess-raise-timeout.patch | 2 +- 6 files changed, 15 insertions(+), 15 deletions(-) diff --git a/F00251-change-user-install-location.patch b/F00251-change-user-install-location.patch index e69c5a9..ac31b43 100644 --- a/F00251-change-user-install-location.patch +++ b/F00251-change-user-install-location.patch @@ -39,7 +39,7 @@ Fedora Change: https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe if self.exec_prefix is None: --- a/Lib/site.py +++ b/Lib/site.py -@@ -380,8 +380,15 @@ def getsitepackages(prefixes=None): +@@ -377,8 +377,15 @@ def getsitepackages(prefixes=None): return sitepackages def addsitepackages(known_paths, prefixes=None): diff --git a/bpo-31046_ensurepip_honours_prefix.patch b/bpo-31046_ensurepip_honours_prefix.patch index e3bb24d..bb3a709 100644 --- a/bpo-31046_ensurepip_honours_prefix.patch +++ b/bpo-31046_ensurepip_honours_prefix.patch @@ -55,7 +55,7 @@ Co-Authored-By: Xavier de Gaye .. note:: --- a/Lib/ensurepip/__init__.py +++ b/Lib/ensurepip/__init__.py -@@ -113,27 +113,27 @@ def _disable_pip_configuration_settings( +@@ -112,27 +112,27 @@ def _disable_pip_configuration_settings( os.environ['PIP_CONFIG_FILE'] = os.devnull @@ -88,7 +88,7 @@ Co-Authored-By: Xavier de Gaye Note that calling this function will alter both sys.path and os.environ. """ -@@ -183,6 +183,8 @@ def _bootstrap(*, root=None, upgrade=Fal +@@ -182,6 +182,8 @@ def _bootstrap(*, root=None, upgrade=Fal args = ["install", "--no-cache-dir", "--no-index", "--find-links", tmpdir] if root: args += ["--root", root] @@ -97,7 +97,7 @@ Co-Authored-By: Xavier de Gaye if upgrade: args += ["--upgrade"] if user: -@@ -258,6 +260,11 @@ def _main(argv=None): +@@ -257,6 +259,11 @@ def _main(argv=None): help="Install everything relative to this alternate root directory.", ) parser.add_argument( @@ -109,7 +109,7 @@ Co-Authored-By: Xavier de Gaye "--altinstall", action="store_true", default=False, -@@ -276,6 +283,7 @@ def _main(argv=None): +@@ -275,6 +282,7 @@ def _main(argv=None): return _bootstrap( root=args.root, @@ -139,7 +139,7 @@ Co-Authored-By: Xavier de Gaye --- a/Makefile.pre.in +++ b/Makefile.pre.in -@@ -1278,7 +1278,7 @@ install: @FRAMEWORKINSTALLFIRST@ commoni +@@ -1733,7 +1733,7 @@ install: @FRAMEWORKINSTALLFIRST@ commoni install|*) ensurepip="" ;; \ esac; \ $(RUNSHARED) $(PYTHON_FOR_BUILD) -m ensurepip \ @@ -148,7 +148,7 @@ Co-Authored-By: Xavier de Gaye fi altinstall: commoninstall -@@ -1288,7 +1288,7 @@ altinstall: commoninstall +@@ -1743,7 +1743,7 @@ altinstall: commoninstall install|*) ensurepip="--altinstall" ;; \ esac; \ $(RUNSHARED) $(PYTHON_FOR_BUILD) -m ensurepip \ diff --git a/fix_configure_rst.patch b/fix_configure_rst.patch index 063e99a..9fd2132 100644 --- a/fix_configure_rst.patch +++ b/fix_configure_rst.patch @@ -5,7 +5,7 @@ --- a/Doc/using/configure.rst +++ b/Doc/using/configure.rst -@@ -42,7 +42,6 @@ General Options +@@ -41,7 +41,6 @@ General Options See :data:`sys.int_info.bits_per_digit `. @@ -13,7 +13,7 @@ .. cmdoption:: --with-cxx-main=COMPILER Compile the Python ``main()`` function and link Python executable with C++ -@@ -457,13 +456,11 @@ macOS Options +@@ -511,13 +510,11 @@ macOS Options See ``Mac/README.rst``. @@ -29,8 +29,8 @@ Create a Python.framework rather than a traditional Unix install. Optional --- a/Misc/NEWS +++ b/Misc/NEWS -@@ -2038,7 +2038,7 @@ C API - ----- +@@ -5480,7 +5480,7 @@ C API + - bpo-40939: Removed documentation for the removed ``PyParser_*`` C API. - bpo-43795: The list in :ref:`stable-abi-list` now shows the public name - :c:struct:`PyFrameObject` rather than ``_frame``. The non-existing entry diff --git a/python-3.3.0b1-fix_date_time_compiler.patch b/python-3.3.0b1-fix_date_time_compiler.patch index f69846f..15efbf1 100644 --- a/python-3.3.0b1-fix_date_time_compiler.patch +++ b/python-3.3.0b1-fix_date_time_compiler.patch @@ -4,7 +4,7 @@ --- a/Makefile.pre.in +++ b/Makefile.pre.in -@@ -784,11 +784,18 @@ Modules/getbuildinfo.o: $(PARSER_OBJS) \ +@@ -1222,11 +1222,18 @@ Modules/getbuildinfo.o: $(PARSER_OBJS) \ $(DTRACE_OBJS) \ $(srcdir)/Modules/getbuildinfo.c $(CC) -c $(PY_CORE_CFLAGS) \ @@ -20,6 +20,6 @@ + -DCOMPILER='"[GCC]"' \ + -o $@ $(srcdir)/Python/getcompiler.c + - Modules/getpath.o: $(srcdir)/Modules/getpath.c Makefile + Modules/getpath.o: $(srcdir)/Modules/getpath.c Python/frozen_modules/getpath.h Makefile $(PYTHON_HEADERS) $(CC) -c $(PY_CORE_CFLAGS) -DPYTHONPATH='"$(PYTHONPATH)"' \ -DPREFIX='"$(prefix)"' \ diff --git a/python-3.3.0b1-test-posix_fadvise.patch b/python-3.3.0b1-test-posix_fadvise.patch index 763441e..6a84d1f 100644 --- a/python-3.3.0b1-test-posix_fadvise.patch +++ b/python-3.3.0b1-test-posix_fadvise.patch @@ -4,7 +4,7 @@ --- a/Lib/test/test_posix.py +++ b/Lib/test/test_posix.py -@@ -425,7 +425,7 @@ class PosixTester(unittest.TestCase): +@@ -434,7 +434,7 @@ class PosixTester(unittest.TestCase): def test_posix_fadvise(self): fd = os.open(os_helper.TESTFN, os.O_RDONLY) try: diff --git a/subprocess-raise-timeout.patch b/subprocess-raise-timeout.patch index cb39e1a..a455335 100644 --- a/subprocess-raise-timeout.patch +++ b/subprocess-raise-timeout.patch @@ -4,7 +4,7 @@ --- a/Lib/test/test_subprocess.py +++ b/Lib/test/test_subprocess.py -@@ -261,7 +261,8 @@ class ProcessTestCase(BaseTestCase): +@@ -272,7 +272,8 @@ class ProcessTestCase(BaseTestCase): "time.sleep(3600)"], # Some heavily loaded buildbots (sparc Debian 3.x) require # this much time to start and print. -- 2.51.1 From 1c968d4121e934ef18eef09194c9ab38dbdc75067c259e168a11a8e22288c113 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Tue, 10 May 2022 16:49:16 +0000 Subject: [PATCH 006/135] - Refresh bluez-devel-vendor.tar.xz - Fix files and handling of new modules. OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=7 --- bluez-devel-vendor.tar.xz | 4 ++-- python311.changes | 5 +++++ python311.spec | 11 +++++++---- 3 files changed, 14 insertions(+), 6 deletions(-) diff --git a/bluez-devel-vendor.tar.xz b/bluez-devel-vendor.tar.xz index 8c61d7a..57fb3e5 100644 --- a/bluez-devel-vendor.tar.xz +++ b/bluez-devel-vendor.tar.xz @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:d030d6ff641577625745b435f4a45e9025e11143e60d0bba7dddf53e8bf71941 -size 24976 +oid sha256:868fbfba2ddaed62f2c45cf869fe2c648527ac3bac738f4f41f3c2872f5b0211 +size 25040 diff --git a/python311.changes b/python311.changes index bd0ad62..fe07b11 100644 --- a/python311.changes +++ b/python311.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Tue May 10 15:01:18 UTC 2022 - Matej Cepl + +- Refresh bluez-devel-vendor.tar.xz + ------------------------------------------------------------------- Mon May 9 15:09:03 UTC 2022 - Matej Cepl diff --git a/python311.spec b/python311.spec index 8b0e498..b25aac9 100644 --- a/python311.spec +++ b/python311.spec @@ -604,10 +604,10 @@ rm %{buildroot}%{sitedir}/*.* for module in \ asyncio ctypes collections concurrent distutils email encodings \ - ensurepip html http \ + ensurepip html http re \ importlib json logging multiprocessing pydoc_data unittest \ - urllib venv wsgiref lib2to3 test turtledemo \ - xml xmlrpc zoneinfo + urllib venv wsgiref lib2to3 test tomlib turtledemo \ + xml xmlrpc zoneinfo __phello__ do rm -r %{buildroot}%{sitedir}/$module done @@ -620,7 +620,7 @@ for library in \ _posixsubprocess _queue _random resource select _ssl _socket spwd \ _statistics _struct syslog termios _testbuffer _testimportmultiple \ _testmultiphase unicodedata zlib _ctypes_test _testinternalcapi _testcapi \ - xxlimited xxlimited_35 \ + _typing xxlimited xxlimited_35 \ _xxtestfuzz _xxsubinterpreters _elementtree pyexpat _md5 _sha1 \ _sha256 _sha512 _blake2 _sha3 _uuid _zoneinfo do @@ -982,6 +982,8 @@ echo %{sitedir}/_import_failed > %{buildroot}/%{sitedir}/site-packages/zzzz-impo %{sitedir}/logging %{sitedir}/multiprocessing %{sitedir}/pydoc_data +%{sitedir}/re +%{sitedir}/tomllib %{sitedir}/unittest %{sitedir}/urllib %{sitedir}/venv @@ -989,6 +991,7 @@ echo %{sitedir}/_import_failed > %{buildroot}/%{sitedir}/site-packages/zzzz-impo %{sitedir}/xml %{sitedir}/xmlrpc %{sitedir}/zoneinfo +%{sitedir}/__phello__ %{sitedir}/__pycache__ # import-failed hooks %{sitedir}/_import_failed -- 2.51.1 From 42e2453f8020471cdb0549e09997004254cb3c4de9d8d1107ecc726d20c84634 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Tue, 10 May 2022 17:19:41 +0000 Subject: [PATCH 007/135] Fix missing item in %%files. OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=8 --- python311.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/python311.spec b/python311.spec index b25aac9..122a61d 100644 --- a/python311.spec +++ b/python311.spec @@ -942,6 +942,7 @@ echo %{sitedir}/_import_failed > %{buildroot}/%{sitedir}/site-packages/zzzz-impo %{dynlib _struct} %{dynlib syslog} %{dynlib termios} +%{dynlib _typing} %{dynlib unicodedata} %{dynlib _uuid} %{dynlib _xxsubinterpreters} -- 2.51.1 From 2b3a992a89f88f92fbbdf2f67d31d8dde521661a2b4b62616a7aee16883fc5ee Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Tue, 10 May 2022 19:14:07 +0000 Subject: [PATCH 008/135] Fix SPEC OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=9 --- python311.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/python311.spec b/python311.spec index 122a61d..6858c81 100644 --- a/python311.spec +++ b/python311.spec @@ -606,7 +606,7 @@ for module in \ asyncio ctypes collections concurrent distutils email encodings \ ensurepip html http re \ importlib json logging multiprocessing pydoc_data unittest \ - urllib venv wsgiref lib2to3 test tomlib turtledemo \ + urllib venv wsgiref lib2to3 test tomllib turtledemo \ xml xmlrpc zoneinfo __phello__ do rm -r %{buildroot}%{sitedir}/$module -- 2.51.1 From ae07cf4ccf1bcdefc97dc57f28909b38c9ea8e6ea7d00adc60cbe753a8095436 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Tue, 10 May 2022 19:17:52 +0000 Subject: [PATCH 009/135] Adjust patches OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=10 --- no-skipif-doctests.patch | 95 +++++++++++++------------ skip-test_pyobject_freed_is_freed.patch | 2 +- 2 files changed, 51 insertions(+), 46 deletions(-) diff --git a/no-skipif-doctests.patch b/no-skipif-doctests.patch index 62758d3..b33c0c7 100644 --- a/no-skipif-doctests.patch +++ b/no-skipif-doctests.patch @@ -1,8 +1,13 @@ only in patch2: unchanged: +--- + Doc/conf.py | 2 - + Doc/library/turtle.rst | 82 ------------------------------------------------- + 2 files changed, 1 insertion(+), 83 deletions(-) + --- a/Doc/conf.py +++ b/Doc/conf.py -@@ -46,7 +46,7 @@ today_fmt = '%B %d, %Y' +@@ -45,7 +45,7 @@ today_fmt = '%B %d, %Y' highlight_language = 'python3' # Minimum version of sphinx required @@ -314,7 +319,7 @@ unchanged: >>> turtle.color("black", "red") >>> turtle.begin_fill() -@@ -1075,7 +1036,6 @@ More drawing control +@@ -1074,7 +1035,6 @@ More drawing control variables to the default values. .. doctest:: @@ -322,7 +327,7 @@ unchanged: >>> turtle.goto(0,-22) >>> turtle.left(100) -@@ -1127,7 +1087,6 @@ Visibility +@@ -1125,7 +1085,6 @@ Visibility drawing observably. .. doctest:: @@ -330,7 +335,7 @@ unchanged: >>> turtle.hideturtle() -@@ -1138,7 +1097,6 @@ Visibility +@@ -1136,7 +1095,6 @@ Visibility Make the turtle visible. .. doctest:: @@ -338,7 +343,7 @@ unchanged: >>> turtle.showturtle() -@@ -1169,7 +1127,6 @@ Appearance +@@ -1167,7 +1125,6 @@ Appearance deal with shapes see Screen method :func:`register_shape`. .. doctest:: @@ -346,7 +351,7 @@ unchanged: >>> turtle.shape() 'classic' -@@ -1195,7 +1152,6 @@ Appearance +@@ -1193,7 +1150,6 @@ Appearance ``resizemode("user")`` is called by :func:`shapesize` when used with arguments. .. doctest:: @@ -354,7 +359,7 @@ unchanged: >>> turtle.resizemode() 'noresize' -@@ -1219,7 +1175,6 @@ Appearance +@@ -1217,7 +1173,6 @@ Appearance of the shapes's outline. .. doctest:: @@ -362,7 +367,7 @@ unchanged: >>> turtle.shapesize() (1.0, 1.0, 1) -@@ -1244,7 +1199,6 @@ Appearance +@@ -1242,7 +1197,6 @@ Appearance heading of the turtle are sheared. .. doctest:: @@ -370,7 +375,7 @@ unchanged: >>> turtle.shape("circle") >>> turtle.shapesize(5,2) -@@ -1261,7 +1215,6 @@ Appearance +@@ -1259,7 +1213,6 @@ Appearance change the turtle's heading (direction of movement). .. doctest:: @@ -378,7 +383,7 @@ unchanged: >>> turtle.reset() >>> turtle.shape("circle") -@@ -1281,7 +1234,6 @@ Appearance +@@ -1279,7 +1232,6 @@ Appearance (direction of movement). .. doctest:: @@ -386,7 +391,7 @@ unchanged: >>> turtle.reset() >>> turtle.shape("circle") -@@ -1307,7 +1259,6 @@ Appearance +@@ -1305,7 +1257,6 @@ Appearance turtle (its direction of movement). .. doctest:: @@ -394,7 +399,7 @@ unchanged: >>> turtle.reset() >>> turtle.shape("circle") -@@ -1336,7 +1287,6 @@ Appearance +@@ -1334,7 +1285,6 @@ Appearance given matrix. .. doctest:: @@ -402,7 +407,7 @@ unchanged: >>> turtle = Turtle() >>> turtle.shape("square") -@@ -1352,7 +1302,6 @@ Appearance +@@ -1350,7 +1300,6 @@ Appearance can be used to define a new shape or components of a compound shape. .. doctest:: @@ -410,7 +415,7 @@ unchanged: >>> turtle.shape("square") >>> turtle.shapetransform(4, -1, 0, 2) -@@ -1377,7 +1326,6 @@ Using events +@@ -1375,7 +1324,6 @@ Using events procedural way: .. doctest:: @@ -418,7 +423,7 @@ unchanged: >>> def turn(x, y): ... left(180) -@@ -1398,7 +1346,6 @@ Using events +@@ -1396,7 +1344,6 @@ Using events ``None``, existing bindings are removed. .. doctest:: @@ -426,7 +431,7 @@ unchanged: >>> class MyTurtle(Turtle): ... def glow(self,x,y): -@@ -1426,7 +1373,6 @@ Using events +@@ -1424,7 +1371,6 @@ Using events mouse-click event on that turtle. .. doctest:: @@ -434,7 +439,7 @@ unchanged: >>> turtle.ondrag(turtle.goto) -@@ -1454,7 +1400,6 @@ Special Turtle methods +@@ -1452,7 +1398,6 @@ Special Turtle methods Return the last recorded polygon. .. doctest:: @@ -442,7 +447,7 @@ unchanged: >>> turtle.home() >>> turtle.begin_poly() -@@ -1474,7 +1419,6 @@ Special Turtle methods +@@ -1472,7 +1417,6 @@ Special Turtle methods turtle properties. .. doctest:: @@ -450,7 +455,7 @@ unchanged: >>> mick = Turtle() >>> joe = mick.clone() -@@ -1487,7 +1431,6 @@ Special Turtle methods +@@ -1485,7 +1429,6 @@ Special Turtle methods return the "anonymous turtle": .. doctest:: @@ -458,7 +463,7 @@ unchanged: >>> pet = getturtle() >>> pet.fd(50) -@@ -1501,7 +1444,6 @@ Special Turtle methods +@@ -1499,7 +1442,6 @@ Special Turtle methods TurtleScreen methods can then be called for that object. .. doctest:: @@ -466,7 +471,7 @@ unchanged: >>> ts = turtle.getscreen() >>> ts -@@ -1519,7 +1461,6 @@ Special Turtle methods +@@ -1517,7 +1459,6 @@ Special Turtle methods ``None``, the undobuffer is disabled. .. doctest:: @@ -474,7 +479,7 @@ unchanged: >>> turtle.setundobuffer(42) -@@ -1529,7 +1470,6 @@ Special Turtle methods +@@ -1527,7 +1468,6 @@ Special Turtle methods Return number of entries in the undobuffer. .. doctest:: @@ -482,7 +487,7 @@ unchanged: >>> while undobufferentries(): ... undo() -@@ -1552,7 +1492,6 @@ below: +@@ -1550,7 +1490,6 @@ below: For example: .. doctest:: @@ -490,7 +495,7 @@ unchanged: >>> s = Shape("compound") >>> poly1 = ((0,0),(10,-5),(0,10),(-10,-5)) -@@ -1563,7 +1502,6 @@ below: +@@ -1561,7 +1500,6 @@ below: 3. Now add the Shape to the Screen's shapelist and use it: .. doctest:: @@ -498,7 +503,7 @@ unchanged: >>> register_shape("myshape", s) >>> shape("myshape") -@@ -1583,7 +1521,6 @@ Most of the examples in this section ref +@@ -1581,7 +1519,6 @@ Most of the examples in this section ref ``screen``. .. doctest:: @@ -506,7 +511,7 @@ unchanged: :hide: >>> screen = Screen() -@@ -1600,7 +1537,6 @@ Window control +@@ -1598,7 +1535,6 @@ Window control Set or return background color of the TurtleScreen. .. doctest:: @@ -514,7 +519,7 @@ unchanged: >>> screen.bgcolor("orange") >>> screen.bgcolor() -@@ -1686,7 +1622,6 @@ Window control +@@ -1690,7 +1626,6 @@ Window control distorted. .. doctest:: @@ -522,7 +527,7 @@ unchanged: >>> screen.reset() >>> screen.setworldcoordinates(-50,-7.5,50,7.5) -@@ -1697,7 +1632,6 @@ Window control +@@ -1701,7 +1636,6 @@ Window control ... left(45); fd(2) # a regular octagon .. doctest:: @@ -530,7 +535,7 @@ unchanged: :hide: >>> screen.reset() -@@ -1719,7 +1653,6 @@ Animation control +@@ -1723,7 +1657,6 @@ Animation control Optional argument: .. doctest:: @@ -538,7 +543,7 @@ unchanged: >>> screen.delay() 10 -@@ -1741,7 +1674,6 @@ Animation control +@@ -1745,7 +1678,6 @@ Animation control :func:`delay`). .. doctest:: @@ -546,7 +551,7 @@ unchanged: >>> screen.tracer(8, 25) >>> dist = 2 -@@ -1778,7 +1710,6 @@ Using screen events +@@ -1782,7 +1714,6 @@ Using screen events must have the focus. (See method :func:`listen`.) .. doctest:: @@ -554,7 +559,7 @@ unchanged: >>> def f(): ... fd(50) -@@ -1799,7 +1730,6 @@ Using screen events +@@ -1803,7 +1734,6 @@ Using screen events must have focus. (See method :func:`listen`.) .. doctest:: @@ -562,7 +567,7 @@ unchanged: >>> def f(): ... fd(50) -@@ -1824,7 +1754,6 @@ Using screen events +@@ -1828,7 +1758,6 @@ Using screen events named ``turtle``: .. doctest:: @@ -570,7 +575,7 @@ unchanged: >>> screen.onclick(turtle.goto) # Subsequently clicking into the TurtleScreen will >>> # make the turtle move to the clicked point. -@@ -1844,7 +1773,6 @@ Using screen events +@@ -1848,7 +1777,6 @@ Using screen events Install a timer that calls *fun* after *t* milliseconds. .. doctest:: @@ -578,7 +583,7 @@ unchanged: >>> running = True >>> def f(): -@@ -1926,7 +1854,6 @@ Settings and special methods +@@ -1930,7 +1858,6 @@ Settings and special methods ============ ========================= =================== .. doctest:: @@ -586,15 +591,15 @@ unchanged: >>> mode("logo") # resets turtle heading to north >>> mode() -@@ -1941,7 +1868,6 @@ Settings and special methods - values of color triples have to be in the range 0..\ *cmode*. +@@ -1945,7 +1872,6 @@ Settings and special methods + values of color triples have to be in the range 0..*cmode*. .. doctest:: - :skipif: _tkinter is None >>> screen.colormode(1) >>> turtle.pencolor(240, 160, 80) -@@ -1962,7 +1888,6 @@ Settings and special methods +@@ -1966,7 +1892,6 @@ Settings and special methods do with a Tkinter Canvas. .. doctest:: @@ -602,7 +607,7 @@ unchanged: >>> cv = screen.getcanvas() >>> cv -@@ -1974,7 +1899,6 @@ Settings and special methods +@@ -1978,7 +1903,6 @@ Settings and special methods Return a list of names of all currently available turtle shapes. .. doctest:: @@ -610,7 +615,7 @@ unchanged: >>> screen.getshapes() ['arrow', 'blank', 'circle', ..., 'turtle'] -@@ -1998,7 +1922,6 @@ Settings and special methods +@@ -2002,7 +1926,6 @@ Settings and special methods coordinates: Install the corresponding polygon shape. .. doctest:: @@ -618,7 +623,7 @@ unchanged: >>> screen.register_shape("triangle", ((5,-3), (0,5), (-5,-3))) -@@ -2014,7 +1937,6 @@ Settings and special methods +@@ -2018,7 +1941,6 @@ Settings and special methods Return the list of turtles on the screen. .. doctest:: @@ -626,7 +631,7 @@ unchanged: >>> for turtle in screen.turtles(): ... turtle.color("red") -@@ -2076,7 +1998,6 @@ Methods specific to Screen, not inherite +@@ -2080,7 +2002,6 @@ Methods specific to Screen, not inherite center window vertically .. doctest:: @@ -634,7 +639,7 @@ unchanged: >>> screen.setup (width=200, height=200, startx=0, starty=0) >>> # sets window to 200x200 pixels, in upper left of screen -@@ -2092,7 +2013,6 @@ Methods specific to Screen, not inherite +@@ -2096,7 +2017,6 @@ Methods specific to Screen, not inherite Set title of turtle window to *titlestring*. .. doctest:: @@ -642,7 +647,7 @@ unchanged: >>> screen.title("Welcome to the turtle zoo!") -@@ -2163,7 +2083,6 @@ Public classes +@@ -2167,7 +2087,6 @@ Public classes Example: .. doctest:: @@ -650,7 +655,7 @@ unchanged: >>> poly = ((0,0),(10,-5),(0,10),(-10,-5)) >>> s = Shape("compound") -@@ -2510,7 +2429,6 @@ Changes since Python 3.0 +@@ -2514,7 +2433,6 @@ Changes since Python 3.0 .. doctest:: diff --git a/skip-test_pyobject_freed_is_freed.patch b/skip-test_pyobject_freed_is_freed.patch index a13a2da..b68f049 100644 --- a/skip-test_pyobject_freed_is_freed.patch +++ b/skip-test_pyobject_freed_is_freed.patch @@ -4,7 +4,7 @@ --- a/Lib/test/test_capi.py +++ b/Lib/test/test_capi.py -@@ -794,6 +794,7 @@ class PyMemDebugTests(unittest.TestCase) +@@ -1014,6 +1014,7 @@ class PyMemDebugTests(unittest.TestCase) def test_pyobject_forbidden_bytes_is_freed(self): self.check_pyobject_is_freed('check_pyobject_forbidden_bytes_is_freed') -- 2.51.1 From 634ab7609bddcdbb2cfebd0c131cd7c770bd7ce5831ea1d3741d695d25a1b42d Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Tue, 17 May 2022 17:43:33 +0000 Subject: [PATCH 010/135] Fix building with system-expat (gh#python/cpython#92875). OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=11 --- python311.spec | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/python311.spec b/python311.spec index 6858c81..255a13c 100644 --- a/python311.spec +++ b/python311.spec @@ -445,7 +445,7 @@ for dir in Lib Tools; do find $dir -name '*.py' -type f -exec sed -i '1{/^#!.*python/ d}' '{}' \; done # We shortened the file Lib/pdb.py so we have to move the test breakpoint location -sed -i -e '/Breakpoint 3 at ...pdb.py:94/s/94/93/' Lib/test/test_pdb.py +sed -i -e '/Breakpoint 3 at ...pdb.py:97/s/97/96/' Lib/test/test_pdb.py %endif # drop in-tree libffi and expat @@ -558,6 +558,12 @@ if test $(ulimit -v) = unlimited || test $(ulimit -v) -gt 10000000; then ulimit -v 11000000 || : fi +# test_freeze_simple_script in test.test_tools.test_freeze.TestFreeze +# uses CONFIG_ARGS to run ./configure. +export CONFIG_ARGS="--enable-ipv6 --enable-shared --with-ensurepip=no \ + --with-system-ffi --with-system-expat --with-lto --enable-optimizations \ + --with-system-libmpdec --enable-loadable-sqlite-extensions" + export PYTHONPATH="$(pwd -P)/Lib" # Use timeout, like make target buildbottest # We cannot run tests parallel, because osc build environment doesn’t -- 2.51.1 From 6534561f4974d00ffe4173d924abe2324af242380caa08025425eb877aab949c Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Tue, 17 May 2022 17:43:59 +0000 Subject: [PATCH 011/135] Fix changelog OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=12 --- python311.changes | 1 + 1 file changed, 1 insertion(+) diff --git a/python311.changes b/python311.changes index fe07b11..9a027f4 100644 --- a/python311.changes +++ b/python311.changes @@ -2,6 +2,7 @@ Tue May 10 15:01:18 UTC 2022 - Matej Cepl - Refresh bluez-devel-vendor.tar.xz +- Fix building with system-expat (gh#python/cpython#92875). ------------------------------------------------------------------- Mon May 9 15:09:03 UTC 2022 - Matej Cepl -- 2.51.1 From bf95b5f2212204bb3f112ad9249c2fb45b981ebebce587db1efd3bedb728aa64 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Tue, 17 May 2022 18:43:45 +0000 Subject: [PATCH 012/135] - Fix building with system-expat (gh#python/cpython#92875). Nope, it didn't work, worked around it. OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=13 --- python311.changes | 3 ++- python311.spec | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/python311.changes b/python311.changes index 9a027f4..23687bb 100644 --- a/python311.changes +++ b/python311.changes @@ -2,7 +2,8 @@ Tue May 10 15:01:18 UTC 2022 - Matej Cepl - Refresh bluez-devel-vendor.tar.xz -- Fix building with system-expat (gh#python/cpython#92875). +- Fix building with system-expat (gh#python/cpython#92875). Nope, + it didn't work, worked around it. ------------------------------------------------------------------- Mon May 9 15:09:03 UTC 2022 - Matej Cepl diff --git a/python311.spec b/python311.spec index 255a13c..40ce27e 100644 --- a/python311.spec +++ b/python311.spec @@ -450,7 +450,8 @@ sed -i -e '/Breakpoint 3 at ...pdb.py:97/s/97/96/' Lib/test/test_pdb.py # drop in-tree libffi and expat rm -r Modules/_ctypes/libffi* Modules/_ctypes/darwin -rm -r Modules/expat +# Cannot remove it because of gh#python/cpython#92875 +# rm -r Modules/expat # drop duplicate README from site-packages rm Lib/site-packages/README.txt -- 2.51.1 From 9c0a8f3c4cde8fa318ca162fa06f4d5fec4ce62f4e2a5350856a2d1e17b953c0 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Tue, 17 May 2022 22:11:07 +0000 Subject: [PATCH 013/135] - Add patch support-expat-245.patch: * Support Expat >= 2.4.4 (jsc#SLE-21253) OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=14 --- python311.changes | 2 ++ python311.spec | 4 +++ support-expat-245.patch | 75 +++++++++++++++++++++++++++++++++++++++++ 3 files changed, 81 insertions(+) create mode 100644 support-expat-245.patch diff --git a/python311.changes b/python311.changes index 23687bb..6e6974c 100644 --- a/python311.changes +++ b/python311.changes @@ -4,6 +4,8 @@ Tue May 10 15:01:18 UTC 2022 - Matej Cepl - Refresh bluez-devel-vendor.tar.xz - Fix building with system-expat (gh#python/cpython#92875). Nope, it didn't work, worked around it. +- Add patch support-expat-245.patch: + * Support Expat >= 2.4.4 (jsc#SLE-21253) ------------------------------------------------------------------- Mon May 9 15:09:03 UTC 2022 - Matej Cepl diff --git a/python311.spec b/python311.spec index 40ce27e..42fae91 100644 --- a/python311.spec +++ b/python311.spec @@ -160,6 +160,9 @@ Patch34: skip-test_pyobject_freed_is_freed.patch # PATCH-FIX-SLE fix_configure_rst.patch bpo#43774 mcepl@suse.com # remove duplicate link targets and make documentation with old Sphinx in SLE Patch35: fix_configure_rst.patch +# PATCH-FIX-UPSTREAM support-expat-245.patch jsc#SLE-21253 mcepl@suse.com +# Makes Python resilient to changes of API of libexpat +Patch36: support-expat-245.patch BuildRequires: autoconf-archive BuildRequires: automake BuildRequires: fdupes @@ -425,6 +428,7 @@ other applications. %patch34 -p1 %endif %patch35 -p1 +%patch36 -p1 # drop Autoconf version requirement sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac diff --git a/support-expat-245.patch b/support-expat-245.patch new file mode 100644 index 0000000..f4761ee --- /dev/null +++ b/support-expat-245.patch @@ -0,0 +1,75 @@ +From d4f5bb912e67299b59b814b89a5afd9a8821a14e Mon Sep 17 00:00:00 2001 +From: "Miss Islington (bot)" + <31488909+miss-islington@users.noreply.github.com> +Date: Mon, 21 Feb 2022 11:03:08 -0800 +Subject: [PATCH] bpo-46811: Make test suite support Expat >=2.4.5 (GH-31453) + (GH-31471) + +Curly brackets were never allowed in namespace URIs +according to RFC 3986, and so-called namespace-validating +XML parsers have the right to reject them a invalid URIs. + +libexpat >=2.4.5 has become strcter in that regard due to +related security issues; with ET.XML instantiating a +namespace-aware parser under the hood, this test has no +future in CPython. + +References: +- https://datatracker.ietf.org/doc/html/rfc3968 +- https://www.w3.org/TR/xml-names/ + +Also, test_minidom.py: Support Expat >=2.4.5 +(cherry picked from commit 2cae93832f46b245847bdc252456ddf7742ef45e) + +Co-authored-by: Sebastian Pipping +--- + Lib/test/test_minidom.py | 13 ++++------ + Misc/NEWS.d/next/Library/2022-02-20-21-03-31.bpo-46811.8BxgdQ.rst | 1 + 2 files changed, 7 insertions(+), 7 deletions(-) + create mode 100644 Misc/NEWS.d/next/Library/2022-02-20-21-03-31.bpo-46811.8BxgdQ.rst + +--- a/Lib/test/test_minidom.py ++++ b/Lib/test/test_minidom.py +@@ -6,12 +6,11 @@ import io + from test import support + import unittest + +-import pyexpat ++import xml.parsers.expat + import xml.dom.minidom + + from xml.dom.minidom import parse, Node, Document, parseString + from xml.dom.minidom import getDOMImplementation +-from xml.parsers.expat import ExpatError + + + tstfile = support.findfile("test.xml", subdir="xmltestdata") +@@ -1149,10 +1148,10 @@ class MinidomTest(unittest.TestCase): + + # Verify that character decoding errors raise exceptions instead + # of crashing +- if pyexpat.version_info >= (2, 4, 5): +- self.assertRaises(ExpatError, parseString, ++ if xml.parsers.expat.version_info >= (2, 4, 4): ++ self.assertRaises(xml.parsers.expat.ExpatError, parseString, + b'') +- self.assertRaises(ExpatError, parseString, ++ self.assertRaises(xml.parsers.expat.ExpatError, parseString, + b'Comment \xe7a va ? Tr\xe8s bien ?') + else: + self.assertRaises(UnicodeDecodeError, parseString, +@@ -1617,8 +1616,8 @@ class MinidomTest(unittest.TestCase): + self.confirm(doc2.namespaceURI == xml.dom.EMPTY_NAMESPACE) + + def testExceptionOnSpacesInXMLNSValue(self): +- if pyexpat.version_info >= (2, 4, 5): +- context = self.assertRaisesRegex(ExpatError, 'syntax error') ++ if xml.parsers.expat.version_info >= (2, 4, 4): ++ context = self.assertRaisesRegex(xml.parsers.expat.ExpatError, 'syntax error') + else: + context = self.assertRaisesRegex(ValueError, 'Unsupported syntax') + +--- /dev/null ++++ b/Misc/NEWS.d/next/Library/2022-02-20-21-03-31.bpo-46811.8BxgdQ.rst +@@ -0,0 +1 @@ ++Make test suite support Expat >=2.4.5 -- 2.51.1 From eff536f20e660940a67fa84b5d0e11b410b82e0458ecd5caf1d557b8eedad339 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Wed, 18 May 2022 09:35:06 +0000 Subject: [PATCH 014/135] We require more recent Sphinx OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=15 --- python311.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/python311.spec b/python311.spec index 42fae91..e988e76 100644 --- a/python311.spec +++ b/python311.spec @@ -190,7 +190,7 @@ BuildRequires: pkgconfig(libtirpc) BuildRequires: mpdecimal-devel %endif %if %{with doc} -BuildRequires: python3-Sphinx +BuildRequires: python3-Sphinx >= 4.0.0 %if 0%{?suse_version} >= 1500 BuildRequires: python3-python-docs-theme >= 2022.1 %endif -- 2.51.1 From f037c0629dd8eadf626fb7e6b4cd6aeeeda79be5cfe3400bc10944400023fb9c Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Wed, 18 May 2022 11:13:27 +0000 Subject: [PATCH 015/135] Accepting request 977835 from devel:languages:python:Factory Testing package of the beta1 release. OBS-URL: https://build.opensuse.org/request/show/977835 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python311?expand=0&rev=1 -- 2.51.1 From f224cc3c2db8d65d8c0d5d47eb7ad7da4a901bf9dbdcdf0e0aa581b2e24e6740 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Tue, 31 May 2022 20:57:46 +0000 Subject: [PATCH 016/135] - Update to 3.11.0b2: - many small updates OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=17 --- Python-3.11.0b1.tar.xz | 3 --- Python-3.11.0b1.tar.xz.asc | 16 ---------------- Python-3.11.0b2.tar.xz | 3 +++ Python-3.11.0b2.tar.xz.asc | 16 ++++++++++++++++ bpo-31046_ensurepip_honours_prefix.patch | 4 ++-- fix_configure_rst.patch | 2 +- python-3.3.0b1-fix_date_time_compiler.patch | 2 +- python-3.3.0b1-test-posix_fadvise.patch | 2 +- python311.changes | 6 ++++++ python311.spec | 2 +- 10 files changed, 31 insertions(+), 25 deletions(-) delete mode 100644 Python-3.11.0b1.tar.xz delete mode 100644 Python-3.11.0b1.tar.xz.asc create mode 100644 Python-3.11.0b2.tar.xz create mode 100644 Python-3.11.0b2.tar.xz.asc diff --git a/Python-3.11.0b1.tar.xz b/Python-3.11.0b1.tar.xz deleted file mode 100644 index 96bfb83..0000000 --- a/Python-3.11.0b1.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:dccac9b03dd3fe5cd10bc547579eb0be81a1d8971ec2a866b03dec5391f5ad25 -size 19416160 diff --git a/Python-3.11.0b1.tar.xz.asc b/Python-3.11.0b1.tar.xz.asc deleted file mode 100644 index bcee99e..0000000 --- a/Python-3.11.0b1.tar.xz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCAAdFiEEz9yiRbEEPPKl+Xhl/+h0BBaL2EcFAmJ1p8MACgkQ/+h0BBaL -2Ed9aBAAqIsXqNNhL3Q8jRpWdckbyiSsTgf7k+nr/yhO6x+XD8TZE5OakOIvCI4h -NnvzAKD+QzaDQAlT+QtrOf2BFK6z8x2k0FwdLZBZGbpY1GAJWRPJhLwqPmo0k6PC -H3wU7sJoKc2Md1s6UHYwoKy1sxYF4a2SjNWPfz+1/pUZoTucR4IEHUdOpzwhCh8k -frms3eu+AlbwSWisYjDLlOsvyfpqteM5pnfSB+XeQQmhjqXkdvOyNopnIpld9yYA -ThM2DcA+uw78xJx866vj9vybBXALJJAFs7L8Ofw0ZzNm7gZdorjvPUzy6+7LI72c -a2qVOKW4ugGILZi4r65abMoL87xSokIsztPlvKN+pbynWKc3Rk46trtn6TDsV7mi -wYNrlkWaeZPg6D200G7VXfNRJ3cSoLTEW5q4bkx5JJClTWd19JpE8xdMN8xd8Cj2 -M7dzkImD6/UeQ87cOmFvg2Qcs/2nRfIfjDjjUTYXMCMof/XJ1Lzrz0y1O2sdfYud -o71oSmkYbKkcO4vJ/H6pOyGjLRS6nhWYbgebRMUp1zghnIibQIXt49+ntSpTT8VZ -9HVskMUb0FzbEuEza7jfeIj33VX9NOBGrpzupgqXnJZRyqmuM+OqNnBL082/uqFU -b0eheOgImRed716X9ZmhPQp1lNBItQk3IxZktLsnDsDKoqNIdQA= -=LzMI ------END PGP SIGNATURE----- diff --git a/Python-3.11.0b2.tar.xz b/Python-3.11.0b2.tar.xz new file mode 100644 index 0000000..ce5d685 --- /dev/null +++ b/Python-3.11.0b2.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:e574dee6694fb255dff8036f3c0048251e5cb29a167766030b7ce3160fb4c47d +size 19529360 diff --git a/Python-3.11.0b2.tar.xz.asc b/Python-3.11.0b2.tar.xz.asc new file mode 100644 index 0000000..46b7a42 --- /dev/null +++ b/Python-3.11.0b2.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEz9yiRbEEPPKl+Xhl/+h0BBaL2EcFAmKVNMAACgkQ/+h0BBaL +2EeBzA/+K18D5/KHhY4lYl5IesjZ2j0R+ChXahEP0+uItTdrB1v5UDjo18tyvn1h +3zqqI0DRIckabOceyrWl2/EsLUb6SJOXbp7iB5E5dLGQPtsaxEgqBhUwWKq5AjFT +y9aBRkms2dKqIIvekC5vrZRDmiOz2pkS+xbqBHRvFSaRwdK2CdoFWFeHpCveqHvi +icX6xndT9R43d9k3FmsK162vopIVfMRpXk1fZwSxbetqQX3bvutqoIYbDpY80zAa +lKEd27c8Cx2dbeEL0MILiEN8F6xrHM3LSOFANrV2bEakkLFUuZTdSyG11HWqzbCl +tYcSDyptJl3CbP4Pnaa1tgpoVEtH7DVC/7W4TJyeEZ2c7TAY5dawEF9T3nb3bdGG +xaUK6oDnMbWSyLq4SLUGLEN0kC7EAXbn4VnHVUKuPoFHUj5hhq9EUnv6kJdc3CA1 +SF2r3hph6OMb0MoYGbztSeQ0F7XsND3kTqFMhYOwDHlt5Z1PgD6ET8sK3J3OjVi+ +FjEAInq6uGlCLJpfrc4TVzErE0aT0RSBEc+kPRBhASQoO1jEw5llX4kIgRNfA2a1 +ZnixuB7AfSxLHIgyoMrrPvO3/x/003BKWD3cd/DuRzUU37OG/mfYLgvVc3kcjNz8 +sdNjnjpAvAOhZEIEB5rdUTfAtIbQHFEMbmiaNOOegog1sK2Qgus= +=B4l/ +-----END PGP SIGNATURE----- diff --git a/bpo-31046_ensurepip_honours_prefix.patch b/bpo-31046_ensurepip_honours_prefix.patch index bb3a709..cd581e4 100644 --- a/bpo-31046_ensurepip_honours_prefix.patch +++ b/bpo-31046_ensurepip_honours_prefix.patch @@ -139,7 +139,7 @@ Co-Authored-By: Xavier de Gaye --- a/Makefile.pre.in +++ b/Makefile.pre.in -@@ -1733,7 +1733,7 @@ install: @FRAMEWORKINSTALLFIRST@ commoni +@@ -1741,7 +1741,7 @@ install: @FRAMEWORKINSTALLFIRST@ commoni install|*) ensurepip="" ;; \ esac; \ $(RUNSHARED) $(PYTHON_FOR_BUILD) -m ensurepip \ @@ -148,7 +148,7 @@ Co-Authored-By: Xavier de Gaye fi altinstall: commoninstall -@@ -1743,7 +1743,7 @@ altinstall: commoninstall +@@ -1751,7 +1751,7 @@ altinstall: commoninstall install|*) ensurepip="--altinstall" ;; \ esac; \ $(RUNSHARED) $(PYTHON_FOR_BUILD) -m ensurepip \ diff --git a/fix_configure_rst.patch b/fix_configure_rst.patch index 9fd2132..d61451b 100644 --- a/fix_configure_rst.patch +++ b/fix_configure_rst.patch @@ -29,7 +29,7 @@ Create a Python.framework rather than a traditional Unix install. Optional --- a/Misc/NEWS +++ b/Misc/NEWS -@@ -5480,7 +5480,7 @@ C API +@@ -5685,7 +5685,7 @@ C API - bpo-40939: Removed documentation for the removed ``PyParser_*`` C API. - bpo-43795: The list in :ref:`stable-abi-list` now shows the public name diff --git a/python-3.3.0b1-fix_date_time_compiler.patch b/python-3.3.0b1-fix_date_time_compiler.patch index 15efbf1..26846e7 100644 --- a/python-3.3.0b1-fix_date_time_compiler.patch +++ b/python-3.3.0b1-fix_date_time_compiler.patch @@ -4,7 +4,7 @@ --- a/Makefile.pre.in +++ b/Makefile.pre.in -@@ -1222,11 +1222,18 @@ Modules/getbuildinfo.o: $(PARSER_OBJS) \ +@@ -1230,11 +1230,18 @@ Modules/getbuildinfo.o: $(PARSER_OBJS) \ $(DTRACE_OBJS) \ $(srcdir)/Modules/getbuildinfo.c $(CC) -c $(PY_CORE_CFLAGS) \ diff --git a/python-3.3.0b1-test-posix_fadvise.patch b/python-3.3.0b1-test-posix_fadvise.patch index 6a84d1f..762dd28 100644 --- a/python-3.3.0b1-test-posix_fadvise.patch +++ b/python-3.3.0b1-test-posix_fadvise.patch @@ -4,7 +4,7 @@ --- a/Lib/test/test_posix.py +++ b/Lib/test/test_posix.py -@@ -434,7 +434,7 @@ class PosixTester(unittest.TestCase): +@@ -428,7 +428,7 @@ class PosixTester(unittest.TestCase): def test_posix_fadvise(self): fd = os.open(os_helper.TESTFN, os.O_RDONLY) try: diff --git a/python311.changes b/python311.changes index 6e6974c..13a7b4d 100644 --- a/python311.changes +++ b/python311.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Tue May 31 20:54:36 UTC 2022 - Matej Cepl + +- Update to 3.11.0b2: + - many small updates + ------------------------------------------------------------------- Tue May 10 15:01:18 UTC 2022 - Matej Cepl diff --git a/python311.spec b/python311.spec index e988e76..541c6d3 100644 --- a/python311.spec +++ b/python311.spec @@ -100,7 +100,7 @@ Obsoletes: python39%{?1:-%{1}} %define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so %bcond_without profileopt Name: %{python_pkg_name}%{psuffix} -Version: 3.11.0b1 +Version: 3.11.0b2 Release: 0 Summary: Python 3 Interpreter License: Python-2.0 -- 2.51.1 From b3dd13aabb5d664719807673c921a6f1f8563095f106ba355c28c083a60f256f Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Mon, 6 Jun 2022 06:24:48 +0000 Subject: [PATCH 017/135] Fix changelog OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=18 --- python311.changes | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/python311.changes b/python311.changes index 13a7b4d..d187a21 100644 --- a/python311.changes +++ b/python311.changes @@ -3,6 +3,8 @@ Tue May 31 20:54:36 UTC 2022 - Matej Cepl - Update to 3.11.0b2: - many small updates +- Add patch support-expat-245.patch: + * Support Expat >= 2.4.4 (jsc#SLE-21253) ------------------------------------------------------------------- Tue May 10 15:01:18 UTC 2022 - Matej Cepl @@ -10,8 +12,6 @@ Tue May 10 15:01:18 UTC 2022 - Matej Cepl - Refresh bluez-devel-vendor.tar.xz - Fix building with system-expat (gh#python/cpython#92875). Nope, it didn't work, worked around it. -- Add patch support-expat-245.patch: - * Support Expat >= 2.4.4 (jsc#SLE-21253) ------------------------------------------------------------------- Mon May 9 15:09:03 UTC 2022 - Matej Cepl -- 2.51.1 From 6af5b9f2b380dbbab1480e69595b641f97e6a74df09d83d3d341494303f498f7 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Thu, 14 Jul 2022 16:01:58 +0000 Subject: [PATCH 018/135] - Update to 3.11.0b4: - Fixes many bugs and adds following more significant changes - Security - gh-68966: The deprecated mailcap module now refuses to inject Coreunsafe text (filenames, MIME types, parameters) into shell Corecommands. Instead of using such text, it will warn and act Coreas if a match was not found (or for test commands, as if the Coretest failed). and Builtins - gh-93516: Lazily create a table mapping bytecode offsets to line numbers to speed up calculation of line numbers when tracing. - gh-93461: importlib.invalidate_caches() now drops entries from sys.path_importer_cache with a relative path as name. This solves a caching issue when a process changes its current working directory. - FileFinder no longer inserts a dot in the path, e.g. /egg/./spam is now /egg/spam. Library - gh-93896: Fix asyncio.run() and unittest.IsolatedAsyncioTestCase to always the set event loop as it was done in Python 3.10 and earlier. Patch by Kumar Aditya. - gh-94101: Manual instantiation of ssl.SSLSession objects is no longer allowed as it lead to misconfigured instances that crashed the interpreter when attributes where accessed on them. - gh-83658: Make multiprocessing.Pool raise an exception if maxtasksperchild is not None or a positive int. - gh-61162: Clarify sqlite3 behavior when Using the connection as a context manager. OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=20 --- Python-3.11.0b2.tar.xz | 3 -- Python-3.11.0b2.tar.xz.asc | 16 ------- Python-3.11.0b4.tar.xz | 3 ++ Python-3.11.0b4.tar.xz.asc | 16 +++++++ bpo-31046_ensurepip_honours_prefix.patch | 12 ++--- fix_configure_rst.patch | 2 +- no-skipif-doctests.patch | 14 +----- python-3.3.0b1-fix_date_time_compiler.patch | 2 +- python311.changes | 49 +++++++++++++++++++++ python311.spec | 2 +- skip-test_pyobject_freed_is_freed.patch | 2 +- 11 files changed, 79 insertions(+), 42 deletions(-) delete mode 100644 Python-3.11.0b2.tar.xz delete mode 100644 Python-3.11.0b2.tar.xz.asc create mode 100644 Python-3.11.0b4.tar.xz create mode 100644 Python-3.11.0b4.tar.xz.asc diff --git a/Python-3.11.0b2.tar.xz b/Python-3.11.0b2.tar.xz deleted file mode 100644 index ce5d685..0000000 --- a/Python-3.11.0b2.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:e574dee6694fb255dff8036f3c0048251e5cb29a167766030b7ce3160fb4c47d -size 19529360 diff --git a/Python-3.11.0b2.tar.xz.asc b/Python-3.11.0b2.tar.xz.asc deleted file mode 100644 index 46b7a42..0000000 --- a/Python-3.11.0b2.tar.xz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCAAdFiEEz9yiRbEEPPKl+Xhl/+h0BBaL2EcFAmKVNMAACgkQ/+h0BBaL -2EeBzA/+K18D5/KHhY4lYl5IesjZ2j0R+ChXahEP0+uItTdrB1v5UDjo18tyvn1h -3zqqI0DRIckabOceyrWl2/EsLUb6SJOXbp7iB5E5dLGQPtsaxEgqBhUwWKq5AjFT -y9aBRkms2dKqIIvekC5vrZRDmiOz2pkS+xbqBHRvFSaRwdK2CdoFWFeHpCveqHvi -icX6xndT9R43d9k3FmsK162vopIVfMRpXk1fZwSxbetqQX3bvutqoIYbDpY80zAa -lKEd27c8Cx2dbeEL0MILiEN8F6xrHM3LSOFANrV2bEakkLFUuZTdSyG11HWqzbCl -tYcSDyptJl3CbP4Pnaa1tgpoVEtH7DVC/7W4TJyeEZ2c7TAY5dawEF9T3nb3bdGG -xaUK6oDnMbWSyLq4SLUGLEN0kC7EAXbn4VnHVUKuPoFHUj5hhq9EUnv6kJdc3CA1 -SF2r3hph6OMb0MoYGbztSeQ0F7XsND3kTqFMhYOwDHlt5Z1PgD6ET8sK3J3OjVi+ -FjEAInq6uGlCLJpfrc4TVzErE0aT0RSBEc+kPRBhASQoO1jEw5llX4kIgRNfA2a1 -ZnixuB7AfSxLHIgyoMrrPvO3/x/003BKWD3cd/DuRzUU37OG/mfYLgvVc3kcjNz8 -sdNjnjpAvAOhZEIEB5rdUTfAtIbQHFEMbmiaNOOegog1sK2Qgus= -=B4l/ ------END PGP SIGNATURE----- diff --git a/Python-3.11.0b4.tar.xz b/Python-3.11.0b4.tar.xz new file mode 100644 index 0000000..051521e --- /dev/null +++ b/Python-3.11.0b4.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:1d93b611607903e080417c1a9567f5fbbf5124cc5c86f4afbba1c8fd34c5f6fb +size 19573532 diff --git a/Python-3.11.0b4.tar.xz.asc b/Python-3.11.0b4.tar.xz.asc new file mode 100644 index 0000000..eca319c --- /dev/null +++ b/Python-3.11.0b4.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEz9yiRbEEPPKl+Xhl/+h0BBaL2EcFAmLMQR4ACgkQ/+h0BBaL +2EeIzA/+OXF1w6oXajUYxjWK13w3DR95Rje+X+x8F5Fzpyt+aJPgGNBB+OD0mc7/ +Lm3NAZwmNzTPRGU1aUfRWcP07ZqVmpdlmk8C2PHEYwfB+Hg7WBX0cuYgm2vvIU2X +h8figNl+uThgnInt/CJVzUDbUvVENvFwRwrwn+8FLPD3m7W8orad0m9RR7IVhmfe +VyNkwTb76ArCCBNbRC/KbKnudmvMVlpFV8YPphGLeeJvQY41bwuxmZqhtCqzGk9i +t6zB/Q9xlAMIpOCcSlOGdGcivzVwFIbBM5iR1TOARxtrUkyNVCDVrExC7GdLGIsy +sdRcqJGuVclLSdHK4r9ybx6/Bz9ODaeIO5Sgk3Xh09jN2v6lPDKI7v9Y20njvgB6 +SS8MAwbliQx9TNFgxHEACI0he7vNUcPbzV1hrbMHU7lv4y5ATcKmnt4bsrqNZdbN +PD88Dop1bUgfzvglaSBzxInawfPanVw3S6JSgs+2kJcIXu2Mchmj2+bRGbWjCvo4 +qKT3Yn23iLJ+EHcMqsZ4rKpCDy0953lR37G9JdfaMeh1PH88cqNsJVILHZZMcooR +nZeFtS7C5jZP1KTMogxbeiKoPKKgvgKnuBzkphv8uxTlnH8AG5ZG61UKFSu1O4bh +B0xARxclmPgryXALE+QWlYjrxtnI26Dgw1YNC2Y13mr1HZ3wiBA= +=uigd +-----END PGP SIGNATURE----- diff --git a/bpo-31046_ensurepip_honours_prefix.patch b/bpo-31046_ensurepip_honours_prefix.patch index cd581e4..24d46ae 100644 --- a/bpo-31046_ensurepip_honours_prefix.patch +++ b/bpo-31046_ensurepip_honours_prefix.patch @@ -55,7 +55,7 @@ Co-Authored-By: Xavier de Gaye .. note:: --- a/Lib/ensurepip/__init__.py +++ b/Lib/ensurepip/__init__.py -@@ -112,27 +112,27 @@ def _disable_pip_configuration_settings( +@@ -122,27 +122,27 @@ def _disable_pip_configuration_settings( os.environ['PIP_CONFIG_FILE'] = os.devnull @@ -88,7 +88,7 @@ Co-Authored-By: Xavier de Gaye Note that calling this function will alter both sys.path and os.environ. """ -@@ -182,6 +182,8 @@ def _bootstrap(*, root=None, upgrade=Fal +@@ -192,6 +192,8 @@ def _bootstrap(*, root=None, upgrade=Fal args = ["install", "--no-cache-dir", "--no-index", "--find-links", tmpdir] if root: args += ["--root", root] @@ -97,7 +97,7 @@ Co-Authored-By: Xavier de Gaye if upgrade: args += ["--upgrade"] if user: -@@ -257,6 +259,11 @@ def _main(argv=None): +@@ -267,6 +269,11 @@ def _main(argv=None): help="Install everything relative to this alternate root directory.", ) parser.add_argument( @@ -109,7 +109,7 @@ Co-Authored-By: Xavier de Gaye "--altinstall", action="store_true", default=False, -@@ -275,6 +282,7 @@ def _main(argv=None): +@@ -285,6 +292,7 @@ def _main(argv=None): return _bootstrap( root=args.root, @@ -139,7 +139,7 @@ Co-Authored-By: Xavier de Gaye --- a/Makefile.pre.in +++ b/Makefile.pre.in -@@ -1741,7 +1741,7 @@ install: @FRAMEWORKINSTALLFIRST@ commoni +@@ -1749,7 +1749,7 @@ install: @FRAMEWORKINSTALLFIRST@ commoni install|*) ensurepip="" ;; \ esac; \ $(RUNSHARED) $(PYTHON_FOR_BUILD) -m ensurepip \ @@ -148,7 +148,7 @@ Co-Authored-By: Xavier de Gaye fi altinstall: commoninstall -@@ -1751,7 +1751,7 @@ altinstall: commoninstall +@@ -1759,7 +1759,7 @@ altinstall: commoninstall install|*) ensurepip="--altinstall" ;; \ esac; \ $(RUNSHARED) $(PYTHON_FOR_BUILD) -m ensurepip \ diff --git a/fix_configure_rst.patch b/fix_configure_rst.patch index d61451b..7fc3159 100644 --- a/fix_configure_rst.patch +++ b/fix_configure_rst.patch @@ -29,7 +29,7 @@ Create a Python.framework rather than a traditional Unix install. Optional --- a/Misc/NEWS +++ b/Misc/NEWS -@@ -5685,7 +5685,7 @@ C API +@@ -6147,7 +6147,7 @@ C API - bpo-40939: Removed documentation for the removed ``PyParser_*`` C API. - bpo-43795: The list in :ref:`stable-abi-list` now shows the public name diff --git a/no-skipif-doctests.patch b/no-skipif-doctests.patch index b33c0c7..dea56fc 100644 --- a/no-skipif-doctests.patch +++ b/no-skipif-doctests.patch @@ -1,21 +1,9 @@ only in patch2: unchanged: --- - Doc/conf.py | 2 - Doc/library/turtle.rst | 82 ------------------------------------------------- - 2 files changed, 1 insertion(+), 83 deletions(-) + 1 file changed, 82 deletions(-) ---- a/Doc/conf.py -+++ b/Doc/conf.py -@@ -45,7 +45,7 @@ today_fmt = '%B %d, %Y' - highlight_language = 'python3' - - # Minimum version of sphinx required --needs_sphinx = '1.8' -+needs_sphinx = '1.7.6' - - # Ignore any .rst files in the venv/ directory. - exclude_patterns = ['venv/*', 'README.rst'] --- a/Doc/library/turtle.rst +++ b/Doc/library/turtle.rst @@ -250,7 +250,6 @@ Turtle motion diff --git a/python-3.3.0b1-fix_date_time_compiler.patch b/python-3.3.0b1-fix_date_time_compiler.patch index 26846e7..a3fd005 100644 --- a/python-3.3.0b1-fix_date_time_compiler.patch +++ b/python-3.3.0b1-fix_date_time_compiler.patch @@ -4,7 +4,7 @@ --- a/Makefile.pre.in +++ b/Makefile.pre.in -@@ -1230,11 +1230,18 @@ Modules/getbuildinfo.o: $(PARSER_OBJS) \ +@@ -1233,11 +1233,18 @@ Modules/getbuildinfo.o: $(PARSER_OBJS) \ $(DTRACE_OBJS) \ $(srcdir)/Modules/getbuildinfo.c $(CC) -c $(PY_CORE_CFLAGS) \ diff --git a/python311.changes b/python311.changes index d187a21..7627d8b 100644 --- a/python311.changes +++ b/python311.changes @@ -1,3 +1,52 @@ +------------------------------------------------------------------- +Thu Jul 14 15:37:35 UTC 2022 - Matej Cepl + +- Update to 3.11.0b4: +- Fixes many bugs and adds following more significant changes +- Security + - gh-68966: The deprecated mailcap module now refuses to inject + Coreunsafe text (filenames, MIME types, parameters) into + shell Corecommands. Instead of using such text, it will + warn and act Coreas if a match was not found (or for test + commands, as if the Coretest failed). and Builtins + - gh-93516: Lazily create a table mapping bytecode offsets to + line numbers to speed up calculation of line numbers when + tracing. + - gh-93461: importlib.invalidate_caches() now drops entries + from sys.path_importer_cache with a relative path as + name. This solves a caching issue when a process changes its + current working directory. + - FileFinder no longer inserts a dot in the path, e.g. + /egg/./spam is now /egg/spam. +Library + - gh-93896: Fix asyncio.run() and + unittest.IsolatedAsyncioTestCase to always the set event loop + as it was done in Python 3.10 and earlier. Patch by Kumar + Aditya. + - gh-94101: Manual instantiation of ssl.SSLSession objects is + no longer allowed as it lead to misconfigured instances that + crashed the interpreter when attributes where accessed on + them. + - gh-83658: Make multiprocessing.Pool raise an exception if + maxtasksperchild is not None or a positive int. + - gh-61162: Clarify sqlite3 behavior when Using the connection + as a context manager. +Tools/Demos + - gh-94538: Fix Argument Clinic output to custom file + destinations. Patch by Erlend E. Aasland. +C API + - gh-93937: The following frame functions and type are now + directly available with #include , it’s no longer + needed to add #include : + PyFrame_Check() + PyFrame_GetBack() + PyFrame_GetBuiltins() + PyFrame_GetGenerator() + PyFrame_GetGlobals() + PyFrame_GetLasti() + PyFrame_GetLocals() + PyFrame_Type + ------------------------------------------------------------------- Tue May 31 20:54:36 UTC 2022 - Matej Cepl diff --git a/python311.spec b/python311.spec index 541c6d3..1fdfb43 100644 --- a/python311.spec +++ b/python311.spec @@ -100,7 +100,7 @@ Obsoletes: python39%{?1:-%{1}} %define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so %bcond_without profileopt Name: %{python_pkg_name}%{psuffix} -Version: 3.11.0b2 +Version: 3.11.0b4 Release: 0 Summary: Python 3 Interpreter License: Python-2.0 diff --git a/skip-test_pyobject_freed_is_freed.patch b/skip-test_pyobject_freed_is_freed.patch index b68f049..1525256 100644 --- a/skip-test_pyobject_freed_is_freed.patch +++ b/skip-test_pyobject_freed_is_freed.patch @@ -4,7 +4,7 @@ --- a/Lib/test/test_capi.py +++ b/Lib/test/test_capi.py -@@ -1014,6 +1014,7 @@ class PyMemDebugTests(unittest.TestCase) +@@ -1016,6 +1016,7 @@ class PyMemDebugTests(unittest.TestCase) def test_pyobject_forbidden_bytes_is_freed(self): self.check_pyobject_is_freed('check_pyobject_forbidden_bytes_is_freed') -- 2.51.1 From 3978a4fb6f390ad190301ae179558e944a33041eedaf18b383201d7124783e57 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Thu, 21 Jul 2022 14:25:26 +0000 Subject: [PATCH 019/135] - Switch from %primary_interpreter to prjconf-defined %primary_python (gh#openSUSE/python-rpm-macros#127). OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=22 --- python311.changes | 6 ++++++ python311.spec | 48 +++++++++++++++++++++++------------------------ 2 files changed, 29 insertions(+), 25 deletions(-) diff --git a/python311.changes b/python311.changes index 7627d8b..8462f56 100644 --- a/python311.changes +++ b/python311.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Thu Jul 21 14:19:53 UTC 2022 - Matej Cepl + +- Switch from %primary_interpreter to prjconf-defined + %primary_python (gh#openSUSE/python-rpm-macros#127). + ------------------------------------------------------------------- Thu Jul 14 15:37:35 UTC 2022 - Matej Cepl diff --git a/python311.spec b/python311.spec index 1fdfb43..37fae4c 100644 --- a/python311.spec +++ b/python311.spec @@ -36,6 +36,8 @@ %bcond_without general %endif +%define python_pkg_name python311 + %if 0%{?sle_version} && 0%{?suse_version} < 1550 # Obsoleting previous "latest" Python versions # Next versions will get more lines like for older versions @@ -59,10 +61,6 @@ Obsoletes: python39%{?1:-%{1}} %else %define tarversion %{version} %endif -%define python_pkg_name python311 -# Will provide the python3-* provides -# Will do the /usr/bin/python3 and all the core links -%define primary_interpreter 0 # We don't process beta signs well %define folderversion 3.11.0 %define tarname Python-%{tarversion} @@ -213,7 +211,7 @@ Recommends: %{python_pkg_name}-curses Recommends: %{python_pkg_name}-dbm Recommends: %{python_pkg_name}-pip %obsolete_python_versioned -%if %{primary_interpreter} +%if "%{python_pkg_name}" == "%{primary_python}" Provides: python3 = %{python_version} %endif %endif @@ -236,7 +234,7 @@ development environment (python3-idle). Summary: TkInter, a Python Tk Interface Requires: %{python_pkg_name} = %{version} %obsolete_python_versioned tk -%if %{primary_interpreter} +%if "%{python_pkg_name}" == "%{primary_python}" Provides: python3-tk = %{version} %endif @@ -247,7 +245,7 @@ Python interface to Tk. Tk is the GUI toolkit that comes with Tcl. Summary: Python Interface to the (N)Curses Library Requires: %{python_pkg_name} = %{version} %obsolete_python_versioned curses -%if %{primary_interpreter} +%if "%{python_pkg_name}" == "%{primary_python}" Provides: python3-curses %endif @@ -259,7 +257,7 @@ Console User Interface. Summary: Python Interface to the GDBM Library Requires: %{python_pkg_name} = %{version} %obsolete_python_versioned dbm -%if %{primary_interpreter} +%if "%{python_pkg_name}" == "%{primary_python}" Provides: python3-dbm %endif @@ -272,7 +270,7 @@ Summary: An Integrated Development Environment for Python Requires: %{python_pkg_name} = %{version} Requires: %{python_pkg_name}-tk %obsolete_python_versioned idle -%if %{primary_interpreter} +%if "%{python_pkg_name}" == "%{primary_python}" Provides: python3-idle = %{version} %endif @@ -286,7 +284,7 @@ a debugger. Summary: Package Documentation for Python 3 Enhances: %{python_pkg_name} = %{python_version} %obsolete_python_versioned doc -%if %{primary_interpreter} +%if "%{python_pkg_name}" == "%{primary_python}" Provides: python3-doc = %{version} %endif @@ -298,7 +296,7 @@ Python, and Macintosh Module Reference in HTML format. %package -n %{python_pkg_name}-doc-devhelp Summary: Additional Package Documentation for Python 3 in devhelp format %obsolete_python_versioned doc-devhelp -%if %{primary_interpreter} +%if "%{python_pkg_name}" == "%{primary_python}" Provides: python3-doc-devhelp = %{version} %endif @@ -325,7 +323,7 @@ Provides: %{python_pkg_name}-typing = %{version} %obsolete_python_versioned typing # python3-xml was merged into python3, now moved into -base Provides: %{python_pkg_name}-xml = %{version} -%if %{primary_interpreter} +%if "%{python_pkg_name}" == "%{primary_python}" Provides: python3-asyncio = %{version} Obsoletes: python3-asyncio < %{version} Provides: python3-base = %{version} @@ -353,7 +351,7 @@ Requires: %{python_pkg_name}-base = %{version} Provides: %{python_pkg_name}-2to3 = %{version} Provides: %{python_pkg_name}-demo = %{version} %obsolete_python_versioned tools -%if %{primary_interpreter} +%if "%{python_pkg_name}" == "%{primary_python}" Provides: python3-2to3 = %{version} Provides: python3-demo = %{version} Provides: python3-tools = %{version} @@ -369,7 +367,7 @@ and a set of demonstration programs. Summary: Include Files and Libraries Mandatory for Building Python Modules Requires: %{python_pkg_name}-base = %{version} %obsolete_python_versioned devel -%if %{primary_interpreter} +%if "%{python_pkg_name}" == "%{primary_python}" Provides: python3-devel = %{version} %endif @@ -389,7 +387,7 @@ Summary: Unit tests for Python and its standard library Requires: %{python_pkg_name} = %{version} Requires: %{python_pkg_name}-tk = %{version} %obsolete_python_versioned testsuite -%if %{primary_interpreter} +%if "%{python_pkg_name}" == "%{primary_python}" Provides: python3-testsuite = %{version} %endif @@ -433,7 +431,7 @@ other applications. # drop Autoconf version requirement sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac -%if %{primary_interpreter} +%if "%{python_pkg_name}" == "%{primary_python}" # fix shebangs - convert /usr/local/bin/python and /usr/bin/env/python to /usr/bin/python3 for dir in Lib Tools; do # find *.py, filter to files that contain bad shebangs @@ -693,7 +691,7 @@ rm -fv %{buildroot}%{dynlib nis} ln -sf python%{python_version} %{buildroot}%{_bindir}/python3 # decide to ship python3 or just python3.X -%if !%{primary_interpreter} +%if "%{python_pkg_name}" != "%{primary_python}" # base rm %{buildroot}%{_bindir}/python3 rm %{buildroot}%{_bindir}/pydoc3 @@ -711,7 +709,7 @@ ln -s ../../libpython%{python_abi}.so %{buildroot}%{_libdir}/python%{python_vers rm %{buildroot}%{_bindir}/idle3* # delete the generic 2to3 binary if we are not primary -%if !%{primary_interpreter} +%if "%{python_pkg_name}" != "%{primary_python}" rm %{buildroot}%{_bindir}/2to3 %endif @@ -741,7 +739,7 @@ install -m 755 -D Tools/gdb/libpython.py %{buildroot}%{_datadir}/gdb/auto-load/% #cp Makefile Makefile.pre.in Makefile.pre $RPM_BUILD_ROOT%{sitedir}/config-%{python_abi}/ # RPM macros -%if %{primary_interpreter} +%if "%{python_pkg_name}" == "%{primary_python}" mkdir -p %{buildroot}%{_rpmconfigdir}/macros.d/ install -m 644 %{SOURCE7} %{buildroot}%{_rpmconfigdir}/macros.d/ # macros.python3 %endif @@ -843,7 +841,7 @@ echo %{sitedir}/_import_failed > %{buildroot}/%{sitedir}/site-packages/zzzz-impo %files -n %{python_pkg_name}-tools %defattr(644, root, root, 755) %{sitedir}/turtledemo -%if %{primary_interpreter} +%if "%{python_pkg_name}" == "%{primary_python}" %{_bindir}/2to3 %endif %attr(755, root, root)%{_bindir}/2to3-%{python_version} @@ -852,7 +850,7 @@ echo %{sitedir}/_import_failed > %{buildroot}/%{sitedir}/site-packages/zzzz-impo %files -n %{python_pkg_name}-devel %defattr(644, root, root, 755) %{_libdir}/libpython%{python_abi}.so -%if %{primary_interpreter} +%if "%{python_pkg_name}" == "%{primary_python}" %{_libdir}/libpython3.so %endif %{_libdir}/pkgconfig/* @@ -860,7 +858,7 @@ echo %{sitedir}/_import_failed > %{buildroot}/%{sitedir}/site-packages/zzzz-impo %{sitedir}/config-%{python_abi}-* %defattr(755, root, root) %{_bindir}/python%{python_abi}-config -%if %{primary_interpreter} +%if "%{python_pkg_name}" == "%{primary_python}" %{_bindir}/python3-config %endif # Own these directories to not depend on gdb @@ -893,14 +891,14 @@ echo %{sitedir}/_import_failed > %{buildroot}/%{sitedir}/site-packages/zzzz-impo %doc %{_docdir}/%{name}/README.rst %license LICENSE %doc %{_docdir}/%{name}/README.SUSE -%if %{primary_interpreter} +%if "%{python_pkg_name}" == "%{primary_python}" %{_mandir}/man1/python3.1%{?ext_man} %endif %{_mandir}/man1/python%{python_version}.1%{?ext_man} # license text, not a doc because the code can use it at run-time %{sitedir}/LICENSE.txt # RPM macros -%if %{primary_interpreter} +%if "%{python_pkg_name}" == "%{primary_python}" %{_rpmconfigdir}/macros.d/macros.python3 %endif # binary parts @@ -1009,7 +1007,7 @@ echo %{sitedir}/_import_failed > %{buildroot}/%{sitedir}/site-packages/zzzz-impo %{sitedir}/_import_failed %{sitedir}/site-packages/zzzz-import-failed-hooks.pth # symlinks -%if %{primary_interpreter} +%if "%{python_pkg_name}" == "%{primary_python}" %{_bindir}/python3 %{_bindir}/pydoc3 %endif -- 2.51.1 From ebc3127ec872cb72a2ba147d450583e178dd9b6aa41565dc7c0026bc5ee1649e Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Thu, 21 Jul 2022 15:15:28 +0000 Subject: [PATCH 020/135] Restore %primary_interpreter OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=23 --- python311.spec | 47 ++++++++++++++++++++++++++--------------------- 1 file changed, 26 insertions(+), 21 deletions(-) diff --git a/python311.spec b/python311.spec index 37fae4c..066049d 100644 --- a/python311.spec +++ b/python311.spec @@ -37,6 +37,11 @@ %endif %define python_pkg_name python311 +%if "%{python_pkg_name}" == "%{primary_python}" +%define primary_interpreter 1 +%else +%define primary_interpreter 0 +%endif %if 0%{?sle_version} && 0%{?suse_version} < 1550 # Obsoleting previous "latest" Python versions @@ -211,7 +216,7 @@ Recommends: %{python_pkg_name}-curses Recommends: %{python_pkg_name}-dbm Recommends: %{python_pkg_name}-pip %obsolete_python_versioned -%if "%{python_pkg_name}" == "%{primary_python}" +%if %{primary_interpreter} Provides: python3 = %{python_version} %endif %endif @@ -234,7 +239,7 @@ development environment (python3-idle). Summary: TkInter, a Python Tk Interface Requires: %{python_pkg_name} = %{version} %obsolete_python_versioned tk -%if "%{python_pkg_name}" == "%{primary_python}" +%if %{primary_interpreter} Provides: python3-tk = %{version} %endif @@ -245,7 +250,7 @@ Python interface to Tk. Tk is the GUI toolkit that comes with Tcl. Summary: Python Interface to the (N)Curses Library Requires: %{python_pkg_name} = %{version} %obsolete_python_versioned curses -%if "%{python_pkg_name}" == "%{primary_python}" +%if %{primary_interpreter} Provides: python3-curses %endif @@ -257,7 +262,7 @@ Console User Interface. Summary: Python Interface to the GDBM Library Requires: %{python_pkg_name} = %{version} %obsolete_python_versioned dbm -%if "%{python_pkg_name}" == "%{primary_python}" +%if %{primary_interpreter} Provides: python3-dbm %endif @@ -270,7 +275,7 @@ Summary: An Integrated Development Environment for Python Requires: %{python_pkg_name} = %{version} Requires: %{python_pkg_name}-tk %obsolete_python_versioned idle -%if "%{python_pkg_name}" == "%{primary_python}" +%if %{primary_interpreter} Provides: python3-idle = %{version} %endif @@ -284,7 +289,7 @@ a debugger. Summary: Package Documentation for Python 3 Enhances: %{python_pkg_name} = %{python_version} %obsolete_python_versioned doc -%if "%{python_pkg_name}" == "%{primary_python}" +%if %{primary_interpreter} Provides: python3-doc = %{version} %endif @@ -296,7 +301,7 @@ Python, and Macintosh Module Reference in HTML format. %package -n %{python_pkg_name}-doc-devhelp Summary: Additional Package Documentation for Python 3 in devhelp format %obsolete_python_versioned doc-devhelp -%if "%{python_pkg_name}" == "%{primary_python}" +%if %{primary_interpreter} Provides: python3-doc-devhelp = %{version} %endif @@ -323,7 +328,7 @@ Provides: %{python_pkg_name}-typing = %{version} %obsolete_python_versioned typing # python3-xml was merged into python3, now moved into -base Provides: %{python_pkg_name}-xml = %{version} -%if "%{python_pkg_name}" == "%{primary_python}" +%if %{primary_interpreter} Provides: python3-asyncio = %{version} Obsoletes: python3-asyncio < %{version} Provides: python3-base = %{version} @@ -351,7 +356,7 @@ Requires: %{python_pkg_name}-base = %{version} Provides: %{python_pkg_name}-2to3 = %{version} Provides: %{python_pkg_name}-demo = %{version} %obsolete_python_versioned tools -%if "%{python_pkg_name}" == "%{primary_python}" +%if %{primary_interpreter} Provides: python3-2to3 = %{version} Provides: python3-demo = %{version} Provides: python3-tools = %{version} @@ -367,7 +372,7 @@ and a set of demonstration programs. Summary: Include Files and Libraries Mandatory for Building Python Modules Requires: %{python_pkg_name}-base = %{version} %obsolete_python_versioned devel -%if "%{python_pkg_name}" == "%{primary_python}" +%if %{primary_interpreter} Provides: python3-devel = %{version} %endif @@ -387,7 +392,7 @@ Summary: Unit tests for Python and its standard library Requires: %{python_pkg_name} = %{version} Requires: %{python_pkg_name}-tk = %{version} %obsolete_python_versioned testsuite -%if "%{python_pkg_name}" == "%{primary_python}" +%if %{primary_interpreter} Provides: python3-testsuite = %{version} %endif @@ -431,7 +436,7 @@ other applications. # drop Autoconf version requirement sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac -%if "%{python_pkg_name}" == "%{primary_python}" +%if %{primary_interpreter} # fix shebangs - convert /usr/local/bin/python and /usr/bin/env/python to /usr/bin/python3 for dir in Lib Tools; do # find *.py, filter to files that contain bad shebangs @@ -691,7 +696,7 @@ rm -fv %{buildroot}%{dynlib nis} ln -sf python%{python_version} %{buildroot}%{_bindir}/python3 # decide to ship python3 or just python3.X -%if "%{python_pkg_name}" != "%{primary_python}" +%if !%{primary_interpreter} # base rm %{buildroot}%{_bindir}/python3 rm %{buildroot}%{_bindir}/pydoc3 @@ -709,7 +714,7 @@ ln -s ../../libpython%{python_abi}.so %{buildroot}%{_libdir}/python%{python_vers rm %{buildroot}%{_bindir}/idle3* # delete the generic 2to3 binary if we are not primary -%if "%{python_pkg_name}" != "%{primary_python}" +%if !%{primary_interpreter} rm %{buildroot}%{_bindir}/2to3 %endif @@ -739,7 +744,7 @@ install -m 755 -D Tools/gdb/libpython.py %{buildroot}%{_datadir}/gdb/auto-load/% #cp Makefile Makefile.pre.in Makefile.pre $RPM_BUILD_ROOT%{sitedir}/config-%{python_abi}/ # RPM macros -%if "%{python_pkg_name}" == "%{primary_python}" +%if %{primary_interpreter} mkdir -p %{buildroot}%{_rpmconfigdir}/macros.d/ install -m 644 %{SOURCE7} %{buildroot}%{_rpmconfigdir}/macros.d/ # macros.python3 %endif @@ -841,7 +846,7 @@ echo %{sitedir}/_import_failed > %{buildroot}/%{sitedir}/site-packages/zzzz-impo %files -n %{python_pkg_name}-tools %defattr(644, root, root, 755) %{sitedir}/turtledemo -%if "%{python_pkg_name}" == "%{primary_python}" +%if %{primary_interpreter} %{_bindir}/2to3 %endif %attr(755, root, root)%{_bindir}/2to3-%{python_version} @@ -850,7 +855,7 @@ echo %{sitedir}/_import_failed > %{buildroot}/%{sitedir}/site-packages/zzzz-impo %files -n %{python_pkg_name}-devel %defattr(644, root, root, 755) %{_libdir}/libpython%{python_abi}.so -%if "%{python_pkg_name}" == "%{primary_python}" +%if %{primary_interpreter} %{_libdir}/libpython3.so %endif %{_libdir}/pkgconfig/* @@ -858,7 +863,7 @@ echo %{sitedir}/_import_failed > %{buildroot}/%{sitedir}/site-packages/zzzz-impo %{sitedir}/config-%{python_abi}-* %defattr(755, root, root) %{_bindir}/python%{python_abi}-config -%if "%{python_pkg_name}" == "%{primary_python}" +%if %{primary_interpreter} %{_bindir}/python3-config %endif # Own these directories to not depend on gdb @@ -891,14 +896,14 @@ echo %{sitedir}/_import_failed > %{buildroot}/%{sitedir}/site-packages/zzzz-impo %doc %{_docdir}/%{name}/README.rst %license LICENSE %doc %{_docdir}/%{name}/README.SUSE -%if "%{python_pkg_name}" == "%{primary_python}" +%if %{primary_interpreter} %{_mandir}/man1/python3.1%{?ext_man} %endif %{_mandir}/man1/python%{python_version}.1%{?ext_man} # license text, not a doc because the code can use it at run-time %{sitedir}/LICENSE.txt # RPM macros -%if "%{python_pkg_name}" == "%{primary_python}" +%if %{primary_interpreter} %{_rpmconfigdir}/macros.d/macros.python3 %endif # binary parts @@ -1007,7 +1012,7 @@ echo %{sitedir}/_import_failed > %{buildroot}/%{sitedir}/site-packages/zzzz-impo %{sitedir}/_import_failed %{sitedir}/site-packages/zzzz-import-failed-hooks.pth # symlinks -%if "%{python_pkg_name}" == "%{primary_python}" +%if %{primary_interpreter} %{_bindir}/python3 %{_bindir}/pydoc3 %endif -- 2.51.1 From a867744a2306f63ac55dbd35d7ce2bf44b3eb9776cbd8eda951b854cfa51fa6f Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Tue, 26 Jul 2022 10:43:57 +0000 Subject: [PATCH 021/135] - Update to 3.11.0b5: - Core and Builtins - gh-93351: ast.AST node positions are now validated when provided to compile() and other related functions. If invalid positions are detected, a ValueError will be raised. - gh-94438: Fix an issue that caused extended opcode arguments and some conditional pops to be ignored when calculating valid jump targets for assignments to the f_lineno attribute of frame objects. In some cases, this could cause inconsistent internal state, resulting in a hard crash of the interpreter. - gh-95060: Undocumented PyCode_Addr2Location function now properly returns when addrq argument is less than zero. - gh-95113: Replace all EXTENDED_ARG_QUICK instructions with basic EXTENDED_ARG instructions in unquickened code. Consumers of non-adaptive bytecode should be able to handle extended arguments the same way they were handled in CPython 3.10 and older. - gh-91409: Fix incorrect source location info caused by certain optimizations in the bytecode compiler. - gh-94036: Fix incorrect source location info for some multi-line attribute accesses and method calls. - gh-94739: Allow jumping within, out of, and across exception handlers in the debugger. - gh-94949: ast.parse() will no longer parse parenthesized context managers when passed feature_version less than (3, 9). Patch by Shantanu Jain. - gh-94947: ast.parse() will no longer parse assignment expressions when passed feature_version less than (3, OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=25 --- Python-3.11.0b4.tar.xz | 3 -- Python-3.11.0b4.tar.xz.asc | 16 ------- Python-3.11.0b5.tar.xz | 3 ++ Python-3.11.0b5.tar.xz.asc | 16 +++++++ python311.changes | 94 ++++++++++++++++++++++++++++++++++++++ python311.spec | 2 +- 6 files changed, 114 insertions(+), 20 deletions(-) delete mode 100644 Python-3.11.0b4.tar.xz delete mode 100644 Python-3.11.0b4.tar.xz.asc create mode 100644 Python-3.11.0b5.tar.xz create mode 100644 Python-3.11.0b5.tar.xz.asc diff --git a/Python-3.11.0b4.tar.xz b/Python-3.11.0b4.tar.xz deleted file mode 100644 index 051521e..0000000 --- a/Python-3.11.0b4.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:1d93b611607903e080417c1a9567f5fbbf5124cc5c86f4afbba1c8fd34c5f6fb -size 19573532 diff --git a/Python-3.11.0b4.tar.xz.asc b/Python-3.11.0b4.tar.xz.asc deleted file mode 100644 index eca319c..0000000 --- a/Python-3.11.0b4.tar.xz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCAAdFiEEz9yiRbEEPPKl+Xhl/+h0BBaL2EcFAmLMQR4ACgkQ/+h0BBaL -2EeIzA/+OXF1w6oXajUYxjWK13w3DR95Rje+X+x8F5Fzpyt+aJPgGNBB+OD0mc7/ -Lm3NAZwmNzTPRGU1aUfRWcP07ZqVmpdlmk8C2PHEYwfB+Hg7WBX0cuYgm2vvIU2X -h8figNl+uThgnInt/CJVzUDbUvVENvFwRwrwn+8FLPD3m7W8orad0m9RR7IVhmfe -VyNkwTb76ArCCBNbRC/KbKnudmvMVlpFV8YPphGLeeJvQY41bwuxmZqhtCqzGk9i -t6zB/Q9xlAMIpOCcSlOGdGcivzVwFIbBM5iR1TOARxtrUkyNVCDVrExC7GdLGIsy -sdRcqJGuVclLSdHK4r9ybx6/Bz9ODaeIO5Sgk3Xh09jN2v6lPDKI7v9Y20njvgB6 -SS8MAwbliQx9TNFgxHEACI0he7vNUcPbzV1hrbMHU7lv4y5ATcKmnt4bsrqNZdbN -PD88Dop1bUgfzvglaSBzxInawfPanVw3S6JSgs+2kJcIXu2Mchmj2+bRGbWjCvo4 -qKT3Yn23iLJ+EHcMqsZ4rKpCDy0953lR37G9JdfaMeh1PH88cqNsJVILHZZMcooR -nZeFtS7C5jZP1KTMogxbeiKoPKKgvgKnuBzkphv8uxTlnH8AG5ZG61UKFSu1O4bh -B0xARxclmPgryXALE+QWlYjrxtnI26Dgw1YNC2Y13mr1HZ3wiBA= -=uigd ------END PGP SIGNATURE----- diff --git a/Python-3.11.0b5.tar.xz b/Python-3.11.0b5.tar.xz new file mode 100644 index 0000000..873945c --- /dev/null +++ b/Python-3.11.0b5.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:3810bd22f7dc34a99c2a2eb4b85264a4df4f05ef59c4e0ccc2ea82ee9c491698 +size 19792136 diff --git a/Python-3.11.0b5.tar.xz.asc b/Python-3.11.0b5.tar.xz.asc new file mode 100644 index 0000000..b07b357 --- /dev/null +++ b/Python-3.11.0b5.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEz9yiRbEEPPKl+Xhl/+h0BBaL2EcFAmLfF4gACgkQ/+h0BBaL +2EcLCw//SioQXu5dZm+yDZT7JrdJyPt0e6q5OtcFNXucPlHu0ywwVcPtf2YsQLsm +O+5OCui9rxdhxHWnuzvOmnl/OuI8wzxms+vIFiLF968Bz+hsFgSQFMM8urPQQSjW +B7EjgNEQMEo8t2zlgDCB+9UmoyTmW3dkWltB91x55kEpRft20fOl/4UN4CNzz9lV +2VIq3oi/A2zAj1Av2oUtFrswYrmY6u2razndAEoKLb1NriskkANGRSX33+uy7Jgq +vGvACiTtJV0B5HW3s3//h9kLTBzSyFh2bm0nKSfw//MC9wpTExObnvjyI5JqdBZ0 +WjFZr6vYVWALSc6dhA1sAnCC0YrGAdmGSA/KDaFCj0wMre4zWzx6rL2HhQuqtBmX +6veV2jrEwks+3m/Gue8R9Yx959YvDrIOTArAwXezKsg/VzMiFd10Nm4Zop35tD8W +y2sz/nMcXmiK4UT73IvpV1/wmElfkEmA869uVwhHPg+lcweXTYKMjrDdnjb8Pe+u +kX7DY3SGXWrxQ4Ev78LVnDlWgeqig4lHwb1CairXa0xE710o/bC/3cj0CB2j9dYV +QPS21DRcJA5ioLL+d9hYXLWePYemSu2MvPONvk4j35B5onTPtbXh6A3kSpbrzGCf +CfkgGowIAd5LLBvKsepx9phVUHaK9SJkrJlVGnGBjYI+YkKuGcI= +=gAHw +-----END PGP SIGNATURE----- diff --git a/python311.changes b/python311.changes index 8462f56..a0b3684 100644 --- a/python311.changes +++ b/python311.changes @@ -1,3 +1,97 @@ +------------------------------------------------------------------- +Tue Jul 26 10:37:31 UTC 2022 - Matej Cepl + +- Update to 3.11.0b5: + - Core and Builtins + - gh-93351: ast.AST node positions are now validated when + provided to compile() and other related functions. If + invalid positions are detected, a ValueError will be + raised. + - gh-94438: Fix an issue that caused extended opcode + arguments and some conditional pops to be ignored when + calculating valid jump targets for assignments to the + f_lineno attribute of frame objects. In some cases, this + could cause inconsistent internal state, resulting in a + hard crash of the interpreter. + - gh-95060: Undocumented PyCode_Addr2Location function now + properly returns when addrq argument is less than zero. + - gh-95113: Replace all EXTENDED_ARG_QUICK instructions + with basic EXTENDED_ARG instructions in unquickened + code. Consumers of non-adaptive bytecode should be able to + handle extended arguments the same way they were handled in + CPython 3.10 and older. + - gh-91409: Fix incorrect source location info caused by + certain optimizations in the bytecode compiler. + - gh-94036: Fix incorrect source location info for some + multi-line attribute accesses and method calls. + - gh-94739: Allow jumping within, out of, and across + exception handlers in the debugger. + - gh-94949: ast.parse() will no longer parse parenthesized + context managers when passed feature_version less than (3, + 9). Patch by Shantanu Jain. + - gh-94947: ast.parse() will no longer parse assignment + expressions when passed feature_version less than (3, + 8). Patch by Shantanu Jain. + - gh-91256: Ensures the program name is known for help text + during interpreter startup. + - gh-94869: Fix the column offsets for some expressions in + multi-line f-strings ast nodes. Patch by Pablo Galindo. + - gh-94822: Fix an issue where lookups of metaclass + descriptors may be ignored when an identically-named + attribute also exists on the class itself. + - gh-91153: Fix an issue where a bytearray item assignment + could crash if it’s resized by the new value’s __index__() + method. + - gh-90699: Fix reference counting bug in + bool.__repr__(). Patch by Kumar Aditya. + - Library + - gh-95087: Fix IndexError in parsing invalid date in the + email module. + - gh-95199: Upgrade bundled setuptools to 63.2.0. + - gh-95194: Upgrade bundled pip to 22.2. + - gh-95132: Fix a sqlite3 regression where *args and **kwds + were incorrectly relayed from connect() to the Connection + factory. The regression was introduced in 3.11a1 with PR + 24421 (gh-85128). Patch by Erlend E. Aasland.` + - gh-93157: Fix fileinput module didn’t support errors option + when inplace is true. + - gh-95105: wsgiref.types.InputStream.__iter__() should + return Iterator[bytes], not Iterable[bytes]. Patch by + Shantanu Jain. + - gh-94857: Fix refleak in + _io.TextIOWrapper.reconfigure. Patch by Kumar Aditya. + - gh-94821: Fix binding of unix socket to empty address + on Linux to use an available address from the abstract + namespace, instead of “0”. + - gh-89988: Fix memory leak in pickle.Pickler when looking up + dispatch_table. Patch by Kumar Aditya. + - bpo-47025: Drop support for bytes on sys.path. + - Tests + - gh-95212: Make multiprocessing test case + test_shared_memory_recreate parallel-safe. + - Build + - gh-94847: Fixed _decimal module build issue on GCC when + compiling with LTO and pydebug. Debug builds no longer + force inlining of functions. + - gh-94841: Fix the possible performance regression of + PyObject_Free() compiled with MSVC version 1932. + - gh-94801: configure now uses custom flags like ZLIB_CFLAGS + and ZLIB_LIBS when searching for headers and libraries. + - gh-94773: deepfreeze.py now supports code object with + frozensets that contain incompatible, unsortable types. + - C API + - gh-94930: Fix SystemError raised when + PyArg_ParseTupleAndKeywords() is used with # in (...) but + without PY_SSIZE_T_CLEAN defined. + - gh-94864: Fix PyArg_Parse* with deprecated format units “u” + and “Z”. It returned 1 (success) when warnings are turned + into exceptions. + - gh-94731: Python again uses C-style casts for + most casting operations when compiled with + C++. This may trigger compiler warnings, if they + are enabled with e.g. -Wold-style-cast `` or + ``-Wzero-as-null-pointer-constant options for g++. + ------------------------------------------------------------------- Thu Jul 21 14:19:53 UTC 2022 - Matej Cepl diff --git a/python311.spec b/python311.spec index 066049d..af02322 100644 --- a/python311.spec +++ b/python311.spec @@ -103,7 +103,7 @@ Obsoletes: python39%{?1:-%{1}} %define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so %bcond_without profileopt Name: %{python_pkg_name}%{psuffix} -Version: 3.11.0b4 +Version: 3.11.0b5 Release: 0 Summary: Python 3 Interpreter License: Python-2.0 -- 2.51.1 From 93d3c08eebe6254a504e644db37363e6e7043aa8180a350962cf94428a0c24a7 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Sat, 20 Aug 2022 14:25:45 +0000 Subject: [PATCH 022/135] =?UTF-8?q?-=20Update=20to=203.11.0rc1:=20=20=20-?= =?UTF-8?q?=20Core=20and=20Builtins=20=20=20=20=20-=20Update=20code=20obje?= =?UTF-8?q?ct=20hashing=20and=20equality=20to=20consider=20all=20=20=20=20?= =?UTF-8?q?=20=20=20debugging=20and=20exception=20handling=20tables.=20Thi?= =?UTF-8?q?s=20fixes=20an=20=20=20=20=20=20=20issue=20where=20certain=20no?= =?UTF-8?q?n-identical=20code=20objects=20could=20be=20=20=20=20=20=20=20?= =?UTF-8?q?=E2=80=9Cdeduplicated=E2=80=9D=20during=20compilation.=20=20=20?= =?UTF-8?q?=20=20-=20=5FPyPegen=5FParser=5FNew=20now=20properly=20detects?= =?UTF-8?q?=20token=20memory=20=20=20=20=20=20=20allocation=20errors.=20Pa?= =?UTF-8?q?tch=20by=20Honglin=20Zhu.=20=20=20=20=20-=20Run=20Python=20code?= =?UTF-8?q?=20in=20tracer/profiler=20function=20at=20full=20=20=20=20=20?= =?UTF-8?q?=20=20speed.=20Fixes=20slowdown=20in=20earlier=20versions=20of?= =?UTF-8?q?=203.11.=20=20=20=20=20-=20Emit=20a=20warning=20in=20debug=20mo?= =?UTF-8?q?de=20if=20an=20object=20does=20not=20call=20=20=20=20=20=20=20P?= =?UTF-8?q?yObject=5FGC=5FUnTrack()=20before=20deallocation.=20Patch=20by?= =?UTF-8?q?=20Pablo=20=20=20=20=20=20=20Galindo.=20=20=20=20=20-=20Prevent?= =?UTF-8?q?ed=20crashes=20in=20the=20AST=20constructor=20when=20=20=20=20?= =?UTF-8?q?=20=20=20compiling=20some=20absurdly=20long=20expressions=20lik?= =?UTF-8?q?e=20=20=20=20=20=20=20"+0"*1000000.=20RecursionError=20is=20now?= =?UTF-8?q?=20raised=20instead.=20Patch=20=20=20=20=20=20=20by=20Pablo=20G?= =?UTF-8?q?alindo=20=20=20=20=20-=20ast.AST=20node=20positions=20are=20now?= =?UTF-8?q?=20validated=20when=20provided=20to=20=20=20=20=20=20=20compile?= =?UTF-8?q?()=20and=20other=20related=20functions.=20If=20invalid=20positi?= =?UTF-8?q?ons=20=20=20=20=20=20=20are=20detected,=20a=20ValueError=20will?= =?UTF-8?q?=20be=20raised.=20=20=20=20=20-=20Fix=20error=20detection=20in?= =?UTF-8?q?=20some=20builtin=20functions=20when=20keyword=20=20=20=20=20?= =?UTF-8?q?=20=20argument=20name=20is=20an=20instance=20of=20a=20str=20sub?= =?UTF-8?q?class=20with=20=20=20=20=20=20=20overloaded=20=5F=5Feq=5F=5F=20?= =?UTF-8?q?and=20=5F=5Fhash=5F=5F.=20Previously=20it=20could=20cause=20=20?= =?UTF-8?q?=20=20=20=20=20SystemError=20or=20other=20undesired=20behavior.?= =?UTF-8?q?=20=20=20-=20Library=20=20=20=20=20-=20Update=20bundled=20pip?= =?UTF-8?q?=20to=2022.2.2.=20=20=20=20=20-=20Fix=20asyncio.TaskGroup=20to?= =?UTF-8?q?=20propagate=20exception=20when=20=20=20=20=20=20=20asyncio.Can?= =?UTF-8?q?celledError=20was=20replaced=20with=20another=20exception=20=20?= =?UTF-8?q?=20=20=20=20=20by=20a=20context=20manger.=20Patch=20by=20Kumar?= =?UTF-8?q?=20Aditya=20and=20Guido=20van=20=20=20=20=20=20=20Rossum.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=27 --- Python-3.11.0b5.tar.xz | 3 - Python-3.11.0b5.tar.xz.asc | 16 --- Python-3.11.0rc1.tar.xz | 3 + Python-3.11.0rc1.tar.xz.asc | 16 +++ bpo-31046_ensurepip_honours_prefix.patch | 12 +-- fix_configure_rst.patch | 2 +- python-3.3.0b1-fix_date_time_compiler.patch | 2 +- python311.changes | 107 ++++++++++++++++++++ python311.spec | 2 +- skip-test_pyobject_freed_is_freed.patch | 2 +- 10 files changed, 136 insertions(+), 29 deletions(-) delete mode 100644 Python-3.11.0b5.tar.xz delete mode 100644 Python-3.11.0b5.tar.xz.asc create mode 100644 Python-3.11.0rc1.tar.xz create mode 100644 Python-3.11.0rc1.tar.xz.asc diff --git a/Python-3.11.0b5.tar.xz b/Python-3.11.0b5.tar.xz deleted file mode 100644 index 873945c..0000000 --- a/Python-3.11.0b5.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:3810bd22f7dc34a99c2a2eb4b85264a4df4f05ef59c4e0ccc2ea82ee9c491698 -size 19792136 diff --git a/Python-3.11.0b5.tar.xz.asc b/Python-3.11.0b5.tar.xz.asc deleted file mode 100644 index b07b357..0000000 --- a/Python-3.11.0b5.tar.xz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCAAdFiEEz9yiRbEEPPKl+Xhl/+h0BBaL2EcFAmLfF4gACgkQ/+h0BBaL -2EcLCw//SioQXu5dZm+yDZT7JrdJyPt0e6q5OtcFNXucPlHu0ywwVcPtf2YsQLsm -O+5OCui9rxdhxHWnuzvOmnl/OuI8wzxms+vIFiLF968Bz+hsFgSQFMM8urPQQSjW -B7EjgNEQMEo8t2zlgDCB+9UmoyTmW3dkWltB91x55kEpRft20fOl/4UN4CNzz9lV -2VIq3oi/A2zAj1Av2oUtFrswYrmY6u2razndAEoKLb1NriskkANGRSX33+uy7Jgq -vGvACiTtJV0B5HW3s3//h9kLTBzSyFh2bm0nKSfw//MC9wpTExObnvjyI5JqdBZ0 -WjFZr6vYVWALSc6dhA1sAnCC0YrGAdmGSA/KDaFCj0wMre4zWzx6rL2HhQuqtBmX -6veV2jrEwks+3m/Gue8R9Yx959YvDrIOTArAwXezKsg/VzMiFd10Nm4Zop35tD8W -y2sz/nMcXmiK4UT73IvpV1/wmElfkEmA869uVwhHPg+lcweXTYKMjrDdnjb8Pe+u -kX7DY3SGXWrxQ4Ev78LVnDlWgeqig4lHwb1CairXa0xE710o/bC/3cj0CB2j9dYV -QPS21DRcJA5ioLL+d9hYXLWePYemSu2MvPONvk4j35B5onTPtbXh6A3kSpbrzGCf -CfkgGowIAd5LLBvKsepx9phVUHaK9SJkrJlVGnGBjYI+YkKuGcI= -=gAHw ------END PGP SIGNATURE----- diff --git a/Python-3.11.0rc1.tar.xz b/Python-3.11.0rc1.tar.xz new file mode 100644 index 0000000..6f78839 --- /dev/null +++ b/Python-3.11.0rc1.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:53a5377c37a8a2c6da075b14eb9d63374579f7f3c718fa20f0a1fbb0e94a922b +size 19815524 diff --git a/Python-3.11.0rc1.tar.xz.asc b/Python-3.11.0rc1.tar.xz.asc new file mode 100644 index 0000000..50ca3e1 --- /dev/null +++ b/Python-3.11.0rc1.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEz9yiRbEEPPKl+Xhl/+h0BBaL2EcFAmLtMGcACgkQ/+h0BBaL +2Eeirw//ZSjlvrUAouGGLbWal2CnJ8qmR7eAuSQQpwftmj++JhiQfKfIoWH8WYn9 +FTYVcVD/seXKGUK+ydj8ZDRoSA59sS+zVNnca/BaxPeqScZVbFTOB/o1tlE5g4h+ +WxSCRXfYmkIqXag3ZOZ/A+EXjgfAl/DrYtYKAafjH2nF9R9j4+w8YZ/ENELQ8Fd5 +thHyxNPDFeTK56ClR2QIZHdqCZHHNk1sO+FaB1Na/uZ5dD7snc+T7CjN1/Dlcs75 +oye5HAU35FHxV5nzk8uieatwW0q6/BtFWE3g8LbxECPRbLCo6bBySj2TA2LuwroR +fhn+r093y6NIJBLPIYjpFl5HlDnxDyOvFvKrJ1hZI9DC9VHPyeYP9hzHYQ2yBMwx +SD3djAPVJnwESM25MdZ5oaYrQu8e13+zA2l6Hnk5tsIjPI6CelO/xyPdWeSzBQEg +SaJke+QakoLXKoBSJhkIskwhCX6m+vmoiZFFSpemr3k13e3jTObyDRilh8eGkQtN +EFNp2KPBn8NM7udBNI4zxGr6kviEt4R+8nfQ2VmdnlU2XIMW7pwMfoPmWI1yXpl2 +JNo9o9EbeuawY7I/j+ryHV40b2wx9UA8DXHJg0iTiQT2IMvwPy18eiQJoVg4nJqH +tH6/zUw2yqFd9G7/uoYcGhk5PlalrZO7Ufeb/vUEUqvrISYu2QE= +=jjd6 +-----END PGP SIGNATURE----- diff --git a/bpo-31046_ensurepip_honours_prefix.patch b/bpo-31046_ensurepip_honours_prefix.patch index 24d46ae..5552c60 100644 --- a/bpo-31046_ensurepip_honours_prefix.patch +++ b/bpo-31046_ensurepip_honours_prefix.patch @@ -15,7 +15,7 @@ Co-Authored-By: Xavier de Gaye --- a/Doc/library/ensurepip.rst +++ b/Doc/library/ensurepip.rst -@@ -56,8 +56,9 @@ is at least as recent as the one availab +@@ -57,8 +57,9 @@ is at least as recent as the one availab By default, ``pip`` is installed into the current virtual environment (if one is active) or into the system site packages (if there is no active virtual environment). The installation location can be controlled @@ -26,7 +26,7 @@ Co-Authored-By: Xavier de Gaye * ``--root ``: Installs ``pip`` relative to the given root directory rather than the root of the currently active virtual environment (if any) or the default root for the current Python installation. -@@ -89,7 +90,7 @@ Module API +@@ -90,7 +91,7 @@ Module API Returns a string specifying the available version of pip that will be installed when bootstrapping an environment. @@ -35,7 +35,7 @@ Co-Authored-By: Xavier de Gaye altinstall=False, default_pip=False, \ verbosity=0) -@@ -99,6 +100,8 @@ Module API +@@ -100,6 +101,8 @@ Module API If *root* is ``None``, then installation uses the default install location for the current environment. @@ -44,7 +44,7 @@ Co-Authored-By: Xavier de Gaye *upgrade* indicates whether or not to upgrade an existing installation of an earlier version of ``pip`` to the available version. -@@ -119,6 +122,8 @@ Module API +@@ -120,6 +123,8 @@ Module API *verbosity* controls the level of output to :data:`sys.stdout` from the bootstrapping operation. @@ -139,7 +139,7 @@ Co-Authored-By: Xavier de Gaye --- a/Makefile.pre.in +++ b/Makefile.pre.in -@@ -1749,7 +1749,7 @@ install: @FRAMEWORKINSTALLFIRST@ commoni +@@ -1751,7 +1751,7 @@ install: @FRAMEWORKINSTALLFIRST@ commoni install|*) ensurepip="" ;; \ esac; \ $(RUNSHARED) $(PYTHON_FOR_BUILD) -m ensurepip \ @@ -148,7 +148,7 @@ Co-Authored-By: Xavier de Gaye fi altinstall: commoninstall -@@ -1759,7 +1759,7 @@ altinstall: commoninstall +@@ -1761,7 +1761,7 @@ altinstall: commoninstall install|*) ensurepip="--altinstall" ;; \ esac; \ $(RUNSHARED) $(PYTHON_FOR_BUILD) -m ensurepip \ diff --git a/fix_configure_rst.patch b/fix_configure_rst.patch index 7fc3159..6b40cea 100644 --- a/fix_configure_rst.patch +++ b/fix_configure_rst.patch @@ -29,7 +29,7 @@ Create a Python.framework rather than a traditional Unix install. Optional --- a/Misc/NEWS +++ b/Misc/NEWS -@@ -6147,7 +6147,7 @@ C API +@@ -6464,7 +6464,7 @@ C API - bpo-40939: Removed documentation for the removed ``PyParser_*`` C API. - bpo-43795: The list in :ref:`stable-abi-list` now shows the public name diff --git a/python-3.3.0b1-fix_date_time_compiler.patch b/python-3.3.0b1-fix_date_time_compiler.patch index a3fd005..c336a7f 100644 --- a/python-3.3.0b1-fix_date_time_compiler.patch +++ b/python-3.3.0b1-fix_date_time_compiler.patch @@ -4,7 +4,7 @@ --- a/Makefile.pre.in +++ b/Makefile.pre.in -@@ -1233,11 +1233,18 @@ Modules/getbuildinfo.o: $(PARSER_OBJS) \ +@@ -1234,11 +1234,18 @@ Modules/getbuildinfo.o: $(PARSER_OBJS) \ $(DTRACE_OBJS) \ $(srcdir)/Modules/getbuildinfo.c $(CC) -c $(PY_CORE_CFLAGS) \ diff --git a/python311.changes b/python311.changes index a0b3684..ec81bc4 100644 --- a/python311.changes +++ b/python311.changes @@ -1,3 +1,110 @@ +------------------------------------------------------------------- +Sat Aug 20 14:05:21 UTC 2022 - Matej Cepl + +- Update to 3.11.0rc1: + - Core and Builtins + - Update code object hashing and equality to consider all + debugging and exception handling tables. This fixes an + issue where certain non-identical code objects could be + “deduplicated” during compilation. + - _PyPegen_Parser_New now properly detects token memory + allocation errors. Patch by Honglin Zhu. + - Run Python code in tracer/profiler function at full + speed. Fixes slowdown in earlier versions of 3.11. + - Emit a warning in debug mode if an object does not call + PyObject_GC_UnTrack() before deallocation. Patch by Pablo + Galindo. + - Prevented crashes in the AST constructor when + compiling some absurdly long expressions like + "+0"*1000000. RecursionError is now raised instead. Patch + by Pablo Galindo + - ast.AST node positions are now validated when provided to + compile() and other related functions. If invalid positions + are detected, a ValueError will be raised. + - Fix error detection in some builtin functions when keyword + argument name is an instance of a str subclass with + overloaded __eq__ and __hash__. Previously it could cause + SystemError or other undesired behavior. + - Library + - Update bundled pip to 22.2.2. + - Fix asyncio.TaskGroup to propagate exception when + asyncio.CancelledError was replaced with another exception + by a context manger. Patch by Kumar Aditya and Guido van + Rossum. + - Update bundled pip to 22.2.1. + - Fix GC crash when deallocating _lsprof.Profiler by + untracking it before calling any callbacks. Patch by Kumar + Aditya. + - Fix asyncio.run() for asyncio.Task implementations without + uncancel() method. Patch by Kumar Aditya. + - Fix check for existence of os.EFD_CLOEXEC, os.EFD_NONBLOCK + and os.EFD_SEMAPHORE flags on older kernel versions where + these flags are not present. Patch by Kumar Aditya. + - Fix concurrent.futures.Executor.map() to cancel the + currently waiting on future on an error - e.g. TimeoutError + or KeyboardInterrupt. + - Ensure that timeouts scheduled with asyncio.Timeout that + have already expired are delivered promptly. + - Suppress writing an XML declaration in open files + in ElementTree.write() with encoding='unicode' and + xml_declaration=None. + - Fix findtext in the xml module to only give an empty string + when the text attribute is set to None. + - Documentation + - Fix stylesheet not working in Windows CHM htmlhelp docs + and add warning that they are deprecated. Contributed by + C.A.M. Gerlach. + - Update library documentation with availability information + on WebAssembly platforms wasm32-emscripten and wasm32-wasi. + - Use consistent syntax for platform availability. The + directive now supports a content body and emits a warning + when it encounters an unknown platform. + - Document a limitation in ThreadPoolExecutor where its exit + handler is executed before any handlers in atexit. + - Tests + - Lib/test/test_asyncio/test_ssl.py exposed a bug in the + macOS kernel where intense concurrent load on non-blocking + sockets occasionally causes errno.ENOBUFS (“No buffer space + available”) to be emitted. FB11063974 filed with Apple, in + the mean time as a workaround buffer size used in tests on + macOS is decreased to avoid intermittent failures. Patch by + Fantix King. + - Fix problem with test_ssl test_get_ciphers on systems that + require perfect forward secrecy (PFS) ciphers. + - Add a regression test for re exponentional slowdown when + using rjsmin. + - Build + - Fix a regression in configure script that caused some + header checks to ignore custom CPPFLAGS. The regression was + introduced in gh-94802. + - wasm32-wasi builds no longer depend on WASIX’s pthread + stubs. Python now has its own stubbed pthread API. + - Python now detects missing dup function in WASI and works + around some missing errno, select, and socket constants. + - Python now skips missing socket functions and methods on + WASI. WASI can only create sockets from existing fd / + accept and has no netdb. + - Platforms wasm32-unknown-emscripten and wasm32-unknown-wasi + have been promoted to PEP 11 tier 3 platform support. + - IDLE + - Document handling of extensions in Save As dialogs. + - Include prompts when saving Shell (interactive input and + output). + - Fix the Shell context menu copy-with-prompts bug of copying + an extra line when one selects whole lines. + - In the Edit menu, move Select All and add a new separator. + - Enable using IDLE’s module browser with .pyw files. + - Add .pyi as a recognized extension for IDLE on macOS. This + allows opening stub files by double clicking on them in the + Finder. + - C API + - Restore the 3.10 behavior for multiple inheritance of C + extension classes that store their dictionary at the end of + the struct. + - Added PyCode_GetVarnames(), PyCode_GetCellvars() and + PyCode_GetFreevars() for accessing co_varnames, co_cellvars + and co_freevars respectively via the C API. + ------------------------------------------------------------------- Tue Jul 26 10:37:31 UTC 2022 - Matej Cepl diff --git a/python311.spec b/python311.spec index af02322..e766700 100644 --- a/python311.spec +++ b/python311.spec @@ -103,7 +103,7 @@ Obsoletes: python39%{?1:-%{1}} %define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so %bcond_without profileopt Name: %{python_pkg_name}%{psuffix} -Version: 3.11.0b5 +Version: 3.11.0rc1 Release: 0 Summary: Python 3 Interpreter License: Python-2.0 diff --git a/skip-test_pyobject_freed_is_freed.patch b/skip-test_pyobject_freed_is_freed.patch index 1525256..b6883dd 100644 --- a/skip-test_pyobject_freed_is_freed.patch +++ b/skip-test_pyobject_freed_is_freed.patch @@ -4,7 +4,7 @@ --- a/Lib/test/test_capi.py +++ b/Lib/test/test_capi.py -@@ -1016,6 +1016,7 @@ class PyMemDebugTests(unittest.TestCase) +@@ -1035,6 +1035,7 @@ class PyMemDebugTests(unittest.TestCase) def test_pyobject_forbidden_bytes_is_freed(self): self.check_pyobject_is_freed('check_pyobject_forbidden_bytes_is_freed') -- 2.51.1 From 3931fb9f0932eb6e132173f08f31d48cf3cf5bbc38eb4cec49f4896ffc2bb07b Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Sat, 20 Aug 2022 21:31:49 +0000 Subject: [PATCH 023/135] - fix import_failed.map to refer to the python 3.11 package versions OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=28 --- import_failed.map | 14 +++++++------- python311.changes | 5 +++++ 2 files changed, 12 insertions(+), 7 deletions(-) diff --git a/import_failed.map b/import_failed.map index 9f01f41..f33690c 100644 --- a/import_failed.map +++ b/import_failed.map @@ -1,7 +1,7 @@ -python39-curses: curses _curses _curses_panel -python39-dbm: dbm _dbm _gdbm -python39-idle: idlelib -python39-testsuite: test _ctypes_test _testbuffer _testcapi _testinternalcapi _testimportmultiple _testmultiphase xxlimited -python39-tk: tkinter _tkinter -python39-tools: turtledemo -python39: sqlite3 readline _sqlite3 nis +python311-curses: curses _curses _curses_panel +python311-dbm: dbm _dbm _gdbm +python311-idle: idlelib +python311-testsuite: test _ctypes_test _testbuffer _testcapi _testinternalcapi _testimportmultiple _testmultiphase xxlimited +python311-tk: tkinter _tkinter +python311-tools: turtledemo +python311: sqlite3 readline _sqlite3 nis diff --git a/python311.changes b/python311.changes index ec81bc4..3aab91c 100644 --- a/python311.changes +++ b/python311.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Sat Aug 20 21:31:40 UTC 2022 - Matej Cepl + +- fix import_failed.map to refer to the python 3.11 package versions + ------------------------------------------------------------------- Sat Aug 20 14:05:21 UTC 2022 - Matej Cepl -- 2.51.1 From d9d021447f3dc2090b67b8b18bde3ef6804e71c95a24e5216bbfba1fd9ea929c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mark=C3=A9ta=20Machov=C3=A1?= Date: Tue, 6 Sep 2022 12:03:43 +0000 Subject: [PATCH 024/135] Accepting request 1001307 from openSUSE:Factory:RISCV - Increase testsuite timeout for test_freeze_simple_script OBS-URL: https://build.opensuse.org/request/show/1001307 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=30 --- python311.changes | 5 +++++ python311.spec | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/python311.changes b/python311.changes index 3aab91c..8894ec9 100644 --- a/python311.changes +++ b/python311.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Mon Sep 5 08:43:49 UTC 2022 - Andreas Schwab + +- Increase testsuite timeout for test_freeze_simple_script + ------------------------------------------------------------------- Sat Aug 20 21:31:40 UTC 2022 - Matej Cepl diff --git a/python311.spec b/python311.spec index e766700..c95ad12 100644 --- a/python311.spec +++ b/python311.spec @@ -576,7 +576,7 @@ export PYTHONPATH="$(pwd -P)/Lib" # Use timeout, like make target buildbottest # We cannot run tests parallel, because osc build environment doesn’t # have /dev/shm -%make_build -j1 test TESTOPTS="-u curses -v -x $EXCLUDE --timeout=3000" +%make_build -j1 test TESTOPTS="-u curses -v -x $EXCLUDE --timeout=5400" # use network, be verbose: #make test TESTOPTS="-l -u network -v" %endif -- 2.51.1 From d8ac67fc2d2898b934f16cd7dc87c1cd6fabcfdc150f5b29114aad902106e2a3 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Thu, 15 Sep 2022 09:14:50 +0000 Subject: [PATCH 025/135] - Update to 3.11.0rc2: - Converting between int and str in bases other than 2 (binary), 4, 8 (octal), 16 (hexadecimal), or 32 such as base 10 (decimal) now raises a ValueError if the number of digits in string form is above a limit to avoid potential denial of service attacks due to the algorithmic complexity. This is a mitigation for CVE-2020-10735. This new limit can be configured or disabled by environment variable, command line flag, or sys APIs. See the integer string conversion length limitation documentation. The default limit is 4300 digits in string form. - Fix case of undefined behavior in ceval.c - Do not expose KeyWrapper in _functools. - Ensure that tracing, sys.setrace(), is turned on immediately. In pre-release versions of 3.11, some tracing events might have been lost when turning on tracing in a __del__ method or interrupt. - Fix use after free in trace refs build mode. Patch by Kumar Aditya. - When loading a file with invalid UTF-8 inside a multi-line string, a correct SyntaxError is emitted. - Make sure that incomplete frames do not show up in tracemalloc traces. - Remove two cases of undefined behavior, by adding NULL checks. - Fix possible NULL pointer dereference in _PyThread_CurrentFrames. Patch by Kumar Aditya. - Fix AttributeError missing name and obj attributes in object.__getattribute__(). Patch by Philip Georgi. - Loading a file with invalid UTF-8 will now report the broken OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=32 --- Python-3.11.0rc1.tar.xz | 3 - Python-3.11.0rc1.tar.xz.asc | 16 --- Python-3.11.0rc2.tar.xz | 3 + Python-3.11.0rc2.tar.xz.asc | 16 +++ fix_configure_rst.patch | 2 +- python311.changes | 103 ++++++++++++++++++ python311.spec | 6 +- ...support-expat-CVE-2022-25236-patched.patch | 62 +++++------ 8 files changed, 157 insertions(+), 54 deletions(-) delete mode 100644 Python-3.11.0rc1.tar.xz delete mode 100644 Python-3.11.0rc1.tar.xz.asc create mode 100644 Python-3.11.0rc2.tar.xz create mode 100644 Python-3.11.0rc2.tar.xz.asc rename support-expat-245.patch => support-expat-CVE-2022-25236-patched.patch (50%) diff --git a/Python-3.11.0rc1.tar.xz b/Python-3.11.0rc1.tar.xz deleted file mode 100644 index 6f78839..0000000 --- a/Python-3.11.0rc1.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:53a5377c37a8a2c6da075b14eb9d63374579f7f3c718fa20f0a1fbb0e94a922b -size 19815524 diff --git a/Python-3.11.0rc1.tar.xz.asc b/Python-3.11.0rc1.tar.xz.asc deleted file mode 100644 index 50ca3e1..0000000 --- a/Python-3.11.0rc1.tar.xz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCAAdFiEEz9yiRbEEPPKl+Xhl/+h0BBaL2EcFAmLtMGcACgkQ/+h0BBaL -2Eeirw//ZSjlvrUAouGGLbWal2CnJ8qmR7eAuSQQpwftmj++JhiQfKfIoWH8WYn9 -FTYVcVD/seXKGUK+ydj8ZDRoSA59sS+zVNnca/BaxPeqScZVbFTOB/o1tlE5g4h+ -WxSCRXfYmkIqXag3ZOZ/A+EXjgfAl/DrYtYKAafjH2nF9R9j4+w8YZ/ENELQ8Fd5 -thHyxNPDFeTK56ClR2QIZHdqCZHHNk1sO+FaB1Na/uZ5dD7snc+T7CjN1/Dlcs75 -oye5HAU35FHxV5nzk8uieatwW0q6/BtFWE3g8LbxECPRbLCo6bBySj2TA2LuwroR -fhn+r093y6NIJBLPIYjpFl5HlDnxDyOvFvKrJ1hZI9DC9VHPyeYP9hzHYQ2yBMwx -SD3djAPVJnwESM25MdZ5oaYrQu8e13+zA2l6Hnk5tsIjPI6CelO/xyPdWeSzBQEg -SaJke+QakoLXKoBSJhkIskwhCX6m+vmoiZFFSpemr3k13e3jTObyDRilh8eGkQtN -EFNp2KPBn8NM7udBNI4zxGr6kviEt4R+8nfQ2VmdnlU2XIMW7pwMfoPmWI1yXpl2 -JNo9o9EbeuawY7I/j+ryHV40b2wx9UA8DXHJg0iTiQT2IMvwPy18eiQJoVg4nJqH -tH6/zUw2yqFd9G7/uoYcGhk5PlalrZO7Ufeb/vUEUqvrISYu2QE= -=jjd6 ------END PGP SIGNATURE----- diff --git a/Python-3.11.0rc2.tar.xz b/Python-3.11.0rc2.tar.xz new file mode 100644 index 0000000..52f72f9 --- /dev/null +++ b/Python-3.11.0rc2.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:25b35cc7d82c5ad34d867b179a1c1695d129be5ed14a21e46b6b7f2350a8b490 +size 19828340 diff --git a/Python-3.11.0rc2.tar.xz.asc b/Python-3.11.0rc2.tar.xz.asc new file mode 100644 index 0000000..3060388 --- /dev/null +++ b/Python-3.11.0rc2.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEz9yiRbEEPPKl+Xhl/+h0BBaL2EcFAmMeOSQACgkQ/+h0BBaL +2EcrTA//USzDkebYcAJ1jcb1diiV9JJd7Znm4l7rwb/TKimY82gN1ev9R1/fkmOk +KaRhn5Ss23lm5IdwbJNL1dhrx9DdtsW3oBzaT+pchSVXu0qVokQ0XFVvWzEqwiit +2K6JOlcVyMV8QnBBJPAC+/HN1pjZGQESk/HoP7ESqQUytRkieddjO/cnJ/m36oMJ +YUVoHS1sQVrRHQU3C1RSZ+DF1sdCjzy1ZxfKMVz73gBjLRQ5MiWYIp7ryDtNMZ7F +Ws8m+5WXVhWE2hniMvCVDN25vHIan+9l4hjT01kLh7Ei/QJ6t2GrOtHagMDhFcS1 +Lhq/7flMGpLjhpNNtzAXSPhMZDDxIpyIZu4XwxmQAXFkhCm6H2RBo6OrGWDaOT+V +6kfVCUky+v7oKHs19xm+UilNBIzd4DMNKP2Q9MYcqnR+aI/ggMG7k7KZ3gpPKrQI +x8u6PGFl9vUsRHiUxXYuIM+FO9LAYIFskpWy/CW7fZ29iAkeMjRzhcyS/A8exaae +YA+z4dqgnYLQqMUX3aK3kzAreKAncFkYdNmnv7YMUUSM5J5fvIN2bG/oJ2oti0sk +o1WhVr3ygizeqAOhw0bd2N84xqee+ky18fl+FkauyzEPh7vdI+OQWrBAuJF7YZKR +sHTSxdzPBjaXijLXriZIo1YRXc7N7jd05Cq8R95dzxC9BZjOOfI= +=KvNZ +-----END PGP SIGNATURE----- diff --git a/fix_configure_rst.patch b/fix_configure_rst.patch index 6b40cea..ce566cd 100644 --- a/fix_configure_rst.patch +++ b/fix_configure_rst.patch @@ -29,7 +29,7 @@ Create a Python.framework rather than a traditional Unix install. Optional --- a/Misc/NEWS +++ b/Misc/NEWS -@@ -6464,7 +6464,7 @@ C API +@@ -6636,7 +6636,7 @@ C API - bpo-40939: Removed documentation for the removed ``PyParser_*`` C API. - bpo-43795: The list in :ref:`stable-abi-list` now shows the public name diff --git a/python311.changes b/python311.changes index 8894ec9..128d145 100644 --- a/python311.changes +++ b/python311.changes @@ -1,3 +1,106 @@ +------------------------------------------------------------------- +Thu Sep 15 08:43:07 UTC 2022 - Matej Cepl + +- Update to 3.11.0rc2: + - Converting between int and str in bases other than 2 + (binary), 4, 8 (octal), 16 (hexadecimal), or 32 such as base + 10 (decimal) now raises a ValueError if the number of digits + in string form is above a limit to avoid potential denial of + service attacks due to the algorithmic complexity. This is + a mitigation for CVE-2020-10735. + This new limit can be configured or disabled by environment + variable, command line flag, or sys APIs. See the integer + string conversion length limitation documentation. The + default limit is 4300 digits in string form. + - Fix case of undefined behavior in ceval.c + - Do not expose KeyWrapper in _functools. + - Ensure that tracing, sys.setrace(), is turned on + immediately. In pre-release versions of 3.11, some tracing + events might have been lost when turning on tracing in a + __del__ method or interrupt. + - Fix use after free in trace refs build mode. Patch by Kumar + Aditya. + - When loading a file with invalid UTF-8 inside a multi-line + string, a correct SyntaxError is emitted. + - Make sure that incomplete frames do not show up in + tracemalloc traces. + - Remove two cases of undefined behavior, by adding NULL + checks. + - Fix possible NULL pointer dereference in + _PyThread_CurrentFrames. Patch by Kumar Aditya. + - Fix AttributeError missing name and obj attributes in + object.__getattribute__(). Patch by Philip Georgi. + - Loading a file with invalid UTF-8 will now report the broken + character at the correct location. + - Fixed a bug that caused _PyCode_GetExtra to return garbage + for negative indexes. Patch by Pablo Galindo + - Fix a deadlock in PyGILState_Ensure() when allocating new + thread state. Patch by Kumar Aditya. + - PyType_Ready() now initializes ht_cached_keys and performs + additional checks to ensure that type objects are properly + configured. This avoids crashes in 3rd party packages that + don’t use regular API to create new types. + - Skip over incomplete frames in PyThreadState_GetFrame(). + - Fix format string in _PyPegen_raise_error_known_location that + can lead to memory corruption on some 64bit systems. The + function was building a tuple with i (int) instead of n + (Py_ssize_t) for Py_ssize_t arguments. + - Fix misleading contents of error message when converting an + all-whitespace string to float. + - ast.parse() will no longer parse function definitions with + positional-only params when passed feature_version less than + (3, 8). Patch by Shantanu Jain. + - Fix incorrect error message in the io module. + - Fix the faulthandler implementation of + faulthandler.register(signal, chain=True) if the sigaction() + function is not available: don’t call the previous signal + handler if it’s NULL. Patch by Victor Stinner. + - Correct conversion of numbers.Rational’s to float. + - Fix TypeVarTuple.__typing_prepare_subst__. TypeError was not + raised when using more than one TypeVarTuple, like [*T, *V] + in type alias substitutions. + - Fix asyncio.streams.StreamReaderProtocol to keep a strong + reference to the created task, so that it’s not garbage + collected + - Fix a performance regression in logging + TimedRotatingFileHandler. Only check for special files when + the rollover time has passed. + - Fix unused localName parameter in the Attr class in + xml.dom.minidom. + - Fix incorrect condition that causes sys.thread_info.name to + be wrong on pthread platforms. + - Remove an incompatible change from bpo-28080 that caused a + regression that ignored the utf8 in ZipInfo.flag_bits. Patch + by Pablo Galindo. + - Fix asyncio.Runner to call asyncio.set_event_loop() only + once to avoid calling attach_loop() multiple times on child + watchers. Patch by Kumar Aditya. + - Fix unittest.IsolatedAsyncioTestCase to set event loop before + calling setup functions. Patch by Kumar Aditya. + - When a task catches asyncio.CancelledError and raises some + other error, the other error should generally not silently be + suppressed. + - Fail gracefully if EPERM or ENOSYS is raised when loading + crypt methods. This may happen when trying to load MD5 on a + Linux kernel with FIPS enabled. + - Allow asyncio.StreamWriter.drain() to be awaited concurrently + by multiple tasks. Patch by Kumar Aditya. + - Fix ast.unparse() when ImportFrom.level is None + - Improve discoverability of the higher level + concurrent.futures module by providing clearer links from the + lower level threading and multiprocessing modules. + - What’s New 3.11 now has instructions for how to provide + compiler and linker flags for Tcl/Tk and OpenSSL on RHEL 7 + and CentOS 7. + - Mitigate the inherent race condition from using + find_unused_port() in testSockName() by trying to find an + unused port a few times before failing. Patch by Ross Burton. + - Build and test with OpenSSL 1.1.1q +- Use support-expat-CVE-2022-25236-patched.patch from the current + version of gh#python/cpython#93900 instead of the old + support-expat-245.patch. +- Reapply fix_configure_rst.patch. + ------------------------------------------------------------------- Mon Sep 5 08:43:49 UTC 2022 - Andreas Schwab diff --git a/python311.spec b/python311.spec index c95ad12..84717f0 100644 --- a/python311.spec +++ b/python311.spec @@ -103,7 +103,7 @@ Obsoletes: python39%{?1:-%{1}} %define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so %bcond_without profileopt Name: %{python_pkg_name}%{psuffix} -Version: 3.11.0rc1 +Version: 3.11.0rc2 Release: 0 Summary: Python 3 Interpreter License: Python-2.0 @@ -163,9 +163,9 @@ Patch34: skip-test_pyobject_freed_is_freed.patch # PATCH-FIX-SLE fix_configure_rst.patch bpo#43774 mcepl@suse.com # remove duplicate link targets and make documentation with old Sphinx in SLE Patch35: fix_configure_rst.patch -# PATCH-FIX-UPSTREAM support-expat-245.patch jsc#SLE-21253 mcepl@suse.com +# PATCH-FIX-UPSTREAM support-expat-CVE-2022-25236-patched.patch jsc#SLE-21253 mcepl@suse.com # Makes Python resilient to changes of API of libexpat -Patch36: support-expat-245.patch +Patch36: support-expat-CVE-2022-25236-patched.patch BuildRequires: autoconf-archive BuildRequires: automake BuildRequires: fdupes diff --git a/support-expat-245.patch b/support-expat-CVE-2022-25236-patched.patch similarity index 50% rename from support-expat-245.patch rename to support-expat-CVE-2022-25236-patched.patch index f4761ee..5b26c99 100644 --- a/support-expat-245.patch +++ b/support-expat-CVE-2022-25236-patched.patch @@ -1,9 +1,9 @@ -From d4f5bb912e67299b59b814b89a5afd9a8821a14e Mon Sep 17 00:00:00 2001 +From 7da97f61816f3cadaa6788804b22a2434b40e8c5 Mon Sep 17 00:00:00 2001 From: "Miss Islington (bot)" <31488909+miss-islington@users.noreply.github.com> -Date: Mon, 21 Feb 2022 11:03:08 -0800 +Date: Mon, 21 Feb 2022 08:16:09 -0800 Subject: [PATCH] bpo-46811: Make test suite support Expat >=2.4.5 (GH-31453) - (GH-31471) + (GH-31472) Curly brackets were never allowed in namespace URIs according to RFC 3986, and so-called namespace-validating @@ -23,53 +23,53 @@ Also, test_minidom.py: Support Expat >=2.4.5 Co-authored-by: Sebastian Pipping --- - Lib/test/test_minidom.py | 13 ++++------ - Misc/NEWS.d/next/Library/2022-02-20-21-03-31.bpo-46811.8BxgdQ.rst | 1 - 2 files changed, 7 insertions(+), 7 deletions(-) + Lib/test/test_minidom.py | 23 +++++++++-------------- + 1 file changed, 9 insertions(+), 14 deletions(-) create mode 100644 Misc/NEWS.d/next/Library/2022-02-20-21-03-31.bpo-46811.8BxgdQ.rst --- a/Lib/test/test_minidom.py +++ b/Lib/test/test_minidom.py -@@ -6,12 +6,11 @@ import io +@@ -6,7 +6,6 @@ import io from test import support import unittest -import pyexpat -+import xml.parsers.expat import xml.dom.minidom - from xml.dom.minidom import parse, Node, Document, parseString - from xml.dom.minidom import getDOMImplementation --from xml.parsers.expat import ExpatError - - - tstfile = support.findfile("test.xml", subdir="xmltestdata") -@@ -1149,10 +1148,10 @@ class MinidomTest(unittest.TestCase): + from xml.dom.minidom import parse, Attr, Node, Document, parseString +@@ -1163,13 +1162,11 @@ class MinidomTest(unittest.TestCase): # Verify that character decoding errors raise exceptions instead # of crashing - if pyexpat.version_info >= (2, 4, 5): - self.assertRaises(ExpatError, parseString, -+ if xml.parsers.expat.version_info >= (2, 4, 4): -+ self.assertRaises(xml.parsers.expat.ExpatError, parseString, - b'') +- b'') - self.assertRaises(ExpatError, parseString, -+ self.assertRaises(xml.parsers.expat.ExpatError, parseString, - b'Comment \xe7a va ? Tr\xe8s bien ?') - else: - self.assertRaises(UnicodeDecodeError, parseString, -@@ -1617,8 +1616,8 @@ class MinidomTest(unittest.TestCase): +- b'Comment \xe7a va ? Tr\xe8s bien ?') +- else: +- self.assertRaises(UnicodeDecodeError, parseString, ++ # It doesn’t make any sense to insist on the exact text of the ++ # error message, or even the exact Exception … it is enough that ++ # the error has been discovered. ++ with self.assertRaises((UnicodeDecodeError, ExpatError)): ++ parseString( + b'Comment \xe7a va ? Tr\xe8s bien ?') + + doc.unlink() +@@ -1631,12 +1628,10 @@ class MinidomTest(unittest.TestCase): self.confirm(doc2.namespaceURI == xml.dom.EMPTY_NAMESPACE) def testExceptionOnSpacesInXMLNSValue(self): - if pyexpat.version_info >= (2, 4, 5): - context = self.assertRaisesRegex(ExpatError, 'syntax error') -+ if xml.parsers.expat.version_info >= (2, 4, 4): -+ context = self.assertRaisesRegex(xml.parsers.expat.ExpatError, 'syntax error') - else: - context = self.assertRaisesRegex(ValueError, 'Unsupported syntax') +- else: +- context = self.assertRaisesRegex(ValueError, 'Unsupported syntax') +- +- with context: ++ # It doesn’t make any sense to insist on the exact text of the ++ # error message, or even the exact Exception … it is enough that ++ # the error has been discovered. ++ with self.assertRaises((ExpatError, ValueError)): + parseString('') ---- /dev/null -+++ b/Misc/NEWS.d/next/Library/2022-02-20-21-03-31.bpo-46811.8BxgdQ.rst -@@ -0,0 +1 @@ -+Make test suite support Expat >=2.4.5 + def testDocRemoveChild(self): -- 2.51.1 From 403af99cf1fb50fb4e8dba402222334db2ba083bcc9f865807dc43716e9f07c8 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Wed, 26 Oct 2022 21:24:53 +0000 Subject: [PATCH 026/135] Accepting request 1031401 from home:mcepl:branches:devel:languages:python:Factory - Update to 3.11.0 (overall changes from 3.10.*): - General changes - PEP 657 -- Include Fine-Grained Error Locations in Tracebacks - PEP 654 -- Exception Groups and except* - PEP 680 -- tomllib: Support for Parsing TOML in the Standard Library - gh-90908 -- Introduce task groups to asyncio - gh-34627 -- Atomic grouping ((?>...)) and possessive quantifiers (*+, ++, ?+, {m,n}+) are now supported in regular expressions. - The Faster CPython Project is already yielding some exciting results. Python 3.11 is up to 10-60% faster than Python 3.10. On average, we measured a 1.22x speedup on the standard benchmark suite. See Faster CPython for details. - Typing and typing language changes - PEP 673 -- Self Type - PEP 646 -- Variadic Generics - PEP 675 -- Arbitrary Literal String Type - PEP 655 -- Marking individual TypedDict items as required or potentially-missing - PEP 681 -- Data Class Transforms - (just changes from 3.11.0rc2): - Fix multiplying a list by an integer (list *= int): detect the integer overflow when the new allocated length is close to the maximum size. Issue reported by Jordan Limor. Patch by Victor Stinner. - On Linux the multiprocessing module returns to using filesystem backed unix domain sockets for communication with the forkserver process instead of the Linux abstract OBS-URL: https://build.opensuse.org/request/show/1031401 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=34 --- ...nx.locale._-as-gettext-in-pyspecific.patch | 54 +++++++++++++ Python-3.11.0.tar.xz | 3 + Python-3.11.0.tar.xz.asc | 16 ++++ Python-3.11.0rc2.tar.xz | 3 - Python-3.11.0rc2.tar.xz.asc | 16 ---- fix_configure_rst.patch | 2 +- python311.changes | 80 +++++++++++++++++++ python311.spec | 6 +- 8 files changed, 159 insertions(+), 21 deletions(-) create mode 100644 98437-sphinx.locale._-as-gettext-in-pyspecific.patch create mode 100644 Python-3.11.0.tar.xz create mode 100644 Python-3.11.0.tar.xz.asc delete mode 100644 Python-3.11.0rc2.tar.xz delete mode 100644 Python-3.11.0rc2.tar.xz.asc diff --git a/98437-sphinx.locale._-as-gettext-in-pyspecific.patch b/98437-sphinx.locale._-as-gettext-in-pyspecific.patch new file mode 100644 index 0000000..773e87f --- /dev/null +++ b/98437-sphinx.locale._-as-gettext-in-pyspecific.patch @@ -0,0 +1,54 @@ +From 5775f51691d7d64fb676586e008b41261ce64ac2 Mon Sep 17 00:00:00 2001 +From: "Matt.Wang" +Date: Wed, 19 Oct 2022 14:49:08 +0800 +Subject: [PATCH 1/2] fix(doc-tools): use sphinx.locale._ as gettext() for + backward-compatibility in pyspecific.py + +[why] spinix 5.3 changed locale.translators from a defaultdict(gettext.NullTranslations) to a dict, which leads to failure of pyspecific.py. Use sphinx.locale._ as gettext to fix the issue. +--- + Doc/tools/extensions/pyspecific.py | 8 ++++---- + Misc/NEWS.d/next/Documentation/2022-10-19-07-15-52.gh-issue-98366.UskMXF.rst | 1 + + 2 files changed, 5 insertions(+), 4 deletions(-) + +--- a/Doc/tools/extensions/pyspecific.py ++++ b/Doc/tools/extensions/pyspecific.py +@@ -26,7 +26,7 @@ try: + from sphinx.errors import NoUri + except ImportError: + from sphinx.environment import NoUri +-from sphinx.locale import translators ++from sphinx.locale import _ as sphinx_gettext + from sphinx.util import status_iterator, logging + from sphinx.util.nodes import split_explicit_title + from sphinx.writers.text import TextWriter, TextTranslator +@@ -109,7 +109,7 @@ class ImplementationDetail(Directive): + def run(self): + self.assert_has_content() + pnode = nodes.compound(classes=['impl-detail']) +- label = translators['sphinx'].gettext(self.label_text) ++ label = sphinx_gettext(self.label_text) + content = self.content + add_text = nodes.strong(label, label) + self.state.nested_parse(content, self.content_offset, pnode) +@@ -257,7 +257,7 @@ class AuditEvent(Directive): + else: + args = [] + +- label = translators['sphinx'].gettext(self._label[min(2, len(args))]) ++ label = sphinx_gettext(self._label[min(2, len(args))]) + text = label.format(name="``{}``".format(name), + args=", ".join("``{}``".format(a) for a in args if a)) + +@@ -436,7 +436,7 @@ class DeprecatedRemoved(Directive): + else: + label = self._removed_label + +- label = translators['sphinx'].gettext(label) ++ label = sphinx_gettext(label) + text = label.format(deprecated=self.arguments[0], removed=self.arguments[1]) + if len(self.arguments) == 3: + inodes, messages = self.state.inline_text(self.arguments[2], +--- /dev/null ++++ b/Misc/NEWS.d/next/Documentation/2022-10-19-07-15-52.gh-issue-98366.UskMXF.rst +@@ -0,0 +1 @@ ++Use sphinx.locale._ as the gettext function in pyspecific.py. diff --git a/Python-3.11.0.tar.xz b/Python-3.11.0.tar.xz new file mode 100644 index 0000000..26bc1fb --- /dev/null +++ b/Python-3.11.0.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:a57dc82d77358617ba65b9841cee1e3b441f386c3789ddc0676eca077f2951c3 +size 19819768 diff --git a/Python-3.11.0.tar.xz.asc b/Python-3.11.0.tar.xz.asc new file mode 100644 index 0000000..0044430 --- /dev/null +++ b/Python-3.11.0.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEz9yiRbEEPPKl+Xhl/+h0BBaL2EcFAmNW0BsACgkQ/+h0BBaL +2EfljQ//YbRPRLgFEqbUYDoA65Hy5+ztg2bD6UUAVHS29G7exX9hNqAuk2uQZnlF +3CIz7NjtJFb7a8Bxg6j/OjYnwTojZKeNR/wwZa7MRJlZv7YZGKdjYlt21eCQMbjN +SHlmZ/P1jTHifb/9x2l6XRqn8IXwvJq1NduNoiuNzSQ16oX3TwbLC+vFRBxFqv48 +E6qJlpplzQz0HxgWD+R3jHx2YQzD/Bc+kA+l4NIP2CWX5yK2R3Q63sFi8GmzP6gZ +auFNDGz5pGuwTsblr8Ps0LeqnPtX2UqzAIM5AK5kXW6yn0bn93EXNT0OGF+zzccV +8dit/0C1gqg6iPNRCijWpyIzXUF22Wn8+32E77Xfr+uSPW5e0yuA9VWoO5D2Bf/i +sna98iE3wLJHGgrn1quAdFjCEPSAr9rNaEyvqF9QEjuCoa5giqwk+HIjEiLwNYcy +5MsfFxj5OQT1wB1zWs08qij4wXO0bPylnIK1a6t8OlGF3M4FKX8PK0zK4HsKPcje +DiyjdM3ylrODWk2BjvxUp48gMvmibeSZydKKJDjflHr7MDaJPInZk24LQXw6ZrVH +g+E726C1q69sWSbZ2Wvc70CGcIfzeSFX0rQMGYvyJAQHTo4kixOjRJQpTxGw2VkE +aQrgQC/JGhV+mNWfK+/QiypF8povzlwaQwpoyOczvg83rAvNLAs= +=LZQi +-----END PGP SIGNATURE----- diff --git a/Python-3.11.0rc2.tar.xz b/Python-3.11.0rc2.tar.xz deleted file mode 100644 index 52f72f9..0000000 --- a/Python-3.11.0rc2.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:25b35cc7d82c5ad34d867b179a1c1695d129be5ed14a21e46b6b7f2350a8b490 -size 19828340 diff --git a/Python-3.11.0rc2.tar.xz.asc b/Python-3.11.0rc2.tar.xz.asc deleted file mode 100644 index 3060388..0000000 --- a/Python-3.11.0rc2.tar.xz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCAAdFiEEz9yiRbEEPPKl+Xhl/+h0BBaL2EcFAmMeOSQACgkQ/+h0BBaL -2EcrTA//USzDkebYcAJ1jcb1diiV9JJd7Znm4l7rwb/TKimY82gN1ev9R1/fkmOk -KaRhn5Ss23lm5IdwbJNL1dhrx9DdtsW3oBzaT+pchSVXu0qVokQ0XFVvWzEqwiit -2K6JOlcVyMV8QnBBJPAC+/HN1pjZGQESk/HoP7ESqQUytRkieddjO/cnJ/m36oMJ -YUVoHS1sQVrRHQU3C1RSZ+DF1sdCjzy1ZxfKMVz73gBjLRQ5MiWYIp7ryDtNMZ7F -Ws8m+5WXVhWE2hniMvCVDN25vHIan+9l4hjT01kLh7Ei/QJ6t2GrOtHagMDhFcS1 -Lhq/7flMGpLjhpNNtzAXSPhMZDDxIpyIZu4XwxmQAXFkhCm6H2RBo6OrGWDaOT+V -6kfVCUky+v7oKHs19xm+UilNBIzd4DMNKP2Q9MYcqnR+aI/ggMG7k7KZ3gpPKrQI -x8u6PGFl9vUsRHiUxXYuIM+FO9LAYIFskpWy/CW7fZ29iAkeMjRzhcyS/A8exaae -YA+z4dqgnYLQqMUX3aK3kzAreKAncFkYdNmnv7YMUUSM5J5fvIN2bG/oJ2oti0sk -o1WhVr3ygizeqAOhw0bd2N84xqee+ky18fl+FkauyzEPh7vdI+OQWrBAuJF7YZKR -sHTSxdzPBjaXijLXriZIo1YRXc7N7jd05Cq8R95dzxC9BZjOOfI= -=KvNZ ------END PGP SIGNATURE----- diff --git a/fix_configure_rst.patch b/fix_configure_rst.patch index ce566cd..ae6b9a3 100644 --- a/fix_configure_rst.patch +++ b/fix_configure_rst.patch @@ -29,7 +29,7 @@ Create a Python.framework rather than a traditional Unix install. Optional --- a/Misc/NEWS +++ b/Misc/NEWS -@@ -6636,7 +6636,7 @@ C API +@@ -6768,7 +6768,7 @@ C API - bpo-40939: Removed documentation for the removed ``PyParser_*`` C API. - bpo-43795: The list in :ref:`stable-abi-list` now shows the public name diff --git a/python311.changes b/python311.changes index 128d145..025047b 100644 --- a/python311.changes +++ b/python311.changes @@ -1,3 +1,83 @@ +------------------------------------------------------------------- +Tue Oct 25 08:39:47 UTC 2022 - Matej Cepl + +- Update to 3.11.0 (overall changes from 3.10.*): + - General changes + - PEP 657 -- Include Fine-Grained Error Locations in + Tracebacks + - PEP 654 -- Exception Groups and except* + - PEP 680 -- tomllib: Support for Parsing TOML in the + Standard Library + - gh-90908 -- Introduce task groups to asyncio + - gh-34627 -- Atomic grouping ((?>...)) and possessive + quantifiers (*+, ++, ?+, {m,n}+) are now supported in + regular expressions. + - The Faster CPython Project is already yielding some + exciting results. Python 3.11 is up to 10-60% faster than + Python 3.10. On average, we measured a 1.22x speedup on the + standard benchmark suite. See Faster CPython for details. + - Typing and typing language changes + - PEP 673 -- Self Type + - PEP 646 -- Variadic Generics + - PEP 675 -- Arbitrary Literal String Type + - PEP 655 -- Marking individual TypedDict items as required + or potentially-missing + - PEP 681 -- Data Class Transforms +- (just changes from 3.11.0rc2): + - Fix multiplying a list by an integer (list *= int): detect + the integer overflow when the new allocated length is close + to the maximum size. Issue reported by Jordan Limor. Patch by + Victor Stinner. + - On Linux the multiprocessing module returns to using + filesystem backed unix domain sockets for communication + with the forkserver process instead of the Linux abstract + socket namespace. Only code that chooses to use the + “forkserver” start method is affected. Abstract sockets have + no permissions and could allow any user on the system in the + same network namespace (often the whole system) to inject + code into the multiprocessing forkserver process. This was + a potential privilege escalation. Filesystem based socket + permissions restrict this to the forkserver process user as + was the default in Python 3.8 and earlier. This prevents + Linux CVE-2022-42919. + - Fix an issue where several frame objects could be backed by + the same interpreter frame, possibly leading to corrupted + memory and hard crashes of the interpreter. + - Fix possible data corruption or crashes when accessing the + f_back member of newly-created generator or coroutine frames. + - Fix a crash occurring when PyEval_GetFrame() is called while + the topmost Python frame is in a partially-initialized state. + - Fix command line parsing: reject -X int_max_str_digits option + with no value (invalid) when the PYTHONINTMAXSTRDIGITS + environment variable is set to a valid limit. Patch by Victor + Stinner. + - Fix undefined behaviour in _testcapimodule.c. + - When ValueError is raised if an integer is larger than the + limit, mention the sys.set_int_max_str_digits() function in + the error message. Patch by Victor Stinner. + - Correctly raise SyntaxError on exception groups (PEP 654) on + python versions prior to 3.11 + - Document some places where an assignment expression needs + parentheses. + - Update the bundled copies of pip and setuptools to versions + 22.3 and 65.5.0 respectively. + - fix Flag to use boundary CONFORM + - This restores previous Flag behavior of allowing flags with + non-sequential values to be combined; e.g. + - class Skip(Flag): TWO = 2 EIGHT = 8 + - Skip.TWO | Skip.EIGHT -> + - Fix ! in c domain ref target syntax via a conf.py patch, so + it works as intended to disable ref target resolution. + - Update tutorial introduction output to use 3.10+ SyntaxError + invalid range. + +------------------------------------------------------------------- +Fri Oct 21 10:14:03 UTC 2022 - Matej Cepl + +- Add 98437-sphinx.locale._-as-gettext-in-pyspecific.patch to + allow building of documentation with the latest Sphinx 5.3.0 + (gh#python/cpython#98366). + ------------------------------------------------------------------- Thu Sep 15 08:43:07 UTC 2022 - Matej Cepl diff --git a/python311.spec b/python311.spec index 84717f0..2d3cba8 100644 --- a/python311.spec +++ b/python311.spec @@ -103,7 +103,7 @@ Obsoletes: python39%{?1:-%{1}} %define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so %bcond_without profileopt Name: %{python_pkg_name}%{psuffix} -Version: 3.11.0rc2 +Version: 3.11.0 Release: 0 Summary: Python 3 Interpreter License: Python-2.0 @@ -166,6 +166,9 @@ Patch35: fix_configure_rst.patch # PATCH-FIX-UPSTREAM support-expat-CVE-2022-25236-patched.patch jsc#SLE-21253 mcepl@suse.com # Makes Python resilient to changes of API of libexpat Patch36: support-expat-CVE-2022-25236-patched.patch +# PATCH-FIX-UPSTREAM 98437-sphinx.locale._-as-gettext-in-pyspecific.patch gh#python/cpython#98366 mcepl@suse.com +# this patch makes things totally awesome +Patch37: 98437-sphinx.locale._-as-gettext-in-pyspecific.patch BuildRequires: autoconf-archive BuildRequires: automake BuildRequires: fdupes @@ -432,6 +435,7 @@ other applications. %endif %patch35 -p1 %patch36 -p1 +%patch37 -p1 # drop Autoconf version requirement sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac -- 2.51.1 From ba06f07184b85590621e4802ef87161bdf6266b9273a075c8db9145f524353eb Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Fri, 4 Nov 2022 15:00:28 +0000 Subject: [PATCH 027/135] - Add CVE-2022-42919-loc-priv-mulitproc-forksrv.patch to avoid CVE-2022-42919 (bsc#1204886) avoiding Linux specific local privilege escalation via the multiprocessing forkserver start method. OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=36 --- ...022-42919-loc-priv-mulitproc-forksrv.patch | 59 +++++++++++++++++++ python311.changes | 8 +++ python311.spec | 4 ++ 3 files changed, 71 insertions(+) create mode 100644 CVE-2022-42919-loc-priv-mulitproc-forksrv.patch diff --git a/CVE-2022-42919-loc-priv-mulitproc-forksrv.patch b/CVE-2022-42919-loc-priv-mulitproc-forksrv.patch new file mode 100644 index 0000000..e616e48 --- /dev/null +++ b/CVE-2022-42919-loc-priv-mulitproc-forksrv.patch @@ -0,0 +1,59 @@ +From 85178d5849a4d9b5b46e7b91b1ebad7425139b44 Mon Sep 17 00:00:00 2001 +From: "Gregory P. Smith" +Date: Thu, 20 Oct 2022 15:30:09 -0700 +Subject: [PATCH] gh-97514: Don't use Linux abstract sockets for + multiprocessing (GH-98501) + +Linux abstract sockets are insecure as they lack any form of filesystem +permissions so their use allows anyone on the system to inject code into +the process. + +This removes the default preference for abstract sockets in +multiprocessing introduced in Python 3.9+ via +https://github.com/python/cpython/pull/18866 while fixing +https://github.com/python/cpython/issues/84031. + +Explicit use of an abstract socket by a user now generates a +RuntimeWarning. If we choose to keep this warning, it should be +backported to the 3.7 and 3.8 branches. +(cherry picked from commit 49f61068f49747164988ffc5a442d2a63874fc17) + +Co-authored-by: Gregory P. Smith +--- + Lib/multiprocessing/connection.py | 5 --- + Misc/NEWS.d/next/Security/2022-09-07-10-42-00.gh-issue-97514.Yggdsl.rst | 15 ++++++++++ + 2 files changed, 15 insertions(+), 5 deletions(-) + create mode 100644 Misc/NEWS.d/next/Security/2022-09-07-10-42-00.gh-issue-97514.Yggdsl.rst + +--- a/Lib/multiprocessing/connection.py ++++ b/Lib/multiprocessing/connection.py +@@ -73,11 +73,6 @@ def arbitrary_address(family): + if family == 'AF_INET': + return ('localhost', 0) + elif family == 'AF_UNIX': +- # Prefer abstract sockets if possible to avoid problems with the address +- # size. When coding portable applications, some implementations have +- # sun_path as short as 92 bytes in the sockaddr_un struct. +- if util.abstract_sockets_supported: +- return f"\0listener-{os.getpid()}-{next(_mmap_counter)}" + return tempfile.mktemp(prefix='listener-', dir=util.get_temp_dir()) + elif family == 'AF_PIPE': + return tempfile.mktemp(prefix=r'\\.\pipe\pyc-%d-%d-' % +--- /dev/null ++++ b/Misc/NEWS.d/next/Security/2022-09-07-10-42-00.gh-issue-97514.Yggdsl.rst +@@ -0,0 +1,15 @@ ++On Linux the :mod:`multiprocessing` module returns to using filesystem backed ++unix domain sockets for communication with the *forkserver* process instead of ++the Linux abstract socket namespace. Only code that chooses to use the ++:ref:`"forkserver" start method ` is affected. ++ ++Abstract sockets have no permissions and could allow any user on the system in ++the same `network namespace ++`_ (often the ++whole system) to inject code into the multiprocessing *forkserver* process. ++This was a potential privilege escalation. Filesystem based socket permissions ++restrict this to the *forkserver* process user as was the default in Python 3.8 ++and earlier. ++ ++This prevents Linux `CVE-2022-42919 ++`_. diff --git a/python311.changes b/python311.changes index 025047b..d99ad2a 100644 --- a/python311.changes +++ b/python311.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Fri Nov 4 14:59:53 UTC 2022 - Matej Cepl + +- Add CVE-2022-42919-loc-priv-mulitproc-forksrv.patch to avoid + CVE-2022-42919 (bsc#1204886) avoiding Linux specific local + privilege escalation via the multiprocessing forkserver start + method. + ------------------------------------------------------------------- Tue Oct 25 08:39:47 UTC 2022 - Matej Cepl diff --git a/python311.spec b/python311.spec index 2d3cba8..b3ed512 100644 --- a/python311.spec +++ b/python311.spec @@ -169,6 +169,9 @@ Patch36: support-expat-CVE-2022-25236-patched.patch # PATCH-FIX-UPSTREAM 98437-sphinx.locale._-as-gettext-in-pyspecific.patch gh#python/cpython#98366 mcepl@suse.com # this patch makes things totally awesome Patch37: 98437-sphinx.locale._-as-gettext-in-pyspecific.patch +# PATCH-FIX-UPSTREAM CVE-2022-42919-loc-priv-mulitproc-forksrv.patch bsc#1204886 mcepl@suse.com +# Avoid Linux specific local privilege escalation via the multiprocessing forkserver start method +Patch38: CVE-2022-42919-loc-priv-mulitproc-forksrv.patch BuildRequires: autoconf-archive BuildRequires: automake BuildRequires: fdupes @@ -436,6 +439,7 @@ other applications. %patch35 -p1 %patch36 -p1 %patch37 -p1 +%patch38 -p1 # drop Autoconf version requirement sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac -- 2.51.1 From c6df50684cf837fee53d77c83a19e34f455b89f68f6e993e2057c34b0276eca3 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Fri, 4 Nov 2022 15:18:41 +0000 Subject: [PATCH 028/135] revert OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=37 --- ...022-42919-loc-priv-mulitproc-forksrv.patch | 59 ------------------- python311.changes | 8 --- python311.spec | 4 -- 3 files changed, 71 deletions(-) delete mode 100644 CVE-2022-42919-loc-priv-mulitproc-forksrv.patch diff --git a/CVE-2022-42919-loc-priv-mulitproc-forksrv.patch b/CVE-2022-42919-loc-priv-mulitproc-forksrv.patch deleted file mode 100644 index e616e48..0000000 --- a/CVE-2022-42919-loc-priv-mulitproc-forksrv.patch +++ /dev/null @@ -1,59 +0,0 @@ -From 85178d5849a4d9b5b46e7b91b1ebad7425139b44 Mon Sep 17 00:00:00 2001 -From: "Gregory P. Smith" -Date: Thu, 20 Oct 2022 15:30:09 -0700 -Subject: [PATCH] gh-97514: Don't use Linux abstract sockets for - multiprocessing (GH-98501) - -Linux abstract sockets are insecure as they lack any form of filesystem -permissions so their use allows anyone on the system to inject code into -the process. - -This removes the default preference for abstract sockets in -multiprocessing introduced in Python 3.9+ via -https://github.com/python/cpython/pull/18866 while fixing -https://github.com/python/cpython/issues/84031. - -Explicit use of an abstract socket by a user now generates a -RuntimeWarning. If we choose to keep this warning, it should be -backported to the 3.7 and 3.8 branches. -(cherry picked from commit 49f61068f49747164988ffc5a442d2a63874fc17) - -Co-authored-by: Gregory P. Smith ---- - Lib/multiprocessing/connection.py | 5 --- - Misc/NEWS.d/next/Security/2022-09-07-10-42-00.gh-issue-97514.Yggdsl.rst | 15 ++++++++++ - 2 files changed, 15 insertions(+), 5 deletions(-) - create mode 100644 Misc/NEWS.d/next/Security/2022-09-07-10-42-00.gh-issue-97514.Yggdsl.rst - ---- a/Lib/multiprocessing/connection.py -+++ b/Lib/multiprocessing/connection.py -@@ -73,11 +73,6 @@ def arbitrary_address(family): - if family == 'AF_INET': - return ('localhost', 0) - elif family == 'AF_UNIX': -- # Prefer abstract sockets if possible to avoid problems with the address -- # size. When coding portable applications, some implementations have -- # sun_path as short as 92 bytes in the sockaddr_un struct. -- if util.abstract_sockets_supported: -- return f"\0listener-{os.getpid()}-{next(_mmap_counter)}" - return tempfile.mktemp(prefix='listener-', dir=util.get_temp_dir()) - elif family == 'AF_PIPE': - return tempfile.mktemp(prefix=r'\\.\pipe\pyc-%d-%d-' % ---- /dev/null -+++ b/Misc/NEWS.d/next/Security/2022-09-07-10-42-00.gh-issue-97514.Yggdsl.rst -@@ -0,0 +1,15 @@ -+On Linux the :mod:`multiprocessing` module returns to using filesystem backed -+unix domain sockets for communication with the *forkserver* process instead of -+the Linux abstract socket namespace. Only code that chooses to use the -+:ref:`"forkserver" start method ` is affected. -+ -+Abstract sockets have no permissions and could allow any user on the system in -+the same `network namespace -+`_ (often the -+whole system) to inject code into the multiprocessing *forkserver* process. -+This was a potential privilege escalation. Filesystem based socket permissions -+restrict this to the *forkserver* process user as was the default in Python 3.8 -+and earlier. -+ -+This prevents Linux `CVE-2022-42919 -+`_. diff --git a/python311.changes b/python311.changes index d99ad2a..025047b 100644 --- a/python311.changes +++ b/python311.changes @@ -1,11 +1,3 @@ -------------------------------------------------------------------- -Fri Nov 4 14:59:53 UTC 2022 - Matej Cepl - -- Add CVE-2022-42919-loc-priv-mulitproc-forksrv.patch to avoid - CVE-2022-42919 (bsc#1204886) avoiding Linux specific local - privilege escalation via the multiprocessing forkserver start - method. - ------------------------------------------------------------------- Tue Oct 25 08:39:47 UTC 2022 - Matej Cepl diff --git a/python311.spec b/python311.spec index b3ed512..2d3cba8 100644 --- a/python311.spec +++ b/python311.spec @@ -169,9 +169,6 @@ Patch36: support-expat-CVE-2022-25236-patched.patch # PATCH-FIX-UPSTREAM 98437-sphinx.locale._-as-gettext-in-pyspecific.patch gh#python/cpython#98366 mcepl@suse.com # this patch makes things totally awesome Patch37: 98437-sphinx.locale._-as-gettext-in-pyspecific.patch -# PATCH-FIX-UPSTREAM CVE-2022-42919-loc-priv-mulitproc-forksrv.patch bsc#1204886 mcepl@suse.com -# Avoid Linux specific local privilege escalation via the multiprocessing forkserver start method -Patch38: CVE-2022-42919-loc-priv-mulitproc-forksrv.patch BuildRequires: autoconf-archive BuildRequires: automake BuildRequires: fdupes @@ -439,7 +436,6 @@ other applications. %patch35 -p1 %patch36 -p1 %patch37 -p1 -%patch38 -p1 # drop Autoconf version requirement sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac -- 2.51.1 From 03d1be16162877328ca8a8be00d3d3fa46d5c1908743ee62821533be66c8907d Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Wed, 9 Nov 2022 18:37:56 +0000 Subject: [PATCH 029/135] - Add CVE-2022-45061-DoS-by-IDNA-decode.patch to avoid CVE-2022-45061 (bsc#1205244) allowing DoS by IDNA decoding extremely long domain names. OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=38 --- CVE-2022-45061-DoS-by-IDNA-decode.patch | 86 +++++++++++++++++++++++++ python311.changes | 7 ++ python311.spec | 4 ++ 3 files changed, 97 insertions(+) create mode 100644 CVE-2022-45061-DoS-by-IDNA-decode.patch diff --git a/CVE-2022-45061-DoS-by-IDNA-decode.patch b/CVE-2022-45061-DoS-by-IDNA-decode.patch new file mode 100644 index 0000000..05c1559 --- /dev/null +++ b/CVE-2022-45061-DoS-by-IDNA-decode.patch @@ -0,0 +1,86 @@ +From 3a692f2234d2ddb65db33d2516fff357a139c724 Mon Sep 17 00:00:00 2001 +From: "Gregory P. Smith" +Date: Mon, 7 Nov 2022 16:54:41 -0800 +Subject: [PATCH 1/3] gh-98433: Fix quadratic time idna decoding. (GH-99092) + +There was an unnecessary quadratic loop in idna decoding. This restores +the behavior to linear. + +This also adds an early length check in IDNA decoding to outright reject +huge inputs early on given the ultimate result is defined to be 63 or fewer +characters. +(cherry picked from commit d315722564927c7202dd6e111dc79eaf14240b0d) + +Co-authored-by: Gregory P. Smith +--- + Lib/encodings/idna.py | 32 ++++------ + Lib/test/test_codecs.py | 6 + + Misc/NEWS.d/next/Security/2022-11-04-09-29-36.gh-issue-98433.l76c5G.rst | 6 + + 3 files changed, 27 insertions(+), 17 deletions(-) + create mode 100644 Misc/NEWS.d/next/Security/2022-11-04-09-29-36.gh-issue-98433.l76c5G.rst + +--- a/Lib/encodings/idna.py ++++ b/Lib/encodings/idna.py +@@ -39,23 +39,21 @@ def nameprep(label): + + # Check bidi + RandAL = [stringprep.in_table_d1(x) for x in label] +- for c in RandAL: +- if c: +- # There is a RandAL char in the string. Must perform further +- # tests: +- # 1) The characters in section 5.8 MUST be prohibited. +- # This is table C.8, which was already checked +- # 2) If a string contains any RandALCat character, the string +- # MUST NOT contain any LCat character. +- if any(stringprep.in_table_d2(x) for x in label): +- raise UnicodeError("Violation of BIDI requirement 2") +- +- # 3) If a string contains any RandALCat character, a +- # RandALCat character MUST be the first character of the +- # string, and a RandALCat character MUST be the last +- # character of the string. +- if not RandAL[0] or not RandAL[-1]: +- raise UnicodeError("Violation of BIDI requirement 3") ++ if any(RandAL): ++ # There is a RandAL char in the string. Must perform further ++ # tests: ++ # 1) The characters in section 5.8 MUST be prohibited. ++ # This is table C.8, which was already checked ++ # 2) If a string contains any RandALCat character, the string ++ # MUST NOT contain any LCat character. ++ if any(stringprep.in_table_d2(x) for x in label): ++ raise UnicodeError("Violation of BIDI requirement 2") ++ # 3) If a string contains any RandALCat character, a ++ # RandALCat character MUST be the first character of the ++ # string, and a RandALCat character MUST be the last ++ # character of the string. ++ if not RandAL[0] or not RandAL[-1]: ++ raise UnicodeError("Violation of BIDI requirement 3") + + return label + +--- a/Lib/test/test_codecs.py ++++ b/Lib/test/test_codecs.py +@@ -1552,6 +1552,12 @@ class IDNACodecTest(unittest.TestCase): + self.assertEqual("pyth\xf6n.org".encode("idna"), b"xn--pythn-mua.org") + self.assertEqual("pyth\xf6n.org.".encode("idna"), b"xn--pythn-mua.org.") + ++ def test_builtin_decode_length_limit(self): ++ with self.assertRaisesRegex(UnicodeError, "too long"): ++ (b"xn--016c"+b"a"*1100).decode("idna") ++ with self.assertRaisesRegex(UnicodeError, "too long"): ++ (b"xn--016c"+b"a"*70).decode("idna") ++ + def test_stream(self): + r = codecs.getreader("idna")(io.BytesIO(b"abc")) + r.read(3) +--- /dev/null ++++ b/Misc/NEWS.d/next/Security/2022-11-04-09-29-36.gh-issue-98433.l76c5G.rst +@@ -0,0 +1,6 @@ ++The IDNA codec decoder used on DNS hostnames by :mod:`socket` or :mod:`asyncio` ++related name resolution functions no longer involves a quadratic algorithm. ++This prevents a potential CPU denial of service if an out-of-spec excessive ++length hostname involving bidirectional characters were decoded. Some protocols ++such as :mod:`urllib` http ``3xx`` redirects potentially allow for an attacker ++to supply such a name. diff --git a/python311.changes b/python311.changes index 025047b..4a28793 100644 --- a/python311.changes +++ b/python311.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Wed Nov 9 18:31:23 UTC 2022 - Matej Cepl + +- Add CVE-2022-45061-DoS-by-IDNA-decode.patch to avoid + CVE-2022-45061 (bsc#1205244) allowing DoS by IDNA decoding + extremely long domain names. + ------------------------------------------------------------------- Tue Oct 25 08:39:47 UTC 2022 - Matej Cepl diff --git a/python311.spec b/python311.spec index 2d3cba8..eb9f333 100644 --- a/python311.spec +++ b/python311.spec @@ -169,6 +169,9 @@ Patch36: support-expat-CVE-2022-25236-patched.patch # PATCH-FIX-UPSTREAM 98437-sphinx.locale._-as-gettext-in-pyspecific.patch gh#python/cpython#98366 mcepl@suse.com # this patch makes things totally awesome Patch37: 98437-sphinx.locale._-as-gettext-in-pyspecific.patch +# PATCH-FIX-UPSTREAM CVE-2022-45061-DoS-by-IDNA-decode.patch bsc#1205244 mcepl@suse.com +# Avoid DoS by decoding IDNA for too long domain names +Patch38: CVE-2022-45061-DoS-by-IDNA-decode.patch BuildRequires: autoconf-archive BuildRequires: automake BuildRequires: fdupes @@ -436,6 +439,7 @@ other applications. %patch35 -p1 %patch36 -p1 %patch37 -p1 +%patch38 -p1 # drop Autoconf version requirement sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac -- 2.51.1 From 6c436c7abc6bfd5a2a032593b10a1b8a9af63e3032ef3fac5253592ad6ce43ef Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Thu, 8 Dec 2022 15:05:06 +0000 Subject: [PATCH 030/135] - Update to 3.11.1: - python -m http.server no longer allows terminal control characters sent within a garbage request to be printed to the stderr server lo This is done by changing the http.server BaseHTTPRequestHandler .log_message method to replace control characters with a \xHH hex escape before printin - Avoid publishing list of active per-interpreter audit hooks via the gc module - The IDNA codec decoder used on DNS hostnames by socket or asyncio related name resolution functions no longer involves a quadratic algorithm. This prevents a potential CPU denial of service if an out-of-spec excessive length hostname involving bidirectional characters were decoded. Some protocols such as urllib http 3xx redirects potentially allow for an attacker to supply such a name (CVE-2022-45061). - Update bundled libexpat to 2.5.0 - Fix a shell code injection vulnerability in the get-remote-certificate.py example script. The script no longer uses a shell to run openssl commands. Issue reported and initial fix by Caleb Shortt. Patch by Victor Stinner. - Fix a crash when an object which does not have a dictionary frees its instance values. - Fix a bug in the tokenizer that could cause infinite recursion when showing syntax warnings that happen in the first line of the source. Patch by Pablo Galindo - Fix an issue that could cause frames to be visible to Python code as they are being torn down, possibly leading to memory corruption or hard crashes of the interpreter. - Fix a reference bug in _imp.create_builtin() after the OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=40 --- ...nx.locale._-as-gettext-in-pyspecific.patch | 54 --- CVE-2022-45061-DoS-by-IDNA-decode.patch | 86 ----- Python-3.11.0.tar.xz | 3 - Python-3.11.0.tar.xz.asc | 16 - Python-3.11.1.tar.xz | 3 + Python-3.11.1.tar.xz.asc | 16 + bpo-31046_ensurepip_honours_prefix.patch | 12 +- fix_configure_rst.patch | 2 +- python-3.3.0b1-fix_date_time_compiler.patch | 2 +- python311.changes | 360 ++++++++++++++++++ python311.spec | 12 +- subprocess-raise-timeout.patch | 2 +- 12 files changed, 390 insertions(+), 178 deletions(-) delete mode 100644 98437-sphinx.locale._-as-gettext-in-pyspecific.patch delete mode 100644 CVE-2022-45061-DoS-by-IDNA-decode.patch delete mode 100644 Python-3.11.0.tar.xz delete mode 100644 Python-3.11.0.tar.xz.asc create mode 100644 Python-3.11.1.tar.xz create mode 100644 Python-3.11.1.tar.xz.asc diff --git a/98437-sphinx.locale._-as-gettext-in-pyspecific.patch b/98437-sphinx.locale._-as-gettext-in-pyspecific.patch deleted file mode 100644 index 773e87f..0000000 --- a/98437-sphinx.locale._-as-gettext-in-pyspecific.patch +++ /dev/null @@ -1,54 +0,0 @@ -From 5775f51691d7d64fb676586e008b41261ce64ac2 Mon Sep 17 00:00:00 2001 -From: "Matt.Wang" -Date: Wed, 19 Oct 2022 14:49:08 +0800 -Subject: [PATCH 1/2] fix(doc-tools): use sphinx.locale._ as gettext() for - backward-compatibility in pyspecific.py - -[why] spinix 5.3 changed locale.translators from a defaultdict(gettext.NullTranslations) to a dict, which leads to failure of pyspecific.py. Use sphinx.locale._ as gettext to fix the issue. ---- - Doc/tools/extensions/pyspecific.py | 8 ++++---- - Misc/NEWS.d/next/Documentation/2022-10-19-07-15-52.gh-issue-98366.UskMXF.rst | 1 + - 2 files changed, 5 insertions(+), 4 deletions(-) - ---- a/Doc/tools/extensions/pyspecific.py -+++ b/Doc/tools/extensions/pyspecific.py -@@ -26,7 +26,7 @@ try: - from sphinx.errors import NoUri - except ImportError: - from sphinx.environment import NoUri --from sphinx.locale import translators -+from sphinx.locale import _ as sphinx_gettext - from sphinx.util import status_iterator, logging - from sphinx.util.nodes import split_explicit_title - from sphinx.writers.text import TextWriter, TextTranslator -@@ -109,7 +109,7 @@ class ImplementationDetail(Directive): - def run(self): - self.assert_has_content() - pnode = nodes.compound(classes=['impl-detail']) -- label = translators['sphinx'].gettext(self.label_text) -+ label = sphinx_gettext(self.label_text) - content = self.content - add_text = nodes.strong(label, label) - self.state.nested_parse(content, self.content_offset, pnode) -@@ -257,7 +257,7 @@ class AuditEvent(Directive): - else: - args = [] - -- label = translators['sphinx'].gettext(self._label[min(2, len(args))]) -+ label = sphinx_gettext(self._label[min(2, len(args))]) - text = label.format(name="``{}``".format(name), - args=", ".join("``{}``".format(a) for a in args if a)) - -@@ -436,7 +436,7 @@ class DeprecatedRemoved(Directive): - else: - label = self._removed_label - -- label = translators['sphinx'].gettext(label) -+ label = sphinx_gettext(label) - text = label.format(deprecated=self.arguments[0], removed=self.arguments[1]) - if len(self.arguments) == 3: - inodes, messages = self.state.inline_text(self.arguments[2], ---- /dev/null -+++ b/Misc/NEWS.d/next/Documentation/2022-10-19-07-15-52.gh-issue-98366.UskMXF.rst -@@ -0,0 +1 @@ -+Use sphinx.locale._ as the gettext function in pyspecific.py. diff --git a/CVE-2022-45061-DoS-by-IDNA-decode.patch b/CVE-2022-45061-DoS-by-IDNA-decode.patch deleted file mode 100644 index 05c1559..0000000 --- a/CVE-2022-45061-DoS-by-IDNA-decode.patch +++ /dev/null @@ -1,86 +0,0 @@ -From 3a692f2234d2ddb65db33d2516fff357a139c724 Mon Sep 17 00:00:00 2001 -From: "Gregory P. Smith" -Date: Mon, 7 Nov 2022 16:54:41 -0800 -Subject: [PATCH 1/3] gh-98433: Fix quadratic time idna decoding. (GH-99092) - -There was an unnecessary quadratic loop in idna decoding. This restores -the behavior to linear. - -This also adds an early length check in IDNA decoding to outright reject -huge inputs early on given the ultimate result is defined to be 63 or fewer -characters. -(cherry picked from commit d315722564927c7202dd6e111dc79eaf14240b0d) - -Co-authored-by: Gregory P. Smith ---- - Lib/encodings/idna.py | 32 ++++------ - Lib/test/test_codecs.py | 6 + - Misc/NEWS.d/next/Security/2022-11-04-09-29-36.gh-issue-98433.l76c5G.rst | 6 + - 3 files changed, 27 insertions(+), 17 deletions(-) - create mode 100644 Misc/NEWS.d/next/Security/2022-11-04-09-29-36.gh-issue-98433.l76c5G.rst - ---- a/Lib/encodings/idna.py -+++ b/Lib/encodings/idna.py -@@ -39,23 +39,21 @@ def nameprep(label): - - # Check bidi - RandAL = [stringprep.in_table_d1(x) for x in label] -- for c in RandAL: -- if c: -- # There is a RandAL char in the string. Must perform further -- # tests: -- # 1) The characters in section 5.8 MUST be prohibited. -- # This is table C.8, which was already checked -- # 2) If a string contains any RandALCat character, the string -- # MUST NOT contain any LCat character. -- if any(stringprep.in_table_d2(x) for x in label): -- raise UnicodeError("Violation of BIDI requirement 2") -- -- # 3) If a string contains any RandALCat character, a -- # RandALCat character MUST be the first character of the -- # string, and a RandALCat character MUST be the last -- # character of the string. -- if not RandAL[0] or not RandAL[-1]: -- raise UnicodeError("Violation of BIDI requirement 3") -+ if any(RandAL): -+ # There is a RandAL char in the string. Must perform further -+ # tests: -+ # 1) The characters in section 5.8 MUST be prohibited. -+ # This is table C.8, which was already checked -+ # 2) If a string contains any RandALCat character, the string -+ # MUST NOT contain any LCat character. -+ if any(stringprep.in_table_d2(x) for x in label): -+ raise UnicodeError("Violation of BIDI requirement 2") -+ # 3) If a string contains any RandALCat character, a -+ # RandALCat character MUST be the first character of the -+ # string, and a RandALCat character MUST be the last -+ # character of the string. -+ if not RandAL[0] or not RandAL[-1]: -+ raise UnicodeError("Violation of BIDI requirement 3") - - return label - ---- a/Lib/test/test_codecs.py -+++ b/Lib/test/test_codecs.py -@@ -1552,6 +1552,12 @@ class IDNACodecTest(unittest.TestCase): - self.assertEqual("pyth\xf6n.org".encode("idna"), b"xn--pythn-mua.org") - self.assertEqual("pyth\xf6n.org.".encode("idna"), b"xn--pythn-mua.org.") - -+ def test_builtin_decode_length_limit(self): -+ with self.assertRaisesRegex(UnicodeError, "too long"): -+ (b"xn--016c"+b"a"*1100).decode("idna") -+ with self.assertRaisesRegex(UnicodeError, "too long"): -+ (b"xn--016c"+b"a"*70).decode("idna") -+ - def test_stream(self): - r = codecs.getreader("idna")(io.BytesIO(b"abc")) - r.read(3) ---- /dev/null -+++ b/Misc/NEWS.d/next/Security/2022-11-04-09-29-36.gh-issue-98433.l76c5G.rst -@@ -0,0 +1,6 @@ -+The IDNA codec decoder used on DNS hostnames by :mod:`socket` or :mod:`asyncio` -+related name resolution functions no longer involves a quadratic algorithm. -+This prevents a potential CPU denial of service if an out-of-spec excessive -+length hostname involving bidirectional characters were decoded. Some protocols -+such as :mod:`urllib` http ``3xx`` redirects potentially allow for an attacker -+to supply such a name. diff --git a/Python-3.11.0.tar.xz b/Python-3.11.0.tar.xz deleted file mode 100644 index 26bc1fb..0000000 --- a/Python-3.11.0.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:a57dc82d77358617ba65b9841cee1e3b441f386c3789ddc0676eca077f2951c3 -size 19819768 diff --git a/Python-3.11.0.tar.xz.asc b/Python-3.11.0.tar.xz.asc deleted file mode 100644 index 0044430..0000000 --- a/Python-3.11.0.tar.xz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCAAdFiEEz9yiRbEEPPKl+Xhl/+h0BBaL2EcFAmNW0BsACgkQ/+h0BBaL -2EfljQ//YbRPRLgFEqbUYDoA65Hy5+ztg2bD6UUAVHS29G7exX9hNqAuk2uQZnlF -3CIz7NjtJFb7a8Bxg6j/OjYnwTojZKeNR/wwZa7MRJlZv7YZGKdjYlt21eCQMbjN -SHlmZ/P1jTHifb/9x2l6XRqn8IXwvJq1NduNoiuNzSQ16oX3TwbLC+vFRBxFqv48 -E6qJlpplzQz0HxgWD+R3jHx2YQzD/Bc+kA+l4NIP2CWX5yK2R3Q63sFi8GmzP6gZ -auFNDGz5pGuwTsblr8Ps0LeqnPtX2UqzAIM5AK5kXW6yn0bn93EXNT0OGF+zzccV -8dit/0C1gqg6iPNRCijWpyIzXUF22Wn8+32E77Xfr+uSPW5e0yuA9VWoO5D2Bf/i -sna98iE3wLJHGgrn1quAdFjCEPSAr9rNaEyvqF9QEjuCoa5giqwk+HIjEiLwNYcy -5MsfFxj5OQT1wB1zWs08qij4wXO0bPylnIK1a6t8OlGF3M4FKX8PK0zK4HsKPcje -DiyjdM3ylrODWk2BjvxUp48gMvmibeSZydKKJDjflHr7MDaJPInZk24LQXw6ZrVH -g+E726C1q69sWSbZ2Wvc70CGcIfzeSFX0rQMGYvyJAQHTo4kixOjRJQpTxGw2VkE -aQrgQC/JGhV+mNWfK+/QiypF8povzlwaQwpoyOczvg83rAvNLAs= -=LZQi ------END PGP SIGNATURE----- diff --git a/Python-3.11.1.tar.xz b/Python-3.11.1.tar.xz new file mode 100644 index 0000000..f31c1c3 --- /dev/null +++ b/Python-3.11.1.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:85879192f2cffd56cb16c092905949ebf3e5e394b7f764723529637901dfb58f +size 19856648 diff --git a/Python-3.11.1.tar.xz.asc b/Python-3.11.1.tar.xz.asc new file mode 100644 index 0000000..638d0cf --- /dev/null +++ b/Python-3.11.1.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEz9yiRbEEPPKl+Xhl/+h0BBaL2EcFAmOPlhsACgkQ/+h0BBaL +2EdY5w/+KKZY3ghMcjuxxF4o9CylFvhHGI7LP6FKZE5xnGtSZ2cXjcad+FwFMnFS +JE5fLpPD3xmkRoCIOwVKIos4l/chfAIE8gNlTBFOAwUYP0uVpA+SYNDOciT64Apj +32jELwHJJVgjG21Lubx35kOtmQa884hBB9T8RsovL35PhFvspSvTx8U+YfGKIZzG +liWwj/gBMMGd3p6pvz9UQsnqBLAfw50M6BDDQrQtoIDnw2R5s8oBqYa7uiRBzQch +dUGUm/gt9lBTI0fT3ZgCMD3Zu2et252nsbzMYgBuPSg6SlT63wHktzq1aewQ2lL2 +VcBBbIf4hpkL5QnPgzKuiHcU7tBeRngTaWhw0Nc8kfGuz56HsEJJyhaHtD5mlCx9 +0treI/NPAeA8KcrpnkufTpMCee7/R7CfH/dNp29yJlhbC+WYMbr6s600jJISf6zn +s0C40/MGLvVwIgT6HBkXkDL0Lii8vxc3w5smLiQ4xvQSHSS/fkP2qIDUhrX0eUlq +atacso0j7XAKYWBRHT70ZeXIN4UJuQ+dfK7xAC+bmyo9X9jcpUeozws8OvczYBRq +2qk4hCFFP/WgZ/MBiVoe2xmC6+ak2gH6xX6w2bB0/4Dc6KBMxWyUmRPuBVvx/cCp +AwXvH94gZl9wj/tmvOoZNqaMFG3tWuWo7+YzosWOBHAoUk8ILNM= +=ZuYB +-----END PGP SIGNATURE----- diff --git a/bpo-31046_ensurepip_honours_prefix.patch b/bpo-31046_ensurepip_honours_prefix.patch index 5552c60..f6b2d3d 100644 --- a/bpo-31046_ensurepip_honours_prefix.patch +++ b/bpo-31046_ensurepip_honours_prefix.patch @@ -15,7 +15,7 @@ Co-Authored-By: Xavier de Gaye --- a/Doc/library/ensurepip.rst +++ b/Doc/library/ensurepip.rst -@@ -57,8 +57,9 @@ is at least as recent as the one availab +@@ -59,8 +59,9 @@ is at least as recent as the one availab By default, ``pip`` is installed into the current virtual environment (if one is active) or into the system site packages (if there is no active virtual environment). The installation location can be controlled @@ -26,7 +26,7 @@ Co-Authored-By: Xavier de Gaye * ``--root ``: Installs ``pip`` relative to the given root directory rather than the root of the currently active virtual environment (if any) or the default root for the current Python installation. -@@ -90,7 +91,7 @@ Module API +@@ -92,7 +93,7 @@ Module API Returns a string specifying the available version of pip that will be installed when bootstrapping an environment. @@ -35,7 +35,7 @@ Co-Authored-By: Xavier de Gaye altinstall=False, default_pip=False, \ verbosity=0) -@@ -100,6 +101,8 @@ Module API +@@ -102,6 +103,8 @@ Module API If *root* is ``None``, then installation uses the default install location for the current environment. @@ -44,7 +44,7 @@ Co-Authored-By: Xavier de Gaye *upgrade* indicates whether or not to upgrade an existing installation of an earlier version of ``pip`` to the available version. -@@ -120,6 +123,8 @@ Module API +@@ -122,6 +125,8 @@ Module API *verbosity* controls the level of output to :data:`sys.stdout` from the bootstrapping operation. @@ -139,7 +139,7 @@ Co-Authored-By: Xavier de Gaye --- a/Makefile.pre.in +++ b/Makefile.pre.in -@@ -1751,7 +1751,7 @@ install: @FRAMEWORKINSTALLFIRST@ commoni +@@ -1756,7 +1756,7 @@ install: @FRAMEWORKINSTALLFIRST@ commoni install|*) ensurepip="" ;; \ esac; \ $(RUNSHARED) $(PYTHON_FOR_BUILD) -m ensurepip \ @@ -148,7 +148,7 @@ Co-Authored-By: Xavier de Gaye fi altinstall: commoninstall -@@ -1761,7 +1761,7 @@ altinstall: commoninstall +@@ -1766,7 +1766,7 @@ altinstall: commoninstall install|*) ensurepip="--altinstall" ;; \ esac; \ $(RUNSHARED) $(PYTHON_FOR_BUILD) -m ensurepip \ diff --git a/fix_configure_rst.patch b/fix_configure_rst.patch index ae6b9a3..6eb2649 100644 --- a/fix_configure_rst.patch +++ b/fix_configure_rst.patch @@ -29,7 +29,7 @@ Create a Python.framework rather than a traditional Unix install. Optional --- a/Misc/NEWS +++ b/Misc/NEWS -@@ -6768,7 +6768,7 @@ C API +@@ -7355,7 +7355,7 @@ C API - bpo-40939: Removed documentation for the removed ``PyParser_*`` C API. - bpo-43795: The list in :ref:`stable-abi-list` now shows the public name diff --git a/python-3.3.0b1-fix_date_time_compiler.patch b/python-3.3.0b1-fix_date_time_compiler.patch index c336a7f..06aab09 100644 --- a/python-3.3.0b1-fix_date_time_compiler.patch +++ b/python-3.3.0b1-fix_date_time_compiler.patch @@ -4,7 +4,7 @@ --- a/Makefile.pre.in +++ b/Makefile.pre.in -@@ -1234,11 +1234,18 @@ Modules/getbuildinfo.o: $(PARSER_OBJS) \ +@@ -1235,11 +1235,18 @@ Modules/getbuildinfo.o: $(PARSER_OBJS) \ $(DTRACE_OBJS) \ $(srcdir)/Modules/getbuildinfo.c $(CC) -c $(PY_CORE_CFLAGS) \ diff --git a/python311.changes b/python311.changes index 4a28793..5f828ea 100644 --- a/python311.changes +++ b/python311.changes @@ -1,3 +1,363 @@ +------------------------------------------------------------------- +Thu Dec 8 14:59:50 UTC 2022 - Matej Cepl + +- Update to 3.11.1: + - python -m http.server no longer allows terminal control + characters sent within a garbage request to be printed + to the stderr server lo This is done by changing the + http.server BaseHTTPRequestHandler .log_message method to + replace control characters with a \xHH hex escape before + printin + - Avoid publishing list of active per-interpreter audit hooks + via the gc module + - The IDNA codec decoder used on DNS hostnames by socket or + asyncio related name resolution functions no longer involves + a quadratic algorithm. This prevents a potential CPU denial + of service if an out-of-spec excessive length hostname + involving bidirectional characters were decoded. Some + protocols such as urllib http 3xx redirects potentially allow + for an attacker to supply such a name (CVE-2022-45061). + - Update bundled libexpat to 2.5.0 + - Fix a shell code injection vulnerability in the + get-remote-certificate.py example script. The script no + longer uses a shell to run openssl commands. Issue reported + and initial fix by Caleb Shortt. Patch by Victor Stinner. + - Fix a crash when an object which does not have a dictionary + frees its instance values. + - Fix a bug in the tokenizer that could cause infinite + recursion when showing syntax warnings that happen in the + first line of the source. Patch by Pablo Galindo + - Fix an issue that could cause frames to be visible to Python + code as they are being torn down, possibly leading to memory + corruption or hard crashes of the interpreter. + - Fix a reference bug in _imp.create_builtin() after the + creation of the first sub-interpreter for modules builtins + and sys. Patch by Victor Stinner. + - Fixed a bug that was causing a buffer overflow if the + tokenizer copies a line missing the newline caracter from a + file that is as long as the available tokenizer buffer. Patch + by Pablo galindo + - Fix bug where an ExceptionGroup subclass can wrap a + BaseException. + - Fix zip path for venv created from a non-installed python on + POSIX platforms. + - Fix an issue that could potentially cause incorrect error + handling for some bytecode instructions. + - Fix an issue that prevented PyThreadState and + PyInterpreterState memory from being freed properly. + - Fix failure in except* with unhashable exceptions. + - Fix calculation of sys._base_executable when inside a POSIX + virtual environment using copies of the python binary when + the base installation does not provide the executable name + used by the venv. Calculation will fall back to alternative + names (“python”, “python.”). + - Update faulthandler to emit an error message with the proper + unexpected signal number. Patch by Dong-hee Na. + - Fix location of SyntaxError for a try block with both except + and except*. + - Fix the error reporting positions of specialized traceback + anchors when the source line contains Unicode characters. + - Fix subscription of type aliases containing bare generic + types or types like TypeVar: for example tuple[A, T][int] and + tuple[TypeVar, T][int], where A is a generic type, and T is a + type variable. + - Lower the recursion depth for marshal on WASI to support + wasmtime 2.0/main. + - Fix multiple crashes in debug mode when str subclasses are + used instead of str itself. + - Fix an issue where member descriptors (such as those for + __slots__) could behave incorrectly or crash instead of + raising a TypeError when accessed via an instance of an + invalid type. + - Suppress ImportError for invalid query for help() + command. Patch by Dong-hee Na. + - Fix detection of MAC addresses for uuid on certain OSs. Patch + by Chaim Sanders + - Print exception class name instead of its string + representation when raising errors from ctypes calls. + - os.sched_yield() now release the GIL while calling + sched_yield(2). Patch by Dong-hee Na. + - Fix an issue that could delay the specialization of PRECALL + instructions. + - Bugfix: PyFunction_GetAnnotations() should return a borrowed + reference. It was returning a new reference. + - Ensure that all Python frame objects are backed by “complete” + frames. + - Fixed a missing incref/decref pair in + Exception.__setstate__(). Patch by Ofey Chan. + - Fix the Python path configuration used to initialized + sys.path at Python startup. Paths are no longer encoded + to UTF-8/strict to avoid encoding errors if it contains + surrogate characters (bytes paths are decoded with the + surrogateescape error handler). Patch by Victor Stinner. + - Fix overly-broad source position information for chained + comparisons used as branching conditions. + - At Python exit, sometimes a thread holding the GIL can + wait forever for a thread (usually a daemon thread) which + requested to drop the GIL, whereas the thread already + exited. To fix the race condition, the thread which requested + the GIL drop now resets its request before exiting. Issue + discovered and analyzed by Mingliang ZHAO. Patch by Victor + Stinner. + - Fix a possible assertion failure, fatal error, or SystemError + if a line tracing event raises an exception while opcode + tracing is enabled. + - Fix undefined behaviour in C code of null pointer arithmetic. + - Make sure that all frame objects created are created from + valid interpreter frames. Prevents the possibility of invalid + frames in backtraces and signal handlers. + - Disable incorrect pickling of the C implemented classmethod + descriptors. + - On WASI ENOTCAPABLE is now mapped to PermissionError. The + errno modules exposes the new error number. getpath.py now + ignores PermissionError when it cannot open landmark files + pybuilddir.txt and pyenv.cfg. + - Allow pdb to locate source for frozen modules in the standard + library. + - Raise ValueError instead of SystemError when methods of + uninitialized io.IncrementalNewlineDecoder objects are + called. Patch by Oren Milman. + - Fix a possible assertion failure in io.FileIO when the opener + returns an invalid file descriptor. + - Also escape s in the http.server + BaseHTTPRequestHandler.log_message so that it is technically + possible to parse the line and reconstruct what the original + data was. Without this a xHH is ambiguious as to if it is a + hex replacement we put in or the characters r”x” came through + in the original request line. + - asyncio.get_event_loop() now only emits a deprecation warning + when a new event loop was created implicitly. It no longer + emits a deprecation warning if the current event loop was + set. + - Fix bug when calling trace.CoverageResults with valid infile. + - Fix a bug in handling class cleanups in + unittest.TestCase. Now addClassCleanup() uses separate lists + for different TestCase subclasses, and doClassCleanups() only + cleans up the particular class. + - Release the GIL when calling termios APIs to avoid blocking + threads. + - Fix ast.increment_lineno() to also cover ast.TypeIgnore when + changing line numbers. + - Fix bug in urllib.parse.urlparse() that causes URL schemes + that begin with a digit, a plus sign, or a minus sign to be + parsed incorrectly. + - Check the number of arguments in substitution in user + generics containing a TypeVarTuple and one or more TypeVar. + - Fix substitution of ParamSpec followed by TypeVarTuple in + generic aliases. + - Fix substitution of TypeVarTuple and ParamSpec together in + user generics. + - Fixed bug where inspect.signature() reported incorrect + arguments for decorated methods. + - Fix SystemError in ctypes when exception was not set during + __initsubclass__. + - Remove older version of + _SSLProtocolTransport.get_write_buffer_limits in + asyncio.sslproto + - fix negative numbers failing in verify() + - Fix statistics.NormalDist pickle with 0 and 1 protocols. + - enum.auto() is now correctly activated when combined with + other assignment values. E.g. ONE = auto(), 'some text' will + now evaluate as (1, 'some text'). + - Update the bundled copy of pip to version 22.3.1. + - Clean up refleak on failed module initialisation in _zoneinfo + - Clean up refleaks on failed module initialisation in in + _pickle + - Clean up refleak on failed module initialisation in _io. + - Fix memory leak in math.dist() when both points don’t have + the same dimension. Patch by Kumar Aditya. + - [3.11] Applied changes from importlib_metadata 4.11.4 + through 4.13, including compatibility and robustness + fixes for Distribution objects without _normalized_name, + disallowing invalid inputs to Distribution.from_name, and + refined behaviors in PathDistribution._name_from_stem and + PathDistribution._normalized_name. + - Fix argument typechecks in _overlapped.WSAConnect() and + _overlapped.Overlapped.WSASendTo() functions. + - Prevent crashing in traceback when retrieving the byte-offset + for some source files that contain certain unicode + characters. + - Fix internal error in the re module which in very rare + circumstances prevented compilation of a regular expression + containing a conditional expression without the “else” + branch. + - Fix asyncio.StreamWriter.drain() to call + protocol.connection_lost callback only once on Windows. + - Add a mutex to unittest.mock.NonCallableMock to protect + concurrent access to mock attributes. + - Fix hang on Windows in subprocess.wait_closed() in asyncio + with ProactorEventLoop. Patch by Kumar Aditya. + - Fix infinite loop in unittest when a self-referencing chained + exception is raised + - tkinter.Text.count() raises now an exception for options + starting with “-” instead of silently ignoring them. + - On uname_result, restored expectation that _fields and + _asdict would include all six properties including processor. + - A createSocket() method was added to SysLogHandler. + - Fix bug in urllib.parse.urlparse() that causes certain port + numbers containing whitespace, underscores, plus and minus + signs, or non-ASCII digits to be incorrectly accepted. + - Allow venv to pass along PYTHON* variables to ensurepip and + pip when they do not impact path resolution + - On macOS, fix a crash in syslog.syslog() in multi-threaded + applications. On macOS, the libc syslog() function is not + thread-safe, so syslog.syslog() no longer releases the GIL to + call it. Patch by Victor Stinner. + - Allow BUILTINS to be a valid field name for frozen + dataclasses. + - Wrap network errors consistently in urllib FTP support, so + the test suite doesn’t fail when a network is available but + the public internet is not reachable. + - Make sure patch.dict() can be applied on async functions. + - Earlier in 3.11 we deprecated + asyncio.Task.cancel("message"). We realized we were too + harsh, and have undeprecated it. + - Change deprecate warning message in unittest from It is + deprecated to return a value!=None to It is deprecated to + return a value that is not None from a test case + - Fixes AttributeError when subprocess.check_output() is used + with argument input=None and either of the arguments encoding + or errors are used. + - Fix is_private properties in the ipaddress module. Previously + non-private networks (0.0.0.0/0) would return True from this + method; now they correctly return False. + - Avoid spurious tracebacks from asyncio when default executor + cleanup is delayed until after the event loop is closed (e.g. + as the result of a keyboard interrupt). + - Avoid a crash in the C version of + asyncio.Future.remove_done_callback() when an evil argument + is passed. + - Remove tokenize.NL check from tabnanny. + - Fix generation of the default name of + tkinter.Checkbutton. Previously, checkbuttons in different + parent widgets could have the same short name and share + the same state if arguments “name” and “variable” are not + specified. Now they are globally unique. + - Update bundled libexpat to 2.4.9 + - Fix race condition in asyncio where process_exited() called + before the pipe_data_received() leading to inconsistent + output. Patch by Kumar Aditya. + - Fixed check in multiprocessing.resource_tracker that + guarantees that the length of a write to a pipe is not + greater than PIPE_BUF. + - Corrected type annotation for dataclass attribute + pstats.FunctionProfile.ncalls to be str. + - Fix repr of Any subclasses. + - Work around missing socket functions in socket’s __repr__. + - In inspect, fix overeager replacement of “typing.” in + formatting annotations. + - Fix handling of bytes path-like objects in os.ismount(). + - Fix handling compiler warnings (SyntaxWarning and + DeprecationWarning) in codeop.compile_command() when checking + for incomplete input. Previously it emitted warnings and + raised a SyntaxError. Now it always returns None for + incomplete input without emitting any warnings. + - To avoid apparent memory leaks when asyncio.open_connection() + raises, break reference cycles generated by local exception + and future instances (which has exception instance as its + member var). Patch by Dong Uk, Kang. + - Fixed flickering of the turtle window when the tracer is + turned off. Patch by Shin-myoung-serp. + - Fix asyncio subprocess transport to kill process cleanly + when process is blocked and avoid RuntimeError when loop is + closed. Patch by Kumar Aditya. + - Prevent error when activating venv in nested fish instances. + - TarFile.next() now returns None when called on an empty + tarfile. + - Document the optional callback parameter of WeakMethod. Patch + by Géry Ogam. + - Restrict use of sockets instead of pipes for stdin of + subprocesses created by asyncio to AIX platform only. + - shutil.copytree() now applies the ignore_dangling_symlinks + argument recursively. + - Fix IndexError in argparse.ArgumentParser when a store_true + action is given an explicit argument. + - Document that calling variadic functions with ctypes requires + special care on macOS/arm64 (and possibly other platforms). + - Remove extra row + - Clarified the conflicting advice given in the ast + documentation about ast.literal_eval() being “safe” for use + on untrusted input while at the same time warning that it + can crash the process. The latter statement is true and is + deemed unfixable without a large amount of work unsuitable + for a bugfix. So we keep the warning and no longer claim that + literal_eval is safe. + - Restructured the documentation for the os.wait* family of + functions, and improved the docs for os.waitid() with more + explanation of the possible argument constants. + - Skip test_normalization() of test_unicodedata if it + fails to download NormalizationTest.txt file from + pythontest.net. Patch by Victor Stinner. + - Correct test_marsh on (32 bit) x86: test_deterministic sets + was failing. + - Optional big memory tests in test_sqlite3 now catch the + correct sqlite.DataError exception type in case of too large + strings and/or blobs passed. + - Fix a bug in the typing tests where a test relying + on CPython-specific implementation details was not + decorated with @cpython_only and was not skipped on other + implementations. + - Add tests for star-unpacking with PEP 646, and some other + miscellaneous PEP 646 tests. + - Added explicit coverage of Py_Initialize (and hence + Py_InitializeEx) back to the embedding tests (all other + embedding tests migrated to Py_InitializeFromConfig in Python + 3.11) + - Some C API tests were moved into the new Lib/test/test_capi/ + directory. + - Fix -Wimplicit-int, -Wstrict-prototypes, and + -Wimplicit-function-declaration compiler warnings in + configure checks. + - Fix a compilation issue with GCC 12 on macOS. + - Fix -Wimplicit-int compiler warning in configure check for + PTHREAD_SCOPE_SYSTEM. + - Fix a possible fd leak in Programs/_freeze_module.c + introduced in Python 3.11. + - Fix build with PYTHON_FOR_REGEN=python3.8. + - Specify the full path to the source location for make + docclean (needed for cross-builds). + - Don’t use vendored libmpdec headers if --with-system-libmpdec + is passed to configure. Don’t use vendored libexpat headers + if --with-system-expat is passed to !configure. + - Fix the build process of clang compiler for _bootstrap_python + if LTO optimization is applied. Patch by Matthias Görgens and + Dong-hee Na. + - wasm32-emscripten builds for browsers now include + concurrent.futures for asyncio and unittest.mock. + - wasm32-emscripten platform no longer builds resource module, + getresuid(), getresgid(), and their setters. The APIs are + stubs and not functional. + - Updated pegen regeneration script on Windows to find and + use Python 3.9 or higher. Prior to this, pegen regeneration + already required 3.9 or higher, but the script may have used + lower versions of Python. + - Fix a bug in the previous bugfix that caused IDLE to + not start when run with 3.10.8, 3.12.0a1, and at least + Microsoft Python 3.10.2288.0 installed without the Lib/test + package. 3.11.0 was never affected. + - The wasm_build.py script now pre-builds Emscripten ports, + checks for broken EMSDK versions, and warns about pkg-config + env vars. + - The new tool Tools/wasm/wasm_builder.py automates configure, + compile, and test steps for building CPython on WebAssembly + platforms. + - Fix handling of module docstrings in Tools/i18n/pygettext.py. + - PyBUF_* constants were marked as part of Limited API + of Python 3.11+. These were available in 3.11.0 with + Py_LIMITED_API defined for 3.11, and are necessary to use the + buffer API. + - Fix use-after-free in Py_SetPythonHome(NULL), + Py_SetProgramName(NULL) and _Py_SetProgramFullPath(NULL) + function calls. Issue reported by Benedikt Reinartz. Patch by + Victor Stinner. + - Py_InitializeEx now correctly calls PyConfig_Clear after + initializing the interpreter (the omission didn’t cause a + memory leak only because none of the dynamically allocated + config fields are populated by the wrapper function) +- Removed upstreamed patches: + - 98437-sphinx.locale._-as-gettext-in-pyspecific.patch + - CVE-2022-45061-DoS-by-IDNA-decode.patch + ------------------------------------------------------------------- Wed Nov 9 18:31:23 UTC 2022 - Matej Cepl diff --git a/python311.spec b/python311.spec index eb9f333..dc1248f 100644 --- a/python311.spec +++ b/python311.spec @@ -67,7 +67,7 @@ Obsoletes: python39%{?1:-%{1}} %define tarversion %{version} %endif # We don't process beta signs well -%define folderversion 3.11.0 +%define folderversion %{tarversion} %define tarname Python-%{tarversion} %define sitedir %{_libdir}/python%{python_version} # three possible ABI kinds: m - pymalloc, d - debug build; see PEP 3149 @@ -103,7 +103,7 @@ Obsoletes: python39%{?1:-%{1}} %define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so %bcond_without profileopt Name: %{python_pkg_name}%{psuffix} -Version: 3.11.0 +Version: 3.11.1 Release: 0 Summary: Python 3 Interpreter License: Python-2.0 @@ -166,12 +166,6 @@ Patch35: fix_configure_rst.patch # PATCH-FIX-UPSTREAM support-expat-CVE-2022-25236-patched.patch jsc#SLE-21253 mcepl@suse.com # Makes Python resilient to changes of API of libexpat Patch36: support-expat-CVE-2022-25236-patched.patch -# PATCH-FIX-UPSTREAM 98437-sphinx.locale._-as-gettext-in-pyspecific.patch gh#python/cpython#98366 mcepl@suse.com -# this patch makes things totally awesome -Patch37: 98437-sphinx.locale._-as-gettext-in-pyspecific.patch -# PATCH-FIX-UPSTREAM CVE-2022-45061-DoS-by-IDNA-decode.patch bsc#1205244 mcepl@suse.com -# Avoid DoS by decoding IDNA for too long domain names -Patch38: CVE-2022-45061-DoS-by-IDNA-decode.patch BuildRequires: autoconf-archive BuildRequires: automake BuildRequires: fdupes @@ -438,8 +432,6 @@ other applications. %endif %patch35 -p1 %patch36 -p1 -%patch37 -p1 -%patch38 -p1 # drop Autoconf version requirement sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac diff --git a/subprocess-raise-timeout.patch b/subprocess-raise-timeout.patch index a455335..5f0fcb5 100644 --- a/subprocess-raise-timeout.patch +++ b/subprocess-raise-timeout.patch @@ -4,7 +4,7 @@ --- a/Lib/test/test_subprocess.py +++ b/Lib/test/test_subprocess.py -@@ -272,7 +272,8 @@ class ProcessTestCase(BaseTestCase): +@@ -278,7 +278,8 @@ class ProcessTestCase(BaseTestCase): "time.sleep(3600)"], # Some heavily loaded buildbots (sparc Debian 3.x) require # this much time to start and print. -- 2.51.1 From b37cda8bf5e8df72bed2694c1ce0c14d135bcf1879b271146488718f2e6ec484 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Thu, 19 Jan 2023 10:07:22 +0000 Subject: [PATCH 031/135] - Don't fail on Sphinx build warnings. - For jsc#PED-1570, providing Python 3.11 for SLE-15-SP5. OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=42 --- python311-rpmlintrc | 2 ++ python311.changes | 6 ++++++ python311.spec | 5 ++++- 3 files changed, 12 insertions(+), 1 deletion(-) diff --git a/python311-rpmlintrc b/python311-rpmlintrc index 92241ae..5b35f34 100644 --- a/python311-rpmlintrc +++ b/python311-rpmlintrc @@ -1 +1,3 @@ addFilter("pem-certificate.*/usr/lib.*/python.*/test/*.pem") +addFilter("devel-file-in-non-devel-package.*/usr/lib.*/python.*/tests/*.c") +addFilter("devel-file-in-non-devel-package.*/usr/lib.*/python.*/test/*.cpp") diff --git a/python311.changes b/python311.changes index 5f828ea..5e77c55 100644 --- a/python311.changes +++ b/python311.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Tue Jan 10 11:11:56 UTC 2023 - Matej Cepl + +- Don't fail on Sphinx build warnings. +- For jsc#PED-1570, providing Python 3.11 for SLE-15-SP5. + ------------------------------------------------------------------- Thu Dec 8 14:59:50 UTC 2022 - Matej Cepl diff --git a/python311.spec b/python311.spec index dc1248f..d011686 100644 --- a/python311.spec +++ b/python311.spec @@ -1,7 +1,7 @@ # # spec file # -# Copyright (c) 2022 SUSE LLC +# Copyright (c) 2023 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -466,6 +466,9 @@ rm Lib/site-packages/README.txt # Add vendored bluez-devel files tar xvf %{SOURCE21} +# Don't fail on warnings when building documentation +sed -i -e '/^SPHINXERRORHANDLING/s/-W//' Doc/Makefile + %build %if %{with doc} TODAY_DATE=`date -r %{SOURCE0} "+%%B %%d, %%Y"` -- 2.51.1 From d7b979c1e04b4604328eca92706213d824370857c98aa0aff38dd158e1314d4a Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Wed, 25 Jan 2023 13:27:45 +0000 Subject: [PATCH 032/135] Accepting request 1060635 from home:dirkmueller:Factory - build GLIBC hwcaps optimized versions of the interpreter OBS-URL: https://build.opensuse.org/request/show/1060635 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=44 --- python311.changes | 5 +++++ python311.spec | 1 + 2 files changed, 6 insertions(+) diff --git a/python311.changes b/python311.changes index 5e77c55..ec6df36 100644 --- a/python311.changes +++ b/python311.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Tue Jan 24 12:23:34 UTC 2023 - Dirk Müller + +- build GLIBC hwcaps optimized versions of the interpreter + ------------------------------------------------------------------- Tue Jan 10 11:11:56 UTC 2023 - Matej Cepl diff --git a/python311.spec b/python311.spec index d011686..d517701 100644 --- a/python311.spec +++ b/python311.spec @@ -220,6 +220,7 @@ Recommends: %{python_pkg_name}-pip Provides: python3 = %{python_version} %endif %endif +%{?suse_build_hwcaps_libs} %description Python 3 is modern interpreted, object-oriented programming language, -- 2.51.1 From 0a8a28caaaa22d175b12d39efdc40d24ab037c85e5b0599b8deb921700b9e7e7 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Fri, 27 Jan 2023 13:46:48 +0000 Subject: [PATCH 033/135] Accepting request 1061231 from home:kukuk:branches:devel:languages:python:Factory - Disable NIS for new products, it's deprecated and gets removed OBS-URL: https://build.opensuse.org/request/show/1061231 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=46 --- python311.changes | 5 +++++ python311.spec | 4 +++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/python311.changes b/python311.changes index ec6df36..4775e0b 100644 --- a/python311.changes +++ b/python311.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Thu Jan 26 13:28:24 UTC 2023 - Thorsten Kukuk + +- Disable NIS for new products, it's deprecated and gets removed + ------------------------------------------------------------------- Tue Jan 24 12:23:34 UTC 2023 - Dirk Müller diff --git a/python311.spec b/python311.spec index d517701..4fbdf47 100644 --- a/python311.spec +++ b/python311.spec @@ -185,7 +185,7 @@ BuildRequires: pkgconfig(zlib) # The provider for python(abi) is in rpm-build-python BuildRequires: rpm-build-python %endif -%if 0%{?suse_version} >= 1500 +%if 0%{?suse_version} >= 1500 && 0%{?suse_version} < 1599 BuildRequires: pkgconfig(libnsl) BuildRequires: pkgconfig(libtirpc) %endif @@ -802,7 +802,9 @@ echo %{sitedir}/_import_failed > %{buildroot}/%{sitedir}/site-packages/zzzz-impo %exclude %{sitedir}/sqlite3/test %{dynlib readline} %{dynlib _sqlite3} +%if 0%{?suse_version} < 1599 %{dynlib nis} +%endif %files -n %{python_pkg_name}-idle %defattr(644, root, root, 755) -- 2.51.1 From 1c719478cb15f2603c547b3551fc37981a4a7455dbbcaa4bdf1b37e6775c068b Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Tue, 21 Feb 2023 13:49:09 +0000 Subject: [PATCH 034/135] - Add provides for readline and sqlite3 to the main Python package. OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=48 --- python311.changes | 6 ++++++ python311.spec | 4 ++++ 2 files changed, 10 insertions(+) diff --git a/python311.changes b/python311.changes index 4775e0b..727badb 100644 --- a/python311.changes +++ b/python311.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Tue Feb 21 11:34:49 UTC 2023 - Matej Cepl + +- Add provides for readline and sqlite3 to the main Python + package. + ------------------------------------------------------------------- Thu Jan 26 13:28:24 UTC 2023 - Thorsten Kukuk diff --git a/python311.spec b/python311.spec index 4fbdf47..e4ed3ca 100644 --- a/python311.spec +++ b/python311.spec @@ -212,12 +212,16 @@ BuildRequires: pkgconfig(ncurses) BuildRequires: pkgconfig(tk) BuildRequires: pkgconfig(x11) Requires: %{python_pkg_name}-base = %{version} +Provides: %{python_pkg_name}-readline +Provides: %{python_pkg_name}-sqlite3 Recommends: %{python_pkg_name}-curses Recommends: %{python_pkg_name}-dbm Recommends: %{python_pkg_name}-pip %obsolete_python_versioned %if %{primary_interpreter} Provides: python3 = %{python_version} +Provides: python3-readline +Provides: python3-sqlite3 %endif %endif %{?suse_build_hwcaps_libs} -- 2.51.1 From 339c66ef3e736148407b80a38ea808205017b3af0a51bd07ac1ffcdc91c03652 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Wed, 1 Mar 2023 20:51:07 +0000 Subject: [PATCH 035/135] - Add python310 Obsoletes line to obsolete_python_versioned macro. OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=50 --- python311.changes | 5 +++++ python311.spec | 3 ++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/python311.changes b/python311.changes index 727badb..0288245 100644 --- a/python311.changes +++ b/python311.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Wed Mar 1 20:50:04 UTC 2023 - Matej Cepl + +- Add python310 Obsoletes line to obsolete_python_versioned macro. + ------------------------------------------------------------------- Tue Feb 21 11:34:49 UTC 2023 - Matej Cepl diff --git a/python311.spec b/python311.spec index e4ed3ca..3f94053 100644 --- a/python311.spec +++ b/python311.spec @@ -47,7 +47,8 @@ # Obsoleting previous "latest" Python versions # Next versions will get more lines like for older versions %define obsolete_python_versioned() \ -Obsoletes: python39%{?1:-%{1}} +Obsoletes: python39%{?1:-%{1}} \ +Obsoletes: python310%{?1:-%{1}} \ %else %define obsolete_python_versioned() %{nil} %endif -- 2.51.1 From 9eb1b9b80903dc4ed726928b047be05af91567059277806c942604379dfbbc91 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Wed, 1 Mar 2023 20:52:12 +0000 Subject: [PATCH 036/135] Fix the macro OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=51 --- python311.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/python311.spec b/python311.spec index 3f94053..9923911 100644 --- a/python311.spec +++ b/python311.spec @@ -48,7 +48,7 @@ # Next versions will get more lines like for older versions %define obsolete_python_versioned() \ Obsoletes: python39%{?1:-%{1}} \ -Obsoletes: python310%{?1:-%{1}} \ +Obsoletes: python310%{?1:-%{1}} %else %define obsolete_python_versioned() %{nil} %endif -- 2.51.1 From 1b24baf605debe850fbf2565caee49649d069b0616294ec0a847e3ac49fd47b5 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Fri, 3 Mar 2023 18:48:38 +0000 Subject: [PATCH 037/135] - Update to 3.11.2: Bug fixes, no changes in API and no security bugs. OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=52 --- Python-3.11.1.tar.xz | 3 --- Python-3.11.1.tar.xz.asc | 16 ---------------- Python-3.11.2.tar.xz | 3 +++ Python-3.11.2.tar.xz.asc | 16 ++++++++++++++++ fix_configure_rst.patch | 2 +- python311.changes | 6 ++++++ python311.spec | 2 +- 7 files changed, 27 insertions(+), 21 deletions(-) delete mode 100644 Python-3.11.1.tar.xz delete mode 100644 Python-3.11.1.tar.xz.asc create mode 100644 Python-3.11.2.tar.xz create mode 100644 Python-3.11.2.tar.xz.asc diff --git a/Python-3.11.1.tar.xz b/Python-3.11.1.tar.xz deleted file mode 100644 index f31c1c3..0000000 --- a/Python-3.11.1.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:85879192f2cffd56cb16c092905949ebf3e5e394b7f764723529637901dfb58f -size 19856648 diff --git a/Python-3.11.1.tar.xz.asc b/Python-3.11.1.tar.xz.asc deleted file mode 100644 index 638d0cf..0000000 --- a/Python-3.11.1.tar.xz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCAAdFiEEz9yiRbEEPPKl+Xhl/+h0BBaL2EcFAmOPlhsACgkQ/+h0BBaL -2EdY5w/+KKZY3ghMcjuxxF4o9CylFvhHGI7LP6FKZE5xnGtSZ2cXjcad+FwFMnFS -JE5fLpPD3xmkRoCIOwVKIos4l/chfAIE8gNlTBFOAwUYP0uVpA+SYNDOciT64Apj -32jELwHJJVgjG21Lubx35kOtmQa884hBB9T8RsovL35PhFvspSvTx8U+YfGKIZzG -liWwj/gBMMGd3p6pvz9UQsnqBLAfw50M6BDDQrQtoIDnw2R5s8oBqYa7uiRBzQch -dUGUm/gt9lBTI0fT3ZgCMD3Zu2et252nsbzMYgBuPSg6SlT63wHktzq1aewQ2lL2 -VcBBbIf4hpkL5QnPgzKuiHcU7tBeRngTaWhw0Nc8kfGuz56HsEJJyhaHtD5mlCx9 -0treI/NPAeA8KcrpnkufTpMCee7/R7CfH/dNp29yJlhbC+WYMbr6s600jJISf6zn -s0C40/MGLvVwIgT6HBkXkDL0Lii8vxc3w5smLiQ4xvQSHSS/fkP2qIDUhrX0eUlq -atacso0j7XAKYWBRHT70ZeXIN4UJuQ+dfK7xAC+bmyo9X9jcpUeozws8OvczYBRq -2qk4hCFFP/WgZ/MBiVoe2xmC6+ak2gH6xX6w2bB0/4Dc6KBMxWyUmRPuBVvx/cCp -AwXvH94gZl9wj/tmvOoZNqaMFG3tWuWo7+YzosWOBHAoUk8ILNM= -=ZuYB ------END PGP SIGNATURE----- diff --git a/Python-3.11.2.tar.xz b/Python-3.11.2.tar.xz new file mode 100644 index 0000000..2728336 --- /dev/null +++ b/Python-3.11.2.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:29e4b8f5f1658542a8c13e2dd277358c9c48f2b2f7318652ef1675e402b9d2af +size 19893284 diff --git a/Python-3.11.2.tar.xz.asc b/Python-3.11.2.tar.xz.asc new file mode 100644 index 0000000..34be782 --- /dev/null +++ b/Python-3.11.2.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEz9yiRbEEPPKl+Xhl/+h0BBaL2EcFAmPiV84ACgkQ/+h0BBaL +2EeZ1xAAwBi0AEjUlZ9oeC54VuqC/XLuVwc3xWf+Irw/5mJA2/weJHoQqG9aEDkB +ph1pDJ6G/vDyKdjh8NZKkKftIL9pggRpAcA4mQ3XcDMKI/J+EQe5P/BwsTGClLhK +cZg6IcQKZvo9djfyRz48w9wfKs34NasBgoFQP+hOzmU10UMrcR7gUSB2ZgMVMDID +0rK1w2aPmZmDLUltBhf6Xb2voUYo+3jINLHWmQC6tdDOBxtxv222dhxS1mvpV7Zu +Xw8do9OsQxonc+owkpciMKDLcFoVmkdQPz9bmvHJKovMXT2RY7FEam9H7ukr35fC +xA6BKnyMgvWIWQVTwjBhcz3C85adzAz/ypHNTbJOuPxp1ZP8qO3D6vPlhZIFyTeJ +7LhagUBUkIKKtbz7u3ERJgvA6tn3UVyLOXM1DnaKkXQ1FgSymgWPRU7BsxanQ8FD +QkfTjC8fatZLCewNfGInkeAdLue+rMwZc8Q6vw2CAmcVdOKsQ98Db/FLF5sC+Kjz +D3brUESEX1ELcVk7vumUI0/z+MECF11dpv5hPOZ4cZDoInsNu846TfU0rzOeVe7H +gGO6Ae/Lu5gG09TNqepbFGA/dWR8V3zdLs5ZShTT4FsNFrHh7GDAEAMZSwT3AsVZ +TjOdU3+xEGsEfrYWRXOkhVIQdJtuovwv9+me5YWeyC4Puzp0Zwk= +=8/cW +-----END PGP SIGNATURE----- diff --git a/fix_configure_rst.patch b/fix_configure_rst.patch index 6eb2649..7cef975 100644 --- a/fix_configure_rst.patch +++ b/fix_configure_rst.patch @@ -29,7 +29,7 @@ Create a Python.framework rather than a traditional Unix install. Optional --- a/Misc/NEWS +++ b/Misc/NEWS -@@ -7355,7 +7355,7 @@ C API +@@ -7621,7 +7621,7 @@ C API - bpo-40939: Removed documentation for the removed ``PyParser_*`` C API. - bpo-43795: The list in :ref:`stable-abi-list` now shows the public name diff --git a/python311.changes b/python311.changes index 0288245..1f0f27f 100644 --- a/python311.changes +++ b/python311.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Fri Mar 3 17:23:35 UTC 2023 - Matej Cepl + +- Update to 3.11.2: + Bug fixes, no changes in API and no security bugs. + ------------------------------------------------------------------- Wed Mar 1 20:50:04 UTC 2023 - Matej Cepl diff --git a/python311.spec b/python311.spec index 9923911..cdddade 100644 --- a/python311.spec +++ b/python311.spec @@ -104,7 +104,7 @@ Obsoletes: python310%{?1:-%{1}} %define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so %bcond_without profileopt Name: %{python_pkg_name}%{psuffix} -Version: 3.11.1 +Version: 3.11.2 Release: 0 Summary: Python 3 Interpreter License: Python-2.0 -- 2.51.1 From 9f02c1193de2640b299e1f2bb82d99a96a01cf362c7871e18603befb53a0e770 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Fri, 3 Mar 2023 19:12:38 +0000 Subject: [PATCH 038/135] Take care of testclinic OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=53 --- python311.spec | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/python311.spec b/python311.spec index cdddade..8ee1161 100644 --- a/python311.spec +++ b/python311.spec @@ -643,7 +643,7 @@ for library in \ _posixsubprocess _queue _random resource select _ssl _socket spwd \ _statistics _struct syslog termios _testbuffer _testimportmultiple \ _testmultiphase unicodedata zlib _ctypes_test _testinternalcapi _testcapi \ - _typing xxlimited xxlimited_35 \ + _typing _testclinic xxlimited xxlimited_35 \ _xxtestfuzz _xxsubinterpreters _elementtree pyexpat _md5 _sha1 \ _sha256 _sha512 _blake2 _sha3 _uuid _zoneinfo do @@ -892,6 +892,7 @@ echo %{sitedir}/_import_failed > %{buildroot}/%{sitedir}/site-packages/zzzz-impo %{dynlib _ctypes_test} %{dynlib _testbuffer} %{dynlib _testcapi} +%{dynlib _testclinic} %{dynlib _testinternalcapi} %{dynlib _testimportmultiple} %{dynlib _testmultiphase} -- 2.51.1 From 8fcb1e736e2cb5c876b40133eff6fbddec05297c18ea5b9ad9375d179d0173b3 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Mon, 27 Mar 2023 15:03:56 +0000 Subject: [PATCH 039/135] - Switch off obsoleting previous interpreters. OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=55 --- python311.changes | 5 +++++ python311.spec | 12 ++++++------ 2 files changed, 11 insertions(+), 6 deletions(-) diff --git a/python311.changes b/python311.changes index 1f0f27f..ea95b35 100644 --- a/python311.changes +++ b/python311.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Mon Mar 27 14:59:57 UTC 2023 - Matej Cepl + +- Switch off obsoleting previous interpreters. + ------------------------------------------------------------------- Fri Mar 3 17:23:35 UTC 2023 - Matej Cepl diff --git a/python311.spec b/python311.spec index 8ee1161..1c58785 100644 --- a/python311.spec +++ b/python311.spec @@ -43,15 +43,15 @@ %define primary_interpreter 0 %endif -%if 0%{?sle_version} && 0%{?suse_version} < 1550 +# %%if 0%%{?sle_version} && 0%%{?suse_version} < 1550 # Obsoleting previous "latest" Python versions # Next versions will get more lines like for older versions -%define obsolete_python_versioned() \ -Obsoletes: python39%{?1:-%{1}} \ -Obsoletes: python310%{?1:-%{1}} -%else +# %%define obsolete_python_versioned() \ +# Obsoletes: python39%%{?1:-%%{1}} \ +# Obsoletes: python310%%{?1:-%%{1}} +# %%else %define obsolete_python_versioned() %{nil} -%endif +# %%endif # Setting up variables %define _version %(c=%{version}; echo ${c/[a-z]*/}) -- 2.51.1 From ccbbaff24e3a8d928762a0da70cb4f838f768a647b4f6275b5bc89a67d9ca81c Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Mon, 27 Mar 2023 15:07:38 +0000 Subject: [PATCH 040/135] Revert OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=56 --- python311.changes | 5 ----- python311.spec | 12 ++++++------ 2 files changed, 6 insertions(+), 11 deletions(-) diff --git a/python311.changes b/python311.changes index ea95b35..1f0f27f 100644 --- a/python311.changes +++ b/python311.changes @@ -1,8 +1,3 @@ -------------------------------------------------------------------- -Mon Mar 27 14:59:57 UTC 2023 - Matej Cepl - -- Switch off obsoleting previous interpreters. - ------------------------------------------------------------------- Fri Mar 3 17:23:35 UTC 2023 - Matej Cepl diff --git a/python311.spec b/python311.spec index 1c58785..8ee1161 100644 --- a/python311.spec +++ b/python311.spec @@ -43,15 +43,15 @@ %define primary_interpreter 0 %endif -# %%if 0%%{?sle_version} && 0%%{?suse_version} < 1550 +%if 0%{?sle_version} && 0%{?suse_version} < 1550 # Obsoleting previous "latest" Python versions # Next versions will get more lines like for older versions -# %%define obsolete_python_versioned() \ -# Obsoletes: python39%%{?1:-%%{1}} \ -# Obsoletes: python310%%{?1:-%%{1}} -# %%else +%define obsolete_python_versioned() \ +Obsoletes: python39%{?1:-%{1}} \ +Obsoletes: python310%{?1:-%{1}} +%else %define obsolete_python_versioned() %{nil} -# %%endif +%endif # Setting up variables %define _version %(c=%{version}; echo ${c/[a-z]*/}) -- 2.51.1 From 21d42b692c87ee699d3d44843c790cd840ec981dbec9ad3316dbad58b9918c08 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Thu, 27 Apr 2023 22:09:02 +0000 Subject: [PATCH 041/135] =?UTF-8?q?-=20Update=20to=203.11.3:=20=20=20-=20S?= =?UTF-8?q?ecurity=20=20=20=20=20-=20gh-101727:=20Updated=20the=20OpenSSL?= =?UTF-8?q?=20version=20used=20in=20Windows=20=20=20=20=20=20=20and=20macO?= =?UTF-8?q?S=20binary=20release=20builds=20to=201.1.1t=20to=20address=20?= =?UTF-8?q?=20=20=20=20=20=20CVE-2023-0286,=20CVE-2022-4303,=20and=20CVE-2?= =?UTF-8?q?022-4303=20per=20the=20=20=20=20=20=20=20OpenSSL=202023-02-07?= =?UTF-8?q?=20security=20advisory.=20=20=20=20=20-=20gh-101283:=20subproce?= =?UTF-8?q?ss.Popen=20now=20uses=20a=20safer=20approach=20to=20=20=20=20?= =?UTF-8?q?=20=20=20find=20cmd.exe=20when=20launching=20with=20shell=3DTru?= =?UTF-8?q?e.=20Patch=20by=20Eryk=20=20=20=20=20=20=20Sun,=20based=20on=20?= =?UTF-8?q?a=20patch=20by=20Oleg=20Iarygin.=20=20=20-=20Core=20and=20Built?= =?UTF-8?q?ins=20=20=20=20=20-=20gh-101975:=20Fixed=20stacktop=20value=20o?= =?UTF-8?q?n=20tracing=20entries=20to=20avoid=20=20=20=20=20=20=20corrupti?= =?UTF-8?q?on=20on=20garbage=20collection.=20=20=20=20=20-=20gh-102701:=20?= =?UTF-8?q?Fix=20overflow=20when=20creating=20very=20large=20dict.=20=20?= =?UTF-8?q?=20=20=20-=20gh-102416:=20Do=20not=20memoize=20incorrectly=20au?= =?UTF-8?q?tomatically=20=20=20=20=20=20=20generated=20loop=20rules=20in?= =?UTF-8?q?=20the=20parser.=20Patch=20by=20Pablo=20Galindo.=20=20=20=20=20?= =?UTF-8?q?-=20gh-102356:=20Fix=20a=20bug=20that=20caused=20a=20crash=20wh?= =?UTF-8?q?en=20deallocating=20=20=20=20=20=20=20deeply=20nested=20filter?= =?UTF-8?q?=20objects.=20Patch=20by=20Marta=20G=C3=B3mez=20Mac=C3=ADas.=20?= =?UTF-8?q?=20=20=20=20-=20gh-102397:=20Fix=20segfault=20from=20race=20con?= =?UTF-8?q?dition=20in=20signal=20=20=20=20=20=20=20handling=20during=20ga?= =?UTF-8?q?rbage=20collection.=20Patch=20by=20Kumar=20Aditya.=20=20=20=20?= =?UTF-8?q?=20-=20gh-102281:=20Fix=20potential=20nullptr=20dereference=20a?= =?UTF-8?q?nd=20use=20of=20=20=20=20=20=20=20uninitialized=20memory=20in?= =?UTF-8?q?=20fileutils.=20Patch=20by=20Max=20Bachmann.=20=20=20=20=20-=20?= =?UTF-8?q?gh-102126:=20Fix=20deadlock=20at=20shutdown=20when=20clearing?= =?UTF-8?q?=20thread=20=20=20=20=20=20=20states=20if=20any=20finalizer=20t?= =?UTF-8?q?ries=20to=20acquire=20the=20runtime=20head=20=20=20=20=20=20=20?= =?UTF-8?q?lock.=20Patch=20by=20Kumar=20Aditya.=20=20=20=20=20-=20gh-10202?= =?UTF-8?q?7:=20Fix=20SSE2=20and=20SSE3=20detection=20in=20=5Fblake2=20int?= =?UTF-8?q?ernal=20=20=20=20=20=20=20module.=20Patch=20by=20Max=20Bachmann?= =?UTF-8?q?.=20=20=20=20=20-=20gh-101967:=20Fix=20possible=20segfault=20in?= =?UTF-8?q?=20=20=20=20=20=20=20positional=5Fonly=5Fpassed=5Fas=5Fkeyword?= =?UTF-8?q?=20function,=20when=20new=20list=20=20=20=20=20=20=20created.?= =?UTF-8?q?=20=20=20=20=20-=20gh-101765:=20Fix=20SystemError=20/=20segment?= =?UTF-8?q?ation=20fault=20in=20iter?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=57 --- CVE-2007-4559-filter-tarfile_extractall.patch | 2616 +++++++++++++++++ Python-3.11.2.tar.xz | 3 - Python-3.11.2.tar.xz.asc | 16 - Python-3.11.3.tar.xz | 3 + Python-3.11.3.tar.xz.asc | 16 + fix_configure_rst.patch | 4 +- python311.changes | 117 + python311.spec | 6 +- 8 files changed, 2759 insertions(+), 22 deletions(-) create mode 100644 CVE-2007-4559-filter-tarfile_extractall.patch delete mode 100644 Python-3.11.2.tar.xz delete mode 100644 Python-3.11.2.tar.xz.asc create mode 100644 Python-3.11.3.tar.xz create mode 100644 Python-3.11.3.tar.xz.asc diff --git a/CVE-2007-4559-filter-tarfile_extractall.patch b/CVE-2007-4559-filter-tarfile_extractall.patch new file mode 100644 index 0000000..4419073 --- /dev/null +++ b/CVE-2007-4559-filter-tarfile_extractall.patch @@ -0,0 +1,2616 @@ +From b52ad18a766700be14382ba222033b2d75a33521 Mon Sep 17 00:00:00 2001 +From: Petr Viktorin +Date: Mon, 24 Apr 2023 10:58:06 +0200 +Subject: [PATCH 1/5] =?UTF-8?q?gh-102950:=20Implement=20PEP=20706=20?= + =?UTF-8?q?=E2=80=93=20Filter=20for=20tarfile.extractall=20(#102953)?= +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Backport of af530469954e8ad49f1e071ef31c844b9bfda414 +--- + Doc/library/shutil.rst | 25 + Doc/library/tarfile.rst | 458 ++++ + Doc/whatsnew/3.11.rst | 16 + Lib/shutil.py | 17 + Lib/tarfile.py | 351 +++ + Lib/test/test_shutil.py | 40 + Lib/test/test_tarfile.py | 984 +++++++++- + Misc/NEWS.d/next/Library/2023-03-23-15-24-38.gh-issue-102953.YR4KaK.rst | 4 + 8 files changed, 1799 insertions(+), 96 deletions(-) + create mode 100644 Misc/NEWS.d/next/Library/2023-03-23-15-24-38.gh-issue-102953.YR4KaK.rst + +--- a/Doc/library/shutil.rst ++++ b/Doc/library/shutil.rst +@@ -626,7 +626,7 @@ provided. They rely on the :mod:`zipfil + Remove the archive format *name* from the list of supported formats. + + +-.. function:: unpack_archive(filename[, extract_dir[, format]]) ++.. function:: unpack_archive(filename[, extract_dir[, format[, filter]]]) + + Unpack an archive. *filename* is the full path of the archive. + +@@ -640,6 +640,15 @@ provided. They rely on the :mod:`zipfil + registered for that extension. In case none is found, + a :exc:`ValueError` is raised. + ++ The keyword-only *filter* argument, which was added in Python 3.11.4, ++ is passed to the underlying unpacking function. ++ For zip files, *filter* is not accepted. ++ For tar files, it is recommended to set it to ``'data'``, ++ unless using features specific to tar and UNIX-like filesystems. ++ (See :ref:`tarfile-extraction-filter` for details.) ++ The ``'data'`` filter will become the default for tar files ++ in Python 3.14. ++ + .. audit-event:: shutil.unpack_archive filename,extract_dir,format shutil.unpack_archive + + .. warning:: +@@ -652,6 +661,9 @@ provided. They rely on the :mod:`zipfil + .. versionchanged:: 3.7 + Accepts a :term:`path-like object` for *filename* and *extract_dir*. + ++ .. versionchanged:: 3.11.4 ++ Added the *filter* argument. ++ + .. function:: register_unpack_format(name, extensions, function[, extra_args[, description]]) + + Registers an unpack format. *name* is the name of the format and +@@ -659,11 +671,14 @@ provided. They rely on the :mod:`zipfil + ``.zip`` for Zip files. + + *function* is the callable that will be used to unpack archives. The +- callable will receive the path of the archive, followed by the directory +- the archive must be extracted to. ++ callable will receive: + +- When provided, *extra_args* is a sequence of ``(name, value)`` tuples that +- will be passed as keywords arguments to the callable. ++ - the path of the archive, as a positional argument; ++ - the directory the archive must be extracted to, as a positional argument; ++ - possibly a *filter* keyword argument, if it was given to ++ :func:`unpack_archive`; ++ - additional keyword arguments, specified by *extra_args* as a sequence ++ of ``(name, value)`` tuples. + + *description* can be provided to describe the format, and will be returned + by the :func:`get_unpack_formats` function. +--- a/Doc/library/tarfile.rst ++++ b/Doc/library/tarfile.rst +@@ -206,6 +206,38 @@ The :mod:`tarfile` module defines the fo + Is raised by :meth:`TarInfo.frombuf` if the buffer it gets is invalid. + + ++.. exception:: FilterError ++ ++ Base class for members :ref:`refused ` by ++ filters. ++ ++ .. attribute:: tarinfo ++ ++ Information about the member that the filter refused to extract, ++ as :ref:`TarInfo `. ++ ++.. exception:: AbsolutePathError ++ ++ Raised to refuse extracting a member with an absolute path. ++ ++.. exception:: OutsideDestinationError ++ ++ Raised to refuse extracting a member outside the destination directory. ++ ++.. exception:: SpecialFileError ++ ++ Raised to refuse extracting a special file (e.g. a device or pipe). ++ ++.. exception:: AbsoluteLinkError ++ ++ Raised to refuse extracting a symbolic link with an absolute path. ++ ++.. exception:: LinkOutsideDestinationError ++ ++ Raised to refuse extracting a symbolic link pointing outside the destination ++ directory. ++ ++ + The following constants are available at the module level: + + .. data:: ENCODING +@@ -316,11 +348,8 @@ be finalized; only the internally used f + *debug* can be set from ``0`` (no debug messages) up to ``3`` (all debug + messages). The messages are written to ``sys.stderr``. + +- If *errorlevel* is ``0``, all errors are ignored when using :meth:`TarFile.extract`. +- Nevertheless, they appear as error messages in the debug output, when debugging +- is enabled. If ``1``, all *fatal* errors are raised as :exc:`OSError` +- exceptions. If ``2``, all *non-fatal* errors are raised as :exc:`TarError` +- exceptions as well. ++ *errorlevel* controls how extraction errors are handled, ++ see :attr:`the corresponding attribute <~TarFile.errorlevel>`. + + The *encoding* and *errors* arguments define the character encoding to be + used for reading or writing the archive and how conversion errors are going +@@ -387,7 +416,7 @@ be finalized; only the internally used f + available. + + +-.. method:: TarFile.extractall(path=".", members=None, *, numeric_owner=False) ++.. method:: TarFile.extractall(path=".", members=None, *, numeric_owner=False, filter=None) + + Extract all members from the archive to the current working directory or + directory *path*. If optional *members* is given, it must be a subset of the +@@ -401,6 +430,12 @@ be finalized; only the internally used f + are used to set the owner/group for the extracted files. Otherwise, the named + values from the tarfile are used. + ++ The *filter* argument, which was added in Python 3.11.4, specifies how ++ ``members`` are modified or rejected before extraction. ++ See :ref:`tarfile-extraction-filter` for details. ++ It is recommended to set this explicitly depending on which *tar* features ++ you need to support. ++ + .. warning:: + + Never extract archives from untrusted sources without prior inspection. +@@ -408,14 +443,20 @@ be finalized; only the internally used f + that have absolute filenames starting with ``"/"`` or filenames with two + dots ``".."``. + ++ Set ``filter='data'`` to prevent the most dangerous security issues, ++ and read the :ref:`tarfile-extraction-filter` section for details. ++ + .. versionchanged:: 3.5 + Added the *numeric_owner* parameter. + + .. versionchanged:: 3.6 + The *path* parameter accepts a :term:`path-like object`. + ++ .. versionchanged:: 3.11.4 ++ Added the *filter* parameter. ++ + +-.. method:: TarFile.extract(member, path="", set_attrs=True, *, numeric_owner=False) ++.. method:: TarFile.extract(member, path="", set_attrs=True, *, numeric_owner=False, filter=None) + + Extract a member from the archive to the current working directory, using its + full name. Its file information is extracted as accurately as possible. *member* +@@ -423,9 +464,8 @@ be finalized; only the internally used f + directory using *path*. *path* may be a :term:`path-like object`. + File attributes (owner, mtime, mode) are set unless *set_attrs* is false. + +- If *numeric_owner* is :const:`True`, the uid and gid numbers from the tarfile +- are used to set the owner/group for the extracted files. Otherwise, the named +- values from the tarfile are used. ++ The *numeric_owner* and *filter* arguments are the same as ++ for :meth:`extractall`. + + .. note:: + +@@ -436,6 +476,9 @@ be finalized; only the internally used f + + See the warning for :meth:`extractall`. + ++ Set ``filter='data'`` to prevent the most dangerous security issues, ++ and read the :ref:`tarfile-extraction-filter` section for details. ++ + .. versionchanged:: 3.2 + Added the *set_attrs* parameter. + +@@ -445,6 +488,9 @@ be finalized; only the internally used f + .. versionchanged:: 3.6 + The *path* parameter accepts a :term:`path-like object`. + ++ .. versionchanged:: 3.11.4 ++ Added the *filter* parameter. ++ + + .. method:: TarFile.extractfile(member) + +@@ -457,6 +503,57 @@ be finalized; only the internally used f + .. versionchanged:: 3.3 + Return an :class:`io.BufferedReader` object. + ++.. attribute:: TarFile.errorlevel ++ :type: int ++ ++ If *errorlevel* is ``0``, errors are ignored when using :meth:`TarFile.extract` ++ and :meth:`TarFile.extractall`. ++ Nevertheless, they appear as error messages in the debug output when ++ *debug* is greater than 0. ++ If ``1`` (the default), all *fatal* errors are raised as :exc:`OSError` or ++ :exc:`FilterError` exceptions. If ``2``, all *non-fatal* errors are raised ++ as :exc:`TarError` exceptions as well. ++ ++ Some exceptions, e.g. ones caused by wrong argument types or data ++ corruption, are always raised. ++ ++ Custom :ref:`extraction filters ` ++ should raise :exc:`FilterError` for *fatal* errors ++ and :exc:`ExtractError` for *non-fatal* ones. ++ ++ Note that when an exception is raised, the archive may be partially ++ extracted. It is the user’s responsibility to clean up. ++ ++.. attribute:: TarFile.extraction_filter ++ ++ .. versionadded:: 3.11.4 ++ ++ The :ref:`extraction filter ` used ++ as a default for the *filter* argument of :meth:`~TarFile.extract` ++ and :meth:`~TarFile.extractall`. ++ ++ The attribute may be ``None`` or a callable. ++ String names are not allowed for this attribute, unlike the *filter* ++ argument to :meth:`~TarFile.extract`. ++ ++ If ``extraction_filter`` is ``None`` (the default), ++ calling an extraction method without a *filter* argument will ++ use the :func:`fully_trusted ` filter for ++ compatibility with previous Python versions. ++ ++ In Python 3.12+, leaving ``extraction_filter=None`` will emit a ++ ``DeprecationWarning``. ++ ++ In Python 3.14+, leaving ``extraction_filter=None`` will cause ++ extraction methods to use the :func:`data ` filter by default. ++ ++ The attribute may be set on instances or overridden in subclasses. ++ It also is possible to set it on the ``TarFile`` class itself to set a ++ global default, although, since it affects all uses of *tarfile*, ++ it is best practice to only do so in top-level applications or ++ :mod:`site configuration `. ++ To set a global default this way, a filter function needs to be wrapped in ++ :func:`staticmethod()` to prevent injection of a ``self`` argument. + + .. method:: TarFile.add(name, arcname=None, recursive=True, *, filter=None) + +@@ -532,7 +629,27 @@ permissions, owner etc.), it provides so + It does *not* contain the file's data itself. + + :class:`TarInfo` objects are returned by :class:`TarFile`'s methods +-:meth:`getmember`, :meth:`getmembers` and :meth:`gettarinfo`. ++:meth:`~TarFile.getmember`, :meth:`~TarFile.getmembers` and ++:meth:`~TarFile.gettarinfo`. ++ ++Modifying the objects returned by :meth:`~!TarFile.getmember` or ++:meth:`~!TarFile.getmembers` will affect all subsequent ++operations on the archive. ++For cases where this is unwanted, you can use :mod:`copy.copy() ` or ++call the :meth:`~TarInfo.replace` method to create a modified copy in one step. ++ ++Several attributes can be set to ``None`` to indicate that a piece of metadata ++is unused or unknown. ++Different :class:`TarInfo` methods handle ``None`` differently: ++ ++- The :meth:`~TarFile.extract` or :meth:`~TarFile.extractall` methods will ++ ignore the corresponding metadata, leaving it set to a default. ++- :meth:`~TarFile.addfile` will fail. ++- :meth:`~TarFile.list` will print a placeholder string. ++ ++ ++.. versionchanged:: 3.11.4 ++ Added :meth:`~TarInfo.replace` and handling of ``None``. + + + .. class:: TarInfo(name="") +@@ -566,24 +683,39 @@ A ``TarInfo`` object has the following p + + + .. attribute:: TarInfo.name ++ :type: str + + Name of the archive member. + + + .. attribute:: TarInfo.size ++ :type: int + + Size in bytes. + + + .. attribute:: TarInfo.mtime ++ :type: int | float + +- Time of last modification. ++ Time of last modification in seconds since the :ref:`epoch `, ++ as in :attr:`os.stat_result.st_mtime`. + ++ .. versionchanged:: 3.11.4 ++ ++ Can be set to ``None`` for :meth:`~TarFile.extract` and ++ :meth:`~TarFile.extractall`, causing extraction to skip applying this ++ attribute. + + .. attribute:: TarInfo.mode ++ :type: int ++ ++ Permission bits, as for :func:`os.chmod`. + +- Permission bits. ++ .. versionchanged:: 3.11.4 + ++ Can be set to ``None`` for :meth:`~TarFile.extract` and ++ :meth:`~TarFile.extractall`, causing extraction to skip applying this ++ attribute. + + .. attribute:: TarInfo.type + +@@ -595,35 +727,76 @@ A ``TarInfo`` object has the following p + + + .. attribute:: TarInfo.linkname ++ :type: str + + Name of the target file name, which is only present in :class:`TarInfo` objects + of type :const:`LNKTYPE` and :const:`SYMTYPE`. + + + .. attribute:: TarInfo.uid ++ :type: int + + User ID of the user who originally stored this member. + ++ .. versionchanged:: 3.11.4 ++ ++ Can be set to ``None`` for :meth:`~TarFile.extract` and ++ :meth:`~TarFile.extractall`, causing extraction to skip applying this ++ attribute. + + .. attribute:: TarInfo.gid ++ :type: int + + Group ID of the user who originally stored this member. + ++ .. versionchanged:: 3.11.4 ++ ++ Can be set to ``None`` for :meth:`~TarFile.extract` and ++ :meth:`~TarFile.extractall`, causing extraction to skip applying this ++ attribute. + + .. attribute:: TarInfo.uname ++ :type: str + + User name. + ++ .. versionchanged:: 3.11.4 ++ ++ Can be set to ``None`` for :meth:`~TarFile.extract` and ++ :meth:`~TarFile.extractall`, causing extraction to skip applying this ++ attribute. + + .. attribute:: TarInfo.gname ++ :type: str + + Group name. + ++ .. versionchanged:: 3.11.4 ++ ++ Can be set to ``None`` for :meth:`~TarFile.extract` and ++ :meth:`~TarFile.extractall`, causing extraction to skip applying this ++ attribute. + + .. attribute:: TarInfo.pax_headers ++ :type: dict + + A dictionary containing key-value pairs of an associated pax extended header. + ++.. method:: TarInfo.replace(name=..., mtime=..., mode=..., linkname=..., ++ uid=..., gid=..., uname=..., gname=..., ++ deep=True) ++ ++ .. versionadded:: 3.11.4 ++ ++ Return a *new* copy of the :class:`!TarInfo` object with the given attributes ++ changed. For example, to return a ``TarInfo`` with the group name set to ++ ``'staff'``, use:: ++ ++ new_tarinfo = old_tarinfo.replace(gname='staff') ++ ++ By default, a deep copy is made. ++ If *deep* is false, the copy is shallow, i.e. ``pax_headers`` ++ and any custom attributes are shared with the original ``TarInfo`` object. + + A :class:`TarInfo` object also provides some convenient query methods: + +@@ -673,9 +846,259 @@ A :class:`TarInfo` object also provides + Return :const:`True` if it is one of character device, block device or FIFO. + + ++.. _tarfile-extraction-filter: ++ ++Extraction filters ++------------------ ++ ++.. versionadded:: 3.11.4 ++ ++The *tar* format is designed to capture all details of a UNIX-like filesystem, ++which makes it very powerful. ++Unfortunately, the features make it easy to create tar files that have ++unintended -- and possibly malicious -- effects when extracted. ++For example, extracting a tar file can overwrite arbitrary files in various ++ways (e.g. by using absolute paths, ``..`` path components, or symlinks that ++affect later members). ++ ++In most cases, the full functionality is not needed. ++Therefore, *tarfile* supports extraction filters: a mechanism to limit ++functionality, and thus mitigate some of the security issues. ++ ++.. seealso:: ++ ++ :pep:`706` ++ Contains further motivation and rationale behind the design. ++ ++The *filter* argument to :meth:`TarFile.extract` or :meth:`~TarFile.extractall` ++can be: ++ ++* the string ``'fully_trusted'``: Honor all metadata as specified in the ++ archive. ++ Should be used if the user trusts the archive completely, or implements ++ their own complex verification. ++ ++* the string ``'tar'``: Honor most *tar*-specific features (i.e. features of ++ UNIX-like filesystems), but block features that are very likely to be ++ surprising or malicious. See :func:`tar_filter` for details. ++ ++* the string ``'data'``: Ignore or block most features specific to UNIX-like ++ filesystems. Intended for extracting cross-platform data archives. ++ See :func:`data_filter` for details. ++ ++* ``None`` (default): Use :attr:`TarFile.extraction_filter`. ++ ++ If that is also ``None`` (the default), the ``'fully_trusted'`` ++ filter will be used (for compatibility with earlier versions of Python). ++ ++ In Python 3.12, the default will emit a ``DeprecationWarning``. ++ ++ In Python 3.14, the ``'data'`` filter will become the default instead. ++ It's possible to switch earlier; see :attr:`TarFile.extraction_filter`. ++ ++* A callable which will be called for each extracted member with a ++ :ref:`TarInfo ` describing the member and the destination ++ path to where the archive is extracted (i.e. the same path is used for all ++ members):: ++ ++ filter(/, member: TarInfo, path: str) -> TarInfo | None ++ ++ The callable is called just before each member is extracted, so it can ++ take the current state of the disk into account. ++ It can: ++ ++ - return a :class:`TarInfo` object which will be used instead of the metadata ++ in the archive, or ++ - return ``None``, in which case the member will be skipped, or ++ - raise an exception to abort the operation or skip the member, ++ depending on :attr:`~TarFile.errorlevel`. ++ Note that when extraction is aborted, :meth:`~TarFile.extractall` may leave ++ the archive partially extracted. It does not attempt to clean up. ++ ++Default named filters ++~~~~~~~~~~~~~~~~~~~~~ ++ ++The pre-defined, named filters are available as functions, so they can be ++reused in custom filters: ++ ++.. function:: fully_trusted_filter(/, member, path) ++ ++ Return *member* unchanged. ++ ++ This implements the ``'fully_trusted'`` filter. ++ ++.. function:: tar_filter(/, member, path) ++ ++ Implements the ``'tar'`` filter. ++ ++ - Strip leading slashes (``/`` and :attr:`os.sep`) from filenames. ++ - :ref:`Refuse ` to extract files with absolute ++ paths (in case the name is absolute ++ even after stripping slashes, e.g. ``C:/foo`` on Windows). ++ This raises :class:`~tarfile.AbsolutePathError`. ++ - :ref:`Refuse ` to extract files whose absolute ++ path (after following symlinks) would end up outside the destination. ++ This raises :class:`~tarfile.OutsideDestinationError`. ++ - Clear high mode bits (setuid, setgid, sticky) and group/other write bits ++ (:attr:`~stat.S_IWGRP`|:attr:`~stat.S_IWOTH`). ++ ++ Return the modified ``TarInfo`` member. ++ ++.. function:: data_filter(/, member, path) ++ ++ Implements the ``'data'`` filter. ++ In addition to what ``tar_filter`` does: ++ ++ - :ref:`Refuse ` to extract links (hard or soft) ++ that link to absolute paths, or ones that link outside the destination. ++ ++ This raises :class:`~tarfile.AbsoluteLinkError` or ++ :class:`~tarfile.LinkOutsideDestinationError`. ++ ++ Note that such files are refused even on platforms that do not support ++ symbolic links. ++ ++ - :ref:`Refuse ` to extract device files ++ (including pipes). ++ This raises :class:`~tarfile.SpecialFileError`. ++ ++ - For regular files, including hard links: ++ ++ - Set the owner read and write permissions ++ (:attr:`~stat.S_IRUSR`|:attr:`~stat.S_IWUSR`). ++ - Remove the group & other executable permission ++ (:attr:`~stat.S_IXGRP`|:attr:`~stat.S_IXOTH`) ++ if the owner doesn’t have it (:attr:`~stat.S_IXUSR`). ++ ++ - For other files (directories), set ``mode`` to ``None``, so ++ that extraction methods skip applying permission bits. ++ - Set user and group info (``uid``, ``gid``, ``uname``, ``gname``) ++ to ``None``, so that extraction methods skip setting it. ++ ++ Return the modified ``TarInfo`` member. ++ ++ ++.. _tarfile-extraction-refuse: ++ ++Filter errors ++~~~~~~~~~~~~~ ++ ++When a filter refuses to extract a file, it will raise an appropriate exception, ++a subclass of :class:`~tarfile.FilterError`. ++This will abort the extraction if :attr:`TarFile.errorlevel` is 1 or more. ++With ``errorlevel=0`` the error will be logged and the member will be skipped, ++but extraction will continue. ++ ++ ++Hints for further verification ++~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++ ++Even with ``filter='data'``, *tarfile* is not suited for extracting untrusted ++files without prior inspection. ++Among other issues, the pre-defined filters do not prevent denial-of-service ++attacks. Users should do additional checks. ++ ++Here is an incomplete list of things to consider: ++ ++* Extract to a :func:`new temporary directory ` ++ to prevent e.g. exploiting pre-existing links, and to make it easier to ++ clean up after a failed extraction. ++* When working with untrusted data, use external (e.g. OS-level) limits on ++ disk, memory and CPU usage. ++* Check filenames against an allow-list of characters ++ (to filter out control characters, confusables, foreign path separators, ++ etc.). ++* Check that filenames have expected extensions (discouraging files that ++ execute when you “click on them”, or extension-less files like Windows special device names). ++* Limit the number of extracted files, total size of extracted data, ++ filename length (including symlink length), and size of individual files. ++* Check for files that would be shadowed on case-insensitive filesystems. ++ ++Also note that: ++ ++* Tar files may contain multiple versions of the same file. ++ Later ones are expected to overwrite any earlier ones. ++ This feature is crucial to allow updating tape archives, but can be abused ++ maliciously. ++* *tarfile* does not protect against issues with “live” data, ++ e.g. an attacker tinkering with the destination (or source) directory while ++ extraction (or archiving) is in progress. ++ ++ ++Supporting older Python versions ++~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++ ++Extraction filters were added to Python 3.12, and are backported to older ++versions as security updates. ++To check whether the feature is available, use e.g. ++``hasattr(tarfile, 'data_filter')`` rather than checking the Python version. ++ ++The following examples show how to support Python versions with and without ++the feature. ++Note that setting ``extraction_filter`` will affect any subsequent operations. ++ ++* Fully trusted archive:: ++ ++ my_tarfile.extraction_filter = (lambda member, path: member) ++ my_tarfile.extractall() ++ ++* Use the ``'data'`` filter if available, but revert to Python 3.11 behavior ++ (``'fully_trusted'``) if this feature is not available:: ++ ++ my_tarfile.extraction_filter = getattr(tarfile, 'data_filter', ++ (lambda member, path: member)) ++ my_tarfile.extractall() ++ ++* Use the ``'data'`` filter; *fail* if it is not available:: ++ ++ my_tarfile.extractall(filter=tarfile.data_filter) ++ ++ or:: ++ ++ my_tarfile.extraction_filter = tarfile.data_filter ++ my_tarfile.extractall() ++ ++* Use the ``'data'`` filter; *warn* if it is not available:: ++ ++ if hasattr(tarfile, 'data_filter'): ++ my_tarfile.extractall(filter='data') ++ else: ++ # remove this when no longer needed ++ warn_the_user('Extracting may be unsafe; consider updating Python') ++ my_tarfile.extractall() ++ ++ ++Stateful extraction filter example ++~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++ ++While *tarfile*'s extraction methods take a simple *filter* callable, ++custom filters may be more complex objects with an internal state. ++It may be useful to write these as context managers, to be used like this:: ++ ++ with StatefulFilter() as filter_func: ++ tar.extractall(path, filter=filter_func) ++ ++Such a filter can be written as, for example:: ++ ++ class StatefulFilter: ++ def __init__(self): ++ self.file_count = 0 ++ ++ def __enter__(self): ++ return self ++ ++ def __call__(self, member, path): ++ self.file_count += 1 ++ return member ++ ++ def __exit__(self, *exc_info): ++ print(f'{self.file_count} files extracted') ++ ++ + .. _tarfile-commandline: + .. program:: tarfile + ++ + Command-Line Interface + ---------------------- + +@@ -745,6 +1168,15 @@ Command-line options + + Verbose output. + ++.. cmdoption:: --filter ++ ++ Specifies the *filter* for ``--extract``. ++ See :ref:`tarfile-extraction-filter` for details. ++ Only string names are accepted (that is, ``fully_trusted``, ``tar``, ++ and ``data``). ++ ++ .. versionadded:: 3.11.4 ++ + .. _tar-examples: + + Examples +--- a/Doc/whatsnew/3.11.rst ++++ b/Doc/whatsnew/3.11.rst +@@ -2702,4 +2702,20 @@ Removed + (Contributed by Inada Naoki in :issue:`44029`.) + + ++Notable Changes in 3.11.4 ++========================= ++ ++tarfile ++------- ++ ++* The extraction methods in :mod:`tarfile`, and :func:`shutil.unpack_archive`, ++ have a new a *filter* argument that allows limiting tar features than may be ++ surprising or dangerous, such as creating files outside the destination ++ directory. ++ See :ref:`tarfile-extraction-filter` for details. ++ In Python 3.12, use without the *filter* argument will show a ++ :exc:`DeprecationWarning`. ++ In Python 3.14, the default will switch to ``'data'``. ++ (Contributed by Petr Viktorin in :pep:`706`.) ++ + .. _libb2: https://www.blake2.net/ +--- a/Lib/shutil.py ++++ b/Lib/shutil.py +@@ -1231,7 +1231,7 @@ def _unpack_zipfile(filename, extract_di + finally: + zip.close() + +-def _unpack_tarfile(filename, extract_dir): ++def _unpack_tarfile(filename, extract_dir, *, filter=None): + """Unpack tar/tar.gz/tar.bz2/tar.xz `filename` to `extract_dir` + """ + import tarfile # late import for breaking circular dependency +@@ -1241,7 +1241,7 @@ def _unpack_tarfile(filename, extract_di + raise ReadError( + "%s is not a compressed or uncompressed tar file" % filename) + try: +- tarobj.extractall(extract_dir) ++ tarobj.extractall(extract_dir, filter=filter) + finally: + tarobj.close() + +@@ -1274,7 +1274,7 @@ def _find_unpack_format(filename): + return name + return None + +-def unpack_archive(filename, extract_dir=None, format=None): ++def unpack_archive(filename, extract_dir=None, format=None, *, filter=None): + """Unpack an archive. + + `filename` is the name of the archive. +@@ -1288,6 +1288,9 @@ def unpack_archive(filename, extract_dir + was registered for that extension. + + In case none is found, a ValueError is raised. ++ ++ If `filter` is given, it is passed to the underlying ++ extraction function. + """ + sys.audit("shutil.unpack_archive", filename, extract_dir, format) + +@@ -1297,6 +1300,10 @@ def unpack_archive(filename, extract_dir + extract_dir = os.fspath(extract_dir) + filename = os.fspath(filename) + ++ if filter is None: ++ filter_kwargs = {} ++ else: ++ filter_kwargs = {'filter': filter} + if format is not None: + try: + format_info = _UNPACK_FORMATS[format] +@@ -1304,7 +1311,7 @@ def unpack_archive(filename, extract_dir + raise ValueError("Unknown unpack format '{0}'".format(format)) from None + + func = format_info[1] +- func(filename, extract_dir, **dict(format_info[2])) ++ func(filename, extract_dir, **dict(format_info[2]), **filter_kwargs) + else: + # we need to look at the registered unpackers supported extensions + format = _find_unpack_format(filename) +@@ -1312,7 +1319,7 @@ def unpack_archive(filename, extract_dir + raise ReadError("Unknown archive format '{0}'".format(filename)) + + func = _UNPACK_FORMATS[format][1] +- kwargs = dict(_UNPACK_FORMATS[format][2]) ++ kwargs = dict(_UNPACK_FORMATS[format][2]) | filter_kwargs + func(filename, extract_dir, **kwargs) + + +--- a/Lib/tarfile.py ++++ b/Lib/tarfile.py +@@ -45,6 +45,7 @@ import time + import struct + import copy + import re ++import warnings + + try: + import pwd +@@ -70,6 +71,7 @@ __all__ = ["TarFile", "TarInfo", "is_tar + "ENCODING", "USTAR_FORMAT", "GNU_FORMAT", "PAX_FORMAT", + "DEFAULT_FORMAT", "open"] + ++ + #--------------------------------------------------------- + # tar constants + #--------------------------------------------------------- +@@ -157,6 +159,8 @@ else: + def stn(s, length, encoding, errors): + """Convert a string to a null-terminated bytes object. + """ ++ if s is None: ++ raise ValueError("metadata cannot contain None") + s = s.encode(encoding, errors) + return s[:length] + (length - len(s)) * NUL + +@@ -708,9 +712,127 @@ class ExFileObject(io.BufferedReader): + super().__init__(fileobj) + #class ExFileObject + ++ ++#----------------------------- ++# extraction filters (PEP 706) ++#----------------------------- ++ ++class FilterError(TarError): ++ pass ++ ++class AbsolutePathError(FilterError): ++ def __init__(self, tarinfo): ++ self.tarinfo = tarinfo ++ super().__init__(f'member {tarinfo.name!r} has an absolute path') ++ ++class OutsideDestinationError(FilterError): ++ def __init__(self, tarinfo, path): ++ self.tarinfo = tarinfo ++ self._path = path ++ super().__init__(f'{tarinfo.name!r} would be extracted to {path!r}, ' ++ + 'which is outside the destination') ++ ++class SpecialFileError(FilterError): ++ def __init__(self, tarinfo): ++ self.tarinfo = tarinfo ++ super().__init__(f'{tarinfo.name!r} is a special file') ++ ++class AbsoluteLinkError(FilterError): ++ def __init__(self, tarinfo): ++ self.tarinfo = tarinfo ++ super().__init__(f'{tarinfo.name!r} is a symlink to an absolute path') ++ ++class LinkOutsideDestinationError(FilterError): ++ def __init__(self, tarinfo, path): ++ self.tarinfo = tarinfo ++ self._path = path ++ super().__init__(f'{tarinfo.name!r} would link to {path!r}, ' ++ + 'which is outside the destination') ++ ++def _get_filtered_attrs(member, dest_path, for_data=True): ++ new_attrs = {} ++ name = member.name ++ dest_path = os.path.realpath(dest_path) ++ # Strip leading / (tar's directory separator) from filenames. ++ # Include os.sep (target OS directory separator) as well. ++ if name.startswith(('/', os.sep)): ++ name = new_attrs['name'] = member.path.lstrip('/' + os.sep) ++ if os.path.isabs(name): ++ # Path is absolute even after stripping. ++ # For example, 'C:/foo' on Windows. ++ raise AbsolutePathError(member) ++ # Ensure we stay in the destination ++ target_path = os.path.realpath(os.path.join(dest_path, name)) ++ if os.path.commonpath([target_path, dest_path]) != dest_path: ++ raise OutsideDestinationError(member, target_path) ++ # Limit permissions (no high bits, and go-w) ++ mode = member.mode ++ if mode is not None: ++ # Strip high bits & group/other write bits ++ mode = mode & 0o755 ++ if for_data: ++ # For data, handle permissions & file types ++ if member.isreg() or member.islnk(): ++ if not mode & 0o100: ++ # Clear executable bits if not executable by user ++ mode &= ~0o111 ++ # Ensure owner can read & write ++ mode |= 0o600 ++ elif member.isdir() or member.issym(): ++ # Ignore mode for directories & symlinks ++ mode = None ++ else: ++ # Reject special files ++ raise SpecialFileError(member) ++ if mode != member.mode: ++ new_attrs['mode'] = mode ++ if for_data: ++ # Ignore ownership for 'data' ++ if member.uid is not None: ++ new_attrs['uid'] = None ++ if member.gid is not None: ++ new_attrs['gid'] = None ++ if member.uname is not None: ++ new_attrs['uname'] = None ++ if member.gname is not None: ++ new_attrs['gname'] = None ++ # Check link destination for 'data' ++ if member.islnk() or member.issym(): ++ if os.path.isabs(member.linkname): ++ raise AbsoluteLinkError(member) ++ target_path = os.path.realpath(os.path.join(dest_path, member.linkname)) ++ if os.path.commonpath([target_path, dest_path]) != dest_path: ++ raise LinkOutsideDestinationError(member, target_path) ++ return new_attrs ++ ++def fully_trusted_filter(member, dest_path): ++ return member ++ ++def tar_filter(member, dest_path): ++ new_attrs = _get_filtered_attrs(member, dest_path, False) ++ if new_attrs: ++ return member.replace(**new_attrs, deep=False) ++ return member ++ ++def data_filter(member, dest_path): ++ new_attrs = _get_filtered_attrs(member, dest_path, True) ++ if new_attrs: ++ return member.replace(**new_attrs, deep=False) ++ return member ++ ++_NAMED_FILTERS = { ++ "fully_trusted": fully_trusted_filter, ++ "tar": tar_filter, ++ "data": data_filter, ++} ++ + #------------------ + # Exported Classes + #------------------ ++ ++# Sentinel for replace() defaults, meaning "don't change the attribute" ++_KEEP = object() ++ + class TarInfo(object): + """Informational class which holds the details about an + archive member given by a tar header block. +@@ -791,12 +913,44 @@ class TarInfo(object): + def __repr__(self): + return "<%s %r at %#x>" % (self.__class__.__name__,self.name,id(self)) + ++ def replace(self, *, ++ name=_KEEP, mtime=_KEEP, mode=_KEEP, linkname=_KEEP, ++ uid=_KEEP, gid=_KEEP, uname=_KEEP, gname=_KEEP, ++ deep=True, _KEEP=_KEEP): ++ """Return a deep copy of self with the given attributes replaced. ++ """ ++ if deep: ++ result = copy.deepcopy(self) ++ else: ++ result = copy.copy(self) ++ if name is not _KEEP: ++ result.name = name ++ if mtime is not _KEEP: ++ result.mtime = mtime ++ if mode is not _KEEP: ++ result.mode = mode ++ if linkname is not _KEEP: ++ result.linkname = linkname ++ if uid is not _KEEP: ++ result.uid = uid ++ if gid is not _KEEP: ++ result.gid = gid ++ if uname is not _KEEP: ++ result.uname = uname ++ if gname is not _KEEP: ++ result.gname = gname ++ return result ++ + def get_info(self): + """Return the TarInfo's attributes as a dictionary. + """ ++ if self.mode is None: ++ mode = None ++ else: ++ mode = self.mode & 0o7777 + info = { + "name": self.name, +- "mode": self.mode & 0o7777, ++ "mode": mode, + "uid": self.uid, + "gid": self.gid, + "size": self.size, +@@ -819,6 +973,9 @@ class TarInfo(object): + """Return a tar header as a string of 512 byte blocks. + """ + info = self.get_info() ++ for name, value in info.items(): ++ if value is None: ++ raise ValueError("%s may not be None" % name) + + if format == USTAR_FORMAT: + return self.create_ustar_header(info, encoding, errors) +@@ -949,6 +1106,12 @@ class TarInfo(object): + devmajor = stn("", 8, encoding, errors) + devminor = stn("", 8, encoding, errors) + ++ # None values in metadata should cause ValueError. ++ # itn()/stn() do this for all fields except type. ++ filetype = info.get("type", REGTYPE) ++ if filetype is None: ++ raise ValueError("TarInfo.type must not be None") ++ + parts = [ + stn(info.get("name", ""), 100, encoding, errors), + itn(info.get("mode", 0) & 0o7777, 8, format), +@@ -957,7 +1120,7 @@ class TarInfo(object): + itn(info.get("size", 0), 12, format), + itn(info.get("mtime", 0), 12, format), + b" ", # checksum field +- info.get("type", REGTYPE), ++ filetype, + stn(info.get("linkname", ""), 100, encoding, errors), + info.get("magic", POSIX_MAGIC), + stn(info.get("uname", ""), 32, encoding, errors), +@@ -1467,6 +1630,8 @@ class TarFile(object): + + fileobject = ExFileObject # The file-object for extractfile(). + ++ extraction_filter = None # The default filter for extraction. ++ + def __init__(self, name=None, mode="r", fileobj=None, format=None, + tarinfo=None, dereference=None, ignore_zeros=None, encoding=None, + errors="surrogateescape", pax_headers=None, debug=None, +@@ -1939,7 +2104,10 @@ class TarFile(object): + members = self + for tarinfo in members: + if verbose: +- _safe_print(stat.filemode(tarinfo.mode)) ++ if tarinfo.mode is None: ++ _safe_print("??????????") ++ else: ++ _safe_print(stat.filemode(tarinfo.mode)) + _safe_print("%s/%s" % (tarinfo.uname or tarinfo.uid, + tarinfo.gname or tarinfo.gid)) + if tarinfo.ischr() or tarinfo.isblk(): +@@ -1947,8 +2115,11 @@ class TarFile(object): + ("%d,%d" % (tarinfo.devmajor, tarinfo.devminor))) + else: + _safe_print("%10d" % tarinfo.size) +- _safe_print("%d-%02d-%02d %02d:%02d:%02d" \ +- % time.localtime(tarinfo.mtime)[:6]) ++ if tarinfo.mtime is None: ++ _safe_print("????-??-?? ??:??:??") ++ else: ++ _safe_print("%d-%02d-%02d %02d:%02d:%02d" \ ++ % time.localtime(tarinfo.mtime)[:6]) + + _safe_print(tarinfo.name + ("/" if tarinfo.isdir() else "")) + +@@ -2035,32 +2206,58 @@ class TarFile(object): + + self.members.append(tarinfo) + +- def extractall(self, path=".", members=None, *, numeric_owner=False): ++ def _get_filter_function(self, filter): ++ if filter is None: ++ filter = self.extraction_filter ++ if filter is None: ++ return fully_trusted_filter ++ if isinstance(filter, str): ++ raise TypeError( ++ 'String names are not supported for ' ++ + 'TarFile.extraction_filter. Use a function such as ' ++ + 'tarfile.data_filter directly.') ++ return filter ++ if callable(filter): ++ return filter ++ try: ++ return _NAMED_FILTERS[filter] ++ except KeyError: ++ raise ValueError(f"filter {filter!r} not found") from None ++ ++ def extractall(self, path=".", members=None, *, numeric_owner=False, ++ filter=None): + """Extract all members from the archive to the current working + directory and set owner, modification time and permissions on + directories afterwards. `path' specifies a different directory + to extract to. `members' is optional and must be a subset of the + list returned by getmembers(). If `numeric_owner` is True, only + the numbers for user/group names are used and not the names. ++ ++ The `filter` function will be called on each member just ++ before extraction. ++ It can return a changed TarInfo or None to skip the member. ++ String names of common filters are accepted. + """ + directories = [] + ++ filter_function = self._get_filter_function(filter) + if members is None: + members = self + +- for tarinfo in members: ++ for member in members: ++ tarinfo = self._get_extract_tarinfo(member, filter_function, path) ++ if tarinfo is None: ++ continue + if tarinfo.isdir(): +- # Extract directories with a safe mode. ++ # For directories, delay setting attributes until later, ++ # since permissions can interfere with extraction and ++ # extracting contents can reset mtime. + directories.append(tarinfo) +- tarinfo = copy.copy(tarinfo) +- tarinfo.mode = 0o700 +- # Do not set_attrs directories, as we will do that further down +- self.extract(tarinfo, path, set_attrs=not tarinfo.isdir(), +- numeric_owner=numeric_owner) ++ self._extract_one(tarinfo, path, set_attrs=not tarinfo.isdir(), ++ numeric_owner=numeric_owner) + + # Reverse sort directories. +- directories.sort(key=lambda a: a.name) +- directories.reverse() ++ directories.sort(key=lambda a: a.name, reverse=True) + + # Set correct owner, mtime and filemode on directories. + for tarinfo in directories: +@@ -2070,12 +2267,10 @@ class TarFile(object): + self.utime(tarinfo, dirpath) + self.chmod(tarinfo, dirpath) + except ExtractError as e: +- if self.errorlevel > 1: +- raise +- else: +- self._dbg(1, "tarfile: %s" % e) ++ self._handle_nonfatal_error(e) + +- def extract(self, member, path="", set_attrs=True, *, numeric_owner=False): ++ def extract(self, member, path="", set_attrs=True, *, numeric_owner=False, ++ filter=None): + """Extract a member from the archive to the current working directory, + using its full name. Its file information is extracted as accurately + as possible. `member' may be a filename or a TarInfo object. You can +@@ -2083,35 +2278,70 @@ class TarFile(object): + mtime, mode) are set unless `set_attrs' is False. If `numeric_owner` + is True, only the numbers for user/group names are used and not + the names. ++ ++ The `filter` function will be called before extraction. ++ It can return a changed TarInfo or None to skip the member. ++ String names of common filters are accepted. + """ +- self._check("r") ++ filter_function = self._get_filter_function(filter) ++ tarinfo = self._get_extract_tarinfo(member, filter_function, path) ++ if tarinfo is not None: ++ self._extract_one(tarinfo, path, set_attrs, numeric_owner) + ++ def _get_extract_tarinfo(self, member, filter_function, path): ++ """Get filtered TarInfo (or None) from member, which might be a str""" + if isinstance(member, str): + tarinfo = self.getmember(member) + else: + tarinfo = member + ++ unfiltered = tarinfo ++ try: ++ tarinfo = filter_function(tarinfo, path) ++ except (OSError, FilterError) as e: ++ self._handle_fatal_error(e) ++ except ExtractError as e: ++ self._handle_nonfatal_error(e) ++ if tarinfo is None: ++ self._dbg(2, "tarfile: Excluded %r" % unfiltered.name) ++ return None + # Prepare the link target for makelink(). + if tarinfo.islnk(): ++ tarinfo = copy.copy(tarinfo) + tarinfo._link_target = os.path.join(path, tarinfo.linkname) ++ return tarinfo ++ ++ def _extract_one(self, tarinfo, path, set_attrs, numeric_owner): ++ """Extract from filtered tarinfo to disk""" ++ self._check("r") + + try: + self._extract_member(tarinfo, os.path.join(path, tarinfo.name), + set_attrs=set_attrs, + numeric_owner=numeric_owner) + except OSError as e: +- if self.errorlevel > 0: +- raise +- else: +- if e.filename is None: +- self._dbg(1, "tarfile: %s" % e.strerror) +- else: +- self._dbg(1, "tarfile: %s %r" % (e.strerror, e.filename)) ++ self._handle_fatal_error(e) + except ExtractError as e: +- if self.errorlevel > 1: +- raise ++ self._handle_nonfatal_error(e) ++ ++ def _handle_nonfatal_error(self, e): ++ """Handle non-fatal error (ExtractError) according to errorlevel""" ++ if self.errorlevel > 1: ++ raise ++ else: ++ self._dbg(1, "tarfile: %s" % e) ++ ++ def _handle_fatal_error(self, e): ++ """Handle "fatal" error according to self.errorlevel""" ++ if self.errorlevel > 0: ++ raise ++ elif isinstance(e, OSError): ++ if e.filename is None: ++ self._dbg(1, "tarfile: %s" % e.strerror) + else: +- self._dbg(1, "tarfile: %s" % e) ++ self._dbg(1, "tarfile: %s %r" % (e.strerror, e.filename)) ++ else: ++ self._dbg(1, "tarfile: %s %s" % (type(e).__name__, e)) + + def extractfile(self, member): + """Extract a member from the archive as a file object. `member' may be +@@ -2198,9 +2428,13 @@ class TarFile(object): + """Make a directory called targetpath. + """ + try: +- # Use a safe mode for the directory, the real mode is set +- # later in _extract_member(). +- os.mkdir(targetpath, 0o700) ++ if tarinfo.mode is None: ++ # Use the system's default mode ++ os.mkdir(targetpath) ++ else: ++ # Use a safe mode for the directory, the real mode is set ++ # later in _extract_member(). ++ os.mkdir(targetpath, 0o700) + except FileExistsError: + pass + +@@ -2243,6 +2477,9 @@ class TarFile(object): + raise ExtractError("special devices not supported by system") + + mode = tarinfo.mode ++ if mode is None: ++ # Use mknod's default ++ mode = 0o600 + if tarinfo.isblk(): + mode |= stat.S_IFBLK + else: +@@ -2264,7 +2501,6 @@ class TarFile(object): + os.unlink(targetpath) + os.symlink(tarinfo.linkname, targetpath) + else: +- # See extract(). + if os.path.exists(tarinfo._link_target): + os.link(tarinfo._link_target, targetpath) + else: +@@ -2289,15 +2525,19 @@ class TarFile(object): + u = tarinfo.uid + if not numeric_owner: + try: +- if grp: ++ if grp and tarinfo.gname: + g = grp.getgrnam(tarinfo.gname)[2] + except KeyError: + pass + try: +- if pwd: ++ if pwd and tarinfo.uname: + u = pwd.getpwnam(tarinfo.uname)[2] + except KeyError: + pass ++ if g is None: ++ g = -1 ++ if u is None: ++ u = -1 + try: + if tarinfo.issym() and hasattr(os, "lchown"): + os.lchown(targetpath, u, g) +@@ -2309,6 +2549,8 @@ class TarFile(object): + def chmod(self, tarinfo, targetpath): + """Set file permissions of targetpath according to tarinfo. + """ ++ if tarinfo.mode is None: ++ return + try: + os.chmod(targetpath, tarinfo.mode) + except OSError as e: +@@ -2317,10 +2559,13 @@ class TarFile(object): + def utime(self, tarinfo, targetpath): + """Set modification time of targetpath according to tarinfo. + """ ++ mtime = tarinfo.mtime ++ if mtime is None: ++ return + if not hasattr(os, 'utime'): + return + try: +- os.utime(targetpath, (tarinfo.mtime, tarinfo.mtime)) ++ os.utime(targetpath, (mtime, mtime)) + except OSError as e: + raise ExtractError("could not change modification time") from e + +@@ -2398,13 +2643,26 @@ class TarFile(object): + members = self.getmembers() + + # Limit the member search list up to tarinfo. ++ skipping = False + if tarinfo is not None: +- members = members[:members.index(tarinfo)] ++ try: ++ index = members.index(tarinfo) ++ except ValueError: ++ # The given starting point might be a (modified) copy. ++ # We'll later skip members until we find an equivalent. ++ skipping = True ++ else: ++ # Happy fast path ++ members = members[:index] + + if normalize: + name = os.path.normpath(name) + + for member in reversed(members): ++ if skipping: ++ if tarinfo.offset == member.offset: ++ skipping = False ++ continue + if normalize: + member_name = os.path.normpath(member.name) + else: +@@ -2413,6 +2671,10 @@ class TarFile(object): + if name == member_name: + return member + ++ if skipping: ++ # Starting point was not found ++ raise ValueError(tarinfo) ++ + def _load(self): + """Read through the entire archive file and look for readable + members. +@@ -2505,6 +2767,7 @@ class TarFile(object): + #-------------------- + # exported functions + #-------------------- ++ + def is_tarfile(name): + """Return True if name points to a tar archive that we + are able to handle, else return False. +@@ -2533,6 +2796,10 @@ def main(): + parser = argparse.ArgumentParser(description=description) + parser.add_argument('-v', '--verbose', action='store_true', default=False, + help='Verbose output') ++ parser.add_argument('--filter', metavar='', ++ choices=_NAMED_FILTERS, ++ help='Filter for extraction') ++ + group = parser.add_mutually_exclusive_group(required=True) + group.add_argument('-l', '--list', metavar='', + help='Show listing of a tarfile') +@@ -2544,8 +2811,12 @@ def main(): + help='Create tarfile from sources') + group.add_argument('-t', '--test', metavar='', + help='Test if a tarfile is valid') ++ + args = parser.parse_args() + ++ if args.filter and args.extract is None: ++ parser.exit(1, '--filter is only valid for extraction\n') ++ + if args.test is not None: + src = args.test + if is_tarfile(src): +@@ -2576,7 +2847,7 @@ def main(): + + if is_tarfile(src): + with TarFile.open(src, 'r:*') as tf: +- tf.extractall(path=curdir) ++ tf.extractall(path=curdir, filter=args.filter) + if args.verbose: + if curdir == '.': + msg = '{!r} file is extracted.'.format(src) +--- a/Lib/test/test_shutil.py ++++ b/Lib/test/test_shutil.py +@@ -32,6 +32,7 @@ except ImportError: + from test import support + from test.support import os_helper + from test.support.os_helper import TESTFN, FakePath ++from test.support import warnings_helper + + TESTFN2 = TESTFN + "2" + TESTFN_SRC = TESTFN + "_SRC" +@@ -1630,12 +1631,14 @@ class TestArchives(BaseTest, unittest.Te + + ### shutil.unpack_archive + +- def check_unpack_archive(self, format): +- self.check_unpack_archive_with_converter(format, lambda path: path) +- self.check_unpack_archive_with_converter(format, pathlib.Path) +- self.check_unpack_archive_with_converter(format, FakePath) ++ def check_unpack_archive(self, format, **kwargs): ++ self.check_unpack_archive_with_converter( ++ format, lambda path: path, **kwargs) ++ self.check_unpack_archive_with_converter( ++ format, pathlib.Path, **kwargs) ++ self.check_unpack_archive_with_converter(format, FakePath, **kwargs) + +- def check_unpack_archive_with_converter(self, format, converter): ++ def check_unpack_archive_with_converter(self, format, converter, **kwargs): + root_dir, base_dir = self._create_files() + expected = rlistdir(root_dir) + expected.remove('outer') +@@ -1645,36 +1648,47 @@ class TestArchives(BaseTest, unittest.Te + + # let's try to unpack it now + tmpdir2 = self.mkdtemp() +- unpack_archive(converter(filename), converter(tmpdir2)) ++ unpack_archive(converter(filename), converter(tmpdir2), **kwargs) + self.assertEqual(rlistdir(tmpdir2), expected) + + # and again, this time with the format specified + tmpdir3 = self.mkdtemp() +- unpack_archive(converter(filename), converter(tmpdir3), format=format) ++ unpack_archive(converter(filename), converter(tmpdir3), format=format, ++ **kwargs) + self.assertEqual(rlistdir(tmpdir3), expected) + +- self.assertRaises(shutil.ReadError, unpack_archive, converter(TESTFN)) +- self.assertRaises(ValueError, unpack_archive, converter(TESTFN), format='xxx') ++ with self.assertRaises(shutil.ReadError): ++ unpack_archive(converter(TESTFN), **kwargs) ++ with self.assertRaises(ValueError): ++ unpack_archive(converter(TESTFN), format='xxx', **kwargs) ++ ++ def check_unpack_tarball(self, format): ++ self.check_unpack_archive(format, filter='fully_trusted') ++ self.check_unpack_archive(format, filter='data') ++ with warnings_helper.check_no_warnings(self): ++ self.check_unpack_archive(format) + + def test_unpack_archive_tar(self): +- self.check_unpack_archive('tar') ++ self.check_unpack_tarball('tar') + + @support.requires_zlib() + def test_unpack_archive_gztar(self): +- self.check_unpack_archive('gztar') ++ self.check_unpack_tarball('gztar') + + @support.requires_bz2() + def test_unpack_archive_bztar(self): +- self.check_unpack_archive('bztar') ++ self.check_unpack_tarball('bztar') + + @support.requires_lzma() + @unittest.skipIf(AIX and not _maxdataOK(), "AIX MAXDATA must be 0x20000000 or larger") + def test_unpack_archive_xztar(self): +- self.check_unpack_archive('xztar') ++ self.check_unpack_tarball('xztar') + + @support.requires_zlib() + def test_unpack_archive_zip(self): + self.check_unpack_archive('zip') ++ with self.assertRaises(TypeError): ++ self.check_unpack_archive('zip', filter='data') + + def test_unpack_registry(self): + +--- a/Lib/test/test_tarfile.py ++++ b/Lib/test/test_tarfile.py +@@ -5,6 +5,10 @@ from hashlib import sha256 + from contextlib import contextmanager + from random import Random + import pathlib ++import shutil ++import re ++import warnings ++import stat + + import unittest + import unittest.mock +@@ -13,6 +17,7 @@ import tarfile + from test import support + from test.support import os_helper + from test.support import script_helper ++from test.support import warnings_helper + + # Check for our compression modules. + try: +@@ -108,7 +113,7 @@ class UstarReadTest(ReadTest, unittest.T + "regular file extraction failed") + + def test_fileobj_readlines(self): +- self.tar.extract("ustar/regtype", TEMPDIR) ++ self.tar.extract("ustar/regtype", TEMPDIR, filter='data') + tarinfo = self.tar.getmember("ustar/regtype") + with open(os.path.join(TEMPDIR, "ustar/regtype"), "r") as fobj1: + lines1 = fobj1.readlines() +@@ -126,7 +131,7 @@ class UstarReadTest(ReadTest, unittest.T + "fileobj.readlines() failed") + + def test_fileobj_iter(self): +- self.tar.extract("ustar/regtype", TEMPDIR) ++ self.tar.extract("ustar/regtype", TEMPDIR, filter='data') + tarinfo = self.tar.getmember("ustar/regtype") + with open(os.path.join(TEMPDIR, "ustar/regtype"), "r") as fobj1: + lines1 = fobj1.readlines() +@@ -136,7 +141,8 @@ class UstarReadTest(ReadTest, unittest.T + "fileobj.__iter__() failed") + + def test_fileobj_seek(self): +- self.tar.extract("ustar/regtype", TEMPDIR) ++ self.tar.extract("ustar/regtype", TEMPDIR, ++ filter='data') + with open(os.path.join(TEMPDIR, "ustar/regtype"), "rb") as fobj: + data = fobj.read() + +@@ -467,7 +473,7 @@ class CommonReadTest(ReadTest): + t = tar.next() + + with self.assertRaisesRegex(tarfile.ReadError, "unexpected end of data"): +- tar.extract(t, TEMPDIR) ++ tar.extract(t, TEMPDIR, filter='data') + + with self.assertRaisesRegex(tarfile.ReadError, "unexpected end of data"): + tar.extractfile(t).read() +@@ -622,16 +628,16 @@ class MiscReadTestBase(CommonReadTest): + def test_extract_hardlink(self): + # Test hardlink extraction (e.g. bug #857297). + with tarfile.open(tarname, errorlevel=1, encoding="iso8859-1") as tar: +- tar.extract("ustar/regtype", TEMPDIR) ++ tar.extract("ustar/regtype", TEMPDIR, filter='data') + self.addCleanup(os_helper.unlink, os.path.join(TEMPDIR, "ustar/regtype")) + +- tar.extract("ustar/lnktype", TEMPDIR) ++ tar.extract("ustar/lnktype", TEMPDIR, filter='data') + self.addCleanup(os_helper.unlink, os.path.join(TEMPDIR, "ustar/lnktype")) + with open(os.path.join(TEMPDIR, "ustar/lnktype"), "rb") as f: + data = f.read() + self.assertEqual(sha256sum(data), sha256_regtype) + +- tar.extract("ustar/symtype", TEMPDIR) ++ tar.extract("ustar/symtype", TEMPDIR, filter='data') + self.addCleanup(os_helper.unlink, os.path.join(TEMPDIR, "ustar/symtype")) + with open(os.path.join(TEMPDIR, "ustar/symtype"), "rb") as f: + data = f.read() +@@ -646,13 +652,14 @@ class MiscReadTestBase(CommonReadTest): + os.mkdir(DIR) + try: + directories = [t for t in tar if t.isdir()] +- tar.extractall(DIR, directories) ++ tar.extractall(DIR, directories, filter='fully_trusted') + for tarinfo in directories: + path = os.path.join(DIR, tarinfo.name) + if sys.platform != "win32": + # Win32 has no support for fine grained permissions. + self.assertEqual(tarinfo.mode & 0o777, +- os.stat(path).st_mode & 0o777) ++ os.stat(path).st_mode & 0o777, ++ tarinfo.name) + def format_mtime(mtime): + if isinstance(mtime, float): + return "{} ({})".format(mtime, mtime.hex()) +@@ -676,7 +683,7 @@ class MiscReadTestBase(CommonReadTest): + try: + with tarfile.open(tarname, encoding="iso8859-1") as tar: + tarinfo = tar.getmember(dirtype) +- tar.extract(tarinfo, path=DIR) ++ tar.extract(tarinfo, path=DIR, filter='fully_trusted') + extracted = os.path.join(DIR, dirtype) + self.assertEqual(os.path.getmtime(extracted), tarinfo.mtime) + if sys.platform != "win32": +@@ -689,7 +696,7 @@ class MiscReadTestBase(CommonReadTest): + with os_helper.temp_dir(DIR), \ + tarfile.open(tarname, encoding="iso8859-1") as tar: + directories = [t for t in tar if t.isdir()] +- tar.extractall(DIR, directories) ++ tar.extractall(DIR, directories, filter='fully_trusted') + for tarinfo in directories: + path = DIR / tarinfo.name + self.assertEqual(os.path.getmtime(path), tarinfo.mtime) +@@ -700,7 +707,7 @@ class MiscReadTestBase(CommonReadTest): + with os_helper.temp_dir(DIR), \ + tarfile.open(tarname, encoding="iso8859-1") as tar: + tarinfo = tar.getmember(dirtype) +- tar.extract(tarinfo, path=DIR) ++ tar.extract(tarinfo, path=DIR, filter='fully_trusted') + extracted = DIR / dirtype + self.assertEqual(os.path.getmtime(extracted), tarinfo.mtime) + +@@ -1068,7 +1075,7 @@ class GNUReadTest(LongnameTest, ReadTest + # an all platforms, and after that a test that will work only on + # platforms/filesystems that prove to support sparse files. + def _test_sparse_file(self, name): +- self.tar.extract(name, TEMPDIR) ++ self.tar.extract(name, TEMPDIR, filter='data') + filename = os.path.join(TEMPDIR, name) + with open(filename, "rb") as fobj: + data = fobj.read() +@@ -1435,7 +1442,8 @@ class WriteTest(WriteTestBase, unittest. + with tarfile.open(temparchive, errorlevel=2) as tar: + # this should not raise OSError: [Errno 17] File exists + try: +- tar.extractall(path=tempdir) ++ tar.extractall(path=tempdir, ++ filter='fully_trusted') + except OSError: + self.fail("extractall failed with symlinked files") + finally: +@@ -2436,7 +2444,12 @@ class MiscTest(unittest.TestCase): + 'PAX_NUMBER_FIELDS', 'stn', 'nts', 'nti', 'itn', 'calc_chksums', + 'copyfileobj', 'filemode', 'EmptyHeaderError', + 'TruncatedHeaderError', 'EOFHeaderError', 'InvalidHeaderError', +- 'SubsequentHeaderError', 'ExFileObject', 'main'} ++ 'SubsequentHeaderError', 'ExFileObject', 'main', ++ "fully_trusted_filter", "data_filter", ++ "tar_filter", "FilterError", "AbsoluteLinkError", ++ "OutsideDestinationError", "SpecialFileError", "AbsolutePathError", ++ "LinkOutsideDestinationError", ++ } + support.check__all__(self, tarfile, not_exported=not_exported) + + def test_useful_error_message_when_modules_missing(self): +@@ -2471,6 +2484,15 @@ class CommandLineTest(unittest.TestCase) + for tardata in files: + tf.add(tardata, arcname=os.path.basename(tardata)) + ++ def make_evil_tarfile(self, tar_name): ++ files = [support.findfile('tokenize_tests.txt')] ++ self.addCleanup(os_helper.unlink, tar_name) ++ with tarfile.open(tar_name, 'w') as tf: ++ benign = tarfile.TarInfo('benign') ++ tf.addfile(benign, fileobj=io.BytesIO(b'')) ++ evil = tarfile.TarInfo('../evil') ++ tf.addfile(evil, fileobj=io.BytesIO(b'')) ++ + def test_bad_use(self): + rc, out, err = self.tarfilecmd_failure() + self.assertEqual(out, b'') +@@ -2627,6 +2649,25 @@ class CommandLineTest(unittest.TestCase) + finally: + os_helper.rmtree(tarextdir) + ++ def test_extract_command_filter(self): ++ self.make_evil_tarfile(tmpname) ++ # Make an inner directory, so the member named '../evil' ++ # is still extracted into `tarextdir` ++ destdir = os.path.join(tarextdir, 'dest') ++ os.mkdir(tarextdir) ++ try: ++ with os_helper.temp_cwd(destdir): ++ self.tarfilecmd_failure('-e', tmpname, ++ '-v', ++ '--filter', 'data') ++ out = self.tarfilecmd('-e', tmpname, ++ '-v', ++ '--filter', 'fully_trusted', ++ PYTHONIOENCODING='utf-8') ++ self.assertIn(b' file is extracted.', out) ++ finally: ++ os_helper.rmtree(tarextdir) ++ + def test_extract_command_different_directory(self): + self.make_simple_tarfile(tmpname) + try: +@@ -2710,7 +2751,7 @@ class LinkEmulationTest(ReadTest, unitte + # symbolic or hard links tarfile tries to extract these types of members + # as the regular files they point to. + def _test_link_extraction(self, name): +- self.tar.extract(name, TEMPDIR) ++ self.tar.extract(name, TEMPDIR, filter='fully_trusted') + with open(os.path.join(TEMPDIR, name), "rb") as f: + data = f.read() + self.assertEqual(sha256sum(data), sha256_regtype) +@@ -2842,8 +2883,10 @@ class NumericOwnerTest(unittest.TestCase + mock_chown): + with self._setup_test(mock_geteuid) as (tarfl, filename_1, _, + filename_2): +- tarfl.extract(filename_1, TEMPDIR, numeric_owner=True) +- tarfl.extract(filename_2 , TEMPDIR, numeric_owner=True) ++ tarfl.extract(filename_1, TEMPDIR, numeric_owner=True, ++ filter='fully_trusted') ++ tarfl.extract(filename_2 , TEMPDIR, numeric_owner=True, ++ filter='fully_trusted') + + # convert to filesystem paths + f_filename_1 = os.path.join(TEMPDIR, filename_1) +@@ -2861,7 +2904,8 @@ class NumericOwnerTest(unittest.TestCase + mock_chown): + with self._setup_test(mock_geteuid) as (tarfl, filename_1, dirname_1, + filename_2): +- tarfl.extractall(TEMPDIR, numeric_owner=True) ++ tarfl.extractall(TEMPDIR, numeric_owner=True, ++ filter='fully_trusted') + + # convert to filesystem paths + f_filename_1 = os.path.join(TEMPDIR, filename_1) +@@ -2886,7 +2930,8 @@ class NumericOwnerTest(unittest.TestCase + def test_extract_without_numeric_owner(self, mock_geteuid, mock_chmod, + mock_chown): + with self._setup_test(mock_geteuid) as (tarfl, filename_1, _, _): +- tarfl.extract(filename_1, TEMPDIR, numeric_owner=False) ++ tarfl.extract(filename_1, TEMPDIR, numeric_owner=False, ++ filter='fully_trusted') + + # convert to filesystem paths + f_filename_1 = os.path.join(TEMPDIR, filename_1) +@@ -2900,6 +2945,905 @@ class NumericOwnerTest(unittest.TestCase + tarfl.extract, filename_1, TEMPDIR, False, True) + + ++class ReplaceTests(ReadTest, unittest.TestCase): ++ def test_replace_name(self): ++ member = self.tar.getmember('ustar/regtype') ++ replaced = member.replace(name='misc/other') ++ self.assertEqual(replaced.name, 'misc/other') ++ self.assertEqual(member.name, 'ustar/regtype') ++ self.assertEqual(self.tar.getmember('ustar/regtype').name, ++ 'ustar/regtype') ++ ++ def test_replace_deep(self): ++ member = self.tar.getmember('pax/regtype1') ++ replaced = member.replace() ++ replaced.pax_headers['gname'] = 'not-bar' ++ self.assertEqual(member.pax_headers['gname'], 'bar') ++ self.assertEqual( ++ self.tar.getmember('pax/regtype1').pax_headers['gname'], 'bar') ++ ++ def test_replace_shallow(self): ++ member = self.tar.getmember('pax/regtype1') ++ replaced = member.replace(deep=False) ++ replaced.pax_headers['gname'] = 'not-bar' ++ self.assertEqual(member.pax_headers['gname'], 'not-bar') ++ self.assertEqual( ++ self.tar.getmember('pax/regtype1').pax_headers['gname'], 'not-bar') ++ ++ def test_replace_all(self): ++ member = self.tar.getmember('ustar/regtype') ++ for attr_name in ('name', 'mtime', 'mode', 'linkname', ++ 'uid', 'gid', 'uname', 'gname'): ++ with self.subTest(attr_name=attr_name): ++ replaced = member.replace(**{attr_name: None}) ++ self.assertEqual(getattr(replaced, attr_name), None) ++ self.assertNotEqual(getattr(member, attr_name), None) ++ ++ def test_replace_internal(self): ++ member = self.tar.getmember('ustar/regtype') ++ with self.assertRaises(TypeError): ++ member.replace(offset=123456789) ++ ++ ++class NoneInfoExtractTests(ReadTest): ++ # These mainly check that all kinds of members are extracted successfully ++ # if some metadata is None. ++ # Some of the methods do additional spot checks. ++ ++ # We also test that the default filters can deal with None. ++ ++ extraction_filter = None ++ ++ @classmethod ++ def setUpClass(cls): ++ tar = tarfile.open(tarname, mode='r', encoding="iso8859-1") ++ cls.control_dir = pathlib.Path(TEMPDIR) / "extractall_ctrl" ++ tar.errorlevel = 0 ++ tar.extractall(cls.control_dir, filter=cls.extraction_filter) ++ tar.close() ++ cls.control_paths = set( ++ p.relative_to(cls.control_dir) ++ for p in pathlib.Path(cls.control_dir).glob('**/*')) ++ ++ @classmethod ++ def tearDownClass(cls): ++ shutil.rmtree(cls.control_dir) ++ ++ def check_files_present(self, directory): ++ got_paths = set( ++ p.relative_to(directory) ++ for p in pathlib.Path(directory).glob('**/*')) ++ self.assertEqual(self.control_paths, got_paths) ++ ++ @contextmanager ++ def extract_with_none(self, *attr_names): ++ DIR = pathlib.Path(TEMPDIR) / "extractall_none" ++ self.tar.errorlevel = 0 ++ for member in self.tar.getmembers(): ++ for attr_name in attr_names: ++ setattr(member, attr_name, None) ++ with os_helper.temp_dir(DIR): ++ self.tar.extractall(DIR, filter='fully_trusted') ++ self.check_files_present(DIR) ++ yield DIR ++ ++ def test_extractall_none_mtime(self): ++ # mtimes of extracted files should be later than 'now' -- the mtime ++ # of a previously created directory. ++ now = pathlib.Path(TEMPDIR).stat().st_mtime ++ with self.extract_with_none('mtime') as DIR: ++ for path in pathlib.Path(DIR).glob('**/*'): ++ with self.subTest(path=path): ++ try: ++ mtime = path.stat().st_mtime ++ except OSError: ++ # Some systems can't stat symlinks, ignore those ++ if not path.is_symlink(): ++ raise ++ else: ++ self.assertGreaterEqual(path.stat().st_mtime, now) ++ ++ def test_extractall_none_mode(self): ++ # modes of directories and regular files should match the mode ++ # of a "normally" created directory or regular file ++ dir_mode = pathlib.Path(TEMPDIR).stat().st_mode ++ regular_file = pathlib.Path(TEMPDIR) / 'regular_file' ++ regular_file.write_text('') ++ regular_file_mode = regular_file.stat().st_mode ++ with self.extract_with_none('mode') as DIR: ++ for path in pathlib.Path(DIR).glob('**/*'): ++ with self.subTest(path=path): ++ if path.is_dir(): ++ self.assertEqual(path.stat().st_mode, dir_mode) ++ elif path.is_file(): ++ self.assertEqual(path.stat().st_mode, ++ regular_file_mode) ++ ++ def test_extractall_none_uid(self): ++ with self.extract_with_none('uid'): ++ pass ++ ++ def test_extractall_none_gid(self): ++ with self.extract_with_none('gid'): ++ pass ++ ++ def test_extractall_none_uname(self): ++ with self.extract_with_none('uname'): ++ pass ++ ++ def test_extractall_none_gname(self): ++ with self.extract_with_none('gname'): ++ pass ++ ++ def test_extractall_none_ownership(self): ++ with self.extract_with_none('uid', 'gid', 'uname', 'gname'): ++ pass ++ ++class NoneInfoExtractTests_Data(NoneInfoExtractTests, unittest.TestCase): ++ extraction_filter = 'data' ++ ++class NoneInfoExtractTests_FullyTrusted(NoneInfoExtractTests, ++ unittest.TestCase): ++ extraction_filter = 'fully_trusted' ++ ++class NoneInfoExtractTests_Tar(NoneInfoExtractTests, unittest.TestCase): ++ extraction_filter = 'tar' ++ ++class NoneInfoExtractTests_Default(NoneInfoExtractTests, ++ unittest.TestCase): ++ extraction_filter = None ++ ++class NoneInfoTests_Misc(unittest.TestCase): ++ def test_add(self): ++ # When addfile() encounters None metadata, it raises a ValueError ++ bio = io.BytesIO() ++ for tarformat in (tarfile.USTAR_FORMAT, tarfile.GNU_FORMAT, ++ tarfile.PAX_FORMAT): ++ with self.subTest(tarformat=tarformat): ++ tar = tarfile.open(fileobj=bio, mode='w', format=tarformat) ++ tarinfo = tar.gettarinfo(tarname) ++ try: ++ tar.addfile(tarinfo) ++ except Exception: ++ if tarformat == tarfile.USTAR_FORMAT: ++ # In the old, limited format, adding might fail for ++ # reasons like the UID being too large ++ pass ++ else: ++ raise ++ else: ++ for attr_name in ('mtime', 'mode', 'uid', 'gid', ++ 'uname', 'gname'): ++ with self.subTest(attr_name=attr_name): ++ replaced = tarinfo.replace(**{attr_name: None}) ++ with self.assertRaisesRegex(ValueError, ++ f"{attr_name}"): ++ tar.addfile(replaced) ++ ++ def test_list(self): ++ # Change some metadata to None, then compare list() output ++ # word-for-word. We want list() to not raise, and to only change ++ # printout for the affected piece of metadata. ++ # (n.b.: some contents of the test archive are hardcoded.) ++ for attr_names in ({'mtime'}, {'mode'}, {'uid'}, {'gid'}, ++ {'uname'}, {'gname'}, ++ {'uid', 'uname'}, {'gid', 'gname'}): ++ with (self.subTest(attr_names=attr_names), ++ tarfile.open(tarname, encoding="iso8859-1") as tar): ++ tio_prev = io.TextIOWrapper(io.BytesIO(), 'ascii', newline='\n') ++ with support.swap_attr(sys, 'stdout', tio_prev): ++ tar.list() ++ for member in tar.getmembers(): ++ for attr_name in attr_names: ++ setattr(member, attr_name, None) ++ tio_new = io.TextIOWrapper(io.BytesIO(), 'ascii', newline='\n') ++ with support.swap_attr(sys, 'stdout', tio_new): ++ tar.list() ++ for expected, got in zip(tio_prev.detach().getvalue().split(), ++ tio_new.detach().getvalue().split()): ++ if attr_names == {'mtime'} and re.match(rb'2003-01-\d\d', expected): ++ self.assertEqual(got, b'????-??-??') ++ elif attr_names == {'mtime'} and re.match(rb'\d\d:\d\d:\d\d', expected): ++ self.assertEqual(got, b'??:??:??') ++ elif attr_names == {'mode'} and re.match( ++ rb'.([r-][w-][x-]){3}', expected): ++ self.assertEqual(got, b'??????????') ++ elif attr_names == {'uname'} and expected.startswith( ++ (b'tarfile/', b'lars/', b'foo/')): ++ exp_user, exp_group = expected.split(b'/') ++ got_user, got_group = got.split(b'/') ++ self.assertEqual(got_group, exp_group) ++ self.assertRegex(got_user, b'[0-9]+') ++ elif attr_names == {'gname'} and expected.endswith( ++ (b'/tarfile', b'/users', b'/bar')): ++ exp_user, exp_group = expected.split(b'/') ++ got_user, got_group = got.split(b'/') ++ self.assertEqual(got_user, exp_user) ++ self.assertRegex(got_group, b'[0-9]+') ++ elif attr_names == {'uid'} and expected.startswith( ++ (b'1000/')): ++ exp_user, exp_group = expected.split(b'/') ++ got_user, got_group = got.split(b'/') ++ self.assertEqual(got_group, exp_group) ++ self.assertEqual(got_user, b'None') ++ elif attr_names == {'gid'} and expected.endswith((b'/100')): ++ exp_user, exp_group = expected.split(b'/') ++ got_user, got_group = got.split(b'/') ++ self.assertEqual(got_user, exp_user) ++ self.assertEqual(got_group, b'None') ++ elif attr_names == {'uid', 'uname'} and expected.startswith( ++ (b'tarfile/', b'lars/', b'foo/', b'1000/')): ++ exp_user, exp_group = expected.split(b'/') ++ got_user, got_group = got.split(b'/') ++ self.assertEqual(got_group, exp_group) ++ self.assertEqual(got_user, b'None') ++ elif attr_names == {'gname', 'gid'} and expected.endswith( ++ (b'/tarfile', b'/users', b'/bar', b'/100')): ++ exp_user, exp_group = expected.split(b'/') ++ got_user, got_group = got.split(b'/') ++ self.assertEqual(got_user, exp_user) ++ self.assertEqual(got_group, b'None') ++ else: ++ # In other cases the output should be the same ++ self.assertEqual(expected, got) ++ ++def _filemode_to_int(mode): ++ """Inverse of `stat.filemode` (for permission bits) ++ ++ Using mode strings rather than numbers makes the later tests more readable. ++ """ ++ str_mode = mode[1:] ++ result = ( ++ {'r': stat.S_IRUSR, '-': 0}[str_mode[0]] ++ | {'w': stat.S_IWUSR, '-': 0}[str_mode[1]] ++ | {'x': stat.S_IXUSR, '-': 0, ++ 's': stat.S_IXUSR | stat.S_ISUID, ++ 'S': stat.S_ISUID}[str_mode[2]] ++ | {'r': stat.S_IRGRP, '-': 0}[str_mode[3]] ++ | {'w': stat.S_IWGRP, '-': 0}[str_mode[4]] ++ | {'x': stat.S_IXGRP, '-': 0, ++ 's': stat.S_IXGRP | stat.S_ISGID, ++ 'S': stat.S_ISGID}[str_mode[5]] ++ | {'r': stat.S_IROTH, '-': 0}[str_mode[6]] ++ | {'w': stat.S_IWOTH, '-': 0}[str_mode[7]] ++ | {'x': stat.S_IXOTH, '-': 0, ++ 't': stat.S_IXOTH | stat.S_ISVTX, ++ 'T': stat.S_ISVTX}[str_mode[8]] ++ ) ++ # check we did this right ++ assert stat.filemode(result)[1:] == mode[1:] ++ ++ return result ++ ++class ArchiveMaker: ++ """Helper to create a tar file with specific contents ++ ++ Usage: ++ ++ with ArchiveMaker() as t: ++ t.add('filename', ...) ++ ++ with t.open() as tar: ++ ... # `tar` is now a TarFile with 'filename' in it! ++ """ ++ def __init__(self): ++ self.bio = io.BytesIO() ++ ++ def __enter__(self): ++ self.tar_w = tarfile.TarFile(mode='w', fileobj=self.bio) ++ return self ++ ++ def __exit__(self, *exc): ++ self.tar_w.close() ++ self.contents = self.bio.getvalue() ++ self.bio = None ++ ++ def add(self, name, *, type=None, symlink_to=None, hardlink_to=None, ++ mode=None, **kwargs): ++ """Add a member to the test archive. Call within `with`.""" ++ name = str(name) ++ tarinfo = tarfile.TarInfo(name).replace(**kwargs) ++ if mode: ++ tarinfo.mode = _filemode_to_int(mode) ++ if symlink_to is not None: ++ type = tarfile.SYMTYPE ++ tarinfo.linkname = str(symlink_to) ++ if hardlink_to is not None: ++ type = tarfile.LNKTYPE ++ tarinfo.linkname = str(hardlink_to) ++ if name.endswith('/') and type is None: ++ type = tarfile.DIRTYPE ++ if type is not None: ++ tarinfo.type = type ++ if tarinfo.isreg(): ++ fileobj = io.BytesIO(bytes(tarinfo.size)) ++ else: ++ fileobj = None ++ self.tar_w.addfile(tarinfo, fileobj) ++ ++ def open(self, **kwargs): ++ """Open the resulting archive as TarFile. Call after `with`.""" ++ bio = io.BytesIO(self.contents) ++ return tarfile.open(fileobj=bio, **kwargs) ++ ++# Under WASI, `os_helper.can_symlink` is False to make ++# `skip_unless_symlink` skip symlink tests. " ++# But in the following tests we use can_symlink to *determine* which ++# behavior is expected. ++# Like other symlink tests, skip these on WASI for now. ++if support.is_wasi: ++ def symlink_test(f): ++ return unittest.skip("WASI: Skip symlink test for now")(f) ++else: ++ def symlink_test(f): ++ return f ++ ++ ++class TestExtractionFilters(unittest.TestCase): ++ ++ # A temporary directory for the extraction results. ++ # All files that "escape" the destination path should still end ++ # up in this directory. ++ outerdir = pathlib.Path(TEMPDIR) / 'outerdir' ++ ++ # The destination for the extraction, within `outerdir` ++ destdir = outerdir / 'dest' ++ ++ @contextmanager ++ def check_context(self, tar, filter): ++ """Extracts `tar` to `self.destdir` and allows checking the result ++ ++ If an error occurs, it must be checked using `expect_exception` ++ ++ Otherwise, all resulting files must be checked using `expect_file`, ++ except the destination directory itself and parent directories of ++ other files. ++ When checking directories, do so before their contents. ++ """ ++ with os_helper.temp_dir(self.outerdir): ++ try: ++ tar.extractall(self.destdir, filter=filter) ++ except Exception as exc: ++ self.raised_exception = exc ++ self.expected_paths = set() ++ else: ++ self.raised_exception = None ++ self.expected_paths = set(self.outerdir.glob('**/*')) ++ self.expected_paths.discard(self.destdir) ++ try: ++ yield ++ finally: ++ tar.close() ++ if self.raised_exception: ++ raise self.raised_exception ++ self.assertEqual(self.expected_paths, set()) ++ ++ def expect_file(self, name, type=None, symlink_to=None, mode=None): ++ """Check a single file. See check_context.""" ++ if self.raised_exception: ++ raise self.raised_exception ++ # use normpath() rather than resolve() so we don't follow symlinks ++ path = pathlib.Path(os.path.normpath(self.destdir / name)) ++ self.assertIn(path, self.expected_paths) ++ self.expected_paths.remove(path) ++ if mode is not None and os_helper.can_chmod(): ++ got = stat.filemode(stat.S_IMODE(path.stat().st_mode)) ++ self.assertEqual(got, mode) ++ if type is None and isinstance(name, str) and name.endswith('/'): ++ type = tarfile.DIRTYPE ++ if symlink_to is not None: ++ got = (self.destdir / name).readlink() ++ expected = pathlib.Path(symlink_to) ++ # The symlink might be the same (textually) as what we expect, ++ # but some systems change the link to an equivalent path, so ++ # we fall back to samefile(). ++ if expected != got: ++ self.assertTrue(got.samefile(expected)) ++ elif type == tarfile.REGTYPE or type is None: ++ self.assertTrue(path.is_file()) ++ elif type == tarfile.DIRTYPE: ++ self.assertTrue(path.is_dir()) ++ elif type == tarfile.FIFOTYPE: ++ self.assertTrue(path.is_fifo()) ++ else: ++ raise NotImplementedError(type) ++ for parent in path.parents: ++ self.expected_paths.discard(parent) ++ ++ def expect_exception(self, exc_type, message_re='.'): ++ with self.assertRaisesRegex(exc_type, message_re): ++ if self.raised_exception is not None: ++ raise self.raised_exception ++ self.raised_exception = None ++ ++ def test_benign_file(self): ++ with ArchiveMaker() as arc: ++ arc.add('benign.txt') ++ for filter in 'fully_trusted', 'tar', 'data': ++ with self.check_context(arc.open(), filter): ++ self.expect_file('benign.txt') ++ ++ def test_absolute(self): ++ # Test handling a member with an absolute path ++ # Inspired by 'absolute1' in https://github.com/jwilk/traversal-archives ++ with ArchiveMaker() as arc: ++ arc.add(self.outerdir / 'escaped.evil') ++ ++ with self.check_context(arc.open(), 'fully_trusted'): ++ self.expect_file('../escaped.evil') ++ ++ for filter in 'tar', 'data': ++ with self.check_context(arc.open(), filter): ++ if str(self.outerdir).startswith('/'): ++ # We strip leading slashes, as e.g. GNU tar does ++ # (without --absolute-filenames). ++ outerdir_stripped = str(self.outerdir).lstrip('/') ++ self.expect_file(f'{outerdir_stripped}/escaped.evil') ++ else: ++ # On this system, absolute paths don't have leading ++ # slashes. ++ # So, there's nothing to strip. We refuse to unpack ++ # to an absolute path, nonetheless. ++ self.expect_exception( ++ tarfile.AbsolutePathError, ++ """['"].*escaped.evil['"] has an absolute path""") ++ ++ @symlink_test ++ def test_parent_symlink(self): ++ # Test interplaying symlinks ++ # Inspired by 'dirsymlink2a' in jwilk/traversal-archives ++ with ArchiveMaker() as arc: ++ arc.add('current', symlink_to='.') ++ arc.add('parent', symlink_to='current/..') ++ arc.add('parent/evil') ++ ++ if os_helper.can_symlink(): ++ with self.check_context(arc.open(), 'fully_trusted'): ++ if self.raised_exception is not None: ++ # Windows will refuse to create a file that's a symlink to itself ++ # (and tarfile doesn't swallow that exception) ++ self.expect_exception(FileExistsError) ++ # The other cases will fail with this error too. ++ # Skip the rest of this test. ++ return ++ else: ++ self.expect_file('current', symlink_to='.') ++ self.expect_file('parent', symlink_to='current/..') ++ self.expect_file('../evil') ++ ++ with self.check_context(arc.open(), 'tar'): ++ self.expect_exception( ++ tarfile.OutsideDestinationError, ++ """'parent/evil' would be extracted to ['"].*evil['"], """ ++ + "which is outside the destination") ++ ++ with self.check_context(arc.open(), 'data'): ++ self.expect_exception( ++ tarfile.LinkOutsideDestinationError, ++ """'parent' would link to ['"].*outerdir['"], """ ++ + "which is outside the destination") ++ ++ else: ++ # No symlink support. The symlinks are ignored. ++ with self.check_context(arc.open(), 'fully_trusted'): ++ self.expect_file('parent/evil') ++ with self.check_context(arc.open(), 'tar'): ++ self.expect_file('parent/evil') ++ with self.check_context(arc.open(), 'data'): ++ self.expect_file('parent/evil') ++ ++ @symlink_test ++ def test_parent_symlink2(self): ++ # Test interplaying symlinks ++ # Inspired by 'dirsymlink2b' in jwilk/traversal-archives ++ with ArchiveMaker() as arc: ++ arc.add('current', symlink_to='.') ++ arc.add('current/parent', symlink_to='..') ++ arc.add('parent/evil') ++ ++ with self.check_context(arc.open(), 'fully_trusted'): ++ if os_helper.can_symlink(): ++ self.expect_file('current', symlink_to='.') ++ self.expect_file('parent', symlink_to='..') ++ self.expect_file('../evil') ++ else: ++ self.expect_file('current/') ++ self.expect_file('parent/evil') ++ ++ with self.check_context(arc.open(), 'tar'): ++ if os_helper.can_symlink(): ++ self.expect_exception( ++ tarfile.OutsideDestinationError, ++ "'parent/evil' would be extracted to " ++ + """['"].*evil['"], which is outside """ ++ + "the destination") ++ else: ++ self.expect_file('current/') ++ self.expect_file('parent/evil') ++ ++ with self.check_context(arc.open(), 'data'): ++ self.expect_exception( ++ tarfile.LinkOutsideDestinationError, ++ """'current/parent' would link to ['"].*['"], """ ++ + "which is outside the destination") ++ ++ @symlink_test ++ def test_absolute_symlink(self): ++ # Test symlink to an absolute path ++ # Inspired by 'dirsymlink' in jwilk/traversal-archives ++ with ArchiveMaker() as arc: ++ arc.add('parent', symlink_to=self.outerdir) ++ arc.add('parent/evil') ++ ++ with self.check_context(arc.open(), 'fully_trusted'): ++ if os_helper.can_symlink(): ++ self.expect_file('parent', symlink_to=self.outerdir) ++ self.expect_file('../evil') ++ else: ++ self.expect_file('parent/evil') ++ ++ with self.check_context(arc.open(), 'tar'): ++ if os_helper.can_symlink(): ++ self.expect_exception( ++ tarfile.OutsideDestinationError, ++ "'parent/evil' would be extracted to " ++ + """['"].*evil['"], which is outside """ ++ + "the destination") ++ else: ++ self.expect_file('parent/evil') ++ ++ with self.check_context(arc.open(), 'data'): ++ self.expect_exception( ++ tarfile.AbsoluteLinkError, ++ "'parent' is a symlink to an absolute path") ++ ++ @symlink_test ++ def test_sly_relative0(self): ++ # Inspired by 'relative0' in jwilk/traversal-archives ++ with ArchiveMaker() as arc: ++ arc.add('../moo', symlink_to='..//tmp/moo') ++ ++ try: ++ with self.check_context(arc.open(), filter='fully_trusted'): ++ if os_helper.can_symlink(): ++ if isinstance(self.raised_exception, FileExistsError): ++ # XXX TarFile happens to fail creating a parent ++ # directory. ++ # This might be a bug, but fixing it would hurt ++ # security. ++ # Note that e.g. GNU `tar` rejects '..' components, ++ # so you could argue this is an invalid archive and we ++ # just raise an bad type of exception. ++ self.expect_exception(FileExistsError) ++ else: ++ self.expect_file('../moo', symlink_to='..//tmp/moo') ++ else: ++ # The symlink can't be extracted and is ignored ++ pass ++ except FileExistsError: ++ pass ++ ++ for filter in 'tar', 'data': ++ with self.check_context(arc.open(), filter): ++ self.expect_exception( ++ tarfile.OutsideDestinationError, ++ "'../moo' would be extracted to " ++ + "'.*moo', which is outside " ++ + "the destination") ++ ++ @symlink_test ++ def test_sly_relative2(self): ++ # Inspired by 'relative2' in jwilk/traversal-archives ++ with ArchiveMaker() as arc: ++ arc.add('tmp/') ++ arc.add('tmp/../../moo', symlink_to='tmp/../..//tmp/moo') ++ ++ with self.check_context(arc.open(), 'fully_trusted'): ++ self.expect_file('tmp', type=tarfile.DIRTYPE) ++ if os_helper.can_symlink(): ++ self.expect_file('../moo', symlink_to='tmp/../../tmp/moo') ++ ++ for filter in 'tar', 'data': ++ with self.check_context(arc.open(), filter): ++ self.expect_exception( ++ tarfile.OutsideDestinationError, ++ "'tmp/../../moo' would be extracted to " ++ + """['"].*moo['"], which is outside the """ ++ + "destination") ++ ++ def test_modes(self): ++ # Test how file modes are extracted ++ # (Note that the modes are ignored on platforms without working chmod) ++ with ArchiveMaker() as arc: ++ arc.add('all_bits', mode='?rwsrwsrwt') ++ arc.add('perm_bits', mode='?rwxrwxrwx') ++ arc.add('exec_group_other', mode='?rw-rwxrwx') ++ arc.add('read_group_only', mode='?---r-----') ++ arc.add('no_bits', mode='?---------') ++ arc.add('dir/', mode='?---rwsrwt') ++ ++ # On some systems, setting the sticky bit is a no-op. ++ # Check if that's the case. ++ tmp_filename = os.path.join(TEMPDIR, "tmp.file") ++ with open(tmp_filename, 'w'): ++ pass ++ os.chmod(tmp_filename, os.stat(tmp_filename).st_mode | stat.S_ISVTX) ++ have_sticky_files = (os.stat(tmp_filename).st_mode & stat.S_ISVTX) ++ os.unlink(tmp_filename) ++ ++ os.mkdir(tmp_filename) ++ os.chmod(tmp_filename, os.stat(tmp_filename).st_mode | stat.S_ISVTX) ++ have_sticky_dirs = (os.stat(tmp_filename).st_mode & stat.S_ISVTX) ++ os.rmdir(tmp_filename) ++ ++ with self.check_context(arc.open(), 'fully_trusted'): ++ if have_sticky_files: ++ self.expect_file('all_bits', mode='?rwsrwsrwt') ++ else: ++ self.expect_file('all_bits', mode='?rwsrwsrwx') ++ self.expect_file('perm_bits', mode='?rwxrwxrwx') ++ self.expect_file('exec_group_other', mode='?rw-rwxrwx') ++ self.expect_file('read_group_only', mode='?---r-----') ++ self.expect_file('no_bits', mode='?---------') ++ if have_sticky_dirs: ++ self.expect_file('dir/', mode='?---rwsrwt') ++ else: ++ self.expect_file('dir/', mode='?---rwsrwx') ++ ++ with self.check_context(arc.open(), 'tar'): ++ self.expect_file('all_bits', mode='?rwxr-xr-x') ++ self.expect_file('perm_bits', mode='?rwxr-xr-x') ++ self.expect_file('exec_group_other', mode='?rw-r-xr-x') ++ self.expect_file('read_group_only', mode='?---r-----') ++ self.expect_file('no_bits', mode='?---------') ++ self.expect_file('dir/', mode='?---r-xr-x') ++ ++ with self.check_context(arc.open(), 'data'): ++ normal_dir_mode = stat.filemode(stat.S_IMODE( ++ self.outerdir.stat().st_mode)) ++ self.expect_file('all_bits', mode='?rwxr-xr-x') ++ self.expect_file('perm_bits', mode='?rwxr-xr-x') ++ self.expect_file('exec_group_other', mode='?rw-r--r--') ++ self.expect_file('read_group_only', mode='?rw-r-----') ++ self.expect_file('no_bits', mode='?rw-------') ++ self.expect_file('dir/', mode=normal_dir_mode) ++ ++ def test_pipe(self): ++ # Test handling of a special file ++ with ArchiveMaker() as arc: ++ arc.add('foo', type=tarfile.FIFOTYPE) ++ ++ for filter in 'fully_trusted', 'tar': ++ with self.check_context(arc.open(), filter): ++ if hasattr(os, 'mkfifo'): ++ self.expect_file('foo', type=tarfile.FIFOTYPE) ++ else: ++ # The pipe can't be extracted and is skipped. ++ pass ++ ++ with self.check_context(arc.open(), 'data'): ++ self.expect_exception( ++ tarfile.SpecialFileError, ++ "'foo' is a special file") ++ ++ def test_special_files(self): ++ # Creating device files is tricky. Instead of attempting that let's ++ # only check the filter result. ++ for special_type in tarfile.FIFOTYPE, tarfile.CHRTYPE, tarfile.BLKTYPE: ++ tarinfo = tarfile.TarInfo('foo') ++ tarinfo.type = special_type ++ trusted = tarfile.fully_trusted_filter(tarinfo, '') ++ self.assertIs(trusted, tarinfo) ++ tar = tarfile.tar_filter(tarinfo, '') ++ self.assertEqual(tar.type, special_type) ++ with self.assertRaises(tarfile.SpecialFileError) as cm: ++ tarfile.data_filter(tarinfo, '') ++ self.assertIsInstance(cm.exception.tarinfo, tarfile.TarInfo) ++ self.assertEqual(cm.exception.tarinfo.name, 'foo') ++ ++ def test_fully_trusted_filter(self): ++ # The 'fully_trusted' filter returns the original TarInfo objects. ++ with tarfile.TarFile.open(tarname) as tar: ++ for tarinfo in tar.getmembers(): ++ filtered = tarfile.fully_trusted_filter(tarinfo, '') ++ self.assertIs(filtered, tarinfo) ++ ++ def test_tar_filter(self): ++ # The 'tar' filter returns TarInfo objects with the same name/type. ++ # (It can also fail for particularly "evil" input, but we don't have ++ # that in the test archive.) ++ with tarfile.TarFile.open(tarname) as tar: ++ for tarinfo in tar.getmembers(): ++ filtered = tarfile.tar_filter(tarinfo, '') ++ self.assertIs(filtered.name, tarinfo.name) ++ self.assertIs(filtered.type, tarinfo.type) ++ ++ def test_data_filter(self): ++ # The 'data' filter either raises, or returns TarInfo with the same ++ # name/type. ++ with tarfile.TarFile.open(tarname) as tar: ++ for tarinfo in tar.getmembers(): ++ try: ++ filtered = tarfile.data_filter(tarinfo, '') ++ except tarfile.FilterError: ++ continue ++ self.assertIs(filtered.name, tarinfo.name) ++ self.assertIs(filtered.type, tarinfo.type) ++ ++ def test_default_filter_warns_not(self): ++ """Ensure the default filter does not warn (like in 3.12)""" ++ with ArchiveMaker() as arc: ++ arc.add('foo') ++ with warnings_helper.check_no_warnings(self): ++ with self.check_context(arc.open(), None): ++ self.expect_file('foo') ++ ++ def test_change_default_filter_on_instance(self): ++ tar = tarfile.TarFile(tarname, 'r') ++ def strict_filter(tarinfo, path): ++ if tarinfo.name == 'ustar/regtype': ++ return tarinfo ++ else: ++ return None ++ tar.extraction_filter = strict_filter ++ with self.check_context(tar, None): ++ self.expect_file('ustar/regtype') ++ ++ def test_change_default_filter_on_class(self): ++ def strict_filter(tarinfo, path): ++ if tarinfo.name == 'ustar/regtype': ++ return tarinfo ++ else: ++ return None ++ tar = tarfile.TarFile(tarname, 'r') ++ with support.swap_attr(tarfile.TarFile, 'extraction_filter', ++ staticmethod(strict_filter)): ++ with self.check_context(tar, None): ++ self.expect_file('ustar/regtype') ++ ++ def test_change_default_filter_on_subclass(self): ++ class TarSubclass(tarfile.TarFile): ++ def extraction_filter(self, tarinfo, path): ++ if tarinfo.name == 'ustar/regtype': ++ return tarinfo ++ else: ++ return None ++ ++ tar = TarSubclass(tarname, 'r') ++ with self.check_context(tar, None): ++ self.expect_file('ustar/regtype') ++ ++ def test_change_default_filter_to_string(self): ++ tar = tarfile.TarFile(tarname, 'r') ++ tar.extraction_filter = 'data' ++ with self.check_context(tar, None): ++ self.expect_exception(TypeError) ++ ++ def test_custom_filter(self): ++ def custom_filter(tarinfo, path): ++ self.assertIs(path, self.destdir) ++ if tarinfo.name == 'move_this': ++ return tarinfo.replace(name='moved') ++ if tarinfo.name == 'ignore_this': ++ return None ++ return tarinfo ++ ++ with ArchiveMaker() as arc: ++ arc.add('move_this') ++ arc.add('ignore_this') ++ arc.add('keep') ++ with self.check_context(arc.open(), custom_filter): ++ self.expect_file('moved') ++ self.expect_file('keep') ++ ++ def test_bad_filter_name(self): ++ with ArchiveMaker() as arc: ++ arc.add('foo') ++ with self.check_context(arc.open(), 'bad filter name'): ++ self.expect_exception(ValueError) ++ ++ def test_stateful_filter(self): ++ # Stateful filters should be possible. ++ # (This doesn't really test tarfile. Rather, it demonstrates ++ # that third parties can implement a stateful filter.) ++ class StatefulFilter: ++ def __enter__(self): ++ self.num_files_processed = 0 ++ return self ++ ++ def __call__(self, tarinfo, path): ++ try: ++ tarinfo = tarfile.data_filter(tarinfo, path) ++ except tarfile.FilterError: ++ return None ++ self.num_files_processed += 1 ++ return tarinfo ++ ++ def __exit__(self, *exc_info): ++ self.done = True ++ ++ with ArchiveMaker() as arc: ++ arc.add('good') ++ arc.add('bad', symlink_to='/') ++ arc.add('good') ++ with StatefulFilter() as custom_filter: ++ with self.check_context(arc.open(), custom_filter): ++ self.expect_file('good') ++ self.assertEqual(custom_filter.num_files_processed, 2) ++ self.assertEqual(custom_filter.done, True) ++ ++ def test_errorlevel(self): ++ def extracterror_filter(tarinfo, path): ++ raise tarfile.ExtractError('failed with ExtractError') ++ def filtererror_filter(tarinfo, path): ++ raise tarfile.FilterError('failed with FilterError') ++ def oserror_filter(tarinfo, path): ++ raise OSError('failed with OSError') ++ def tarerror_filter(tarinfo, path): ++ raise tarfile.TarError('failed with base TarError') ++ def valueerror_filter(tarinfo, path): ++ raise ValueError('failed with ValueError') ++ ++ with ArchiveMaker() as arc: ++ arc.add('file') ++ ++ # If errorlevel is 0, errors affected by errorlevel are ignored ++ ++ with self.check_context(arc.open(errorlevel=0), extracterror_filter): ++ self.expect_file('file') ++ ++ with self.check_context(arc.open(errorlevel=0), filtererror_filter): ++ self.expect_file('file') ++ ++ with self.check_context(arc.open(errorlevel=0), oserror_filter): ++ self.expect_file('file') ++ ++ with self.check_context(arc.open(errorlevel=0), tarerror_filter): ++ self.expect_exception(tarfile.TarError) ++ ++ with self.check_context(arc.open(errorlevel=0), valueerror_filter): ++ self.expect_exception(ValueError) ++ ++ # If 1, all fatal errors are raised ++ ++ with self.check_context(arc.open(errorlevel=1), extracterror_filter): ++ self.expect_file('file') ++ ++ with self.check_context(arc.open(errorlevel=1), filtererror_filter): ++ self.expect_exception(tarfile.FilterError) ++ ++ with self.check_context(arc.open(errorlevel=1), oserror_filter): ++ self.expect_exception(OSError) ++ ++ with self.check_context(arc.open(errorlevel=1), tarerror_filter): ++ self.expect_exception(tarfile.TarError) ++ ++ with self.check_context(arc.open(errorlevel=1), valueerror_filter): ++ self.expect_exception(ValueError) ++ ++ # If 2, all non-fatal errors are raised as well. ++ ++ with self.check_context(arc.open(errorlevel=2), extracterror_filter): ++ self.expect_exception(tarfile.ExtractError) ++ ++ with self.check_context(arc.open(errorlevel=2), filtererror_filter): ++ self.expect_exception(tarfile.FilterError) ++ ++ with self.check_context(arc.open(errorlevel=2), oserror_filter): ++ self.expect_exception(OSError) ++ ++ with self.check_context(arc.open(errorlevel=2), tarerror_filter): ++ self.expect_exception(tarfile.TarError) ++ ++ with self.check_context(arc.open(errorlevel=2), valueerror_filter): ++ self.expect_exception(ValueError) ++ ++ # We only handle ExtractionError, FilterError & OSError specially. ++ ++ with self.check_context(arc.open(errorlevel='boo!'), filtererror_filter): ++ self.expect_exception(TypeError) # errorlevel is not int ++ ++ + def setUpModule(): + os_helper.unlink(TEMPDIR) + os.makedirs(TEMPDIR) +--- /dev/null ++++ b/Misc/NEWS.d/next/Library/2023-03-23-15-24-38.gh-issue-102953.YR4KaK.rst +@@ -0,0 +1,4 @@ ++The extraction methods in :mod:`tarfile`, and :func:`shutil.unpack_archive`, ++have a new a *filter* argument that allows limiting tar features than may be ++surprising or dangerous, such as creating files outside the destination ++directory. See :ref:`tarfile-extraction-filter` for details. diff --git a/Python-3.11.2.tar.xz b/Python-3.11.2.tar.xz deleted file mode 100644 index 2728336..0000000 --- a/Python-3.11.2.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:29e4b8f5f1658542a8c13e2dd277358c9c48f2b2f7318652ef1675e402b9d2af -size 19893284 diff --git a/Python-3.11.2.tar.xz.asc b/Python-3.11.2.tar.xz.asc deleted file mode 100644 index 34be782..0000000 --- a/Python-3.11.2.tar.xz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCAAdFiEEz9yiRbEEPPKl+Xhl/+h0BBaL2EcFAmPiV84ACgkQ/+h0BBaL -2EeZ1xAAwBi0AEjUlZ9oeC54VuqC/XLuVwc3xWf+Irw/5mJA2/weJHoQqG9aEDkB -ph1pDJ6G/vDyKdjh8NZKkKftIL9pggRpAcA4mQ3XcDMKI/J+EQe5P/BwsTGClLhK -cZg6IcQKZvo9djfyRz48w9wfKs34NasBgoFQP+hOzmU10UMrcR7gUSB2ZgMVMDID -0rK1w2aPmZmDLUltBhf6Xb2voUYo+3jINLHWmQC6tdDOBxtxv222dhxS1mvpV7Zu -Xw8do9OsQxonc+owkpciMKDLcFoVmkdQPz9bmvHJKovMXT2RY7FEam9H7ukr35fC -xA6BKnyMgvWIWQVTwjBhcz3C85adzAz/ypHNTbJOuPxp1ZP8qO3D6vPlhZIFyTeJ -7LhagUBUkIKKtbz7u3ERJgvA6tn3UVyLOXM1DnaKkXQ1FgSymgWPRU7BsxanQ8FD -QkfTjC8fatZLCewNfGInkeAdLue+rMwZc8Q6vw2CAmcVdOKsQ98Db/FLF5sC+Kjz -D3brUESEX1ELcVk7vumUI0/z+MECF11dpv5hPOZ4cZDoInsNu846TfU0rzOeVe7H -gGO6Ae/Lu5gG09TNqepbFGA/dWR8V3zdLs5ZShTT4FsNFrHh7GDAEAMZSwT3AsVZ -TjOdU3+xEGsEfrYWRXOkhVIQdJtuovwv9+me5YWeyC4Puzp0Zwk= -=8/cW ------END PGP SIGNATURE----- diff --git a/Python-3.11.3.tar.xz b/Python-3.11.3.tar.xz new file mode 100644 index 0000000..b1a0cdb --- /dev/null +++ b/Python-3.11.3.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:8a5db99c961a7ecf27c75956189c9602c968751f11dbeae2b900dbff1c085b5e +size 19906156 diff --git a/Python-3.11.3.tar.xz.asc b/Python-3.11.3.tar.xz.asc new file mode 100644 index 0000000..a67d226 --- /dev/null +++ b/Python-3.11.3.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEz9yiRbEEPPKl+Xhl/+h0BBaL2EcFAmQsppwACgkQ/+h0BBaL +2Ee3kg//ewFzE4twuLz2MKoki+7xKz5VzTm2fvCtymAtqVq8Tk3oTvRrc9llHIQn ++QU6Cjiu38igRgQ4O0/i6909U3N1tmqXsSHtuGIB5mEOqwK9LESTPJG+wK4nULg5 +fLH+FgBAJ4HSI3WIMt8jn98LJ8lsfFrH1sdv9ijcDN9VdekY8vXOOaWbAWg2vpYb +vXTtajHXA1KLZR1GvhDel3G6qPhxOjud/gwVJgzHcxA/mpDjT5DTiqS5rVMsJQq0 +R/LCtsqM4NVjurWwe5jEOi/Fv60qTN7ekuIdziC3IB50WjkwXltKB90l9heihnZo +oGAe2T9Kv74Pr1kWhkstURwFGP6hRrZHNfvZXYgcJdN2SxsS9VNkt2JQ9aKevPo3 +t1ZgmB5WGsWAWgny7pm+qLfKy5mkdaal/BB7iLTh5/u3b6tlO2C7wNpGRLS1OBrN +kr/SMS0uyVXcZfcjMTs9e/7YU/ArAvu5nwbFqDrFLHe1SHqTq1PXkeVxbxf1c6KW +TZyOivQA7pcbPyqrbm+tuL2qbAjfOtDo771i9AG2vjgsblxTQvBxXc7buv5/JoCl +4jKuDYHuteiVsuJFeC2Gs67hcM0qjEzbB7mFSJLPDZU3gMMGQxMn/ZWrI/laD5hB +biXtLQJt/Z+3f1ROWiFgjZvdaWYjT26BWaBkIMrv65NG//M7wfo= +=SzVA +-----END PGP SIGNATURE----- diff --git a/fix_configure_rst.patch b/fix_configure_rst.patch index 7cef975..56c05ff 100644 --- a/fix_configure_rst.patch +++ b/fix_configure_rst.patch @@ -13,7 +13,7 @@ .. cmdoption:: --with-cxx-main=COMPILER Compile the Python ``main()`` function and link Python executable with C++ -@@ -511,13 +510,11 @@ macOS Options +@@ -527,13 +526,11 @@ macOS Options See ``Mac/README.rst``. @@ -29,7 +29,7 @@ Create a Python.framework rather than a traditional Unix install. Optional --- a/Misc/NEWS +++ b/Misc/NEWS -@@ -7621,7 +7621,7 @@ C API +@@ -7809,7 +7809,7 @@ C API - bpo-40939: Removed documentation for the removed ``PyParser_*`` C API. - bpo-43795: The list in :ref:`stable-abi-list` now shows the public name diff --git a/python311.changes b/python311.changes index 1f0f27f..16a6a47 100644 --- a/python311.changes +++ b/python311.changes @@ -1,3 +1,120 @@ +------------------------------------------------------------------- +Thu Apr 27 21:57:15 UTC 2023 - Matej Cepl + +- Update to 3.11.3: + - Security + - gh-101727: Updated the OpenSSL version used in Windows + and macOS binary release builds to 1.1.1t to address + CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303 per the + OpenSSL 2023-02-07 security advisory. + - gh-101283: subprocess.Popen now uses a safer approach to + find cmd.exe when launching with shell=True. Patch by Eryk + Sun, based on a patch by Oleg Iarygin. + - Core and Builtins + - gh-101975: Fixed stacktop value on tracing entries to avoid + corruption on garbage collection. + - gh-102701: Fix overflow when creating very large dict. + - gh-102416: Do not memoize incorrectly automatically + generated loop rules in the parser. Patch by Pablo Galindo. + - gh-102356: Fix a bug that caused a crash when deallocating + deeply nested filter objects. Patch by Marta Gómez Macías. + - gh-102397: Fix segfault from race condition in signal + handling during garbage collection. Patch by Kumar Aditya. + - gh-102281: Fix potential nullptr dereference and use of + uninitialized memory in fileutils. Patch by Max Bachmann. + - gh-102126: Fix deadlock at shutdown when clearing thread + states if any finalizer tries to acquire the runtime head + lock. Patch by Kumar Aditya. + - gh-102027: Fix SSE2 and SSE3 detection in _blake2 internal + module. Patch by Max Bachmann. + - gh-101967: Fix possible segfault in + positional_only_passed_as_keyword function, when new list + created. + - gh-101765: Fix SystemError / segmentation fault in iter + __reduce__ when internal access of builtins.__dict__ keys + mutates the iter object. + - gh-101696: Invalidate type version tag in + _PyStaticType_Dealloc for static types, avoiding bug where + a false cache hit could crash the interpreter. Patch by + Kumar Aditya. + - Library + - gh-102549: Don’t ignore exceptions in member type creation. + - gh-102947: Improve traceback when dataclasses.fields() is + called on a non-dataclass. Patch by Alex Waygood + - gh-102780: The asyncio.Timeout context manager now + works reliably even when performing cleanup due to task + cancellation. Previously it could raise a CancelledError + instead of an TimeoutError in such cases. + - gh-88965: typing: Fix a bug relating to substitution in . + Pacustom classes generic over a ParamSpec. Previously, if . + Pathe ParamSpec was substituted with a parameters list that . + Paitself contained a TypeVar, the TypeVar in the parameters . + Palist could not be subsequently substituted. This is now . + Pafixed tch by Nikita Sobolev . + - gh-101979: Fix a bug where parentheses in the metavar + argument to argparse.ArgumentParser.add_argument() were + dropped. Patch by Yeojin Kim. + - gh-102179: Fix os.dup2() error message for negative fds. + - gh-101961: For the binary mode, fileinput.hookcompressed() + doesn’t set the encoding value even if the value is + None. Patch by Gihwan Kim. + - gh-101936: The default value of fp becomes io.BytesIO + if HTTPError is initialized without a designated fp + parameter. Patch by Long Vo. + - gh-102069: Fix __weakref__ descriptor generation for custom + dataclasses. + - gh-101566: In zipfile, apply fix for extractall on the + underlying zipfile after being wrapped in Path. + - gh-101892: Callable iterators no longer raise SystemError + when the callable object exhausts the iterator but forgets + to either return a sentinel value or raise StopIteration. + - gh-97786: Fix potential undefined behaviour in corner cases + of floating-point-to-time conversions. + - gh-101517: Fixed bug where bdb looks up the source line + with linecache with a lineno=None, which causes it to fail + with an unhandled exception. + - gh-101673: Fix a pdb bug where ll clears the changes to + local variables. + - gh-96931: Fix incorrect results from + ssl.SSLSocket.shared_ciphers() + - gh-88233: Correctly preserve “extra” fields in zipfile + regardless of their ordering relative to a zip64 “extra.” + - gh-96127: inspect.signature was raising TypeError on + call with mock objects. Now it correctly returns (*args, + **kwargs) as infered signature. + - gh-95495: When built against OpenSSL 3.0, the ssl module + had a bug where it reported unauthenticated EOFs (i.e. + without close_notify) as a clean TLS-level EOF. It now + raises SSLEOFError, matching the behavior in previous + versions of OpenSSL. The options attribute on SSLContext + also no longer includes OP_IGNORE_UNEXPECTED_EOF by + default. This option may be set to specify the previous + OpenSSL 3.0 behavior. + - gh-94440: Fix a concurrent.futures.process bug where + ProcessPoolExecutor shutdown could hang after a future has + been quickly submitted and canceled. + - Documentation + - gh-103112: Add docstring to http.client.HTTPResponse.read() + to fix pydoc output. + - gh-85417: Update cmath documentation to clarify behaviour + on branch cuts. + - gh-97725: Fix asyncio.Task.print_stack() description for + file=None. Patch by Oleg Iarygin. + - Tests + - gh-102980: Improve test coverage on pdb. + - gh-102537: Adjust the error handling strategy in + test_zoneinfo.TzPathTest.python_tzpath_context. Patch by + Paul Ganssle. + - gh-89792: test_tools now copies up to 10x less source data + to a temporary directory during the freeze test by ignoring + git metadata and other artifacts. It also limits its python + build parallelism based on os.cpu_count instead of hard + coding it as 8 cores. + - gh-101377: Improved test_locale_calendar_formatweekday of + calendar. + - Build + - gh-102711: Fix -Wstrict-prototypes compiler warnings. + ------------------------------------------------------------------- Fri Mar 3 17:23:35 UTC 2023 - Matej Cepl diff --git a/python311.spec b/python311.spec index 8ee1161..60e3a72 100644 --- a/python311.spec +++ b/python311.spec @@ -104,7 +104,7 @@ Obsoletes: python310%{?1:-%{1}} %define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so %bcond_without profileopt Name: %{python_pkg_name}%{psuffix} -Version: 3.11.2 +Version: 3.11.3 Release: 0 Summary: Python 3 Interpreter License: Python-2.0 @@ -167,6 +167,9 @@ Patch35: fix_configure_rst.patch # PATCH-FIX-UPSTREAM support-expat-CVE-2022-25236-patched.patch jsc#SLE-21253 mcepl@suse.com # Makes Python resilient to changes of API of libexpat Patch36: support-expat-CVE-2022-25236-patched.patch +# PATCH-FIX-UPSTREAM CVE-2007-4559-filter-tarfile_extractall.patch bsc#1203750 mcepl@suse.com +# PEP 706 – Filter for tarfile.extractall +Patch37: CVE-2007-4559-filter-tarfile_extractall.patch BuildRequires: autoconf-archive BuildRequires: automake BuildRequires: fdupes @@ -438,6 +441,7 @@ other applications. %endif %patch35 -p1 %patch36 -p1 +%patch37 -p1 # drop Autoconf version requirement sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac -- 2.51.1 From b323e62899e2b5b6c0e822e5989750c464eecba6b76b126813862f7e9df28d92 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Thu, 27 Apr 2023 22:23:56 +0000 Subject: [PATCH 042/135] Ajust patches OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=58 --- no-skipif-doctests.patch | 4 ++-- skip-test_pyobject_freed_is_freed.patch | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/no-skipif-doctests.patch b/no-skipif-doctests.patch index dea56fc..ee98abf 100644 --- a/no-skipif-doctests.patch +++ b/no-skipif-doctests.patch @@ -348,7 +348,7 @@ unchanged: >>> turtle.resizemode() 'noresize' @@ -1217,7 +1173,6 @@ Appearance - of the shapes's outline. + of the shape's outline. .. doctest:: - :skipif: _tkinter is None @@ -643,7 +643,7 @@ unchanged: >>> poly = ((0,0),(10,-5),(0,10),(-10,-5)) >>> s = Shape("compound") -@@ -2514,7 +2433,6 @@ Changes since Python 3.0 +@@ -2518,7 +2437,6 @@ Changes since Python 3.0 .. doctest:: diff --git a/skip-test_pyobject_freed_is_freed.patch b/skip-test_pyobject_freed_is_freed.patch index b6883dd..bbe56ba 100644 --- a/skip-test_pyobject_freed_is_freed.patch +++ b/skip-test_pyobject_freed_is_freed.patch @@ -1,10 +1,10 @@ --- - Lib/test/test_capi.py | 1 + + Lib/test/test_capi/test_misc.py | 1 + 1 file changed, 1 insertion(+) ---- a/Lib/test/test_capi.py -+++ b/Lib/test/test_capi.py -@@ -1035,6 +1035,7 @@ class PyMemDebugTests(unittest.TestCase) +--- a/Lib/test/test_capi/test_misc.py ++++ b/Lib/test/test_capi/test_misc.py +@@ -1236,6 +1236,7 @@ class PyMemDebugTests(unittest.TestCase) def test_pyobject_forbidden_bytes_is_freed(self): self.check_pyobject_is_freed('check_pyobject_forbidden_bytes_is_freed') -- 2.51.1 From a48f5d0f80cc8c26c2d1471f47158832c5785851136736818a3193ef9d69342a Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Sun, 30 Apr 2023 18:13:43 +0000 Subject: [PATCH 043/135] - Why in the world we download from HTTP? OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=59 --- python311.changes | 5 +++++ python311.spec | 4 ++-- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/python311.changes b/python311.changes index 16a6a47..4bbad21 100644 --- a/python311.changes +++ b/python311.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Sun Apr 30 18:13:16 UTC 2023 - Matej Cepl + +- Why in the world we download from HTTP? + ------------------------------------------------------------------- Thu Apr 27 21:57:15 UTC 2023 - Matej Cepl diff --git a/python311.spec b/python311.spec index 60e3a72..38c7a0d 100644 --- a/python311.spec +++ b/python311.spec @@ -109,8 +109,8 @@ Release: 0 Summary: Python 3 Interpreter License: Python-2.0 URL: https://www.python.org/ -Source0: http://www.python.org/ftp/python/%{folderversion}/%{tarname}.tar.xz -Source1: http://www.python.org/ftp/python/%{folderversion}/%{tarname}.tar.xz.asc +Source0: https://www.python.org/ftp/python/%{folderversion}/%{tarname}.tar.xz +Source1: https://www.python.org/ftp/python/%{folderversion}/%{tarname}.tar.xz.asc Source2: baselibs.conf Source3: README.SUSE Source7: macros.python3 -- 2.51.1 From ea266df005d92efddff68f6d885523c83a9ac93d5b1e32ab670085bf61631bcc Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Tue, 2 May 2023 21:29:28 +0000 Subject: [PATCH 044/135] - Add 103213-fetch-CONFIG_ARGS.patch (gh#python/cpython#103053). OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=60 --- 103213-fetch-CONFIG_ARGS.patch | 37 ++++++++++++++++++++++++++++++++++ python311.changes | 1 + python311.spec | 4 ++++ 3 files changed, 42 insertions(+) create mode 100644 103213-fetch-CONFIG_ARGS.patch diff --git a/103213-fetch-CONFIG_ARGS.patch b/103213-fetch-CONFIG_ARGS.patch new file mode 100644 index 0000000..4a8c2e0 --- /dev/null +++ b/103213-fetch-CONFIG_ARGS.patch @@ -0,0 +1,37 @@ +From d3217d12eee9eefad8444e80545b82b2a8c2be4c Mon Sep 17 00:00:00 2001 +From: Ijtaba Hussain +Date: Mon, 3 Apr 2023 17:28:32 +0500 +Subject: [PATCH 1/3] Fetch CONFIG_ARGS from original python instance + +instead of fetching from intermediate instance. As "make clean" is called +against the intermediate instance, the build directory is cleared and the +config arguments lookup fails with a ModuleNotFoundError +--- + Misc/NEWS.d/next/Tools-Demos/2023-04-05-07-19-36.gh-issue-103186.yEozgK.rst | 2 ++ + Tools/freeze/test/freeze.py | 3 +-- + 2 files changed, 3 insertions(+), 2 deletions(-) + +--- /dev/null ++++ b/Misc/NEWS.d/next/Tools-Demos/2023-04-05-07-19-36.gh-issue-103186.yEozgK.rst +@@ -0,0 +1,2 @@ ++``freeze`` now fetches ``CONFIG_ARGS`` from the original CPython instance ++the Makefile uses to call utility scripts. Patch by Ijtaba Hussain. +--- a/Tools/freeze/test/freeze.py ++++ b/Tools/freeze/test/freeze.py +@@ -96,7 +96,6 @@ def copy_source_tree(newroot, oldroot): + if os.path.exists(os.path.join(newroot, 'Makefile')): + _run_quiet([MAKE, 'clean'], newroot) + +- + def get_makefile_var(builddir, name): + regex = re.compile(rf'^{name} *=\s*(.*?)\s*$') + filename = os.path.join(builddir, 'Makefile') +@@ -153,7 +152,7 @@ def prepare(script=None, outdir=None): + print(f'configuring python in {builddir}...') + cmd = [ + os.path.join(srcdir, 'configure'), +- *shlex.split(get_config_var(srcdir, 'CONFIG_ARGS') or ''), ++ *shlex.split(get_config_var(SRCDIR, 'CONFIG_ARGS') or ''), + ] + ensure_opt(cmd, 'cache-file', os.path.join(outdir, 'python-config.cache')) + prefix = os.path.join(outdir, 'python-installation') diff --git a/python311.changes b/python311.changes index 4bbad21..f7e2268 100644 --- a/python311.changes +++ b/python311.changes @@ -2,6 +2,7 @@ Sun Apr 30 18:13:16 UTC 2023 - Matej Cepl - Why in the world we download from HTTP? +- Add 103213-fetch-CONFIG_ARGS.patch (gh#python/cpython#103053). ------------------------------------------------------------------- Thu Apr 27 21:57:15 UTC 2023 - Matej Cepl diff --git a/python311.spec b/python311.spec index 38c7a0d..457fcec 100644 --- a/python311.spec +++ b/python311.spec @@ -170,6 +170,9 @@ Patch36: support-expat-CVE-2022-25236-patched.patch # PATCH-FIX-UPSTREAM CVE-2007-4559-filter-tarfile_extractall.patch bsc#1203750 mcepl@suse.com # PEP 706 – Filter for tarfile.extractall Patch37: CVE-2007-4559-filter-tarfile_extractall.patch +# PATCH-FIX-UPSTREAM 103213-fetch-CONFIG_ARGS.patch gh#python/cpython#103053 mcepl@suse.com +# Fetch CONFIG_ARGS from original python instance +Patch38: 103213-fetch-CONFIG_ARGS.patch BuildRequires: autoconf-archive BuildRequires: automake BuildRequires: fdupes @@ -442,6 +445,7 @@ other applications. %patch35 -p1 %patch36 -p1 %patch37 -p1 +%patch38 -p1 # drop Autoconf version requirement sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac -- 2.51.1 From e71e638e14d24004ddff16c94052449c3087181755553b57f731201115822117 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Tue, 2 May 2023 23:12:23 +0000 Subject: [PATCH 045/135] - Add skip-test_freeze_simple_script.patch OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=61 --- python311.changes | 1 + python311.spec | 4 ++++ skip-test_freeze_simple_script.patch | 15 +++++++++++++++ 3 files changed, 20 insertions(+) create mode 100644 skip-test_freeze_simple_script.patch diff --git a/python311.changes b/python311.changes index f7e2268..98fb888 100644 --- a/python311.changes +++ b/python311.changes @@ -3,6 +3,7 @@ Sun Apr 30 18:13:16 UTC 2023 - Matej Cepl - Why in the world we download from HTTP? - Add 103213-fetch-CONFIG_ARGS.patch (gh#python/cpython#103053). +- Add skip-test_freeze_simple_script.patch ------------------------------------------------------------------- Thu Apr 27 21:57:15 UTC 2023 - Matej Cepl diff --git a/python311.spec b/python311.spec index 457fcec..a4b2846 100644 --- a/python311.spec +++ b/python311.spec @@ -173,6 +173,9 @@ Patch37: CVE-2007-4559-filter-tarfile_extractall.patch # PATCH-FIX-UPSTREAM 103213-fetch-CONFIG_ARGS.patch gh#python/cpython#103053 mcepl@suse.com # Fetch CONFIG_ARGS from original python instance Patch38: 103213-fetch-CONFIG_ARGS.patch +# PATCH-FIX-UPSTREAM skip-test_freeze_simple_script.patch gh#python/cpython#103053 mcepl@suse.com +# Skip test_freeze_simple_script +Patch39: skip-test_freeze_simple_script.patch BuildRequires: autoconf-archive BuildRequires: automake BuildRequires: fdupes @@ -446,6 +449,7 @@ other applications. %patch36 -p1 %patch37 -p1 %patch38 -p1 +%patch39 -p1 # drop Autoconf version requirement sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac diff --git a/skip-test_freeze_simple_script.patch b/skip-test_freeze_simple_script.patch new file mode 100644 index 0000000..f043185 --- /dev/null +++ b/skip-test_freeze_simple_script.patch @@ -0,0 +1,15 @@ +--- + Lib/test/support/__init__.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/Lib/test/support/__init__.py ++++ b/Lib/test/support/__init__.py +@@ -388,7 +388,7 @@ def skip_if_buildbot(reason=None): + if not reason: + reason = 'not suitable for buildbots' + try: +- isbuildbot = getpass.getuser().lower() == 'buildbot' ++ isbuildbot = getpass.getuser().lower() == 'abuild' + except (KeyError, EnvironmentError) as err: + warnings.warn(f'getpass.getuser() failed {err}.', RuntimeWarning) + isbuildbot = False -- 2.51.1 From f503a46aa9d6465916b16c1d859716236a60f225a63d2b84fb5e2ef075193126 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Wed, 3 May 2023 05:42:18 +0000 Subject: [PATCH 046/135] - Add skip_if_buildbot-extend.patch to avoid the bug altogether (extending what skip_if_buildbot covers). OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=62 --- python311.changes | 3 ++- python311.spec | 4 ++-- ...reeze_simple_script.patch => skip_if_buildbot-extend.patch | 2 +- 3 files changed, 5 insertions(+), 4 deletions(-) rename skip-test_freeze_simple_script.patch => skip_if_buildbot-extend.patch (87%) diff --git a/python311.changes b/python311.changes index 98fb888..aa6f5b9 100644 --- a/python311.changes +++ b/python311.changes @@ -3,7 +3,8 @@ Sun Apr 30 18:13:16 UTC 2023 - Matej Cepl - Why in the world we download from HTTP? - Add 103213-fetch-CONFIG_ARGS.patch (gh#python/cpython#103053). -- Add skip-test_freeze_simple_script.patch +- Add skip_if_buildbot-extend.patch to avoid the bug altogether + (extending what skip_if_buildbot covers). ------------------------------------------------------------------- Thu Apr 27 21:57:15 UTC 2023 - Matej Cepl diff --git a/python311.spec b/python311.spec index a4b2846..8eeeecb 100644 --- a/python311.spec +++ b/python311.spec @@ -173,9 +173,9 @@ Patch37: CVE-2007-4559-filter-tarfile_extractall.patch # PATCH-FIX-UPSTREAM 103213-fetch-CONFIG_ARGS.patch gh#python/cpython#103053 mcepl@suse.com # Fetch CONFIG_ARGS from original python instance Patch38: 103213-fetch-CONFIG_ARGS.patch -# PATCH-FIX-UPSTREAM skip-test_freeze_simple_script.patch gh#python/cpython#103053 mcepl@suse.com +# PATCH-FIX-UPSTREAM skip_if_buildbot-extend.patch gh#python/cpython#103053 mcepl@suse.com # Skip test_freeze_simple_script -Patch39: skip-test_freeze_simple_script.patch +Patch39: skip_if_buildbot-extend.patch BuildRequires: autoconf-archive BuildRequires: automake BuildRequires: fdupes diff --git a/skip-test_freeze_simple_script.patch b/skip_if_buildbot-extend.patch similarity index 87% rename from skip-test_freeze_simple_script.patch rename to skip_if_buildbot-extend.patch index f043185..493ebfe 100644 --- a/skip-test_freeze_simple_script.patch +++ b/skip_if_buildbot-extend.patch @@ -9,7 +9,7 @@ reason = 'not suitable for buildbots' try: - isbuildbot = getpass.getuser().lower() == 'buildbot' -+ isbuildbot = getpass.getuser().lower() == 'abuild' ++ isbuildbot = getpass.getuser().lower() in ['buildbot', 'abuild']: except (KeyError, EnvironmentError) as err: warnings.warn(f'getpass.getuser() failed {err}.', RuntimeWarning) isbuildbot = False -- 2.51.1 From 7cfc036a7d2ca95220c3eb80476efc71d9cd58e4c082441729401324984653ac Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Wed, 3 May 2023 07:07:31 +0000 Subject: [PATCH 047/135] Fix the patch OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=63 --- skip_if_buildbot-extend.patch | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/skip_if_buildbot-extend.patch b/skip_if_buildbot-extend.patch index 493ebfe..0300539 100644 --- a/skip_if_buildbot-extend.patch +++ b/skip_if_buildbot-extend.patch @@ -9,7 +9,7 @@ reason = 'not suitable for buildbots' try: - isbuildbot = getpass.getuser().lower() == 'buildbot' -+ isbuildbot = getpass.getuser().lower() in ['buildbot', 'abuild']: ++ isbuildbot = getpass.getuser().lower() in ['buildbot', 'abuild'] except (KeyError, EnvironmentError) as err: warnings.warn(f'getpass.getuser() failed {err}.', RuntimeWarning) isbuildbot = False -- 2.51.1 From 39157872a54e0b569729068cd2001f0f2e2ceeac15256c38a9c6ef07c5d5b015 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Wed, 3 May 2023 10:14:51 +0000 Subject: [PATCH 048/135] =?UTF-8?q?-=20Add=20CVE-2007-4559-filter-tarfile?= =?UTF-8?q?=5Fextractall.patch=20to=20fix=20=20=20bsc#1203750=20(CVE-2007-?= =?UTF-8?q?4559)=20and=20implementing=20"PEP=20706=20=E2=80=93=20Filter=20?= =?UTF-8?q?=20=20for=20tarfile.extractall".?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=64 --- python311.changes | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/python311.changes b/python311.changes index aa6f5b9..9934ec1 100644 --- a/python311.changes +++ b/python311.changes @@ -5,6 +5,9 @@ Sun Apr 30 18:13:16 UTC 2023 - Matej Cepl - Add 103213-fetch-CONFIG_ARGS.patch (gh#python/cpython#103053). - Add skip_if_buildbot-extend.patch to avoid the bug altogether (extending what skip_if_buildbot covers). +- Add CVE-2007-4559-filter-tarfile_extractall.patch to fix + bsc#1203750 (CVE-2007-4559) and implementing "PEP 706 – Filter + for tarfile.extractall". ------------------------------------------------------------------- Thu Apr 27 21:57:15 UTC 2023 - Matej Cepl @@ -15,9 +18,6 @@ Thu Apr 27 21:57:15 UTC 2023 - Matej Cepl and macOS binary release builds to 1.1.1t to address CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303 per the OpenSSL 2023-02-07 security advisory. - - gh-101283: subprocess.Popen now uses a safer approach to - find cmd.exe when launching with shell=True. Patch by Eryk - Sun, based on a patch by Oleg Iarygin. - Core and Builtins - gh-101975: Fixed stacktop value on tracing entries to avoid corruption on garbage collection. -- 2.51.1 From d34496b956564b6101d3648a15074efacbcfdcfc146fe48cecfe7130647b43c8 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Mon, 5 Jun 2023 12:53:40 +0000 Subject: [PATCH 049/135] Add missing Jira references to the changelog. OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=66 --- python311.changes | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/python311.changes b/python311.changes index 9934ec1..9ce6d5e 100644 --- a/python311.changes +++ b/python311.changes @@ -154,7 +154,8 @@ Tue Jan 24 12:23:34 UTC 2023 - Dirk Müller Tue Jan 10 11:11:56 UTC 2023 - Matej Cepl - Don't fail on Sphinx build warnings. -- For jsc#PED-1570, providing Python 3.11 for SLE-15-SP5. +- For jsc#PED-1570, jsc#PED-2217 and jsc#PED-68, + providing Python 3.11 for SLE-15-SP4. ------------------------------------------------------------------- Thu Dec 8 14:59:50 UTC 2022 - Matej Cepl -- 2.51.1 From 7a2425c2212065ee84febd0648923e6d7809d42ab6dec794752796df87939e93 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Mon, 26 Jun 2023 13:04:00 +0000 Subject: [PATCH 050/135] - Remove obsolete_python_versioned macro again. This mechanism has no business to be in Python 3.11, because we have abolished with it whole interpreter+setuptools+pip product. Python 3.11 should not be replaced by later versions anymore. OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=68 --- python311.changes | 8 ++++++++ python311.spec | 23 ----------------------- 2 files changed, 8 insertions(+), 23 deletions(-) diff --git a/python311.changes b/python311.changes index 9ce6d5e..d327de7 100644 --- a/python311.changes +++ b/python311.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Mon Jun 26 13:02:05 UTC 2023 - Matej Cepl + +- Remove obsolete_python_versioned macro again. This mechanism + has no business to be in Python 3.11, because we have abolished + with it whole interpreter+setuptools+pip product. Python 3.11 + should not be replaced by later versions anymore. + ------------------------------------------------------------------- Sun Apr 30 18:13:16 UTC 2023 - Matej Cepl diff --git a/python311.spec b/python311.spec index 8eeeecb..01e3d63 100644 --- a/python311.spec +++ b/python311.spec @@ -43,16 +43,6 @@ %define primary_interpreter 0 %endif -%if 0%{?sle_version} && 0%{?suse_version} < 1550 -# Obsoleting previous "latest" Python versions -# Next versions will get more lines like for older versions -%define obsolete_python_versioned() \ -Obsoletes: python39%{?1:-%{1}} \ -Obsoletes: python310%{?1:-%{1}} -%else -%define obsolete_python_versioned() %{nil} -%endif - # Setting up variables %define _version %(c=%{version}; echo ${c/[a-z]*/}) %define tar_suffix %(c=%{_version}; echo ${c#%{_version}}) @@ -227,7 +217,6 @@ Provides: %{python_pkg_name}-sqlite3 Recommends: %{python_pkg_name}-curses Recommends: %{python_pkg_name}-dbm Recommends: %{python_pkg_name}-pip -%obsolete_python_versioned %if %{primary_interpreter} Provides: python3 = %{python_version} Provides: python3-readline @@ -253,7 +242,6 @@ development environment (python3-idle). %package -n %{python_pkg_name}-tk Summary: TkInter, a Python Tk Interface Requires: %{python_pkg_name} = %{version} -%obsolete_python_versioned tk %if %{primary_interpreter} Provides: python3-tk = %{version} %endif @@ -264,7 +252,6 @@ Python interface to Tk. Tk is the GUI toolkit that comes with Tcl. %package -n %{python_pkg_name}-curses Summary: Python Interface to the (N)Curses Library Requires: %{python_pkg_name} = %{version} -%obsolete_python_versioned curses %if %{primary_interpreter} Provides: python3-curses %endif @@ -276,7 +263,6 @@ Console User Interface. %package -n %{python_pkg_name}-dbm Summary: Python Interface to the GDBM Library Requires: %{python_pkg_name} = %{version} -%obsolete_python_versioned dbm %if %{primary_interpreter} Provides: python3-dbm %endif @@ -289,7 +275,6 @@ the GNU implementation GDBM. Summary: An Integrated Development Environment for Python Requires: %{python_pkg_name} = %{version} Requires: %{python_pkg_name}-tk -%obsolete_python_versioned idle %if %{primary_interpreter} Provides: python3-idle = %{version} %endif @@ -303,7 +288,6 @@ a debugger. %package -n %{python_pkg_name}-doc Summary: Package Documentation for Python 3 Enhances: %{python_pkg_name} = %{python_version} -%obsolete_python_versioned doc %if %{primary_interpreter} Provides: python3-doc = %{version} %endif @@ -315,7 +299,6 @@ Python, and Macintosh Module Reference in HTML format. %package -n %{python_pkg_name}-doc-devhelp Summary: Additional Package Documentation for Python 3 in devhelp format -%obsolete_python_versioned doc-devhelp %if %{primary_interpreter} Provides: python3-doc-devhelp = %{version} %endif @@ -329,7 +312,6 @@ Python, and Macintosh Module Reference in format for devhelp. Summary: Python 3 Interpreter and Stdlib Core Requires: libpython%{so_version} = %{version} Recommends: %{python_pkg_name} = %{version} -%obsolete_python_versioned base #Recommends: python3-ensurepip # python 3.1 didn't have a separate python-base, so it is wrongly # not a conflict to have python3-3.1 and python3-base > 3.1 @@ -337,10 +319,8 @@ Obsoletes: python3 < 3.2 # no Provides, because python3 is obviously provided by package python3 # python 3.4 provides asyncio Provides: %{python_pkg_name}-asyncio = %{version} -%obsolete_python_versioned asyncio # python 3.6 provides typing Provides: %{python_pkg_name}-typing = %{version} -%obsolete_python_versioned typing # python3-xml was merged into python3, now moved into -base Provides: %{python_pkg_name}-xml = %{version} %if %{primary_interpreter} @@ -370,7 +350,6 @@ Summary: Python Utility and Demonstration Scripts Requires: %{python_pkg_name}-base = %{version} Provides: %{python_pkg_name}-2to3 = %{version} Provides: %{python_pkg_name}-demo = %{version} -%obsolete_python_versioned tools %if %{primary_interpreter} Provides: python3-2to3 = %{version} Provides: python3-demo = %{version} @@ -386,7 +365,6 @@ and a set of demonstration programs. %package -n %{python_pkg_name}-devel Summary: Include Files and Libraries Mandatory for Building Python Modules Requires: %{python_pkg_name}-base = %{version} -%obsolete_python_versioned devel %if %{primary_interpreter} Provides: python3-devel = %{version} %endif @@ -406,7 +384,6 @@ package up to version 2.2.2. Summary: Unit tests for Python and its standard library Requires: %{python_pkg_name} = %{version} Requires: %{python_pkg_name}-tk = %{version} -%obsolete_python_versioned testsuite %if %{primary_interpreter} Provides: python3-testsuite = %{version} %endif -- 2.51.1 From 6bf0620e58830a009e37da15c7f1970e11659a437b60c62a7fddbe2a247bccd3 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Tue, 27 Jun 2023 13:24:40 +0000 Subject: [PATCH 051/135] Fix changes OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=69 --- python311.changes | 1 - 1 file changed, 1 deletion(-) diff --git a/python311.changes b/python311.changes index d327de7..6f55f78 100644 --- a/python311.changes +++ b/python311.changes @@ -9,7 +9,6 @@ Mon Jun 26 13:02:05 UTC 2023 - Matej Cepl ------------------------------------------------------------------- Sun Apr 30 18:13:16 UTC 2023 - Matej Cepl -- Why in the world we download from HTTP? - Add 103213-fetch-CONFIG_ARGS.patch (gh#python/cpython#103053). - Add skip_if_buildbot-extend.patch to avoid the bug altogether (extending what skip_if_buildbot covers). -- 2.51.1 From b8797f4452aec6c220095fb9480d355b33c89dc406d8ed51b54478413ba1a9c4 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Wed, 28 Jun 2023 19:51:47 +0000 Subject: [PATCH 052/135] - Update to Python 3.11.4: - gh-103142: The version of OpenSSL used in Windows and Mac installers has been upgraded to 1.1.1u to address CVE-2023-2650, CVE-2023-0465, CVE-2023-0466, CVE-2023-0464, as well as CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303 fixed previously in 1.1.1t (gh-101727). - gh-102153: urllib.parse.urlsplit() now strips leading C0 control and space characters following the specification for URLs defined by WHATWG in response to CVE-2023-24329 (bsc#1208471). - gh-99889: Fixed a security in flaw in uu.decode() that could allow for directory traversal based on the input if no out_file was specified. - gh-104049: Do not expose the local on-disk location in directory indexes produced by http.client.SimpleHTTPRequestHandler. - gh-103935: trace.__main__ now uses io.open_code() for files to be executed instead of raw open(). - gh-102953: The extraction methods in tarfile, and shutil.unpack_archive(), have a new filter argument that allows limiting tar features than may be surprising or dangerous, such as creating files outside the destination directory. See Extraction filters for details (fixing CVE-2007-4559, bsc#1203750). - Remove upstreamed patches: - CVE-2007-4559-filter-tarfile_extractall.patch OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=71 --- CVE-2007-4559-filter-tarfile_extractall.patch | 2616 ----------------- Python-3.11.3.tar.xz | 3 - Python-3.11.3.tar.xz.asc | 16 - Python-3.11.4.tar.xz | 3 + Python-3.11.4.tar.xz.asc | 16 + python311.changes | 30 + python311.spec | 6 +- 7 files changed, 50 insertions(+), 2640 deletions(-) delete mode 100644 CVE-2007-4559-filter-tarfile_extractall.patch delete mode 100644 Python-3.11.3.tar.xz delete mode 100644 Python-3.11.3.tar.xz.asc create mode 100644 Python-3.11.4.tar.xz create mode 100644 Python-3.11.4.tar.xz.asc diff --git a/CVE-2007-4559-filter-tarfile_extractall.patch b/CVE-2007-4559-filter-tarfile_extractall.patch deleted file mode 100644 index 4419073..0000000 --- a/CVE-2007-4559-filter-tarfile_extractall.patch +++ /dev/null @@ -1,2616 +0,0 @@ -From b52ad18a766700be14382ba222033b2d75a33521 Mon Sep 17 00:00:00 2001 -From: Petr Viktorin -Date: Mon, 24 Apr 2023 10:58:06 +0200 -Subject: [PATCH 1/5] =?UTF-8?q?gh-102950:=20Implement=20PEP=20706=20?= - =?UTF-8?q?=E2=80=93=20Filter=20for=20tarfile.extractall=20(#102953)?= -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Backport of af530469954e8ad49f1e071ef31c844b9bfda414 ---- - Doc/library/shutil.rst | 25 - Doc/library/tarfile.rst | 458 ++++ - Doc/whatsnew/3.11.rst | 16 - Lib/shutil.py | 17 - Lib/tarfile.py | 351 +++ - Lib/test/test_shutil.py | 40 - Lib/test/test_tarfile.py | 984 +++++++++- - Misc/NEWS.d/next/Library/2023-03-23-15-24-38.gh-issue-102953.YR4KaK.rst | 4 - 8 files changed, 1799 insertions(+), 96 deletions(-) - create mode 100644 Misc/NEWS.d/next/Library/2023-03-23-15-24-38.gh-issue-102953.YR4KaK.rst - ---- a/Doc/library/shutil.rst -+++ b/Doc/library/shutil.rst -@@ -626,7 +626,7 @@ provided. They rely on the :mod:`zipfil - Remove the archive format *name* from the list of supported formats. - - --.. function:: unpack_archive(filename[, extract_dir[, format]]) -+.. function:: unpack_archive(filename[, extract_dir[, format[, filter]]]) - - Unpack an archive. *filename* is the full path of the archive. - -@@ -640,6 +640,15 @@ provided. They rely on the :mod:`zipfil - registered for that extension. In case none is found, - a :exc:`ValueError` is raised. - -+ The keyword-only *filter* argument, which was added in Python 3.11.4, -+ is passed to the underlying unpacking function. -+ For zip files, *filter* is not accepted. -+ For tar files, it is recommended to set it to ``'data'``, -+ unless using features specific to tar and UNIX-like filesystems. -+ (See :ref:`tarfile-extraction-filter` for details.) -+ The ``'data'`` filter will become the default for tar files -+ in Python 3.14. -+ - .. audit-event:: shutil.unpack_archive filename,extract_dir,format shutil.unpack_archive - - .. warning:: -@@ -652,6 +661,9 @@ provided. They rely on the :mod:`zipfil - .. versionchanged:: 3.7 - Accepts a :term:`path-like object` for *filename* and *extract_dir*. - -+ .. versionchanged:: 3.11.4 -+ Added the *filter* argument. -+ - .. function:: register_unpack_format(name, extensions, function[, extra_args[, description]]) - - Registers an unpack format. *name* is the name of the format and -@@ -659,11 +671,14 @@ provided. They rely on the :mod:`zipfil - ``.zip`` for Zip files. - - *function* is the callable that will be used to unpack archives. The -- callable will receive the path of the archive, followed by the directory -- the archive must be extracted to. -+ callable will receive: - -- When provided, *extra_args* is a sequence of ``(name, value)`` tuples that -- will be passed as keywords arguments to the callable. -+ - the path of the archive, as a positional argument; -+ - the directory the archive must be extracted to, as a positional argument; -+ - possibly a *filter* keyword argument, if it was given to -+ :func:`unpack_archive`; -+ - additional keyword arguments, specified by *extra_args* as a sequence -+ of ``(name, value)`` tuples. - - *description* can be provided to describe the format, and will be returned - by the :func:`get_unpack_formats` function. ---- a/Doc/library/tarfile.rst -+++ b/Doc/library/tarfile.rst -@@ -206,6 +206,38 @@ The :mod:`tarfile` module defines the fo - Is raised by :meth:`TarInfo.frombuf` if the buffer it gets is invalid. - - -+.. exception:: FilterError -+ -+ Base class for members :ref:`refused ` by -+ filters. -+ -+ .. attribute:: tarinfo -+ -+ Information about the member that the filter refused to extract, -+ as :ref:`TarInfo `. -+ -+.. exception:: AbsolutePathError -+ -+ Raised to refuse extracting a member with an absolute path. -+ -+.. exception:: OutsideDestinationError -+ -+ Raised to refuse extracting a member outside the destination directory. -+ -+.. exception:: SpecialFileError -+ -+ Raised to refuse extracting a special file (e.g. a device or pipe). -+ -+.. exception:: AbsoluteLinkError -+ -+ Raised to refuse extracting a symbolic link with an absolute path. -+ -+.. exception:: LinkOutsideDestinationError -+ -+ Raised to refuse extracting a symbolic link pointing outside the destination -+ directory. -+ -+ - The following constants are available at the module level: - - .. data:: ENCODING -@@ -316,11 +348,8 @@ be finalized; only the internally used f - *debug* can be set from ``0`` (no debug messages) up to ``3`` (all debug - messages). The messages are written to ``sys.stderr``. - -- If *errorlevel* is ``0``, all errors are ignored when using :meth:`TarFile.extract`. -- Nevertheless, they appear as error messages in the debug output, when debugging -- is enabled. If ``1``, all *fatal* errors are raised as :exc:`OSError` -- exceptions. If ``2``, all *non-fatal* errors are raised as :exc:`TarError` -- exceptions as well. -+ *errorlevel* controls how extraction errors are handled, -+ see :attr:`the corresponding attribute <~TarFile.errorlevel>`. - - The *encoding* and *errors* arguments define the character encoding to be - used for reading or writing the archive and how conversion errors are going -@@ -387,7 +416,7 @@ be finalized; only the internally used f - available. - - --.. method:: TarFile.extractall(path=".", members=None, *, numeric_owner=False) -+.. method:: TarFile.extractall(path=".", members=None, *, numeric_owner=False, filter=None) - - Extract all members from the archive to the current working directory or - directory *path*. If optional *members* is given, it must be a subset of the -@@ -401,6 +430,12 @@ be finalized; only the internally used f - are used to set the owner/group for the extracted files. Otherwise, the named - values from the tarfile are used. - -+ The *filter* argument, which was added in Python 3.11.4, specifies how -+ ``members`` are modified or rejected before extraction. -+ See :ref:`tarfile-extraction-filter` for details. -+ It is recommended to set this explicitly depending on which *tar* features -+ you need to support. -+ - .. warning:: - - Never extract archives from untrusted sources without prior inspection. -@@ -408,14 +443,20 @@ be finalized; only the internally used f - that have absolute filenames starting with ``"/"`` or filenames with two - dots ``".."``. - -+ Set ``filter='data'`` to prevent the most dangerous security issues, -+ and read the :ref:`tarfile-extraction-filter` section for details. -+ - .. versionchanged:: 3.5 - Added the *numeric_owner* parameter. - - .. versionchanged:: 3.6 - The *path* parameter accepts a :term:`path-like object`. - -+ .. versionchanged:: 3.11.4 -+ Added the *filter* parameter. -+ - --.. method:: TarFile.extract(member, path="", set_attrs=True, *, numeric_owner=False) -+.. method:: TarFile.extract(member, path="", set_attrs=True, *, numeric_owner=False, filter=None) - - Extract a member from the archive to the current working directory, using its - full name. Its file information is extracted as accurately as possible. *member* -@@ -423,9 +464,8 @@ be finalized; only the internally used f - directory using *path*. *path* may be a :term:`path-like object`. - File attributes (owner, mtime, mode) are set unless *set_attrs* is false. - -- If *numeric_owner* is :const:`True`, the uid and gid numbers from the tarfile -- are used to set the owner/group for the extracted files. Otherwise, the named -- values from the tarfile are used. -+ The *numeric_owner* and *filter* arguments are the same as -+ for :meth:`extractall`. - - .. note:: - -@@ -436,6 +476,9 @@ be finalized; only the internally used f - - See the warning for :meth:`extractall`. - -+ Set ``filter='data'`` to prevent the most dangerous security issues, -+ and read the :ref:`tarfile-extraction-filter` section for details. -+ - .. versionchanged:: 3.2 - Added the *set_attrs* parameter. - -@@ -445,6 +488,9 @@ be finalized; only the internally used f - .. versionchanged:: 3.6 - The *path* parameter accepts a :term:`path-like object`. - -+ .. versionchanged:: 3.11.4 -+ Added the *filter* parameter. -+ - - .. method:: TarFile.extractfile(member) - -@@ -457,6 +503,57 @@ be finalized; only the internally used f - .. versionchanged:: 3.3 - Return an :class:`io.BufferedReader` object. - -+.. attribute:: TarFile.errorlevel -+ :type: int -+ -+ If *errorlevel* is ``0``, errors are ignored when using :meth:`TarFile.extract` -+ and :meth:`TarFile.extractall`. -+ Nevertheless, they appear as error messages in the debug output when -+ *debug* is greater than 0. -+ If ``1`` (the default), all *fatal* errors are raised as :exc:`OSError` or -+ :exc:`FilterError` exceptions. If ``2``, all *non-fatal* errors are raised -+ as :exc:`TarError` exceptions as well. -+ -+ Some exceptions, e.g. ones caused by wrong argument types or data -+ corruption, are always raised. -+ -+ Custom :ref:`extraction filters ` -+ should raise :exc:`FilterError` for *fatal* errors -+ and :exc:`ExtractError` for *non-fatal* ones. -+ -+ Note that when an exception is raised, the archive may be partially -+ extracted. It is the user’s responsibility to clean up. -+ -+.. attribute:: TarFile.extraction_filter -+ -+ .. versionadded:: 3.11.4 -+ -+ The :ref:`extraction filter ` used -+ as a default for the *filter* argument of :meth:`~TarFile.extract` -+ and :meth:`~TarFile.extractall`. -+ -+ The attribute may be ``None`` or a callable. -+ String names are not allowed for this attribute, unlike the *filter* -+ argument to :meth:`~TarFile.extract`. -+ -+ If ``extraction_filter`` is ``None`` (the default), -+ calling an extraction method without a *filter* argument will -+ use the :func:`fully_trusted ` filter for -+ compatibility with previous Python versions. -+ -+ In Python 3.12+, leaving ``extraction_filter=None`` will emit a -+ ``DeprecationWarning``. -+ -+ In Python 3.14+, leaving ``extraction_filter=None`` will cause -+ extraction methods to use the :func:`data ` filter by default. -+ -+ The attribute may be set on instances or overridden in subclasses. -+ It also is possible to set it on the ``TarFile`` class itself to set a -+ global default, although, since it affects all uses of *tarfile*, -+ it is best practice to only do so in top-level applications or -+ :mod:`site configuration `. -+ To set a global default this way, a filter function needs to be wrapped in -+ :func:`staticmethod()` to prevent injection of a ``self`` argument. - - .. method:: TarFile.add(name, arcname=None, recursive=True, *, filter=None) - -@@ -532,7 +629,27 @@ permissions, owner etc.), it provides so - It does *not* contain the file's data itself. - - :class:`TarInfo` objects are returned by :class:`TarFile`'s methods --:meth:`getmember`, :meth:`getmembers` and :meth:`gettarinfo`. -+:meth:`~TarFile.getmember`, :meth:`~TarFile.getmembers` and -+:meth:`~TarFile.gettarinfo`. -+ -+Modifying the objects returned by :meth:`~!TarFile.getmember` or -+:meth:`~!TarFile.getmembers` will affect all subsequent -+operations on the archive. -+For cases where this is unwanted, you can use :mod:`copy.copy() ` or -+call the :meth:`~TarInfo.replace` method to create a modified copy in one step. -+ -+Several attributes can be set to ``None`` to indicate that a piece of metadata -+is unused or unknown. -+Different :class:`TarInfo` methods handle ``None`` differently: -+ -+- The :meth:`~TarFile.extract` or :meth:`~TarFile.extractall` methods will -+ ignore the corresponding metadata, leaving it set to a default. -+- :meth:`~TarFile.addfile` will fail. -+- :meth:`~TarFile.list` will print a placeholder string. -+ -+ -+.. versionchanged:: 3.11.4 -+ Added :meth:`~TarInfo.replace` and handling of ``None``. - - - .. class:: TarInfo(name="") -@@ -566,24 +683,39 @@ A ``TarInfo`` object has the following p - - - .. attribute:: TarInfo.name -+ :type: str - - Name of the archive member. - - - .. attribute:: TarInfo.size -+ :type: int - - Size in bytes. - - - .. attribute:: TarInfo.mtime -+ :type: int | float - -- Time of last modification. -+ Time of last modification in seconds since the :ref:`epoch `, -+ as in :attr:`os.stat_result.st_mtime`. - -+ .. versionchanged:: 3.11.4 -+ -+ Can be set to ``None`` for :meth:`~TarFile.extract` and -+ :meth:`~TarFile.extractall`, causing extraction to skip applying this -+ attribute. - - .. attribute:: TarInfo.mode -+ :type: int -+ -+ Permission bits, as for :func:`os.chmod`. - -- Permission bits. -+ .. versionchanged:: 3.11.4 - -+ Can be set to ``None`` for :meth:`~TarFile.extract` and -+ :meth:`~TarFile.extractall`, causing extraction to skip applying this -+ attribute. - - .. attribute:: TarInfo.type - -@@ -595,35 +727,76 @@ A ``TarInfo`` object has the following p - - - .. attribute:: TarInfo.linkname -+ :type: str - - Name of the target file name, which is only present in :class:`TarInfo` objects - of type :const:`LNKTYPE` and :const:`SYMTYPE`. - - - .. attribute:: TarInfo.uid -+ :type: int - - User ID of the user who originally stored this member. - -+ .. versionchanged:: 3.11.4 -+ -+ Can be set to ``None`` for :meth:`~TarFile.extract` and -+ :meth:`~TarFile.extractall`, causing extraction to skip applying this -+ attribute. - - .. attribute:: TarInfo.gid -+ :type: int - - Group ID of the user who originally stored this member. - -+ .. versionchanged:: 3.11.4 -+ -+ Can be set to ``None`` for :meth:`~TarFile.extract` and -+ :meth:`~TarFile.extractall`, causing extraction to skip applying this -+ attribute. - - .. attribute:: TarInfo.uname -+ :type: str - - User name. - -+ .. versionchanged:: 3.11.4 -+ -+ Can be set to ``None`` for :meth:`~TarFile.extract` and -+ :meth:`~TarFile.extractall`, causing extraction to skip applying this -+ attribute. - - .. attribute:: TarInfo.gname -+ :type: str - - Group name. - -+ .. versionchanged:: 3.11.4 -+ -+ Can be set to ``None`` for :meth:`~TarFile.extract` and -+ :meth:`~TarFile.extractall`, causing extraction to skip applying this -+ attribute. - - .. attribute:: TarInfo.pax_headers -+ :type: dict - - A dictionary containing key-value pairs of an associated pax extended header. - -+.. method:: TarInfo.replace(name=..., mtime=..., mode=..., linkname=..., -+ uid=..., gid=..., uname=..., gname=..., -+ deep=True) -+ -+ .. versionadded:: 3.11.4 -+ -+ Return a *new* copy of the :class:`!TarInfo` object with the given attributes -+ changed. For example, to return a ``TarInfo`` with the group name set to -+ ``'staff'``, use:: -+ -+ new_tarinfo = old_tarinfo.replace(gname='staff') -+ -+ By default, a deep copy is made. -+ If *deep* is false, the copy is shallow, i.e. ``pax_headers`` -+ and any custom attributes are shared with the original ``TarInfo`` object. - - A :class:`TarInfo` object also provides some convenient query methods: - -@@ -673,9 +846,259 @@ A :class:`TarInfo` object also provides - Return :const:`True` if it is one of character device, block device or FIFO. - - -+.. _tarfile-extraction-filter: -+ -+Extraction filters -+------------------ -+ -+.. versionadded:: 3.11.4 -+ -+The *tar* format is designed to capture all details of a UNIX-like filesystem, -+which makes it very powerful. -+Unfortunately, the features make it easy to create tar files that have -+unintended -- and possibly malicious -- effects when extracted. -+For example, extracting a tar file can overwrite arbitrary files in various -+ways (e.g. by using absolute paths, ``..`` path components, or symlinks that -+affect later members). -+ -+In most cases, the full functionality is not needed. -+Therefore, *tarfile* supports extraction filters: a mechanism to limit -+functionality, and thus mitigate some of the security issues. -+ -+.. seealso:: -+ -+ :pep:`706` -+ Contains further motivation and rationale behind the design. -+ -+The *filter* argument to :meth:`TarFile.extract` or :meth:`~TarFile.extractall` -+can be: -+ -+* the string ``'fully_trusted'``: Honor all metadata as specified in the -+ archive. -+ Should be used if the user trusts the archive completely, or implements -+ their own complex verification. -+ -+* the string ``'tar'``: Honor most *tar*-specific features (i.e. features of -+ UNIX-like filesystems), but block features that are very likely to be -+ surprising or malicious. See :func:`tar_filter` for details. -+ -+* the string ``'data'``: Ignore or block most features specific to UNIX-like -+ filesystems. Intended for extracting cross-platform data archives. -+ See :func:`data_filter` for details. -+ -+* ``None`` (default): Use :attr:`TarFile.extraction_filter`. -+ -+ If that is also ``None`` (the default), the ``'fully_trusted'`` -+ filter will be used (for compatibility with earlier versions of Python). -+ -+ In Python 3.12, the default will emit a ``DeprecationWarning``. -+ -+ In Python 3.14, the ``'data'`` filter will become the default instead. -+ It's possible to switch earlier; see :attr:`TarFile.extraction_filter`. -+ -+* A callable which will be called for each extracted member with a -+ :ref:`TarInfo ` describing the member and the destination -+ path to where the archive is extracted (i.e. the same path is used for all -+ members):: -+ -+ filter(/, member: TarInfo, path: str) -> TarInfo | None -+ -+ The callable is called just before each member is extracted, so it can -+ take the current state of the disk into account. -+ It can: -+ -+ - return a :class:`TarInfo` object which will be used instead of the metadata -+ in the archive, or -+ - return ``None``, in which case the member will be skipped, or -+ - raise an exception to abort the operation or skip the member, -+ depending on :attr:`~TarFile.errorlevel`. -+ Note that when extraction is aborted, :meth:`~TarFile.extractall` may leave -+ the archive partially extracted. It does not attempt to clean up. -+ -+Default named filters -+~~~~~~~~~~~~~~~~~~~~~ -+ -+The pre-defined, named filters are available as functions, so they can be -+reused in custom filters: -+ -+.. function:: fully_trusted_filter(/, member, path) -+ -+ Return *member* unchanged. -+ -+ This implements the ``'fully_trusted'`` filter. -+ -+.. function:: tar_filter(/, member, path) -+ -+ Implements the ``'tar'`` filter. -+ -+ - Strip leading slashes (``/`` and :attr:`os.sep`) from filenames. -+ - :ref:`Refuse ` to extract files with absolute -+ paths (in case the name is absolute -+ even after stripping slashes, e.g. ``C:/foo`` on Windows). -+ This raises :class:`~tarfile.AbsolutePathError`. -+ - :ref:`Refuse ` to extract files whose absolute -+ path (after following symlinks) would end up outside the destination. -+ This raises :class:`~tarfile.OutsideDestinationError`. -+ - Clear high mode bits (setuid, setgid, sticky) and group/other write bits -+ (:attr:`~stat.S_IWGRP`|:attr:`~stat.S_IWOTH`). -+ -+ Return the modified ``TarInfo`` member. -+ -+.. function:: data_filter(/, member, path) -+ -+ Implements the ``'data'`` filter. -+ In addition to what ``tar_filter`` does: -+ -+ - :ref:`Refuse ` to extract links (hard or soft) -+ that link to absolute paths, or ones that link outside the destination. -+ -+ This raises :class:`~tarfile.AbsoluteLinkError` or -+ :class:`~tarfile.LinkOutsideDestinationError`. -+ -+ Note that such files are refused even on platforms that do not support -+ symbolic links. -+ -+ - :ref:`Refuse ` to extract device files -+ (including pipes). -+ This raises :class:`~tarfile.SpecialFileError`. -+ -+ - For regular files, including hard links: -+ -+ - Set the owner read and write permissions -+ (:attr:`~stat.S_IRUSR`|:attr:`~stat.S_IWUSR`). -+ - Remove the group & other executable permission -+ (:attr:`~stat.S_IXGRP`|:attr:`~stat.S_IXOTH`) -+ if the owner doesn’t have it (:attr:`~stat.S_IXUSR`). -+ -+ - For other files (directories), set ``mode`` to ``None``, so -+ that extraction methods skip applying permission bits. -+ - Set user and group info (``uid``, ``gid``, ``uname``, ``gname``) -+ to ``None``, so that extraction methods skip setting it. -+ -+ Return the modified ``TarInfo`` member. -+ -+ -+.. _tarfile-extraction-refuse: -+ -+Filter errors -+~~~~~~~~~~~~~ -+ -+When a filter refuses to extract a file, it will raise an appropriate exception, -+a subclass of :class:`~tarfile.FilterError`. -+This will abort the extraction if :attr:`TarFile.errorlevel` is 1 or more. -+With ``errorlevel=0`` the error will be logged and the member will be skipped, -+but extraction will continue. -+ -+ -+Hints for further verification -+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+ -+Even with ``filter='data'``, *tarfile* is not suited for extracting untrusted -+files without prior inspection. -+Among other issues, the pre-defined filters do not prevent denial-of-service -+attacks. Users should do additional checks. -+ -+Here is an incomplete list of things to consider: -+ -+* Extract to a :func:`new temporary directory ` -+ to prevent e.g. exploiting pre-existing links, and to make it easier to -+ clean up after a failed extraction. -+* When working with untrusted data, use external (e.g. OS-level) limits on -+ disk, memory and CPU usage. -+* Check filenames against an allow-list of characters -+ (to filter out control characters, confusables, foreign path separators, -+ etc.). -+* Check that filenames have expected extensions (discouraging files that -+ execute when you “click on them”, or extension-less files like Windows special device names). -+* Limit the number of extracted files, total size of extracted data, -+ filename length (including symlink length), and size of individual files. -+* Check for files that would be shadowed on case-insensitive filesystems. -+ -+Also note that: -+ -+* Tar files may contain multiple versions of the same file. -+ Later ones are expected to overwrite any earlier ones. -+ This feature is crucial to allow updating tape archives, but can be abused -+ maliciously. -+* *tarfile* does not protect against issues with “live” data, -+ e.g. an attacker tinkering with the destination (or source) directory while -+ extraction (or archiving) is in progress. -+ -+ -+Supporting older Python versions -+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+ -+Extraction filters were added to Python 3.12, and are backported to older -+versions as security updates. -+To check whether the feature is available, use e.g. -+``hasattr(tarfile, 'data_filter')`` rather than checking the Python version. -+ -+The following examples show how to support Python versions with and without -+the feature. -+Note that setting ``extraction_filter`` will affect any subsequent operations. -+ -+* Fully trusted archive:: -+ -+ my_tarfile.extraction_filter = (lambda member, path: member) -+ my_tarfile.extractall() -+ -+* Use the ``'data'`` filter if available, but revert to Python 3.11 behavior -+ (``'fully_trusted'``) if this feature is not available:: -+ -+ my_tarfile.extraction_filter = getattr(tarfile, 'data_filter', -+ (lambda member, path: member)) -+ my_tarfile.extractall() -+ -+* Use the ``'data'`` filter; *fail* if it is not available:: -+ -+ my_tarfile.extractall(filter=tarfile.data_filter) -+ -+ or:: -+ -+ my_tarfile.extraction_filter = tarfile.data_filter -+ my_tarfile.extractall() -+ -+* Use the ``'data'`` filter; *warn* if it is not available:: -+ -+ if hasattr(tarfile, 'data_filter'): -+ my_tarfile.extractall(filter='data') -+ else: -+ # remove this when no longer needed -+ warn_the_user('Extracting may be unsafe; consider updating Python') -+ my_tarfile.extractall() -+ -+ -+Stateful extraction filter example -+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+ -+While *tarfile*'s extraction methods take a simple *filter* callable, -+custom filters may be more complex objects with an internal state. -+It may be useful to write these as context managers, to be used like this:: -+ -+ with StatefulFilter() as filter_func: -+ tar.extractall(path, filter=filter_func) -+ -+Such a filter can be written as, for example:: -+ -+ class StatefulFilter: -+ def __init__(self): -+ self.file_count = 0 -+ -+ def __enter__(self): -+ return self -+ -+ def __call__(self, member, path): -+ self.file_count += 1 -+ return member -+ -+ def __exit__(self, *exc_info): -+ print(f'{self.file_count} files extracted') -+ -+ - .. _tarfile-commandline: - .. program:: tarfile - -+ - Command-Line Interface - ---------------------- - -@@ -745,6 +1168,15 @@ Command-line options - - Verbose output. - -+.. cmdoption:: --filter -+ -+ Specifies the *filter* for ``--extract``. -+ See :ref:`tarfile-extraction-filter` for details. -+ Only string names are accepted (that is, ``fully_trusted``, ``tar``, -+ and ``data``). -+ -+ .. versionadded:: 3.11.4 -+ - .. _tar-examples: - - Examples ---- a/Doc/whatsnew/3.11.rst -+++ b/Doc/whatsnew/3.11.rst -@@ -2702,4 +2702,20 @@ Removed - (Contributed by Inada Naoki in :issue:`44029`.) - - -+Notable Changes in 3.11.4 -+========================= -+ -+tarfile -+------- -+ -+* The extraction methods in :mod:`tarfile`, and :func:`shutil.unpack_archive`, -+ have a new a *filter* argument that allows limiting tar features than may be -+ surprising or dangerous, such as creating files outside the destination -+ directory. -+ See :ref:`tarfile-extraction-filter` for details. -+ In Python 3.12, use without the *filter* argument will show a -+ :exc:`DeprecationWarning`. -+ In Python 3.14, the default will switch to ``'data'``. -+ (Contributed by Petr Viktorin in :pep:`706`.) -+ - .. _libb2: https://www.blake2.net/ ---- a/Lib/shutil.py -+++ b/Lib/shutil.py -@@ -1231,7 +1231,7 @@ def _unpack_zipfile(filename, extract_di - finally: - zip.close() - --def _unpack_tarfile(filename, extract_dir): -+def _unpack_tarfile(filename, extract_dir, *, filter=None): - """Unpack tar/tar.gz/tar.bz2/tar.xz `filename` to `extract_dir` - """ - import tarfile # late import for breaking circular dependency -@@ -1241,7 +1241,7 @@ def _unpack_tarfile(filename, extract_di - raise ReadError( - "%s is not a compressed or uncompressed tar file" % filename) - try: -- tarobj.extractall(extract_dir) -+ tarobj.extractall(extract_dir, filter=filter) - finally: - tarobj.close() - -@@ -1274,7 +1274,7 @@ def _find_unpack_format(filename): - return name - return None - --def unpack_archive(filename, extract_dir=None, format=None): -+def unpack_archive(filename, extract_dir=None, format=None, *, filter=None): - """Unpack an archive. - - `filename` is the name of the archive. -@@ -1288,6 +1288,9 @@ def unpack_archive(filename, extract_dir - was registered for that extension. - - In case none is found, a ValueError is raised. -+ -+ If `filter` is given, it is passed to the underlying -+ extraction function. - """ - sys.audit("shutil.unpack_archive", filename, extract_dir, format) - -@@ -1297,6 +1300,10 @@ def unpack_archive(filename, extract_dir - extract_dir = os.fspath(extract_dir) - filename = os.fspath(filename) - -+ if filter is None: -+ filter_kwargs = {} -+ else: -+ filter_kwargs = {'filter': filter} - if format is not None: - try: - format_info = _UNPACK_FORMATS[format] -@@ -1304,7 +1311,7 @@ def unpack_archive(filename, extract_dir - raise ValueError("Unknown unpack format '{0}'".format(format)) from None - - func = format_info[1] -- func(filename, extract_dir, **dict(format_info[2])) -+ func(filename, extract_dir, **dict(format_info[2]), **filter_kwargs) - else: - # we need to look at the registered unpackers supported extensions - format = _find_unpack_format(filename) -@@ -1312,7 +1319,7 @@ def unpack_archive(filename, extract_dir - raise ReadError("Unknown archive format '{0}'".format(filename)) - - func = _UNPACK_FORMATS[format][1] -- kwargs = dict(_UNPACK_FORMATS[format][2]) -+ kwargs = dict(_UNPACK_FORMATS[format][2]) | filter_kwargs - func(filename, extract_dir, **kwargs) - - ---- a/Lib/tarfile.py -+++ b/Lib/tarfile.py -@@ -45,6 +45,7 @@ import time - import struct - import copy - import re -+import warnings - - try: - import pwd -@@ -70,6 +71,7 @@ __all__ = ["TarFile", "TarInfo", "is_tar - "ENCODING", "USTAR_FORMAT", "GNU_FORMAT", "PAX_FORMAT", - "DEFAULT_FORMAT", "open"] - -+ - #--------------------------------------------------------- - # tar constants - #--------------------------------------------------------- -@@ -157,6 +159,8 @@ else: - def stn(s, length, encoding, errors): - """Convert a string to a null-terminated bytes object. - """ -+ if s is None: -+ raise ValueError("metadata cannot contain None") - s = s.encode(encoding, errors) - return s[:length] + (length - len(s)) * NUL - -@@ -708,9 +712,127 @@ class ExFileObject(io.BufferedReader): - super().__init__(fileobj) - #class ExFileObject - -+ -+#----------------------------- -+# extraction filters (PEP 706) -+#----------------------------- -+ -+class FilterError(TarError): -+ pass -+ -+class AbsolutePathError(FilterError): -+ def __init__(self, tarinfo): -+ self.tarinfo = tarinfo -+ super().__init__(f'member {tarinfo.name!r} has an absolute path') -+ -+class OutsideDestinationError(FilterError): -+ def __init__(self, tarinfo, path): -+ self.tarinfo = tarinfo -+ self._path = path -+ super().__init__(f'{tarinfo.name!r} would be extracted to {path!r}, ' -+ + 'which is outside the destination') -+ -+class SpecialFileError(FilterError): -+ def __init__(self, tarinfo): -+ self.tarinfo = tarinfo -+ super().__init__(f'{tarinfo.name!r} is a special file') -+ -+class AbsoluteLinkError(FilterError): -+ def __init__(self, tarinfo): -+ self.tarinfo = tarinfo -+ super().__init__(f'{tarinfo.name!r} is a symlink to an absolute path') -+ -+class LinkOutsideDestinationError(FilterError): -+ def __init__(self, tarinfo, path): -+ self.tarinfo = tarinfo -+ self._path = path -+ super().__init__(f'{tarinfo.name!r} would link to {path!r}, ' -+ + 'which is outside the destination') -+ -+def _get_filtered_attrs(member, dest_path, for_data=True): -+ new_attrs = {} -+ name = member.name -+ dest_path = os.path.realpath(dest_path) -+ # Strip leading / (tar's directory separator) from filenames. -+ # Include os.sep (target OS directory separator) as well. -+ if name.startswith(('/', os.sep)): -+ name = new_attrs['name'] = member.path.lstrip('/' + os.sep) -+ if os.path.isabs(name): -+ # Path is absolute even after stripping. -+ # For example, 'C:/foo' on Windows. -+ raise AbsolutePathError(member) -+ # Ensure we stay in the destination -+ target_path = os.path.realpath(os.path.join(dest_path, name)) -+ if os.path.commonpath([target_path, dest_path]) != dest_path: -+ raise OutsideDestinationError(member, target_path) -+ # Limit permissions (no high bits, and go-w) -+ mode = member.mode -+ if mode is not None: -+ # Strip high bits & group/other write bits -+ mode = mode & 0o755 -+ if for_data: -+ # For data, handle permissions & file types -+ if member.isreg() or member.islnk(): -+ if not mode & 0o100: -+ # Clear executable bits if not executable by user -+ mode &= ~0o111 -+ # Ensure owner can read & write -+ mode |= 0o600 -+ elif member.isdir() or member.issym(): -+ # Ignore mode for directories & symlinks -+ mode = None -+ else: -+ # Reject special files -+ raise SpecialFileError(member) -+ if mode != member.mode: -+ new_attrs['mode'] = mode -+ if for_data: -+ # Ignore ownership for 'data' -+ if member.uid is not None: -+ new_attrs['uid'] = None -+ if member.gid is not None: -+ new_attrs['gid'] = None -+ if member.uname is not None: -+ new_attrs['uname'] = None -+ if member.gname is not None: -+ new_attrs['gname'] = None -+ # Check link destination for 'data' -+ if member.islnk() or member.issym(): -+ if os.path.isabs(member.linkname): -+ raise AbsoluteLinkError(member) -+ target_path = os.path.realpath(os.path.join(dest_path, member.linkname)) -+ if os.path.commonpath([target_path, dest_path]) != dest_path: -+ raise LinkOutsideDestinationError(member, target_path) -+ return new_attrs -+ -+def fully_trusted_filter(member, dest_path): -+ return member -+ -+def tar_filter(member, dest_path): -+ new_attrs = _get_filtered_attrs(member, dest_path, False) -+ if new_attrs: -+ return member.replace(**new_attrs, deep=False) -+ return member -+ -+def data_filter(member, dest_path): -+ new_attrs = _get_filtered_attrs(member, dest_path, True) -+ if new_attrs: -+ return member.replace(**new_attrs, deep=False) -+ return member -+ -+_NAMED_FILTERS = { -+ "fully_trusted": fully_trusted_filter, -+ "tar": tar_filter, -+ "data": data_filter, -+} -+ - #------------------ - # Exported Classes - #------------------ -+ -+# Sentinel for replace() defaults, meaning "don't change the attribute" -+_KEEP = object() -+ - class TarInfo(object): - """Informational class which holds the details about an - archive member given by a tar header block. -@@ -791,12 +913,44 @@ class TarInfo(object): - def __repr__(self): - return "<%s %r at %#x>" % (self.__class__.__name__,self.name,id(self)) - -+ def replace(self, *, -+ name=_KEEP, mtime=_KEEP, mode=_KEEP, linkname=_KEEP, -+ uid=_KEEP, gid=_KEEP, uname=_KEEP, gname=_KEEP, -+ deep=True, _KEEP=_KEEP): -+ """Return a deep copy of self with the given attributes replaced. -+ """ -+ if deep: -+ result = copy.deepcopy(self) -+ else: -+ result = copy.copy(self) -+ if name is not _KEEP: -+ result.name = name -+ if mtime is not _KEEP: -+ result.mtime = mtime -+ if mode is not _KEEP: -+ result.mode = mode -+ if linkname is not _KEEP: -+ result.linkname = linkname -+ if uid is not _KEEP: -+ result.uid = uid -+ if gid is not _KEEP: -+ result.gid = gid -+ if uname is not _KEEP: -+ result.uname = uname -+ if gname is not _KEEP: -+ result.gname = gname -+ return result -+ - def get_info(self): - """Return the TarInfo's attributes as a dictionary. - """ -+ if self.mode is None: -+ mode = None -+ else: -+ mode = self.mode & 0o7777 - info = { - "name": self.name, -- "mode": self.mode & 0o7777, -+ "mode": mode, - "uid": self.uid, - "gid": self.gid, - "size": self.size, -@@ -819,6 +973,9 @@ class TarInfo(object): - """Return a tar header as a string of 512 byte blocks. - """ - info = self.get_info() -+ for name, value in info.items(): -+ if value is None: -+ raise ValueError("%s may not be None" % name) - - if format == USTAR_FORMAT: - return self.create_ustar_header(info, encoding, errors) -@@ -949,6 +1106,12 @@ class TarInfo(object): - devmajor = stn("", 8, encoding, errors) - devminor = stn("", 8, encoding, errors) - -+ # None values in metadata should cause ValueError. -+ # itn()/stn() do this for all fields except type. -+ filetype = info.get("type", REGTYPE) -+ if filetype is None: -+ raise ValueError("TarInfo.type must not be None") -+ - parts = [ - stn(info.get("name", ""), 100, encoding, errors), - itn(info.get("mode", 0) & 0o7777, 8, format), -@@ -957,7 +1120,7 @@ class TarInfo(object): - itn(info.get("size", 0), 12, format), - itn(info.get("mtime", 0), 12, format), - b" ", # checksum field -- info.get("type", REGTYPE), -+ filetype, - stn(info.get("linkname", ""), 100, encoding, errors), - info.get("magic", POSIX_MAGIC), - stn(info.get("uname", ""), 32, encoding, errors), -@@ -1467,6 +1630,8 @@ class TarFile(object): - - fileobject = ExFileObject # The file-object for extractfile(). - -+ extraction_filter = None # The default filter for extraction. -+ - def __init__(self, name=None, mode="r", fileobj=None, format=None, - tarinfo=None, dereference=None, ignore_zeros=None, encoding=None, - errors="surrogateescape", pax_headers=None, debug=None, -@@ -1939,7 +2104,10 @@ class TarFile(object): - members = self - for tarinfo in members: - if verbose: -- _safe_print(stat.filemode(tarinfo.mode)) -+ if tarinfo.mode is None: -+ _safe_print("??????????") -+ else: -+ _safe_print(stat.filemode(tarinfo.mode)) - _safe_print("%s/%s" % (tarinfo.uname or tarinfo.uid, - tarinfo.gname or tarinfo.gid)) - if tarinfo.ischr() or tarinfo.isblk(): -@@ -1947,8 +2115,11 @@ class TarFile(object): - ("%d,%d" % (tarinfo.devmajor, tarinfo.devminor))) - else: - _safe_print("%10d" % tarinfo.size) -- _safe_print("%d-%02d-%02d %02d:%02d:%02d" \ -- % time.localtime(tarinfo.mtime)[:6]) -+ if tarinfo.mtime is None: -+ _safe_print("????-??-?? ??:??:??") -+ else: -+ _safe_print("%d-%02d-%02d %02d:%02d:%02d" \ -+ % time.localtime(tarinfo.mtime)[:6]) - - _safe_print(tarinfo.name + ("/" if tarinfo.isdir() else "")) - -@@ -2035,32 +2206,58 @@ class TarFile(object): - - self.members.append(tarinfo) - -- def extractall(self, path=".", members=None, *, numeric_owner=False): -+ def _get_filter_function(self, filter): -+ if filter is None: -+ filter = self.extraction_filter -+ if filter is None: -+ return fully_trusted_filter -+ if isinstance(filter, str): -+ raise TypeError( -+ 'String names are not supported for ' -+ + 'TarFile.extraction_filter. Use a function such as ' -+ + 'tarfile.data_filter directly.') -+ return filter -+ if callable(filter): -+ return filter -+ try: -+ return _NAMED_FILTERS[filter] -+ except KeyError: -+ raise ValueError(f"filter {filter!r} not found") from None -+ -+ def extractall(self, path=".", members=None, *, numeric_owner=False, -+ filter=None): - """Extract all members from the archive to the current working - directory and set owner, modification time and permissions on - directories afterwards. `path' specifies a different directory - to extract to. `members' is optional and must be a subset of the - list returned by getmembers(). If `numeric_owner` is True, only - the numbers for user/group names are used and not the names. -+ -+ The `filter` function will be called on each member just -+ before extraction. -+ It can return a changed TarInfo or None to skip the member. -+ String names of common filters are accepted. - """ - directories = [] - -+ filter_function = self._get_filter_function(filter) - if members is None: - members = self - -- for tarinfo in members: -+ for member in members: -+ tarinfo = self._get_extract_tarinfo(member, filter_function, path) -+ if tarinfo is None: -+ continue - if tarinfo.isdir(): -- # Extract directories with a safe mode. -+ # For directories, delay setting attributes until later, -+ # since permissions can interfere with extraction and -+ # extracting contents can reset mtime. - directories.append(tarinfo) -- tarinfo = copy.copy(tarinfo) -- tarinfo.mode = 0o700 -- # Do not set_attrs directories, as we will do that further down -- self.extract(tarinfo, path, set_attrs=not tarinfo.isdir(), -- numeric_owner=numeric_owner) -+ self._extract_one(tarinfo, path, set_attrs=not tarinfo.isdir(), -+ numeric_owner=numeric_owner) - - # Reverse sort directories. -- directories.sort(key=lambda a: a.name) -- directories.reverse() -+ directories.sort(key=lambda a: a.name, reverse=True) - - # Set correct owner, mtime and filemode on directories. - for tarinfo in directories: -@@ -2070,12 +2267,10 @@ class TarFile(object): - self.utime(tarinfo, dirpath) - self.chmod(tarinfo, dirpath) - except ExtractError as e: -- if self.errorlevel > 1: -- raise -- else: -- self._dbg(1, "tarfile: %s" % e) -+ self._handle_nonfatal_error(e) - -- def extract(self, member, path="", set_attrs=True, *, numeric_owner=False): -+ def extract(self, member, path="", set_attrs=True, *, numeric_owner=False, -+ filter=None): - """Extract a member from the archive to the current working directory, - using its full name. Its file information is extracted as accurately - as possible. `member' may be a filename or a TarInfo object. You can -@@ -2083,35 +2278,70 @@ class TarFile(object): - mtime, mode) are set unless `set_attrs' is False. If `numeric_owner` - is True, only the numbers for user/group names are used and not - the names. -+ -+ The `filter` function will be called before extraction. -+ It can return a changed TarInfo or None to skip the member. -+ String names of common filters are accepted. - """ -- self._check("r") -+ filter_function = self._get_filter_function(filter) -+ tarinfo = self._get_extract_tarinfo(member, filter_function, path) -+ if tarinfo is not None: -+ self._extract_one(tarinfo, path, set_attrs, numeric_owner) - -+ def _get_extract_tarinfo(self, member, filter_function, path): -+ """Get filtered TarInfo (or None) from member, which might be a str""" - if isinstance(member, str): - tarinfo = self.getmember(member) - else: - tarinfo = member - -+ unfiltered = tarinfo -+ try: -+ tarinfo = filter_function(tarinfo, path) -+ except (OSError, FilterError) as e: -+ self._handle_fatal_error(e) -+ except ExtractError as e: -+ self._handle_nonfatal_error(e) -+ if tarinfo is None: -+ self._dbg(2, "tarfile: Excluded %r" % unfiltered.name) -+ return None - # Prepare the link target for makelink(). - if tarinfo.islnk(): -+ tarinfo = copy.copy(tarinfo) - tarinfo._link_target = os.path.join(path, tarinfo.linkname) -+ return tarinfo -+ -+ def _extract_one(self, tarinfo, path, set_attrs, numeric_owner): -+ """Extract from filtered tarinfo to disk""" -+ self._check("r") - - try: - self._extract_member(tarinfo, os.path.join(path, tarinfo.name), - set_attrs=set_attrs, - numeric_owner=numeric_owner) - except OSError as e: -- if self.errorlevel > 0: -- raise -- else: -- if e.filename is None: -- self._dbg(1, "tarfile: %s" % e.strerror) -- else: -- self._dbg(1, "tarfile: %s %r" % (e.strerror, e.filename)) -+ self._handle_fatal_error(e) - except ExtractError as e: -- if self.errorlevel > 1: -- raise -+ self._handle_nonfatal_error(e) -+ -+ def _handle_nonfatal_error(self, e): -+ """Handle non-fatal error (ExtractError) according to errorlevel""" -+ if self.errorlevel > 1: -+ raise -+ else: -+ self._dbg(1, "tarfile: %s" % e) -+ -+ def _handle_fatal_error(self, e): -+ """Handle "fatal" error according to self.errorlevel""" -+ if self.errorlevel > 0: -+ raise -+ elif isinstance(e, OSError): -+ if e.filename is None: -+ self._dbg(1, "tarfile: %s" % e.strerror) - else: -- self._dbg(1, "tarfile: %s" % e) -+ self._dbg(1, "tarfile: %s %r" % (e.strerror, e.filename)) -+ else: -+ self._dbg(1, "tarfile: %s %s" % (type(e).__name__, e)) - - def extractfile(self, member): - """Extract a member from the archive as a file object. `member' may be -@@ -2198,9 +2428,13 @@ class TarFile(object): - """Make a directory called targetpath. - """ - try: -- # Use a safe mode for the directory, the real mode is set -- # later in _extract_member(). -- os.mkdir(targetpath, 0o700) -+ if tarinfo.mode is None: -+ # Use the system's default mode -+ os.mkdir(targetpath) -+ else: -+ # Use a safe mode for the directory, the real mode is set -+ # later in _extract_member(). -+ os.mkdir(targetpath, 0o700) - except FileExistsError: - pass - -@@ -2243,6 +2477,9 @@ class TarFile(object): - raise ExtractError("special devices not supported by system") - - mode = tarinfo.mode -+ if mode is None: -+ # Use mknod's default -+ mode = 0o600 - if tarinfo.isblk(): - mode |= stat.S_IFBLK - else: -@@ -2264,7 +2501,6 @@ class TarFile(object): - os.unlink(targetpath) - os.symlink(tarinfo.linkname, targetpath) - else: -- # See extract(). - if os.path.exists(tarinfo._link_target): - os.link(tarinfo._link_target, targetpath) - else: -@@ -2289,15 +2525,19 @@ class TarFile(object): - u = tarinfo.uid - if not numeric_owner: - try: -- if grp: -+ if grp and tarinfo.gname: - g = grp.getgrnam(tarinfo.gname)[2] - except KeyError: - pass - try: -- if pwd: -+ if pwd and tarinfo.uname: - u = pwd.getpwnam(tarinfo.uname)[2] - except KeyError: - pass -+ if g is None: -+ g = -1 -+ if u is None: -+ u = -1 - try: - if tarinfo.issym() and hasattr(os, "lchown"): - os.lchown(targetpath, u, g) -@@ -2309,6 +2549,8 @@ class TarFile(object): - def chmod(self, tarinfo, targetpath): - """Set file permissions of targetpath according to tarinfo. - """ -+ if tarinfo.mode is None: -+ return - try: - os.chmod(targetpath, tarinfo.mode) - except OSError as e: -@@ -2317,10 +2559,13 @@ class TarFile(object): - def utime(self, tarinfo, targetpath): - """Set modification time of targetpath according to tarinfo. - """ -+ mtime = tarinfo.mtime -+ if mtime is None: -+ return - if not hasattr(os, 'utime'): - return - try: -- os.utime(targetpath, (tarinfo.mtime, tarinfo.mtime)) -+ os.utime(targetpath, (mtime, mtime)) - except OSError as e: - raise ExtractError("could not change modification time") from e - -@@ -2398,13 +2643,26 @@ class TarFile(object): - members = self.getmembers() - - # Limit the member search list up to tarinfo. -+ skipping = False - if tarinfo is not None: -- members = members[:members.index(tarinfo)] -+ try: -+ index = members.index(tarinfo) -+ except ValueError: -+ # The given starting point might be a (modified) copy. -+ # We'll later skip members until we find an equivalent. -+ skipping = True -+ else: -+ # Happy fast path -+ members = members[:index] - - if normalize: - name = os.path.normpath(name) - - for member in reversed(members): -+ if skipping: -+ if tarinfo.offset == member.offset: -+ skipping = False -+ continue - if normalize: - member_name = os.path.normpath(member.name) - else: -@@ -2413,6 +2671,10 @@ class TarFile(object): - if name == member_name: - return member - -+ if skipping: -+ # Starting point was not found -+ raise ValueError(tarinfo) -+ - def _load(self): - """Read through the entire archive file and look for readable - members. -@@ -2505,6 +2767,7 @@ class TarFile(object): - #-------------------- - # exported functions - #-------------------- -+ - def is_tarfile(name): - """Return True if name points to a tar archive that we - are able to handle, else return False. -@@ -2533,6 +2796,10 @@ def main(): - parser = argparse.ArgumentParser(description=description) - parser.add_argument('-v', '--verbose', action='store_true', default=False, - help='Verbose output') -+ parser.add_argument('--filter', metavar='', -+ choices=_NAMED_FILTERS, -+ help='Filter for extraction') -+ - group = parser.add_mutually_exclusive_group(required=True) - group.add_argument('-l', '--list', metavar='', - help='Show listing of a tarfile') -@@ -2544,8 +2811,12 @@ def main(): - help='Create tarfile from sources') - group.add_argument('-t', '--test', metavar='', - help='Test if a tarfile is valid') -+ - args = parser.parse_args() - -+ if args.filter and args.extract is None: -+ parser.exit(1, '--filter is only valid for extraction\n') -+ - if args.test is not None: - src = args.test - if is_tarfile(src): -@@ -2576,7 +2847,7 @@ def main(): - - if is_tarfile(src): - with TarFile.open(src, 'r:*') as tf: -- tf.extractall(path=curdir) -+ tf.extractall(path=curdir, filter=args.filter) - if args.verbose: - if curdir == '.': - msg = '{!r} file is extracted.'.format(src) ---- a/Lib/test/test_shutil.py -+++ b/Lib/test/test_shutil.py -@@ -32,6 +32,7 @@ except ImportError: - from test import support - from test.support import os_helper - from test.support.os_helper import TESTFN, FakePath -+from test.support import warnings_helper - - TESTFN2 = TESTFN + "2" - TESTFN_SRC = TESTFN + "_SRC" -@@ -1630,12 +1631,14 @@ class TestArchives(BaseTest, unittest.Te - - ### shutil.unpack_archive - -- def check_unpack_archive(self, format): -- self.check_unpack_archive_with_converter(format, lambda path: path) -- self.check_unpack_archive_with_converter(format, pathlib.Path) -- self.check_unpack_archive_with_converter(format, FakePath) -+ def check_unpack_archive(self, format, **kwargs): -+ self.check_unpack_archive_with_converter( -+ format, lambda path: path, **kwargs) -+ self.check_unpack_archive_with_converter( -+ format, pathlib.Path, **kwargs) -+ self.check_unpack_archive_with_converter(format, FakePath, **kwargs) - -- def check_unpack_archive_with_converter(self, format, converter): -+ def check_unpack_archive_with_converter(self, format, converter, **kwargs): - root_dir, base_dir = self._create_files() - expected = rlistdir(root_dir) - expected.remove('outer') -@@ -1645,36 +1648,47 @@ class TestArchives(BaseTest, unittest.Te - - # let's try to unpack it now - tmpdir2 = self.mkdtemp() -- unpack_archive(converter(filename), converter(tmpdir2)) -+ unpack_archive(converter(filename), converter(tmpdir2), **kwargs) - self.assertEqual(rlistdir(tmpdir2), expected) - - # and again, this time with the format specified - tmpdir3 = self.mkdtemp() -- unpack_archive(converter(filename), converter(tmpdir3), format=format) -+ unpack_archive(converter(filename), converter(tmpdir3), format=format, -+ **kwargs) - self.assertEqual(rlistdir(tmpdir3), expected) - -- self.assertRaises(shutil.ReadError, unpack_archive, converter(TESTFN)) -- self.assertRaises(ValueError, unpack_archive, converter(TESTFN), format='xxx') -+ with self.assertRaises(shutil.ReadError): -+ unpack_archive(converter(TESTFN), **kwargs) -+ with self.assertRaises(ValueError): -+ unpack_archive(converter(TESTFN), format='xxx', **kwargs) -+ -+ def check_unpack_tarball(self, format): -+ self.check_unpack_archive(format, filter='fully_trusted') -+ self.check_unpack_archive(format, filter='data') -+ with warnings_helper.check_no_warnings(self): -+ self.check_unpack_archive(format) - - def test_unpack_archive_tar(self): -- self.check_unpack_archive('tar') -+ self.check_unpack_tarball('tar') - - @support.requires_zlib() - def test_unpack_archive_gztar(self): -- self.check_unpack_archive('gztar') -+ self.check_unpack_tarball('gztar') - - @support.requires_bz2() - def test_unpack_archive_bztar(self): -- self.check_unpack_archive('bztar') -+ self.check_unpack_tarball('bztar') - - @support.requires_lzma() - @unittest.skipIf(AIX and not _maxdataOK(), "AIX MAXDATA must be 0x20000000 or larger") - def test_unpack_archive_xztar(self): -- self.check_unpack_archive('xztar') -+ self.check_unpack_tarball('xztar') - - @support.requires_zlib() - def test_unpack_archive_zip(self): - self.check_unpack_archive('zip') -+ with self.assertRaises(TypeError): -+ self.check_unpack_archive('zip', filter='data') - - def test_unpack_registry(self): - ---- a/Lib/test/test_tarfile.py -+++ b/Lib/test/test_tarfile.py -@@ -5,6 +5,10 @@ from hashlib import sha256 - from contextlib import contextmanager - from random import Random - import pathlib -+import shutil -+import re -+import warnings -+import stat - - import unittest - import unittest.mock -@@ -13,6 +17,7 @@ import tarfile - from test import support - from test.support import os_helper - from test.support import script_helper -+from test.support import warnings_helper - - # Check for our compression modules. - try: -@@ -108,7 +113,7 @@ class UstarReadTest(ReadTest, unittest.T - "regular file extraction failed") - - def test_fileobj_readlines(self): -- self.tar.extract("ustar/regtype", TEMPDIR) -+ self.tar.extract("ustar/regtype", TEMPDIR, filter='data') - tarinfo = self.tar.getmember("ustar/regtype") - with open(os.path.join(TEMPDIR, "ustar/regtype"), "r") as fobj1: - lines1 = fobj1.readlines() -@@ -126,7 +131,7 @@ class UstarReadTest(ReadTest, unittest.T - "fileobj.readlines() failed") - - def test_fileobj_iter(self): -- self.tar.extract("ustar/regtype", TEMPDIR) -+ self.tar.extract("ustar/regtype", TEMPDIR, filter='data') - tarinfo = self.tar.getmember("ustar/regtype") - with open(os.path.join(TEMPDIR, "ustar/regtype"), "r") as fobj1: - lines1 = fobj1.readlines() -@@ -136,7 +141,8 @@ class UstarReadTest(ReadTest, unittest.T - "fileobj.__iter__() failed") - - def test_fileobj_seek(self): -- self.tar.extract("ustar/regtype", TEMPDIR) -+ self.tar.extract("ustar/regtype", TEMPDIR, -+ filter='data') - with open(os.path.join(TEMPDIR, "ustar/regtype"), "rb") as fobj: - data = fobj.read() - -@@ -467,7 +473,7 @@ class CommonReadTest(ReadTest): - t = tar.next() - - with self.assertRaisesRegex(tarfile.ReadError, "unexpected end of data"): -- tar.extract(t, TEMPDIR) -+ tar.extract(t, TEMPDIR, filter='data') - - with self.assertRaisesRegex(tarfile.ReadError, "unexpected end of data"): - tar.extractfile(t).read() -@@ -622,16 +628,16 @@ class MiscReadTestBase(CommonReadTest): - def test_extract_hardlink(self): - # Test hardlink extraction (e.g. bug #857297). - with tarfile.open(tarname, errorlevel=1, encoding="iso8859-1") as tar: -- tar.extract("ustar/regtype", TEMPDIR) -+ tar.extract("ustar/regtype", TEMPDIR, filter='data') - self.addCleanup(os_helper.unlink, os.path.join(TEMPDIR, "ustar/regtype")) - -- tar.extract("ustar/lnktype", TEMPDIR) -+ tar.extract("ustar/lnktype", TEMPDIR, filter='data') - self.addCleanup(os_helper.unlink, os.path.join(TEMPDIR, "ustar/lnktype")) - with open(os.path.join(TEMPDIR, "ustar/lnktype"), "rb") as f: - data = f.read() - self.assertEqual(sha256sum(data), sha256_regtype) - -- tar.extract("ustar/symtype", TEMPDIR) -+ tar.extract("ustar/symtype", TEMPDIR, filter='data') - self.addCleanup(os_helper.unlink, os.path.join(TEMPDIR, "ustar/symtype")) - with open(os.path.join(TEMPDIR, "ustar/symtype"), "rb") as f: - data = f.read() -@@ -646,13 +652,14 @@ class MiscReadTestBase(CommonReadTest): - os.mkdir(DIR) - try: - directories = [t for t in tar if t.isdir()] -- tar.extractall(DIR, directories) -+ tar.extractall(DIR, directories, filter='fully_trusted') - for tarinfo in directories: - path = os.path.join(DIR, tarinfo.name) - if sys.platform != "win32": - # Win32 has no support for fine grained permissions. - self.assertEqual(tarinfo.mode & 0o777, -- os.stat(path).st_mode & 0o777) -+ os.stat(path).st_mode & 0o777, -+ tarinfo.name) - def format_mtime(mtime): - if isinstance(mtime, float): - return "{} ({})".format(mtime, mtime.hex()) -@@ -676,7 +683,7 @@ class MiscReadTestBase(CommonReadTest): - try: - with tarfile.open(tarname, encoding="iso8859-1") as tar: - tarinfo = tar.getmember(dirtype) -- tar.extract(tarinfo, path=DIR) -+ tar.extract(tarinfo, path=DIR, filter='fully_trusted') - extracted = os.path.join(DIR, dirtype) - self.assertEqual(os.path.getmtime(extracted), tarinfo.mtime) - if sys.platform != "win32": -@@ -689,7 +696,7 @@ class MiscReadTestBase(CommonReadTest): - with os_helper.temp_dir(DIR), \ - tarfile.open(tarname, encoding="iso8859-1") as tar: - directories = [t for t in tar if t.isdir()] -- tar.extractall(DIR, directories) -+ tar.extractall(DIR, directories, filter='fully_trusted') - for tarinfo in directories: - path = DIR / tarinfo.name - self.assertEqual(os.path.getmtime(path), tarinfo.mtime) -@@ -700,7 +707,7 @@ class MiscReadTestBase(CommonReadTest): - with os_helper.temp_dir(DIR), \ - tarfile.open(tarname, encoding="iso8859-1") as tar: - tarinfo = tar.getmember(dirtype) -- tar.extract(tarinfo, path=DIR) -+ tar.extract(tarinfo, path=DIR, filter='fully_trusted') - extracted = DIR / dirtype - self.assertEqual(os.path.getmtime(extracted), tarinfo.mtime) - -@@ -1068,7 +1075,7 @@ class GNUReadTest(LongnameTest, ReadTest - # an all platforms, and after that a test that will work only on - # platforms/filesystems that prove to support sparse files. - def _test_sparse_file(self, name): -- self.tar.extract(name, TEMPDIR) -+ self.tar.extract(name, TEMPDIR, filter='data') - filename = os.path.join(TEMPDIR, name) - with open(filename, "rb") as fobj: - data = fobj.read() -@@ -1435,7 +1442,8 @@ class WriteTest(WriteTestBase, unittest. - with tarfile.open(temparchive, errorlevel=2) as tar: - # this should not raise OSError: [Errno 17] File exists - try: -- tar.extractall(path=tempdir) -+ tar.extractall(path=tempdir, -+ filter='fully_trusted') - except OSError: - self.fail("extractall failed with symlinked files") - finally: -@@ -2436,7 +2444,12 @@ class MiscTest(unittest.TestCase): - 'PAX_NUMBER_FIELDS', 'stn', 'nts', 'nti', 'itn', 'calc_chksums', - 'copyfileobj', 'filemode', 'EmptyHeaderError', - 'TruncatedHeaderError', 'EOFHeaderError', 'InvalidHeaderError', -- 'SubsequentHeaderError', 'ExFileObject', 'main'} -+ 'SubsequentHeaderError', 'ExFileObject', 'main', -+ "fully_trusted_filter", "data_filter", -+ "tar_filter", "FilterError", "AbsoluteLinkError", -+ "OutsideDestinationError", "SpecialFileError", "AbsolutePathError", -+ "LinkOutsideDestinationError", -+ } - support.check__all__(self, tarfile, not_exported=not_exported) - - def test_useful_error_message_when_modules_missing(self): -@@ -2471,6 +2484,15 @@ class CommandLineTest(unittest.TestCase) - for tardata in files: - tf.add(tardata, arcname=os.path.basename(tardata)) - -+ def make_evil_tarfile(self, tar_name): -+ files = [support.findfile('tokenize_tests.txt')] -+ self.addCleanup(os_helper.unlink, tar_name) -+ with tarfile.open(tar_name, 'w') as tf: -+ benign = tarfile.TarInfo('benign') -+ tf.addfile(benign, fileobj=io.BytesIO(b'')) -+ evil = tarfile.TarInfo('../evil') -+ tf.addfile(evil, fileobj=io.BytesIO(b'')) -+ - def test_bad_use(self): - rc, out, err = self.tarfilecmd_failure() - self.assertEqual(out, b'') -@@ -2627,6 +2649,25 @@ class CommandLineTest(unittest.TestCase) - finally: - os_helper.rmtree(tarextdir) - -+ def test_extract_command_filter(self): -+ self.make_evil_tarfile(tmpname) -+ # Make an inner directory, so the member named '../evil' -+ # is still extracted into `tarextdir` -+ destdir = os.path.join(tarextdir, 'dest') -+ os.mkdir(tarextdir) -+ try: -+ with os_helper.temp_cwd(destdir): -+ self.tarfilecmd_failure('-e', tmpname, -+ '-v', -+ '--filter', 'data') -+ out = self.tarfilecmd('-e', tmpname, -+ '-v', -+ '--filter', 'fully_trusted', -+ PYTHONIOENCODING='utf-8') -+ self.assertIn(b' file is extracted.', out) -+ finally: -+ os_helper.rmtree(tarextdir) -+ - def test_extract_command_different_directory(self): - self.make_simple_tarfile(tmpname) - try: -@@ -2710,7 +2751,7 @@ class LinkEmulationTest(ReadTest, unitte - # symbolic or hard links tarfile tries to extract these types of members - # as the regular files they point to. - def _test_link_extraction(self, name): -- self.tar.extract(name, TEMPDIR) -+ self.tar.extract(name, TEMPDIR, filter='fully_trusted') - with open(os.path.join(TEMPDIR, name), "rb") as f: - data = f.read() - self.assertEqual(sha256sum(data), sha256_regtype) -@@ -2842,8 +2883,10 @@ class NumericOwnerTest(unittest.TestCase - mock_chown): - with self._setup_test(mock_geteuid) as (tarfl, filename_1, _, - filename_2): -- tarfl.extract(filename_1, TEMPDIR, numeric_owner=True) -- tarfl.extract(filename_2 , TEMPDIR, numeric_owner=True) -+ tarfl.extract(filename_1, TEMPDIR, numeric_owner=True, -+ filter='fully_trusted') -+ tarfl.extract(filename_2 , TEMPDIR, numeric_owner=True, -+ filter='fully_trusted') - - # convert to filesystem paths - f_filename_1 = os.path.join(TEMPDIR, filename_1) -@@ -2861,7 +2904,8 @@ class NumericOwnerTest(unittest.TestCase - mock_chown): - with self._setup_test(mock_geteuid) as (tarfl, filename_1, dirname_1, - filename_2): -- tarfl.extractall(TEMPDIR, numeric_owner=True) -+ tarfl.extractall(TEMPDIR, numeric_owner=True, -+ filter='fully_trusted') - - # convert to filesystem paths - f_filename_1 = os.path.join(TEMPDIR, filename_1) -@@ -2886,7 +2930,8 @@ class NumericOwnerTest(unittest.TestCase - def test_extract_without_numeric_owner(self, mock_geteuid, mock_chmod, - mock_chown): - with self._setup_test(mock_geteuid) as (tarfl, filename_1, _, _): -- tarfl.extract(filename_1, TEMPDIR, numeric_owner=False) -+ tarfl.extract(filename_1, TEMPDIR, numeric_owner=False, -+ filter='fully_trusted') - - # convert to filesystem paths - f_filename_1 = os.path.join(TEMPDIR, filename_1) -@@ -2900,6 +2945,905 @@ class NumericOwnerTest(unittest.TestCase - tarfl.extract, filename_1, TEMPDIR, False, True) - - -+class ReplaceTests(ReadTest, unittest.TestCase): -+ def test_replace_name(self): -+ member = self.tar.getmember('ustar/regtype') -+ replaced = member.replace(name='misc/other') -+ self.assertEqual(replaced.name, 'misc/other') -+ self.assertEqual(member.name, 'ustar/regtype') -+ self.assertEqual(self.tar.getmember('ustar/regtype').name, -+ 'ustar/regtype') -+ -+ def test_replace_deep(self): -+ member = self.tar.getmember('pax/regtype1') -+ replaced = member.replace() -+ replaced.pax_headers['gname'] = 'not-bar' -+ self.assertEqual(member.pax_headers['gname'], 'bar') -+ self.assertEqual( -+ self.tar.getmember('pax/regtype1').pax_headers['gname'], 'bar') -+ -+ def test_replace_shallow(self): -+ member = self.tar.getmember('pax/regtype1') -+ replaced = member.replace(deep=False) -+ replaced.pax_headers['gname'] = 'not-bar' -+ self.assertEqual(member.pax_headers['gname'], 'not-bar') -+ self.assertEqual( -+ self.tar.getmember('pax/regtype1').pax_headers['gname'], 'not-bar') -+ -+ def test_replace_all(self): -+ member = self.tar.getmember('ustar/regtype') -+ for attr_name in ('name', 'mtime', 'mode', 'linkname', -+ 'uid', 'gid', 'uname', 'gname'): -+ with self.subTest(attr_name=attr_name): -+ replaced = member.replace(**{attr_name: None}) -+ self.assertEqual(getattr(replaced, attr_name), None) -+ self.assertNotEqual(getattr(member, attr_name), None) -+ -+ def test_replace_internal(self): -+ member = self.tar.getmember('ustar/regtype') -+ with self.assertRaises(TypeError): -+ member.replace(offset=123456789) -+ -+ -+class NoneInfoExtractTests(ReadTest): -+ # These mainly check that all kinds of members are extracted successfully -+ # if some metadata is None. -+ # Some of the methods do additional spot checks. -+ -+ # We also test that the default filters can deal with None. -+ -+ extraction_filter = None -+ -+ @classmethod -+ def setUpClass(cls): -+ tar = tarfile.open(tarname, mode='r', encoding="iso8859-1") -+ cls.control_dir = pathlib.Path(TEMPDIR) / "extractall_ctrl" -+ tar.errorlevel = 0 -+ tar.extractall(cls.control_dir, filter=cls.extraction_filter) -+ tar.close() -+ cls.control_paths = set( -+ p.relative_to(cls.control_dir) -+ for p in pathlib.Path(cls.control_dir).glob('**/*')) -+ -+ @classmethod -+ def tearDownClass(cls): -+ shutil.rmtree(cls.control_dir) -+ -+ def check_files_present(self, directory): -+ got_paths = set( -+ p.relative_to(directory) -+ for p in pathlib.Path(directory).glob('**/*')) -+ self.assertEqual(self.control_paths, got_paths) -+ -+ @contextmanager -+ def extract_with_none(self, *attr_names): -+ DIR = pathlib.Path(TEMPDIR) / "extractall_none" -+ self.tar.errorlevel = 0 -+ for member in self.tar.getmembers(): -+ for attr_name in attr_names: -+ setattr(member, attr_name, None) -+ with os_helper.temp_dir(DIR): -+ self.tar.extractall(DIR, filter='fully_trusted') -+ self.check_files_present(DIR) -+ yield DIR -+ -+ def test_extractall_none_mtime(self): -+ # mtimes of extracted files should be later than 'now' -- the mtime -+ # of a previously created directory. -+ now = pathlib.Path(TEMPDIR).stat().st_mtime -+ with self.extract_with_none('mtime') as DIR: -+ for path in pathlib.Path(DIR).glob('**/*'): -+ with self.subTest(path=path): -+ try: -+ mtime = path.stat().st_mtime -+ except OSError: -+ # Some systems can't stat symlinks, ignore those -+ if not path.is_symlink(): -+ raise -+ else: -+ self.assertGreaterEqual(path.stat().st_mtime, now) -+ -+ def test_extractall_none_mode(self): -+ # modes of directories and regular files should match the mode -+ # of a "normally" created directory or regular file -+ dir_mode = pathlib.Path(TEMPDIR).stat().st_mode -+ regular_file = pathlib.Path(TEMPDIR) / 'regular_file' -+ regular_file.write_text('') -+ regular_file_mode = regular_file.stat().st_mode -+ with self.extract_with_none('mode') as DIR: -+ for path in pathlib.Path(DIR).glob('**/*'): -+ with self.subTest(path=path): -+ if path.is_dir(): -+ self.assertEqual(path.stat().st_mode, dir_mode) -+ elif path.is_file(): -+ self.assertEqual(path.stat().st_mode, -+ regular_file_mode) -+ -+ def test_extractall_none_uid(self): -+ with self.extract_with_none('uid'): -+ pass -+ -+ def test_extractall_none_gid(self): -+ with self.extract_with_none('gid'): -+ pass -+ -+ def test_extractall_none_uname(self): -+ with self.extract_with_none('uname'): -+ pass -+ -+ def test_extractall_none_gname(self): -+ with self.extract_with_none('gname'): -+ pass -+ -+ def test_extractall_none_ownership(self): -+ with self.extract_with_none('uid', 'gid', 'uname', 'gname'): -+ pass -+ -+class NoneInfoExtractTests_Data(NoneInfoExtractTests, unittest.TestCase): -+ extraction_filter = 'data' -+ -+class NoneInfoExtractTests_FullyTrusted(NoneInfoExtractTests, -+ unittest.TestCase): -+ extraction_filter = 'fully_trusted' -+ -+class NoneInfoExtractTests_Tar(NoneInfoExtractTests, unittest.TestCase): -+ extraction_filter = 'tar' -+ -+class NoneInfoExtractTests_Default(NoneInfoExtractTests, -+ unittest.TestCase): -+ extraction_filter = None -+ -+class NoneInfoTests_Misc(unittest.TestCase): -+ def test_add(self): -+ # When addfile() encounters None metadata, it raises a ValueError -+ bio = io.BytesIO() -+ for tarformat in (tarfile.USTAR_FORMAT, tarfile.GNU_FORMAT, -+ tarfile.PAX_FORMAT): -+ with self.subTest(tarformat=tarformat): -+ tar = tarfile.open(fileobj=bio, mode='w', format=tarformat) -+ tarinfo = tar.gettarinfo(tarname) -+ try: -+ tar.addfile(tarinfo) -+ except Exception: -+ if tarformat == tarfile.USTAR_FORMAT: -+ # In the old, limited format, adding might fail for -+ # reasons like the UID being too large -+ pass -+ else: -+ raise -+ else: -+ for attr_name in ('mtime', 'mode', 'uid', 'gid', -+ 'uname', 'gname'): -+ with self.subTest(attr_name=attr_name): -+ replaced = tarinfo.replace(**{attr_name: None}) -+ with self.assertRaisesRegex(ValueError, -+ f"{attr_name}"): -+ tar.addfile(replaced) -+ -+ def test_list(self): -+ # Change some metadata to None, then compare list() output -+ # word-for-word. We want list() to not raise, and to only change -+ # printout for the affected piece of metadata. -+ # (n.b.: some contents of the test archive are hardcoded.) -+ for attr_names in ({'mtime'}, {'mode'}, {'uid'}, {'gid'}, -+ {'uname'}, {'gname'}, -+ {'uid', 'uname'}, {'gid', 'gname'}): -+ with (self.subTest(attr_names=attr_names), -+ tarfile.open(tarname, encoding="iso8859-1") as tar): -+ tio_prev = io.TextIOWrapper(io.BytesIO(), 'ascii', newline='\n') -+ with support.swap_attr(sys, 'stdout', tio_prev): -+ tar.list() -+ for member in tar.getmembers(): -+ for attr_name in attr_names: -+ setattr(member, attr_name, None) -+ tio_new = io.TextIOWrapper(io.BytesIO(), 'ascii', newline='\n') -+ with support.swap_attr(sys, 'stdout', tio_new): -+ tar.list() -+ for expected, got in zip(tio_prev.detach().getvalue().split(), -+ tio_new.detach().getvalue().split()): -+ if attr_names == {'mtime'} and re.match(rb'2003-01-\d\d', expected): -+ self.assertEqual(got, b'????-??-??') -+ elif attr_names == {'mtime'} and re.match(rb'\d\d:\d\d:\d\d', expected): -+ self.assertEqual(got, b'??:??:??') -+ elif attr_names == {'mode'} and re.match( -+ rb'.([r-][w-][x-]){3}', expected): -+ self.assertEqual(got, b'??????????') -+ elif attr_names == {'uname'} and expected.startswith( -+ (b'tarfile/', b'lars/', b'foo/')): -+ exp_user, exp_group = expected.split(b'/') -+ got_user, got_group = got.split(b'/') -+ self.assertEqual(got_group, exp_group) -+ self.assertRegex(got_user, b'[0-9]+') -+ elif attr_names == {'gname'} and expected.endswith( -+ (b'/tarfile', b'/users', b'/bar')): -+ exp_user, exp_group = expected.split(b'/') -+ got_user, got_group = got.split(b'/') -+ self.assertEqual(got_user, exp_user) -+ self.assertRegex(got_group, b'[0-9]+') -+ elif attr_names == {'uid'} and expected.startswith( -+ (b'1000/')): -+ exp_user, exp_group = expected.split(b'/') -+ got_user, got_group = got.split(b'/') -+ self.assertEqual(got_group, exp_group) -+ self.assertEqual(got_user, b'None') -+ elif attr_names == {'gid'} and expected.endswith((b'/100')): -+ exp_user, exp_group = expected.split(b'/') -+ got_user, got_group = got.split(b'/') -+ self.assertEqual(got_user, exp_user) -+ self.assertEqual(got_group, b'None') -+ elif attr_names == {'uid', 'uname'} and expected.startswith( -+ (b'tarfile/', b'lars/', b'foo/', b'1000/')): -+ exp_user, exp_group = expected.split(b'/') -+ got_user, got_group = got.split(b'/') -+ self.assertEqual(got_group, exp_group) -+ self.assertEqual(got_user, b'None') -+ elif attr_names == {'gname', 'gid'} and expected.endswith( -+ (b'/tarfile', b'/users', b'/bar', b'/100')): -+ exp_user, exp_group = expected.split(b'/') -+ got_user, got_group = got.split(b'/') -+ self.assertEqual(got_user, exp_user) -+ self.assertEqual(got_group, b'None') -+ else: -+ # In other cases the output should be the same -+ self.assertEqual(expected, got) -+ -+def _filemode_to_int(mode): -+ """Inverse of `stat.filemode` (for permission bits) -+ -+ Using mode strings rather than numbers makes the later tests more readable. -+ """ -+ str_mode = mode[1:] -+ result = ( -+ {'r': stat.S_IRUSR, '-': 0}[str_mode[0]] -+ | {'w': stat.S_IWUSR, '-': 0}[str_mode[1]] -+ | {'x': stat.S_IXUSR, '-': 0, -+ 's': stat.S_IXUSR | stat.S_ISUID, -+ 'S': stat.S_ISUID}[str_mode[2]] -+ | {'r': stat.S_IRGRP, '-': 0}[str_mode[3]] -+ | {'w': stat.S_IWGRP, '-': 0}[str_mode[4]] -+ | {'x': stat.S_IXGRP, '-': 0, -+ 's': stat.S_IXGRP | stat.S_ISGID, -+ 'S': stat.S_ISGID}[str_mode[5]] -+ | {'r': stat.S_IROTH, '-': 0}[str_mode[6]] -+ | {'w': stat.S_IWOTH, '-': 0}[str_mode[7]] -+ | {'x': stat.S_IXOTH, '-': 0, -+ 't': stat.S_IXOTH | stat.S_ISVTX, -+ 'T': stat.S_ISVTX}[str_mode[8]] -+ ) -+ # check we did this right -+ assert stat.filemode(result)[1:] == mode[1:] -+ -+ return result -+ -+class ArchiveMaker: -+ """Helper to create a tar file with specific contents -+ -+ Usage: -+ -+ with ArchiveMaker() as t: -+ t.add('filename', ...) -+ -+ with t.open() as tar: -+ ... # `tar` is now a TarFile with 'filename' in it! -+ """ -+ def __init__(self): -+ self.bio = io.BytesIO() -+ -+ def __enter__(self): -+ self.tar_w = tarfile.TarFile(mode='w', fileobj=self.bio) -+ return self -+ -+ def __exit__(self, *exc): -+ self.tar_w.close() -+ self.contents = self.bio.getvalue() -+ self.bio = None -+ -+ def add(self, name, *, type=None, symlink_to=None, hardlink_to=None, -+ mode=None, **kwargs): -+ """Add a member to the test archive. Call within `with`.""" -+ name = str(name) -+ tarinfo = tarfile.TarInfo(name).replace(**kwargs) -+ if mode: -+ tarinfo.mode = _filemode_to_int(mode) -+ if symlink_to is not None: -+ type = tarfile.SYMTYPE -+ tarinfo.linkname = str(symlink_to) -+ if hardlink_to is not None: -+ type = tarfile.LNKTYPE -+ tarinfo.linkname = str(hardlink_to) -+ if name.endswith('/') and type is None: -+ type = tarfile.DIRTYPE -+ if type is not None: -+ tarinfo.type = type -+ if tarinfo.isreg(): -+ fileobj = io.BytesIO(bytes(tarinfo.size)) -+ else: -+ fileobj = None -+ self.tar_w.addfile(tarinfo, fileobj) -+ -+ def open(self, **kwargs): -+ """Open the resulting archive as TarFile. Call after `with`.""" -+ bio = io.BytesIO(self.contents) -+ return tarfile.open(fileobj=bio, **kwargs) -+ -+# Under WASI, `os_helper.can_symlink` is False to make -+# `skip_unless_symlink` skip symlink tests. " -+# But in the following tests we use can_symlink to *determine* which -+# behavior is expected. -+# Like other symlink tests, skip these on WASI for now. -+if support.is_wasi: -+ def symlink_test(f): -+ return unittest.skip("WASI: Skip symlink test for now")(f) -+else: -+ def symlink_test(f): -+ return f -+ -+ -+class TestExtractionFilters(unittest.TestCase): -+ -+ # A temporary directory for the extraction results. -+ # All files that "escape" the destination path should still end -+ # up in this directory. -+ outerdir = pathlib.Path(TEMPDIR) / 'outerdir' -+ -+ # The destination for the extraction, within `outerdir` -+ destdir = outerdir / 'dest' -+ -+ @contextmanager -+ def check_context(self, tar, filter): -+ """Extracts `tar` to `self.destdir` and allows checking the result -+ -+ If an error occurs, it must be checked using `expect_exception` -+ -+ Otherwise, all resulting files must be checked using `expect_file`, -+ except the destination directory itself and parent directories of -+ other files. -+ When checking directories, do so before their contents. -+ """ -+ with os_helper.temp_dir(self.outerdir): -+ try: -+ tar.extractall(self.destdir, filter=filter) -+ except Exception as exc: -+ self.raised_exception = exc -+ self.expected_paths = set() -+ else: -+ self.raised_exception = None -+ self.expected_paths = set(self.outerdir.glob('**/*')) -+ self.expected_paths.discard(self.destdir) -+ try: -+ yield -+ finally: -+ tar.close() -+ if self.raised_exception: -+ raise self.raised_exception -+ self.assertEqual(self.expected_paths, set()) -+ -+ def expect_file(self, name, type=None, symlink_to=None, mode=None): -+ """Check a single file. See check_context.""" -+ if self.raised_exception: -+ raise self.raised_exception -+ # use normpath() rather than resolve() so we don't follow symlinks -+ path = pathlib.Path(os.path.normpath(self.destdir / name)) -+ self.assertIn(path, self.expected_paths) -+ self.expected_paths.remove(path) -+ if mode is not None and os_helper.can_chmod(): -+ got = stat.filemode(stat.S_IMODE(path.stat().st_mode)) -+ self.assertEqual(got, mode) -+ if type is None and isinstance(name, str) and name.endswith('/'): -+ type = tarfile.DIRTYPE -+ if symlink_to is not None: -+ got = (self.destdir / name).readlink() -+ expected = pathlib.Path(symlink_to) -+ # The symlink might be the same (textually) as what we expect, -+ # but some systems change the link to an equivalent path, so -+ # we fall back to samefile(). -+ if expected != got: -+ self.assertTrue(got.samefile(expected)) -+ elif type == tarfile.REGTYPE or type is None: -+ self.assertTrue(path.is_file()) -+ elif type == tarfile.DIRTYPE: -+ self.assertTrue(path.is_dir()) -+ elif type == tarfile.FIFOTYPE: -+ self.assertTrue(path.is_fifo()) -+ else: -+ raise NotImplementedError(type) -+ for parent in path.parents: -+ self.expected_paths.discard(parent) -+ -+ def expect_exception(self, exc_type, message_re='.'): -+ with self.assertRaisesRegex(exc_type, message_re): -+ if self.raised_exception is not None: -+ raise self.raised_exception -+ self.raised_exception = None -+ -+ def test_benign_file(self): -+ with ArchiveMaker() as arc: -+ arc.add('benign.txt') -+ for filter in 'fully_trusted', 'tar', 'data': -+ with self.check_context(arc.open(), filter): -+ self.expect_file('benign.txt') -+ -+ def test_absolute(self): -+ # Test handling a member with an absolute path -+ # Inspired by 'absolute1' in https://github.com/jwilk/traversal-archives -+ with ArchiveMaker() as arc: -+ arc.add(self.outerdir / 'escaped.evil') -+ -+ with self.check_context(arc.open(), 'fully_trusted'): -+ self.expect_file('../escaped.evil') -+ -+ for filter in 'tar', 'data': -+ with self.check_context(arc.open(), filter): -+ if str(self.outerdir).startswith('/'): -+ # We strip leading slashes, as e.g. GNU tar does -+ # (without --absolute-filenames). -+ outerdir_stripped = str(self.outerdir).lstrip('/') -+ self.expect_file(f'{outerdir_stripped}/escaped.evil') -+ else: -+ # On this system, absolute paths don't have leading -+ # slashes. -+ # So, there's nothing to strip. We refuse to unpack -+ # to an absolute path, nonetheless. -+ self.expect_exception( -+ tarfile.AbsolutePathError, -+ """['"].*escaped.evil['"] has an absolute path""") -+ -+ @symlink_test -+ def test_parent_symlink(self): -+ # Test interplaying symlinks -+ # Inspired by 'dirsymlink2a' in jwilk/traversal-archives -+ with ArchiveMaker() as arc: -+ arc.add('current', symlink_to='.') -+ arc.add('parent', symlink_to='current/..') -+ arc.add('parent/evil') -+ -+ if os_helper.can_symlink(): -+ with self.check_context(arc.open(), 'fully_trusted'): -+ if self.raised_exception is not None: -+ # Windows will refuse to create a file that's a symlink to itself -+ # (and tarfile doesn't swallow that exception) -+ self.expect_exception(FileExistsError) -+ # The other cases will fail with this error too. -+ # Skip the rest of this test. -+ return -+ else: -+ self.expect_file('current', symlink_to='.') -+ self.expect_file('parent', symlink_to='current/..') -+ self.expect_file('../evil') -+ -+ with self.check_context(arc.open(), 'tar'): -+ self.expect_exception( -+ tarfile.OutsideDestinationError, -+ """'parent/evil' would be extracted to ['"].*evil['"], """ -+ + "which is outside the destination") -+ -+ with self.check_context(arc.open(), 'data'): -+ self.expect_exception( -+ tarfile.LinkOutsideDestinationError, -+ """'parent' would link to ['"].*outerdir['"], """ -+ + "which is outside the destination") -+ -+ else: -+ # No symlink support. The symlinks are ignored. -+ with self.check_context(arc.open(), 'fully_trusted'): -+ self.expect_file('parent/evil') -+ with self.check_context(arc.open(), 'tar'): -+ self.expect_file('parent/evil') -+ with self.check_context(arc.open(), 'data'): -+ self.expect_file('parent/evil') -+ -+ @symlink_test -+ def test_parent_symlink2(self): -+ # Test interplaying symlinks -+ # Inspired by 'dirsymlink2b' in jwilk/traversal-archives -+ with ArchiveMaker() as arc: -+ arc.add('current', symlink_to='.') -+ arc.add('current/parent', symlink_to='..') -+ arc.add('parent/evil') -+ -+ with self.check_context(arc.open(), 'fully_trusted'): -+ if os_helper.can_symlink(): -+ self.expect_file('current', symlink_to='.') -+ self.expect_file('parent', symlink_to='..') -+ self.expect_file('../evil') -+ else: -+ self.expect_file('current/') -+ self.expect_file('parent/evil') -+ -+ with self.check_context(arc.open(), 'tar'): -+ if os_helper.can_symlink(): -+ self.expect_exception( -+ tarfile.OutsideDestinationError, -+ "'parent/evil' would be extracted to " -+ + """['"].*evil['"], which is outside """ -+ + "the destination") -+ else: -+ self.expect_file('current/') -+ self.expect_file('parent/evil') -+ -+ with self.check_context(arc.open(), 'data'): -+ self.expect_exception( -+ tarfile.LinkOutsideDestinationError, -+ """'current/parent' would link to ['"].*['"], """ -+ + "which is outside the destination") -+ -+ @symlink_test -+ def test_absolute_symlink(self): -+ # Test symlink to an absolute path -+ # Inspired by 'dirsymlink' in jwilk/traversal-archives -+ with ArchiveMaker() as arc: -+ arc.add('parent', symlink_to=self.outerdir) -+ arc.add('parent/evil') -+ -+ with self.check_context(arc.open(), 'fully_trusted'): -+ if os_helper.can_symlink(): -+ self.expect_file('parent', symlink_to=self.outerdir) -+ self.expect_file('../evil') -+ else: -+ self.expect_file('parent/evil') -+ -+ with self.check_context(arc.open(), 'tar'): -+ if os_helper.can_symlink(): -+ self.expect_exception( -+ tarfile.OutsideDestinationError, -+ "'parent/evil' would be extracted to " -+ + """['"].*evil['"], which is outside """ -+ + "the destination") -+ else: -+ self.expect_file('parent/evil') -+ -+ with self.check_context(arc.open(), 'data'): -+ self.expect_exception( -+ tarfile.AbsoluteLinkError, -+ "'parent' is a symlink to an absolute path") -+ -+ @symlink_test -+ def test_sly_relative0(self): -+ # Inspired by 'relative0' in jwilk/traversal-archives -+ with ArchiveMaker() as arc: -+ arc.add('../moo', symlink_to='..//tmp/moo') -+ -+ try: -+ with self.check_context(arc.open(), filter='fully_trusted'): -+ if os_helper.can_symlink(): -+ if isinstance(self.raised_exception, FileExistsError): -+ # XXX TarFile happens to fail creating a parent -+ # directory. -+ # This might be a bug, but fixing it would hurt -+ # security. -+ # Note that e.g. GNU `tar` rejects '..' components, -+ # so you could argue this is an invalid archive and we -+ # just raise an bad type of exception. -+ self.expect_exception(FileExistsError) -+ else: -+ self.expect_file('../moo', symlink_to='..//tmp/moo') -+ else: -+ # The symlink can't be extracted and is ignored -+ pass -+ except FileExistsError: -+ pass -+ -+ for filter in 'tar', 'data': -+ with self.check_context(arc.open(), filter): -+ self.expect_exception( -+ tarfile.OutsideDestinationError, -+ "'../moo' would be extracted to " -+ + "'.*moo', which is outside " -+ + "the destination") -+ -+ @symlink_test -+ def test_sly_relative2(self): -+ # Inspired by 'relative2' in jwilk/traversal-archives -+ with ArchiveMaker() as arc: -+ arc.add('tmp/') -+ arc.add('tmp/../../moo', symlink_to='tmp/../..//tmp/moo') -+ -+ with self.check_context(arc.open(), 'fully_trusted'): -+ self.expect_file('tmp', type=tarfile.DIRTYPE) -+ if os_helper.can_symlink(): -+ self.expect_file('../moo', symlink_to='tmp/../../tmp/moo') -+ -+ for filter in 'tar', 'data': -+ with self.check_context(arc.open(), filter): -+ self.expect_exception( -+ tarfile.OutsideDestinationError, -+ "'tmp/../../moo' would be extracted to " -+ + """['"].*moo['"], which is outside the """ -+ + "destination") -+ -+ def test_modes(self): -+ # Test how file modes are extracted -+ # (Note that the modes are ignored on platforms without working chmod) -+ with ArchiveMaker() as arc: -+ arc.add('all_bits', mode='?rwsrwsrwt') -+ arc.add('perm_bits', mode='?rwxrwxrwx') -+ arc.add('exec_group_other', mode='?rw-rwxrwx') -+ arc.add('read_group_only', mode='?---r-----') -+ arc.add('no_bits', mode='?---------') -+ arc.add('dir/', mode='?---rwsrwt') -+ -+ # On some systems, setting the sticky bit is a no-op. -+ # Check if that's the case. -+ tmp_filename = os.path.join(TEMPDIR, "tmp.file") -+ with open(tmp_filename, 'w'): -+ pass -+ os.chmod(tmp_filename, os.stat(tmp_filename).st_mode | stat.S_ISVTX) -+ have_sticky_files = (os.stat(tmp_filename).st_mode & stat.S_ISVTX) -+ os.unlink(tmp_filename) -+ -+ os.mkdir(tmp_filename) -+ os.chmod(tmp_filename, os.stat(tmp_filename).st_mode | stat.S_ISVTX) -+ have_sticky_dirs = (os.stat(tmp_filename).st_mode & stat.S_ISVTX) -+ os.rmdir(tmp_filename) -+ -+ with self.check_context(arc.open(), 'fully_trusted'): -+ if have_sticky_files: -+ self.expect_file('all_bits', mode='?rwsrwsrwt') -+ else: -+ self.expect_file('all_bits', mode='?rwsrwsrwx') -+ self.expect_file('perm_bits', mode='?rwxrwxrwx') -+ self.expect_file('exec_group_other', mode='?rw-rwxrwx') -+ self.expect_file('read_group_only', mode='?---r-----') -+ self.expect_file('no_bits', mode='?---------') -+ if have_sticky_dirs: -+ self.expect_file('dir/', mode='?---rwsrwt') -+ else: -+ self.expect_file('dir/', mode='?---rwsrwx') -+ -+ with self.check_context(arc.open(), 'tar'): -+ self.expect_file('all_bits', mode='?rwxr-xr-x') -+ self.expect_file('perm_bits', mode='?rwxr-xr-x') -+ self.expect_file('exec_group_other', mode='?rw-r-xr-x') -+ self.expect_file('read_group_only', mode='?---r-----') -+ self.expect_file('no_bits', mode='?---------') -+ self.expect_file('dir/', mode='?---r-xr-x') -+ -+ with self.check_context(arc.open(), 'data'): -+ normal_dir_mode = stat.filemode(stat.S_IMODE( -+ self.outerdir.stat().st_mode)) -+ self.expect_file('all_bits', mode='?rwxr-xr-x') -+ self.expect_file('perm_bits', mode='?rwxr-xr-x') -+ self.expect_file('exec_group_other', mode='?rw-r--r--') -+ self.expect_file('read_group_only', mode='?rw-r-----') -+ self.expect_file('no_bits', mode='?rw-------') -+ self.expect_file('dir/', mode=normal_dir_mode) -+ -+ def test_pipe(self): -+ # Test handling of a special file -+ with ArchiveMaker() as arc: -+ arc.add('foo', type=tarfile.FIFOTYPE) -+ -+ for filter in 'fully_trusted', 'tar': -+ with self.check_context(arc.open(), filter): -+ if hasattr(os, 'mkfifo'): -+ self.expect_file('foo', type=tarfile.FIFOTYPE) -+ else: -+ # The pipe can't be extracted and is skipped. -+ pass -+ -+ with self.check_context(arc.open(), 'data'): -+ self.expect_exception( -+ tarfile.SpecialFileError, -+ "'foo' is a special file") -+ -+ def test_special_files(self): -+ # Creating device files is tricky. Instead of attempting that let's -+ # only check the filter result. -+ for special_type in tarfile.FIFOTYPE, tarfile.CHRTYPE, tarfile.BLKTYPE: -+ tarinfo = tarfile.TarInfo('foo') -+ tarinfo.type = special_type -+ trusted = tarfile.fully_trusted_filter(tarinfo, '') -+ self.assertIs(trusted, tarinfo) -+ tar = tarfile.tar_filter(tarinfo, '') -+ self.assertEqual(tar.type, special_type) -+ with self.assertRaises(tarfile.SpecialFileError) as cm: -+ tarfile.data_filter(tarinfo, '') -+ self.assertIsInstance(cm.exception.tarinfo, tarfile.TarInfo) -+ self.assertEqual(cm.exception.tarinfo.name, 'foo') -+ -+ def test_fully_trusted_filter(self): -+ # The 'fully_trusted' filter returns the original TarInfo objects. -+ with tarfile.TarFile.open(tarname) as tar: -+ for tarinfo in tar.getmembers(): -+ filtered = tarfile.fully_trusted_filter(tarinfo, '') -+ self.assertIs(filtered, tarinfo) -+ -+ def test_tar_filter(self): -+ # The 'tar' filter returns TarInfo objects with the same name/type. -+ # (It can also fail for particularly "evil" input, but we don't have -+ # that in the test archive.) -+ with tarfile.TarFile.open(tarname) as tar: -+ for tarinfo in tar.getmembers(): -+ filtered = tarfile.tar_filter(tarinfo, '') -+ self.assertIs(filtered.name, tarinfo.name) -+ self.assertIs(filtered.type, tarinfo.type) -+ -+ def test_data_filter(self): -+ # The 'data' filter either raises, or returns TarInfo with the same -+ # name/type. -+ with tarfile.TarFile.open(tarname) as tar: -+ for tarinfo in tar.getmembers(): -+ try: -+ filtered = tarfile.data_filter(tarinfo, '') -+ except tarfile.FilterError: -+ continue -+ self.assertIs(filtered.name, tarinfo.name) -+ self.assertIs(filtered.type, tarinfo.type) -+ -+ def test_default_filter_warns_not(self): -+ """Ensure the default filter does not warn (like in 3.12)""" -+ with ArchiveMaker() as arc: -+ arc.add('foo') -+ with warnings_helper.check_no_warnings(self): -+ with self.check_context(arc.open(), None): -+ self.expect_file('foo') -+ -+ def test_change_default_filter_on_instance(self): -+ tar = tarfile.TarFile(tarname, 'r') -+ def strict_filter(tarinfo, path): -+ if tarinfo.name == 'ustar/regtype': -+ return tarinfo -+ else: -+ return None -+ tar.extraction_filter = strict_filter -+ with self.check_context(tar, None): -+ self.expect_file('ustar/regtype') -+ -+ def test_change_default_filter_on_class(self): -+ def strict_filter(tarinfo, path): -+ if tarinfo.name == 'ustar/regtype': -+ return tarinfo -+ else: -+ return None -+ tar = tarfile.TarFile(tarname, 'r') -+ with support.swap_attr(tarfile.TarFile, 'extraction_filter', -+ staticmethod(strict_filter)): -+ with self.check_context(tar, None): -+ self.expect_file('ustar/regtype') -+ -+ def test_change_default_filter_on_subclass(self): -+ class TarSubclass(tarfile.TarFile): -+ def extraction_filter(self, tarinfo, path): -+ if tarinfo.name == 'ustar/regtype': -+ return tarinfo -+ else: -+ return None -+ -+ tar = TarSubclass(tarname, 'r') -+ with self.check_context(tar, None): -+ self.expect_file('ustar/regtype') -+ -+ def test_change_default_filter_to_string(self): -+ tar = tarfile.TarFile(tarname, 'r') -+ tar.extraction_filter = 'data' -+ with self.check_context(tar, None): -+ self.expect_exception(TypeError) -+ -+ def test_custom_filter(self): -+ def custom_filter(tarinfo, path): -+ self.assertIs(path, self.destdir) -+ if tarinfo.name == 'move_this': -+ return tarinfo.replace(name='moved') -+ if tarinfo.name == 'ignore_this': -+ return None -+ return tarinfo -+ -+ with ArchiveMaker() as arc: -+ arc.add('move_this') -+ arc.add('ignore_this') -+ arc.add('keep') -+ with self.check_context(arc.open(), custom_filter): -+ self.expect_file('moved') -+ self.expect_file('keep') -+ -+ def test_bad_filter_name(self): -+ with ArchiveMaker() as arc: -+ arc.add('foo') -+ with self.check_context(arc.open(), 'bad filter name'): -+ self.expect_exception(ValueError) -+ -+ def test_stateful_filter(self): -+ # Stateful filters should be possible. -+ # (This doesn't really test tarfile. Rather, it demonstrates -+ # that third parties can implement a stateful filter.) -+ class StatefulFilter: -+ def __enter__(self): -+ self.num_files_processed = 0 -+ return self -+ -+ def __call__(self, tarinfo, path): -+ try: -+ tarinfo = tarfile.data_filter(tarinfo, path) -+ except tarfile.FilterError: -+ return None -+ self.num_files_processed += 1 -+ return tarinfo -+ -+ def __exit__(self, *exc_info): -+ self.done = True -+ -+ with ArchiveMaker() as arc: -+ arc.add('good') -+ arc.add('bad', symlink_to='/') -+ arc.add('good') -+ with StatefulFilter() as custom_filter: -+ with self.check_context(arc.open(), custom_filter): -+ self.expect_file('good') -+ self.assertEqual(custom_filter.num_files_processed, 2) -+ self.assertEqual(custom_filter.done, True) -+ -+ def test_errorlevel(self): -+ def extracterror_filter(tarinfo, path): -+ raise tarfile.ExtractError('failed with ExtractError') -+ def filtererror_filter(tarinfo, path): -+ raise tarfile.FilterError('failed with FilterError') -+ def oserror_filter(tarinfo, path): -+ raise OSError('failed with OSError') -+ def tarerror_filter(tarinfo, path): -+ raise tarfile.TarError('failed with base TarError') -+ def valueerror_filter(tarinfo, path): -+ raise ValueError('failed with ValueError') -+ -+ with ArchiveMaker() as arc: -+ arc.add('file') -+ -+ # If errorlevel is 0, errors affected by errorlevel are ignored -+ -+ with self.check_context(arc.open(errorlevel=0), extracterror_filter): -+ self.expect_file('file') -+ -+ with self.check_context(arc.open(errorlevel=0), filtererror_filter): -+ self.expect_file('file') -+ -+ with self.check_context(arc.open(errorlevel=0), oserror_filter): -+ self.expect_file('file') -+ -+ with self.check_context(arc.open(errorlevel=0), tarerror_filter): -+ self.expect_exception(tarfile.TarError) -+ -+ with self.check_context(arc.open(errorlevel=0), valueerror_filter): -+ self.expect_exception(ValueError) -+ -+ # If 1, all fatal errors are raised -+ -+ with self.check_context(arc.open(errorlevel=1), extracterror_filter): -+ self.expect_file('file') -+ -+ with self.check_context(arc.open(errorlevel=1), filtererror_filter): -+ self.expect_exception(tarfile.FilterError) -+ -+ with self.check_context(arc.open(errorlevel=1), oserror_filter): -+ self.expect_exception(OSError) -+ -+ with self.check_context(arc.open(errorlevel=1), tarerror_filter): -+ self.expect_exception(tarfile.TarError) -+ -+ with self.check_context(arc.open(errorlevel=1), valueerror_filter): -+ self.expect_exception(ValueError) -+ -+ # If 2, all non-fatal errors are raised as well. -+ -+ with self.check_context(arc.open(errorlevel=2), extracterror_filter): -+ self.expect_exception(tarfile.ExtractError) -+ -+ with self.check_context(arc.open(errorlevel=2), filtererror_filter): -+ self.expect_exception(tarfile.FilterError) -+ -+ with self.check_context(arc.open(errorlevel=2), oserror_filter): -+ self.expect_exception(OSError) -+ -+ with self.check_context(arc.open(errorlevel=2), tarerror_filter): -+ self.expect_exception(tarfile.TarError) -+ -+ with self.check_context(arc.open(errorlevel=2), valueerror_filter): -+ self.expect_exception(ValueError) -+ -+ # We only handle ExtractionError, FilterError & OSError specially. -+ -+ with self.check_context(arc.open(errorlevel='boo!'), filtererror_filter): -+ self.expect_exception(TypeError) # errorlevel is not int -+ -+ - def setUpModule(): - os_helper.unlink(TEMPDIR) - os.makedirs(TEMPDIR) ---- /dev/null -+++ b/Misc/NEWS.d/next/Library/2023-03-23-15-24-38.gh-issue-102953.YR4KaK.rst -@@ -0,0 +1,4 @@ -+The extraction methods in :mod:`tarfile`, and :func:`shutil.unpack_archive`, -+have a new a *filter* argument that allows limiting tar features than may be -+surprising or dangerous, such as creating files outside the destination -+directory. See :ref:`tarfile-extraction-filter` for details. diff --git a/Python-3.11.3.tar.xz b/Python-3.11.3.tar.xz deleted file mode 100644 index b1a0cdb..0000000 --- a/Python-3.11.3.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:8a5db99c961a7ecf27c75956189c9602c968751f11dbeae2b900dbff1c085b5e -size 19906156 diff --git a/Python-3.11.3.tar.xz.asc b/Python-3.11.3.tar.xz.asc deleted file mode 100644 index a67d226..0000000 --- a/Python-3.11.3.tar.xz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCAAdFiEEz9yiRbEEPPKl+Xhl/+h0BBaL2EcFAmQsppwACgkQ/+h0BBaL -2Ee3kg//ewFzE4twuLz2MKoki+7xKz5VzTm2fvCtymAtqVq8Tk3oTvRrc9llHIQn -+QU6Cjiu38igRgQ4O0/i6909U3N1tmqXsSHtuGIB5mEOqwK9LESTPJG+wK4nULg5 -fLH+FgBAJ4HSI3WIMt8jn98LJ8lsfFrH1sdv9ijcDN9VdekY8vXOOaWbAWg2vpYb -vXTtajHXA1KLZR1GvhDel3G6qPhxOjud/gwVJgzHcxA/mpDjT5DTiqS5rVMsJQq0 -R/LCtsqM4NVjurWwe5jEOi/Fv60qTN7ekuIdziC3IB50WjkwXltKB90l9heihnZo -oGAe2T9Kv74Pr1kWhkstURwFGP6hRrZHNfvZXYgcJdN2SxsS9VNkt2JQ9aKevPo3 -t1ZgmB5WGsWAWgny7pm+qLfKy5mkdaal/BB7iLTh5/u3b6tlO2C7wNpGRLS1OBrN -kr/SMS0uyVXcZfcjMTs9e/7YU/ArAvu5nwbFqDrFLHe1SHqTq1PXkeVxbxf1c6KW -TZyOivQA7pcbPyqrbm+tuL2qbAjfOtDo771i9AG2vjgsblxTQvBxXc7buv5/JoCl -4jKuDYHuteiVsuJFeC2Gs67hcM0qjEzbB7mFSJLPDZU3gMMGQxMn/ZWrI/laD5hB -biXtLQJt/Z+3f1ROWiFgjZvdaWYjT26BWaBkIMrv65NG//M7wfo= -=SzVA ------END PGP SIGNATURE----- diff --git a/Python-3.11.4.tar.xz b/Python-3.11.4.tar.xz new file mode 100644 index 0000000..74ec0ef --- /dev/null +++ b/Python-3.11.4.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:2f0e409df2ab57aa9fc4cbddfb976af44e4e55bf6f619eee6bc5c2297264a7f6 +size 19954828 diff --git a/Python-3.11.4.tar.xz.asc b/Python-3.11.4.tar.xz.asc new file mode 100644 index 0000000..b95003c --- /dev/null +++ b/Python-3.11.4.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEz9yiRbEEPPKl+Xhl/+h0BBaL2EcFAmR/sHIACgkQ/+h0BBaL +2EfQDQ//eFWvcQ5ijhVd3r5lp7NTNUPK6xKR2iqzpNWlN2Z4QkGJ2+IworBaZoGA +tzmbT0j0LB9ZQ+ba3xnqXGXD8Ky+fHLg8GV5yshPlH/bD7tPuHtfDRxNcWplEVSS +MbMuLjAYavTIHhYEz/Rpx4jvZTI5lwplVqj9WxNI/8tNrL5M2bsCtv+IB6brohiw +rUOUlT/KDkZbrGfB1Fe033Ep8hay5MkKjhgr7O1dU7zMuDRG+HRsCYGs7a5x6KhH +3QNTEp+GEIAKEsip5nR7vl5KqL02lHa5sf36SV2wjRTwO+IhgV7lvtJEwOD12oE5 +c+TCQMFbmBXg2vVmNBN/Lwftw1SwT/+orFX6V4U93jq6QNUo4GvPqum6YzuayGYc +/JM4MNziqmfdNW2YjEHPPfzti3f40eTapys97YufOrmYjM2NY0Fs+kAErvyxiWqi +guVQtaZIYeLl/9KWqQ0F/Apy1N+fVDuWBkZlizwHrUsGips4Rp7Bh/iCrDdOj+1D +gRCio7+KvdtzHavZPZnU5dcpUiXZgsDzOTI138IyYaEtVUS59ELkA2qxI1yCb5mk +eLVG1L7r/J2tIaTcguQppp5Z+62UDTArlUbnRxda0buzA2r1aFiQCTMwp+kTRegw +T9Ht/CT/D4vpMdmSQTun9MkKifcK+2uGfSsS7Lz4fSWjQLqg36k= +=zSfJ +-----END PGP SIGNATURE----- diff --git a/python311.changes b/python311.changes index 6f55f78..3acc706 100644 --- a/python311.changes +++ b/python311.changes @@ -1,3 +1,33 @@ +------------------------------------------------------------------- +Wed Jun 28 19:47:28 UTC 2023 - Matej Cepl + +- Update to Python 3.11.4: + - gh-103142: The version of OpenSSL used in Windows and + Mac installers has been upgraded to 1.1.1u to address + CVE-2023-2650, CVE-2023-0465, CVE-2023-0466, CVE-2023-0464, + as well as CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303 + fixed previously in 1.1.1t (gh-101727). + - gh-102153: urllib.parse.urlsplit() now strips leading C0 + control and space characters following the specification for + URLs defined by WHATWG in response to CVE-2023-24329 + (bsc#1208471). + - gh-99889: Fixed a security in flaw in uu.decode() that could + allow for directory traversal based on the input if no + out_file was specified. + - gh-104049: Do not expose the local on-disk + location in directory indexes produced by + http.client.SimpleHTTPRequestHandler. + - gh-103935: trace.__main__ now uses io.open_code() for files + to be executed instead of raw open(). + - gh-102953: The extraction methods in tarfile, and + shutil.unpack_archive(), have a new filter argument that + allows limiting tar features than may be surprising or + dangerous, such as creating files outside the destination + directory. See Extraction filters for details (fixing + CVE-2007-4559, bsc#1203750). +- Remove upstreamed patches: + - CVE-2007-4559-filter-tarfile_extractall.patch + ------------------------------------------------------------------- Mon Jun 26 13:02:05 UTC 2023 - Matej Cepl diff --git a/python311.spec b/python311.spec index 01e3d63..31476d4 100644 --- a/python311.spec +++ b/python311.spec @@ -94,7 +94,7 @@ %define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so %bcond_without profileopt Name: %{python_pkg_name}%{psuffix} -Version: 3.11.3 +Version: 3.11.4 Release: 0 Summary: Python 3 Interpreter License: Python-2.0 @@ -157,9 +157,6 @@ Patch35: fix_configure_rst.patch # PATCH-FIX-UPSTREAM support-expat-CVE-2022-25236-patched.patch jsc#SLE-21253 mcepl@suse.com # Makes Python resilient to changes of API of libexpat Patch36: support-expat-CVE-2022-25236-patched.patch -# PATCH-FIX-UPSTREAM CVE-2007-4559-filter-tarfile_extractall.patch bsc#1203750 mcepl@suse.com -# PEP 706 – Filter for tarfile.extractall -Patch37: CVE-2007-4559-filter-tarfile_extractall.patch # PATCH-FIX-UPSTREAM 103213-fetch-CONFIG_ARGS.patch gh#python/cpython#103053 mcepl@suse.com # Fetch CONFIG_ARGS from original python instance Patch38: 103213-fetch-CONFIG_ARGS.patch @@ -424,7 +421,6 @@ other applications. %endif %patch35 -p1 %patch36 -p1 -%patch37 -p1 %patch38 -p1 %patch39 -p1 -- 2.51.1 From f7f28c547b9f455bbb0c7c579b63ddb5aedb87b928dcc66db77bba9b7c661992 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Wed, 28 Jun 2023 19:55:36 +0000 Subject: [PATCH 053/135] Fix patches OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=72 --- fix_configure_rst.patch | 2 +- subprocess-raise-timeout.patch | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/fix_configure_rst.patch b/fix_configure_rst.patch index 56c05ff..5dcafa6 100644 --- a/fix_configure_rst.patch +++ b/fix_configure_rst.patch @@ -29,7 +29,7 @@ Create a Python.framework rather than a traditional Unix install. Optional --- a/Misc/NEWS +++ b/Misc/NEWS -@@ -7809,7 +7809,7 @@ C API +@@ -8105,7 +8105,7 @@ C API - bpo-40939: Removed documentation for the removed ``PyParser_*`` C API. - bpo-43795: The list in :ref:`stable-abi-list` now shows the public name diff --git a/subprocess-raise-timeout.patch b/subprocess-raise-timeout.patch index 5f0fcb5..76afe11 100644 --- a/subprocess-raise-timeout.patch +++ b/subprocess-raise-timeout.patch @@ -4,7 +4,7 @@ --- a/Lib/test/test_subprocess.py +++ b/Lib/test/test_subprocess.py -@@ -278,7 +278,8 @@ class ProcessTestCase(BaseTestCase): +@@ -279,7 +279,8 @@ class ProcessTestCase(BaseTestCase): "time.sleep(3600)"], # Some heavily loaded buildbots (sparc Debian 3.x) require # this much time to start and print. -- 2.51.1 From ff02f0908cfd94e9342b6c46e2dedaa4b2299190ebf6c441b5a172de6690d01e Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Wed, 12 Jul 2023 15:19:06 +0000 Subject: [PATCH 054/135] - (bsc#1210638, CVE-2023-27043) Add CVE-2023-27043-email-parsing-errors.patch, which detects email address parsing errors and returns empty tuple to indicate the parsing error (old API). OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=74 --- CVE-2023-27043-email-parsing-errors.patch | 241 ++++++++++++++++++++++ python311.changes | 8 + python311.spec | 5 + 3 files changed, 254 insertions(+) create mode 100644 CVE-2023-27043-email-parsing-errors.patch diff --git a/CVE-2023-27043-email-parsing-errors.patch b/CVE-2023-27043-email-parsing-errors.patch new file mode 100644 index 0000000..24e6079 --- /dev/null +++ b/CVE-2023-27043-email-parsing-errors.patch @@ -0,0 +1,241 @@ +--- + Doc/library/email.utils.rst | 26 +++ + Lib/email/utils.py | 63 +++++++ + Lib/test/test_email/test_email.py | 81 +++++++++- + Misc/NEWS.d/next/Security/2023-06-13-20-52-24.gh-issue-102988.Kei7Vf.rst | 4 + 4 files changed, 164 insertions(+), 10 deletions(-) + +--- a/Doc/library/email.utils.rst ++++ b/Doc/library/email.utils.rst +@@ -67,6 +67,11 @@ of the new API. + *email address* parts. Returns a tuple of that information, unless the parse + fails, in which case a 2-tuple of ``('', '')`` is returned. + ++ .. versionchanged:: 3.12 ++ For security reasons, addresses that were ambiguous and could parse into ++ multiple different addresses now cause ``('', '')`` to be returned ++ instead of only one of the *potential* addresses. ++ + + .. function:: formataddr(pair, charset='utf-8') + +@@ -89,7 +94,7 @@ of the new API. + This method returns a list of 2-tuples of the form returned by ``parseaddr()``. + *fieldvalues* is a sequence of header field values as might be returned by + :meth:`Message.get_all `. Here's a simple +- example that gets all the recipients of a message:: ++ example that gets all the recipients of a message: + + from email.utils import getaddresses + +@@ -99,6 +104,25 @@ of the new API. + resent_ccs = msg.get_all('resent-cc', []) + all_recipients = getaddresses(tos + ccs + resent_tos + resent_ccs) + ++ When parsing fails for a single fieldvalue, a 2-tuple of ``('', '')`` ++ is returned in its place. Other errors in parsing the list of ++ addresses such as a fieldvalue seemingly parsing into multiple ++ addresses may result in a list containing a single empty 2-tuple ++ ``[('', '')]`` being returned rather than returning potentially ++ invalid output. ++ ++ Example malformed input parsing: ++ ++ .. doctest:: ++ ++ >>> from email.utils import getaddresses ++ >>> getaddresses(['alice@example.com ', 'me@example.com']) ++ [('', '')] ++ ++ .. versionchanged:: 3.12 ++ The 2-tuple of ``('', '')`` in the returned values when parsing ++ fails were added as to address a security issue. ++ + + .. function:: parsedate(date) + +--- a/Lib/email/utils.py ++++ b/Lib/email/utils.py +@@ -106,12 +106,54 @@ def formataddr(pair, charset='utf-8'): + return address + + ++def _pre_parse_validation(email_header_fields): ++ accepted_values = [] ++ for v in email_header_fields: ++ s = v.replace('\\(', '').replace('\\)', '') ++ if s.count('(') != s.count(')'): ++ v = "('', '')" ++ accepted_values.append(v) ++ ++ return accepted_values ++ ++ ++def _post_parse_validation(parsed_email_header_tuples): ++ accepted_values = [] ++ # The parser would have parsed a correctly formatted domain-literal ++ # The existence of an [ after parsing indicates a parsing failure ++ for v in parsed_email_header_tuples: ++ if '[' in v[1]: ++ v = ('', '') ++ accepted_values.append(v) ++ ++ return accepted_values ++ + + def getaddresses(fieldvalues): +- """Return a list of (REALNAME, EMAIL) for each fieldvalue.""" +- all = COMMASPACE.join(str(v) for v in fieldvalues) ++ """Return a list of (REALNAME, EMAIL) or ('','') for each fieldvalue. ++ ++ When parsing fails for a fieldvalue, a 2-tuple of ('', '') is returned in ++ its place. ++ ++ If the resulting list of parsed address is not the same as the number of ++ fieldvalues in the input list a parsing error has occurred. A list ++ containing a single empty 2-tuple [('', '')] is returned in its place. ++ This is done to avoid invalid output. ++ """ ++ fieldvalues = [str(v) for v in fieldvalues] ++ fieldvalues = _pre_parse_validation(fieldvalues) ++ all = COMMASPACE.join(v for v in fieldvalues) + a = _AddressList(all) +- return a.addresslist ++ result = _post_parse_validation(a.addresslist) ++ ++ n = 0 ++ for v in fieldvalues: ++ n += v.count(',') + 1 ++ ++ if len(result) != n: ++ return [('', '')] ++ ++ return result + + + def _format_timetuple_and_zone(timetuple, zone): +@@ -209,9 +251,18 @@ def parseaddr(addr): + Return a tuple of realname and email address, unless the parse fails, in + which case return a 2-tuple of ('', ''). + """ +- addrs = _AddressList(addr).addresslist +- if not addrs: +- return '', '' ++ if isinstance(addr, list): ++ addr = addr[0] ++ ++ if not isinstance(addr, str): ++ return ('', '') ++ ++ addr = _pre_parse_validation([addr])[0] ++ addrs = _post_parse_validation(_AddressList(addr).addresslist) ++ ++ if not addrs or len(addrs) > 1: ++ return ('', '') ++ + return addrs[0] + + +--- a/Lib/test/test_email/test_email.py ++++ b/Lib/test/test_email/test_email.py +@@ -3263,15 +3263,90 @@ Foo + [('Al Person', 'aperson@dom.ain'), + ('Bud Person', 'bperson@dom.ain')]) + ++ def test_getaddresses_parsing_errors(self): ++ """Test for parsing errors from CVE-2023-27043""" ++ eq = self.assertEqual ++ eq(utils.getaddresses(['alice@example.org(']), ++ [('', '')]) ++ eq(utils.getaddresses(['alice@example.org)']), ++ [('', '')]) ++ eq(utils.getaddresses(['alice@example.org<']), ++ [('', '')]) ++ eq(utils.getaddresses(['alice@example.org>']), ++ [('', '')]) ++ eq(utils.getaddresses(['alice@example.org@']), ++ [('', '')]) ++ eq(utils.getaddresses(['alice@example.org,']), ++ [('', 'alice@example.org'), ('', 'bob@example.com')]) ++ eq(utils.getaddresses(['alice@example.org;']), ++ [('', '')]) ++ eq(utils.getaddresses(['alice@example.org:']), ++ [('', '')]) ++ eq(utils.getaddresses(['alice@example.org.']), ++ [('', '')]) ++ eq(utils.getaddresses(['alice@example.org"']), ++ [('', '')]) ++ eq(utils.getaddresses(['alice@example.org[']), ++ [('', '')]) ++ eq(utils.getaddresses(['alice@example.org]']), ++ [('', '')]) ++ ++ def test_parseaddr_parsing_errors(self): ++ """Test for parsing errors from CVE-2023-27043""" ++ eq = self.assertEqual ++ eq(utils.parseaddr(['alice@example.org(']), ++ ('', '')) ++ eq(utils.parseaddr(['alice@example.org)']), ++ ('', '')) ++ eq(utils.parseaddr(['alice@example.org<']), ++ ('', '')) ++ eq(utils.parseaddr(['alice@example.org>']), ++ ('', '')) ++ eq(utils.parseaddr(['alice@example.org@']), ++ ('', '')) ++ eq(utils.parseaddr(['alice@example.org,']), ++ ('', '')) ++ eq(utils.parseaddr(['alice@example.org;']), ++ ('', '')) ++ eq(utils.parseaddr(['alice@example.org:']), ++ ('', '')) ++ eq(utils.parseaddr(['alice@example.org.']), ++ ('', '')) ++ eq(utils.parseaddr(['alice@example.org"']), ++ ('', '')) ++ eq(utils.parseaddr(['alice@example.org[']), ++ ('', '')) ++ eq(utils.parseaddr(['alice@example.org]']), ++ ('', '')) ++ + def test_getaddresses_nasty(self): + eq = self.assertEqual + eq(utils.getaddresses(['foo: ;']), [('', '')]) +- eq(utils.getaddresses( +- ['[]*-- =~$']), +- [('', ''), ('', ''), ('', '*--')]) ++ eq(utils.getaddresses(['[]*-- =~$']), [('', '')]) + eq(utils.getaddresses( + ['foo: ;', '"Jason R. Mastaler" ']), + [('', ''), ('Jason R. Mastaler', 'jason@dom.ain')]) ++ eq(utils.getaddresses( ++ [r'Pete(A nice \) chap) ']), ++ [('Pete (A nice ) chap his account his host)', 'pete@silly.test')]) ++ eq(utils.getaddresses( ++ ['(Empty list)(start)Undisclosed recipients :(nobody(I know))']), ++ [('', '')]) ++ eq(utils.getaddresses( ++ ['Mary <@machine.tld:mary@example.net>, , jdoe@test . example']), ++ [('Mary', 'mary@example.net'), ('', ''), ('', 'jdoe@test.example')]) ++ eq(utils.getaddresses( ++ ['John Doe ']), ++ [('John Doe (comment)', 'jdoe@machine.example')]) ++ eq(utils.getaddresses( ++ ['"Mary Smith: Personal Account" ']), ++ [('Mary Smith: Personal Account', 'smith@home.example')]) ++ eq(utils.getaddresses( ++ ['Undisclosed recipients:;']), ++ [('', '')]) ++ eq(utils.getaddresses( ++ [r', "Giant; \"Big\" Box" ']), ++ [('', 'boss@nil.test'), ('Giant; "Big" Box', 'bob@example.net')]) + + def test_getaddresses_embedded_comment(self): + """Test proper handling of a nested comment""" +--- /dev/null ++++ b/Misc/NEWS.d/next/Security/2023-06-13-20-52-24.gh-issue-102988.Kei7Vf.rst +@@ -0,0 +1,4 @@ ++CVE-2023-27043: Prevent :func:`email.utils.parseaddr` ++and :func:`email.utils.getaddresses` from returning the realname portion of an ++invalid RFC2822 email header in the email address portion of the 2-tuple ++returned after being parsed by :class:`email._parseaddr.AddressList`. diff --git a/python311.changes b/python311.changes index 3acc706..18a10a0 100644 --- a/python311.changes +++ b/python311.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Tue Jul 11 07:35:18 UTC 2023 - Matej Cepl + +- (bsc#1210638, CVE-2023-27043) Add + CVE-2023-27043-email-parsing-errors.patch, which detects email + address parsing errors and returns empty tuple to indicate the + parsing error (old API). + ------------------------------------------------------------------- Wed Jun 28 19:47:28 UTC 2023 - Matej Cepl diff --git a/python311.spec b/python311.spec index 31476d4..733aac4 100644 --- a/python311.spec +++ b/python311.spec @@ -163,6 +163,10 @@ Patch38: 103213-fetch-CONFIG_ARGS.patch # PATCH-FIX-UPSTREAM skip_if_buildbot-extend.patch gh#python/cpython#103053 mcepl@suse.com # Skip test_freeze_simple_script Patch39: skip_if_buildbot-extend.patch +# PATCH-FIX-UPSTREAM CVE-2023-27043-email-parsing-errors.patch bsc#1210638 mcepl@suse.com +# Detect email address parsing errors and return empty tuple to +# indicate the parsing error (old API) +Patch40: CVE-2023-27043-email-parsing-errors.patch BuildRequires: autoconf-archive BuildRequires: automake BuildRequires: fdupes @@ -423,6 +427,7 @@ other applications. %patch36 -p1 %patch38 -p1 %patch39 -p1 +%patch40 -p1 # drop Autoconf version requirement sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac -- 2.51.1 From 55fcbed4eb7796ed69b368ab6a0a66ac3953f3d9117248cb825d2f2907c0ad5b Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Fri, 14 Jul 2023 14:06:49 +0000 Subject: [PATCH 055/135] Accepting request 1098691 from devel:languages:python:Factory Revert faulty fix for CVE-2023-27043 (gh#python/cpython#106669) OBS-URL: https://build.opensuse.org/request/show/1098691 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=75 --- CVE-2023-27043-email-parsing-errors.patch | 241 ---------------------- python311.changes | 8 - python311.spec | 5 - 3 files changed, 254 deletions(-) delete mode 100644 CVE-2023-27043-email-parsing-errors.patch diff --git a/CVE-2023-27043-email-parsing-errors.patch b/CVE-2023-27043-email-parsing-errors.patch deleted file mode 100644 index 24e6079..0000000 --- a/CVE-2023-27043-email-parsing-errors.patch +++ /dev/null @@ -1,241 +0,0 @@ ---- - Doc/library/email.utils.rst | 26 +++ - Lib/email/utils.py | 63 +++++++ - Lib/test/test_email/test_email.py | 81 +++++++++- - Misc/NEWS.d/next/Security/2023-06-13-20-52-24.gh-issue-102988.Kei7Vf.rst | 4 - 4 files changed, 164 insertions(+), 10 deletions(-) - ---- a/Doc/library/email.utils.rst -+++ b/Doc/library/email.utils.rst -@@ -67,6 +67,11 @@ of the new API. - *email address* parts. Returns a tuple of that information, unless the parse - fails, in which case a 2-tuple of ``('', '')`` is returned. - -+ .. versionchanged:: 3.12 -+ For security reasons, addresses that were ambiguous and could parse into -+ multiple different addresses now cause ``('', '')`` to be returned -+ instead of only one of the *potential* addresses. -+ - - .. function:: formataddr(pair, charset='utf-8') - -@@ -89,7 +94,7 @@ of the new API. - This method returns a list of 2-tuples of the form returned by ``parseaddr()``. - *fieldvalues* is a sequence of header field values as might be returned by - :meth:`Message.get_all `. Here's a simple -- example that gets all the recipients of a message:: -+ example that gets all the recipients of a message: - - from email.utils import getaddresses - -@@ -99,6 +104,25 @@ of the new API. - resent_ccs = msg.get_all('resent-cc', []) - all_recipients = getaddresses(tos + ccs + resent_tos + resent_ccs) - -+ When parsing fails for a single fieldvalue, a 2-tuple of ``('', '')`` -+ is returned in its place. Other errors in parsing the list of -+ addresses such as a fieldvalue seemingly parsing into multiple -+ addresses may result in a list containing a single empty 2-tuple -+ ``[('', '')]`` being returned rather than returning potentially -+ invalid output. -+ -+ Example malformed input parsing: -+ -+ .. doctest:: -+ -+ >>> from email.utils import getaddresses -+ >>> getaddresses(['alice@example.com ', 'me@example.com']) -+ [('', '')] -+ -+ .. versionchanged:: 3.12 -+ The 2-tuple of ``('', '')`` in the returned values when parsing -+ fails were added as to address a security issue. -+ - - .. function:: parsedate(date) - ---- a/Lib/email/utils.py -+++ b/Lib/email/utils.py -@@ -106,12 +106,54 @@ def formataddr(pair, charset='utf-8'): - return address - - -+def _pre_parse_validation(email_header_fields): -+ accepted_values = [] -+ for v in email_header_fields: -+ s = v.replace('\\(', '').replace('\\)', '') -+ if s.count('(') != s.count(')'): -+ v = "('', '')" -+ accepted_values.append(v) -+ -+ return accepted_values -+ -+ -+def _post_parse_validation(parsed_email_header_tuples): -+ accepted_values = [] -+ # The parser would have parsed a correctly formatted domain-literal -+ # The existence of an [ after parsing indicates a parsing failure -+ for v in parsed_email_header_tuples: -+ if '[' in v[1]: -+ v = ('', '') -+ accepted_values.append(v) -+ -+ return accepted_values -+ - - def getaddresses(fieldvalues): -- """Return a list of (REALNAME, EMAIL) for each fieldvalue.""" -- all = COMMASPACE.join(str(v) for v in fieldvalues) -+ """Return a list of (REALNAME, EMAIL) or ('','') for each fieldvalue. -+ -+ When parsing fails for a fieldvalue, a 2-tuple of ('', '') is returned in -+ its place. -+ -+ If the resulting list of parsed address is not the same as the number of -+ fieldvalues in the input list a parsing error has occurred. A list -+ containing a single empty 2-tuple [('', '')] is returned in its place. -+ This is done to avoid invalid output. -+ """ -+ fieldvalues = [str(v) for v in fieldvalues] -+ fieldvalues = _pre_parse_validation(fieldvalues) -+ all = COMMASPACE.join(v for v in fieldvalues) - a = _AddressList(all) -- return a.addresslist -+ result = _post_parse_validation(a.addresslist) -+ -+ n = 0 -+ for v in fieldvalues: -+ n += v.count(',') + 1 -+ -+ if len(result) != n: -+ return [('', '')] -+ -+ return result - - - def _format_timetuple_and_zone(timetuple, zone): -@@ -209,9 +251,18 @@ def parseaddr(addr): - Return a tuple of realname and email address, unless the parse fails, in - which case return a 2-tuple of ('', ''). - """ -- addrs = _AddressList(addr).addresslist -- if not addrs: -- return '', '' -+ if isinstance(addr, list): -+ addr = addr[0] -+ -+ if not isinstance(addr, str): -+ return ('', '') -+ -+ addr = _pre_parse_validation([addr])[0] -+ addrs = _post_parse_validation(_AddressList(addr).addresslist) -+ -+ if not addrs or len(addrs) > 1: -+ return ('', '') -+ - return addrs[0] - - ---- a/Lib/test/test_email/test_email.py -+++ b/Lib/test/test_email/test_email.py -@@ -3263,15 +3263,90 @@ Foo - [('Al Person', 'aperson@dom.ain'), - ('Bud Person', 'bperson@dom.ain')]) - -+ def test_getaddresses_parsing_errors(self): -+ """Test for parsing errors from CVE-2023-27043""" -+ eq = self.assertEqual -+ eq(utils.getaddresses(['alice@example.org(']), -+ [('', '')]) -+ eq(utils.getaddresses(['alice@example.org)']), -+ [('', '')]) -+ eq(utils.getaddresses(['alice@example.org<']), -+ [('', '')]) -+ eq(utils.getaddresses(['alice@example.org>']), -+ [('', '')]) -+ eq(utils.getaddresses(['alice@example.org@']), -+ [('', '')]) -+ eq(utils.getaddresses(['alice@example.org,']), -+ [('', 'alice@example.org'), ('', 'bob@example.com')]) -+ eq(utils.getaddresses(['alice@example.org;']), -+ [('', '')]) -+ eq(utils.getaddresses(['alice@example.org:']), -+ [('', '')]) -+ eq(utils.getaddresses(['alice@example.org.']), -+ [('', '')]) -+ eq(utils.getaddresses(['alice@example.org"']), -+ [('', '')]) -+ eq(utils.getaddresses(['alice@example.org[']), -+ [('', '')]) -+ eq(utils.getaddresses(['alice@example.org]']), -+ [('', '')]) -+ -+ def test_parseaddr_parsing_errors(self): -+ """Test for parsing errors from CVE-2023-27043""" -+ eq = self.assertEqual -+ eq(utils.parseaddr(['alice@example.org(']), -+ ('', '')) -+ eq(utils.parseaddr(['alice@example.org)']), -+ ('', '')) -+ eq(utils.parseaddr(['alice@example.org<']), -+ ('', '')) -+ eq(utils.parseaddr(['alice@example.org>']), -+ ('', '')) -+ eq(utils.parseaddr(['alice@example.org@']), -+ ('', '')) -+ eq(utils.parseaddr(['alice@example.org,']), -+ ('', '')) -+ eq(utils.parseaddr(['alice@example.org;']), -+ ('', '')) -+ eq(utils.parseaddr(['alice@example.org:']), -+ ('', '')) -+ eq(utils.parseaddr(['alice@example.org.']), -+ ('', '')) -+ eq(utils.parseaddr(['alice@example.org"']), -+ ('', '')) -+ eq(utils.parseaddr(['alice@example.org[']), -+ ('', '')) -+ eq(utils.parseaddr(['alice@example.org]']), -+ ('', '')) -+ - def test_getaddresses_nasty(self): - eq = self.assertEqual - eq(utils.getaddresses(['foo: ;']), [('', '')]) -- eq(utils.getaddresses( -- ['[]*-- =~$']), -- [('', ''), ('', ''), ('', '*--')]) -+ eq(utils.getaddresses(['[]*-- =~$']), [('', '')]) - eq(utils.getaddresses( - ['foo: ;', '"Jason R. Mastaler" ']), - [('', ''), ('Jason R. Mastaler', 'jason@dom.ain')]) -+ eq(utils.getaddresses( -+ [r'Pete(A nice \) chap) ']), -+ [('Pete (A nice ) chap his account his host)', 'pete@silly.test')]) -+ eq(utils.getaddresses( -+ ['(Empty list)(start)Undisclosed recipients :(nobody(I know))']), -+ [('', '')]) -+ eq(utils.getaddresses( -+ ['Mary <@machine.tld:mary@example.net>, , jdoe@test . example']), -+ [('Mary', 'mary@example.net'), ('', ''), ('', 'jdoe@test.example')]) -+ eq(utils.getaddresses( -+ ['John Doe ']), -+ [('John Doe (comment)', 'jdoe@machine.example')]) -+ eq(utils.getaddresses( -+ ['"Mary Smith: Personal Account" ']), -+ [('Mary Smith: Personal Account', 'smith@home.example')]) -+ eq(utils.getaddresses( -+ ['Undisclosed recipients:;']), -+ [('', '')]) -+ eq(utils.getaddresses( -+ [r', "Giant; \"Big\" Box" ']), -+ [('', 'boss@nil.test'), ('Giant; "Big" Box', 'bob@example.net')]) - - def test_getaddresses_embedded_comment(self): - """Test proper handling of a nested comment""" ---- /dev/null -+++ b/Misc/NEWS.d/next/Security/2023-06-13-20-52-24.gh-issue-102988.Kei7Vf.rst -@@ -0,0 +1,4 @@ -+CVE-2023-27043: Prevent :func:`email.utils.parseaddr` -+and :func:`email.utils.getaddresses` from returning the realname portion of an -+invalid RFC2822 email header in the email address portion of the 2-tuple -+returned after being parsed by :class:`email._parseaddr.AddressList`. diff --git a/python311.changes b/python311.changes index 18a10a0..3acc706 100644 --- a/python311.changes +++ b/python311.changes @@ -1,11 +1,3 @@ -------------------------------------------------------------------- -Tue Jul 11 07:35:18 UTC 2023 - Matej Cepl - -- (bsc#1210638, CVE-2023-27043) Add - CVE-2023-27043-email-parsing-errors.patch, which detects email - address parsing errors and returns empty tuple to indicate the - parsing error (old API). - ------------------------------------------------------------------- Wed Jun 28 19:47:28 UTC 2023 - Matej Cepl diff --git a/python311.spec b/python311.spec index 733aac4..31476d4 100644 --- a/python311.spec +++ b/python311.spec @@ -163,10 +163,6 @@ Patch38: 103213-fetch-CONFIG_ARGS.patch # PATCH-FIX-UPSTREAM skip_if_buildbot-extend.patch gh#python/cpython#103053 mcepl@suse.com # Skip test_freeze_simple_script Patch39: skip_if_buildbot-extend.patch -# PATCH-FIX-UPSTREAM CVE-2023-27043-email-parsing-errors.patch bsc#1210638 mcepl@suse.com -# Detect email address parsing errors and return empty tuple to -# indicate the parsing error (old API) -Patch40: CVE-2023-27043-email-parsing-errors.patch BuildRequires: autoconf-archive BuildRequires: automake BuildRequires: fdupes @@ -427,7 +423,6 @@ other applications. %patch36 -p1 %patch38 -p1 %patch39 -p1 -%patch40 -p1 # drop Autoconf version requirement sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac -- 2.51.1 From de765fc92e6ce429f057c1728fe8f6361bf2d5584e9da36ba945201880bb7b2a Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Tue, 18 Jul 2023 15:10:43 +0000 Subject: [PATCH 056/135] Readjust patches OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=76 --- no-skipif-doctests.patch | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/no-skipif-doctests.patch b/no-skipif-doctests.patch index ee98abf..ef1af46 100644 --- a/no-skipif-doctests.patch +++ b/no-skipif-doctests.patch @@ -62,8 +62,8 @@ unchanged: .. doctest:: - :skipif: _tkinter is None - >>> tp = turtle.pos() - >>> tp + >>> tp = turtle.pos() + >>> tp @@ -380,13 +372,11 @@ Turtle motion unchanged. @@ -265,24 +265,24 @@ unchanged: .. doctest:: - :skipif: _tkinter is None - >>> colormode() - 1.0 + >>> colormode() + 1.0 @@ -966,7 +932,6 @@ Color control with the newly set fillcolor. .. doctest:: - :skipif: _tkinter is None - >>> turtle.fillcolor("violet") - >>> turtle.fillcolor() + >>> turtle.fillcolor("violet") + >>> turtle.fillcolor() @@ -1005,7 +970,6 @@ Color control with the newly set colors. .. doctest:: - :skipif: _tkinter is None - >>> turtle.color("red", "green") - >>> turtle.color() + >>> turtle.color("red", "green") + >>> turtle.color() @@ -1022,7 +986,6 @@ Filling ~~~~~~~ @@ -297,8 +297,8 @@ unchanged: .. doctest:: - :skipif: _tkinter is None - >>> turtle.begin_fill() - >>> if turtle.filling(): + >>> turtle.begin_fill() + >>> if turtle.filling(): @@ -1057,7 +1019,6 @@ Filling above may be either all yellow or have some white regions. @@ -361,8 +361,8 @@ unchanged: .. doctest:: - :skipif: _tkinter is None - >>> turtle.shape("circle") - >>> turtle.shapesize(5,2) + >>> turtle.shape("circle") + >>> turtle.shapesize(5,2) @@ -1259,7 +1213,6 @@ Appearance change the turtle's heading (direction of movement). -- 2.51.1 From 41e7e28995820d31eba660be379ea92090f26090c6908cc75ddca6e48f68c36d Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Thu, 3 Aug 2023 14:58:20 +0000 Subject: [PATCH 057/135] - Add Revert-gh105127-left-tests.patch (gh#python/cpython!106941) partially reverting CVE-2023-27043-email-parsing-errors.patch, because of the regression in gh#python/cpython#106669. - (bsc#1210638, CVE-2023-27043) Add CVE-2023-27043-email-parsing-errors.patch, which detects email address parsing errors and returns empty tuple to indicate the parsing error (old API). (The patch is faulty, gh#python/cpython#106669, but upstream decided not to just revert it). OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=77 --- CVE-2023-27043-email-parsing-errors.patch | 249 +++++++++++++++++++ Revert-gh105127-left-tests.patch | 283 ++++++++++++++++++++++ python311.changes | 13 + python311.spec | 9 + 4 files changed, 554 insertions(+) create mode 100644 CVE-2023-27043-email-parsing-errors.patch create mode 100644 Revert-gh105127-left-tests.patch diff --git a/CVE-2023-27043-email-parsing-errors.patch b/CVE-2023-27043-email-parsing-errors.patch new file mode 100644 index 0000000..7aec4a2 --- /dev/null +++ b/CVE-2023-27043-email-parsing-errors.patch @@ -0,0 +1,249 @@ +--- + Doc/library/email.utils.rst | 26 +++ + Lib/email/utils.py | 63 +++++++ + Lib/test/test_email/test_email.py | 81 +++++++++- + Misc/NEWS.d/next/Security/2023-06-13-20-52-24.gh-issue-102988.Kei7Vf.rst | 4 + 4 files changed, 164 insertions(+), 10 deletions(-) + +Index: Python-3.11.4/Doc/library/email.utils.rst +=================================================================== +--- Python-3.11.4.orig/Doc/library/email.utils.rst ++++ Python-3.11.4/Doc/library/email.utils.rst +@@ -67,6 +67,11 @@ of the new API. + *email address* parts. Returns a tuple of that information, unless the parse + fails, in which case a 2-tuple of ``('', '')`` is returned. + ++ .. versionchanged:: 3.12 ++ For security reasons, addresses that were ambiguous and could parse into ++ multiple different addresses now cause ``('', '')`` to be returned ++ instead of only one of the *potential* addresses. ++ + + .. function:: formataddr(pair, charset='utf-8') + +@@ -89,7 +94,7 @@ of the new API. + This method returns a list of 2-tuples of the form returned by ``parseaddr()``. + *fieldvalues* is a sequence of header field values as might be returned by + :meth:`Message.get_all `. Here's a simple +- example that gets all the recipients of a message:: ++ example that gets all the recipients of a message: + + from email.utils import getaddresses + +@@ -99,6 +104,25 @@ of the new API. + resent_ccs = msg.get_all('resent-cc', []) + all_recipients = getaddresses(tos + ccs + resent_tos + resent_ccs) + ++ When parsing fails for a single fieldvalue, a 2-tuple of ``('', '')`` ++ is returned in its place. Other errors in parsing the list of ++ addresses such as a fieldvalue seemingly parsing into multiple ++ addresses may result in a list containing a single empty 2-tuple ++ ``[('', '')]`` being returned rather than returning potentially ++ invalid output. ++ ++ Example malformed input parsing: ++ ++ .. doctest:: ++ ++ >>> from email.utils import getaddresses ++ >>> getaddresses(['alice@example.com ', 'me@example.com']) ++ [('', '')] ++ ++ .. versionchanged:: 3.12 ++ The 2-tuple of ``('', '')`` in the returned values when parsing ++ fails were added as to address a security issue. ++ + + .. function:: parsedate(date) + +Index: Python-3.11.4/Lib/email/utils.py +=================================================================== +--- Python-3.11.4.orig/Lib/email/utils.py ++++ Python-3.11.4/Lib/email/utils.py +@@ -106,12 +106,54 @@ def formataddr(pair, charset='utf-8'): + return address + + ++def _pre_parse_validation(email_header_fields): ++ accepted_values = [] ++ for v in email_header_fields: ++ s = v.replace('\\(', '').replace('\\)', '') ++ if s.count('(') != s.count(')'): ++ v = "('', '')" ++ accepted_values.append(v) ++ ++ return accepted_values ++ ++ ++def _post_parse_validation(parsed_email_header_tuples): ++ accepted_values = [] ++ # The parser would have parsed a correctly formatted domain-literal ++ # The existence of an [ after parsing indicates a parsing failure ++ for v in parsed_email_header_tuples: ++ if '[' in v[1]: ++ v = ('', '') ++ accepted_values.append(v) ++ ++ return accepted_values ++ + + def getaddresses(fieldvalues): +- """Return a list of (REALNAME, EMAIL) for each fieldvalue.""" +- all = COMMASPACE.join(str(v) for v in fieldvalues) ++ """Return a list of (REALNAME, EMAIL) or ('','') for each fieldvalue. ++ ++ When parsing fails for a fieldvalue, a 2-tuple of ('', '') is returned in ++ its place. ++ ++ If the resulting list of parsed address is not the same as the number of ++ fieldvalues in the input list a parsing error has occurred. A list ++ containing a single empty 2-tuple [('', '')] is returned in its place. ++ This is done to avoid invalid output. ++ """ ++ fieldvalues = [str(v) for v in fieldvalues] ++ fieldvalues = _pre_parse_validation(fieldvalues) ++ all = COMMASPACE.join(v for v in fieldvalues) + a = _AddressList(all) +- return a.addresslist ++ result = _post_parse_validation(a.addresslist) ++ ++ n = 0 ++ for v in fieldvalues: ++ n += v.count(',') + 1 ++ ++ if len(result) != n: ++ return [('', '')] ++ ++ return result + + + def _format_timetuple_and_zone(timetuple, zone): +@@ -212,9 +254,18 @@ def parseaddr(addr): + Return a tuple of realname and email address, unless the parse fails, in + which case return a 2-tuple of ('', ''). + """ +- addrs = _AddressList(addr).addresslist +- if not addrs: +- return '', '' ++ if isinstance(addr, list): ++ addr = addr[0] ++ ++ if not isinstance(addr, str): ++ return ('', '') ++ ++ addr = _pre_parse_validation([addr])[0] ++ addrs = _post_parse_validation(_AddressList(addr).addresslist) ++ ++ if not addrs or len(addrs) > 1: ++ return ('', '') ++ + return addrs[0] + + +Index: Python-3.11.4/Lib/test/test_email/test_email.py +=================================================================== +--- Python-3.11.4.orig/Lib/test/test_email/test_email.py ++++ Python-3.11.4/Lib/test/test_email/test_email.py +@@ -3320,15 +3320,90 @@ Foo + [('Al Person', 'aperson@dom.ain'), + ('Bud Person', 'bperson@dom.ain')]) + ++ def test_getaddresses_parsing_errors(self): ++ """Test for parsing errors from CVE-2023-27043""" ++ eq = self.assertEqual ++ eq(utils.getaddresses(['alice@example.org(']), ++ [('', '')]) ++ eq(utils.getaddresses(['alice@example.org)']), ++ [('', '')]) ++ eq(utils.getaddresses(['alice@example.org<']), ++ [('', '')]) ++ eq(utils.getaddresses(['alice@example.org>']), ++ [('', '')]) ++ eq(utils.getaddresses(['alice@example.org@']), ++ [('', '')]) ++ eq(utils.getaddresses(['alice@example.org,']), ++ [('', 'alice@example.org'), ('', 'bob@example.com')]) ++ eq(utils.getaddresses(['alice@example.org;']), ++ [('', '')]) ++ eq(utils.getaddresses(['alice@example.org:']), ++ [('', '')]) ++ eq(utils.getaddresses(['alice@example.org.']), ++ [('', '')]) ++ eq(utils.getaddresses(['alice@example.org"']), ++ [('', '')]) ++ eq(utils.getaddresses(['alice@example.org[']), ++ [('', '')]) ++ eq(utils.getaddresses(['alice@example.org]']), ++ [('', '')]) ++ ++ def test_parseaddr_parsing_errors(self): ++ """Test for parsing errors from CVE-2023-27043""" ++ eq = self.assertEqual ++ eq(utils.parseaddr(['alice@example.org(']), ++ ('', '')) ++ eq(utils.parseaddr(['alice@example.org)']), ++ ('', '')) ++ eq(utils.parseaddr(['alice@example.org<']), ++ ('', '')) ++ eq(utils.parseaddr(['alice@example.org>']), ++ ('', '')) ++ eq(utils.parseaddr(['alice@example.org@']), ++ ('', '')) ++ eq(utils.parseaddr(['alice@example.org,']), ++ ('', '')) ++ eq(utils.parseaddr(['alice@example.org;']), ++ ('', '')) ++ eq(utils.parseaddr(['alice@example.org:']), ++ ('', '')) ++ eq(utils.parseaddr(['alice@example.org.']), ++ ('', '')) ++ eq(utils.parseaddr(['alice@example.org"']), ++ ('', '')) ++ eq(utils.parseaddr(['alice@example.org[']), ++ ('', '')) ++ eq(utils.parseaddr(['alice@example.org]']), ++ ('', '')) ++ + def test_getaddresses_nasty(self): + eq = self.assertEqual + eq(utils.getaddresses(['foo: ;']), [('', '')]) +- eq(utils.getaddresses( +- ['[]*-- =~$']), +- [('', ''), ('', ''), ('', '*--')]) ++ eq(utils.getaddresses(['[]*-- =~$']), [('', '')]) + eq(utils.getaddresses( + ['foo: ;', '"Jason R. Mastaler" ']), + [('', ''), ('Jason R. Mastaler', 'jason@dom.ain')]) ++ eq(utils.getaddresses( ++ [r'Pete(A nice \) chap) ']), ++ [('Pete (A nice ) chap his account his host)', 'pete@silly.test')]) ++ eq(utils.getaddresses( ++ ['(Empty list)(start)Undisclosed recipients :(nobody(I know))']), ++ [('', '')]) ++ eq(utils.getaddresses( ++ ['Mary <@machine.tld:mary@example.net>, , jdoe@test . example']), ++ [('Mary', 'mary@example.net'), ('', ''), ('', 'jdoe@test.example')]) ++ eq(utils.getaddresses( ++ ['John Doe ']), ++ [('John Doe (comment)', 'jdoe@machine.example')]) ++ eq(utils.getaddresses( ++ ['"Mary Smith: Personal Account" ']), ++ [('Mary Smith: Personal Account', 'smith@home.example')]) ++ eq(utils.getaddresses( ++ ['Undisclosed recipients:;']), ++ [('', '')]) ++ eq(utils.getaddresses( ++ [r', "Giant; \"Big\" Box" ']), ++ [('', 'boss@nil.test'), ('Giant; "Big" Box', 'bob@example.net')]) + + def test_getaddresses_embedded_comment(self): + """Test proper handling of a nested comment""" +Index: Python-3.11.4/Misc/NEWS.d/next/Security/2023-06-13-20-52-24.gh-issue-102988.Kei7Vf.rst +=================================================================== +--- /dev/null ++++ Python-3.11.4/Misc/NEWS.d/next/Security/2023-06-13-20-52-24.gh-issue-102988.Kei7Vf.rst +@@ -0,0 +1,4 @@ ++CVE-2023-27043: Prevent :func:`email.utils.parseaddr` ++and :func:`email.utils.getaddresses` from returning the realname portion of an ++invalid RFC2822 email header in the email address portion of the 2-tuple ++returned after being parsed by :class:`email._parseaddr.AddressList`. diff --git a/Revert-gh105127-left-tests.patch b/Revert-gh105127-left-tests.patch new file mode 100644 index 0000000..87ce40a --- /dev/null +++ b/Revert-gh105127-left-tests.patch @@ -0,0 +1,283 @@ +From 4288c623d62cf90d8e4444facb3379fb06d01140 Mon Sep 17 00:00:00 2001 +From: "Gregory P. Smith" +Date: Thu, 20 Jul 2023 20:30:52 -0700 +Subject: [PATCH] [3.12] gh-106669: Revert "gh-102988: Detect email address + parsing errors ... (GH-105127)" (GH-106733) + +This reverts commit 18dfbd035775c15533d13a98e56b1d2bf5c65f00. +Adds a regression test from the issue. + +See https://github.com/python/cpython/issues/106669.. +(cherry picked from commit a31dea1feb61793e48fa9aa5014f358352205c1d) + +Co-authored-by: Gregory P. Smith +--- + Doc/library/email.utils.rst | 26 -- + Lib/email/utils.py | 63 ------ + Lib/test/test_email/test_email.py | 96 +--------- + Misc/NEWS.d/next/Security/2023-06-13-20-52-24.gh-issue-102988.Kei7Vf.rst | 5 + 4 files changed, 31 insertions(+), 159 deletions(-) + create mode 100644 Misc/NEWS.d/next/Security/2023-06-13-20-52-24.gh-issue-102988.Kei7Vf.rst + +Index: Python-3.11.4/Doc/library/email.utils.rst +=================================================================== +--- Python-3.11.4.orig/Doc/library/email.utils.rst ++++ Python-3.11.4/Doc/library/email.utils.rst +@@ -67,11 +67,6 @@ of the new API. + *email address* parts. Returns a tuple of that information, unless the parse + fails, in which case a 2-tuple of ``('', '')`` is returned. + +- .. versionchanged:: 3.12 +- For security reasons, addresses that were ambiguous and could parse into +- multiple different addresses now cause ``('', '')`` to be returned +- instead of only one of the *potential* addresses. +- + + .. function:: formataddr(pair, charset='utf-8') + +@@ -94,7 +89,7 @@ of the new API. + This method returns a list of 2-tuples of the form returned by ``parseaddr()``. + *fieldvalues* is a sequence of header field values as might be returned by + :meth:`Message.get_all `. Here's a simple +- example that gets all the recipients of a message: ++ example that gets all the recipients of a message:: + + from email.utils import getaddresses + +@@ -104,25 +99,6 @@ of the new API. + resent_ccs = msg.get_all('resent-cc', []) + all_recipients = getaddresses(tos + ccs + resent_tos + resent_ccs) + +- When parsing fails for a single fieldvalue, a 2-tuple of ``('', '')`` +- is returned in its place. Other errors in parsing the list of +- addresses such as a fieldvalue seemingly parsing into multiple +- addresses may result in a list containing a single empty 2-tuple +- ``[('', '')]`` being returned rather than returning potentially +- invalid output. +- +- Example malformed input parsing: +- +- .. doctest:: +- +- >>> from email.utils import getaddresses +- >>> getaddresses(['alice@example.com ', 'me@example.com']) +- [('', '')] +- +- .. versionchanged:: 3.12 +- The 2-tuple of ``('', '')`` in the returned values when parsing +- fails were added as to address a security issue. +- + + .. function:: parsedate(date) + +Index: Python-3.11.4/Lib/email/utils.py +=================================================================== +--- Python-3.11.4.orig/Lib/email/utils.py ++++ Python-3.11.4/Lib/email/utils.py +@@ -106,54 +106,12 @@ def formataddr(pair, charset='utf-8'): + return address + + +-def _pre_parse_validation(email_header_fields): +- accepted_values = [] +- for v in email_header_fields: +- s = v.replace('\\(', '').replace('\\)', '') +- if s.count('(') != s.count(')'): +- v = "('', '')" +- accepted_values.append(v) +- +- return accepted_values +- +- +-def _post_parse_validation(parsed_email_header_tuples): +- accepted_values = [] +- # The parser would have parsed a correctly formatted domain-literal +- # The existence of an [ after parsing indicates a parsing failure +- for v in parsed_email_header_tuples: +- if '[' in v[1]: +- v = ('', '') +- accepted_values.append(v) +- +- return accepted_values +- + + def getaddresses(fieldvalues): +- """Return a list of (REALNAME, EMAIL) or ('','') for each fieldvalue. +- +- When parsing fails for a fieldvalue, a 2-tuple of ('', '') is returned in +- its place. +- +- If the resulting list of parsed address is not the same as the number of +- fieldvalues in the input list a parsing error has occurred. A list +- containing a single empty 2-tuple [('', '')] is returned in its place. +- This is done to avoid invalid output. +- """ +- fieldvalues = [str(v) for v in fieldvalues] +- fieldvalues = _pre_parse_validation(fieldvalues) +- all = COMMASPACE.join(v for v in fieldvalues) ++ """Return a list of (REALNAME, EMAIL) for each fieldvalue.""" ++ all = COMMASPACE.join(str(v) for v in fieldvalues) + a = _AddressList(all) +- result = _post_parse_validation(a.addresslist) +- +- n = 0 +- for v in fieldvalues: +- n += v.count(',') + 1 +- +- if len(result) != n: +- return [('', '')] +- +- return result ++ return a.addresslist + + + def _format_timetuple_and_zone(timetuple, zone): +@@ -254,18 +212,9 @@ def parseaddr(addr): + Return a tuple of realname and email address, unless the parse fails, in + which case return a 2-tuple of ('', ''). + """ +- if isinstance(addr, list): +- addr = addr[0] +- +- if not isinstance(addr, str): +- return ('', '') +- +- addr = _pre_parse_validation([addr])[0] +- addrs = _post_parse_validation(_AddressList(addr).addresslist) +- +- if not addrs or len(addrs) > 1: +- return ('', '') +- ++ addrs = _AddressList(addr).addresslist ++ if not addrs: ++ return '', '' + return addrs[0] + + +Index: Python-3.11.4/Lib/test/test_email/test_email.py +=================================================================== +--- Python-3.11.4.orig/Lib/test/test_email/test_email.py ++++ Python-3.11.4/Lib/test/test_email/test_email.py +@@ -3320,90 +3320,32 @@ Foo + [('Al Person', 'aperson@dom.ain'), + ('Bud Person', 'bperson@dom.ain')]) + +- def test_getaddresses_parsing_errors(self): +- """Test for parsing errors from CVE-2023-27043""" +- eq = self.assertEqual +- eq(utils.getaddresses(['alice@example.org(']), +- [('', '')]) +- eq(utils.getaddresses(['alice@example.org)']), +- [('', '')]) +- eq(utils.getaddresses(['alice@example.org<']), +- [('', '')]) +- eq(utils.getaddresses(['alice@example.org>']), +- [('', '')]) +- eq(utils.getaddresses(['alice@example.org@']), +- [('', '')]) +- eq(utils.getaddresses(['alice@example.org,']), +- [('', 'alice@example.org'), ('', 'bob@example.com')]) +- eq(utils.getaddresses(['alice@example.org;']), +- [('', '')]) +- eq(utils.getaddresses(['alice@example.org:']), +- [('', '')]) +- eq(utils.getaddresses(['alice@example.org.']), +- [('', '')]) +- eq(utils.getaddresses(['alice@example.org"']), +- [('', '')]) +- eq(utils.getaddresses(['alice@example.org[']), +- [('', '')]) +- eq(utils.getaddresses(['alice@example.org]']), +- [('', '')]) +- +- def test_parseaddr_parsing_errors(self): +- """Test for parsing errors from CVE-2023-27043""" +- eq = self.assertEqual +- eq(utils.parseaddr(['alice@example.org(']), +- ('', '')) +- eq(utils.parseaddr(['alice@example.org)']), +- ('', '')) +- eq(utils.parseaddr(['alice@example.org<']), +- ('', '')) +- eq(utils.parseaddr(['alice@example.org>']), +- ('', '')) +- eq(utils.parseaddr(['alice@example.org@']), +- ('', '')) +- eq(utils.parseaddr(['alice@example.org,']), +- ('', '')) +- eq(utils.parseaddr(['alice@example.org;']), +- ('', '')) +- eq(utils.parseaddr(['alice@example.org:']), +- ('', '')) +- eq(utils.parseaddr(['alice@example.org.']), +- ('', '')) +- eq(utils.parseaddr(['alice@example.org"']), +- ('', '')) +- eq(utils.parseaddr(['alice@example.org[']), +- ('', '')) +- eq(utils.parseaddr(['alice@example.org]']), +- ('', '')) ++ def test_getaddresses_comma_in_name(self): ++ """GH-106669 regression test.""" ++ self.assertEqual( ++ utils.getaddresses( ++ [ ++ '"Bud, Person" ', ++ 'aperson@dom.ain (Al Person)', ++ '"Mariusz Felisiak" ', ++ ] ++ ), ++ [ ++ ('Bud, Person', 'bperson@dom.ain'), ++ ('Al Person', 'aperson@dom.ain'), ++ ('Mariusz Felisiak', 'to@example.com'), ++ ], ++ ) + + def test_getaddresses_nasty(self): + eq = self.assertEqual + eq(utils.getaddresses(['foo: ;']), [('', '')]) +- eq(utils.getaddresses(['[]*-- =~$']), [('', '')]) ++ eq(utils.getaddresses( ++ ['[]*-- =~$']), ++ [('', ''), ('', ''), ('', '*--')]) + eq(utils.getaddresses( + ['foo: ;', '"Jason R. Mastaler" ']), + [('', ''), ('Jason R. Mastaler', 'jason@dom.ain')]) +- eq(utils.getaddresses( +- [r'Pete(A nice \) chap) ']), +- [('Pete (A nice ) chap his account his host)', 'pete@silly.test')]) +- eq(utils.getaddresses( +- ['(Empty list)(start)Undisclosed recipients :(nobody(I know))']), +- [('', '')]) +- eq(utils.getaddresses( +- ['Mary <@machine.tld:mary@example.net>, , jdoe@test . example']), +- [('Mary', 'mary@example.net'), ('', ''), ('', 'jdoe@test.example')]) +- eq(utils.getaddresses( +- ['John Doe ']), +- [('John Doe (comment)', 'jdoe@machine.example')]) +- eq(utils.getaddresses( +- ['"Mary Smith: Personal Account" ']), +- [('Mary Smith: Personal Account', 'smith@home.example')]) +- eq(utils.getaddresses( +- ['Undisclosed recipients:;']), +- [('', '')]) +- eq(utils.getaddresses( +- [r', "Giant; \"Big\" Box" ']), +- [('', 'boss@nil.test'), ('Giant; "Big" Box', 'bob@example.net')]) + + def test_getaddresses_embedded_comment(self): + """Test proper handling of a nested comment""" +Index: Python-3.11.4/Misc/NEWS.d/next/Security/2023-06-13-20-52-24.gh-issue-102988.Kei7Vf.rst +=================================================================== +--- Python-3.11.4.orig/Misc/NEWS.d/next/Security/2023-06-13-20-52-24.gh-issue-102988.Kei7Vf.rst ++++ Python-3.11.4/Misc/NEWS.d/next/Security/2023-06-13-20-52-24.gh-issue-102988.Kei7Vf.rst +@@ -1,3 +1,8 @@ ++Reverted the :mod:`email.utils` security improvement change released in ++3.12beta4 that unintentionally caused :mod:`email.utils.getaddresses` to fail ++to parse email addresses with a comma in the quoted name field. ++See :gh:`106669`. ++ + CVE-2023-27043: Prevent :func:`email.utils.parseaddr` + and :func:`email.utils.getaddresses` from returning the realname portion of an + invalid RFC2822 email header in the email address portion of the 2-tuple diff --git a/python311.changes b/python311.changes index 3acc706..adad6f1 100644 --- a/python311.changes +++ b/python311.changes @@ -1,3 +1,16 @@ +------------------------------------------------------------------- +Thu Aug 3 14:53:38 UTC 2023 - Matej Cepl + +- Add Revert-gh105127-left-tests.patch (gh#python/cpython!106941) + partially reverting CVE-2023-27043-email-parsing-errors.patch, + because of the regression in gh#python/cpython#106669. +- (bsc#1210638, CVE-2023-27043) Add + CVE-2023-27043-email-parsing-errors.patch, which detects email + address parsing errors and returns empty tuple to indicate the + parsing error (old API). (The patch is faulty, + gh#python/cpython#106669, but upstream decided not to just + revert it). + ------------------------------------------------------------------- Wed Jun 28 19:47:28 UTC 2023 - Matej Cepl diff --git a/python311.spec b/python311.spec index 31476d4..4d159a7 100644 --- a/python311.spec +++ b/python311.spec @@ -163,6 +163,13 @@ Patch38: 103213-fetch-CONFIG_ARGS.patch # PATCH-FIX-UPSTREAM skip_if_buildbot-extend.patch gh#python/cpython#103053 mcepl@suse.com # Skip test_freeze_simple_script Patch39: skip_if_buildbot-extend.patch +# PATCH-FIX-UPSTREAM CVE-2023-27043-email-parsing-errors.patch bsc#1210638 mcepl@suse.com +# Detect email address parsing errors and return empty tuple to +# indicate the parsing error (old API) +Patch40: CVE-2023-27043-email-parsing-errors.patch +# PATCH-FIX-UPSTREAM Revert-gh105127-left-tests.patch bsc#1210638 mcepl@suse.com +# Partially revert previous patch +Patch41: Revert-gh105127-left-tests.patch BuildRequires: autoconf-archive BuildRequires: automake BuildRequires: fdupes @@ -423,6 +430,8 @@ other applications. %patch36 -p1 %patch38 -p1 %patch39 -p1 +%patch40 -p1 +%patch41 -p1 # drop Autoconf version requirement sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac -- 2.51.1 From eb7790f0a764bc9301458e97b719d88e583717719d5f80574f3cffb0d5250e2a Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Thu, 3 Aug 2023 15:27:34 +0000 Subject: [PATCH 058/135] - IT MEANS THAT bsc#1210638 STILL HAS NOT BEEN FIXED! OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=78 --- python311.changes | 1 + 1 file changed, 1 insertion(+) diff --git a/python311.changes b/python311.changes index adad6f1..5f0ac28 100644 --- a/python311.changes +++ b/python311.changes @@ -1,6 +1,7 @@ ------------------------------------------------------------------- Thu Aug 3 14:53:38 UTC 2023 - Matej Cepl +- IT MEANS THAT bsc#1210638 STILL HAS NOT BEEN FIXED! - Add Revert-gh105127-left-tests.patch (gh#python/cpython!106941) partially reverting CVE-2023-27043-email-parsing-errors.patch, because of the regression in gh#python/cpython#106669. -- 2.51.1 From 6abedd09874b4c9db867405d63c0877b7db6c6ead32b8690f9d8c527fc1fc537 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Mon, 7 Aug 2023 14:46:39 +0000 Subject: [PATCH 059/135] Accepting request 1102676 from home:dirkmueller:Factory - add externally_managed.in to label this build as PEP-668 managed OBS-URL: https://build.opensuse.org/request/show/1102676 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=80 --- externally_managed.in | 12 ++++++++++++ python311.changes | 5 +++++ python311.spec | 6 ++++++ 3 files changed, 23 insertions(+) create mode 100644 externally_managed.in diff --git a/externally_managed.in b/externally_managed.in new file mode 100644 index 0000000..54606b6 --- /dev/null +++ b/externally_managed.in @@ -0,0 +1,12 @@ +[externally-managed] +Error=To install Python packages system-wide, try + zypper install __PYTHONPREFIX__-xyz, where xyz is the package + you are trying to install. + + If you wish to install a non-rpm packaged Python package, + create a virtual environment using __PYTHON__ -m venv path/to/venv. + Then use path/to/venv/bin/python and path/to/venv/bin/pip. + + If you wish to install a non-rpm packaged Python application, + it may be easiest to use `pipx install xyz`, which will manage a + virtual environment for you. Install pipx via `zypper install __PYTHONPREFIX__-pipx` . diff --git a/python311.changes b/python311.changes index 5f0ac28..63ff2d5 100644 --- a/python311.changes +++ b/python311.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Fri Aug 4 06:37:41 UTC 2023 - Dirk Müller + +- add externally_managed.in to label this build as PEP-668 managed + ------------------------------------------------------------------- Thu Aug 3 14:53:38 UTC 2023 - Matej Cepl diff --git a/python311.spec b/python311.spec index 4d159a7..09aacfe 100644 --- a/python311.spec +++ b/python311.spec @@ -103,6 +103,7 @@ Source0: https://www.python.org/ftp/python/%{folderversion}/%{tarname}.ta Source1: https://www.python.org/ftp/python/%{folderversion}/%{tarname}.tar.xz.asc Source2: baselibs.conf Source3: README.SUSE +Source4: externally_managed.in Source7: macros.python3 Source8: import_failed.py Source9: import_failed.map @@ -710,6 +711,9 @@ rm %{buildroot}%{_libdir}/libpython3.so rm %{buildroot}%{_libdir}/pkgconfig/{python3,python3-embed}.pc %endif +# PEP-0668 mark this as a distro maintained python +sed -e 's,__PYTHONPREFIX__,%{python_pkg_name},' -e 's,__PYTHON__,python%{python_version},' < %{SOURCE4} > %{buildroot}%{sitedir}/EXTERNALLY-MANAGED + # link shared library instead of static library that tools expect ln -s ../../libpython%{python_abi}.so %{buildroot}%{_libdir}/python%{python_version}/config-%{python_abi}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}/libpython%{python_abi}.so @@ -906,6 +910,8 @@ echo %{sitedir}/_import_failed > %{buildroot}/%{sitedir}/site-packages/zzzz-impo %{_mandir}/man1/python3.1%{?ext_man} %endif %{_mandir}/man1/python%{python_version}.1%{?ext_man} +# PEP-0668 +%{sitedir}/EXTERNALLY-MANAGED # license text, not a doc because the code can use it at run-time %{sitedir}/LICENSE.txt # RPM macros -- 2.51.1 From f665ac48fe8dd2603ce8ddf99c5498399292334bac99cebf49ecd04669ae9f39 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Thu, 10 Aug 2023 13:22:02 +0000 Subject: [PATCH 060/135] Accepting request 1103305 from home:dirkmueller:Factory - restrict PEP668 to ALP/Tumbleweed OBS-URL: https://build.opensuse.org/request/show/1103305 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=81 --- python311.changes | 5 +++++ python311.spec | 4 ++++ 2 files changed, 9 insertions(+) diff --git a/python311.changes b/python311.changes index 63ff2d5..de1b948 100644 --- a/python311.changes +++ b/python311.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Thu Aug 10 09:33:26 UTC 2023 - Dirk Müller + +- restrict PEP668 to ALP/Tumbleweed + ------------------------------------------------------------------- Fri Aug 4 06:37:41 UTC 2023 - Dirk Müller diff --git a/python311.spec b/python311.spec index 09aacfe..cf486f6 100644 --- a/python311.spec +++ b/python311.spec @@ -711,8 +711,10 @@ rm %{buildroot}%{_libdir}/libpython3.so rm %{buildroot}%{_libdir}/pkgconfig/{python3,python3-embed}.pc %endif +%if %{suse_version} > 1550 # PEP-0668 mark this as a distro maintained python sed -e 's,__PYTHONPREFIX__,%{python_pkg_name},' -e 's,__PYTHON__,python%{python_version},' < %{SOURCE4} > %{buildroot}%{sitedir}/EXTERNALLY-MANAGED +%endif # link shared library instead of static library that tools expect ln -s ../../libpython%{python_abi}.so %{buildroot}%{_libdir}/python%{python_version}/config-%{python_abi}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}/libpython%{python_abi}.so @@ -910,8 +912,10 @@ echo %{sitedir}/_import_failed > %{buildroot}/%{sitedir}/site-packages/zzzz-impo %{_mandir}/man1/python3.1%{?ext_man} %endif %{_mandir}/man1/python%{python_version}.1%{?ext_man} +%if %{suse_version} > 1550 # PEP-0668 %{sitedir}/EXTERNALLY-MANAGED +%endif # license text, not a doc because the code can use it at run-time %{sitedir}/LICENSE.txt # RPM macros -- 2.51.1 From 55316ef9e1e92dc5d81676dbfd104980faa014f9a095d3f5294da05f4e9d7afa Mon Sep 17 00:00:00 2001 From: Daniel Garcia Date: Wed, 6 Sep 2023 07:58:19 +0000 Subject: [PATCH 061/135] - Update to 3.11.5 (bsc#1214692): - Security - gh-108310: Fixed an issue where instances of ssl.SSLSocket were vulnerable to a bypass of the TLS handshake and included protections (like certificate verification) and treating sent unencrypted data as if it were post-handshake TLS encrypted data. Security issue reported as CVE-2023-40217 by Aapo Oksman. Patch by Gregory P. Smith. - Core and Builtins - gh-104432: Fix potential unaligned memory access on C APIs involving returned sequences of char * pointers within the grp and socket modules. These were revealed using a -fsaniziter=alignment build on ARM macOS. Patch by Christopher Chavez. - gh-77377: Ensure that multiprocessing synchronization objects created in a fork context are not sent to a different process created in a spawn context. This changes a segfault into an actionable RuntimeError in the parent process. - gh-106092: Fix a segmentation fault caused by a use-after-free bug in frame_dealloc when the trashcan delays the deallocation of a PyFrameObject. - gh-106719: No longer suppress arbitrary errors in the __annotations__ getter and setter in the type and module types. - gh-106723: Propagate frozen_modules to multiprocessing spawned process interpreters. - gh-105979: Fix crash in _imp.get_frozen_object() due to improper exception handling. - gh-105840: Fix possible crashes when specializing function calls with too many __defaults__. - gh-105588: Fix an issue that could result in crashes when OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=83 --- Python-3.11.4.tar.xz | 3 - Python-3.11.4.tar.xz.asc | 16 --- Python-3.11.5.tar.xz | 3 + Python-3.11.5.tar.xz.asc | 16 +++ python311.changes | 228 +++++++++++++++++++++++++++++++++++++++ python311.spec | 2 +- 6 files changed, 248 insertions(+), 20 deletions(-) delete mode 100644 Python-3.11.4.tar.xz delete mode 100644 Python-3.11.4.tar.xz.asc create mode 100644 Python-3.11.5.tar.xz create mode 100644 Python-3.11.5.tar.xz.asc diff --git a/Python-3.11.4.tar.xz b/Python-3.11.4.tar.xz deleted file mode 100644 index 74ec0ef..0000000 --- a/Python-3.11.4.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:2f0e409df2ab57aa9fc4cbddfb976af44e4e55bf6f619eee6bc5c2297264a7f6 -size 19954828 diff --git a/Python-3.11.4.tar.xz.asc b/Python-3.11.4.tar.xz.asc deleted file mode 100644 index b95003c..0000000 --- a/Python-3.11.4.tar.xz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCAAdFiEEz9yiRbEEPPKl+Xhl/+h0BBaL2EcFAmR/sHIACgkQ/+h0BBaL -2EfQDQ//eFWvcQ5ijhVd3r5lp7NTNUPK6xKR2iqzpNWlN2Z4QkGJ2+IworBaZoGA -tzmbT0j0LB9ZQ+ba3xnqXGXD8Ky+fHLg8GV5yshPlH/bD7tPuHtfDRxNcWplEVSS -MbMuLjAYavTIHhYEz/Rpx4jvZTI5lwplVqj9WxNI/8tNrL5M2bsCtv+IB6brohiw -rUOUlT/KDkZbrGfB1Fe033Ep8hay5MkKjhgr7O1dU7zMuDRG+HRsCYGs7a5x6KhH -3QNTEp+GEIAKEsip5nR7vl5KqL02lHa5sf36SV2wjRTwO+IhgV7lvtJEwOD12oE5 -c+TCQMFbmBXg2vVmNBN/Lwftw1SwT/+orFX6V4U93jq6QNUo4GvPqum6YzuayGYc -/JM4MNziqmfdNW2YjEHPPfzti3f40eTapys97YufOrmYjM2NY0Fs+kAErvyxiWqi -guVQtaZIYeLl/9KWqQ0F/Apy1N+fVDuWBkZlizwHrUsGips4Rp7Bh/iCrDdOj+1D -gRCio7+KvdtzHavZPZnU5dcpUiXZgsDzOTI138IyYaEtVUS59ELkA2qxI1yCb5mk -eLVG1L7r/J2tIaTcguQppp5Z+62UDTArlUbnRxda0buzA2r1aFiQCTMwp+kTRegw -T9Ht/CT/D4vpMdmSQTun9MkKifcK+2uGfSsS7Lz4fSWjQLqg36k= -=zSfJ ------END PGP SIGNATURE----- diff --git a/Python-3.11.5.tar.xz b/Python-3.11.5.tar.xz new file mode 100644 index 0000000..24794b2 --- /dev/null +++ b/Python-3.11.5.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:85cd12e9cf1d6d5a45f17f7afe1cebe7ee628d3282281c492e86adf636defa3f +size 20053580 diff --git a/Python-3.11.5.tar.xz.asc b/Python-3.11.5.tar.xz.asc new file mode 100644 index 0000000..d72003b --- /dev/null +++ b/Python-3.11.5.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEz9yiRbEEPPKl+Xhl/+h0BBaL2EcFAmTnS9sACgkQ/+h0BBaL +2EeG8g//Q6EC79SSFl4BPb064d8X1q8agfLN+D07N6ULsaOL1baOClLbMxiCgquQ +R1CVzEXc0osL25Xw/7rTIBO0tCSS2yNcQ3GMuetBO4wfofDvs9V2ydaVQdrIHEQm +OTOveioF9TOaQ/zozi9Hecl4RY289kCD64sWNkwPYBJzO9KQD/UGRS/b5a4CGKyP +GSQEFdfevYsuLxLtwNh1z8af1LKRGhuWoZOBhDgpz4foH4EQdz80sssXzm2vG3tS +hAeniPphjZyRfl8kC1C86M/hH08S3h4bf/LF/OQ0OYUrwOquqOsLlz03XzJ+COGK +nBa/CGsFrxeby2oI/XF8YZrFzt9LKyWYc2p+AIU+u2EnYwOmAkrE4QaczqOV8ldD +UvfZLTeMVG/Q6JGkNS/OyM3SZoVKDdGJlg5yVAQtbQjdsB5QjVDcysLhhZ+qnuJv +pnQ6anbbX5r4X4ji/2Uar5cwO/jf7QenTKLtgGY67Q2oRE20w6F5rbYHEdO4a4MM +OkI/0pUaU5MGRJfowwtcD5AbWPKo1XXqw2UY8p+biEaVQOj+kWhoB8YA5Qz1utHJ +GiPP69oDIjfn3sPMxB/C1pBdB/m3i8za58b+G3aYtAWWP1q0abaHqPusACotvxPp +3IvB3ryLlTyUYqqTiDp9wgYh2Nr+a9b6i6yW0ptcdycnzDWC1/E= +=Lzjg +-----END PGP SIGNATURE----- diff --git a/python311.changes b/python311.changes index de1b948..671941b 100644 --- a/python311.changes +++ b/python311.changes @@ -1,3 +1,231 @@ +------------------------------------------------------------------- +Wed Sep 6 07:52:11 UTC 2023 - Daniel Garcia + +- Update to 3.11.5 (bsc#1214692): + - Security + - gh-108310: Fixed an issue where instances of ssl.SSLSocket were + vulnerable to a bypass of the TLS handshake and included + protections (like certificate verification) and treating sent + unencrypted data as if it were post-handshake TLS encrypted data. + Security issue reported as CVE-2023-40217 by Aapo Oksman. Patch by + Gregory P. Smith. + - Core and Builtins + - gh-104432: Fix potential unaligned memory access on C APIs + involving returned sequences of char * pointers within the grp + and socket modules. These were revealed using a + -fsaniziter=alignment build on ARM macOS. Patch by Christopher + Chavez. + - gh-77377: Ensure that multiprocessing synchronization objects + created in a fork context are not sent to a different process + created in a spawn context. This changes a segfault into an + actionable RuntimeError in the parent process. + - gh-106092: Fix a segmentation fault caused by a use-after-free + bug in frame_dealloc when the trashcan delays the deallocation + of a PyFrameObject. + - gh-106719: No longer suppress arbitrary errors in the + __annotations__ getter and setter in the type and module types. + - gh-106723: Propagate frozen_modules to multiprocessing spawned + process interpreters. + - gh-105979: Fix crash in _imp.get_frozen_object() due to improper + exception handling. + - gh-105840: Fix possible crashes when specializing function calls + with too many __defaults__. + - gh-105588: Fix an issue that could result in crashes when + compiling malformed ast nodes. + - gh-105375: Fix bugs in the builtins module where exceptions + could end up being overwritten. + - gh-105375: Fix bug in the compiler where an exception could end + up being overwritten. + - gh-105375: Improve error handling in + PyUnicode_BuildEncodingMap() where an exception could end up + being overwritten. + - gh-105235: Prevent out-of-bounds memory access during + mmap.find() calls. + - gh-101006: Improve error handling when read marshal data. + - Library + - gh-105736: Harmonized the pure Python version of OrderedDict + with the C version. Now, both versions set up their internal + state in __new__. Formerly, the pure Python version did the set + up in __init__. + - gh-107963: Fix multiprocessing.set_forkserver_preload() to check + the given list of modules names. Patch by Dong-hee Na. + - gh-106242: Fixes os.path.normpath() to handle embedded null + characters without truncating the path. + - gh-107845: tarfile.data_filter() now takes the location of + symlinks into account when determining their target, so it will + no longer reject some valid tarballs with + LinkOutsideDestinationError. + - gh-107715: Fix doctest.DocTestFinder.find() in presence of class + names with special characters. Patch by Gertjan van Zwieten. + - gh-100814: Passing a callable object as an option value to a + Tkinter image now raises the expected TclError instead of an + AttributeError. + - gh-106684: Close asyncio.StreamWriter when it is not closed by + application leading to memory leaks. Patch by Kumar Aditya. + - gh-107077: Seems that in some conditions, OpenSSL will return + SSL_ERROR_SYSCALL instead of SSL_ERROR_SSL when a certification + verification has failed, but the error parameters will still + contain ERR_LIB_SSL and SSL_R_CERTIFICATE_VERIFY_FAILED. We are + now detecting this situation and raising the appropiate + ssl.SSLCertVerificationError. Patch by Pablo Galindo + - gh-107396: tarfiles; Fixed use before assignment of + self.exception for gzip decompression + - gh-62519: Make gettext.pgettext() search plural definitions when + translation is not found. + - gh-83006: Document behavior of shutil.disk_usage() for + non-mounted filesystems on Unix. + - gh-106186: Do not report MultipartInvariantViolationDefect + defect when the email.parser.Parser class is used to parse + emails with headersonly=True. + - gh-106831: Fix potential missing NULL check of d2i_SSL_SESSION + result in _ssl.c. + - gh-106774: Update the bundled copy of pip to version 23.2.1. + - gh-106752: Fixed several bug in zipfile.Path in + name/suffix/suffixes/stem operations when no filename is present + and the Path is not at the root of the zipfile. + - gh-106602: Add __copy__ and __deepcopy__ in enum + - gh-106530: Revert a change to colorsys.rgb_to_hls() that caused + division by zero for certain almost-white inputs. Patch by Terry + Jan Reedy. + - gh-106052: re module: fix the matching of possessive quantifiers + in the case of a subpattern containing backtracking. + - gh-106510: Improve debug output for atomic groups in regular + expressions. + - gh-105497: Fix flag mask inversion when unnamed flags exist. + - gh-90876: Prevent multiprocessing.spawn from failing to import + in environments where sys.executable is None. This regressed in + 3.11 with the addition of support for path-like objects in + multiprocessing. + - gh-106350: Detect possible memory allocation failure in the + libtommath function mp_init() used by the _tkinter module. + - gh-102541: Make pydoc.doc catch bad module ImportError when + output stream is not None. + - gh-106263: Fix crash when calling repr with a manually + constructed SignalDict object. Patch by Charlie Zhao. + - gh-105375: Fix a bug in _Unpickler_SetInputStream() where an + exception could end up being overwritten in case of failure. + - gh-105375: Fix bugs in sys where exceptions could end up being + overwritten because of deferred error handling. + - gh-105605: Harden pyexpat error handling during module + initialisation to prevent exceptions from possibly being + overwritten, and objects from being dereferenced twice. + - gh-105375: Fix bug in decimal where an exception could end up + being overwritten. + - gh-105375: Fix bugs in _datetime where exceptions could be + overwritten in case of module initialisation failure. + - gh-105375: Fix bugs in _ssl initialisation which could lead to + leaked references and overwritten exceptions. + - gh-105375: Fix a bug in array.array where an exception could end + up being overwritten. + - gh-105375: Fix bugs in _ctypes where exceptions could end up + being overwritten. + - gh-105375: Fix a bug in the posix module where an exception + could be overwritten. + - gh-105375: Fix bugs in _elementtree where exceptions could be + overwritten. + - gh-105375: Fix bugs in zoneinfo where exceptions could be + overwritten. + - gh-105375: Fix bugs in pickle where exceptions could be + overwritten. + - gh-105497: Fix flag inversion when alias/mask members exist. + - gh-105375: Fix bugs in pickle where exceptions could be + overwritten. + - gh-103171: Revert undocumented behaviour change with + runtime-checkable protocols decorated with typing.final() in + Python 3.11. The behaviour change had meant that objects would + not be considered instances of these protocols at runtime unless + they had a __final__ attribute. Patch by Alex Waygood. + - gh-105375: Fix a bug in sqlite3 where an exception could be + overwritten in the collation callback. + - gh-105332: Revert pickling method from by-name back to by-value. + - gh-104554: Add RTSPS scheme support in urllib.parse + - gh-100061: Fix a bug that causes wrong matches for regular + expressions with possessive qualifier. + - gh-102541: Hide traceback in help() prompt, when import failed. + - gh-99203: Restore following CPython <= 3.10.5 behavior of + shutil.make_archive(): do not create an empty archive if + root_dir is not a directory, and, in that case, raise + FileNotFoundError or NotADirectoryError regardless of format + choice. Beyond the brought-back behavior, the function may now + also raise these exceptions in dry_run mode. + - gh-94777: Fix hanging multiprocessing ProcessPoolExecutor when a + child process crashes while data is being written in the call + queue. + - bpo-18319: Ensure gettext(msg) retrieve translations even if a + plural form exists. In other words: gettext(msg) == + ngettext(msg, '', 1). + - Documentation + - gh-107008: Document the curses module variables LINES and COLS. + - gh-106948: Add a number of standard external names to + nitpick_ignore. + - gh-54738: Add documentation on how to localize the argparse + module. + - Tests + - gh-105776: Fix test_cppext when the C compiler command -std=c11 + option: remove -std= options from the compiler command. Patch by + Victor Stinner. + - gh-107237: test_logging: Fix test_udp_reconnection() by + increasing the timeout from 100 ms to 5 minutes (LONG_TIMEOUT). + Patch by Victor Stinner. + - gh-101634: When running the Python test suite with -jN option, + if a worker stdout cannot be decoded from the locale encoding + report a failed testn so the exitcode is non-zero. Patch by + Victor Stinner. + - Build + - gh-107814: When calling find_python.bat with -q it did not + properly silence the output of nuget. That is now fixed. + - gh-106881: Check for linux/limits.h before including it in + Modules/posixmodule.c. + - gh-104692: Include commoninstall as a prerequisite for + bininstall + - This ensures that commoninstall is completed before bininstall + is started when parallel builds are used (make -j install), and + so the python3 symlink is only installed after all standard + library modules are installed. + - gh-100340: Allows -Wno-int-conversion for wasm-sdk 17 and + onwards, thus enables building WASI builds once against the + latest sdk. + - Windows + - gh-106242: Fixes realpath() to behave consistently when passed a + path containing an embedded null character on Windows. In strict + mode, it now raises OSError instead of the unexpected + ValueError, and in non-strict mode will make the path absolute. + - gh-106844: Fix integer overflow in _winapi.LCMapStringEx() which + affects ntpath.normcase(). + - gh-99079: Update Windows build to use OpenSSL 3.0.9 + - gh-105436: Ensure that an empty environment block is terminated + by two null characters, as is required by Windows. + - macOS + - gh-107565: Update macOS installer to use OpenSSL 3.0.10. + - gh-99079: Update macOS installer to use OpenSSL 3.0.9. + - Tools/Demos + - gh-107565: Update multissltests and GitHub CI workflows to use + OpenSSL 1.1.1v, 3.0.10, and 3.1.2. + - gh-95065: Argument Clinic now supports overriding automatically + generated signature by using directive @text_signature. See How + to override the generated signature. + - gh-106970: Fix bugs in the Argument Clinic destination + clear command; the destination buffers would never be cleared, + and the destination directive parser would simply continue to + the fault handler after processing the command. Patch by Erlend + E. Aasland. + - C API + - gh-107916: C API functions PyErr_SetFromErrnoWithFilename(), + PyErr_SetExcFromWindowsErrWithFilename() and + PyErr_SetFromWindowsErrWithFilename() save now the error code + before calling PyUnicode_DecodeFSDefault(). + - gh-107915: Such C API functions as PyErr_SetString(), + PyErr_Format(), PyErr_SetFromErrnoWithFilename() and many others + no longer crash or ignore errors if it failed to format the + error message or decode the filename. Instead, they keep a + corresponding error. + - gh-107226: PyModule_AddObjectRef() is now only available in the + limited API version 3.10 or later. + - gh-105375: Fix a bug in PyErr_WarnExplicit() where an exception + could end up being overwritten if the API failed internally. + - gh-99612: Fix PyUnicode_DecodeUTF8Stateful() for ASCII-only + data: *consumed was not set. + ------------------------------------------------------------------- Thu Aug 10 09:33:26 UTC 2023 - Dirk Müller diff --git a/python311.spec b/python311.spec index cf486f6..91872f0 100644 --- a/python311.spec +++ b/python311.spec @@ -94,7 +94,7 @@ %define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so %bcond_without profileopt Name: %{python_pkg_name}%{psuffix} -Version: 3.11.4 +Version: 3.11.5 Release: 0 Summary: Python 3 Interpreter License: Python-2.0 -- 2.51.1 From 558337c77313b7d011450e73cf7217ee1e51a0abe07955f1338ceb9ad000de48 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Fri, 15 Sep 2023 11:19:47 +0000 Subject: [PATCH 062/135] characters without truncating the path (bsc#1214693, CVE-2023-41105). OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=85 --- python311.changes | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/python311.changes b/python311.changes index 671941b..cee5fe5 100644 --- a/python311.changes +++ b/python311.changes @@ -50,7 +50,8 @@ Wed Sep 6 07:52:11 UTC 2023 - Daniel Garcia - gh-107963: Fix multiprocessing.set_forkserver_preload() to check the given list of modules names. Patch by Dong-hee Na. - gh-106242: Fixes os.path.normpath() to handle embedded null - characters without truncating the path. + characters without truncating the path (bsc#1214693, + CVE-2023-41105). - gh-107845: tarfile.data_filter() now takes the location of symlinks into account when determining their target, so it will no longer reject some valid tarballs with -- 2.51.1 From dbc72d69e1911fcb30166f50365cad5c19da5c7a0034e2974e490654dd79d78a Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Wed, 15 Nov 2023 12:57:57 +0000 Subject: [PATCH 063/135] Accepting request 1126597 from home:dgarcia:branches:devel:languages:python:Factory - Remove not needed patch 103213-fetch-CONFIG_ARGS.patch - Refresh patches: - bpo-31046_ensurepip_honours_prefix.patch - fix_configure_rst.patch - Update to 3.11.6: - Core and Builtins - gh-109351: Fix crash when compiling an invalid AST involving a named (walrus) expression. - gh-109207: Fix a SystemError in __repr__ of symtable entry object. - gh-109179: Fix bug where the C traceback display drops notes from SyntaxError. - gh-88943: Improve syntax error for non-ASCII character that follows a numerical literal. It now points on the invalid non-ASCII character, not on the valid numerical literal. - gh-108959: Fix caret placement for error locations for subscript and binary operations that involve non-semantic parentheses and spaces. Patch by Pablo Galindo - gh-108520: Fix multiprocessing.synchronize.SemLock.__setstate__() to properly initialize multiprocessing.synchronize.SemLock._is_fork_ctx. This fixes a regression when passing a SemLock accross nested processes. - Rename multiprocessing.synchronize.SemLock.is_fork_ctx to multiprocessing.synchronize.SemLock._is_fork_ctx to avoid exposing it as public API. - Library - gh-110036: On Windows, multiprocessing Popen.terminate() now catchs PermissionError and get the process exit code. If the process is still running, raise again the PermissionError. OBS-URL: https://build.opensuse.org/request/show/1126597 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=87 --- 103213-fetch-CONFIG_ARGS.patch | 37 ---- Python-3.11.5.tar.xz | 3 - Python-3.11.5.tar.xz.asc | 16 -- Python-3.11.6.tar.xz | 3 + Python-3.11.6.tar.xz.asc | 16 ++ bpo-31046_ensurepip_honours_prefix.patch | 46 +++-- fix_configure_rst.patch | 16 +- python311.changes | 211 +++++++++++++++++++++++ python311.spec | 6 +- 9 files changed, 269 insertions(+), 85 deletions(-) delete mode 100644 103213-fetch-CONFIG_ARGS.patch delete mode 100644 Python-3.11.5.tar.xz delete mode 100644 Python-3.11.5.tar.xz.asc create mode 100644 Python-3.11.6.tar.xz create mode 100644 Python-3.11.6.tar.xz.asc diff --git a/103213-fetch-CONFIG_ARGS.patch b/103213-fetch-CONFIG_ARGS.patch deleted file mode 100644 index 4a8c2e0..0000000 --- a/103213-fetch-CONFIG_ARGS.patch +++ /dev/null @@ -1,37 +0,0 @@ -From d3217d12eee9eefad8444e80545b82b2a8c2be4c Mon Sep 17 00:00:00 2001 -From: Ijtaba Hussain -Date: Mon, 3 Apr 2023 17:28:32 +0500 -Subject: [PATCH 1/3] Fetch CONFIG_ARGS from original python instance - -instead of fetching from intermediate instance. As "make clean" is called -against the intermediate instance, the build directory is cleared and the -config arguments lookup fails with a ModuleNotFoundError ---- - Misc/NEWS.d/next/Tools-Demos/2023-04-05-07-19-36.gh-issue-103186.yEozgK.rst | 2 ++ - Tools/freeze/test/freeze.py | 3 +-- - 2 files changed, 3 insertions(+), 2 deletions(-) - ---- /dev/null -+++ b/Misc/NEWS.d/next/Tools-Demos/2023-04-05-07-19-36.gh-issue-103186.yEozgK.rst -@@ -0,0 +1,2 @@ -+``freeze`` now fetches ``CONFIG_ARGS`` from the original CPython instance -+the Makefile uses to call utility scripts. Patch by Ijtaba Hussain. ---- a/Tools/freeze/test/freeze.py -+++ b/Tools/freeze/test/freeze.py -@@ -96,7 +96,6 @@ def copy_source_tree(newroot, oldroot): - if os.path.exists(os.path.join(newroot, 'Makefile')): - _run_quiet([MAKE, 'clean'], newroot) - -- - def get_makefile_var(builddir, name): - regex = re.compile(rf'^{name} *=\s*(.*?)\s*$') - filename = os.path.join(builddir, 'Makefile') -@@ -153,7 +152,7 @@ def prepare(script=None, outdir=None): - print(f'configuring python in {builddir}...') - cmd = [ - os.path.join(srcdir, 'configure'), -- *shlex.split(get_config_var(srcdir, 'CONFIG_ARGS') or ''), -+ *shlex.split(get_config_var(SRCDIR, 'CONFIG_ARGS') or ''), - ] - ensure_opt(cmd, 'cache-file', os.path.join(outdir, 'python-config.cache')) - prefix = os.path.join(outdir, 'python-installation') diff --git a/Python-3.11.5.tar.xz b/Python-3.11.5.tar.xz deleted file mode 100644 index 24794b2..0000000 --- a/Python-3.11.5.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:85cd12e9cf1d6d5a45f17f7afe1cebe7ee628d3282281c492e86adf636defa3f -size 20053580 diff --git a/Python-3.11.5.tar.xz.asc b/Python-3.11.5.tar.xz.asc deleted file mode 100644 index d72003b..0000000 --- a/Python-3.11.5.tar.xz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCAAdFiEEz9yiRbEEPPKl+Xhl/+h0BBaL2EcFAmTnS9sACgkQ/+h0BBaL -2EeG8g//Q6EC79SSFl4BPb064d8X1q8agfLN+D07N6ULsaOL1baOClLbMxiCgquQ -R1CVzEXc0osL25Xw/7rTIBO0tCSS2yNcQ3GMuetBO4wfofDvs9V2ydaVQdrIHEQm -OTOveioF9TOaQ/zozi9Hecl4RY289kCD64sWNkwPYBJzO9KQD/UGRS/b5a4CGKyP -GSQEFdfevYsuLxLtwNh1z8af1LKRGhuWoZOBhDgpz4foH4EQdz80sssXzm2vG3tS -hAeniPphjZyRfl8kC1C86M/hH08S3h4bf/LF/OQ0OYUrwOquqOsLlz03XzJ+COGK -nBa/CGsFrxeby2oI/XF8YZrFzt9LKyWYc2p+AIU+u2EnYwOmAkrE4QaczqOV8ldD -UvfZLTeMVG/Q6JGkNS/OyM3SZoVKDdGJlg5yVAQtbQjdsB5QjVDcysLhhZ+qnuJv -pnQ6anbbX5r4X4ji/2Uar5cwO/jf7QenTKLtgGY67Q2oRE20w6F5rbYHEdO4a4MM -OkI/0pUaU5MGRJfowwtcD5AbWPKo1XXqw2UY8p+biEaVQOj+kWhoB8YA5Qz1utHJ -GiPP69oDIjfn3sPMxB/C1pBdB/m3i8za58b+G3aYtAWWP1q0abaHqPusACotvxPp -3IvB3ryLlTyUYqqTiDp9wgYh2Nr+a9b6i6yW0ptcdycnzDWC1/E= -=Lzjg ------END PGP SIGNATURE----- diff --git a/Python-3.11.6.tar.xz b/Python-3.11.6.tar.xz new file mode 100644 index 0000000..68fb387 --- /dev/null +++ b/Python-3.11.6.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:0fab78fa7f133f4f38210c6260d90d7c0d5c7198446419ce057ec7ac2e6f5f38 +size 20067204 diff --git a/Python-3.11.6.tar.xz.asc b/Python-3.11.6.tar.xz.asc new file mode 100644 index 0000000..0979fa7 --- /dev/null +++ b/Python-3.11.6.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEz9yiRbEEPPKl+Xhl/+h0BBaL2EcFAmUaybgACgkQ/+h0BBaL +2EdGzg//bg0KTy9DGWD56RUzCKaxdao+FVV2wS8FdghTvGJHM8uDehRESzj6Viag +bks/XuTmJ4xlaW+Ilje4VU5gkdgWt44S2ZGretn+zwrv6B5L697s1j4IOnyEywzm +rQ+a5aMRsW+m8kVoKDLsfbCcrwgxXEFln18y9Qp79QhbUpTVjp5vMwWdYyv2JnYb +G2QraFr0mQEhbVsiYpSVRWiacJi7JBuHTU/hNcN/q1ACf/CX3NSLDfL2bJEWNekg +JW3z0c81vLI9D+NkQ8xWOxgEO6G4Aav4F3t37ujuf2W/CI+NZlEknSt2ITxKeTHw +dwtIMXQc3MyG4ExnAwv1LqtL1H3Dm6SAE7sSyn4uG2uknk4xSuyoMIVMJefXmxbQ +Pd8v6/QnqT3U6MVuVlvCq4AWRotZwRpB7MdnpvA0t1tmANOA8i0MWrhCw0ccYk1a +X/3ewR0+RfQYkDvFfnJpbbsQlK+lhZgt/VmQNOHvWoc/tDnB73b2seOmGkx016TY +hozXE4FXtR+8qk9CfJTd8QRNST8KBUCB9C3eoLciruugmyrUvDLjki/u9GNOIl/b +kVJzcD6eQJC9BthJXuKaKDLKX1a1a9J8GUzVXsW1kuEMQHuv/v7Cf6MzmHWWO3QN +yRgqFXkic/U8RgSHUbtozo16GMlU+RDC6bQgZR7mfE0eFCJnD6U= +=mxrE +-----END PGP SIGNATURE----- diff --git a/bpo-31046_ensurepip_honours_prefix.patch b/bpo-31046_ensurepip_honours_prefix.patch index f6b2d3d..1cec52f 100644 --- a/bpo-31046_ensurepip_honours_prefix.patch +++ b/bpo-31046_ensurepip_honours_prefix.patch @@ -13,20 +13,22 @@ Co-Authored-By: Xavier de Gaye 5 files changed, 34 insertions(+), 9 deletions(-) create mode 100644 Misc/NEWS.d/next/Build/2019-12-16-17-50-42.bpo-31046.XA-Qfr.rst ---- a/Doc/library/ensurepip.rst -+++ b/Doc/library/ensurepip.rst -@@ -59,8 +59,9 @@ is at least as recent as the one availab +Index: Python-3.11.6/Doc/library/ensurepip.rst +=================================================================== +--- Python-3.11.6.orig/Doc/library/ensurepip.rst ++++ Python-3.11.6/Doc/library/ensurepip.rst +@@ -59,7 +59,9 @@ is at least as recent as the one availab By default, ``pip`` is installed into the current virtual environment (if one is active) or into the system site packages (if there is no active virtual environment). The installation location can be controlled -through two additional command line options: +through some additional command line options: - ++ +* ``--prefix ``: Installs ``pip`` using the given directory prefix. - * ``--root ``: Installs ``pip`` relative to the given root directory + + * :samp:`--root {dir}`: Installs ``pip`` relative to the given root directory rather than the root of the currently active virtual environment (if any) - or the default root for the current Python installation. -@@ -92,7 +93,7 @@ Module API +@@ -92,7 +94,7 @@ Module API Returns a string specifying the available version of pip that will be installed when bootstrapping an environment. @@ -35,7 +37,7 @@ Co-Authored-By: Xavier de Gaye altinstall=False, default_pip=False, \ verbosity=0) -@@ -102,6 +103,8 @@ Module API +@@ -102,6 +104,8 @@ Module API If *root* is ``None``, then installation uses the default install location for the current environment. @@ -44,7 +46,7 @@ Co-Authored-By: Xavier de Gaye *upgrade* indicates whether or not to upgrade an existing installation of an earlier version of ``pip`` to the available version. -@@ -122,6 +125,8 @@ Module API +@@ -122,6 +126,8 @@ Module API *verbosity* controls the level of output to :data:`sys.stdout` from the bootstrapping operation. @@ -53,8 +55,10 @@ Co-Authored-By: Xavier de Gaye .. audit-event:: ensurepip.bootstrap root ensurepip.bootstrap .. note:: ---- a/Lib/ensurepip/__init__.py -+++ b/Lib/ensurepip/__init__.py +Index: Python-3.11.6/Lib/ensurepip/__init__.py +=================================================================== +--- Python-3.11.6.orig/Lib/ensurepip/__init__.py ++++ Python-3.11.6/Lib/ensurepip/__init__.py @@ -122,27 +122,27 @@ def _disable_pip_configuration_settings( os.environ['PIP_CONFIG_FILE'] = os.devnull @@ -117,8 +121,10 @@ Co-Authored-By: Xavier de Gaye upgrade=args.upgrade, user=args.user, verbosity=args.verbosity, ---- a/Lib/test/test_ensurepip.py -+++ b/Lib/test/test_ensurepip.py +Index: Python-3.11.6/Lib/test/test_ensurepip.py +=================================================================== +--- Python-3.11.6.orig/Lib/test/test_ensurepip.py ++++ Python-3.11.6/Lib/test/test_ensurepip.py @@ -112,6 +112,17 @@ class TestBootstrap(EnsurepipMixin, unit unittest.mock.ANY, ) @@ -137,9 +143,11 @@ Co-Authored-By: Xavier de Gaye def test_bootstrapping_with_user(self): ensurepip.bootstrap(user=True) ---- a/Makefile.pre.in -+++ b/Makefile.pre.in -@@ -1756,7 +1756,7 @@ install: @FRAMEWORKINSTALLFIRST@ commoni +Index: Python-3.11.6/Makefile.pre.in +=================================================================== +--- Python-3.11.6.orig/Makefile.pre.in ++++ Python-3.11.6/Makefile.pre.in +@@ -1758,7 +1758,7 @@ install: @FRAMEWORKINSTALLFIRST@ commoni install|*) ensurepip="" ;; \ esac; \ $(RUNSHARED) $(PYTHON_FOR_BUILD) -m ensurepip \ @@ -148,7 +156,7 @@ Co-Authored-By: Xavier de Gaye fi altinstall: commoninstall -@@ -1766,7 +1766,7 @@ altinstall: commoninstall +@@ -1768,7 +1768,7 @@ altinstall: commoninstall install|*) ensurepip="--altinstall" ;; \ esac; \ $(RUNSHARED) $(PYTHON_FOR_BUILD) -m ensurepip \ @@ -157,7 +165,9 @@ Co-Authored-By: Xavier de Gaye fi commoninstall: check-clean-src @FRAMEWORKALTINSTALLFIRST@ \ +Index: Python-3.11.6/Misc/NEWS.d/next/Build/2019-12-16-17-50-42.bpo-31046.XA-Qfr.rst +=================================================================== --- /dev/null -+++ b/Misc/NEWS.d/next/Build/2019-12-16-17-50-42.bpo-31046.XA-Qfr.rst ++++ Python-3.11.6/Misc/NEWS.d/next/Build/2019-12-16-17-50-42.bpo-31046.XA-Qfr.rst @@ -0,0 +1 @@ +A directory prefix can now be specified when using :mod:`ensurepip`. diff --git a/fix_configure_rst.patch b/fix_configure_rst.patch index 5dcafa6..bd08f1d 100644 --- a/fix_configure_rst.patch +++ b/fix_configure_rst.patch @@ -3,8 +3,10 @@ Misc/NEWS | 2 +- 2 files changed, 1 insertion(+), 4 deletions(-) ---- a/Doc/using/configure.rst -+++ b/Doc/using/configure.rst +Index: Python-3.11.6/Doc/using/configure.rst +=================================================================== +--- Python-3.11.6.orig/Doc/using/configure.rst ++++ Python-3.11.6/Doc/using/configure.rst @@ -41,7 +41,6 @@ General Options See :data:`sys.int_info.bits_per_digit `. @@ -27,12 +29,14 @@ .. cmdoption:: --enable-framework=INSTALLDIR Create a Python.framework rather than a traditional Unix install. Optional ---- a/Misc/NEWS -+++ b/Misc/NEWS -@@ -8105,7 +8105,7 @@ C API +Index: Python-3.11.6/Misc/NEWS +=================================================================== +--- Python-3.11.6.orig/Misc/NEWS ++++ Python-3.11.6/Misc/NEWS +@@ -8708,7 +8708,7 @@ C API - bpo-40939: Removed documentation for the removed ``PyParser_*`` C API. - - bpo-43795: The list in :ref:`stable-abi-list` now shows the public name + - bpo-43795: The list in :ref:`limited-api-list` now shows the public name - :c:struct:`PyFrameObject` rather than ``_frame``. The non-existing entry + :c:type:`PyFrameObject` rather than ``_frame``. The non-existing entry ``_node`` no longer appears in the list. diff --git a/python311.changes b/python311.changes index cee5fe5..944ef78 100644 --- a/python311.changes +++ b/python311.changes @@ -1,3 +1,214 @@ +------------------------------------------------------------------- +Wed Nov 15 09:06:16 UTC 2023 - Daniel Garcia + +- Remove not needed patch 103213-fetch-CONFIG_ARGS.patch +- Refresh patches: + - bpo-31046_ensurepip_honours_prefix.patch + - fix_configure_rst.patch + +- Update to 3.11.6: + - Core and Builtins + - gh-109351: Fix crash when compiling an invalid AST involving a + named (walrus) expression. + - gh-109207: Fix a SystemError in __repr__ of symtable entry + object. + - gh-109179: Fix bug where the C traceback display drops notes + from SyntaxError. + - gh-88943: Improve syntax error for non-ASCII character that + follows a numerical literal. It now points on the invalid + non-ASCII character, not on the valid numerical literal. + - gh-108959: Fix caret placement for error locations for subscript + and binary operations that involve non-semantic parentheses and + spaces. Patch by Pablo Galindo + - gh-108520: Fix + multiprocessing.synchronize.SemLock.__setstate__() to properly + initialize multiprocessing.synchronize.SemLock._is_fork_ctx. + This fixes a regression when passing a SemLock accross nested + processes. + - Rename multiprocessing.synchronize.SemLock.is_fork_ctx to + multiprocessing.synchronize.SemLock._is_fork_ctx to avoid + exposing it as public API. + - Library + - gh-110036: On Windows, multiprocessing Popen.terminate() now + catchs PermissionError and get the process exit code. If the + process is still running, raise again the PermissionError. + Otherwise, the process terminated as expected: store its exit + code. Patch by Victor Stinner. + - gh-110038: Fixed an issue that caused KqueueSelector.select() to + not return all the ready events in some cases when a file + descriptor is registered for both read and write. + - gh-109631: re functions such as re.findall(), re.split(), + re.search() and re.sub() which perform short repeated matches + can now be interrupted by user. + - gh-109593: Avoid deadlocking on a reentrant call to the + multiprocessing resource tracker. Such a reentrant call, though + unlikely, can happen if a GC pass invokes the finalizer for a + multiprocessing object such as SemLock. + - gh-109613: Fix os.stat() and os.DirEntry.stat(): check for + exceptions. Previously, on Python built in debug mode, these + functions could trigger a fatal Python error (and abort the + process) when a function succeeded with an exception set. Patch + by Victor Stinner. + - gh-109375: The pdb alias command now prevents registering + aliases without arguments. + - gh-107219: Fix a race condition in concurrent.futures. When a + process in the process pool was terminated abruptly (while the + future was running or pending), close the connection write end. + If the call queue is blocked on sending bytes to a worker + process, closing the connection write end interrupts the send, + so the queue can be closed. Patch by Victor Stinner. + - gh-50644: Attempts to pickle or create a shallow or deep copy of + codecs streams now raise a TypeError. Previously, copying failed + with a RecursionError, while pickling produced wrong results + that eventually caused unpickling to fail with a RecursionError. + - gh-108987: Fix _thread.start_new_thread() race condition. If a + thread is created during Python finalization, the newly spawned + thread now exits immediately instead of trying to access freed + memory and lead to a crash. Patch by Victor Stinner. + - gh-108843: Fix an issue in ast.unparse() when unparsing + f-strings containing many quote types. + - gh-108682: Enum: raise TypeError if super().__new__() is called + from a custom __new__. + - gh-105829: Fix concurrent.futures.ProcessPoolExecutor deadlock + - gh-64662: Fix support for virtual tables in + sqlite3.Connection.iterdump(). Patch by Aviv Palivoda. + - gh-107913: Fix possible losses of errno and winerror values in + OSError exceptions if they were cleared or modified by the + cleanup code before creating the exception object. + - gh-104372: On Linux where subprocess can use the vfork() syscall + for faster spawning, prevent the parent process from blocking + other threads by dropping the GIL while it waits for the + vfork’ed child process exec() outcome. This prevents spawning a + binary from a slow filesystem from blocking the rest of the + application. + - gh-84867: unittest.TestLoader no longer loads test cases from + exact unittest.TestCase and unittest.FunctionTestCase classes. + - Documentation + - gh-109209: The minimum Sphinx version required for the + documentation is now 4.2. + - gh-105052: Update timeit doc to specify that time in seconds is + just the default. + - gh-102823: Document the return type of x // y when x and y have + type float. + - Tests + - gh-110031: Skip test_threading tests using thread+fork if Python + is built with Address Sanitizer (ASAN). Patch by Victor Stinner. + - gh-110088: Fix test_asyncio timeouts: don’t measure the maximum + duration, a test should not measure a CI performance. Only + measure the minimum duration when a task has a timeout or delay. + Add CLOCK_RES to test_asyncio.utils. Patch by Victor Stinner. + - gh-110033: Fix test_interprocess_signal() of test_signal. Make + sure that the subprocess.Popen object is deleted before the test + raising an exception in a signal handler. Otherwise, + Popen.__del__() can get the exception which is logged as + Exception ignored in: ... and the test fails. Patch by Victor + Stinner. + - gh-109594: Fix test_timeout() of + test_concurrent_futures.test_wait. Remove the future which may + or may not complete depending if it takes longer than the + timeout ot not. Keep the second future which does not complete + before wait() timeout. Patch by Victor Stinner. + - gh-109748: Fix test_zippath_from_non_installed_posix() of + test_venv: don’t copy __pycache__/ sub-directories, because they + can be modified by other Python tests running in parallel. Patch + by Victor Stinner. + - gh-103053: Skip test_freeze_simple_script() of + test_tools.test_freeze if Python is built with ./configure + --enable-optimizations, which means with Profile Guided + Optimization (PGO): it just makes the test too slow. The freeze + tool is tested by many other CIs with other (faster) compiler + flags. Patch by Victor Stinner. + - gh-109396: Fix test_socket.test_hmac_sha1() in FIPS mode. Use a + longer key: FIPS mode requires at least of at least 112 bits. + The previous key was only 32 bits. Patch by Victor Stinner. + - gh-104736: Fix test_gdb on Python built with LLVM clang 16 on + Linux ppc64le (ex: Fedora 38). Search patterns in gdb “bt” + command output to detect when gdb fails to retrieve the + traceback. For example, skip a test if Backtrace stopped: frame + did not save the PC is found. Patch by Victor Stinner. + - gh-109237: Fix test_site.test_underpth_basic() when the working + directory contains at least one non-ASCII character: encode the + ._pth file to UTF-8 and enable the UTF-8 Mode to use UTF-8 for + the child process stdout. Patch by Victor Stinner. + - gh-109230: Fix test_pyexpat.test_exception(): it can now be run + from a directory different than Python source code directory. + Before, the test failed in this case. Skip the test if + Modules/pyexpat.c source is not available. Skip also the test on + Python implementations other than CPython. Patch by Victor + Stinner. + - gh-109015: Fix test_asyncio, test_imaplib and test_socket tests + on FreeBSD if the TCP blackhole is enabled (sysctl + net.inet.tcp.blackhole). Skip the few tests which failed with + ETIMEDOUT which such non standard configuration. Currently, the + FreeBSD GCP image enables TCP and UDP blackhole (sysctl + net.inet.tcp.blackhole=2 and sysctl net.inet.udp.blackhole=1). + Patch by Victor Stinner. + - gh-91960: Skip test_gdb if gdb is unable to retrieve Python + frame objects: if a frame is . When Python is + built with “clang -Og”, gdb can fail to retrive the frame + parameter of _PyEval_EvalFrameDefault(). In this case, tests + like py_bt() are likely to fail. Without getting access to + Python frames, python-gdb.py is mostly clueless on retrieving + the Python traceback. Moreover, test_gdb is no longer skipped on + macOS if Python is built with Clang. Patch by Victor Stinner. + - gh-108962: Skip test_tempfile.test_flags() if chflags() fails + with “OSError: [Errno 45] Operation not supported” (ex: on + FreeBSD 13). Patch by Victor Stinner. + - gh-89392: Removed support of test_main() function in tests. They + now always use normal unittest test runner. + - gh-108851: Fix test_tomllib recursion tests for WASI buildbots: + reduce the recursion limit and compute the maximum nested + array/dict depending on the current available recursion limit. + Patch by Victor Stinner. + - gh-108851: Add get_recursion_available() and + get_recursion_depth() functions to the test.support module. + Patch by Victor Stinner. + - gh-108822: regrtest now computes statistics on all tests: + successes, failures and skipped. test_netrc, test_pep646_syntax + and test_xml_etree now return results in their test_main() + function. Patch by Victor Stinner and Alex Waygood. + - gh-108388: Convert test_concurrent_futures to a package of 7 + sub-tests. Patch by Victor Stinner. + - gh-108388: Split test_multiprocessing_fork, + test_multiprocessing_forkserver and test_multiprocessing_spawn + into test packages. Each package is made of 4 sub-tests: + processes, threads, manager and misc. It allows running more + tests in parallel and so reduce the total test duration. Patch + by Victor Stinner. + - gh-101634: When running the Python test suite with -jN option, + if a worker stdout cannot be decoded from the locale encoding + report a failed testn so the exitcode is non-zero. Patch by + Victor Stinner. + - gh-100086: The Python test runner (libregrtest) now logs Python + build information like “debug” vs “release” build, or LTO and + PGO optimizations. Patch by Victor Stinner. + - gh-98903: The Python test suite now fails wit exit code 4 if no + tests ran. It should help detecting typos in test names and test + methods. + - gh-95027: On Windows, when the Python test suite is run with the + -jN option, the ANSI code page is now used as the encoding for + the stdout temporary file, rather than using UTF-8 which can + lead to decoding errors. Patch by Victor Stinner. + - gh-93353: regrtest now checks if a test leaks temporary files or + directories if run with -jN option. Patch by Victor Stinner. + - Build + - gh-63760: Fix Solaris build: no longer redefine the + gethostname() function. Solaris defines the function since 2005. + Patch by Victor Stinner, original patch by Jakub Kulík. + - gh-108740: Fix a race condition in make regen-all. The + deepfreeze.c source and files generated by Argument Clinic are + now generated or updated before generating “global objects”. + Previously, some identifiers may miss depending on the order in + which these files were generated. Patch by Victor Stinner. + - Windows + - gh-109991: Update Windows build to use OpenSSL 3.0.11. + - gh-107565: Update Windows build to use OpenSSL 3.0.10. + - macOS + - gh-109991: Update macOS installer to use OpenSSL 3.0.11. + - Tools/Demos + - gh-109991: Update GitHub CI workflows to use OpenSSL 3.0.11 and + multissltests to use 1.1.1w, 3.0.11, and 3.1.3. + ------------------------------------------------------------------- Wed Sep 6 07:52:11 UTC 2023 - Daniel Garcia diff --git a/python311.spec b/python311.spec index 91872f0..05e3990 100644 --- a/python311.spec +++ b/python311.spec @@ -94,7 +94,7 @@ %define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so %bcond_without profileopt Name: %{python_pkg_name}%{psuffix} -Version: 3.11.5 +Version: 3.11.6 Release: 0 Summary: Python 3 Interpreter License: Python-2.0 @@ -158,9 +158,6 @@ Patch35: fix_configure_rst.patch # PATCH-FIX-UPSTREAM support-expat-CVE-2022-25236-patched.patch jsc#SLE-21253 mcepl@suse.com # Makes Python resilient to changes of API of libexpat Patch36: support-expat-CVE-2022-25236-patched.patch -# PATCH-FIX-UPSTREAM 103213-fetch-CONFIG_ARGS.patch gh#python/cpython#103053 mcepl@suse.com -# Fetch CONFIG_ARGS from original python instance -Patch38: 103213-fetch-CONFIG_ARGS.patch # PATCH-FIX-UPSTREAM skip_if_buildbot-extend.patch gh#python/cpython#103053 mcepl@suse.com # Skip test_freeze_simple_script Patch39: skip_if_buildbot-extend.patch @@ -429,7 +426,6 @@ other applications. %endif %patch35 -p1 %patch36 -p1 -%patch38 -p1 %patch39 -p1 %patch40 -p1 %patch41 -p1 -- 2.51.1 From a7b11641fe1ce780213bf6d4355b2d82016b3708934f8aaf6185481dd82ecd6d Mon Sep 17 00:00:00 2001 From: Daniel Garcia Date: Fri, 15 Dec 2023 12:09:56 +0000 Subject: [PATCH 064/135] Accepting request 1133399 from home:dgarcia:branches:devel:languages:python:Factory MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Update patch fix_configure_rst.patch - Update to 3.11.7: - Core and Builtins - gh-112625: Fixes a bug where a bytearray object could be cleared while iterating over an argument in the bytearray.join() method that could result in reading memory after it was freed. - gh-112388: Fix an error that was causing the parser to try to overwrite tokenizer errors. Patch by pablo Galindo - gh-112387: Fix error positions for decoded strings with backwards tokenize errors. Patch by Pablo Galindo - gh-112266: Change docstrings of __dict__ and __weakref__. - gh-109181: Speed up Traceback object creation by lazily compute the line number. Patch by Pablo Galindo - gh-102388: Fix a bug where iso2022_jp_3 and iso2022_jp_2004 codecs read out of bounds - gh-111366: Fix an issue in the codeop that was causing SyntaxError exceptions raised in the presence of invalid syntax to not contain precise error messages. Patch by Pablo Galindo - gh-111380: Fix a bug that was causing SyntaxWarning to appear twice when parsing if invalid syntax is encountered later. Patch by Pablo galindo - gh-88116: Traceback location ranges involving wide unicode characters (like emoji and asian characters) now are properly highlighted. Patch by Batuhan Taskaya and Pablo Galindo. - gh-94438: Fix a regression that prevented jumping across is None and is not None when debugging. Patch by Savannah Ostrowski. - gh-110696: Fix incorrect error message for invalid argument unpacking. Patch by Pablo Galindo - gh-110237: Fix missing error checks for calls to PyList_Append in _PyEval_MatchClass. - gh-109216: Fix possible memory leak in BUILD_MAP. - Library - gh-112618: Fix a caching bug relating to typing.Annotated. Annotated[str, True] is no longer identical to Annotated[str, 1]. - gh-112509: Fix edge cases that could cause a key to be present in both the __required_keys__ and __optional_keys__ attributes of a typing.TypedDict. Patch by Jelle Zijlstra. - gh-94722: Fix bug where comparison between instances of DocTest fails if one of them has None as its lineno. - gh-112105: Make readline.set_completer_delims() work with libedit - gh-111942: Fix SystemError in the TextIOWrapper constructor with non-encodable “errors” argument in non-debug mode. - gh-109538: Issue warning message instead of having RuntimeError be displayed when event loop has already been closed at StreamWriter.__del__(). - gh-111942: Fix crashes in io.TextIOWrapper.reconfigure() when pass invalid arguments, e.g. non-string encoding. - gh-111804: Remove posix.fallocate() under WASI as the underlying posix_fallocate() is not available in WASI preview2. - gh-111841: Fix truncating arguments on an embedded null character in os.putenv() and os.unsetenv() on Windows. - gh-111541: Fix doctest for SyntaxError not-builtin subclasses. - gh-110894: Call loop exception handler for exceptions in client_connected_cb of asyncio.start_server() so that applications can handle it. Patch by Kumar Aditya. - gh-111531: Fix reference leaks in bind_class() and bind_all() methods of tkinter widgets. - gh-111356: Added io.text_encoding(), io.DEFAULT_BUFFER_SIZE, and io.IncrementalNewlineDecoder to io.__all__. - gh-68166: Remove mention of not supported “vsapi” element type in tkinter.ttk.Style.element_create(). Add tests for element_create() and other ttk.Style methods. Add examples for element_create() in the documentation. - gh-111251: Fix _blake2 not checking for errors when initializing. - gh-111174: Fix crash in io.BytesIO.getbuffer() called repeatedly for empty BytesIO. - gh-111187: Postpone removal version for locale.getdefaultlocale() to Python 3.15. - gh-111159: Fix doctest output comparison for exceptions with notes. - gh-110910: Fix invalid state handling in asyncio.TaskGroup and asyncio.Timeout. They now raise proper RuntimeError if they are improperly used and are left in consistent state after this. - gh-111092: Make turtledemo run without default root enabled. - gh-110590: Fix a bug in _sre.compile() where TypeError would be overwritten by OverflowError when the code argument was a list of non-ints. - gh-65052: Prevent pdb from crashing when trying to display undisplayable objects - gh-110519: Deprecation warning about non-integer number in gettext now alwais refers to the line in the user code where gettext function or method is used. Previously it could refer to a line in gettext code. - gh-110378: contextmanager() and asynccontextmanager() context managers now close an invalid underlying generator object that yields more then one value. - gh-110365: Fix termios.tcsetattr() bug that was overwritting existing errors during parsing integers from term list. - gh-110196: Add __reduce__ method to IPv6Address in order to keep scope_id - gh-109747: Improve errors for unsupported look-behind patterns. Now re.error is raised instead of OverflowError or RuntimeError for too large width of look-behind pattern. - gh-109786: Fix possible reference leaks and crash when re-enter the __next__() method of itertools.pairwise. - gh-108791: Improved error handling in pdb command line interface, making it produce more concise error messages. - gh-73561: Omit the interface scope from an IPv6 address when used as Host header by http.client. - gh-86826: zipinfo now supports the full range of values in the TZ string determined by RFC 8536 and detects all invalid formats. Both Python and C implementations now raise exceptions of the same type on invalid data. - bpo-41422: Fixed memory leaks of pickle.Pickler and pickle.Unpickler involving cyclic references via the internal memo mapping. - bpo-40262: The ssl.SSLSocket.recv_into() method no longer requires the buffer argument to implement __len__ and supports buffers with arbitrary item size. - bpo-35191: Fix unexpected integer truncation in socket.setblocking() which caused it to interpret multiples of 2**32 as False. - Documentation - gh-108826: dis module command-line interface is now mentioned in documentation. - Tests - gh-110367: Make regrtest --verbose3 option compatible with --huntrleaks -jN options. The ./python -m test -j1 -R 3:3 --verbose3 command now works as expected. Patch by Victor Stinner. - gh-111309: distutils tests can now be run via unittest. - gh-111165: Remove no longer used functions run_unittest() and run_doctest() and class BasicTestRunner from the test.support module. - gh-110932: Fix regrtest if the SOURCE_DATE_EPOCH environment variable is defined: use the variable value as the random seed. Patch by Victor Stinner. - gh-110995: test_gdb: Fix detection of gdb built without Python scripting support. Patch by Victor Stinner. - gh-110918: Test case matching patterns specified by options --match, --ignore, --matchfile and --ignorefile are now tested in the order of specification, and the last match determines whether the test case be run or ignored. - gh-110647: Fix test_stress_modifying_handlers() of test_signal. Patch by Victor Stinner. - gh-103053: Fix test_tools.test_freeze on FreeBSD: run “make distclean” instead of “make clean” in the copied source directory to remove also the “python” program. Patch by Victor Stinner. - gh-110167: Fix a deadlock in test_socket when server fails with a timeout but the client is still running in its thread. Don’t hold a lock to call cleanup functions in doCleanups(). One of the cleanup function waits until the client completes, whereas the client could deadlock if it called addCleanup() in such situation. Patch by Victor Stinner. - gh-110388: Add tests for tty. - gh-81002: Add tests for termios. - gh-110267: Add tests for pickling and copying PyStructSequence objects. Patched by Xuehai Pan. - gh-109974: Fix race conditions in test_threading lock tests. Wait until a condition is met rather than using time.sleep() with a hardcoded number of seconds. Patch by Victor Stinner. - gh-109972: Split test_gdb.py file into a test_gdb package made of multiple tests, so tests can now be run in parallel. Patch by Victor Stinner. - gh-104736: Fix test_gdb on Python built with LLVM clang 16 on Linux ppc64le (ex: Fedora 38). Search patterns in gdb “bt” command output to detect when gdb fails to retrieve the traceback. For example, skip a test if Backtrace stopped: frame did not save the PC is found. Patch by Victor Stinner. - gh-108927: Fixed order dependence in running tests in the same process when a test that has submodules (e.g. test_importlib) follows a test that imports its submodule (e.g. test_importlib.util) and precedes a test (e.g. test_unittest or test_compileall) that uses that submodule. - Build - gh-103053: “make check-clean-src” now also checks if the “python” program is found in the source directory: fail with an error if it does exist. Patch by Victor Stinner. - gh-109191: Fix compile error when building with recent versions of libedit. - IDLE - bpo-35668: Add docstrings to the IDLE debugger module. Fix two bugs: initialize Idb.botframe (should be in Bdb); in Idb.in_rpc_code, check whether prev_frame is None before trying to use it. Greatly expand test_debugger. - C API - gh-112438: Fix support of format units “es”, “et”, “es#”, and “et#” in nested tuples in PyArg_ParseTuple()-like functions. - gh-109521: PyImport_GetImporter() now sets RuntimeError if it fails to get sys.path_hooks or sys.path_importer_cache or they are not list and dict correspondingly. Previously it could return NULL without setting error in obscure cases, crash or raise SystemError if these attributes have wrong type. OBS-URL: https://build.opensuse.org/request/show/1133399 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=89 --- Python-3.11.7.tar.xz | 3 + Python-3.11.7.tar.xz.asc | 16 ++++ fix_configure_rst.patch | 26 +++--- python311.changes | 197 +++++++++++++++++++++++++++++++++++++++ python311.spec | 2 +- 5 files changed, 230 insertions(+), 14 deletions(-) create mode 100644 Python-3.11.7.tar.xz create mode 100644 Python-3.11.7.tar.xz.asc diff --git a/Python-3.11.7.tar.xz b/Python-3.11.7.tar.xz new file mode 100644 index 0000000..8d3a65d --- /dev/null +++ b/Python-3.11.7.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:18e1aa7e66ff3a58423d59ed22815a6954e53342122c45df20c96877c062b9b7 +size 20074108 diff --git a/Python-3.11.7.tar.xz.asc b/Python-3.11.7.tar.xz.asc new file mode 100644 index 0000000..3eee3d2 --- /dev/null +++ b/Python-3.11.7.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEz9yiRbEEPPKl+Xhl/+h0BBaL2EcFAmVuFigACgkQ/+h0BBaL +2EeHPg/+LU5xs2ZDrQogDcH+A1v8RyursiggypdM5hXTrsFsTCIk4iekcI9xkhG1 +ltNX4UuCe5PUEbTgtaWP0ncXARrUnPCoQaQ1sHVDTYoHegancsk+sXZc1JM7qr0p +Y4Ig6mKjuHFMXCInQSI2GaH4t5r4Z1jGk/PGrecIHOPJgqfA/6Z3TBF5N+y3jEvS +2QazMB298q4RDhh9m3REe8LwFPHDlfw9eRohv0MB8xygg9KtxhLZrN7gLBQZvKGD +ihNw6EgJj5OZ0dvwKCCXnlZuwknuJW7vAOPHhYeenPdVdYCGoRSyN7JdD07L+5AG +O14l2rqZrz5Eu28by+kAUrcPYAfAXekw1PmtT3HSd9U/nqnUiTkkJcjyGG/e3cjJ +sUDKMNCSBq0G7j5DB3bB6VHkZjVuz+T+iR5QdfJ4kI2pYSuE/rUj1rhkUXApYsHl +7Wff0QbOW6QT1wCtQcMpJSzkTDVJVYxiqrko/ihlOhphDHYLdOIGOrxWAUwc06x/ +BhJD6tM1kEVZvifoJp1OsNwDzZ/Ku6CUs05E1vWxdeNVeANyKAgCZ5hOVmhnv866 +11zfgo/znRsMzMIyJuy0bhO0C6omVLzzfhipAbZM2jDorn37xxV0v/I0pceNtLrp +YR7Tjs7+Ihe6/oItjW53j9T7ANdgQ1RVDg98lKlPFNL+hxfctwY= +=0Pkd +-----END PGP SIGNATURE----- diff --git a/fix_configure_rst.patch b/fix_configure_rst.patch index bd08f1d..e45e240 100644 --- a/fix_configure_rst.patch +++ b/fix_configure_rst.patch @@ -3,37 +3,37 @@ Misc/NEWS | 2 +- 2 files changed, 1 insertion(+), 4 deletions(-) -Index: Python-3.11.6/Doc/using/configure.rst +Index: Python-3.11.7/Doc/using/configure.rst =================================================================== ---- Python-3.11.6.orig/Doc/using/configure.rst -+++ Python-3.11.6/Doc/using/configure.rst +--- Python-3.11.7.orig/Doc/using/configure.rst ++++ Python-3.11.7/Doc/using/configure.rst @@ -41,7 +41,6 @@ General Options See :data:`sys.int_info.bits_per_digit `. --.. cmdoption:: --with-cxx-main - .. cmdoption:: --with-cxx-main=COMPILER +-.. option:: --with-cxx-main + .. option:: --with-cxx-main=COMPILER Compile the Python ``main()`` function and link Python executable with C++ @@ -527,13 +526,11 @@ macOS Options See ``Mac/README.rst``. --.. cmdoption:: --enable-universalsdk - .. cmdoption:: --enable-universalsdk=SDKDIR +-.. option:: --enable-universalsdk + .. option:: --enable-universalsdk=SDKDIR Create a universal binary build. *SDKDIR* specifies which macOS SDK should be used to perform the build (default is no). --.. cmdoption:: --enable-framework - .. cmdoption:: --enable-framework=INSTALLDIR +-.. option:: --enable-framework + .. option:: --enable-framework=INSTALLDIR Create a Python.framework rather than a traditional Unix install. Optional -Index: Python-3.11.6/Misc/NEWS +Index: Python-3.11.7/Misc/NEWS =================================================================== ---- Python-3.11.6.orig/Misc/NEWS -+++ Python-3.11.6/Misc/NEWS -@@ -8708,7 +8708,7 @@ C API +--- Python-3.11.7.orig/Misc/NEWS ++++ Python-3.11.7/Misc/NEWS +@@ -9012,7 +9012,7 @@ C API - bpo-40939: Removed documentation for the removed ``PyParser_*`` C API. - bpo-43795: The list in :ref:`limited-api-list` now shows the public name diff --git a/python311.changes b/python311.changes index 944ef78..af0f2b6 100644 --- a/python311.changes +++ b/python311.changes @@ -1,3 +1,200 @@ +------------------------------------------------------------------- +Fri Dec 15 10:04:33 UTC 2023 - Daniel Garcia + +- Update patch fix_configure_rst.patch +- Update to 3.11.7: + - Core and Builtins + - gh-112625: Fixes a bug where a bytearray object could be cleared + while iterating over an argument in the bytearray.join() method + that could result in reading memory after it was freed. + - gh-112388: Fix an error that was causing the parser to try to + overwrite tokenizer errors. Patch by pablo Galindo + - gh-112387: Fix error positions for decoded strings with + backwards tokenize errors. Patch by Pablo Galindo + - gh-112266: Change docstrings of __dict__ and __weakref__. + - gh-109181: Speed up Traceback object creation by lazily compute + the line number. Patch by Pablo Galindo + - gh-102388: Fix a bug where iso2022_jp_3 and iso2022_jp_2004 + codecs read out of bounds + - gh-111366: Fix an issue in the codeop that was causing + SyntaxError exceptions raised in the presence of invalid syntax + to not contain precise error messages. Patch by Pablo Galindo + - gh-111380: Fix a bug that was causing SyntaxWarning to appear + twice when parsing if invalid syntax is encountered later. Patch + by Pablo galindo + - gh-88116: Traceback location ranges involving wide unicode + characters (like emoji and asian characters) now are properly + highlighted. Patch by Batuhan Taskaya and Pablo Galindo. + - gh-94438: Fix a regression that prevented jumping across is None + and is not None when debugging. Patch by Savannah Ostrowski. + - gh-110696: Fix incorrect error message for invalid argument + unpacking. Patch by Pablo Galindo + - gh-110237: Fix missing error checks for calls to PyList_Append + in _PyEval_MatchClass. + - gh-109216: Fix possible memory leak in BUILD_MAP. + + - Library + - gh-112618: Fix a caching bug relating to typing.Annotated. + Annotated[str, True] is no longer identical to Annotated[str, + 1]. + - gh-112509: Fix edge cases that could cause a key to be present + in both the __required_keys__ and __optional_keys__ attributes + of a typing.TypedDict. Patch by Jelle Zijlstra. + - gh-94722: Fix bug where comparison between instances of DocTest + fails if one of them has None as its lineno. + - gh-112105: Make readline.set_completer_delims() work with + libedit + - gh-111942: Fix SystemError in the TextIOWrapper constructor with + non-encodable “errors” argument in non-debug mode. + - gh-109538: Issue warning message instead of having RuntimeError + be displayed when event loop has already been closed at + StreamWriter.__del__(). + - gh-111942: Fix crashes in io.TextIOWrapper.reconfigure() when + pass invalid arguments, e.g. non-string encoding. + - gh-111804: Remove posix.fallocate() under WASI as the underlying + posix_fallocate() is not available in WASI preview2. + - gh-111841: Fix truncating arguments on an embedded null + character in os.putenv() and os.unsetenv() on Windows. + - gh-111541: Fix doctest for SyntaxError not-builtin subclasses. + - gh-110894: Call loop exception handler for exceptions in + client_connected_cb of asyncio.start_server() so that + applications can handle it. Patch by Kumar Aditya. + - gh-111531: Fix reference leaks in bind_class() and bind_all() + methods of tkinter widgets. + - gh-111356: Added io.text_encoding(), io.DEFAULT_BUFFER_SIZE, and + io.IncrementalNewlineDecoder to io.__all__. + - gh-68166: Remove mention of not supported “vsapi” element type + in tkinter.ttk.Style.element_create(). Add tests for + element_create() and other ttk.Style methods. Add examples for + element_create() in the documentation. + - gh-111251: Fix _blake2 not checking for errors when + initializing. + - gh-111174: Fix crash in io.BytesIO.getbuffer() called repeatedly + for empty BytesIO. + - gh-111187: Postpone removal version for + locale.getdefaultlocale() to Python 3.15. + - gh-111159: Fix doctest output comparison for exceptions with + notes. + - gh-110910: Fix invalid state handling in asyncio.TaskGroup and + asyncio.Timeout. They now raise proper RuntimeError if they are + improperly used and are left in consistent state after this. + - gh-111092: Make turtledemo run without default root enabled. + - gh-110590: Fix a bug in _sre.compile() where TypeError would be + overwritten by OverflowError when the code argument was a list + of non-ints. + - gh-65052: Prevent pdb from crashing when trying to display + undisplayable objects + - gh-110519: Deprecation warning about non-integer number in + gettext now alwais refers to the line in the user code where + gettext function or method is used. Previously it could refer to + a line in gettext code. + - gh-110378: contextmanager() and asynccontextmanager() context + managers now close an invalid underlying generator object that + yields more then one value. + - gh-110365: Fix termios.tcsetattr() bug that was overwritting + existing errors during parsing integers from term list. + - gh-110196: Add __reduce__ method to IPv6Address in order to keep + scope_id + - gh-109747: Improve errors for unsupported look-behind patterns. + Now re.error is raised instead of OverflowError or RuntimeError + for too large width of look-behind pattern. + - gh-109786: Fix possible reference leaks and crash when re-enter + the __next__() method of itertools.pairwise. + - gh-108791: Improved error handling in pdb command line + interface, making it produce more concise error messages. + - gh-73561: Omit the interface scope from an IPv6 address when + used as Host header by http.client. + - gh-86826: zipinfo now supports the full range of values in the + TZ string determined by RFC 8536 and detects all invalid + formats. Both Python and C implementations now raise exceptions + of the same type on invalid data. + - bpo-41422: Fixed memory leaks of pickle.Pickler and + pickle.Unpickler involving cyclic references via the internal + memo mapping. + - bpo-40262: The ssl.SSLSocket.recv_into() method no longer + requires the buffer argument to implement __len__ and supports + buffers with arbitrary item size. + - bpo-35191: Fix unexpected integer truncation in + socket.setblocking() which caused it to interpret multiples of + 2**32 as False. + + - Documentation + - gh-108826: dis module command-line interface is now mentioned in + documentation. + + - Tests + - gh-110367: Make regrtest --verbose3 option compatible with + --huntrleaks -jN options. The ./python -m test -j1 -R 3:3 + --verbose3 command now works as expected. Patch by Victor + Stinner. + - gh-111309: distutils tests can now be run via unittest. + - gh-111165: Remove no longer used functions run_unittest() and + run_doctest() and class BasicTestRunner from the test.support + module. + - gh-110932: Fix regrtest if the SOURCE_DATE_EPOCH environment + variable is defined: use the variable value as the random seed. + Patch by Victor Stinner. + - gh-110995: test_gdb: Fix detection of gdb built without Python + scripting support. Patch by Victor Stinner. + - gh-110918: Test case matching patterns specified by options + --match, --ignore, --matchfile and --ignorefile are now tested + in the order of specification, and the last match determines + whether the test case be run or ignored. + - gh-110647: Fix test_stress_modifying_handlers() of test_signal. + Patch by Victor Stinner. + - gh-103053: Fix test_tools.test_freeze on FreeBSD: run “make + distclean” instead of “make clean” in the copied source + directory to remove also the “python” program. Patch by Victor + Stinner. + - gh-110167: Fix a deadlock in test_socket when server fails with + a timeout but the client is still running in its thread. Don’t + hold a lock to call cleanup functions in doCleanups(). One of + the cleanup function waits until the client completes, whereas + the client could deadlock if it called addCleanup() in such + situation. Patch by Victor Stinner. + - gh-110388: Add tests for tty. + - gh-81002: Add tests for termios. + - gh-110267: Add tests for pickling and copying PyStructSequence + objects. Patched by Xuehai Pan. + - gh-109974: Fix race conditions in test_threading lock tests. + Wait until a condition is met rather than using time.sleep() + with a hardcoded number of seconds. Patch by Victor Stinner. + - gh-109972: Split test_gdb.py file into a test_gdb package made + of multiple tests, so tests can now be run in parallel. Patch by + Victor Stinner. + - gh-104736: Fix test_gdb on Python built with LLVM clang 16 on + Linux ppc64le (ex: Fedora 38). Search patterns in gdb “bt” + command output to detect when gdb fails to retrieve the + traceback. For example, skip a test if Backtrace stopped: frame + did not save the PC is found. Patch by Victor Stinner. + - gh-108927: Fixed order dependence in running tests in the same + process when a test that has submodules (e.g. test_importlib) + follows a test that imports its submodule (e.g. + test_importlib.util) and precedes a test (e.g. test_unittest or + test_compileall) that uses that submodule. + + - Build + - gh-103053: “make check-clean-src” now also checks if the + “python” program is found in the source directory: fail with an + error if it does exist. Patch by Victor Stinner. + - gh-109191: Fix compile error when building with recent versions + of libedit. + + - IDLE + - bpo-35668: Add docstrings to the IDLE debugger module. Fix two + bugs: initialize Idb.botframe (should be in Bdb); in + Idb.in_rpc_code, check whether prev_frame is None before trying + to use it. Greatly expand test_debugger. + + - C API + - gh-112438: Fix support of format units “es”, “et”, “es#”, and + “et#” in nested tuples in PyArg_ParseTuple()-like functions. + - gh-109521: PyImport_GetImporter() now sets RuntimeError if it + fails to get sys.path_hooks or sys.path_importer_cache or they + are not list and dict correspondingly. Previously it could + return NULL without setting error in obscure cases, crash or + raise SystemError if these attributes have wrong type. + ------------------------------------------------------------------- Wed Nov 15 09:06:16 UTC 2023 - Daniel Garcia diff --git a/python311.spec b/python311.spec index 05e3990..0e3c740 100644 --- a/python311.spec +++ b/python311.spec @@ -94,7 +94,7 @@ %define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so %bcond_without profileopt Name: %{python_pkg_name}%{psuffix} -Version: 3.11.6 +Version: 3.11.7 Release: 0 Summary: Python 3 Interpreter License: Python-2.0 -- 2.51.1 From 8bce36d45906ab023d4cbda5e6745bf2bf431fdc2b5a2ed75b4c9891cefbaa50 Mon Sep 17 00:00:00 2001 From: Daniel Garcia Date: Mon, 18 Dec 2023 07:14:53 +0000 Subject: [PATCH 065/135] Remove leftover tarfiles OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=90 --- Python-3.11.6.tar.xz | 3 --- Python-3.11.6.tar.xz.asc | 16 ---------------- 2 files changed, 19 deletions(-) delete mode 100644 Python-3.11.6.tar.xz delete mode 100644 Python-3.11.6.tar.xz.asc diff --git a/Python-3.11.6.tar.xz b/Python-3.11.6.tar.xz deleted file mode 100644 index 68fb387..0000000 --- a/Python-3.11.6.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:0fab78fa7f133f4f38210c6260d90d7c0d5c7198446419ce057ec7ac2e6f5f38 -size 20067204 diff --git a/Python-3.11.6.tar.xz.asc b/Python-3.11.6.tar.xz.asc deleted file mode 100644 index 0979fa7..0000000 --- a/Python-3.11.6.tar.xz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCAAdFiEEz9yiRbEEPPKl+Xhl/+h0BBaL2EcFAmUaybgACgkQ/+h0BBaL -2EdGzg//bg0KTy9DGWD56RUzCKaxdao+FVV2wS8FdghTvGJHM8uDehRESzj6Viag -bks/XuTmJ4xlaW+Ilje4VU5gkdgWt44S2ZGretn+zwrv6B5L697s1j4IOnyEywzm -rQ+a5aMRsW+m8kVoKDLsfbCcrwgxXEFln18y9Qp79QhbUpTVjp5vMwWdYyv2JnYb -G2QraFr0mQEhbVsiYpSVRWiacJi7JBuHTU/hNcN/q1ACf/CX3NSLDfL2bJEWNekg -JW3z0c81vLI9D+NkQ8xWOxgEO6G4Aav4F3t37ujuf2W/CI+NZlEknSt2ITxKeTHw -dwtIMXQc3MyG4ExnAwv1LqtL1H3Dm6SAE7sSyn4uG2uknk4xSuyoMIVMJefXmxbQ -Pd8v6/QnqT3U6MVuVlvCq4AWRotZwRpB7MdnpvA0t1tmANOA8i0MWrhCw0ccYk1a -X/3ewR0+RfQYkDvFfnJpbbsQlK+lhZgt/VmQNOHvWoc/tDnB73b2seOmGkx016TY -hozXE4FXtR+8qk9CfJTd8QRNST8KBUCB9C3eoLciruugmyrUvDLjki/u9GNOIl/b -kVJzcD6eQJC9BthJXuKaKDLKX1a1a9J8GUzVXsW1kuEMQHuv/v7Cf6MzmHWWO3QN -yRgqFXkic/U8RgSHUbtozo16GMlU+RDC6bQgZR7mfE0eFCJnD6U= -=mxrE ------END PGP SIGNATURE----- -- 2.51.1 From cb3301d2cc48ebd8289d1ab4043dd4379ab06e94aa688128481a1e49b50b0c13 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Mon, 18 Dec 2023 16:25:35 +0000 Subject: [PATCH 066/135] - Refresh CVE-2023-27043-email-parsing-errors.patch to gh#python/cpython!111116, fixing bsc#1210638 (CVE-2023-27043). - Thus we can remove Revert-gh105127-left-tests.patch, which is now useless. OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=91 --- CVE-2023-27043-email-parsing-errors.patch | 548 +++++++++++++++------- python311.changes | 8 + python311.spec | 4 - 3 files changed, 388 insertions(+), 172 deletions(-) diff --git a/CVE-2023-27043-email-parsing-errors.patch b/CVE-2023-27043-email-parsing-errors.patch index 7aec4a2..6e4cc64 100644 --- a/CVE-2023-27043-email-parsing-errors.patch +++ b/CVE-2023-27043-email-parsing-errors.patch @@ -1,74 +1,185 @@ --- - Doc/library/email.utils.rst | 26 +++ - Lib/email/utils.py | 63 +++++++ - Lib/test/test_email/test_email.py | 81 +++++++++- - Misc/NEWS.d/next/Security/2023-06-13-20-52-24.gh-issue-102988.Kei7Vf.rst | 4 - 4 files changed, 164 insertions(+), 10 deletions(-) + Doc/library/email.utils.rst | 19 - + Lib/email/utils.py | 151 +++++++- + Lib/test/test_email/test_email.py | 187 +++++++++- + Misc/NEWS.d/next/Library/2023-10-20-15-28-08.gh-issue-102988.dStNO7.rst | 8 + 4 files changed, 344 insertions(+), 21 deletions(-) -Index: Python-3.11.4/Doc/library/email.utils.rst -=================================================================== ---- Python-3.11.4.orig/Doc/library/email.utils.rst -+++ Python-3.11.4/Doc/library/email.utils.rst -@@ -67,6 +67,11 @@ of the new API. +--- a/Doc/library/email.utils.rst ++++ b/Doc/library/email.utils.rst +@@ -60,13 +60,18 @@ of the new API. + begins with angle brackets, they are stripped off. + + +-.. function:: parseaddr(address) ++.. function:: parseaddr(address, *, strict=True) + + Parse address -- which should be the value of some address-containing field such + as :mailheader:`To` or :mailheader:`Cc` -- into its constituent *realname* and *email address* parts. Returns a tuple of that information, unless the parse fails, in which case a 2-tuple of ``('', '')`` is returned. -+ .. versionchanged:: 3.12 -+ For security reasons, addresses that were ambiguous and could parse into -+ multiple different addresses now cause ``('', '')`` to be returned -+ instead of only one of the *potential* addresses. ++ If *strict* is true, use a strict parser which rejects malformed inputs. ++ ++ .. versionchanged:: 3.13 ++ Add *strict* optional parameter and reject malformed inputs by default. + .. function:: formataddr(pair, charset='utf-8') -@@ -89,7 +94,7 @@ of the new API. +@@ -84,12 +89,15 @@ of the new API. + Added the *charset* option. + + +-.. function:: getaddresses(fieldvalues) ++.. function:: getaddresses(fieldvalues, *, strict=True) + This method returns a list of 2-tuples of the form returned by ``parseaddr()``. *fieldvalues* is a sequence of header field values as might be returned by - :meth:`Message.get_all `. Here's a simple +- :meth:`Message.get_all `. Here's a simple - example that gets all the recipients of a message:: -+ example that gets all the recipients of a message: ++ :meth:`Message.get_all `. ++ ++ If *strict* is true, use a strict parser which rejects malformed inputs. ++ ++ Here's a simple example that gets all the recipients of a message:: from email.utils import getaddresses -@@ -99,6 +104,25 @@ of the new API. +@@ -99,6 +107,9 @@ of the new API. resent_ccs = msg.get_all('resent-cc', []) all_recipients = getaddresses(tos + ccs + resent_tos + resent_ccs) -+ When parsing fails for a single fieldvalue, a 2-tuple of ``('', '')`` -+ is returned in its place. Other errors in parsing the list of -+ addresses such as a fieldvalue seemingly parsing into multiple -+ addresses may result in a list containing a single empty 2-tuple -+ ``[('', '')]`` being returned rather than returning potentially -+ invalid output. -+ -+ Example malformed input parsing: -+ -+ .. doctest:: -+ -+ >>> from email.utils import getaddresses -+ >>> getaddresses(['alice@example.com ', 'me@example.com']) -+ [('', '')] -+ -+ .. versionchanged:: 3.12 -+ The 2-tuple of ``('', '')`` in the returned values when parsing -+ fails were added as to address a security issue. ++ .. versionchanged:: 3.13 ++ Add *strict* optional parameter and reject malformed inputs by default. + .. function:: parsedate(date) -Index: Python-3.11.4/Lib/email/utils.py -=================================================================== ---- Python-3.11.4.orig/Lib/email/utils.py -+++ Python-3.11.4/Lib/email/utils.py -@@ -106,12 +106,54 @@ def formataddr(pair, charset='utf-8'): +--- a/Lib/email/utils.py ++++ b/Lib/email/utils.py +@@ -48,6 +48,7 @@ TICK = "'" + specialsre = re.compile(r'[][\\()<>@,:;".]') + escapesre = re.compile(r'[\\"]') + ++ + def _has_surrogates(s): + """Return True if s contains surrogate-escaped binary data.""" + # This check is based on the fact that unless there are surrogates, utf8 +@@ -106,12 +107,127 @@ def formataddr(pair, charset='utf-8'): return address ++def _iter_escaped_chars(addr): ++ pos = 0 ++ escape = False ++ for pos, ch in enumerate(addr): ++ if escape: ++ yield (pos, '\\' + ch) ++ escape = False ++ elif ch == '\\': ++ escape = True ++ else: ++ yield (pos, ch) ++ if escape: ++ yield (pos, '\\') ++ ++ ++def _strip_quoted_realnames(addr): ++ """Strip real names between quotes.""" ++ if '"' not in addr: ++ # Fast path ++ return addr ++ ++ start = 0 ++ open_pos = None ++ result = [] ++ for pos, ch in _iter_escaped_chars(addr): ++ if ch == '"': ++ if open_pos is None: ++ open_pos = pos ++ else: ++ if start != open_pos: ++ result.append(addr[start:open_pos]) ++ start = pos + 1 ++ open_pos = None + +-def getaddresses(fieldvalues): +- """Return a list of (REALNAME, EMAIL) for each fieldvalue.""" +- all = COMMASPACE.join(str(v) for v in fieldvalues) +- a = _AddressList(all) +- return a.addresslist ++ if start < len(addr): ++ result.append(addr[start:]) ++ ++ return ''.join(result) ++ ++ ++supports_strict_parsing = True ++ ++def getaddresses(fieldvalues, *, strict=True): ++ """Return a list of (REALNAME, EMAIL) or ('','') for each fieldvalue. ++ ++ When parsing fails for a fieldvalue, a 2-tuple of ('', '') is returned in ++ its place. ++ ++ If strict is true, use a strict parser which rejects malformed inputs. ++ """ ++ ++ # If strict is true, if the resulting list of parsed addresses is greater ++ # than the number of fieldvalues in the input list, a parsing error has ++ # occurred and consequently a list containing a single empty 2-tuple [('', ++ # '')] is returned in its place. This is done to avoid invalid output. ++ # ++ # Malformed input: getaddresses(['alice@example.com ']) ++ # Invalid output: [('', 'alice@example.com'), ('', 'bob@example.com')] ++ # Safe output: [('', '')] ++ ++ if not strict: ++ all = COMMASPACE.join(str(v) for v in fieldvalues) ++ a = _AddressList(all) ++ return a.addresslist ++ ++ fieldvalues = [str(v) for v in fieldvalues] ++ fieldvalues = _pre_parse_validation(fieldvalues) ++ addr = COMMASPACE.join(fieldvalues) ++ a = _AddressList(addr) ++ result = _post_parse_validation(a.addresslist) ++ ++ # Treat output as invalid if the number of addresses is not equal to the ++ # expected number of addresses. ++ n = 0 ++ for v in fieldvalues: ++ # When a comma is used in the Real Name part it is not a deliminator. ++ # So strip those out before counting the commas. ++ v = _strip_quoted_realnames(v) ++ # Expected number of addresses: 1 + number of commas ++ n += 1 + v.count(',') ++ if len(result) != n: ++ return [('', '')] ++ ++ return result ++ ++ ++def _check_parenthesis(addr): ++ # Ignore parenthesis in quoted real names. ++ addr = _strip_quoted_realnames(addr) ++ ++ opens = 0 ++ for pos, ch in _iter_escaped_chars(addr): ++ if ch == '(': ++ opens += 1 ++ elif ch == ')': ++ opens -= 1 ++ if opens < 0: ++ return False ++ return (opens == 0) ++ ++ +def _pre_parse_validation(email_header_fields): + accepted_values = [] + for v in email_header_fields: -+ s = v.replace('\\(', '').replace('\\)', '') -+ if s.count('(') != s.count(')'): ++ if not _check_parenthesis(v): + v = "('', '')" + accepted_values.append(v) + @@ -85,46 +196,32 @@ Index: Python-3.11.4/Lib/email/utils.py + accepted_values.append(v) + + return accepted_values -+ - - def getaddresses(fieldvalues): -- """Return a list of (REALNAME, EMAIL) for each fieldvalue.""" -- all = COMMASPACE.join(str(v) for v in fieldvalues) -+ """Return a list of (REALNAME, EMAIL) or ('','') for each fieldvalue. -+ -+ When parsing fails for a fieldvalue, a 2-tuple of ('', '') is returned in -+ its place. -+ -+ If the resulting list of parsed address is not the same as the number of -+ fieldvalues in the input list a parsing error has occurred. A list -+ containing a single empty 2-tuple [('', '')] is returned in its place. -+ This is done to avoid invalid output. -+ """ -+ fieldvalues = [str(v) for v in fieldvalues] -+ fieldvalues = _pre_parse_validation(fieldvalues) -+ all = COMMASPACE.join(v for v in fieldvalues) - a = _AddressList(all) -- return a.addresslist -+ result = _post_parse_validation(a.addresslist) -+ -+ n = 0 -+ for v in fieldvalues: -+ n += v.count(',') + 1 -+ -+ if len(result) != n: -+ return [('', '')] -+ -+ return result def _format_timetuple_and_zone(timetuple, zone): -@@ -212,9 +254,18 @@ def parseaddr(addr): +@@ -205,16 +321,33 @@ def parsedate_to_datetime(data): + tzinfo=datetime.timezone(datetime.timedelta(seconds=tz))) + + +-def parseaddr(addr): ++def parseaddr(addr, *, strict=True): + """ + Parse addr into its constituent realname and email address parts. + Return a tuple of realname and email address, unless the parse fails, in which case return a 2-tuple of ('', ''). ++ ++ If strict is True, use a strict parser which rejects malformed inputs. """ - addrs = _AddressList(addr).addresslist - if not addrs: - return '', '' ++ if not strict: ++ addrs = _AddressList(addr).addresslist ++ if not addrs: ++ return ('', '') ++ return addrs[0] ++ + if isinstance(addr, list): + addr = addr[0] + @@ -140,110 +237,225 @@ Index: Python-3.11.4/Lib/email/utils.py return addrs[0] -Index: Python-3.11.4/Lib/test/test_email/test_email.py -=================================================================== ---- Python-3.11.4.orig/Lib/test/test_email/test_email.py -+++ Python-3.11.4/Lib/test/test_email/test_email.py -@@ -3320,15 +3320,90 @@ Foo +--- a/Lib/test/test_email/test_email.py ++++ b/Lib/test/test_email/test_email.py +@@ -17,6 +17,7 @@ from unittest.mock import patch + + import email + import email.policy ++import email.utils + + from email.charset import Charset + from email.generator import Generator, DecodedGenerator, BytesGenerator +@@ -3321,15 +3322,137 @@ Foo [('Al Person', 'aperson@dom.ain'), ('Bud Person', 'bperson@dom.ain')]) -+ def test_getaddresses_parsing_errors(self): -+ """Test for parsing errors from CVE-2023-27043""" -+ eq = self.assertEqual -+ eq(utils.getaddresses(['alice@example.org(']), -+ [('', '')]) -+ eq(utils.getaddresses(['alice@example.org)']), -+ [('', '')]) -+ eq(utils.getaddresses(['alice@example.org<']), -+ [('', '')]) -+ eq(utils.getaddresses(['alice@example.org>']), -+ [('', '')]) -+ eq(utils.getaddresses(['alice@example.org@']), -+ [('', '')]) -+ eq(utils.getaddresses(['alice@example.org,']), -+ [('', 'alice@example.org'), ('', 'bob@example.com')]) -+ eq(utils.getaddresses(['alice@example.org;']), -+ [('', '')]) -+ eq(utils.getaddresses(['alice@example.org:']), -+ [('', '')]) -+ eq(utils.getaddresses(['alice@example.org.']), -+ [('', '')]) -+ eq(utils.getaddresses(['alice@example.org"']), -+ [('', '')]) -+ eq(utils.getaddresses(['alice@example.org[']), -+ [('', '')]) -+ eq(utils.getaddresses(['alice@example.org]']), -+ [('', '')]) ++ def test_parsing_errors(self): ++ """Test for parsing errors from CVE-2023-27043 and CVE-2019-16056""" ++ alice = 'alice@example.org' ++ bob = 'bob@example.com' ++ empty = ('', '') + -+ def test_parseaddr_parsing_errors(self): -+ """Test for parsing errors from CVE-2023-27043""" -+ eq = self.assertEqual -+ eq(utils.parseaddr(['alice@example.org(']), -+ ('', '')) -+ eq(utils.parseaddr(['alice@example.org)']), -+ ('', '')) -+ eq(utils.parseaddr(['alice@example.org<']), -+ ('', '')) -+ eq(utils.parseaddr(['alice@example.org>']), -+ ('', '')) -+ eq(utils.parseaddr(['alice@example.org@']), -+ ('', '')) -+ eq(utils.parseaddr(['alice@example.org,']), -+ ('', '')) -+ eq(utils.parseaddr(['alice@example.org;']), -+ ('', '')) -+ eq(utils.parseaddr(['alice@example.org:']), -+ ('', '')) -+ eq(utils.parseaddr(['alice@example.org.']), -+ ('', '')) -+ eq(utils.parseaddr(['alice@example.org"']), -+ ('', '')) -+ eq(utils.parseaddr(['alice@example.org[']), -+ ('', '')) -+ eq(utils.parseaddr(['alice@example.org]']), -+ ('', '')) ++ # Test utils.getaddresses() and utils.parseaddr() on malformed email ++ # addresses: default behavior (strict=True) rejects malformed address, ++ # and strict=False which tolerates malformed address. ++ for invalid_separator, expected_non_strict in ( ++ ('(', [(f'<{bob}>', alice)]), ++ (')', [('', alice), empty, ('', bob)]), ++ ('<', [('', alice), empty, ('', bob), empty]), ++ ('>', [('', alice), empty, ('', bob)]), ++ ('[', [('', f'{alice}[<{bob}>]')]), ++ (']', [('', alice), empty, ('', bob)]), ++ ('@', [empty, empty, ('', bob)]), ++ (';', [('', alice), empty, ('', bob)]), ++ (':', [('', alice), ('', bob)]), ++ ('.', [('', alice + '.'), ('', bob)]), ++ ('"', [('', alice), ('', f'<{bob}>')]), ++ ): ++ address = f'{alice}{invalid_separator}<{bob}>' ++ with self.subTest(address=address): ++ self.assertEqual(utils.getaddresses([address]), ++ [empty]) ++ self.assertEqual(utils.getaddresses([address], strict=False), ++ expected_non_strict) ++ ++ self.assertEqual(utils.parseaddr([address]), ++ empty) ++ self.assertEqual(utils.parseaddr([address], strict=False), ++ ('', address)) ++ ++ # Comma (',') is treated differently depending on strict parameter. ++ # Comma without quotes. ++ address = f'{alice},<{bob}>' ++ self.assertEqual(utils.getaddresses([address]), ++ [('', alice), ('', bob)]) ++ self.assertEqual(utils.getaddresses([address], strict=False), ++ [('', alice), ('', bob)]) ++ self.assertEqual(utils.parseaddr([address]), ++ empty) ++ self.assertEqual(utils.parseaddr([address], strict=False), ++ ('', address)) ++ ++ # Real name between quotes containing comma. ++ address = '"Alice, alice@example.org" ' ++ expected_strict = ('Alice, alice@example.org', 'bob@example.com') ++ self.assertEqual(utils.getaddresses([address]), [expected_strict]) ++ self.assertEqual(utils.getaddresses([address], strict=False), [expected_strict]) ++ self.assertEqual(utils.parseaddr([address]), expected_strict) ++ self.assertEqual(utils.parseaddr([address], strict=False), ++ ('', address)) ++ ++ # Valid parenthesis in comments. ++ address = 'alice@example.org (Alice)' ++ expected_strict = ('Alice', 'alice@example.org') ++ self.assertEqual(utils.getaddresses([address]), [expected_strict]) ++ self.assertEqual(utils.getaddresses([address], strict=False), [expected_strict]) ++ self.assertEqual(utils.parseaddr([address]), expected_strict) ++ self.assertEqual(utils.parseaddr([address], strict=False), ++ ('', address)) ++ ++ # Invalid parenthesis in comments. ++ address = 'alice@example.org )Alice(' ++ self.assertEqual(utils.getaddresses([address]), [empty]) ++ self.assertEqual(utils.getaddresses([address], strict=False), ++ [('', 'alice@example.org'), ('', ''), ('', 'Alice')]) ++ self.assertEqual(utils.parseaddr([address]), empty) ++ self.assertEqual(utils.parseaddr([address], strict=False), ++ ('', address)) ++ ++ # Two addresses with quotes separated by comma. ++ address = '"Jane Doe" , "John Doe" ' ++ self.assertEqual(utils.getaddresses([address]), ++ [('Jane Doe', 'jane@example.net'), ++ ('John Doe', 'john@example.net')]) ++ self.assertEqual(utils.getaddresses([address], strict=False), ++ [('Jane Doe', 'jane@example.net'), ++ ('John Doe', 'john@example.net')]) ++ self.assertEqual(utils.parseaddr([address]), empty) ++ self.assertEqual(utils.parseaddr([address], strict=False), ++ ('', address)) ++ ++ # Test email.utils.supports_strict_parsing attribute ++ self.assertEqual(email.utils.supports_strict_parsing, True) + def test_getaddresses_nasty(self): - eq = self.assertEqual - eq(utils.getaddresses(['foo: ;']), [('', '')]) +- eq = self.assertEqual +- eq(utils.getaddresses(['foo: ;']), [('', '')]) - eq(utils.getaddresses( - ['[]*-- =~$']), - [('', ''), ('', ''), ('', '*--')]) -+ eq(utils.getaddresses(['[]*-- =~$']), [('', '')]) - eq(utils.getaddresses( - ['foo: ;', '"Jason R. Mastaler" ']), - [('', ''), ('Jason R. Mastaler', 'jason@dom.ain')]) -+ eq(utils.getaddresses( -+ [r'Pete(A nice \) chap) ']), -+ [('Pete (A nice ) chap his account his host)', 'pete@silly.test')]) -+ eq(utils.getaddresses( -+ ['(Empty list)(start)Undisclosed recipients :(nobody(I know))']), -+ [('', '')]) -+ eq(utils.getaddresses( -+ ['Mary <@machine.tld:mary@example.net>, , jdoe@test . example']), -+ [('Mary', 'mary@example.net'), ('', ''), ('', 'jdoe@test.example')]) -+ eq(utils.getaddresses( -+ ['John Doe ']), -+ [('John Doe (comment)', 'jdoe@machine.example')]) -+ eq(utils.getaddresses( -+ ['"Mary Smith: Personal Account" ']), -+ [('Mary Smith: Personal Account', 'smith@home.example')]) -+ eq(utils.getaddresses( -+ ['Undisclosed recipients:;']), -+ [('', '')]) -+ eq(utils.getaddresses( -+ [r', "Giant; \"Big\" Box" ']), -+ [('', 'boss@nil.test'), ('Giant; "Big" Box', 'bob@example.net')]) +- eq(utils.getaddresses( +- ['foo: ;', '"Jason R. Mastaler" ']), +- [('', ''), ('Jason R. Mastaler', 'jason@dom.ain')]) ++ for addresses, expected in ( ++ (['"Sürname, Firstname" '], ++ [('Sürname, Firstname', 'to@example.com')]), ++ ++ (['foo: ;'], ++ [('', '')]), ++ ++ (['foo: ;', '"Jason R. Mastaler" '], ++ [('', ''), ('Jason R. Mastaler', 'jason@dom.ain')]), ++ ++ ([r'Pete(A nice \) chap) '], ++ [('Pete (A nice ) chap his account his host)', 'pete@silly.test')]), ++ ++ (['(Empty list)(start)Undisclosed recipients :(nobody(I know))'], ++ [('', '')]), ++ ++ (['Mary <@machine.tld:mary@example.net>, , jdoe@test . example'], ++ [('Mary', 'mary@example.net'), ('', ''), ('', 'jdoe@test.example')]), ++ ++ (['John Doe '], ++ [('John Doe (comment)', 'jdoe@machine.example')]), ++ ++ (['"Mary Smith: Personal Account" '], ++ [('Mary Smith: Personal Account', 'smith@home.example')]), ++ ++ (['Undisclosed recipients:;'], ++ [('', '')]), ++ ++ ([r', "Giant; \"Big\" Box" '], ++ [('', 'boss@nil.test'), ('Giant; "Big" Box', 'bob@example.net')]), ++ ): ++ with self.subTest(addresses=addresses): ++ self.assertEqual(utils.getaddresses(addresses), ++ expected) ++ self.assertEqual(utils.getaddresses(addresses, strict=False), ++ expected) ++ ++ addresses = ['[]*-- =~$'] ++ self.assertEqual(utils.getaddresses(addresses), ++ [('', '')]) ++ self.assertEqual(utils.getaddresses(addresses, strict=False), ++ [('', ''), ('', ''), ('', '*--')]) def test_getaddresses_embedded_comment(self): """Test proper handling of a nested comment""" -Index: Python-3.11.4/Misc/NEWS.d/next/Security/2023-06-13-20-52-24.gh-issue-102988.Kei7Vf.rst -=================================================================== +@@ -3520,6 +3643,54 @@ multipart/report + m = cls(*constructor, policy=email.policy.default) + self.assertIs(m.policy, email.policy.default) + ++ def test_iter_escaped_chars(self): ++ self.assertEqual(list(utils._iter_escaped_chars(r'a\\b\"c\\"d')), ++ [(0, 'a'), ++ (2, '\\\\'), ++ (3, 'b'), ++ (5, '\\"'), ++ (6, 'c'), ++ (8, '\\\\'), ++ (9, '"'), ++ (10, 'd')]) ++ self.assertEqual(list(utils._iter_escaped_chars('a\\')), ++ [(0, 'a'), (1, '\\')]) ++ ++ def test_strip_quoted_realnames(self): ++ def check(addr, expected): ++ self.assertEqual(utils._strip_quoted_realnames(addr), expected) ++ ++ check('"Jane Doe" , "John Doe" ', ++ ' , ') ++ check(r'"Jane \"Doe\"." ', ++ ' ') ++ ++ # special cases ++ check(r'before"name"after', 'beforeafter') ++ check(r'before"name"', 'before') ++ check(r'b"name"', 'b') # single char ++ check(r'"name"after', 'after') ++ check(r'"name"a', 'a') # single char ++ check(r'"name"', '') ++ ++ # no change ++ for addr in ( ++ 'Jane Doe , John Doe ', ++ 'lone " quote', ++ ): ++ self.assertEqual(utils._strip_quoted_realnames(addr), addr) ++ ++ ++ def test_check_parenthesis(self): ++ addr = 'alice@example.net' ++ self.assertTrue(utils._check_parenthesis(f'{addr} (Alice)')) ++ self.assertFalse(utils._check_parenthesis(f'{addr} )Alice(')) ++ self.assertFalse(utils._check_parenthesis(f'{addr} (Alice))')) ++ self.assertFalse(utils._check_parenthesis(f'{addr} ((Alice)')) ++ ++ # Ignore real name between quotes ++ self.assertTrue(utils._check_parenthesis(f'")Alice((" {addr}')) ++ + + # Test the iterator/generators + class TestIterators(TestEmailBase): --- /dev/null -+++ Python-3.11.4/Misc/NEWS.d/next/Security/2023-06-13-20-52-24.gh-issue-102988.Kei7Vf.rst -@@ -0,0 +1,4 @@ -+CVE-2023-27043: Prevent :func:`email.utils.parseaddr` -+and :func:`email.utils.getaddresses` from returning the realname portion of an -+invalid RFC2822 email header in the email address portion of the 2-tuple -+returned after being parsed by :class:`email._parseaddr.AddressList`. ++++ b/Misc/NEWS.d/next/Library/2023-10-20-15-28-08.gh-issue-102988.dStNO7.rst +@@ -0,0 +1,8 @@ ++:func:`email.utils.getaddresses` and :func:`email.utils.parseaddr` now ++return ``('', '')`` 2-tuples in more situations where invalid email ++addresses are encountered instead of potentially inaccurate values. Add ++optional *strict* parameter to these two functions: use ``strict=False`` to ++get the old behavior, accept malformed inputs. ++``getattr(email.utils, 'supports_strict_parsing', False)`` can be use to check ++if the *strict* paramater is available. Patch by Thomas Dwyer and Victor ++Stinner to improve the CVE-2023-27043 fix. diff --git a/python311.changes b/python311.changes index af0f2b6..324f3d9 100644 --- a/python311.changes +++ b/python311.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Mon Dec 18 16:20:58 UTC 2023 - Matej Cepl + +- Refresh CVE-2023-27043-email-parsing-errors.patch to + gh#python/cpython!111116, fixing bsc#1210638 (CVE-2023-27043). +- Thus we can remove Revert-gh105127-left-tests.patch, which is + now useless. + ------------------------------------------------------------------- Fri Dec 15 10:04:33 UTC 2023 - Daniel Garcia diff --git a/python311.spec b/python311.spec index 0e3c740..16f2357 100644 --- a/python311.spec +++ b/python311.spec @@ -165,9 +165,6 @@ Patch39: skip_if_buildbot-extend.patch # Detect email address parsing errors and return empty tuple to # indicate the parsing error (old API) Patch40: CVE-2023-27043-email-parsing-errors.patch -# PATCH-FIX-UPSTREAM Revert-gh105127-left-tests.patch bsc#1210638 mcepl@suse.com -# Partially revert previous patch -Patch41: Revert-gh105127-left-tests.patch BuildRequires: autoconf-archive BuildRequires: automake BuildRequires: fdupes @@ -428,7 +425,6 @@ other applications. %patch36 -p1 %patch39 -p1 %patch40 -p1 -%patch41 -p1 # drop Autoconf version requirement sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac -- 2.51.1 From 09c88531399620c4a7e8308bbe5d983dd0b121e761ad8d1cb816df2e1f206985 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Mon, 18 Dec 2023 16:25:59 +0000 Subject: [PATCH 067/135] Remove reverting patch OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=92 --- Revert-gh105127-left-tests.patch | 283 ------------------------------- 1 file changed, 283 deletions(-) delete mode 100644 Revert-gh105127-left-tests.patch diff --git a/Revert-gh105127-left-tests.patch b/Revert-gh105127-left-tests.patch deleted file mode 100644 index 87ce40a..0000000 --- a/Revert-gh105127-left-tests.patch +++ /dev/null @@ -1,283 +0,0 @@ -From 4288c623d62cf90d8e4444facb3379fb06d01140 Mon Sep 17 00:00:00 2001 -From: "Gregory P. Smith" -Date: Thu, 20 Jul 2023 20:30:52 -0700 -Subject: [PATCH] [3.12] gh-106669: Revert "gh-102988: Detect email address - parsing errors ... (GH-105127)" (GH-106733) - -This reverts commit 18dfbd035775c15533d13a98e56b1d2bf5c65f00. -Adds a regression test from the issue. - -See https://github.com/python/cpython/issues/106669.. -(cherry picked from commit a31dea1feb61793e48fa9aa5014f358352205c1d) - -Co-authored-by: Gregory P. Smith ---- - Doc/library/email.utils.rst | 26 -- - Lib/email/utils.py | 63 ------ - Lib/test/test_email/test_email.py | 96 +--------- - Misc/NEWS.d/next/Security/2023-06-13-20-52-24.gh-issue-102988.Kei7Vf.rst | 5 - 4 files changed, 31 insertions(+), 159 deletions(-) - create mode 100644 Misc/NEWS.d/next/Security/2023-06-13-20-52-24.gh-issue-102988.Kei7Vf.rst - -Index: Python-3.11.4/Doc/library/email.utils.rst -=================================================================== ---- Python-3.11.4.orig/Doc/library/email.utils.rst -+++ Python-3.11.4/Doc/library/email.utils.rst -@@ -67,11 +67,6 @@ of the new API. - *email address* parts. Returns a tuple of that information, unless the parse - fails, in which case a 2-tuple of ``('', '')`` is returned. - -- .. versionchanged:: 3.12 -- For security reasons, addresses that were ambiguous and could parse into -- multiple different addresses now cause ``('', '')`` to be returned -- instead of only one of the *potential* addresses. -- - - .. function:: formataddr(pair, charset='utf-8') - -@@ -94,7 +89,7 @@ of the new API. - This method returns a list of 2-tuples of the form returned by ``parseaddr()``. - *fieldvalues* is a sequence of header field values as might be returned by - :meth:`Message.get_all `. Here's a simple -- example that gets all the recipients of a message: -+ example that gets all the recipients of a message:: - - from email.utils import getaddresses - -@@ -104,25 +99,6 @@ of the new API. - resent_ccs = msg.get_all('resent-cc', []) - all_recipients = getaddresses(tos + ccs + resent_tos + resent_ccs) - -- When parsing fails for a single fieldvalue, a 2-tuple of ``('', '')`` -- is returned in its place. Other errors in parsing the list of -- addresses such as a fieldvalue seemingly parsing into multiple -- addresses may result in a list containing a single empty 2-tuple -- ``[('', '')]`` being returned rather than returning potentially -- invalid output. -- -- Example malformed input parsing: -- -- .. doctest:: -- -- >>> from email.utils import getaddresses -- >>> getaddresses(['alice@example.com ', 'me@example.com']) -- [('', '')] -- -- .. versionchanged:: 3.12 -- The 2-tuple of ``('', '')`` in the returned values when parsing -- fails were added as to address a security issue. -- - - .. function:: parsedate(date) - -Index: Python-3.11.4/Lib/email/utils.py -=================================================================== ---- Python-3.11.4.orig/Lib/email/utils.py -+++ Python-3.11.4/Lib/email/utils.py -@@ -106,54 +106,12 @@ def formataddr(pair, charset='utf-8'): - return address - - --def _pre_parse_validation(email_header_fields): -- accepted_values = [] -- for v in email_header_fields: -- s = v.replace('\\(', '').replace('\\)', '') -- if s.count('(') != s.count(')'): -- v = "('', '')" -- accepted_values.append(v) -- -- return accepted_values -- -- --def _post_parse_validation(parsed_email_header_tuples): -- accepted_values = [] -- # The parser would have parsed a correctly formatted domain-literal -- # The existence of an [ after parsing indicates a parsing failure -- for v in parsed_email_header_tuples: -- if '[' in v[1]: -- v = ('', '') -- accepted_values.append(v) -- -- return accepted_values -- - - def getaddresses(fieldvalues): -- """Return a list of (REALNAME, EMAIL) or ('','') for each fieldvalue. -- -- When parsing fails for a fieldvalue, a 2-tuple of ('', '') is returned in -- its place. -- -- If the resulting list of parsed address is not the same as the number of -- fieldvalues in the input list a parsing error has occurred. A list -- containing a single empty 2-tuple [('', '')] is returned in its place. -- This is done to avoid invalid output. -- """ -- fieldvalues = [str(v) for v in fieldvalues] -- fieldvalues = _pre_parse_validation(fieldvalues) -- all = COMMASPACE.join(v for v in fieldvalues) -+ """Return a list of (REALNAME, EMAIL) for each fieldvalue.""" -+ all = COMMASPACE.join(str(v) for v in fieldvalues) - a = _AddressList(all) -- result = _post_parse_validation(a.addresslist) -- -- n = 0 -- for v in fieldvalues: -- n += v.count(',') + 1 -- -- if len(result) != n: -- return [('', '')] -- -- return result -+ return a.addresslist - - - def _format_timetuple_and_zone(timetuple, zone): -@@ -254,18 +212,9 @@ def parseaddr(addr): - Return a tuple of realname and email address, unless the parse fails, in - which case return a 2-tuple of ('', ''). - """ -- if isinstance(addr, list): -- addr = addr[0] -- -- if not isinstance(addr, str): -- return ('', '') -- -- addr = _pre_parse_validation([addr])[0] -- addrs = _post_parse_validation(_AddressList(addr).addresslist) -- -- if not addrs or len(addrs) > 1: -- return ('', '') -- -+ addrs = _AddressList(addr).addresslist -+ if not addrs: -+ return '', '' - return addrs[0] - - -Index: Python-3.11.4/Lib/test/test_email/test_email.py -=================================================================== ---- Python-3.11.4.orig/Lib/test/test_email/test_email.py -+++ Python-3.11.4/Lib/test/test_email/test_email.py -@@ -3320,90 +3320,32 @@ Foo - [('Al Person', 'aperson@dom.ain'), - ('Bud Person', 'bperson@dom.ain')]) - -- def test_getaddresses_parsing_errors(self): -- """Test for parsing errors from CVE-2023-27043""" -- eq = self.assertEqual -- eq(utils.getaddresses(['alice@example.org(']), -- [('', '')]) -- eq(utils.getaddresses(['alice@example.org)']), -- [('', '')]) -- eq(utils.getaddresses(['alice@example.org<']), -- [('', '')]) -- eq(utils.getaddresses(['alice@example.org>']), -- [('', '')]) -- eq(utils.getaddresses(['alice@example.org@']), -- [('', '')]) -- eq(utils.getaddresses(['alice@example.org,']), -- [('', 'alice@example.org'), ('', 'bob@example.com')]) -- eq(utils.getaddresses(['alice@example.org;']), -- [('', '')]) -- eq(utils.getaddresses(['alice@example.org:']), -- [('', '')]) -- eq(utils.getaddresses(['alice@example.org.']), -- [('', '')]) -- eq(utils.getaddresses(['alice@example.org"']), -- [('', '')]) -- eq(utils.getaddresses(['alice@example.org[']), -- [('', '')]) -- eq(utils.getaddresses(['alice@example.org]']), -- [('', '')]) -- -- def test_parseaddr_parsing_errors(self): -- """Test for parsing errors from CVE-2023-27043""" -- eq = self.assertEqual -- eq(utils.parseaddr(['alice@example.org(']), -- ('', '')) -- eq(utils.parseaddr(['alice@example.org)']), -- ('', '')) -- eq(utils.parseaddr(['alice@example.org<']), -- ('', '')) -- eq(utils.parseaddr(['alice@example.org>']), -- ('', '')) -- eq(utils.parseaddr(['alice@example.org@']), -- ('', '')) -- eq(utils.parseaddr(['alice@example.org,']), -- ('', '')) -- eq(utils.parseaddr(['alice@example.org;']), -- ('', '')) -- eq(utils.parseaddr(['alice@example.org:']), -- ('', '')) -- eq(utils.parseaddr(['alice@example.org.']), -- ('', '')) -- eq(utils.parseaddr(['alice@example.org"']), -- ('', '')) -- eq(utils.parseaddr(['alice@example.org[']), -- ('', '')) -- eq(utils.parseaddr(['alice@example.org]']), -- ('', '')) -+ def test_getaddresses_comma_in_name(self): -+ """GH-106669 regression test.""" -+ self.assertEqual( -+ utils.getaddresses( -+ [ -+ '"Bud, Person" ', -+ 'aperson@dom.ain (Al Person)', -+ '"Mariusz Felisiak" ', -+ ] -+ ), -+ [ -+ ('Bud, Person', 'bperson@dom.ain'), -+ ('Al Person', 'aperson@dom.ain'), -+ ('Mariusz Felisiak', 'to@example.com'), -+ ], -+ ) - - def test_getaddresses_nasty(self): - eq = self.assertEqual - eq(utils.getaddresses(['foo: ;']), [('', '')]) -- eq(utils.getaddresses(['[]*-- =~$']), [('', '')]) -+ eq(utils.getaddresses( -+ ['[]*-- =~$']), -+ [('', ''), ('', ''), ('', '*--')]) - eq(utils.getaddresses( - ['foo: ;', '"Jason R. Mastaler" ']), - [('', ''), ('Jason R. Mastaler', 'jason@dom.ain')]) -- eq(utils.getaddresses( -- [r'Pete(A nice \) chap) ']), -- [('Pete (A nice ) chap his account his host)', 'pete@silly.test')]) -- eq(utils.getaddresses( -- ['(Empty list)(start)Undisclosed recipients :(nobody(I know))']), -- [('', '')]) -- eq(utils.getaddresses( -- ['Mary <@machine.tld:mary@example.net>, , jdoe@test . example']), -- [('Mary', 'mary@example.net'), ('', ''), ('', 'jdoe@test.example')]) -- eq(utils.getaddresses( -- ['John Doe ']), -- [('John Doe (comment)', 'jdoe@machine.example')]) -- eq(utils.getaddresses( -- ['"Mary Smith: Personal Account" ']), -- [('Mary Smith: Personal Account', 'smith@home.example')]) -- eq(utils.getaddresses( -- ['Undisclosed recipients:;']), -- [('', '')]) -- eq(utils.getaddresses( -- [r', "Giant; \"Big\" Box" ']), -- [('', 'boss@nil.test'), ('Giant; "Big" Box', 'bob@example.net')]) - - def test_getaddresses_embedded_comment(self): - """Test proper handling of a nested comment""" -Index: Python-3.11.4/Misc/NEWS.d/next/Security/2023-06-13-20-52-24.gh-issue-102988.Kei7Vf.rst -=================================================================== ---- Python-3.11.4.orig/Misc/NEWS.d/next/Security/2023-06-13-20-52-24.gh-issue-102988.Kei7Vf.rst -+++ Python-3.11.4/Misc/NEWS.d/next/Security/2023-06-13-20-52-24.gh-issue-102988.Kei7Vf.rst -@@ -1,3 +1,8 @@ -+Reverted the :mod:`email.utils` security improvement change released in -+3.12beta4 that unintentionally caused :mod:`email.utils.getaddresses` to fail -+to parse email addresses with a comma in the quoted name field. -+See :gh:`106669`. -+ - CVE-2023-27043: Prevent :func:`email.utils.parseaddr` - and :func:`email.utils.getaddresses` from returning the realname portion of an - invalid RFC2822 email header in the email address portion of the 2-tuple -- 2.51.1 From 727f4c9b01ba0826e283dada3ef85f7aa32680ed33c6a52cc7e1b9cbd230db38 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Tue, 19 Dec 2023 15:22:13 +0000 Subject: [PATCH 068/135] Accepting request 1134053 from devel:languages:python:Factory revert OBS-URL: https://build.opensuse.org/request/show/1134053 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=93 --- CVE-2023-27043-email-parsing-errors.patch | 548 +++++++--------------- Revert-gh105127-left-tests.patch | 283 +++++++++++ python311.changes | 8 - python311.spec | 4 + 4 files changed, 455 insertions(+), 388 deletions(-) create mode 100644 Revert-gh105127-left-tests.patch diff --git a/CVE-2023-27043-email-parsing-errors.patch b/CVE-2023-27043-email-parsing-errors.patch index 6e4cc64..7aec4a2 100644 --- a/CVE-2023-27043-email-parsing-errors.patch +++ b/CVE-2023-27043-email-parsing-errors.patch @@ -1,185 +1,74 @@ --- - Doc/library/email.utils.rst | 19 - - Lib/email/utils.py | 151 +++++++- - Lib/test/test_email/test_email.py | 187 +++++++++- - Misc/NEWS.d/next/Library/2023-10-20-15-28-08.gh-issue-102988.dStNO7.rst | 8 - 4 files changed, 344 insertions(+), 21 deletions(-) + Doc/library/email.utils.rst | 26 +++ + Lib/email/utils.py | 63 +++++++ + Lib/test/test_email/test_email.py | 81 +++++++++- + Misc/NEWS.d/next/Security/2023-06-13-20-52-24.gh-issue-102988.Kei7Vf.rst | 4 + 4 files changed, 164 insertions(+), 10 deletions(-) ---- a/Doc/library/email.utils.rst -+++ b/Doc/library/email.utils.rst -@@ -60,13 +60,18 @@ of the new API. - begins with angle brackets, they are stripped off. - - --.. function:: parseaddr(address) -+.. function:: parseaddr(address, *, strict=True) - - Parse address -- which should be the value of some address-containing field such - as :mailheader:`To` or :mailheader:`Cc` -- into its constituent *realname* and +Index: Python-3.11.4/Doc/library/email.utils.rst +=================================================================== +--- Python-3.11.4.orig/Doc/library/email.utils.rst ++++ Python-3.11.4/Doc/library/email.utils.rst +@@ -67,6 +67,11 @@ of the new API. *email address* parts. Returns a tuple of that information, unless the parse fails, in which case a 2-tuple of ``('', '')`` is returned. -+ If *strict* is true, use a strict parser which rejects malformed inputs. -+ -+ .. versionchanged:: 3.13 -+ Add *strict* optional parameter and reject malformed inputs by default. ++ .. versionchanged:: 3.12 ++ For security reasons, addresses that were ambiguous and could parse into ++ multiple different addresses now cause ``('', '')`` to be returned ++ instead of only one of the *potential* addresses. + .. function:: formataddr(pair, charset='utf-8') -@@ -84,12 +89,15 @@ of the new API. - Added the *charset* option. - - --.. function:: getaddresses(fieldvalues) -+.. function:: getaddresses(fieldvalues, *, strict=True) - +@@ -89,7 +94,7 @@ of the new API. This method returns a list of 2-tuples of the form returned by ``parseaddr()``. *fieldvalues* is a sequence of header field values as might be returned by -- :meth:`Message.get_all `. Here's a simple + :meth:`Message.get_all `. Here's a simple - example that gets all the recipients of a message:: -+ :meth:`Message.get_all `. -+ -+ If *strict* is true, use a strict parser which rejects malformed inputs. -+ -+ Here's a simple example that gets all the recipients of a message:: ++ example that gets all the recipients of a message: from email.utils import getaddresses -@@ -99,6 +107,9 @@ of the new API. +@@ -99,6 +104,25 @@ of the new API. resent_ccs = msg.get_all('resent-cc', []) all_recipients = getaddresses(tos + ccs + resent_tos + resent_ccs) -+ .. versionchanged:: 3.13 -+ Add *strict* optional parameter and reject malformed inputs by default. ++ When parsing fails for a single fieldvalue, a 2-tuple of ``('', '')`` ++ is returned in its place. Other errors in parsing the list of ++ addresses such as a fieldvalue seemingly parsing into multiple ++ addresses may result in a list containing a single empty 2-tuple ++ ``[('', '')]`` being returned rather than returning potentially ++ invalid output. ++ ++ Example malformed input parsing: ++ ++ .. doctest:: ++ ++ >>> from email.utils import getaddresses ++ >>> getaddresses(['alice@example.com ', 'me@example.com']) ++ [('', '')] ++ ++ .. versionchanged:: 3.12 ++ The 2-tuple of ``('', '')`` in the returned values when parsing ++ fails were added as to address a security issue. + .. function:: parsedate(date) ---- a/Lib/email/utils.py -+++ b/Lib/email/utils.py -@@ -48,6 +48,7 @@ TICK = "'" - specialsre = re.compile(r'[][\\()<>@,:;".]') - escapesre = re.compile(r'[\\"]') - -+ - def _has_surrogates(s): - """Return True if s contains surrogate-escaped binary data.""" - # This check is based on the fact that unless there are surrogates, utf8 -@@ -106,12 +107,127 @@ def formataddr(pair, charset='utf-8'): +Index: Python-3.11.4/Lib/email/utils.py +=================================================================== +--- Python-3.11.4.orig/Lib/email/utils.py ++++ Python-3.11.4/Lib/email/utils.py +@@ -106,12 +106,54 @@ def formataddr(pair, charset='utf-8'): return address -+def _iter_escaped_chars(addr): -+ pos = 0 -+ escape = False -+ for pos, ch in enumerate(addr): -+ if escape: -+ yield (pos, '\\' + ch) -+ escape = False -+ elif ch == '\\': -+ escape = True -+ else: -+ yield (pos, ch) -+ if escape: -+ yield (pos, '\\') -+ -+ -+def _strip_quoted_realnames(addr): -+ """Strip real names between quotes.""" -+ if '"' not in addr: -+ # Fast path -+ return addr -+ -+ start = 0 -+ open_pos = None -+ result = [] -+ for pos, ch in _iter_escaped_chars(addr): -+ if ch == '"': -+ if open_pos is None: -+ open_pos = pos -+ else: -+ if start != open_pos: -+ result.append(addr[start:open_pos]) -+ start = pos + 1 -+ open_pos = None - --def getaddresses(fieldvalues): -- """Return a list of (REALNAME, EMAIL) for each fieldvalue.""" -- all = COMMASPACE.join(str(v) for v in fieldvalues) -- a = _AddressList(all) -- return a.addresslist -+ if start < len(addr): -+ result.append(addr[start:]) -+ -+ return ''.join(result) -+ -+ -+supports_strict_parsing = True -+ -+def getaddresses(fieldvalues, *, strict=True): -+ """Return a list of (REALNAME, EMAIL) or ('','') for each fieldvalue. -+ -+ When parsing fails for a fieldvalue, a 2-tuple of ('', '') is returned in -+ its place. -+ -+ If strict is true, use a strict parser which rejects malformed inputs. -+ """ -+ -+ # If strict is true, if the resulting list of parsed addresses is greater -+ # than the number of fieldvalues in the input list, a parsing error has -+ # occurred and consequently a list containing a single empty 2-tuple [('', -+ # '')] is returned in its place. This is done to avoid invalid output. -+ # -+ # Malformed input: getaddresses(['alice@example.com ']) -+ # Invalid output: [('', 'alice@example.com'), ('', 'bob@example.com')] -+ # Safe output: [('', '')] -+ -+ if not strict: -+ all = COMMASPACE.join(str(v) for v in fieldvalues) -+ a = _AddressList(all) -+ return a.addresslist -+ -+ fieldvalues = [str(v) for v in fieldvalues] -+ fieldvalues = _pre_parse_validation(fieldvalues) -+ addr = COMMASPACE.join(fieldvalues) -+ a = _AddressList(addr) -+ result = _post_parse_validation(a.addresslist) -+ -+ # Treat output as invalid if the number of addresses is not equal to the -+ # expected number of addresses. -+ n = 0 -+ for v in fieldvalues: -+ # When a comma is used in the Real Name part it is not a deliminator. -+ # So strip those out before counting the commas. -+ v = _strip_quoted_realnames(v) -+ # Expected number of addresses: 1 + number of commas -+ n += 1 + v.count(',') -+ if len(result) != n: -+ return [('', '')] -+ -+ return result -+ -+ -+def _check_parenthesis(addr): -+ # Ignore parenthesis in quoted real names. -+ addr = _strip_quoted_realnames(addr) -+ -+ opens = 0 -+ for pos, ch in _iter_escaped_chars(addr): -+ if ch == '(': -+ opens += 1 -+ elif ch == ')': -+ opens -= 1 -+ if opens < 0: -+ return False -+ return (opens == 0) -+ -+ +def _pre_parse_validation(email_header_fields): + accepted_values = [] + for v in email_header_fields: -+ if not _check_parenthesis(v): ++ s = v.replace('\\(', '').replace('\\)', '') ++ if s.count('(') != s.count(')'): + v = "('', '')" + accepted_values.append(v) + @@ -196,32 +85,46 @@ + accepted_values.append(v) + + return accepted_values ++ + + def getaddresses(fieldvalues): +- """Return a list of (REALNAME, EMAIL) for each fieldvalue.""" +- all = COMMASPACE.join(str(v) for v in fieldvalues) ++ """Return a list of (REALNAME, EMAIL) or ('','') for each fieldvalue. ++ ++ When parsing fails for a fieldvalue, a 2-tuple of ('', '') is returned in ++ its place. ++ ++ If the resulting list of parsed address is not the same as the number of ++ fieldvalues in the input list a parsing error has occurred. A list ++ containing a single empty 2-tuple [('', '')] is returned in its place. ++ This is done to avoid invalid output. ++ """ ++ fieldvalues = [str(v) for v in fieldvalues] ++ fieldvalues = _pre_parse_validation(fieldvalues) ++ all = COMMASPACE.join(v for v in fieldvalues) + a = _AddressList(all) +- return a.addresslist ++ result = _post_parse_validation(a.addresslist) ++ ++ n = 0 ++ for v in fieldvalues: ++ n += v.count(',') + 1 ++ ++ if len(result) != n: ++ return [('', '')] ++ ++ return result def _format_timetuple_and_zone(timetuple, zone): -@@ -205,16 +321,33 @@ def parsedate_to_datetime(data): - tzinfo=datetime.timezone(datetime.timedelta(seconds=tz))) - - --def parseaddr(addr): -+def parseaddr(addr, *, strict=True): - """ - Parse addr into its constituent realname and email address parts. - +@@ -212,9 +254,18 @@ def parseaddr(addr): Return a tuple of realname and email address, unless the parse fails, in which case return a 2-tuple of ('', ''). -+ -+ If strict is True, use a strict parser which rejects malformed inputs. """ - addrs = _AddressList(addr).addresslist - if not addrs: - return '', '' -+ if not strict: -+ addrs = _AddressList(addr).addresslist -+ if not addrs: -+ return ('', '') -+ return addrs[0] -+ + if isinstance(addr, list): + addr = addr[0] + @@ -237,225 +140,110 @@ return addrs[0] ---- a/Lib/test/test_email/test_email.py -+++ b/Lib/test/test_email/test_email.py -@@ -17,6 +17,7 @@ from unittest.mock import patch - - import email - import email.policy -+import email.utils - - from email.charset import Charset - from email.generator import Generator, DecodedGenerator, BytesGenerator -@@ -3321,15 +3322,137 @@ Foo +Index: Python-3.11.4/Lib/test/test_email/test_email.py +=================================================================== +--- Python-3.11.4.orig/Lib/test/test_email/test_email.py ++++ Python-3.11.4/Lib/test/test_email/test_email.py +@@ -3320,15 +3320,90 @@ Foo [('Al Person', 'aperson@dom.ain'), ('Bud Person', 'bperson@dom.ain')]) -+ def test_parsing_errors(self): -+ """Test for parsing errors from CVE-2023-27043 and CVE-2019-16056""" -+ alice = 'alice@example.org' -+ bob = 'bob@example.com' -+ empty = ('', '') ++ def test_getaddresses_parsing_errors(self): ++ """Test for parsing errors from CVE-2023-27043""" ++ eq = self.assertEqual ++ eq(utils.getaddresses(['alice@example.org(']), ++ [('', '')]) ++ eq(utils.getaddresses(['alice@example.org)']), ++ [('', '')]) ++ eq(utils.getaddresses(['alice@example.org<']), ++ [('', '')]) ++ eq(utils.getaddresses(['alice@example.org>']), ++ [('', '')]) ++ eq(utils.getaddresses(['alice@example.org@']), ++ [('', '')]) ++ eq(utils.getaddresses(['alice@example.org,']), ++ [('', 'alice@example.org'), ('', 'bob@example.com')]) ++ eq(utils.getaddresses(['alice@example.org;']), ++ [('', '')]) ++ eq(utils.getaddresses(['alice@example.org:']), ++ [('', '')]) ++ eq(utils.getaddresses(['alice@example.org.']), ++ [('', '')]) ++ eq(utils.getaddresses(['alice@example.org"']), ++ [('', '')]) ++ eq(utils.getaddresses(['alice@example.org[']), ++ [('', '')]) ++ eq(utils.getaddresses(['alice@example.org]']), ++ [('', '')]) + -+ # Test utils.getaddresses() and utils.parseaddr() on malformed email -+ # addresses: default behavior (strict=True) rejects malformed address, -+ # and strict=False which tolerates malformed address. -+ for invalid_separator, expected_non_strict in ( -+ ('(', [(f'<{bob}>', alice)]), -+ (')', [('', alice), empty, ('', bob)]), -+ ('<', [('', alice), empty, ('', bob), empty]), -+ ('>', [('', alice), empty, ('', bob)]), -+ ('[', [('', f'{alice}[<{bob}>]')]), -+ (']', [('', alice), empty, ('', bob)]), -+ ('@', [empty, empty, ('', bob)]), -+ (';', [('', alice), empty, ('', bob)]), -+ (':', [('', alice), ('', bob)]), -+ ('.', [('', alice + '.'), ('', bob)]), -+ ('"', [('', alice), ('', f'<{bob}>')]), -+ ): -+ address = f'{alice}{invalid_separator}<{bob}>' -+ with self.subTest(address=address): -+ self.assertEqual(utils.getaddresses([address]), -+ [empty]) -+ self.assertEqual(utils.getaddresses([address], strict=False), -+ expected_non_strict) -+ -+ self.assertEqual(utils.parseaddr([address]), -+ empty) -+ self.assertEqual(utils.parseaddr([address], strict=False), -+ ('', address)) -+ -+ # Comma (',') is treated differently depending on strict parameter. -+ # Comma without quotes. -+ address = f'{alice},<{bob}>' -+ self.assertEqual(utils.getaddresses([address]), -+ [('', alice), ('', bob)]) -+ self.assertEqual(utils.getaddresses([address], strict=False), -+ [('', alice), ('', bob)]) -+ self.assertEqual(utils.parseaddr([address]), -+ empty) -+ self.assertEqual(utils.parseaddr([address], strict=False), -+ ('', address)) -+ -+ # Real name between quotes containing comma. -+ address = '"Alice, alice@example.org" ' -+ expected_strict = ('Alice, alice@example.org', 'bob@example.com') -+ self.assertEqual(utils.getaddresses([address]), [expected_strict]) -+ self.assertEqual(utils.getaddresses([address], strict=False), [expected_strict]) -+ self.assertEqual(utils.parseaddr([address]), expected_strict) -+ self.assertEqual(utils.parseaddr([address], strict=False), -+ ('', address)) -+ -+ # Valid parenthesis in comments. -+ address = 'alice@example.org (Alice)' -+ expected_strict = ('Alice', 'alice@example.org') -+ self.assertEqual(utils.getaddresses([address]), [expected_strict]) -+ self.assertEqual(utils.getaddresses([address], strict=False), [expected_strict]) -+ self.assertEqual(utils.parseaddr([address]), expected_strict) -+ self.assertEqual(utils.parseaddr([address], strict=False), -+ ('', address)) -+ -+ # Invalid parenthesis in comments. -+ address = 'alice@example.org )Alice(' -+ self.assertEqual(utils.getaddresses([address]), [empty]) -+ self.assertEqual(utils.getaddresses([address], strict=False), -+ [('', 'alice@example.org'), ('', ''), ('', 'Alice')]) -+ self.assertEqual(utils.parseaddr([address]), empty) -+ self.assertEqual(utils.parseaddr([address], strict=False), -+ ('', address)) -+ -+ # Two addresses with quotes separated by comma. -+ address = '"Jane Doe" , "John Doe" ' -+ self.assertEqual(utils.getaddresses([address]), -+ [('Jane Doe', 'jane@example.net'), -+ ('John Doe', 'john@example.net')]) -+ self.assertEqual(utils.getaddresses([address], strict=False), -+ [('Jane Doe', 'jane@example.net'), -+ ('John Doe', 'john@example.net')]) -+ self.assertEqual(utils.parseaddr([address]), empty) -+ self.assertEqual(utils.parseaddr([address], strict=False), -+ ('', address)) -+ -+ # Test email.utils.supports_strict_parsing attribute -+ self.assertEqual(email.utils.supports_strict_parsing, True) ++ def test_parseaddr_parsing_errors(self): ++ """Test for parsing errors from CVE-2023-27043""" ++ eq = self.assertEqual ++ eq(utils.parseaddr(['alice@example.org(']), ++ ('', '')) ++ eq(utils.parseaddr(['alice@example.org)']), ++ ('', '')) ++ eq(utils.parseaddr(['alice@example.org<']), ++ ('', '')) ++ eq(utils.parseaddr(['alice@example.org>']), ++ ('', '')) ++ eq(utils.parseaddr(['alice@example.org@']), ++ ('', '')) ++ eq(utils.parseaddr(['alice@example.org,']), ++ ('', '')) ++ eq(utils.parseaddr(['alice@example.org;']), ++ ('', '')) ++ eq(utils.parseaddr(['alice@example.org:']), ++ ('', '')) ++ eq(utils.parseaddr(['alice@example.org.']), ++ ('', '')) ++ eq(utils.parseaddr(['alice@example.org"']), ++ ('', '')) ++ eq(utils.parseaddr(['alice@example.org[']), ++ ('', '')) ++ eq(utils.parseaddr(['alice@example.org]']), ++ ('', '')) + def test_getaddresses_nasty(self): -- eq = self.assertEqual -- eq(utils.getaddresses(['foo: ;']), [('', '')]) + eq = self.assertEqual + eq(utils.getaddresses(['foo: ;']), [('', '')]) - eq(utils.getaddresses( - ['[]*-- =~$']), - [('', ''), ('', ''), ('', '*--')]) -- eq(utils.getaddresses( -- ['foo: ;', '"Jason R. Mastaler" ']), -- [('', ''), ('Jason R. Mastaler', 'jason@dom.ain')]) -+ for addresses, expected in ( -+ (['"Sürname, Firstname" '], -+ [('Sürname, Firstname', 'to@example.com')]), -+ -+ (['foo: ;'], -+ [('', '')]), -+ -+ (['foo: ;', '"Jason R. Mastaler" '], -+ [('', ''), ('Jason R. Mastaler', 'jason@dom.ain')]), -+ -+ ([r'Pete(A nice \) chap) '], -+ [('Pete (A nice ) chap his account his host)', 'pete@silly.test')]), -+ -+ (['(Empty list)(start)Undisclosed recipients :(nobody(I know))'], -+ [('', '')]), -+ -+ (['Mary <@machine.tld:mary@example.net>, , jdoe@test . example'], -+ [('Mary', 'mary@example.net'), ('', ''), ('', 'jdoe@test.example')]), -+ -+ (['John Doe '], -+ [('John Doe (comment)', 'jdoe@machine.example')]), -+ -+ (['"Mary Smith: Personal Account" '], -+ [('Mary Smith: Personal Account', 'smith@home.example')]), -+ -+ (['Undisclosed recipients:;'], -+ [('', '')]), -+ -+ ([r', "Giant; \"Big\" Box" '], -+ [('', 'boss@nil.test'), ('Giant; "Big" Box', 'bob@example.net')]), -+ ): -+ with self.subTest(addresses=addresses): -+ self.assertEqual(utils.getaddresses(addresses), -+ expected) -+ self.assertEqual(utils.getaddresses(addresses, strict=False), -+ expected) -+ -+ addresses = ['[]*-- =~$'] -+ self.assertEqual(utils.getaddresses(addresses), -+ [('', '')]) -+ self.assertEqual(utils.getaddresses(addresses, strict=False), -+ [('', ''), ('', ''), ('', '*--')]) ++ eq(utils.getaddresses(['[]*-- =~$']), [('', '')]) + eq(utils.getaddresses( + ['foo: ;', '"Jason R. Mastaler" ']), + [('', ''), ('Jason R. Mastaler', 'jason@dom.ain')]) ++ eq(utils.getaddresses( ++ [r'Pete(A nice \) chap) ']), ++ [('Pete (A nice ) chap his account his host)', 'pete@silly.test')]) ++ eq(utils.getaddresses( ++ ['(Empty list)(start)Undisclosed recipients :(nobody(I know))']), ++ [('', '')]) ++ eq(utils.getaddresses( ++ ['Mary <@machine.tld:mary@example.net>, , jdoe@test . example']), ++ [('Mary', 'mary@example.net'), ('', ''), ('', 'jdoe@test.example')]) ++ eq(utils.getaddresses( ++ ['John Doe ']), ++ [('John Doe (comment)', 'jdoe@machine.example')]) ++ eq(utils.getaddresses( ++ ['"Mary Smith: Personal Account" ']), ++ [('Mary Smith: Personal Account', 'smith@home.example')]) ++ eq(utils.getaddresses( ++ ['Undisclosed recipients:;']), ++ [('', '')]) ++ eq(utils.getaddresses( ++ [r', "Giant; \"Big\" Box" ']), ++ [('', 'boss@nil.test'), ('Giant; "Big" Box', 'bob@example.net')]) def test_getaddresses_embedded_comment(self): """Test proper handling of a nested comment""" -@@ -3520,6 +3643,54 @@ multipart/report - m = cls(*constructor, policy=email.policy.default) - self.assertIs(m.policy, email.policy.default) - -+ def test_iter_escaped_chars(self): -+ self.assertEqual(list(utils._iter_escaped_chars(r'a\\b\"c\\"d')), -+ [(0, 'a'), -+ (2, '\\\\'), -+ (3, 'b'), -+ (5, '\\"'), -+ (6, 'c'), -+ (8, '\\\\'), -+ (9, '"'), -+ (10, 'd')]) -+ self.assertEqual(list(utils._iter_escaped_chars('a\\')), -+ [(0, 'a'), (1, '\\')]) -+ -+ def test_strip_quoted_realnames(self): -+ def check(addr, expected): -+ self.assertEqual(utils._strip_quoted_realnames(addr), expected) -+ -+ check('"Jane Doe" , "John Doe" ', -+ ' , ') -+ check(r'"Jane \"Doe\"." ', -+ ' ') -+ -+ # special cases -+ check(r'before"name"after', 'beforeafter') -+ check(r'before"name"', 'before') -+ check(r'b"name"', 'b') # single char -+ check(r'"name"after', 'after') -+ check(r'"name"a', 'a') # single char -+ check(r'"name"', '') -+ -+ # no change -+ for addr in ( -+ 'Jane Doe , John Doe ', -+ 'lone " quote', -+ ): -+ self.assertEqual(utils._strip_quoted_realnames(addr), addr) -+ -+ -+ def test_check_parenthesis(self): -+ addr = 'alice@example.net' -+ self.assertTrue(utils._check_parenthesis(f'{addr} (Alice)')) -+ self.assertFalse(utils._check_parenthesis(f'{addr} )Alice(')) -+ self.assertFalse(utils._check_parenthesis(f'{addr} (Alice))')) -+ self.assertFalse(utils._check_parenthesis(f'{addr} ((Alice)')) -+ -+ # Ignore real name between quotes -+ self.assertTrue(utils._check_parenthesis(f'")Alice((" {addr}')) -+ - - # Test the iterator/generators - class TestIterators(TestEmailBase): +Index: Python-3.11.4/Misc/NEWS.d/next/Security/2023-06-13-20-52-24.gh-issue-102988.Kei7Vf.rst +=================================================================== --- /dev/null -+++ b/Misc/NEWS.d/next/Library/2023-10-20-15-28-08.gh-issue-102988.dStNO7.rst -@@ -0,0 +1,8 @@ -+:func:`email.utils.getaddresses` and :func:`email.utils.parseaddr` now -+return ``('', '')`` 2-tuples in more situations where invalid email -+addresses are encountered instead of potentially inaccurate values. Add -+optional *strict* parameter to these two functions: use ``strict=False`` to -+get the old behavior, accept malformed inputs. -+``getattr(email.utils, 'supports_strict_parsing', False)`` can be use to check -+if the *strict* paramater is available. Patch by Thomas Dwyer and Victor -+Stinner to improve the CVE-2023-27043 fix. ++++ Python-3.11.4/Misc/NEWS.d/next/Security/2023-06-13-20-52-24.gh-issue-102988.Kei7Vf.rst +@@ -0,0 +1,4 @@ ++CVE-2023-27043: Prevent :func:`email.utils.parseaddr` ++and :func:`email.utils.getaddresses` from returning the realname portion of an ++invalid RFC2822 email header in the email address portion of the 2-tuple ++returned after being parsed by :class:`email._parseaddr.AddressList`. diff --git a/Revert-gh105127-left-tests.patch b/Revert-gh105127-left-tests.patch new file mode 100644 index 0000000..87ce40a --- /dev/null +++ b/Revert-gh105127-left-tests.patch @@ -0,0 +1,283 @@ +From 4288c623d62cf90d8e4444facb3379fb06d01140 Mon Sep 17 00:00:00 2001 +From: "Gregory P. Smith" +Date: Thu, 20 Jul 2023 20:30:52 -0700 +Subject: [PATCH] [3.12] gh-106669: Revert "gh-102988: Detect email address + parsing errors ... (GH-105127)" (GH-106733) + +This reverts commit 18dfbd035775c15533d13a98e56b1d2bf5c65f00. +Adds a regression test from the issue. + +See https://github.com/python/cpython/issues/106669.. +(cherry picked from commit a31dea1feb61793e48fa9aa5014f358352205c1d) + +Co-authored-by: Gregory P. Smith +--- + Doc/library/email.utils.rst | 26 -- + Lib/email/utils.py | 63 ------ + Lib/test/test_email/test_email.py | 96 +--------- + Misc/NEWS.d/next/Security/2023-06-13-20-52-24.gh-issue-102988.Kei7Vf.rst | 5 + 4 files changed, 31 insertions(+), 159 deletions(-) + create mode 100644 Misc/NEWS.d/next/Security/2023-06-13-20-52-24.gh-issue-102988.Kei7Vf.rst + +Index: Python-3.11.4/Doc/library/email.utils.rst +=================================================================== +--- Python-3.11.4.orig/Doc/library/email.utils.rst ++++ Python-3.11.4/Doc/library/email.utils.rst +@@ -67,11 +67,6 @@ of the new API. + *email address* parts. Returns a tuple of that information, unless the parse + fails, in which case a 2-tuple of ``('', '')`` is returned. + +- .. versionchanged:: 3.12 +- For security reasons, addresses that were ambiguous and could parse into +- multiple different addresses now cause ``('', '')`` to be returned +- instead of only one of the *potential* addresses. +- + + .. function:: formataddr(pair, charset='utf-8') + +@@ -94,7 +89,7 @@ of the new API. + This method returns a list of 2-tuples of the form returned by ``parseaddr()``. + *fieldvalues* is a sequence of header field values as might be returned by + :meth:`Message.get_all `. Here's a simple +- example that gets all the recipients of a message: ++ example that gets all the recipients of a message:: + + from email.utils import getaddresses + +@@ -104,25 +99,6 @@ of the new API. + resent_ccs = msg.get_all('resent-cc', []) + all_recipients = getaddresses(tos + ccs + resent_tos + resent_ccs) + +- When parsing fails for a single fieldvalue, a 2-tuple of ``('', '')`` +- is returned in its place. Other errors in parsing the list of +- addresses such as a fieldvalue seemingly parsing into multiple +- addresses may result in a list containing a single empty 2-tuple +- ``[('', '')]`` being returned rather than returning potentially +- invalid output. +- +- Example malformed input parsing: +- +- .. doctest:: +- +- >>> from email.utils import getaddresses +- >>> getaddresses(['alice@example.com ', 'me@example.com']) +- [('', '')] +- +- .. versionchanged:: 3.12 +- The 2-tuple of ``('', '')`` in the returned values when parsing +- fails were added as to address a security issue. +- + + .. function:: parsedate(date) + +Index: Python-3.11.4/Lib/email/utils.py +=================================================================== +--- Python-3.11.4.orig/Lib/email/utils.py ++++ Python-3.11.4/Lib/email/utils.py +@@ -106,54 +106,12 @@ def formataddr(pair, charset='utf-8'): + return address + + +-def _pre_parse_validation(email_header_fields): +- accepted_values = [] +- for v in email_header_fields: +- s = v.replace('\\(', '').replace('\\)', '') +- if s.count('(') != s.count(')'): +- v = "('', '')" +- accepted_values.append(v) +- +- return accepted_values +- +- +-def _post_parse_validation(parsed_email_header_tuples): +- accepted_values = [] +- # The parser would have parsed a correctly formatted domain-literal +- # The existence of an [ after parsing indicates a parsing failure +- for v in parsed_email_header_tuples: +- if '[' in v[1]: +- v = ('', '') +- accepted_values.append(v) +- +- return accepted_values +- + + def getaddresses(fieldvalues): +- """Return a list of (REALNAME, EMAIL) or ('','') for each fieldvalue. +- +- When parsing fails for a fieldvalue, a 2-tuple of ('', '') is returned in +- its place. +- +- If the resulting list of parsed address is not the same as the number of +- fieldvalues in the input list a parsing error has occurred. A list +- containing a single empty 2-tuple [('', '')] is returned in its place. +- This is done to avoid invalid output. +- """ +- fieldvalues = [str(v) for v in fieldvalues] +- fieldvalues = _pre_parse_validation(fieldvalues) +- all = COMMASPACE.join(v for v in fieldvalues) ++ """Return a list of (REALNAME, EMAIL) for each fieldvalue.""" ++ all = COMMASPACE.join(str(v) for v in fieldvalues) + a = _AddressList(all) +- result = _post_parse_validation(a.addresslist) +- +- n = 0 +- for v in fieldvalues: +- n += v.count(',') + 1 +- +- if len(result) != n: +- return [('', '')] +- +- return result ++ return a.addresslist + + + def _format_timetuple_and_zone(timetuple, zone): +@@ -254,18 +212,9 @@ def parseaddr(addr): + Return a tuple of realname and email address, unless the parse fails, in + which case return a 2-tuple of ('', ''). + """ +- if isinstance(addr, list): +- addr = addr[0] +- +- if not isinstance(addr, str): +- return ('', '') +- +- addr = _pre_parse_validation([addr])[0] +- addrs = _post_parse_validation(_AddressList(addr).addresslist) +- +- if not addrs or len(addrs) > 1: +- return ('', '') +- ++ addrs = _AddressList(addr).addresslist ++ if not addrs: ++ return '', '' + return addrs[0] + + +Index: Python-3.11.4/Lib/test/test_email/test_email.py +=================================================================== +--- Python-3.11.4.orig/Lib/test/test_email/test_email.py ++++ Python-3.11.4/Lib/test/test_email/test_email.py +@@ -3320,90 +3320,32 @@ Foo + [('Al Person', 'aperson@dom.ain'), + ('Bud Person', 'bperson@dom.ain')]) + +- def test_getaddresses_parsing_errors(self): +- """Test for parsing errors from CVE-2023-27043""" +- eq = self.assertEqual +- eq(utils.getaddresses(['alice@example.org(']), +- [('', '')]) +- eq(utils.getaddresses(['alice@example.org)']), +- [('', '')]) +- eq(utils.getaddresses(['alice@example.org<']), +- [('', '')]) +- eq(utils.getaddresses(['alice@example.org>']), +- [('', '')]) +- eq(utils.getaddresses(['alice@example.org@']), +- [('', '')]) +- eq(utils.getaddresses(['alice@example.org,']), +- [('', 'alice@example.org'), ('', 'bob@example.com')]) +- eq(utils.getaddresses(['alice@example.org;']), +- [('', '')]) +- eq(utils.getaddresses(['alice@example.org:']), +- [('', '')]) +- eq(utils.getaddresses(['alice@example.org.']), +- [('', '')]) +- eq(utils.getaddresses(['alice@example.org"']), +- [('', '')]) +- eq(utils.getaddresses(['alice@example.org[']), +- [('', '')]) +- eq(utils.getaddresses(['alice@example.org]']), +- [('', '')]) +- +- def test_parseaddr_parsing_errors(self): +- """Test for parsing errors from CVE-2023-27043""" +- eq = self.assertEqual +- eq(utils.parseaddr(['alice@example.org(']), +- ('', '')) +- eq(utils.parseaddr(['alice@example.org)']), +- ('', '')) +- eq(utils.parseaddr(['alice@example.org<']), +- ('', '')) +- eq(utils.parseaddr(['alice@example.org>']), +- ('', '')) +- eq(utils.parseaddr(['alice@example.org@']), +- ('', '')) +- eq(utils.parseaddr(['alice@example.org,']), +- ('', '')) +- eq(utils.parseaddr(['alice@example.org;']), +- ('', '')) +- eq(utils.parseaddr(['alice@example.org:']), +- ('', '')) +- eq(utils.parseaddr(['alice@example.org.']), +- ('', '')) +- eq(utils.parseaddr(['alice@example.org"']), +- ('', '')) +- eq(utils.parseaddr(['alice@example.org[']), +- ('', '')) +- eq(utils.parseaddr(['alice@example.org]']), +- ('', '')) ++ def test_getaddresses_comma_in_name(self): ++ """GH-106669 regression test.""" ++ self.assertEqual( ++ utils.getaddresses( ++ [ ++ '"Bud, Person" ', ++ 'aperson@dom.ain (Al Person)', ++ '"Mariusz Felisiak" ', ++ ] ++ ), ++ [ ++ ('Bud, Person', 'bperson@dom.ain'), ++ ('Al Person', 'aperson@dom.ain'), ++ ('Mariusz Felisiak', 'to@example.com'), ++ ], ++ ) + + def test_getaddresses_nasty(self): + eq = self.assertEqual + eq(utils.getaddresses(['foo: ;']), [('', '')]) +- eq(utils.getaddresses(['[]*-- =~$']), [('', '')]) ++ eq(utils.getaddresses( ++ ['[]*-- =~$']), ++ [('', ''), ('', ''), ('', '*--')]) + eq(utils.getaddresses( + ['foo: ;', '"Jason R. Mastaler" ']), + [('', ''), ('Jason R. Mastaler', 'jason@dom.ain')]) +- eq(utils.getaddresses( +- [r'Pete(A nice \) chap) ']), +- [('Pete (A nice ) chap his account his host)', 'pete@silly.test')]) +- eq(utils.getaddresses( +- ['(Empty list)(start)Undisclosed recipients :(nobody(I know))']), +- [('', '')]) +- eq(utils.getaddresses( +- ['Mary <@machine.tld:mary@example.net>, , jdoe@test . example']), +- [('Mary', 'mary@example.net'), ('', ''), ('', 'jdoe@test.example')]) +- eq(utils.getaddresses( +- ['John Doe ']), +- [('John Doe (comment)', 'jdoe@machine.example')]) +- eq(utils.getaddresses( +- ['"Mary Smith: Personal Account" ']), +- [('Mary Smith: Personal Account', 'smith@home.example')]) +- eq(utils.getaddresses( +- ['Undisclosed recipients:;']), +- [('', '')]) +- eq(utils.getaddresses( +- [r', "Giant; \"Big\" Box" ']), +- [('', 'boss@nil.test'), ('Giant; "Big" Box', 'bob@example.net')]) + + def test_getaddresses_embedded_comment(self): + """Test proper handling of a nested comment""" +Index: Python-3.11.4/Misc/NEWS.d/next/Security/2023-06-13-20-52-24.gh-issue-102988.Kei7Vf.rst +=================================================================== +--- Python-3.11.4.orig/Misc/NEWS.d/next/Security/2023-06-13-20-52-24.gh-issue-102988.Kei7Vf.rst ++++ Python-3.11.4/Misc/NEWS.d/next/Security/2023-06-13-20-52-24.gh-issue-102988.Kei7Vf.rst +@@ -1,3 +1,8 @@ ++Reverted the :mod:`email.utils` security improvement change released in ++3.12beta4 that unintentionally caused :mod:`email.utils.getaddresses` to fail ++to parse email addresses with a comma in the quoted name field. ++See :gh:`106669`. ++ + CVE-2023-27043: Prevent :func:`email.utils.parseaddr` + and :func:`email.utils.getaddresses` from returning the realname portion of an + invalid RFC2822 email header in the email address portion of the 2-tuple diff --git a/python311.changes b/python311.changes index 324f3d9..af0f2b6 100644 --- a/python311.changes +++ b/python311.changes @@ -1,11 +1,3 @@ -------------------------------------------------------------------- -Mon Dec 18 16:20:58 UTC 2023 - Matej Cepl - -- Refresh CVE-2023-27043-email-parsing-errors.patch to - gh#python/cpython!111116, fixing bsc#1210638 (CVE-2023-27043). -- Thus we can remove Revert-gh105127-left-tests.patch, which is - now useless. - ------------------------------------------------------------------- Fri Dec 15 10:04:33 UTC 2023 - Daniel Garcia diff --git a/python311.spec b/python311.spec index 16f2357..0e3c740 100644 --- a/python311.spec +++ b/python311.spec @@ -165,6 +165,9 @@ Patch39: skip_if_buildbot-extend.patch # Detect email address parsing errors and return empty tuple to # indicate the parsing error (old API) Patch40: CVE-2023-27043-email-parsing-errors.patch +# PATCH-FIX-UPSTREAM Revert-gh105127-left-tests.patch bsc#1210638 mcepl@suse.com +# Partially revert previous patch +Patch41: Revert-gh105127-left-tests.patch BuildRequires: autoconf-archive BuildRequires: automake BuildRequires: fdupes @@ -425,6 +428,7 @@ other applications. %patch36 -p1 %patch39 -p1 %patch40 -p1 +%patch41 -p1 # drop Autoconf version requirement sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac -- 2.51.1 From 5fae7e4a44ef1cf0d0f9ac5ac5dbcd054fb7a5f9e76da2d95412d2ef323d7a58 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Tue, 19 Dec 2023 15:24:17 +0000 Subject: [PATCH 069/135] Accepting request 1134054 from devel:languages:python:Factory revert OBS-URL: https://build.opensuse.org/request/show/1134054 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=94 --- Python-3.11.6.tar.xz | 3 + Python-3.11.6.tar.xz.asc | 16 ++++ Python-3.11.7.tar.xz | 3 - Python-3.11.7.tar.xz.asc | 16 ---- fix_configure_rst.patch | 26 +++--- python311.changes | 197 --------------------------------------- python311.spec | 2 +- 7 files changed, 33 insertions(+), 230 deletions(-) create mode 100644 Python-3.11.6.tar.xz create mode 100644 Python-3.11.6.tar.xz.asc delete mode 100644 Python-3.11.7.tar.xz delete mode 100644 Python-3.11.7.tar.xz.asc diff --git a/Python-3.11.6.tar.xz b/Python-3.11.6.tar.xz new file mode 100644 index 0000000..68fb387 --- /dev/null +++ b/Python-3.11.6.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:0fab78fa7f133f4f38210c6260d90d7c0d5c7198446419ce057ec7ac2e6f5f38 +size 20067204 diff --git a/Python-3.11.6.tar.xz.asc b/Python-3.11.6.tar.xz.asc new file mode 100644 index 0000000..0979fa7 --- /dev/null +++ b/Python-3.11.6.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEz9yiRbEEPPKl+Xhl/+h0BBaL2EcFAmUaybgACgkQ/+h0BBaL +2EdGzg//bg0KTy9DGWD56RUzCKaxdao+FVV2wS8FdghTvGJHM8uDehRESzj6Viag +bks/XuTmJ4xlaW+Ilje4VU5gkdgWt44S2ZGretn+zwrv6B5L697s1j4IOnyEywzm +rQ+a5aMRsW+m8kVoKDLsfbCcrwgxXEFln18y9Qp79QhbUpTVjp5vMwWdYyv2JnYb +G2QraFr0mQEhbVsiYpSVRWiacJi7JBuHTU/hNcN/q1ACf/CX3NSLDfL2bJEWNekg +JW3z0c81vLI9D+NkQ8xWOxgEO6G4Aav4F3t37ujuf2W/CI+NZlEknSt2ITxKeTHw +dwtIMXQc3MyG4ExnAwv1LqtL1H3Dm6SAE7sSyn4uG2uknk4xSuyoMIVMJefXmxbQ +Pd8v6/QnqT3U6MVuVlvCq4AWRotZwRpB7MdnpvA0t1tmANOA8i0MWrhCw0ccYk1a +X/3ewR0+RfQYkDvFfnJpbbsQlK+lhZgt/VmQNOHvWoc/tDnB73b2seOmGkx016TY +hozXE4FXtR+8qk9CfJTd8QRNST8KBUCB9C3eoLciruugmyrUvDLjki/u9GNOIl/b +kVJzcD6eQJC9BthJXuKaKDLKX1a1a9J8GUzVXsW1kuEMQHuv/v7Cf6MzmHWWO3QN +yRgqFXkic/U8RgSHUbtozo16GMlU+RDC6bQgZR7mfE0eFCJnD6U= +=mxrE +-----END PGP SIGNATURE----- diff --git a/Python-3.11.7.tar.xz b/Python-3.11.7.tar.xz deleted file mode 100644 index 8d3a65d..0000000 --- a/Python-3.11.7.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:18e1aa7e66ff3a58423d59ed22815a6954e53342122c45df20c96877c062b9b7 -size 20074108 diff --git a/Python-3.11.7.tar.xz.asc b/Python-3.11.7.tar.xz.asc deleted file mode 100644 index 3eee3d2..0000000 --- a/Python-3.11.7.tar.xz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCAAdFiEEz9yiRbEEPPKl+Xhl/+h0BBaL2EcFAmVuFigACgkQ/+h0BBaL -2EeHPg/+LU5xs2ZDrQogDcH+A1v8RyursiggypdM5hXTrsFsTCIk4iekcI9xkhG1 -ltNX4UuCe5PUEbTgtaWP0ncXARrUnPCoQaQ1sHVDTYoHegancsk+sXZc1JM7qr0p -Y4Ig6mKjuHFMXCInQSI2GaH4t5r4Z1jGk/PGrecIHOPJgqfA/6Z3TBF5N+y3jEvS -2QazMB298q4RDhh9m3REe8LwFPHDlfw9eRohv0MB8xygg9KtxhLZrN7gLBQZvKGD -ihNw6EgJj5OZ0dvwKCCXnlZuwknuJW7vAOPHhYeenPdVdYCGoRSyN7JdD07L+5AG -O14l2rqZrz5Eu28by+kAUrcPYAfAXekw1PmtT3HSd9U/nqnUiTkkJcjyGG/e3cjJ -sUDKMNCSBq0G7j5DB3bB6VHkZjVuz+T+iR5QdfJ4kI2pYSuE/rUj1rhkUXApYsHl -7Wff0QbOW6QT1wCtQcMpJSzkTDVJVYxiqrko/ihlOhphDHYLdOIGOrxWAUwc06x/ -BhJD6tM1kEVZvifoJp1OsNwDzZ/Ku6CUs05E1vWxdeNVeANyKAgCZ5hOVmhnv866 -11zfgo/znRsMzMIyJuy0bhO0C6omVLzzfhipAbZM2jDorn37xxV0v/I0pceNtLrp -YR7Tjs7+Ihe6/oItjW53j9T7ANdgQ1RVDg98lKlPFNL+hxfctwY= -=0Pkd ------END PGP SIGNATURE----- diff --git a/fix_configure_rst.patch b/fix_configure_rst.patch index e45e240..bd08f1d 100644 --- a/fix_configure_rst.patch +++ b/fix_configure_rst.patch @@ -3,37 +3,37 @@ Misc/NEWS | 2 +- 2 files changed, 1 insertion(+), 4 deletions(-) -Index: Python-3.11.7/Doc/using/configure.rst +Index: Python-3.11.6/Doc/using/configure.rst =================================================================== ---- Python-3.11.7.orig/Doc/using/configure.rst -+++ Python-3.11.7/Doc/using/configure.rst +--- Python-3.11.6.orig/Doc/using/configure.rst ++++ Python-3.11.6/Doc/using/configure.rst @@ -41,7 +41,6 @@ General Options See :data:`sys.int_info.bits_per_digit `. --.. option:: --with-cxx-main - .. option:: --with-cxx-main=COMPILER +-.. cmdoption:: --with-cxx-main + .. cmdoption:: --with-cxx-main=COMPILER Compile the Python ``main()`` function and link Python executable with C++ @@ -527,13 +526,11 @@ macOS Options See ``Mac/README.rst``. --.. option:: --enable-universalsdk - .. option:: --enable-universalsdk=SDKDIR +-.. cmdoption:: --enable-universalsdk + .. cmdoption:: --enable-universalsdk=SDKDIR Create a universal binary build. *SDKDIR* specifies which macOS SDK should be used to perform the build (default is no). --.. option:: --enable-framework - .. option:: --enable-framework=INSTALLDIR +-.. cmdoption:: --enable-framework + .. cmdoption:: --enable-framework=INSTALLDIR Create a Python.framework rather than a traditional Unix install. Optional -Index: Python-3.11.7/Misc/NEWS +Index: Python-3.11.6/Misc/NEWS =================================================================== ---- Python-3.11.7.orig/Misc/NEWS -+++ Python-3.11.7/Misc/NEWS -@@ -9012,7 +9012,7 @@ C API +--- Python-3.11.6.orig/Misc/NEWS ++++ Python-3.11.6/Misc/NEWS +@@ -8708,7 +8708,7 @@ C API - bpo-40939: Removed documentation for the removed ``PyParser_*`` C API. - bpo-43795: The list in :ref:`limited-api-list` now shows the public name diff --git a/python311.changes b/python311.changes index af0f2b6..944ef78 100644 --- a/python311.changes +++ b/python311.changes @@ -1,200 +1,3 @@ -------------------------------------------------------------------- -Fri Dec 15 10:04:33 UTC 2023 - Daniel Garcia - -- Update patch fix_configure_rst.patch -- Update to 3.11.7: - - Core and Builtins - - gh-112625: Fixes a bug where a bytearray object could be cleared - while iterating over an argument in the bytearray.join() method - that could result in reading memory after it was freed. - - gh-112388: Fix an error that was causing the parser to try to - overwrite tokenizer errors. Patch by pablo Galindo - - gh-112387: Fix error positions for decoded strings with - backwards tokenize errors. Patch by Pablo Galindo - - gh-112266: Change docstrings of __dict__ and __weakref__. - - gh-109181: Speed up Traceback object creation by lazily compute - the line number. Patch by Pablo Galindo - - gh-102388: Fix a bug where iso2022_jp_3 and iso2022_jp_2004 - codecs read out of bounds - - gh-111366: Fix an issue in the codeop that was causing - SyntaxError exceptions raised in the presence of invalid syntax - to not contain precise error messages. Patch by Pablo Galindo - - gh-111380: Fix a bug that was causing SyntaxWarning to appear - twice when parsing if invalid syntax is encountered later. Patch - by Pablo galindo - - gh-88116: Traceback location ranges involving wide unicode - characters (like emoji and asian characters) now are properly - highlighted. Patch by Batuhan Taskaya and Pablo Galindo. - - gh-94438: Fix a regression that prevented jumping across is None - and is not None when debugging. Patch by Savannah Ostrowski. - - gh-110696: Fix incorrect error message for invalid argument - unpacking. Patch by Pablo Galindo - - gh-110237: Fix missing error checks for calls to PyList_Append - in _PyEval_MatchClass. - - gh-109216: Fix possible memory leak in BUILD_MAP. - - - Library - - gh-112618: Fix a caching bug relating to typing.Annotated. - Annotated[str, True] is no longer identical to Annotated[str, - 1]. - - gh-112509: Fix edge cases that could cause a key to be present - in both the __required_keys__ and __optional_keys__ attributes - of a typing.TypedDict. Patch by Jelle Zijlstra. - - gh-94722: Fix bug where comparison between instances of DocTest - fails if one of them has None as its lineno. - - gh-112105: Make readline.set_completer_delims() work with - libedit - - gh-111942: Fix SystemError in the TextIOWrapper constructor with - non-encodable “errors” argument in non-debug mode. - - gh-109538: Issue warning message instead of having RuntimeError - be displayed when event loop has already been closed at - StreamWriter.__del__(). - - gh-111942: Fix crashes in io.TextIOWrapper.reconfigure() when - pass invalid arguments, e.g. non-string encoding. - - gh-111804: Remove posix.fallocate() under WASI as the underlying - posix_fallocate() is not available in WASI preview2. - - gh-111841: Fix truncating arguments on an embedded null - character in os.putenv() and os.unsetenv() on Windows. - - gh-111541: Fix doctest for SyntaxError not-builtin subclasses. - - gh-110894: Call loop exception handler for exceptions in - client_connected_cb of asyncio.start_server() so that - applications can handle it. Patch by Kumar Aditya. - - gh-111531: Fix reference leaks in bind_class() and bind_all() - methods of tkinter widgets. - - gh-111356: Added io.text_encoding(), io.DEFAULT_BUFFER_SIZE, and - io.IncrementalNewlineDecoder to io.__all__. - - gh-68166: Remove mention of not supported “vsapi” element type - in tkinter.ttk.Style.element_create(). Add tests for - element_create() and other ttk.Style methods. Add examples for - element_create() in the documentation. - - gh-111251: Fix _blake2 not checking for errors when - initializing. - - gh-111174: Fix crash in io.BytesIO.getbuffer() called repeatedly - for empty BytesIO. - - gh-111187: Postpone removal version for - locale.getdefaultlocale() to Python 3.15. - - gh-111159: Fix doctest output comparison for exceptions with - notes. - - gh-110910: Fix invalid state handling in asyncio.TaskGroup and - asyncio.Timeout. They now raise proper RuntimeError if they are - improperly used and are left in consistent state after this. - - gh-111092: Make turtledemo run without default root enabled. - - gh-110590: Fix a bug in _sre.compile() where TypeError would be - overwritten by OverflowError when the code argument was a list - of non-ints. - - gh-65052: Prevent pdb from crashing when trying to display - undisplayable objects - - gh-110519: Deprecation warning about non-integer number in - gettext now alwais refers to the line in the user code where - gettext function or method is used. Previously it could refer to - a line in gettext code. - - gh-110378: contextmanager() and asynccontextmanager() context - managers now close an invalid underlying generator object that - yields more then one value. - - gh-110365: Fix termios.tcsetattr() bug that was overwritting - existing errors during parsing integers from term list. - - gh-110196: Add __reduce__ method to IPv6Address in order to keep - scope_id - - gh-109747: Improve errors for unsupported look-behind patterns. - Now re.error is raised instead of OverflowError or RuntimeError - for too large width of look-behind pattern. - - gh-109786: Fix possible reference leaks and crash when re-enter - the __next__() method of itertools.pairwise. - - gh-108791: Improved error handling in pdb command line - interface, making it produce more concise error messages. - - gh-73561: Omit the interface scope from an IPv6 address when - used as Host header by http.client. - - gh-86826: zipinfo now supports the full range of values in the - TZ string determined by RFC 8536 and detects all invalid - formats. Both Python and C implementations now raise exceptions - of the same type on invalid data. - - bpo-41422: Fixed memory leaks of pickle.Pickler and - pickle.Unpickler involving cyclic references via the internal - memo mapping. - - bpo-40262: The ssl.SSLSocket.recv_into() method no longer - requires the buffer argument to implement __len__ and supports - buffers with arbitrary item size. - - bpo-35191: Fix unexpected integer truncation in - socket.setblocking() which caused it to interpret multiples of - 2**32 as False. - - - Documentation - - gh-108826: dis module command-line interface is now mentioned in - documentation. - - - Tests - - gh-110367: Make regrtest --verbose3 option compatible with - --huntrleaks -jN options. The ./python -m test -j1 -R 3:3 - --verbose3 command now works as expected. Patch by Victor - Stinner. - - gh-111309: distutils tests can now be run via unittest. - - gh-111165: Remove no longer used functions run_unittest() and - run_doctest() and class BasicTestRunner from the test.support - module. - - gh-110932: Fix regrtest if the SOURCE_DATE_EPOCH environment - variable is defined: use the variable value as the random seed. - Patch by Victor Stinner. - - gh-110995: test_gdb: Fix detection of gdb built without Python - scripting support. Patch by Victor Stinner. - - gh-110918: Test case matching patterns specified by options - --match, --ignore, --matchfile and --ignorefile are now tested - in the order of specification, and the last match determines - whether the test case be run or ignored. - - gh-110647: Fix test_stress_modifying_handlers() of test_signal. - Patch by Victor Stinner. - - gh-103053: Fix test_tools.test_freeze on FreeBSD: run “make - distclean” instead of “make clean” in the copied source - directory to remove also the “python” program. Patch by Victor - Stinner. - - gh-110167: Fix a deadlock in test_socket when server fails with - a timeout but the client is still running in its thread. Don’t - hold a lock to call cleanup functions in doCleanups(). One of - the cleanup function waits until the client completes, whereas - the client could deadlock if it called addCleanup() in such - situation. Patch by Victor Stinner. - - gh-110388: Add tests for tty. - - gh-81002: Add tests for termios. - - gh-110267: Add tests for pickling and copying PyStructSequence - objects. Patched by Xuehai Pan. - - gh-109974: Fix race conditions in test_threading lock tests. - Wait until a condition is met rather than using time.sleep() - with a hardcoded number of seconds. Patch by Victor Stinner. - - gh-109972: Split test_gdb.py file into a test_gdb package made - of multiple tests, so tests can now be run in parallel. Patch by - Victor Stinner. - - gh-104736: Fix test_gdb on Python built with LLVM clang 16 on - Linux ppc64le (ex: Fedora 38). Search patterns in gdb “bt” - command output to detect when gdb fails to retrieve the - traceback. For example, skip a test if Backtrace stopped: frame - did not save the PC is found. Patch by Victor Stinner. - - gh-108927: Fixed order dependence in running tests in the same - process when a test that has submodules (e.g. test_importlib) - follows a test that imports its submodule (e.g. - test_importlib.util) and precedes a test (e.g. test_unittest or - test_compileall) that uses that submodule. - - - Build - - gh-103053: “make check-clean-src” now also checks if the - “python” program is found in the source directory: fail with an - error if it does exist. Patch by Victor Stinner. - - gh-109191: Fix compile error when building with recent versions - of libedit. - - - IDLE - - bpo-35668: Add docstrings to the IDLE debugger module. Fix two - bugs: initialize Idb.botframe (should be in Bdb); in - Idb.in_rpc_code, check whether prev_frame is None before trying - to use it. Greatly expand test_debugger. - - - C API - - gh-112438: Fix support of format units “es”, “et”, “es#”, and - “et#” in nested tuples in PyArg_ParseTuple()-like functions. - - gh-109521: PyImport_GetImporter() now sets RuntimeError if it - fails to get sys.path_hooks or sys.path_importer_cache or they - are not list and dict correspondingly. Previously it could - return NULL without setting error in obscure cases, crash or - raise SystemError if these attributes have wrong type. - ------------------------------------------------------------------- Wed Nov 15 09:06:16 UTC 2023 - Daniel Garcia diff --git a/python311.spec b/python311.spec index 0e3c740..05e3990 100644 --- a/python311.spec +++ b/python311.spec @@ -94,7 +94,7 @@ %define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so %bcond_without profileopt Name: %{python_pkg_name}%{psuffix} -Version: 3.11.7 +Version: 3.11.6 Release: 0 Summary: Python 3 Interpreter License: Python-2.0 -- 2.51.1 From ebe00d33da868105a0688d591b7d6b51965cb95d4045772c83859504ca5e3189 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Tue, 19 Dec 2023 15:40:30 +0000 Subject: [PATCH 070/135] - Refresh CVE-2023-27043-email-parsing-errors.patch to gh#python/cpython!111116, fixing bsc#1210638 (CVE-2023-27043). - Thus we can remove Revert-gh105127-left-tests.patch, which is now useless. OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=95 --- CVE-2023-27043-email-parsing-errors.patch | 548 +++++++++++++++------- Revert-gh105127-left-tests.patch | 283 ----------- python311.changes | 8 + python311.spec | 4 - 4 files changed, 388 insertions(+), 455 deletions(-) delete mode 100644 Revert-gh105127-left-tests.patch diff --git a/CVE-2023-27043-email-parsing-errors.patch b/CVE-2023-27043-email-parsing-errors.patch index 7aec4a2..6e4cc64 100644 --- a/CVE-2023-27043-email-parsing-errors.patch +++ b/CVE-2023-27043-email-parsing-errors.patch @@ -1,74 +1,185 @@ --- - Doc/library/email.utils.rst | 26 +++ - Lib/email/utils.py | 63 +++++++ - Lib/test/test_email/test_email.py | 81 +++++++++- - Misc/NEWS.d/next/Security/2023-06-13-20-52-24.gh-issue-102988.Kei7Vf.rst | 4 - 4 files changed, 164 insertions(+), 10 deletions(-) + Doc/library/email.utils.rst | 19 - + Lib/email/utils.py | 151 +++++++- + Lib/test/test_email/test_email.py | 187 +++++++++- + Misc/NEWS.d/next/Library/2023-10-20-15-28-08.gh-issue-102988.dStNO7.rst | 8 + 4 files changed, 344 insertions(+), 21 deletions(-) -Index: Python-3.11.4/Doc/library/email.utils.rst -=================================================================== ---- Python-3.11.4.orig/Doc/library/email.utils.rst -+++ Python-3.11.4/Doc/library/email.utils.rst -@@ -67,6 +67,11 @@ of the new API. +--- a/Doc/library/email.utils.rst ++++ b/Doc/library/email.utils.rst +@@ -60,13 +60,18 @@ of the new API. + begins with angle brackets, they are stripped off. + + +-.. function:: parseaddr(address) ++.. function:: parseaddr(address, *, strict=True) + + Parse address -- which should be the value of some address-containing field such + as :mailheader:`To` or :mailheader:`Cc` -- into its constituent *realname* and *email address* parts. Returns a tuple of that information, unless the parse fails, in which case a 2-tuple of ``('', '')`` is returned. -+ .. versionchanged:: 3.12 -+ For security reasons, addresses that were ambiguous and could parse into -+ multiple different addresses now cause ``('', '')`` to be returned -+ instead of only one of the *potential* addresses. ++ If *strict* is true, use a strict parser which rejects malformed inputs. ++ ++ .. versionchanged:: 3.13 ++ Add *strict* optional parameter and reject malformed inputs by default. + .. function:: formataddr(pair, charset='utf-8') -@@ -89,7 +94,7 @@ of the new API. +@@ -84,12 +89,15 @@ of the new API. + Added the *charset* option. + + +-.. function:: getaddresses(fieldvalues) ++.. function:: getaddresses(fieldvalues, *, strict=True) + This method returns a list of 2-tuples of the form returned by ``parseaddr()``. *fieldvalues* is a sequence of header field values as might be returned by - :meth:`Message.get_all `. Here's a simple +- :meth:`Message.get_all `. Here's a simple - example that gets all the recipients of a message:: -+ example that gets all the recipients of a message: ++ :meth:`Message.get_all `. ++ ++ If *strict* is true, use a strict parser which rejects malformed inputs. ++ ++ Here's a simple example that gets all the recipients of a message:: from email.utils import getaddresses -@@ -99,6 +104,25 @@ of the new API. +@@ -99,6 +107,9 @@ of the new API. resent_ccs = msg.get_all('resent-cc', []) all_recipients = getaddresses(tos + ccs + resent_tos + resent_ccs) -+ When parsing fails for a single fieldvalue, a 2-tuple of ``('', '')`` -+ is returned in its place. Other errors in parsing the list of -+ addresses such as a fieldvalue seemingly parsing into multiple -+ addresses may result in a list containing a single empty 2-tuple -+ ``[('', '')]`` being returned rather than returning potentially -+ invalid output. -+ -+ Example malformed input parsing: -+ -+ .. doctest:: -+ -+ >>> from email.utils import getaddresses -+ >>> getaddresses(['alice@example.com ', 'me@example.com']) -+ [('', '')] -+ -+ .. versionchanged:: 3.12 -+ The 2-tuple of ``('', '')`` in the returned values when parsing -+ fails were added as to address a security issue. ++ .. versionchanged:: 3.13 ++ Add *strict* optional parameter and reject malformed inputs by default. + .. function:: parsedate(date) -Index: Python-3.11.4/Lib/email/utils.py -=================================================================== ---- Python-3.11.4.orig/Lib/email/utils.py -+++ Python-3.11.4/Lib/email/utils.py -@@ -106,12 +106,54 @@ def formataddr(pair, charset='utf-8'): +--- a/Lib/email/utils.py ++++ b/Lib/email/utils.py +@@ -48,6 +48,7 @@ TICK = "'" + specialsre = re.compile(r'[][\\()<>@,:;".]') + escapesre = re.compile(r'[\\"]') + ++ + def _has_surrogates(s): + """Return True if s contains surrogate-escaped binary data.""" + # This check is based on the fact that unless there are surrogates, utf8 +@@ -106,12 +107,127 @@ def formataddr(pair, charset='utf-8'): return address ++def _iter_escaped_chars(addr): ++ pos = 0 ++ escape = False ++ for pos, ch in enumerate(addr): ++ if escape: ++ yield (pos, '\\' + ch) ++ escape = False ++ elif ch == '\\': ++ escape = True ++ else: ++ yield (pos, ch) ++ if escape: ++ yield (pos, '\\') ++ ++ ++def _strip_quoted_realnames(addr): ++ """Strip real names between quotes.""" ++ if '"' not in addr: ++ # Fast path ++ return addr ++ ++ start = 0 ++ open_pos = None ++ result = [] ++ for pos, ch in _iter_escaped_chars(addr): ++ if ch == '"': ++ if open_pos is None: ++ open_pos = pos ++ else: ++ if start != open_pos: ++ result.append(addr[start:open_pos]) ++ start = pos + 1 ++ open_pos = None + +-def getaddresses(fieldvalues): +- """Return a list of (REALNAME, EMAIL) for each fieldvalue.""" +- all = COMMASPACE.join(str(v) for v in fieldvalues) +- a = _AddressList(all) +- return a.addresslist ++ if start < len(addr): ++ result.append(addr[start:]) ++ ++ return ''.join(result) ++ ++ ++supports_strict_parsing = True ++ ++def getaddresses(fieldvalues, *, strict=True): ++ """Return a list of (REALNAME, EMAIL) or ('','') for each fieldvalue. ++ ++ When parsing fails for a fieldvalue, a 2-tuple of ('', '') is returned in ++ its place. ++ ++ If strict is true, use a strict parser which rejects malformed inputs. ++ """ ++ ++ # If strict is true, if the resulting list of parsed addresses is greater ++ # than the number of fieldvalues in the input list, a parsing error has ++ # occurred and consequently a list containing a single empty 2-tuple [('', ++ # '')] is returned in its place. This is done to avoid invalid output. ++ # ++ # Malformed input: getaddresses(['alice@example.com ']) ++ # Invalid output: [('', 'alice@example.com'), ('', 'bob@example.com')] ++ # Safe output: [('', '')] ++ ++ if not strict: ++ all = COMMASPACE.join(str(v) for v in fieldvalues) ++ a = _AddressList(all) ++ return a.addresslist ++ ++ fieldvalues = [str(v) for v in fieldvalues] ++ fieldvalues = _pre_parse_validation(fieldvalues) ++ addr = COMMASPACE.join(fieldvalues) ++ a = _AddressList(addr) ++ result = _post_parse_validation(a.addresslist) ++ ++ # Treat output as invalid if the number of addresses is not equal to the ++ # expected number of addresses. ++ n = 0 ++ for v in fieldvalues: ++ # When a comma is used in the Real Name part it is not a deliminator. ++ # So strip those out before counting the commas. ++ v = _strip_quoted_realnames(v) ++ # Expected number of addresses: 1 + number of commas ++ n += 1 + v.count(',') ++ if len(result) != n: ++ return [('', '')] ++ ++ return result ++ ++ ++def _check_parenthesis(addr): ++ # Ignore parenthesis in quoted real names. ++ addr = _strip_quoted_realnames(addr) ++ ++ opens = 0 ++ for pos, ch in _iter_escaped_chars(addr): ++ if ch == '(': ++ opens += 1 ++ elif ch == ')': ++ opens -= 1 ++ if opens < 0: ++ return False ++ return (opens == 0) ++ ++ +def _pre_parse_validation(email_header_fields): + accepted_values = [] + for v in email_header_fields: -+ s = v.replace('\\(', '').replace('\\)', '') -+ if s.count('(') != s.count(')'): ++ if not _check_parenthesis(v): + v = "('', '')" + accepted_values.append(v) + @@ -85,46 +196,32 @@ Index: Python-3.11.4/Lib/email/utils.py + accepted_values.append(v) + + return accepted_values -+ - - def getaddresses(fieldvalues): -- """Return a list of (REALNAME, EMAIL) for each fieldvalue.""" -- all = COMMASPACE.join(str(v) for v in fieldvalues) -+ """Return a list of (REALNAME, EMAIL) or ('','') for each fieldvalue. -+ -+ When parsing fails for a fieldvalue, a 2-tuple of ('', '') is returned in -+ its place. -+ -+ If the resulting list of parsed address is not the same as the number of -+ fieldvalues in the input list a parsing error has occurred. A list -+ containing a single empty 2-tuple [('', '')] is returned in its place. -+ This is done to avoid invalid output. -+ """ -+ fieldvalues = [str(v) for v in fieldvalues] -+ fieldvalues = _pre_parse_validation(fieldvalues) -+ all = COMMASPACE.join(v for v in fieldvalues) - a = _AddressList(all) -- return a.addresslist -+ result = _post_parse_validation(a.addresslist) -+ -+ n = 0 -+ for v in fieldvalues: -+ n += v.count(',') + 1 -+ -+ if len(result) != n: -+ return [('', '')] -+ -+ return result def _format_timetuple_and_zone(timetuple, zone): -@@ -212,9 +254,18 @@ def parseaddr(addr): +@@ -205,16 +321,33 @@ def parsedate_to_datetime(data): + tzinfo=datetime.timezone(datetime.timedelta(seconds=tz))) + + +-def parseaddr(addr): ++def parseaddr(addr, *, strict=True): + """ + Parse addr into its constituent realname and email address parts. + Return a tuple of realname and email address, unless the parse fails, in which case return a 2-tuple of ('', ''). ++ ++ If strict is True, use a strict parser which rejects malformed inputs. """ - addrs = _AddressList(addr).addresslist - if not addrs: - return '', '' ++ if not strict: ++ addrs = _AddressList(addr).addresslist ++ if not addrs: ++ return ('', '') ++ return addrs[0] ++ + if isinstance(addr, list): + addr = addr[0] + @@ -140,110 +237,225 @@ Index: Python-3.11.4/Lib/email/utils.py return addrs[0] -Index: Python-3.11.4/Lib/test/test_email/test_email.py -=================================================================== ---- Python-3.11.4.orig/Lib/test/test_email/test_email.py -+++ Python-3.11.4/Lib/test/test_email/test_email.py -@@ -3320,15 +3320,90 @@ Foo +--- a/Lib/test/test_email/test_email.py ++++ b/Lib/test/test_email/test_email.py +@@ -17,6 +17,7 @@ from unittest.mock import patch + + import email + import email.policy ++import email.utils + + from email.charset import Charset + from email.generator import Generator, DecodedGenerator, BytesGenerator +@@ -3321,15 +3322,137 @@ Foo [('Al Person', 'aperson@dom.ain'), ('Bud Person', 'bperson@dom.ain')]) -+ def test_getaddresses_parsing_errors(self): -+ """Test for parsing errors from CVE-2023-27043""" -+ eq = self.assertEqual -+ eq(utils.getaddresses(['alice@example.org(']), -+ [('', '')]) -+ eq(utils.getaddresses(['alice@example.org)']), -+ [('', '')]) -+ eq(utils.getaddresses(['alice@example.org<']), -+ [('', '')]) -+ eq(utils.getaddresses(['alice@example.org>']), -+ [('', '')]) -+ eq(utils.getaddresses(['alice@example.org@']), -+ [('', '')]) -+ eq(utils.getaddresses(['alice@example.org,']), -+ [('', 'alice@example.org'), ('', 'bob@example.com')]) -+ eq(utils.getaddresses(['alice@example.org;']), -+ [('', '')]) -+ eq(utils.getaddresses(['alice@example.org:']), -+ [('', '')]) -+ eq(utils.getaddresses(['alice@example.org.']), -+ [('', '')]) -+ eq(utils.getaddresses(['alice@example.org"']), -+ [('', '')]) -+ eq(utils.getaddresses(['alice@example.org[']), -+ [('', '')]) -+ eq(utils.getaddresses(['alice@example.org]']), -+ [('', '')]) ++ def test_parsing_errors(self): ++ """Test for parsing errors from CVE-2023-27043 and CVE-2019-16056""" ++ alice = 'alice@example.org' ++ bob = 'bob@example.com' ++ empty = ('', '') + -+ def test_parseaddr_parsing_errors(self): -+ """Test for parsing errors from CVE-2023-27043""" -+ eq = self.assertEqual -+ eq(utils.parseaddr(['alice@example.org(']), -+ ('', '')) -+ eq(utils.parseaddr(['alice@example.org)']), -+ ('', '')) -+ eq(utils.parseaddr(['alice@example.org<']), -+ ('', '')) -+ eq(utils.parseaddr(['alice@example.org>']), -+ ('', '')) -+ eq(utils.parseaddr(['alice@example.org@']), -+ ('', '')) -+ eq(utils.parseaddr(['alice@example.org,']), -+ ('', '')) -+ eq(utils.parseaddr(['alice@example.org;']), -+ ('', '')) -+ eq(utils.parseaddr(['alice@example.org:']), -+ ('', '')) -+ eq(utils.parseaddr(['alice@example.org.']), -+ ('', '')) -+ eq(utils.parseaddr(['alice@example.org"']), -+ ('', '')) -+ eq(utils.parseaddr(['alice@example.org[']), -+ ('', '')) -+ eq(utils.parseaddr(['alice@example.org]']), -+ ('', '')) ++ # Test utils.getaddresses() and utils.parseaddr() on malformed email ++ # addresses: default behavior (strict=True) rejects malformed address, ++ # and strict=False which tolerates malformed address. ++ for invalid_separator, expected_non_strict in ( ++ ('(', [(f'<{bob}>', alice)]), ++ (')', [('', alice), empty, ('', bob)]), ++ ('<', [('', alice), empty, ('', bob), empty]), ++ ('>', [('', alice), empty, ('', bob)]), ++ ('[', [('', f'{alice}[<{bob}>]')]), ++ (']', [('', alice), empty, ('', bob)]), ++ ('@', [empty, empty, ('', bob)]), ++ (';', [('', alice), empty, ('', bob)]), ++ (':', [('', alice), ('', bob)]), ++ ('.', [('', alice + '.'), ('', bob)]), ++ ('"', [('', alice), ('', f'<{bob}>')]), ++ ): ++ address = f'{alice}{invalid_separator}<{bob}>' ++ with self.subTest(address=address): ++ self.assertEqual(utils.getaddresses([address]), ++ [empty]) ++ self.assertEqual(utils.getaddresses([address], strict=False), ++ expected_non_strict) ++ ++ self.assertEqual(utils.parseaddr([address]), ++ empty) ++ self.assertEqual(utils.parseaddr([address], strict=False), ++ ('', address)) ++ ++ # Comma (',') is treated differently depending on strict parameter. ++ # Comma without quotes. ++ address = f'{alice},<{bob}>' ++ self.assertEqual(utils.getaddresses([address]), ++ [('', alice), ('', bob)]) ++ self.assertEqual(utils.getaddresses([address], strict=False), ++ [('', alice), ('', bob)]) ++ self.assertEqual(utils.parseaddr([address]), ++ empty) ++ self.assertEqual(utils.parseaddr([address], strict=False), ++ ('', address)) ++ ++ # Real name between quotes containing comma. ++ address = '"Alice, alice@example.org" ' ++ expected_strict = ('Alice, alice@example.org', 'bob@example.com') ++ self.assertEqual(utils.getaddresses([address]), [expected_strict]) ++ self.assertEqual(utils.getaddresses([address], strict=False), [expected_strict]) ++ self.assertEqual(utils.parseaddr([address]), expected_strict) ++ self.assertEqual(utils.parseaddr([address], strict=False), ++ ('', address)) ++ ++ # Valid parenthesis in comments. ++ address = 'alice@example.org (Alice)' ++ expected_strict = ('Alice', 'alice@example.org') ++ self.assertEqual(utils.getaddresses([address]), [expected_strict]) ++ self.assertEqual(utils.getaddresses([address], strict=False), [expected_strict]) ++ self.assertEqual(utils.parseaddr([address]), expected_strict) ++ self.assertEqual(utils.parseaddr([address], strict=False), ++ ('', address)) ++ ++ # Invalid parenthesis in comments. ++ address = 'alice@example.org )Alice(' ++ self.assertEqual(utils.getaddresses([address]), [empty]) ++ self.assertEqual(utils.getaddresses([address], strict=False), ++ [('', 'alice@example.org'), ('', ''), ('', 'Alice')]) ++ self.assertEqual(utils.parseaddr([address]), empty) ++ self.assertEqual(utils.parseaddr([address], strict=False), ++ ('', address)) ++ ++ # Two addresses with quotes separated by comma. ++ address = '"Jane Doe" , "John Doe" ' ++ self.assertEqual(utils.getaddresses([address]), ++ [('Jane Doe', 'jane@example.net'), ++ ('John Doe', 'john@example.net')]) ++ self.assertEqual(utils.getaddresses([address], strict=False), ++ [('Jane Doe', 'jane@example.net'), ++ ('John Doe', 'john@example.net')]) ++ self.assertEqual(utils.parseaddr([address]), empty) ++ self.assertEqual(utils.parseaddr([address], strict=False), ++ ('', address)) ++ ++ # Test email.utils.supports_strict_parsing attribute ++ self.assertEqual(email.utils.supports_strict_parsing, True) + def test_getaddresses_nasty(self): - eq = self.assertEqual - eq(utils.getaddresses(['foo: ;']), [('', '')]) +- eq = self.assertEqual +- eq(utils.getaddresses(['foo: ;']), [('', '')]) - eq(utils.getaddresses( - ['[]*-- =~$']), - [('', ''), ('', ''), ('', '*--')]) -+ eq(utils.getaddresses(['[]*-- =~$']), [('', '')]) - eq(utils.getaddresses( - ['foo: ;', '"Jason R. Mastaler" ']), - [('', ''), ('Jason R. Mastaler', 'jason@dom.ain')]) -+ eq(utils.getaddresses( -+ [r'Pete(A nice \) chap) ']), -+ [('Pete (A nice ) chap his account his host)', 'pete@silly.test')]) -+ eq(utils.getaddresses( -+ ['(Empty list)(start)Undisclosed recipients :(nobody(I know))']), -+ [('', '')]) -+ eq(utils.getaddresses( -+ ['Mary <@machine.tld:mary@example.net>, , jdoe@test . example']), -+ [('Mary', 'mary@example.net'), ('', ''), ('', 'jdoe@test.example')]) -+ eq(utils.getaddresses( -+ ['John Doe ']), -+ [('John Doe (comment)', 'jdoe@machine.example')]) -+ eq(utils.getaddresses( -+ ['"Mary Smith: Personal Account" ']), -+ [('Mary Smith: Personal Account', 'smith@home.example')]) -+ eq(utils.getaddresses( -+ ['Undisclosed recipients:;']), -+ [('', '')]) -+ eq(utils.getaddresses( -+ [r', "Giant; \"Big\" Box" ']), -+ [('', 'boss@nil.test'), ('Giant; "Big" Box', 'bob@example.net')]) +- eq(utils.getaddresses( +- ['foo: ;', '"Jason R. Mastaler" ']), +- [('', ''), ('Jason R. Mastaler', 'jason@dom.ain')]) ++ for addresses, expected in ( ++ (['"Sürname, Firstname" '], ++ [('Sürname, Firstname', 'to@example.com')]), ++ ++ (['foo: ;'], ++ [('', '')]), ++ ++ (['foo: ;', '"Jason R. Mastaler" '], ++ [('', ''), ('Jason R. Mastaler', 'jason@dom.ain')]), ++ ++ ([r'Pete(A nice \) chap) '], ++ [('Pete (A nice ) chap his account his host)', 'pete@silly.test')]), ++ ++ (['(Empty list)(start)Undisclosed recipients :(nobody(I know))'], ++ [('', '')]), ++ ++ (['Mary <@machine.tld:mary@example.net>, , jdoe@test . example'], ++ [('Mary', 'mary@example.net'), ('', ''), ('', 'jdoe@test.example')]), ++ ++ (['John Doe '], ++ [('John Doe (comment)', 'jdoe@machine.example')]), ++ ++ (['"Mary Smith: Personal Account" '], ++ [('Mary Smith: Personal Account', 'smith@home.example')]), ++ ++ (['Undisclosed recipients:;'], ++ [('', '')]), ++ ++ ([r', "Giant; \"Big\" Box" '], ++ [('', 'boss@nil.test'), ('Giant; "Big" Box', 'bob@example.net')]), ++ ): ++ with self.subTest(addresses=addresses): ++ self.assertEqual(utils.getaddresses(addresses), ++ expected) ++ self.assertEqual(utils.getaddresses(addresses, strict=False), ++ expected) ++ ++ addresses = ['[]*-- =~$'] ++ self.assertEqual(utils.getaddresses(addresses), ++ [('', '')]) ++ self.assertEqual(utils.getaddresses(addresses, strict=False), ++ [('', ''), ('', ''), ('', '*--')]) def test_getaddresses_embedded_comment(self): """Test proper handling of a nested comment""" -Index: Python-3.11.4/Misc/NEWS.d/next/Security/2023-06-13-20-52-24.gh-issue-102988.Kei7Vf.rst -=================================================================== +@@ -3520,6 +3643,54 @@ multipart/report + m = cls(*constructor, policy=email.policy.default) + self.assertIs(m.policy, email.policy.default) + ++ def test_iter_escaped_chars(self): ++ self.assertEqual(list(utils._iter_escaped_chars(r'a\\b\"c\\"d')), ++ [(0, 'a'), ++ (2, '\\\\'), ++ (3, 'b'), ++ (5, '\\"'), ++ (6, 'c'), ++ (8, '\\\\'), ++ (9, '"'), ++ (10, 'd')]) ++ self.assertEqual(list(utils._iter_escaped_chars('a\\')), ++ [(0, 'a'), (1, '\\')]) ++ ++ def test_strip_quoted_realnames(self): ++ def check(addr, expected): ++ self.assertEqual(utils._strip_quoted_realnames(addr), expected) ++ ++ check('"Jane Doe" , "John Doe" ', ++ ' , ') ++ check(r'"Jane \"Doe\"." ', ++ ' ') ++ ++ # special cases ++ check(r'before"name"after', 'beforeafter') ++ check(r'before"name"', 'before') ++ check(r'b"name"', 'b') # single char ++ check(r'"name"after', 'after') ++ check(r'"name"a', 'a') # single char ++ check(r'"name"', '') ++ ++ # no change ++ for addr in ( ++ 'Jane Doe , John Doe ', ++ 'lone " quote', ++ ): ++ self.assertEqual(utils._strip_quoted_realnames(addr), addr) ++ ++ ++ def test_check_parenthesis(self): ++ addr = 'alice@example.net' ++ self.assertTrue(utils._check_parenthesis(f'{addr} (Alice)')) ++ self.assertFalse(utils._check_parenthesis(f'{addr} )Alice(')) ++ self.assertFalse(utils._check_parenthesis(f'{addr} (Alice))')) ++ self.assertFalse(utils._check_parenthesis(f'{addr} ((Alice)')) ++ ++ # Ignore real name between quotes ++ self.assertTrue(utils._check_parenthesis(f'")Alice((" {addr}')) ++ + + # Test the iterator/generators + class TestIterators(TestEmailBase): --- /dev/null -+++ Python-3.11.4/Misc/NEWS.d/next/Security/2023-06-13-20-52-24.gh-issue-102988.Kei7Vf.rst -@@ -0,0 +1,4 @@ -+CVE-2023-27043: Prevent :func:`email.utils.parseaddr` -+and :func:`email.utils.getaddresses` from returning the realname portion of an -+invalid RFC2822 email header in the email address portion of the 2-tuple -+returned after being parsed by :class:`email._parseaddr.AddressList`. ++++ b/Misc/NEWS.d/next/Library/2023-10-20-15-28-08.gh-issue-102988.dStNO7.rst +@@ -0,0 +1,8 @@ ++:func:`email.utils.getaddresses` and :func:`email.utils.parseaddr` now ++return ``('', '')`` 2-tuples in more situations where invalid email ++addresses are encountered instead of potentially inaccurate values. Add ++optional *strict* parameter to these two functions: use ``strict=False`` to ++get the old behavior, accept malformed inputs. ++``getattr(email.utils, 'supports_strict_parsing', False)`` can be use to check ++if the *strict* paramater is available. Patch by Thomas Dwyer and Victor ++Stinner to improve the CVE-2023-27043 fix. diff --git a/Revert-gh105127-left-tests.patch b/Revert-gh105127-left-tests.patch deleted file mode 100644 index 87ce40a..0000000 --- a/Revert-gh105127-left-tests.patch +++ /dev/null @@ -1,283 +0,0 @@ -From 4288c623d62cf90d8e4444facb3379fb06d01140 Mon Sep 17 00:00:00 2001 -From: "Gregory P. Smith" -Date: Thu, 20 Jul 2023 20:30:52 -0700 -Subject: [PATCH] [3.12] gh-106669: Revert "gh-102988: Detect email address - parsing errors ... (GH-105127)" (GH-106733) - -This reverts commit 18dfbd035775c15533d13a98e56b1d2bf5c65f00. -Adds a regression test from the issue. - -See https://github.com/python/cpython/issues/106669.. -(cherry picked from commit a31dea1feb61793e48fa9aa5014f358352205c1d) - -Co-authored-by: Gregory P. Smith ---- - Doc/library/email.utils.rst | 26 -- - Lib/email/utils.py | 63 ------ - Lib/test/test_email/test_email.py | 96 +--------- - Misc/NEWS.d/next/Security/2023-06-13-20-52-24.gh-issue-102988.Kei7Vf.rst | 5 - 4 files changed, 31 insertions(+), 159 deletions(-) - create mode 100644 Misc/NEWS.d/next/Security/2023-06-13-20-52-24.gh-issue-102988.Kei7Vf.rst - -Index: Python-3.11.4/Doc/library/email.utils.rst -=================================================================== ---- Python-3.11.4.orig/Doc/library/email.utils.rst -+++ Python-3.11.4/Doc/library/email.utils.rst -@@ -67,11 +67,6 @@ of the new API. - *email address* parts. Returns a tuple of that information, unless the parse - fails, in which case a 2-tuple of ``('', '')`` is returned. - -- .. versionchanged:: 3.12 -- For security reasons, addresses that were ambiguous and could parse into -- multiple different addresses now cause ``('', '')`` to be returned -- instead of only one of the *potential* addresses. -- - - .. function:: formataddr(pair, charset='utf-8') - -@@ -94,7 +89,7 @@ of the new API. - This method returns a list of 2-tuples of the form returned by ``parseaddr()``. - *fieldvalues* is a sequence of header field values as might be returned by - :meth:`Message.get_all `. Here's a simple -- example that gets all the recipients of a message: -+ example that gets all the recipients of a message:: - - from email.utils import getaddresses - -@@ -104,25 +99,6 @@ of the new API. - resent_ccs = msg.get_all('resent-cc', []) - all_recipients = getaddresses(tos + ccs + resent_tos + resent_ccs) - -- When parsing fails for a single fieldvalue, a 2-tuple of ``('', '')`` -- is returned in its place. Other errors in parsing the list of -- addresses such as a fieldvalue seemingly parsing into multiple -- addresses may result in a list containing a single empty 2-tuple -- ``[('', '')]`` being returned rather than returning potentially -- invalid output. -- -- Example malformed input parsing: -- -- .. doctest:: -- -- >>> from email.utils import getaddresses -- >>> getaddresses(['alice@example.com ', 'me@example.com']) -- [('', '')] -- -- .. versionchanged:: 3.12 -- The 2-tuple of ``('', '')`` in the returned values when parsing -- fails were added as to address a security issue. -- - - .. function:: parsedate(date) - -Index: Python-3.11.4/Lib/email/utils.py -=================================================================== ---- Python-3.11.4.orig/Lib/email/utils.py -+++ Python-3.11.4/Lib/email/utils.py -@@ -106,54 +106,12 @@ def formataddr(pair, charset='utf-8'): - return address - - --def _pre_parse_validation(email_header_fields): -- accepted_values = [] -- for v in email_header_fields: -- s = v.replace('\\(', '').replace('\\)', '') -- if s.count('(') != s.count(')'): -- v = "('', '')" -- accepted_values.append(v) -- -- return accepted_values -- -- --def _post_parse_validation(parsed_email_header_tuples): -- accepted_values = [] -- # The parser would have parsed a correctly formatted domain-literal -- # The existence of an [ after parsing indicates a parsing failure -- for v in parsed_email_header_tuples: -- if '[' in v[1]: -- v = ('', '') -- accepted_values.append(v) -- -- return accepted_values -- - - def getaddresses(fieldvalues): -- """Return a list of (REALNAME, EMAIL) or ('','') for each fieldvalue. -- -- When parsing fails for a fieldvalue, a 2-tuple of ('', '') is returned in -- its place. -- -- If the resulting list of parsed address is not the same as the number of -- fieldvalues in the input list a parsing error has occurred. A list -- containing a single empty 2-tuple [('', '')] is returned in its place. -- This is done to avoid invalid output. -- """ -- fieldvalues = [str(v) for v in fieldvalues] -- fieldvalues = _pre_parse_validation(fieldvalues) -- all = COMMASPACE.join(v for v in fieldvalues) -+ """Return a list of (REALNAME, EMAIL) for each fieldvalue.""" -+ all = COMMASPACE.join(str(v) for v in fieldvalues) - a = _AddressList(all) -- result = _post_parse_validation(a.addresslist) -- -- n = 0 -- for v in fieldvalues: -- n += v.count(',') + 1 -- -- if len(result) != n: -- return [('', '')] -- -- return result -+ return a.addresslist - - - def _format_timetuple_and_zone(timetuple, zone): -@@ -254,18 +212,9 @@ def parseaddr(addr): - Return a tuple of realname and email address, unless the parse fails, in - which case return a 2-tuple of ('', ''). - """ -- if isinstance(addr, list): -- addr = addr[0] -- -- if not isinstance(addr, str): -- return ('', '') -- -- addr = _pre_parse_validation([addr])[0] -- addrs = _post_parse_validation(_AddressList(addr).addresslist) -- -- if not addrs or len(addrs) > 1: -- return ('', '') -- -+ addrs = _AddressList(addr).addresslist -+ if not addrs: -+ return '', '' - return addrs[0] - - -Index: Python-3.11.4/Lib/test/test_email/test_email.py -=================================================================== ---- Python-3.11.4.orig/Lib/test/test_email/test_email.py -+++ Python-3.11.4/Lib/test/test_email/test_email.py -@@ -3320,90 +3320,32 @@ Foo - [('Al Person', 'aperson@dom.ain'), - ('Bud Person', 'bperson@dom.ain')]) - -- def test_getaddresses_parsing_errors(self): -- """Test for parsing errors from CVE-2023-27043""" -- eq = self.assertEqual -- eq(utils.getaddresses(['alice@example.org(']), -- [('', '')]) -- eq(utils.getaddresses(['alice@example.org)']), -- [('', '')]) -- eq(utils.getaddresses(['alice@example.org<']), -- [('', '')]) -- eq(utils.getaddresses(['alice@example.org>']), -- [('', '')]) -- eq(utils.getaddresses(['alice@example.org@']), -- [('', '')]) -- eq(utils.getaddresses(['alice@example.org,']), -- [('', 'alice@example.org'), ('', 'bob@example.com')]) -- eq(utils.getaddresses(['alice@example.org;']), -- [('', '')]) -- eq(utils.getaddresses(['alice@example.org:']), -- [('', '')]) -- eq(utils.getaddresses(['alice@example.org.']), -- [('', '')]) -- eq(utils.getaddresses(['alice@example.org"']), -- [('', '')]) -- eq(utils.getaddresses(['alice@example.org[']), -- [('', '')]) -- eq(utils.getaddresses(['alice@example.org]']), -- [('', '')]) -- -- def test_parseaddr_parsing_errors(self): -- """Test for parsing errors from CVE-2023-27043""" -- eq = self.assertEqual -- eq(utils.parseaddr(['alice@example.org(']), -- ('', '')) -- eq(utils.parseaddr(['alice@example.org)']), -- ('', '')) -- eq(utils.parseaddr(['alice@example.org<']), -- ('', '')) -- eq(utils.parseaddr(['alice@example.org>']), -- ('', '')) -- eq(utils.parseaddr(['alice@example.org@']), -- ('', '')) -- eq(utils.parseaddr(['alice@example.org,']), -- ('', '')) -- eq(utils.parseaddr(['alice@example.org;']), -- ('', '')) -- eq(utils.parseaddr(['alice@example.org:']), -- ('', '')) -- eq(utils.parseaddr(['alice@example.org.']), -- ('', '')) -- eq(utils.parseaddr(['alice@example.org"']), -- ('', '')) -- eq(utils.parseaddr(['alice@example.org[']), -- ('', '')) -- eq(utils.parseaddr(['alice@example.org]']), -- ('', '')) -+ def test_getaddresses_comma_in_name(self): -+ """GH-106669 regression test.""" -+ self.assertEqual( -+ utils.getaddresses( -+ [ -+ '"Bud, Person" ', -+ 'aperson@dom.ain (Al Person)', -+ '"Mariusz Felisiak" ', -+ ] -+ ), -+ [ -+ ('Bud, Person', 'bperson@dom.ain'), -+ ('Al Person', 'aperson@dom.ain'), -+ ('Mariusz Felisiak', 'to@example.com'), -+ ], -+ ) - - def test_getaddresses_nasty(self): - eq = self.assertEqual - eq(utils.getaddresses(['foo: ;']), [('', '')]) -- eq(utils.getaddresses(['[]*-- =~$']), [('', '')]) -+ eq(utils.getaddresses( -+ ['[]*-- =~$']), -+ [('', ''), ('', ''), ('', '*--')]) - eq(utils.getaddresses( - ['foo: ;', '"Jason R. Mastaler" ']), - [('', ''), ('Jason R. Mastaler', 'jason@dom.ain')]) -- eq(utils.getaddresses( -- [r'Pete(A nice \) chap) ']), -- [('Pete (A nice ) chap his account his host)', 'pete@silly.test')]) -- eq(utils.getaddresses( -- ['(Empty list)(start)Undisclosed recipients :(nobody(I know))']), -- [('', '')]) -- eq(utils.getaddresses( -- ['Mary <@machine.tld:mary@example.net>, , jdoe@test . example']), -- [('Mary', 'mary@example.net'), ('', ''), ('', 'jdoe@test.example')]) -- eq(utils.getaddresses( -- ['John Doe ']), -- [('John Doe (comment)', 'jdoe@machine.example')]) -- eq(utils.getaddresses( -- ['"Mary Smith: Personal Account" ']), -- [('Mary Smith: Personal Account', 'smith@home.example')]) -- eq(utils.getaddresses( -- ['Undisclosed recipients:;']), -- [('', '')]) -- eq(utils.getaddresses( -- [r', "Giant; \"Big\" Box" ']), -- [('', 'boss@nil.test'), ('Giant; "Big" Box', 'bob@example.net')]) - - def test_getaddresses_embedded_comment(self): - """Test proper handling of a nested comment""" -Index: Python-3.11.4/Misc/NEWS.d/next/Security/2023-06-13-20-52-24.gh-issue-102988.Kei7Vf.rst -=================================================================== ---- Python-3.11.4.orig/Misc/NEWS.d/next/Security/2023-06-13-20-52-24.gh-issue-102988.Kei7Vf.rst -+++ Python-3.11.4/Misc/NEWS.d/next/Security/2023-06-13-20-52-24.gh-issue-102988.Kei7Vf.rst -@@ -1,3 +1,8 @@ -+Reverted the :mod:`email.utils` security improvement change released in -+3.12beta4 that unintentionally caused :mod:`email.utils.getaddresses` to fail -+to parse email addresses with a comma in the quoted name field. -+See :gh:`106669`. -+ - CVE-2023-27043: Prevent :func:`email.utils.parseaddr` - and :func:`email.utils.getaddresses` from returning the realname portion of an - invalid RFC2822 email header in the email address portion of the 2-tuple diff --git a/python311.changes b/python311.changes index 944ef78..fde797a 100644 --- a/python311.changes +++ b/python311.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Mon Dec 18 16:20:58 UTC 2023 - Matej Cepl + +- Refresh CVE-2023-27043-email-parsing-errors.patch to + gh#python/cpython!111116, fixing bsc#1210638 (CVE-2023-27043). +- Thus we can remove Revert-gh105127-left-tests.patch, which is + now useless. + ------------------------------------------------------------------- Wed Nov 15 09:06:16 UTC 2023 - Daniel Garcia diff --git a/python311.spec b/python311.spec index 05e3990..53b1560 100644 --- a/python311.spec +++ b/python311.spec @@ -165,9 +165,6 @@ Patch39: skip_if_buildbot-extend.patch # Detect email address parsing errors and return empty tuple to # indicate the parsing error (old API) Patch40: CVE-2023-27043-email-parsing-errors.patch -# PATCH-FIX-UPSTREAM Revert-gh105127-left-tests.patch bsc#1210638 mcepl@suse.com -# Partially revert previous patch -Patch41: Revert-gh105127-left-tests.patch BuildRequires: autoconf-archive BuildRequires: automake BuildRequires: fdupes @@ -428,7 +425,6 @@ other applications. %patch36 -p1 %patch39 -p1 %patch40 -p1 -%patch41 -p1 # drop Autoconf version requirement sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac -- 2.51.1 From 380c1fa01b0f3b3990b7ae553487f16e4f35c8e9cfd788b6c14ad01066f238b0 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Tue, 2 Jan 2024 13:44:05 +0000 Subject: [PATCH 071/135] Accepting request 1134225 from home:dgarcia:branches:devel:languages:python:Factory - Update patch fix_configure_rst.patch - Update to 3.11.7: - Core and Builtins - gh-112625: Fixes a bug where a bytearray object could be cleared while iterating over an argument in the bytearray.join() method that could result in reading memory after it was freed. - gh-112388: Fix an error that was causing the parser to try to overwrite tokenizer errors. Patch by pablo Galindo - gh-112387: Fix error positions for decoded strings with backwards tokenize errors. Patch by Pablo Galindo - gh-112266: Change docstrings of __dict__ and __weakref__. - gh-109181: Speed up Traceback object creation by lazily compute the line number. Patch by Pablo Galindo - gh-102388: Fix a bug where iso2022_jp_3 and iso2022_jp_2004 codecs read out of bounds - gh-111366: Fix an issue in the codeop that was causing SyntaxError exceptions raised in the presence of invalid syntax to not contain precise error messages. Patch by Pablo Galindo - gh-111380: Fix a bug that was causing SyntaxWarning to appear twice when parsing if invalid syntax is encountered later. Patch by Pablo galindo - gh-88116: Traceback location ranges involving wide unicode characters (like emoji and asian characters) now are properly highlighted. Patch by Batuhan Taskaya and Pablo Galindo. - gh-94438: Fix a regression that prevented jumping across is None and is not None when debugging. Patch by Savannah Ostrowski. - gh-110696: Fix incorrect error message for invalid argument unpacking. Patch by Pablo Galindo - gh-110237: Fix missing error checks for calls to PyList_Append in _PyEval_MatchClass. OBS-URL: https://build.opensuse.org/request/show/1134225 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=97 --- Python-3.11.6.tar.xz | 3 - Python-3.11.6.tar.xz.asc | 16 ---- Python-3.11.7.tar.xz | 3 + Python-3.11.7.tar.xz.asc | 16 ++++ fix_configure_rst.patch | 26 +++--- python311.changes | 196 +++++++++++++++++++++++++++++++++++++++ python311.spec | 2 +- 7 files changed, 229 insertions(+), 33 deletions(-) delete mode 100644 Python-3.11.6.tar.xz delete mode 100644 Python-3.11.6.tar.xz.asc create mode 100644 Python-3.11.7.tar.xz create mode 100644 Python-3.11.7.tar.xz.asc diff --git a/Python-3.11.6.tar.xz b/Python-3.11.6.tar.xz deleted file mode 100644 index 68fb387..0000000 --- a/Python-3.11.6.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:0fab78fa7f133f4f38210c6260d90d7c0d5c7198446419ce057ec7ac2e6f5f38 -size 20067204 diff --git a/Python-3.11.6.tar.xz.asc b/Python-3.11.6.tar.xz.asc deleted file mode 100644 index 0979fa7..0000000 --- a/Python-3.11.6.tar.xz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCAAdFiEEz9yiRbEEPPKl+Xhl/+h0BBaL2EcFAmUaybgACgkQ/+h0BBaL -2EdGzg//bg0KTy9DGWD56RUzCKaxdao+FVV2wS8FdghTvGJHM8uDehRESzj6Viag -bks/XuTmJ4xlaW+Ilje4VU5gkdgWt44S2ZGretn+zwrv6B5L697s1j4IOnyEywzm -rQ+a5aMRsW+m8kVoKDLsfbCcrwgxXEFln18y9Qp79QhbUpTVjp5vMwWdYyv2JnYb -G2QraFr0mQEhbVsiYpSVRWiacJi7JBuHTU/hNcN/q1ACf/CX3NSLDfL2bJEWNekg -JW3z0c81vLI9D+NkQ8xWOxgEO6G4Aav4F3t37ujuf2W/CI+NZlEknSt2ITxKeTHw -dwtIMXQc3MyG4ExnAwv1LqtL1H3Dm6SAE7sSyn4uG2uknk4xSuyoMIVMJefXmxbQ -Pd8v6/QnqT3U6MVuVlvCq4AWRotZwRpB7MdnpvA0t1tmANOA8i0MWrhCw0ccYk1a -X/3ewR0+RfQYkDvFfnJpbbsQlK+lhZgt/VmQNOHvWoc/tDnB73b2seOmGkx016TY -hozXE4FXtR+8qk9CfJTd8QRNST8KBUCB9C3eoLciruugmyrUvDLjki/u9GNOIl/b -kVJzcD6eQJC9BthJXuKaKDLKX1a1a9J8GUzVXsW1kuEMQHuv/v7Cf6MzmHWWO3QN -yRgqFXkic/U8RgSHUbtozo16GMlU+RDC6bQgZR7mfE0eFCJnD6U= -=mxrE ------END PGP SIGNATURE----- diff --git a/Python-3.11.7.tar.xz b/Python-3.11.7.tar.xz new file mode 100644 index 0000000..8d3a65d --- /dev/null +++ b/Python-3.11.7.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:18e1aa7e66ff3a58423d59ed22815a6954e53342122c45df20c96877c062b9b7 +size 20074108 diff --git a/Python-3.11.7.tar.xz.asc b/Python-3.11.7.tar.xz.asc new file mode 100644 index 0000000..3eee3d2 --- /dev/null +++ b/Python-3.11.7.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEz9yiRbEEPPKl+Xhl/+h0BBaL2EcFAmVuFigACgkQ/+h0BBaL +2EeHPg/+LU5xs2ZDrQogDcH+A1v8RyursiggypdM5hXTrsFsTCIk4iekcI9xkhG1 +ltNX4UuCe5PUEbTgtaWP0ncXARrUnPCoQaQ1sHVDTYoHegancsk+sXZc1JM7qr0p +Y4Ig6mKjuHFMXCInQSI2GaH4t5r4Z1jGk/PGrecIHOPJgqfA/6Z3TBF5N+y3jEvS +2QazMB298q4RDhh9m3REe8LwFPHDlfw9eRohv0MB8xygg9KtxhLZrN7gLBQZvKGD +ihNw6EgJj5OZ0dvwKCCXnlZuwknuJW7vAOPHhYeenPdVdYCGoRSyN7JdD07L+5AG +O14l2rqZrz5Eu28by+kAUrcPYAfAXekw1PmtT3HSd9U/nqnUiTkkJcjyGG/e3cjJ +sUDKMNCSBq0G7j5DB3bB6VHkZjVuz+T+iR5QdfJ4kI2pYSuE/rUj1rhkUXApYsHl +7Wff0QbOW6QT1wCtQcMpJSzkTDVJVYxiqrko/ihlOhphDHYLdOIGOrxWAUwc06x/ +BhJD6tM1kEVZvifoJp1OsNwDzZ/Ku6CUs05E1vWxdeNVeANyKAgCZ5hOVmhnv866 +11zfgo/znRsMzMIyJuy0bhO0C6omVLzzfhipAbZM2jDorn37xxV0v/I0pceNtLrp +YR7Tjs7+Ihe6/oItjW53j9T7ANdgQ1RVDg98lKlPFNL+hxfctwY= +=0Pkd +-----END PGP SIGNATURE----- diff --git a/fix_configure_rst.patch b/fix_configure_rst.patch index bd08f1d..e45e240 100644 --- a/fix_configure_rst.patch +++ b/fix_configure_rst.patch @@ -3,37 +3,37 @@ Misc/NEWS | 2 +- 2 files changed, 1 insertion(+), 4 deletions(-) -Index: Python-3.11.6/Doc/using/configure.rst +Index: Python-3.11.7/Doc/using/configure.rst =================================================================== ---- Python-3.11.6.orig/Doc/using/configure.rst -+++ Python-3.11.6/Doc/using/configure.rst +--- Python-3.11.7.orig/Doc/using/configure.rst ++++ Python-3.11.7/Doc/using/configure.rst @@ -41,7 +41,6 @@ General Options See :data:`sys.int_info.bits_per_digit `. --.. cmdoption:: --with-cxx-main - .. cmdoption:: --with-cxx-main=COMPILER +-.. option:: --with-cxx-main + .. option:: --with-cxx-main=COMPILER Compile the Python ``main()`` function and link Python executable with C++ @@ -527,13 +526,11 @@ macOS Options See ``Mac/README.rst``. --.. cmdoption:: --enable-universalsdk - .. cmdoption:: --enable-universalsdk=SDKDIR +-.. option:: --enable-universalsdk + .. option:: --enable-universalsdk=SDKDIR Create a universal binary build. *SDKDIR* specifies which macOS SDK should be used to perform the build (default is no). --.. cmdoption:: --enable-framework - .. cmdoption:: --enable-framework=INSTALLDIR +-.. option:: --enable-framework + .. option:: --enable-framework=INSTALLDIR Create a Python.framework rather than a traditional Unix install. Optional -Index: Python-3.11.6/Misc/NEWS +Index: Python-3.11.7/Misc/NEWS =================================================================== ---- Python-3.11.6.orig/Misc/NEWS -+++ Python-3.11.6/Misc/NEWS -@@ -8708,7 +8708,7 @@ C API +--- Python-3.11.7.orig/Misc/NEWS ++++ Python-3.11.7/Misc/NEWS +@@ -9012,7 +9012,7 @@ C API - bpo-40939: Removed documentation for the removed ``PyParser_*`` C API. - bpo-43795: The list in :ref:`limited-api-list` now shows the public name diff --git a/python311.changes b/python311.changes index fde797a..55ffed6 100644 --- a/python311.changes +++ b/python311.changes @@ -1,4 +1,200 @@ ------------------------------------------------------------------- +Tue Dec 19 16:34:50 UTC 2023 - Daniel Garcia + +- Update patch fix_configure_rst.patch +- Update to 3.11.7: + - Core and Builtins + - gh-112625: Fixes a bug where a bytearray object could be cleared + while iterating over an argument in the bytearray.join() method + that could result in reading memory after it was freed. + - gh-112388: Fix an error that was causing the parser to try to + overwrite tokenizer errors. Patch by pablo Galindo + - gh-112387: Fix error positions for decoded strings with + backwards tokenize errors. Patch by Pablo Galindo + - gh-112266: Change docstrings of __dict__ and __weakref__. + - gh-109181: Speed up Traceback object creation by lazily compute + the line number. Patch by Pablo Galindo + - gh-102388: Fix a bug where iso2022_jp_3 and iso2022_jp_2004 + codecs read out of bounds + - gh-111366: Fix an issue in the codeop that was causing + SyntaxError exceptions raised in the presence of invalid syntax + to not contain precise error messages. Patch by Pablo Galindo + - gh-111380: Fix a bug that was causing SyntaxWarning to appear + twice when parsing if invalid syntax is encountered later. Patch + by Pablo galindo + - gh-88116: Traceback location ranges involving wide unicode + characters (like emoji and asian characters) now are properly + highlighted. Patch by Batuhan Taskaya and Pablo Galindo. + - gh-94438: Fix a regression that prevented jumping across is None + and is not None when debugging. Patch by Savannah Ostrowski. + - gh-110696: Fix incorrect error message for invalid argument + unpacking. Patch by Pablo Galindo + - gh-110237: Fix missing error checks for calls to PyList_Append + in _PyEval_MatchClass. + - gh-109216: Fix possible memory leak in BUILD_MAP. + + - Library + - gh-112618: Fix a caching bug relating to typing.Annotated. + Annotated[str, True] is no longer identical to Annotated[str, + 1]. + - gh-112509: Fix edge cases that could cause a key to be present + in both the __required_keys__ and __optional_keys__ attributes + of a typing.TypedDict. Patch by Jelle Zijlstra. + - gh-94722: Fix bug where comparison between instances of DocTest + fails if one of them has None as its lineno. + - gh-112105: Make readline.set_completer_delims() work with + libedit + - gh-111942: Fix SystemError in the TextIOWrapper constructor with + non-encodable “errors” argument in non-debug mode. + - gh-109538: Issue warning message instead of having RuntimeError + be displayed when event loop has already been closed at + StreamWriter.__del__(). + - gh-111942: Fix crashes in io.TextIOWrapper.reconfigure() when + pass invalid arguments, e.g. non-string encoding. + - gh-111804: Remove posix.fallocate() under WASI as the underlying + posix_fallocate() is not available in WASI preview2. + - gh-111841: Fix truncating arguments on an embedded null + character in os.putenv() and os.unsetenv() on Windows. + - gh-111541: Fix doctest for SyntaxError not-builtin subclasses. + - gh-110894: Call loop exception handler for exceptions in + client_connected_cb of asyncio.start_server() so that + applications can handle it. Patch by Kumar Aditya. + - gh-111531: Fix reference leaks in bind_class() and bind_all() + methods of tkinter widgets. + - gh-111356: Added io.text_encoding(), io.DEFAULT_BUFFER_SIZE, and + io.IncrementalNewlineDecoder to io.__all__. + - gh-68166: Remove mention of not supported “vsapi” element type + in tkinter.ttk.Style.element_create(). Add tests for + element_create() and other ttk.Style methods. Add examples for + element_create() in the documentation. + - gh-111251: Fix _blake2 not checking for errors when + initializing. + - gh-111174: Fix crash in io.BytesIO.getbuffer() called repeatedly + for empty BytesIO. + - gh-111187: Postpone removal version for + locale.getdefaultlocale() to Python 3.15. + - gh-111159: Fix doctest output comparison for exceptions with + notes. + - gh-110910: Fix invalid state handling in asyncio.TaskGroup and + asyncio.Timeout. They now raise proper RuntimeError if they are + improperly used and are left in consistent state after this. + - gh-111092: Make turtledemo run without default root enabled. + - gh-110590: Fix a bug in _sre.compile() where TypeError would be + overwritten by OverflowError when the code argument was a list + of non-ints. + - gh-65052: Prevent pdb from crashing when trying to display + undisplayable objects + - gh-110519: Deprecation warning about non-integer number in + gettext now alwais refers to the line in the user code where + gettext function or method is used. Previously it could refer to + a line in gettext code. + - gh-110378: contextmanager() and asynccontextmanager() context + managers now close an invalid underlying generator object that + yields more then one value. + - gh-110365: Fix termios.tcsetattr() bug that was overwritting + existing errors during parsing integers from term list. + - gh-110196: Add __reduce__ method to IPv6Address in order to keep + scope_id + - gh-109747: Improve errors for unsupported look-behind patterns. + Now re.error is raised instead of OverflowError or RuntimeError + for too large width of look-behind pattern. + - gh-109786: Fix possible reference leaks and crash when re-enter + the __next__() method of itertools.pairwise. + - gh-108791: Improved error handling in pdb command line + interface, making it produce more concise error messages. + - gh-73561: Omit the interface scope from an IPv6 address when + used as Host header by http.client. + - gh-86826: zipinfo now supports the full range of values in the + TZ string determined by RFC 8536 and detects all invalid + formats. Both Python and C implementations now raise exceptions + of the same type on invalid data. + - bpo-41422: Fixed memory leaks of pickle.Pickler and + pickle.Unpickler involving cyclic references via the internal + memo mapping. + - bpo-40262: The ssl.SSLSocket.recv_into() method no longer + requires the buffer argument to implement __len__ and supports + buffers with arbitrary item size. + - bpo-35191: Fix unexpected integer truncation in + socket.setblocking() which caused it to interpret multiples of + 2**32 as False. + + - Documentation + - gh-108826: dis module command-line interface is now mentioned in + documentation. + + - Tests + - gh-110367: Make regrtest --verbose3 option compatible with + --huntrleaks -jN options. The ./python -m test -j1 -R 3:3 + --verbose3 command now works as expected. Patch by Victor + Stinner. + - gh-111309: distutils tests can now be run via unittest. + - gh-111165: Remove no longer used functions run_unittest() and + run_doctest() and class BasicTestRunner from the test.support + module. + - gh-110932: Fix regrtest if the SOURCE_DATE_EPOCH environment + variable is defined: use the variable value as the random seed. + Patch by Victor Stinner. + - gh-110995: test_gdb: Fix detection of gdb built without Python + scripting support. Patch by Victor Stinner. + - gh-110918: Test case matching patterns specified by options + --match, --ignore, --matchfile and --ignorefile are now tested + in the order of specification, and the last match determines + whether the test case be run or ignored. + - gh-110647: Fix test_stress_modifying_handlers() of test_signal. + Patch by Victor Stinner. + - gh-103053: Fix test_tools.test_freeze on FreeBSD: run “make + distclean” instead of “make clean” in the copied source + directory to remove also the “python” program. Patch by Victor + Stinner. + - gh-110167: Fix a deadlock in test_socket when server fails with + a timeout but the client is still running in its thread. Don’t + hold a lock to call cleanup functions in doCleanups(). One of + the cleanup function waits until the client completes, whereas + the client could deadlock if it called addCleanup() in such + situation. Patch by Victor Stinner. + - gh-110388: Add tests for tty. + - gh-81002: Add tests for termios. + - gh-110267: Add tests for pickling and copying PyStructSequence + objects. Patched by Xuehai Pan. + - gh-109974: Fix race conditions in test_threading lock tests. + Wait until a condition is met rather than using time.sleep() + with a hardcoded number of seconds. Patch by Victor Stinner. + - gh-109972: Split test_gdb.py file into a test_gdb package made + of multiple tests, so tests can now be run in parallel. Patch by + Victor Stinner. + - gh-104736: Fix test_gdb on Python built with LLVM clang 16 on + Linux ppc64le (ex: Fedora 38). Search patterns in gdb “bt” + command output to detect when gdb fails to retrieve the + traceback. For example, skip a test if Backtrace stopped: frame + did not save the PC is found. Patch by Victor Stinner. + - gh-108927: Fixed order dependence in running tests in the same + process when a test that has submodules (e.g. test_importlib) + follows a test that imports its submodule (e.g. + test_importlib.util) and precedes a test (e.g. test_unittest or + test_compileall) that uses that submodule. + + - Build + - gh-103053: “make check-clean-src” now also checks if the + “python” program is found in the source directory: fail with an + error if it does exist. Patch by Victor Stinner. + - gh-109191: Fix compile error when building with recent versions + of libedit. + + - IDLE + - bpo-35668: Add docstrings to the IDLE debugger module. Fix two + bugs: initialize Idb.botframe (should be in Bdb); in + Idb.in_rpc_code, check whether prev_frame is None before trying + to use it. Greatly expand test_debugger. + + - C API + - gh-112438: Fix support of format units “es”, “et”, “es#”, and + “et#” in nested tuples in PyArg_ParseTuple()-like functions. + - gh-109521: PyImport_GetImporter() now sets RuntimeError if it + fails to get sys.path_hooks or sys.path_importer_cache or they + are not list and dict correspondingly. Previously it could + return NULL without setting error in obscure cases, crash or + raise SystemError if these attributes have wrong type. +------------------------------------------------------------------- Mon Dec 18 16:20:58 UTC 2023 - Matej Cepl - Refresh CVE-2023-27043-email-parsing-errors.patch to diff --git a/python311.spec b/python311.spec index 53b1560..16f2357 100644 --- a/python311.spec +++ b/python311.spec @@ -94,7 +94,7 @@ %define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so %bcond_without profileopt Name: %{python_pkg_name}%{psuffix} -Version: 3.11.6 +Version: 3.11.7 Release: 0 Summary: Python 3 Interpreter License: Python-2.0 -- 2.51.1 From a7d54cb5c388da2c63f819adbcca74970c1653862c4a90d2088bc2dd95991e67 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Thu, 8 Feb 2024 12:49:59 +0000 Subject: [PATCH 072/135] Accepting request 1145174 from home:dgarcia:branches:devel:languages:python:Factory MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Update to 3.11.8: - Security - gh-113659: Skip .pth files with names starting with a dot or hidden file attribute. - Core and Builtins - gh-114887: Changed socket type validation in create_datagram_endpoint() to accept all non-stream sockets. This fixes a regression in compatibility with raw sockets. - gh-114388: Fix a RuntimeWarning emitted when assign an integer-like value that is not an instance of int to an attribute that corresponds to a C struct member of type T_UINT and T_ULONG. Fix a double RuntimeWarning emitted when assign a negative integer value to an attribute that corresponds to a C struct member of type T_UINT. - gh-89811: Check for a valid tp_version_tag before performing bytecode specializations that rely on this value being usable. - gh-113602: Fix an error that was causing the parser to try to overwrite existing errors and crashing in the process. Patch by Pablo Galindo - gh-113566: Fix a 3.11-specific crash when the repr of a Future is requested after the module has already been garbage-collected. - gh-106905: Use per AST-parser state rather than global state to track recursion depth within the AST parser to prevent potential race condition due to simultaneous parsing. - The issue primarily showed up in 3.11 by multithreaded users of ast.parse(). In 3.12 a change to when garbage collection can be triggered prevented the race condition from occurring. - gh-112716: Fix SystemError in the import statement and in __reduce__() methods of builtin types when __builtins__ is not a dict. - gh-105967: Workaround a bug in Apple’s macOS platform zlib library where zlib.crc32() and binascii.crc32() could produce incorrect results on multi-gigabyte inputs. Including when using zipfile on zips containing large data. - gh-94606: Fix UnicodeEncodeError when email.message.get_payload() reads a message with a Unicode surrogate character and the message content is not well-formed for surrogateescape encoding. Patch by Sidney Markowitz. - Library - gh-114965: Update bundled pip to 24.0 - gh-114959: tarfile no longer ignores errors when trying to extract a directory on top of a file. - gh-109475: Fix support of explicit option value “–” in argparse (e.g. --option=--). - gh-110190: Fix ctypes structs with array on Windows ARM64 platform by setting MAX_STRUCT_SIZE to 32 in stgdict. Patch by Diego Russo - gh-113280: Fix a leak of open socket in rare cases when error occurred in ssl.SSLSocket creation. - gh-77749: email.policy.EmailPolicy.fold() now always encodes non-ASCII characters in headers if utf8 is false. - gh-114492: Make the result of termios.tcgetattr() reproducible on Alpine Linux. Previously it could leave a random garbage in some fields. - gh-75128: Ignore an OSError in asyncio.BaseEventLoop.create_server() when IPv6 is available but the interface cannot actually support it. - gh-114257: Dismiss the FileNotFound error in ctypes.util.find_library() and just return None on Linux. - gh-101438: Avoid reference cycle in ElementTree.iterparse. The iterator returned by ElementTree.iterparse may hold on to a file descriptor. The reference cycle prevented prompt clean-up of the file descriptor if the returned iterator was not exhausted. - gh-104522: OSError raised when run a subprocess now only has filename attribute set to cwd if the error was caused by a failed attempt to change the current directory. - gh-109534: Fix a reference leak in asyncio.selector_events.BaseSelectorEventLoop when SSL handshakes fail. Patch contributed by Jamie Phan. - gh-114077: Fix possible OverflowError in socket.socket.sendfile() when pass count larger than 2 GiB on 32-bit platform. - gh-114014: Fixed a bug in fractions.Fraction where an invalid string using d in the decimals part creates a different error compared to other invalid letters/characters. Patch by Jeremiah Gabriel Pascual. - gh-113951: Fix the behavior of tag_unbind() methods of tkinter.Text and tkinter.Canvas classes with three arguments. Previously, widget.tag_unbind(tag, sequence, funcid) destroyed the current binding for sequence, leaving sequence unbound, and deleted the funcid command. Now it removes only funcid from the binding for sequence, keeping other commands, and deletes the funcid command. It leaves sequence unbound only if funcid was the last bound command. - gh-113877: Fix tkinter method winfo_pathname() on 64-bit Windows. - gh-113781: Silence unraisable AttributeError when warnings are emitted during Python finalization. - gh-113594: Fix UnicodeEncodeError in email when re-fold lines that contain unknown-8bit encoded part followed by non-unknown-8bit encoded part. - gh-113538: In asyncio.StreamReaderProtocol.connection_made(), there is callback that logs an error if the task wrapping the “connected callback” fails. This callback would itself fail if the task was cancelled. Prevent this by checking whether the task was cancelled first. If so, close the transport but don’t log an error. - gh-85567: Fix resource warnings for unclosed files in pickle and pickletools command line interfaces. - gh-101225: Increase the backlog for multiprocessing.connection.Listener objects created by multiprocessing.manager and multiprocessing.resource_sharer to significantly reduce the risk of getting a connection refused error when creating a multiprocessing.connection.Connection to them. - gh-113543: Make sure that webbrowser.MacOSXOSAScript sends webbrowser.open audit event. - gh-113028: When a second reference to a string appears in the input to pickle, and the Python implementation is in use, we are guaranteed that a single copy gets pickled and a single object is shared when reloaded. Previously, in protocol 0, when a string contained certain characters (e.g. newline) it resulted in duplicate objects. - gh-113421: Fix multiprocessing logger for %(filename)s. - gh-113358: Fix rendering tracebacks for exceptions with a broken __getattr__. - gh-113214: Fix an AttributeError during asyncio SSL protocol aborts in SSL-over-SSL scenarios. - gh-113246: Update bundled pip to 23.3.2. - gh-113199: Make http.client.HTTPResponse.read1 and http.client.HTTPResponse.readline close IO after reading all data when content length is known. Patch by Illia Volochii. - gh-113188: Fix shutil.copymode() and shutil.copystat() on Windows. Previously they worked differenly if dst is a symbolic link: they modified the permission bits of dst itself rather than the file it points to if follow_symlinks is true or src is not a symbolic link, and did not modify the permission bits if follow_symlinks is false and src is a symbolic link. - gh-61648: Detect line numbers of properties in doctests. - gh-112559: signal.signal() and signal.getsignal() no longer call repr on callable handlers. asyncio.run() and asyncio.Runner.run() no longer call repr on the task results. Patch by Yilei Yang. - gh-110190: Fix ctypes structs with array on PPC64LE platform by setting MAX_STRUCT_SIZE to 64 in stgdict. Patch by Diego Russo. - gh-79429: Ignore FileNotFoundError when remove a temporary directory in the multiprocessing finalizer. - gh-79325: Fix an infinite recursion error in tempfile.TemporaryDirectory() cleanup on Windows. - gh-110190: Fix ctypes structs with array on Arm platform by setting MAX_STRUCT_SIZE to 32 in stgdict. Patch by Diego Russo. - gh-81194: Fix a crash in socket.if_indextoname() with specific value (UINT_MAX). Fix an integer overflow in socket.if_indextoname() on 64-bit non-Windows platforms. - gh-75666: Fix the behavior of tkinter widget’s unbind() method with two arguments. Previously, widget.unbind(sequence, funcid) destroyed the current binding for sequence, leaving sequence unbound, and deleted the funcid command. Now it removes only funcid from the binding for sequence, keeping other commands, and deletes the funcid command. It leaves sequence unbound only if funcid was the last bound command. - gh-110345: Show the Tcl/Tk patchlevel (rather than version) in tkinter._test(). - gh-109858: Protect zipfile from “quoted-overlap” zipbomb. It now raises BadZipFile when try to read an entry that overlaps with other entry or central directory. - gh-38807: Fix race condition in trace. Instead of checking if a directory exists and creating it, directly call os.makedirs() with the kwarg exist_ok=True. - gh-75705: Set unixfrom envelope in mailbox.mbox and mailbox.MMDF. - gh-105102: Allow ctypes.Union to be nested in ctypes.Structure when the system endianness is the opposite of the classes. - gh-104282: Fix null pointer dereference in lzma._decode_filter_properties() due to improper handling of BCJ filters with properties of zero length. Patch by Radislav Chugunov. - gh-102512: When os.fork() is called from a foreign thread (aka _DummyThread), the type of the thread in a child process is changed to _MainThread. Also changed its name and daemonic status, it can be now joined. - gh-91133: Fix a bug in tempfile.TemporaryDirectory cleanup, which now no longer dereferences symlinks when working around file system permission errors. - bpo-43153: On Windows, tempfile.TemporaryDirectory previously masked a PermissionError with NotADirectoryError during directory cleanup. It now correctly raises PermissionError if errors are not ignored. Patch by Andrei Kulakov and Ken Jin. - bpo-35332: The shutil.rmtree() function now ignores errors when calling os.close() when ignore_errors is True, and os.close() no longer retried after error. - bpo-35928: io.TextIOWrapper now correctly handles the decoding buffer after read() and write(). - bpo-26791: shutil.move() now moves a symlink into a directory when that directory is the target of the symlink. This provides the same behavior as the mv shell command. The previous behavior raised an exception. Patch by Jeffrey Kintscher. - bpo-36959: Fix some error messages for invalid ISO format string combinations in strptime() that referred to directives not contained in the format string. Patch by Gordon P. Hemsley. - bpo-18060: Fixed a class inheritance issue that can cause segfaults when deriving two or more levels of subclasses from a base class of Structure or Union. - Documentation - gh-110746: Improved markup for valid options/values for methods ttk.treeview.column and ttk.treeview.heading, and for Layouts. - gh-95649: Document that the asyncio module contains code taken from v0.16.0 of the uvloop project, as well as the required MIT licensing information. - Tests - gh-109980: Fix test_tarfile_vs_tar in test_shutil for macOS, where system tar can include more information in the archive than shutil.make_archive. - gh-112769: The tests now correctly compare zlib version when zlib.ZLIB_RUNTIME_VERSION contains non-integer suffixes. For example zlib-ng defines the version as 1.3.0.zlib-ng. - gh-105089: Fix test.test_zipfile.test_core.TestWithDirectory.test_create_directory_with_write test in AIX by doing a bitwise AND of 0xFFFF on mode , so that it will be in sync with zinfo.external_attr - bpo-40648: Test modes that file can get with chmod() on Windows. - Build - gh-101778: Fix build error when there’s a dangling symlink in the directory containing ffi.h. - gh-112305: Fixed the check-clean-src step performed on out of tree builds to detect errant $(srcdir)/Python/frozen_modules/*.h files and recommend appropriate source tree cleanup steps to get a working build again. - bpo-11102: The os.major(), os.makedev(), and os.minor() functions are now available on HP-UX v3. - bpo-36351: Do not set ipv6type when cross-compiling. - IDLE - gh-96905: In idlelib code, stop redefining built-ins ‘dict’ and ‘object’. - gh-72284: Improve the lists of features, editor key bindings, and shell key bingings in the IDLE doc. - gh-113903: Fix rare failure of test.test_idle, in test_configdialog. - gh-113729: Fix the “Help -> IDLE Doc” menu bug in 3.11.7 and 3.12.1. - gh-113269: Fix test_editor hang on macOS Catalina. - gh-112898: Fix processing unsaved files when quitting IDLE on macOS. - gh-103820: Revise IDLE bindings so that events from mouse button 4/5 on non-X11 windowing systems (i.e. Win32 and Aqua) are not mistaken for scrolling. - bpo-13586: Enter the selected text when opening the “Replace” dialog. - Tools/Demos - gh-109991: Update GitHub CI workflows to use OpenSSL 3.0.13 and multissltests to use 1.1.1w, 3.0.13, 3.1.5, and 3.2.1. - gh-115015: Fix a bug in Argument Clinic that generated incorrect code for methods with no parameters that use the METH_METHOD | METH_FASTCALL | METH_KEYWORDS calling convention. Only the positional parameter count was checked; any keyword argument passed would be silently accepted. - Refresh all patches: - CVE-2023-27043-email-parsing-errors.patch - F00251-change-user-install-location.patch - bpo-31046_ensurepip_honours_prefix.patch - distutils-reproducible-compile.patch - fix_configure_rst.patch - python-3.3.0b1-fix_date_time_compiler.patch - python-3.3.0b1-localpath.patch - python-3.3.0b1-test-posix_fadvise.patch - skip_if_buildbot-extend.patch - subprocess-raise-timeout.patch - support-expat-CVE-2022-25236-patched.patch OBS-URL: https://build.opensuse.org/request/show/1145174 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=99 --- CVE-2023-27043-email-parsing-errors.patch | 24 +- F00251-change-user-install-location.patch | 14 +- Python-3.11.7.tar.xz | 3 - Python-3.11.7.tar.xz.asc | 16 -- Python-3.11.8.tar.xz | 3 + Python-3.11.8.tar.xz.asc | 16 ++ bpo-31046_ensurepip_honours_prefix.patch | 32 +-- distutils-reproducible-compile.patch | 6 +- fix_configure_rst.patch | 14 +- python-3.3.0b1-fix_date_time_compiler.patch | 8 +- python-3.3.0b1-localpath.patch | 10 +- python-3.3.0b1-test-posix_fadvise.patch | 8 +- python311.changes | 264 ++++++++++++++++++++ python311.spec | 33 ++- skip_if_buildbot-extend.patch | 8 +- subprocess-raise-timeout.patch | 8 +- support-expat-CVE-2022-25236-patched.patch | 6 +- 17 files changed, 381 insertions(+), 92 deletions(-) delete mode 100644 Python-3.11.7.tar.xz delete mode 100644 Python-3.11.7.tar.xz.asc create mode 100644 Python-3.11.8.tar.xz create mode 100644 Python-3.11.8.tar.xz.asc diff --git a/CVE-2023-27043-email-parsing-errors.patch b/CVE-2023-27043-email-parsing-errors.patch index 6e4cc64..1ced142 100644 --- a/CVE-2023-27043-email-parsing-errors.patch +++ b/CVE-2023-27043-email-parsing-errors.patch @@ -5,8 +5,10 @@ Misc/NEWS.d/next/Library/2023-10-20-15-28-08.gh-issue-102988.dStNO7.rst | 8 4 files changed, 344 insertions(+), 21 deletions(-) ---- a/Doc/library/email.utils.rst -+++ b/Doc/library/email.utils.rst +Index: Python-3.11.8/Doc/library/email.utils.rst +=================================================================== +--- Python-3.11.8.orig/Doc/library/email.utils.rst ++++ Python-3.11.8/Doc/library/email.utils.rst @@ -60,13 +60,18 @@ of the new API. begins with angle brackets, they are stripped off. @@ -56,15 +58,17 @@ .. function:: parsedate(date) ---- a/Lib/email/utils.py -+++ b/Lib/email/utils.py +Index: Python-3.11.8/Lib/email/utils.py +=================================================================== +--- Python-3.11.8.orig/Lib/email/utils.py ++++ Python-3.11.8/Lib/email/utils.py @@ -48,6 +48,7 @@ TICK = "'" specialsre = re.compile(r'[][\\()<>@,:;".]') escapesre = re.compile(r'[\\"]') + def _has_surrogates(s): - """Return True if s contains surrogate-escaped binary data.""" + """Return True if s may contain surrogate-escaped binary data.""" # This check is based on the fact that unless there are surrogates, utf8 @@ -106,12 +107,127 @@ def formataddr(pair, charset='utf-8'): return address @@ -237,8 +241,10 @@ return addrs[0] ---- a/Lib/test/test_email/test_email.py -+++ b/Lib/test/test_email/test_email.py +Index: Python-3.11.8/Lib/test/test_email/test_email.py +=================================================================== +--- Python-3.11.8.orig/Lib/test/test_email/test_email.py ++++ Python-3.11.8/Lib/test/test_email/test_email.py @@ -17,6 +17,7 @@ from unittest.mock import patch import email @@ -448,8 +454,10 @@ # Test the iterator/generators class TestIterators(TestEmailBase): +Index: Python-3.11.8/Misc/NEWS.d/next/Library/2023-10-20-15-28-08.gh-issue-102988.dStNO7.rst +=================================================================== --- /dev/null -+++ b/Misc/NEWS.d/next/Library/2023-10-20-15-28-08.gh-issue-102988.dStNO7.rst ++++ Python-3.11.8/Misc/NEWS.d/next/Library/2023-10-20-15-28-08.gh-issue-102988.dStNO7.rst @@ -0,0 +1,8 @@ +:func:`email.utils.getaddresses` and :func:`email.utils.parseaddr` now +return ``('', '')`` 2-tuples in more situations where invalid email diff --git a/F00251-change-user-install-location.patch b/F00251-change-user-install-location.patch index ac31b43..d659f81 100644 --- a/F00251-change-user-install-location.patch +++ b/F00251-change-user-install-location.patch @@ -13,8 +13,10 @@ Fedora Change: https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe Lib/site.py | 9 ++++++++- 2 files changed, 21 insertions(+), 3 deletions(-) ---- a/Lib/distutils/command/install.py -+++ b/Lib/distutils/command/install.py +Index: Python-3.11.8/Lib/distutils/command/install.py +=================================================================== +--- Python-3.11.8.orig/Lib/distutils/command/install.py ++++ Python-3.11.8/Lib/distutils/command/install.py @@ -441,8 +441,19 @@ class install(Command): raise DistutilsOptionError( "must not supply exec-prefix without prefix") @@ -37,9 +39,11 @@ Fedora Change: https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe else: if self.exec_prefix is None: ---- a/Lib/site.py -+++ b/Lib/site.py -@@ -377,8 +377,15 @@ def getsitepackages(prefixes=None): +Index: Python-3.11.8/Lib/site.py +=================================================================== +--- Python-3.11.8.orig/Lib/site.py ++++ Python-3.11.8/Lib/site.py +@@ -387,8 +387,15 @@ def getsitepackages(prefixes=None): return sitepackages def addsitepackages(known_paths, prefixes=None): diff --git a/Python-3.11.7.tar.xz b/Python-3.11.7.tar.xz deleted file mode 100644 index 8d3a65d..0000000 --- a/Python-3.11.7.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:18e1aa7e66ff3a58423d59ed22815a6954e53342122c45df20c96877c062b9b7 -size 20074108 diff --git a/Python-3.11.7.tar.xz.asc b/Python-3.11.7.tar.xz.asc deleted file mode 100644 index 3eee3d2..0000000 --- a/Python-3.11.7.tar.xz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCAAdFiEEz9yiRbEEPPKl+Xhl/+h0BBaL2EcFAmVuFigACgkQ/+h0BBaL -2EeHPg/+LU5xs2ZDrQogDcH+A1v8RyursiggypdM5hXTrsFsTCIk4iekcI9xkhG1 -ltNX4UuCe5PUEbTgtaWP0ncXARrUnPCoQaQ1sHVDTYoHegancsk+sXZc1JM7qr0p -Y4Ig6mKjuHFMXCInQSI2GaH4t5r4Z1jGk/PGrecIHOPJgqfA/6Z3TBF5N+y3jEvS -2QazMB298q4RDhh9m3REe8LwFPHDlfw9eRohv0MB8xygg9KtxhLZrN7gLBQZvKGD -ihNw6EgJj5OZ0dvwKCCXnlZuwknuJW7vAOPHhYeenPdVdYCGoRSyN7JdD07L+5AG -O14l2rqZrz5Eu28by+kAUrcPYAfAXekw1PmtT3HSd9U/nqnUiTkkJcjyGG/e3cjJ -sUDKMNCSBq0G7j5DB3bB6VHkZjVuz+T+iR5QdfJ4kI2pYSuE/rUj1rhkUXApYsHl -7Wff0QbOW6QT1wCtQcMpJSzkTDVJVYxiqrko/ihlOhphDHYLdOIGOrxWAUwc06x/ -BhJD6tM1kEVZvifoJp1OsNwDzZ/Ku6CUs05E1vWxdeNVeANyKAgCZ5hOVmhnv866 -11zfgo/znRsMzMIyJuy0bhO0C6omVLzzfhipAbZM2jDorn37xxV0v/I0pceNtLrp -YR7Tjs7+Ihe6/oItjW53j9T7ANdgQ1RVDg98lKlPFNL+hxfctwY= -=0Pkd ------END PGP SIGNATURE----- diff --git a/Python-3.11.8.tar.xz b/Python-3.11.8.tar.xz new file mode 100644 index 0000000..9263767 --- /dev/null +++ b/Python-3.11.8.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:9e06008c8901924395bc1da303eac567a729ae012baa182ab39269f650383bb3 +size 20041256 diff --git a/Python-3.11.8.tar.xz.asc b/Python-3.11.8.tar.xz.asc new file mode 100644 index 0000000..bd8cff8 --- /dev/null +++ b/Python-3.11.8.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEz9yiRbEEPPKl+Xhl/+h0BBaL2EcFAmXCppEACgkQ/+h0BBaL +2Edi6g//dRagLHlrmPyCrch7ZqAazLMXTHb3cerXg41QEqfwIl7osk1HnqObBgVN +w8vgXy9ZlxWwv+cWvwrNLY1AWEfarhwRzWLkikHwycBIIgep1HmSvyU4wLKaN7mI +c/LxGHfQZ6suu3gCVmRFBoB/ACpT0P5qvDpoUehrADE6wCqs0vbRiW/InLCTUpOy +zZ+5ncK302JtafJkjIGf2VNB4yQATk/v7fO/z43sEQqhvzgtlWlXNmtCKshGBIt1 +mJpLEs8gCq97jObfbN7FkC3Ti/kEan7PbjDzsDKcBv/jJudvWywHtMzplgbjtOYG +AgBM8bXbVC119BwmfBpvAxgsVKmmGi9d2McJUPOcIHKiHCb17fU0srRbSV47rE9N +PWEHgQC2ICbdT9N1oimOEp16eYt5omFWfDy5C91oqUnBFtz8wqiNmyeQimegMgBe +cDpOY73C2H7Vi6rX9EbyrG+LOkfJ6Vt5rTCa+zbAPy2ihz/ajA7UNH72t1uuzFQZ +pPdUBNhtGxr5EB3zAqBxDuoh9DMOmDZACbT+npHR3Y7KaXTHYIe7Ot8CCrLpH+Ra +8Yt6/CCD7KnsCWz6pfyH+ulIL4vw+dPnC809+neiXhiUuM5qiIr9K7HidzXi0Lwj +sb8MVErS8dURFZP48e1dfbyJqsAvAosiGmjDDqbrlAC5attKjg8= +=VFx6 +-----END PGP SIGNATURE----- diff --git a/bpo-31046_ensurepip_honours_prefix.patch b/bpo-31046_ensurepip_honours_prefix.patch index 1cec52f..86882ae 100644 --- a/bpo-31046_ensurepip_honours_prefix.patch +++ b/bpo-31046_ensurepip_honours_prefix.patch @@ -13,10 +13,10 @@ Co-Authored-By: Xavier de Gaye 5 files changed, 34 insertions(+), 9 deletions(-) create mode 100644 Misc/NEWS.d/next/Build/2019-12-16-17-50-42.bpo-31046.XA-Qfr.rst -Index: Python-3.11.6/Doc/library/ensurepip.rst +Index: Python-3.11.8/Doc/library/ensurepip.rst =================================================================== ---- Python-3.11.6.orig/Doc/library/ensurepip.rst -+++ Python-3.11.6/Doc/library/ensurepip.rst +--- Python-3.11.8.orig/Doc/library/ensurepip.rst ++++ Python-3.11.8/Doc/library/ensurepip.rst @@ -59,7 +59,9 @@ is at least as recent as the one availab By default, ``pip`` is installed into the current virtual environment (if one is active) or into the system site packages (if there is no @@ -55,10 +55,10 @@ Index: Python-3.11.6/Doc/library/ensurepip.rst .. audit-event:: ensurepip.bootstrap root ensurepip.bootstrap .. note:: -Index: Python-3.11.6/Lib/ensurepip/__init__.py +Index: Python-3.11.8/Lib/ensurepip/__init__.py =================================================================== ---- Python-3.11.6.orig/Lib/ensurepip/__init__.py -+++ Python-3.11.6/Lib/ensurepip/__init__.py +--- Python-3.11.8.orig/Lib/ensurepip/__init__.py ++++ Python-3.11.8/Lib/ensurepip/__init__.py @@ -122,27 +122,27 @@ def _disable_pip_configuration_settings( os.environ['PIP_CONFIG_FILE'] = os.devnull @@ -121,10 +121,10 @@ Index: Python-3.11.6/Lib/ensurepip/__init__.py upgrade=args.upgrade, user=args.user, verbosity=args.verbosity, -Index: Python-3.11.6/Lib/test/test_ensurepip.py +Index: Python-3.11.8/Lib/test/test_ensurepip.py =================================================================== ---- Python-3.11.6.orig/Lib/test/test_ensurepip.py -+++ Python-3.11.6/Lib/test/test_ensurepip.py +--- Python-3.11.8.orig/Lib/test/test_ensurepip.py ++++ Python-3.11.8/Lib/test/test_ensurepip.py @@ -112,6 +112,17 @@ class TestBootstrap(EnsurepipMixin, unit unittest.mock.ANY, ) @@ -143,11 +143,11 @@ Index: Python-3.11.6/Lib/test/test_ensurepip.py def test_bootstrapping_with_user(self): ensurepip.bootstrap(user=True) -Index: Python-3.11.6/Makefile.pre.in +Index: Python-3.11.8/Makefile.pre.in =================================================================== ---- Python-3.11.6.orig/Makefile.pre.in -+++ Python-3.11.6/Makefile.pre.in -@@ -1758,7 +1758,7 @@ install: @FRAMEWORKINSTALLFIRST@ commoni +--- Python-3.11.8.orig/Makefile.pre.in ++++ Python-3.11.8/Makefile.pre.in +@@ -1761,7 +1761,7 @@ install: @FRAMEWORKINSTALLFIRST@ commoni install|*) ensurepip="" ;; \ esac; \ $(RUNSHARED) $(PYTHON_FOR_BUILD) -m ensurepip \ @@ -156,7 +156,7 @@ Index: Python-3.11.6/Makefile.pre.in fi altinstall: commoninstall -@@ -1768,7 +1768,7 @@ altinstall: commoninstall +@@ -1771,7 +1771,7 @@ altinstall: commoninstall install|*) ensurepip="--altinstall" ;; \ esac; \ $(RUNSHARED) $(PYTHON_FOR_BUILD) -m ensurepip \ @@ -165,9 +165,9 @@ Index: Python-3.11.6/Makefile.pre.in fi commoninstall: check-clean-src @FRAMEWORKALTINSTALLFIRST@ \ -Index: Python-3.11.6/Misc/NEWS.d/next/Build/2019-12-16-17-50-42.bpo-31046.XA-Qfr.rst +Index: Python-3.11.8/Misc/NEWS.d/next/Build/2019-12-16-17-50-42.bpo-31046.XA-Qfr.rst =================================================================== --- /dev/null -+++ Python-3.11.6/Misc/NEWS.d/next/Build/2019-12-16-17-50-42.bpo-31046.XA-Qfr.rst ++++ Python-3.11.8/Misc/NEWS.d/next/Build/2019-12-16-17-50-42.bpo-31046.XA-Qfr.rst @@ -0,0 +1 @@ +A directory prefix can now be specified when using :mod:`ensurepip`. diff --git a/distutils-reproducible-compile.patch b/distutils-reproducible-compile.patch index fd98baa..17e8bd2 100644 --- a/distutils-reproducible-compile.patch +++ b/distutils-reproducible-compile.patch @@ -2,8 +2,10 @@ Lib/distutils/util.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) ---- a/Lib/distutils/util.py -+++ b/Lib/distutils/util.py +Index: Python-3.11.8/Lib/distutils/util.py +=================================================================== +--- Python-3.11.8.orig/Lib/distutils/util.py ++++ Python-3.11.8/Lib/distutils/util.py @@ -436,7 +436,7 @@ byte_compile(files, optimize=%r, force=% else: from py_compile import compile diff --git a/fix_configure_rst.patch b/fix_configure_rst.patch index e45e240..2fabf1b 100644 --- a/fix_configure_rst.patch +++ b/fix_configure_rst.patch @@ -3,10 +3,10 @@ Misc/NEWS | 2 +- 2 files changed, 1 insertion(+), 4 deletions(-) -Index: Python-3.11.7/Doc/using/configure.rst +Index: Python-3.11.8/Doc/using/configure.rst =================================================================== ---- Python-3.11.7.orig/Doc/using/configure.rst -+++ Python-3.11.7/Doc/using/configure.rst +--- Python-3.11.8.orig/Doc/using/configure.rst ++++ Python-3.11.8/Doc/using/configure.rst @@ -41,7 +41,6 @@ General Options See :data:`sys.int_info.bits_per_digit `. @@ -29,11 +29,11 @@ Index: Python-3.11.7/Doc/using/configure.rst .. option:: --enable-framework=INSTALLDIR Create a Python.framework rather than a traditional Unix install. Optional -Index: Python-3.11.7/Misc/NEWS +Index: Python-3.11.8/Misc/NEWS =================================================================== ---- Python-3.11.7.orig/Misc/NEWS -+++ Python-3.11.7/Misc/NEWS -@@ -9012,7 +9012,7 @@ C API +--- Python-3.11.8.orig/Misc/NEWS ++++ Python-3.11.8/Misc/NEWS +@@ -9411,7 +9411,7 @@ C API - bpo-40939: Removed documentation for the removed ``PyParser_*`` C API. - bpo-43795: The list in :ref:`limited-api-list` now shows the public name diff --git a/python-3.3.0b1-fix_date_time_compiler.patch b/python-3.3.0b1-fix_date_time_compiler.patch index 06aab09..cda20d7 100644 --- a/python-3.3.0b1-fix_date_time_compiler.patch +++ b/python-3.3.0b1-fix_date_time_compiler.patch @@ -2,9 +2,11 @@ Makefile.pre.in | 7 +++++++ 1 file changed, 7 insertions(+) ---- a/Makefile.pre.in -+++ b/Makefile.pre.in -@@ -1235,11 +1235,18 @@ Modules/getbuildinfo.o: $(PARSER_OBJS) \ +Index: Python-3.11.8/Makefile.pre.in +=================================================================== +--- Python-3.11.8.orig/Makefile.pre.in ++++ Python-3.11.8/Makefile.pre.in +@@ -1240,11 +1240,18 @@ Modules/getbuildinfo.o: $(PARSER_OBJS) \ $(DTRACE_OBJS) \ $(srcdir)/Modules/getbuildinfo.c $(CC) -c $(PY_CORE_CFLAGS) \ diff --git a/python-3.3.0b1-localpath.patch b/python-3.3.0b1-localpath.patch index ff9a376..475497e 100644 --- a/python-3.3.0b1-localpath.patch +++ b/python-3.3.0b1-localpath.patch @@ -1,7 +1,9 @@ ---- a/Lib/site.py -+++ b/Lib/site.py -@@ -76,7 +76,7 @@ import _sitebuiltins - import io +Index: Python-3.11.8/Lib/site.py +=================================================================== +--- Python-3.11.8.orig/Lib/site.py ++++ Python-3.11.8/Lib/site.py +@@ -77,7 +77,7 @@ import io + import stat # Prefixes for site-packages; add additional prefixes like /usr/local here -PREFIXES = [sys.prefix, sys.exec_prefix] diff --git a/python-3.3.0b1-test-posix_fadvise.patch b/python-3.3.0b1-test-posix_fadvise.patch index 762dd28..ac5d553 100644 --- a/python-3.3.0b1-test-posix_fadvise.patch +++ b/python-3.3.0b1-test-posix_fadvise.patch @@ -2,9 +2,11 @@ Lib/test/test_posix.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) ---- a/Lib/test/test_posix.py -+++ b/Lib/test/test_posix.py -@@ -428,7 +428,7 @@ class PosixTester(unittest.TestCase): +Index: Python-3.11.8/Lib/test/test_posix.py +=================================================================== +--- Python-3.11.8.orig/Lib/test/test_posix.py ++++ Python-3.11.8/Lib/test/test_posix.py +@@ -430,7 +430,7 @@ class PosixTester(unittest.TestCase): def test_posix_fadvise(self): fd = os.open(os_helper.TESTFN, os.O_RDONLY) try: diff --git a/python311.changes b/python311.changes index 55ffed6..d22b0be 100644 --- a/python311.changes +++ b/python311.changes @@ -1,3 +1,267 @@ +------------------------------------------------------------------- +Thu Feb 8 07:27:40 UTC 2024 - Daniel Garcia + +- Update to 3.11.8: + - Security + - gh-113659: Skip .pth files with names starting with a dot or + hidden file attribute. + - Core and Builtins + - gh-114887: Changed socket type validation in + create_datagram_endpoint() to accept all non-stream sockets. + This fixes a regression in compatibility with raw sockets. + - gh-114388: Fix a RuntimeWarning emitted when assign an + integer-like value that is not an instance of int to an + attribute that corresponds to a C struct member of type T_UINT + and T_ULONG. Fix a double RuntimeWarning emitted when assign a + negative integer value to an attribute that corresponds to a C + struct member of type T_UINT. + - gh-89811: Check for a valid tp_version_tag before performing + bytecode specializations that rely on this value being usable. + - gh-113602: Fix an error that was causing the parser to try to + overwrite existing errors and crashing in the process. Patch by + Pablo Galindo + - gh-113566: Fix a 3.11-specific crash when the repr of a Future + is requested after the module has already been + garbage-collected. + - gh-106905: Use per AST-parser state rather than global state to + track recursion depth within the AST parser to prevent potential + race condition due to simultaneous parsing. + - The issue primarily showed up in 3.11 by multithreaded users of + ast.parse(). In 3.12 a change to when garbage collection can be + triggered prevented the race condition from occurring. + - gh-112716: Fix SystemError in the import statement and in + __reduce__() methods of builtin types when __builtins__ is not a + dict. + - gh-105967: Workaround a bug in Apple’s macOS platform zlib + library where zlib.crc32() and binascii.crc32() could produce + incorrect results on multi-gigabyte inputs. Including when using + zipfile on zips containing large data. + - gh-94606: Fix UnicodeEncodeError when + email.message.get_payload() reads a message with a Unicode + surrogate character and the message content is not well-formed + for surrogateescape encoding. Patch by Sidney Markowitz. + - Library + - gh-114965: Update bundled pip to 24.0 + - gh-114959: tarfile no longer ignores errors when trying to + extract a directory on top of a file. + - gh-109475: Fix support of explicit option value “–” in argparse + (e.g. --option=--). + - gh-110190: Fix ctypes structs with array on Windows ARM64 + platform by setting MAX_STRUCT_SIZE to 32 in stgdict. Patch by + Diego Russo + - gh-113280: Fix a leak of open socket in rare cases when error + occurred in ssl.SSLSocket creation. + - gh-77749: email.policy.EmailPolicy.fold() now always encodes + non-ASCII characters in headers if utf8 is false. + - gh-114492: Make the result of termios.tcgetattr() reproducible + on Alpine Linux. Previously it could leave a random garbage in + some fields. + - gh-75128: Ignore an OSError in + asyncio.BaseEventLoop.create_server() when IPv6 is available but + the interface cannot actually support it. + - gh-114257: Dismiss the FileNotFound error in + ctypes.util.find_library() and just return None on Linux. + - gh-101438: Avoid reference cycle in ElementTree.iterparse. The + iterator returned by ElementTree.iterparse may hold on to a file + descriptor. The reference cycle prevented prompt clean-up of the + file descriptor if the returned iterator was not exhausted. + - gh-104522: OSError raised when run a subprocess now only has + filename attribute set to cwd if the error was caused by a + failed attempt to change the current directory. + - gh-109534: Fix a reference leak in + asyncio.selector_events.BaseSelectorEventLoop when SSL + handshakes fail. Patch contributed by Jamie Phan. + - gh-114077: Fix possible OverflowError in + socket.socket.sendfile() when pass count larger than 2 GiB on + 32-bit platform. + - gh-114014: Fixed a bug in fractions.Fraction where an invalid + string using d in the decimals part creates a different error + compared to other invalid letters/characters. Patch by Jeremiah + Gabriel Pascual. + - gh-113951: Fix the behavior of tag_unbind() methods of + tkinter.Text and tkinter.Canvas classes with three arguments. + Previously, widget.tag_unbind(tag, sequence, funcid) destroyed + the current binding for sequence, leaving sequence unbound, and + deleted the funcid command. Now it removes only funcid from the + binding for sequence, keeping other commands, and deletes the + funcid command. It leaves sequence unbound only if funcid was + the last bound command. + - gh-113877: Fix tkinter method winfo_pathname() on 64-bit + Windows. + - gh-113781: Silence unraisable AttributeError when warnings are + emitted during Python finalization. + - gh-113594: Fix UnicodeEncodeError in email when re-fold lines + that contain unknown-8bit encoded part followed by + non-unknown-8bit encoded part. + - gh-113538: In asyncio.StreamReaderProtocol.connection_made(), + there is callback that logs an error if the task wrapping the + “connected callback” fails. This callback would itself fail if + the task was cancelled. Prevent this by checking whether the + task was cancelled first. If so, close the transport but don’t + log an error. + - gh-85567: Fix resource warnings for unclosed files in pickle and + pickletools command line interfaces. + - gh-101225: Increase the backlog for + multiprocessing.connection.Listener objects created by + multiprocessing.manager and multiprocessing.resource_sharer to + significantly reduce the risk of getting a connection refused + error when creating a multiprocessing.connection.Connection to + them. + - gh-113543: Make sure that webbrowser.MacOSXOSAScript sends + webbrowser.open audit event. + - gh-113028: When a second reference to a string appears in the + input to pickle, and the Python implementation is in use, we are + guaranteed that a single copy gets pickled and a single object + is shared when reloaded. Previously, in protocol 0, when a + string contained certain characters (e.g. newline) it resulted + in duplicate objects. + - gh-113421: Fix multiprocessing logger for %(filename)s. + - gh-113358: Fix rendering tracebacks for exceptions with a broken + __getattr__. + - gh-113214: Fix an AttributeError during asyncio SSL protocol + aborts in SSL-over-SSL scenarios. + - gh-113246: Update bundled pip to 23.3.2. + - gh-113199: Make http.client.HTTPResponse.read1 and + http.client.HTTPResponse.readline close IO after reading all + data when content length is known. Patch by Illia Volochii. + - gh-113188: Fix shutil.copymode() and shutil.copystat() on + Windows. Previously they worked differenly if dst is a symbolic + link: they modified the permission bits of dst itself rather + than the file it points to if follow_symlinks is true or src is + not a symbolic link, and did not modify the permission bits if + follow_symlinks is false and src is a symbolic link. + - gh-61648: Detect line numbers of properties in doctests. + - gh-112559: signal.signal() and signal.getsignal() no longer call + repr on callable handlers. asyncio.run() and + asyncio.Runner.run() no longer call repr on the task results. + Patch by Yilei Yang. + - gh-110190: Fix ctypes structs with array on PPC64LE platform by + setting MAX_STRUCT_SIZE to 64 in stgdict. Patch by Diego Russo. + - gh-79429: Ignore FileNotFoundError when remove a temporary + directory in the multiprocessing finalizer. + - gh-79325: Fix an infinite recursion error in + tempfile.TemporaryDirectory() cleanup on Windows. + - gh-110190: Fix ctypes structs with array on Arm platform by + setting MAX_STRUCT_SIZE to 32 in stgdict. Patch by Diego Russo. + - gh-81194: Fix a crash in socket.if_indextoname() with specific + value (UINT_MAX). Fix an integer overflow in + socket.if_indextoname() on 64-bit non-Windows platforms. + - gh-75666: Fix the behavior of tkinter widget’s unbind() method + with two arguments. Previously, widget.unbind(sequence, funcid) + destroyed the current binding for sequence, leaving sequence + unbound, and deleted the funcid command. Now it removes only + funcid from the binding for sequence, keeping other commands, + and deletes the funcid command. It leaves sequence unbound only + if funcid was the last bound command. + - gh-110345: Show the Tcl/Tk patchlevel (rather than version) in + tkinter._test(). + - gh-109858: Protect zipfile from “quoted-overlap” zipbomb. It now + raises BadZipFile when try to read an entry that overlaps with + other entry or central directory. + - gh-38807: Fix race condition in trace. Instead of checking if a + directory exists and creating it, directly call os.makedirs() + with the kwarg exist_ok=True. + - gh-75705: Set unixfrom envelope in mailbox.mbox and + mailbox.MMDF. + - gh-105102: Allow ctypes.Union to be nested in ctypes.Structure + when the system endianness is the opposite of the classes. + - gh-104282: Fix null pointer dereference in + lzma._decode_filter_properties() due to improper handling of BCJ + filters with properties of zero length. Patch by Radislav + Chugunov. + - gh-102512: When os.fork() is called from a foreign thread (aka + _DummyThread), the type of the thread in a child process is + changed to _MainThread. Also changed its name and daemonic + status, it can be now joined. + - gh-91133: Fix a bug in tempfile.TemporaryDirectory cleanup, + which now no longer dereferences symlinks when working around + file system permission errors. + - bpo-43153: On Windows, tempfile.TemporaryDirectory previously + masked a PermissionError with NotADirectoryError during + directory cleanup. It now correctly raises PermissionError if + errors are not ignored. Patch by Andrei Kulakov and Ken Jin. + - bpo-35332: The shutil.rmtree() function now ignores errors when + calling os.close() when ignore_errors is True, and os.close() no + longer retried after error. + - bpo-35928: io.TextIOWrapper now correctly handles the decoding + buffer after read() and write(). + - bpo-26791: shutil.move() now moves a symlink into a directory + when that directory is the target of the symlink. This provides + the same behavior as the mv shell command. The previous behavior + raised an exception. Patch by Jeffrey Kintscher. + - bpo-36959: Fix some error messages for invalid ISO format string + combinations in strptime() that referred to directives not + contained in the format string. Patch by Gordon P. Hemsley. + - bpo-18060: Fixed a class inheritance issue that can cause + segfaults when deriving two or more levels of subclasses from a + base class of Structure or Union. + - Documentation + - gh-110746: Improved markup for valid options/values for methods + ttk.treeview.column and ttk.treeview.heading, and for Layouts. + - gh-95649: Document that the asyncio module contains code taken + from v0.16.0 of the uvloop project, as well as the required MIT + licensing information. + - Tests + - gh-109980: Fix test_tarfile_vs_tar in test_shutil for macOS, + where system tar can include more information in the archive + than shutil.make_archive. + - gh-112769: The tests now correctly compare zlib version when + zlib.ZLIB_RUNTIME_VERSION contains non-integer suffixes. For + example zlib-ng defines the version as 1.3.0.zlib-ng. + - gh-105089: Fix + test.test_zipfile.test_core.TestWithDirectory.test_create_directory_with_write + test in AIX by doing a bitwise AND of 0xFFFF on mode , so that + it will be in sync with zinfo.external_attr + - bpo-40648: Test modes that file can get with chmod() on Windows. + - Build + - gh-101778: Fix build error when there’s a dangling symlink in + the directory containing ffi.h. + - gh-112305: Fixed the check-clean-src step performed on out of + tree builds to detect errant $(srcdir)/Python/frozen_modules/*.h + files and recommend appropriate source tree cleanup steps to get + a working build again. + - bpo-11102: The os.major(), os.makedev(), and os.minor() + functions are now available on HP-UX v3. + - bpo-36351: Do not set ipv6type when cross-compiling. + - IDLE + - gh-96905: In idlelib code, stop redefining built-ins ‘dict’ and + ‘object’. + - gh-72284: Improve the lists of features, editor key bindings, + and shell key bingings in the IDLE doc. + - gh-113903: Fix rare failure of test.test_idle, in + test_configdialog. + - gh-113729: Fix the “Help -> IDLE Doc” menu bug in 3.11.7 and + 3.12.1. + - gh-113269: Fix test_editor hang on macOS Catalina. + - gh-112898: Fix processing unsaved files when quitting IDLE on + macOS. + - gh-103820: Revise IDLE bindings so that events from mouse button + 4/5 on non-X11 windowing systems (i.e. Win32 and Aqua) are not + mistaken for scrolling. + - bpo-13586: Enter the selected text when opening the “Replace” + dialog. + - Tools/Demos + - gh-109991: Update GitHub CI workflows to use OpenSSL 3.0.13 and + multissltests to use 1.1.1w, 3.0.13, 3.1.5, and 3.2.1. + - gh-115015: Fix a bug in Argument Clinic that generated incorrect + code for methods with no parameters that use the METH_METHOD | + METH_FASTCALL | METH_KEYWORDS calling convention. Only the + positional parameter count was checked; any keyword argument + passed would be silently accepted. + +- Refresh all patches: + - CVE-2023-27043-email-parsing-errors.patch + - F00251-change-user-install-location.patch + - bpo-31046_ensurepip_honours_prefix.patch + - distutils-reproducible-compile.patch + - fix_configure_rst.patch + - python-3.3.0b1-fix_date_time_compiler.patch + - python-3.3.0b1-localpath.patch + - python-3.3.0b1-test-posix_fadvise.patch + - skip_if_buildbot-extend.patch + - subprocess-raise-timeout.patch + - support-expat-CVE-2022-25236-patched.patch + ------------------------------------------------------------------- Tue Dec 19 16:34:50 UTC 2023 - Daniel Garcia diff --git a/python311.spec b/python311.spec index 16f2357..21c0b84 100644 --- a/python311.spec +++ b/python311.spec @@ -1,7 +1,7 @@ # -# spec file +# spec file for package python311 # -# Copyright (c) 2023 SUSE LLC +# Copyright (c) 2024 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -94,7 +94,7 @@ %define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so %bcond_without profileopt Name: %{python_pkg_name}%{psuffix} -Version: 3.11.7 +Version: 3.11.8 Release: 0 Summary: Python 3 Interpreter License: Python-2.0 @@ -407,24 +407,24 @@ other applications. %prep %setup -q -n %{tarname} -%patch02 -p1 +%patch -P 02 -p1 -%patch06 -p1 -%patch07 -p1 -%patch08 -p1 -%patch09 -p1 -%patch15 -p1 -%patch29 -p1 +%patch -P 06 -p1 +%patch -P 07 -p1 +%patch -P 08 -p1 +%patch -P 09 -p1 +%patch -P 15 -p1 +%patch -P 29 -p1 %if 0%{?suse_version} <= 1500 -%patch33 -p1 +%patch -P 33 -p1 %endif %if 0%{?sle_version} && 0%{?sle_version} <= 150300 -%patch34 -p1 +%patch -P 34 -p1 %endif -%patch35 -p1 -%patch36 -p1 -%patch39 -p1 -%patch40 -p1 +%patch -P 35 -p1 +%patch -P 36 -p1 +%patch -P 39 -p1 +%patch -P 40 -p1 # drop Autoconf version requirement sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac @@ -808,7 +808,6 @@ echo %{sitedir}/_import_failed > %{buildroot}/%{sitedir}/site-packages/zzzz-impo %{sitedir}/idlelib %dir %{_sysconfdir}/idle%{python_version} %config %{_sysconfdir}/idle%{python_version}/* -%doc Lib/idlelib/NEWS.txt %doc Lib/idlelib/README.txt %doc Lib/idlelib/TODO.txt %doc Lib/idlelib/extend.txt diff --git a/skip_if_buildbot-extend.patch b/skip_if_buildbot-extend.patch index 0300539..55a1b60 100644 --- a/skip_if_buildbot-extend.patch +++ b/skip_if_buildbot-extend.patch @@ -2,9 +2,11 @@ Lib/test/support/__init__.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) ---- a/Lib/test/support/__init__.py -+++ b/Lib/test/support/__init__.py -@@ -388,7 +388,7 @@ def skip_if_buildbot(reason=None): +Index: Python-3.11.8/Lib/test/support/__init__.py +=================================================================== +--- Python-3.11.8.orig/Lib/test/support/__init__.py ++++ Python-3.11.8/Lib/test/support/__init__.py +@@ -383,7 +383,7 @@ def skip_if_buildbot(reason=None): if not reason: reason = 'not suitable for buildbots' try: diff --git a/subprocess-raise-timeout.patch b/subprocess-raise-timeout.patch index 76afe11..ab29d50 100644 --- a/subprocess-raise-timeout.patch +++ b/subprocess-raise-timeout.patch @@ -2,9 +2,11 @@ Lib/test/test_subprocess.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) ---- a/Lib/test/test_subprocess.py -+++ b/Lib/test/test_subprocess.py -@@ -279,7 +279,8 @@ class ProcessTestCase(BaseTestCase): +Index: Python-3.11.8/Lib/test/test_subprocess.py +=================================================================== +--- Python-3.11.8.orig/Lib/test/test_subprocess.py ++++ Python-3.11.8/Lib/test/test_subprocess.py +@@ -280,7 +280,8 @@ class ProcessTestCase(BaseTestCase): "time.sleep(3600)"], # Some heavily loaded buildbots (sparc Debian 3.x) require # this much time to start and print. diff --git a/support-expat-CVE-2022-25236-patched.patch b/support-expat-CVE-2022-25236-patched.patch index 5b26c99..d6fbad9 100644 --- a/support-expat-CVE-2022-25236-patched.patch +++ b/support-expat-CVE-2022-25236-patched.patch @@ -27,8 +27,10 @@ Co-authored-by: Sebastian Pipping 1 file changed, 9 insertions(+), 14 deletions(-) create mode 100644 Misc/NEWS.d/next/Library/2022-02-20-21-03-31.bpo-46811.8BxgdQ.rst ---- a/Lib/test/test_minidom.py -+++ b/Lib/test/test_minidom.py +Index: Python-3.11.8/Lib/test/test_minidom.py +=================================================================== +--- Python-3.11.8.orig/Lib/test/test_minidom.py ++++ Python-3.11.8/Lib/test/test_minidom.py @@ -6,7 +6,6 @@ import io from test import support import unittest -- 2.51.1 From 0d9b06c5c014c3a2e490683ea90031efdaa9dbdd64f42a0183d74415e3562638 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Thu, 15 Feb 2024 12:58:25 +0000 Subject: [PATCH 073/135] Accepting request 1146787 from home:dgarcia:branches:devel:languages:python:Factory - Add upstream patch libexpat260.patch, Fix tests for XMLPullParser with Expat 2.6.0, gh#python/cpython#115289 OBS-URL: https://build.opensuse.org/request/show/1146787 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=101 --- libexpat260.patch | 108 ++++++++++++++++++++++++++++++++++++++++++++++ python311.changes | 6 +++ python311.spec | 4 ++ 3 files changed, 118 insertions(+) create mode 100644 libexpat260.patch diff --git a/libexpat260.patch b/libexpat260.patch new file mode 100644 index 0000000..c9bbe84 --- /dev/null +++ b/libexpat260.patch @@ -0,0 +1,108 @@ +From f2eebf3c38eae77765247791576b437ec25ccfe2 Mon Sep 17 00:00:00 2001 +From: Serhiy Storchaka +Date: Sun, 11 Feb 2024 12:08:39 +0200 +Subject: [PATCH] gh-115133: Fix tests for XMLPullParser with Expat 2.6.0 + (GH-115164) + +Feeding the parser by too small chunks defers parsing to prevent +CVE-2023-52425. Future versions of Expat may be more reactive. +(cherry picked from commit 4a08e7b3431cd32a0daf22a33421cd3035343dc4) + +Co-authored-by: Serhiy Storchaka +--- + Lib/test/test_xml_etree.py | 58 ++++++++++++------- + ...-02-08-14-21-28.gh-issue-115133.ycl4ko.rst | 2 + + 2 files changed, 38 insertions(+), 22 deletions(-) + create mode 100644 Misc/NEWS.d/next/Library/2024-02-08-14-21-28.gh-issue-115133.ycl4ko.rst + +diff --git a/Lib/test/test_xml_etree.py b/Lib/test/test_xml_etree.py +index 267982a8233c92..fa03f381fac92a 100644 +--- a/Lib/test/test_xml_etree.py ++++ b/Lib/test/test_xml_etree.py +@@ -13,6 +13,7 @@ + import operator + import os + import pickle ++import pyexpat + import sys + import textwrap + import types +@@ -120,6 +121,10 @@ + + """ + ++fails_with_expat_2_6_0 = (unittest.expectedFailure ++ if pyexpat.version_info >= (2, 6, 0) else ++ lambda test: test) ++ + def checkwarnings(*filters, quiet=False): + def decorator(test): + def newtest(*args, **kwargs): +@@ -1400,28 +1405,37 @@ def assert_event_tags(self, parser, expected, max_events=None): + self.assertEqual([(action, elem.tag) for action, elem in events], + expected) + +- def test_simple_xml(self): +- for chunk_size in (None, 1, 5): +- with self.subTest(chunk_size=chunk_size): +- parser = ET.XMLPullParser() +- self.assert_event_tags(parser, []) +- self._feed(parser, "\n", chunk_size) +- self.assert_event_tags(parser, []) +- self._feed(parser, +- "\n text\n", chunk_size) +- self.assert_event_tags(parser, [('end', 'element')]) +- self._feed(parser, "texttail\n", chunk_size) +- self._feed(parser, "\n", chunk_size) +- self.assert_event_tags(parser, [ +- ('end', 'element'), +- ('end', 'empty-element'), +- ]) +- self._feed(parser, "\n", chunk_size) +- self.assert_event_tags(parser, [('end', 'root')]) +- self.assertIsNone(parser.close()) ++ def test_simple_xml(self, chunk_size=None): ++ parser = ET.XMLPullParser() ++ self.assert_event_tags(parser, []) ++ self._feed(parser, "\n", chunk_size) ++ self.assert_event_tags(parser, []) ++ self._feed(parser, ++ "\n text\n", chunk_size) ++ self.assert_event_tags(parser, [('end', 'element')]) ++ self._feed(parser, "texttail\n", chunk_size) ++ self._feed(parser, "\n", chunk_size) ++ self.assert_event_tags(parser, [ ++ ('end', 'element'), ++ ('end', 'empty-element'), ++ ]) ++ self._feed(parser, "\n", chunk_size) ++ self.assert_event_tags(parser, [('end', 'root')]) ++ self.assertIsNone(parser.close()) ++ ++ @fails_with_expat_2_6_0 ++ def test_simple_xml_chunk_1(self): ++ self.test_simple_xml(chunk_size=1) ++ ++ @fails_with_expat_2_6_0 ++ def test_simple_xml_chunk_5(self): ++ self.test_simple_xml(chunk_size=5) ++ ++ def test_simple_xml_chunk_22(self): ++ self.test_simple_xml(chunk_size=22) + + def test_feed_while_iterating(self): + parser = ET.XMLPullParser() +diff --git a/Misc/NEWS.d/next/Library/2024-02-08-14-21-28.gh-issue-115133.ycl4ko.rst b/Misc/NEWS.d/next/Library/2024-02-08-14-21-28.gh-issue-115133.ycl4ko.rst +new file mode 100644 +index 00000000000000..6f1015235cc25d +--- /dev/null ++++ b/Misc/NEWS.d/next/Library/2024-02-08-14-21-28.gh-issue-115133.ycl4ko.rst +@@ -0,0 +1,2 @@ ++Fix tests for :class:`~xml.etree.ElementTree.XMLPullParser` with Expat ++2.6.0. diff --git a/python311.changes b/python311.changes index d22b0be..28d703a 100644 --- a/python311.changes +++ b/python311.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Thu Feb 15 10:29:07 UTC 2024 - Daniel Garcia + +- Add upstream patch libexpat260.patch, Fix tests for XMLPullParser + with Expat 2.6.0, gh#python/cpython#115289 + ------------------------------------------------------------------- Thu Feb 8 07:27:40 UTC 2024 - Daniel Garcia diff --git a/python311.spec b/python311.spec index 21c0b84..52abf20 100644 --- a/python311.spec +++ b/python311.spec @@ -165,6 +165,9 @@ Patch39: skip_if_buildbot-extend.patch # Detect email address parsing errors and return empty tuple to # indicate the parsing error (old API) Patch40: CVE-2023-27043-email-parsing-errors.patch +# PATCH-FIX-UPSTREAM libexpat260.patch gh#python/cpython#115289 +# Fix tests for XMLPullParser with Expat 2.6.0 +Patch41: libexpat260.patch BuildRequires: autoconf-archive BuildRequires: automake BuildRequires: fdupes @@ -425,6 +428,7 @@ other applications. %patch -P 36 -p1 %patch -P 39 -p1 %patch -P 40 -p1 +%patch -P 41 -p1 # drop Autoconf version requirement sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac -- 2.51.1 From b0bca7ad8078e9b25542d29e7c5578770096bff6d0f18fb673792e3146d6dfbb Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Tue, 20 Feb 2024 22:15:23 +0000 Subject: [PATCH 074/135] - Remove double definition of /usr/bin/idle%%{version} in %%files. OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=103 --- python311.changes | 6 ++++++ python311.spec | 1 - 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/python311.changes b/python311.changes index 28d703a..82b745b 100644 --- a/python311.changes +++ b/python311.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Tue Feb 20 22:14:02 UTC 2024 - Matej Cepl + +- Remove double definition of /usr/bin/idle%%{version} in + %%files. + ------------------------------------------------------------------- Thu Feb 15 10:29:07 UTC 2024 - Daniel Garcia diff --git a/python311.spec b/python311.spec index 52abf20..43975aa 100644 --- a/python311.spec +++ b/python311.spec @@ -825,7 +825,6 @@ echo %{sitedir}/_import_failed > %{buildroot}/%{sitedir}/site-packages/zzzz-impo %dir %{_datadir}/icons/hicolor/32x32 %dir %{_datadir}/icons/hicolor/48x48 %dir %{_datadir}/icons/hicolor/*/apps -%attr(755, root, root) %{_bindir}/idle%{python_version} # endif for if general %endif -- 2.51.1 From af31ac92dd4afb9bb689089e1cf8eef942c7a3f9a143d23fda499ae5542304fd Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Thu, 29 Feb 2024 07:16:40 +0000 Subject: [PATCH 075/135] - (bsc#1219666, CVE-2023-6597) Add CVE-2023-6597-TempDir-cleaning-symlink.patch (patch from gh#python/cpython!99930) fixing symlink bug in cleanup of tempfile.TemporaryDirectory. - Repurpose skip-failing-tests.patch to increase timeout for test.test_asyncio.test_tasks.TimeoutTests.test_timeout_time, which fails on slow machines in IBS (s390x). OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=104 --- CVE-2023-6597-TempDir-cleaning-symlink.patch | 178 +++++++++++++++++++ python311.changes | 11 ++ python311.spec | 4 + 3 files changed, 193 insertions(+) create mode 100644 CVE-2023-6597-TempDir-cleaning-symlink.patch diff --git a/CVE-2023-6597-TempDir-cleaning-symlink.patch b/CVE-2023-6597-TempDir-cleaning-symlink.patch new file mode 100644 index 0000000..7813228 --- /dev/null +++ b/CVE-2023-6597-TempDir-cleaning-symlink.patch @@ -0,0 +1,178 @@ +--- + Lib/tempfile.py | 16 + + Lib/test/test_tempfile.py | 119 ++++++++++ + Misc/NEWS.d/next/Library/2022-12-01-16-57-44.gh-issue-91133.LKMVCV.rst | 2 + 3 files changed, 137 insertions(+) + +--- a/Lib/tempfile.py ++++ b/Lib/tempfile.py +@@ -286,6 +286,22 @@ def _resetperms(path): + _dont_follow_symlinks(chflags, path, 0) + _dont_follow_symlinks(_os.chmod, path, 0o700) + ++def _dont_follow_symlinks(func, path, *args): ++ # Pass follow_symlinks=False, unless not supported on this platform. ++ if func in _os.supports_follow_symlinks: ++ func(path, *args, follow_symlinks=False) ++ elif _os.name == 'nt' or not _os.path.islink(path): ++ func(path, *args) ++ ++def _resetperms(path): ++ try: ++ chflags = _os.chflags ++ except AttributeError: ++ pass ++ else: ++ _dont_follow_symlinks(chflags, path, 0) ++ _dont_follow_symlinks(_os.chmod, path, 0o700) ++ + + # User visible interfaces. + +--- a/Lib/test/test_tempfile.py ++++ b/Lib/test/test_tempfile.py +@@ -1673,6 +1673,103 @@ class TestTemporaryDirectory(BaseTestCas + new_flags = os.stat(dir1).st_flags + self.assertEqual(new_flags, old_flags) + ++ @os_helper.skip_unless_symlink ++ def test_cleanup_with_symlink_modes(self): ++ # cleanup() should not follow symlinks when fixing mode bits (#91133) ++ with self.do_create(recurse=0) as d2: ++ file1 = os.path.join(d2, 'file1') ++ open(file1, 'wb').close() ++ dir1 = os.path.join(d2, 'dir1') ++ os.mkdir(dir1) ++ for mode in range(8): ++ mode <<= 6 ++ with self.subTest(mode=format(mode, '03o')): ++ def test(target, target_is_directory): ++ d1 = self.do_create(recurse=0) ++ symlink = os.path.join(d1.name, 'symlink') ++ os.symlink(target, symlink, ++ target_is_directory=target_is_directory) ++ try: ++ os.chmod(symlink, mode, follow_symlinks=False) ++ except NotImplementedError: ++ pass ++ try: ++ os.chmod(symlink, mode) ++ except FileNotFoundError: ++ pass ++ os.chmod(d1.name, mode) ++ d1.cleanup() ++ self.assertFalse(os.path.exists(d1.name)) ++ ++ with self.subTest('nonexisting file'): ++ test('nonexisting', target_is_directory=False) ++ with self.subTest('nonexisting dir'): ++ test('nonexisting', target_is_directory=True) ++ ++ with self.subTest('existing file'): ++ os.chmod(file1, mode) ++ old_mode = os.stat(file1).st_mode ++ test(file1, target_is_directory=False) ++ new_mode = os.stat(file1).st_mode ++ self.assertEqual(new_mode, old_mode, ++ '%03o != %03o' % (new_mode, old_mode)) ++ ++ with self.subTest('existing dir'): ++ os.chmod(dir1, mode) ++ old_mode = os.stat(dir1).st_mode ++ test(dir1, target_is_directory=True) ++ new_mode = os.stat(dir1).st_mode ++ self.assertEqual(new_mode, old_mode, ++ '%03o != %03o' % (new_mode, old_mode)) ++ ++ @unittest.skipUnless(hasattr(os, 'chflags'), 'requires os.chflags') ++ @os_helper.skip_unless_symlink ++ def test_cleanup_with_symlink_flags(self): ++ # cleanup() should not follow symlinks when fixing flags (#91133) ++ flags = stat.UF_IMMUTABLE | stat.UF_NOUNLINK ++ self.check_flags(flags) ++ ++ with self.do_create(recurse=0) as d2: ++ file1 = os.path.join(d2, 'file1') ++ open(file1, 'wb').close() ++ dir1 = os.path.join(d2, 'dir1') ++ os.mkdir(dir1) ++ def test(target, target_is_directory): ++ d1 = self.do_create(recurse=0) ++ symlink = os.path.join(d1.name, 'symlink') ++ os.symlink(target, symlink, ++ target_is_directory=target_is_directory) ++ try: ++ os.chflags(symlink, flags, follow_symlinks=False) ++ except NotImplementedError: ++ pass ++ try: ++ os.chflags(symlink, flags) ++ except FileNotFoundError: ++ pass ++ os.chflags(d1.name, flags) ++ d1.cleanup() ++ self.assertFalse(os.path.exists(d1.name)) ++ ++ with self.subTest('nonexisting file'): ++ test('nonexisting', target_is_directory=False) ++ with self.subTest('nonexisting dir'): ++ test('nonexisting', target_is_directory=True) ++ ++ with self.subTest('existing file'): ++ os.chflags(file1, flags) ++ old_flags = os.stat(file1).st_flags ++ test(file1, target_is_directory=False) ++ new_flags = os.stat(file1).st_flags ++ self.assertEqual(new_flags, old_flags) ++ ++ with self.subTest('existing dir'): ++ os.chflags(dir1, flags) ++ old_flags = os.stat(dir1).st_flags ++ test(dir1, target_is_directory=True) ++ new_flags = os.stat(dir1).st_flags ++ self.assertEqual(new_flags, old_flags) ++ + @support.cpython_only + def test_del_on_collection(self): + # A TemporaryDirectory is deleted when garbage collected +@@ -1861,6 +1958,22 @@ class TestTemporaryDirectory(BaseTestCas + finally: + os_helper.unlink(filename) + ++ def check_flags(self, flags): ++ # skip the test if these flags are not supported (ex: FreeBSD 13) ++ filename = os_helper.TESTFN ++ try: ++ open(filename, "w").close() ++ try: ++ os.chflags(filename, flags) ++ except OSError as exc: ++ # "OSError: [Errno 45] Operation not supported" ++ self.skipTest(f"chflags() doesn't support flags " ++ f"{flags:#b}: {exc}") ++ else: ++ os.chflags(filename, 0) ++ finally: ++ os_helper.unlink(filename) ++ + @unittest.skipUnless(hasattr(os, 'chflags'), 'requires os.chflags') + def test_flags(self): + flags = stat.UF_IMMUTABLE | stat.UF_NOUNLINK +@@ -1876,6 +1989,12 @@ class TestTemporaryDirectory(BaseTestCas + d.cleanup() + self.assertFalse(os.path.exists(d.name)) + ++ def test_delete_false(self): ++ with tempfile.TemporaryDirectory(delete=False) as working_dir: ++ pass ++ self.assertTrue(os.path.exists(working_dir)) ++ shutil.rmtree(working_dir) ++ + + if __name__ == "__main__": + unittest.main() +--- /dev/null ++++ b/Misc/NEWS.d/next/Library/2022-12-01-16-57-44.gh-issue-91133.LKMVCV.rst +@@ -0,0 +1,2 @@ ++Fix a bug in :class:`tempfile.TemporaryDirectory` cleanup, which now no longer ++dereferences symlinks when working around file system permission errors. diff --git a/python311.changes b/python311.changes index 82b745b..dd86098 100644 --- a/python311.changes +++ b/python311.changes @@ -1,3 +1,14 @@ +------------------------------------------------------------------- +Fri Feb 23 01:06:42 UTC 2024 - Matej Cepl + +- (bsc#1219666, CVE-2023-6597) Add + CVE-2023-6597-TempDir-cleaning-symlink.patch (patch from + gh#python/cpython!99930) fixing symlink bug in cleanup of + tempfile.TemporaryDirectory. +- Repurpose skip-failing-tests.patch to increase timeout for + test.test_asyncio.test_tasks.TimeoutTests.test_timeout_time, + which fails on slow machines in IBS (s390x). + ------------------------------------------------------------------- Tue Feb 20 22:14:02 UTC 2024 - Matej Cepl diff --git a/python311.spec b/python311.spec index 43975aa..2feb904 100644 --- a/python311.spec +++ b/python311.spec @@ -168,6 +168,9 @@ Patch40: CVE-2023-27043-email-parsing-errors.patch # PATCH-FIX-UPSTREAM libexpat260.patch gh#python/cpython#115289 # Fix tests for XMLPullParser with Expat 2.6.0 Patch41: libexpat260.patch +# PATCH-FIX-UPSTREAM CVE-2023-6597-TempDir-cleaning-symlink.patch bsc#1219666 mcepl@suse.com +# tempfile.TemporaryDirectory: fix symlink bug in cleanup (from gh#python/cpython!99930) +Patch42: CVE-2023-6597-TempDir-cleaning-symlink.patch BuildRequires: autoconf-archive BuildRequires: automake BuildRequires: fdupes @@ -429,6 +432,7 @@ other applications. %patch -P 39 -p1 %patch -P 40 -p1 %patch -P 41 -p1 +%patch -P 42 -p1 # drop Autoconf version requirement sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac -- 2.51.1 From 27413421cfdf1ab3ec7cf2d60d4bfd7009ddb12a8cf2e4485bd06de0441de066 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Thu, 29 Feb 2024 07:17:18 +0000 Subject: [PATCH 076/135] Fix the changelog. OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=105 --- python311.changes | 3 --- 1 file changed, 3 deletions(-) diff --git a/python311.changes b/python311.changes index dd86098..008aa01 100644 --- a/python311.changes +++ b/python311.changes @@ -5,9 +5,6 @@ Fri Feb 23 01:06:42 UTC 2024 - Matej Cepl CVE-2023-6597-TempDir-cleaning-symlink.patch (patch from gh#python/cpython!99930) fixing symlink bug in cleanup of tempfile.TemporaryDirectory. -- Repurpose skip-failing-tests.patch to increase timeout for - test.test_asyncio.test_tasks.TimeoutTests.test_timeout_time, - which fails on slow machines in IBS (s390x). ------------------------------------------------------------------- Tue Feb 20 22:14:02 UTC 2024 - Matej Cepl -- 2.51.1 From 5c654e833579d31db0ef924acd258521f565a8e646cbfc1bea5f34695790b2fc Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Thu, 29 Feb 2024 09:21:47 +0000 Subject: [PATCH 077/135] We cannot run test_delete_false OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=106 --- CVE-2023-6597-TempDir-cleaning-symlink.patch | 33 ++++++-------------- 1 file changed, 10 insertions(+), 23 deletions(-) diff --git a/CVE-2023-6597-TempDir-cleaning-symlink.patch b/CVE-2023-6597-TempDir-cleaning-symlink.patch index 7813228..21580de 100644 --- a/CVE-2023-6597-TempDir-cleaning-symlink.patch +++ b/CVE-2023-6597-TempDir-cleaning-symlink.patch @@ -1,8 +1,8 @@ --- Lib/tempfile.py | 16 + - Lib/test/test_tempfile.py | 119 ++++++++++ + Lib/test/test_tempfile.py | 113 ++++++++++ Misc/NEWS.d/next/Library/2022-12-01-16-57-44.gh-issue-91133.LKMVCV.rst | 2 - 3 files changed, 137 insertions(+) + 3 files changed, 131 insertions(+) --- a/Lib/tempfile.py +++ b/Lib/tempfile.py @@ -135,12 +135,10 @@ @support.cpython_only def test_del_on_collection(self): # A TemporaryDirectory is deleted when garbage collected -@@ -1861,6 +1958,22 @@ class TestTemporaryDirectory(BaseTestCas - finally: - os_helper.unlink(filename) +@@ -1847,6 +1944,22 @@ class TestTemporaryDirectory(BaseTestCas -+ def check_flags(self, flags): -+ # skip the test if these flags are not supported (ex: FreeBSD 13) + def check_flags(self, flags): + # skip the test if these flags are not supported (ex: FreeBSD 13) + filename = os_helper.TESTFN + try: + open(filename, "w").close() @@ -155,22 +153,11 @@ + finally: + os_helper.unlink(filename) + - @unittest.skipUnless(hasattr(os, 'chflags'), 'requires os.chflags') - def test_flags(self): - flags = stat.UF_IMMUTABLE | stat.UF_NOUNLINK -@@ -1876,6 +1989,12 @@ class TestTemporaryDirectory(BaseTestCas - d.cleanup() - self.assertFalse(os.path.exists(d.name)) - -+ def test_delete_false(self): -+ with tempfile.TemporaryDirectory(delete=False) as working_dir: -+ pass -+ self.assertTrue(os.path.exists(working_dir)) -+ shutil.rmtree(working_dir) -+ - - if __name__ == "__main__": - unittest.main() ++ def check_flags(self, flags): ++ # skip the test if these flags are not supported (ex: FreeBSD 13) + filename = os_helper.TESTFN + try: + open(filename, "w").close() --- /dev/null +++ b/Misc/NEWS.d/next/Library/2022-12-01-16-57-44.gh-issue-91133.LKMVCV.rst @@ -0,0 +1,2 @@ -- 2.51.1 From 2697832d56afd14ade3001d6b7d65618ceb15fa0a4348f01a03151367f80a44f Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Wed, 6 Mar 2024 21:50:48 +0000 Subject: [PATCH 078/135] Accepting request 1155683 from home:pmonrealgonzalez:branches:devel:languages:python:Factory OBS-URL: https://build.opensuse.org/request/show/1155683 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=108 --- python311.changes | 7 +++++++ python311.spec | 3 +++ 2 files changed, 10 insertions(+) diff --git a/python311.changes b/python311.changes index 008aa01..ae54db5 100644 --- a/python311.changes +++ b/python311.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Wed Mar 6 14:13:58 UTC 2024 - Pedro Monreal + +- Use the system-wide crypto-policies [bsc#1211301] + * Use the system default cipher list instead of hardcoded values + * Add the --with-ssl-default-suites=openssl configure option + ------------------------------------------------------------------- Fri Feb 23 01:06:42 UTC 2024 - Matej Cepl diff --git a/python311.spec b/python311.spec index 2feb904..1b31f16 100644 --- a/python311.spec +++ b/python311.spec @@ -506,6 +506,9 @@ export CFLAGS="%{optflags} -IVendor/" --with-system-ffi \ --with-system-expat \ --with-lto \ +%if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150400 + --with-ssl-default-suites=openssl \ +%endif %if %{with profileopt} --enable-optimizations \ %endif -- 2.51.1 From 61edd8bfc6969452889d1b8f5b0063f9ac3665a63552332afde982fa690fa455 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Tue, 12 Mar 2024 08:20:37 +0000 Subject: [PATCH 079/135] - bsc#1221260 add bsc1221260-test_asyncio-ResourceWarning.patch to eliminate ResourceWarning which broke the test suite in test_asyncio. OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=109 --- bsc1221260-test_asyncio-ResourceWarning.patch | 23 +++++++++++++++++++ python311.changes | 7 ++++++ python311.spec | 4 ++++ 3 files changed, 34 insertions(+) create mode 100644 bsc1221260-test_asyncio-ResourceWarning.patch diff --git a/bsc1221260-test_asyncio-ResourceWarning.patch b/bsc1221260-test_asyncio-ResourceWarning.patch new file mode 100644 index 0000000..3235193 --- /dev/null +++ b/bsc1221260-test_asyncio-ResourceWarning.patch @@ -0,0 +1,23 @@ +From a3052035485bd2836e40f5284657ca105382cbfd Mon Sep 17 00:00:00 2001 +From: sobolevn +Date: Tue, 5 Mar 2024 20:24:16 +0300 +Subject: [PATCH] gh-116112: Fix `ResourceWarning` in + `test_asyncio.test_stream` + +Co-authored-by: @CendioOssman +--- + Lib/test/test_asyncio/test_streams.py | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/Lib/test/test_asyncio/test_streams.py b/Lib/test/test_asyncio/test_streams.py +index bf123ebf9bd158..2cf48538d5d30d 100644 +--- a/Lib/test/test_asyncio/test_streams.py ++++ b/Lib/test/test_asyncio/test_streams.py +@@ -1188,6 +1188,7 @@ async def handle_echo(reader, writer): + + def test_unhandled_cancel(self): + async def handle_echo(reader, writer): ++ writer.close() + asyncio.current_task().cancel() + messages = self._basetest_unhandled_exceptions(handle_echo) + self.assertEqual(messages, []) diff --git a/python311.changes b/python311.changes index ae54db5..a91f290 100644 --- a/python311.changes +++ b/python311.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Tue Mar 12 08:13:34 UTC 2024 - Matej Cepl + +- bsc#1221260 add bsc1221260-test_asyncio-ResourceWarning.patch + to eliminate ResourceWarning which broke the test suite in + test_asyncio. + ------------------------------------------------------------------- Wed Mar 6 14:13:58 UTC 2024 - Pedro Monreal diff --git a/python311.spec b/python311.spec index 1b31f16..004b92c 100644 --- a/python311.spec +++ b/python311.spec @@ -171,6 +171,9 @@ Patch41: libexpat260.patch # PATCH-FIX-UPSTREAM CVE-2023-6597-TempDir-cleaning-symlink.patch bsc#1219666 mcepl@suse.com # tempfile.TemporaryDirectory: fix symlink bug in cleanup (from gh#python/cpython!99930) Patch42: CVE-2023-6597-TempDir-cleaning-symlink.patch +# PATCH-FIX-UPSTREAM bsc1221260-test_asyncio-ResourceWarning.patch bsc#1221260 mcepl@suse.com +# prevent ResourceWarning in test_asyncio tests +Patch43: bsc1221260-test_asyncio-ResourceWarning.patch BuildRequires: autoconf-archive BuildRequires: automake BuildRequires: fdupes @@ -433,6 +436,7 @@ other applications. %patch -P 40 -p1 %patch -P 41 -p1 %patch -P 42 -p1 +%patch -P 43 -p1 # drop Autoconf version requirement sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac -- 2.51.1 From f2e8cdf7ce909a5797fd7ce08150c16316bebfca483484a08e81e0ebf0fe13da Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Tue, 12 Mar 2024 08:46:16 +0000 Subject: [PATCH 080/135] - Rewrite %prep to use %autosetup et al. for compatibility with rpm 4.20. OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=110 --- bsc1221260-test_asyncio-ResourceWarning.patch | 6 +- no-skipif-doctests.patch | 152 +++++++++--------- python311.changes | 6 + python311.spec | 56 +++---- skip-test_pyobject_freed_is_freed.patch | 17 +- 5 files changed, 117 insertions(+), 120 deletions(-) diff --git a/bsc1221260-test_asyncio-ResourceWarning.patch b/bsc1221260-test_asyncio-ResourceWarning.patch index 3235193..15d6b8d 100644 --- a/bsc1221260-test_asyncio-ResourceWarning.patch +++ b/bsc1221260-test_asyncio-ResourceWarning.patch @@ -6,14 +6,12 @@ Subject: [PATCH] gh-116112: Fix `ResourceWarning` in Co-authored-by: @CendioOssman --- - Lib/test/test_asyncio/test_streams.py | 1 + + Lib/test/test_asyncio/test_streams.py | 1 + 1 file changed, 1 insertion(+) -diff --git a/Lib/test/test_asyncio/test_streams.py b/Lib/test/test_asyncio/test_streams.py -index bf123ebf9bd158..2cf48538d5d30d 100644 --- a/Lib/test/test_asyncio/test_streams.py +++ b/Lib/test/test_asyncio/test_streams.py -@@ -1188,6 +1188,7 @@ async def handle_echo(reader, writer): +@@ -1156,6 +1156,7 @@ os.close(fd) def test_unhandled_cancel(self): async def handle_echo(reader, writer): diff --git a/no-skipif-doctests.patch b/no-skipif-doctests.patch index ef1af46..7e412d7 100644 --- a/no-skipif-doctests.patch +++ b/no-skipif-doctests.patch @@ -6,7 +6,7 @@ unchanged: --- a/Doc/library/turtle.rst +++ b/Doc/library/turtle.rst -@@ -250,7 +250,6 @@ Turtle motion +@@ -440,7 +440,6 @@ Turtle motion turtle is headed. .. doctest:: @@ -14,7 +14,7 @@ unchanged: >>> turtle.position() (0.00,0.00) -@@ -277,7 +276,6 @@ Turtle motion +@@ -467,7 +466,6 @@ Turtle motion >>> turtle.goto(0, 0) .. doctest:: @@ -22,7 +22,7 @@ unchanged: >>> turtle.position() (0.00,0.00) -@@ -296,13 +294,11 @@ Turtle motion +@@ -486,13 +484,11 @@ Turtle motion orientation depends on the turtle mode, see :func:`mode`. .. doctest:: @@ -36,7 +36,7 @@ unchanged: >>> turtle.heading() 22.0 -@@ -321,13 +317,11 @@ Turtle motion +@@ -511,13 +507,11 @@ Turtle motion orientation depends on the turtle mode, see :func:`mode`. .. doctest:: @@ -50,7 +50,7 @@ unchanged: >>> turtle.heading() 22.0 -@@ -350,13 +344,11 @@ Turtle motion +@@ -540,13 +534,11 @@ Turtle motion not change the turtle's orientation. .. doctest:: @@ -64,7 +64,7 @@ unchanged: >>> tp = turtle.pos() >>> tp -@@ -380,13 +372,11 @@ Turtle motion +@@ -570,13 +562,11 @@ Turtle motion unchanged. .. doctest:: @@ -78,7 +78,7 @@ unchanged: >>> turtle.position() (0.00,240.00) -@@ -402,13 +392,11 @@ Turtle motion +@@ -592,13 +582,11 @@ Turtle motion Set the turtle's second coordinate to *y*, leave first coordinate unchanged. .. doctest:: @@ -92,7 +92,7 @@ unchanged: >>> turtle.position() (0.00,40.00) -@@ -435,7 +423,6 @@ Turtle motion +@@ -625,7 +613,6 @@ Turtle motion =================== ==================== .. doctest:: @@ -100,7 +100,7 @@ unchanged: >>> turtle.setheading(90) >>> turtle.heading() -@@ -448,14 +435,12 @@ Turtle motion +@@ -638,14 +625,12 @@ Turtle motion its start-orientation (which depends on the mode, see :func:`mode`). .. doctest:: @@ -115,7 +115,7 @@ unchanged: >>> turtle.heading() 90.0 -@@ -487,7 +472,6 @@ Turtle motion +@@ -677,7 +662,6 @@ Turtle motion calculated automatically. May be used to draw regular polygons. .. doctest:: @@ -123,7 +123,7 @@ unchanged: >>> turtle.home() >>> turtle.position() -@@ -516,7 +500,6 @@ Turtle motion +@@ -706,7 +690,6 @@ Turtle motion .. doctest:: @@ -131,7 +131,7 @@ unchanged: >>> turtle.home() >>> turtle.dot() -@@ -534,7 +517,6 @@ Turtle motion +@@ -724,7 +707,6 @@ Turtle motion it by calling ``clearstamp(stamp_id)``. .. doctest:: @@ -139,7 +139,7 @@ unchanged: >>> turtle.color("blue") >>> turtle.stamp() -@@ -550,7 +532,6 @@ Turtle motion +@@ -740,7 +722,6 @@ Turtle motion Delete stamp with given *stampid*. .. doctest:: @@ -147,7 +147,7 @@ unchanged: >>> turtle.position() (150.00,-0.00) -@@ -595,7 +576,6 @@ Turtle motion +@@ -785,7 +766,6 @@ Turtle motion undo actions is determined by the size of the undobuffer. .. doctest:: @@ -155,7 +155,7 @@ unchanged: >>> for i in range(4): ... turtle.fd(50); turtle.lt(80) -@@ -628,7 +608,6 @@ Turtle motion +@@ -818,7 +798,6 @@ Turtle motion turtle turn instantly. .. doctest:: @@ -163,7 +163,7 @@ unchanged: >>> turtle.speed() 3 -@@ -649,7 +628,6 @@ Tell Turtle's state +@@ -839,7 +818,6 @@ Tell Turtle's state Return the turtle's current location (x,y) (as a :class:`Vec2D` vector). .. doctest:: @@ -171,7 +171,7 @@ unchanged: >>> turtle.pos() (440.00,-0.00) -@@ -665,7 +643,6 @@ Tell Turtle's state +@@ -855,7 +833,6 @@ Tell Turtle's state orientation which depends on the mode - "standard"/"world" or "logo". .. doctest:: @@ -179,7 +179,7 @@ unchanged: >>> turtle.goto(10, 10) >>> turtle.towards(0,0) -@@ -677,7 +654,6 @@ Tell Turtle's state +@@ -867,7 +844,6 @@ Tell Turtle's state Return the turtle's x coordinate. .. doctest:: @@ -187,7 +187,7 @@ unchanged: >>> turtle.home() >>> turtle.left(50) -@@ -693,7 +669,6 @@ Tell Turtle's state +@@ -883,7 +859,6 @@ Tell Turtle's state Return the turtle's y coordinate. .. doctest:: @@ -195,7 +195,7 @@ unchanged: >>> turtle.home() >>> turtle.left(60) -@@ -710,7 +685,6 @@ Tell Turtle's state +@@ -900,7 +875,6 @@ Tell Turtle's state :func:`mode`). .. doctest:: @@ -203,7 +203,7 @@ unchanged: >>> turtle.home() >>> turtle.left(67) -@@ -727,7 +701,6 @@ Tell Turtle's state +@@ -917,7 +891,6 @@ Tell Turtle's state other turtle, in turtle step units. .. doctest:: @@ -211,7 +211,7 @@ unchanged: >>> turtle.home() >>> turtle.distance(30,40) -@@ -751,7 +724,6 @@ Settings for measurement +@@ -941,7 +914,6 @@ Settings for measurement Default value is 360 degrees. .. doctest:: @@ -219,7 +219,7 @@ unchanged: >>> turtle.home() >>> turtle.left(90) -@@ -774,7 +746,6 @@ Settings for measurement +@@ -964,7 +936,6 @@ Settings for measurement ``degrees(2*math.pi)``. .. doctest:: @@ -227,7 +227,7 @@ unchanged: >>> turtle.home() >>> turtle.left(90) -@@ -785,7 +756,6 @@ Settings for measurement +@@ -975,7 +946,6 @@ Settings for measurement 1.5707963267948966 .. doctest:: @@ -235,7 +235,7 @@ unchanged: :hide: >>> turtle.degrees(360) -@@ -821,7 +791,6 @@ Drawing state +@@ -1011,7 +981,6 @@ Drawing state thickness. If no argument is given, the current pensize is returned. .. doctest:: @@ -243,7 +243,7 @@ unchanged: >>> turtle.pensize() 1 -@@ -853,7 +822,6 @@ Drawing state +@@ -1043,7 +1012,6 @@ Drawing state attributes in one statement. .. doctest:: @@ -251,7 +251,7 @@ unchanged: :options: +NORMALIZE_WHITESPACE >>> turtle.pen(fillcolor="black", pencolor="red", pensize=10) -@@ -876,7 +844,6 @@ Drawing state +@@ -1066,7 +1034,6 @@ Drawing state Return ``True`` if pen is down, ``False`` if it's up. .. doctest:: @@ -259,7 +259,7 @@ unchanged: >>> turtle.penup() >>> turtle.isdown() -@@ -917,7 +884,6 @@ Color control +@@ -1107,7 +1074,6 @@ Color control newly set pencolor. .. doctest:: @@ -267,7 +267,7 @@ unchanged: >>> colormode() 1.0 -@@ -966,7 +932,6 @@ Color control +@@ -1156,7 +1122,6 @@ Color control with the newly set fillcolor. .. doctest:: @@ -275,7 +275,7 @@ unchanged: >>> turtle.fillcolor("violet") >>> turtle.fillcolor() -@@ -1005,7 +970,6 @@ Color control +@@ -1195,7 +1160,6 @@ Color control with the newly set colors. .. doctest:: @@ -283,7 +283,7 @@ unchanged: >>> turtle.color("red", "green") >>> turtle.color() -@@ -1022,7 +986,6 @@ Filling +@@ -1212,7 +1176,6 @@ Filling ~~~~~~~ .. doctest:: @@ -291,7 +291,7 @@ unchanged: :hide: >>> turtle.home() -@@ -1032,7 +995,6 @@ Filling +@@ -1222,7 +1185,6 @@ Filling Return fillstate (``True`` if filling, ``False`` else). .. doctest:: @@ -299,7 +299,7 @@ unchanged: >>> turtle.begin_fill() >>> if turtle.filling(): -@@ -1057,7 +1019,6 @@ Filling +@@ -1247,7 +1209,6 @@ Filling above may be either all yellow or have some white regions. .. doctest:: @@ -307,7 +307,7 @@ unchanged: >>> turtle.color("black", "red") >>> turtle.begin_fill() -@@ -1074,7 +1035,6 @@ More drawing control +@@ -1264,7 +1225,6 @@ More drawing control variables to the default values. .. doctest:: @@ -315,7 +315,7 @@ unchanged: >>> turtle.goto(0,-22) >>> turtle.left(100) -@@ -1125,7 +1085,6 @@ Visibility +@@ -1315,7 +1275,6 @@ Visibility drawing observably. .. doctest:: @@ -323,7 +323,7 @@ unchanged: >>> turtle.hideturtle() -@@ -1136,7 +1095,6 @@ Visibility +@@ -1326,7 +1285,6 @@ Visibility Make the turtle visible. .. doctest:: @@ -331,7 +331,7 @@ unchanged: >>> turtle.showturtle() -@@ -1167,7 +1125,6 @@ Appearance +@@ -1357,7 +1315,6 @@ Appearance deal with shapes see Screen method :func:`register_shape`. .. doctest:: @@ -339,7 +339,7 @@ unchanged: >>> turtle.shape() 'classic' -@@ -1193,7 +1150,6 @@ Appearance +@@ -1383,7 +1340,6 @@ Appearance ``resizemode("user")`` is called by :func:`shapesize` when used with arguments. .. doctest:: @@ -347,7 +347,7 @@ unchanged: >>> turtle.resizemode() 'noresize' -@@ -1217,7 +1173,6 @@ Appearance +@@ -1407,7 +1363,6 @@ Appearance of the shape's outline. .. doctest:: @@ -355,7 +355,7 @@ unchanged: >>> turtle.shapesize() (1.0, 1.0, 1) -@@ -1242,7 +1197,6 @@ Appearance +@@ -1432,7 +1387,6 @@ Appearance heading of the turtle are sheared. .. doctest:: @@ -363,7 +363,7 @@ unchanged: >>> turtle.shape("circle") >>> turtle.shapesize(5,2) -@@ -1259,7 +1213,6 @@ Appearance +@@ -1449,7 +1403,6 @@ Appearance change the turtle's heading (direction of movement). .. doctest:: @@ -371,7 +371,7 @@ unchanged: >>> turtle.reset() >>> turtle.shape("circle") -@@ -1279,7 +1232,6 @@ Appearance +@@ -1469,7 +1422,6 @@ Appearance (direction of movement). .. doctest:: @@ -379,7 +379,7 @@ unchanged: >>> turtle.reset() >>> turtle.shape("circle") -@@ -1305,7 +1257,6 @@ Appearance +@@ -1495,7 +1447,6 @@ Appearance turtle (its direction of movement). .. doctest:: @@ -387,7 +387,7 @@ unchanged: >>> turtle.reset() >>> turtle.shape("circle") -@@ -1334,7 +1285,6 @@ Appearance +@@ -1524,7 +1475,6 @@ Appearance given matrix. .. doctest:: @@ -395,7 +395,7 @@ unchanged: >>> turtle = Turtle() >>> turtle.shape("square") -@@ -1350,7 +1300,6 @@ Appearance +@@ -1540,7 +1490,6 @@ Appearance can be used to define a new shape or components of a compound shape. .. doctest:: @@ -403,7 +403,7 @@ unchanged: >>> turtle.shape("square") >>> turtle.shapetransform(4, -1, 0, 2) -@@ -1375,7 +1324,6 @@ Using events +@@ -1565,7 +1514,6 @@ Using events procedural way: .. doctest:: @@ -411,7 +411,7 @@ unchanged: >>> def turn(x, y): ... left(180) -@@ -1396,7 +1344,6 @@ Using events +@@ -1586,7 +1534,6 @@ Using events ``None``, existing bindings are removed. .. doctest:: @@ -419,7 +419,7 @@ unchanged: >>> class MyTurtle(Turtle): ... def glow(self,x,y): -@@ -1424,7 +1371,6 @@ Using events +@@ -1614,7 +1561,6 @@ Using events mouse-click event on that turtle. .. doctest:: @@ -427,7 +427,7 @@ unchanged: >>> turtle.ondrag(turtle.goto) -@@ -1452,7 +1398,6 @@ Special Turtle methods +@@ -1642,7 +1588,6 @@ Special Turtle methods Return the last recorded polygon. .. doctest:: @@ -435,7 +435,7 @@ unchanged: >>> turtle.home() >>> turtle.begin_poly() -@@ -1472,7 +1417,6 @@ Special Turtle methods +@@ -1662,7 +1607,6 @@ Special Turtle methods turtle properties. .. doctest:: @@ -443,7 +443,7 @@ unchanged: >>> mick = Turtle() >>> joe = mick.clone() -@@ -1485,7 +1429,6 @@ Special Turtle methods +@@ -1675,7 +1619,6 @@ Special Turtle methods return the "anonymous turtle": .. doctest:: @@ -451,7 +451,7 @@ unchanged: >>> pet = getturtle() >>> pet.fd(50) -@@ -1499,7 +1442,6 @@ Special Turtle methods +@@ -1689,7 +1632,6 @@ Special Turtle methods TurtleScreen methods can then be called for that object. .. doctest:: @@ -459,7 +459,7 @@ unchanged: >>> ts = turtle.getscreen() >>> ts -@@ -1517,7 +1459,6 @@ Special Turtle methods +@@ -1707,7 +1649,6 @@ Special Turtle methods ``None``, the undobuffer is disabled. .. doctest:: @@ -467,7 +467,7 @@ unchanged: >>> turtle.setundobuffer(42) -@@ -1527,7 +1468,6 @@ Special Turtle methods +@@ -1717,7 +1658,6 @@ Special Turtle methods Return number of entries in the undobuffer. .. doctest:: @@ -475,7 +475,7 @@ unchanged: >>> while undobufferentries(): ... undo() -@@ -1550,7 +1490,6 @@ below: +@@ -1740,7 +1680,6 @@ below: For example: .. doctest:: @@ -483,7 +483,7 @@ unchanged: >>> s = Shape("compound") >>> poly1 = ((0,0),(10,-5),(0,10),(-10,-5)) -@@ -1561,7 +1500,6 @@ below: +@@ -1751,7 +1690,6 @@ below: 3. Now add the Shape to the Screen's shapelist and use it: .. doctest:: @@ -491,7 +491,7 @@ unchanged: >>> register_shape("myshape", s) >>> shape("myshape") -@@ -1581,7 +1519,6 @@ Most of the examples in this section ref +@@ -1771,7 +1709,6 @@ Most of the examples in this section ref ``screen``. .. doctest:: @@ -499,7 +499,7 @@ unchanged: :hide: >>> screen = Screen() -@@ -1598,7 +1535,6 @@ Window control +@@ -1788,7 +1725,6 @@ Window control Set or return background color of the TurtleScreen. .. doctest:: @@ -507,7 +507,7 @@ unchanged: >>> screen.bgcolor("orange") >>> screen.bgcolor() -@@ -1690,7 +1626,6 @@ Window control +@@ -1880,7 +1816,6 @@ Window control distorted. .. doctest:: @@ -515,7 +515,7 @@ unchanged: >>> screen.reset() >>> screen.setworldcoordinates(-50,-7.5,50,7.5) -@@ -1701,7 +1636,6 @@ Window control +@@ -1891,7 +1826,6 @@ Window control ... left(45); fd(2) # a regular octagon .. doctest:: @@ -523,7 +523,7 @@ unchanged: :hide: >>> screen.reset() -@@ -1723,7 +1657,6 @@ Animation control +@@ -1913,7 +1847,6 @@ Animation control Optional argument: .. doctest:: @@ -531,7 +531,7 @@ unchanged: >>> screen.delay() 10 -@@ -1745,7 +1678,6 @@ Animation control +@@ -1935,7 +1868,6 @@ Animation control :func:`delay`). .. doctest:: @@ -539,7 +539,7 @@ unchanged: >>> screen.tracer(8, 25) >>> dist = 2 -@@ -1782,7 +1714,6 @@ Using screen events +@@ -1972,7 +1904,6 @@ Using screen events must have the focus. (See method :func:`listen`.) .. doctest:: @@ -547,7 +547,7 @@ unchanged: >>> def f(): ... fd(50) -@@ -1803,7 +1734,6 @@ Using screen events +@@ -1993,7 +1924,6 @@ Using screen events must have focus. (See method :func:`listen`.) .. doctest:: @@ -555,7 +555,7 @@ unchanged: >>> def f(): ... fd(50) -@@ -1828,7 +1758,6 @@ Using screen events +@@ -2018,7 +1948,6 @@ Using screen events named ``turtle``: .. doctest:: @@ -563,7 +563,7 @@ unchanged: >>> screen.onclick(turtle.goto) # Subsequently clicking into the TurtleScreen will >>> # make the turtle move to the clicked point. -@@ -1848,7 +1777,6 @@ Using screen events +@@ -2038,7 +1967,6 @@ Using screen events Install a timer that calls *fun* after *t* milliseconds. .. doctest:: @@ -571,7 +571,7 @@ unchanged: >>> running = True >>> def f(): -@@ -1930,7 +1858,6 @@ Settings and special methods +@@ -2120,7 +2048,6 @@ Settings and special methods ============ ========================= =================== .. doctest:: @@ -579,7 +579,7 @@ unchanged: >>> mode("logo") # resets turtle heading to north >>> mode() -@@ -1945,7 +1872,6 @@ Settings and special methods +@@ -2135,7 +2062,6 @@ Settings and special methods values of color triples have to be in the range 0..*cmode*. .. doctest:: @@ -587,7 +587,7 @@ unchanged: >>> screen.colormode(1) >>> turtle.pencolor(240, 160, 80) -@@ -1966,7 +1892,6 @@ Settings and special methods +@@ -2156,7 +2082,6 @@ Settings and special methods do with a Tkinter Canvas. .. doctest:: @@ -595,7 +595,7 @@ unchanged: >>> cv = screen.getcanvas() >>> cv -@@ -1978,7 +1903,6 @@ Settings and special methods +@@ -2168,7 +2093,6 @@ Settings and special methods Return a list of names of all currently available turtle shapes. .. doctest:: @@ -603,7 +603,7 @@ unchanged: >>> screen.getshapes() ['arrow', 'blank', 'circle', ..., 'turtle'] -@@ -2002,7 +1926,6 @@ Settings and special methods +@@ -2192,7 +2116,6 @@ Settings and special methods coordinates: Install the corresponding polygon shape. .. doctest:: @@ -611,7 +611,7 @@ unchanged: >>> screen.register_shape("triangle", ((5,-3), (0,5), (-5,-3))) -@@ -2018,7 +1941,6 @@ Settings and special methods +@@ -2208,7 +2131,6 @@ Settings and special methods Return the list of turtles on the screen. .. doctest:: @@ -619,7 +619,7 @@ unchanged: >>> for turtle in screen.turtles(): ... turtle.color("red") -@@ -2080,7 +2002,6 @@ Methods specific to Screen, not inherite +@@ -2270,7 +2192,6 @@ Methods specific to Screen, not inherite center window vertically .. doctest:: @@ -627,7 +627,7 @@ unchanged: >>> screen.setup (width=200, height=200, startx=0, starty=0) >>> # sets window to 200x200 pixels, in upper left of screen -@@ -2096,7 +2017,6 @@ Methods specific to Screen, not inherite +@@ -2286,7 +2207,6 @@ Methods specific to Screen, not inherite Set title of turtle window to *titlestring*. .. doctest:: @@ -635,7 +635,7 @@ unchanged: >>> screen.title("Welcome to the turtle zoo!") -@@ -2167,7 +2087,6 @@ Public classes +@@ -2357,7 +2277,6 @@ Public classes Example: .. doctest:: @@ -643,7 +643,7 @@ unchanged: >>> poly = ((0,0),(10,-5),(0,10),(-10,-5)) >>> s = Shape("compound") -@@ -2518,7 +2437,6 @@ Changes since Python 3.0 +@@ -2743,7 +2662,6 @@ Changes since Python 3.0 .. doctest:: diff --git a/python311.changes b/python311.changes index a91f290..252896b 100644 --- a/python311.changes +++ b/python311.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Tue Mar 12 08:44:47 UTC 2024 - Matej Cepl + +- Rewrite %prep to use %autosetup et al. for compatibility with + rpm 4.20. + ------------------------------------------------------------------- Tue Mar 12 08:13:34 UTC 2024 - Matej Cepl diff --git a/python311.spec b/python311.spec index 004b92c..5984164 100644 --- a/python311.spec +++ b/python311.spec @@ -134,46 +134,46 @@ Source100: PACKAGING-NOTES Patch02: F00251-change-user-install-location.patch # PATCH-FEATURE-UPSTREAM distutils-reproducible-compile.patch gh#python/cpython#8057 mcepl@suse.com # Improve reproduceability -Patch06: distutils-reproducible-compile.patch +Patch03: distutils-reproducible-compile.patch # support finding packages in /usr/local, install to /usr/local by default -Patch07: python-3.3.0b1-localpath.patch +Patch04: python-3.3.0b1-localpath.patch # replace DATE, TIME and COMPILER by fixed definitions to aid reproducible builds -Patch08: python-3.3.0b1-fix_date_time_compiler.patch +Patch05: python-3.3.0b1-fix_date_time_compiler.patch # POSIX_FADV_WILLNEED throws EINVAL. Use a different constant in test -Patch09: python-3.3.0b1-test-posix_fadvise.patch +Patch06: python-3.3.0b1-test-posix_fadvise.patch # Raise timeout value for test_subprocess -Patch15: subprocess-raise-timeout.patch +Patch07: subprocess-raise-timeout.patch # PATCH-FEATURE-UPSTREAM bpo-31046_ensurepip_honours_prefix.patch bpo#31046 mcepl@suse.com # ensurepip should honour the value of $(prefix) -Patch29: bpo-31046_ensurepip_honours_prefix.patch +Patch08: bpo-31046_ensurepip_honours_prefix.patch # PATCH-FIX-SLE no-skipif-doctests.patch jsc#SLE-13738 mcepl@suse.com # SLE-15 version of Sphinx doesn't know about skipif directive in doctests. -Patch33: no-skipif-doctests.patch +Patch09: no-skipif-doctests.patch # PATCH-FIX-SLE skip-test_pyobject_freed_is_freed.patch mcepl@suse.com # skip a test failing on SLE-15 -Patch34: skip-test_pyobject_freed_is_freed.patch +Patch10: skip-test_pyobject_freed_is_freed.patch # PATCH-FIX-SLE fix_configure_rst.patch bpo#43774 mcepl@suse.com # remove duplicate link targets and make documentation with old Sphinx in SLE -Patch35: fix_configure_rst.patch +Patch11: fix_configure_rst.patch # PATCH-FIX-UPSTREAM support-expat-CVE-2022-25236-patched.patch jsc#SLE-21253 mcepl@suse.com # Makes Python resilient to changes of API of libexpat -Patch36: support-expat-CVE-2022-25236-patched.patch +Patch12: support-expat-CVE-2022-25236-patched.patch # PATCH-FIX-UPSTREAM skip_if_buildbot-extend.patch gh#python/cpython#103053 mcepl@suse.com # Skip test_freeze_simple_script -Patch39: skip_if_buildbot-extend.patch +Patch13: skip_if_buildbot-extend.patch # PATCH-FIX-UPSTREAM CVE-2023-27043-email-parsing-errors.patch bsc#1210638 mcepl@suse.com # Detect email address parsing errors and return empty tuple to # indicate the parsing error (old API) -Patch40: CVE-2023-27043-email-parsing-errors.patch +Patch14: CVE-2023-27043-email-parsing-errors.patch # PATCH-FIX-UPSTREAM libexpat260.patch gh#python/cpython#115289 # Fix tests for XMLPullParser with Expat 2.6.0 -Patch41: libexpat260.patch +Patch15: libexpat260.patch # PATCH-FIX-UPSTREAM CVE-2023-6597-TempDir-cleaning-symlink.patch bsc#1219666 mcepl@suse.com # tempfile.TemporaryDirectory: fix symlink bug in cleanup (from gh#python/cpython!99930) -Patch42: CVE-2023-6597-TempDir-cleaning-symlink.patch +Patch16: CVE-2023-6597-TempDir-cleaning-symlink.patch # PATCH-FIX-UPSTREAM bsc1221260-test_asyncio-ResourceWarning.patch bsc#1221260 mcepl@suse.com # prevent ResourceWarning in test_asyncio tests -Patch43: bsc1221260-test_asyncio-ResourceWarning.patch +Patch17: bsc1221260-test_asyncio-ResourceWarning.patch BuildRequires: autoconf-archive BuildRequires: automake BuildRequires: fdupes @@ -415,28 +415,11 @@ This package contains libpython3.2 shared library for embedding in other applications. %prep -%setup -q -n %{tarname} -%patch -P 02 -p1 - -%patch -P 06 -p1 -%patch -P 07 -p1 -%patch -P 08 -p1 -%patch -P 09 -p1 -%patch -P 15 -p1 -%patch -P 29 -p1 +%autosetup -p1 -M 08 -n %{tarname} %if 0%{?suse_version} <= 1500 -%patch -P 33 -p1 +%patch -P 09 -p1 %endif -%if 0%{?sle_version} && 0%{?sle_version} <= 150300 -%patch -P 34 -p1 -%endif -%patch -P 35 -p1 -%patch -P 36 -p1 -%patch -P 39 -p1 -%patch -P 40 -p1 -%patch -P 41 -p1 -%patch -P 42 -p1 -%patch -P 43 -p1 +%autopatch -p1 -m 10 # drop Autoconf version requirement sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac @@ -544,6 +527,7 @@ LD_LIBRARY_PATH=.:$LD_LIBRARY_PATH \ %endif %check +export SUSE_VERSION="0%{?suse_version}" %if %{with general} # exclude test_gdb -- it doesn't run in buildservice anyway, and fails on missing debuginfos # when you install gdb into your test env @@ -917,7 +901,7 @@ echo %{sitedir}/_import_failed > %{buildroot}/%{sitedir}/site-packages/zzzz-impo %{_mandir}/man1/python3.1%{?ext_man} %endif %{_mandir}/man1/python%{python_version}.1%{?ext_man} -%if %{suse_version} > 1550 +%if 0%{?suse_version} > 1550 # PEP-0668 %{sitedir}/EXTERNALLY-MANAGED %endif diff --git a/skip-test_pyobject_freed_is_freed.patch b/skip-test_pyobject_freed_is_freed.patch index bbe56ba..6f48b09 100644 --- a/skip-test_pyobject_freed_is_freed.patch +++ b/skip-test_pyobject_freed_is_freed.patch @@ -1,14 +1,23 @@ --- - Lib/test/test_capi/test_misc.py | 1 + - 1 file changed, 1 insertion(+) + Lib/test/test_capi/test_misc.py | 3 +++ + 1 file changed, 3 insertions(+) --- a/Lib/test/test_capi/test_misc.py +++ b/Lib/test/test_capi/test_misc.py -@@ -1236,6 +1236,7 @@ class PyMemDebugTests(unittest.TestCase) +@@ -40,6 +40,8 @@ import _testinternalcapi + # Were we compiled --with-pydebug or with #define Py_DEBUG? + Py_DEBUG = hasattr(sys, 'gettotalrefcount') + ++# Which version of the SLE distro we build on? ++SLE_VERSION = int(os.environ.get('SLE_VERSION', '0'), 10) + + NULL = None + +@@ -1281,6 +1283,7 @@ class PyMemDebugTests(unittest.TestCase) def test_pyobject_forbidden_bytes_is_freed(self): self.check_pyobject_is_freed('check_pyobject_forbidden_bytes_is_freed') -+ @unittest.skip('Failing on Leap 15.*') ++ @unittest.skipIf(0 < SLE_VERSION < 150300, 'Failing on Leap 15.*') def test_pyobject_freed_is_freed(self): self.check_pyobject_is_freed('check_pyobject_freed_is_freed') -- 2.51.1 From 6acd83df794371c98e3f8c37a0a4c1b33fd406984096c95d0a2c381802d99406 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Tue, 12 Mar 2024 08:53:52 +0000 Subject: [PATCH 081/135] autosetup actually doesn't have -m/-M, it's autopatch OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=111 --- python311.spec | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/python311.spec b/python311.spec index 5984164..0192910 100644 --- a/python311.spec +++ b/python311.spec @@ -415,7 +415,8 @@ This package contains libpython3.2 shared library for embedding in other applications. %prep -%autosetup -p1 -M 08 -n %{tarname} +%autosetup -p1 -N -n %{tarname} +%autopatch -p1 -M 08 %if 0%{?suse_version} <= 1500 %patch -P 09 -p1 %endif -- 2.51.1 From 5070284313211d658ecec7ce3490ae580f3dad25e587912ff30bfae032bcc3cf Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Tue, 12 Mar 2024 08:54:59 +0000 Subject: [PATCH 082/135] Cleanup OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=112 --- python311.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/python311.spec b/python311.spec index 0192910..d50176c 100644 --- a/python311.spec +++ b/python311.spec @@ -417,6 +417,7 @@ other applications. %prep %autosetup -p1 -N -n %{tarname} %autopatch -p1 -M 08 + %if 0%{?suse_version} <= 1500 %patch -P 09 -p1 %endif -- 2.51.1 From cc88adec5d9ea790cb284c57b4cba6117005629c08884b832e13fc1d4ae477e3 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Tue, 12 Mar 2024 09:04:03 +0000 Subject: [PATCH 083/135] Fix environmental variables. OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=113 --- python311.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/python311.spec b/python311.spec index d50176c..938dd27 100644 --- a/python311.spec +++ b/python311.spec @@ -530,6 +530,7 @@ LD_LIBRARY_PATH=.:$LD_LIBRARY_PATH \ %check export SUSE_VERSION="0%{?suse_version}" +export SLE_VERSION="0%{?sle_version}" %if %{with general} # exclude test_gdb -- it doesn't run in buildservice anyway, and fails on missing debuginfos # when you install gdb into your test env -- 2.51.1 From 11b7cca704d35cbd1b612b0ae0d4a9bcbc57f10c46c3ff2ae305535ef610fd18 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Tue, 12 Mar 2024 10:27:24 +0000 Subject: [PATCH 084/135] typo OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=114 --- python311.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/python311.spec b/python311.spec index 938dd27..f2e69d3 100644 --- a/python311.spec +++ b/python311.spec @@ -744,7 +744,7 @@ find "$PDOCS" -name "*.bat" -delete install -m 755 -D Tools/gdb/libpython.py %{buildroot}%{_datadir}/gdb/auto-load/%{_libdir}/libpython%{python_abi}.so.%{so_major}.%{so_minor}-gdb.py # install devel files to /config -#cp Makefile Makefile.pre.in Makefile.pre $RPM_BUILD_ROOT%{sitedir}/config-%{python_abi}/ +#cp Makefile Makefile.pre.in Makefile.pre $RPM_BUILD_ROOT%%{sitedir}/config-%%{python_abi}/ # RPM macros %if %{primary_interpreter} -- 2.51.1 From eceb720075bdd6aa5922dcbb35355d3e38f4e920ea6199611de19f7de190cb39 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Fri, 22 Mar 2024 21:22:48 +0000 Subject: [PATCH 085/135] - Because of bsc#1189495 we have to revert use of %autopatch. OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=116 --- python311.changes | 5 +++++ python311.spec | 20 +++++++++++++++++--- 2 files changed, 22 insertions(+), 3 deletions(-) diff --git a/python311.changes b/python311.changes index 252896b..7a649e7 100644 --- a/python311.changes +++ b/python311.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Fri Mar 22 21:22:27 UTC 2024 - Matej Cepl + +- Because of bsc#1189495 we have to revert use of %autopatch. + ------------------------------------------------------------------- Tue Mar 12 08:44:47 UTC 2024 - Matej Cepl diff --git a/python311.spec b/python311.spec index f2e69d3..ac653f7 100644 --- a/python311.spec +++ b/python311.spec @@ -415,13 +415,27 @@ This package contains libpython3.2 shared library for embedding in other applications. %prep -%autosetup -p1 -N -n %{tarname} -%autopatch -p1 -M 08 +%setup -q -n %{tarname} +%patch -p1 -P 02 +%patch -p1 -P 03 +%patch -p1 -P 04 +%patch -p1 -P 05 +%patch -p1 -P 06 +%patch -p1 -P 07 +%patch -p1 -P 08 %if 0%{?suse_version} <= 1500 %patch -P 09 -p1 %endif -%autopatch -p1 -m 10 + +%patch -p1 -P 10 +%patch -p1 -P 11 +%patch -p1 -P 12 +%patch -p1 -P 13 +%patch -p1 -P 14 +%patch -p1 -P 15 +%patch -p1 -P 16 +%patch -p1 -P 17 # drop Autoconf version requirement sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac -- 2.51.1 From 246a8799b3c8832aad95ffe0d64481e868bf3b6f0ead2d1806d5da97f1f34ec2 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Sun, 24 Mar 2024 07:52:22 +0000 Subject: [PATCH 086/135] - Add reference to CVE-2024-0450 (bsc#1221854) to changelog. other entry or central directory (bsc#1221854, CVE-2024-0450). OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=117 --- python311.changes | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/python311.changes b/python311.changes index 7a649e7..25fb86c 100644 --- a/python311.changes +++ b/python311.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Sun Mar 24 07:51:45 UTC 2024 - Matej Cepl + +- Add reference to CVE-2024-0450 (bsc#1221854) to changelog. + ------------------------------------------------------------------- Fri Mar 22 21:22:27 UTC 2024 - Matej Cepl @@ -202,7 +207,7 @@ Thu Feb 8 07:27:40 UTC 2024 - Daniel Garcia tkinter._test(). - gh-109858: Protect zipfile from “quoted-overlap” zipbomb. It now raises BadZipFile when try to read an entry that overlaps with - other entry or central directory. + other entry or central directory (bsc#1221854, CVE-2024-0450). - gh-38807: Fix race condition in trace. Instead of checking if a directory exists and creating it, directly call os.makedirs() with the kwarg exist_ok=True. -- 2.51.1 From fe7f29284c3660b4ff693e53c2e8ac9b7784452a50033d7d320100d382f2c142 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Wed, 10 Apr 2024 14:25:37 +0000 Subject: [PATCH 087/135] Accepting request 1166573 from home:dgarcia:branches:devel:languages:python:Factory - Remove not needed upstream patches: * libexpat260.patch * CVE-2023-6597-TempDir-cleaning-symlink.patch, bsc#1219666 - Update to 3.11.9: * Security - gh-115398: Allow controlling Expat >=2.6.0 reparse deferral (CVE-2023-52425, bsc#1219559) by adding five new methods: xml.etree.ElementTree.XMLParser.flush() xml.etree.ElementTree.XMLPullParser.flush() xml.parsers.expat.xmlparser.GetReparseDeferralEnabled() xml.parsers.expat.xmlparser.SetReparseDeferralEnabled() xml.sax.expatreader.ExpatParser.flush() - gh-115399: Update bundled libexpat to 2.6.0 - gh-115243: Fix possible crashes in collections.deque.index() when the deque is concurrently modified. - gh-114572: ssl.SSLContext.cert_store_stats() and ssl.SSLContext.get_ca_certs() now correctly lock access to the certificate store, when the ssl.SSLContext is shared across multiple threads. * Core and Builtins - gh-116296: Fix possible refleak in object.__reduce__() internal error handling. - gh-116034: Fix location of the error on a failed assertion. - gh-115823: Properly calculate error ranges in the parser when raising SyntaxError exceptions caused by invalid byte sequences. Patch by Pablo Galindo - gh-112087: For an empty reverse iterator for list will be reduced to reversed(). Patch by Donghee Na. - gh-115011: Setters for members with an unsigned integer type now support the same range of valid values for objects that has a OBS-URL: https://build.opensuse.org/request/show/1166573 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=119 --- CVE-2023-6597-TempDir-cleaning-symlink.patch | 165 ------------ Python-3.11.8.tar.xz | 3 - Python-3.11.8.tar.xz.asc | 16 -- Python-3.11.9.tar.xz | 3 + Python-3.11.9.tar.xz.asc | 16 ++ libexpat260.patch | 108 -------- python311.changes | 258 +++++++++++++++++++ python311.spec | 12 +- 8 files changed, 279 insertions(+), 302 deletions(-) delete mode 100644 CVE-2023-6597-TempDir-cleaning-symlink.patch delete mode 100644 Python-3.11.8.tar.xz delete mode 100644 Python-3.11.8.tar.xz.asc create mode 100644 Python-3.11.9.tar.xz create mode 100644 Python-3.11.9.tar.xz.asc delete mode 100644 libexpat260.patch diff --git a/CVE-2023-6597-TempDir-cleaning-symlink.patch b/CVE-2023-6597-TempDir-cleaning-symlink.patch deleted file mode 100644 index 21580de..0000000 --- a/CVE-2023-6597-TempDir-cleaning-symlink.patch +++ /dev/null @@ -1,165 +0,0 @@ ---- - Lib/tempfile.py | 16 + - Lib/test/test_tempfile.py | 113 ++++++++++ - Misc/NEWS.d/next/Library/2022-12-01-16-57-44.gh-issue-91133.LKMVCV.rst | 2 - 3 files changed, 131 insertions(+) - ---- a/Lib/tempfile.py -+++ b/Lib/tempfile.py -@@ -286,6 +286,22 @@ def _resetperms(path): - _dont_follow_symlinks(chflags, path, 0) - _dont_follow_symlinks(_os.chmod, path, 0o700) - -+def _dont_follow_symlinks(func, path, *args): -+ # Pass follow_symlinks=False, unless not supported on this platform. -+ if func in _os.supports_follow_symlinks: -+ func(path, *args, follow_symlinks=False) -+ elif _os.name == 'nt' or not _os.path.islink(path): -+ func(path, *args) -+ -+def _resetperms(path): -+ try: -+ chflags = _os.chflags -+ except AttributeError: -+ pass -+ else: -+ _dont_follow_symlinks(chflags, path, 0) -+ _dont_follow_symlinks(_os.chmod, path, 0o700) -+ - - # User visible interfaces. - ---- a/Lib/test/test_tempfile.py -+++ b/Lib/test/test_tempfile.py -@@ -1673,6 +1673,103 @@ class TestTemporaryDirectory(BaseTestCas - new_flags = os.stat(dir1).st_flags - self.assertEqual(new_flags, old_flags) - -+ @os_helper.skip_unless_symlink -+ def test_cleanup_with_symlink_modes(self): -+ # cleanup() should not follow symlinks when fixing mode bits (#91133) -+ with self.do_create(recurse=0) as d2: -+ file1 = os.path.join(d2, 'file1') -+ open(file1, 'wb').close() -+ dir1 = os.path.join(d2, 'dir1') -+ os.mkdir(dir1) -+ for mode in range(8): -+ mode <<= 6 -+ with self.subTest(mode=format(mode, '03o')): -+ def test(target, target_is_directory): -+ d1 = self.do_create(recurse=0) -+ symlink = os.path.join(d1.name, 'symlink') -+ os.symlink(target, symlink, -+ target_is_directory=target_is_directory) -+ try: -+ os.chmod(symlink, mode, follow_symlinks=False) -+ except NotImplementedError: -+ pass -+ try: -+ os.chmod(symlink, mode) -+ except FileNotFoundError: -+ pass -+ os.chmod(d1.name, mode) -+ d1.cleanup() -+ self.assertFalse(os.path.exists(d1.name)) -+ -+ with self.subTest('nonexisting file'): -+ test('nonexisting', target_is_directory=False) -+ with self.subTest('nonexisting dir'): -+ test('nonexisting', target_is_directory=True) -+ -+ with self.subTest('existing file'): -+ os.chmod(file1, mode) -+ old_mode = os.stat(file1).st_mode -+ test(file1, target_is_directory=False) -+ new_mode = os.stat(file1).st_mode -+ self.assertEqual(new_mode, old_mode, -+ '%03o != %03o' % (new_mode, old_mode)) -+ -+ with self.subTest('existing dir'): -+ os.chmod(dir1, mode) -+ old_mode = os.stat(dir1).st_mode -+ test(dir1, target_is_directory=True) -+ new_mode = os.stat(dir1).st_mode -+ self.assertEqual(new_mode, old_mode, -+ '%03o != %03o' % (new_mode, old_mode)) -+ -+ @unittest.skipUnless(hasattr(os, 'chflags'), 'requires os.chflags') -+ @os_helper.skip_unless_symlink -+ def test_cleanup_with_symlink_flags(self): -+ # cleanup() should not follow symlinks when fixing flags (#91133) -+ flags = stat.UF_IMMUTABLE | stat.UF_NOUNLINK -+ self.check_flags(flags) -+ -+ with self.do_create(recurse=0) as d2: -+ file1 = os.path.join(d2, 'file1') -+ open(file1, 'wb').close() -+ dir1 = os.path.join(d2, 'dir1') -+ os.mkdir(dir1) -+ def test(target, target_is_directory): -+ d1 = self.do_create(recurse=0) -+ symlink = os.path.join(d1.name, 'symlink') -+ os.symlink(target, symlink, -+ target_is_directory=target_is_directory) -+ try: -+ os.chflags(symlink, flags, follow_symlinks=False) -+ except NotImplementedError: -+ pass -+ try: -+ os.chflags(symlink, flags) -+ except FileNotFoundError: -+ pass -+ os.chflags(d1.name, flags) -+ d1.cleanup() -+ self.assertFalse(os.path.exists(d1.name)) -+ -+ with self.subTest('nonexisting file'): -+ test('nonexisting', target_is_directory=False) -+ with self.subTest('nonexisting dir'): -+ test('nonexisting', target_is_directory=True) -+ -+ with self.subTest('existing file'): -+ os.chflags(file1, flags) -+ old_flags = os.stat(file1).st_flags -+ test(file1, target_is_directory=False) -+ new_flags = os.stat(file1).st_flags -+ self.assertEqual(new_flags, old_flags) -+ -+ with self.subTest('existing dir'): -+ os.chflags(dir1, flags) -+ old_flags = os.stat(dir1).st_flags -+ test(dir1, target_is_directory=True) -+ new_flags = os.stat(dir1).st_flags -+ self.assertEqual(new_flags, old_flags) -+ - @support.cpython_only - def test_del_on_collection(self): - # A TemporaryDirectory is deleted when garbage collected -@@ -1847,6 +1944,22 @@ class TestTemporaryDirectory(BaseTestCas - - def check_flags(self, flags): - # skip the test if these flags are not supported (ex: FreeBSD 13) -+ filename = os_helper.TESTFN -+ try: -+ open(filename, "w").close() -+ try: -+ os.chflags(filename, flags) -+ except OSError as exc: -+ # "OSError: [Errno 45] Operation not supported" -+ self.skipTest(f"chflags() doesn't support flags " -+ f"{flags:#b}: {exc}") -+ else: -+ os.chflags(filename, 0) -+ finally: -+ os_helper.unlink(filename) -+ -+ def check_flags(self, flags): -+ # skip the test if these flags are not supported (ex: FreeBSD 13) - filename = os_helper.TESTFN - try: - open(filename, "w").close() ---- /dev/null -+++ b/Misc/NEWS.d/next/Library/2022-12-01-16-57-44.gh-issue-91133.LKMVCV.rst -@@ -0,0 +1,2 @@ -+Fix a bug in :class:`tempfile.TemporaryDirectory` cleanup, which now no longer -+dereferences symlinks when working around file system permission errors. diff --git a/Python-3.11.8.tar.xz b/Python-3.11.8.tar.xz deleted file mode 100644 index 9263767..0000000 --- a/Python-3.11.8.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:9e06008c8901924395bc1da303eac567a729ae012baa182ab39269f650383bb3 -size 20041256 diff --git a/Python-3.11.8.tar.xz.asc b/Python-3.11.8.tar.xz.asc deleted file mode 100644 index bd8cff8..0000000 --- a/Python-3.11.8.tar.xz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCAAdFiEEz9yiRbEEPPKl+Xhl/+h0BBaL2EcFAmXCppEACgkQ/+h0BBaL -2Edi6g//dRagLHlrmPyCrch7ZqAazLMXTHb3cerXg41QEqfwIl7osk1HnqObBgVN -w8vgXy9ZlxWwv+cWvwrNLY1AWEfarhwRzWLkikHwycBIIgep1HmSvyU4wLKaN7mI -c/LxGHfQZ6suu3gCVmRFBoB/ACpT0P5qvDpoUehrADE6wCqs0vbRiW/InLCTUpOy -zZ+5ncK302JtafJkjIGf2VNB4yQATk/v7fO/z43sEQqhvzgtlWlXNmtCKshGBIt1 -mJpLEs8gCq97jObfbN7FkC3Ti/kEan7PbjDzsDKcBv/jJudvWywHtMzplgbjtOYG -AgBM8bXbVC119BwmfBpvAxgsVKmmGi9d2McJUPOcIHKiHCb17fU0srRbSV47rE9N -PWEHgQC2ICbdT9N1oimOEp16eYt5omFWfDy5C91oqUnBFtz8wqiNmyeQimegMgBe -cDpOY73C2H7Vi6rX9EbyrG+LOkfJ6Vt5rTCa+zbAPy2ihz/ajA7UNH72t1uuzFQZ -pPdUBNhtGxr5EB3zAqBxDuoh9DMOmDZACbT+npHR3Y7KaXTHYIe7Ot8CCrLpH+Ra -8Yt6/CCD7KnsCWz6pfyH+ulIL4vw+dPnC809+neiXhiUuM5qiIr9K7HidzXi0Lwj -sb8MVErS8dURFZP48e1dfbyJqsAvAosiGmjDDqbrlAC5attKjg8= -=VFx6 ------END PGP SIGNATURE----- diff --git a/Python-3.11.9.tar.xz b/Python-3.11.9.tar.xz new file mode 100644 index 0000000..81a4f9d --- /dev/null +++ b/Python-3.11.9.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:9b1e896523fc510691126c864406d9360a3d1e986acbda59cda57b5abda45b87 +size 20175816 diff --git a/Python-3.11.9.tar.xz.asc b/Python-3.11.9.tar.xz.asc new file mode 100644 index 0000000..92bf2d0 --- /dev/null +++ b/Python-3.11.9.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEz9yiRbEEPPKl+Xhl/+h0BBaL2EcFAmYNMEcACgkQ/+h0BBaL +2EeHhxAAuuIM9bl0dgAWOjbgRjCeXR8aFdfcI4dkO7bZrUy8eKbM+XCvPUUvloRJ +vzGkxYyTmI4kcNPOHfscUwH7AVVij8nGv7WeaXBUZGIXNwfHwvqOxvYvSsNNNFnr +70yJB7Df8/2s0XqFx3X1aWcnyMDerWKpfJ/VI/NPmCVxkYXGshuTTSFcCMTSFBQB +sNrIb5NWAsBF4R85uRQDlCg1AoyaKOdJNQkPo1Nrjol1ExJ+MHE7+E+QL9pQkUWG +SBISPUhJySBAegxolw6YR5dz1L4nukueQDJz3NizUeQGDvH7h1ImY8cypRi44U61 +SUUHhBfmUBiC2dS/tTQawySULWcgbkV4GJ6cJZfDd95uffd4S/GDJCa2wCE2UTlA +XzQHwbcnIeoL064gX7ruBuFHJ6n/Oz7nZkFqbH2aqLTAWgLiUq31xH3HY734sL6X +zIJQRbcK1EM7cnNjKMVPlnHpAeKbsbHbU6yzWwZ7reIoyWlZ7vEGrfXO7Kmul93K +wVaWu0AiOY566ugekdDx4cKV+FQN6oppAN63yTfPJ2Ddcmxs4KNrtozw9OAgDTPE +GTPFD6V1CMuyQj/jOpAmbj+4bRD4Mx3u2PSittvrIeopxrXPsGGSZ5kdl62Xa2+A +DzKyYNXzcmxqS9lGdFb+OWCTyAIXxwZrdz1Q61g5xDvR9z/wZiI= +=Br9/ +-----END PGP SIGNATURE----- diff --git a/libexpat260.patch b/libexpat260.patch deleted file mode 100644 index c9bbe84..0000000 --- a/libexpat260.patch +++ /dev/null @@ -1,108 +0,0 @@ -From f2eebf3c38eae77765247791576b437ec25ccfe2 Mon Sep 17 00:00:00 2001 -From: Serhiy Storchaka -Date: Sun, 11 Feb 2024 12:08:39 +0200 -Subject: [PATCH] gh-115133: Fix tests for XMLPullParser with Expat 2.6.0 - (GH-115164) - -Feeding the parser by too small chunks defers parsing to prevent -CVE-2023-52425. Future versions of Expat may be more reactive. -(cherry picked from commit 4a08e7b3431cd32a0daf22a33421cd3035343dc4) - -Co-authored-by: Serhiy Storchaka ---- - Lib/test/test_xml_etree.py | 58 ++++++++++++------- - ...-02-08-14-21-28.gh-issue-115133.ycl4ko.rst | 2 + - 2 files changed, 38 insertions(+), 22 deletions(-) - create mode 100644 Misc/NEWS.d/next/Library/2024-02-08-14-21-28.gh-issue-115133.ycl4ko.rst - -diff --git a/Lib/test/test_xml_etree.py b/Lib/test/test_xml_etree.py -index 267982a8233c92..fa03f381fac92a 100644 ---- a/Lib/test/test_xml_etree.py -+++ b/Lib/test/test_xml_etree.py -@@ -13,6 +13,7 @@ - import operator - import os - import pickle -+import pyexpat - import sys - import textwrap - import types -@@ -120,6 +121,10 @@ - - """ - -+fails_with_expat_2_6_0 = (unittest.expectedFailure -+ if pyexpat.version_info >= (2, 6, 0) else -+ lambda test: test) -+ - def checkwarnings(*filters, quiet=False): - def decorator(test): - def newtest(*args, **kwargs): -@@ -1400,28 +1405,37 @@ def assert_event_tags(self, parser, expected, max_events=None): - self.assertEqual([(action, elem.tag) for action, elem in events], - expected) - -- def test_simple_xml(self): -- for chunk_size in (None, 1, 5): -- with self.subTest(chunk_size=chunk_size): -- parser = ET.XMLPullParser() -- self.assert_event_tags(parser, []) -- self._feed(parser, "\n", chunk_size) -- self.assert_event_tags(parser, []) -- self._feed(parser, -- "\n text\n", chunk_size) -- self.assert_event_tags(parser, [('end', 'element')]) -- self._feed(parser, "texttail\n", chunk_size) -- self._feed(parser, "\n", chunk_size) -- self.assert_event_tags(parser, [ -- ('end', 'element'), -- ('end', 'empty-element'), -- ]) -- self._feed(parser, "\n", chunk_size) -- self.assert_event_tags(parser, [('end', 'root')]) -- self.assertIsNone(parser.close()) -+ def test_simple_xml(self, chunk_size=None): -+ parser = ET.XMLPullParser() -+ self.assert_event_tags(parser, []) -+ self._feed(parser, "\n", chunk_size) -+ self.assert_event_tags(parser, []) -+ self._feed(parser, -+ "\n text\n", chunk_size) -+ self.assert_event_tags(parser, [('end', 'element')]) -+ self._feed(parser, "texttail\n", chunk_size) -+ self._feed(parser, "\n", chunk_size) -+ self.assert_event_tags(parser, [ -+ ('end', 'element'), -+ ('end', 'empty-element'), -+ ]) -+ self._feed(parser, "\n", chunk_size) -+ self.assert_event_tags(parser, [('end', 'root')]) -+ self.assertIsNone(parser.close()) -+ -+ @fails_with_expat_2_6_0 -+ def test_simple_xml_chunk_1(self): -+ self.test_simple_xml(chunk_size=1) -+ -+ @fails_with_expat_2_6_0 -+ def test_simple_xml_chunk_5(self): -+ self.test_simple_xml(chunk_size=5) -+ -+ def test_simple_xml_chunk_22(self): -+ self.test_simple_xml(chunk_size=22) - - def test_feed_while_iterating(self): - parser = ET.XMLPullParser() -diff --git a/Misc/NEWS.d/next/Library/2024-02-08-14-21-28.gh-issue-115133.ycl4ko.rst b/Misc/NEWS.d/next/Library/2024-02-08-14-21-28.gh-issue-115133.ycl4ko.rst -new file mode 100644 -index 00000000000000..6f1015235cc25d ---- /dev/null -+++ b/Misc/NEWS.d/next/Library/2024-02-08-14-21-28.gh-issue-115133.ycl4ko.rst -@@ -0,0 +1,2 @@ -+Fix tests for :class:`~xml.etree.ElementTree.XMLPullParser` with Expat -+2.6.0. diff --git a/python311.changes b/python311.changes index 25fb86c..1797ff8 100644 --- a/python311.changes +++ b/python311.changes @@ -1,3 +1,261 @@ +------------------------------------------------------------------- +Mon Apr 8 05:44:04 UTC 2024 - Daniel Garcia + +- Remove not needed upstream patches: + * libexpat260.patch + * CVE-2023-6597-TempDir-cleaning-symlink.patch, bsc#1219666 + +- Update to 3.11.9: + * Security + - gh-115398: Allow controlling Expat >=2.6.0 reparse deferral + (CVE-2023-52425, bsc#1219559) by adding five new methods: + xml.etree.ElementTree.XMLParser.flush() + xml.etree.ElementTree.XMLPullParser.flush() + xml.parsers.expat.xmlparser.GetReparseDeferralEnabled() + xml.parsers.expat.xmlparser.SetReparseDeferralEnabled() + xml.sax.expatreader.ExpatParser.flush() + - gh-115399: Update bundled libexpat to 2.6.0 + - gh-115243: Fix possible crashes in collections.deque.index() + when the deque is concurrently modified. + - gh-114572: ssl.SSLContext.cert_store_stats() and + ssl.SSLContext.get_ca_certs() now correctly lock access to the + certificate store, when the ssl.SSLContext is shared across + multiple threads. + * Core and Builtins + - gh-116296: Fix possible refleak in object.__reduce__() internal + error handling. + - gh-116034: Fix location of the error on a failed assertion. + - gh-115823: Properly calculate error ranges in the parser when + raising SyntaxError exceptions caused by invalid byte sequences. + Patch by Pablo Galindo + - gh-112087: For an empty reverse iterator for list will be + reduced to reversed(). Patch by Donghee Na. + - gh-115011: Setters for members with an unsigned integer type now + support the same range of valid values for objects that has a + __index__() method as for int. + - gh-96497: Fix incorrect resolution of mangled class variables + used in assignment expressions in comprehensions. + * Library + - gh-117310: Fixed an unlikely early & extra Py_DECREF triggered + crash in ssl when creating a new _ssl._SSLContext if CPython was + built implausibly such that the default cipher list is empty or + the SSL library it was linked against reports a failure from its + C SSL_CTX_set_cipher_list() API. + - gh-117178: Fix regression in lazy loading of self-referential + modules, introduced in gh-114781. + - gh-117084: Fix zipfile extraction for directory entries with the + name containing backslashes on Windows. + - gh-117110: Fix a bug that prevents subclasses of typing.Any to + be instantiated with arguments. Patch by Chris Fu. + - gh-90872: On Windows, subprocess.Popen.wait() no longer calls + WaitForSingleObject() with a negative timeout: pass 0 ms if the + timeout is negative. Patch by Victor Stinner. + - gh-116957: configparser: Don’t leave ConfigParser values in an + invalid state (stored as a list instead of a str) after an + earlier read raised DuplicateSectionError or + DuplicateOptionError. + - gh-90095: Ignore empty lines and comments in .pdbrc + - gh-116764: Restore support of None and other false values in + urllib.parse functions parse_qs() and parse_qsl(). Also, they + now raise a TypeError for non-zero integers and non-empty + sequences. + - gh-116811: In PathFinder.invalidate_caches, delegate to + MetadataPathFinder.invalidate_caches. + - gh-116600: Fix repr() for global Flag members. + - gh-116484: Change automatically generated tkinter.Checkbutton + widget names to avoid collisions with automatically generated + tkinter.ttk.Checkbutton widget names within the same parent + widget. + - gh-116401: Fix blocking os.fwalk() and shutil.rmtree() on + opening named pipe. + - gh-116143: Fix a race in pydoc _start_server, eliminating a + window in which _start_server can return a thread that is + “serving” but without a docserver set. + - gh-116325: typing: raise SyntaxError instead of AttributeError + on forward references as empty strings. + - gh-90535: Fix support of interval values > 1 in + logging.TimedRotatingFileHandler for when='MIDNIGHT' and + when='Wx'. + - gh-115978: Disable preadv(), readv(), pwritev(), and writev() on + WASI. + - Under wasmtime for WASI 0.2, these functions don’t pass + test_posix + (https://github.com/bytecodealliance/wasmtime/issues/7830). + - gh-88352: Fix the computation of the next rollover time in the + logging.TimedRotatingFileHandler handler. computeRollover() now + always returns a timestamp larger than the specified time and + works correctly during the DST change. doRollover() no longer + overwrite the already rolled over file, saving from data loss + when run at midnight or during repeated time at the DST change. + - gh-87115: Set __main__.__spec__ to None when running a script + with pdb + - gh-76511: Fix UnicodeEncodeError in email.Message.as_string() + that results when a message that claims to be in the ascii + character set actually has non-ascii characters. Non-ascii + characters are now replaced with the U+FFFD replacement + character, like in the replace error handler. + - gh-75988: Fixed unittest.mock.create_autospec() to pass the call + through to the wrapped object to return the real result. + - gh-115881: Fix issue where ast.parse() would incorrectly flag + conditional context managers (such as with (x() if y else z()): + ...) as invalid syntax if feature_version=(3, 8) was passed. + This reverts changes to the grammar made as part of gh-94949. + - gh-115886: Fix silent truncation of the name with an embedded + null character in multiprocessing.shared_memory.SharedMemory. + - gh-115809: Improve algorithm for computing which rolled-over log + files to delete in logging.TimedRotatingFileHandler. It is now + reliable for handlers without namer and with arbitrary + deterministic namer that leaves the datetime part in the file + name unmodified. + - gh-74668: urllib.parse functions parse_qs() and parse_qsl() now + support bytes arguments containing raw and percent-encoded + non-ASCII data. + - gh-67044: csv.writer() now always quotes or escapes '\r' and + '\n', regardless of lineterminator value. + - gh-115712: csv.writer() now quotes empty fields if delimiter is + a space and skipinitialspace is true and raises exception if + quoting is not possible. + - gh-115618: Fix improper decreasing the reference count for None + argument in property methods getter(), setter() and deleter(). + - gh-115570: A DeprecationWarning is no longer omitted on access + to the __doc__ attributes of the deprecated typing.io and + typing.re pseudo-modules. + - gh-112006: Fix inspect.unwrap() for types with the __wrapper__ + data descriptor. + - gh-101293: Support callables with the __call__() method and + types with __new__() and __init__() methods set to class + methods, static methods, bound methods, partial functions, and + other types of methods and descriptors in + inspect.Signature.from_callable(). + - gh-115392: Fix a bug in doctest where incorrect line numbers + would be reported for decorated functions. + - gh-114563: Fix several format() bugs when using the C + implementation of Decimal: * memory leak in some rare cases when + using the z format option (coerce negative 0) * incorrect output + when applying the z format option to type F (fixed-point with + capital NAN / INF) * incorrect output when applying the # format + option (alternate form) + - gh-115197: urllib.request no longer resolves the hostname before + checking it against the system’s proxy bypass list on macOS and + Windows. + - gh-115198: Fix support of Docutils >= 0.19 in distutils. + - gh-115165: Most exceptions are now ignored when attempting to + set the __orig_class__ attribute on objects returned when + calling typing generic aliases (including generic aliases + created using typing.Annotated). Previously only AttributeError + was ignored. Patch by Dave Shawley. + - gh-115133: Fix tests for XMLPullParser with Expat 2.6.0. + - gh-115059: io.BufferedRandom.read1() now flushes the underlying + write buffer. + - gh-79382: Trailing ** no longer allows to match files and + non-existing paths in recursive glob(). + - gh-114763: Protect modules loaded with importlib.util.LazyLoader + from race conditions when multiple threads try to access + attributes before the loading is complete. + - gh-97959: Fix rendering class methods, bound methods, method and + function aliases in pydoc. Class methods no longer have “method + of builtins.type instance” note. Corresponding notes are now + added for class and unbound methods. Method and function aliases + now have references to the module or the class where the origin + was defined if it differs from the current. Bound methods are + now listed in the static methods section. Methods of builtin + classes are now supported as well as methods of Python classes. + - gh-112281: Allow creating union of types for typing.Annotated + with unhashable metadata. + - gh-111775: Fix importlib.resources.simple.ResourceHandle.open() + for text mode, added missed stream argument. + - gh-90095: Make .pdbrc and -c work with any valid pdb commands. + - gh-107155: Fix incorrect output of help(x) where x is a lambda + function, which has an __annotations__ dictionary attribute with + a "return" key. + - gh-105866: Fixed _get_slots bug which caused error when defining + dataclasses with slots and a weakref_slot. + - gh-60346: Fix ArgumentParser inconsistent with parse_known_args. + - gh-100985: Update HTTPSConnection to consistently wrap IPv6 + Addresses when using a proxy. + - gh-100884: email: fix misfolding of comma in address-lists over + multiple lines in combination with unicode encoding. + - gh-95782: Fix io.BufferedReader.tell(), + io.BufferedReader.seek(), _pyio.BufferedReader.tell(), + io.BufferedRandom.tell(), io.BufferedRandom.seek() and + _pyio.BufferedRandom.tell() being able to return negative + offsets. + - gh-96310: Fix a traceback in argparse when all options in a + mutually exclusive group are suppressed. + - gh-93205: Fixed a bug in + logging.handlers.TimedRotatingFileHandler where multiple + rotating handler instances pointing to files with the same name + but different extensions would conflict and not delete the + correct files. + - bpo-44865: Add missing call to localization function in + argparse. + - bpo-43952: Fix multiprocessing.connection.Listener.accept() to + accept empty bytes as authkey. Not accepting empty bytes as key + causes it to hang indefinitely. + - bpo-42125: linecache: get module name from __spec__ if + available. This allows getting source code for the __main__ + module when a custom loader is used. + - gh-66543: Make mimetypes.guess_type() properly parsing of URLs + with only a host name, URLs containing fragment or query, and + filenames with only a UNC sharepoint on Windows. Based on patch + by Dong-hee Na. + - bpo-33775: Add ‘default’ and ‘version’ help text for + localization in argparse. + * Documentation + - gh-115399: Document CVE-2023-52425 of Expat <2.6.0 under “XML + vulnerabilities”. + - gh-115233: Fix an example for LoggerAdapter in the Logging + Cookbook. + * Tests + - gh-83434: Disable JUnit XML output (--junit-xml=FILE command + line option) in regrtest when hunting for reference leaks (-R + option). Patch by Victor Stinner. + - gh-117187: Fix XML tests for vanilla Expat <2.6.0. + - gh-115979: Update test_importlib so that it passes under WASI + SDK 21. + - gh-116307: Added import helper isolated_modules as CleanImport + does not remove modules imported during the context. + - gh-115720: Leak tests (-R, --huntrleaks) now show a summary of + the number of leaks found in each iteration. + - gh-115122: Add --bisect option to regrtest test runner: run + failed tests with test.bisect_cmd to identify failing tests. + Patch by Victor Stinner. + - gh-115596: Fix ProgramPriorityTests in test_os permanently + changing the process priority. + - gh-115198: Fix test_check_metadata_deprecate in distutils tests + with a newer Docutils. + * Build + - gh-116313: Get WASI builds to work under wasmtime 18 w/ WASI + 0.2/preview2 primitives. + - gh-115167: Avoid vendoring vcruntime140_threads.dll when + building with Visual Studio 2022 version 17.8. + * Windows + - gh-116773: Fix instances of <_overlapped.Overlapped object at + 0xXXX> still has pending operation at deallocation, the process + may crash. + - gh-91227: Fix the asyncio ProactorEventLoop implementation so + that sending a datagram to an address that is not listening does + not prevent receiving any more datagrams. + - gh-115554: The installer now has more strict rules about + updating the Python Launcher for Windows. In general, most users + only have a single launcher installed and will see no + difference. When multiple launchers have been installed, the + option to install the launcher is disabled until all but one + have been removed. Downgrading the launcher (which was never + allowed) is now more obviously blocked. + - gh-115543: Python Launcher for Windows can now detect Python + 3.13 when installed from the Microsoft Store, and will install + Python 3.12 by default when PYLAUNCHER_ALLOW_INSTALL is set. + - gh-115009: Update Windows installer to use SQLite 3.45.1. + * IDLE + - gh-88516: On macOS show a proxy icon in the title bar of editor + windows to match platform behaviour. + * Tools/Demos + - gh-113516: Don’t set LDSHARED when building for WASI. + * C API + - gh-117021: Fix integer overflow in PyLong_AsPid() on non-Windows + 64-bit platforms. + ------------------------------------------------------------------- Sun Mar 24 07:51:45 UTC 2024 - Matej Cepl diff --git a/python311.spec b/python311.spec index ac653f7..85a5060 100644 --- a/python311.spec +++ b/python311.spec @@ -94,7 +94,7 @@ %define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so %bcond_without profileopt Name: %{python_pkg_name}%{psuffix} -Version: 3.11.8 +Version: 3.11.9 Release: 0 Summary: Python 3 Interpreter License: Python-2.0 @@ -165,15 +165,9 @@ Patch13: skip_if_buildbot-extend.patch # Detect email address parsing errors and return empty tuple to # indicate the parsing error (old API) Patch14: CVE-2023-27043-email-parsing-errors.patch -# PATCH-FIX-UPSTREAM libexpat260.patch gh#python/cpython#115289 -# Fix tests for XMLPullParser with Expat 2.6.0 -Patch15: libexpat260.patch -# PATCH-FIX-UPSTREAM CVE-2023-6597-TempDir-cleaning-symlink.patch bsc#1219666 mcepl@suse.com -# tempfile.TemporaryDirectory: fix symlink bug in cleanup (from gh#python/cpython!99930) -Patch16: CVE-2023-6597-TempDir-cleaning-symlink.patch # PATCH-FIX-UPSTREAM bsc1221260-test_asyncio-ResourceWarning.patch bsc#1221260 mcepl@suse.com # prevent ResourceWarning in test_asyncio tests -Patch17: bsc1221260-test_asyncio-ResourceWarning.patch +Patch15: bsc1221260-test_asyncio-ResourceWarning.patch BuildRequires: autoconf-archive BuildRequires: automake BuildRequires: fdupes @@ -434,8 +428,6 @@ other applications. %patch -p1 -P 13 %patch -p1 -P 14 %patch -p1 -P 15 -%patch -p1 -P 16 -%patch -p1 -P 17 # drop Autoconf version requirement sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac -- 2.51.1 From 116be53bb3186cd20cea912b81e9fcbd911671459f77e2d304a608e2003727d5 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Fri, 19 Apr 2024 22:20:05 +0000 Subject: [PATCH 088/135] Accepting request 1169083 from home:dgarcia:branches:devel:languages:python:Factory - Add CVE-2023-52425-libexpat-2.6.0-backport.patch to fix tests with patched libexpat below 2.6.0 that doesn't update the version number, just in SLE. OBS-URL: https://build.opensuse.org/request/show/1169083 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=120 --- CVE-2023-52425-libexpat-2.6.0-backport.patch | 57 ++++++++++++++++++++ python311.changes | 7 +++ python311.spec | 6 +++ 3 files changed, 70 insertions(+) create mode 100644 CVE-2023-52425-libexpat-2.6.0-backport.patch diff --git a/CVE-2023-52425-libexpat-2.6.0-backport.patch b/CVE-2023-52425-libexpat-2.6.0-backport.patch new file mode 100644 index 0000000..6600f2c --- /dev/null +++ b/CVE-2023-52425-libexpat-2.6.0-backport.patch @@ -0,0 +1,57 @@ +Index: Python-3.11.9/Lib/test/test_xml_etree.py +=================================================================== +--- Python-3.11.9.orig/Lib/test/test_xml_etree.py ++++ Python-3.11.9/Lib/test/test_xml_etree.py +@@ -1424,9 +1424,13 @@ class XMLPullParserTest(unittest.TestCas + self.assert_event_tags(parser, [('end', 'root')]) + self.assertIsNone(parser.close()) + ++ @unittest.skipIf(pyexpat.version_info < (2, 6, 0), ++ f'Fail with patched version of Expat {pyexpat.version_info}') + def test_simple_xml_chunk_1(self): + self.test_simple_xml(chunk_size=1, flush=True) + ++ @unittest.skipIf(pyexpat.version_info < (2, 6, 0), ++ f'Fail with patched version of Expat {pyexpat.version_info}') + def test_simple_xml_chunk_5(self): + self.test_simple_xml(chunk_size=5, flush=True) + +@@ -1651,6 +1655,9 @@ class XMLPullParserTest(unittest.TestCas + + self.assert_event_tags(parser, [('end', 'doc')]) + ++ @unittest.skipIf(pyexpat.version_info < (2, 6, 0), ++ f'Expat {pyexpat.version_info} does not ' ++ 'support reparse deferral') + def test_flush_reparse_deferral_disabled(self): + parser = ET.XMLPullParser(events=('start', 'end')) + +Index: Python-3.11.9/Lib/test/test_sax.py +=================================================================== +--- Python-3.11.9.orig/Lib/test/test_sax.py ++++ Python-3.11.9/Lib/test/test_sax.py +@@ -1240,6 +1240,9 @@ class ExpatReaderTest(XmlTestBase): + + self.assertEqual(result.getvalue(), start + b"") + ++ @unittest.skipIf(pyexpat.version_info < (2, 6, 0), ++ f'Expat {pyexpat.version_info} does not ' ++ 'support reparse deferral') + def test_flush_reparse_deferral_disabled(self): + result = BytesIO() + xmlgen = XMLGenerator(result) +Index: Python-3.11.9/Lib/test/test_pyexpat.py +=================================================================== +--- Python-3.11.9.orig/Lib/test/test_pyexpat.py ++++ Python-3.11.9/Lib/test/test_pyexpat.py +@@ -794,6 +794,10 @@ class ReparseDeferralTest(unittest.TestC + self.assertEqual(started, ['doc']) + + def test_reparse_deferral_disabled(self): ++ if expat.version_info < (2, 6, 0): ++ self.skipTest(f'Expat {expat.version_info} does not ' ++ 'support reparse deferral') ++ + started = [] + + def start_element(name, _): diff --git a/python311.changes b/python311.changes index 1797ff8..5bcc5da 100644 --- a/python311.changes +++ b/python311.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Mon Apr 15 10:31:32 UTC 2024 - Daniel Garcia + +- Add CVE-2023-52425-libexpat-2.6.0-backport.patch to fix tests with + patched libexpat below 2.6.0 that doesn't update the version number, + just in SLE. + ------------------------------------------------------------------- Mon Apr 8 05:44:04 UTC 2024 - Daniel Garcia diff --git a/python311.spec b/python311.spec index 85a5060..e5c3514 100644 --- a/python311.spec +++ b/python311.spec @@ -168,6 +168,11 @@ Patch14: CVE-2023-27043-email-parsing-errors.patch # PATCH-FIX-UPSTREAM bsc1221260-test_asyncio-ResourceWarning.patch bsc#1221260 mcepl@suse.com # prevent ResourceWarning in test_asyncio tests Patch15: bsc1221260-test_asyncio-ResourceWarning.patch +# PATCH-FIX-OPENSUSE CVE-2023-52425-libexpat-2.6.0-backport.patch +# This problem on libexpat is patched on SLE without version +# update, this patch changes the tests to match the libexpat provided +# by SUSE +Patch16: CVE-2023-52425-libexpat-2.6.0-backport.patch BuildRequires: autoconf-archive BuildRequires: automake BuildRequires: fdupes @@ -428,6 +433,7 @@ other applications. %patch -p1 -P 13 %patch -p1 -P 14 %patch -p1 -P 15 +%patch -p1 -P 16 # drop Autoconf version requirement sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac -- 2.51.1 From 37ecd27cc87ccc86418286738cc8d77b0615f17b3ca49956509a0b25c3eb13e7 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Tue, 30 Apr 2024 15:37:14 +0000 Subject: [PATCH 089/135] Update CVE-2023-52425-libexpat-2.6.0-backport.patch OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=122 --- CVE-2023-52425-libexpat-2.6.0-backport.patch | 211 +++++++++++++++---- 1 file changed, 169 insertions(+), 42 deletions(-) diff --git a/CVE-2023-52425-libexpat-2.6.0-backport.patch b/CVE-2023-52425-libexpat-2.6.0-backport.patch index 6600f2c..6238018 100644 --- a/CVE-2023-52425-libexpat-2.6.0-backport.patch +++ b/CVE-2023-52425-libexpat-2.6.0-backport.patch @@ -1,57 +1,184 @@ -Index: Python-3.11.9/Lib/test/test_xml_etree.py -=================================================================== ---- Python-3.11.9.orig/Lib/test/test_xml_etree.py -+++ Python-3.11.9/Lib/test/test_xml_etree.py -@@ -1424,9 +1424,13 @@ class XMLPullParserTest(unittest.TestCas - self.assert_event_tags(parser, [('end', 'root')]) - self.assertIsNone(parser.close()) +--- + Lib/test/support/__init__.py | 9 ++++++++- + Lib/test/test_pyexpat.py | 8 ++++---- + Lib/test/test_sax.py | 18 +++++++++--------- + Lib/test/test_xml_etree.py | 12 +++++------- + 4 files changed, 26 insertions(+), 21 deletions(-) + +--- a/Lib/test/support/__init__.py ++++ b/Lib/test/support/__init__.py +@@ -8,6 +8,7 @@ import dataclasses + import functools + import os + import re ++import pyexpat + import stat + import sys + import sysconfig +@@ -56,7 +57,7 @@ __all__ = [ + "run_with_tz", "PGO", "missing_compiler_executable", + "ALWAYS_EQ", "NEVER_EQ", "LARGEST", "SMALLEST", + "LOOPBACK_TIMEOUT", "INTERNET_TIMEOUT", "SHORT_TIMEOUT", "LONG_TIMEOUT", +- "skip_on_s390x", ++ "skip_on_s390x", "fails_with_expat_2_6_0" + ] -+ @unittest.skipIf(pyexpat.version_info < (2, 6, 0), -+ f'Fail with patched version of Expat {pyexpat.version_info}') - def test_simple_xml_chunk_1(self): - self.test_simple_xml(chunk_size=1, flush=True) -+ @unittest.skipIf(pyexpat.version_info < (2, 6, 0), -+ f'Fail with patched version of Expat {pyexpat.version_info}') - def test_simple_xml_chunk_5(self): - self.test_simple_xml(chunk_size=5, flush=True) +@@ -2243,3 +2244,9 @@ def copy_python_src_ignore(path, names): + #Windows doesn't have os.uname() but it doesn't support s390x. + skip_on_s390x = unittest.skipIf(hasattr(os, 'uname') and os.uname().machine == 's390x', + 'skipped on s390x') ++ ++ ++_null_pyexpat_parser=pyexpat.ParserCreate() ++fails_with_expat_2_6_0 = (unittest.expectedFailure ++ if hasattr(_null_pyexpat_parser, 'GetReparseDeferralEnabled') else ++ lambda test: test) +--- a/Lib/test/test_pyexpat.py ++++ b/Lib/test/test_pyexpat.py +@@ -14,8 +14,7 @@ from test.support import os_helper + from xml.parsers import expat + from xml.parsers.expat import errors -@@ -1651,6 +1655,9 @@ class XMLPullParserTest(unittest.TestCas +-from test.support import sortdict, is_emscripten, is_wasi +- ++from test.support import sortdict, is_emscripten, is_wasi, fails_with_expat_2_6_0 - self.assert_event_tags(parser, [('end', 'doc')]) + class SetAttributeTest(unittest.TestCase): + def setUp(self): +@@ -793,6 +792,7 @@ class ReparseDeferralTest(unittest.TestC -+ @unittest.skipIf(pyexpat.version_info < (2, 6, 0), -+ f'Expat {pyexpat.version_info} does not ' -+ 'support reparse deferral') - def test_flush_reparse_deferral_disabled(self): - parser = ET.XMLPullParser(events=('start', 'end')) + self.assertEqual(started, ['doc']) -Index: Python-3.11.9/Lib/test/test_sax.py -=================================================================== ---- Python-3.11.9.orig/Lib/test/test_sax.py -+++ Python-3.11.9/Lib/test/test_sax.py -@@ -1240,6 +1240,9 @@ class ExpatReaderTest(XmlTestBase): ++ @fails_with_expat_2_6_0 + def test_reparse_deferral_disabled(self): + started = [] + +@@ -800,9 +800,9 @@ class ReparseDeferralTest(unittest.TestC + started.append(name) + + parser = expat.ParserCreate() ++ self.assertTrue(hasattr(parser, 'GetReparseDeferralEnabled')) + parser.StartElementHandler = start_element +- if expat.version_info >= (2, 6, 0): +- parser.SetReparseDeferralEnabled(False) ++ parser.SetReparseDeferralEnabled(False) + self.assertFalse(parser.GetReparseDeferralEnabled()) + + for chunk in (b''): +--- a/Lib/test/test_sax.py ++++ b/Lib/test/test_sax.py +@@ -19,13 +19,11 @@ from xml.sax.xmlreader import InputSourc + from io import BytesIO, StringIO + import codecs + import os.path +-import pyexpat + import shutil + import sys + from urllib.error import URLError + import urllib.request +-from test.support import os_helper +-from test.support import findfile ++from test.support import os_helper, findfile, fails_with_expat_2_6_0 + from test.support.os_helper import FakePath, TESTFN + + +@@ -1215,9 +1213,7 @@ class ExpatReaderTest(XmlTestBase): + + self.assertEqual(result.getvalue(), start + b"text") + +- @unittest.skipIf(pyexpat.version_info < (2, 6, 0), +- f'Expat {pyexpat.version_info} does not ' +- 'support reparse deferral') ++ @fails_with_expat_2_6_0 + def test_flush_reparse_deferral_enabled(self): + result = BytesIO() + xmlgen = XMLGenerator(result) +@@ -1227,6 +1223,8 @@ class ExpatReaderTest(XmlTestBase): + for chunk in (""): + parser.feed(chunk) + ++ self.assertTrue(hasattr(parser._parser, 'GetReparseDeferralEnabled')) ++ + self.assertEqual(result.getvalue(), start) # i.e. no elements started + self.assertTrue(parser._parser.GetReparseDeferralEnabled()) + +@@ -1240,6 +1238,7 @@ class ExpatReaderTest(XmlTestBase): self.assertEqual(result.getvalue(), start + b"") -+ @unittest.skipIf(pyexpat.version_info < (2, 6, 0), -+ f'Expat {pyexpat.version_info} does not ' -+ 'support reparse deferral') ++ @fails_with_expat_2_6_0 def test_flush_reparse_deferral_disabled(self): result = BytesIO() xmlgen = XMLGenerator(result) -Index: Python-3.11.9/Lib/test/test_pyexpat.py -=================================================================== ---- Python-3.11.9.orig/Lib/test/test_pyexpat.py -+++ Python-3.11.9/Lib/test/test_pyexpat.py -@@ -794,6 +794,10 @@ class ReparseDeferralTest(unittest.TestC - self.assertEqual(started, ['doc']) +@@ -1249,9 +1248,10 @@ class ExpatReaderTest(XmlTestBase): + for chunk in (""): + parser.feed(chunk) - def test_reparse_deferral_disabled(self): -+ if expat.version_info < (2, 6, 0): -+ self.skipTest(f'Expat {expat.version_info} does not ' -+ 'support reparse deferral') +- if pyexpat.version_info >= (2, 6, 0): +- parser._parser.SetReparseDeferralEnabled(False) +- self.assertEqual(result.getvalue(), start) # i.e. no elements started ++ self.assertTrue(hasattr(parser._parser, 'SetReparseDeferralEnabled')) + - started = [] ++ parser._parser.SetReparseDeferralEnabled(False) ++ self.assertEqual(result.getvalue(), start) # i.e. no elements started - def start_element(name, _): + self.assertFalse(parser._parser.GetReparseDeferralEnabled()) + +--- a/Lib/test/test_xml_etree.py ++++ b/Lib/test/test_xml_etree.py +@@ -13,7 +13,6 @@ import itertools + import operator + import os + import pickle +-import pyexpat + import sys + import textwrap + import types +@@ -26,7 +25,7 @@ from itertools import product, islice + from test import support + from test.support import os_helper + from test.support import warnings_helper +-from test.support import findfile, gc_collect, swap_attr, swap_item ++from test.support import findfile, gc_collect, swap_attr, swap_item, fails_with_expat_2_6_0 + from test.support.import_helper import import_fresh_module + from test.support.os_helper import TESTFN + +@@ -1424,9 +1423,11 @@ class XMLPullParserTest(unittest.TestCas + self.assert_event_tags(parser, [('end', 'root')]) + self.assertIsNone(parser.close()) + ++ @fails_with_expat_2_6_0 + def test_simple_xml_chunk_1(self): + self.test_simple_xml(chunk_size=1, flush=True) + ++ @fails_with_expat_2_6_0 + def test_simple_xml_chunk_5(self): + self.test_simple_xml(chunk_size=5, flush=True) + +@@ -1627,9 +1628,7 @@ class XMLPullParserTest(unittest.TestCas + with self.assertRaises(ValueError): + ET.XMLPullParser(events=('start', 'end', 'bogus')) + +- @unittest.skipIf(pyexpat.version_info < (2, 6, 0), +- f'Expat {pyexpat.version_info} does not ' +- 'support reparse deferral') ++ @fails_with_expat_2_6_0 + def test_flush_reparse_deferral_enabled(self): + parser = ET.XMLPullParser(events=('start', 'end')) + +@@ -1651,13 +1650,12 @@ class XMLPullParserTest(unittest.TestCas + + self.assert_event_tags(parser, [('end', 'doc')]) + ++ @fails_with_expat_2_6_0 + def test_flush_reparse_deferral_disabled(self): + parser = ET.XMLPullParser(events=('start', 'end')) + + for chunk in (""): + parser.feed(chunk) +- +- if pyexpat.version_info >= (2, 6, 0): + if not ET is pyET: + self.skipTest(f'XMLParser.(Get|Set)ReparseDeferralEnabled ' + 'methods not available in C') -- 2.51.1 From e54275a76b6aa7e30ccc0001c9e13c1c18d925e0100b12526202726830db19f4 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Wed, 1 May 2024 09:01:36 +0000 Subject: [PATCH 090/135] - Update CVE-2023-52425-libexpat-2.6.0-backport.patch so that it uses features sniffing, not just comparing version number. Include also support-expat-CVE-2022-25236-patched.patch. - Refresh patches: - CVE-2023-27043-email-parsing-errors.patch - fix_configure_rst.patch - skip_if_buildbot-extend.patch - Remove included patch: - support-expat-CVE-2022-25236-patched.patch OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=123 --- CVE-2023-27043-email-parsing-errors.patch | 26 +-- CVE-2023-52425-libexpat-2.6.0-backport.patch | 164 ++++++++++++------- fix_configure_rst.patch | 18 +- python311.changes | 13 ++ python311.spec | 4 - skip_if_buildbot-extend.patch | 8 +- support-expat-CVE-2022-25236-patched.patch | 77 --------- 7 files changed, 135 insertions(+), 175 deletions(-) delete mode 100644 support-expat-CVE-2022-25236-patched.patch diff --git a/CVE-2023-27043-email-parsing-errors.patch b/CVE-2023-27043-email-parsing-errors.patch index 1ced142..6d74e95 100644 --- a/CVE-2023-27043-email-parsing-errors.patch +++ b/CVE-2023-27043-email-parsing-errors.patch @@ -5,10 +5,8 @@ Misc/NEWS.d/next/Library/2023-10-20-15-28-08.gh-issue-102988.dStNO7.rst | 8 4 files changed, 344 insertions(+), 21 deletions(-) -Index: Python-3.11.8/Doc/library/email.utils.rst -=================================================================== ---- Python-3.11.8.orig/Doc/library/email.utils.rst -+++ Python-3.11.8/Doc/library/email.utils.rst +--- a/Doc/library/email.utils.rst ++++ b/Doc/library/email.utils.rst @@ -60,13 +60,18 @@ of the new API. begins with angle brackets, they are stripped off. @@ -58,10 +56,8 @@ Index: Python-3.11.8/Doc/library/email.utils.rst .. function:: parsedate(date) -Index: Python-3.11.8/Lib/email/utils.py -=================================================================== ---- Python-3.11.8.orig/Lib/email/utils.py -+++ Python-3.11.8/Lib/email/utils.py +--- a/Lib/email/utils.py ++++ b/Lib/email/utils.py @@ -48,6 +48,7 @@ TICK = "'" specialsre = re.compile(r'[][\\()<>@,:;".]') escapesre = re.compile(r'[\\"]') @@ -241,10 +237,8 @@ Index: Python-3.11.8/Lib/email/utils.py return addrs[0] -Index: Python-3.11.8/Lib/test/test_email/test_email.py -=================================================================== ---- Python-3.11.8.orig/Lib/test/test_email/test_email.py -+++ Python-3.11.8/Lib/test/test_email/test_email.py +--- a/Lib/test/test_email/test_email.py ++++ b/Lib/test/test_email/test_email.py @@ -17,6 +17,7 @@ from unittest.mock import patch import email @@ -253,7 +247,7 @@ Index: Python-3.11.8/Lib/test/test_email/test_email.py from email.charset import Charset from email.generator import Generator, DecodedGenerator, BytesGenerator -@@ -3321,15 +3322,137 @@ Foo +@@ -3336,15 +3337,137 @@ Foo [('Al Person', 'aperson@dom.ain'), ('Bud Person', 'bperson@dom.ain')]) @@ -399,7 +393,7 @@ Index: Python-3.11.8/Lib/test/test_email/test_email.py def test_getaddresses_embedded_comment(self): """Test proper handling of a nested comment""" -@@ -3520,6 +3643,54 @@ multipart/report +@@ -3535,6 +3658,54 @@ multipart/report m = cls(*constructor, policy=email.policy.default) self.assertIs(m.policy, email.policy.default) @@ -454,10 +448,8 @@ Index: Python-3.11.8/Lib/test/test_email/test_email.py # Test the iterator/generators class TestIterators(TestEmailBase): -Index: Python-3.11.8/Misc/NEWS.d/next/Library/2023-10-20-15-28-08.gh-issue-102988.dStNO7.rst -=================================================================== --- /dev/null -+++ Python-3.11.8/Misc/NEWS.d/next/Library/2023-10-20-15-28-08.gh-issue-102988.dStNO7.rst ++++ b/Misc/NEWS.d/next/Library/2023-10-20-15-28-08.gh-issue-102988.dStNO7.rst @@ -0,0 +1,8 @@ +:func:`email.utils.getaddresses` and :func:`email.utils.parseaddr` now +return ``('', '')`` 2-tuples in more situations where invalid email diff --git a/CVE-2023-52425-libexpat-2.6.0-backport.patch b/CVE-2023-52425-libexpat-2.6.0-backport.patch index 6238018..7c9bb82 100644 --- a/CVE-2023-52425-libexpat-2.6.0-backport.patch +++ b/CVE-2023-52425-libexpat-2.6.0-backport.patch @@ -1,9 +1,10 @@ --- - Lib/test/support/__init__.py | 9 ++++++++- - Lib/test/test_pyexpat.py | 8 ++++---- + Lib/test/support/__init__.py | 16 ++++++++++++++-- + Lib/test/test_minidom.py | 23 +++++++++-------------- + Lib/test/test_pyexpat.py | 14 +++++++------- Lib/test/test_sax.py | 18 +++++++++--------- - Lib/test/test_xml_etree.py | 12 +++++------- - 4 files changed, 26 insertions(+), 21 deletions(-) + Lib/test/test_xml_etree.py | 12 ------------ + 5 files changed, 39 insertions(+), 44 deletions(-) --- a/Lib/test/support/__init__.py +++ b/Lib/test/support/__init__.py @@ -20,20 +21,75 @@ "ALWAYS_EQ", "NEVER_EQ", "LARGEST", "SMALLEST", "LOOPBACK_TIMEOUT", "INTERNET_TIMEOUT", "SHORT_TIMEOUT", "LONG_TIMEOUT", - "skip_on_s390x", -+ "skip_on_s390x", "fails_with_expat_2_6_0" ++ "skip_on_s390x", "fails_with_expat_2_6_0", "is_expat_2_6_0" ] -@@ -2243,3 +2244,9 @@ def copy_python_src_ignore(path, names): - #Windows doesn't have os.uname() but it doesn't support s390x. +@@ -2240,6 +2241,17 @@ def copy_python_src_ignore(path, names): + } + return ignored + +-#Windows doesn't have os.uname() but it doesn't support s390x. ++ ++# Windows doesn't have os.uname() but it doesn't support s390x. skip_on_s390x = unittest.skipIf(hasattr(os, 'uname') and os.uname().machine == 's390x', 'skipped on s390x') + + -+_null_pyexpat_parser=pyexpat.ParserCreate() ++@functools.lru_cache ++def _is_expat_2_6_0(): ++ return hasattr(pyexpat.ParserCreate(), 'GetReparseDeferralEnabled') ++is_expat_2_6_0 = _is_expat_2_6_0() ++ +fails_with_expat_2_6_0 = (unittest.expectedFailure -+ if hasattr(_null_pyexpat_parser, 'GetReparseDeferralEnabled') else -+ lambda test: test) ++ if is_expat_2_6_0 ++ else lambda test: test) +--- a/Lib/test/test_minidom.py ++++ b/Lib/test/test_minidom.py +@@ -6,7 +6,6 @@ import io + from test import support + import unittest + +-import pyexpat + import xml.dom.minidom + + from xml.dom.minidom import parse, Attr, Node, Document, parseString +@@ -1163,13 +1162,11 @@ class MinidomTest(unittest.TestCase): + + # Verify that character decoding errors raise exceptions instead + # of crashing +- if pyexpat.version_info >= (2, 4, 5): +- self.assertRaises(ExpatError, parseString, +- b'') +- self.assertRaises(ExpatError, parseString, +- b'Comment \xe7a va ? Tr\xe8s bien ?') +- else: +- self.assertRaises(UnicodeDecodeError, parseString, ++ # It doesn’t make any sense to insist on the exact text of the ++ # error message, or even the exact Exception … it is enough that ++ # the error has been discovered. ++ with self.assertRaises((UnicodeDecodeError, ExpatError)): ++ parseString( + b'Comment \xe7a va ? Tr\xe8s bien ?') + + doc.unlink() +@@ -1631,12 +1628,10 @@ class MinidomTest(unittest.TestCase): + self.confirm(doc2.namespaceURI == xml.dom.EMPTY_NAMESPACE) + + def testExceptionOnSpacesInXMLNSValue(self): +- if pyexpat.version_info >= (2, 4, 5): +- context = self.assertRaisesRegex(ExpatError, 'syntax error') +- else: +- context = self.assertRaisesRegex(ValueError, 'Unsupported syntax') +- +- with context: ++ # It doesn’t make any sense to insist on the exact text of the ++ # error message, or even the exact Exception … it is enough that ++ # the error has been discovered. ++ with self.assertRaises((ExpatError, ValueError)): + parseString('') + + def testDocRemoveChild(self): --- a/Lib/test/test_pyexpat.py +++ b/Lib/test/test_pyexpat.py @@ -14,8 +14,7 @@ from test.support import os_helper @@ -42,23 +98,30 @@ -from test.support import sortdict, is_emscripten, is_wasi - -+from test.support import sortdict, is_emscripten, is_wasi, fails_with_expat_2_6_0 ++from test.support import sortdict, is_emscripten, is_wasi, is_expat_2_6_0 class SetAttributeTest(unittest.TestCase): def setUp(self): -@@ -793,6 +792,7 @@ class ReparseDeferralTest(unittest.TestC +@@ -770,9 +769,8 @@ class ReparseDeferralTest(unittest.TestC + self.assertIs(parser.GetReparseDeferralEnabled(), enabled) - self.assertEqual(started, ['doc']) + def test_reparse_deferral_enabled(self): +- if expat.version_info < (2, 6, 0): +- self.skipTest(f'Expat {expat.version_info} does not ' +- 'support reparse deferral') ++ if not is_expat_2_6_0: ++ self.skipTest("Linked libexpat doesn't support reparse deferral") -+ @fails_with_expat_2_6_0 - def test_reparse_deferral_disabled(self): started = [] -@@ -800,9 +800,9 @@ class ReparseDeferralTest(unittest.TestC +@@ -799,10 +797,12 @@ class ReparseDeferralTest(unittest.TestC + def start_element(name, _): started.append(name) ++ if not is_expat_2_6_0: ++ self.skipTest("Linked libexpat doesn't support reparse deferral") ++ parser = expat.ParserCreate() -+ self.assertTrue(hasattr(parser, 'GetReparseDeferralEnabled')) parser.StartElementHandler = start_element - if expat.version_info >= (2, 6, 0): - parser.SetReparseDeferralEnabled(False) @@ -79,47 +142,41 @@ import urllib.request -from test.support import os_helper -from test.support import findfile -+from test.support import os_helper, findfile, fails_with_expat_2_6_0 ++from test.support import os_helper, findfile, is_expat_2_6_0 from test.support.os_helper import FakePath, TESTFN -@@ -1215,9 +1213,7 @@ class ExpatReaderTest(XmlTestBase): +@@ -1215,10 +1213,10 @@ class ExpatReaderTest(XmlTestBase): self.assertEqual(result.getvalue(), start + b"text") - @unittest.skipIf(pyexpat.version_info < (2, 6, 0), - f'Expat {pyexpat.version_info} does not ' - 'support reparse deferral') -+ @fails_with_expat_2_6_0 def test_flush_reparse_deferral_enabled(self): ++ if not is_expat_2_6_0: ++ self.skipTest("Linked libexpat doesn't support reparse deferral") ++ result = BytesIO() xmlgen = XMLGenerator(result) -@@ -1227,6 +1223,8 @@ class ExpatReaderTest(XmlTestBase): - for chunk in (""): - parser.feed(chunk) - -+ self.assertTrue(hasattr(parser._parser, 'GetReparseDeferralEnabled')) -+ - self.assertEqual(result.getvalue(), start) # i.e. no elements started - self.assertTrue(parser._parser.GetReparseDeferralEnabled()) - -@@ -1240,6 +1238,7 @@ class ExpatReaderTest(XmlTestBase): - + parser = create_parser() +@@ -1241,6 +1239,9 @@ class ExpatReaderTest(XmlTestBase): self.assertEqual(result.getvalue(), start + b"") -+ @fails_with_expat_2_6_0 def test_flush_reparse_deferral_disabled(self): ++ if not is_expat_2_6_0: ++ self.skipTest("Linked libexpat doesn't support reparse deferral") ++ result = BytesIO() xmlgen = XMLGenerator(result) -@@ -1249,9 +1248,10 @@ class ExpatReaderTest(XmlTestBase): + parser = create_parser() +@@ -1249,9 +1250,8 @@ class ExpatReaderTest(XmlTestBase): for chunk in (""): parser.feed(chunk) - if pyexpat.version_info >= (2, 6, 0): - parser._parser.SetReparseDeferralEnabled(False) - self.assertEqual(result.getvalue(), start) # i.e. no elements started -+ self.assertTrue(hasattr(parser._parser, 'SetReparseDeferralEnabled')) -+ + parser._parser.SetReparseDeferralEnabled(False) + self.assertEqual(result.getvalue(), start) # i.e. no elements started @@ -135,45 +192,30 @@ import sys import textwrap import types -@@ -26,7 +25,7 @@ from itertools import product, islice - from test import support - from test.support import os_helper - from test.support import warnings_helper --from test.support import findfile, gc_collect, swap_attr, swap_item -+from test.support import findfile, gc_collect, swap_attr, swap_item, fails_with_expat_2_6_0 - from test.support.import_helper import import_fresh_module - from test.support.os_helper import TESTFN - -@@ -1424,9 +1423,11 @@ class XMLPullParserTest(unittest.TestCas +@@ -1424,12 +1423,6 @@ class XMLPullParserTest(unittest.TestCas self.assert_event_tags(parser, [('end', 'root')]) self.assertIsNone(parser.close()) -+ @fails_with_expat_2_6_0 - def test_simple_xml_chunk_1(self): - self.test_simple_xml(chunk_size=1, flush=True) +- def test_simple_xml_chunk_1(self): +- self.test_simple_xml(chunk_size=1, flush=True) +- +- def test_simple_xml_chunk_5(self): +- self.test_simple_xml(chunk_size=5, flush=True) +- + def test_simple_xml_chunk_22(self): + self.test_simple_xml(chunk_size=22) -+ @fails_with_expat_2_6_0 - def test_simple_xml_chunk_5(self): - self.test_simple_xml(chunk_size=5, flush=True) - -@@ -1627,9 +1628,7 @@ class XMLPullParserTest(unittest.TestCas +@@ -1627,9 +1620,6 @@ class XMLPullParserTest(unittest.TestCas with self.assertRaises(ValueError): ET.XMLPullParser(events=('start', 'end', 'bogus')) - @unittest.skipIf(pyexpat.version_info < (2, 6, 0), - f'Expat {pyexpat.version_info} does not ' - 'support reparse deferral') -+ @fails_with_expat_2_6_0 def test_flush_reparse_deferral_enabled(self): parser = ET.XMLPullParser(events=('start', 'end')) -@@ -1651,13 +1650,12 @@ class XMLPullParserTest(unittest.TestCas - - self.assert_event_tags(parser, [('end', 'doc')]) - -+ @fails_with_expat_2_6_0 - def test_flush_reparse_deferral_disabled(self): - parser = ET.XMLPullParser(events=('start', 'end')) +@@ -1656,8 +1646,6 @@ class XMLPullParserTest(unittest.TestCas for chunk in (""): parser.feed(chunk) diff --git a/fix_configure_rst.patch b/fix_configure_rst.patch index 2fabf1b..9fa2590 100644 --- a/fix_configure_rst.patch +++ b/fix_configure_rst.patch @@ -3,11 +3,9 @@ Misc/NEWS | 2 +- 2 files changed, 1 insertion(+), 4 deletions(-) -Index: Python-3.11.8/Doc/using/configure.rst -=================================================================== ---- Python-3.11.8.orig/Doc/using/configure.rst -+++ Python-3.11.8/Doc/using/configure.rst -@@ -41,7 +41,6 @@ General Options +--- a/Doc/using/configure.rst ++++ b/Doc/using/configure.rst +@@ -43,7 +43,6 @@ General Options See :data:`sys.int_info.bits_per_digit `. @@ -15,7 +13,7 @@ Index: Python-3.11.8/Doc/using/configure.rst .. option:: --with-cxx-main=COMPILER Compile the Python ``main()`` function and link Python executable with C++ -@@ -527,13 +526,11 @@ macOS Options +@@ -529,13 +528,11 @@ macOS Options See ``Mac/README.rst``. @@ -29,11 +27,9 @@ Index: Python-3.11.8/Doc/using/configure.rst .. option:: --enable-framework=INSTALLDIR Create a Python.framework rather than a traditional Unix install. Optional -Index: Python-3.11.8/Misc/NEWS -=================================================================== ---- Python-3.11.8.orig/Misc/NEWS -+++ Python-3.11.8/Misc/NEWS -@@ -9411,7 +9411,7 @@ C API +--- a/Misc/NEWS ++++ b/Misc/NEWS +@@ -9768,7 +9768,7 @@ C API - bpo-40939: Removed documentation for the removed ``PyParser_*`` C API. - bpo-43795: The list in :ref:`limited-api-list` now shows the public name diff --git a/python311.changes b/python311.changes index 5bcc5da..14ea885 100644 --- a/python311.changes +++ b/python311.changes @@ -1,3 +1,16 @@ +------------------------------------------------------------------- +Wed May 1 08:39:08 UTC 2024 - Matej Cepl + +- Update CVE-2023-52425-libexpat-2.6.0-backport.patch so that it + uses features sniffing, not just comparing version + number. Include also support-expat-CVE-2022-25236-patched.patch. +- Refresh patches: + - CVE-2023-27043-email-parsing-errors.patch + - fix_configure_rst.patch + - skip_if_buildbot-extend.patch +- Remove included patch: + - support-expat-CVE-2022-25236-patched.patch + ------------------------------------------------------------------- Mon Apr 15 10:31:32 UTC 2024 - Daniel Garcia diff --git a/python311.spec b/python311.spec index e5c3514..effbb92 100644 --- a/python311.spec +++ b/python311.spec @@ -155,9 +155,6 @@ Patch10: skip-test_pyobject_freed_is_freed.patch # PATCH-FIX-SLE fix_configure_rst.patch bpo#43774 mcepl@suse.com # remove duplicate link targets and make documentation with old Sphinx in SLE Patch11: fix_configure_rst.patch -# PATCH-FIX-UPSTREAM support-expat-CVE-2022-25236-patched.patch jsc#SLE-21253 mcepl@suse.com -# Makes Python resilient to changes of API of libexpat -Patch12: support-expat-CVE-2022-25236-patched.patch # PATCH-FIX-UPSTREAM skip_if_buildbot-extend.patch gh#python/cpython#103053 mcepl@suse.com # Skip test_freeze_simple_script Patch13: skip_if_buildbot-extend.patch @@ -429,7 +426,6 @@ other applications. %patch -p1 -P 10 %patch -p1 -P 11 -%patch -p1 -P 12 %patch -p1 -P 13 %patch -p1 -P 14 %patch -p1 -P 15 diff --git a/skip_if_buildbot-extend.patch b/skip_if_buildbot-extend.patch index 55a1b60..fd9a584 100644 --- a/skip_if_buildbot-extend.patch +++ b/skip_if_buildbot-extend.patch @@ -2,11 +2,9 @@ Lib/test/support/__init__.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -Index: Python-3.11.8/Lib/test/support/__init__.py -=================================================================== ---- Python-3.11.8.orig/Lib/test/support/__init__.py -+++ Python-3.11.8/Lib/test/support/__init__.py -@@ -383,7 +383,7 @@ def skip_if_buildbot(reason=None): +--- a/Lib/test/support/__init__.py ++++ b/Lib/test/support/__init__.py +@@ -384,7 +384,7 @@ def skip_if_buildbot(reason=None): if not reason: reason = 'not suitable for buildbots' try: diff --git a/support-expat-CVE-2022-25236-patched.patch b/support-expat-CVE-2022-25236-patched.patch deleted file mode 100644 index d6fbad9..0000000 --- a/support-expat-CVE-2022-25236-patched.patch +++ /dev/null @@ -1,77 +0,0 @@ -From 7da97f61816f3cadaa6788804b22a2434b40e8c5 Mon Sep 17 00:00:00 2001 -From: "Miss Islington (bot)" - <31488909+miss-islington@users.noreply.github.com> -Date: Mon, 21 Feb 2022 08:16:09 -0800 -Subject: [PATCH] bpo-46811: Make test suite support Expat >=2.4.5 (GH-31453) - (GH-31472) - -Curly brackets were never allowed in namespace URIs -according to RFC 3986, and so-called namespace-validating -XML parsers have the right to reject them a invalid URIs. - -libexpat >=2.4.5 has become strcter in that regard due to -related security issues; with ET.XML instantiating a -namespace-aware parser under the hood, this test has no -future in CPython. - -References: -- https://datatracker.ietf.org/doc/html/rfc3968 -- https://www.w3.org/TR/xml-names/ - -Also, test_minidom.py: Support Expat >=2.4.5 -(cherry picked from commit 2cae93832f46b245847bdc252456ddf7742ef45e) - -Co-authored-by: Sebastian Pipping ---- - Lib/test/test_minidom.py | 23 +++++++++-------------- - 1 file changed, 9 insertions(+), 14 deletions(-) - create mode 100644 Misc/NEWS.d/next/Library/2022-02-20-21-03-31.bpo-46811.8BxgdQ.rst - -Index: Python-3.11.8/Lib/test/test_minidom.py -=================================================================== ---- Python-3.11.8.orig/Lib/test/test_minidom.py -+++ Python-3.11.8/Lib/test/test_minidom.py -@@ -6,7 +6,6 @@ import io - from test import support - import unittest - --import pyexpat - import xml.dom.minidom - - from xml.dom.minidom import parse, Attr, Node, Document, parseString -@@ -1163,13 +1162,11 @@ class MinidomTest(unittest.TestCase): - - # Verify that character decoding errors raise exceptions instead - # of crashing -- if pyexpat.version_info >= (2, 4, 5): -- self.assertRaises(ExpatError, parseString, -- b'') -- self.assertRaises(ExpatError, parseString, -- b'Comment \xe7a va ? Tr\xe8s bien ?') -- else: -- self.assertRaises(UnicodeDecodeError, parseString, -+ # It doesn’t make any sense to insist on the exact text of the -+ # error message, or even the exact Exception … it is enough that -+ # the error has been discovered. -+ with self.assertRaises((UnicodeDecodeError, ExpatError)): -+ parseString( - b'Comment \xe7a va ? Tr\xe8s bien ?') - - doc.unlink() -@@ -1631,12 +1628,10 @@ class MinidomTest(unittest.TestCase): - self.confirm(doc2.namespaceURI == xml.dom.EMPTY_NAMESPACE) - - def testExceptionOnSpacesInXMLNSValue(self): -- if pyexpat.version_info >= (2, 4, 5): -- context = self.assertRaisesRegex(ExpatError, 'syntax error') -- else: -- context = self.assertRaisesRegex(ValueError, 'Unsupported syntax') -- -- with context: -+ # It doesn’t make any sense to insist on the exact text of the -+ # error message, or even the exact Exception … it is enough that -+ # the error has been discovered. -+ with self.assertRaises((ExpatError, ValueError)): - parseString('') - - def testDocRemoveChild(self): -- 2.51.1 From 77ce54fe8f12edd1ed79aea671261e21476d23063a51e20ac0935330b4238706 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Wed, 1 May 2024 23:30:08 +0000 Subject: [PATCH 091/135] - Update CVE-2023-52425-libexpat-2.6.0-backport.patch so that it uses features sniffing, not just comparing version number. Include also support-expat-CVE-2022-25236-patched.patch. - Add CVE-2023-52425-remove-reparse_deferral-tests.patch skipping failing tests. OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=124 --- CVE-2023-52425-libexpat-2.6.0-backport.patch | 21 +++---- ...-52425-remove-reparse_deferral-tests.patch | 60 +++++++++++++++++++ python311.changes | 9 ++- python311.spec | 2 + 4 files changed, 77 insertions(+), 15 deletions(-) create mode 100644 CVE-2023-52425-remove-reparse_deferral-tests.patch diff --git a/CVE-2023-52425-libexpat-2.6.0-backport.patch b/CVE-2023-52425-libexpat-2.6.0-backport.patch index 7c9bb82..c1c66b7 100644 --- a/CVE-2023-52425-libexpat-2.6.0-backport.patch +++ b/CVE-2023-52425-libexpat-2.6.0-backport.patch @@ -1,10 +1,10 @@ --- Lib/test/support/__init__.py | 16 ++++++++++++++-- Lib/test/test_minidom.py | 23 +++++++++-------------- - Lib/test/test_pyexpat.py | 14 +++++++------- + Lib/test/test_pyexpat.py | 12 +++++------- Lib/test/test_sax.py | 18 +++++++++--------- Lib/test/test_xml_etree.py | 12 ------------ - 5 files changed, 39 insertions(+), 44 deletions(-) + 5 files changed, 37 insertions(+), 44 deletions(-) --- a/Lib/test/support/__init__.py +++ b/Lib/test/support/__init__.py @@ -38,7 +38,7 @@ + +@functools.lru_cache +def _is_expat_2_6_0(): -+ return hasattr(pyexpat.ParserCreate(), 'GetReparseDeferralEnabled') ++ return hasattr(pyexpat.ParserCreate(), 'SetReparseDeferralEnabled') +is_expat_2_6_0 = _is_expat_2_6_0() + +fails_with_expat_2_6_0 = (unittest.expectedFailure @@ -114,21 +114,18 @@ started = [] -@@ -799,10 +797,12 @@ class ReparseDeferralTest(unittest.TestC - def start_element(name, _): - started.append(name) +@@ -801,9 +799,9 @@ class ReparseDeferralTest(unittest.TestC -+ if not is_expat_2_6_0: -+ self.skipTest("Linked libexpat doesn't support reparse deferral") -+ parser = expat.ParserCreate() parser.StartElementHandler = start_element - if expat.version_info >= (2, 6, 0): -- parser.SetReparseDeferralEnabled(False) -+ parser.SetReparseDeferralEnabled(False) - self.assertFalse(parser.GetReparseDeferralEnabled()) ++ if is_expat_2_6_0: + parser.SetReparseDeferralEnabled(False) +- self.assertFalse(parser.GetReparseDeferralEnabled()) ++ self.assertFalse(parser.GetReparseDeferralEnabled()) for chunk in (b''): + parser.Parse(chunk, False) --- a/Lib/test/test_sax.py +++ b/Lib/test/test_sax.py @@ -19,13 +19,11 @@ from xml.sax.xmlreader import InputSourc diff --git a/CVE-2023-52425-remove-reparse_deferral-tests.patch b/CVE-2023-52425-remove-reparse_deferral-tests.patch new file mode 100644 index 0000000..553bdf8 --- /dev/null +++ b/CVE-2023-52425-remove-reparse_deferral-tests.patch @@ -0,0 +1,60 @@ +--- + Lib/test/test_pyexpat.py | 2 ++ + Lib/test/test_sax.py | 2 ++ + Lib/test/test_xml_etree.py | 2 ++ + 3 files changed, 6 insertions(+) + +--- a/Lib/test/test_pyexpat.py ++++ b/Lib/test/test_pyexpat.py +@@ -768,6 +768,7 @@ class ReparseDeferralTest(unittest.TestC + parser.SetReparseDeferralEnabled(True) + self.assertIs(parser.GetReparseDeferralEnabled(), enabled) + ++ @unittest.skip('Tests are failing.') + def test_reparse_deferral_enabled(self): + if not is_expat_2_6_0: + self.skipTest("Linked libexpat doesn't support reparse deferral") +@@ -791,6 +792,7 @@ class ReparseDeferralTest(unittest.TestC + + self.assertEqual(started, ['doc']) + ++ @unittest.skip('Tests are failing.') + def test_reparse_deferral_disabled(self): + started = [] + +--- a/Lib/test/test_sax.py ++++ b/Lib/test/test_sax.py +@@ -1213,6 +1213,7 @@ class ExpatReaderTest(XmlTestBase): + + self.assertEqual(result.getvalue(), start + b"text") + ++ @unittest.skip('Tests are failing.') + def test_flush_reparse_deferral_enabled(self): + if not is_expat_2_6_0: + self.skipTest("Linked libexpat doesn't support reparse deferral") +@@ -1238,6 +1239,7 @@ class ExpatReaderTest(XmlTestBase): + + self.assertEqual(result.getvalue(), start + b"") + ++ @unittest.skip('Tests are failing.') + def test_flush_reparse_deferral_disabled(self): + if not is_expat_2_6_0: + self.skipTest("Linked libexpat doesn't support reparse deferral") +--- a/Lib/test/test_xml_etree.py ++++ b/Lib/test/test_xml_etree.py +@@ -1620,6 +1620,7 @@ class XMLPullParserTest(unittest.TestCas + with self.assertRaises(ValueError): + ET.XMLPullParser(events=('start', 'end', 'bogus')) + ++ @unittest.skip('Tests are failing.') + def test_flush_reparse_deferral_enabled(self): + parser = ET.XMLPullParser(events=('start', 'end')) + +@@ -1641,6 +1642,7 @@ class XMLPullParserTest(unittest.TestCas + + self.assert_event_tags(parser, [('end', 'doc')]) + ++ @unittest.skip('Tests are failing.') + def test_flush_reparse_deferral_disabled(self): + parser = ET.XMLPullParser(events=('start', 'end')) + diff --git a/python311.changes b/python311.changes index 14ea885..260aca9 100644 --- a/python311.changes +++ b/python311.changes @@ -1,9 +1,12 @@ ------------------------------------------------------------------- Wed May 1 08:39:08 UTC 2024 - Matej Cepl -- Update CVE-2023-52425-libexpat-2.6.0-backport.patch so that it - uses features sniffing, not just comparing version - number. Include also support-expat-CVE-2022-25236-patched.patch. +- Update CVE-2023-52425-libexpat-2.6.0-backport.patch + so that it uses features sniffing, not just + comparing version number. Include also + support-expat-CVE-2022-25236-patched.patch. +- Add CVE-2023-52425-remove-reparse_deferral-tests.patch skipping + failing tests. - Refresh patches: - CVE-2023-27043-email-parsing-errors.patch - fix_configure_rst.patch diff --git a/python311.spec b/python311.spec index effbb92..234dcfe 100644 --- a/python311.spec +++ b/python311.spec @@ -170,6 +170,7 @@ Patch15: bsc1221260-test_asyncio-ResourceWarning.patch # update, this patch changes the tests to match the libexpat provided # by SUSE Patch16: CVE-2023-52425-libexpat-2.6.0-backport.patch +Patch17: CVE-2023-52425-remove-reparse_deferral-tests.patch BuildRequires: autoconf-archive BuildRequires: automake BuildRequires: fdupes @@ -430,6 +431,7 @@ other applications. %patch -p1 -P 14 %patch -p1 -P 15 %patch -p1 -P 16 +%patch -p1 -P 17 # drop Autoconf version requirement sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac -- 2.51.1 From 992cbf442ea64265475efd2c5b067ac0166a3d73fa87ac8820721a9d229e9381 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Fri, 21 Jun 2024 14:02:10 +0000 Subject: [PATCH 092/135] multiple threads (bsc#1226447, CVE-2024-0397). OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=126 --- python311.changes | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/python311.changes b/python311.changes index 260aca9..c17f389 100644 --- a/python311.changes +++ b/python311.changes @@ -43,7 +43,7 @@ Mon Apr 8 05:44:04 UTC 2024 - Daniel Garcia - gh-114572: ssl.SSLContext.cert_store_stats() and ssl.SSLContext.get_ca_certs() now correctly lock access to the certificate store, when the ssl.SSLContext is shared across - multiple threads. + multiple threads (bsc#1226447, CVE-2024-0397). * Core and Builtins - gh-116296: Fix possible refleak in object.__reduce__() internal error handling. -- 2.51.1 From 2f6f68cb45fc6fe6195140180e976639bab4ebeb857bdc694fd63da835a6cde3 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Tue, 25 Jun 2024 21:58:48 +0000 Subject: [PATCH 093/135] - Add CVE-2024-4032-private-IP-addrs.patch to fix bsc#1226448 (CVE-2024-4032) rearranging definition of private v global IP addresses. OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=127 --- CVE-2024-4032-private-IP-addrs.patch | 366 +++++++++++++++++++++++++++ python311.changes | 7 + python311.spec | 4 + 3 files changed, 377 insertions(+) create mode 100644 CVE-2024-4032-private-IP-addrs.patch diff --git a/CVE-2024-4032-private-IP-addrs.patch b/CVE-2024-4032-private-IP-addrs.patch new file mode 100644 index 0000000..7793e7d --- /dev/null +++ b/CVE-2024-4032-private-IP-addrs.patch @@ -0,0 +1,366 @@ +From b47c766d6085d7918edd7715750d135868fdafd6 Mon Sep 17 00:00:00 2001 +From: Petr Viktorin +Date: Wed, 24 Apr 2024 14:29:30 +0200 +Subject: [PATCH] gh-113171: gh-65056: Fix "private" (non-global) IP address + ranges (GH-113179) (GH-113186) (GH-118177) + +* GH-113171: Fix "private" (non-global) IP address ranges (GH-113179) + +The _private_networks variables, used by various is_private +implementations, were missing some ranges and at the same time had +overly strict ranges (where there are more specific ranges considered +globally reachable by the IANA registries). + +This patch updates the ranges with what was missing or otherwise +incorrect. + +100.64.0.0/10 is left alone, for now, as it's been made special in [1]. + +The _address_exclude_many() call returns 8 networks for IPv4, 121 +networks for IPv6. + +[1] https://github.com/python/cpython/issues/61602 + +* GH-65056: Improve the IP address' is_global/is_private documentation (GH-113186) + +It wasn't clear what the semantics of is_global/is_private are and, when +one gets to the bottom of it, it's not quite so simple (hence the +exceptions listed). + +(cherry picked from commit 2a4cbf17af19a01d942f9579342f77c39fbd23c4) +(cherry picked from commit 40d75c2b7f5c67e254d0a025e0f2e2c7ada7f69f) + +--------- + +(cherry picked from commit f86b17ac511e68192ba71f27e752321a3252cee3) + +Co-authored-by: Jakub Stasiak +--- + Doc/library/ipaddress.rst | 43 +++- + Doc/whatsnew/3.11.rst | 9 + Lib/ipaddress.py | 105 +++++++--- + Lib/test/test_ipaddress.py | 21 +- + Misc/NEWS.d/next/Library/2024-03-14-01-38-44.gh-issue-113171.VFnObz.rst | 9 + 5 files changed, 160 insertions(+), 27 deletions(-) + create mode 100644 Misc/NEWS.d/next/Library/2024-03-14-01-38-44.gh-issue-113171.VFnObz.rst + +--- a/Doc/library/ipaddress.rst ++++ b/Doc/library/ipaddress.rst +@@ -178,18 +178,53 @@ write code that handles both IP versions + + .. attribute:: is_private + +- ``True`` if the address is allocated for private networks. See ++ ``True`` if the address is defined as not globally reachable by + iana-ipv4-special-registry_ (for IPv4) or iana-ipv6-special-registry_ +- (for IPv6). ++ (for IPv6) with the following exceptions: ++ ++ * ``is_private`` is ``False`` for the shared address space (``100.64.0.0/10``) ++ * For IPv4-mapped IPv6-addresses the ``is_private`` value is determined by the ++ semantics of the underlying IPv4 addresses and the following condition holds ++ (see :attr:`IPv6Address.ipv4_mapped`):: ++ ++ address.is_private == address.ipv4_mapped.is_private ++ ++ ``is_private`` has value opposite to :attr:`is_global`, except for the shared address space ++ (``100.64.0.0/10`` range) where they are both ``False``. ++ ++ .. versionchanged:: 3.11.10 ++ ++ Fixed some false positives and false negatives. ++ ++ * ``192.0.0.0/24`` is considered private with the exception of ``192.0.0.9/32`` and ++ ``192.0.0.10/32`` (previously: only the ``192.0.0.0/29`` sub-range was considered private). ++ * ``64:ff9b:1::/48`` is considered private. ++ * ``2002::/16`` is considered private. ++ * There are exceptions within ``2001::/23`` (otherwise considered private): ``2001:1::1/128``, ++ ``2001:1::2/128``, ``2001:3::/32``, ``2001:4:112::/48``, ``2001:20::/28``, ``2001:30::/28``. ++ The exceptions are not considered private. + + .. attribute:: is_global + +- ``True`` if the address is allocated for public networks. See ++ ``True`` if the address is defined as globally reachable by + iana-ipv4-special-registry_ (for IPv4) or iana-ipv6-special-registry_ +- (for IPv6). ++ (for IPv6) with the following exception: ++ ++ For IPv4-mapped IPv6-addresses the ``is_private`` value is determined by the ++ semantics of the underlying IPv4 addresses and the following condition holds ++ (see :attr:`IPv6Address.ipv4_mapped`):: ++ ++ address.is_global == address.ipv4_mapped.is_global ++ ++ ``is_global`` has value opposite to :attr:`is_private`, except for the shared address space ++ (``100.64.0.0/10`` range) where they are both ``False``. + + .. versionadded:: 3.4 + ++ .. versionchanged:: 3.11.10 ++ ++ Fixed some false positives and false negatives, see :attr:`is_private` for details. ++ + .. attribute:: is_unspecified + + ``True`` if the address is unspecified. See :RFC:`5735` (for IPv4) +--- a/Doc/whatsnew/3.11.rst ++++ b/Doc/whatsnew/3.11.rst +@@ -2727,3 +2727,12 @@ OpenSSL + * Windows builds and macOS installers from python.org now use OpenSSL 3.0. + + .. _libb2: https://www.blake2.net/ ++ ++Notable changes in 3.11.10 ++========================== ++ ++ipaddress ++--------- ++ ++* Fixed ``is_global`` and ``is_private`` behavior in ``IPv4Address``, ++ ``IPv6Address``, ``IPv4Network`` and ``IPv6Network``. +--- a/Lib/ipaddress.py ++++ b/Lib/ipaddress.py +@@ -1086,7 +1086,11 @@ class _BaseNetwork(_IPAddressBase): + """ + return any(self.network_address in priv_network and + self.broadcast_address in priv_network +- for priv_network in self._constants._private_networks) ++ for priv_network in self._constants._private_networks) and all( ++ self.network_address not in network and ++ self.broadcast_address not in network ++ for network in self._constants._private_networks_exceptions ++ ) + + @property + def is_global(self): +@@ -1333,18 +1337,41 @@ class IPv4Address(_BaseV4, _BaseAddress) + @property + @functools.lru_cache() + def is_private(self): +- """Test if this address is allocated for private networks. +- +- Returns: +- A boolean, True if the address is reserved per +- iana-ipv4-special-registry. +- +- """ +- return any(self in net for net in self._constants._private_networks) ++ """``True`` if the address is defined as not globally reachable by ++ iana-ipv4-special-registry_ (for IPv4) or iana-ipv6-special-registry_ ++ (for IPv6) with the following exceptions: ++ ++ * ``is_private`` is ``False`` for ``100.64.0.0/10`` ++ * For IPv4-mapped IPv6-addresses the ``is_private`` value is determined by the ++ semantics of the underlying IPv4 addresses and the following condition holds ++ (see :attr:`IPv6Address.ipv4_mapped`):: ++ ++ address.is_private == address.ipv4_mapped.is_private ++ ++ ``is_private`` has value opposite to :attr:`is_global`, except for the ``100.64.0.0/10`` ++ IPv4 range where they are both ``False``. ++ """ ++ return ( ++ any(self in net for net in self._constants._private_networks) ++ and all(self not in net for net in self._constants._private_networks_exceptions) ++ ) + + @property + @functools.lru_cache() + def is_global(self): ++ """``True`` if the address is defined as globally reachable by ++ iana-ipv4-special-registry_ (for IPv4) or iana-ipv6-special-registry_ ++ (for IPv6) with the following exception: ++ ++ For IPv4-mapped IPv6-addresses the ``is_private`` value is determined by the ++ semantics of the underlying IPv4 addresses and the following condition holds ++ (see :attr:`IPv6Address.ipv4_mapped`):: ++ ++ address.is_global == address.ipv4_mapped.is_global ++ ++ ``is_global`` has value opposite to :attr:`is_private`, except for the ``100.64.0.0/10`` ++ IPv4 range where they are both ``False``. ++ """ + return self not in self._constants._public_network and not self.is_private + + @property +@@ -1548,13 +1575,15 @@ class _IPv4Constants: + + _public_network = IPv4Network('100.64.0.0/10') + ++ # Not globally reachable address blocks listed on ++ # https://www.iana.org/assignments/iana-ipv4-special-registry/iana-ipv4-special-registry.xhtml + _private_networks = [ + IPv4Network('0.0.0.0/8'), + IPv4Network('10.0.0.0/8'), + IPv4Network('127.0.0.0/8'), + IPv4Network('169.254.0.0/16'), + IPv4Network('172.16.0.0/12'), +- IPv4Network('192.0.0.0/29'), ++ IPv4Network('192.0.0.0/24'), + IPv4Network('192.0.0.170/31'), + IPv4Network('192.0.2.0/24'), + IPv4Network('192.168.0.0/16'), +@@ -1565,6 +1594,11 @@ class _IPv4Constants: + IPv4Network('255.255.255.255/32'), + ] + ++ _private_networks_exceptions = [ ++ IPv4Network('192.0.0.9/32'), ++ IPv4Network('192.0.0.10/32'), ++ ] ++ + _reserved_network = IPv4Network('240.0.0.0/4') + + _unspecified_address = IPv4Address('0.0.0.0') +@@ -2010,27 +2044,42 @@ class IPv6Address(_BaseV6, _BaseAddress) + @property + @functools.lru_cache() + def is_private(self): +- """Test if this address is allocated for private networks. ++ """``True`` if the address is defined as not globally reachable by ++ iana-ipv4-special-registry_ (for IPv4) or iana-ipv6-special-registry_ ++ (for IPv6) with the following exceptions: ++ ++ * ``is_private`` is ``False`` for ``100.64.0.0/10`` ++ * For IPv4-mapped IPv6-addresses the ``is_private`` value is determined by the ++ semantics of the underlying IPv4 addresses and the following condition holds ++ (see :attr:`IPv6Address.ipv4_mapped`):: + +- Returns: +- A boolean, True if the address is reserved per +- iana-ipv6-special-registry, or is ipv4_mapped and is +- reserved in the iana-ipv4-special-registry. ++ address.is_private == address.ipv4_mapped.is_private + ++ ``is_private`` has value opposite to :attr:`is_global`, except for the ``100.64.0.0/10`` ++ IPv4 range where they are both ``False``. + """ + ipv4_mapped = self.ipv4_mapped + if ipv4_mapped is not None: + return ipv4_mapped.is_private +- return any(self in net for net in self._constants._private_networks) ++ return ( ++ any(self in net for net in self._constants._private_networks) ++ and all(self not in net for net in self._constants._private_networks_exceptions) ++ ) + + @property + def is_global(self): +- """Test if this address is allocated for public networks. ++ """``True`` if the address is defined as globally reachable by ++ iana-ipv4-special-registry_ (for IPv4) or iana-ipv6-special-registry_ ++ (for IPv6) with the following exception: ++ ++ For IPv4-mapped IPv6-addresses the ``is_private`` value is determined by the ++ semantics of the underlying IPv4 addresses and the following condition holds ++ (see :attr:`IPv6Address.ipv4_mapped`):: + +- Returns: +- A boolean, true if the address is not reserved per +- iana-ipv6-special-registry. ++ address.is_global == address.ipv4_mapped.is_global + ++ ``is_global`` has value opposite to :attr:`is_private`, except for the ``100.64.0.0/10`` ++ IPv4 range where they are both ``False``. + """ + return not self.is_private + +@@ -2271,19 +2320,31 @@ class _IPv6Constants: + + _multicast_network = IPv6Network('ff00::/8') + ++ # Not globally reachable address blocks listed on ++ # https://www.iana.org/assignments/iana-ipv6-special-registry/iana-ipv6-special-registry.xhtml + _private_networks = [ + IPv6Network('::1/128'), + IPv6Network('::/128'), + IPv6Network('::ffff:0:0/96'), ++ IPv6Network('64:ff9b:1::/48'), + IPv6Network('100::/64'), + IPv6Network('2001::/23'), +- IPv6Network('2001:2::/48'), + IPv6Network('2001:db8::/32'), +- IPv6Network('2001:10::/28'), ++ # IANA says N/A, let's consider it not globally reachable to be safe ++ IPv6Network('2002::/16'), + IPv6Network('fc00::/7'), + IPv6Network('fe80::/10'), + ] + ++ _private_networks_exceptions = [ ++ IPv6Network('2001:1::1/128'), ++ IPv6Network('2001:1::2/128'), ++ IPv6Network('2001:3::/32'), ++ IPv6Network('2001:4:112::/48'), ++ IPv6Network('2001:20::/28'), ++ IPv6Network('2001:30::/28'), ++ ] ++ + _reserved_networks = [ + IPv6Network('::/8'), IPv6Network('100::/8'), + IPv6Network('200::/7'), IPv6Network('400::/6'), +--- a/Lib/test/test_ipaddress.py ++++ b/Lib/test/test_ipaddress.py +@@ -2269,6 +2269,10 @@ class IpaddrUnitTest(unittest.TestCase): + self.assertEqual(True, ipaddress.ip_address( + '172.31.255.255').is_private) + self.assertEqual(False, ipaddress.ip_address('172.32.0.0').is_private) ++ self.assertFalse(ipaddress.ip_address('192.0.0.0').is_global) ++ self.assertTrue(ipaddress.ip_address('192.0.0.9').is_global) ++ self.assertTrue(ipaddress.ip_address('192.0.0.10').is_global) ++ self.assertFalse(ipaddress.ip_address('192.0.0.255').is_global) + + self.assertEqual(True, + ipaddress.ip_address('169.254.100.200').is_link_local) +@@ -2294,6 +2298,7 @@ class IpaddrUnitTest(unittest.TestCase): + self.assertEqual(True, ipaddress.ip_network("169.254.0.0/16").is_private) + self.assertEqual(True, ipaddress.ip_network("172.16.0.0/12").is_private) + self.assertEqual(True, ipaddress.ip_network("192.0.0.0/29").is_private) ++ self.assertEqual(False, ipaddress.ip_network("192.0.0.9/32").is_private) + self.assertEqual(True, ipaddress.ip_network("192.0.0.170/31").is_private) + self.assertEqual(True, ipaddress.ip_network("192.0.2.0/24").is_private) + self.assertEqual(True, ipaddress.ip_network("192.168.0.0/16").is_private) +@@ -2310,8 +2315,8 @@ class IpaddrUnitTest(unittest.TestCase): + self.assertEqual(True, ipaddress.ip_network("::/128").is_private) + self.assertEqual(True, ipaddress.ip_network("::ffff:0:0/96").is_private) + self.assertEqual(True, ipaddress.ip_network("100::/64").is_private) +- self.assertEqual(True, ipaddress.ip_network("2001::/23").is_private) + self.assertEqual(True, ipaddress.ip_network("2001:2::/48").is_private) ++ self.assertEqual(False, ipaddress.ip_network("2001:3::/48").is_private) + self.assertEqual(True, ipaddress.ip_network("2001:db8::/32").is_private) + self.assertEqual(True, ipaddress.ip_network("2001:10::/28").is_private) + self.assertEqual(True, ipaddress.ip_network("fc00::/7").is_private) +@@ -2390,6 +2395,20 @@ class IpaddrUnitTest(unittest.TestCase): + self.assertEqual(True, ipaddress.ip_address('0::0').is_unspecified) + self.assertEqual(False, ipaddress.ip_address('::1').is_unspecified) + ++ self.assertFalse(ipaddress.ip_address('64:ff9b:1::').is_global) ++ self.assertFalse(ipaddress.ip_address('2001::').is_global) ++ self.assertTrue(ipaddress.ip_address('2001:1::1').is_global) ++ self.assertTrue(ipaddress.ip_address('2001:1::2').is_global) ++ self.assertFalse(ipaddress.ip_address('2001:2::').is_global) ++ self.assertTrue(ipaddress.ip_address('2001:3::').is_global) ++ self.assertFalse(ipaddress.ip_address('2001:4::').is_global) ++ self.assertTrue(ipaddress.ip_address('2001:4:112::').is_global) ++ self.assertFalse(ipaddress.ip_address('2001:10::').is_global) ++ self.assertTrue(ipaddress.ip_address('2001:20::').is_global) ++ self.assertTrue(ipaddress.ip_address('2001:30::').is_global) ++ self.assertFalse(ipaddress.ip_address('2001:40::').is_global) ++ self.assertFalse(ipaddress.ip_address('2002::').is_global) ++ + # some generic IETF reserved addresses + self.assertEqual(True, ipaddress.ip_address('100::').is_reserved) + self.assertEqual(True, ipaddress.ip_network('4000::1/128').is_reserved) +--- /dev/null ++++ b/Misc/NEWS.d/next/Library/2024-03-14-01-38-44.gh-issue-113171.VFnObz.rst +@@ -0,0 +1,9 @@ ++Fixed various false positives and false negatives in ++ ++* :attr:`ipaddress.IPv4Address.is_private` (see these docs for details) ++* :attr:`ipaddress.IPv4Address.is_global` ++* :attr:`ipaddress.IPv6Address.is_private` ++* :attr:`ipaddress.IPv6Address.is_global` ++ ++Also in the corresponding :class:`ipaddress.IPv4Network` and :class:`ipaddress.IPv6Network` ++attributes. diff --git a/python311.changes b/python311.changes index c17f389..dc8b4ee 100644 --- a/python311.changes +++ b/python311.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Tue Jun 25 21:57:40 UTC 2024 - Matej Cepl + +- Add CVE-2024-4032-private-IP-addrs.patch to fix bsc#1226448 + (CVE-2024-4032) rearranging definition of private v global IP + addresses. + ------------------------------------------------------------------- Wed May 1 08:39:08 UTC 2024 - Matej Cepl diff --git a/python311.spec b/python311.spec index 234dcfe..961cd2a 100644 --- a/python311.spec +++ b/python311.spec @@ -171,6 +171,9 @@ Patch15: bsc1221260-test_asyncio-ResourceWarning.patch # by SUSE Patch16: CVE-2023-52425-libexpat-2.6.0-backport.patch Patch17: CVE-2023-52425-remove-reparse_deferral-tests.patch +# PATCH-FIX-UPSTREAM CVE-2024-4032-private-IP-addrs.patch bsc#1226448 mcepl@suse.com +# rearrange definition of private v global IP addresses +Patch18: CVE-2024-4032-private-IP-addrs.patch BuildRequires: autoconf-archive BuildRequires: automake BuildRequires: fdupes @@ -432,6 +435,7 @@ other applications. %patch -p1 -P 15 %patch -p1 -P 16 %patch -p1 -P 17 +%patch -p1 -P 18 # drop Autoconf version requirement sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac -- 2.51.1 From 1170d3a502339deaae35ac06130484ef225f15c379cb61a45548c6e28bcca946 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Thu, 4 Jul 2024 13:17:01 +0000 Subject: [PATCH 094/135] Accepting request 1184845 from home:dgarcia:usr-local-cpython - Update F00251-change-user-install-location.patch to make pip and modern tools install directly in /usr/local when used by the user. bsc#1225660 OBS-URL: https://build.opensuse.org/request/show/1184845 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=129 --- F00251-change-user-install-location.patch | 153 ++++++++++++++++++++++ python311.changes | 7 + python311.spec | 2 +- 3 files changed, 161 insertions(+), 1 deletion(-) diff --git a/F00251-change-user-install-location.patch b/F00251-change-user-install-location.patch index d659f81..fa38a94 100644 --- a/F00251-change-user-install-location.patch +++ b/F00251-change-user-install-location.patch @@ -60,3 +60,156 @@ Index: Python-3.11.8/Lib/site.py for sitedir in getsitepackages(prefixes): if os.path.isdir(sitedir): addsitedir(sitedir, known_paths) + +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= +Date: Mon, 15 Feb 2021 12:19:27 +0100 +Subject: [PATCH] 00251: Change user install location +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Set values of base and platbase in sysconfig from /usr +to /usr/local when RPM build is not detected +to make pip and similar tools install into separate location. + +Fedora Change: https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe +Downstream only. + +We've tried to rework in Fedora 36/Python 3.10 to follow https://bugs.python.org/issue43976 +but we have identified serious problems with that approach, +see https://bugzilla.redhat.com/2026979 or https://bugzilla.redhat.com/2097183 + +pypa/distutils integration: https://github.com/pypa/distutils/pull/70 + +Co-authored-by: Petr Viktorin +Co-authored-by: Miro Hrončok +Co-authored-by: Michal Cyprian +Co-authored-by: Lumír Balhar +--- + Lib/site.py | 9 ++++++- + Lib/sysconfig.py | 49 +++++++++++++++++++++++++++++++++++++- + Lib/test/test_sysconfig.py | 17 +++++++++++-- + 3 files changed, 71 insertions(+), 4 deletions(-) + +Index: Python-3.11.9/Lib/sysconfig.py +=================================================================== +--- Python-3.11.9.orig/Lib/sysconfig.py ++++ Python-3.11.9/Lib/sysconfig.py +@@ -103,6 +103,11 @@ if os.name == 'nt': + else: + _INSTALL_SCHEMES['venv'] = _INSTALL_SCHEMES['posix_venv'] + ++# For a brief period of time in the Fedora 36 life cycle, ++# this installation scheme existed and was documented in the release notes. ++# For backwards compatibility, we keep it here (at least on 3.10 and 3.11). ++_INSTALL_SCHEMES['rpm_prefix'] = _INSTALL_SCHEMES['posix_prefix'] ++ + + # NOTE: site.py has copy of this function. + # Sync it when modify this function. +@@ -162,6 +167,19 @@ if _HAS_USER_BASE: + }, + } + ++# This is used by distutils.command.install in the stdlib ++# as well as pypa/distutils (e.g. bundled in setuptools). ++# The self.prefix value is set to sys.prefix + /local/ ++# if neither RPM build nor virtual environment is ++# detected to make distutils install packages ++# into the separate location. ++# https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe ++if (not (hasattr(sys, 'real_prefix') or ++ sys.prefix != sys.base_prefix) and ++ 'RPM_BUILD_ROOT' not in os.environ): ++ _prefix_addition = '/local' ++ ++ + _SCHEME_KEYS = ('stdlib', 'platstdlib', 'purelib', 'platlib', 'include', + 'scripts', 'data') + +@@ -258,11 +276,40 @@ def _extend_dict(target_dict, other_dict + target_dict[key] = value + + ++_CONFIG_VARS_LOCAL = None ++ ++ ++def _config_vars_local(): ++ # This function returns the config vars with prefixes amended to /usr/local ++ # https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe ++ global _CONFIG_VARS_LOCAL ++ if _CONFIG_VARS_LOCAL is None: ++ _CONFIG_VARS_LOCAL = dict(get_config_vars()) ++ _CONFIG_VARS_LOCAL['base'] = '/usr/local' ++ _CONFIG_VARS_LOCAL['platbase'] = '/usr/local' ++ return _CONFIG_VARS_LOCAL ++ ++ + def _expand_vars(scheme, vars): + res = {} + if vars is None: + vars = {} +- _extend_dict(vars, get_config_vars()) ++ ++ # when we are not in a virtual environment or an RPM build ++ # we change '/usr' to '/usr/local' ++ # to avoid surprises, we explicitly check for the /usr/ prefix ++ # Python virtual environments have different prefixes ++ # we only do this for posix_prefix, not to mangle the venv scheme ++ # posix_prefix is used by sudo pip install ++ # we only change the defaults here, so explicit --prefix will take precedence ++ # https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe ++ if (scheme == 'posix_prefix' and ++ _PREFIX == '/usr' and ++ 'RPM_BUILD_ROOT' not in os.environ): ++ _extend_dict(vars, _config_vars_local()) ++ else: ++ _extend_dict(vars, get_config_vars()) ++ + if os.name == 'nt': + # On Windows we want to substitute 'lib' for schemes rather + # than the native value (without modifying vars, in case it +Index: Python-3.11.9/Lib/test/test_sysconfig.py +=================================================================== +--- Python-3.11.9.orig/Lib/test/test_sysconfig.py ++++ Python-3.11.9/Lib/test/test_sysconfig.py +@@ -111,8 +111,19 @@ class TestSysConfig(unittest.TestCase): + for scheme in _INSTALL_SCHEMES: + for name in _INSTALL_SCHEMES[scheme]: + expected = _INSTALL_SCHEMES[scheme][name].format(**config_vars) ++ tested = get_path(name, scheme) ++ # https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe ++ if tested.startswith('/usr/local'): ++ # /usr/local should only be used in posix_prefix ++ self.assertEqual(scheme, 'posix_prefix') ++ # Fedora CI runs tests for venv and virtualenv that check for other prefixes ++ self.assertEqual(sys.prefix, '/usr') ++ # When building the RPM of Python, %check runs this with RPM_BUILD_ROOT set ++ # Fedora CI runs this with RPM_BUILD_ROOT unset ++ self.assertNotIn('RPM_BUILD_ROOT', os.environ) ++ tested = tested.replace('/usr/local', '/usr') + self.assertEqual( +- os.path.normpath(get_path(name, scheme)), ++ os.path.normpath(tested), + os.path.normpath(expected), + ) + +@@ -345,7 +356,7 @@ class TestSysConfig(unittest.TestCase): + self.assertTrue(os.path.isfile(config_h), config_h) + + def test_get_scheme_names(self): +- wanted = ['nt', 'posix_home', 'posix_prefix', 'posix_venv', 'nt_venv', 'venv'] ++ wanted = ['nt', 'posix_home', 'posix_prefix', 'posix_venv', 'nt_venv', 'venv', 'rpm_prefix'] + if HAS_USER_BASE: + wanted.extend(['nt_user', 'osx_framework_user', 'posix_user']) + self.assertEqual(get_scheme_names(), tuple(sorted(wanted))) +@@ -357,6 +368,8 @@ class TestSysConfig(unittest.TestCase): + cmd = "-c", "import sysconfig; print(sysconfig.get_platform())" + self.assertEqual(py.call_real(*cmd), py.call_link(*cmd)) + ++ @unittest.skipIf('RPM_BUILD_ROOT' not in os.environ, ++ "Test doesn't expect Fedora's paths") + def test_user_similar(self): + # Issue #8759: make sure the posix scheme for the users + # is similar to the global posix_prefix one diff --git a/python311.changes b/python311.changes index dc8b4ee..da9ab36 100644 --- a/python311.changes +++ b/python311.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Tue Jul 2 10:32:58 UTC 2024 - Daniel Garcia + +- Update F00251-change-user-install-location.patch to make pip and + modern tools install directly in /usr/local when used by the user. + bsc#1225660 + ------------------------------------------------------------------- Tue Jun 25 21:57:40 UTC 2024 - Matej Cepl diff --git a/python311.spec b/python311.spec index 961cd2a..fae7615 100644 --- a/python311.spec +++ b/python311.spec @@ -127,7 +127,7 @@ Source99: python.keyring Source100: PACKAGING-NOTES # PATCH-FEATURE-UPSTREAM F00251-change-user-install-location.patch bsc#[0-9]+ mcepl@suse.com # Fix installation in /usr/local (boo#1071941), originally from Fedora -# https://src.fedoraproject.org/rpms/python3/blob/master/f/00251-change-user-install-location.patch +# https://src.fedoraproject.org/rpms/python3.12/blob/rawhide/f/00251-change-user-install-location.patch # Set values of prefix and exec_prefix in distutils install command # to /usr/local if executable is /usr/bin/python* and RPM build # is not detected to make pip and distutils install into separate location -- 2.51.1 From 63b5b7e315c889927e51d95a4bede57eb46094474272d75ef8a214a3098b65b2 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Mon, 15 Jul 2024 12:14:33 +0000 Subject: [PATCH 095/135] - Stop using %%defattr, it seems to be breaking proper executable attributes on /usr/bin/ scripts (bsc#1227378). OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=131 --- python311.changes | 6 ++++++ python311.spec | 11 ----------- 2 files changed, 6 insertions(+), 11 deletions(-) diff --git a/python311.changes b/python311.changes index da9ab36..1051020 100644 --- a/python311.changes +++ b/python311.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Mon Jul 15 12:14:05 UTC 2024 - Matej Cepl + +- Stop using %%defattr, it seems to be breaking proper executable + attributes on /usr/bin/ scripts (bsc#1227378). + ------------------------------------------------------------------- Tue Jul 2 10:32:58 UTC 2024 - Daniel Garcia diff --git a/python311.spec b/python311.spec index fae7615..8b54981 100644 --- a/python311.spec +++ b/python311.spec @@ -790,25 +790,21 @@ echo %{sitedir}/_import_failed > %{buildroot}/%{sitedir}/site-packages/zzzz-impo %if %{with general} %files -n %{python_pkg_name}-tk -%defattr(644, root, root, 755) %{sitedir}/tkinter %exclude %{sitedir}/tkinter/test %{dynlib _tkinter} %files -n %{python_pkg_name}-curses -%defattr(644, root, root, 755) %{sitedir}/curses %{dynlib _curses} %{dynlib _curses_panel} %files -n %{python_pkg_name}-dbm -%defattr(644, root, root, 755) %{sitedir}/dbm %{dynlib _dbm} %{dynlib _gdbm} %files -n %{python_pkg_name} -%defattr(644, root, root, 755) %dir %{sitedir} %dir %{sitedir}/lib-dynload %{sitedir}/sqlite3 @@ -820,7 +816,6 @@ echo %{sitedir}/_import_failed > %{buildroot}/%{sitedir}/site-packages/zzzz-impo %endif %files -n %{python_pkg_name}-idle -%defattr(644, root, root, 755) %{sitedir}/idlelib %dir %{_sysconfdir}/idle%{python_version} %config %{_sysconfdir}/idle%{python_version}/* @@ -857,11 +852,9 @@ echo %{sitedir}/_import_failed > %{buildroot}/%{sitedir}/site-packages/zzzz-impo %postun -n libpython%{so_version} -p /sbin/ldconfig %files -n libpython%{so_version} -%defattr(644, root,root) %{_libdir}/libpython%{python_abi}.so.%{so_major}.%{so_minor} %files -n %{python_pkg_name}-tools -%defattr(644, root, root, 755) %{sitedir}/turtledemo %if %{primary_interpreter} %{_bindir}/2to3 @@ -870,7 +863,6 @@ echo %{sitedir}/_import_failed > %{buildroot}/%{sitedir}/site-packages/zzzz-impo %doc %{_docdir}/%{name}/Tools %files -n %{python_pkg_name}-devel -%defattr(644, root, root, 755) %{_libdir}/libpython%{python_abi}.so %if %{primary_interpreter} %{_libdir}/libpython3.so @@ -878,7 +870,6 @@ echo %{sitedir}/_import_failed > %{buildroot}/%{sitedir}/site-packages/zzzz-impo %{_libdir}/pkgconfig/* %{_includedir}/python%{python_abi} %{sitedir}/config-%{python_abi}-* -%defattr(755, root, root) %{_bindir}/python%{python_abi}-config %if %{primary_interpreter} %{_bindir}/python3-config @@ -891,7 +882,6 @@ echo %{sitedir}/_import_failed > %{buildroot}/%{sitedir}/site-packages/zzzz-impo %{_datadir}/gdb/auto-load/%{_libdir}/libpython%{python_abi}.so.%{so_major}.%{so_minor}-gdb.py %files -n %{python_pkg_name}-testsuite -%defattr(644, root, root, 755) %{sitedir}/test %{sitedir}/*/test %{sitedir}/*/tests @@ -908,7 +898,6 @@ echo %{sitedir}/_import_failed > %{buildroot}/%{sitedir}/site-packages/zzzz-impo %dir %{sitedir}/tkinter %files -n %{python_pkg_name}-base -%defattr(644, root, root, 755) # docs %dir %{_docdir}/%{name} %doc %{_docdir}/%{name}/README.rst -- 2.51.1 From 511b0d3f92b381e012b528e0fdb87799cb3810877b1d9de79fccacc90c9c02a1 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Thu, 18 Jul 2024 22:39:01 +0000 Subject: [PATCH 096/135] - Adding bso1227999-reproducible-builds.patch fixing bsc#1227999 adding reproducibility patches from gh#python/cpython!121872 and gh#python/cpython!121883. - Trying %autopatch again (bsc#1189495 seems to be fixed) OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=132 --- bso1227999-reproducible-builds.patch | 37 ++++++++++++++++++++++++++++ python311.changes | 8 ++++++ python311.spec | 20 ++++----------- 3 files changed, 50 insertions(+), 15 deletions(-) create mode 100644 bso1227999-reproducible-builds.patch diff --git a/bso1227999-reproducible-builds.patch b/bso1227999-reproducible-builds.patch new file mode 100644 index 0000000..fb33d18 --- /dev/null +++ b/bso1227999-reproducible-builds.patch @@ -0,0 +1,37 @@ +From ac2b8869724d7a57d9b5efbdce2f20423214e8bb Mon Sep 17 00:00:00 2001 +From: "Bernhard M. Wiedemann" +Date: Tue, 16 Jul 2024 21:39:33 +0200 +Subject: [PATCH] Allow to override build date with SOURCE_DATE_EPOCH + +to make builds reproducible. +See https://reproducible-builds.org/ for why this is good +and https://reproducible-builds.org/specs/source-date-epoch/ +for the definition of this variable. +--- + Doc/conf.py | 3 ++- + Doc/library/functions.rst | 2 +- + 2 files changed, 3 insertions(+), 2 deletions(-) + +--- a/Doc/conf.py ++++ b/Doc/conf.py +@@ -316,7 +316,8 @@ html_context = { + } + + # This 'Last updated on:' timestamp is inserted at the bottom of every page. +-html_last_updated_fmt = time.strftime('%b %d, %Y (%H:%M UTC)', time.gmtime()) ++html_time = int(os.environ.get('SOURCE_DATE_EPOCH', time.time())) ++html_last_updated_fmt = time.strftime('%b %d, %Y (%H:%M UTC)', time.gmtime(html_time)) + + # Path to find HTML templates. + templates_path = ['tools/templates'] +--- a/Doc/library/functions.rst ++++ b/Doc/library/functions.rst +@@ -1356,7 +1356,7 @@ are always available. They are listed h + (where :func:`open` is declared), :mod:`os`, :mod:`os.path`, :mod:`tempfile`, + and :mod:`shutil`. + +- .. audit-event:: open file,mode,flags open ++ .. audit-event:: open path,mode,flags open + + The ``mode`` and ``flags`` arguments may have been modified or inferred from + the original call. diff --git a/python311.changes b/python311.changes index 1051020..f2ced63 100644 --- a/python311.changes +++ b/python311.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Thu Jul 18 22:37:07 UTC 2024 - Matej Cepl + +- Adding bso1227999-reproducible-builds.patch fixing bsc#1227999 + adding reproducibility patches from gh#python/cpython!121872 + and gh#python/cpython!121883. +- Trying %autopatch again (bsc#1189495 seems to be fixed) + ------------------------------------------------------------------- Mon Jul 15 12:14:05 UTC 2024 - Matej Cepl diff --git a/python311.spec b/python311.spec index 8b54981..8b7ca8b 100644 --- a/python311.spec +++ b/python311.spec @@ -174,6 +174,9 @@ Patch17: CVE-2023-52425-remove-reparse_deferral-tests.patch # PATCH-FIX-UPSTREAM CVE-2024-4032-private-IP-addrs.patch bsc#1226448 mcepl@suse.com # rearrange definition of private v global IP addresses Patch18: CVE-2024-4032-private-IP-addrs.patch +# PATCH-FIX-UPSTREAM bso1227999-reproducible-builds.patch bsc#1227999 mcepl@suse.com +# reproducibility patches +Patch19: bso1227999-reproducible-builds.patch BuildRequires: autoconf-archive BuildRequires: automake BuildRequires: fdupes @@ -416,26 +419,13 @@ other applications. %prep %setup -q -n %{tarname} -%patch -p1 -P 02 -%patch -p1 -P 03 -%patch -p1 -P 04 -%patch -p1 -P 05 -%patch -p1 -P 06 -%patch -p1 -P 07 -%patch -p1 -P 08 +%autopatch -p1 -M 08 %if 0%{?suse_version} <= 1500 %patch -P 09 -p1 %endif -%patch -p1 -P 10 -%patch -p1 -P 11 -%patch -p1 -P 13 -%patch -p1 -P 14 -%patch -p1 -P 15 -%patch -p1 -P 16 -%patch -p1 -P 17 -%patch -p1 -P 18 +%autopatch -p1 -m 10 # drop Autoconf version requirement sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac -- 2.51.1 From 3fa86c47813838ed991841b3c2d3f7202d3b6867f447992ff3348d81d64895e5 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Thu, 18 Jul 2024 22:46:00 +0000 Subject: [PATCH 097/135] Revert %autopatch. OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=133 --- python311.changes | 1 - python311.spec | 19 +++++++++++++++++-- 2 files changed, 17 insertions(+), 3 deletions(-) diff --git a/python311.changes b/python311.changes index f2ced63..a860038 100644 --- a/python311.changes +++ b/python311.changes @@ -4,7 +4,6 @@ Thu Jul 18 22:37:07 UTC 2024 - Matej Cepl - Adding bso1227999-reproducible-builds.patch fixing bsc#1227999 adding reproducibility patches from gh#python/cpython!121872 and gh#python/cpython!121883. -- Trying %autopatch again (bsc#1189495 seems to be fixed) ------------------------------------------------------------------- Mon Jul 15 12:14:05 UTC 2024 - Matej Cepl diff --git a/python311.spec b/python311.spec index 8b7ca8b..05b45ac 100644 --- a/python311.spec +++ b/python311.spec @@ -419,13 +419,28 @@ other applications. %prep %setup -q -n %{tarname} -%autopatch -p1 -M 08 + +%patch -p1 -P 02 +%patch -p1 -P 03 +%patch -p1 -P 04 +%patch -p1 -P 05 +%patch -p1 -P 06 +%patch -p1 -P 07 +%patch -p1 -P 08 %if 0%{?suse_version} <= 1500 %patch -P 09 -p1 %endif -%autopatch -p1 -m 10 +%patch -p1 -P 10 +%patch -p1 -P 11 +%patch -p1 -P 13 +%patch -p1 -P 14 +%patch -p1 -P 15 +%patch -p1 -P 16 +%patch -p1 -P 17 +%patch -p1 -P 18 +%patch -p1 -P 19 # drop Autoconf version requirement sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac -- 2.51.1 From 7a43c0a133f7d6de8358b9b129354ca0d1a395760d62c1a34329b7500e881480 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Mon, 22 Jul 2024 21:29:24 +0000 Subject: [PATCH 098/135] - Remove %suse_update_desktop_file macro as it is not useful any more. OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=134 --- python311.changes | 6 ++++++ python311.spec | 2 -- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/python311.changes b/python311.changes index a860038..d7db302 100644 --- a/python311.changes +++ b/python311.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Mon Jul 22 21:20:55 UTC 2024 - Matej Cepl + +- Remove %suse_update_desktop_file macro as it is not useful any + more. + ------------------------------------------------------------------- Thu Jul 18 22:37:07 UTC 2024 - Matej Cepl diff --git a/python311.spec b/python311.spec index 05b45ac..be10cb4 100644 --- a/python311.spec +++ b/python311.spec @@ -218,7 +218,6 @@ BuildRequires: gettext BuildRequires: readline-devel BuildRequires: sqlite-devel BuildRequires: timezone -BuildRequires: update-desktop-files BuildRequires: pkgconfig(ncurses) BuildRequires: pkgconfig(tk) BuildRequires: pkgconfig(x11) @@ -682,7 +681,6 @@ done cp %{SOURCE19} idle%{python_version}.desktop sed -i -e 's:idle3:idle%{python_version}:g' idle%{python_version}.desktop install -m 644 -D -t %{buildroot}%{_datadir}/applications idle%{python_version}.desktop -%suse_update_desktop_file idle%{python_version} cp %{SOURCE20} idle%{python_version}.appdata.xml sed -i -e 's:idle3.desktop:idle%{python_version}.desktop:g' idle%{python_version}.appdata.xml -- 2.51.1 From 763dd72636d8dc74055fd7a1894e4e130e8c1b0d3b5caaa4f7595485952043ba Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Wed, 7 Aug 2024 12:14:54 +0000 Subject: [PATCH 099/135] - Add CVE-2024-6923-email-hdr-inject.patch to prevent email header injection due to unquoted newlines (bsc#1228780, CVE-2024-6923). OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=136 --- CVE-2024-6923-email-hdr-inject.patch | 368 +++++++++++++++++++++++++++ python311.changes | 7 + python311.spec | 4 + 3 files changed, 379 insertions(+) create mode 100644 CVE-2024-6923-email-hdr-inject.patch diff --git a/CVE-2024-6923-email-hdr-inject.patch b/CVE-2024-6923-email-hdr-inject.patch new file mode 100644 index 0000000..35342e1 --- /dev/null +++ b/CVE-2024-6923-email-hdr-inject.patch @@ -0,0 +1,368 @@ +From f9ddc53ea850fb02d640a9b3263756d43fb6d868 Mon Sep 17 00:00:00 2001 +From: Petr Viktorin +Date: Wed, 31 Jul 2024 00:19:48 +0200 +Subject: [PATCH] [3.11] gh-121650: Encode newlines in headers, and verify + headers are sound (GH-122233) + +GH-GH- Encode header parts that contain newlines + +Per RFC 2047: + +> [...] these encoding schemes allow the +> encoding of arbitrary octet values, mail readers that implement this +> decoding should also ensure that display of the decoded data on the +> recipient's terminal will not cause unwanted side-effects + +It seems that the "quoted-word" scheme is a valid way to include +a newline character in a header value, just like we already allow +undecodable bytes or control characters. +They do need to be properly quoted when serialized to text, though. + +GH-GH- Verify that email headers are well-formed + +This should fail for custom fold() implementations that aren't careful +about newlines. + +(cherry picked from commit 097633981879b3c9de9a1dd120d3aa585ecc2384) + +Co-authored-by: Petr Viktorin +Co-authored-by: Bas Bloemsaat +Co-authored-by: Serhiy Storchaka +--- + Doc/library/email.errors.rst | 7 + + Doc/library/email.policy.rst | 18 ++ + Doc/whatsnew/3.11.rst | 13 ++ + Lib/email/_header_value_parser.py | 12 + + Lib/email/_policybase.py | 8 + + Lib/email/errors.py | 4 + Lib/email/generator.py | 13 +- + Lib/test/test_email/test_generator.py | 62 ++++++++++ + Lib/test/test_email/test_policy.py | 26 ++++ + Misc/NEWS.d/next/Library/2024-07-27-16-10-41.gh-issue-121650.nf6oc9.rst | 5 + 10 files changed, 164 insertions(+), 4 deletions(-) + create mode 100644 Misc/NEWS.d/next/Library/2024-07-27-16-10-41.gh-issue-121650.nf6oc9.rst + +Index: Python-3.11.9/Doc/library/email.errors.rst +=================================================================== +--- Python-3.11.9.orig/Doc/library/email.errors.rst ++++ Python-3.11.9/Doc/library/email.errors.rst +@@ -58,6 +58,13 @@ The following exception classes are defi + :class:`~email.mime.nonmultipart.MIMENonMultipart` (e.g. + :class:`~email.mime.image.MIMEImage`). + ++ ++.. exception:: HeaderWriteError() ++ ++ Raised when an error occurs when the :mod:`~email.generator` outputs ++ headers. ++ ++ + .. exception:: MessageDefect() + + This is the base class for all defects found when parsing email messages. +Index: Python-3.11.9/Doc/library/email.policy.rst +=================================================================== +--- Python-3.11.9.orig/Doc/library/email.policy.rst ++++ Python-3.11.9/Doc/library/email.policy.rst +@@ -228,6 +228,24 @@ added matters. To illustrate:: + + .. versionadded:: 3.6 + ++ ++ .. attribute:: verify_generated_headers ++ ++ If ``True`` (the default), the generator will raise ++ :exc:`~email.errors.HeaderWriteError` instead of writing a header ++ that is improperly folded or delimited, such that it would ++ be parsed as multiple headers or joined with adjacent data. ++ Such headers can be generated by custom header classes or bugs ++ in the ``email`` module. ++ ++ As it's a security feature, this defaults to ``True`` even in the ++ :class:`~email.policy.Compat32` policy. ++ For backwards compatible, but unsafe, behavior, it must be set to ++ ``False`` explicitly. ++ ++ .. versionadded:: 3.11.10 ++ ++ + The following :class:`Policy` method is intended to be called by code using + the email library to create policy instances with custom settings: + +Index: Python-3.11.9/Doc/whatsnew/3.11.rst +=================================================================== +--- Python-3.11.9.orig/Doc/whatsnew/3.11.rst ++++ Python-3.11.9/Doc/whatsnew/3.11.rst +@@ -2728,6 +2728,7 @@ OpenSSL + + .. _libb2: https://www.blake2.net/ + ++ + Notable changes in 3.11.10 + ========================== + +@@ -2736,3 +2737,15 @@ ipaddress + + * Fixed ``is_global`` and ``is_private`` behavior in ``IPv4Address``, + ``IPv6Address``, ``IPv4Network`` and ``IPv6Network``. ++ ++email ++----- ++ ++* Headers with embedded newlines are now quoted on output. ++ ++ The :mod:`~email.generator` will now refuse to serialize (write) headers ++ that are improperly folded or delimited, such that they would be parsed as ++ multiple headers or joined with adjacent data. ++ If you need to turn this safety feature off, ++ set :attr:`~email.policy.Policy.verify_generated_headers`. ++ (Contributed by Bas Bloemsaat and Petr Viktorin in :gh:`121650`.) +Index: Python-3.11.9/Lib/email/_header_value_parser.py +=================================================================== +--- Python-3.11.9.orig/Lib/email/_header_value_parser.py ++++ Python-3.11.9/Lib/email/_header_value_parser.py +@@ -92,6 +92,8 @@ TOKEN_ENDS = TSPECIALS | WSP + ASPECIALS = TSPECIALS | set("*'%") + ATTRIBUTE_ENDS = ASPECIALS | WSP + EXTENDED_ATTRIBUTE_ENDS = ATTRIBUTE_ENDS - set('%') ++NLSET = {'\n', '\r'} ++SPECIALSNL = SPECIALS | NLSET + + def quote_string(value): + return '"'+str(value).replace('\\', '\\\\').replace('"', r'\"')+'"' +@@ -2780,9 +2782,13 @@ def _refold_parse_tree(parse_tree, *, po + wrap_as_ew_blocked -= 1 + continue + tstr = str(part) +- if part.token_type == 'ptext' and set(tstr) & SPECIALS: +- # Encode if tstr contains special characters. +- want_encoding = True ++ if not want_encoding: ++ if part.token_type == 'ptext': ++ # Encode if tstr contains special characters. ++ want_encoding = not SPECIALSNL.isdisjoint(tstr) ++ else: ++ # Encode if tstr contains newlines. ++ want_encoding = not NLSET.isdisjoint(tstr) + try: + tstr.encode(encoding) + charset = encoding +Index: Python-3.11.9/Lib/email/_policybase.py +=================================================================== +--- Python-3.11.9.orig/Lib/email/_policybase.py ++++ Python-3.11.9/Lib/email/_policybase.py +@@ -157,6 +157,13 @@ class Policy(_PolicyBase, metaclass=abc. + message_factory -- the class to use to create new message objects. + If the value is None, the default is Message. + ++ verify_generated_headers ++ -- if true, the generator verifies that each header ++ they are properly folded, so that a parser won't ++ treat it as multiple headers, start-of-body, or ++ part of another header. ++ This is a check against custom Header & fold() ++ implementations. + """ + + raise_on_defect = False +@@ -165,6 +172,7 @@ class Policy(_PolicyBase, metaclass=abc. + max_line_length = 78 + mangle_from_ = False + message_factory = None ++ verify_generated_headers = True + + def handle_defect(self, obj, defect): + """Based on policy, either raise defect or call register_defect. +Index: Python-3.11.9/Lib/email/errors.py +=================================================================== +--- Python-3.11.9.orig/Lib/email/errors.py ++++ Python-3.11.9/Lib/email/errors.py +@@ -29,6 +29,10 @@ class CharsetError(MessageError): + """An illegal charset was given.""" + + ++class HeaderWriteError(MessageError): ++ """Error while writing headers.""" ++ ++ + # These are parsing defects which the parser was able to work around. + class MessageDefect(ValueError): + """Base class for a message defect.""" +Index: Python-3.11.9/Lib/email/generator.py +=================================================================== +--- Python-3.11.9.orig/Lib/email/generator.py ++++ Python-3.11.9/Lib/email/generator.py +@@ -14,12 +14,14 @@ import random + from copy import deepcopy + from io import StringIO, BytesIO + from email.utils import _has_surrogates ++from email.errors import HeaderWriteError + + UNDERSCORE = '_' + NL = '\n' # XXX: no longer used by the code below. + + NLCRE = re.compile(r'\r\n|\r|\n') + fcre = re.compile(r'^From ', re.MULTILINE) ++NEWLINE_WITHOUT_FWSP = re.compile(r'\r\n[^ \t]|\r[^ \n\t]|\n[^ \t]') + + + class Generator: +@@ -222,7 +224,16 @@ class Generator: + + def _write_headers(self, msg): + for h, v in msg.raw_items(): +- self.write(self.policy.fold(h, v)) ++ folded = self.policy.fold(h, v) ++ if self.policy.verify_generated_headers: ++ linesep = self.policy.linesep ++ if not folded.endswith(self.policy.linesep): ++ raise HeaderWriteError( ++ f'folded header does not end with {linesep!r}: {folded!r}') ++ if NEWLINE_WITHOUT_FWSP.search(folded.removesuffix(linesep)): ++ raise HeaderWriteError( ++ f'folded header contains newline: {folded!r}') ++ self.write(folded) + # A blank line always separates headers from body + self.write(self._NL) + +Index: Python-3.11.9/Lib/test/test_email/test_generator.py +=================================================================== +--- Python-3.11.9.orig/Lib/test/test_email/test_generator.py ++++ Python-3.11.9/Lib/test/test_email/test_generator.py +@@ -6,6 +6,7 @@ from email.message import EmailMessage + from email.generator import Generator, BytesGenerator + from email.headerregistry import Address + from email import policy ++import email.errors + from test.test_email import TestEmailBase, parameterize + + +@@ -216,6 +217,44 @@ class TestGeneratorBase: + g.flatten(msg) + self.assertEqual(s.getvalue(), self.typ(expected)) + ++ def test_keep_encoded_newlines(self): ++ msg = self.msgmaker(self.typ(textwrap.dedent("""\ ++ To: nobody ++ Subject: Bad subject=?UTF-8?Q?=0A?=Bcc: injection@example.com ++ ++ None ++ """))) ++ expected = textwrap.dedent("""\ ++ To: nobody ++ Subject: Bad subject=?UTF-8?Q?=0A?=Bcc: injection@example.com ++ ++ None ++ """) ++ s = self.ioclass() ++ g = self.genclass(s, policy=self.policy.clone(max_line_length=80)) ++ g.flatten(msg) ++ self.assertEqual(s.getvalue(), self.typ(expected)) ++ ++ def test_keep_long_encoded_newlines(self): ++ msg = self.msgmaker(self.typ(textwrap.dedent("""\ ++ To: nobody ++ Subject: Bad subject=?UTF-8?Q?=0A?=Bcc: injection@example.com ++ ++ None ++ """))) ++ expected = textwrap.dedent("""\ ++ To: nobody ++ Subject: Bad subject ++ =?utf-8?q?=0A?=Bcc: ++ injection@example.com ++ ++ None ++ """) ++ s = self.ioclass() ++ g = self.genclass(s, policy=self.policy.clone(max_line_length=30)) ++ g.flatten(msg) ++ self.assertEqual(s.getvalue(), self.typ(expected)) ++ + + class TestGenerator(TestGeneratorBase, TestEmailBase): + +@@ -224,6 +263,29 @@ class TestGenerator(TestGeneratorBase, T + ioclass = io.StringIO + typ = str + ++ def test_verify_generated_headers(self): ++ """gh-121650: by default the generator prevents header injection""" ++ class LiteralHeader(str): ++ name = 'Header' ++ def fold(self, **kwargs): ++ return self ++ ++ for text in ( ++ 'Value\r\nBad Injection\r\n', ++ 'NoNewLine' ++ ): ++ with self.subTest(text=text): ++ message = message_from_string( ++ "Header: Value\r\n\r\nBody", ++ policy=self.policy, ++ ) ++ ++ del message['Header'] ++ message['Header'] = LiteralHeader(text) ++ ++ with self.assertRaises(email.errors.HeaderWriteError): ++ message.as_string() ++ + + class TestBytesGenerator(TestGeneratorBase, TestEmailBase): + +Index: Python-3.11.9/Lib/test/test_email/test_policy.py +=================================================================== +--- Python-3.11.9.orig/Lib/test/test_email/test_policy.py ++++ Python-3.11.9/Lib/test/test_email/test_policy.py +@@ -26,6 +26,7 @@ class PolicyAPITests(unittest.TestCase): + 'raise_on_defect': False, + 'mangle_from_': True, + 'message_factory': None, ++ 'verify_generated_headers': True, + } + # These default values are the ones set on email.policy.default. + # If any of these defaults change, the docs must be updated. +@@ -294,6 +295,31 @@ class PolicyAPITests(unittest.TestCase): + with self.assertRaises(email.errors.HeaderParseError): + policy.fold("Subject", subject) + ++ def test_verify_generated_headers(self): ++ """Turning protection off allows header injection""" ++ policy = email.policy.default.clone(verify_generated_headers=False) ++ for text in ( ++ 'Header: Value\r\nBad: Injection\r\n', ++ 'Header: NoNewLine' ++ ): ++ with self.subTest(text=text): ++ message = email.message_from_string( ++ "Header: Value\r\n\r\nBody", ++ policy=policy, ++ ) ++ class LiteralHeader(str): ++ name = 'Header' ++ def fold(self, **kwargs): ++ return self ++ ++ del message['Header'] ++ message['Header'] = LiteralHeader(text) ++ ++ self.assertEqual( ++ message.as_string(), ++ f"{text}\nBody", ++ ) ++ + # XXX: Need subclassing tests. + # For adding subclassed objects, make sure the usual rules apply (subclass + # wins), but that the order still works (right overrides left). +Index: Python-3.11.9/Misc/NEWS.d/next/Library/2024-07-27-16-10-41.gh-issue-121650.nf6oc9.rst +=================================================================== +--- /dev/null ++++ Python-3.11.9/Misc/NEWS.d/next/Library/2024-07-27-16-10-41.gh-issue-121650.nf6oc9.rst +@@ -0,0 +1,5 @@ ++:mod:`email` headers with embedded newlines are now quoted on output. The ++:mod:`~email.generator` will now refuse to serialize (write) headers that ++are unsafely folded or delimited; see ++:attr:`~email.policy.Policy.verify_generated_headers`. (Contributed by Bas ++Bloemsaat and Petr Viktorin in :gh:`121650`.) diff --git a/python311.changes b/python311.changes index d7db302..f13d024 100644 --- a/python311.changes +++ b/python311.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Wed Aug 7 12:12:42 UTC 2024 - Matej Cepl + +- Add CVE-2024-6923-email-hdr-inject.patch to prevent email + header injection due to unquoted newlines (bsc#1228780, + CVE-2024-6923). + ------------------------------------------------------------------- Mon Jul 22 21:20:55 UTC 2024 - Matej Cepl diff --git a/python311.spec b/python311.spec index be10cb4..71d3981 100644 --- a/python311.spec +++ b/python311.spec @@ -177,6 +177,9 @@ Patch18: CVE-2024-4032-private-IP-addrs.patch # PATCH-FIX-UPSTREAM bso1227999-reproducible-builds.patch bsc#1227999 mcepl@suse.com # reproducibility patches Patch19: bso1227999-reproducible-builds.patch +# PATCH-FIX-UPSTREAM CVE-2024-6923-email-hdr-inject.patch bsc#1228780 mcepl@suse.com +# prevent email header injection, patch from gh#python/cpython!122608 +Patch20: CVE-2024-6923-email-hdr-inject.patch BuildRequires: autoconf-archive BuildRequires: automake BuildRequires: fdupes @@ -440,6 +443,7 @@ other applications. %patch -p1 -P 17 %patch -p1 -P 18 %patch -p1 -P 19 +%patch -p1 -P 20 # drop Autoconf version requirement sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac -- 2.51.1 From 19a07a589854b3e4640bc8d61e15e2b9b959788c130ceeea5f6a45c52c7590e4 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Wed, 7 Aug 2024 20:15:48 +0000 Subject: [PATCH 100/135] - %{profileopt} variable is set according to the variable %{do_profiling} (bsc#1227999) OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=137 --- python311.changes | 2 ++ python311.spec | 6 ++++++ 2 files changed, 8 insertions(+) diff --git a/python311.changes b/python311.changes index f13d024..76557bf 100644 --- a/python311.changes +++ b/python311.changes @@ -4,6 +4,8 @@ Wed Aug 7 12:12:42 UTC 2024 - Matej Cepl - Add CVE-2024-6923-email-hdr-inject.patch to prevent email header injection due to unquoted newlines (bsc#1228780, CVE-2024-6923). +- %{profileopt} variable is set according to the variable + %{do_profiling} (bsc#1227999) ------------------------------------------------------------------- Mon Jul 22 21:20:55 UTC 2024 - Matej Cepl diff --git a/python311.spec b/python311.spec index 71d3981..c89ec10 100644 --- a/python311.spec +++ b/python311.spec @@ -36,6 +36,12 @@ %bcond_without general %endif +%if 0%{?do_profiling} +%bcond_without profileopt +%else +%bcond_with profileopt +%endif + %define python_pkg_name python311 %if "%{python_pkg_name}" == "%{primary_python}" %define primary_interpreter 1 -- 2.51.1 From 4c1b2b97e501c51e52ce136bece15a881922e4e43c2eaca26ab076ac887b9f3c Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Thu, 29 Aug 2024 12:48:46 +0000 Subject: [PATCH 101/135] - Add CVE-2024-8088-inf-loop-zipfile_Path.patch to prevent malformed payload to cause infinite loops in zipfile.Path (bsc#1229704, CVE-2024-8088). OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=139 --- CVE-2024-8088-inf-loop-zipfile_Path.patch | 136 ++++++++++++++++++++++ python311.changes | 7 ++ python311.spec | 4 + 3 files changed, 147 insertions(+) create mode 100644 CVE-2024-8088-inf-loop-zipfile_Path.patch diff --git a/CVE-2024-8088-inf-loop-zipfile_Path.patch b/CVE-2024-8088-inf-loop-zipfile_Path.patch new file mode 100644 index 0000000..c6e5f3c --- /dev/null +++ b/CVE-2024-8088-inf-loop-zipfile_Path.patch @@ -0,0 +1,136 @@ +--- + Lib/test/test_zipfile.py | 75 ++++++++++ + Lib/zipfile.py | 10 + + Misc/NEWS.d/next/Library/2024-08-11-14-08-04.gh-issue-122905.7tDsxA.rst | 1 + Misc/NEWS.d/next/Library/2024-08-26-13-45-20.gh-issue-123270.gXHvNJ.rst | 3 + 4 files changed, 87 insertions(+), 2 deletions(-) + +--- a/Lib/test/test_zipfile.py ++++ b/Lib/test/test_zipfile.py +@@ -3651,6 +3651,81 @@ with zipfile.ZipFile(io.BytesIO(), "w") + zipfile.Path(zf) + zf.extractall(source_path.parent) + ++ def test_malformed_paths(self): ++ """ ++ Path should handle malformed paths gracefully. ++ ++ Paths with leading slashes are not visible. ++ ++ Paths with dots are treated like regular files. ++ """ ++ data = io.BytesIO() ++ zf = zipfile.ZipFile(data, "w") ++ zf.writestr("../parent.txt", b"content") ++ zf.filename = '' ++ root = zipfile.Path(zf) ++ assert list(map(str, root.iterdir())) == ['../'] ++ assert root.joinpath('..').joinpath('parent.txt').read_bytes() == b'content' ++ ++ def test_unsupported_names(self): ++ """ ++ Path segments with special characters are readable. ++ ++ On some platforms or file systems, characters like ++ ``:`` and ``?`` are not allowed, but they are valid ++ in the zip file. ++ """ ++ data = io.BytesIO() ++ zf = zipfile.ZipFile(data, "w") ++ zf.writestr("path?", b"content") ++ zf.writestr("V: NMS.flac", b"fLaC...") ++ zf.filename = '' ++ root = zipfile.Path(zf) ++ contents = root.iterdir() ++ assert next(contents).name == 'path?' ++ assert next(contents).name == 'V: NMS.flac' ++ assert root.joinpath('V: NMS.flac').read_bytes() == b"fLaC..." ++ ++ def test_backslash_not_separator(self): ++ """ ++ In a zip file, backslashes are not separators. ++ """ ++ data = io.BytesIO() ++ zf = zipfile.ZipFile(data, "w") ++ zf.writestr(DirtyZipInfo.for_name("foo\\bar", zf), b"content") ++ zf.filename = '' ++ root = zipfile.Path(zf) ++ (first,) = root.iterdir() ++ assert not first.is_dir() ++ assert first.name == 'foo\\bar' ++ ++ ++class DirtyZipInfo(zipfile.ZipInfo): ++ """ ++ Bypass name sanitization. ++ """ ++ ++ def __init__(self, filename, *args, **kwargs): ++ super().__init__(filename, *args, **kwargs) ++ self.filename = filename ++ ++ @classmethod ++ def for_name(cls, name, archive): ++ """ ++ Construct the same way that ZipFile.writestr does. ++ ++ TODO: extract this functionality and re-use ++ """ ++ self = cls(filename=name, date_time=time.localtime(time.time())[:6]) ++ self.compress_type = archive.compression ++ self.compress_level = archive.compresslevel ++ if self.filename.endswith('/'): # pragma: no cover ++ self.external_attr = 0o40775 << 16 # drwxrwxr-x ++ self.external_attr |= 0x10 # MS-DOS directory flag ++ else: ++ self.external_attr = 0o600 << 16 # ?rw------- ++ return self ++ + + class EncodedMetadataTests(unittest.TestCase): + file_names = ['\u4e00', '\u4e8c', '\u4e09'] # Han 'one', 'two', 'three' +--- a/Lib/zipfile.py ++++ b/Lib/zipfile.py +@@ -9,6 +9,7 @@ import io + import itertools + import os + import posixpath ++import re + import shutil + import stat + import struct +@@ -2212,7 +2213,7 @@ def _parents(path): + def _ancestry(path): + """ + Given a path with elements separated by +- posixpath.sep, generate all elements of that path ++ posixpath.sep, generate all elements of that path. + + >>> list(_ancestry('b/d')) + ['b/d', 'b'] +@@ -2224,9 +2225,14 @@ def _ancestry(path): + ['b'] + >>> list(_ancestry('')) + [] ++ ++ Multiple separators are treated like a single. ++ ++ >>> list(_ancestry('//b//d///f//')) ++ ['//b//d///f', '//b//d', '//b'] + """ + path = path.rstrip(posixpath.sep) +- while path and path != posixpath.sep: ++ while path.rstrip(posixpath.sep): + yield path + path, tail = posixpath.split(path) + +--- /dev/null ++++ b/Misc/NEWS.d/next/Library/2024-08-11-14-08-04.gh-issue-122905.7tDsxA.rst +@@ -0,0 +1 @@ ++:class:`zipfile.Path` objects now sanitize names from the zipfile. +--- /dev/null ++++ b/Misc/NEWS.d/next/Library/2024-08-26-13-45-20.gh-issue-123270.gXHvNJ.rst +@@ -0,0 +1,3 @@ ++Applied a more surgical fix for malformed payloads in :class:`zipfile.Path` ++causing infinite loops (gh-122905) without breaking contents using ++legitimate characters. diff --git a/python311.changes b/python311.changes index 76557bf..6119f8a 100644 --- a/python311.changes +++ b/python311.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Wed Aug 28 16:54:34 UTC 2024 - Matej Cepl + +- Add CVE-2024-8088-inf-loop-zipfile_Path.patch to prevent + malformed payload to cause infinite loops in zipfile.Path + (bsc#1229704, CVE-2024-8088). + ------------------------------------------------------------------- Wed Aug 7 12:12:42 UTC 2024 - Matej Cepl diff --git a/python311.spec b/python311.spec index c89ec10..aeb6136 100644 --- a/python311.spec +++ b/python311.spec @@ -186,6 +186,9 @@ Patch19: bso1227999-reproducible-builds.patch # PATCH-FIX-UPSTREAM CVE-2024-6923-email-hdr-inject.patch bsc#1228780 mcepl@suse.com # prevent email header injection, patch from gh#python/cpython!122608 Patch20: CVE-2024-6923-email-hdr-inject.patch +# PATCH-FIX-UPSTREAM CVE-2024-8088-inf-loop-zipfile_Path.patch bsc#1229704 mcepl@suse.com +# avoid denial of service in zipfile +Patch21: CVE-2024-8088-inf-loop-zipfile_Path.patch BuildRequires: autoconf-archive BuildRequires: automake BuildRequires: fdupes @@ -450,6 +453,7 @@ other applications. %patch -p1 -P 18 %patch -p1 -P 19 %patch -p1 -P 20 +%patch -p1 -P 21 # drop Autoconf version requirement sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac -- 2.51.1 From ecc51fd1a681e2fd348a3b04b246ae1b9ca307a09fee65dabab355c24df22e2b Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Wed, 2 Oct 2024 16:19:39 +0000 Subject: [PATCH 102/135] - Drop .pyc files from docdir for reproducible builds OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=144 --- .gitattributes | 23 + .gitignore | 1 + CVE-2023-52425-libexpat-2.6.0-backport.patch | 223 + ...-52425-remove-reparse_deferral-tests.patch | 60 + F00251-change-user-install-location.patch | 215 + PACKAGING-NOTES | 26 + Python-3.11.10.tar.xz | 3 + Python-3.11.10.tar.xz.asc | 16 + README.SUSE | 43 + _multibuild | 4 + baselibs.conf | 3 + bluez-devel-vendor.tar.xz | 3 + bpo-31046_ensurepip_honours_prefix.patch | 173 + bsc1221260-test_asyncio-ResourceWarning.patch | 21 + bso1227999-reproducible-builds.patch | 37 + distutils-reproducible-compile.patch | 17 + externally_managed.in | 12 + fix_configure_rst.patch | 40 + gh120226-fix-sendfile-test-kernel-610.patch | 35 + idle3.appdata.xml | 35 + idle3.desktop | 12 + import_failed.map | 7 + import_failed.py | 23 + macros.python3 | 28 + no-skipif-doctests.patch | 653 ++ pre_checkin.sh | 78 + python-3.3.0b1-fix_date_time_compiler.patch | 27 + python-3.3.0b1-localpath.patch | 13 + python-3.3.0b1-test-posix_fadvise.patch | 17 + python.keyring | 109 + python311-rpmlintrc | 3 + python311.changes | 5443 +++++++++++++++++ python311.spec | 1046 ++++ skip-test_pyobject_freed_is_freed.patch | 23 + skip_if_buildbot-extend.patch | 15 + skipped_tests.py | 69 + subprocess-raise-timeout.patch | 18 + 37 files changed, 8574 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 CVE-2023-52425-libexpat-2.6.0-backport.patch create mode 100644 CVE-2023-52425-remove-reparse_deferral-tests.patch create mode 100644 F00251-change-user-install-location.patch create mode 100644 PACKAGING-NOTES create mode 100644 Python-3.11.10.tar.xz create mode 100644 Python-3.11.10.tar.xz.asc create mode 100644 README.SUSE create mode 100644 _multibuild create mode 100644 baselibs.conf create mode 100644 bluez-devel-vendor.tar.xz create mode 100644 bpo-31046_ensurepip_honours_prefix.patch create mode 100644 bsc1221260-test_asyncio-ResourceWarning.patch create mode 100644 bso1227999-reproducible-builds.patch create mode 100644 distutils-reproducible-compile.patch create mode 100644 externally_managed.in create mode 100644 fix_configure_rst.patch create mode 100644 gh120226-fix-sendfile-test-kernel-610.patch create mode 100644 idle3.appdata.xml create mode 100644 idle3.desktop create mode 100644 import_failed.map create mode 100644 import_failed.py create mode 100644 macros.python3 create mode 100644 no-skipif-doctests.patch create mode 100644 pre_checkin.sh create mode 100644 python-3.3.0b1-fix_date_time_compiler.patch create mode 100644 python-3.3.0b1-localpath.patch create mode 100644 python-3.3.0b1-test-posix_fadvise.patch create mode 100644 python.keyring create mode 100644 python311-rpmlintrc create mode 100644 python311.changes create mode 100644 python311.spec create mode 100644 skip-test_pyobject_freed_is_freed.patch create mode 100644 skip_if_buildbot-extend.patch create mode 100644 skipped_tests.py create mode 100644 subprocess-raise-timeout.patch diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/CVE-2023-52425-libexpat-2.6.0-backport.patch b/CVE-2023-52425-libexpat-2.6.0-backport.patch new file mode 100644 index 0000000..c1c66b7 --- /dev/null +++ b/CVE-2023-52425-libexpat-2.6.0-backport.patch @@ -0,0 +1,223 @@ +--- + Lib/test/support/__init__.py | 16 ++++++++++++++-- + Lib/test/test_minidom.py | 23 +++++++++-------------- + Lib/test/test_pyexpat.py | 12 +++++------- + Lib/test/test_sax.py | 18 +++++++++--------- + Lib/test/test_xml_etree.py | 12 ------------ + 5 files changed, 37 insertions(+), 44 deletions(-) + +--- a/Lib/test/support/__init__.py ++++ b/Lib/test/support/__init__.py +@@ -8,6 +8,7 @@ import dataclasses + import functools + import os + import re ++import pyexpat + import stat + import sys + import sysconfig +@@ -56,7 +57,7 @@ __all__ = [ + "run_with_tz", "PGO", "missing_compiler_executable", + "ALWAYS_EQ", "NEVER_EQ", "LARGEST", "SMALLEST", + "LOOPBACK_TIMEOUT", "INTERNET_TIMEOUT", "SHORT_TIMEOUT", "LONG_TIMEOUT", +- "skip_on_s390x", ++ "skip_on_s390x", "fails_with_expat_2_6_0", "is_expat_2_6_0" + ] + + +@@ -2240,6 +2241,17 @@ def copy_python_src_ignore(path, names): + } + return ignored + +-#Windows doesn't have os.uname() but it doesn't support s390x. ++ ++# Windows doesn't have os.uname() but it doesn't support s390x. + skip_on_s390x = unittest.skipIf(hasattr(os, 'uname') and os.uname().machine == 's390x', + 'skipped on s390x') ++ ++ ++@functools.lru_cache ++def _is_expat_2_6_0(): ++ return hasattr(pyexpat.ParserCreate(), 'SetReparseDeferralEnabled') ++is_expat_2_6_0 = _is_expat_2_6_0() ++ ++fails_with_expat_2_6_0 = (unittest.expectedFailure ++ if is_expat_2_6_0 ++ else lambda test: test) +--- a/Lib/test/test_minidom.py ++++ b/Lib/test/test_minidom.py +@@ -6,7 +6,6 @@ import io + from test import support + import unittest + +-import pyexpat + import xml.dom.minidom + + from xml.dom.minidom import parse, Attr, Node, Document, parseString +@@ -1163,13 +1162,11 @@ class MinidomTest(unittest.TestCase): + + # Verify that character decoding errors raise exceptions instead + # of crashing +- if pyexpat.version_info >= (2, 4, 5): +- self.assertRaises(ExpatError, parseString, +- b'') +- self.assertRaises(ExpatError, parseString, +- b'Comment \xe7a va ? Tr\xe8s bien ?') +- else: +- self.assertRaises(UnicodeDecodeError, parseString, ++ # It doesn’t make any sense to insist on the exact text of the ++ # error message, or even the exact Exception … it is enough that ++ # the error has been discovered. ++ with self.assertRaises((UnicodeDecodeError, ExpatError)): ++ parseString( + b'Comment \xe7a va ? Tr\xe8s bien ?') + + doc.unlink() +@@ -1631,12 +1628,10 @@ class MinidomTest(unittest.TestCase): + self.confirm(doc2.namespaceURI == xml.dom.EMPTY_NAMESPACE) + + def testExceptionOnSpacesInXMLNSValue(self): +- if pyexpat.version_info >= (2, 4, 5): +- context = self.assertRaisesRegex(ExpatError, 'syntax error') +- else: +- context = self.assertRaisesRegex(ValueError, 'Unsupported syntax') +- +- with context: ++ # It doesn’t make any sense to insist on the exact text of the ++ # error message, or even the exact Exception … it is enough that ++ # the error has been discovered. ++ with self.assertRaises((ExpatError, ValueError)): + parseString('') + + def testDocRemoveChild(self): +--- a/Lib/test/test_pyexpat.py ++++ b/Lib/test/test_pyexpat.py +@@ -14,8 +14,7 @@ from test.support import os_helper + from xml.parsers import expat + from xml.parsers.expat import errors + +-from test.support import sortdict, is_emscripten, is_wasi +- ++from test.support import sortdict, is_emscripten, is_wasi, is_expat_2_6_0 + + class SetAttributeTest(unittest.TestCase): + def setUp(self): +@@ -770,9 +769,8 @@ class ReparseDeferralTest(unittest.TestC + self.assertIs(parser.GetReparseDeferralEnabled(), enabled) + + def test_reparse_deferral_enabled(self): +- if expat.version_info < (2, 6, 0): +- self.skipTest(f'Expat {expat.version_info} does not ' +- 'support reparse deferral') ++ if not is_expat_2_6_0: ++ self.skipTest("Linked libexpat doesn't support reparse deferral") + + started = [] + +@@ -801,9 +799,9 @@ class ReparseDeferralTest(unittest.TestC + + parser = expat.ParserCreate() + parser.StartElementHandler = start_element +- if expat.version_info >= (2, 6, 0): ++ if is_expat_2_6_0: + parser.SetReparseDeferralEnabled(False) +- self.assertFalse(parser.GetReparseDeferralEnabled()) ++ self.assertFalse(parser.GetReparseDeferralEnabled()) + + for chunk in (b''): + parser.Parse(chunk, False) +--- a/Lib/test/test_sax.py ++++ b/Lib/test/test_sax.py +@@ -19,13 +19,11 @@ from xml.sax.xmlreader import InputSourc + from io import BytesIO, StringIO + import codecs + import os.path +-import pyexpat + import shutil + import sys + from urllib.error import URLError + import urllib.request +-from test.support import os_helper +-from test.support import findfile ++from test.support import os_helper, findfile, is_expat_2_6_0 + from test.support.os_helper import FakePath, TESTFN + + +@@ -1215,10 +1213,10 @@ class ExpatReaderTest(XmlTestBase): + + self.assertEqual(result.getvalue(), start + b"text") + +- @unittest.skipIf(pyexpat.version_info < (2, 6, 0), +- f'Expat {pyexpat.version_info} does not ' +- 'support reparse deferral') + def test_flush_reparse_deferral_enabled(self): ++ if not is_expat_2_6_0: ++ self.skipTest("Linked libexpat doesn't support reparse deferral") ++ + result = BytesIO() + xmlgen = XMLGenerator(result) + parser = create_parser() +@@ -1241,6 +1239,9 @@ class ExpatReaderTest(XmlTestBase): + self.assertEqual(result.getvalue(), start + b"") + + def test_flush_reparse_deferral_disabled(self): ++ if not is_expat_2_6_0: ++ self.skipTest("Linked libexpat doesn't support reparse deferral") ++ + result = BytesIO() + xmlgen = XMLGenerator(result) + parser = create_parser() +@@ -1249,9 +1250,8 @@ class ExpatReaderTest(XmlTestBase): + for chunk in (""): + parser.feed(chunk) + +- if pyexpat.version_info >= (2, 6, 0): +- parser._parser.SetReparseDeferralEnabled(False) +- self.assertEqual(result.getvalue(), start) # i.e. no elements started ++ parser._parser.SetReparseDeferralEnabled(False) ++ self.assertEqual(result.getvalue(), start) # i.e. no elements started + + self.assertFalse(parser._parser.GetReparseDeferralEnabled()) + +--- a/Lib/test/test_xml_etree.py ++++ b/Lib/test/test_xml_etree.py +@@ -13,7 +13,6 @@ import itertools + import operator + import os + import pickle +-import pyexpat + import sys + import textwrap + import types +@@ -1424,12 +1423,6 @@ class XMLPullParserTest(unittest.TestCas + self.assert_event_tags(parser, [('end', 'root')]) + self.assertIsNone(parser.close()) + +- def test_simple_xml_chunk_1(self): +- self.test_simple_xml(chunk_size=1, flush=True) +- +- def test_simple_xml_chunk_5(self): +- self.test_simple_xml(chunk_size=5, flush=True) +- + def test_simple_xml_chunk_22(self): + self.test_simple_xml(chunk_size=22) + +@@ -1627,9 +1620,6 @@ class XMLPullParserTest(unittest.TestCas + with self.assertRaises(ValueError): + ET.XMLPullParser(events=('start', 'end', 'bogus')) + +- @unittest.skipIf(pyexpat.version_info < (2, 6, 0), +- f'Expat {pyexpat.version_info} does not ' +- 'support reparse deferral') + def test_flush_reparse_deferral_enabled(self): + parser = ET.XMLPullParser(events=('start', 'end')) + +@@ -1656,8 +1646,6 @@ class XMLPullParserTest(unittest.TestCas + + for chunk in (""): + parser.feed(chunk) +- +- if pyexpat.version_info >= (2, 6, 0): + if not ET is pyET: + self.skipTest(f'XMLParser.(Get|Set)ReparseDeferralEnabled ' + 'methods not available in C') diff --git a/CVE-2023-52425-remove-reparse_deferral-tests.patch b/CVE-2023-52425-remove-reparse_deferral-tests.patch new file mode 100644 index 0000000..553bdf8 --- /dev/null +++ b/CVE-2023-52425-remove-reparse_deferral-tests.patch @@ -0,0 +1,60 @@ +--- + Lib/test/test_pyexpat.py | 2 ++ + Lib/test/test_sax.py | 2 ++ + Lib/test/test_xml_etree.py | 2 ++ + 3 files changed, 6 insertions(+) + +--- a/Lib/test/test_pyexpat.py ++++ b/Lib/test/test_pyexpat.py +@@ -768,6 +768,7 @@ class ReparseDeferralTest(unittest.TestC + parser.SetReparseDeferralEnabled(True) + self.assertIs(parser.GetReparseDeferralEnabled(), enabled) + ++ @unittest.skip('Tests are failing.') + def test_reparse_deferral_enabled(self): + if not is_expat_2_6_0: + self.skipTest("Linked libexpat doesn't support reparse deferral") +@@ -791,6 +792,7 @@ class ReparseDeferralTest(unittest.TestC + + self.assertEqual(started, ['doc']) + ++ @unittest.skip('Tests are failing.') + def test_reparse_deferral_disabled(self): + started = [] + +--- a/Lib/test/test_sax.py ++++ b/Lib/test/test_sax.py +@@ -1213,6 +1213,7 @@ class ExpatReaderTest(XmlTestBase): + + self.assertEqual(result.getvalue(), start + b"text") + ++ @unittest.skip('Tests are failing.') + def test_flush_reparse_deferral_enabled(self): + if not is_expat_2_6_0: + self.skipTest("Linked libexpat doesn't support reparse deferral") +@@ -1238,6 +1239,7 @@ class ExpatReaderTest(XmlTestBase): + + self.assertEqual(result.getvalue(), start + b"") + ++ @unittest.skip('Tests are failing.') + def test_flush_reparse_deferral_disabled(self): + if not is_expat_2_6_0: + self.skipTest("Linked libexpat doesn't support reparse deferral") +--- a/Lib/test/test_xml_etree.py ++++ b/Lib/test/test_xml_etree.py +@@ -1620,6 +1620,7 @@ class XMLPullParserTest(unittest.TestCas + with self.assertRaises(ValueError): + ET.XMLPullParser(events=('start', 'end', 'bogus')) + ++ @unittest.skip('Tests are failing.') + def test_flush_reparse_deferral_enabled(self): + parser = ET.XMLPullParser(events=('start', 'end')) + +@@ -1641,6 +1642,7 @@ class XMLPullParserTest(unittest.TestCas + + self.assert_event_tags(parser, [('end', 'doc')]) + ++ @unittest.skip('Tests are failing.') + def test_flush_reparse_deferral_disabled(self): + parser = ET.XMLPullParser(events=('start', 'end')) + diff --git a/F00251-change-user-install-location.patch b/F00251-change-user-install-location.patch new file mode 100644 index 0000000..fa38a94 --- /dev/null +++ b/F00251-change-user-install-location.patch @@ -0,0 +1,215 @@ +From 910f38d9768d39d4d31426743ae4081ed1ab66b6 Mon Sep 17 00:00:00 2001 +From: Michal Cyprian +Date: Mon, 26 Jun 2017 16:32:56 +0200 +Subject: [PATCH] 00251: Change user install location + +Set values of prefix and exec_prefix in distutils install command +to /usr/local if executable is /usr/bin/python* and RPM build +is not detected to make pip and distutils install into separate location. + +Fedora Change: https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe +--- + Lib/distutils/command/install.py | 15 +++++++++++++-- + Lib/site.py | 9 ++++++++- + 2 files changed, 21 insertions(+), 3 deletions(-) + +Index: Python-3.11.8/Lib/distutils/command/install.py +=================================================================== +--- Python-3.11.8.orig/Lib/distutils/command/install.py ++++ Python-3.11.8/Lib/distutils/command/install.py +@@ -441,8 +441,19 @@ class install(Command): + raise DistutilsOptionError( + "must not supply exec-prefix without prefix") + +- self.prefix = os.path.normpath(sys.prefix) +- self.exec_prefix = os.path.normpath(sys.exec_prefix) ++ # self.prefix is set to sys.prefix + /local/ ++ # if neither RPM build nor virtual environment is ++ # detected to make pip and distutils install packages ++ # into the separate location. ++ if (not (hasattr(sys, 'real_prefix') or ++ sys.prefix != sys.base_prefix) and ++ 'RPM_BUILD_ROOT' not in os.environ): ++ addition = "/local" ++ else: ++ addition = "" ++ ++ self.prefix = os.path.normpath(sys.prefix) + addition ++ self.exec_prefix = os.path.normpath(sys.exec_prefix) + addition + + else: + if self.exec_prefix is None: +Index: Python-3.11.8/Lib/site.py +=================================================================== +--- Python-3.11.8.orig/Lib/site.py ++++ Python-3.11.8/Lib/site.py +@@ -387,8 +387,15 @@ def getsitepackages(prefixes=None): + return sitepackages + + def addsitepackages(known_paths, prefixes=None): +- """Add site-packages to sys.path""" ++ """Add site-packages to sys.path ++ ++ '/usr/local' is included in PREFIXES if RPM build is not detected ++ to make packages installed into this location visible. ++ ++ """ + _trace("Processing global site-packages") ++ if ENABLE_USER_SITE and 'RPM_BUILD_ROOT' not in os.environ: ++ PREFIXES.insert(0, "/usr/local") + for sitedir in getsitepackages(prefixes): + if os.path.isdir(sitedir): + addsitedir(sitedir, known_paths) + +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= +Date: Mon, 15 Feb 2021 12:19:27 +0100 +Subject: [PATCH] 00251: Change user install location +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Set values of base and platbase in sysconfig from /usr +to /usr/local when RPM build is not detected +to make pip and similar tools install into separate location. + +Fedora Change: https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe +Downstream only. + +We've tried to rework in Fedora 36/Python 3.10 to follow https://bugs.python.org/issue43976 +but we have identified serious problems with that approach, +see https://bugzilla.redhat.com/2026979 or https://bugzilla.redhat.com/2097183 + +pypa/distutils integration: https://github.com/pypa/distutils/pull/70 + +Co-authored-by: Petr Viktorin +Co-authored-by: Miro Hrončok +Co-authored-by: Michal Cyprian +Co-authored-by: Lumír Balhar +--- + Lib/site.py | 9 ++++++- + Lib/sysconfig.py | 49 +++++++++++++++++++++++++++++++++++++- + Lib/test/test_sysconfig.py | 17 +++++++++++-- + 3 files changed, 71 insertions(+), 4 deletions(-) + +Index: Python-3.11.9/Lib/sysconfig.py +=================================================================== +--- Python-3.11.9.orig/Lib/sysconfig.py ++++ Python-3.11.9/Lib/sysconfig.py +@@ -103,6 +103,11 @@ if os.name == 'nt': + else: + _INSTALL_SCHEMES['venv'] = _INSTALL_SCHEMES['posix_venv'] + ++# For a brief period of time in the Fedora 36 life cycle, ++# this installation scheme existed and was documented in the release notes. ++# For backwards compatibility, we keep it here (at least on 3.10 and 3.11). ++_INSTALL_SCHEMES['rpm_prefix'] = _INSTALL_SCHEMES['posix_prefix'] ++ + + # NOTE: site.py has copy of this function. + # Sync it when modify this function. +@@ -162,6 +167,19 @@ if _HAS_USER_BASE: + }, + } + ++# This is used by distutils.command.install in the stdlib ++# as well as pypa/distutils (e.g. bundled in setuptools). ++# The self.prefix value is set to sys.prefix + /local/ ++# if neither RPM build nor virtual environment is ++# detected to make distutils install packages ++# into the separate location. ++# https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe ++if (not (hasattr(sys, 'real_prefix') or ++ sys.prefix != sys.base_prefix) and ++ 'RPM_BUILD_ROOT' not in os.environ): ++ _prefix_addition = '/local' ++ ++ + _SCHEME_KEYS = ('stdlib', 'platstdlib', 'purelib', 'platlib', 'include', + 'scripts', 'data') + +@@ -258,11 +276,40 @@ def _extend_dict(target_dict, other_dict + target_dict[key] = value + + ++_CONFIG_VARS_LOCAL = None ++ ++ ++def _config_vars_local(): ++ # This function returns the config vars with prefixes amended to /usr/local ++ # https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe ++ global _CONFIG_VARS_LOCAL ++ if _CONFIG_VARS_LOCAL is None: ++ _CONFIG_VARS_LOCAL = dict(get_config_vars()) ++ _CONFIG_VARS_LOCAL['base'] = '/usr/local' ++ _CONFIG_VARS_LOCAL['platbase'] = '/usr/local' ++ return _CONFIG_VARS_LOCAL ++ ++ + def _expand_vars(scheme, vars): + res = {} + if vars is None: + vars = {} +- _extend_dict(vars, get_config_vars()) ++ ++ # when we are not in a virtual environment or an RPM build ++ # we change '/usr' to '/usr/local' ++ # to avoid surprises, we explicitly check for the /usr/ prefix ++ # Python virtual environments have different prefixes ++ # we only do this for posix_prefix, not to mangle the venv scheme ++ # posix_prefix is used by sudo pip install ++ # we only change the defaults here, so explicit --prefix will take precedence ++ # https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe ++ if (scheme == 'posix_prefix' and ++ _PREFIX == '/usr' and ++ 'RPM_BUILD_ROOT' not in os.environ): ++ _extend_dict(vars, _config_vars_local()) ++ else: ++ _extend_dict(vars, get_config_vars()) ++ + if os.name == 'nt': + # On Windows we want to substitute 'lib' for schemes rather + # than the native value (without modifying vars, in case it +Index: Python-3.11.9/Lib/test/test_sysconfig.py +=================================================================== +--- Python-3.11.9.orig/Lib/test/test_sysconfig.py ++++ Python-3.11.9/Lib/test/test_sysconfig.py +@@ -111,8 +111,19 @@ class TestSysConfig(unittest.TestCase): + for scheme in _INSTALL_SCHEMES: + for name in _INSTALL_SCHEMES[scheme]: + expected = _INSTALL_SCHEMES[scheme][name].format(**config_vars) ++ tested = get_path(name, scheme) ++ # https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe ++ if tested.startswith('/usr/local'): ++ # /usr/local should only be used in posix_prefix ++ self.assertEqual(scheme, 'posix_prefix') ++ # Fedora CI runs tests for venv and virtualenv that check for other prefixes ++ self.assertEqual(sys.prefix, '/usr') ++ # When building the RPM of Python, %check runs this with RPM_BUILD_ROOT set ++ # Fedora CI runs this with RPM_BUILD_ROOT unset ++ self.assertNotIn('RPM_BUILD_ROOT', os.environ) ++ tested = tested.replace('/usr/local', '/usr') + self.assertEqual( +- os.path.normpath(get_path(name, scheme)), ++ os.path.normpath(tested), + os.path.normpath(expected), + ) + +@@ -345,7 +356,7 @@ class TestSysConfig(unittest.TestCase): + self.assertTrue(os.path.isfile(config_h), config_h) + + def test_get_scheme_names(self): +- wanted = ['nt', 'posix_home', 'posix_prefix', 'posix_venv', 'nt_venv', 'venv'] ++ wanted = ['nt', 'posix_home', 'posix_prefix', 'posix_venv', 'nt_venv', 'venv', 'rpm_prefix'] + if HAS_USER_BASE: + wanted.extend(['nt_user', 'osx_framework_user', 'posix_user']) + self.assertEqual(get_scheme_names(), tuple(sorted(wanted))) +@@ -357,6 +368,8 @@ class TestSysConfig(unittest.TestCase): + cmd = "-c", "import sysconfig; print(sysconfig.get_platform())" + self.assertEqual(py.call_real(*cmd), py.call_link(*cmd)) + ++ @unittest.skipIf('RPM_BUILD_ROOT' not in os.environ, ++ "Test doesn't expect Fedora's paths") + def test_user_similar(self): + # Issue #8759: make sure the posix scheme for the users + # is similar to the global posix_prefix one diff --git a/PACKAGING-NOTES b/PACKAGING-NOTES new file mode 100644 index 0000000..e28c88c --- /dev/null +++ b/PACKAGING-NOTES @@ -0,0 +1,26 @@ +Notes for packagers of Python3 +============================== + +0. Faster build turnaround +-------------------------- + +By default, python builds with profile-guided optimization. This needs +an additional run of the test suite and it is generally slow. +PGO build takes around 50 minutes. + +For development, use "--without profileopt" option to disable PGO. This +shortens the build time to ~5 minutes including test suite. + +1. import_failed.map +---------------------- + +This is a mechanism installed as part of python3-base, that places shim modules +on python's path (through a generated zzzz-import-failed-hooks.pth file, so that +it is imported as much at the end as makes sense; and an _import_failed subdir +of /usr/lib/pythonX.Y). Then when the user tries to import a module that is part +of a subpackage, the ImportError will contain a helpful message telling them +which missing subpackage to install. + +This can sometimes cause problems on non-standard configurations, if the pth +gets included too early (for instance if you are using a script to include all +pths by hand in some strange order). Just something to look out for. diff --git a/Python-3.11.10.tar.xz b/Python-3.11.10.tar.xz new file mode 100644 index 0000000..f87e7ad --- /dev/null +++ b/Python-3.11.10.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:07a4356e912900e61a15cb0949a06c4a05012e213ecd6b4e84d0f67aabbee372 +size 20067656 diff --git a/Python-3.11.10.tar.xz.asc b/Python-3.11.10.tar.xz.asc new file mode 100644 index 0000000..243d1b1 --- /dev/null +++ b/Python-3.11.10.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEz9yiRbEEPPKl+Xhl/+h0BBaL2EcFAmbbrO0ACgkQ/+h0BBaL +2Ec+YBAAnQJLKYPjj7Yr7xkFU655Sv86JxeRAdWjnIapbiIuWg3Up8Pd8FTRgHGf +3XdTHw7b03lSjtzJwavzdnDklqAlBIGn9dVieljUIN7NYyNxoYOr/AiatimgSwv7 +dI5mfun5fLKV6ZcdNdQN5PJ3RZtF3I7VfkN2mlfZJHtxl1agdU/TfW2L+qJ7+JPY +cayjq2xKTLRNXOf2iV29GRRovLiqA+Dx0+cAwsScwreHMp3U4k3GkeHVoR6fldV4 +bVAM8GRl3CYVFePiqAbamKP1BSys44JOINWbWyd94JxzEAwXWz//Es0h73AzeRfK +ueORqzdoOGrVc74+HGlAHhqO1Gg7jMMmtkzCEuav+cGHYnMRMOngGR3q47aTJTVb +5UdP0oD4OlADPFVa6q0LCqN/IFlebWMh9pXYw7Wpek63oNuZHTfNPq4S1AUM2HJm +C3yzaOG9VAdYfLneJC4ldY4CVt1FKckfaXp5OAaMr71DI74e4CcEswlUupZJLZKV +TJRjQD15bnXGhHDqU4w3RmzpCWMh2mf4m4VMYQyObl3TtlX+gVvzIhDS5+mXqutB +F1pdXwaHHkTb2PLLxpwOGrnsp8XoW74tsylcYirQg8jSFMbgxfwgIjEIuRGXeDkT +B4QzmQ4SxsbLiH7etV6Fznl1h569Z4DO9OOs4i0ZzIjdhPDQtAs= +=TatG +-----END PGP SIGNATURE----- diff --git a/README.SUSE b/README.SUSE new file mode 100644 index 0000000..0053bcf --- /dev/null +++ b/README.SUSE @@ -0,0 +1,43 @@ +Python 3 in SUSE +============== + +* Subpackages * + +Python 3 is split into several subpackages, based on external dependencies. +The main package 'python3' has soft dependencies on all subpackages needed to +assemble the standard library; however, these might not all be installed by default. + +If you attempt to import a module that is currently not installed, an ImportError is thrown, +with instructions to install the missing subpackage. Installing the subpackage might result +in installing libraries that the subpackage requires to function. + + +* ensurepip * + +The 'ensurepip' module from Python 3 standard library (PEP 453) is supposed to deploy +a bundled copy of the pip installer. This makes no sense in a managed distribution like SUSE. +Instead, you need to install package 'python3-pip'. Usually this will be installed automatically +with 'python3'. + +Using 'ensurepip' when pip is not installed will result in an ImportError with instructions +to install 'python3-pip'. + + +* Documentation * + +You can find documentation in seprarate packages: python3-doc and +python3-doc-pdf. These contan following documents: + + Tutorial, What's New in Python, Global Module Index, Library Reference, + Macintosh Module Reference, Installing Python Modules, Distributing Python + Modules, Language Reference, Extending and Embedding, Python/C API, + Documenting Python + +The python3-doc package constains many text files from source tarball. + + +* Interactive mode * + +Interactive mode is by default enhanced with of history and command completion. +If you don't like these features, you can unset the PYTHONSTARTUP variable +in your .profile or disable it system wide in /etc/profile.d/python.sh. diff --git a/_multibuild b/_multibuild new file mode 100644 index 0000000..1d50bc4 --- /dev/null +++ b/_multibuild @@ -0,0 +1,4 @@ + + base + doc + diff --git a/baselibs.conf b/baselibs.conf new file mode 100644 index 0000000..1793de8 --- /dev/null +++ b/baselibs.conf @@ -0,0 +1,3 @@ +python311-base +python311 +libpython3_11-1_0 diff --git a/bluez-devel-vendor.tar.xz b/bluez-devel-vendor.tar.xz new file mode 100644 index 0000000..57fb3e5 --- /dev/null +++ b/bluez-devel-vendor.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:868fbfba2ddaed62f2c45cf869fe2c648527ac3bac738f4f41f3c2872f5b0211 +size 25040 diff --git a/bpo-31046_ensurepip_honours_prefix.patch b/bpo-31046_ensurepip_honours_prefix.patch new file mode 100644 index 0000000..86882ae --- /dev/null +++ b/bpo-31046_ensurepip_honours_prefix.patch @@ -0,0 +1,173 @@ +From 5754521af1d51aa8e445cba07a093bbc0c88596d Mon Sep 17 00:00:00 2001 +From: Zackery Spytz +Date: Mon, 16 Dec 2019 18:24:08 -0700 +Subject: [PATCH] bpo-31046: ensurepip does not honour the value of $(prefix) + +Co-Authored-By: Xavier de Gaye +--- + Doc/library/ensurepip.rst | 9 +++-- + Lib/ensurepip/__init__.py | 18 +++++++--- + Lib/test/test_ensurepip.py | 11 ++++++ + Makefile.pre.in | 4 +- + Misc/NEWS.d/next/Build/2019-12-16-17-50-42.bpo-31046.XA-Qfr.rst | 1 + 5 files changed, 34 insertions(+), 9 deletions(-) + create mode 100644 Misc/NEWS.d/next/Build/2019-12-16-17-50-42.bpo-31046.XA-Qfr.rst + +Index: Python-3.11.8/Doc/library/ensurepip.rst +=================================================================== +--- Python-3.11.8.orig/Doc/library/ensurepip.rst ++++ Python-3.11.8/Doc/library/ensurepip.rst +@@ -59,7 +59,9 @@ is at least as recent as the one availab + By default, ``pip`` is installed into the current virtual environment + (if one is active) or into the system site packages (if there is no + active virtual environment). The installation location can be controlled +-through two additional command line options: ++through some additional command line options: ++ ++* ``--prefix ``: Installs ``pip`` using the given directory prefix. + + * :samp:`--root {dir}`: Installs ``pip`` relative to the given root directory + rather than the root of the currently active virtual environment (if any) +@@ -92,7 +94,7 @@ Module API + Returns a string specifying the available version of pip that will be + installed when bootstrapping an environment. + +-.. function:: bootstrap(root=None, upgrade=False, user=False, \ ++.. function:: bootstrap(root=None, prefix=None, upgrade=False, user=False, \ + altinstall=False, default_pip=False, \ + verbosity=0) + +@@ -102,6 +104,8 @@ Module API + If *root* is ``None``, then installation uses the default install location + for the current environment. + ++ *prefix* specifies the directory prefix to use when installing. ++ + *upgrade* indicates whether or not to upgrade an existing installation + of an earlier version of ``pip`` to the available version. + +@@ -122,6 +126,8 @@ Module API + *verbosity* controls the level of output to :data:`sys.stdout` from the + bootstrapping operation. + ++ .. versionchanged:: 3.9 the *prefix* parameter was added. ++ + .. audit-event:: ensurepip.bootstrap root ensurepip.bootstrap + + .. note:: +Index: Python-3.11.8/Lib/ensurepip/__init__.py +=================================================================== +--- Python-3.11.8.orig/Lib/ensurepip/__init__.py ++++ Python-3.11.8/Lib/ensurepip/__init__.py +@@ -122,27 +122,27 @@ def _disable_pip_configuration_settings( + os.environ['PIP_CONFIG_FILE'] = os.devnull + + +-def bootstrap(*, root=None, upgrade=False, user=False, ++def bootstrap(*, root=None, prefix=None, upgrade=False, user=False, + altinstall=False, default_pip=False, + verbosity=0): + """ + Bootstrap pip into the current Python installation (or the given root +- directory). ++ and directory prefix). + + Note that calling this function will alter both sys.path and os.environ. + """ + # Discard the return value +- _bootstrap(root=root, upgrade=upgrade, user=user, ++ _bootstrap(root=root, prefix=prefix, upgrade=upgrade, user=user, + altinstall=altinstall, default_pip=default_pip, + verbosity=verbosity) + + +-def _bootstrap(*, root=None, upgrade=False, user=False, ++def _bootstrap(*, root=None, prefix=None, upgrade=False, user=False, + altinstall=False, default_pip=False, + verbosity=0): + """ + Bootstrap pip into the current Python installation (or the given root +- directory). Returns pip command status code. ++ and directory prefix). Returns pip command status code. + + Note that calling this function will alter both sys.path and os.environ. + """ +@@ -192,6 +192,8 @@ def _bootstrap(*, root=None, upgrade=Fal + args = ["install", "--no-cache-dir", "--no-index", "--find-links", tmpdir] + if root: + args += ["--root", root] ++ if prefix: ++ args += ["--prefix", prefix] + if upgrade: + args += ["--upgrade"] + if user: +@@ -267,6 +269,11 @@ def _main(argv=None): + help="Install everything relative to this alternate root directory.", + ) + parser.add_argument( ++ "--prefix", ++ default=None, ++ help="Install everything using this prefix.", ++ ) ++ parser.add_argument( + "--altinstall", + action="store_true", + default=False, +@@ -285,6 +292,7 @@ def _main(argv=None): + + return _bootstrap( + root=args.root, ++ prefix=args.prefix, + upgrade=args.upgrade, + user=args.user, + verbosity=args.verbosity, +Index: Python-3.11.8/Lib/test/test_ensurepip.py +=================================================================== +--- Python-3.11.8.orig/Lib/test/test_ensurepip.py ++++ Python-3.11.8/Lib/test/test_ensurepip.py +@@ -112,6 +112,17 @@ class TestBootstrap(EnsurepipMixin, unit + unittest.mock.ANY, + ) + ++ def test_bootstrapping_with_prefix(self): ++ ensurepip.bootstrap(prefix="/foo/bar/") ++ self.run_pip.assert_called_once_with( ++ [ ++ "install", "--no-cache-dir", "--no-index", "--find-links", ++ unittest.mock.ANY, "--prefix", "/foo/bar/", ++ "setuptools", "pip", ++ ], ++ unittest.mock.ANY, ++ ) ++ + def test_bootstrapping_with_user(self): + ensurepip.bootstrap(user=True) + +Index: Python-3.11.8/Makefile.pre.in +=================================================================== +--- Python-3.11.8.orig/Makefile.pre.in ++++ Python-3.11.8/Makefile.pre.in +@@ -1761,7 +1761,7 @@ install: @FRAMEWORKINSTALLFIRST@ commoni + install|*) ensurepip="" ;; \ + esac; \ + $(RUNSHARED) $(PYTHON_FOR_BUILD) -m ensurepip \ +- $$ensurepip --root=$(DESTDIR)/ ; \ ++ $$ensurepip --root=$(DESTDIR)/ --prefix=$(prefix) ; \ + fi + + altinstall: commoninstall +@@ -1771,7 +1771,7 @@ altinstall: commoninstall + install|*) ensurepip="--altinstall" ;; \ + esac; \ + $(RUNSHARED) $(PYTHON_FOR_BUILD) -m ensurepip \ +- $$ensurepip --root=$(DESTDIR)/ ; \ ++ $$ensurepip --root=$(DESTDIR)/ --prefix=$(prefix) ; \ + fi + + commoninstall: check-clean-src @FRAMEWORKALTINSTALLFIRST@ \ +Index: Python-3.11.8/Misc/NEWS.d/next/Build/2019-12-16-17-50-42.bpo-31046.XA-Qfr.rst +=================================================================== +--- /dev/null ++++ Python-3.11.8/Misc/NEWS.d/next/Build/2019-12-16-17-50-42.bpo-31046.XA-Qfr.rst +@@ -0,0 +1 @@ ++A directory prefix can now be specified when using :mod:`ensurepip`. diff --git a/bsc1221260-test_asyncio-ResourceWarning.patch b/bsc1221260-test_asyncio-ResourceWarning.patch new file mode 100644 index 0000000..15d6b8d --- /dev/null +++ b/bsc1221260-test_asyncio-ResourceWarning.patch @@ -0,0 +1,21 @@ +From a3052035485bd2836e40f5284657ca105382cbfd Mon Sep 17 00:00:00 2001 +From: sobolevn +Date: Tue, 5 Mar 2024 20:24:16 +0300 +Subject: [PATCH] gh-116112: Fix `ResourceWarning` in + `test_asyncio.test_stream` + +Co-authored-by: @CendioOssman +--- + Lib/test/test_asyncio/test_streams.py | 1 + + 1 file changed, 1 insertion(+) + +--- a/Lib/test/test_asyncio/test_streams.py ++++ b/Lib/test/test_asyncio/test_streams.py +@@ -1156,6 +1156,7 @@ os.close(fd) + + def test_unhandled_cancel(self): + async def handle_echo(reader, writer): ++ writer.close() + asyncio.current_task().cancel() + messages = self._basetest_unhandled_exceptions(handle_echo) + self.assertEqual(messages, []) diff --git a/bso1227999-reproducible-builds.patch b/bso1227999-reproducible-builds.patch new file mode 100644 index 0000000..fb33d18 --- /dev/null +++ b/bso1227999-reproducible-builds.patch @@ -0,0 +1,37 @@ +From ac2b8869724d7a57d9b5efbdce2f20423214e8bb Mon Sep 17 00:00:00 2001 +From: "Bernhard M. Wiedemann" +Date: Tue, 16 Jul 2024 21:39:33 +0200 +Subject: [PATCH] Allow to override build date with SOURCE_DATE_EPOCH + +to make builds reproducible. +See https://reproducible-builds.org/ for why this is good +and https://reproducible-builds.org/specs/source-date-epoch/ +for the definition of this variable. +--- + Doc/conf.py | 3 ++- + Doc/library/functions.rst | 2 +- + 2 files changed, 3 insertions(+), 2 deletions(-) + +--- a/Doc/conf.py ++++ b/Doc/conf.py +@@ -316,7 +316,8 @@ html_context = { + } + + # This 'Last updated on:' timestamp is inserted at the bottom of every page. +-html_last_updated_fmt = time.strftime('%b %d, %Y (%H:%M UTC)', time.gmtime()) ++html_time = int(os.environ.get('SOURCE_DATE_EPOCH', time.time())) ++html_last_updated_fmt = time.strftime('%b %d, %Y (%H:%M UTC)', time.gmtime(html_time)) + + # Path to find HTML templates. + templates_path = ['tools/templates'] +--- a/Doc/library/functions.rst ++++ b/Doc/library/functions.rst +@@ -1356,7 +1356,7 @@ are always available. They are listed h + (where :func:`open` is declared), :mod:`os`, :mod:`os.path`, :mod:`tempfile`, + and :mod:`shutil`. + +- .. audit-event:: open file,mode,flags open ++ .. audit-event:: open path,mode,flags open + + The ``mode`` and ``flags`` arguments may have been modified or inferred from + the original call. diff --git a/distutils-reproducible-compile.patch b/distutils-reproducible-compile.patch new file mode 100644 index 0000000..17e8bd2 --- /dev/null +++ b/distutils-reproducible-compile.patch @@ -0,0 +1,17 @@ +--- + Lib/distutils/util.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +Index: Python-3.11.8/Lib/distutils/util.py +=================================================================== +--- Python-3.11.8.orig/Lib/distutils/util.py ++++ Python-3.11.8/Lib/distutils/util.py +@@ -436,7 +436,7 @@ byte_compile(files, optimize=%r, force=% + else: + from py_compile import compile + +- for file in py_files: ++ for file in sorted(py_files): + if file[-3:] != ".py": + # This lets us be lazy and not filter filenames in + # the "install_lib" command. diff --git a/externally_managed.in b/externally_managed.in new file mode 100644 index 0000000..54606b6 --- /dev/null +++ b/externally_managed.in @@ -0,0 +1,12 @@ +[externally-managed] +Error=To install Python packages system-wide, try + zypper install __PYTHONPREFIX__-xyz, where xyz is the package + you are trying to install. + + If you wish to install a non-rpm packaged Python package, + create a virtual environment using __PYTHON__ -m venv path/to/venv. + Then use path/to/venv/bin/python and path/to/venv/bin/pip. + + If you wish to install a non-rpm packaged Python application, + it may be easiest to use `pipx install xyz`, which will manage a + virtual environment for you. Install pipx via `zypper install __PYTHONPREFIX__-pipx` . diff --git a/fix_configure_rst.patch b/fix_configure_rst.patch new file mode 100644 index 0000000..7c6fd0e --- /dev/null +++ b/fix_configure_rst.patch @@ -0,0 +1,40 @@ +--- + Doc/using/configure.rst | 3 --- + Misc/NEWS | 2 +- + 2 files changed, 1 insertion(+), 4 deletions(-) + +--- a/Doc/using/configure.rst ++++ b/Doc/using/configure.rst +@@ -43,7 +43,6 @@ General Options + + See :data:`sys.int_info.bits_per_digit `. + +-.. option:: --with-cxx-main + .. option:: --with-cxx-main=COMPILER + + Compile the Python ``main()`` function and link Python executable with C++ +@@ -529,13 +528,11 @@ macOS Options + + See ``Mac/README.rst``. + +-.. option:: --enable-universalsdk + .. option:: --enable-universalsdk=SDKDIR + + Create a universal binary build. *SDKDIR* specifies which macOS SDK should + be used to perform the build (default is no). + +-.. option:: --enable-framework + .. option:: --enable-framework=INSTALLDIR + + Create a Python.framework rather than a traditional Unix install. Optional +--- a/Misc/NEWS ++++ b/Misc/NEWS +@@ -9774,7 +9774,7 @@ C API + - bpo-40939: Removed documentation for the removed ``PyParser_*`` C API. + + - bpo-43795: The list in :ref:`limited-api-list` now shows the public name +- :c:struct:`PyFrameObject` rather than ``_frame``. The non-existing entry ++ :c:type:`PyFrameObject` rather than ``_frame``. The non-existing entry + ``_node`` no longer appears in the list. + + - bpo-44378: :c:func:`Py_IS_TYPE` no longer uses :c:func:`Py_TYPE` to avoid diff --git a/gh120226-fix-sendfile-test-kernel-610.patch b/gh120226-fix-sendfile-test-kernel-610.patch new file mode 100644 index 0000000..2eb6f63 --- /dev/null +++ b/gh120226-fix-sendfile-test-kernel-610.patch @@ -0,0 +1,35 @@ +From 1b3f6523a5c83323cdc44031b33a1c062e5dc698 Mon Sep 17 00:00:00 2001 +From: Xi Ruoyao +Date: Fri, 7 Jun 2024 23:51:32 +0800 +Subject: [PATCH] gh-120226: Fix + test_sendfile_close_peer_in_the_middle_of_receiving on Linux >= 6.10 + (GH-120227) + +The worst case is that the kernel buffers 17 pages with a page size of 64k. +(cherry picked from commit a7584245661102a5768c643fbd7db8395fd3c90e) + +Co-authored-by: Xi Ruoyao +--- + Lib/test/test_asyncio/test_sendfile.py | 11 ++++------- + 1 file changed, 4 insertions(+), 7 deletions(-) + +--- a/Lib/test/test_asyncio/test_sendfile.py ++++ b/Lib/test/test_asyncio/test_sendfile.py +@@ -93,13 +93,10 @@ class MyProto(asyncio.Protocol): + + class SendfileBase: + +- # 256 KiB plus small unaligned to buffer chunk +- # Newer versions of Windows seems to have increased its internal +- # buffer and tries to send as much of the data as it can as it +- # has some form of buffering for this which is less than 256KiB +- # on newer server versions and Windows 11. +- # So DATA should be larger than 256 KiB to make this test reliable. +- DATA = b"x" * (1024 * 256 + 1) ++ # Linux >= 6.10 seems buffering up to 17 pages of data. ++ # So DATA should be large enough to make this test reliable even with a ++ # 64 KiB page configuration. ++ DATA = b"x" * (1024 * 17 * 64 + 1) + # Reduce socket buffer size to test on relative small data sets. + BUF_SIZE = 4 * 1024 # 4 KiB + diff --git a/idle3.appdata.xml b/idle3.appdata.xml new file mode 100644 index 0000000..554b7c4 --- /dev/null +++ b/idle3.appdata.xml @@ -0,0 +1,35 @@ + + + + + idle3.desktop + IDLE3 + CC0 + Python-2.0 + Python 3 Integrated Development and Learning Environment + +

+ IDLE is Python’s Integrated Development and Learning Environment. + The GUI is uniform between Windows, Unix, and Mac OS X. + IDLE provides an easy way to start writing, running, and debugging + Python code. +

+

+ IDLE is written in pure Python, and uses the tkinter GUI toolkit. + It provides: +

+
    +
  • a Python shell window (interactive interpreter) with colorizing of code input, output, and error messages,
    • +
  • a multi-window text editor with multiple undo, Python colorizing, smart indent, call tips, auto completion, and other features,
    • +
  • search within any window, replace within editor windows, and search through multiple files (grep),
    • +
  • a debugger with persistent breakpoints, stepping, and viewing of global and local namespaces.
    • +
+ + https://docs.python.org/3/library/idle.html + + http://in.waw.pl/~zbyszek/fedora/idle3-appdata/idle3-main-window.png + http://in.waw.pl/~zbyszek/fedora/idle3-appdata/idle3-class-browser.png + http://in.waw.pl/~zbyszek/fedora/idle3-appdata/idle3-code-viewer.png + + zbyszek@in.waw.pl + diff --git a/idle3.desktop b/idle3.desktop new file mode 100644 index 0000000..43f5a4c --- /dev/null +++ b/idle3.desktop @@ -0,0 +1,12 @@ +[Desktop Entry] +Version=1.0 +Name=IDLE 3 +GenericName=Python 3 IDE +Comment=Python 3 Integrated Development and Learning Environment +Exec=idle3 %F +TryExec=idle3 +Terminal=false +Type=Application +Icon=idle3 +Categories=Development;IDE; +MimeType=text/x-python; diff --git a/import_failed.map b/import_failed.map new file mode 100644 index 0000000..f33690c --- /dev/null +++ b/import_failed.map @@ -0,0 +1,7 @@ +python311-curses: curses _curses _curses_panel +python311-dbm: dbm _dbm _gdbm +python311-idle: idlelib +python311-testsuite: test _ctypes_test _testbuffer _testcapi _testinternalcapi _testimportmultiple _testmultiphase xxlimited +python311-tk: tkinter _tkinter +python311-tools: turtledemo +python311: sqlite3 readline _sqlite3 nis diff --git a/import_failed.py b/import_failed.py new file mode 100644 index 0000000..258b5a5 --- /dev/null +++ b/import_failed.py @@ -0,0 +1,23 @@ +import sys, os +from sysconfig import get_path + +failed_map_path = os.path.join(get_path('stdlib'), '_import_failed', 'import_failed.map') + +if __spec__: + failed_name = __spec__.name +else: + failed_name = __name__ + +with open(failed_map_path) as fd: + for line in fd: + package = line.split(':')[0] + imports = line.split(':')[1] + if failed_name in imports: + raise ImportError(f"""Module '{failed_name}' is not installed. +Use: + sudo zypper install {package} +to install it.""") + +raise ImportError(f"""Module '{failed_name}' is not installed. +It is supposed to be part of python3 distribution, but missing from failed import map. +Please file a bug on the SUSE Bugzilla.""") diff --git a/macros.python3 b/macros.python3 new file mode 100644 index 0000000..2bd193b --- /dev/null +++ b/macros.python3 @@ -0,0 +1,28 @@ +%have_python3 1 + +# commented out legacy macro definitions +#py3_prefix /usr +#py3_incdir /usr/include/python3.5m +#py3_ver 3.5 + +# these should now be provided by macros.python_all +#python3_sitearch /usr/lib64/python3.5/site-packages +#python3_sitelib /usr/lib/python3.5/site-packages +#python3_version 3.5 + +# hard to say if anyone ever used these? +#py3_soflags cpython-35m-x86_64-linux-gnu +#py3_abiflags m +%cpython3_soabi %(python3 -c "import sysconfig; print(sysconfig.get_config_var('SOABI'))") +%py3_soflags %cpython3_soabi + +# compilation macros that might be in use somewhere +%py3_compile(O) \ +find %1 -name '*.pyc' -exec rm -f {} ";"\ +python3 -c "import sys, os, compileall; br='%{buildroot}'; compileall.compile_dir(sys.argv[1], ddir=br and (sys.argv[1][len(os.path.abspath(br)):]+'/') or None)" %1\ +%{-O:\ +find %1 -name '*.pyo' -exec rm -f {} ";"\ +python3 -O -c "import sys, os, compileall; br='%{buildroot}'; compileall.compile_dir(sys.argv[1], ddir=br and (sys.argv[1][len(os.path.abspath(br)):]+'/') or None)" %1\ +} + + diff --git a/no-skipif-doctests.patch b/no-skipif-doctests.patch new file mode 100644 index 0000000..7e412d7 --- /dev/null +++ b/no-skipif-doctests.patch @@ -0,0 +1,653 @@ +only in patch2: +unchanged: +--- + Doc/library/turtle.rst | 82 ------------------------------------------------- + 1 file changed, 82 deletions(-) + +--- a/Doc/library/turtle.rst ++++ b/Doc/library/turtle.rst +@@ -440,7 +440,6 @@ Turtle motion + turtle is headed. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.position() + (0.00,0.00) +@@ -467,7 +466,6 @@ Turtle motion + >>> turtle.goto(0, 0) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.position() + (0.00,0.00) +@@ -486,13 +484,11 @@ Turtle motion + orientation depends on the turtle mode, see :func:`mode`. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.setheading(22) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.heading() + 22.0 +@@ -511,13 +507,11 @@ Turtle motion + orientation depends on the turtle mode, see :func:`mode`. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.setheading(22) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.heading() + 22.0 +@@ -540,13 +534,11 @@ Turtle motion + not change the turtle's orientation. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.goto(0, 0) + + .. doctest:: +- :skipif: _tkinter is None + + >>> tp = turtle.pos() + >>> tp +@@ -570,13 +562,11 @@ Turtle motion + unchanged. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.goto(0, 240) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.position() + (0.00,240.00) +@@ -592,13 +582,11 @@ Turtle motion + Set the turtle's second coordinate to *y*, leave first coordinate unchanged. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.goto(0, 40) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.position() + (0.00,40.00) +@@ -625,7 +613,6 @@ Turtle motion + =================== ==================== + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.setheading(90) + >>> turtle.heading() +@@ -638,14 +625,12 @@ Turtle motion + its start-orientation (which depends on the mode, see :func:`mode`). + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.setheading(90) + >>> turtle.goto(0, -10) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.heading() + 90.0 +@@ -677,7 +662,6 @@ Turtle motion + calculated automatically. May be used to draw regular polygons. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.position() +@@ -706,7 +690,6 @@ Turtle motion + + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.dot() +@@ -724,7 +707,6 @@ Turtle motion + it by calling ``clearstamp(stamp_id)``. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.color("blue") + >>> turtle.stamp() +@@ -740,7 +722,6 @@ Turtle motion + Delete stamp with given *stampid*. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.position() + (150.00,-0.00) +@@ -785,7 +766,6 @@ Turtle motion + undo actions is determined by the size of the undobuffer. + + .. doctest:: +- :skipif: _tkinter is None + + >>> for i in range(4): + ... turtle.fd(50); turtle.lt(80) +@@ -818,7 +798,6 @@ Turtle motion + turtle turn instantly. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.speed() + 3 +@@ -839,7 +818,6 @@ Tell Turtle's state + Return the turtle's current location (x,y) (as a :class:`Vec2D` vector). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.pos() + (440.00,-0.00) +@@ -855,7 +833,6 @@ Tell Turtle's state + orientation which depends on the mode - "standard"/"world" or "logo". + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.goto(10, 10) + >>> turtle.towards(0,0) +@@ -867,7 +844,6 @@ Tell Turtle's state + Return the turtle's x coordinate. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.left(50) +@@ -883,7 +859,6 @@ Tell Turtle's state + Return the turtle's y coordinate. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.left(60) +@@ -900,7 +875,6 @@ Tell Turtle's state + :func:`mode`). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.left(67) +@@ -917,7 +891,6 @@ Tell Turtle's state + other turtle, in turtle step units. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.distance(30,40) +@@ -941,7 +914,6 @@ Settings for measurement + Default value is 360 degrees. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.left(90) +@@ -964,7 +936,6 @@ Settings for measurement + ``degrees(2*math.pi)``. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.left(90) +@@ -975,7 +946,6 @@ Settings for measurement + 1.5707963267948966 + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.degrees(360) +@@ -1011,7 +981,6 @@ Drawing state + thickness. If no argument is given, the current pensize is returned. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.pensize() + 1 +@@ -1043,7 +1012,6 @@ Drawing state + attributes in one statement. + + .. doctest:: +- :skipif: _tkinter is None + :options: +NORMALIZE_WHITESPACE + + >>> turtle.pen(fillcolor="black", pencolor="red", pensize=10) +@@ -1066,7 +1034,6 @@ Drawing state + Return ``True`` if pen is down, ``False`` if it's up. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.penup() + >>> turtle.isdown() +@@ -1107,7 +1074,6 @@ Color control + newly set pencolor. + + .. doctest:: +- :skipif: _tkinter is None + + >>> colormode() + 1.0 +@@ -1156,7 +1122,6 @@ Color control + with the newly set fillcolor. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.fillcolor("violet") + >>> turtle.fillcolor() +@@ -1195,7 +1160,6 @@ Color control + with the newly set colors. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.color("red", "green") + >>> turtle.color() +@@ -1212,7 +1176,6 @@ Filling + ~~~~~~~ + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.home() +@@ -1222,7 +1185,6 @@ Filling + Return fillstate (``True`` if filling, ``False`` else). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.begin_fill() + >>> if turtle.filling(): +@@ -1247,7 +1209,6 @@ Filling + above may be either all yellow or have some white regions. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.color("black", "red") + >>> turtle.begin_fill() +@@ -1264,7 +1225,6 @@ More drawing control + variables to the default values. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.goto(0,-22) + >>> turtle.left(100) +@@ -1315,7 +1275,6 @@ Visibility + drawing observably. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.hideturtle() + +@@ -1326,7 +1285,6 @@ Visibility + Make the turtle visible. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.showturtle() + +@@ -1357,7 +1315,6 @@ Appearance + deal with shapes see Screen method :func:`register_shape`. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.shape() + 'classic' +@@ -1383,7 +1340,6 @@ Appearance + ``resizemode("user")`` is called by :func:`shapesize` when used with arguments. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.resizemode() + 'noresize' +@@ -1407,7 +1363,6 @@ Appearance + of the shape's outline. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.shapesize() + (1.0, 1.0, 1) +@@ -1432,7 +1387,6 @@ Appearance + heading of the turtle are sheared. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.shape("circle") + >>> turtle.shapesize(5,2) +@@ -1449,7 +1403,6 @@ Appearance + change the turtle's heading (direction of movement). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.reset() + >>> turtle.shape("circle") +@@ -1469,7 +1422,6 @@ Appearance + (direction of movement). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.reset() + >>> turtle.shape("circle") +@@ -1495,7 +1447,6 @@ Appearance + turtle (its direction of movement). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.reset() + >>> turtle.shape("circle") +@@ -1524,7 +1475,6 @@ Appearance + given matrix. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle = Turtle() + >>> turtle.shape("square") +@@ -1540,7 +1490,6 @@ Appearance + can be used to define a new shape or components of a compound shape. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.shape("square") + >>> turtle.shapetransform(4, -1, 0, 2) +@@ -1565,7 +1514,6 @@ Using events + procedural way: + + .. doctest:: +- :skipif: _tkinter is None + + >>> def turn(x, y): + ... left(180) +@@ -1586,7 +1534,6 @@ Using events + ``None``, existing bindings are removed. + + .. doctest:: +- :skipif: _tkinter is None + + >>> class MyTurtle(Turtle): + ... def glow(self,x,y): +@@ -1614,7 +1561,6 @@ Using events + mouse-click event on that turtle. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.ondrag(turtle.goto) + +@@ -1642,7 +1588,6 @@ Special Turtle methods + Return the last recorded polygon. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.begin_poly() +@@ -1662,7 +1607,6 @@ Special Turtle methods + turtle properties. + + .. doctest:: +- :skipif: _tkinter is None + + >>> mick = Turtle() + >>> joe = mick.clone() +@@ -1675,7 +1619,6 @@ Special Turtle methods + return the "anonymous turtle": + + .. doctest:: +- :skipif: _tkinter is None + + >>> pet = getturtle() + >>> pet.fd(50) +@@ -1689,7 +1632,6 @@ Special Turtle methods + TurtleScreen methods can then be called for that object. + + .. doctest:: +- :skipif: _tkinter is None + + >>> ts = turtle.getscreen() + >>> ts +@@ -1707,7 +1649,6 @@ Special Turtle methods + ``None``, the undobuffer is disabled. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.setundobuffer(42) + +@@ -1717,7 +1658,6 @@ Special Turtle methods + Return number of entries in the undobuffer. + + .. doctest:: +- :skipif: _tkinter is None + + >>> while undobufferentries(): + ... undo() +@@ -1740,7 +1680,6 @@ below: + For example: + + .. doctest:: +- :skipif: _tkinter is None + + >>> s = Shape("compound") + >>> poly1 = ((0,0),(10,-5),(0,10),(-10,-5)) +@@ -1751,7 +1690,6 @@ below: + 3. Now add the Shape to the Screen's shapelist and use it: + + .. doctest:: +- :skipif: _tkinter is None + + >>> register_shape("myshape", s) + >>> shape("myshape") +@@ -1771,7 +1709,6 @@ Most of the examples in this section ref + ``screen``. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> screen = Screen() +@@ -1788,7 +1725,6 @@ Window control + Set or return background color of the TurtleScreen. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.bgcolor("orange") + >>> screen.bgcolor() +@@ -1880,7 +1816,6 @@ Window control + distorted. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.reset() + >>> screen.setworldcoordinates(-50,-7.5,50,7.5) +@@ -1891,7 +1826,6 @@ Window control + ... left(45); fd(2) # a regular octagon + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> screen.reset() +@@ -1913,7 +1847,6 @@ Animation control + Optional argument: + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.delay() + 10 +@@ -1935,7 +1868,6 @@ Animation control + :func:`delay`). + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.tracer(8, 25) + >>> dist = 2 +@@ -1972,7 +1904,6 @@ Using screen events + must have the focus. (See method :func:`listen`.) + + .. doctest:: +- :skipif: _tkinter is None + + >>> def f(): + ... fd(50) +@@ -1993,7 +1924,6 @@ Using screen events + must have focus. (See method :func:`listen`.) + + .. doctest:: +- :skipif: _tkinter is None + + >>> def f(): + ... fd(50) +@@ -2018,7 +1948,6 @@ Using screen events + named ``turtle``: + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.onclick(turtle.goto) # Subsequently clicking into the TurtleScreen will + >>> # make the turtle move to the clicked point. +@@ -2038,7 +1967,6 @@ Using screen events + Install a timer that calls *fun* after *t* milliseconds. + + .. doctest:: +- :skipif: _tkinter is None + + >>> running = True + >>> def f(): +@@ -2120,7 +2048,6 @@ Settings and special methods + ============ ========================= =================== + + .. doctest:: +- :skipif: _tkinter is None + + >>> mode("logo") # resets turtle heading to north + >>> mode() +@@ -2135,7 +2062,6 @@ Settings and special methods + values of color triples have to be in the range 0..*cmode*. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.colormode(1) + >>> turtle.pencolor(240, 160, 80) +@@ -2156,7 +2082,6 @@ Settings and special methods + do with a Tkinter Canvas. + + .. doctest:: +- :skipif: _tkinter is None + + >>> cv = screen.getcanvas() + >>> cv +@@ -2168,7 +2093,6 @@ Settings and special methods + Return a list of names of all currently available turtle shapes. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.getshapes() + ['arrow', 'blank', 'circle', ..., 'turtle'] +@@ -2192,7 +2116,6 @@ Settings and special methods + coordinates: Install the corresponding polygon shape. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.register_shape("triangle", ((5,-3), (0,5), (-5,-3))) + +@@ -2208,7 +2131,6 @@ Settings and special methods + Return the list of turtles on the screen. + + .. doctest:: +- :skipif: _tkinter is None + + >>> for turtle in screen.turtles(): + ... turtle.color("red") +@@ -2270,7 +2192,6 @@ Methods specific to Screen, not inherite + center window vertically + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.setup (width=200, height=200, startx=0, starty=0) + >>> # sets window to 200x200 pixels, in upper left of screen +@@ -2286,7 +2207,6 @@ Methods specific to Screen, not inherite + Set title of turtle window to *titlestring*. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.title("Welcome to the turtle zoo!") + +@@ -2357,7 +2277,6 @@ Public classes + Example: + + .. doctest:: +- :skipif: _tkinter is None + + >>> poly = ((0,0),(10,-5),(0,10),(-10,-5)) + >>> s = Shape("compound") +@@ -2743,7 +2662,6 @@ Changes since Python 3.0 + + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> for turtle in turtles(): diff --git a/pre_checkin.sh b/pre_checkin.sh new file mode 100644 index 0000000..a2cf992 --- /dev/null +++ b/pre_checkin.sh @@ -0,0 +1,78 @@ +#!/bin/bash + +export LC_ALL=C + +master=python*.spec + +# create import_failed.map from package definitions +pkgname=$(grep python_pkg_name $master |grep define |awk -F' ' '{print $3}') +MAPFILE=import_failed.map +function new_map_line () { + package=$1 + package=$(echo $1 |sed -e "s:%{python_pkg_name}:$pkgname:") + modules=$2 + if [ -z "$package" -o -z "$modules" ]; then + return + fi + if [[ "$package" =~ "-base" ]]; then + return + fi + echo "$package:$modules" >> $MAPFILE.tmp +} + +for spec in *.spec; do + basename=${spec%.spec} + package= + modules= + while read line; do + case $line in + "%files -n "*) + new_map_line $package "$modules" + package=${line#"%files -n "} + modules= + ;; + "%files "*) + new_map_line $package "$modules" + package=$basename-${line#"%files "} + modules= + ;; + "%files") + new_map_line $package "$modules" + package=$basename + modules= + ;; + "%{sitedir}/config-"*) + # ignore + ;; + "%{sitedir}/"*) + word=${line#"%{sitedir}/"} + if ! echo $word | grep -q /; then + modules="$modules $word" + fi + ;; + "%{dynlib "*"}") + word=${line#"%{dynlib "} + word=${word%"}"} + modules="$modules $word" + ;; + esac + done < $spec + new_map_line $package "$modules" +done + +cat $MAPFILE.tmp |sort -u > $MAPFILE +rm $MAPFILE.tmp + +# run test inclusion check +tar xJf Python-*.xz +python3 skipped_tests.py + +# generate baselibs.conf +VERSION=$(grep ^Version $master|awk -F':' '{print $2}' |sed -e 's/ //g') +python_version=${VERSION:0:3} # 3.3 +python_version_abitag=${python_version//./} # 33 +python_version_soname=${python_version//./_} # 3_3 +echo "$pkgname-base" > baselibs.conf +echo "$pkgname" >> baselibs.conf +echo "libpython$python_version_soname-1_0" >> baselibs.conf + diff --git a/python-3.3.0b1-fix_date_time_compiler.patch b/python-3.3.0b1-fix_date_time_compiler.patch new file mode 100644 index 0000000..cda20d7 --- /dev/null +++ b/python-3.3.0b1-fix_date_time_compiler.patch @@ -0,0 +1,27 @@ +--- + Makefile.pre.in | 7 +++++++ + 1 file changed, 7 insertions(+) + +Index: Python-3.11.8/Makefile.pre.in +=================================================================== +--- Python-3.11.8.orig/Makefile.pre.in ++++ Python-3.11.8/Makefile.pre.in +@@ -1240,11 +1240,18 @@ Modules/getbuildinfo.o: $(PARSER_OBJS) \ + $(DTRACE_OBJS) \ + $(srcdir)/Modules/getbuildinfo.c + $(CC) -c $(PY_CORE_CFLAGS) \ ++ -DDATE="\"`date -u -r Makefile.pre.in +"%b %d %Y"`\"" \ ++ -DTIME="\"`date -u -r Makefile.pre.in +"%T"`\"" \ + -DGITVERSION="\"`LC_ALL=C $(GITVERSION)`\"" \ + -DGITTAG="\"`LC_ALL=C $(GITTAG)`\"" \ + -DGITBRANCH="\"`LC_ALL=C $(GITBRANCH)`\"" \ + -o $@ $(srcdir)/Modules/getbuildinfo.c + ++Python/getcompiler.o: $(srcdir)/Python/getcompiler.c Makefile ++ $(CC) -c $(PY_CORE_CFLAGS) \ ++ -DCOMPILER='"[GCC]"' \ ++ -o $@ $(srcdir)/Python/getcompiler.c ++ + Modules/getpath.o: $(srcdir)/Modules/getpath.c Python/frozen_modules/getpath.h Makefile $(PYTHON_HEADERS) + $(CC) -c $(PY_CORE_CFLAGS) -DPYTHONPATH='"$(PYTHONPATH)"' \ + -DPREFIX='"$(prefix)"' \ diff --git a/python-3.3.0b1-localpath.patch b/python-3.3.0b1-localpath.patch new file mode 100644 index 0000000..475497e --- /dev/null +++ b/python-3.3.0b1-localpath.patch @@ -0,0 +1,13 @@ +Index: Python-3.11.8/Lib/site.py +=================================================================== +--- Python-3.11.8.orig/Lib/site.py ++++ Python-3.11.8/Lib/site.py +@@ -77,7 +77,7 @@ import io + import stat + + # Prefixes for site-packages; add additional prefixes like /usr/local here +-PREFIXES = [sys.prefix, sys.exec_prefix] ++PREFIXES = [sys.prefix, sys.exec_prefix, '/usr/local'] + # Enable per user site-packages directory + # set it to False to disable the feature or True to force the feature + ENABLE_USER_SITE = None diff --git a/python-3.3.0b1-test-posix_fadvise.patch b/python-3.3.0b1-test-posix_fadvise.patch new file mode 100644 index 0000000..ac5d553 --- /dev/null +++ b/python-3.3.0b1-test-posix_fadvise.patch @@ -0,0 +1,17 @@ +--- + Lib/test/test_posix.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +Index: Python-3.11.8/Lib/test/test_posix.py +=================================================================== +--- Python-3.11.8.orig/Lib/test/test_posix.py ++++ Python-3.11.8/Lib/test/test_posix.py +@@ -430,7 +430,7 @@ class PosixTester(unittest.TestCase): + def test_posix_fadvise(self): + fd = os.open(os_helper.TESTFN, os.O_RDONLY) + try: +- posix.posix_fadvise(fd, 0, 0, posix.POSIX_FADV_WILLNEED) ++ posix.posix_fadvise(fd, 0, 0, posix.POSIX_FADV_RANDOM) + finally: + os.close(fd) + diff --git a/python.keyring b/python.keyring new file mode 100644 index 0000000..747bc27 --- /dev/null +++ b/python.keyring @@ -0,0 +1,109 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBFq+ToQBEADRYvIVtbK6owynD3j3nxwpW2KEk/p+aDvtXmc2SR2dBcZ8sFW2 +R5vEsG8d3/D3wgv5pcL3KfNNXQYUnXVbobrFUUWQYc79qIsE3MgiPf5NVOtwKPUR +i5g9YJgKvpBxkQfqp3LYGm9ZBtwo3DVLA3yn7KsazCmAgTNFJYw7ku1XxgmIzY6K +5J30DfbJiqDqj4f9GslCCCCH3qiPnuLG/HUyVLHMpbWlaiy9NI0GcaLxjJewHj9w +W2D2lydkxe5JGo7egUkV3ILcuLVSVKA35SKY27dYqfuyqp9tAzaRbjDYjsYdHA6G +BqrNrKBn/GwlFDPrVdcvN3ZSY2wMLTxWE3Axc/FweuHxFnou/80FwX7F3JD+oEQ6 +rofmcxOBCC7J98I7HZAhP9jBn88XIS2hztbLq8d6rZJZRtcz0k61VR0ddO+TrFmf +9rMYCPgCckRtVxeFIVIabrN1IzKynLFeo040h8hSGswd6YKDOVwjJY6Oa6EmVefZ +a8QSt4+M65RSzH6SEPY008F3nJUAK6MEkzTak+tFltZNrVWu8p2xd1j9nmxAwEhZ +/lgbxLqzYgaUWmfyHeZ8yVA0MhHzdiAL8nVUEdG3KecIq0RWCJLGLWWIjd6KAJl1 +yAmhRYKK/sjPDsL3elHsFACfZbyx3o5GGQNlas1FYoPLWbaNGaJtgFTF2QARAQAB +tCtQYWJsbyBHYWxpbmRvIFNhbGdhZG8gPHBhYmxvZ3NhbEBnbWFpbC5jb20+iQJO +BBMBCgA4FiEEoDXIwZIZuoIezqhrZOYo+NaEaW0FAlq+ToQCGwMFCwkIBwMFFQoJ +CAsFFgIDAQACHgECF4AACgkQZOYo+NaEaW2bmA/+PXIap2udLoUVOHxnsIBdqYwp +sv1Aj5lfIJmNhmxPbHShwp1Jg+w4urxe+2Dj5ofKVlIo1i83bQkvnKJMDXDVuc/K +P6zqhBJ3rT4Q3qx2mzX8bIfQoJ2JHuH4lkP+I7doDcHHRyeNASyk72VdQmU4twNw +Ibn8nSNV6ThKHdoPYzVnO2rZUFcGIqH5HNsvR+B7cc1MBCHsgURYwSVhSePIFGlZ +iasdBD6QQkDSe4QWi7AcJFWFElw4kbOKJWxAWsrEk+tMXJVGRjnmL289EmPCx/vx +BqKy7Mse0yWCSRR3vB+O6TB1S5SgEyEgqlYsfGNv1qf/rfRD4KkyCbNU3LhY1Aim +vJP4pDW+KFxTk2Ks8vrx8gOSd2aFqPeO/pFDrpsF7PD62XwsfoXu4xc5V0Giw7r1 +Nai0nax7kOrldNF8TbbtRjW0jmoC7wLIDujAkwDIOroZ0CXA3N4HVHdSbrHm/urX +nyxJXupXAQNwGx64JCBcbF2fp3Kvu1VAXBEFnd01KaopthHcbG5pA50Kl2Vhe+98 +OdezUX42fHkQpQkB7HgtXfm6W1bw6YRBamrNvs1OoHBYmUjlECpe566IIu25Hc8s +x3qA+6eca7iqizyLG+WyMT8ZIYTWGAS59jxwR4esqGczbbZPSAPHFwLbGv7Wr0Rd +TPu5B0FcKpDkTd4IxQW5Ag0EWr5O2gEQAMjLe4CtbSfofmJrz5wfNkMVsZ81Gbqe +MoYd3dtkJnQYERUj8flzBj3ucaxGJ+Cuf7ybh3naPopKvEI1q0vkcgCDqrEgXK// +jKJbP28uPSMGhOG28q4PbamG55gy5FtM3ezzAxPWWKe9qBpV65GMmFy7eBQx2iJs +yiDIOOQQ4kraS+cTqNFimEXAGLCOQRNLcwIZzwAAHoW7HEpNUfVwaBD9kMlbo1ND +I60IKcNrNcmcmRxhJqfxjj8YBMwcKHO6GBE3AVpaE/+UO9zyr4TH+0YuQUgxKlPW +Dkg5XlkDo0S1GyLY5e9ckIDIlkTdDa2pOkoE2yB5MQCEga3YiHrKUVTTWaxn9XVJ +6x5ZjUF6bgSWGkrG5dUqSYoO1iDMuNVjtiujNyf/rvfj5cNxS7/lgxchhQKZHZXL +WVqxlneeVJ6s0P4+ROVG9ga2Sve7aUJ6wXIewZwulBcV2sE/W/DgxHgLBi53CUQt +vEzFzKvo48GnDqL5VYjA7l0HMYHd4GksCLi8E8U6Cgj+imXiM8voL7pHRZfs8mY8 +udR+UT4e1Scl2MYP2qBJ9/17B/X52B3s1EZdqI/r+hfOyqrhPs+dbAN0mtMPn68+ +nrvY1+nscvrSYEP6ZBlc9Hp2mgJdb6IcTvINXBEeLRjgc3pjViva443pkiFp9Axm +ecOckMKP3uSlABEBAAGJBGwEGAEKACAWIQSgNcjBkhm6gh7OqGtk5ij41oRpbQUC +Wr5O2gIbAgJACRBk5ij41oRpbcF0IAQZAQoAHRYhBM/cokWxBDzypfl4Zf/odAQW +i9hHBQJavk7aAAoJEP/odAQWi9hHr7YP/RCLre1CmOoWYpAtoa1yVCeYMDV6eQgL +B488/BEZHQE1zbrYy16XkhORob3JF/kUMjmJW7XaFF8FrWvRcdj/xaUGbOOEulKg +v+8zWfswYQRiZ4/JlwER4vRLi6fTE89MVER6Fkj2ASD4D2cifY+EztD4flV3sq3s +vIogGFaN9IvdrdeptOVGXs1RmAyoTsiS2mKQ6xsGh8B9ZAm55W8fBOGiSzLX21Xk +Ofdw53BrFQxn3cu/JgIKpdeZxgukcvEAI62B6X+YL6Na4j0eqEGLzsNtU1+xeJlo +WtVvmRwnRHGSxF6fzIZ3mk/p/aFiXAEq/xITCTY6tDv7x7pFE/RpdlJZyNJ+R5Y4 +SQiuDsylxNCa/4G5EB6q+7iVYtbEQ9MnZg2phowEE42tlj0rz8/rvDK3LH3xibot +KHIodCWKlWByxH99u2PuHUQ0c1oCVBUE1KkruMpvI236DpU/dvdq4JLSg/fWrys/ +VIjqLZgsIE5g/KO9XqngWHkLcBLh4CNAmHJ8Iia+s+/rfgsejQWB5uJb6eYg2JjB +4WP1EI0rULM6fdrCNB+MJ36wE2Lnb4bfT0phOMgjjH5/Ki7ZCbkxkOsBs4SRjiS+ +weCsmpAtMqodWY/Cnw9pWSA/qLSRD5/mKeb9SO6OZ/OPfAatwnGHsvZ2sAueC6rR +04W5BfXZWrnJUXQP/id/EKE1Ksp5fKoxSCbkKTCig+Sf5Afwe36yFN+niZBqzn5b +BgL/HIKaZM97oDHersPPANeEgS+JVlBf95iKIYnQbZP43FLVbvOuaINhBIVtFO54 +2Y7EYwl41kP7ILDElVy36KAmdQyBAfrjnZiRA70xShOxApLug1L0lxhR3YfmLwNi +RJ0V6KnYDKf0pfdhO9VFyFFWUojX1usn2SmSsXNizsNtvRqHXzPnX0rbJzZ9+N4O +9k1nxygYFG/2R/jGonVmTjRzcAHrAkNJETMWXMA7/8wRMDwluz8j+cCldey9x8Vk +JwgLGnZSbQtVpcFAnm5r/36Gt+9wc1VWMyrUrVr6Z679aqAbG7PMaeR5h5ygMj1k +VqRTYAUPSk1f8bZKRssQkQwEbp9dVIjm9SsR8VT7/tB+UuB85dABxgHfv3psJRT+ +tL8g9V7kSZqQfcLNGmvEVvr2Zl9NtxwXtsFM2OBprxCenwb+e9Ppm1LjfJG/NE72 +mAnOERfDaiLt4bqNo36Ei5sGCJ4Fx61phzNBXzkdRNM47i8J5UZRKFkE91c99BVM +HKUaY61NRK24fR0zP98ftDU82YFw0VRFJpTeBrO5ivN1MlQxUPzUWxKxMxO+20wa +UOXroEw11Tb4SRLGOla1pCl6lCUPJRy9IzadPDgTr/OTMkob/snt/XLdnV5/uQIN +BFq+TvoBEAC8Oy1g6pPWBbrCMhIq7VWY2fjylJ1fwg5BPXkOKVK1dsGYO4QD7oW9 +L0aSqcFSNFGF9Cl0Ri4TFXZC3hnG4HeSXUWApuKdBLn21H3jba36Ay1oGcGfdm0v +Zght4c6BlMVBpGCw2wIkJbUNEy6InMM+O8CCbbaH3iJkJ4141P7pODHignx5AmZI +conMui4YOhC+IXQXynVEv1Juk7erB1Nh1RcRvsA4lb44HWx49lIwe85ejOmoZ0O3 +6f9NJRer6bV0+rHWmg4IV5Q9h/Gn4IhEDZxA0DZl1RQI7dMgaMbIFbXGq7Kgzstz +EUnOoy29hXodxVmwIsMrAiQUYtwJ9hW+ESsw47+W2iPHVgviGWl7r/SgcgMYmf6m +5kiTBtwU7BQPS9G3zwwP2Rm3AA/6g39Q+tQKjOwi1I8+GZsY2On44Zly7BreBNg5 +4gJgdAGcMOYU9etr050clH3UpTYcAEtX++ahtOKhJgLIPNcIAQNlnifqvU0VYpgw +R4YpZ7hgg+AVDzC73PIM0lFI0XiDuqChbxE+K1jmLXWe5iJF0dzgVTwP+PmsifNZ +Wg3+YxSsS+hDMPQ2xPiQN49gT4JJDHcDuyhHyCGYgyMiVJCsku9KrkubbfVRivyN +ZF2Zfo3f+nbrRxsftz0yjAq8byCvb0V0XOpt4pJ/ddlug9ytRxALNwARAQABiQI2 +BBgBCgAgFiEEoDXIwZIZuoIezqhrZOYo+NaEaW0FAlq+TvoCGwwACgkQZOYo+NaE +aW3urA//UQ/cKQ7HvWjcLphzQOZc+6m5YL0wxvZkSjemU7mqjZdpacteIvRAoers +EqXHc208liIBtNfRzoreXdcXNzie65xXkrRnWoHVH/fTWy4lOnHr2CMXLeHjUgg/ +M6PYi8+sARm05YFB8nsYhlhx3IdLhcfeVVbJedQKO0yL3CK1okT30DUVq5Lq6X/K +DC6AxuJR3D6UMSoT0WLaoX8qbhAp88qLynInfBVL18d97h916WPLTPeP0eHwhwND +bYtKDCMDuKQ9XX5+QsNH0RmbxlX274LHrUMMvkLKxcfCBvP+iuqrBeIuoeVzXYJZ +j7ZJtEH79bW44eecl/CY/STFYgSQ2XGTp2BI2q60wAmtKlNhwxY5ena0FgyFl6Tm +5OBHW/Pwo+ndQJGfbrCyWkTgRay9c8er3gl3GQYIBH6X0kCiG7h/Epj0b5CHOPU5 +hCw0kEB8MB4poTIjeiY+Q01472/lQ68CL3DX158hR5d3XaPSIxAN+qFsfB1o316p +yjxhfK1MD/IfrOgjlggPPnc/KmLkCzpgdwKcZwLCdZq9hYBvF1Zs34HbaVMYbWTK +uxLowtXGU43vatCXXqmPOvl4/g4tZD6rysJDgOrHQnEHzT+Napn07s0BRC0IbbNn +FynUrkr5KMSuRz7Hg7xMApENOrb0nqdHSUJ914ZpuMIS6RhJgGu5Ag0EWr5PIAEQ +ALfh9vPD2B+miHDTMADI8aRZ7g9tnzynZYkk3+2sCiiusetsQQ+HIPJ/ASEJB7On +ane9dyT/LTRhrK9qaxgVMimk2COXB/xyh7Mnw7nJgFU0aRSbtX0vbvQz2suSzrQ6 +9mPKzan28JGoClqB0bw1vwf3VjjxHV2dgD57CmqFPv7kAC/2a56dE+etzXattZAL ++2JWTpmfQ0ePRRadtBm0VahQhnU8x0+jvAVrEawqpVW83ozYFyW/0WInM2J7jHgQ +16OosY4lj5L/DxpVxaArhRFoRfWPXfC37iE8Mou/I95isvPQIhp1wTo4jG0KM02B +oIVbp/QRNBQ6WtpOzvJs1gqQiJJTfqbKJXQ3NDEY9crpVS83HJ+Zv99PNsyNkFjG +QpU84U3ZhsI4ygjdY45mpZueqI1RVcRQdu8Hgvoo/78Q/Sir6gMGop3mVdVo2guI +kFcJrXh0Xk3ech4aVqrmKx/mPXGwOAQU0DAul4RW3fKg1QxQE7Tlw3+95Ee/+q5j +HARL0uDbCJpRO8Sl8NDEuL32n/2Ot6kQeCSHrU7KJRYAkTxkKvr8zNow7hFhHFPE +SnHvTnskI6noh0VY6NwMhmLvhm0wKkRxZPzUNc3sgLvbK1NymIZ9aKCZamzhZrmG +vnblEz/OSLwGUua465H3hM1vvBQiartj7+6ZqWIkSmBPABEBAAGJAjYEGAEKACAW +IQSgNcjBkhm6gh7OqGtk5ij41oRpbQUCWr5PIAIbIAAKCRBk5ij41oRpbWmeEACG ++axtDC8UoNp9ORiYwEWLzZWDuugE+ah7DYYGD4Vs633FXVZW3SgM/bFtJ/0Lg8CF +74jI4LMHyIjDzEjcoItwnhBLix+kUoJTvrY58GPydwekLuw1p4KXLqtRs4fsZbNQ +YTknl4jYtRWoxO98x7tun7Gq2gqmJkIB2uj630fKz5cBk6p6oDFKjzyrHe+V7BiK +3okQPaD4x7hq8OnTy7lOy92ZZAqztS4tNEb4DkYW1MpuwsJ7hbBZitc1siI+FVVb +GjVVGZz6ssXoW67Tz8+VxdWJxNLXlv27eMcj4sme5S0th/YYNA5fRRv6zuzqZAru +YNGLpYYU7JLvZJ+3lCwa5j5ycOGBF0GvsGs6gj6h+CHkjR/BgzAgWC+GgUgslt6q +aH04rWtV6rVz+Y91LcrX5P6OM4anmXD3Gp3kl35AypXb4KyASF19+11RUziD4Z7q +wQEWfbwOltNyZv2lD8s2jPr7P02axWRQUbZAEhxRmvOQev/FZPyCF6gqUo/HxRbQ +y3bzmnipyHSv1DlXNfCFCHvN8kGyZnRWARqIKRg+j9ediJgOUqlLhg6KmrTVxd5v +3Dfv52PW2UODDTM20s3cQGuX/UswzMRwPI/+P44iCMwEKdm7duM/5oisZT9Vhy7g +P15MreFZLcZvUVgjqgy0u57cstyGK1Bo9e2sFcK2fA== +=6Zb4 +-----END PGP PUBLIC KEY BLOCK----- diff --git a/python311-rpmlintrc b/python311-rpmlintrc new file mode 100644 index 0000000..5b35f34 --- /dev/null +++ b/python311-rpmlintrc @@ -0,0 +1,3 @@ +addFilter("pem-certificate.*/usr/lib.*/python.*/test/*.pem") +addFilter("devel-file-in-non-devel-package.*/usr/lib.*/python.*/tests/*.c") +addFilter("devel-file-in-non-devel-package.*/usr/lib.*/python.*/test/*.cpp") diff --git a/python311.changes b/python311.changes new file mode 100644 index 0000000..f4a51d8 --- /dev/null +++ b/python311.changes @@ -0,0 +1,5443 @@ +------------------------------------------------------------------- +Wed Oct 2 16:18:29 UTC 2024 - Matej Cepl + +- Drop .pyc files from docdir for reproducible builds + +------------------------------------------------------------------- +Mon Sep 9 16:53:07 UTC 2024 - Matej Cepl + +- Update to 3.11.10: + - Security + - gh-123678: Upgrade libexpat to 2.6.3 + - gh-121957: Fixed missing audit events around interactive + use of Python, now also properly firing for ``python -i``, + as well as for ``python -m asyncio``. The event in question + is ``cpython.run_stdin``. + - gh-122133: Authenticate the socket connection for the + ``socket.socketpair()`` fallback on platforms where + ``AF_UNIX`` is not available like Windows. Patch by + Gregory P. Smith and Seth Larson + . Reported by Ellie + - gh-121285: Remove backtracking from tarfile header parsing + for ``hdrcharset``, PAX, and GNU sparse headers + (bsc#1230227, CVE-2024-6232). + - gh-118486: :func:`os.mkdir` on Windows now accepts + *mode* of ``0o700`` to restrict the new directory to + the current user. This fixes CVE-2024-4030 affecting + :func:`tempfile.mkdtemp` in scenarios where the base + temporary directory is more permissive than the default. + - gh-116741: Update bundled libexpat to 2.6.2 + - Library + - gh-123270: Applied a more surgical fix for malformed + payloads in :class:`zipfile.Path` causing infinite loops + (gh-122905) without breaking contents using legitimate + characters (bsc#1229704, CVE-2024-8088). + - gh-123067: Fix quadratic complexity in parsing ``"``-quoted + cookie values with backslashes by :mod:`http.cookies` + (bsc#1229596, CVE-2024-7592). + - gh-122905: :class:`zipfile.Path` objects now sanitize names + from the zipfile. + - gh-121650: :mod:`email` headers with embedded newlines are + now quoted on output. The :mod:`~email.generator` will now + refuse to serialize (write) headers that are unsafely folded + or delimited; see :attr:`~email.policy.Policy.verify_generated_headers`. + (Contributed by Bas Bloemsaat and Petr Viktorin in + :gh:`121650`; CVE-2024-6923, bsc#1228780). + - gh-119506: Fix :meth:`!io.TextIOWrapper.write` method + breaks internal buffer when the method is called again + during flushing internal buffer. + - gh-118643: Fix an AttributeError in the :mod:`email` module + when re-fold a long address list. Also fix more cases of + incorrect encoding of the address separator in the address + list. + - gh-113171: Fixed various false positives and false + negatives in * :attr:`ipaddress.IPv4Address.is_private` + (see these docs for details) * + :attr:`ipaddress.IPv4Address.is_global` * + :attr:`ipaddress.IPv6Address.is_private` * + :attr:`ipaddress.IPv6Address.is_global` Also in the + corresponding :class:`ipaddress.IPv4Network` and + :class:`ipaddress.IPv6Network` attributes. + Fixes bsc#1226448 (CVE-2024-4032). + - gh-102988: :func:`email.utils.getaddresses` and + :func:`email.utils.parseaddr` now return ``('', '')`` + 2-tuples in more situations where invalid email addresses + are encountered instead of potentially inaccurate + values. Add optional *strict* parameter to these two + functions: use ``strict=False`` to get the old behavior, + accept malformed inputs. ``getattr(email.utils, + 'supports_strict_parsing', False)`` can be use to check if + the *strict* paramater is available. Patch by Thomas Dwyer + and Victor Stinner to improve the CVE-2023-27043 fix + (bsc#1210638). + - gh-67693: Fix :func:`urllib.parse.urlunparse` and + :func:`urllib.parse.urlunsplit` for URIs with path starting + with multiple slashes and no authority. Based on patch by + Ashwin Ramaswami. + - Core and Builtins + - gh-112275: A deadlock involving ``pystate.c``'s + ``HEAD_LOCK`` in ``posixmodule.c`` at fork is now + fixed. Patch by ChuBoning based on previous Python 3.12 fix + by Victor Stinner. + - gh-109120: Added handle of incorrect star expressions, e.g + ``f(3, *)``. Patch by Grigoryev Semyon +- Removed upstreamed patches: + - CVE-2023-27043-email-parsing-errors.patch + - CVE-2024-4032-private-IP-addrs.patch + - CVE-2024-6923-email-hdr-inject.patch + - CVE-2024-8088-inf-loop-zipfile_Path.patch + +------------------------------------------------------------------- +Mon Sep 2 09:44:26 UTC 2024 - Matej Cepl + +- Add gh120226-fix-sendfile-test-kernel-610.patch to avoid + failing test_sendfile_close_peer_in_the_middle_of_receiving + tests on Linux >= 6.10 (GH-120227). + +------------------------------------------------------------------- +Wed Aug 28 16:54:34 UTC 2024 - Matej Cepl + +- Add CVE-2024-8088-inf-loop-zipfile_Path.patch to prevent + malformed payload to cause infinite loops in zipfile.Path + (bsc#1229704, CVE-2024-8088). + +------------------------------------------------------------------- +Wed Aug 7 12:12:42 UTC 2024 - Matej Cepl + +- Add CVE-2024-6923-email-hdr-inject.patch to prevent email + header injection due to unquoted newlines (bsc#1228780, + CVE-2024-6923). +- %{profileopt} variable is set according to the variable + %{do_profiling} (bsc#1227999) + +------------------------------------------------------------------- +Mon Jul 22 21:20:55 UTC 2024 - Matej Cepl + +- Remove %suse_update_desktop_file macro as it is not useful any + more. + +------------------------------------------------------------------- +Thu Jul 18 22:37:07 UTC 2024 - Matej Cepl + +- Adding bso1227999-reproducible-builds.patch fixing bsc#1227999 + adding reproducibility patches from gh#python/cpython!121872 + and gh#python/cpython!121883. + +------------------------------------------------------------------- +Mon Jul 15 12:14:05 UTC 2024 - Matej Cepl + +- Stop using %%defattr, it seems to be breaking proper executable + attributes on /usr/bin/ scripts (bsc#1227378). + +------------------------------------------------------------------- +Tue Jul 2 10:32:58 UTC 2024 - Daniel Garcia + +- Update F00251-change-user-install-location.patch to make pip and + modern tools install directly in /usr/local when used by the user. + bsc#1225660 + +------------------------------------------------------------------- +Tue Jun 25 21:57:40 UTC 2024 - Matej Cepl + +- Add CVE-2024-4032-private-IP-addrs.patch to fix bsc#1226448 + (CVE-2024-4032) rearranging definition of private v global IP + addresses. + +------------------------------------------------------------------- +Wed May 1 08:39:08 UTC 2024 - Matej Cepl + +- Update CVE-2023-52425-libexpat-2.6.0-backport.patch + so that it uses features sniffing, not just + comparing version number. Include also + support-expat-CVE-2022-25236-patched.patch. +- Add CVE-2023-52425-remove-reparse_deferral-tests.patch skipping + failing tests. +- Refresh patches: + - CVE-2023-27043-email-parsing-errors.patch + - fix_configure_rst.patch + - skip_if_buildbot-extend.patch +- Remove included patch: + - support-expat-CVE-2022-25236-patched.patch + +------------------------------------------------------------------- +Mon Apr 15 10:31:32 UTC 2024 - Daniel Garcia + +- Add CVE-2023-52425-libexpat-2.6.0-backport.patch to fix tests with + patched libexpat below 2.6.0 that doesn't update the version number, + just in SLE. + +------------------------------------------------------------------- +Mon Apr 8 05:44:04 UTC 2024 - Daniel Garcia + +- Remove not needed upstream patches: + * libexpat260.patch + * CVE-2023-6597-TempDir-cleaning-symlink.patch, bsc#1219666 + +- Update to 3.11.9: + * Security + - gh-115398: Allow controlling Expat >=2.6.0 reparse deferral + (CVE-2023-52425, bsc#1219559) by adding five new methods: + xml.etree.ElementTree.XMLParser.flush() + xml.etree.ElementTree.XMLPullParser.flush() + xml.parsers.expat.xmlparser.GetReparseDeferralEnabled() + xml.parsers.expat.xmlparser.SetReparseDeferralEnabled() + xml.sax.expatreader.ExpatParser.flush() + - gh-115399: Update bundled libexpat to 2.6.0 + - gh-115243: Fix possible crashes in collections.deque.index() + when the deque is concurrently modified. + - gh-114572: ssl.SSLContext.cert_store_stats() and + ssl.SSLContext.get_ca_certs() now correctly lock access to the + certificate store, when the ssl.SSLContext is shared across + multiple threads (bsc#1226447, CVE-2024-0397). + * Core and Builtins + - gh-116296: Fix possible refleak in object.__reduce__() internal + error handling. + - gh-116034: Fix location of the error on a failed assertion. + - gh-115823: Properly calculate error ranges in the parser when + raising SyntaxError exceptions caused by invalid byte sequences. + Patch by Pablo Galindo + - gh-112087: For an empty reverse iterator for list will be + reduced to reversed(). Patch by Donghee Na. + - gh-115011: Setters for members with an unsigned integer type now + support the same range of valid values for objects that has a + __index__() method as for int. + - gh-96497: Fix incorrect resolution of mangled class variables + used in assignment expressions in comprehensions. + * Library + - gh-117310: Fixed an unlikely early & extra Py_DECREF triggered + crash in ssl when creating a new _ssl._SSLContext if CPython was + built implausibly such that the default cipher list is empty or + the SSL library it was linked against reports a failure from its + C SSL_CTX_set_cipher_list() API. + - gh-117178: Fix regression in lazy loading of self-referential + modules, introduced in gh-114781. + - gh-117084: Fix zipfile extraction for directory entries with the + name containing backslashes on Windows. + - gh-117110: Fix a bug that prevents subclasses of typing.Any to + be instantiated with arguments. Patch by Chris Fu. + - gh-90872: On Windows, subprocess.Popen.wait() no longer calls + WaitForSingleObject() with a negative timeout: pass 0 ms if the + timeout is negative. Patch by Victor Stinner. + - gh-116957: configparser: Don’t leave ConfigParser values in an + invalid state (stored as a list instead of a str) after an + earlier read raised DuplicateSectionError or + DuplicateOptionError. + - gh-90095: Ignore empty lines and comments in .pdbrc + - gh-116764: Restore support of None and other false values in + urllib.parse functions parse_qs() and parse_qsl(). Also, they + now raise a TypeError for non-zero integers and non-empty + sequences. + - gh-116811: In PathFinder.invalidate_caches, delegate to + MetadataPathFinder.invalidate_caches. + - gh-116600: Fix repr() for global Flag members. + - gh-116484: Change automatically generated tkinter.Checkbutton + widget names to avoid collisions with automatically generated + tkinter.ttk.Checkbutton widget names within the same parent + widget. + - gh-116401: Fix blocking os.fwalk() and shutil.rmtree() on + opening named pipe. + - gh-116143: Fix a race in pydoc _start_server, eliminating a + window in which _start_server can return a thread that is + “serving” but without a docserver set. + - gh-116325: typing: raise SyntaxError instead of AttributeError + on forward references as empty strings. + - gh-90535: Fix support of interval values > 1 in + logging.TimedRotatingFileHandler for when='MIDNIGHT' and + when='Wx'. + - gh-115978: Disable preadv(), readv(), pwritev(), and writev() on + WASI. + - Under wasmtime for WASI 0.2, these functions don’t pass + test_posix + (https://github.com/bytecodealliance/wasmtime/issues/7830). + - gh-88352: Fix the computation of the next rollover time in the + logging.TimedRotatingFileHandler handler. computeRollover() now + always returns a timestamp larger than the specified time and + works correctly during the DST change. doRollover() no longer + overwrite the already rolled over file, saving from data loss + when run at midnight or during repeated time at the DST change. + - gh-87115: Set __main__.__spec__ to None when running a script + with pdb + - gh-76511: Fix UnicodeEncodeError in email.Message.as_string() + that results when a message that claims to be in the ascii + character set actually has non-ascii characters. Non-ascii + characters are now replaced with the U+FFFD replacement + character, like in the replace error handler. + - gh-75988: Fixed unittest.mock.create_autospec() to pass the call + through to the wrapped object to return the real result. + - gh-115881: Fix issue where ast.parse() would incorrectly flag + conditional context managers (such as with (x() if y else z()): + ...) as invalid syntax if feature_version=(3, 8) was passed. + This reverts changes to the grammar made as part of gh-94949. + - gh-115886: Fix silent truncation of the name with an embedded + null character in multiprocessing.shared_memory.SharedMemory. + - gh-115809: Improve algorithm for computing which rolled-over log + files to delete in logging.TimedRotatingFileHandler. It is now + reliable for handlers without namer and with arbitrary + deterministic namer that leaves the datetime part in the file + name unmodified. + - gh-74668: urllib.parse functions parse_qs() and parse_qsl() now + support bytes arguments containing raw and percent-encoded + non-ASCII data. + - gh-67044: csv.writer() now always quotes or escapes '\r' and + '\n', regardless of lineterminator value. + - gh-115712: csv.writer() now quotes empty fields if delimiter is + a space and skipinitialspace is true and raises exception if + quoting is not possible. + - gh-115618: Fix improper decreasing the reference count for None + argument in property methods getter(), setter() and deleter(). + - gh-115570: A DeprecationWarning is no longer omitted on access + to the __doc__ attributes of the deprecated typing.io and + typing.re pseudo-modules. + - gh-112006: Fix inspect.unwrap() for types with the __wrapper__ + data descriptor. + - gh-101293: Support callables with the __call__() method and + types with __new__() and __init__() methods set to class + methods, static methods, bound methods, partial functions, and + other types of methods and descriptors in + inspect.Signature.from_callable(). + - gh-115392: Fix a bug in doctest where incorrect line numbers + would be reported for decorated functions. + - gh-114563: Fix several format() bugs when using the C + implementation of Decimal: * memory leak in some rare cases when + using the z format option (coerce negative 0) * incorrect output + when applying the z format option to type F (fixed-point with + capital NAN / INF) * incorrect output when applying the # format + option (alternate form) + - gh-115197: urllib.request no longer resolves the hostname before + checking it against the system’s proxy bypass list on macOS and + Windows. + - gh-115198: Fix support of Docutils >= 0.19 in distutils. + - gh-115165: Most exceptions are now ignored when attempting to + set the __orig_class__ attribute on objects returned when + calling typing generic aliases (including generic aliases + created using typing.Annotated). Previously only AttributeError + was ignored. Patch by Dave Shawley. + - gh-115133: Fix tests for XMLPullParser with Expat 2.6.0. + - gh-115059: io.BufferedRandom.read1() now flushes the underlying + write buffer. + - gh-79382: Trailing ** no longer allows to match files and + non-existing paths in recursive glob(). + - gh-114763: Protect modules loaded with importlib.util.LazyLoader + from race conditions when multiple threads try to access + attributes before the loading is complete. + - gh-97959: Fix rendering class methods, bound methods, method and + function aliases in pydoc. Class methods no longer have “method + of builtins.type instance” note. Corresponding notes are now + added for class and unbound methods. Method and function aliases + now have references to the module or the class where the origin + was defined if it differs from the current. Bound methods are + now listed in the static methods section. Methods of builtin + classes are now supported as well as methods of Python classes. + - gh-112281: Allow creating union of types for typing.Annotated + with unhashable metadata. + - gh-111775: Fix importlib.resources.simple.ResourceHandle.open() + for text mode, added missed stream argument. + - gh-90095: Make .pdbrc and -c work with any valid pdb commands. + - gh-107155: Fix incorrect output of help(x) where x is a lambda + function, which has an __annotations__ dictionary attribute with + a "return" key. + - gh-105866: Fixed _get_slots bug which caused error when defining + dataclasses with slots and a weakref_slot. + - gh-60346: Fix ArgumentParser inconsistent with parse_known_args. + - gh-100985: Update HTTPSConnection to consistently wrap IPv6 + Addresses when using a proxy. + - gh-100884: email: fix misfolding of comma in address-lists over + multiple lines in combination with unicode encoding. + - gh-95782: Fix io.BufferedReader.tell(), + io.BufferedReader.seek(), _pyio.BufferedReader.tell(), + io.BufferedRandom.tell(), io.BufferedRandom.seek() and + _pyio.BufferedRandom.tell() being able to return negative + offsets. + - gh-96310: Fix a traceback in argparse when all options in a + mutually exclusive group are suppressed. + - gh-93205: Fixed a bug in + logging.handlers.TimedRotatingFileHandler where multiple + rotating handler instances pointing to files with the same name + but different extensions would conflict and not delete the + correct files. + - bpo-44865: Add missing call to localization function in + argparse. + - bpo-43952: Fix multiprocessing.connection.Listener.accept() to + accept empty bytes as authkey. Not accepting empty bytes as key + causes it to hang indefinitely. + - bpo-42125: linecache: get module name from __spec__ if + available. This allows getting source code for the __main__ + module when a custom loader is used. + - gh-66543: Make mimetypes.guess_type() properly parsing of URLs + with only a host name, URLs containing fragment or query, and + filenames with only a UNC sharepoint on Windows. Based on patch + by Dong-hee Na. + - bpo-33775: Add ‘default’ and ‘version’ help text for + localization in argparse. + * Documentation + - gh-115399: Document CVE-2023-52425 of Expat <2.6.0 under “XML + vulnerabilities”. + - gh-115233: Fix an example for LoggerAdapter in the Logging + Cookbook. + * Tests + - gh-83434: Disable JUnit XML output (--junit-xml=FILE command + line option) in regrtest when hunting for reference leaks (-R + option). Patch by Victor Stinner. + - gh-117187: Fix XML tests for vanilla Expat <2.6.0. + - gh-115979: Update test_importlib so that it passes under WASI + SDK 21. + - gh-116307: Added import helper isolated_modules as CleanImport + does not remove modules imported during the context. + - gh-115720: Leak tests (-R, --huntrleaks) now show a summary of + the number of leaks found in each iteration. + - gh-115122: Add --bisect option to regrtest test runner: run + failed tests with test.bisect_cmd to identify failing tests. + Patch by Victor Stinner. + - gh-115596: Fix ProgramPriorityTests in test_os permanently + changing the process priority. + - gh-115198: Fix test_check_metadata_deprecate in distutils tests + with a newer Docutils. + * Build + - gh-116313: Get WASI builds to work under wasmtime 18 w/ WASI + 0.2/preview2 primitives. + - gh-115167: Avoid vendoring vcruntime140_threads.dll when + building with Visual Studio 2022 version 17.8. + * Windows + - gh-116773: Fix instances of <_overlapped.Overlapped object at + 0xXXX> still has pending operation at deallocation, the process + may crash. + - gh-91227: Fix the asyncio ProactorEventLoop implementation so + that sending a datagram to an address that is not listening does + not prevent receiving any more datagrams. + - gh-115554: The installer now has more strict rules about + updating the Python Launcher for Windows. In general, most users + only have a single launcher installed and will see no + difference. When multiple launchers have been installed, the + option to install the launcher is disabled until all but one + have been removed. Downgrading the launcher (which was never + allowed) is now more obviously blocked. + - gh-115543: Python Launcher for Windows can now detect Python + 3.13 when installed from the Microsoft Store, and will install + Python 3.12 by default when PYLAUNCHER_ALLOW_INSTALL is set. + - gh-115009: Update Windows installer to use SQLite 3.45.1. + * IDLE + - gh-88516: On macOS show a proxy icon in the title bar of editor + windows to match platform behaviour. + * Tools/Demos + - gh-113516: Don’t set LDSHARED when building for WASI. + * C API + - gh-117021: Fix integer overflow in PyLong_AsPid() on non-Windows + 64-bit platforms. + +------------------------------------------------------------------- +Sun Mar 24 07:51:45 UTC 2024 - Matej Cepl + +- Add reference to CVE-2024-0450 (bsc#1221854) to changelog. + +------------------------------------------------------------------- +Fri Mar 22 21:22:27 UTC 2024 - Matej Cepl + +- Because of bsc#1189495 we have to revert use of %autopatch. + +------------------------------------------------------------------- +Tue Mar 12 08:44:47 UTC 2024 - Matej Cepl + +- Rewrite %prep to use %autosetup et al. for compatibility with + rpm 4.20. + +------------------------------------------------------------------- +Tue Mar 12 08:13:34 UTC 2024 - Matej Cepl + +- bsc#1221260 add bsc1221260-test_asyncio-ResourceWarning.patch + to eliminate ResourceWarning which broke the test suite in + test_asyncio. + +------------------------------------------------------------------- +Wed Mar 6 14:13:58 UTC 2024 - Pedro Monreal + +- Use the system-wide crypto-policies [bsc#1211301] + * Use the system default cipher list instead of hardcoded values + * Add the --with-ssl-default-suites=openssl configure option + +------------------------------------------------------------------- +Fri Feb 23 01:06:42 UTC 2024 - Matej Cepl + +- (bsc#1219666, CVE-2023-6597) Add + CVE-2023-6597-TempDir-cleaning-symlink.patch (patch from + gh#python/cpython!99930) fixing symlink bug in cleanup of + tempfile.TemporaryDirectory. + +------------------------------------------------------------------- +Tue Feb 20 22:14:02 UTC 2024 - Matej Cepl + +- Remove double definition of /usr/bin/idle%%{version} in + %%files. + +------------------------------------------------------------------- +Thu Feb 15 10:29:07 UTC 2024 - Daniel Garcia + +- Add upstream patch libexpat260.patch, Fix tests for XMLPullParser + with Expat 2.6.0, gh#python/cpython#115289 + +------------------------------------------------------------------- +Thu Feb 8 07:27:40 UTC 2024 - Daniel Garcia + +- Update to 3.11.8: + - Security + - gh-113659: Skip .pth files with names starting with a dot or + hidden file attribute. + - Core and Builtins + - gh-114887: Changed socket type validation in + create_datagram_endpoint() to accept all non-stream sockets. + This fixes a regression in compatibility with raw sockets. + - gh-114388: Fix a RuntimeWarning emitted when assign an + integer-like value that is not an instance of int to an + attribute that corresponds to a C struct member of type T_UINT + and T_ULONG. Fix a double RuntimeWarning emitted when assign a + negative integer value to an attribute that corresponds to a C + struct member of type T_UINT. + - gh-89811: Check for a valid tp_version_tag before performing + bytecode specializations that rely on this value being usable. + - gh-113602: Fix an error that was causing the parser to try to + overwrite existing errors and crashing in the process. Patch by + Pablo Galindo + - gh-113566: Fix a 3.11-specific crash when the repr of a Future + is requested after the module has already been + garbage-collected. + - gh-106905: Use per AST-parser state rather than global state to + track recursion depth within the AST parser to prevent potential + race condition due to simultaneous parsing. + - The issue primarily showed up in 3.11 by multithreaded users of + ast.parse(). In 3.12 a change to when garbage collection can be + triggered prevented the race condition from occurring. + - gh-112716: Fix SystemError in the import statement and in + __reduce__() methods of builtin types when __builtins__ is not a + dict. + - gh-105967: Workaround a bug in Apple’s macOS platform zlib + library where zlib.crc32() and binascii.crc32() could produce + incorrect results on multi-gigabyte inputs. Including when using + zipfile on zips containing large data. + - gh-94606: Fix UnicodeEncodeError when + email.message.get_payload() reads a message with a Unicode + surrogate character and the message content is not well-formed + for surrogateescape encoding. Patch by Sidney Markowitz. + - Library + - gh-114965: Update bundled pip to 24.0 + - gh-114959: tarfile no longer ignores errors when trying to + extract a directory on top of a file. + - gh-109475: Fix support of explicit option value “–” in argparse + (e.g. --option=--). + - gh-110190: Fix ctypes structs with array on Windows ARM64 + platform by setting MAX_STRUCT_SIZE to 32 in stgdict. Patch by + Diego Russo + - gh-113280: Fix a leak of open socket in rare cases when error + occurred in ssl.SSLSocket creation. + - gh-77749: email.policy.EmailPolicy.fold() now always encodes + non-ASCII characters in headers if utf8 is false. + - gh-114492: Make the result of termios.tcgetattr() reproducible + on Alpine Linux. Previously it could leave a random garbage in + some fields. + - gh-75128: Ignore an OSError in + asyncio.BaseEventLoop.create_server() when IPv6 is available but + the interface cannot actually support it. + - gh-114257: Dismiss the FileNotFound error in + ctypes.util.find_library() and just return None on Linux. + - gh-101438: Avoid reference cycle in ElementTree.iterparse. The + iterator returned by ElementTree.iterparse may hold on to a file + descriptor. The reference cycle prevented prompt clean-up of the + file descriptor if the returned iterator was not exhausted. + - gh-104522: OSError raised when run a subprocess now only has + filename attribute set to cwd if the error was caused by a + failed attempt to change the current directory. + - gh-109534: Fix a reference leak in + asyncio.selector_events.BaseSelectorEventLoop when SSL + handshakes fail. Patch contributed by Jamie Phan. + - gh-114077: Fix possible OverflowError in + socket.socket.sendfile() when pass count larger than 2 GiB on + 32-bit platform. + - gh-114014: Fixed a bug in fractions.Fraction where an invalid + string using d in the decimals part creates a different error + compared to other invalid letters/characters. Patch by Jeremiah + Gabriel Pascual. + - gh-113951: Fix the behavior of tag_unbind() methods of + tkinter.Text and tkinter.Canvas classes with three arguments. + Previously, widget.tag_unbind(tag, sequence, funcid) destroyed + the current binding for sequence, leaving sequence unbound, and + deleted the funcid command. Now it removes only funcid from the + binding for sequence, keeping other commands, and deletes the + funcid command. It leaves sequence unbound only if funcid was + the last bound command. + - gh-113877: Fix tkinter method winfo_pathname() on 64-bit + Windows. + - gh-113781: Silence unraisable AttributeError when warnings are + emitted during Python finalization. + - gh-113594: Fix UnicodeEncodeError in email when re-fold lines + that contain unknown-8bit encoded part followed by + non-unknown-8bit encoded part. + - gh-113538: In asyncio.StreamReaderProtocol.connection_made(), + there is callback that logs an error if the task wrapping the + “connected callback” fails. This callback would itself fail if + the task was cancelled. Prevent this by checking whether the + task was cancelled first. If so, close the transport but don’t + log an error. + - gh-85567: Fix resource warnings for unclosed files in pickle and + pickletools command line interfaces. + - gh-101225: Increase the backlog for + multiprocessing.connection.Listener objects created by + multiprocessing.manager and multiprocessing.resource_sharer to + significantly reduce the risk of getting a connection refused + error when creating a multiprocessing.connection.Connection to + them. + - gh-113543: Make sure that webbrowser.MacOSXOSAScript sends + webbrowser.open audit event. + - gh-113028: When a second reference to a string appears in the + input to pickle, and the Python implementation is in use, we are + guaranteed that a single copy gets pickled and a single object + is shared when reloaded. Previously, in protocol 0, when a + string contained certain characters (e.g. newline) it resulted + in duplicate objects. + - gh-113421: Fix multiprocessing logger for %(filename)s. + - gh-113358: Fix rendering tracebacks for exceptions with a broken + __getattr__. + - gh-113214: Fix an AttributeError during asyncio SSL protocol + aborts in SSL-over-SSL scenarios. + - gh-113246: Update bundled pip to 23.3.2. + - gh-113199: Make http.client.HTTPResponse.read1 and + http.client.HTTPResponse.readline close IO after reading all + data when content length is known. Patch by Illia Volochii. + - gh-113188: Fix shutil.copymode() and shutil.copystat() on + Windows. Previously they worked differenly if dst is a symbolic + link: they modified the permission bits of dst itself rather + than the file it points to if follow_symlinks is true or src is + not a symbolic link, and did not modify the permission bits if + follow_symlinks is false and src is a symbolic link. + - gh-61648: Detect line numbers of properties in doctests. + - gh-112559: signal.signal() and signal.getsignal() no longer call + repr on callable handlers. asyncio.run() and + asyncio.Runner.run() no longer call repr on the task results. + Patch by Yilei Yang. + - gh-110190: Fix ctypes structs with array on PPC64LE platform by + setting MAX_STRUCT_SIZE to 64 in stgdict. Patch by Diego Russo. + - gh-79429: Ignore FileNotFoundError when remove a temporary + directory in the multiprocessing finalizer. + - gh-79325: Fix an infinite recursion error in + tempfile.TemporaryDirectory() cleanup on Windows. + - gh-110190: Fix ctypes structs with array on Arm platform by + setting MAX_STRUCT_SIZE to 32 in stgdict. Patch by Diego Russo. + - gh-81194: Fix a crash in socket.if_indextoname() with specific + value (UINT_MAX). Fix an integer overflow in + socket.if_indextoname() on 64-bit non-Windows platforms. + - gh-75666: Fix the behavior of tkinter widget’s unbind() method + with two arguments. Previously, widget.unbind(sequence, funcid) + destroyed the current binding for sequence, leaving sequence + unbound, and deleted the funcid command. Now it removes only + funcid from the binding for sequence, keeping other commands, + and deletes the funcid command. It leaves sequence unbound only + if funcid was the last bound command. + - gh-110345: Show the Tcl/Tk patchlevel (rather than version) in + tkinter._test(). + - gh-109858: Protect zipfile from “quoted-overlap” zipbomb. It now + raises BadZipFile when try to read an entry that overlaps with + other entry or central directory (bsc#1221854, CVE-2024-0450). + - gh-38807: Fix race condition in trace. Instead of checking if a + directory exists and creating it, directly call os.makedirs() + with the kwarg exist_ok=True. + - gh-75705: Set unixfrom envelope in mailbox.mbox and + mailbox.MMDF. + - gh-105102: Allow ctypes.Union to be nested in ctypes.Structure + when the system endianness is the opposite of the classes. + - gh-104282: Fix null pointer dereference in + lzma._decode_filter_properties() due to improper handling of BCJ + filters with properties of zero length. Patch by Radislav + Chugunov. + - gh-102512: When os.fork() is called from a foreign thread (aka + _DummyThread), the type of the thread in a child process is + changed to _MainThread. Also changed its name and daemonic + status, it can be now joined. + - gh-91133: Fix a bug in tempfile.TemporaryDirectory cleanup, + which now no longer dereferences symlinks when working around + file system permission errors. + - bpo-43153: On Windows, tempfile.TemporaryDirectory previously + masked a PermissionError with NotADirectoryError during + directory cleanup. It now correctly raises PermissionError if + errors are not ignored. Patch by Andrei Kulakov and Ken Jin. + - bpo-35332: The shutil.rmtree() function now ignores errors when + calling os.close() when ignore_errors is True, and os.close() no + longer retried after error. + - bpo-35928: io.TextIOWrapper now correctly handles the decoding + buffer after read() and write(). + - bpo-26791: shutil.move() now moves a symlink into a directory + when that directory is the target of the symlink. This provides + the same behavior as the mv shell command. The previous behavior + raised an exception. Patch by Jeffrey Kintscher. + - bpo-36959: Fix some error messages for invalid ISO format string + combinations in strptime() that referred to directives not + contained in the format string. Patch by Gordon P. Hemsley. + - bpo-18060: Fixed a class inheritance issue that can cause + segfaults when deriving two or more levels of subclasses from a + base class of Structure or Union. + - Documentation + - gh-110746: Improved markup for valid options/values for methods + ttk.treeview.column and ttk.treeview.heading, and for Layouts. + - gh-95649: Document that the asyncio module contains code taken + from v0.16.0 of the uvloop project, as well as the required MIT + licensing information. + - Tests + - gh-109980: Fix test_tarfile_vs_tar in test_shutil for macOS, + where system tar can include more information in the archive + than shutil.make_archive. + - gh-112769: The tests now correctly compare zlib version when + zlib.ZLIB_RUNTIME_VERSION contains non-integer suffixes. For + example zlib-ng defines the version as 1.3.0.zlib-ng. + - gh-105089: Fix + test.test_zipfile.test_core.TestWithDirectory.test_create_directory_with_write + test in AIX by doing a bitwise AND of 0xFFFF on mode , so that + it will be in sync with zinfo.external_attr + - bpo-40648: Test modes that file can get with chmod() on Windows. + - Build + - gh-101778: Fix build error when there’s a dangling symlink in + the directory containing ffi.h. + - gh-112305: Fixed the check-clean-src step performed on out of + tree builds to detect errant $(srcdir)/Python/frozen_modules/*.h + files and recommend appropriate source tree cleanup steps to get + a working build again. + - bpo-11102: The os.major(), os.makedev(), and os.minor() + functions are now available on HP-UX v3. + - bpo-36351: Do not set ipv6type when cross-compiling. + - IDLE + - gh-96905: In idlelib code, stop redefining built-ins ‘dict’ and + ‘object’. + - gh-72284: Improve the lists of features, editor key bindings, + and shell key bingings in the IDLE doc. + - gh-113903: Fix rare failure of test.test_idle, in + test_configdialog. + - gh-113729: Fix the “Help -> IDLE Doc” menu bug in 3.11.7 and + 3.12.1. + - gh-113269: Fix test_editor hang on macOS Catalina. + - gh-112898: Fix processing unsaved files when quitting IDLE on + macOS. + - gh-103820: Revise IDLE bindings so that events from mouse button + 4/5 on non-X11 windowing systems (i.e. Win32 and Aqua) are not + mistaken for scrolling. + - bpo-13586: Enter the selected text when opening the “Replace” + dialog. + - Tools/Demos + - gh-109991: Update GitHub CI workflows to use OpenSSL 3.0.13 and + multissltests to use 1.1.1w, 3.0.13, 3.1.5, and 3.2.1. + - gh-115015: Fix a bug in Argument Clinic that generated incorrect + code for methods with no parameters that use the METH_METHOD | + METH_FASTCALL | METH_KEYWORDS calling convention. Only the + positional parameter count was checked; any keyword argument + passed would be silently accepted. + +- Refresh all patches: + - CVE-2023-27043-email-parsing-errors.patch + - F00251-change-user-install-location.patch + - bpo-31046_ensurepip_honours_prefix.patch + - distutils-reproducible-compile.patch + - fix_configure_rst.patch + - python-3.3.0b1-fix_date_time_compiler.patch + - python-3.3.0b1-localpath.patch + - python-3.3.0b1-test-posix_fadvise.patch + - skip_if_buildbot-extend.patch + - subprocess-raise-timeout.patch + - support-expat-CVE-2022-25236-patched.patch + +------------------------------------------------------------------- +Tue Dec 19 16:34:50 UTC 2023 - Daniel Garcia + +- Update patch fix_configure_rst.patch +- Update to 3.11.7: + - Core and Builtins + - gh-112625: Fixes a bug where a bytearray object could be cleared + while iterating over an argument in the bytearray.join() method + that could result in reading memory after it was freed. + - gh-112388: Fix an error that was causing the parser to try to + overwrite tokenizer errors. Patch by pablo Galindo + - gh-112387: Fix error positions for decoded strings with + backwards tokenize errors. Patch by Pablo Galindo + - gh-112266: Change docstrings of __dict__ and __weakref__. + - gh-109181: Speed up Traceback object creation by lazily compute + the line number. Patch by Pablo Galindo + - gh-102388: Fix a bug where iso2022_jp_3 and iso2022_jp_2004 + codecs read out of bounds + - gh-111366: Fix an issue in the codeop that was causing + SyntaxError exceptions raised in the presence of invalid syntax + to not contain precise error messages. Patch by Pablo Galindo + - gh-111380: Fix a bug that was causing SyntaxWarning to appear + twice when parsing if invalid syntax is encountered later. Patch + by Pablo galindo + - gh-88116: Traceback location ranges involving wide unicode + characters (like emoji and asian characters) now are properly + highlighted. Patch by Batuhan Taskaya and Pablo Galindo. + - gh-94438: Fix a regression that prevented jumping across is None + and is not None when debugging. Patch by Savannah Ostrowski. + - gh-110696: Fix incorrect error message for invalid argument + unpacking. Patch by Pablo Galindo + - gh-110237: Fix missing error checks for calls to PyList_Append + in _PyEval_MatchClass. + - gh-109216: Fix possible memory leak in BUILD_MAP. + + - Library + - gh-112618: Fix a caching bug relating to typing.Annotated. + Annotated[str, True] is no longer identical to Annotated[str, + 1]. + - gh-112509: Fix edge cases that could cause a key to be present + in both the __required_keys__ and __optional_keys__ attributes + of a typing.TypedDict. Patch by Jelle Zijlstra. + - gh-94722: Fix bug where comparison between instances of DocTest + fails if one of them has None as its lineno. + - gh-112105: Make readline.set_completer_delims() work with + libedit + - gh-111942: Fix SystemError in the TextIOWrapper constructor with + non-encodable “errors” argument in non-debug mode. + - gh-109538: Issue warning message instead of having RuntimeError + be displayed when event loop has already been closed at + StreamWriter.__del__(). + - gh-111942: Fix crashes in io.TextIOWrapper.reconfigure() when + pass invalid arguments, e.g. non-string encoding. + - gh-111804: Remove posix.fallocate() under WASI as the underlying + posix_fallocate() is not available in WASI preview2. + - gh-111841: Fix truncating arguments on an embedded null + character in os.putenv() and os.unsetenv() on Windows. + - gh-111541: Fix doctest for SyntaxError not-builtin subclasses. + - gh-110894: Call loop exception handler for exceptions in + client_connected_cb of asyncio.start_server() so that + applications can handle it. Patch by Kumar Aditya. + - gh-111531: Fix reference leaks in bind_class() and bind_all() + methods of tkinter widgets. + - gh-111356: Added io.text_encoding(), io.DEFAULT_BUFFER_SIZE, and + io.IncrementalNewlineDecoder to io.__all__. + - gh-68166: Remove mention of not supported “vsapi” element type + in tkinter.ttk.Style.element_create(). Add tests for + element_create() and other ttk.Style methods. Add examples for + element_create() in the documentation. + - gh-111251: Fix _blake2 not checking for errors when + initializing. + - gh-111174: Fix crash in io.BytesIO.getbuffer() called repeatedly + for empty BytesIO. + - gh-111187: Postpone removal version for + locale.getdefaultlocale() to Python 3.15. + - gh-111159: Fix doctest output comparison for exceptions with + notes. + - gh-110910: Fix invalid state handling in asyncio.TaskGroup and + asyncio.Timeout. They now raise proper RuntimeError if they are + improperly used and are left in consistent state after this. + - gh-111092: Make turtledemo run without default root enabled. + - gh-110590: Fix a bug in _sre.compile() where TypeError would be + overwritten by OverflowError when the code argument was a list + of non-ints. + - gh-65052: Prevent pdb from crashing when trying to display + undisplayable objects + - gh-110519: Deprecation warning about non-integer number in + gettext now alwais refers to the line in the user code where + gettext function or method is used. Previously it could refer to + a line in gettext code. + - gh-110378: contextmanager() and asynccontextmanager() context + managers now close an invalid underlying generator object that + yields more then one value. + - gh-110365: Fix termios.tcsetattr() bug that was overwritting + existing errors during parsing integers from term list. + - gh-110196: Add __reduce__ method to IPv6Address in order to keep + scope_id + - gh-109747: Improve errors for unsupported look-behind patterns. + Now re.error is raised instead of OverflowError or RuntimeError + for too large width of look-behind pattern. + - gh-109786: Fix possible reference leaks and crash when re-enter + the __next__() method of itertools.pairwise. + - gh-108791: Improved error handling in pdb command line + interface, making it produce more concise error messages. + - gh-73561: Omit the interface scope from an IPv6 address when + used as Host header by http.client. + - gh-86826: zipinfo now supports the full range of values in the + TZ string determined by RFC 8536 and detects all invalid + formats. Both Python and C implementations now raise exceptions + of the same type on invalid data. + - bpo-41422: Fixed memory leaks of pickle.Pickler and + pickle.Unpickler involving cyclic references via the internal + memo mapping. + - bpo-40262: The ssl.SSLSocket.recv_into() method no longer + requires the buffer argument to implement __len__ and supports + buffers with arbitrary item size. + - bpo-35191: Fix unexpected integer truncation in + socket.setblocking() which caused it to interpret multiples of + 2**32 as False. + + - Documentation + - gh-108826: dis module command-line interface is now mentioned in + documentation. + + - Tests + - gh-110367: Make regrtest --verbose3 option compatible with + --huntrleaks -jN options. The ./python -m test -j1 -R 3:3 + --verbose3 command now works as expected. Patch by Victor + Stinner. + - gh-111309: distutils tests can now be run via unittest. + - gh-111165: Remove no longer used functions run_unittest() and + run_doctest() and class BasicTestRunner from the test.support + module. + - gh-110932: Fix regrtest if the SOURCE_DATE_EPOCH environment + variable is defined: use the variable value as the random seed. + Patch by Victor Stinner. + - gh-110995: test_gdb: Fix detection of gdb built without Python + scripting support. Patch by Victor Stinner. + - gh-110918: Test case matching patterns specified by options + --match, --ignore, --matchfile and --ignorefile are now tested + in the order of specification, and the last match determines + whether the test case be run or ignored. + - gh-110647: Fix test_stress_modifying_handlers() of test_signal. + Patch by Victor Stinner. + - gh-103053: Fix test_tools.test_freeze on FreeBSD: run “make + distclean” instead of “make clean” in the copied source + directory to remove also the “python” program. Patch by Victor + Stinner. + - gh-110167: Fix a deadlock in test_socket when server fails with + a timeout but the client is still running in its thread. Don’t + hold a lock to call cleanup functions in doCleanups(). One of + the cleanup function waits until the client completes, whereas + the client could deadlock if it called addCleanup() in such + situation. Patch by Victor Stinner. + - gh-110388: Add tests for tty. + - gh-81002: Add tests for termios. + - gh-110267: Add tests for pickling and copying PyStructSequence + objects. Patched by Xuehai Pan. + - gh-109974: Fix race conditions in test_threading lock tests. + Wait until a condition is met rather than using time.sleep() + with a hardcoded number of seconds. Patch by Victor Stinner. + - gh-109972: Split test_gdb.py file into a test_gdb package made + of multiple tests, so tests can now be run in parallel. Patch by + Victor Stinner. + - gh-104736: Fix test_gdb on Python built with LLVM clang 16 on + Linux ppc64le (ex: Fedora 38). Search patterns in gdb “bt” + command output to detect when gdb fails to retrieve the + traceback. For example, skip a test if Backtrace stopped: frame + did not save the PC is found. Patch by Victor Stinner. + - gh-108927: Fixed order dependence in running tests in the same + process when a test that has submodules (e.g. test_importlib) + follows a test that imports its submodule (e.g. + test_importlib.util) and precedes a test (e.g. test_unittest or + test_compileall) that uses that submodule. + + - Build + - gh-103053: “make check-clean-src” now also checks if the + “python” program is found in the source directory: fail with an + error if it does exist. Patch by Victor Stinner. + - gh-109191: Fix compile error when building with recent versions + of libedit. + + - IDLE + - bpo-35668: Add docstrings to the IDLE debugger module. Fix two + bugs: initialize Idb.botframe (should be in Bdb); in + Idb.in_rpc_code, check whether prev_frame is None before trying + to use it. Greatly expand test_debugger. + + - C API + - gh-112438: Fix support of format units “es”, “et”, “es#”, and + “et#” in nested tuples in PyArg_ParseTuple()-like functions. + - gh-109521: PyImport_GetImporter() now sets RuntimeError if it + fails to get sys.path_hooks or sys.path_importer_cache or they + are not list and dict correspondingly. Previously it could + return NULL without setting error in obscure cases, crash or + raise SystemError if these attributes have wrong type. +------------------------------------------------------------------- +Mon Dec 18 16:20:58 UTC 2023 - Matej Cepl + +- Refresh CVE-2023-27043-email-parsing-errors.patch to + gh#python/cpython!111116, fixing bsc#1210638 (CVE-2023-27043). +- Thus we can remove Revert-gh105127-left-tests.patch, which is + now useless. + +------------------------------------------------------------------- +Wed Nov 15 09:06:16 UTC 2023 - Daniel Garcia + +- Remove not needed patch 103213-fetch-CONFIG_ARGS.patch +- Refresh patches: + - bpo-31046_ensurepip_honours_prefix.patch + - fix_configure_rst.patch + +- Update to 3.11.6: + - Core and Builtins + - gh-109351: Fix crash when compiling an invalid AST involving a + named (walrus) expression. + - gh-109207: Fix a SystemError in __repr__ of symtable entry + object. + - gh-109179: Fix bug where the C traceback display drops notes + from SyntaxError. + - gh-88943: Improve syntax error for non-ASCII character that + follows a numerical literal. It now points on the invalid + non-ASCII character, not on the valid numerical literal. + - gh-108959: Fix caret placement for error locations for subscript + and binary operations that involve non-semantic parentheses and + spaces. Patch by Pablo Galindo + - gh-108520: Fix + multiprocessing.synchronize.SemLock.__setstate__() to properly + initialize multiprocessing.synchronize.SemLock._is_fork_ctx. + This fixes a regression when passing a SemLock accross nested + processes. + - Rename multiprocessing.synchronize.SemLock.is_fork_ctx to + multiprocessing.synchronize.SemLock._is_fork_ctx to avoid + exposing it as public API. + - Library + - gh-110036: On Windows, multiprocessing Popen.terminate() now + catchs PermissionError and get the process exit code. If the + process is still running, raise again the PermissionError. + Otherwise, the process terminated as expected: store its exit + code. Patch by Victor Stinner. + - gh-110038: Fixed an issue that caused KqueueSelector.select() to + not return all the ready events in some cases when a file + descriptor is registered for both read and write. + - gh-109631: re functions such as re.findall(), re.split(), + re.search() and re.sub() which perform short repeated matches + can now be interrupted by user. + - gh-109593: Avoid deadlocking on a reentrant call to the + multiprocessing resource tracker. Such a reentrant call, though + unlikely, can happen if a GC pass invokes the finalizer for a + multiprocessing object such as SemLock. + - gh-109613: Fix os.stat() and os.DirEntry.stat(): check for + exceptions. Previously, on Python built in debug mode, these + functions could trigger a fatal Python error (and abort the + process) when a function succeeded with an exception set. Patch + by Victor Stinner. + - gh-109375: The pdb alias command now prevents registering + aliases without arguments. + - gh-107219: Fix a race condition in concurrent.futures. When a + process in the process pool was terminated abruptly (while the + future was running or pending), close the connection write end. + If the call queue is blocked on sending bytes to a worker + process, closing the connection write end interrupts the send, + so the queue can be closed. Patch by Victor Stinner. + - gh-50644: Attempts to pickle or create a shallow or deep copy of + codecs streams now raise a TypeError. Previously, copying failed + with a RecursionError, while pickling produced wrong results + that eventually caused unpickling to fail with a RecursionError. + - gh-108987: Fix _thread.start_new_thread() race condition. If a + thread is created during Python finalization, the newly spawned + thread now exits immediately instead of trying to access freed + memory and lead to a crash. Patch by Victor Stinner. + - gh-108843: Fix an issue in ast.unparse() when unparsing + f-strings containing many quote types. + - gh-108682: Enum: raise TypeError if super().__new__() is called + from a custom __new__. + - gh-105829: Fix concurrent.futures.ProcessPoolExecutor deadlock + - gh-64662: Fix support for virtual tables in + sqlite3.Connection.iterdump(). Patch by Aviv Palivoda. + - gh-107913: Fix possible losses of errno and winerror values in + OSError exceptions if they were cleared or modified by the + cleanup code before creating the exception object. + - gh-104372: On Linux where subprocess can use the vfork() syscall + for faster spawning, prevent the parent process from blocking + other threads by dropping the GIL while it waits for the + vfork’ed child process exec() outcome. This prevents spawning a + binary from a slow filesystem from blocking the rest of the + application. + - gh-84867: unittest.TestLoader no longer loads test cases from + exact unittest.TestCase and unittest.FunctionTestCase classes. + - Documentation + - gh-109209: The minimum Sphinx version required for the + documentation is now 4.2. + - gh-105052: Update timeit doc to specify that time in seconds is + just the default. + - gh-102823: Document the return type of x // y when x and y have + type float. + - Tests + - gh-110031: Skip test_threading tests using thread+fork if Python + is built with Address Sanitizer (ASAN). Patch by Victor Stinner. + - gh-110088: Fix test_asyncio timeouts: don’t measure the maximum + duration, a test should not measure a CI performance. Only + measure the minimum duration when a task has a timeout or delay. + Add CLOCK_RES to test_asyncio.utils. Patch by Victor Stinner. + - gh-110033: Fix test_interprocess_signal() of test_signal. Make + sure that the subprocess.Popen object is deleted before the test + raising an exception in a signal handler. Otherwise, + Popen.__del__() can get the exception which is logged as + Exception ignored in: ... and the test fails. Patch by Victor + Stinner. + - gh-109594: Fix test_timeout() of + test_concurrent_futures.test_wait. Remove the future which may + or may not complete depending if it takes longer than the + timeout ot not. Keep the second future which does not complete + before wait() timeout. Patch by Victor Stinner. + - gh-109748: Fix test_zippath_from_non_installed_posix() of + test_venv: don’t copy __pycache__/ sub-directories, because they + can be modified by other Python tests running in parallel. Patch + by Victor Stinner. + - gh-103053: Skip test_freeze_simple_script() of + test_tools.test_freeze if Python is built with ./configure + --enable-optimizations, which means with Profile Guided + Optimization (PGO): it just makes the test too slow. The freeze + tool is tested by many other CIs with other (faster) compiler + flags. Patch by Victor Stinner. + - gh-109396: Fix test_socket.test_hmac_sha1() in FIPS mode. Use a + longer key: FIPS mode requires at least of at least 112 bits. + The previous key was only 32 bits. Patch by Victor Stinner. + - gh-104736: Fix test_gdb on Python built with LLVM clang 16 on + Linux ppc64le (ex: Fedora 38). Search patterns in gdb “bt” + command output to detect when gdb fails to retrieve the + traceback. For example, skip a test if Backtrace stopped: frame + did not save the PC is found. Patch by Victor Stinner. + - gh-109237: Fix test_site.test_underpth_basic() when the working + directory contains at least one non-ASCII character: encode the + ._pth file to UTF-8 and enable the UTF-8 Mode to use UTF-8 for + the child process stdout. Patch by Victor Stinner. + - gh-109230: Fix test_pyexpat.test_exception(): it can now be run + from a directory different than Python source code directory. + Before, the test failed in this case. Skip the test if + Modules/pyexpat.c source is not available. Skip also the test on + Python implementations other than CPython. Patch by Victor + Stinner. + - gh-109015: Fix test_asyncio, test_imaplib and test_socket tests + on FreeBSD if the TCP blackhole is enabled (sysctl + net.inet.tcp.blackhole). Skip the few tests which failed with + ETIMEDOUT which such non standard configuration. Currently, the + FreeBSD GCP image enables TCP and UDP blackhole (sysctl + net.inet.tcp.blackhole=2 and sysctl net.inet.udp.blackhole=1). + Patch by Victor Stinner. + - gh-91960: Skip test_gdb if gdb is unable to retrieve Python + frame objects: if a frame is . When Python is + built with “clang -Og”, gdb can fail to retrive the frame + parameter of _PyEval_EvalFrameDefault(). In this case, tests + like py_bt() are likely to fail. Without getting access to + Python frames, python-gdb.py is mostly clueless on retrieving + the Python traceback. Moreover, test_gdb is no longer skipped on + macOS if Python is built with Clang. Patch by Victor Stinner. + - gh-108962: Skip test_tempfile.test_flags() if chflags() fails + with “OSError: [Errno 45] Operation not supported” (ex: on + FreeBSD 13). Patch by Victor Stinner. + - gh-89392: Removed support of test_main() function in tests. They + now always use normal unittest test runner. + - gh-108851: Fix test_tomllib recursion tests for WASI buildbots: + reduce the recursion limit and compute the maximum nested + array/dict depending on the current available recursion limit. + Patch by Victor Stinner. + - gh-108851: Add get_recursion_available() and + get_recursion_depth() functions to the test.support module. + Patch by Victor Stinner. + - gh-108822: regrtest now computes statistics on all tests: + successes, failures and skipped. test_netrc, test_pep646_syntax + and test_xml_etree now return results in their test_main() + function. Patch by Victor Stinner and Alex Waygood. + - gh-108388: Convert test_concurrent_futures to a package of 7 + sub-tests. Patch by Victor Stinner. + - gh-108388: Split test_multiprocessing_fork, + test_multiprocessing_forkserver and test_multiprocessing_spawn + into test packages. Each package is made of 4 sub-tests: + processes, threads, manager and misc. It allows running more + tests in parallel and so reduce the total test duration. Patch + by Victor Stinner. + - gh-101634: When running the Python test suite with -jN option, + if a worker stdout cannot be decoded from the locale encoding + report a failed testn so the exitcode is non-zero. Patch by + Victor Stinner. + - gh-100086: The Python test runner (libregrtest) now logs Python + build information like “debug” vs “release” build, or LTO and + PGO optimizations. Patch by Victor Stinner. + - gh-98903: The Python test suite now fails wit exit code 4 if no + tests ran. It should help detecting typos in test names and test + methods. + - gh-95027: On Windows, when the Python test suite is run with the + -jN option, the ANSI code page is now used as the encoding for + the stdout temporary file, rather than using UTF-8 which can + lead to decoding errors. Patch by Victor Stinner. + - gh-93353: regrtest now checks if a test leaks temporary files or + directories if run with -jN option. Patch by Victor Stinner. + - Build + - gh-63760: Fix Solaris build: no longer redefine the + gethostname() function. Solaris defines the function since 2005. + Patch by Victor Stinner, original patch by Jakub Kulík. + - gh-108740: Fix a race condition in make regen-all. The + deepfreeze.c source and files generated by Argument Clinic are + now generated or updated before generating “global objects”. + Previously, some identifiers may miss depending on the order in + which these files were generated. Patch by Victor Stinner. + - Windows + - gh-109991: Update Windows build to use OpenSSL 3.0.11. + - gh-107565: Update Windows build to use OpenSSL 3.0.10. + - macOS + - gh-109991: Update macOS installer to use OpenSSL 3.0.11. + - Tools/Demos + - gh-109991: Update GitHub CI workflows to use OpenSSL 3.0.11 and + multissltests to use 1.1.1w, 3.0.11, and 3.1.3. + +------------------------------------------------------------------- +Wed Sep 6 07:52:11 UTC 2023 - Daniel Garcia + +- Update to 3.11.5 (bsc#1214692): + - Security + - gh-108310: Fixed an issue where instances of ssl.SSLSocket were + vulnerable to a bypass of the TLS handshake and included + protections (like certificate verification) and treating sent + unencrypted data as if it were post-handshake TLS encrypted data. + Security issue reported as CVE-2023-40217 by Aapo Oksman. Patch by + Gregory P. Smith. + - Core and Builtins + - gh-104432: Fix potential unaligned memory access on C APIs + involving returned sequences of char * pointers within the grp + and socket modules. These were revealed using a + -fsaniziter=alignment build on ARM macOS. Patch by Christopher + Chavez. + - gh-77377: Ensure that multiprocessing synchronization objects + created in a fork context are not sent to a different process + created in a spawn context. This changes a segfault into an + actionable RuntimeError in the parent process. + - gh-106092: Fix a segmentation fault caused by a use-after-free + bug in frame_dealloc when the trashcan delays the deallocation + of a PyFrameObject. + - gh-106719: No longer suppress arbitrary errors in the + __annotations__ getter and setter in the type and module types. + - gh-106723: Propagate frozen_modules to multiprocessing spawned + process interpreters. + - gh-105979: Fix crash in _imp.get_frozen_object() due to improper + exception handling. + - gh-105840: Fix possible crashes when specializing function calls + with too many __defaults__. + - gh-105588: Fix an issue that could result in crashes when + compiling malformed ast nodes. + - gh-105375: Fix bugs in the builtins module where exceptions + could end up being overwritten. + - gh-105375: Fix bug in the compiler where an exception could end + up being overwritten. + - gh-105375: Improve error handling in + PyUnicode_BuildEncodingMap() where an exception could end up + being overwritten. + - gh-105235: Prevent out-of-bounds memory access during + mmap.find() calls. + - gh-101006: Improve error handling when read marshal data. + - Library + - gh-105736: Harmonized the pure Python version of OrderedDict + with the C version. Now, both versions set up their internal + state in __new__. Formerly, the pure Python version did the set + up in __init__. + - gh-107963: Fix multiprocessing.set_forkserver_preload() to check + the given list of modules names. Patch by Dong-hee Na. + - gh-106242: Fixes os.path.normpath() to handle embedded null + characters without truncating the path (bsc#1214693, + CVE-2023-41105). + - gh-107845: tarfile.data_filter() now takes the location of + symlinks into account when determining their target, so it will + no longer reject some valid tarballs with + LinkOutsideDestinationError. + - gh-107715: Fix doctest.DocTestFinder.find() in presence of class + names with special characters. Patch by Gertjan van Zwieten. + - gh-100814: Passing a callable object as an option value to a + Tkinter image now raises the expected TclError instead of an + AttributeError. + - gh-106684: Close asyncio.StreamWriter when it is not closed by + application leading to memory leaks. Patch by Kumar Aditya. + - gh-107077: Seems that in some conditions, OpenSSL will return + SSL_ERROR_SYSCALL instead of SSL_ERROR_SSL when a certification + verification has failed, but the error parameters will still + contain ERR_LIB_SSL and SSL_R_CERTIFICATE_VERIFY_FAILED. We are + now detecting this situation and raising the appropiate + ssl.SSLCertVerificationError. Patch by Pablo Galindo + - gh-107396: tarfiles; Fixed use before assignment of + self.exception for gzip decompression + - gh-62519: Make gettext.pgettext() search plural definitions when + translation is not found. + - gh-83006: Document behavior of shutil.disk_usage() for + non-mounted filesystems on Unix. + - gh-106186: Do not report MultipartInvariantViolationDefect + defect when the email.parser.Parser class is used to parse + emails with headersonly=True. + - gh-106831: Fix potential missing NULL check of d2i_SSL_SESSION + result in _ssl.c. + - gh-106774: Update the bundled copy of pip to version 23.2.1. + - gh-106752: Fixed several bug in zipfile.Path in + name/suffix/suffixes/stem operations when no filename is present + and the Path is not at the root of the zipfile. + - gh-106602: Add __copy__ and __deepcopy__ in enum + - gh-106530: Revert a change to colorsys.rgb_to_hls() that caused + division by zero for certain almost-white inputs. Patch by Terry + Jan Reedy. + - gh-106052: re module: fix the matching of possessive quantifiers + in the case of a subpattern containing backtracking. + - gh-106510: Improve debug output for atomic groups in regular + expressions. + - gh-105497: Fix flag mask inversion when unnamed flags exist. + - gh-90876: Prevent multiprocessing.spawn from failing to import + in environments where sys.executable is None. This regressed in + 3.11 with the addition of support for path-like objects in + multiprocessing. + - gh-106350: Detect possible memory allocation failure in the + libtommath function mp_init() used by the _tkinter module. + - gh-102541: Make pydoc.doc catch bad module ImportError when + output stream is not None. + - gh-106263: Fix crash when calling repr with a manually + constructed SignalDict object. Patch by Charlie Zhao. + - gh-105375: Fix a bug in _Unpickler_SetInputStream() where an + exception could end up being overwritten in case of failure. + - gh-105375: Fix bugs in sys where exceptions could end up being + overwritten because of deferred error handling. + - gh-105605: Harden pyexpat error handling during module + initialisation to prevent exceptions from possibly being + overwritten, and objects from being dereferenced twice. + - gh-105375: Fix bug in decimal where an exception could end up + being overwritten. + - gh-105375: Fix bugs in _datetime where exceptions could be + overwritten in case of module initialisation failure. + - gh-105375: Fix bugs in _ssl initialisation which could lead to + leaked references and overwritten exceptions. + - gh-105375: Fix a bug in array.array where an exception could end + up being overwritten. + - gh-105375: Fix bugs in _ctypes where exceptions could end up + being overwritten. + - gh-105375: Fix a bug in the posix module where an exception + could be overwritten. + - gh-105375: Fix bugs in _elementtree where exceptions could be + overwritten. + - gh-105375: Fix bugs in zoneinfo where exceptions could be + overwritten. + - gh-105375: Fix bugs in pickle where exceptions could be + overwritten. + - gh-105497: Fix flag inversion when alias/mask members exist. + - gh-105375: Fix bugs in pickle where exceptions could be + overwritten. + - gh-103171: Revert undocumented behaviour change with + runtime-checkable protocols decorated with typing.final() in + Python 3.11. The behaviour change had meant that objects would + not be considered instances of these protocols at runtime unless + they had a __final__ attribute. Patch by Alex Waygood. + - gh-105375: Fix a bug in sqlite3 where an exception could be + overwritten in the collation callback. + - gh-105332: Revert pickling method from by-name back to by-value. + - gh-104554: Add RTSPS scheme support in urllib.parse + - gh-100061: Fix a bug that causes wrong matches for regular + expressions with possessive qualifier. + - gh-102541: Hide traceback in help() prompt, when import failed. + - gh-99203: Restore following CPython <= 3.10.5 behavior of + shutil.make_archive(): do not create an empty archive if + root_dir is not a directory, and, in that case, raise + FileNotFoundError or NotADirectoryError regardless of format + choice. Beyond the brought-back behavior, the function may now + also raise these exceptions in dry_run mode. + - gh-94777: Fix hanging multiprocessing ProcessPoolExecutor when a + child process crashes while data is being written in the call + queue. + - bpo-18319: Ensure gettext(msg) retrieve translations even if a + plural form exists. In other words: gettext(msg) == + ngettext(msg, '', 1). + - Documentation + - gh-107008: Document the curses module variables LINES and COLS. + - gh-106948: Add a number of standard external names to + nitpick_ignore. + - gh-54738: Add documentation on how to localize the argparse + module. + - Tests + - gh-105776: Fix test_cppext when the C compiler command -std=c11 + option: remove -std= options from the compiler command. Patch by + Victor Stinner. + - gh-107237: test_logging: Fix test_udp_reconnection() by + increasing the timeout from 100 ms to 5 minutes (LONG_TIMEOUT). + Patch by Victor Stinner. + - gh-101634: When running the Python test suite with -jN option, + if a worker stdout cannot be decoded from the locale encoding + report a failed testn so the exitcode is non-zero. Patch by + Victor Stinner. + - Build + - gh-107814: When calling find_python.bat with -q it did not + properly silence the output of nuget. That is now fixed. + - gh-106881: Check for linux/limits.h before including it in + Modules/posixmodule.c. + - gh-104692: Include commoninstall as a prerequisite for + bininstall + - This ensures that commoninstall is completed before bininstall + is started when parallel builds are used (make -j install), and + so the python3 symlink is only installed after all standard + library modules are installed. + - gh-100340: Allows -Wno-int-conversion for wasm-sdk 17 and + onwards, thus enables building WASI builds once against the + latest sdk. + - Windows + - gh-106242: Fixes realpath() to behave consistently when passed a + path containing an embedded null character on Windows. In strict + mode, it now raises OSError instead of the unexpected + ValueError, and in non-strict mode will make the path absolute. + - gh-106844: Fix integer overflow in _winapi.LCMapStringEx() which + affects ntpath.normcase(). + - gh-99079: Update Windows build to use OpenSSL 3.0.9 + - gh-105436: Ensure that an empty environment block is terminated + by two null characters, as is required by Windows. + - macOS + - gh-107565: Update macOS installer to use OpenSSL 3.0.10. + - gh-99079: Update macOS installer to use OpenSSL 3.0.9. + - Tools/Demos + - gh-107565: Update multissltests and GitHub CI workflows to use + OpenSSL 1.1.1v, 3.0.10, and 3.1.2. + - gh-95065: Argument Clinic now supports overriding automatically + generated signature by using directive @text_signature. See How + to override the generated signature. + - gh-106970: Fix bugs in the Argument Clinic destination + clear command; the destination buffers would never be cleared, + and the destination directive parser would simply continue to + the fault handler after processing the command. Patch by Erlend + E. Aasland. + - C API + - gh-107916: C API functions PyErr_SetFromErrnoWithFilename(), + PyErr_SetExcFromWindowsErrWithFilename() and + PyErr_SetFromWindowsErrWithFilename() save now the error code + before calling PyUnicode_DecodeFSDefault(). + - gh-107915: Such C API functions as PyErr_SetString(), + PyErr_Format(), PyErr_SetFromErrnoWithFilename() and many others + no longer crash or ignore errors if it failed to format the + error message or decode the filename. Instead, they keep a + corresponding error. + - gh-107226: PyModule_AddObjectRef() is now only available in the + limited API version 3.10 or later. + - gh-105375: Fix a bug in PyErr_WarnExplicit() where an exception + could end up being overwritten if the API failed internally. + - gh-99612: Fix PyUnicode_DecodeUTF8Stateful() for ASCII-only + data: *consumed was not set. + +------------------------------------------------------------------- +Thu Aug 10 09:33:26 UTC 2023 - Dirk Müller + +- restrict PEP668 to ALP/Tumbleweed + +------------------------------------------------------------------- +Fri Aug 4 06:37:41 UTC 2023 - Dirk Müller + +- add externally_managed.in to label this build as PEP-668 managed + +------------------------------------------------------------------- +Thu Aug 3 14:53:38 UTC 2023 - Matej Cepl + +- IT MEANS THAT bsc#1210638 STILL HAS NOT BEEN FIXED! +- Add Revert-gh105127-left-tests.patch (gh#python/cpython!106941) + partially reverting CVE-2023-27043-email-parsing-errors.patch, + because of the regression in gh#python/cpython#106669. +- (bsc#1210638, CVE-2023-27043) Add + CVE-2023-27043-email-parsing-errors.patch, which detects email + address parsing errors and returns empty tuple to indicate the + parsing error (old API). (The patch is faulty, + gh#python/cpython#106669, but upstream decided not to just + revert it). + +------------------------------------------------------------------- +Wed Jun 28 19:47:28 UTC 2023 - Matej Cepl + +- Update to Python 3.11.4: + - gh-103142: The version of OpenSSL used in Windows and + Mac installers has been upgraded to 1.1.1u to address + CVE-2023-2650, CVE-2023-0465, CVE-2023-0466, CVE-2023-0464, + as well as CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303 + fixed previously in 1.1.1t (gh-101727). + - gh-102153: urllib.parse.urlsplit() now strips leading C0 + control and space characters following the specification for + URLs defined by WHATWG in response to CVE-2023-24329 + (bsc#1208471). + - gh-99889: Fixed a security in flaw in uu.decode() that could + allow for directory traversal based on the input if no + out_file was specified. + - gh-104049: Do not expose the local on-disk + location in directory indexes produced by + http.client.SimpleHTTPRequestHandler. + - gh-103935: trace.__main__ now uses io.open_code() for files + to be executed instead of raw open(). + - gh-102953: The extraction methods in tarfile, and + shutil.unpack_archive(), have a new filter argument that + allows limiting tar features than may be surprising or + dangerous, such as creating files outside the destination + directory. See Extraction filters for details (fixing + CVE-2007-4559, bsc#1203750). +- Remove upstreamed patches: + - CVE-2007-4559-filter-tarfile_extractall.patch + +------------------------------------------------------------------- +Mon Jun 26 13:02:05 UTC 2023 - Matej Cepl + +- Remove obsolete_python_versioned macro again. This mechanism + has no business to be in Python 3.11, because we have abolished + with it whole interpreter+setuptools+pip product. Python 3.11 + should not be replaced by later versions anymore. + +------------------------------------------------------------------- +Sun Apr 30 18:13:16 UTC 2023 - Matej Cepl + +- Add 103213-fetch-CONFIG_ARGS.patch (gh#python/cpython#103053). +- Add skip_if_buildbot-extend.patch to avoid the bug altogether + (extending what skip_if_buildbot covers). +- Add CVE-2007-4559-filter-tarfile_extractall.patch to fix + bsc#1203750 (CVE-2007-4559) and implementing "PEP 706 – Filter + for tarfile.extractall". + +------------------------------------------------------------------- +Thu Apr 27 21:57:15 UTC 2023 - Matej Cepl + +- Update to 3.11.3: + - Security + - gh-101727: Updated the OpenSSL version used in Windows + and macOS binary release builds to 1.1.1t to address + CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303 per the + OpenSSL 2023-02-07 security advisory. + - Core and Builtins + - gh-101975: Fixed stacktop value on tracing entries to avoid + corruption on garbage collection. + - gh-102701: Fix overflow when creating very large dict. + - gh-102416: Do not memoize incorrectly automatically + generated loop rules in the parser. Patch by Pablo Galindo. + - gh-102356: Fix a bug that caused a crash when deallocating + deeply nested filter objects. Patch by Marta Gómez Macías. + - gh-102397: Fix segfault from race condition in signal + handling during garbage collection. Patch by Kumar Aditya. + - gh-102281: Fix potential nullptr dereference and use of + uninitialized memory in fileutils. Patch by Max Bachmann. + - gh-102126: Fix deadlock at shutdown when clearing thread + states if any finalizer tries to acquire the runtime head + lock. Patch by Kumar Aditya. + - gh-102027: Fix SSE2 and SSE3 detection in _blake2 internal + module. Patch by Max Bachmann. + - gh-101967: Fix possible segfault in + positional_only_passed_as_keyword function, when new list + created. + - gh-101765: Fix SystemError / segmentation fault in iter + __reduce__ when internal access of builtins.__dict__ keys + mutates the iter object. + - gh-101696: Invalidate type version tag in + _PyStaticType_Dealloc for static types, avoiding bug where + a false cache hit could crash the interpreter. Patch by + Kumar Aditya. + - Library + - gh-102549: Don’t ignore exceptions in member type creation. + - gh-102947: Improve traceback when dataclasses.fields() is + called on a non-dataclass. Patch by Alex Waygood + - gh-102780: The asyncio.Timeout context manager now + works reliably even when performing cleanup due to task + cancellation. Previously it could raise a CancelledError + instead of an TimeoutError in such cases. + - gh-88965: typing: Fix a bug relating to substitution in . + Pacustom classes generic over a ParamSpec. Previously, if . + Pathe ParamSpec was substituted with a parameters list that . + Paitself contained a TypeVar, the TypeVar in the parameters . + Palist could not be subsequently substituted. This is now . + Pafixed tch by Nikita Sobolev . + - gh-101979: Fix a bug where parentheses in the metavar + argument to argparse.ArgumentParser.add_argument() were + dropped. Patch by Yeojin Kim. + - gh-102179: Fix os.dup2() error message for negative fds. + - gh-101961: For the binary mode, fileinput.hookcompressed() + doesn’t set the encoding value even if the value is + None. Patch by Gihwan Kim. + - gh-101936: The default value of fp becomes io.BytesIO + if HTTPError is initialized without a designated fp + parameter. Patch by Long Vo. + - gh-102069: Fix __weakref__ descriptor generation for custom + dataclasses. + - gh-101566: In zipfile, apply fix for extractall on the + underlying zipfile after being wrapped in Path. + - gh-101892: Callable iterators no longer raise SystemError + when the callable object exhausts the iterator but forgets + to either return a sentinel value or raise StopIteration. + - gh-97786: Fix potential undefined behaviour in corner cases + of floating-point-to-time conversions. + - gh-101517: Fixed bug where bdb looks up the source line + with linecache with a lineno=None, which causes it to fail + with an unhandled exception. + - gh-101673: Fix a pdb bug where ll clears the changes to + local variables. + - gh-96931: Fix incorrect results from + ssl.SSLSocket.shared_ciphers() + - gh-88233: Correctly preserve “extra” fields in zipfile + regardless of their ordering relative to a zip64 “extra.” + - gh-96127: inspect.signature was raising TypeError on + call with mock objects. Now it correctly returns (*args, + **kwargs) as infered signature. + - gh-95495: When built against OpenSSL 3.0, the ssl module + had a bug where it reported unauthenticated EOFs (i.e. + without close_notify) as a clean TLS-level EOF. It now + raises SSLEOFError, matching the behavior in previous + versions of OpenSSL. The options attribute on SSLContext + also no longer includes OP_IGNORE_UNEXPECTED_EOF by + default. This option may be set to specify the previous + OpenSSL 3.0 behavior. + - gh-94440: Fix a concurrent.futures.process bug where + ProcessPoolExecutor shutdown could hang after a future has + been quickly submitted and canceled. + - Documentation + - gh-103112: Add docstring to http.client.HTTPResponse.read() + to fix pydoc output. + - gh-85417: Update cmath documentation to clarify behaviour + on branch cuts. + - gh-97725: Fix asyncio.Task.print_stack() description for + file=None. Patch by Oleg Iarygin. + - Tests + - gh-102980: Improve test coverage on pdb. + - gh-102537: Adjust the error handling strategy in + test_zoneinfo.TzPathTest.python_tzpath_context. Patch by + Paul Ganssle. + - gh-89792: test_tools now copies up to 10x less source data + to a temporary directory during the freeze test by ignoring + git metadata and other artifacts. It also limits its python + build parallelism based on os.cpu_count instead of hard + coding it as 8 cores. + - gh-101377: Improved test_locale_calendar_formatweekday of + calendar. + - Build + - gh-102711: Fix -Wstrict-prototypes compiler warnings. + +------------------------------------------------------------------- +Fri Mar 3 17:23:35 UTC 2023 - Matej Cepl + +- Update to 3.11.2: + Bug fixes, no changes in API and no security bugs. + +------------------------------------------------------------------- +Wed Mar 1 20:50:04 UTC 2023 - Matej Cepl + +- Add python310 Obsoletes line to obsolete_python_versioned macro. + +------------------------------------------------------------------- +Tue Feb 21 11:34:49 UTC 2023 - Matej Cepl + +- Add provides for readline and sqlite3 to the main Python + package. + +------------------------------------------------------------------- +Thu Jan 26 13:28:24 UTC 2023 - Thorsten Kukuk + +- Disable NIS for new products, it's deprecated and gets removed + +------------------------------------------------------------------- +Tue Jan 24 12:23:34 UTC 2023 - Dirk Müller + +- build GLIBC hwcaps optimized versions of the interpreter + +------------------------------------------------------------------- +Tue Jan 10 11:11:56 UTC 2023 - Matej Cepl + +- Don't fail on Sphinx build warnings. +- For jsc#PED-1570, jsc#PED-2217 and jsc#PED-68, + providing Python 3.11 for SLE-15-SP4. + +------------------------------------------------------------------- +Thu Dec 8 14:59:50 UTC 2022 - Matej Cepl + +- Update to 3.11.1: + - python -m http.server no longer allows terminal control + characters sent within a garbage request to be printed + to the stderr server lo This is done by changing the + http.server BaseHTTPRequestHandler .log_message method to + replace control characters with a \xHH hex escape before + printin + - Avoid publishing list of active per-interpreter audit hooks + via the gc module + - The IDNA codec decoder used on DNS hostnames by socket or + asyncio related name resolution functions no longer involves + a quadratic algorithm. This prevents a potential CPU denial + of service if an out-of-spec excessive length hostname + involving bidirectional characters were decoded. Some + protocols such as urllib http 3xx redirects potentially allow + for an attacker to supply such a name (CVE-2022-45061). + - Update bundled libexpat to 2.5.0 + - Fix a shell code injection vulnerability in the + get-remote-certificate.py example script. The script no + longer uses a shell to run openssl commands. Issue reported + and initial fix by Caleb Shortt. Patch by Victor Stinner. + - Fix a crash when an object which does not have a dictionary + frees its instance values. + - Fix a bug in the tokenizer that could cause infinite + recursion when showing syntax warnings that happen in the + first line of the source. Patch by Pablo Galindo + - Fix an issue that could cause frames to be visible to Python + code as they are being torn down, possibly leading to memory + corruption or hard crashes of the interpreter. + - Fix a reference bug in _imp.create_builtin() after the + creation of the first sub-interpreter for modules builtins + and sys. Patch by Victor Stinner. + - Fixed a bug that was causing a buffer overflow if the + tokenizer copies a line missing the newline caracter from a + file that is as long as the available tokenizer buffer. Patch + by Pablo galindo + - Fix bug where an ExceptionGroup subclass can wrap a + BaseException. + - Fix zip path for venv created from a non-installed python on + POSIX platforms. + - Fix an issue that could potentially cause incorrect error + handling for some bytecode instructions. + - Fix an issue that prevented PyThreadState and + PyInterpreterState memory from being freed properly. + - Fix failure in except* with unhashable exceptions. + - Fix calculation of sys._base_executable when inside a POSIX + virtual environment using copies of the python binary when + the base installation does not provide the executable name + used by the venv. Calculation will fall back to alternative + names (“python”, “python.”). + - Update faulthandler to emit an error message with the proper + unexpected signal number. Patch by Dong-hee Na. + - Fix location of SyntaxError for a try block with both except + and except*. + - Fix the error reporting positions of specialized traceback + anchors when the source line contains Unicode characters. + - Fix subscription of type aliases containing bare generic + types or types like TypeVar: for example tuple[A, T][int] and + tuple[TypeVar, T][int], where A is a generic type, and T is a + type variable. + - Lower the recursion depth for marshal on WASI to support + wasmtime 2.0/main. + - Fix multiple crashes in debug mode when str subclasses are + used instead of str itself. + - Fix an issue where member descriptors (such as those for + __slots__) could behave incorrectly or crash instead of + raising a TypeError when accessed via an instance of an + invalid type. + - Suppress ImportError for invalid query for help() + command. Patch by Dong-hee Na. + - Fix detection of MAC addresses for uuid on certain OSs. Patch + by Chaim Sanders + - Print exception class name instead of its string + representation when raising errors from ctypes calls. + - os.sched_yield() now release the GIL while calling + sched_yield(2). Patch by Dong-hee Na. + - Fix an issue that could delay the specialization of PRECALL + instructions. + - Bugfix: PyFunction_GetAnnotations() should return a borrowed + reference. It was returning a new reference. + - Ensure that all Python frame objects are backed by “complete” + frames. + - Fixed a missing incref/decref pair in + Exception.__setstate__(). Patch by Ofey Chan. + - Fix the Python path configuration used to initialized + sys.path at Python startup. Paths are no longer encoded + to UTF-8/strict to avoid encoding errors if it contains + surrogate characters (bytes paths are decoded with the + surrogateescape error handler). Patch by Victor Stinner. + - Fix overly-broad source position information for chained + comparisons used as branching conditions. + - At Python exit, sometimes a thread holding the GIL can + wait forever for a thread (usually a daemon thread) which + requested to drop the GIL, whereas the thread already + exited. To fix the race condition, the thread which requested + the GIL drop now resets its request before exiting. Issue + discovered and analyzed by Mingliang ZHAO. Patch by Victor + Stinner. + - Fix a possible assertion failure, fatal error, or SystemError + if a line tracing event raises an exception while opcode + tracing is enabled. + - Fix undefined behaviour in C code of null pointer arithmetic. + - Make sure that all frame objects created are created from + valid interpreter frames. Prevents the possibility of invalid + frames in backtraces and signal handlers. + - Disable incorrect pickling of the C implemented classmethod + descriptors. + - On WASI ENOTCAPABLE is now mapped to PermissionError. The + errno modules exposes the new error number. getpath.py now + ignores PermissionError when it cannot open landmark files + pybuilddir.txt and pyenv.cfg. + - Allow pdb to locate source for frozen modules in the standard + library. + - Raise ValueError instead of SystemError when methods of + uninitialized io.IncrementalNewlineDecoder objects are + called. Patch by Oren Milman. + - Fix a possible assertion failure in io.FileIO when the opener + returns an invalid file descriptor. + - Also escape s in the http.server + BaseHTTPRequestHandler.log_message so that it is technically + possible to parse the line and reconstruct what the original + data was. Without this a xHH is ambiguious as to if it is a + hex replacement we put in or the characters r”x” came through + in the original request line. + - asyncio.get_event_loop() now only emits a deprecation warning + when a new event loop was created implicitly. It no longer + emits a deprecation warning if the current event loop was + set. + - Fix bug when calling trace.CoverageResults with valid infile. + - Fix a bug in handling class cleanups in + unittest.TestCase. Now addClassCleanup() uses separate lists + for different TestCase subclasses, and doClassCleanups() only + cleans up the particular class. + - Release the GIL when calling termios APIs to avoid blocking + threads. + - Fix ast.increment_lineno() to also cover ast.TypeIgnore when + changing line numbers. + - Fix bug in urllib.parse.urlparse() that causes URL schemes + that begin with a digit, a plus sign, or a minus sign to be + parsed incorrectly. + - Check the number of arguments in substitution in user + generics containing a TypeVarTuple and one or more TypeVar. + - Fix substitution of ParamSpec followed by TypeVarTuple in + generic aliases. + - Fix substitution of TypeVarTuple and ParamSpec together in + user generics. + - Fixed bug where inspect.signature() reported incorrect + arguments for decorated methods. + - Fix SystemError in ctypes when exception was not set during + __initsubclass__. + - Remove older version of + _SSLProtocolTransport.get_write_buffer_limits in + asyncio.sslproto + - fix negative numbers failing in verify() + - Fix statistics.NormalDist pickle with 0 and 1 protocols. + - enum.auto() is now correctly activated when combined with + other assignment values. E.g. ONE = auto(), 'some text' will + now evaluate as (1, 'some text'). + - Update the bundled copy of pip to version 22.3.1. + - Clean up refleak on failed module initialisation in _zoneinfo + - Clean up refleaks on failed module initialisation in in + _pickle + - Clean up refleak on failed module initialisation in _io. + - Fix memory leak in math.dist() when both points don’t have + the same dimension. Patch by Kumar Aditya. + - [3.11] Applied changes from importlib_metadata 4.11.4 + through 4.13, including compatibility and robustness + fixes for Distribution objects without _normalized_name, + disallowing invalid inputs to Distribution.from_name, and + refined behaviors in PathDistribution._name_from_stem and + PathDistribution._normalized_name. + - Fix argument typechecks in _overlapped.WSAConnect() and + _overlapped.Overlapped.WSASendTo() functions. + - Prevent crashing in traceback when retrieving the byte-offset + for some source files that contain certain unicode + characters. + - Fix internal error in the re module which in very rare + circumstances prevented compilation of a regular expression + containing a conditional expression without the “else” + branch. + - Fix asyncio.StreamWriter.drain() to call + protocol.connection_lost callback only once on Windows. + - Add a mutex to unittest.mock.NonCallableMock to protect + concurrent access to mock attributes. + - Fix hang on Windows in subprocess.wait_closed() in asyncio + with ProactorEventLoop. Patch by Kumar Aditya. + - Fix infinite loop in unittest when a self-referencing chained + exception is raised + - tkinter.Text.count() raises now an exception for options + starting with “-” instead of silently ignoring them. + - On uname_result, restored expectation that _fields and + _asdict would include all six properties including processor. + - A createSocket() method was added to SysLogHandler. + - Fix bug in urllib.parse.urlparse() that causes certain port + numbers containing whitespace, underscores, plus and minus + signs, or non-ASCII digits to be incorrectly accepted. + - Allow venv to pass along PYTHON* variables to ensurepip and + pip when they do not impact path resolution + - On macOS, fix a crash in syslog.syslog() in multi-threaded + applications. On macOS, the libc syslog() function is not + thread-safe, so syslog.syslog() no longer releases the GIL to + call it. Patch by Victor Stinner. + - Allow BUILTINS to be a valid field name for frozen + dataclasses. + - Wrap network errors consistently in urllib FTP support, so + the test suite doesn’t fail when a network is available but + the public internet is not reachable. + - Make sure patch.dict() can be applied on async functions. + - Earlier in 3.11 we deprecated + asyncio.Task.cancel("message"). We realized we were too + harsh, and have undeprecated it. + - Change deprecate warning message in unittest from It is + deprecated to return a value!=None to It is deprecated to + return a value that is not None from a test case + - Fixes AttributeError when subprocess.check_output() is used + with argument input=None and either of the arguments encoding + or errors are used. + - Fix is_private properties in the ipaddress module. Previously + non-private networks (0.0.0.0/0) would return True from this + method; now they correctly return False. + - Avoid spurious tracebacks from asyncio when default executor + cleanup is delayed until after the event loop is closed (e.g. + as the result of a keyboard interrupt). + - Avoid a crash in the C version of + asyncio.Future.remove_done_callback() when an evil argument + is passed. + - Remove tokenize.NL check from tabnanny. + - Fix generation of the default name of + tkinter.Checkbutton. Previously, checkbuttons in different + parent widgets could have the same short name and share + the same state if arguments “name” and “variable” are not + specified. Now they are globally unique. + - Update bundled libexpat to 2.4.9 + - Fix race condition in asyncio where process_exited() called + before the pipe_data_received() leading to inconsistent + output. Patch by Kumar Aditya. + - Fixed check in multiprocessing.resource_tracker that + guarantees that the length of a write to a pipe is not + greater than PIPE_BUF. + - Corrected type annotation for dataclass attribute + pstats.FunctionProfile.ncalls to be str. + - Fix repr of Any subclasses. + - Work around missing socket functions in socket’s __repr__. + - In inspect, fix overeager replacement of “typing.” in + formatting annotations. + - Fix handling of bytes path-like objects in os.ismount(). + - Fix handling compiler warnings (SyntaxWarning and + DeprecationWarning) in codeop.compile_command() when checking + for incomplete input. Previously it emitted warnings and + raised a SyntaxError. Now it always returns None for + incomplete input without emitting any warnings. + - To avoid apparent memory leaks when asyncio.open_connection() + raises, break reference cycles generated by local exception + and future instances (which has exception instance as its + member var). Patch by Dong Uk, Kang. + - Fixed flickering of the turtle window when the tracer is + turned off. Patch by Shin-myoung-serp. + - Fix asyncio subprocess transport to kill process cleanly + when process is blocked and avoid RuntimeError when loop is + closed. Patch by Kumar Aditya. + - Prevent error when activating venv in nested fish instances. + - TarFile.next() now returns None when called on an empty + tarfile. + - Document the optional callback parameter of WeakMethod. Patch + by Géry Ogam. + - Restrict use of sockets instead of pipes for stdin of + subprocesses created by asyncio to AIX platform only. + - shutil.copytree() now applies the ignore_dangling_symlinks + argument recursively. + - Fix IndexError in argparse.ArgumentParser when a store_true + action is given an explicit argument. + - Document that calling variadic functions with ctypes requires + special care on macOS/arm64 (and possibly other platforms). + - Remove extra row + - Clarified the conflicting advice given in the ast + documentation about ast.literal_eval() being “safe” for use + on untrusted input while at the same time warning that it + can crash the process. The latter statement is true and is + deemed unfixable without a large amount of work unsuitable + for a bugfix. So we keep the warning and no longer claim that + literal_eval is safe. + - Restructured the documentation for the os.wait* family of + functions, and improved the docs for os.waitid() with more + explanation of the possible argument constants. + - Skip test_normalization() of test_unicodedata if it + fails to download NormalizationTest.txt file from + pythontest.net. Patch by Victor Stinner. + - Correct test_marsh on (32 bit) x86: test_deterministic sets + was failing. + - Optional big memory tests in test_sqlite3 now catch the + correct sqlite.DataError exception type in case of too large + strings and/or blobs passed. + - Fix a bug in the typing tests where a test relying + on CPython-specific implementation details was not + decorated with @cpython_only and was not skipped on other + implementations. + - Add tests for star-unpacking with PEP 646, and some other + miscellaneous PEP 646 tests. + - Added explicit coverage of Py_Initialize (and hence + Py_InitializeEx) back to the embedding tests (all other + embedding tests migrated to Py_InitializeFromConfig in Python + 3.11) + - Some C API tests were moved into the new Lib/test/test_capi/ + directory. + - Fix -Wimplicit-int, -Wstrict-prototypes, and + -Wimplicit-function-declaration compiler warnings in + configure checks. + - Fix a compilation issue with GCC 12 on macOS. + - Fix -Wimplicit-int compiler warning in configure check for + PTHREAD_SCOPE_SYSTEM. + - Fix a possible fd leak in Programs/_freeze_module.c + introduced in Python 3.11. + - Fix build with PYTHON_FOR_REGEN=python3.8. + - Specify the full path to the source location for make + docclean (needed for cross-builds). + - Don’t use vendored libmpdec headers if --with-system-libmpdec + is passed to configure. Don’t use vendored libexpat headers + if --with-system-expat is passed to !configure. + - Fix the build process of clang compiler for _bootstrap_python + if LTO optimization is applied. Patch by Matthias Görgens and + Dong-hee Na. + - wasm32-emscripten builds for browsers now include + concurrent.futures for asyncio and unittest.mock. + - wasm32-emscripten platform no longer builds resource module, + getresuid(), getresgid(), and their setters. The APIs are + stubs and not functional. + - Updated pegen regeneration script on Windows to find and + use Python 3.9 or higher. Prior to this, pegen regeneration + already required 3.9 or higher, but the script may have used + lower versions of Python. + - Fix a bug in the previous bugfix that caused IDLE to + not start when run with 3.10.8, 3.12.0a1, and at least + Microsoft Python 3.10.2288.0 installed without the Lib/test + package. 3.11.0 was never affected. + - The wasm_build.py script now pre-builds Emscripten ports, + checks for broken EMSDK versions, and warns about pkg-config + env vars. + - The new tool Tools/wasm/wasm_builder.py automates configure, + compile, and test steps for building CPython on WebAssembly + platforms. + - Fix handling of module docstrings in Tools/i18n/pygettext.py. + - PyBUF_* constants were marked as part of Limited API + of Python 3.11+. These were available in 3.11.0 with + Py_LIMITED_API defined for 3.11, and are necessary to use the + buffer API. + - Fix use-after-free in Py_SetPythonHome(NULL), + Py_SetProgramName(NULL) and _Py_SetProgramFullPath(NULL) + function calls. Issue reported by Benedikt Reinartz. Patch by + Victor Stinner. + - Py_InitializeEx now correctly calls PyConfig_Clear after + initializing the interpreter (the omission didn’t cause a + memory leak only because none of the dynamically allocated + config fields are populated by the wrapper function) +- Removed upstreamed patches: + - 98437-sphinx.locale._-as-gettext-in-pyspecific.patch + - CVE-2022-45061-DoS-by-IDNA-decode.patch + +------------------------------------------------------------------- +Wed Nov 9 18:31:23 UTC 2022 - Matej Cepl + +- Add CVE-2022-45061-DoS-by-IDNA-decode.patch to avoid + CVE-2022-45061 (bsc#1205244) allowing DoS by IDNA decoding + extremely long domain names. + +------------------------------------------------------------------- +Tue Oct 25 08:39:47 UTC 2022 - Matej Cepl + +- Update to 3.11.0 (overall changes from 3.10.*): + - General changes + - PEP 657 -- Include Fine-Grained Error Locations in + Tracebacks + - PEP 654 -- Exception Groups and except* + - PEP 680 -- tomllib: Support for Parsing TOML in the + Standard Library + - gh-90908 -- Introduce task groups to asyncio + - gh-34627 -- Atomic grouping ((?>...)) and possessive + quantifiers (*+, ++, ?+, {m,n}+) are now supported in + regular expressions. + - The Faster CPython Project is already yielding some + exciting results. Python 3.11 is up to 10-60% faster than + Python 3.10. On average, we measured a 1.22x speedup on the + standard benchmark suite. See Faster CPython for details. + - Typing and typing language changes + - PEP 673 -- Self Type + - PEP 646 -- Variadic Generics + - PEP 675 -- Arbitrary Literal String Type + - PEP 655 -- Marking individual TypedDict items as required + or potentially-missing + - PEP 681 -- Data Class Transforms +- (just changes from 3.11.0rc2): + - Fix multiplying a list by an integer (list *= int): detect + the integer overflow when the new allocated length is close + to the maximum size. Issue reported by Jordan Limor. Patch by + Victor Stinner. + - On Linux the multiprocessing module returns to using + filesystem backed unix domain sockets for communication + with the forkserver process instead of the Linux abstract + socket namespace. Only code that chooses to use the + “forkserver” start method is affected. Abstract sockets have + no permissions and could allow any user on the system in the + same network namespace (often the whole system) to inject + code into the multiprocessing forkserver process. This was + a potential privilege escalation. Filesystem based socket + permissions restrict this to the forkserver process user as + was the default in Python 3.8 and earlier. This prevents + Linux CVE-2022-42919. + - Fix an issue where several frame objects could be backed by + the same interpreter frame, possibly leading to corrupted + memory and hard crashes of the interpreter. + - Fix possible data corruption or crashes when accessing the + f_back member of newly-created generator or coroutine frames. + - Fix a crash occurring when PyEval_GetFrame() is called while + the topmost Python frame is in a partially-initialized state. + - Fix command line parsing: reject -X int_max_str_digits option + with no value (invalid) when the PYTHONINTMAXSTRDIGITS + environment variable is set to a valid limit. Patch by Victor + Stinner. + - Fix undefined behaviour in _testcapimodule.c. + - When ValueError is raised if an integer is larger than the + limit, mention the sys.set_int_max_str_digits() function in + the error message. Patch by Victor Stinner. + - Correctly raise SyntaxError on exception groups (PEP 654) on + python versions prior to 3.11 + - Document some places where an assignment expression needs + parentheses. + - Update the bundled copies of pip and setuptools to versions + 22.3 and 65.5.0 respectively. + - fix Flag to use boundary CONFORM + - This restores previous Flag behavior of allowing flags with + non-sequential values to be combined; e.g. + - class Skip(Flag): TWO = 2 EIGHT = 8 + - Skip.TWO | Skip.EIGHT -> + - Fix ! in c domain ref target syntax via a conf.py patch, so + it works as intended to disable ref target resolution. + - Update tutorial introduction output to use 3.10+ SyntaxError + invalid range. + +------------------------------------------------------------------- +Fri Oct 21 10:14:03 UTC 2022 - Matej Cepl + +- Add 98437-sphinx.locale._-as-gettext-in-pyspecific.patch to + allow building of documentation with the latest Sphinx 5.3.0 + (gh#python/cpython#98366). + +------------------------------------------------------------------- +Thu Sep 15 08:43:07 UTC 2022 - Matej Cepl + +- Update to 3.11.0rc2: + - Converting between int and str in bases other than 2 + (binary), 4, 8 (octal), 16 (hexadecimal), or 32 such as base + 10 (decimal) now raises a ValueError if the number of digits + in string form is above a limit to avoid potential denial of + service attacks due to the algorithmic complexity. This is + a mitigation for CVE-2020-10735. + This new limit can be configured or disabled by environment + variable, command line flag, or sys APIs. See the integer + string conversion length limitation documentation. The + default limit is 4300 digits in string form. + - Fix case of undefined behavior in ceval.c + - Do not expose KeyWrapper in _functools. + - Ensure that tracing, sys.setrace(), is turned on + immediately. In pre-release versions of 3.11, some tracing + events might have been lost when turning on tracing in a + __del__ method or interrupt. + - Fix use after free in trace refs build mode. Patch by Kumar + Aditya. + - When loading a file with invalid UTF-8 inside a multi-line + string, a correct SyntaxError is emitted. + - Make sure that incomplete frames do not show up in + tracemalloc traces. + - Remove two cases of undefined behavior, by adding NULL + checks. + - Fix possible NULL pointer dereference in + _PyThread_CurrentFrames. Patch by Kumar Aditya. + - Fix AttributeError missing name and obj attributes in + object.__getattribute__(). Patch by Philip Georgi. + - Loading a file with invalid UTF-8 will now report the broken + character at the correct location. + - Fixed a bug that caused _PyCode_GetExtra to return garbage + for negative indexes. Patch by Pablo Galindo + - Fix a deadlock in PyGILState_Ensure() when allocating new + thread state. Patch by Kumar Aditya. + - PyType_Ready() now initializes ht_cached_keys and performs + additional checks to ensure that type objects are properly + configured. This avoids crashes in 3rd party packages that + don’t use regular API to create new types. + - Skip over incomplete frames in PyThreadState_GetFrame(). + - Fix format string in _PyPegen_raise_error_known_location that + can lead to memory corruption on some 64bit systems. The + function was building a tuple with i (int) instead of n + (Py_ssize_t) for Py_ssize_t arguments. + - Fix misleading contents of error message when converting an + all-whitespace string to float. + - ast.parse() will no longer parse function definitions with + positional-only params when passed feature_version less than + (3, 8). Patch by Shantanu Jain. + - Fix incorrect error message in the io module. + - Fix the faulthandler implementation of + faulthandler.register(signal, chain=True) if the sigaction() + function is not available: don’t call the previous signal + handler if it’s NULL. Patch by Victor Stinner. + - Correct conversion of numbers.Rational’s to float. + - Fix TypeVarTuple.__typing_prepare_subst__. TypeError was not + raised when using more than one TypeVarTuple, like [*T, *V] + in type alias substitutions. + - Fix asyncio.streams.StreamReaderProtocol to keep a strong + reference to the created task, so that it’s not garbage + collected + - Fix a performance regression in logging + TimedRotatingFileHandler. Only check for special files when + the rollover time has passed. + - Fix unused localName parameter in the Attr class in + xml.dom.minidom. + - Fix incorrect condition that causes sys.thread_info.name to + be wrong on pthread platforms. + - Remove an incompatible change from bpo-28080 that caused a + regression that ignored the utf8 in ZipInfo.flag_bits. Patch + by Pablo Galindo. + - Fix asyncio.Runner to call asyncio.set_event_loop() only + once to avoid calling attach_loop() multiple times on child + watchers. Patch by Kumar Aditya. + - Fix unittest.IsolatedAsyncioTestCase to set event loop before + calling setup functions. Patch by Kumar Aditya. + - When a task catches asyncio.CancelledError and raises some + other error, the other error should generally not silently be + suppressed. + - Fail gracefully if EPERM or ENOSYS is raised when loading + crypt methods. This may happen when trying to load MD5 on a + Linux kernel with FIPS enabled. + - Allow asyncio.StreamWriter.drain() to be awaited concurrently + by multiple tasks. Patch by Kumar Aditya. + - Fix ast.unparse() when ImportFrom.level is None + - Improve discoverability of the higher level + concurrent.futures module by providing clearer links from the + lower level threading and multiprocessing modules. + - What’s New 3.11 now has instructions for how to provide + compiler and linker flags for Tcl/Tk and OpenSSL on RHEL 7 + and CentOS 7. + - Mitigate the inherent race condition from using + find_unused_port() in testSockName() by trying to find an + unused port a few times before failing. Patch by Ross Burton. + - Build and test with OpenSSL 1.1.1q +- Use support-expat-CVE-2022-25236-patched.patch from the current + version of gh#python/cpython#93900 instead of the old + support-expat-245.patch. +- Reapply fix_configure_rst.patch. + +------------------------------------------------------------------- +Mon Sep 5 08:43:49 UTC 2022 - Andreas Schwab + +- Increase testsuite timeout for test_freeze_simple_script + +------------------------------------------------------------------- +Sat Aug 20 21:31:40 UTC 2022 - Matej Cepl + +- fix import_failed.map to refer to the python 3.11 package versions + +------------------------------------------------------------------- +Sat Aug 20 14:05:21 UTC 2022 - Matej Cepl + +- Update to 3.11.0rc1: + - Core and Builtins + - Update code object hashing and equality to consider all + debugging and exception handling tables. This fixes an + issue where certain non-identical code objects could be + “deduplicated” during compilation. + - _PyPegen_Parser_New now properly detects token memory + allocation errors. Patch by Honglin Zhu. + - Run Python code in tracer/profiler function at full + speed. Fixes slowdown in earlier versions of 3.11. + - Emit a warning in debug mode if an object does not call + PyObject_GC_UnTrack() before deallocation. Patch by Pablo + Galindo. + - Prevented crashes in the AST constructor when + compiling some absurdly long expressions like + "+0"*1000000. RecursionError is now raised instead. Patch + by Pablo Galindo + - ast.AST node positions are now validated when provided to + compile() and other related functions. If invalid positions + are detected, a ValueError will be raised. + - Fix error detection in some builtin functions when keyword + argument name is an instance of a str subclass with + overloaded __eq__ and __hash__. Previously it could cause + SystemError or other undesired behavior. + - Library + - Update bundled pip to 22.2.2. + - Fix asyncio.TaskGroup to propagate exception when + asyncio.CancelledError was replaced with another exception + by a context manger. Patch by Kumar Aditya and Guido van + Rossum. + - Update bundled pip to 22.2.1. + - Fix GC crash when deallocating _lsprof.Profiler by + untracking it before calling any callbacks. Patch by Kumar + Aditya. + - Fix asyncio.run() for asyncio.Task implementations without + uncancel() method. Patch by Kumar Aditya. + - Fix check for existence of os.EFD_CLOEXEC, os.EFD_NONBLOCK + and os.EFD_SEMAPHORE flags on older kernel versions where + these flags are not present. Patch by Kumar Aditya. + - Fix concurrent.futures.Executor.map() to cancel the + currently waiting on future on an error - e.g. TimeoutError + or KeyboardInterrupt. + - Ensure that timeouts scheduled with asyncio.Timeout that + have already expired are delivered promptly. + - Suppress writing an XML declaration in open files + in ElementTree.write() with encoding='unicode' and + xml_declaration=None. + - Fix findtext in the xml module to only give an empty string + when the text attribute is set to None. + - Documentation + - Fix stylesheet not working in Windows CHM htmlhelp docs + and add warning that they are deprecated. Contributed by + C.A.M. Gerlach. + - Update library documentation with availability information + on WebAssembly platforms wasm32-emscripten and wasm32-wasi. + - Use consistent syntax for platform availability. The + directive now supports a content body and emits a warning + when it encounters an unknown platform. + - Document a limitation in ThreadPoolExecutor where its exit + handler is executed before any handlers in atexit. + - Tests + - Lib/test/test_asyncio/test_ssl.py exposed a bug in the + macOS kernel where intense concurrent load on non-blocking + sockets occasionally causes errno.ENOBUFS (“No buffer space + available”) to be emitted. FB11063974 filed with Apple, in + the mean time as a workaround buffer size used in tests on + macOS is decreased to avoid intermittent failures. Patch by + Fantix King. + - Fix problem with test_ssl test_get_ciphers on systems that + require perfect forward secrecy (PFS) ciphers. + - Add a regression test for re exponentional slowdown when + using rjsmin. + - Build + - Fix a regression in configure script that caused some + header checks to ignore custom CPPFLAGS. The regression was + introduced in gh-94802. + - wasm32-wasi builds no longer depend on WASIX’s pthread + stubs. Python now has its own stubbed pthread API. + - Python now detects missing dup function in WASI and works + around some missing errno, select, and socket constants. + - Python now skips missing socket functions and methods on + WASI. WASI can only create sockets from existing fd / + accept and has no netdb. + - Platforms wasm32-unknown-emscripten and wasm32-unknown-wasi + have been promoted to PEP 11 tier 3 platform support. + - IDLE + - Document handling of extensions in Save As dialogs. + - Include prompts when saving Shell (interactive input and + output). + - Fix the Shell context menu copy-with-prompts bug of copying + an extra line when one selects whole lines. + - In the Edit menu, move Select All and add a new separator. + - Enable using IDLE’s module browser with .pyw files. + - Add .pyi as a recognized extension for IDLE on macOS. This + allows opening stub files by double clicking on them in the + Finder. + - C API + - Restore the 3.10 behavior for multiple inheritance of C + extension classes that store their dictionary at the end of + the struct. + - Added PyCode_GetVarnames(), PyCode_GetCellvars() and + PyCode_GetFreevars() for accessing co_varnames, co_cellvars + and co_freevars respectively via the C API. + +------------------------------------------------------------------- +Tue Jul 26 10:37:31 UTC 2022 - Matej Cepl + +- Update to 3.11.0b5: + - Core and Builtins + - gh-93351: ast.AST node positions are now validated when + provided to compile() and other related functions. If + invalid positions are detected, a ValueError will be + raised. + - gh-94438: Fix an issue that caused extended opcode + arguments and some conditional pops to be ignored when + calculating valid jump targets for assignments to the + f_lineno attribute of frame objects. In some cases, this + could cause inconsistent internal state, resulting in a + hard crash of the interpreter. + - gh-95060: Undocumented PyCode_Addr2Location function now + properly returns when addrq argument is less than zero. + - gh-95113: Replace all EXTENDED_ARG_QUICK instructions + with basic EXTENDED_ARG instructions in unquickened + code. Consumers of non-adaptive bytecode should be able to + handle extended arguments the same way they were handled in + CPython 3.10 and older. + - gh-91409: Fix incorrect source location info caused by + certain optimizations in the bytecode compiler. + - gh-94036: Fix incorrect source location info for some + multi-line attribute accesses and method calls. + - gh-94739: Allow jumping within, out of, and across + exception handlers in the debugger. + - gh-94949: ast.parse() will no longer parse parenthesized + context managers when passed feature_version less than (3, + 9). Patch by Shantanu Jain. + - gh-94947: ast.parse() will no longer parse assignment + expressions when passed feature_version less than (3, + 8). Patch by Shantanu Jain. + - gh-91256: Ensures the program name is known for help text + during interpreter startup. + - gh-94869: Fix the column offsets for some expressions in + multi-line f-strings ast nodes. Patch by Pablo Galindo. + - gh-94822: Fix an issue where lookups of metaclass + descriptors may be ignored when an identically-named + attribute also exists on the class itself. + - gh-91153: Fix an issue where a bytearray item assignment + could crash if it’s resized by the new value’s __index__() + method. + - gh-90699: Fix reference counting bug in + bool.__repr__(). Patch by Kumar Aditya. + - Library + - gh-95087: Fix IndexError in parsing invalid date in the + email module. + - gh-95199: Upgrade bundled setuptools to 63.2.0. + - gh-95194: Upgrade bundled pip to 22.2. + - gh-95132: Fix a sqlite3 regression where *args and **kwds + were incorrectly relayed from connect() to the Connection + factory. The regression was introduced in 3.11a1 with PR + 24421 (gh-85128). Patch by Erlend E. Aasland.` + - gh-93157: Fix fileinput module didn’t support errors option + when inplace is true. + - gh-95105: wsgiref.types.InputStream.__iter__() should + return Iterator[bytes], not Iterable[bytes]. Patch by + Shantanu Jain. + - gh-94857: Fix refleak in + _io.TextIOWrapper.reconfigure. Patch by Kumar Aditya. + - gh-94821: Fix binding of unix socket to empty address + on Linux to use an available address from the abstract + namespace, instead of “0”. + - gh-89988: Fix memory leak in pickle.Pickler when looking up + dispatch_table. Patch by Kumar Aditya. + - bpo-47025: Drop support for bytes on sys.path. + - Tests + - gh-95212: Make multiprocessing test case + test_shared_memory_recreate parallel-safe. + - Build + - gh-94847: Fixed _decimal module build issue on GCC when + compiling with LTO and pydebug. Debug builds no longer + force inlining of functions. + - gh-94841: Fix the possible performance regression of + PyObject_Free() compiled with MSVC version 1932. + - gh-94801: configure now uses custom flags like ZLIB_CFLAGS + and ZLIB_LIBS when searching for headers and libraries. + - gh-94773: deepfreeze.py now supports code object with + frozensets that contain incompatible, unsortable types. + - C API + - gh-94930: Fix SystemError raised when + PyArg_ParseTupleAndKeywords() is used with # in (...) but + without PY_SSIZE_T_CLEAN defined. + - gh-94864: Fix PyArg_Parse* with deprecated format units “u” + and “Z”. It returned 1 (success) when warnings are turned + into exceptions. + - gh-94731: Python again uses C-style casts for + most casting operations when compiled with + C++. This may trigger compiler warnings, if they + are enabled with e.g. -Wold-style-cast `` or + ``-Wzero-as-null-pointer-constant options for g++. + +------------------------------------------------------------------- +Thu Jul 21 14:19:53 UTC 2022 - Matej Cepl + +- Switch from %primary_interpreter to prjconf-defined + %primary_python (gh#openSUSE/python-rpm-macros#127). + +------------------------------------------------------------------- +Thu Jul 14 15:37:35 UTC 2022 - Matej Cepl + +- Update to 3.11.0b4: +- Fixes many bugs and adds following more significant changes +- Security + - gh-68966: The deprecated mailcap module now refuses to inject + Coreunsafe text (filenames, MIME types, parameters) into + shell Corecommands. Instead of using such text, it will + warn and act Coreas if a match was not found (or for test + commands, as if the Coretest failed). and Builtins + - gh-93516: Lazily create a table mapping bytecode offsets to + line numbers to speed up calculation of line numbers when + tracing. + - gh-93461: importlib.invalidate_caches() now drops entries + from sys.path_importer_cache with a relative path as + name. This solves a caching issue when a process changes its + current working directory. + - FileFinder no longer inserts a dot in the path, e.g. + /egg/./spam is now /egg/spam. +Library + - gh-93896: Fix asyncio.run() and + unittest.IsolatedAsyncioTestCase to always the set event loop + as it was done in Python 3.10 and earlier. Patch by Kumar + Aditya. + - gh-94101: Manual instantiation of ssl.SSLSession objects is + no longer allowed as it lead to misconfigured instances that + crashed the interpreter when attributes where accessed on + them. + - gh-83658: Make multiprocessing.Pool raise an exception if + maxtasksperchild is not None or a positive int. + - gh-61162: Clarify sqlite3 behavior when Using the connection + as a context manager. +Tools/Demos + - gh-94538: Fix Argument Clinic output to custom file + destinations. Patch by Erlend E. Aasland. +C API + - gh-93937: The following frame functions and type are now + directly available with #include , it’s no longer + needed to add #include : + PyFrame_Check() + PyFrame_GetBack() + PyFrame_GetBuiltins() + PyFrame_GetGenerator() + PyFrame_GetGlobals() + PyFrame_GetLasti() + PyFrame_GetLocals() + PyFrame_Type + +------------------------------------------------------------------- +Tue May 31 20:54:36 UTC 2022 - Matej Cepl + +- Update to 3.11.0b2: + - many small updates +- Add patch support-expat-245.patch: + * Support Expat >= 2.4.4 (jsc#SLE-21253) + +------------------------------------------------------------------- +Tue May 10 15:01:18 UTC 2022 - Matej Cepl + +- Refresh bluez-devel-vendor.tar.xz +- Fix building with system-expat (gh#python/cpython#92875). Nope, + it didn't work, worked around it. + +------------------------------------------------------------------- +Mon May 9 15:09:03 UTC 2022 - Matej Cepl + +- Update to pre-release version 3.11.0b1: + - PEP 657 – Include Fine-Grained Error Locations in Tracebacks + - PEP 654 – Exception Groups and except* + - PEP 673 – Self Type + - PEP 646 – Variadic Generics + - PEP 680– tomllib: Support for Parsing TOML in the Standard Library + - PEP 675– Arbitrary Literal String Type + - PEP 655– Marking individual TypedDict items as required or potentially-missing + - bpo-46752– Introduce task groups to asyncio + - The Faster Cpython Project is already yielding some exciting + results. Python 3.11 is up to 10-60% faster than Python + 3.10. On average, we measured a 1.22x speedup on the standard + benchmark suite. See + https://docs.python.org/3.11/whatsnew/3.11.html#faster-cpython + for details. + +------------------------------------------------------------------- +Thu May 5 14:35:56 UTC 2022 - Matej Cepl + +- Switch primary_interpreter from python38 to python310 + +------------------------------------------------------------------- +Sat Mar 26 22:52:45 UTC 2022 - Matej Cepl + +- Update to 3.10.4: + - bpo-46968: Check for the existence of the “sys/auxv.h” header + in faulthandler to avoid compilation problems in systems + where this header doesn’t exist. Patch by Pablo Galindo + - bpo-23691: Protect the re.finditer() iterator from + re-entering. + - bpo-42369: Fix thread safety of zipfile._SharedFile.tell() to + avoid a “zipfile.BadZipFile: Bad CRC-32 for file” exception + when reading a ZipFile from multiple threads. + - bpo-38256: Fix binascii.crc32() when it is compiled to use + zlib’c crc32 to work properly on inputs 4+GiB in length + instead of returning the wrong result. The workaround prior + to this was to always feed the function data in increments + smaller than 4GiB or to just call the zlib module function. + - bpo-39394: A warning about inline flags not at the start of + the regular expression now contains the position of the flag. + - bpo-47061: Deprecate the various modules listed by PEP 594: + - aifc, asynchat, asyncore, audioop, cgi, cgitb, chunk, crypt, + imghdr, msilib, nntplib, nis, ossaudiodev, pipes, smtpd, + sndhdr, spwd, sunau, telnetlib, uu, xdrlib + - bpo-2604: Fix bug where doctests using globals would fail + when run multiple times. + - bpo-45997: Fix asyncio.Semaphore re-aquiring FIFO order. + - bpo-47022: The asynchat, asyncore and smtpd modules have been + deprecated since at least Python 3.6. Their documentation and + deprecation warnings and have now been updated to note they + will removed in Python 3.12 (PEP 594). + - bpo-46421: Fix a unittest issue where if the command was + invoked as python -m unittest and the filename(s) began with + a dot (.), a ValueError is returned. + - bpo-40296: Fix supporting generic aliases in pydoc. + +- Update to 3.10.3: + - bpo-46940: Avoid overriding AttributeError metadata + information for nested attribute access calls. Patch by Pablo + Galindo. + - bpo-46852: Rename the private undocumented + float.__set_format__() method to float.__setformat__() to fix + a typo introduced in Python 3.7. The method is only used by + test_float. Patch by Victor Stinner. + - bpo-46794: Bump up the libexpat version into 2.4.6 + - bpo-46820: Fix parsing a numeric literal immediately (without + spaces) followed by “not in” keywords, like in 1not in x. Now + the parser only emits a warning, not a syntax error. + - bpo-46762: Fix an assert failure in debug builds when a ‘<’, + ‘>’, or ‘=’ is the last character in an f-string that’s + missing a closing right brace. + - bpo-46724: Make sure that all backwards jumps use the + JUMP_ABSOLUTE instruction, rather than JUMP_FORWARD with an + argument of (2**32)+offset. + - bpo-46732: Correct the docstring for the __bool__() method. + Patch by Jelle Zijlstra. + - bpo-46707: Avoid potential exponential backtracking when + producing some syntax errors involving lots of brackets. + Patch by Pablo Galindo. + - bpo-40479: Add a missing call to va_end() in + Modules/_hashopenssl.c. + - bpo-46615: When iterating over sets internally in + setobject.c, acquire strong references to the resulting items + from the set. This prevents crashes in corner-cases of + various set operations where the set gets mutated. + - bpo-45773: Remove two invalid “peephole” optimizations from + the bytecode compiler. + - bpo-43721: Fix docstrings of getter, setter, and deleter to + clarify that they create a new copy of the property. + - bpo-46503: Fix an assert when parsing some invalid N escape + sequences in f-strings. + - bpo-46417: Fix a race condition on setting a type __bases__ + attribute: the internal function add_subclass() now gets the + PyTypeObject.tp_subclasses member after calling + PyWeakref_NewRef() which can trigger a garbage collection + which can indirectly modify PyTypeObject.tp_subclasses. Patch + by Victor Stinner. + - bpo-46383: Fix invalid signature of _zoneinfo’s module_free + function to resolve a crash on wasm32-emscripten platform. + - bpo-46070: Py_EndInterpreter() now explicitly untracks all + objects currently tracked by the GC. Previously, if an object + was used later by another interpreter, calling + PyObject_GC_UnTrack() on the object crashed if the previous + or the next object of the PyGC_Head structure became + a dangling pointer. Patch by Victor Stinner. + - bpo-46339: Fix a crash in the parser when retrieving the + error text for multi-line f-strings expressions that do not + start in the first line of the string. Patch by Pablo Galindo + - bpo-46240: Correct the error message for unclosed parentheses + when the tokenizer doesn’t reach the end of the source when + the error is reported. Patch by Pablo Galindo + - bpo-46091: Correctly calculate indentation levels for lines + with whitespace character that are ended by line continuation + characters. Patch by Pablo Galindo + - bpo-43253: Fix a crash when closing transports where the + underlying socket handle is already invalid on the Proactor + event loop. + - bpo-47004: Apply bugfixes from importlib_metadata 4.11.3, + including bugfix for EntryPoint.extras, which was returning + match objects and not the extras strings. + - bpo-46985: Upgrade pip wheel bundled with ensurepip (pip + 22.0.4) + - bpo-46968: faulthandler: On Linux 5.14 and newer, dynamically + determine size of signal handler stack size CPython allocates + using getauxval(AT_MINSIGSTKSZ). This changes allows for + Python extension’s request to Linux kernel to use AMX_TILE + instruction set on Sapphire Rapids Xeon processor to succeed, + unblocking use of the ISA in frameworks. + - bpo-46955: Expose asyncio.base_events.Server as + asyncio.Server. Patch by Stefan Zabka. + - bpo-23325: The signal module no longer assumes that SIG_IGN + and SIG_DFL are small int singletons. + - bpo-46932: Update bundled libexpat to 2.4.7 + - bpo-25707: Fixed a file leak in + xml.etree.ElementTree.iterparse() when the iterator is not + exhausted. Patch by Jacob Walls. + - bpo-44886: Inherit asyncio proactor datagram transport from + asyncio.DatagramTransport. + - bpo-46827: Support UDP sockets in asyncio.loop.sock_connect() + for selector-based event loops. Patch by Thomas Grainger. + - bpo-46811: Make test suite support Expat >=2.4.5 + - bpo-46252: Raise TypeError if ssl.SSLSocket is passed to + transport-based APIs. + - bpo-46784: Fix libexpat symbols collisions with user + dynamically loaded or statically linked libexpat in embedded + Python. + - bpo-39327: shutil.rmtree() can now work with VirtualBox + shared folders when running from the guest operating-system. + - bpo-46756: Fix a bug in + urllib.request.HTTPPasswordMgr.find_user_password() and + urllib.request.HTTPPasswordMgrWithPriorAuth.is_authenticated() + which allowed to bypass authorization. For example, access to + URI example.org/foobar was allowed if the user was authorized + for URI example.org/foo. + - bpo-46643: In typing.get_type_hints(), support evaluating + stringified ParamSpecArgs and ParamSpecKwargs annotations. + Patch by Gregory Beauregard. + - bpo-45863: When the tarfile module creates a pax format + archive, it will put an integer representation of timestamps + in the ustar header (if possible) for the benefit of older + unarchivers, in addition to the existing full-precision + timestamps in the pax extended header. + - bpo-46676: Make typing.ParamSpec args and kwargs equal to + themselves. Patch by Gregory Beauregard. + - bpo-46672: Fix NameError in asyncio.gather() when initial + type check fails. + - bpo-46655: In typing.get_type_hints(), support evaluating + bare stringified TypeAlias annotations. Patch by Gregory + Beauregard. + - bpo-45948: Fixed a discrepancy in the C implementation of the + xml.etree.ElementTree module. Now, instantiating an + xml.etree.ElementTree.XMLParser with a target=None keyword + provides a default xml.etree.ElementTree.TreeBuilder target + as the Python implementation does. + - bpo-46521: Fix a bug in the codeop module that was + incorrectly identifying invalid code involving string quotes + as valid code. + - bpo-46581: Brings ParamSpec propagation for GenericAlias in + line with Concatenate (and others). + - bpo-46591: Make the IDLE doc URL on the About IDLE dialog + clickable. + - bpo-46400: expat: Update libexpat from 2.4.1 to 2.4.4 + - bpo-46487: Add the get_write_buffer_limits method to + asyncio.transports.WriteTransport and to the SSL transport. + - bpo-45173: Note the configparser deprecations will be removed + in Python 3.12. + - bpo-46539: In typing.get_type_hints(), support evaluating + stringified ClassVar and Final annotations inside Annotated. + Patch by Gregory Beauregard. + - bpo-46491: Allow typing.Annotated to wrap typing.Final and + typing.ClassVar. Patch by Gregory Beauregard. + - bpo-46436: Fix command-line option -d/--directory in module + http.server which is ignored when combined with command-line + option --cgi. Patch by Géry Ogam. + - bpo-41403: Make mock.patch() raise a TypeError with + a relevant error message on invalid arg. Previously it + allowed a cryptic AttributeError to escape. + - bpo-46474: In importlib.metadata.EntryPoint.pattern, avoid + potential REDoS by limiting ambiguity in consecutive + whitespace. + - bpo-46469: asyncio generic classes now return + types.GenericAlias in __class_getitem__ instead of the same + class. + - bpo-46434: pdb now gracefully handles help when __doc__ is + missing, for example when run with pregenerated optimized + .pyc files. + - bpo-46333: The __eq__() and __hash__() methods of + typing.ForwardRef now honor the module parameter of + typing.ForwardRef. Forward references from different modules + are now differentiated. + - bpo-46246: Add missing __slots__ to + importlib.metadata.DeprecatedList. Patch by Arie Bovenberg. + - bpo-46266: Improve day constants in calendar. + - Now all constants (MONDAY … SUNDAY) are documented, tested, + and added to __all__. + - bpo-46232: The ssl module now handles certificates with bit + strings in DN correctly. + - bpo-43118: Fix a bug in inspect.signature() that was causing + it to fail on some subclasses of classes with + a __text_signature__ referencing module globals. Patch by + Weipeng Hong. + - bpo-26552: Fixed case where failing asyncio.ensure_future() + did not close the coroutine. Patch by Kumar Aditya. + - bpo-21987: Fix an issue with tarfile.TarFile.getmember() + getting a directory name with a trailing slash. + - bpo-20392: Fix inconsistency with uppercase file extensions + in MimeTypes.guess_type(). Patch by Kumar Aditya. + - bpo-46080: Fix exception in argparse help text generation if + a argparse.BooleanOptionalAction argument’s default is + argparse.SUPPRESS and it has help specified. Patch by Felix + Fontein. + - bpo-44439: Fix .write() method of a member file in ZipFile, + when the input data is an object that supports the buffer + protocol, the file length may be wrong. + - bpo-45703: When a namespace package is imported before + another module from the same namespace is created/installed + in a different sys.path location while the program is + running, calling the importlib.invalidate_caches() function + will now also guarantee the new module is noticed. + - bpo-24959: Fix bug where unittest sometimes drops frames from + tracebacks of exceptions raised in tests. + - bpo-44791: Fix substitution of ParamSpec in Concatenate with + different parameter expressions. Substitution with a list of + types returns now a tuple of types. Substitution with + Concatenate returns now a Concatenate with concatenated lists + of arguments. + - bpo-14156: argparse.FileType now supports an argument of ‘-’ + in binary mode, returning the .buffer attribute of + sys.stdin/sys.stdout as appropriate. Modes including ‘x’ and + ‘a’ are treated equivalently to ‘w’ when argument is ‘-’. + Patch contributed by Josh Rosenberg + - bpo-46463: Fixes escape4chm.py script used when building the + CHM documentation file + - bpo-46913: Fix test_faulthandler.test_sigfpe() if Python is + built with undefined behavior sanitizer (UBSAN): disable + UBSAN on the faulthandler_sigfpe() function. Patch by Victor + Stinner. + - bpo-46708: Prevent default asyncio event loop policy + modification warning after test_asyncio execution. + - bpo-46678: The function make_legacy_pyc in + Lib/test/support/import_helper.py no longer fails when + PYTHONPYCACHEPREFIX is set to a directory on a different + device from where tempfiles are stored. + - bpo-46616: Ensures test_importlib.test_windows cleans up + registry keys after completion. + - bpo-44359: test_ftplib now silently ignores socket errors to + prevent logging unhandled threading exceptions. Patch by + Victor Stinner. + - bpo-46542: Fix a Python crash in test_lib2to3 when using + Python built in debug mode: limit the recursion limit. Patch + by Victor Stinner. + - bpo-46576: test_peg_generator now disables compiler + optimization when testing compilation of its own C extensions + to significantly speed up the testing on non-debug builds of + CPython. + - bpo-46542: Fix test_json tests checking for RecursionError: + modify these tests to use support.infinite_recursion(). Patch + by Victor Stinner. + - bpo-13886: Skip test_builtin PTY tests on non-ASCII + characters if the readline module is loaded. The readline + module changes input() behavior, but test_builtin is not + intented to test the readline module. Patch by Victor + Stinner. + - bpo-38472: Fix GCC detection in setup.py when + cross-compiling. The C compiler is now run with LC_ALL=C. + Previously, the detection failed with a German locale. + - bpo-46513: configure no longer uses AC_C_CHAR_UNSIGNED macro + and pyconfig.h no longer defines reserved symbol + __CHAR_UNSIGNED__. + - bpo-45296: Clarify close, quit, and exit in IDLE. In the File + menu, ‘Close’ and ‘Exit’ are now ‘Close Window’ (the current + one) and ‘Exit’ is now ‘Exit IDLE’ (by closing all windows). + In Shell, ‘quit()’ and ‘exit()’ mean ‘close Shell’. If there + are no other windows, this also exits IDLE. + - bpo-45447: Apply IDLE syntax highlighting to pyi files. Patch + by Alex Waygood and Terry Jan Reedy. + - bpo-46433: The internal function _PyType_GetModuleByDef now + correctly handles inheritance patterns involving static + types. + - bpo-14916: Fixed bug in the tokenizer that prevented + PyRun_InteractiveOne from parsing from the provided FD. + +- Remove upstreamed patches: + - support-expat-245.patch + +------------------------------------------------------------------- +Tue Feb 22 05:53:06 UTC 2022 - Steve Kowalik + +- Add patch support-expat-245.patch: + * Support Expat >= 2.4.5 + +------------------------------------------------------------------- +Tue Feb 15 23:05:55 UTC 2022 - Matej Cepl + +- bsc#1195831 Obsolete older "most modern" versions of python + packages (python39 for python310 and so forth). For next + versions it is necessary just to edit the macro. + +------------------------------------------------------------------- +Tue Jan 25 16:09:25 UTC 2022 - Matej Cepl + +- Remove second superfluous BR rpm-build-python + +------------------------------------------------------------------- +Tue Jan 25 16:09:25 UTC 2022 - Matej Cepl + +- Remove second superfluous BR rpm-build-python +- Add fix_configure_rst.patch, which removes duplicate link + targets and make documentation with old Sphinx in SLE +- Skip test_capi (bsc#1195140 and bpo#37169) + +------------------------------------------------------------------- +Wed Jan 19 22:01:51 UTC 2022 - Matej Cepl + +- Update to 3.10.2: + Bugfix only + - bpo#46347 memory leak in PyEval_EvalCodeEx (especially + visible with Cython code) + - and many others + +------------------------------------------------------------------- +Wed Dec 8 13:07:25 UTC 2021 - Matej Cepl + +- Upgrade to 3.10.1 (jsc#SLE-18038): + - PEP 623 – Deprecate and prepare for the removal of the wstr + member in PyUnicodeObject. + - PEP 604 – Allow writing union types as X | Y + - PEP 612 – Parameter Specification Variables + - PEP 626 – Precise line numbers for debugging and other tools. + - PEP 618 – Add Optional Length-Checking To zip. + - bpo-12782: Parenthesized context managers are now officially + allowed. + - PEP 632 – Deprecate distutils module. + - PEP 613 – Explicit Type Aliases + - PEP 634 – Structural Pattern Matching: Specification + - PEP 635 – Structural Pattern Matching: Motivation and + Rationale + - PEP 636 – Structural Pattern Matching: Tutorial + - PEP 644 – Require OpenSSL 1.1.1 or newer + - PEP 624 – Remove Py_UNICODE encoder APIs + - PEP 597 – Add optional EncodingWarning +- Patches readjusted: + - bpo-31046_ensurepip_honours_prefix.patch + - python-3.3.0b1-fix_date_time_compiler.patch + +------------------------------------------------------------------- +Sat Dec 4 18:40:28 UTC 2021 - Matej Cepl + +- Remove pdb_adjust_breakpoints.patch and instead just adjust location + of the test breakpoint in Lib/test/test_pdb.py via sed, because we + have shortened Lib/pdb.py by removing the shebang (bpo#45964). + +------------------------------------------------------------------- +Thu Dec 2 13:51:57 UTC 2021 - Matej Cepl + +- Add pdb_adjust_breakpoints.patch fixing expectd results in + test_pdb_breakpoints_preserved_across_interactive_sessions + (bpo#45964). + +------------------------------------------------------------------- +Mon Nov 29 00:17:07 UTC 2021 - Matej Cepl + +- Remove shebangs from from python-base libraries in _libdir + (bsc#1193179). +- Readjust patches: + - bpo-31046_ensurepip_honours_prefix.patch + - decimal.patch + - python-3.3.0b1-fix_date_time_compiler.patch + +------------------------------------------------------------------- +Tue Nov 16 16:03:43 UTC 2021 - Matej Cepl + +- Move rpm-build-python construct to correct place. + +------------------------------------------------------------------- +Wed Oct 13 08:52:47 UTC 2021 - Dominique Leuenberger + +- BuildRequire rpm-build-python: The provider to inject python(abi) + has been moved there. rpm-build pulls rpm-build-python + automatically in when building anything against python3-base, but + this implies that the initial build of python3-base does not + trigger the automatic installation. + +------------------------------------------------------------------- +Tue Oct 5 22:36:51 UTC 2021 - Matej Cepl + +- Final release of 3.10.0: + Complete list on https://www.python.org/downloads/release/python-3100/, + but highlights are: + - PEP 623 – Deprecate and prepare for the removal of the wstr + member in PyUnicodeObject. + - PEP 604 – Allow writing union types as X | Y + - PEP 612 – Parameter Specification Variables + - PEP 626 – Precise line numbers for debugging and other + tools. + - PEP 618 – Add Optional Length-Checking To zip. + - PEP 632 – Deprecate distutils module. + - PEP 613 – Explicit Type Aliases + - PEP 634 – Structural Pattern Matching: Specification + - PEP 635 – Structural Pattern Matching: Motivation and + Rationale + - PEP 636 – Structural Pattern Matching: Tutorial + - PEP 644 – Require OpenSSL 1.1.1 or newer + - PEP 624 – Remove Py_UNICODE encoder APIs + - PEP 597 – Add optional EncodingWarning + - bpo-12782: Parenthesized context managers are now officially + allowed. + +------------------------------------------------------------------- +Mon Aug 30 12:48:25 UTC 2021 - Matej Cepl + +- Switch on option --with-system-libmpdec (bsc#1189356). + +------------------------------------------------------------------- +Fri Aug 27 13:15:03 UTC 2021 - Andreas Schwab + +- Reenable profileopt with qemu emulation, test_faulthandler is no longer + run during profiling + +------------------------------------------------------------------- +Thu Aug 12 15:11:39 UTC 2021 - Andreas Schwab + +- test_faulthandler is still problematic under qemu linux-user emulation, + disable it there + +------------------------------------------------------------------- +Wed Aug 11 05:57:11 UTC 2021 - Matej Cepl + +- Update to 3.10.0rc1 (the penultimate prerelease), which contains + plenty of small bugfixes among others: + - bpo#38605: from __future__ import annotations (PEP 563) used to be + on this list in previous pre-releases but it has been postponed to + Python 3.11 due to some compatibility concerns. + - bpo-44600: Fix incorrect line numbers while tracing some failed + patterns in match statements. Patch by Charles Burkland. + - plenty of modifications in types.Union + +------------------------------------------------------------------- +Wed Jul 21 13:44:48 UTC 2021 - Matej Cepl + +- Update to 3.10.0b4: + https://docs.python.org/3.10/whatsnew/changelog.html#python-3-10-0-beta-4 +- Remove python3-imp-returntype.patch which has been upstreamed. + +------------------------------------------------------------------- +Mon Jun 7 15:52:44 UTC 2021 - Matej Cepl + +- Update to 3.10.0b2: + - PEP 623 -- Deprecate and prepare for the removal of the wstr + member in PyUnicodeObject. + - PEP 604 -- Allow writing union types as X | Y + - PEP 612 -- Parameter Specification Variables + - PEP 626 -- Precise line numbers for debugging and other + tools. + - PEP 618 -- Add Optional Length-Checking To zip. + - bpo-12782: Parenthesized context managers are now officially + allowed. + - PEP 632 -- Deprecate distutils module. + - PEP 613 -- Explicit Type Aliases + - PEP 634 -- Structural Pattern Matching: Specification + - PEP 635 -- Structural Pattern Matching: Motivation and + Rationale + - PEP 636 -- Structural Pattern Matching: Tutorial + - PEP 644 -- Require OpenSSL 1.1.1 or newer + - PEP 624 -- Remove Py_UNICODE encoder APIs + - PEP 597 -- Add optional EncodingWarning +- Removed patches (assumed upstream): + - sphinx-update-removed-function.patch + +------------------------------------------------------------------- +Sat Jun 5 21:21:38 UTC 2021 - Matej Cepl + +- Revert previous skip over test_capi +- Add skip-test_pyobject_freed_is_freed.patch to skip failing + test on SLE-15. + +------------------------------------------------------------------- +Fri Jun 4 21:36:30 UTC 2021 - Dirk Müller + +- allow build with Sphinx >= 3.x + +------------------------------------------------------------------- +Wed Jun 2 13:12:04 UTC 2021 - Dan Čermák + +- Exclude test_capi on Leap (test fails there) + +------------------------------------------------------------------- +Fri May 21 15:13:59 UTC 2021 - Matej Cepl + +- Stop providing "python" symbol (bsc#1185588), which means + python2 currently. + +------------------------------------------------------------------- +Wed May 5 15:16:58 UTC 2021 - Matej Cepl + +- Update to 3.9.5: + * Security + - bpo-43434: Creating a sqlite3.Connection object now also + produces a sqlite3.connect auditing event. Previously this + event was only produced by sqlite3.connect() calls. Patch + by Erlend E. Aasland. + - bpo-43882: The presence of newline or tab characters in + parts of a URL could allow some forms of attacks. + - Following the controlling specification for URLs defined by + WHATWG urllib.parse() now removes ASCII newlines and tabs + from URLs, preventing such attacks. + - bpo-43472: Ensures interpreter-level audit hooks receive + the cpython.PyInterpreterState_New event when called + through the _xxsubinterpreters module. + - bpo-36384: ipaddress module no longer accepts any leading + zeros in IPv4 address strings. Leading zeros are ambiguous + and interpreted as octal notation by some libraries. For + example the legacy function socket.inet_aton() treats + leading zeros as octal notatation. glibc implementation of + modern inet_pton() does not accept any leading zeros. For + a while the ipaddress module used to accept ambiguous + leading zeros. + - bpo-43075: Fix Regular Expression Denial of Service (ReDoS) + vulnerability in urllib.request.AbstractBasicAuthHandler. + The ReDoS-vulnerable regex has quadratic worst-case + complexity and it allows cause a denial of service when + identifying crafted invalid RFCs. This ReDoS issue is on + the client side and needs remote attackers to control the + HTTP server. + - bpo-42800: Audit hooks are now fired for frame.f_code, + traceback.tb_frame, and generator code/frame attribute + access. + * Core and Builtins + - bpo-43105: Importlib now resolves relative paths when + creating module spec objects from file locations. + - bpo-42924: Fix bytearray repetition incorrectly copying + data from the start of the buffer, even if the data is + offset within the buffer (e.g. after reassigning a slice at + the start of the bytearray to a shorter byte string). + * Library + - bpo-43993: Update bundled pip to 21.1.1. + - bpo-43937: Fixed the turtle module working with non-default + root window. + - bpo-43930: Update bundled pip to 21.1 and setuptools to + 56.0.0 + - bpo-43920: OpenSSL 3.0.0: load_verify_locations() now + returns a consistent error message when cadata contains no + valid certificate. + - bpo-43607: urllib can now convert Windows paths with \\?\ + prefixes into URL paths. + - bpo-43284: platform.win32_ver derives the windows version + from sys.getwindowsversion().platform_version which in turn + derives the version from kernel32.dll (which can be of + a different version than Windows itself). Therefore change + the platform.win32_ver to determine the version using the + platform module’s _syscmd_ver private function to return an + accurate version. + - bpo-42248: [Enum] ensure exceptions raised in _missing__ + are released + - bpo-43799: OpenSSL 3.0.0: define OPENSSL_API_COMPAT 1.1.1 + to suppress deprecation warnings. Python requires OpenSSL + 1.1.1 APIs. + - bpo-43794: Add ssl.OP_IGNORE_UNEXPECTED_EOF constants + (OpenSSL 3.0.0) + - bpo-43789: OpenSSL 3.0.0: Don’t call the password callback + function a second time when first call has signaled an + error condition. + - bpo-43788: The header files for ssl error codes are now + OpenSSL version-specific. Exceptions will now show correct + reason and library codes. The make_ssl_data.py script has + been rewritten to use OpenSSL’s text file with error codes. + - bpo-43655: tkinter dialog windows are now recognized as + dialogs by window managers on macOS and X Window. + - bpo-43534: turtle.textinput() and turtle.numinput() create + now a transient window working on behalf of the canvas + window. + - bpo-43522: Fix problem with hostname_checks_common_name. + OpenSSL does not copy hostflags from struct SSL_CTX to + struct SSL. + - bpo-42967: Allow bytes separator argument in + urllib.parse.parse_qs and urllib.parse.parse_qsl when + parsing str query strings. Previously, this raised + a TypeError. + - bpo-43176: Fixed processing of a dataclass that inherits + from a frozen dataclass with no fields. It is now correctly + detected as an error. + - bpo-41735: Fix thread locks in zlib module may go wrong in + rare case. Patch by Ma Lin. + - bpo-36470: Fix dataclasses with InitVars and replace(). + Patch by Claudiu Popa. + - bpo-32745: Fix a regression in the handling of ctypes’ + ctypes.c_wchar_p type: embedded null characters would cause + a ValueError to be raised. Patch by Zackery Spytz. + * Documentation + - bpo-43959: The documentation on the PyContextVar C-API was + clarified. + - bpo-43938: Update dataclasses documentation to express that + FrozenInstanceError is derived from AttributeError. + - bpo-43755: Update documentation to reflect that + unparenthesized lambda expressions can no longer be the + expression part in an if clause in comprehensions and + generator expressions since Python 3.9. + - bpo-43739: Fixing the example code in + Doc/extending/extending.rst to declare and initialize the + pmodule variable to be of the right type. + * Tests + - bpo-43961: Fix + test_logging.test_namer_rotator_inheritance() on Windows: + use os.replace() rather than os.rename(). Patch by Victor + Stinner. + - bpo-43842: Fix a race condition in the SMTP test of + test_logging. Don’t close a file descriptor (socket) from + a different thread while asyncore.loop() is polling the + file descriptor. Patch by Victor Stinner. + - bpo-43811: Tests multiple OpenSSL versions on GitHub + Actions. Use ccache to speed up testing. + - bpo-43791: OpenSSL 3.0.0: Disable testing of legacy + protocols TLS 1.0 and 1.1. Tests are failing with + TLSV1_ALERT_INTERNAL_ERROR. +- Refreshed patches: + - bpo-31046_ensurepip_honours_prefix.patch + - python-3.3.0b1-fix_date_time_compiler.patch +- Add vendorized files from bluez-devel to enable building support for + Bluetooth. + +------------------------------------------------------------------- +Sun May 2 09:20:06 UTC 2021 - Ben Greiner + +- Make sure to close the import_failed.map file after the exception + has been raised in order to avoid ResourceWarnings when the + failing import is part of a try...except block. + +------------------------------------------------------------------- +Wed Apr 28 16:39:54 UTC 2021 - Matej Cepl + +- Update to 3.9.4: + - bpo#43710: Reverted the fix for https://bugs.python.org/issue42500 + as it changed the PyThreadState struct size and broke the 3.9.x ABI + in the 3.9.3 release (visible on 32-bit platforms using binaries + compiled using an earlier version of Python 3.9.x headers). + - bpo#26053: Fixed bug where the pdb interactive run command echoed + the args from the shell command line, even if those have been + overridden at the pdb prompt. + - bpo#42988 (bsc#1183374) CVE-2021-3426: Remove the getfile + feature of the pydoc module which could be abused to read + arbitrary files on the disk (directory traversal + vulnerability). Moreover, even source code of Python modules + can contain sensitive data like passwords. Vulnerability + reported by David Schwörer. + - bpo#43285: ftplib no longer trusts the IP address value + returned from the server in response to the PASV command by + default. This prevents a malicious FTP server from using the + response to probe IPv4 address and port combinations on the + client network. Code that requires the former vulnerable + behavior may set a trust_server_pasv_ipv4_address attribute + on their ftplib.FTP instances to True to re-enable it. + - bpo#43439: Add audit hooks for gc.get_objects(), + gc.get_referrers() and gc.get_referents(). Patch by Pablo + Galindo. + - bpo#43660: Fix crash that happens when replacing sys.stderr + with a callable that can remove the object while an exception + is being printed. Patch by Pablo Galindo. + - bpo#43555: Report the column offset for SyntaxError for + invalid line continuation characters. Patch by Pablo Galindo. + - bpo#43517: Fix misdetection of circular imports when using + from pkg.mod import attr, which caused false positives in + non-trivial multi-threaded code. + - bpo#35883: Python no longer fails at startup with a fatal + error if a command line argument contains an invalid Unicode + character. The Py_DecodeLocale() function now escapes byte + sequences which would be decoded as Unicode characters + outside the [U+0000; U+10ffff] range. + - bpo#43406: Fix a possible race condition where + PyErr_CheckSignals tries to execute a non-Python signal + handler. + - bpo#42500: Improve handling of exceptions near recursion + limit. Converts a number of Fatal Errors in RecursionErrors. + - bpo#43433: xmlrpc.client.ServerProxy no longer ignores query + and fragment in the URL of the server. + - bpo#35930: Raising an exception raised in a “future” instance + will create reference cycles. + - bpo#43577: Fix deadlock when using ssl.SSLContext debug + callback with ssl.SSLContext.sni_callback(). + - bpo#43521: ast.unparse can now render NaNs and empty sets. + - bpo#43423: subprocess.communicate() no longer raises an + IndexError when there is an empty stdout or stderr IO buffer + during a timeout on Windows. + - bpo#27820: Fixed long-standing bug of smtplib.SMTP where + doing AUTH LOGIN with initial_response_ok=False will fail. + The cause is that SMTP.auth_login _always_ returns a password + if provided with a challenge string, thus non-compliant with + the standard for AUTH LOGIN. Also fixes bug with the test for + smtpd. + - bpo#43332: Improves the networking efficiency of http.client + when using a proxy via set_tunnel(). Fewer small send calls + are made during connection setup. + - bpo#43399: Fix ElementTree.extend not working on iterators + when using the Python implementation + - bpo#43316: The python -m gzip command line application now + properly fails when detecting an unsupported extension. It + exits with a non-zero exit code and prints an error message + to stderr. + - bpo#43260: Fix TextIOWrapper can not flush internal buffer + forever after very large text is written. + - bpo#42782: Fail fast in shutil.move() to avoid creating + destination directories on failure. + - bpo#37193: Fixed memory leak in socketserver.ThreadingMixIn + introduced in Python 3.7. + - bpo#43199: Answer “Why is there no goto?” in the Design and + History FAQ. + - bpo#43407: Clarified that a result from time.monotonic(), + time.perf_counter(), time.process_time(), or + time.thread_time() can be compared with the result from any + following call to the same function - not just the next + immediate call. + - bpo#27646: Clarify that ‘yield from ’ works with any + iterable, not just iterators. + - bpo#36346: Update some deprecated unicode APIs which are + documented as “will be removed in 4.0” to “3.12”. See PEP 623 + for detail. + - bpo#37945: Fix test_getsetlocale_issue1813() of test_locale: + skip the test if setlocale() fails. Patch by Victor Stinner. + - bpo#41561: Add workaround for Ubuntu’s custom OpenSSL + security level policy. + - bpo#43288: Fix test_importlib to correctly skip Unicode file + tests if the fileystem does not support them. + - bpo#43617: Improve configure.ac: Check for presence of + autoconf-archive package and remove our copies of M4 macros. + - bpo#42225: Document that IDLE can fail on Unix either from + misconfigured IP masquerage rules or failure displaying + complex colored (non-ascii) characters. + - bpo#43283: Document why printing to IDLE’s Shell is often + slower than printing to a system terminal and that it can be + made faster by pre-formatting a single string before + printing. + +------------------------------------------------------------------- +Fri Feb 19 16:58:38 UTC 2021 - Matej Cepl + +- Update to 3.9.2: + - bpo#42938 (bsc#1181126): Avoid static buffers when computing + the repr of ctypes.c_double and ctypes.c_longdouble + values. This issue was assigned CVE-2021-3177. + - bpo#42967 (bsc#1182379): Fix web cache poisoning + vulnerability by defaulting the query args separator to &, + and allowing the user to choose a custom separator. This + issue was assigned CVE-2021-23336. +- Upstreamed patches were removed: + - CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch + - bsc1167501-invalid-alignment.patch + - skip_random_failing_tests.patch + - CVE-2019-5010-null-defer-x509-cert-DOS.patch + +------------------------------------------------------------------- +Tue Feb 9 01:37:59 UTC 2021 - Steve Kowalik + +- Add Obsoletes for python3-base when primary interpreter is set to + properly replace it during upgrades. (bsc#1181324) + +------------------------------------------------------------------- +Mon Feb 8 22:02:03 UTC 2021 - Matej Cepl + +- Update to 3.9.1: + Security bugs: + - Prevented potential DoS attack via CPU and RAM exhaustion + when processing malformed Apple Property List files in binary + format. + - The plistlib module no longer accepts entity declarations in + XML plist files to avoid XML vulnerabilities. This should not + affect users as entity declarations are not used in regular + plist files. + - Add volatile to the accumulator variable in + hmac.compare_digest, making constant-time-defeating + optimizations less likely. + Core and Builtins + - Allow assignment expressions in set literals and set + comprehensions as per PEP 572. Patch by Pablo Galindo. + - Fix a regression introduced by the new parser, where an + unparenthesized walrus operator was not allowed within + generator expressions. + - types.GenericAlias objects can now be the targets of + weakrefs. + - Fixed a bug in the PEG parser that was causing crashes in + debug mode. Now errors are checked in left-recursive rules to + avoid cases where such errors do not get handled in time and + appear as long-distance crashes in other places. + - Fixed a possible crash in the PEG parser when checking for + the ‘!=’ token in the barry_as_flufl rule. Patch by Pablo + Galindo. + - Fix handling of errors during creation of PyFunctionObject, + which resulted in operations on uninitialized memory. Patch + by Yonatan Goldschmidt. + - Fix a bug in the parser, where a curly brace following + a primary didn’t fail immediately. This led to invalid + expressions like a {b} to throw a SyntaxError with a wrong + offset, or invalid expressions ending with a curly brace like + a { to not fail immediately in the REPL. + - Fix possible buffer overflow in the new parser when checking + for continuation lines. Patch by Pablo Galindo. + - Run the parser two times. On the first run, disable all the + rules that only generate better error messages to gain + performance. If there’s a parse failure, run the parser + a second time with those enabled. + - Document the default implementation of object.__eq__. + - Fix peephole optimizer misoptimize conditional jump + + JUMP_IF_NOT_EXC_MATCH pair. + - The garbage collector now tracks all user-defined classes. + Patch by Brandt Bucher. + - Fixed potential issues with removing not completely + initialized module from sys.modules when import fails. + - Star-unpacking is now allowed for with item’s targets in the + PEG parser. + - Fixed stack overflow in issubclass() and isinstance() when + getting the __bases__ attribute leads to infinite recursion. + - When loading a native module and a load failure occurs, + prevent a possible UnicodeDecodeError when not running in + a UTF-8 locale by decoding the load error message using the + current locale’s encoding. + - Correctly count control blocks in ‘except’ in compiler. + Ensures that a syntax error, rather a fatal error, occurs for + deeply nested, named exception handlers. + Library + - types.GenericAlias will now raise a TypeError when attempting + to initialize with a keyword argument. Previously, this would + cause the interpreter to crash if the interpreter was + compiled with debug symbols. This does not affect + interpreters compiled for release. Patch by Ken Jin. + - CGIHTTPRequestHandler.run_cgi() HTTP_ACCEPT improperly + parsed. Replace the special purpose getallmatchingheaders + with generic get_all method and add relevant tests. + - inspect.findsource() now raises OSError instead of IndexError + when co_lineno of a code object is greater than the file + length. This can happen, for example, when a file is edited + after it was imported. PR by Irit Katriel. + - Fix handling of trailing comments by inspect.getsource(). + - ChainMap.__iter__ no longer calls __getitem__ on underlying + maps + - TracebackException no longer holds a reference to the + exception’s traceback object. Consequently, instances of + TracebackException for equivalent but non-equal exceptions + now compare as equal. + - We fixed an issue in pickle.whichmodule in which importing + multiprocessing could change the how pickle identifies which + module an object belongs to, potentially breaking the + unpickling of those objects. + - Clarify the error message for asyncio.IncompleteReadError + when expected is None. + - Extracting a symlink from a tarball should succeed and + overwrite the symlink if it already exists. The fix is to + remove the existing file or symlink before extraction. Based + on patch by Chris AtLee, Jeffrey Kintscher, and Senthil + Kumaran. + - Fixed tkinter.ttk.Style.map(). The function accepts now the + representation of the default state as empty sequence (as + returned by Style.map()). The structure of the result is now + the same on all platform and does not depend on the value of + wantobjects. + - Fix various issues with typing.Literal parameter handling + (flatten, deduplicate, use type to cache key). Patch provided + by Yurii Karabas. + - Fix the threading.Thread class at fork: do nothing if the + thread is already stopped (ex: fork called at Python exit). + Previously, an error was logged in the child process. + - The onerror callback from shutil.rmtree now receives correct + function when os.open fails. + - Fix os.sendfile() on illumos. + - Fixed writing binary Plist files larger than 4 GiB. + - The repr() of typing types containing Generic Alias Types + previously did not show the parameterized types in the + GenericAlias. They have now been changed to do so. + - webbrowser: Ignore NotADirectoryError when calling + xdg-settings. + - binhex.binhex() consisently writes macOS 9 line endings. + - Fix a stack overflow error for asyncio Task or Future repr(). + - The overflow occurs under some circumstances when a Task or + Future recursively returns itself. + - Fix memory leak in subprocess.Popen() in case an uid (gid) + specified in user (group, extra_groups) overflows uid_t + (gid_t). + - Improve asyncio.wait function to create the futures set just + one time. + - InvalidFileException and RecursionError are now the only + errors caused by loading malformed binary Plist file + (previously ValueError and TypeError could be raised in some + specific cases). + - Pickling heap types implemented in C with protocols 0 and + 1 raises now an error instead of producing incorrect data. + - plistlib: fix parsing XML plists with hexadecimal integer + values + - Fix an incorrectly formatted error from + _codecs.charmap_decode() when called with a mapped value + outside the range of valid Unicode code points. PR by Max + Bernstein. + - Fix pickling pure Python datetime.time subclasses. Patch by + Dean Inwood. + - Fixed a bug that was causing ctypes.util.find_library() to + return None when triying to locate a library in an + environment when gcc>=9 is available and ldconfig is not. + Patch by Pablo Galindo + - C14N 2.0 serialisation in xml.etree.ElementTree failed for + unprefixed attributes when a default namespace was defined. + - Fix a bug in the symtable module that was causing + module-scope global variables to not be reported as both + local and global. Patch by Pablo Galindo. + - str() for the type attribute of the tkinter.Event object + always returns now the numeric code returned by Tk instead of + the name of the event type. + - fix tkinter.EventType Enum so all members are strings, and + none are tuples + - Fix SQLite3 segfault when backing up closed database. Patch + contributed by Peter David McCormick. + - Fix the tarfile module to write only basename of TAR file to + GZIP compression header. + - Allow ctypes.wintypes to be imported on non-Windows systems. + - shutil.which() now ignores empty entries in PATHEXT instead + of treating them as a match. + - Fix time-of-check/time-of-action issue in + subprocess.Popen.send_signal. + - Fix --outfile for cProfile / profile not writing the output + file in the original directory when the program being + profiled changes the working directory. PR by Anthony + Sottile. + - ZipFile truncates files to avoid corruption when a shorter + comment is provided in append (“a”) mode. Patch by Jan Mazur. + - Fixed KeyError exception when flattening an email to a string + attempts to replace a non-existent Content-Transfer-Encoding + header. + Documentation + - Fix the URL for the IMAP protocol documents. + - Document __format__ functionality for IP addresses. + - Clarify that subscription expressions are also valid for + certain classes and types in the standard library, and for + user-defined classes and types if the classmethod + __class_getitem__() is provided. + - Documented generic alias type and types.GenericAlias. Also + added an entry in glossary for generic types. + - In Programming FAQ “Sequences (Tuples/Lists)” section, add + “How do you remove multiple items from a list”. + - Fix RemovedInSphinx40Warning when building the documentation. + Patch by Dong-hee Na. + - Update the refcounts info of PyType_FromModuleAndSpec. + - Fix tarfile’s extractfile documentation + - Document some restrictions on the default string + representations of numeric classes. + Tests + - Reenable test_gdb on gdb 9.2 and newer: + https://bugzilla.redhat.com/show_bug.cgi?id=1866884 bug is + fixed in gdb 10.1. + - Fix test_asyncio.test_call_later() race condition: don’t + measure asyncio performance in the call_later() unit test. + The test failed randomly on the CI. + - Include _testinternalcapi module in Windows installer for + test suite + - Fix test_logging.test_race_between_set_target_and_flush(): + the test now waits until all threads complete to avoid + leaking running threads. + - Avoid a test failure in test_lib2to3 if the module has + already imported at the time the test executes. Patch by + Pablo Galindo. + - Tests for CJK codecs no longer call eval() on content + received via HTTP. + - Fix test_site.test_license_exists_at_url(): call + urllib.request.urlcleanup() to reset the global + urllib.request._opener. Patch by Victor Stinner. + - test_ssl: skip test_min_max_version_mismatch when TLS 1.0 is + not available + - Add tests for SIGINT handling in the runpy module. + - Fixed a failure in test_tk.test_widgets.ScaleTest happening + when executing the test with Tk 8.6.10. + Build + - Fix a race condition in “make regen-all” when make -jN option + is used to run jobs in parallel. The clinic.py script now + only use atomic write to write files. Moveover, generated + files are now left unchanged if the content does not change, + to not change the file modification time. + - Update Py_UNREACHABLE to use __builtin_unreachable() if only + the compiler is able to use it. Patch by Dong-hee Na. + - Addressed three compiler warnings found by undefined behavior + sanitizer (ubsan). + IDLE + - Fix reporting offset of the RE error in searchengine. + - Get docstrings for IDLE calltips more often by using + inspect.getdoc. + - Mostly finish using ttk widgets, mainly for editor, settings, + and searches. Some patches by Mark Roseman. + - Use ‘IDLE Shell’ as shell title + - Rewrite the Calltips doc section. + - In calltips, stop reminding that ‘/’ marks the end of + positional-only arguments. + - Typing opening and closing parentheses inside the parentheses + of a function call will no longer cause unnecessary + “flashing” off and on of an existing open call-tip, e.g. when + typed in a string literal. + C API + - Fix potential crash in deallocating method objects when + dynamically allocated PyMethodDef’s lifetime is managed + through the self argument of a PyCFunction. + - Py_FileSystemDefaultEncodeErrors and Py_UTF8Mode are + available again in limited API. +- Readjustet and reapplied patches: + - CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch + - bpo-31046_ensurepip_honours_prefix.patch + - python-3.3.0b1-fix_date_time_compiler.patch + - skip_random_failing_tests.patch + - sphinx-update-removed-function.patch + +------------------------------------------------------------------- +Fri Jan 29 17:22:48 UTC 2021 - Matej Cepl + +- Add CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch fixing + bsc#1181126 (CVE-2021-3177) buffer overflow in PyCArg_repr in + _ctypes/callproc.c, which may lead to remote code execution. + +------------------------------------------------------------------- +Tue Jan 5 09:15:36 UTC 2021 - Matej Cepl + +- (bsc#1180125) We really don't Require python-rpm-macros package. + Unnecessary dependency. + +------------------------------------------------------------------- +Wed Dec 16 16:08:42 UTC 2020 - Matej Cepl + +- Make python39-doc building again +- Add no-skipif-doctests.patch, because SLE-15 version of Sphinx + doesn't know about skipif directive in doctests. + +------------------------------------------------------------------- +Sat Dec 12 14:29:33 UTC 2020 - Matej Cepl + +- Update sphinx-update-removed-function.patch patch to the latest + version in python36. + +------------------------------------------------------------------- +Thu Dec 10 00:26:51 UTC 2020 - Benjamin Greiner + +- Last try before this results in an editwar: + * remove importlib_resources and importlib-metadata + provides/obsoletes + * import importlib_resources is not the same as + import importlib.resources, same for metadata + * The backport packages from PyPI needed for older flavors are + specified as such for setuptools or in pyproject.toml. If a + package requires them they typically add them with a python + version qualifier and the packages have their own version + numbers. + +------------------------------------------------------------------- +Sat Dec 5 16:55:12 UTC 2020 - Matej Cepl + +- Add patch sphinx-update-removed-function.patch to no longer call + a now removed function and to make documentation build independent of + the Sphinx version (bsc#1179630, gh#python/cpython#13236). + +------------------------------------------------------------------- +Fri Nov 13 17:20:08 UTC 2020 - Matej Cepl + +- Don't require packages which break build on SLE-15 although we really + don't need them (python3-python-docs-theme and + python3-sphinxcontrib-qthelp). + +------------------------------------------------------------------- +Fri Oct 9 16:05:50 UTC 2020 - Dominique Leuenberger + +- Fix build with RPM 4.16: error: bare words are no longer + supported, please use "...": x86 == ppc. + +------------------------------------------------------------------- +Tue Oct 6 07:30:56 UTC 2020 - Matej Cepl + +- Update to the final version 3.9.0: + Complete changelog with all (many) + changes from previous version is on + https://docs.python.org/release/3.9.0/whatsnew/3.9.html + Changes from the previous RC versions (not that many) are on + https://docs.python.org/release/3.9.0/whatsnew/changelog.html#changelog + +------------------------------------------------------------------- +Fri Sep 25 06:58:03 UTC 2020 - Dominique Leuenberger + +- Buildrequire timezone only for general flavor. It's used in this + flavor for the test suite. + +------------------------------------------------------------------- +Wed Sep 2 14:39:44 UTC 2020 - Matej Cepl + +- Update to 3.9.0rc1: + * Core and Builtins + - bpo-38156: Handle interrupts that come after EOF + correctly in PyOS_StdioReadline. + * Library + - bpo-41497: Fix potential UnicodeDecodeError in dis + module. + - bpo-41490: Update ensurepip to install pip 20.2.1 and + setuptools 49.2.1. + - bpo-41467: On Windows, fix asyncio recv_into() return + value when the socket/pipe is closed (BrokenPipeError): + return 0 rather than an empty byte string (b''). + - bpo-41425: Make tkinter doc example runnable. + - bpo-41384: Raise TclError instead of TypeError when an + unknown option is passed to tkinter.OptionMenu. + - bpo-38731: Fix NameError in command-line interface of + py_compile. + - bpo-41317: Use add_done_callback() in + asyncio.loop.sock_accept() to unsubscribe reader early on + cancellation. + - bpo-41364: Reduce import overhead of uuid. + - bpo-41341: Recursive evaluation of typing.ForwardRef in + get_type_hints. + - bpo-41182: selector: use DefaultSelector based upon + implementation + - bpo-40726: Handle cases where the end_lineno is None on + ast.increment_lineno(). + * Documentation + - bpo-41045: Add documentation for debug feature of + f-strings. + - bpo-41314: Changed the release when from __future__ + import annotations becomes the default from 4.0 to 3.10 + (following a change in PEP 563). + * Windows + - bpo-41492: Fixes the description that appears in UAC + prompts. + - bpo-40948: Improve post-install message to direct people + to the “py” command. + - bpo-41412: The installer will now fail to install on + Windows 7 and Windows 8. Further, the UCRT dependency is + now always downloaded on demand. + - bpo-40741: Update Windows release to include SQLite + 3.32.3. + * IDLE + - bpo-41468: Improve IDLE run crash error message (which + users should never see). + - bpo-41373: Save files loaded with no line ending, as when + blank, or different line endings, by setting its line + ending to the system default. Fix regression in 3.8.4 and + 3.9.0b4. + +------------------------------------------------------------------- +Tue Sep 1 10:15:06 UTC 2020 - Matej Cepl + +- Synchronize formatting and fixes with python38. + +------------------------------------------------------------------- +Thu Aug 20 15:41:28 UTC 2020 - Andreas Schwab + +- Increase testsuite timeout to account for super long running + test_peg_generator + +------------------------------------------------------------------- +Tue Jul 21 09:53:06 UTC 2020 - Callum Farmer + +- Removed CVE-2019-20907_tarfile-inf-loop.patch: fixed in upstream +- Removed recursion.tar: contained in upstream +- Update to 3.9.0b5: + - bpo-41304: Fixes python3x._pth being ignored on Windows, caused + by the fix for bpo-29778 (CVE-2020-15801). + - bpo-41162: Audit hooks are now cleared later during + finalization to avoid missing events. + - bpo-29778: Ensure python3.dll is loaded from correct locations + when Python is embedded (CVE-2020-15523). + - bpo-39603: Prevent http header injection by rejecting control + characters in http.client.putrequest(…). + - bpo-41295: Resolve a regression in CPython 3.8.4 where defining + “__setattr__” in a multi-inheritance setup and + calling up the hierarchy chain could fail if builtins/extension + types were involved in the base types. + - bpo-41247: Always cache the running loop holder when running + asyncio.set_running_loop. + - bpo-41252: Fix incorrect refcounting in + _ssl.c’s _servername_callback(). + - bpo-41215: Use non-NULL default values in the PEG parser + keyword list to overcome a bug that was ' + preventing Python from being properly compiled when using the + XLC compiler. Patch by Pablo Galindo. + - bpo-41218: Python 3.8.3 had a regression where compiling with + ast.PyCF_ALLOW_TOP_LEVEL_AWAIT would + aggressively mark list comprehension with CO_COROUTINE. Now only + list comprehension making use of async/await will tagged as so. + - bpo-41175: Guard against a NULL pointer dereference within + bytearrayobject triggered by the bytearray() + bytearray() operation. + - bpo-39960: The “hackcheck” that prevents sneaking around a type’s + __setattr__() by calling the superclass method was + rewritten to allow C implemented heap types. + - bpo-41288: Unpickling invalid NEWOBJ_EX opcode with the + C implementation raises now UnpicklingError instead of crashing. + - bpo-39017: Avoid infinite loop when reading specially crafted + TAR files using the tarfile module (CVE-2019-20907, bsc#1174091). + - bpo-41235: Fix the error handling in ssl.SSLContext.load_dh_params(). + - bpo-41207: In distutils.spawn, restore expectation that + DistutilsExecError is raised when the command is not found. + - bpo-39168: Remove the __new__ method of typing.Generic. + - bpo-41194: Fix a crash in the _ast module: it can no longer be + loaded more than once. It now uses a global state rather than a module state. + - bpo-39384: Fixed email.contentmanager to allow set_content() to set a + null string. + - bpo-41300: Save files with non-ascii chars. + Fix regression released in 3.9.0b4 and 3.8.4. + - bpo-37765: Add keywords to module name completion list. + Rewrite Completions section of IDLE doc. + - bpo-40170: Revert PyType_HasFeature() change: it reads + again directly the PyTypeObject.tp_flags + member when the limited C API is not used, rather than always calling + PyType_GetFlags() which hides implementation details. + +------------------------------------------------------------------- +Mon Jul 20 12:06:41 UTC 2020 - Matej Cepl + +- Add CVE-2019-20907_tarfile-inf-loop.patch fixing bsc#1174091 + (CVE-2019-20907, bpo#39017) avoiding possible infinite loop + in specifically crafted tarball. + Add recursion.tar as a testing tarball for the patch. + +------------------------------------------------------------------- +Fri Jul 17 07:07:19 UTC 2020 - Callum Farmer + +- Changed bpo-31046_ensurepip_honours_prefix.patch to include fix from py3.8 + +------------------------------------------------------------------- +Thu Jul 16 21:45:50 UTC 2020 - Callum Farmer + +- Spec file fixes +- Re-added subprocess-raise-timeout.patch: now compatible +- Removed bpo34022-stop_hash-based_invalidation_w_SOURCE_DATE_EPOCH.patch: contained in upstream + +------------------------------------------------------------------- +Wed Jul 15 09:10:42 UTC 2020 - Tomáš Chvátal + +- Fix minor issues found in the staging. + +------------------------------------------------------------------- +Wed Jul 15 06:13:33 UTC 2020 - Tomáš Chvátal + +- Do not set ourselves as primary interpreter + +------------------------------------------------------------------- +Tue Jul 14 20:45:11 UTC 2020 - Matej Cepl + +- Update to 3.9.0b4: + - PEP 584, Union Operators in dict + - PEP 585, Type Hinting Generics In Standard Collections + - PEP 593, Flexible function and variable annotations + - PEP 602, Python adopts a stable annual release cadence + - PEP 615, Support for the IANA Time Zone Database in the + Standard Library + - PEP 616, String methods to remove prefixes and suffixes + - PEP 617, New PEG parser for CPython + - bpo#38379, garbage collection does not block on resurrected + objects; + - bpo#38692, os.pidfd_open added that allows process + management without races and signals; + - bpo#39926, Unicode support updated to version 13.0.0; + - bpo#1635741, when Python is initialized multiple times in + the same process, it does not leak memory anymore; + - A number of Python builtins (range, tuple, set, frozenset, + list, dict) are now sped up using PEP 590 vectorcall; + - A number of Python modules (_abc, audioop, _bz2, _codecs, + _contextvars, _crypt, _functools, _json, _locale, operator, + resource, time, _weakref) now use multiphase initialization + as defined by PEP 489; + - A number of standard library modules (audioop, ast, grp, + _hashlib, pwd, _posixsubprocess, random, select, struct, + termios, zlib) are now using the stable ABI defined by + PEP 384. +- Remove upstreamed patches: + - F00102-lib64.patch + - SUSE-FEDORA-multilib.patch + - OBS_dev-shm.patch + - subprocess-raise-timeout.patch + - bpo36302-sort-module-sources.patch + - bpo40784-Fix-sqlite3-deterministic-test.patch + +------------------------------------------------------------------- +Fri Jul 10 10:55:15 UTC 2020 - Tomáš Chvátal + +- Update pre_checkin.sh and regenerate + +------------------------------------------------------------------- +Fri Jul 10 10:11:39 UTC 2020 - Tomáš Chvátal + +- Convert few dependencies to their pkgconfig counterparts + +------------------------------------------------------------------- +Fri Jul 10 10:08:48 UTC 2020 - Tomáš Chvátal + +- Remove release requirement on libpython, it is not really needed + to be equal as the abi changes with versions + +------------------------------------------------------------------- +Fri Jul 10 10:07:50 UTC 2020 - Tomáš Chvátal + +- Add provides python3-bla on all the subpkgs in case we are + primary provider of the functionality + +------------------------------------------------------------------- +Fri Jul 10 10:02:01 UTC 2020 - Tomáš Chvátal + +- Remove unversioned files from devel subpkg too +- Remove main python3 files from -base based whether we are + primary interpreter or not +- Fix idle to be co-installable +- Add condition to be primary to provide/obsolete python3-* +- Fix doc to build in versioned folder so the pythons can be + installed next to each other + +------------------------------------------------------------------- +Fri Jul 10 07:57:10 UTC 2020 - Tomáš Chvátal + +- Revert the full versioning of calls on the macros. These + are generic so they should really just call python3 X + +------------------------------------------------------------------- +Fri Jul 10 07:56:11 UTC 2020 - Tomáš Chvátal + +- For the doc package we can build with generic flavor, we don't + need the our-interpreter based one + +------------------------------------------------------------------- +Fri Jul 10 07:18:53 UTC 2020 - Tomáš Chvátal + +- Add provides for pytohn3X-typing/etc to allow BR on those still + to work when needed + +------------------------------------------------------------------- +Fri Jul 10 07:14:33 UTC 2020 - Tomáš Chvátal + +- Change macros.python3 to use full versioned 3.8 instead of just 3 + for python interpreter + +------------------------------------------------------------------- +Wed Jul 1 11:50:19 UTC 2020 - Tomáš Chvátal + +- Reduce some now unused conditionals + +------------------------------------------------------------------- +Wed Jul 1 11:00:40 UTC 2020 - Tomáš Chvátal + +- Redux the -base dependencies to match up pre-merge layout + +------------------------------------------------------------------- +Wed Jul 1 09:24:39 UTC 2020 - Tomáš Chvátal + +- Generate baselibs in pre-checkin too + +------------------------------------------------------------------- +Wed Jul 1 09:14:33 UTC 2020 - Tomáš Chvátal + +- Generate the importlib-failed using pre_checking again +- Add back the information about skipped tests on the pre_checkin + output + +------------------------------------------------------------------- +Tue Jun 30 07:11:19 UTC 2020 - Tomáš Chvátal + +- Use %python_pkg_name instead of hardcoding python3 where + applicable +- Sort out preamble with spec-cleaner + +------------------------------------------------------------------- +Mon Jun 29 14:36:10 UTC 2020 - Matej Cepl + +- Calculate required variables instead of relying on their continuous manual update + +------------------------------------------------------------------- +Thu Jun 25 10:44:08 UTC 2020 - Tomáš Chvátal + +- Fix the -base module build again to generate only the deps + we need + +------------------------------------------------------------------- +Wed Jun 17 18:42:51 UTC 2020 - Matej Cepl + +- Replace OBS_dev-shm.patch with the upstream PR#20944 + +------------------------------------------------------------------- +Thu Jun 10 14:30:15 UTC 2020 - Tomáš Chvátal + +- Use the %{python_pkg_name} on more places to allow easier + multiversioning +- Switch to _multibuild approach for easier maintenance of this + package. All is now in one spec file with 3 conditionals: + * bcond_with base + * bcond_with doc + * bcond_with general + +------------------------------------------------------------------- +Mon Jun 8 14:26:00 UTC 2020 - Matej Cepl + +- add requires python3-base on libpython subpackage (bsc#1167008) + +------------------------------------------------------------------- +Fri Jun 5 06:08:12 UTC 2020 - Dirk Mueller + +- build against Sphinx 2.x until python is compatible with + Sphinx 3.x (see gh#python/cpython#19397, bpo#40204) + +------------------------------------------------------------------- +Fri May 29 19:59:01 UTC 2020 - Andreas Stieger + +- Fix build with SQLite 3.32 (bpo#40783) + add bpo40784-Fix-sqlite3-deterministic-test.patch + +------------------------------------------------------------------- +Sun May 17 15:37:35 UTC 2020 - Callum Farmer + +- Update to version 3.8.3: + - Complete list of changes is available at + https://docs.python.org/release/3.8.3/whatsnew/changelog.html#python-3-8-3-final, + but most of them are just bugfixes. + - Removed patch CVE-2020-8492-urllib-ReDoS.patch: contained in upstream + +------------------------------------------------------------------- +Thu Apr 16 12:06:01 UTC 2020 - Matej Cepl + +- Add #!BuildIgnore: gdk-pixbuf-loader-rsvg to python3 SPEC + +------------------------------------------------------------------- +Thu Mar 26 15:36:55 UTC 2020 - Matej Cepl + +- Add patch bsc1167501-invalid-alignment.patch + (bsc#1167501, bpo#40052) to fix alignment in abstract.h header file. + +------------------------------------------------------------------- +Wed Mar 11 11:09:41 UTC 2020 - Andreas Schwab + +- Update list of skipped tests for qemu linux-user build, test_setegid + (test.test_os.PosixUidGidTests) is confusing it + +------------------------------------------------------------------- +Thu Mar 5 18:40:29 UTC 2020 - Matej Cepl + +- Update to 3.8.2: + - Complete list of changes is available at + https://docs.python.org/release/3.8.2/whatsnew/changelog.html#python-3-8-2-final, + but most of them are just bugfixes. + - Updated patches: + - F00102-lib64.patch + - OBS_dev-shm.patch + - SUSE-FEDORA-multilib.patch + - subprocess-raise-timeout.patch + +------------------------------------------------------------------- +Sun Feb 9 00:14:24 CET 2020 - Matej Cepl + +- Add CVE-2020-8492-urllib-ReDoS.patch fixing the security bug + "Python urrlib allowed an HTTP server to conduct Regular + Expression Denial of Service (ReDoS)" (bsc#1162367) + +------------------------------------------------------------------- +Sat Feb 8 22:21:10 CET 2020 - Matej Cepl + +- Add Requires: libpython%{so_version} == %{version}-%{release} + to python3-base to keep both packages always synchronized + (bsc#1162224). + +------------------------------------------------------------------- +Mon Feb 3 20:27:54 UTC 2020 - Tomáš Chvátal + +- Do not pull in bluez in base again, explain the cycle, + it needs to be solved by bluez maintainer for us by providing + just the headers separately + +------------------------------------------------------------------- +Mon Feb 3 19:54:25 UTC 2020 - Tomáš Chvátal + +- Reame idle icons to idle3 in order to not conflict with python2 + variant of the package + * renamed the icons + * renamed icon load in desktop file + +------------------------------------------------------------------- +Thu Jan 16 09:50:03 UTC 2020 - Tomáš Chvátal + +- Add importlib_resources provide/obsolete as it is integral + part of the lang since 3.7 release + +------------------------------------------------------------------- +Mon Jan 13 11:10:47 UTC 2020 - Martin Liška + +- Add -fno-semantic-interposition as it brings speed up: + https://fedoraproject.org/wiki/Changes/PythonNoSemanticInterpositionSpeedup + +------------------------------------------------------------------- +Thu Dec 19 16:25:26 CET 2019 - Matej Cepl + +- Update to 3.8.1: + - This is mainly bugfix release and no significant changes to + API are expected. The full changelog is available on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-1 + - Remove bpo-38688_shutil.copytree_prevent-infinite-recursion.patch, + which is included in the upstream tarball. + +------------------------------------------------------------------- +Thu Dec 19 14:57:32 CET 2019 - Matej Cepl + +- Add bpo-31046_ensurepip_honours_prefix.patch which makes + ensurepip to honour the value of $(prefix). Proposed fix for + bpo#31046.. + +------------------------------------------------------------------- +Tue Dec 10 11:07:16 UTC 2019 - Tomáš Chvátal + +- Move bluez-devel dependency to base as it is needed for + socket.AF_BLUETOOTH and otherwise does not work + +------------------------------------------------------------------- +Mon Dec 2 16:52:32 CET 2019 - Matej Cepl + +- Reintroduce QtHelp with the help of the new BR + python-sphinxcontrib-qthelp. + +------------------------------------------------------------------- +Mon Oct 21 18:51:00 UTC 2019 - Stefan Brüns + +- Fix SUSE-FEDORA-multilib.patch, the platform agnostic infix for + library installation is "lib", not "dir". + +------------------------------------------------------------------- +Thu Oct 17 14:19:20 UTC 2019 - Stefan Brüns + +- Move idle subpackage build from python3-base to python3. + appstream-glib required for packaging introduces considerable + extra dependencies and a build loop via rust/librsvg. +- Correct installation of idle IDE icons: + + idle.png is not the target directory + + non-GNOME-specific icons belong into icons/hicolor +- Add required Name key to idle3 desktop file + +------------------------------------------------------------------- +Tue Oct 15 16:39:12 CEST 2019 - Matej Cepl + +- Update to the final release 3.8.0. . + - New Features: + - Assignment expressions + - Positional-only parameters + - Parallel filesystem cache for compiled bytecode files + - Debug build uses the same ABI as release build + - f-strings support = for self-documenting expressions and + debugging + - PEP 578: Python Runtime Audit Hooks + - PEP 587: Python Initialization Configuration + - Vectorcall: a fast calling protocol for CPython + - Pickle protocol 5 with out-of-band data buffers + - New modules: + - importlib.metadata + - Improved modules: + - ast asyncio, builtins, collections, curses, ctypes, + datetime, functools, gc, gettext, gzip, idelib and IDLE, + inspect, io, json.tool, math, mmap, multiprocessing, os, + os.path, pathlib, pickle, plistlib, py_compile, shlex, + shutil, socket, ssl, statistics, sys, tarfile, threading, + tokenize, tkinter, time, typing, unicodedata, unittest, + venv, weakref, xml + - C API improvements + - bdist_winnst command has been deprecated (use bdist_wheel) +- https://docs.python.org/3.8/whatsnew/3.8.html remains rest of + changes including documentation on how to port your programs to + the current version of Python. + +------------------------------------------------------------------- +Mon Oct 14 15:02:08 CEST 2019 - Matej Cepl + +- Add idle3.appdata.xml and idle3.desktop (originally from + Fedora) to make Idle3 full GUI desktop application. + (bsc#1153830) + +------------------------------------------------------------------- +Wed Oct 9 19:09:16 UTC 2019 - Michael Gorse + +- Drop intltool from BuildRequires. Doesn't appear to be used. + +------------------------------------------------------------------- +Wed Oct 9 10:37:59 UTC 2019 - Tomáš Chvátal + +- Add folder version to allow tarball downloads even for beta/rc + releases + +------------------------------------------------------------------- +Tue Oct 8 14:53:54 CEST 2019 - Matej Cepl + +- Revert patches from Fedora (F00102-lib64.patch and + F00251-change-user-install-location.patch) into their original + prisitine Fedora versions, SUSE-FEDORA-multilib.patch refreshed + accordingly. + +------------------------------------------------------------------- +Mon Oct 7 14:33:30 UTC 2019 - Matej Cepl + +- Correct quotation of platsubdir in Lib/distutils/command/install.py + +------------------------------------------------------------------- +Thu Oct 3 13:59:57 CEST 2019 - Matej Cepl + +- Replace python-3.6.0-multilib.patch with two patches from + Fedora (F00102-lib64.patch and + F00251-change-user-install-location.patch), and our own + SUSE-FEDORA-multilib.patch to allow better cooperation with + Fedora and better upstreaming. +- Add OBS_dev-shm.patch fixing bpo#38377 + +------------------------------------------------------------------- +Thu Oct 3 08:39:18 UTC 2019 - Tomáš Chvátal + +- Pull in just gettext and let solver to sort out between: + gettext-runtime-mini and gettext-runtime + +------------------------------------------------------------------- +Wed Oct 2 15:00:09 CEST 2019 - Matej Cepl + +- Update to 3.8.0rc1. Overall changes from 3.7: + - PEP 572, Assignment expressions + - PEP 570, Positional-only arguments + - PEP 587, Python Initialization Configuration (improved + embedding) + - PEP 590, Vectorcall: a fast calling protocol for CPython + - PEP 578, Runtime audit hooks + - PEP 574, Pickle protocol 5 with out-of-band data + - Typing-related: PEP 591 (Final qualifier), PEP 586 (Literal + types), and PEP 589 (TypedDict) + - Parallel filesystem cache for compiled bytecode + - Debug builds share ABI as release builds, also the 'm' ABI + tag was removed (irrelevant since 3.4), bpo#36707 + - f-strings support a handy = specifier for debugging + - continue is now legal in finally: blocks + - on Windows, the default asyncio event loop is now + ProactorEventLoop + - on macOS, the spawn start method is now used by default in + multiprocessing + - multiprocessing can now use shared memory segments to avoid + pickling costs between processes + - typed_ast is merged back to CPython + - LOAD_GLOBAL is now 40% faster + - pickle now uses Protocol 4 by default, improving performance +- Refreshed patches: + - CVE-2019-5010-null-defer-x509-cert-DOS.patch + - python-3.3.0b1-fix_date_time_compiler.patch + - python-3.6.0-multilib.patch + - subprocess-raise-timeout.patch + +------------------------------------------------------------------- +Wed Sep 25 09:46:41 UTC 2019 - Bernhard Wiedemann + +- Add bpo36302-sort-module-sources.patch (boo#1041090) + +------------------------------------------------------------------- +Tue Sep 10 13:43:18 UTC 2019 - Tomáš Chvátal + +- Try harder obsoleting importlib-metadata + +------------------------------------------------------------------- +Sat Aug 31 00:16:47 CEST 2019 - Matej Cepl + +- Update to 3.8.0b4: + Many bugfixes, full list on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-0-beta-4 + +------------------------------------------------------------------- +Thu Aug 29 06:28:15 UTC 2019 - Guillaume GARDET + +- Re-enable test_threading on aarch64 + +------------------------------------------------------------------- +Sat Aug 17 13:21:15 UTC 2019 - John Vandenberg + +- Remove xrpm from subpackage tk description + +------------------------------------------------------------------- +Tue Aug 6 14:24:55 CEST 2019 - Matej Cepl + +- Update to 3.8.0b3: + Many bugfixes, full list on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-0-beta-3 +- Patches reapplied: + - python-3.3.0b1-fix_date_time_compiler.patch + - python-3.3.0b1-test-posix_fadvise.patch + - python-3.6.0-multilib.patch + - subprocess-raise-timeout.patch + +------------------------------------------------------------------- +Tue Jul 23 13:20:49 UTC 2019 - Matej Cepl + +- Add Provides: python3-importlib-metadata + +------------------------------------------------------------------- +Sun Jul 7 19:08:48 CEST 2019 - Matej Cepl + +- Update to 3.8.0b2: + Many bugfixes, full list on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-0-beta-2 +- Patches included in upstream: + - bpo-37169_PyObject_IsFreed.patch +- Patches reapplied: + - 00251-change-user-install-location.patch + - distutils-reproducible-compile.patch + - python-3.3.0b1-localpath.patch + - python-3.6.0-multilib.patch + +------------------------------------------------------------------- +Tue Jul 2 09:03:04 UTC 2019 - Andreas Schwab + +- Update list of skipped tests for qemu linux-user build +- Don't do profiling in qemu linux-user build + +------------------------------------------------------------------- +Wed Jun 5 12:19:09 CEST 2019 - Matej Cepl + +- Update to 3.8.0b1 (changes since 3.7.*): + - PEP 572, Assignment expressions + - PEP 570, Positional-only arguments + - PEP 587, Python Initialization Configuration (improved embedding) + - PEP 590, Vectorcall: a fast calling protocol for CPython + - PEP 578, Runtime audit hooks + - PEP 574, Pickle protocol 5 with out-of-band data + - Typing-related: PEP 591 (Final qualifier), PEP 586 (Literal + types), and PEP 589 (TypedDict) + - Parallel filesystem cache for compiled bytecode + - Debug builds share ABI as release builds + - f-strings support a handy = specifier for debugging + - continue is now legal in finally: blocks + - multiprocessing can now use shared memory segments to avoid + pickling costs between processes + - typed_ast is merged back to CPython + - LOAD_GLOBAL is now 40% faster + - pickle now uses Protocol 4 by default, improving performance +- Remove patches which were included in the upstream: + - 00251-change-user-install-location.patch + - 00316-mark-bdist_wininst-unsupported.patch + - CVE-2019-9947-no-ctrl-char-http.patch + - raise_SIGING_not_handled.patch + +------------------------------------------------------------------- +Wed May 22 10:53:03 UTC 2019 - Martin Liška + +- Set _lto_cflags to nil as the package is using LTO via --enable-lto. + That will prevent to propage LTO for Python modules that are + built in a separate package. + +------------------------------------------------------------------- +Sat May 4 21:29:20 CEST 2019 - Matej Cepl + +- Update to 3.8.0.a3: + - PEP 572: Assignment Expressions. + - Other (mostly small) changes are on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-0-alpha-3 + +------------------------------------------------------------------- +Mon Apr 29 15:40:34 CEST 2019 - Matej Cepl + +- bsc#1130840 (CVE-2019-9947): add CVE-2019-9947-no-ctrl-char-http.patch + Address the issue by disallowing URL paths with embedded + whitespace or control characters through into the underlying + http client request. Such potentially malicious header + injection URLs now cause a ValueError to be raised. + +------------------------------------------------------------------- +Wed Apr 10 10:22:58 CEST 2019 - Matej Cepl + +- Fix metadata of patches. +- Rename boo1071941-make-install-in-sep-loc.patch to + 00251-change-user-install-location.patch which is the original + name, so it can be looked up in the Fedora VCS. + +------------------------------------------------------------------- +Tue Apr 9 04:55:24 UTC 2019 - John Vandenberg + +- Mark distutils bdist_wininst command unsupported + with 00316-mark-bdist_wininst-unsupported.patch +- Remove Windows bdist_wininst executables from runtime package + +------------------------------------------------------------------- +Tue Apr 9 01:21:45 CEST 2019 - Matej Cepl + +- Update to 3.7.3, which is the maintenance release without any + significant changes in API. + - Updated patches: + - CVE-2019-5010-null-defer-x509-cert-DOS.patch + - distutils-reproducible-compile.patch + - python-3.3.0b1-fix_date_time_compiler.patch + - python-3.6.0-multilib.patch + - raise_SIGING_not_handled.patch + +------------------------------------------------------------------ +Wed Mar 20 14:59:58 UTC 2019 - Matěj Cepl + +- Remove building of Qt Develop help files. + +------------------------------------------------------------------- +Fri Mar 15 15:10:30 CET 2019 - Matej Cepl + +- Return distutils-reproducible-compile.patch which is still + missing (still unfinished bpo#29708). + +------------------------------------------------------------------- +Mon Feb 25 23:30:56 CET 2019 - Matej Cepl + +- Update to 3.8.0a2: + * List of all (mostly small) changes are on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-0-alpha-2 + +------------------------------------------------------------------- +Tue Feb 12 10:25:52 CET 2019 - Matej Cepl + +- Build nis module again. + +------------------------------------------------------------------- +Tue Feb 12 10:06:17 CET 2019 - Matej Cepl + +- Update to 3.8.0a1: + * The most visible change so far is probably the + implementation of PEP 572: Assignment Expressions. For + a detailed list of changes, see: + https://docs.python.org/3.8/whatsnew/changelog.html + * Recover building of nis module properly in python3 package +- Update patches: + * CVE-2019-5010-null-defer-x509-cert-DOS.patch + * python-3.3.0b1-fix_date_time_compiler.patch + * python-3.3.0b1-test-posix_fadvise.patch + * python-3.6.0-multilib.patch + * raise_SIGING_not_handled.patch + +------------------------------------------------------------------- +Wed Jan 30 18:07:49 CET 2019 - mcepl@suse.com + +- Put LICENSE file where it belongs (bsc#1121852) + +------------------------------------------------------------------- +Sat Jan 19 16:19:38 CET 2019 - mcepl@suse.com + +- bsc#1122191: add CVE-2019-5010-null-defer-x509-cert-DOS.patch + fixing bpo-35746. + An exploitable denial-of-service vulnerability exists in the + X509 certificate parser of Python.org Python 2.7.11 / 3.7.2. + A specially crafted X509 certificate can cause a NULL pointer + dereference, resulting in a denial of service. An attacker can + initiate or accept TLS connections using crafted certificates + to trigger this vulnerability. + +------------------------------------------------------------------- +Tue Jan 8 12:51:01 UTC 2019 - Tomáš Chvátal + +- Do not require full gettext in order to avoid pulling in the + glib2 as a dependency + +------------------------------------------------------------------- +Tue Jan 8 12:25:27 UTC 2019 - Tomáš Chvátal + +- Update to 3.7.2: + * bugfix release: + https://docs.python.org/3.7/whatsnew/changelog.html#changelog + +------------------------------------------------------------------- +Wed Jan 2 12:51:48 CET 2019 - mcepl@suse.com + +- Stop applying python-3.6.0-multilib-new.patch (which is still + WIP), and apply the old proven python-3.6.0-multilib.patch + instead. + +------------------------------------------------------------------- +Wed Dec 19 19:29:44 UTC 2018 - Todd R + +- Use upstream-recommended %{_rpmconfigdir}/macros.d directory + for the rpm macros. + +------------------------------------------------------------------- +Mon Dec 17 17:24:49 CET 2018 - mcepl@suse.com + +- Upgrade to 3.7.2rc1: + * bugfix release, for the full list of all changes see + https://docs.python.org/3.7/whatsnew/changelog.html#changelog +- Make run of the test suite more verbose + +------------------------------------------------------------------- +Tue Dec 11 01:52:45 UTC 2018 - Jan Engelhardt + +- Write summaries without em dashes. + +------------------------------------------------------------------- +Mon Dec 3 13:27:54 UTC 2018 - Matěj Cepl + +- Remove python-3.3.0b1-curses-panel.patch it is unnecessary anymore. +- Add boo1071941-make-install-in-sep-loc.patch to make pip and + distutils in user environment install into separate location + (boo#1071941) + + Set values of prefix and exec_prefix in distutils install + command to /usr/local if executable is /usr/bin/python* and RPM + build is not detected to make pip and distutils install into + separate location +- Remove finally python-3.3.3-skip-distutils-test_sysconfig_module.patch +- Remove distutils-reproducible-compile.patch which doesn't make + really much difference in reproducibility (see + gh#python/cpython#8057 and discussion there). + +------------------------------------------------------------------- +Sat Dec 1 00:14:28 CET 2018 - mcepl@suse.com + +- Rename Stop_hash-based_invalidation_w_SOURCE_DATE_EPOCH.patch + to bpo34022-stop_hash-based_invalidation_w_SOURCE_DATE_EPOCH.patch + +------------------------------------------------------------------- +Wed Nov 7 12:10:41 CET 2018 - mcepl@suse.com + +- Add dependency on bluez-devel to build support for Bluetooth + (boo#1109998) + +------------------------------------------------------------------- +Tue Nov 6 13:52:45 CET 2018 - mcepl@suse.com + +- Add devhelp subpackage and split qthelp into another + subpackage. + +------------------------------------------------------------------- +Wed Oct 24 12:38:00 UTC 2018 - Matěj Cepl + +- Remove python-3.0b1-record-rpm.patch and + Python-3.0b1-record-rpm.patch, as they are not needed anymore + +------------------------------------------------------------------- +Tue Oct 23 14:14:16 UTC 2018 - Matej Cepl + +- Switch off test_threading for optimization builds. + +------------------------------------------------------------------- +Mon Oct 22 14:41:59 CEST 2018 - mcepl@suse.com + +- Update to python-3.7.1. This is just a brief overview, complete + changelog available at + https://docs.python.org/3.7/whatsnew/changelog.html#python-3-7-1-final: + Library + bpo-34970: Protect tasks weak set manipulation in asyncio.all_tasks() +- Patches already accepted upstream are removed: + * 00307-allow-to-call-Py_Main-after-Py_Initialize.patch + * 00308-tls-1.3.patch +- New patches added: + * Stop_hash-based_invalidation_w_SOURCE_DATE_EPOCH.patch + * raise_SIGING_not_handled.patch +- All other patches refreshed via quilt. + +------------------------------------------------------------------- +Mon Oct 22 12:22:19 UTC 2018 - Matej Cepl + +- Add raise_SIGING_not_handled.patch to fix bsc#1094814 + +------------------------------------------------------------------- +Wed Oct 17 14:04:35 UTC 2018 - Tomáš Chvátal + +- Add patch to fix importlib return types: + * python3-imp-returntype.patch + +------------------------------------------------------------------- +Mon Oct 15 13:46:32 CEST 2018 - mcepl@suse.com + +- bpo-34022 still not completely fixed, so we have to keep + excluding test_cmd_line_script, + test_multiprocessing_main_handling, and test_runpy from the + test suite. + +------------------------------------------------------------------- +Sun Oct 14 15:57:24 UTC 2018 - Matej Cepl + +- Update to python 3.7.1~rc2: + Core and Builtins + bpo-34879: Fix a possible null pointer dereference in + bytesobject.c. Patch by Zackery Spytz. + bpo-34854: Fixed a crash in compiling string annotations + containing a lambda with a keyword-only argument that + doesn’t have a default value. + bpo-34320: Fix dict(od) didn’t copy iteration order of + OrderedDict. + Library + bpo-34769: Fix for async generators not finalizing when event + loop is in debug mode and garbage collector runs in another + thread. + bpo-34922: Fixed integer overflow in the digest() and + hexdigest() methods for the SHAKE algorithm in the hashlib + module. + bpo-34900: Fixed unittest.TestCase.debug() when used to call + test methods with subtests. Patch by Bruno Oliveira. + bpo-34871: Fix inspect module polluted sys.modules when parsing + __text_signature__ of callable. + bpo-34872: Fix self-cancellation in C implementation of + asyncio.Task + bpo-34819: Use a monotonic clock to compute timeouts in + Executor.map() and as_completed(), in order to prevent + timeouts from deviating when the system clock is adjusted. + bpo-34334: In QueueHandler, clear exc_text from LogRecord to + prevent traceback from being written twice. + bpo-6721: Acquire the logging module’s commonly used internal + locks while fork()ing to avoid deadlocks in the child + process. + bpo-34172: Fix a reference issue inside multiprocessing.Pool + that caused the pool to remain alive if it was deleted + without being closed or terminated explicitly. + Documentation + bpo-32174: chm document displays non-ASCII charaters properly on + some MBCS Windows systems. + Tests + bpo-32962: Fixed test_gdb when Python is compiled with flags + -mcet -fcf-protection -O0. + C API + bpo-34910: Ensure that PyObject_Print() always returns -1 on + error. Patch by Zackery Spytz. + +------------------------------------------------------------------- +Fri Oct 12 20:46:58 CEST 2018 - mcepl@suse.com + +- Add Stop_hash-based_invalidation_w_SOURCE_DATE_EPOCH.patch to + fix problems with SOURCE_DATE_EPOCH variable (bpo-34022) + +------------------------------------------------------------------- +Mon Sep 17 09:44:02 UTC 2018 - Tomáš Chvátal + +- Add patch to fix build with tls1.3 supported openssl + * 00308-tls-1.3.patch +- Add patch to fix Py_Main calls after Py_initialize + * 00307-allow-to-call-Py_Main-after-Py_Initialize.patch + +------------------------------------------------------------------- +Mon Sep 3 15:22:42 UTC 2018 - Matěj Cepl + +- Add -fwrapv to OPTS, which is default for python3 anyway + See for example https://github.com/zopefoundation/persistent/issues/86 + for bugs which are caused by avoiding it. + +------------------------------------------------------------------- +Tue Jul 10 11:12:32 UTC 2018 - mcepl@suse.com + +- Fix ownership of _contextvars, _queue, and _xxtestfuzz + +------------------------------------------------------------------- +Tue Jul 3 15:04:48 UTC 2018 - mcepl@suse.com + +- Switch off LTO for distros with older GCC +- Fix %files + +------------------------------------------------------------------- +Fri Jun 29 14:20:03 UTC 2018 - tchvatal@suse.com + +- Add dependency over libuuid-devel + +------------------------------------------------------------------- +Thu Jun 28 10:42:15 UTC 2018 - mimi.vx@gmail.com + +- update to python 3.7.0 + Complete overview of changes is available on + https://docs.python.org/3/whatsnew/3.7.html, these are just + highlights: + * PEP 563, postponed evaluation of type annotations. + * async and await are now reserved keywords. + * New library modules: + contextvars: PEP 567 – Context Variables + dataclasses: PEP 557 – Data Classes + importlib.resources + * New built-in features: + PEP 553, the new breakpoint() function. + * Python data model improvements: + PEP 562, customization of access to module attributes. + PEP 560, core support for typing module and generic types. + the insertion-order preservation nature of dict objects + has been declared to be an official part of the Python + language spec. + * Significant improvements in the standard library: + The asyncio module has received new features, significant + usability and performance improvements. + The time module gained support for functions with + nanosecond resolution. + * CPython implementation improvements: + Avoiding the use of ASCII as a default text encoding: + PEP 538, legacy C locale coercion + PEP 540, forced UTF-8 runtime mode + PEP 552, deterministic .pycs + the new development runtime mode + PEP 565, improved DeprecationWarning handling + * C API improvements: + PEP 539, new C API for thread-local storage + * Documentation improvements: + PEP 545, Python documentation translations + New documentation translations: Japanese, French, and Korean. +- drop python3-sorted_tar.patch +- drop 0001-allow-for-reproducible-builds-of-python-packages.patch +- refresh python-3.6.0-multilib-new.patch +- refresh subprocess-raise-timeout.patch + * new C API for thread-local storage + * Deterministic pyc files + * Built-in breakpoint() + * Data Classes + * Core support for typing module and generic types + * Customization of access to module attributes + * Postponed evaluation of annotations + * Time functions with nanosecond resolution + * Improved DeprecationWarning handling + * Context Variables + * Avoiding the use of ASCII as a default text encoding + (PEP 538, legacy C locale coercion and PEP 540, forced UTF-8 runtime mode) + * The insertion-order preservation nature of dict objects is now + an official part of the Python language spec. + * Notable performance improvements in many areas. + +------------------------------------------------------------------- +Thu May 17 18:26:42 UTC 2018 - hpj@urpla.net + +- disable lto with gcc versions below 7 (results in link failures) + +------------------------------------------------------------------- +Mon Apr 30 15:23:24 UTC 2018 - jengelh@inai.de + +- Use faster find subcommand execution strategies. + +------------------------------------------------------------------- +Fri Apr 20 16:17:29 UTC 2018 - tchvatal@suse.com + +- Do not mention the testsuite disabling in opts as it was moved to + main pkg so base is test-free + +------------------------------------------------------------------- +Tue Apr 17 08:36:08 UTC 2018 - tchvatal@suse.com + +- As we run in main python package do not generate the pre_checkin + from both now + +------------------------------------------------------------------- +Mon Apr 16 14:11:56 UTC 2018 - tchvatal@suse.com + +- Move the tests from base to generic package wrt bsc#1088573 + * We still fail the whole distro if python3 is not build + * The other archs than x86_64 took couple of hours to unblock + build of other software, this way we work around the issue +- Some tests are still run in -base for the LTO tweaking, but at + least it is not run twice + +------------------------------------------------------------------- +Sat Mar 31 19:41:12 UTC 2018 - mimi.vx@gmail.com + +- update to 3.6.5 + * bugfix release + * see Misc/NEWS for details +- drop ctypes-pass-by-value.patch +- drop fix-localeconv-encoding-for-LC_NUMERIC.patch +- refresh python-3.6.0-multilib-new.patch + +------------------------------------------------------------------ +Wed Mar 7 09:16:39 UTC 2018 - adam@mizerski.pl + +- Created %so_major and %so_minor macros +- Put Tools/gdb/libpython.py script into proper place and ship it with devel + subpackage. + +------------------------------------------------------------------- +Tue Feb 20 15:04:56 UTC 2018 - schwab@suse.de + +- ctypes-pass-by-value.patch: Fix pass by value for structs on aarch64 + +------------------------------------------------------------------- +Tue Feb 20 14:28:00 UTC 2018 - bwiedemann@suse.com + +- Add python3-sorted_tar.patch (boo#1081750) + +------------------------------------------------------------------- +Tue Feb 20 14:08:57 UTC 2018 - tchvatal@suse.com + +- Drop python3-tk and python3-idle recommends to reduce python3 + always pulling X stack bsc#1081751 + +------------------------------------------------------------------- +Wed Feb 7 09:10:03 UTC 2018 - tchvatal@suse.com + +- Add patch to fix glibc 2.27 fail bsc#1079761: + * fix-localeconv-encoding-for-LC_NUMERIC.patch + +------------------------------------------------------------------- +Mon Feb 5 17:14:43 UTC 2018 - normand@linux.vnet.ibm.com + +- Update skip_random_failing_tests.patch (for PowerPC) + to avoid test_call_later failure + +------------------------------------------------------------------- +Wed Jan 24 14:35:58 UTC 2018 - jmatejek@suse.com + +- move XML modules and python3-xml provide to python3-base + (fixes bsc#1077230) +- move ensurepip to base + +------------------------------------------------------------------- +Thu Jan 18 12:31:47 UTC 2018 - normand@linux.vnet.ibm.com + +- Add skip_random_failing_tests.patch only for PowerPC + +------------------------------------------------------------------- +Wed Jan 3 12:18:51 UTC 2018 - jmatejek@suse.com + +- update to 3.6.4 + * bugfix release, over a hundred bugs fixed + * see Misc/NEWS for details +- drop upstreamed python3-ncurses-6.0-accessors.patch +- drop PYTHONSTARTUP hooks that cause spurious startup errors + * fixes bsc#1070738 + * the relevant feature (REPL history) is now built into Python itself + +------------------------------------------------------------------- +Sat Dec 2 11:11:46 UTC 2017 - dimstar@opensuse.org + +- Install 2to3-%{python_version} executable (override defattr of + the -tools package). 2to3 (unversioned) is a symlink and does not + carry permissions (bsc#1070853). + +------------------------------------------------------------------- +Thu Nov 16 11:02:18 UTC 2017 - mimi.vx@gmail.com + +- move 2to3 to python3-tools package + +------------------------------------------------------------------- +Wed Oct 11 13:15:23 UTC 2017 - jmatejek@suse.com + +- update to 3.6.3 + * bugfix release, over a hundred bugs fixed + * see Misc/NEWS for details +- drop upstreamed 0001-3.6-bpo-30714-ALPN-changes-for-OpenSSL-1.1.0f-3093.patch + +------------------------------------------------------------------- +Wed Sep 20 09:54:05 UTC 2017 - dmueller@suse.com + +- drop python-2.7-libffi-aarch64.patch: this patches the intree + copy of libffi which is unused/deleted in the line afterwards +- fix build against system libffi: include flags weren't set + so it actually used the in-tree libffi headers. + +------------------------------------------------------------------- +Thu Sep 14 13:23:10 UTC 2017 - vcizek@suse.com + +- Fix test broken with OpenSSL 1.1 (bsc#1042670) + * add 0001-3.6-bpo-30714-ALPN-changes-for-OpenSSL-1.1.0f-3093.patch + +------------------------------------------------------------------- +Tue Sep 5 11:47:05 UTC 2017 - jengelh@inai.de + +- Update RPM group for python documentation. + +------------------------------------------------------------------- +Thu Aug 31 08:39:31 UTC 2017 - schwab@suse.de + +- fix missing %{?armsuffix} + +------------------------------------------------------------------- +Wed Aug 30 13:41:38 UTC 2017 - jmatejek@suse.com + +- distutils-reproducible-compile.patch: ensure distutils order files + before compiling, which works around bsc#1049186 + +------------------------------------------------------------------- +Thu Aug 17 08:59:05 CEST 2017 - kukuk@suse.de + +- Add libnsl-devel build requires for glibc obsoleting libnsl + +------------------------------------------------------------------- +Thu Aug 3 16:09:26 UTC 2017 - jmatejek@suse.com + +- update to 3.6.2 + * bugfix release, over a hundred bugs fixed + * see Misc/NEWS for details +- drop upstreamed test-socket-aead-kernel49.patch +- add Provides: python3-typing (fixes bsc#1050653) +- drop duplicate Provides: python3 + +------------------------------------------------------------------- +Mon Jun 26 12:10:07 UTC 2017 - jmatejek@suse.com + +- drop db-devel from requirements + +------------------------------------------------------------------- +Tue Jun 20 09:26:52 UTC 2017 - asn@cryptomilk.org + +- Add missing link to python library in config dir (bsc#1040164) + +------------------------------------------------------------------- +Thu Mar 23 12:42:59 UTC 2017 - jmatejek@suse.com + +- update to 3.6.1 + * bugfix release, over a hundred bugs fixed + * never add import location's parent directory to sys.path + * switch to git for version control, build changes related to that + * fix "failed to get random numbers" on old kernels (bsc#1029902) + * several crashes and memory leaks corrected + * f-string are no longer accepted as docstrings + +------------------------------------------------------------------- +Mon Mar 13 14:04:22 UTC 2017 - jmatejek@suse.com + +- prevent regenerating AST at build-time more robustly +- add "--without profileopt" and "--without testsuite" options to python3-base + to allow short circuiting when working on the package + +------------------------------------------------------------------- +Sat Feb 25 20:55:57 UTC 2017 - bwiedemann@suse.com + +- Add 0001-allow-for-reproducible-builds-of-python-packages.patch + upstream https://github.com/python/cpython/pull/296 + +------------------------------------------------------------------- +Wed Feb 8 12:30:20 UTC 2017 - jmatejek@suse.com + +- reenable test_socket with AEAD patch (test-socket-aead-kernel49.patch) +- reintroduce %py3_soflags macro (and better named %cpython3_soabi equivalent) + +------------------------------------------------------------------- +Wed Jan 11 14:57:07 UTC 2017 - jmatejek@suse.com + +- update to 3.6.0 + * PEP 498 Formated string literals + * PEP 515 Underscores in numeric literals + * PEP 526 Syntax for variable annotations + * PEP 525 Asynchronous generators + * PEP 530 Asynchronous comprehensions + * PEP 506 New "secrets" module for safe key generation + * less memory consumed by dicts + * dtrace and systemtap support + * improved asyncio module + * better defaults for ssl + * new hashing algorithms in hashlib + * bytecode format changed to allow more optimizations + * "async" and "await" are on track to be reserved words + * StopIteration from generators is deprecated + * support for openssl < 1.0.2 is deprecated + * os.urandom now blocks when getrandom() blocks + * huge number of new features, bugfixes and optimizations + * see https://docs.python.org/3.6/whatsnew/3.6.html for details +- rework multilib patch: drop Python-3.5.0-multilib.patch, implement + upstreamable python-3.6.0-multilib-new.patch +- refresh python-3.3.0b1-localpath.patch, subprocess-raise-timeout.patch +- drop upstreamed Python-3.5.1-fix_lru_cache_copying.patch +- finally drop python-2.6b1-canonicalize2.patch that was not applied in source + and only kept around in case we needed it in the future. (which we don't, as it seems) +- update import_failed map and baselibs +- build ctypes against system libffi + (buildrequire libffi-devel in python3-base) +- add new key to keyring (signed by keys already in keyring) +- introduced common configure section between python3 and python3-base +- moved pyconfig.h and Makefile to devel subpackage as distutils no longer + need it at runtime +- added python-rpm-macros dependency, regenerated macros file, drop macros.python3.py + because it is not used now +- improve summaries and descriptions (fixes bsc#917607) +- enabled Link-Time Optimization, see what happens +- including skipped_tests.py in pre_checkin.sh run +- run specs through spec-cleaner, rearrange sections + +------------------------------------------------------------------- +Fri Apr 22 17:20:29 UTC 2016 - jmatejek@suse.com + +- move _hashlib and _ssl modules and tests to python3-base +- recommend python3 + +------------------------------------------------------------------- +Tue Mar 15 15:05:23 UTC 2016 - schwab@suse.de + +- Skip test_asyncio under qemu_user_space_build + +------------------------------------------------------------------- +Mon Mar 7 20:38:11 UTC 2016 - toddrme2178@gmail.com + +- Add Python-3.5.1-fix_lru_cache_copying.patch + Fix copying the lru_cache() wrapper object. + Fixes deep-copying lru_cache regression, which worked on + previous versions of python but fails on python 3.5. + This fixes a bunch of packages in devel:languages:python3. + See: https://bugs.python.org/issue25447 + +------------------------------------------------------------------- +Sun Jan 24 00:44:08 UTC 2016 - arichardson.kde@gmail.com + +- Build the docs in .qch format as well + +------------------------------------------------------------------- +Wed Dec 9 07:35:20 UTC 2015 - toddrme2178@gmail.com + +- update to 3.5.1 + * bugfix-only release, dozens of bugs fixed +- Drop upstreamed Python-3.5.0-_Py_atomic_xxx-symbols.patch +- "Python3" to "Python 3" in summary + * This seems cleaner and fixes and rpmlint warning + +------------------------------------------------------------------- +Wed Oct 14 20:21:52 UTC 2015 - toddrme2178@gmail.com + +- Add Python-3.5.0-_Py_atomic_xxx-symbols.patch + This fixes a build error for many packages that use the Python, + C-API. + This patch is already accepted upstream and is slated to appear in + python 3.5.1. + +------------------------------------------------------------------- +Tue Sep 29 15:53:24 UTC 2015 - jmatejek@suse.com + +- update to 3.5.0 + * coroutines with async/await syntax + * matrix multiplication operator `@` + * unpacking generalizations + * new modules `typing` and `zipapp` + * type annotations + * .pyo files replaced by custom suffixes for optimization levels in __pycache__ + * support for memory BIO in ssl module + * performance improvements in several modules + * and many more +- removals and behavior changes + * deprecated `__version__` is removed + * support for .pyo files was removed + * system calls are auto-retried on EINTR + * bare generator expressions in function calls now cause SyntaxError + (change "f(x for x in i)" to "f((x for x in i))" to fix) + * removed undocumented `format` member of private `PyMemoryViewObject` struct + * renamed `PyMemAllocator` to `PyMemAllocatorEx` +- redefine %dynlib macro to reflect that modules now have arch+os as part of name +- module `time` is now built-in +- dropped upstreamed patches: + python-3.4.1-fix-faulthandler.patch + python-3.4.3-test-conditional-ssl.patch + python-fix-short-dh.patch (also dropped dh2048.pem required for this patch) +- updated patch Python-3.3.0b2-multilib.patch to Python-3.5.0-multilib.patch +- python-ncurses-6.0-accessors.patch taken from python 2 to fix build failure + with new gcc + ncurses + +------------------------------------------------------------------- +Wed Sep 9 11:51:22 UTC 2015 - dimstar@opensuse.org + +- Add python3-ncurses-6.0-accessors.patch: Fix build with + NCurses 6.0 and OPAQUE_WINDOW set to 1. + +------------------------------------------------------------------- +Mon Aug 24 17:02:08 UTC 2015 - jmatejek@suse.com + +- improve import_failed hook to do the right thing when invoking + missing modules with "python3 -m modulename" (boo#942751) + +------------------------------------------------------------------- +Thu Jul 23 22:08:10 UTC 2015 - fisiu@opensuse.org + +- Build with --enable-loadable-sqlite-extensions to make it works + as geospatial database. + +------------------------------------------------------------------- +Wed Jul 1 07:07:26 UTC 2015 - dimstar@opensuse.org + +- Fix source list for previous change (add dh2048.pem). + +------------------------------------------------------------------- +Wed Jun 24 06:54:30 UTC 2015 - meissner@suse.com + +- dh2048.pem: added generated 2048 dh parameter set to fix + ssl test (bsc#935856) +- python-fix-short-dh.patch: replace the 512 bits dh parameter set + by 2048 bits to fix build with new openssl 1.0.2c (bsc#935856) + +------------------------------------------------------------------- +Tue May 19 14:59:30 UTC 2015 - schwab@suse.de + +- ctypes-libffi-aarch64.patch: remove upstreamed patch +- python-2.7-libffi-aarch64.patch: Fix argument passing in libffi for + aarch64 + +------------------------------------------------------------------- +Thu May 14 10:58:36 UTC 2015 - jmatejek@suse.com + +- drop the PDF subpackage + (removes the massive texlive dependency, and most likely nobody is + using the PDFs anyway) + +------------------------------------------------------------------- +Thu May 14 09:53:29 UTC 2015 - jmatejek@suse.com + +- python-3.4.3-test-conditional-ssl.patch - restore tests failing because + test_urllib was unconditionally importing ssl (without really needing it) +- restore functionality of multilib patch +- drop libffi-ppc64le.diff because upstream completely changed everything + yet again (sorry ppc64 folks :| ) + + +------------------------------------------------------------------- +Fri May 1 15:11:21 UTC 2015 - mailaender@opensuse.org + +- Update to version 3.4.3 +- Drop upstreamed CVE-2014-4650-CGIHTTPServer-traversal.patch + (bpo#21766) + +------------------------------------------------------------------- +Wed Mar 25 10:57:28 UTC 2015 - rguenther@suse.com + +- Add python-3.4.1-fix-faulthandler.patch, upstream patch for bogus + faulthandler which fails with GCC 5. + +------------------------------------------------------------------- +Sun Jan 11 13:01:30 UTC 2015 - p.drouand@gmail.com + +- asyncio has been merged in python3 main package; provide and + obsolete it +- Remove obsolete AUTHORS section +- Remove redundant %clean section + +------------------------------------------------------------------- +Sat Oct 18 20:14:54 UTC 2014 - crrodriguez@opensuse.org + +- Only pkgconfig(x11) is required for build, not the whole + set of packages provided by xorg-x11-devel metapackage. + +------------------------------------------------------------------- +Mon Oct 13 13:38:20 UTC 2014 - jmatejek@suse.com + +- add %python3_version rpm macro for Fedora compatibility +- add missing argument in import_failed, rename Novell Bugzilla + to SUSE Bugzilla + +------------------------------------------------------------------- +Thu Jul 31 17:24:59 UTC 2014 - dimstar@opensuse.org + +- Rename rpmlintrc to %{name}-rpmlintrc. + Follow the packaging guidelines. + +------------------------------------------------------------------- +Wed Jul 23 16:31:02 UTC 2014 - jmatejek@suse.com + +- CVE-2014-4650-CGIHTTPServer-traversal.patch: CGIHTTPServer file + disclosure and directory traversal through URL-encoded characters + (CVE-2014-4650, bnc#885882) + +------------------------------------------------------------------- +Tue Jul 22 13:55:57 UTC 2014 - jmatejek@suse.com + +- drop python-3.4.1-SUSE-ensurepip.patch for compatibility reasons, + reinstate bundled copies of pip and setuptools + (fixes bnc#885662) +- add more files as sources to silence the validator + +------------------------------------------------------------------- +Wed May 21 11:01:56 UTC 2014 - jmatejek@suse.com + +- update to 3.4.1 + * bugfix-only release, over 300 bugs fixed +- drop upstreamed python-3.4.0rc2-sqlite-3.8.4-tests.patch +- drop upstreamed CVE-2014-2667-mkdir.patch +- include Python release manager keyring and signature file + for the source archive (thus renumbering of source files) + (see https://www.python.org/download/#openpgp-public-keys ) +- move ensurepip to python3, because it transitively requires ssl + +------------------------------------------------------------------- +Fri Apr 4 16:21:40 UTC 2014 - jmatejek@suse.com + +- CVE-2014-2667-mkdir.patch: race condition with reseting umask + in os.makedirs + (CVE-2014-2667, bnc#871152) +- updated multilib patch to include ~/.local/lib64 (bnc#637176) + +------------------------------------------------------------------- +Wed Mar 26 15:24:46 UTC 2014 - jmatejek@suse.com + +- raise timeout value for test_subprocess to 10s (might fix + intermittent build failures in OBS) + +------------------------------------------------------------------- +Mon Mar 24 17:29:31 UTC 2014 - dmueller@suse.com + +- remove blacklisting of test_posix on aarch64: qemu bug is fixed + +------------------------------------------------------------------- +Mon Mar 17 18:26:58 UTC 2014 - jmatejek@suse.com + +- update to 3.4.0 final +- drop upstreamed python-3.4rc2-importlib.patch + +------------------------------------------------------------------- +Sun Mar 16 16:33:25 UTC 2014 - schwab@suse.de + +- Only build with profile-opt if profiling is enabled +- Update test exclusion lists: + * test_ctypes no longer fails on arm + * test_io no longer fails on ppc* + * test_multiprocessing has been split in multiple tests + * test_posix and test_signal fail due to qemu bugs + +------------------------------------------------------------------- +Fri Mar 14 20:26:03 UTC 2014 - andreas.stieger@gmx.de + +- Fix build with SQLite 3.8.4 [bnc#867887], fixing SQLite tests, + adding python-2.7.6-sqlite-3.8.4-tests.patch + +------------------------------------------------------------------- +Thu Feb 27 14:08:40 UTC 2014 - jmatejek@suse.com + +- update to 3.4.0 rc2 + * pre-release bugfixes + * improvements to asyncio library +- drop upstreamed tracemalloc_gcov.patch +- python-3.4rc2-importlib.patch fixes backwards-incompatibility + in the reworked importlib module that blocks build of vim + +------------------------------------------------------------------- +Fri Jan 17 18:45:27 UTC 2014 - jmatejek@suse.com + +- initial commit of 3.4.0 beta 3 + * new stdlib modules: pathlib, enum, statistics, tracemalloc + * asynchronous IO with new asyncio module + * introspection data for builtins + * subprocesses no longer inherit open file descriptors + * standardized metadata for packages + * internal hashing changed to SipHash + * new pickle protocol + * improved handling of codecs + * TLS 1.2 support + * major speed improvements for internal unicode handling + * many bugfixes and optimizations +- see porting guide at: + http://docs.python.org/3.4/whatsnew/3.4.html#porting-to-python-3-4 +- moved several modules to -testsuite subpackage +- updated list of binary extensions, refreshed patches +- tracemalloc_gcov.patch fixes profile-based optimization build +- updated packages and pre_checkin.sh to use ~-version notation + for prereleases +- fix-shebangs part of build process moved to common %prep +- drop python-3.3.2-no-REUSEPORT.patch (upstreamed) +- update baselibs for new soname + +- TODOs: + * require python-pip, make ensurepip work with zypper + +------------------------------------------------------------------- +Wed Dec 4 13:21:26 UTC 2013 - matz@suse.de + +- add ppc64le (ELFv2) support for libffi copy for ctypes module +- Adjust Python-3.3.0b2-multilib.patch for ppc64le (make sys.lib be + "lib64"). +- added patches: + * libffi-ppc64le.diff +------------------------------------------------------------------- +Tue Dec 3 09:51:43 UTC 2013 - adrian@suse.de + +- add ppc64le rules + +------------------------------------------------------------------- +Fri Nov 22 13:17:23 UTC 2013 - speilicke@suse.com + +- Add python-3.3.3-skip-distutils-test_sysconfig_module.patch: + + Disable global and distutils sysconfig comparison test, we deviate + from the default depending on optflags + +------------------------------------------------------------------- +Tue Nov 19 14:28:41 UTC 2013 - jmatejek@suse.com + +- update to 3.3.3 + * bugfix-only release + * many SSL-related fixes + * upstream fix for CVE-2013-4238 + * upstream fixes for CVE-2013-1752 +- move example module xxlimited to python3-testsuite +- drop CVE-2013-4238_py33.patch - it is upstreamed +- remove --with-wide-unicode config option, it is now the default + (and only) choice +- don't touch anything between make and makeinstall +- drop python-3.2b2-buildtime-generate.patch - the issue was caused + by touching things between make and makeinstall +- link pycache entries for import_failed hooks properly + +------------------------------------------------------------------- +Tue Oct 15 17:44:08 UTC 2013 - crrodriguez@opensuse.org + +- build with -DOPENSSL_LOAD_CONF for the same reasons + described in the python2 package. + +------------------------------------------------------------------- +Fri Aug 16 11:35:15 UTC 2013 - jmatejek@suse.com + +- handle NULL bytes in certain fields of SSL certificates + (CVE-2013-4238, bnc#834601) + +------------------------------------------------------------------- +Thu Aug 8 14:54:49 UTC 2013 - dvaleev@suse.com + +- Exclue test_faulthandler from tests on powerpc due to bnc#831629 + +------------------------------------------------------------------- +Thu Jun 13 15:05:34 UTC 2013 - jmatejek@suse.com + +- update to 3.3.2 + * bugfix-only release + * fixes several regressions introduced in 3.3.1 +- switch to xz compression +- move _lzma module to python3-base +- python-3.3.2-no-REUSEPORT.patch to fix build on kernels without SO_REUSEPORT + +------------------------------------------------------------------- +Mon Apr 29 22:32:43 UTC 2013 - schwab@suse.de + +- Readd missing bits from ctypes-libffi-aarch64.patch + +------------------------------------------------------------------- +Sat Apr 13 07:56:51 UTC 2013 - idonmez@suse.com + +- Update to version 3.3.1 + * Fix the –enable-profiling configure switch. + * In IDLE, close the replace dialog after it is used. +- Too many bugfixes to list here, + see See http://hg.python.org/cpython/file/v3.3.0/Misc/NEWS +- Refresh Python-3.3.0b2-multilib.patch +- Refresh python-3.2b2-buildtime-generate.patch +- Drop upstream patches: ctypes-libffi-aarch64.patch, + python-3.2.3rc2-pypirc-secure.patch, python-3.3.0-getdents64.patch + +------------------------------------------------------------------- +Mon Apr 8 11:25:30 UTC 2013 - speilicke@suse.com + +- Exclude sqlite/test and tk/test directories from the respective + sub-packages. These are owned by the testsuite sub-package already + +------------------------------------------------------------------- +Fri Apr 5 12:59:20 UTC 2013 - idonmez@suse.com + +- Add Source URL, see https://en.opensuse.org/title=SourceUrls + +------------------------------------------------------------------- +Wed Apr 3 15:36:04 UTC 2013 - jmatejek@suse.com + +- remove spurious modification of python-3.3.0b1-localpath.patch + that would force installation into /usr/local. + this fixes bnc#809831 + +------------------------------------------------------------------- +Thu Mar 28 18:38:51 UTC 2013 - jmatejek@suse.com + +- replace broken movetogetdents64.diff patch with a correct one + from upstream repo (python-3.3.0-getdents64.patch) + +------------------------------------------------------------------- +Fri Mar 1 07:42:21 UTC 2013 - dmueller@suse.com + +- add ctypes-libffi-aarch64.patch: + * import aarch64 support for libffi in _ctypes module +- add aarch64 to the list of lib64 based archs +- add movetogetdents64.diff: + * port to getdents64, as SYS_getdents is not implemented everywhere + +------------------------------------------------------------------- +Tue Feb 26 08:57:55 UTC 2013 - saschpe@suse.de + +- /etc/rpm/macros.python3 is no %config, it is not meant to be changed + by users. +- Add rpmlintrc with some obvious filters + +------------------------------------------------------------------- +Mon Jan 28 18:14:39 UTC 2013 - jmatejek@suse.com + +- update baselibs for new version of libpython3 + +------------------------------------------------------------------- +Thu Nov 29 17:02:37 UTC 2012 - jmatejek@suse.com + +- fix include path in macros (bnc#787526) +- implement failed import handlers for modules that live in + subpackages - e.g. "import ssl" will now throw a sensible error + message telling you to install "python3" + +------------------------------------------------------------------- +Wed Nov 28 17:02:07 UTC 2012 - jmatejek@suse.com + +- merge python3-xml into python3 +- merge python3-2to3 library into python3-base + and the 2to3 binary into python3-devel + (python3-devel is now in conflict with python-2to3, which + will be dropped) +- enable --with-system-expat for python3, making the xml modules + (and thus python3) depend on expat +- reconfigure tests to disable network and GUI resources, which + the upstream apparently thought is a good idea to enable by default. + this fixes build failures in Factory +- add lzma-devel to build the _lzma module +- moved %dynlib macro definition to common section + +------------------------------------------------------------------- +Mon Nov 5 20:01:46 UTC 2012 - coolo@suse.com + +- buildrequire timezone for the test suite + +------------------------------------------------------------------- +Mon Oct 29 18:21:45 UTC 2012 - dmueller@suse.com + +- disable more checks for qemu builds as they use syscalls not + implemented yet + +------------------------------------------------------------------- +Thu Oct 25 08:14:36 UTC 2012 - Rene.vanPaassen@gmail.com + +- exclude test_math for SLE 11; math library fails on negative + gamma function values close to integers and 0, probably + due to imprecision in -lm on SLE_11_SP2. + +------------------------------------------------------------------- +Tue Oct 16 12:15:34 UTC 2012 - coolo@suse.com + +- buildrequire libbz2-devel explicitly + +------------------------------------------------------------------- +Mon Oct 8 14:33:08 UTC 2012 - jmatejek@suse.com + +- remove distutils.cfg (bnc#658604) + * this changes default prefix for distutils to /usr + * see ML for details: +http://lists.opensuse.org/opensuse-packaging/2012-09/msg00254.html + +------------------------------------------------------------------- +Mon Oct 1 08:53:03 UTC 2012 - idonmez@suse.com + +- Update to final 3.3.0 release + * See http://hg.python.org/cpython/file/v3.3.0/Misc/NEWS + +------------------------------------------------------------------- +Thu Sep 27 12:35:01 UTC 2012 - idonmez@suse.com + +- Correct dependency for python3-testsuite, + python3-tkinter -> python3-tk + +------------------------------------------------------------------- +Thu Aug 23 13:08:11 UTC 2012 - jmatejek@suse.com + +- update to 3.3.0 RC1 + +------------------------------------------------------------------- +Fri Aug 3 12:09:34 UTC 2012 - jmatejek@suse.com + +- update to 3.3.0 beta 1 + * flexible string representation, no longer distinguishing + between wide and narrow Unicode builds + * importlib-based import system + * virtualenv support in core + * namespace packages + * explicit Unicode literals for easier porting + * key-sharing dict implementation reduces memory footprint + of OO code + * hash randomization on by default + * many other new bugfixes and features, check NEWS for details + +- pre_checkin.sh now autofills various version strings in specs +- ship hashlib's fallback modules - those uselessly take up space + when real _hashlib.so from python3 is present, but the space wasted + is only 114kB and it provides python3-base with a working hashlib + module. + (also, this fixes bnc#743787) + +------------------------------------------------------------------- +Fri Jul 27 09:02:41 UTC 2012 - dvaleev@suse.com + +- skip test_io on ppc +- drop test_io ppc patch + +------------------------------------------------------------------- +Thu Jun 28 07:57:58 UTC 2012 - saschpe@suse.de + +- Satisfy source_validator by uncommenting an otherwise unused "Patch" + line + +------------------------------------------------------------------- +Tue Jun 12 15:39:08 UTC 2012 - adrian@suse.de + +- fix logic of checks exclusion + +------------------------------------------------------------------- +Fri May 18 11:50:27 UTC 2012 - idonmez@suse.com + +- update to 3.2.3 + * No changes since rc2 + +------------------------------------------------------------------- +Thu Mar 29 15:44:33 UTC 2012 - jmatejek@suse.com + +- update to 3.2.3rc2 + * fixes several security issues: + * CVE-2012-0845, bnc#747125 + * CVE-2012-1150, bnc#751718 + * CVE-2011-4944, bnc#754447 + * CVE-2011-3389, bnc#754677 +- fix for insecure .pypirc (CVE-2011-4944, bnc#754447) +- disable test_gdb because it is broken by our gdb + +------------------------------------------------------------------- +Thu Feb 16 12:33:12 UTC 2012 - dvaleev@suse.com + +- skip broken test_io test on ppc + +------------------------------------------------------------------- +Wed Jan 18 15:49:47 UTC 2012 - jmatejek@suse.com + +- update to 3.2.2 + * bugfix-only release + * reports "linux2" as sys.platform regardless of Linux kernel +- added pre_checkin.sh to copy common spec sections to python3.spec +- added PACKAGING-NOTES with some helpful info for packagers + +------------------------------------------------------------------- +Sun Dec 25 13:25:01 UTC 2011 - idonmez@suse.com + +- Use system ffi, included one is broken see + http://bugs.python.org/issue11729 and + http://bugs.python.org/issue12081 + +------------------------------------------------------------------- +Fri Dec 9 17:19:55 UTC 2011 - jmatejek@suse.com + +- license.opensuse.org-compatible license headers + +------------------------------------------------------------------- +Fri Dec 2 16:46:44 UTC 2011 - coolo@suse.com + +- add automake as buildrequire to avoid implicit dependency + +------------------------------------------------------------------- +Thu Nov 24 12:42:25 UTC 2011 - agraf@suse.com + +- fix ARM build (exclude some test cases which break for us) + +------------------------------------------------------------------- +Tue Aug 16 17:02:22 UTC 2011 - termim@gmail.com + +- use sysconfig module to get py3_incdir, py3_abiflags, + py3_soflags, python3_sitelib and python3_sitearch + +------------------------------------------------------------------- +Mon Jul 18 16:22:31 UTC 2011 - jmatejek@novell.com + +- update to 3.2.1 + * bugfix-only release, no major changes +- fix build on linux3 platform +- remove upstreamed pybench patch +- install /usr/lib directories in all cases to prevent spurious + "directory not owned" in dependent packages + +------------------------------------------------------------------- +Wed Jun 15 14:16:38 UTC 2011 - jmatejek@novell.com + +- replaced dynamic so version with manual so version, because + autobuild does not support autogeneration + +------------------------------------------------------------------- +Tue May 24 13:39:06 UTC 2011 - jmatejek@novell.com + +- generate macros.python3 at compile-time with fixed values +- don't include bogus values in pyconfig.h, as they can break + third-party packages (bnc#673071) + +------------------------------------------------------------------- +Tue May 17 12:52:51 UTC 2011 - jmatejek@novell.com + +- added Obsoletes: python3 < 3.1 so that the transition from + non-split to split packages goes smoothly + +------------------------------------------------------------------- +Fri May 13 12:38:19 UTC 2011 - jmatejek@novell.com + +- fixed RPM macros to use python3 instead of python +- updated to build --with-wide-unicode (for compatibility with + fedora and our own python 2.x series) + +------------------------------------------------------------------- +Thu Apr 21 03:39:25 UTC 2011 - termim@gmail.com + +- fix python3-base build failure due to pybench.py crash by + python-3.2-pybench.patch +- move pyconfig.h from python3-devel to python3-base package to + make python3-base functional again + +------------------------------------------------------------------- +Wed Mar 23 04:26:28 UTC 2011 - termim@gmail.com + +- update to python 3.2 + * stable ABI, ABI-tagged .so files + * concurrent.futures and many other new or upgraded modules + * PYC repository directories ( __pycache__ ) + * python WSGI 1.0.1 + * Unicode 6.0.0 support + * a great number of bugfixes and assorted improvements + +------------------------------------------------------------------- +Tue Feb 8 19:42:17 CET 2011 - matejcik@suse.cz + +- update to python 3.2 RC2 +- renamed python3-demo to python3-tools, because the demo part + became much smaller than the tools part +- added rpm macros + +------------------------------------------------------------------- +Tue Jan 18 14:13:04 UTC 2011 - jmatejek@novell.com + +- update to python 3.2 beta 2, see NEWS for details +- split off -base package with less dependencies, and a shlib-policy + compliant libpython3 package +- mostly rewritten the spec file with more detailed comments +- cleaned up lists of patches + diff --git a/python311.spec b/python311.spec new file mode 100644 index 0000000..8ca6d89 --- /dev/null +++ b/python311.spec @@ -0,0 +1,1046 @@ +# +# spec file for package python311 +# +# Copyright (c) 2024 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%global flavor @BUILD_FLAVOR@%{nil} +%if "%{flavor}" == "doc" +%define psuffix -documentation +%bcond_without doc +%bcond_with base +%bcond_with general +%endif +%if "%{flavor}" == "base" +%define psuffix -core +%bcond_with doc +%bcond_without base +%bcond_with general +%endif +%if "%{flavor}" == "" +%define psuffix %{nil} +%bcond_with doc +%bcond_with base +%bcond_without general +%endif + +%if 0%{?do_profiling} +%bcond_without profileopt +%else +%bcond_with profileopt +%endif + +%define python_pkg_name python311 +%if "%{python_pkg_name}" == "%{primary_python}" +%define primary_interpreter 1 +%else +%define primary_interpreter 0 +%endif + +# Setting up variables +%define _version %(c=%{version}; echo ${c/[a-z]*/}) +%define tar_suffix %(c=%{_version}; echo ${c#%{_version}}) +%define python_version %(echo %{_version}|cut -d. -f1-2) +# based on the current source tarball +%define python_version_abitag %(c=%{python_version}; echo ${c//./}) +# FIXME %%define python_version_soname %%(c=%%{python_version}; echo ${c//./_}) +%define python_version_soname 3_11 +%if 0%(test -n "%{tar_suffix}" && echo 1) +%define _version %(echo "%{_version}~%{tar_suffix}") +%define tarversion %{version} +%else +%define tarversion %{version} +%endif +# We don't process beta signs well +%define folderversion %{tarversion} +%define tarname Python-%{tarversion} +%define sitedir %{_libdir}/python%{python_version} +# three possible ABI kinds: m - pymalloc, d - debug build; see PEP 3149 +%define abi_kind %{nil} +# python ABI version - used in some file names +%define python_abi %{python_version}%{abi_kind} +# soname ABI tag defined in PEP 3149 +%define abi_tag %{python_version_abitag}%{abi_kind} +# version part of "libpython" package +%define so_major 1 +%define so_minor 0 +%define so_version %{python_version_soname}%{abi_kind}-%{so_major}_%{so_minor} +# rpm and python have different ideas about what is an arch-dependent name, so: +%if "%{__isa_name}" == "ppc" +%define archname %(echo %{_arch} | sed s/ppc/powerpc/) +%else +%define archname %{_arch} +%endif +# our arm has Hardware-Floatingpoint +%if "%{_arch}" == "arm" +%define armsuffix hf +%endif +# Decide whether we want to use mpdecimal +%if 0%{?suse_version} >= 1550 +%bcond_without mpdecimal +%else +%bcond_with mpdecimal +%endif +# pyexpat.cpython-35m-x86_64-linux-gnu +# pyexpat.cpython-35m-powerpc64le-linux-gnu +# pyexpat.cpython-35m-armv7-linux-gnueabihf +# _md5.cpython-38m-x86_64-linux-gnu.so +%define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so +%bcond_without profileopt +Name: %{python_pkg_name}%{psuffix} +Version: 3.11.10 +Release: 0 +Summary: Python 3 Interpreter +License: Python-2.0 +URL: https://www.python.org/ +Source0: https://www.python.org/ftp/python/%{folderversion}/%{tarname}.tar.xz +Source1: https://www.python.org/ftp/python/%{folderversion}/%{tarname}.tar.xz.asc +Source2: baselibs.conf +Source3: README.SUSE +Source4: externally_managed.in +Source7: macros.python3 +Source8: import_failed.py +Source9: import_failed.map +Source10: pre_checkin.sh +Source11: skipped_tests.py +Source19: idle3.desktop +Source20: idle3.appdata.xml +# content of bluez-devel: +# 1. sudo zypper --pkg-cache-dir /tmp install -f -d --no-recommends bluez-devel +# 2. rpm2cpio /tmp/*/*/bluez-devel-*.rpm|cpio -idu +# 3. mkdir Vendor && mv usr/include/* Vendor/ +# 4. tar cJf bluez-devel-vendor.tar.xz Vendor/ +Source21: bluez-devel-vendor.tar.xz +Source98: python311-rpmlintrc +# Tarball is signed by the GPG key of Pablo Galindo Salgado (0x64E628F8D684696D) +# https://keybase.io/pablogsal/pgp_keys.asc?fingerprint=a035c8c19219ba821ecea86b64e628f8d684696d +Source99: python.keyring +# The following files are not used in the build. +# They are listed here to work around missing functionality in rpmbuild, +# which would otherwise exclude them from distributed src.rpm files. +Source100: PACKAGING-NOTES +# PATCH-FEATURE-UPSTREAM F00251-change-user-install-location.patch bsc#[0-9]+ mcepl@suse.com +# Fix installation in /usr/local (boo#1071941), originally from Fedora +# https://src.fedoraproject.org/rpms/python3.12/blob/rawhide/f/00251-change-user-install-location.patch +# Set values of prefix and exec_prefix in distutils install command +# to /usr/local if executable is /usr/bin/python* and RPM build +# is not detected to make pip and distutils install into separate location +Patch02: F00251-change-user-install-location.patch +# PATCH-FEATURE-UPSTREAM distutils-reproducible-compile.patch gh#python/cpython#8057 mcepl@suse.com +# Improve reproduceability +Patch03: distutils-reproducible-compile.patch +# support finding packages in /usr/local, install to /usr/local by default +Patch04: python-3.3.0b1-localpath.patch +# replace DATE, TIME and COMPILER by fixed definitions to aid reproducible builds +Patch05: python-3.3.0b1-fix_date_time_compiler.patch +# POSIX_FADV_WILLNEED throws EINVAL. Use a different constant in test +Patch06: python-3.3.0b1-test-posix_fadvise.patch +# Raise timeout value for test_subprocess +Patch07: subprocess-raise-timeout.patch +# PATCH-FEATURE-UPSTREAM bpo-31046_ensurepip_honours_prefix.patch bpo#31046 mcepl@suse.com +# ensurepip should honour the value of $(prefix) +Patch08: bpo-31046_ensurepip_honours_prefix.patch +# PATCH-FIX-SLE no-skipif-doctests.patch jsc#SLE-13738 mcepl@suse.com +# SLE-15 version of Sphinx doesn't know about skipif directive in doctests. +Patch09: no-skipif-doctests.patch +# PATCH-FIX-SLE skip-test_pyobject_freed_is_freed.patch mcepl@suse.com +# skip a test failing on SLE-15 +Patch10: skip-test_pyobject_freed_is_freed.patch +# PATCH-FIX-SLE fix_configure_rst.patch bpo#43774 mcepl@suse.com +# remove duplicate link targets and make documentation with old Sphinx in SLE +Patch11: fix_configure_rst.patch +# PATCH-FIX-UPSTREAM skip_if_buildbot-extend.patch gh#python/cpython#103053 mcepl@suse.com +# Skip test_freeze_simple_script +Patch13: skip_if_buildbot-extend.patch +# PATCH-FIX-UPSTREAM bsc1221260-test_asyncio-ResourceWarning.patch bsc#1221260 mcepl@suse.com +# prevent ResourceWarning in test_asyncio tests +Patch15: bsc1221260-test_asyncio-ResourceWarning.patch +# PATCH-FIX-OPENSUSE CVE-2023-52425-libexpat-2.6.0-backport.patch +# This problem on libexpat is patched on SLE without version +# update, this patch changes the tests to match the libexpat provided +# by SUSE +Patch16: CVE-2023-52425-libexpat-2.6.0-backport.patch +Patch17: CVE-2023-52425-remove-reparse_deferral-tests.patch +# PATCH-FIX-UPSTREAM bso1227999-reproducible-builds.patch bsc#1227999 mcepl@suse.com +# reproducibility patches +Patch19: bso1227999-reproducible-builds.patch +# PATCH-FIX-UPSTREAM gh120226-fix-sendfile-test-kernel-610.patch gh#python/cpython#120226 mcepl@suse.com +# Fix test_sendfile_close_peer_in_the_middle_of_receiving on Linux >= 6.10 (GH-120227) +Patch22: gh120226-fix-sendfile-test-kernel-610.patch +BuildRequires: autoconf-archive +BuildRequires: automake +BuildRequires: fdupes +BuildRequires: gmp-devel +BuildRequires: lzma-devel +BuildRequires: netcfg +BuildRequires: openssl-devel +BuildRequires: pkgconfig +BuildRequires: xz +BuildRequires: pkgconfig(bzip2) +BuildRequires: pkgconfig(expat) +BuildRequires: pkgconfig(libffi) +BuildRequires: pkgconfig(uuid) +BuildRequires: pkgconfig(zlib) +#!BuildIgnore: gdk-pixbuf-loader-rsvg +%if 0%{?suse_version} >= 1550 +# The provider for python(abi) is in rpm-build-python +BuildRequires: rpm-build-python +%endif +%if 0%{?suse_version} >= 1500 && 0%{?suse_version} < 1599 +BuildRequires: pkgconfig(libnsl) +BuildRequires: pkgconfig(libtirpc) +%endif +%if %{with mpdecimal} +BuildRequires: mpdecimal-devel +%endif +%if %{with doc} +BuildRequires: python3-Sphinx >= 4.0.0 +%if 0%{?suse_version} >= 1500 +BuildRequires: python3-python-docs-theme >= 2022.1 +%endif +%endif +%if %{with general} +# required for idle3 (.desktop and .appdata.xml files) +BuildRequires: appstream-glib +BuildRequires: gcc-c++ +BuildRequires: gdbm-devel +BuildRequires: gettext +BuildRequires: readline-devel +BuildRequires: sqlite-devel +BuildRequires: timezone +BuildRequires: pkgconfig(ncurses) +BuildRequires: pkgconfig(tk) +BuildRequires: pkgconfig(x11) +Requires: %{python_pkg_name}-base = %{version} +Provides: %{python_pkg_name}-readline +Provides: %{python_pkg_name}-sqlite3 +Recommends: %{python_pkg_name}-curses +Recommends: %{python_pkg_name}-dbm +Recommends: %{python_pkg_name}-pip +%if %{primary_interpreter} +Provides: python3 = %{python_version} +Provides: python3-readline +Provides: python3-sqlite3 +%endif +%endif +%{?suse_build_hwcaps_libs} + +%description +Python 3 is modern interpreted, object-oriented programming language, +often compared to Tcl, Perl, Scheme, or Java. You can find an overview +of Python in the documentation and tutorials included in the python3-doc +package. + +This package supplies rich command line features provided by readline, +and sqlite3 support for the interpreter core, thus forming a so called +"extended" runtime. +Installing "python3" is sufficient for the vast majority of usecases. +In addition, recommended packages provide UI toolkit support (python3-curses, +python3-tk), legacy UNIX database bindings (python3-dbm), and the IDLE +development environment (python3-idle). + +%package -n %{python_pkg_name}-tk +Summary: TkInter, a Python Tk Interface +Requires: %{python_pkg_name} = %{version} +%if %{primary_interpreter} +Provides: python3-tk = %{version} +%endif + +%description -n %{python_pkg_name}-tk +Python interface to Tk. Tk is the GUI toolkit that comes with Tcl. + +%package -n %{python_pkg_name}-curses +Summary: Python Interface to the (N)Curses Library +Requires: %{python_pkg_name} = %{version} +%if %{primary_interpreter} +Provides: python3-curses +%endif + +%description -n %{python_pkg_name}-curses +An easy to use interface to the (n)curses CUI library. CUI stands for +Console User Interface. + +%package -n %{python_pkg_name}-dbm +Summary: Python Interface to the GDBM Library +Requires: %{python_pkg_name} = %{version} +%if %{primary_interpreter} +Provides: python3-dbm +%endif + +%description -n %{python_pkg_name}-dbm +An easy to use interface for Unix DBM databases, and more specifically, +the GNU implementation GDBM. + +%package -n %{python_pkg_name}-idle +Summary: An Integrated Development Environment for Python +Requires: %{python_pkg_name} = %{version} +Requires: %{python_pkg_name}-tk +%if %{primary_interpreter} +Provides: python3-idle = %{version} +%endif + +%description -n %{python_pkg_name}-idle +IDLE is a Tkinter based integrated development environment for Python. +It features a multi-window text editor with multiple undo, Python +colorizing, and many other things, as well as a Python shell window and +a debugger. + +%package -n %{python_pkg_name}-doc +Summary: Package Documentation for Python 3 +Enhances: %{python_pkg_name} = %{python_version} +%if %{primary_interpreter} +Provides: python3-doc = %{version} +%endif + +%description -n %{python_pkg_name}-doc +Tutorial, Global Module Index, Language Reference, Library Reference, +Extending and Embedding Reference, Python/C API Reference, Documenting +Python, and Macintosh Module Reference in HTML format. + +%package -n %{python_pkg_name}-doc-devhelp +Summary: Additional Package Documentation for Python 3 in devhelp format +%if %{primary_interpreter} +Provides: python3-doc-devhelp = %{version} +%endif + +%description -n %{python_pkg_name}-doc-devhelp +Tutorial, Global Module Index, Language Reference, Library Reference, +Extending and Embedding Reference, Python/C API Reference, Documenting +Python, and Macintosh Module Reference in format for devhelp. + +%package -n %{python_pkg_name}-base +Summary: Python 3 Interpreter and Stdlib Core +Requires: libpython%{so_version} = %{version} +Recommends: %{python_pkg_name} = %{version} +#Recommends: python3-ensurepip +# python 3.1 didn't have a separate python-base, so it is wrongly +# not a conflict to have python3-3.1 and python3-base > 3.1 +Obsoletes: python3 < 3.2 +# no Provides, because python3 is obviously provided by package python3 +# python 3.4 provides asyncio +Provides: %{python_pkg_name}-asyncio = %{version} +# python 3.6 provides typing +Provides: %{python_pkg_name}-typing = %{version} +# python3-xml was merged into python3, now moved into -base +Provides: %{python_pkg_name}-xml = %{version} +%if %{primary_interpreter} +Provides: python3-asyncio = %{version} +Obsoletes: python3-asyncio < %{version} +Provides: python3-base = %{version} +Obsoletes: python3-base < %{version} +Provides: python3-typing = %{version} +Obsoletes: python3-typing < %{version} +Provides: python3-xml = %{version} +Obsoletes: python3-xml < %{version} +%endif + +%description -n %{python_pkg_name}-base +Python is an interpreted, object-oriented programming language, and is +often compared to Tcl, Perl, Scheme, or Java. You can find an overview +of Python in the documentation and tutorials included in the python-doc +package. + +This package contains the interpreter core and most commonly used modules +from the standard library. This is sufficient for many usecases, but it +excludes components that depend on external libraries, most notably XML, +database and UI toolkits support. + +%package -n %{python_pkg_name}-tools +Summary: Python Utility and Demonstration Scripts +Requires: %{python_pkg_name}-base = %{version} +Provides: %{python_pkg_name}-2to3 = %{version} +Provides: %{python_pkg_name}-demo = %{version} +%if %{primary_interpreter} +Provides: python3-2to3 = %{version} +Provides: python3-demo = %{version} +Provides: python3-tools = %{version} +Obsoletes: python3-2to3 < %{version} +Obsoletes: python3-demo < %{version} +%endif + +%description -n %{python_pkg_name}-tools +A number of scripts that are useful for building, testing or extending Python, +and a set of demonstration programs. + +%package -n %{python_pkg_name}-devel +Summary: Include Files and Libraries Mandatory for Building Python Modules +Requires: %{python_pkg_name}-base = %{version} +%if %{primary_interpreter} +Provides: python3-devel = %{version} +%endif + +%description -n %{python_pkg_name}-devel +The Python programming language's interpreter can be extended with +dynamically loaded extensions and can be embedded in other programs. + +This package contains header files, a static library, and development +tools for building Python modules, extending the Python interpreter or +embedding Python in applications. + +This also includes the Python distutils, which were in the Python +package up to version 2.2.2. + +%package -n %{python_pkg_name}-testsuite +Summary: Unit tests for Python and its standard library +Requires: %{python_pkg_name} = %{version} +Requires: %{python_pkg_name}-tk = %{version} +%if %{primary_interpreter} +Provides: python3-testsuite = %{version} +%endif + +%description -n %{python_pkg_name}-testsuite +Unit tests that are useful for verifying integrity and functionality +of the installed Python interpreter and standard library. +They are a documented part of stdlib, as a module 'test'. + +%package -n libpython%{so_version} +Summary: Python Interpreter shared library +Requires: %{python_pkg_name}-base >= %{version} + +%description -n libpython%{so_version} +Python is an interpreted, object-oriented programming language, and is +often compared to Tcl, Perl, Scheme, or Java. You can find an overview +of Python in the documentation and tutorials included in the python-doc +(HTML) or python-doc-pdf (PDF) packages. + +This package contains libpython3.2 shared library for embedding in +other applications. + +%prep +%setup -q -n %{tarname} + +%patch -p1 -P 02 +%patch -p1 -P 03 +%patch -p1 -P 04 +%patch -p1 -P 05 +%patch -p1 -P 06 +%patch -p1 -P 07 +%patch -p1 -P 08 + +%if 0%{?suse_version} <= 1500 +%patch -P 09 -p1 +%endif + +%patch -p1 -P 10 +%patch -p1 -P 11 +%patch -p1 -P 13 +%patch -p1 -P 15 +%patch -p1 -P 16 +%patch -p1 -P 17 +%patch -p1 -P 19 +%patch -p1 -P 22 + +# drop Autoconf version requirement +sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac + +%if %{primary_interpreter} +# fix shebangs - convert /usr/local/bin/python and /usr/bin/env/python to /usr/bin/python3 +for dir in Lib Tools; do + # find *.py, filter to files that contain bad shebangs + # break up "/""usr" like this to prevent replacing with %%{_prefix} + find $dir -name '*.py' -type f -print0 \ + | xargs -0 grep -lE '^#! *(/''usr/.*bin/(env +)?)?python' \ + | xargs sed -r -i -e '1s@^#![[:space:]]*(/''usr/(local/)?bin/(env +)?)?python([0-9]+(\.[0-9]+)?)?@#!%{_bindir}/python3@' +done +%else +# For non-primary Python, just don't bother (bsc#1193179) and remove all +# those shebangs +for dir in Lib Tools; do + find $dir -name '*.py' -type f -exec sed -i '1{/^#!.*python/ d}' '{}' \; +done +# We shortened the file Lib/pdb.py so we have to move the test breakpoint location +sed -i -e '/Breakpoint 3 at ...pdb.py:97/s/97/96/' Lib/test/test_pdb.py +%endif + +# drop in-tree libffi and expat +rm -r Modules/_ctypes/libffi* Modules/_ctypes/darwin +# Cannot remove it because of gh#python/cpython#92875 +# rm -r Modules/expat + +# drop duplicate README from site-packages +rm Lib/site-packages/README.txt + +# Add vendored bluez-devel files +tar xvf %{SOURCE21} + +# Don't fail on warnings when building documentation +sed -i -e '/^SPHINXERRORHANDLING/s/-W//' Doc/Makefile + +%build +%if %{with doc} +TODAY_DATE=`date -r %{SOURCE0} "+%%B %%d, %%Y"` +# TODO use not date of tarball but date of latest patch + +cd Doc +sed -i "s/^today = .*/today = '$TODAY_DATE'/" conf.py +%make_build -j1 html + +# Build also devhelp files +sphinx-build -a -b devhelp . build/devhelp +rm -rfv build/devhelp/.doctrees +%else +%define _lto_cflags %{nil} +# use rpm_opt_flags +export OPT="%{optflags} -DOPENSSL_LOAD_CONF -fwrapv $(pkg-config --cflags-only-I libffi) -fno-semantic-interposition" + +touch -r %{SOURCE0} Makefile.pre.in + +autoreconf -fvi + +%if 0%{?sles_version} +sed -e 's/-fprofile-correction//' -i Makefile.pre.in +%endif + +export CFLAGS="%{optflags} -IVendor/" + +%configure \ + --with-platlibdir=%{_lib} \ + --docdir=%{_docdir}/python \ + --enable-ipv6 \ + --enable-shared \ + --with-ensurepip=no \ + --with-system-ffi \ + --with-system-expat \ + --with-lto \ +%if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150400 + --with-ssl-default-suites=openssl \ +%endif +%if %{with profileopt} + --enable-optimizations \ +%endif +%if %{with mpdecimal} + --with-system-libmpdec \ +%endif + --enable-loadable-sqlite-extensions + +# prevent make from trying to rebuild PYTHON_FOR_GEN stuff +# %%make_build -t Python/Python-ast.c \ + # Include/Python-ast.h \ + # Objects/typeslots.inc \ + # Python/opcode_targets.h \ + # Include/opcode.h +%make_build + +%if %{with general} +%make_build +%endif +%if %{with base} +%if %{with profileopt} + target=profile-opt +%else + target=all +%endif +LD_LIBRARY_PATH=.:$LD_LIBRARY_PATH \ + %make_build $target +%endif +%endif + +%check +export SUSE_VERSION="0%{?suse_version}" +export SLE_VERSION="0%{?sle_version}" +%if %{with general} +# exclude test_gdb -- it doesn't run in buildservice anyway, and fails on missing debuginfos +# when you install gdb into your test env +EXCLUDE="test_gdb" +# we patch out the message to recommend zypper in and thus this would fail +EXCLUDE="$EXCLUDE test_pydoc" + +%ifarch %{arm} s390x +# test_multiprocessing_forkserver is racy +EXCLUDE="$EXCLUDE test_multiprocessing_forkserver" +%endif +%ifarch ppc ppc64 ppc64le +# exclue test_faulthandler due to bnc#831629 +EXCLUDE="$EXCLUDE test_faulthandler" +%endif +# some tests break in QEMU +%if 0%{?qemu_user_space_build} +EXCLUDE="$EXCLUDE test_faulthandler test_multiprocessing_forkserver test_multiprocessing_spawn test_os test_posix test_signal test_socket test_subprocess" +%endif + +# This test (part of test_uuid) requires real network interfaces +# so that ifconfig output has "HWaddr ". Some kvm instances +# done have any such interface breaking the uuid module. +EXCLUDE="$EXCLUDE test_uuid" + +# bsc#1195140 and bpo#37169 - test_capi is failing on openSUSE, and not sure why +EXCLUDE="$EXCLUDE test_capi" + +# Limit virtual memory to avoid spurious failures +if test $(ulimit -v) = unlimited || test $(ulimit -v) -gt 10000000; then + ulimit -v 11000000 || : +fi + +# test_freeze_simple_script in test.test_tools.test_freeze.TestFreeze +# uses CONFIG_ARGS to run ./configure. +export CONFIG_ARGS="--enable-ipv6 --enable-shared --with-ensurepip=no \ + --with-system-ffi --with-system-expat --with-lto --enable-optimizations \ + --with-system-libmpdec --enable-loadable-sqlite-extensions" + +export PYTHONPATH="$(pwd -P)/Lib" +# Use timeout, like make target buildbottest +# We cannot run tests parallel, because osc build environment doesn’t +# have /dev/shm +%make_build -j1 test TESTOPTS="-u curses -v -x $EXCLUDE --timeout=5400" +# use network, be verbose: +#make test TESTOPTS="-l -u network -v" +%endif + +%install +%if %{with doc} +export PDOCS=%{buildroot}%{_docdir}/python%{python_version} +mkdir -p $PDOCS +# generated docs +rm Doc/build/*/.buildinfo +cp -r Doc/build/html $PDOCS +# misc +install -d -m 755 $PDOCS/Misc +rm Misc/README.AIX +for i in Misc/* ; do + [ -f $i ] && install -c -m 644 $i $PDOCS/Misc/ +done +# devhelp +mkdir -p %{buildroot}%{_datadir}/gtk-doc/html +cp -r Doc/build/devhelp %{buildroot}%{_datadir}/gtk-doc/html/Python%{python_version} +rm -rf %{buildroot}%{_datadir}/gtk-doc/html/Python%{python_version}/.doctrees +%endif +%if %{with general} +%make_install + +# clean out stuff that is in python-base and subpackages + +find %{buildroot}%{_bindir} -mindepth 1 -not -name "*idle3*" -print -delete +rm %{buildroot}%{_libdir}/lib* +rm -r %{buildroot}%{_libdir}/pkgconfig +rm -r %{buildroot}%{_mandir}/* +rm -r %{buildroot}%{_includedir}/* + +rm -r %{buildroot}%{sitedir}/config* +find %{buildroot}%{sitedir} -name "*.egg-info" -delete +rm -r %{buildroot}%{sitedir}/__pycache__ +rm -r %{buildroot}%{sitedir}/site-packages +rm %{buildroot}%{sitedir}/*.* + +for module in \ + asyncio ctypes collections concurrent distutils email encodings \ + ensurepip html http re \ + importlib json logging multiprocessing pydoc_data unittest \ + urllib venv wsgiref lib2to3 test tomllib turtledemo \ + xml xmlrpc zoneinfo __phello__ +do + rm -r %{buildroot}%{sitedir}/$module +done + +for library in \ + array _asyncio audioop binascii _bisect _bz2 cmath _codecs_* \ + _contextvars _crypt _csv _ctypes _datetime _decimal fcntl grp \ + _hashlib _heapq _json _lsprof _lzma math mmap _multibytecodec \ + _multiprocessing _opcode ossaudiodev _pickle _posixshmem \ + _posixsubprocess _queue _random resource select _ssl _socket spwd \ + _statistics _struct syslog termios _testbuffer _testimportmultiple \ + _testmultiphase unicodedata zlib _ctypes_test _testinternalcapi _testcapi \ + _typing _testclinic xxlimited xxlimited_35 \ + _xxtestfuzz _xxsubinterpreters _elementtree pyexpat _md5 _sha1 \ + _sha256 _sha512 _blake2 _sha3 _uuid _zoneinfo +do + eval rm "%{buildroot}%{sitedir}/lib-dynload/$library.*" +done + +# Idle is not packaged in base due to the appstream-glib dependency +# move idle config into /etc +install -d -m 755 %{buildroot}%{_sysconfdir}/idle%{python_version} +( + cd %{buildroot}/%{sitedir}/idlelib/ + for file in *.def ; do + mv $file %{buildroot}%{_sysconfdir}/idle%{python_version}/ + ln -sf %{_sysconfdir}/idle%{python_version}/$file %{buildroot}/%{sitedir}/idlelib/ + done +) + +# keep just idle3.X +rm %{buildroot}%{_bindir}/idle3 + +# install idle icons +for size in 16 32 48 ; do + install -m 644 -D Lib/idlelib/Icons/idle_${size}.png \ + %{buildroot}%{_datadir}/icons/hicolor/${size}x${size}/apps/idle%{python_version}.png +done + +# install idle desktop file +cp %{SOURCE19} idle%{python_version}.desktop +sed -i -e 's:idle3:idle%{python_version}:g' idle%{python_version}.desktop +install -m 644 -D -t %{buildroot}%{_datadir}/applications idle%{python_version}.desktop + +cp %{SOURCE20} idle%{python_version}.appdata.xml +sed -i -e 's:idle3.desktop:idle%{python_version}.desktop:g' idle%{python_version}.appdata.xml +install -m 644 -D -t %{buildroot}%{_datadir}/metainfo idle%{python_version}.appdata.xml +appstream-util validate-relax --nonet %{buildroot}%{_datadir}/metainfo/idle%{python_version}.appdata.xml + +%fdupes %{buildroot}/%{_libdir}/python%{python_version} +%endif +%if %{with base} +%make_install + +# remove .a +find %{buildroot} -name "*.a" -delete + +# install "site-packages" and __pycache__ for third parties +install -d -m 755 %{buildroot}%{sitedir}/site-packages +install -d -m 755 %{buildroot}%{sitedir}/site-packages/__pycache__ +# and their 32bit counterparts explicitly +mkdir -p %{buildroot}%{_prefix}/lib/python%{python_version}/site-packages/__pycache__ + +# cleanup parts that don't belong +for dir in curses dbm sqlite3 tkinter idlelib; do + find "%{buildroot}/%{sitedir}/$dir"/* -maxdepth 0 -name "test" -o -exec rm -rf {} + +done +rm -fv %{buildroot}%{dynlib nis} + +# overwrite the copied binary with a link +ln -sf python%{python_version} %{buildroot}%{_bindir}/python3 + +# decide to ship python3 or just python3.X +%if !%{primary_interpreter} +# base +rm %{buildroot}%{_bindir}/python3 +rm %{buildroot}%{_bindir}/pydoc3 +rm %{buildroot}%{_mandir}/man1/python3.1 +# devel +rm %{buildroot}%{_bindir}/python3-config +rm %{buildroot}%{_libdir}/libpython3.so +rm %{buildroot}%{_libdir}/pkgconfig/{python3,python3-embed}.pc +%endif + +%if %{suse_version} > 1550 +# PEP-0668 mark this as a distro maintained python +sed -e 's,__PYTHONPREFIX__,%{python_pkg_name},' -e 's,__PYTHON__,python%{python_version},' < %{SOURCE4} > %{buildroot}%{sitedir}/EXTERNALLY-MANAGED +%endif + +# link shared library instead of static library that tools expect +ln -s ../../libpython%{python_abi}.so %{buildroot}%{_libdir}/python%{python_version}/config-%{python_abi}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}/libpython%{python_abi}.so + +# delete idle3, which has to many packaging dependencies for base +rm %{buildroot}%{_bindir}/idle3* + +# delete the generic 2to3 binary if we are not primary +%if !%{primary_interpreter} +rm %{buildroot}%{_bindir}/2to3 +%endif + +# replace duplicate .pyo/.pyc with hardlinks +%fdupes %{buildroot}/%{sitedir} + +# documentation +export PDOCS=%{buildroot}%{_docdir}/%{name} +install -d -m 755 $PDOCS +install -c -m 644 %{SOURCE3} $PDOCS/ +install -c -m 644 README.rst $PDOCS/ + +# tools +for x in `find Tools/ \( -not -name Makefile \) -print | sort` ; do + test -d $x && ( install -c -m 755 -d $PDOCS/$x ) \ + || ( install -c -m 644 $x $PDOCS/$x ) +done +# gdb script is shipped with devel subpackage +rm -r $PDOCS/Tools/gdb +# clean up the bat files +find "$PDOCS" -name "*.bat" -delete + +# put gdb helper script into place +install -m 755 -D Tools/gdb/libpython.py %{buildroot}%{_datadir}/gdb/auto-load/%{_libdir}/libpython%{python_abi}.so.%{so_major}.%{so_minor}-gdb.py + +# install devel files to /config +#cp Makefile Makefile.pre.in Makefile.pre $RPM_BUILD_ROOT%%{sitedir}/config-%%{python_abi}/ + +# RPM macros +%if %{primary_interpreter} +mkdir -p %{buildroot}%{_rpmconfigdir}/macros.d/ +install -m 644 %{SOURCE7} %{buildroot}%{_rpmconfigdir}/macros.d/ # macros.python3 +%endif + +# import_failed hooks +FAILDIR=%{buildroot}/%{sitedir}/_import_failed +mkdir $FAILDIR +install -m 644 %{SOURCE8} %{SOURCE9} $FAILDIR # import_failed.* +LD_LIBRARY_PATH=. ./python -c "from py_compile import compile; compile('$FAILDIR/import_failed.py', dfile='%{sitedir}/_import_failed/import_failed.py')" +LD_LIBRARY_PATH=. ./python -O -c "from py_compile import compile; compile('$FAILDIR/import_failed.py', dfile='%{sitedir}/_import_failed/import_failed.py')" +( + cd $FAILDIR + while read package modules; do + for module in $modules; do + ln import_failed.py $module.py + pushd __pycache__ + for i in import_failed*; do + ln $i "$module${i#import_failed}" + done + popd + done + done < %{SOURCE9} +) +echo %{sitedir}/_import_failed > %{buildroot}/%{sitedir}/site-packages/zzzz-import-failed-hooks.pth +%endif + +# For the purposes of reproducibility, it is necessary to eliminate any *.pyc files inside documentation dirs +if [ -d %{buildroot}%{_defaultdocdir} ] ; then +find %{buildroot}%{_defaultdocdir} -type f -name \*.pyc -ls -exec rm -vf '{}' \; +fi + +%if %{with general} +%files -n %{python_pkg_name}-tk +%{sitedir}/tkinter +%exclude %{sitedir}/tkinter/test +%{dynlib _tkinter} + +%files -n %{python_pkg_name}-curses +%{sitedir}/curses +%{dynlib _curses} +%{dynlib _curses_panel} + +%files -n %{python_pkg_name}-dbm +%{sitedir}/dbm +%{dynlib _dbm} +%{dynlib _gdbm} + +%files -n %{python_pkg_name} +%dir %{sitedir} +%dir %{sitedir}/lib-dynload +%{sitedir}/sqlite3 +%exclude %{sitedir}/sqlite3/test +%{dynlib readline} +%{dynlib _sqlite3} +%if 0%{?suse_version} < 1599 +%{dynlib nis} +%endif + +%files -n %{python_pkg_name}-idle +%{sitedir}/idlelib +%dir %{_sysconfdir}/idle%{python_version} +%config %{_sysconfdir}/idle%{python_version}/* +%doc Lib/idlelib/README.txt +%doc Lib/idlelib/TODO.txt +%doc Lib/idlelib/extend.txt +%doc Lib/idlelib/ChangeLog +%{_bindir}/idle%{python_version} +%{_datadir}/applications/idle%{python_version}.desktop +%{_datadir}/metainfo/idle%{python_version}.appdata.xml +%{_datadir}/icons/hicolor/*/apps/idle%{python_version}.png +%dir %{_datadir}/icons/hicolor +%dir %{_datadir}/icons/hicolor/16x16 +%dir %{_datadir}/icons/hicolor/32x32 +%dir %{_datadir}/icons/hicolor/48x48 +%dir %{_datadir}/icons/hicolor/*/apps +# endif for if general +%endif + +%if %{with doc} +%files -n %{python_pkg_name}-doc +%dir %{_docdir}/python%{python_version} +%doc %{_docdir}/python%{python_version}/Misc +%doc %{_docdir}/python%{python_version}/html + +%files -n %{python_pkg_name}-doc-devhelp +%dir %{_datadir}/gtk-doc +%dir %{_datadir}/gtk-doc/html +%doc %{_datadir}/gtk-doc/html/Python%{python_version} +%endif + +%if %{with base} +%post -n libpython%{so_version} -p /sbin/ldconfig +%postun -n libpython%{so_version} -p /sbin/ldconfig + +%files -n libpython%{so_version} +%{_libdir}/libpython%{python_abi}.so.%{so_major}.%{so_minor} + +%files -n %{python_pkg_name}-tools +%{sitedir}/turtledemo +%if %{primary_interpreter} +%{_bindir}/2to3 +%endif +%attr(755, root, root)%{_bindir}/2to3-%{python_version} +%doc %{_docdir}/%{name}/Tools + +%files -n %{python_pkg_name}-devel +%{_libdir}/libpython%{python_abi}.so +%if %{primary_interpreter} +%{_libdir}/libpython3.so +%endif +%{_libdir}/pkgconfig/* +%{_includedir}/python%{python_abi} +%{sitedir}/config-%{python_abi}-* +%{_bindir}/python%{python_abi}-config +%if %{primary_interpreter} +%{_bindir}/python3-config +%endif +# Own these directories to not depend on gdb +%dir %{_datadir}/gdb +%dir %{_datadir}/gdb/auto-load +%dir %{_datadir}/gdb/auto-load%{_prefix} +%dir %{_datadir}/gdb/auto-load%{_libdir} +%{_datadir}/gdb/auto-load/%{_libdir}/libpython%{python_abi}.so.%{so_major}.%{so_minor}-gdb.py + +%files -n %{python_pkg_name}-testsuite +%{sitedir}/test +%{sitedir}/*/test +%{sitedir}/*/tests +%{dynlib _ctypes_test} +%{dynlib _testbuffer} +%{dynlib _testcapi} +%{dynlib _testclinic} +%{dynlib _testinternalcapi} +%{dynlib _testimportmultiple} +%{dynlib _testmultiphase} +%{dynlib xxlimited} +# workaround for missing packages +%dir %{sitedir}/sqlite3 +%dir %{sitedir}/tkinter + +%files -n %{python_pkg_name}-base +# docs +%dir %{_docdir}/%{name} +%doc %{_docdir}/%{name}/README.rst +%license LICENSE +%doc %{_docdir}/%{name}/README.SUSE +%if %{primary_interpreter} +%{_mandir}/man1/python3.1%{?ext_man} +%endif +%{_mandir}/man1/python%{python_version}.1%{?ext_man} +%if 0%{?suse_version} > 1550 +# PEP-0668 +%{sitedir}/EXTERNALLY-MANAGED +%endif +# license text, not a doc because the code can use it at run-time +%{sitedir}/LICENSE.txt +# RPM macros +%if %{primary_interpreter} +%{_rpmconfigdir}/macros.d/macros.python3 +%endif +# binary parts +%dir %{sitedir}/lib-dynload +%{dynlib array} +%{dynlib _asyncio} +%{dynlib audioop} +%{dynlib binascii} +%{dynlib _bisect} +%{dynlib _bz2} +%{dynlib cmath} +%{dynlib _codecs_cn} +%{dynlib _codecs_hk} +%{dynlib _codecs_iso2022} +%{dynlib _codecs_jp} +%{dynlib _codecs_kr} +%{dynlib _codecs_tw} +%{dynlib _contextvars} +%{dynlib _crypt} +%{dynlib _csv} +%{dynlib _ctypes} +%{dynlib _datetime} +%{dynlib _decimal} +%{dynlib _elementtree} +%{dynlib fcntl} +%{dynlib grp} +%{dynlib _hashlib} +%{dynlib _heapq} +%{dynlib _json} +%{dynlib _lsprof} +%{dynlib _lzma} +%{dynlib math} +%{dynlib mmap} +%{dynlib _multibytecodec} +%{dynlib _multiprocessing} +%{dynlib _opcode} +%{dynlib ossaudiodev} +%{dynlib _pickle} +%{dynlib _posixshmem} +%{dynlib _posixsubprocess} +%{dynlib pyexpat} +%{dynlib _queue} +%{dynlib _random} +%{dynlib resource} +%{dynlib select} +%{dynlib _socket} +%{dynlib spwd} +%{dynlib _ssl} +%{dynlib _statistics} +%{dynlib _struct} +%{dynlib syslog} +%{dynlib termios} +%{dynlib _typing} +%{dynlib unicodedata} +%{dynlib _uuid} +%{dynlib _xxsubinterpreters} +%{dynlib _xxtestfuzz} +%{dynlib xxlimited_35} +%{dynlib zlib} +%{dynlib _zoneinfo} +# hashlib fallback modules +%{dynlib _blake2} +%{dynlib _md5} +%{dynlib _sha1} +%{dynlib _sha256} +%{dynlib _sha512} +%{dynlib _sha3} +# python parts +%dir %{_prefix}/lib/python%{python_version} +%dir %{_prefix}/lib/python%{python_version}/site-packages +%dir %{_prefix}/lib/python%{python_version}/site-packages/__pycache__ +%dir %{sitedir} +%dir %{sitedir}/site-packages +%dir %{sitedir}/site-packages/__pycache__ +%exclude %{sitedir}/*/test +%exclude %{sitedir}/*/tests +%{sitedir}/*.py +%{sitedir}/asyncio +%{sitedir}/ctypes +%{sitedir}/collections +%{sitedir}/concurrent +%{sitedir}/distutils +%{sitedir}/email +%{sitedir}/encodings +%{sitedir}/ensurepip +%{sitedir}/html +%{sitedir}/http +%{sitedir}/importlib +%{sitedir}/json +%{sitedir}/lib2to3 +%{sitedir}/logging +%{sitedir}/multiprocessing +%{sitedir}/pydoc_data +%{sitedir}/re +%{sitedir}/tomllib +%{sitedir}/unittest +%{sitedir}/urllib +%{sitedir}/venv +%{sitedir}/wsgiref +%{sitedir}/xml +%{sitedir}/xmlrpc +%{sitedir}/zoneinfo +%{sitedir}/__phello__ +%{sitedir}/__pycache__ +# import-failed hooks +%{sitedir}/_import_failed +%{sitedir}/site-packages/zzzz-import-failed-hooks.pth +# symlinks +%if %{primary_interpreter} +%{_bindir}/python3 +%{_bindir}/pydoc3 +%endif +# executables +%attr(755, root, root) %{_bindir}/pydoc%{python_version} +# %%attr(755, root, root) %%{_bindir}/python%%{python_abi} +%attr(755, root, root) %{_bindir}/python%{python_version} +# endif for if base +%endif + +%changelog diff --git a/skip-test_pyobject_freed_is_freed.patch b/skip-test_pyobject_freed_is_freed.patch new file mode 100644 index 0000000..6f48b09 --- /dev/null +++ b/skip-test_pyobject_freed_is_freed.patch @@ -0,0 +1,23 @@ +--- + Lib/test/test_capi/test_misc.py | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/Lib/test/test_capi/test_misc.py ++++ b/Lib/test/test_capi/test_misc.py +@@ -40,6 +40,8 @@ import _testinternalcapi + # Were we compiled --with-pydebug or with #define Py_DEBUG? + Py_DEBUG = hasattr(sys, 'gettotalrefcount') + ++# Which version of the SLE distro we build on? ++SLE_VERSION = int(os.environ.get('SLE_VERSION', '0'), 10) + + NULL = None + +@@ -1281,6 +1283,7 @@ class PyMemDebugTests(unittest.TestCase) + def test_pyobject_forbidden_bytes_is_freed(self): + self.check_pyobject_is_freed('check_pyobject_forbidden_bytes_is_freed') + ++ @unittest.skipIf(0 < SLE_VERSION < 150300, 'Failing on Leap 15.*') + def test_pyobject_freed_is_freed(self): + self.check_pyobject_is_freed('check_pyobject_freed_is_freed') + diff --git a/skip_if_buildbot-extend.patch b/skip_if_buildbot-extend.patch new file mode 100644 index 0000000..fd9a584 --- /dev/null +++ b/skip_if_buildbot-extend.patch @@ -0,0 +1,15 @@ +--- + Lib/test/support/__init__.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/Lib/test/support/__init__.py ++++ b/Lib/test/support/__init__.py +@@ -384,7 +384,7 @@ def skip_if_buildbot(reason=None): + if not reason: + reason = 'not suitable for buildbots' + try: +- isbuildbot = getpass.getuser().lower() == 'buildbot' ++ isbuildbot = getpass.getuser().lower() in ['buildbot', 'abuild'] + except (KeyError, EnvironmentError) as err: + warnings.warn(f'getpass.getuser() failed {err}.', RuntimeWarning) + isbuildbot = False diff --git a/skipped_tests.py b/skipped_tests.py new file mode 100644 index 0000000..47002e6 --- /dev/null +++ b/skipped_tests.py @@ -0,0 +1,69 @@ +#!/usr/bin/python3 +""" +Simple regexp-based skipped test checker. +It lists tests that are mentioned (presumably for exclusion) +in BASE, and in MAIN (presumably for inclusion) +and reports discrepancies. + +This will have a number of +""" + +MAIN = "python39.spec" + +import glob +import re +from os.path import basename + +alltests = set() +qemu_exclusions = set() + +for item in glob.glob("Python-*/Lib/test/test_*"): + testname = basename(item) + if testname.endswith(".py"): + testname = testname[:-3] + alltests.add(testname) + +testre = re.compile(r'[\s"](test_\w+)\b') + +def find_tests_in_spec(specname): + global qemu_exclusions + + found_tests = set() + with open(specname) as spec: + in_qemu = False + for line in spec: + line = line.strip() + if "#" in line: + line = line[:line.index("#")] + tests = set(testre.findall(line)) + found_tests |= tests + if line == "%if 0%{?qemu_user_space_build} > 0": + in_qemu = True + if in_qemu: + if line == "%endif": + in_qemu = False + qemu_exclusions |= tests + return found_tests + +excluded = find_tests_in_spec(MAIN) + +#print("--- excluded tests:", " ".join(sorted(excluded))) +#print("--- included tests:", " ".join(sorted(included))) + +mentioned = excluded +nonexistent = mentioned - alltests +missing = excluded - qemu_exclusions + +print("--- the following tests are excluded for QEMU and not tested in python") +print("--- (that probably means we don't need to worry about them)") +for test in sorted(qemu_exclusions - excluded): + print(test) + +print("--- the following tests might be excluded in python:") +for test in sorted(missing): + print(test) + +if nonexistent: + print("--- the following tests don't exist:") + for test in sorted(nonexistent): + print(test) diff --git a/subprocess-raise-timeout.patch b/subprocess-raise-timeout.patch new file mode 100644 index 0000000..ab29d50 --- /dev/null +++ b/subprocess-raise-timeout.patch @@ -0,0 +1,18 @@ +--- + Lib/test/test_subprocess.py | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +Index: Python-3.11.8/Lib/test/test_subprocess.py +=================================================================== +--- Python-3.11.8.orig/Lib/test/test_subprocess.py ++++ Python-3.11.8/Lib/test/test_subprocess.py +@@ -280,7 +280,8 @@ class ProcessTestCase(BaseTestCase): + "time.sleep(3600)"], + # Some heavily loaded buildbots (sparc Debian 3.x) require + # this much time to start and print. +- timeout=3) ++ # OBS might require even more ++ timeout=10) + self.fail("Expected TimeoutExpired.") + self.assertEqual(c.exception.output, b'BDFL') + -- 2.51.1 From 94e7ee7c448de1f5e8d40fd434fbe51426b1ee36e93cbd72d0987772c7518230 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Thu, 3 Oct 2024 15:04:47 +0000 Subject: [PATCH 103/135] Fix the changelog OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=145 --- python311.changes | 1 + 1 file changed, 1 insertion(+) diff --git a/python311.changes b/python311.changes index f4a51d8..3223fb3 100644 --- a/python311.changes +++ b/python311.changes @@ -2,6 +2,7 @@ Wed Oct 2 16:18:29 UTC 2024 - Matej Cepl - Drop .pyc files from docdir for reproducible builds + (bsc#1230906). ------------------------------------------------------------------- Mon Sep 9 16:53:07 UTC 2024 - Matej Cepl -- 2.51.1 From f67c1ef5a065c79235ec4dcb3e242887caa65da1bb501e80ee81be21dda91b30 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Fri, 1 Nov 2024 16:39:46 +0000 Subject: [PATCH 104/135] - Add CVE-2024-9287-venv_path_unquoted.patch to properly quote path names provided when creating a virtual environment (bsc#1232241, CVE-2024-9287) OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=147 --- .gitattributes | 23 + .gitignore | 1 + CVE-2023-52425-libexpat-2.6.0-backport.patch | 223 + ...-52425-remove-reparse_deferral-tests.patch | 60 + CVE-2024-9287-venv_path_unquoted.patch | 299 + F00251-change-user-install-location.patch | 215 + PACKAGING-NOTES | 26 + Python-3.11.10.tar.xz | 3 + Python-3.11.10.tar.xz.asc | 16 + README.SUSE | 43 + _multibuild | 4 + baselibs.conf | 3 + bluez-devel-vendor.tar.xz | 3 + bpo-31046_ensurepip_honours_prefix.patch | 173 + bsc1221260-test_asyncio-ResourceWarning.patch | 21 + bso1227999-reproducible-builds.patch | 37 + distutils-reproducible-compile.patch | 17 + externally_managed.in | 12 + fix_configure_rst.patch | 40 + gh120226-fix-sendfile-test-kernel-610.patch | 35 + idle3.appdata.xml | 35 + idle3.desktop | 12 + import_failed.map | 7 + import_failed.py | 23 + macros.python3 | 28 + no-skipif-doctests.patch | 653 ++ pre_checkin.sh | 78 + python-3.3.0b1-fix_date_time_compiler.patch | 27 + python-3.3.0b1-localpath.patch | 13 + python-3.3.0b1-test-posix_fadvise.patch | 17 + python.keyring | 109 + python311-rpmlintrc | 3 + python311.changes | 5451 +++++++++++++++++ python311.spec | 1050 ++++ skip-test_pyobject_freed_is_freed.patch | 23 + skip_if_buildbot-extend.patch | 15 + skipped_tests.py | 69 + subprocess-raise-timeout.patch | 18 + 38 files changed, 8885 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 CVE-2023-52425-libexpat-2.6.0-backport.patch create mode 100644 CVE-2023-52425-remove-reparse_deferral-tests.patch create mode 100644 CVE-2024-9287-venv_path_unquoted.patch create mode 100644 F00251-change-user-install-location.patch create mode 100644 PACKAGING-NOTES create mode 100644 Python-3.11.10.tar.xz create mode 100644 Python-3.11.10.tar.xz.asc create mode 100644 README.SUSE create mode 100644 _multibuild create mode 100644 baselibs.conf create mode 100644 bluez-devel-vendor.tar.xz create mode 100644 bpo-31046_ensurepip_honours_prefix.patch create mode 100644 bsc1221260-test_asyncio-ResourceWarning.patch create mode 100644 bso1227999-reproducible-builds.patch create mode 100644 distutils-reproducible-compile.patch create mode 100644 externally_managed.in create mode 100644 fix_configure_rst.patch create mode 100644 gh120226-fix-sendfile-test-kernel-610.patch create mode 100644 idle3.appdata.xml create mode 100644 idle3.desktop create mode 100644 import_failed.map create mode 100644 import_failed.py create mode 100644 macros.python3 create mode 100644 no-skipif-doctests.patch create mode 100644 pre_checkin.sh create mode 100644 python-3.3.0b1-fix_date_time_compiler.patch create mode 100644 python-3.3.0b1-localpath.patch create mode 100644 python-3.3.0b1-test-posix_fadvise.patch create mode 100644 python.keyring create mode 100644 python311-rpmlintrc create mode 100644 python311.changes create mode 100644 python311.spec create mode 100644 skip-test_pyobject_freed_is_freed.patch create mode 100644 skip_if_buildbot-extend.patch create mode 100644 skipped_tests.py create mode 100644 subprocess-raise-timeout.patch diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/CVE-2023-52425-libexpat-2.6.0-backport.patch b/CVE-2023-52425-libexpat-2.6.0-backport.patch new file mode 100644 index 0000000..c1c66b7 --- /dev/null +++ b/CVE-2023-52425-libexpat-2.6.0-backport.patch @@ -0,0 +1,223 @@ +--- + Lib/test/support/__init__.py | 16 ++++++++++++++-- + Lib/test/test_minidom.py | 23 +++++++++-------------- + Lib/test/test_pyexpat.py | 12 +++++------- + Lib/test/test_sax.py | 18 +++++++++--------- + Lib/test/test_xml_etree.py | 12 ------------ + 5 files changed, 37 insertions(+), 44 deletions(-) + +--- a/Lib/test/support/__init__.py ++++ b/Lib/test/support/__init__.py +@@ -8,6 +8,7 @@ import dataclasses + import functools + import os + import re ++import pyexpat + import stat + import sys + import sysconfig +@@ -56,7 +57,7 @@ __all__ = [ + "run_with_tz", "PGO", "missing_compiler_executable", + "ALWAYS_EQ", "NEVER_EQ", "LARGEST", "SMALLEST", + "LOOPBACK_TIMEOUT", "INTERNET_TIMEOUT", "SHORT_TIMEOUT", "LONG_TIMEOUT", +- "skip_on_s390x", ++ "skip_on_s390x", "fails_with_expat_2_6_0", "is_expat_2_6_0" + ] + + +@@ -2240,6 +2241,17 @@ def copy_python_src_ignore(path, names): + } + return ignored + +-#Windows doesn't have os.uname() but it doesn't support s390x. ++ ++# Windows doesn't have os.uname() but it doesn't support s390x. + skip_on_s390x = unittest.skipIf(hasattr(os, 'uname') and os.uname().machine == 's390x', + 'skipped on s390x') ++ ++ ++@functools.lru_cache ++def _is_expat_2_6_0(): ++ return hasattr(pyexpat.ParserCreate(), 'SetReparseDeferralEnabled') ++is_expat_2_6_0 = _is_expat_2_6_0() ++ ++fails_with_expat_2_6_0 = (unittest.expectedFailure ++ if is_expat_2_6_0 ++ else lambda test: test) +--- a/Lib/test/test_minidom.py ++++ b/Lib/test/test_minidom.py +@@ -6,7 +6,6 @@ import io + from test import support + import unittest + +-import pyexpat + import xml.dom.minidom + + from xml.dom.minidom import parse, Attr, Node, Document, parseString +@@ -1163,13 +1162,11 @@ class MinidomTest(unittest.TestCase): + + # Verify that character decoding errors raise exceptions instead + # of crashing +- if pyexpat.version_info >= (2, 4, 5): +- self.assertRaises(ExpatError, parseString, +- b'') +- self.assertRaises(ExpatError, parseString, +- b'Comment \xe7a va ? Tr\xe8s bien ?') +- else: +- self.assertRaises(UnicodeDecodeError, parseString, ++ # It doesn’t make any sense to insist on the exact text of the ++ # error message, or even the exact Exception … it is enough that ++ # the error has been discovered. ++ with self.assertRaises((UnicodeDecodeError, ExpatError)): ++ parseString( + b'Comment \xe7a va ? Tr\xe8s bien ?') + + doc.unlink() +@@ -1631,12 +1628,10 @@ class MinidomTest(unittest.TestCase): + self.confirm(doc2.namespaceURI == xml.dom.EMPTY_NAMESPACE) + + def testExceptionOnSpacesInXMLNSValue(self): +- if pyexpat.version_info >= (2, 4, 5): +- context = self.assertRaisesRegex(ExpatError, 'syntax error') +- else: +- context = self.assertRaisesRegex(ValueError, 'Unsupported syntax') +- +- with context: ++ # It doesn’t make any sense to insist on the exact text of the ++ # error message, or even the exact Exception … it is enough that ++ # the error has been discovered. ++ with self.assertRaises((ExpatError, ValueError)): + parseString('') + + def testDocRemoveChild(self): +--- a/Lib/test/test_pyexpat.py ++++ b/Lib/test/test_pyexpat.py +@@ -14,8 +14,7 @@ from test.support import os_helper + from xml.parsers import expat + from xml.parsers.expat import errors + +-from test.support import sortdict, is_emscripten, is_wasi +- ++from test.support import sortdict, is_emscripten, is_wasi, is_expat_2_6_0 + + class SetAttributeTest(unittest.TestCase): + def setUp(self): +@@ -770,9 +769,8 @@ class ReparseDeferralTest(unittest.TestC + self.assertIs(parser.GetReparseDeferralEnabled(), enabled) + + def test_reparse_deferral_enabled(self): +- if expat.version_info < (2, 6, 0): +- self.skipTest(f'Expat {expat.version_info} does not ' +- 'support reparse deferral') ++ if not is_expat_2_6_0: ++ self.skipTest("Linked libexpat doesn't support reparse deferral") + + started = [] + +@@ -801,9 +799,9 @@ class ReparseDeferralTest(unittest.TestC + + parser = expat.ParserCreate() + parser.StartElementHandler = start_element +- if expat.version_info >= (2, 6, 0): ++ if is_expat_2_6_0: + parser.SetReparseDeferralEnabled(False) +- self.assertFalse(parser.GetReparseDeferralEnabled()) ++ self.assertFalse(parser.GetReparseDeferralEnabled()) + + for chunk in (b''): + parser.Parse(chunk, False) +--- a/Lib/test/test_sax.py ++++ b/Lib/test/test_sax.py +@@ -19,13 +19,11 @@ from xml.sax.xmlreader import InputSourc + from io import BytesIO, StringIO + import codecs + import os.path +-import pyexpat + import shutil + import sys + from urllib.error import URLError + import urllib.request +-from test.support import os_helper +-from test.support import findfile ++from test.support import os_helper, findfile, is_expat_2_6_0 + from test.support.os_helper import FakePath, TESTFN + + +@@ -1215,10 +1213,10 @@ class ExpatReaderTest(XmlTestBase): + + self.assertEqual(result.getvalue(), start + b"text") + +- @unittest.skipIf(pyexpat.version_info < (2, 6, 0), +- f'Expat {pyexpat.version_info} does not ' +- 'support reparse deferral') + def test_flush_reparse_deferral_enabled(self): ++ if not is_expat_2_6_0: ++ self.skipTest("Linked libexpat doesn't support reparse deferral") ++ + result = BytesIO() + xmlgen = XMLGenerator(result) + parser = create_parser() +@@ -1241,6 +1239,9 @@ class ExpatReaderTest(XmlTestBase): + self.assertEqual(result.getvalue(), start + b"") + + def test_flush_reparse_deferral_disabled(self): ++ if not is_expat_2_6_0: ++ self.skipTest("Linked libexpat doesn't support reparse deferral") ++ + result = BytesIO() + xmlgen = XMLGenerator(result) + parser = create_parser() +@@ -1249,9 +1250,8 @@ class ExpatReaderTest(XmlTestBase): + for chunk in (""): + parser.feed(chunk) + +- if pyexpat.version_info >= (2, 6, 0): +- parser._parser.SetReparseDeferralEnabled(False) +- self.assertEqual(result.getvalue(), start) # i.e. no elements started ++ parser._parser.SetReparseDeferralEnabled(False) ++ self.assertEqual(result.getvalue(), start) # i.e. no elements started + + self.assertFalse(parser._parser.GetReparseDeferralEnabled()) + +--- a/Lib/test/test_xml_etree.py ++++ b/Lib/test/test_xml_etree.py +@@ -13,7 +13,6 @@ import itertools + import operator + import os + import pickle +-import pyexpat + import sys + import textwrap + import types +@@ -1424,12 +1423,6 @@ class XMLPullParserTest(unittest.TestCas + self.assert_event_tags(parser, [('end', 'root')]) + self.assertIsNone(parser.close()) + +- def test_simple_xml_chunk_1(self): +- self.test_simple_xml(chunk_size=1, flush=True) +- +- def test_simple_xml_chunk_5(self): +- self.test_simple_xml(chunk_size=5, flush=True) +- + def test_simple_xml_chunk_22(self): + self.test_simple_xml(chunk_size=22) + +@@ -1627,9 +1620,6 @@ class XMLPullParserTest(unittest.TestCas + with self.assertRaises(ValueError): + ET.XMLPullParser(events=('start', 'end', 'bogus')) + +- @unittest.skipIf(pyexpat.version_info < (2, 6, 0), +- f'Expat {pyexpat.version_info} does not ' +- 'support reparse deferral') + def test_flush_reparse_deferral_enabled(self): + parser = ET.XMLPullParser(events=('start', 'end')) + +@@ -1656,8 +1646,6 @@ class XMLPullParserTest(unittest.TestCas + + for chunk in (""): + parser.feed(chunk) +- +- if pyexpat.version_info >= (2, 6, 0): + if not ET is pyET: + self.skipTest(f'XMLParser.(Get|Set)ReparseDeferralEnabled ' + 'methods not available in C') diff --git a/CVE-2023-52425-remove-reparse_deferral-tests.patch b/CVE-2023-52425-remove-reparse_deferral-tests.patch new file mode 100644 index 0000000..553bdf8 --- /dev/null +++ b/CVE-2023-52425-remove-reparse_deferral-tests.patch @@ -0,0 +1,60 @@ +--- + Lib/test/test_pyexpat.py | 2 ++ + Lib/test/test_sax.py | 2 ++ + Lib/test/test_xml_etree.py | 2 ++ + 3 files changed, 6 insertions(+) + +--- a/Lib/test/test_pyexpat.py ++++ b/Lib/test/test_pyexpat.py +@@ -768,6 +768,7 @@ class ReparseDeferralTest(unittest.TestC + parser.SetReparseDeferralEnabled(True) + self.assertIs(parser.GetReparseDeferralEnabled(), enabled) + ++ @unittest.skip('Tests are failing.') + def test_reparse_deferral_enabled(self): + if not is_expat_2_6_0: + self.skipTest("Linked libexpat doesn't support reparse deferral") +@@ -791,6 +792,7 @@ class ReparseDeferralTest(unittest.TestC + + self.assertEqual(started, ['doc']) + ++ @unittest.skip('Tests are failing.') + def test_reparse_deferral_disabled(self): + started = [] + +--- a/Lib/test/test_sax.py ++++ b/Lib/test/test_sax.py +@@ -1213,6 +1213,7 @@ class ExpatReaderTest(XmlTestBase): + + self.assertEqual(result.getvalue(), start + b"text") + ++ @unittest.skip('Tests are failing.') + def test_flush_reparse_deferral_enabled(self): + if not is_expat_2_6_0: + self.skipTest("Linked libexpat doesn't support reparse deferral") +@@ -1238,6 +1239,7 @@ class ExpatReaderTest(XmlTestBase): + + self.assertEqual(result.getvalue(), start + b"") + ++ @unittest.skip('Tests are failing.') + def test_flush_reparse_deferral_disabled(self): + if not is_expat_2_6_0: + self.skipTest("Linked libexpat doesn't support reparse deferral") +--- a/Lib/test/test_xml_etree.py ++++ b/Lib/test/test_xml_etree.py +@@ -1620,6 +1620,7 @@ class XMLPullParserTest(unittest.TestCas + with self.assertRaises(ValueError): + ET.XMLPullParser(events=('start', 'end', 'bogus')) + ++ @unittest.skip('Tests are failing.') + def test_flush_reparse_deferral_enabled(self): + parser = ET.XMLPullParser(events=('start', 'end')) + +@@ -1641,6 +1642,7 @@ class XMLPullParserTest(unittest.TestCas + + self.assert_event_tags(parser, [('end', 'doc')]) + ++ @unittest.skip('Tests are failing.') + def test_flush_reparse_deferral_disabled(self): + parser = ET.XMLPullParser(events=('start', 'end')) + diff --git a/CVE-2024-9287-venv_path_unquoted.patch b/CVE-2024-9287-venv_path_unquoted.patch new file mode 100644 index 0000000..541a907 --- /dev/null +++ b/CVE-2024-9287-venv_path_unquoted.patch @@ -0,0 +1,299 @@ +From 1408cc9bf9e8b19968761548c30b78d37074c21c Mon Sep 17 00:00:00 2001 +From: Y5 <124019959+y5c4l3@users.noreply.github.com> +Date: Tue, 22 Oct 2024 04:48:04 +0800 +Subject: [PATCH] gh-124651: Quote template strings in `venv` activation + scripts (GH-124712) + +This patch properly quotes template strings in `venv` activation +scripts. This mitigates potential command injection. + +(cherry picked from commit d48cc82ed25e26b02eb97c6263d95dcaa1e9111b) +--- + Lib/test/test_venv.py | 81 ++++++++++ + Lib/venv/__init__.py | 42 ++++- + Lib/venv/scripts/common/activate | 8 + Lib/venv/scripts/nt/activate.bat | 6 + Lib/venv/scripts/posix/activate.csh | 8 + Lib/venv/scripts/posix/activate.fish | 8 + Misc/NEWS.d/next/Library/2024-09-28-02-03-04.gh-issue-124651.bLBGtH.rst | 1 + 7 files changed, 134 insertions(+), 20 deletions(-) + create mode 100644 Misc/NEWS.d/next/Library/2024-09-28-02-03-04.gh-issue-124651.bLBGtH.rst + +--- a/Lib/test/test_venv.py ++++ b/Lib/test/test_venv.py +@@ -11,6 +11,7 @@ import os + import os.path + import pathlib + import re ++import shlex + import shutil + import struct + import subprocess +@@ -96,6 +97,10 @@ class BaseTest(unittest.TestCase): + result = f.read() + return result + ++ def assertEndsWith(self, string, tail): ++ if not string.endswith(tail): ++ self.fail(f"String {string!r} does not end with {tail!r}") ++ + class BasicTest(BaseTest): + """Test venv module functionality.""" + +@@ -446,6 +451,82 @@ class BasicTest(BaseTest): + 'import sys; print(sys.executable)']) + self.assertEqual(out.strip(), envpy.encode()) + ++ # gh-124651: test quoted strings ++ @unittest.skipIf(os.name == 'nt', 'contains invalid characters on Windows') ++ def test_special_chars_bash(self): ++ """ ++ Test that the template strings are quoted properly (bash) ++ """ ++ rmtree(self.env_dir) ++ bash = shutil.which('bash') ++ if bash is None: ++ self.skipTest('bash required for this test') ++ env_name = '"\';&&$e|\'"' ++ env_dir = os.path.join(os.path.realpath(self.env_dir), env_name) ++ builder = venv.EnvBuilder(clear=True) ++ builder.create(env_dir) ++ activate = os.path.join(env_dir, self.bindir, 'activate') ++ test_script = os.path.join(self.env_dir, 'test_special_chars.sh') ++ with open(test_script, "w") as f: ++ f.write(f'source {shlex.quote(activate)}\n' ++ 'python -c \'import sys; print(sys.executable)\'\n' ++ 'python -c \'import os; print(os.environ["VIRTUAL_ENV"])\'\n' ++ 'deactivate\n') ++ out, err = check_output([bash, test_script]) ++ lines = out.splitlines() ++ self.assertTrue(env_name.encode() in lines[0]) ++ self.assertEndsWith(lines[1], env_name.encode()) ++ ++ # gh-124651: test quoted strings ++ @unittest.skipIf(os.name == 'nt', 'contains invalid characters on Windows') ++ def test_special_chars_csh(self): ++ """ ++ Test that the template strings are quoted properly (csh) ++ """ ++ rmtree(self.env_dir) ++ csh = shutil.which('tcsh') or shutil.which('csh') ++ if csh is None: ++ self.skipTest('csh required for this test') ++ env_name = '"\';&&$e|\'"' ++ env_dir = os.path.join(os.path.realpath(self.env_dir), env_name) ++ builder = venv.EnvBuilder(clear=True) ++ builder.create(env_dir) ++ activate = os.path.join(env_dir, self.bindir, 'activate.csh') ++ test_script = os.path.join(self.env_dir, 'test_special_chars.csh') ++ with open(test_script, "w") as f: ++ f.write(f'source {shlex.quote(activate)}\n' ++ 'python -c \'import sys; print(sys.executable)\'\n' ++ 'python -c \'import os; print(os.environ["VIRTUAL_ENV"])\'\n' ++ 'deactivate\n') ++ out, err = check_output([csh, test_script]) ++ lines = out.splitlines() ++ self.assertTrue(env_name.encode() in lines[0]) ++ self.assertEndsWith(lines[1], env_name.encode()) ++ ++ # gh-124651: test quoted strings on Windows ++ @unittest.skipUnless(os.name == 'nt', 'only relevant on Windows') ++ def test_special_chars_windows(self): ++ """ ++ Test that the template strings are quoted properly on Windows ++ """ ++ rmtree(self.env_dir) ++ env_name = "'&&^$e" ++ env_dir = os.path.join(os.path.realpath(self.env_dir), env_name) ++ builder = venv.EnvBuilder(clear=True) ++ builder.create(env_dir) ++ activate = os.path.join(env_dir, self.bindir, 'activate.bat') ++ test_batch = os.path.join(self.env_dir, 'test_special_chars.bat') ++ with open(test_batch, "w") as f: ++ f.write('@echo off\n' ++ f'"{activate}" & ' ++ f'{self.exe} -c "import sys; print(sys.executable)" & ' ++ f'{self.exe} -c "import os; print(os.environ[\'VIRTUAL_ENV\'])" & ' ++ 'deactivate') ++ out, err = check_output([test_batch]) ++ lines = out.splitlines() ++ self.assertTrue(env_name.encode() in lines[0]) ++ self.assertEndsWith(lines[1], env_name.encode()) ++ + @unittest.skipUnless(os.name == 'nt', 'only relevant on Windows') + def test_unicode_in_batch_file(self): + """ +--- a/Lib/venv/__init__.py ++++ b/Lib/venv/__init__.py +@@ -11,6 +11,7 @@ import subprocess + import sys + import sysconfig + import types ++import shlex + + + CORE_VENV_DEPS = ('pip', 'setuptools') +@@ -394,11 +395,41 @@ class EnvBuilder: + :param context: The information for the environment creation request + being processed. + """ +- text = text.replace('__VENV_DIR__', context.env_dir) +- text = text.replace('__VENV_NAME__', context.env_name) +- text = text.replace('__VENV_PROMPT__', context.prompt) +- text = text.replace('__VENV_BIN_NAME__', context.bin_name) +- text = text.replace('__VENV_PYTHON__', context.env_exe) ++ replacements = { ++ '__VENV_DIR__': context.env_dir, ++ '__VENV_NAME__': context.env_name, ++ '__VENV_PROMPT__': context.prompt, ++ '__VENV_BIN_NAME__': context.bin_name, ++ '__VENV_PYTHON__': context.env_exe, ++ } ++ ++ def quote_ps1(s): ++ """ ++ This should satisfy PowerShell quoting rules [1], unless the quoted ++ string is passed directly to Windows native commands [2]. ++ [1]: https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_quoting_rules ++ [2]: https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_parsing#passing-arguments-that-contain-quote-characters ++ """ ++ s = s.replace("'", "''") ++ return f"'{s}'" ++ ++ def quote_bat(s): ++ return s ++ ++ # gh-124651: need to quote the template strings properly ++ quote = shlex.quote ++ script_path = context.script_path ++ if script_path.endswith('.ps1'): ++ quote = quote_ps1 ++ elif script_path.endswith('.bat'): ++ quote = quote_bat ++ else: ++ # fallbacks to POSIX shell compliant quote ++ quote = shlex.quote ++ ++ replacements = {key: quote(s) for key, s in replacements.items()} ++ for key, quoted in replacements.items(): ++ text = text.replace(key, quoted) + return text + + def install_scripts(self, context, path): +@@ -438,6 +469,7 @@ class EnvBuilder: + with open(srcfile, 'rb') as f: + data = f.read() + if not srcfile.endswith(('.exe', '.pdb')): ++ context.script_path = srcfile + try: + data = data.decode('utf-8') + data = self.replace_variables(data, context) +--- a/Lib/venv/scripts/common/activate ++++ b/Lib/venv/scripts/common/activate +@@ -35,11 +35,11 @@ deactivate () { + # unset irrelevant variables + deactivate nondestructive + +-VIRTUAL_ENV="__VENV_DIR__" ++VIRTUAL_ENV=__VENV_DIR__ + export VIRTUAL_ENV + + _OLD_VIRTUAL_PATH="$PATH" +-PATH="$VIRTUAL_ENV/__VENV_BIN_NAME__:$PATH" ++PATH="$VIRTUAL_ENV/"__VENV_BIN_NAME__":$PATH" + export PATH + + # unset PYTHONHOME if set +@@ -52,9 +52,9 @@ fi + + if [ -z "${VIRTUAL_ENV_DISABLE_PROMPT:-}" ] ; then + _OLD_VIRTUAL_PS1="${PS1:-}" +- PS1="__VENV_PROMPT__${PS1:-}" ++ PS1=__VENV_PROMPT__"${PS1:-}" + export PS1 +- VIRTUAL_ENV_PROMPT="__VENV_PROMPT__" ++ VIRTUAL_ENV_PROMPT=__VENV_PROMPT__ + export VIRTUAL_ENV_PROMPT + fi + +--- a/Lib/venv/scripts/nt/activate.bat ++++ b/Lib/venv/scripts/nt/activate.bat +@@ -8,7 +8,7 @@ if defined _OLD_CODEPAGE ( + "%SystemRoot%\System32\chcp.com" 65001 > nul + ) + +-set VIRTUAL_ENV=__VENV_DIR__ ++set "VIRTUAL_ENV=__VENV_DIR__" + + if not defined PROMPT set PROMPT=$P$G + +@@ -24,8 +24,8 @@ set PYTHONHOME= + if defined _OLD_VIRTUAL_PATH set PATH=%_OLD_VIRTUAL_PATH% + if not defined _OLD_VIRTUAL_PATH set _OLD_VIRTUAL_PATH=%PATH% + +-set PATH=%VIRTUAL_ENV%\__VENV_BIN_NAME__;%PATH% +-set VIRTUAL_ENV_PROMPT=__VENV_PROMPT__ ++set "PATH=%VIRTUAL_ENV%\__VENV_BIN_NAME__;%PATH%" ++set "VIRTUAL_ENV_PROMPT=__VENV_PROMPT__" + + :END + if defined _OLD_CODEPAGE ( +--- a/Lib/venv/scripts/posix/activate.csh ++++ b/Lib/venv/scripts/posix/activate.csh +@@ -8,17 +8,17 @@ alias deactivate 'test $?_OLD_VIRTUAL_PA + # Unset irrelevant variables. + deactivate nondestructive + +-setenv VIRTUAL_ENV "__VENV_DIR__" ++setenv VIRTUAL_ENV __VENV_DIR__ + + set _OLD_VIRTUAL_PATH="$PATH" +-setenv PATH "$VIRTUAL_ENV/__VENV_BIN_NAME__:$PATH" ++setenv PATH "$VIRTUAL_ENV/"__VENV_BIN_NAME__":$PATH" + + + set _OLD_VIRTUAL_PROMPT="$prompt" + + if (! "$?VIRTUAL_ENV_DISABLE_PROMPT") then +- set prompt = "__VENV_PROMPT__$prompt" +- setenv VIRTUAL_ENV_PROMPT "__VENV_PROMPT__" ++ set prompt = __VENV_PROMPT__"$prompt" ++ setenv VIRTUAL_ENV_PROMPT __VENV_PROMPT__ + endif + + alias pydoc python -m pydoc +--- a/Lib/venv/scripts/posix/activate.fish ++++ b/Lib/venv/scripts/posix/activate.fish +@@ -33,10 +33,10 @@ end + # Unset irrelevant variables. + deactivate nondestructive + +-set -gx VIRTUAL_ENV "__VENV_DIR__" ++set -gx VIRTUAL_ENV __VENV_DIR__ + + set -gx _OLD_VIRTUAL_PATH $PATH +-set -gx PATH "$VIRTUAL_ENV/__VENV_BIN_NAME__" $PATH ++set -gx PATH "$VIRTUAL_ENV/"__VENV_BIN_NAME__ $PATH + + # Unset PYTHONHOME if set. + if set -q PYTHONHOME +@@ -56,7 +56,7 @@ if test -z "$VIRTUAL_ENV_DISABLE_PROMPT" + set -l old_status $status + + # Output the venv prompt; color taken from the blue of the Python logo. +- printf "%s%s%s" (set_color 4B8BBE) "__VENV_PROMPT__" (set_color normal) ++ printf "%s%s%s" (set_color 4B8BBE) __VENV_PROMPT__ (set_color normal) + + # Restore the return status of the previous command. + echo "exit $old_status" | . +@@ -65,5 +65,5 @@ if test -z "$VIRTUAL_ENV_DISABLE_PROMPT" + end + + set -gx _OLD_FISH_PROMPT_OVERRIDE "$VIRTUAL_ENV" +- set -gx VIRTUAL_ENV_PROMPT "__VENV_PROMPT__" ++ set -gx VIRTUAL_ENV_PROMPT __VENV_PROMPT__ + end +--- /dev/null ++++ b/Misc/NEWS.d/next/Library/2024-09-28-02-03-04.gh-issue-124651.bLBGtH.rst +@@ -0,0 +1 @@ ++Properly quote template strings in :mod:`venv` activation scripts. diff --git a/F00251-change-user-install-location.patch b/F00251-change-user-install-location.patch new file mode 100644 index 0000000..fa38a94 --- /dev/null +++ b/F00251-change-user-install-location.patch @@ -0,0 +1,215 @@ +From 910f38d9768d39d4d31426743ae4081ed1ab66b6 Mon Sep 17 00:00:00 2001 +From: Michal Cyprian +Date: Mon, 26 Jun 2017 16:32:56 +0200 +Subject: [PATCH] 00251: Change user install location + +Set values of prefix and exec_prefix in distutils install command +to /usr/local if executable is /usr/bin/python* and RPM build +is not detected to make pip and distutils install into separate location. + +Fedora Change: https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe +--- + Lib/distutils/command/install.py | 15 +++++++++++++-- + Lib/site.py | 9 ++++++++- + 2 files changed, 21 insertions(+), 3 deletions(-) + +Index: Python-3.11.8/Lib/distutils/command/install.py +=================================================================== +--- Python-3.11.8.orig/Lib/distutils/command/install.py ++++ Python-3.11.8/Lib/distutils/command/install.py +@@ -441,8 +441,19 @@ class install(Command): + raise DistutilsOptionError( + "must not supply exec-prefix without prefix") + +- self.prefix = os.path.normpath(sys.prefix) +- self.exec_prefix = os.path.normpath(sys.exec_prefix) ++ # self.prefix is set to sys.prefix + /local/ ++ # if neither RPM build nor virtual environment is ++ # detected to make pip and distutils install packages ++ # into the separate location. ++ if (not (hasattr(sys, 'real_prefix') or ++ sys.prefix != sys.base_prefix) and ++ 'RPM_BUILD_ROOT' not in os.environ): ++ addition = "/local" ++ else: ++ addition = "" ++ ++ self.prefix = os.path.normpath(sys.prefix) + addition ++ self.exec_prefix = os.path.normpath(sys.exec_prefix) + addition + + else: + if self.exec_prefix is None: +Index: Python-3.11.8/Lib/site.py +=================================================================== +--- Python-3.11.8.orig/Lib/site.py ++++ Python-3.11.8/Lib/site.py +@@ -387,8 +387,15 @@ def getsitepackages(prefixes=None): + return sitepackages + + def addsitepackages(known_paths, prefixes=None): +- """Add site-packages to sys.path""" ++ """Add site-packages to sys.path ++ ++ '/usr/local' is included in PREFIXES if RPM build is not detected ++ to make packages installed into this location visible. ++ ++ """ + _trace("Processing global site-packages") ++ if ENABLE_USER_SITE and 'RPM_BUILD_ROOT' not in os.environ: ++ PREFIXES.insert(0, "/usr/local") + for sitedir in getsitepackages(prefixes): + if os.path.isdir(sitedir): + addsitedir(sitedir, known_paths) + +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= +Date: Mon, 15 Feb 2021 12:19:27 +0100 +Subject: [PATCH] 00251: Change user install location +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Set values of base and platbase in sysconfig from /usr +to /usr/local when RPM build is not detected +to make pip and similar tools install into separate location. + +Fedora Change: https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe +Downstream only. + +We've tried to rework in Fedora 36/Python 3.10 to follow https://bugs.python.org/issue43976 +but we have identified serious problems with that approach, +see https://bugzilla.redhat.com/2026979 or https://bugzilla.redhat.com/2097183 + +pypa/distutils integration: https://github.com/pypa/distutils/pull/70 + +Co-authored-by: Petr Viktorin +Co-authored-by: Miro Hrončok +Co-authored-by: Michal Cyprian +Co-authored-by: Lumír Balhar +--- + Lib/site.py | 9 ++++++- + Lib/sysconfig.py | 49 +++++++++++++++++++++++++++++++++++++- + Lib/test/test_sysconfig.py | 17 +++++++++++-- + 3 files changed, 71 insertions(+), 4 deletions(-) + +Index: Python-3.11.9/Lib/sysconfig.py +=================================================================== +--- Python-3.11.9.orig/Lib/sysconfig.py ++++ Python-3.11.9/Lib/sysconfig.py +@@ -103,6 +103,11 @@ if os.name == 'nt': + else: + _INSTALL_SCHEMES['venv'] = _INSTALL_SCHEMES['posix_venv'] + ++# For a brief period of time in the Fedora 36 life cycle, ++# this installation scheme existed and was documented in the release notes. ++# For backwards compatibility, we keep it here (at least on 3.10 and 3.11). ++_INSTALL_SCHEMES['rpm_prefix'] = _INSTALL_SCHEMES['posix_prefix'] ++ + + # NOTE: site.py has copy of this function. + # Sync it when modify this function. +@@ -162,6 +167,19 @@ if _HAS_USER_BASE: + }, + } + ++# This is used by distutils.command.install in the stdlib ++# as well as pypa/distutils (e.g. bundled in setuptools). ++# The self.prefix value is set to sys.prefix + /local/ ++# if neither RPM build nor virtual environment is ++# detected to make distutils install packages ++# into the separate location. ++# https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe ++if (not (hasattr(sys, 'real_prefix') or ++ sys.prefix != sys.base_prefix) and ++ 'RPM_BUILD_ROOT' not in os.environ): ++ _prefix_addition = '/local' ++ ++ + _SCHEME_KEYS = ('stdlib', 'platstdlib', 'purelib', 'platlib', 'include', + 'scripts', 'data') + +@@ -258,11 +276,40 @@ def _extend_dict(target_dict, other_dict + target_dict[key] = value + + ++_CONFIG_VARS_LOCAL = None ++ ++ ++def _config_vars_local(): ++ # This function returns the config vars with prefixes amended to /usr/local ++ # https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe ++ global _CONFIG_VARS_LOCAL ++ if _CONFIG_VARS_LOCAL is None: ++ _CONFIG_VARS_LOCAL = dict(get_config_vars()) ++ _CONFIG_VARS_LOCAL['base'] = '/usr/local' ++ _CONFIG_VARS_LOCAL['platbase'] = '/usr/local' ++ return _CONFIG_VARS_LOCAL ++ ++ + def _expand_vars(scheme, vars): + res = {} + if vars is None: + vars = {} +- _extend_dict(vars, get_config_vars()) ++ ++ # when we are not in a virtual environment or an RPM build ++ # we change '/usr' to '/usr/local' ++ # to avoid surprises, we explicitly check for the /usr/ prefix ++ # Python virtual environments have different prefixes ++ # we only do this for posix_prefix, not to mangle the venv scheme ++ # posix_prefix is used by sudo pip install ++ # we only change the defaults here, so explicit --prefix will take precedence ++ # https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe ++ if (scheme == 'posix_prefix' and ++ _PREFIX == '/usr' and ++ 'RPM_BUILD_ROOT' not in os.environ): ++ _extend_dict(vars, _config_vars_local()) ++ else: ++ _extend_dict(vars, get_config_vars()) ++ + if os.name == 'nt': + # On Windows we want to substitute 'lib' for schemes rather + # than the native value (without modifying vars, in case it +Index: Python-3.11.9/Lib/test/test_sysconfig.py +=================================================================== +--- Python-3.11.9.orig/Lib/test/test_sysconfig.py ++++ Python-3.11.9/Lib/test/test_sysconfig.py +@@ -111,8 +111,19 @@ class TestSysConfig(unittest.TestCase): + for scheme in _INSTALL_SCHEMES: + for name in _INSTALL_SCHEMES[scheme]: + expected = _INSTALL_SCHEMES[scheme][name].format(**config_vars) ++ tested = get_path(name, scheme) ++ # https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe ++ if tested.startswith('/usr/local'): ++ # /usr/local should only be used in posix_prefix ++ self.assertEqual(scheme, 'posix_prefix') ++ # Fedora CI runs tests for venv and virtualenv that check for other prefixes ++ self.assertEqual(sys.prefix, '/usr') ++ # When building the RPM of Python, %check runs this with RPM_BUILD_ROOT set ++ # Fedora CI runs this with RPM_BUILD_ROOT unset ++ self.assertNotIn('RPM_BUILD_ROOT', os.environ) ++ tested = tested.replace('/usr/local', '/usr') + self.assertEqual( +- os.path.normpath(get_path(name, scheme)), ++ os.path.normpath(tested), + os.path.normpath(expected), + ) + +@@ -345,7 +356,7 @@ class TestSysConfig(unittest.TestCase): + self.assertTrue(os.path.isfile(config_h), config_h) + + def test_get_scheme_names(self): +- wanted = ['nt', 'posix_home', 'posix_prefix', 'posix_venv', 'nt_venv', 'venv'] ++ wanted = ['nt', 'posix_home', 'posix_prefix', 'posix_venv', 'nt_venv', 'venv', 'rpm_prefix'] + if HAS_USER_BASE: + wanted.extend(['nt_user', 'osx_framework_user', 'posix_user']) + self.assertEqual(get_scheme_names(), tuple(sorted(wanted))) +@@ -357,6 +368,8 @@ class TestSysConfig(unittest.TestCase): + cmd = "-c", "import sysconfig; print(sysconfig.get_platform())" + self.assertEqual(py.call_real(*cmd), py.call_link(*cmd)) + ++ @unittest.skipIf('RPM_BUILD_ROOT' not in os.environ, ++ "Test doesn't expect Fedora's paths") + def test_user_similar(self): + # Issue #8759: make sure the posix scheme for the users + # is similar to the global posix_prefix one diff --git a/PACKAGING-NOTES b/PACKAGING-NOTES new file mode 100644 index 0000000..e28c88c --- /dev/null +++ b/PACKAGING-NOTES @@ -0,0 +1,26 @@ +Notes for packagers of Python3 +============================== + +0. Faster build turnaround +-------------------------- + +By default, python builds with profile-guided optimization. This needs +an additional run of the test suite and it is generally slow. +PGO build takes around 50 minutes. + +For development, use "--without profileopt" option to disable PGO. This +shortens the build time to ~5 minutes including test suite. + +1. import_failed.map +---------------------- + +This is a mechanism installed as part of python3-base, that places shim modules +on python's path (through a generated zzzz-import-failed-hooks.pth file, so that +it is imported as much at the end as makes sense; and an _import_failed subdir +of /usr/lib/pythonX.Y). Then when the user tries to import a module that is part +of a subpackage, the ImportError will contain a helpful message telling them +which missing subpackage to install. + +This can sometimes cause problems on non-standard configurations, if the pth +gets included too early (for instance if you are using a script to include all +pths by hand in some strange order). Just something to look out for. diff --git a/Python-3.11.10.tar.xz b/Python-3.11.10.tar.xz new file mode 100644 index 0000000..f87e7ad --- /dev/null +++ b/Python-3.11.10.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:07a4356e912900e61a15cb0949a06c4a05012e213ecd6b4e84d0f67aabbee372 +size 20067656 diff --git a/Python-3.11.10.tar.xz.asc b/Python-3.11.10.tar.xz.asc new file mode 100644 index 0000000..243d1b1 --- /dev/null +++ b/Python-3.11.10.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEz9yiRbEEPPKl+Xhl/+h0BBaL2EcFAmbbrO0ACgkQ/+h0BBaL +2Ec+YBAAnQJLKYPjj7Yr7xkFU655Sv86JxeRAdWjnIapbiIuWg3Up8Pd8FTRgHGf +3XdTHw7b03lSjtzJwavzdnDklqAlBIGn9dVieljUIN7NYyNxoYOr/AiatimgSwv7 +dI5mfun5fLKV6ZcdNdQN5PJ3RZtF3I7VfkN2mlfZJHtxl1agdU/TfW2L+qJ7+JPY +cayjq2xKTLRNXOf2iV29GRRovLiqA+Dx0+cAwsScwreHMp3U4k3GkeHVoR6fldV4 +bVAM8GRl3CYVFePiqAbamKP1BSys44JOINWbWyd94JxzEAwXWz//Es0h73AzeRfK +ueORqzdoOGrVc74+HGlAHhqO1Gg7jMMmtkzCEuav+cGHYnMRMOngGR3q47aTJTVb +5UdP0oD4OlADPFVa6q0LCqN/IFlebWMh9pXYw7Wpek63oNuZHTfNPq4S1AUM2HJm +C3yzaOG9VAdYfLneJC4ldY4CVt1FKckfaXp5OAaMr71DI74e4CcEswlUupZJLZKV +TJRjQD15bnXGhHDqU4w3RmzpCWMh2mf4m4VMYQyObl3TtlX+gVvzIhDS5+mXqutB +F1pdXwaHHkTb2PLLxpwOGrnsp8XoW74tsylcYirQg8jSFMbgxfwgIjEIuRGXeDkT +B4QzmQ4SxsbLiH7etV6Fznl1h569Z4DO9OOs4i0ZzIjdhPDQtAs= +=TatG +-----END PGP SIGNATURE----- diff --git a/README.SUSE b/README.SUSE new file mode 100644 index 0000000..0053bcf --- /dev/null +++ b/README.SUSE @@ -0,0 +1,43 @@ +Python 3 in SUSE +============== + +* Subpackages * + +Python 3 is split into several subpackages, based on external dependencies. +The main package 'python3' has soft dependencies on all subpackages needed to +assemble the standard library; however, these might not all be installed by default. + +If you attempt to import a module that is currently not installed, an ImportError is thrown, +with instructions to install the missing subpackage. Installing the subpackage might result +in installing libraries that the subpackage requires to function. + + +* ensurepip * + +The 'ensurepip' module from Python 3 standard library (PEP 453) is supposed to deploy +a bundled copy of the pip installer. This makes no sense in a managed distribution like SUSE. +Instead, you need to install package 'python3-pip'. Usually this will be installed automatically +with 'python3'. + +Using 'ensurepip' when pip is not installed will result in an ImportError with instructions +to install 'python3-pip'. + + +* Documentation * + +You can find documentation in seprarate packages: python3-doc and +python3-doc-pdf. These contan following documents: + + Tutorial, What's New in Python, Global Module Index, Library Reference, + Macintosh Module Reference, Installing Python Modules, Distributing Python + Modules, Language Reference, Extending and Embedding, Python/C API, + Documenting Python + +The python3-doc package constains many text files from source tarball. + + +* Interactive mode * + +Interactive mode is by default enhanced with of history and command completion. +If you don't like these features, you can unset the PYTHONSTARTUP variable +in your .profile or disable it system wide in /etc/profile.d/python.sh. diff --git a/_multibuild b/_multibuild new file mode 100644 index 0000000..1d50bc4 --- /dev/null +++ b/_multibuild @@ -0,0 +1,4 @@ + + base + doc + diff --git a/baselibs.conf b/baselibs.conf new file mode 100644 index 0000000..1793de8 --- /dev/null +++ b/baselibs.conf @@ -0,0 +1,3 @@ +python311-base +python311 +libpython3_11-1_0 diff --git a/bluez-devel-vendor.tar.xz b/bluez-devel-vendor.tar.xz new file mode 100644 index 0000000..57fb3e5 --- /dev/null +++ b/bluez-devel-vendor.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:868fbfba2ddaed62f2c45cf869fe2c648527ac3bac738f4f41f3c2872f5b0211 +size 25040 diff --git a/bpo-31046_ensurepip_honours_prefix.patch b/bpo-31046_ensurepip_honours_prefix.patch new file mode 100644 index 0000000..86882ae --- /dev/null +++ b/bpo-31046_ensurepip_honours_prefix.patch @@ -0,0 +1,173 @@ +From 5754521af1d51aa8e445cba07a093bbc0c88596d Mon Sep 17 00:00:00 2001 +From: Zackery Spytz +Date: Mon, 16 Dec 2019 18:24:08 -0700 +Subject: [PATCH] bpo-31046: ensurepip does not honour the value of $(prefix) + +Co-Authored-By: Xavier de Gaye +--- + Doc/library/ensurepip.rst | 9 +++-- + Lib/ensurepip/__init__.py | 18 +++++++--- + Lib/test/test_ensurepip.py | 11 ++++++ + Makefile.pre.in | 4 +- + Misc/NEWS.d/next/Build/2019-12-16-17-50-42.bpo-31046.XA-Qfr.rst | 1 + 5 files changed, 34 insertions(+), 9 deletions(-) + create mode 100644 Misc/NEWS.d/next/Build/2019-12-16-17-50-42.bpo-31046.XA-Qfr.rst + +Index: Python-3.11.8/Doc/library/ensurepip.rst +=================================================================== +--- Python-3.11.8.orig/Doc/library/ensurepip.rst ++++ Python-3.11.8/Doc/library/ensurepip.rst +@@ -59,7 +59,9 @@ is at least as recent as the one availab + By default, ``pip`` is installed into the current virtual environment + (if one is active) or into the system site packages (if there is no + active virtual environment). The installation location can be controlled +-through two additional command line options: ++through some additional command line options: ++ ++* ``--prefix ``: Installs ``pip`` using the given directory prefix. + + * :samp:`--root {dir}`: Installs ``pip`` relative to the given root directory + rather than the root of the currently active virtual environment (if any) +@@ -92,7 +94,7 @@ Module API + Returns a string specifying the available version of pip that will be + installed when bootstrapping an environment. + +-.. function:: bootstrap(root=None, upgrade=False, user=False, \ ++.. function:: bootstrap(root=None, prefix=None, upgrade=False, user=False, \ + altinstall=False, default_pip=False, \ + verbosity=0) + +@@ -102,6 +104,8 @@ Module API + If *root* is ``None``, then installation uses the default install location + for the current environment. + ++ *prefix* specifies the directory prefix to use when installing. ++ + *upgrade* indicates whether or not to upgrade an existing installation + of an earlier version of ``pip`` to the available version. + +@@ -122,6 +126,8 @@ Module API + *verbosity* controls the level of output to :data:`sys.stdout` from the + bootstrapping operation. + ++ .. versionchanged:: 3.9 the *prefix* parameter was added. ++ + .. audit-event:: ensurepip.bootstrap root ensurepip.bootstrap + + .. note:: +Index: Python-3.11.8/Lib/ensurepip/__init__.py +=================================================================== +--- Python-3.11.8.orig/Lib/ensurepip/__init__.py ++++ Python-3.11.8/Lib/ensurepip/__init__.py +@@ -122,27 +122,27 @@ def _disable_pip_configuration_settings( + os.environ['PIP_CONFIG_FILE'] = os.devnull + + +-def bootstrap(*, root=None, upgrade=False, user=False, ++def bootstrap(*, root=None, prefix=None, upgrade=False, user=False, + altinstall=False, default_pip=False, + verbosity=0): + """ + Bootstrap pip into the current Python installation (or the given root +- directory). ++ and directory prefix). + + Note that calling this function will alter both sys.path and os.environ. + """ + # Discard the return value +- _bootstrap(root=root, upgrade=upgrade, user=user, ++ _bootstrap(root=root, prefix=prefix, upgrade=upgrade, user=user, + altinstall=altinstall, default_pip=default_pip, + verbosity=verbosity) + + +-def _bootstrap(*, root=None, upgrade=False, user=False, ++def _bootstrap(*, root=None, prefix=None, upgrade=False, user=False, + altinstall=False, default_pip=False, + verbosity=0): + """ + Bootstrap pip into the current Python installation (or the given root +- directory). Returns pip command status code. ++ and directory prefix). Returns pip command status code. + + Note that calling this function will alter both sys.path and os.environ. + """ +@@ -192,6 +192,8 @@ def _bootstrap(*, root=None, upgrade=Fal + args = ["install", "--no-cache-dir", "--no-index", "--find-links", tmpdir] + if root: + args += ["--root", root] ++ if prefix: ++ args += ["--prefix", prefix] + if upgrade: + args += ["--upgrade"] + if user: +@@ -267,6 +269,11 @@ def _main(argv=None): + help="Install everything relative to this alternate root directory.", + ) + parser.add_argument( ++ "--prefix", ++ default=None, ++ help="Install everything using this prefix.", ++ ) ++ parser.add_argument( + "--altinstall", + action="store_true", + default=False, +@@ -285,6 +292,7 @@ def _main(argv=None): + + return _bootstrap( + root=args.root, ++ prefix=args.prefix, + upgrade=args.upgrade, + user=args.user, + verbosity=args.verbosity, +Index: Python-3.11.8/Lib/test/test_ensurepip.py +=================================================================== +--- Python-3.11.8.orig/Lib/test/test_ensurepip.py ++++ Python-3.11.8/Lib/test/test_ensurepip.py +@@ -112,6 +112,17 @@ class TestBootstrap(EnsurepipMixin, unit + unittest.mock.ANY, + ) + ++ def test_bootstrapping_with_prefix(self): ++ ensurepip.bootstrap(prefix="/foo/bar/") ++ self.run_pip.assert_called_once_with( ++ [ ++ "install", "--no-cache-dir", "--no-index", "--find-links", ++ unittest.mock.ANY, "--prefix", "/foo/bar/", ++ "setuptools", "pip", ++ ], ++ unittest.mock.ANY, ++ ) ++ + def test_bootstrapping_with_user(self): + ensurepip.bootstrap(user=True) + +Index: Python-3.11.8/Makefile.pre.in +=================================================================== +--- Python-3.11.8.orig/Makefile.pre.in ++++ Python-3.11.8/Makefile.pre.in +@@ -1761,7 +1761,7 @@ install: @FRAMEWORKINSTALLFIRST@ commoni + install|*) ensurepip="" ;; \ + esac; \ + $(RUNSHARED) $(PYTHON_FOR_BUILD) -m ensurepip \ +- $$ensurepip --root=$(DESTDIR)/ ; \ ++ $$ensurepip --root=$(DESTDIR)/ --prefix=$(prefix) ; \ + fi + + altinstall: commoninstall +@@ -1771,7 +1771,7 @@ altinstall: commoninstall + install|*) ensurepip="--altinstall" ;; \ + esac; \ + $(RUNSHARED) $(PYTHON_FOR_BUILD) -m ensurepip \ +- $$ensurepip --root=$(DESTDIR)/ ; \ ++ $$ensurepip --root=$(DESTDIR)/ --prefix=$(prefix) ; \ + fi + + commoninstall: check-clean-src @FRAMEWORKALTINSTALLFIRST@ \ +Index: Python-3.11.8/Misc/NEWS.d/next/Build/2019-12-16-17-50-42.bpo-31046.XA-Qfr.rst +=================================================================== +--- /dev/null ++++ Python-3.11.8/Misc/NEWS.d/next/Build/2019-12-16-17-50-42.bpo-31046.XA-Qfr.rst +@@ -0,0 +1 @@ ++A directory prefix can now be specified when using :mod:`ensurepip`. diff --git a/bsc1221260-test_asyncio-ResourceWarning.patch b/bsc1221260-test_asyncio-ResourceWarning.patch new file mode 100644 index 0000000..15d6b8d --- /dev/null +++ b/bsc1221260-test_asyncio-ResourceWarning.patch @@ -0,0 +1,21 @@ +From a3052035485bd2836e40f5284657ca105382cbfd Mon Sep 17 00:00:00 2001 +From: sobolevn +Date: Tue, 5 Mar 2024 20:24:16 +0300 +Subject: [PATCH] gh-116112: Fix `ResourceWarning` in + `test_asyncio.test_stream` + +Co-authored-by: @CendioOssman +--- + Lib/test/test_asyncio/test_streams.py | 1 + + 1 file changed, 1 insertion(+) + +--- a/Lib/test/test_asyncio/test_streams.py ++++ b/Lib/test/test_asyncio/test_streams.py +@@ -1156,6 +1156,7 @@ os.close(fd) + + def test_unhandled_cancel(self): + async def handle_echo(reader, writer): ++ writer.close() + asyncio.current_task().cancel() + messages = self._basetest_unhandled_exceptions(handle_echo) + self.assertEqual(messages, []) diff --git a/bso1227999-reproducible-builds.patch b/bso1227999-reproducible-builds.patch new file mode 100644 index 0000000..fb33d18 --- /dev/null +++ b/bso1227999-reproducible-builds.patch @@ -0,0 +1,37 @@ +From ac2b8869724d7a57d9b5efbdce2f20423214e8bb Mon Sep 17 00:00:00 2001 +From: "Bernhard M. Wiedemann" +Date: Tue, 16 Jul 2024 21:39:33 +0200 +Subject: [PATCH] Allow to override build date with SOURCE_DATE_EPOCH + +to make builds reproducible. +See https://reproducible-builds.org/ for why this is good +and https://reproducible-builds.org/specs/source-date-epoch/ +for the definition of this variable. +--- + Doc/conf.py | 3 ++- + Doc/library/functions.rst | 2 +- + 2 files changed, 3 insertions(+), 2 deletions(-) + +--- a/Doc/conf.py ++++ b/Doc/conf.py +@@ -316,7 +316,8 @@ html_context = { + } + + # This 'Last updated on:' timestamp is inserted at the bottom of every page. +-html_last_updated_fmt = time.strftime('%b %d, %Y (%H:%M UTC)', time.gmtime()) ++html_time = int(os.environ.get('SOURCE_DATE_EPOCH', time.time())) ++html_last_updated_fmt = time.strftime('%b %d, %Y (%H:%M UTC)', time.gmtime(html_time)) + + # Path to find HTML templates. + templates_path = ['tools/templates'] +--- a/Doc/library/functions.rst ++++ b/Doc/library/functions.rst +@@ -1356,7 +1356,7 @@ are always available. They are listed h + (where :func:`open` is declared), :mod:`os`, :mod:`os.path`, :mod:`tempfile`, + and :mod:`shutil`. + +- .. audit-event:: open file,mode,flags open ++ .. audit-event:: open path,mode,flags open + + The ``mode`` and ``flags`` arguments may have been modified or inferred from + the original call. diff --git a/distutils-reproducible-compile.patch b/distutils-reproducible-compile.patch new file mode 100644 index 0000000..17e8bd2 --- /dev/null +++ b/distutils-reproducible-compile.patch @@ -0,0 +1,17 @@ +--- + Lib/distutils/util.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +Index: Python-3.11.8/Lib/distutils/util.py +=================================================================== +--- Python-3.11.8.orig/Lib/distutils/util.py ++++ Python-3.11.8/Lib/distutils/util.py +@@ -436,7 +436,7 @@ byte_compile(files, optimize=%r, force=% + else: + from py_compile import compile + +- for file in py_files: ++ for file in sorted(py_files): + if file[-3:] != ".py": + # This lets us be lazy and not filter filenames in + # the "install_lib" command. diff --git a/externally_managed.in b/externally_managed.in new file mode 100644 index 0000000..54606b6 --- /dev/null +++ b/externally_managed.in @@ -0,0 +1,12 @@ +[externally-managed] +Error=To install Python packages system-wide, try + zypper install __PYTHONPREFIX__-xyz, where xyz is the package + you are trying to install. + + If you wish to install a non-rpm packaged Python package, + create a virtual environment using __PYTHON__ -m venv path/to/venv. + Then use path/to/venv/bin/python and path/to/venv/bin/pip. + + If you wish to install a non-rpm packaged Python application, + it may be easiest to use `pipx install xyz`, which will manage a + virtual environment for you. Install pipx via `zypper install __PYTHONPREFIX__-pipx` . diff --git a/fix_configure_rst.patch b/fix_configure_rst.patch new file mode 100644 index 0000000..7c6fd0e --- /dev/null +++ b/fix_configure_rst.patch @@ -0,0 +1,40 @@ +--- + Doc/using/configure.rst | 3 --- + Misc/NEWS | 2 +- + 2 files changed, 1 insertion(+), 4 deletions(-) + +--- a/Doc/using/configure.rst ++++ b/Doc/using/configure.rst +@@ -43,7 +43,6 @@ General Options + + See :data:`sys.int_info.bits_per_digit `. + +-.. option:: --with-cxx-main + .. option:: --with-cxx-main=COMPILER + + Compile the Python ``main()`` function and link Python executable with C++ +@@ -529,13 +528,11 @@ macOS Options + + See ``Mac/README.rst``. + +-.. option:: --enable-universalsdk + .. option:: --enable-universalsdk=SDKDIR + + Create a universal binary build. *SDKDIR* specifies which macOS SDK should + be used to perform the build (default is no). + +-.. option:: --enable-framework + .. option:: --enable-framework=INSTALLDIR + + Create a Python.framework rather than a traditional Unix install. Optional +--- a/Misc/NEWS ++++ b/Misc/NEWS +@@ -9774,7 +9774,7 @@ C API + - bpo-40939: Removed documentation for the removed ``PyParser_*`` C API. + + - bpo-43795: The list in :ref:`limited-api-list` now shows the public name +- :c:struct:`PyFrameObject` rather than ``_frame``. The non-existing entry ++ :c:type:`PyFrameObject` rather than ``_frame``. The non-existing entry + ``_node`` no longer appears in the list. + + - bpo-44378: :c:func:`Py_IS_TYPE` no longer uses :c:func:`Py_TYPE` to avoid diff --git a/gh120226-fix-sendfile-test-kernel-610.patch b/gh120226-fix-sendfile-test-kernel-610.patch new file mode 100644 index 0000000..2eb6f63 --- /dev/null +++ b/gh120226-fix-sendfile-test-kernel-610.patch @@ -0,0 +1,35 @@ +From 1b3f6523a5c83323cdc44031b33a1c062e5dc698 Mon Sep 17 00:00:00 2001 +From: Xi Ruoyao +Date: Fri, 7 Jun 2024 23:51:32 +0800 +Subject: [PATCH] gh-120226: Fix + test_sendfile_close_peer_in_the_middle_of_receiving on Linux >= 6.10 + (GH-120227) + +The worst case is that the kernel buffers 17 pages with a page size of 64k. +(cherry picked from commit a7584245661102a5768c643fbd7db8395fd3c90e) + +Co-authored-by: Xi Ruoyao +--- + Lib/test/test_asyncio/test_sendfile.py | 11 ++++------- + 1 file changed, 4 insertions(+), 7 deletions(-) + +--- a/Lib/test/test_asyncio/test_sendfile.py ++++ b/Lib/test/test_asyncio/test_sendfile.py +@@ -93,13 +93,10 @@ class MyProto(asyncio.Protocol): + + class SendfileBase: + +- # 256 KiB plus small unaligned to buffer chunk +- # Newer versions of Windows seems to have increased its internal +- # buffer and tries to send as much of the data as it can as it +- # has some form of buffering for this which is less than 256KiB +- # on newer server versions and Windows 11. +- # So DATA should be larger than 256 KiB to make this test reliable. +- DATA = b"x" * (1024 * 256 + 1) ++ # Linux >= 6.10 seems buffering up to 17 pages of data. ++ # So DATA should be large enough to make this test reliable even with a ++ # 64 KiB page configuration. ++ DATA = b"x" * (1024 * 17 * 64 + 1) + # Reduce socket buffer size to test on relative small data sets. + BUF_SIZE = 4 * 1024 # 4 KiB + diff --git a/idle3.appdata.xml b/idle3.appdata.xml new file mode 100644 index 0000000..554b7c4 --- /dev/null +++ b/idle3.appdata.xml @@ -0,0 +1,35 @@ + + + + + idle3.desktop + IDLE3 + CC0 + Python-2.0 + Python 3 Integrated Development and Learning Environment + +

+ IDLE is Python’s Integrated Development and Learning Environment. + The GUI is uniform between Windows, Unix, and Mac OS X. + IDLE provides an easy way to start writing, running, and debugging + Python code. +

+

+ IDLE is written in pure Python, and uses the tkinter GUI toolkit. + It provides: +

+
    +
  • a Python shell window (interactive interpreter) with colorizing of code input, output, and error messages,
    • +
  • a multi-window text editor with multiple undo, Python colorizing, smart indent, call tips, auto completion, and other features,
    • +
  • search within any window, replace within editor windows, and search through multiple files (grep),
    • +
  • a debugger with persistent breakpoints, stepping, and viewing of global and local namespaces.
    • +
+ + https://docs.python.org/3/library/idle.html + + http://in.waw.pl/~zbyszek/fedora/idle3-appdata/idle3-main-window.png + http://in.waw.pl/~zbyszek/fedora/idle3-appdata/idle3-class-browser.png + http://in.waw.pl/~zbyszek/fedora/idle3-appdata/idle3-code-viewer.png + + zbyszek@in.waw.pl + diff --git a/idle3.desktop b/idle3.desktop new file mode 100644 index 0000000..43f5a4c --- /dev/null +++ b/idle3.desktop @@ -0,0 +1,12 @@ +[Desktop Entry] +Version=1.0 +Name=IDLE 3 +GenericName=Python 3 IDE +Comment=Python 3 Integrated Development and Learning Environment +Exec=idle3 %F +TryExec=idle3 +Terminal=false +Type=Application +Icon=idle3 +Categories=Development;IDE; +MimeType=text/x-python; diff --git a/import_failed.map b/import_failed.map new file mode 100644 index 0000000..f33690c --- /dev/null +++ b/import_failed.map @@ -0,0 +1,7 @@ +python311-curses: curses _curses _curses_panel +python311-dbm: dbm _dbm _gdbm +python311-idle: idlelib +python311-testsuite: test _ctypes_test _testbuffer _testcapi _testinternalcapi _testimportmultiple _testmultiphase xxlimited +python311-tk: tkinter _tkinter +python311-tools: turtledemo +python311: sqlite3 readline _sqlite3 nis diff --git a/import_failed.py b/import_failed.py new file mode 100644 index 0000000..258b5a5 --- /dev/null +++ b/import_failed.py @@ -0,0 +1,23 @@ +import sys, os +from sysconfig import get_path + +failed_map_path = os.path.join(get_path('stdlib'), '_import_failed', 'import_failed.map') + +if __spec__: + failed_name = __spec__.name +else: + failed_name = __name__ + +with open(failed_map_path) as fd: + for line in fd: + package = line.split(':')[0] + imports = line.split(':')[1] + if failed_name in imports: + raise ImportError(f"""Module '{failed_name}' is not installed. +Use: + sudo zypper install {package} +to install it.""") + +raise ImportError(f"""Module '{failed_name}' is not installed. +It is supposed to be part of python3 distribution, but missing from failed import map. +Please file a bug on the SUSE Bugzilla.""") diff --git a/macros.python3 b/macros.python3 new file mode 100644 index 0000000..2bd193b --- /dev/null +++ b/macros.python3 @@ -0,0 +1,28 @@ +%have_python3 1 + +# commented out legacy macro definitions +#py3_prefix /usr +#py3_incdir /usr/include/python3.5m +#py3_ver 3.5 + +# these should now be provided by macros.python_all +#python3_sitearch /usr/lib64/python3.5/site-packages +#python3_sitelib /usr/lib/python3.5/site-packages +#python3_version 3.5 + +# hard to say if anyone ever used these? +#py3_soflags cpython-35m-x86_64-linux-gnu +#py3_abiflags m +%cpython3_soabi %(python3 -c "import sysconfig; print(sysconfig.get_config_var('SOABI'))") +%py3_soflags %cpython3_soabi + +# compilation macros that might be in use somewhere +%py3_compile(O) \ +find %1 -name '*.pyc' -exec rm -f {} ";"\ +python3 -c "import sys, os, compileall; br='%{buildroot}'; compileall.compile_dir(sys.argv[1], ddir=br and (sys.argv[1][len(os.path.abspath(br)):]+'/') or None)" %1\ +%{-O:\ +find %1 -name '*.pyo' -exec rm -f {} ";"\ +python3 -O -c "import sys, os, compileall; br='%{buildroot}'; compileall.compile_dir(sys.argv[1], ddir=br and (sys.argv[1][len(os.path.abspath(br)):]+'/') or None)" %1\ +} + + diff --git a/no-skipif-doctests.patch b/no-skipif-doctests.patch new file mode 100644 index 0000000..7e412d7 --- /dev/null +++ b/no-skipif-doctests.patch @@ -0,0 +1,653 @@ +only in patch2: +unchanged: +--- + Doc/library/turtle.rst | 82 ------------------------------------------------- + 1 file changed, 82 deletions(-) + +--- a/Doc/library/turtle.rst ++++ b/Doc/library/turtle.rst +@@ -440,7 +440,6 @@ Turtle motion + turtle is headed. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.position() + (0.00,0.00) +@@ -467,7 +466,6 @@ Turtle motion + >>> turtle.goto(0, 0) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.position() + (0.00,0.00) +@@ -486,13 +484,11 @@ Turtle motion + orientation depends on the turtle mode, see :func:`mode`. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.setheading(22) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.heading() + 22.0 +@@ -511,13 +507,11 @@ Turtle motion + orientation depends on the turtle mode, see :func:`mode`. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.setheading(22) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.heading() + 22.0 +@@ -540,13 +534,11 @@ Turtle motion + not change the turtle's orientation. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.goto(0, 0) + + .. doctest:: +- :skipif: _tkinter is None + + >>> tp = turtle.pos() + >>> tp +@@ -570,13 +562,11 @@ Turtle motion + unchanged. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.goto(0, 240) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.position() + (0.00,240.00) +@@ -592,13 +582,11 @@ Turtle motion + Set the turtle's second coordinate to *y*, leave first coordinate unchanged. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.goto(0, 40) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.position() + (0.00,40.00) +@@ -625,7 +613,6 @@ Turtle motion + =================== ==================== + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.setheading(90) + >>> turtle.heading() +@@ -638,14 +625,12 @@ Turtle motion + its start-orientation (which depends on the mode, see :func:`mode`). + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.setheading(90) + >>> turtle.goto(0, -10) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.heading() + 90.0 +@@ -677,7 +662,6 @@ Turtle motion + calculated automatically. May be used to draw regular polygons. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.position() +@@ -706,7 +690,6 @@ Turtle motion + + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.dot() +@@ -724,7 +707,6 @@ Turtle motion + it by calling ``clearstamp(stamp_id)``. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.color("blue") + >>> turtle.stamp() +@@ -740,7 +722,6 @@ Turtle motion + Delete stamp with given *stampid*. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.position() + (150.00,-0.00) +@@ -785,7 +766,6 @@ Turtle motion + undo actions is determined by the size of the undobuffer. + + .. doctest:: +- :skipif: _tkinter is None + + >>> for i in range(4): + ... turtle.fd(50); turtle.lt(80) +@@ -818,7 +798,6 @@ Turtle motion + turtle turn instantly. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.speed() + 3 +@@ -839,7 +818,6 @@ Tell Turtle's state + Return the turtle's current location (x,y) (as a :class:`Vec2D` vector). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.pos() + (440.00,-0.00) +@@ -855,7 +833,6 @@ Tell Turtle's state + orientation which depends on the mode - "standard"/"world" or "logo". + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.goto(10, 10) + >>> turtle.towards(0,0) +@@ -867,7 +844,6 @@ Tell Turtle's state + Return the turtle's x coordinate. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.left(50) +@@ -883,7 +859,6 @@ Tell Turtle's state + Return the turtle's y coordinate. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.left(60) +@@ -900,7 +875,6 @@ Tell Turtle's state + :func:`mode`). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.left(67) +@@ -917,7 +891,6 @@ Tell Turtle's state + other turtle, in turtle step units. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.distance(30,40) +@@ -941,7 +914,6 @@ Settings for measurement + Default value is 360 degrees. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.left(90) +@@ -964,7 +936,6 @@ Settings for measurement + ``degrees(2*math.pi)``. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.left(90) +@@ -975,7 +946,6 @@ Settings for measurement + 1.5707963267948966 + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.degrees(360) +@@ -1011,7 +981,6 @@ Drawing state + thickness. If no argument is given, the current pensize is returned. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.pensize() + 1 +@@ -1043,7 +1012,6 @@ Drawing state + attributes in one statement. + + .. doctest:: +- :skipif: _tkinter is None + :options: +NORMALIZE_WHITESPACE + + >>> turtle.pen(fillcolor="black", pencolor="red", pensize=10) +@@ -1066,7 +1034,6 @@ Drawing state + Return ``True`` if pen is down, ``False`` if it's up. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.penup() + >>> turtle.isdown() +@@ -1107,7 +1074,6 @@ Color control + newly set pencolor. + + .. doctest:: +- :skipif: _tkinter is None + + >>> colormode() + 1.0 +@@ -1156,7 +1122,6 @@ Color control + with the newly set fillcolor. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.fillcolor("violet") + >>> turtle.fillcolor() +@@ -1195,7 +1160,6 @@ Color control + with the newly set colors. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.color("red", "green") + >>> turtle.color() +@@ -1212,7 +1176,6 @@ Filling + ~~~~~~~ + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.home() +@@ -1222,7 +1185,6 @@ Filling + Return fillstate (``True`` if filling, ``False`` else). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.begin_fill() + >>> if turtle.filling(): +@@ -1247,7 +1209,6 @@ Filling + above may be either all yellow or have some white regions. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.color("black", "red") + >>> turtle.begin_fill() +@@ -1264,7 +1225,6 @@ More drawing control + variables to the default values. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.goto(0,-22) + >>> turtle.left(100) +@@ -1315,7 +1275,6 @@ Visibility + drawing observably. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.hideturtle() + +@@ -1326,7 +1285,6 @@ Visibility + Make the turtle visible. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.showturtle() + +@@ -1357,7 +1315,6 @@ Appearance + deal with shapes see Screen method :func:`register_shape`. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.shape() + 'classic' +@@ -1383,7 +1340,6 @@ Appearance + ``resizemode("user")`` is called by :func:`shapesize` when used with arguments. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.resizemode() + 'noresize' +@@ -1407,7 +1363,6 @@ Appearance + of the shape's outline. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.shapesize() + (1.0, 1.0, 1) +@@ -1432,7 +1387,6 @@ Appearance + heading of the turtle are sheared. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.shape("circle") + >>> turtle.shapesize(5,2) +@@ -1449,7 +1403,6 @@ Appearance + change the turtle's heading (direction of movement). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.reset() + >>> turtle.shape("circle") +@@ -1469,7 +1422,6 @@ Appearance + (direction of movement). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.reset() + >>> turtle.shape("circle") +@@ -1495,7 +1447,6 @@ Appearance + turtle (its direction of movement). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.reset() + >>> turtle.shape("circle") +@@ -1524,7 +1475,6 @@ Appearance + given matrix. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle = Turtle() + >>> turtle.shape("square") +@@ -1540,7 +1490,6 @@ Appearance + can be used to define a new shape or components of a compound shape. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.shape("square") + >>> turtle.shapetransform(4, -1, 0, 2) +@@ -1565,7 +1514,6 @@ Using events + procedural way: + + .. doctest:: +- :skipif: _tkinter is None + + >>> def turn(x, y): + ... left(180) +@@ -1586,7 +1534,6 @@ Using events + ``None``, existing bindings are removed. + + .. doctest:: +- :skipif: _tkinter is None + + >>> class MyTurtle(Turtle): + ... def glow(self,x,y): +@@ -1614,7 +1561,6 @@ Using events + mouse-click event on that turtle. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.ondrag(turtle.goto) + +@@ -1642,7 +1588,6 @@ Special Turtle methods + Return the last recorded polygon. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.begin_poly() +@@ -1662,7 +1607,6 @@ Special Turtle methods + turtle properties. + + .. doctest:: +- :skipif: _tkinter is None + + >>> mick = Turtle() + >>> joe = mick.clone() +@@ -1675,7 +1619,6 @@ Special Turtle methods + return the "anonymous turtle": + + .. doctest:: +- :skipif: _tkinter is None + + >>> pet = getturtle() + >>> pet.fd(50) +@@ -1689,7 +1632,6 @@ Special Turtle methods + TurtleScreen methods can then be called for that object. + + .. doctest:: +- :skipif: _tkinter is None + + >>> ts = turtle.getscreen() + >>> ts +@@ -1707,7 +1649,6 @@ Special Turtle methods + ``None``, the undobuffer is disabled. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.setundobuffer(42) + +@@ -1717,7 +1658,6 @@ Special Turtle methods + Return number of entries in the undobuffer. + + .. doctest:: +- :skipif: _tkinter is None + + >>> while undobufferentries(): + ... undo() +@@ -1740,7 +1680,6 @@ below: + For example: + + .. doctest:: +- :skipif: _tkinter is None + + >>> s = Shape("compound") + >>> poly1 = ((0,0),(10,-5),(0,10),(-10,-5)) +@@ -1751,7 +1690,6 @@ below: + 3. Now add the Shape to the Screen's shapelist and use it: + + .. doctest:: +- :skipif: _tkinter is None + + >>> register_shape("myshape", s) + >>> shape("myshape") +@@ -1771,7 +1709,6 @@ Most of the examples in this section ref + ``screen``. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> screen = Screen() +@@ -1788,7 +1725,6 @@ Window control + Set or return background color of the TurtleScreen. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.bgcolor("orange") + >>> screen.bgcolor() +@@ -1880,7 +1816,6 @@ Window control + distorted. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.reset() + >>> screen.setworldcoordinates(-50,-7.5,50,7.5) +@@ -1891,7 +1826,6 @@ Window control + ... left(45); fd(2) # a regular octagon + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> screen.reset() +@@ -1913,7 +1847,6 @@ Animation control + Optional argument: + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.delay() + 10 +@@ -1935,7 +1868,6 @@ Animation control + :func:`delay`). + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.tracer(8, 25) + >>> dist = 2 +@@ -1972,7 +1904,6 @@ Using screen events + must have the focus. (See method :func:`listen`.) + + .. doctest:: +- :skipif: _tkinter is None + + >>> def f(): + ... fd(50) +@@ -1993,7 +1924,6 @@ Using screen events + must have focus. (See method :func:`listen`.) + + .. doctest:: +- :skipif: _tkinter is None + + >>> def f(): + ... fd(50) +@@ -2018,7 +1948,6 @@ Using screen events + named ``turtle``: + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.onclick(turtle.goto) # Subsequently clicking into the TurtleScreen will + >>> # make the turtle move to the clicked point. +@@ -2038,7 +1967,6 @@ Using screen events + Install a timer that calls *fun* after *t* milliseconds. + + .. doctest:: +- :skipif: _tkinter is None + + >>> running = True + >>> def f(): +@@ -2120,7 +2048,6 @@ Settings and special methods + ============ ========================= =================== + + .. doctest:: +- :skipif: _tkinter is None + + >>> mode("logo") # resets turtle heading to north + >>> mode() +@@ -2135,7 +2062,6 @@ Settings and special methods + values of color triples have to be in the range 0..*cmode*. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.colormode(1) + >>> turtle.pencolor(240, 160, 80) +@@ -2156,7 +2082,6 @@ Settings and special methods + do with a Tkinter Canvas. + + .. doctest:: +- :skipif: _tkinter is None + + >>> cv = screen.getcanvas() + >>> cv +@@ -2168,7 +2093,6 @@ Settings and special methods + Return a list of names of all currently available turtle shapes. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.getshapes() + ['arrow', 'blank', 'circle', ..., 'turtle'] +@@ -2192,7 +2116,6 @@ Settings and special methods + coordinates: Install the corresponding polygon shape. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.register_shape("triangle", ((5,-3), (0,5), (-5,-3))) + +@@ -2208,7 +2131,6 @@ Settings and special methods + Return the list of turtles on the screen. + + .. doctest:: +- :skipif: _tkinter is None + + >>> for turtle in screen.turtles(): + ... turtle.color("red") +@@ -2270,7 +2192,6 @@ Methods specific to Screen, not inherite + center window vertically + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.setup (width=200, height=200, startx=0, starty=0) + >>> # sets window to 200x200 pixels, in upper left of screen +@@ -2286,7 +2207,6 @@ Methods specific to Screen, not inherite + Set title of turtle window to *titlestring*. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.title("Welcome to the turtle zoo!") + +@@ -2357,7 +2277,6 @@ Public classes + Example: + + .. doctest:: +- :skipif: _tkinter is None + + >>> poly = ((0,0),(10,-5),(0,10),(-10,-5)) + >>> s = Shape("compound") +@@ -2743,7 +2662,6 @@ Changes since Python 3.0 + + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> for turtle in turtles(): diff --git a/pre_checkin.sh b/pre_checkin.sh new file mode 100644 index 0000000..a2cf992 --- /dev/null +++ b/pre_checkin.sh @@ -0,0 +1,78 @@ +#!/bin/bash + +export LC_ALL=C + +master=python*.spec + +# create import_failed.map from package definitions +pkgname=$(grep python_pkg_name $master |grep define |awk -F' ' '{print $3}') +MAPFILE=import_failed.map +function new_map_line () { + package=$1 + package=$(echo $1 |sed -e "s:%{python_pkg_name}:$pkgname:") + modules=$2 + if [ -z "$package" -o -z "$modules" ]; then + return + fi + if [[ "$package" =~ "-base" ]]; then + return + fi + echo "$package:$modules" >> $MAPFILE.tmp +} + +for spec in *.spec; do + basename=${spec%.spec} + package= + modules= + while read line; do + case $line in + "%files -n "*) + new_map_line $package "$modules" + package=${line#"%files -n "} + modules= + ;; + "%files "*) + new_map_line $package "$modules" + package=$basename-${line#"%files "} + modules= + ;; + "%files") + new_map_line $package "$modules" + package=$basename + modules= + ;; + "%{sitedir}/config-"*) + # ignore + ;; + "%{sitedir}/"*) + word=${line#"%{sitedir}/"} + if ! echo $word | grep -q /; then + modules="$modules $word" + fi + ;; + "%{dynlib "*"}") + word=${line#"%{dynlib "} + word=${word%"}"} + modules="$modules $word" + ;; + esac + done < $spec + new_map_line $package "$modules" +done + +cat $MAPFILE.tmp |sort -u > $MAPFILE +rm $MAPFILE.tmp + +# run test inclusion check +tar xJf Python-*.xz +python3 skipped_tests.py + +# generate baselibs.conf +VERSION=$(grep ^Version $master|awk -F':' '{print $2}' |sed -e 's/ //g') +python_version=${VERSION:0:3} # 3.3 +python_version_abitag=${python_version//./} # 33 +python_version_soname=${python_version//./_} # 3_3 +echo "$pkgname-base" > baselibs.conf +echo "$pkgname" >> baselibs.conf +echo "libpython$python_version_soname-1_0" >> baselibs.conf + diff --git a/python-3.3.0b1-fix_date_time_compiler.patch b/python-3.3.0b1-fix_date_time_compiler.patch new file mode 100644 index 0000000..cda20d7 --- /dev/null +++ b/python-3.3.0b1-fix_date_time_compiler.patch @@ -0,0 +1,27 @@ +--- + Makefile.pre.in | 7 +++++++ + 1 file changed, 7 insertions(+) + +Index: Python-3.11.8/Makefile.pre.in +=================================================================== +--- Python-3.11.8.orig/Makefile.pre.in ++++ Python-3.11.8/Makefile.pre.in +@@ -1240,11 +1240,18 @@ Modules/getbuildinfo.o: $(PARSER_OBJS) \ + $(DTRACE_OBJS) \ + $(srcdir)/Modules/getbuildinfo.c + $(CC) -c $(PY_CORE_CFLAGS) \ ++ -DDATE="\"`date -u -r Makefile.pre.in +"%b %d %Y"`\"" \ ++ -DTIME="\"`date -u -r Makefile.pre.in +"%T"`\"" \ + -DGITVERSION="\"`LC_ALL=C $(GITVERSION)`\"" \ + -DGITTAG="\"`LC_ALL=C $(GITTAG)`\"" \ + -DGITBRANCH="\"`LC_ALL=C $(GITBRANCH)`\"" \ + -o $@ $(srcdir)/Modules/getbuildinfo.c + ++Python/getcompiler.o: $(srcdir)/Python/getcompiler.c Makefile ++ $(CC) -c $(PY_CORE_CFLAGS) \ ++ -DCOMPILER='"[GCC]"' \ ++ -o $@ $(srcdir)/Python/getcompiler.c ++ + Modules/getpath.o: $(srcdir)/Modules/getpath.c Python/frozen_modules/getpath.h Makefile $(PYTHON_HEADERS) + $(CC) -c $(PY_CORE_CFLAGS) -DPYTHONPATH='"$(PYTHONPATH)"' \ + -DPREFIX='"$(prefix)"' \ diff --git a/python-3.3.0b1-localpath.patch b/python-3.3.0b1-localpath.patch new file mode 100644 index 0000000..475497e --- /dev/null +++ b/python-3.3.0b1-localpath.patch @@ -0,0 +1,13 @@ +Index: Python-3.11.8/Lib/site.py +=================================================================== +--- Python-3.11.8.orig/Lib/site.py ++++ Python-3.11.8/Lib/site.py +@@ -77,7 +77,7 @@ import io + import stat + + # Prefixes for site-packages; add additional prefixes like /usr/local here +-PREFIXES = [sys.prefix, sys.exec_prefix] ++PREFIXES = [sys.prefix, sys.exec_prefix, '/usr/local'] + # Enable per user site-packages directory + # set it to False to disable the feature or True to force the feature + ENABLE_USER_SITE = None diff --git a/python-3.3.0b1-test-posix_fadvise.patch b/python-3.3.0b1-test-posix_fadvise.patch new file mode 100644 index 0000000..ac5d553 --- /dev/null +++ b/python-3.3.0b1-test-posix_fadvise.patch @@ -0,0 +1,17 @@ +--- + Lib/test/test_posix.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +Index: Python-3.11.8/Lib/test/test_posix.py +=================================================================== +--- Python-3.11.8.orig/Lib/test/test_posix.py ++++ Python-3.11.8/Lib/test/test_posix.py +@@ -430,7 +430,7 @@ class PosixTester(unittest.TestCase): + def test_posix_fadvise(self): + fd = os.open(os_helper.TESTFN, os.O_RDONLY) + try: +- posix.posix_fadvise(fd, 0, 0, posix.POSIX_FADV_WILLNEED) ++ posix.posix_fadvise(fd, 0, 0, posix.POSIX_FADV_RANDOM) + finally: + os.close(fd) + diff --git a/python.keyring b/python.keyring new file mode 100644 index 0000000..747bc27 --- /dev/null +++ b/python.keyring @@ -0,0 +1,109 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBFq+ToQBEADRYvIVtbK6owynD3j3nxwpW2KEk/p+aDvtXmc2SR2dBcZ8sFW2 +R5vEsG8d3/D3wgv5pcL3KfNNXQYUnXVbobrFUUWQYc79qIsE3MgiPf5NVOtwKPUR +i5g9YJgKvpBxkQfqp3LYGm9ZBtwo3DVLA3yn7KsazCmAgTNFJYw7ku1XxgmIzY6K +5J30DfbJiqDqj4f9GslCCCCH3qiPnuLG/HUyVLHMpbWlaiy9NI0GcaLxjJewHj9w +W2D2lydkxe5JGo7egUkV3ILcuLVSVKA35SKY27dYqfuyqp9tAzaRbjDYjsYdHA6G +BqrNrKBn/GwlFDPrVdcvN3ZSY2wMLTxWE3Axc/FweuHxFnou/80FwX7F3JD+oEQ6 +rofmcxOBCC7J98I7HZAhP9jBn88XIS2hztbLq8d6rZJZRtcz0k61VR0ddO+TrFmf +9rMYCPgCckRtVxeFIVIabrN1IzKynLFeo040h8hSGswd6YKDOVwjJY6Oa6EmVefZ +a8QSt4+M65RSzH6SEPY008F3nJUAK6MEkzTak+tFltZNrVWu8p2xd1j9nmxAwEhZ +/lgbxLqzYgaUWmfyHeZ8yVA0MhHzdiAL8nVUEdG3KecIq0RWCJLGLWWIjd6KAJl1 +yAmhRYKK/sjPDsL3elHsFACfZbyx3o5GGQNlas1FYoPLWbaNGaJtgFTF2QARAQAB +tCtQYWJsbyBHYWxpbmRvIFNhbGdhZG8gPHBhYmxvZ3NhbEBnbWFpbC5jb20+iQJO +BBMBCgA4FiEEoDXIwZIZuoIezqhrZOYo+NaEaW0FAlq+ToQCGwMFCwkIBwMFFQoJ +CAsFFgIDAQACHgECF4AACgkQZOYo+NaEaW2bmA/+PXIap2udLoUVOHxnsIBdqYwp +sv1Aj5lfIJmNhmxPbHShwp1Jg+w4urxe+2Dj5ofKVlIo1i83bQkvnKJMDXDVuc/K +P6zqhBJ3rT4Q3qx2mzX8bIfQoJ2JHuH4lkP+I7doDcHHRyeNASyk72VdQmU4twNw +Ibn8nSNV6ThKHdoPYzVnO2rZUFcGIqH5HNsvR+B7cc1MBCHsgURYwSVhSePIFGlZ +iasdBD6QQkDSe4QWi7AcJFWFElw4kbOKJWxAWsrEk+tMXJVGRjnmL289EmPCx/vx +BqKy7Mse0yWCSRR3vB+O6TB1S5SgEyEgqlYsfGNv1qf/rfRD4KkyCbNU3LhY1Aim +vJP4pDW+KFxTk2Ks8vrx8gOSd2aFqPeO/pFDrpsF7PD62XwsfoXu4xc5V0Giw7r1 +Nai0nax7kOrldNF8TbbtRjW0jmoC7wLIDujAkwDIOroZ0CXA3N4HVHdSbrHm/urX +nyxJXupXAQNwGx64JCBcbF2fp3Kvu1VAXBEFnd01KaopthHcbG5pA50Kl2Vhe+98 +OdezUX42fHkQpQkB7HgtXfm6W1bw6YRBamrNvs1OoHBYmUjlECpe566IIu25Hc8s +x3qA+6eca7iqizyLG+WyMT8ZIYTWGAS59jxwR4esqGczbbZPSAPHFwLbGv7Wr0Rd +TPu5B0FcKpDkTd4IxQW5Ag0EWr5O2gEQAMjLe4CtbSfofmJrz5wfNkMVsZ81Gbqe +MoYd3dtkJnQYERUj8flzBj3ucaxGJ+Cuf7ybh3naPopKvEI1q0vkcgCDqrEgXK// +jKJbP28uPSMGhOG28q4PbamG55gy5FtM3ezzAxPWWKe9qBpV65GMmFy7eBQx2iJs +yiDIOOQQ4kraS+cTqNFimEXAGLCOQRNLcwIZzwAAHoW7HEpNUfVwaBD9kMlbo1ND +I60IKcNrNcmcmRxhJqfxjj8YBMwcKHO6GBE3AVpaE/+UO9zyr4TH+0YuQUgxKlPW +Dkg5XlkDo0S1GyLY5e9ckIDIlkTdDa2pOkoE2yB5MQCEga3YiHrKUVTTWaxn9XVJ +6x5ZjUF6bgSWGkrG5dUqSYoO1iDMuNVjtiujNyf/rvfj5cNxS7/lgxchhQKZHZXL +WVqxlneeVJ6s0P4+ROVG9ga2Sve7aUJ6wXIewZwulBcV2sE/W/DgxHgLBi53CUQt +vEzFzKvo48GnDqL5VYjA7l0HMYHd4GksCLi8E8U6Cgj+imXiM8voL7pHRZfs8mY8 +udR+UT4e1Scl2MYP2qBJ9/17B/X52B3s1EZdqI/r+hfOyqrhPs+dbAN0mtMPn68+ +nrvY1+nscvrSYEP6ZBlc9Hp2mgJdb6IcTvINXBEeLRjgc3pjViva443pkiFp9Axm +ecOckMKP3uSlABEBAAGJBGwEGAEKACAWIQSgNcjBkhm6gh7OqGtk5ij41oRpbQUC +Wr5O2gIbAgJACRBk5ij41oRpbcF0IAQZAQoAHRYhBM/cokWxBDzypfl4Zf/odAQW +i9hHBQJavk7aAAoJEP/odAQWi9hHr7YP/RCLre1CmOoWYpAtoa1yVCeYMDV6eQgL +B488/BEZHQE1zbrYy16XkhORob3JF/kUMjmJW7XaFF8FrWvRcdj/xaUGbOOEulKg +v+8zWfswYQRiZ4/JlwER4vRLi6fTE89MVER6Fkj2ASD4D2cifY+EztD4flV3sq3s +vIogGFaN9IvdrdeptOVGXs1RmAyoTsiS2mKQ6xsGh8B9ZAm55W8fBOGiSzLX21Xk +Ofdw53BrFQxn3cu/JgIKpdeZxgukcvEAI62B6X+YL6Na4j0eqEGLzsNtU1+xeJlo +WtVvmRwnRHGSxF6fzIZ3mk/p/aFiXAEq/xITCTY6tDv7x7pFE/RpdlJZyNJ+R5Y4 +SQiuDsylxNCa/4G5EB6q+7iVYtbEQ9MnZg2phowEE42tlj0rz8/rvDK3LH3xibot +KHIodCWKlWByxH99u2PuHUQ0c1oCVBUE1KkruMpvI236DpU/dvdq4JLSg/fWrys/ +VIjqLZgsIE5g/KO9XqngWHkLcBLh4CNAmHJ8Iia+s+/rfgsejQWB5uJb6eYg2JjB +4WP1EI0rULM6fdrCNB+MJ36wE2Lnb4bfT0phOMgjjH5/Ki7ZCbkxkOsBs4SRjiS+ +weCsmpAtMqodWY/Cnw9pWSA/qLSRD5/mKeb9SO6OZ/OPfAatwnGHsvZ2sAueC6rR +04W5BfXZWrnJUXQP/id/EKE1Ksp5fKoxSCbkKTCig+Sf5Afwe36yFN+niZBqzn5b +BgL/HIKaZM97oDHersPPANeEgS+JVlBf95iKIYnQbZP43FLVbvOuaINhBIVtFO54 +2Y7EYwl41kP7ILDElVy36KAmdQyBAfrjnZiRA70xShOxApLug1L0lxhR3YfmLwNi +RJ0V6KnYDKf0pfdhO9VFyFFWUojX1usn2SmSsXNizsNtvRqHXzPnX0rbJzZ9+N4O +9k1nxygYFG/2R/jGonVmTjRzcAHrAkNJETMWXMA7/8wRMDwluz8j+cCldey9x8Vk +JwgLGnZSbQtVpcFAnm5r/36Gt+9wc1VWMyrUrVr6Z679aqAbG7PMaeR5h5ygMj1k +VqRTYAUPSk1f8bZKRssQkQwEbp9dVIjm9SsR8VT7/tB+UuB85dABxgHfv3psJRT+ +tL8g9V7kSZqQfcLNGmvEVvr2Zl9NtxwXtsFM2OBprxCenwb+e9Ppm1LjfJG/NE72 +mAnOERfDaiLt4bqNo36Ei5sGCJ4Fx61phzNBXzkdRNM47i8J5UZRKFkE91c99BVM +HKUaY61NRK24fR0zP98ftDU82YFw0VRFJpTeBrO5ivN1MlQxUPzUWxKxMxO+20wa +UOXroEw11Tb4SRLGOla1pCl6lCUPJRy9IzadPDgTr/OTMkob/snt/XLdnV5/uQIN +BFq+TvoBEAC8Oy1g6pPWBbrCMhIq7VWY2fjylJ1fwg5BPXkOKVK1dsGYO4QD7oW9 +L0aSqcFSNFGF9Cl0Ri4TFXZC3hnG4HeSXUWApuKdBLn21H3jba36Ay1oGcGfdm0v +Zght4c6BlMVBpGCw2wIkJbUNEy6InMM+O8CCbbaH3iJkJ4141P7pODHignx5AmZI +conMui4YOhC+IXQXynVEv1Juk7erB1Nh1RcRvsA4lb44HWx49lIwe85ejOmoZ0O3 +6f9NJRer6bV0+rHWmg4IV5Q9h/Gn4IhEDZxA0DZl1RQI7dMgaMbIFbXGq7Kgzstz +EUnOoy29hXodxVmwIsMrAiQUYtwJ9hW+ESsw47+W2iPHVgviGWl7r/SgcgMYmf6m +5kiTBtwU7BQPS9G3zwwP2Rm3AA/6g39Q+tQKjOwi1I8+GZsY2On44Zly7BreBNg5 +4gJgdAGcMOYU9etr050clH3UpTYcAEtX++ahtOKhJgLIPNcIAQNlnifqvU0VYpgw +R4YpZ7hgg+AVDzC73PIM0lFI0XiDuqChbxE+K1jmLXWe5iJF0dzgVTwP+PmsifNZ +Wg3+YxSsS+hDMPQ2xPiQN49gT4JJDHcDuyhHyCGYgyMiVJCsku9KrkubbfVRivyN +ZF2Zfo3f+nbrRxsftz0yjAq8byCvb0V0XOpt4pJ/ddlug9ytRxALNwARAQABiQI2 +BBgBCgAgFiEEoDXIwZIZuoIezqhrZOYo+NaEaW0FAlq+TvoCGwwACgkQZOYo+NaE +aW3urA//UQ/cKQ7HvWjcLphzQOZc+6m5YL0wxvZkSjemU7mqjZdpacteIvRAoers +EqXHc208liIBtNfRzoreXdcXNzie65xXkrRnWoHVH/fTWy4lOnHr2CMXLeHjUgg/ +M6PYi8+sARm05YFB8nsYhlhx3IdLhcfeVVbJedQKO0yL3CK1okT30DUVq5Lq6X/K +DC6AxuJR3D6UMSoT0WLaoX8qbhAp88qLynInfBVL18d97h916WPLTPeP0eHwhwND +bYtKDCMDuKQ9XX5+QsNH0RmbxlX274LHrUMMvkLKxcfCBvP+iuqrBeIuoeVzXYJZ +j7ZJtEH79bW44eecl/CY/STFYgSQ2XGTp2BI2q60wAmtKlNhwxY5ena0FgyFl6Tm +5OBHW/Pwo+ndQJGfbrCyWkTgRay9c8er3gl3GQYIBH6X0kCiG7h/Epj0b5CHOPU5 +hCw0kEB8MB4poTIjeiY+Q01472/lQ68CL3DX158hR5d3XaPSIxAN+qFsfB1o316p +yjxhfK1MD/IfrOgjlggPPnc/KmLkCzpgdwKcZwLCdZq9hYBvF1Zs34HbaVMYbWTK +uxLowtXGU43vatCXXqmPOvl4/g4tZD6rysJDgOrHQnEHzT+Napn07s0BRC0IbbNn +FynUrkr5KMSuRz7Hg7xMApENOrb0nqdHSUJ914ZpuMIS6RhJgGu5Ag0EWr5PIAEQ +ALfh9vPD2B+miHDTMADI8aRZ7g9tnzynZYkk3+2sCiiusetsQQ+HIPJ/ASEJB7On +ane9dyT/LTRhrK9qaxgVMimk2COXB/xyh7Mnw7nJgFU0aRSbtX0vbvQz2suSzrQ6 +9mPKzan28JGoClqB0bw1vwf3VjjxHV2dgD57CmqFPv7kAC/2a56dE+etzXattZAL ++2JWTpmfQ0ePRRadtBm0VahQhnU8x0+jvAVrEawqpVW83ozYFyW/0WInM2J7jHgQ +16OosY4lj5L/DxpVxaArhRFoRfWPXfC37iE8Mou/I95isvPQIhp1wTo4jG0KM02B +oIVbp/QRNBQ6WtpOzvJs1gqQiJJTfqbKJXQ3NDEY9crpVS83HJ+Zv99PNsyNkFjG +QpU84U3ZhsI4ygjdY45mpZueqI1RVcRQdu8Hgvoo/78Q/Sir6gMGop3mVdVo2guI +kFcJrXh0Xk3ech4aVqrmKx/mPXGwOAQU0DAul4RW3fKg1QxQE7Tlw3+95Ee/+q5j +HARL0uDbCJpRO8Sl8NDEuL32n/2Ot6kQeCSHrU7KJRYAkTxkKvr8zNow7hFhHFPE +SnHvTnskI6noh0VY6NwMhmLvhm0wKkRxZPzUNc3sgLvbK1NymIZ9aKCZamzhZrmG +vnblEz/OSLwGUua465H3hM1vvBQiartj7+6ZqWIkSmBPABEBAAGJAjYEGAEKACAW +IQSgNcjBkhm6gh7OqGtk5ij41oRpbQUCWr5PIAIbIAAKCRBk5ij41oRpbWmeEACG ++axtDC8UoNp9ORiYwEWLzZWDuugE+ah7DYYGD4Vs633FXVZW3SgM/bFtJ/0Lg8CF +74jI4LMHyIjDzEjcoItwnhBLix+kUoJTvrY58GPydwekLuw1p4KXLqtRs4fsZbNQ +YTknl4jYtRWoxO98x7tun7Gq2gqmJkIB2uj630fKz5cBk6p6oDFKjzyrHe+V7BiK +3okQPaD4x7hq8OnTy7lOy92ZZAqztS4tNEb4DkYW1MpuwsJ7hbBZitc1siI+FVVb +GjVVGZz6ssXoW67Tz8+VxdWJxNLXlv27eMcj4sme5S0th/YYNA5fRRv6zuzqZAru +YNGLpYYU7JLvZJ+3lCwa5j5ycOGBF0GvsGs6gj6h+CHkjR/BgzAgWC+GgUgslt6q +aH04rWtV6rVz+Y91LcrX5P6OM4anmXD3Gp3kl35AypXb4KyASF19+11RUziD4Z7q +wQEWfbwOltNyZv2lD8s2jPr7P02axWRQUbZAEhxRmvOQev/FZPyCF6gqUo/HxRbQ +y3bzmnipyHSv1DlXNfCFCHvN8kGyZnRWARqIKRg+j9ediJgOUqlLhg6KmrTVxd5v +3Dfv52PW2UODDTM20s3cQGuX/UswzMRwPI/+P44iCMwEKdm7duM/5oisZT9Vhy7g +P15MreFZLcZvUVgjqgy0u57cstyGK1Bo9e2sFcK2fA== +=6Zb4 +-----END PGP PUBLIC KEY BLOCK----- diff --git a/python311-rpmlintrc b/python311-rpmlintrc new file mode 100644 index 0000000..5b35f34 --- /dev/null +++ b/python311-rpmlintrc @@ -0,0 +1,3 @@ +addFilter("pem-certificate.*/usr/lib.*/python.*/test/*.pem") +addFilter("devel-file-in-non-devel-package.*/usr/lib.*/python.*/tests/*.c") +addFilter("devel-file-in-non-devel-package.*/usr/lib.*/python.*/test/*.cpp") diff --git a/python311.changes b/python311.changes new file mode 100644 index 0000000..9a362f9 --- /dev/null +++ b/python311.changes @@ -0,0 +1,5451 @@ +------------------------------------------------------------------- +Fri Nov 1 16:32:10 UTC 2024 - Matej Cepl + +- Add CVE-2024-9287-venv_path_unquoted.patch to properly quote + path names provided when creating a virtual environment + (bsc#1232241, CVE-2024-9287) + +------------------------------------------------------------------- +Wed Oct 2 16:18:29 UTC 2024 - Matej Cepl + +- Drop .pyc files from docdir for reproducible builds + (bsc#1230906). + +------------------------------------------------------------------- +Mon Sep 9 16:53:07 UTC 2024 - Matej Cepl + +- Update to 3.11.10: + - Security + - gh-123678: Upgrade libexpat to 2.6.3 + - gh-121957: Fixed missing audit events around interactive + use of Python, now also properly firing for ``python -i``, + as well as for ``python -m asyncio``. The event in question + is ``cpython.run_stdin``. + - gh-122133: Authenticate the socket connection for the + ``socket.socketpair()`` fallback on platforms where + ``AF_UNIX`` is not available like Windows. Patch by + Gregory P. Smith and Seth Larson + . Reported by Ellie + - gh-121285: Remove backtracking from tarfile header parsing + for ``hdrcharset``, PAX, and GNU sparse headers + (bsc#1230227, CVE-2024-6232). + - gh-118486: :func:`os.mkdir` on Windows now accepts + *mode* of ``0o700`` to restrict the new directory to + the current user. This fixes CVE-2024-4030 affecting + :func:`tempfile.mkdtemp` in scenarios where the base + temporary directory is more permissive than the default. + - gh-116741: Update bundled libexpat to 2.6.2 + - Library + - gh-123270: Applied a more surgical fix for malformed + payloads in :class:`zipfile.Path` causing infinite loops + (gh-122905) without breaking contents using legitimate + characters (bsc#1229704, CVE-2024-8088). + - gh-123067: Fix quadratic complexity in parsing ``"``-quoted + cookie values with backslashes by :mod:`http.cookies` + (bsc#1229596, CVE-2024-7592). + - gh-122905: :class:`zipfile.Path` objects now sanitize names + from the zipfile. + - gh-121650: :mod:`email` headers with embedded newlines are + now quoted on output. The :mod:`~email.generator` will now + refuse to serialize (write) headers that are unsafely folded + or delimited; see :attr:`~email.policy.Policy.verify_generated_headers`. + (Contributed by Bas Bloemsaat and Petr Viktorin in + :gh:`121650`; CVE-2024-6923, bsc#1228780). + - gh-119506: Fix :meth:`!io.TextIOWrapper.write` method + breaks internal buffer when the method is called again + during flushing internal buffer. + - gh-118643: Fix an AttributeError in the :mod:`email` module + when re-fold a long address list. Also fix more cases of + incorrect encoding of the address separator in the address + list. + - gh-113171: Fixed various false positives and false + negatives in * :attr:`ipaddress.IPv4Address.is_private` + (see these docs for details) * + :attr:`ipaddress.IPv4Address.is_global` * + :attr:`ipaddress.IPv6Address.is_private` * + :attr:`ipaddress.IPv6Address.is_global` Also in the + corresponding :class:`ipaddress.IPv4Network` and + :class:`ipaddress.IPv6Network` attributes. + Fixes bsc#1226448 (CVE-2024-4032). + - gh-102988: :func:`email.utils.getaddresses` and + :func:`email.utils.parseaddr` now return ``('', '')`` + 2-tuples in more situations where invalid email addresses + are encountered instead of potentially inaccurate + values. Add optional *strict* parameter to these two + functions: use ``strict=False`` to get the old behavior, + accept malformed inputs. ``getattr(email.utils, + 'supports_strict_parsing', False)`` can be use to check if + the *strict* paramater is available. Patch by Thomas Dwyer + and Victor Stinner to improve the CVE-2023-27043 fix + (bsc#1210638). + - gh-67693: Fix :func:`urllib.parse.urlunparse` and + :func:`urllib.parse.urlunsplit` for URIs with path starting + with multiple slashes and no authority. Based on patch by + Ashwin Ramaswami. + - Core and Builtins + - gh-112275: A deadlock involving ``pystate.c``'s + ``HEAD_LOCK`` in ``posixmodule.c`` at fork is now + fixed. Patch by ChuBoning based on previous Python 3.12 fix + by Victor Stinner. + - gh-109120: Added handle of incorrect star expressions, e.g + ``f(3, *)``. Patch by Grigoryev Semyon +- Removed upstreamed patches: + - CVE-2023-27043-email-parsing-errors.patch + - CVE-2024-4032-private-IP-addrs.patch + - CVE-2024-6923-email-hdr-inject.patch + - CVE-2024-8088-inf-loop-zipfile_Path.patch + +------------------------------------------------------------------- +Mon Sep 2 09:44:26 UTC 2024 - Matej Cepl + +- Add gh120226-fix-sendfile-test-kernel-610.patch to avoid + failing test_sendfile_close_peer_in_the_middle_of_receiving + tests on Linux >= 6.10 (GH-120227). + +------------------------------------------------------------------- +Wed Aug 28 16:54:34 UTC 2024 - Matej Cepl + +- Add CVE-2024-8088-inf-loop-zipfile_Path.patch to prevent + malformed payload to cause infinite loops in zipfile.Path + (bsc#1229704, CVE-2024-8088). + +------------------------------------------------------------------- +Wed Aug 7 12:12:42 UTC 2024 - Matej Cepl + +- Add CVE-2024-6923-email-hdr-inject.patch to prevent email + header injection due to unquoted newlines (bsc#1228780, + CVE-2024-6923). +- %{profileopt} variable is set according to the variable + %{do_profiling} (bsc#1227999) + +------------------------------------------------------------------- +Mon Jul 22 21:20:55 UTC 2024 - Matej Cepl + +- Remove %suse_update_desktop_file macro as it is not useful any + more. + +------------------------------------------------------------------- +Thu Jul 18 22:37:07 UTC 2024 - Matej Cepl + +- Adding bso1227999-reproducible-builds.patch fixing bsc#1227999 + adding reproducibility patches from gh#python/cpython!121872 + and gh#python/cpython!121883. + +------------------------------------------------------------------- +Mon Jul 15 12:14:05 UTC 2024 - Matej Cepl + +- Stop using %%defattr, it seems to be breaking proper executable + attributes on /usr/bin/ scripts (bsc#1227378). + +------------------------------------------------------------------- +Tue Jul 2 10:32:58 UTC 2024 - Daniel Garcia + +- Update F00251-change-user-install-location.patch to make pip and + modern tools install directly in /usr/local when used by the user. + bsc#1225660 + +------------------------------------------------------------------- +Tue Jun 25 21:57:40 UTC 2024 - Matej Cepl + +- Add CVE-2024-4032-private-IP-addrs.patch to fix bsc#1226448 + (CVE-2024-4032) rearranging definition of private v global IP + addresses. + +------------------------------------------------------------------- +Wed May 1 08:39:08 UTC 2024 - Matej Cepl + +- Update CVE-2023-52425-libexpat-2.6.0-backport.patch + so that it uses features sniffing, not just + comparing version number. Include also + support-expat-CVE-2022-25236-patched.patch. +- Add CVE-2023-52425-remove-reparse_deferral-tests.patch skipping + failing tests. +- Refresh patches: + - CVE-2023-27043-email-parsing-errors.patch + - fix_configure_rst.patch + - skip_if_buildbot-extend.patch +- Remove included patch: + - support-expat-CVE-2022-25236-patched.patch + +------------------------------------------------------------------- +Mon Apr 15 10:31:32 UTC 2024 - Daniel Garcia + +- Add CVE-2023-52425-libexpat-2.6.0-backport.patch to fix tests with + patched libexpat below 2.6.0 that doesn't update the version number, + just in SLE. + +------------------------------------------------------------------- +Mon Apr 8 05:44:04 UTC 2024 - Daniel Garcia + +- Remove not needed upstream patches: + * libexpat260.patch + * CVE-2023-6597-TempDir-cleaning-symlink.patch, bsc#1219666 + +- Update to 3.11.9: + * Security + - gh-115398: Allow controlling Expat >=2.6.0 reparse deferral + (CVE-2023-52425, bsc#1219559) by adding five new methods: + xml.etree.ElementTree.XMLParser.flush() + xml.etree.ElementTree.XMLPullParser.flush() + xml.parsers.expat.xmlparser.GetReparseDeferralEnabled() + xml.parsers.expat.xmlparser.SetReparseDeferralEnabled() + xml.sax.expatreader.ExpatParser.flush() + - gh-115399: Update bundled libexpat to 2.6.0 + - gh-115243: Fix possible crashes in collections.deque.index() + when the deque is concurrently modified. + - gh-114572: ssl.SSLContext.cert_store_stats() and + ssl.SSLContext.get_ca_certs() now correctly lock access to the + certificate store, when the ssl.SSLContext is shared across + multiple threads (bsc#1226447, CVE-2024-0397). + * Core and Builtins + - gh-116296: Fix possible refleak in object.__reduce__() internal + error handling. + - gh-116034: Fix location of the error on a failed assertion. + - gh-115823: Properly calculate error ranges in the parser when + raising SyntaxError exceptions caused by invalid byte sequences. + Patch by Pablo Galindo + - gh-112087: For an empty reverse iterator for list will be + reduced to reversed(). Patch by Donghee Na. + - gh-115011: Setters for members with an unsigned integer type now + support the same range of valid values for objects that has a + __index__() method as for int. + - gh-96497: Fix incorrect resolution of mangled class variables + used in assignment expressions in comprehensions. + * Library + - gh-117310: Fixed an unlikely early & extra Py_DECREF triggered + crash in ssl when creating a new _ssl._SSLContext if CPython was + built implausibly such that the default cipher list is empty or + the SSL library it was linked against reports a failure from its + C SSL_CTX_set_cipher_list() API. + - gh-117178: Fix regression in lazy loading of self-referential + modules, introduced in gh-114781. + - gh-117084: Fix zipfile extraction for directory entries with the + name containing backslashes on Windows. + - gh-117110: Fix a bug that prevents subclasses of typing.Any to + be instantiated with arguments. Patch by Chris Fu. + - gh-90872: On Windows, subprocess.Popen.wait() no longer calls + WaitForSingleObject() with a negative timeout: pass 0 ms if the + timeout is negative. Patch by Victor Stinner. + - gh-116957: configparser: Don’t leave ConfigParser values in an + invalid state (stored as a list instead of a str) after an + earlier read raised DuplicateSectionError or + DuplicateOptionError. + - gh-90095: Ignore empty lines and comments in .pdbrc + - gh-116764: Restore support of None and other false values in + urllib.parse functions parse_qs() and parse_qsl(). Also, they + now raise a TypeError for non-zero integers and non-empty + sequences. + - gh-116811: In PathFinder.invalidate_caches, delegate to + MetadataPathFinder.invalidate_caches. + - gh-116600: Fix repr() for global Flag members. + - gh-116484: Change automatically generated tkinter.Checkbutton + widget names to avoid collisions with automatically generated + tkinter.ttk.Checkbutton widget names within the same parent + widget. + - gh-116401: Fix blocking os.fwalk() and shutil.rmtree() on + opening named pipe. + - gh-116143: Fix a race in pydoc _start_server, eliminating a + window in which _start_server can return a thread that is + “serving” but without a docserver set. + - gh-116325: typing: raise SyntaxError instead of AttributeError + on forward references as empty strings. + - gh-90535: Fix support of interval values > 1 in + logging.TimedRotatingFileHandler for when='MIDNIGHT' and + when='Wx'. + - gh-115978: Disable preadv(), readv(), pwritev(), and writev() on + WASI. + - Under wasmtime for WASI 0.2, these functions don’t pass + test_posix + (https://github.com/bytecodealliance/wasmtime/issues/7830). + - gh-88352: Fix the computation of the next rollover time in the + logging.TimedRotatingFileHandler handler. computeRollover() now + always returns a timestamp larger than the specified time and + works correctly during the DST change. doRollover() no longer + overwrite the already rolled over file, saving from data loss + when run at midnight or during repeated time at the DST change. + - gh-87115: Set __main__.__spec__ to None when running a script + with pdb + - gh-76511: Fix UnicodeEncodeError in email.Message.as_string() + that results when a message that claims to be in the ascii + character set actually has non-ascii characters. Non-ascii + characters are now replaced with the U+FFFD replacement + character, like in the replace error handler. + - gh-75988: Fixed unittest.mock.create_autospec() to pass the call + through to the wrapped object to return the real result. + - gh-115881: Fix issue where ast.parse() would incorrectly flag + conditional context managers (such as with (x() if y else z()): + ...) as invalid syntax if feature_version=(3, 8) was passed. + This reverts changes to the grammar made as part of gh-94949. + - gh-115886: Fix silent truncation of the name with an embedded + null character in multiprocessing.shared_memory.SharedMemory. + - gh-115809: Improve algorithm for computing which rolled-over log + files to delete in logging.TimedRotatingFileHandler. It is now + reliable for handlers without namer and with arbitrary + deterministic namer that leaves the datetime part in the file + name unmodified. + - gh-74668: urllib.parse functions parse_qs() and parse_qsl() now + support bytes arguments containing raw and percent-encoded + non-ASCII data. + - gh-67044: csv.writer() now always quotes or escapes '\r' and + '\n', regardless of lineterminator value. + - gh-115712: csv.writer() now quotes empty fields if delimiter is + a space and skipinitialspace is true and raises exception if + quoting is not possible. + - gh-115618: Fix improper decreasing the reference count for None + argument in property methods getter(), setter() and deleter(). + - gh-115570: A DeprecationWarning is no longer omitted on access + to the __doc__ attributes of the deprecated typing.io and + typing.re pseudo-modules. + - gh-112006: Fix inspect.unwrap() for types with the __wrapper__ + data descriptor. + - gh-101293: Support callables with the __call__() method and + types with __new__() and __init__() methods set to class + methods, static methods, bound methods, partial functions, and + other types of methods and descriptors in + inspect.Signature.from_callable(). + - gh-115392: Fix a bug in doctest where incorrect line numbers + would be reported for decorated functions. + - gh-114563: Fix several format() bugs when using the C + implementation of Decimal: * memory leak in some rare cases when + using the z format option (coerce negative 0) * incorrect output + when applying the z format option to type F (fixed-point with + capital NAN / INF) * incorrect output when applying the # format + option (alternate form) + - gh-115197: urllib.request no longer resolves the hostname before + checking it against the system’s proxy bypass list on macOS and + Windows. + - gh-115198: Fix support of Docutils >= 0.19 in distutils. + - gh-115165: Most exceptions are now ignored when attempting to + set the __orig_class__ attribute on objects returned when + calling typing generic aliases (including generic aliases + created using typing.Annotated). Previously only AttributeError + was ignored. Patch by Dave Shawley. + - gh-115133: Fix tests for XMLPullParser with Expat 2.6.0. + - gh-115059: io.BufferedRandom.read1() now flushes the underlying + write buffer. + - gh-79382: Trailing ** no longer allows to match files and + non-existing paths in recursive glob(). + - gh-114763: Protect modules loaded with importlib.util.LazyLoader + from race conditions when multiple threads try to access + attributes before the loading is complete. + - gh-97959: Fix rendering class methods, bound methods, method and + function aliases in pydoc. Class methods no longer have “method + of builtins.type instance” note. Corresponding notes are now + added for class and unbound methods. Method and function aliases + now have references to the module or the class where the origin + was defined if it differs from the current. Bound methods are + now listed in the static methods section. Methods of builtin + classes are now supported as well as methods of Python classes. + - gh-112281: Allow creating union of types for typing.Annotated + with unhashable metadata. + - gh-111775: Fix importlib.resources.simple.ResourceHandle.open() + for text mode, added missed stream argument. + - gh-90095: Make .pdbrc and -c work with any valid pdb commands. + - gh-107155: Fix incorrect output of help(x) where x is a lambda + function, which has an __annotations__ dictionary attribute with + a "return" key. + - gh-105866: Fixed _get_slots bug which caused error when defining + dataclasses with slots and a weakref_slot. + - gh-60346: Fix ArgumentParser inconsistent with parse_known_args. + - gh-100985: Update HTTPSConnection to consistently wrap IPv6 + Addresses when using a proxy. + - gh-100884: email: fix misfolding of comma in address-lists over + multiple lines in combination with unicode encoding. + - gh-95782: Fix io.BufferedReader.tell(), + io.BufferedReader.seek(), _pyio.BufferedReader.tell(), + io.BufferedRandom.tell(), io.BufferedRandom.seek() and + _pyio.BufferedRandom.tell() being able to return negative + offsets. + - gh-96310: Fix a traceback in argparse when all options in a + mutually exclusive group are suppressed. + - gh-93205: Fixed a bug in + logging.handlers.TimedRotatingFileHandler where multiple + rotating handler instances pointing to files with the same name + but different extensions would conflict and not delete the + correct files. + - bpo-44865: Add missing call to localization function in + argparse. + - bpo-43952: Fix multiprocessing.connection.Listener.accept() to + accept empty bytes as authkey. Not accepting empty bytes as key + causes it to hang indefinitely. + - bpo-42125: linecache: get module name from __spec__ if + available. This allows getting source code for the __main__ + module when a custom loader is used. + - gh-66543: Make mimetypes.guess_type() properly parsing of URLs + with only a host name, URLs containing fragment or query, and + filenames with only a UNC sharepoint on Windows. Based on patch + by Dong-hee Na. + - bpo-33775: Add ‘default’ and ‘version’ help text for + localization in argparse. + * Documentation + - gh-115399: Document CVE-2023-52425 of Expat <2.6.0 under “XML + vulnerabilities”. + - gh-115233: Fix an example for LoggerAdapter in the Logging + Cookbook. + * Tests + - gh-83434: Disable JUnit XML output (--junit-xml=FILE command + line option) in regrtest when hunting for reference leaks (-R + option). Patch by Victor Stinner. + - gh-117187: Fix XML tests for vanilla Expat <2.6.0. + - gh-115979: Update test_importlib so that it passes under WASI + SDK 21. + - gh-116307: Added import helper isolated_modules as CleanImport + does not remove modules imported during the context. + - gh-115720: Leak tests (-R, --huntrleaks) now show a summary of + the number of leaks found in each iteration. + - gh-115122: Add --bisect option to regrtest test runner: run + failed tests with test.bisect_cmd to identify failing tests. + Patch by Victor Stinner. + - gh-115596: Fix ProgramPriorityTests in test_os permanently + changing the process priority. + - gh-115198: Fix test_check_metadata_deprecate in distutils tests + with a newer Docutils. + * Build + - gh-116313: Get WASI builds to work under wasmtime 18 w/ WASI + 0.2/preview2 primitives. + - gh-115167: Avoid vendoring vcruntime140_threads.dll when + building with Visual Studio 2022 version 17.8. + * Windows + - gh-116773: Fix instances of <_overlapped.Overlapped object at + 0xXXX> still has pending operation at deallocation, the process + may crash. + - gh-91227: Fix the asyncio ProactorEventLoop implementation so + that sending a datagram to an address that is not listening does + not prevent receiving any more datagrams. + - gh-115554: The installer now has more strict rules about + updating the Python Launcher for Windows. In general, most users + only have a single launcher installed and will see no + difference. When multiple launchers have been installed, the + option to install the launcher is disabled until all but one + have been removed. Downgrading the launcher (which was never + allowed) is now more obviously blocked. + - gh-115543: Python Launcher for Windows can now detect Python + 3.13 when installed from the Microsoft Store, and will install + Python 3.12 by default when PYLAUNCHER_ALLOW_INSTALL is set. + - gh-115009: Update Windows installer to use SQLite 3.45.1. + * IDLE + - gh-88516: On macOS show a proxy icon in the title bar of editor + windows to match platform behaviour. + * Tools/Demos + - gh-113516: Don’t set LDSHARED when building for WASI. + * C API + - gh-117021: Fix integer overflow in PyLong_AsPid() on non-Windows + 64-bit platforms. + +------------------------------------------------------------------- +Sun Mar 24 07:51:45 UTC 2024 - Matej Cepl + +- Add reference to CVE-2024-0450 (bsc#1221854) to changelog. + +------------------------------------------------------------------- +Fri Mar 22 21:22:27 UTC 2024 - Matej Cepl + +- Because of bsc#1189495 we have to revert use of %autopatch. + +------------------------------------------------------------------- +Tue Mar 12 08:44:47 UTC 2024 - Matej Cepl + +- Rewrite %prep to use %autosetup et al. for compatibility with + rpm 4.20. + +------------------------------------------------------------------- +Tue Mar 12 08:13:34 UTC 2024 - Matej Cepl + +- bsc#1221260 add bsc1221260-test_asyncio-ResourceWarning.patch + to eliminate ResourceWarning which broke the test suite in + test_asyncio. + +------------------------------------------------------------------- +Wed Mar 6 14:13:58 UTC 2024 - Pedro Monreal + +- Use the system-wide crypto-policies [bsc#1211301] + * Use the system default cipher list instead of hardcoded values + * Add the --with-ssl-default-suites=openssl configure option + +------------------------------------------------------------------- +Fri Feb 23 01:06:42 UTC 2024 - Matej Cepl + +- (bsc#1219666, CVE-2023-6597) Add + CVE-2023-6597-TempDir-cleaning-symlink.patch (patch from + gh#python/cpython!99930) fixing symlink bug in cleanup of + tempfile.TemporaryDirectory. + +------------------------------------------------------------------- +Tue Feb 20 22:14:02 UTC 2024 - Matej Cepl + +- Remove double definition of /usr/bin/idle%%{version} in + %%files. + +------------------------------------------------------------------- +Thu Feb 15 10:29:07 UTC 2024 - Daniel Garcia + +- Add upstream patch libexpat260.patch, Fix tests for XMLPullParser + with Expat 2.6.0, gh#python/cpython#115289 + +------------------------------------------------------------------- +Thu Feb 8 07:27:40 UTC 2024 - Daniel Garcia + +- Update to 3.11.8: + - Security + - gh-113659: Skip .pth files with names starting with a dot or + hidden file attribute. + - Core and Builtins + - gh-114887: Changed socket type validation in + create_datagram_endpoint() to accept all non-stream sockets. + This fixes a regression in compatibility with raw sockets. + - gh-114388: Fix a RuntimeWarning emitted when assign an + integer-like value that is not an instance of int to an + attribute that corresponds to a C struct member of type T_UINT + and T_ULONG. Fix a double RuntimeWarning emitted when assign a + negative integer value to an attribute that corresponds to a C + struct member of type T_UINT. + - gh-89811: Check for a valid tp_version_tag before performing + bytecode specializations that rely on this value being usable. + - gh-113602: Fix an error that was causing the parser to try to + overwrite existing errors and crashing in the process. Patch by + Pablo Galindo + - gh-113566: Fix a 3.11-specific crash when the repr of a Future + is requested after the module has already been + garbage-collected. + - gh-106905: Use per AST-parser state rather than global state to + track recursion depth within the AST parser to prevent potential + race condition due to simultaneous parsing. + - The issue primarily showed up in 3.11 by multithreaded users of + ast.parse(). In 3.12 a change to when garbage collection can be + triggered prevented the race condition from occurring. + - gh-112716: Fix SystemError in the import statement and in + __reduce__() methods of builtin types when __builtins__ is not a + dict. + - gh-105967: Workaround a bug in Apple’s macOS platform zlib + library where zlib.crc32() and binascii.crc32() could produce + incorrect results on multi-gigabyte inputs. Including when using + zipfile on zips containing large data. + - gh-94606: Fix UnicodeEncodeError when + email.message.get_payload() reads a message with a Unicode + surrogate character and the message content is not well-formed + for surrogateescape encoding. Patch by Sidney Markowitz. + - Library + - gh-114965: Update bundled pip to 24.0 + - gh-114959: tarfile no longer ignores errors when trying to + extract a directory on top of a file. + - gh-109475: Fix support of explicit option value “–” in argparse + (e.g. --option=--). + - gh-110190: Fix ctypes structs with array on Windows ARM64 + platform by setting MAX_STRUCT_SIZE to 32 in stgdict. Patch by + Diego Russo + - gh-113280: Fix a leak of open socket in rare cases when error + occurred in ssl.SSLSocket creation. + - gh-77749: email.policy.EmailPolicy.fold() now always encodes + non-ASCII characters in headers if utf8 is false. + - gh-114492: Make the result of termios.tcgetattr() reproducible + on Alpine Linux. Previously it could leave a random garbage in + some fields. + - gh-75128: Ignore an OSError in + asyncio.BaseEventLoop.create_server() when IPv6 is available but + the interface cannot actually support it. + - gh-114257: Dismiss the FileNotFound error in + ctypes.util.find_library() and just return None on Linux. + - gh-101438: Avoid reference cycle in ElementTree.iterparse. The + iterator returned by ElementTree.iterparse may hold on to a file + descriptor. The reference cycle prevented prompt clean-up of the + file descriptor if the returned iterator was not exhausted. + - gh-104522: OSError raised when run a subprocess now only has + filename attribute set to cwd if the error was caused by a + failed attempt to change the current directory. + - gh-109534: Fix a reference leak in + asyncio.selector_events.BaseSelectorEventLoop when SSL + handshakes fail. Patch contributed by Jamie Phan. + - gh-114077: Fix possible OverflowError in + socket.socket.sendfile() when pass count larger than 2 GiB on + 32-bit platform. + - gh-114014: Fixed a bug in fractions.Fraction where an invalid + string using d in the decimals part creates a different error + compared to other invalid letters/characters. Patch by Jeremiah + Gabriel Pascual. + - gh-113951: Fix the behavior of tag_unbind() methods of + tkinter.Text and tkinter.Canvas classes with three arguments. + Previously, widget.tag_unbind(tag, sequence, funcid) destroyed + the current binding for sequence, leaving sequence unbound, and + deleted the funcid command. Now it removes only funcid from the + binding for sequence, keeping other commands, and deletes the + funcid command. It leaves sequence unbound only if funcid was + the last bound command. + - gh-113877: Fix tkinter method winfo_pathname() on 64-bit + Windows. + - gh-113781: Silence unraisable AttributeError when warnings are + emitted during Python finalization. + - gh-113594: Fix UnicodeEncodeError in email when re-fold lines + that contain unknown-8bit encoded part followed by + non-unknown-8bit encoded part. + - gh-113538: In asyncio.StreamReaderProtocol.connection_made(), + there is callback that logs an error if the task wrapping the + “connected callback” fails. This callback would itself fail if + the task was cancelled. Prevent this by checking whether the + task was cancelled first. If so, close the transport but don’t + log an error. + - gh-85567: Fix resource warnings for unclosed files in pickle and + pickletools command line interfaces. + - gh-101225: Increase the backlog for + multiprocessing.connection.Listener objects created by + multiprocessing.manager and multiprocessing.resource_sharer to + significantly reduce the risk of getting a connection refused + error when creating a multiprocessing.connection.Connection to + them. + - gh-113543: Make sure that webbrowser.MacOSXOSAScript sends + webbrowser.open audit event. + - gh-113028: When a second reference to a string appears in the + input to pickle, and the Python implementation is in use, we are + guaranteed that a single copy gets pickled and a single object + is shared when reloaded. Previously, in protocol 0, when a + string contained certain characters (e.g. newline) it resulted + in duplicate objects. + - gh-113421: Fix multiprocessing logger for %(filename)s. + - gh-113358: Fix rendering tracebacks for exceptions with a broken + __getattr__. + - gh-113214: Fix an AttributeError during asyncio SSL protocol + aborts in SSL-over-SSL scenarios. + - gh-113246: Update bundled pip to 23.3.2. + - gh-113199: Make http.client.HTTPResponse.read1 and + http.client.HTTPResponse.readline close IO after reading all + data when content length is known. Patch by Illia Volochii. + - gh-113188: Fix shutil.copymode() and shutil.copystat() on + Windows. Previously they worked differenly if dst is a symbolic + link: they modified the permission bits of dst itself rather + than the file it points to if follow_symlinks is true or src is + not a symbolic link, and did not modify the permission bits if + follow_symlinks is false and src is a symbolic link. + - gh-61648: Detect line numbers of properties in doctests. + - gh-112559: signal.signal() and signal.getsignal() no longer call + repr on callable handlers. asyncio.run() and + asyncio.Runner.run() no longer call repr on the task results. + Patch by Yilei Yang. + - gh-110190: Fix ctypes structs with array on PPC64LE platform by + setting MAX_STRUCT_SIZE to 64 in stgdict. Patch by Diego Russo. + - gh-79429: Ignore FileNotFoundError when remove a temporary + directory in the multiprocessing finalizer. + - gh-79325: Fix an infinite recursion error in + tempfile.TemporaryDirectory() cleanup on Windows. + - gh-110190: Fix ctypes structs with array on Arm platform by + setting MAX_STRUCT_SIZE to 32 in stgdict. Patch by Diego Russo. + - gh-81194: Fix a crash in socket.if_indextoname() with specific + value (UINT_MAX). Fix an integer overflow in + socket.if_indextoname() on 64-bit non-Windows platforms. + - gh-75666: Fix the behavior of tkinter widget’s unbind() method + with two arguments. Previously, widget.unbind(sequence, funcid) + destroyed the current binding for sequence, leaving sequence + unbound, and deleted the funcid command. Now it removes only + funcid from the binding for sequence, keeping other commands, + and deletes the funcid command. It leaves sequence unbound only + if funcid was the last bound command. + - gh-110345: Show the Tcl/Tk patchlevel (rather than version) in + tkinter._test(). + - gh-109858: Protect zipfile from “quoted-overlap” zipbomb. It now + raises BadZipFile when try to read an entry that overlaps with + other entry or central directory (bsc#1221854, CVE-2024-0450). + - gh-38807: Fix race condition in trace. Instead of checking if a + directory exists and creating it, directly call os.makedirs() + with the kwarg exist_ok=True. + - gh-75705: Set unixfrom envelope in mailbox.mbox and + mailbox.MMDF. + - gh-105102: Allow ctypes.Union to be nested in ctypes.Structure + when the system endianness is the opposite of the classes. + - gh-104282: Fix null pointer dereference in + lzma._decode_filter_properties() due to improper handling of BCJ + filters with properties of zero length. Patch by Radislav + Chugunov. + - gh-102512: When os.fork() is called from a foreign thread (aka + _DummyThread), the type of the thread in a child process is + changed to _MainThread. Also changed its name and daemonic + status, it can be now joined. + - gh-91133: Fix a bug in tempfile.TemporaryDirectory cleanup, + which now no longer dereferences symlinks when working around + file system permission errors. + - bpo-43153: On Windows, tempfile.TemporaryDirectory previously + masked a PermissionError with NotADirectoryError during + directory cleanup. It now correctly raises PermissionError if + errors are not ignored. Patch by Andrei Kulakov and Ken Jin. + - bpo-35332: The shutil.rmtree() function now ignores errors when + calling os.close() when ignore_errors is True, and os.close() no + longer retried after error. + - bpo-35928: io.TextIOWrapper now correctly handles the decoding + buffer after read() and write(). + - bpo-26791: shutil.move() now moves a symlink into a directory + when that directory is the target of the symlink. This provides + the same behavior as the mv shell command. The previous behavior + raised an exception. Patch by Jeffrey Kintscher. + - bpo-36959: Fix some error messages for invalid ISO format string + combinations in strptime() that referred to directives not + contained in the format string. Patch by Gordon P. Hemsley. + - bpo-18060: Fixed a class inheritance issue that can cause + segfaults when deriving two or more levels of subclasses from a + base class of Structure or Union. + - Documentation + - gh-110746: Improved markup for valid options/values for methods + ttk.treeview.column and ttk.treeview.heading, and for Layouts. + - gh-95649: Document that the asyncio module contains code taken + from v0.16.0 of the uvloop project, as well as the required MIT + licensing information. + - Tests + - gh-109980: Fix test_tarfile_vs_tar in test_shutil for macOS, + where system tar can include more information in the archive + than shutil.make_archive. + - gh-112769: The tests now correctly compare zlib version when + zlib.ZLIB_RUNTIME_VERSION contains non-integer suffixes. For + example zlib-ng defines the version as 1.3.0.zlib-ng. + - gh-105089: Fix + test.test_zipfile.test_core.TestWithDirectory.test_create_directory_with_write + test in AIX by doing a bitwise AND of 0xFFFF on mode , so that + it will be in sync with zinfo.external_attr + - bpo-40648: Test modes that file can get with chmod() on Windows. + - Build + - gh-101778: Fix build error when there’s a dangling symlink in + the directory containing ffi.h. + - gh-112305: Fixed the check-clean-src step performed on out of + tree builds to detect errant $(srcdir)/Python/frozen_modules/*.h + files and recommend appropriate source tree cleanup steps to get + a working build again. + - bpo-11102: The os.major(), os.makedev(), and os.minor() + functions are now available on HP-UX v3. + - bpo-36351: Do not set ipv6type when cross-compiling. + - IDLE + - gh-96905: In idlelib code, stop redefining built-ins ‘dict’ and + ‘object’. + - gh-72284: Improve the lists of features, editor key bindings, + and shell key bingings in the IDLE doc. + - gh-113903: Fix rare failure of test.test_idle, in + test_configdialog. + - gh-113729: Fix the “Help -> IDLE Doc” menu bug in 3.11.7 and + 3.12.1. + - gh-113269: Fix test_editor hang on macOS Catalina. + - gh-112898: Fix processing unsaved files when quitting IDLE on + macOS. + - gh-103820: Revise IDLE bindings so that events from mouse button + 4/5 on non-X11 windowing systems (i.e. Win32 and Aqua) are not + mistaken for scrolling. + - bpo-13586: Enter the selected text when opening the “Replace” + dialog. + - Tools/Demos + - gh-109991: Update GitHub CI workflows to use OpenSSL 3.0.13 and + multissltests to use 1.1.1w, 3.0.13, 3.1.5, and 3.2.1. + - gh-115015: Fix a bug in Argument Clinic that generated incorrect + code for methods with no parameters that use the METH_METHOD | + METH_FASTCALL | METH_KEYWORDS calling convention. Only the + positional parameter count was checked; any keyword argument + passed would be silently accepted. + +- Refresh all patches: + - CVE-2023-27043-email-parsing-errors.patch + - F00251-change-user-install-location.patch + - bpo-31046_ensurepip_honours_prefix.patch + - distutils-reproducible-compile.patch + - fix_configure_rst.patch + - python-3.3.0b1-fix_date_time_compiler.patch + - python-3.3.0b1-localpath.patch + - python-3.3.0b1-test-posix_fadvise.patch + - skip_if_buildbot-extend.patch + - subprocess-raise-timeout.patch + - support-expat-CVE-2022-25236-patched.patch + +------------------------------------------------------------------- +Tue Dec 19 16:34:50 UTC 2023 - Daniel Garcia + +- Update patch fix_configure_rst.patch +- Update to 3.11.7: + - Core and Builtins + - gh-112625: Fixes a bug where a bytearray object could be cleared + while iterating over an argument in the bytearray.join() method + that could result in reading memory after it was freed. + - gh-112388: Fix an error that was causing the parser to try to + overwrite tokenizer errors. Patch by pablo Galindo + - gh-112387: Fix error positions for decoded strings with + backwards tokenize errors. Patch by Pablo Galindo + - gh-112266: Change docstrings of __dict__ and __weakref__. + - gh-109181: Speed up Traceback object creation by lazily compute + the line number. Patch by Pablo Galindo + - gh-102388: Fix a bug where iso2022_jp_3 and iso2022_jp_2004 + codecs read out of bounds + - gh-111366: Fix an issue in the codeop that was causing + SyntaxError exceptions raised in the presence of invalid syntax + to not contain precise error messages. Patch by Pablo Galindo + - gh-111380: Fix a bug that was causing SyntaxWarning to appear + twice when parsing if invalid syntax is encountered later. Patch + by Pablo galindo + - gh-88116: Traceback location ranges involving wide unicode + characters (like emoji and asian characters) now are properly + highlighted. Patch by Batuhan Taskaya and Pablo Galindo. + - gh-94438: Fix a regression that prevented jumping across is None + and is not None when debugging. Patch by Savannah Ostrowski. + - gh-110696: Fix incorrect error message for invalid argument + unpacking. Patch by Pablo Galindo + - gh-110237: Fix missing error checks for calls to PyList_Append + in _PyEval_MatchClass. + - gh-109216: Fix possible memory leak in BUILD_MAP. + + - Library + - gh-112618: Fix a caching bug relating to typing.Annotated. + Annotated[str, True] is no longer identical to Annotated[str, + 1]. + - gh-112509: Fix edge cases that could cause a key to be present + in both the __required_keys__ and __optional_keys__ attributes + of a typing.TypedDict. Patch by Jelle Zijlstra. + - gh-94722: Fix bug where comparison between instances of DocTest + fails if one of them has None as its lineno. + - gh-112105: Make readline.set_completer_delims() work with + libedit + - gh-111942: Fix SystemError in the TextIOWrapper constructor with + non-encodable “errors” argument in non-debug mode. + - gh-109538: Issue warning message instead of having RuntimeError + be displayed when event loop has already been closed at + StreamWriter.__del__(). + - gh-111942: Fix crashes in io.TextIOWrapper.reconfigure() when + pass invalid arguments, e.g. non-string encoding. + - gh-111804: Remove posix.fallocate() under WASI as the underlying + posix_fallocate() is not available in WASI preview2. + - gh-111841: Fix truncating arguments on an embedded null + character in os.putenv() and os.unsetenv() on Windows. + - gh-111541: Fix doctest for SyntaxError not-builtin subclasses. + - gh-110894: Call loop exception handler for exceptions in + client_connected_cb of asyncio.start_server() so that + applications can handle it. Patch by Kumar Aditya. + - gh-111531: Fix reference leaks in bind_class() and bind_all() + methods of tkinter widgets. + - gh-111356: Added io.text_encoding(), io.DEFAULT_BUFFER_SIZE, and + io.IncrementalNewlineDecoder to io.__all__. + - gh-68166: Remove mention of not supported “vsapi” element type + in tkinter.ttk.Style.element_create(). Add tests for + element_create() and other ttk.Style methods. Add examples for + element_create() in the documentation. + - gh-111251: Fix _blake2 not checking for errors when + initializing. + - gh-111174: Fix crash in io.BytesIO.getbuffer() called repeatedly + for empty BytesIO. + - gh-111187: Postpone removal version for + locale.getdefaultlocale() to Python 3.15. + - gh-111159: Fix doctest output comparison for exceptions with + notes. + - gh-110910: Fix invalid state handling in asyncio.TaskGroup and + asyncio.Timeout. They now raise proper RuntimeError if they are + improperly used and are left in consistent state after this. + - gh-111092: Make turtledemo run without default root enabled. + - gh-110590: Fix a bug in _sre.compile() where TypeError would be + overwritten by OverflowError when the code argument was a list + of non-ints. + - gh-65052: Prevent pdb from crashing when trying to display + undisplayable objects + - gh-110519: Deprecation warning about non-integer number in + gettext now alwais refers to the line in the user code where + gettext function or method is used. Previously it could refer to + a line in gettext code. + - gh-110378: contextmanager() and asynccontextmanager() context + managers now close an invalid underlying generator object that + yields more then one value. + - gh-110365: Fix termios.tcsetattr() bug that was overwritting + existing errors during parsing integers from term list. + - gh-110196: Add __reduce__ method to IPv6Address in order to keep + scope_id + - gh-109747: Improve errors for unsupported look-behind patterns. + Now re.error is raised instead of OverflowError or RuntimeError + for too large width of look-behind pattern. + - gh-109786: Fix possible reference leaks and crash when re-enter + the __next__() method of itertools.pairwise. + - gh-108791: Improved error handling in pdb command line + interface, making it produce more concise error messages. + - gh-73561: Omit the interface scope from an IPv6 address when + used as Host header by http.client. + - gh-86826: zipinfo now supports the full range of values in the + TZ string determined by RFC 8536 and detects all invalid + formats. Both Python and C implementations now raise exceptions + of the same type on invalid data. + - bpo-41422: Fixed memory leaks of pickle.Pickler and + pickle.Unpickler involving cyclic references via the internal + memo mapping. + - bpo-40262: The ssl.SSLSocket.recv_into() method no longer + requires the buffer argument to implement __len__ and supports + buffers with arbitrary item size. + - bpo-35191: Fix unexpected integer truncation in + socket.setblocking() which caused it to interpret multiples of + 2**32 as False. + + - Documentation + - gh-108826: dis module command-line interface is now mentioned in + documentation. + + - Tests + - gh-110367: Make regrtest --verbose3 option compatible with + --huntrleaks -jN options. The ./python -m test -j1 -R 3:3 + --verbose3 command now works as expected. Patch by Victor + Stinner. + - gh-111309: distutils tests can now be run via unittest. + - gh-111165: Remove no longer used functions run_unittest() and + run_doctest() and class BasicTestRunner from the test.support + module. + - gh-110932: Fix regrtest if the SOURCE_DATE_EPOCH environment + variable is defined: use the variable value as the random seed. + Patch by Victor Stinner. + - gh-110995: test_gdb: Fix detection of gdb built without Python + scripting support. Patch by Victor Stinner. + - gh-110918: Test case matching patterns specified by options + --match, --ignore, --matchfile and --ignorefile are now tested + in the order of specification, and the last match determines + whether the test case be run or ignored. + - gh-110647: Fix test_stress_modifying_handlers() of test_signal. + Patch by Victor Stinner. + - gh-103053: Fix test_tools.test_freeze on FreeBSD: run “make + distclean” instead of “make clean” in the copied source + directory to remove also the “python” program. Patch by Victor + Stinner. + - gh-110167: Fix a deadlock in test_socket when server fails with + a timeout but the client is still running in its thread. Don’t + hold a lock to call cleanup functions in doCleanups(). One of + the cleanup function waits until the client completes, whereas + the client could deadlock if it called addCleanup() in such + situation. Patch by Victor Stinner. + - gh-110388: Add tests for tty. + - gh-81002: Add tests for termios. + - gh-110267: Add tests for pickling and copying PyStructSequence + objects. Patched by Xuehai Pan. + - gh-109974: Fix race conditions in test_threading lock tests. + Wait until a condition is met rather than using time.sleep() + with a hardcoded number of seconds. Patch by Victor Stinner. + - gh-109972: Split test_gdb.py file into a test_gdb package made + of multiple tests, so tests can now be run in parallel. Patch by + Victor Stinner. + - gh-104736: Fix test_gdb on Python built with LLVM clang 16 on + Linux ppc64le (ex: Fedora 38). Search patterns in gdb “bt” + command output to detect when gdb fails to retrieve the + traceback. For example, skip a test if Backtrace stopped: frame + did not save the PC is found. Patch by Victor Stinner. + - gh-108927: Fixed order dependence in running tests in the same + process when a test that has submodules (e.g. test_importlib) + follows a test that imports its submodule (e.g. + test_importlib.util) and precedes a test (e.g. test_unittest or + test_compileall) that uses that submodule. + + - Build + - gh-103053: “make check-clean-src” now also checks if the + “python” program is found in the source directory: fail with an + error if it does exist. Patch by Victor Stinner. + - gh-109191: Fix compile error when building with recent versions + of libedit. + + - IDLE + - bpo-35668: Add docstrings to the IDLE debugger module. Fix two + bugs: initialize Idb.botframe (should be in Bdb); in + Idb.in_rpc_code, check whether prev_frame is None before trying + to use it. Greatly expand test_debugger. + + - C API + - gh-112438: Fix support of format units “es”, “et”, “es#”, and + “et#” in nested tuples in PyArg_ParseTuple()-like functions. + - gh-109521: PyImport_GetImporter() now sets RuntimeError if it + fails to get sys.path_hooks or sys.path_importer_cache or they + are not list and dict correspondingly. Previously it could + return NULL without setting error in obscure cases, crash or + raise SystemError if these attributes have wrong type. +------------------------------------------------------------------- +Mon Dec 18 16:20:58 UTC 2023 - Matej Cepl + +- Refresh CVE-2023-27043-email-parsing-errors.patch to + gh#python/cpython!111116, fixing bsc#1210638 (CVE-2023-27043). +- Thus we can remove Revert-gh105127-left-tests.patch, which is + now useless. + +------------------------------------------------------------------- +Wed Nov 15 09:06:16 UTC 2023 - Daniel Garcia + +- Remove not needed patch 103213-fetch-CONFIG_ARGS.patch +- Refresh patches: + - bpo-31046_ensurepip_honours_prefix.patch + - fix_configure_rst.patch + +- Update to 3.11.6: + - Core and Builtins + - gh-109351: Fix crash when compiling an invalid AST involving a + named (walrus) expression. + - gh-109207: Fix a SystemError in __repr__ of symtable entry + object. + - gh-109179: Fix bug where the C traceback display drops notes + from SyntaxError. + - gh-88943: Improve syntax error for non-ASCII character that + follows a numerical literal. It now points on the invalid + non-ASCII character, not on the valid numerical literal. + - gh-108959: Fix caret placement for error locations for subscript + and binary operations that involve non-semantic parentheses and + spaces. Patch by Pablo Galindo + - gh-108520: Fix + multiprocessing.synchronize.SemLock.__setstate__() to properly + initialize multiprocessing.synchronize.SemLock._is_fork_ctx. + This fixes a regression when passing a SemLock accross nested + processes. + - Rename multiprocessing.synchronize.SemLock.is_fork_ctx to + multiprocessing.synchronize.SemLock._is_fork_ctx to avoid + exposing it as public API. + - Library + - gh-110036: On Windows, multiprocessing Popen.terminate() now + catchs PermissionError and get the process exit code. If the + process is still running, raise again the PermissionError. + Otherwise, the process terminated as expected: store its exit + code. Patch by Victor Stinner. + - gh-110038: Fixed an issue that caused KqueueSelector.select() to + not return all the ready events in some cases when a file + descriptor is registered for both read and write. + - gh-109631: re functions such as re.findall(), re.split(), + re.search() and re.sub() which perform short repeated matches + can now be interrupted by user. + - gh-109593: Avoid deadlocking on a reentrant call to the + multiprocessing resource tracker. Such a reentrant call, though + unlikely, can happen if a GC pass invokes the finalizer for a + multiprocessing object such as SemLock. + - gh-109613: Fix os.stat() and os.DirEntry.stat(): check for + exceptions. Previously, on Python built in debug mode, these + functions could trigger a fatal Python error (and abort the + process) when a function succeeded with an exception set. Patch + by Victor Stinner. + - gh-109375: The pdb alias command now prevents registering + aliases without arguments. + - gh-107219: Fix a race condition in concurrent.futures. When a + process in the process pool was terminated abruptly (while the + future was running or pending), close the connection write end. + If the call queue is blocked on sending bytes to a worker + process, closing the connection write end interrupts the send, + so the queue can be closed. Patch by Victor Stinner. + - gh-50644: Attempts to pickle or create a shallow or deep copy of + codecs streams now raise a TypeError. Previously, copying failed + with a RecursionError, while pickling produced wrong results + that eventually caused unpickling to fail with a RecursionError. + - gh-108987: Fix _thread.start_new_thread() race condition. If a + thread is created during Python finalization, the newly spawned + thread now exits immediately instead of trying to access freed + memory and lead to a crash. Patch by Victor Stinner. + - gh-108843: Fix an issue in ast.unparse() when unparsing + f-strings containing many quote types. + - gh-108682: Enum: raise TypeError if super().__new__() is called + from a custom __new__. + - gh-105829: Fix concurrent.futures.ProcessPoolExecutor deadlock + - gh-64662: Fix support for virtual tables in + sqlite3.Connection.iterdump(). Patch by Aviv Palivoda. + - gh-107913: Fix possible losses of errno and winerror values in + OSError exceptions if they were cleared or modified by the + cleanup code before creating the exception object. + - gh-104372: On Linux where subprocess can use the vfork() syscall + for faster spawning, prevent the parent process from blocking + other threads by dropping the GIL while it waits for the + vfork’ed child process exec() outcome. This prevents spawning a + binary from a slow filesystem from blocking the rest of the + application. + - gh-84867: unittest.TestLoader no longer loads test cases from + exact unittest.TestCase and unittest.FunctionTestCase classes. + - Documentation + - gh-109209: The minimum Sphinx version required for the + documentation is now 4.2. + - gh-105052: Update timeit doc to specify that time in seconds is + just the default. + - gh-102823: Document the return type of x // y when x and y have + type float. + - Tests + - gh-110031: Skip test_threading tests using thread+fork if Python + is built with Address Sanitizer (ASAN). Patch by Victor Stinner. + - gh-110088: Fix test_asyncio timeouts: don’t measure the maximum + duration, a test should not measure a CI performance. Only + measure the minimum duration when a task has a timeout or delay. + Add CLOCK_RES to test_asyncio.utils. Patch by Victor Stinner. + - gh-110033: Fix test_interprocess_signal() of test_signal. Make + sure that the subprocess.Popen object is deleted before the test + raising an exception in a signal handler. Otherwise, + Popen.__del__() can get the exception which is logged as + Exception ignored in: ... and the test fails. Patch by Victor + Stinner. + - gh-109594: Fix test_timeout() of + test_concurrent_futures.test_wait. Remove the future which may + or may not complete depending if it takes longer than the + timeout ot not. Keep the second future which does not complete + before wait() timeout. Patch by Victor Stinner. + - gh-109748: Fix test_zippath_from_non_installed_posix() of + test_venv: don’t copy __pycache__/ sub-directories, because they + can be modified by other Python tests running in parallel. Patch + by Victor Stinner. + - gh-103053: Skip test_freeze_simple_script() of + test_tools.test_freeze if Python is built with ./configure + --enable-optimizations, which means with Profile Guided + Optimization (PGO): it just makes the test too slow. The freeze + tool is tested by many other CIs with other (faster) compiler + flags. Patch by Victor Stinner. + - gh-109396: Fix test_socket.test_hmac_sha1() in FIPS mode. Use a + longer key: FIPS mode requires at least of at least 112 bits. + The previous key was only 32 bits. Patch by Victor Stinner. + - gh-104736: Fix test_gdb on Python built with LLVM clang 16 on + Linux ppc64le (ex: Fedora 38). Search patterns in gdb “bt” + command output to detect when gdb fails to retrieve the + traceback. For example, skip a test if Backtrace stopped: frame + did not save the PC is found. Patch by Victor Stinner. + - gh-109237: Fix test_site.test_underpth_basic() when the working + directory contains at least one non-ASCII character: encode the + ._pth file to UTF-8 and enable the UTF-8 Mode to use UTF-8 for + the child process stdout. Patch by Victor Stinner. + - gh-109230: Fix test_pyexpat.test_exception(): it can now be run + from a directory different than Python source code directory. + Before, the test failed in this case. Skip the test if + Modules/pyexpat.c source is not available. Skip also the test on + Python implementations other than CPython. Patch by Victor + Stinner. + - gh-109015: Fix test_asyncio, test_imaplib and test_socket tests + on FreeBSD if the TCP blackhole is enabled (sysctl + net.inet.tcp.blackhole). Skip the few tests which failed with + ETIMEDOUT which such non standard configuration. Currently, the + FreeBSD GCP image enables TCP and UDP blackhole (sysctl + net.inet.tcp.blackhole=2 and sysctl net.inet.udp.blackhole=1). + Patch by Victor Stinner. + - gh-91960: Skip test_gdb if gdb is unable to retrieve Python + frame objects: if a frame is . When Python is + built with “clang -Og”, gdb can fail to retrive the frame + parameter of _PyEval_EvalFrameDefault(). In this case, tests + like py_bt() are likely to fail. Without getting access to + Python frames, python-gdb.py is mostly clueless on retrieving + the Python traceback. Moreover, test_gdb is no longer skipped on + macOS if Python is built with Clang. Patch by Victor Stinner. + - gh-108962: Skip test_tempfile.test_flags() if chflags() fails + with “OSError: [Errno 45] Operation not supported” (ex: on + FreeBSD 13). Patch by Victor Stinner. + - gh-89392: Removed support of test_main() function in tests. They + now always use normal unittest test runner. + - gh-108851: Fix test_tomllib recursion tests for WASI buildbots: + reduce the recursion limit and compute the maximum nested + array/dict depending on the current available recursion limit. + Patch by Victor Stinner. + - gh-108851: Add get_recursion_available() and + get_recursion_depth() functions to the test.support module. + Patch by Victor Stinner. + - gh-108822: regrtest now computes statistics on all tests: + successes, failures and skipped. test_netrc, test_pep646_syntax + and test_xml_etree now return results in their test_main() + function. Patch by Victor Stinner and Alex Waygood. + - gh-108388: Convert test_concurrent_futures to a package of 7 + sub-tests. Patch by Victor Stinner. + - gh-108388: Split test_multiprocessing_fork, + test_multiprocessing_forkserver and test_multiprocessing_spawn + into test packages. Each package is made of 4 sub-tests: + processes, threads, manager and misc. It allows running more + tests in parallel and so reduce the total test duration. Patch + by Victor Stinner. + - gh-101634: When running the Python test suite with -jN option, + if a worker stdout cannot be decoded from the locale encoding + report a failed testn so the exitcode is non-zero. Patch by + Victor Stinner. + - gh-100086: The Python test runner (libregrtest) now logs Python + build information like “debug” vs “release” build, or LTO and + PGO optimizations. Patch by Victor Stinner. + - gh-98903: The Python test suite now fails wit exit code 4 if no + tests ran. It should help detecting typos in test names and test + methods. + - gh-95027: On Windows, when the Python test suite is run with the + -jN option, the ANSI code page is now used as the encoding for + the stdout temporary file, rather than using UTF-8 which can + lead to decoding errors. Patch by Victor Stinner. + - gh-93353: regrtest now checks if a test leaks temporary files or + directories if run with -jN option. Patch by Victor Stinner. + - Build + - gh-63760: Fix Solaris build: no longer redefine the + gethostname() function. Solaris defines the function since 2005. + Patch by Victor Stinner, original patch by Jakub Kulík. + - gh-108740: Fix a race condition in make regen-all. The + deepfreeze.c source and files generated by Argument Clinic are + now generated or updated before generating “global objects”. + Previously, some identifiers may miss depending on the order in + which these files were generated. Patch by Victor Stinner. + - Windows + - gh-109991: Update Windows build to use OpenSSL 3.0.11. + - gh-107565: Update Windows build to use OpenSSL 3.0.10. + - macOS + - gh-109991: Update macOS installer to use OpenSSL 3.0.11. + - Tools/Demos + - gh-109991: Update GitHub CI workflows to use OpenSSL 3.0.11 and + multissltests to use 1.1.1w, 3.0.11, and 3.1.3. + +------------------------------------------------------------------- +Wed Sep 6 07:52:11 UTC 2023 - Daniel Garcia + +- Update to 3.11.5 (bsc#1214692): + - Security + - gh-108310: Fixed an issue where instances of ssl.SSLSocket were + vulnerable to a bypass of the TLS handshake and included + protections (like certificate verification) and treating sent + unencrypted data as if it were post-handshake TLS encrypted data. + Security issue reported as CVE-2023-40217 by Aapo Oksman. Patch by + Gregory P. Smith. + - Core and Builtins + - gh-104432: Fix potential unaligned memory access on C APIs + involving returned sequences of char * pointers within the grp + and socket modules. These were revealed using a + -fsaniziter=alignment build on ARM macOS. Patch by Christopher + Chavez. + - gh-77377: Ensure that multiprocessing synchronization objects + created in a fork context are not sent to a different process + created in a spawn context. This changes a segfault into an + actionable RuntimeError in the parent process. + - gh-106092: Fix a segmentation fault caused by a use-after-free + bug in frame_dealloc when the trashcan delays the deallocation + of a PyFrameObject. + - gh-106719: No longer suppress arbitrary errors in the + __annotations__ getter and setter in the type and module types. + - gh-106723: Propagate frozen_modules to multiprocessing spawned + process interpreters. + - gh-105979: Fix crash in _imp.get_frozen_object() due to improper + exception handling. + - gh-105840: Fix possible crashes when specializing function calls + with too many __defaults__. + - gh-105588: Fix an issue that could result in crashes when + compiling malformed ast nodes. + - gh-105375: Fix bugs in the builtins module where exceptions + could end up being overwritten. + - gh-105375: Fix bug in the compiler where an exception could end + up being overwritten. + - gh-105375: Improve error handling in + PyUnicode_BuildEncodingMap() where an exception could end up + being overwritten. + - gh-105235: Prevent out-of-bounds memory access during + mmap.find() calls. + - gh-101006: Improve error handling when read marshal data. + - Library + - gh-105736: Harmonized the pure Python version of OrderedDict + with the C version. Now, both versions set up their internal + state in __new__. Formerly, the pure Python version did the set + up in __init__. + - gh-107963: Fix multiprocessing.set_forkserver_preload() to check + the given list of modules names. Patch by Dong-hee Na. + - gh-106242: Fixes os.path.normpath() to handle embedded null + characters without truncating the path (bsc#1214693, + CVE-2023-41105). + - gh-107845: tarfile.data_filter() now takes the location of + symlinks into account when determining their target, so it will + no longer reject some valid tarballs with + LinkOutsideDestinationError. + - gh-107715: Fix doctest.DocTestFinder.find() in presence of class + names with special characters. Patch by Gertjan van Zwieten. + - gh-100814: Passing a callable object as an option value to a + Tkinter image now raises the expected TclError instead of an + AttributeError. + - gh-106684: Close asyncio.StreamWriter when it is not closed by + application leading to memory leaks. Patch by Kumar Aditya. + - gh-107077: Seems that in some conditions, OpenSSL will return + SSL_ERROR_SYSCALL instead of SSL_ERROR_SSL when a certification + verification has failed, but the error parameters will still + contain ERR_LIB_SSL and SSL_R_CERTIFICATE_VERIFY_FAILED. We are + now detecting this situation and raising the appropiate + ssl.SSLCertVerificationError. Patch by Pablo Galindo + - gh-107396: tarfiles; Fixed use before assignment of + self.exception for gzip decompression + - gh-62519: Make gettext.pgettext() search plural definitions when + translation is not found. + - gh-83006: Document behavior of shutil.disk_usage() for + non-mounted filesystems on Unix. + - gh-106186: Do not report MultipartInvariantViolationDefect + defect when the email.parser.Parser class is used to parse + emails with headersonly=True. + - gh-106831: Fix potential missing NULL check of d2i_SSL_SESSION + result in _ssl.c. + - gh-106774: Update the bundled copy of pip to version 23.2.1. + - gh-106752: Fixed several bug in zipfile.Path in + name/suffix/suffixes/stem operations when no filename is present + and the Path is not at the root of the zipfile. + - gh-106602: Add __copy__ and __deepcopy__ in enum + - gh-106530: Revert a change to colorsys.rgb_to_hls() that caused + division by zero for certain almost-white inputs. Patch by Terry + Jan Reedy. + - gh-106052: re module: fix the matching of possessive quantifiers + in the case of a subpattern containing backtracking. + - gh-106510: Improve debug output for atomic groups in regular + expressions. + - gh-105497: Fix flag mask inversion when unnamed flags exist. + - gh-90876: Prevent multiprocessing.spawn from failing to import + in environments where sys.executable is None. This regressed in + 3.11 with the addition of support for path-like objects in + multiprocessing. + - gh-106350: Detect possible memory allocation failure in the + libtommath function mp_init() used by the _tkinter module. + - gh-102541: Make pydoc.doc catch bad module ImportError when + output stream is not None. + - gh-106263: Fix crash when calling repr with a manually + constructed SignalDict object. Patch by Charlie Zhao. + - gh-105375: Fix a bug in _Unpickler_SetInputStream() where an + exception could end up being overwritten in case of failure. + - gh-105375: Fix bugs in sys where exceptions could end up being + overwritten because of deferred error handling. + - gh-105605: Harden pyexpat error handling during module + initialisation to prevent exceptions from possibly being + overwritten, and objects from being dereferenced twice. + - gh-105375: Fix bug in decimal where an exception could end up + being overwritten. + - gh-105375: Fix bugs in _datetime where exceptions could be + overwritten in case of module initialisation failure. + - gh-105375: Fix bugs in _ssl initialisation which could lead to + leaked references and overwritten exceptions. + - gh-105375: Fix a bug in array.array where an exception could end + up being overwritten. + - gh-105375: Fix bugs in _ctypes where exceptions could end up + being overwritten. + - gh-105375: Fix a bug in the posix module where an exception + could be overwritten. + - gh-105375: Fix bugs in _elementtree where exceptions could be + overwritten. + - gh-105375: Fix bugs in zoneinfo where exceptions could be + overwritten. + - gh-105375: Fix bugs in pickle where exceptions could be + overwritten. + - gh-105497: Fix flag inversion when alias/mask members exist. + - gh-105375: Fix bugs in pickle where exceptions could be + overwritten. + - gh-103171: Revert undocumented behaviour change with + runtime-checkable protocols decorated with typing.final() in + Python 3.11. The behaviour change had meant that objects would + not be considered instances of these protocols at runtime unless + they had a __final__ attribute. Patch by Alex Waygood. + - gh-105375: Fix a bug in sqlite3 where an exception could be + overwritten in the collation callback. + - gh-105332: Revert pickling method from by-name back to by-value. + - gh-104554: Add RTSPS scheme support in urllib.parse + - gh-100061: Fix a bug that causes wrong matches for regular + expressions with possessive qualifier. + - gh-102541: Hide traceback in help() prompt, when import failed. + - gh-99203: Restore following CPython <= 3.10.5 behavior of + shutil.make_archive(): do not create an empty archive if + root_dir is not a directory, and, in that case, raise + FileNotFoundError or NotADirectoryError regardless of format + choice. Beyond the brought-back behavior, the function may now + also raise these exceptions in dry_run mode. + - gh-94777: Fix hanging multiprocessing ProcessPoolExecutor when a + child process crashes while data is being written in the call + queue. + - bpo-18319: Ensure gettext(msg) retrieve translations even if a + plural form exists. In other words: gettext(msg) == + ngettext(msg, '', 1). + - Documentation + - gh-107008: Document the curses module variables LINES and COLS. + - gh-106948: Add a number of standard external names to + nitpick_ignore. + - gh-54738: Add documentation on how to localize the argparse + module. + - Tests + - gh-105776: Fix test_cppext when the C compiler command -std=c11 + option: remove -std= options from the compiler command. Patch by + Victor Stinner. + - gh-107237: test_logging: Fix test_udp_reconnection() by + increasing the timeout from 100 ms to 5 minutes (LONG_TIMEOUT). + Patch by Victor Stinner. + - gh-101634: When running the Python test suite with -jN option, + if a worker stdout cannot be decoded from the locale encoding + report a failed testn so the exitcode is non-zero. Patch by + Victor Stinner. + - Build + - gh-107814: When calling find_python.bat with -q it did not + properly silence the output of nuget. That is now fixed. + - gh-106881: Check for linux/limits.h before including it in + Modules/posixmodule.c. + - gh-104692: Include commoninstall as a prerequisite for + bininstall + - This ensures that commoninstall is completed before bininstall + is started when parallel builds are used (make -j install), and + so the python3 symlink is only installed after all standard + library modules are installed. + - gh-100340: Allows -Wno-int-conversion for wasm-sdk 17 and + onwards, thus enables building WASI builds once against the + latest sdk. + - Windows + - gh-106242: Fixes realpath() to behave consistently when passed a + path containing an embedded null character on Windows. In strict + mode, it now raises OSError instead of the unexpected + ValueError, and in non-strict mode will make the path absolute. + - gh-106844: Fix integer overflow in _winapi.LCMapStringEx() which + affects ntpath.normcase(). + - gh-99079: Update Windows build to use OpenSSL 3.0.9 + - gh-105436: Ensure that an empty environment block is terminated + by two null characters, as is required by Windows. + - macOS + - gh-107565: Update macOS installer to use OpenSSL 3.0.10. + - gh-99079: Update macOS installer to use OpenSSL 3.0.9. + - Tools/Demos + - gh-107565: Update multissltests and GitHub CI workflows to use + OpenSSL 1.1.1v, 3.0.10, and 3.1.2. + - gh-95065: Argument Clinic now supports overriding automatically + generated signature by using directive @text_signature. See How + to override the generated signature. + - gh-106970: Fix bugs in the Argument Clinic destination + clear command; the destination buffers would never be cleared, + and the destination directive parser would simply continue to + the fault handler after processing the command. Patch by Erlend + E. Aasland. + - C API + - gh-107916: C API functions PyErr_SetFromErrnoWithFilename(), + PyErr_SetExcFromWindowsErrWithFilename() and + PyErr_SetFromWindowsErrWithFilename() save now the error code + before calling PyUnicode_DecodeFSDefault(). + - gh-107915: Such C API functions as PyErr_SetString(), + PyErr_Format(), PyErr_SetFromErrnoWithFilename() and many others + no longer crash or ignore errors if it failed to format the + error message or decode the filename. Instead, they keep a + corresponding error. + - gh-107226: PyModule_AddObjectRef() is now only available in the + limited API version 3.10 or later. + - gh-105375: Fix a bug in PyErr_WarnExplicit() where an exception + could end up being overwritten if the API failed internally. + - gh-99612: Fix PyUnicode_DecodeUTF8Stateful() for ASCII-only + data: *consumed was not set. + +------------------------------------------------------------------- +Thu Aug 10 09:33:26 UTC 2023 - Dirk Müller + +- restrict PEP668 to ALP/Tumbleweed + +------------------------------------------------------------------- +Fri Aug 4 06:37:41 UTC 2023 - Dirk Müller + +- add externally_managed.in to label this build as PEP-668 managed + +------------------------------------------------------------------- +Thu Aug 3 14:53:38 UTC 2023 - Matej Cepl + +- IT MEANS THAT bsc#1210638 STILL HAS NOT BEEN FIXED! +- Add Revert-gh105127-left-tests.patch (gh#python/cpython!106941) + partially reverting CVE-2023-27043-email-parsing-errors.patch, + because of the regression in gh#python/cpython#106669. +- (bsc#1210638, CVE-2023-27043) Add + CVE-2023-27043-email-parsing-errors.patch, which detects email + address parsing errors and returns empty tuple to indicate the + parsing error (old API). (The patch is faulty, + gh#python/cpython#106669, but upstream decided not to just + revert it). + +------------------------------------------------------------------- +Wed Jun 28 19:47:28 UTC 2023 - Matej Cepl + +- Update to Python 3.11.4: + - gh-103142: The version of OpenSSL used in Windows and + Mac installers has been upgraded to 1.1.1u to address + CVE-2023-2650, CVE-2023-0465, CVE-2023-0466, CVE-2023-0464, + as well as CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303 + fixed previously in 1.1.1t (gh-101727). + - gh-102153: urllib.parse.urlsplit() now strips leading C0 + control and space characters following the specification for + URLs defined by WHATWG in response to CVE-2023-24329 + (bsc#1208471). + - gh-99889: Fixed a security in flaw in uu.decode() that could + allow for directory traversal based on the input if no + out_file was specified. + - gh-104049: Do not expose the local on-disk + location in directory indexes produced by + http.client.SimpleHTTPRequestHandler. + - gh-103935: trace.__main__ now uses io.open_code() for files + to be executed instead of raw open(). + - gh-102953: The extraction methods in tarfile, and + shutil.unpack_archive(), have a new filter argument that + allows limiting tar features than may be surprising or + dangerous, such as creating files outside the destination + directory. See Extraction filters for details (fixing + CVE-2007-4559, bsc#1203750). +- Remove upstreamed patches: + - CVE-2007-4559-filter-tarfile_extractall.patch + +------------------------------------------------------------------- +Mon Jun 26 13:02:05 UTC 2023 - Matej Cepl + +- Remove obsolete_python_versioned macro again. This mechanism + has no business to be in Python 3.11, because we have abolished + with it whole interpreter+setuptools+pip product. Python 3.11 + should not be replaced by later versions anymore. + +------------------------------------------------------------------- +Sun Apr 30 18:13:16 UTC 2023 - Matej Cepl + +- Add 103213-fetch-CONFIG_ARGS.patch (gh#python/cpython#103053). +- Add skip_if_buildbot-extend.patch to avoid the bug altogether + (extending what skip_if_buildbot covers). +- Add CVE-2007-4559-filter-tarfile_extractall.patch to fix + bsc#1203750 (CVE-2007-4559) and implementing "PEP 706 – Filter + for tarfile.extractall". + +------------------------------------------------------------------- +Thu Apr 27 21:57:15 UTC 2023 - Matej Cepl + +- Update to 3.11.3: + - Security + - gh-101727: Updated the OpenSSL version used in Windows + and macOS binary release builds to 1.1.1t to address + CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303 per the + OpenSSL 2023-02-07 security advisory. + - Core and Builtins + - gh-101975: Fixed stacktop value on tracing entries to avoid + corruption on garbage collection. + - gh-102701: Fix overflow when creating very large dict. + - gh-102416: Do not memoize incorrectly automatically + generated loop rules in the parser. Patch by Pablo Galindo. + - gh-102356: Fix a bug that caused a crash when deallocating + deeply nested filter objects. Patch by Marta Gómez Macías. + - gh-102397: Fix segfault from race condition in signal + handling during garbage collection. Patch by Kumar Aditya. + - gh-102281: Fix potential nullptr dereference and use of + uninitialized memory in fileutils. Patch by Max Bachmann. + - gh-102126: Fix deadlock at shutdown when clearing thread + states if any finalizer tries to acquire the runtime head + lock. Patch by Kumar Aditya. + - gh-102027: Fix SSE2 and SSE3 detection in _blake2 internal + module. Patch by Max Bachmann. + - gh-101967: Fix possible segfault in + positional_only_passed_as_keyword function, when new list + created. + - gh-101765: Fix SystemError / segmentation fault in iter + __reduce__ when internal access of builtins.__dict__ keys + mutates the iter object. + - gh-101696: Invalidate type version tag in + _PyStaticType_Dealloc for static types, avoiding bug where + a false cache hit could crash the interpreter. Patch by + Kumar Aditya. + - Library + - gh-102549: Don’t ignore exceptions in member type creation. + - gh-102947: Improve traceback when dataclasses.fields() is + called on a non-dataclass. Patch by Alex Waygood + - gh-102780: The asyncio.Timeout context manager now + works reliably even when performing cleanup due to task + cancellation. Previously it could raise a CancelledError + instead of an TimeoutError in such cases. + - gh-88965: typing: Fix a bug relating to substitution in . + Pacustom classes generic over a ParamSpec. Previously, if . + Pathe ParamSpec was substituted with a parameters list that . + Paitself contained a TypeVar, the TypeVar in the parameters . + Palist could not be subsequently substituted. This is now . + Pafixed tch by Nikita Sobolev . + - gh-101979: Fix a bug where parentheses in the metavar + argument to argparse.ArgumentParser.add_argument() were + dropped. Patch by Yeojin Kim. + - gh-102179: Fix os.dup2() error message for negative fds. + - gh-101961: For the binary mode, fileinput.hookcompressed() + doesn’t set the encoding value even if the value is + None. Patch by Gihwan Kim. + - gh-101936: The default value of fp becomes io.BytesIO + if HTTPError is initialized without a designated fp + parameter. Patch by Long Vo. + - gh-102069: Fix __weakref__ descriptor generation for custom + dataclasses. + - gh-101566: In zipfile, apply fix for extractall on the + underlying zipfile after being wrapped in Path. + - gh-101892: Callable iterators no longer raise SystemError + when the callable object exhausts the iterator but forgets + to either return a sentinel value or raise StopIteration. + - gh-97786: Fix potential undefined behaviour in corner cases + of floating-point-to-time conversions. + - gh-101517: Fixed bug where bdb looks up the source line + with linecache with a lineno=None, which causes it to fail + with an unhandled exception. + - gh-101673: Fix a pdb bug where ll clears the changes to + local variables. + - gh-96931: Fix incorrect results from + ssl.SSLSocket.shared_ciphers() + - gh-88233: Correctly preserve “extra” fields in zipfile + regardless of their ordering relative to a zip64 “extra.” + - gh-96127: inspect.signature was raising TypeError on + call with mock objects. Now it correctly returns (*args, + **kwargs) as infered signature. + - gh-95495: When built against OpenSSL 3.0, the ssl module + had a bug where it reported unauthenticated EOFs (i.e. + without close_notify) as a clean TLS-level EOF. It now + raises SSLEOFError, matching the behavior in previous + versions of OpenSSL. The options attribute on SSLContext + also no longer includes OP_IGNORE_UNEXPECTED_EOF by + default. This option may be set to specify the previous + OpenSSL 3.0 behavior. + - gh-94440: Fix a concurrent.futures.process bug where + ProcessPoolExecutor shutdown could hang after a future has + been quickly submitted and canceled. + - Documentation + - gh-103112: Add docstring to http.client.HTTPResponse.read() + to fix pydoc output. + - gh-85417: Update cmath documentation to clarify behaviour + on branch cuts. + - gh-97725: Fix asyncio.Task.print_stack() description for + file=None. Patch by Oleg Iarygin. + - Tests + - gh-102980: Improve test coverage on pdb. + - gh-102537: Adjust the error handling strategy in + test_zoneinfo.TzPathTest.python_tzpath_context. Patch by + Paul Ganssle. + - gh-89792: test_tools now copies up to 10x less source data + to a temporary directory during the freeze test by ignoring + git metadata and other artifacts. It also limits its python + build parallelism based on os.cpu_count instead of hard + coding it as 8 cores. + - gh-101377: Improved test_locale_calendar_formatweekday of + calendar. + - Build + - gh-102711: Fix -Wstrict-prototypes compiler warnings. + +------------------------------------------------------------------- +Fri Mar 3 17:23:35 UTC 2023 - Matej Cepl + +- Update to 3.11.2: + Bug fixes, no changes in API and no security bugs. + +------------------------------------------------------------------- +Wed Mar 1 20:50:04 UTC 2023 - Matej Cepl + +- Add python310 Obsoletes line to obsolete_python_versioned macro. + +------------------------------------------------------------------- +Tue Feb 21 11:34:49 UTC 2023 - Matej Cepl + +- Add provides for readline and sqlite3 to the main Python + package. + +------------------------------------------------------------------- +Thu Jan 26 13:28:24 UTC 2023 - Thorsten Kukuk + +- Disable NIS for new products, it's deprecated and gets removed + +------------------------------------------------------------------- +Tue Jan 24 12:23:34 UTC 2023 - Dirk Müller + +- build GLIBC hwcaps optimized versions of the interpreter + +------------------------------------------------------------------- +Tue Jan 10 11:11:56 UTC 2023 - Matej Cepl + +- Don't fail on Sphinx build warnings. +- For jsc#PED-1570, jsc#PED-2217 and jsc#PED-68, + providing Python 3.11 for SLE-15-SP4. + +------------------------------------------------------------------- +Thu Dec 8 14:59:50 UTC 2022 - Matej Cepl + +- Update to 3.11.1: + - python -m http.server no longer allows terminal control + characters sent within a garbage request to be printed + to the stderr server lo This is done by changing the + http.server BaseHTTPRequestHandler .log_message method to + replace control characters with a \xHH hex escape before + printin + - Avoid publishing list of active per-interpreter audit hooks + via the gc module + - The IDNA codec decoder used on DNS hostnames by socket or + asyncio related name resolution functions no longer involves + a quadratic algorithm. This prevents a potential CPU denial + of service if an out-of-spec excessive length hostname + involving bidirectional characters were decoded. Some + protocols such as urllib http 3xx redirects potentially allow + for an attacker to supply such a name (CVE-2022-45061). + - Update bundled libexpat to 2.5.0 + - Fix a shell code injection vulnerability in the + get-remote-certificate.py example script. The script no + longer uses a shell to run openssl commands. Issue reported + and initial fix by Caleb Shortt. Patch by Victor Stinner. + - Fix a crash when an object which does not have a dictionary + frees its instance values. + - Fix a bug in the tokenizer that could cause infinite + recursion when showing syntax warnings that happen in the + first line of the source. Patch by Pablo Galindo + - Fix an issue that could cause frames to be visible to Python + code as they are being torn down, possibly leading to memory + corruption or hard crashes of the interpreter. + - Fix a reference bug in _imp.create_builtin() after the + creation of the first sub-interpreter for modules builtins + and sys. Patch by Victor Stinner. + - Fixed a bug that was causing a buffer overflow if the + tokenizer copies a line missing the newline caracter from a + file that is as long as the available tokenizer buffer. Patch + by Pablo galindo + - Fix bug where an ExceptionGroup subclass can wrap a + BaseException. + - Fix zip path for venv created from a non-installed python on + POSIX platforms. + - Fix an issue that could potentially cause incorrect error + handling for some bytecode instructions. + - Fix an issue that prevented PyThreadState and + PyInterpreterState memory from being freed properly. + - Fix failure in except* with unhashable exceptions. + - Fix calculation of sys._base_executable when inside a POSIX + virtual environment using copies of the python binary when + the base installation does not provide the executable name + used by the venv. Calculation will fall back to alternative + names (“python”, “python.”). + - Update faulthandler to emit an error message with the proper + unexpected signal number. Patch by Dong-hee Na. + - Fix location of SyntaxError for a try block with both except + and except*. + - Fix the error reporting positions of specialized traceback + anchors when the source line contains Unicode characters. + - Fix subscription of type aliases containing bare generic + types or types like TypeVar: for example tuple[A, T][int] and + tuple[TypeVar, T][int], where A is a generic type, and T is a + type variable. + - Lower the recursion depth for marshal on WASI to support + wasmtime 2.0/main. + - Fix multiple crashes in debug mode when str subclasses are + used instead of str itself. + - Fix an issue where member descriptors (such as those for + __slots__) could behave incorrectly or crash instead of + raising a TypeError when accessed via an instance of an + invalid type. + - Suppress ImportError for invalid query for help() + command. Patch by Dong-hee Na. + - Fix detection of MAC addresses for uuid on certain OSs. Patch + by Chaim Sanders + - Print exception class name instead of its string + representation when raising errors from ctypes calls. + - os.sched_yield() now release the GIL while calling + sched_yield(2). Patch by Dong-hee Na. + - Fix an issue that could delay the specialization of PRECALL + instructions. + - Bugfix: PyFunction_GetAnnotations() should return a borrowed + reference. It was returning a new reference. + - Ensure that all Python frame objects are backed by “complete” + frames. + - Fixed a missing incref/decref pair in + Exception.__setstate__(). Patch by Ofey Chan. + - Fix the Python path configuration used to initialized + sys.path at Python startup. Paths are no longer encoded + to UTF-8/strict to avoid encoding errors if it contains + surrogate characters (bytes paths are decoded with the + surrogateescape error handler). Patch by Victor Stinner. + - Fix overly-broad source position information for chained + comparisons used as branching conditions. + - At Python exit, sometimes a thread holding the GIL can + wait forever for a thread (usually a daemon thread) which + requested to drop the GIL, whereas the thread already + exited. To fix the race condition, the thread which requested + the GIL drop now resets its request before exiting. Issue + discovered and analyzed by Mingliang ZHAO. Patch by Victor + Stinner. + - Fix a possible assertion failure, fatal error, or SystemError + if a line tracing event raises an exception while opcode + tracing is enabled. + - Fix undefined behaviour in C code of null pointer arithmetic. + - Make sure that all frame objects created are created from + valid interpreter frames. Prevents the possibility of invalid + frames in backtraces and signal handlers. + - Disable incorrect pickling of the C implemented classmethod + descriptors. + - On WASI ENOTCAPABLE is now mapped to PermissionError. The + errno modules exposes the new error number. getpath.py now + ignores PermissionError when it cannot open landmark files + pybuilddir.txt and pyenv.cfg. + - Allow pdb to locate source for frozen modules in the standard + library. + - Raise ValueError instead of SystemError when methods of + uninitialized io.IncrementalNewlineDecoder objects are + called. Patch by Oren Milman. + - Fix a possible assertion failure in io.FileIO when the opener + returns an invalid file descriptor. + - Also escape s in the http.server + BaseHTTPRequestHandler.log_message so that it is technically + possible to parse the line and reconstruct what the original + data was. Without this a xHH is ambiguious as to if it is a + hex replacement we put in or the characters r”x” came through + in the original request line. + - asyncio.get_event_loop() now only emits a deprecation warning + when a new event loop was created implicitly. It no longer + emits a deprecation warning if the current event loop was + set. + - Fix bug when calling trace.CoverageResults with valid infile. + - Fix a bug in handling class cleanups in + unittest.TestCase. Now addClassCleanup() uses separate lists + for different TestCase subclasses, and doClassCleanups() only + cleans up the particular class. + - Release the GIL when calling termios APIs to avoid blocking + threads. + - Fix ast.increment_lineno() to also cover ast.TypeIgnore when + changing line numbers. + - Fix bug in urllib.parse.urlparse() that causes URL schemes + that begin with a digit, a plus sign, or a minus sign to be + parsed incorrectly. + - Check the number of arguments in substitution in user + generics containing a TypeVarTuple and one or more TypeVar. + - Fix substitution of ParamSpec followed by TypeVarTuple in + generic aliases. + - Fix substitution of TypeVarTuple and ParamSpec together in + user generics. + - Fixed bug where inspect.signature() reported incorrect + arguments for decorated methods. + - Fix SystemError in ctypes when exception was not set during + __initsubclass__. + - Remove older version of + _SSLProtocolTransport.get_write_buffer_limits in + asyncio.sslproto + - fix negative numbers failing in verify() + - Fix statistics.NormalDist pickle with 0 and 1 protocols. + - enum.auto() is now correctly activated when combined with + other assignment values. E.g. ONE = auto(), 'some text' will + now evaluate as (1, 'some text'). + - Update the bundled copy of pip to version 22.3.1. + - Clean up refleak on failed module initialisation in _zoneinfo + - Clean up refleaks on failed module initialisation in in + _pickle + - Clean up refleak on failed module initialisation in _io. + - Fix memory leak in math.dist() when both points don’t have + the same dimension. Patch by Kumar Aditya. + - [3.11] Applied changes from importlib_metadata 4.11.4 + through 4.13, including compatibility and robustness + fixes for Distribution objects without _normalized_name, + disallowing invalid inputs to Distribution.from_name, and + refined behaviors in PathDistribution._name_from_stem and + PathDistribution._normalized_name. + - Fix argument typechecks in _overlapped.WSAConnect() and + _overlapped.Overlapped.WSASendTo() functions. + - Prevent crashing in traceback when retrieving the byte-offset + for some source files that contain certain unicode + characters. + - Fix internal error in the re module which in very rare + circumstances prevented compilation of a regular expression + containing a conditional expression without the “else” + branch. + - Fix asyncio.StreamWriter.drain() to call + protocol.connection_lost callback only once on Windows. + - Add a mutex to unittest.mock.NonCallableMock to protect + concurrent access to mock attributes. + - Fix hang on Windows in subprocess.wait_closed() in asyncio + with ProactorEventLoop. Patch by Kumar Aditya. + - Fix infinite loop in unittest when a self-referencing chained + exception is raised + - tkinter.Text.count() raises now an exception for options + starting with “-” instead of silently ignoring them. + - On uname_result, restored expectation that _fields and + _asdict would include all six properties including processor. + - A createSocket() method was added to SysLogHandler. + - Fix bug in urllib.parse.urlparse() that causes certain port + numbers containing whitespace, underscores, plus and minus + signs, or non-ASCII digits to be incorrectly accepted. + - Allow venv to pass along PYTHON* variables to ensurepip and + pip when they do not impact path resolution + - On macOS, fix a crash in syslog.syslog() in multi-threaded + applications. On macOS, the libc syslog() function is not + thread-safe, so syslog.syslog() no longer releases the GIL to + call it. Patch by Victor Stinner. + - Allow BUILTINS to be a valid field name for frozen + dataclasses. + - Wrap network errors consistently in urllib FTP support, so + the test suite doesn’t fail when a network is available but + the public internet is not reachable. + - Make sure patch.dict() can be applied on async functions. + - Earlier in 3.11 we deprecated + asyncio.Task.cancel("message"). We realized we were too + harsh, and have undeprecated it. + - Change deprecate warning message in unittest from It is + deprecated to return a value!=None to It is deprecated to + return a value that is not None from a test case + - Fixes AttributeError when subprocess.check_output() is used + with argument input=None and either of the arguments encoding + or errors are used. + - Fix is_private properties in the ipaddress module. Previously + non-private networks (0.0.0.0/0) would return True from this + method; now they correctly return False. + - Avoid spurious tracebacks from asyncio when default executor + cleanup is delayed until after the event loop is closed (e.g. + as the result of a keyboard interrupt). + - Avoid a crash in the C version of + asyncio.Future.remove_done_callback() when an evil argument + is passed. + - Remove tokenize.NL check from tabnanny. + - Fix generation of the default name of + tkinter.Checkbutton. Previously, checkbuttons in different + parent widgets could have the same short name and share + the same state if arguments “name” and “variable” are not + specified. Now they are globally unique. + - Update bundled libexpat to 2.4.9 + - Fix race condition in asyncio where process_exited() called + before the pipe_data_received() leading to inconsistent + output. Patch by Kumar Aditya. + - Fixed check in multiprocessing.resource_tracker that + guarantees that the length of a write to a pipe is not + greater than PIPE_BUF. + - Corrected type annotation for dataclass attribute + pstats.FunctionProfile.ncalls to be str. + - Fix repr of Any subclasses. + - Work around missing socket functions in socket’s __repr__. + - In inspect, fix overeager replacement of “typing.” in + formatting annotations. + - Fix handling of bytes path-like objects in os.ismount(). + - Fix handling compiler warnings (SyntaxWarning and + DeprecationWarning) in codeop.compile_command() when checking + for incomplete input. Previously it emitted warnings and + raised a SyntaxError. Now it always returns None for + incomplete input without emitting any warnings. + - To avoid apparent memory leaks when asyncio.open_connection() + raises, break reference cycles generated by local exception + and future instances (which has exception instance as its + member var). Patch by Dong Uk, Kang. + - Fixed flickering of the turtle window when the tracer is + turned off. Patch by Shin-myoung-serp. + - Fix asyncio subprocess transport to kill process cleanly + when process is blocked and avoid RuntimeError when loop is + closed. Patch by Kumar Aditya. + - Prevent error when activating venv in nested fish instances. + - TarFile.next() now returns None when called on an empty + tarfile. + - Document the optional callback parameter of WeakMethod. Patch + by Géry Ogam. + - Restrict use of sockets instead of pipes for stdin of + subprocesses created by asyncio to AIX platform only. + - shutil.copytree() now applies the ignore_dangling_symlinks + argument recursively. + - Fix IndexError in argparse.ArgumentParser when a store_true + action is given an explicit argument. + - Document that calling variadic functions with ctypes requires + special care on macOS/arm64 (and possibly other platforms). + - Remove extra row + - Clarified the conflicting advice given in the ast + documentation about ast.literal_eval() being “safe” for use + on untrusted input while at the same time warning that it + can crash the process. The latter statement is true and is + deemed unfixable without a large amount of work unsuitable + for a bugfix. So we keep the warning and no longer claim that + literal_eval is safe. + - Restructured the documentation for the os.wait* family of + functions, and improved the docs for os.waitid() with more + explanation of the possible argument constants. + - Skip test_normalization() of test_unicodedata if it + fails to download NormalizationTest.txt file from + pythontest.net. Patch by Victor Stinner. + - Correct test_marsh on (32 bit) x86: test_deterministic sets + was failing. + - Optional big memory tests in test_sqlite3 now catch the + correct sqlite.DataError exception type in case of too large + strings and/or blobs passed. + - Fix a bug in the typing tests where a test relying + on CPython-specific implementation details was not + decorated with @cpython_only and was not skipped on other + implementations. + - Add tests for star-unpacking with PEP 646, and some other + miscellaneous PEP 646 tests. + - Added explicit coverage of Py_Initialize (and hence + Py_InitializeEx) back to the embedding tests (all other + embedding tests migrated to Py_InitializeFromConfig in Python + 3.11) + - Some C API tests were moved into the new Lib/test/test_capi/ + directory. + - Fix -Wimplicit-int, -Wstrict-prototypes, and + -Wimplicit-function-declaration compiler warnings in + configure checks. + - Fix a compilation issue with GCC 12 on macOS. + - Fix -Wimplicit-int compiler warning in configure check for + PTHREAD_SCOPE_SYSTEM. + - Fix a possible fd leak in Programs/_freeze_module.c + introduced in Python 3.11. + - Fix build with PYTHON_FOR_REGEN=python3.8. + - Specify the full path to the source location for make + docclean (needed for cross-builds). + - Don’t use vendored libmpdec headers if --with-system-libmpdec + is passed to configure. Don’t use vendored libexpat headers + if --with-system-expat is passed to !configure. + - Fix the build process of clang compiler for _bootstrap_python + if LTO optimization is applied. Patch by Matthias Görgens and + Dong-hee Na. + - wasm32-emscripten builds for browsers now include + concurrent.futures for asyncio and unittest.mock. + - wasm32-emscripten platform no longer builds resource module, + getresuid(), getresgid(), and their setters. The APIs are + stubs and not functional. + - Updated pegen regeneration script on Windows to find and + use Python 3.9 or higher. Prior to this, pegen regeneration + already required 3.9 or higher, but the script may have used + lower versions of Python. + - Fix a bug in the previous bugfix that caused IDLE to + not start when run with 3.10.8, 3.12.0a1, and at least + Microsoft Python 3.10.2288.0 installed without the Lib/test + package. 3.11.0 was never affected. + - The wasm_build.py script now pre-builds Emscripten ports, + checks for broken EMSDK versions, and warns about pkg-config + env vars. + - The new tool Tools/wasm/wasm_builder.py automates configure, + compile, and test steps for building CPython on WebAssembly + platforms. + - Fix handling of module docstrings in Tools/i18n/pygettext.py. + - PyBUF_* constants were marked as part of Limited API + of Python 3.11+. These were available in 3.11.0 with + Py_LIMITED_API defined for 3.11, and are necessary to use the + buffer API. + - Fix use-after-free in Py_SetPythonHome(NULL), + Py_SetProgramName(NULL) and _Py_SetProgramFullPath(NULL) + function calls. Issue reported by Benedikt Reinartz. Patch by + Victor Stinner. + - Py_InitializeEx now correctly calls PyConfig_Clear after + initializing the interpreter (the omission didn’t cause a + memory leak only because none of the dynamically allocated + config fields are populated by the wrapper function) +- Removed upstreamed patches: + - 98437-sphinx.locale._-as-gettext-in-pyspecific.patch + - CVE-2022-45061-DoS-by-IDNA-decode.patch + +------------------------------------------------------------------- +Wed Nov 9 18:31:23 UTC 2022 - Matej Cepl + +- Add CVE-2022-45061-DoS-by-IDNA-decode.patch to avoid + CVE-2022-45061 (bsc#1205244) allowing DoS by IDNA decoding + extremely long domain names. + +------------------------------------------------------------------- +Tue Oct 25 08:39:47 UTC 2022 - Matej Cepl + +- Update to 3.11.0 (overall changes from 3.10.*): + - General changes + - PEP 657 -- Include Fine-Grained Error Locations in + Tracebacks + - PEP 654 -- Exception Groups and except* + - PEP 680 -- tomllib: Support for Parsing TOML in the + Standard Library + - gh-90908 -- Introduce task groups to asyncio + - gh-34627 -- Atomic grouping ((?>...)) and possessive + quantifiers (*+, ++, ?+, {m,n}+) are now supported in + regular expressions. + - The Faster CPython Project is already yielding some + exciting results. Python 3.11 is up to 10-60% faster than + Python 3.10. On average, we measured a 1.22x speedup on the + standard benchmark suite. See Faster CPython for details. + - Typing and typing language changes + - PEP 673 -- Self Type + - PEP 646 -- Variadic Generics + - PEP 675 -- Arbitrary Literal String Type + - PEP 655 -- Marking individual TypedDict items as required + or potentially-missing + - PEP 681 -- Data Class Transforms +- (just changes from 3.11.0rc2): + - Fix multiplying a list by an integer (list *= int): detect + the integer overflow when the new allocated length is close + to the maximum size. Issue reported by Jordan Limor. Patch by + Victor Stinner. + - On Linux the multiprocessing module returns to using + filesystem backed unix domain sockets for communication + with the forkserver process instead of the Linux abstract + socket namespace. Only code that chooses to use the + “forkserver” start method is affected. Abstract sockets have + no permissions and could allow any user on the system in the + same network namespace (often the whole system) to inject + code into the multiprocessing forkserver process. This was + a potential privilege escalation. Filesystem based socket + permissions restrict this to the forkserver process user as + was the default in Python 3.8 and earlier. This prevents + Linux CVE-2022-42919. + - Fix an issue where several frame objects could be backed by + the same interpreter frame, possibly leading to corrupted + memory and hard crashes of the interpreter. + - Fix possible data corruption or crashes when accessing the + f_back member of newly-created generator or coroutine frames. + - Fix a crash occurring when PyEval_GetFrame() is called while + the topmost Python frame is in a partially-initialized state. + - Fix command line parsing: reject -X int_max_str_digits option + with no value (invalid) when the PYTHONINTMAXSTRDIGITS + environment variable is set to a valid limit. Patch by Victor + Stinner. + - Fix undefined behaviour in _testcapimodule.c. + - When ValueError is raised if an integer is larger than the + limit, mention the sys.set_int_max_str_digits() function in + the error message. Patch by Victor Stinner. + - Correctly raise SyntaxError on exception groups (PEP 654) on + python versions prior to 3.11 + - Document some places where an assignment expression needs + parentheses. + - Update the bundled copies of pip and setuptools to versions + 22.3 and 65.5.0 respectively. + - fix Flag to use boundary CONFORM + - This restores previous Flag behavior of allowing flags with + non-sequential values to be combined; e.g. + - class Skip(Flag): TWO = 2 EIGHT = 8 + - Skip.TWO | Skip.EIGHT -> + - Fix ! in c domain ref target syntax via a conf.py patch, so + it works as intended to disable ref target resolution. + - Update tutorial introduction output to use 3.10+ SyntaxError + invalid range. + +------------------------------------------------------------------- +Fri Oct 21 10:14:03 UTC 2022 - Matej Cepl + +- Add 98437-sphinx.locale._-as-gettext-in-pyspecific.patch to + allow building of documentation with the latest Sphinx 5.3.0 + (gh#python/cpython#98366). + +------------------------------------------------------------------- +Thu Sep 15 08:43:07 UTC 2022 - Matej Cepl + +- Update to 3.11.0rc2: + - Converting between int and str in bases other than 2 + (binary), 4, 8 (octal), 16 (hexadecimal), or 32 such as base + 10 (decimal) now raises a ValueError if the number of digits + in string form is above a limit to avoid potential denial of + service attacks due to the algorithmic complexity. This is + a mitigation for CVE-2020-10735. + This new limit can be configured or disabled by environment + variable, command line flag, or sys APIs. See the integer + string conversion length limitation documentation. The + default limit is 4300 digits in string form. + - Fix case of undefined behavior in ceval.c + - Do not expose KeyWrapper in _functools. + - Ensure that tracing, sys.setrace(), is turned on + immediately. In pre-release versions of 3.11, some tracing + events might have been lost when turning on tracing in a + __del__ method or interrupt. + - Fix use after free in trace refs build mode. Patch by Kumar + Aditya. + - When loading a file with invalid UTF-8 inside a multi-line + string, a correct SyntaxError is emitted. + - Make sure that incomplete frames do not show up in + tracemalloc traces. + - Remove two cases of undefined behavior, by adding NULL + checks. + - Fix possible NULL pointer dereference in + _PyThread_CurrentFrames. Patch by Kumar Aditya. + - Fix AttributeError missing name and obj attributes in + object.__getattribute__(). Patch by Philip Georgi. + - Loading a file with invalid UTF-8 will now report the broken + character at the correct location. + - Fixed a bug that caused _PyCode_GetExtra to return garbage + for negative indexes. Patch by Pablo Galindo + - Fix a deadlock in PyGILState_Ensure() when allocating new + thread state. Patch by Kumar Aditya. + - PyType_Ready() now initializes ht_cached_keys and performs + additional checks to ensure that type objects are properly + configured. This avoids crashes in 3rd party packages that + don’t use regular API to create new types. + - Skip over incomplete frames in PyThreadState_GetFrame(). + - Fix format string in _PyPegen_raise_error_known_location that + can lead to memory corruption on some 64bit systems. The + function was building a tuple with i (int) instead of n + (Py_ssize_t) for Py_ssize_t arguments. + - Fix misleading contents of error message when converting an + all-whitespace string to float. + - ast.parse() will no longer parse function definitions with + positional-only params when passed feature_version less than + (3, 8). Patch by Shantanu Jain. + - Fix incorrect error message in the io module. + - Fix the faulthandler implementation of + faulthandler.register(signal, chain=True) if the sigaction() + function is not available: don’t call the previous signal + handler if it’s NULL. Patch by Victor Stinner. + - Correct conversion of numbers.Rational’s to float. + - Fix TypeVarTuple.__typing_prepare_subst__. TypeError was not + raised when using more than one TypeVarTuple, like [*T, *V] + in type alias substitutions. + - Fix asyncio.streams.StreamReaderProtocol to keep a strong + reference to the created task, so that it’s not garbage + collected + - Fix a performance regression in logging + TimedRotatingFileHandler. Only check for special files when + the rollover time has passed. + - Fix unused localName parameter in the Attr class in + xml.dom.minidom. + - Fix incorrect condition that causes sys.thread_info.name to + be wrong on pthread platforms. + - Remove an incompatible change from bpo-28080 that caused a + regression that ignored the utf8 in ZipInfo.flag_bits. Patch + by Pablo Galindo. + - Fix asyncio.Runner to call asyncio.set_event_loop() only + once to avoid calling attach_loop() multiple times on child + watchers. Patch by Kumar Aditya. + - Fix unittest.IsolatedAsyncioTestCase to set event loop before + calling setup functions. Patch by Kumar Aditya. + - When a task catches asyncio.CancelledError and raises some + other error, the other error should generally not silently be + suppressed. + - Fail gracefully if EPERM or ENOSYS is raised when loading + crypt methods. This may happen when trying to load MD5 on a + Linux kernel with FIPS enabled. + - Allow asyncio.StreamWriter.drain() to be awaited concurrently + by multiple tasks. Patch by Kumar Aditya. + - Fix ast.unparse() when ImportFrom.level is None + - Improve discoverability of the higher level + concurrent.futures module by providing clearer links from the + lower level threading and multiprocessing modules. + - What’s New 3.11 now has instructions for how to provide + compiler and linker flags for Tcl/Tk and OpenSSL on RHEL 7 + and CentOS 7. + - Mitigate the inherent race condition from using + find_unused_port() in testSockName() by trying to find an + unused port a few times before failing. Patch by Ross Burton. + - Build and test with OpenSSL 1.1.1q +- Use support-expat-CVE-2022-25236-patched.patch from the current + version of gh#python/cpython#93900 instead of the old + support-expat-245.patch. +- Reapply fix_configure_rst.patch. + +------------------------------------------------------------------- +Mon Sep 5 08:43:49 UTC 2022 - Andreas Schwab + +- Increase testsuite timeout for test_freeze_simple_script + +------------------------------------------------------------------- +Sat Aug 20 21:31:40 UTC 2022 - Matej Cepl + +- fix import_failed.map to refer to the python 3.11 package versions + +------------------------------------------------------------------- +Sat Aug 20 14:05:21 UTC 2022 - Matej Cepl + +- Update to 3.11.0rc1: + - Core and Builtins + - Update code object hashing and equality to consider all + debugging and exception handling tables. This fixes an + issue where certain non-identical code objects could be + “deduplicated” during compilation. + - _PyPegen_Parser_New now properly detects token memory + allocation errors. Patch by Honglin Zhu. + - Run Python code in tracer/profiler function at full + speed. Fixes slowdown in earlier versions of 3.11. + - Emit a warning in debug mode if an object does not call + PyObject_GC_UnTrack() before deallocation. Patch by Pablo + Galindo. + - Prevented crashes in the AST constructor when + compiling some absurdly long expressions like + "+0"*1000000. RecursionError is now raised instead. Patch + by Pablo Galindo + - ast.AST node positions are now validated when provided to + compile() and other related functions. If invalid positions + are detected, a ValueError will be raised. + - Fix error detection in some builtin functions when keyword + argument name is an instance of a str subclass with + overloaded __eq__ and __hash__. Previously it could cause + SystemError or other undesired behavior. + - Library + - Update bundled pip to 22.2.2. + - Fix asyncio.TaskGroup to propagate exception when + asyncio.CancelledError was replaced with another exception + by a context manger. Patch by Kumar Aditya and Guido van + Rossum. + - Update bundled pip to 22.2.1. + - Fix GC crash when deallocating _lsprof.Profiler by + untracking it before calling any callbacks. Patch by Kumar + Aditya. + - Fix asyncio.run() for asyncio.Task implementations without + uncancel() method. Patch by Kumar Aditya. + - Fix check for existence of os.EFD_CLOEXEC, os.EFD_NONBLOCK + and os.EFD_SEMAPHORE flags on older kernel versions where + these flags are not present. Patch by Kumar Aditya. + - Fix concurrent.futures.Executor.map() to cancel the + currently waiting on future on an error - e.g. TimeoutError + or KeyboardInterrupt. + - Ensure that timeouts scheduled with asyncio.Timeout that + have already expired are delivered promptly. + - Suppress writing an XML declaration in open files + in ElementTree.write() with encoding='unicode' and + xml_declaration=None. + - Fix findtext in the xml module to only give an empty string + when the text attribute is set to None. + - Documentation + - Fix stylesheet not working in Windows CHM htmlhelp docs + and add warning that they are deprecated. Contributed by + C.A.M. Gerlach. + - Update library documentation with availability information + on WebAssembly platforms wasm32-emscripten and wasm32-wasi. + - Use consistent syntax for platform availability. The + directive now supports a content body and emits a warning + when it encounters an unknown platform. + - Document a limitation in ThreadPoolExecutor where its exit + handler is executed before any handlers in atexit. + - Tests + - Lib/test/test_asyncio/test_ssl.py exposed a bug in the + macOS kernel where intense concurrent load on non-blocking + sockets occasionally causes errno.ENOBUFS (“No buffer space + available”) to be emitted. FB11063974 filed with Apple, in + the mean time as a workaround buffer size used in tests on + macOS is decreased to avoid intermittent failures. Patch by + Fantix King. + - Fix problem with test_ssl test_get_ciphers on systems that + require perfect forward secrecy (PFS) ciphers. + - Add a regression test for re exponentional slowdown when + using rjsmin. + - Build + - Fix a regression in configure script that caused some + header checks to ignore custom CPPFLAGS. The regression was + introduced in gh-94802. + - wasm32-wasi builds no longer depend on WASIX’s pthread + stubs. Python now has its own stubbed pthread API. + - Python now detects missing dup function in WASI and works + around some missing errno, select, and socket constants. + - Python now skips missing socket functions and methods on + WASI. WASI can only create sockets from existing fd / + accept and has no netdb. + - Platforms wasm32-unknown-emscripten and wasm32-unknown-wasi + have been promoted to PEP 11 tier 3 platform support. + - IDLE + - Document handling of extensions in Save As dialogs. + - Include prompts when saving Shell (interactive input and + output). + - Fix the Shell context menu copy-with-prompts bug of copying + an extra line when one selects whole lines. + - In the Edit menu, move Select All and add a new separator. + - Enable using IDLE’s module browser with .pyw files. + - Add .pyi as a recognized extension for IDLE on macOS. This + allows opening stub files by double clicking on them in the + Finder. + - C API + - Restore the 3.10 behavior for multiple inheritance of C + extension classes that store their dictionary at the end of + the struct. + - Added PyCode_GetVarnames(), PyCode_GetCellvars() and + PyCode_GetFreevars() for accessing co_varnames, co_cellvars + and co_freevars respectively via the C API. + +------------------------------------------------------------------- +Tue Jul 26 10:37:31 UTC 2022 - Matej Cepl + +- Update to 3.11.0b5: + - Core and Builtins + - gh-93351: ast.AST node positions are now validated when + provided to compile() and other related functions. If + invalid positions are detected, a ValueError will be + raised. + - gh-94438: Fix an issue that caused extended opcode + arguments and some conditional pops to be ignored when + calculating valid jump targets for assignments to the + f_lineno attribute of frame objects. In some cases, this + could cause inconsistent internal state, resulting in a + hard crash of the interpreter. + - gh-95060: Undocumented PyCode_Addr2Location function now + properly returns when addrq argument is less than zero. + - gh-95113: Replace all EXTENDED_ARG_QUICK instructions + with basic EXTENDED_ARG instructions in unquickened + code. Consumers of non-adaptive bytecode should be able to + handle extended arguments the same way they were handled in + CPython 3.10 and older. + - gh-91409: Fix incorrect source location info caused by + certain optimizations in the bytecode compiler. + - gh-94036: Fix incorrect source location info for some + multi-line attribute accesses and method calls. + - gh-94739: Allow jumping within, out of, and across + exception handlers in the debugger. + - gh-94949: ast.parse() will no longer parse parenthesized + context managers when passed feature_version less than (3, + 9). Patch by Shantanu Jain. + - gh-94947: ast.parse() will no longer parse assignment + expressions when passed feature_version less than (3, + 8). Patch by Shantanu Jain. + - gh-91256: Ensures the program name is known for help text + during interpreter startup. + - gh-94869: Fix the column offsets for some expressions in + multi-line f-strings ast nodes. Patch by Pablo Galindo. + - gh-94822: Fix an issue where lookups of metaclass + descriptors may be ignored when an identically-named + attribute also exists on the class itself. + - gh-91153: Fix an issue where a bytearray item assignment + could crash if it’s resized by the new value’s __index__() + method. + - gh-90699: Fix reference counting bug in + bool.__repr__(). Patch by Kumar Aditya. + - Library + - gh-95087: Fix IndexError in parsing invalid date in the + email module. + - gh-95199: Upgrade bundled setuptools to 63.2.0. + - gh-95194: Upgrade bundled pip to 22.2. + - gh-95132: Fix a sqlite3 regression where *args and **kwds + were incorrectly relayed from connect() to the Connection + factory. The regression was introduced in 3.11a1 with PR + 24421 (gh-85128). Patch by Erlend E. Aasland.` + - gh-93157: Fix fileinput module didn’t support errors option + when inplace is true. + - gh-95105: wsgiref.types.InputStream.__iter__() should + return Iterator[bytes], not Iterable[bytes]. Patch by + Shantanu Jain. + - gh-94857: Fix refleak in + _io.TextIOWrapper.reconfigure. Patch by Kumar Aditya. + - gh-94821: Fix binding of unix socket to empty address + on Linux to use an available address from the abstract + namespace, instead of “0”. + - gh-89988: Fix memory leak in pickle.Pickler when looking up + dispatch_table. Patch by Kumar Aditya. + - bpo-47025: Drop support for bytes on sys.path. + - Tests + - gh-95212: Make multiprocessing test case + test_shared_memory_recreate parallel-safe. + - Build + - gh-94847: Fixed _decimal module build issue on GCC when + compiling with LTO and pydebug. Debug builds no longer + force inlining of functions. + - gh-94841: Fix the possible performance regression of + PyObject_Free() compiled with MSVC version 1932. + - gh-94801: configure now uses custom flags like ZLIB_CFLAGS + and ZLIB_LIBS when searching for headers and libraries. + - gh-94773: deepfreeze.py now supports code object with + frozensets that contain incompatible, unsortable types. + - C API + - gh-94930: Fix SystemError raised when + PyArg_ParseTupleAndKeywords() is used with # in (...) but + without PY_SSIZE_T_CLEAN defined. + - gh-94864: Fix PyArg_Parse* with deprecated format units “u” + and “Z”. It returned 1 (success) when warnings are turned + into exceptions. + - gh-94731: Python again uses C-style casts for + most casting operations when compiled with + C++. This may trigger compiler warnings, if they + are enabled with e.g. -Wold-style-cast `` or + ``-Wzero-as-null-pointer-constant options for g++. + +------------------------------------------------------------------- +Thu Jul 21 14:19:53 UTC 2022 - Matej Cepl + +- Switch from %primary_interpreter to prjconf-defined + %primary_python (gh#openSUSE/python-rpm-macros#127). + +------------------------------------------------------------------- +Thu Jul 14 15:37:35 UTC 2022 - Matej Cepl + +- Update to 3.11.0b4: +- Fixes many bugs and adds following more significant changes +- Security + - gh-68966: The deprecated mailcap module now refuses to inject + Coreunsafe text (filenames, MIME types, parameters) into + shell Corecommands. Instead of using such text, it will + warn and act Coreas if a match was not found (or for test + commands, as if the Coretest failed). and Builtins + - gh-93516: Lazily create a table mapping bytecode offsets to + line numbers to speed up calculation of line numbers when + tracing. + - gh-93461: importlib.invalidate_caches() now drops entries + from sys.path_importer_cache with a relative path as + name. This solves a caching issue when a process changes its + current working directory. + - FileFinder no longer inserts a dot in the path, e.g. + /egg/./spam is now /egg/spam. +Library + - gh-93896: Fix asyncio.run() and + unittest.IsolatedAsyncioTestCase to always the set event loop + as it was done in Python 3.10 and earlier. Patch by Kumar + Aditya. + - gh-94101: Manual instantiation of ssl.SSLSession objects is + no longer allowed as it lead to misconfigured instances that + crashed the interpreter when attributes where accessed on + them. + - gh-83658: Make multiprocessing.Pool raise an exception if + maxtasksperchild is not None or a positive int. + - gh-61162: Clarify sqlite3 behavior when Using the connection + as a context manager. +Tools/Demos + - gh-94538: Fix Argument Clinic output to custom file + destinations. Patch by Erlend E. Aasland. +C API + - gh-93937: The following frame functions and type are now + directly available with #include , it’s no longer + needed to add #include : + PyFrame_Check() + PyFrame_GetBack() + PyFrame_GetBuiltins() + PyFrame_GetGenerator() + PyFrame_GetGlobals() + PyFrame_GetLasti() + PyFrame_GetLocals() + PyFrame_Type + +------------------------------------------------------------------- +Tue May 31 20:54:36 UTC 2022 - Matej Cepl + +- Update to 3.11.0b2: + - many small updates +- Add patch support-expat-245.patch: + * Support Expat >= 2.4.4 (jsc#SLE-21253) + +------------------------------------------------------------------- +Tue May 10 15:01:18 UTC 2022 - Matej Cepl + +- Refresh bluez-devel-vendor.tar.xz +- Fix building with system-expat (gh#python/cpython#92875). Nope, + it didn't work, worked around it. + +------------------------------------------------------------------- +Mon May 9 15:09:03 UTC 2022 - Matej Cepl + +- Update to pre-release version 3.11.0b1: + - PEP 657 – Include Fine-Grained Error Locations in Tracebacks + - PEP 654 – Exception Groups and except* + - PEP 673 – Self Type + - PEP 646 – Variadic Generics + - PEP 680– tomllib: Support for Parsing TOML in the Standard Library + - PEP 675– Arbitrary Literal String Type + - PEP 655– Marking individual TypedDict items as required or potentially-missing + - bpo-46752– Introduce task groups to asyncio + - The Faster Cpython Project is already yielding some exciting + results. Python 3.11 is up to 10-60% faster than Python + 3.10. On average, we measured a 1.22x speedup on the standard + benchmark suite. See + https://docs.python.org/3.11/whatsnew/3.11.html#faster-cpython + for details. + +------------------------------------------------------------------- +Thu May 5 14:35:56 UTC 2022 - Matej Cepl + +- Switch primary_interpreter from python38 to python310 + +------------------------------------------------------------------- +Sat Mar 26 22:52:45 UTC 2022 - Matej Cepl + +- Update to 3.10.4: + - bpo-46968: Check for the existence of the “sys/auxv.h” header + in faulthandler to avoid compilation problems in systems + where this header doesn’t exist. Patch by Pablo Galindo + - bpo-23691: Protect the re.finditer() iterator from + re-entering. + - bpo-42369: Fix thread safety of zipfile._SharedFile.tell() to + avoid a “zipfile.BadZipFile: Bad CRC-32 for file” exception + when reading a ZipFile from multiple threads. + - bpo-38256: Fix binascii.crc32() when it is compiled to use + zlib’c crc32 to work properly on inputs 4+GiB in length + instead of returning the wrong result. The workaround prior + to this was to always feed the function data in increments + smaller than 4GiB or to just call the zlib module function. + - bpo-39394: A warning about inline flags not at the start of + the regular expression now contains the position of the flag. + - bpo-47061: Deprecate the various modules listed by PEP 594: + - aifc, asynchat, asyncore, audioop, cgi, cgitb, chunk, crypt, + imghdr, msilib, nntplib, nis, ossaudiodev, pipes, smtpd, + sndhdr, spwd, sunau, telnetlib, uu, xdrlib + - bpo-2604: Fix bug where doctests using globals would fail + when run multiple times. + - bpo-45997: Fix asyncio.Semaphore re-aquiring FIFO order. + - bpo-47022: The asynchat, asyncore and smtpd modules have been + deprecated since at least Python 3.6. Their documentation and + deprecation warnings and have now been updated to note they + will removed in Python 3.12 (PEP 594). + - bpo-46421: Fix a unittest issue where if the command was + invoked as python -m unittest and the filename(s) began with + a dot (.), a ValueError is returned. + - bpo-40296: Fix supporting generic aliases in pydoc. + +- Update to 3.10.3: + - bpo-46940: Avoid overriding AttributeError metadata + information for nested attribute access calls. Patch by Pablo + Galindo. + - bpo-46852: Rename the private undocumented + float.__set_format__() method to float.__setformat__() to fix + a typo introduced in Python 3.7. The method is only used by + test_float. Patch by Victor Stinner. + - bpo-46794: Bump up the libexpat version into 2.4.6 + - bpo-46820: Fix parsing a numeric literal immediately (without + spaces) followed by “not in” keywords, like in 1not in x. Now + the parser only emits a warning, not a syntax error. + - bpo-46762: Fix an assert failure in debug builds when a ‘<’, + ‘>’, or ‘=’ is the last character in an f-string that’s + missing a closing right brace. + - bpo-46724: Make sure that all backwards jumps use the + JUMP_ABSOLUTE instruction, rather than JUMP_FORWARD with an + argument of (2**32)+offset. + - bpo-46732: Correct the docstring for the __bool__() method. + Patch by Jelle Zijlstra. + - bpo-46707: Avoid potential exponential backtracking when + producing some syntax errors involving lots of brackets. + Patch by Pablo Galindo. + - bpo-40479: Add a missing call to va_end() in + Modules/_hashopenssl.c. + - bpo-46615: When iterating over sets internally in + setobject.c, acquire strong references to the resulting items + from the set. This prevents crashes in corner-cases of + various set operations where the set gets mutated. + - bpo-45773: Remove two invalid “peephole” optimizations from + the bytecode compiler. + - bpo-43721: Fix docstrings of getter, setter, and deleter to + clarify that they create a new copy of the property. + - bpo-46503: Fix an assert when parsing some invalid N escape + sequences in f-strings. + - bpo-46417: Fix a race condition on setting a type __bases__ + attribute: the internal function add_subclass() now gets the + PyTypeObject.tp_subclasses member after calling + PyWeakref_NewRef() which can trigger a garbage collection + which can indirectly modify PyTypeObject.tp_subclasses. Patch + by Victor Stinner. + - bpo-46383: Fix invalid signature of _zoneinfo’s module_free + function to resolve a crash on wasm32-emscripten platform. + - bpo-46070: Py_EndInterpreter() now explicitly untracks all + objects currently tracked by the GC. Previously, if an object + was used later by another interpreter, calling + PyObject_GC_UnTrack() on the object crashed if the previous + or the next object of the PyGC_Head structure became + a dangling pointer. Patch by Victor Stinner. + - bpo-46339: Fix a crash in the parser when retrieving the + error text for multi-line f-strings expressions that do not + start in the first line of the string. Patch by Pablo Galindo + - bpo-46240: Correct the error message for unclosed parentheses + when the tokenizer doesn’t reach the end of the source when + the error is reported. Patch by Pablo Galindo + - bpo-46091: Correctly calculate indentation levels for lines + with whitespace character that are ended by line continuation + characters. Patch by Pablo Galindo + - bpo-43253: Fix a crash when closing transports where the + underlying socket handle is already invalid on the Proactor + event loop. + - bpo-47004: Apply bugfixes from importlib_metadata 4.11.3, + including bugfix for EntryPoint.extras, which was returning + match objects and not the extras strings. + - bpo-46985: Upgrade pip wheel bundled with ensurepip (pip + 22.0.4) + - bpo-46968: faulthandler: On Linux 5.14 and newer, dynamically + determine size of signal handler stack size CPython allocates + using getauxval(AT_MINSIGSTKSZ). This changes allows for + Python extension’s request to Linux kernel to use AMX_TILE + instruction set on Sapphire Rapids Xeon processor to succeed, + unblocking use of the ISA in frameworks. + - bpo-46955: Expose asyncio.base_events.Server as + asyncio.Server. Patch by Stefan Zabka. + - bpo-23325: The signal module no longer assumes that SIG_IGN + and SIG_DFL are small int singletons. + - bpo-46932: Update bundled libexpat to 2.4.7 + - bpo-25707: Fixed a file leak in + xml.etree.ElementTree.iterparse() when the iterator is not + exhausted. Patch by Jacob Walls. + - bpo-44886: Inherit asyncio proactor datagram transport from + asyncio.DatagramTransport. + - bpo-46827: Support UDP sockets in asyncio.loop.sock_connect() + for selector-based event loops. Patch by Thomas Grainger. + - bpo-46811: Make test suite support Expat >=2.4.5 + - bpo-46252: Raise TypeError if ssl.SSLSocket is passed to + transport-based APIs. + - bpo-46784: Fix libexpat symbols collisions with user + dynamically loaded or statically linked libexpat in embedded + Python. + - bpo-39327: shutil.rmtree() can now work with VirtualBox + shared folders when running from the guest operating-system. + - bpo-46756: Fix a bug in + urllib.request.HTTPPasswordMgr.find_user_password() and + urllib.request.HTTPPasswordMgrWithPriorAuth.is_authenticated() + which allowed to bypass authorization. For example, access to + URI example.org/foobar was allowed if the user was authorized + for URI example.org/foo. + - bpo-46643: In typing.get_type_hints(), support evaluating + stringified ParamSpecArgs and ParamSpecKwargs annotations. + Patch by Gregory Beauregard. + - bpo-45863: When the tarfile module creates a pax format + archive, it will put an integer representation of timestamps + in the ustar header (if possible) for the benefit of older + unarchivers, in addition to the existing full-precision + timestamps in the pax extended header. + - bpo-46676: Make typing.ParamSpec args and kwargs equal to + themselves. Patch by Gregory Beauregard. + - bpo-46672: Fix NameError in asyncio.gather() when initial + type check fails. + - bpo-46655: In typing.get_type_hints(), support evaluating + bare stringified TypeAlias annotations. Patch by Gregory + Beauregard. + - bpo-45948: Fixed a discrepancy in the C implementation of the + xml.etree.ElementTree module. Now, instantiating an + xml.etree.ElementTree.XMLParser with a target=None keyword + provides a default xml.etree.ElementTree.TreeBuilder target + as the Python implementation does. + - bpo-46521: Fix a bug in the codeop module that was + incorrectly identifying invalid code involving string quotes + as valid code. + - bpo-46581: Brings ParamSpec propagation for GenericAlias in + line with Concatenate (and others). + - bpo-46591: Make the IDLE doc URL on the About IDLE dialog + clickable. + - bpo-46400: expat: Update libexpat from 2.4.1 to 2.4.4 + - bpo-46487: Add the get_write_buffer_limits method to + asyncio.transports.WriteTransport and to the SSL transport. + - bpo-45173: Note the configparser deprecations will be removed + in Python 3.12. + - bpo-46539: In typing.get_type_hints(), support evaluating + stringified ClassVar and Final annotations inside Annotated. + Patch by Gregory Beauregard. + - bpo-46491: Allow typing.Annotated to wrap typing.Final and + typing.ClassVar. Patch by Gregory Beauregard. + - bpo-46436: Fix command-line option -d/--directory in module + http.server which is ignored when combined with command-line + option --cgi. Patch by Géry Ogam. + - bpo-41403: Make mock.patch() raise a TypeError with + a relevant error message on invalid arg. Previously it + allowed a cryptic AttributeError to escape. + - bpo-46474: In importlib.metadata.EntryPoint.pattern, avoid + potential REDoS by limiting ambiguity in consecutive + whitespace. + - bpo-46469: asyncio generic classes now return + types.GenericAlias in __class_getitem__ instead of the same + class. + - bpo-46434: pdb now gracefully handles help when __doc__ is + missing, for example when run with pregenerated optimized + .pyc files. + - bpo-46333: The __eq__() and __hash__() methods of + typing.ForwardRef now honor the module parameter of + typing.ForwardRef. Forward references from different modules + are now differentiated. + - bpo-46246: Add missing __slots__ to + importlib.metadata.DeprecatedList. Patch by Arie Bovenberg. + - bpo-46266: Improve day constants in calendar. + - Now all constants (MONDAY … SUNDAY) are documented, tested, + and added to __all__. + - bpo-46232: The ssl module now handles certificates with bit + strings in DN correctly. + - bpo-43118: Fix a bug in inspect.signature() that was causing + it to fail on some subclasses of classes with + a __text_signature__ referencing module globals. Patch by + Weipeng Hong. + - bpo-26552: Fixed case where failing asyncio.ensure_future() + did not close the coroutine. Patch by Kumar Aditya. + - bpo-21987: Fix an issue with tarfile.TarFile.getmember() + getting a directory name with a trailing slash. + - bpo-20392: Fix inconsistency with uppercase file extensions + in MimeTypes.guess_type(). Patch by Kumar Aditya. + - bpo-46080: Fix exception in argparse help text generation if + a argparse.BooleanOptionalAction argument’s default is + argparse.SUPPRESS and it has help specified. Patch by Felix + Fontein. + - bpo-44439: Fix .write() method of a member file in ZipFile, + when the input data is an object that supports the buffer + protocol, the file length may be wrong. + - bpo-45703: When a namespace package is imported before + another module from the same namespace is created/installed + in a different sys.path location while the program is + running, calling the importlib.invalidate_caches() function + will now also guarantee the new module is noticed. + - bpo-24959: Fix bug where unittest sometimes drops frames from + tracebacks of exceptions raised in tests. + - bpo-44791: Fix substitution of ParamSpec in Concatenate with + different parameter expressions. Substitution with a list of + types returns now a tuple of types. Substitution with + Concatenate returns now a Concatenate with concatenated lists + of arguments. + - bpo-14156: argparse.FileType now supports an argument of ‘-’ + in binary mode, returning the .buffer attribute of + sys.stdin/sys.stdout as appropriate. Modes including ‘x’ and + ‘a’ are treated equivalently to ‘w’ when argument is ‘-’. + Patch contributed by Josh Rosenberg + - bpo-46463: Fixes escape4chm.py script used when building the + CHM documentation file + - bpo-46913: Fix test_faulthandler.test_sigfpe() if Python is + built with undefined behavior sanitizer (UBSAN): disable + UBSAN on the faulthandler_sigfpe() function. Patch by Victor + Stinner. + - bpo-46708: Prevent default asyncio event loop policy + modification warning after test_asyncio execution. + - bpo-46678: The function make_legacy_pyc in + Lib/test/support/import_helper.py no longer fails when + PYTHONPYCACHEPREFIX is set to a directory on a different + device from where tempfiles are stored. + - bpo-46616: Ensures test_importlib.test_windows cleans up + registry keys after completion. + - bpo-44359: test_ftplib now silently ignores socket errors to + prevent logging unhandled threading exceptions. Patch by + Victor Stinner. + - bpo-46542: Fix a Python crash in test_lib2to3 when using + Python built in debug mode: limit the recursion limit. Patch + by Victor Stinner. + - bpo-46576: test_peg_generator now disables compiler + optimization when testing compilation of its own C extensions + to significantly speed up the testing on non-debug builds of + CPython. + - bpo-46542: Fix test_json tests checking for RecursionError: + modify these tests to use support.infinite_recursion(). Patch + by Victor Stinner. + - bpo-13886: Skip test_builtin PTY tests on non-ASCII + characters if the readline module is loaded. The readline + module changes input() behavior, but test_builtin is not + intented to test the readline module. Patch by Victor + Stinner. + - bpo-38472: Fix GCC detection in setup.py when + cross-compiling. The C compiler is now run with LC_ALL=C. + Previously, the detection failed with a German locale. + - bpo-46513: configure no longer uses AC_C_CHAR_UNSIGNED macro + and pyconfig.h no longer defines reserved symbol + __CHAR_UNSIGNED__. + - bpo-45296: Clarify close, quit, and exit in IDLE. In the File + menu, ‘Close’ and ‘Exit’ are now ‘Close Window’ (the current + one) and ‘Exit’ is now ‘Exit IDLE’ (by closing all windows). + In Shell, ‘quit()’ and ‘exit()’ mean ‘close Shell’. If there + are no other windows, this also exits IDLE. + - bpo-45447: Apply IDLE syntax highlighting to pyi files. Patch + by Alex Waygood and Terry Jan Reedy. + - bpo-46433: The internal function _PyType_GetModuleByDef now + correctly handles inheritance patterns involving static + types. + - bpo-14916: Fixed bug in the tokenizer that prevented + PyRun_InteractiveOne from parsing from the provided FD. + +- Remove upstreamed patches: + - support-expat-245.patch + +------------------------------------------------------------------- +Tue Feb 22 05:53:06 UTC 2022 - Steve Kowalik + +- Add patch support-expat-245.patch: + * Support Expat >= 2.4.5 + +------------------------------------------------------------------- +Tue Feb 15 23:05:55 UTC 2022 - Matej Cepl + +- bsc#1195831 Obsolete older "most modern" versions of python + packages (python39 for python310 and so forth). For next + versions it is necessary just to edit the macro. + +------------------------------------------------------------------- +Tue Jan 25 16:09:25 UTC 2022 - Matej Cepl + +- Remove second superfluous BR rpm-build-python + +------------------------------------------------------------------- +Tue Jan 25 16:09:25 UTC 2022 - Matej Cepl + +- Remove second superfluous BR rpm-build-python +- Add fix_configure_rst.patch, which removes duplicate link + targets and make documentation with old Sphinx in SLE +- Skip test_capi (bsc#1195140 and bpo#37169) + +------------------------------------------------------------------- +Wed Jan 19 22:01:51 UTC 2022 - Matej Cepl + +- Update to 3.10.2: + Bugfix only + - bpo#46347 memory leak in PyEval_EvalCodeEx (especially + visible with Cython code) + - and many others + +------------------------------------------------------------------- +Wed Dec 8 13:07:25 UTC 2021 - Matej Cepl + +- Upgrade to 3.10.1 (jsc#SLE-18038): + - PEP 623 – Deprecate and prepare for the removal of the wstr + member in PyUnicodeObject. + - PEP 604 – Allow writing union types as X | Y + - PEP 612 – Parameter Specification Variables + - PEP 626 – Precise line numbers for debugging and other tools. + - PEP 618 – Add Optional Length-Checking To zip. + - bpo-12782: Parenthesized context managers are now officially + allowed. + - PEP 632 – Deprecate distutils module. + - PEP 613 – Explicit Type Aliases + - PEP 634 – Structural Pattern Matching: Specification + - PEP 635 – Structural Pattern Matching: Motivation and + Rationale + - PEP 636 – Structural Pattern Matching: Tutorial + - PEP 644 – Require OpenSSL 1.1.1 or newer + - PEP 624 – Remove Py_UNICODE encoder APIs + - PEP 597 – Add optional EncodingWarning +- Patches readjusted: + - bpo-31046_ensurepip_honours_prefix.patch + - python-3.3.0b1-fix_date_time_compiler.patch + +------------------------------------------------------------------- +Sat Dec 4 18:40:28 UTC 2021 - Matej Cepl + +- Remove pdb_adjust_breakpoints.patch and instead just adjust location + of the test breakpoint in Lib/test/test_pdb.py via sed, because we + have shortened Lib/pdb.py by removing the shebang (bpo#45964). + +------------------------------------------------------------------- +Thu Dec 2 13:51:57 UTC 2021 - Matej Cepl + +- Add pdb_adjust_breakpoints.patch fixing expectd results in + test_pdb_breakpoints_preserved_across_interactive_sessions + (bpo#45964). + +------------------------------------------------------------------- +Mon Nov 29 00:17:07 UTC 2021 - Matej Cepl + +- Remove shebangs from from python-base libraries in _libdir + (bsc#1193179). +- Readjust patches: + - bpo-31046_ensurepip_honours_prefix.patch + - decimal.patch + - python-3.3.0b1-fix_date_time_compiler.patch + +------------------------------------------------------------------- +Tue Nov 16 16:03:43 UTC 2021 - Matej Cepl + +- Move rpm-build-python construct to correct place. + +------------------------------------------------------------------- +Wed Oct 13 08:52:47 UTC 2021 - Dominique Leuenberger + +- BuildRequire rpm-build-python: The provider to inject python(abi) + has been moved there. rpm-build pulls rpm-build-python + automatically in when building anything against python3-base, but + this implies that the initial build of python3-base does not + trigger the automatic installation. + +------------------------------------------------------------------- +Tue Oct 5 22:36:51 UTC 2021 - Matej Cepl + +- Final release of 3.10.0: + Complete list on https://www.python.org/downloads/release/python-3100/, + but highlights are: + - PEP 623 – Deprecate and prepare for the removal of the wstr + member in PyUnicodeObject. + - PEP 604 – Allow writing union types as X | Y + - PEP 612 – Parameter Specification Variables + - PEP 626 – Precise line numbers for debugging and other + tools. + - PEP 618 – Add Optional Length-Checking To zip. + - PEP 632 – Deprecate distutils module. + - PEP 613 – Explicit Type Aliases + - PEP 634 – Structural Pattern Matching: Specification + - PEP 635 – Structural Pattern Matching: Motivation and + Rationale + - PEP 636 – Structural Pattern Matching: Tutorial + - PEP 644 – Require OpenSSL 1.1.1 or newer + - PEP 624 – Remove Py_UNICODE encoder APIs + - PEP 597 – Add optional EncodingWarning + - bpo-12782: Parenthesized context managers are now officially + allowed. + +------------------------------------------------------------------- +Mon Aug 30 12:48:25 UTC 2021 - Matej Cepl + +- Switch on option --with-system-libmpdec (bsc#1189356). + +------------------------------------------------------------------- +Fri Aug 27 13:15:03 UTC 2021 - Andreas Schwab + +- Reenable profileopt with qemu emulation, test_faulthandler is no longer + run during profiling + +------------------------------------------------------------------- +Thu Aug 12 15:11:39 UTC 2021 - Andreas Schwab + +- test_faulthandler is still problematic under qemu linux-user emulation, + disable it there + +------------------------------------------------------------------- +Wed Aug 11 05:57:11 UTC 2021 - Matej Cepl + +- Update to 3.10.0rc1 (the penultimate prerelease), which contains + plenty of small bugfixes among others: + - bpo#38605: from __future__ import annotations (PEP 563) used to be + on this list in previous pre-releases but it has been postponed to + Python 3.11 due to some compatibility concerns. + - bpo-44600: Fix incorrect line numbers while tracing some failed + patterns in match statements. Patch by Charles Burkland. + - plenty of modifications in types.Union + +------------------------------------------------------------------- +Wed Jul 21 13:44:48 UTC 2021 - Matej Cepl + +- Update to 3.10.0b4: + https://docs.python.org/3.10/whatsnew/changelog.html#python-3-10-0-beta-4 +- Remove python3-imp-returntype.patch which has been upstreamed. + +------------------------------------------------------------------- +Mon Jun 7 15:52:44 UTC 2021 - Matej Cepl + +- Update to 3.10.0b2: + - PEP 623 -- Deprecate and prepare for the removal of the wstr + member in PyUnicodeObject. + - PEP 604 -- Allow writing union types as X | Y + - PEP 612 -- Parameter Specification Variables + - PEP 626 -- Precise line numbers for debugging and other + tools. + - PEP 618 -- Add Optional Length-Checking To zip. + - bpo-12782: Parenthesized context managers are now officially + allowed. + - PEP 632 -- Deprecate distutils module. + - PEP 613 -- Explicit Type Aliases + - PEP 634 -- Structural Pattern Matching: Specification + - PEP 635 -- Structural Pattern Matching: Motivation and + Rationale + - PEP 636 -- Structural Pattern Matching: Tutorial + - PEP 644 -- Require OpenSSL 1.1.1 or newer + - PEP 624 -- Remove Py_UNICODE encoder APIs + - PEP 597 -- Add optional EncodingWarning +- Removed patches (assumed upstream): + - sphinx-update-removed-function.patch + +------------------------------------------------------------------- +Sat Jun 5 21:21:38 UTC 2021 - Matej Cepl + +- Revert previous skip over test_capi +- Add skip-test_pyobject_freed_is_freed.patch to skip failing + test on SLE-15. + +------------------------------------------------------------------- +Fri Jun 4 21:36:30 UTC 2021 - Dirk Müller + +- allow build with Sphinx >= 3.x + +------------------------------------------------------------------- +Wed Jun 2 13:12:04 UTC 2021 - Dan Čermák + +- Exclude test_capi on Leap (test fails there) + +------------------------------------------------------------------- +Fri May 21 15:13:59 UTC 2021 - Matej Cepl + +- Stop providing "python" symbol (bsc#1185588), which means + python2 currently. + +------------------------------------------------------------------- +Wed May 5 15:16:58 UTC 2021 - Matej Cepl + +- Update to 3.9.5: + * Security + - bpo-43434: Creating a sqlite3.Connection object now also + produces a sqlite3.connect auditing event. Previously this + event was only produced by sqlite3.connect() calls. Patch + by Erlend E. Aasland. + - bpo-43882: The presence of newline or tab characters in + parts of a URL could allow some forms of attacks. + - Following the controlling specification for URLs defined by + WHATWG urllib.parse() now removes ASCII newlines and tabs + from URLs, preventing such attacks. + - bpo-43472: Ensures interpreter-level audit hooks receive + the cpython.PyInterpreterState_New event when called + through the _xxsubinterpreters module. + - bpo-36384: ipaddress module no longer accepts any leading + zeros in IPv4 address strings. Leading zeros are ambiguous + and interpreted as octal notation by some libraries. For + example the legacy function socket.inet_aton() treats + leading zeros as octal notatation. glibc implementation of + modern inet_pton() does not accept any leading zeros. For + a while the ipaddress module used to accept ambiguous + leading zeros. + - bpo-43075: Fix Regular Expression Denial of Service (ReDoS) + vulnerability in urllib.request.AbstractBasicAuthHandler. + The ReDoS-vulnerable regex has quadratic worst-case + complexity and it allows cause a denial of service when + identifying crafted invalid RFCs. This ReDoS issue is on + the client side and needs remote attackers to control the + HTTP server. + - bpo-42800: Audit hooks are now fired for frame.f_code, + traceback.tb_frame, and generator code/frame attribute + access. + * Core and Builtins + - bpo-43105: Importlib now resolves relative paths when + creating module spec objects from file locations. + - bpo-42924: Fix bytearray repetition incorrectly copying + data from the start of the buffer, even if the data is + offset within the buffer (e.g. after reassigning a slice at + the start of the bytearray to a shorter byte string). + * Library + - bpo-43993: Update bundled pip to 21.1.1. + - bpo-43937: Fixed the turtle module working with non-default + root window. + - bpo-43930: Update bundled pip to 21.1 and setuptools to + 56.0.0 + - bpo-43920: OpenSSL 3.0.0: load_verify_locations() now + returns a consistent error message when cadata contains no + valid certificate. + - bpo-43607: urllib can now convert Windows paths with \\?\ + prefixes into URL paths. + - bpo-43284: platform.win32_ver derives the windows version + from sys.getwindowsversion().platform_version which in turn + derives the version from kernel32.dll (which can be of + a different version than Windows itself). Therefore change + the platform.win32_ver to determine the version using the + platform module’s _syscmd_ver private function to return an + accurate version. + - bpo-42248: [Enum] ensure exceptions raised in _missing__ + are released + - bpo-43799: OpenSSL 3.0.0: define OPENSSL_API_COMPAT 1.1.1 + to suppress deprecation warnings. Python requires OpenSSL + 1.1.1 APIs. + - bpo-43794: Add ssl.OP_IGNORE_UNEXPECTED_EOF constants + (OpenSSL 3.0.0) + - bpo-43789: OpenSSL 3.0.0: Don’t call the password callback + function a second time when first call has signaled an + error condition. + - bpo-43788: The header files for ssl error codes are now + OpenSSL version-specific. Exceptions will now show correct + reason and library codes. The make_ssl_data.py script has + been rewritten to use OpenSSL’s text file with error codes. + - bpo-43655: tkinter dialog windows are now recognized as + dialogs by window managers on macOS and X Window. + - bpo-43534: turtle.textinput() and turtle.numinput() create + now a transient window working on behalf of the canvas + window. + - bpo-43522: Fix problem with hostname_checks_common_name. + OpenSSL does not copy hostflags from struct SSL_CTX to + struct SSL. + - bpo-42967: Allow bytes separator argument in + urllib.parse.parse_qs and urllib.parse.parse_qsl when + parsing str query strings. Previously, this raised + a TypeError. + - bpo-43176: Fixed processing of a dataclass that inherits + from a frozen dataclass with no fields. It is now correctly + detected as an error. + - bpo-41735: Fix thread locks in zlib module may go wrong in + rare case. Patch by Ma Lin. + - bpo-36470: Fix dataclasses with InitVars and replace(). + Patch by Claudiu Popa. + - bpo-32745: Fix a regression in the handling of ctypes’ + ctypes.c_wchar_p type: embedded null characters would cause + a ValueError to be raised. Patch by Zackery Spytz. + * Documentation + - bpo-43959: The documentation on the PyContextVar C-API was + clarified. + - bpo-43938: Update dataclasses documentation to express that + FrozenInstanceError is derived from AttributeError. + - bpo-43755: Update documentation to reflect that + unparenthesized lambda expressions can no longer be the + expression part in an if clause in comprehensions and + generator expressions since Python 3.9. + - bpo-43739: Fixing the example code in + Doc/extending/extending.rst to declare and initialize the + pmodule variable to be of the right type. + * Tests + - bpo-43961: Fix + test_logging.test_namer_rotator_inheritance() on Windows: + use os.replace() rather than os.rename(). Patch by Victor + Stinner. + - bpo-43842: Fix a race condition in the SMTP test of + test_logging. Don’t close a file descriptor (socket) from + a different thread while asyncore.loop() is polling the + file descriptor. Patch by Victor Stinner. + - bpo-43811: Tests multiple OpenSSL versions on GitHub + Actions. Use ccache to speed up testing. + - bpo-43791: OpenSSL 3.0.0: Disable testing of legacy + protocols TLS 1.0 and 1.1. Tests are failing with + TLSV1_ALERT_INTERNAL_ERROR. +- Refreshed patches: + - bpo-31046_ensurepip_honours_prefix.patch + - python-3.3.0b1-fix_date_time_compiler.patch +- Add vendorized files from bluez-devel to enable building support for + Bluetooth. + +------------------------------------------------------------------- +Sun May 2 09:20:06 UTC 2021 - Ben Greiner + +- Make sure to close the import_failed.map file after the exception + has been raised in order to avoid ResourceWarnings when the + failing import is part of a try...except block. + +------------------------------------------------------------------- +Wed Apr 28 16:39:54 UTC 2021 - Matej Cepl + +- Update to 3.9.4: + - bpo#43710: Reverted the fix for https://bugs.python.org/issue42500 + as it changed the PyThreadState struct size and broke the 3.9.x ABI + in the 3.9.3 release (visible on 32-bit platforms using binaries + compiled using an earlier version of Python 3.9.x headers). + - bpo#26053: Fixed bug where the pdb interactive run command echoed + the args from the shell command line, even if those have been + overridden at the pdb prompt. + - bpo#42988 (bsc#1183374) CVE-2021-3426: Remove the getfile + feature of the pydoc module which could be abused to read + arbitrary files on the disk (directory traversal + vulnerability). Moreover, even source code of Python modules + can contain sensitive data like passwords. Vulnerability + reported by David Schwörer. + - bpo#43285: ftplib no longer trusts the IP address value + returned from the server in response to the PASV command by + default. This prevents a malicious FTP server from using the + response to probe IPv4 address and port combinations on the + client network. Code that requires the former vulnerable + behavior may set a trust_server_pasv_ipv4_address attribute + on their ftplib.FTP instances to True to re-enable it. + - bpo#43439: Add audit hooks for gc.get_objects(), + gc.get_referrers() and gc.get_referents(). Patch by Pablo + Galindo. + - bpo#43660: Fix crash that happens when replacing sys.stderr + with a callable that can remove the object while an exception + is being printed. Patch by Pablo Galindo. + - bpo#43555: Report the column offset for SyntaxError for + invalid line continuation characters. Patch by Pablo Galindo. + - bpo#43517: Fix misdetection of circular imports when using + from pkg.mod import attr, which caused false positives in + non-trivial multi-threaded code. + - bpo#35883: Python no longer fails at startup with a fatal + error if a command line argument contains an invalid Unicode + character. The Py_DecodeLocale() function now escapes byte + sequences which would be decoded as Unicode characters + outside the [U+0000; U+10ffff] range. + - bpo#43406: Fix a possible race condition where + PyErr_CheckSignals tries to execute a non-Python signal + handler. + - bpo#42500: Improve handling of exceptions near recursion + limit. Converts a number of Fatal Errors in RecursionErrors. + - bpo#43433: xmlrpc.client.ServerProxy no longer ignores query + and fragment in the URL of the server. + - bpo#35930: Raising an exception raised in a “future” instance + will create reference cycles. + - bpo#43577: Fix deadlock when using ssl.SSLContext debug + callback with ssl.SSLContext.sni_callback(). + - bpo#43521: ast.unparse can now render NaNs and empty sets. + - bpo#43423: subprocess.communicate() no longer raises an + IndexError when there is an empty stdout or stderr IO buffer + during a timeout on Windows. + - bpo#27820: Fixed long-standing bug of smtplib.SMTP where + doing AUTH LOGIN with initial_response_ok=False will fail. + The cause is that SMTP.auth_login _always_ returns a password + if provided with a challenge string, thus non-compliant with + the standard for AUTH LOGIN. Also fixes bug with the test for + smtpd. + - bpo#43332: Improves the networking efficiency of http.client + when using a proxy via set_tunnel(). Fewer small send calls + are made during connection setup. + - bpo#43399: Fix ElementTree.extend not working on iterators + when using the Python implementation + - bpo#43316: The python -m gzip command line application now + properly fails when detecting an unsupported extension. It + exits with a non-zero exit code and prints an error message + to stderr. + - bpo#43260: Fix TextIOWrapper can not flush internal buffer + forever after very large text is written. + - bpo#42782: Fail fast in shutil.move() to avoid creating + destination directories on failure. + - bpo#37193: Fixed memory leak in socketserver.ThreadingMixIn + introduced in Python 3.7. + - bpo#43199: Answer “Why is there no goto?” in the Design and + History FAQ. + - bpo#43407: Clarified that a result from time.monotonic(), + time.perf_counter(), time.process_time(), or + time.thread_time() can be compared with the result from any + following call to the same function - not just the next + immediate call. + - bpo#27646: Clarify that ‘yield from ’ works with any + iterable, not just iterators. + - bpo#36346: Update some deprecated unicode APIs which are + documented as “will be removed in 4.0” to “3.12”. See PEP 623 + for detail. + - bpo#37945: Fix test_getsetlocale_issue1813() of test_locale: + skip the test if setlocale() fails. Patch by Victor Stinner. + - bpo#41561: Add workaround for Ubuntu’s custom OpenSSL + security level policy. + - bpo#43288: Fix test_importlib to correctly skip Unicode file + tests if the fileystem does not support them. + - bpo#43617: Improve configure.ac: Check for presence of + autoconf-archive package and remove our copies of M4 macros. + - bpo#42225: Document that IDLE can fail on Unix either from + misconfigured IP masquerage rules or failure displaying + complex colored (non-ascii) characters. + - bpo#43283: Document why printing to IDLE’s Shell is often + slower than printing to a system terminal and that it can be + made faster by pre-formatting a single string before + printing. + +------------------------------------------------------------------- +Fri Feb 19 16:58:38 UTC 2021 - Matej Cepl + +- Update to 3.9.2: + - bpo#42938 (bsc#1181126): Avoid static buffers when computing + the repr of ctypes.c_double and ctypes.c_longdouble + values. This issue was assigned CVE-2021-3177. + - bpo#42967 (bsc#1182379): Fix web cache poisoning + vulnerability by defaulting the query args separator to &, + and allowing the user to choose a custom separator. This + issue was assigned CVE-2021-23336. +- Upstreamed patches were removed: + - CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch + - bsc1167501-invalid-alignment.patch + - skip_random_failing_tests.patch + - CVE-2019-5010-null-defer-x509-cert-DOS.patch + +------------------------------------------------------------------- +Tue Feb 9 01:37:59 UTC 2021 - Steve Kowalik + +- Add Obsoletes for python3-base when primary interpreter is set to + properly replace it during upgrades. (bsc#1181324) + +------------------------------------------------------------------- +Mon Feb 8 22:02:03 UTC 2021 - Matej Cepl + +- Update to 3.9.1: + Security bugs: + - Prevented potential DoS attack via CPU and RAM exhaustion + when processing malformed Apple Property List files in binary + format. + - The plistlib module no longer accepts entity declarations in + XML plist files to avoid XML vulnerabilities. This should not + affect users as entity declarations are not used in regular + plist files. + - Add volatile to the accumulator variable in + hmac.compare_digest, making constant-time-defeating + optimizations less likely. + Core and Builtins + - Allow assignment expressions in set literals and set + comprehensions as per PEP 572. Patch by Pablo Galindo. + - Fix a regression introduced by the new parser, where an + unparenthesized walrus operator was not allowed within + generator expressions. + - types.GenericAlias objects can now be the targets of + weakrefs. + - Fixed a bug in the PEG parser that was causing crashes in + debug mode. Now errors are checked in left-recursive rules to + avoid cases where such errors do not get handled in time and + appear as long-distance crashes in other places. + - Fixed a possible crash in the PEG parser when checking for + the ‘!=’ token in the barry_as_flufl rule. Patch by Pablo + Galindo. + - Fix handling of errors during creation of PyFunctionObject, + which resulted in operations on uninitialized memory. Patch + by Yonatan Goldschmidt. + - Fix a bug in the parser, where a curly brace following + a primary didn’t fail immediately. This led to invalid + expressions like a {b} to throw a SyntaxError with a wrong + offset, or invalid expressions ending with a curly brace like + a { to not fail immediately in the REPL. + - Fix possible buffer overflow in the new parser when checking + for continuation lines. Patch by Pablo Galindo. + - Run the parser two times. On the first run, disable all the + rules that only generate better error messages to gain + performance. If there’s a parse failure, run the parser + a second time with those enabled. + - Document the default implementation of object.__eq__. + - Fix peephole optimizer misoptimize conditional jump + + JUMP_IF_NOT_EXC_MATCH pair. + - The garbage collector now tracks all user-defined classes. + Patch by Brandt Bucher. + - Fixed potential issues with removing not completely + initialized module from sys.modules when import fails. + - Star-unpacking is now allowed for with item’s targets in the + PEG parser. + - Fixed stack overflow in issubclass() and isinstance() when + getting the __bases__ attribute leads to infinite recursion. + - When loading a native module and a load failure occurs, + prevent a possible UnicodeDecodeError when not running in + a UTF-8 locale by decoding the load error message using the + current locale’s encoding. + - Correctly count control blocks in ‘except’ in compiler. + Ensures that a syntax error, rather a fatal error, occurs for + deeply nested, named exception handlers. + Library + - types.GenericAlias will now raise a TypeError when attempting + to initialize with a keyword argument. Previously, this would + cause the interpreter to crash if the interpreter was + compiled with debug symbols. This does not affect + interpreters compiled for release. Patch by Ken Jin. + - CGIHTTPRequestHandler.run_cgi() HTTP_ACCEPT improperly + parsed. Replace the special purpose getallmatchingheaders + with generic get_all method and add relevant tests. + - inspect.findsource() now raises OSError instead of IndexError + when co_lineno of a code object is greater than the file + length. This can happen, for example, when a file is edited + after it was imported. PR by Irit Katriel. + - Fix handling of trailing comments by inspect.getsource(). + - ChainMap.__iter__ no longer calls __getitem__ on underlying + maps + - TracebackException no longer holds a reference to the + exception’s traceback object. Consequently, instances of + TracebackException for equivalent but non-equal exceptions + now compare as equal. + - We fixed an issue in pickle.whichmodule in which importing + multiprocessing could change the how pickle identifies which + module an object belongs to, potentially breaking the + unpickling of those objects. + - Clarify the error message for asyncio.IncompleteReadError + when expected is None. + - Extracting a symlink from a tarball should succeed and + overwrite the symlink if it already exists. The fix is to + remove the existing file or symlink before extraction. Based + on patch by Chris AtLee, Jeffrey Kintscher, and Senthil + Kumaran. + - Fixed tkinter.ttk.Style.map(). The function accepts now the + representation of the default state as empty sequence (as + returned by Style.map()). The structure of the result is now + the same on all platform and does not depend on the value of + wantobjects. + - Fix various issues with typing.Literal parameter handling + (flatten, deduplicate, use type to cache key). Patch provided + by Yurii Karabas. + - Fix the threading.Thread class at fork: do nothing if the + thread is already stopped (ex: fork called at Python exit). + Previously, an error was logged in the child process. + - The onerror callback from shutil.rmtree now receives correct + function when os.open fails. + - Fix os.sendfile() on illumos. + - Fixed writing binary Plist files larger than 4 GiB. + - The repr() of typing types containing Generic Alias Types + previously did not show the parameterized types in the + GenericAlias. They have now been changed to do so. + - webbrowser: Ignore NotADirectoryError when calling + xdg-settings. + - binhex.binhex() consisently writes macOS 9 line endings. + - Fix a stack overflow error for asyncio Task or Future repr(). + - The overflow occurs under some circumstances when a Task or + Future recursively returns itself. + - Fix memory leak in subprocess.Popen() in case an uid (gid) + specified in user (group, extra_groups) overflows uid_t + (gid_t). + - Improve asyncio.wait function to create the futures set just + one time. + - InvalidFileException and RecursionError are now the only + errors caused by loading malformed binary Plist file + (previously ValueError and TypeError could be raised in some + specific cases). + - Pickling heap types implemented in C with protocols 0 and + 1 raises now an error instead of producing incorrect data. + - plistlib: fix parsing XML plists with hexadecimal integer + values + - Fix an incorrectly formatted error from + _codecs.charmap_decode() when called with a mapped value + outside the range of valid Unicode code points. PR by Max + Bernstein. + - Fix pickling pure Python datetime.time subclasses. Patch by + Dean Inwood. + - Fixed a bug that was causing ctypes.util.find_library() to + return None when triying to locate a library in an + environment when gcc>=9 is available and ldconfig is not. + Patch by Pablo Galindo + - C14N 2.0 serialisation in xml.etree.ElementTree failed for + unprefixed attributes when a default namespace was defined. + - Fix a bug in the symtable module that was causing + module-scope global variables to not be reported as both + local and global. Patch by Pablo Galindo. + - str() for the type attribute of the tkinter.Event object + always returns now the numeric code returned by Tk instead of + the name of the event type. + - fix tkinter.EventType Enum so all members are strings, and + none are tuples + - Fix SQLite3 segfault when backing up closed database. Patch + contributed by Peter David McCormick. + - Fix the tarfile module to write only basename of TAR file to + GZIP compression header. + - Allow ctypes.wintypes to be imported on non-Windows systems. + - shutil.which() now ignores empty entries in PATHEXT instead + of treating them as a match. + - Fix time-of-check/time-of-action issue in + subprocess.Popen.send_signal. + - Fix --outfile for cProfile / profile not writing the output + file in the original directory when the program being + profiled changes the working directory. PR by Anthony + Sottile. + - ZipFile truncates files to avoid corruption when a shorter + comment is provided in append (“a”) mode. Patch by Jan Mazur. + - Fixed KeyError exception when flattening an email to a string + attempts to replace a non-existent Content-Transfer-Encoding + header. + Documentation + - Fix the URL for the IMAP protocol documents. + - Document __format__ functionality for IP addresses. + - Clarify that subscription expressions are also valid for + certain classes and types in the standard library, and for + user-defined classes and types if the classmethod + __class_getitem__() is provided. + - Documented generic alias type and types.GenericAlias. Also + added an entry in glossary for generic types. + - In Programming FAQ “Sequences (Tuples/Lists)” section, add + “How do you remove multiple items from a list”. + - Fix RemovedInSphinx40Warning when building the documentation. + Patch by Dong-hee Na. + - Update the refcounts info of PyType_FromModuleAndSpec. + - Fix tarfile’s extractfile documentation + - Document some restrictions on the default string + representations of numeric classes. + Tests + - Reenable test_gdb on gdb 9.2 and newer: + https://bugzilla.redhat.com/show_bug.cgi?id=1866884 bug is + fixed in gdb 10.1. + - Fix test_asyncio.test_call_later() race condition: don’t + measure asyncio performance in the call_later() unit test. + The test failed randomly on the CI. + - Include _testinternalcapi module in Windows installer for + test suite + - Fix test_logging.test_race_between_set_target_and_flush(): + the test now waits until all threads complete to avoid + leaking running threads. + - Avoid a test failure in test_lib2to3 if the module has + already imported at the time the test executes. Patch by + Pablo Galindo. + - Tests for CJK codecs no longer call eval() on content + received via HTTP. + - Fix test_site.test_license_exists_at_url(): call + urllib.request.urlcleanup() to reset the global + urllib.request._opener. Patch by Victor Stinner. + - test_ssl: skip test_min_max_version_mismatch when TLS 1.0 is + not available + - Add tests for SIGINT handling in the runpy module. + - Fixed a failure in test_tk.test_widgets.ScaleTest happening + when executing the test with Tk 8.6.10. + Build + - Fix a race condition in “make regen-all” when make -jN option + is used to run jobs in parallel. The clinic.py script now + only use atomic write to write files. Moveover, generated + files are now left unchanged if the content does not change, + to not change the file modification time. + - Update Py_UNREACHABLE to use __builtin_unreachable() if only + the compiler is able to use it. Patch by Dong-hee Na. + - Addressed three compiler warnings found by undefined behavior + sanitizer (ubsan). + IDLE + - Fix reporting offset of the RE error in searchengine. + - Get docstrings for IDLE calltips more often by using + inspect.getdoc. + - Mostly finish using ttk widgets, mainly for editor, settings, + and searches. Some patches by Mark Roseman. + - Use ‘IDLE Shell’ as shell title + - Rewrite the Calltips doc section. + - In calltips, stop reminding that ‘/’ marks the end of + positional-only arguments. + - Typing opening and closing parentheses inside the parentheses + of a function call will no longer cause unnecessary + “flashing” off and on of an existing open call-tip, e.g. when + typed in a string literal. + C API + - Fix potential crash in deallocating method objects when + dynamically allocated PyMethodDef’s lifetime is managed + through the self argument of a PyCFunction. + - Py_FileSystemDefaultEncodeErrors and Py_UTF8Mode are + available again in limited API. +- Readjustet and reapplied patches: + - CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch + - bpo-31046_ensurepip_honours_prefix.patch + - python-3.3.0b1-fix_date_time_compiler.patch + - skip_random_failing_tests.patch + - sphinx-update-removed-function.patch + +------------------------------------------------------------------- +Fri Jan 29 17:22:48 UTC 2021 - Matej Cepl + +- Add CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch fixing + bsc#1181126 (CVE-2021-3177) buffer overflow in PyCArg_repr in + _ctypes/callproc.c, which may lead to remote code execution. + +------------------------------------------------------------------- +Tue Jan 5 09:15:36 UTC 2021 - Matej Cepl + +- (bsc#1180125) We really don't Require python-rpm-macros package. + Unnecessary dependency. + +------------------------------------------------------------------- +Wed Dec 16 16:08:42 UTC 2020 - Matej Cepl + +- Make python39-doc building again +- Add no-skipif-doctests.patch, because SLE-15 version of Sphinx + doesn't know about skipif directive in doctests. + +------------------------------------------------------------------- +Sat Dec 12 14:29:33 UTC 2020 - Matej Cepl + +- Update sphinx-update-removed-function.patch patch to the latest + version in python36. + +------------------------------------------------------------------- +Thu Dec 10 00:26:51 UTC 2020 - Benjamin Greiner + +- Last try before this results in an editwar: + * remove importlib_resources and importlib-metadata + provides/obsoletes + * import importlib_resources is not the same as + import importlib.resources, same for metadata + * The backport packages from PyPI needed for older flavors are + specified as such for setuptools or in pyproject.toml. If a + package requires them they typically add them with a python + version qualifier and the packages have their own version + numbers. + +------------------------------------------------------------------- +Sat Dec 5 16:55:12 UTC 2020 - Matej Cepl + +- Add patch sphinx-update-removed-function.patch to no longer call + a now removed function and to make documentation build independent of + the Sphinx version (bsc#1179630, gh#python/cpython#13236). + +------------------------------------------------------------------- +Fri Nov 13 17:20:08 UTC 2020 - Matej Cepl + +- Don't require packages which break build on SLE-15 although we really + don't need them (python3-python-docs-theme and + python3-sphinxcontrib-qthelp). + +------------------------------------------------------------------- +Fri Oct 9 16:05:50 UTC 2020 - Dominique Leuenberger + +- Fix build with RPM 4.16: error: bare words are no longer + supported, please use "...": x86 == ppc. + +------------------------------------------------------------------- +Tue Oct 6 07:30:56 UTC 2020 - Matej Cepl + +- Update to the final version 3.9.0: + Complete changelog with all (many) + changes from previous version is on + https://docs.python.org/release/3.9.0/whatsnew/3.9.html + Changes from the previous RC versions (not that many) are on + https://docs.python.org/release/3.9.0/whatsnew/changelog.html#changelog + +------------------------------------------------------------------- +Fri Sep 25 06:58:03 UTC 2020 - Dominique Leuenberger + +- Buildrequire timezone only for general flavor. It's used in this + flavor for the test suite. + +------------------------------------------------------------------- +Wed Sep 2 14:39:44 UTC 2020 - Matej Cepl + +- Update to 3.9.0rc1: + * Core and Builtins + - bpo-38156: Handle interrupts that come after EOF + correctly in PyOS_StdioReadline. + * Library + - bpo-41497: Fix potential UnicodeDecodeError in dis + module. + - bpo-41490: Update ensurepip to install pip 20.2.1 and + setuptools 49.2.1. + - bpo-41467: On Windows, fix asyncio recv_into() return + value when the socket/pipe is closed (BrokenPipeError): + return 0 rather than an empty byte string (b''). + - bpo-41425: Make tkinter doc example runnable. + - bpo-41384: Raise TclError instead of TypeError when an + unknown option is passed to tkinter.OptionMenu. + - bpo-38731: Fix NameError in command-line interface of + py_compile. + - bpo-41317: Use add_done_callback() in + asyncio.loop.sock_accept() to unsubscribe reader early on + cancellation. + - bpo-41364: Reduce import overhead of uuid. + - bpo-41341: Recursive evaluation of typing.ForwardRef in + get_type_hints. + - bpo-41182: selector: use DefaultSelector based upon + implementation + - bpo-40726: Handle cases where the end_lineno is None on + ast.increment_lineno(). + * Documentation + - bpo-41045: Add documentation for debug feature of + f-strings. + - bpo-41314: Changed the release when from __future__ + import annotations becomes the default from 4.0 to 3.10 + (following a change in PEP 563). + * Windows + - bpo-41492: Fixes the description that appears in UAC + prompts. + - bpo-40948: Improve post-install message to direct people + to the “py” command. + - bpo-41412: The installer will now fail to install on + Windows 7 and Windows 8. Further, the UCRT dependency is + now always downloaded on demand. + - bpo-40741: Update Windows release to include SQLite + 3.32.3. + * IDLE + - bpo-41468: Improve IDLE run crash error message (which + users should never see). + - bpo-41373: Save files loaded with no line ending, as when + blank, or different line endings, by setting its line + ending to the system default. Fix regression in 3.8.4 and + 3.9.0b4. + +------------------------------------------------------------------- +Tue Sep 1 10:15:06 UTC 2020 - Matej Cepl + +- Synchronize formatting and fixes with python38. + +------------------------------------------------------------------- +Thu Aug 20 15:41:28 UTC 2020 - Andreas Schwab + +- Increase testsuite timeout to account for super long running + test_peg_generator + +------------------------------------------------------------------- +Tue Jul 21 09:53:06 UTC 2020 - Callum Farmer + +- Removed CVE-2019-20907_tarfile-inf-loop.patch: fixed in upstream +- Removed recursion.tar: contained in upstream +- Update to 3.9.0b5: + - bpo-41304: Fixes python3x._pth being ignored on Windows, caused + by the fix for bpo-29778 (CVE-2020-15801). + - bpo-41162: Audit hooks are now cleared later during + finalization to avoid missing events. + - bpo-29778: Ensure python3.dll is loaded from correct locations + when Python is embedded (CVE-2020-15523). + - bpo-39603: Prevent http header injection by rejecting control + characters in http.client.putrequest(…). + - bpo-41295: Resolve a regression in CPython 3.8.4 where defining + “__setattr__” in a multi-inheritance setup and + calling up the hierarchy chain could fail if builtins/extension + types were involved in the base types. + - bpo-41247: Always cache the running loop holder when running + asyncio.set_running_loop. + - bpo-41252: Fix incorrect refcounting in + _ssl.c’s _servername_callback(). + - bpo-41215: Use non-NULL default values in the PEG parser + keyword list to overcome a bug that was ' + preventing Python from being properly compiled when using the + XLC compiler. Patch by Pablo Galindo. + - bpo-41218: Python 3.8.3 had a regression where compiling with + ast.PyCF_ALLOW_TOP_LEVEL_AWAIT would + aggressively mark list comprehension with CO_COROUTINE. Now only + list comprehension making use of async/await will tagged as so. + - bpo-41175: Guard against a NULL pointer dereference within + bytearrayobject triggered by the bytearray() + bytearray() operation. + - bpo-39960: The “hackcheck” that prevents sneaking around a type’s + __setattr__() by calling the superclass method was + rewritten to allow C implemented heap types. + - bpo-41288: Unpickling invalid NEWOBJ_EX opcode with the + C implementation raises now UnpicklingError instead of crashing. + - bpo-39017: Avoid infinite loop when reading specially crafted + TAR files using the tarfile module (CVE-2019-20907, bsc#1174091). + - bpo-41235: Fix the error handling in ssl.SSLContext.load_dh_params(). + - bpo-41207: In distutils.spawn, restore expectation that + DistutilsExecError is raised when the command is not found. + - bpo-39168: Remove the __new__ method of typing.Generic. + - bpo-41194: Fix a crash in the _ast module: it can no longer be + loaded more than once. It now uses a global state rather than a module state. + - bpo-39384: Fixed email.contentmanager to allow set_content() to set a + null string. + - bpo-41300: Save files with non-ascii chars. + Fix regression released in 3.9.0b4 and 3.8.4. + - bpo-37765: Add keywords to module name completion list. + Rewrite Completions section of IDLE doc. + - bpo-40170: Revert PyType_HasFeature() change: it reads + again directly the PyTypeObject.tp_flags + member when the limited C API is not used, rather than always calling + PyType_GetFlags() which hides implementation details. + +------------------------------------------------------------------- +Mon Jul 20 12:06:41 UTC 2020 - Matej Cepl + +- Add CVE-2019-20907_tarfile-inf-loop.patch fixing bsc#1174091 + (CVE-2019-20907, bpo#39017) avoiding possible infinite loop + in specifically crafted tarball. + Add recursion.tar as a testing tarball for the patch. + +------------------------------------------------------------------- +Fri Jul 17 07:07:19 UTC 2020 - Callum Farmer + +- Changed bpo-31046_ensurepip_honours_prefix.patch to include fix from py3.8 + +------------------------------------------------------------------- +Thu Jul 16 21:45:50 UTC 2020 - Callum Farmer + +- Spec file fixes +- Re-added subprocess-raise-timeout.patch: now compatible +- Removed bpo34022-stop_hash-based_invalidation_w_SOURCE_DATE_EPOCH.patch: contained in upstream + +------------------------------------------------------------------- +Wed Jul 15 09:10:42 UTC 2020 - Tomáš Chvátal + +- Fix minor issues found in the staging. + +------------------------------------------------------------------- +Wed Jul 15 06:13:33 UTC 2020 - Tomáš Chvátal + +- Do not set ourselves as primary interpreter + +------------------------------------------------------------------- +Tue Jul 14 20:45:11 UTC 2020 - Matej Cepl + +- Update to 3.9.0b4: + - PEP 584, Union Operators in dict + - PEP 585, Type Hinting Generics In Standard Collections + - PEP 593, Flexible function and variable annotations + - PEP 602, Python adopts a stable annual release cadence + - PEP 615, Support for the IANA Time Zone Database in the + Standard Library + - PEP 616, String methods to remove prefixes and suffixes + - PEP 617, New PEG parser for CPython + - bpo#38379, garbage collection does not block on resurrected + objects; + - bpo#38692, os.pidfd_open added that allows process + management without races and signals; + - bpo#39926, Unicode support updated to version 13.0.0; + - bpo#1635741, when Python is initialized multiple times in + the same process, it does not leak memory anymore; + - A number of Python builtins (range, tuple, set, frozenset, + list, dict) are now sped up using PEP 590 vectorcall; + - A number of Python modules (_abc, audioop, _bz2, _codecs, + _contextvars, _crypt, _functools, _json, _locale, operator, + resource, time, _weakref) now use multiphase initialization + as defined by PEP 489; + - A number of standard library modules (audioop, ast, grp, + _hashlib, pwd, _posixsubprocess, random, select, struct, + termios, zlib) are now using the stable ABI defined by + PEP 384. +- Remove upstreamed patches: + - F00102-lib64.patch + - SUSE-FEDORA-multilib.patch + - OBS_dev-shm.patch + - subprocess-raise-timeout.patch + - bpo36302-sort-module-sources.patch + - bpo40784-Fix-sqlite3-deterministic-test.patch + +------------------------------------------------------------------- +Fri Jul 10 10:55:15 UTC 2020 - Tomáš Chvátal + +- Update pre_checkin.sh and regenerate + +------------------------------------------------------------------- +Fri Jul 10 10:11:39 UTC 2020 - Tomáš Chvátal + +- Convert few dependencies to their pkgconfig counterparts + +------------------------------------------------------------------- +Fri Jul 10 10:08:48 UTC 2020 - Tomáš Chvátal + +- Remove release requirement on libpython, it is not really needed + to be equal as the abi changes with versions + +------------------------------------------------------------------- +Fri Jul 10 10:07:50 UTC 2020 - Tomáš Chvátal + +- Add provides python3-bla on all the subpkgs in case we are + primary provider of the functionality + +------------------------------------------------------------------- +Fri Jul 10 10:02:01 UTC 2020 - Tomáš Chvátal + +- Remove unversioned files from devel subpkg too +- Remove main python3 files from -base based whether we are + primary interpreter or not +- Fix idle to be co-installable +- Add condition to be primary to provide/obsolete python3-* +- Fix doc to build in versioned folder so the pythons can be + installed next to each other + +------------------------------------------------------------------- +Fri Jul 10 07:57:10 UTC 2020 - Tomáš Chvátal + +- Revert the full versioning of calls on the macros. These + are generic so they should really just call python3 X + +------------------------------------------------------------------- +Fri Jul 10 07:56:11 UTC 2020 - Tomáš Chvátal + +- For the doc package we can build with generic flavor, we don't + need the our-interpreter based one + +------------------------------------------------------------------- +Fri Jul 10 07:18:53 UTC 2020 - Tomáš Chvátal + +- Add provides for pytohn3X-typing/etc to allow BR on those still + to work when needed + +------------------------------------------------------------------- +Fri Jul 10 07:14:33 UTC 2020 - Tomáš Chvátal + +- Change macros.python3 to use full versioned 3.8 instead of just 3 + for python interpreter + +------------------------------------------------------------------- +Wed Jul 1 11:50:19 UTC 2020 - Tomáš Chvátal + +- Reduce some now unused conditionals + +------------------------------------------------------------------- +Wed Jul 1 11:00:40 UTC 2020 - Tomáš Chvátal + +- Redux the -base dependencies to match up pre-merge layout + +------------------------------------------------------------------- +Wed Jul 1 09:24:39 UTC 2020 - Tomáš Chvátal + +- Generate baselibs in pre-checkin too + +------------------------------------------------------------------- +Wed Jul 1 09:14:33 UTC 2020 - Tomáš Chvátal + +- Generate the importlib-failed using pre_checking again +- Add back the information about skipped tests on the pre_checkin + output + +------------------------------------------------------------------- +Tue Jun 30 07:11:19 UTC 2020 - Tomáš Chvátal + +- Use %python_pkg_name instead of hardcoding python3 where + applicable +- Sort out preamble with spec-cleaner + +------------------------------------------------------------------- +Mon Jun 29 14:36:10 UTC 2020 - Matej Cepl + +- Calculate required variables instead of relying on their continuous manual update + +------------------------------------------------------------------- +Thu Jun 25 10:44:08 UTC 2020 - Tomáš Chvátal + +- Fix the -base module build again to generate only the deps + we need + +------------------------------------------------------------------- +Wed Jun 17 18:42:51 UTC 2020 - Matej Cepl + +- Replace OBS_dev-shm.patch with the upstream PR#20944 + +------------------------------------------------------------------- +Thu Jun 10 14:30:15 UTC 2020 - Tomáš Chvátal + +- Use the %{python_pkg_name} on more places to allow easier + multiversioning +- Switch to _multibuild approach for easier maintenance of this + package. All is now in one spec file with 3 conditionals: + * bcond_with base + * bcond_with doc + * bcond_with general + +------------------------------------------------------------------- +Mon Jun 8 14:26:00 UTC 2020 - Matej Cepl + +- add requires python3-base on libpython subpackage (bsc#1167008) + +------------------------------------------------------------------- +Fri Jun 5 06:08:12 UTC 2020 - Dirk Mueller + +- build against Sphinx 2.x until python is compatible with + Sphinx 3.x (see gh#python/cpython#19397, bpo#40204) + +------------------------------------------------------------------- +Fri May 29 19:59:01 UTC 2020 - Andreas Stieger + +- Fix build with SQLite 3.32 (bpo#40783) + add bpo40784-Fix-sqlite3-deterministic-test.patch + +------------------------------------------------------------------- +Sun May 17 15:37:35 UTC 2020 - Callum Farmer + +- Update to version 3.8.3: + - Complete list of changes is available at + https://docs.python.org/release/3.8.3/whatsnew/changelog.html#python-3-8-3-final, + but most of them are just bugfixes. + - Removed patch CVE-2020-8492-urllib-ReDoS.patch: contained in upstream + +------------------------------------------------------------------- +Thu Apr 16 12:06:01 UTC 2020 - Matej Cepl + +- Add #!BuildIgnore: gdk-pixbuf-loader-rsvg to python3 SPEC + +------------------------------------------------------------------- +Thu Mar 26 15:36:55 UTC 2020 - Matej Cepl + +- Add patch bsc1167501-invalid-alignment.patch + (bsc#1167501, bpo#40052) to fix alignment in abstract.h header file. + +------------------------------------------------------------------- +Wed Mar 11 11:09:41 UTC 2020 - Andreas Schwab + +- Update list of skipped tests for qemu linux-user build, test_setegid + (test.test_os.PosixUidGidTests) is confusing it + +------------------------------------------------------------------- +Thu Mar 5 18:40:29 UTC 2020 - Matej Cepl + +- Update to 3.8.2: + - Complete list of changes is available at + https://docs.python.org/release/3.8.2/whatsnew/changelog.html#python-3-8-2-final, + but most of them are just bugfixes. + - Updated patches: + - F00102-lib64.patch + - OBS_dev-shm.patch + - SUSE-FEDORA-multilib.patch + - subprocess-raise-timeout.patch + +------------------------------------------------------------------- +Sun Feb 9 00:14:24 CET 2020 - Matej Cepl + +- Add CVE-2020-8492-urllib-ReDoS.patch fixing the security bug + "Python urrlib allowed an HTTP server to conduct Regular + Expression Denial of Service (ReDoS)" (bsc#1162367) + +------------------------------------------------------------------- +Sat Feb 8 22:21:10 CET 2020 - Matej Cepl + +- Add Requires: libpython%{so_version} == %{version}-%{release} + to python3-base to keep both packages always synchronized + (bsc#1162224). + +------------------------------------------------------------------- +Mon Feb 3 20:27:54 UTC 2020 - Tomáš Chvátal + +- Do not pull in bluez in base again, explain the cycle, + it needs to be solved by bluez maintainer for us by providing + just the headers separately + +------------------------------------------------------------------- +Mon Feb 3 19:54:25 UTC 2020 - Tomáš Chvátal + +- Reame idle icons to idle3 in order to not conflict with python2 + variant of the package + * renamed the icons + * renamed icon load in desktop file + +------------------------------------------------------------------- +Thu Jan 16 09:50:03 UTC 2020 - Tomáš Chvátal + +- Add importlib_resources provide/obsolete as it is integral + part of the lang since 3.7 release + +------------------------------------------------------------------- +Mon Jan 13 11:10:47 UTC 2020 - Martin Liška + +- Add -fno-semantic-interposition as it brings speed up: + https://fedoraproject.org/wiki/Changes/PythonNoSemanticInterpositionSpeedup + +------------------------------------------------------------------- +Thu Dec 19 16:25:26 CET 2019 - Matej Cepl + +- Update to 3.8.1: + - This is mainly bugfix release and no significant changes to + API are expected. The full changelog is available on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-1 + - Remove bpo-38688_shutil.copytree_prevent-infinite-recursion.patch, + which is included in the upstream tarball. + +------------------------------------------------------------------- +Thu Dec 19 14:57:32 CET 2019 - Matej Cepl + +- Add bpo-31046_ensurepip_honours_prefix.patch which makes + ensurepip to honour the value of $(prefix). Proposed fix for + bpo#31046.. + +------------------------------------------------------------------- +Tue Dec 10 11:07:16 UTC 2019 - Tomáš Chvátal + +- Move bluez-devel dependency to base as it is needed for + socket.AF_BLUETOOTH and otherwise does not work + +------------------------------------------------------------------- +Mon Dec 2 16:52:32 CET 2019 - Matej Cepl + +- Reintroduce QtHelp with the help of the new BR + python-sphinxcontrib-qthelp. + +------------------------------------------------------------------- +Mon Oct 21 18:51:00 UTC 2019 - Stefan Brüns + +- Fix SUSE-FEDORA-multilib.patch, the platform agnostic infix for + library installation is "lib", not "dir". + +------------------------------------------------------------------- +Thu Oct 17 14:19:20 UTC 2019 - Stefan Brüns + +- Move idle subpackage build from python3-base to python3. + appstream-glib required for packaging introduces considerable + extra dependencies and a build loop via rust/librsvg. +- Correct installation of idle IDE icons: + + idle.png is not the target directory + + non-GNOME-specific icons belong into icons/hicolor +- Add required Name key to idle3 desktop file + +------------------------------------------------------------------- +Tue Oct 15 16:39:12 CEST 2019 - Matej Cepl + +- Update to the final release 3.8.0. . + - New Features: + - Assignment expressions + - Positional-only parameters + - Parallel filesystem cache for compiled bytecode files + - Debug build uses the same ABI as release build + - f-strings support = for self-documenting expressions and + debugging + - PEP 578: Python Runtime Audit Hooks + - PEP 587: Python Initialization Configuration + - Vectorcall: a fast calling protocol for CPython + - Pickle protocol 5 with out-of-band data buffers + - New modules: + - importlib.metadata + - Improved modules: + - ast asyncio, builtins, collections, curses, ctypes, + datetime, functools, gc, gettext, gzip, idelib and IDLE, + inspect, io, json.tool, math, mmap, multiprocessing, os, + os.path, pathlib, pickle, plistlib, py_compile, shlex, + shutil, socket, ssl, statistics, sys, tarfile, threading, + tokenize, tkinter, time, typing, unicodedata, unittest, + venv, weakref, xml + - C API improvements + - bdist_winnst command has been deprecated (use bdist_wheel) +- https://docs.python.org/3.8/whatsnew/3.8.html remains rest of + changes including documentation on how to port your programs to + the current version of Python. + +------------------------------------------------------------------- +Mon Oct 14 15:02:08 CEST 2019 - Matej Cepl + +- Add idle3.appdata.xml and idle3.desktop (originally from + Fedora) to make Idle3 full GUI desktop application. + (bsc#1153830) + +------------------------------------------------------------------- +Wed Oct 9 19:09:16 UTC 2019 - Michael Gorse + +- Drop intltool from BuildRequires. Doesn't appear to be used. + +------------------------------------------------------------------- +Wed Oct 9 10:37:59 UTC 2019 - Tomáš Chvátal + +- Add folder version to allow tarball downloads even for beta/rc + releases + +------------------------------------------------------------------- +Tue Oct 8 14:53:54 CEST 2019 - Matej Cepl + +- Revert patches from Fedora (F00102-lib64.patch and + F00251-change-user-install-location.patch) into their original + prisitine Fedora versions, SUSE-FEDORA-multilib.patch refreshed + accordingly. + +------------------------------------------------------------------- +Mon Oct 7 14:33:30 UTC 2019 - Matej Cepl + +- Correct quotation of platsubdir in Lib/distutils/command/install.py + +------------------------------------------------------------------- +Thu Oct 3 13:59:57 CEST 2019 - Matej Cepl + +- Replace python-3.6.0-multilib.patch with two patches from + Fedora (F00102-lib64.patch and + F00251-change-user-install-location.patch), and our own + SUSE-FEDORA-multilib.patch to allow better cooperation with + Fedora and better upstreaming. +- Add OBS_dev-shm.patch fixing bpo#38377 + +------------------------------------------------------------------- +Thu Oct 3 08:39:18 UTC 2019 - Tomáš Chvátal + +- Pull in just gettext and let solver to sort out between: + gettext-runtime-mini and gettext-runtime + +------------------------------------------------------------------- +Wed Oct 2 15:00:09 CEST 2019 - Matej Cepl + +- Update to 3.8.0rc1. Overall changes from 3.7: + - PEP 572, Assignment expressions + - PEP 570, Positional-only arguments + - PEP 587, Python Initialization Configuration (improved + embedding) + - PEP 590, Vectorcall: a fast calling protocol for CPython + - PEP 578, Runtime audit hooks + - PEP 574, Pickle protocol 5 with out-of-band data + - Typing-related: PEP 591 (Final qualifier), PEP 586 (Literal + types), and PEP 589 (TypedDict) + - Parallel filesystem cache for compiled bytecode + - Debug builds share ABI as release builds, also the 'm' ABI + tag was removed (irrelevant since 3.4), bpo#36707 + - f-strings support a handy = specifier for debugging + - continue is now legal in finally: blocks + - on Windows, the default asyncio event loop is now + ProactorEventLoop + - on macOS, the spawn start method is now used by default in + multiprocessing + - multiprocessing can now use shared memory segments to avoid + pickling costs between processes + - typed_ast is merged back to CPython + - LOAD_GLOBAL is now 40% faster + - pickle now uses Protocol 4 by default, improving performance +- Refreshed patches: + - CVE-2019-5010-null-defer-x509-cert-DOS.patch + - python-3.3.0b1-fix_date_time_compiler.patch + - python-3.6.0-multilib.patch + - subprocess-raise-timeout.patch + +------------------------------------------------------------------- +Wed Sep 25 09:46:41 UTC 2019 - Bernhard Wiedemann + +- Add bpo36302-sort-module-sources.patch (boo#1041090) + +------------------------------------------------------------------- +Tue Sep 10 13:43:18 UTC 2019 - Tomáš Chvátal + +- Try harder obsoleting importlib-metadata + +------------------------------------------------------------------- +Sat Aug 31 00:16:47 CEST 2019 - Matej Cepl + +- Update to 3.8.0b4: + Many bugfixes, full list on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-0-beta-4 + +------------------------------------------------------------------- +Thu Aug 29 06:28:15 UTC 2019 - Guillaume GARDET + +- Re-enable test_threading on aarch64 + +------------------------------------------------------------------- +Sat Aug 17 13:21:15 UTC 2019 - John Vandenberg + +- Remove xrpm from subpackage tk description + +------------------------------------------------------------------- +Tue Aug 6 14:24:55 CEST 2019 - Matej Cepl + +- Update to 3.8.0b3: + Many bugfixes, full list on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-0-beta-3 +- Patches reapplied: + - python-3.3.0b1-fix_date_time_compiler.patch + - python-3.3.0b1-test-posix_fadvise.patch + - python-3.6.0-multilib.patch + - subprocess-raise-timeout.patch + +------------------------------------------------------------------- +Tue Jul 23 13:20:49 UTC 2019 - Matej Cepl + +- Add Provides: python3-importlib-metadata + +------------------------------------------------------------------- +Sun Jul 7 19:08:48 CEST 2019 - Matej Cepl + +- Update to 3.8.0b2: + Many bugfixes, full list on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-0-beta-2 +- Patches included in upstream: + - bpo-37169_PyObject_IsFreed.patch +- Patches reapplied: + - 00251-change-user-install-location.patch + - distutils-reproducible-compile.patch + - python-3.3.0b1-localpath.patch + - python-3.6.0-multilib.patch + +------------------------------------------------------------------- +Tue Jul 2 09:03:04 UTC 2019 - Andreas Schwab + +- Update list of skipped tests for qemu linux-user build +- Don't do profiling in qemu linux-user build + +------------------------------------------------------------------- +Wed Jun 5 12:19:09 CEST 2019 - Matej Cepl + +- Update to 3.8.0b1 (changes since 3.7.*): + - PEP 572, Assignment expressions + - PEP 570, Positional-only arguments + - PEP 587, Python Initialization Configuration (improved embedding) + - PEP 590, Vectorcall: a fast calling protocol for CPython + - PEP 578, Runtime audit hooks + - PEP 574, Pickle protocol 5 with out-of-band data + - Typing-related: PEP 591 (Final qualifier), PEP 586 (Literal + types), and PEP 589 (TypedDict) + - Parallel filesystem cache for compiled bytecode + - Debug builds share ABI as release builds + - f-strings support a handy = specifier for debugging + - continue is now legal in finally: blocks + - multiprocessing can now use shared memory segments to avoid + pickling costs between processes + - typed_ast is merged back to CPython + - LOAD_GLOBAL is now 40% faster + - pickle now uses Protocol 4 by default, improving performance +- Remove patches which were included in the upstream: + - 00251-change-user-install-location.patch + - 00316-mark-bdist_wininst-unsupported.patch + - CVE-2019-9947-no-ctrl-char-http.patch + - raise_SIGING_not_handled.patch + +------------------------------------------------------------------- +Wed May 22 10:53:03 UTC 2019 - Martin Liška + +- Set _lto_cflags to nil as the package is using LTO via --enable-lto. + That will prevent to propage LTO for Python modules that are + built in a separate package. + +------------------------------------------------------------------- +Sat May 4 21:29:20 CEST 2019 - Matej Cepl + +- Update to 3.8.0.a3: + - PEP 572: Assignment Expressions. + - Other (mostly small) changes are on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-0-alpha-3 + +------------------------------------------------------------------- +Mon Apr 29 15:40:34 CEST 2019 - Matej Cepl + +- bsc#1130840 (CVE-2019-9947): add CVE-2019-9947-no-ctrl-char-http.patch + Address the issue by disallowing URL paths with embedded + whitespace or control characters through into the underlying + http client request. Such potentially malicious header + injection URLs now cause a ValueError to be raised. + +------------------------------------------------------------------- +Wed Apr 10 10:22:58 CEST 2019 - Matej Cepl + +- Fix metadata of patches. +- Rename boo1071941-make-install-in-sep-loc.patch to + 00251-change-user-install-location.patch which is the original + name, so it can be looked up in the Fedora VCS. + +------------------------------------------------------------------- +Tue Apr 9 04:55:24 UTC 2019 - John Vandenberg + +- Mark distutils bdist_wininst command unsupported + with 00316-mark-bdist_wininst-unsupported.patch +- Remove Windows bdist_wininst executables from runtime package + +------------------------------------------------------------------- +Tue Apr 9 01:21:45 CEST 2019 - Matej Cepl + +- Update to 3.7.3, which is the maintenance release without any + significant changes in API. + - Updated patches: + - CVE-2019-5010-null-defer-x509-cert-DOS.patch + - distutils-reproducible-compile.patch + - python-3.3.0b1-fix_date_time_compiler.patch + - python-3.6.0-multilib.patch + - raise_SIGING_not_handled.patch + +------------------------------------------------------------------ +Wed Mar 20 14:59:58 UTC 2019 - Matěj Cepl + +- Remove building of Qt Develop help files. + +------------------------------------------------------------------- +Fri Mar 15 15:10:30 CET 2019 - Matej Cepl + +- Return distutils-reproducible-compile.patch which is still + missing (still unfinished bpo#29708). + +------------------------------------------------------------------- +Mon Feb 25 23:30:56 CET 2019 - Matej Cepl + +- Update to 3.8.0a2: + * List of all (mostly small) changes are on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-0-alpha-2 + +------------------------------------------------------------------- +Tue Feb 12 10:25:52 CET 2019 - Matej Cepl + +- Build nis module again. + +------------------------------------------------------------------- +Tue Feb 12 10:06:17 CET 2019 - Matej Cepl + +- Update to 3.8.0a1: + * The most visible change so far is probably the + implementation of PEP 572: Assignment Expressions. For + a detailed list of changes, see: + https://docs.python.org/3.8/whatsnew/changelog.html + * Recover building of nis module properly in python3 package +- Update patches: + * CVE-2019-5010-null-defer-x509-cert-DOS.patch + * python-3.3.0b1-fix_date_time_compiler.patch + * python-3.3.0b1-test-posix_fadvise.patch + * python-3.6.0-multilib.patch + * raise_SIGING_not_handled.patch + +------------------------------------------------------------------- +Wed Jan 30 18:07:49 CET 2019 - mcepl@suse.com + +- Put LICENSE file where it belongs (bsc#1121852) + +------------------------------------------------------------------- +Sat Jan 19 16:19:38 CET 2019 - mcepl@suse.com + +- bsc#1122191: add CVE-2019-5010-null-defer-x509-cert-DOS.patch + fixing bpo-35746. + An exploitable denial-of-service vulnerability exists in the + X509 certificate parser of Python.org Python 2.7.11 / 3.7.2. + A specially crafted X509 certificate can cause a NULL pointer + dereference, resulting in a denial of service. An attacker can + initiate or accept TLS connections using crafted certificates + to trigger this vulnerability. + +------------------------------------------------------------------- +Tue Jan 8 12:51:01 UTC 2019 - Tomáš Chvátal + +- Do not require full gettext in order to avoid pulling in the + glib2 as a dependency + +------------------------------------------------------------------- +Tue Jan 8 12:25:27 UTC 2019 - Tomáš Chvátal + +- Update to 3.7.2: + * bugfix release: + https://docs.python.org/3.7/whatsnew/changelog.html#changelog + +------------------------------------------------------------------- +Wed Jan 2 12:51:48 CET 2019 - mcepl@suse.com + +- Stop applying python-3.6.0-multilib-new.patch (which is still + WIP), and apply the old proven python-3.6.0-multilib.patch + instead. + +------------------------------------------------------------------- +Wed Dec 19 19:29:44 UTC 2018 - Todd R + +- Use upstream-recommended %{_rpmconfigdir}/macros.d directory + for the rpm macros. + +------------------------------------------------------------------- +Mon Dec 17 17:24:49 CET 2018 - mcepl@suse.com + +- Upgrade to 3.7.2rc1: + * bugfix release, for the full list of all changes see + https://docs.python.org/3.7/whatsnew/changelog.html#changelog +- Make run of the test suite more verbose + +------------------------------------------------------------------- +Tue Dec 11 01:52:45 UTC 2018 - Jan Engelhardt + +- Write summaries without em dashes. + +------------------------------------------------------------------- +Mon Dec 3 13:27:54 UTC 2018 - Matěj Cepl + +- Remove python-3.3.0b1-curses-panel.patch it is unnecessary anymore. +- Add boo1071941-make-install-in-sep-loc.patch to make pip and + distutils in user environment install into separate location + (boo#1071941) + + Set values of prefix and exec_prefix in distutils install + command to /usr/local if executable is /usr/bin/python* and RPM + build is not detected to make pip and distutils install into + separate location +- Remove finally python-3.3.3-skip-distutils-test_sysconfig_module.patch +- Remove distutils-reproducible-compile.patch which doesn't make + really much difference in reproducibility (see + gh#python/cpython#8057 and discussion there). + +------------------------------------------------------------------- +Sat Dec 1 00:14:28 CET 2018 - mcepl@suse.com + +- Rename Stop_hash-based_invalidation_w_SOURCE_DATE_EPOCH.patch + to bpo34022-stop_hash-based_invalidation_w_SOURCE_DATE_EPOCH.patch + +------------------------------------------------------------------- +Wed Nov 7 12:10:41 CET 2018 - mcepl@suse.com + +- Add dependency on bluez-devel to build support for Bluetooth + (boo#1109998) + +------------------------------------------------------------------- +Tue Nov 6 13:52:45 CET 2018 - mcepl@suse.com + +- Add devhelp subpackage and split qthelp into another + subpackage. + +------------------------------------------------------------------- +Wed Oct 24 12:38:00 UTC 2018 - Matěj Cepl + +- Remove python-3.0b1-record-rpm.patch and + Python-3.0b1-record-rpm.patch, as they are not needed anymore + +------------------------------------------------------------------- +Tue Oct 23 14:14:16 UTC 2018 - Matej Cepl + +- Switch off test_threading for optimization builds. + +------------------------------------------------------------------- +Mon Oct 22 14:41:59 CEST 2018 - mcepl@suse.com + +- Update to python-3.7.1. This is just a brief overview, complete + changelog available at + https://docs.python.org/3.7/whatsnew/changelog.html#python-3-7-1-final: + Library + bpo-34970: Protect tasks weak set manipulation in asyncio.all_tasks() +- Patches already accepted upstream are removed: + * 00307-allow-to-call-Py_Main-after-Py_Initialize.patch + * 00308-tls-1.3.patch +- New patches added: + * Stop_hash-based_invalidation_w_SOURCE_DATE_EPOCH.patch + * raise_SIGING_not_handled.patch +- All other patches refreshed via quilt. + +------------------------------------------------------------------- +Mon Oct 22 12:22:19 UTC 2018 - Matej Cepl + +- Add raise_SIGING_not_handled.patch to fix bsc#1094814 + +------------------------------------------------------------------- +Wed Oct 17 14:04:35 UTC 2018 - Tomáš Chvátal + +- Add patch to fix importlib return types: + * python3-imp-returntype.patch + +------------------------------------------------------------------- +Mon Oct 15 13:46:32 CEST 2018 - mcepl@suse.com + +- bpo-34022 still not completely fixed, so we have to keep + excluding test_cmd_line_script, + test_multiprocessing_main_handling, and test_runpy from the + test suite. + +------------------------------------------------------------------- +Sun Oct 14 15:57:24 UTC 2018 - Matej Cepl + +- Update to python 3.7.1~rc2: + Core and Builtins + bpo-34879: Fix a possible null pointer dereference in + bytesobject.c. Patch by Zackery Spytz. + bpo-34854: Fixed a crash in compiling string annotations + containing a lambda with a keyword-only argument that + doesn’t have a default value. + bpo-34320: Fix dict(od) didn’t copy iteration order of + OrderedDict. + Library + bpo-34769: Fix for async generators not finalizing when event + loop is in debug mode and garbage collector runs in another + thread. + bpo-34922: Fixed integer overflow in the digest() and + hexdigest() methods for the SHAKE algorithm in the hashlib + module. + bpo-34900: Fixed unittest.TestCase.debug() when used to call + test methods with subtests. Patch by Bruno Oliveira. + bpo-34871: Fix inspect module polluted sys.modules when parsing + __text_signature__ of callable. + bpo-34872: Fix self-cancellation in C implementation of + asyncio.Task + bpo-34819: Use a monotonic clock to compute timeouts in + Executor.map() and as_completed(), in order to prevent + timeouts from deviating when the system clock is adjusted. + bpo-34334: In QueueHandler, clear exc_text from LogRecord to + prevent traceback from being written twice. + bpo-6721: Acquire the logging module’s commonly used internal + locks while fork()ing to avoid deadlocks in the child + process. + bpo-34172: Fix a reference issue inside multiprocessing.Pool + that caused the pool to remain alive if it was deleted + without being closed or terminated explicitly. + Documentation + bpo-32174: chm document displays non-ASCII charaters properly on + some MBCS Windows systems. + Tests + bpo-32962: Fixed test_gdb when Python is compiled with flags + -mcet -fcf-protection -O0. + C API + bpo-34910: Ensure that PyObject_Print() always returns -1 on + error. Patch by Zackery Spytz. + +------------------------------------------------------------------- +Fri Oct 12 20:46:58 CEST 2018 - mcepl@suse.com + +- Add Stop_hash-based_invalidation_w_SOURCE_DATE_EPOCH.patch to + fix problems with SOURCE_DATE_EPOCH variable (bpo-34022) + +------------------------------------------------------------------- +Mon Sep 17 09:44:02 UTC 2018 - Tomáš Chvátal + +- Add patch to fix build with tls1.3 supported openssl + * 00308-tls-1.3.patch +- Add patch to fix Py_Main calls after Py_initialize + * 00307-allow-to-call-Py_Main-after-Py_Initialize.patch + +------------------------------------------------------------------- +Mon Sep 3 15:22:42 UTC 2018 - Matěj Cepl + +- Add -fwrapv to OPTS, which is default for python3 anyway + See for example https://github.com/zopefoundation/persistent/issues/86 + for bugs which are caused by avoiding it. + +------------------------------------------------------------------- +Tue Jul 10 11:12:32 UTC 2018 - mcepl@suse.com + +- Fix ownership of _contextvars, _queue, and _xxtestfuzz + +------------------------------------------------------------------- +Tue Jul 3 15:04:48 UTC 2018 - mcepl@suse.com + +- Switch off LTO for distros with older GCC +- Fix %files + +------------------------------------------------------------------- +Fri Jun 29 14:20:03 UTC 2018 - tchvatal@suse.com + +- Add dependency over libuuid-devel + +------------------------------------------------------------------- +Thu Jun 28 10:42:15 UTC 2018 - mimi.vx@gmail.com + +- update to python 3.7.0 + Complete overview of changes is available on + https://docs.python.org/3/whatsnew/3.7.html, these are just + highlights: + * PEP 563, postponed evaluation of type annotations. + * async and await are now reserved keywords. + * New library modules: + contextvars: PEP 567 – Context Variables + dataclasses: PEP 557 – Data Classes + importlib.resources + * New built-in features: + PEP 553, the new breakpoint() function. + * Python data model improvements: + PEP 562, customization of access to module attributes. + PEP 560, core support for typing module and generic types. + the insertion-order preservation nature of dict objects + has been declared to be an official part of the Python + language spec. + * Significant improvements in the standard library: + The asyncio module has received new features, significant + usability and performance improvements. + The time module gained support for functions with + nanosecond resolution. + * CPython implementation improvements: + Avoiding the use of ASCII as a default text encoding: + PEP 538, legacy C locale coercion + PEP 540, forced UTF-8 runtime mode + PEP 552, deterministic .pycs + the new development runtime mode + PEP 565, improved DeprecationWarning handling + * C API improvements: + PEP 539, new C API for thread-local storage + * Documentation improvements: + PEP 545, Python documentation translations + New documentation translations: Japanese, French, and Korean. +- drop python3-sorted_tar.patch +- drop 0001-allow-for-reproducible-builds-of-python-packages.patch +- refresh python-3.6.0-multilib-new.patch +- refresh subprocess-raise-timeout.patch + * new C API for thread-local storage + * Deterministic pyc files + * Built-in breakpoint() + * Data Classes + * Core support for typing module and generic types + * Customization of access to module attributes + * Postponed evaluation of annotations + * Time functions with nanosecond resolution + * Improved DeprecationWarning handling + * Context Variables + * Avoiding the use of ASCII as a default text encoding + (PEP 538, legacy C locale coercion and PEP 540, forced UTF-8 runtime mode) + * The insertion-order preservation nature of dict objects is now + an official part of the Python language spec. + * Notable performance improvements in many areas. + +------------------------------------------------------------------- +Thu May 17 18:26:42 UTC 2018 - hpj@urpla.net + +- disable lto with gcc versions below 7 (results in link failures) + +------------------------------------------------------------------- +Mon Apr 30 15:23:24 UTC 2018 - jengelh@inai.de + +- Use faster find subcommand execution strategies. + +------------------------------------------------------------------- +Fri Apr 20 16:17:29 UTC 2018 - tchvatal@suse.com + +- Do not mention the testsuite disabling in opts as it was moved to + main pkg so base is test-free + +------------------------------------------------------------------- +Tue Apr 17 08:36:08 UTC 2018 - tchvatal@suse.com + +- As we run in main python package do not generate the pre_checkin + from both now + +------------------------------------------------------------------- +Mon Apr 16 14:11:56 UTC 2018 - tchvatal@suse.com + +- Move the tests from base to generic package wrt bsc#1088573 + * We still fail the whole distro if python3 is not build + * The other archs than x86_64 took couple of hours to unblock + build of other software, this way we work around the issue +- Some tests are still run in -base for the LTO tweaking, but at + least it is not run twice + +------------------------------------------------------------------- +Sat Mar 31 19:41:12 UTC 2018 - mimi.vx@gmail.com + +- update to 3.6.5 + * bugfix release + * see Misc/NEWS for details +- drop ctypes-pass-by-value.patch +- drop fix-localeconv-encoding-for-LC_NUMERIC.patch +- refresh python-3.6.0-multilib-new.patch + +------------------------------------------------------------------ +Wed Mar 7 09:16:39 UTC 2018 - adam@mizerski.pl + +- Created %so_major and %so_minor macros +- Put Tools/gdb/libpython.py script into proper place and ship it with devel + subpackage. + +------------------------------------------------------------------- +Tue Feb 20 15:04:56 UTC 2018 - schwab@suse.de + +- ctypes-pass-by-value.patch: Fix pass by value for structs on aarch64 + +------------------------------------------------------------------- +Tue Feb 20 14:28:00 UTC 2018 - bwiedemann@suse.com + +- Add python3-sorted_tar.patch (boo#1081750) + +------------------------------------------------------------------- +Tue Feb 20 14:08:57 UTC 2018 - tchvatal@suse.com + +- Drop python3-tk and python3-idle recommends to reduce python3 + always pulling X stack bsc#1081751 + +------------------------------------------------------------------- +Wed Feb 7 09:10:03 UTC 2018 - tchvatal@suse.com + +- Add patch to fix glibc 2.27 fail bsc#1079761: + * fix-localeconv-encoding-for-LC_NUMERIC.patch + +------------------------------------------------------------------- +Mon Feb 5 17:14:43 UTC 2018 - normand@linux.vnet.ibm.com + +- Update skip_random_failing_tests.patch (for PowerPC) + to avoid test_call_later failure + +------------------------------------------------------------------- +Wed Jan 24 14:35:58 UTC 2018 - jmatejek@suse.com + +- move XML modules and python3-xml provide to python3-base + (fixes bsc#1077230) +- move ensurepip to base + +------------------------------------------------------------------- +Thu Jan 18 12:31:47 UTC 2018 - normand@linux.vnet.ibm.com + +- Add skip_random_failing_tests.patch only for PowerPC + +------------------------------------------------------------------- +Wed Jan 3 12:18:51 UTC 2018 - jmatejek@suse.com + +- update to 3.6.4 + * bugfix release, over a hundred bugs fixed + * see Misc/NEWS for details +- drop upstreamed python3-ncurses-6.0-accessors.patch +- drop PYTHONSTARTUP hooks that cause spurious startup errors + * fixes bsc#1070738 + * the relevant feature (REPL history) is now built into Python itself + +------------------------------------------------------------------- +Sat Dec 2 11:11:46 UTC 2017 - dimstar@opensuse.org + +- Install 2to3-%{python_version} executable (override defattr of + the -tools package). 2to3 (unversioned) is a symlink and does not + carry permissions (bsc#1070853). + +------------------------------------------------------------------- +Thu Nov 16 11:02:18 UTC 2017 - mimi.vx@gmail.com + +- move 2to3 to python3-tools package + +------------------------------------------------------------------- +Wed Oct 11 13:15:23 UTC 2017 - jmatejek@suse.com + +- update to 3.6.3 + * bugfix release, over a hundred bugs fixed + * see Misc/NEWS for details +- drop upstreamed 0001-3.6-bpo-30714-ALPN-changes-for-OpenSSL-1.1.0f-3093.patch + +------------------------------------------------------------------- +Wed Sep 20 09:54:05 UTC 2017 - dmueller@suse.com + +- drop python-2.7-libffi-aarch64.patch: this patches the intree + copy of libffi which is unused/deleted in the line afterwards +- fix build against system libffi: include flags weren't set + so it actually used the in-tree libffi headers. + +------------------------------------------------------------------- +Thu Sep 14 13:23:10 UTC 2017 - vcizek@suse.com + +- Fix test broken with OpenSSL 1.1 (bsc#1042670) + * add 0001-3.6-bpo-30714-ALPN-changes-for-OpenSSL-1.1.0f-3093.patch + +------------------------------------------------------------------- +Tue Sep 5 11:47:05 UTC 2017 - jengelh@inai.de + +- Update RPM group for python documentation. + +------------------------------------------------------------------- +Thu Aug 31 08:39:31 UTC 2017 - schwab@suse.de + +- fix missing %{?armsuffix} + +------------------------------------------------------------------- +Wed Aug 30 13:41:38 UTC 2017 - jmatejek@suse.com + +- distutils-reproducible-compile.patch: ensure distutils order files + before compiling, which works around bsc#1049186 + +------------------------------------------------------------------- +Thu Aug 17 08:59:05 CEST 2017 - kukuk@suse.de + +- Add libnsl-devel build requires for glibc obsoleting libnsl + +------------------------------------------------------------------- +Thu Aug 3 16:09:26 UTC 2017 - jmatejek@suse.com + +- update to 3.6.2 + * bugfix release, over a hundred bugs fixed + * see Misc/NEWS for details +- drop upstreamed test-socket-aead-kernel49.patch +- add Provides: python3-typing (fixes bsc#1050653) +- drop duplicate Provides: python3 + +------------------------------------------------------------------- +Mon Jun 26 12:10:07 UTC 2017 - jmatejek@suse.com + +- drop db-devel from requirements + +------------------------------------------------------------------- +Tue Jun 20 09:26:52 UTC 2017 - asn@cryptomilk.org + +- Add missing link to python library in config dir (bsc#1040164) + +------------------------------------------------------------------- +Thu Mar 23 12:42:59 UTC 2017 - jmatejek@suse.com + +- update to 3.6.1 + * bugfix release, over a hundred bugs fixed + * never add import location's parent directory to sys.path + * switch to git for version control, build changes related to that + * fix "failed to get random numbers" on old kernels (bsc#1029902) + * several crashes and memory leaks corrected + * f-string are no longer accepted as docstrings + +------------------------------------------------------------------- +Mon Mar 13 14:04:22 UTC 2017 - jmatejek@suse.com + +- prevent regenerating AST at build-time more robustly +- add "--without profileopt" and "--without testsuite" options to python3-base + to allow short circuiting when working on the package + +------------------------------------------------------------------- +Sat Feb 25 20:55:57 UTC 2017 - bwiedemann@suse.com + +- Add 0001-allow-for-reproducible-builds-of-python-packages.patch + upstream https://github.com/python/cpython/pull/296 + +------------------------------------------------------------------- +Wed Feb 8 12:30:20 UTC 2017 - jmatejek@suse.com + +- reenable test_socket with AEAD patch (test-socket-aead-kernel49.patch) +- reintroduce %py3_soflags macro (and better named %cpython3_soabi equivalent) + +------------------------------------------------------------------- +Wed Jan 11 14:57:07 UTC 2017 - jmatejek@suse.com + +- update to 3.6.0 + * PEP 498 Formated string literals + * PEP 515 Underscores in numeric literals + * PEP 526 Syntax for variable annotations + * PEP 525 Asynchronous generators + * PEP 530 Asynchronous comprehensions + * PEP 506 New "secrets" module for safe key generation + * less memory consumed by dicts + * dtrace and systemtap support + * improved asyncio module + * better defaults for ssl + * new hashing algorithms in hashlib + * bytecode format changed to allow more optimizations + * "async" and "await" are on track to be reserved words + * StopIteration from generators is deprecated + * support for openssl < 1.0.2 is deprecated + * os.urandom now blocks when getrandom() blocks + * huge number of new features, bugfixes and optimizations + * see https://docs.python.org/3.6/whatsnew/3.6.html for details +- rework multilib patch: drop Python-3.5.0-multilib.patch, implement + upstreamable python-3.6.0-multilib-new.patch +- refresh python-3.3.0b1-localpath.patch, subprocess-raise-timeout.patch +- drop upstreamed Python-3.5.1-fix_lru_cache_copying.patch +- finally drop python-2.6b1-canonicalize2.patch that was not applied in source + and only kept around in case we needed it in the future. (which we don't, as it seems) +- update import_failed map and baselibs +- build ctypes against system libffi + (buildrequire libffi-devel in python3-base) +- add new key to keyring (signed by keys already in keyring) +- introduced common configure section between python3 and python3-base +- moved pyconfig.h and Makefile to devel subpackage as distutils no longer + need it at runtime +- added python-rpm-macros dependency, regenerated macros file, drop macros.python3.py + because it is not used now +- improve summaries and descriptions (fixes bsc#917607) +- enabled Link-Time Optimization, see what happens +- including skipped_tests.py in pre_checkin.sh run +- run specs through spec-cleaner, rearrange sections + +------------------------------------------------------------------- +Fri Apr 22 17:20:29 UTC 2016 - jmatejek@suse.com + +- move _hashlib and _ssl modules and tests to python3-base +- recommend python3 + +------------------------------------------------------------------- +Tue Mar 15 15:05:23 UTC 2016 - schwab@suse.de + +- Skip test_asyncio under qemu_user_space_build + +------------------------------------------------------------------- +Mon Mar 7 20:38:11 UTC 2016 - toddrme2178@gmail.com + +- Add Python-3.5.1-fix_lru_cache_copying.patch + Fix copying the lru_cache() wrapper object. + Fixes deep-copying lru_cache regression, which worked on + previous versions of python but fails on python 3.5. + This fixes a bunch of packages in devel:languages:python3. + See: https://bugs.python.org/issue25447 + +------------------------------------------------------------------- +Sun Jan 24 00:44:08 UTC 2016 - arichardson.kde@gmail.com + +- Build the docs in .qch format as well + +------------------------------------------------------------------- +Wed Dec 9 07:35:20 UTC 2015 - toddrme2178@gmail.com + +- update to 3.5.1 + * bugfix-only release, dozens of bugs fixed +- Drop upstreamed Python-3.5.0-_Py_atomic_xxx-symbols.patch +- "Python3" to "Python 3" in summary + * This seems cleaner and fixes and rpmlint warning + +------------------------------------------------------------------- +Wed Oct 14 20:21:52 UTC 2015 - toddrme2178@gmail.com + +- Add Python-3.5.0-_Py_atomic_xxx-symbols.patch + This fixes a build error for many packages that use the Python, + C-API. + This patch is already accepted upstream and is slated to appear in + python 3.5.1. + +------------------------------------------------------------------- +Tue Sep 29 15:53:24 UTC 2015 - jmatejek@suse.com + +- update to 3.5.0 + * coroutines with async/await syntax + * matrix multiplication operator `@` + * unpacking generalizations + * new modules `typing` and `zipapp` + * type annotations + * .pyo files replaced by custom suffixes for optimization levels in __pycache__ + * support for memory BIO in ssl module + * performance improvements in several modules + * and many more +- removals and behavior changes + * deprecated `__version__` is removed + * support for .pyo files was removed + * system calls are auto-retried on EINTR + * bare generator expressions in function calls now cause SyntaxError + (change "f(x for x in i)" to "f((x for x in i))" to fix) + * removed undocumented `format` member of private `PyMemoryViewObject` struct + * renamed `PyMemAllocator` to `PyMemAllocatorEx` +- redefine %dynlib macro to reflect that modules now have arch+os as part of name +- module `time` is now built-in +- dropped upstreamed patches: + python-3.4.1-fix-faulthandler.patch + python-3.4.3-test-conditional-ssl.patch + python-fix-short-dh.patch (also dropped dh2048.pem required for this patch) +- updated patch Python-3.3.0b2-multilib.patch to Python-3.5.0-multilib.patch +- python-ncurses-6.0-accessors.patch taken from python 2 to fix build failure + with new gcc + ncurses + +------------------------------------------------------------------- +Wed Sep 9 11:51:22 UTC 2015 - dimstar@opensuse.org + +- Add python3-ncurses-6.0-accessors.patch: Fix build with + NCurses 6.0 and OPAQUE_WINDOW set to 1. + +------------------------------------------------------------------- +Mon Aug 24 17:02:08 UTC 2015 - jmatejek@suse.com + +- improve import_failed hook to do the right thing when invoking + missing modules with "python3 -m modulename" (boo#942751) + +------------------------------------------------------------------- +Thu Jul 23 22:08:10 UTC 2015 - fisiu@opensuse.org + +- Build with --enable-loadable-sqlite-extensions to make it works + as geospatial database. + +------------------------------------------------------------------- +Wed Jul 1 07:07:26 UTC 2015 - dimstar@opensuse.org + +- Fix source list for previous change (add dh2048.pem). + +------------------------------------------------------------------- +Wed Jun 24 06:54:30 UTC 2015 - meissner@suse.com + +- dh2048.pem: added generated 2048 dh parameter set to fix + ssl test (bsc#935856) +- python-fix-short-dh.patch: replace the 512 bits dh parameter set + by 2048 bits to fix build with new openssl 1.0.2c (bsc#935856) + +------------------------------------------------------------------- +Tue May 19 14:59:30 UTC 2015 - schwab@suse.de + +- ctypes-libffi-aarch64.patch: remove upstreamed patch +- python-2.7-libffi-aarch64.patch: Fix argument passing in libffi for + aarch64 + +------------------------------------------------------------------- +Thu May 14 10:58:36 UTC 2015 - jmatejek@suse.com + +- drop the PDF subpackage + (removes the massive texlive dependency, and most likely nobody is + using the PDFs anyway) + +------------------------------------------------------------------- +Thu May 14 09:53:29 UTC 2015 - jmatejek@suse.com + +- python-3.4.3-test-conditional-ssl.patch - restore tests failing because + test_urllib was unconditionally importing ssl (without really needing it) +- restore functionality of multilib patch +- drop libffi-ppc64le.diff because upstream completely changed everything + yet again (sorry ppc64 folks :| ) + + +------------------------------------------------------------------- +Fri May 1 15:11:21 UTC 2015 - mailaender@opensuse.org + +- Update to version 3.4.3 +- Drop upstreamed CVE-2014-4650-CGIHTTPServer-traversal.patch + (bpo#21766) + +------------------------------------------------------------------- +Wed Mar 25 10:57:28 UTC 2015 - rguenther@suse.com + +- Add python-3.4.1-fix-faulthandler.patch, upstream patch for bogus + faulthandler which fails with GCC 5. + +------------------------------------------------------------------- +Sun Jan 11 13:01:30 UTC 2015 - p.drouand@gmail.com + +- asyncio has been merged in python3 main package; provide and + obsolete it +- Remove obsolete AUTHORS section +- Remove redundant %clean section + +------------------------------------------------------------------- +Sat Oct 18 20:14:54 UTC 2014 - crrodriguez@opensuse.org + +- Only pkgconfig(x11) is required for build, not the whole + set of packages provided by xorg-x11-devel metapackage. + +------------------------------------------------------------------- +Mon Oct 13 13:38:20 UTC 2014 - jmatejek@suse.com + +- add %python3_version rpm macro for Fedora compatibility +- add missing argument in import_failed, rename Novell Bugzilla + to SUSE Bugzilla + +------------------------------------------------------------------- +Thu Jul 31 17:24:59 UTC 2014 - dimstar@opensuse.org + +- Rename rpmlintrc to %{name}-rpmlintrc. + Follow the packaging guidelines. + +------------------------------------------------------------------- +Wed Jul 23 16:31:02 UTC 2014 - jmatejek@suse.com + +- CVE-2014-4650-CGIHTTPServer-traversal.patch: CGIHTTPServer file + disclosure and directory traversal through URL-encoded characters + (CVE-2014-4650, bnc#885882) + +------------------------------------------------------------------- +Tue Jul 22 13:55:57 UTC 2014 - jmatejek@suse.com + +- drop python-3.4.1-SUSE-ensurepip.patch for compatibility reasons, + reinstate bundled copies of pip and setuptools + (fixes bnc#885662) +- add more files as sources to silence the validator + +------------------------------------------------------------------- +Wed May 21 11:01:56 UTC 2014 - jmatejek@suse.com + +- update to 3.4.1 + * bugfix-only release, over 300 bugs fixed +- drop upstreamed python-3.4.0rc2-sqlite-3.8.4-tests.patch +- drop upstreamed CVE-2014-2667-mkdir.patch +- include Python release manager keyring and signature file + for the source archive (thus renumbering of source files) + (see https://www.python.org/download/#openpgp-public-keys ) +- move ensurepip to python3, because it transitively requires ssl + +------------------------------------------------------------------- +Fri Apr 4 16:21:40 UTC 2014 - jmatejek@suse.com + +- CVE-2014-2667-mkdir.patch: race condition with reseting umask + in os.makedirs + (CVE-2014-2667, bnc#871152) +- updated multilib patch to include ~/.local/lib64 (bnc#637176) + +------------------------------------------------------------------- +Wed Mar 26 15:24:46 UTC 2014 - jmatejek@suse.com + +- raise timeout value for test_subprocess to 10s (might fix + intermittent build failures in OBS) + +------------------------------------------------------------------- +Mon Mar 24 17:29:31 UTC 2014 - dmueller@suse.com + +- remove blacklisting of test_posix on aarch64: qemu bug is fixed + +------------------------------------------------------------------- +Mon Mar 17 18:26:58 UTC 2014 - jmatejek@suse.com + +- update to 3.4.0 final +- drop upstreamed python-3.4rc2-importlib.patch + +------------------------------------------------------------------- +Sun Mar 16 16:33:25 UTC 2014 - schwab@suse.de + +- Only build with profile-opt if profiling is enabled +- Update test exclusion lists: + * test_ctypes no longer fails on arm + * test_io no longer fails on ppc* + * test_multiprocessing has been split in multiple tests + * test_posix and test_signal fail due to qemu bugs + +------------------------------------------------------------------- +Fri Mar 14 20:26:03 UTC 2014 - andreas.stieger@gmx.de + +- Fix build with SQLite 3.8.4 [bnc#867887], fixing SQLite tests, + adding python-2.7.6-sqlite-3.8.4-tests.patch + +------------------------------------------------------------------- +Thu Feb 27 14:08:40 UTC 2014 - jmatejek@suse.com + +- update to 3.4.0 rc2 + * pre-release bugfixes + * improvements to asyncio library +- drop upstreamed tracemalloc_gcov.patch +- python-3.4rc2-importlib.patch fixes backwards-incompatibility + in the reworked importlib module that blocks build of vim + +------------------------------------------------------------------- +Fri Jan 17 18:45:27 UTC 2014 - jmatejek@suse.com + +- initial commit of 3.4.0 beta 3 + * new stdlib modules: pathlib, enum, statistics, tracemalloc + * asynchronous IO with new asyncio module + * introspection data for builtins + * subprocesses no longer inherit open file descriptors + * standardized metadata for packages + * internal hashing changed to SipHash + * new pickle protocol + * improved handling of codecs + * TLS 1.2 support + * major speed improvements for internal unicode handling + * many bugfixes and optimizations +- see porting guide at: + http://docs.python.org/3.4/whatsnew/3.4.html#porting-to-python-3-4 +- moved several modules to -testsuite subpackage +- updated list of binary extensions, refreshed patches +- tracemalloc_gcov.patch fixes profile-based optimization build +- updated packages and pre_checkin.sh to use ~-version notation + for prereleases +- fix-shebangs part of build process moved to common %prep +- drop python-3.3.2-no-REUSEPORT.patch (upstreamed) +- update baselibs for new soname + +- TODOs: + * require python-pip, make ensurepip work with zypper + +------------------------------------------------------------------- +Wed Dec 4 13:21:26 UTC 2013 - matz@suse.de + +- add ppc64le (ELFv2) support for libffi copy for ctypes module +- Adjust Python-3.3.0b2-multilib.patch for ppc64le (make sys.lib be + "lib64"). +- added patches: + * libffi-ppc64le.diff +------------------------------------------------------------------- +Tue Dec 3 09:51:43 UTC 2013 - adrian@suse.de + +- add ppc64le rules + +------------------------------------------------------------------- +Fri Nov 22 13:17:23 UTC 2013 - speilicke@suse.com + +- Add python-3.3.3-skip-distutils-test_sysconfig_module.patch: + + Disable global and distutils sysconfig comparison test, we deviate + from the default depending on optflags + +------------------------------------------------------------------- +Tue Nov 19 14:28:41 UTC 2013 - jmatejek@suse.com + +- update to 3.3.3 + * bugfix-only release + * many SSL-related fixes + * upstream fix for CVE-2013-4238 + * upstream fixes for CVE-2013-1752 +- move example module xxlimited to python3-testsuite +- drop CVE-2013-4238_py33.patch - it is upstreamed +- remove --with-wide-unicode config option, it is now the default + (and only) choice +- don't touch anything between make and makeinstall +- drop python-3.2b2-buildtime-generate.patch - the issue was caused + by touching things between make and makeinstall +- link pycache entries for import_failed hooks properly + +------------------------------------------------------------------- +Tue Oct 15 17:44:08 UTC 2013 - crrodriguez@opensuse.org + +- build with -DOPENSSL_LOAD_CONF for the same reasons + described in the python2 package. + +------------------------------------------------------------------- +Fri Aug 16 11:35:15 UTC 2013 - jmatejek@suse.com + +- handle NULL bytes in certain fields of SSL certificates + (CVE-2013-4238, bnc#834601) + +------------------------------------------------------------------- +Thu Aug 8 14:54:49 UTC 2013 - dvaleev@suse.com + +- Exclue test_faulthandler from tests on powerpc due to bnc#831629 + +------------------------------------------------------------------- +Thu Jun 13 15:05:34 UTC 2013 - jmatejek@suse.com + +- update to 3.3.2 + * bugfix-only release + * fixes several regressions introduced in 3.3.1 +- switch to xz compression +- move _lzma module to python3-base +- python-3.3.2-no-REUSEPORT.patch to fix build on kernels without SO_REUSEPORT + +------------------------------------------------------------------- +Mon Apr 29 22:32:43 UTC 2013 - schwab@suse.de + +- Readd missing bits from ctypes-libffi-aarch64.patch + +------------------------------------------------------------------- +Sat Apr 13 07:56:51 UTC 2013 - idonmez@suse.com + +- Update to version 3.3.1 + * Fix the –enable-profiling configure switch. + * In IDLE, close the replace dialog after it is used. +- Too many bugfixes to list here, + see See http://hg.python.org/cpython/file/v3.3.0/Misc/NEWS +- Refresh Python-3.3.0b2-multilib.patch +- Refresh python-3.2b2-buildtime-generate.patch +- Drop upstream patches: ctypes-libffi-aarch64.patch, + python-3.2.3rc2-pypirc-secure.patch, python-3.3.0-getdents64.patch + +------------------------------------------------------------------- +Mon Apr 8 11:25:30 UTC 2013 - speilicke@suse.com + +- Exclude sqlite/test and tk/test directories from the respective + sub-packages. These are owned by the testsuite sub-package already + +------------------------------------------------------------------- +Fri Apr 5 12:59:20 UTC 2013 - idonmez@suse.com + +- Add Source URL, see https://en.opensuse.org/title=SourceUrls + +------------------------------------------------------------------- +Wed Apr 3 15:36:04 UTC 2013 - jmatejek@suse.com + +- remove spurious modification of python-3.3.0b1-localpath.patch + that would force installation into /usr/local. + this fixes bnc#809831 + +------------------------------------------------------------------- +Thu Mar 28 18:38:51 UTC 2013 - jmatejek@suse.com + +- replace broken movetogetdents64.diff patch with a correct one + from upstream repo (python-3.3.0-getdents64.patch) + +------------------------------------------------------------------- +Fri Mar 1 07:42:21 UTC 2013 - dmueller@suse.com + +- add ctypes-libffi-aarch64.patch: + * import aarch64 support for libffi in _ctypes module +- add aarch64 to the list of lib64 based archs +- add movetogetdents64.diff: + * port to getdents64, as SYS_getdents is not implemented everywhere + +------------------------------------------------------------------- +Tue Feb 26 08:57:55 UTC 2013 - saschpe@suse.de + +- /etc/rpm/macros.python3 is no %config, it is not meant to be changed + by users. +- Add rpmlintrc with some obvious filters + +------------------------------------------------------------------- +Mon Jan 28 18:14:39 UTC 2013 - jmatejek@suse.com + +- update baselibs for new version of libpython3 + +------------------------------------------------------------------- +Thu Nov 29 17:02:37 UTC 2012 - jmatejek@suse.com + +- fix include path in macros (bnc#787526) +- implement failed import handlers for modules that live in + subpackages - e.g. "import ssl" will now throw a sensible error + message telling you to install "python3" + +------------------------------------------------------------------- +Wed Nov 28 17:02:07 UTC 2012 - jmatejek@suse.com + +- merge python3-xml into python3 +- merge python3-2to3 library into python3-base + and the 2to3 binary into python3-devel + (python3-devel is now in conflict with python-2to3, which + will be dropped) +- enable --with-system-expat for python3, making the xml modules + (and thus python3) depend on expat +- reconfigure tests to disable network and GUI resources, which + the upstream apparently thought is a good idea to enable by default. + this fixes build failures in Factory +- add lzma-devel to build the _lzma module +- moved %dynlib macro definition to common section + +------------------------------------------------------------------- +Mon Nov 5 20:01:46 UTC 2012 - coolo@suse.com + +- buildrequire timezone for the test suite + +------------------------------------------------------------------- +Mon Oct 29 18:21:45 UTC 2012 - dmueller@suse.com + +- disable more checks for qemu builds as they use syscalls not + implemented yet + +------------------------------------------------------------------- +Thu Oct 25 08:14:36 UTC 2012 - Rene.vanPaassen@gmail.com + +- exclude test_math for SLE 11; math library fails on negative + gamma function values close to integers and 0, probably + due to imprecision in -lm on SLE_11_SP2. + +------------------------------------------------------------------- +Tue Oct 16 12:15:34 UTC 2012 - coolo@suse.com + +- buildrequire libbz2-devel explicitly + +------------------------------------------------------------------- +Mon Oct 8 14:33:08 UTC 2012 - jmatejek@suse.com + +- remove distutils.cfg (bnc#658604) + * this changes default prefix for distutils to /usr + * see ML for details: +http://lists.opensuse.org/opensuse-packaging/2012-09/msg00254.html + +------------------------------------------------------------------- +Mon Oct 1 08:53:03 UTC 2012 - idonmez@suse.com + +- Update to final 3.3.0 release + * See http://hg.python.org/cpython/file/v3.3.0/Misc/NEWS + +------------------------------------------------------------------- +Thu Sep 27 12:35:01 UTC 2012 - idonmez@suse.com + +- Correct dependency for python3-testsuite, + python3-tkinter -> python3-tk + +------------------------------------------------------------------- +Thu Aug 23 13:08:11 UTC 2012 - jmatejek@suse.com + +- update to 3.3.0 RC1 + +------------------------------------------------------------------- +Fri Aug 3 12:09:34 UTC 2012 - jmatejek@suse.com + +- update to 3.3.0 beta 1 + * flexible string representation, no longer distinguishing + between wide and narrow Unicode builds + * importlib-based import system + * virtualenv support in core + * namespace packages + * explicit Unicode literals for easier porting + * key-sharing dict implementation reduces memory footprint + of OO code + * hash randomization on by default + * many other new bugfixes and features, check NEWS for details + +- pre_checkin.sh now autofills various version strings in specs +- ship hashlib's fallback modules - those uselessly take up space + when real _hashlib.so from python3 is present, but the space wasted + is only 114kB and it provides python3-base with a working hashlib + module. + (also, this fixes bnc#743787) + +------------------------------------------------------------------- +Fri Jul 27 09:02:41 UTC 2012 - dvaleev@suse.com + +- skip test_io on ppc +- drop test_io ppc patch + +------------------------------------------------------------------- +Thu Jun 28 07:57:58 UTC 2012 - saschpe@suse.de + +- Satisfy source_validator by uncommenting an otherwise unused "Patch" + line + +------------------------------------------------------------------- +Tue Jun 12 15:39:08 UTC 2012 - adrian@suse.de + +- fix logic of checks exclusion + +------------------------------------------------------------------- +Fri May 18 11:50:27 UTC 2012 - idonmez@suse.com + +- update to 3.2.3 + * No changes since rc2 + +------------------------------------------------------------------- +Thu Mar 29 15:44:33 UTC 2012 - jmatejek@suse.com + +- update to 3.2.3rc2 + * fixes several security issues: + * CVE-2012-0845, bnc#747125 + * CVE-2012-1150, bnc#751718 + * CVE-2011-4944, bnc#754447 + * CVE-2011-3389, bnc#754677 +- fix for insecure .pypirc (CVE-2011-4944, bnc#754447) +- disable test_gdb because it is broken by our gdb + +------------------------------------------------------------------- +Thu Feb 16 12:33:12 UTC 2012 - dvaleev@suse.com + +- skip broken test_io test on ppc + +------------------------------------------------------------------- +Wed Jan 18 15:49:47 UTC 2012 - jmatejek@suse.com + +- update to 3.2.2 + * bugfix-only release + * reports "linux2" as sys.platform regardless of Linux kernel +- added pre_checkin.sh to copy common spec sections to python3.spec +- added PACKAGING-NOTES with some helpful info for packagers + +------------------------------------------------------------------- +Sun Dec 25 13:25:01 UTC 2011 - idonmez@suse.com + +- Use system ffi, included one is broken see + http://bugs.python.org/issue11729 and + http://bugs.python.org/issue12081 + +------------------------------------------------------------------- +Fri Dec 9 17:19:55 UTC 2011 - jmatejek@suse.com + +- license.opensuse.org-compatible license headers + +------------------------------------------------------------------- +Fri Dec 2 16:46:44 UTC 2011 - coolo@suse.com + +- add automake as buildrequire to avoid implicit dependency + +------------------------------------------------------------------- +Thu Nov 24 12:42:25 UTC 2011 - agraf@suse.com + +- fix ARM build (exclude some test cases which break for us) + +------------------------------------------------------------------- +Tue Aug 16 17:02:22 UTC 2011 - termim@gmail.com + +- use sysconfig module to get py3_incdir, py3_abiflags, + py3_soflags, python3_sitelib and python3_sitearch + +------------------------------------------------------------------- +Mon Jul 18 16:22:31 UTC 2011 - jmatejek@novell.com + +- update to 3.2.1 + * bugfix-only release, no major changes +- fix build on linux3 platform +- remove upstreamed pybench patch +- install /usr/lib directories in all cases to prevent spurious + "directory not owned" in dependent packages + +------------------------------------------------------------------- +Wed Jun 15 14:16:38 UTC 2011 - jmatejek@novell.com + +- replaced dynamic so version with manual so version, because + autobuild does not support autogeneration + +------------------------------------------------------------------- +Tue May 24 13:39:06 UTC 2011 - jmatejek@novell.com + +- generate macros.python3 at compile-time with fixed values +- don't include bogus values in pyconfig.h, as they can break + third-party packages (bnc#673071) + +------------------------------------------------------------------- +Tue May 17 12:52:51 UTC 2011 - jmatejek@novell.com + +- added Obsoletes: python3 < 3.1 so that the transition from + non-split to split packages goes smoothly + +------------------------------------------------------------------- +Fri May 13 12:38:19 UTC 2011 - jmatejek@novell.com + +- fixed RPM macros to use python3 instead of python +- updated to build --with-wide-unicode (for compatibility with + fedora and our own python 2.x series) + +------------------------------------------------------------------- +Thu Apr 21 03:39:25 UTC 2011 - termim@gmail.com + +- fix python3-base build failure due to pybench.py crash by + python-3.2-pybench.patch +- move pyconfig.h from python3-devel to python3-base package to + make python3-base functional again + +------------------------------------------------------------------- +Wed Mar 23 04:26:28 UTC 2011 - termim@gmail.com + +- update to python 3.2 + * stable ABI, ABI-tagged .so files + * concurrent.futures and many other new or upgraded modules + * PYC repository directories ( __pycache__ ) + * python WSGI 1.0.1 + * Unicode 6.0.0 support + * a great number of bugfixes and assorted improvements + +------------------------------------------------------------------- +Tue Feb 8 19:42:17 CET 2011 - matejcik@suse.cz + +- update to python 3.2 RC2 +- renamed python3-demo to python3-tools, because the demo part + became much smaller than the tools part +- added rpm macros + +------------------------------------------------------------------- +Tue Jan 18 14:13:04 UTC 2011 - jmatejek@novell.com + +- update to python 3.2 beta 2, see NEWS for details +- split off -base package with less dependencies, and a shlib-policy + compliant libpython3 package +- mostly rewritten the spec file with more detailed comments +- cleaned up lists of patches + diff --git a/python311.spec b/python311.spec new file mode 100644 index 0000000..564e5a2 --- /dev/null +++ b/python311.spec @@ -0,0 +1,1050 @@ +# +# spec file for package python311 +# +# Copyright (c) 2024 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%global flavor @BUILD_FLAVOR@%{nil} +%if "%{flavor}" == "doc" +%define psuffix -documentation +%bcond_without doc +%bcond_with base +%bcond_with general +%endif +%if "%{flavor}" == "base" +%define psuffix -core +%bcond_with doc +%bcond_without base +%bcond_with general +%endif +%if "%{flavor}" == "" +%define psuffix %{nil} +%bcond_with doc +%bcond_with base +%bcond_without general +%endif + +%if 0%{?do_profiling} +%bcond_without profileopt +%else +%bcond_with profileopt +%endif + +%define python_pkg_name python311 +%if "%{python_pkg_name}" == "%{primary_python}" +%define primary_interpreter 1 +%else +%define primary_interpreter 0 +%endif + +# Setting up variables +%define _version %(c=%{version}; echo ${c/[a-z]*/}) +%define tar_suffix %(c=%{_version}; echo ${c#%{_version}}) +%define python_version %(echo %{_version}|cut -d. -f1-2) +# based on the current source tarball +%define python_version_abitag %(c=%{python_version}; echo ${c//./}) +# FIXME %%define python_version_soname %%(c=%%{python_version}; echo ${c//./_}) +%define python_version_soname 3_11 +%if 0%(test -n "%{tar_suffix}" && echo 1) +%define _version %(echo "%{_version}~%{tar_suffix}") +%define tarversion %{version} +%else +%define tarversion %{version} +%endif +# We don't process beta signs well +%define folderversion %{tarversion} +%define tarname Python-%{tarversion} +%define sitedir %{_libdir}/python%{python_version} +# three possible ABI kinds: m - pymalloc, d - debug build; see PEP 3149 +%define abi_kind %{nil} +# python ABI version - used in some file names +%define python_abi %{python_version}%{abi_kind} +# soname ABI tag defined in PEP 3149 +%define abi_tag %{python_version_abitag}%{abi_kind} +# version part of "libpython" package +%define so_major 1 +%define so_minor 0 +%define so_version %{python_version_soname}%{abi_kind}-%{so_major}_%{so_minor} +# rpm and python have different ideas about what is an arch-dependent name, so: +%if "%{__isa_name}" == "ppc" +%define archname %(echo %{_arch} | sed s/ppc/powerpc/) +%else +%define archname %{_arch} +%endif +# our arm has Hardware-Floatingpoint +%if "%{_arch}" == "arm" +%define armsuffix hf +%endif +# Decide whether we want to use mpdecimal +%if 0%{?suse_version} >= 1550 +%bcond_without mpdecimal +%else +%bcond_with mpdecimal +%endif +# pyexpat.cpython-35m-x86_64-linux-gnu +# pyexpat.cpython-35m-powerpc64le-linux-gnu +# pyexpat.cpython-35m-armv7-linux-gnueabihf +# _md5.cpython-38m-x86_64-linux-gnu.so +%define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so +%bcond_without profileopt +Name: %{python_pkg_name}%{psuffix} +Version: 3.11.10 +Release: 0 +Summary: Python 3 Interpreter +License: Python-2.0 +URL: https://www.python.org/ +Source0: https://www.python.org/ftp/python/%{folderversion}/%{tarname}.tar.xz +Source1: https://www.python.org/ftp/python/%{folderversion}/%{tarname}.tar.xz.asc +Source2: baselibs.conf +Source3: README.SUSE +Source4: externally_managed.in +Source7: macros.python3 +Source8: import_failed.py +Source9: import_failed.map +Source10: pre_checkin.sh +Source11: skipped_tests.py +Source19: idle3.desktop +Source20: idle3.appdata.xml +# content of bluez-devel: +# 1. sudo zypper --pkg-cache-dir /tmp install -f -d --no-recommends bluez-devel +# 2. rpm2cpio /tmp/*/*/bluez-devel-*.rpm|cpio -idu +# 3. mkdir Vendor && mv usr/include/* Vendor/ +# 4. tar cJf bluez-devel-vendor.tar.xz Vendor/ +Source21: bluez-devel-vendor.tar.xz +Source98: python311-rpmlintrc +# Tarball is signed by the GPG key of Pablo Galindo Salgado (0x64E628F8D684696D) +# https://keybase.io/pablogsal/pgp_keys.asc?fingerprint=a035c8c19219ba821ecea86b64e628f8d684696d +Source99: python.keyring +# The following files are not used in the build. +# They are listed here to work around missing functionality in rpmbuild, +# which would otherwise exclude them from distributed src.rpm files. +Source100: PACKAGING-NOTES +# PATCH-FEATURE-UPSTREAM F00251-change-user-install-location.patch bsc#[0-9]+ mcepl@suse.com +# Fix installation in /usr/local (boo#1071941), originally from Fedora +# https://src.fedoraproject.org/rpms/python3.12/blob/rawhide/f/00251-change-user-install-location.patch +# Set values of prefix and exec_prefix in distutils install command +# to /usr/local if executable is /usr/bin/python* and RPM build +# is not detected to make pip and distutils install into separate location +Patch02: F00251-change-user-install-location.patch +# PATCH-FEATURE-UPSTREAM distutils-reproducible-compile.patch gh#python/cpython#8057 mcepl@suse.com +# Improve reproduceability +Patch03: distutils-reproducible-compile.patch +# support finding packages in /usr/local, install to /usr/local by default +Patch04: python-3.3.0b1-localpath.patch +# replace DATE, TIME and COMPILER by fixed definitions to aid reproducible builds +Patch05: python-3.3.0b1-fix_date_time_compiler.patch +# POSIX_FADV_WILLNEED throws EINVAL. Use a different constant in test +Patch06: python-3.3.0b1-test-posix_fadvise.patch +# Raise timeout value for test_subprocess +Patch07: subprocess-raise-timeout.patch +# PATCH-FEATURE-UPSTREAM bpo-31046_ensurepip_honours_prefix.patch bpo#31046 mcepl@suse.com +# ensurepip should honour the value of $(prefix) +Patch08: bpo-31046_ensurepip_honours_prefix.patch +# PATCH-FIX-SLE no-skipif-doctests.patch jsc#SLE-13738 mcepl@suse.com +# SLE-15 version of Sphinx doesn't know about skipif directive in doctests. +Patch09: no-skipif-doctests.patch +# PATCH-FIX-SLE skip-test_pyobject_freed_is_freed.patch mcepl@suse.com +# skip a test failing on SLE-15 +Patch10: skip-test_pyobject_freed_is_freed.patch +# PATCH-FIX-SLE fix_configure_rst.patch bpo#43774 mcepl@suse.com +# remove duplicate link targets and make documentation with old Sphinx in SLE +Patch11: fix_configure_rst.patch +# PATCH-FIX-UPSTREAM skip_if_buildbot-extend.patch gh#python/cpython#103053 mcepl@suse.com +# Skip test_freeze_simple_script +Patch13: skip_if_buildbot-extend.patch +# PATCH-FIX-UPSTREAM bsc1221260-test_asyncio-ResourceWarning.patch bsc#1221260 mcepl@suse.com +# prevent ResourceWarning in test_asyncio tests +Patch15: bsc1221260-test_asyncio-ResourceWarning.patch +# PATCH-FIX-OPENSUSE CVE-2023-52425-libexpat-2.6.0-backport.patch +# This problem on libexpat is patched on SLE without version +# update, this patch changes the tests to match the libexpat provided +# by SUSE +Patch16: CVE-2023-52425-libexpat-2.6.0-backport.patch +Patch17: CVE-2023-52425-remove-reparse_deferral-tests.patch +# PATCH-FIX-UPSTREAM bso1227999-reproducible-builds.patch bsc#1227999 mcepl@suse.com +# reproducibility patches +Patch19: bso1227999-reproducible-builds.patch +# PATCH-FIX-UPSTREAM gh120226-fix-sendfile-test-kernel-610.patch gh#python/cpython#120226 mcepl@suse.com +# Fix test_sendfile_close_peer_in_the_middle_of_receiving on Linux >= 6.10 (GH-120227) +Patch22: gh120226-fix-sendfile-test-kernel-610.patch +# PATCH-FIX-UPSTREAM CVE-2024-9287-venv_path_unquoted.patch gh#python/cpython#124651 mcepl@suse.com +# venv should properly quote path names provided when creating a venv +Patch23: CVE-2024-9287-venv_path_unquoted.patch +BuildRequires: autoconf-archive +BuildRequires: automake +BuildRequires: fdupes +BuildRequires: gmp-devel +BuildRequires: lzma-devel +BuildRequires: netcfg +BuildRequires: openssl-devel +BuildRequires: pkgconfig +BuildRequires: xz +BuildRequires: pkgconfig(bzip2) +BuildRequires: pkgconfig(expat) +BuildRequires: pkgconfig(libffi) +BuildRequires: pkgconfig(uuid) +BuildRequires: pkgconfig(zlib) +#!BuildIgnore: gdk-pixbuf-loader-rsvg +%if 0%{?suse_version} >= 1550 +# The provider for python(abi) is in rpm-build-python +BuildRequires: rpm-build-python +%endif +%if 0%{?suse_version} >= 1500 && 0%{?suse_version} < 1599 +BuildRequires: pkgconfig(libnsl) +BuildRequires: pkgconfig(libtirpc) +%endif +%if %{with mpdecimal} +BuildRequires: mpdecimal-devel +%endif +%if %{with doc} +BuildRequires: python3-Sphinx >= 4.0.0 +%if 0%{?suse_version} >= 1500 +BuildRequires: python3-python-docs-theme >= 2022.1 +%endif +%endif +%if %{with general} +# required for idle3 (.desktop and .appdata.xml files) +BuildRequires: appstream-glib +BuildRequires: gcc-c++ +BuildRequires: gdbm-devel +BuildRequires: gettext +BuildRequires: readline-devel +BuildRequires: sqlite-devel +BuildRequires: timezone +BuildRequires: pkgconfig(ncurses) +BuildRequires: pkgconfig(tk) +BuildRequires: pkgconfig(x11) +Requires: %{python_pkg_name}-base = %{version} +Provides: %{python_pkg_name}-readline +Provides: %{python_pkg_name}-sqlite3 +Recommends: %{python_pkg_name}-curses +Recommends: %{python_pkg_name}-dbm +Recommends: %{python_pkg_name}-pip +%if %{primary_interpreter} +Provides: python3 = %{python_version} +Provides: python3-readline +Provides: python3-sqlite3 +%endif +%endif +%{?suse_build_hwcaps_libs} + +%description +Python 3 is modern interpreted, object-oriented programming language, +often compared to Tcl, Perl, Scheme, or Java. You can find an overview +of Python in the documentation and tutorials included in the python3-doc +package. + +This package supplies rich command line features provided by readline, +and sqlite3 support for the interpreter core, thus forming a so called +"extended" runtime. +Installing "python3" is sufficient for the vast majority of usecases. +In addition, recommended packages provide UI toolkit support (python3-curses, +python3-tk), legacy UNIX database bindings (python3-dbm), and the IDLE +development environment (python3-idle). + +%package -n %{python_pkg_name}-tk +Summary: TkInter, a Python Tk Interface +Requires: %{python_pkg_name} = %{version} +%if %{primary_interpreter} +Provides: python3-tk = %{version} +%endif + +%description -n %{python_pkg_name}-tk +Python interface to Tk. Tk is the GUI toolkit that comes with Tcl. + +%package -n %{python_pkg_name}-curses +Summary: Python Interface to the (N)Curses Library +Requires: %{python_pkg_name} = %{version} +%if %{primary_interpreter} +Provides: python3-curses +%endif + +%description -n %{python_pkg_name}-curses +An easy to use interface to the (n)curses CUI library. CUI stands for +Console User Interface. + +%package -n %{python_pkg_name}-dbm +Summary: Python Interface to the GDBM Library +Requires: %{python_pkg_name} = %{version} +%if %{primary_interpreter} +Provides: python3-dbm +%endif + +%description -n %{python_pkg_name}-dbm +An easy to use interface for Unix DBM databases, and more specifically, +the GNU implementation GDBM. + +%package -n %{python_pkg_name}-idle +Summary: An Integrated Development Environment for Python +Requires: %{python_pkg_name} = %{version} +Requires: %{python_pkg_name}-tk +%if %{primary_interpreter} +Provides: python3-idle = %{version} +%endif + +%description -n %{python_pkg_name}-idle +IDLE is a Tkinter based integrated development environment for Python. +It features a multi-window text editor with multiple undo, Python +colorizing, and many other things, as well as a Python shell window and +a debugger. + +%package -n %{python_pkg_name}-doc +Summary: Package Documentation for Python 3 +Enhances: %{python_pkg_name} = %{python_version} +%if %{primary_interpreter} +Provides: python3-doc = %{version} +%endif + +%description -n %{python_pkg_name}-doc +Tutorial, Global Module Index, Language Reference, Library Reference, +Extending and Embedding Reference, Python/C API Reference, Documenting +Python, and Macintosh Module Reference in HTML format. + +%package -n %{python_pkg_name}-doc-devhelp +Summary: Additional Package Documentation for Python 3 in devhelp format +%if %{primary_interpreter} +Provides: python3-doc-devhelp = %{version} +%endif + +%description -n %{python_pkg_name}-doc-devhelp +Tutorial, Global Module Index, Language Reference, Library Reference, +Extending and Embedding Reference, Python/C API Reference, Documenting +Python, and Macintosh Module Reference in format for devhelp. + +%package -n %{python_pkg_name}-base +Summary: Python 3 Interpreter and Stdlib Core +Requires: libpython%{so_version} = %{version} +Recommends: %{python_pkg_name} = %{version} +#Recommends: python3-ensurepip +# python 3.1 didn't have a separate python-base, so it is wrongly +# not a conflict to have python3-3.1 and python3-base > 3.1 +Obsoletes: python3 < 3.2 +# no Provides, because python3 is obviously provided by package python3 +# python 3.4 provides asyncio +Provides: %{python_pkg_name}-asyncio = %{version} +# python 3.6 provides typing +Provides: %{python_pkg_name}-typing = %{version} +# python3-xml was merged into python3, now moved into -base +Provides: %{python_pkg_name}-xml = %{version} +%if %{primary_interpreter} +Provides: python3-asyncio = %{version} +Obsoletes: python3-asyncio < %{version} +Provides: python3-base = %{version} +Obsoletes: python3-base < %{version} +Provides: python3-typing = %{version} +Obsoletes: python3-typing < %{version} +Provides: python3-xml = %{version} +Obsoletes: python3-xml < %{version} +%endif + +%description -n %{python_pkg_name}-base +Python is an interpreted, object-oriented programming language, and is +often compared to Tcl, Perl, Scheme, or Java. You can find an overview +of Python in the documentation and tutorials included in the python-doc +package. + +This package contains the interpreter core and most commonly used modules +from the standard library. This is sufficient for many usecases, but it +excludes components that depend on external libraries, most notably XML, +database and UI toolkits support. + +%package -n %{python_pkg_name}-tools +Summary: Python Utility and Demonstration Scripts +Requires: %{python_pkg_name}-base = %{version} +Provides: %{python_pkg_name}-2to3 = %{version} +Provides: %{python_pkg_name}-demo = %{version} +%if %{primary_interpreter} +Provides: python3-2to3 = %{version} +Provides: python3-demo = %{version} +Provides: python3-tools = %{version} +Obsoletes: python3-2to3 < %{version} +Obsoletes: python3-demo < %{version} +%endif + +%description -n %{python_pkg_name}-tools +A number of scripts that are useful for building, testing or extending Python, +and a set of demonstration programs. + +%package -n %{python_pkg_name}-devel +Summary: Include Files and Libraries Mandatory for Building Python Modules +Requires: %{python_pkg_name}-base = %{version} +%if %{primary_interpreter} +Provides: python3-devel = %{version} +%endif + +%description -n %{python_pkg_name}-devel +The Python programming language's interpreter can be extended with +dynamically loaded extensions and can be embedded in other programs. + +This package contains header files, a static library, and development +tools for building Python modules, extending the Python interpreter or +embedding Python in applications. + +This also includes the Python distutils, which were in the Python +package up to version 2.2.2. + +%package -n %{python_pkg_name}-testsuite +Summary: Unit tests for Python and its standard library +Requires: %{python_pkg_name} = %{version} +Requires: %{python_pkg_name}-tk = %{version} +%if %{primary_interpreter} +Provides: python3-testsuite = %{version} +%endif + +%description -n %{python_pkg_name}-testsuite +Unit tests that are useful for verifying integrity and functionality +of the installed Python interpreter and standard library. +They are a documented part of stdlib, as a module 'test'. + +%package -n libpython%{so_version} +Summary: Python Interpreter shared library +Requires: %{python_pkg_name}-base >= %{version} + +%description -n libpython%{so_version} +Python is an interpreted, object-oriented programming language, and is +often compared to Tcl, Perl, Scheme, or Java. You can find an overview +of Python in the documentation and tutorials included in the python-doc +(HTML) or python-doc-pdf (PDF) packages. + +This package contains libpython3.2 shared library for embedding in +other applications. + +%prep +%setup -q -n %{tarname} + +%patch -p1 -P 02 +%patch -p1 -P 03 +%patch -p1 -P 04 +%patch -p1 -P 05 +%patch -p1 -P 06 +%patch -p1 -P 07 +%patch -p1 -P 08 + +%if 0%{?suse_version} <= 1500 +%patch -P 09 -p1 +%endif + +%patch -p1 -P 10 +%patch -p1 -P 11 +%patch -p1 -P 13 +%patch -p1 -P 15 +%patch -p1 -P 16 +%patch -p1 -P 17 +%patch -p1 -P 19 +%patch -p1 -P 22 +%patch -p1 -P 23 + +# drop Autoconf version requirement +sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac + +%if %{primary_interpreter} +# fix shebangs - convert /usr/local/bin/python and /usr/bin/env/python to /usr/bin/python3 +for dir in Lib Tools; do + # find *.py, filter to files that contain bad shebangs + # break up "/""usr" like this to prevent replacing with %%{_prefix} + find $dir -name '*.py' -type f -print0 \ + | xargs -0 grep -lE '^#! *(/''usr/.*bin/(env +)?)?python' \ + | xargs sed -r -i -e '1s@^#![[:space:]]*(/''usr/(local/)?bin/(env +)?)?python([0-9]+(\.[0-9]+)?)?@#!%{_bindir}/python3@' +done +%else +# For non-primary Python, just don't bother (bsc#1193179) and remove all +# those shebangs +for dir in Lib Tools; do + find $dir -name '*.py' -type f -exec sed -i '1{/^#!.*python/ d}' '{}' \; +done +# We shortened the file Lib/pdb.py so we have to move the test breakpoint location +sed -i -e '/Breakpoint 3 at ...pdb.py:97/s/97/96/' Lib/test/test_pdb.py +%endif + +# drop in-tree libffi and expat +rm -r Modules/_ctypes/libffi* Modules/_ctypes/darwin +# Cannot remove it because of gh#python/cpython#92875 +# rm -r Modules/expat + +# drop duplicate README from site-packages +rm Lib/site-packages/README.txt + +# Add vendored bluez-devel files +tar xvf %{SOURCE21} + +# Don't fail on warnings when building documentation +sed -i -e '/^SPHINXERRORHANDLING/s/-W//' Doc/Makefile + +%build +%if %{with doc} +TODAY_DATE=`date -r %{SOURCE0} "+%%B %%d, %%Y"` +# TODO use not date of tarball but date of latest patch + +cd Doc +sed -i "s/^today = .*/today = '$TODAY_DATE'/" conf.py +%make_build -j1 html + +# Build also devhelp files +sphinx-build -a -b devhelp . build/devhelp +rm -rfv build/devhelp/.doctrees +%else +%define _lto_cflags %{nil} +# use rpm_opt_flags +export OPT="%{optflags} -DOPENSSL_LOAD_CONF -fwrapv $(pkg-config --cflags-only-I libffi) -fno-semantic-interposition" + +touch -r %{SOURCE0} Makefile.pre.in + +autoreconf -fvi + +%if 0%{?sles_version} +sed -e 's/-fprofile-correction//' -i Makefile.pre.in +%endif + +export CFLAGS="%{optflags} -IVendor/" + +%configure \ + --with-platlibdir=%{_lib} \ + --docdir=%{_docdir}/python \ + --enable-ipv6 \ + --enable-shared \ + --with-ensurepip=no \ + --with-system-ffi \ + --with-system-expat \ + --with-lto \ +%if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150400 + --with-ssl-default-suites=openssl \ +%endif +%if %{with profileopt} + --enable-optimizations \ +%endif +%if %{with mpdecimal} + --with-system-libmpdec \ +%endif + --enable-loadable-sqlite-extensions + +# prevent make from trying to rebuild PYTHON_FOR_GEN stuff +# %%make_build -t Python/Python-ast.c \ + # Include/Python-ast.h \ + # Objects/typeslots.inc \ + # Python/opcode_targets.h \ + # Include/opcode.h +%make_build + +%if %{with general} +%make_build +%endif +%if %{with base} +%if %{with profileopt} + target=profile-opt +%else + target=all +%endif +LD_LIBRARY_PATH=.:$LD_LIBRARY_PATH \ + %make_build $target +%endif +%endif + +%check +export SUSE_VERSION="0%{?suse_version}" +export SLE_VERSION="0%{?sle_version}" +%if %{with general} +# exclude test_gdb -- it doesn't run in buildservice anyway, and fails on missing debuginfos +# when you install gdb into your test env +EXCLUDE="test_gdb" +# we patch out the message to recommend zypper in and thus this would fail +EXCLUDE="$EXCLUDE test_pydoc" + +%ifarch %{arm} s390x +# test_multiprocessing_forkserver is racy +EXCLUDE="$EXCLUDE test_multiprocessing_forkserver" +%endif +%ifarch ppc ppc64 ppc64le +# exclue test_faulthandler due to bnc#831629 +EXCLUDE="$EXCLUDE test_faulthandler" +%endif +# some tests break in QEMU +%if 0%{?qemu_user_space_build} +EXCLUDE="$EXCLUDE test_faulthandler test_multiprocessing_forkserver test_multiprocessing_spawn test_os test_posix test_signal test_socket test_subprocess" +%endif + +# This test (part of test_uuid) requires real network interfaces +# so that ifconfig output has "HWaddr ". Some kvm instances +# done have any such interface breaking the uuid module. +EXCLUDE="$EXCLUDE test_uuid" + +# bsc#1195140 and bpo#37169 - test_capi is failing on openSUSE, and not sure why +EXCLUDE="$EXCLUDE test_capi" + +# Limit virtual memory to avoid spurious failures +if test $(ulimit -v) = unlimited || test $(ulimit -v) -gt 10000000; then + ulimit -v 11000000 || : +fi + +# test_freeze_simple_script in test.test_tools.test_freeze.TestFreeze +# uses CONFIG_ARGS to run ./configure. +export CONFIG_ARGS="--enable-ipv6 --enable-shared --with-ensurepip=no \ + --with-system-ffi --with-system-expat --with-lto --enable-optimizations \ + --with-system-libmpdec --enable-loadable-sqlite-extensions" + +export PYTHONPATH="$(pwd -P)/Lib" +# Use timeout, like make target buildbottest +# We cannot run tests parallel, because osc build environment doesn’t +# have /dev/shm +%make_build -j1 test TESTOPTS="-u curses -v -x $EXCLUDE --timeout=5400" +# use network, be verbose: +#make test TESTOPTS="-l -u network -v" +%endif + +%install +%if %{with doc} +export PDOCS=%{buildroot}%{_docdir}/python%{python_version} +mkdir -p $PDOCS +# generated docs +rm Doc/build/*/.buildinfo +cp -r Doc/build/html $PDOCS +# misc +install -d -m 755 $PDOCS/Misc +rm Misc/README.AIX +for i in Misc/* ; do + [ -f $i ] && install -c -m 644 $i $PDOCS/Misc/ +done +# devhelp +mkdir -p %{buildroot}%{_datadir}/gtk-doc/html +cp -r Doc/build/devhelp %{buildroot}%{_datadir}/gtk-doc/html/Python%{python_version} +rm -rf %{buildroot}%{_datadir}/gtk-doc/html/Python%{python_version}/.doctrees +%endif +%if %{with general} +%make_install + +# clean out stuff that is in python-base and subpackages + +find %{buildroot}%{_bindir} -mindepth 1 -not -name "*idle3*" -print -delete +rm %{buildroot}%{_libdir}/lib* +rm -r %{buildroot}%{_libdir}/pkgconfig +rm -r %{buildroot}%{_mandir}/* +rm -r %{buildroot}%{_includedir}/* + +rm -r %{buildroot}%{sitedir}/config* +find %{buildroot}%{sitedir} -name "*.egg-info" -delete +rm -r %{buildroot}%{sitedir}/__pycache__ +rm -r %{buildroot}%{sitedir}/site-packages +rm %{buildroot}%{sitedir}/*.* + +for module in \ + asyncio ctypes collections concurrent distutils email encodings \ + ensurepip html http re \ + importlib json logging multiprocessing pydoc_data unittest \ + urllib venv wsgiref lib2to3 test tomllib turtledemo \ + xml xmlrpc zoneinfo __phello__ +do + rm -r %{buildroot}%{sitedir}/$module +done + +for library in \ + array _asyncio audioop binascii _bisect _bz2 cmath _codecs_* \ + _contextvars _crypt _csv _ctypes _datetime _decimal fcntl grp \ + _hashlib _heapq _json _lsprof _lzma math mmap _multibytecodec \ + _multiprocessing _opcode ossaudiodev _pickle _posixshmem \ + _posixsubprocess _queue _random resource select _ssl _socket spwd \ + _statistics _struct syslog termios _testbuffer _testimportmultiple \ + _testmultiphase unicodedata zlib _ctypes_test _testinternalcapi _testcapi \ + _typing _testclinic xxlimited xxlimited_35 \ + _xxtestfuzz _xxsubinterpreters _elementtree pyexpat _md5 _sha1 \ + _sha256 _sha512 _blake2 _sha3 _uuid _zoneinfo +do + eval rm "%{buildroot}%{sitedir}/lib-dynload/$library.*" +done + +# Idle is not packaged in base due to the appstream-glib dependency +# move idle config into /etc +install -d -m 755 %{buildroot}%{_sysconfdir}/idle%{python_version} +( + cd %{buildroot}/%{sitedir}/idlelib/ + for file in *.def ; do + mv $file %{buildroot}%{_sysconfdir}/idle%{python_version}/ + ln -sf %{_sysconfdir}/idle%{python_version}/$file %{buildroot}/%{sitedir}/idlelib/ + done +) + +# keep just idle3.X +rm %{buildroot}%{_bindir}/idle3 + +# install idle icons +for size in 16 32 48 ; do + install -m 644 -D Lib/idlelib/Icons/idle_${size}.png \ + %{buildroot}%{_datadir}/icons/hicolor/${size}x${size}/apps/idle%{python_version}.png +done + +# install idle desktop file +cp %{SOURCE19} idle%{python_version}.desktop +sed -i -e 's:idle3:idle%{python_version}:g' idle%{python_version}.desktop +install -m 644 -D -t %{buildroot}%{_datadir}/applications idle%{python_version}.desktop + +cp %{SOURCE20} idle%{python_version}.appdata.xml +sed -i -e 's:idle3.desktop:idle%{python_version}.desktop:g' idle%{python_version}.appdata.xml +install -m 644 -D -t %{buildroot}%{_datadir}/metainfo idle%{python_version}.appdata.xml +appstream-util validate-relax --nonet %{buildroot}%{_datadir}/metainfo/idle%{python_version}.appdata.xml + +%fdupes %{buildroot}/%{_libdir}/python%{python_version} +%endif +%if %{with base} +%make_install + +# remove .a +find %{buildroot} -name "*.a" -delete + +# install "site-packages" and __pycache__ for third parties +install -d -m 755 %{buildroot}%{sitedir}/site-packages +install -d -m 755 %{buildroot}%{sitedir}/site-packages/__pycache__ +# and their 32bit counterparts explicitly +mkdir -p %{buildroot}%{_prefix}/lib/python%{python_version}/site-packages/__pycache__ + +# cleanup parts that don't belong +for dir in curses dbm sqlite3 tkinter idlelib; do + find "%{buildroot}/%{sitedir}/$dir"/* -maxdepth 0 -name "test" -o -exec rm -rf {} + +done +rm -fv %{buildroot}%{dynlib nis} + +# overwrite the copied binary with a link +ln -sf python%{python_version} %{buildroot}%{_bindir}/python3 + +# decide to ship python3 or just python3.X +%if !%{primary_interpreter} +# base +rm %{buildroot}%{_bindir}/python3 +rm %{buildroot}%{_bindir}/pydoc3 +rm %{buildroot}%{_mandir}/man1/python3.1 +# devel +rm %{buildroot}%{_bindir}/python3-config +rm %{buildroot}%{_libdir}/libpython3.so +rm %{buildroot}%{_libdir}/pkgconfig/{python3,python3-embed}.pc +%endif + +%if %{suse_version} > 1550 +# PEP-0668 mark this as a distro maintained python +sed -e 's,__PYTHONPREFIX__,%{python_pkg_name},' -e 's,__PYTHON__,python%{python_version},' < %{SOURCE4} > %{buildroot}%{sitedir}/EXTERNALLY-MANAGED +%endif + +# link shared library instead of static library that tools expect +ln -s ../../libpython%{python_abi}.so %{buildroot}%{_libdir}/python%{python_version}/config-%{python_abi}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}/libpython%{python_abi}.so + +# delete idle3, which has to many packaging dependencies for base +rm %{buildroot}%{_bindir}/idle3* + +# delete the generic 2to3 binary if we are not primary +%if !%{primary_interpreter} +rm %{buildroot}%{_bindir}/2to3 +%endif + +# replace duplicate .pyo/.pyc with hardlinks +%fdupes %{buildroot}/%{sitedir} + +# documentation +export PDOCS=%{buildroot}%{_docdir}/%{name} +install -d -m 755 $PDOCS +install -c -m 644 %{SOURCE3} $PDOCS/ +install -c -m 644 README.rst $PDOCS/ + +# tools +for x in `find Tools/ \( -not -name Makefile \) -print | sort` ; do + test -d $x && ( install -c -m 755 -d $PDOCS/$x ) \ + || ( install -c -m 644 $x $PDOCS/$x ) +done +# gdb script is shipped with devel subpackage +rm -r $PDOCS/Tools/gdb +# clean up the bat files +find "$PDOCS" -name "*.bat" -delete + +# put gdb helper script into place +install -m 755 -D Tools/gdb/libpython.py %{buildroot}%{_datadir}/gdb/auto-load/%{_libdir}/libpython%{python_abi}.so.%{so_major}.%{so_minor}-gdb.py + +# install devel files to /config +#cp Makefile Makefile.pre.in Makefile.pre $RPM_BUILD_ROOT%%{sitedir}/config-%%{python_abi}/ + +# RPM macros +%if %{primary_interpreter} +mkdir -p %{buildroot}%{_rpmconfigdir}/macros.d/ +install -m 644 %{SOURCE7} %{buildroot}%{_rpmconfigdir}/macros.d/ # macros.python3 +%endif + +# import_failed hooks +FAILDIR=%{buildroot}/%{sitedir}/_import_failed +mkdir $FAILDIR +install -m 644 %{SOURCE8} %{SOURCE9} $FAILDIR # import_failed.* +LD_LIBRARY_PATH=. ./python -c "from py_compile import compile; compile('$FAILDIR/import_failed.py', dfile='%{sitedir}/_import_failed/import_failed.py')" +LD_LIBRARY_PATH=. ./python -O -c "from py_compile import compile; compile('$FAILDIR/import_failed.py', dfile='%{sitedir}/_import_failed/import_failed.py')" +( + cd $FAILDIR + while read package modules; do + for module in $modules; do + ln import_failed.py $module.py + pushd __pycache__ + for i in import_failed*; do + ln $i "$module${i#import_failed}" + done + popd + done + done < %{SOURCE9} +) +echo %{sitedir}/_import_failed > %{buildroot}/%{sitedir}/site-packages/zzzz-import-failed-hooks.pth +%endif + +# For the purposes of reproducibility, it is necessary to eliminate any *.pyc files inside documentation dirs +if [ -d %{buildroot}%{_defaultdocdir} ] ; then +find %{buildroot}%{_defaultdocdir} -type f -name \*.pyc -ls -exec rm -vf '{}' \; +fi + +%if %{with general} +%files -n %{python_pkg_name}-tk +%{sitedir}/tkinter +%exclude %{sitedir}/tkinter/test +%{dynlib _tkinter} + +%files -n %{python_pkg_name}-curses +%{sitedir}/curses +%{dynlib _curses} +%{dynlib _curses_panel} + +%files -n %{python_pkg_name}-dbm +%{sitedir}/dbm +%{dynlib _dbm} +%{dynlib _gdbm} + +%files -n %{python_pkg_name} +%dir %{sitedir} +%dir %{sitedir}/lib-dynload +%{sitedir}/sqlite3 +%exclude %{sitedir}/sqlite3/test +%{dynlib readline} +%{dynlib _sqlite3} +%if 0%{?suse_version} < 1599 +%{dynlib nis} +%endif + +%files -n %{python_pkg_name}-idle +%{sitedir}/idlelib +%dir %{_sysconfdir}/idle%{python_version} +%config %{_sysconfdir}/idle%{python_version}/* +%doc Lib/idlelib/README.txt +%doc Lib/idlelib/TODO.txt +%doc Lib/idlelib/extend.txt +%doc Lib/idlelib/ChangeLog +%{_bindir}/idle%{python_version} +%{_datadir}/applications/idle%{python_version}.desktop +%{_datadir}/metainfo/idle%{python_version}.appdata.xml +%{_datadir}/icons/hicolor/*/apps/idle%{python_version}.png +%dir %{_datadir}/icons/hicolor +%dir %{_datadir}/icons/hicolor/16x16 +%dir %{_datadir}/icons/hicolor/32x32 +%dir %{_datadir}/icons/hicolor/48x48 +%dir %{_datadir}/icons/hicolor/*/apps +# endif for if general +%endif + +%if %{with doc} +%files -n %{python_pkg_name}-doc +%dir %{_docdir}/python%{python_version} +%doc %{_docdir}/python%{python_version}/Misc +%doc %{_docdir}/python%{python_version}/html + +%files -n %{python_pkg_name}-doc-devhelp +%dir %{_datadir}/gtk-doc +%dir %{_datadir}/gtk-doc/html +%doc %{_datadir}/gtk-doc/html/Python%{python_version} +%endif + +%if %{with base} +%post -n libpython%{so_version} -p /sbin/ldconfig +%postun -n libpython%{so_version} -p /sbin/ldconfig + +%files -n libpython%{so_version} +%{_libdir}/libpython%{python_abi}.so.%{so_major}.%{so_minor} + +%files -n %{python_pkg_name}-tools +%{sitedir}/turtledemo +%if %{primary_interpreter} +%{_bindir}/2to3 +%endif +%attr(755, root, root)%{_bindir}/2to3-%{python_version} +%doc %{_docdir}/%{name}/Tools + +%files -n %{python_pkg_name}-devel +%{_libdir}/libpython%{python_abi}.so +%if %{primary_interpreter} +%{_libdir}/libpython3.so +%endif +%{_libdir}/pkgconfig/* +%{_includedir}/python%{python_abi} +%{sitedir}/config-%{python_abi}-* +%{_bindir}/python%{python_abi}-config +%if %{primary_interpreter} +%{_bindir}/python3-config +%endif +# Own these directories to not depend on gdb +%dir %{_datadir}/gdb +%dir %{_datadir}/gdb/auto-load +%dir %{_datadir}/gdb/auto-load%{_prefix} +%dir %{_datadir}/gdb/auto-load%{_libdir} +%{_datadir}/gdb/auto-load/%{_libdir}/libpython%{python_abi}.so.%{so_major}.%{so_minor}-gdb.py + +%files -n %{python_pkg_name}-testsuite +%{sitedir}/test +%{sitedir}/*/test +%{sitedir}/*/tests +%{dynlib _ctypes_test} +%{dynlib _testbuffer} +%{dynlib _testcapi} +%{dynlib _testclinic} +%{dynlib _testinternalcapi} +%{dynlib _testimportmultiple} +%{dynlib _testmultiphase} +%{dynlib xxlimited} +# workaround for missing packages +%dir %{sitedir}/sqlite3 +%dir %{sitedir}/tkinter + +%files -n %{python_pkg_name}-base +# docs +%dir %{_docdir}/%{name} +%doc %{_docdir}/%{name}/README.rst +%license LICENSE +%doc %{_docdir}/%{name}/README.SUSE +%if %{primary_interpreter} +%{_mandir}/man1/python3.1%{?ext_man} +%endif +%{_mandir}/man1/python%{python_version}.1%{?ext_man} +%if 0%{?suse_version} > 1550 +# PEP-0668 +%{sitedir}/EXTERNALLY-MANAGED +%endif +# license text, not a doc because the code can use it at run-time +%{sitedir}/LICENSE.txt +# RPM macros +%if %{primary_interpreter} +%{_rpmconfigdir}/macros.d/macros.python3 +%endif +# binary parts +%dir %{sitedir}/lib-dynload +%{dynlib array} +%{dynlib _asyncio} +%{dynlib audioop} +%{dynlib binascii} +%{dynlib _bisect} +%{dynlib _bz2} +%{dynlib cmath} +%{dynlib _codecs_cn} +%{dynlib _codecs_hk} +%{dynlib _codecs_iso2022} +%{dynlib _codecs_jp} +%{dynlib _codecs_kr} +%{dynlib _codecs_tw} +%{dynlib _contextvars} +%{dynlib _crypt} +%{dynlib _csv} +%{dynlib _ctypes} +%{dynlib _datetime} +%{dynlib _decimal} +%{dynlib _elementtree} +%{dynlib fcntl} +%{dynlib grp} +%{dynlib _hashlib} +%{dynlib _heapq} +%{dynlib _json} +%{dynlib _lsprof} +%{dynlib _lzma} +%{dynlib math} +%{dynlib mmap} +%{dynlib _multibytecodec} +%{dynlib _multiprocessing} +%{dynlib _opcode} +%{dynlib ossaudiodev} +%{dynlib _pickle} +%{dynlib _posixshmem} +%{dynlib _posixsubprocess} +%{dynlib pyexpat} +%{dynlib _queue} +%{dynlib _random} +%{dynlib resource} +%{dynlib select} +%{dynlib _socket} +%{dynlib spwd} +%{dynlib _ssl} +%{dynlib _statistics} +%{dynlib _struct} +%{dynlib syslog} +%{dynlib termios} +%{dynlib _typing} +%{dynlib unicodedata} +%{dynlib _uuid} +%{dynlib _xxsubinterpreters} +%{dynlib _xxtestfuzz} +%{dynlib xxlimited_35} +%{dynlib zlib} +%{dynlib _zoneinfo} +# hashlib fallback modules +%{dynlib _blake2} +%{dynlib _md5} +%{dynlib _sha1} +%{dynlib _sha256} +%{dynlib _sha512} +%{dynlib _sha3} +# python parts +%dir %{_prefix}/lib/python%{python_version} +%dir %{_prefix}/lib/python%{python_version}/site-packages +%dir %{_prefix}/lib/python%{python_version}/site-packages/__pycache__ +%dir %{sitedir} +%dir %{sitedir}/site-packages +%dir %{sitedir}/site-packages/__pycache__ +%exclude %{sitedir}/*/test +%exclude %{sitedir}/*/tests +%{sitedir}/*.py +%{sitedir}/asyncio +%{sitedir}/ctypes +%{sitedir}/collections +%{sitedir}/concurrent +%{sitedir}/distutils +%{sitedir}/email +%{sitedir}/encodings +%{sitedir}/ensurepip +%{sitedir}/html +%{sitedir}/http +%{sitedir}/importlib +%{sitedir}/json +%{sitedir}/lib2to3 +%{sitedir}/logging +%{sitedir}/multiprocessing +%{sitedir}/pydoc_data +%{sitedir}/re +%{sitedir}/tomllib +%{sitedir}/unittest +%{sitedir}/urllib +%{sitedir}/venv +%{sitedir}/wsgiref +%{sitedir}/xml +%{sitedir}/xmlrpc +%{sitedir}/zoneinfo +%{sitedir}/__phello__ +%{sitedir}/__pycache__ +# import-failed hooks +%{sitedir}/_import_failed +%{sitedir}/site-packages/zzzz-import-failed-hooks.pth +# symlinks +%if %{primary_interpreter} +%{_bindir}/python3 +%{_bindir}/pydoc3 +%endif +# executables +%attr(755, root, root) %{_bindir}/pydoc%{python_version} +# %%attr(755, root, root) %%{_bindir}/python%%{python_abi} +%attr(755, root, root) %{_bindir}/python%{python_version} +# endif for if base +%endif + +%changelog diff --git a/skip-test_pyobject_freed_is_freed.patch b/skip-test_pyobject_freed_is_freed.patch new file mode 100644 index 0000000..6f48b09 --- /dev/null +++ b/skip-test_pyobject_freed_is_freed.patch @@ -0,0 +1,23 @@ +--- + Lib/test/test_capi/test_misc.py | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/Lib/test/test_capi/test_misc.py ++++ b/Lib/test/test_capi/test_misc.py +@@ -40,6 +40,8 @@ import _testinternalcapi + # Were we compiled --with-pydebug or with #define Py_DEBUG? + Py_DEBUG = hasattr(sys, 'gettotalrefcount') + ++# Which version of the SLE distro we build on? ++SLE_VERSION = int(os.environ.get('SLE_VERSION', '0'), 10) + + NULL = None + +@@ -1281,6 +1283,7 @@ class PyMemDebugTests(unittest.TestCase) + def test_pyobject_forbidden_bytes_is_freed(self): + self.check_pyobject_is_freed('check_pyobject_forbidden_bytes_is_freed') + ++ @unittest.skipIf(0 < SLE_VERSION < 150300, 'Failing on Leap 15.*') + def test_pyobject_freed_is_freed(self): + self.check_pyobject_is_freed('check_pyobject_freed_is_freed') + diff --git a/skip_if_buildbot-extend.patch b/skip_if_buildbot-extend.patch new file mode 100644 index 0000000..fd9a584 --- /dev/null +++ b/skip_if_buildbot-extend.patch @@ -0,0 +1,15 @@ +--- + Lib/test/support/__init__.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/Lib/test/support/__init__.py ++++ b/Lib/test/support/__init__.py +@@ -384,7 +384,7 @@ def skip_if_buildbot(reason=None): + if not reason: + reason = 'not suitable for buildbots' + try: +- isbuildbot = getpass.getuser().lower() == 'buildbot' ++ isbuildbot = getpass.getuser().lower() in ['buildbot', 'abuild'] + except (KeyError, EnvironmentError) as err: + warnings.warn(f'getpass.getuser() failed {err}.', RuntimeWarning) + isbuildbot = False diff --git a/skipped_tests.py b/skipped_tests.py new file mode 100644 index 0000000..47002e6 --- /dev/null +++ b/skipped_tests.py @@ -0,0 +1,69 @@ +#!/usr/bin/python3 +""" +Simple regexp-based skipped test checker. +It lists tests that are mentioned (presumably for exclusion) +in BASE, and in MAIN (presumably for inclusion) +and reports discrepancies. + +This will have a number of +""" + +MAIN = "python39.spec" + +import glob +import re +from os.path import basename + +alltests = set() +qemu_exclusions = set() + +for item in glob.glob("Python-*/Lib/test/test_*"): + testname = basename(item) + if testname.endswith(".py"): + testname = testname[:-3] + alltests.add(testname) + +testre = re.compile(r'[\s"](test_\w+)\b') + +def find_tests_in_spec(specname): + global qemu_exclusions + + found_tests = set() + with open(specname) as spec: + in_qemu = False + for line in spec: + line = line.strip() + if "#" in line: + line = line[:line.index("#")] + tests = set(testre.findall(line)) + found_tests |= tests + if line == "%if 0%{?qemu_user_space_build} > 0": + in_qemu = True + if in_qemu: + if line == "%endif": + in_qemu = False + qemu_exclusions |= tests + return found_tests + +excluded = find_tests_in_spec(MAIN) + +#print("--- excluded tests:", " ".join(sorted(excluded))) +#print("--- included tests:", " ".join(sorted(included))) + +mentioned = excluded +nonexistent = mentioned - alltests +missing = excluded - qemu_exclusions + +print("--- the following tests are excluded for QEMU and not tested in python") +print("--- (that probably means we don't need to worry about them)") +for test in sorted(qemu_exclusions - excluded): + print(test) + +print("--- the following tests might be excluded in python:") +for test in sorted(missing): + print(test) + +if nonexistent: + print("--- the following tests don't exist:") + for test in sorted(nonexistent): + print(test) diff --git a/subprocess-raise-timeout.patch b/subprocess-raise-timeout.patch new file mode 100644 index 0000000..ab29d50 --- /dev/null +++ b/subprocess-raise-timeout.patch @@ -0,0 +1,18 @@ +--- + Lib/test/test_subprocess.py | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +Index: Python-3.11.8/Lib/test/test_subprocess.py +=================================================================== +--- Python-3.11.8.orig/Lib/test/test_subprocess.py ++++ Python-3.11.8/Lib/test/test_subprocess.py +@@ -280,7 +280,8 @@ class ProcessTestCase(BaseTestCase): + "time.sleep(3600)"], + # Some heavily loaded buildbots (sparc Debian 3.x) require + # this much time to start and print. +- timeout=3) ++ # OBS might require even more ++ timeout=10) + self.fail("Expected TimeoutExpired.") + self.assertEqual(c.exception.output, b'BDFL') + -- 2.51.1 From 48c55378658105e3c2746977b713cb1025f142f516baf1946401557f3760ae51 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Thu, 14 Nov 2024 07:14:37 +0000 Subject: [PATCH 105/135] - Remove -IVendor/ from python-config boo#1231795 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=149 --- .gitattributes | 23 + .gitignore | 1 + CVE-2023-52425-libexpat-2.6.0-backport.patch | 223 + ...-52425-remove-reparse_deferral-tests.patch | 60 + CVE-2024-9287-venv_path_unquoted.patch | 299 + F00251-change-user-install-location.patch | 215 + PACKAGING-NOTES | 26 + Python-3.11.10.tar.xz | 3 + Python-3.11.10.tar.xz.asc | 16 + README.SUSE | 43 + _multibuild | 4 + baselibs.conf | 3 + bluez-devel-vendor.tar.xz | 3 + bpo-31046_ensurepip_honours_prefix.patch | 173 + bsc1221260-test_asyncio-ResourceWarning.patch | 21 + bso1227999-reproducible-builds.patch | 37 + distutils-reproducible-compile.patch | 17 + externally_managed.in | 12 + fix_configure_rst.patch | 40 + gh120226-fix-sendfile-test-kernel-610.patch | 35 + idle3.appdata.xml | 35 + idle3.desktop | 12 + import_failed.map | 7 + import_failed.py | 23 + macros.python3 | 28 + no-skipif-doctests.patch | 653 ++ pre_checkin.sh | 78 + python-3.3.0b1-fix_date_time_compiler.patch | 27 + python-3.3.0b1-localpath.patch | 13 + python-3.3.0b1-test-posix_fadvise.patch | 17 + python.keyring | 109 + python311-rpmlintrc | 3 + python311.changes | 5456 +++++++++++++++++ python311.spec | 1053 ++++ skip-test_pyobject_freed_is_freed.patch | 23 + skip_if_buildbot-extend.patch | 15 + skipped_tests.py | 69 + subprocess-raise-timeout.patch | 18 + 38 files changed, 8893 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 CVE-2023-52425-libexpat-2.6.0-backport.patch create mode 100644 CVE-2023-52425-remove-reparse_deferral-tests.patch create mode 100644 CVE-2024-9287-venv_path_unquoted.patch create mode 100644 F00251-change-user-install-location.patch create mode 100644 PACKAGING-NOTES create mode 100644 Python-3.11.10.tar.xz create mode 100644 Python-3.11.10.tar.xz.asc create mode 100644 README.SUSE create mode 100644 _multibuild create mode 100644 baselibs.conf create mode 100644 bluez-devel-vendor.tar.xz create mode 100644 bpo-31046_ensurepip_honours_prefix.patch create mode 100644 bsc1221260-test_asyncio-ResourceWarning.patch create mode 100644 bso1227999-reproducible-builds.patch create mode 100644 distutils-reproducible-compile.patch create mode 100644 externally_managed.in create mode 100644 fix_configure_rst.patch create mode 100644 gh120226-fix-sendfile-test-kernel-610.patch create mode 100644 idle3.appdata.xml create mode 100644 idle3.desktop create mode 100644 import_failed.map create mode 100644 import_failed.py create mode 100644 macros.python3 create mode 100644 no-skipif-doctests.patch create mode 100644 pre_checkin.sh create mode 100644 python-3.3.0b1-fix_date_time_compiler.patch create mode 100644 python-3.3.0b1-localpath.patch create mode 100644 python-3.3.0b1-test-posix_fadvise.patch create mode 100644 python.keyring create mode 100644 python311-rpmlintrc create mode 100644 python311.changes create mode 100644 python311.spec create mode 100644 skip-test_pyobject_freed_is_freed.patch create mode 100644 skip_if_buildbot-extend.patch create mode 100644 skipped_tests.py create mode 100644 subprocess-raise-timeout.patch diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/CVE-2023-52425-libexpat-2.6.0-backport.patch b/CVE-2023-52425-libexpat-2.6.0-backport.patch new file mode 100644 index 0000000..c1c66b7 --- /dev/null +++ b/CVE-2023-52425-libexpat-2.6.0-backport.patch @@ -0,0 +1,223 @@ +--- + Lib/test/support/__init__.py | 16 ++++++++++++++-- + Lib/test/test_minidom.py | 23 +++++++++-------------- + Lib/test/test_pyexpat.py | 12 +++++------- + Lib/test/test_sax.py | 18 +++++++++--------- + Lib/test/test_xml_etree.py | 12 ------------ + 5 files changed, 37 insertions(+), 44 deletions(-) + +--- a/Lib/test/support/__init__.py ++++ b/Lib/test/support/__init__.py +@@ -8,6 +8,7 @@ import dataclasses + import functools + import os + import re ++import pyexpat + import stat + import sys + import sysconfig +@@ -56,7 +57,7 @@ __all__ = [ + "run_with_tz", "PGO", "missing_compiler_executable", + "ALWAYS_EQ", "NEVER_EQ", "LARGEST", "SMALLEST", + "LOOPBACK_TIMEOUT", "INTERNET_TIMEOUT", "SHORT_TIMEOUT", "LONG_TIMEOUT", +- "skip_on_s390x", ++ "skip_on_s390x", "fails_with_expat_2_6_0", "is_expat_2_6_0" + ] + + +@@ -2240,6 +2241,17 @@ def copy_python_src_ignore(path, names): + } + return ignored + +-#Windows doesn't have os.uname() but it doesn't support s390x. ++ ++# Windows doesn't have os.uname() but it doesn't support s390x. + skip_on_s390x = unittest.skipIf(hasattr(os, 'uname') and os.uname().machine == 's390x', + 'skipped on s390x') ++ ++ ++@functools.lru_cache ++def _is_expat_2_6_0(): ++ return hasattr(pyexpat.ParserCreate(), 'SetReparseDeferralEnabled') ++is_expat_2_6_0 = _is_expat_2_6_0() ++ ++fails_with_expat_2_6_0 = (unittest.expectedFailure ++ if is_expat_2_6_0 ++ else lambda test: test) +--- a/Lib/test/test_minidom.py ++++ b/Lib/test/test_minidom.py +@@ -6,7 +6,6 @@ import io + from test import support + import unittest + +-import pyexpat + import xml.dom.minidom + + from xml.dom.minidom import parse, Attr, Node, Document, parseString +@@ -1163,13 +1162,11 @@ class MinidomTest(unittest.TestCase): + + # Verify that character decoding errors raise exceptions instead + # of crashing +- if pyexpat.version_info >= (2, 4, 5): +- self.assertRaises(ExpatError, parseString, +- b'') +- self.assertRaises(ExpatError, parseString, +- b'Comment \xe7a va ? Tr\xe8s bien ?') +- else: +- self.assertRaises(UnicodeDecodeError, parseString, ++ # It doesn’t make any sense to insist on the exact text of the ++ # error message, or even the exact Exception … it is enough that ++ # the error has been discovered. ++ with self.assertRaises((UnicodeDecodeError, ExpatError)): ++ parseString( + b'Comment \xe7a va ? Tr\xe8s bien ?') + + doc.unlink() +@@ -1631,12 +1628,10 @@ class MinidomTest(unittest.TestCase): + self.confirm(doc2.namespaceURI == xml.dom.EMPTY_NAMESPACE) + + def testExceptionOnSpacesInXMLNSValue(self): +- if pyexpat.version_info >= (2, 4, 5): +- context = self.assertRaisesRegex(ExpatError, 'syntax error') +- else: +- context = self.assertRaisesRegex(ValueError, 'Unsupported syntax') +- +- with context: ++ # It doesn’t make any sense to insist on the exact text of the ++ # error message, or even the exact Exception … it is enough that ++ # the error has been discovered. ++ with self.assertRaises((ExpatError, ValueError)): + parseString('') + + def testDocRemoveChild(self): +--- a/Lib/test/test_pyexpat.py ++++ b/Lib/test/test_pyexpat.py +@@ -14,8 +14,7 @@ from test.support import os_helper + from xml.parsers import expat + from xml.parsers.expat import errors + +-from test.support import sortdict, is_emscripten, is_wasi +- ++from test.support import sortdict, is_emscripten, is_wasi, is_expat_2_6_0 + + class SetAttributeTest(unittest.TestCase): + def setUp(self): +@@ -770,9 +769,8 @@ class ReparseDeferralTest(unittest.TestC + self.assertIs(parser.GetReparseDeferralEnabled(), enabled) + + def test_reparse_deferral_enabled(self): +- if expat.version_info < (2, 6, 0): +- self.skipTest(f'Expat {expat.version_info} does not ' +- 'support reparse deferral') ++ if not is_expat_2_6_0: ++ self.skipTest("Linked libexpat doesn't support reparse deferral") + + started = [] + +@@ -801,9 +799,9 @@ class ReparseDeferralTest(unittest.TestC + + parser = expat.ParserCreate() + parser.StartElementHandler = start_element +- if expat.version_info >= (2, 6, 0): ++ if is_expat_2_6_0: + parser.SetReparseDeferralEnabled(False) +- self.assertFalse(parser.GetReparseDeferralEnabled()) ++ self.assertFalse(parser.GetReparseDeferralEnabled()) + + for chunk in (b''): + parser.Parse(chunk, False) +--- a/Lib/test/test_sax.py ++++ b/Lib/test/test_sax.py +@@ -19,13 +19,11 @@ from xml.sax.xmlreader import InputSourc + from io import BytesIO, StringIO + import codecs + import os.path +-import pyexpat + import shutil + import sys + from urllib.error import URLError + import urllib.request +-from test.support import os_helper +-from test.support import findfile ++from test.support import os_helper, findfile, is_expat_2_6_0 + from test.support.os_helper import FakePath, TESTFN + + +@@ -1215,10 +1213,10 @@ class ExpatReaderTest(XmlTestBase): + + self.assertEqual(result.getvalue(), start + b"text") + +- @unittest.skipIf(pyexpat.version_info < (2, 6, 0), +- f'Expat {pyexpat.version_info} does not ' +- 'support reparse deferral') + def test_flush_reparse_deferral_enabled(self): ++ if not is_expat_2_6_0: ++ self.skipTest("Linked libexpat doesn't support reparse deferral") ++ + result = BytesIO() + xmlgen = XMLGenerator(result) + parser = create_parser() +@@ -1241,6 +1239,9 @@ class ExpatReaderTest(XmlTestBase): + self.assertEqual(result.getvalue(), start + b"") + + def test_flush_reparse_deferral_disabled(self): ++ if not is_expat_2_6_0: ++ self.skipTest("Linked libexpat doesn't support reparse deferral") ++ + result = BytesIO() + xmlgen = XMLGenerator(result) + parser = create_parser() +@@ -1249,9 +1250,8 @@ class ExpatReaderTest(XmlTestBase): + for chunk in (""): + parser.feed(chunk) + +- if pyexpat.version_info >= (2, 6, 0): +- parser._parser.SetReparseDeferralEnabled(False) +- self.assertEqual(result.getvalue(), start) # i.e. no elements started ++ parser._parser.SetReparseDeferralEnabled(False) ++ self.assertEqual(result.getvalue(), start) # i.e. no elements started + + self.assertFalse(parser._parser.GetReparseDeferralEnabled()) + +--- a/Lib/test/test_xml_etree.py ++++ b/Lib/test/test_xml_etree.py +@@ -13,7 +13,6 @@ import itertools + import operator + import os + import pickle +-import pyexpat + import sys + import textwrap + import types +@@ -1424,12 +1423,6 @@ class XMLPullParserTest(unittest.TestCas + self.assert_event_tags(parser, [('end', 'root')]) + self.assertIsNone(parser.close()) + +- def test_simple_xml_chunk_1(self): +- self.test_simple_xml(chunk_size=1, flush=True) +- +- def test_simple_xml_chunk_5(self): +- self.test_simple_xml(chunk_size=5, flush=True) +- + def test_simple_xml_chunk_22(self): + self.test_simple_xml(chunk_size=22) + +@@ -1627,9 +1620,6 @@ class XMLPullParserTest(unittest.TestCas + with self.assertRaises(ValueError): + ET.XMLPullParser(events=('start', 'end', 'bogus')) + +- @unittest.skipIf(pyexpat.version_info < (2, 6, 0), +- f'Expat {pyexpat.version_info} does not ' +- 'support reparse deferral') + def test_flush_reparse_deferral_enabled(self): + parser = ET.XMLPullParser(events=('start', 'end')) + +@@ -1656,8 +1646,6 @@ class XMLPullParserTest(unittest.TestCas + + for chunk in (""): + parser.feed(chunk) +- +- if pyexpat.version_info >= (2, 6, 0): + if not ET is pyET: + self.skipTest(f'XMLParser.(Get|Set)ReparseDeferralEnabled ' + 'methods not available in C') diff --git a/CVE-2023-52425-remove-reparse_deferral-tests.patch b/CVE-2023-52425-remove-reparse_deferral-tests.patch new file mode 100644 index 0000000..553bdf8 --- /dev/null +++ b/CVE-2023-52425-remove-reparse_deferral-tests.patch @@ -0,0 +1,60 @@ +--- + Lib/test/test_pyexpat.py | 2 ++ + Lib/test/test_sax.py | 2 ++ + Lib/test/test_xml_etree.py | 2 ++ + 3 files changed, 6 insertions(+) + +--- a/Lib/test/test_pyexpat.py ++++ b/Lib/test/test_pyexpat.py +@@ -768,6 +768,7 @@ class ReparseDeferralTest(unittest.TestC + parser.SetReparseDeferralEnabled(True) + self.assertIs(parser.GetReparseDeferralEnabled(), enabled) + ++ @unittest.skip('Tests are failing.') + def test_reparse_deferral_enabled(self): + if not is_expat_2_6_0: + self.skipTest("Linked libexpat doesn't support reparse deferral") +@@ -791,6 +792,7 @@ class ReparseDeferralTest(unittest.TestC + + self.assertEqual(started, ['doc']) + ++ @unittest.skip('Tests are failing.') + def test_reparse_deferral_disabled(self): + started = [] + +--- a/Lib/test/test_sax.py ++++ b/Lib/test/test_sax.py +@@ -1213,6 +1213,7 @@ class ExpatReaderTest(XmlTestBase): + + self.assertEqual(result.getvalue(), start + b"text") + ++ @unittest.skip('Tests are failing.') + def test_flush_reparse_deferral_enabled(self): + if not is_expat_2_6_0: + self.skipTest("Linked libexpat doesn't support reparse deferral") +@@ -1238,6 +1239,7 @@ class ExpatReaderTest(XmlTestBase): + + self.assertEqual(result.getvalue(), start + b"") + ++ @unittest.skip('Tests are failing.') + def test_flush_reparse_deferral_disabled(self): + if not is_expat_2_6_0: + self.skipTest("Linked libexpat doesn't support reparse deferral") +--- a/Lib/test/test_xml_etree.py ++++ b/Lib/test/test_xml_etree.py +@@ -1620,6 +1620,7 @@ class XMLPullParserTest(unittest.TestCas + with self.assertRaises(ValueError): + ET.XMLPullParser(events=('start', 'end', 'bogus')) + ++ @unittest.skip('Tests are failing.') + def test_flush_reparse_deferral_enabled(self): + parser = ET.XMLPullParser(events=('start', 'end')) + +@@ -1641,6 +1642,7 @@ class XMLPullParserTest(unittest.TestCas + + self.assert_event_tags(parser, [('end', 'doc')]) + ++ @unittest.skip('Tests are failing.') + def test_flush_reparse_deferral_disabled(self): + parser = ET.XMLPullParser(events=('start', 'end')) + diff --git a/CVE-2024-9287-venv_path_unquoted.patch b/CVE-2024-9287-venv_path_unquoted.patch new file mode 100644 index 0000000..541a907 --- /dev/null +++ b/CVE-2024-9287-venv_path_unquoted.patch @@ -0,0 +1,299 @@ +From 1408cc9bf9e8b19968761548c30b78d37074c21c Mon Sep 17 00:00:00 2001 +From: Y5 <124019959+y5c4l3@users.noreply.github.com> +Date: Tue, 22 Oct 2024 04:48:04 +0800 +Subject: [PATCH] gh-124651: Quote template strings in `venv` activation + scripts (GH-124712) + +This patch properly quotes template strings in `venv` activation +scripts. This mitigates potential command injection. + +(cherry picked from commit d48cc82ed25e26b02eb97c6263d95dcaa1e9111b) +--- + Lib/test/test_venv.py | 81 ++++++++++ + Lib/venv/__init__.py | 42 ++++- + Lib/venv/scripts/common/activate | 8 + Lib/venv/scripts/nt/activate.bat | 6 + Lib/venv/scripts/posix/activate.csh | 8 + Lib/venv/scripts/posix/activate.fish | 8 + Misc/NEWS.d/next/Library/2024-09-28-02-03-04.gh-issue-124651.bLBGtH.rst | 1 + 7 files changed, 134 insertions(+), 20 deletions(-) + create mode 100644 Misc/NEWS.d/next/Library/2024-09-28-02-03-04.gh-issue-124651.bLBGtH.rst + +--- a/Lib/test/test_venv.py ++++ b/Lib/test/test_venv.py +@@ -11,6 +11,7 @@ import os + import os.path + import pathlib + import re ++import shlex + import shutil + import struct + import subprocess +@@ -96,6 +97,10 @@ class BaseTest(unittest.TestCase): + result = f.read() + return result + ++ def assertEndsWith(self, string, tail): ++ if not string.endswith(tail): ++ self.fail(f"String {string!r} does not end with {tail!r}") ++ + class BasicTest(BaseTest): + """Test venv module functionality.""" + +@@ -446,6 +451,82 @@ class BasicTest(BaseTest): + 'import sys; print(sys.executable)']) + self.assertEqual(out.strip(), envpy.encode()) + ++ # gh-124651: test quoted strings ++ @unittest.skipIf(os.name == 'nt', 'contains invalid characters on Windows') ++ def test_special_chars_bash(self): ++ """ ++ Test that the template strings are quoted properly (bash) ++ """ ++ rmtree(self.env_dir) ++ bash = shutil.which('bash') ++ if bash is None: ++ self.skipTest('bash required for this test') ++ env_name = '"\';&&$e|\'"' ++ env_dir = os.path.join(os.path.realpath(self.env_dir), env_name) ++ builder = venv.EnvBuilder(clear=True) ++ builder.create(env_dir) ++ activate = os.path.join(env_dir, self.bindir, 'activate') ++ test_script = os.path.join(self.env_dir, 'test_special_chars.sh') ++ with open(test_script, "w") as f: ++ f.write(f'source {shlex.quote(activate)}\n' ++ 'python -c \'import sys; print(sys.executable)\'\n' ++ 'python -c \'import os; print(os.environ["VIRTUAL_ENV"])\'\n' ++ 'deactivate\n') ++ out, err = check_output([bash, test_script]) ++ lines = out.splitlines() ++ self.assertTrue(env_name.encode() in lines[0]) ++ self.assertEndsWith(lines[1], env_name.encode()) ++ ++ # gh-124651: test quoted strings ++ @unittest.skipIf(os.name == 'nt', 'contains invalid characters on Windows') ++ def test_special_chars_csh(self): ++ """ ++ Test that the template strings are quoted properly (csh) ++ """ ++ rmtree(self.env_dir) ++ csh = shutil.which('tcsh') or shutil.which('csh') ++ if csh is None: ++ self.skipTest('csh required for this test') ++ env_name = '"\';&&$e|\'"' ++ env_dir = os.path.join(os.path.realpath(self.env_dir), env_name) ++ builder = venv.EnvBuilder(clear=True) ++ builder.create(env_dir) ++ activate = os.path.join(env_dir, self.bindir, 'activate.csh') ++ test_script = os.path.join(self.env_dir, 'test_special_chars.csh') ++ with open(test_script, "w") as f: ++ f.write(f'source {shlex.quote(activate)}\n' ++ 'python -c \'import sys; print(sys.executable)\'\n' ++ 'python -c \'import os; print(os.environ["VIRTUAL_ENV"])\'\n' ++ 'deactivate\n') ++ out, err = check_output([csh, test_script]) ++ lines = out.splitlines() ++ self.assertTrue(env_name.encode() in lines[0]) ++ self.assertEndsWith(lines[1], env_name.encode()) ++ ++ # gh-124651: test quoted strings on Windows ++ @unittest.skipUnless(os.name == 'nt', 'only relevant on Windows') ++ def test_special_chars_windows(self): ++ """ ++ Test that the template strings are quoted properly on Windows ++ """ ++ rmtree(self.env_dir) ++ env_name = "'&&^$e" ++ env_dir = os.path.join(os.path.realpath(self.env_dir), env_name) ++ builder = venv.EnvBuilder(clear=True) ++ builder.create(env_dir) ++ activate = os.path.join(env_dir, self.bindir, 'activate.bat') ++ test_batch = os.path.join(self.env_dir, 'test_special_chars.bat') ++ with open(test_batch, "w") as f: ++ f.write('@echo off\n' ++ f'"{activate}" & ' ++ f'{self.exe} -c "import sys; print(sys.executable)" & ' ++ f'{self.exe} -c "import os; print(os.environ[\'VIRTUAL_ENV\'])" & ' ++ 'deactivate') ++ out, err = check_output([test_batch]) ++ lines = out.splitlines() ++ self.assertTrue(env_name.encode() in lines[0]) ++ self.assertEndsWith(lines[1], env_name.encode()) ++ + @unittest.skipUnless(os.name == 'nt', 'only relevant on Windows') + def test_unicode_in_batch_file(self): + """ +--- a/Lib/venv/__init__.py ++++ b/Lib/venv/__init__.py +@@ -11,6 +11,7 @@ import subprocess + import sys + import sysconfig + import types ++import shlex + + + CORE_VENV_DEPS = ('pip', 'setuptools') +@@ -394,11 +395,41 @@ class EnvBuilder: + :param context: The information for the environment creation request + being processed. + """ +- text = text.replace('__VENV_DIR__', context.env_dir) +- text = text.replace('__VENV_NAME__', context.env_name) +- text = text.replace('__VENV_PROMPT__', context.prompt) +- text = text.replace('__VENV_BIN_NAME__', context.bin_name) +- text = text.replace('__VENV_PYTHON__', context.env_exe) ++ replacements = { ++ '__VENV_DIR__': context.env_dir, ++ '__VENV_NAME__': context.env_name, ++ '__VENV_PROMPT__': context.prompt, ++ '__VENV_BIN_NAME__': context.bin_name, ++ '__VENV_PYTHON__': context.env_exe, ++ } ++ ++ def quote_ps1(s): ++ """ ++ This should satisfy PowerShell quoting rules [1], unless the quoted ++ string is passed directly to Windows native commands [2]. ++ [1]: https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_quoting_rules ++ [2]: https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_parsing#passing-arguments-that-contain-quote-characters ++ """ ++ s = s.replace("'", "''") ++ return f"'{s}'" ++ ++ def quote_bat(s): ++ return s ++ ++ # gh-124651: need to quote the template strings properly ++ quote = shlex.quote ++ script_path = context.script_path ++ if script_path.endswith('.ps1'): ++ quote = quote_ps1 ++ elif script_path.endswith('.bat'): ++ quote = quote_bat ++ else: ++ # fallbacks to POSIX shell compliant quote ++ quote = shlex.quote ++ ++ replacements = {key: quote(s) for key, s in replacements.items()} ++ for key, quoted in replacements.items(): ++ text = text.replace(key, quoted) + return text + + def install_scripts(self, context, path): +@@ -438,6 +469,7 @@ class EnvBuilder: + with open(srcfile, 'rb') as f: + data = f.read() + if not srcfile.endswith(('.exe', '.pdb')): ++ context.script_path = srcfile + try: + data = data.decode('utf-8') + data = self.replace_variables(data, context) +--- a/Lib/venv/scripts/common/activate ++++ b/Lib/venv/scripts/common/activate +@@ -35,11 +35,11 @@ deactivate () { + # unset irrelevant variables + deactivate nondestructive + +-VIRTUAL_ENV="__VENV_DIR__" ++VIRTUAL_ENV=__VENV_DIR__ + export VIRTUAL_ENV + + _OLD_VIRTUAL_PATH="$PATH" +-PATH="$VIRTUAL_ENV/__VENV_BIN_NAME__:$PATH" ++PATH="$VIRTUAL_ENV/"__VENV_BIN_NAME__":$PATH" + export PATH + + # unset PYTHONHOME if set +@@ -52,9 +52,9 @@ fi + + if [ -z "${VIRTUAL_ENV_DISABLE_PROMPT:-}" ] ; then + _OLD_VIRTUAL_PS1="${PS1:-}" +- PS1="__VENV_PROMPT__${PS1:-}" ++ PS1=__VENV_PROMPT__"${PS1:-}" + export PS1 +- VIRTUAL_ENV_PROMPT="__VENV_PROMPT__" ++ VIRTUAL_ENV_PROMPT=__VENV_PROMPT__ + export VIRTUAL_ENV_PROMPT + fi + +--- a/Lib/venv/scripts/nt/activate.bat ++++ b/Lib/venv/scripts/nt/activate.bat +@@ -8,7 +8,7 @@ if defined _OLD_CODEPAGE ( + "%SystemRoot%\System32\chcp.com" 65001 > nul + ) + +-set VIRTUAL_ENV=__VENV_DIR__ ++set "VIRTUAL_ENV=__VENV_DIR__" + + if not defined PROMPT set PROMPT=$P$G + +@@ -24,8 +24,8 @@ set PYTHONHOME= + if defined _OLD_VIRTUAL_PATH set PATH=%_OLD_VIRTUAL_PATH% + if not defined _OLD_VIRTUAL_PATH set _OLD_VIRTUAL_PATH=%PATH% + +-set PATH=%VIRTUAL_ENV%\__VENV_BIN_NAME__;%PATH% +-set VIRTUAL_ENV_PROMPT=__VENV_PROMPT__ ++set "PATH=%VIRTUAL_ENV%\__VENV_BIN_NAME__;%PATH%" ++set "VIRTUAL_ENV_PROMPT=__VENV_PROMPT__" + + :END + if defined _OLD_CODEPAGE ( +--- a/Lib/venv/scripts/posix/activate.csh ++++ b/Lib/venv/scripts/posix/activate.csh +@@ -8,17 +8,17 @@ alias deactivate 'test $?_OLD_VIRTUAL_PA + # Unset irrelevant variables. + deactivate nondestructive + +-setenv VIRTUAL_ENV "__VENV_DIR__" ++setenv VIRTUAL_ENV __VENV_DIR__ + + set _OLD_VIRTUAL_PATH="$PATH" +-setenv PATH "$VIRTUAL_ENV/__VENV_BIN_NAME__:$PATH" ++setenv PATH "$VIRTUAL_ENV/"__VENV_BIN_NAME__":$PATH" + + + set _OLD_VIRTUAL_PROMPT="$prompt" + + if (! "$?VIRTUAL_ENV_DISABLE_PROMPT") then +- set prompt = "__VENV_PROMPT__$prompt" +- setenv VIRTUAL_ENV_PROMPT "__VENV_PROMPT__" ++ set prompt = __VENV_PROMPT__"$prompt" ++ setenv VIRTUAL_ENV_PROMPT __VENV_PROMPT__ + endif + + alias pydoc python -m pydoc +--- a/Lib/venv/scripts/posix/activate.fish ++++ b/Lib/venv/scripts/posix/activate.fish +@@ -33,10 +33,10 @@ end + # Unset irrelevant variables. + deactivate nondestructive + +-set -gx VIRTUAL_ENV "__VENV_DIR__" ++set -gx VIRTUAL_ENV __VENV_DIR__ + + set -gx _OLD_VIRTUAL_PATH $PATH +-set -gx PATH "$VIRTUAL_ENV/__VENV_BIN_NAME__" $PATH ++set -gx PATH "$VIRTUAL_ENV/"__VENV_BIN_NAME__ $PATH + + # Unset PYTHONHOME if set. + if set -q PYTHONHOME +@@ -56,7 +56,7 @@ if test -z "$VIRTUAL_ENV_DISABLE_PROMPT" + set -l old_status $status + + # Output the venv prompt; color taken from the blue of the Python logo. +- printf "%s%s%s" (set_color 4B8BBE) "__VENV_PROMPT__" (set_color normal) ++ printf "%s%s%s" (set_color 4B8BBE) __VENV_PROMPT__ (set_color normal) + + # Restore the return status of the previous command. + echo "exit $old_status" | . +@@ -65,5 +65,5 @@ if test -z "$VIRTUAL_ENV_DISABLE_PROMPT" + end + + set -gx _OLD_FISH_PROMPT_OVERRIDE "$VIRTUAL_ENV" +- set -gx VIRTUAL_ENV_PROMPT "__VENV_PROMPT__" ++ set -gx VIRTUAL_ENV_PROMPT __VENV_PROMPT__ + end +--- /dev/null ++++ b/Misc/NEWS.d/next/Library/2024-09-28-02-03-04.gh-issue-124651.bLBGtH.rst +@@ -0,0 +1 @@ ++Properly quote template strings in :mod:`venv` activation scripts. diff --git a/F00251-change-user-install-location.patch b/F00251-change-user-install-location.patch new file mode 100644 index 0000000..fa38a94 --- /dev/null +++ b/F00251-change-user-install-location.patch @@ -0,0 +1,215 @@ +From 910f38d9768d39d4d31426743ae4081ed1ab66b6 Mon Sep 17 00:00:00 2001 +From: Michal Cyprian +Date: Mon, 26 Jun 2017 16:32:56 +0200 +Subject: [PATCH] 00251: Change user install location + +Set values of prefix and exec_prefix in distutils install command +to /usr/local if executable is /usr/bin/python* and RPM build +is not detected to make pip and distutils install into separate location. + +Fedora Change: https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe +--- + Lib/distutils/command/install.py | 15 +++++++++++++-- + Lib/site.py | 9 ++++++++- + 2 files changed, 21 insertions(+), 3 deletions(-) + +Index: Python-3.11.8/Lib/distutils/command/install.py +=================================================================== +--- Python-3.11.8.orig/Lib/distutils/command/install.py ++++ Python-3.11.8/Lib/distutils/command/install.py +@@ -441,8 +441,19 @@ class install(Command): + raise DistutilsOptionError( + "must not supply exec-prefix without prefix") + +- self.prefix = os.path.normpath(sys.prefix) +- self.exec_prefix = os.path.normpath(sys.exec_prefix) ++ # self.prefix is set to sys.prefix + /local/ ++ # if neither RPM build nor virtual environment is ++ # detected to make pip and distutils install packages ++ # into the separate location. ++ if (not (hasattr(sys, 'real_prefix') or ++ sys.prefix != sys.base_prefix) and ++ 'RPM_BUILD_ROOT' not in os.environ): ++ addition = "/local" ++ else: ++ addition = "" ++ ++ self.prefix = os.path.normpath(sys.prefix) + addition ++ self.exec_prefix = os.path.normpath(sys.exec_prefix) + addition + + else: + if self.exec_prefix is None: +Index: Python-3.11.8/Lib/site.py +=================================================================== +--- Python-3.11.8.orig/Lib/site.py ++++ Python-3.11.8/Lib/site.py +@@ -387,8 +387,15 @@ def getsitepackages(prefixes=None): + return sitepackages + + def addsitepackages(known_paths, prefixes=None): +- """Add site-packages to sys.path""" ++ """Add site-packages to sys.path ++ ++ '/usr/local' is included in PREFIXES if RPM build is not detected ++ to make packages installed into this location visible. ++ ++ """ + _trace("Processing global site-packages") ++ if ENABLE_USER_SITE and 'RPM_BUILD_ROOT' not in os.environ: ++ PREFIXES.insert(0, "/usr/local") + for sitedir in getsitepackages(prefixes): + if os.path.isdir(sitedir): + addsitedir(sitedir, known_paths) + +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= +Date: Mon, 15 Feb 2021 12:19:27 +0100 +Subject: [PATCH] 00251: Change user install location +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Set values of base and platbase in sysconfig from /usr +to /usr/local when RPM build is not detected +to make pip and similar tools install into separate location. + +Fedora Change: https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe +Downstream only. + +We've tried to rework in Fedora 36/Python 3.10 to follow https://bugs.python.org/issue43976 +but we have identified serious problems with that approach, +see https://bugzilla.redhat.com/2026979 or https://bugzilla.redhat.com/2097183 + +pypa/distutils integration: https://github.com/pypa/distutils/pull/70 + +Co-authored-by: Petr Viktorin +Co-authored-by: Miro Hrončok +Co-authored-by: Michal Cyprian +Co-authored-by: Lumír Balhar +--- + Lib/site.py | 9 ++++++- + Lib/sysconfig.py | 49 +++++++++++++++++++++++++++++++++++++- + Lib/test/test_sysconfig.py | 17 +++++++++++-- + 3 files changed, 71 insertions(+), 4 deletions(-) + +Index: Python-3.11.9/Lib/sysconfig.py +=================================================================== +--- Python-3.11.9.orig/Lib/sysconfig.py ++++ Python-3.11.9/Lib/sysconfig.py +@@ -103,6 +103,11 @@ if os.name == 'nt': + else: + _INSTALL_SCHEMES['venv'] = _INSTALL_SCHEMES['posix_venv'] + ++# For a brief period of time in the Fedora 36 life cycle, ++# this installation scheme existed and was documented in the release notes. ++# For backwards compatibility, we keep it here (at least on 3.10 and 3.11). ++_INSTALL_SCHEMES['rpm_prefix'] = _INSTALL_SCHEMES['posix_prefix'] ++ + + # NOTE: site.py has copy of this function. + # Sync it when modify this function. +@@ -162,6 +167,19 @@ if _HAS_USER_BASE: + }, + } + ++# This is used by distutils.command.install in the stdlib ++# as well as pypa/distutils (e.g. bundled in setuptools). ++# The self.prefix value is set to sys.prefix + /local/ ++# if neither RPM build nor virtual environment is ++# detected to make distutils install packages ++# into the separate location. ++# https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe ++if (not (hasattr(sys, 'real_prefix') or ++ sys.prefix != sys.base_prefix) and ++ 'RPM_BUILD_ROOT' not in os.environ): ++ _prefix_addition = '/local' ++ ++ + _SCHEME_KEYS = ('stdlib', 'platstdlib', 'purelib', 'platlib', 'include', + 'scripts', 'data') + +@@ -258,11 +276,40 @@ def _extend_dict(target_dict, other_dict + target_dict[key] = value + + ++_CONFIG_VARS_LOCAL = None ++ ++ ++def _config_vars_local(): ++ # This function returns the config vars with prefixes amended to /usr/local ++ # https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe ++ global _CONFIG_VARS_LOCAL ++ if _CONFIG_VARS_LOCAL is None: ++ _CONFIG_VARS_LOCAL = dict(get_config_vars()) ++ _CONFIG_VARS_LOCAL['base'] = '/usr/local' ++ _CONFIG_VARS_LOCAL['platbase'] = '/usr/local' ++ return _CONFIG_VARS_LOCAL ++ ++ + def _expand_vars(scheme, vars): + res = {} + if vars is None: + vars = {} +- _extend_dict(vars, get_config_vars()) ++ ++ # when we are not in a virtual environment or an RPM build ++ # we change '/usr' to '/usr/local' ++ # to avoid surprises, we explicitly check for the /usr/ prefix ++ # Python virtual environments have different prefixes ++ # we only do this for posix_prefix, not to mangle the venv scheme ++ # posix_prefix is used by sudo pip install ++ # we only change the defaults here, so explicit --prefix will take precedence ++ # https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe ++ if (scheme == 'posix_prefix' and ++ _PREFIX == '/usr' and ++ 'RPM_BUILD_ROOT' not in os.environ): ++ _extend_dict(vars, _config_vars_local()) ++ else: ++ _extend_dict(vars, get_config_vars()) ++ + if os.name == 'nt': + # On Windows we want to substitute 'lib' for schemes rather + # than the native value (without modifying vars, in case it +Index: Python-3.11.9/Lib/test/test_sysconfig.py +=================================================================== +--- Python-3.11.9.orig/Lib/test/test_sysconfig.py ++++ Python-3.11.9/Lib/test/test_sysconfig.py +@@ -111,8 +111,19 @@ class TestSysConfig(unittest.TestCase): + for scheme in _INSTALL_SCHEMES: + for name in _INSTALL_SCHEMES[scheme]: + expected = _INSTALL_SCHEMES[scheme][name].format(**config_vars) ++ tested = get_path(name, scheme) ++ # https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe ++ if tested.startswith('/usr/local'): ++ # /usr/local should only be used in posix_prefix ++ self.assertEqual(scheme, 'posix_prefix') ++ # Fedora CI runs tests for venv and virtualenv that check for other prefixes ++ self.assertEqual(sys.prefix, '/usr') ++ # When building the RPM of Python, %check runs this with RPM_BUILD_ROOT set ++ # Fedora CI runs this with RPM_BUILD_ROOT unset ++ self.assertNotIn('RPM_BUILD_ROOT', os.environ) ++ tested = tested.replace('/usr/local', '/usr') + self.assertEqual( +- os.path.normpath(get_path(name, scheme)), ++ os.path.normpath(tested), + os.path.normpath(expected), + ) + +@@ -345,7 +356,7 @@ class TestSysConfig(unittest.TestCase): + self.assertTrue(os.path.isfile(config_h), config_h) + + def test_get_scheme_names(self): +- wanted = ['nt', 'posix_home', 'posix_prefix', 'posix_venv', 'nt_venv', 'venv'] ++ wanted = ['nt', 'posix_home', 'posix_prefix', 'posix_venv', 'nt_venv', 'venv', 'rpm_prefix'] + if HAS_USER_BASE: + wanted.extend(['nt_user', 'osx_framework_user', 'posix_user']) + self.assertEqual(get_scheme_names(), tuple(sorted(wanted))) +@@ -357,6 +368,8 @@ class TestSysConfig(unittest.TestCase): + cmd = "-c", "import sysconfig; print(sysconfig.get_platform())" + self.assertEqual(py.call_real(*cmd), py.call_link(*cmd)) + ++ @unittest.skipIf('RPM_BUILD_ROOT' not in os.environ, ++ "Test doesn't expect Fedora's paths") + def test_user_similar(self): + # Issue #8759: make sure the posix scheme for the users + # is similar to the global posix_prefix one diff --git a/PACKAGING-NOTES b/PACKAGING-NOTES new file mode 100644 index 0000000..e28c88c --- /dev/null +++ b/PACKAGING-NOTES @@ -0,0 +1,26 @@ +Notes for packagers of Python3 +============================== + +0. Faster build turnaround +-------------------------- + +By default, python builds with profile-guided optimization. This needs +an additional run of the test suite and it is generally slow. +PGO build takes around 50 minutes. + +For development, use "--without profileopt" option to disable PGO. This +shortens the build time to ~5 minutes including test suite. + +1. import_failed.map +---------------------- + +This is a mechanism installed as part of python3-base, that places shim modules +on python's path (through a generated zzzz-import-failed-hooks.pth file, so that +it is imported as much at the end as makes sense; and an _import_failed subdir +of /usr/lib/pythonX.Y). Then when the user tries to import a module that is part +of a subpackage, the ImportError will contain a helpful message telling them +which missing subpackage to install. + +This can sometimes cause problems on non-standard configurations, if the pth +gets included too early (for instance if you are using a script to include all +pths by hand in some strange order). Just something to look out for. diff --git a/Python-3.11.10.tar.xz b/Python-3.11.10.tar.xz new file mode 100644 index 0000000..f87e7ad --- /dev/null +++ b/Python-3.11.10.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:07a4356e912900e61a15cb0949a06c4a05012e213ecd6b4e84d0f67aabbee372 +size 20067656 diff --git a/Python-3.11.10.tar.xz.asc b/Python-3.11.10.tar.xz.asc new file mode 100644 index 0000000..243d1b1 --- /dev/null +++ b/Python-3.11.10.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEz9yiRbEEPPKl+Xhl/+h0BBaL2EcFAmbbrO0ACgkQ/+h0BBaL +2Ec+YBAAnQJLKYPjj7Yr7xkFU655Sv86JxeRAdWjnIapbiIuWg3Up8Pd8FTRgHGf +3XdTHw7b03lSjtzJwavzdnDklqAlBIGn9dVieljUIN7NYyNxoYOr/AiatimgSwv7 +dI5mfun5fLKV6ZcdNdQN5PJ3RZtF3I7VfkN2mlfZJHtxl1agdU/TfW2L+qJ7+JPY +cayjq2xKTLRNXOf2iV29GRRovLiqA+Dx0+cAwsScwreHMp3U4k3GkeHVoR6fldV4 +bVAM8GRl3CYVFePiqAbamKP1BSys44JOINWbWyd94JxzEAwXWz//Es0h73AzeRfK +ueORqzdoOGrVc74+HGlAHhqO1Gg7jMMmtkzCEuav+cGHYnMRMOngGR3q47aTJTVb +5UdP0oD4OlADPFVa6q0LCqN/IFlebWMh9pXYw7Wpek63oNuZHTfNPq4S1AUM2HJm +C3yzaOG9VAdYfLneJC4ldY4CVt1FKckfaXp5OAaMr71DI74e4CcEswlUupZJLZKV +TJRjQD15bnXGhHDqU4w3RmzpCWMh2mf4m4VMYQyObl3TtlX+gVvzIhDS5+mXqutB +F1pdXwaHHkTb2PLLxpwOGrnsp8XoW74tsylcYirQg8jSFMbgxfwgIjEIuRGXeDkT +B4QzmQ4SxsbLiH7etV6Fznl1h569Z4DO9OOs4i0ZzIjdhPDQtAs= +=TatG +-----END PGP SIGNATURE----- diff --git a/README.SUSE b/README.SUSE new file mode 100644 index 0000000..0053bcf --- /dev/null +++ b/README.SUSE @@ -0,0 +1,43 @@ +Python 3 in SUSE +============== + +* Subpackages * + +Python 3 is split into several subpackages, based on external dependencies. +The main package 'python3' has soft dependencies on all subpackages needed to +assemble the standard library; however, these might not all be installed by default. + +If you attempt to import a module that is currently not installed, an ImportError is thrown, +with instructions to install the missing subpackage. Installing the subpackage might result +in installing libraries that the subpackage requires to function. + + +* ensurepip * + +The 'ensurepip' module from Python 3 standard library (PEP 453) is supposed to deploy +a bundled copy of the pip installer. This makes no sense in a managed distribution like SUSE. +Instead, you need to install package 'python3-pip'. Usually this will be installed automatically +with 'python3'. + +Using 'ensurepip' when pip is not installed will result in an ImportError with instructions +to install 'python3-pip'. + + +* Documentation * + +You can find documentation in seprarate packages: python3-doc and +python3-doc-pdf. These contan following documents: + + Tutorial, What's New in Python, Global Module Index, Library Reference, + Macintosh Module Reference, Installing Python Modules, Distributing Python + Modules, Language Reference, Extending and Embedding, Python/C API, + Documenting Python + +The python3-doc package constains many text files from source tarball. + + +* Interactive mode * + +Interactive mode is by default enhanced with of history and command completion. +If you don't like these features, you can unset the PYTHONSTARTUP variable +in your .profile or disable it system wide in /etc/profile.d/python.sh. diff --git a/_multibuild b/_multibuild new file mode 100644 index 0000000..1d50bc4 --- /dev/null +++ b/_multibuild @@ -0,0 +1,4 @@ + + base + doc + diff --git a/baselibs.conf b/baselibs.conf new file mode 100644 index 0000000..1793de8 --- /dev/null +++ b/baselibs.conf @@ -0,0 +1,3 @@ +python311-base +python311 +libpython3_11-1_0 diff --git a/bluez-devel-vendor.tar.xz b/bluez-devel-vendor.tar.xz new file mode 100644 index 0000000..57fb3e5 --- /dev/null +++ b/bluez-devel-vendor.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:868fbfba2ddaed62f2c45cf869fe2c648527ac3bac738f4f41f3c2872f5b0211 +size 25040 diff --git a/bpo-31046_ensurepip_honours_prefix.patch b/bpo-31046_ensurepip_honours_prefix.patch new file mode 100644 index 0000000..86882ae --- /dev/null +++ b/bpo-31046_ensurepip_honours_prefix.patch @@ -0,0 +1,173 @@ +From 5754521af1d51aa8e445cba07a093bbc0c88596d Mon Sep 17 00:00:00 2001 +From: Zackery Spytz +Date: Mon, 16 Dec 2019 18:24:08 -0700 +Subject: [PATCH] bpo-31046: ensurepip does not honour the value of $(prefix) + +Co-Authored-By: Xavier de Gaye +--- + Doc/library/ensurepip.rst | 9 +++-- + Lib/ensurepip/__init__.py | 18 +++++++--- + Lib/test/test_ensurepip.py | 11 ++++++ + Makefile.pre.in | 4 +- + Misc/NEWS.d/next/Build/2019-12-16-17-50-42.bpo-31046.XA-Qfr.rst | 1 + 5 files changed, 34 insertions(+), 9 deletions(-) + create mode 100644 Misc/NEWS.d/next/Build/2019-12-16-17-50-42.bpo-31046.XA-Qfr.rst + +Index: Python-3.11.8/Doc/library/ensurepip.rst +=================================================================== +--- Python-3.11.8.orig/Doc/library/ensurepip.rst ++++ Python-3.11.8/Doc/library/ensurepip.rst +@@ -59,7 +59,9 @@ is at least as recent as the one availab + By default, ``pip`` is installed into the current virtual environment + (if one is active) or into the system site packages (if there is no + active virtual environment). The installation location can be controlled +-through two additional command line options: ++through some additional command line options: ++ ++* ``--prefix ``: Installs ``pip`` using the given directory prefix. + + * :samp:`--root {dir}`: Installs ``pip`` relative to the given root directory + rather than the root of the currently active virtual environment (if any) +@@ -92,7 +94,7 @@ Module API + Returns a string specifying the available version of pip that will be + installed when bootstrapping an environment. + +-.. function:: bootstrap(root=None, upgrade=False, user=False, \ ++.. function:: bootstrap(root=None, prefix=None, upgrade=False, user=False, \ + altinstall=False, default_pip=False, \ + verbosity=0) + +@@ -102,6 +104,8 @@ Module API + If *root* is ``None``, then installation uses the default install location + for the current environment. + ++ *prefix* specifies the directory prefix to use when installing. ++ + *upgrade* indicates whether or not to upgrade an existing installation + of an earlier version of ``pip`` to the available version. + +@@ -122,6 +126,8 @@ Module API + *verbosity* controls the level of output to :data:`sys.stdout` from the + bootstrapping operation. + ++ .. versionchanged:: 3.9 the *prefix* parameter was added. ++ + .. audit-event:: ensurepip.bootstrap root ensurepip.bootstrap + + .. note:: +Index: Python-3.11.8/Lib/ensurepip/__init__.py +=================================================================== +--- Python-3.11.8.orig/Lib/ensurepip/__init__.py ++++ Python-3.11.8/Lib/ensurepip/__init__.py +@@ -122,27 +122,27 @@ def _disable_pip_configuration_settings( + os.environ['PIP_CONFIG_FILE'] = os.devnull + + +-def bootstrap(*, root=None, upgrade=False, user=False, ++def bootstrap(*, root=None, prefix=None, upgrade=False, user=False, + altinstall=False, default_pip=False, + verbosity=0): + """ + Bootstrap pip into the current Python installation (or the given root +- directory). ++ and directory prefix). + + Note that calling this function will alter both sys.path and os.environ. + """ + # Discard the return value +- _bootstrap(root=root, upgrade=upgrade, user=user, ++ _bootstrap(root=root, prefix=prefix, upgrade=upgrade, user=user, + altinstall=altinstall, default_pip=default_pip, + verbosity=verbosity) + + +-def _bootstrap(*, root=None, upgrade=False, user=False, ++def _bootstrap(*, root=None, prefix=None, upgrade=False, user=False, + altinstall=False, default_pip=False, + verbosity=0): + """ + Bootstrap pip into the current Python installation (or the given root +- directory). Returns pip command status code. ++ and directory prefix). Returns pip command status code. + + Note that calling this function will alter both sys.path and os.environ. + """ +@@ -192,6 +192,8 @@ def _bootstrap(*, root=None, upgrade=Fal + args = ["install", "--no-cache-dir", "--no-index", "--find-links", tmpdir] + if root: + args += ["--root", root] ++ if prefix: ++ args += ["--prefix", prefix] + if upgrade: + args += ["--upgrade"] + if user: +@@ -267,6 +269,11 @@ def _main(argv=None): + help="Install everything relative to this alternate root directory.", + ) + parser.add_argument( ++ "--prefix", ++ default=None, ++ help="Install everything using this prefix.", ++ ) ++ parser.add_argument( + "--altinstall", + action="store_true", + default=False, +@@ -285,6 +292,7 @@ def _main(argv=None): + + return _bootstrap( + root=args.root, ++ prefix=args.prefix, + upgrade=args.upgrade, + user=args.user, + verbosity=args.verbosity, +Index: Python-3.11.8/Lib/test/test_ensurepip.py +=================================================================== +--- Python-3.11.8.orig/Lib/test/test_ensurepip.py ++++ Python-3.11.8/Lib/test/test_ensurepip.py +@@ -112,6 +112,17 @@ class TestBootstrap(EnsurepipMixin, unit + unittest.mock.ANY, + ) + ++ def test_bootstrapping_with_prefix(self): ++ ensurepip.bootstrap(prefix="/foo/bar/") ++ self.run_pip.assert_called_once_with( ++ [ ++ "install", "--no-cache-dir", "--no-index", "--find-links", ++ unittest.mock.ANY, "--prefix", "/foo/bar/", ++ "setuptools", "pip", ++ ], ++ unittest.mock.ANY, ++ ) ++ + def test_bootstrapping_with_user(self): + ensurepip.bootstrap(user=True) + +Index: Python-3.11.8/Makefile.pre.in +=================================================================== +--- Python-3.11.8.orig/Makefile.pre.in ++++ Python-3.11.8/Makefile.pre.in +@@ -1761,7 +1761,7 @@ install: @FRAMEWORKINSTALLFIRST@ commoni + install|*) ensurepip="" ;; \ + esac; \ + $(RUNSHARED) $(PYTHON_FOR_BUILD) -m ensurepip \ +- $$ensurepip --root=$(DESTDIR)/ ; \ ++ $$ensurepip --root=$(DESTDIR)/ --prefix=$(prefix) ; \ + fi + + altinstall: commoninstall +@@ -1771,7 +1771,7 @@ altinstall: commoninstall + install|*) ensurepip="--altinstall" ;; \ + esac; \ + $(RUNSHARED) $(PYTHON_FOR_BUILD) -m ensurepip \ +- $$ensurepip --root=$(DESTDIR)/ ; \ ++ $$ensurepip --root=$(DESTDIR)/ --prefix=$(prefix) ; \ + fi + + commoninstall: check-clean-src @FRAMEWORKALTINSTALLFIRST@ \ +Index: Python-3.11.8/Misc/NEWS.d/next/Build/2019-12-16-17-50-42.bpo-31046.XA-Qfr.rst +=================================================================== +--- /dev/null ++++ Python-3.11.8/Misc/NEWS.d/next/Build/2019-12-16-17-50-42.bpo-31046.XA-Qfr.rst +@@ -0,0 +1 @@ ++A directory prefix can now be specified when using :mod:`ensurepip`. diff --git a/bsc1221260-test_asyncio-ResourceWarning.patch b/bsc1221260-test_asyncio-ResourceWarning.patch new file mode 100644 index 0000000..15d6b8d --- /dev/null +++ b/bsc1221260-test_asyncio-ResourceWarning.patch @@ -0,0 +1,21 @@ +From a3052035485bd2836e40f5284657ca105382cbfd Mon Sep 17 00:00:00 2001 +From: sobolevn +Date: Tue, 5 Mar 2024 20:24:16 +0300 +Subject: [PATCH] gh-116112: Fix `ResourceWarning` in + `test_asyncio.test_stream` + +Co-authored-by: @CendioOssman +--- + Lib/test/test_asyncio/test_streams.py | 1 + + 1 file changed, 1 insertion(+) + +--- a/Lib/test/test_asyncio/test_streams.py ++++ b/Lib/test/test_asyncio/test_streams.py +@@ -1156,6 +1156,7 @@ os.close(fd) + + def test_unhandled_cancel(self): + async def handle_echo(reader, writer): ++ writer.close() + asyncio.current_task().cancel() + messages = self._basetest_unhandled_exceptions(handle_echo) + self.assertEqual(messages, []) diff --git a/bso1227999-reproducible-builds.patch b/bso1227999-reproducible-builds.patch new file mode 100644 index 0000000..fb33d18 --- /dev/null +++ b/bso1227999-reproducible-builds.patch @@ -0,0 +1,37 @@ +From ac2b8869724d7a57d9b5efbdce2f20423214e8bb Mon Sep 17 00:00:00 2001 +From: "Bernhard M. Wiedemann" +Date: Tue, 16 Jul 2024 21:39:33 +0200 +Subject: [PATCH] Allow to override build date with SOURCE_DATE_EPOCH + +to make builds reproducible. +See https://reproducible-builds.org/ for why this is good +and https://reproducible-builds.org/specs/source-date-epoch/ +for the definition of this variable. +--- + Doc/conf.py | 3 ++- + Doc/library/functions.rst | 2 +- + 2 files changed, 3 insertions(+), 2 deletions(-) + +--- a/Doc/conf.py ++++ b/Doc/conf.py +@@ -316,7 +316,8 @@ html_context = { + } + + # This 'Last updated on:' timestamp is inserted at the bottom of every page. +-html_last_updated_fmt = time.strftime('%b %d, %Y (%H:%M UTC)', time.gmtime()) ++html_time = int(os.environ.get('SOURCE_DATE_EPOCH', time.time())) ++html_last_updated_fmt = time.strftime('%b %d, %Y (%H:%M UTC)', time.gmtime(html_time)) + + # Path to find HTML templates. + templates_path = ['tools/templates'] +--- a/Doc/library/functions.rst ++++ b/Doc/library/functions.rst +@@ -1356,7 +1356,7 @@ are always available. They are listed h + (where :func:`open` is declared), :mod:`os`, :mod:`os.path`, :mod:`tempfile`, + and :mod:`shutil`. + +- .. audit-event:: open file,mode,flags open ++ .. audit-event:: open path,mode,flags open + + The ``mode`` and ``flags`` arguments may have been modified or inferred from + the original call. diff --git a/distutils-reproducible-compile.patch b/distutils-reproducible-compile.patch new file mode 100644 index 0000000..17e8bd2 --- /dev/null +++ b/distutils-reproducible-compile.patch @@ -0,0 +1,17 @@ +--- + Lib/distutils/util.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +Index: Python-3.11.8/Lib/distutils/util.py +=================================================================== +--- Python-3.11.8.orig/Lib/distutils/util.py ++++ Python-3.11.8/Lib/distutils/util.py +@@ -436,7 +436,7 @@ byte_compile(files, optimize=%r, force=% + else: + from py_compile import compile + +- for file in py_files: ++ for file in sorted(py_files): + if file[-3:] != ".py": + # This lets us be lazy and not filter filenames in + # the "install_lib" command. diff --git a/externally_managed.in b/externally_managed.in new file mode 100644 index 0000000..54606b6 --- /dev/null +++ b/externally_managed.in @@ -0,0 +1,12 @@ +[externally-managed] +Error=To install Python packages system-wide, try + zypper install __PYTHONPREFIX__-xyz, where xyz is the package + you are trying to install. + + If you wish to install a non-rpm packaged Python package, + create a virtual environment using __PYTHON__ -m venv path/to/venv. + Then use path/to/venv/bin/python and path/to/venv/bin/pip. + + If you wish to install a non-rpm packaged Python application, + it may be easiest to use `pipx install xyz`, which will manage a + virtual environment for you. Install pipx via `zypper install __PYTHONPREFIX__-pipx` . diff --git a/fix_configure_rst.patch b/fix_configure_rst.patch new file mode 100644 index 0000000..7c6fd0e --- /dev/null +++ b/fix_configure_rst.patch @@ -0,0 +1,40 @@ +--- + Doc/using/configure.rst | 3 --- + Misc/NEWS | 2 +- + 2 files changed, 1 insertion(+), 4 deletions(-) + +--- a/Doc/using/configure.rst ++++ b/Doc/using/configure.rst +@@ -43,7 +43,6 @@ General Options + + See :data:`sys.int_info.bits_per_digit `. + +-.. option:: --with-cxx-main + .. option:: --with-cxx-main=COMPILER + + Compile the Python ``main()`` function and link Python executable with C++ +@@ -529,13 +528,11 @@ macOS Options + + See ``Mac/README.rst``. + +-.. option:: --enable-universalsdk + .. option:: --enable-universalsdk=SDKDIR + + Create a universal binary build. *SDKDIR* specifies which macOS SDK should + be used to perform the build (default is no). + +-.. option:: --enable-framework + .. option:: --enable-framework=INSTALLDIR + + Create a Python.framework rather than a traditional Unix install. Optional +--- a/Misc/NEWS ++++ b/Misc/NEWS +@@ -9774,7 +9774,7 @@ C API + - bpo-40939: Removed documentation for the removed ``PyParser_*`` C API. + + - bpo-43795: The list in :ref:`limited-api-list` now shows the public name +- :c:struct:`PyFrameObject` rather than ``_frame``. The non-existing entry ++ :c:type:`PyFrameObject` rather than ``_frame``. The non-existing entry + ``_node`` no longer appears in the list. + + - bpo-44378: :c:func:`Py_IS_TYPE` no longer uses :c:func:`Py_TYPE` to avoid diff --git a/gh120226-fix-sendfile-test-kernel-610.patch b/gh120226-fix-sendfile-test-kernel-610.patch new file mode 100644 index 0000000..2eb6f63 --- /dev/null +++ b/gh120226-fix-sendfile-test-kernel-610.patch @@ -0,0 +1,35 @@ +From 1b3f6523a5c83323cdc44031b33a1c062e5dc698 Mon Sep 17 00:00:00 2001 +From: Xi Ruoyao +Date: Fri, 7 Jun 2024 23:51:32 +0800 +Subject: [PATCH] gh-120226: Fix + test_sendfile_close_peer_in_the_middle_of_receiving on Linux >= 6.10 + (GH-120227) + +The worst case is that the kernel buffers 17 pages with a page size of 64k. +(cherry picked from commit a7584245661102a5768c643fbd7db8395fd3c90e) + +Co-authored-by: Xi Ruoyao +--- + Lib/test/test_asyncio/test_sendfile.py | 11 ++++------- + 1 file changed, 4 insertions(+), 7 deletions(-) + +--- a/Lib/test/test_asyncio/test_sendfile.py ++++ b/Lib/test/test_asyncio/test_sendfile.py +@@ -93,13 +93,10 @@ class MyProto(asyncio.Protocol): + + class SendfileBase: + +- # 256 KiB plus small unaligned to buffer chunk +- # Newer versions of Windows seems to have increased its internal +- # buffer and tries to send as much of the data as it can as it +- # has some form of buffering for this which is less than 256KiB +- # on newer server versions and Windows 11. +- # So DATA should be larger than 256 KiB to make this test reliable. +- DATA = b"x" * (1024 * 256 + 1) ++ # Linux >= 6.10 seems buffering up to 17 pages of data. ++ # So DATA should be large enough to make this test reliable even with a ++ # 64 KiB page configuration. ++ DATA = b"x" * (1024 * 17 * 64 + 1) + # Reduce socket buffer size to test on relative small data sets. + BUF_SIZE = 4 * 1024 # 4 KiB + diff --git a/idle3.appdata.xml b/idle3.appdata.xml new file mode 100644 index 0000000..554b7c4 --- /dev/null +++ b/idle3.appdata.xml @@ -0,0 +1,35 @@ + + + + + idle3.desktop + IDLE3 + CC0 + Python-2.0 + Python 3 Integrated Development and Learning Environment + +

+ IDLE is Python’s Integrated Development and Learning Environment. + The GUI is uniform between Windows, Unix, and Mac OS X. + IDLE provides an easy way to start writing, running, and debugging + Python code. +

+

+ IDLE is written in pure Python, and uses the tkinter GUI toolkit. + It provides: +

+
    +
  • a Python shell window (interactive interpreter) with colorizing of code input, output, and error messages,
    • +
  • a multi-window text editor with multiple undo, Python colorizing, smart indent, call tips, auto completion, and other features,
    • +
  • search within any window, replace within editor windows, and search through multiple files (grep),
    • +
  • a debugger with persistent breakpoints, stepping, and viewing of global and local namespaces.
    • +
+ + https://docs.python.org/3/library/idle.html + + http://in.waw.pl/~zbyszek/fedora/idle3-appdata/idle3-main-window.png + http://in.waw.pl/~zbyszek/fedora/idle3-appdata/idle3-class-browser.png + http://in.waw.pl/~zbyszek/fedora/idle3-appdata/idle3-code-viewer.png + + zbyszek@in.waw.pl + diff --git a/idle3.desktop b/idle3.desktop new file mode 100644 index 0000000..43f5a4c --- /dev/null +++ b/idle3.desktop @@ -0,0 +1,12 @@ +[Desktop Entry] +Version=1.0 +Name=IDLE 3 +GenericName=Python 3 IDE +Comment=Python 3 Integrated Development and Learning Environment +Exec=idle3 %F +TryExec=idle3 +Terminal=false +Type=Application +Icon=idle3 +Categories=Development;IDE; +MimeType=text/x-python; diff --git a/import_failed.map b/import_failed.map new file mode 100644 index 0000000..f33690c --- /dev/null +++ b/import_failed.map @@ -0,0 +1,7 @@ +python311-curses: curses _curses _curses_panel +python311-dbm: dbm _dbm _gdbm +python311-idle: idlelib +python311-testsuite: test _ctypes_test _testbuffer _testcapi _testinternalcapi _testimportmultiple _testmultiphase xxlimited +python311-tk: tkinter _tkinter +python311-tools: turtledemo +python311: sqlite3 readline _sqlite3 nis diff --git a/import_failed.py b/import_failed.py new file mode 100644 index 0000000..258b5a5 --- /dev/null +++ b/import_failed.py @@ -0,0 +1,23 @@ +import sys, os +from sysconfig import get_path + +failed_map_path = os.path.join(get_path('stdlib'), '_import_failed', 'import_failed.map') + +if __spec__: + failed_name = __spec__.name +else: + failed_name = __name__ + +with open(failed_map_path) as fd: + for line in fd: + package = line.split(':')[0] + imports = line.split(':')[1] + if failed_name in imports: + raise ImportError(f"""Module '{failed_name}' is not installed. +Use: + sudo zypper install {package} +to install it.""") + +raise ImportError(f"""Module '{failed_name}' is not installed. +It is supposed to be part of python3 distribution, but missing from failed import map. +Please file a bug on the SUSE Bugzilla.""") diff --git a/macros.python3 b/macros.python3 new file mode 100644 index 0000000..2bd193b --- /dev/null +++ b/macros.python3 @@ -0,0 +1,28 @@ +%have_python3 1 + +# commented out legacy macro definitions +#py3_prefix /usr +#py3_incdir /usr/include/python3.5m +#py3_ver 3.5 + +# these should now be provided by macros.python_all +#python3_sitearch /usr/lib64/python3.5/site-packages +#python3_sitelib /usr/lib/python3.5/site-packages +#python3_version 3.5 + +# hard to say if anyone ever used these? +#py3_soflags cpython-35m-x86_64-linux-gnu +#py3_abiflags m +%cpython3_soabi %(python3 -c "import sysconfig; print(sysconfig.get_config_var('SOABI'))") +%py3_soflags %cpython3_soabi + +# compilation macros that might be in use somewhere +%py3_compile(O) \ +find %1 -name '*.pyc' -exec rm -f {} ";"\ +python3 -c "import sys, os, compileall; br='%{buildroot}'; compileall.compile_dir(sys.argv[1], ddir=br and (sys.argv[1][len(os.path.abspath(br)):]+'/') or None)" %1\ +%{-O:\ +find %1 -name '*.pyo' -exec rm -f {} ";"\ +python3 -O -c "import sys, os, compileall; br='%{buildroot}'; compileall.compile_dir(sys.argv[1], ddir=br and (sys.argv[1][len(os.path.abspath(br)):]+'/') or None)" %1\ +} + + diff --git a/no-skipif-doctests.patch b/no-skipif-doctests.patch new file mode 100644 index 0000000..7e412d7 --- /dev/null +++ b/no-skipif-doctests.patch @@ -0,0 +1,653 @@ +only in patch2: +unchanged: +--- + Doc/library/turtle.rst | 82 ------------------------------------------------- + 1 file changed, 82 deletions(-) + +--- a/Doc/library/turtle.rst ++++ b/Doc/library/turtle.rst +@@ -440,7 +440,6 @@ Turtle motion + turtle is headed. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.position() + (0.00,0.00) +@@ -467,7 +466,6 @@ Turtle motion + >>> turtle.goto(0, 0) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.position() + (0.00,0.00) +@@ -486,13 +484,11 @@ Turtle motion + orientation depends on the turtle mode, see :func:`mode`. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.setheading(22) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.heading() + 22.0 +@@ -511,13 +507,11 @@ Turtle motion + orientation depends on the turtle mode, see :func:`mode`. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.setheading(22) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.heading() + 22.0 +@@ -540,13 +534,11 @@ Turtle motion + not change the turtle's orientation. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.goto(0, 0) + + .. doctest:: +- :skipif: _tkinter is None + + >>> tp = turtle.pos() + >>> tp +@@ -570,13 +562,11 @@ Turtle motion + unchanged. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.goto(0, 240) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.position() + (0.00,240.00) +@@ -592,13 +582,11 @@ Turtle motion + Set the turtle's second coordinate to *y*, leave first coordinate unchanged. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.goto(0, 40) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.position() + (0.00,40.00) +@@ -625,7 +613,6 @@ Turtle motion + =================== ==================== + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.setheading(90) + >>> turtle.heading() +@@ -638,14 +625,12 @@ Turtle motion + its start-orientation (which depends on the mode, see :func:`mode`). + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.setheading(90) + >>> turtle.goto(0, -10) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.heading() + 90.0 +@@ -677,7 +662,6 @@ Turtle motion + calculated automatically. May be used to draw regular polygons. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.position() +@@ -706,7 +690,6 @@ Turtle motion + + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.dot() +@@ -724,7 +707,6 @@ Turtle motion + it by calling ``clearstamp(stamp_id)``. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.color("blue") + >>> turtle.stamp() +@@ -740,7 +722,6 @@ Turtle motion + Delete stamp with given *stampid*. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.position() + (150.00,-0.00) +@@ -785,7 +766,6 @@ Turtle motion + undo actions is determined by the size of the undobuffer. + + .. doctest:: +- :skipif: _tkinter is None + + >>> for i in range(4): + ... turtle.fd(50); turtle.lt(80) +@@ -818,7 +798,6 @@ Turtle motion + turtle turn instantly. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.speed() + 3 +@@ -839,7 +818,6 @@ Tell Turtle's state + Return the turtle's current location (x,y) (as a :class:`Vec2D` vector). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.pos() + (440.00,-0.00) +@@ -855,7 +833,6 @@ Tell Turtle's state + orientation which depends on the mode - "standard"/"world" or "logo". + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.goto(10, 10) + >>> turtle.towards(0,0) +@@ -867,7 +844,6 @@ Tell Turtle's state + Return the turtle's x coordinate. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.left(50) +@@ -883,7 +859,6 @@ Tell Turtle's state + Return the turtle's y coordinate. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.left(60) +@@ -900,7 +875,6 @@ Tell Turtle's state + :func:`mode`). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.left(67) +@@ -917,7 +891,6 @@ Tell Turtle's state + other turtle, in turtle step units. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.distance(30,40) +@@ -941,7 +914,6 @@ Settings for measurement + Default value is 360 degrees. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.left(90) +@@ -964,7 +936,6 @@ Settings for measurement + ``degrees(2*math.pi)``. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.left(90) +@@ -975,7 +946,6 @@ Settings for measurement + 1.5707963267948966 + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.degrees(360) +@@ -1011,7 +981,6 @@ Drawing state + thickness. If no argument is given, the current pensize is returned. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.pensize() + 1 +@@ -1043,7 +1012,6 @@ Drawing state + attributes in one statement. + + .. doctest:: +- :skipif: _tkinter is None + :options: +NORMALIZE_WHITESPACE + + >>> turtle.pen(fillcolor="black", pencolor="red", pensize=10) +@@ -1066,7 +1034,6 @@ Drawing state + Return ``True`` if pen is down, ``False`` if it's up. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.penup() + >>> turtle.isdown() +@@ -1107,7 +1074,6 @@ Color control + newly set pencolor. + + .. doctest:: +- :skipif: _tkinter is None + + >>> colormode() + 1.0 +@@ -1156,7 +1122,6 @@ Color control + with the newly set fillcolor. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.fillcolor("violet") + >>> turtle.fillcolor() +@@ -1195,7 +1160,6 @@ Color control + with the newly set colors. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.color("red", "green") + >>> turtle.color() +@@ -1212,7 +1176,6 @@ Filling + ~~~~~~~ + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.home() +@@ -1222,7 +1185,6 @@ Filling + Return fillstate (``True`` if filling, ``False`` else). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.begin_fill() + >>> if turtle.filling(): +@@ -1247,7 +1209,6 @@ Filling + above may be either all yellow or have some white regions. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.color("black", "red") + >>> turtle.begin_fill() +@@ -1264,7 +1225,6 @@ More drawing control + variables to the default values. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.goto(0,-22) + >>> turtle.left(100) +@@ -1315,7 +1275,6 @@ Visibility + drawing observably. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.hideturtle() + +@@ -1326,7 +1285,6 @@ Visibility + Make the turtle visible. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.showturtle() + +@@ -1357,7 +1315,6 @@ Appearance + deal with shapes see Screen method :func:`register_shape`. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.shape() + 'classic' +@@ -1383,7 +1340,6 @@ Appearance + ``resizemode("user")`` is called by :func:`shapesize` when used with arguments. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.resizemode() + 'noresize' +@@ -1407,7 +1363,6 @@ Appearance + of the shape's outline. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.shapesize() + (1.0, 1.0, 1) +@@ -1432,7 +1387,6 @@ Appearance + heading of the turtle are sheared. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.shape("circle") + >>> turtle.shapesize(5,2) +@@ -1449,7 +1403,6 @@ Appearance + change the turtle's heading (direction of movement). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.reset() + >>> turtle.shape("circle") +@@ -1469,7 +1422,6 @@ Appearance + (direction of movement). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.reset() + >>> turtle.shape("circle") +@@ -1495,7 +1447,6 @@ Appearance + turtle (its direction of movement). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.reset() + >>> turtle.shape("circle") +@@ -1524,7 +1475,6 @@ Appearance + given matrix. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle = Turtle() + >>> turtle.shape("square") +@@ -1540,7 +1490,6 @@ Appearance + can be used to define a new shape or components of a compound shape. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.shape("square") + >>> turtle.shapetransform(4, -1, 0, 2) +@@ -1565,7 +1514,6 @@ Using events + procedural way: + + .. doctest:: +- :skipif: _tkinter is None + + >>> def turn(x, y): + ... left(180) +@@ -1586,7 +1534,6 @@ Using events + ``None``, existing bindings are removed. + + .. doctest:: +- :skipif: _tkinter is None + + >>> class MyTurtle(Turtle): + ... def glow(self,x,y): +@@ -1614,7 +1561,6 @@ Using events + mouse-click event on that turtle. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.ondrag(turtle.goto) + +@@ -1642,7 +1588,6 @@ Special Turtle methods + Return the last recorded polygon. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.begin_poly() +@@ -1662,7 +1607,6 @@ Special Turtle methods + turtle properties. + + .. doctest:: +- :skipif: _tkinter is None + + >>> mick = Turtle() + >>> joe = mick.clone() +@@ -1675,7 +1619,6 @@ Special Turtle methods + return the "anonymous turtle": + + .. doctest:: +- :skipif: _tkinter is None + + >>> pet = getturtle() + >>> pet.fd(50) +@@ -1689,7 +1632,6 @@ Special Turtle methods + TurtleScreen methods can then be called for that object. + + .. doctest:: +- :skipif: _tkinter is None + + >>> ts = turtle.getscreen() + >>> ts +@@ -1707,7 +1649,6 @@ Special Turtle methods + ``None``, the undobuffer is disabled. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.setundobuffer(42) + +@@ -1717,7 +1658,6 @@ Special Turtle methods + Return number of entries in the undobuffer. + + .. doctest:: +- :skipif: _tkinter is None + + >>> while undobufferentries(): + ... undo() +@@ -1740,7 +1680,6 @@ below: + For example: + + .. doctest:: +- :skipif: _tkinter is None + + >>> s = Shape("compound") + >>> poly1 = ((0,0),(10,-5),(0,10),(-10,-5)) +@@ -1751,7 +1690,6 @@ below: + 3. Now add the Shape to the Screen's shapelist and use it: + + .. doctest:: +- :skipif: _tkinter is None + + >>> register_shape("myshape", s) + >>> shape("myshape") +@@ -1771,7 +1709,6 @@ Most of the examples in this section ref + ``screen``. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> screen = Screen() +@@ -1788,7 +1725,6 @@ Window control + Set or return background color of the TurtleScreen. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.bgcolor("orange") + >>> screen.bgcolor() +@@ -1880,7 +1816,6 @@ Window control + distorted. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.reset() + >>> screen.setworldcoordinates(-50,-7.5,50,7.5) +@@ -1891,7 +1826,6 @@ Window control + ... left(45); fd(2) # a regular octagon + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> screen.reset() +@@ -1913,7 +1847,6 @@ Animation control + Optional argument: + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.delay() + 10 +@@ -1935,7 +1868,6 @@ Animation control + :func:`delay`). + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.tracer(8, 25) + >>> dist = 2 +@@ -1972,7 +1904,6 @@ Using screen events + must have the focus. (See method :func:`listen`.) + + .. doctest:: +- :skipif: _tkinter is None + + >>> def f(): + ... fd(50) +@@ -1993,7 +1924,6 @@ Using screen events + must have focus. (See method :func:`listen`.) + + .. doctest:: +- :skipif: _tkinter is None + + >>> def f(): + ... fd(50) +@@ -2018,7 +1948,6 @@ Using screen events + named ``turtle``: + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.onclick(turtle.goto) # Subsequently clicking into the TurtleScreen will + >>> # make the turtle move to the clicked point. +@@ -2038,7 +1967,6 @@ Using screen events + Install a timer that calls *fun* after *t* milliseconds. + + .. doctest:: +- :skipif: _tkinter is None + + >>> running = True + >>> def f(): +@@ -2120,7 +2048,6 @@ Settings and special methods + ============ ========================= =================== + + .. doctest:: +- :skipif: _tkinter is None + + >>> mode("logo") # resets turtle heading to north + >>> mode() +@@ -2135,7 +2062,6 @@ Settings and special methods + values of color triples have to be in the range 0..*cmode*. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.colormode(1) + >>> turtle.pencolor(240, 160, 80) +@@ -2156,7 +2082,6 @@ Settings and special methods + do with a Tkinter Canvas. + + .. doctest:: +- :skipif: _tkinter is None + + >>> cv = screen.getcanvas() + >>> cv +@@ -2168,7 +2093,6 @@ Settings and special methods + Return a list of names of all currently available turtle shapes. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.getshapes() + ['arrow', 'blank', 'circle', ..., 'turtle'] +@@ -2192,7 +2116,6 @@ Settings and special methods + coordinates: Install the corresponding polygon shape. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.register_shape("triangle", ((5,-3), (0,5), (-5,-3))) + +@@ -2208,7 +2131,6 @@ Settings and special methods + Return the list of turtles on the screen. + + .. doctest:: +- :skipif: _tkinter is None + + >>> for turtle in screen.turtles(): + ... turtle.color("red") +@@ -2270,7 +2192,6 @@ Methods specific to Screen, not inherite + center window vertically + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.setup (width=200, height=200, startx=0, starty=0) + >>> # sets window to 200x200 pixels, in upper left of screen +@@ -2286,7 +2207,6 @@ Methods specific to Screen, not inherite + Set title of turtle window to *titlestring*. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.title("Welcome to the turtle zoo!") + +@@ -2357,7 +2277,6 @@ Public classes + Example: + + .. doctest:: +- :skipif: _tkinter is None + + >>> poly = ((0,0),(10,-5),(0,10),(-10,-5)) + >>> s = Shape("compound") +@@ -2743,7 +2662,6 @@ Changes since Python 3.0 + + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> for turtle in turtles(): diff --git a/pre_checkin.sh b/pre_checkin.sh new file mode 100644 index 0000000..a2cf992 --- /dev/null +++ b/pre_checkin.sh @@ -0,0 +1,78 @@ +#!/bin/bash + +export LC_ALL=C + +master=python*.spec + +# create import_failed.map from package definitions +pkgname=$(grep python_pkg_name $master |grep define |awk -F' ' '{print $3}') +MAPFILE=import_failed.map +function new_map_line () { + package=$1 + package=$(echo $1 |sed -e "s:%{python_pkg_name}:$pkgname:") + modules=$2 + if [ -z "$package" -o -z "$modules" ]; then + return + fi + if [[ "$package" =~ "-base" ]]; then + return + fi + echo "$package:$modules" >> $MAPFILE.tmp +} + +for spec in *.spec; do + basename=${spec%.spec} + package= + modules= + while read line; do + case $line in + "%files -n "*) + new_map_line $package "$modules" + package=${line#"%files -n "} + modules= + ;; + "%files "*) + new_map_line $package "$modules" + package=$basename-${line#"%files "} + modules= + ;; + "%files") + new_map_line $package "$modules" + package=$basename + modules= + ;; + "%{sitedir}/config-"*) + # ignore + ;; + "%{sitedir}/"*) + word=${line#"%{sitedir}/"} + if ! echo $word | grep -q /; then + modules="$modules $word" + fi + ;; + "%{dynlib "*"}") + word=${line#"%{dynlib "} + word=${word%"}"} + modules="$modules $word" + ;; + esac + done < $spec + new_map_line $package "$modules" +done + +cat $MAPFILE.tmp |sort -u > $MAPFILE +rm $MAPFILE.tmp + +# run test inclusion check +tar xJf Python-*.xz +python3 skipped_tests.py + +# generate baselibs.conf +VERSION=$(grep ^Version $master|awk -F':' '{print $2}' |sed -e 's/ //g') +python_version=${VERSION:0:3} # 3.3 +python_version_abitag=${python_version//./} # 33 +python_version_soname=${python_version//./_} # 3_3 +echo "$pkgname-base" > baselibs.conf +echo "$pkgname" >> baselibs.conf +echo "libpython$python_version_soname-1_0" >> baselibs.conf + diff --git a/python-3.3.0b1-fix_date_time_compiler.patch b/python-3.3.0b1-fix_date_time_compiler.patch new file mode 100644 index 0000000..cda20d7 --- /dev/null +++ b/python-3.3.0b1-fix_date_time_compiler.patch @@ -0,0 +1,27 @@ +--- + Makefile.pre.in | 7 +++++++ + 1 file changed, 7 insertions(+) + +Index: Python-3.11.8/Makefile.pre.in +=================================================================== +--- Python-3.11.8.orig/Makefile.pre.in ++++ Python-3.11.8/Makefile.pre.in +@@ -1240,11 +1240,18 @@ Modules/getbuildinfo.o: $(PARSER_OBJS) \ + $(DTRACE_OBJS) \ + $(srcdir)/Modules/getbuildinfo.c + $(CC) -c $(PY_CORE_CFLAGS) \ ++ -DDATE="\"`date -u -r Makefile.pre.in +"%b %d %Y"`\"" \ ++ -DTIME="\"`date -u -r Makefile.pre.in +"%T"`\"" \ + -DGITVERSION="\"`LC_ALL=C $(GITVERSION)`\"" \ + -DGITTAG="\"`LC_ALL=C $(GITTAG)`\"" \ + -DGITBRANCH="\"`LC_ALL=C $(GITBRANCH)`\"" \ + -o $@ $(srcdir)/Modules/getbuildinfo.c + ++Python/getcompiler.o: $(srcdir)/Python/getcompiler.c Makefile ++ $(CC) -c $(PY_CORE_CFLAGS) \ ++ -DCOMPILER='"[GCC]"' \ ++ -o $@ $(srcdir)/Python/getcompiler.c ++ + Modules/getpath.o: $(srcdir)/Modules/getpath.c Python/frozen_modules/getpath.h Makefile $(PYTHON_HEADERS) + $(CC) -c $(PY_CORE_CFLAGS) -DPYTHONPATH='"$(PYTHONPATH)"' \ + -DPREFIX='"$(prefix)"' \ diff --git a/python-3.3.0b1-localpath.patch b/python-3.3.0b1-localpath.patch new file mode 100644 index 0000000..475497e --- /dev/null +++ b/python-3.3.0b1-localpath.patch @@ -0,0 +1,13 @@ +Index: Python-3.11.8/Lib/site.py +=================================================================== +--- Python-3.11.8.orig/Lib/site.py ++++ Python-3.11.8/Lib/site.py +@@ -77,7 +77,7 @@ import io + import stat + + # Prefixes for site-packages; add additional prefixes like /usr/local here +-PREFIXES = [sys.prefix, sys.exec_prefix] ++PREFIXES = [sys.prefix, sys.exec_prefix, '/usr/local'] + # Enable per user site-packages directory + # set it to False to disable the feature or True to force the feature + ENABLE_USER_SITE = None diff --git a/python-3.3.0b1-test-posix_fadvise.patch b/python-3.3.0b1-test-posix_fadvise.patch new file mode 100644 index 0000000..ac5d553 --- /dev/null +++ b/python-3.3.0b1-test-posix_fadvise.patch @@ -0,0 +1,17 @@ +--- + Lib/test/test_posix.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +Index: Python-3.11.8/Lib/test/test_posix.py +=================================================================== +--- Python-3.11.8.orig/Lib/test/test_posix.py ++++ Python-3.11.8/Lib/test/test_posix.py +@@ -430,7 +430,7 @@ class PosixTester(unittest.TestCase): + def test_posix_fadvise(self): + fd = os.open(os_helper.TESTFN, os.O_RDONLY) + try: +- posix.posix_fadvise(fd, 0, 0, posix.POSIX_FADV_WILLNEED) ++ posix.posix_fadvise(fd, 0, 0, posix.POSIX_FADV_RANDOM) + finally: + os.close(fd) + diff --git a/python.keyring b/python.keyring new file mode 100644 index 0000000..747bc27 --- /dev/null +++ b/python.keyring @@ -0,0 +1,109 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBFq+ToQBEADRYvIVtbK6owynD3j3nxwpW2KEk/p+aDvtXmc2SR2dBcZ8sFW2 +R5vEsG8d3/D3wgv5pcL3KfNNXQYUnXVbobrFUUWQYc79qIsE3MgiPf5NVOtwKPUR +i5g9YJgKvpBxkQfqp3LYGm9ZBtwo3DVLA3yn7KsazCmAgTNFJYw7ku1XxgmIzY6K +5J30DfbJiqDqj4f9GslCCCCH3qiPnuLG/HUyVLHMpbWlaiy9NI0GcaLxjJewHj9w +W2D2lydkxe5JGo7egUkV3ILcuLVSVKA35SKY27dYqfuyqp9tAzaRbjDYjsYdHA6G +BqrNrKBn/GwlFDPrVdcvN3ZSY2wMLTxWE3Axc/FweuHxFnou/80FwX7F3JD+oEQ6 +rofmcxOBCC7J98I7HZAhP9jBn88XIS2hztbLq8d6rZJZRtcz0k61VR0ddO+TrFmf +9rMYCPgCckRtVxeFIVIabrN1IzKynLFeo040h8hSGswd6YKDOVwjJY6Oa6EmVefZ +a8QSt4+M65RSzH6SEPY008F3nJUAK6MEkzTak+tFltZNrVWu8p2xd1j9nmxAwEhZ +/lgbxLqzYgaUWmfyHeZ8yVA0MhHzdiAL8nVUEdG3KecIq0RWCJLGLWWIjd6KAJl1 +yAmhRYKK/sjPDsL3elHsFACfZbyx3o5GGQNlas1FYoPLWbaNGaJtgFTF2QARAQAB +tCtQYWJsbyBHYWxpbmRvIFNhbGdhZG8gPHBhYmxvZ3NhbEBnbWFpbC5jb20+iQJO +BBMBCgA4FiEEoDXIwZIZuoIezqhrZOYo+NaEaW0FAlq+ToQCGwMFCwkIBwMFFQoJ +CAsFFgIDAQACHgECF4AACgkQZOYo+NaEaW2bmA/+PXIap2udLoUVOHxnsIBdqYwp +sv1Aj5lfIJmNhmxPbHShwp1Jg+w4urxe+2Dj5ofKVlIo1i83bQkvnKJMDXDVuc/K +P6zqhBJ3rT4Q3qx2mzX8bIfQoJ2JHuH4lkP+I7doDcHHRyeNASyk72VdQmU4twNw +Ibn8nSNV6ThKHdoPYzVnO2rZUFcGIqH5HNsvR+B7cc1MBCHsgURYwSVhSePIFGlZ +iasdBD6QQkDSe4QWi7AcJFWFElw4kbOKJWxAWsrEk+tMXJVGRjnmL289EmPCx/vx +BqKy7Mse0yWCSRR3vB+O6TB1S5SgEyEgqlYsfGNv1qf/rfRD4KkyCbNU3LhY1Aim +vJP4pDW+KFxTk2Ks8vrx8gOSd2aFqPeO/pFDrpsF7PD62XwsfoXu4xc5V0Giw7r1 +Nai0nax7kOrldNF8TbbtRjW0jmoC7wLIDujAkwDIOroZ0CXA3N4HVHdSbrHm/urX +nyxJXupXAQNwGx64JCBcbF2fp3Kvu1VAXBEFnd01KaopthHcbG5pA50Kl2Vhe+98 +OdezUX42fHkQpQkB7HgtXfm6W1bw6YRBamrNvs1OoHBYmUjlECpe566IIu25Hc8s +x3qA+6eca7iqizyLG+WyMT8ZIYTWGAS59jxwR4esqGczbbZPSAPHFwLbGv7Wr0Rd +TPu5B0FcKpDkTd4IxQW5Ag0EWr5O2gEQAMjLe4CtbSfofmJrz5wfNkMVsZ81Gbqe +MoYd3dtkJnQYERUj8flzBj3ucaxGJ+Cuf7ybh3naPopKvEI1q0vkcgCDqrEgXK// +jKJbP28uPSMGhOG28q4PbamG55gy5FtM3ezzAxPWWKe9qBpV65GMmFy7eBQx2iJs +yiDIOOQQ4kraS+cTqNFimEXAGLCOQRNLcwIZzwAAHoW7HEpNUfVwaBD9kMlbo1ND +I60IKcNrNcmcmRxhJqfxjj8YBMwcKHO6GBE3AVpaE/+UO9zyr4TH+0YuQUgxKlPW +Dkg5XlkDo0S1GyLY5e9ckIDIlkTdDa2pOkoE2yB5MQCEga3YiHrKUVTTWaxn9XVJ +6x5ZjUF6bgSWGkrG5dUqSYoO1iDMuNVjtiujNyf/rvfj5cNxS7/lgxchhQKZHZXL +WVqxlneeVJ6s0P4+ROVG9ga2Sve7aUJ6wXIewZwulBcV2sE/W/DgxHgLBi53CUQt +vEzFzKvo48GnDqL5VYjA7l0HMYHd4GksCLi8E8U6Cgj+imXiM8voL7pHRZfs8mY8 +udR+UT4e1Scl2MYP2qBJ9/17B/X52B3s1EZdqI/r+hfOyqrhPs+dbAN0mtMPn68+ +nrvY1+nscvrSYEP6ZBlc9Hp2mgJdb6IcTvINXBEeLRjgc3pjViva443pkiFp9Axm +ecOckMKP3uSlABEBAAGJBGwEGAEKACAWIQSgNcjBkhm6gh7OqGtk5ij41oRpbQUC +Wr5O2gIbAgJACRBk5ij41oRpbcF0IAQZAQoAHRYhBM/cokWxBDzypfl4Zf/odAQW +i9hHBQJavk7aAAoJEP/odAQWi9hHr7YP/RCLre1CmOoWYpAtoa1yVCeYMDV6eQgL +B488/BEZHQE1zbrYy16XkhORob3JF/kUMjmJW7XaFF8FrWvRcdj/xaUGbOOEulKg +v+8zWfswYQRiZ4/JlwER4vRLi6fTE89MVER6Fkj2ASD4D2cifY+EztD4flV3sq3s +vIogGFaN9IvdrdeptOVGXs1RmAyoTsiS2mKQ6xsGh8B9ZAm55W8fBOGiSzLX21Xk +Ofdw53BrFQxn3cu/JgIKpdeZxgukcvEAI62B6X+YL6Na4j0eqEGLzsNtU1+xeJlo +WtVvmRwnRHGSxF6fzIZ3mk/p/aFiXAEq/xITCTY6tDv7x7pFE/RpdlJZyNJ+R5Y4 +SQiuDsylxNCa/4G5EB6q+7iVYtbEQ9MnZg2phowEE42tlj0rz8/rvDK3LH3xibot +KHIodCWKlWByxH99u2PuHUQ0c1oCVBUE1KkruMpvI236DpU/dvdq4JLSg/fWrys/ +VIjqLZgsIE5g/KO9XqngWHkLcBLh4CNAmHJ8Iia+s+/rfgsejQWB5uJb6eYg2JjB +4WP1EI0rULM6fdrCNB+MJ36wE2Lnb4bfT0phOMgjjH5/Ki7ZCbkxkOsBs4SRjiS+ +weCsmpAtMqodWY/Cnw9pWSA/qLSRD5/mKeb9SO6OZ/OPfAatwnGHsvZ2sAueC6rR +04W5BfXZWrnJUXQP/id/EKE1Ksp5fKoxSCbkKTCig+Sf5Afwe36yFN+niZBqzn5b +BgL/HIKaZM97oDHersPPANeEgS+JVlBf95iKIYnQbZP43FLVbvOuaINhBIVtFO54 +2Y7EYwl41kP7ILDElVy36KAmdQyBAfrjnZiRA70xShOxApLug1L0lxhR3YfmLwNi +RJ0V6KnYDKf0pfdhO9VFyFFWUojX1usn2SmSsXNizsNtvRqHXzPnX0rbJzZ9+N4O +9k1nxygYFG/2R/jGonVmTjRzcAHrAkNJETMWXMA7/8wRMDwluz8j+cCldey9x8Vk +JwgLGnZSbQtVpcFAnm5r/36Gt+9wc1VWMyrUrVr6Z679aqAbG7PMaeR5h5ygMj1k +VqRTYAUPSk1f8bZKRssQkQwEbp9dVIjm9SsR8VT7/tB+UuB85dABxgHfv3psJRT+ +tL8g9V7kSZqQfcLNGmvEVvr2Zl9NtxwXtsFM2OBprxCenwb+e9Ppm1LjfJG/NE72 +mAnOERfDaiLt4bqNo36Ei5sGCJ4Fx61phzNBXzkdRNM47i8J5UZRKFkE91c99BVM +HKUaY61NRK24fR0zP98ftDU82YFw0VRFJpTeBrO5ivN1MlQxUPzUWxKxMxO+20wa +UOXroEw11Tb4SRLGOla1pCl6lCUPJRy9IzadPDgTr/OTMkob/snt/XLdnV5/uQIN +BFq+TvoBEAC8Oy1g6pPWBbrCMhIq7VWY2fjylJ1fwg5BPXkOKVK1dsGYO4QD7oW9 +L0aSqcFSNFGF9Cl0Ri4TFXZC3hnG4HeSXUWApuKdBLn21H3jba36Ay1oGcGfdm0v +Zght4c6BlMVBpGCw2wIkJbUNEy6InMM+O8CCbbaH3iJkJ4141P7pODHignx5AmZI +conMui4YOhC+IXQXynVEv1Juk7erB1Nh1RcRvsA4lb44HWx49lIwe85ejOmoZ0O3 +6f9NJRer6bV0+rHWmg4IV5Q9h/Gn4IhEDZxA0DZl1RQI7dMgaMbIFbXGq7Kgzstz +EUnOoy29hXodxVmwIsMrAiQUYtwJ9hW+ESsw47+W2iPHVgviGWl7r/SgcgMYmf6m +5kiTBtwU7BQPS9G3zwwP2Rm3AA/6g39Q+tQKjOwi1I8+GZsY2On44Zly7BreBNg5 +4gJgdAGcMOYU9etr050clH3UpTYcAEtX++ahtOKhJgLIPNcIAQNlnifqvU0VYpgw +R4YpZ7hgg+AVDzC73PIM0lFI0XiDuqChbxE+K1jmLXWe5iJF0dzgVTwP+PmsifNZ +Wg3+YxSsS+hDMPQ2xPiQN49gT4JJDHcDuyhHyCGYgyMiVJCsku9KrkubbfVRivyN +ZF2Zfo3f+nbrRxsftz0yjAq8byCvb0V0XOpt4pJ/ddlug9ytRxALNwARAQABiQI2 +BBgBCgAgFiEEoDXIwZIZuoIezqhrZOYo+NaEaW0FAlq+TvoCGwwACgkQZOYo+NaE +aW3urA//UQ/cKQ7HvWjcLphzQOZc+6m5YL0wxvZkSjemU7mqjZdpacteIvRAoers +EqXHc208liIBtNfRzoreXdcXNzie65xXkrRnWoHVH/fTWy4lOnHr2CMXLeHjUgg/ +M6PYi8+sARm05YFB8nsYhlhx3IdLhcfeVVbJedQKO0yL3CK1okT30DUVq5Lq6X/K +DC6AxuJR3D6UMSoT0WLaoX8qbhAp88qLynInfBVL18d97h916WPLTPeP0eHwhwND +bYtKDCMDuKQ9XX5+QsNH0RmbxlX274LHrUMMvkLKxcfCBvP+iuqrBeIuoeVzXYJZ +j7ZJtEH79bW44eecl/CY/STFYgSQ2XGTp2BI2q60wAmtKlNhwxY5ena0FgyFl6Tm +5OBHW/Pwo+ndQJGfbrCyWkTgRay9c8er3gl3GQYIBH6X0kCiG7h/Epj0b5CHOPU5 +hCw0kEB8MB4poTIjeiY+Q01472/lQ68CL3DX158hR5d3XaPSIxAN+qFsfB1o316p +yjxhfK1MD/IfrOgjlggPPnc/KmLkCzpgdwKcZwLCdZq9hYBvF1Zs34HbaVMYbWTK +uxLowtXGU43vatCXXqmPOvl4/g4tZD6rysJDgOrHQnEHzT+Napn07s0BRC0IbbNn +FynUrkr5KMSuRz7Hg7xMApENOrb0nqdHSUJ914ZpuMIS6RhJgGu5Ag0EWr5PIAEQ +ALfh9vPD2B+miHDTMADI8aRZ7g9tnzynZYkk3+2sCiiusetsQQ+HIPJ/ASEJB7On +ane9dyT/LTRhrK9qaxgVMimk2COXB/xyh7Mnw7nJgFU0aRSbtX0vbvQz2suSzrQ6 +9mPKzan28JGoClqB0bw1vwf3VjjxHV2dgD57CmqFPv7kAC/2a56dE+etzXattZAL ++2JWTpmfQ0ePRRadtBm0VahQhnU8x0+jvAVrEawqpVW83ozYFyW/0WInM2J7jHgQ +16OosY4lj5L/DxpVxaArhRFoRfWPXfC37iE8Mou/I95isvPQIhp1wTo4jG0KM02B +oIVbp/QRNBQ6WtpOzvJs1gqQiJJTfqbKJXQ3NDEY9crpVS83HJ+Zv99PNsyNkFjG +QpU84U3ZhsI4ygjdY45mpZueqI1RVcRQdu8Hgvoo/78Q/Sir6gMGop3mVdVo2guI +kFcJrXh0Xk3ech4aVqrmKx/mPXGwOAQU0DAul4RW3fKg1QxQE7Tlw3+95Ee/+q5j +HARL0uDbCJpRO8Sl8NDEuL32n/2Ot6kQeCSHrU7KJRYAkTxkKvr8zNow7hFhHFPE +SnHvTnskI6noh0VY6NwMhmLvhm0wKkRxZPzUNc3sgLvbK1NymIZ9aKCZamzhZrmG +vnblEz/OSLwGUua465H3hM1vvBQiartj7+6ZqWIkSmBPABEBAAGJAjYEGAEKACAW +IQSgNcjBkhm6gh7OqGtk5ij41oRpbQUCWr5PIAIbIAAKCRBk5ij41oRpbWmeEACG ++axtDC8UoNp9ORiYwEWLzZWDuugE+ah7DYYGD4Vs633FXVZW3SgM/bFtJ/0Lg8CF +74jI4LMHyIjDzEjcoItwnhBLix+kUoJTvrY58GPydwekLuw1p4KXLqtRs4fsZbNQ +YTknl4jYtRWoxO98x7tun7Gq2gqmJkIB2uj630fKz5cBk6p6oDFKjzyrHe+V7BiK +3okQPaD4x7hq8OnTy7lOy92ZZAqztS4tNEb4DkYW1MpuwsJ7hbBZitc1siI+FVVb +GjVVGZz6ssXoW67Tz8+VxdWJxNLXlv27eMcj4sme5S0th/YYNA5fRRv6zuzqZAru +YNGLpYYU7JLvZJ+3lCwa5j5ycOGBF0GvsGs6gj6h+CHkjR/BgzAgWC+GgUgslt6q +aH04rWtV6rVz+Y91LcrX5P6OM4anmXD3Gp3kl35AypXb4KyASF19+11RUziD4Z7q +wQEWfbwOltNyZv2lD8s2jPr7P02axWRQUbZAEhxRmvOQev/FZPyCF6gqUo/HxRbQ +y3bzmnipyHSv1DlXNfCFCHvN8kGyZnRWARqIKRg+j9ediJgOUqlLhg6KmrTVxd5v +3Dfv52PW2UODDTM20s3cQGuX/UswzMRwPI/+P44iCMwEKdm7duM/5oisZT9Vhy7g +P15MreFZLcZvUVgjqgy0u57cstyGK1Bo9e2sFcK2fA== +=6Zb4 +-----END PGP PUBLIC KEY BLOCK----- diff --git a/python311-rpmlintrc b/python311-rpmlintrc new file mode 100644 index 0000000..5b35f34 --- /dev/null +++ b/python311-rpmlintrc @@ -0,0 +1,3 @@ +addFilter("pem-certificate.*/usr/lib.*/python.*/test/*.pem") +addFilter("devel-file-in-non-devel-package.*/usr/lib.*/python.*/tests/*.c") +addFilter("devel-file-in-non-devel-package.*/usr/lib.*/python.*/test/*.cpp") diff --git a/python311.changes b/python311.changes new file mode 100644 index 0000000..97d8e4b --- /dev/null +++ b/python311.changes @@ -0,0 +1,5456 @@ +------------------------------------------------------------------- +Mon Nov 11 12:43:40 UTC 2024 - Daniel Garcia + +- Remove -IVendor/ from python-config boo#1231795 + +------------------------------------------------------------------- +Fri Nov 1 16:32:10 UTC 2024 - Matej Cepl + +- Add CVE-2024-9287-venv_path_unquoted.patch to properly quote + path names provided when creating a virtual environment + (bsc#1232241, CVE-2024-9287) + +------------------------------------------------------------------- +Wed Oct 2 16:18:29 UTC 2024 - Matej Cepl + +- Drop .pyc files from docdir for reproducible builds + (bsc#1230906). + +------------------------------------------------------------------- +Mon Sep 9 16:53:07 UTC 2024 - Matej Cepl + +- Update to 3.11.10: + - Security + - gh-123678: Upgrade libexpat to 2.6.3 + - gh-121957: Fixed missing audit events around interactive + use of Python, now also properly firing for ``python -i``, + as well as for ``python -m asyncio``. The event in question + is ``cpython.run_stdin``. + - gh-122133: Authenticate the socket connection for the + ``socket.socketpair()`` fallback on platforms where + ``AF_UNIX`` is not available like Windows. Patch by + Gregory P. Smith and Seth Larson + . Reported by Ellie + - gh-121285: Remove backtracking from tarfile header parsing + for ``hdrcharset``, PAX, and GNU sparse headers + (bsc#1230227, CVE-2024-6232). + - gh-118486: :func:`os.mkdir` on Windows now accepts + *mode* of ``0o700`` to restrict the new directory to + the current user. This fixes CVE-2024-4030 affecting + :func:`tempfile.mkdtemp` in scenarios where the base + temporary directory is more permissive than the default. + - gh-116741: Update bundled libexpat to 2.6.2 + - Library + - gh-123270: Applied a more surgical fix for malformed + payloads in :class:`zipfile.Path` causing infinite loops + (gh-122905) without breaking contents using legitimate + characters (bsc#1229704, CVE-2024-8088). + - gh-123067: Fix quadratic complexity in parsing ``"``-quoted + cookie values with backslashes by :mod:`http.cookies` + (bsc#1229596, CVE-2024-7592). + - gh-122905: :class:`zipfile.Path` objects now sanitize names + from the zipfile. + - gh-121650: :mod:`email` headers with embedded newlines are + now quoted on output. The :mod:`~email.generator` will now + refuse to serialize (write) headers that are unsafely folded + or delimited; see :attr:`~email.policy.Policy.verify_generated_headers`. + (Contributed by Bas Bloemsaat and Petr Viktorin in + :gh:`121650`; CVE-2024-6923, bsc#1228780). + - gh-119506: Fix :meth:`!io.TextIOWrapper.write` method + breaks internal buffer when the method is called again + during flushing internal buffer. + - gh-118643: Fix an AttributeError in the :mod:`email` module + when re-fold a long address list. Also fix more cases of + incorrect encoding of the address separator in the address + list. + - gh-113171: Fixed various false positives and false + negatives in * :attr:`ipaddress.IPv4Address.is_private` + (see these docs for details) * + :attr:`ipaddress.IPv4Address.is_global` * + :attr:`ipaddress.IPv6Address.is_private` * + :attr:`ipaddress.IPv6Address.is_global` Also in the + corresponding :class:`ipaddress.IPv4Network` and + :class:`ipaddress.IPv6Network` attributes. + Fixes bsc#1226448 (CVE-2024-4032). + - gh-102988: :func:`email.utils.getaddresses` and + :func:`email.utils.parseaddr` now return ``('', '')`` + 2-tuples in more situations where invalid email addresses + are encountered instead of potentially inaccurate + values. Add optional *strict* parameter to these two + functions: use ``strict=False`` to get the old behavior, + accept malformed inputs. ``getattr(email.utils, + 'supports_strict_parsing', False)`` can be use to check if + the *strict* paramater is available. Patch by Thomas Dwyer + and Victor Stinner to improve the CVE-2023-27043 fix + (bsc#1210638). + - gh-67693: Fix :func:`urllib.parse.urlunparse` and + :func:`urllib.parse.urlunsplit` for URIs with path starting + with multiple slashes and no authority. Based on patch by + Ashwin Ramaswami. + - Core and Builtins + - gh-112275: A deadlock involving ``pystate.c``'s + ``HEAD_LOCK`` in ``posixmodule.c`` at fork is now + fixed. Patch by ChuBoning based on previous Python 3.12 fix + by Victor Stinner. + - gh-109120: Added handle of incorrect star expressions, e.g + ``f(3, *)``. Patch by Grigoryev Semyon +- Removed upstreamed patches: + - CVE-2023-27043-email-parsing-errors.patch + - CVE-2024-4032-private-IP-addrs.patch + - CVE-2024-6923-email-hdr-inject.patch + - CVE-2024-8088-inf-loop-zipfile_Path.patch + +------------------------------------------------------------------- +Mon Sep 2 09:44:26 UTC 2024 - Matej Cepl + +- Add gh120226-fix-sendfile-test-kernel-610.patch to avoid + failing test_sendfile_close_peer_in_the_middle_of_receiving + tests on Linux >= 6.10 (GH-120227). + +------------------------------------------------------------------- +Wed Aug 28 16:54:34 UTC 2024 - Matej Cepl + +- Add CVE-2024-8088-inf-loop-zipfile_Path.patch to prevent + malformed payload to cause infinite loops in zipfile.Path + (bsc#1229704, CVE-2024-8088). + +------------------------------------------------------------------- +Wed Aug 7 12:12:42 UTC 2024 - Matej Cepl + +- Add CVE-2024-6923-email-hdr-inject.patch to prevent email + header injection due to unquoted newlines (bsc#1228780, + CVE-2024-6923). +- %{profileopt} variable is set according to the variable + %{do_profiling} (bsc#1227999) + +------------------------------------------------------------------- +Mon Jul 22 21:20:55 UTC 2024 - Matej Cepl + +- Remove %suse_update_desktop_file macro as it is not useful any + more. + +------------------------------------------------------------------- +Thu Jul 18 22:37:07 UTC 2024 - Matej Cepl + +- Adding bso1227999-reproducible-builds.patch fixing bsc#1227999 + adding reproducibility patches from gh#python/cpython!121872 + and gh#python/cpython!121883. + +------------------------------------------------------------------- +Mon Jul 15 12:14:05 UTC 2024 - Matej Cepl + +- Stop using %%defattr, it seems to be breaking proper executable + attributes on /usr/bin/ scripts (bsc#1227378). + +------------------------------------------------------------------- +Tue Jul 2 10:32:58 UTC 2024 - Daniel Garcia + +- Update F00251-change-user-install-location.patch to make pip and + modern tools install directly in /usr/local when used by the user. + bsc#1225660 + +------------------------------------------------------------------- +Tue Jun 25 21:57:40 UTC 2024 - Matej Cepl + +- Add CVE-2024-4032-private-IP-addrs.patch to fix bsc#1226448 + (CVE-2024-4032) rearranging definition of private v global IP + addresses. + +------------------------------------------------------------------- +Wed May 1 08:39:08 UTC 2024 - Matej Cepl + +- Update CVE-2023-52425-libexpat-2.6.0-backport.patch + so that it uses features sniffing, not just + comparing version number. Include also + support-expat-CVE-2022-25236-patched.patch. +- Add CVE-2023-52425-remove-reparse_deferral-tests.patch skipping + failing tests. +- Refresh patches: + - CVE-2023-27043-email-parsing-errors.patch + - fix_configure_rst.patch + - skip_if_buildbot-extend.patch +- Remove included patch: + - support-expat-CVE-2022-25236-patched.patch + +------------------------------------------------------------------- +Mon Apr 15 10:31:32 UTC 2024 - Daniel Garcia + +- Add CVE-2023-52425-libexpat-2.6.0-backport.patch to fix tests with + patched libexpat below 2.6.0 that doesn't update the version number, + just in SLE. + +------------------------------------------------------------------- +Mon Apr 8 05:44:04 UTC 2024 - Daniel Garcia + +- Remove not needed upstream patches: + * libexpat260.patch + * CVE-2023-6597-TempDir-cleaning-symlink.patch, bsc#1219666 + +- Update to 3.11.9: + * Security + - gh-115398: Allow controlling Expat >=2.6.0 reparse deferral + (CVE-2023-52425, bsc#1219559) by adding five new methods: + xml.etree.ElementTree.XMLParser.flush() + xml.etree.ElementTree.XMLPullParser.flush() + xml.parsers.expat.xmlparser.GetReparseDeferralEnabled() + xml.parsers.expat.xmlparser.SetReparseDeferralEnabled() + xml.sax.expatreader.ExpatParser.flush() + - gh-115399: Update bundled libexpat to 2.6.0 + - gh-115243: Fix possible crashes in collections.deque.index() + when the deque is concurrently modified. + - gh-114572: ssl.SSLContext.cert_store_stats() and + ssl.SSLContext.get_ca_certs() now correctly lock access to the + certificate store, when the ssl.SSLContext is shared across + multiple threads (bsc#1226447, CVE-2024-0397). + * Core and Builtins + - gh-116296: Fix possible refleak in object.__reduce__() internal + error handling. + - gh-116034: Fix location of the error on a failed assertion. + - gh-115823: Properly calculate error ranges in the parser when + raising SyntaxError exceptions caused by invalid byte sequences. + Patch by Pablo Galindo + - gh-112087: For an empty reverse iterator for list will be + reduced to reversed(). Patch by Donghee Na. + - gh-115011: Setters for members with an unsigned integer type now + support the same range of valid values for objects that has a + __index__() method as for int. + - gh-96497: Fix incorrect resolution of mangled class variables + used in assignment expressions in comprehensions. + * Library + - gh-117310: Fixed an unlikely early & extra Py_DECREF triggered + crash in ssl when creating a new _ssl._SSLContext if CPython was + built implausibly such that the default cipher list is empty or + the SSL library it was linked against reports a failure from its + C SSL_CTX_set_cipher_list() API. + - gh-117178: Fix regression in lazy loading of self-referential + modules, introduced in gh-114781. + - gh-117084: Fix zipfile extraction for directory entries with the + name containing backslashes on Windows. + - gh-117110: Fix a bug that prevents subclasses of typing.Any to + be instantiated with arguments. Patch by Chris Fu. + - gh-90872: On Windows, subprocess.Popen.wait() no longer calls + WaitForSingleObject() with a negative timeout: pass 0 ms if the + timeout is negative. Patch by Victor Stinner. + - gh-116957: configparser: Don’t leave ConfigParser values in an + invalid state (stored as a list instead of a str) after an + earlier read raised DuplicateSectionError or + DuplicateOptionError. + - gh-90095: Ignore empty lines and comments in .pdbrc + - gh-116764: Restore support of None and other false values in + urllib.parse functions parse_qs() and parse_qsl(). Also, they + now raise a TypeError for non-zero integers and non-empty + sequences. + - gh-116811: In PathFinder.invalidate_caches, delegate to + MetadataPathFinder.invalidate_caches. + - gh-116600: Fix repr() for global Flag members. + - gh-116484: Change automatically generated tkinter.Checkbutton + widget names to avoid collisions with automatically generated + tkinter.ttk.Checkbutton widget names within the same parent + widget. + - gh-116401: Fix blocking os.fwalk() and shutil.rmtree() on + opening named pipe. + - gh-116143: Fix a race in pydoc _start_server, eliminating a + window in which _start_server can return a thread that is + “serving” but without a docserver set. + - gh-116325: typing: raise SyntaxError instead of AttributeError + on forward references as empty strings. + - gh-90535: Fix support of interval values > 1 in + logging.TimedRotatingFileHandler for when='MIDNIGHT' and + when='Wx'. + - gh-115978: Disable preadv(), readv(), pwritev(), and writev() on + WASI. + - Under wasmtime for WASI 0.2, these functions don’t pass + test_posix + (https://github.com/bytecodealliance/wasmtime/issues/7830). + - gh-88352: Fix the computation of the next rollover time in the + logging.TimedRotatingFileHandler handler. computeRollover() now + always returns a timestamp larger than the specified time and + works correctly during the DST change. doRollover() no longer + overwrite the already rolled over file, saving from data loss + when run at midnight or during repeated time at the DST change. + - gh-87115: Set __main__.__spec__ to None when running a script + with pdb + - gh-76511: Fix UnicodeEncodeError in email.Message.as_string() + that results when a message that claims to be in the ascii + character set actually has non-ascii characters. Non-ascii + characters are now replaced with the U+FFFD replacement + character, like in the replace error handler. + - gh-75988: Fixed unittest.mock.create_autospec() to pass the call + through to the wrapped object to return the real result. + - gh-115881: Fix issue where ast.parse() would incorrectly flag + conditional context managers (such as with (x() if y else z()): + ...) as invalid syntax if feature_version=(3, 8) was passed. + This reverts changes to the grammar made as part of gh-94949. + - gh-115886: Fix silent truncation of the name with an embedded + null character in multiprocessing.shared_memory.SharedMemory. + - gh-115809: Improve algorithm for computing which rolled-over log + files to delete in logging.TimedRotatingFileHandler. It is now + reliable for handlers without namer and with arbitrary + deterministic namer that leaves the datetime part in the file + name unmodified. + - gh-74668: urllib.parse functions parse_qs() and parse_qsl() now + support bytes arguments containing raw and percent-encoded + non-ASCII data. + - gh-67044: csv.writer() now always quotes or escapes '\r' and + '\n', regardless of lineterminator value. + - gh-115712: csv.writer() now quotes empty fields if delimiter is + a space and skipinitialspace is true and raises exception if + quoting is not possible. + - gh-115618: Fix improper decreasing the reference count for None + argument in property methods getter(), setter() and deleter(). + - gh-115570: A DeprecationWarning is no longer omitted on access + to the __doc__ attributes of the deprecated typing.io and + typing.re pseudo-modules. + - gh-112006: Fix inspect.unwrap() for types with the __wrapper__ + data descriptor. + - gh-101293: Support callables with the __call__() method and + types with __new__() and __init__() methods set to class + methods, static methods, bound methods, partial functions, and + other types of methods and descriptors in + inspect.Signature.from_callable(). + - gh-115392: Fix a bug in doctest where incorrect line numbers + would be reported for decorated functions. + - gh-114563: Fix several format() bugs when using the C + implementation of Decimal: * memory leak in some rare cases when + using the z format option (coerce negative 0) * incorrect output + when applying the z format option to type F (fixed-point with + capital NAN / INF) * incorrect output when applying the # format + option (alternate form) + - gh-115197: urllib.request no longer resolves the hostname before + checking it against the system’s proxy bypass list on macOS and + Windows. + - gh-115198: Fix support of Docutils >= 0.19 in distutils. + - gh-115165: Most exceptions are now ignored when attempting to + set the __orig_class__ attribute on objects returned when + calling typing generic aliases (including generic aliases + created using typing.Annotated). Previously only AttributeError + was ignored. Patch by Dave Shawley. + - gh-115133: Fix tests for XMLPullParser with Expat 2.6.0. + - gh-115059: io.BufferedRandom.read1() now flushes the underlying + write buffer. + - gh-79382: Trailing ** no longer allows to match files and + non-existing paths in recursive glob(). + - gh-114763: Protect modules loaded with importlib.util.LazyLoader + from race conditions when multiple threads try to access + attributes before the loading is complete. + - gh-97959: Fix rendering class methods, bound methods, method and + function aliases in pydoc. Class methods no longer have “method + of builtins.type instance” note. Corresponding notes are now + added for class and unbound methods. Method and function aliases + now have references to the module or the class where the origin + was defined if it differs from the current. Bound methods are + now listed in the static methods section. Methods of builtin + classes are now supported as well as methods of Python classes. + - gh-112281: Allow creating union of types for typing.Annotated + with unhashable metadata. + - gh-111775: Fix importlib.resources.simple.ResourceHandle.open() + for text mode, added missed stream argument. + - gh-90095: Make .pdbrc and -c work with any valid pdb commands. + - gh-107155: Fix incorrect output of help(x) where x is a lambda + function, which has an __annotations__ dictionary attribute with + a "return" key. + - gh-105866: Fixed _get_slots bug which caused error when defining + dataclasses with slots and a weakref_slot. + - gh-60346: Fix ArgumentParser inconsistent with parse_known_args. + - gh-100985: Update HTTPSConnection to consistently wrap IPv6 + Addresses when using a proxy. + - gh-100884: email: fix misfolding of comma in address-lists over + multiple lines in combination with unicode encoding. + - gh-95782: Fix io.BufferedReader.tell(), + io.BufferedReader.seek(), _pyio.BufferedReader.tell(), + io.BufferedRandom.tell(), io.BufferedRandom.seek() and + _pyio.BufferedRandom.tell() being able to return negative + offsets. + - gh-96310: Fix a traceback in argparse when all options in a + mutually exclusive group are suppressed. + - gh-93205: Fixed a bug in + logging.handlers.TimedRotatingFileHandler where multiple + rotating handler instances pointing to files with the same name + but different extensions would conflict and not delete the + correct files. + - bpo-44865: Add missing call to localization function in + argparse. + - bpo-43952: Fix multiprocessing.connection.Listener.accept() to + accept empty bytes as authkey. Not accepting empty bytes as key + causes it to hang indefinitely. + - bpo-42125: linecache: get module name from __spec__ if + available. This allows getting source code for the __main__ + module when a custom loader is used. + - gh-66543: Make mimetypes.guess_type() properly parsing of URLs + with only a host name, URLs containing fragment or query, and + filenames with only a UNC sharepoint on Windows. Based on patch + by Dong-hee Na. + - bpo-33775: Add ‘default’ and ‘version’ help text for + localization in argparse. + * Documentation + - gh-115399: Document CVE-2023-52425 of Expat <2.6.0 under “XML + vulnerabilities”. + - gh-115233: Fix an example for LoggerAdapter in the Logging + Cookbook. + * Tests + - gh-83434: Disable JUnit XML output (--junit-xml=FILE command + line option) in regrtest when hunting for reference leaks (-R + option). Patch by Victor Stinner. + - gh-117187: Fix XML tests for vanilla Expat <2.6.0. + - gh-115979: Update test_importlib so that it passes under WASI + SDK 21. + - gh-116307: Added import helper isolated_modules as CleanImport + does not remove modules imported during the context. + - gh-115720: Leak tests (-R, --huntrleaks) now show a summary of + the number of leaks found in each iteration. + - gh-115122: Add --bisect option to regrtest test runner: run + failed tests with test.bisect_cmd to identify failing tests. + Patch by Victor Stinner. + - gh-115596: Fix ProgramPriorityTests in test_os permanently + changing the process priority. + - gh-115198: Fix test_check_metadata_deprecate in distutils tests + with a newer Docutils. + * Build + - gh-116313: Get WASI builds to work under wasmtime 18 w/ WASI + 0.2/preview2 primitives. + - gh-115167: Avoid vendoring vcruntime140_threads.dll when + building with Visual Studio 2022 version 17.8. + * Windows + - gh-116773: Fix instances of <_overlapped.Overlapped object at + 0xXXX> still has pending operation at deallocation, the process + may crash. + - gh-91227: Fix the asyncio ProactorEventLoop implementation so + that sending a datagram to an address that is not listening does + not prevent receiving any more datagrams. + - gh-115554: The installer now has more strict rules about + updating the Python Launcher for Windows. In general, most users + only have a single launcher installed and will see no + difference. When multiple launchers have been installed, the + option to install the launcher is disabled until all but one + have been removed. Downgrading the launcher (which was never + allowed) is now more obviously blocked. + - gh-115543: Python Launcher for Windows can now detect Python + 3.13 when installed from the Microsoft Store, and will install + Python 3.12 by default when PYLAUNCHER_ALLOW_INSTALL is set. + - gh-115009: Update Windows installer to use SQLite 3.45.1. + * IDLE + - gh-88516: On macOS show a proxy icon in the title bar of editor + windows to match platform behaviour. + * Tools/Demos + - gh-113516: Don’t set LDSHARED when building for WASI. + * C API + - gh-117021: Fix integer overflow in PyLong_AsPid() on non-Windows + 64-bit platforms. + +------------------------------------------------------------------- +Sun Mar 24 07:51:45 UTC 2024 - Matej Cepl + +- Add reference to CVE-2024-0450 (bsc#1221854) to changelog. + +------------------------------------------------------------------- +Fri Mar 22 21:22:27 UTC 2024 - Matej Cepl + +- Because of bsc#1189495 we have to revert use of %autopatch. + +------------------------------------------------------------------- +Tue Mar 12 08:44:47 UTC 2024 - Matej Cepl + +- Rewrite %prep to use %autosetup et al. for compatibility with + rpm 4.20. + +------------------------------------------------------------------- +Tue Mar 12 08:13:34 UTC 2024 - Matej Cepl + +- bsc#1221260 add bsc1221260-test_asyncio-ResourceWarning.patch + to eliminate ResourceWarning which broke the test suite in + test_asyncio. + +------------------------------------------------------------------- +Wed Mar 6 14:13:58 UTC 2024 - Pedro Monreal + +- Use the system-wide crypto-policies [bsc#1211301] + * Use the system default cipher list instead of hardcoded values + * Add the --with-ssl-default-suites=openssl configure option + +------------------------------------------------------------------- +Fri Feb 23 01:06:42 UTC 2024 - Matej Cepl + +- (bsc#1219666, CVE-2023-6597) Add + CVE-2023-6597-TempDir-cleaning-symlink.patch (patch from + gh#python/cpython!99930) fixing symlink bug in cleanup of + tempfile.TemporaryDirectory. + +------------------------------------------------------------------- +Tue Feb 20 22:14:02 UTC 2024 - Matej Cepl + +- Remove double definition of /usr/bin/idle%%{version} in + %%files. + +------------------------------------------------------------------- +Thu Feb 15 10:29:07 UTC 2024 - Daniel Garcia + +- Add upstream patch libexpat260.patch, Fix tests for XMLPullParser + with Expat 2.6.0, gh#python/cpython#115289 + +------------------------------------------------------------------- +Thu Feb 8 07:27:40 UTC 2024 - Daniel Garcia + +- Update to 3.11.8: + - Security + - gh-113659: Skip .pth files with names starting with a dot or + hidden file attribute. + - Core and Builtins + - gh-114887: Changed socket type validation in + create_datagram_endpoint() to accept all non-stream sockets. + This fixes a regression in compatibility with raw sockets. + - gh-114388: Fix a RuntimeWarning emitted when assign an + integer-like value that is not an instance of int to an + attribute that corresponds to a C struct member of type T_UINT + and T_ULONG. Fix a double RuntimeWarning emitted when assign a + negative integer value to an attribute that corresponds to a C + struct member of type T_UINT. + - gh-89811: Check for a valid tp_version_tag before performing + bytecode specializations that rely on this value being usable. + - gh-113602: Fix an error that was causing the parser to try to + overwrite existing errors and crashing in the process. Patch by + Pablo Galindo + - gh-113566: Fix a 3.11-specific crash when the repr of a Future + is requested after the module has already been + garbage-collected. + - gh-106905: Use per AST-parser state rather than global state to + track recursion depth within the AST parser to prevent potential + race condition due to simultaneous parsing. + - The issue primarily showed up in 3.11 by multithreaded users of + ast.parse(). In 3.12 a change to when garbage collection can be + triggered prevented the race condition from occurring. + - gh-112716: Fix SystemError in the import statement and in + __reduce__() methods of builtin types when __builtins__ is not a + dict. + - gh-105967: Workaround a bug in Apple’s macOS platform zlib + library where zlib.crc32() and binascii.crc32() could produce + incorrect results on multi-gigabyte inputs. Including when using + zipfile on zips containing large data. + - gh-94606: Fix UnicodeEncodeError when + email.message.get_payload() reads a message with a Unicode + surrogate character and the message content is not well-formed + for surrogateescape encoding. Patch by Sidney Markowitz. + - Library + - gh-114965: Update bundled pip to 24.0 + - gh-114959: tarfile no longer ignores errors when trying to + extract a directory on top of a file. + - gh-109475: Fix support of explicit option value “–” in argparse + (e.g. --option=--). + - gh-110190: Fix ctypes structs with array on Windows ARM64 + platform by setting MAX_STRUCT_SIZE to 32 in stgdict. Patch by + Diego Russo + - gh-113280: Fix a leak of open socket in rare cases when error + occurred in ssl.SSLSocket creation. + - gh-77749: email.policy.EmailPolicy.fold() now always encodes + non-ASCII characters in headers if utf8 is false. + - gh-114492: Make the result of termios.tcgetattr() reproducible + on Alpine Linux. Previously it could leave a random garbage in + some fields. + - gh-75128: Ignore an OSError in + asyncio.BaseEventLoop.create_server() when IPv6 is available but + the interface cannot actually support it. + - gh-114257: Dismiss the FileNotFound error in + ctypes.util.find_library() and just return None on Linux. + - gh-101438: Avoid reference cycle in ElementTree.iterparse. The + iterator returned by ElementTree.iterparse may hold on to a file + descriptor. The reference cycle prevented prompt clean-up of the + file descriptor if the returned iterator was not exhausted. + - gh-104522: OSError raised when run a subprocess now only has + filename attribute set to cwd if the error was caused by a + failed attempt to change the current directory. + - gh-109534: Fix a reference leak in + asyncio.selector_events.BaseSelectorEventLoop when SSL + handshakes fail. Patch contributed by Jamie Phan. + - gh-114077: Fix possible OverflowError in + socket.socket.sendfile() when pass count larger than 2 GiB on + 32-bit platform. + - gh-114014: Fixed a bug in fractions.Fraction where an invalid + string using d in the decimals part creates a different error + compared to other invalid letters/characters. Patch by Jeremiah + Gabriel Pascual. + - gh-113951: Fix the behavior of tag_unbind() methods of + tkinter.Text and tkinter.Canvas classes with three arguments. + Previously, widget.tag_unbind(tag, sequence, funcid) destroyed + the current binding for sequence, leaving sequence unbound, and + deleted the funcid command. Now it removes only funcid from the + binding for sequence, keeping other commands, and deletes the + funcid command. It leaves sequence unbound only if funcid was + the last bound command. + - gh-113877: Fix tkinter method winfo_pathname() on 64-bit + Windows. + - gh-113781: Silence unraisable AttributeError when warnings are + emitted during Python finalization. + - gh-113594: Fix UnicodeEncodeError in email when re-fold lines + that contain unknown-8bit encoded part followed by + non-unknown-8bit encoded part. + - gh-113538: In asyncio.StreamReaderProtocol.connection_made(), + there is callback that logs an error if the task wrapping the + “connected callback” fails. This callback would itself fail if + the task was cancelled. Prevent this by checking whether the + task was cancelled first. If so, close the transport but don’t + log an error. + - gh-85567: Fix resource warnings for unclosed files in pickle and + pickletools command line interfaces. + - gh-101225: Increase the backlog for + multiprocessing.connection.Listener objects created by + multiprocessing.manager and multiprocessing.resource_sharer to + significantly reduce the risk of getting a connection refused + error when creating a multiprocessing.connection.Connection to + them. + - gh-113543: Make sure that webbrowser.MacOSXOSAScript sends + webbrowser.open audit event. + - gh-113028: When a second reference to a string appears in the + input to pickle, and the Python implementation is in use, we are + guaranteed that a single copy gets pickled and a single object + is shared when reloaded. Previously, in protocol 0, when a + string contained certain characters (e.g. newline) it resulted + in duplicate objects. + - gh-113421: Fix multiprocessing logger for %(filename)s. + - gh-113358: Fix rendering tracebacks for exceptions with a broken + __getattr__. + - gh-113214: Fix an AttributeError during asyncio SSL protocol + aborts in SSL-over-SSL scenarios. + - gh-113246: Update bundled pip to 23.3.2. + - gh-113199: Make http.client.HTTPResponse.read1 and + http.client.HTTPResponse.readline close IO after reading all + data when content length is known. Patch by Illia Volochii. + - gh-113188: Fix shutil.copymode() and shutil.copystat() on + Windows. Previously they worked differenly if dst is a symbolic + link: they modified the permission bits of dst itself rather + than the file it points to if follow_symlinks is true or src is + not a symbolic link, and did not modify the permission bits if + follow_symlinks is false and src is a symbolic link. + - gh-61648: Detect line numbers of properties in doctests. + - gh-112559: signal.signal() and signal.getsignal() no longer call + repr on callable handlers. asyncio.run() and + asyncio.Runner.run() no longer call repr on the task results. + Patch by Yilei Yang. + - gh-110190: Fix ctypes structs with array on PPC64LE platform by + setting MAX_STRUCT_SIZE to 64 in stgdict. Patch by Diego Russo. + - gh-79429: Ignore FileNotFoundError when remove a temporary + directory in the multiprocessing finalizer. + - gh-79325: Fix an infinite recursion error in + tempfile.TemporaryDirectory() cleanup on Windows. + - gh-110190: Fix ctypes structs with array on Arm platform by + setting MAX_STRUCT_SIZE to 32 in stgdict. Patch by Diego Russo. + - gh-81194: Fix a crash in socket.if_indextoname() with specific + value (UINT_MAX). Fix an integer overflow in + socket.if_indextoname() on 64-bit non-Windows platforms. + - gh-75666: Fix the behavior of tkinter widget’s unbind() method + with two arguments. Previously, widget.unbind(sequence, funcid) + destroyed the current binding for sequence, leaving sequence + unbound, and deleted the funcid command. Now it removes only + funcid from the binding for sequence, keeping other commands, + and deletes the funcid command. It leaves sequence unbound only + if funcid was the last bound command. + - gh-110345: Show the Tcl/Tk patchlevel (rather than version) in + tkinter._test(). + - gh-109858: Protect zipfile from “quoted-overlap” zipbomb. It now + raises BadZipFile when try to read an entry that overlaps with + other entry or central directory (bsc#1221854, CVE-2024-0450). + - gh-38807: Fix race condition in trace. Instead of checking if a + directory exists and creating it, directly call os.makedirs() + with the kwarg exist_ok=True. + - gh-75705: Set unixfrom envelope in mailbox.mbox and + mailbox.MMDF. + - gh-105102: Allow ctypes.Union to be nested in ctypes.Structure + when the system endianness is the opposite of the classes. + - gh-104282: Fix null pointer dereference in + lzma._decode_filter_properties() due to improper handling of BCJ + filters with properties of zero length. Patch by Radislav + Chugunov. + - gh-102512: When os.fork() is called from a foreign thread (aka + _DummyThread), the type of the thread in a child process is + changed to _MainThread. Also changed its name and daemonic + status, it can be now joined. + - gh-91133: Fix a bug in tempfile.TemporaryDirectory cleanup, + which now no longer dereferences symlinks when working around + file system permission errors. + - bpo-43153: On Windows, tempfile.TemporaryDirectory previously + masked a PermissionError with NotADirectoryError during + directory cleanup. It now correctly raises PermissionError if + errors are not ignored. Patch by Andrei Kulakov and Ken Jin. + - bpo-35332: The shutil.rmtree() function now ignores errors when + calling os.close() when ignore_errors is True, and os.close() no + longer retried after error. + - bpo-35928: io.TextIOWrapper now correctly handles the decoding + buffer after read() and write(). + - bpo-26791: shutil.move() now moves a symlink into a directory + when that directory is the target of the symlink. This provides + the same behavior as the mv shell command. The previous behavior + raised an exception. Patch by Jeffrey Kintscher. + - bpo-36959: Fix some error messages for invalid ISO format string + combinations in strptime() that referred to directives not + contained in the format string. Patch by Gordon P. Hemsley. + - bpo-18060: Fixed a class inheritance issue that can cause + segfaults when deriving two or more levels of subclasses from a + base class of Structure or Union. + - Documentation + - gh-110746: Improved markup for valid options/values for methods + ttk.treeview.column and ttk.treeview.heading, and for Layouts. + - gh-95649: Document that the asyncio module contains code taken + from v0.16.0 of the uvloop project, as well as the required MIT + licensing information. + - Tests + - gh-109980: Fix test_tarfile_vs_tar in test_shutil for macOS, + where system tar can include more information in the archive + than shutil.make_archive. + - gh-112769: The tests now correctly compare zlib version when + zlib.ZLIB_RUNTIME_VERSION contains non-integer suffixes. For + example zlib-ng defines the version as 1.3.0.zlib-ng. + - gh-105089: Fix + test.test_zipfile.test_core.TestWithDirectory.test_create_directory_with_write + test in AIX by doing a bitwise AND of 0xFFFF on mode , so that + it will be in sync with zinfo.external_attr + - bpo-40648: Test modes that file can get with chmod() on Windows. + - Build + - gh-101778: Fix build error when there’s a dangling symlink in + the directory containing ffi.h. + - gh-112305: Fixed the check-clean-src step performed on out of + tree builds to detect errant $(srcdir)/Python/frozen_modules/*.h + files and recommend appropriate source tree cleanup steps to get + a working build again. + - bpo-11102: The os.major(), os.makedev(), and os.minor() + functions are now available on HP-UX v3. + - bpo-36351: Do not set ipv6type when cross-compiling. + - IDLE + - gh-96905: In idlelib code, stop redefining built-ins ‘dict’ and + ‘object’. + - gh-72284: Improve the lists of features, editor key bindings, + and shell key bingings in the IDLE doc. + - gh-113903: Fix rare failure of test.test_idle, in + test_configdialog. + - gh-113729: Fix the “Help -> IDLE Doc” menu bug in 3.11.7 and + 3.12.1. + - gh-113269: Fix test_editor hang on macOS Catalina. + - gh-112898: Fix processing unsaved files when quitting IDLE on + macOS. + - gh-103820: Revise IDLE bindings so that events from mouse button + 4/5 on non-X11 windowing systems (i.e. Win32 and Aqua) are not + mistaken for scrolling. + - bpo-13586: Enter the selected text when opening the “Replace” + dialog. + - Tools/Demos + - gh-109991: Update GitHub CI workflows to use OpenSSL 3.0.13 and + multissltests to use 1.1.1w, 3.0.13, 3.1.5, and 3.2.1. + - gh-115015: Fix a bug in Argument Clinic that generated incorrect + code for methods with no parameters that use the METH_METHOD | + METH_FASTCALL | METH_KEYWORDS calling convention. Only the + positional parameter count was checked; any keyword argument + passed would be silently accepted. + +- Refresh all patches: + - CVE-2023-27043-email-parsing-errors.patch + - F00251-change-user-install-location.patch + - bpo-31046_ensurepip_honours_prefix.patch + - distutils-reproducible-compile.patch + - fix_configure_rst.patch + - python-3.3.0b1-fix_date_time_compiler.patch + - python-3.3.0b1-localpath.patch + - python-3.3.0b1-test-posix_fadvise.patch + - skip_if_buildbot-extend.patch + - subprocess-raise-timeout.patch + - support-expat-CVE-2022-25236-patched.patch + +------------------------------------------------------------------- +Tue Dec 19 16:34:50 UTC 2023 - Daniel Garcia + +- Update patch fix_configure_rst.patch +- Update to 3.11.7: + - Core and Builtins + - gh-112625: Fixes a bug where a bytearray object could be cleared + while iterating over an argument in the bytearray.join() method + that could result in reading memory after it was freed. + - gh-112388: Fix an error that was causing the parser to try to + overwrite tokenizer errors. Patch by pablo Galindo + - gh-112387: Fix error positions for decoded strings with + backwards tokenize errors. Patch by Pablo Galindo + - gh-112266: Change docstrings of __dict__ and __weakref__. + - gh-109181: Speed up Traceback object creation by lazily compute + the line number. Patch by Pablo Galindo + - gh-102388: Fix a bug where iso2022_jp_3 and iso2022_jp_2004 + codecs read out of bounds + - gh-111366: Fix an issue in the codeop that was causing + SyntaxError exceptions raised in the presence of invalid syntax + to not contain precise error messages. Patch by Pablo Galindo + - gh-111380: Fix a bug that was causing SyntaxWarning to appear + twice when parsing if invalid syntax is encountered later. Patch + by Pablo galindo + - gh-88116: Traceback location ranges involving wide unicode + characters (like emoji and asian characters) now are properly + highlighted. Patch by Batuhan Taskaya and Pablo Galindo. + - gh-94438: Fix a regression that prevented jumping across is None + and is not None when debugging. Patch by Savannah Ostrowski. + - gh-110696: Fix incorrect error message for invalid argument + unpacking. Patch by Pablo Galindo + - gh-110237: Fix missing error checks for calls to PyList_Append + in _PyEval_MatchClass. + - gh-109216: Fix possible memory leak in BUILD_MAP. + + - Library + - gh-112618: Fix a caching bug relating to typing.Annotated. + Annotated[str, True] is no longer identical to Annotated[str, + 1]. + - gh-112509: Fix edge cases that could cause a key to be present + in both the __required_keys__ and __optional_keys__ attributes + of a typing.TypedDict. Patch by Jelle Zijlstra. + - gh-94722: Fix bug where comparison between instances of DocTest + fails if one of them has None as its lineno. + - gh-112105: Make readline.set_completer_delims() work with + libedit + - gh-111942: Fix SystemError in the TextIOWrapper constructor with + non-encodable “errors” argument in non-debug mode. + - gh-109538: Issue warning message instead of having RuntimeError + be displayed when event loop has already been closed at + StreamWriter.__del__(). + - gh-111942: Fix crashes in io.TextIOWrapper.reconfigure() when + pass invalid arguments, e.g. non-string encoding. + - gh-111804: Remove posix.fallocate() under WASI as the underlying + posix_fallocate() is not available in WASI preview2. + - gh-111841: Fix truncating arguments on an embedded null + character in os.putenv() and os.unsetenv() on Windows. + - gh-111541: Fix doctest for SyntaxError not-builtin subclasses. + - gh-110894: Call loop exception handler for exceptions in + client_connected_cb of asyncio.start_server() so that + applications can handle it. Patch by Kumar Aditya. + - gh-111531: Fix reference leaks in bind_class() and bind_all() + methods of tkinter widgets. + - gh-111356: Added io.text_encoding(), io.DEFAULT_BUFFER_SIZE, and + io.IncrementalNewlineDecoder to io.__all__. + - gh-68166: Remove mention of not supported “vsapi” element type + in tkinter.ttk.Style.element_create(). Add tests for + element_create() and other ttk.Style methods. Add examples for + element_create() in the documentation. + - gh-111251: Fix _blake2 not checking for errors when + initializing. + - gh-111174: Fix crash in io.BytesIO.getbuffer() called repeatedly + for empty BytesIO. + - gh-111187: Postpone removal version for + locale.getdefaultlocale() to Python 3.15. + - gh-111159: Fix doctest output comparison for exceptions with + notes. + - gh-110910: Fix invalid state handling in asyncio.TaskGroup and + asyncio.Timeout. They now raise proper RuntimeError if they are + improperly used and are left in consistent state after this. + - gh-111092: Make turtledemo run without default root enabled. + - gh-110590: Fix a bug in _sre.compile() where TypeError would be + overwritten by OverflowError when the code argument was a list + of non-ints. + - gh-65052: Prevent pdb from crashing when trying to display + undisplayable objects + - gh-110519: Deprecation warning about non-integer number in + gettext now alwais refers to the line in the user code where + gettext function or method is used. Previously it could refer to + a line in gettext code. + - gh-110378: contextmanager() and asynccontextmanager() context + managers now close an invalid underlying generator object that + yields more then one value. + - gh-110365: Fix termios.tcsetattr() bug that was overwritting + existing errors during parsing integers from term list. + - gh-110196: Add __reduce__ method to IPv6Address in order to keep + scope_id + - gh-109747: Improve errors for unsupported look-behind patterns. + Now re.error is raised instead of OverflowError or RuntimeError + for too large width of look-behind pattern. + - gh-109786: Fix possible reference leaks and crash when re-enter + the __next__() method of itertools.pairwise. + - gh-108791: Improved error handling in pdb command line + interface, making it produce more concise error messages. + - gh-73561: Omit the interface scope from an IPv6 address when + used as Host header by http.client. + - gh-86826: zipinfo now supports the full range of values in the + TZ string determined by RFC 8536 and detects all invalid + formats. Both Python and C implementations now raise exceptions + of the same type on invalid data. + - bpo-41422: Fixed memory leaks of pickle.Pickler and + pickle.Unpickler involving cyclic references via the internal + memo mapping. + - bpo-40262: The ssl.SSLSocket.recv_into() method no longer + requires the buffer argument to implement __len__ and supports + buffers with arbitrary item size. + - bpo-35191: Fix unexpected integer truncation in + socket.setblocking() which caused it to interpret multiples of + 2**32 as False. + + - Documentation + - gh-108826: dis module command-line interface is now mentioned in + documentation. + + - Tests + - gh-110367: Make regrtest --verbose3 option compatible with + --huntrleaks -jN options. The ./python -m test -j1 -R 3:3 + --verbose3 command now works as expected. Patch by Victor + Stinner. + - gh-111309: distutils tests can now be run via unittest. + - gh-111165: Remove no longer used functions run_unittest() and + run_doctest() and class BasicTestRunner from the test.support + module. + - gh-110932: Fix regrtest if the SOURCE_DATE_EPOCH environment + variable is defined: use the variable value as the random seed. + Patch by Victor Stinner. + - gh-110995: test_gdb: Fix detection of gdb built without Python + scripting support. Patch by Victor Stinner. + - gh-110918: Test case matching patterns specified by options + --match, --ignore, --matchfile and --ignorefile are now tested + in the order of specification, and the last match determines + whether the test case be run or ignored. + - gh-110647: Fix test_stress_modifying_handlers() of test_signal. + Patch by Victor Stinner. + - gh-103053: Fix test_tools.test_freeze on FreeBSD: run “make + distclean” instead of “make clean” in the copied source + directory to remove also the “python” program. Patch by Victor + Stinner. + - gh-110167: Fix a deadlock in test_socket when server fails with + a timeout but the client is still running in its thread. Don’t + hold a lock to call cleanup functions in doCleanups(). One of + the cleanup function waits until the client completes, whereas + the client could deadlock if it called addCleanup() in such + situation. Patch by Victor Stinner. + - gh-110388: Add tests for tty. + - gh-81002: Add tests for termios. + - gh-110267: Add tests for pickling and copying PyStructSequence + objects. Patched by Xuehai Pan. + - gh-109974: Fix race conditions in test_threading lock tests. + Wait until a condition is met rather than using time.sleep() + with a hardcoded number of seconds. Patch by Victor Stinner. + - gh-109972: Split test_gdb.py file into a test_gdb package made + of multiple tests, so tests can now be run in parallel. Patch by + Victor Stinner. + - gh-104736: Fix test_gdb on Python built with LLVM clang 16 on + Linux ppc64le (ex: Fedora 38). Search patterns in gdb “bt” + command output to detect when gdb fails to retrieve the + traceback. For example, skip a test if Backtrace stopped: frame + did not save the PC is found. Patch by Victor Stinner. + - gh-108927: Fixed order dependence in running tests in the same + process when a test that has submodules (e.g. test_importlib) + follows a test that imports its submodule (e.g. + test_importlib.util) and precedes a test (e.g. test_unittest or + test_compileall) that uses that submodule. + + - Build + - gh-103053: “make check-clean-src” now also checks if the + “python” program is found in the source directory: fail with an + error if it does exist. Patch by Victor Stinner. + - gh-109191: Fix compile error when building with recent versions + of libedit. + + - IDLE + - bpo-35668: Add docstrings to the IDLE debugger module. Fix two + bugs: initialize Idb.botframe (should be in Bdb); in + Idb.in_rpc_code, check whether prev_frame is None before trying + to use it. Greatly expand test_debugger. + + - C API + - gh-112438: Fix support of format units “es”, “et”, “es#”, and + “et#” in nested tuples in PyArg_ParseTuple()-like functions. + - gh-109521: PyImport_GetImporter() now sets RuntimeError if it + fails to get sys.path_hooks or sys.path_importer_cache or they + are not list and dict correspondingly. Previously it could + return NULL without setting error in obscure cases, crash or + raise SystemError if these attributes have wrong type. +------------------------------------------------------------------- +Mon Dec 18 16:20:58 UTC 2023 - Matej Cepl + +- Refresh CVE-2023-27043-email-parsing-errors.patch to + gh#python/cpython!111116, fixing bsc#1210638 (CVE-2023-27043). +- Thus we can remove Revert-gh105127-left-tests.patch, which is + now useless. + +------------------------------------------------------------------- +Wed Nov 15 09:06:16 UTC 2023 - Daniel Garcia + +- Remove not needed patch 103213-fetch-CONFIG_ARGS.patch +- Refresh patches: + - bpo-31046_ensurepip_honours_prefix.patch + - fix_configure_rst.patch + +- Update to 3.11.6: + - Core and Builtins + - gh-109351: Fix crash when compiling an invalid AST involving a + named (walrus) expression. + - gh-109207: Fix a SystemError in __repr__ of symtable entry + object. + - gh-109179: Fix bug where the C traceback display drops notes + from SyntaxError. + - gh-88943: Improve syntax error for non-ASCII character that + follows a numerical literal. It now points on the invalid + non-ASCII character, not on the valid numerical literal. + - gh-108959: Fix caret placement for error locations for subscript + and binary operations that involve non-semantic parentheses and + spaces. Patch by Pablo Galindo + - gh-108520: Fix + multiprocessing.synchronize.SemLock.__setstate__() to properly + initialize multiprocessing.synchronize.SemLock._is_fork_ctx. + This fixes a regression when passing a SemLock accross nested + processes. + - Rename multiprocessing.synchronize.SemLock.is_fork_ctx to + multiprocessing.synchronize.SemLock._is_fork_ctx to avoid + exposing it as public API. + - Library + - gh-110036: On Windows, multiprocessing Popen.terminate() now + catchs PermissionError and get the process exit code. If the + process is still running, raise again the PermissionError. + Otherwise, the process terminated as expected: store its exit + code. Patch by Victor Stinner. + - gh-110038: Fixed an issue that caused KqueueSelector.select() to + not return all the ready events in some cases when a file + descriptor is registered for both read and write. + - gh-109631: re functions such as re.findall(), re.split(), + re.search() and re.sub() which perform short repeated matches + can now be interrupted by user. + - gh-109593: Avoid deadlocking on a reentrant call to the + multiprocessing resource tracker. Such a reentrant call, though + unlikely, can happen if a GC pass invokes the finalizer for a + multiprocessing object such as SemLock. + - gh-109613: Fix os.stat() and os.DirEntry.stat(): check for + exceptions. Previously, on Python built in debug mode, these + functions could trigger a fatal Python error (and abort the + process) when a function succeeded with an exception set. Patch + by Victor Stinner. + - gh-109375: The pdb alias command now prevents registering + aliases without arguments. + - gh-107219: Fix a race condition in concurrent.futures. When a + process in the process pool was terminated abruptly (while the + future was running or pending), close the connection write end. + If the call queue is blocked on sending bytes to a worker + process, closing the connection write end interrupts the send, + so the queue can be closed. Patch by Victor Stinner. + - gh-50644: Attempts to pickle or create a shallow or deep copy of + codecs streams now raise a TypeError. Previously, copying failed + with a RecursionError, while pickling produced wrong results + that eventually caused unpickling to fail with a RecursionError. + - gh-108987: Fix _thread.start_new_thread() race condition. If a + thread is created during Python finalization, the newly spawned + thread now exits immediately instead of trying to access freed + memory and lead to a crash. Patch by Victor Stinner. + - gh-108843: Fix an issue in ast.unparse() when unparsing + f-strings containing many quote types. + - gh-108682: Enum: raise TypeError if super().__new__() is called + from a custom __new__. + - gh-105829: Fix concurrent.futures.ProcessPoolExecutor deadlock + - gh-64662: Fix support for virtual tables in + sqlite3.Connection.iterdump(). Patch by Aviv Palivoda. + - gh-107913: Fix possible losses of errno and winerror values in + OSError exceptions if they were cleared or modified by the + cleanup code before creating the exception object. + - gh-104372: On Linux where subprocess can use the vfork() syscall + for faster spawning, prevent the parent process from blocking + other threads by dropping the GIL while it waits for the + vfork’ed child process exec() outcome. This prevents spawning a + binary from a slow filesystem from blocking the rest of the + application. + - gh-84867: unittest.TestLoader no longer loads test cases from + exact unittest.TestCase and unittest.FunctionTestCase classes. + - Documentation + - gh-109209: The minimum Sphinx version required for the + documentation is now 4.2. + - gh-105052: Update timeit doc to specify that time in seconds is + just the default. + - gh-102823: Document the return type of x // y when x and y have + type float. + - Tests + - gh-110031: Skip test_threading tests using thread+fork if Python + is built with Address Sanitizer (ASAN). Patch by Victor Stinner. + - gh-110088: Fix test_asyncio timeouts: don’t measure the maximum + duration, a test should not measure a CI performance. Only + measure the minimum duration when a task has a timeout or delay. + Add CLOCK_RES to test_asyncio.utils. Patch by Victor Stinner. + - gh-110033: Fix test_interprocess_signal() of test_signal. Make + sure that the subprocess.Popen object is deleted before the test + raising an exception in a signal handler. Otherwise, + Popen.__del__() can get the exception which is logged as + Exception ignored in: ... and the test fails. Patch by Victor + Stinner. + - gh-109594: Fix test_timeout() of + test_concurrent_futures.test_wait. Remove the future which may + or may not complete depending if it takes longer than the + timeout ot not. Keep the second future which does not complete + before wait() timeout. Patch by Victor Stinner. + - gh-109748: Fix test_zippath_from_non_installed_posix() of + test_venv: don’t copy __pycache__/ sub-directories, because they + can be modified by other Python tests running in parallel. Patch + by Victor Stinner. + - gh-103053: Skip test_freeze_simple_script() of + test_tools.test_freeze if Python is built with ./configure + --enable-optimizations, which means with Profile Guided + Optimization (PGO): it just makes the test too slow. The freeze + tool is tested by many other CIs with other (faster) compiler + flags. Patch by Victor Stinner. + - gh-109396: Fix test_socket.test_hmac_sha1() in FIPS mode. Use a + longer key: FIPS mode requires at least of at least 112 bits. + The previous key was only 32 bits. Patch by Victor Stinner. + - gh-104736: Fix test_gdb on Python built with LLVM clang 16 on + Linux ppc64le (ex: Fedora 38). Search patterns in gdb “bt” + command output to detect when gdb fails to retrieve the + traceback. For example, skip a test if Backtrace stopped: frame + did not save the PC is found. Patch by Victor Stinner. + - gh-109237: Fix test_site.test_underpth_basic() when the working + directory contains at least one non-ASCII character: encode the + ._pth file to UTF-8 and enable the UTF-8 Mode to use UTF-8 for + the child process stdout. Patch by Victor Stinner. + - gh-109230: Fix test_pyexpat.test_exception(): it can now be run + from a directory different than Python source code directory. + Before, the test failed in this case. Skip the test if + Modules/pyexpat.c source is not available. Skip also the test on + Python implementations other than CPython. Patch by Victor + Stinner. + - gh-109015: Fix test_asyncio, test_imaplib and test_socket tests + on FreeBSD if the TCP blackhole is enabled (sysctl + net.inet.tcp.blackhole). Skip the few tests which failed with + ETIMEDOUT which such non standard configuration. Currently, the + FreeBSD GCP image enables TCP and UDP blackhole (sysctl + net.inet.tcp.blackhole=2 and sysctl net.inet.udp.blackhole=1). + Patch by Victor Stinner. + - gh-91960: Skip test_gdb if gdb is unable to retrieve Python + frame objects: if a frame is . When Python is + built with “clang -Og”, gdb can fail to retrive the frame + parameter of _PyEval_EvalFrameDefault(). In this case, tests + like py_bt() are likely to fail. Without getting access to + Python frames, python-gdb.py is mostly clueless on retrieving + the Python traceback. Moreover, test_gdb is no longer skipped on + macOS if Python is built with Clang. Patch by Victor Stinner. + - gh-108962: Skip test_tempfile.test_flags() if chflags() fails + with “OSError: [Errno 45] Operation not supported” (ex: on + FreeBSD 13). Patch by Victor Stinner. + - gh-89392: Removed support of test_main() function in tests. They + now always use normal unittest test runner. + - gh-108851: Fix test_tomllib recursion tests for WASI buildbots: + reduce the recursion limit and compute the maximum nested + array/dict depending on the current available recursion limit. + Patch by Victor Stinner. + - gh-108851: Add get_recursion_available() and + get_recursion_depth() functions to the test.support module. + Patch by Victor Stinner. + - gh-108822: regrtest now computes statistics on all tests: + successes, failures and skipped. test_netrc, test_pep646_syntax + and test_xml_etree now return results in their test_main() + function. Patch by Victor Stinner and Alex Waygood. + - gh-108388: Convert test_concurrent_futures to a package of 7 + sub-tests. Patch by Victor Stinner. + - gh-108388: Split test_multiprocessing_fork, + test_multiprocessing_forkserver and test_multiprocessing_spawn + into test packages. Each package is made of 4 sub-tests: + processes, threads, manager and misc. It allows running more + tests in parallel and so reduce the total test duration. Patch + by Victor Stinner. + - gh-101634: When running the Python test suite with -jN option, + if a worker stdout cannot be decoded from the locale encoding + report a failed testn so the exitcode is non-zero. Patch by + Victor Stinner. + - gh-100086: The Python test runner (libregrtest) now logs Python + build information like “debug” vs “release” build, or LTO and + PGO optimizations. Patch by Victor Stinner. + - gh-98903: The Python test suite now fails wit exit code 4 if no + tests ran. It should help detecting typos in test names and test + methods. + - gh-95027: On Windows, when the Python test suite is run with the + -jN option, the ANSI code page is now used as the encoding for + the stdout temporary file, rather than using UTF-8 which can + lead to decoding errors. Patch by Victor Stinner. + - gh-93353: regrtest now checks if a test leaks temporary files or + directories if run with -jN option. Patch by Victor Stinner. + - Build + - gh-63760: Fix Solaris build: no longer redefine the + gethostname() function. Solaris defines the function since 2005. + Patch by Victor Stinner, original patch by Jakub Kulík. + - gh-108740: Fix a race condition in make regen-all. The + deepfreeze.c source and files generated by Argument Clinic are + now generated or updated before generating “global objects”. + Previously, some identifiers may miss depending on the order in + which these files were generated. Patch by Victor Stinner. + - Windows + - gh-109991: Update Windows build to use OpenSSL 3.0.11. + - gh-107565: Update Windows build to use OpenSSL 3.0.10. + - macOS + - gh-109991: Update macOS installer to use OpenSSL 3.0.11. + - Tools/Demos + - gh-109991: Update GitHub CI workflows to use OpenSSL 3.0.11 and + multissltests to use 1.1.1w, 3.0.11, and 3.1.3. + +------------------------------------------------------------------- +Wed Sep 6 07:52:11 UTC 2023 - Daniel Garcia + +- Update to 3.11.5 (bsc#1214692): + - Security + - gh-108310: Fixed an issue where instances of ssl.SSLSocket were + vulnerable to a bypass of the TLS handshake and included + protections (like certificate verification) and treating sent + unencrypted data as if it were post-handshake TLS encrypted data. + Security issue reported as CVE-2023-40217 by Aapo Oksman. Patch by + Gregory P. Smith. + - Core and Builtins + - gh-104432: Fix potential unaligned memory access on C APIs + involving returned sequences of char * pointers within the grp + and socket modules. These were revealed using a + -fsaniziter=alignment build on ARM macOS. Patch by Christopher + Chavez. + - gh-77377: Ensure that multiprocessing synchronization objects + created in a fork context are not sent to a different process + created in a spawn context. This changes a segfault into an + actionable RuntimeError in the parent process. + - gh-106092: Fix a segmentation fault caused by a use-after-free + bug in frame_dealloc when the trashcan delays the deallocation + of a PyFrameObject. + - gh-106719: No longer suppress arbitrary errors in the + __annotations__ getter and setter in the type and module types. + - gh-106723: Propagate frozen_modules to multiprocessing spawned + process interpreters. + - gh-105979: Fix crash in _imp.get_frozen_object() due to improper + exception handling. + - gh-105840: Fix possible crashes when specializing function calls + with too many __defaults__. + - gh-105588: Fix an issue that could result in crashes when + compiling malformed ast nodes. + - gh-105375: Fix bugs in the builtins module where exceptions + could end up being overwritten. + - gh-105375: Fix bug in the compiler where an exception could end + up being overwritten. + - gh-105375: Improve error handling in + PyUnicode_BuildEncodingMap() where an exception could end up + being overwritten. + - gh-105235: Prevent out-of-bounds memory access during + mmap.find() calls. + - gh-101006: Improve error handling when read marshal data. + - Library + - gh-105736: Harmonized the pure Python version of OrderedDict + with the C version. Now, both versions set up their internal + state in __new__. Formerly, the pure Python version did the set + up in __init__. + - gh-107963: Fix multiprocessing.set_forkserver_preload() to check + the given list of modules names. Patch by Dong-hee Na. + - gh-106242: Fixes os.path.normpath() to handle embedded null + characters without truncating the path (bsc#1214693, + CVE-2023-41105). + - gh-107845: tarfile.data_filter() now takes the location of + symlinks into account when determining their target, so it will + no longer reject some valid tarballs with + LinkOutsideDestinationError. + - gh-107715: Fix doctest.DocTestFinder.find() in presence of class + names with special characters. Patch by Gertjan van Zwieten. + - gh-100814: Passing a callable object as an option value to a + Tkinter image now raises the expected TclError instead of an + AttributeError. + - gh-106684: Close asyncio.StreamWriter when it is not closed by + application leading to memory leaks. Patch by Kumar Aditya. + - gh-107077: Seems that in some conditions, OpenSSL will return + SSL_ERROR_SYSCALL instead of SSL_ERROR_SSL when a certification + verification has failed, but the error parameters will still + contain ERR_LIB_SSL and SSL_R_CERTIFICATE_VERIFY_FAILED. We are + now detecting this situation and raising the appropiate + ssl.SSLCertVerificationError. Patch by Pablo Galindo + - gh-107396: tarfiles; Fixed use before assignment of + self.exception for gzip decompression + - gh-62519: Make gettext.pgettext() search plural definitions when + translation is not found. + - gh-83006: Document behavior of shutil.disk_usage() for + non-mounted filesystems on Unix. + - gh-106186: Do not report MultipartInvariantViolationDefect + defect when the email.parser.Parser class is used to parse + emails with headersonly=True. + - gh-106831: Fix potential missing NULL check of d2i_SSL_SESSION + result in _ssl.c. + - gh-106774: Update the bundled copy of pip to version 23.2.1. + - gh-106752: Fixed several bug in zipfile.Path in + name/suffix/suffixes/stem operations when no filename is present + and the Path is not at the root of the zipfile. + - gh-106602: Add __copy__ and __deepcopy__ in enum + - gh-106530: Revert a change to colorsys.rgb_to_hls() that caused + division by zero for certain almost-white inputs. Patch by Terry + Jan Reedy. + - gh-106052: re module: fix the matching of possessive quantifiers + in the case of a subpattern containing backtracking. + - gh-106510: Improve debug output for atomic groups in regular + expressions. + - gh-105497: Fix flag mask inversion when unnamed flags exist. + - gh-90876: Prevent multiprocessing.spawn from failing to import + in environments where sys.executable is None. This regressed in + 3.11 with the addition of support for path-like objects in + multiprocessing. + - gh-106350: Detect possible memory allocation failure in the + libtommath function mp_init() used by the _tkinter module. + - gh-102541: Make pydoc.doc catch bad module ImportError when + output stream is not None. + - gh-106263: Fix crash when calling repr with a manually + constructed SignalDict object. Patch by Charlie Zhao. + - gh-105375: Fix a bug in _Unpickler_SetInputStream() where an + exception could end up being overwritten in case of failure. + - gh-105375: Fix bugs in sys where exceptions could end up being + overwritten because of deferred error handling. + - gh-105605: Harden pyexpat error handling during module + initialisation to prevent exceptions from possibly being + overwritten, and objects from being dereferenced twice. + - gh-105375: Fix bug in decimal where an exception could end up + being overwritten. + - gh-105375: Fix bugs in _datetime where exceptions could be + overwritten in case of module initialisation failure. + - gh-105375: Fix bugs in _ssl initialisation which could lead to + leaked references and overwritten exceptions. + - gh-105375: Fix a bug in array.array where an exception could end + up being overwritten. + - gh-105375: Fix bugs in _ctypes where exceptions could end up + being overwritten. + - gh-105375: Fix a bug in the posix module where an exception + could be overwritten. + - gh-105375: Fix bugs in _elementtree where exceptions could be + overwritten. + - gh-105375: Fix bugs in zoneinfo where exceptions could be + overwritten. + - gh-105375: Fix bugs in pickle where exceptions could be + overwritten. + - gh-105497: Fix flag inversion when alias/mask members exist. + - gh-105375: Fix bugs in pickle where exceptions could be + overwritten. + - gh-103171: Revert undocumented behaviour change with + runtime-checkable protocols decorated with typing.final() in + Python 3.11. The behaviour change had meant that objects would + not be considered instances of these protocols at runtime unless + they had a __final__ attribute. Patch by Alex Waygood. + - gh-105375: Fix a bug in sqlite3 where an exception could be + overwritten in the collation callback. + - gh-105332: Revert pickling method from by-name back to by-value. + - gh-104554: Add RTSPS scheme support in urllib.parse + - gh-100061: Fix a bug that causes wrong matches for regular + expressions with possessive qualifier. + - gh-102541: Hide traceback in help() prompt, when import failed. + - gh-99203: Restore following CPython <= 3.10.5 behavior of + shutil.make_archive(): do not create an empty archive if + root_dir is not a directory, and, in that case, raise + FileNotFoundError or NotADirectoryError regardless of format + choice. Beyond the brought-back behavior, the function may now + also raise these exceptions in dry_run mode. + - gh-94777: Fix hanging multiprocessing ProcessPoolExecutor when a + child process crashes while data is being written in the call + queue. + - bpo-18319: Ensure gettext(msg) retrieve translations even if a + plural form exists. In other words: gettext(msg) == + ngettext(msg, '', 1). + - Documentation + - gh-107008: Document the curses module variables LINES and COLS. + - gh-106948: Add a number of standard external names to + nitpick_ignore. + - gh-54738: Add documentation on how to localize the argparse + module. + - Tests + - gh-105776: Fix test_cppext when the C compiler command -std=c11 + option: remove -std= options from the compiler command. Patch by + Victor Stinner. + - gh-107237: test_logging: Fix test_udp_reconnection() by + increasing the timeout from 100 ms to 5 minutes (LONG_TIMEOUT). + Patch by Victor Stinner. + - gh-101634: When running the Python test suite with -jN option, + if a worker stdout cannot be decoded from the locale encoding + report a failed testn so the exitcode is non-zero. Patch by + Victor Stinner. + - Build + - gh-107814: When calling find_python.bat with -q it did not + properly silence the output of nuget. That is now fixed. + - gh-106881: Check for linux/limits.h before including it in + Modules/posixmodule.c. + - gh-104692: Include commoninstall as a prerequisite for + bininstall + - This ensures that commoninstall is completed before bininstall + is started when parallel builds are used (make -j install), and + so the python3 symlink is only installed after all standard + library modules are installed. + - gh-100340: Allows -Wno-int-conversion for wasm-sdk 17 and + onwards, thus enables building WASI builds once against the + latest sdk. + - Windows + - gh-106242: Fixes realpath() to behave consistently when passed a + path containing an embedded null character on Windows. In strict + mode, it now raises OSError instead of the unexpected + ValueError, and in non-strict mode will make the path absolute. + - gh-106844: Fix integer overflow in _winapi.LCMapStringEx() which + affects ntpath.normcase(). + - gh-99079: Update Windows build to use OpenSSL 3.0.9 + - gh-105436: Ensure that an empty environment block is terminated + by two null characters, as is required by Windows. + - macOS + - gh-107565: Update macOS installer to use OpenSSL 3.0.10. + - gh-99079: Update macOS installer to use OpenSSL 3.0.9. + - Tools/Demos + - gh-107565: Update multissltests and GitHub CI workflows to use + OpenSSL 1.1.1v, 3.0.10, and 3.1.2. + - gh-95065: Argument Clinic now supports overriding automatically + generated signature by using directive @text_signature. See How + to override the generated signature. + - gh-106970: Fix bugs in the Argument Clinic destination + clear command; the destination buffers would never be cleared, + and the destination directive parser would simply continue to + the fault handler after processing the command. Patch by Erlend + E. Aasland. + - C API + - gh-107916: C API functions PyErr_SetFromErrnoWithFilename(), + PyErr_SetExcFromWindowsErrWithFilename() and + PyErr_SetFromWindowsErrWithFilename() save now the error code + before calling PyUnicode_DecodeFSDefault(). + - gh-107915: Such C API functions as PyErr_SetString(), + PyErr_Format(), PyErr_SetFromErrnoWithFilename() and many others + no longer crash or ignore errors if it failed to format the + error message or decode the filename. Instead, they keep a + corresponding error. + - gh-107226: PyModule_AddObjectRef() is now only available in the + limited API version 3.10 or later. + - gh-105375: Fix a bug in PyErr_WarnExplicit() where an exception + could end up being overwritten if the API failed internally. + - gh-99612: Fix PyUnicode_DecodeUTF8Stateful() for ASCII-only + data: *consumed was not set. + +------------------------------------------------------------------- +Thu Aug 10 09:33:26 UTC 2023 - Dirk Müller + +- restrict PEP668 to ALP/Tumbleweed + +------------------------------------------------------------------- +Fri Aug 4 06:37:41 UTC 2023 - Dirk Müller + +- add externally_managed.in to label this build as PEP-668 managed + +------------------------------------------------------------------- +Thu Aug 3 14:53:38 UTC 2023 - Matej Cepl + +- IT MEANS THAT bsc#1210638 STILL HAS NOT BEEN FIXED! +- Add Revert-gh105127-left-tests.patch (gh#python/cpython!106941) + partially reverting CVE-2023-27043-email-parsing-errors.patch, + because of the regression in gh#python/cpython#106669. +- (bsc#1210638, CVE-2023-27043) Add + CVE-2023-27043-email-parsing-errors.patch, which detects email + address parsing errors and returns empty tuple to indicate the + parsing error (old API). (The patch is faulty, + gh#python/cpython#106669, but upstream decided not to just + revert it). + +------------------------------------------------------------------- +Wed Jun 28 19:47:28 UTC 2023 - Matej Cepl + +- Update to Python 3.11.4: + - gh-103142: The version of OpenSSL used in Windows and + Mac installers has been upgraded to 1.1.1u to address + CVE-2023-2650, CVE-2023-0465, CVE-2023-0466, CVE-2023-0464, + as well as CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303 + fixed previously in 1.1.1t (gh-101727). + - gh-102153: urllib.parse.urlsplit() now strips leading C0 + control and space characters following the specification for + URLs defined by WHATWG in response to CVE-2023-24329 + (bsc#1208471). + - gh-99889: Fixed a security in flaw in uu.decode() that could + allow for directory traversal based on the input if no + out_file was specified. + - gh-104049: Do not expose the local on-disk + location in directory indexes produced by + http.client.SimpleHTTPRequestHandler. + - gh-103935: trace.__main__ now uses io.open_code() for files + to be executed instead of raw open(). + - gh-102953: The extraction methods in tarfile, and + shutil.unpack_archive(), have a new filter argument that + allows limiting tar features than may be surprising or + dangerous, such as creating files outside the destination + directory. See Extraction filters for details (fixing + CVE-2007-4559, bsc#1203750). +- Remove upstreamed patches: + - CVE-2007-4559-filter-tarfile_extractall.patch + +------------------------------------------------------------------- +Mon Jun 26 13:02:05 UTC 2023 - Matej Cepl + +- Remove obsolete_python_versioned macro again. This mechanism + has no business to be in Python 3.11, because we have abolished + with it whole interpreter+setuptools+pip product. Python 3.11 + should not be replaced by later versions anymore. + +------------------------------------------------------------------- +Sun Apr 30 18:13:16 UTC 2023 - Matej Cepl + +- Add 103213-fetch-CONFIG_ARGS.patch (gh#python/cpython#103053). +- Add skip_if_buildbot-extend.patch to avoid the bug altogether + (extending what skip_if_buildbot covers). +- Add CVE-2007-4559-filter-tarfile_extractall.patch to fix + bsc#1203750 (CVE-2007-4559) and implementing "PEP 706 – Filter + for tarfile.extractall". + +------------------------------------------------------------------- +Thu Apr 27 21:57:15 UTC 2023 - Matej Cepl + +- Update to 3.11.3: + - Security + - gh-101727: Updated the OpenSSL version used in Windows + and macOS binary release builds to 1.1.1t to address + CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303 per the + OpenSSL 2023-02-07 security advisory. + - Core and Builtins + - gh-101975: Fixed stacktop value on tracing entries to avoid + corruption on garbage collection. + - gh-102701: Fix overflow when creating very large dict. + - gh-102416: Do not memoize incorrectly automatically + generated loop rules in the parser. Patch by Pablo Galindo. + - gh-102356: Fix a bug that caused a crash when deallocating + deeply nested filter objects. Patch by Marta Gómez Macías. + - gh-102397: Fix segfault from race condition in signal + handling during garbage collection. Patch by Kumar Aditya. + - gh-102281: Fix potential nullptr dereference and use of + uninitialized memory in fileutils. Patch by Max Bachmann. + - gh-102126: Fix deadlock at shutdown when clearing thread + states if any finalizer tries to acquire the runtime head + lock. Patch by Kumar Aditya. + - gh-102027: Fix SSE2 and SSE3 detection in _blake2 internal + module. Patch by Max Bachmann. + - gh-101967: Fix possible segfault in + positional_only_passed_as_keyword function, when new list + created. + - gh-101765: Fix SystemError / segmentation fault in iter + __reduce__ when internal access of builtins.__dict__ keys + mutates the iter object. + - gh-101696: Invalidate type version tag in + _PyStaticType_Dealloc for static types, avoiding bug where + a false cache hit could crash the interpreter. Patch by + Kumar Aditya. + - Library + - gh-102549: Don’t ignore exceptions in member type creation. + - gh-102947: Improve traceback when dataclasses.fields() is + called on a non-dataclass. Patch by Alex Waygood + - gh-102780: The asyncio.Timeout context manager now + works reliably even when performing cleanup due to task + cancellation. Previously it could raise a CancelledError + instead of an TimeoutError in such cases. + - gh-88965: typing: Fix a bug relating to substitution in . + Pacustom classes generic over a ParamSpec. Previously, if . + Pathe ParamSpec was substituted with a parameters list that . + Paitself contained a TypeVar, the TypeVar in the parameters . + Palist could not be subsequently substituted. This is now . + Pafixed tch by Nikita Sobolev . + - gh-101979: Fix a bug where parentheses in the metavar + argument to argparse.ArgumentParser.add_argument() were + dropped. Patch by Yeojin Kim. + - gh-102179: Fix os.dup2() error message for negative fds. + - gh-101961: For the binary mode, fileinput.hookcompressed() + doesn’t set the encoding value even if the value is + None. Patch by Gihwan Kim. + - gh-101936: The default value of fp becomes io.BytesIO + if HTTPError is initialized without a designated fp + parameter. Patch by Long Vo. + - gh-102069: Fix __weakref__ descriptor generation for custom + dataclasses. + - gh-101566: In zipfile, apply fix for extractall on the + underlying zipfile after being wrapped in Path. + - gh-101892: Callable iterators no longer raise SystemError + when the callable object exhausts the iterator but forgets + to either return a sentinel value or raise StopIteration. + - gh-97786: Fix potential undefined behaviour in corner cases + of floating-point-to-time conversions. + - gh-101517: Fixed bug where bdb looks up the source line + with linecache with a lineno=None, which causes it to fail + with an unhandled exception. + - gh-101673: Fix a pdb bug where ll clears the changes to + local variables. + - gh-96931: Fix incorrect results from + ssl.SSLSocket.shared_ciphers() + - gh-88233: Correctly preserve “extra” fields in zipfile + regardless of their ordering relative to a zip64 “extra.” + - gh-96127: inspect.signature was raising TypeError on + call with mock objects. Now it correctly returns (*args, + **kwargs) as infered signature. + - gh-95495: When built against OpenSSL 3.0, the ssl module + had a bug where it reported unauthenticated EOFs (i.e. + without close_notify) as a clean TLS-level EOF. It now + raises SSLEOFError, matching the behavior in previous + versions of OpenSSL. The options attribute on SSLContext + also no longer includes OP_IGNORE_UNEXPECTED_EOF by + default. This option may be set to specify the previous + OpenSSL 3.0 behavior. + - gh-94440: Fix a concurrent.futures.process bug where + ProcessPoolExecutor shutdown could hang after a future has + been quickly submitted and canceled. + - Documentation + - gh-103112: Add docstring to http.client.HTTPResponse.read() + to fix pydoc output. + - gh-85417: Update cmath documentation to clarify behaviour + on branch cuts. + - gh-97725: Fix asyncio.Task.print_stack() description for + file=None. Patch by Oleg Iarygin. + - Tests + - gh-102980: Improve test coverage on pdb. + - gh-102537: Adjust the error handling strategy in + test_zoneinfo.TzPathTest.python_tzpath_context. Patch by + Paul Ganssle. + - gh-89792: test_tools now copies up to 10x less source data + to a temporary directory during the freeze test by ignoring + git metadata and other artifacts. It also limits its python + build parallelism based on os.cpu_count instead of hard + coding it as 8 cores. + - gh-101377: Improved test_locale_calendar_formatweekday of + calendar. + - Build + - gh-102711: Fix -Wstrict-prototypes compiler warnings. + +------------------------------------------------------------------- +Fri Mar 3 17:23:35 UTC 2023 - Matej Cepl + +- Update to 3.11.2: + Bug fixes, no changes in API and no security bugs. + +------------------------------------------------------------------- +Wed Mar 1 20:50:04 UTC 2023 - Matej Cepl + +- Add python310 Obsoletes line to obsolete_python_versioned macro. + +------------------------------------------------------------------- +Tue Feb 21 11:34:49 UTC 2023 - Matej Cepl + +- Add provides for readline and sqlite3 to the main Python + package. + +------------------------------------------------------------------- +Thu Jan 26 13:28:24 UTC 2023 - Thorsten Kukuk + +- Disable NIS for new products, it's deprecated and gets removed + +------------------------------------------------------------------- +Tue Jan 24 12:23:34 UTC 2023 - Dirk Müller + +- build GLIBC hwcaps optimized versions of the interpreter + +------------------------------------------------------------------- +Tue Jan 10 11:11:56 UTC 2023 - Matej Cepl + +- Don't fail on Sphinx build warnings. +- For jsc#PED-1570, jsc#PED-2217 and jsc#PED-68, + providing Python 3.11 for SLE-15-SP4. + +------------------------------------------------------------------- +Thu Dec 8 14:59:50 UTC 2022 - Matej Cepl + +- Update to 3.11.1: + - python -m http.server no longer allows terminal control + characters sent within a garbage request to be printed + to the stderr server lo This is done by changing the + http.server BaseHTTPRequestHandler .log_message method to + replace control characters with a \xHH hex escape before + printin + - Avoid publishing list of active per-interpreter audit hooks + via the gc module + - The IDNA codec decoder used on DNS hostnames by socket or + asyncio related name resolution functions no longer involves + a quadratic algorithm. This prevents a potential CPU denial + of service if an out-of-spec excessive length hostname + involving bidirectional characters were decoded. Some + protocols such as urllib http 3xx redirects potentially allow + for an attacker to supply such a name (CVE-2022-45061). + - Update bundled libexpat to 2.5.0 + - Fix a shell code injection vulnerability in the + get-remote-certificate.py example script. The script no + longer uses a shell to run openssl commands. Issue reported + and initial fix by Caleb Shortt. Patch by Victor Stinner. + - Fix a crash when an object which does not have a dictionary + frees its instance values. + - Fix a bug in the tokenizer that could cause infinite + recursion when showing syntax warnings that happen in the + first line of the source. Patch by Pablo Galindo + - Fix an issue that could cause frames to be visible to Python + code as they are being torn down, possibly leading to memory + corruption or hard crashes of the interpreter. + - Fix a reference bug in _imp.create_builtin() after the + creation of the first sub-interpreter for modules builtins + and sys. Patch by Victor Stinner. + - Fixed a bug that was causing a buffer overflow if the + tokenizer copies a line missing the newline caracter from a + file that is as long as the available tokenizer buffer. Patch + by Pablo galindo + - Fix bug where an ExceptionGroup subclass can wrap a + BaseException. + - Fix zip path for venv created from a non-installed python on + POSIX platforms. + - Fix an issue that could potentially cause incorrect error + handling for some bytecode instructions. + - Fix an issue that prevented PyThreadState and + PyInterpreterState memory from being freed properly. + - Fix failure in except* with unhashable exceptions. + - Fix calculation of sys._base_executable when inside a POSIX + virtual environment using copies of the python binary when + the base installation does not provide the executable name + used by the venv. Calculation will fall back to alternative + names (“python”, “python.”). + - Update faulthandler to emit an error message with the proper + unexpected signal number. Patch by Dong-hee Na. + - Fix location of SyntaxError for a try block with both except + and except*. + - Fix the error reporting positions of specialized traceback + anchors when the source line contains Unicode characters. + - Fix subscription of type aliases containing bare generic + types or types like TypeVar: for example tuple[A, T][int] and + tuple[TypeVar, T][int], where A is a generic type, and T is a + type variable. + - Lower the recursion depth for marshal on WASI to support + wasmtime 2.0/main. + - Fix multiple crashes in debug mode when str subclasses are + used instead of str itself. + - Fix an issue where member descriptors (such as those for + __slots__) could behave incorrectly or crash instead of + raising a TypeError when accessed via an instance of an + invalid type. + - Suppress ImportError for invalid query for help() + command. Patch by Dong-hee Na. + - Fix detection of MAC addresses for uuid on certain OSs. Patch + by Chaim Sanders + - Print exception class name instead of its string + representation when raising errors from ctypes calls. + - os.sched_yield() now release the GIL while calling + sched_yield(2). Patch by Dong-hee Na. + - Fix an issue that could delay the specialization of PRECALL + instructions. + - Bugfix: PyFunction_GetAnnotations() should return a borrowed + reference. It was returning a new reference. + - Ensure that all Python frame objects are backed by “complete” + frames. + - Fixed a missing incref/decref pair in + Exception.__setstate__(). Patch by Ofey Chan. + - Fix the Python path configuration used to initialized + sys.path at Python startup. Paths are no longer encoded + to UTF-8/strict to avoid encoding errors if it contains + surrogate characters (bytes paths are decoded with the + surrogateescape error handler). Patch by Victor Stinner. + - Fix overly-broad source position information for chained + comparisons used as branching conditions. + - At Python exit, sometimes a thread holding the GIL can + wait forever for a thread (usually a daemon thread) which + requested to drop the GIL, whereas the thread already + exited. To fix the race condition, the thread which requested + the GIL drop now resets its request before exiting. Issue + discovered and analyzed by Mingliang ZHAO. Patch by Victor + Stinner. + - Fix a possible assertion failure, fatal error, or SystemError + if a line tracing event raises an exception while opcode + tracing is enabled. + - Fix undefined behaviour in C code of null pointer arithmetic. + - Make sure that all frame objects created are created from + valid interpreter frames. Prevents the possibility of invalid + frames in backtraces and signal handlers. + - Disable incorrect pickling of the C implemented classmethod + descriptors. + - On WASI ENOTCAPABLE is now mapped to PermissionError. The + errno modules exposes the new error number. getpath.py now + ignores PermissionError when it cannot open landmark files + pybuilddir.txt and pyenv.cfg. + - Allow pdb to locate source for frozen modules in the standard + library. + - Raise ValueError instead of SystemError when methods of + uninitialized io.IncrementalNewlineDecoder objects are + called. Patch by Oren Milman. + - Fix a possible assertion failure in io.FileIO when the opener + returns an invalid file descriptor. + - Also escape s in the http.server + BaseHTTPRequestHandler.log_message so that it is technically + possible to parse the line and reconstruct what the original + data was. Without this a xHH is ambiguious as to if it is a + hex replacement we put in or the characters r”x” came through + in the original request line. + - asyncio.get_event_loop() now only emits a deprecation warning + when a new event loop was created implicitly. It no longer + emits a deprecation warning if the current event loop was + set. + - Fix bug when calling trace.CoverageResults with valid infile. + - Fix a bug in handling class cleanups in + unittest.TestCase. Now addClassCleanup() uses separate lists + for different TestCase subclasses, and doClassCleanups() only + cleans up the particular class. + - Release the GIL when calling termios APIs to avoid blocking + threads. + - Fix ast.increment_lineno() to also cover ast.TypeIgnore when + changing line numbers. + - Fix bug in urllib.parse.urlparse() that causes URL schemes + that begin with a digit, a plus sign, or a minus sign to be + parsed incorrectly. + - Check the number of arguments in substitution in user + generics containing a TypeVarTuple and one or more TypeVar. + - Fix substitution of ParamSpec followed by TypeVarTuple in + generic aliases. + - Fix substitution of TypeVarTuple and ParamSpec together in + user generics. + - Fixed bug where inspect.signature() reported incorrect + arguments for decorated methods. + - Fix SystemError in ctypes when exception was not set during + __initsubclass__. + - Remove older version of + _SSLProtocolTransport.get_write_buffer_limits in + asyncio.sslproto + - fix negative numbers failing in verify() + - Fix statistics.NormalDist pickle with 0 and 1 protocols. + - enum.auto() is now correctly activated when combined with + other assignment values. E.g. ONE = auto(), 'some text' will + now evaluate as (1, 'some text'). + - Update the bundled copy of pip to version 22.3.1. + - Clean up refleak on failed module initialisation in _zoneinfo + - Clean up refleaks on failed module initialisation in in + _pickle + - Clean up refleak on failed module initialisation in _io. + - Fix memory leak in math.dist() when both points don’t have + the same dimension. Patch by Kumar Aditya. + - [3.11] Applied changes from importlib_metadata 4.11.4 + through 4.13, including compatibility and robustness + fixes for Distribution objects without _normalized_name, + disallowing invalid inputs to Distribution.from_name, and + refined behaviors in PathDistribution._name_from_stem and + PathDistribution._normalized_name. + - Fix argument typechecks in _overlapped.WSAConnect() and + _overlapped.Overlapped.WSASendTo() functions. + - Prevent crashing in traceback when retrieving the byte-offset + for some source files that contain certain unicode + characters. + - Fix internal error in the re module which in very rare + circumstances prevented compilation of a regular expression + containing a conditional expression without the “else” + branch. + - Fix asyncio.StreamWriter.drain() to call + protocol.connection_lost callback only once on Windows. + - Add a mutex to unittest.mock.NonCallableMock to protect + concurrent access to mock attributes. + - Fix hang on Windows in subprocess.wait_closed() in asyncio + with ProactorEventLoop. Patch by Kumar Aditya. + - Fix infinite loop in unittest when a self-referencing chained + exception is raised + - tkinter.Text.count() raises now an exception for options + starting with “-” instead of silently ignoring them. + - On uname_result, restored expectation that _fields and + _asdict would include all six properties including processor. + - A createSocket() method was added to SysLogHandler. + - Fix bug in urllib.parse.urlparse() that causes certain port + numbers containing whitespace, underscores, plus and minus + signs, or non-ASCII digits to be incorrectly accepted. + - Allow venv to pass along PYTHON* variables to ensurepip and + pip when they do not impact path resolution + - On macOS, fix a crash in syslog.syslog() in multi-threaded + applications. On macOS, the libc syslog() function is not + thread-safe, so syslog.syslog() no longer releases the GIL to + call it. Patch by Victor Stinner. + - Allow BUILTINS to be a valid field name for frozen + dataclasses. + - Wrap network errors consistently in urllib FTP support, so + the test suite doesn’t fail when a network is available but + the public internet is not reachable. + - Make sure patch.dict() can be applied on async functions. + - Earlier in 3.11 we deprecated + asyncio.Task.cancel("message"). We realized we were too + harsh, and have undeprecated it. + - Change deprecate warning message in unittest from It is + deprecated to return a value!=None to It is deprecated to + return a value that is not None from a test case + - Fixes AttributeError when subprocess.check_output() is used + with argument input=None and either of the arguments encoding + or errors are used. + - Fix is_private properties in the ipaddress module. Previously + non-private networks (0.0.0.0/0) would return True from this + method; now they correctly return False. + - Avoid spurious tracebacks from asyncio when default executor + cleanup is delayed until after the event loop is closed (e.g. + as the result of a keyboard interrupt). + - Avoid a crash in the C version of + asyncio.Future.remove_done_callback() when an evil argument + is passed. + - Remove tokenize.NL check from tabnanny. + - Fix generation of the default name of + tkinter.Checkbutton. Previously, checkbuttons in different + parent widgets could have the same short name and share + the same state if arguments “name” and “variable” are not + specified. Now they are globally unique. + - Update bundled libexpat to 2.4.9 + - Fix race condition in asyncio where process_exited() called + before the pipe_data_received() leading to inconsistent + output. Patch by Kumar Aditya. + - Fixed check in multiprocessing.resource_tracker that + guarantees that the length of a write to a pipe is not + greater than PIPE_BUF. + - Corrected type annotation for dataclass attribute + pstats.FunctionProfile.ncalls to be str. + - Fix repr of Any subclasses. + - Work around missing socket functions in socket’s __repr__. + - In inspect, fix overeager replacement of “typing.” in + formatting annotations. + - Fix handling of bytes path-like objects in os.ismount(). + - Fix handling compiler warnings (SyntaxWarning and + DeprecationWarning) in codeop.compile_command() when checking + for incomplete input. Previously it emitted warnings and + raised a SyntaxError. Now it always returns None for + incomplete input without emitting any warnings. + - To avoid apparent memory leaks when asyncio.open_connection() + raises, break reference cycles generated by local exception + and future instances (which has exception instance as its + member var). Patch by Dong Uk, Kang. + - Fixed flickering of the turtle window when the tracer is + turned off. Patch by Shin-myoung-serp. + - Fix asyncio subprocess transport to kill process cleanly + when process is blocked and avoid RuntimeError when loop is + closed. Patch by Kumar Aditya. + - Prevent error when activating venv in nested fish instances. + - TarFile.next() now returns None when called on an empty + tarfile. + - Document the optional callback parameter of WeakMethod. Patch + by Géry Ogam. + - Restrict use of sockets instead of pipes for stdin of + subprocesses created by asyncio to AIX platform only. + - shutil.copytree() now applies the ignore_dangling_symlinks + argument recursively. + - Fix IndexError in argparse.ArgumentParser when a store_true + action is given an explicit argument. + - Document that calling variadic functions with ctypes requires + special care on macOS/arm64 (and possibly other platforms). + - Remove extra row + - Clarified the conflicting advice given in the ast + documentation about ast.literal_eval() being “safe” for use + on untrusted input while at the same time warning that it + can crash the process. The latter statement is true and is + deemed unfixable without a large amount of work unsuitable + for a bugfix. So we keep the warning and no longer claim that + literal_eval is safe. + - Restructured the documentation for the os.wait* family of + functions, and improved the docs for os.waitid() with more + explanation of the possible argument constants. + - Skip test_normalization() of test_unicodedata if it + fails to download NormalizationTest.txt file from + pythontest.net. Patch by Victor Stinner. + - Correct test_marsh on (32 bit) x86: test_deterministic sets + was failing. + - Optional big memory tests in test_sqlite3 now catch the + correct sqlite.DataError exception type in case of too large + strings and/or blobs passed. + - Fix a bug in the typing tests where a test relying + on CPython-specific implementation details was not + decorated with @cpython_only and was not skipped on other + implementations. + - Add tests for star-unpacking with PEP 646, and some other + miscellaneous PEP 646 tests. + - Added explicit coverage of Py_Initialize (and hence + Py_InitializeEx) back to the embedding tests (all other + embedding tests migrated to Py_InitializeFromConfig in Python + 3.11) + - Some C API tests were moved into the new Lib/test/test_capi/ + directory. + - Fix -Wimplicit-int, -Wstrict-prototypes, and + -Wimplicit-function-declaration compiler warnings in + configure checks. + - Fix a compilation issue with GCC 12 on macOS. + - Fix -Wimplicit-int compiler warning in configure check for + PTHREAD_SCOPE_SYSTEM. + - Fix a possible fd leak in Programs/_freeze_module.c + introduced in Python 3.11. + - Fix build with PYTHON_FOR_REGEN=python3.8. + - Specify the full path to the source location for make + docclean (needed for cross-builds). + - Don’t use vendored libmpdec headers if --with-system-libmpdec + is passed to configure. Don’t use vendored libexpat headers + if --with-system-expat is passed to !configure. + - Fix the build process of clang compiler for _bootstrap_python + if LTO optimization is applied. Patch by Matthias Görgens and + Dong-hee Na. + - wasm32-emscripten builds for browsers now include + concurrent.futures for asyncio and unittest.mock. + - wasm32-emscripten platform no longer builds resource module, + getresuid(), getresgid(), and their setters. The APIs are + stubs and not functional. + - Updated pegen regeneration script on Windows to find and + use Python 3.9 or higher. Prior to this, pegen regeneration + already required 3.9 or higher, but the script may have used + lower versions of Python. + - Fix a bug in the previous bugfix that caused IDLE to + not start when run with 3.10.8, 3.12.0a1, and at least + Microsoft Python 3.10.2288.0 installed without the Lib/test + package. 3.11.0 was never affected. + - The wasm_build.py script now pre-builds Emscripten ports, + checks for broken EMSDK versions, and warns about pkg-config + env vars. + - The new tool Tools/wasm/wasm_builder.py automates configure, + compile, and test steps for building CPython on WebAssembly + platforms. + - Fix handling of module docstrings in Tools/i18n/pygettext.py. + - PyBUF_* constants were marked as part of Limited API + of Python 3.11+. These were available in 3.11.0 with + Py_LIMITED_API defined for 3.11, and are necessary to use the + buffer API. + - Fix use-after-free in Py_SetPythonHome(NULL), + Py_SetProgramName(NULL) and _Py_SetProgramFullPath(NULL) + function calls. Issue reported by Benedikt Reinartz. Patch by + Victor Stinner. + - Py_InitializeEx now correctly calls PyConfig_Clear after + initializing the interpreter (the omission didn’t cause a + memory leak only because none of the dynamically allocated + config fields are populated by the wrapper function) +- Removed upstreamed patches: + - 98437-sphinx.locale._-as-gettext-in-pyspecific.patch + - CVE-2022-45061-DoS-by-IDNA-decode.patch + +------------------------------------------------------------------- +Wed Nov 9 18:31:23 UTC 2022 - Matej Cepl + +- Add CVE-2022-45061-DoS-by-IDNA-decode.patch to avoid + CVE-2022-45061 (bsc#1205244) allowing DoS by IDNA decoding + extremely long domain names. + +------------------------------------------------------------------- +Tue Oct 25 08:39:47 UTC 2022 - Matej Cepl + +- Update to 3.11.0 (overall changes from 3.10.*): + - General changes + - PEP 657 -- Include Fine-Grained Error Locations in + Tracebacks + - PEP 654 -- Exception Groups and except* + - PEP 680 -- tomllib: Support for Parsing TOML in the + Standard Library + - gh-90908 -- Introduce task groups to asyncio + - gh-34627 -- Atomic grouping ((?>...)) and possessive + quantifiers (*+, ++, ?+, {m,n}+) are now supported in + regular expressions. + - The Faster CPython Project is already yielding some + exciting results. Python 3.11 is up to 10-60% faster than + Python 3.10. On average, we measured a 1.22x speedup on the + standard benchmark suite. See Faster CPython for details. + - Typing and typing language changes + - PEP 673 -- Self Type + - PEP 646 -- Variadic Generics + - PEP 675 -- Arbitrary Literal String Type + - PEP 655 -- Marking individual TypedDict items as required + or potentially-missing + - PEP 681 -- Data Class Transforms +- (just changes from 3.11.0rc2): + - Fix multiplying a list by an integer (list *= int): detect + the integer overflow when the new allocated length is close + to the maximum size. Issue reported by Jordan Limor. Patch by + Victor Stinner. + - On Linux the multiprocessing module returns to using + filesystem backed unix domain sockets for communication + with the forkserver process instead of the Linux abstract + socket namespace. Only code that chooses to use the + “forkserver” start method is affected. Abstract sockets have + no permissions and could allow any user on the system in the + same network namespace (often the whole system) to inject + code into the multiprocessing forkserver process. This was + a potential privilege escalation. Filesystem based socket + permissions restrict this to the forkserver process user as + was the default in Python 3.8 and earlier. This prevents + Linux CVE-2022-42919. + - Fix an issue where several frame objects could be backed by + the same interpreter frame, possibly leading to corrupted + memory and hard crashes of the interpreter. + - Fix possible data corruption or crashes when accessing the + f_back member of newly-created generator or coroutine frames. + - Fix a crash occurring when PyEval_GetFrame() is called while + the topmost Python frame is in a partially-initialized state. + - Fix command line parsing: reject -X int_max_str_digits option + with no value (invalid) when the PYTHONINTMAXSTRDIGITS + environment variable is set to a valid limit. Patch by Victor + Stinner. + - Fix undefined behaviour in _testcapimodule.c. + - When ValueError is raised if an integer is larger than the + limit, mention the sys.set_int_max_str_digits() function in + the error message. Patch by Victor Stinner. + - Correctly raise SyntaxError on exception groups (PEP 654) on + python versions prior to 3.11 + - Document some places where an assignment expression needs + parentheses. + - Update the bundled copies of pip and setuptools to versions + 22.3 and 65.5.0 respectively. + - fix Flag to use boundary CONFORM + - This restores previous Flag behavior of allowing flags with + non-sequential values to be combined; e.g. + - class Skip(Flag): TWO = 2 EIGHT = 8 + - Skip.TWO | Skip.EIGHT -> + - Fix ! in c domain ref target syntax via a conf.py patch, so + it works as intended to disable ref target resolution. + - Update tutorial introduction output to use 3.10+ SyntaxError + invalid range. + +------------------------------------------------------------------- +Fri Oct 21 10:14:03 UTC 2022 - Matej Cepl + +- Add 98437-sphinx.locale._-as-gettext-in-pyspecific.patch to + allow building of documentation with the latest Sphinx 5.3.0 + (gh#python/cpython#98366). + +------------------------------------------------------------------- +Thu Sep 15 08:43:07 UTC 2022 - Matej Cepl + +- Update to 3.11.0rc2: + - Converting between int and str in bases other than 2 + (binary), 4, 8 (octal), 16 (hexadecimal), or 32 such as base + 10 (decimal) now raises a ValueError if the number of digits + in string form is above a limit to avoid potential denial of + service attacks due to the algorithmic complexity. This is + a mitigation for CVE-2020-10735. + This new limit can be configured or disabled by environment + variable, command line flag, or sys APIs. See the integer + string conversion length limitation documentation. The + default limit is 4300 digits in string form. + - Fix case of undefined behavior in ceval.c + - Do not expose KeyWrapper in _functools. + - Ensure that tracing, sys.setrace(), is turned on + immediately. In pre-release versions of 3.11, some tracing + events might have been lost when turning on tracing in a + __del__ method or interrupt. + - Fix use after free in trace refs build mode. Patch by Kumar + Aditya. + - When loading a file with invalid UTF-8 inside a multi-line + string, a correct SyntaxError is emitted. + - Make sure that incomplete frames do not show up in + tracemalloc traces. + - Remove two cases of undefined behavior, by adding NULL + checks. + - Fix possible NULL pointer dereference in + _PyThread_CurrentFrames. Patch by Kumar Aditya. + - Fix AttributeError missing name and obj attributes in + object.__getattribute__(). Patch by Philip Georgi. + - Loading a file with invalid UTF-8 will now report the broken + character at the correct location. + - Fixed a bug that caused _PyCode_GetExtra to return garbage + for negative indexes. Patch by Pablo Galindo + - Fix a deadlock in PyGILState_Ensure() when allocating new + thread state. Patch by Kumar Aditya. + - PyType_Ready() now initializes ht_cached_keys and performs + additional checks to ensure that type objects are properly + configured. This avoids crashes in 3rd party packages that + don’t use regular API to create new types. + - Skip over incomplete frames in PyThreadState_GetFrame(). + - Fix format string in _PyPegen_raise_error_known_location that + can lead to memory corruption on some 64bit systems. The + function was building a tuple with i (int) instead of n + (Py_ssize_t) for Py_ssize_t arguments. + - Fix misleading contents of error message when converting an + all-whitespace string to float. + - ast.parse() will no longer parse function definitions with + positional-only params when passed feature_version less than + (3, 8). Patch by Shantanu Jain. + - Fix incorrect error message in the io module. + - Fix the faulthandler implementation of + faulthandler.register(signal, chain=True) if the sigaction() + function is not available: don’t call the previous signal + handler if it’s NULL. Patch by Victor Stinner. + - Correct conversion of numbers.Rational’s to float. + - Fix TypeVarTuple.__typing_prepare_subst__. TypeError was not + raised when using more than one TypeVarTuple, like [*T, *V] + in type alias substitutions. + - Fix asyncio.streams.StreamReaderProtocol to keep a strong + reference to the created task, so that it’s not garbage + collected + - Fix a performance regression in logging + TimedRotatingFileHandler. Only check for special files when + the rollover time has passed. + - Fix unused localName parameter in the Attr class in + xml.dom.minidom. + - Fix incorrect condition that causes sys.thread_info.name to + be wrong on pthread platforms. + - Remove an incompatible change from bpo-28080 that caused a + regression that ignored the utf8 in ZipInfo.flag_bits. Patch + by Pablo Galindo. + - Fix asyncio.Runner to call asyncio.set_event_loop() only + once to avoid calling attach_loop() multiple times on child + watchers. Patch by Kumar Aditya. + - Fix unittest.IsolatedAsyncioTestCase to set event loop before + calling setup functions. Patch by Kumar Aditya. + - When a task catches asyncio.CancelledError and raises some + other error, the other error should generally not silently be + suppressed. + - Fail gracefully if EPERM or ENOSYS is raised when loading + crypt methods. This may happen when trying to load MD5 on a + Linux kernel with FIPS enabled. + - Allow asyncio.StreamWriter.drain() to be awaited concurrently + by multiple tasks. Patch by Kumar Aditya. + - Fix ast.unparse() when ImportFrom.level is None + - Improve discoverability of the higher level + concurrent.futures module by providing clearer links from the + lower level threading and multiprocessing modules. + - What’s New 3.11 now has instructions for how to provide + compiler and linker flags for Tcl/Tk and OpenSSL on RHEL 7 + and CentOS 7. + - Mitigate the inherent race condition from using + find_unused_port() in testSockName() by trying to find an + unused port a few times before failing. Patch by Ross Burton. + - Build and test with OpenSSL 1.1.1q +- Use support-expat-CVE-2022-25236-patched.patch from the current + version of gh#python/cpython#93900 instead of the old + support-expat-245.patch. +- Reapply fix_configure_rst.patch. + +------------------------------------------------------------------- +Mon Sep 5 08:43:49 UTC 2022 - Andreas Schwab + +- Increase testsuite timeout for test_freeze_simple_script + +------------------------------------------------------------------- +Sat Aug 20 21:31:40 UTC 2022 - Matej Cepl + +- fix import_failed.map to refer to the python 3.11 package versions + +------------------------------------------------------------------- +Sat Aug 20 14:05:21 UTC 2022 - Matej Cepl + +- Update to 3.11.0rc1: + - Core and Builtins + - Update code object hashing and equality to consider all + debugging and exception handling tables. This fixes an + issue where certain non-identical code objects could be + “deduplicated” during compilation. + - _PyPegen_Parser_New now properly detects token memory + allocation errors. Patch by Honglin Zhu. + - Run Python code in tracer/profiler function at full + speed. Fixes slowdown in earlier versions of 3.11. + - Emit a warning in debug mode if an object does not call + PyObject_GC_UnTrack() before deallocation. Patch by Pablo + Galindo. + - Prevented crashes in the AST constructor when + compiling some absurdly long expressions like + "+0"*1000000. RecursionError is now raised instead. Patch + by Pablo Galindo + - ast.AST node positions are now validated when provided to + compile() and other related functions. If invalid positions + are detected, a ValueError will be raised. + - Fix error detection in some builtin functions when keyword + argument name is an instance of a str subclass with + overloaded __eq__ and __hash__. Previously it could cause + SystemError or other undesired behavior. + - Library + - Update bundled pip to 22.2.2. + - Fix asyncio.TaskGroup to propagate exception when + asyncio.CancelledError was replaced with another exception + by a context manger. Patch by Kumar Aditya and Guido van + Rossum. + - Update bundled pip to 22.2.1. + - Fix GC crash when deallocating _lsprof.Profiler by + untracking it before calling any callbacks. Patch by Kumar + Aditya. + - Fix asyncio.run() for asyncio.Task implementations without + uncancel() method. Patch by Kumar Aditya. + - Fix check for existence of os.EFD_CLOEXEC, os.EFD_NONBLOCK + and os.EFD_SEMAPHORE flags on older kernel versions where + these flags are not present. Patch by Kumar Aditya. + - Fix concurrent.futures.Executor.map() to cancel the + currently waiting on future on an error - e.g. TimeoutError + or KeyboardInterrupt. + - Ensure that timeouts scheduled with asyncio.Timeout that + have already expired are delivered promptly. + - Suppress writing an XML declaration in open files + in ElementTree.write() with encoding='unicode' and + xml_declaration=None. + - Fix findtext in the xml module to only give an empty string + when the text attribute is set to None. + - Documentation + - Fix stylesheet not working in Windows CHM htmlhelp docs + and add warning that they are deprecated. Contributed by + C.A.M. Gerlach. + - Update library documentation with availability information + on WebAssembly platforms wasm32-emscripten and wasm32-wasi. + - Use consistent syntax for platform availability. The + directive now supports a content body and emits a warning + when it encounters an unknown platform. + - Document a limitation in ThreadPoolExecutor where its exit + handler is executed before any handlers in atexit. + - Tests + - Lib/test/test_asyncio/test_ssl.py exposed a bug in the + macOS kernel where intense concurrent load on non-blocking + sockets occasionally causes errno.ENOBUFS (“No buffer space + available”) to be emitted. FB11063974 filed with Apple, in + the mean time as a workaround buffer size used in tests on + macOS is decreased to avoid intermittent failures. Patch by + Fantix King. + - Fix problem with test_ssl test_get_ciphers on systems that + require perfect forward secrecy (PFS) ciphers. + - Add a regression test for re exponentional slowdown when + using rjsmin. + - Build + - Fix a regression in configure script that caused some + header checks to ignore custom CPPFLAGS. The regression was + introduced in gh-94802. + - wasm32-wasi builds no longer depend on WASIX’s pthread + stubs. Python now has its own stubbed pthread API. + - Python now detects missing dup function in WASI and works + around some missing errno, select, and socket constants. + - Python now skips missing socket functions and methods on + WASI. WASI can only create sockets from existing fd / + accept and has no netdb. + - Platforms wasm32-unknown-emscripten and wasm32-unknown-wasi + have been promoted to PEP 11 tier 3 platform support. + - IDLE + - Document handling of extensions in Save As dialogs. + - Include prompts when saving Shell (interactive input and + output). + - Fix the Shell context menu copy-with-prompts bug of copying + an extra line when one selects whole lines. + - In the Edit menu, move Select All and add a new separator. + - Enable using IDLE’s module browser with .pyw files. + - Add .pyi as a recognized extension for IDLE on macOS. This + allows opening stub files by double clicking on them in the + Finder. + - C API + - Restore the 3.10 behavior for multiple inheritance of C + extension classes that store their dictionary at the end of + the struct. + - Added PyCode_GetVarnames(), PyCode_GetCellvars() and + PyCode_GetFreevars() for accessing co_varnames, co_cellvars + and co_freevars respectively via the C API. + +------------------------------------------------------------------- +Tue Jul 26 10:37:31 UTC 2022 - Matej Cepl + +- Update to 3.11.0b5: + - Core and Builtins + - gh-93351: ast.AST node positions are now validated when + provided to compile() and other related functions. If + invalid positions are detected, a ValueError will be + raised. + - gh-94438: Fix an issue that caused extended opcode + arguments and some conditional pops to be ignored when + calculating valid jump targets for assignments to the + f_lineno attribute of frame objects. In some cases, this + could cause inconsistent internal state, resulting in a + hard crash of the interpreter. + - gh-95060: Undocumented PyCode_Addr2Location function now + properly returns when addrq argument is less than zero. + - gh-95113: Replace all EXTENDED_ARG_QUICK instructions + with basic EXTENDED_ARG instructions in unquickened + code. Consumers of non-adaptive bytecode should be able to + handle extended arguments the same way they were handled in + CPython 3.10 and older. + - gh-91409: Fix incorrect source location info caused by + certain optimizations in the bytecode compiler. + - gh-94036: Fix incorrect source location info for some + multi-line attribute accesses and method calls. + - gh-94739: Allow jumping within, out of, and across + exception handlers in the debugger. + - gh-94949: ast.parse() will no longer parse parenthesized + context managers when passed feature_version less than (3, + 9). Patch by Shantanu Jain. + - gh-94947: ast.parse() will no longer parse assignment + expressions when passed feature_version less than (3, + 8). Patch by Shantanu Jain. + - gh-91256: Ensures the program name is known for help text + during interpreter startup. + - gh-94869: Fix the column offsets for some expressions in + multi-line f-strings ast nodes. Patch by Pablo Galindo. + - gh-94822: Fix an issue where lookups of metaclass + descriptors may be ignored when an identically-named + attribute also exists on the class itself. + - gh-91153: Fix an issue where a bytearray item assignment + could crash if it’s resized by the new value’s __index__() + method. + - gh-90699: Fix reference counting bug in + bool.__repr__(). Patch by Kumar Aditya. + - Library + - gh-95087: Fix IndexError in parsing invalid date in the + email module. + - gh-95199: Upgrade bundled setuptools to 63.2.0. + - gh-95194: Upgrade bundled pip to 22.2. + - gh-95132: Fix a sqlite3 regression where *args and **kwds + were incorrectly relayed from connect() to the Connection + factory. The regression was introduced in 3.11a1 with PR + 24421 (gh-85128). Patch by Erlend E. Aasland.` + - gh-93157: Fix fileinput module didn’t support errors option + when inplace is true. + - gh-95105: wsgiref.types.InputStream.__iter__() should + return Iterator[bytes], not Iterable[bytes]. Patch by + Shantanu Jain. + - gh-94857: Fix refleak in + _io.TextIOWrapper.reconfigure. Patch by Kumar Aditya. + - gh-94821: Fix binding of unix socket to empty address + on Linux to use an available address from the abstract + namespace, instead of “0”. + - gh-89988: Fix memory leak in pickle.Pickler when looking up + dispatch_table. Patch by Kumar Aditya. + - bpo-47025: Drop support for bytes on sys.path. + - Tests + - gh-95212: Make multiprocessing test case + test_shared_memory_recreate parallel-safe. + - Build + - gh-94847: Fixed _decimal module build issue on GCC when + compiling with LTO and pydebug. Debug builds no longer + force inlining of functions. + - gh-94841: Fix the possible performance regression of + PyObject_Free() compiled with MSVC version 1932. + - gh-94801: configure now uses custom flags like ZLIB_CFLAGS + and ZLIB_LIBS when searching for headers and libraries. + - gh-94773: deepfreeze.py now supports code object with + frozensets that contain incompatible, unsortable types. + - C API + - gh-94930: Fix SystemError raised when + PyArg_ParseTupleAndKeywords() is used with # in (...) but + without PY_SSIZE_T_CLEAN defined. + - gh-94864: Fix PyArg_Parse* with deprecated format units “u” + and “Z”. It returned 1 (success) when warnings are turned + into exceptions. + - gh-94731: Python again uses C-style casts for + most casting operations when compiled with + C++. This may trigger compiler warnings, if they + are enabled with e.g. -Wold-style-cast `` or + ``-Wzero-as-null-pointer-constant options for g++. + +------------------------------------------------------------------- +Thu Jul 21 14:19:53 UTC 2022 - Matej Cepl + +- Switch from %primary_interpreter to prjconf-defined + %primary_python (gh#openSUSE/python-rpm-macros#127). + +------------------------------------------------------------------- +Thu Jul 14 15:37:35 UTC 2022 - Matej Cepl + +- Update to 3.11.0b4: +- Fixes many bugs and adds following more significant changes +- Security + - gh-68966: The deprecated mailcap module now refuses to inject + Coreunsafe text (filenames, MIME types, parameters) into + shell Corecommands. Instead of using such text, it will + warn and act Coreas if a match was not found (or for test + commands, as if the Coretest failed). and Builtins + - gh-93516: Lazily create a table mapping bytecode offsets to + line numbers to speed up calculation of line numbers when + tracing. + - gh-93461: importlib.invalidate_caches() now drops entries + from sys.path_importer_cache with a relative path as + name. This solves a caching issue when a process changes its + current working directory. + - FileFinder no longer inserts a dot in the path, e.g. + /egg/./spam is now /egg/spam. +Library + - gh-93896: Fix asyncio.run() and + unittest.IsolatedAsyncioTestCase to always the set event loop + as it was done in Python 3.10 and earlier. Patch by Kumar + Aditya. + - gh-94101: Manual instantiation of ssl.SSLSession objects is + no longer allowed as it lead to misconfigured instances that + crashed the interpreter when attributes where accessed on + them. + - gh-83658: Make multiprocessing.Pool raise an exception if + maxtasksperchild is not None or a positive int. + - gh-61162: Clarify sqlite3 behavior when Using the connection + as a context manager. +Tools/Demos + - gh-94538: Fix Argument Clinic output to custom file + destinations. Patch by Erlend E. Aasland. +C API + - gh-93937: The following frame functions and type are now + directly available with #include , it’s no longer + needed to add #include : + PyFrame_Check() + PyFrame_GetBack() + PyFrame_GetBuiltins() + PyFrame_GetGenerator() + PyFrame_GetGlobals() + PyFrame_GetLasti() + PyFrame_GetLocals() + PyFrame_Type + +------------------------------------------------------------------- +Tue May 31 20:54:36 UTC 2022 - Matej Cepl + +- Update to 3.11.0b2: + - many small updates +- Add patch support-expat-245.patch: + * Support Expat >= 2.4.4 (jsc#SLE-21253) + +------------------------------------------------------------------- +Tue May 10 15:01:18 UTC 2022 - Matej Cepl + +- Refresh bluez-devel-vendor.tar.xz +- Fix building with system-expat (gh#python/cpython#92875). Nope, + it didn't work, worked around it. + +------------------------------------------------------------------- +Mon May 9 15:09:03 UTC 2022 - Matej Cepl + +- Update to pre-release version 3.11.0b1: + - PEP 657 – Include Fine-Grained Error Locations in Tracebacks + - PEP 654 – Exception Groups and except* + - PEP 673 – Self Type + - PEP 646 – Variadic Generics + - PEP 680– tomllib: Support for Parsing TOML in the Standard Library + - PEP 675– Arbitrary Literal String Type + - PEP 655– Marking individual TypedDict items as required or potentially-missing + - bpo-46752– Introduce task groups to asyncio + - The Faster Cpython Project is already yielding some exciting + results. Python 3.11 is up to 10-60% faster than Python + 3.10. On average, we measured a 1.22x speedup on the standard + benchmark suite. See + https://docs.python.org/3.11/whatsnew/3.11.html#faster-cpython + for details. + +------------------------------------------------------------------- +Thu May 5 14:35:56 UTC 2022 - Matej Cepl + +- Switch primary_interpreter from python38 to python310 + +------------------------------------------------------------------- +Sat Mar 26 22:52:45 UTC 2022 - Matej Cepl + +- Update to 3.10.4: + - bpo-46968: Check for the existence of the “sys/auxv.h” header + in faulthandler to avoid compilation problems in systems + where this header doesn’t exist. Patch by Pablo Galindo + - bpo-23691: Protect the re.finditer() iterator from + re-entering. + - bpo-42369: Fix thread safety of zipfile._SharedFile.tell() to + avoid a “zipfile.BadZipFile: Bad CRC-32 for file” exception + when reading a ZipFile from multiple threads. + - bpo-38256: Fix binascii.crc32() when it is compiled to use + zlib’c crc32 to work properly on inputs 4+GiB in length + instead of returning the wrong result. The workaround prior + to this was to always feed the function data in increments + smaller than 4GiB or to just call the zlib module function. + - bpo-39394: A warning about inline flags not at the start of + the regular expression now contains the position of the flag. + - bpo-47061: Deprecate the various modules listed by PEP 594: + - aifc, asynchat, asyncore, audioop, cgi, cgitb, chunk, crypt, + imghdr, msilib, nntplib, nis, ossaudiodev, pipes, smtpd, + sndhdr, spwd, sunau, telnetlib, uu, xdrlib + - bpo-2604: Fix bug where doctests using globals would fail + when run multiple times. + - bpo-45997: Fix asyncio.Semaphore re-aquiring FIFO order. + - bpo-47022: The asynchat, asyncore and smtpd modules have been + deprecated since at least Python 3.6. Their documentation and + deprecation warnings and have now been updated to note they + will removed in Python 3.12 (PEP 594). + - bpo-46421: Fix a unittest issue where if the command was + invoked as python -m unittest and the filename(s) began with + a dot (.), a ValueError is returned. + - bpo-40296: Fix supporting generic aliases in pydoc. + +- Update to 3.10.3: + - bpo-46940: Avoid overriding AttributeError metadata + information for nested attribute access calls. Patch by Pablo + Galindo. + - bpo-46852: Rename the private undocumented + float.__set_format__() method to float.__setformat__() to fix + a typo introduced in Python 3.7. The method is only used by + test_float. Patch by Victor Stinner. + - bpo-46794: Bump up the libexpat version into 2.4.6 + - bpo-46820: Fix parsing a numeric literal immediately (without + spaces) followed by “not in” keywords, like in 1not in x. Now + the parser only emits a warning, not a syntax error. + - bpo-46762: Fix an assert failure in debug builds when a ‘<’, + ‘>’, or ‘=’ is the last character in an f-string that’s + missing a closing right brace. + - bpo-46724: Make sure that all backwards jumps use the + JUMP_ABSOLUTE instruction, rather than JUMP_FORWARD with an + argument of (2**32)+offset. + - bpo-46732: Correct the docstring for the __bool__() method. + Patch by Jelle Zijlstra. + - bpo-46707: Avoid potential exponential backtracking when + producing some syntax errors involving lots of brackets. + Patch by Pablo Galindo. + - bpo-40479: Add a missing call to va_end() in + Modules/_hashopenssl.c. + - bpo-46615: When iterating over sets internally in + setobject.c, acquire strong references to the resulting items + from the set. This prevents crashes in corner-cases of + various set operations where the set gets mutated. + - bpo-45773: Remove two invalid “peephole” optimizations from + the bytecode compiler. + - bpo-43721: Fix docstrings of getter, setter, and deleter to + clarify that they create a new copy of the property. + - bpo-46503: Fix an assert when parsing some invalid N escape + sequences in f-strings. + - bpo-46417: Fix a race condition on setting a type __bases__ + attribute: the internal function add_subclass() now gets the + PyTypeObject.tp_subclasses member after calling + PyWeakref_NewRef() which can trigger a garbage collection + which can indirectly modify PyTypeObject.tp_subclasses. Patch + by Victor Stinner. + - bpo-46383: Fix invalid signature of _zoneinfo’s module_free + function to resolve a crash on wasm32-emscripten platform. + - bpo-46070: Py_EndInterpreter() now explicitly untracks all + objects currently tracked by the GC. Previously, if an object + was used later by another interpreter, calling + PyObject_GC_UnTrack() on the object crashed if the previous + or the next object of the PyGC_Head structure became + a dangling pointer. Patch by Victor Stinner. + - bpo-46339: Fix a crash in the parser when retrieving the + error text for multi-line f-strings expressions that do not + start in the first line of the string. Patch by Pablo Galindo + - bpo-46240: Correct the error message for unclosed parentheses + when the tokenizer doesn’t reach the end of the source when + the error is reported. Patch by Pablo Galindo + - bpo-46091: Correctly calculate indentation levels for lines + with whitespace character that are ended by line continuation + characters. Patch by Pablo Galindo + - bpo-43253: Fix a crash when closing transports where the + underlying socket handle is already invalid on the Proactor + event loop. + - bpo-47004: Apply bugfixes from importlib_metadata 4.11.3, + including bugfix for EntryPoint.extras, which was returning + match objects and not the extras strings. + - bpo-46985: Upgrade pip wheel bundled with ensurepip (pip + 22.0.4) + - bpo-46968: faulthandler: On Linux 5.14 and newer, dynamically + determine size of signal handler stack size CPython allocates + using getauxval(AT_MINSIGSTKSZ). This changes allows for + Python extension’s request to Linux kernel to use AMX_TILE + instruction set on Sapphire Rapids Xeon processor to succeed, + unblocking use of the ISA in frameworks. + - bpo-46955: Expose asyncio.base_events.Server as + asyncio.Server. Patch by Stefan Zabka. + - bpo-23325: The signal module no longer assumes that SIG_IGN + and SIG_DFL are small int singletons. + - bpo-46932: Update bundled libexpat to 2.4.7 + - bpo-25707: Fixed a file leak in + xml.etree.ElementTree.iterparse() when the iterator is not + exhausted. Patch by Jacob Walls. + - bpo-44886: Inherit asyncio proactor datagram transport from + asyncio.DatagramTransport. + - bpo-46827: Support UDP sockets in asyncio.loop.sock_connect() + for selector-based event loops. Patch by Thomas Grainger. + - bpo-46811: Make test suite support Expat >=2.4.5 + - bpo-46252: Raise TypeError if ssl.SSLSocket is passed to + transport-based APIs. + - bpo-46784: Fix libexpat symbols collisions with user + dynamically loaded or statically linked libexpat in embedded + Python. + - bpo-39327: shutil.rmtree() can now work with VirtualBox + shared folders when running from the guest operating-system. + - bpo-46756: Fix a bug in + urllib.request.HTTPPasswordMgr.find_user_password() and + urllib.request.HTTPPasswordMgrWithPriorAuth.is_authenticated() + which allowed to bypass authorization. For example, access to + URI example.org/foobar was allowed if the user was authorized + for URI example.org/foo. + - bpo-46643: In typing.get_type_hints(), support evaluating + stringified ParamSpecArgs and ParamSpecKwargs annotations. + Patch by Gregory Beauregard. + - bpo-45863: When the tarfile module creates a pax format + archive, it will put an integer representation of timestamps + in the ustar header (if possible) for the benefit of older + unarchivers, in addition to the existing full-precision + timestamps in the pax extended header. + - bpo-46676: Make typing.ParamSpec args and kwargs equal to + themselves. Patch by Gregory Beauregard. + - bpo-46672: Fix NameError in asyncio.gather() when initial + type check fails. + - bpo-46655: In typing.get_type_hints(), support evaluating + bare stringified TypeAlias annotations. Patch by Gregory + Beauregard. + - bpo-45948: Fixed a discrepancy in the C implementation of the + xml.etree.ElementTree module. Now, instantiating an + xml.etree.ElementTree.XMLParser with a target=None keyword + provides a default xml.etree.ElementTree.TreeBuilder target + as the Python implementation does. + - bpo-46521: Fix a bug in the codeop module that was + incorrectly identifying invalid code involving string quotes + as valid code. + - bpo-46581: Brings ParamSpec propagation for GenericAlias in + line with Concatenate (and others). + - bpo-46591: Make the IDLE doc URL on the About IDLE dialog + clickable. + - bpo-46400: expat: Update libexpat from 2.4.1 to 2.4.4 + - bpo-46487: Add the get_write_buffer_limits method to + asyncio.transports.WriteTransport and to the SSL transport. + - bpo-45173: Note the configparser deprecations will be removed + in Python 3.12. + - bpo-46539: In typing.get_type_hints(), support evaluating + stringified ClassVar and Final annotations inside Annotated. + Patch by Gregory Beauregard. + - bpo-46491: Allow typing.Annotated to wrap typing.Final and + typing.ClassVar. Patch by Gregory Beauregard. + - bpo-46436: Fix command-line option -d/--directory in module + http.server which is ignored when combined with command-line + option --cgi. Patch by Géry Ogam. + - bpo-41403: Make mock.patch() raise a TypeError with + a relevant error message on invalid arg. Previously it + allowed a cryptic AttributeError to escape. + - bpo-46474: In importlib.metadata.EntryPoint.pattern, avoid + potential REDoS by limiting ambiguity in consecutive + whitespace. + - bpo-46469: asyncio generic classes now return + types.GenericAlias in __class_getitem__ instead of the same + class. + - bpo-46434: pdb now gracefully handles help when __doc__ is + missing, for example when run with pregenerated optimized + .pyc files. + - bpo-46333: The __eq__() and __hash__() methods of + typing.ForwardRef now honor the module parameter of + typing.ForwardRef. Forward references from different modules + are now differentiated. + - bpo-46246: Add missing __slots__ to + importlib.metadata.DeprecatedList. Patch by Arie Bovenberg. + - bpo-46266: Improve day constants in calendar. + - Now all constants (MONDAY … SUNDAY) are documented, tested, + and added to __all__. + - bpo-46232: The ssl module now handles certificates with bit + strings in DN correctly. + - bpo-43118: Fix a bug in inspect.signature() that was causing + it to fail on some subclasses of classes with + a __text_signature__ referencing module globals. Patch by + Weipeng Hong. + - bpo-26552: Fixed case where failing asyncio.ensure_future() + did not close the coroutine. Patch by Kumar Aditya. + - bpo-21987: Fix an issue with tarfile.TarFile.getmember() + getting a directory name with a trailing slash. + - bpo-20392: Fix inconsistency with uppercase file extensions + in MimeTypes.guess_type(). Patch by Kumar Aditya. + - bpo-46080: Fix exception in argparse help text generation if + a argparse.BooleanOptionalAction argument’s default is + argparse.SUPPRESS and it has help specified. Patch by Felix + Fontein. + - bpo-44439: Fix .write() method of a member file in ZipFile, + when the input data is an object that supports the buffer + protocol, the file length may be wrong. + - bpo-45703: When a namespace package is imported before + another module from the same namespace is created/installed + in a different sys.path location while the program is + running, calling the importlib.invalidate_caches() function + will now also guarantee the new module is noticed. + - bpo-24959: Fix bug where unittest sometimes drops frames from + tracebacks of exceptions raised in tests. + - bpo-44791: Fix substitution of ParamSpec in Concatenate with + different parameter expressions. Substitution with a list of + types returns now a tuple of types. Substitution with + Concatenate returns now a Concatenate with concatenated lists + of arguments. + - bpo-14156: argparse.FileType now supports an argument of ‘-’ + in binary mode, returning the .buffer attribute of + sys.stdin/sys.stdout as appropriate. Modes including ‘x’ and + ‘a’ are treated equivalently to ‘w’ when argument is ‘-’. + Patch contributed by Josh Rosenberg + - bpo-46463: Fixes escape4chm.py script used when building the + CHM documentation file + - bpo-46913: Fix test_faulthandler.test_sigfpe() if Python is + built with undefined behavior sanitizer (UBSAN): disable + UBSAN on the faulthandler_sigfpe() function. Patch by Victor + Stinner. + - bpo-46708: Prevent default asyncio event loop policy + modification warning after test_asyncio execution. + - bpo-46678: The function make_legacy_pyc in + Lib/test/support/import_helper.py no longer fails when + PYTHONPYCACHEPREFIX is set to a directory on a different + device from where tempfiles are stored. + - bpo-46616: Ensures test_importlib.test_windows cleans up + registry keys after completion. + - bpo-44359: test_ftplib now silently ignores socket errors to + prevent logging unhandled threading exceptions. Patch by + Victor Stinner. + - bpo-46542: Fix a Python crash in test_lib2to3 when using + Python built in debug mode: limit the recursion limit. Patch + by Victor Stinner. + - bpo-46576: test_peg_generator now disables compiler + optimization when testing compilation of its own C extensions + to significantly speed up the testing on non-debug builds of + CPython. + - bpo-46542: Fix test_json tests checking for RecursionError: + modify these tests to use support.infinite_recursion(). Patch + by Victor Stinner. + - bpo-13886: Skip test_builtin PTY tests on non-ASCII + characters if the readline module is loaded. The readline + module changes input() behavior, but test_builtin is not + intented to test the readline module. Patch by Victor + Stinner. + - bpo-38472: Fix GCC detection in setup.py when + cross-compiling. The C compiler is now run with LC_ALL=C. + Previously, the detection failed with a German locale. + - bpo-46513: configure no longer uses AC_C_CHAR_UNSIGNED macro + and pyconfig.h no longer defines reserved symbol + __CHAR_UNSIGNED__. + - bpo-45296: Clarify close, quit, and exit in IDLE. In the File + menu, ‘Close’ and ‘Exit’ are now ‘Close Window’ (the current + one) and ‘Exit’ is now ‘Exit IDLE’ (by closing all windows). + In Shell, ‘quit()’ and ‘exit()’ mean ‘close Shell’. If there + are no other windows, this also exits IDLE. + - bpo-45447: Apply IDLE syntax highlighting to pyi files. Patch + by Alex Waygood and Terry Jan Reedy. + - bpo-46433: The internal function _PyType_GetModuleByDef now + correctly handles inheritance patterns involving static + types. + - bpo-14916: Fixed bug in the tokenizer that prevented + PyRun_InteractiveOne from parsing from the provided FD. + +- Remove upstreamed patches: + - support-expat-245.patch + +------------------------------------------------------------------- +Tue Feb 22 05:53:06 UTC 2022 - Steve Kowalik + +- Add patch support-expat-245.patch: + * Support Expat >= 2.4.5 + +------------------------------------------------------------------- +Tue Feb 15 23:05:55 UTC 2022 - Matej Cepl + +- bsc#1195831 Obsolete older "most modern" versions of python + packages (python39 for python310 and so forth). For next + versions it is necessary just to edit the macro. + +------------------------------------------------------------------- +Tue Jan 25 16:09:25 UTC 2022 - Matej Cepl + +- Remove second superfluous BR rpm-build-python + +------------------------------------------------------------------- +Tue Jan 25 16:09:25 UTC 2022 - Matej Cepl + +- Remove second superfluous BR rpm-build-python +- Add fix_configure_rst.patch, which removes duplicate link + targets and make documentation with old Sphinx in SLE +- Skip test_capi (bsc#1195140 and bpo#37169) + +------------------------------------------------------------------- +Wed Jan 19 22:01:51 UTC 2022 - Matej Cepl + +- Update to 3.10.2: + Bugfix only + - bpo#46347 memory leak in PyEval_EvalCodeEx (especially + visible with Cython code) + - and many others + +------------------------------------------------------------------- +Wed Dec 8 13:07:25 UTC 2021 - Matej Cepl + +- Upgrade to 3.10.1 (jsc#SLE-18038): + - PEP 623 – Deprecate and prepare for the removal of the wstr + member in PyUnicodeObject. + - PEP 604 – Allow writing union types as X | Y + - PEP 612 – Parameter Specification Variables + - PEP 626 – Precise line numbers for debugging and other tools. + - PEP 618 – Add Optional Length-Checking To zip. + - bpo-12782: Parenthesized context managers are now officially + allowed. + - PEP 632 – Deprecate distutils module. + - PEP 613 – Explicit Type Aliases + - PEP 634 – Structural Pattern Matching: Specification + - PEP 635 – Structural Pattern Matching: Motivation and + Rationale + - PEP 636 – Structural Pattern Matching: Tutorial + - PEP 644 – Require OpenSSL 1.1.1 or newer + - PEP 624 – Remove Py_UNICODE encoder APIs + - PEP 597 – Add optional EncodingWarning +- Patches readjusted: + - bpo-31046_ensurepip_honours_prefix.patch + - python-3.3.0b1-fix_date_time_compiler.patch + +------------------------------------------------------------------- +Sat Dec 4 18:40:28 UTC 2021 - Matej Cepl + +- Remove pdb_adjust_breakpoints.patch and instead just adjust location + of the test breakpoint in Lib/test/test_pdb.py via sed, because we + have shortened Lib/pdb.py by removing the shebang (bpo#45964). + +------------------------------------------------------------------- +Thu Dec 2 13:51:57 UTC 2021 - Matej Cepl + +- Add pdb_adjust_breakpoints.patch fixing expectd results in + test_pdb_breakpoints_preserved_across_interactive_sessions + (bpo#45964). + +------------------------------------------------------------------- +Mon Nov 29 00:17:07 UTC 2021 - Matej Cepl + +- Remove shebangs from from python-base libraries in _libdir + (bsc#1193179). +- Readjust patches: + - bpo-31046_ensurepip_honours_prefix.patch + - decimal.patch + - python-3.3.0b1-fix_date_time_compiler.patch + +------------------------------------------------------------------- +Tue Nov 16 16:03:43 UTC 2021 - Matej Cepl + +- Move rpm-build-python construct to correct place. + +------------------------------------------------------------------- +Wed Oct 13 08:52:47 UTC 2021 - Dominique Leuenberger + +- BuildRequire rpm-build-python: The provider to inject python(abi) + has been moved there. rpm-build pulls rpm-build-python + automatically in when building anything against python3-base, but + this implies that the initial build of python3-base does not + trigger the automatic installation. + +------------------------------------------------------------------- +Tue Oct 5 22:36:51 UTC 2021 - Matej Cepl + +- Final release of 3.10.0: + Complete list on https://www.python.org/downloads/release/python-3100/, + but highlights are: + - PEP 623 – Deprecate and prepare for the removal of the wstr + member in PyUnicodeObject. + - PEP 604 – Allow writing union types as X | Y + - PEP 612 – Parameter Specification Variables + - PEP 626 – Precise line numbers for debugging and other + tools. + - PEP 618 – Add Optional Length-Checking To zip. + - PEP 632 – Deprecate distutils module. + - PEP 613 – Explicit Type Aliases + - PEP 634 – Structural Pattern Matching: Specification + - PEP 635 – Structural Pattern Matching: Motivation and + Rationale + - PEP 636 – Structural Pattern Matching: Tutorial + - PEP 644 – Require OpenSSL 1.1.1 or newer + - PEP 624 – Remove Py_UNICODE encoder APIs + - PEP 597 – Add optional EncodingWarning + - bpo-12782: Parenthesized context managers are now officially + allowed. + +------------------------------------------------------------------- +Mon Aug 30 12:48:25 UTC 2021 - Matej Cepl + +- Switch on option --with-system-libmpdec (bsc#1189356). + +------------------------------------------------------------------- +Fri Aug 27 13:15:03 UTC 2021 - Andreas Schwab + +- Reenable profileopt with qemu emulation, test_faulthandler is no longer + run during profiling + +------------------------------------------------------------------- +Thu Aug 12 15:11:39 UTC 2021 - Andreas Schwab + +- test_faulthandler is still problematic under qemu linux-user emulation, + disable it there + +------------------------------------------------------------------- +Wed Aug 11 05:57:11 UTC 2021 - Matej Cepl + +- Update to 3.10.0rc1 (the penultimate prerelease), which contains + plenty of small bugfixes among others: + - bpo#38605: from __future__ import annotations (PEP 563) used to be + on this list in previous pre-releases but it has been postponed to + Python 3.11 due to some compatibility concerns. + - bpo-44600: Fix incorrect line numbers while tracing some failed + patterns in match statements. Patch by Charles Burkland. + - plenty of modifications in types.Union + +------------------------------------------------------------------- +Wed Jul 21 13:44:48 UTC 2021 - Matej Cepl + +- Update to 3.10.0b4: + https://docs.python.org/3.10/whatsnew/changelog.html#python-3-10-0-beta-4 +- Remove python3-imp-returntype.patch which has been upstreamed. + +------------------------------------------------------------------- +Mon Jun 7 15:52:44 UTC 2021 - Matej Cepl + +- Update to 3.10.0b2: + - PEP 623 -- Deprecate and prepare for the removal of the wstr + member in PyUnicodeObject. + - PEP 604 -- Allow writing union types as X | Y + - PEP 612 -- Parameter Specification Variables + - PEP 626 -- Precise line numbers for debugging and other + tools. + - PEP 618 -- Add Optional Length-Checking To zip. + - bpo-12782: Parenthesized context managers are now officially + allowed. + - PEP 632 -- Deprecate distutils module. + - PEP 613 -- Explicit Type Aliases + - PEP 634 -- Structural Pattern Matching: Specification + - PEP 635 -- Structural Pattern Matching: Motivation and + Rationale + - PEP 636 -- Structural Pattern Matching: Tutorial + - PEP 644 -- Require OpenSSL 1.1.1 or newer + - PEP 624 -- Remove Py_UNICODE encoder APIs + - PEP 597 -- Add optional EncodingWarning +- Removed patches (assumed upstream): + - sphinx-update-removed-function.patch + +------------------------------------------------------------------- +Sat Jun 5 21:21:38 UTC 2021 - Matej Cepl + +- Revert previous skip over test_capi +- Add skip-test_pyobject_freed_is_freed.patch to skip failing + test on SLE-15. + +------------------------------------------------------------------- +Fri Jun 4 21:36:30 UTC 2021 - Dirk Müller + +- allow build with Sphinx >= 3.x + +------------------------------------------------------------------- +Wed Jun 2 13:12:04 UTC 2021 - Dan Čermák + +- Exclude test_capi on Leap (test fails there) + +------------------------------------------------------------------- +Fri May 21 15:13:59 UTC 2021 - Matej Cepl + +- Stop providing "python" symbol (bsc#1185588), which means + python2 currently. + +------------------------------------------------------------------- +Wed May 5 15:16:58 UTC 2021 - Matej Cepl + +- Update to 3.9.5: + * Security + - bpo-43434: Creating a sqlite3.Connection object now also + produces a sqlite3.connect auditing event. Previously this + event was only produced by sqlite3.connect() calls. Patch + by Erlend E. Aasland. + - bpo-43882: The presence of newline or tab characters in + parts of a URL could allow some forms of attacks. + - Following the controlling specification for URLs defined by + WHATWG urllib.parse() now removes ASCII newlines and tabs + from URLs, preventing such attacks. + - bpo-43472: Ensures interpreter-level audit hooks receive + the cpython.PyInterpreterState_New event when called + through the _xxsubinterpreters module. + - bpo-36384: ipaddress module no longer accepts any leading + zeros in IPv4 address strings. Leading zeros are ambiguous + and interpreted as octal notation by some libraries. For + example the legacy function socket.inet_aton() treats + leading zeros as octal notatation. glibc implementation of + modern inet_pton() does not accept any leading zeros. For + a while the ipaddress module used to accept ambiguous + leading zeros. + - bpo-43075: Fix Regular Expression Denial of Service (ReDoS) + vulnerability in urllib.request.AbstractBasicAuthHandler. + The ReDoS-vulnerable regex has quadratic worst-case + complexity and it allows cause a denial of service when + identifying crafted invalid RFCs. This ReDoS issue is on + the client side and needs remote attackers to control the + HTTP server. + - bpo-42800: Audit hooks are now fired for frame.f_code, + traceback.tb_frame, and generator code/frame attribute + access. + * Core and Builtins + - bpo-43105: Importlib now resolves relative paths when + creating module spec objects from file locations. + - bpo-42924: Fix bytearray repetition incorrectly copying + data from the start of the buffer, even if the data is + offset within the buffer (e.g. after reassigning a slice at + the start of the bytearray to a shorter byte string). + * Library + - bpo-43993: Update bundled pip to 21.1.1. + - bpo-43937: Fixed the turtle module working with non-default + root window. + - bpo-43930: Update bundled pip to 21.1 and setuptools to + 56.0.0 + - bpo-43920: OpenSSL 3.0.0: load_verify_locations() now + returns a consistent error message when cadata contains no + valid certificate. + - bpo-43607: urllib can now convert Windows paths with \\?\ + prefixes into URL paths. + - bpo-43284: platform.win32_ver derives the windows version + from sys.getwindowsversion().platform_version which in turn + derives the version from kernel32.dll (which can be of + a different version than Windows itself). Therefore change + the platform.win32_ver to determine the version using the + platform module’s _syscmd_ver private function to return an + accurate version. + - bpo-42248: [Enum] ensure exceptions raised in _missing__ + are released + - bpo-43799: OpenSSL 3.0.0: define OPENSSL_API_COMPAT 1.1.1 + to suppress deprecation warnings. Python requires OpenSSL + 1.1.1 APIs. + - bpo-43794: Add ssl.OP_IGNORE_UNEXPECTED_EOF constants + (OpenSSL 3.0.0) + - bpo-43789: OpenSSL 3.0.0: Don’t call the password callback + function a second time when first call has signaled an + error condition. + - bpo-43788: The header files for ssl error codes are now + OpenSSL version-specific. Exceptions will now show correct + reason and library codes. The make_ssl_data.py script has + been rewritten to use OpenSSL’s text file with error codes. + - bpo-43655: tkinter dialog windows are now recognized as + dialogs by window managers on macOS and X Window. + - bpo-43534: turtle.textinput() and turtle.numinput() create + now a transient window working on behalf of the canvas + window. + - bpo-43522: Fix problem with hostname_checks_common_name. + OpenSSL does not copy hostflags from struct SSL_CTX to + struct SSL. + - bpo-42967: Allow bytes separator argument in + urllib.parse.parse_qs and urllib.parse.parse_qsl when + parsing str query strings. Previously, this raised + a TypeError. + - bpo-43176: Fixed processing of a dataclass that inherits + from a frozen dataclass with no fields. It is now correctly + detected as an error. + - bpo-41735: Fix thread locks in zlib module may go wrong in + rare case. Patch by Ma Lin. + - bpo-36470: Fix dataclasses with InitVars and replace(). + Patch by Claudiu Popa. + - bpo-32745: Fix a regression in the handling of ctypes’ + ctypes.c_wchar_p type: embedded null characters would cause + a ValueError to be raised. Patch by Zackery Spytz. + * Documentation + - bpo-43959: The documentation on the PyContextVar C-API was + clarified. + - bpo-43938: Update dataclasses documentation to express that + FrozenInstanceError is derived from AttributeError. + - bpo-43755: Update documentation to reflect that + unparenthesized lambda expressions can no longer be the + expression part in an if clause in comprehensions and + generator expressions since Python 3.9. + - bpo-43739: Fixing the example code in + Doc/extending/extending.rst to declare and initialize the + pmodule variable to be of the right type. + * Tests + - bpo-43961: Fix + test_logging.test_namer_rotator_inheritance() on Windows: + use os.replace() rather than os.rename(). Patch by Victor + Stinner. + - bpo-43842: Fix a race condition in the SMTP test of + test_logging. Don’t close a file descriptor (socket) from + a different thread while asyncore.loop() is polling the + file descriptor. Patch by Victor Stinner. + - bpo-43811: Tests multiple OpenSSL versions on GitHub + Actions. Use ccache to speed up testing. + - bpo-43791: OpenSSL 3.0.0: Disable testing of legacy + protocols TLS 1.0 and 1.1. Tests are failing with + TLSV1_ALERT_INTERNAL_ERROR. +- Refreshed patches: + - bpo-31046_ensurepip_honours_prefix.patch + - python-3.3.0b1-fix_date_time_compiler.patch +- Add vendorized files from bluez-devel to enable building support for + Bluetooth. + +------------------------------------------------------------------- +Sun May 2 09:20:06 UTC 2021 - Ben Greiner + +- Make sure to close the import_failed.map file after the exception + has been raised in order to avoid ResourceWarnings when the + failing import is part of a try...except block. + +------------------------------------------------------------------- +Wed Apr 28 16:39:54 UTC 2021 - Matej Cepl + +- Update to 3.9.4: + - bpo#43710: Reverted the fix for https://bugs.python.org/issue42500 + as it changed the PyThreadState struct size and broke the 3.9.x ABI + in the 3.9.3 release (visible on 32-bit platforms using binaries + compiled using an earlier version of Python 3.9.x headers). + - bpo#26053: Fixed bug where the pdb interactive run command echoed + the args from the shell command line, even if those have been + overridden at the pdb prompt. + - bpo#42988 (bsc#1183374) CVE-2021-3426: Remove the getfile + feature of the pydoc module which could be abused to read + arbitrary files on the disk (directory traversal + vulnerability). Moreover, even source code of Python modules + can contain sensitive data like passwords. Vulnerability + reported by David Schwörer. + - bpo#43285: ftplib no longer trusts the IP address value + returned from the server in response to the PASV command by + default. This prevents a malicious FTP server from using the + response to probe IPv4 address and port combinations on the + client network. Code that requires the former vulnerable + behavior may set a trust_server_pasv_ipv4_address attribute + on their ftplib.FTP instances to True to re-enable it. + - bpo#43439: Add audit hooks for gc.get_objects(), + gc.get_referrers() and gc.get_referents(). Patch by Pablo + Galindo. + - bpo#43660: Fix crash that happens when replacing sys.stderr + with a callable that can remove the object while an exception + is being printed. Patch by Pablo Galindo. + - bpo#43555: Report the column offset for SyntaxError for + invalid line continuation characters. Patch by Pablo Galindo. + - bpo#43517: Fix misdetection of circular imports when using + from pkg.mod import attr, which caused false positives in + non-trivial multi-threaded code. + - bpo#35883: Python no longer fails at startup with a fatal + error if a command line argument contains an invalid Unicode + character. The Py_DecodeLocale() function now escapes byte + sequences which would be decoded as Unicode characters + outside the [U+0000; U+10ffff] range. + - bpo#43406: Fix a possible race condition where + PyErr_CheckSignals tries to execute a non-Python signal + handler. + - bpo#42500: Improve handling of exceptions near recursion + limit. Converts a number of Fatal Errors in RecursionErrors. + - bpo#43433: xmlrpc.client.ServerProxy no longer ignores query + and fragment in the URL of the server. + - bpo#35930: Raising an exception raised in a “future” instance + will create reference cycles. + - bpo#43577: Fix deadlock when using ssl.SSLContext debug + callback with ssl.SSLContext.sni_callback(). + - bpo#43521: ast.unparse can now render NaNs and empty sets. + - bpo#43423: subprocess.communicate() no longer raises an + IndexError when there is an empty stdout or stderr IO buffer + during a timeout on Windows. + - bpo#27820: Fixed long-standing bug of smtplib.SMTP where + doing AUTH LOGIN with initial_response_ok=False will fail. + The cause is that SMTP.auth_login _always_ returns a password + if provided with a challenge string, thus non-compliant with + the standard for AUTH LOGIN. Also fixes bug with the test for + smtpd. + - bpo#43332: Improves the networking efficiency of http.client + when using a proxy via set_tunnel(). Fewer small send calls + are made during connection setup. + - bpo#43399: Fix ElementTree.extend not working on iterators + when using the Python implementation + - bpo#43316: The python -m gzip command line application now + properly fails when detecting an unsupported extension. It + exits with a non-zero exit code and prints an error message + to stderr. + - bpo#43260: Fix TextIOWrapper can not flush internal buffer + forever after very large text is written. + - bpo#42782: Fail fast in shutil.move() to avoid creating + destination directories on failure. + - bpo#37193: Fixed memory leak in socketserver.ThreadingMixIn + introduced in Python 3.7. + - bpo#43199: Answer “Why is there no goto?” in the Design and + History FAQ. + - bpo#43407: Clarified that a result from time.monotonic(), + time.perf_counter(), time.process_time(), or + time.thread_time() can be compared with the result from any + following call to the same function - not just the next + immediate call. + - bpo#27646: Clarify that ‘yield from ’ works with any + iterable, not just iterators. + - bpo#36346: Update some deprecated unicode APIs which are + documented as “will be removed in 4.0” to “3.12”. See PEP 623 + for detail. + - bpo#37945: Fix test_getsetlocale_issue1813() of test_locale: + skip the test if setlocale() fails. Patch by Victor Stinner. + - bpo#41561: Add workaround for Ubuntu’s custom OpenSSL + security level policy. + - bpo#43288: Fix test_importlib to correctly skip Unicode file + tests if the fileystem does not support them. + - bpo#43617: Improve configure.ac: Check for presence of + autoconf-archive package and remove our copies of M4 macros. + - bpo#42225: Document that IDLE can fail on Unix either from + misconfigured IP masquerage rules or failure displaying + complex colored (non-ascii) characters. + - bpo#43283: Document why printing to IDLE’s Shell is often + slower than printing to a system terminal and that it can be + made faster by pre-formatting a single string before + printing. + +------------------------------------------------------------------- +Fri Feb 19 16:58:38 UTC 2021 - Matej Cepl + +- Update to 3.9.2: + - bpo#42938 (bsc#1181126): Avoid static buffers when computing + the repr of ctypes.c_double and ctypes.c_longdouble + values. This issue was assigned CVE-2021-3177. + - bpo#42967 (bsc#1182379): Fix web cache poisoning + vulnerability by defaulting the query args separator to &, + and allowing the user to choose a custom separator. This + issue was assigned CVE-2021-23336. +- Upstreamed patches were removed: + - CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch + - bsc1167501-invalid-alignment.patch + - skip_random_failing_tests.patch + - CVE-2019-5010-null-defer-x509-cert-DOS.patch + +------------------------------------------------------------------- +Tue Feb 9 01:37:59 UTC 2021 - Steve Kowalik + +- Add Obsoletes for python3-base when primary interpreter is set to + properly replace it during upgrades. (bsc#1181324) + +------------------------------------------------------------------- +Mon Feb 8 22:02:03 UTC 2021 - Matej Cepl + +- Update to 3.9.1: + Security bugs: + - Prevented potential DoS attack via CPU and RAM exhaustion + when processing malformed Apple Property List files in binary + format. + - The plistlib module no longer accepts entity declarations in + XML plist files to avoid XML vulnerabilities. This should not + affect users as entity declarations are not used in regular + plist files. + - Add volatile to the accumulator variable in + hmac.compare_digest, making constant-time-defeating + optimizations less likely. + Core and Builtins + - Allow assignment expressions in set literals and set + comprehensions as per PEP 572. Patch by Pablo Galindo. + - Fix a regression introduced by the new parser, where an + unparenthesized walrus operator was not allowed within + generator expressions. + - types.GenericAlias objects can now be the targets of + weakrefs. + - Fixed a bug in the PEG parser that was causing crashes in + debug mode. Now errors are checked in left-recursive rules to + avoid cases where such errors do not get handled in time and + appear as long-distance crashes in other places. + - Fixed a possible crash in the PEG parser when checking for + the ‘!=’ token in the barry_as_flufl rule. Patch by Pablo + Galindo. + - Fix handling of errors during creation of PyFunctionObject, + which resulted in operations on uninitialized memory. Patch + by Yonatan Goldschmidt. + - Fix a bug in the parser, where a curly brace following + a primary didn’t fail immediately. This led to invalid + expressions like a {b} to throw a SyntaxError with a wrong + offset, or invalid expressions ending with a curly brace like + a { to not fail immediately in the REPL. + - Fix possible buffer overflow in the new parser when checking + for continuation lines. Patch by Pablo Galindo. + - Run the parser two times. On the first run, disable all the + rules that only generate better error messages to gain + performance. If there’s a parse failure, run the parser + a second time with those enabled. + - Document the default implementation of object.__eq__. + - Fix peephole optimizer misoptimize conditional jump + + JUMP_IF_NOT_EXC_MATCH pair. + - The garbage collector now tracks all user-defined classes. + Patch by Brandt Bucher. + - Fixed potential issues with removing not completely + initialized module from sys.modules when import fails. + - Star-unpacking is now allowed for with item’s targets in the + PEG parser. + - Fixed stack overflow in issubclass() and isinstance() when + getting the __bases__ attribute leads to infinite recursion. + - When loading a native module and a load failure occurs, + prevent a possible UnicodeDecodeError when not running in + a UTF-8 locale by decoding the load error message using the + current locale’s encoding. + - Correctly count control blocks in ‘except’ in compiler. + Ensures that a syntax error, rather a fatal error, occurs for + deeply nested, named exception handlers. + Library + - types.GenericAlias will now raise a TypeError when attempting + to initialize with a keyword argument. Previously, this would + cause the interpreter to crash if the interpreter was + compiled with debug symbols. This does not affect + interpreters compiled for release. Patch by Ken Jin. + - CGIHTTPRequestHandler.run_cgi() HTTP_ACCEPT improperly + parsed. Replace the special purpose getallmatchingheaders + with generic get_all method and add relevant tests. + - inspect.findsource() now raises OSError instead of IndexError + when co_lineno of a code object is greater than the file + length. This can happen, for example, when a file is edited + after it was imported. PR by Irit Katriel. + - Fix handling of trailing comments by inspect.getsource(). + - ChainMap.__iter__ no longer calls __getitem__ on underlying + maps + - TracebackException no longer holds a reference to the + exception’s traceback object. Consequently, instances of + TracebackException for equivalent but non-equal exceptions + now compare as equal. + - We fixed an issue in pickle.whichmodule in which importing + multiprocessing could change the how pickle identifies which + module an object belongs to, potentially breaking the + unpickling of those objects. + - Clarify the error message for asyncio.IncompleteReadError + when expected is None. + - Extracting a symlink from a tarball should succeed and + overwrite the symlink if it already exists. The fix is to + remove the existing file or symlink before extraction. Based + on patch by Chris AtLee, Jeffrey Kintscher, and Senthil + Kumaran. + - Fixed tkinter.ttk.Style.map(). The function accepts now the + representation of the default state as empty sequence (as + returned by Style.map()). The structure of the result is now + the same on all platform and does not depend on the value of + wantobjects. + - Fix various issues with typing.Literal parameter handling + (flatten, deduplicate, use type to cache key). Patch provided + by Yurii Karabas. + - Fix the threading.Thread class at fork: do nothing if the + thread is already stopped (ex: fork called at Python exit). + Previously, an error was logged in the child process. + - The onerror callback from shutil.rmtree now receives correct + function when os.open fails. + - Fix os.sendfile() on illumos. + - Fixed writing binary Plist files larger than 4 GiB. + - The repr() of typing types containing Generic Alias Types + previously did not show the parameterized types in the + GenericAlias. They have now been changed to do so. + - webbrowser: Ignore NotADirectoryError when calling + xdg-settings. + - binhex.binhex() consisently writes macOS 9 line endings. + - Fix a stack overflow error for asyncio Task or Future repr(). + - The overflow occurs under some circumstances when a Task or + Future recursively returns itself. + - Fix memory leak in subprocess.Popen() in case an uid (gid) + specified in user (group, extra_groups) overflows uid_t + (gid_t). + - Improve asyncio.wait function to create the futures set just + one time. + - InvalidFileException and RecursionError are now the only + errors caused by loading malformed binary Plist file + (previously ValueError and TypeError could be raised in some + specific cases). + - Pickling heap types implemented in C with protocols 0 and + 1 raises now an error instead of producing incorrect data. + - plistlib: fix parsing XML plists with hexadecimal integer + values + - Fix an incorrectly formatted error from + _codecs.charmap_decode() when called with a mapped value + outside the range of valid Unicode code points. PR by Max + Bernstein. + - Fix pickling pure Python datetime.time subclasses. Patch by + Dean Inwood. + - Fixed a bug that was causing ctypes.util.find_library() to + return None when triying to locate a library in an + environment when gcc>=9 is available and ldconfig is not. + Patch by Pablo Galindo + - C14N 2.0 serialisation in xml.etree.ElementTree failed for + unprefixed attributes when a default namespace was defined. + - Fix a bug in the symtable module that was causing + module-scope global variables to not be reported as both + local and global. Patch by Pablo Galindo. + - str() for the type attribute of the tkinter.Event object + always returns now the numeric code returned by Tk instead of + the name of the event type. + - fix tkinter.EventType Enum so all members are strings, and + none are tuples + - Fix SQLite3 segfault when backing up closed database. Patch + contributed by Peter David McCormick. + - Fix the tarfile module to write only basename of TAR file to + GZIP compression header. + - Allow ctypes.wintypes to be imported on non-Windows systems. + - shutil.which() now ignores empty entries in PATHEXT instead + of treating them as a match. + - Fix time-of-check/time-of-action issue in + subprocess.Popen.send_signal. + - Fix --outfile for cProfile / profile not writing the output + file in the original directory when the program being + profiled changes the working directory. PR by Anthony + Sottile. + - ZipFile truncates files to avoid corruption when a shorter + comment is provided in append (“a”) mode. Patch by Jan Mazur. + - Fixed KeyError exception when flattening an email to a string + attempts to replace a non-existent Content-Transfer-Encoding + header. + Documentation + - Fix the URL for the IMAP protocol documents. + - Document __format__ functionality for IP addresses. + - Clarify that subscription expressions are also valid for + certain classes and types in the standard library, and for + user-defined classes and types if the classmethod + __class_getitem__() is provided. + - Documented generic alias type and types.GenericAlias. Also + added an entry in glossary for generic types. + - In Programming FAQ “Sequences (Tuples/Lists)” section, add + “How do you remove multiple items from a list”. + - Fix RemovedInSphinx40Warning when building the documentation. + Patch by Dong-hee Na. + - Update the refcounts info of PyType_FromModuleAndSpec. + - Fix tarfile’s extractfile documentation + - Document some restrictions on the default string + representations of numeric classes. + Tests + - Reenable test_gdb on gdb 9.2 and newer: + https://bugzilla.redhat.com/show_bug.cgi?id=1866884 bug is + fixed in gdb 10.1. + - Fix test_asyncio.test_call_later() race condition: don’t + measure asyncio performance in the call_later() unit test. + The test failed randomly on the CI. + - Include _testinternalcapi module in Windows installer for + test suite + - Fix test_logging.test_race_between_set_target_and_flush(): + the test now waits until all threads complete to avoid + leaking running threads. + - Avoid a test failure in test_lib2to3 if the module has + already imported at the time the test executes. Patch by + Pablo Galindo. + - Tests for CJK codecs no longer call eval() on content + received via HTTP. + - Fix test_site.test_license_exists_at_url(): call + urllib.request.urlcleanup() to reset the global + urllib.request._opener. Patch by Victor Stinner. + - test_ssl: skip test_min_max_version_mismatch when TLS 1.0 is + not available + - Add tests for SIGINT handling in the runpy module. + - Fixed a failure in test_tk.test_widgets.ScaleTest happening + when executing the test with Tk 8.6.10. + Build + - Fix a race condition in “make regen-all” when make -jN option + is used to run jobs in parallel. The clinic.py script now + only use atomic write to write files. Moveover, generated + files are now left unchanged if the content does not change, + to not change the file modification time. + - Update Py_UNREACHABLE to use __builtin_unreachable() if only + the compiler is able to use it. Patch by Dong-hee Na. + - Addressed three compiler warnings found by undefined behavior + sanitizer (ubsan). + IDLE + - Fix reporting offset of the RE error in searchengine. + - Get docstrings for IDLE calltips more often by using + inspect.getdoc. + - Mostly finish using ttk widgets, mainly for editor, settings, + and searches. Some patches by Mark Roseman. + - Use ‘IDLE Shell’ as shell title + - Rewrite the Calltips doc section. + - In calltips, stop reminding that ‘/’ marks the end of + positional-only arguments. + - Typing opening and closing parentheses inside the parentheses + of a function call will no longer cause unnecessary + “flashing” off and on of an existing open call-tip, e.g. when + typed in a string literal. + C API + - Fix potential crash in deallocating method objects when + dynamically allocated PyMethodDef’s lifetime is managed + through the self argument of a PyCFunction. + - Py_FileSystemDefaultEncodeErrors and Py_UTF8Mode are + available again in limited API. +- Readjustet and reapplied patches: + - CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch + - bpo-31046_ensurepip_honours_prefix.patch + - python-3.3.0b1-fix_date_time_compiler.patch + - skip_random_failing_tests.patch + - sphinx-update-removed-function.patch + +------------------------------------------------------------------- +Fri Jan 29 17:22:48 UTC 2021 - Matej Cepl + +- Add CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch fixing + bsc#1181126 (CVE-2021-3177) buffer overflow in PyCArg_repr in + _ctypes/callproc.c, which may lead to remote code execution. + +------------------------------------------------------------------- +Tue Jan 5 09:15:36 UTC 2021 - Matej Cepl + +- (bsc#1180125) We really don't Require python-rpm-macros package. + Unnecessary dependency. + +------------------------------------------------------------------- +Wed Dec 16 16:08:42 UTC 2020 - Matej Cepl + +- Make python39-doc building again +- Add no-skipif-doctests.patch, because SLE-15 version of Sphinx + doesn't know about skipif directive in doctests. + +------------------------------------------------------------------- +Sat Dec 12 14:29:33 UTC 2020 - Matej Cepl + +- Update sphinx-update-removed-function.patch patch to the latest + version in python36. + +------------------------------------------------------------------- +Thu Dec 10 00:26:51 UTC 2020 - Benjamin Greiner + +- Last try before this results in an editwar: + * remove importlib_resources and importlib-metadata + provides/obsoletes + * import importlib_resources is not the same as + import importlib.resources, same for metadata + * The backport packages from PyPI needed for older flavors are + specified as such for setuptools or in pyproject.toml. If a + package requires them they typically add them with a python + version qualifier and the packages have their own version + numbers. + +------------------------------------------------------------------- +Sat Dec 5 16:55:12 UTC 2020 - Matej Cepl + +- Add patch sphinx-update-removed-function.patch to no longer call + a now removed function and to make documentation build independent of + the Sphinx version (bsc#1179630, gh#python/cpython#13236). + +------------------------------------------------------------------- +Fri Nov 13 17:20:08 UTC 2020 - Matej Cepl + +- Don't require packages which break build on SLE-15 although we really + don't need them (python3-python-docs-theme and + python3-sphinxcontrib-qthelp). + +------------------------------------------------------------------- +Fri Oct 9 16:05:50 UTC 2020 - Dominique Leuenberger + +- Fix build with RPM 4.16: error: bare words are no longer + supported, please use "...": x86 == ppc. + +------------------------------------------------------------------- +Tue Oct 6 07:30:56 UTC 2020 - Matej Cepl + +- Update to the final version 3.9.0: + Complete changelog with all (many) + changes from previous version is on + https://docs.python.org/release/3.9.0/whatsnew/3.9.html + Changes from the previous RC versions (not that many) are on + https://docs.python.org/release/3.9.0/whatsnew/changelog.html#changelog + +------------------------------------------------------------------- +Fri Sep 25 06:58:03 UTC 2020 - Dominique Leuenberger + +- Buildrequire timezone only for general flavor. It's used in this + flavor for the test suite. + +------------------------------------------------------------------- +Wed Sep 2 14:39:44 UTC 2020 - Matej Cepl + +- Update to 3.9.0rc1: + * Core and Builtins + - bpo-38156: Handle interrupts that come after EOF + correctly in PyOS_StdioReadline. + * Library + - bpo-41497: Fix potential UnicodeDecodeError in dis + module. + - bpo-41490: Update ensurepip to install pip 20.2.1 and + setuptools 49.2.1. + - bpo-41467: On Windows, fix asyncio recv_into() return + value when the socket/pipe is closed (BrokenPipeError): + return 0 rather than an empty byte string (b''). + - bpo-41425: Make tkinter doc example runnable. + - bpo-41384: Raise TclError instead of TypeError when an + unknown option is passed to tkinter.OptionMenu. + - bpo-38731: Fix NameError in command-line interface of + py_compile. + - bpo-41317: Use add_done_callback() in + asyncio.loop.sock_accept() to unsubscribe reader early on + cancellation. + - bpo-41364: Reduce import overhead of uuid. + - bpo-41341: Recursive evaluation of typing.ForwardRef in + get_type_hints. + - bpo-41182: selector: use DefaultSelector based upon + implementation + - bpo-40726: Handle cases where the end_lineno is None on + ast.increment_lineno(). + * Documentation + - bpo-41045: Add documentation for debug feature of + f-strings. + - bpo-41314: Changed the release when from __future__ + import annotations becomes the default from 4.0 to 3.10 + (following a change in PEP 563). + * Windows + - bpo-41492: Fixes the description that appears in UAC + prompts. + - bpo-40948: Improve post-install message to direct people + to the “py” command. + - bpo-41412: The installer will now fail to install on + Windows 7 and Windows 8. Further, the UCRT dependency is + now always downloaded on demand. + - bpo-40741: Update Windows release to include SQLite + 3.32.3. + * IDLE + - bpo-41468: Improve IDLE run crash error message (which + users should never see). + - bpo-41373: Save files loaded with no line ending, as when + blank, or different line endings, by setting its line + ending to the system default. Fix regression in 3.8.4 and + 3.9.0b4. + +------------------------------------------------------------------- +Tue Sep 1 10:15:06 UTC 2020 - Matej Cepl + +- Synchronize formatting and fixes with python38. + +------------------------------------------------------------------- +Thu Aug 20 15:41:28 UTC 2020 - Andreas Schwab + +- Increase testsuite timeout to account for super long running + test_peg_generator + +------------------------------------------------------------------- +Tue Jul 21 09:53:06 UTC 2020 - Callum Farmer + +- Removed CVE-2019-20907_tarfile-inf-loop.patch: fixed in upstream +- Removed recursion.tar: contained in upstream +- Update to 3.9.0b5: + - bpo-41304: Fixes python3x._pth being ignored on Windows, caused + by the fix for bpo-29778 (CVE-2020-15801). + - bpo-41162: Audit hooks are now cleared later during + finalization to avoid missing events. + - bpo-29778: Ensure python3.dll is loaded from correct locations + when Python is embedded (CVE-2020-15523). + - bpo-39603: Prevent http header injection by rejecting control + characters in http.client.putrequest(…). + - bpo-41295: Resolve a regression in CPython 3.8.4 where defining + “__setattr__” in a multi-inheritance setup and + calling up the hierarchy chain could fail if builtins/extension + types were involved in the base types. + - bpo-41247: Always cache the running loop holder when running + asyncio.set_running_loop. + - bpo-41252: Fix incorrect refcounting in + _ssl.c’s _servername_callback(). + - bpo-41215: Use non-NULL default values in the PEG parser + keyword list to overcome a bug that was ' + preventing Python from being properly compiled when using the + XLC compiler. Patch by Pablo Galindo. + - bpo-41218: Python 3.8.3 had a regression where compiling with + ast.PyCF_ALLOW_TOP_LEVEL_AWAIT would + aggressively mark list comprehension with CO_COROUTINE. Now only + list comprehension making use of async/await will tagged as so. + - bpo-41175: Guard against a NULL pointer dereference within + bytearrayobject triggered by the bytearray() + bytearray() operation. + - bpo-39960: The “hackcheck” that prevents sneaking around a type’s + __setattr__() by calling the superclass method was + rewritten to allow C implemented heap types. + - bpo-41288: Unpickling invalid NEWOBJ_EX opcode with the + C implementation raises now UnpicklingError instead of crashing. + - bpo-39017: Avoid infinite loop when reading specially crafted + TAR files using the tarfile module (CVE-2019-20907, bsc#1174091). + - bpo-41235: Fix the error handling in ssl.SSLContext.load_dh_params(). + - bpo-41207: In distutils.spawn, restore expectation that + DistutilsExecError is raised when the command is not found. + - bpo-39168: Remove the __new__ method of typing.Generic. + - bpo-41194: Fix a crash in the _ast module: it can no longer be + loaded more than once. It now uses a global state rather than a module state. + - bpo-39384: Fixed email.contentmanager to allow set_content() to set a + null string. + - bpo-41300: Save files with non-ascii chars. + Fix regression released in 3.9.0b4 and 3.8.4. + - bpo-37765: Add keywords to module name completion list. + Rewrite Completions section of IDLE doc. + - bpo-40170: Revert PyType_HasFeature() change: it reads + again directly the PyTypeObject.tp_flags + member when the limited C API is not used, rather than always calling + PyType_GetFlags() which hides implementation details. + +------------------------------------------------------------------- +Mon Jul 20 12:06:41 UTC 2020 - Matej Cepl + +- Add CVE-2019-20907_tarfile-inf-loop.patch fixing bsc#1174091 + (CVE-2019-20907, bpo#39017) avoiding possible infinite loop + in specifically crafted tarball. + Add recursion.tar as a testing tarball for the patch. + +------------------------------------------------------------------- +Fri Jul 17 07:07:19 UTC 2020 - Callum Farmer + +- Changed bpo-31046_ensurepip_honours_prefix.patch to include fix from py3.8 + +------------------------------------------------------------------- +Thu Jul 16 21:45:50 UTC 2020 - Callum Farmer + +- Spec file fixes +- Re-added subprocess-raise-timeout.patch: now compatible +- Removed bpo34022-stop_hash-based_invalidation_w_SOURCE_DATE_EPOCH.patch: contained in upstream + +------------------------------------------------------------------- +Wed Jul 15 09:10:42 UTC 2020 - Tomáš Chvátal + +- Fix minor issues found in the staging. + +------------------------------------------------------------------- +Wed Jul 15 06:13:33 UTC 2020 - Tomáš Chvátal + +- Do not set ourselves as primary interpreter + +------------------------------------------------------------------- +Tue Jul 14 20:45:11 UTC 2020 - Matej Cepl + +- Update to 3.9.0b4: + - PEP 584, Union Operators in dict + - PEP 585, Type Hinting Generics In Standard Collections + - PEP 593, Flexible function and variable annotations + - PEP 602, Python adopts a stable annual release cadence + - PEP 615, Support for the IANA Time Zone Database in the + Standard Library + - PEP 616, String methods to remove prefixes and suffixes + - PEP 617, New PEG parser for CPython + - bpo#38379, garbage collection does not block on resurrected + objects; + - bpo#38692, os.pidfd_open added that allows process + management without races and signals; + - bpo#39926, Unicode support updated to version 13.0.0; + - bpo#1635741, when Python is initialized multiple times in + the same process, it does not leak memory anymore; + - A number of Python builtins (range, tuple, set, frozenset, + list, dict) are now sped up using PEP 590 vectorcall; + - A number of Python modules (_abc, audioop, _bz2, _codecs, + _contextvars, _crypt, _functools, _json, _locale, operator, + resource, time, _weakref) now use multiphase initialization + as defined by PEP 489; + - A number of standard library modules (audioop, ast, grp, + _hashlib, pwd, _posixsubprocess, random, select, struct, + termios, zlib) are now using the stable ABI defined by + PEP 384. +- Remove upstreamed patches: + - F00102-lib64.patch + - SUSE-FEDORA-multilib.patch + - OBS_dev-shm.patch + - subprocess-raise-timeout.patch + - bpo36302-sort-module-sources.patch + - bpo40784-Fix-sqlite3-deterministic-test.patch + +------------------------------------------------------------------- +Fri Jul 10 10:55:15 UTC 2020 - Tomáš Chvátal + +- Update pre_checkin.sh and regenerate + +------------------------------------------------------------------- +Fri Jul 10 10:11:39 UTC 2020 - Tomáš Chvátal + +- Convert few dependencies to their pkgconfig counterparts + +------------------------------------------------------------------- +Fri Jul 10 10:08:48 UTC 2020 - Tomáš Chvátal + +- Remove release requirement on libpython, it is not really needed + to be equal as the abi changes with versions + +------------------------------------------------------------------- +Fri Jul 10 10:07:50 UTC 2020 - Tomáš Chvátal + +- Add provides python3-bla on all the subpkgs in case we are + primary provider of the functionality + +------------------------------------------------------------------- +Fri Jul 10 10:02:01 UTC 2020 - Tomáš Chvátal + +- Remove unversioned files from devel subpkg too +- Remove main python3 files from -base based whether we are + primary interpreter or not +- Fix idle to be co-installable +- Add condition to be primary to provide/obsolete python3-* +- Fix doc to build in versioned folder so the pythons can be + installed next to each other + +------------------------------------------------------------------- +Fri Jul 10 07:57:10 UTC 2020 - Tomáš Chvátal + +- Revert the full versioning of calls on the macros. These + are generic so they should really just call python3 X + +------------------------------------------------------------------- +Fri Jul 10 07:56:11 UTC 2020 - Tomáš Chvátal + +- For the doc package we can build with generic flavor, we don't + need the our-interpreter based one + +------------------------------------------------------------------- +Fri Jul 10 07:18:53 UTC 2020 - Tomáš Chvátal + +- Add provides for pytohn3X-typing/etc to allow BR on those still + to work when needed + +------------------------------------------------------------------- +Fri Jul 10 07:14:33 UTC 2020 - Tomáš Chvátal + +- Change macros.python3 to use full versioned 3.8 instead of just 3 + for python interpreter + +------------------------------------------------------------------- +Wed Jul 1 11:50:19 UTC 2020 - Tomáš Chvátal + +- Reduce some now unused conditionals + +------------------------------------------------------------------- +Wed Jul 1 11:00:40 UTC 2020 - Tomáš Chvátal + +- Redux the -base dependencies to match up pre-merge layout + +------------------------------------------------------------------- +Wed Jul 1 09:24:39 UTC 2020 - Tomáš Chvátal + +- Generate baselibs in pre-checkin too + +------------------------------------------------------------------- +Wed Jul 1 09:14:33 UTC 2020 - Tomáš Chvátal + +- Generate the importlib-failed using pre_checking again +- Add back the information about skipped tests on the pre_checkin + output + +------------------------------------------------------------------- +Tue Jun 30 07:11:19 UTC 2020 - Tomáš Chvátal + +- Use %python_pkg_name instead of hardcoding python3 where + applicable +- Sort out preamble with spec-cleaner + +------------------------------------------------------------------- +Mon Jun 29 14:36:10 UTC 2020 - Matej Cepl + +- Calculate required variables instead of relying on their continuous manual update + +------------------------------------------------------------------- +Thu Jun 25 10:44:08 UTC 2020 - Tomáš Chvátal + +- Fix the -base module build again to generate only the deps + we need + +------------------------------------------------------------------- +Wed Jun 17 18:42:51 UTC 2020 - Matej Cepl + +- Replace OBS_dev-shm.patch with the upstream PR#20944 + +------------------------------------------------------------------- +Thu Jun 10 14:30:15 UTC 2020 - Tomáš Chvátal + +- Use the %{python_pkg_name} on more places to allow easier + multiversioning +- Switch to _multibuild approach for easier maintenance of this + package. All is now in one spec file with 3 conditionals: + * bcond_with base + * bcond_with doc + * bcond_with general + +------------------------------------------------------------------- +Mon Jun 8 14:26:00 UTC 2020 - Matej Cepl + +- add requires python3-base on libpython subpackage (bsc#1167008) + +------------------------------------------------------------------- +Fri Jun 5 06:08:12 UTC 2020 - Dirk Mueller + +- build against Sphinx 2.x until python is compatible with + Sphinx 3.x (see gh#python/cpython#19397, bpo#40204) + +------------------------------------------------------------------- +Fri May 29 19:59:01 UTC 2020 - Andreas Stieger + +- Fix build with SQLite 3.32 (bpo#40783) + add bpo40784-Fix-sqlite3-deterministic-test.patch + +------------------------------------------------------------------- +Sun May 17 15:37:35 UTC 2020 - Callum Farmer + +- Update to version 3.8.3: + - Complete list of changes is available at + https://docs.python.org/release/3.8.3/whatsnew/changelog.html#python-3-8-3-final, + but most of them are just bugfixes. + - Removed patch CVE-2020-8492-urllib-ReDoS.patch: contained in upstream + +------------------------------------------------------------------- +Thu Apr 16 12:06:01 UTC 2020 - Matej Cepl + +- Add #!BuildIgnore: gdk-pixbuf-loader-rsvg to python3 SPEC + +------------------------------------------------------------------- +Thu Mar 26 15:36:55 UTC 2020 - Matej Cepl + +- Add patch bsc1167501-invalid-alignment.patch + (bsc#1167501, bpo#40052) to fix alignment in abstract.h header file. + +------------------------------------------------------------------- +Wed Mar 11 11:09:41 UTC 2020 - Andreas Schwab + +- Update list of skipped tests for qemu linux-user build, test_setegid + (test.test_os.PosixUidGidTests) is confusing it + +------------------------------------------------------------------- +Thu Mar 5 18:40:29 UTC 2020 - Matej Cepl + +- Update to 3.8.2: + - Complete list of changes is available at + https://docs.python.org/release/3.8.2/whatsnew/changelog.html#python-3-8-2-final, + but most of them are just bugfixes. + - Updated patches: + - F00102-lib64.patch + - OBS_dev-shm.patch + - SUSE-FEDORA-multilib.patch + - subprocess-raise-timeout.patch + +------------------------------------------------------------------- +Sun Feb 9 00:14:24 CET 2020 - Matej Cepl + +- Add CVE-2020-8492-urllib-ReDoS.patch fixing the security bug + "Python urrlib allowed an HTTP server to conduct Regular + Expression Denial of Service (ReDoS)" (bsc#1162367) + +------------------------------------------------------------------- +Sat Feb 8 22:21:10 CET 2020 - Matej Cepl + +- Add Requires: libpython%{so_version} == %{version}-%{release} + to python3-base to keep both packages always synchronized + (bsc#1162224). + +------------------------------------------------------------------- +Mon Feb 3 20:27:54 UTC 2020 - Tomáš Chvátal + +- Do not pull in bluez in base again, explain the cycle, + it needs to be solved by bluez maintainer for us by providing + just the headers separately + +------------------------------------------------------------------- +Mon Feb 3 19:54:25 UTC 2020 - Tomáš Chvátal + +- Reame idle icons to idle3 in order to not conflict with python2 + variant of the package + * renamed the icons + * renamed icon load in desktop file + +------------------------------------------------------------------- +Thu Jan 16 09:50:03 UTC 2020 - Tomáš Chvátal + +- Add importlib_resources provide/obsolete as it is integral + part of the lang since 3.7 release + +------------------------------------------------------------------- +Mon Jan 13 11:10:47 UTC 2020 - Martin Liška + +- Add -fno-semantic-interposition as it brings speed up: + https://fedoraproject.org/wiki/Changes/PythonNoSemanticInterpositionSpeedup + +------------------------------------------------------------------- +Thu Dec 19 16:25:26 CET 2019 - Matej Cepl + +- Update to 3.8.1: + - This is mainly bugfix release and no significant changes to + API are expected. The full changelog is available on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-1 + - Remove bpo-38688_shutil.copytree_prevent-infinite-recursion.patch, + which is included in the upstream tarball. + +------------------------------------------------------------------- +Thu Dec 19 14:57:32 CET 2019 - Matej Cepl + +- Add bpo-31046_ensurepip_honours_prefix.patch which makes + ensurepip to honour the value of $(prefix). Proposed fix for + bpo#31046.. + +------------------------------------------------------------------- +Tue Dec 10 11:07:16 UTC 2019 - Tomáš Chvátal + +- Move bluez-devel dependency to base as it is needed for + socket.AF_BLUETOOTH and otherwise does not work + +------------------------------------------------------------------- +Mon Dec 2 16:52:32 CET 2019 - Matej Cepl + +- Reintroduce QtHelp with the help of the new BR + python-sphinxcontrib-qthelp. + +------------------------------------------------------------------- +Mon Oct 21 18:51:00 UTC 2019 - Stefan Brüns + +- Fix SUSE-FEDORA-multilib.patch, the platform agnostic infix for + library installation is "lib", not "dir". + +------------------------------------------------------------------- +Thu Oct 17 14:19:20 UTC 2019 - Stefan Brüns + +- Move idle subpackage build from python3-base to python3. + appstream-glib required for packaging introduces considerable + extra dependencies and a build loop via rust/librsvg. +- Correct installation of idle IDE icons: + + idle.png is not the target directory + + non-GNOME-specific icons belong into icons/hicolor +- Add required Name key to idle3 desktop file + +------------------------------------------------------------------- +Tue Oct 15 16:39:12 CEST 2019 - Matej Cepl + +- Update to the final release 3.8.0. . + - New Features: + - Assignment expressions + - Positional-only parameters + - Parallel filesystem cache for compiled bytecode files + - Debug build uses the same ABI as release build + - f-strings support = for self-documenting expressions and + debugging + - PEP 578: Python Runtime Audit Hooks + - PEP 587: Python Initialization Configuration + - Vectorcall: a fast calling protocol for CPython + - Pickle protocol 5 with out-of-band data buffers + - New modules: + - importlib.metadata + - Improved modules: + - ast asyncio, builtins, collections, curses, ctypes, + datetime, functools, gc, gettext, gzip, idelib and IDLE, + inspect, io, json.tool, math, mmap, multiprocessing, os, + os.path, pathlib, pickle, plistlib, py_compile, shlex, + shutil, socket, ssl, statistics, sys, tarfile, threading, + tokenize, tkinter, time, typing, unicodedata, unittest, + venv, weakref, xml + - C API improvements + - bdist_winnst command has been deprecated (use bdist_wheel) +- https://docs.python.org/3.8/whatsnew/3.8.html remains rest of + changes including documentation on how to port your programs to + the current version of Python. + +------------------------------------------------------------------- +Mon Oct 14 15:02:08 CEST 2019 - Matej Cepl + +- Add idle3.appdata.xml and idle3.desktop (originally from + Fedora) to make Idle3 full GUI desktop application. + (bsc#1153830) + +------------------------------------------------------------------- +Wed Oct 9 19:09:16 UTC 2019 - Michael Gorse + +- Drop intltool from BuildRequires. Doesn't appear to be used. + +------------------------------------------------------------------- +Wed Oct 9 10:37:59 UTC 2019 - Tomáš Chvátal + +- Add folder version to allow tarball downloads even for beta/rc + releases + +------------------------------------------------------------------- +Tue Oct 8 14:53:54 CEST 2019 - Matej Cepl + +- Revert patches from Fedora (F00102-lib64.patch and + F00251-change-user-install-location.patch) into their original + prisitine Fedora versions, SUSE-FEDORA-multilib.patch refreshed + accordingly. + +------------------------------------------------------------------- +Mon Oct 7 14:33:30 UTC 2019 - Matej Cepl + +- Correct quotation of platsubdir in Lib/distutils/command/install.py + +------------------------------------------------------------------- +Thu Oct 3 13:59:57 CEST 2019 - Matej Cepl + +- Replace python-3.6.0-multilib.patch with two patches from + Fedora (F00102-lib64.patch and + F00251-change-user-install-location.patch), and our own + SUSE-FEDORA-multilib.patch to allow better cooperation with + Fedora and better upstreaming. +- Add OBS_dev-shm.patch fixing bpo#38377 + +------------------------------------------------------------------- +Thu Oct 3 08:39:18 UTC 2019 - Tomáš Chvátal + +- Pull in just gettext and let solver to sort out between: + gettext-runtime-mini and gettext-runtime + +------------------------------------------------------------------- +Wed Oct 2 15:00:09 CEST 2019 - Matej Cepl + +- Update to 3.8.0rc1. Overall changes from 3.7: + - PEP 572, Assignment expressions + - PEP 570, Positional-only arguments + - PEP 587, Python Initialization Configuration (improved + embedding) + - PEP 590, Vectorcall: a fast calling protocol for CPython + - PEP 578, Runtime audit hooks + - PEP 574, Pickle protocol 5 with out-of-band data + - Typing-related: PEP 591 (Final qualifier), PEP 586 (Literal + types), and PEP 589 (TypedDict) + - Parallel filesystem cache for compiled bytecode + - Debug builds share ABI as release builds, also the 'm' ABI + tag was removed (irrelevant since 3.4), bpo#36707 + - f-strings support a handy = specifier for debugging + - continue is now legal in finally: blocks + - on Windows, the default asyncio event loop is now + ProactorEventLoop + - on macOS, the spawn start method is now used by default in + multiprocessing + - multiprocessing can now use shared memory segments to avoid + pickling costs between processes + - typed_ast is merged back to CPython + - LOAD_GLOBAL is now 40% faster + - pickle now uses Protocol 4 by default, improving performance +- Refreshed patches: + - CVE-2019-5010-null-defer-x509-cert-DOS.patch + - python-3.3.0b1-fix_date_time_compiler.patch + - python-3.6.0-multilib.patch + - subprocess-raise-timeout.patch + +------------------------------------------------------------------- +Wed Sep 25 09:46:41 UTC 2019 - Bernhard Wiedemann + +- Add bpo36302-sort-module-sources.patch (boo#1041090) + +------------------------------------------------------------------- +Tue Sep 10 13:43:18 UTC 2019 - Tomáš Chvátal + +- Try harder obsoleting importlib-metadata + +------------------------------------------------------------------- +Sat Aug 31 00:16:47 CEST 2019 - Matej Cepl + +- Update to 3.8.0b4: + Many bugfixes, full list on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-0-beta-4 + +------------------------------------------------------------------- +Thu Aug 29 06:28:15 UTC 2019 - Guillaume GARDET + +- Re-enable test_threading on aarch64 + +------------------------------------------------------------------- +Sat Aug 17 13:21:15 UTC 2019 - John Vandenberg + +- Remove xrpm from subpackage tk description + +------------------------------------------------------------------- +Tue Aug 6 14:24:55 CEST 2019 - Matej Cepl + +- Update to 3.8.0b3: + Many bugfixes, full list on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-0-beta-3 +- Patches reapplied: + - python-3.3.0b1-fix_date_time_compiler.patch + - python-3.3.0b1-test-posix_fadvise.patch + - python-3.6.0-multilib.patch + - subprocess-raise-timeout.patch + +------------------------------------------------------------------- +Tue Jul 23 13:20:49 UTC 2019 - Matej Cepl + +- Add Provides: python3-importlib-metadata + +------------------------------------------------------------------- +Sun Jul 7 19:08:48 CEST 2019 - Matej Cepl + +- Update to 3.8.0b2: + Many bugfixes, full list on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-0-beta-2 +- Patches included in upstream: + - bpo-37169_PyObject_IsFreed.patch +- Patches reapplied: + - 00251-change-user-install-location.patch + - distutils-reproducible-compile.patch + - python-3.3.0b1-localpath.patch + - python-3.6.0-multilib.patch + +------------------------------------------------------------------- +Tue Jul 2 09:03:04 UTC 2019 - Andreas Schwab + +- Update list of skipped tests for qemu linux-user build +- Don't do profiling in qemu linux-user build + +------------------------------------------------------------------- +Wed Jun 5 12:19:09 CEST 2019 - Matej Cepl + +- Update to 3.8.0b1 (changes since 3.7.*): + - PEP 572, Assignment expressions + - PEP 570, Positional-only arguments + - PEP 587, Python Initialization Configuration (improved embedding) + - PEP 590, Vectorcall: a fast calling protocol for CPython + - PEP 578, Runtime audit hooks + - PEP 574, Pickle protocol 5 with out-of-band data + - Typing-related: PEP 591 (Final qualifier), PEP 586 (Literal + types), and PEP 589 (TypedDict) + - Parallel filesystem cache for compiled bytecode + - Debug builds share ABI as release builds + - f-strings support a handy = specifier for debugging + - continue is now legal in finally: blocks + - multiprocessing can now use shared memory segments to avoid + pickling costs between processes + - typed_ast is merged back to CPython + - LOAD_GLOBAL is now 40% faster + - pickle now uses Protocol 4 by default, improving performance +- Remove patches which were included in the upstream: + - 00251-change-user-install-location.patch + - 00316-mark-bdist_wininst-unsupported.patch + - CVE-2019-9947-no-ctrl-char-http.patch + - raise_SIGING_not_handled.patch + +------------------------------------------------------------------- +Wed May 22 10:53:03 UTC 2019 - Martin Liška + +- Set _lto_cflags to nil as the package is using LTO via --enable-lto. + That will prevent to propage LTO for Python modules that are + built in a separate package. + +------------------------------------------------------------------- +Sat May 4 21:29:20 CEST 2019 - Matej Cepl + +- Update to 3.8.0.a3: + - PEP 572: Assignment Expressions. + - Other (mostly small) changes are on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-0-alpha-3 + +------------------------------------------------------------------- +Mon Apr 29 15:40:34 CEST 2019 - Matej Cepl + +- bsc#1130840 (CVE-2019-9947): add CVE-2019-9947-no-ctrl-char-http.patch + Address the issue by disallowing URL paths with embedded + whitespace or control characters through into the underlying + http client request. Such potentially malicious header + injection URLs now cause a ValueError to be raised. + +------------------------------------------------------------------- +Wed Apr 10 10:22:58 CEST 2019 - Matej Cepl + +- Fix metadata of patches. +- Rename boo1071941-make-install-in-sep-loc.patch to + 00251-change-user-install-location.patch which is the original + name, so it can be looked up in the Fedora VCS. + +------------------------------------------------------------------- +Tue Apr 9 04:55:24 UTC 2019 - John Vandenberg + +- Mark distutils bdist_wininst command unsupported + with 00316-mark-bdist_wininst-unsupported.patch +- Remove Windows bdist_wininst executables from runtime package + +------------------------------------------------------------------- +Tue Apr 9 01:21:45 CEST 2019 - Matej Cepl + +- Update to 3.7.3, which is the maintenance release without any + significant changes in API. + - Updated patches: + - CVE-2019-5010-null-defer-x509-cert-DOS.patch + - distutils-reproducible-compile.patch + - python-3.3.0b1-fix_date_time_compiler.patch + - python-3.6.0-multilib.patch + - raise_SIGING_not_handled.patch + +------------------------------------------------------------------ +Wed Mar 20 14:59:58 UTC 2019 - Matěj Cepl + +- Remove building of Qt Develop help files. + +------------------------------------------------------------------- +Fri Mar 15 15:10:30 CET 2019 - Matej Cepl + +- Return distutils-reproducible-compile.patch which is still + missing (still unfinished bpo#29708). + +------------------------------------------------------------------- +Mon Feb 25 23:30:56 CET 2019 - Matej Cepl + +- Update to 3.8.0a2: + * List of all (mostly small) changes are on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-0-alpha-2 + +------------------------------------------------------------------- +Tue Feb 12 10:25:52 CET 2019 - Matej Cepl + +- Build nis module again. + +------------------------------------------------------------------- +Tue Feb 12 10:06:17 CET 2019 - Matej Cepl + +- Update to 3.8.0a1: + * The most visible change so far is probably the + implementation of PEP 572: Assignment Expressions. For + a detailed list of changes, see: + https://docs.python.org/3.8/whatsnew/changelog.html + * Recover building of nis module properly in python3 package +- Update patches: + * CVE-2019-5010-null-defer-x509-cert-DOS.patch + * python-3.3.0b1-fix_date_time_compiler.patch + * python-3.3.0b1-test-posix_fadvise.patch + * python-3.6.0-multilib.patch + * raise_SIGING_not_handled.patch + +------------------------------------------------------------------- +Wed Jan 30 18:07:49 CET 2019 - mcepl@suse.com + +- Put LICENSE file where it belongs (bsc#1121852) + +------------------------------------------------------------------- +Sat Jan 19 16:19:38 CET 2019 - mcepl@suse.com + +- bsc#1122191: add CVE-2019-5010-null-defer-x509-cert-DOS.patch + fixing bpo-35746. + An exploitable denial-of-service vulnerability exists in the + X509 certificate parser of Python.org Python 2.7.11 / 3.7.2. + A specially crafted X509 certificate can cause a NULL pointer + dereference, resulting in a denial of service. An attacker can + initiate or accept TLS connections using crafted certificates + to trigger this vulnerability. + +------------------------------------------------------------------- +Tue Jan 8 12:51:01 UTC 2019 - Tomáš Chvátal + +- Do not require full gettext in order to avoid pulling in the + glib2 as a dependency + +------------------------------------------------------------------- +Tue Jan 8 12:25:27 UTC 2019 - Tomáš Chvátal + +- Update to 3.7.2: + * bugfix release: + https://docs.python.org/3.7/whatsnew/changelog.html#changelog + +------------------------------------------------------------------- +Wed Jan 2 12:51:48 CET 2019 - mcepl@suse.com + +- Stop applying python-3.6.0-multilib-new.patch (which is still + WIP), and apply the old proven python-3.6.0-multilib.patch + instead. + +------------------------------------------------------------------- +Wed Dec 19 19:29:44 UTC 2018 - Todd R + +- Use upstream-recommended %{_rpmconfigdir}/macros.d directory + for the rpm macros. + +------------------------------------------------------------------- +Mon Dec 17 17:24:49 CET 2018 - mcepl@suse.com + +- Upgrade to 3.7.2rc1: + * bugfix release, for the full list of all changes see + https://docs.python.org/3.7/whatsnew/changelog.html#changelog +- Make run of the test suite more verbose + +------------------------------------------------------------------- +Tue Dec 11 01:52:45 UTC 2018 - Jan Engelhardt + +- Write summaries without em dashes. + +------------------------------------------------------------------- +Mon Dec 3 13:27:54 UTC 2018 - Matěj Cepl + +- Remove python-3.3.0b1-curses-panel.patch it is unnecessary anymore. +- Add boo1071941-make-install-in-sep-loc.patch to make pip and + distutils in user environment install into separate location + (boo#1071941) + + Set values of prefix and exec_prefix in distutils install + command to /usr/local if executable is /usr/bin/python* and RPM + build is not detected to make pip and distutils install into + separate location +- Remove finally python-3.3.3-skip-distutils-test_sysconfig_module.patch +- Remove distutils-reproducible-compile.patch which doesn't make + really much difference in reproducibility (see + gh#python/cpython#8057 and discussion there). + +------------------------------------------------------------------- +Sat Dec 1 00:14:28 CET 2018 - mcepl@suse.com + +- Rename Stop_hash-based_invalidation_w_SOURCE_DATE_EPOCH.patch + to bpo34022-stop_hash-based_invalidation_w_SOURCE_DATE_EPOCH.patch + +------------------------------------------------------------------- +Wed Nov 7 12:10:41 CET 2018 - mcepl@suse.com + +- Add dependency on bluez-devel to build support for Bluetooth + (boo#1109998) + +------------------------------------------------------------------- +Tue Nov 6 13:52:45 CET 2018 - mcepl@suse.com + +- Add devhelp subpackage and split qthelp into another + subpackage. + +------------------------------------------------------------------- +Wed Oct 24 12:38:00 UTC 2018 - Matěj Cepl + +- Remove python-3.0b1-record-rpm.patch and + Python-3.0b1-record-rpm.patch, as they are not needed anymore + +------------------------------------------------------------------- +Tue Oct 23 14:14:16 UTC 2018 - Matej Cepl + +- Switch off test_threading for optimization builds. + +------------------------------------------------------------------- +Mon Oct 22 14:41:59 CEST 2018 - mcepl@suse.com + +- Update to python-3.7.1. This is just a brief overview, complete + changelog available at + https://docs.python.org/3.7/whatsnew/changelog.html#python-3-7-1-final: + Library + bpo-34970: Protect tasks weak set manipulation in asyncio.all_tasks() +- Patches already accepted upstream are removed: + * 00307-allow-to-call-Py_Main-after-Py_Initialize.patch + * 00308-tls-1.3.patch +- New patches added: + * Stop_hash-based_invalidation_w_SOURCE_DATE_EPOCH.patch + * raise_SIGING_not_handled.patch +- All other patches refreshed via quilt. + +------------------------------------------------------------------- +Mon Oct 22 12:22:19 UTC 2018 - Matej Cepl + +- Add raise_SIGING_not_handled.patch to fix bsc#1094814 + +------------------------------------------------------------------- +Wed Oct 17 14:04:35 UTC 2018 - Tomáš Chvátal + +- Add patch to fix importlib return types: + * python3-imp-returntype.patch + +------------------------------------------------------------------- +Mon Oct 15 13:46:32 CEST 2018 - mcepl@suse.com + +- bpo-34022 still not completely fixed, so we have to keep + excluding test_cmd_line_script, + test_multiprocessing_main_handling, and test_runpy from the + test suite. + +------------------------------------------------------------------- +Sun Oct 14 15:57:24 UTC 2018 - Matej Cepl + +- Update to python 3.7.1~rc2: + Core and Builtins + bpo-34879: Fix a possible null pointer dereference in + bytesobject.c. Patch by Zackery Spytz. + bpo-34854: Fixed a crash in compiling string annotations + containing a lambda with a keyword-only argument that + doesn’t have a default value. + bpo-34320: Fix dict(od) didn’t copy iteration order of + OrderedDict. + Library + bpo-34769: Fix for async generators not finalizing when event + loop is in debug mode and garbage collector runs in another + thread. + bpo-34922: Fixed integer overflow in the digest() and + hexdigest() methods for the SHAKE algorithm in the hashlib + module. + bpo-34900: Fixed unittest.TestCase.debug() when used to call + test methods with subtests. Patch by Bruno Oliveira. + bpo-34871: Fix inspect module polluted sys.modules when parsing + __text_signature__ of callable. + bpo-34872: Fix self-cancellation in C implementation of + asyncio.Task + bpo-34819: Use a monotonic clock to compute timeouts in + Executor.map() and as_completed(), in order to prevent + timeouts from deviating when the system clock is adjusted. + bpo-34334: In QueueHandler, clear exc_text from LogRecord to + prevent traceback from being written twice. + bpo-6721: Acquire the logging module’s commonly used internal + locks while fork()ing to avoid deadlocks in the child + process. + bpo-34172: Fix a reference issue inside multiprocessing.Pool + that caused the pool to remain alive if it was deleted + without being closed or terminated explicitly. + Documentation + bpo-32174: chm document displays non-ASCII charaters properly on + some MBCS Windows systems. + Tests + bpo-32962: Fixed test_gdb when Python is compiled with flags + -mcet -fcf-protection -O0. + C API + bpo-34910: Ensure that PyObject_Print() always returns -1 on + error. Patch by Zackery Spytz. + +------------------------------------------------------------------- +Fri Oct 12 20:46:58 CEST 2018 - mcepl@suse.com + +- Add Stop_hash-based_invalidation_w_SOURCE_DATE_EPOCH.patch to + fix problems with SOURCE_DATE_EPOCH variable (bpo-34022) + +------------------------------------------------------------------- +Mon Sep 17 09:44:02 UTC 2018 - Tomáš Chvátal + +- Add patch to fix build with tls1.3 supported openssl + * 00308-tls-1.3.patch +- Add patch to fix Py_Main calls after Py_initialize + * 00307-allow-to-call-Py_Main-after-Py_Initialize.patch + +------------------------------------------------------------------- +Mon Sep 3 15:22:42 UTC 2018 - Matěj Cepl + +- Add -fwrapv to OPTS, which is default for python3 anyway + See for example https://github.com/zopefoundation/persistent/issues/86 + for bugs which are caused by avoiding it. + +------------------------------------------------------------------- +Tue Jul 10 11:12:32 UTC 2018 - mcepl@suse.com + +- Fix ownership of _contextvars, _queue, and _xxtestfuzz + +------------------------------------------------------------------- +Tue Jul 3 15:04:48 UTC 2018 - mcepl@suse.com + +- Switch off LTO for distros with older GCC +- Fix %files + +------------------------------------------------------------------- +Fri Jun 29 14:20:03 UTC 2018 - tchvatal@suse.com + +- Add dependency over libuuid-devel + +------------------------------------------------------------------- +Thu Jun 28 10:42:15 UTC 2018 - mimi.vx@gmail.com + +- update to python 3.7.0 + Complete overview of changes is available on + https://docs.python.org/3/whatsnew/3.7.html, these are just + highlights: + * PEP 563, postponed evaluation of type annotations. + * async and await are now reserved keywords. + * New library modules: + contextvars: PEP 567 – Context Variables + dataclasses: PEP 557 – Data Classes + importlib.resources + * New built-in features: + PEP 553, the new breakpoint() function. + * Python data model improvements: + PEP 562, customization of access to module attributes. + PEP 560, core support for typing module and generic types. + the insertion-order preservation nature of dict objects + has been declared to be an official part of the Python + language spec. + * Significant improvements in the standard library: + The asyncio module has received new features, significant + usability and performance improvements. + The time module gained support for functions with + nanosecond resolution. + * CPython implementation improvements: + Avoiding the use of ASCII as a default text encoding: + PEP 538, legacy C locale coercion + PEP 540, forced UTF-8 runtime mode + PEP 552, deterministic .pycs + the new development runtime mode + PEP 565, improved DeprecationWarning handling + * C API improvements: + PEP 539, new C API for thread-local storage + * Documentation improvements: + PEP 545, Python documentation translations + New documentation translations: Japanese, French, and Korean. +- drop python3-sorted_tar.patch +- drop 0001-allow-for-reproducible-builds-of-python-packages.patch +- refresh python-3.6.0-multilib-new.patch +- refresh subprocess-raise-timeout.patch + * new C API for thread-local storage + * Deterministic pyc files + * Built-in breakpoint() + * Data Classes + * Core support for typing module and generic types + * Customization of access to module attributes + * Postponed evaluation of annotations + * Time functions with nanosecond resolution + * Improved DeprecationWarning handling + * Context Variables + * Avoiding the use of ASCII as a default text encoding + (PEP 538, legacy C locale coercion and PEP 540, forced UTF-8 runtime mode) + * The insertion-order preservation nature of dict objects is now + an official part of the Python language spec. + * Notable performance improvements in many areas. + +------------------------------------------------------------------- +Thu May 17 18:26:42 UTC 2018 - hpj@urpla.net + +- disable lto with gcc versions below 7 (results in link failures) + +------------------------------------------------------------------- +Mon Apr 30 15:23:24 UTC 2018 - jengelh@inai.de + +- Use faster find subcommand execution strategies. + +------------------------------------------------------------------- +Fri Apr 20 16:17:29 UTC 2018 - tchvatal@suse.com + +- Do not mention the testsuite disabling in opts as it was moved to + main pkg so base is test-free + +------------------------------------------------------------------- +Tue Apr 17 08:36:08 UTC 2018 - tchvatal@suse.com + +- As we run in main python package do not generate the pre_checkin + from both now + +------------------------------------------------------------------- +Mon Apr 16 14:11:56 UTC 2018 - tchvatal@suse.com + +- Move the tests from base to generic package wrt bsc#1088573 + * We still fail the whole distro if python3 is not build + * The other archs than x86_64 took couple of hours to unblock + build of other software, this way we work around the issue +- Some tests are still run in -base for the LTO tweaking, but at + least it is not run twice + +------------------------------------------------------------------- +Sat Mar 31 19:41:12 UTC 2018 - mimi.vx@gmail.com + +- update to 3.6.5 + * bugfix release + * see Misc/NEWS for details +- drop ctypes-pass-by-value.patch +- drop fix-localeconv-encoding-for-LC_NUMERIC.patch +- refresh python-3.6.0-multilib-new.patch + +------------------------------------------------------------------ +Wed Mar 7 09:16:39 UTC 2018 - adam@mizerski.pl + +- Created %so_major and %so_minor macros +- Put Tools/gdb/libpython.py script into proper place and ship it with devel + subpackage. + +------------------------------------------------------------------- +Tue Feb 20 15:04:56 UTC 2018 - schwab@suse.de + +- ctypes-pass-by-value.patch: Fix pass by value for structs on aarch64 + +------------------------------------------------------------------- +Tue Feb 20 14:28:00 UTC 2018 - bwiedemann@suse.com + +- Add python3-sorted_tar.patch (boo#1081750) + +------------------------------------------------------------------- +Tue Feb 20 14:08:57 UTC 2018 - tchvatal@suse.com + +- Drop python3-tk and python3-idle recommends to reduce python3 + always pulling X stack bsc#1081751 + +------------------------------------------------------------------- +Wed Feb 7 09:10:03 UTC 2018 - tchvatal@suse.com + +- Add patch to fix glibc 2.27 fail bsc#1079761: + * fix-localeconv-encoding-for-LC_NUMERIC.patch + +------------------------------------------------------------------- +Mon Feb 5 17:14:43 UTC 2018 - normand@linux.vnet.ibm.com + +- Update skip_random_failing_tests.patch (for PowerPC) + to avoid test_call_later failure + +------------------------------------------------------------------- +Wed Jan 24 14:35:58 UTC 2018 - jmatejek@suse.com + +- move XML modules and python3-xml provide to python3-base + (fixes bsc#1077230) +- move ensurepip to base + +------------------------------------------------------------------- +Thu Jan 18 12:31:47 UTC 2018 - normand@linux.vnet.ibm.com + +- Add skip_random_failing_tests.patch only for PowerPC + +------------------------------------------------------------------- +Wed Jan 3 12:18:51 UTC 2018 - jmatejek@suse.com + +- update to 3.6.4 + * bugfix release, over a hundred bugs fixed + * see Misc/NEWS for details +- drop upstreamed python3-ncurses-6.0-accessors.patch +- drop PYTHONSTARTUP hooks that cause spurious startup errors + * fixes bsc#1070738 + * the relevant feature (REPL history) is now built into Python itself + +------------------------------------------------------------------- +Sat Dec 2 11:11:46 UTC 2017 - dimstar@opensuse.org + +- Install 2to3-%{python_version} executable (override defattr of + the -tools package). 2to3 (unversioned) is a symlink and does not + carry permissions (bsc#1070853). + +------------------------------------------------------------------- +Thu Nov 16 11:02:18 UTC 2017 - mimi.vx@gmail.com + +- move 2to3 to python3-tools package + +------------------------------------------------------------------- +Wed Oct 11 13:15:23 UTC 2017 - jmatejek@suse.com + +- update to 3.6.3 + * bugfix release, over a hundred bugs fixed + * see Misc/NEWS for details +- drop upstreamed 0001-3.6-bpo-30714-ALPN-changes-for-OpenSSL-1.1.0f-3093.patch + +------------------------------------------------------------------- +Wed Sep 20 09:54:05 UTC 2017 - dmueller@suse.com + +- drop python-2.7-libffi-aarch64.patch: this patches the intree + copy of libffi which is unused/deleted in the line afterwards +- fix build against system libffi: include flags weren't set + so it actually used the in-tree libffi headers. + +------------------------------------------------------------------- +Thu Sep 14 13:23:10 UTC 2017 - vcizek@suse.com + +- Fix test broken with OpenSSL 1.1 (bsc#1042670) + * add 0001-3.6-bpo-30714-ALPN-changes-for-OpenSSL-1.1.0f-3093.patch + +------------------------------------------------------------------- +Tue Sep 5 11:47:05 UTC 2017 - jengelh@inai.de + +- Update RPM group for python documentation. + +------------------------------------------------------------------- +Thu Aug 31 08:39:31 UTC 2017 - schwab@suse.de + +- fix missing %{?armsuffix} + +------------------------------------------------------------------- +Wed Aug 30 13:41:38 UTC 2017 - jmatejek@suse.com + +- distutils-reproducible-compile.patch: ensure distutils order files + before compiling, which works around bsc#1049186 + +------------------------------------------------------------------- +Thu Aug 17 08:59:05 CEST 2017 - kukuk@suse.de + +- Add libnsl-devel build requires for glibc obsoleting libnsl + +------------------------------------------------------------------- +Thu Aug 3 16:09:26 UTC 2017 - jmatejek@suse.com + +- update to 3.6.2 + * bugfix release, over a hundred bugs fixed + * see Misc/NEWS for details +- drop upstreamed test-socket-aead-kernel49.patch +- add Provides: python3-typing (fixes bsc#1050653) +- drop duplicate Provides: python3 + +------------------------------------------------------------------- +Mon Jun 26 12:10:07 UTC 2017 - jmatejek@suse.com + +- drop db-devel from requirements + +------------------------------------------------------------------- +Tue Jun 20 09:26:52 UTC 2017 - asn@cryptomilk.org + +- Add missing link to python library in config dir (bsc#1040164) + +------------------------------------------------------------------- +Thu Mar 23 12:42:59 UTC 2017 - jmatejek@suse.com + +- update to 3.6.1 + * bugfix release, over a hundred bugs fixed + * never add import location's parent directory to sys.path + * switch to git for version control, build changes related to that + * fix "failed to get random numbers" on old kernels (bsc#1029902) + * several crashes and memory leaks corrected + * f-string are no longer accepted as docstrings + +------------------------------------------------------------------- +Mon Mar 13 14:04:22 UTC 2017 - jmatejek@suse.com + +- prevent regenerating AST at build-time more robustly +- add "--without profileopt" and "--without testsuite" options to python3-base + to allow short circuiting when working on the package + +------------------------------------------------------------------- +Sat Feb 25 20:55:57 UTC 2017 - bwiedemann@suse.com + +- Add 0001-allow-for-reproducible-builds-of-python-packages.patch + upstream https://github.com/python/cpython/pull/296 + +------------------------------------------------------------------- +Wed Feb 8 12:30:20 UTC 2017 - jmatejek@suse.com + +- reenable test_socket with AEAD patch (test-socket-aead-kernel49.patch) +- reintroduce %py3_soflags macro (and better named %cpython3_soabi equivalent) + +------------------------------------------------------------------- +Wed Jan 11 14:57:07 UTC 2017 - jmatejek@suse.com + +- update to 3.6.0 + * PEP 498 Formated string literals + * PEP 515 Underscores in numeric literals + * PEP 526 Syntax for variable annotations + * PEP 525 Asynchronous generators + * PEP 530 Asynchronous comprehensions + * PEP 506 New "secrets" module for safe key generation + * less memory consumed by dicts + * dtrace and systemtap support + * improved asyncio module + * better defaults for ssl + * new hashing algorithms in hashlib + * bytecode format changed to allow more optimizations + * "async" and "await" are on track to be reserved words + * StopIteration from generators is deprecated + * support for openssl < 1.0.2 is deprecated + * os.urandom now blocks when getrandom() blocks + * huge number of new features, bugfixes and optimizations + * see https://docs.python.org/3.6/whatsnew/3.6.html for details +- rework multilib patch: drop Python-3.5.0-multilib.patch, implement + upstreamable python-3.6.0-multilib-new.patch +- refresh python-3.3.0b1-localpath.patch, subprocess-raise-timeout.patch +- drop upstreamed Python-3.5.1-fix_lru_cache_copying.patch +- finally drop python-2.6b1-canonicalize2.patch that was not applied in source + and only kept around in case we needed it in the future. (which we don't, as it seems) +- update import_failed map and baselibs +- build ctypes against system libffi + (buildrequire libffi-devel in python3-base) +- add new key to keyring (signed by keys already in keyring) +- introduced common configure section between python3 and python3-base +- moved pyconfig.h and Makefile to devel subpackage as distutils no longer + need it at runtime +- added python-rpm-macros dependency, regenerated macros file, drop macros.python3.py + because it is not used now +- improve summaries and descriptions (fixes bsc#917607) +- enabled Link-Time Optimization, see what happens +- including skipped_tests.py in pre_checkin.sh run +- run specs through spec-cleaner, rearrange sections + +------------------------------------------------------------------- +Fri Apr 22 17:20:29 UTC 2016 - jmatejek@suse.com + +- move _hashlib and _ssl modules and tests to python3-base +- recommend python3 + +------------------------------------------------------------------- +Tue Mar 15 15:05:23 UTC 2016 - schwab@suse.de + +- Skip test_asyncio under qemu_user_space_build + +------------------------------------------------------------------- +Mon Mar 7 20:38:11 UTC 2016 - toddrme2178@gmail.com + +- Add Python-3.5.1-fix_lru_cache_copying.patch + Fix copying the lru_cache() wrapper object. + Fixes deep-copying lru_cache regression, which worked on + previous versions of python but fails on python 3.5. + This fixes a bunch of packages in devel:languages:python3. + See: https://bugs.python.org/issue25447 + +------------------------------------------------------------------- +Sun Jan 24 00:44:08 UTC 2016 - arichardson.kde@gmail.com + +- Build the docs in .qch format as well + +------------------------------------------------------------------- +Wed Dec 9 07:35:20 UTC 2015 - toddrme2178@gmail.com + +- update to 3.5.1 + * bugfix-only release, dozens of bugs fixed +- Drop upstreamed Python-3.5.0-_Py_atomic_xxx-symbols.patch +- "Python3" to "Python 3" in summary + * This seems cleaner and fixes and rpmlint warning + +------------------------------------------------------------------- +Wed Oct 14 20:21:52 UTC 2015 - toddrme2178@gmail.com + +- Add Python-3.5.0-_Py_atomic_xxx-symbols.patch + This fixes a build error for many packages that use the Python, + C-API. + This patch is already accepted upstream and is slated to appear in + python 3.5.1. + +------------------------------------------------------------------- +Tue Sep 29 15:53:24 UTC 2015 - jmatejek@suse.com + +- update to 3.5.0 + * coroutines with async/await syntax + * matrix multiplication operator `@` + * unpacking generalizations + * new modules `typing` and `zipapp` + * type annotations + * .pyo files replaced by custom suffixes for optimization levels in __pycache__ + * support for memory BIO in ssl module + * performance improvements in several modules + * and many more +- removals and behavior changes + * deprecated `__version__` is removed + * support for .pyo files was removed + * system calls are auto-retried on EINTR + * bare generator expressions in function calls now cause SyntaxError + (change "f(x for x in i)" to "f((x for x in i))" to fix) + * removed undocumented `format` member of private `PyMemoryViewObject` struct + * renamed `PyMemAllocator` to `PyMemAllocatorEx` +- redefine %dynlib macro to reflect that modules now have arch+os as part of name +- module `time` is now built-in +- dropped upstreamed patches: + python-3.4.1-fix-faulthandler.patch + python-3.4.3-test-conditional-ssl.patch + python-fix-short-dh.patch (also dropped dh2048.pem required for this patch) +- updated patch Python-3.3.0b2-multilib.patch to Python-3.5.0-multilib.patch +- python-ncurses-6.0-accessors.patch taken from python 2 to fix build failure + with new gcc + ncurses + +------------------------------------------------------------------- +Wed Sep 9 11:51:22 UTC 2015 - dimstar@opensuse.org + +- Add python3-ncurses-6.0-accessors.patch: Fix build with + NCurses 6.0 and OPAQUE_WINDOW set to 1. + +------------------------------------------------------------------- +Mon Aug 24 17:02:08 UTC 2015 - jmatejek@suse.com + +- improve import_failed hook to do the right thing when invoking + missing modules with "python3 -m modulename" (boo#942751) + +------------------------------------------------------------------- +Thu Jul 23 22:08:10 UTC 2015 - fisiu@opensuse.org + +- Build with --enable-loadable-sqlite-extensions to make it works + as geospatial database. + +------------------------------------------------------------------- +Wed Jul 1 07:07:26 UTC 2015 - dimstar@opensuse.org + +- Fix source list for previous change (add dh2048.pem). + +------------------------------------------------------------------- +Wed Jun 24 06:54:30 UTC 2015 - meissner@suse.com + +- dh2048.pem: added generated 2048 dh parameter set to fix + ssl test (bsc#935856) +- python-fix-short-dh.patch: replace the 512 bits dh parameter set + by 2048 bits to fix build with new openssl 1.0.2c (bsc#935856) + +------------------------------------------------------------------- +Tue May 19 14:59:30 UTC 2015 - schwab@suse.de + +- ctypes-libffi-aarch64.patch: remove upstreamed patch +- python-2.7-libffi-aarch64.patch: Fix argument passing in libffi for + aarch64 + +------------------------------------------------------------------- +Thu May 14 10:58:36 UTC 2015 - jmatejek@suse.com + +- drop the PDF subpackage + (removes the massive texlive dependency, and most likely nobody is + using the PDFs anyway) + +------------------------------------------------------------------- +Thu May 14 09:53:29 UTC 2015 - jmatejek@suse.com + +- python-3.4.3-test-conditional-ssl.patch - restore tests failing because + test_urllib was unconditionally importing ssl (without really needing it) +- restore functionality of multilib patch +- drop libffi-ppc64le.diff because upstream completely changed everything + yet again (sorry ppc64 folks :| ) + + +------------------------------------------------------------------- +Fri May 1 15:11:21 UTC 2015 - mailaender@opensuse.org + +- Update to version 3.4.3 +- Drop upstreamed CVE-2014-4650-CGIHTTPServer-traversal.patch + (bpo#21766) + +------------------------------------------------------------------- +Wed Mar 25 10:57:28 UTC 2015 - rguenther@suse.com + +- Add python-3.4.1-fix-faulthandler.patch, upstream patch for bogus + faulthandler which fails with GCC 5. + +------------------------------------------------------------------- +Sun Jan 11 13:01:30 UTC 2015 - p.drouand@gmail.com + +- asyncio has been merged in python3 main package; provide and + obsolete it +- Remove obsolete AUTHORS section +- Remove redundant %clean section + +------------------------------------------------------------------- +Sat Oct 18 20:14:54 UTC 2014 - crrodriguez@opensuse.org + +- Only pkgconfig(x11) is required for build, not the whole + set of packages provided by xorg-x11-devel metapackage. + +------------------------------------------------------------------- +Mon Oct 13 13:38:20 UTC 2014 - jmatejek@suse.com + +- add %python3_version rpm macro for Fedora compatibility +- add missing argument in import_failed, rename Novell Bugzilla + to SUSE Bugzilla + +------------------------------------------------------------------- +Thu Jul 31 17:24:59 UTC 2014 - dimstar@opensuse.org + +- Rename rpmlintrc to %{name}-rpmlintrc. + Follow the packaging guidelines. + +------------------------------------------------------------------- +Wed Jul 23 16:31:02 UTC 2014 - jmatejek@suse.com + +- CVE-2014-4650-CGIHTTPServer-traversal.patch: CGIHTTPServer file + disclosure and directory traversal through URL-encoded characters + (CVE-2014-4650, bnc#885882) + +------------------------------------------------------------------- +Tue Jul 22 13:55:57 UTC 2014 - jmatejek@suse.com + +- drop python-3.4.1-SUSE-ensurepip.patch for compatibility reasons, + reinstate bundled copies of pip and setuptools + (fixes bnc#885662) +- add more files as sources to silence the validator + +------------------------------------------------------------------- +Wed May 21 11:01:56 UTC 2014 - jmatejek@suse.com + +- update to 3.4.1 + * bugfix-only release, over 300 bugs fixed +- drop upstreamed python-3.4.0rc2-sqlite-3.8.4-tests.patch +- drop upstreamed CVE-2014-2667-mkdir.patch +- include Python release manager keyring and signature file + for the source archive (thus renumbering of source files) + (see https://www.python.org/download/#openpgp-public-keys ) +- move ensurepip to python3, because it transitively requires ssl + +------------------------------------------------------------------- +Fri Apr 4 16:21:40 UTC 2014 - jmatejek@suse.com + +- CVE-2014-2667-mkdir.patch: race condition with reseting umask + in os.makedirs + (CVE-2014-2667, bnc#871152) +- updated multilib patch to include ~/.local/lib64 (bnc#637176) + +------------------------------------------------------------------- +Wed Mar 26 15:24:46 UTC 2014 - jmatejek@suse.com + +- raise timeout value for test_subprocess to 10s (might fix + intermittent build failures in OBS) + +------------------------------------------------------------------- +Mon Mar 24 17:29:31 UTC 2014 - dmueller@suse.com + +- remove blacklisting of test_posix on aarch64: qemu bug is fixed + +------------------------------------------------------------------- +Mon Mar 17 18:26:58 UTC 2014 - jmatejek@suse.com + +- update to 3.4.0 final +- drop upstreamed python-3.4rc2-importlib.patch + +------------------------------------------------------------------- +Sun Mar 16 16:33:25 UTC 2014 - schwab@suse.de + +- Only build with profile-opt if profiling is enabled +- Update test exclusion lists: + * test_ctypes no longer fails on arm + * test_io no longer fails on ppc* + * test_multiprocessing has been split in multiple tests + * test_posix and test_signal fail due to qemu bugs + +------------------------------------------------------------------- +Fri Mar 14 20:26:03 UTC 2014 - andreas.stieger@gmx.de + +- Fix build with SQLite 3.8.4 [bnc#867887], fixing SQLite tests, + adding python-2.7.6-sqlite-3.8.4-tests.patch + +------------------------------------------------------------------- +Thu Feb 27 14:08:40 UTC 2014 - jmatejek@suse.com + +- update to 3.4.0 rc2 + * pre-release bugfixes + * improvements to asyncio library +- drop upstreamed tracemalloc_gcov.patch +- python-3.4rc2-importlib.patch fixes backwards-incompatibility + in the reworked importlib module that blocks build of vim + +------------------------------------------------------------------- +Fri Jan 17 18:45:27 UTC 2014 - jmatejek@suse.com + +- initial commit of 3.4.0 beta 3 + * new stdlib modules: pathlib, enum, statistics, tracemalloc + * asynchronous IO with new asyncio module + * introspection data for builtins + * subprocesses no longer inherit open file descriptors + * standardized metadata for packages + * internal hashing changed to SipHash + * new pickle protocol + * improved handling of codecs + * TLS 1.2 support + * major speed improvements for internal unicode handling + * many bugfixes and optimizations +- see porting guide at: + http://docs.python.org/3.4/whatsnew/3.4.html#porting-to-python-3-4 +- moved several modules to -testsuite subpackage +- updated list of binary extensions, refreshed patches +- tracemalloc_gcov.patch fixes profile-based optimization build +- updated packages and pre_checkin.sh to use ~-version notation + for prereleases +- fix-shebangs part of build process moved to common %prep +- drop python-3.3.2-no-REUSEPORT.patch (upstreamed) +- update baselibs for new soname + +- TODOs: + * require python-pip, make ensurepip work with zypper + +------------------------------------------------------------------- +Wed Dec 4 13:21:26 UTC 2013 - matz@suse.de + +- add ppc64le (ELFv2) support for libffi copy for ctypes module +- Adjust Python-3.3.0b2-multilib.patch for ppc64le (make sys.lib be + "lib64"). +- added patches: + * libffi-ppc64le.diff +------------------------------------------------------------------- +Tue Dec 3 09:51:43 UTC 2013 - adrian@suse.de + +- add ppc64le rules + +------------------------------------------------------------------- +Fri Nov 22 13:17:23 UTC 2013 - speilicke@suse.com + +- Add python-3.3.3-skip-distutils-test_sysconfig_module.patch: + + Disable global and distutils sysconfig comparison test, we deviate + from the default depending on optflags + +------------------------------------------------------------------- +Tue Nov 19 14:28:41 UTC 2013 - jmatejek@suse.com + +- update to 3.3.3 + * bugfix-only release + * many SSL-related fixes + * upstream fix for CVE-2013-4238 + * upstream fixes for CVE-2013-1752 +- move example module xxlimited to python3-testsuite +- drop CVE-2013-4238_py33.patch - it is upstreamed +- remove --with-wide-unicode config option, it is now the default + (and only) choice +- don't touch anything between make and makeinstall +- drop python-3.2b2-buildtime-generate.patch - the issue was caused + by touching things between make and makeinstall +- link pycache entries for import_failed hooks properly + +------------------------------------------------------------------- +Tue Oct 15 17:44:08 UTC 2013 - crrodriguez@opensuse.org + +- build with -DOPENSSL_LOAD_CONF for the same reasons + described in the python2 package. + +------------------------------------------------------------------- +Fri Aug 16 11:35:15 UTC 2013 - jmatejek@suse.com + +- handle NULL bytes in certain fields of SSL certificates + (CVE-2013-4238, bnc#834601) + +------------------------------------------------------------------- +Thu Aug 8 14:54:49 UTC 2013 - dvaleev@suse.com + +- Exclue test_faulthandler from tests on powerpc due to bnc#831629 + +------------------------------------------------------------------- +Thu Jun 13 15:05:34 UTC 2013 - jmatejek@suse.com + +- update to 3.3.2 + * bugfix-only release + * fixes several regressions introduced in 3.3.1 +- switch to xz compression +- move _lzma module to python3-base +- python-3.3.2-no-REUSEPORT.patch to fix build on kernels without SO_REUSEPORT + +------------------------------------------------------------------- +Mon Apr 29 22:32:43 UTC 2013 - schwab@suse.de + +- Readd missing bits from ctypes-libffi-aarch64.patch + +------------------------------------------------------------------- +Sat Apr 13 07:56:51 UTC 2013 - idonmez@suse.com + +- Update to version 3.3.1 + * Fix the –enable-profiling configure switch. + * In IDLE, close the replace dialog after it is used. +- Too many bugfixes to list here, + see See http://hg.python.org/cpython/file/v3.3.0/Misc/NEWS +- Refresh Python-3.3.0b2-multilib.patch +- Refresh python-3.2b2-buildtime-generate.patch +- Drop upstream patches: ctypes-libffi-aarch64.patch, + python-3.2.3rc2-pypirc-secure.patch, python-3.3.0-getdents64.patch + +------------------------------------------------------------------- +Mon Apr 8 11:25:30 UTC 2013 - speilicke@suse.com + +- Exclude sqlite/test and tk/test directories from the respective + sub-packages. These are owned by the testsuite sub-package already + +------------------------------------------------------------------- +Fri Apr 5 12:59:20 UTC 2013 - idonmez@suse.com + +- Add Source URL, see https://en.opensuse.org/title=SourceUrls + +------------------------------------------------------------------- +Wed Apr 3 15:36:04 UTC 2013 - jmatejek@suse.com + +- remove spurious modification of python-3.3.0b1-localpath.patch + that would force installation into /usr/local. + this fixes bnc#809831 + +------------------------------------------------------------------- +Thu Mar 28 18:38:51 UTC 2013 - jmatejek@suse.com + +- replace broken movetogetdents64.diff patch with a correct one + from upstream repo (python-3.3.0-getdents64.patch) + +------------------------------------------------------------------- +Fri Mar 1 07:42:21 UTC 2013 - dmueller@suse.com + +- add ctypes-libffi-aarch64.patch: + * import aarch64 support for libffi in _ctypes module +- add aarch64 to the list of lib64 based archs +- add movetogetdents64.diff: + * port to getdents64, as SYS_getdents is not implemented everywhere + +------------------------------------------------------------------- +Tue Feb 26 08:57:55 UTC 2013 - saschpe@suse.de + +- /etc/rpm/macros.python3 is no %config, it is not meant to be changed + by users. +- Add rpmlintrc with some obvious filters + +------------------------------------------------------------------- +Mon Jan 28 18:14:39 UTC 2013 - jmatejek@suse.com + +- update baselibs for new version of libpython3 + +------------------------------------------------------------------- +Thu Nov 29 17:02:37 UTC 2012 - jmatejek@suse.com + +- fix include path in macros (bnc#787526) +- implement failed import handlers for modules that live in + subpackages - e.g. "import ssl" will now throw a sensible error + message telling you to install "python3" + +------------------------------------------------------------------- +Wed Nov 28 17:02:07 UTC 2012 - jmatejek@suse.com + +- merge python3-xml into python3 +- merge python3-2to3 library into python3-base + and the 2to3 binary into python3-devel + (python3-devel is now in conflict with python-2to3, which + will be dropped) +- enable --with-system-expat for python3, making the xml modules + (and thus python3) depend on expat +- reconfigure tests to disable network and GUI resources, which + the upstream apparently thought is a good idea to enable by default. + this fixes build failures in Factory +- add lzma-devel to build the _lzma module +- moved %dynlib macro definition to common section + +------------------------------------------------------------------- +Mon Nov 5 20:01:46 UTC 2012 - coolo@suse.com + +- buildrequire timezone for the test suite + +------------------------------------------------------------------- +Mon Oct 29 18:21:45 UTC 2012 - dmueller@suse.com + +- disable more checks for qemu builds as they use syscalls not + implemented yet + +------------------------------------------------------------------- +Thu Oct 25 08:14:36 UTC 2012 - Rene.vanPaassen@gmail.com + +- exclude test_math for SLE 11; math library fails on negative + gamma function values close to integers and 0, probably + due to imprecision in -lm on SLE_11_SP2. + +------------------------------------------------------------------- +Tue Oct 16 12:15:34 UTC 2012 - coolo@suse.com + +- buildrequire libbz2-devel explicitly + +------------------------------------------------------------------- +Mon Oct 8 14:33:08 UTC 2012 - jmatejek@suse.com + +- remove distutils.cfg (bnc#658604) + * this changes default prefix for distutils to /usr + * see ML for details: +http://lists.opensuse.org/opensuse-packaging/2012-09/msg00254.html + +------------------------------------------------------------------- +Mon Oct 1 08:53:03 UTC 2012 - idonmez@suse.com + +- Update to final 3.3.0 release + * See http://hg.python.org/cpython/file/v3.3.0/Misc/NEWS + +------------------------------------------------------------------- +Thu Sep 27 12:35:01 UTC 2012 - idonmez@suse.com + +- Correct dependency for python3-testsuite, + python3-tkinter -> python3-tk + +------------------------------------------------------------------- +Thu Aug 23 13:08:11 UTC 2012 - jmatejek@suse.com + +- update to 3.3.0 RC1 + +------------------------------------------------------------------- +Fri Aug 3 12:09:34 UTC 2012 - jmatejek@suse.com + +- update to 3.3.0 beta 1 + * flexible string representation, no longer distinguishing + between wide and narrow Unicode builds + * importlib-based import system + * virtualenv support in core + * namespace packages + * explicit Unicode literals for easier porting + * key-sharing dict implementation reduces memory footprint + of OO code + * hash randomization on by default + * many other new bugfixes and features, check NEWS for details + +- pre_checkin.sh now autofills various version strings in specs +- ship hashlib's fallback modules - those uselessly take up space + when real _hashlib.so from python3 is present, but the space wasted + is only 114kB and it provides python3-base with a working hashlib + module. + (also, this fixes bnc#743787) + +------------------------------------------------------------------- +Fri Jul 27 09:02:41 UTC 2012 - dvaleev@suse.com + +- skip test_io on ppc +- drop test_io ppc patch + +------------------------------------------------------------------- +Thu Jun 28 07:57:58 UTC 2012 - saschpe@suse.de + +- Satisfy source_validator by uncommenting an otherwise unused "Patch" + line + +------------------------------------------------------------------- +Tue Jun 12 15:39:08 UTC 2012 - adrian@suse.de + +- fix logic of checks exclusion + +------------------------------------------------------------------- +Fri May 18 11:50:27 UTC 2012 - idonmez@suse.com + +- update to 3.2.3 + * No changes since rc2 + +------------------------------------------------------------------- +Thu Mar 29 15:44:33 UTC 2012 - jmatejek@suse.com + +- update to 3.2.3rc2 + * fixes several security issues: + * CVE-2012-0845, bnc#747125 + * CVE-2012-1150, bnc#751718 + * CVE-2011-4944, bnc#754447 + * CVE-2011-3389, bnc#754677 +- fix for insecure .pypirc (CVE-2011-4944, bnc#754447) +- disable test_gdb because it is broken by our gdb + +------------------------------------------------------------------- +Thu Feb 16 12:33:12 UTC 2012 - dvaleev@suse.com + +- skip broken test_io test on ppc + +------------------------------------------------------------------- +Wed Jan 18 15:49:47 UTC 2012 - jmatejek@suse.com + +- update to 3.2.2 + * bugfix-only release + * reports "linux2" as sys.platform regardless of Linux kernel +- added pre_checkin.sh to copy common spec sections to python3.spec +- added PACKAGING-NOTES with some helpful info for packagers + +------------------------------------------------------------------- +Sun Dec 25 13:25:01 UTC 2011 - idonmez@suse.com + +- Use system ffi, included one is broken see + http://bugs.python.org/issue11729 and + http://bugs.python.org/issue12081 + +------------------------------------------------------------------- +Fri Dec 9 17:19:55 UTC 2011 - jmatejek@suse.com + +- license.opensuse.org-compatible license headers + +------------------------------------------------------------------- +Fri Dec 2 16:46:44 UTC 2011 - coolo@suse.com + +- add automake as buildrequire to avoid implicit dependency + +------------------------------------------------------------------- +Thu Nov 24 12:42:25 UTC 2011 - agraf@suse.com + +- fix ARM build (exclude some test cases which break for us) + +------------------------------------------------------------------- +Tue Aug 16 17:02:22 UTC 2011 - termim@gmail.com + +- use sysconfig module to get py3_incdir, py3_abiflags, + py3_soflags, python3_sitelib and python3_sitearch + +------------------------------------------------------------------- +Mon Jul 18 16:22:31 UTC 2011 - jmatejek@novell.com + +- update to 3.2.1 + * bugfix-only release, no major changes +- fix build on linux3 platform +- remove upstreamed pybench patch +- install /usr/lib directories in all cases to prevent spurious + "directory not owned" in dependent packages + +------------------------------------------------------------------- +Wed Jun 15 14:16:38 UTC 2011 - jmatejek@novell.com + +- replaced dynamic so version with manual so version, because + autobuild does not support autogeneration + +------------------------------------------------------------------- +Tue May 24 13:39:06 UTC 2011 - jmatejek@novell.com + +- generate macros.python3 at compile-time with fixed values +- don't include bogus values in pyconfig.h, as they can break + third-party packages (bnc#673071) + +------------------------------------------------------------------- +Tue May 17 12:52:51 UTC 2011 - jmatejek@novell.com + +- added Obsoletes: python3 < 3.1 so that the transition from + non-split to split packages goes smoothly + +------------------------------------------------------------------- +Fri May 13 12:38:19 UTC 2011 - jmatejek@novell.com + +- fixed RPM macros to use python3 instead of python +- updated to build --with-wide-unicode (for compatibility with + fedora and our own python 2.x series) + +------------------------------------------------------------------- +Thu Apr 21 03:39:25 UTC 2011 - termim@gmail.com + +- fix python3-base build failure due to pybench.py crash by + python-3.2-pybench.patch +- move pyconfig.h from python3-devel to python3-base package to + make python3-base functional again + +------------------------------------------------------------------- +Wed Mar 23 04:26:28 UTC 2011 - termim@gmail.com + +- update to python 3.2 + * stable ABI, ABI-tagged .so files + * concurrent.futures and many other new or upgraded modules + * PYC repository directories ( __pycache__ ) + * python WSGI 1.0.1 + * Unicode 6.0.0 support + * a great number of bugfixes and assorted improvements + +------------------------------------------------------------------- +Tue Feb 8 19:42:17 CET 2011 - matejcik@suse.cz + +- update to python 3.2 RC2 +- renamed python3-demo to python3-tools, because the demo part + became much smaller than the tools part +- added rpm macros + +------------------------------------------------------------------- +Tue Jan 18 14:13:04 UTC 2011 - jmatejek@novell.com + +- update to python 3.2 beta 2, see NEWS for details +- split off -base package with less dependencies, and a shlib-policy + compliant libpython3 package +- mostly rewritten the spec file with more detailed comments +- cleaned up lists of patches + diff --git a/python311.spec b/python311.spec new file mode 100644 index 0000000..e4e6912 --- /dev/null +++ b/python311.spec @@ -0,0 +1,1053 @@ +# +# spec file for package python311 +# +# Copyright (c) 2024 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%global flavor @BUILD_FLAVOR@%{nil} +%if "%{flavor}" == "doc" +%define psuffix -documentation +%bcond_without doc +%bcond_with base +%bcond_with general +%endif +%if "%{flavor}" == "base" +%define psuffix -core +%bcond_with doc +%bcond_without base +%bcond_with general +%endif +%if "%{flavor}" == "" +%define psuffix %{nil} +%bcond_with doc +%bcond_with base +%bcond_without general +%endif + +%if 0%{?do_profiling} +%bcond_without profileopt +%else +%bcond_with profileopt +%endif + +%define python_pkg_name python311 +%if "%{python_pkg_name}" == "%{primary_python}" +%define primary_interpreter 1 +%else +%define primary_interpreter 0 +%endif + +# Setting up variables +%define _version %(c=%{version}; echo ${c/[a-z]*/}) +%define tar_suffix %(c=%{_version}; echo ${c#%{_version}}) +%define python_version %(echo %{_version}|cut -d. -f1-2) +# based on the current source tarball +%define python_version_abitag %(c=%{python_version}; echo ${c//./}) +# FIXME %%define python_version_soname %%(c=%%{python_version}; echo ${c//./_}) +%define python_version_soname 3_11 +%if 0%(test -n "%{tar_suffix}" && echo 1) +%define _version %(echo "%{_version}~%{tar_suffix}") +%define tarversion %{version} +%else +%define tarversion %{version} +%endif +# We don't process beta signs well +%define folderversion %{tarversion} +%define tarname Python-%{tarversion} +%define sitedir %{_libdir}/python%{python_version} +# three possible ABI kinds: m - pymalloc, d - debug build; see PEP 3149 +%define abi_kind %{nil} +# python ABI version - used in some file names +%define python_abi %{python_version}%{abi_kind} +# soname ABI tag defined in PEP 3149 +%define abi_tag %{python_version_abitag}%{abi_kind} +# version part of "libpython" package +%define so_major 1 +%define so_minor 0 +%define so_version %{python_version_soname}%{abi_kind}-%{so_major}_%{so_minor} +# rpm and python have different ideas about what is an arch-dependent name, so: +%if "%{__isa_name}" == "ppc" +%define archname %(echo %{_arch} | sed s/ppc/powerpc/) +%else +%define archname %{_arch} +%endif +# our arm has Hardware-Floatingpoint +%if "%{_arch}" == "arm" +%define armsuffix hf +%endif +# Decide whether we want to use mpdecimal +%if 0%{?suse_version} >= 1550 +%bcond_without mpdecimal +%else +%bcond_with mpdecimal +%endif +# pyexpat.cpython-35m-x86_64-linux-gnu +# pyexpat.cpython-35m-powerpc64le-linux-gnu +# pyexpat.cpython-35m-armv7-linux-gnueabihf +# _md5.cpython-38m-x86_64-linux-gnu.so +%define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so +%bcond_without profileopt +Name: %{python_pkg_name}%{psuffix} +Version: 3.11.10 +Release: 0 +Summary: Python 3 Interpreter +License: Python-2.0 +URL: https://www.python.org/ +Source0: https://www.python.org/ftp/python/%{folderversion}/%{tarname}.tar.xz +Source1: https://www.python.org/ftp/python/%{folderversion}/%{tarname}.tar.xz.asc +Source2: baselibs.conf +Source3: README.SUSE +Source4: externally_managed.in +Source7: macros.python3 +Source8: import_failed.py +Source9: import_failed.map +Source10: pre_checkin.sh +Source11: skipped_tests.py +Source19: idle3.desktop +Source20: idle3.appdata.xml +# content of bluez-devel: +# 1. sudo zypper --pkg-cache-dir /tmp install -f -d --no-recommends bluez-devel +# 2. rpm2cpio /tmp/*/*/bluez-devel-*.rpm|cpio -idu +# 3. mkdir Vendor && mv usr/include/* Vendor/ +# 4. tar cJf bluez-devel-vendor.tar.xz Vendor/ +Source21: bluez-devel-vendor.tar.xz +Source98: python311-rpmlintrc +# Tarball is signed by the GPG key of Pablo Galindo Salgado (0x64E628F8D684696D) +# https://keybase.io/pablogsal/pgp_keys.asc?fingerprint=a035c8c19219ba821ecea86b64e628f8d684696d +Source99: python.keyring +# The following files are not used in the build. +# They are listed here to work around missing functionality in rpmbuild, +# which would otherwise exclude them from distributed src.rpm files. +Source100: PACKAGING-NOTES +# PATCH-FEATURE-UPSTREAM F00251-change-user-install-location.patch bsc#[0-9]+ mcepl@suse.com +# Fix installation in /usr/local (boo#1071941), originally from Fedora +# https://src.fedoraproject.org/rpms/python3.12/blob/rawhide/f/00251-change-user-install-location.patch +# Set values of prefix and exec_prefix in distutils install command +# to /usr/local if executable is /usr/bin/python* and RPM build +# is not detected to make pip and distutils install into separate location +Patch02: F00251-change-user-install-location.patch +# PATCH-FEATURE-UPSTREAM distutils-reproducible-compile.patch gh#python/cpython#8057 mcepl@suse.com +# Improve reproduceability +Patch03: distutils-reproducible-compile.patch +# support finding packages in /usr/local, install to /usr/local by default +Patch04: python-3.3.0b1-localpath.patch +# replace DATE, TIME and COMPILER by fixed definitions to aid reproducible builds +Patch05: python-3.3.0b1-fix_date_time_compiler.patch +# POSIX_FADV_WILLNEED throws EINVAL. Use a different constant in test +Patch06: python-3.3.0b1-test-posix_fadvise.patch +# Raise timeout value for test_subprocess +Patch07: subprocess-raise-timeout.patch +# PATCH-FEATURE-UPSTREAM bpo-31046_ensurepip_honours_prefix.patch bpo#31046 mcepl@suse.com +# ensurepip should honour the value of $(prefix) +Patch08: bpo-31046_ensurepip_honours_prefix.patch +# PATCH-FIX-SLE no-skipif-doctests.patch jsc#SLE-13738 mcepl@suse.com +# SLE-15 version of Sphinx doesn't know about skipif directive in doctests. +Patch09: no-skipif-doctests.patch +# PATCH-FIX-SLE skip-test_pyobject_freed_is_freed.patch mcepl@suse.com +# skip a test failing on SLE-15 +Patch10: skip-test_pyobject_freed_is_freed.patch +# PATCH-FIX-SLE fix_configure_rst.patch bpo#43774 mcepl@suse.com +# remove duplicate link targets and make documentation with old Sphinx in SLE +Patch11: fix_configure_rst.patch +# PATCH-FIX-UPSTREAM skip_if_buildbot-extend.patch gh#python/cpython#103053 mcepl@suse.com +# Skip test_freeze_simple_script +Patch13: skip_if_buildbot-extend.patch +# PATCH-FIX-UPSTREAM bsc1221260-test_asyncio-ResourceWarning.patch bsc#1221260 mcepl@suse.com +# prevent ResourceWarning in test_asyncio tests +Patch15: bsc1221260-test_asyncio-ResourceWarning.patch +# PATCH-FIX-OPENSUSE CVE-2023-52425-libexpat-2.6.0-backport.patch +# This problem on libexpat is patched on SLE without version +# update, this patch changes the tests to match the libexpat provided +# by SUSE +Patch16: CVE-2023-52425-libexpat-2.6.0-backport.patch +Patch17: CVE-2023-52425-remove-reparse_deferral-tests.patch +# PATCH-FIX-UPSTREAM bso1227999-reproducible-builds.patch bsc#1227999 mcepl@suse.com +# reproducibility patches +Patch19: bso1227999-reproducible-builds.patch +# PATCH-FIX-UPSTREAM gh120226-fix-sendfile-test-kernel-610.patch gh#python/cpython#120226 mcepl@suse.com +# Fix test_sendfile_close_peer_in_the_middle_of_receiving on Linux >= 6.10 (GH-120227) +Patch22: gh120226-fix-sendfile-test-kernel-610.patch +# PATCH-FIX-UPSTREAM CVE-2024-9287-venv_path_unquoted.patch gh#python/cpython#124651 mcepl@suse.com +# venv should properly quote path names provided when creating a venv +Patch23: CVE-2024-9287-venv_path_unquoted.patch +BuildRequires: autoconf-archive +BuildRequires: automake +BuildRequires: fdupes +BuildRequires: gmp-devel +BuildRequires: lzma-devel +BuildRequires: netcfg +BuildRequires: openssl-devel +BuildRequires: pkgconfig +BuildRequires: xz +BuildRequires: pkgconfig(bzip2) +BuildRequires: pkgconfig(expat) +BuildRequires: pkgconfig(libffi) +BuildRequires: pkgconfig(uuid) +BuildRequires: pkgconfig(zlib) +#!BuildIgnore: gdk-pixbuf-loader-rsvg +%if 0%{?suse_version} >= 1550 +# The provider for python(abi) is in rpm-build-python +BuildRequires: rpm-build-python +%endif +%if 0%{?suse_version} >= 1500 && 0%{?suse_version} < 1599 +BuildRequires: pkgconfig(libnsl) +BuildRequires: pkgconfig(libtirpc) +%endif +%if %{with mpdecimal} +BuildRequires: mpdecimal-devel +%endif +%if %{with doc} +BuildRequires: python3-Sphinx >= 4.0.0 +%if 0%{?suse_version} >= 1500 +BuildRequires: python3-python-docs-theme >= 2022.1 +%endif +%endif +%if %{with general} +# required for idle3 (.desktop and .appdata.xml files) +BuildRequires: appstream-glib +BuildRequires: gcc-c++ +BuildRequires: gdbm-devel +BuildRequires: gettext +BuildRequires: readline-devel +BuildRequires: sqlite-devel +BuildRequires: timezone +BuildRequires: pkgconfig(ncurses) +BuildRequires: pkgconfig(tk) +BuildRequires: pkgconfig(x11) +Requires: %{python_pkg_name}-base = %{version} +Provides: %{python_pkg_name}-readline +Provides: %{python_pkg_name}-sqlite3 +Recommends: %{python_pkg_name}-curses +Recommends: %{python_pkg_name}-dbm +Recommends: %{python_pkg_name}-pip +%if %{primary_interpreter} +Provides: python3 = %{python_version} +Provides: python3-readline +Provides: python3-sqlite3 +%endif +%endif +%{?suse_build_hwcaps_libs} + +%description +Python 3 is modern interpreted, object-oriented programming language, +often compared to Tcl, Perl, Scheme, or Java. You can find an overview +of Python in the documentation and tutorials included in the python3-doc +package. + +This package supplies rich command line features provided by readline, +and sqlite3 support for the interpreter core, thus forming a so called +"extended" runtime. +Installing "python3" is sufficient for the vast majority of usecases. +In addition, recommended packages provide UI toolkit support (python3-curses, +python3-tk), legacy UNIX database bindings (python3-dbm), and the IDLE +development environment (python3-idle). + +%package -n %{python_pkg_name}-tk +Summary: TkInter, a Python Tk Interface +Requires: %{python_pkg_name} = %{version} +%if %{primary_interpreter} +Provides: python3-tk = %{version} +%endif + +%description -n %{python_pkg_name}-tk +Python interface to Tk. Tk is the GUI toolkit that comes with Tcl. + +%package -n %{python_pkg_name}-curses +Summary: Python Interface to the (N)Curses Library +Requires: %{python_pkg_name} = %{version} +%if %{primary_interpreter} +Provides: python3-curses +%endif + +%description -n %{python_pkg_name}-curses +An easy to use interface to the (n)curses CUI library. CUI stands for +Console User Interface. + +%package -n %{python_pkg_name}-dbm +Summary: Python Interface to the GDBM Library +Requires: %{python_pkg_name} = %{version} +%if %{primary_interpreter} +Provides: python3-dbm +%endif + +%description -n %{python_pkg_name}-dbm +An easy to use interface for Unix DBM databases, and more specifically, +the GNU implementation GDBM. + +%package -n %{python_pkg_name}-idle +Summary: An Integrated Development Environment for Python +Requires: %{python_pkg_name} = %{version} +Requires: %{python_pkg_name}-tk +%if %{primary_interpreter} +Provides: python3-idle = %{version} +%endif + +%description -n %{python_pkg_name}-idle +IDLE is a Tkinter based integrated development environment for Python. +It features a multi-window text editor with multiple undo, Python +colorizing, and many other things, as well as a Python shell window and +a debugger. + +%package -n %{python_pkg_name}-doc +Summary: Package Documentation for Python 3 +Enhances: %{python_pkg_name} = %{python_version} +%if %{primary_interpreter} +Provides: python3-doc = %{version} +%endif + +%description -n %{python_pkg_name}-doc +Tutorial, Global Module Index, Language Reference, Library Reference, +Extending and Embedding Reference, Python/C API Reference, Documenting +Python, and Macintosh Module Reference in HTML format. + +%package -n %{python_pkg_name}-doc-devhelp +Summary: Additional Package Documentation for Python 3 in devhelp format +%if %{primary_interpreter} +Provides: python3-doc-devhelp = %{version} +%endif + +%description -n %{python_pkg_name}-doc-devhelp +Tutorial, Global Module Index, Language Reference, Library Reference, +Extending and Embedding Reference, Python/C API Reference, Documenting +Python, and Macintosh Module Reference in format for devhelp. + +%package -n %{python_pkg_name}-base +Summary: Python 3 Interpreter and Stdlib Core +Requires: libpython%{so_version} = %{version} +Recommends: %{python_pkg_name} = %{version} +#Recommends: python3-ensurepip +# python 3.1 didn't have a separate python-base, so it is wrongly +# not a conflict to have python3-3.1 and python3-base > 3.1 +Obsoletes: python3 < 3.2 +# no Provides, because python3 is obviously provided by package python3 +# python 3.4 provides asyncio +Provides: %{python_pkg_name}-asyncio = %{version} +# python 3.6 provides typing +Provides: %{python_pkg_name}-typing = %{version} +# python3-xml was merged into python3, now moved into -base +Provides: %{python_pkg_name}-xml = %{version} +%if %{primary_interpreter} +Provides: python3-asyncio = %{version} +Obsoletes: python3-asyncio < %{version} +Provides: python3-base = %{version} +Obsoletes: python3-base < %{version} +Provides: python3-typing = %{version} +Obsoletes: python3-typing < %{version} +Provides: python3-xml = %{version} +Obsoletes: python3-xml < %{version} +%endif + +%description -n %{python_pkg_name}-base +Python is an interpreted, object-oriented programming language, and is +often compared to Tcl, Perl, Scheme, or Java. You can find an overview +of Python in the documentation and tutorials included in the python-doc +package. + +This package contains the interpreter core and most commonly used modules +from the standard library. This is sufficient for many usecases, but it +excludes components that depend on external libraries, most notably XML, +database and UI toolkits support. + +%package -n %{python_pkg_name}-tools +Summary: Python Utility and Demonstration Scripts +Requires: %{python_pkg_name}-base = %{version} +Provides: %{python_pkg_name}-2to3 = %{version} +Provides: %{python_pkg_name}-demo = %{version} +%if %{primary_interpreter} +Provides: python3-2to3 = %{version} +Provides: python3-demo = %{version} +Provides: python3-tools = %{version} +Obsoletes: python3-2to3 < %{version} +Obsoletes: python3-demo < %{version} +%endif + +%description -n %{python_pkg_name}-tools +A number of scripts that are useful for building, testing or extending Python, +and a set of demonstration programs. + +%package -n %{python_pkg_name}-devel +Summary: Include Files and Libraries Mandatory for Building Python Modules +Requires: %{python_pkg_name}-base = %{version} +%if %{primary_interpreter} +Provides: python3-devel = %{version} +%endif + +%description -n %{python_pkg_name}-devel +The Python programming language's interpreter can be extended with +dynamically loaded extensions and can be embedded in other programs. + +This package contains header files, a static library, and development +tools for building Python modules, extending the Python interpreter or +embedding Python in applications. + +This also includes the Python distutils, which were in the Python +package up to version 2.2.2. + +%package -n %{python_pkg_name}-testsuite +Summary: Unit tests for Python and its standard library +Requires: %{python_pkg_name} = %{version} +Requires: %{python_pkg_name}-tk = %{version} +%if %{primary_interpreter} +Provides: python3-testsuite = %{version} +%endif + +%description -n %{python_pkg_name}-testsuite +Unit tests that are useful for verifying integrity and functionality +of the installed Python interpreter and standard library. +They are a documented part of stdlib, as a module 'test'. + +%package -n libpython%{so_version} +Summary: Python Interpreter shared library +Requires: %{python_pkg_name}-base >= %{version} + +%description -n libpython%{so_version} +Python is an interpreted, object-oriented programming language, and is +often compared to Tcl, Perl, Scheme, or Java. You can find an overview +of Python in the documentation and tutorials included in the python-doc +(HTML) or python-doc-pdf (PDF) packages. + +This package contains libpython3.2 shared library for embedding in +other applications. + +%prep +%setup -q -n %{tarname} + +%patch -p1 -P 02 +%patch -p1 -P 03 +%patch -p1 -P 04 +%patch -p1 -P 05 +%patch -p1 -P 06 +%patch -p1 -P 07 +%patch -p1 -P 08 + +%if 0%{?suse_version} <= 1500 +%patch -P 09 -p1 +%endif + +%patch -p1 -P 10 +%patch -p1 -P 11 +%patch -p1 -P 13 +%patch -p1 -P 15 +%patch -p1 -P 16 +%patch -p1 -P 17 +%patch -p1 -P 19 +%patch -p1 -P 22 +%patch -p1 -P 23 + +# drop Autoconf version requirement +sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac + +%if %{primary_interpreter} +# fix shebangs - convert /usr/local/bin/python and /usr/bin/env/python to /usr/bin/python3 +for dir in Lib Tools; do + # find *.py, filter to files that contain bad shebangs + # break up "/""usr" like this to prevent replacing with %%{_prefix} + find $dir -name '*.py' -type f -print0 \ + | xargs -0 grep -lE '^#! *(/''usr/.*bin/(env +)?)?python' \ + | xargs sed -r -i -e '1s@^#![[:space:]]*(/''usr/(local/)?bin/(env +)?)?python([0-9]+(\.[0-9]+)?)?@#!%{_bindir}/python3@' +done +%else +# For non-primary Python, just don't bother (bsc#1193179) and remove all +# those shebangs +for dir in Lib Tools; do + find $dir -name '*.py' -type f -exec sed -i '1{/^#!.*python/ d}' '{}' \; +done +# We shortened the file Lib/pdb.py so we have to move the test breakpoint location +sed -i -e '/Breakpoint 3 at ...pdb.py:97/s/97/96/' Lib/test/test_pdb.py +%endif + +# drop in-tree libffi and expat +rm -r Modules/_ctypes/libffi* Modules/_ctypes/darwin +# Cannot remove it because of gh#python/cpython#92875 +# rm -r Modules/expat + +# drop duplicate README from site-packages +rm Lib/site-packages/README.txt + +# Add vendored bluez-devel files +tar xvf %{SOURCE21} + +# Don't fail on warnings when building documentation +sed -i -e '/^SPHINXERRORHANDLING/s/-W//' Doc/Makefile + +%build +%if %{with doc} +TODAY_DATE=`date -r %{SOURCE0} "+%%B %%d, %%Y"` +# TODO use not date of tarball but date of latest patch + +cd Doc +sed -i "s/^today = .*/today = '$TODAY_DATE'/" conf.py +%make_build -j1 html + +# Build also devhelp files +sphinx-build -a -b devhelp . build/devhelp +rm -rfv build/devhelp/.doctrees +%else +%define _lto_cflags %{nil} +# use rpm_opt_flags +export OPT="%{optflags} -DOPENSSL_LOAD_CONF -fwrapv $(pkg-config --cflags-only-I libffi) -fno-semantic-interposition" + +touch -r %{SOURCE0} Makefile.pre.in + +autoreconf -fvi + +%if 0%{?sles_version} +sed -e 's/-fprofile-correction//' -i Makefile.pre.in +%endif + +export CFLAGS="%{optflags} -IVendor/" + +%configure \ + --with-platlibdir=%{_lib} \ + --docdir=%{_docdir}/python \ + --enable-ipv6 \ + --enable-shared \ + --with-ensurepip=no \ + --with-system-ffi \ + --with-system-expat \ + --with-lto \ +%if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150400 + --with-ssl-default-suites=openssl \ +%endif +%if %{with profileopt} + --enable-optimizations \ +%endif +%if %{with mpdecimal} + --with-system-libmpdec \ +%endif + --enable-loadable-sqlite-extensions + +# prevent make from trying to rebuild PYTHON_FOR_GEN stuff +# %%make_build -t Python/Python-ast.c \ + # Include/Python-ast.h \ + # Objects/typeslots.inc \ + # Python/opcode_targets.h \ + # Include/opcode.h +%make_build + +%if %{with general} +%make_build +%endif +%if %{with base} +%if %{with profileopt} + target=profile-opt +%else + target=all +%endif +LD_LIBRARY_PATH=.:$LD_LIBRARY_PATH \ + %make_build $target +%endif +%endif + +%check +export SUSE_VERSION="0%{?suse_version}" +export SLE_VERSION="0%{?sle_version}" +%if %{with general} +# exclude test_gdb -- it doesn't run in buildservice anyway, and fails on missing debuginfos +# when you install gdb into your test env +EXCLUDE="test_gdb" +# we patch out the message to recommend zypper in and thus this would fail +EXCLUDE="$EXCLUDE test_pydoc" + +%ifarch %{arm} s390x +# test_multiprocessing_forkserver is racy +EXCLUDE="$EXCLUDE test_multiprocessing_forkserver" +%endif +%ifarch ppc ppc64 ppc64le +# exclue test_faulthandler due to bnc#831629 +EXCLUDE="$EXCLUDE test_faulthandler" +%endif +# some tests break in QEMU +%if 0%{?qemu_user_space_build} +EXCLUDE="$EXCLUDE test_faulthandler test_multiprocessing_forkserver test_multiprocessing_spawn test_os test_posix test_signal test_socket test_subprocess" +%endif + +# This test (part of test_uuid) requires real network interfaces +# so that ifconfig output has "HWaddr ". Some kvm instances +# done have any such interface breaking the uuid module. +EXCLUDE="$EXCLUDE test_uuid" + +# bsc#1195140 and bpo#37169 - test_capi is failing on openSUSE, and not sure why +EXCLUDE="$EXCLUDE test_capi" + +# Limit virtual memory to avoid spurious failures +if test $(ulimit -v) = unlimited || test $(ulimit -v) -gt 10000000; then + ulimit -v 11000000 || : +fi + +# test_freeze_simple_script in test.test_tools.test_freeze.TestFreeze +# uses CONFIG_ARGS to run ./configure. +export CONFIG_ARGS="--enable-ipv6 --enable-shared --with-ensurepip=no \ + --with-system-ffi --with-system-expat --with-lto --enable-optimizations \ + --with-system-libmpdec --enable-loadable-sqlite-extensions" + +export PYTHONPATH="$(pwd -P)/Lib" +# Use timeout, like make target buildbottest +# We cannot run tests parallel, because osc build environment doesn’t +# have /dev/shm +%make_build -j1 test TESTOPTS="-u curses -v -x $EXCLUDE --timeout=5400" +# use network, be verbose: +#make test TESTOPTS="-l -u network -v" +%endif + +%install +%if %{with doc} +export PDOCS=%{buildroot}%{_docdir}/python%{python_version} +mkdir -p $PDOCS +# generated docs +rm Doc/build/*/.buildinfo +cp -r Doc/build/html $PDOCS +# misc +install -d -m 755 $PDOCS/Misc +rm Misc/README.AIX +for i in Misc/* ; do + [ -f $i ] && install -c -m 644 $i $PDOCS/Misc/ +done +# devhelp +mkdir -p %{buildroot}%{_datadir}/gtk-doc/html +cp -r Doc/build/devhelp %{buildroot}%{_datadir}/gtk-doc/html/Python%{python_version} +rm -rf %{buildroot}%{_datadir}/gtk-doc/html/Python%{python_version}/.doctrees +%endif +%if %{with general} +%make_install + +# clean out stuff that is in python-base and subpackages + +find %{buildroot}%{_bindir} -mindepth 1 -not -name "*idle3*" -print -delete +rm %{buildroot}%{_libdir}/lib* +rm -r %{buildroot}%{_libdir}/pkgconfig +rm -r %{buildroot}%{_mandir}/* +rm -r %{buildroot}%{_includedir}/* + +rm -r %{buildroot}%{sitedir}/config* +find %{buildroot}%{sitedir} -name "*.egg-info" -delete +rm -r %{buildroot}%{sitedir}/__pycache__ +rm -r %{buildroot}%{sitedir}/site-packages +rm %{buildroot}%{sitedir}/*.* + +for module in \ + asyncio ctypes collections concurrent distutils email encodings \ + ensurepip html http re \ + importlib json logging multiprocessing pydoc_data unittest \ + urllib venv wsgiref lib2to3 test tomllib turtledemo \ + xml xmlrpc zoneinfo __phello__ +do + rm -r %{buildroot}%{sitedir}/$module +done + +for library in \ + array _asyncio audioop binascii _bisect _bz2 cmath _codecs_* \ + _contextvars _crypt _csv _ctypes _datetime _decimal fcntl grp \ + _hashlib _heapq _json _lsprof _lzma math mmap _multibytecodec \ + _multiprocessing _opcode ossaudiodev _pickle _posixshmem \ + _posixsubprocess _queue _random resource select _ssl _socket spwd \ + _statistics _struct syslog termios _testbuffer _testimportmultiple \ + _testmultiphase unicodedata zlib _ctypes_test _testinternalcapi _testcapi \ + _typing _testclinic xxlimited xxlimited_35 \ + _xxtestfuzz _xxsubinterpreters _elementtree pyexpat _md5 _sha1 \ + _sha256 _sha512 _blake2 _sha3 _uuid _zoneinfo +do + eval rm "%{buildroot}%{sitedir}/lib-dynload/$library.*" +done + +# Idle is not packaged in base due to the appstream-glib dependency +# move idle config into /etc +install -d -m 755 %{buildroot}%{_sysconfdir}/idle%{python_version} +( + cd %{buildroot}/%{sitedir}/idlelib/ + for file in *.def ; do + mv $file %{buildroot}%{_sysconfdir}/idle%{python_version}/ + ln -sf %{_sysconfdir}/idle%{python_version}/$file %{buildroot}/%{sitedir}/idlelib/ + done +) + +# keep just idle3.X +rm %{buildroot}%{_bindir}/idle3 + +# install idle icons +for size in 16 32 48 ; do + install -m 644 -D Lib/idlelib/Icons/idle_${size}.png \ + %{buildroot}%{_datadir}/icons/hicolor/${size}x${size}/apps/idle%{python_version}.png +done + +# install idle desktop file +cp %{SOURCE19} idle%{python_version}.desktop +sed -i -e 's:idle3:idle%{python_version}:g' idle%{python_version}.desktop +install -m 644 -D -t %{buildroot}%{_datadir}/applications idle%{python_version}.desktop + +cp %{SOURCE20} idle%{python_version}.appdata.xml +sed -i -e 's:idle3.desktop:idle%{python_version}.desktop:g' idle%{python_version}.appdata.xml +install -m 644 -D -t %{buildroot}%{_datadir}/metainfo idle%{python_version}.appdata.xml +appstream-util validate-relax --nonet %{buildroot}%{_datadir}/metainfo/idle%{python_version}.appdata.xml + +%fdupes %{buildroot}/%{_libdir}/python%{python_version} +%endif +%if %{with base} +%make_install + +# remove .a +find %{buildroot} -name "*.a" -delete + +# install "site-packages" and __pycache__ for third parties +install -d -m 755 %{buildroot}%{sitedir}/site-packages +install -d -m 755 %{buildroot}%{sitedir}/site-packages/__pycache__ +# and their 32bit counterparts explicitly +mkdir -p %{buildroot}%{_prefix}/lib/python%{python_version}/site-packages/__pycache__ + +# cleanup parts that don't belong +for dir in curses dbm sqlite3 tkinter idlelib; do + find "%{buildroot}/%{sitedir}/$dir"/* -maxdepth 0 -name "test" -o -exec rm -rf {} + +done +rm -fv %{buildroot}%{dynlib nis} + +# overwrite the copied binary with a link +ln -sf python%{python_version} %{buildroot}%{_bindir}/python3 + +# decide to ship python3 or just python3.X +%if !%{primary_interpreter} +# base +rm %{buildroot}%{_bindir}/python3 +rm %{buildroot}%{_bindir}/pydoc3 +rm %{buildroot}%{_mandir}/man1/python3.1 +# devel +rm %{buildroot}%{_bindir}/python3-config +rm %{buildroot}%{_libdir}/libpython3.so +rm %{buildroot}%{_libdir}/pkgconfig/{python3,python3-embed}.pc +%endif + +%if %{suse_version} > 1550 +# PEP-0668 mark this as a distro maintained python +sed -e 's,__PYTHONPREFIX__,%{python_pkg_name},' -e 's,__PYTHON__,python%{python_version},' < %{SOURCE4} > %{buildroot}%{sitedir}/EXTERNALLY-MANAGED +%endif + +# link shared library instead of static library that tools expect +ln -s ../../libpython%{python_abi}.so %{buildroot}%{_libdir}/python%{python_version}/config-%{python_abi}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}/libpython%{python_abi}.so + +# delete idle3, which has to many packaging dependencies for base +rm %{buildroot}%{_bindir}/idle3* + +# delete the generic 2to3 binary if we are not primary +%if !%{primary_interpreter} +rm %{buildroot}%{_bindir}/2to3 +%endif + +# replace duplicate .pyo/.pyc with hardlinks +%fdupes %{buildroot}/%{sitedir} + +# documentation +export PDOCS=%{buildroot}%{_docdir}/%{name} +install -d -m 755 $PDOCS +install -c -m 644 %{SOURCE3} $PDOCS/ +install -c -m 644 README.rst $PDOCS/ + +# tools +for x in `find Tools/ \( -not -name Makefile \) -print | sort` ; do + test -d $x && ( install -c -m 755 -d $PDOCS/$x ) \ + || ( install -c -m 644 $x $PDOCS/$x ) +done +# gdb script is shipped with devel subpackage +rm -r $PDOCS/Tools/gdb +# clean up the bat files +find "$PDOCS" -name "*.bat" -delete + +# put gdb helper script into place +install -m 755 -D Tools/gdb/libpython.py %{buildroot}%{_datadir}/gdb/auto-load/%{_libdir}/libpython%{python_abi}.so.%{so_major}.%{so_minor}-gdb.py + +# install devel files to /config +#cp Makefile Makefile.pre.in Makefile.pre $RPM_BUILD_ROOT%%{sitedir}/config-%%{python_abi}/ + +# Remove -IVendor/ from python-config boo#1231795 +sed -i 's/-IVendor\///' %{buildroot}%{_bindir}/python%{python_abi}-config + +# RPM macros +%if %{primary_interpreter} +mkdir -p %{buildroot}%{_rpmconfigdir}/macros.d/ +install -m 644 %{SOURCE7} %{buildroot}%{_rpmconfigdir}/macros.d/ # macros.python3 +%endif + +# import_failed hooks +FAILDIR=%{buildroot}/%{sitedir}/_import_failed +mkdir $FAILDIR +install -m 644 %{SOURCE8} %{SOURCE9} $FAILDIR # import_failed.* +LD_LIBRARY_PATH=. ./python -c "from py_compile import compile; compile('$FAILDIR/import_failed.py', dfile='%{sitedir}/_import_failed/import_failed.py')" +LD_LIBRARY_PATH=. ./python -O -c "from py_compile import compile; compile('$FAILDIR/import_failed.py', dfile='%{sitedir}/_import_failed/import_failed.py')" +( + cd $FAILDIR + while read package modules; do + for module in $modules; do + ln import_failed.py $module.py + pushd __pycache__ + for i in import_failed*; do + ln $i "$module${i#import_failed}" + done + popd + done + done < %{SOURCE9} +) +echo %{sitedir}/_import_failed > %{buildroot}/%{sitedir}/site-packages/zzzz-import-failed-hooks.pth +%endif + +# For the purposes of reproducibility, it is necessary to eliminate any *.pyc files inside documentation dirs +if [ -d %{buildroot}%{_defaultdocdir} ] ; then +find %{buildroot}%{_defaultdocdir} -type f -name \*.pyc -ls -exec rm -vf '{}' \; +fi + +%if %{with general} +%files -n %{python_pkg_name}-tk +%{sitedir}/tkinter +%exclude %{sitedir}/tkinter/test +%{dynlib _tkinter} + +%files -n %{python_pkg_name}-curses +%{sitedir}/curses +%{dynlib _curses} +%{dynlib _curses_panel} + +%files -n %{python_pkg_name}-dbm +%{sitedir}/dbm +%{dynlib _dbm} +%{dynlib _gdbm} + +%files -n %{python_pkg_name} +%dir %{sitedir} +%dir %{sitedir}/lib-dynload +%{sitedir}/sqlite3 +%exclude %{sitedir}/sqlite3/test +%{dynlib readline} +%{dynlib _sqlite3} +%if 0%{?suse_version} < 1599 +%{dynlib nis} +%endif + +%files -n %{python_pkg_name}-idle +%{sitedir}/idlelib +%dir %{_sysconfdir}/idle%{python_version} +%config %{_sysconfdir}/idle%{python_version}/* +%doc Lib/idlelib/README.txt +%doc Lib/idlelib/TODO.txt +%doc Lib/idlelib/extend.txt +%doc Lib/idlelib/ChangeLog +%{_bindir}/idle%{python_version} +%{_datadir}/applications/idle%{python_version}.desktop +%{_datadir}/metainfo/idle%{python_version}.appdata.xml +%{_datadir}/icons/hicolor/*/apps/idle%{python_version}.png +%dir %{_datadir}/icons/hicolor +%dir %{_datadir}/icons/hicolor/16x16 +%dir %{_datadir}/icons/hicolor/32x32 +%dir %{_datadir}/icons/hicolor/48x48 +%dir %{_datadir}/icons/hicolor/*/apps +# endif for if general +%endif + +%if %{with doc} +%files -n %{python_pkg_name}-doc +%dir %{_docdir}/python%{python_version} +%doc %{_docdir}/python%{python_version}/Misc +%doc %{_docdir}/python%{python_version}/html + +%files -n %{python_pkg_name}-doc-devhelp +%dir %{_datadir}/gtk-doc +%dir %{_datadir}/gtk-doc/html +%doc %{_datadir}/gtk-doc/html/Python%{python_version} +%endif + +%if %{with base} +%post -n libpython%{so_version} -p /sbin/ldconfig +%postun -n libpython%{so_version} -p /sbin/ldconfig + +%files -n libpython%{so_version} +%{_libdir}/libpython%{python_abi}.so.%{so_major}.%{so_minor} + +%files -n %{python_pkg_name}-tools +%{sitedir}/turtledemo +%if %{primary_interpreter} +%{_bindir}/2to3 +%endif +%attr(755, root, root)%{_bindir}/2to3-%{python_version} +%doc %{_docdir}/%{name}/Tools + +%files -n %{python_pkg_name}-devel +%{_libdir}/libpython%{python_abi}.so +%if %{primary_interpreter} +%{_libdir}/libpython3.so +%endif +%{_libdir}/pkgconfig/* +%{_includedir}/python%{python_abi} +%{sitedir}/config-%{python_abi}-* +%{_bindir}/python%{python_abi}-config +%if %{primary_interpreter} +%{_bindir}/python3-config +%endif +# Own these directories to not depend on gdb +%dir %{_datadir}/gdb +%dir %{_datadir}/gdb/auto-load +%dir %{_datadir}/gdb/auto-load%{_prefix} +%dir %{_datadir}/gdb/auto-load%{_libdir} +%{_datadir}/gdb/auto-load/%{_libdir}/libpython%{python_abi}.so.%{so_major}.%{so_minor}-gdb.py + +%files -n %{python_pkg_name}-testsuite +%{sitedir}/test +%{sitedir}/*/test +%{sitedir}/*/tests +%{dynlib _ctypes_test} +%{dynlib _testbuffer} +%{dynlib _testcapi} +%{dynlib _testclinic} +%{dynlib _testinternalcapi} +%{dynlib _testimportmultiple} +%{dynlib _testmultiphase} +%{dynlib xxlimited} +# workaround for missing packages +%dir %{sitedir}/sqlite3 +%dir %{sitedir}/tkinter + +%files -n %{python_pkg_name}-base +# docs +%dir %{_docdir}/%{name} +%doc %{_docdir}/%{name}/README.rst +%license LICENSE +%doc %{_docdir}/%{name}/README.SUSE +%if %{primary_interpreter} +%{_mandir}/man1/python3.1%{?ext_man} +%endif +%{_mandir}/man1/python%{python_version}.1%{?ext_man} +%if 0%{?suse_version} > 1550 +# PEP-0668 +%{sitedir}/EXTERNALLY-MANAGED +%endif +# license text, not a doc because the code can use it at run-time +%{sitedir}/LICENSE.txt +# RPM macros +%if %{primary_interpreter} +%{_rpmconfigdir}/macros.d/macros.python3 +%endif +# binary parts +%dir %{sitedir}/lib-dynload +%{dynlib array} +%{dynlib _asyncio} +%{dynlib audioop} +%{dynlib binascii} +%{dynlib _bisect} +%{dynlib _bz2} +%{dynlib cmath} +%{dynlib _codecs_cn} +%{dynlib _codecs_hk} +%{dynlib _codecs_iso2022} +%{dynlib _codecs_jp} +%{dynlib _codecs_kr} +%{dynlib _codecs_tw} +%{dynlib _contextvars} +%{dynlib _crypt} +%{dynlib _csv} +%{dynlib _ctypes} +%{dynlib _datetime} +%{dynlib _decimal} +%{dynlib _elementtree} +%{dynlib fcntl} +%{dynlib grp} +%{dynlib _hashlib} +%{dynlib _heapq} +%{dynlib _json} +%{dynlib _lsprof} +%{dynlib _lzma} +%{dynlib math} +%{dynlib mmap} +%{dynlib _multibytecodec} +%{dynlib _multiprocessing} +%{dynlib _opcode} +%{dynlib ossaudiodev} +%{dynlib _pickle} +%{dynlib _posixshmem} +%{dynlib _posixsubprocess} +%{dynlib pyexpat} +%{dynlib _queue} +%{dynlib _random} +%{dynlib resource} +%{dynlib select} +%{dynlib _socket} +%{dynlib spwd} +%{dynlib _ssl} +%{dynlib _statistics} +%{dynlib _struct} +%{dynlib syslog} +%{dynlib termios} +%{dynlib _typing} +%{dynlib unicodedata} +%{dynlib _uuid} +%{dynlib _xxsubinterpreters} +%{dynlib _xxtestfuzz} +%{dynlib xxlimited_35} +%{dynlib zlib} +%{dynlib _zoneinfo} +# hashlib fallback modules +%{dynlib _blake2} +%{dynlib _md5} +%{dynlib _sha1} +%{dynlib _sha256} +%{dynlib _sha512} +%{dynlib _sha3} +# python parts +%dir %{_prefix}/lib/python%{python_version} +%dir %{_prefix}/lib/python%{python_version}/site-packages +%dir %{_prefix}/lib/python%{python_version}/site-packages/__pycache__ +%dir %{sitedir} +%dir %{sitedir}/site-packages +%dir %{sitedir}/site-packages/__pycache__ +%exclude %{sitedir}/*/test +%exclude %{sitedir}/*/tests +%{sitedir}/*.py +%{sitedir}/asyncio +%{sitedir}/ctypes +%{sitedir}/collections +%{sitedir}/concurrent +%{sitedir}/distutils +%{sitedir}/email +%{sitedir}/encodings +%{sitedir}/ensurepip +%{sitedir}/html +%{sitedir}/http +%{sitedir}/importlib +%{sitedir}/json +%{sitedir}/lib2to3 +%{sitedir}/logging +%{sitedir}/multiprocessing +%{sitedir}/pydoc_data +%{sitedir}/re +%{sitedir}/tomllib +%{sitedir}/unittest +%{sitedir}/urllib +%{sitedir}/venv +%{sitedir}/wsgiref +%{sitedir}/xml +%{sitedir}/xmlrpc +%{sitedir}/zoneinfo +%{sitedir}/__phello__ +%{sitedir}/__pycache__ +# import-failed hooks +%{sitedir}/_import_failed +%{sitedir}/site-packages/zzzz-import-failed-hooks.pth +# symlinks +%if %{primary_interpreter} +%{_bindir}/python3 +%{_bindir}/pydoc3 +%endif +# executables +%attr(755, root, root) %{_bindir}/pydoc%{python_version} +# %%attr(755, root, root) %%{_bindir}/python%%{python_abi} +%attr(755, root, root) %{_bindir}/python%{python_version} +# endif for if base +%endif + +%changelog diff --git a/skip-test_pyobject_freed_is_freed.patch b/skip-test_pyobject_freed_is_freed.patch new file mode 100644 index 0000000..6f48b09 --- /dev/null +++ b/skip-test_pyobject_freed_is_freed.patch @@ -0,0 +1,23 @@ +--- + Lib/test/test_capi/test_misc.py | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/Lib/test/test_capi/test_misc.py ++++ b/Lib/test/test_capi/test_misc.py +@@ -40,6 +40,8 @@ import _testinternalcapi + # Were we compiled --with-pydebug or with #define Py_DEBUG? + Py_DEBUG = hasattr(sys, 'gettotalrefcount') + ++# Which version of the SLE distro we build on? ++SLE_VERSION = int(os.environ.get('SLE_VERSION', '0'), 10) + + NULL = None + +@@ -1281,6 +1283,7 @@ class PyMemDebugTests(unittest.TestCase) + def test_pyobject_forbidden_bytes_is_freed(self): + self.check_pyobject_is_freed('check_pyobject_forbidden_bytes_is_freed') + ++ @unittest.skipIf(0 < SLE_VERSION < 150300, 'Failing on Leap 15.*') + def test_pyobject_freed_is_freed(self): + self.check_pyobject_is_freed('check_pyobject_freed_is_freed') + diff --git a/skip_if_buildbot-extend.patch b/skip_if_buildbot-extend.patch new file mode 100644 index 0000000..fd9a584 --- /dev/null +++ b/skip_if_buildbot-extend.patch @@ -0,0 +1,15 @@ +--- + Lib/test/support/__init__.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/Lib/test/support/__init__.py ++++ b/Lib/test/support/__init__.py +@@ -384,7 +384,7 @@ def skip_if_buildbot(reason=None): + if not reason: + reason = 'not suitable for buildbots' + try: +- isbuildbot = getpass.getuser().lower() == 'buildbot' ++ isbuildbot = getpass.getuser().lower() in ['buildbot', 'abuild'] + except (KeyError, EnvironmentError) as err: + warnings.warn(f'getpass.getuser() failed {err}.', RuntimeWarning) + isbuildbot = False diff --git a/skipped_tests.py b/skipped_tests.py new file mode 100644 index 0000000..47002e6 --- /dev/null +++ b/skipped_tests.py @@ -0,0 +1,69 @@ +#!/usr/bin/python3 +""" +Simple regexp-based skipped test checker. +It lists tests that are mentioned (presumably for exclusion) +in BASE, and in MAIN (presumably for inclusion) +and reports discrepancies. + +This will have a number of +""" + +MAIN = "python39.spec" + +import glob +import re +from os.path import basename + +alltests = set() +qemu_exclusions = set() + +for item in glob.glob("Python-*/Lib/test/test_*"): + testname = basename(item) + if testname.endswith(".py"): + testname = testname[:-3] + alltests.add(testname) + +testre = re.compile(r'[\s"](test_\w+)\b') + +def find_tests_in_spec(specname): + global qemu_exclusions + + found_tests = set() + with open(specname) as spec: + in_qemu = False + for line in spec: + line = line.strip() + if "#" in line: + line = line[:line.index("#")] + tests = set(testre.findall(line)) + found_tests |= tests + if line == "%if 0%{?qemu_user_space_build} > 0": + in_qemu = True + if in_qemu: + if line == "%endif": + in_qemu = False + qemu_exclusions |= tests + return found_tests + +excluded = find_tests_in_spec(MAIN) + +#print("--- excluded tests:", " ".join(sorted(excluded))) +#print("--- included tests:", " ".join(sorted(included))) + +mentioned = excluded +nonexistent = mentioned - alltests +missing = excluded - qemu_exclusions + +print("--- the following tests are excluded for QEMU and not tested in python") +print("--- (that probably means we don't need to worry about them)") +for test in sorted(qemu_exclusions - excluded): + print(test) + +print("--- the following tests might be excluded in python:") +for test in sorted(missing): + print(test) + +if nonexistent: + print("--- the following tests don't exist:") + for test in sorted(nonexistent): + print(test) diff --git a/subprocess-raise-timeout.patch b/subprocess-raise-timeout.patch new file mode 100644 index 0000000..ab29d50 --- /dev/null +++ b/subprocess-raise-timeout.patch @@ -0,0 +1,18 @@ +--- + Lib/test/test_subprocess.py | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +Index: Python-3.11.8/Lib/test/test_subprocess.py +=================================================================== +--- Python-3.11.8.orig/Lib/test/test_subprocess.py ++++ Python-3.11.8/Lib/test/test_subprocess.py +@@ -280,7 +280,8 @@ class ProcessTestCase(BaseTestCase): + "time.sleep(3600)"], + # Some heavily loaded buildbots (sparc Debian 3.x) require + # this much time to start and print. +- timeout=3) ++ # OBS might require even more ++ timeout=10) + self.fail("Expected TimeoutExpired.") + self.assertEqual(c.exception.output, b'BDFL') + -- 2.51.1 From f5aae8a813fa7663a6b3f8c5834b61fa93b4b9f13189a1b42c46f96e7199caac Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Mon, 2 Dec 2024 22:50:54 +0000 Subject: [PATCH 106/135] - Fix changelog (renamed from CVE-2024-8088-zipfile-Path-sanitization.patch) - CVE-2024-6232-ReDOS-backtrack-tarfile.patch - CVE-2024-7592-quad-complex-cookies.patch * CVE-2024-0397-memrace_ssl.SSLContext_cert_store.patch - Remove upstreamed patches: - CVE-2024-0450-zipfile-avoid-quoted-overlap-zipbomb.patch OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=151 --- .gitattributes | 23 + .gitignore | 1 + CVE-2023-52425-libexpat-2.6.0-backport.patch | 223 + ...-52425-remove-reparse_deferral-tests.patch | 60 + CVE-2024-9287-venv_path_unquoted.patch | 299 + F00251-change-user-install-location.patch | 215 + PACKAGING-NOTES | 26 + Python-3.11.10.tar.xz | 3 + Python-3.11.10.tar.xz.asc | 16 + README.SUSE | 43 + _multibuild | 4 + baselibs.conf | 3 + bluez-devel-vendor.tar.xz | 3 + bpo-31046_ensurepip_honours_prefix.patch | 173 + bsc1221260-test_asyncio-ResourceWarning.patch | 21 + bso1227999-reproducible-builds.patch | 37 + distutils-reproducible-compile.patch | 17 + externally_managed.in | 12 + fix_configure_rst.patch | 40 + gh120226-fix-sendfile-test-kernel-610.patch | 35 + idle3.appdata.xml | 35 + idle3.desktop | 12 + import_failed.map | 7 + import_failed.py | 23 + macros.python3 | 28 + no-skipif-doctests.patch | 653 ++ pre_checkin.sh | 78 + python-3.3.0b1-fix_date_time_compiler.patch | 27 + python-3.3.0b1-localpath.patch | 13 + python-3.3.0b1-test-posix_fadvise.patch | 17 + python.keyring | 109 + python311-rpmlintrc | 3 + python311.changes | 5466 +++++++++++++++++ python311.spec | 1053 ++++ skip-test_pyobject_freed_is_freed.patch | 23 + skip_if_buildbot-extend.patch | 15 + skipped_tests.py | 69 + subprocess-raise-timeout.patch | 18 + 38 files changed, 8903 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 CVE-2023-52425-libexpat-2.6.0-backport.patch create mode 100644 CVE-2023-52425-remove-reparse_deferral-tests.patch create mode 100644 CVE-2024-9287-venv_path_unquoted.patch create mode 100644 F00251-change-user-install-location.patch create mode 100644 PACKAGING-NOTES create mode 100644 Python-3.11.10.tar.xz create mode 100644 Python-3.11.10.tar.xz.asc create mode 100644 README.SUSE create mode 100644 _multibuild create mode 100644 baselibs.conf create mode 100644 bluez-devel-vendor.tar.xz create mode 100644 bpo-31046_ensurepip_honours_prefix.patch create mode 100644 bsc1221260-test_asyncio-ResourceWarning.patch create mode 100644 bso1227999-reproducible-builds.patch create mode 100644 distutils-reproducible-compile.patch create mode 100644 externally_managed.in create mode 100644 fix_configure_rst.patch create mode 100644 gh120226-fix-sendfile-test-kernel-610.patch create mode 100644 idle3.appdata.xml create mode 100644 idle3.desktop create mode 100644 import_failed.map create mode 100644 import_failed.py create mode 100644 macros.python3 create mode 100644 no-skipif-doctests.patch create mode 100644 pre_checkin.sh create mode 100644 python-3.3.0b1-fix_date_time_compiler.patch create mode 100644 python-3.3.0b1-localpath.patch create mode 100644 python-3.3.0b1-test-posix_fadvise.patch create mode 100644 python.keyring create mode 100644 python311-rpmlintrc create mode 100644 python311.changes create mode 100644 python311.spec create mode 100644 skip-test_pyobject_freed_is_freed.patch create mode 100644 skip_if_buildbot-extend.patch create mode 100644 skipped_tests.py create mode 100644 subprocess-raise-timeout.patch diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/CVE-2023-52425-libexpat-2.6.0-backport.patch b/CVE-2023-52425-libexpat-2.6.0-backport.patch new file mode 100644 index 0000000..c1c66b7 --- /dev/null +++ b/CVE-2023-52425-libexpat-2.6.0-backport.patch @@ -0,0 +1,223 @@ +--- + Lib/test/support/__init__.py | 16 ++++++++++++++-- + Lib/test/test_minidom.py | 23 +++++++++-------------- + Lib/test/test_pyexpat.py | 12 +++++------- + Lib/test/test_sax.py | 18 +++++++++--------- + Lib/test/test_xml_etree.py | 12 ------------ + 5 files changed, 37 insertions(+), 44 deletions(-) + +--- a/Lib/test/support/__init__.py ++++ b/Lib/test/support/__init__.py +@@ -8,6 +8,7 @@ import dataclasses + import functools + import os + import re ++import pyexpat + import stat + import sys + import sysconfig +@@ -56,7 +57,7 @@ __all__ = [ + "run_with_tz", "PGO", "missing_compiler_executable", + "ALWAYS_EQ", "NEVER_EQ", "LARGEST", "SMALLEST", + "LOOPBACK_TIMEOUT", "INTERNET_TIMEOUT", "SHORT_TIMEOUT", "LONG_TIMEOUT", +- "skip_on_s390x", ++ "skip_on_s390x", "fails_with_expat_2_6_0", "is_expat_2_6_0" + ] + + +@@ -2240,6 +2241,17 @@ def copy_python_src_ignore(path, names): + } + return ignored + +-#Windows doesn't have os.uname() but it doesn't support s390x. ++ ++# Windows doesn't have os.uname() but it doesn't support s390x. + skip_on_s390x = unittest.skipIf(hasattr(os, 'uname') and os.uname().machine == 's390x', + 'skipped on s390x') ++ ++ ++@functools.lru_cache ++def _is_expat_2_6_0(): ++ return hasattr(pyexpat.ParserCreate(), 'SetReparseDeferralEnabled') ++is_expat_2_6_0 = _is_expat_2_6_0() ++ ++fails_with_expat_2_6_0 = (unittest.expectedFailure ++ if is_expat_2_6_0 ++ else lambda test: test) +--- a/Lib/test/test_minidom.py ++++ b/Lib/test/test_minidom.py +@@ -6,7 +6,6 @@ import io + from test import support + import unittest + +-import pyexpat + import xml.dom.minidom + + from xml.dom.minidom import parse, Attr, Node, Document, parseString +@@ -1163,13 +1162,11 @@ class MinidomTest(unittest.TestCase): + + # Verify that character decoding errors raise exceptions instead + # of crashing +- if pyexpat.version_info >= (2, 4, 5): +- self.assertRaises(ExpatError, parseString, +- b'') +- self.assertRaises(ExpatError, parseString, +- b'Comment \xe7a va ? Tr\xe8s bien ?') +- else: +- self.assertRaises(UnicodeDecodeError, parseString, ++ # It doesn’t make any sense to insist on the exact text of the ++ # error message, or even the exact Exception … it is enough that ++ # the error has been discovered. ++ with self.assertRaises((UnicodeDecodeError, ExpatError)): ++ parseString( + b'Comment \xe7a va ? Tr\xe8s bien ?') + + doc.unlink() +@@ -1631,12 +1628,10 @@ class MinidomTest(unittest.TestCase): + self.confirm(doc2.namespaceURI == xml.dom.EMPTY_NAMESPACE) + + def testExceptionOnSpacesInXMLNSValue(self): +- if pyexpat.version_info >= (2, 4, 5): +- context = self.assertRaisesRegex(ExpatError, 'syntax error') +- else: +- context = self.assertRaisesRegex(ValueError, 'Unsupported syntax') +- +- with context: ++ # It doesn’t make any sense to insist on the exact text of the ++ # error message, or even the exact Exception … it is enough that ++ # the error has been discovered. ++ with self.assertRaises((ExpatError, ValueError)): + parseString('') + + def testDocRemoveChild(self): +--- a/Lib/test/test_pyexpat.py ++++ b/Lib/test/test_pyexpat.py +@@ -14,8 +14,7 @@ from test.support import os_helper + from xml.parsers import expat + from xml.parsers.expat import errors + +-from test.support import sortdict, is_emscripten, is_wasi +- ++from test.support import sortdict, is_emscripten, is_wasi, is_expat_2_6_0 + + class SetAttributeTest(unittest.TestCase): + def setUp(self): +@@ -770,9 +769,8 @@ class ReparseDeferralTest(unittest.TestC + self.assertIs(parser.GetReparseDeferralEnabled(), enabled) + + def test_reparse_deferral_enabled(self): +- if expat.version_info < (2, 6, 0): +- self.skipTest(f'Expat {expat.version_info} does not ' +- 'support reparse deferral') ++ if not is_expat_2_6_0: ++ self.skipTest("Linked libexpat doesn't support reparse deferral") + + started = [] + +@@ -801,9 +799,9 @@ class ReparseDeferralTest(unittest.TestC + + parser = expat.ParserCreate() + parser.StartElementHandler = start_element +- if expat.version_info >= (2, 6, 0): ++ if is_expat_2_6_0: + parser.SetReparseDeferralEnabled(False) +- self.assertFalse(parser.GetReparseDeferralEnabled()) ++ self.assertFalse(parser.GetReparseDeferralEnabled()) + + for chunk in (b''): + parser.Parse(chunk, False) +--- a/Lib/test/test_sax.py ++++ b/Lib/test/test_sax.py +@@ -19,13 +19,11 @@ from xml.sax.xmlreader import InputSourc + from io import BytesIO, StringIO + import codecs + import os.path +-import pyexpat + import shutil + import sys + from urllib.error import URLError + import urllib.request +-from test.support import os_helper +-from test.support import findfile ++from test.support import os_helper, findfile, is_expat_2_6_0 + from test.support.os_helper import FakePath, TESTFN + + +@@ -1215,10 +1213,10 @@ class ExpatReaderTest(XmlTestBase): + + self.assertEqual(result.getvalue(), start + b"text") + +- @unittest.skipIf(pyexpat.version_info < (2, 6, 0), +- f'Expat {pyexpat.version_info} does not ' +- 'support reparse deferral') + def test_flush_reparse_deferral_enabled(self): ++ if not is_expat_2_6_0: ++ self.skipTest("Linked libexpat doesn't support reparse deferral") ++ + result = BytesIO() + xmlgen = XMLGenerator(result) + parser = create_parser() +@@ -1241,6 +1239,9 @@ class ExpatReaderTest(XmlTestBase): + self.assertEqual(result.getvalue(), start + b"") + + def test_flush_reparse_deferral_disabled(self): ++ if not is_expat_2_6_0: ++ self.skipTest("Linked libexpat doesn't support reparse deferral") ++ + result = BytesIO() + xmlgen = XMLGenerator(result) + parser = create_parser() +@@ -1249,9 +1250,8 @@ class ExpatReaderTest(XmlTestBase): + for chunk in (""): + parser.feed(chunk) + +- if pyexpat.version_info >= (2, 6, 0): +- parser._parser.SetReparseDeferralEnabled(False) +- self.assertEqual(result.getvalue(), start) # i.e. no elements started ++ parser._parser.SetReparseDeferralEnabled(False) ++ self.assertEqual(result.getvalue(), start) # i.e. no elements started + + self.assertFalse(parser._parser.GetReparseDeferralEnabled()) + +--- a/Lib/test/test_xml_etree.py ++++ b/Lib/test/test_xml_etree.py +@@ -13,7 +13,6 @@ import itertools + import operator + import os + import pickle +-import pyexpat + import sys + import textwrap + import types +@@ -1424,12 +1423,6 @@ class XMLPullParserTest(unittest.TestCas + self.assert_event_tags(parser, [('end', 'root')]) + self.assertIsNone(parser.close()) + +- def test_simple_xml_chunk_1(self): +- self.test_simple_xml(chunk_size=1, flush=True) +- +- def test_simple_xml_chunk_5(self): +- self.test_simple_xml(chunk_size=5, flush=True) +- + def test_simple_xml_chunk_22(self): + self.test_simple_xml(chunk_size=22) + +@@ -1627,9 +1620,6 @@ class XMLPullParserTest(unittest.TestCas + with self.assertRaises(ValueError): + ET.XMLPullParser(events=('start', 'end', 'bogus')) + +- @unittest.skipIf(pyexpat.version_info < (2, 6, 0), +- f'Expat {pyexpat.version_info} does not ' +- 'support reparse deferral') + def test_flush_reparse_deferral_enabled(self): + parser = ET.XMLPullParser(events=('start', 'end')) + +@@ -1656,8 +1646,6 @@ class XMLPullParserTest(unittest.TestCas + + for chunk in (""): + parser.feed(chunk) +- +- if pyexpat.version_info >= (2, 6, 0): + if not ET is pyET: + self.skipTest(f'XMLParser.(Get|Set)ReparseDeferralEnabled ' + 'methods not available in C') diff --git a/CVE-2023-52425-remove-reparse_deferral-tests.patch b/CVE-2023-52425-remove-reparse_deferral-tests.patch new file mode 100644 index 0000000..553bdf8 --- /dev/null +++ b/CVE-2023-52425-remove-reparse_deferral-tests.patch @@ -0,0 +1,60 @@ +--- + Lib/test/test_pyexpat.py | 2 ++ + Lib/test/test_sax.py | 2 ++ + Lib/test/test_xml_etree.py | 2 ++ + 3 files changed, 6 insertions(+) + +--- a/Lib/test/test_pyexpat.py ++++ b/Lib/test/test_pyexpat.py +@@ -768,6 +768,7 @@ class ReparseDeferralTest(unittest.TestC + parser.SetReparseDeferralEnabled(True) + self.assertIs(parser.GetReparseDeferralEnabled(), enabled) + ++ @unittest.skip('Tests are failing.') + def test_reparse_deferral_enabled(self): + if not is_expat_2_6_0: + self.skipTest("Linked libexpat doesn't support reparse deferral") +@@ -791,6 +792,7 @@ class ReparseDeferralTest(unittest.TestC + + self.assertEqual(started, ['doc']) + ++ @unittest.skip('Tests are failing.') + def test_reparse_deferral_disabled(self): + started = [] + +--- a/Lib/test/test_sax.py ++++ b/Lib/test/test_sax.py +@@ -1213,6 +1213,7 @@ class ExpatReaderTest(XmlTestBase): + + self.assertEqual(result.getvalue(), start + b"text") + ++ @unittest.skip('Tests are failing.') + def test_flush_reparse_deferral_enabled(self): + if not is_expat_2_6_0: + self.skipTest("Linked libexpat doesn't support reparse deferral") +@@ -1238,6 +1239,7 @@ class ExpatReaderTest(XmlTestBase): + + self.assertEqual(result.getvalue(), start + b"") + ++ @unittest.skip('Tests are failing.') + def test_flush_reparse_deferral_disabled(self): + if not is_expat_2_6_0: + self.skipTest("Linked libexpat doesn't support reparse deferral") +--- a/Lib/test/test_xml_etree.py ++++ b/Lib/test/test_xml_etree.py +@@ -1620,6 +1620,7 @@ class XMLPullParserTest(unittest.TestCas + with self.assertRaises(ValueError): + ET.XMLPullParser(events=('start', 'end', 'bogus')) + ++ @unittest.skip('Tests are failing.') + def test_flush_reparse_deferral_enabled(self): + parser = ET.XMLPullParser(events=('start', 'end')) + +@@ -1641,6 +1642,7 @@ class XMLPullParserTest(unittest.TestCas + + self.assert_event_tags(parser, [('end', 'doc')]) + ++ @unittest.skip('Tests are failing.') + def test_flush_reparse_deferral_disabled(self): + parser = ET.XMLPullParser(events=('start', 'end')) + diff --git a/CVE-2024-9287-venv_path_unquoted.patch b/CVE-2024-9287-venv_path_unquoted.patch new file mode 100644 index 0000000..541a907 --- /dev/null +++ b/CVE-2024-9287-venv_path_unquoted.patch @@ -0,0 +1,299 @@ +From 1408cc9bf9e8b19968761548c30b78d37074c21c Mon Sep 17 00:00:00 2001 +From: Y5 <124019959+y5c4l3@users.noreply.github.com> +Date: Tue, 22 Oct 2024 04:48:04 +0800 +Subject: [PATCH] gh-124651: Quote template strings in `venv` activation + scripts (GH-124712) + +This patch properly quotes template strings in `venv` activation +scripts. This mitigates potential command injection. + +(cherry picked from commit d48cc82ed25e26b02eb97c6263d95dcaa1e9111b) +--- + Lib/test/test_venv.py | 81 ++++++++++ + Lib/venv/__init__.py | 42 ++++- + Lib/venv/scripts/common/activate | 8 + Lib/venv/scripts/nt/activate.bat | 6 + Lib/venv/scripts/posix/activate.csh | 8 + Lib/venv/scripts/posix/activate.fish | 8 + Misc/NEWS.d/next/Library/2024-09-28-02-03-04.gh-issue-124651.bLBGtH.rst | 1 + 7 files changed, 134 insertions(+), 20 deletions(-) + create mode 100644 Misc/NEWS.d/next/Library/2024-09-28-02-03-04.gh-issue-124651.bLBGtH.rst + +--- a/Lib/test/test_venv.py ++++ b/Lib/test/test_venv.py +@@ -11,6 +11,7 @@ import os + import os.path + import pathlib + import re ++import shlex + import shutil + import struct + import subprocess +@@ -96,6 +97,10 @@ class BaseTest(unittest.TestCase): + result = f.read() + return result + ++ def assertEndsWith(self, string, tail): ++ if not string.endswith(tail): ++ self.fail(f"String {string!r} does not end with {tail!r}") ++ + class BasicTest(BaseTest): + """Test venv module functionality.""" + +@@ -446,6 +451,82 @@ class BasicTest(BaseTest): + 'import sys; print(sys.executable)']) + self.assertEqual(out.strip(), envpy.encode()) + ++ # gh-124651: test quoted strings ++ @unittest.skipIf(os.name == 'nt', 'contains invalid characters on Windows') ++ def test_special_chars_bash(self): ++ """ ++ Test that the template strings are quoted properly (bash) ++ """ ++ rmtree(self.env_dir) ++ bash = shutil.which('bash') ++ if bash is None: ++ self.skipTest('bash required for this test') ++ env_name = '"\';&&$e|\'"' ++ env_dir = os.path.join(os.path.realpath(self.env_dir), env_name) ++ builder = venv.EnvBuilder(clear=True) ++ builder.create(env_dir) ++ activate = os.path.join(env_dir, self.bindir, 'activate') ++ test_script = os.path.join(self.env_dir, 'test_special_chars.sh') ++ with open(test_script, "w") as f: ++ f.write(f'source {shlex.quote(activate)}\n' ++ 'python -c \'import sys; print(sys.executable)\'\n' ++ 'python -c \'import os; print(os.environ["VIRTUAL_ENV"])\'\n' ++ 'deactivate\n') ++ out, err = check_output([bash, test_script]) ++ lines = out.splitlines() ++ self.assertTrue(env_name.encode() in lines[0]) ++ self.assertEndsWith(lines[1], env_name.encode()) ++ ++ # gh-124651: test quoted strings ++ @unittest.skipIf(os.name == 'nt', 'contains invalid characters on Windows') ++ def test_special_chars_csh(self): ++ """ ++ Test that the template strings are quoted properly (csh) ++ """ ++ rmtree(self.env_dir) ++ csh = shutil.which('tcsh') or shutil.which('csh') ++ if csh is None: ++ self.skipTest('csh required for this test') ++ env_name = '"\';&&$e|\'"' ++ env_dir = os.path.join(os.path.realpath(self.env_dir), env_name) ++ builder = venv.EnvBuilder(clear=True) ++ builder.create(env_dir) ++ activate = os.path.join(env_dir, self.bindir, 'activate.csh') ++ test_script = os.path.join(self.env_dir, 'test_special_chars.csh') ++ with open(test_script, "w") as f: ++ f.write(f'source {shlex.quote(activate)}\n' ++ 'python -c \'import sys; print(sys.executable)\'\n' ++ 'python -c \'import os; print(os.environ["VIRTUAL_ENV"])\'\n' ++ 'deactivate\n') ++ out, err = check_output([csh, test_script]) ++ lines = out.splitlines() ++ self.assertTrue(env_name.encode() in lines[0]) ++ self.assertEndsWith(lines[1], env_name.encode()) ++ ++ # gh-124651: test quoted strings on Windows ++ @unittest.skipUnless(os.name == 'nt', 'only relevant on Windows') ++ def test_special_chars_windows(self): ++ """ ++ Test that the template strings are quoted properly on Windows ++ """ ++ rmtree(self.env_dir) ++ env_name = "'&&^$e" ++ env_dir = os.path.join(os.path.realpath(self.env_dir), env_name) ++ builder = venv.EnvBuilder(clear=True) ++ builder.create(env_dir) ++ activate = os.path.join(env_dir, self.bindir, 'activate.bat') ++ test_batch = os.path.join(self.env_dir, 'test_special_chars.bat') ++ with open(test_batch, "w") as f: ++ f.write('@echo off\n' ++ f'"{activate}" & ' ++ f'{self.exe} -c "import sys; print(sys.executable)" & ' ++ f'{self.exe} -c "import os; print(os.environ[\'VIRTUAL_ENV\'])" & ' ++ 'deactivate') ++ out, err = check_output([test_batch]) ++ lines = out.splitlines() ++ self.assertTrue(env_name.encode() in lines[0]) ++ self.assertEndsWith(lines[1], env_name.encode()) ++ + @unittest.skipUnless(os.name == 'nt', 'only relevant on Windows') + def test_unicode_in_batch_file(self): + """ +--- a/Lib/venv/__init__.py ++++ b/Lib/venv/__init__.py +@@ -11,6 +11,7 @@ import subprocess + import sys + import sysconfig + import types ++import shlex + + + CORE_VENV_DEPS = ('pip', 'setuptools') +@@ -394,11 +395,41 @@ class EnvBuilder: + :param context: The information for the environment creation request + being processed. + """ +- text = text.replace('__VENV_DIR__', context.env_dir) +- text = text.replace('__VENV_NAME__', context.env_name) +- text = text.replace('__VENV_PROMPT__', context.prompt) +- text = text.replace('__VENV_BIN_NAME__', context.bin_name) +- text = text.replace('__VENV_PYTHON__', context.env_exe) ++ replacements = { ++ '__VENV_DIR__': context.env_dir, ++ '__VENV_NAME__': context.env_name, ++ '__VENV_PROMPT__': context.prompt, ++ '__VENV_BIN_NAME__': context.bin_name, ++ '__VENV_PYTHON__': context.env_exe, ++ } ++ ++ def quote_ps1(s): ++ """ ++ This should satisfy PowerShell quoting rules [1], unless the quoted ++ string is passed directly to Windows native commands [2]. ++ [1]: https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_quoting_rules ++ [2]: https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_parsing#passing-arguments-that-contain-quote-characters ++ """ ++ s = s.replace("'", "''") ++ return f"'{s}'" ++ ++ def quote_bat(s): ++ return s ++ ++ # gh-124651: need to quote the template strings properly ++ quote = shlex.quote ++ script_path = context.script_path ++ if script_path.endswith('.ps1'): ++ quote = quote_ps1 ++ elif script_path.endswith('.bat'): ++ quote = quote_bat ++ else: ++ # fallbacks to POSIX shell compliant quote ++ quote = shlex.quote ++ ++ replacements = {key: quote(s) for key, s in replacements.items()} ++ for key, quoted in replacements.items(): ++ text = text.replace(key, quoted) + return text + + def install_scripts(self, context, path): +@@ -438,6 +469,7 @@ class EnvBuilder: + with open(srcfile, 'rb') as f: + data = f.read() + if not srcfile.endswith(('.exe', '.pdb')): ++ context.script_path = srcfile + try: + data = data.decode('utf-8') + data = self.replace_variables(data, context) +--- a/Lib/venv/scripts/common/activate ++++ b/Lib/venv/scripts/common/activate +@@ -35,11 +35,11 @@ deactivate () { + # unset irrelevant variables + deactivate nondestructive + +-VIRTUAL_ENV="__VENV_DIR__" ++VIRTUAL_ENV=__VENV_DIR__ + export VIRTUAL_ENV + + _OLD_VIRTUAL_PATH="$PATH" +-PATH="$VIRTUAL_ENV/__VENV_BIN_NAME__:$PATH" ++PATH="$VIRTUAL_ENV/"__VENV_BIN_NAME__":$PATH" + export PATH + + # unset PYTHONHOME if set +@@ -52,9 +52,9 @@ fi + + if [ -z "${VIRTUAL_ENV_DISABLE_PROMPT:-}" ] ; then + _OLD_VIRTUAL_PS1="${PS1:-}" +- PS1="__VENV_PROMPT__${PS1:-}" ++ PS1=__VENV_PROMPT__"${PS1:-}" + export PS1 +- VIRTUAL_ENV_PROMPT="__VENV_PROMPT__" ++ VIRTUAL_ENV_PROMPT=__VENV_PROMPT__ + export VIRTUAL_ENV_PROMPT + fi + +--- a/Lib/venv/scripts/nt/activate.bat ++++ b/Lib/venv/scripts/nt/activate.bat +@@ -8,7 +8,7 @@ if defined _OLD_CODEPAGE ( + "%SystemRoot%\System32\chcp.com" 65001 > nul + ) + +-set VIRTUAL_ENV=__VENV_DIR__ ++set "VIRTUAL_ENV=__VENV_DIR__" + + if not defined PROMPT set PROMPT=$P$G + +@@ -24,8 +24,8 @@ set PYTHONHOME= + if defined _OLD_VIRTUAL_PATH set PATH=%_OLD_VIRTUAL_PATH% + if not defined _OLD_VIRTUAL_PATH set _OLD_VIRTUAL_PATH=%PATH% + +-set PATH=%VIRTUAL_ENV%\__VENV_BIN_NAME__;%PATH% +-set VIRTUAL_ENV_PROMPT=__VENV_PROMPT__ ++set "PATH=%VIRTUAL_ENV%\__VENV_BIN_NAME__;%PATH%" ++set "VIRTUAL_ENV_PROMPT=__VENV_PROMPT__" + + :END + if defined _OLD_CODEPAGE ( +--- a/Lib/venv/scripts/posix/activate.csh ++++ b/Lib/venv/scripts/posix/activate.csh +@@ -8,17 +8,17 @@ alias deactivate 'test $?_OLD_VIRTUAL_PA + # Unset irrelevant variables. + deactivate nondestructive + +-setenv VIRTUAL_ENV "__VENV_DIR__" ++setenv VIRTUAL_ENV __VENV_DIR__ + + set _OLD_VIRTUAL_PATH="$PATH" +-setenv PATH "$VIRTUAL_ENV/__VENV_BIN_NAME__:$PATH" ++setenv PATH "$VIRTUAL_ENV/"__VENV_BIN_NAME__":$PATH" + + + set _OLD_VIRTUAL_PROMPT="$prompt" + + if (! "$?VIRTUAL_ENV_DISABLE_PROMPT") then +- set prompt = "__VENV_PROMPT__$prompt" +- setenv VIRTUAL_ENV_PROMPT "__VENV_PROMPT__" ++ set prompt = __VENV_PROMPT__"$prompt" ++ setenv VIRTUAL_ENV_PROMPT __VENV_PROMPT__ + endif + + alias pydoc python -m pydoc +--- a/Lib/venv/scripts/posix/activate.fish ++++ b/Lib/venv/scripts/posix/activate.fish +@@ -33,10 +33,10 @@ end + # Unset irrelevant variables. + deactivate nondestructive + +-set -gx VIRTUAL_ENV "__VENV_DIR__" ++set -gx VIRTUAL_ENV __VENV_DIR__ + + set -gx _OLD_VIRTUAL_PATH $PATH +-set -gx PATH "$VIRTUAL_ENV/__VENV_BIN_NAME__" $PATH ++set -gx PATH "$VIRTUAL_ENV/"__VENV_BIN_NAME__ $PATH + + # Unset PYTHONHOME if set. + if set -q PYTHONHOME +@@ -56,7 +56,7 @@ if test -z "$VIRTUAL_ENV_DISABLE_PROMPT" + set -l old_status $status + + # Output the venv prompt; color taken from the blue of the Python logo. +- printf "%s%s%s" (set_color 4B8BBE) "__VENV_PROMPT__" (set_color normal) ++ printf "%s%s%s" (set_color 4B8BBE) __VENV_PROMPT__ (set_color normal) + + # Restore the return status of the previous command. + echo "exit $old_status" | . +@@ -65,5 +65,5 @@ if test -z "$VIRTUAL_ENV_DISABLE_PROMPT" + end + + set -gx _OLD_FISH_PROMPT_OVERRIDE "$VIRTUAL_ENV" +- set -gx VIRTUAL_ENV_PROMPT "__VENV_PROMPT__" ++ set -gx VIRTUAL_ENV_PROMPT __VENV_PROMPT__ + end +--- /dev/null ++++ b/Misc/NEWS.d/next/Library/2024-09-28-02-03-04.gh-issue-124651.bLBGtH.rst +@@ -0,0 +1 @@ ++Properly quote template strings in :mod:`venv` activation scripts. diff --git a/F00251-change-user-install-location.patch b/F00251-change-user-install-location.patch new file mode 100644 index 0000000..fa38a94 --- /dev/null +++ b/F00251-change-user-install-location.patch @@ -0,0 +1,215 @@ +From 910f38d9768d39d4d31426743ae4081ed1ab66b6 Mon Sep 17 00:00:00 2001 +From: Michal Cyprian +Date: Mon, 26 Jun 2017 16:32:56 +0200 +Subject: [PATCH] 00251: Change user install location + +Set values of prefix and exec_prefix in distutils install command +to /usr/local if executable is /usr/bin/python* and RPM build +is not detected to make pip and distutils install into separate location. + +Fedora Change: https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe +--- + Lib/distutils/command/install.py | 15 +++++++++++++-- + Lib/site.py | 9 ++++++++- + 2 files changed, 21 insertions(+), 3 deletions(-) + +Index: Python-3.11.8/Lib/distutils/command/install.py +=================================================================== +--- Python-3.11.8.orig/Lib/distutils/command/install.py ++++ Python-3.11.8/Lib/distutils/command/install.py +@@ -441,8 +441,19 @@ class install(Command): + raise DistutilsOptionError( + "must not supply exec-prefix without prefix") + +- self.prefix = os.path.normpath(sys.prefix) +- self.exec_prefix = os.path.normpath(sys.exec_prefix) ++ # self.prefix is set to sys.prefix + /local/ ++ # if neither RPM build nor virtual environment is ++ # detected to make pip and distutils install packages ++ # into the separate location. ++ if (not (hasattr(sys, 'real_prefix') or ++ sys.prefix != sys.base_prefix) and ++ 'RPM_BUILD_ROOT' not in os.environ): ++ addition = "/local" ++ else: ++ addition = "" ++ ++ self.prefix = os.path.normpath(sys.prefix) + addition ++ self.exec_prefix = os.path.normpath(sys.exec_prefix) + addition + + else: + if self.exec_prefix is None: +Index: Python-3.11.8/Lib/site.py +=================================================================== +--- Python-3.11.8.orig/Lib/site.py ++++ Python-3.11.8/Lib/site.py +@@ -387,8 +387,15 @@ def getsitepackages(prefixes=None): + return sitepackages + + def addsitepackages(known_paths, prefixes=None): +- """Add site-packages to sys.path""" ++ """Add site-packages to sys.path ++ ++ '/usr/local' is included in PREFIXES if RPM build is not detected ++ to make packages installed into this location visible. ++ ++ """ + _trace("Processing global site-packages") ++ if ENABLE_USER_SITE and 'RPM_BUILD_ROOT' not in os.environ: ++ PREFIXES.insert(0, "/usr/local") + for sitedir in getsitepackages(prefixes): + if os.path.isdir(sitedir): + addsitedir(sitedir, known_paths) + +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= +Date: Mon, 15 Feb 2021 12:19:27 +0100 +Subject: [PATCH] 00251: Change user install location +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Set values of base and platbase in sysconfig from /usr +to /usr/local when RPM build is not detected +to make pip and similar tools install into separate location. + +Fedora Change: https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe +Downstream only. + +We've tried to rework in Fedora 36/Python 3.10 to follow https://bugs.python.org/issue43976 +but we have identified serious problems with that approach, +see https://bugzilla.redhat.com/2026979 or https://bugzilla.redhat.com/2097183 + +pypa/distutils integration: https://github.com/pypa/distutils/pull/70 + +Co-authored-by: Petr Viktorin +Co-authored-by: Miro Hrončok +Co-authored-by: Michal Cyprian +Co-authored-by: Lumír Balhar +--- + Lib/site.py | 9 ++++++- + Lib/sysconfig.py | 49 +++++++++++++++++++++++++++++++++++++- + Lib/test/test_sysconfig.py | 17 +++++++++++-- + 3 files changed, 71 insertions(+), 4 deletions(-) + +Index: Python-3.11.9/Lib/sysconfig.py +=================================================================== +--- Python-3.11.9.orig/Lib/sysconfig.py ++++ Python-3.11.9/Lib/sysconfig.py +@@ -103,6 +103,11 @@ if os.name == 'nt': + else: + _INSTALL_SCHEMES['venv'] = _INSTALL_SCHEMES['posix_venv'] + ++# For a brief period of time in the Fedora 36 life cycle, ++# this installation scheme existed and was documented in the release notes. ++# For backwards compatibility, we keep it here (at least on 3.10 and 3.11). ++_INSTALL_SCHEMES['rpm_prefix'] = _INSTALL_SCHEMES['posix_prefix'] ++ + + # NOTE: site.py has copy of this function. + # Sync it when modify this function. +@@ -162,6 +167,19 @@ if _HAS_USER_BASE: + }, + } + ++# This is used by distutils.command.install in the stdlib ++# as well as pypa/distutils (e.g. bundled in setuptools). ++# The self.prefix value is set to sys.prefix + /local/ ++# if neither RPM build nor virtual environment is ++# detected to make distutils install packages ++# into the separate location. ++# https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe ++if (not (hasattr(sys, 'real_prefix') or ++ sys.prefix != sys.base_prefix) and ++ 'RPM_BUILD_ROOT' not in os.environ): ++ _prefix_addition = '/local' ++ ++ + _SCHEME_KEYS = ('stdlib', 'platstdlib', 'purelib', 'platlib', 'include', + 'scripts', 'data') + +@@ -258,11 +276,40 @@ def _extend_dict(target_dict, other_dict + target_dict[key] = value + + ++_CONFIG_VARS_LOCAL = None ++ ++ ++def _config_vars_local(): ++ # This function returns the config vars with prefixes amended to /usr/local ++ # https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe ++ global _CONFIG_VARS_LOCAL ++ if _CONFIG_VARS_LOCAL is None: ++ _CONFIG_VARS_LOCAL = dict(get_config_vars()) ++ _CONFIG_VARS_LOCAL['base'] = '/usr/local' ++ _CONFIG_VARS_LOCAL['platbase'] = '/usr/local' ++ return _CONFIG_VARS_LOCAL ++ ++ + def _expand_vars(scheme, vars): + res = {} + if vars is None: + vars = {} +- _extend_dict(vars, get_config_vars()) ++ ++ # when we are not in a virtual environment or an RPM build ++ # we change '/usr' to '/usr/local' ++ # to avoid surprises, we explicitly check for the /usr/ prefix ++ # Python virtual environments have different prefixes ++ # we only do this for posix_prefix, not to mangle the venv scheme ++ # posix_prefix is used by sudo pip install ++ # we only change the defaults here, so explicit --prefix will take precedence ++ # https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe ++ if (scheme == 'posix_prefix' and ++ _PREFIX == '/usr' and ++ 'RPM_BUILD_ROOT' not in os.environ): ++ _extend_dict(vars, _config_vars_local()) ++ else: ++ _extend_dict(vars, get_config_vars()) ++ + if os.name == 'nt': + # On Windows we want to substitute 'lib' for schemes rather + # than the native value (without modifying vars, in case it +Index: Python-3.11.9/Lib/test/test_sysconfig.py +=================================================================== +--- Python-3.11.9.orig/Lib/test/test_sysconfig.py ++++ Python-3.11.9/Lib/test/test_sysconfig.py +@@ -111,8 +111,19 @@ class TestSysConfig(unittest.TestCase): + for scheme in _INSTALL_SCHEMES: + for name in _INSTALL_SCHEMES[scheme]: + expected = _INSTALL_SCHEMES[scheme][name].format(**config_vars) ++ tested = get_path(name, scheme) ++ # https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe ++ if tested.startswith('/usr/local'): ++ # /usr/local should only be used in posix_prefix ++ self.assertEqual(scheme, 'posix_prefix') ++ # Fedora CI runs tests for venv and virtualenv that check for other prefixes ++ self.assertEqual(sys.prefix, '/usr') ++ # When building the RPM of Python, %check runs this with RPM_BUILD_ROOT set ++ # Fedora CI runs this with RPM_BUILD_ROOT unset ++ self.assertNotIn('RPM_BUILD_ROOT', os.environ) ++ tested = tested.replace('/usr/local', '/usr') + self.assertEqual( +- os.path.normpath(get_path(name, scheme)), ++ os.path.normpath(tested), + os.path.normpath(expected), + ) + +@@ -345,7 +356,7 @@ class TestSysConfig(unittest.TestCase): + self.assertTrue(os.path.isfile(config_h), config_h) + + def test_get_scheme_names(self): +- wanted = ['nt', 'posix_home', 'posix_prefix', 'posix_venv', 'nt_venv', 'venv'] ++ wanted = ['nt', 'posix_home', 'posix_prefix', 'posix_venv', 'nt_venv', 'venv', 'rpm_prefix'] + if HAS_USER_BASE: + wanted.extend(['nt_user', 'osx_framework_user', 'posix_user']) + self.assertEqual(get_scheme_names(), tuple(sorted(wanted))) +@@ -357,6 +368,8 @@ class TestSysConfig(unittest.TestCase): + cmd = "-c", "import sysconfig; print(sysconfig.get_platform())" + self.assertEqual(py.call_real(*cmd), py.call_link(*cmd)) + ++ @unittest.skipIf('RPM_BUILD_ROOT' not in os.environ, ++ "Test doesn't expect Fedora's paths") + def test_user_similar(self): + # Issue #8759: make sure the posix scheme for the users + # is similar to the global posix_prefix one diff --git a/PACKAGING-NOTES b/PACKAGING-NOTES new file mode 100644 index 0000000..e28c88c --- /dev/null +++ b/PACKAGING-NOTES @@ -0,0 +1,26 @@ +Notes for packagers of Python3 +============================== + +0. Faster build turnaround +-------------------------- + +By default, python builds with profile-guided optimization. This needs +an additional run of the test suite and it is generally slow. +PGO build takes around 50 minutes. + +For development, use "--without profileopt" option to disable PGO. This +shortens the build time to ~5 minutes including test suite. + +1. import_failed.map +---------------------- + +This is a mechanism installed as part of python3-base, that places shim modules +on python's path (through a generated zzzz-import-failed-hooks.pth file, so that +it is imported as much at the end as makes sense; and an _import_failed subdir +of /usr/lib/pythonX.Y). Then when the user tries to import a module that is part +of a subpackage, the ImportError will contain a helpful message telling them +which missing subpackage to install. + +This can sometimes cause problems on non-standard configurations, if the pth +gets included too early (for instance if you are using a script to include all +pths by hand in some strange order). Just something to look out for. diff --git a/Python-3.11.10.tar.xz b/Python-3.11.10.tar.xz new file mode 100644 index 0000000..f87e7ad --- /dev/null +++ b/Python-3.11.10.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:07a4356e912900e61a15cb0949a06c4a05012e213ecd6b4e84d0f67aabbee372 +size 20067656 diff --git a/Python-3.11.10.tar.xz.asc b/Python-3.11.10.tar.xz.asc new file mode 100644 index 0000000..243d1b1 --- /dev/null +++ b/Python-3.11.10.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEz9yiRbEEPPKl+Xhl/+h0BBaL2EcFAmbbrO0ACgkQ/+h0BBaL +2Ec+YBAAnQJLKYPjj7Yr7xkFU655Sv86JxeRAdWjnIapbiIuWg3Up8Pd8FTRgHGf +3XdTHw7b03lSjtzJwavzdnDklqAlBIGn9dVieljUIN7NYyNxoYOr/AiatimgSwv7 +dI5mfun5fLKV6ZcdNdQN5PJ3RZtF3I7VfkN2mlfZJHtxl1agdU/TfW2L+qJ7+JPY +cayjq2xKTLRNXOf2iV29GRRovLiqA+Dx0+cAwsScwreHMp3U4k3GkeHVoR6fldV4 +bVAM8GRl3CYVFePiqAbamKP1BSys44JOINWbWyd94JxzEAwXWz//Es0h73AzeRfK +ueORqzdoOGrVc74+HGlAHhqO1Gg7jMMmtkzCEuav+cGHYnMRMOngGR3q47aTJTVb +5UdP0oD4OlADPFVa6q0LCqN/IFlebWMh9pXYw7Wpek63oNuZHTfNPq4S1AUM2HJm +C3yzaOG9VAdYfLneJC4ldY4CVt1FKckfaXp5OAaMr71DI74e4CcEswlUupZJLZKV +TJRjQD15bnXGhHDqU4w3RmzpCWMh2mf4m4VMYQyObl3TtlX+gVvzIhDS5+mXqutB +F1pdXwaHHkTb2PLLxpwOGrnsp8XoW74tsylcYirQg8jSFMbgxfwgIjEIuRGXeDkT +B4QzmQ4SxsbLiH7etV6Fznl1h569Z4DO9OOs4i0ZzIjdhPDQtAs= +=TatG +-----END PGP SIGNATURE----- diff --git a/README.SUSE b/README.SUSE new file mode 100644 index 0000000..0053bcf --- /dev/null +++ b/README.SUSE @@ -0,0 +1,43 @@ +Python 3 in SUSE +============== + +* Subpackages * + +Python 3 is split into several subpackages, based on external dependencies. +The main package 'python3' has soft dependencies on all subpackages needed to +assemble the standard library; however, these might not all be installed by default. + +If you attempt to import a module that is currently not installed, an ImportError is thrown, +with instructions to install the missing subpackage. Installing the subpackage might result +in installing libraries that the subpackage requires to function. + + +* ensurepip * + +The 'ensurepip' module from Python 3 standard library (PEP 453) is supposed to deploy +a bundled copy of the pip installer. This makes no sense in a managed distribution like SUSE. +Instead, you need to install package 'python3-pip'. Usually this will be installed automatically +with 'python3'. + +Using 'ensurepip' when pip is not installed will result in an ImportError with instructions +to install 'python3-pip'. + + +* Documentation * + +You can find documentation in seprarate packages: python3-doc and +python3-doc-pdf. These contan following documents: + + Tutorial, What's New in Python, Global Module Index, Library Reference, + Macintosh Module Reference, Installing Python Modules, Distributing Python + Modules, Language Reference, Extending and Embedding, Python/C API, + Documenting Python + +The python3-doc package constains many text files from source tarball. + + +* Interactive mode * + +Interactive mode is by default enhanced with of history and command completion. +If you don't like these features, you can unset the PYTHONSTARTUP variable +in your .profile or disable it system wide in /etc/profile.d/python.sh. diff --git a/_multibuild b/_multibuild new file mode 100644 index 0000000..1d50bc4 --- /dev/null +++ b/_multibuild @@ -0,0 +1,4 @@ + + base + doc + diff --git a/baselibs.conf b/baselibs.conf new file mode 100644 index 0000000..1793de8 --- /dev/null +++ b/baselibs.conf @@ -0,0 +1,3 @@ +python311-base +python311 +libpython3_11-1_0 diff --git a/bluez-devel-vendor.tar.xz b/bluez-devel-vendor.tar.xz new file mode 100644 index 0000000..57fb3e5 --- /dev/null +++ b/bluez-devel-vendor.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:868fbfba2ddaed62f2c45cf869fe2c648527ac3bac738f4f41f3c2872f5b0211 +size 25040 diff --git a/bpo-31046_ensurepip_honours_prefix.patch b/bpo-31046_ensurepip_honours_prefix.patch new file mode 100644 index 0000000..86882ae --- /dev/null +++ b/bpo-31046_ensurepip_honours_prefix.patch @@ -0,0 +1,173 @@ +From 5754521af1d51aa8e445cba07a093bbc0c88596d Mon Sep 17 00:00:00 2001 +From: Zackery Spytz +Date: Mon, 16 Dec 2019 18:24:08 -0700 +Subject: [PATCH] bpo-31046: ensurepip does not honour the value of $(prefix) + +Co-Authored-By: Xavier de Gaye +--- + Doc/library/ensurepip.rst | 9 +++-- + Lib/ensurepip/__init__.py | 18 +++++++--- + Lib/test/test_ensurepip.py | 11 ++++++ + Makefile.pre.in | 4 +- + Misc/NEWS.d/next/Build/2019-12-16-17-50-42.bpo-31046.XA-Qfr.rst | 1 + 5 files changed, 34 insertions(+), 9 deletions(-) + create mode 100644 Misc/NEWS.d/next/Build/2019-12-16-17-50-42.bpo-31046.XA-Qfr.rst + +Index: Python-3.11.8/Doc/library/ensurepip.rst +=================================================================== +--- Python-3.11.8.orig/Doc/library/ensurepip.rst ++++ Python-3.11.8/Doc/library/ensurepip.rst +@@ -59,7 +59,9 @@ is at least as recent as the one availab + By default, ``pip`` is installed into the current virtual environment + (if one is active) or into the system site packages (if there is no + active virtual environment). The installation location can be controlled +-through two additional command line options: ++through some additional command line options: ++ ++* ``--prefix ``: Installs ``pip`` using the given directory prefix. + + * :samp:`--root {dir}`: Installs ``pip`` relative to the given root directory + rather than the root of the currently active virtual environment (if any) +@@ -92,7 +94,7 @@ Module API + Returns a string specifying the available version of pip that will be + installed when bootstrapping an environment. + +-.. function:: bootstrap(root=None, upgrade=False, user=False, \ ++.. function:: bootstrap(root=None, prefix=None, upgrade=False, user=False, \ + altinstall=False, default_pip=False, \ + verbosity=0) + +@@ -102,6 +104,8 @@ Module API + If *root* is ``None``, then installation uses the default install location + for the current environment. + ++ *prefix* specifies the directory prefix to use when installing. ++ + *upgrade* indicates whether or not to upgrade an existing installation + of an earlier version of ``pip`` to the available version. + +@@ -122,6 +126,8 @@ Module API + *verbosity* controls the level of output to :data:`sys.stdout` from the + bootstrapping operation. + ++ .. versionchanged:: 3.9 the *prefix* parameter was added. ++ + .. audit-event:: ensurepip.bootstrap root ensurepip.bootstrap + + .. note:: +Index: Python-3.11.8/Lib/ensurepip/__init__.py +=================================================================== +--- Python-3.11.8.orig/Lib/ensurepip/__init__.py ++++ Python-3.11.8/Lib/ensurepip/__init__.py +@@ -122,27 +122,27 @@ def _disable_pip_configuration_settings( + os.environ['PIP_CONFIG_FILE'] = os.devnull + + +-def bootstrap(*, root=None, upgrade=False, user=False, ++def bootstrap(*, root=None, prefix=None, upgrade=False, user=False, + altinstall=False, default_pip=False, + verbosity=0): + """ + Bootstrap pip into the current Python installation (or the given root +- directory). ++ and directory prefix). + + Note that calling this function will alter both sys.path and os.environ. + """ + # Discard the return value +- _bootstrap(root=root, upgrade=upgrade, user=user, ++ _bootstrap(root=root, prefix=prefix, upgrade=upgrade, user=user, + altinstall=altinstall, default_pip=default_pip, + verbosity=verbosity) + + +-def _bootstrap(*, root=None, upgrade=False, user=False, ++def _bootstrap(*, root=None, prefix=None, upgrade=False, user=False, + altinstall=False, default_pip=False, + verbosity=0): + """ + Bootstrap pip into the current Python installation (or the given root +- directory). Returns pip command status code. ++ and directory prefix). Returns pip command status code. + + Note that calling this function will alter both sys.path and os.environ. + """ +@@ -192,6 +192,8 @@ def _bootstrap(*, root=None, upgrade=Fal + args = ["install", "--no-cache-dir", "--no-index", "--find-links", tmpdir] + if root: + args += ["--root", root] ++ if prefix: ++ args += ["--prefix", prefix] + if upgrade: + args += ["--upgrade"] + if user: +@@ -267,6 +269,11 @@ def _main(argv=None): + help="Install everything relative to this alternate root directory.", + ) + parser.add_argument( ++ "--prefix", ++ default=None, ++ help="Install everything using this prefix.", ++ ) ++ parser.add_argument( + "--altinstall", + action="store_true", + default=False, +@@ -285,6 +292,7 @@ def _main(argv=None): + + return _bootstrap( + root=args.root, ++ prefix=args.prefix, + upgrade=args.upgrade, + user=args.user, + verbosity=args.verbosity, +Index: Python-3.11.8/Lib/test/test_ensurepip.py +=================================================================== +--- Python-3.11.8.orig/Lib/test/test_ensurepip.py ++++ Python-3.11.8/Lib/test/test_ensurepip.py +@@ -112,6 +112,17 @@ class TestBootstrap(EnsurepipMixin, unit + unittest.mock.ANY, + ) + ++ def test_bootstrapping_with_prefix(self): ++ ensurepip.bootstrap(prefix="/foo/bar/") ++ self.run_pip.assert_called_once_with( ++ [ ++ "install", "--no-cache-dir", "--no-index", "--find-links", ++ unittest.mock.ANY, "--prefix", "/foo/bar/", ++ "setuptools", "pip", ++ ], ++ unittest.mock.ANY, ++ ) ++ + def test_bootstrapping_with_user(self): + ensurepip.bootstrap(user=True) + +Index: Python-3.11.8/Makefile.pre.in +=================================================================== +--- Python-3.11.8.orig/Makefile.pre.in ++++ Python-3.11.8/Makefile.pre.in +@@ -1761,7 +1761,7 @@ install: @FRAMEWORKINSTALLFIRST@ commoni + install|*) ensurepip="" ;; \ + esac; \ + $(RUNSHARED) $(PYTHON_FOR_BUILD) -m ensurepip \ +- $$ensurepip --root=$(DESTDIR)/ ; \ ++ $$ensurepip --root=$(DESTDIR)/ --prefix=$(prefix) ; \ + fi + + altinstall: commoninstall +@@ -1771,7 +1771,7 @@ altinstall: commoninstall + install|*) ensurepip="--altinstall" ;; \ + esac; \ + $(RUNSHARED) $(PYTHON_FOR_BUILD) -m ensurepip \ +- $$ensurepip --root=$(DESTDIR)/ ; \ ++ $$ensurepip --root=$(DESTDIR)/ --prefix=$(prefix) ; \ + fi + + commoninstall: check-clean-src @FRAMEWORKALTINSTALLFIRST@ \ +Index: Python-3.11.8/Misc/NEWS.d/next/Build/2019-12-16-17-50-42.bpo-31046.XA-Qfr.rst +=================================================================== +--- /dev/null ++++ Python-3.11.8/Misc/NEWS.d/next/Build/2019-12-16-17-50-42.bpo-31046.XA-Qfr.rst +@@ -0,0 +1 @@ ++A directory prefix can now be specified when using :mod:`ensurepip`. diff --git a/bsc1221260-test_asyncio-ResourceWarning.patch b/bsc1221260-test_asyncio-ResourceWarning.patch new file mode 100644 index 0000000..15d6b8d --- /dev/null +++ b/bsc1221260-test_asyncio-ResourceWarning.patch @@ -0,0 +1,21 @@ +From a3052035485bd2836e40f5284657ca105382cbfd Mon Sep 17 00:00:00 2001 +From: sobolevn +Date: Tue, 5 Mar 2024 20:24:16 +0300 +Subject: [PATCH] gh-116112: Fix `ResourceWarning` in + `test_asyncio.test_stream` + +Co-authored-by: @CendioOssman +--- + Lib/test/test_asyncio/test_streams.py | 1 + + 1 file changed, 1 insertion(+) + +--- a/Lib/test/test_asyncio/test_streams.py ++++ b/Lib/test/test_asyncio/test_streams.py +@@ -1156,6 +1156,7 @@ os.close(fd) + + def test_unhandled_cancel(self): + async def handle_echo(reader, writer): ++ writer.close() + asyncio.current_task().cancel() + messages = self._basetest_unhandled_exceptions(handle_echo) + self.assertEqual(messages, []) diff --git a/bso1227999-reproducible-builds.patch b/bso1227999-reproducible-builds.patch new file mode 100644 index 0000000..fb33d18 --- /dev/null +++ b/bso1227999-reproducible-builds.patch @@ -0,0 +1,37 @@ +From ac2b8869724d7a57d9b5efbdce2f20423214e8bb Mon Sep 17 00:00:00 2001 +From: "Bernhard M. Wiedemann" +Date: Tue, 16 Jul 2024 21:39:33 +0200 +Subject: [PATCH] Allow to override build date with SOURCE_DATE_EPOCH + +to make builds reproducible. +See https://reproducible-builds.org/ for why this is good +and https://reproducible-builds.org/specs/source-date-epoch/ +for the definition of this variable. +--- + Doc/conf.py | 3 ++- + Doc/library/functions.rst | 2 +- + 2 files changed, 3 insertions(+), 2 deletions(-) + +--- a/Doc/conf.py ++++ b/Doc/conf.py +@@ -316,7 +316,8 @@ html_context = { + } + + # This 'Last updated on:' timestamp is inserted at the bottom of every page. +-html_last_updated_fmt = time.strftime('%b %d, %Y (%H:%M UTC)', time.gmtime()) ++html_time = int(os.environ.get('SOURCE_DATE_EPOCH', time.time())) ++html_last_updated_fmt = time.strftime('%b %d, %Y (%H:%M UTC)', time.gmtime(html_time)) + + # Path to find HTML templates. + templates_path = ['tools/templates'] +--- a/Doc/library/functions.rst ++++ b/Doc/library/functions.rst +@@ -1356,7 +1356,7 @@ are always available. They are listed h + (where :func:`open` is declared), :mod:`os`, :mod:`os.path`, :mod:`tempfile`, + and :mod:`shutil`. + +- .. audit-event:: open file,mode,flags open ++ .. audit-event:: open path,mode,flags open + + The ``mode`` and ``flags`` arguments may have been modified or inferred from + the original call. diff --git a/distutils-reproducible-compile.patch b/distutils-reproducible-compile.patch new file mode 100644 index 0000000..17e8bd2 --- /dev/null +++ b/distutils-reproducible-compile.patch @@ -0,0 +1,17 @@ +--- + Lib/distutils/util.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +Index: Python-3.11.8/Lib/distutils/util.py +=================================================================== +--- Python-3.11.8.orig/Lib/distutils/util.py ++++ Python-3.11.8/Lib/distutils/util.py +@@ -436,7 +436,7 @@ byte_compile(files, optimize=%r, force=% + else: + from py_compile import compile + +- for file in py_files: ++ for file in sorted(py_files): + if file[-3:] != ".py": + # This lets us be lazy and not filter filenames in + # the "install_lib" command. diff --git a/externally_managed.in b/externally_managed.in new file mode 100644 index 0000000..54606b6 --- /dev/null +++ b/externally_managed.in @@ -0,0 +1,12 @@ +[externally-managed] +Error=To install Python packages system-wide, try + zypper install __PYTHONPREFIX__-xyz, where xyz is the package + you are trying to install. + + If you wish to install a non-rpm packaged Python package, + create a virtual environment using __PYTHON__ -m venv path/to/venv. + Then use path/to/venv/bin/python and path/to/venv/bin/pip. + + If you wish to install a non-rpm packaged Python application, + it may be easiest to use `pipx install xyz`, which will manage a + virtual environment for you. Install pipx via `zypper install __PYTHONPREFIX__-pipx` . diff --git a/fix_configure_rst.patch b/fix_configure_rst.patch new file mode 100644 index 0000000..7c6fd0e --- /dev/null +++ b/fix_configure_rst.patch @@ -0,0 +1,40 @@ +--- + Doc/using/configure.rst | 3 --- + Misc/NEWS | 2 +- + 2 files changed, 1 insertion(+), 4 deletions(-) + +--- a/Doc/using/configure.rst ++++ b/Doc/using/configure.rst +@@ -43,7 +43,6 @@ General Options + + See :data:`sys.int_info.bits_per_digit `. + +-.. option:: --with-cxx-main + .. option:: --with-cxx-main=COMPILER + + Compile the Python ``main()`` function and link Python executable with C++ +@@ -529,13 +528,11 @@ macOS Options + + See ``Mac/README.rst``. + +-.. option:: --enable-universalsdk + .. option:: --enable-universalsdk=SDKDIR + + Create a universal binary build. *SDKDIR* specifies which macOS SDK should + be used to perform the build (default is no). + +-.. option:: --enable-framework + .. option:: --enable-framework=INSTALLDIR + + Create a Python.framework rather than a traditional Unix install. Optional +--- a/Misc/NEWS ++++ b/Misc/NEWS +@@ -9774,7 +9774,7 @@ C API + - bpo-40939: Removed documentation for the removed ``PyParser_*`` C API. + + - bpo-43795: The list in :ref:`limited-api-list` now shows the public name +- :c:struct:`PyFrameObject` rather than ``_frame``. The non-existing entry ++ :c:type:`PyFrameObject` rather than ``_frame``. The non-existing entry + ``_node`` no longer appears in the list. + + - bpo-44378: :c:func:`Py_IS_TYPE` no longer uses :c:func:`Py_TYPE` to avoid diff --git a/gh120226-fix-sendfile-test-kernel-610.patch b/gh120226-fix-sendfile-test-kernel-610.patch new file mode 100644 index 0000000..2eb6f63 --- /dev/null +++ b/gh120226-fix-sendfile-test-kernel-610.patch @@ -0,0 +1,35 @@ +From 1b3f6523a5c83323cdc44031b33a1c062e5dc698 Mon Sep 17 00:00:00 2001 +From: Xi Ruoyao +Date: Fri, 7 Jun 2024 23:51:32 +0800 +Subject: [PATCH] gh-120226: Fix + test_sendfile_close_peer_in_the_middle_of_receiving on Linux >= 6.10 + (GH-120227) + +The worst case is that the kernel buffers 17 pages with a page size of 64k. +(cherry picked from commit a7584245661102a5768c643fbd7db8395fd3c90e) + +Co-authored-by: Xi Ruoyao +--- + Lib/test/test_asyncio/test_sendfile.py | 11 ++++------- + 1 file changed, 4 insertions(+), 7 deletions(-) + +--- a/Lib/test/test_asyncio/test_sendfile.py ++++ b/Lib/test/test_asyncio/test_sendfile.py +@@ -93,13 +93,10 @@ class MyProto(asyncio.Protocol): + + class SendfileBase: + +- # 256 KiB plus small unaligned to buffer chunk +- # Newer versions of Windows seems to have increased its internal +- # buffer and tries to send as much of the data as it can as it +- # has some form of buffering for this which is less than 256KiB +- # on newer server versions and Windows 11. +- # So DATA should be larger than 256 KiB to make this test reliable. +- DATA = b"x" * (1024 * 256 + 1) ++ # Linux >= 6.10 seems buffering up to 17 pages of data. ++ # So DATA should be large enough to make this test reliable even with a ++ # 64 KiB page configuration. ++ DATA = b"x" * (1024 * 17 * 64 + 1) + # Reduce socket buffer size to test on relative small data sets. + BUF_SIZE = 4 * 1024 # 4 KiB + diff --git a/idle3.appdata.xml b/idle3.appdata.xml new file mode 100644 index 0000000..554b7c4 --- /dev/null +++ b/idle3.appdata.xml @@ -0,0 +1,35 @@ + + + + + idle3.desktop + IDLE3 + CC0 + Python-2.0 + Python 3 Integrated Development and Learning Environment + +

+ IDLE is Python’s Integrated Development and Learning Environment. + The GUI is uniform between Windows, Unix, and Mac OS X. + IDLE provides an easy way to start writing, running, and debugging + Python code. +

+

+ IDLE is written in pure Python, and uses the tkinter GUI toolkit. + It provides: +

+
    +
  • a Python shell window (interactive interpreter) with colorizing of code input, output, and error messages,
    • +
  • a multi-window text editor with multiple undo, Python colorizing, smart indent, call tips, auto completion, and other features,
    • +
  • search within any window, replace within editor windows, and search through multiple files (grep),
    • +
  • a debugger with persistent breakpoints, stepping, and viewing of global and local namespaces.
    • +
+ + https://docs.python.org/3/library/idle.html + + http://in.waw.pl/~zbyszek/fedora/idle3-appdata/idle3-main-window.png + http://in.waw.pl/~zbyszek/fedora/idle3-appdata/idle3-class-browser.png + http://in.waw.pl/~zbyszek/fedora/idle3-appdata/idle3-code-viewer.png + + zbyszek@in.waw.pl + diff --git a/idle3.desktop b/idle3.desktop new file mode 100644 index 0000000..43f5a4c --- /dev/null +++ b/idle3.desktop @@ -0,0 +1,12 @@ +[Desktop Entry] +Version=1.0 +Name=IDLE 3 +GenericName=Python 3 IDE +Comment=Python 3 Integrated Development and Learning Environment +Exec=idle3 %F +TryExec=idle3 +Terminal=false +Type=Application +Icon=idle3 +Categories=Development;IDE; +MimeType=text/x-python; diff --git a/import_failed.map b/import_failed.map new file mode 100644 index 0000000..f33690c --- /dev/null +++ b/import_failed.map @@ -0,0 +1,7 @@ +python311-curses: curses _curses _curses_panel +python311-dbm: dbm _dbm _gdbm +python311-idle: idlelib +python311-testsuite: test _ctypes_test _testbuffer _testcapi _testinternalcapi _testimportmultiple _testmultiphase xxlimited +python311-tk: tkinter _tkinter +python311-tools: turtledemo +python311: sqlite3 readline _sqlite3 nis diff --git a/import_failed.py b/import_failed.py new file mode 100644 index 0000000..258b5a5 --- /dev/null +++ b/import_failed.py @@ -0,0 +1,23 @@ +import sys, os +from sysconfig import get_path + +failed_map_path = os.path.join(get_path('stdlib'), '_import_failed', 'import_failed.map') + +if __spec__: + failed_name = __spec__.name +else: + failed_name = __name__ + +with open(failed_map_path) as fd: + for line in fd: + package = line.split(':')[0] + imports = line.split(':')[1] + if failed_name in imports: + raise ImportError(f"""Module '{failed_name}' is not installed. +Use: + sudo zypper install {package} +to install it.""") + +raise ImportError(f"""Module '{failed_name}' is not installed. +It is supposed to be part of python3 distribution, but missing from failed import map. +Please file a bug on the SUSE Bugzilla.""") diff --git a/macros.python3 b/macros.python3 new file mode 100644 index 0000000..2bd193b --- /dev/null +++ b/macros.python3 @@ -0,0 +1,28 @@ +%have_python3 1 + +# commented out legacy macro definitions +#py3_prefix /usr +#py3_incdir /usr/include/python3.5m +#py3_ver 3.5 + +# these should now be provided by macros.python_all +#python3_sitearch /usr/lib64/python3.5/site-packages +#python3_sitelib /usr/lib/python3.5/site-packages +#python3_version 3.5 + +# hard to say if anyone ever used these? +#py3_soflags cpython-35m-x86_64-linux-gnu +#py3_abiflags m +%cpython3_soabi %(python3 -c "import sysconfig; print(sysconfig.get_config_var('SOABI'))") +%py3_soflags %cpython3_soabi + +# compilation macros that might be in use somewhere +%py3_compile(O) \ +find %1 -name '*.pyc' -exec rm -f {} ";"\ +python3 -c "import sys, os, compileall; br='%{buildroot}'; compileall.compile_dir(sys.argv[1], ddir=br and (sys.argv[1][len(os.path.abspath(br)):]+'/') or None)" %1\ +%{-O:\ +find %1 -name '*.pyo' -exec rm -f {} ";"\ +python3 -O -c "import sys, os, compileall; br='%{buildroot}'; compileall.compile_dir(sys.argv[1], ddir=br and (sys.argv[1][len(os.path.abspath(br)):]+'/') or None)" %1\ +} + + diff --git a/no-skipif-doctests.patch b/no-skipif-doctests.patch new file mode 100644 index 0000000..7e412d7 --- /dev/null +++ b/no-skipif-doctests.patch @@ -0,0 +1,653 @@ +only in patch2: +unchanged: +--- + Doc/library/turtle.rst | 82 ------------------------------------------------- + 1 file changed, 82 deletions(-) + +--- a/Doc/library/turtle.rst ++++ b/Doc/library/turtle.rst +@@ -440,7 +440,6 @@ Turtle motion + turtle is headed. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.position() + (0.00,0.00) +@@ -467,7 +466,6 @@ Turtle motion + >>> turtle.goto(0, 0) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.position() + (0.00,0.00) +@@ -486,13 +484,11 @@ Turtle motion + orientation depends on the turtle mode, see :func:`mode`. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.setheading(22) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.heading() + 22.0 +@@ -511,13 +507,11 @@ Turtle motion + orientation depends on the turtle mode, see :func:`mode`. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.setheading(22) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.heading() + 22.0 +@@ -540,13 +534,11 @@ Turtle motion + not change the turtle's orientation. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.goto(0, 0) + + .. doctest:: +- :skipif: _tkinter is None + + >>> tp = turtle.pos() + >>> tp +@@ -570,13 +562,11 @@ Turtle motion + unchanged. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.goto(0, 240) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.position() + (0.00,240.00) +@@ -592,13 +582,11 @@ Turtle motion + Set the turtle's second coordinate to *y*, leave first coordinate unchanged. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.goto(0, 40) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.position() + (0.00,40.00) +@@ -625,7 +613,6 @@ Turtle motion + =================== ==================== + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.setheading(90) + >>> turtle.heading() +@@ -638,14 +625,12 @@ Turtle motion + its start-orientation (which depends on the mode, see :func:`mode`). + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.setheading(90) + >>> turtle.goto(0, -10) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.heading() + 90.0 +@@ -677,7 +662,6 @@ Turtle motion + calculated automatically. May be used to draw regular polygons. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.position() +@@ -706,7 +690,6 @@ Turtle motion + + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.dot() +@@ -724,7 +707,6 @@ Turtle motion + it by calling ``clearstamp(stamp_id)``. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.color("blue") + >>> turtle.stamp() +@@ -740,7 +722,6 @@ Turtle motion + Delete stamp with given *stampid*. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.position() + (150.00,-0.00) +@@ -785,7 +766,6 @@ Turtle motion + undo actions is determined by the size of the undobuffer. + + .. doctest:: +- :skipif: _tkinter is None + + >>> for i in range(4): + ... turtle.fd(50); turtle.lt(80) +@@ -818,7 +798,6 @@ Turtle motion + turtle turn instantly. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.speed() + 3 +@@ -839,7 +818,6 @@ Tell Turtle's state + Return the turtle's current location (x,y) (as a :class:`Vec2D` vector). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.pos() + (440.00,-0.00) +@@ -855,7 +833,6 @@ Tell Turtle's state + orientation which depends on the mode - "standard"/"world" or "logo". + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.goto(10, 10) + >>> turtle.towards(0,0) +@@ -867,7 +844,6 @@ Tell Turtle's state + Return the turtle's x coordinate. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.left(50) +@@ -883,7 +859,6 @@ Tell Turtle's state + Return the turtle's y coordinate. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.left(60) +@@ -900,7 +875,6 @@ Tell Turtle's state + :func:`mode`). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.left(67) +@@ -917,7 +891,6 @@ Tell Turtle's state + other turtle, in turtle step units. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.distance(30,40) +@@ -941,7 +914,6 @@ Settings for measurement + Default value is 360 degrees. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.left(90) +@@ -964,7 +936,6 @@ Settings for measurement + ``degrees(2*math.pi)``. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.left(90) +@@ -975,7 +946,6 @@ Settings for measurement + 1.5707963267948966 + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.degrees(360) +@@ -1011,7 +981,6 @@ Drawing state + thickness. If no argument is given, the current pensize is returned. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.pensize() + 1 +@@ -1043,7 +1012,6 @@ Drawing state + attributes in one statement. + + .. doctest:: +- :skipif: _tkinter is None + :options: +NORMALIZE_WHITESPACE + + >>> turtle.pen(fillcolor="black", pencolor="red", pensize=10) +@@ -1066,7 +1034,6 @@ Drawing state + Return ``True`` if pen is down, ``False`` if it's up. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.penup() + >>> turtle.isdown() +@@ -1107,7 +1074,6 @@ Color control + newly set pencolor. + + .. doctest:: +- :skipif: _tkinter is None + + >>> colormode() + 1.0 +@@ -1156,7 +1122,6 @@ Color control + with the newly set fillcolor. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.fillcolor("violet") + >>> turtle.fillcolor() +@@ -1195,7 +1160,6 @@ Color control + with the newly set colors. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.color("red", "green") + >>> turtle.color() +@@ -1212,7 +1176,6 @@ Filling + ~~~~~~~ + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.home() +@@ -1222,7 +1185,6 @@ Filling + Return fillstate (``True`` if filling, ``False`` else). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.begin_fill() + >>> if turtle.filling(): +@@ -1247,7 +1209,6 @@ Filling + above may be either all yellow or have some white regions. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.color("black", "red") + >>> turtle.begin_fill() +@@ -1264,7 +1225,6 @@ More drawing control + variables to the default values. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.goto(0,-22) + >>> turtle.left(100) +@@ -1315,7 +1275,6 @@ Visibility + drawing observably. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.hideturtle() + +@@ -1326,7 +1285,6 @@ Visibility + Make the turtle visible. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.showturtle() + +@@ -1357,7 +1315,6 @@ Appearance + deal with shapes see Screen method :func:`register_shape`. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.shape() + 'classic' +@@ -1383,7 +1340,6 @@ Appearance + ``resizemode("user")`` is called by :func:`shapesize` when used with arguments. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.resizemode() + 'noresize' +@@ -1407,7 +1363,6 @@ Appearance + of the shape's outline. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.shapesize() + (1.0, 1.0, 1) +@@ -1432,7 +1387,6 @@ Appearance + heading of the turtle are sheared. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.shape("circle") + >>> turtle.shapesize(5,2) +@@ -1449,7 +1403,6 @@ Appearance + change the turtle's heading (direction of movement). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.reset() + >>> turtle.shape("circle") +@@ -1469,7 +1422,6 @@ Appearance + (direction of movement). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.reset() + >>> turtle.shape("circle") +@@ -1495,7 +1447,6 @@ Appearance + turtle (its direction of movement). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.reset() + >>> turtle.shape("circle") +@@ -1524,7 +1475,6 @@ Appearance + given matrix. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle = Turtle() + >>> turtle.shape("square") +@@ -1540,7 +1490,6 @@ Appearance + can be used to define a new shape or components of a compound shape. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.shape("square") + >>> turtle.shapetransform(4, -1, 0, 2) +@@ -1565,7 +1514,6 @@ Using events + procedural way: + + .. doctest:: +- :skipif: _tkinter is None + + >>> def turn(x, y): + ... left(180) +@@ -1586,7 +1534,6 @@ Using events + ``None``, existing bindings are removed. + + .. doctest:: +- :skipif: _tkinter is None + + >>> class MyTurtle(Turtle): + ... def glow(self,x,y): +@@ -1614,7 +1561,6 @@ Using events + mouse-click event on that turtle. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.ondrag(turtle.goto) + +@@ -1642,7 +1588,6 @@ Special Turtle methods + Return the last recorded polygon. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.begin_poly() +@@ -1662,7 +1607,6 @@ Special Turtle methods + turtle properties. + + .. doctest:: +- :skipif: _tkinter is None + + >>> mick = Turtle() + >>> joe = mick.clone() +@@ -1675,7 +1619,6 @@ Special Turtle methods + return the "anonymous turtle": + + .. doctest:: +- :skipif: _tkinter is None + + >>> pet = getturtle() + >>> pet.fd(50) +@@ -1689,7 +1632,6 @@ Special Turtle methods + TurtleScreen methods can then be called for that object. + + .. doctest:: +- :skipif: _tkinter is None + + >>> ts = turtle.getscreen() + >>> ts +@@ -1707,7 +1649,6 @@ Special Turtle methods + ``None``, the undobuffer is disabled. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.setundobuffer(42) + +@@ -1717,7 +1658,6 @@ Special Turtle methods + Return number of entries in the undobuffer. + + .. doctest:: +- :skipif: _tkinter is None + + >>> while undobufferentries(): + ... undo() +@@ -1740,7 +1680,6 @@ below: + For example: + + .. doctest:: +- :skipif: _tkinter is None + + >>> s = Shape("compound") + >>> poly1 = ((0,0),(10,-5),(0,10),(-10,-5)) +@@ -1751,7 +1690,6 @@ below: + 3. Now add the Shape to the Screen's shapelist and use it: + + .. doctest:: +- :skipif: _tkinter is None + + >>> register_shape("myshape", s) + >>> shape("myshape") +@@ -1771,7 +1709,6 @@ Most of the examples in this section ref + ``screen``. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> screen = Screen() +@@ -1788,7 +1725,6 @@ Window control + Set or return background color of the TurtleScreen. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.bgcolor("orange") + >>> screen.bgcolor() +@@ -1880,7 +1816,6 @@ Window control + distorted. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.reset() + >>> screen.setworldcoordinates(-50,-7.5,50,7.5) +@@ -1891,7 +1826,6 @@ Window control + ... left(45); fd(2) # a regular octagon + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> screen.reset() +@@ -1913,7 +1847,6 @@ Animation control + Optional argument: + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.delay() + 10 +@@ -1935,7 +1868,6 @@ Animation control + :func:`delay`). + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.tracer(8, 25) + >>> dist = 2 +@@ -1972,7 +1904,6 @@ Using screen events + must have the focus. (See method :func:`listen`.) + + .. doctest:: +- :skipif: _tkinter is None + + >>> def f(): + ... fd(50) +@@ -1993,7 +1924,6 @@ Using screen events + must have focus. (See method :func:`listen`.) + + .. doctest:: +- :skipif: _tkinter is None + + >>> def f(): + ... fd(50) +@@ -2018,7 +1948,6 @@ Using screen events + named ``turtle``: + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.onclick(turtle.goto) # Subsequently clicking into the TurtleScreen will + >>> # make the turtle move to the clicked point. +@@ -2038,7 +1967,6 @@ Using screen events + Install a timer that calls *fun* after *t* milliseconds. + + .. doctest:: +- :skipif: _tkinter is None + + >>> running = True + >>> def f(): +@@ -2120,7 +2048,6 @@ Settings and special methods + ============ ========================= =================== + + .. doctest:: +- :skipif: _tkinter is None + + >>> mode("logo") # resets turtle heading to north + >>> mode() +@@ -2135,7 +2062,6 @@ Settings and special methods + values of color triples have to be in the range 0..*cmode*. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.colormode(1) + >>> turtle.pencolor(240, 160, 80) +@@ -2156,7 +2082,6 @@ Settings and special methods + do with a Tkinter Canvas. + + .. doctest:: +- :skipif: _tkinter is None + + >>> cv = screen.getcanvas() + >>> cv +@@ -2168,7 +2093,6 @@ Settings and special methods + Return a list of names of all currently available turtle shapes. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.getshapes() + ['arrow', 'blank', 'circle', ..., 'turtle'] +@@ -2192,7 +2116,6 @@ Settings and special methods + coordinates: Install the corresponding polygon shape. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.register_shape("triangle", ((5,-3), (0,5), (-5,-3))) + +@@ -2208,7 +2131,6 @@ Settings and special methods + Return the list of turtles on the screen. + + .. doctest:: +- :skipif: _tkinter is None + + >>> for turtle in screen.turtles(): + ... turtle.color("red") +@@ -2270,7 +2192,6 @@ Methods specific to Screen, not inherite + center window vertically + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.setup (width=200, height=200, startx=0, starty=0) + >>> # sets window to 200x200 pixels, in upper left of screen +@@ -2286,7 +2207,6 @@ Methods specific to Screen, not inherite + Set title of turtle window to *titlestring*. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.title("Welcome to the turtle zoo!") + +@@ -2357,7 +2277,6 @@ Public classes + Example: + + .. doctest:: +- :skipif: _tkinter is None + + >>> poly = ((0,0),(10,-5),(0,10),(-10,-5)) + >>> s = Shape("compound") +@@ -2743,7 +2662,6 @@ Changes since Python 3.0 + + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> for turtle in turtles(): diff --git a/pre_checkin.sh b/pre_checkin.sh new file mode 100644 index 0000000..a2cf992 --- /dev/null +++ b/pre_checkin.sh @@ -0,0 +1,78 @@ +#!/bin/bash + +export LC_ALL=C + +master=python*.spec + +# create import_failed.map from package definitions +pkgname=$(grep python_pkg_name $master |grep define |awk -F' ' '{print $3}') +MAPFILE=import_failed.map +function new_map_line () { + package=$1 + package=$(echo $1 |sed -e "s:%{python_pkg_name}:$pkgname:") + modules=$2 + if [ -z "$package" -o -z "$modules" ]; then + return + fi + if [[ "$package" =~ "-base" ]]; then + return + fi + echo "$package:$modules" >> $MAPFILE.tmp +} + +for spec in *.spec; do + basename=${spec%.spec} + package= + modules= + while read line; do + case $line in + "%files -n "*) + new_map_line $package "$modules" + package=${line#"%files -n "} + modules= + ;; + "%files "*) + new_map_line $package "$modules" + package=$basename-${line#"%files "} + modules= + ;; + "%files") + new_map_line $package "$modules" + package=$basename + modules= + ;; + "%{sitedir}/config-"*) + # ignore + ;; + "%{sitedir}/"*) + word=${line#"%{sitedir}/"} + if ! echo $word | grep -q /; then + modules="$modules $word" + fi + ;; + "%{dynlib "*"}") + word=${line#"%{dynlib "} + word=${word%"}"} + modules="$modules $word" + ;; + esac + done < $spec + new_map_line $package "$modules" +done + +cat $MAPFILE.tmp |sort -u > $MAPFILE +rm $MAPFILE.tmp + +# run test inclusion check +tar xJf Python-*.xz +python3 skipped_tests.py + +# generate baselibs.conf +VERSION=$(grep ^Version $master|awk -F':' '{print $2}' |sed -e 's/ //g') +python_version=${VERSION:0:3} # 3.3 +python_version_abitag=${python_version//./} # 33 +python_version_soname=${python_version//./_} # 3_3 +echo "$pkgname-base" > baselibs.conf +echo "$pkgname" >> baselibs.conf +echo "libpython$python_version_soname-1_0" >> baselibs.conf + diff --git a/python-3.3.0b1-fix_date_time_compiler.patch b/python-3.3.0b1-fix_date_time_compiler.patch new file mode 100644 index 0000000..cda20d7 --- /dev/null +++ b/python-3.3.0b1-fix_date_time_compiler.patch @@ -0,0 +1,27 @@ +--- + Makefile.pre.in | 7 +++++++ + 1 file changed, 7 insertions(+) + +Index: Python-3.11.8/Makefile.pre.in +=================================================================== +--- Python-3.11.8.orig/Makefile.pre.in ++++ Python-3.11.8/Makefile.pre.in +@@ -1240,11 +1240,18 @@ Modules/getbuildinfo.o: $(PARSER_OBJS) \ + $(DTRACE_OBJS) \ + $(srcdir)/Modules/getbuildinfo.c + $(CC) -c $(PY_CORE_CFLAGS) \ ++ -DDATE="\"`date -u -r Makefile.pre.in +"%b %d %Y"`\"" \ ++ -DTIME="\"`date -u -r Makefile.pre.in +"%T"`\"" \ + -DGITVERSION="\"`LC_ALL=C $(GITVERSION)`\"" \ + -DGITTAG="\"`LC_ALL=C $(GITTAG)`\"" \ + -DGITBRANCH="\"`LC_ALL=C $(GITBRANCH)`\"" \ + -o $@ $(srcdir)/Modules/getbuildinfo.c + ++Python/getcompiler.o: $(srcdir)/Python/getcompiler.c Makefile ++ $(CC) -c $(PY_CORE_CFLAGS) \ ++ -DCOMPILER='"[GCC]"' \ ++ -o $@ $(srcdir)/Python/getcompiler.c ++ + Modules/getpath.o: $(srcdir)/Modules/getpath.c Python/frozen_modules/getpath.h Makefile $(PYTHON_HEADERS) + $(CC) -c $(PY_CORE_CFLAGS) -DPYTHONPATH='"$(PYTHONPATH)"' \ + -DPREFIX='"$(prefix)"' \ diff --git a/python-3.3.0b1-localpath.patch b/python-3.3.0b1-localpath.patch new file mode 100644 index 0000000..475497e --- /dev/null +++ b/python-3.3.0b1-localpath.patch @@ -0,0 +1,13 @@ +Index: Python-3.11.8/Lib/site.py +=================================================================== +--- Python-3.11.8.orig/Lib/site.py ++++ Python-3.11.8/Lib/site.py +@@ -77,7 +77,7 @@ import io + import stat + + # Prefixes for site-packages; add additional prefixes like /usr/local here +-PREFIXES = [sys.prefix, sys.exec_prefix] ++PREFIXES = [sys.prefix, sys.exec_prefix, '/usr/local'] + # Enable per user site-packages directory + # set it to False to disable the feature or True to force the feature + ENABLE_USER_SITE = None diff --git a/python-3.3.0b1-test-posix_fadvise.patch b/python-3.3.0b1-test-posix_fadvise.patch new file mode 100644 index 0000000..ac5d553 --- /dev/null +++ b/python-3.3.0b1-test-posix_fadvise.patch @@ -0,0 +1,17 @@ +--- + Lib/test/test_posix.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +Index: Python-3.11.8/Lib/test/test_posix.py +=================================================================== +--- Python-3.11.8.orig/Lib/test/test_posix.py ++++ Python-3.11.8/Lib/test/test_posix.py +@@ -430,7 +430,7 @@ class PosixTester(unittest.TestCase): + def test_posix_fadvise(self): + fd = os.open(os_helper.TESTFN, os.O_RDONLY) + try: +- posix.posix_fadvise(fd, 0, 0, posix.POSIX_FADV_WILLNEED) ++ posix.posix_fadvise(fd, 0, 0, posix.POSIX_FADV_RANDOM) + finally: + os.close(fd) + diff --git a/python.keyring b/python.keyring new file mode 100644 index 0000000..747bc27 --- /dev/null +++ b/python.keyring @@ -0,0 +1,109 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBFq+ToQBEADRYvIVtbK6owynD3j3nxwpW2KEk/p+aDvtXmc2SR2dBcZ8sFW2 +R5vEsG8d3/D3wgv5pcL3KfNNXQYUnXVbobrFUUWQYc79qIsE3MgiPf5NVOtwKPUR +i5g9YJgKvpBxkQfqp3LYGm9ZBtwo3DVLA3yn7KsazCmAgTNFJYw7ku1XxgmIzY6K +5J30DfbJiqDqj4f9GslCCCCH3qiPnuLG/HUyVLHMpbWlaiy9NI0GcaLxjJewHj9w +W2D2lydkxe5JGo7egUkV3ILcuLVSVKA35SKY27dYqfuyqp9tAzaRbjDYjsYdHA6G +BqrNrKBn/GwlFDPrVdcvN3ZSY2wMLTxWE3Axc/FweuHxFnou/80FwX7F3JD+oEQ6 +rofmcxOBCC7J98I7HZAhP9jBn88XIS2hztbLq8d6rZJZRtcz0k61VR0ddO+TrFmf +9rMYCPgCckRtVxeFIVIabrN1IzKynLFeo040h8hSGswd6YKDOVwjJY6Oa6EmVefZ +a8QSt4+M65RSzH6SEPY008F3nJUAK6MEkzTak+tFltZNrVWu8p2xd1j9nmxAwEhZ +/lgbxLqzYgaUWmfyHeZ8yVA0MhHzdiAL8nVUEdG3KecIq0RWCJLGLWWIjd6KAJl1 +yAmhRYKK/sjPDsL3elHsFACfZbyx3o5GGQNlas1FYoPLWbaNGaJtgFTF2QARAQAB +tCtQYWJsbyBHYWxpbmRvIFNhbGdhZG8gPHBhYmxvZ3NhbEBnbWFpbC5jb20+iQJO +BBMBCgA4FiEEoDXIwZIZuoIezqhrZOYo+NaEaW0FAlq+ToQCGwMFCwkIBwMFFQoJ +CAsFFgIDAQACHgECF4AACgkQZOYo+NaEaW2bmA/+PXIap2udLoUVOHxnsIBdqYwp +sv1Aj5lfIJmNhmxPbHShwp1Jg+w4urxe+2Dj5ofKVlIo1i83bQkvnKJMDXDVuc/K +P6zqhBJ3rT4Q3qx2mzX8bIfQoJ2JHuH4lkP+I7doDcHHRyeNASyk72VdQmU4twNw +Ibn8nSNV6ThKHdoPYzVnO2rZUFcGIqH5HNsvR+B7cc1MBCHsgURYwSVhSePIFGlZ +iasdBD6QQkDSe4QWi7AcJFWFElw4kbOKJWxAWsrEk+tMXJVGRjnmL289EmPCx/vx +BqKy7Mse0yWCSRR3vB+O6TB1S5SgEyEgqlYsfGNv1qf/rfRD4KkyCbNU3LhY1Aim +vJP4pDW+KFxTk2Ks8vrx8gOSd2aFqPeO/pFDrpsF7PD62XwsfoXu4xc5V0Giw7r1 +Nai0nax7kOrldNF8TbbtRjW0jmoC7wLIDujAkwDIOroZ0CXA3N4HVHdSbrHm/urX +nyxJXupXAQNwGx64JCBcbF2fp3Kvu1VAXBEFnd01KaopthHcbG5pA50Kl2Vhe+98 +OdezUX42fHkQpQkB7HgtXfm6W1bw6YRBamrNvs1OoHBYmUjlECpe566IIu25Hc8s +x3qA+6eca7iqizyLG+WyMT8ZIYTWGAS59jxwR4esqGczbbZPSAPHFwLbGv7Wr0Rd +TPu5B0FcKpDkTd4IxQW5Ag0EWr5O2gEQAMjLe4CtbSfofmJrz5wfNkMVsZ81Gbqe +MoYd3dtkJnQYERUj8flzBj3ucaxGJ+Cuf7ybh3naPopKvEI1q0vkcgCDqrEgXK// +jKJbP28uPSMGhOG28q4PbamG55gy5FtM3ezzAxPWWKe9qBpV65GMmFy7eBQx2iJs +yiDIOOQQ4kraS+cTqNFimEXAGLCOQRNLcwIZzwAAHoW7HEpNUfVwaBD9kMlbo1ND +I60IKcNrNcmcmRxhJqfxjj8YBMwcKHO6GBE3AVpaE/+UO9zyr4TH+0YuQUgxKlPW +Dkg5XlkDo0S1GyLY5e9ckIDIlkTdDa2pOkoE2yB5MQCEga3YiHrKUVTTWaxn9XVJ +6x5ZjUF6bgSWGkrG5dUqSYoO1iDMuNVjtiujNyf/rvfj5cNxS7/lgxchhQKZHZXL +WVqxlneeVJ6s0P4+ROVG9ga2Sve7aUJ6wXIewZwulBcV2sE/W/DgxHgLBi53CUQt +vEzFzKvo48GnDqL5VYjA7l0HMYHd4GksCLi8E8U6Cgj+imXiM8voL7pHRZfs8mY8 +udR+UT4e1Scl2MYP2qBJ9/17B/X52B3s1EZdqI/r+hfOyqrhPs+dbAN0mtMPn68+ +nrvY1+nscvrSYEP6ZBlc9Hp2mgJdb6IcTvINXBEeLRjgc3pjViva443pkiFp9Axm +ecOckMKP3uSlABEBAAGJBGwEGAEKACAWIQSgNcjBkhm6gh7OqGtk5ij41oRpbQUC +Wr5O2gIbAgJACRBk5ij41oRpbcF0IAQZAQoAHRYhBM/cokWxBDzypfl4Zf/odAQW +i9hHBQJavk7aAAoJEP/odAQWi9hHr7YP/RCLre1CmOoWYpAtoa1yVCeYMDV6eQgL +B488/BEZHQE1zbrYy16XkhORob3JF/kUMjmJW7XaFF8FrWvRcdj/xaUGbOOEulKg +v+8zWfswYQRiZ4/JlwER4vRLi6fTE89MVER6Fkj2ASD4D2cifY+EztD4flV3sq3s +vIogGFaN9IvdrdeptOVGXs1RmAyoTsiS2mKQ6xsGh8B9ZAm55W8fBOGiSzLX21Xk +Ofdw53BrFQxn3cu/JgIKpdeZxgukcvEAI62B6X+YL6Na4j0eqEGLzsNtU1+xeJlo +WtVvmRwnRHGSxF6fzIZ3mk/p/aFiXAEq/xITCTY6tDv7x7pFE/RpdlJZyNJ+R5Y4 +SQiuDsylxNCa/4G5EB6q+7iVYtbEQ9MnZg2phowEE42tlj0rz8/rvDK3LH3xibot +KHIodCWKlWByxH99u2PuHUQ0c1oCVBUE1KkruMpvI236DpU/dvdq4JLSg/fWrys/ +VIjqLZgsIE5g/KO9XqngWHkLcBLh4CNAmHJ8Iia+s+/rfgsejQWB5uJb6eYg2JjB +4WP1EI0rULM6fdrCNB+MJ36wE2Lnb4bfT0phOMgjjH5/Ki7ZCbkxkOsBs4SRjiS+ +weCsmpAtMqodWY/Cnw9pWSA/qLSRD5/mKeb9SO6OZ/OPfAatwnGHsvZ2sAueC6rR +04W5BfXZWrnJUXQP/id/EKE1Ksp5fKoxSCbkKTCig+Sf5Afwe36yFN+niZBqzn5b +BgL/HIKaZM97oDHersPPANeEgS+JVlBf95iKIYnQbZP43FLVbvOuaINhBIVtFO54 +2Y7EYwl41kP7ILDElVy36KAmdQyBAfrjnZiRA70xShOxApLug1L0lxhR3YfmLwNi +RJ0V6KnYDKf0pfdhO9VFyFFWUojX1usn2SmSsXNizsNtvRqHXzPnX0rbJzZ9+N4O +9k1nxygYFG/2R/jGonVmTjRzcAHrAkNJETMWXMA7/8wRMDwluz8j+cCldey9x8Vk +JwgLGnZSbQtVpcFAnm5r/36Gt+9wc1VWMyrUrVr6Z679aqAbG7PMaeR5h5ygMj1k +VqRTYAUPSk1f8bZKRssQkQwEbp9dVIjm9SsR8VT7/tB+UuB85dABxgHfv3psJRT+ +tL8g9V7kSZqQfcLNGmvEVvr2Zl9NtxwXtsFM2OBprxCenwb+e9Ppm1LjfJG/NE72 +mAnOERfDaiLt4bqNo36Ei5sGCJ4Fx61phzNBXzkdRNM47i8J5UZRKFkE91c99BVM +HKUaY61NRK24fR0zP98ftDU82YFw0VRFJpTeBrO5ivN1MlQxUPzUWxKxMxO+20wa +UOXroEw11Tb4SRLGOla1pCl6lCUPJRy9IzadPDgTr/OTMkob/snt/XLdnV5/uQIN +BFq+TvoBEAC8Oy1g6pPWBbrCMhIq7VWY2fjylJ1fwg5BPXkOKVK1dsGYO4QD7oW9 +L0aSqcFSNFGF9Cl0Ri4TFXZC3hnG4HeSXUWApuKdBLn21H3jba36Ay1oGcGfdm0v +Zght4c6BlMVBpGCw2wIkJbUNEy6InMM+O8CCbbaH3iJkJ4141P7pODHignx5AmZI +conMui4YOhC+IXQXynVEv1Juk7erB1Nh1RcRvsA4lb44HWx49lIwe85ejOmoZ0O3 +6f9NJRer6bV0+rHWmg4IV5Q9h/Gn4IhEDZxA0DZl1RQI7dMgaMbIFbXGq7Kgzstz +EUnOoy29hXodxVmwIsMrAiQUYtwJ9hW+ESsw47+W2iPHVgviGWl7r/SgcgMYmf6m +5kiTBtwU7BQPS9G3zwwP2Rm3AA/6g39Q+tQKjOwi1I8+GZsY2On44Zly7BreBNg5 +4gJgdAGcMOYU9etr050clH3UpTYcAEtX++ahtOKhJgLIPNcIAQNlnifqvU0VYpgw +R4YpZ7hgg+AVDzC73PIM0lFI0XiDuqChbxE+K1jmLXWe5iJF0dzgVTwP+PmsifNZ +Wg3+YxSsS+hDMPQ2xPiQN49gT4JJDHcDuyhHyCGYgyMiVJCsku9KrkubbfVRivyN +ZF2Zfo3f+nbrRxsftz0yjAq8byCvb0V0XOpt4pJ/ddlug9ytRxALNwARAQABiQI2 +BBgBCgAgFiEEoDXIwZIZuoIezqhrZOYo+NaEaW0FAlq+TvoCGwwACgkQZOYo+NaE +aW3urA//UQ/cKQ7HvWjcLphzQOZc+6m5YL0wxvZkSjemU7mqjZdpacteIvRAoers +EqXHc208liIBtNfRzoreXdcXNzie65xXkrRnWoHVH/fTWy4lOnHr2CMXLeHjUgg/ +M6PYi8+sARm05YFB8nsYhlhx3IdLhcfeVVbJedQKO0yL3CK1okT30DUVq5Lq6X/K +DC6AxuJR3D6UMSoT0WLaoX8qbhAp88qLynInfBVL18d97h916WPLTPeP0eHwhwND +bYtKDCMDuKQ9XX5+QsNH0RmbxlX274LHrUMMvkLKxcfCBvP+iuqrBeIuoeVzXYJZ +j7ZJtEH79bW44eecl/CY/STFYgSQ2XGTp2BI2q60wAmtKlNhwxY5ena0FgyFl6Tm +5OBHW/Pwo+ndQJGfbrCyWkTgRay9c8er3gl3GQYIBH6X0kCiG7h/Epj0b5CHOPU5 +hCw0kEB8MB4poTIjeiY+Q01472/lQ68CL3DX158hR5d3XaPSIxAN+qFsfB1o316p +yjxhfK1MD/IfrOgjlggPPnc/KmLkCzpgdwKcZwLCdZq9hYBvF1Zs34HbaVMYbWTK +uxLowtXGU43vatCXXqmPOvl4/g4tZD6rysJDgOrHQnEHzT+Napn07s0BRC0IbbNn +FynUrkr5KMSuRz7Hg7xMApENOrb0nqdHSUJ914ZpuMIS6RhJgGu5Ag0EWr5PIAEQ +ALfh9vPD2B+miHDTMADI8aRZ7g9tnzynZYkk3+2sCiiusetsQQ+HIPJ/ASEJB7On +ane9dyT/LTRhrK9qaxgVMimk2COXB/xyh7Mnw7nJgFU0aRSbtX0vbvQz2suSzrQ6 +9mPKzan28JGoClqB0bw1vwf3VjjxHV2dgD57CmqFPv7kAC/2a56dE+etzXattZAL ++2JWTpmfQ0ePRRadtBm0VahQhnU8x0+jvAVrEawqpVW83ozYFyW/0WInM2J7jHgQ +16OosY4lj5L/DxpVxaArhRFoRfWPXfC37iE8Mou/I95isvPQIhp1wTo4jG0KM02B +oIVbp/QRNBQ6WtpOzvJs1gqQiJJTfqbKJXQ3NDEY9crpVS83HJ+Zv99PNsyNkFjG +QpU84U3ZhsI4ygjdY45mpZueqI1RVcRQdu8Hgvoo/78Q/Sir6gMGop3mVdVo2guI +kFcJrXh0Xk3ech4aVqrmKx/mPXGwOAQU0DAul4RW3fKg1QxQE7Tlw3+95Ee/+q5j +HARL0uDbCJpRO8Sl8NDEuL32n/2Ot6kQeCSHrU7KJRYAkTxkKvr8zNow7hFhHFPE +SnHvTnskI6noh0VY6NwMhmLvhm0wKkRxZPzUNc3sgLvbK1NymIZ9aKCZamzhZrmG +vnblEz/OSLwGUua465H3hM1vvBQiartj7+6ZqWIkSmBPABEBAAGJAjYEGAEKACAW +IQSgNcjBkhm6gh7OqGtk5ij41oRpbQUCWr5PIAIbIAAKCRBk5ij41oRpbWmeEACG ++axtDC8UoNp9ORiYwEWLzZWDuugE+ah7DYYGD4Vs633FXVZW3SgM/bFtJ/0Lg8CF +74jI4LMHyIjDzEjcoItwnhBLix+kUoJTvrY58GPydwekLuw1p4KXLqtRs4fsZbNQ +YTknl4jYtRWoxO98x7tun7Gq2gqmJkIB2uj630fKz5cBk6p6oDFKjzyrHe+V7BiK +3okQPaD4x7hq8OnTy7lOy92ZZAqztS4tNEb4DkYW1MpuwsJ7hbBZitc1siI+FVVb +GjVVGZz6ssXoW67Tz8+VxdWJxNLXlv27eMcj4sme5S0th/YYNA5fRRv6zuzqZAru +YNGLpYYU7JLvZJ+3lCwa5j5ycOGBF0GvsGs6gj6h+CHkjR/BgzAgWC+GgUgslt6q +aH04rWtV6rVz+Y91LcrX5P6OM4anmXD3Gp3kl35AypXb4KyASF19+11RUziD4Z7q +wQEWfbwOltNyZv2lD8s2jPr7P02axWRQUbZAEhxRmvOQev/FZPyCF6gqUo/HxRbQ +y3bzmnipyHSv1DlXNfCFCHvN8kGyZnRWARqIKRg+j9ediJgOUqlLhg6KmrTVxd5v +3Dfv52PW2UODDTM20s3cQGuX/UswzMRwPI/+P44iCMwEKdm7duM/5oisZT9Vhy7g +P15MreFZLcZvUVgjqgy0u57cstyGK1Bo9e2sFcK2fA== +=6Zb4 +-----END PGP PUBLIC KEY BLOCK----- diff --git a/python311-rpmlintrc b/python311-rpmlintrc new file mode 100644 index 0000000..5b35f34 --- /dev/null +++ b/python311-rpmlintrc @@ -0,0 +1,3 @@ +addFilter("pem-certificate.*/usr/lib.*/python.*/test/*.pem") +addFilter("devel-file-in-non-devel-package.*/usr/lib.*/python.*/tests/*.c") +addFilter("devel-file-in-non-devel-package.*/usr/lib.*/python.*/test/*.cpp") diff --git a/python311.changes b/python311.changes new file mode 100644 index 0000000..6d769f0 --- /dev/null +++ b/python311.changes @@ -0,0 +1,5466 @@ +------------------------------------------------------------------- +Mon Dec 2 22:50:07 UTC 2024 - Matej Cepl + +- Fix changelog + +------------------------------------------------------------------- +Mon Nov 11 12:43:40 UTC 2024 - Daniel Garcia + +- Remove -IVendor/ from python-config boo#1231795 + +------------------------------------------------------------------- +Fri Nov 1 16:32:10 UTC 2024 - Matej Cepl + +- Add CVE-2024-9287-venv_path_unquoted.patch to properly quote + path names provided when creating a virtual environment + (bsc#1232241, CVE-2024-9287) + +------------------------------------------------------------------- +Wed Oct 2 16:18:29 UTC 2024 - Matej Cepl + +- Drop .pyc files from docdir for reproducible builds + (bsc#1230906). + +------------------------------------------------------------------- +Mon Sep 9 16:53:07 UTC 2024 - Matej Cepl + +- Update to 3.11.10: + - Security + - gh-123678: Upgrade libexpat to 2.6.3 + - gh-121957: Fixed missing audit events around interactive + use of Python, now also properly firing for ``python -i``, + as well as for ``python -m asyncio``. The event in question + is ``cpython.run_stdin``. + - gh-122133: Authenticate the socket connection for the + ``socket.socketpair()`` fallback on platforms where + ``AF_UNIX`` is not available like Windows. Patch by + Gregory P. Smith and Seth Larson + . Reported by Ellie + - gh-121285: Remove backtracking from tarfile header parsing + for ``hdrcharset``, PAX, and GNU sparse headers + (bsc#1230227, CVE-2024-6232). + - gh-118486: :func:`os.mkdir` on Windows now accepts + *mode* of ``0o700`` to restrict the new directory to + the current user. This fixes CVE-2024-4030 affecting + :func:`tempfile.mkdtemp` in scenarios where the base + temporary directory is more permissive than the default. + - gh-116741: Update bundled libexpat to 2.6.2 + - Library + - gh-123270: Applied a more surgical fix for malformed + payloads in :class:`zipfile.Path` causing infinite loops + (gh-122905) without breaking contents using legitimate + characters (bsc#1229704, CVE-2024-8088). + - gh-123067: Fix quadratic complexity in parsing ``"``-quoted + cookie values with backslashes by :mod:`http.cookies` + (bsc#1229596, CVE-2024-7592). + - gh-122905: :class:`zipfile.Path` objects now sanitize names + from the zipfile. + - gh-121650: :mod:`email` headers with embedded newlines are + now quoted on output. The :mod:`~email.generator` will now + refuse to serialize (write) headers that are unsafely folded + or delimited; see :attr:`~email.policy.Policy.verify_generated_headers`. + (Contributed by Bas Bloemsaat and Petr Viktorin in + :gh:`121650`; CVE-2024-6923, bsc#1228780). + - gh-119506: Fix :meth:`!io.TextIOWrapper.write` method + breaks internal buffer when the method is called again + during flushing internal buffer. + - gh-118643: Fix an AttributeError in the :mod:`email` module + when re-fold a long address list. Also fix more cases of + incorrect encoding of the address separator in the address + list. + - gh-113171: Fixed various false positives and false + negatives in * :attr:`ipaddress.IPv4Address.is_private` + (see these docs for details) * + :attr:`ipaddress.IPv4Address.is_global` * + :attr:`ipaddress.IPv6Address.is_private` * + :attr:`ipaddress.IPv6Address.is_global` Also in the + corresponding :class:`ipaddress.IPv4Network` and + :class:`ipaddress.IPv6Network` attributes. + Fixes bsc#1226448 (CVE-2024-4032). + - gh-102988: :func:`email.utils.getaddresses` and + :func:`email.utils.parseaddr` now return ``('', '')`` + 2-tuples in more situations where invalid email addresses + are encountered instead of potentially inaccurate + values. Add optional *strict* parameter to these two + functions: use ``strict=False`` to get the old behavior, + accept malformed inputs. ``getattr(email.utils, + 'supports_strict_parsing', False)`` can be use to check if + the *strict* paramater is available. Patch by Thomas Dwyer + and Victor Stinner to improve the CVE-2023-27043 fix + (bsc#1210638). + - gh-67693: Fix :func:`urllib.parse.urlunparse` and + :func:`urllib.parse.urlunsplit` for URIs with path starting + with multiple slashes and no authority. Based on patch by + Ashwin Ramaswami. + - Core and Builtins + - gh-112275: A deadlock involving ``pystate.c``'s + ``HEAD_LOCK`` in ``posixmodule.c`` at fork is now + fixed. Patch by ChuBoning based on previous Python 3.12 fix + by Victor Stinner. + - gh-109120: Added handle of incorrect star expressions, e.g + ``f(3, *)``. Patch by Grigoryev Semyon +- Removed upstreamed patches: + - CVE-2023-27043-email-parsing-errors.patch + - CVE-2024-4032-private-IP-addrs.patch + - CVE-2024-6923-email-hdr-inject.patch + - CVE-2024-8088-inf-loop-zipfile_Path.patch + (renamed from CVE-2024-8088-zipfile-Path-sanitization.patch) + - CVE-2024-6232-ReDOS-backtrack-tarfile.patch + - CVE-2024-7592-quad-complex-cookies.patch + +------------------------------------------------------------------- +Mon Sep 2 09:44:26 UTC 2024 - Matej Cepl + +- Add gh120226-fix-sendfile-test-kernel-610.patch to avoid + failing test_sendfile_close_peer_in_the_middle_of_receiving + tests on Linux >= 6.10 (GH-120227). + +------------------------------------------------------------------- +Wed Aug 28 16:54:34 UTC 2024 - Matej Cepl + +- Add CVE-2024-8088-inf-loop-zipfile_Path.patch to prevent + malformed payload to cause infinite loops in zipfile.Path + (bsc#1229704, CVE-2024-8088). + +------------------------------------------------------------------- +Wed Aug 7 12:12:42 UTC 2024 - Matej Cepl + +- Add CVE-2024-6923-email-hdr-inject.patch to prevent email + header injection due to unquoted newlines (bsc#1228780, + CVE-2024-6923). +- %{profileopt} variable is set according to the variable + %{do_profiling} (bsc#1227999) + +------------------------------------------------------------------- +Mon Jul 22 21:20:55 UTC 2024 - Matej Cepl + +- Remove %suse_update_desktop_file macro as it is not useful any + more. + +------------------------------------------------------------------- +Thu Jul 18 22:37:07 UTC 2024 - Matej Cepl + +- Adding bso1227999-reproducible-builds.patch fixing bsc#1227999 + adding reproducibility patches from gh#python/cpython!121872 + and gh#python/cpython!121883. + +------------------------------------------------------------------- +Mon Jul 15 12:14:05 UTC 2024 - Matej Cepl + +- Stop using %%defattr, it seems to be breaking proper executable + attributes on /usr/bin/ scripts (bsc#1227378). + +------------------------------------------------------------------- +Tue Jul 2 10:32:58 UTC 2024 - Daniel Garcia + +- Update F00251-change-user-install-location.patch to make pip and + modern tools install directly in /usr/local when used by the user. + bsc#1225660 + +------------------------------------------------------------------- +Tue Jun 25 21:57:40 UTC 2024 - Matej Cepl + +- Add CVE-2024-4032-private-IP-addrs.patch to fix bsc#1226448 + (CVE-2024-4032) rearranging definition of private v global IP + addresses. + +------------------------------------------------------------------- +Wed May 1 08:39:08 UTC 2024 - Matej Cepl + +- Update CVE-2023-52425-libexpat-2.6.0-backport.patch + so that it uses features sniffing, not just + comparing version number. Include also + support-expat-CVE-2022-25236-patched.patch. +- Add CVE-2023-52425-remove-reparse_deferral-tests.patch skipping + failing tests. +- Refresh patches: + - CVE-2023-27043-email-parsing-errors.patch + - fix_configure_rst.patch + - skip_if_buildbot-extend.patch +- Remove included patch: + - support-expat-CVE-2022-25236-patched.patch + +------------------------------------------------------------------- +Mon Apr 15 10:31:32 UTC 2024 - Daniel Garcia + +- Add CVE-2023-52425-libexpat-2.6.0-backport.patch to fix tests with + patched libexpat below 2.6.0 that doesn't update the version number, + just in SLE. + +------------------------------------------------------------------- +Mon Apr 8 05:44:04 UTC 2024 - Daniel Garcia + +- Remove not needed upstream patches: + * libexpat260.patch + * CVE-2023-6597-TempDir-cleaning-symlink.patch, bsc#1219666 + * CVE-2024-0397-memrace_ssl.SSLContext_cert_store.patch + +- Update to 3.11.9: + * Security + - gh-115398: Allow controlling Expat >=2.6.0 reparse deferral + (CVE-2023-52425, bsc#1219559) by adding five new methods: + xml.etree.ElementTree.XMLParser.flush() + xml.etree.ElementTree.XMLPullParser.flush() + xml.parsers.expat.xmlparser.GetReparseDeferralEnabled() + xml.parsers.expat.xmlparser.SetReparseDeferralEnabled() + xml.sax.expatreader.ExpatParser.flush() + - gh-115399: Update bundled libexpat to 2.6.0 + - gh-115243: Fix possible crashes in collections.deque.index() + when the deque is concurrently modified. + - gh-114572: ssl.SSLContext.cert_store_stats() and + ssl.SSLContext.get_ca_certs() now correctly lock access to the + certificate store, when the ssl.SSLContext is shared across + multiple threads (bsc#1226447, CVE-2024-0397). + * Core and Builtins + - gh-116296: Fix possible refleak in object.__reduce__() internal + error handling. + - gh-116034: Fix location of the error on a failed assertion. + - gh-115823: Properly calculate error ranges in the parser when + raising SyntaxError exceptions caused by invalid byte sequences. + Patch by Pablo Galindo + - gh-112087: For an empty reverse iterator for list will be + reduced to reversed(). Patch by Donghee Na. + - gh-115011: Setters for members with an unsigned integer type now + support the same range of valid values for objects that has a + __index__() method as for int. + - gh-96497: Fix incorrect resolution of mangled class variables + used in assignment expressions in comprehensions. + * Library + - gh-117310: Fixed an unlikely early & extra Py_DECREF triggered + crash in ssl when creating a new _ssl._SSLContext if CPython was + built implausibly such that the default cipher list is empty or + the SSL library it was linked against reports a failure from its + C SSL_CTX_set_cipher_list() API. + - gh-117178: Fix regression in lazy loading of self-referential + modules, introduced in gh-114781. + - gh-117084: Fix zipfile extraction for directory entries with the + name containing backslashes on Windows. + - gh-117110: Fix a bug that prevents subclasses of typing.Any to + be instantiated with arguments. Patch by Chris Fu. + - gh-90872: On Windows, subprocess.Popen.wait() no longer calls + WaitForSingleObject() with a negative timeout: pass 0 ms if the + timeout is negative. Patch by Victor Stinner. + - gh-116957: configparser: Don’t leave ConfigParser values in an + invalid state (stored as a list instead of a str) after an + earlier read raised DuplicateSectionError or + DuplicateOptionError. + - gh-90095: Ignore empty lines and comments in .pdbrc + - gh-116764: Restore support of None and other false values in + urllib.parse functions parse_qs() and parse_qsl(). Also, they + now raise a TypeError for non-zero integers and non-empty + sequences. + - gh-116811: In PathFinder.invalidate_caches, delegate to + MetadataPathFinder.invalidate_caches. + - gh-116600: Fix repr() for global Flag members. + - gh-116484: Change automatically generated tkinter.Checkbutton + widget names to avoid collisions with automatically generated + tkinter.ttk.Checkbutton widget names within the same parent + widget. + - gh-116401: Fix blocking os.fwalk() and shutil.rmtree() on + opening named pipe. + - gh-116143: Fix a race in pydoc _start_server, eliminating a + window in which _start_server can return a thread that is + “serving” but without a docserver set. + - gh-116325: typing: raise SyntaxError instead of AttributeError + on forward references as empty strings. + - gh-90535: Fix support of interval values > 1 in + logging.TimedRotatingFileHandler for when='MIDNIGHT' and + when='Wx'. + - gh-115978: Disable preadv(), readv(), pwritev(), and writev() on + WASI. + - Under wasmtime for WASI 0.2, these functions don’t pass + test_posix + (https://github.com/bytecodealliance/wasmtime/issues/7830). + - gh-88352: Fix the computation of the next rollover time in the + logging.TimedRotatingFileHandler handler. computeRollover() now + always returns a timestamp larger than the specified time and + works correctly during the DST change. doRollover() no longer + overwrite the already rolled over file, saving from data loss + when run at midnight or during repeated time at the DST change. + - gh-87115: Set __main__.__spec__ to None when running a script + with pdb + - gh-76511: Fix UnicodeEncodeError in email.Message.as_string() + that results when a message that claims to be in the ascii + character set actually has non-ascii characters. Non-ascii + characters are now replaced with the U+FFFD replacement + character, like in the replace error handler. + - gh-75988: Fixed unittest.mock.create_autospec() to pass the call + through to the wrapped object to return the real result. + - gh-115881: Fix issue where ast.parse() would incorrectly flag + conditional context managers (such as with (x() if y else z()): + ...) as invalid syntax if feature_version=(3, 8) was passed. + This reverts changes to the grammar made as part of gh-94949. + - gh-115886: Fix silent truncation of the name with an embedded + null character in multiprocessing.shared_memory.SharedMemory. + - gh-115809: Improve algorithm for computing which rolled-over log + files to delete in logging.TimedRotatingFileHandler. It is now + reliable for handlers without namer and with arbitrary + deterministic namer that leaves the datetime part in the file + name unmodified. + - gh-74668: urllib.parse functions parse_qs() and parse_qsl() now + support bytes arguments containing raw and percent-encoded + non-ASCII data. + - gh-67044: csv.writer() now always quotes or escapes '\r' and + '\n', regardless of lineterminator value. + - gh-115712: csv.writer() now quotes empty fields if delimiter is + a space and skipinitialspace is true and raises exception if + quoting is not possible. + - gh-115618: Fix improper decreasing the reference count for None + argument in property methods getter(), setter() and deleter(). + - gh-115570: A DeprecationWarning is no longer omitted on access + to the __doc__ attributes of the deprecated typing.io and + typing.re pseudo-modules. + - gh-112006: Fix inspect.unwrap() for types with the __wrapper__ + data descriptor. + - gh-101293: Support callables with the __call__() method and + types with __new__() and __init__() methods set to class + methods, static methods, bound methods, partial functions, and + other types of methods and descriptors in + inspect.Signature.from_callable(). + - gh-115392: Fix a bug in doctest where incorrect line numbers + would be reported for decorated functions. + - gh-114563: Fix several format() bugs when using the C + implementation of Decimal: * memory leak in some rare cases when + using the z format option (coerce negative 0) * incorrect output + when applying the z format option to type F (fixed-point with + capital NAN / INF) * incorrect output when applying the # format + option (alternate form) + - gh-115197: urllib.request no longer resolves the hostname before + checking it against the system’s proxy bypass list on macOS and + Windows. + - gh-115198: Fix support of Docutils >= 0.19 in distutils. + - gh-115165: Most exceptions are now ignored when attempting to + set the __orig_class__ attribute on objects returned when + calling typing generic aliases (including generic aliases + created using typing.Annotated). Previously only AttributeError + was ignored. Patch by Dave Shawley. + - gh-115133: Fix tests for XMLPullParser with Expat 2.6.0. + - gh-115059: io.BufferedRandom.read1() now flushes the underlying + write buffer. + - gh-79382: Trailing ** no longer allows to match files and + non-existing paths in recursive glob(). + - gh-114763: Protect modules loaded with importlib.util.LazyLoader + from race conditions when multiple threads try to access + attributes before the loading is complete. + - gh-97959: Fix rendering class methods, bound methods, method and + function aliases in pydoc. Class methods no longer have “method + of builtins.type instance” note. Corresponding notes are now + added for class and unbound methods. Method and function aliases + now have references to the module or the class where the origin + was defined if it differs from the current. Bound methods are + now listed in the static methods section. Methods of builtin + classes are now supported as well as methods of Python classes. + - gh-112281: Allow creating union of types for typing.Annotated + with unhashable metadata. + - gh-111775: Fix importlib.resources.simple.ResourceHandle.open() + for text mode, added missed stream argument. + - gh-90095: Make .pdbrc and -c work with any valid pdb commands. + - gh-107155: Fix incorrect output of help(x) where x is a lambda + function, which has an __annotations__ dictionary attribute with + a "return" key. + - gh-105866: Fixed _get_slots bug which caused error when defining + dataclasses with slots and a weakref_slot. + - gh-60346: Fix ArgumentParser inconsistent with parse_known_args. + - gh-100985: Update HTTPSConnection to consistently wrap IPv6 + Addresses when using a proxy. + - gh-100884: email: fix misfolding of comma in address-lists over + multiple lines in combination with unicode encoding. + - gh-95782: Fix io.BufferedReader.tell(), + io.BufferedReader.seek(), _pyio.BufferedReader.tell(), + io.BufferedRandom.tell(), io.BufferedRandom.seek() and + _pyio.BufferedRandom.tell() being able to return negative + offsets. + - gh-96310: Fix a traceback in argparse when all options in a + mutually exclusive group are suppressed. + - gh-93205: Fixed a bug in + logging.handlers.TimedRotatingFileHandler where multiple + rotating handler instances pointing to files with the same name + but different extensions would conflict and not delete the + correct files. + - bpo-44865: Add missing call to localization function in + argparse. + - bpo-43952: Fix multiprocessing.connection.Listener.accept() to + accept empty bytes as authkey. Not accepting empty bytes as key + causes it to hang indefinitely. + - bpo-42125: linecache: get module name from __spec__ if + available. This allows getting source code for the __main__ + module when a custom loader is used. + - gh-66543: Make mimetypes.guess_type() properly parsing of URLs + with only a host name, URLs containing fragment or query, and + filenames with only a UNC sharepoint on Windows. Based on patch + by Dong-hee Na. + - bpo-33775: Add ‘default’ and ‘version’ help text for + localization in argparse. + * Documentation + - gh-115399: Document CVE-2023-52425 of Expat <2.6.0 under “XML + vulnerabilities”. + - gh-115233: Fix an example for LoggerAdapter in the Logging + Cookbook. + * Tests + - gh-83434: Disable JUnit XML output (--junit-xml=FILE command + line option) in regrtest when hunting for reference leaks (-R + option). Patch by Victor Stinner. + - gh-117187: Fix XML tests for vanilla Expat <2.6.0. + - gh-115979: Update test_importlib so that it passes under WASI + SDK 21. + - gh-116307: Added import helper isolated_modules as CleanImport + does not remove modules imported during the context. + - gh-115720: Leak tests (-R, --huntrleaks) now show a summary of + the number of leaks found in each iteration. + - gh-115122: Add --bisect option to regrtest test runner: run + failed tests with test.bisect_cmd to identify failing tests. + Patch by Victor Stinner. + - gh-115596: Fix ProgramPriorityTests in test_os permanently + changing the process priority. + - gh-115198: Fix test_check_metadata_deprecate in distutils tests + with a newer Docutils. + * Build + - gh-116313: Get WASI builds to work under wasmtime 18 w/ WASI + 0.2/preview2 primitives. + - gh-115167: Avoid vendoring vcruntime140_threads.dll when + building with Visual Studio 2022 version 17.8. + * Windows + - gh-116773: Fix instances of <_overlapped.Overlapped object at + 0xXXX> still has pending operation at deallocation, the process + may crash. + - gh-91227: Fix the asyncio ProactorEventLoop implementation so + that sending a datagram to an address that is not listening does + not prevent receiving any more datagrams. + - gh-115554: The installer now has more strict rules about + updating the Python Launcher for Windows. In general, most users + only have a single launcher installed and will see no + difference. When multiple launchers have been installed, the + option to install the launcher is disabled until all but one + have been removed. Downgrading the launcher (which was never + allowed) is now more obviously blocked. + - gh-115543: Python Launcher for Windows can now detect Python + 3.13 when installed from the Microsoft Store, and will install + Python 3.12 by default when PYLAUNCHER_ALLOW_INSTALL is set. + - gh-115009: Update Windows installer to use SQLite 3.45.1. + * IDLE + - gh-88516: On macOS show a proxy icon in the title bar of editor + windows to match platform behaviour. + * Tools/Demos + - gh-113516: Don’t set LDSHARED when building for WASI. + * C API + - gh-117021: Fix integer overflow in PyLong_AsPid() on non-Windows + 64-bit platforms. + +------------------------------------------------------------------- +Sun Mar 24 07:51:45 UTC 2024 - Matej Cepl + +- Add reference to CVE-2024-0450 (bsc#1221854) to changelog. + +------------------------------------------------------------------- +Fri Mar 22 21:22:27 UTC 2024 - Matej Cepl + +- Because of bsc#1189495 we have to revert use of %autopatch. + +------------------------------------------------------------------- +Tue Mar 12 08:44:47 UTC 2024 - Matej Cepl + +- Rewrite %prep to use %autosetup et al. for compatibility with + rpm 4.20. + +------------------------------------------------------------------- +Tue Mar 12 08:13:34 UTC 2024 - Matej Cepl + +- bsc#1221260 add bsc1221260-test_asyncio-ResourceWarning.patch + to eliminate ResourceWarning which broke the test suite in + test_asyncio. + +------------------------------------------------------------------- +Wed Mar 6 14:13:58 UTC 2024 - Pedro Monreal + +- Use the system-wide crypto-policies [bsc#1211301] + * Use the system default cipher list instead of hardcoded values + * Add the --with-ssl-default-suites=openssl configure option + +------------------------------------------------------------------- +Fri Feb 23 01:06:42 UTC 2024 - Matej Cepl + +- (bsc#1219666, CVE-2023-6597) Add + CVE-2023-6597-TempDir-cleaning-symlink.patch (patch from + gh#python/cpython!99930) fixing symlink bug in cleanup of + tempfile.TemporaryDirectory. + +------------------------------------------------------------------- +Tue Feb 20 22:14:02 UTC 2024 - Matej Cepl + +- Remove double definition of /usr/bin/idle%%{version} in + %%files. + +------------------------------------------------------------------- +Thu Feb 15 10:29:07 UTC 2024 - Daniel Garcia + +- Add upstream patch libexpat260.patch, Fix tests for XMLPullParser + with Expat 2.6.0, gh#python/cpython#115289 + +------------------------------------------------------------------- +Thu Feb 8 07:27:40 UTC 2024 - Daniel Garcia + +- Update to 3.11.8: + - Security + - gh-113659: Skip .pth files with names starting with a dot or + hidden file attribute. + - Core and Builtins + - gh-114887: Changed socket type validation in + create_datagram_endpoint() to accept all non-stream sockets. + This fixes a regression in compatibility with raw sockets. + - gh-114388: Fix a RuntimeWarning emitted when assign an + integer-like value that is not an instance of int to an + attribute that corresponds to a C struct member of type T_UINT + and T_ULONG. Fix a double RuntimeWarning emitted when assign a + negative integer value to an attribute that corresponds to a C + struct member of type T_UINT. + - gh-89811: Check for a valid tp_version_tag before performing + bytecode specializations that rely on this value being usable. + - gh-113602: Fix an error that was causing the parser to try to + overwrite existing errors and crashing in the process. Patch by + Pablo Galindo + - gh-113566: Fix a 3.11-specific crash when the repr of a Future + is requested after the module has already been + garbage-collected. + - gh-106905: Use per AST-parser state rather than global state to + track recursion depth within the AST parser to prevent potential + race condition due to simultaneous parsing. + - The issue primarily showed up in 3.11 by multithreaded users of + ast.parse(). In 3.12 a change to when garbage collection can be + triggered prevented the race condition from occurring. + - gh-112716: Fix SystemError in the import statement and in + __reduce__() methods of builtin types when __builtins__ is not a + dict. + - gh-105967: Workaround a bug in Apple’s macOS platform zlib + library where zlib.crc32() and binascii.crc32() could produce + incorrect results on multi-gigabyte inputs. Including when using + zipfile on zips containing large data. + - gh-94606: Fix UnicodeEncodeError when + email.message.get_payload() reads a message with a Unicode + surrogate character and the message content is not well-formed + for surrogateescape encoding. Patch by Sidney Markowitz. + - Library + - gh-114965: Update bundled pip to 24.0 + - gh-114959: tarfile no longer ignores errors when trying to + extract a directory on top of a file. + - gh-109475: Fix support of explicit option value “–” in argparse + (e.g. --option=--). + - gh-110190: Fix ctypes structs with array on Windows ARM64 + platform by setting MAX_STRUCT_SIZE to 32 in stgdict. Patch by + Diego Russo + - gh-113280: Fix a leak of open socket in rare cases when error + occurred in ssl.SSLSocket creation. + - gh-77749: email.policy.EmailPolicy.fold() now always encodes + non-ASCII characters in headers if utf8 is false. + - gh-114492: Make the result of termios.tcgetattr() reproducible + on Alpine Linux. Previously it could leave a random garbage in + some fields. + - gh-75128: Ignore an OSError in + asyncio.BaseEventLoop.create_server() when IPv6 is available but + the interface cannot actually support it. + - gh-114257: Dismiss the FileNotFound error in + ctypes.util.find_library() and just return None on Linux. + - gh-101438: Avoid reference cycle in ElementTree.iterparse. The + iterator returned by ElementTree.iterparse may hold on to a file + descriptor. The reference cycle prevented prompt clean-up of the + file descriptor if the returned iterator was not exhausted. + - gh-104522: OSError raised when run a subprocess now only has + filename attribute set to cwd if the error was caused by a + failed attempt to change the current directory. + - gh-109534: Fix a reference leak in + asyncio.selector_events.BaseSelectorEventLoop when SSL + handshakes fail. Patch contributed by Jamie Phan. + - gh-114077: Fix possible OverflowError in + socket.socket.sendfile() when pass count larger than 2 GiB on + 32-bit platform. + - gh-114014: Fixed a bug in fractions.Fraction where an invalid + string using d in the decimals part creates a different error + compared to other invalid letters/characters. Patch by Jeremiah + Gabriel Pascual. + - gh-113951: Fix the behavior of tag_unbind() methods of + tkinter.Text and tkinter.Canvas classes with three arguments. + Previously, widget.tag_unbind(tag, sequence, funcid) destroyed + the current binding for sequence, leaving sequence unbound, and + deleted the funcid command. Now it removes only funcid from the + binding for sequence, keeping other commands, and deletes the + funcid command. It leaves sequence unbound only if funcid was + the last bound command. + - gh-113877: Fix tkinter method winfo_pathname() on 64-bit + Windows. + - gh-113781: Silence unraisable AttributeError when warnings are + emitted during Python finalization. + - gh-113594: Fix UnicodeEncodeError in email when re-fold lines + that contain unknown-8bit encoded part followed by + non-unknown-8bit encoded part. + - gh-113538: In asyncio.StreamReaderProtocol.connection_made(), + there is callback that logs an error if the task wrapping the + “connected callback” fails. This callback would itself fail if + the task was cancelled. Prevent this by checking whether the + task was cancelled first. If so, close the transport but don’t + log an error. + - gh-85567: Fix resource warnings for unclosed files in pickle and + pickletools command line interfaces. + - gh-101225: Increase the backlog for + multiprocessing.connection.Listener objects created by + multiprocessing.manager and multiprocessing.resource_sharer to + significantly reduce the risk of getting a connection refused + error when creating a multiprocessing.connection.Connection to + them. + - gh-113543: Make sure that webbrowser.MacOSXOSAScript sends + webbrowser.open audit event. + - gh-113028: When a second reference to a string appears in the + input to pickle, and the Python implementation is in use, we are + guaranteed that a single copy gets pickled and a single object + is shared when reloaded. Previously, in protocol 0, when a + string contained certain characters (e.g. newline) it resulted + in duplicate objects. + - gh-113421: Fix multiprocessing logger for %(filename)s. + - gh-113358: Fix rendering tracebacks for exceptions with a broken + __getattr__. + - gh-113214: Fix an AttributeError during asyncio SSL protocol + aborts in SSL-over-SSL scenarios. + - gh-113246: Update bundled pip to 23.3.2. + - gh-113199: Make http.client.HTTPResponse.read1 and + http.client.HTTPResponse.readline close IO after reading all + data when content length is known. Patch by Illia Volochii. + - gh-113188: Fix shutil.copymode() and shutil.copystat() on + Windows. Previously they worked differenly if dst is a symbolic + link: they modified the permission bits of dst itself rather + than the file it points to if follow_symlinks is true or src is + not a symbolic link, and did not modify the permission bits if + follow_symlinks is false and src is a symbolic link. + - gh-61648: Detect line numbers of properties in doctests. + - gh-112559: signal.signal() and signal.getsignal() no longer call + repr on callable handlers. asyncio.run() and + asyncio.Runner.run() no longer call repr on the task results. + Patch by Yilei Yang. + - gh-110190: Fix ctypes structs with array on PPC64LE platform by + setting MAX_STRUCT_SIZE to 64 in stgdict. Patch by Diego Russo. + - gh-79429: Ignore FileNotFoundError when remove a temporary + directory in the multiprocessing finalizer. + - gh-79325: Fix an infinite recursion error in + tempfile.TemporaryDirectory() cleanup on Windows. + - gh-110190: Fix ctypes structs with array on Arm platform by + setting MAX_STRUCT_SIZE to 32 in stgdict. Patch by Diego Russo. + - gh-81194: Fix a crash in socket.if_indextoname() with specific + value (UINT_MAX). Fix an integer overflow in + socket.if_indextoname() on 64-bit non-Windows platforms. + - gh-75666: Fix the behavior of tkinter widget’s unbind() method + with two arguments. Previously, widget.unbind(sequence, funcid) + destroyed the current binding for sequence, leaving sequence + unbound, and deleted the funcid command. Now it removes only + funcid from the binding for sequence, keeping other commands, + and deletes the funcid command. It leaves sequence unbound only + if funcid was the last bound command. + - gh-110345: Show the Tcl/Tk patchlevel (rather than version) in + tkinter._test(). + - gh-109858: Protect zipfile from “quoted-overlap” zipbomb. It now + raises BadZipFile when try to read an entry that overlaps with + other entry or central directory (bsc#1221854, CVE-2024-0450). + - gh-38807: Fix race condition in trace. Instead of checking if a + directory exists and creating it, directly call os.makedirs() + with the kwarg exist_ok=True. + - gh-75705: Set unixfrom envelope in mailbox.mbox and + mailbox.MMDF. + - gh-105102: Allow ctypes.Union to be nested in ctypes.Structure + when the system endianness is the opposite of the classes. + - gh-104282: Fix null pointer dereference in + lzma._decode_filter_properties() due to improper handling of BCJ + filters with properties of zero length. Patch by Radislav + Chugunov. + - gh-102512: When os.fork() is called from a foreign thread (aka + _DummyThread), the type of the thread in a child process is + changed to _MainThread. Also changed its name and daemonic + status, it can be now joined. + - gh-91133: Fix a bug in tempfile.TemporaryDirectory cleanup, + which now no longer dereferences symlinks when working around + file system permission errors. + - bpo-43153: On Windows, tempfile.TemporaryDirectory previously + masked a PermissionError with NotADirectoryError during + directory cleanup. It now correctly raises PermissionError if + errors are not ignored. Patch by Andrei Kulakov and Ken Jin. + - bpo-35332: The shutil.rmtree() function now ignores errors when + calling os.close() when ignore_errors is True, and os.close() no + longer retried after error. + - bpo-35928: io.TextIOWrapper now correctly handles the decoding + buffer after read() and write(). + - bpo-26791: shutil.move() now moves a symlink into a directory + when that directory is the target of the symlink. This provides + the same behavior as the mv shell command. The previous behavior + raised an exception. Patch by Jeffrey Kintscher. + - bpo-36959: Fix some error messages for invalid ISO format string + combinations in strptime() that referred to directives not + contained in the format string. Patch by Gordon P. Hemsley. + - bpo-18060: Fixed a class inheritance issue that can cause + segfaults when deriving two or more levels of subclasses from a + base class of Structure or Union. + - Documentation + - gh-110746: Improved markup for valid options/values for methods + ttk.treeview.column and ttk.treeview.heading, and for Layouts. + - gh-95649: Document that the asyncio module contains code taken + from v0.16.0 of the uvloop project, as well as the required MIT + licensing information. + - Tests + - gh-109980: Fix test_tarfile_vs_tar in test_shutil for macOS, + where system tar can include more information in the archive + than shutil.make_archive. + - gh-112769: The tests now correctly compare zlib version when + zlib.ZLIB_RUNTIME_VERSION contains non-integer suffixes. For + example zlib-ng defines the version as 1.3.0.zlib-ng. + - gh-105089: Fix + test.test_zipfile.test_core.TestWithDirectory.test_create_directory_with_write + test in AIX by doing a bitwise AND of 0xFFFF on mode , so that + it will be in sync with zinfo.external_attr + - bpo-40648: Test modes that file can get with chmod() on Windows. + - Build + - gh-101778: Fix build error when there’s a dangling symlink in + the directory containing ffi.h. + - gh-112305: Fixed the check-clean-src step performed on out of + tree builds to detect errant $(srcdir)/Python/frozen_modules/*.h + files and recommend appropriate source tree cleanup steps to get + a working build again. + - bpo-11102: The os.major(), os.makedev(), and os.minor() + functions are now available on HP-UX v3. + - bpo-36351: Do not set ipv6type when cross-compiling. + - IDLE + - gh-96905: In idlelib code, stop redefining built-ins ‘dict’ and + ‘object’. + - gh-72284: Improve the lists of features, editor key bindings, + and shell key bingings in the IDLE doc. + - gh-113903: Fix rare failure of test.test_idle, in + test_configdialog. + - gh-113729: Fix the “Help -> IDLE Doc” menu bug in 3.11.7 and + 3.12.1. + - gh-113269: Fix test_editor hang on macOS Catalina. + - gh-112898: Fix processing unsaved files when quitting IDLE on + macOS. + - gh-103820: Revise IDLE bindings so that events from mouse button + 4/5 on non-X11 windowing systems (i.e. Win32 and Aqua) are not + mistaken for scrolling. + - bpo-13586: Enter the selected text when opening the “Replace” + dialog. + - Tools/Demos + - gh-109991: Update GitHub CI workflows to use OpenSSL 3.0.13 and + multissltests to use 1.1.1w, 3.0.13, 3.1.5, and 3.2.1. + - gh-115015: Fix a bug in Argument Clinic that generated incorrect + code for methods with no parameters that use the METH_METHOD | + METH_FASTCALL | METH_KEYWORDS calling convention. Only the + positional parameter count was checked; any keyword argument + passed would be silently accepted. +- Remove upstreamed patches: + - CVE-2024-0450-zipfile-avoid-quoted-overlap-zipbomb.patch +- Refresh all patches: + - CVE-2023-27043-email-parsing-errors.patch + - F00251-change-user-install-location.patch + - bpo-31046_ensurepip_honours_prefix.patch + - distutils-reproducible-compile.patch + - fix_configure_rst.patch + - python-3.3.0b1-fix_date_time_compiler.patch + - python-3.3.0b1-localpath.patch + - python-3.3.0b1-test-posix_fadvise.patch + - skip_if_buildbot-extend.patch + - subprocess-raise-timeout.patch + - support-expat-CVE-2022-25236-patched.patch + +------------------------------------------------------------------- +Tue Dec 19 16:34:50 UTC 2023 - Daniel Garcia + +- Update patch fix_configure_rst.patch +- Update to 3.11.7: + - Core and Builtins + - gh-112625: Fixes a bug where a bytearray object could be cleared + while iterating over an argument in the bytearray.join() method + that could result in reading memory after it was freed. + - gh-112388: Fix an error that was causing the parser to try to + overwrite tokenizer errors. Patch by pablo Galindo + - gh-112387: Fix error positions for decoded strings with + backwards tokenize errors. Patch by Pablo Galindo + - gh-112266: Change docstrings of __dict__ and __weakref__. + - gh-109181: Speed up Traceback object creation by lazily compute + the line number. Patch by Pablo Galindo + - gh-102388: Fix a bug where iso2022_jp_3 and iso2022_jp_2004 + codecs read out of bounds + - gh-111366: Fix an issue in the codeop that was causing + SyntaxError exceptions raised in the presence of invalid syntax + to not contain precise error messages. Patch by Pablo Galindo + - gh-111380: Fix a bug that was causing SyntaxWarning to appear + twice when parsing if invalid syntax is encountered later. Patch + by Pablo galindo + - gh-88116: Traceback location ranges involving wide unicode + characters (like emoji and asian characters) now are properly + highlighted. Patch by Batuhan Taskaya and Pablo Galindo. + - gh-94438: Fix a regression that prevented jumping across is None + and is not None when debugging. Patch by Savannah Ostrowski. + - gh-110696: Fix incorrect error message for invalid argument + unpacking. Patch by Pablo Galindo + - gh-110237: Fix missing error checks for calls to PyList_Append + in _PyEval_MatchClass. + - gh-109216: Fix possible memory leak in BUILD_MAP. + + - Library + - gh-112618: Fix a caching bug relating to typing.Annotated. + Annotated[str, True] is no longer identical to Annotated[str, + 1]. + - gh-112509: Fix edge cases that could cause a key to be present + in both the __required_keys__ and __optional_keys__ attributes + of a typing.TypedDict. Patch by Jelle Zijlstra. + - gh-94722: Fix bug where comparison between instances of DocTest + fails if one of them has None as its lineno. + - gh-112105: Make readline.set_completer_delims() work with + libedit + - gh-111942: Fix SystemError in the TextIOWrapper constructor with + non-encodable “errors” argument in non-debug mode. + - gh-109538: Issue warning message instead of having RuntimeError + be displayed when event loop has already been closed at + StreamWriter.__del__(). + - gh-111942: Fix crashes in io.TextIOWrapper.reconfigure() when + pass invalid arguments, e.g. non-string encoding. + - gh-111804: Remove posix.fallocate() under WASI as the underlying + posix_fallocate() is not available in WASI preview2. + - gh-111841: Fix truncating arguments on an embedded null + character in os.putenv() and os.unsetenv() on Windows. + - gh-111541: Fix doctest for SyntaxError not-builtin subclasses. + - gh-110894: Call loop exception handler for exceptions in + client_connected_cb of asyncio.start_server() so that + applications can handle it. Patch by Kumar Aditya. + - gh-111531: Fix reference leaks in bind_class() and bind_all() + methods of tkinter widgets. + - gh-111356: Added io.text_encoding(), io.DEFAULT_BUFFER_SIZE, and + io.IncrementalNewlineDecoder to io.__all__. + - gh-68166: Remove mention of not supported “vsapi” element type + in tkinter.ttk.Style.element_create(). Add tests for + element_create() and other ttk.Style methods. Add examples for + element_create() in the documentation. + - gh-111251: Fix _blake2 not checking for errors when + initializing. + - gh-111174: Fix crash in io.BytesIO.getbuffer() called repeatedly + for empty BytesIO. + - gh-111187: Postpone removal version for + locale.getdefaultlocale() to Python 3.15. + - gh-111159: Fix doctest output comparison for exceptions with + notes. + - gh-110910: Fix invalid state handling in asyncio.TaskGroup and + asyncio.Timeout. They now raise proper RuntimeError if they are + improperly used and are left in consistent state after this. + - gh-111092: Make turtledemo run without default root enabled. + - gh-110590: Fix a bug in _sre.compile() where TypeError would be + overwritten by OverflowError when the code argument was a list + of non-ints. + - gh-65052: Prevent pdb from crashing when trying to display + undisplayable objects + - gh-110519: Deprecation warning about non-integer number in + gettext now alwais refers to the line in the user code where + gettext function or method is used. Previously it could refer to + a line in gettext code. + - gh-110378: contextmanager() and asynccontextmanager() context + managers now close an invalid underlying generator object that + yields more then one value. + - gh-110365: Fix termios.tcsetattr() bug that was overwritting + existing errors during parsing integers from term list. + - gh-110196: Add __reduce__ method to IPv6Address in order to keep + scope_id + - gh-109747: Improve errors for unsupported look-behind patterns. + Now re.error is raised instead of OverflowError or RuntimeError + for too large width of look-behind pattern. + - gh-109786: Fix possible reference leaks and crash when re-enter + the __next__() method of itertools.pairwise. + - gh-108791: Improved error handling in pdb command line + interface, making it produce more concise error messages. + - gh-73561: Omit the interface scope from an IPv6 address when + used as Host header by http.client. + - gh-86826: zipinfo now supports the full range of values in the + TZ string determined by RFC 8536 and detects all invalid + formats. Both Python and C implementations now raise exceptions + of the same type on invalid data. + - bpo-41422: Fixed memory leaks of pickle.Pickler and + pickle.Unpickler involving cyclic references via the internal + memo mapping. + - bpo-40262: The ssl.SSLSocket.recv_into() method no longer + requires the buffer argument to implement __len__ and supports + buffers with arbitrary item size. + - bpo-35191: Fix unexpected integer truncation in + socket.setblocking() which caused it to interpret multiples of + 2**32 as False. + + - Documentation + - gh-108826: dis module command-line interface is now mentioned in + documentation. + + - Tests + - gh-110367: Make regrtest --verbose3 option compatible with + --huntrleaks -jN options. The ./python -m test -j1 -R 3:3 + --verbose3 command now works as expected. Patch by Victor + Stinner. + - gh-111309: distutils tests can now be run via unittest. + - gh-111165: Remove no longer used functions run_unittest() and + run_doctest() and class BasicTestRunner from the test.support + module. + - gh-110932: Fix regrtest if the SOURCE_DATE_EPOCH environment + variable is defined: use the variable value as the random seed. + Patch by Victor Stinner. + - gh-110995: test_gdb: Fix detection of gdb built without Python + scripting support. Patch by Victor Stinner. + - gh-110918: Test case matching patterns specified by options + --match, --ignore, --matchfile and --ignorefile are now tested + in the order of specification, and the last match determines + whether the test case be run or ignored. + - gh-110647: Fix test_stress_modifying_handlers() of test_signal. + Patch by Victor Stinner. + - gh-103053: Fix test_tools.test_freeze on FreeBSD: run “make + distclean” instead of “make clean” in the copied source + directory to remove also the “python” program. Patch by Victor + Stinner. + - gh-110167: Fix a deadlock in test_socket when server fails with + a timeout but the client is still running in its thread. Don’t + hold a lock to call cleanup functions in doCleanups(). One of + the cleanup function waits until the client completes, whereas + the client could deadlock if it called addCleanup() in such + situation. Patch by Victor Stinner. + - gh-110388: Add tests for tty. + - gh-81002: Add tests for termios. + - gh-110267: Add tests for pickling and copying PyStructSequence + objects. Patched by Xuehai Pan. + - gh-109974: Fix race conditions in test_threading lock tests. + Wait until a condition is met rather than using time.sleep() + with a hardcoded number of seconds. Patch by Victor Stinner. + - gh-109972: Split test_gdb.py file into a test_gdb package made + of multiple tests, so tests can now be run in parallel. Patch by + Victor Stinner. + - gh-104736: Fix test_gdb on Python built with LLVM clang 16 on + Linux ppc64le (ex: Fedora 38). Search patterns in gdb “bt” + command output to detect when gdb fails to retrieve the + traceback. For example, skip a test if Backtrace stopped: frame + did not save the PC is found. Patch by Victor Stinner. + - gh-108927: Fixed order dependence in running tests in the same + process when a test that has submodules (e.g. test_importlib) + follows a test that imports its submodule (e.g. + test_importlib.util) and precedes a test (e.g. test_unittest or + test_compileall) that uses that submodule. + + - Build + - gh-103053: “make check-clean-src” now also checks if the + “python” program is found in the source directory: fail with an + error if it does exist. Patch by Victor Stinner. + - gh-109191: Fix compile error when building with recent versions + of libedit. + + - IDLE + - bpo-35668: Add docstrings to the IDLE debugger module. Fix two + bugs: initialize Idb.botframe (should be in Bdb); in + Idb.in_rpc_code, check whether prev_frame is None before trying + to use it. Greatly expand test_debugger. + + - C API + - gh-112438: Fix support of format units “es”, “et”, “es#”, and + “et#” in nested tuples in PyArg_ParseTuple()-like functions. + - gh-109521: PyImport_GetImporter() now sets RuntimeError if it + fails to get sys.path_hooks or sys.path_importer_cache or they + are not list and dict correspondingly. Previously it could + return NULL without setting error in obscure cases, crash or + raise SystemError if these attributes have wrong type. +------------------------------------------------------------------- +Mon Dec 18 16:20:58 UTC 2023 - Matej Cepl + +- Refresh CVE-2023-27043-email-parsing-errors.patch to + gh#python/cpython!111116, fixing bsc#1210638 (CVE-2023-27043). +- Thus we can remove Revert-gh105127-left-tests.patch, which is + now useless. + +------------------------------------------------------------------- +Wed Nov 15 09:06:16 UTC 2023 - Daniel Garcia + +- Remove not needed patch 103213-fetch-CONFIG_ARGS.patch +- Refresh patches: + - bpo-31046_ensurepip_honours_prefix.patch + - fix_configure_rst.patch + +- Update to 3.11.6: + - Core and Builtins + - gh-109351: Fix crash when compiling an invalid AST involving a + named (walrus) expression. + - gh-109207: Fix a SystemError in __repr__ of symtable entry + object. + - gh-109179: Fix bug where the C traceback display drops notes + from SyntaxError. + - gh-88943: Improve syntax error for non-ASCII character that + follows a numerical literal. It now points on the invalid + non-ASCII character, not on the valid numerical literal. + - gh-108959: Fix caret placement for error locations for subscript + and binary operations that involve non-semantic parentheses and + spaces. Patch by Pablo Galindo + - gh-108520: Fix + multiprocessing.synchronize.SemLock.__setstate__() to properly + initialize multiprocessing.synchronize.SemLock._is_fork_ctx. + This fixes a regression when passing a SemLock accross nested + processes. + - Rename multiprocessing.synchronize.SemLock.is_fork_ctx to + multiprocessing.synchronize.SemLock._is_fork_ctx to avoid + exposing it as public API. + - Library + - gh-110036: On Windows, multiprocessing Popen.terminate() now + catchs PermissionError and get the process exit code. If the + process is still running, raise again the PermissionError. + Otherwise, the process terminated as expected: store its exit + code. Patch by Victor Stinner. + - gh-110038: Fixed an issue that caused KqueueSelector.select() to + not return all the ready events in some cases when a file + descriptor is registered for both read and write. + - gh-109631: re functions such as re.findall(), re.split(), + re.search() and re.sub() which perform short repeated matches + can now be interrupted by user. + - gh-109593: Avoid deadlocking on a reentrant call to the + multiprocessing resource tracker. Such a reentrant call, though + unlikely, can happen if a GC pass invokes the finalizer for a + multiprocessing object such as SemLock. + - gh-109613: Fix os.stat() and os.DirEntry.stat(): check for + exceptions. Previously, on Python built in debug mode, these + functions could trigger a fatal Python error (and abort the + process) when a function succeeded with an exception set. Patch + by Victor Stinner. + - gh-109375: The pdb alias command now prevents registering + aliases without arguments. + - gh-107219: Fix a race condition in concurrent.futures. When a + process in the process pool was terminated abruptly (while the + future was running or pending), close the connection write end. + If the call queue is blocked on sending bytes to a worker + process, closing the connection write end interrupts the send, + so the queue can be closed. Patch by Victor Stinner. + - gh-50644: Attempts to pickle or create a shallow or deep copy of + codecs streams now raise a TypeError. Previously, copying failed + with a RecursionError, while pickling produced wrong results + that eventually caused unpickling to fail with a RecursionError. + - gh-108987: Fix _thread.start_new_thread() race condition. If a + thread is created during Python finalization, the newly spawned + thread now exits immediately instead of trying to access freed + memory and lead to a crash. Patch by Victor Stinner. + - gh-108843: Fix an issue in ast.unparse() when unparsing + f-strings containing many quote types. + - gh-108682: Enum: raise TypeError if super().__new__() is called + from a custom __new__. + - gh-105829: Fix concurrent.futures.ProcessPoolExecutor deadlock + - gh-64662: Fix support for virtual tables in + sqlite3.Connection.iterdump(). Patch by Aviv Palivoda. + - gh-107913: Fix possible losses of errno and winerror values in + OSError exceptions if they were cleared or modified by the + cleanup code before creating the exception object. + - gh-104372: On Linux where subprocess can use the vfork() syscall + for faster spawning, prevent the parent process from blocking + other threads by dropping the GIL while it waits for the + vfork’ed child process exec() outcome. This prevents spawning a + binary from a slow filesystem from blocking the rest of the + application. + - gh-84867: unittest.TestLoader no longer loads test cases from + exact unittest.TestCase and unittest.FunctionTestCase classes. + - Documentation + - gh-109209: The minimum Sphinx version required for the + documentation is now 4.2. + - gh-105052: Update timeit doc to specify that time in seconds is + just the default. + - gh-102823: Document the return type of x // y when x and y have + type float. + - Tests + - gh-110031: Skip test_threading tests using thread+fork if Python + is built with Address Sanitizer (ASAN). Patch by Victor Stinner. + - gh-110088: Fix test_asyncio timeouts: don’t measure the maximum + duration, a test should not measure a CI performance. Only + measure the minimum duration when a task has a timeout or delay. + Add CLOCK_RES to test_asyncio.utils. Patch by Victor Stinner. + - gh-110033: Fix test_interprocess_signal() of test_signal. Make + sure that the subprocess.Popen object is deleted before the test + raising an exception in a signal handler. Otherwise, + Popen.__del__() can get the exception which is logged as + Exception ignored in: ... and the test fails. Patch by Victor + Stinner. + - gh-109594: Fix test_timeout() of + test_concurrent_futures.test_wait. Remove the future which may + or may not complete depending if it takes longer than the + timeout ot not. Keep the second future which does not complete + before wait() timeout. Patch by Victor Stinner. + - gh-109748: Fix test_zippath_from_non_installed_posix() of + test_venv: don’t copy __pycache__/ sub-directories, because they + can be modified by other Python tests running in parallel. Patch + by Victor Stinner. + - gh-103053: Skip test_freeze_simple_script() of + test_tools.test_freeze if Python is built with ./configure + --enable-optimizations, which means with Profile Guided + Optimization (PGO): it just makes the test too slow. The freeze + tool is tested by many other CIs with other (faster) compiler + flags. Patch by Victor Stinner. + - gh-109396: Fix test_socket.test_hmac_sha1() in FIPS mode. Use a + longer key: FIPS mode requires at least of at least 112 bits. + The previous key was only 32 bits. Patch by Victor Stinner. + - gh-104736: Fix test_gdb on Python built with LLVM clang 16 on + Linux ppc64le (ex: Fedora 38). Search patterns in gdb “bt” + command output to detect when gdb fails to retrieve the + traceback. For example, skip a test if Backtrace stopped: frame + did not save the PC is found. Patch by Victor Stinner. + - gh-109237: Fix test_site.test_underpth_basic() when the working + directory contains at least one non-ASCII character: encode the + ._pth file to UTF-8 and enable the UTF-8 Mode to use UTF-8 for + the child process stdout. Patch by Victor Stinner. + - gh-109230: Fix test_pyexpat.test_exception(): it can now be run + from a directory different than Python source code directory. + Before, the test failed in this case. Skip the test if + Modules/pyexpat.c source is not available. Skip also the test on + Python implementations other than CPython. Patch by Victor + Stinner. + - gh-109015: Fix test_asyncio, test_imaplib and test_socket tests + on FreeBSD if the TCP blackhole is enabled (sysctl + net.inet.tcp.blackhole). Skip the few tests which failed with + ETIMEDOUT which such non standard configuration. Currently, the + FreeBSD GCP image enables TCP and UDP blackhole (sysctl + net.inet.tcp.blackhole=2 and sysctl net.inet.udp.blackhole=1). + Patch by Victor Stinner. + - gh-91960: Skip test_gdb if gdb is unable to retrieve Python + frame objects: if a frame is . When Python is + built with “clang -Og”, gdb can fail to retrive the frame + parameter of _PyEval_EvalFrameDefault(). In this case, tests + like py_bt() are likely to fail. Without getting access to + Python frames, python-gdb.py is mostly clueless on retrieving + the Python traceback. Moreover, test_gdb is no longer skipped on + macOS if Python is built with Clang. Patch by Victor Stinner. + - gh-108962: Skip test_tempfile.test_flags() if chflags() fails + with “OSError: [Errno 45] Operation not supported” (ex: on + FreeBSD 13). Patch by Victor Stinner. + - gh-89392: Removed support of test_main() function in tests. They + now always use normal unittest test runner. + - gh-108851: Fix test_tomllib recursion tests for WASI buildbots: + reduce the recursion limit and compute the maximum nested + array/dict depending on the current available recursion limit. + Patch by Victor Stinner. + - gh-108851: Add get_recursion_available() and + get_recursion_depth() functions to the test.support module. + Patch by Victor Stinner. + - gh-108822: regrtest now computes statistics on all tests: + successes, failures and skipped. test_netrc, test_pep646_syntax + and test_xml_etree now return results in their test_main() + function. Patch by Victor Stinner and Alex Waygood. + - gh-108388: Convert test_concurrent_futures to a package of 7 + sub-tests. Patch by Victor Stinner. + - gh-108388: Split test_multiprocessing_fork, + test_multiprocessing_forkserver and test_multiprocessing_spawn + into test packages. Each package is made of 4 sub-tests: + processes, threads, manager and misc. It allows running more + tests in parallel and so reduce the total test duration. Patch + by Victor Stinner. + - gh-101634: When running the Python test suite with -jN option, + if a worker stdout cannot be decoded from the locale encoding + report a failed testn so the exitcode is non-zero. Patch by + Victor Stinner. + - gh-100086: The Python test runner (libregrtest) now logs Python + build information like “debug” vs “release” build, or LTO and + PGO optimizations. Patch by Victor Stinner. + - gh-98903: The Python test suite now fails wit exit code 4 if no + tests ran. It should help detecting typos in test names and test + methods. + - gh-95027: On Windows, when the Python test suite is run with the + -jN option, the ANSI code page is now used as the encoding for + the stdout temporary file, rather than using UTF-8 which can + lead to decoding errors. Patch by Victor Stinner. + - gh-93353: regrtest now checks if a test leaks temporary files or + directories if run with -jN option. Patch by Victor Stinner. + - Build + - gh-63760: Fix Solaris build: no longer redefine the + gethostname() function. Solaris defines the function since 2005. + Patch by Victor Stinner, original patch by Jakub Kulík. + - gh-108740: Fix a race condition in make regen-all. The + deepfreeze.c source and files generated by Argument Clinic are + now generated or updated before generating “global objects”. + Previously, some identifiers may miss depending on the order in + which these files were generated. Patch by Victor Stinner. + - Windows + - gh-109991: Update Windows build to use OpenSSL 3.0.11. + - gh-107565: Update Windows build to use OpenSSL 3.0.10. + - macOS + - gh-109991: Update macOS installer to use OpenSSL 3.0.11. + - Tools/Demos + - gh-109991: Update GitHub CI workflows to use OpenSSL 3.0.11 and + multissltests to use 1.1.1w, 3.0.11, and 3.1.3. + +------------------------------------------------------------------- +Wed Sep 6 07:52:11 UTC 2023 - Daniel Garcia + +- Update to 3.11.5 (bsc#1214692): + - Security + - gh-108310: Fixed an issue where instances of ssl.SSLSocket were + vulnerable to a bypass of the TLS handshake and included + protections (like certificate verification) and treating sent + unencrypted data as if it were post-handshake TLS encrypted data. + Security issue reported as CVE-2023-40217 by Aapo Oksman. Patch by + Gregory P. Smith. + - Core and Builtins + - gh-104432: Fix potential unaligned memory access on C APIs + involving returned sequences of char * pointers within the grp + and socket modules. These were revealed using a + -fsaniziter=alignment build on ARM macOS. Patch by Christopher + Chavez. + - gh-77377: Ensure that multiprocessing synchronization objects + created in a fork context are not sent to a different process + created in a spawn context. This changes a segfault into an + actionable RuntimeError in the parent process. + - gh-106092: Fix a segmentation fault caused by a use-after-free + bug in frame_dealloc when the trashcan delays the deallocation + of a PyFrameObject. + - gh-106719: No longer suppress arbitrary errors in the + __annotations__ getter and setter in the type and module types. + - gh-106723: Propagate frozen_modules to multiprocessing spawned + process interpreters. + - gh-105979: Fix crash in _imp.get_frozen_object() due to improper + exception handling. + - gh-105840: Fix possible crashes when specializing function calls + with too many __defaults__. + - gh-105588: Fix an issue that could result in crashes when + compiling malformed ast nodes. + - gh-105375: Fix bugs in the builtins module where exceptions + could end up being overwritten. + - gh-105375: Fix bug in the compiler where an exception could end + up being overwritten. + - gh-105375: Improve error handling in + PyUnicode_BuildEncodingMap() where an exception could end up + being overwritten. + - gh-105235: Prevent out-of-bounds memory access during + mmap.find() calls. + - gh-101006: Improve error handling when read marshal data. + - Library + - gh-105736: Harmonized the pure Python version of OrderedDict + with the C version. Now, both versions set up their internal + state in __new__. Formerly, the pure Python version did the set + up in __init__. + - gh-107963: Fix multiprocessing.set_forkserver_preload() to check + the given list of modules names. Patch by Dong-hee Na. + - gh-106242: Fixes os.path.normpath() to handle embedded null + characters without truncating the path (bsc#1214693, + CVE-2023-41105). + - gh-107845: tarfile.data_filter() now takes the location of + symlinks into account when determining their target, so it will + no longer reject some valid tarballs with + LinkOutsideDestinationError. + - gh-107715: Fix doctest.DocTestFinder.find() in presence of class + names with special characters. Patch by Gertjan van Zwieten. + - gh-100814: Passing a callable object as an option value to a + Tkinter image now raises the expected TclError instead of an + AttributeError. + - gh-106684: Close asyncio.StreamWriter when it is not closed by + application leading to memory leaks. Patch by Kumar Aditya. + - gh-107077: Seems that in some conditions, OpenSSL will return + SSL_ERROR_SYSCALL instead of SSL_ERROR_SSL when a certification + verification has failed, but the error parameters will still + contain ERR_LIB_SSL and SSL_R_CERTIFICATE_VERIFY_FAILED. We are + now detecting this situation and raising the appropiate + ssl.SSLCertVerificationError. Patch by Pablo Galindo + - gh-107396: tarfiles; Fixed use before assignment of + self.exception for gzip decompression + - gh-62519: Make gettext.pgettext() search plural definitions when + translation is not found. + - gh-83006: Document behavior of shutil.disk_usage() for + non-mounted filesystems on Unix. + - gh-106186: Do not report MultipartInvariantViolationDefect + defect when the email.parser.Parser class is used to parse + emails with headersonly=True. + - gh-106831: Fix potential missing NULL check of d2i_SSL_SESSION + result in _ssl.c. + - gh-106774: Update the bundled copy of pip to version 23.2.1. + - gh-106752: Fixed several bug in zipfile.Path in + name/suffix/suffixes/stem operations when no filename is present + and the Path is not at the root of the zipfile. + - gh-106602: Add __copy__ and __deepcopy__ in enum + - gh-106530: Revert a change to colorsys.rgb_to_hls() that caused + division by zero for certain almost-white inputs. Patch by Terry + Jan Reedy. + - gh-106052: re module: fix the matching of possessive quantifiers + in the case of a subpattern containing backtracking. + - gh-106510: Improve debug output for atomic groups in regular + expressions. + - gh-105497: Fix flag mask inversion when unnamed flags exist. + - gh-90876: Prevent multiprocessing.spawn from failing to import + in environments where sys.executable is None. This regressed in + 3.11 with the addition of support for path-like objects in + multiprocessing. + - gh-106350: Detect possible memory allocation failure in the + libtommath function mp_init() used by the _tkinter module. + - gh-102541: Make pydoc.doc catch bad module ImportError when + output stream is not None. + - gh-106263: Fix crash when calling repr with a manually + constructed SignalDict object. Patch by Charlie Zhao. + - gh-105375: Fix a bug in _Unpickler_SetInputStream() where an + exception could end up being overwritten in case of failure. + - gh-105375: Fix bugs in sys where exceptions could end up being + overwritten because of deferred error handling. + - gh-105605: Harden pyexpat error handling during module + initialisation to prevent exceptions from possibly being + overwritten, and objects from being dereferenced twice. + - gh-105375: Fix bug in decimal where an exception could end up + being overwritten. + - gh-105375: Fix bugs in _datetime where exceptions could be + overwritten in case of module initialisation failure. + - gh-105375: Fix bugs in _ssl initialisation which could lead to + leaked references and overwritten exceptions. + - gh-105375: Fix a bug in array.array where an exception could end + up being overwritten. + - gh-105375: Fix bugs in _ctypes where exceptions could end up + being overwritten. + - gh-105375: Fix a bug in the posix module where an exception + could be overwritten. + - gh-105375: Fix bugs in _elementtree where exceptions could be + overwritten. + - gh-105375: Fix bugs in zoneinfo where exceptions could be + overwritten. + - gh-105375: Fix bugs in pickle where exceptions could be + overwritten. + - gh-105497: Fix flag inversion when alias/mask members exist. + - gh-105375: Fix bugs in pickle where exceptions could be + overwritten. + - gh-103171: Revert undocumented behaviour change with + runtime-checkable protocols decorated with typing.final() in + Python 3.11. The behaviour change had meant that objects would + not be considered instances of these protocols at runtime unless + they had a __final__ attribute. Patch by Alex Waygood. + - gh-105375: Fix a bug in sqlite3 where an exception could be + overwritten in the collation callback. + - gh-105332: Revert pickling method from by-name back to by-value. + - gh-104554: Add RTSPS scheme support in urllib.parse + - gh-100061: Fix a bug that causes wrong matches for regular + expressions with possessive qualifier. + - gh-102541: Hide traceback in help() prompt, when import failed. + - gh-99203: Restore following CPython <= 3.10.5 behavior of + shutil.make_archive(): do not create an empty archive if + root_dir is not a directory, and, in that case, raise + FileNotFoundError or NotADirectoryError regardless of format + choice. Beyond the brought-back behavior, the function may now + also raise these exceptions in dry_run mode. + - gh-94777: Fix hanging multiprocessing ProcessPoolExecutor when a + child process crashes while data is being written in the call + queue. + - bpo-18319: Ensure gettext(msg) retrieve translations even if a + plural form exists. In other words: gettext(msg) == + ngettext(msg, '', 1). + - Documentation + - gh-107008: Document the curses module variables LINES and COLS. + - gh-106948: Add a number of standard external names to + nitpick_ignore. + - gh-54738: Add documentation on how to localize the argparse + module. + - Tests + - gh-105776: Fix test_cppext when the C compiler command -std=c11 + option: remove -std= options from the compiler command. Patch by + Victor Stinner. + - gh-107237: test_logging: Fix test_udp_reconnection() by + increasing the timeout from 100 ms to 5 minutes (LONG_TIMEOUT). + Patch by Victor Stinner. + - gh-101634: When running the Python test suite with -jN option, + if a worker stdout cannot be decoded from the locale encoding + report a failed testn so the exitcode is non-zero. Patch by + Victor Stinner. + - Build + - gh-107814: When calling find_python.bat with -q it did not + properly silence the output of nuget. That is now fixed. + - gh-106881: Check for linux/limits.h before including it in + Modules/posixmodule.c. + - gh-104692: Include commoninstall as a prerequisite for + bininstall + - This ensures that commoninstall is completed before bininstall + is started when parallel builds are used (make -j install), and + so the python3 symlink is only installed after all standard + library modules are installed. + - gh-100340: Allows -Wno-int-conversion for wasm-sdk 17 and + onwards, thus enables building WASI builds once against the + latest sdk. + - Windows + - gh-106242: Fixes realpath() to behave consistently when passed a + path containing an embedded null character on Windows. In strict + mode, it now raises OSError instead of the unexpected + ValueError, and in non-strict mode will make the path absolute. + - gh-106844: Fix integer overflow in _winapi.LCMapStringEx() which + affects ntpath.normcase(). + - gh-99079: Update Windows build to use OpenSSL 3.0.9 + - gh-105436: Ensure that an empty environment block is terminated + by two null characters, as is required by Windows. + - macOS + - gh-107565: Update macOS installer to use OpenSSL 3.0.10. + - gh-99079: Update macOS installer to use OpenSSL 3.0.9. + - Tools/Demos + - gh-107565: Update multissltests and GitHub CI workflows to use + OpenSSL 1.1.1v, 3.0.10, and 3.1.2. + - gh-95065: Argument Clinic now supports overriding automatically + generated signature by using directive @text_signature. See How + to override the generated signature. + - gh-106970: Fix bugs in the Argument Clinic destination + clear command; the destination buffers would never be cleared, + and the destination directive parser would simply continue to + the fault handler after processing the command. Patch by Erlend + E. Aasland. + - C API + - gh-107916: C API functions PyErr_SetFromErrnoWithFilename(), + PyErr_SetExcFromWindowsErrWithFilename() and + PyErr_SetFromWindowsErrWithFilename() save now the error code + before calling PyUnicode_DecodeFSDefault(). + - gh-107915: Such C API functions as PyErr_SetString(), + PyErr_Format(), PyErr_SetFromErrnoWithFilename() and many others + no longer crash or ignore errors if it failed to format the + error message or decode the filename. Instead, they keep a + corresponding error. + - gh-107226: PyModule_AddObjectRef() is now only available in the + limited API version 3.10 or later. + - gh-105375: Fix a bug in PyErr_WarnExplicit() where an exception + could end up being overwritten if the API failed internally. + - gh-99612: Fix PyUnicode_DecodeUTF8Stateful() for ASCII-only + data: *consumed was not set. + +------------------------------------------------------------------- +Thu Aug 10 09:33:26 UTC 2023 - Dirk Müller + +- restrict PEP668 to ALP/Tumbleweed + +------------------------------------------------------------------- +Fri Aug 4 06:37:41 UTC 2023 - Dirk Müller + +- add externally_managed.in to label this build as PEP-668 managed + +------------------------------------------------------------------- +Thu Aug 3 14:53:38 UTC 2023 - Matej Cepl + +- IT MEANS THAT bsc#1210638 STILL HAS NOT BEEN FIXED! +- Add Revert-gh105127-left-tests.patch (gh#python/cpython!106941) + partially reverting CVE-2023-27043-email-parsing-errors.patch, + because of the regression in gh#python/cpython#106669. +- (bsc#1210638, CVE-2023-27043) Add + CVE-2023-27043-email-parsing-errors.patch, which detects email + address parsing errors and returns empty tuple to indicate the + parsing error (old API). (The patch is faulty, + gh#python/cpython#106669, but upstream decided not to just + revert it). + +------------------------------------------------------------------- +Wed Jun 28 19:47:28 UTC 2023 - Matej Cepl + +- Update to Python 3.11.4: + - gh-103142: The version of OpenSSL used in Windows and + Mac installers has been upgraded to 1.1.1u to address + CVE-2023-2650, CVE-2023-0465, CVE-2023-0466, CVE-2023-0464, + as well as CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303 + fixed previously in 1.1.1t (gh-101727). + - gh-102153: urllib.parse.urlsplit() now strips leading C0 + control and space characters following the specification for + URLs defined by WHATWG in response to CVE-2023-24329 + (bsc#1208471). + - gh-99889: Fixed a security in flaw in uu.decode() that could + allow for directory traversal based on the input if no + out_file was specified. + - gh-104049: Do not expose the local on-disk + location in directory indexes produced by + http.client.SimpleHTTPRequestHandler. + - gh-103935: trace.__main__ now uses io.open_code() for files + to be executed instead of raw open(). + - gh-102953: The extraction methods in tarfile, and + shutil.unpack_archive(), have a new filter argument that + allows limiting tar features than may be surprising or + dangerous, such as creating files outside the destination + directory. See Extraction filters for details (fixing + CVE-2007-4559, bsc#1203750). +- Remove upstreamed patches: + - CVE-2007-4559-filter-tarfile_extractall.patch + +------------------------------------------------------------------- +Mon Jun 26 13:02:05 UTC 2023 - Matej Cepl + +- Remove obsolete_python_versioned macro again. This mechanism + has no business to be in Python 3.11, because we have abolished + with it whole interpreter+setuptools+pip product. Python 3.11 + should not be replaced by later versions anymore. + +------------------------------------------------------------------- +Sun Apr 30 18:13:16 UTC 2023 - Matej Cepl + +- Add 103213-fetch-CONFIG_ARGS.patch (gh#python/cpython#103053). +- Add skip_if_buildbot-extend.patch to avoid the bug altogether + (extending what skip_if_buildbot covers). +- Add CVE-2007-4559-filter-tarfile_extractall.patch to fix + bsc#1203750 (CVE-2007-4559) and implementing "PEP 706 – Filter + for tarfile.extractall". + +------------------------------------------------------------------- +Thu Apr 27 21:57:15 UTC 2023 - Matej Cepl + +- Update to 3.11.3: + - Security + - gh-101727: Updated the OpenSSL version used in Windows + and macOS binary release builds to 1.1.1t to address + CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303 per the + OpenSSL 2023-02-07 security advisory. + - Core and Builtins + - gh-101975: Fixed stacktop value on tracing entries to avoid + corruption on garbage collection. + - gh-102701: Fix overflow when creating very large dict. + - gh-102416: Do not memoize incorrectly automatically + generated loop rules in the parser. Patch by Pablo Galindo. + - gh-102356: Fix a bug that caused a crash when deallocating + deeply nested filter objects. Patch by Marta Gómez Macías. + - gh-102397: Fix segfault from race condition in signal + handling during garbage collection. Patch by Kumar Aditya. + - gh-102281: Fix potential nullptr dereference and use of + uninitialized memory in fileutils. Patch by Max Bachmann. + - gh-102126: Fix deadlock at shutdown when clearing thread + states if any finalizer tries to acquire the runtime head + lock. Patch by Kumar Aditya. + - gh-102027: Fix SSE2 and SSE3 detection in _blake2 internal + module. Patch by Max Bachmann. + - gh-101967: Fix possible segfault in + positional_only_passed_as_keyword function, when new list + created. + - gh-101765: Fix SystemError / segmentation fault in iter + __reduce__ when internal access of builtins.__dict__ keys + mutates the iter object. + - gh-101696: Invalidate type version tag in + _PyStaticType_Dealloc for static types, avoiding bug where + a false cache hit could crash the interpreter. Patch by + Kumar Aditya. + - Library + - gh-102549: Don’t ignore exceptions in member type creation. + - gh-102947: Improve traceback when dataclasses.fields() is + called on a non-dataclass. Patch by Alex Waygood + - gh-102780: The asyncio.Timeout context manager now + works reliably even when performing cleanup due to task + cancellation. Previously it could raise a CancelledError + instead of an TimeoutError in such cases. + - gh-88965: typing: Fix a bug relating to substitution in . + Pacustom classes generic over a ParamSpec. Previously, if . + Pathe ParamSpec was substituted with a parameters list that . + Paitself contained a TypeVar, the TypeVar in the parameters . + Palist could not be subsequently substituted. This is now . + Pafixed tch by Nikita Sobolev . + - gh-101979: Fix a bug where parentheses in the metavar + argument to argparse.ArgumentParser.add_argument() were + dropped. Patch by Yeojin Kim. + - gh-102179: Fix os.dup2() error message for negative fds. + - gh-101961: For the binary mode, fileinput.hookcompressed() + doesn’t set the encoding value even if the value is + None. Patch by Gihwan Kim. + - gh-101936: The default value of fp becomes io.BytesIO + if HTTPError is initialized without a designated fp + parameter. Patch by Long Vo. + - gh-102069: Fix __weakref__ descriptor generation for custom + dataclasses. + - gh-101566: In zipfile, apply fix for extractall on the + underlying zipfile after being wrapped in Path. + - gh-101892: Callable iterators no longer raise SystemError + when the callable object exhausts the iterator but forgets + to either return a sentinel value or raise StopIteration. + - gh-97786: Fix potential undefined behaviour in corner cases + of floating-point-to-time conversions. + - gh-101517: Fixed bug where bdb looks up the source line + with linecache with a lineno=None, which causes it to fail + with an unhandled exception. + - gh-101673: Fix a pdb bug where ll clears the changes to + local variables. + - gh-96931: Fix incorrect results from + ssl.SSLSocket.shared_ciphers() + - gh-88233: Correctly preserve “extra” fields in zipfile + regardless of their ordering relative to a zip64 “extra.” + - gh-96127: inspect.signature was raising TypeError on + call with mock objects. Now it correctly returns (*args, + **kwargs) as infered signature. + - gh-95495: When built against OpenSSL 3.0, the ssl module + had a bug where it reported unauthenticated EOFs (i.e. + without close_notify) as a clean TLS-level EOF. It now + raises SSLEOFError, matching the behavior in previous + versions of OpenSSL. The options attribute on SSLContext + also no longer includes OP_IGNORE_UNEXPECTED_EOF by + default. This option may be set to specify the previous + OpenSSL 3.0 behavior. + - gh-94440: Fix a concurrent.futures.process bug where + ProcessPoolExecutor shutdown could hang after a future has + been quickly submitted and canceled. + - Documentation + - gh-103112: Add docstring to http.client.HTTPResponse.read() + to fix pydoc output. + - gh-85417: Update cmath documentation to clarify behaviour + on branch cuts. + - gh-97725: Fix asyncio.Task.print_stack() description for + file=None. Patch by Oleg Iarygin. + - Tests + - gh-102980: Improve test coverage on pdb. + - gh-102537: Adjust the error handling strategy in + test_zoneinfo.TzPathTest.python_tzpath_context. Patch by + Paul Ganssle. + - gh-89792: test_tools now copies up to 10x less source data + to a temporary directory during the freeze test by ignoring + git metadata and other artifacts. It also limits its python + build parallelism based on os.cpu_count instead of hard + coding it as 8 cores. + - gh-101377: Improved test_locale_calendar_formatweekday of + calendar. + - Build + - gh-102711: Fix -Wstrict-prototypes compiler warnings. + +------------------------------------------------------------------- +Fri Mar 3 17:23:35 UTC 2023 - Matej Cepl + +- Update to 3.11.2: + Bug fixes, no changes in API and no security bugs. + +------------------------------------------------------------------- +Wed Mar 1 20:50:04 UTC 2023 - Matej Cepl + +- Add python310 Obsoletes line to obsolete_python_versioned macro. + +------------------------------------------------------------------- +Tue Feb 21 11:34:49 UTC 2023 - Matej Cepl + +- Add provides for readline and sqlite3 to the main Python + package. + +------------------------------------------------------------------- +Thu Jan 26 13:28:24 UTC 2023 - Thorsten Kukuk + +- Disable NIS for new products, it's deprecated and gets removed + +------------------------------------------------------------------- +Tue Jan 24 12:23:34 UTC 2023 - Dirk Müller + +- build GLIBC hwcaps optimized versions of the interpreter + +------------------------------------------------------------------- +Tue Jan 10 11:11:56 UTC 2023 - Matej Cepl + +- Don't fail on Sphinx build warnings. +- For jsc#PED-1570, jsc#PED-2217 and jsc#PED-68, + providing Python 3.11 for SLE-15-SP4. + +------------------------------------------------------------------- +Thu Dec 8 14:59:50 UTC 2022 - Matej Cepl + +- Update to 3.11.1: + - python -m http.server no longer allows terminal control + characters sent within a garbage request to be printed + to the stderr server lo This is done by changing the + http.server BaseHTTPRequestHandler .log_message method to + replace control characters with a \xHH hex escape before + printin + - Avoid publishing list of active per-interpreter audit hooks + via the gc module + - The IDNA codec decoder used on DNS hostnames by socket or + asyncio related name resolution functions no longer involves + a quadratic algorithm. This prevents a potential CPU denial + of service if an out-of-spec excessive length hostname + involving bidirectional characters were decoded. Some + protocols such as urllib http 3xx redirects potentially allow + for an attacker to supply such a name (CVE-2022-45061). + - Update bundled libexpat to 2.5.0 + - Fix a shell code injection vulnerability in the + get-remote-certificate.py example script. The script no + longer uses a shell to run openssl commands. Issue reported + and initial fix by Caleb Shortt. Patch by Victor Stinner. + - Fix a crash when an object which does not have a dictionary + frees its instance values. + - Fix a bug in the tokenizer that could cause infinite + recursion when showing syntax warnings that happen in the + first line of the source. Patch by Pablo Galindo + - Fix an issue that could cause frames to be visible to Python + code as they are being torn down, possibly leading to memory + corruption or hard crashes of the interpreter. + - Fix a reference bug in _imp.create_builtin() after the + creation of the first sub-interpreter for modules builtins + and sys. Patch by Victor Stinner. + - Fixed a bug that was causing a buffer overflow if the + tokenizer copies a line missing the newline caracter from a + file that is as long as the available tokenizer buffer. Patch + by Pablo galindo + - Fix bug where an ExceptionGroup subclass can wrap a + BaseException. + - Fix zip path for venv created from a non-installed python on + POSIX platforms. + - Fix an issue that could potentially cause incorrect error + handling for some bytecode instructions. + - Fix an issue that prevented PyThreadState and + PyInterpreterState memory from being freed properly. + - Fix failure in except* with unhashable exceptions. + - Fix calculation of sys._base_executable when inside a POSIX + virtual environment using copies of the python binary when + the base installation does not provide the executable name + used by the venv. Calculation will fall back to alternative + names (“python”, “python.”). + - Update faulthandler to emit an error message with the proper + unexpected signal number. Patch by Dong-hee Na. + - Fix location of SyntaxError for a try block with both except + and except*. + - Fix the error reporting positions of specialized traceback + anchors when the source line contains Unicode characters. + - Fix subscription of type aliases containing bare generic + types or types like TypeVar: for example tuple[A, T][int] and + tuple[TypeVar, T][int], where A is a generic type, and T is a + type variable. + - Lower the recursion depth for marshal on WASI to support + wasmtime 2.0/main. + - Fix multiple crashes in debug mode when str subclasses are + used instead of str itself. + - Fix an issue where member descriptors (such as those for + __slots__) could behave incorrectly or crash instead of + raising a TypeError when accessed via an instance of an + invalid type. + - Suppress ImportError for invalid query for help() + command. Patch by Dong-hee Na. + - Fix detection of MAC addresses for uuid on certain OSs. Patch + by Chaim Sanders + - Print exception class name instead of its string + representation when raising errors from ctypes calls. + - os.sched_yield() now release the GIL while calling + sched_yield(2). Patch by Dong-hee Na. + - Fix an issue that could delay the specialization of PRECALL + instructions. + - Bugfix: PyFunction_GetAnnotations() should return a borrowed + reference. It was returning a new reference. + - Ensure that all Python frame objects are backed by “complete” + frames. + - Fixed a missing incref/decref pair in + Exception.__setstate__(). Patch by Ofey Chan. + - Fix the Python path configuration used to initialized + sys.path at Python startup. Paths are no longer encoded + to UTF-8/strict to avoid encoding errors if it contains + surrogate characters (bytes paths are decoded with the + surrogateescape error handler). Patch by Victor Stinner. + - Fix overly-broad source position information for chained + comparisons used as branching conditions. + - At Python exit, sometimes a thread holding the GIL can + wait forever for a thread (usually a daemon thread) which + requested to drop the GIL, whereas the thread already + exited. To fix the race condition, the thread which requested + the GIL drop now resets its request before exiting. Issue + discovered and analyzed by Mingliang ZHAO. Patch by Victor + Stinner. + - Fix a possible assertion failure, fatal error, or SystemError + if a line tracing event raises an exception while opcode + tracing is enabled. + - Fix undefined behaviour in C code of null pointer arithmetic. + - Make sure that all frame objects created are created from + valid interpreter frames. Prevents the possibility of invalid + frames in backtraces and signal handlers. + - Disable incorrect pickling of the C implemented classmethod + descriptors. + - On WASI ENOTCAPABLE is now mapped to PermissionError. The + errno modules exposes the new error number. getpath.py now + ignores PermissionError when it cannot open landmark files + pybuilddir.txt and pyenv.cfg. + - Allow pdb to locate source for frozen modules in the standard + library. + - Raise ValueError instead of SystemError when methods of + uninitialized io.IncrementalNewlineDecoder objects are + called. Patch by Oren Milman. + - Fix a possible assertion failure in io.FileIO when the opener + returns an invalid file descriptor. + - Also escape s in the http.server + BaseHTTPRequestHandler.log_message so that it is technically + possible to parse the line and reconstruct what the original + data was. Without this a xHH is ambiguious as to if it is a + hex replacement we put in or the characters r”x” came through + in the original request line. + - asyncio.get_event_loop() now only emits a deprecation warning + when a new event loop was created implicitly. It no longer + emits a deprecation warning if the current event loop was + set. + - Fix bug when calling trace.CoverageResults with valid infile. + - Fix a bug in handling class cleanups in + unittest.TestCase. Now addClassCleanup() uses separate lists + for different TestCase subclasses, and doClassCleanups() only + cleans up the particular class. + - Release the GIL when calling termios APIs to avoid blocking + threads. + - Fix ast.increment_lineno() to also cover ast.TypeIgnore when + changing line numbers. + - Fix bug in urllib.parse.urlparse() that causes URL schemes + that begin with a digit, a plus sign, or a minus sign to be + parsed incorrectly. + - Check the number of arguments in substitution in user + generics containing a TypeVarTuple and one or more TypeVar. + - Fix substitution of ParamSpec followed by TypeVarTuple in + generic aliases. + - Fix substitution of TypeVarTuple and ParamSpec together in + user generics. + - Fixed bug where inspect.signature() reported incorrect + arguments for decorated methods. + - Fix SystemError in ctypes when exception was not set during + __initsubclass__. + - Remove older version of + _SSLProtocolTransport.get_write_buffer_limits in + asyncio.sslproto + - fix negative numbers failing in verify() + - Fix statistics.NormalDist pickle with 0 and 1 protocols. + - enum.auto() is now correctly activated when combined with + other assignment values. E.g. ONE = auto(), 'some text' will + now evaluate as (1, 'some text'). + - Update the bundled copy of pip to version 22.3.1. + - Clean up refleak on failed module initialisation in _zoneinfo + - Clean up refleaks on failed module initialisation in in + _pickle + - Clean up refleak on failed module initialisation in _io. + - Fix memory leak in math.dist() when both points don’t have + the same dimension. Patch by Kumar Aditya. + - [3.11] Applied changes from importlib_metadata 4.11.4 + through 4.13, including compatibility and robustness + fixes for Distribution objects without _normalized_name, + disallowing invalid inputs to Distribution.from_name, and + refined behaviors in PathDistribution._name_from_stem and + PathDistribution._normalized_name. + - Fix argument typechecks in _overlapped.WSAConnect() and + _overlapped.Overlapped.WSASendTo() functions. + - Prevent crashing in traceback when retrieving the byte-offset + for some source files that contain certain unicode + characters. + - Fix internal error in the re module which in very rare + circumstances prevented compilation of a regular expression + containing a conditional expression without the “else” + branch. + - Fix asyncio.StreamWriter.drain() to call + protocol.connection_lost callback only once on Windows. + - Add a mutex to unittest.mock.NonCallableMock to protect + concurrent access to mock attributes. + - Fix hang on Windows in subprocess.wait_closed() in asyncio + with ProactorEventLoop. Patch by Kumar Aditya. + - Fix infinite loop in unittest when a self-referencing chained + exception is raised + - tkinter.Text.count() raises now an exception for options + starting with “-” instead of silently ignoring them. + - On uname_result, restored expectation that _fields and + _asdict would include all six properties including processor. + - A createSocket() method was added to SysLogHandler. + - Fix bug in urllib.parse.urlparse() that causes certain port + numbers containing whitespace, underscores, plus and minus + signs, or non-ASCII digits to be incorrectly accepted. + - Allow venv to pass along PYTHON* variables to ensurepip and + pip when they do not impact path resolution + - On macOS, fix a crash in syslog.syslog() in multi-threaded + applications. On macOS, the libc syslog() function is not + thread-safe, so syslog.syslog() no longer releases the GIL to + call it. Patch by Victor Stinner. + - Allow BUILTINS to be a valid field name for frozen + dataclasses. + - Wrap network errors consistently in urllib FTP support, so + the test suite doesn’t fail when a network is available but + the public internet is not reachable. + - Make sure patch.dict() can be applied on async functions. + - Earlier in 3.11 we deprecated + asyncio.Task.cancel("message"). We realized we were too + harsh, and have undeprecated it. + - Change deprecate warning message in unittest from It is + deprecated to return a value!=None to It is deprecated to + return a value that is not None from a test case + - Fixes AttributeError when subprocess.check_output() is used + with argument input=None and either of the arguments encoding + or errors are used. + - Fix is_private properties in the ipaddress module. Previously + non-private networks (0.0.0.0/0) would return True from this + method; now they correctly return False. + - Avoid spurious tracebacks from asyncio when default executor + cleanup is delayed until after the event loop is closed (e.g. + as the result of a keyboard interrupt). + - Avoid a crash in the C version of + asyncio.Future.remove_done_callback() when an evil argument + is passed. + - Remove tokenize.NL check from tabnanny. + - Fix generation of the default name of + tkinter.Checkbutton. Previously, checkbuttons in different + parent widgets could have the same short name and share + the same state if arguments “name” and “variable” are not + specified. Now they are globally unique. + - Update bundled libexpat to 2.4.9 + - Fix race condition in asyncio where process_exited() called + before the pipe_data_received() leading to inconsistent + output. Patch by Kumar Aditya. + - Fixed check in multiprocessing.resource_tracker that + guarantees that the length of a write to a pipe is not + greater than PIPE_BUF. + - Corrected type annotation for dataclass attribute + pstats.FunctionProfile.ncalls to be str. + - Fix repr of Any subclasses. + - Work around missing socket functions in socket’s __repr__. + - In inspect, fix overeager replacement of “typing.” in + formatting annotations. + - Fix handling of bytes path-like objects in os.ismount(). + - Fix handling compiler warnings (SyntaxWarning and + DeprecationWarning) in codeop.compile_command() when checking + for incomplete input. Previously it emitted warnings and + raised a SyntaxError. Now it always returns None for + incomplete input without emitting any warnings. + - To avoid apparent memory leaks when asyncio.open_connection() + raises, break reference cycles generated by local exception + and future instances (which has exception instance as its + member var). Patch by Dong Uk, Kang. + - Fixed flickering of the turtle window when the tracer is + turned off. Patch by Shin-myoung-serp. + - Fix asyncio subprocess transport to kill process cleanly + when process is blocked and avoid RuntimeError when loop is + closed. Patch by Kumar Aditya. + - Prevent error when activating venv in nested fish instances. + - TarFile.next() now returns None when called on an empty + tarfile. + - Document the optional callback parameter of WeakMethod. Patch + by Géry Ogam. + - Restrict use of sockets instead of pipes for stdin of + subprocesses created by asyncio to AIX platform only. + - shutil.copytree() now applies the ignore_dangling_symlinks + argument recursively. + - Fix IndexError in argparse.ArgumentParser when a store_true + action is given an explicit argument. + - Document that calling variadic functions with ctypes requires + special care on macOS/arm64 (and possibly other platforms). + - Remove extra row + - Clarified the conflicting advice given in the ast + documentation about ast.literal_eval() being “safe” for use + on untrusted input while at the same time warning that it + can crash the process. The latter statement is true and is + deemed unfixable without a large amount of work unsuitable + for a bugfix. So we keep the warning and no longer claim that + literal_eval is safe. + - Restructured the documentation for the os.wait* family of + functions, and improved the docs for os.waitid() with more + explanation of the possible argument constants. + - Skip test_normalization() of test_unicodedata if it + fails to download NormalizationTest.txt file from + pythontest.net. Patch by Victor Stinner. + - Correct test_marsh on (32 bit) x86: test_deterministic sets + was failing. + - Optional big memory tests in test_sqlite3 now catch the + correct sqlite.DataError exception type in case of too large + strings and/or blobs passed. + - Fix a bug in the typing tests where a test relying + on CPython-specific implementation details was not + decorated with @cpython_only and was not skipped on other + implementations. + - Add tests for star-unpacking with PEP 646, and some other + miscellaneous PEP 646 tests. + - Added explicit coverage of Py_Initialize (and hence + Py_InitializeEx) back to the embedding tests (all other + embedding tests migrated to Py_InitializeFromConfig in Python + 3.11) + - Some C API tests were moved into the new Lib/test/test_capi/ + directory. + - Fix -Wimplicit-int, -Wstrict-prototypes, and + -Wimplicit-function-declaration compiler warnings in + configure checks. + - Fix a compilation issue with GCC 12 on macOS. + - Fix -Wimplicit-int compiler warning in configure check for + PTHREAD_SCOPE_SYSTEM. + - Fix a possible fd leak in Programs/_freeze_module.c + introduced in Python 3.11. + - Fix build with PYTHON_FOR_REGEN=python3.8. + - Specify the full path to the source location for make + docclean (needed for cross-builds). + - Don’t use vendored libmpdec headers if --with-system-libmpdec + is passed to configure. Don’t use vendored libexpat headers + if --with-system-expat is passed to !configure. + - Fix the build process of clang compiler for _bootstrap_python + if LTO optimization is applied. Patch by Matthias Görgens and + Dong-hee Na. + - wasm32-emscripten builds for browsers now include + concurrent.futures for asyncio and unittest.mock. + - wasm32-emscripten platform no longer builds resource module, + getresuid(), getresgid(), and their setters. The APIs are + stubs and not functional. + - Updated pegen regeneration script on Windows to find and + use Python 3.9 or higher. Prior to this, pegen regeneration + already required 3.9 or higher, but the script may have used + lower versions of Python. + - Fix a bug in the previous bugfix that caused IDLE to + not start when run with 3.10.8, 3.12.0a1, and at least + Microsoft Python 3.10.2288.0 installed without the Lib/test + package. 3.11.0 was never affected. + - The wasm_build.py script now pre-builds Emscripten ports, + checks for broken EMSDK versions, and warns about pkg-config + env vars. + - The new tool Tools/wasm/wasm_builder.py automates configure, + compile, and test steps for building CPython on WebAssembly + platforms. + - Fix handling of module docstrings in Tools/i18n/pygettext.py. + - PyBUF_* constants were marked as part of Limited API + of Python 3.11+. These were available in 3.11.0 with + Py_LIMITED_API defined for 3.11, and are necessary to use the + buffer API. + - Fix use-after-free in Py_SetPythonHome(NULL), + Py_SetProgramName(NULL) and _Py_SetProgramFullPath(NULL) + function calls. Issue reported by Benedikt Reinartz. Patch by + Victor Stinner. + - Py_InitializeEx now correctly calls PyConfig_Clear after + initializing the interpreter (the omission didn’t cause a + memory leak only because none of the dynamically allocated + config fields are populated by the wrapper function) +- Removed upstreamed patches: + - 98437-sphinx.locale._-as-gettext-in-pyspecific.patch + - CVE-2022-45061-DoS-by-IDNA-decode.patch + +------------------------------------------------------------------- +Wed Nov 9 18:31:23 UTC 2022 - Matej Cepl + +- Add CVE-2022-45061-DoS-by-IDNA-decode.patch to avoid + CVE-2022-45061 (bsc#1205244) allowing DoS by IDNA decoding + extremely long domain names. + +------------------------------------------------------------------- +Tue Oct 25 08:39:47 UTC 2022 - Matej Cepl + +- Update to 3.11.0 (overall changes from 3.10.*): + - General changes + - PEP 657 -- Include Fine-Grained Error Locations in + Tracebacks + - PEP 654 -- Exception Groups and except* + - PEP 680 -- tomllib: Support for Parsing TOML in the + Standard Library + - gh-90908 -- Introduce task groups to asyncio + - gh-34627 -- Atomic grouping ((?>...)) and possessive + quantifiers (*+, ++, ?+, {m,n}+) are now supported in + regular expressions. + - The Faster CPython Project is already yielding some + exciting results. Python 3.11 is up to 10-60% faster than + Python 3.10. On average, we measured a 1.22x speedup on the + standard benchmark suite. See Faster CPython for details. + - Typing and typing language changes + - PEP 673 -- Self Type + - PEP 646 -- Variadic Generics + - PEP 675 -- Arbitrary Literal String Type + - PEP 655 -- Marking individual TypedDict items as required + or potentially-missing + - PEP 681 -- Data Class Transforms +- (just changes from 3.11.0rc2): + - Fix multiplying a list by an integer (list *= int): detect + the integer overflow when the new allocated length is close + to the maximum size. Issue reported by Jordan Limor. Patch by + Victor Stinner. + - On Linux the multiprocessing module returns to using + filesystem backed unix domain sockets for communication + with the forkserver process instead of the Linux abstract + socket namespace. Only code that chooses to use the + “forkserver” start method is affected. Abstract sockets have + no permissions and could allow any user on the system in the + same network namespace (often the whole system) to inject + code into the multiprocessing forkserver process. This was + a potential privilege escalation. Filesystem based socket + permissions restrict this to the forkserver process user as + was the default in Python 3.8 and earlier. This prevents + Linux CVE-2022-42919. + - Fix an issue where several frame objects could be backed by + the same interpreter frame, possibly leading to corrupted + memory and hard crashes of the interpreter. + - Fix possible data corruption or crashes when accessing the + f_back member of newly-created generator or coroutine frames. + - Fix a crash occurring when PyEval_GetFrame() is called while + the topmost Python frame is in a partially-initialized state. + - Fix command line parsing: reject -X int_max_str_digits option + with no value (invalid) when the PYTHONINTMAXSTRDIGITS + environment variable is set to a valid limit. Patch by Victor + Stinner. + - Fix undefined behaviour in _testcapimodule.c. + - When ValueError is raised if an integer is larger than the + limit, mention the sys.set_int_max_str_digits() function in + the error message. Patch by Victor Stinner. + - Correctly raise SyntaxError on exception groups (PEP 654) on + python versions prior to 3.11 + - Document some places where an assignment expression needs + parentheses. + - Update the bundled copies of pip and setuptools to versions + 22.3 and 65.5.0 respectively. + - fix Flag to use boundary CONFORM + - This restores previous Flag behavior of allowing flags with + non-sequential values to be combined; e.g. + - class Skip(Flag): TWO = 2 EIGHT = 8 + - Skip.TWO | Skip.EIGHT -> + - Fix ! in c domain ref target syntax via a conf.py patch, so + it works as intended to disable ref target resolution. + - Update tutorial introduction output to use 3.10+ SyntaxError + invalid range. + +------------------------------------------------------------------- +Fri Oct 21 10:14:03 UTC 2022 - Matej Cepl + +- Add 98437-sphinx.locale._-as-gettext-in-pyspecific.patch to + allow building of documentation with the latest Sphinx 5.3.0 + (gh#python/cpython#98366). + +------------------------------------------------------------------- +Thu Sep 15 08:43:07 UTC 2022 - Matej Cepl + +- Update to 3.11.0rc2: + - Converting between int and str in bases other than 2 + (binary), 4, 8 (octal), 16 (hexadecimal), or 32 such as base + 10 (decimal) now raises a ValueError if the number of digits + in string form is above a limit to avoid potential denial of + service attacks due to the algorithmic complexity. This is + a mitigation for CVE-2020-10735. + This new limit can be configured or disabled by environment + variable, command line flag, or sys APIs. See the integer + string conversion length limitation documentation. The + default limit is 4300 digits in string form. + - Fix case of undefined behavior in ceval.c + - Do not expose KeyWrapper in _functools. + - Ensure that tracing, sys.setrace(), is turned on + immediately. In pre-release versions of 3.11, some tracing + events might have been lost when turning on tracing in a + __del__ method or interrupt. + - Fix use after free in trace refs build mode. Patch by Kumar + Aditya. + - When loading a file with invalid UTF-8 inside a multi-line + string, a correct SyntaxError is emitted. + - Make sure that incomplete frames do not show up in + tracemalloc traces. + - Remove two cases of undefined behavior, by adding NULL + checks. + - Fix possible NULL pointer dereference in + _PyThread_CurrentFrames. Patch by Kumar Aditya. + - Fix AttributeError missing name and obj attributes in + object.__getattribute__(). Patch by Philip Georgi. + - Loading a file with invalid UTF-8 will now report the broken + character at the correct location. + - Fixed a bug that caused _PyCode_GetExtra to return garbage + for negative indexes. Patch by Pablo Galindo + - Fix a deadlock in PyGILState_Ensure() when allocating new + thread state. Patch by Kumar Aditya. + - PyType_Ready() now initializes ht_cached_keys and performs + additional checks to ensure that type objects are properly + configured. This avoids crashes in 3rd party packages that + don’t use regular API to create new types. + - Skip over incomplete frames in PyThreadState_GetFrame(). + - Fix format string in _PyPegen_raise_error_known_location that + can lead to memory corruption on some 64bit systems. The + function was building a tuple with i (int) instead of n + (Py_ssize_t) for Py_ssize_t arguments. + - Fix misleading contents of error message when converting an + all-whitespace string to float. + - ast.parse() will no longer parse function definitions with + positional-only params when passed feature_version less than + (3, 8). Patch by Shantanu Jain. + - Fix incorrect error message in the io module. + - Fix the faulthandler implementation of + faulthandler.register(signal, chain=True) if the sigaction() + function is not available: don’t call the previous signal + handler if it’s NULL. Patch by Victor Stinner. + - Correct conversion of numbers.Rational’s to float. + - Fix TypeVarTuple.__typing_prepare_subst__. TypeError was not + raised when using more than one TypeVarTuple, like [*T, *V] + in type alias substitutions. + - Fix asyncio.streams.StreamReaderProtocol to keep a strong + reference to the created task, so that it’s not garbage + collected + - Fix a performance regression in logging + TimedRotatingFileHandler. Only check for special files when + the rollover time has passed. + - Fix unused localName parameter in the Attr class in + xml.dom.minidom. + - Fix incorrect condition that causes sys.thread_info.name to + be wrong on pthread platforms. + - Remove an incompatible change from bpo-28080 that caused a + regression that ignored the utf8 in ZipInfo.flag_bits. Patch + by Pablo Galindo. + - Fix asyncio.Runner to call asyncio.set_event_loop() only + once to avoid calling attach_loop() multiple times on child + watchers. Patch by Kumar Aditya. + - Fix unittest.IsolatedAsyncioTestCase to set event loop before + calling setup functions. Patch by Kumar Aditya. + - When a task catches asyncio.CancelledError and raises some + other error, the other error should generally not silently be + suppressed. + - Fail gracefully if EPERM or ENOSYS is raised when loading + crypt methods. This may happen when trying to load MD5 on a + Linux kernel with FIPS enabled. + - Allow asyncio.StreamWriter.drain() to be awaited concurrently + by multiple tasks. Patch by Kumar Aditya. + - Fix ast.unparse() when ImportFrom.level is None + - Improve discoverability of the higher level + concurrent.futures module by providing clearer links from the + lower level threading and multiprocessing modules. + - What’s New 3.11 now has instructions for how to provide + compiler and linker flags for Tcl/Tk and OpenSSL on RHEL 7 + and CentOS 7. + - Mitigate the inherent race condition from using + find_unused_port() in testSockName() by trying to find an + unused port a few times before failing. Patch by Ross Burton. + - Build and test with OpenSSL 1.1.1q +- Use support-expat-CVE-2022-25236-patched.patch from the current + version of gh#python/cpython#93900 instead of the old + support-expat-245.patch. +- Reapply fix_configure_rst.patch. + +------------------------------------------------------------------- +Mon Sep 5 08:43:49 UTC 2022 - Andreas Schwab + +- Increase testsuite timeout for test_freeze_simple_script + +------------------------------------------------------------------- +Sat Aug 20 21:31:40 UTC 2022 - Matej Cepl + +- fix import_failed.map to refer to the python 3.11 package versions + +------------------------------------------------------------------- +Sat Aug 20 14:05:21 UTC 2022 - Matej Cepl + +- Update to 3.11.0rc1: + - Core and Builtins + - Update code object hashing and equality to consider all + debugging and exception handling tables. This fixes an + issue where certain non-identical code objects could be + “deduplicated” during compilation. + - _PyPegen_Parser_New now properly detects token memory + allocation errors. Patch by Honglin Zhu. + - Run Python code in tracer/profiler function at full + speed. Fixes slowdown in earlier versions of 3.11. + - Emit a warning in debug mode if an object does not call + PyObject_GC_UnTrack() before deallocation. Patch by Pablo + Galindo. + - Prevented crashes in the AST constructor when + compiling some absurdly long expressions like + "+0"*1000000. RecursionError is now raised instead. Patch + by Pablo Galindo + - ast.AST node positions are now validated when provided to + compile() and other related functions. If invalid positions + are detected, a ValueError will be raised. + - Fix error detection in some builtin functions when keyword + argument name is an instance of a str subclass with + overloaded __eq__ and __hash__. Previously it could cause + SystemError or other undesired behavior. + - Library + - Update bundled pip to 22.2.2. + - Fix asyncio.TaskGroup to propagate exception when + asyncio.CancelledError was replaced with another exception + by a context manger. Patch by Kumar Aditya and Guido van + Rossum. + - Update bundled pip to 22.2.1. + - Fix GC crash when deallocating _lsprof.Profiler by + untracking it before calling any callbacks. Patch by Kumar + Aditya. + - Fix asyncio.run() for asyncio.Task implementations without + uncancel() method. Patch by Kumar Aditya. + - Fix check for existence of os.EFD_CLOEXEC, os.EFD_NONBLOCK + and os.EFD_SEMAPHORE flags on older kernel versions where + these flags are not present. Patch by Kumar Aditya. + - Fix concurrent.futures.Executor.map() to cancel the + currently waiting on future on an error - e.g. TimeoutError + or KeyboardInterrupt. + - Ensure that timeouts scheduled with asyncio.Timeout that + have already expired are delivered promptly. + - Suppress writing an XML declaration in open files + in ElementTree.write() with encoding='unicode' and + xml_declaration=None. + - Fix findtext in the xml module to only give an empty string + when the text attribute is set to None. + - Documentation + - Fix stylesheet not working in Windows CHM htmlhelp docs + and add warning that they are deprecated. Contributed by + C.A.M. Gerlach. + - Update library documentation with availability information + on WebAssembly platforms wasm32-emscripten and wasm32-wasi. + - Use consistent syntax for platform availability. The + directive now supports a content body and emits a warning + when it encounters an unknown platform. + - Document a limitation in ThreadPoolExecutor where its exit + handler is executed before any handlers in atexit. + - Tests + - Lib/test/test_asyncio/test_ssl.py exposed a bug in the + macOS kernel where intense concurrent load on non-blocking + sockets occasionally causes errno.ENOBUFS (“No buffer space + available”) to be emitted. FB11063974 filed with Apple, in + the mean time as a workaround buffer size used in tests on + macOS is decreased to avoid intermittent failures. Patch by + Fantix King. + - Fix problem with test_ssl test_get_ciphers on systems that + require perfect forward secrecy (PFS) ciphers. + - Add a regression test for re exponentional slowdown when + using rjsmin. + - Build + - Fix a regression in configure script that caused some + header checks to ignore custom CPPFLAGS. The regression was + introduced in gh-94802. + - wasm32-wasi builds no longer depend on WASIX’s pthread + stubs. Python now has its own stubbed pthread API. + - Python now detects missing dup function in WASI and works + around some missing errno, select, and socket constants. + - Python now skips missing socket functions and methods on + WASI. WASI can only create sockets from existing fd / + accept and has no netdb. + - Platforms wasm32-unknown-emscripten and wasm32-unknown-wasi + have been promoted to PEP 11 tier 3 platform support. + - IDLE + - Document handling of extensions in Save As dialogs. + - Include prompts when saving Shell (interactive input and + output). + - Fix the Shell context menu copy-with-prompts bug of copying + an extra line when one selects whole lines. + - In the Edit menu, move Select All and add a new separator. + - Enable using IDLE’s module browser with .pyw files. + - Add .pyi as a recognized extension for IDLE on macOS. This + allows opening stub files by double clicking on them in the + Finder. + - C API + - Restore the 3.10 behavior for multiple inheritance of C + extension classes that store their dictionary at the end of + the struct. + - Added PyCode_GetVarnames(), PyCode_GetCellvars() and + PyCode_GetFreevars() for accessing co_varnames, co_cellvars + and co_freevars respectively via the C API. + +------------------------------------------------------------------- +Tue Jul 26 10:37:31 UTC 2022 - Matej Cepl + +- Update to 3.11.0b5: + - Core and Builtins + - gh-93351: ast.AST node positions are now validated when + provided to compile() and other related functions. If + invalid positions are detected, a ValueError will be + raised. + - gh-94438: Fix an issue that caused extended opcode + arguments and some conditional pops to be ignored when + calculating valid jump targets for assignments to the + f_lineno attribute of frame objects. In some cases, this + could cause inconsistent internal state, resulting in a + hard crash of the interpreter. + - gh-95060: Undocumented PyCode_Addr2Location function now + properly returns when addrq argument is less than zero. + - gh-95113: Replace all EXTENDED_ARG_QUICK instructions + with basic EXTENDED_ARG instructions in unquickened + code. Consumers of non-adaptive bytecode should be able to + handle extended arguments the same way they were handled in + CPython 3.10 and older. + - gh-91409: Fix incorrect source location info caused by + certain optimizations in the bytecode compiler. + - gh-94036: Fix incorrect source location info for some + multi-line attribute accesses and method calls. + - gh-94739: Allow jumping within, out of, and across + exception handlers in the debugger. + - gh-94949: ast.parse() will no longer parse parenthesized + context managers when passed feature_version less than (3, + 9). Patch by Shantanu Jain. + - gh-94947: ast.parse() will no longer parse assignment + expressions when passed feature_version less than (3, + 8). Patch by Shantanu Jain. + - gh-91256: Ensures the program name is known for help text + during interpreter startup. + - gh-94869: Fix the column offsets for some expressions in + multi-line f-strings ast nodes. Patch by Pablo Galindo. + - gh-94822: Fix an issue where lookups of metaclass + descriptors may be ignored when an identically-named + attribute also exists on the class itself. + - gh-91153: Fix an issue where a bytearray item assignment + could crash if it’s resized by the new value’s __index__() + method. + - gh-90699: Fix reference counting bug in + bool.__repr__(). Patch by Kumar Aditya. + - Library + - gh-95087: Fix IndexError in parsing invalid date in the + email module. + - gh-95199: Upgrade bundled setuptools to 63.2.0. + - gh-95194: Upgrade bundled pip to 22.2. + - gh-95132: Fix a sqlite3 regression where *args and **kwds + were incorrectly relayed from connect() to the Connection + factory. The regression was introduced in 3.11a1 with PR + 24421 (gh-85128). Patch by Erlend E. Aasland.` + - gh-93157: Fix fileinput module didn’t support errors option + when inplace is true. + - gh-95105: wsgiref.types.InputStream.__iter__() should + return Iterator[bytes], not Iterable[bytes]. Patch by + Shantanu Jain. + - gh-94857: Fix refleak in + _io.TextIOWrapper.reconfigure. Patch by Kumar Aditya. + - gh-94821: Fix binding of unix socket to empty address + on Linux to use an available address from the abstract + namespace, instead of “0”. + - gh-89988: Fix memory leak in pickle.Pickler when looking up + dispatch_table. Patch by Kumar Aditya. + - bpo-47025: Drop support for bytes on sys.path. + - Tests + - gh-95212: Make multiprocessing test case + test_shared_memory_recreate parallel-safe. + - Build + - gh-94847: Fixed _decimal module build issue on GCC when + compiling with LTO and pydebug. Debug builds no longer + force inlining of functions. + - gh-94841: Fix the possible performance regression of + PyObject_Free() compiled with MSVC version 1932. + - gh-94801: configure now uses custom flags like ZLIB_CFLAGS + and ZLIB_LIBS when searching for headers and libraries. + - gh-94773: deepfreeze.py now supports code object with + frozensets that contain incompatible, unsortable types. + - C API + - gh-94930: Fix SystemError raised when + PyArg_ParseTupleAndKeywords() is used with # in (...) but + without PY_SSIZE_T_CLEAN defined. + - gh-94864: Fix PyArg_Parse* with deprecated format units “u” + and “Z”. It returned 1 (success) when warnings are turned + into exceptions. + - gh-94731: Python again uses C-style casts for + most casting operations when compiled with + C++. This may trigger compiler warnings, if they + are enabled with e.g. -Wold-style-cast `` or + ``-Wzero-as-null-pointer-constant options for g++. + +------------------------------------------------------------------- +Thu Jul 21 14:19:53 UTC 2022 - Matej Cepl + +- Switch from %primary_interpreter to prjconf-defined + %primary_python (gh#openSUSE/python-rpm-macros#127). + +------------------------------------------------------------------- +Thu Jul 14 15:37:35 UTC 2022 - Matej Cepl + +- Update to 3.11.0b4: +- Fixes many bugs and adds following more significant changes +- Security + - gh-68966: The deprecated mailcap module now refuses to inject + Coreunsafe text (filenames, MIME types, parameters) into + shell Corecommands. Instead of using such text, it will + warn and act Coreas if a match was not found (or for test + commands, as if the Coretest failed). and Builtins + - gh-93516: Lazily create a table mapping bytecode offsets to + line numbers to speed up calculation of line numbers when + tracing. + - gh-93461: importlib.invalidate_caches() now drops entries + from sys.path_importer_cache with a relative path as + name. This solves a caching issue when a process changes its + current working directory. + - FileFinder no longer inserts a dot in the path, e.g. + /egg/./spam is now /egg/spam. +Library + - gh-93896: Fix asyncio.run() and + unittest.IsolatedAsyncioTestCase to always the set event loop + as it was done in Python 3.10 and earlier. Patch by Kumar + Aditya. + - gh-94101: Manual instantiation of ssl.SSLSession objects is + no longer allowed as it lead to misconfigured instances that + crashed the interpreter when attributes where accessed on + them. + - gh-83658: Make multiprocessing.Pool raise an exception if + maxtasksperchild is not None or a positive int. + - gh-61162: Clarify sqlite3 behavior when Using the connection + as a context manager. +Tools/Demos + - gh-94538: Fix Argument Clinic output to custom file + destinations. Patch by Erlend E. Aasland. +C API + - gh-93937: The following frame functions and type are now + directly available with #include , it’s no longer + needed to add #include : + PyFrame_Check() + PyFrame_GetBack() + PyFrame_GetBuiltins() + PyFrame_GetGenerator() + PyFrame_GetGlobals() + PyFrame_GetLasti() + PyFrame_GetLocals() + PyFrame_Type + +------------------------------------------------------------------- +Tue May 31 20:54:36 UTC 2022 - Matej Cepl + +- Update to 3.11.0b2: + - many small updates +- Add patch support-expat-245.patch: + * Support Expat >= 2.4.4 (jsc#SLE-21253) + +------------------------------------------------------------------- +Tue May 10 15:01:18 UTC 2022 - Matej Cepl + +- Refresh bluez-devel-vendor.tar.xz +- Fix building with system-expat (gh#python/cpython#92875). Nope, + it didn't work, worked around it. + +------------------------------------------------------------------- +Mon May 9 15:09:03 UTC 2022 - Matej Cepl + +- Update to pre-release version 3.11.0b1: + - PEP 657 – Include Fine-Grained Error Locations in Tracebacks + - PEP 654 – Exception Groups and except* + - PEP 673 – Self Type + - PEP 646 – Variadic Generics + - PEP 680– tomllib: Support for Parsing TOML in the Standard Library + - PEP 675– Arbitrary Literal String Type + - PEP 655– Marking individual TypedDict items as required or potentially-missing + - bpo-46752– Introduce task groups to asyncio + - The Faster Cpython Project is already yielding some exciting + results. Python 3.11 is up to 10-60% faster than Python + 3.10. On average, we measured a 1.22x speedup on the standard + benchmark suite. See + https://docs.python.org/3.11/whatsnew/3.11.html#faster-cpython + for details. + +------------------------------------------------------------------- +Thu May 5 14:35:56 UTC 2022 - Matej Cepl + +- Switch primary_interpreter from python38 to python310 + +------------------------------------------------------------------- +Sat Mar 26 22:52:45 UTC 2022 - Matej Cepl + +- Update to 3.10.4: + - bpo-46968: Check for the existence of the “sys/auxv.h” header + in faulthandler to avoid compilation problems in systems + where this header doesn’t exist. Patch by Pablo Galindo + - bpo-23691: Protect the re.finditer() iterator from + re-entering. + - bpo-42369: Fix thread safety of zipfile._SharedFile.tell() to + avoid a “zipfile.BadZipFile: Bad CRC-32 for file” exception + when reading a ZipFile from multiple threads. + - bpo-38256: Fix binascii.crc32() when it is compiled to use + zlib’c crc32 to work properly on inputs 4+GiB in length + instead of returning the wrong result. The workaround prior + to this was to always feed the function data in increments + smaller than 4GiB or to just call the zlib module function. + - bpo-39394: A warning about inline flags not at the start of + the regular expression now contains the position of the flag. + - bpo-47061: Deprecate the various modules listed by PEP 594: + - aifc, asynchat, asyncore, audioop, cgi, cgitb, chunk, crypt, + imghdr, msilib, nntplib, nis, ossaudiodev, pipes, smtpd, + sndhdr, spwd, sunau, telnetlib, uu, xdrlib + - bpo-2604: Fix bug where doctests using globals would fail + when run multiple times. + - bpo-45997: Fix asyncio.Semaphore re-aquiring FIFO order. + - bpo-47022: The asynchat, asyncore and smtpd modules have been + deprecated since at least Python 3.6. Their documentation and + deprecation warnings and have now been updated to note they + will removed in Python 3.12 (PEP 594). + - bpo-46421: Fix a unittest issue where if the command was + invoked as python -m unittest and the filename(s) began with + a dot (.), a ValueError is returned. + - bpo-40296: Fix supporting generic aliases in pydoc. + +- Update to 3.10.3: + - bpo-46940: Avoid overriding AttributeError metadata + information for nested attribute access calls. Patch by Pablo + Galindo. + - bpo-46852: Rename the private undocumented + float.__set_format__() method to float.__setformat__() to fix + a typo introduced in Python 3.7. The method is only used by + test_float. Patch by Victor Stinner. + - bpo-46794: Bump up the libexpat version into 2.4.6 + - bpo-46820: Fix parsing a numeric literal immediately (without + spaces) followed by “not in” keywords, like in 1not in x. Now + the parser only emits a warning, not a syntax error. + - bpo-46762: Fix an assert failure in debug builds when a ‘<’, + ‘>’, or ‘=’ is the last character in an f-string that’s + missing a closing right brace. + - bpo-46724: Make sure that all backwards jumps use the + JUMP_ABSOLUTE instruction, rather than JUMP_FORWARD with an + argument of (2**32)+offset. + - bpo-46732: Correct the docstring for the __bool__() method. + Patch by Jelle Zijlstra. + - bpo-46707: Avoid potential exponential backtracking when + producing some syntax errors involving lots of brackets. + Patch by Pablo Galindo. + - bpo-40479: Add a missing call to va_end() in + Modules/_hashopenssl.c. + - bpo-46615: When iterating over sets internally in + setobject.c, acquire strong references to the resulting items + from the set. This prevents crashes in corner-cases of + various set operations where the set gets mutated. + - bpo-45773: Remove two invalid “peephole” optimizations from + the bytecode compiler. + - bpo-43721: Fix docstrings of getter, setter, and deleter to + clarify that they create a new copy of the property. + - bpo-46503: Fix an assert when parsing some invalid N escape + sequences in f-strings. + - bpo-46417: Fix a race condition on setting a type __bases__ + attribute: the internal function add_subclass() now gets the + PyTypeObject.tp_subclasses member after calling + PyWeakref_NewRef() which can trigger a garbage collection + which can indirectly modify PyTypeObject.tp_subclasses. Patch + by Victor Stinner. + - bpo-46383: Fix invalid signature of _zoneinfo’s module_free + function to resolve a crash on wasm32-emscripten platform. + - bpo-46070: Py_EndInterpreter() now explicitly untracks all + objects currently tracked by the GC. Previously, if an object + was used later by another interpreter, calling + PyObject_GC_UnTrack() on the object crashed if the previous + or the next object of the PyGC_Head structure became + a dangling pointer. Patch by Victor Stinner. + - bpo-46339: Fix a crash in the parser when retrieving the + error text for multi-line f-strings expressions that do not + start in the first line of the string. Patch by Pablo Galindo + - bpo-46240: Correct the error message for unclosed parentheses + when the tokenizer doesn’t reach the end of the source when + the error is reported. Patch by Pablo Galindo + - bpo-46091: Correctly calculate indentation levels for lines + with whitespace character that are ended by line continuation + characters. Patch by Pablo Galindo + - bpo-43253: Fix a crash when closing transports where the + underlying socket handle is already invalid on the Proactor + event loop. + - bpo-47004: Apply bugfixes from importlib_metadata 4.11.3, + including bugfix for EntryPoint.extras, which was returning + match objects and not the extras strings. + - bpo-46985: Upgrade pip wheel bundled with ensurepip (pip + 22.0.4) + - bpo-46968: faulthandler: On Linux 5.14 and newer, dynamically + determine size of signal handler stack size CPython allocates + using getauxval(AT_MINSIGSTKSZ). This changes allows for + Python extension’s request to Linux kernel to use AMX_TILE + instruction set on Sapphire Rapids Xeon processor to succeed, + unblocking use of the ISA in frameworks. + - bpo-46955: Expose asyncio.base_events.Server as + asyncio.Server. Patch by Stefan Zabka. + - bpo-23325: The signal module no longer assumes that SIG_IGN + and SIG_DFL are small int singletons. + - bpo-46932: Update bundled libexpat to 2.4.7 + - bpo-25707: Fixed a file leak in + xml.etree.ElementTree.iterparse() when the iterator is not + exhausted. Patch by Jacob Walls. + - bpo-44886: Inherit asyncio proactor datagram transport from + asyncio.DatagramTransport. + - bpo-46827: Support UDP sockets in asyncio.loop.sock_connect() + for selector-based event loops. Patch by Thomas Grainger. + - bpo-46811: Make test suite support Expat >=2.4.5 + - bpo-46252: Raise TypeError if ssl.SSLSocket is passed to + transport-based APIs. + - bpo-46784: Fix libexpat symbols collisions with user + dynamically loaded or statically linked libexpat in embedded + Python. + - bpo-39327: shutil.rmtree() can now work with VirtualBox + shared folders when running from the guest operating-system. + - bpo-46756: Fix a bug in + urllib.request.HTTPPasswordMgr.find_user_password() and + urllib.request.HTTPPasswordMgrWithPriorAuth.is_authenticated() + which allowed to bypass authorization. For example, access to + URI example.org/foobar was allowed if the user was authorized + for URI example.org/foo. + - bpo-46643: In typing.get_type_hints(), support evaluating + stringified ParamSpecArgs and ParamSpecKwargs annotations. + Patch by Gregory Beauregard. + - bpo-45863: When the tarfile module creates a pax format + archive, it will put an integer representation of timestamps + in the ustar header (if possible) for the benefit of older + unarchivers, in addition to the existing full-precision + timestamps in the pax extended header. + - bpo-46676: Make typing.ParamSpec args and kwargs equal to + themselves. Patch by Gregory Beauregard. + - bpo-46672: Fix NameError in asyncio.gather() when initial + type check fails. + - bpo-46655: In typing.get_type_hints(), support evaluating + bare stringified TypeAlias annotations. Patch by Gregory + Beauregard. + - bpo-45948: Fixed a discrepancy in the C implementation of the + xml.etree.ElementTree module. Now, instantiating an + xml.etree.ElementTree.XMLParser with a target=None keyword + provides a default xml.etree.ElementTree.TreeBuilder target + as the Python implementation does. + - bpo-46521: Fix a bug in the codeop module that was + incorrectly identifying invalid code involving string quotes + as valid code. + - bpo-46581: Brings ParamSpec propagation for GenericAlias in + line with Concatenate (and others). + - bpo-46591: Make the IDLE doc URL on the About IDLE dialog + clickable. + - bpo-46400: expat: Update libexpat from 2.4.1 to 2.4.4 + - bpo-46487: Add the get_write_buffer_limits method to + asyncio.transports.WriteTransport and to the SSL transport. + - bpo-45173: Note the configparser deprecations will be removed + in Python 3.12. + - bpo-46539: In typing.get_type_hints(), support evaluating + stringified ClassVar and Final annotations inside Annotated. + Patch by Gregory Beauregard. + - bpo-46491: Allow typing.Annotated to wrap typing.Final and + typing.ClassVar. Patch by Gregory Beauregard. + - bpo-46436: Fix command-line option -d/--directory in module + http.server which is ignored when combined with command-line + option --cgi. Patch by Géry Ogam. + - bpo-41403: Make mock.patch() raise a TypeError with + a relevant error message on invalid arg. Previously it + allowed a cryptic AttributeError to escape. + - bpo-46474: In importlib.metadata.EntryPoint.pattern, avoid + potential REDoS by limiting ambiguity in consecutive + whitespace. + - bpo-46469: asyncio generic classes now return + types.GenericAlias in __class_getitem__ instead of the same + class. + - bpo-46434: pdb now gracefully handles help when __doc__ is + missing, for example when run with pregenerated optimized + .pyc files. + - bpo-46333: The __eq__() and __hash__() methods of + typing.ForwardRef now honor the module parameter of + typing.ForwardRef. Forward references from different modules + are now differentiated. + - bpo-46246: Add missing __slots__ to + importlib.metadata.DeprecatedList. Patch by Arie Bovenberg. + - bpo-46266: Improve day constants in calendar. + - Now all constants (MONDAY … SUNDAY) are documented, tested, + and added to __all__. + - bpo-46232: The ssl module now handles certificates with bit + strings in DN correctly. + - bpo-43118: Fix a bug in inspect.signature() that was causing + it to fail on some subclasses of classes with + a __text_signature__ referencing module globals. Patch by + Weipeng Hong. + - bpo-26552: Fixed case where failing asyncio.ensure_future() + did not close the coroutine. Patch by Kumar Aditya. + - bpo-21987: Fix an issue with tarfile.TarFile.getmember() + getting a directory name with a trailing slash. + - bpo-20392: Fix inconsistency with uppercase file extensions + in MimeTypes.guess_type(). Patch by Kumar Aditya. + - bpo-46080: Fix exception in argparse help text generation if + a argparse.BooleanOptionalAction argument’s default is + argparse.SUPPRESS and it has help specified. Patch by Felix + Fontein. + - bpo-44439: Fix .write() method of a member file in ZipFile, + when the input data is an object that supports the buffer + protocol, the file length may be wrong. + - bpo-45703: When a namespace package is imported before + another module from the same namespace is created/installed + in a different sys.path location while the program is + running, calling the importlib.invalidate_caches() function + will now also guarantee the new module is noticed. + - bpo-24959: Fix bug where unittest sometimes drops frames from + tracebacks of exceptions raised in tests. + - bpo-44791: Fix substitution of ParamSpec in Concatenate with + different parameter expressions. Substitution with a list of + types returns now a tuple of types. Substitution with + Concatenate returns now a Concatenate with concatenated lists + of arguments. + - bpo-14156: argparse.FileType now supports an argument of ‘-’ + in binary mode, returning the .buffer attribute of + sys.stdin/sys.stdout as appropriate. Modes including ‘x’ and + ‘a’ are treated equivalently to ‘w’ when argument is ‘-’. + Patch contributed by Josh Rosenberg + - bpo-46463: Fixes escape4chm.py script used when building the + CHM documentation file + - bpo-46913: Fix test_faulthandler.test_sigfpe() if Python is + built with undefined behavior sanitizer (UBSAN): disable + UBSAN on the faulthandler_sigfpe() function. Patch by Victor + Stinner. + - bpo-46708: Prevent default asyncio event loop policy + modification warning after test_asyncio execution. + - bpo-46678: The function make_legacy_pyc in + Lib/test/support/import_helper.py no longer fails when + PYTHONPYCACHEPREFIX is set to a directory on a different + device from where tempfiles are stored. + - bpo-46616: Ensures test_importlib.test_windows cleans up + registry keys after completion. + - bpo-44359: test_ftplib now silently ignores socket errors to + prevent logging unhandled threading exceptions. Patch by + Victor Stinner. + - bpo-46542: Fix a Python crash in test_lib2to3 when using + Python built in debug mode: limit the recursion limit. Patch + by Victor Stinner. + - bpo-46576: test_peg_generator now disables compiler + optimization when testing compilation of its own C extensions + to significantly speed up the testing on non-debug builds of + CPython. + - bpo-46542: Fix test_json tests checking for RecursionError: + modify these tests to use support.infinite_recursion(). Patch + by Victor Stinner. + - bpo-13886: Skip test_builtin PTY tests on non-ASCII + characters if the readline module is loaded. The readline + module changes input() behavior, but test_builtin is not + intented to test the readline module. Patch by Victor + Stinner. + - bpo-38472: Fix GCC detection in setup.py when + cross-compiling. The C compiler is now run with LC_ALL=C. + Previously, the detection failed with a German locale. + - bpo-46513: configure no longer uses AC_C_CHAR_UNSIGNED macro + and pyconfig.h no longer defines reserved symbol + __CHAR_UNSIGNED__. + - bpo-45296: Clarify close, quit, and exit in IDLE. In the File + menu, ‘Close’ and ‘Exit’ are now ‘Close Window’ (the current + one) and ‘Exit’ is now ‘Exit IDLE’ (by closing all windows). + In Shell, ‘quit()’ and ‘exit()’ mean ‘close Shell’. If there + are no other windows, this also exits IDLE. + - bpo-45447: Apply IDLE syntax highlighting to pyi files. Patch + by Alex Waygood and Terry Jan Reedy. + - bpo-46433: The internal function _PyType_GetModuleByDef now + correctly handles inheritance patterns involving static + types. + - bpo-14916: Fixed bug in the tokenizer that prevented + PyRun_InteractiveOne from parsing from the provided FD. + +- Remove upstreamed patches: + - support-expat-245.patch + +------------------------------------------------------------------- +Tue Feb 22 05:53:06 UTC 2022 - Steve Kowalik + +- Add patch support-expat-245.patch: + * Support Expat >= 2.4.5 + +------------------------------------------------------------------- +Tue Feb 15 23:05:55 UTC 2022 - Matej Cepl + +- bsc#1195831 Obsolete older "most modern" versions of python + packages (python39 for python310 and so forth). For next + versions it is necessary just to edit the macro. + +------------------------------------------------------------------- +Tue Jan 25 16:09:25 UTC 2022 - Matej Cepl + +- Remove second superfluous BR rpm-build-python + +------------------------------------------------------------------- +Tue Jan 25 16:09:25 UTC 2022 - Matej Cepl + +- Remove second superfluous BR rpm-build-python +- Add fix_configure_rst.patch, which removes duplicate link + targets and make documentation with old Sphinx in SLE +- Skip test_capi (bsc#1195140 and bpo#37169) + +------------------------------------------------------------------- +Wed Jan 19 22:01:51 UTC 2022 - Matej Cepl + +- Update to 3.10.2: + Bugfix only + - bpo#46347 memory leak in PyEval_EvalCodeEx (especially + visible with Cython code) + - and many others + +------------------------------------------------------------------- +Wed Dec 8 13:07:25 UTC 2021 - Matej Cepl + +- Upgrade to 3.10.1 (jsc#SLE-18038): + - PEP 623 – Deprecate and prepare for the removal of the wstr + member in PyUnicodeObject. + - PEP 604 – Allow writing union types as X | Y + - PEP 612 – Parameter Specification Variables + - PEP 626 – Precise line numbers for debugging and other tools. + - PEP 618 – Add Optional Length-Checking To zip. + - bpo-12782: Parenthesized context managers are now officially + allowed. + - PEP 632 – Deprecate distutils module. + - PEP 613 – Explicit Type Aliases + - PEP 634 – Structural Pattern Matching: Specification + - PEP 635 – Structural Pattern Matching: Motivation and + Rationale + - PEP 636 – Structural Pattern Matching: Tutorial + - PEP 644 – Require OpenSSL 1.1.1 or newer + - PEP 624 – Remove Py_UNICODE encoder APIs + - PEP 597 – Add optional EncodingWarning +- Patches readjusted: + - bpo-31046_ensurepip_honours_prefix.patch + - python-3.3.0b1-fix_date_time_compiler.patch + +------------------------------------------------------------------- +Sat Dec 4 18:40:28 UTC 2021 - Matej Cepl + +- Remove pdb_adjust_breakpoints.patch and instead just adjust location + of the test breakpoint in Lib/test/test_pdb.py via sed, because we + have shortened Lib/pdb.py by removing the shebang (bpo#45964). + +------------------------------------------------------------------- +Thu Dec 2 13:51:57 UTC 2021 - Matej Cepl + +- Add pdb_adjust_breakpoints.patch fixing expectd results in + test_pdb_breakpoints_preserved_across_interactive_sessions + (bpo#45964). + +------------------------------------------------------------------- +Mon Nov 29 00:17:07 UTC 2021 - Matej Cepl + +- Remove shebangs from from python-base libraries in _libdir + (bsc#1193179). +- Readjust patches: + - bpo-31046_ensurepip_honours_prefix.patch + - decimal.patch + - python-3.3.0b1-fix_date_time_compiler.patch + +------------------------------------------------------------------- +Tue Nov 16 16:03:43 UTC 2021 - Matej Cepl + +- Move rpm-build-python construct to correct place. + +------------------------------------------------------------------- +Wed Oct 13 08:52:47 UTC 2021 - Dominique Leuenberger + +- BuildRequire rpm-build-python: The provider to inject python(abi) + has been moved there. rpm-build pulls rpm-build-python + automatically in when building anything against python3-base, but + this implies that the initial build of python3-base does not + trigger the automatic installation. + +------------------------------------------------------------------- +Tue Oct 5 22:36:51 UTC 2021 - Matej Cepl + +- Final release of 3.10.0: + Complete list on https://www.python.org/downloads/release/python-3100/, + but highlights are: + - PEP 623 – Deprecate and prepare for the removal of the wstr + member in PyUnicodeObject. + - PEP 604 – Allow writing union types as X | Y + - PEP 612 – Parameter Specification Variables + - PEP 626 – Precise line numbers for debugging and other + tools. + - PEP 618 – Add Optional Length-Checking To zip. + - PEP 632 – Deprecate distutils module. + - PEP 613 – Explicit Type Aliases + - PEP 634 – Structural Pattern Matching: Specification + - PEP 635 – Structural Pattern Matching: Motivation and + Rationale + - PEP 636 – Structural Pattern Matching: Tutorial + - PEP 644 – Require OpenSSL 1.1.1 or newer + - PEP 624 – Remove Py_UNICODE encoder APIs + - PEP 597 – Add optional EncodingWarning + - bpo-12782: Parenthesized context managers are now officially + allowed. + +------------------------------------------------------------------- +Mon Aug 30 12:48:25 UTC 2021 - Matej Cepl + +- Switch on option --with-system-libmpdec (bsc#1189356). + +------------------------------------------------------------------- +Fri Aug 27 13:15:03 UTC 2021 - Andreas Schwab + +- Reenable profileopt with qemu emulation, test_faulthandler is no longer + run during profiling + +------------------------------------------------------------------- +Thu Aug 12 15:11:39 UTC 2021 - Andreas Schwab + +- test_faulthandler is still problematic under qemu linux-user emulation, + disable it there + +------------------------------------------------------------------- +Wed Aug 11 05:57:11 UTC 2021 - Matej Cepl + +- Update to 3.10.0rc1 (the penultimate prerelease), which contains + plenty of small bugfixes among others: + - bpo#38605: from __future__ import annotations (PEP 563) used to be + on this list in previous pre-releases but it has been postponed to + Python 3.11 due to some compatibility concerns. + - bpo-44600: Fix incorrect line numbers while tracing some failed + patterns in match statements. Patch by Charles Burkland. + - plenty of modifications in types.Union + +------------------------------------------------------------------- +Wed Jul 21 13:44:48 UTC 2021 - Matej Cepl + +- Update to 3.10.0b4: + https://docs.python.org/3.10/whatsnew/changelog.html#python-3-10-0-beta-4 +- Remove python3-imp-returntype.patch which has been upstreamed. + +------------------------------------------------------------------- +Mon Jun 7 15:52:44 UTC 2021 - Matej Cepl + +- Update to 3.10.0b2: + - PEP 623 -- Deprecate and prepare for the removal of the wstr + member in PyUnicodeObject. + - PEP 604 -- Allow writing union types as X | Y + - PEP 612 -- Parameter Specification Variables + - PEP 626 -- Precise line numbers for debugging and other + tools. + - PEP 618 -- Add Optional Length-Checking To zip. + - bpo-12782: Parenthesized context managers are now officially + allowed. + - PEP 632 -- Deprecate distutils module. + - PEP 613 -- Explicit Type Aliases + - PEP 634 -- Structural Pattern Matching: Specification + - PEP 635 -- Structural Pattern Matching: Motivation and + Rationale + - PEP 636 -- Structural Pattern Matching: Tutorial + - PEP 644 -- Require OpenSSL 1.1.1 or newer + - PEP 624 -- Remove Py_UNICODE encoder APIs + - PEP 597 -- Add optional EncodingWarning +- Removed patches (assumed upstream): + - sphinx-update-removed-function.patch + +------------------------------------------------------------------- +Sat Jun 5 21:21:38 UTC 2021 - Matej Cepl + +- Revert previous skip over test_capi +- Add skip-test_pyobject_freed_is_freed.patch to skip failing + test on SLE-15. + +------------------------------------------------------------------- +Fri Jun 4 21:36:30 UTC 2021 - Dirk Müller + +- allow build with Sphinx >= 3.x + +------------------------------------------------------------------- +Wed Jun 2 13:12:04 UTC 2021 - Dan Čermák + +- Exclude test_capi on Leap (test fails there) + +------------------------------------------------------------------- +Fri May 21 15:13:59 UTC 2021 - Matej Cepl + +- Stop providing "python" symbol (bsc#1185588), which means + python2 currently. + +------------------------------------------------------------------- +Wed May 5 15:16:58 UTC 2021 - Matej Cepl + +- Update to 3.9.5: + * Security + - bpo-43434: Creating a sqlite3.Connection object now also + produces a sqlite3.connect auditing event. Previously this + event was only produced by sqlite3.connect() calls. Patch + by Erlend E. Aasland. + - bpo-43882: The presence of newline or tab characters in + parts of a URL could allow some forms of attacks. + - Following the controlling specification for URLs defined by + WHATWG urllib.parse() now removes ASCII newlines and tabs + from URLs, preventing such attacks. + - bpo-43472: Ensures interpreter-level audit hooks receive + the cpython.PyInterpreterState_New event when called + through the _xxsubinterpreters module. + - bpo-36384: ipaddress module no longer accepts any leading + zeros in IPv4 address strings. Leading zeros are ambiguous + and interpreted as octal notation by some libraries. For + example the legacy function socket.inet_aton() treats + leading zeros as octal notatation. glibc implementation of + modern inet_pton() does not accept any leading zeros. For + a while the ipaddress module used to accept ambiguous + leading zeros. + - bpo-43075: Fix Regular Expression Denial of Service (ReDoS) + vulnerability in urllib.request.AbstractBasicAuthHandler. + The ReDoS-vulnerable regex has quadratic worst-case + complexity and it allows cause a denial of service when + identifying crafted invalid RFCs. This ReDoS issue is on + the client side and needs remote attackers to control the + HTTP server. + - bpo-42800: Audit hooks are now fired for frame.f_code, + traceback.tb_frame, and generator code/frame attribute + access. + * Core and Builtins + - bpo-43105: Importlib now resolves relative paths when + creating module spec objects from file locations. + - bpo-42924: Fix bytearray repetition incorrectly copying + data from the start of the buffer, even if the data is + offset within the buffer (e.g. after reassigning a slice at + the start of the bytearray to a shorter byte string). + * Library + - bpo-43993: Update bundled pip to 21.1.1. + - bpo-43937: Fixed the turtle module working with non-default + root window. + - bpo-43930: Update bundled pip to 21.1 and setuptools to + 56.0.0 + - bpo-43920: OpenSSL 3.0.0: load_verify_locations() now + returns a consistent error message when cadata contains no + valid certificate. + - bpo-43607: urllib can now convert Windows paths with \\?\ + prefixes into URL paths. + - bpo-43284: platform.win32_ver derives the windows version + from sys.getwindowsversion().platform_version which in turn + derives the version from kernel32.dll (which can be of + a different version than Windows itself). Therefore change + the platform.win32_ver to determine the version using the + platform module’s _syscmd_ver private function to return an + accurate version. + - bpo-42248: [Enum] ensure exceptions raised in _missing__ + are released + - bpo-43799: OpenSSL 3.0.0: define OPENSSL_API_COMPAT 1.1.1 + to suppress deprecation warnings. Python requires OpenSSL + 1.1.1 APIs. + - bpo-43794: Add ssl.OP_IGNORE_UNEXPECTED_EOF constants + (OpenSSL 3.0.0) + - bpo-43789: OpenSSL 3.0.0: Don’t call the password callback + function a second time when first call has signaled an + error condition. + - bpo-43788: The header files for ssl error codes are now + OpenSSL version-specific. Exceptions will now show correct + reason and library codes. The make_ssl_data.py script has + been rewritten to use OpenSSL’s text file with error codes. + - bpo-43655: tkinter dialog windows are now recognized as + dialogs by window managers on macOS and X Window. + - bpo-43534: turtle.textinput() and turtle.numinput() create + now a transient window working on behalf of the canvas + window. + - bpo-43522: Fix problem with hostname_checks_common_name. + OpenSSL does not copy hostflags from struct SSL_CTX to + struct SSL. + - bpo-42967: Allow bytes separator argument in + urllib.parse.parse_qs and urllib.parse.parse_qsl when + parsing str query strings. Previously, this raised + a TypeError. + - bpo-43176: Fixed processing of a dataclass that inherits + from a frozen dataclass with no fields. It is now correctly + detected as an error. + - bpo-41735: Fix thread locks in zlib module may go wrong in + rare case. Patch by Ma Lin. + - bpo-36470: Fix dataclasses with InitVars and replace(). + Patch by Claudiu Popa. + - bpo-32745: Fix a regression in the handling of ctypes’ + ctypes.c_wchar_p type: embedded null characters would cause + a ValueError to be raised. Patch by Zackery Spytz. + * Documentation + - bpo-43959: The documentation on the PyContextVar C-API was + clarified. + - bpo-43938: Update dataclasses documentation to express that + FrozenInstanceError is derived from AttributeError. + - bpo-43755: Update documentation to reflect that + unparenthesized lambda expressions can no longer be the + expression part in an if clause in comprehensions and + generator expressions since Python 3.9. + - bpo-43739: Fixing the example code in + Doc/extending/extending.rst to declare and initialize the + pmodule variable to be of the right type. + * Tests + - bpo-43961: Fix + test_logging.test_namer_rotator_inheritance() on Windows: + use os.replace() rather than os.rename(). Patch by Victor + Stinner. + - bpo-43842: Fix a race condition in the SMTP test of + test_logging. Don’t close a file descriptor (socket) from + a different thread while asyncore.loop() is polling the + file descriptor. Patch by Victor Stinner. + - bpo-43811: Tests multiple OpenSSL versions on GitHub + Actions. Use ccache to speed up testing. + - bpo-43791: OpenSSL 3.0.0: Disable testing of legacy + protocols TLS 1.0 and 1.1. Tests are failing with + TLSV1_ALERT_INTERNAL_ERROR. +- Refreshed patches: + - bpo-31046_ensurepip_honours_prefix.patch + - python-3.3.0b1-fix_date_time_compiler.patch +- Add vendorized files from bluez-devel to enable building support for + Bluetooth. + +------------------------------------------------------------------- +Sun May 2 09:20:06 UTC 2021 - Ben Greiner + +- Make sure to close the import_failed.map file after the exception + has been raised in order to avoid ResourceWarnings when the + failing import is part of a try...except block. + +------------------------------------------------------------------- +Wed Apr 28 16:39:54 UTC 2021 - Matej Cepl + +- Update to 3.9.4: + - bpo#43710: Reverted the fix for https://bugs.python.org/issue42500 + as it changed the PyThreadState struct size and broke the 3.9.x ABI + in the 3.9.3 release (visible on 32-bit platforms using binaries + compiled using an earlier version of Python 3.9.x headers). + - bpo#26053: Fixed bug where the pdb interactive run command echoed + the args from the shell command line, even if those have been + overridden at the pdb prompt. + - bpo#42988 (bsc#1183374) CVE-2021-3426: Remove the getfile + feature of the pydoc module which could be abused to read + arbitrary files on the disk (directory traversal + vulnerability). Moreover, even source code of Python modules + can contain sensitive data like passwords. Vulnerability + reported by David Schwörer. + - bpo#43285: ftplib no longer trusts the IP address value + returned from the server in response to the PASV command by + default. This prevents a malicious FTP server from using the + response to probe IPv4 address and port combinations on the + client network. Code that requires the former vulnerable + behavior may set a trust_server_pasv_ipv4_address attribute + on their ftplib.FTP instances to True to re-enable it. + - bpo#43439: Add audit hooks for gc.get_objects(), + gc.get_referrers() and gc.get_referents(). Patch by Pablo + Galindo. + - bpo#43660: Fix crash that happens when replacing sys.stderr + with a callable that can remove the object while an exception + is being printed. Patch by Pablo Galindo. + - bpo#43555: Report the column offset for SyntaxError for + invalid line continuation characters. Patch by Pablo Galindo. + - bpo#43517: Fix misdetection of circular imports when using + from pkg.mod import attr, which caused false positives in + non-trivial multi-threaded code. + - bpo#35883: Python no longer fails at startup with a fatal + error if a command line argument contains an invalid Unicode + character. The Py_DecodeLocale() function now escapes byte + sequences which would be decoded as Unicode characters + outside the [U+0000; U+10ffff] range. + - bpo#43406: Fix a possible race condition where + PyErr_CheckSignals tries to execute a non-Python signal + handler. + - bpo#42500: Improve handling of exceptions near recursion + limit. Converts a number of Fatal Errors in RecursionErrors. + - bpo#43433: xmlrpc.client.ServerProxy no longer ignores query + and fragment in the URL of the server. + - bpo#35930: Raising an exception raised in a “future” instance + will create reference cycles. + - bpo#43577: Fix deadlock when using ssl.SSLContext debug + callback with ssl.SSLContext.sni_callback(). + - bpo#43521: ast.unparse can now render NaNs and empty sets. + - bpo#43423: subprocess.communicate() no longer raises an + IndexError when there is an empty stdout or stderr IO buffer + during a timeout on Windows. + - bpo#27820: Fixed long-standing bug of smtplib.SMTP where + doing AUTH LOGIN with initial_response_ok=False will fail. + The cause is that SMTP.auth_login _always_ returns a password + if provided with a challenge string, thus non-compliant with + the standard for AUTH LOGIN. Also fixes bug with the test for + smtpd. + - bpo#43332: Improves the networking efficiency of http.client + when using a proxy via set_tunnel(). Fewer small send calls + are made during connection setup. + - bpo#43399: Fix ElementTree.extend not working on iterators + when using the Python implementation + - bpo#43316: The python -m gzip command line application now + properly fails when detecting an unsupported extension. It + exits with a non-zero exit code and prints an error message + to stderr. + - bpo#43260: Fix TextIOWrapper can not flush internal buffer + forever after very large text is written. + - bpo#42782: Fail fast in shutil.move() to avoid creating + destination directories on failure. + - bpo#37193: Fixed memory leak in socketserver.ThreadingMixIn + introduced in Python 3.7. + - bpo#43199: Answer “Why is there no goto?” in the Design and + History FAQ. + - bpo#43407: Clarified that a result from time.monotonic(), + time.perf_counter(), time.process_time(), or + time.thread_time() can be compared with the result from any + following call to the same function - not just the next + immediate call. + - bpo#27646: Clarify that ‘yield from ’ works with any + iterable, not just iterators. + - bpo#36346: Update some deprecated unicode APIs which are + documented as “will be removed in 4.0” to “3.12”. See PEP 623 + for detail. + - bpo#37945: Fix test_getsetlocale_issue1813() of test_locale: + skip the test if setlocale() fails. Patch by Victor Stinner. + - bpo#41561: Add workaround for Ubuntu’s custom OpenSSL + security level policy. + - bpo#43288: Fix test_importlib to correctly skip Unicode file + tests if the fileystem does not support them. + - bpo#43617: Improve configure.ac: Check for presence of + autoconf-archive package and remove our copies of M4 macros. + - bpo#42225: Document that IDLE can fail on Unix either from + misconfigured IP masquerage rules or failure displaying + complex colored (non-ascii) characters. + - bpo#43283: Document why printing to IDLE’s Shell is often + slower than printing to a system terminal and that it can be + made faster by pre-formatting a single string before + printing. + +------------------------------------------------------------------- +Fri Feb 19 16:58:38 UTC 2021 - Matej Cepl + +- Update to 3.9.2: + - bpo#42938 (bsc#1181126): Avoid static buffers when computing + the repr of ctypes.c_double and ctypes.c_longdouble + values. This issue was assigned CVE-2021-3177. + - bpo#42967 (bsc#1182379): Fix web cache poisoning + vulnerability by defaulting the query args separator to &, + and allowing the user to choose a custom separator. This + issue was assigned CVE-2021-23336. +- Upstreamed patches were removed: + - CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch + - bsc1167501-invalid-alignment.patch + - skip_random_failing_tests.patch + - CVE-2019-5010-null-defer-x509-cert-DOS.patch + +------------------------------------------------------------------- +Tue Feb 9 01:37:59 UTC 2021 - Steve Kowalik + +- Add Obsoletes for python3-base when primary interpreter is set to + properly replace it during upgrades. (bsc#1181324) + +------------------------------------------------------------------- +Mon Feb 8 22:02:03 UTC 2021 - Matej Cepl + +- Update to 3.9.1: + Security bugs: + - Prevented potential DoS attack via CPU and RAM exhaustion + when processing malformed Apple Property List files in binary + format. + - The plistlib module no longer accepts entity declarations in + XML plist files to avoid XML vulnerabilities. This should not + affect users as entity declarations are not used in regular + plist files. + - Add volatile to the accumulator variable in + hmac.compare_digest, making constant-time-defeating + optimizations less likely. + Core and Builtins + - Allow assignment expressions in set literals and set + comprehensions as per PEP 572. Patch by Pablo Galindo. + - Fix a regression introduced by the new parser, where an + unparenthesized walrus operator was not allowed within + generator expressions. + - types.GenericAlias objects can now be the targets of + weakrefs. + - Fixed a bug in the PEG parser that was causing crashes in + debug mode. Now errors are checked in left-recursive rules to + avoid cases where such errors do not get handled in time and + appear as long-distance crashes in other places. + - Fixed a possible crash in the PEG parser when checking for + the ‘!=’ token in the barry_as_flufl rule. Patch by Pablo + Galindo. + - Fix handling of errors during creation of PyFunctionObject, + which resulted in operations on uninitialized memory. Patch + by Yonatan Goldschmidt. + - Fix a bug in the parser, where a curly brace following + a primary didn’t fail immediately. This led to invalid + expressions like a {b} to throw a SyntaxError with a wrong + offset, or invalid expressions ending with a curly brace like + a { to not fail immediately in the REPL. + - Fix possible buffer overflow in the new parser when checking + for continuation lines. Patch by Pablo Galindo. + - Run the parser two times. On the first run, disable all the + rules that only generate better error messages to gain + performance. If there’s a parse failure, run the parser + a second time with those enabled. + - Document the default implementation of object.__eq__. + - Fix peephole optimizer misoptimize conditional jump + + JUMP_IF_NOT_EXC_MATCH pair. + - The garbage collector now tracks all user-defined classes. + Patch by Brandt Bucher. + - Fixed potential issues with removing not completely + initialized module from sys.modules when import fails. + - Star-unpacking is now allowed for with item’s targets in the + PEG parser. + - Fixed stack overflow in issubclass() and isinstance() when + getting the __bases__ attribute leads to infinite recursion. + - When loading a native module and a load failure occurs, + prevent a possible UnicodeDecodeError when not running in + a UTF-8 locale by decoding the load error message using the + current locale’s encoding. + - Correctly count control blocks in ‘except’ in compiler. + Ensures that a syntax error, rather a fatal error, occurs for + deeply nested, named exception handlers. + Library + - types.GenericAlias will now raise a TypeError when attempting + to initialize with a keyword argument. Previously, this would + cause the interpreter to crash if the interpreter was + compiled with debug symbols. This does not affect + interpreters compiled for release. Patch by Ken Jin. + - CGIHTTPRequestHandler.run_cgi() HTTP_ACCEPT improperly + parsed. Replace the special purpose getallmatchingheaders + with generic get_all method and add relevant tests. + - inspect.findsource() now raises OSError instead of IndexError + when co_lineno of a code object is greater than the file + length. This can happen, for example, when a file is edited + after it was imported. PR by Irit Katriel. + - Fix handling of trailing comments by inspect.getsource(). + - ChainMap.__iter__ no longer calls __getitem__ on underlying + maps + - TracebackException no longer holds a reference to the + exception’s traceback object. Consequently, instances of + TracebackException for equivalent but non-equal exceptions + now compare as equal. + - We fixed an issue in pickle.whichmodule in which importing + multiprocessing could change the how pickle identifies which + module an object belongs to, potentially breaking the + unpickling of those objects. + - Clarify the error message for asyncio.IncompleteReadError + when expected is None. + - Extracting a symlink from a tarball should succeed and + overwrite the symlink if it already exists. The fix is to + remove the existing file or symlink before extraction. Based + on patch by Chris AtLee, Jeffrey Kintscher, and Senthil + Kumaran. + - Fixed tkinter.ttk.Style.map(). The function accepts now the + representation of the default state as empty sequence (as + returned by Style.map()). The structure of the result is now + the same on all platform and does not depend on the value of + wantobjects. + - Fix various issues with typing.Literal parameter handling + (flatten, deduplicate, use type to cache key). Patch provided + by Yurii Karabas. + - Fix the threading.Thread class at fork: do nothing if the + thread is already stopped (ex: fork called at Python exit). + Previously, an error was logged in the child process. + - The onerror callback from shutil.rmtree now receives correct + function when os.open fails. + - Fix os.sendfile() on illumos. + - Fixed writing binary Plist files larger than 4 GiB. + - The repr() of typing types containing Generic Alias Types + previously did not show the parameterized types in the + GenericAlias. They have now been changed to do so. + - webbrowser: Ignore NotADirectoryError when calling + xdg-settings. + - binhex.binhex() consisently writes macOS 9 line endings. + - Fix a stack overflow error for asyncio Task or Future repr(). + - The overflow occurs under some circumstances when a Task or + Future recursively returns itself. + - Fix memory leak in subprocess.Popen() in case an uid (gid) + specified in user (group, extra_groups) overflows uid_t + (gid_t). + - Improve asyncio.wait function to create the futures set just + one time. + - InvalidFileException and RecursionError are now the only + errors caused by loading malformed binary Plist file + (previously ValueError and TypeError could be raised in some + specific cases). + - Pickling heap types implemented in C with protocols 0 and + 1 raises now an error instead of producing incorrect data. + - plistlib: fix parsing XML plists with hexadecimal integer + values + - Fix an incorrectly formatted error from + _codecs.charmap_decode() when called with a mapped value + outside the range of valid Unicode code points. PR by Max + Bernstein. + - Fix pickling pure Python datetime.time subclasses. Patch by + Dean Inwood. + - Fixed a bug that was causing ctypes.util.find_library() to + return None when triying to locate a library in an + environment when gcc>=9 is available and ldconfig is not. + Patch by Pablo Galindo + - C14N 2.0 serialisation in xml.etree.ElementTree failed for + unprefixed attributes when a default namespace was defined. + - Fix a bug in the symtable module that was causing + module-scope global variables to not be reported as both + local and global. Patch by Pablo Galindo. + - str() for the type attribute of the tkinter.Event object + always returns now the numeric code returned by Tk instead of + the name of the event type. + - fix tkinter.EventType Enum so all members are strings, and + none are tuples + - Fix SQLite3 segfault when backing up closed database. Patch + contributed by Peter David McCormick. + - Fix the tarfile module to write only basename of TAR file to + GZIP compression header. + - Allow ctypes.wintypes to be imported on non-Windows systems. + - shutil.which() now ignores empty entries in PATHEXT instead + of treating them as a match. + - Fix time-of-check/time-of-action issue in + subprocess.Popen.send_signal. + - Fix --outfile for cProfile / profile not writing the output + file in the original directory when the program being + profiled changes the working directory. PR by Anthony + Sottile. + - ZipFile truncates files to avoid corruption when a shorter + comment is provided in append (“a”) mode. Patch by Jan Mazur. + - Fixed KeyError exception when flattening an email to a string + attempts to replace a non-existent Content-Transfer-Encoding + header. + Documentation + - Fix the URL for the IMAP protocol documents. + - Document __format__ functionality for IP addresses. + - Clarify that subscription expressions are also valid for + certain classes and types in the standard library, and for + user-defined classes and types if the classmethod + __class_getitem__() is provided. + - Documented generic alias type and types.GenericAlias. Also + added an entry in glossary for generic types. + - In Programming FAQ “Sequences (Tuples/Lists)” section, add + “How do you remove multiple items from a list”. + - Fix RemovedInSphinx40Warning when building the documentation. + Patch by Dong-hee Na. + - Update the refcounts info of PyType_FromModuleAndSpec. + - Fix tarfile’s extractfile documentation + - Document some restrictions on the default string + representations of numeric classes. + Tests + - Reenable test_gdb on gdb 9.2 and newer: + https://bugzilla.redhat.com/show_bug.cgi?id=1866884 bug is + fixed in gdb 10.1. + - Fix test_asyncio.test_call_later() race condition: don’t + measure asyncio performance in the call_later() unit test. + The test failed randomly on the CI. + - Include _testinternalcapi module in Windows installer for + test suite + - Fix test_logging.test_race_between_set_target_and_flush(): + the test now waits until all threads complete to avoid + leaking running threads. + - Avoid a test failure in test_lib2to3 if the module has + already imported at the time the test executes. Patch by + Pablo Galindo. + - Tests for CJK codecs no longer call eval() on content + received via HTTP. + - Fix test_site.test_license_exists_at_url(): call + urllib.request.urlcleanup() to reset the global + urllib.request._opener. Patch by Victor Stinner. + - test_ssl: skip test_min_max_version_mismatch when TLS 1.0 is + not available + - Add tests for SIGINT handling in the runpy module. + - Fixed a failure in test_tk.test_widgets.ScaleTest happening + when executing the test with Tk 8.6.10. + Build + - Fix a race condition in “make regen-all” when make -jN option + is used to run jobs in parallel. The clinic.py script now + only use atomic write to write files. Moveover, generated + files are now left unchanged if the content does not change, + to not change the file modification time. + - Update Py_UNREACHABLE to use __builtin_unreachable() if only + the compiler is able to use it. Patch by Dong-hee Na. + - Addressed three compiler warnings found by undefined behavior + sanitizer (ubsan). + IDLE + - Fix reporting offset of the RE error in searchengine. + - Get docstrings for IDLE calltips more often by using + inspect.getdoc. + - Mostly finish using ttk widgets, mainly for editor, settings, + and searches. Some patches by Mark Roseman. + - Use ‘IDLE Shell’ as shell title + - Rewrite the Calltips doc section. + - In calltips, stop reminding that ‘/’ marks the end of + positional-only arguments. + - Typing opening and closing parentheses inside the parentheses + of a function call will no longer cause unnecessary + “flashing” off and on of an existing open call-tip, e.g. when + typed in a string literal. + C API + - Fix potential crash in deallocating method objects when + dynamically allocated PyMethodDef’s lifetime is managed + through the self argument of a PyCFunction. + - Py_FileSystemDefaultEncodeErrors and Py_UTF8Mode are + available again in limited API. +- Readjustet and reapplied patches: + - CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch + - bpo-31046_ensurepip_honours_prefix.patch + - python-3.3.0b1-fix_date_time_compiler.patch + - skip_random_failing_tests.patch + - sphinx-update-removed-function.patch + +------------------------------------------------------------------- +Fri Jan 29 17:22:48 UTC 2021 - Matej Cepl + +- Add CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch fixing + bsc#1181126 (CVE-2021-3177) buffer overflow in PyCArg_repr in + _ctypes/callproc.c, which may lead to remote code execution. + +------------------------------------------------------------------- +Tue Jan 5 09:15:36 UTC 2021 - Matej Cepl + +- (bsc#1180125) We really don't Require python-rpm-macros package. + Unnecessary dependency. + +------------------------------------------------------------------- +Wed Dec 16 16:08:42 UTC 2020 - Matej Cepl + +- Make python39-doc building again +- Add no-skipif-doctests.patch, because SLE-15 version of Sphinx + doesn't know about skipif directive in doctests. + +------------------------------------------------------------------- +Sat Dec 12 14:29:33 UTC 2020 - Matej Cepl + +- Update sphinx-update-removed-function.patch patch to the latest + version in python36. + +------------------------------------------------------------------- +Thu Dec 10 00:26:51 UTC 2020 - Benjamin Greiner + +- Last try before this results in an editwar: + * remove importlib_resources and importlib-metadata + provides/obsoletes + * import importlib_resources is not the same as + import importlib.resources, same for metadata + * The backport packages from PyPI needed for older flavors are + specified as such for setuptools or in pyproject.toml. If a + package requires them they typically add them with a python + version qualifier and the packages have their own version + numbers. + +------------------------------------------------------------------- +Sat Dec 5 16:55:12 UTC 2020 - Matej Cepl + +- Add patch sphinx-update-removed-function.patch to no longer call + a now removed function and to make documentation build independent of + the Sphinx version (bsc#1179630, gh#python/cpython#13236). + +------------------------------------------------------------------- +Fri Nov 13 17:20:08 UTC 2020 - Matej Cepl + +- Don't require packages which break build on SLE-15 although we really + don't need them (python3-python-docs-theme and + python3-sphinxcontrib-qthelp). + +------------------------------------------------------------------- +Fri Oct 9 16:05:50 UTC 2020 - Dominique Leuenberger + +- Fix build with RPM 4.16: error: bare words are no longer + supported, please use "...": x86 == ppc. + +------------------------------------------------------------------- +Tue Oct 6 07:30:56 UTC 2020 - Matej Cepl + +- Update to the final version 3.9.0: + Complete changelog with all (many) + changes from previous version is on + https://docs.python.org/release/3.9.0/whatsnew/3.9.html + Changes from the previous RC versions (not that many) are on + https://docs.python.org/release/3.9.0/whatsnew/changelog.html#changelog + +------------------------------------------------------------------- +Fri Sep 25 06:58:03 UTC 2020 - Dominique Leuenberger + +- Buildrequire timezone only for general flavor. It's used in this + flavor for the test suite. + +------------------------------------------------------------------- +Wed Sep 2 14:39:44 UTC 2020 - Matej Cepl + +- Update to 3.9.0rc1: + * Core and Builtins + - bpo-38156: Handle interrupts that come after EOF + correctly in PyOS_StdioReadline. + * Library + - bpo-41497: Fix potential UnicodeDecodeError in dis + module. + - bpo-41490: Update ensurepip to install pip 20.2.1 and + setuptools 49.2.1. + - bpo-41467: On Windows, fix asyncio recv_into() return + value when the socket/pipe is closed (BrokenPipeError): + return 0 rather than an empty byte string (b''). + - bpo-41425: Make tkinter doc example runnable. + - bpo-41384: Raise TclError instead of TypeError when an + unknown option is passed to tkinter.OptionMenu. + - bpo-38731: Fix NameError in command-line interface of + py_compile. + - bpo-41317: Use add_done_callback() in + asyncio.loop.sock_accept() to unsubscribe reader early on + cancellation. + - bpo-41364: Reduce import overhead of uuid. + - bpo-41341: Recursive evaluation of typing.ForwardRef in + get_type_hints. + - bpo-41182: selector: use DefaultSelector based upon + implementation + - bpo-40726: Handle cases where the end_lineno is None on + ast.increment_lineno(). + * Documentation + - bpo-41045: Add documentation for debug feature of + f-strings. + - bpo-41314: Changed the release when from __future__ + import annotations becomes the default from 4.0 to 3.10 + (following a change in PEP 563). + * Windows + - bpo-41492: Fixes the description that appears in UAC + prompts. + - bpo-40948: Improve post-install message to direct people + to the “py” command. + - bpo-41412: The installer will now fail to install on + Windows 7 and Windows 8. Further, the UCRT dependency is + now always downloaded on demand. + - bpo-40741: Update Windows release to include SQLite + 3.32.3. + * IDLE + - bpo-41468: Improve IDLE run crash error message (which + users should never see). + - bpo-41373: Save files loaded with no line ending, as when + blank, or different line endings, by setting its line + ending to the system default. Fix regression in 3.8.4 and + 3.9.0b4. + +------------------------------------------------------------------- +Tue Sep 1 10:15:06 UTC 2020 - Matej Cepl + +- Synchronize formatting and fixes with python38. + +------------------------------------------------------------------- +Thu Aug 20 15:41:28 UTC 2020 - Andreas Schwab + +- Increase testsuite timeout to account for super long running + test_peg_generator + +------------------------------------------------------------------- +Tue Jul 21 09:53:06 UTC 2020 - Callum Farmer + +- Removed CVE-2019-20907_tarfile-inf-loop.patch: fixed in upstream +- Removed recursion.tar: contained in upstream +- Update to 3.9.0b5: + - bpo-41304: Fixes python3x._pth being ignored on Windows, caused + by the fix for bpo-29778 (CVE-2020-15801). + - bpo-41162: Audit hooks are now cleared later during + finalization to avoid missing events. + - bpo-29778: Ensure python3.dll is loaded from correct locations + when Python is embedded (CVE-2020-15523). + - bpo-39603: Prevent http header injection by rejecting control + characters in http.client.putrequest(…). + - bpo-41295: Resolve a regression in CPython 3.8.4 where defining + “__setattr__” in a multi-inheritance setup and + calling up the hierarchy chain could fail if builtins/extension + types were involved in the base types. + - bpo-41247: Always cache the running loop holder when running + asyncio.set_running_loop. + - bpo-41252: Fix incorrect refcounting in + _ssl.c’s _servername_callback(). + - bpo-41215: Use non-NULL default values in the PEG parser + keyword list to overcome a bug that was ' + preventing Python from being properly compiled when using the + XLC compiler. Patch by Pablo Galindo. + - bpo-41218: Python 3.8.3 had a regression where compiling with + ast.PyCF_ALLOW_TOP_LEVEL_AWAIT would + aggressively mark list comprehension with CO_COROUTINE. Now only + list comprehension making use of async/await will tagged as so. + - bpo-41175: Guard against a NULL pointer dereference within + bytearrayobject triggered by the bytearray() + bytearray() operation. + - bpo-39960: The “hackcheck” that prevents sneaking around a type’s + __setattr__() by calling the superclass method was + rewritten to allow C implemented heap types. + - bpo-41288: Unpickling invalid NEWOBJ_EX opcode with the + C implementation raises now UnpicklingError instead of crashing. + - bpo-39017: Avoid infinite loop when reading specially crafted + TAR files using the tarfile module (CVE-2019-20907, bsc#1174091). + - bpo-41235: Fix the error handling in ssl.SSLContext.load_dh_params(). + - bpo-41207: In distutils.spawn, restore expectation that + DistutilsExecError is raised when the command is not found. + - bpo-39168: Remove the __new__ method of typing.Generic. + - bpo-41194: Fix a crash in the _ast module: it can no longer be + loaded more than once. It now uses a global state rather than a module state. + - bpo-39384: Fixed email.contentmanager to allow set_content() to set a + null string. + - bpo-41300: Save files with non-ascii chars. + Fix regression released in 3.9.0b4 and 3.8.4. + - bpo-37765: Add keywords to module name completion list. + Rewrite Completions section of IDLE doc. + - bpo-40170: Revert PyType_HasFeature() change: it reads + again directly the PyTypeObject.tp_flags + member when the limited C API is not used, rather than always calling + PyType_GetFlags() which hides implementation details. + +------------------------------------------------------------------- +Mon Jul 20 12:06:41 UTC 2020 - Matej Cepl + +- Add CVE-2019-20907_tarfile-inf-loop.patch fixing bsc#1174091 + (CVE-2019-20907, bpo#39017) avoiding possible infinite loop + in specifically crafted tarball. + Add recursion.tar as a testing tarball for the patch. + +------------------------------------------------------------------- +Fri Jul 17 07:07:19 UTC 2020 - Callum Farmer + +- Changed bpo-31046_ensurepip_honours_prefix.patch to include fix from py3.8 + +------------------------------------------------------------------- +Thu Jul 16 21:45:50 UTC 2020 - Callum Farmer + +- Spec file fixes +- Re-added subprocess-raise-timeout.patch: now compatible +- Removed bpo34022-stop_hash-based_invalidation_w_SOURCE_DATE_EPOCH.patch: contained in upstream + +------------------------------------------------------------------- +Wed Jul 15 09:10:42 UTC 2020 - Tomáš Chvátal + +- Fix minor issues found in the staging. + +------------------------------------------------------------------- +Wed Jul 15 06:13:33 UTC 2020 - Tomáš Chvátal + +- Do not set ourselves as primary interpreter + +------------------------------------------------------------------- +Tue Jul 14 20:45:11 UTC 2020 - Matej Cepl + +- Update to 3.9.0b4: + - PEP 584, Union Operators in dict + - PEP 585, Type Hinting Generics In Standard Collections + - PEP 593, Flexible function and variable annotations + - PEP 602, Python adopts a stable annual release cadence + - PEP 615, Support for the IANA Time Zone Database in the + Standard Library + - PEP 616, String methods to remove prefixes and suffixes + - PEP 617, New PEG parser for CPython + - bpo#38379, garbage collection does not block on resurrected + objects; + - bpo#38692, os.pidfd_open added that allows process + management without races and signals; + - bpo#39926, Unicode support updated to version 13.0.0; + - bpo#1635741, when Python is initialized multiple times in + the same process, it does not leak memory anymore; + - A number of Python builtins (range, tuple, set, frozenset, + list, dict) are now sped up using PEP 590 vectorcall; + - A number of Python modules (_abc, audioop, _bz2, _codecs, + _contextvars, _crypt, _functools, _json, _locale, operator, + resource, time, _weakref) now use multiphase initialization + as defined by PEP 489; + - A number of standard library modules (audioop, ast, grp, + _hashlib, pwd, _posixsubprocess, random, select, struct, + termios, zlib) are now using the stable ABI defined by + PEP 384. +- Remove upstreamed patches: + - F00102-lib64.patch + - SUSE-FEDORA-multilib.patch + - OBS_dev-shm.patch + - subprocess-raise-timeout.patch + - bpo36302-sort-module-sources.patch + - bpo40784-Fix-sqlite3-deterministic-test.patch + +------------------------------------------------------------------- +Fri Jul 10 10:55:15 UTC 2020 - Tomáš Chvátal + +- Update pre_checkin.sh and regenerate + +------------------------------------------------------------------- +Fri Jul 10 10:11:39 UTC 2020 - Tomáš Chvátal + +- Convert few dependencies to their pkgconfig counterparts + +------------------------------------------------------------------- +Fri Jul 10 10:08:48 UTC 2020 - Tomáš Chvátal + +- Remove release requirement on libpython, it is not really needed + to be equal as the abi changes with versions + +------------------------------------------------------------------- +Fri Jul 10 10:07:50 UTC 2020 - Tomáš Chvátal + +- Add provides python3-bla on all the subpkgs in case we are + primary provider of the functionality + +------------------------------------------------------------------- +Fri Jul 10 10:02:01 UTC 2020 - Tomáš Chvátal + +- Remove unversioned files from devel subpkg too +- Remove main python3 files from -base based whether we are + primary interpreter or not +- Fix idle to be co-installable +- Add condition to be primary to provide/obsolete python3-* +- Fix doc to build in versioned folder so the pythons can be + installed next to each other + +------------------------------------------------------------------- +Fri Jul 10 07:57:10 UTC 2020 - Tomáš Chvátal + +- Revert the full versioning of calls on the macros. These + are generic so they should really just call python3 X + +------------------------------------------------------------------- +Fri Jul 10 07:56:11 UTC 2020 - Tomáš Chvátal + +- For the doc package we can build with generic flavor, we don't + need the our-interpreter based one + +------------------------------------------------------------------- +Fri Jul 10 07:18:53 UTC 2020 - Tomáš Chvátal + +- Add provides for pytohn3X-typing/etc to allow BR on those still + to work when needed + +------------------------------------------------------------------- +Fri Jul 10 07:14:33 UTC 2020 - Tomáš Chvátal + +- Change macros.python3 to use full versioned 3.8 instead of just 3 + for python interpreter + +------------------------------------------------------------------- +Wed Jul 1 11:50:19 UTC 2020 - Tomáš Chvátal + +- Reduce some now unused conditionals + +------------------------------------------------------------------- +Wed Jul 1 11:00:40 UTC 2020 - Tomáš Chvátal + +- Redux the -base dependencies to match up pre-merge layout + +------------------------------------------------------------------- +Wed Jul 1 09:24:39 UTC 2020 - Tomáš Chvátal + +- Generate baselibs in pre-checkin too + +------------------------------------------------------------------- +Wed Jul 1 09:14:33 UTC 2020 - Tomáš Chvátal + +- Generate the importlib-failed using pre_checking again +- Add back the information about skipped tests on the pre_checkin + output + +------------------------------------------------------------------- +Tue Jun 30 07:11:19 UTC 2020 - Tomáš Chvátal + +- Use %python_pkg_name instead of hardcoding python3 where + applicable +- Sort out preamble with spec-cleaner + +------------------------------------------------------------------- +Mon Jun 29 14:36:10 UTC 2020 - Matej Cepl + +- Calculate required variables instead of relying on their continuous manual update + +------------------------------------------------------------------- +Thu Jun 25 10:44:08 UTC 2020 - Tomáš Chvátal + +- Fix the -base module build again to generate only the deps + we need + +------------------------------------------------------------------- +Wed Jun 17 18:42:51 UTC 2020 - Matej Cepl + +- Replace OBS_dev-shm.patch with the upstream PR#20944 + +------------------------------------------------------------------- +Thu Jun 10 14:30:15 UTC 2020 - Tomáš Chvátal + +- Use the %{python_pkg_name} on more places to allow easier + multiversioning +- Switch to _multibuild approach for easier maintenance of this + package. All is now in one spec file with 3 conditionals: + * bcond_with base + * bcond_with doc + * bcond_with general + +------------------------------------------------------------------- +Mon Jun 8 14:26:00 UTC 2020 - Matej Cepl + +- add requires python3-base on libpython subpackage (bsc#1167008) + +------------------------------------------------------------------- +Fri Jun 5 06:08:12 UTC 2020 - Dirk Mueller + +- build against Sphinx 2.x until python is compatible with + Sphinx 3.x (see gh#python/cpython#19397, bpo#40204) + +------------------------------------------------------------------- +Fri May 29 19:59:01 UTC 2020 - Andreas Stieger + +- Fix build with SQLite 3.32 (bpo#40783) + add bpo40784-Fix-sqlite3-deterministic-test.patch + +------------------------------------------------------------------- +Sun May 17 15:37:35 UTC 2020 - Callum Farmer + +- Update to version 3.8.3: + - Complete list of changes is available at + https://docs.python.org/release/3.8.3/whatsnew/changelog.html#python-3-8-3-final, + but most of them are just bugfixes. + - Removed patch CVE-2020-8492-urllib-ReDoS.patch: contained in upstream + +------------------------------------------------------------------- +Thu Apr 16 12:06:01 UTC 2020 - Matej Cepl + +- Add #!BuildIgnore: gdk-pixbuf-loader-rsvg to python3 SPEC + +------------------------------------------------------------------- +Thu Mar 26 15:36:55 UTC 2020 - Matej Cepl + +- Add patch bsc1167501-invalid-alignment.patch + (bsc#1167501, bpo#40052) to fix alignment in abstract.h header file. + +------------------------------------------------------------------- +Wed Mar 11 11:09:41 UTC 2020 - Andreas Schwab + +- Update list of skipped tests for qemu linux-user build, test_setegid + (test.test_os.PosixUidGidTests) is confusing it + +------------------------------------------------------------------- +Thu Mar 5 18:40:29 UTC 2020 - Matej Cepl + +- Update to 3.8.2: + - Complete list of changes is available at + https://docs.python.org/release/3.8.2/whatsnew/changelog.html#python-3-8-2-final, + but most of them are just bugfixes. + - Updated patches: + - F00102-lib64.patch + - OBS_dev-shm.patch + - SUSE-FEDORA-multilib.patch + - subprocess-raise-timeout.patch + +------------------------------------------------------------------- +Sun Feb 9 00:14:24 CET 2020 - Matej Cepl + +- Add CVE-2020-8492-urllib-ReDoS.patch fixing the security bug + "Python urrlib allowed an HTTP server to conduct Regular + Expression Denial of Service (ReDoS)" (bsc#1162367) + +------------------------------------------------------------------- +Sat Feb 8 22:21:10 CET 2020 - Matej Cepl + +- Add Requires: libpython%{so_version} == %{version}-%{release} + to python3-base to keep both packages always synchronized + (bsc#1162224). + +------------------------------------------------------------------- +Mon Feb 3 20:27:54 UTC 2020 - Tomáš Chvátal + +- Do not pull in bluez in base again, explain the cycle, + it needs to be solved by bluez maintainer for us by providing + just the headers separately + +------------------------------------------------------------------- +Mon Feb 3 19:54:25 UTC 2020 - Tomáš Chvátal + +- Reame idle icons to idle3 in order to not conflict with python2 + variant of the package + * renamed the icons + * renamed icon load in desktop file + +------------------------------------------------------------------- +Thu Jan 16 09:50:03 UTC 2020 - Tomáš Chvátal + +- Add importlib_resources provide/obsolete as it is integral + part of the lang since 3.7 release + +------------------------------------------------------------------- +Mon Jan 13 11:10:47 UTC 2020 - Martin Liška + +- Add -fno-semantic-interposition as it brings speed up: + https://fedoraproject.org/wiki/Changes/PythonNoSemanticInterpositionSpeedup + +------------------------------------------------------------------- +Thu Dec 19 16:25:26 CET 2019 - Matej Cepl + +- Update to 3.8.1: + - This is mainly bugfix release and no significant changes to + API are expected. The full changelog is available on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-1 + - Remove bpo-38688_shutil.copytree_prevent-infinite-recursion.patch, + which is included in the upstream tarball. + +------------------------------------------------------------------- +Thu Dec 19 14:57:32 CET 2019 - Matej Cepl + +- Add bpo-31046_ensurepip_honours_prefix.patch which makes + ensurepip to honour the value of $(prefix). Proposed fix for + bpo#31046.. + +------------------------------------------------------------------- +Tue Dec 10 11:07:16 UTC 2019 - Tomáš Chvátal + +- Move bluez-devel dependency to base as it is needed for + socket.AF_BLUETOOTH and otherwise does not work + +------------------------------------------------------------------- +Mon Dec 2 16:52:32 CET 2019 - Matej Cepl + +- Reintroduce QtHelp with the help of the new BR + python-sphinxcontrib-qthelp. + +------------------------------------------------------------------- +Mon Oct 21 18:51:00 UTC 2019 - Stefan Brüns + +- Fix SUSE-FEDORA-multilib.patch, the platform agnostic infix for + library installation is "lib", not "dir". + +------------------------------------------------------------------- +Thu Oct 17 14:19:20 UTC 2019 - Stefan Brüns + +- Move idle subpackage build from python3-base to python3. + appstream-glib required for packaging introduces considerable + extra dependencies and a build loop via rust/librsvg. +- Correct installation of idle IDE icons: + + idle.png is not the target directory + + non-GNOME-specific icons belong into icons/hicolor +- Add required Name key to idle3 desktop file + +------------------------------------------------------------------- +Tue Oct 15 16:39:12 CEST 2019 - Matej Cepl + +- Update to the final release 3.8.0. . + - New Features: + - Assignment expressions + - Positional-only parameters + - Parallel filesystem cache for compiled bytecode files + - Debug build uses the same ABI as release build + - f-strings support = for self-documenting expressions and + debugging + - PEP 578: Python Runtime Audit Hooks + - PEP 587: Python Initialization Configuration + - Vectorcall: a fast calling protocol for CPython + - Pickle protocol 5 with out-of-band data buffers + - New modules: + - importlib.metadata + - Improved modules: + - ast asyncio, builtins, collections, curses, ctypes, + datetime, functools, gc, gettext, gzip, idelib and IDLE, + inspect, io, json.tool, math, mmap, multiprocessing, os, + os.path, pathlib, pickle, plistlib, py_compile, shlex, + shutil, socket, ssl, statistics, sys, tarfile, threading, + tokenize, tkinter, time, typing, unicodedata, unittest, + venv, weakref, xml + - C API improvements + - bdist_winnst command has been deprecated (use bdist_wheel) +- https://docs.python.org/3.8/whatsnew/3.8.html remains rest of + changes including documentation on how to port your programs to + the current version of Python. + +------------------------------------------------------------------- +Mon Oct 14 15:02:08 CEST 2019 - Matej Cepl + +- Add idle3.appdata.xml and idle3.desktop (originally from + Fedora) to make Idle3 full GUI desktop application. + (bsc#1153830) + +------------------------------------------------------------------- +Wed Oct 9 19:09:16 UTC 2019 - Michael Gorse + +- Drop intltool from BuildRequires. Doesn't appear to be used. + +------------------------------------------------------------------- +Wed Oct 9 10:37:59 UTC 2019 - Tomáš Chvátal + +- Add folder version to allow tarball downloads even for beta/rc + releases + +------------------------------------------------------------------- +Tue Oct 8 14:53:54 CEST 2019 - Matej Cepl + +- Revert patches from Fedora (F00102-lib64.patch and + F00251-change-user-install-location.patch) into their original + prisitine Fedora versions, SUSE-FEDORA-multilib.patch refreshed + accordingly. + +------------------------------------------------------------------- +Mon Oct 7 14:33:30 UTC 2019 - Matej Cepl + +- Correct quotation of platsubdir in Lib/distutils/command/install.py + +------------------------------------------------------------------- +Thu Oct 3 13:59:57 CEST 2019 - Matej Cepl + +- Replace python-3.6.0-multilib.patch with two patches from + Fedora (F00102-lib64.patch and + F00251-change-user-install-location.patch), and our own + SUSE-FEDORA-multilib.patch to allow better cooperation with + Fedora and better upstreaming. +- Add OBS_dev-shm.patch fixing bpo#38377 + +------------------------------------------------------------------- +Thu Oct 3 08:39:18 UTC 2019 - Tomáš Chvátal + +- Pull in just gettext and let solver to sort out between: + gettext-runtime-mini and gettext-runtime + +------------------------------------------------------------------- +Wed Oct 2 15:00:09 CEST 2019 - Matej Cepl + +- Update to 3.8.0rc1. Overall changes from 3.7: + - PEP 572, Assignment expressions + - PEP 570, Positional-only arguments + - PEP 587, Python Initialization Configuration (improved + embedding) + - PEP 590, Vectorcall: a fast calling protocol for CPython + - PEP 578, Runtime audit hooks + - PEP 574, Pickle protocol 5 with out-of-band data + - Typing-related: PEP 591 (Final qualifier), PEP 586 (Literal + types), and PEP 589 (TypedDict) + - Parallel filesystem cache for compiled bytecode + - Debug builds share ABI as release builds, also the 'm' ABI + tag was removed (irrelevant since 3.4), bpo#36707 + - f-strings support a handy = specifier for debugging + - continue is now legal in finally: blocks + - on Windows, the default asyncio event loop is now + ProactorEventLoop + - on macOS, the spawn start method is now used by default in + multiprocessing + - multiprocessing can now use shared memory segments to avoid + pickling costs between processes + - typed_ast is merged back to CPython + - LOAD_GLOBAL is now 40% faster + - pickle now uses Protocol 4 by default, improving performance +- Refreshed patches: + - CVE-2019-5010-null-defer-x509-cert-DOS.patch + - python-3.3.0b1-fix_date_time_compiler.patch + - python-3.6.0-multilib.patch + - subprocess-raise-timeout.patch + +------------------------------------------------------------------- +Wed Sep 25 09:46:41 UTC 2019 - Bernhard Wiedemann + +- Add bpo36302-sort-module-sources.patch (boo#1041090) + +------------------------------------------------------------------- +Tue Sep 10 13:43:18 UTC 2019 - Tomáš Chvátal + +- Try harder obsoleting importlib-metadata + +------------------------------------------------------------------- +Sat Aug 31 00:16:47 CEST 2019 - Matej Cepl + +- Update to 3.8.0b4: + Many bugfixes, full list on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-0-beta-4 + +------------------------------------------------------------------- +Thu Aug 29 06:28:15 UTC 2019 - Guillaume GARDET + +- Re-enable test_threading on aarch64 + +------------------------------------------------------------------- +Sat Aug 17 13:21:15 UTC 2019 - John Vandenberg + +- Remove xrpm from subpackage tk description + +------------------------------------------------------------------- +Tue Aug 6 14:24:55 CEST 2019 - Matej Cepl + +- Update to 3.8.0b3: + Many bugfixes, full list on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-0-beta-3 +- Patches reapplied: + - python-3.3.0b1-fix_date_time_compiler.patch + - python-3.3.0b1-test-posix_fadvise.patch + - python-3.6.0-multilib.patch + - subprocess-raise-timeout.patch + +------------------------------------------------------------------- +Tue Jul 23 13:20:49 UTC 2019 - Matej Cepl + +- Add Provides: python3-importlib-metadata + +------------------------------------------------------------------- +Sun Jul 7 19:08:48 CEST 2019 - Matej Cepl + +- Update to 3.8.0b2: + Many bugfixes, full list on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-0-beta-2 +- Patches included in upstream: + - bpo-37169_PyObject_IsFreed.patch +- Patches reapplied: + - 00251-change-user-install-location.patch + - distutils-reproducible-compile.patch + - python-3.3.0b1-localpath.patch + - python-3.6.0-multilib.patch + +------------------------------------------------------------------- +Tue Jul 2 09:03:04 UTC 2019 - Andreas Schwab + +- Update list of skipped tests for qemu linux-user build +- Don't do profiling in qemu linux-user build + +------------------------------------------------------------------- +Wed Jun 5 12:19:09 CEST 2019 - Matej Cepl + +- Update to 3.8.0b1 (changes since 3.7.*): + - PEP 572, Assignment expressions + - PEP 570, Positional-only arguments + - PEP 587, Python Initialization Configuration (improved embedding) + - PEP 590, Vectorcall: a fast calling protocol for CPython + - PEP 578, Runtime audit hooks + - PEP 574, Pickle protocol 5 with out-of-band data + - Typing-related: PEP 591 (Final qualifier), PEP 586 (Literal + types), and PEP 589 (TypedDict) + - Parallel filesystem cache for compiled bytecode + - Debug builds share ABI as release builds + - f-strings support a handy = specifier for debugging + - continue is now legal in finally: blocks + - multiprocessing can now use shared memory segments to avoid + pickling costs between processes + - typed_ast is merged back to CPython + - LOAD_GLOBAL is now 40% faster + - pickle now uses Protocol 4 by default, improving performance +- Remove patches which were included in the upstream: + - 00251-change-user-install-location.patch + - 00316-mark-bdist_wininst-unsupported.patch + - CVE-2019-9947-no-ctrl-char-http.patch + - raise_SIGING_not_handled.patch + +------------------------------------------------------------------- +Wed May 22 10:53:03 UTC 2019 - Martin Liška + +- Set _lto_cflags to nil as the package is using LTO via --enable-lto. + That will prevent to propage LTO for Python modules that are + built in a separate package. + +------------------------------------------------------------------- +Sat May 4 21:29:20 CEST 2019 - Matej Cepl + +- Update to 3.8.0.a3: + - PEP 572: Assignment Expressions. + - Other (mostly small) changes are on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-0-alpha-3 + +------------------------------------------------------------------- +Mon Apr 29 15:40:34 CEST 2019 - Matej Cepl + +- bsc#1130840 (CVE-2019-9947): add CVE-2019-9947-no-ctrl-char-http.patch + Address the issue by disallowing URL paths with embedded + whitespace or control characters through into the underlying + http client request. Such potentially malicious header + injection URLs now cause a ValueError to be raised. + +------------------------------------------------------------------- +Wed Apr 10 10:22:58 CEST 2019 - Matej Cepl + +- Fix metadata of patches. +- Rename boo1071941-make-install-in-sep-loc.patch to + 00251-change-user-install-location.patch which is the original + name, so it can be looked up in the Fedora VCS. + +------------------------------------------------------------------- +Tue Apr 9 04:55:24 UTC 2019 - John Vandenberg + +- Mark distutils bdist_wininst command unsupported + with 00316-mark-bdist_wininst-unsupported.patch +- Remove Windows bdist_wininst executables from runtime package + +------------------------------------------------------------------- +Tue Apr 9 01:21:45 CEST 2019 - Matej Cepl + +- Update to 3.7.3, which is the maintenance release without any + significant changes in API. + - Updated patches: + - CVE-2019-5010-null-defer-x509-cert-DOS.patch + - distutils-reproducible-compile.patch + - python-3.3.0b1-fix_date_time_compiler.patch + - python-3.6.0-multilib.patch + - raise_SIGING_not_handled.patch + +------------------------------------------------------------------ +Wed Mar 20 14:59:58 UTC 2019 - Matěj Cepl + +- Remove building of Qt Develop help files. + +------------------------------------------------------------------- +Fri Mar 15 15:10:30 CET 2019 - Matej Cepl + +- Return distutils-reproducible-compile.patch which is still + missing (still unfinished bpo#29708). + +------------------------------------------------------------------- +Mon Feb 25 23:30:56 CET 2019 - Matej Cepl + +- Update to 3.8.0a2: + * List of all (mostly small) changes are on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-0-alpha-2 + +------------------------------------------------------------------- +Tue Feb 12 10:25:52 CET 2019 - Matej Cepl + +- Build nis module again. + +------------------------------------------------------------------- +Tue Feb 12 10:06:17 CET 2019 - Matej Cepl + +- Update to 3.8.0a1: + * The most visible change so far is probably the + implementation of PEP 572: Assignment Expressions. For + a detailed list of changes, see: + https://docs.python.org/3.8/whatsnew/changelog.html + * Recover building of nis module properly in python3 package +- Update patches: + * CVE-2019-5010-null-defer-x509-cert-DOS.patch + * python-3.3.0b1-fix_date_time_compiler.patch + * python-3.3.0b1-test-posix_fadvise.patch + * python-3.6.0-multilib.patch + * raise_SIGING_not_handled.patch + +------------------------------------------------------------------- +Wed Jan 30 18:07:49 CET 2019 - mcepl@suse.com + +- Put LICENSE file where it belongs (bsc#1121852) + +------------------------------------------------------------------- +Sat Jan 19 16:19:38 CET 2019 - mcepl@suse.com + +- bsc#1122191: add CVE-2019-5010-null-defer-x509-cert-DOS.patch + fixing bpo-35746. + An exploitable denial-of-service vulnerability exists in the + X509 certificate parser of Python.org Python 2.7.11 / 3.7.2. + A specially crafted X509 certificate can cause a NULL pointer + dereference, resulting in a denial of service. An attacker can + initiate or accept TLS connections using crafted certificates + to trigger this vulnerability. + +------------------------------------------------------------------- +Tue Jan 8 12:51:01 UTC 2019 - Tomáš Chvátal + +- Do not require full gettext in order to avoid pulling in the + glib2 as a dependency + +------------------------------------------------------------------- +Tue Jan 8 12:25:27 UTC 2019 - Tomáš Chvátal + +- Update to 3.7.2: + * bugfix release: + https://docs.python.org/3.7/whatsnew/changelog.html#changelog + +------------------------------------------------------------------- +Wed Jan 2 12:51:48 CET 2019 - mcepl@suse.com + +- Stop applying python-3.6.0-multilib-new.patch (which is still + WIP), and apply the old proven python-3.6.0-multilib.patch + instead. + +------------------------------------------------------------------- +Wed Dec 19 19:29:44 UTC 2018 - Todd R + +- Use upstream-recommended %{_rpmconfigdir}/macros.d directory + for the rpm macros. + +------------------------------------------------------------------- +Mon Dec 17 17:24:49 CET 2018 - mcepl@suse.com + +- Upgrade to 3.7.2rc1: + * bugfix release, for the full list of all changes see + https://docs.python.org/3.7/whatsnew/changelog.html#changelog +- Make run of the test suite more verbose + +------------------------------------------------------------------- +Tue Dec 11 01:52:45 UTC 2018 - Jan Engelhardt + +- Write summaries without em dashes. + +------------------------------------------------------------------- +Mon Dec 3 13:27:54 UTC 2018 - Matěj Cepl + +- Remove python-3.3.0b1-curses-panel.patch it is unnecessary anymore. +- Add boo1071941-make-install-in-sep-loc.patch to make pip and + distutils in user environment install into separate location + (boo#1071941) + + Set values of prefix and exec_prefix in distutils install + command to /usr/local if executable is /usr/bin/python* and RPM + build is not detected to make pip and distutils install into + separate location +- Remove finally python-3.3.3-skip-distutils-test_sysconfig_module.patch +- Remove distutils-reproducible-compile.patch which doesn't make + really much difference in reproducibility (see + gh#python/cpython#8057 and discussion there). + +------------------------------------------------------------------- +Sat Dec 1 00:14:28 CET 2018 - mcepl@suse.com + +- Rename Stop_hash-based_invalidation_w_SOURCE_DATE_EPOCH.patch + to bpo34022-stop_hash-based_invalidation_w_SOURCE_DATE_EPOCH.patch + +------------------------------------------------------------------- +Wed Nov 7 12:10:41 CET 2018 - mcepl@suse.com + +- Add dependency on bluez-devel to build support for Bluetooth + (boo#1109998) + +------------------------------------------------------------------- +Tue Nov 6 13:52:45 CET 2018 - mcepl@suse.com + +- Add devhelp subpackage and split qthelp into another + subpackage. + +------------------------------------------------------------------- +Wed Oct 24 12:38:00 UTC 2018 - Matěj Cepl + +- Remove python-3.0b1-record-rpm.patch and + Python-3.0b1-record-rpm.patch, as they are not needed anymore + +------------------------------------------------------------------- +Tue Oct 23 14:14:16 UTC 2018 - Matej Cepl + +- Switch off test_threading for optimization builds. + +------------------------------------------------------------------- +Mon Oct 22 14:41:59 CEST 2018 - mcepl@suse.com + +- Update to python-3.7.1. This is just a brief overview, complete + changelog available at + https://docs.python.org/3.7/whatsnew/changelog.html#python-3-7-1-final: + Library + bpo-34970: Protect tasks weak set manipulation in asyncio.all_tasks() +- Patches already accepted upstream are removed: + * 00307-allow-to-call-Py_Main-after-Py_Initialize.patch + * 00308-tls-1.3.patch +- New patches added: + * Stop_hash-based_invalidation_w_SOURCE_DATE_EPOCH.patch + * raise_SIGING_not_handled.patch +- All other patches refreshed via quilt. + +------------------------------------------------------------------- +Mon Oct 22 12:22:19 UTC 2018 - Matej Cepl + +- Add raise_SIGING_not_handled.patch to fix bsc#1094814 + +------------------------------------------------------------------- +Wed Oct 17 14:04:35 UTC 2018 - Tomáš Chvátal + +- Add patch to fix importlib return types: + * python3-imp-returntype.patch + +------------------------------------------------------------------- +Mon Oct 15 13:46:32 CEST 2018 - mcepl@suse.com + +- bpo-34022 still not completely fixed, so we have to keep + excluding test_cmd_line_script, + test_multiprocessing_main_handling, and test_runpy from the + test suite. + +------------------------------------------------------------------- +Sun Oct 14 15:57:24 UTC 2018 - Matej Cepl + +- Update to python 3.7.1~rc2: + Core and Builtins + bpo-34879: Fix a possible null pointer dereference in + bytesobject.c. Patch by Zackery Spytz. + bpo-34854: Fixed a crash in compiling string annotations + containing a lambda with a keyword-only argument that + doesn’t have a default value. + bpo-34320: Fix dict(od) didn’t copy iteration order of + OrderedDict. + Library + bpo-34769: Fix for async generators not finalizing when event + loop is in debug mode and garbage collector runs in another + thread. + bpo-34922: Fixed integer overflow in the digest() and + hexdigest() methods for the SHAKE algorithm in the hashlib + module. + bpo-34900: Fixed unittest.TestCase.debug() when used to call + test methods with subtests. Patch by Bruno Oliveira. + bpo-34871: Fix inspect module polluted sys.modules when parsing + __text_signature__ of callable. + bpo-34872: Fix self-cancellation in C implementation of + asyncio.Task + bpo-34819: Use a monotonic clock to compute timeouts in + Executor.map() and as_completed(), in order to prevent + timeouts from deviating when the system clock is adjusted. + bpo-34334: In QueueHandler, clear exc_text from LogRecord to + prevent traceback from being written twice. + bpo-6721: Acquire the logging module’s commonly used internal + locks while fork()ing to avoid deadlocks in the child + process. + bpo-34172: Fix a reference issue inside multiprocessing.Pool + that caused the pool to remain alive if it was deleted + without being closed or terminated explicitly. + Documentation + bpo-32174: chm document displays non-ASCII charaters properly on + some MBCS Windows systems. + Tests + bpo-32962: Fixed test_gdb when Python is compiled with flags + -mcet -fcf-protection -O0. + C API + bpo-34910: Ensure that PyObject_Print() always returns -1 on + error. Patch by Zackery Spytz. + +------------------------------------------------------------------- +Fri Oct 12 20:46:58 CEST 2018 - mcepl@suse.com + +- Add Stop_hash-based_invalidation_w_SOURCE_DATE_EPOCH.patch to + fix problems with SOURCE_DATE_EPOCH variable (bpo-34022) + +------------------------------------------------------------------- +Mon Sep 17 09:44:02 UTC 2018 - Tomáš Chvátal + +- Add patch to fix build with tls1.3 supported openssl + * 00308-tls-1.3.patch +- Add patch to fix Py_Main calls after Py_initialize + * 00307-allow-to-call-Py_Main-after-Py_Initialize.patch + +------------------------------------------------------------------- +Mon Sep 3 15:22:42 UTC 2018 - Matěj Cepl + +- Add -fwrapv to OPTS, which is default for python3 anyway + See for example https://github.com/zopefoundation/persistent/issues/86 + for bugs which are caused by avoiding it. + +------------------------------------------------------------------- +Tue Jul 10 11:12:32 UTC 2018 - mcepl@suse.com + +- Fix ownership of _contextvars, _queue, and _xxtestfuzz + +------------------------------------------------------------------- +Tue Jul 3 15:04:48 UTC 2018 - mcepl@suse.com + +- Switch off LTO for distros with older GCC +- Fix %files + +------------------------------------------------------------------- +Fri Jun 29 14:20:03 UTC 2018 - tchvatal@suse.com + +- Add dependency over libuuid-devel + +------------------------------------------------------------------- +Thu Jun 28 10:42:15 UTC 2018 - mimi.vx@gmail.com + +- update to python 3.7.0 + Complete overview of changes is available on + https://docs.python.org/3/whatsnew/3.7.html, these are just + highlights: + * PEP 563, postponed evaluation of type annotations. + * async and await are now reserved keywords. + * New library modules: + contextvars: PEP 567 – Context Variables + dataclasses: PEP 557 – Data Classes + importlib.resources + * New built-in features: + PEP 553, the new breakpoint() function. + * Python data model improvements: + PEP 562, customization of access to module attributes. + PEP 560, core support for typing module and generic types. + the insertion-order preservation nature of dict objects + has been declared to be an official part of the Python + language spec. + * Significant improvements in the standard library: + The asyncio module has received new features, significant + usability and performance improvements. + The time module gained support for functions with + nanosecond resolution. + * CPython implementation improvements: + Avoiding the use of ASCII as a default text encoding: + PEP 538, legacy C locale coercion + PEP 540, forced UTF-8 runtime mode + PEP 552, deterministic .pycs + the new development runtime mode + PEP 565, improved DeprecationWarning handling + * C API improvements: + PEP 539, new C API for thread-local storage + * Documentation improvements: + PEP 545, Python documentation translations + New documentation translations: Japanese, French, and Korean. +- drop python3-sorted_tar.patch +- drop 0001-allow-for-reproducible-builds-of-python-packages.patch +- refresh python-3.6.0-multilib-new.patch +- refresh subprocess-raise-timeout.patch + * new C API for thread-local storage + * Deterministic pyc files + * Built-in breakpoint() + * Data Classes + * Core support for typing module and generic types + * Customization of access to module attributes + * Postponed evaluation of annotations + * Time functions with nanosecond resolution + * Improved DeprecationWarning handling + * Context Variables + * Avoiding the use of ASCII as a default text encoding + (PEP 538, legacy C locale coercion and PEP 540, forced UTF-8 runtime mode) + * The insertion-order preservation nature of dict objects is now + an official part of the Python language spec. + * Notable performance improvements in many areas. + +------------------------------------------------------------------- +Thu May 17 18:26:42 UTC 2018 - hpj@urpla.net + +- disable lto with gcc versions below 7 (results in link failures) + +------------------------------------------------------------------- +Mon Apr 30 15:23:24 UTC 2018 - jengelh@inai.de + +- Use faster find subcommand execution strategies. + +------------------------------------------------------------------- +Fri Apr 20 16:17:29 UTC 2018 - tchvatal@suse.com + +- Do not mention the testsuite disabling in opts as it was moved to + main pkg so base is test-free + +------------------------------------------------------------------- +Tue Apr 17 08:36:08 UTC 2018 - tchvatal@suse.com + +- As we run in main python package do not generate the pre_checkin + from both now + +------------------------------------------------------------------- +Mon Apr 16 14:11:56 UTC 2018 - tchvatal@suse.com + +- Move the tests from base to generic package wrt bsc#1088573 + * We still fail the whole distro if python3 is not build + * The other archs than x86_64 took couple of hours to unblock + build of other software, this way we work around the issue +- Some tests are still run in -base for the LTO tweaking, but at + least it is not run twice + +------------------------------------------------------------------- +Sat Mar 31 19:41:12 UTC 2018 - mimi.vx@gmail.com + +- update to 3.6.5 + * bugfix release + * see Misc/NEWS for details +- drop ctypes-pass-by-value.patch +- drop fix-localeconv-encoding-for-LC_NUMERIC.patch +- refresh python-3.6.0-multilib-new.patch + +------------------------------------------------------------------ +Wed Mar 7 09:16:39 UTC 2018 - adam@mizerski.pl + +- Created %so_major and %so_minor macros +- Put Tools/gdb/libpython.py script into proper place and ship it with devel + subpackage. + +------------------------------------------------------------------- +Tue Feb 20 15:04:56 UTC 2018 - schwab@suse.de + +- ctypes-pass-by-value.patch: Fix pass by value for structs on aarch64 + +------------------------------------------------------------------- +Tue Feb 20 14:28:00 UTC 2018 - bwiedemann@suse.com + +- Add python3-sorted_tar.patch (boo#1081750) + +------------------------------------------------------------------- +Tue Feb 20 14:08:57 UTC 2018 - tchvatal@suse.com + +- Drop python3-tk and python3-idle recommends to reduce python3 + always pulling X stack bsc#1081751 + +------------------------------------------------------------------- +Wed Feb 7 09:10:03 UTC 2018 - tchvatal@suse.com + +- Add patch to fix glibc 2.27 fail bsc#1079761: + * fix-localeconv-encoding-for-LC_NUMERIC.patch + +------------------------------------------------------------------- +Mon Feb 5 17:14:43 UTC 2018 - normand@linux.vnet.ibm.com + +- Update skip_random_failing_tests.patch (for PowerPC) + to avoid test_call_later failure + +------------------------------------------------------------------- +Wed Jan 24 14:35:58 UTC 2018 - jmatejek@suse.com + +- move XML modules and python3-xml provide to python3-base + (fixes bsc#1077230) +- move ensurepip to base + +------------------------------------------------------------------- +Thu Jan 18 12:31:47 UTC 2018 - normand@linux.vnet.ibm.com + +- Add skip_random_failing_tests.patch only for PowerPC + +------------------------------------------------------------------- +Wed Jan 3 12:18:51 UTC 2018 - jmatejek@suse.com + +- update to 3.6.4 + * bugfix release, over a hundred bugs fixed + * see Misc/NEWS for details +- drop upstreamed python3-ncurses-6.0-accessors.patch +- drop PYTHONSTARTUP hooks that cause spurious startup errors + * fixes bsc#1070738 + * the relevant feature (REPL history) is now built into Python itself + +------------------------------------------------------------------- +Sat Dec 2 11:11:46 UTC 2017 - dimstar@opensuse.org + +- Install 2to3-%{python_version} executable (override defattr of + the -tools package). 2to3 (unversioned) is a symlink and does not + carry permissions (bsc#1070853). + +------------------------------------------------------------------- +Thu Nov 16 11:02:18 UTC 2017 - mimi.vx@gmail.com + +- move 2to3 to python3-tools package + +------------------------------------------------------------------- +Wed Oct 11 13:15:23 UTC 2017 - jmatejek@suse.com + +- update to 3.6.3 + * bugfix release, over a hundred bugs fixed + * see Misc/NEWS for details +- drop upstreamed 0001-3.6-bpo-30714-ALPN-changes-for-OpenSSL-1.1.0f-3093.patch + +------------------------------------------------------------------- +Wed Sep 20 09:54:05 UTC 2017 - dmueller@suse.com + +- drop python-2.7-libffi-aarch64.patch: this patches the intree + copy of libffi which is unused/deleted in the line afterwards +- fix build against system libffi: include flags weren't set + so it actually used the in-tree libffi headers. + +------------------------------------------------------------------- +Thu Sep 14 13:23:10 UTC 2017 - vcizek@suse.com + +- Fix test broken with OpenSSL 1.1 (bsc#1042670) + * add 0001-3.6-bpo-30714-ALPN-changes-for-OpenSSL-1.1.0f-3093.patch + +------------------------------------------------------------------- +Tue Sep 5 11:47:05 UTC 2017 - jengelh@inai.de + +- Update RPM group for python documentation. + +------------------------------------------------------------------- +Thu Aug 31 08:39:31 UTC 2017 - schwab@suse.de + +- fix missing %{?armsuffix} + +------------------------------------------------------------------- +Wed Aug 30 13:41:38 UTC 2017 - jmatejek@suse.com + +- distutils-reproducible-compile.patch: ensure distutils order files + before compiling, which works around bsc#1049186 + +------------------------------------------------------------------- +Thu Aug 17 08:59:05 CEST 2017 - kukuk@suse.de + +- Add libnsl-devel build requires for glibc obsoleting libnsl + +------------------------------------------------------------------- +Thu Aug 3 16:09:26 UTC 2017 - jmatejek@suse.com + +- update to 3.6.2 + * bugfix release, over a hundred bugs fixed + * see Misc/NEWS for details +- drop upstreamed test-socket-aead-kernel49.patch +- add Provides: python3-typing (fixes bsc#1050653) +- drop duplicate Provides: python3 + +------------------------------------------------------------------- +Mon Jun 26 12:10:07 UTC 2017 - jmatejek@suse.com + +- drop db-devel from requirements + +------------------------------------------------------------------- +Tue Jun 20 09:26:52 UTC 2017 - asn@cryptomilk.org + +- Add missing link to python library in config dir (bsc#1040164) + +------------------------------------------------------------------- +Thu Mar 23 12:42:59 UTC 2017 - jmatejek@suse.com + +- update to 3.6.1 + * bugfix release, over a hundred bugs fixed + * never add import location's parent directory to sys.path + * switch to git for version control, build changes related to that + * fix "failed to get random numbers" on old kernels (bsc#1029902) + * several crashes and memory leaks corrected + * f-string are no longer accepted as docstrings + +------------------------------------------------------------------- +Mon Mar 13 14:04:22 UTC 2017 - jmatejek@suse.com + +- prevent regenerating AST at build-time more robustly +- add "--without profileopt" and "--without testsuite" options to python3-base + to allow short circuiting when working on the package + +------------------------------------------------------------------- +Sat Feb 25 20:55:57 UTC 2017 - bwiedemann@suse.com + +- Add 0001-allow-for-reproducible-builds-of-python-packages.patch + upstream https://github.com/python/cpython/pull/296 + +------------------------------------------------------------------- +Wed Feb 8 12:30:20 UTC 2017 - jmatejek@suse.com + +- reenable test_socket with AEAD patch (test-socket-aead-kernel49.patch) +- reintroduce %py3_soflags macro (and better named %cpython3_soabi equivalent) + +------------------------------------------------------------------- +Wed Jan 11 14:57:07 UTC 2017 - jmatejek@suse.com + +- update to 3.6.0 + * PEP 498 Formated string literals + * PEP 515 Underscores in numeric literals + * PEP 526 Syntax for variable annotations + * PEP 525 Asynchronous generators + * PEP 530 Asynchronous comprehensions + * PEP 506 New "secrets" module for safe key generation + * less memory consumed by dicts + * dtrace and systemtap support + * improved asyncio module + * better defaults for ssl + * new hashing algorithms in hashlib + * bytecode format changed to allow more optimizations + * "async" and "await" are on track to be reserved words + * StopIteration from generators is deprecated + * support for openssl < 1.0.2 is deprecated + * os.urandom now blocks when getrandom() blocks + * huge number of new features, bugfixes and optimizations + * see https://docs.python.org/3.6/whatsnew/3.6.html for details +- rework multilib patch: drop Python-3.5.0-multilib.patch, implement + upstreamable python-3.6.0-multilib-new.patch +- refresh python-3.3.0b1-localpath.patch, subprocess-raise-timeout.patch +- drop upstreamed Python-3.5.1-fix_lru_cache_copying.patch +- finally drop python-2.6b1-canonicalize2.patch that was not applied in source + and only kept around in case we needed it in the future. (which we don't, as it seems) +- update import_failed map and baselibs +- build ctypes against system libffi + (buildrequire libffi-devel in python3-base) +- add new key to keyring (signed by keys already in keyring) +- introduced common configure section between python3 and python3-base +- moved pyconfig.h and Makefile to devel subpackage as distutils no longer + need it at runtime +- added python-rpm-macros dependency, regenerated macros file, drop macros.python3.py + because it is not used now +- improve summaries and descriptions (fixes bsc#917607) +- enabled Link-Time Optimization, see what happens +- including skipped_tests.py in pre_checkin.sh run +- run specs through spec-cleaner, rearrange sections + +------------------------------------------------------------------- +Fri Apr 22 17:20:29 UTC 2016 - jmatejek@suse.com + +- move _hashlib and _ssl modules and tests to python3-base +- recommend python3 + +------------------------------------------------------------------- +Tue Mar 15 15:05:23 UTC 2016 - schwab@suse.de + +- Skip test_asyncio under qemu_user_space_build + +------------------------------------------------------------------- +Mon Mar 7 20:38:11 UTC 2016 - toddrme2178@gmail.com + +- Add Python-3.5.1-fix_lru_cache_copying.patch + Fix copying the lru_cache() wrapper object. + Fixes deep-copying lru_cache regression, which worked on + previous versions of python but fails on python 3.5. + This fixes a bunch of packages in devel:languages:python3. + See: https://bugs.python.org/issue25447 + +------------------------------------------------------------------- +Sun Jan 24 00:44:08 UTC 2016 - arichardson.kde@gmail.com + +- Build the docs in .qch format as well + +------------------------------------------------------------------- +Wed Dec 9 07:35:20 UTC 2015 - toddrme2178@gmail.com + +- update to 3.5.1 + * bugfix-only release, dozens of bugs fixed +- Drop upstreamed Python-3.5.0-_Py_atomic_xxx-symbols.patch +- "Python3" to "Python 3" in summary + * This seems cleaner and fixes and rpmlint warning + +------------------------------------------------------------------- +Wed Oct 14 20:21:52 UTC 2015 - toddrme2178@gmail.com + +- Add Python-3.5.0-_Py_atomic_xxx-symbols.patch + This fixes a build error for many packages that use the Python, + C-API. + This patch is already accepted upstream and is slated to appear in + python 3.5.1. + +------------------------------------------------------------------- +Tue Sep 29 15:53:24 UTC 2015 - jmatejek@suse.com + +- update to 3.5.0 + * coroutines with async/await syntax + * matrix multiplication operator `@` + * unpacking generalizations + * new modules `typing` and `zipapp` + * type annotations + * .pyo files replaced by custom suffixes for optimization levels in __pycache__ + * support for memory BIO in ssl module + * performance improvements in several modules + * and many more +- removals and behavior changes + * deprecated `__version__` is removed + * support for .pyo files was removed + * system calls are auto-retried on EINTR + * bare generator expressions in function calls now cause SyntaxError + (change "f(x for x in i)" to "f((x for x in i))" to fix) + * removed undocumented `format` member of private `PyMemoryViewObject` struct + * renamed `PyMemAllocator` to `PyMemAllocatorEx` +- redefine %dynlib macro to reflect that modules now have arch+os as part of name +- module `time` is now built-in +- dropped upstreamed patches: + python-3.4.1-fix-faulthandler.patch + python-3.4.3-test-conditional-ssl.patch + python-fix-short-dh.patch (also dropped dh2048.pem required for this patch) +- updated patch Python-3.3.0b2-multilib.patch to Python-3.5.0-multilib.patch +- python-ncurses-6.0-accessors.patch taken from python 2 to fix build failure + with new gcc + ncurses + +------------------------------------------------------------------- +Wed Sep 9 11:51:22 UTC 2015 - dimstar@opensuse.org + +- Add python3-ncurses-6.0-accessors.patch: Fix build with + NCurses 6.0 and OPAQUE_WINDOW set to 1. + +------------------------------------------------------------------- +Mon Aug 24 17:02:08 UTC 2015 - jmatejek@suse.com + +- improve import_failed hook to do the right thing when invoking + missing modules with "python3 -m modulename" (boo#942751) + +------------------------------------------------------------------- +Thu Jul 23 22:08:10 UTC 2015 - fisiu@opensuse.org + +- Build with --enable-loadable-sqlite-extensions to make it works + as geospatial database. + +------------------------------------------------------------------- +Wed Jul 1 07:07:26 UTC 2015 - dimstar@opensuse.org + +- Fix source list for previous change (add dh2048.pem). + +------------------------------------------------------------------- +Wed Jun 24 06:54:30 UTC 2015 - meissner@suse.com + +- dh2048.pem: added generated 2048 dh parameter set to fix + ssl test (bsc#935856) +- python-fix-short-dh.patch: replace the 512 bits dh parameter set + by 2048 bits to fix build with new openssl 1.0.2c (bsc#935856) + +------------------------------------------------------------------- +Tue May 19 14:59:30 UTC 2015 - schwab@suse.de + +- ctypes-libffi-aarch64.patch: remove upstreamed patch +- python-2.7-libffi-aarch64.patch: Fix argument passing in libffi for + aarch64 + +------------------------------------------------------------------- +Thu May 14 10:58:36 UTC 2015 - jmatejek@suse.com + +- drop the PDF subpackage + (removes the massive texlive dependency, and most likely nobody is + using the PDFs anyway) + +------------------------------------------------------------------- +Thu May 14 09:53:29 UTC 2015 - jmatejek@suse.com + +- python-3.4.3-test-conditional-ssl.patch - restore tests failing because + test_urllib was unconditionally importing ssl (without really needing it) +- restore functionality of multilib patch +- drop libffi-ppc64le.diff because upstream completely changed everything + yet again (sorry ppc64 folks :| ) + + +------------------------------------------------------------------- +Fri May 1 15:11:21 UTC 2015 - mailaender@opensuse.org + +- Update to version 3.4.3 +- Drop upstreamed CVE-2014-4650-CGIHTTPServer-traversal.patch + (bpo#21766) + +------------------------------------------------------------------- +Wed Mar 25 10:57:28 UTC 2015 - rguenther@suse.com + +- Add python-3.4.1-fix-faulthandler.patch, upstream patch for bogus + faulthandler which fails with GCC 5. + +------------------------------------------------------------------- +Sun Jan 11 13:01:30 UTC 2015 - p.drouand@gmail.com + +- asyncio has been merged in python3 main package; provide and + obsolete it +- Remove obsolete AUTHORS section +- Remove redundant %clean section + +------------------------------------------------------------------- +Sat Oct 18 20:14:54 UTC 2014 - crrodriguez@opensuse.org + +- Only pkgconfig(x11) is required for build, not the whole + set of packages provided by xorg-x11-devel metapackage. + +------------------------------------------------------------------- +Mon Oct 13 13:38:20 UTC 2014 - jmatejek@suse.com + +- add %python3_version rpm macro for Fedora compatibility +- add missing argument in import_failed, rename Novell Bugzilla + to SUSE Bugzilla + +------------------------------------------------------------------- +Thu Jul 31 17:24:59 UTC 2014 - dimstar@opensuse.org + +- Rename rpmlintrc to %{name}-rpmlintrc. + Follow the packaging guidelines. + +------------------------------------------------------------------- +Wed Jul 23 16:31:02 UTC 2014 - jmatejek@suse.com + +- CVE-2014-4650-CGIHTTPServer-traversal.patch: CGIHTTPServer file + disclosure and directory traversal through URL-encoded characters + (CVE-2014-4650, bnc#885882) + +------------------------------------------------------------------- +Tue Jul 22 13:55:57 UTC 2014 - jmatejek@suse.com + +- drop python-3.4.1-SUSE-ensurepip.patch for compatibility reasons, + reinstate bundled copies of pip and setuptools + (fixes bnc#885662) +- add more files as sources to silence the validator + +------------------------------------------------------------------- +Wed May 21 11:01:56 UTC 2014 - jmatejek@suse.com + +- update to 3.4.1 + * bugfix-only release, over 300 bugs fixed +- drop upstreamed python-3.4.0rc2-sqlite-3.8.4-tests.patch +- drop upstreamed CVE-2014-2667-mkdir.patch +- include Python release manager keyring and signature file + for the source archive (thus renumbering of source files) + (see https://www.python.org/download/#openpgp-public-keys ) +- move ensurepip to python3, because it transitively requires ssl + +------------------------------------------------------------------- +Fri Apr 4 16:21:40 UTC 2014 - jmatejek@suse.com + +- CVE-2014-2667-mkdir.patch: race condition with reseting umask + in os.makedirs + (CVE-2014-2667, bnc#871152) +- updated multilib patch to include ~/.local/lib64 (bnc#637176) + +------------------------------------------------------------------- +Wed Mar 26 15:24:46 UTC 2014 - jmatejek@suse.com + +- raise timeout value for test_subprocess to 10s (might fix + intermittent build failures in OBS) + +------------------------------------------------------------------- +Mon Mar 24 17:29:31 UTC 2014 - dmueller@suse.com + +- remove blacklisting of test_posix on aarch64: qemu bug is fixed + +------------------------------------------------------------------- +Mon Mar 17 18:26:58 UTC 2014 - jmatejek@suse.com + +- update to 3.4.0 final +- drop upstreamed python-3.4rc2-importlib.patch + +------------------------------------------------------------------- +Sun Mar 16 16:33:25 UTC 2014 - schwab@suse.de + +- Only build with profile-opt if profiling is enabled +- Update test exclusion lists: + * test_ctypes no longer fails on arm + * test_io no longer fails on ppc* + * test_multiprocessing has been split in multiple tests + * test_posix and test_signal fail due to qemu bugs + +------------------------------------------------------------------- +Fri Mar 14 20:26:03 UTC 2014 - andreas.stieger@gmx.de + +- Fix build with SQLite 3.8.4 [bnc#867887], fixing SQLite tests, + adding python-2.7.6-sqlite-3.8.4-tests.patch + +------------------------------------------------------------------- +Thu Feb 27 14:08:40 UTC 2014 - jmatejek@suse.com + +- update to 3.4.0 rc2 + * pre-release bugfixes + * improvements to asyncio library +- drop upstreamed tracemalloc_gcov.patch +- python-3.4rc2-importlib.patch fixes backwards-incompatibility + in the reworked importlib module that blocks build of vim + +------------------------------------------------------------------- +Fri Jan 17 18:45:27 UTC 2014 - jmatejek@suse.com + +- initial commit of 3.4.0 beta 3 + * new stdlib modules: pathlib, enum, statistics, tracemalloc + * asynchronous IO with new asyncio module + * introspection data for builtins + * subprocesses no longer inherit open file descriptors + * standardized metadata for packages + * internal hashing changed to SipHash + * new pickle protocol + * improved handling of codecs + * TLS 1.2 support + * major speed improvements for internal unicode handling + * many bugfixes and optimizations +- see porting guide at: + http://docs.python.org/3.4/whatsnew/3.4.html#porting-to-python-3-4 +- moved several modules to -testsuite subpackage +- updated list of binary extensions, refreshed patches +- tracemalloc_gcov.patch fixes profile-based optimization build +- updated packages and pre_checkin.sh to use ~-version notation + for prereleases +- fix-shebangs part of build process moved to common %prep +- drop python-3.3.2-no-REUSEPORT.patch (upstreamed) +- update baselibs for new soname + +- TODOs: + * require python-pip, make ensurepip work with zypper + +------------------------------------------------------------------- +Wed Dec 4 13:21:26 UTC 2013 - matz@suse.de + +- add ppc64le (ELFv2) support for libffi copy for ctypes module +- Adjust Python-3.3.0b2-multilib.patch for ppc64le (make sys.lib be + "lib64"). +- added patches: + * libffi-ppc64le.diff +------------------------------------------------------------------- +Tue Dec 3 09:51:43 UTC 2013 - adrian@suse.de + +- add ppc64le rules + +------------------------------------------------------------------- +Fri Nov 22 13:17:23 UTC 2013 - speilicke@suse.com + +- Add python-3.3.3-skip-distutils-test_sysconfig_module.patch: + + Disable global and distutils sysconfig comparison test, we deviate + from the default depending on optflags + +------------------------------------------------------------------- +Tue Nov 19 14:28:41 UTC 2013 - jmatejek@suse.com + +- update to 3.3.3 + * bugfix-only release + * many SSL-related fixes + * upstream fix for CVE-2013-4238 + * upstream fixes for CVE-2013-1752 +- move example module xxlimited to python3-testsuite +- drop CVE-2013-4238_py33.patch - it is upstreamed +- remove --with-wide-unicode config option, it is now the default + (and only) choice +- don't touch anything between make and makeinstall +- drop python-3.2b2-buildtime-generate.patch - the issue was caused + by touching things between make and makeinstall +- link pycache entries for import_failed hooks properly + +------------------------------------------------------------------- +Tue Oct 15 17:44:08 UTC 2013 - crrodriguez@opensuse.org + +- build with -DOPENSSL_LOAD_CONF for the same reasons + described in the python2 package. + +------------------------------------------------------------------- +Fri Aug 16 11:35:15 UTC 2013 - jmatejek@suse.com + +- handle NULL bytes in certain fields of SSL certificates + (CVE-2013-4238, bnc#834601) + +------------------------------------------------------------------- +Thu Aug 8 14:54:49 UTC 2013 - dvaleev@suse.com + +- Exclue test_faulthandler from tests on powerpc due to bnc#831629 + +------------------------------------------------------------------- +Thu Jun 13 15:05:34 UTC 2013 - jmatejek@suse.com + +- update to 3.3.2 + * bugfix-only release + * fixes several regressions introduced in 3.3.1 +- switch to xz compression +- move _lzma module to python3-base +- python-3.3.2-no-REUSEPORT.patch to fix build on kernels without SO_REUSEPORT + +------------------------------------------------------------------- +Mon Apr 29 22:32:43 UTC 2013 - schwab@suse.de + +- Readd missing bits from ctypes-libffi-aarch64.patch + +------------------------------------------------------------------- +Sat Apr 13 07:56:51 UTC 2013 - idonmez@suse.com + +- Update to version 3.3.1 + * Fix the –enable-profiling configure switch. + * In IDLE, close the replace dialog after it is used. +- Too many bugfixes to list here, + see See http://hg.python.org/cpython/file/v3.3.0/Misc/NEWS +- Refresh Python-3.3.0b2-multilib.patch +- Refresh python-3.2b2-buildtime-generate.patch +- Drop upstream patches: ctypes-libffi-aarch64.patch, + python-3.2.3rc2-pypirc-secure.patch, python-3.3.0-getdents64.patch + +------------------------------------------------------------------- +Mon Apr 8 11:25:30 UTC 2013 - speilicke@suse.com + +- Exclude sqlite/test and tk/test directories from the respective + sub-packages. These are owned by the testsuite sub-package already + +------------------------------------------------------------------- +Fri Apr 5 12:59:20 UTC 2013 - idonmez@suse.com + +- Add Source URL, see https://en.opensuse.org/title=SourceUrls + +------------------------------------------------------------------- +Wed Apr 3 15:36:04 UTC 2013 - jmatejek@suse.com + +- remove spurious modification of python-3.3.0b1-localpath.patch + that would force installation into /usr/local. + this fixes bnc#809831 + +------------------------------------------------------------------- +Thu Mar 28 18:38:51 UTC 2013 - jmatejek@suse.com + +- replace broken movetogetdents64.diff patch with a correct one + from upstream repo (python-3.3.0-getdents64.patch) + +------------------------------------------------------------------- +Fri Mar 1 07:42:21 UTC 2013 - dmueller@suse.com + +- add ctypes-libffi-aarch64.patch: + * import aarch64 support for libffi in _ctypes module +- add aarch64 to the list of lib64 based archs +- add movetogetdents64.diff: + * port to getdents64, as SYS_getdents is not implemented everywhere + +------------------------------------------------------------------- +Tue Feb 26 08:57:55 UTC 2013 - saschpe@suse.de + +- /etc/rpm/macros.python3 is no %config, it is not meant to be changed + by users. +- Add rpmlintrc with some obvious filters + +------------------------------------------------------------------- +Mon Jan 28 18:14:39 UTC 2013 - jmatejek@suse.com + +- update baselibs for new version of libpython3 + +------------------------------------------------------------------- +Thu Nov 29 17:02:37 UTC 2012 - jmatejek@suse.com + +- fix include path in macros (bnc#787526) +- implement failed import handlers for modules that live in + subpackages - e.g. "import ssl" will now throw a sensible error + message telling you to install "python3" + +------------------------------------------------------------------- +Wed Nov 28 17:02:07 UTC 2012 - jmatejek@suse.com + +- merge python3-xml into python3 +- merge python3-2to3 library into python3-base + and the 2to3 binary into python3-devel + (python3-devel is now in conflict with python-2to3, which + will be dropped) +- enable --with-system-expat for python3, making the xml modules + (and thus python3) depend on expat +- reconfigure tests to disable network and GUI resources, which + the upstream apparently thought is a good idea to enable by default. + this fixes build failures in Factory +- add lzma-devel to build the _lzma module +- moved %dynlib macro definition to common section + +------------------------------------------------------------------- +Mon Nov 5 20:01:46 UTC 2012 - coolo@suse.com + +- buildrequire timezone for the test suite + +------------------------------------------------------------------- +Mon Oct 29 18:21:45 UTC 2012 - dmueller@suse.com + +- disable more checks for qemu builds as they use syscalls not + implemented yet + +------------------------------------------------------------------- +Thu Oct 25 08:14:36 UTC 2012 - Rene.vanPaassen@gmail.com + +- exclude test_math for SLE 11; math library fails on negative + gamma function values close to integers and 0, probably + due to imprecision in -lm on SLE_11_SP2. + +------------------------------------------------------------------- +Tue Oct 16 12:15:34 UTC 2012 - coolo@suse.com + +- buildrequire libbz2-devel explicitly + +------------------------------------------------------------------- +Mon Oct 8 14:33:08 UTC 2012 - jmatejek@suse.com + +- remove distutils.cfg (bnc#658604) + * this changes default prefix for distutils to /usr + * see ML for details: +http://lists.opensuse.org/opensuse-packaging/2012-09/msg00254.html + +------------------------------------------------------------------- +Mon Oct 1 08:53:03 UTC 2012 - idonmez@suse.com + +- Update to final 3.3.0 release + * See http://hg.python.org/cpython/file/v3.3.0/Misc/NEWS + +------------------------------------------------------------------- +Thu Sep 27 12:35:01 UTC 2012 - idonmez@suse.com + +- Correct dependency for python3-testsuite, + python3-tkinter -> python3-tk + +------------------------------------------------------------------- +Thu Aug 23 13:08:11 UTC 2012 - jmatejek@suse.com + +- update to 3.3.0 RC1 + +------------------------------------------------------------------- +Fri Aug 3 12:09:34 UTC 2012 - jmatejek@suse.com + +- update to 3.3.0 beta 1 + * flexible string representation, no longer distinguishing + between wide and narrow Unicode builds + * importlib-based import system + * virtualenv support in core + * namespace packages + * explicit Unicode literals for easier porting + * key-sharing dict implementation reduces memory footprint + of OO code + * hash randomization on by default + * many other new bugfixes and features, check NEWS for details + +- pre_checkin.sh now autofills various version strings in specs +- ship hashlib's fallback modules - those uselessly take up space + when real _hashlib.so from python3 is present, but the space wasted + is only 114kB and it provides python3-base with a working hashlib + module. + (also, this fixes bnc#743787) + +------------------------------------------------------------------- +Fri Jul 27 09:02:41 UTC 2012 - dvaleev@suse.com + +- skip test_io on ppc +- drop test_io ppc patch + +------------------------------------------------------------------- +Thu Jun 28 07:57:58 UTC 2012 - saschpe@suse.de + +- Satisfy source_validator by uncommenting an otherwise unused "Patch" + line + +------------------------------------------------------------------- +Tue Jun 12 15:39:08 UTC 2012 - adrian@suse.de + +- fix logic of checks exclusion + +------------------------------------------------------------------- +Fri May 18 11:50:27 UTC 2012 - idonmez@suse.com + +- update to 3.2.3 + * No changes since rc2 + +------------------------------------------------------------------- +Thu Mar 29 15:44:33 UTC 2012 - jmatejek@suse.com + +- update to 3.2.3rc2 + * fixes several security issues: + * CVE-2012-0845, bnc#747125 + * CVE-2012-1150, bnc#751718 + * CVE-2011-4944, bnc#754447 + * CVE-2011-3389, bnc#754677 +- fix for insecure .pypirc (CVE-2011-4944, bnc#754447) +- disable test_gdb because it is broken by our gdb + +------------------------------------------------------------------- +Thu Feb 16 12:33:12 UTC 2012 - dvaleev@suse.com + +- skip broken test_io test on ppc + +------------------------------------------------------------------- +Wed Jan 18 15:49:47 UTC 2012 - jmatejek@suse.com + +- update to 3.2.2 + * bugfix-only release + * reports "linux2" as sys.platform regardless of Linux kernel +- added pre_checkin.sh to copy common spec sections to python3.spec +- added PACKAGING-NOTES with some helpful info for packagers + +------------------------------------------------------------------- +Sun Dec 25 13:25:01 UTC 2011 - idonmez@suse.com + +- Use system ffi, included one is broken see + http://bugs.python.org/issue11729 and + http://bugs.python.org/issue12081 + +------------------------------------------------------------------- +Fri Dec 9 17:19:55 UTC 2011 - jmatejek@suse.com + +- license.opensuse.org-compatible license headers + +------------------------------------------------------------------- +Fri Dec 2 16:46:44 UTC 2011 - coolo@suse.com + +- add automake as buildrequire to avoid implicit dependency + +------------------------------------------------------------------- +Thu Nov 24 12:42:25 UTC 2011 - agraf@suse.com + +- fix ARM build (exclude some test cases which break for us) + +------------------------------------------------------------------- +Tue Aug 16 17:02:22 UTC 2011 - termim@gmail.com + +- use sysconfig module to get py3_incdir, py3_abiflags, + py3_soflags, python3_sitelib and python3_sitearch + +------------------------------------------------------------------- +Mon Jul 18 16:22:31 UTC 2011 - jmatejek@novell.com + +- update to 3.2.1 + * bugfix-only release, no major changes +- fix build on linux3 platform +- remove upstreamed pybench patch +- install /usr/lib directories in all cases to prevent spurious + "directory not owned" in dependent packages + +------------------------------------------------------------------- +Wed Jun 15 14:16:38 UTC 2011 - jmatejek@novell.com + +- replaced dynamic so version with manual so version, because + autobuild does not support autogeneration + +------------------------------------------------------------------- +Tue May 24 13:39:06 UTC 2011 - jmatejek@novell.com + +- generate macros.python3 at compile-time with fixed values +- don't include bogus values in pyconfig.h, as they can break + third-party packages (bnc#673071) + +------------------------------------------------------------------- +Tue May 17 12:52:51 UTC 2011 - jmatejek@novell.com + +- added Obsoletes: python3 < 3.1 so that the transition from + non-split to split packages goes smoothly + +------------------------------------------------------------------- +Fri May 13 12:38:19 UTC 2011 - jmatejek@novell.com + +- fixed RPM macros to use python3 instead of python +- updated to build --with-wide-unicode (for compatibility with + fedora and our own python 2.x series) + +------------------------------------------------------------------- +Thu Apr 21 03:39:25 UTC 2011 - termim@gmail.com + +- fix python3-base build failure due to pybench.py crash by + python-3.2-pybench.patch +- move pyconfig.h from python3-devel to python3-base package to + make python3-base functional again + +------------------------------------------------------------------- +Wed Mar 23 04:26:28 UTC 2011 - termim@gmail.com + +- update to python 3.2 + * stable ABI, ABI-tagged .so files + * concurrent.futures and many other new or upgraded modules + * PYC repository directories ( __pycache__ ) + * python WSGI 1.0.1 + * Unicode 6.0.0 support + * a great number of bugfixes and assorted improvements + +------------------------------------------------------------------- +Tue Feb 8 19:42:17 CET 2011 - matejcik@suse.cz + +- update to python 3.2 RC2 +- renamed python3-demo to python3-tools, because the demo part + became much smaller than the tools part +- added rpm macros + +------------------------------------------------------------------- +Tue Jan 18 14:13:04 UTC 2011 - jmatejek@novell.com + +- update to python 3.2 beta 2, see NEWS for details +- split off -base package with less dependencies, and a shlib-policy + compliant libpython3 package +- mostly rewritten the spec file with more detailed comments +- cleaned up lists of patches + diff --git a/python311.spec b/python311.spec new file mode 100644 index 0000000..e4e6912 --- /dev/null +++ b/python311.spec @@ -0,0 +1,1053 @@ +# +# spec file for package python311 +# +# Copyright (c) 2024 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%global flavor @BUILD_FLAVOR@%{nil} +%if "%{flavor}" == "doc" +%define psuffix -documentation +%bcond_without doc +%bcond_with base +%bcond_with general +%endif +%if "%{flavor}" == "base" +%define psuffix -core +%bcond_with doc +%bcond_without base +%bcond_with general +%endif +%if "%{flavor}" == "" +%define psuffix %{nil} +%bcond_with doc +%bcond_with base +%bcond_without general +%endif + +%if 0%{?do_profiling} +%bcond_without profileopt +%else +%bcond_with profileopt +%endif + +%define python_pkg_name python311 +%if "%{python_pkg_name}" == "%{primary_python}" +%define primary_interpreter 1 +%else +%define primary_interpreter 0 +%endif + +# Setting up variables +%define _version %(c=%{version}; echo ${c/[a-z]*/}) +%define tar_suffix %(c=%{_version}; echo ${c#%{_version}}) +%define python_version %(echo %{_version}|cut -d. -f1-2) +# based on the current source tarball +%define python_version_abitag %(c=%{python_version}; echo ${c//./}) +# FIXME %%define python_version_soname %%(c=%%{python_version}; echo ${c//./_}) +%define python_version_soname 3_11 +%if 0%(test -n "%{tar_suffix}" && echo 1) +%define _version %(echo "%{_version}~%{tar_suffix}") +%define tarversion %{version} +%else +%define tarversion %{version} +%endif +# We don't process beta signs well +%define folderversion %{tarversion} +%define tarname Python-%{tarversion} +%define sitedir %{_libdir}/python%{python_version} +# three possible ABI kinds: m - pymalloc, d - debug build; see PEP 3149 +%define abi_kind %{nil} +# python ABI version - used in some file names +%define python_abi %{python_version}%{abi_kind} +# soname ABI tag defined in PEP 3149 +%define abi_tag %{python_version_abitag}%{abi_kind} +# version part of "libpython" package +%define so_major 1 +%define so_minor 0 +%define so_version %{python_version_soname}%{abi_kind}-%{so_major}_%{so_minor} +# rpm and python have different ideas about what is an arch-dependent name, so: +%if "%{__isa_name}" == "ppc" +%define archname %(echo %{_arch} | sed s/ppc/powerpc/) +%else +%define archname %{_arch} +%endif +# our arm has Hardware-Floatingpoint +%if "%{_arch}" == "arm" +%define armsuffix hf +%endif +# Decide whether we want to use mpdecimal +%if 0%{?suse_version} >= 1550 +%bcond_without mpdecimal +%else +%bcond_with mpdecimal +%endif +# pyexpat.cpython-35m-x86_64-linux-gnu +# pyexpat.cpython-35m-powerpc64le-linux-gnu +# pyexpat.cpython-35m-armv7-linux-gnueabihf +# _md5.cpython-38m-x86_64-linux-gnu.so +%define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so +%bcond_without profileopt +Name: %{python_pkg_name}%{psuffix} +Version: 3.11.10 +Release: 0 +Summary: Python 3 Interpreter +License: Python-2.0 +URL: https://www.python.org/ +Source0: https://www.python.org/ftp/python/%{folderversion}/%{tarname}.tar.xz +Source1: https://www.python.org/ftp/python/%{folderversion}/%{tarname}.tar.xz.asc +Source2: baselibs.conf +Source3: README.SUSE +Source4: externally_managed.in +Source7: macros.python3 +Source8: import_failed.py +Source9: import_failed.map +Source10: pre_checkin.sh +Source11: skipped_tests.py +Source19: idle3.desktop +Source20: idle3.appdata.xml +# content of bluez-devel: +# 1. sudo zypper --pkg-cache-dir /tmp install -f -d --no-recommends bluez-devel +# 2. rpm2cpio /tmp/*/*/bluez-devel-*.rpm|cpio -idu +# 3. mkdir Vendor && mv usr/include/* Vendor/ +# 4. tar cJf bluez-devel-vendor.tar.xz Vendor/ +Source21: bluez-devel-vendor.tar.xz +Source98: python311-rpmlintrc +# Tarball is signed by the GPG key of Pablo Galindo Salgado (0x64E628F8D684696D) +# https://keybase.io/pablogsal/pgp_keys.asc?fingerprint=a035c8c19219ba821ecea86b64e628f8d684696d +Source99: python.keyring +# The following files are not used in the build. +# They are listed here to work around missing functionality in rpmbuild, +# which would otherwise exclude them from distributed src.rpm files. +Source100: PACKAGING-NOTES +# PATCH-FEATURE-UPSTREAM F00251-change-user-install-location.patch bsc#[0-9]+ mcepl@suse.com +# Fix installation in /usr/local (boo#1071941), originally from Fedora +# https://src.fedoraproject.org/rpms/python3.12/blob/rawhide/f/00251-change-user-install-location.patch +# Set values of prefix and exec_prefix in distutils install command +# to /usr/local if executable is /usr/bin/python* and RPM build +# is not detected to make pip and distutils install into separate location +Patch02: F00251-change-user-install-location.patch +# PATCH-FEATURE-UPSTREAM distutils-reproducible-compile.patch gh#python/cpython#8057 mcepl@suse.com +# Improve reproduceability +Patch03: distutils-reproducible-compile.patch +# support finding packages in /usr/local, install to /usr/local by default +Patch04: python-3.3.0b1-localpath.patch +# replace DATE, TIME and COMPILER by fixed definitions to aid reproducible builds +Patch05: python-3.3.0b1-fix_date_time_compiler.patch +# POSIX_FADV_WILLNEED throws EINVAL. Use a different constant in test +Patch06: python-3.3.0b1-test-posix_fadvise.patch +# Raise timeout value for test_subprocess +Patch07: subprocess-raise-timeout.patch +# PATCH-FEATURE-UPSTREAM bpo-31046_ensurepip_honours_prefix.patch bpo#31046 mcepl@suse.com +# ensurepip should honour the value of $(prefix) +Patch08: bpo-31046_ensurepip_honours_prefix.patch +# PATCH-FIX-SLE no-skipif-doctests.patch jsc#SLE-13738 mcepl@suse.com +# SLE-15 version of Sphinx doesn't know about skipif directive in doctests. +Patch09: no-skipif-doctests.patch +# PATCH-FIX-SLE skip-test_pyobject_freed_is_freed.patch mcepl@suse.com +# skip a test failing on SLE-15 +Patch10: skip-test_pyobject_freed_is_freed.patch +# PATCH-FIX-SLE fix_configure_rst.patch bpo#43774 mcepl@suse.com +# remove duplicate link targets and make documentation with old Sphinx in SLE +Patch11: fix_configure_rst.patch +# PATCH-FIX-UPSTREAM skip_if_buildbot-extend.patch gh#python/cpython#103053 mcepl@suse.com +# Skip test_freeze_simple_script +Patch13: skip_if_buildbot-extend.patch +# PATCH-FIX-UPSTREAM bsc1221260-test_asyncio-ResourceWarning.patch bsc#1221260 mcepl@suse.com +# prevent ResourceWarning in test_asyncio tests +Patch15: bsc1221260-test_asyncio-ResourceWarning.patch +# PATCH-FIX-OPENSUSE CVE-2023-52425-libexpat-2.6.0-backport.patch +# This problem on libexpat is patched on SLE without version +# update, this patch changes the tests to match the libexpat provided +# by SUSE +Patch16: CVE-2023-52425-libexpat-2.6.0-backport.patch +Patch17: CVE-2023-52425-remove-reparse_deferral-tests.patch +# PATCH-FIX-UPSTREAM bso1227999-reproducible-builds.patch bsc#1227999 mcepl@suse.com +# reproducibility patches +Patch19: bso1227999-reproducible-builds.patch +# PATCH-FIX-UPSTREAM gh120226-fix-sendfile-test-kernel-610.patch gh#python/cpython#120226 mcepl@suse.com +# Fix test_sendfile_close_peer_in_the_middle_of_receiving on Linux >= 6.10 (GH-120227) +Patch22: gh120226-fix-sendfile-test-kernel-610.patch +# PATCH-FIX-UPSTREAM CVE-2024-9287-venv_path_unquoted.patch gh#python/cpython#124651 mcepl@suse.com +# venv should properly quote path names provided when creating a venv +Patch23: CVE-2024-9287-venv_path_unquoted.patch +BuildRequires: autoconf-archive +BuildRequires: automake +BuildRequires: fdupes +BuildRequires: gmp-devel +BuildRequires: lzma-devel +BuildRequires: netcfg +BuildRequires: openssl-devel +BuildRequires: pkgconfig +BuildRequires: xz +BuildRequires: pkgconfig(bzip2) +BuildRequires: pkgconfig(expat) +BuildRequires: pkgconfig(libffi) +BuildRequires: pkgconfig(uuid) +BuildRequires: pkgconfig(zlib) +#!BuildIgnore: gdk-pixbuf-loader-rsvg +%if 0%{?suse_version} >= 1550 +# The provider for python(abi) is in rpm-build-python +BuildRequires: rpm-build-python +%endif +%if 0%{?suse_version} >= 1500 && 0%{?suse_version} < 1599 +BuildRequires: pkgconfig(libnsl) +BuildRequires: pkgconfig(libtirpc) +%endif +%if %{with mpdecimal} +BuildRequires: mpdecimal-devel +%endif +%if %{with doc} +BuildRequires: python3-Sphinx >= 4.0.0 +%if 0%{?suse_version} >= 1500 +BuildRequires: python3-python-docs-theme >= 2022.1 +%endif +%endif +%if %{with general} +# required for idle3 (.desktop and .appdata.xml files) +BuildRequires: appstream-glib +BuildRequires: gcc-c++ +BuildRequires: gdbm-devel +BuildRequires: gettext +BuildRequires: readline-devel +BuildRequires: sqlite-devel +BuildRequires: timezone +BuildRequires: pkgconfig(ncurses) +BuildRequires: pkgconfig(tk) +BuildRequires: pkgconfig(x11) +Requires: %{python_pkg_name}-base = %{version} +Provides: %{python_pkg_name}-readline +Provides: %{python_pkg_name}-sqlite3 +Recommends: %{python_pkg_name}-curses +Recommends: %{python_pkg_name}-dbm +Recommends: %{python_pkg_name}-pip +%if %{primary_interpreter} +Provides: python3 = %{python_version} +Provides: python3-readline +Provides: python3-sqlite3 +%endif +%endif +%{?suse_build_hwcaps_libs} + +%description +Python 3 is modern interpreted, object-oriented programming language, +often compared to Tcl, Perl, Scheme, or Java. You can find an overview +of Python in the documentation and tutorials included in the python3-doc +package. + +This package supplies rich command line features provided by readline, +and sqlite3 support for the interpreter core, thus forming a so called +"extended" runtime. +Installing "python3" is sufficient for the vast majority of usecases. +In addition, recommended packages provide UI toolkit support (python3-curses, +python3-tk), legacy UNIX database bindings (python3-dbm), and the IDLE +development environment (python3-idle). + +%package -n %{python_pkg_name}-tk +Summary: TkInter, a Python Tk Interface +Requires: %{python_pkg_name} = %{version} +%if %{primary_interpreter} +Provides: python3-tk = %{version} +%endif + +%description -n %{python_pkg_name}-tk +Python interface to Tk. Tk is the GUI toolkit that comes with Tcl. + +%package -n %{python_pkg_name}-curses +Summary: Python Interface to the (N)Curses Library +Requires: %{python_pkg_name} = %{version} +%if %{primary_interpreter} +Provides: python3-curses +%endif + +%description -n %{python_pkg_name}-curses +An easy to use interface to the (n)curses CUI library. CUI stands for +Console User Interface. + +%package -n %{python_pkg_name}-dbm +Summary: Python Interface to the GDBM Library +Requires: %{python_pkg_name} = %{version} +%if %{primary_interpreter} +Provides: python3-dbm +%endif + +%description -n %{python_pkg_name}-dbm +An easy to use interface for Unix DBM databases, and more specifically, +the GNU implementation GDBM. + +%package -n %{python_pkg_name}-idle +Summary: An Integrated Development Environment for Python +Requires: %{python_pkg_name} = %{version} +Requires: %{python_pkg_name}-tk +%if %{primary_interpreter} +Provides: python3-idle = %{version} +%endif + +%description -n %{python_pkg_name}-idle +IDLE is a Tkinter based integrated development environment for Python. +It features a multi-window text editor with multiple undo, Python +colorizing, and many other things, as well as a Python shell window and +a debugger. + +%package -n %{python_pkg_name}-doc +Summary: Package Documentation for Python 3 +Enhances: %{python_pkg_name} = %{python_version} +%if %{primary_interpreter} +Provides: python3-doc = %{version} +%endif + +%description -n %{python_pkg_name}-doc +Tutorial, Global Module Index, Language Reference, Library Reference, +Extending and Embedding Reference, Python/C API Reference, Documenting +Python, and Macintosh Module Reference in HTML format. + +%package -n %{python_pkg_name}-doc-devhelp +Summary: Additional Package Documentation for Python 3 in devhelp format +%if %{primary_interpreter} +Provides: python3-doc-devhelp = %{version} +%endif + +%description -n %{python_pkg_name}-doc-devhelp +Tutorial, Global Module Index, Language Reference, Library Reference, +Extending and Embedding Reference, Python/C API Reference, Documenting +Python, and Macintosh Module Reference in format for devhelp. + +%package -n %{python_pkg_name}-base +Summary: Python 3 Interpreter and Stdlib Core +Requires: libpython%{so_version} = %{version} +Recommends: %{python_pkg_name} = %{version} +#Recommends: python3-ensurepip +# python 3.1 didn't have a separate python-base, so it is wrongly +# not a conflict to have python3-3.1 and python3-base > 3.1 +Obsoletes: python3 < 3.2 +# no Provides, because python3 is obviously provided by package python3 +# python 3.4 provides asyncio +Provides: %{python_pkg_name}-asyncio = %{version} +# python 3.6 provides typing +Provides: %{python_pkg_name}-typing = %{version} +# python3-xml was merged into python3, now moved into -base +Provides: %{python_pkg_name}-xml = %{version} +%if %{primary_interpreter} +Provides: python3-asyncio = %{version} +Obsoletes: python3-asyncio < %{version} +Provides: python3-base = %{version} +Obsoletes: python3-base < %{version} +Provides: python3-typing = %{version} +Obsoletes: python3-typing < %{version} +Provides: python3-xml = %{version} +Obsoletes: python3-xml < %{version} +%endif + +%description -n %{python_pkg_name}-base +Python is an interpreted, object-oriented programming language, and is +often compared to Tcl, Perl, Scheme, or Java. You can find an overview +of Python in the documentation and tutorials included in the python-doc +package. + +This package contains the interpreter core and most commonly used modules +from the standard library. This is sufficient for many usecases, but it +excludes components that depend on external libraries, most notably XML, +database and UI toolkits support. + +%package -n %{python_pkg_name}-tools +Summary: Python Utility and Demonstration Scripts +Requires: %{python_pkg_name}-base = %{version} +Provides: %{python_pkg_name}-2to3 = %{version} +Provides: %{python_pkg_name}-demo = %{version} +%if %{primary_interpreter} +Provides: python3-2to3 = %{version} +Provides: python3-demo = %{version} +Provides: python3-tools = %{version} +Obsoletes: python3-2to3 < %{version} +Obsoletes: python3-demo < %{version} +%endif + +%description -n %{python_pkg_name}-tools +A number of scripts that are useful for building, testing or extending Python, +and a set of demonstration programs. + +%package -n %{python_pkg_name}-devel +Summary: Include Files and Libraries Mandatory for Building Python Modules +Requires: %{python_pkg_name}-base = %{version} +%if %{primary_interpreter} +Provides: python3-devel = %{version} +%endif + +%description -n %{python_pkg_name}-devel +The Python programming language's interpreter can be extended with +dynamically loaded extensions and can be embedded in other programs. + +This package contains header files, a static library, and development +tools for building Python modules, extending the Python interpreter or +embedding Python in applications. + +This also includes the Python distutils, which were in the Python +package up to version 2.2.2. + +%package -n %{python_pkg_name}-testsuite +Summary: Unit tests for Python and its standard library +Requires: %{python_pkg_name} = %{version} +Requires: %{python_pkg_name}-tk = %{version} +%if %{primary_interpreter} +Provides: python3-testsuite = %{version} +%endif + +%description -n %{python_pkg_name}-testsuite +Unit tests that are useful for verifying integrity and functionality +of the installed Python interpreter and standard library. +They are a documented part of stdlib, as a module 'test'. + +%package -n libpython%{so_version} +Summary: Python Interpreter shared library +Requires: %{python_pkg_name}-base >= %{version} + +%description -n libpython%{so_version} +Python is an interpreted, object-oriented programming language, and is +often compared to Tcl, Perl, Scheme, or Java. You can find an overview +of Python in the documentation and tutorials included in the python-doc +(HTML) or python-doc-pdf (PDF) packages. + +This package contains libpython3.2 shared library for embedding in +other applications. + +%prep +%setup -q -n %{tarname} + +%patch -p1 -P 02 +%patch -p1 -P 03 +%patch -p1 -P 04 +%patch -p1 -P 05 +%patch -p1 -P 06 +%patch -p1 -P 07 +%patch -p1 -P 08 + +%if 0%{?suse_version} <= 1500 +%patch -P 09 -p1 +%endif + +%patch -p1 -P 10 +%patch -p1 -P 11 +%patch -p1 -P 13 +%patch -p1 -P 15 +%patch -p1 -P 16 +%patch -p1 -P 17 +%patch -p1 -P 19 +%patch -p1 -P 22 +%patch -p1 -P 23 + +# drop Autoconf version requirement +sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac + +%if %{primary_interpreter} +# fix shebangs - convert /usr/local/bin/python and /usr/bin/env/python to /usr/bin/python3 +for dir in Lib Tools; do + # find *.py, filter to files that contain bad shebangs + # break up "/""usr" like this to prevent replacing with %%{_prefix} + find $dir -name '*.py' -type f -print0 \ + | xargs -0 grep -lE '^#! *(/''usr/.*bin/(env +)?)?python' \ + | xargs sed -r -i -e '1s@^#![[:space:]]*(/''usr/(local/)?bin/(env +)?)?python([0-9]+(\.[0-9]+)?)?@#!%{_bindir}/python3@' +done +%else +# For non-primary Python, just don't bother (bsc#1193179) and remove all +# those shebangs +for dir in Lib Tools; do + find $dir -name '*.py' -type f -exec sed -i '1{/^#!.*python/ d}' '{}' \; +done +# We shortened the file Lib/pdb.py so we have to move the test breakpoint location +sed -i -e '/Breakpoint 3 at ...pdb.py:97/s/97/96/' Lib/test/test_pdb.py +%endif + +# drop in-tree libffi and expat +rm -r Modules/_ctypes/libffi* Modules/_ctypes/darwin +# Cannot remove it because of gh#python/cpython#92875 +# rm -r Modules/expat + +# drop duplicate README from site-packages +rm Lib/site-packages/README.txt + +# Add vendored bluez-devel files +tar xvf %{SOURCE21} + +# Don't fail on warnings when building documentation +sed -i -e '/^SPHINXERRORHANDLING/s/-W//' Doc/Makefile + +%build +%if %{with doc} +TODAY_DATE=`date -r %{SOURCE0} "+%%B %%d, %%Y"` +# TODO use not date of tarball but date of latest patch + +cd Doc +sed -i "s/^today = .*/today = '$TODAY_DATE'/" conf.py +%make_build -j1 html + +# Build also devhelp files +sphinx-build -a -b devhelp . build/devhelp +rm -rfv build/devhelp/.doctrees +%else +%define _lto_cflags %{nil} +# use rpm_opt_flags +export OPT="%{optflags} -DOPENSSL_LOAD_CONF -fwrapv $(pkg-config --cflags-only-I libffi) -fno-semantic-interposition" + +touch -r %{SOURCE0} Makefile.pre.in + +autoreconf -fvi + +%if 0%{?sles_version} +sed -e 's/-fprofile-correction//' -i Makefile.pre.in +%endif + +export CFLAGS="%{optflags} -IVendor/" + +%configure \ + --with-platlibdir=%{_lib} \ + --docdir=%{_docdir}/python \ + --enable-ipv6 \ + --enable-shared \ + --with-ensurepip=no \ + --with-system-ffi \ + --with-system-expat \ + --with-lto \ +%if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150400 + --with-ssl-default-suites=openssl \ +%endif +%if %{with profileopt} + --enable-optimizations \ +%endif +%if %{with mpdecimal} + --with-system-libmpdec \ +%endif + --enable-loadable-sqlite-extensions + +# prevent make from trying to rebuild PYTHON_FOR_GEN stuff +# %%make_build -t Python/Python-ast.c \ + # Include/Python-ast.h \ + # Objects/typeslots.inc \ + # Python/opcode_targets.h \ + # Include/opcode.h +%make_build + +%if %{with general} +%make_build +%endif +%if %{with base} +%if %{with profileopt} + target=profile-opt +%else + target=all +%endif +LD_LIBRARY_PATH=.:$LD_LIBRARY_PATH \ + %make_build $target +%endif +%endif + +%check +export SUSE_VERSION="0%{?suse_version}" +export SLE_VERSION="0%{?sle_version}" +%if %{with general} +# exclude test_gdb -- it doesn't run in buildservice anyway, and fails on missing debuginfos +# when you install gdb into your test env +EXCLUDE="test_gdb" +# we patch out the message to recommend zypper in and thus this would fail +EXCLUDE="$EXCLUDE test_pydoc" + +%ifarch %{arm} s390x +# test_multiprocessing_forkserver is racy +EXCLUDE="$EXCLUDE test_multiprocessing_forkserver" +%endif +%ifarch ppc ppc64 ppc64le +# exclue test_faulthandler due to bnc#831629 +EXCLUDE="$EXCLUDE test_faulthandler" +%endif +# some tests break in QEMU +%if 0%{?qemu_user_space_build} +EXCLUDE="$EXCLUDE test_faulthandler test_multiprocessing_forkserver test_multiprocessing_spawn test_os test_posix test_signal test_socket test_subprocess" +%endif + +# This test (part of test_uuid) requires real network interfaces +# so that ifconfig output has "HWaddr ". Some kvm instances +# done have any such interface breaking the uuid module. +EXCLUDE="$EXCLUDE test_uuid" + +# bsc#1195140 and bpo#37169 - test_capi is failing on openSUSE, and not sure why +EXCLUDE="$EXCLUDE test_capi" + +# Limit virtual memory to avoid spurious failures +if test $(ulimit -v) = unlimited || test $(ulimit -v) -gt 10000000; then + ulimit -v 11000000 || : +fi + +# test_freeze_simple_script in test.test_tools.test_freeze.TestFreeze +# uses CONFIG_ARGS to run ./configure. +export CONFIG_ARGS="--enable-ipv6 --enable-shared --with-ensurepip=no \ + --with-system-ffi --with-system-expat --with-lto --enable-optimizations \ + --with-system-libmpdec --enable-loadable-sqlite-extensions" + +export PYTHONPATH="$(pwd -P)/Lib" +# Use timeout, like make target buildbottest +# We cannot run tests parallel, because osc build environment doesn’t +# have /dev/shm +%make_build -j1 test TESTOPTS="-u curses -v -x $EXCLUDE --timeout=5400" +# use network, be verbose: +#make test TESTOPTS="-l -u network -v" +%endif + +%install +%if %{with doc} +export PDOCS=%{buildroot}%{_docdir}/python%{python_version} +mkdir -p $PDOCS +# generated docs +rm Doc/build/*/.buildinfo +cp -r Doc/build/html $PDOCS +# misc +install -d -m 755 $PDOCS/Misc +rm Misc/README.AIX +for i in Misc/* ; do + [ -f $i ] && install -c -m 644 $i $PDOCS/Misc/ +done +# devhelp +mkdir -p %{buildroot}%{_datadir}/gtk-doc/html +cp -r Doc/build/devhelp %{buildroot}%{_datadir}/gtk-doc/html/Python%{python_version} +rm -rf %{buildroot}%{_datadir}/gtk-doc/html/Python%{python_version}/.doctrees +%endif +%if %{with general} +%make_install + +# clean out stuff that is in python-base and subpackages + +find %{buildroot}%{_bindir} -mindepth 1 -not -name "*idle3*" -print -delete +rm %{buildroot}%{_libdir}/lib* +rm -r %{buildroot}%{_libdir}/pkgconfig +rm -r %{buildroot}%{_mandir}/* +rm -r %{buildroot}%{_includedir}/* + +rm -r %{buildroot}%{sitedir}/config* +find %{buildroot}%{sitedir} -name "*.egg-info" -delete +rm -r %{buildroot}%{sitedir}/__pycache__ +rm -r %{buildroot}%{sitedir}/site-packages +rm %{buildroot}%{sitedir}/*.* + +for module in \ + asyncio ctypes collections concurrent distutils email encodings \ + ensurepip html http re \ + importlib json logging multiprocessing pydoc_data unittest \ + urllib venv wsgiref lib2to3 test tomllib turtledemo \ + xml xmlrpc zoneinfo __phello__ +do + rm -r %{buildroot}%{sitedir}/$module +done + +for library in \ + array _asyncio audioop binascii _bisect _bz2 cmath _codecs_* \ + _contextvars _crypt _csv _ctypes _datetime _decimal fcntl grp \ + _hashlib _heapq _json _lsprof _lzma math mmap _multibytecodec \ + _multiprocessing _opcode ossaudiodev _pickle _posixshmem \ + _posixsubprocess _queue _random resource select _ssl _socket spwd \ + _statistics _struct syslog termios _testbuffer _testimportmultiple \ + _testmultiphase unicodedata zlib _ctypes_test _testinternalcapi _testcapi \ + _typing _testclinic xxlimited xxlimited_35 \ + _xxtestfuzz _xxsubinterpreters _elementtree pyexpat _md5 _sha1 \ + _sha256 _sha512 _blake2 _sha3 _uuid _zoneinfo +do + eval rm "%{buildroot}%{sitedir}/lib-dynload/$library.*" +done + +# Idle is not packaged in base due to the appstream-glib dependency +# move idle config into /etc +install -d -m 755 %{buildroot}%{_sysconfdir}/idle%{python_version} +( + cd %{buildroot}/%{sitedir}/idlelib/ + for file in *.def ; do + mv $file %{buildroot}%{_sysconfdir}/idle%{python_version}/ + ln -sf %{_sysconfdir}/idle%{python_version}/$file %{buildroot}/%{sitedir}/idlelib/ + done +) + +# keep just idle3.X +rm %{buildroot}%{_bindir}/idle3 + +# install idle icons +for size in 16 32 48 ; do + install -m 644 -D Lib/idlelib/Icons/idle_${size}.png \ + %{buildroot}%{_datadir}/icons/hicolor/${size}x${size}/apps/idle%{python_version}.png +done + +# install idle desktop file +cp %{SOURCE19} idle%{python_version}.desktop +sed -i -e 's:idle3:idle%{python_version}:g' idle%{python_version}.desktop +install -m 644 -D -t %{buildroot}%{_datadir}/applications idle%{python_version}.desktop + +cp %{SOURCE20} idle%{python_version}.appdata.xml +sed -i -e 's:idle3.desktop:idle%{python_version}.desktop:g' idle%{python_version}.appdata.xml +install -m 644 -D -t %{buildroot}%{_datadir}/metainfo idle%{python_version}.appdata.xml +appstream-util validate-relax --nonet %{buildroot}%{_datadir}/metainfo/idle%{python_version}.appdata.xml + +%fdupes %{buildroot}/%{_libdir}/python%{python_version} +%endif +%if %{with base} +%make_install + +# remove .a +find %{buildroot} -name "*.a" -delete + +# install "site-packages" and __pycache__ for third parties +install -d -m 755 %{buildroot}%{sitedir}/site-packages +install -d -m 755 %{buildroot}%{sitedir}/site-packages/__pycache__ +# and their 32bit counterparts explicitly +mkdir -p %{buildroot}%{_prefix}/lib/python%{python_version}/site-packages/__pycache__ + +# cleanup parts that don't belong +for dir in curses dbm sqlite3 tkinter idlelib; do + find "%{buildroot}/%{sitedir}/$dir"/* -maxdepth 0 -name "test" -o -exec rm -rf {} + +done +rm -fv %{buildroot}%{dynlib nis} + +# overwrite the copied binary with a link +ln -sf python%{python_version} %{buildroot}%{_bindir}/python3 + +# decide to ship python3 or just python3.X +%if !%{primary_interpreter} +# base +rm %{buildroot}%{_bindir}/python3 +rm %{buildroot}%{_bindir}/pydoc3 +rm %{buildroot}%{_mandir}/man1/python3.1 +# devel +rm %{buildroot}%{_bindir}/python3-config +rm %{buildroot}%{_libdir}/libpython3.so +rm %{buildroot}%{_libdir}/pkgconfig/{python3,python3-embed}.pc +%endif + +%if %{suse_version} > 1550 +# PEP-0668 mark this as a distro maintained python +sed -e 's,__PYTHONPREFIX__,%{python_pkg_name},' -e 's,__PYTHON__,python%{python_version},' < %{SOURCE4} > %{buildroot}%{sitedir}/EXTERNALLY-MANAGED +%endif + +# link shared library instead of static library that tools expect +ln -s ../../libpython%{python_abi}.so %{buildroot}%{_libdir}/python%{python_version}/config-%{python_abi}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}/libpython%{python_abi}.so + +# delete idle3, which has to many packaging dependencies for base +rm %{buildroot}%{_bindir}/idle3* + +# delete the generic 2to3 binary if we are not primary +%if !%{primary_interpreter} +rm %{buildroot}%{_bindir}/2to3 +%endif + +# replace duplicate .pyo/.pyc with hardlinks +%fdupes %{buildroot}/%{sitedir} + +# documentation +export PDOCS=%{buildroot}%{_docdir}/%{name} +install -d -m 755 $PDOCS +install -c -m 644 %{SOURCE3} $PDOCS/ +install -c -m 644 README.rst $PDOCS/ + +# tools +for x in `find Tools/ \( -not -name Makefile \) -print | sort` ; do + test -d $x && ( install -c -m 755 -d $PDOCS/$x ) \ + || ( install -c -m 644 $x $PDOCS/$x ) +done +# gdb script is shipped with devel subpackage +rm -r $PDOCS/Tools/gdb +# clean up the bat files +find "$PDOCS" -name "*.bat" -delete + +# put gdb helper script into place +install -m 755 -D Tools/gdb/libpython.py %{buildroot}%{_datadir}/gdb/auto-load/%{_libdir}/libpython%{python_abi}.so.%{so_major}.%{so_minor}-gdb.py + +# install devel files to /config +#cp Makefile Makefile.pre.in Makefile.pre $RPM_BUILD_ROOT%%{sitedir}/config-%%{python_abi}/ + +# Remove -IVendor/ from python-config boo#1231795 +sed -i 's/-IVendor\///' %{buildroot}%{_bindir}/python%{python_abi}-config + +# RPM macros +%if %{primary_interpreter} +mkdir -p %{buildroot}%{_rpmconfigdir}/macros.d/ +install -m 644 %{SOURCE7} %{buildroot}%{_rpmconfigdir}/macros.d/ # macros.python3 +%endif + +# import_failed hooks +FAILDIR=%{buildroot}/%{sitedir}/_import_failed +mkdir $FAILDIR +install -m 644 %{SOURCE8} %{SOURCE9} $FAILDIR # import_failed.* +LD_LIBRARY_PATH=. ./python -c "from py_compile import compile; compile('$FAILDIR/import_failed.py', dfile='%{sitedir}/_import_failed/import_failed.py')" +LD_LIBRARY_PATH=. ./python -O -c "from py_compile import compile; compile('$FAILDIR/import_failed.py', dfile='%{sitedir}/_import_failed/import_failed.py')" +( + cd $FAILDIR + while read package modules; do + for module in $modules; do + ln import_failed.py $module.py + pushd __pycache__ + for i in import_failed*; do + ln $i "$module${i#import_failed}" + done + popd + done + done < %{SOURCE9} +) +echo %{sitedir}/_import_failed > %{buildroot}/%{sitedir}/site-packages/zzzz-import-failed-hooks.pth +%endif + +# For the purposes of reproducibility, it is necessary to eliminate any *.pyc files inside documentation dirs +if [ -d %{buildroot}%{_defaultdocdir} ] ; then +find %{buildroot}%{_defaultdocdir} -type f -name \*.pyc -ls -exec rm -vf '{}' \; +fi + +%if %{with general} +%files -n %{python_pkg_name}-tk +%{sitedir}/tkinter +%exclude %{sitedir}/tkinter/test +%{dynlib _tkinter} + +%files -n %{python_pkg_name}-curses +%{sitedir}/curses +%{dynlib _curses} +%{dynlib _curses_panel} + +%files -n %{python_pkg_name}-dbm +%{sitedir}/dbm +%{dynlib _dbm} +%{dynlib _gdbm} + +%files -n %{python_pkg_name} +%dir %{sitedir} +%dir %{sitedir}/lib-dynload +%{sitedir}/sqlite3 +%exclude %{sitedir}/sqlite3/test +%{dynlib readline} +%{dynlib _sqlite3} +%if 0%{?suse_version} < 1599 +%{dynlib nis} +%endif + +%files -n %{python_pkg_name}-idle +%{sitedir}/idlelib +%dir %{_sysconfdir}/idle%{python_version} +%config %{_sysconfdir}/idle%{python_version}/* +%doc Lib/idlelib/README.txt +%doc Lib/idlelib/TODO.txt +%doc Lib/idlelib/extend.txt +%doc Lib/idlelib/ChangeLog +%{_bindir}/idle%{python_version} +%{_datadir}/applications/idle%{python_version}.desktop +%{_datadir}/metainfo/idle%{python_version}.appdata.xml +%{_datadir}/icons/hicolor/*/apps/idle%{python_version}.png +%dir %{_datadir}/icons/hicolor +%dir %{_datadir}/icons/hicolor/16x16 +%dir %{_datadir}/icons/hicolor/32x32 +%dir %{_datadir}/icons/hicolor/48x48 +%dir %{_datadir}/icons/hicolor/*/apps +# endif for if general +%endif + +%if %{with doc} +%files -n %{python_pkg_name}-doc +%dir %{_docdir}/python%{python_version} +%doc %{_docdir}/python%{python_version}/Misc +%doc %{_docdir}/python%{python_version}/html + +%files -n %{python_pkg_name}-doc-devhelp +%dir %{_datadir}/gtk-doc +%dir %{_datadir}/gtk-doc/html +%doc %{_datadir}/gtk-doc/html/Python%{python_version} +%endif + +%if %{with base} +%post -n libpython%{so_version} -p /sbin/ldconfig +%postun -n libpython%{so_version} -p /sbin/ldconfig + +%files -n libpython%{so_version} +%{_libdir}/libpython%{python_abi}.so.%{so_major}.%{so_minor} + +%files -n %{python_pkg_name}-tools +%{sitedir}/turtledemo +%if %{primary_interpreter} +%{_bindir}/2to3 +%endif +%attr(755, root, root)%{_bindir}/2to3-%{python_version} +%doc %{_docdir}/%{name}/Tools + +%files -n %{python_pkg_name}-devel +%{_libdir}/libpython%{python_abi}.so +%if %{primary_interpreter} +%{_libdir}/libpython3.so +%endif +%{_libdir}/pkgconfig/* +%{_includedir}/python%{python_abi} +%{sitedir}/config-%{python_abi}-* +%{_bindir}/python%{python_abi}-config +%if %{primary_interpreter} +%{_bindir}/python3-config +%endif +# Own these directories to not depend on gdb +%dir %{_datadir}/gdb +%dir %{_datadir}/gdb/auto-load +%dir %{_datadir}/gdb/auto-load%{_prefix} +%dir %{_datadir}/gdb/auto-load%{_libdir} +%{_datadir}/gdb/auto-load/%{_libdir}/libpython%{python_abi}.so.%{so_major}.%{so_minor}-gdb.py + +%files -n %{python_pkg_name}-testsuite +%{sitedir}/test +%{sitedir}/*/test +%{sitedir}/*/tests +%{dynlib _ctypes_test} +%{dynlib _testbuffer} +%{dynlib _testcapi} +%{dynlib _testclinic} +%{dynlib _testinternalcapi} +%{dynlib _testimportmultiple} +%{dynlib _testmultiphase} +%{dynlib xxlimited} +# workaround for missing packages +%dir %{sitedir}/sqlite3 +%dir %{sitedir}/tkinter + +%files -n %{python_pkg_name}-base +# docs +%dir %{_docdir}/%{name} +%doc %{_docdir}/%{name}/README.rst +%license LICENSE +%doc %{_docdir}/%{name}/README.SUSE +%if %{primary_interpreter} +%{_mandir}/man1/python3.1%{?ext_man} +%endif +%{_mandir}/man1/python%{python_version}.1%{?ext_man} +%if 0%{?suse_version} > 1550 +# PEP-0668 +%{sitedir}/EXTERNALLY-MANAGED +%endif +# license text, not a doc because the code can use it at run-time +%{sitedir}/LICENSE.txt +# RPM macros +%if %{primary_interpreter} +%{_rpmconfigdir}/macros.d/macros.python3 +%endif +# binary parts +%dir %{sitedir}/lib-dynload +%{dynlib array} +%{dynlib _asyncio} +%{dynlib audioop} +%{dynlib binascii} +%{dynlib _bisect} +%{dynlib _bz2} +%{dynlib cmath} +%{dynlib _codecs_cn} +%{dynlib _codecs_hk} +%{dynlib _codecs_iso2022} +%{dynlib _codecs_jp} +%{dynlib _codecs_kr} +%{dynlib _codecs_tw} +%{dynlib _contextvars} +%{dynlib _crypt} +%{dynlib _csv} +%{dynlib _ctypes} +%{dynlib _datetime} +%{dynlib _decimal} +%{dynlib _elementtree} +%{dynlib fcntl} +%{dynlib grp} +%{dynlib _hashlib} +%{dynlib _heapq} +%{dynlib _json} +%{dynlib _lsprof} +%{dynlib _lzma} +%{dynlib math} +%{dynlib mmap} +%{dynlib _multibytecodec} +%{dynlib _multiprocessing} +%{dynlib _opcode} +%{dynlib ossaudiodev} +%{dynlib _pickle} +%{dynlib _posixshmem} +%{dynlib _posixsubprocess} +%{dynlib pyexpat} +%{dynlib _queue} +%{dynlib _random} +%{dynlib resource} +%{dynlib select} +%{dynlib _socket} +%{dynlib spwd} +%{dynlib _ssl} +%{dynlib _statistics} +%{dynlib _struct} +%{dynlib syslog} +%{dynlib termios} +%{dynlib _typing} +%{dynlib unicodedata} +%{dynlib _uuid} +%{dynlib _xxsubinterpreters} +%{dynlib _xxtestfuzz} +%{dynlib xxlimited_35} +%{dynlib zlib} +%{dynlib _zoneinfo} +# hashlib fallback modules +%{dynlib _blake2} +%{dynlib _md5} +%{dynlib _sha1} +%{dynlib _sha256} +%{dynlib _sha512} +%{dynlib _sha3} +# python parts +%dir %{_prefix}/lib/python%{python_version} +%dir %{_prefix}/lib/python%{python_version}/site-packages +%dir %{_prefix}/lib/python%{python_version}/site-packages/__pycache__ +%dir %{sitedir} +%dir %{sitedir}/site-packages +%dir %{sitedir}/site-packages/__pycache__ +%exclude %{sitedir}/*/test +%exclude %{sitedir}/*/tests +%{sitedir}/*.py +%{sitedir}/asyncio +%{sitedir}/ctypes +%{sitedir}/collections +%{sitedir}/concurrent +%{sitedir}/distutils +%{sitedir}/email +%{sitedir}/encodings +%{sitedir}/ensurepip +%{sitedir}/html +%{sitedir}/http +%{sitedir}/importlib +%{sitedir}/json +%{sitedir}/lib2to3 +%{sitedir}/logging +%{sitedir}/multiprocessing +%{sitedir}/pydoc_data +%{sitedir}/re +%{sitedir}/tomllib +%{sitedir}/unittest +%{sitedir}/urllib +%{sitedir}/venv +%{sitedir}/wsgiref +%{sitedir}/xml +%{sitedir}/xmlrpc +%{sitedir}/zoneinfo +%{sitedir}/__phello__ +%{sitedir}/__pycache__ +# import-failed hooks +%{sitedir}/_import_failed +%{sitedir}/site-packages/zzzz-import-failed-hooks.pth +# symlinks +%if %{primary_interpreter} +%{_bindir}/python3 +%{_bindir}/pydoc3 +%endif +# executables +%attr(755, root, root) %{_bindir}/pydoc%{python_version} +# %%attr(755, root, root) %%{_bindir}/python%%{python_abi} +%attr(755, root, root) %{_bindir}/python%{python_version} +# endif for if base +%endif + +%changelog diff --git a/skip-test_pyobject_freed_is_freed.patch b/skip-test_pyobject_freed_is_freed.patch new file mode 100644 index 0000000..6f48b09 --- /dev/null +++ b/skip-test_pyobject_freed_is_freed.patch @@ -0,0 +1,23 @@ +--- + Lib/test/test_capi/test_misc.py | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/Lib/test/test_capi/test_misc.py ++++ b/Lib/test/test_capi/test_misc.py +@@ -40,6 +40,8 @@ import _testinternalcapi + # Were we compiled --with-pydebug or with #define Py_DEBUG? + Py_DEBUG = hasattr(sys, 'gettotalrefcount') + ++# Which version of the SLE distro we build on? ++SLE_VERSION = int(os.environ.get('SLE_VERSION', '0'), 10) + + NULL = None + +@@ -1281,6 +1283,7 @@ class PyMemDebugTests(unittest.TestCase) + def test_pyobject_forbidden_bytes_is_freed(self): + self.check_pyobject_is_freed('check_pyobject_forbidden_bytes_is_freed') + ++ @unittest.skipIf(0 < SLE_VERSION < 150300, 'Failing on Leap 15.*') + def test_pyobject_freed_is_freed(self): + self.check_pyobject_is_freed('check_pyobject_freed_is_freed') + diff --git a/skip_if_buildbot-extend.patch b/skip_if_buildbot-extend.patch new file mode 100644 index 0000000..fd9a584 --- /dev/null +++ b/skip_if_buildbot-extend.patch @@ -0,0 +1,15 @@ +--- + Lib/test/support/__init__.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/Lib/test/support/__init__.py ++++ b/Lib/test/support/__init__.py +@@ -384,7 +384,7 @@ def skip_if_buildbot(reason=None): + if not reason: + reason = 'not suitable for buildbots' + try: +- isbuildbot = getpass.getuser().lower() == 'buildbot' ++ isbuildbot = getpass.getuser().lower() in ['buildbot', 'abuild'] + except (KeyError, EnvironmentError) as err: + warnings.warn(f'getpass.getuser() failed {err}.', RuntimeWarning) + isbuildbot = False diff --git a/skipped_tests.py b/skipped_tests.py new file mode 100644 index 0000000..47002e6 --- /dev/null +++ b/skipped_tests.py @@ -0,0 +1,69 @@ +#!/usr/bin/python3 +""" +Simple regexp-based skipped test checker. +It lists tests that are mentioned (presumably for exclusion) +in BASE, and in MAIN (presumably for inclusion) +and reports discrepancies. + +This will have a number of +""" + +MAIN = "python39.spec" + +import glob +import re +from os.path import basename + +alltests = set() +qemu_exclusions = set() + +for item in glob.glob("Python-*/Lib/test/test_*"): + testname = basename(item) + if testname.endswith(".py"): + testname = testname[:-3] + alltests.add(testname) + +testre = re.compile(r'[\s"](test_\w+)\b') + +def find_tests_in_spec(specname): + global qemu_exclusions + + found_tests = set() + with open(specname) as spec: + in_qemu = False + for line in spec: + line = line.strip() + if "#" in line: + line = line[:line.index("#")] + tests = set(testre.findall(line)) + found_tests |= tests + if line == "%if 0%{?qemu_user_space_build} > 0": + in_qemu = True + if in_qemu: + if line == "%endif": + in_qemu = False + qemu_exclusions |= tests + return found_tests + +excluded = find_tests_in_spec(MAIN) + +#print("--- excluded tests:", " ".join(sorted(excluded))) +#print("--- included tests:", " ".join(sorted(included))) + +mentioned = excluded +nonexistent = mentioned - alltests +missing = excluded - qemu_exclusions + +print("--- the following tests are excluded for QEMU and not tested in python") +print("--- (that probably means we don't need to worry about them)") +for test in sorted(qemu_exclusions - excluded): + print(test) + +print("--- the following tests might be excluded in python:") +for test in sorted(missing): + print(test) + +if nonexistent: + print("--- the following tests don't exist:") + for test in sorted(nonexistent): + print(test) diff --git a/subprocess-raise-timeout.patch b/subprocess-raise-timeout.patch new file mode 100644 index 0000000..ab29d50 --- /dev/null +++ b/subprocess-raise-timeout.patch @@ -0,0 +1,18 @@ +--- + Lib/test/test_subprocess.py | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +Index: Python-3.11.8/Lib/test/test_subprocess.py +=================================================================== +--- Python-3.11.8.orig/Lib/test/test_subprocess.py ++++ Python-3.11.8/Lib/test/test_subprocess.py +@@ -280,7 +280,8 @@ class ProcessTestCase(BaseTestCase): + "time.sleep(3600)"], + # Some heavily loaded buildbots (sparc Debian 3.x) require + # this much time to start and print. +- timeout=3) ++ # OBS might require even more ++ timeout=10) + self.fail("Expected TimeoutExpired.") + self.assertEqual(c.exception.output, b'BDFL') + -- 2.51.1 From 12e9f4c2398723abf4079309ece339eae6c18e6fef10443f2595d5c9d06c1dd7 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Tue, 3 Dec 2024 09:29:46 +0000 Subject: [PATCH 107/135] - Add add-loongarch64-support.patch to support loongarch64 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=152 --- add-loongarch64-support.patch | 25 +++++++++++++++++++++++++ python311.changes | 5 +++++ python311.spec | 3 +++ 3 files changed, 33 insertions(+) create mode 100644 add-loongarch64-support.patch diff --git a/add-loongarch64-support.patch b/add-loongarch64-support.patch new file mode 100644 index 0000000..f0c8035 --- /dev/null +++ b/add-loongarch64-support.patch @@ -0,0 +1,25 @@ +Description: Add platform triplets for LoongArch. + +--- a/configure.ac ++++ b/configure.ac +@@ -976,6 +976,20 @@ cat > conftest.c <=6) && defined(_MIPSEL) diff --git a/python311.changes b/python311.changes index 6d769f0..d4c51e9 100644 --- a/python311.changes +++ b/python311.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Tue Dec 3 08:21:35 UTC 2024 - John Paul Adrian Glaubitz + +- Add add-loongarch64-support.patch to support loongarch64 + ------------------------------------------------------------------- Mon Dec 2 22:50:07 UTC 2024 - Matej Cepl diff --git a/python311.spec b/python311.spec index e4e6912..3b32b29 100644 --- a/python311.spec +++ b/python311.spec @@ -182,6 +182,8 @@ Patch22: gh120226-fix-sendfile-test-kernel-610.patch # PATCH-FIX-UPSTREAM CVE-2024-9287-venv_path_unquoted.patch gh#python/cpython#124651 mcepl@suse.com # venv should properly quote path names provided when creating a venv Patch23: CVE-2024-9287-venv_path_unquoted.patch +# PATCH-FIX-UPSTREAM Add platform triplets for 64-bit LoongArch gh#python/cpython#30939 glaubitz@suse.com +Patch24: add-loongarch64-support.patch BuildRequires: autoconf-archive BuildRequires: automake BuildRequires: fdupes @@ -445,6 +447,7 @@ other applications. %patch -p1 -P 19 %patch -p1 -P 22 %patch -p1 -P 23 +%patch -p1 -P 24 # drop Autoconf version requirement sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac -- 2.51.1 From 9fa0280821849faae0f41bd51139c3a931e590e2b29bfc35011093b3144ef74f Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Wed, 4 Dec 2024 21:44:34 +0000 Subject: [PATCH 108/135] =?UTF-8?q?-=20Update=20to=203.11.11:=20=20=20-=20?= =?UTF-8?q?Tools/Demos=20=20=20=20=20-=20gh-123418:=20Update=20GitHub=20CI?= =?UTF-8?q?=20workflows=20to=20use=20OpenSSL=203.0.15=20=20=20=20=20=20=20?= =?UTF-8?q?and=20multissltests=20to=20use=203.0.15,=203.1.7,=20and=203.2.3?= =?UTF-8?q?.=20=20=20-=20Tests=20=20=20=20=20-=20gh-125041:=20Re-enable=20?= =?UTF-8?q?skipped=20tests=20for=20zlib=20on=20the=20=20=20=20=20=20=20s39?= =?UTF-8?q?0x=20architecture:=20only=20skip=20checks=20of=20the=20compress?= =?UTF-8?q?ed=20=20=20=20=20=20=20bytes,=20which=20can=20be=20different=20?= =?UTF-8?q?between=20zlib=E2=80=99s=20software=20=20=20=20=20=20=20impleme?= =?UTF-8?q?ntation=20and=20the=20hardware-accelerated=20implementation.=20?= =?UTF-8?q?=20=20-=20Security=20=20=20=20=20-=20gh-126623:=20Upgrade=20lib?= =?UTF-8?q?expat=20to=202.6.4=20=20=20=20=20-=20gh-122792:=20Changed=20IPv?= =?UTF-8?q?4-mapped=20ipaddress.IPv6Address=20to=20=20=20=20=20=20=20consi?= =?UTF-8?q?stently=20use=20the=20mapped=20IPv4=20address=20value=20for=20d?= =?UTF-8?q?eciding=20=20=20=20=20=20=20properties.=20Properties=20which=20?= =?UTF-8?q?have=20their=20behavior=20fixed=20are=20=20=20=20=20=20=20is=5F?= =?UTF-8?q?multicast,=20is=5Freserved,=20is=5Flink=5Flocal,=20is=5Fglobal,?= =?UTF-8?q?=20and=20=20=20=20=20=20=20is=5Funspecified.=20=20=20-=20Librar?= =?UTF-8?q?y=20=20=20=20=20-=20gh-124651:=20Properly=20quote=20template=20?= =?UTF-8?q?strings=20in=20venv=20=20=20=20=20=20=20activation=20scripts=20?= =?UTF-8?q?(bsc#1232241,=20CVE-2024-9287).=20-=20Removed=20upstreamed=20pa?= =?UTF-8?q?tches:=20=20=20-=20CVE-2024-9287-venv=5Fpath=5Funquoted.patch?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=154 --- .gitattributes | 23 + .gitignore | 1 + CVE-2023-52425-libexpat-2.6.0-backport.patch | 223 + ...-52425-remove-reparse_deferral-tests.patch | 60 + CVE-2024-9287-venv_path_unquoted.patch | 299 + F00251-change-user-install-location.patch | 215 + PACKAGING-NOTES | 26 + Python-3.11.10.tar.xz | 3 + Python-3.11.10.tar.xz.asc | 16 + Python-3.11.11.tar.xz | 3 + Python-3.11.11.tar.xz.sigstore | 1 + README.SUSE | 43 + _multibuild | 4 + add-loongarch64-support.patch | 25 + baselibs.conf | 3 + bluez-devel-vendor.tar.xz | 3 + bpo-31046_ensurepip_honours_prefix.patch | 173 + bsc1221260-test_asyncio-ResourceWarning.patch | 21 + bso1227999-reproducible-builds.patch | 37 + distutils-reproducible-compile.patch | 17 + externally_managed.in | 12 + fix_configure_rst.patch | 40 + gh120226-fix-sendfile-test-kernel-610.patch | 35 + idle3.appdata.xml | 35 + idle3.desktop | 12 + import_failed.map | 7 + import_failed.py | 23 + macros.python3 | 28 + no-skipif-doctests.patch | 653 ++ pre_checkin.sh | 78 + python-3.3.0b1-fix_date_time_compiler.patch | 27 + python-3.3.0b1-localpath.patch | 13 + python-3.3.0b1-test-posix_fadvise.patch | 17 + python.keyring | 109 + python311-rpmlintrc | 3 + python311.changes | 5496 +++++++++++++++++ python311.spec | 1052 ++++ skip-test_pyobject_freed_is_freed.patch | 23 + skip_if_buildbot-extend.patch | 15 + skipped_tests.py | 69 + subprocess-raise-timeout.patch | 18 + 41 files changed, 8961 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 CVE-2023-52425-libexpat-2.6.0-backport.patch create mode 100644 CVE-2023-52425-remove-reparse_deferral-tests.patch create mode 100644 CVE-2024-9287-venv_path_unquoted.patch create mode 100644 F00251-change-user-install-location.patch create mode 100644 PACKAGING-NOTES create mode 100644 Python-3.11.10.tar.xz create mode 100644 Python-3.11.10.tar.xz.asc create mode 100644 Python-3.11.11.tar.xz create mode 100644 Python-3.11.11.tar.xz.sigstore create mode 100644 README.SUSE create mode 100644 _multibuild create mode 100644 add-loongarch64-support.patch create mode 100644 baselibs.conf create mode 100644 bluez-devel-vendor.tar.xz create mode 100644 bpo-31046_ensurepip_honours_prefix.patch create mode 100644 bsc1221260-test_asyncio-ResourceWarning.patch create mode 100644 bso1227999-reproducible-builds.patch create mode 100644 distutils-reproducible-compile.patch create mode 100644 externally_managed.in create mode 100644 fix_configure_rst.patch create mode 100644 gh120226-fix-sendfile-test-kernel-610.patch create mode 100644 idle3.appdata.xml create mode 100644 idle3.desktop create mode 100644 import_failed.map create mode 100644 import_failed.py create mode 100644 macros.python3 create mode 100644 no-skipif-doctests.patch create mode 100644 pre_checkin.sh create mode 100644 python-3.3.0b1-fix_date_time_compiler.patch create mode 100644 python-3.3.0b1-localpath.patch create mode 100644 python-3.3.0b1-test-posix_fadvise.patch create mode 100644 python.keyring create mode 100644 python311-rpmlintrc create mode 100644 python311.changes create mode 100644 python311.spec create mode 100644 skip-test_pyobject_freed_is_freed.patch create mode 100644 skip_if_buildbot-extend.patch create mode 100644 skipped_tests.py create mode 100644 subprocess-raise-timeout.patch diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/CVE-2023-52425-libexpat-2.6.0-backport.patch b/CVE-2023-52425-libexpat-2.6.0-backport.patch new file mode 100644 index 0000000..c1c66b7 --- /dev/null +++ b/CVE-2023-52425-libexpat-2.6.0-backport.patch @@ -0,0 +1,223 @@ +--- + Lib/test/support/__init__.py | 16 ++++++++++++++-- + Lib/test/test_minidom.py | 23 +++++++++-------------- + Lib/test/test_pyexpat.py | 12 +++++------- + Lib/test/test_sax.py | 18 +++++++++--------- + Lib/test/test_xml_etree.py | 12 ------------ + 5 files changed, 37 insertions(+), 44 deletions(-) + +--- a/Lib/test/support/__init__.py ++++ b/Lib/test/support/__init__.py +@@ -8,6 +8,7 @@ import dataclasses + import functools + import os + import re ++import pyexpat + import stat + import sys + import sysconfig +@@ -56,7 +57,7 @@ __all__ = [ + "run_with_tz", "PGO", "missing_compiler_executable", + "ALWAYS_EQ", "NEVER_EQ", "LARGEST", "SMALLEST", + "LOOPBACK_TIMEOUT", "INTERNET_TIMEOUT", "SHORT_TIMEOUT", "LONG_TIMEOUT", +- "skip_on_s390x", ++ "skip_on_s390x", "fails_with_expat_2_6_0", "is_expat_2_6_0" + ] + + +@@ -2240,6 +2241,17 @@ def copy_python_src_ignore(path, names): + } + return ignored + +-#Windows doesn't have os.uname() but it doesn't support s390x. ++ ++# Windows doesn't have os.uname() but it doesn't support s390x. + skip_on_s390x = unittest.skipIf(hasattr(os, 'uname') and os.uname().machine == 's390x', + 'skipped on s390x') ++ ++ ++@functools.lru_cache ++def _is_expat_2_6_0(): ++ return hasattr(pyexpat.ParserCreate(), 'SetReparseDeferralEnabled') ++is_expat_2_6_0 = _is_expat_2_6_0() ++ ++fails_with_expat_2_6_0 = (unittest.expectedFailure ++ if is_expat_2_6_0 ++ else lambda test: test) +--- a/Lib/test/test_minidom.py ++++ b/Lib/test/test_minidom.py +@@ -6,7 +6,6 @@ import io + from test import support + import unittest + +-import pyexpat + import xml.dom.minidom + + from xml.dom.minidom import parse, Attr, Node, Document, parseString +@@ -1163,13 +1162,11 @@ class MinidomTest(unittest.TestCase): + + # Verify that character decoding errors raise exceptions instead + # of crashing +- if pyexpat.version_info >= (2, 4, 5): +- self.assertRaises(ExpatError, parseString, +- b'') +- self.assertRaises(ExpatError, parseString, +- b'Comment \xe7a va ? Tr\xe8s bien ?') +- else: +- self.assertRaises(UnicodeDecodeError, parseString, ++ # It doesn’t make any sense to insist on the exact text of the ++ # error message, or even the exact Exception … it is enough that ++ # the error has been discovered. ++ with self.assertRaises((UnicodeDecodeError, ExpatError)): ++ parseString( + b'Comment \xe7a va ? Tr\xe8s bien ?') + + doc.unlink() +@@ -1631,12 +1628,10 @@ class MinidomTest(unittest.TestCase): + self.confirm(doc2.namespaceURI == xml.dom.EMPTY_NAMESPACE) + + def testExceptionOnSpacesInXMLNSValue(self): +- if pyexpat.version_info >= (2, 4, 5): +- context = self.assertRaisesRegex(ExpatError, 'syntax error') +- else: +- context = self.assertRaisesRegex(ValueError, 'Unsupported syntax') +- +- with context: ++ # It doesn’t make any sense to insist on the exact text of the ++ # error message, or even the exact Exception … it is enough that ++ # the error has been discovered. ++ with self.assertRaises((ExpatError, ValueError)): + parseString('') + + def testDocRemoveChild(self): +--- a/Lib/test/test_pyexpat.py ++++ b/Lib/test/test_pyexpat.py +@@ -14,8 +14,7 @@ from test.support import os_helper + from xml.parsers import expat + from xml.parsers.expat import errors + +-from test.support import sortdict, is_emscripten, is_wasi +- ++from test.support import sortdict, is_emscripten, is_wasi, is_expat_2_6_0 + + class SetAttributeTest(unittest.TestCase): + def setUp(self): +@@ -770,9 +769,8 @@ class ReparseDeferralTest(unittest.TestC + self.assertIs(parser.GetReparseDeferralEnabled(), enabled) + + def test_reparse_deferral_enabled(self): +- if expat.version_info < (2, 6, 0): +- self.skipTest(f'Expat {expat.version_info} does not ' +- 'support reparse deferral') ++ if not is_expat_2_6_0: ++ self.skipTest("Linked libexpat doesn't support reparse deferral") + + started = [] + +@@ -801,9 +799,9 @@ class ReparseDeferralTest(unittest.TestC + + parser = expat.ParserCreate() + parser.StartElementHandler = start_element +- if expat.version_info >= (2, 6, 0): ++ if is_expat_2_6_0: + parser.SetReparseDeferralEnabled(False) +- self.assertFalse(parser.GetReparseDeferralEnabled()) ++ self.assertFalse(parser.GetReparseDeferralEnabled()) + + for chunk in (b''): + parser.Parse(chunk, False) +--- a/Lib/test/test_sax.py ++++ b/Lib/test/test_sax.py +@@ -19,13 +19,11 @@ from xml.sax.xmlreader import InputSourc + from io import BytesIO, StringIO + import codecs + import os.path +-import pyexpat + import shutil + import sys + from urllib.error import URLError + import urllib.request +-from test.support import os_helper +-from test.support import findfile ++from test.support import os_helper, findfile, is_expat_2_6_0 + from test.support.os_helper import FakePath, TESTFN + + +@@ -1215,10 +1213,10 @@ class ExpatReaderTest(XmlTestBase): + + self.assertEqual(result.getvalue(), start + b"text") + +- @unittest.skipIf(pyexpat.version_info < (2, 6, 0), +- f'Expat {pyexpat.version_info} does not ' +- 'support reparse deferral') + def test_flush_reparse_deferral_enabled(self): ++ if not is_expat_2_6_0: ++ self.skipTest("Linked libexpat doesn't support reparse deferral") ++ + result = BytesIO() + xmlgen = XMLGenerator(result) + parser = create_parser() +@@ -1241,6 +1239,9 @@ class ExpatReaderTest(XmlTestBase): + self.assertEqual(result.getvalue(), start + b"") + + def test_flush_reparse_deferral_disabled(self): ++ if not is_expat_2_6_0: ++ self.skipTest("Linked libexpat doesn't support reparse deferral") ++ + result = BytesIO() + xmlgen = XMLGenerator(result) + parser = create_parser() +@@ -1249,9 +1250,8 @@ class ExpatReaderTest(XmlTestBase): + for chunk in (""): + parser.feed(chunk) + +- if pyexpat.version_info >= (2, 6, 0): +- parser._parser.SetReparseDeferralEnabled(False) +- self.assertEqual(result.getvalue(), start) # i.e. no elements started ++ parser._parser.SetReparseDeferralEnabled(False) ++ self.assertEqual(result.getvalue(), start) # i.e. no elements started + + self.assertFalse(parser._parser.GetReparseDeferralEnabled()) + +--- a/Lib/test/test_xml_etree.py ++++ b/Lib/test/test_xml_etree.py +@@ -13,7 +13,6 @@ import itertools + import operator + import os + import pickle +-import pyexpat + import sys + import textwrap + import types +@@ -1424,12 +1423,6 @@ class XMLPullParserTest(unittest.TestCas + self.assert_event_tags(parser, [('end', 'root')]) + self.assertIsNone(parser.close()) + +- def test_simple_xml_chunk_1(self): +- self.test_simple_xml(chunk_size=1, flush=True) +- +- def test_simple_xml_chunk_5(self): +- self.test_simple_xml(chunk_size=5, flush=True) +- + def test_simple_xml_chunk_22(self): + self.test_simple_xml(chunk_size=22) + +@@ -1627,9 +1620,6 @@ class XMLPullParserTest(unittest.TestCas + with self.assertRaises(ValueError): + ET.XMLPullParser(events=('start', 'end', 'bogus')) + +- @unittest.skipIf(pyexpat.version_info < (2, 6, 0), +- f'Expat {pyexpat.version_info} does not ' +- 'support reparse deferral') + def test_flush_reparse_deferral_enabled(self): + parser = ET.XMLPullParser(events=('start', 'end')) + +@@ -1656,8 +1646,6 @@ class XMLPullParserTest(unittest.TestCas + + for chunk in (""): + parser.feed(chunk) +- +- if pyexpat.version_info >= (2, 6, 0): + if not ET is pyET: + self.skipTest(f'XMLParser.(Get|Set)ReparseDeferralEnabled ' + 'methods not available in C') diff --git a/CVE-2023-52425-remove-reparse_deferral-tests.patch b/CVE-2023-52425-remove-reparse_deferral-tests.patch new file mode 100644 index 0000000..553bdf8 --- /dev/null +++ b/CVE-2023-52425-remove-reparse_deferral-tests.patch @@ -0,0 +1,60 @@ +--- + Lib/test/test_pyexpat.py | 2 ++ + Lib/test/test_sax.py | 2 ++ + Lib/test/test_xml_etree.py | 2 ++ + 3 files changed, 6 insertions(+) + +--- a/Lib/test/test_pyexpat.py ++++ b/Lib/test/test_pyexpat.py +@@ -768,6 +768,7 @@ class ReparseDeferralTest(unittest.TestC + parser.SetReparseDeferralEnabled(True) + self.assertIs(parser.GetReparseDeferralEnabled(), enabled) + ++ @unittest.skip('Tests are failing.') + def test_reparse_deferral_enabled(self): + if not is_expat_2_6_0: + self.skipTest("Linked libexpat doesn't support reparse deferral") +@@ -791,6 +792,7 @@ class ReparseDeferralTest(unittest.TestC + + self.assertEqual(started, ['doc']) + ++ @unittest.skip('Tests are failing.') + def test_reparse_deferral_disabled(self): + started = [] + +--- a/Lib/test/test_sax.py ++++ b/Lib/test/test_sax.py +@@ -1213,6 +1213,7 @@ class ExpatReaderTest(XmlTestBase): + + self.assertEqual(result.getvalue(), start + b"text") + ++ @unittest.skip('Tests are failing.') + def test_flush_reparse_deferral_enabled(self): + if not is_expat_2_6_0: + self.skipTest("Linked libexpat doesn't support reparse deferral") +@@ -1238,6 +1239,7 @@ class ExpatReaderTest(XmlTestBase): + + self.assertEqual(result.getvalue(), start + b"") + ++ @unittest.skip('Tests are failing.') + def test_flush_reparse_deferral_disabled(self): + if not is_expat_2_6_0: + self.skipTest("Linked libexpat doesn't support reparse deferral") +--- a/Lib/test/test_xml_etree.py ++++ b/Lib/test/test_xml_etree.py +@@ -1620,6 +1620,7 @@ class XMLPullParserTest(unittest.TestCas + with self.assertRaises(ValueError): + ET.XMLPullParser(events=('start', 'end', 'bogus')) + ++ @unittest.skip('Tests are failing.') + def test_flush_reparse_deferral_enabled(self): + parser = ET.XMLPullParser(events=('start', 'end')) + +@@ -1641,6 +1642,7 @@ class XMLPullParserTest(unittest.TestCas + + self.assert_event_tags(parser, [('end', 'doc')]) + ++ @unittest.skip('Tests are failing.') + def test_flush_reparse_deferral_disabled(self): + parser = ET.XMLPullParser(events=('start', 'end')) + diff --git a/CVE-2024-9287-venv_path_unquoted.patch b/CVE-2024-9287-venv_path_unquoted.patch new file mode 100644 index 0000000..541a907 --- /dev/null +++ b/CVE-2024-9287-venv_path_unquoted.patch @@ -0,0 +1,299 @@ +From 1408cc9bf9e8b19968761548c30b78d37074c21c Mon Sep 17 00:00:00 2001 +From: Y5 <124019959+y5c4l3@users.noreply.github.com> +Date: Tue, 22 Oct 2024 04:48:04 +0800 +Subject: [PATCH] gh-124651: Quote template strings in `venv` activation + scripts (GH-124712) + +This patch properly quotes template strings in `venv` activation +scripts. This mitigates potential command injection. + +(cherry picked from commit d48cc82ed25e26b02eb97c6263d95dcaa1e9111b) +--- + Lib/test/test_venv.py | 81 ++++++++++ + Lib/venv/__init__.py | 42 ++++- + Lib/venv/scripts/common/activate | 8 + Lib/venv/scripts/nt/activate.bat | 6 + Lib/venv/scripts/posix/activate.csh | 8 + Lib/venv/scripts/posix/activate.fish | 8 + Misc/NEWS.d/next/Library/2024-09-28-02-03-04.gh-issue-124651.bLBGtH.rst | 1 + 7 files changed, 134 insertions(+), 20 deletions(-) + create mode 100644 Misc/NEWS.d/next/Library/2024-09-28-02-03-04.gh-issue-124651.bLBGtH.rst + +--- a/Lib/test/test_venv.py ++++ b/Lib/test/test_venv.py +@@ -11,6 +11,7 @@ import os + import os.path + import pathlib + import re ++import shlex + import shutil + import struct + import subprocess +@@ -96,6 +97,10 @@ class BaseTest(unittest.TestCase): + result = f.read() + return result + ++ def assertEndsWith(self, string, tail): ++ if not string.endswith(tail): ++ self.fail(f"String {string!r} does not end with {tail!r}") ++ + class BasicTest(BaseTest): + """Test venv module functionality.""" + +@@ -446,6 +451,82 @@ class BasicTest(BaseTest): + 'import sys; print(sys.executable)']) + self.assertEqual(out.strip(), envpy.encode()) + ++ # gh-124651: test quoted strings ++ @unittest.skipIf(os.name == 'nt', 'contains invalid characters on Windows') ++ def test_special_chars_bash(self): ++ """ ++ Test that the template strings are quoted properly (bash) ++ """ ++ rmtree(self.env_dir) ++ bash = shutil.which('bash') ++ if bash is None: ++ self.skipTest('bash required for this test') ++ env_name = '"\';&&$e|\'"' ++ env_dir = os.path.join(os.path.realpath(self.env_dir), env_name) ++ builder = venv.EnvBuilder(clear=True) ++ builder.create(env_dir) ++ activate = os.path.join(env_dir, self.bindir, 'activate') ++ test_script = os.path.join(self.env_dir, 'test_special_chars.sh') ++ with open(test_script, "w") as f: ++ f.write(f'source {shlex.quote(activate)}\n' ++ 'python -c \'import sys; print(sys.executable)\'\n' ++ 'python -c \'import os; print(os.environ["VIRTUAL_ENV"])\'\n' ++ 'deactivate\n') ++ out, err = check_output([bash, test_script]) ++ lines = out.splitlines() ++ self.assertTrue(env_name.encode() in lines[0]) ++ self.assertEndsWith(lines[1], env_name.encode()) ++ ++ # gh-124651: test quoted strings ++ @unittest.skipIf(os.name == 'nt', 'contains invalid characters on Windows') ++ def test_special_chars_csh(self): ++ """ ++ Test that the template strings are quoted properly (csh) ++ """ ++ rmtree(self.env_dir) ++ csh = shutil.which('tcsh') or shutil.which('csh') ++ if csh is None: ++ self.skipTest('csh required for this test') ++ env_name = '"\';&&$e|\'"' ++ env_dir = os.path.join(os.path.realpath(self.env_dir), env_name) ++ builder = venv.EnvBuilder(clear=True) ++ builder.create(env_dir) ++ activate = os.path.join(env_dir, self.bindir, 'activate.csh') ++ test_script = os.path.join(self.env_dir, 'test_special_chars.csh') ++ with open(test_script, "w") as f: ++ f.write(f'source {shlex.quote(activate)}\n' ++ 'python -c \'import sys; print(sys.executable)\'\n' ++ 'python -c \'import os; print(os.environ["VIRTUAL_ENV"])\'\n' ++ 'deactivate\n') ++ out, err = check_output([csh, test_script]) ++ lines = out.splitlines() ++ self.assertTrue(env_name.encode() in lines[0]) ++ self.assertEndsWith(lines[1], env_name.encode()) ++ ++ # gh-124651: test quoted strings on Windows ++ @unittest.skipUnless(os.name == 'nt', 'only relevant on Windows') ++ def test_special_chars_windows(self): ++ """ ++ Test that the template strings are quoted properly on Windows ++ """ ++ rmtree(self.env_dir) ++ env_name = "'&&^$e" ++ env_dir = os.path.join(os.path.realpath(self.env_dir), env_name) ++ builder = venv.EnvBuilder(clear=True) ++ builder.create(env_dir) ++ activate = os.path.join(env_dir, self.bindir, 'activate.bat') ++ test_batch = os.path.join(self.env_dir, 'test_special_chars.bat') ++ with open(test_batch, "w") as f: ++ f.write('@echo off\n' ++ f'"{activate}" & ' ++ f'{self.exe} -c "import sys; print(sys.executable)" & ' ++ f'{self.exe} -c "import os; print(os.environ[\'VIRTUAL_ENV\'])" & ' ++ 'deactivate') ++ out, err = check_output([test_batch]) ++ lines = out.splitlines() ++ self.assertTrue(env_name.encode() in lines[0]) ++ self.assertEndsWith(lines[1], env_name.encode()) ++ + @unittest.skipUnless(os.name == 'nt', 'only relevant on Windows') + def test_unicode_in_batch_file(self): + """ +--- a/Lib/venv/__init__.py ++++ b/Lib/venv/__init__.py +@@ -11,6 +11,7 @@ import subprocess + import sys + import sysconfig + import types ++import shlex + + + CORE_VENV_DEPS = ('pip', 'setuptools') +@@ -394,11 +395,41 @@ class EnvBuilder: + :param context: The information for the environment creation request + being processed. + """ +- text = text.replace('__VENV_DIR__', context.env_dir) +- text = text.replace('__VENV_NAME__', context.env_name) +- text = text.replace('__VENV_PROMPT__', context.prompt) +- text = text.replace('__VENV_BIN_NAME__', context.bin_name) +- text = text.replace('__VENV_PYTHON__', context.env_exe) ++ replacements = { ++ '__VENV_DIR__': context.env_dir, ++ '__VENV_NAME__': context.env_name, ++ '__VENV_PROMPT__': context.prompt, ++ '__VENV_BIN_NAME__': context.bin_name, ++ '__VENV_PYTHON__': context.env_exe, ++ } ++ ++ def quote_ps1(s): ++ """ ++ This should satisfy PowerShell quoting rules [1], unless the quoted ++ string is passed directly to Windows native commands [2]. ++ [1]: https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_quoting_rules ++ [2]: https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_parsing#passing-arguments-that-contain-quote-characters ++ """ ++ s = s.replace("'", "''") ++ return f"'{s}'" ++ ++ def quote_bat(s): ++ return s ++ ++ # gh-124651: need to quote the template strings properly ++ quote = shlex.quote ++ script_path = context.script_path ++ if script_path.endswith('.ps1'): ++ quote = quote_ps1 ++ elif script_path.endswith('.bat'): ++ quote = quote_bat ++ else: ++ # fallbacks to POSIX shell compliant quote ++ quote = shlex.quote ++ ++ replacements = {key: quote(s) for key, s in replacements.items()} ++ for key, quoted in replacements.items(): ++ text = text.replace(key, quoted) + return text + + def install_scripts(self, context, path): +@@ -438,6 +469,7 @@ class EnvBuilder: + with open(srcfile, 'rb') as f: + data = f.read() + if not srcfile.endswith(('.exe', '.pdb')): ++ context.script_path = srcfile + try: + data = data.decode('utf-8') + data = self.replace_variables(data, context) +--- a/Lib/venv/scripts/common/activate ++++ b/Lib/venv/scripts/common/activate +@@ -35,11 +35,11 @@ deactivate () { + # unset irrelevant variables + deactivate nondestructive + +-VIRTUAL_ENV="__VENV_DIR__" ++VIRTUAL_ENV=__VENV_DIR__ + export VIRTUAL_ENV + + _OLD_VIRTUAL_PATH="$PATH" +-PATH="$VIRTUAL_ENV/__VENV_BIN_NAME__:$PATH" ++PATH="$VIRTUAL_ENV/"__VENV_BIN_NAME__":$PATH" + export PATH + + # unset PYTHONHOME if set +@@ -52,9 +52,9 @@ fi + + if [ -z "${VIRTUAL_ENV_DISABLE_PROMPT:-}" ] ; then + _OLD_VIRTUAL_PS1="${PS1:-}" +- PS1="__VENV_PROMPT__${PS1:-}" ++ PS1=__VENV_PROMPT__"${PS1:-}" + export PS1 +- VIRTUAL_ENV_PROMPT="__VENV_PROMPT__" ++ VIRTUAL_ENV_PROMPT=__VENV_PROMPT__ + export VIRTUAL_ENV_PROMPT + fi + +--- a/Lib/venv/scripts/nt/activate.bat ++++ b/Lib/venv/scripts/nt/activate.bat +@@ -8,7 +8,7 @@ if defined _OLD_CODEPAGE ( + "%SystemRoot%\System32\chcp.com" 65001 > nul + ) + +-set VIRTUAL_ENV=__VENV_DIR__ ++set "VIRTUAL_ENV=__VENV_DIR__" + + if not defined PROMPT set PROMPT=$P$G + +@@ -24,8 +24,8 @@ set PYTHONHOME= + if defined _OLD_VIRTUAL_PATH set PATH=%_OLD_VIRTUAL_PATH% + if not defined _OLD_VIRTUAL_PATH set _OLD_VIRTUAL_PATH=%PATH% + +-set PATH=%VIRTUAL_ENV%\__VENV_BIN_NAME__;%PATH% +-set VIRTUAL_ENV_PROMPT=__VENV_PROMPT__ ++set "PATH=%VIRTUAL_ENV%\__VENV_BIN_NAME__;%PATH%" ++set "VIRTUAL_ENV_PROMPT=__VENV_PROMPT__" + + :END + if defined _OLD_CODEPAGE ( +--- a/Lib/venv/scripts/posix/activate.csh ++++ b/Lib/venv/scripts/posix/activate.csh +@@ -8,17 +8,17 @@ alias deactivate 'test $?_OLD_VIRTUAL_PA + # Unset irrelevant variables. + deactivate nondestructive + +-setenv VIRTUAL_ENV "__VENV_DIR__" ++setenv VIRTUAL_ENV __VENV_DIR__ + + set _OLD_VIRTUAL_PATH="$PATH" +-setenv PATH "$VIRTUAL_ENV/__VENV_BIN_NAME__:$PATH" ++setenv PATH "$VIRTUAL_ENV/"__VENV_BIN_NAME__":$PATH" + + + set _OLD_VIRTUAL_PROMPT="$prompt" + + if (! "$?VIRTUAL_ENV_DISABLE_PROMPT") then +- set prompt = "__VENV_PROMPT__$prompt" +- setenv VIRTUAL_ENV_PROMPT "__VENV_PROMPT__" ++ set prompt = __VENV_PROMPT__"$prompt" ++ setenv VIRTUAL_ENV_PROMPT __VENV_PROMPT__ + endif + + alias pydoc python -m pydoc +--- a/Lib/venv/scripts/posix/activate.fish ++++ b/Lib/venv/scripts/posix/activate.fish +@@ -33,10 +33,10 @@ end + # Unset irrelevant variables. + deactivate nondestructive + +-set -gx VIRTUAL_ENV "__VENV_DIR__" ++set -gx VIRTUAL_ENV __VENV_DIR__ + + set -gx _OLD_VIRTUAL_PATH $PATH +-set -gx PATH "$VIRTUAL_ENV/__VENV_BIN_NAME__" $PATH ++set -gx PATH "$VIRTUAL_ENV/"__VENV_BIN_NAME__ $PATH + + # Unset PYTHONHOME if set. + if set -q PYTHONHOME +@@ -56,7 +56,7 @@ if test -z "$VIRTUAL_ENV_DISABLE_PROMPT" + set -l old_status $status + + # Output the venv prompt; color taken from the blue of the Python logo. +- printf "%s%s%s" (set_color 4B8BBE) "__VENV_PROMPT__" (set_color normal) ++ printf "%s%s%s" (set_color 4B8BBE) __VENV_PROMPT__ (set_color normal) + + # Restore the return status of the previous command. + echo "exit $old_status" | . +@@ -65,5 +65,5 @@ if test -z "$VIRTUAL_ENV_DISABLE_PROMPT" + end + + set -gx _OLD_FISH_PROMPT_OVERRIDE "$VIRTUAL_ENV" +- set -gx VIRTUAL_ENV_PROMPT "__VENV_PROMPT__" ++ set -gx VIRTUAL_ENV_PROMPT __VENV_PROMPT__ + end +--- /dev/null ++++ b/Misc/NEWS.d/next/Library/2024-09-28-02-03-04.gh-issue-124651.bLBGtH.rst +@@ -0,0 +1 @@ ++Properly quote template strings in :mod:`venv` activation scripts. diff --git a/F00251-change-user-install-location.patch b/F00251-change-user-install-location.patch new file mode 100644 index 0000000..fa38a94 --- /dev/null +++ b/F00251-change-user-install-location.patch @@ -0,0 +1,215 @@ +From 910f38d9768d39d4d31426743ae4081ed1ab66b6 Mon Sep 17 00:00:00 2001 +From: Michal Cyprian +Date: Mon, 26 Jun 2017 16:32:56 +0200 +Subject: [PATCH] 00251: Change user install location + +Set values of prefix and exec_prefix in distutils install command +to /usr/local if executable is /usr/bin/python* and RPM build +is not detected to make pip and distutils install into separate location. + +Fedora Change: https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe +--- + Lib/distutils/command/install.py | 15 +++++++++++++-- + Lib/site.py | 9 ++++++++- + 2 files changed, 21 insertions(+), 3 deletions(-) + +Index: Python-3.11.8/Lib/distutils/command/install.py +=================================================================== +--- Python-3.11.8.orig/Lib/distutils/command/install.py ++++ Python-3.11.8/Lib/distutils/command/install.py +@@ -441,8 +441,19 @@ class install(Command): + raise DistutilsOptionError( + "must not supply exec-prefix without prefix") + +- self.prefix = os.path.normpath(sys.prefix) +- self.exec_prefix = os.path.normpath(sys.exec_prefix) ++ # self.prefix is set to sys.prefix + /local/ ++ # if neither RPM build nor virtual environment is ++ # detected to make pip and distutils install packages ++ # into the separate location. ++ if (not (hasattr(sys, 'real_prefix') or ++ sys.prefix != sys.base_prefix) and ++ 'RPM_BUILD_ROOT' not in os.environ): ++ addition = "/local" ++ else: ++ addition = "" ++ ++ self.prefix = os.path.normpath(sys.prefix) + addition ++ self.exec_prefix = os.path.normpath(sys.exec_prefix) + addition + + else: + if self.exec_prefix is None: +Index: Python-3.11.8/Lib/site.py +=================================================================== +--- Python-3.11.8.orig/Lib/site.py ++++ Python-3.11.8/Lib/site.py +@@ -387,8 +387,15 @@ def getsitepackages(prefixes=None): + return sitepackages + + def addsitepackages(known_paths, prefixes=None): +- """Add site-packages to sys.path""" ++ """Add site-packages to sys.path ++ ++ '/usr/local' is included in PREFIXES if RPM build is not detected ++ to make packages installed into this location visible. ++ ++ """ + _trace("Processing global site-packages") ++ if ENABLE_USER_SITE and 'RPM_BUILD_ROOT' not in os.environ: ++ PREFIXES.insert(0, "/usr/local") + for sitedir in getsitepackages(prefixes): + if os.path.isdir(sitedir): + addsitedir(sitedir, known_paths) + +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= +Date: Mon, 15 Feb 2021 12:19:27 +0100 +Subject: [PATCH] 00251: Change user install location +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Set values of base and platbase in sysconfig from /usr +to /usr/local when RPM build is not detected +to make pip and similar tools install into separate location. + +Fedora Change: https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe +Downstream only. + +We've tried to rework in Fedora 36/Python 3.10 to follow https://bugs.python.org/issue43976 +but we have identified serious problems with that approach, +see https://bugzilla.redhat.com/2026979 or https://bugzilla.redhat.com/2097183 + +pypa/distutils integration: https://github.com/pypa/distutils/pull/70 + +Co-authored-by: Petr Viktorin +Co-authored-by: Miro Hrončok +Co-authored-by: Michal Cyprian +Co-authored-by: Lumír Balhar +--- + Lib/site.py | 9 ++++++- + Lib/sysconfig.py | 49 +++++++++++++++++++++++++++++++++++++- + Lib/test/test_sysconfig.py | 17 +++++++++++-- + 3 files changed, 71 insertions(+), 4 deletions(-) + +Index: Python-3.11.9/Lib/sysconfig.py +=================================================================== +--- Python-3.11.9.orig/Lib/sysconfig.py ++++ Python-3.11.9/Lib/sysconfig.py +@@ -103,6 +103,11 @@ if os.name == 'nt': + else: + _INSTALL_SCHEMES['venv'] = _INSTALL_SCHEMES['posix_venv'] + ++# For a brief period of time in the Fedora 36 life cycle, ++# this installation scheme existed and was documented in the release notes. ++# For backwards compatibility, we keep it here (at least on 3.10 and 3.11). ++_INSTALL_SCHEMES['rpm_prefix'] = _INSTALL_SCHEMES['posix_prefix'] ++ + + # NOTE: site.py has copy of this function. + # Sync it when modify this function. +@@ -162,6 +167,19 @@ if _HAS_USER_BASE: + }, + } + ++# This is used by distutils.command.install in the stdlib ++# as well as pypa/distutils (e.g. bundled in setuptools). ++# The self.prefix value is set to sys.prefix + /local/ ++# if neither RPM build nor virtual environment is ++# detected to make distutils install packages ++# into the separate location. ++# https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe ++if (not (hasattr(sys, 'real_prefix') or ++ sys.prefix != sys.base_prefix) and ++ 'RPM_BUILD_ROOT' not in os.environ): ++ _prefix_addition = '/local' ++ ++ + _SCHEME_KEYS = ('stdlib', 'platstdlib', 'purelib', 'platlib', 'include', + 'scripts', 'data') + +@@ -258,11 +276,40 @@ def _extend_dict(target_dict, other_dict + target_dict[key] = value + + ++_CONFIG_VARS_LOCAL = None ++ ++ ++def _config_vars_local(): ++ # This function returns the config vars with prefixes amended to /usr/local ++ # https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe ++ global _CONFIG_VARS_LOCAL ++ if _CONFIG_VARS_LOCAL is None: ++ _CONFIG_VARS_LOCAL = dict(get_config_vars()) ++ _CONFIG_VARS_LOCAL['base'] = '/usr/local' ++ _CONFIG_VARS_LOCAL['platbase'] = '/usr/local' ++ return _CONFIG_VARS_LOCAL ++ ++ + def _expand_vars(scheme, vars): + res = {} + if vars is None: + vars = {} +- _extend_dict(vars, get_config_vars()) ++ ++ # when we are not in a virtual environment or an RPM build ++ # we change '/usr' to '/usr/local' ++ # to avoid surprises, we explicitly check for the /usr/ prefix ++ # Python virtual environments have different prefixes ++ # we only do this for posix_prefix, not to mangle the venv scheme ++ # posix_prefix is used by sudo pip install ++ # we only change the defaults here, so explicit --prefix will take precedence ++ # https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe ++ if (scheme == 'posix_prefix' and ++ _PREFIX == '/usr' and ++ 'RPM_BUILD_ROOT' not in os.environ): ++ _extend_dict(vars, _config_vars_local()) ++ else: ++ _extend_dict(vars, get_config_vars()) ++ + if os.name == 'nt': + # On Windows we want to substitute 'lib' for schemes rather + # than the native value (without modifying vars, in case it +Index: Python-3.11.9/Lib/test/test_sysconfig.py +=================================================================== +--- Python-3.11.9.orig/Lib/test/test_sysconfig.py ++++ Python-3.11.9/Lib/test/test_sysconfig.py +@@ -111,8 +111,19 @@ class TestSysConfig(unittest.TestCase): + for scheme in _INSTALL_SCHEMES: + for name in _INSTALL_SCHEMES[scheme]: + expected = _INSTALL_SCHEMES[scheme][name].format(**config_vars) ++ tested = get_path(name, scheme) ++ # https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe ++ if tested.startswith('/usr/local'): ++ # /usr/local should only be used in posix_prefix ++ self.assertEqual(scheme, 'posix_prefix') ++ # Fedora CI runs tests for venv and virtualenv that check for other prefixes ++ self.assertEqual(sys.prefix, '/usr') ++ # When building the RPM of Python, %check runs this with RPM_BUILD_ROOT set ++ # Fedora CI runs this with RPM_BUILD_ROOT unset ++ self.assertNotIn('RPM_BUILD_ROOT', os.environ) ++ tested = tested.replace('/usr/local', '/usr') + self.assertEqual( +- os.path.normpath(get_path(name, scheme)), ++ os.path.normpath(tested), + os.path.normpath(expected), + ) + +@@ -345,7 +356,7 @@ class TestSysConfig(unittest.TestCase): + self.assertTrue(os.path.isfile(config_h), config_h) + + def test_get_scheme_names(self): +- wanted = ['nt', 'posix_home', 'posix_prefix', 'posix_venv', 'nt_venv', 'venv'] ++ wanted = ['nt', 'posix_home', 'posix_prefix', 'posix_venv', 'nt_venv', 'venv', 'rpm_prefix'] + if HAS_USER_BASE: + wanted.extend(['nt_user', 'osx_framework_user', 'posix_user']) + self.assertEqual(get_scheme_names(), tuple(sorted(wanted))) +@@ -357,6 +368,8 @@ class TestSysConfig(unittest.TestCase): + cmd = "-c", "import sysconfig; print(sysconfig.get_platform())" + self.assertEqual(py.call_real(*cmd), py.call_link(*cmd)) + ++ @unittest.skipIf('RPM_BUILD_ROOT' not in os.environ, ++ "Test doesn't expect Fedora's paths") + def test_user_similar(self): + # Issue #8759: make sure the posix scheme for the users + # is similar to the global posix_prefix one diff --git a/PACKAGING-NOTES b/PACKAGING-NOTES new file mode 100644 index 0000000..e28c88c --- /dev/null +++ b/PACKAGING-NOTES @@ -0,0 +1,26 @@ +Notes for packagers of Python3 +============================== + +0. Faster build turnaround +-------------------------- + +By default, python builds with profile-guided optimization. This needs +an additional run of the test suite and it is generally slow. +PGO build takes around 50 minutes. + +For development, use "--without profileopt" option to disable PGO. This +shortens the build time to ~5 minutes including test suite. + +1. import_failed.map +---------------------- + +This is a mechanism installed as part of python3-base, that places shim modules +on python's path (through a generated zzzz-import-failed-hooks.pth file, so that +it is imported as much at the end as makes sense; and an _import_failed subdir +of /usr/lib/pythonX.Y). Then when the user tries to import a module that is part +of a subpackage, the ImportError will contain a helpful message telling them +which missing subpackage to install. + +This can sometimes cause problems on non-standard configurations, if the pth +gets included too early (for instance if you are using a script to include all +pths by hand in some strange order). Just something to look out for. diff --git a/Python-3.11.10.tar.xz b/Python-3.11.10.tar.xz new file mode 100644 index 0000000..f87e7ad --- /dev/null +++ b/Python-3.11.10.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:07a4356e912900e61a15cb0949a06c4a05012e213ecd6b4e84d0f67aabbee372 +size 20067656 diff --git a/Python-3.11.10.tar.xz.asc b/Python-3.11.10.tar.xz.asc new file mode 100644 index 0000000..243d1b1 --- /dev/null +++ b/Python-3.11.10.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEz9yiRbEEPPKl+Xhl/+h0BBaL2EcFAmbbrO0ACgkQ/+h0BBaL +2Ec+YBAAnQJLKYPjj7Yr7xkFU655Sv86JxeRAdWjnIapbiIuWg3Up8Pd8FTRgHGf +3XdTHw7b03lSjtzJwavzdnDklqAlBIGn9dVieljUIN7NYyNxoYOr/AiatimgSwv7 +dI5mfun5fLKV6ZcdNdQN5PJ3RZtF3I7VfkN2mlfZJHtxl1agdU/TfW2L+qJ7+JPY +cayjq2xKTLRNXOf2iV29GRRovLiqA+Dx0+cAwsScwreHMp3U4k3GkeHVoR6fldV4 +bVAM8GRl3CYVFePiqAbamKP1BSys44JOINWbWyd94JxzEAwXWz//Es0h73AzeRfK +ueORqzdoOGrVc74+HGlAHhqO1Gg7jMMmtkzCEuav+cGHYnMRMOngGR3q47aTJTVb +5UdP0oD4OlADPFVa6q0LCqN/IFlebWMh9pXYw7Wpek63oNuZHTfNPq4S1AUM2HJm +C3yzaOG9VAdYfLneJC4ldY4CVt1FKckfaXp5OAaMr71DI74e4CcEswlUupZJLZKV +TJRjQD15bnXGhHDqU4w3RmzpCWMh2mf4m4VMYQyObl3TtlX+gVvzIhDS5+mXqutB +F1pdXwaHHkTb2PLLxpwOGrnsp8XoW74tsylcYirQg8jSFMbgxfwgIjEIuRGXeDkT +B4QzmQ4SxsbLiH7etV6Fznl1h569Z4DO9OOs4i0ZzIjdhPDQtAs= +=TatG +-----END PGP SIGNATURE----- diff --git a/Python-3.11.11.tar.xz b/Python-3.11.11.tar.xz new file mode 100644 index 0000000..e0581b1 --- /dev/null +++ b/Python-3.11.11.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:2a9920c7a0cd236de33644ed980a13cbbc21058bfdc528febb6081575ed73be3 +size 20085792 diff --git a/Python-3.11.11.tar.xz.sigstore b/Python-3.11.11.tar.xz.sigstore new file mode 100644 index 0000000..782816a --- /dev/null +++ b/Python-3.11.11.tar.xz.sigstore @@ -0,0 +1 @@ +{"mediaType": "application/vnd.dev.sigstore.bundle.v0.3+json", "verificationMaterial": {"certificate": {"rawBytes": "MIICzDCCAlOgAwIBAgIUWcRolJPsPmtJKA6VkjHSj7PtjY8wCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjQxMjAzMTgxOTA1WhcNMjQxMjAzMTgyOTA1WjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEN+fBJCRZIAZiWPBdjyQVD+x5vgmjuuVct1HkPHIBMuEe7wI4mBG2BhJ3fHkpr97efIH6ELMmPV99edyAIZFXR6OCAXIwggFuMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUkutZdHfCCSvGI87mjnBRwZB8ihYwHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4YZD8wIgYDVR0RAQH/BBgwFoEUcGFibG9nc2FsQHB5dGhvbi5vcmcwKQYKKwYBBAGDvzABAQQbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMCsGCisGAQQBg78wAQgEHQwbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMIGKBgorBgEEAdZ5AgQCBHwEegB4AHYA3T0wasbHETJjGR4cmWc3AqJKXrjePK3/h4pygC8p7o4AAAGTjb9QlwAABAMARzBFAiEA4ddSINhYM+p0+DGzRqnA8rVtJF9YgI+9znXiq9fqQNkCIEErcSnQmN8jjErhwWWtcTM5GgH4ka/uk5kdHTycwxj3MAoGCCqGSM49BAMDA2cAMGQCMFmkCEH2pCBpFeFiUi2uA4opcJP6vh/zqb+D0tbxqd+jwbBkuDxDqA9/Ao3UWop+twIwO9o71KAlYWPSPYMeZERM4R8zWlp9mVJPiK3tgOJJi40MNmxwtfsQeQtncqiQLBAH"}, "tlogEntries": [{"logIndex": "153122039", "logId": {"keyId": "wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="}, "kindVersion": {"kind": "hashedrekord", "version": "0.0.1"}, "integratedTime": "1733249946", "inclusionPromise": {"signedEntryTimestamp": "MEUCIBL9zpVJtljIuZtAe8uptLfDmakmbAjy5ELp2q8WJTQ7AiEAv6lIpyJZycHwTS+JHYJFzMVv0SmA8yQ0eMneBivMhPY="}, "inclusionProof": {"logIndex": "31217777", "rootHash": "BMKHBPePzSbNqf2NyF/Ejuyy3troRGpNS41Dqe43nZ0=", "treeSize": "31217778", "hashes": ["lrr8dxmtgD09fnZTo1tMTY00HNKc2ZIpbZa1djDeTes=", "yFxGSg1RDbtZ/eNftnMdBJGNEZmmLyx2ZRDFtAIMHAk=", "GeqsQGnvgc+gcuaIC+vQ5b0RdTyBxBnYTpbeW2AeD+Q=", "dMTPeN/a9xCQQP+Hz7sddW0pPj8n54sfkhcf3XhjrMM=", "XjayhjKU3shP7q7lhmhKDv3Vpi4gJgAPCu0KlEzc9Qo=", "go1dmexQYS5etu69upRRX7IFvuA0rIcT9aYjMstmPIU=", "AYwr74Bm2w383UnS7DdbZUUAhusq28JoxKpWrQ7OvGQ=", "u+yWmGIR6sAH32wiSy22mz1Yf+jfPdBTjFbyRISuTZw=", "3eFC7Gp4fWecybDOAw9uUTrM1xB7YRYRAGsfYkiQbV8=", "1uKk2qjOliHMiTk906jrchP8mXWsRG8apaU1sa0lfh0=", "oOecFfN3YqDOkbijS/ej1WF5Da/Gt/AZNhbwE9uoOE8=", "4lUF0YOu9XkIDXKXA0wMSzd6VeDY3TZAgmoOeWmS2+Y=", "gf+9m552B3PnkWnO0o4KdVvjcT3WVHLrCbf1DoVYKFw="], "checkpoint": {"envelope": "rekor.sigstore.dev - 1193050959916656506\n31217778\nBMKHBPePzSbNqf2NyF/Ejuyy3troRGpNS41Dqe43nZ0=\n\n\u2014 rekor.sigstore.dev wNI9ajBEAiA7ed0HqugBwVpmxDAR1VN35J91/+DeRdj09y5lFY+bRwIgYe07JnZlJvp3MfAMXX3i4XBsZoDRZoXtwfBaRj/8x8s=\n"}}, "canonicalizedBody": "eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiaGFzaGVkcmVrb3JkIiwic3BlYyI6eyJkYXRhIjp7Imhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiIyYTk5MjBjN2EwY2QyMzZkZTMzNjQ0ZWQ5ODBhMTNjYmJjMjEwNThiZmRjNTI4ZmViYjYwODE1NzVlZDczYmUzIn19LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FVUNJRU5KSGllaWs5WkVibW83a0p4ZUhWY2FvVDVYOUxyWG1zRTVxc1I5R1JpSEFpRUFtcHZyV21vUHF5YzRpQ09VYXVmY3dKTllMK1lPTWU0b0NOaWRLVGduT1FBPSIsInB1YmxpY0tleSI6eyJjb250ZW50IjoiTFMwdExTMUNSVWRKVGlCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2sxSlNVTjZSRU5EUVd4UFowRjNTVUpCWjBsVlYyTlNiMnhLVUhOUWJYUktTMEUyVm10cVNGTnFOMUIwYWxrNGQwTm5XVWxMYjFwSmVtb3dSVUYzVFhjS1RucEZWazFDVFVkQk1WVkZRMmhOVFdNeWJHNWpNMUoyWTIxVmRWcEhWakpOVWpSM1NFRlpSRlpSVVVSRmVGWjZZVmRrZW1SSE9YbGFVekZ3WW01U2JBcGpiVEZzV2tkc2FHUkhWWGRJYUdOT1RXcFJlRTFxUVhwTlZHZDRUMVJCTVZkb1kwNU5hbEY0VFdwQmVrMVVaM2xQVkVFeFYycEJRVTFHYTNkRmQxbElDa3R2V2tsNmFqQkRRVkZaU1V0dldrbDZhakJFUVZGalJGRm5RVVZPSzJaQ1NrTlNXa2xCV21sWFVFSmthbmxSVmtRcmVEVjJaMjFxZFhWV1kzUXhTR3NLVUVoSlFrMTFSV1UzZDBrMGJVSkhNa0pvU2pObVNHdHdjamszWldaSlNEWkZURTF0VUZZNU9XVmtlVUZKV2taWVVqWlBRMEZZU1hkblowWjFUVUUwUndwQk1WVmtSSGRGUWk5M1VVVkJkMGxJWjBSQlZFSm5UbFpJVTFWRlJFUkJTMEpuWjNKQ1owVkdRbEZqUkVGNlFXUkNaMDVXU0ZFMFJVWm5VVlZyZFhSYUNtUklaa05EVTNaSFNUZzNiV3B1UWxKM1drSTRhV2haZDBoM1dVUldVakJxUWtKbmQwWnZRVlV6T1ZCd2VqRlphMFZhWWpWeFRtcHdTMFpYYVhocE5Ga0tXa1E0ZDBsbldVUldVakJTUVZGSUwwSkNaM2RHYjBWVlkwZEdhV0pIT1c1ak1rWnpVVWhDTldSSGFIWmlhVFYyWTIxamQwdFJXVXRMZDFsQ1FrRkhSQXAyZWtGQ1FWRlJZbUZJVWpCalNFMDJUSGs1YUZreVRuWmtWelV3WTNrMWJtSXlPVzVpUjFWMVdUSTVkRTFEYzBkRGFYTkhRVkZSUW1jM09IZEJVV2RGQ2toUmQySmhTRkl3WTBoTk5reDVPV2haTWs1MlpGYzFNR041Tlc1aU1qbHVZa2RWZFZreU9YUk5TVWRMUW1kdmNrSm5SVVZCWkZvMVFXZFJRMEpJZDBVS1pXZENORUZJV1VFelZEQjNZWE5pU0VWVVNtcEhValJqYlZkak0wRnhTa3RZY21wbFVFc3pMMmcwY0hsblF6aHdOMjgwUVVGQlIxUnFZamxSYkhkQlFRcENRVTFCVW5wQ1JrRnBSVUUwWkdSVFNVNW9XVTByY0RBclJFZDZVbkZ1UVRoeVZuUktSamxaWjBrck9YcHVXR2x4T1daeFVVNXJRMGxGUlhKalUyNVJDbTFPT0dwcVJYSm9kMWRYZEdOVVRUVkhaMGcwYTJFdmRXczFhMlJJVkhsamQzaHFNMDFCYjBkRFEzRkhVMDAwT1VKQlRVUkJNbU5CVFVkUlEwMUdiV3NLUTBWSU1uQkRRbkJHWlVacFZXa3lkVUUwYjNCalNsQTJkbWd2ZW5GaUswUXdkR0o0Y1dRcmFuZGlRbXQxUkhoRWNVRTVMMEZ2TTFWWGIzQXJkSGRKZHdwUE9XODNNVXRCYkZsWFVGTlFXVTFsV2tWU1RUUlNPSHBYYkhBNWJWWktVR2xMTTNSblQwcEthVFF3VFU1dGVIZDBabk5SWlZGMGJtTnhhVkZNUWtGSUNpMHRMUzB0UlU1RUlFTkZVbFJKUmtsRFFWUkZMUzB0TFMwSyJ9fX19"}]}, "messageSignature": {"messageDigest": {"algorithm": "SHA2_256", "digest": "Kpkgx6DNI23jNkTtmAoTy7whBYv9xSj+u2CBV17XO+M="}, "signature": "MEUCIENJHieik9ZEbmo7kJxeHVcaoT5X9LrXmsE5qsR9GRiHAiEAmpvrWmoPqyc4iCOUaufcwJNYL+YOMe4oCNidKTgnOQA="}} diff --git a/README.SUSE b/README.SUSE new file mode 100644 index 0000000..0053bcf --- /dev/null +++ b/README.SUSE @@ -0,0 +1,43 @@ +Python 3 in SUSE +============== + +* Subpackages * + +Python 3 is split into several subpackages, based on external dependencies. +The main package 'python3' has soft dependencies on all subpackages needed to +assemble the standard library; however, these might not all be installed by default. + +If you attempt to import a module that is currently not installed, an ImportError is thrown, +with instructions to install the missing subpackage. Installing the subpackage might result +in installing libraries that the subpackage requires to function. + + +* ensurepip * + +The 'ensurepip' module from Python 3 standard library (PEP 453) is supposed to deploy +a bundled copy of the pip installer. This makes no sense in a managed distribution like SUSE. +Instead, you need to install package 'python3-pip'. Usually this will be installed automatically +with 'python3'. + +Using 'ensurepip' when pip is not installed will result in an ImportError with instructions +to install 'python3-pip'. + + +* Documentation * + +You can find documentation in seprarate packages: python3-doc and +python3-doc-pdf. These contan following documents: + + Tutorial, What's New in Python, Global Module Index, Library Reference, + Macintosh Module Reference, Installing Python Modules, Distributing Python + Modules, Language Reference, Extending and Embedding, Python/C API, + Documenting Python + +The python3-doc package constains many text files from source tarball. + + +* Interactive mode * + +Interactive mode is by default enhanced with of history and command completion. +If you don't like these features, you can unset the PYTHONSTARTUP variable +in your .profile or disable it system wide in /etc/profile.d/python.sh. diff --git a/_multibuild b/_multibuild new file mode 100644 index 0000000..1d50bc4 --- /dev/null +++ b/_multibuild @@ -0,0 +1,4 @@ + + base + doc + diff --git a/add-loongarch64-support.patch b/add-loongarch64-support.patch new file mode 100644 index 0000000..f0c8035 --- /dev/null +++ b/add-loongarch64-support.patch @@ -0,0 +1,25 @@ +Description: Add platform triplets for LoongArch. + +--- a/configure.ac ++++ b/configure.ac +@@ -976,6 +976,20 @@ cat > conftest.c <=6) && defined(_MIPSEL) diff --git a/baselibs.conf b/baselibs.conf new file mode 100644 index 0000000..1793de8 --- /dev/null +++ b/baselibs.conf @@ -0,0 +1,3 @@ +python311-base +python311 +libpython3_11-1_0 diff --git a/bluez-devel-vendor.tar.xz b/bluez-devel-vendor.tar.xz new file mode 100644 index 0000000..57fb3e5 --- /dev/null +++ b/bluez-devel-vendor.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:868fbfba2ddaed62f2c45cf869fe2c648527ac3bac738f4f41f3c2872f5b0211 +size 25040 diff --git a/bpo-31046_ensurepip_honours_prefix.patch b/bpo-31046_ensurepip_honours_prefix.patch new file mode 100644 index 0000000..86882ae --- /dev/null +++ b/bpo-31046_ensurepip_honours_prefix.patch @@ -0,0 +1,173 @@ +From 5754521af1d51aa8e445cba07a093bbc0c88596d Mon Sep 17 00:00:00 2001 +From: Zackery Spytz +Date: Mon, 16 Dec 2019 18:24:08 -0700 +Subject: [PATCH] bpo-31046: ensurepip does not honour the value of $(prefix) + +Co-Authored-By: Xavier de Gaye +--- + Doc/library/ensurepip.rst | 9 +++-- + Lib/ensurepip/__init__.py | 18 +++++++--- + Lib/test/test_ensurepip.py | 11 ++++++ + Makefile.pre.in | 4 +- + Misc/NEWS.d/next/Build/2019-12-16-17-50-42.bpo-31046.XA-Qfr.rst | 1 + 5 files changed, 34 insertions(+), 9 deletions(-) + create mode 100644 Misc/NEWS.d/next/Build/2019-12-16-17-50-42.bpo-31046.XA-Qfr.rst + +Index: Python-3.11.8/Doc/library/ensurepip.rst +=================================================================== +--- Python-3.11.8.orig/Doc/library/ensurepip.rst ++++ Python-3.11.8/Doc/library/ensurepip.rst +@@ -59,7 +59,9 @@ is at least as recent as the one availab + By default, ``pip`` is installed into the current virtual environment + (if one is active) or into the system site packages (if there is no + active virtual environment). The installation location can be controlled +-through two additional command line options: ++through some additional command line options: ++ ++* ``--prefix ``: Installs ``pip`` using the given directory prefix. + + * :samp:`--root {dir}`: Installs ``pip`` relative to the given root directory + rather than the root of the currently active virtual environment (if any) +@@ -92,7 +94,7 @@ Module API + Returns a string specifying the available version of pip that will be + installed when bootstrapping an environment. + +-.. function:: bootstrap(root=None, upgrade=False, user=False, \ ++.. function:: bootstrap(root=None, prefix=None, upgrade=False, user=False, \ + altinstall=False, default_pip=False, \ + verbosity=0) + +@@ -102,6 +104,8 @@ Module API + If *root* is ``None``, then installation uses the default install location + for the current environment. + ++ *prefix* specifies the directory prefix to use when installing. ++ + *upgrade* indicates whether or not to upgrade an existing installation + of an earlier version of ``pip`` to the available version. + +@@ -122,6 +126,8 @@ Module API + *verbosity* controls the level of output to :data:`sys.stdout` from the + bootstrapping operation. + ++ .. versionchanged:: 3.9 the *prefix* parameter was added. ++ + .. audit-event:: ensurepip.bootstrap root ensurepip.bootstrap + + .. note:: +Index: Python-3.11.8/Lib/ensurepip/__init__.py +=================================================================== +--- Python-3.11.8.orig/Lib/ensurepip/__init__.py ++++ Python-3.11.8/Lib/ensurepip/__init__.py +@@ -122,27 +122,27 @@ def _disable_pip_configuration_settings( + os.environ['PIP_CONFIG_FILE'] = os.devnull + + +-def bootstrap(*, root=None, upgrade=False, user=False, ++def bootstrap(*, root=None, prefix=None, upgrade=False, user=False, + altinstall=False, default_pip=False, + verbosity=0): + """ + Bootstrap pip into the current Python installation (or the given root +- directory). ++ and directory prefix). + + Note that calling this function will alter both sys.path and os.environ. + """ + # Discard the return value +- _bootstrap(root=root, upgrade=upgrade, user=user, ++ _bootstrap(root=root, prefix=prefix, upgrade=upgrade, user=user, + altinstall=altinstall, default_pip=default_pip, + verbosity=verbosity) + + +-def _bootstrap(*, root=None, upgrade=False, user=False, ++def _bootstrap(*, root=None, prefix=None, upgrade=False, user=False, + altinstall=False, default_pip=False, + verbosity=0): + """ + Bootstrap pip into the current Python installation (or the given root +- directory). Returns pip command status code. ++ and directory prefix). Returns pip command status code. + + Note that calling this function will alter both sys.path and os.environ. + """ +@@ -192,6 +192,8 @@ def _bootstrap(*, root=None, upgrade=Fal + args = ["install", "--no-cache-dir", "--no-index", "--find-links", tmpdir] + if root: + args += ["--root", root] ++ if prefix: ++ args += ["--prefix", prefix] + if upgrade: + args += ["--upgrade"] + if user: +@@ -267,6 +269,11 @@ def _main(argv=None): + help="Install everything relative to this alternate root directory.", + ) + parser.add_argument( ++ "--prefix", ++ default=None, ++ help="Install everything using this prefix.", ++ ) ++ parser.add_argument( + "--altinstall", + action="store_true", + default=False, +@@ -285,6 +292,7 @@ def _main(argv=None): + + return _bootstrap( + root=args.root, ++ prefix=args.prefix, + upgrade=args.upgrade, + user=args.user, + verbosity=args.verbosity, +Index: Python-3.11.8/Lib/test/test_ensurepip.py +=================================================================== +--- Python-3.11.8.orig/Lib/test/test_ensurepip.py ++++ Python-3.11.8/Lib/test/test_ensurepip.py +@@ -112,6 +112,17 @@ class TestBootstrap(EnsurepipMixin, unit + unittest.mock.ANY, + ) + ++ def test_bootstrapping_with_prefix(self): ++ ensurepip.bootstrap(prefix="/foo/bar/") ++ self.run_pip.assert_called_once_with( ++ [ ++ "install", "--no-cache-dir", "--no-index", "--find-links", ++ unittest.mock.ANY, "--prefix", "/foo/bar/", ++ "setuptools", "pip", ++ ], ++ unittest.mock.ANY, ++ ) ++ + def test_bootstrapping_with_user(self): + ensurepip.bootstrap(user=True) + +Index: Python-3.11.8/Makefile.pre.in +=================================================================== +--- Python-3.11.8.orig/Makefile.pre.in ++++ Python-3.11.8/Makefile.pre.in +@@ -1761,7 +1761,7 @@ install: @FRAMEWORKINSTALLFIRST@ commoni + install|*) ensurepip="" ;; \ + esac; \ + $(RUNSHARED) $(PYTHON_FOR_BUILD) -m ensurepip \ +- $$ensurepip --root=$(DESTDIR)/ ; \ ++ $$ensurepip --root=$(DESTDIR)/ --prefix=$(prefix) ; \ + fi + + altinstall: commoninstall +@@ -1771,7 +1771,7 @@ altinstall: commoninstall + install|*) ensurepip="--altinstall" ;; \ + esac; \ + $(RUNSHARED) $(PYTHON_FOR_BUILD) -m ensurepip \ +- $$ensurepip --root=$(DESTDIR)/ ; \ ++ $$ensurepip --root=$(DESTDIR)/ --prefix=$(prefix) ; \ + fi + + commoninstall: check-clean-src @FRAMEWORKALTINSTALLFIRST@ \ +Index: Python-3.11.8/Misc/NEWS.d/next/Build/2019-12-16-17-50-42.bpo-31046.XA-Qfr.rst +=================================================================== +--- /dev/null ++++ Python-3.11.8/Misc/NEWS.d/next/Build/2019-12-16-17-50-42.bpo-31046.XA-Qfr.rst +@@ -0,0 +1 @@ ++A directory prefix can now be specified when using :mod:`ensurepip`. diff --git a/bsc1221260-test_asyncio-ResourceWarning.patch b/bsc1221260-test_asyncio-ResourceWarning.patch new file mode 100644 index 0000000..15d6b8d --- /dev/null +++ b/bsc1221260-test_asyncio-ResourceWarning.patch @@ -0,0 +1,21 @@ +From a3052035485bd2836e40f5284657ca105382cbfd Mon Sep 17 00:00:00 2001 +From: sobolevn +Date: Tue, 5 Mar 2024 20:24:16 +0300 +Subject: [PATCH] gh-116112: Fix `ResourceWarning` in + `test_asyncio.test_stream` + +Co-authored-by: @CendioOssman +--- + Lib/test/test_asyncio/test_streams.py | 1 + + 1 file changed, 1 insertion(+) + +--- a/Lib/test/test_asyncio/test_streams.py ++++ b/Lib/test/test_asyncio/test_streams.py +@@ -1156,6 +1156,7 @@ os.close(fd) + + def test_unhandled_cancel(self): + async def handle_echo(reader, writer): ++ writer.close() + asyncio.current_task().cancel() + messages = self._basetest_unhandled_exceptions(handle_echo) + self.assertEqual(messages, []) diff --git a/bso1227999-reproducible-builds.patch b/bso1227999-reproducible-builds.patch new file mode 100644 index 0000000..fb33d18 --- /dev/null +++ b/bso1227999-reproducible-builds.patch @@ -0,0 +1,37 @@ +From ac2b8869724d7a57d9b5efbdce2f20423214e8bb Mon Sep 17 00:00:00 2001 +From: "Bernhard M. Wiedemann" +Date: Tue, 16 Jul 2024 21:39:33 +0200 +Subject: [PATCH] Allow to override build date with SOURCE_DATE_EPOCH + +to make builds reproducible. +See https://reproducible-builds.org/ for why this is good +and https://reproducible-builds.org/specs/source-date-epoch/ +for the definition of this variable. +--- + Doc/conf.py | 3 ++- + Doc/library/functions.rst | 2 +- + 2 files changed, 3 insertions(+), 2 deletions(-) + +--- a/Doc/conf.py ++++ b/Doc/conf.py +@@ -316,7 +316,8 @@ html_context = { + } + + # This 'Last updated on:' timestamp is inserted at the bottom of every page. +-html_last_updated_fmt = time.strftime('%b %d, %Y (%H:%M UTC)', time.gmtime()) ++html_time = int(os.environ.get('SOURCE_DATE_EPOCH', time.time())) ++html_last_updated_fmt = time.strftime('%b %d, %Y (%H:%M UTC)', time.gmtime(html_time)) + + # Path to find HTML templates. + templates_path = ['tools/templates'] +--- a/Doc/library/functions.rst ++++ b/Doc/library/functions.rst +@@ -1356,7 +1356,7 @@ are always available. They are listed h + (where :func:`open` is declared), :mod:`os`, :mod:`os.path`, :mod:`tempfile`, + and :mod:`shutil`. + +- .. audit-event:: open file,mode,flags open ++ .. audit-event:: open path,mode,flags open + + The ``mode`` and ``flags`` arguments may have been modified or inferred from + the original call. diff --git a/distutils-reproducible-compile.patch b/distutils-reproducible-compile.patch new file mode 100644 index 0000000..17e8bd2 --- /dev/null +++ b/distutils-reproducible-compile.patch @@ -0,0 +1,17 @@ +--- + Lib/distutils/util.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +Index: Python-3.11.8/Lib/distutils/util.py +=================================================================== +--- Python-3.11.8.orig/Lib/distutils/util.py ++++ Python-3.11.8/Lib/distutils/util.py +@@ -436,7 +436,7 @@ byte_compile(files, optimize=%r, force=% + else: + from py_compile import compile + +- for file in py_files: ++ for file in sorted(py_files): + if file[-3:] != ".py": + # This lets us be lazy and not filter filenames in + # the "install_lib" command. diff --git a/externally_managed.in b/externally_managed.in new file mode 100644 index 0000000..54606b6 --- /dev/null +++ b/externally_managed.in @@ -0,0 +1,12 @@ +[externally-managed] +Error=To install Python packages system-wide, try + zypper install __PYTHONPREFIX__-xyz, where xyz is the package + you are trying to install. + + If you wish to install a non-rpm packaged Python package, + create a virtual environment using __PYTHON__ -m venv path/to/venv. + Then use path/to/venv/bin/python and path/to/venv/bin/pip. + + If you wish to install a non-rpm packaged Python application, + it may be easiest to use `pipx install xyz`, which will manage a + virtual environment for you. Install pipx via `zypper install __PYTHONPREFIX__-pipx` . diff --git a/fix_configure_rst.patch b/fix_configure_rst.patch new file mode 100644 index 0000000..7c6fd0e --- /dev/null +++ b/fix_configure_rst.patch @@ -0,0 +1,40 @@ +--- + Doc/using/configure.rst | 3 --- + Misc/NEWS | 2 +- + 2 files changed, 1 insertion(+), 4 deletions(-) + +--- a/Doc/using/configure.rst ++++ b/Doc/using/configure.rst +@@ -43,7 +43,6 @@ General Options + + See :data:`sys.int_info.bits_per_digit `. + +-.. option:: --with-cxx-main + .. option:: --with-cxx-main=COMPILER + + Compile the Python ``main()`` function and link Python executable with C++ +@@ -529,13 +528,11 @@ macOS Options + + See ``Mac/README.rst``. + +-.. option:: --enable-universalsdk + .. option:: --enable-universalsdk=SDKDIR + + Create a universal binary build. *SDKDIR* specifies which macOS SDK should + be used to perform the build (default is no). + +-.. option:: --enable-framework + .. option:: --enable-framework=INSTALLDIR + + Create a Python.framework rather than a traditional Unix install. Optional +--- a/Misc/NEWS ++++ b/Misc/NEWS +@@ -9774,7 +9774,7 @@ C API + - bpo-40939: Removed documentation for the removed ``PyParser_*`` C API. + + - bpo-43795: The list in :ref:`limited-api-list` now shows the public name +- :c:struct:`PyFrameObject` rather than ``_frame``. The non-existing entry ++ :c:type:`PyFrameObject` rather than ``_frame``. The non-existing entry + ``_node`` no longer appears in the list. + + - bpo-44378: :c:func:`Py_IS_TYPE` no longer uses :c:func:`Py_TYPE` to avoid diff --git a/gh120226-fix-sendfile-test-kernel-610.patch b/gh120226-fix-sendfile-test-kernel-610.patch new file mode 100644 index 0000000..2eb6f63 --- /dev/null +++ b/gh120226-fix-sendfile-test-kernel-610.patch @@ -0,0 +1,35 @@ +From 1b3f6523a5c83323cdc44031b33a1c062e5dc698 Mon Sep 17 00:00:00 2001 +From: Xi Ruoyao +Date: Fri, 7 Jun 2024 23:51:32 +0800 +Subject: [PATCH] gh-120226: Fix + test_sendfile_close_peer_in_the_middle_of_receiving on Linux >= 6.10 + (GH-120227) + +The worst case is that the kernel buffers 17 pages with a page size of 64k. +(cherry picked from commit a7584245661102a5768c643fbd7db8395fd3c90e) + +Co-authored-by: Xi Ruoyao +--- + Lib/test/test_asyncio/test_sendfile.py | 11 ++++------- + 1 file changed, 4 insertions(+), 7 deletions(-) + +--- a/Lib/test/test_asyncio/test_sendfile.py ++++ b/Lib/test/test_asyncio/test_sendfile.py +@@ -93,13 +93,10 @@ class MyProto(asyncio.Protocol): + + class SendfileBase: + +- # 256 KiB plus small unaligned to buffer chunk +- # Newer versions of Windows seems to have increased its internal +- # buffer and tries to send as much of the data as it can as it +- # has some form of buffering for this which is less than 256KiB +- # on newer server versions and Windows 11. +- # So DATA should be larger than 256 KiB to make this test reliable. +- DATA = b"x" * (1024 * 256 + 1) ++ # Linux >= 6.10 seems buffering up to 17 pages of data. ++ # So DATA should be large enough to make this test reliable even with a ++ # 64 KiB page configuration. ++ DATA = b"x" * (1024 * 17 * 64 + 1) + # Reduce socket buffer size to test on relative small data sets. + BUF_SIZE = 4 * 1024 # 4 KiB + diff --git a/idle3.appdata.xml b/idle3.appdata.xml new file mode 100644 index 0000000..554b7c4 --- /dev/null +++ b/idle3.appdata.xml @@ -0,0 +1,35 @@ + + + + + idle3.desktop + IDLE3 + CC0 + Python-2.0 + Python 3 Integrated Development and Learning Environment + +

+ IDLE is Python’s Integrated Development and Learning Environment. + The GUI is uniform between Windows, Unix, and Mac OS X. + IDLE provides an easy way to start writing, running, and debugging + Python code. +

+

+ IDLE is written in pure Python, and uses the tkinter GUI toolkit. + It provides: +

+
    +
  • a Python shell window (interactive interpreter) with colorizing of code input, output, and error messages,
    • +
  • a multi-window text editor with multiple undo, Python colorizing, smart indent, call tips, auto completion, and other features,
    • +
  • search within any window, replace within editor windows, and search through multiple files (grep),
    • +
  • a debugger with persistent breakpoints, stepping, and viewing of global and local namespaces.
    • +
+ + https://docs.python.org/3/library/idle.html + + http://in.waw.pl/~zbyszek/fedora/idle3-appdata/idle3-main-window.png + http://in.waw.pl/~zbyszek/fedora/idle3-appdata/idle3-class-browser.png + http://in.waw.pl/~zbyszek/fedora/idle3-appdata/idle3-code-viewer.png + + zbyszek@in.waw.pl + diff --git a/idle3.desktop b/idle3.desktop new file mode 100644 index 0000000..43f5a4c --- /dev/null +++ b/idle3.desktop @@ -0,0 +1,12 @@ +[Desktop Entry] +Version=1.0 +Name=IDLE 3 +GenericName=Python 3 IDE +Comment=Python 3 Integrated Development and Learning Environment +Exec=idle3 %F +TryExec=idle3 +Terminal=false +Type=Application +Icon=idle3 +Categories=Development;IDE; +MimeType=text/x-python; diff --git a/import_failed.map b/import_failed.map new file mode 100644 index 0000000..f33690c --- /dev/null +++ b/import_failed.map @@ -0,0 +1,7 @@ +python311-curses: curses _curses _curses_panel +python311-dbm: dbm _dbm _gdbm +python311-idle: idlelib +python311-testsuite: test _ctypes_test _testbuffer _testcapi _testinternalcapi _testimportmultiple _testmultiphase xxlimited +python311-tk: tkinter _tkinter +python311-tools: turtledemo +python311: sqlite3 readline _sqlite3 nis diff --git a/import_failed.py b/import_failed.py new file mode 100644 index 0000000..258b5a5 --- /dev/null +++ b/import_failed.py @@ -0,0 +1,23 @@ +import sys, os +from sysconfig import get_path + +failed_map_path = os.path.join(get_path('stdlib'), '_import_failed', 'import_failed.map') + +if __spec__: + failed_name = __spec__.name +else: + failed_name = __name__ + +with open(failed_map_path) as fd: + for line in fd: + package = line.split(':')[0] + imports = line.split(':')[1] + if failed_name in imports: + raise ImportError(f"""Module '{failed_name}' is not installed. +Use: + sudo zypper install {package} +to install it.""") + +raise ImportError(f"""Module '{failed_name}' is not installed. +It is supposed to be part of python3 distribution, but missing from failed import map. +Please file a bug on the SUSE Bugzilla.""") diff --git a/macros.python3 b/macros.python3 new file mode 100644 index 0000000..2bd193b --- /dev/null +++ b/macros.python3 @@ -0,0 +1,28 @@ +%have_python3 1 + +# commented out legacy macro definitions +#py3_prefix /usr +#py3_incdir /usr/include/python3.5m +#py3_ver 3.5 + +# these should now be provided by macros.python_all +#python3_sitearch /usr/lib64/python3.5/site-packages +#python3_sitelib /usr/lib/python3.5/site-packages +#python3_version 3.5 + +# hard to say if anyone ever used these? +#py3_soflags cpython-35m-x86_64-linux-gnu +#py3_abiflags m +%cpython3_soabi %(python3 -c "import sysconfig; print(sysconfig.get_config_var('SOABI'))") +%py3_soflags %cpython3_soabi + +# compilation macros that might be in use somewhere +%py3_compile(O) \ +find %1 -name '*.pyc' -exec rm -f {} ";"\ +python3 -c "import sys, os, compileall; br='%{buildroot}'; compileall.compile_dir(sys.argv[1], ddir=br and (sys.argv[1][len(os.path.abspath(br)):]+'/') or None)" %1\ +%{-O:\ +find %1 -name '*.pyo' -exec rm -f {} ";"\ +python3 -O -c "import sys, os, compileall; br='%{buildroot}'; compileall.compile_dir(sys.argv[1], ddir=br and (sys.argv[1][len(os.path.abspath(br)):]+'/') or None)" %1\ +} + + diff --git a/no-skipif-doctests.patch b/no-skipif-doctests.patch new file mode 100644 index 0000000..7e412d7 --- /dev/null +++ b/no-skipif-doctests.patch @@ -0,0 +1,653 @@ +only in patch2: +unchanged: +--- + Doc/library/turtle.rst | 82 ------------------------------------------------- + 1 file changed, 82 deletions(-) + +--- a/Doc/library/turtle.rst ++++ b/Doc/library/turtle.rst +@@ -440,7 +440,6 @@ Turtle motion + turtle is headed. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.position() + (0.00,0.00) +@@ -467,7 +466,6 @@ Turtle motion + >>> turtle.goto(0, 0) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.position() + (0.00,0.00) +@@ -486,13 +484,11 @@ Turtle motion + orientation depends on the turtle mode, see :func:`mode`. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.setheading(22) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.heading() + 22.0 +@@ -511,13 +507,11 @@ Turtle motion + orientation depends on the turtle mode, see :func:`mode`. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.setheading(22) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.heading() + 22.0 +@@ -540,13 +534,11 @@ Turtle motion + not change the turtle's orientation. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.goto(0, 0) + + .. doctest:: +- :skipif: _tkinter is None + + >>> tp = turtle.pos() + >>> tp +@@ -570,13 +562,11 @@ Turtle motion + unchanged. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.goto(0, 240) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.position() + (0.00,240.00) +@@ -592,13 +582,11 @@ Turtle motion + Set the turtle's second coordinate to *y*, leave first coordinate unchanged. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.goto(0, 40) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.position() + (0.00,40.00) +@@ -625,7 +613,6 @@ Turtle motion + =================== ==================== + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.setheading(90) + >>> turtle.heading() +@@ -638,14 +625,12 @@ Turtle motion + its start-orientation (which depends on the mode, see :func:`mode`). + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.setheading(90) + >>> turtle.goto(0, -10) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.heading() + 90.0 +@@ -677,7 +662,6 @@ Turtle motion + calculated automatically. May be used to draw regular polygons. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.position() +@@ -706,7 +690,6 @@ Turtle motion + + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.dot() +@@ -724,7 +707,6 @@ Turtle motion + it by calling ``clearstamp(stamp_id)``. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.color("blue") + >>> turtle.stamp() +@@ -740,7 +722,6 @@ Turtle motion + Delete stamp with given *stampid*. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.position() + (150.00,-0.00) +@@ -785,7 +766,6 @@ Turtle motion + undo actions is determined by the size of the undobuffer. + + .. doctest:: +- :skipif: _tkinter is None + + >>> for i in range(4): + ... turtle.fd(50); turtle.lt(80) +@@ -818,7 +798,6 @@ Turtle motion + turtle turn instantly. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.speed() + 3 +@@ -839,7 +818,6 @@ Tell Turtle's state + Return the turtle's current location (x,y) (as a :class:`Vec2D` vector). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.pos() + (440.00,-0.00) +@@ -855,7 +833,6 @@ Tell Turtle's state + orientation which depends on the mode - "standard"/"world" or "logo". + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.goto(10, 10) + >>> turtle.towards(0,0) +@@ -867,7 +844,6 @@ Tell Turtle's state + Return the turtle's x coordinate. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.left(50) +@@ -883,7 +859,6 @@ Tell Turtle's state + Return the turtle's y coordinate. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.left(60) +@@ -900,7 +875,6 @@ Tell Turtle's state + :func:`mode`). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.left(67) +@@ -917,7 +891,6 @@ Tell Turtle's state + other turtle, in turtle step units. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.distance(30,40) +@@ -941,7 +914,6 @@ Settings for measurement + Default value is 360 degrees. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.left(90) +@@ -964,7 +936,6 @@ Settings for measurement + ``degrees(2*math.pi)``. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.left(90) +@@ -975,7 +946,6 @@ Settings for measurement + 1.5707963267948966 + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.degrees(360) +@@ -1011,7 +981,6 @@ Drawing state + thickness. If no argument is given, the current pensize is returned. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.pensize() + 1 +@@ -1043,7 +1012,6 @@ Drawing state + attributes in one statement. + + .. doctest:: +- :skipif: _tkinter is None + :options: +NORMALIZE_WHITESPACE + + >>> turtle.pen(fillcolor="black", pencolor="red", pensize=10) +@@ -1066,7 +1034,6 @@ Drawing state + Return ``True`` if pen is down, ``False`` if it's up. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.penup() + >>> turtle.isdown() +@@ -1107,7 +1074,6 @@ Color control + newly set pencolor. + + .. doctest:: +- :skipif: _tkinter is None + + >>> colormode() + 1.0 +@@ -1156,7 +1122,6 @@ Color control + with the newly set fillcolor. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.fillcolor("violet") + >>> turtle.fillcolor() +@@ -1195,7 +1160,6 @@ Color control + with the newly set colors. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.color("red", "green") + >>> turtle.color() +@@ -1212,7 +1176,6 @@ Filling + ~~~~~~~ + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.home() +@@ -1222,7 +1185,6 @@ Filling + Return fillstate (``True`` if filling, ``False`` else). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.begin_fill() + >>> if turtle.filling(): +@@ -1247,7 +1209,6 @@ Filling + above may be either all yellow or have some white regions. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.color("black", "red") + >>> turtle.begin_fill() +@@ -1264,7 +1225,6 @@ More drawing control + variables to the default values. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.goto(0,-22) + >>> turtle.left(100) +@@ -1315,7 +1275,6 @@ Visibility + drawing observably. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.hideturtle() + +@@ -1326,7 +1285,6 @@ Visibility + Make the turtle visible. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.showturtle() + +@@ -1357,7 +1315,6 @@ Appearance + deal with shapes see Screen method :func:`register_shape`. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.shape() + 'classic' +@@ -1383,7 +1340,6 @@ Appearance + ``resizemode("user")`` is called by :func:`shapesize` when used with arguments. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.resizemode() + 'noresize' +@@ -1407,7 +1363,6 @@ Appearance + of the shape's outline. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.shapesize() + (1.0, 1.0, 1) +@@ -1432,7 +1387,6 @@ Appearance + heading of the turtle are sheared. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.shape("circle") + >>> turtle.shapesize(5,2) +@@ -1449,7 +1403,6 @@ Appearance + change the turtle's heading (direction of movement). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.reset() + >>> turtle.shape("circle") +@@ -1469,7 +1422,6 @@ Appearance + (direction of movement). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.reset() + >>> turtle.shape("circle") +@@ -1495,7 +1447,6 @@ Appearance + turtle (its direction of movement). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.reset() + >>> turtle.shape("circle") +@@ -1524,7 +1475,6 @@ Appearance + given matrix. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle = Turtle() + >>> turtle.shape("square") +@@ -1540,7 +1490,6 @@ Appearance + can be used to define a new shape or components of a compound shape. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.shape("square") + >>> turtle.shapetransform(4, -1, 0, 2) +@@ -1565,7 +1514,6 @@ Using events + procedural way: + + .. doctest:: +- :skipif: _tkinter is None + + >>> def turn(x, y): + ... left(180) +@@ -1586,7 +1534,6 @@ Using events + ``None``, existing bindings are removed. + + .. doctest:: +- :skipif: _tkinter is None + + >>> class MyTurtle(Turtle): + ... def glow(self,x,y): +@@ -1614,7 +1561,6 @@ Using events + mouse-click event on that turtle. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.ondrag(turtle.goto) + +@@ -1642,7 +1588,6 @@ Special Turtle methods + Return the last recorded polygon. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.begin_poly() +@@ -1662,7 +1607,6 @@ Special Turtle methods + turtle properties. + + .. doctest:: +- :skipif: _tkinter is None + + >>> mick = Turtle() + >>> joe = mick.clone() +@@ -1675,7 +1619,6 @@ Special Turtle methods + return the "anonymous turtle": + + .. doctest:: +- :skipif: _tkinter is None + + >>> pet = getturtle() + >>> pet.fd(50) +@@ -1689,7 +1632,6 @@ Special Turtle methods + TurtleScreen methods can then be called for that object. + + .. doctest:: +- :skipif: _tkinter is None + + >>> ts = turtle.getscreen() + >>> ts +@@ -1707,7 +1649,6 @@ Special Turtle methods + ``None``, the undobuffer is disabled. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.setundobuffer(42) + +@@ -1717,7 +1658,6 @@ Special Turtle methods + Return number of entries in the undobuffer. + + .. doctest:: +- :skipif: _tkinter is None + + >>> while undobufferentries(): + ... undo() +@@ -1740,7 +1680,6 @@ below: + For example: + + .. doctest:: +- :skipif: _tkinter is None + + >>> s = Shape("compound") + >>> poly1 = ((0,0),(10,-5),(0,10),(-10,-5)) +@@ -1751,7 +1690,6 @@ below: + 3. Now add the Shape to the Screen's shapelist and use it: + + .. doctest:: +- :skipif: _tkinter is None + + >>> register_shape("myshape", s) + >>> shape("myshape") +@@ -1771,7 +1709,6 @@ Most of the examples in this section ref + ``screen``. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> screen = Screen() +@@ -1788,7 +1725,6 @@ Window control + Set or return background color of the TurtleScreen. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.bgcolor("orange") + >>> screen.bgcolor() +@@ -1880,7 +1816,6 @@ Window control + distorted. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.reset() + >>> screen.setworldcoordinates(-50,-7.5,50,7.5) +@@ -1891,7 +1826,6 @@ Window control + ... left(45); fd(2) # a regular octagon + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> screen.reset() +@@ -1913,7 +1847,6 @@ Animation control + Optional argument: + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.delay() + 10 +@@ -1935,7 +1868,6 @@ Animation control + :func:`delay`). + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.tracer(8, 25) + >>> dist = 2 +@@ -1972,7 +1904,6 @@ Using screen events + must have the focus. (See method :func:`listen`.) + + .. doctest:: +- :skipif: _tkinter is None + + >>> def f(): + ... fd(50) +@@ -1993,7 +1924,6 @@ Using screen events + must have focus. (See method :func:`listen`.) + + .. doctest:: +- :skipif: _tkinter is None + + >>> def f(): + ... fd(50) +@@ -2018,7 +1948,6 @@ Using screen events + named ``turtle``: + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.onclick(turtle.goto) # Subsequently clicking into the TurtleScreen will + >>> # make the turtle move to the clicked point. +@@ -2038,7 +1967,6 @@ Using screen events + Install a timer that calls *fun* after *t* milliseconds. + + .. doctest:: +- :skipif: _tkinter is None + + >>> running = True + >>> def f(): +@@ -2120,7 +2048,6 @@ Settings and special methods + ============ ========================= =================== + + .. doctest:: +- :skipif: _tkinter is None + + >>> mode("logo") # resets turtle heading to north + >>> mode() +@@ -2135,7 +2062,6 @@ Settings and special methods + values of color triples have to be in the range 0..*cmode*. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.colormode(1) + >>> turtle.pencolor(240, 160, 80) +@@ -2156,7 +2082,6 @@ Settings and special methods + do with a Tkinter Canvas. + + .. doctest:: +- :skipif: _tkinter is None + + >>> cv = screen.getcanvas() + >>> cv +@@ -2168,7 +2093,6 @@ Settings and special methods + Return a list of names of all currently available turtle shapes. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.getshapes() + ['arrow', 'blank', 'circle', ..., 'turtle'] +@@ -2192,7 +2116,6 @@ Settings and special methods + coordinates: Install the corresponding polygon shape. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.register_shape("triangle", ((5,-3), (0,5), (-5,-3))) + +@@ -2208,7 +2131,6 @@ Settings and special methods + Return the list of turtles on the screen. + + .. doctest:: +- :skipif: _tkinter is None + + >>> for turtle in screen.turtles(): + ... turtle.color("red") +@@ -2270,7 +2192,6 @@ Methods specific to Screen, not inherite + center window vertically + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.setup (width=200, height=200, startx=0, starty=0) + >>> # sets window to 200x200 pixels, in upper left of screen +@@ -2286,7 +2207,6 @@ Methods specific to Screen, not inherite + Set title of turtle window to *titlestring*. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.title("Welcome to the turtle zoo!") + +@@ -2357,7 +2277,6 @@ Public classes + Example: + + .. doctest:: +- :skipif: _tkinter is None + + >>> poly = ((0,0),(10,-5),(0,10),(-10,-5)) + >>> s = Shape("compound") +@@ -2743,7 +2662,6 @@ Changes since Python 3.0 + + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> for turtle in turtles(): diff --git a/pre_checkin.sh b/pre_checkin.sh new file mode 100644 index 0000000..a2cf992 --- /dev/null +++ b/pre_checkin.sh @@ -0,0 +1,78 @@ +#!/bin/bash + +export LC_ALL=C + +master=python*.spec + +# create import_failed.map from package definitions +pkgname=$(grep python_pkg_name $master |grep define |awk -F' ' '{print $3}') +MAPFILE=import_failed.map +function new_map_line () { + package=$1 + package=$(echo $1 |sed -e "s:%{python_pkg_name}:$pkgname:") + modules=$2 + if [ -z "$package" -o -z "$modules" ]; then + return + fi + if [[ "$package" =~ "-base" ]]; then + return + fi + echo "$package:$modules" >> $MAPFILE.tmp +} + +for spec in *.spec; do + basename=${spec%.spec} + package= + modules= + while read line; do + case $line in + "%files -n "*) + new_map_line $package "$modules" + package=${line#"%files -n "} + modules= + ;; + "%files "*) + new_map_line $package "$modules" + package=$basename-${line#"%files "} + modules= + ;; + "%files") + new_map_line $package "$modules" + package=$basename + modules= + ;; + "%{sitedir}/config-"*) + # ignore + ;; + "%{sitedir}/"*) + word=${line#"%{sitedir}/"} + if ! echo $word | grep -q /; then + modules="$modules $word" + fi + ;; + "%{dynlib "*"}") + word=${line#"%{dynlib "} + word=${word%"}"} + modules="$modules $word" + ;; + esac + done < $spec + new_map_line $package "$modules" +done + +cat $MAPFILE.tmp |sort -u > $MAPFILE +rm $MAPFILE.tmp + +# run test inclusion check +tar xJf Python-*.xz +python3 skipped_tests.py + +# generate baselibs.conf +VERSION=$(grep ^Version $master|awk -F':' '{print $2}' |sed -e 's/ //g') +python_version=${VERSION:0:3} # 3.3 +python_version_abitag=${python_version//./} # 33 +python_version_soname=${python_version//./_} # 3_3 +echo "$pkgname-base" > baselibs.conf +echo "$pkgname" >> baselibs.conf +echo "libpython$python_version_soname-1_0" >> baselibs.conf + diff --git a/python-3.3.0b1-fix_date_time_compiler.patch b/python-3.3.0b1-fix_date_time_compiler.patch new file mode 100644 index 0000000..cda20d7 --- /dev/null +++ b/python-3.3.0b1-fix_date_time_compiler.patch @@ -0,0 +1,27 @@ +--- + Makefile.pre.in | 7 +++++++ + 1 file changed, 7 insertions(+) + +Index: Python-3.11.8/Makefile.pre.in +=================================================================== +--- Python-3.11.8.orig/Makefile.pre.in ++++ Python-3.11.8/Makefile.pre.in +@@ -1240,11 +1240,18 @@ Modules/getbuildinfo.o: $(PARSER_OBJS) \ + $(DTRACE_OBJS) \ + $(srcdir)/Modules/getbuildinfo.c + $(CC) -c $(PY_CORE_CFLAGS) \ ++ -DDATE="\"`date -u -r Makefile.pre.in +"%b %d %Y"`\"" \ ++ -DTIME="\"`date -u -r Makefile.pre.in +"%T"`\"" \ + -DGITVERSION="\"`LC_ALL=C $(GITVERSION)`\"" \ + -DGITTAG="\"`LC_ALL=C $(GITTAG)`\"" \ + -DGITBRANCH="\"`LC_ALL=C $(GITBRANCH)`\"" \ + -o $@ $(srcdir)/Modules/getbuildinfo.c + ++Python/getcompiler.o: $(srcdir)/Python/getcompiler.c Makefile ++ $(CC) -c $(PY_CORE_CFLAGS) \ ++ -DCOMPILER='"[GCC]"' \ ++ -o $@ $(srcdir)/Python/getcompiler.c ++ + Modules/getpath.o: $(srcdir)/Modules/getpath.c Python/frozen_modules/getpath.h Makefile $(PYTHON_HEADERS) + $(CC) -c $(PY_CORE_CFLAGS) -DPYTHONPATH='"$(PYTHONPATH)"' \ + -DPREFIX='"$(prefix)"' \ diff --git a/python-3.3.0b1-localpath.patch b/python-3.3.0b1-localpath.patch new file mode 100644 index 0000000..475497e --- /dev/null +++ b/python-3.3.0b1-localpath.patch @@ -0,0 +1,13 @@ +Index: Python-3.11.8/Lib/site.py +=================================================================== +--- Python-3.11.8.orig/Lib/site.py ++++ Python-3.11.8/Lib/site.py +@@ -77,7 +77,7 @@ import io + import stat + + # Prefixes for site-packages; add additional prefixes like /usr/local here +-PREFIXES = [sys.prefix, sys.exec_prefix] ++PREFIXES = [sys.prefix, sys.exec_prefix, '/usr/local'] + # Enable per user site-packages directory + # set it to False to disable the feature or True to force the feature + ENABLE_USER_SITE = None diff --git a/python-3.3.0b1-test-posix_fadvise.patch b/python-3.3.0b1-test-posix_fadvise.patch new file mode 100644 index 0000000..ac5d553 --- /dev/null +++ b/python-3.3.0b1-test-posix_fadvise.patch @@ -0,0 +1,17 @@ +--- + Lib/test/test_posix.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +Index: Python-3.11.8/Lib/test/test_posix.py +=================================================================== +--- Python-3.11.8.orig/Lib/test/test_posix.py ++++ Python-3.11.8/Lib/test/test_posix.py +@@ -430,7 +430,7 @@ class PosixTester(unittest.TestCase): + def test_posix_fadvise(self): + fd = os.open(os_helper.TESTFN, os.O_RDONLY) + try: +- posix.posix_fadvise(fd, 0, 0, posix.POSIX_FADV_WILLNEED) ++ posix.posix_fadvise(fd, 0, 0, posix.POSIX_FADV_RANDOM) + finally: + os.close(fd) + diff --git a/python.keyring b/python.keyring new file mode 100644 index 0000000..747bc27 --- /dev/null +++ b/python.keyring @@ -0,0 +1,109 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBFq+ToQBEADRYvIVtbK6owynD3j3nxwpW2KEk/p+aDvtXmc2SR2dBcZ8sFW2 +R5vEsG8d3/D3wgv5pcL3KfNNXQYUnXVbobrFUUWQYc79qIsE3MgiPf5NVOtwKPUR +i5g9YJgKvpBxkQfqp3LYGm9ZBtwo3DVLA3yn7KsazCmAgTNFJYw7ku1XxgmIzY6K +5J30DfbJiqDqj4f9GslCCCCH3qiPnuLG/HUyVLHMpbWlaiy9NI0GcaLxjJewHj9w +W2D2lydkxe5JGo7egUkV3ILcuLVSVKA35SKY27dYqfuyqp9tAzaRbjDYjsYdHA6G +BqrNrKBn/GwlFDPrVdcvN3ZSY2wMLTxWE3Axc/FweuHxFnou/80FwX7F3JD+oEQ6 +rofmcxOBCC7J98I7HZAhP9jBn88XIS2hztbLq8d6rZJZRtcz0k61VR0ddO+TrFmf +9rMYCPgCckRtVxeFIVIabrN1IzKynLFeo040h8hSGswd6YKDOVwjJY6Oa6EmVefZ +a8QSt4+M65RSzH6SEPY008F3nJUAK6MEkzTak+tFltZNrVWu8p2xd1j9nmxAwEhZ +/lgbxLqzYgaUWmfyHeZ8yVA0MhHzdiAL8nVUEdG3KecIq0RWCJLGLWWIjd6KAJl1 +yAmhRYKK/sjPDsL3elHsFACfZbyx3o5GGQNlas1FYoPLWbaNGaJtgFTF2QARAQAB +tCtQYWJsbyBHYWxpbmRvIFNhbGdhZG8gPHBhYmxvZ3NhbEBnbWFpbC5jb20+iQJO +BBMBCgA4FiEEoDXIwZIZuoIezqhrZOYo+NaEaW0FAlq+ToQCGwMFCwkIBwMFFQoJ +CAsFFgIDAQACHgECF4AACgkQZOYo+NaEaW2bmA/+PXIap2udLoUVOHxnsIBdqYwp +sv1Aj5lfIJmNhmxPbHShwp1Jg+w4urxe+2Dj5ofKVlIo1i83bQkvnKJMDXDVuc/K +P6zqhBJ3rT4Q3qx2mzX8bIfQoJ2JHuH4lkP+I7doDcHHRyeNASyk72VdQmU4twNw +Ibn8nSNV6ThKHdoPYzVnO2rZUFcGIqH5HNsvR+B7cc1MBCHsgURYwSVhSePIFGlZ +iasdBD6QQkDSe4QWi7AcJFWFElw4kbOKJWxAWsrEk+tMXJVGRjnmL289EmPCx/vx +BqKy7Mse0yWCSRR3vB+O6TB1S5SgEyEgqlYsfGNv1qf/rfRD4KkyCbNU3LhY1Aim +vJP4pDW+KFxTk2Ks8vrx8gOSd2aFqPeO/pFDrpsF7PD62XwsfoXu4xc5V0Giw7r1 +Nai0nax7kOrldNF8TbbtRjW0jmoC7wLIDujAkwDIOroZ0CXA3N4HVHdSbrHm/urX +nyxJXupXAQNwGx64JCBcbF2fp3Kvu1VAXBEFnd01KaopthHcbG5pA50Kl2Vhe+98 +OdezUX42fHkQpQkB7HgtXfm6W1bw6YRBamrNvs1OoHBYmUjlECpe566IIu25Hc8s +x3qA+6eca7iqizyLG+WyMT8ZIYTWGAS59jxwR4esqGczbbZPSAPHFwLbGv7Wr0Rd +TPu5B0FcKpDkTd4IxQW5Ag0EWr5O2gEQAMjLe4CtbSfofmJrz5wfNkMVsZ81Gbqe +MoYd3dtkJnQYERUj8flzBj3ucaxGJ+Cuf7ybh3naPopKvEI1q0vkcgCDqrEgXK// +jKJbP28uPSMGhOG28q4PbamG55gy5FtM3ezzAxPWWKe9qBpV65GMmFy7eBQx2iJs +yiDIOOQQ4kraS+cTqNFimEXAGLCOQRNLcwIZzwAAHoW7HEpNUfVwaBD9kMlbo1ND +I60IKcNrNcmcmRxhJqfxjj8YBMwcKHO6GBE3AVpaE/+UO9zyr4TH+0YuQUgxKlPW +Dkg5XlkDo0S1GyLY5e9ckIDIlkTdDa2pOkoE2yB5MQCEga3YiHrKUVTTWaxn9XVJ +6x5ZjUF6bgSWGkrG5dUqSYoO1iDMuNVjtiujNyf/rvfj5cNxS7/lgxchhQKZHZXL +WVqxlneeVJ6s0P4+ROVG9ga2Sve7aUJ6wXIewZwulBcV2sE/W/DgxHgLBi53CUQt +vEzFzKvo48GnDqL5VYjA7l0HMYHd4GksCLi8E8U6Cgj+imXiM8voL7pHRZfs8mY8 +udR+UT4e1Scl2MYP2qBJ9/17B/X52B3s1EZdqI/r+hfOyqrhPs+dbAN0mtMPn68+ +nrvY1+nscvrSYEP6ZBlc9Hp2mgJdb6IcTvINXBEeLRjgc3pjViva443pkiFp9Axm +ecOckMKP3uSlABEBAAGJBGwEGAEKACAWIQSgNcjBkhm6gh7OqGtk5ij41oRpbQUC +Wr5O2gIbAgJACRBk5ij41oRpbcF0IAQZAQoAHRYhBM/cokWxBDzypfl4Zf/odAQW +i9hHBQJavk7aAAoJEP/odAQWi9hHr7YP/RCLre1CmOoWYpAtoa1yVCeYMDV6eQgL +B488/BEZHQE1zbrYy16XkhORob3JF/kUMjmJW7XaFF8FrWvRcdj/xaUGbOOEulKg +v+8zWfswYQRiZ4/JlwER4vRLi6fTE89MVER6Fkj2ASD4D2cifY+EztD4flV3sq3s +vIogGFaN9IvdrdeptOVGXs1RmAyoTsiS2mKQ6xsGh8B9ZAm55W8fBOGiSzLX21Xk +Ofdw53BrFQxn3cu/JgIKpdeZxgukcvEAI62B6X+YL6Na4j0eqEGLzsNtU1+xeJlo +WtVvmRwnRHGSxF6fzIZ3mk/p/aFiXAEq/xITCTY6tDv7x7pFE/RpdlJZyNJ+R5Y4 +SQiuDsylxNCa/4G5EB6q+7iVYtbEQ9MnZg2phowEE42tlj0rz8/rvDK3LH3xibot +KHIodCWKlWByxH99u2PuHUQ0c1oCVBUE1KkruMpvI236DpU/dvdq4JLSg/fWrys/ +VIjqLZgsIE5g/KO9XqngWHkLcBLh4CNAmHJ8Iia+s+/rfgsejQWB5uJb6eYg2JjB +4WP1EI0rULM6fdrCNB+MJ36wE2Lnb4bfT0phOMgjjH5/Ki7ZCbkxkOsBs4SRjiS+ +weCsmpAtMqodWY/Cnw9pWSA/qLSRD5/mKeb9SO6OZ/OPfAatwnGHsvZ2sAueC6rR +04W5BfXZWrnJUXQP/id/EKE1Ksp5fKoxSCbkKTCig+Sf5Afwe36yFN+niZBqzn5b +BgL/HIKaZM97oDHersPPANeEgS+JVlBf95iKIYnQbZP43FLVbvOuaINhBIVtFO54 +2Y7EYwl41kP7ILDElVy36KAmdQyBAfrjnZiRA70xShOxApLug1L0lxhR3YfmLwNi +RJ0V6KnYDKf0pfdhO9VFyFFWUojX1usn2SmSsXNizsNtvRqHXzPnX0rbJzZ9+N4O +9k1nxygYFG/2R/jGonVmTjRzcAHrAkNJETMWXMA7/8wRMDwluz8j+cCldey9x8Vk +JwgLGnZSbQtVpcFAnm5r/36Gt+9wc1VWMyrUrVr6Z679aqAbG7PMaeR5h5ygMj1k +VqRTYAUPSk1f8bZKRssQkQwEbp9dVIjm9SsR8VT7/tB+UuB85dABxgHfv3psJRT+ +tL8g9V7kSZqQfcLNGmvEVvr2Zl9NtxwXtsFM2OBprxCenwb+e9Ppm1LjfJG/NE72 +mAnOERfDaiLt4bqNo36Ei5sGCJ4Fx61phzNBXzkdRNM47i8J5UZRKFkE91c99BVM +HKUaY61NRK24fR0zP98ftDU82YFw0VRFJpTeBrO5ivN1MlQxUPzUWxKxMxO+20wa +UOXroEw11Tb4SRLGOla1pCl6lCUPJRy9IzadPDgTr/OTMkob/snt/XLdnV5/uQIN +BFq+TvoBEAC8Oy1g6pPWBbrCMhIq7VWY2fjylJ1fwg5BPXkOKVK1dsGYO4QD7oW9 +L0aSqcFSNFGF9Cl0Ri4TFXZC3hnG4HeSXUWApuKdBLn21H3jba36Ay1oGcGfdm0v +Zght4c6BlMVBpGCw2wIkJbUNEy6InMM+O8CCbbaH3iJkJ4141P7pODHignx5AmZI +conMui4YOhC+IXQXynVEv1Juk7erB1Nh1RcRvsA4lb44HWx49lIwe85ejOmoZ0O3 +6f9NJRer6bV0+rHWmg4IV5Q9h/Gn4IhEDZxA0DZl1RQI7dMgaMbIFbXGq7Kgzstz +EUnOoy29hXodxVmwIsMrAiQUYtwJ9hW+ESsw47+W2iPHVgviGWl7r/SgcgMYmf6m +5kiTBtwU7BQPS9G3zwwP2Rm3AA/6g39Q+tQKjOwi1I8+GZsY2On44Zly7BreBNg5 +4gJgdAGcMOYU9etr050clH3UpTYcAEtX++ahtOKhJgLIPNcIAQNlnifqvU0VYpgw +R4YpZ7hgg+AVDzC73PIM0lFI0XiDuqChbxE+K1jmLXWe5iJF0dzgVTwP+PmsifNZ +Wg3+YxSsS+hDMPQ2xPiQN49gT4JJDHcDuyhHyCGYgyMiVJCsku9KrkubbfVRivyN +ZF2Zfo3f+nbrRxsftz0yjAq8byCvb0V0XOpt4pJ/ddlug9ytRxALNwARAQABiQI2 +BBgBCgAgFiEEoDXIwZIZuoIezqhrZOYo+NaEaW0FAlq+TvoCGwwACgkQZOYo+NaE +aW3urA//UQ/cKQ7HvWjcLphzQOZc+6m5YL0wxvZkSjemU7mqjZdpacteIvRAoers +EqXHc208liIBtNfRzoreXdcXNzie65xXkrRnWoHVH/fTWy4lOnHr2CMXLeHjUgg/ +M6PYi8+sARm05YFB8nsYhlhx3IdLhcfeVVbJedQKO0yL3CK1okT30DUVq5Lq6X/K +DC6AxuJR3D6UMSoT0WLaoX8qbhAp88qLynInfBVL18d97h916WPLTPeP0eHwhwND +bYtKDCMDuKQ9XX5+QsNH0RmbxlX274LHrUMMvkLKxcfCBvP+iuqrBeIuoeVzXYJZ +j7ZJtEH79bW44eecl/CY/STFYgSQ2XGTp2BI2q60wAmtKlNhwxY5ena0FgyFl6Tm +5OBHW/Pwo+ndQJGfbrCyWkTgRay9c8er3gl3GQYIBH6X0kCiG7h/Epj0b5CHOPU5 +hCw0kEB8MB4poTIjeiY+Q01472/lQ68CL3DX158hR5d3XaPSIxAN+qFsfB1o316p +yjxhfK1MD/IfrOgjlggPPnc/KmLkCzpgdwKcZwLCdZq9hYBvF1Zs34HbaVMYbWTK +uxLowtXGU43vatCXXqmPOvl4/g4tZD6rysJDgOrHQnEHzT+Napn07s0BRC0IbbNn +FynUrkr5KMSuRz7Hg7xMApENOrb0nqdHSUJ914ZpuMIS6RhJgGu5Ag0EWr5PIAEQ +ALfh9vPD2B+miHDTMADI8aRZ7g9tnzynZYkk3+2sCiiusetsQQ+HIPJ/ASEJB7On +ane9dyT/LTRhrK9qaxgVMimk2COXB/xyh7Mnw7nJgFU0aRSbtX0vbvQz2suSzrQ6 +9mPKzan28JGoClqB0bw1vwf3VjjxHV2dgD57CmqFPv7kAC/2a56dE+etzXattZAL ++2JWTpmfQ0ePRRadtBm0VahQhnU8x0+jvAVrEawqpVW83ozYFyW/0WInM2J7jHgQ +16OosY4lj5L/DxpVxaArhRFoRfWPXfC37iE8Mou/I95isvPQIhp1wTo4jG0KM02B +oIVbp/QRNBQ6WtpOzvJs1gqQiJJTfqbKJXQ3NDEY9crpVS83HJ+Zv99PNsyNkFjG +QpU84U3ZhsI4ygjdY45mpZueqI1RVcRQdu8Hgvoo/78Q/Sir6gMGop3mVdVo2guI +kFcJrXh0Xk3ech4aVqrmKx/mPXGwOAQU0DAul4RW3fKg1QxQE7Tlw3+95Ee/+q5j +HARL0uDbCJpRO8Sl8NDEuL32n/2Ot6kQeCSHrU7KJRYAkTxkKvr8zNow7hFhHFPE +SnHvTnskI6noh0VY6NwMhmLvhm0wKkRxZPzUNc3sgLvbK1NymIZ9aKCZamzhZrmG +vnblEz/OSLwGUua465H3hM1vvBQiartj7+6ZqWIkSmBPABEBAAGJAjYEGAEKACAW +IQSgNcjBkhm6gh7OqGtk5ij41oRpbQUCWr5PIAIbIAAKCRBk5ij41oRpbWmeEACG ++axtDC8UoNp9ORiYwEWLzZWDuugE+ah7DYYGD4Vs633FXVZW3SgM/bFtJ/0Lg8CF +74jI4LMHyIjDzEjcoItwnhBLix+kUoJTvrY58GPydwekLuw1p4KXLqtRs4fsZbNQ +YTknl4jYtRWoxO98x7tun7Gq2gqmJkIB2uj630fKz5cBk6p6oDFKjzyrHe+V7BiK +3okQPaD4x7hq8OnTy7lOy92ZZAqztS4tNEb4DkYW1MpuwsJ7hbBZitc1siI+FVVb +GjVVGZz6ssXoW67Tz8+VxdWJxNLXlv27eMcj4sme5S0th/YYNA5fRRv6zuzqZAru +YNGLpYYU7JLvZJ+3lCwa5j5ycOGBF0GvsGs6gj6h+CHkjR/BgzAgWC+GgUgslt6q +aH04rWtV6rVz+Y91LcrX5P6OM4anmXD3Gp3kl35AypXb4KyASF19+11RUziD4Z7q +wQEWfbwOltNyZv2lD8s2jPr7P02axWRQUbZAEhxRmvOQev/FZPyCF6gqUo/HxRbQ +y3bzmnipyHSv1DlXNfCFCHvN8kGyZnRWARqIKRg+j9ediJgOUqlLhg6KmrTVxd5v +3Dfv52PW2UODDTM20s3cQGuX/UswzMRwPI/+P44iCMwEKdm7duM/5oisZT9Vhy7g +P15MreFZLcZvUVgjqgy0u57cstyGK1Bo9e2sFcK2fA== +=6Zb4 +-----END PGP PUBLIC KEY BLOCK----- diff --git a/python311-rpmlintrc b/python311-rpmlintrc new file mode 100644 index 0000000..5b35f34 --- /dev/null +++ b/python311-rpmlintrc @@ -0,0 +1,3 @@ +addFilter("pem-certificate.*/usr/lib.*/python.*/test/*.pem") +addFilter("devel-file-in-non-devel-package.*/usr/lib.*/python.*/tests/*.c") +addFilter("devel-file-in-non-devel-package.*/usr/lib.*/python.*/test/*.cpp") diff --git a/python311.changes b/python311.changes new file mode 100644 index 0000000..ead203e --- /dev/null +++ b/python311.changes @@ -0,0 +1,5496 @@ +------------------------------------------------------------------- +Wed Dec 4 21:40:41 UTC 2024 - Matej Cepl + +- Update to 3.11.11: + - Tools/Demos + - gh-123418: Update GitHub CI workflows to use OpenSSL 3.0.15 + and multissltests to use 3.0.15, 3.1.7, and 3.2.3. + - Tests + - gh-125041: Re-enable skipped tests for zlib on the + s390x architecture: only skip checks of the compressed + bytes, which can be different between zlib’s software + implementation and the hardware-accelerated implementation. + - Security + - gh-126623: Upgrade libexpat to 2.6.4 + - gh-122792: Changed IPv4-mapped ipaddress.IPv6Address to + consistently use the mapped IPv4 address value for deciding + properties. Properties which have their behavior fixed are + is_multicast, is_reserved, is_link_local, is_global, and + is_unspecified. + - Library + - gh-124651: Properly quote template strings in venv + activation scripts (bsc#1232241, CVE-2024-9287). +- Removed upstreamed patches: + - CVE-2024-9287-venv_path_unquoted.patch + +------------------------------------------------------------------- +Tue Dec 3 08:21:35 UTC 2024 - John Paul Adrian Glaubitz + +- Add add-loongarch64-support.patch to support loongarch64 + +------------------------------------------------------------------- +Mon Dec 2 22:50:07 UTC 2024 - Matej Cepl + +- Fix changelog + +------------------------------------------------------------------- +Mon Nov 11 12:43:40 UTC 2024 - Daniel Garcia + +- Remove -IVendor/ from python-config boo#1231795 + +------------------------------------------------------------------- +Fri Nov 1 16:32:10 UTC 2024 - Matej Cepl + +- Add CVE-2024-9287-venv_path_unquoted.patch to properly quote + path names provided when creating a virtual environment + (bsc#1232241, CVE-2024-9287) + +------------------------------------------------------------------- +Wed Oct 2 16:18:29 UTC 2024 - Matej Cepl + +- Drop .pyc files from docdir for reproducible builds + (bsc#1230906). + +------------------------------------------------------------------- +Mon Sep 9 16:53:07 UTC 2024 - Matej Cepl + +- Update to 3.11.10: + - Security + - gh-123678: Upgrade libexpat to 2.6.3 + - gh-121957: Fixed missing audit events around interactive + use of Python, now also properly firing for ``python -i``, + as well as for ``python -m asyncio``. The event in question + is ``cpython.run_stdin``. + - gh-122133: Authenticate the socket connection for the + ``socket.socketpair()`` fallback on platforms where + ``AF_UNIX`` is not available like Windows. Patch by + Gregory P. Smith and Seth Larson + . Reported by Ellie + - gh-121285: Remove backtracking from tarfile header parsing + for ``hdrcharset``, PAX, and GNU sparse headers + (bsc#1230227, CVE-2024-6232). + - gh-118486: :func:`os.mkdir` on Windows now accepts + *mode* of ``0o700`` to restrict the new directory to + the current user. This fixes CVE-2024-4030 affecting + :func:`tempfile.mkdtemp` in scenarios where the base + temporary directory is more permissive than the default. + - gh-116741: Update bundled libexpat to 2.6.2 + - Library + - gh-123270: Applied a more surgical fix for malformed + payloads in :class:`zipfile.Path` causing infinite loops + (gh-122905) without breaking contents using legitimate + characters (bsc#1229704, CVE-2024-8088). + - gh-123067: Fix quadratic complexity in parsing ``"``-quoted + cookie values with backslashes by :mod:`http.cookies` + (bsc#1229596, CVE-2024-7592). + - gh-122905: :class:`zipfile.Path` objects now sanitize names + from the zipfile. + - gh-121650: :mod:`email` headers with embedded newlines are + now quoted on output. The :mod:`~email.generator` will now + refuse to serialize (write) headers that are unsafely folded + or delimited; see :attr:`~email.policy.Policy.verify_generated_headers`. + (Contributed by Bas Bloemsaat and Petr Viktorin in + :gh:`121650`; CVE-2024-6923, bsc#1228780). + - gh-119506: Fix :meth:`!io.TextIOWrapper.write` method + breaks internal buffer when the method is called again + during flushing internal buffer. + - gh-118643: Fix an AttributeError in the :mod:`email` module + when re-fold a long address list. Also fix more cases of + incorrect encoding of the address separator in the address + list. + - gh-113171: Fixed various false positives and false + negatives in * :attr:`ipaddress.IPv4Address.is_private` + (see these docs for details) * + :attr:`ipaddress.IPv4Address.is_global` * + :attr:`ipaddress.IPv6Address.is_private` * + :attr:`ipaddress.IPv6Address.is_global` Also in the + corresponding :class:`ipaddress.IPv4Network` and + :class:`ipaddress.IPv6Network` attributes. + Fixes bsc#1226448 (CVE-2024-4032). + - gh-102988: :func:`email.utils.getaddresses` and + :func:`email.utils.parseaddr` now return ``('', '')`` + 2-tuples in more situations where invalid email addresses + are encountered instead of potentially inaccurate + values. Add optional *strict* parameter to these two + functions: use ``strict=False`` to get the old behavior, + accept malformed inputs. ``getattr(email.utils, + 'supports_strict_parsing', False)`` can be use to check if + the *strict* paramater is available. Patch by Thomas Dwyer + and Victor Stinner to improve the CVE-2023-27043 fix + (bsc#1210638). + - gh-67693: Fix :func:`urllib.parse.urlunparse` and + :func:`urllib.parse.urlunsplit` for URIs with path starting + with multiple slashes and no authority. Based on patch by + Ashwin Ramaswami. + - Core and Builtins + - gh-112275: A deadlock involving ``pystate.c``'s + ``HEAD_LOCK`` in ``posixmodule.c`` at fork is now + fixed. Patch by ChuBoning based on previous Python 3.12 fix + by Victor Stinner. + - gh-109120: Added handle of incorrect star expressions, e.g + ``f(3, *)``. Patch by Grigoryev Semyon +- Removed upstreamed patches: + - CVE-2023-27043-email-parsing-errors.patch + - CVE-2024-4032-private-IP-addrs.patch + - CVE-2024-6923-email-hdr-inject.patch + - CVE-2024-8088-inf-loop-zipfile_Path.patch + (renamed from CVE-2024-8088-zipfile-Path-sanitization.patch) + - CVE-2024-6232-ReDOS-backtrack-tarfile.patch + - CVE-2024-7592-quad-complex-cookies.patch + +------------------------------------------------------------------- +Mon Sep 2 09:44:26 UTC 2024 - Matej Cepl + +- Add gh120226-fix-sendfile-test-kernel-610.patch to avoid + failing test_sendfile_close_peer_in_the_middle_of_receiving + tests on Linux >= 6.10 (GH-120227). + +------------------------------------------------------------------- +Wed Aug 28 16:54:34 UTC 2024 - Matej Cepl + +- Add CVE-2024-8088-inf-loop-zipfile_Path.patch to prevent + malformed payload to cause infinite loops in zipfile.Path + (bsc#1229704, CVE-2024-8088). + +------------------------------------------------------------------- +Wed Aug 7 12:12:42 UTC 2024 - Matej Cepl + +- Add CVE-2024-6923-email-hdr-inject.patch to prevent email + header injection due to unquoted newlines (bsc#1228780, + CVE-2024-6923). +- %{profileopt} variable is set according to the variable + %{do_profiling} (bsc#1227999) + +------------------------------------------------------------------- +Mon Jul 22 21:20:55 UTC 2024 - Matej Cepl + +- Remove %suse_update_desktop_file macro as it is not useful any + more. + +------------------------------------------------------------------- +Thu Jul 18 22:37:07 UTC 2024 - Matej Cepl + +- Adding bso1227999-reproducible-builds.patch fixing bsc#1227999 + adding reproducibility patches from gh#python/cpython!121872 + and gh#python/cpython!121883. + +------------------------------------------------------------------- +Mon Jul 15 12:14:05 UTC 2024 - Matej Cepl + +- Stop using %%defattr, it seems to be breaking proper executable + attributes on /usr/bin/ scripts (bsc#1227378). + +------------------------------------------------------------------- +Tue Jul 2 10:32:58 UTC 2024 - Daniel Garcia + +- Update F00251-change-user-install-location.patch to make pip and + modern tools install directly in /usr/local when used by the user. + bsc#1225660 + +------------------------------------------------------------------- +Tue Jun 25 21:57:40 UTC 2024 - Matej Cepl + +- Add CVE-2024-4032-private-IP-addrs.patch to fix bsc#1226448 + (CVE-2024-4032) rearranging definition of private v global IP + addresses. + +------------------------------------------------------------------- +Wed May 1 08:39:08 UTC 2024 - Matej Cepl + +- Update CVE-2023-52425-libexpat-2.6.0-backport.patch + so that it uses features sniffing, not just + comparing version number. Include also + support-expat-CVE-2022-25236-patched.patch. +- Add CVE-2023-52425-remove-reparse_deferral-tests.patch skipping + failing tests. +- Refresh patches: + - CVE-2023-27043-email-parsing-errors.patch + - fix_configure_rst.patch + - skip_if_buildbot-extend.patch +- Remove included patch: + - support-expat-CVE-2022-25236-patched.patch + +------------------------------------------------------------------- +Mon Apr 15 10:31:32 UTC 2024 - Daniel Garcia + +- Add CVE-2023-52425-libexpat-2.6.0-backport.patch to fix tests with + patched libexpat below 2.6.0 that doesn't update the version number, + just in SLE. + +------------------------------------------------------------------- +Mon Apr 8 05:44:04 UTC 2024 - Daniel Garcia + +- Remove not needed upstream patches: + * libexpat260.patch + * CVE-2023-6597-TempDir-cleaning-symlink.patch, bsc#1219666 + * CVE-2024-0397-memrace_ssl.SSLContext_cert_store.patch + +- Update to 3.11.9: + * Security + - gh-115398: Allow controlling Expat >=2.6.0 reparse deferral + (CVE-2023-52425, bsc#1219559) by adding five new methods: + xml.etree.ElementTree.XMLParser.flush() + xml.etree.ElementTree.XMLPullParser.flush() + xml.parsers.expat.xmlparser.GetReparseDeferralEnabled() + xml.parsers.expat.xmlparser.SetReparseDeferralEnabled() + xml.sax.expatreader.ExpatParser.flush() + - gh-115399: Update bundled libexpat to 2.6.0 + - gh-115243: Fix possible crashes in collections.deque.index() + when the deque is concurrently modified. + - gh-114572: ssl.SSLContext.cert_store_stats() and + ssl.SSLContext.get_ca_certs() now correctly lock access to the + certificate store, when the ssl.SSLContext is shared across + multiple threads (bsc#1226447, CVE-2024-0397). + * Core and Builtins + - gh-116296: Fix possible refleak in object.__reduce__() internal + error handling. + - gh-116034: Fix location of the error on a failed assertion. + - gh-115823: Properly calculate error ranges in the parser when + raising SyntaxError exceptions caused by invalid byte sequences. + Patch by Pablo Galindo + - gh-112087: For an empty reverse iterator for list will be + reduced to reversed(). Patch by Donghee Na. + - gh-115011: Setters for members with an unsigned integer type now + support the same range of valid values for objects that has a + __index__() method as for int. + - gh-96497: Fix incorrect resolution of mangled class variables + used in assignment expressions in comprehensions. + * Library + - gh-117310: Fixed an unlikely early & extra Py_DECREF triggered + crash in ssl when creating a new _ssl._SSLContext if CPython was + built implausibly such that the default cipher list is empty or + the SSL library it was linked against reports a failure from its + C SSL_CTX_set_cipher_list() API. + - gh-117178: Fix regression in lazy loading of self-referential + modules, introduced in gh-114781. + - gh-117084: Fix zipfile extraction for directory entries with the + name containing backslashes on Windows. + - gh-117110: Fix a bug that prevents subclasses of typing.Any to + be instantiated with arguments. Patch by Chris Fu. + - gh-90872: On Windows, subprocess.Popen.wait() no longer calls + WaitForSingleObject() with a negative timeout: pass 0 ms if the + timeout is negative. Patch by Victor Stinner. + - gh-116957: configparser: Don’t leave ConfigParser values in an + invalid state (stored as a list instead of a str) after an + earlier read raised DuplicateSectionError or + DuplicateOptionError. + - gh-90095: Ignore empty lines and comments in .pdbrc + - gh-116764: Restore support of None and other false values in + urllib.parse functions parse_qs() and parse_qsl(). Also, they + now raise a TypeError for non-zero integers and non-empty + sequences. + - gh-116811: In PathFinder.invalidate_caches, delegate to + MetadataPathFinder.invalidate_caches. + - gh-116600: Fix repr() for global Flag members. + - gh-116484: Change automatically generated tkinter.Checkbutton + widget names to avoid collisions with automatically generated + tkinter.ttk.Checkbutton widget names within the same parent + widget. + - gh-116401: Fix blocking os.fwalk() and shutil.rmtree() on + opening named pipe. + - gh-116143: Fix a race in pydoc _start_server, eliminating a + window in which _start_server can return a thread that is + “serving” but without a docserver set. + - gh-116325: typing: raise SyntaxError instead of AttributeError + on forward references as empty strings. + - gh-90535: Fix support of interval values > 1 in + logging.TimedRotatingFileHandler for when='MIDNIGHT' and + when='Wx'. + - gh-115978: Disable preadv(), readv(), pwritev(), and writev() on + WASI. + - Under wasmtime for WASI 0.2, these functions don’t pass + test_posix + (https://github.com/bytecodealliance/wasmtime/issues/7830). + - gh-88352: Fix the computation of the next rollover time in the + logging.TimedRotatingFileHandler handler. computeRollover() now + always returns a timestamp larger than the specified time and + works correctly during the DST change. doRollover() no longer + overwrite the already rolled over file, saving from data loss + when run at midnight or during repeated time at the DST change. + - gh-87115: Set __main__.__spec__ to None when running a script + with pdb + - gh-76511: Fix UnicodeEncodeError in email.Message.as_string() + that results when a message that claims to be in the ascii + character set actually has non-ascii characters. Non-ascii + characters are now replaced with the U+FFFD replacement + character, like in the replace error handler. + - gh-75988: Fixed unittest.mock.create_autospec() to pass the call + through to the wrapped object to return the real result. + - gh-115881: Fix issue where ast.parse() would incorrectly flag + conditional context managers (such as with (x() if y else z()): + ...) as invalid syntax if feature_version=(3, 8) was passed. + This reverts changes to the grammar made as part of gh-94949. + - gh-115886: Fix silent truncation of the name with an embedded + null character in multiprocessing.shared_memory.SharedMemory. + - gh-115809: Improve algorithm for computing which rolled-over log + files to delete in logging.TimedRotatingFileHandler. It is now + reliable for handlers without namer and with arbitrary + deterministic namer that leaves the datetime part in the file + name unmodified. + - gh-74668: urllib.parse functions parse_qs() and parse_qsl() now + support bytes arguments containing raw and percent-encoded + non-ASCII data. + - gh-67044: csv.writer() now always quotes or escapes '\r' and + '\n', regardless of lineterminator value. + - gh-115712: csv.writer() now quotes empty fields if delimiter is + a space and skipinitialspace is true and raises exception if + quoting is not possible. + - gh-115618: Fix improper decreasing the reference count for None + argument in property methods getter(), setter() and deleter(). + - gh-115570: A DeprecationWarning is no longer omitted on access + to the __doc__ attributes of the deprecated typing.io and + typing.re pseudo-modules. + - gh-112006: Fix inspect.unwrap() for types with the __wrapper__ + data descriptor. + - gh-101293: Support callables with the __call__() method and + types with __new__() and __init__() methods set to class + methods, static methods, bound methods, partial functions, and + other types of methods and descriptors in + inspect.Signature.from_callable(). + - gh-115392: Fix a bug in doctest where incorrect line numbers + would be reported for decorated functions. + - gh-114563: Fix several format() bugs when using the C + implementation of Decimal: * memory leak in some rare cases when + using the z format option (coerce negative 0) * incorrect output + when applying the z format option to type F (fixed-point with + capital NAN / INF) * incorrect output when applying the # format + option (alternate form) + - gh-115197: urllib.request no longer resolves the hostname before + checking it against the system’s proxy bypass list on macOS and + Windows. + - gh-115198: Fix support of Docutils >= 0.19 in distutils. + - gh-115165: Most exceptions are now ignored when attempting to + set the __orig_class__ attribute on objects returned when + calling typing generic aliases (including generic aliases + created using typing.Annotated). Previously only AttributeError + was ignored. Patch by Dave Shawley. + - gh-115133: Fix tests for XMLPullParser with Expat 2.6.0. + - gh-115059: io.BufferedRandom.read1() now flushes the underlying + write buffer. + - gh-79382: Trailing ** no longer allows to match files and + non-existing paths in recursive glob(). + - gh-114763: Protect modules loaded with importlib.util.LazyLoader + from race conditions when multiple threads try to access + attributes before the loading is complete. + - gh-97959: Fix rendering class methods, bound methods, method and + function aliases in pydoc. Class methods no longer have “method + of builtins.type instance” note. Corresponding notes are now + added for class and unbound methods. Method and function aliases + now have references to the module or the class where the origin + was defined if it differs from the current. Bound methods are + now listed in the static methods section. Methods of builtin + classes are now supported as well as methods of Python classes. + - gh-112281: Allow creating union of types for typing.Annotated + with unhashable metadata. + - gh-111775: Fix importlib.resources.simple.ResourceHandle.open() + for text mode, added missed stream argument. + - gh-90095: Make .pdbrc and -c work with any valid pdb commands. + - gh-107155: Fix incorrect output of help(x) where x is a lambda + function, which has an __annotations__ dictionary attribute with + a "return" key. + - gh-105866: Fixed _get_slots bug which caused error when defining + dataclasses with slots and a weakref_slot. + - gh-60346: Fix ArgumentParser inconsistent with parse_known_args. + - gh-100985: Update HTTPSConnection to consistently wrap IPv6 + Addresses when using a proxy. + - gh-100884: email: fix misfolding of comma in address-lists over + multiple lines in combination with unicode encoding. + - gh-95782: Fix io.BufferedReader.tell(), + io.BufferedReader.seek(), _pyio.BufferedReader.tell(), + io.BufferedRandom.tell(), io.BufferedRandom.seek() and + _pyio.BufferedRandom.tell() being able to return negative + offsets. + - gh-96310: Fix a traceback in argparse when all options in a + mutually exclusive group are suppressed. + - gh-93205: Fixed a bug in + logging.handlers.TimedRotatingFileHandler where multiple + rotating handler instances pointing to files with the same name + but different extensions would conflict and not delete the + correct files. + - bpo-44865: Add missing call to localization function in + argparse. + - bpo-43952: Fix multiprocessing.connection.Listener.accept() to + accept empty bytes as authkey. Not accepting empty bytes as key + causes it to hang indefinitely. + - bpo-42125: linecache: get module name from __spec__ if + available. This allows getting source code for the __main__ + module when a custom loader is used. + - gh-66543: Make mimetypes.guess_type() properly parsing of URLs + with only a host name, URLs containing fragment or query, and + filenames with only a UNC sharepoint on Windows. Based on patch + by Dong-hee Na. + - bpo-33775: Add ‘default’ and ‘version’ help text for + localization in argparse. + * Documentation + - gh-115399: Document CVE-2023-52425 of Expat <2.6.0 under “XML + vulnerabilities”. + - gh-115233: Fix an example for LoggerAdapter in the Logging + Cookbook. + * Tests + - gh-83434: Disable JUnit XML output (--junit-xml=FILE command + line option) in regrtest when hunting for reference leaks (-R + option). Patch by Victor Stinner. + - gh-117187: Fix XML tests for vanilla Expat <2.6.0. + - gh-115979: Update test_importlib so that it passes under WASI + SDK 21. + - gh-116307: Added import helper isolated_modules as CleanImport + does not remove modules imported during the context. + - gh-115720: Leak tests (-R, --huntrleaks) now show a summary of + the number of leaks found in each iteration. + - gh-115122: Add --bisect option to regrtest test runner: run + failed tests with test.bisect_cmd to identify failing tests. + Patch by Victor Stinner. + - gh-115596: Fix ProgramPriorityTests in test_os permanently + changing the process priority. + - gh-115198: Fix test_check_metadata_deprecate in distutils tests + with a newer Docutils. + * Build + - gh-116313: Get WASI builds to work under wasmtime 18 w/ WASI + 0.2/preview2 primitives. + - gh-115167: Avoid vendoring vcruntime140_threads.dll when + building with Visual Studio 2022 version 17.8. + * Windows + - gh-116773: Fix instances of <_overlapped.Overlapped object at + 0xXXX> still has pending operation at deallocation, the process + may crash. + - gh-91227: Fix the asyncio ProactorEventLoop implementation so + that sending a datagram to an address that is not listening does + not prevent receiving any more datagrams. + - gh-115554: The installer now has more strict rules about + updating the Python Launcher for Windows. In general, most users + only have a single launcher installed and will see no + difference. When multiple launchers have been installed, the + option to install the launcher is disabled until all but one + have been removed. Downgrading the launcher (which was never + allowed) is now more obviously blocked. + - gh-115543: Python Launcher for Windows can now detect Python + 3.13 when installed from the Microsoft Store, and will install + Python 3.12 by default when PYLAUNCHER_ALLOW_INSTALL is set. + - gh-115009: Update Windows installer to use SQLite 3.45.1. + * IDLE + - gh-88516: On macOS show a proxy icon in the title bar of editor + windows to match platform behaviour. + * Tools/Demos + - gh-113516: Don’t set LDSHARED when building for WASI. + * C API + - gh-117021: Fix integer overflow in PyLong_AsPid() on non-Windows + 64-bit platforms. + +------------------------------------------------------------------- +Sun Mar 24 07:51:45 UTC 2024 - Matej Cepl + +- Add reference to CVE-2024-0450 (bsc#1221854) to changelog. + +------------------------------------------------------------------- +Fri Mar 22 21:22:27 UTC 2024 - Matej Cepl + +- Because of bsc#1189495 we have to revert use of %autopatch. + +------------------------------------------------------------------- +Tue Mar 12 08:44:47 UTC 2024 - Matej Cepl + +- Rewrite %prep to use %autosetup et al. for compatibility with + rpm 4.20. + +------------------------------------------------------------------- +Tue Mar 12 08:13:34 UTC 2024 - Matej Cepl + +- bsc#1221260 add bsc1221260-test_asyncio-ResourceWarning.patch + to eliminate ResourceWarning which broke the test suite in + test_asyncio. + +------------------------------------------------------------------- +Wed Mar 6 14:13:58 UTC 2024 - Pedro Monreal + +- Use the system-wide crypto-policies [bsc#1211301] + * Use the system default cipher list instead of hardcoded values + * Add the --with-ssl-default-suites=openssl configure option + +------------------------------------------------------------------- +Fri Feb 23 01:06:42 UTC 2024 - Matej Cepl + +- (bsc#1219666, CVE-2023-6597) Add + CVE-2023-6597-TempDir-cleaning-symlink.patch (patch from + gh#python/cpython!99930) fixing symlink bug in cleanup of + tempfile.TemporaryDirectory. + +------------------------------------------------------------------- +Tue Feb 20 22:14:02 UTC 2024 - Matej Cepl + +- Remove double definition of /usr/bin/idle%%{version} in + %%files. + +------------------------------------------------------------------- +Thu Feb 15 10:29:07 UTC 2024 - Daniel Garcia + +- Add upstream patch libexpat260.patch, Fix tests for XMLPullParser + with Expat 2.6.0, gh#python/cpython#115289 + +------------------------------------------------------------------- +Thu Feb 8 07:27:40 UTC 2024 - Daniel Garcia + +- Update to 3.11.8: + - Security + - gh-113659: Skip .pth files with names starting with a dot or + hidden file attribute. + - Core and Builtins + - gh-114887: Changed socket type validation in + create_datagram_endpoint() to accept all non-stream sockets. + This fixes a regression in compatibility with raw sockets. + - gh-114388: Fix a RuntimeWarning emitted when assign an + integer-like value that is not an instance of int to an + attribute that corresponds to a C struct member of type T_UINT + and T_ULONG. Fix a double RuntimeWarning emitted when assign a + negative integer value to an attribute that corresponds to a C + struct member of type T_UINT. + - gh-89811: Check for a valid tp_version_tag before performing + bytecode specializations that rely on this value being usable. + - gh-113602: Fix an error that was causing the parser to try to + overwrite existing errors and crashing in the process. Patch by + Pablo Galindo + - gh-113566: Fix a 3.11-specific crash when the repr of a Future + is requested after the module has already been + garbage-collected. + - gh-106905: Use per AST-parser state rather than global state to + track recursion depth within the AST parser to prevent potential + race condition due to simultaneous parsing. + - The issue primarily showed up in 3.11 by multithreaded users of + ast.parse(). In 3.12 a change to when garbage collection can be + triggered prevented the race condition from occurring. + - gh-112716: Fix SystemError in the import statement and in + __reduce__() methods of builtin types when __builtins__ is not a + dict. + - gh-105967: Workaround a bug in Apple’s macOS platform zlib + library where zlib.crc32() and binascii.crc32() could produce + incorrect results on multi-gigabyte inputs. Including when using + zipfile on zips containing large data. + - gh-94606: Fix UnicodeEncodeError when + email.message.get_payload() reads a message with a Unicode + surrogate character and the message content is not well-formed + for surrogateescape encoding. Patch by Sidney Markowitz. + - Library + - gh-114965: Update bundled pip to 24.0 + - gh-114959: tarfile no longer ignores errors when trying to + extract a directory on top of a file. + - gh-109475: Fix support of explicit option value “–” in argparse + (e.g. --option=--). + - gh-110190: Fix ctypes structs with array on Windows ARM64 + platform by setting MAX_STRUCT_SIZE to 32 in stgdict. Patch by + Diego Russo + - gh-113280: Fix a leak of open socket in rare cases when error + occurred in ssl.SSLSocket creation. + - gh-77749: email.policy.EmailPolicy.fold() now always encodes + non-ASCII characters in headers if utf8 is false. + - gh-114492: Make the result of termios.tcgetattr() reproducible + on Alpine Linux. Previously it could leave a random garbage in + some fields. + - gh-75128: Ignore an OSError in + asyncio.BaseEventLoop.create_server() when IPv6 is available but + the interface cannot actually support it. + - gh-114257: Dismiss the FileNotFound error in + ctypes.util.find_library() and just return None on Linux. + - gh-101438: Avoid reference cycle in ElementTree.iterparse. The + iterator returned by ElementTree.iterparse may hold on to a file + descriptor. The reference cycle prevented prompt clean-up of the + file descriptor if the returned iterator was not exhausted. + - gh-104522: OSError raised when run a subprocess now only has + filename attribute set to cwd if the error was caused by a + failed attempt to change the current directory. + - gh-109534: Fix a reference leak in + asyncio.selector_events.BaseSelectorEventLoop when SSL + handshakes fail. Patch contributed by Jamie Phan. + - gh-114077: Fix possible OverflowError in + socket.socket.sendfile() when pass count larger than 2 GiB on + 32-bit platform. + - gh-114014: Fixed a bug in fractions.Fraction where an invalid + string using d in the decimals part creates a different error + compared to other invalid letters/characters. Patch by Jeremiah + Gabriel Pascual. + - gh-113951: Fix the behavior of tag_unbind() methods of + tkinter.Text and tkinter.Canvas classes with three arguments. + Previously, widget.tag_unbind(tag, sequence, funcid) destroyed + the current binding for sequence, leaving sequence unbound, and + deleted the funcid command. Now it removes only funcid from the + binding for sequence, keeping other commands, and deletes the + funcid command. It leaves sequence unbound only if funcid was + the last bound command. + - gh-113877: Fix tkinter method winfo_pathname() on 64-bit + Windows. + - gh-113781: Silence unraisable AttributeError when warnings are + emitted during Python finalization. + - gh-113594: Fix UnicodeEncodeError in email when re-fold lines + that contain unknown-8bit encoded part followed by + non-unknown-8bit encoded part. + - gh-113538: In asyncio.StreamReaderProtocol.connection_made(), + there is callback that logs an error if the task wrapping the + “connected callback” fails. This callback would itself fail if + the task was cancelled. Prevent this by checking whether the + task was cancelled first. If so, close the transport but don’t + log an error. + - gh-85567: Fix resource warnings for unclosed files in pickle and + pickletools command line interfaces. + - gh-101225: Increase the backlog for + multiprocessing.connection.Listener objects created by + multiprocessing.manager and multiprocessing.resource_sharer to + significantly reduce the risk of getting a connection refused + error when creating a multiprocessing.connection.Connection to + them. + - gh-113543: Make sure that webbrowser.MacOSXOSAScript sends + webbrowser.open audit event. + - gh-113028: When a second reference to a string appears in the + input to pickle, and the Python implementation is in use, we are + guaranteed that a single copy gets pickled and a single object + is shared when reloaded. Previously, in protocol 0, when a + string contained certain characters (e.g. newline) it resulted + in duplicate objects. + - gh-113421: Fix multiprocessing logger for %(filename)s. + - gh-113358: Fix rendering tracebacks for exceptions with a broken + __getattr__. + - gh-113214: Fix an AttributeError during asyncio SSL protocol + aborts in SSL-over-SSL scenarios. + - gh-113246: Update bundled pip to 23.3.2. + - gh-113199: Make http.client.HTTPResponse.read1 and + http.client.HTTPResponse.readline close IO after reading all + data when content length is known. Patch by Illia Volochii. + - gh-113188: Fix shutil.copymode() and shutil.copystat() on + Windows. Previously they worked differenly if dst is a symbolic + link: they modified the permission bits of dst itself rather + than the file it points to if follow_symlinks is true or src is + not a symbolic link, and did not modify the permission bits if + follow_symlinks is false and src is a symbolic link. + - gh-61648: Detect line numbers of properties in doctests. + - gh-112559: signal.signal() and signal.getsignal() no longer call + repr on callable handlers. asyncio.run() and + asyncio.Runner.run() no longer call repr on the task results. + Patch by Yilei Yang. + - gh-110190: Fix ctypes structs with array on PPC64LE platform by + setting MAX_STRUCT_SIZE to 64 in stgdict. Patch by Diego Russo. + - gh-79429: Ignore FileNotFoundError when remove a temporary + directory in the multiprocessing finalizer. + - gh-79325: Fix an infinite recursion error in + tempfile.TemporaryDirectory() cleanup on Windows. + - gh-110190: Fix ctypes structs with array on Arm platform by + setting MAX_STRUCT_SIZE to 32 in stgdict. Patch by Diego Russo. + - gh-81194: Fix a crash in socket.if_indextoname() with specific + value (UINT_MAX). Fix an integer overflow in + socket.if_indextoname() on 64-bit non-Windows platforms. + - gh-75666: Fix the behavior of tkinter widget’s unbind() method + with two arguments. Previously, widget.unbind(sequence, funcid) + destroyed the current binding for sequence, leaving sequence + unbound, and deleted the funcid command. Now it removes only + funcid from the binding for sequence, keeping other commands, + and deletes the funcid command. It leaves sequence unbound only + if funcid was the last bound command. + - gh-110345: Show the Tcl/Tk patchlevel (rather than version) in + tkinter._test(). + - gh-109858: Protect zipfile from “quoted-overlap” zipbomb. It now + raises BadZipFile when try to read an entry that overlaps with + other entry or central directory (bsc#1221854, CVE-2024-0450). + - gh-38807: Fix race condition in trace. Instead of checking if a + directory exists and creating it, directly call os.makedirs() + with the kwarg exist_ok=True. + - gh-75705: Set unixfrom envelope in mailbox.mbox and + mailbox.MMDF. + - gh-105102: Allow ctypes.Union to be nested in ctypes.Structure + when the system endianness is the opposite of the classes. + - gh-104282: Fix null pointer dereference in + lzma._decode_filter_properties() due to improper handling of BCJ + filters with properties of zero length. Patch by Radislav + Chugunov. + - gh-102512: When os.fork() is called from a foreign thread (aka + _DummyThread), the type of the thread in a child process is + changed to _MainThread. Also changed its name and daemonic + status, it can be now joined. + - gh-91133: Fix a bug in tempfile.TemporaryDirectory cleanup, + which now no longer dereferences symlinks when working around + file system permission errors. + - bpo-43153: On Windows, tempfile.TemporaryDirectory previously + masked a PermissionError with NotADirectoryError during + directory cleanup. It now correctly raises PermissionError if + errors are not ignored. Patch by Andrei Kulakov and Ken Jin. + - bpo-35332: The shutil.rmtree() function now ignores errors when + calling os.close() when ignore_errors is True, and os.close() no + longer retried after error. + - bpo-35928: io.TextIOWrapper now correctly handles the decoding + buffer after read() and write(). + - bpo-26791: shutil.move() now moves a symlink into a directory + when that directory is the target of the symlink. This provides + the same behavior as the mv shell command. The previous behavior + raised an exception. Patch by Jeffrey Kintscher. + - bpo-36959: Fix some error messages for invalid ISO format string + combinations in strptime() that referred to directives not + contained in the format string. Patch by Gordon P. Hemsley. + - bpo-18060: Fixed a class inheritance issue that can cause + segfaults when deriving two or more levels of subclasses from a + base class of Structure or Union. + - Documentation + - gh-110746: Improved markup for valid options/values for methods + ttk.treeview.column and ttk.treeview.heading, and for Layouts. + - gh-95649: Document that the asyncio module contains code taken + from v0.16.0 of the uvloop project, as well as the required MIT + licensing information. + - Tests + - gh-109980: Fix test_tarfile_vs_tar in test_shutil for macOS, + where system tar can include more information in the archive + than shutil.make_archive. + - gh-112769: The tests now correctly compare zlib version when + zlib.ZLIB_RUNTIME_VERSION contains non-integer suffixes. For + example zlib-ng defines the version as 1.3.0.zlib-ng. + - gh-105089: Fix + test.test_zipfile.test_core.TestWithDirectory.test_create_directory_with_write + test in AIX by doing a bitwise AND of 0xFFFF on mode , so that + it will be in sync with zinfo.external_attr + - bpo-40648: Test modes that file can get with chmod() on Windows. + - Build + - gh-101778: Fix build error when there’s a dangling symlink in + the directory containing ffi.h. + - gh-112305: Fixed the check-clean-src step performed on out of + tree builds to detect errant $(srcdir)/Python/frozen_modules/*.h + files and recommend appropriate source tree cleanup steps to get + a working build again. + - bpo-11102: The os.major(), os.makedev(), and os.minor() + functions are now available on HP-UX v3. + - bpo-36351: Do not set ipv6type when cross-compiling. + - IDLE + - gh-96905: In idlelib code, stop redefining built-ins ‘dict’ and + ‘object’. + - gh-72284: Improve the lists of features, editor key bindings, + and shell key bingings in the IDLE doc. + - gh-113903: Fix rare failure of test.test_idle, in + test_configdialog. + - gh-113729: Fix the “Help -> IDLE Doc” menu bug in 3.11.7 and + 3.12.1. + - gh-113269: Fix test_editor hang on macOS Catalina. + - gh-112898: Fix processing unsaved files when quitting IDLE on + macOS. + - gh-103820: Revise IDLE bindings so that events from mouse button + 4/5 on non-X11 windowing systems (i.e. Win32 and Aqua) are not + mistaken for scrolling. + - bpo-13586: Enter the selected text when opening the “Replace” + dialog. + - Tools/Demos + - gh-109991: Update GitHub CI workflows to use OpenSSL 3.0.13 and + multissltests to use 1.1.1w, 3.0.13, 3.1.5, and 3.2.1. + - gh-115015: Fix a bug in Argument Clinic that generated incorrect + code for methods with no parameters that use the METH_METHOD | + METH_FASTCALL | METH_KEYWORDS calling convention. Only the + positional parameter count was checked; any keyword argument + passed would be silently accepted. +- Remove upstreamed patches: + - CVE-2024-0450-zipfile-avoid-quoted-overlap-zipbomb.patch +- Refresh all patches: + - CVE-2023-27043-email-parsing-errors.patch + - F00251-change-user-install-location.patch + - bpo-31046_ensurepip_honours_prefix.patch + - distutils-reproducible-compile.patch + - fix_configure_rst.patch + - python-3.3.0b1-fix_date_time_compiler.patch + - python-3.3.0b1-localpath.patch + - python-3.3.0b1-test-posix_fadvise.patch + - skip_if_buildbot-extend.patch + - subprocess-raise-timeout.patch + - support-expat-CVE-2022-25236-patched.patch + +------------------------------------------------------------------- +Tue Dec 19 16:34:50 UTC 2023 - Daniel Garcia + +- Update patch fix_configure_rst.patch +- Update to 3.11.7: + - Core and Builtins + - gh-112625: Fixes a bug where a bytearray object could be cleared + while iterating over an argument in the bytearray.join() method + that could result in reading memory after it was freed. + - gh-112388: Fix an error that was causing the parser to try to + overwrite tokenizer errors. Patch by pablo Galindo + - gh-112387: Fix error positions for decoded strings with + backwards tokenize errors. Patch by Pablo Galindo + - gh-112266: Change docstrings of __dict__ and __weakref__. + - gh-109181: Speed up Traceback object creation by lazily compute + the line number. Patch by Pablo Galindo + - gh-102388: Fix a bug where iso2022_jp_3 and iso2022_jp_2004 + codecs read out of bounds + - gh-111366: Fix an issue in the codeop that was causing + SyntaxError exceptions raised in the presence of invalid syntax + to not contain precise error messages. Patch by Pablo Galindo + - gh-111380: Fix a bug that was causing SyntaxWarning to appear + twice when parsing if invalid syntax is encountered later. Patch + by Pablo galindo + - gh-88116: Traceback location ranges involving wide unicode + characters (like emoji and asian characters) now are properly + highlighted. Patch by Batuhan Taskaya and Pablo Galindo. + - gh-94438: Fix a regression that prevented jumping across is None + and is not None when debugging. Patch by Savannah Ostrowski. + - gh-110696: Fix incorrect error message for invalid argument + unpacking. Patch by Pablo Galindo + - gh-110237: Fix missing error checks for calls to PyList_Append + in _PyEval_MatchClass. + - gh-109216: Fix possible memory leak in BUILD_MAP. + + - Library + - gh-112618: Fix a caching bug relating to typing.Annotated. + Annotated[str, True] is no longer identical to Annotated[str, + 1]. + - gh-112509: Fix edge cases that could cause a key to be present + in both the __required_keys__ and __optional_keys__ attributes + of a typing.TypedDict. Patch by Jelle Zijlstra. + - gh-94722: Fix bug where comparison between instances of DocTest + fails if one of them has None as its lineno. + - gh-112105: Make readline.set_completer_delims() work with + libedit + - gh-111942: Fix SystemError in the TextIOWrapper constructor with + non-encodable “errors” argument in non-debug mode. + - gh-109538: Issue warning message instead of having RuntimeError + be displayed when event loop has already been closed at + StreamWriter.__del__(). + - gh-111942: Fix crashes in io.TextIOWrapper.reconfigure() when + pass invalid arguments, e.g. non-string encoding. + - gh-111804: Remove posix.fallocate() under WASI as the underlying + posix_fallocate() is not available in WASI preview2. + - gh-111841: Fix truncating arguments on an embedded null + character in os.putenv() and os.unsetenv() on Windows. + - gh-111541: Fix doctest for SyntaxError not-builtin subclasses. + - gh-110894: Call loop exception handler for exceptions in + client_connected_cb of asyncio.start_server() so that + applications can handle it. Patch by Kumar Aditya. + - gh-111531: Fix reference leaks in bind_class() and bind_all() + methods of tkinter widgets. + - gh-111356: Added io.text_encoding(), io.DEFAULT_BUFFER_SIZE, and + io.IncrementalNewlineDecoder to io.__all__. + - gh-68166: Remove mention of not supported “vsapi” element type + in tkinter.ttk.Style.element_create(). Add tests for + element_create() and other ttk.Style methods. Add examples for + element_create() in the documentation. + - gh-111251: Fix _blake2 not checking for errors when + initializing. + - gh-111174: Fix crash in io.BytesIO.getbuffer() called repeatedly + for empty BytesIO. + - gh-111187: Postpone removal version for + locale.getdefaultlocale() to Python 3.15. + - gh-111159: Fix doctest output comparison for exceptions with + notes. + - gh-110910: Fix invalid state handling in asyncio.TaskGroup and + asyncio.Timeout. They now raise proper RuntimeError if they are + improperly used and are left in consistent state after this. + - gh-111092: Make turtledemo run without default root enabled. + - gh-110590: Fix a bug in _sre.compile() where TypeError would be + overwritten by OverflowError when the code argument was a list + of non-ints. + - gh-65052: Prevent pdb from crashing when trying to display + undisplayable objects + - gh-110519: Deprecation warning about non-integer number in + gettext now alwais refers to the line in the user code where + gettext function or method is used. Previously it could refer to + a line in gettext code. + - gh-110378: contextmanager() and asynccontextmanager() context + managers now close an invalid underlying generator object that + yields more then one value. + - gh-110365: Fix termios.tcsetattr() bug that was overwritting + existing errors during parsing integers from term list. + - gh-110196: Add __reduce__ method to IPv6Address in order to keep + scope_id + - gh-109747: Improve errors for unsupported look-behind patterns. + Now re.error is raised instead of OverflowError or RuntimeError + for too large width of look-behind pattern. + - gh-109786: Fix possible reference leaks and crash when re-enter + the __next__() method of itertools.pairwise. + - gh-108791: Improved error handling in pdb command line + interface, making it produce more concise error messages. + - gh-73561: Omit the interface scope from an IPv6 address when + used as Host header by http.client. + - gh-86826: zipinfo now supports the full range of values in the + TZ string determined by RFC 8536 and detects all invalid + formats. Both Python and C implementations now raise exceptions + of the same type on invalid data. + - bpo-41422: Fixed memory leaks of pickle.Pickler and + pickle.Unpickler involving cyclic references via the internal + memo mapping. + - bpo-40262: The ssl.SSLSocket.recv_into() method no longer + requires the buffer argument to implement __len__ and supports + buffers with arbitrary item size. + - bpo-35191: Fix unexpected integer truncation in + socket.setblocking() which caused it to interpret multiples of + 2**32 as False. + + - Documentation + - gh-108826: dis module command-line interface is now mentioned in + documentation. + + - Tests + - gh-110367: Make regrtest --verbose3 option compatible with + --huntrleaks -jN options. The ./python -m test -j1 -R 3:3 + --verbose3 command now works as expected. Patch by Victor + Stinner. + - gh-111309: distutils tests can now be run via unittest. + - gh-111165: Remove no longer used functions run_unittest() and + run_doctest() and class BasicTestRunner from the test.support + module. + - gh-110932: Fix regrtest if the SOURCE_DATE_EPOCH environment + variable is defined: use the variable value as the random seed. + Patch by Victor Stinner. + - gh-110995: test_gdb: Fix detection of gdb built without Python + scripting support. Patch by Victor Stinner. + - gh-110918: Test case matching patterns specified by options + --match, --ignore, --matchfile and --ignorefile are now tested + in the order of specification, and the last match determines + whether the test case be run or ignored. + - gh-110647: Fix test_stress_modifying_handlers() of test_signal. + Patch by Victor Stinner. + - gh-103053: Fix test_tools.test_freeze on FreeBSD: run “make + distclean” instead of “make clean” in the copied source + directory to remove also the “python” program. Patch by Victor + Stinner. + - gh-110167: Fix a deadlock in test_socket when server fails with + a timeout but the client is still running in its thread. Don’t + hold a lock to call cleanup functions in doCleanups(). One of + the cleanup function waits until the client completes, whereas + the client could deadlock if it called addCleanup() in such + situation. Patch by Victor Stinner. + - gh-110388: Add tests for tty. + - gh-81002: Add tests for termios. + - gh-110267: Add tests for pickling and copying PyStructSequence + objects. Patched by Xuehai Pan. + - gh-109974: Fix race conditions in test_threading lock tests. + Wait until a condition is met rather than using time.sleep() + with a hardcoded number of seconds. Patch by Victor Stinner. + - gh-109972: Split test_gdb.py file into a test_gdb package made + of multiple tests, so tests can now be run in parallel. Patch by + Victor Stinner. + - gh-104736: Fix test_gdb on Python built with LLVM clang 16 on + Linux ppc64le (ex: Fedora 38). Search patterns in gdb “bt” + command output to detect when gdb fails to retrieve the + traceback. For example, skip a test if Backtrace stopped: frame + did not save the PC is found. Patch by Victor Stinner. + - gh-108927: Fixed order dependence in running tests in the same + process when a test that has submodules (e.g. test_importlib) + follows a test that imports its submodule (e.g. + test_importlib.util) and precedes a test (e.g. test_unittest or + test_compileall) that uses that submodule. + + - Build + - gh-103053: “make check-clean-src” now also checks if the + “python” program is found in the source directory: fail with an + error if it does exist. Patch by Victor Stinner. + - gh-109191: Fix compile error when building with recent versions + of libedit. + + - IDLE + - bpo-35668: Add docstrings to the IDLE debugger module. Fix two + bugs: initialize Idb.botframe (should be in Bdb); in + Idb.in_rpc_code, check whether prev_frame is None before trying + to use it. Greatly expand test_debugger. + + - C API + - gh-112438: Fix support of format units “es”, “et”, “es#”, and + “et#” in nested tuples in PyArg_ParseTuple()-like functions. + - gh-109521: PyImport_GetImporter() now sets RuntimeError if it + fails to get sys.path_hooks or sys.path_importer_cache or they + are not list and dict correspondingly. Previously it could + return NULL without setting error in obscure cases, crash or + raise SystemError if these attributes have wrong type. +------------------------------------------------------------------- +Mon Dec 18 16:20:58 UTC 2023 - Matej Cepl + +- Refresh CVE-2023-27043-email-parsing-errors.patch to + gh#python/cpython!111116, fixing bsc#1210638 (CVE-2023-27043). +- Thus we can remove Revert-gh105127-left-tests.patch, which is + now useless. + +------------------------------------------------------------------- +Wed Nov 15 09:06:16 UTC 2023 - Daniel Garcia + +- Remove not needed patch 103213-fetch-CONFIG_ARGS.patch +- Refresh patches: + - bpo-31046_ensurepip_honours_prefix.patch + - fix_configure_rst.patch + +- Update to 3.11.6: + - Core and Builtins + - gh-109351: Fix crash when compiling an invalid AST involving a + named (walrus) expression. + - gh-109207: Fix a SystemError in __repr__ of symtable entry + object. + - gh-109179: Fix bug where the C traceback display drops notes + from SyntaxError. + - gh-88943: Improve syntax error for non-ASCII character that + follows a numerical literal. It now points on the invalid + non-ASCII character, not on the valid numerical literal. + - gh-108959: Fix caret placement for error locations for subscript + and binary operations that involve non-semantic parentheses and + spaces. Patch by Pablo Galindo + - gh-108520: Fix + multiprocessing.synchronize.SemLock.__setstate__() to properly + initialize multiprocessing.synchronize.SemLock._is_fork_ctx. + This fixes a regression when passing a SemLock accross nested + processes. + - Rename multiprocessing.synchronize.SemLock.is_fork_ctx to + multiprocessing.synchronize.SemLock._is_fork_ctx to avoid + exposing it as public API. + - Library + - gh-110036: On Windows, multiprocessing Popen.terminate() now + catchs PermissionError and get the process exit code. If the + process is still running, raise again the PermissionError. + Otherwise, the process terminated as expected: store its exit + code. Patch by Victor Stinner. + - gh-110038: Fixed an issue that caused KqueueSelector.select() to + not return all the ready events in some cases when a file + descriptor is registered for both read and write. + - gh-109631: re functions such as re.findall(), re.split(), + re.search() and re.sub() which perform short repeated matches + can now be interrupted by user. + - gh-109593: Avoid deadlocking on a reentrant call to the + multiprocessing resource tracker. Such a reentrant call, though + unlikely, can happen if a GC pass invokes the finalizer for a + multiprocessing object such as SemLock. + - gh-109613: Fix os.stat() and os.DirEntry.stat(): check for + exceptions. Previously, on Python built in debug mode, these + functions could trigger a fatal Python error (and abort the + process) when a function succeeded with an exception set. Patch + by Victor Stinner. + - gh-109375: The pdb alias command now prevents registering + aliases without arguments. + - gh-107219: Fix a race condition in concurrent.futures. When a + process in the process pool was terminated abruptly (while the + future was running or pending), close the connection write end. + If the call queue is blocked on sending bytes to a worker + process, closing the connection write end interrupts the send, + so the queue can be closed. Patch by Victor Stinner. + - gh-50644: Attempts to pickle or create a shallow or deep copy of + codecs streams now raise a TypeError. Previously, copying failed + with a RecursionError, while pickling produced wrong results + that eventually caused unpickling to fail with a RecursionError. + - gh-108987: Fix _thread.start_new_thread() race condition. If a + thread is created during Python finalization, the newly spawned + thread now exits immediately instead of trying to access freed + memory and lead to a crash. Patch by Victor Stinner. + - gh-108843: Fix an issue in ast.unparse() when unparsing + f-strings containing many quote types. + - gh-108682: Enum: raise TypeError if super().__new__() is called + from a custom __new__. + - gh-105829: Fix concurrent.futures.ProcessPoolExecutor deadlock + - gh-64662: Fix support for virtual tables in + sqlite3.Connection.iterdump(). Patch by Aviv Palivoda. + - gh-107913: Fix possible losses of errno and winerror values in + OSError exceptions if they were cleared or modified by the + cleanup code before creating the exception object. + - gh-104372: On Linux where subprocess can use the vfork() syscall + for faster spawning, prevent the parent process from blocking + other threads by dropping the GIL while it waits for the + vfork’ed child process exec() outcome. This prevents spawning a + binary from a slow filesystem from blocking the rest of the + application. + - gh-84867: unittest.TestLoader no longer loads test cases from + exact unittest.TestCase and unittest.FunctionTestCase classes. + - Documentation + - gh-109209: The minimum Sphinx version required for the + documentation is now 4.2. + - gh-105052: Update timeit doc to specify that time in seconds is + just the default. + - gh-102823: Document the return type of x // y when x and y have + type float. + - Tests + - gh-110031: Skip test_threading tests using thread+fork if Python + is built with Address Sanitizer (ASAN). Patch by Victor Stinner. + - gh-110088: Fix test_asyncio timeouts: don’t measure the maximum + duration, a test should not measure a CI performance. Only + measure the minimum duration when a task has a timeout or delay. + Add CLOCK_RES to test_asyncio.utils. Patch by Victor Stinner. + - gh-110033: Fix test_interprocess_signal() of test_signal. Make + sure that the subprocess.Popen object is deleted before the test + raising an exception in a signal handler. Otherwise, + Popen.__del__() can get the exception which is logged as + Exception ignored in: ... and the test fails. Patch by Victor + Stinner. + - gh-109594: Fix test_timeout() of + test_concurrent_futures.test_wait. Remove the future which may + or may not complete depending if it takes longer than the + timeout ot not. Keep the second future which does not complete + before wait() timeout. Patch by Victor Stinner. + - gh-109748: Fix test_zippath_from_non_installed_posix() of + test_venv: don’t copy __pycache__/ sub-directories, because they + can be modified by other Python tests running in parallel. Patch + by Victor Stinner. + - gh-103053: Skip test_freeze_simple_script() of + test_tools.test_freeze if Python is built with ./configure + --enable-optimizations, which means with Profile Guided + Optimization (PGO): it just makes the test too slow. The freeze + tool is tested by many other CIs with other (faster) compiler + flags. Patch by Victor Stinner. + - gh-109396: Fix test_socket.test_hmac_sha1() in FIPS mode. Use a + longer key: FIPS mode requires at least of at least 112 bits. + The previous key was only 32 bits. Patch by Victor Stinner. + - gh-104736: Fix test_gdb on Python built with LLVM clang 16 on + Linux ppc64le (ex: Fedora 38). Search patterns in gdb “bt” + command output to detect when gdb fails to retrieve the + traceback. For example, skip a test if Backtrace stopped: frame + did not save the PC is found. Patch by Victor Stinner. + - gh-109237: Fix test_site.test_underpth_basic() when the working + directory contains at least one non-ASCII character: encode the + ._pth file to UTF-8 and enable the UTF-8 Mode to use UTF-8 for + the child process stdout. Patch by Victor Stinner. + - gh-109230: Fix test_pyexpat.test_exception(): it can now be run + from a directory different than Python source code directory. + Before, the test failed in this case. Skip the test if + Modules/pyexpat.c source is not available. Skip also the test on + Python implementations other than CPython. Patch by Victor + Stinner. + - gh-109015: Fix test_asyncio, test_imaplib and test_socket tests + on FreeBSD if the TCP blackhole is enabled (sysctl + net.inet.tcp.blackhole). Skip the few tests which failed with + ETIMEDOUT which such non standard configuration. Currently, the + FreeBSD GCP image enables TCP and UDP blackhole (sysctl + net.inet.tcp.blackhole=2 and sysctl net.inet.udp.blackhole=1). + Patch by Victor Stinner. + - gh-91960: Skip test_gdb if gdb is unable to retrieve Python + frame objects: if a frame is . When Python is + built with “clang -Og”, gdb can fail to retrive the frame + parameter of _PyEval_EvalFrameDefault(). In this case, tests + like py_bt() are likely to fail. Without getting access to + Python frames, python-gdb.py is mostly clueless on retrieving + the Python traceback. Moreover, test_gdb is no longer skipped on + macOS if Python is built with Clang. Patch by Victor Stinner. + - gh-108962: Skip test_tempfile.test_flags() if chflags() fails + with “OSError: [Errno 45] Operation not supported” (ex: on + FreeBSD 13). Patch by Victor Stinner. + - gh-89392: Removed support of test_main() function in tests. They + now always use normal unittest test runner. + - gh-108851: Fix test_tomllib recursion tests for WASI buildbots: + reduce the recursion limit and compute the maximum nested + array/dict depending on the current available recursion limit. + Patch by Victor Stinner. + - gh-108851: Add get_recursion_available() and + get_recursion_depth() functions to the test.support module. + Patch by Victor Stinner. + - gh-108822: regrtest now computes statistics on all tests: + successes, failures and skipped. test_netrc, test_pep646_syntax + and test_xml_etree now return results in their test_main() + function. Patch by Victor Stinner and Alex Waygood. + - gh-108388: Convert test_concurrent_futures to a package of 7 + sub-tests. Patch by Victor Stinner. + - gh-108388: Split test_multiprocessing_fork, + test_multiprocessing_forkserver and test_multiprocessing_spawn + into test packages. Each package is made of 4 sub-tests: + processes, threads, manager and misc. It allows running more + tests in parallel and so reduce the total test duration. Patch + by Victor Stinner. + - gh-101634: When running the Python test suite with -jN option, + if a worker stdout cannot be decoded from the locale encoding + report a failed testn so the exitcode is non-zero. Patch by + Victor Stinner. + - gh-100086: The Python test runner (libregrtest) now logs Python + build information like “debug” vs “release” build, or LTO and + PGO optimizations. Patch by Victor Stinner. + - gh-98903: The Python test suite now fails wit exit code 4 if no + tests ran. It should help detecting typos in test names and test + methods. + - gh-95027: On Windows, when the Python test suite is run with the + -jN option, the ANSI code page is now used as the encoding for + the stdout temporary file, rather than using UTF-8 which can + lead to decoding errors. Patch by Victor Stinner. + - gh-93353: regrtest now checks if a test leaks temporary files or + directories if run with -jN option. Patch by Victor Stinner. + - Build + - gh-63760: Fix Solaris build: no longer redefine the + gethostname() function. Solaris defines the function since 2005. + Patch by Victor Stinner, original patch by Jakub Kulík. + - gh-108740: Fix a race condition in make regen-all. The + deepfreeze.c source and files generated by Argument Clinic are + now generated or updated before generating “global objects”. + Previously, some identifiers may miss depending on the order in + which these files were generated. Patch by Victor Stinner. + - Windows + - gh-109991: Update Windows build to use OpenSSL 3.0.11. + - gh-107565: Update Windows build to use OpenSSL 3.0.10. + - macOS + - gh-109991: Update macOS installer to use OpenSSL 3.0.11. + - Tools/Demos + - gh-109991: Update GitHub CI workflows to use OpenSSL 3.0.11 and + multissltests to use 1.1.1w, 3.0.11, and 3.1.3. + +------------------------------------------------------------------- +Wed Sep 6 07:52:11 UTC 2023 - Daniel Garcia + +- Update to 3.11.5 (bsc#1214692): + - Security + - gh-108310: Fixed an issue where instances of ssl.SSLSocket were + vulnerable to a bypass of the TLS handshake and included + protections (like certificate verification) and treating sent + unencrypted data as if it were post-handshake TLS encrypted data. + Security issue reported as CVE-2023-40217 by Aapo Oksman. Patch by + Gregory P. Smith. + - Core and Builtins + - gh-104432: Fix potential unaligned memory access on C APIs + involving returned sequences of char * pointers within the grp + and socket modules. These were revealed using a + -fsaniziter=alignment build on ARM macOS. Patch by Christopher + Chavez. + - gh-77377: Ensure that multiprocessing synchronization objects + created in a fork context are not sent to a different process + created in a spawn context. This changes a segfault into an + actionable RuntimeError in the parent process. + - gh-106092: Fix a segmentation fault caused by a use-after-free + bug in frame_dealloc when the trashcan delays the deallocation + of a PyFrameObject. + - gh-106719: No longer suppress arbitrary errors in the + __annotations__ getter and setter in the type and module types. + - gh-106723: Propagate frozen_modules to multiprocessing spawned + process interpreters. + - gh-105979: Fix crash in _imp.get_frozen_object() due to improper + exception handling. + - gh-105840: Fix possible crashes when specializing function calls + with too many __defaults__. + - gh-105588: Fix an issue that could result in crashes when + compiling malformed ast nodes. + - gh-105375: Fix bugs in the builtins module where exceptions + could end up being overwritten. + - gh-105375: Fix bug in the compiler where an exception could end + up being overwritten. + - gh-105375: Improve error handling in + PyUnicode_BuildEncodingMap() where an exception could end up + being overwritten. + - gh-105235: Prevent out-of-bounds memory access during + mmap.find() calls. + - gh-101006: Improve error handling when read marshal data. + - Library + - gh-105736: Harmonized the pure Python version of OrderedDict + with the C version. Now, both versions set up their internal + state in __new__. Formerly, the pure Python version did the set + up in __init__. + - gh-107963: Fix multiprocessing.set_forkserver_preload() to check + the given list of modules names. Patch by Dong-hee Na. + - gh-106242: Fixes os.path.normpath() to handle embedded null + characters without truncating the path (bsc#1214693, + CVE-2023-41105). + - gh-107845: tarfile.data_filter() now takes the location of + symlinks into account when determining their target, so it will + no longer reject some valid tarballs with + LinkOutsideDestinationError. + - gh-107715: Fix doctest.DocTestFinder.find() in presence of class + names with special characters. Patch by Gertjan van Zwieten. + - gh-100814: Passing a callable object as an option value to a + Tkinter image now raises the expected TclError instead of an + AttributeError. + - gh-106684: Close asyncio.StreamWriter when it is not closed by + application leading to memory leaks. Patch by Kumar Aditya. + - gh-107077: Seems that in some conditions, OpenSSL will return + SSL_ERROR_SYSCALL instead of SSL_ERROR_SSL when a certification + verification has failed, but the error parameters will still + contain ERR_LIB_SSL and SSL_R_CERTIFICATE_VERIFY_FAILED. We are + now detecting this situation and raising the appropiate + ssl.SSLCertVerificationError. Patch by Pablo Galindo + - gh-107396: tarfiles; Fixed use before assignment of + self.exception for gzip decompression + - gh-62519: Make gettext.pgettext() search plural definitions when + translation is not found. + - gh-83006: Document behavior of shutil.disk_usage() for + non-mounted filesystems on Unix. + - gh-106186: Do not report MultipartInvariantViolationDefect + defect when the email.parser.Parser class is used to parse + emails with headersonly=True. + - gh-106831: Fix potential missing NULL check of d2i_SSL_SESSION + result in _ssl.c. + - gh-106774: Update the bundled copy of pip to version 23.2.1. + - gh-106752: Fixed several bug in zipfile.Path in + name/suffix/suffixes/stem operations when no filename is present + and the Path is not at the root of the zipfile. + - gh-106602: Add __copy__ and __deepcopy__ in enum + - gh-106530: Revert a change to colorsys.rgb_to_hls() that caused + division by zero for certain almost-white inputs. Patch by Terry + Jan Reedy. + - gh-106052: re module: fix the matching of possessive quantifiers + in the case of a subpattern containing backtracking. + - gh-106510: Improve debug output for atomic groups in regular + expressions. + - gh-105497: Fix flag mask inversion when unnamed flags exist. + - gh-90876: Prevent multiprocessing.spawn from failing to import + in environments where sys.executable is None. This regressed in + 3.11 with the addition of support for path-like objects in + multiprocessing. + - gh-106350: Detect possible memory allocation failure in the + libtommath function mp_init() used by the _tkinter module. + - gh-102541: Make pydoc.doc catch bad module ImportError when + output stream is not None. + - gh-106263: Fix crash when calling repr with a manually + constructed SignalDict object. Patch by Charlie Zhao. + - gh-105375: Fix a bug in _Unpickler_SetInputStream() where an + exception could end up being overwritten in case of failure. + - gh-105375: Fix bugs in sys where exceptions could end up being + overwritten because of deferred error handling. + - gh-105605: Harden pyexpat error handling during module + initialisation to prevent exceptions from possibly being + overwritten, and objects from being dereferenced twice. + - gh-105375: Fix bug in decimal where an exception could end up + being overwritten. + - gh-105375: Fix bugs in _datetime where exceptions could be + overwritten in case of module initialisation failure. + - gh-105375: Fix bugs in _ssl initialisation which could lead to + leaked references and overwritten exceptions. + - gh-105375: Fix a bug in array.array where an exception could end + up being overwritten. + - gh-105375: Fix bugs in _ctypes where exceptions could end up + being overwritten. + - gh-105375: Fix a bug in the posix module where an exception + could be overwritten. + - gh-105375: Fix bugs in _elementtree where exceptions could be + overwritten. + - gh-105375: Fix bugs in zoneinfo where exceptions could be + overwritten. + - gh-105375: Fix bugs in pickle where exceptions could be + overwritten. + - gh-105497: Fix flag inversion when alias/mask members exist. + - gh-105375: Fix bugs in pickle where exceptions could be + overwritten. + - gh-103171: Revert undocumented behaviour change with + runtime-checkable protocols decorated with typing.final() in + Python 3.11. The behaviour change had meant that objects would + not be considered instances of these protocols at runtime unless + they had a __final__ attribute. Patch by Alex Waygood. + - gh-105375: Fix a bug in sqlite3 where an exception could be + overwritten in the collation callback. + - gh-105332: Revert pickling method from by-name back to by-value. + - gh-104554: Add RTSPS scheme support in urllib.parse + - gh-100061: Fix a bug that causes wrong matches for regular + expressions with possessive qualifier. + - gh-102541: Hide traceback in help() prompt, when import failed. + - gh-99203: Restore following CPython <= 3.10.5 behavior of + shutil.make_archive(): do not create an empty archive if + root_dir is not a directory, and, in that case, raise + FileNotFoundError or NotADirectoryError regardless of format + choice. Beyond the brought-back behavior, the function may now + also raise these exceptions in dry_run mode. + - gh-94777: Fix hanging multiprocessing ProcessPoolExecutor when a + child process crashes while data is being written in the call + queue. + - bpo-18319: Ensure gettext(msg) retrieve translations even if a + plural form exists. In other words: gettext(msg) == + ngettext(msg, '', 1). + - Documentation + - gh-107008: Document the curses module variables LINES and COLS. + - gh-106948: Add a number of standard external names to + nitpick_ignore. + - gh-54738: Add documentation on how to localize the argparse + module. + - Tests + - gh-105776: Fix test_cppext when the C compiler command -std=c11 + option: remove -std= options from the compiler command. Patch by + Victor Stinner. + - gh-107237: test_logging: Fix test_udp_reconnection() by + increasing the timeout from 100 ms to 5 minutes (LONG_TIMEOUT). + Patch by Victor Stinner. + - gh-101634: When running the Python test suite with -jN option, + if a worker stdout cannot be decoded from the locale encoding + report a failed testn so the exitcode is non-zero. Patch by + Victor Stinner. + - Build + - gh-107814: When calling find_python.bat with -q it did not + properly silence the output of nuget. That is now fixed. + - gh-106881: Check for linux/limits.h before including it in + Modules/posixmodule.c. + - gh-104692: Include commoninstall as a prerequisite for + bininstall + - This ensures that commoninstall is completed before bininstall + is started when parallel builds are used (make -j install), and + so the python3 symlink is only installed after all standard + library modules are installed. + - gh-100340: Allows -Wno-int-conversion for wasm-sdk 17 and + onwards, thus enables building WASI builds once against the + latest sdk. + - Windows + - gh-106242: Fixes realpath() to behave consistently when passed a + path containing an embedded null character on Windows. In strict + mode, it now raises OSError instead of the unexpected + ValueError, and in non-strict mode will make the path absolute. + - gh-106844: Fix integer overflow in _winapi.LCMapStringEx() which + affects ntpath.normcase(). + - gh-99079: Update Windows build to use OpenSSL 3.0.9 + - gh-105436: Ensure that an empty environment block is terminated + by two null characters, as is required by Windows. + - macOS + - gh-107565: Update macOS installer to use OpenSSL 3.0.10. + - gh-99079: Update macOS installer to use OpenSSL 3.0.9. + - Tools/Demos + - gh-107565: Update multissltests and GitHub CI workflows to use + OpenSSL 1.1.1v, 3.0.10, and 3.1.2. + - gh-95065: Argument Clinic now supports overriding automatically + generated signature by using directive @text_signature. See How + to override the generated signature. + - gh-106970: Fix bugs in the Argument Clinic destination + clear command; the destination buffers would never be cleared, + and the destination directive parser would simply continue to + the fault handler after processing the command. Patch by Erlend + E. Aasland. + - C API + - gh-107916: C API functions PyErr_SetFromErrnoWithFilename(), + PyErr_SetExcFromWindowsErrWithFilename() and + PyErr_SetFromWindowsErrWithFilename() save now the error code + before calling PyUnicode_DecodeFSDefault(). + - gh-107915: Such C API functions as PyErr_SetString(), + PyErr_Format(), PyErr_SetFromErrnoWithFilename() and many others + no longer crash or ignore errors if it failed to format the + error message or decode the filename. Instead, they keep a + corresponding error. + - gh-107226: PyModule_AddObjectRef() is now only available in the + limited API version 3.10 or later. + - gh-105375: Fix a bug in PyErr_WarnExplicit() where an exception + could end up being overwritten if the API failed internally. + - gh-99612: Fix PyUnicode_DecodeUTF8Stateful() for ASCII-only + data: *consumed was not set. + +------------------------------------------------------------------- +Thu Aug 10 09:33:26 UTC 2023 - Dirk Müller + +- restrict PEP668 to ALP/Tumbleweed + +------------------------------------------------------------------- +Fri Aug 4 06:37:41 UTC 2023 - Dirk Müller + +- add externally_managed.in to label this build as PEP-668 managed + +------------------------------------------------------------------- +Thu Aug 3 14:53:38 UTC 2023 - Matej Cepl + +- IT MEANS THAT bsc#1210638 STILL HAS NOT BEEN FIXED! +- Add Revert-gh105127-left-tests.patch (gh#python/cpython!106941) + partially reverting CVE-2023-27043-email-parsing-errors.patch, + because of the regression in gh#python/cpython#106669. +- (bsc#1210638, CVE-2023-27043) Add + CVE-2023-27043-email-parsing-errors.patch, which detects email + address parsing errors and returns empty tuple to indicate the + parsing error (old API). (The patch is faulty, + gh#python/cpython#106669, but upstream decided not to just + revert it). + +------------------------------------------------------------------- +Wed Jun 28 19:47:28 UTC 2023 - Matej Cepl + +- Update to Python 3.11.4: + - gh-103142: The version of OpenSSL used in Windows and + Mac installers has been upgraded to 1.1.1u to address + CVE-2023-2650, CVE-2023-0465, CVE-2023-0466, CVE-2023-0464, + as well as CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303 + fixed previously in 1.1.1t (gh-101727). + - gh-102153: urllib.parse.urlsplit() now strips leading C0 + control and space characters following the specification for + URLs defined by WHATWG in response to CVE-2023-24329 + (bsc#1208471). + - gh-99889: Fixed a security in flaw in uu.decode() that could + allow for directory traversal based on the input if no + out_file was specified. + - gh-104049: Do not expose the local on-disk + location in directory indexes produced by + http.client.SimpleHTTPRequestHandler. + - gh-103935: trace.__main__ now uses io.open_code() for files + to be executed instead of raw open(). + - gh-102953: The extraction methods in tarfile, and + shutil.unpack_archive(), have a new filter argument that + allows limiting tar features than may be surprising or + dangerous, such as creating files outside the destination + directory. See Extraction filters for details (fixing + CVE-2007-4559, bsc#1203750). +- Remove upstreamed patches: + - CVE-2007-4559-filter-tarfile_extractall.patch + +------------------------------------------------------------------- +Mon Jun 26 13:02:05 UTC 2023 - Matej Cepl + +- Remove obsolete_python_versioned macro again. This mechanism + has no business to be in Python 3.11, because we have abolished + with it whole interpreter+setuptools+pip product. Python 3.11 + should not be replaced by later versions anymore. + +------------------------------------------------------------------- +Sun Apr 30 18:13:16 UTC 2023 - Matej Cepl + +- Add 103213-fetch-CONFIG_ARGS.patch (gh#python/cpython#103053). +- Add skip_if_buildbot-extend.patch to avoid the bug altogether + (extending what skip_if_buildbot covers). +- Add CVE-2007-4559-filter-tarfile_extractall.patch to fix + bsc#1203750 (CVE-2007-4559) and implementing "PEP 706 – Filter + for tarfile.extractall". + +------------------------------------------------------------------- +Thu Apr 27 21:57:15 UTC 2023 - Matej Cepl + +- Update to 3.11.3: + - Security + - gh-101727: Updated the OpenSSL version used in Windows + and macOS binary release builds to 1.1.1t to address + CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303 per the + OpenSSL 2023-02-07 security advisory. + - Core and Builtins + - gh-101975: Fixed stacktop value on tracing entries to avoid + corruption on garbage collection. + - gh-102701: Fix overflow when creating very large dict. + - gh-102416: Do not memoize incorrectly automatically + generated loop rules in the parser. Patch by Pablo Galindo. + - gh-102356: Fix a bug that caused a crash when deallocating + deeply nested filter objects. Patch by Marta Gómez Macías. + - gh-102397: Fix segfault from race condition in signal + handling during garbage collection. Patch by Kumar Aditya. + - gh-102281: Fix potential nullptr dereference and use of + uninitialized memory in fileutils. Patch by Max Bachmann. + - gh-102126: Fix deadlock at shutdown when clearing thread + states if any finalizer tries to acquire the runtime head + lock. Patch by Kumar Aditya. + - gh-102027: Fix SSE2 and SSE3 detection in _blake2 internal + module. Patch by Max Bachmann. + - gh-101967: Fix possible segfault in + positional_only_passed_as_keyword function, when new list + created. + - gh-101765: Fix SystemError / segmentation fault in iter + __reduce__ when internal access of builtins.__dict__ keys + mutates the iter object. + - gh-101696: Invalidate type version tag in + _PyStaticType_Dealloc for static types, avoiding bug where + a false cache hit could crash the interpreter. Patch by + Kumar Aditya. + - Library + - gh-102549: Don’t ignore exceptions in member type creation. + - gh-102947: Improve traceback when dataclasses.fields() is + called on a non-dataclass. Patch by Alex Waygood + - gh-102780: The asyncio.Timeout context manager now + works reliably even when performing cleanup due to task + cancellation. Previously it could raise a CancelledError + instead of an TimeoutError in such cases. + - gh-88965: typing: Fix a bug relating to substitution in . + Pacustom classes generic over a ParamSpec. Previously, if . + Pathe ParamSpec was substituted with a parameters list that . + Paitself contained a TypeVar, the TypeVar in the parameters . + Palist could not be subsequently substituted. This is now . + Pafixed tch by Nikita Sobolev . + - gh-101979: Fix a bug where parentheses in the metavar + argument to argparse.ArgumentParser.add_argument() were + dropped. Patch by Yeojin Kim. + - gh-102179: Fix os.dup2() error message for negative fds. + - gh-101961: For the binary mode, fileinput.hookcompressed() + doesn’t set the encoding value even if the value is + None. Patch by Gihwan Kim. + - gh-101936: The default value of fp becomes io.BytesIO + if HTTPError is initialized without a designated fp + parameter. Patch by Long Vo. + - gh-102069: Fix __weakref__ descriptor generation for custom + dataclasses. + - gh-101566: In zipfile, apply fix for extractall on the + underlying zipfile after being wrapped in Path. + - gh-101892: Callable iterators no longer raise SystemError + when the callable object exhausts the iterator but forgets + to either return a sentinel value or raise StopIteration. + - gh-97786: Fix potential undefined behaviour in corner cases + of floating-point-to-time conversions. + - gh-101517: Fixed bug where bdb looks up the source line + with linecache with a lineno=None, which causes it to fail + with an unhandled exception. + - gh-101673: Fix a pdb bug where ll clears the changes to + local variables. + - gh-96931: Fix incorrect results from + ssl.SSLSocket.shared_ciphers() + - gh-88233: Correctly preserve “extra” fields in zipfile + regardless of their ordering relative to a zip64 “extra.” + - gh-96127: inspect.signature was raising TypeError on + call with mock objects. Now it correctly returns (*args, + **kwargs) as infered signature. + - gh-95495: When built against OpenSSL 3.0, the ssl module + had a bug where it reported unauthenticated EOFs (i.e. + without close_notify) as a clean TLS-level EOF. It now + raises SSLEOFError, matching the behavior in previous + versions of OpenSSL. The options attribute on SSLContext + also no longer includes OP_IGNORE_UNEXPECTED_EOF by + default. This option may be set to specify the previous + OpenSSL 3.0 behavior. + - gh-94440: Fix a concurrent.futures.process bug where + ProcessPoolExecutor shutdown could hang after a future has + been quickly submitted and canceled. + - Documentation + - gh-103112: Add docstring to http.client.HTTPResponse.read() + to fix pydoc output. + - gh-85417: Update cmath documentation to clarify behaviour + on branch cuts. + - gh-97725: Fix asyncio.Task.print_stack() description for + file=None. Patch by Oleg Iarygin. + - Tests + - gh-102980: Improve test coverage on pdb. + - gh-102537: Adjust the error handling strategy in + test_zoneinfo.TzPathTest.python_tzpath_context. Patch by + Paul Ganssle. + - gh-89792: test_tools now copies up to 10x less source data + to a temporary directory during the freeze test by ignoring + git metadata and other artifacts. It also limits its python + build parallelism based on os.cpu_count instead of hard + coding it as 8 cores. + - gh-101377: Improved test_locale_calendar_formatweekday of + calendar. + - Build + - gh-102711: Fix -Wstrict-prototypes compiler warnings. + +------------------------------------------------------------------- +Fri Mar 3 17:23:35 UTC 2023 - Matej Cepl + +- Update to 3.11.2: + Bug fixes, no changes in API and no security bugs. + +------------------------------------------------------------------- +Wed Mar 1 20:50:04 UTC 2023 - Matej Cepl + +- Add python310 Obsoletes line to obsolete_python_versioned macro. + +------------------------------------------------------------------- +Tue Feb 21 11:34:49 UTC 2023 - Matej Cepl + +- Add provides for readline and sqlite3 to the main Python + package. + +------------------------------------------------------------------- +Thu Jan 26 13:28:24 UTC 2023 - Thorsten Kukuk + +- Disable NIS for new products, it's deprecated and gets removed + +------------------------------------------------------------------- +Tue Jan 24 12:23:34 UTC 2023 - Dirk Müller + +- build GLIBC hwcaps optimized versions of the interpreter + +------------------------------------------------------------------- +Tue Jan 10 11:11:56 UTC 2023 - Matej Cepl + +- Don't fail on Sphinx build warnings. +- For jsc#PED-1570, jsc#PED-2217 and jsc#PED-68, + providing Python 3.11 for SLE-15-SP4. + +------------------------------------------------------------------- +Thu Dec 8 14:59:50 UTC 2022 - Matej Cepl + +- Update to 3.11.1: + - python -m http.server no longer allows terminal control + characters sent within a garbage request to be printed + to the stderr server lo This is done by changing the + http.server BaseHTTPRequestHandler .log_message method to + replace control characters with a \xHH hex escape before + printin + - Avoid publishing list of active per-interpreter audit hooks + via the gc module + - The IDNA codec decoder used on DNS hostnames by socket or + asyncio related name resolution functions no longer involves + a quadratic algorithm. This prevents a potential CPU denial + of service if an out-of-spec excessive length hostname + involving bidirectional characters were decoded. Some + protocols such as urllib http 3xx redirects potentially allow + for an attacker to supply such a name (CVE-2022-45061). + - Update bundled libexpat to 2.5.0 + - Fix a shell code injection vulnerability in the + get-remote-certificate.py example script. The script no + longer uses a shell to run openssl commands. Issue reported + and initial fix by Caleb Shortt. Patch by Victor Stinner. + - Fix a crash when an object which does not have a dictionary + frees its instance values. + - Fix a bug in the tokenizer that could cause infinite + recursion when showing syntax warnings that happen in the + first line of the source. Patch by Pablo Galindo + - Fix an issue that could cause frames to be visible to Python + code as they are being torn down, possibly leading to memory + corruption or hard crashes of the interpreter. + - Fix a reference bug in _imp.create_builtin() after the + creation of the first sub-interpreter for modules builtins + and sys. Patch by Victor Stinner. + - Fixed a bug that was causing a buffer overflow if the + tokenizer copies a line missing the newline caracter from a + file that is as long as the available tokenizer buffer. Patch + by Pablo galindo + - Fix bug where an ExceptionGroup subclass can wrap a + BaseException. + - Fix zip path for venv created from a non-installed python on + POSIX platforms. + - Fix an issue that could potentially cause incorrect error + handling for some bytecode instructions. + - Fix an issue that prevented PyThreadState and + PyInterpreterState memory from being freed properly. + - Fix failure in except* with unhashable exceptions. + - Fix calculation of sys._base_executable when inside a POSIX + virtual environment using copies of the python binary when + the base installation does not provide the executable name + used by the venv. Calculation will fall back to alternative + names (“python”, “python.”). + - Update faulthandler to emit an error message with the proper + unexpected signal number. Patch by Dong-hee Na. + - Fix location of SyntaxError for a try block with both except + and except*. + - Fix the error reporting positions of specialized traceback + anchors when the source line contains Unicode characters. + - Fix subscription of type aliases containing bare generic + types or types like TypeVar: for example tuple[A, T][int] and + tuple[TypeVar, T][int], where A is a generic type, and T is a + type variable. + - Lower the recursion depth for marshal on WASI to support + wasmtime 2.0/main. + - Fix multiple crashes in debug mode when str subclasses are + used instead of str itself. + - Fix an issue where member descriptors (such as those for + __slots__) could behave incorrectly or crash instead of + raising a TypeError when accessed via an instance of an + invalid type. + - Suppress ImportError for invalid query for help() + command. Patch by Dong-hee Na. + - Fix detection of MAC addresses for uuid on certain OSs. Patch + by Chaim Sanders + - Print exception class name instead of its string + representation when raising errors from ctypes calls. + - os.sched_yield() now release the GIL while calling + sched_yield(2). Patch by Dong-hee Na. + - Fix an issue that could delay the specialization of PRECALL + instructions. + - Bugfix: PyFunction_GetAnnotations() should return a borrowed + reference. It was returning a new reference. + - Ensure that all Python frame objects are backed by “complete” + frames. + - Fixed a missing incref/decref pair in + Exception.__setstate__(). Patch by Ofey Chan. + - Fix the Python path configuration used to initialized + sys.path at Python startup. Paths are no longer encoded + to UTF-8/strict to avoid encoding errors if it contains + surrogate characters (bytes paths are decoded with the + surrogateescape error handler). Patch by Victor Stinner. + - Fix overly-broad source position information for chained + comparisons used as branching conditions. + - At Python exit, sometimes a thread holding the GIL can + wait forever for a thread (usually a daemon thread) which + requested to drop the GIL, whereas the thread already + exited. To fix the race condition, the thread which requested + the GIL drop now resets its request before exiting. Issue + discovered and analyzed by Mingliang ZHAO. Patch by Victor + Stinner. + - Fix a possible assertion failure, fatal error, or SystemError + if a line tracing event raises an exception while opcode + tracing is enabled. + - Fix undefined behaviour in C code of null pointer arithmetic. + - Make sure that all frame objects created are created from + valid interpreter frames. Prevents the possibility of invalid + frames in backtraces and signal handlers. + - Disable incorrect pickling of the C implemented classmethod + descriptors. + - On WASI ENOTCAPABLE is now mapped to PermissionError. The + errno modules exposes the new error number. getpath.py now + ignores PermissionError when it cannot open landmark files + pybuilddir.txt and pyenv.cfg. + - Allow pdb to locate source for frozen modules in the standard + library. + - Raise ValueError instead of SystemError when methods of + uninitialized io.IncrementalNewlineDecoder objects are + called. Patch by Oren Milman. + - Fix a possible assertion failure in io.FileIO when the opener + returns an invalid file descriptor. + - Also escape s in the http.server + BaseHTTPRequestHandler.log_message so that it is technically + possible to parse the line and reconstruct what the original + data was. Without this a xHH is ambiguious as to if it is a + hex replacement we put in or the characters r”x” came through + in the original request line. + - asyncio.get_event_loop() now only emits a deprecation warning + when a new event loop was created implicitly. It no longer + emits a deprecation warning if the current event loop was + set. + - Fix bug when calling trace.CoverageResults with valid infile. + - Fix a bug in handling class cleanups in + unittest.TestCase. Now addClassCleanup() uses separate lists + for different TestCase subclasses, and doClassCleanups() only + cleans up the particular class. + - Release the GIL when calling termios APIs to avoid blocking + threads. + - Fix ast.increment_lineno() to also cover ast.TypeIgnore when + changing line numbers. + - Fix bug in urllib.parse.urlparse() that causes URL schemes + that begin with a digit, a plus sign, or a minus sign to be + parsed incorrectly. + - Check the number of arguments in substitution in user + generics containing a TypeVarTuple and one or more TypeVar. + - Fix substitution of ParamSpec followed by TypeVarTuple in + generic aliases. + - Fix substitution of TypeVarTuple and ParamSpec together in + user generics. + - Fixed bug where inspect.signature() reported incorrect + arguments for decorated methods. + - Fix SystemError in ctypes when exception was not set during + __initsubclass__. + - Remove older version of + _SSLProtocolTransport.get_write_buffer_limits in + asyncio.sslproto + - fix negative numbers failing in verify() + - Fix statistics.NormalDist pickle with 0 and 1 protocols. + - enum.auto() is now correctly activated when combined with + other assignment values. E.g. ONE = auto(), 'some text' will + now evaluate as (1, 'some text'). + - Update the bundled copy of pip to version 22.3.1. + - Clean up refleak on failed module initialisation in _zoneinfo + - Clean up refleaks on failed module initialisation in in + _pickle + - Clean up refleak on failed module initialisation in _io. + - Fix memory leak in math.dist() when both points don’t have + the same dimension. Patch by Kumar Aditya. + - [3.11] Applied changes from importlib_metadata 4.11.4 + through 4.13, including compatibility and robustness + fixes for Distribution objects without _normalized_name, + disallowing invalid inputs to Distribution.from_name, and + refined behaviors in PathDistribution._name_from_stem and + PathDistribution._normalized_name. + - Fix argument typechecks in _overlapped.WSAConnect() and + _overlapped.Overlapped.WSASendTo() functions. + - Prevent crashing in traceback when retrieving the byte-offset + for some source files that contain certain unicode + characters. + - Fix internal error in the re module which in very rare + circumstances prevented compilation of a regular expression + containing a conditional expression without the “else” + branch. + - Fix asyncio.StreamWriter.drain() to call + protocol.connection_lost callback only once on Windows. + - Add a mutex to unittest.mock.NonCallableMock to protect + concurrent access to mock attributes. + - Fix hang on Windows in subprocess.wait_closed() in asyncio + with ProactorEventLoop. Patch by Kumar Aditya. + - Fix infinite loop in unittest when a self-referencing chained + exception is raised + - tkinter.Text.count() raises now an exception for options + starting with “-” instead of silently ignoring them. + - On uname_result, restored expectation that _fields and + _asdict would include all six properties including processor. + - A createSocket() method was added to SysLogHandler. + - Fix bug in urllib.parse.urlparse() that causes certain port + numbers containing whitespace, underscores, plus and minus + signs, or non-ASCII digits to be incorrectly accepted. + - Allow venv to pass along PYTHON* variables to ensurepip and + pip when they do not impact path resolution + - On macOS, fix a crash in syslog.syslog() in multi-threaded + applications. On macOS, the libc syslog() function is not + thread-safe, so syslog.syslog() no longer releases the GIL to + call it. Patch by Victor Stinner. + - Allow BUILTINS to be a valid field name for frozen + dataclasses. + - Wrap network errors consistently in urllib FTP support, so + the test suite doesn’t fail when a network is available but + the public internet is not reachable. + - Make sure patch.dict() can be applied on async functions. + - Earlier in 3.11 we deprecated + asyncio.Task.cancel("message"). We realized we were too + harsh, and have undeprecated it. + - Change deprecate warning message in unittest from It is + deprecated to return a value!=None to It is deprecated to + return a value that is not None from a test case + - Fixes AttributeError when subprocess.check_output() is used + with argument input=None and either of the arguments encoding + or errors are used. + - Fix is_private properties in the ipaddress module. Previously + non-private networks (0.0.0.0/0) would return True from this + method; now they correctly return False. + - Avoid spurious tracebacks from asyncio when default executor + cleanup is delayed until after the event loop is closed (e.g. + as the result of a keyboard interrupt). + - Avoid a crash in the C version of + asyncio.Future.remove_done_callback() when an evil argument + is passed. + - Remove tokenize.NL check from tabnanny. + - Fix generation of the default name of + tkinter.Checkbutton. Previously, checkbuttons in different + parent widgets could have the same short name and share + the same state if arguments “name” and “variable” are not + specified. Now they are globally unique. + - Update bundled libexpat to 2.4.9 + - Fix race condition in asyncio where process_exited() called + before the pipe_data_received() leading to inconsistent + output. Patch by Kumar Aditya. + - Fixed check in multiprocessing.resource_tracker that + guarantees that the length of a write to a pipe is not + greater than PIPE_BUF. + - Corrected type annotation for dataclass attribute + pstats.FunctionProfile.ncalls to be str. + - Fix repr of Any subclasses. + - Work around missing socket functions in socket’s __repr__. + - In inspect, fix overeager replacement of “typing.” in + formatting annotations. + - Fix handling of bytes path-like objects in os.ismount(). + - Fix handling compiler warnings (SyntaxWarning and + DeprecationWarning) in codeop.compile_command() when checking + for incomplete input. Previously it emitted warnings and + raised a SyntaxError. Now it always returns None for + incomplete input without emitting any warnings. + - To avoid apparent memory leaks when asyncio.open_connection() + raises, break reference cycles generated by local exception + and future instances (which has exception instance as its + member var). Patch by Dong Uk, Kang. + - Fixed flickering of the turtle window when the tracer is + turned off. Patch by Shin-myoung-serp. + - Fix asyncio subprocess transport to kill process cleanly + when process is blocked and avoid RuntimeError when loop is + closed. Patch by Kumar Aditya. + - Prevent error when activating venv in nested fish instances. + - TarFile.next() now returns None when called on an empty + tarfile. + - Document the optional callback parameter of WeakMethod. Patch + by Géry Ogam. + - Restrict use of sockets instead of pipes for stdin of + subprocesses created by asyncio to AIX platform only. + - shutil.copytree() now applies the ignore_dangling_symlinks + argument recursively. + - Fix IndexError in argparse.ArgumentParser when a store_true + action is given an explicit argument. + - Document that calling variadic functions with ctypes requires + special care on macOS/arm64 (and possibly other platforms). + - Remove extra row + - Clarified the conflicting advice given in the ast + documentation about ast.literal_eval() being “safe” for use + on untrusted input while at the same time warning that it + can crash the process. The latter statement is true and is + deemed unfixable without a large amount of work unsuitable + for a bugfix. So we keep the warning and no longer claim that + literal_eval is safe. + - Restructured the documentation for the os.wait* family of + functions, and improved the docs for os.waitid() with more + explanation of the possible argument constants. + - Skip test_normalization() of test_unicodedata if it + fails to download NormalizationTest.txt file from + pythontest.net. Patch by Victor Stinner. + - Correct test_marsh on (32 bit) x86: test_deterministic sets + was failing. + - Optional big memory tests in test_sqlite3 now catch the + correct sqlite.DataError exception type in case of too large + strings and/or blobs passed. + - Fix a bug in the typing tests where a test relying + on CPython-specific implementation details was not + decorated with @cpython_only and was not skipped on other + implementations. + - Add tests for star-unpacking with PEP 646, and some other + miscellaneous PEP 646 tests. + - Added explicit coverage of Py_Initialize (and hence + Py_InitializeEx) back to the embedding tests (all other + embedding tests migrated to Py_InitializeFromConfig in Python + 3.11) + - Some C API tests were moved into the new Lib/test/test_capi/ + directory. + - Fix -Wimplicit-int, -Wstrict-prototypes, and + -Wimplicit-function-declaration compiler warnings in + configure checks. + - Fix a compilation issue with GCC 12 on macOS. + - Fix -Wimplicit-int compiler warning in configure check for + PTHREAD_SCOPE_SYSTEM. + - Fix a possible fd leak in Programs/_freeze_module.c + introduced in Python 3.11. + - Fix build with PYTHON_FOR_REGEN=python3.8. + - Specify the full path to the source location for make + docclean (needed for cross-builds). + - Don’t use vendored libmpdec headers if --with-system-libmpdec + is passed to configure. Don’t use vendored libexpat headers + if --with-system-expat is passed to !configure. + - Fix the build process of clang compiler for _bootstrap_python + if LTO optimization is applied. Patch by Matthias Görgens and + Dong-hee Na. + - wasm32-emscripten builds for browsers now include + concurrent.futures for asyncio and unittest.mock. + - wasm32-emscripten platform no longer builds resource module, + getresuid(), getresgid(), and their setters. The APIs are + stubs and not functional. + - Updated pegen regeneration script on Windows to find and + use Python 3.9 or higher. Prior to this, pegen regeneration + already required 3.9 or higher, but the script may have used + lower versions of Python. + - Fix a bug in the previous bugfix that caused IDLE to + not start when run with 3.10.8, 3.12.0a1, and at least + Microsoft Python 3.10.2288.0 installed without the Lib/test + package. 3.11.0 was never affected. + - The wasm_build.py script now pre-builds Emscripten ports, + checks for broken EMSDK versions, and warns about pkg-config + env vars. + - The new tool Tools/wasm/wasm_builder.py automates configure, + compile, and test steps for building CPython on WebAssembly + platforms. + - Fix handling of module docstrings in Tools/i18n/pygettext.py. + - PyBUF_* constants were marked as part of Limited API + of Python 3.11+. These were available in 3.11.0 with + Py_LIMITED_API defined for 3.11, and are necessary to use the + buffer API. + - Fix use-after-free in Py_SetPythonHome(NULL), + Py_SetProgramName(NULL) and _Py_SetProgramFullPath(NULL) + function calls. Issue reported by Benedikt Reinartz. Patch by + Victor Stinner. + - Py_InitializeEx now correctly calls PyConfig_Clear after + initializing the interpreter (the omission didn’t cause a + memory leak only because none of the dynamically allocated + config fields are populated by the wrapper function) +- Removed upstreamed patches: + - 98437-sphinx.locale._-as-gettext-in-pyspecific.patch + - CVE-2022-45061-DoS-by-IDNA-decode.patch + +------------------------------------------------------------------- +Wed Nov 9 18:31:23 UTC 2022 - Matej Cepl + +- Add CVE-2022-45061-DoS-by-IDNA-decode.patch to avoid + CVE-2022-45061 (bsc#1205244) allowing DoS by IDNA decoding + extremely long domain names. + +------------------------------------------------------------------- +Tue Oct 25 08:39:47 UTC 2022 - Matej Cepl + +- Update to 3.11.0 (overall changes from 3.10.*): + - General changes + - PEP 657 -- Include Fine-Grained Error Locations in + Tracebacks + - PEP 654 -- Exception Groups and except* + - PEP 680 -- tomllib: Support for Parsing TOML in the + Standard Library + - gh-90908 -- Introduce task groups to asyncio + - gh-34627 -- Atomic grouping ((?>...)) and possessive + quantifiers (*+, ++, ?+, {m,n}+) are now supported in + regular expressions. + - The Faster CPython Project is already yielding some + exciting results. Python 3.11 is up to 10-60% faster than + Python 3.10. On average, we measured a 1.22x speedup on the + standard benchmark suite. See Faster CPython for details. + - Typing and typing language changes + - PEP 673 -- Self Type + - PEP 646 -- Variadic Generics + - PEP 675 -- Arbitrary Literal String Type + - PEP 655 -- Marking individual TypedDict items as required + or potentially-missing + - PEP 681 -- Data Class Transforms +- (just changes from 3.11.0rc2): + - Fix multiplying a list by an integer (list *= int): detect + the integer overflow when the new allocated length is close + to the maximum size. Issue reported by Jordan Limor. Patch by + Victor Stinner. + - On Linux the multiprocessing module returns to using + filesystem backed unix domain sockets for communication + with the forkserver process instead of the Linux abstract + socket namespace. Only code that chooses to use the + “forkserver” start method is affected. Abstract sockets have + no permissions and could allow any user on the system in the + same network namespace (often the whole system) to inject + code into the multiprocessing forkserver process. This was + a potential privilege escalation. Filesystem based socket + permissions restrict this to the forkserver process user as + was the default in Python 3.8 and earlier. This prevents + Linux CVE-2022-42919. + - Fix an issue where several frame objects could be backed by + the same interpreter frame, possibly leading to corrupted + memory and hard crashes of the interpreter. + - Fix possible data corruption or crashes when accessing the + f_back member of newly-created generator or coroutine frames. + - Fix a crash occurring when PyEval_GetFrame() is called while + the topmost Python frame is in a partially-initialized state. + - Fix command line parsing: reject -X int_max_str_digits option + with no value (invalid) when the PYTHONINTMAXSTRDIGITS + environment variable is set to a valid limit. Patch by Victor + Stinner. + - Fix undefined behaviour in _testcapimodule.c. + - When ValueError is raised if an integer is larger than the + limit, mention the sys.set_int_max_str_digits() function in + the error message. Patch by Victor Stinner. + - Correctly raise SyntaxError on exception groups (PEP 654) on + python versions prior to 3.11 + - Document some places where an assignment expression needs + parentheses. + - Update the bundled copies of pip and setuptools to versions + 22.3 and 65.5.0 respectively. + - fix Flag to use boundary CONFORM + - This restores previous Flag behavior of allowing flags with + non-sequential values to be combined; e.g. + - class Skip(Flag): TWO = 2 EIGHT = 8 + - Skip.TWO | Skip.EIGHT -> + - Fix ! in c domain ref target syntax via a conf.py patch, so + it works as intended to disable ref target resolution. + - Update tutorial introduction output to use 3.10+ SyntaxError + invalid range. + +------------------------------------------------------------------- +Fri Oct 21 10:14:03 UTC 2022 - Matej Cepl + +- Add 98437-sphinx.locale._-as-gettext-in-pyspecific.patch to + allow building of documentation with the latest Sphinx 5.3.0 + (gh#python/cpython#98366). + +------------------------------------------------------------------- +Thu Sep 15 08:43:07 UTC 2022 - Matej Cepl + +- Update to 3.11.0rc2: + - Converting between int and str in bases other than 2 + (binary), 4, 8 (octal), 16 (hexadecimal), or 32 such as base + 10 (decimal) now raises a ValueError if the number of digits + in string form is above a limit to avoid potential denial of + service attacks due to the algorithmic complexity. This is + a mitigation for CVE-2020-10735. + This new limit can be configured or disabled by environment + variable, command line flag, or sys APIs. See the integer + string conversion length limitation documentation. The + default limit is 4300 digits in string form. + - Fix case of undefined behavior in ceval.c + - Do not expose KeyWrapper in _functools. + - Ensure that tracing, sys.setrace(), is turned on + immediately. In pre-release versions of 3.11, some tracing + events might have been lost when turning on tracing in a + __del__ method or interrupt. + - Fix use after free in trace refs build mode. Patch by Kumar + Aditya. + - When loading a file with invalid UTF-8 inside a multi-line + string, a correct SyntaxError is emitted. + - Make sure that incomplete frames do not show up in + tracemalloc traces. + - Remove two cases of undefined behavior, by adding NULL + checks. + - Fix possible NULL pointer dereference in + _PyThread_CurrentFrames. Patch by Kumar Aditya. + - Fix AttributeError missing name and obj attributes in + object.__getattribute__(). Patch by Philip Georgi. + - Loading a file with invalid UTF-8 will now report the broken + character at the correct location. + - Fixed a bug that caused _PyCode_GetExtra to return garbage + for negative indexes. Patch by Pablo Galindo + - Fix a deadlock in PyGILState_Ensure() when allocating new + thread state. Patch by Kumar Aditya. + - PyType_Ready() now initializes ht_cached_keys and performs + additional checks to ensure that type objects are properly + configured. This avoids crashes in 3rd party packages that + don’t use regular API to create new types. + - Skip over incomplete frames in PyThreadState_GetFrame(). + - Fix format string in _PyPegen_raise_error_known_location that + can lead to memory corruption on some 64bit systems. The + function was building a tuple with i (int) instead of n + (Py_ssize_t) for Py_ssize_t arguments. + - Fix misleading contents of error message when converting an + all-whitespace string to float. + - ast.parse() will no longer parse function definitions with + positional-only params when passed feature_version less than + (3, 8). Patch by Shantanu Jain. + - Fix incorrect error message in the io module. + - Fix the faulthandler implementation of + faulthandler.register(signal, chain=True) if the sigaction() + function is not available: don’t call the previous signal + handler if it’s NULL. Patch by Victor Stinner. + - Correct conversion of numbers.Rational’s to float. + - Fix TypeVarTuple.__typing_prepare_subst__. TypeError was not + raised when using more than one TypeVarTuple, like [*T, *V] + in type alias substitutions. + - Fix asyncio.streams.StreamReaderProtocol to keep a strong + reference to the created task, so that it’s not garbage + collected + - Fix a performance regression in logging + TimedRotatingFileHandler. Only check for special files when + the rollover time has passed. + - Fix unused localName parameter in the Attr class in + xml.dom.minidom. + - Fix incorrect condition that causes sys.thread_info.name to + be wrong on pthread platforms. + - Remove an incompatible change from bpo-28080 that caused a + regression that ignored the utf8 in ZipInfo.flag_bits. Patch + by Pablo Galindo. + - Fix asyncio.Runner to call asyncio.set_event_loop() only + once to avoid calling attach_loop() multiple times on child + watchers. Patch by Kumar Aditya. + - Fix unittest.IsolatedAsyncioTestCase to set event loop before + calling setup functions. Patch by Kumar Aditya. + - When a task catches asyncio.CancelledError and raises some + other error, the other error should generally not silently be + suppressed. + - Fail gracefully if EPERM or ENOSYS is raised when loading + crypt methods. This may happen when trying to load MD5 on a + Linux kernel with FIPS enabled. + - Allow asyncio.StreamWriter.drain() to be awaited concurrently + by multiple tasks. Patch by Kumar Aditya. + - Fix ast.unparse() when ImportFrom.level is None + - Improve discoverability of the higher level + concurrent.futures module by providing clearer links from the + lower level threading and multiprocessing modules. + - What’s New 3.11 now has instructions for how to provide + compiler and linker flags for Tcl/Tk and OpenSSL on RHEL 7 + and CentOS 7. + - Mitigate the inherent race condition from using + find_unused_port() in testSockName() by trying to find an + unused port a few times before failing. Patch by Ross Burton. + - Build and test with OpenSSL 1.1.1q +- Use support-expat-CVE-2022-25236-patched.patch from the current + version of gh#python/cpython#93900 instead of the old + support-expat-245.patch. +- Reapply fix_configure_rst.patch. + +------------------------------------------------------------------- +Mon Sep 5 08:43:49 UTC 2022 - Andreas Schwab + +- Increase testsuite timeout for test_freeze_simple_script + +------------------------------------------------------------------- +Sat Aug 20 21:31:40 UTC 2022 - Matej Cepl + +- fix import_failed.map to refer to the python 3.11 package versions + +------------------------------------------------------------------- +Sat Aug 20 14:05:21 UTC 2022 - Matej Cepl + +- Update to 3.11.0rc1: + - Core and Builtins + - Update code object hashing and equality to consider all + debugging and exception handling tables. This fixes an + issue where certain non-identical code objects could be + “deduplicated” during compilation. + - _PyPegen_Parser_New now properly detects token memory + allocation errors. Patch by Honglin Zhu. + - Run Python code in tracer/profiler function at full + speed. Fixes slowdown in earlier versions of 3.11. + - Emit a warning in debug mode if an object does not call + PyObject_GC_UnTrack() before deallocation. Patch by Pablo + Galindo. + - Prevented crashes in the AST constructor when + compiling some absurdly long expressions like + "+0"*1000000. RecursionError is now raised instead. Patch + by Pablo Galindo + - ast.AST node positions are now validated when provided to + compile() and other related functions. If invalid positions + are detected, a ValueError will be raised. + - Fix error detection in some builtin functions when keyword + argument name is an instance of a str subclass with + overloaded __eq__ and __hash__. Previously it could cause + SystemError or other undesired behavior. + - Library + - Update bundled pip to 22.2.2. + - Fix asyncio.TaskGroup to propagate exception when + asyncio.CancelledError was replaced with another exception + by a context manger. Patch by Kumar Aditya and Guido van + Rossum. + - Update bundled pip to 22.2.1. + - Fix GC crash when deallocating _lsprof.Profiler by + untracking it before calling any callbacks. Patch by Kumar + Aditya. + - Fix asyncio.run() for asyncio.Task implementations without + uncancel() method. Patch by Kumar Aditya. + - Fix check for existence of os.EFD_CLOEXEC, os.EFD_NONBLOCK + and os.EFD_SEMAPHORE flags on older kernel versions where + these flags are not present. Patch by Kumar Aditya. + - Fix concurrent.futures.Executor.map() to cancel the + currently waiting on future on an error - e.g. TimeoutError + or KeyboardInterrupt. + - Ensure that timeouts scheduled with asyncio.Timeout that + have already expired are delivered promptly. + - Suppress writing an XML declaration in open files + in ElementTree.write() with encoding='unicode' and + xml_declaration=None. + - Fix findtext in the xml module to only give an empty string + when the text attribute is set to None. + - Documentation + - Fix stylesheet not working in Windows CHM htmlhelp docs + and add warning that they are deprecated. Contributed by + C.A.M. Gerlach. + - Update library documentation with availability information + on WebAssembly platforms wasm32-emscripten and wasm32-wasi. + - Use consistent syntax for platform availability. The + directive now supports a content body and emits a warning + when it encounters an unknown platform. + - Document a limitation in ThreadPoolExecutor where its exit + handler is executed before any handlers in atexit. + - Tests + - Lib/test/test_asyncio/test_ssl.py exposed a bug in the + macOS kernel where intense concurrent load on non-blocking + sockets occasionally causes errno.ENOBUFS (“No buffer space + available”) to be emitted. FB11063974 filed with Apple, in + the mean time as a workaround buffer size used in tests on + macOS is decreased to avoid intermittent failures. Patch by + Fantix King. + - Fix problem with test_ssl test_get_ciphers on systems that + require perfect forward secrecy (PFS) ciphers. + - Add a regression test for re exponentional slowdown when + using rjsmin. + - Build + - Fix a regression in configure script that caused some + header checks to ignore custom CPPFLAGS. The regression was + introduced in gh-94802. + - wasm32-wasi builds no longer depend on WASIX’s pthread + stubs. Python now has its own stubbed pthread API. + - Python now detects missing dup function in WASI and works + around some missing errno, select, and socket constants. + - Python now skips missing socket functions and methods on + WASI. WASI can only create sockets from existing fd / + accept and has no netdb. + - Platforms wasm32-unknown-emscripten and wasm32-unknown-wasi + have been promoted to PEP 11 tier 3 platform support. + - IDLE + - Document handling of extensions in Save As dialogs. + - Include prompts when saving Shell (interactive input and + output). + - Fix the Shell context menu copy-with-prompts bug of copying + an extra line when one selects whole lines. + - In the Edit menu, move Select All and add a new separator. + - Enable using IDLE’s module browser with .pyw files. + - Add .pyi as a recognized extension for IDLE on macOS. This + allows opening stub files by double clicking on them in the + Finder. + - C API + - Restore the 3.10 behavior for multiple inheritance of C + extension classes that store their dictionary at the end of + the struct. + - Added PyCode_GetVarnames(), PyCode_GetCellvars() and + PyCode_GetFreevars() for accessing co_varnames, co_cellvars + and co_freevars respectively via the C API. + +------------------------------------------------------------------- +Tue Jul 26 10:37:31 UTC 2022 - Matej Cepl + +- Update to 3.11.0b5: + - Core and Builtins + - gh-93351: ast.AST node positions are now validated when + provided to compile() and other related functions. If + invalid positions are detected, a ValueError will be + raised. + - gh-94438: Fix an issue that caused extended opcode + arguments and some conditional pops to be ignored when + calculating valid jump targets for assignments to the + f_lineno attribute of frame objects. In some cases, this + could cause inconsistent internal state, resulting in a + hard crash of the interpreter. + - gh-95060: Undocumented PyCode_Addr2Location function now + properly returns when addrq argument is less than zero. + - gh-95113: Replace all EXTENDED_ARG_QUICK instructions + with basic EXTENDED_ARG instructions in unquickened + code. Consumers of non-adaptive bytecode should be able to + handle extended arguments the same way they were handled in + CPython 3.10 and older. + - gh-91409: Fix incorrect source location info caused by + certain optimizations in the bytecode compiler. + - gh-94036: Fix incorrect source location info for some + multi-line attribute accesses and method calls. + - gh-94739: Allow jumping within, out of, and across + exception handlers in the debugger. + - gh-94949: ast.parse() will no longer parse parenthesized + context managers when passed feature_version less than (3, + 9). Patch by Shantanu Jain. + - gh-94947: ast.parse() will no longer parse assignment + expressions when passed feature_version less than (3, + 8). Patch by Shantanu Jain. + - gh-91256: Ensures the program name is known for help text + during interpreter startup. + - gh-94869: Fix the column offsets for some expressions in + multi-line f-strings ast nodes. Patch by Pablo Galindo. + - gh-94822: Fix an issue where lookups of metaclass + descriptors may be ignored when an identically-named + attribute also exists on the class itself. + - gh-91153: Fix an issue where a bytearray item assignment + could crash if it’s resized by the new value’s __index__() + method. + - gh-90699: Fix reference counting bug in + bool.__repr__(). Patch by Kumar Aditya. + - Library + - gh-95087: Fix IndexError in parsing invalid date in the + email module. + - gh-95199: Upgrade bundled setuptools to 63.2.0. + - gh-95194: Upgrade bundled pip to 22.2. + - gh-95132: Fix a sqlite3 regression where *args and **kwds + were incorrectly relayed from connect() to the Connection + factory. The regression was introduced in 3.11a1 with PR + 24421 (gh-85128). Patch by Erlend E. Aasland.` + - gh-93157: Fix fileinput module didn’t support errors option + when inplace is true. + - gh-95105: wsgiref.types.InputStream.__iter__() should + return Iterator[bytes], not Iterable[bytes]. Patch by + Shantanu Jain. + - gh-94857: Fix refleak in + _io.TextIOWrapper.reconfigure. Patch by Kumar Aditya. + - gh-94821: Fix binding of unix socket to empty address + on Linux to use an available address from the abstract + namespace, instead of “0”. + - gh-89988: Fix memory leak in pickle.Pickler when looking up + dispatch_table. Patch by Kumar Aditya. + - bpo-47025: Drop support for bytes on sys.path. + - Tests + - gh-95212: Make multiprocessing test case + test_shared_memory_recreate parallel-safe. + - Build + - gh-94847: Fixed _decimal module build issue on GCC when + compiling with LTO and pydebug. Debug builds no longer + force inlining of functions. + - gh-94841: Fix the possible performance regression of + PyObject_Free() compiled with MSVC version 1932. + - gh-94801: configure now uses custom flags like ZLIB_CFLAGS + and ZLIB_LIBS when searching for headers and libraries. + - gh-94773: deepfreeze.py now supports code object with + frozensets that contain incompatible, unsortable types. + - C API + - gh-94930: Fix SystemError raised when + PyArg_ParseTupleAndKeywords() is used with # in (...) but + without PY_SSIZE_T_CLEAN defined. + - gh-94864: Fix PyArg_Parse* with deprecated format units “u” + and “Z”. It returned 1 (success) when warnings are turned + into exceptions. + - gh-94731: Python again uses C-style casts for + most casting operations when compiled with + C++. This may trigger compiler warnings, if they + are enabled with e.g. -Wold-style-cast `` or + ``-Wzero-as-null-pointer-constant options for g++. + +------------------------------------------------------------------- +Thu Jul 21 14:19:53 UTC 2022 - Matej Cepl + +- Switch from %primary_interpreter to prjconf-defined + %primary_python (gh#openSUSE/python-rpm-macros#127). + +------------------------------------------------------------------- +Thu Jul 14 15:37:35 UTC 2022 - Matej Cepl + +- Update to 3.11.0b4: +- Fixes many bugs and adds following more significant changes +- Security + - gh-68966: The deprecated mailcap module now refuses to inject + Coreunsafe text (filenames, MIME types, parameters) into + shell Corecommands. Instead of using such text, it will + warn and act Coreas if a match was not found (or for test + commands, as if the Coretest failed). and Builtins + - gh-93516: Lazily create a table mapping bytecode offsets to + line numbers to speed up calculation of line numbers when + tracing. + - gh-93461: importlib.invalidate_caches() now drops entries + from sys.path_importer_cache with a relative path as + name. This solves a caching issue when a process changes its + current working directory. + - FileFinder no longer inserts a dot in the path, e.g. + /egg/./spam is now /egg/spam. +Library + - gh-93896: Fix asyncio.run() and + unittest.IsolatedAsyncioTestCase to always the set event loop + as it was done in Python 3.10 and earlier. Patch by Kumar + Aditya. + - gh-94101: Manual instantiation of ssl.SSLSession objects is + no longer allowed as it lead to misconfigured instances that + crashed the interpreter when attributes where accessed on + them. + - gh-83658: Make multiprocessing.Pool raise an exception if + maxtasksperchild is not None or a positive int. + - gh-61162: Clarify sqlite3 behavior when Using the connection + as a context manager. +Tools/Demos + - gh-94538: Fix Argument Clinic output to custom file + destinations. Patch by Erlend E. Aasland. +C API + - gh-93937: The following frame functions and type are now + directly available with #include , it’s no longer + needed to add #include : + PyFrame_Check() + PyFrame_GetBack() + PyFrame_GetBuiltins() + PyFrame_GetGenerator() + PyFrame_GetGlobals() + PyFrame_GetLasti() + PyFrame_GetLocals() + PyFrame_Type + +------------------------------------------------------------------- +Tue May 31 20:54:36 UTC 2022 - Matej Cepl + +- Update to 3.11.0b2: + - many small updates +- Add patch support-expat-245.patch: + * Support Expat >= 2.4.4 (jsc#SLE-21253) + +------------------------------------------------------------------- +Tue May 10 15:01:18 UTC 2022 - Matej Cepl + +- Refresh bluez-devel-vendor.tar.xz +- Fix building with system-expat (gh#python/cpython#92875). Nope, + it didn't work, worked around it. + +------------------------------------------------------------------- +Mon May 9 15:09:03 UTC 2022 - Matej Cepl + +- Update to pre-release version 3.11.0b1: + - PEP 657 – Include Fine-Grained Error Locations in Tracebacks + - PEP 654 – Exception Groups and except* + - PEP 673 – Self Type + - PEP 646 – Variadic Generics + - PEP 680– tomllib: Support for Parsing TOML in the Standard Library + - PEP 675– Arbitrary Literal String Type + - PEP 655– Marking individual TypedDict items as required or potentially-missing + - bpo-46752– Introduce task groups to asyncio + - The Faster Cpython Project is already yielding some exciting + results. Python 3.11 is up to 10-60% faster than Python + 3.10. On average, we measured a 1.22x speedup on the standard + benchmark suite. See + https://docs.python.org/3.11/whatsnew/3.11.html#faster-cpython + for details. + +------------------------------------------------------------------- +Thu May 5 14:35:56 UTC 2022 - Matej Cepl + +- Switch primary_interpreter from python38 to python310 + +------------------------------------------------------------------- +Sat Mar 26 22:52:45 UTC 2022 - Matej Cepl + +- Update to 3.10.4: + - bpo-46968: Check for the existence of the “sys/auxv.h” header + in faulthandler to avoid compilation problems in systems + where this header doesn’t exist. Patch by Pablo Galindo + - bpo-23691: Protect the re.finditer() iterator from + re-entering. + - bpo-42369: Fix thread safety of zipfile._SharedFile.tell() to + avoid a “zipfile.BadZipFile: Bad CRC-32 for file” exception + when reading a ZipFile from multiple threads. + - bpo-38256: Fix binascii.crc32() when it is compiled to use + zlib’c crc32 to work properly on inputs 4+GiB in length + instead of returning the wrong result. The workaround prior + to this was to always feed the function data in increments + smaller than 4GiB or to just call the zlib module function. + - bpo-39394: A warning about inline flags not at the start of + the regular expression now contains the position of the flag. + - bpo-47061: Deprecate the various modules listed by PEP 594: + - aifc, asynchat, asyncore, audioop, cgi, cgitb, chunk, crypt, + imghdr, msilib, nntplib, nis, ossaudiodev, pipes, smtpd, + sndhdr, spwd, sunau, telnetlib, uu, xdrlib + - bpo-2604: Fix bug where doctests using globals would fail + when run multiple times. + - bpo-45997: Fix asyncio.Semaphore re-aquiring FIFO order. + - bpo-47022: The asynchat, asyncore and smtpd modules have been + deprecated since at least Python 3.6. Their documentation and + deprecation warnings and have now been updated to note they + will removed in Python 3.12 (PEP 594). + - bpo-46421: Fix a unittest issue where if the command was + invoked as python -m unittest and the filename(s) began with + a dot (.), a ValueError is returned. + - bpo-40296: Fix supporting generic aliases in pydoc. + +- Update to 3.10.3: + - bpo-46940: Avoid overriding AttributeError metadata + information for nested attribute access calls. Patch by Pablo + Galindo. + - bpo-46852: Rename the private undocumented + float.__set_format__() method to float.__setformat__() to fix + a typo introduced in Python 3.7. The method is only used by + test_float. Patch by Victor Stinner. + - bpo-46794: Bump up the libexpat version into 2.4.6 + - bpo-46820: Fix parsing a numeric literal immediately (without + spaces) followed by “not in” keywords, like in 1not in x. Now + the parser only emits a warning, not a syntax error. + - bpo-46762: Fix an assert failure in debug builds when a ‘<’, + ‘>’, or ‘=’ is the last character in an f-string that’s + missing a closing right brace. + - bpo-46724: Make sure that all backwards jumps use the + JUMP_ABSOLUTE instruction, rather than JUMP_FORWARD with an + argument of (2**32)+offset. + - bpo-46732: Correct the docstring for the __bool__() method. + Patch by Jelle Zijlstra. + - bpo-46707: Avoid potential exponential backtracking when + producing some syntax errors involving lots of brackets. + Patch by Pablo Galindo. + - bpo-40479: Add a missing call to va_end() in + Modules/_hashopenssl.c. + - bpo-46615: When iterating over sets internally in + setobject.c, acquire strong references to the resulting items + from the set. This prevents crashes in corner-cases of + various set operations where the set gets mutated. + - bpo-45773: Remove two invalid “peephole” optimizations from + the bytecode compiler. + - bpo-43721: Fix docstrings of getter, setter, and deleter to + clarify that they create a new copy of the property. + - bpo-46503: Fix an assert when parsing some invalid N escape + sequences in f-strings. + - bpo-46417: Fix a race condition on setting a type __bases__ + attribute: the internal function add_subclass() now gets the + PyTypeObject.tp_subclasses member after calling + PyWeakref_NewRef() which can trigger a garbage collection + which can indirectly modify PyTypeObject.tp_subclasses. Patch + by Victor Stinner. + - bpo-46383: Fix invalid signature of _zoneinfo’s module_free + function to resolve a crash on wasm32-emscripten platform. + - bpo-46070: Py_EndInterpreter() now explicitly untracks all + objects currently tracked by the GC. Previously, if an object + was used later by another interpreter, calling + PyObject_GC_UnTrack() on the object crashed if the previous + or the next object of the PyGC_Head structure became + a dangling pointer. Patch by Victor Stinner. + - bpo-46339: Fix a crash in the parser when retrieving the + error text for multi-line f-strings expressions that do not + start in the first line of the string. Patch by Pablo Galindo + - bpo-46240: Correct the error message for unclosed parentheses + when the tokenizer doesn’t reach the end of the source when + the error is reported. Patch by Pablo Galindo + - bpo-46091: Correctly calculate indentation levels for lines + with whitespace character that are ended by line continuation + characters. Patch by Pablo Galindo + - bpo-43253: Fix a crash when closing transports where the + underlying socket handle is already invalid on the Proactor + event loop. + - bpo-47004: Apply bugfixes from importlib_metadata 4.11.3, + including bugfix for EntryPoint.extras, which was returning + match objects and not the extras strings. + - bpo-46985: Upgrade pip wheel bundled with ensurepip (pip + 22.0.4) + - bpo-46968: faulthandler: On Linux 5.14 and newer, dynamically + determine size of signal handler stack size CPython allocates + using getauxval(AT_MINSIGSTKSZ). This changes allows for + Python extension’s request to Linux kernel to use AMX_TILE + instruction set on Sapphire Rapids Xeon processor to succeed, + unblocking use of the ISA in frameworks. + - bpo-46955: Expose asyncio.base_events.Server as + asyncio.Server. Patch by Stefan Zabka. + - bpo-23325: The signal module no longer assumes that SIG_IGN + and SIG_DFL are small int singletons. + - bpo-46932: Update bundled libexpat to 2.4.7 + - bpo-25707: Fixed a file leak in + xml.etree.ElementTree.iterparse() when the iterator is not + exhausted. Patch by Jacob Walls. + - bpo-44886: Inherit asyncio proactor datagram transport from + asyncio.DatagramTransport. + - bpo-46827: Support UDP sockets in asyncio.loop.sock_connect() + for selector-based event loops. Patch by Thomas Grainger. + - bpo-46811: Make test suite support Expat >=2.4.5 + - bpo-46252: Raise TypeError if ssl.SSLSocket is passed to + transport-based APIs. + - bpo-46784: Fix libexpat symbols collisions with user + dynamically loaded or statically linked libexpat in embedded + Python. + - bpo-39327: shutil.rmtree() can now work with VirtualBox + shared folders when running from the guest operating-system. + - bpo-46756: Fix a bug in + urllib.request.HTTPPasswordMgr.find_user_password() and + urllib.request.HTTPPasswordMgrWithPriorAuth.is_authenticated() + which allowed to bypass authorization. For example, access to + URI example.org/foobar was allowed if the user was authorized + for URI example.org/foo. + - bpo-46643: In typing.get_type_hints(), support evaluating + stringified ParamSpecArgs and ParamSpecKwargs annotations. + Patch by Gregory Beauregard. + - bpo-45863: When the tarfile module creates a pax format + archive, it will put an integer representation of timestamps + in the ustar header (if possible) for the benefit of older + unarchivers, in addition to the existing full-precision + timestamps in the pax extended header. + - bpo-46676: Make typing.ParamSpec args and kwargs equal to + themselves. Patch by Gregory Beauregard. + - bpo-46672: Fix NameError in asyncio.gather() when initial + type check fails. + - bpo-46655: In typing.get_type_hints(), support evaluating + bare stringified TypeAlias annotations. Patch by Gregory + Beauregard. + - bpo-45948: Fixed a discrepancy in the C implementation of the + xml.etree.ElementTree module. Now, instantiating an + xml.etree.ElementTree.XMLParser with a target=None keyword + provides a default xml.etree.ElementTree.TreeBuilder target + as the Python implementation does. + - bpo-46521: Fix a bug in the codeop module that was + incorrectly identifying invalid code involving string quotes + as valid code. + - bpo-46581: Brings ParamSpec propagation for GenericAlias in + line with Concatenate (and others). + - bpo-46591: Make the IDLE doc URL on the About IDLE dialog + clickable. + - bpo-46400: expat: Update libexpat from 2.4.1 to 2.4.4 + - bpo-46487: Add the get_write_buffer_limits method to + asyncio.transports.WriteTransport and to the SSL transport. + - bpo-45173: Note the configparser deprecations will be removed + in Python 3.12. + - bpo-46539: In typing.get_type_hints(), support evaluating + stringified ClassVar and Final annotations inside Annotated. + Patch by Gregory Beauregard. + - bpo-46491: Allow typing.Annotated to wrap typing.Final and + typing.ClassVar. Patch by Gregory Beauregard. + - bpo-46436: Fix command-line option -d/--directory in module + http.server which is ignored when combined with command-line + option --cgi. Patch by Géry Ogam. + - bpo-41403: Make mock.patch() raise a TypeError with + a relevant error message on invalid arg. Previously it + allowed a cryptic AttributeError to escape. + - bpo-46474: In importlib.metadata.EntryPoint.pattern, avoid + potential REDoS by limiting ambiguity in consecutive + whitespace. + - bpo-46469: asyncio generic classes now return + types.GenericAlias in __class_getitem__ instead of the same + class. + - bpo-46434: pdb now gracefully handles help when __doc__ is + missing, for example when run with pregenerated optimized + .pyc files. + - bpo-46333: The __eq__() and __hash__() methods of + typing.ForwardRef now honor the module parameter of + typing.ForwardRef. Forward references from different modules + are now differentiated. + - bpo-46246: Add missing __slots__ to + importlib.metadata.DeprecatedList. Patch by Arie Bovenberg. + - bpo-46266: Improve day constants in calendar. + - Now all constants (MONDAY … SUNDAY) are documented, tested, + and added to __all__. + - bpo-46232: The ssl module now handles certificates with bit + strings in DN correctly. + - bpo-43118: Fix a bug in inspect.signature() that was causing + it to fail on some subclasses of classes with + a __text_signature__ referencing module globals. Patch by + Weipeng Hong. + - bpo-26552: Fixed case where failing asyncio.ensure_future() + did not close the coroutine. Patch by Kumar Aditya. + - bpo-21987: Fix an issue with tarfile.TarFile.getmember() + getting a directory name with a trailing slash. + - bpo-20392: Fix inconsistency with uppercase file extensions + in MimeTypes.guess_type(). Patch by Kumar Aditya. + - bpo-46080: Fix exception in argparse help text generation if + a argparse.BooleanOptionalAction argument’s default is + argparse.SUPPRESS and it has help specified. Patch by Felix + Fontein. + - bpo-44439: Fix .write() method of a member file in ZipFile, + when the input data is an object that supports the buffer + protocol, the file length may be wrong. + - bpo-45703: When a namespace package is imported before + another module from the same namespace is created/installed + in a different sys.path location while the program is + running, calling the importlib.invalidate_caches() function + will now also guarantee the new module is noticed. + - bpo-24959: Fix bug where unittest sometimes drops frames from + tracebacks of exceptions raised in tests. + - bpo-44791: Fix substitution of ParamSpec in Concatenate with + different parameter expressions. Substitution with a list of + types returns now a tuple of types. Substitution with + Concatenate returns now a Concatenate with concatenated lists + of arguments. + - bpo-14156: argparse.FileType now supports an argument of ‘-’ + in binary mode, returning the .buffer attribute of + sys.stdin/sys.stdout as appropriate. Modes including ‘x’ and + ‘a’ are treated equivalently to ‘w’ when argument is ‘-’. + Patch contributed by Josh Rosenberg + - bpo-46463: Fixes escape4chm.py script used when building the + CHM documentation file + - bpo-46913: Fix test_faulthandler.test_sigfpe() if Python is + built with undefined behavior sanitizer (UBSAN): disable + UBSAN on the faulthandler_sigfpe() function. Patch by Victor + Stinner. + - bpo-46708: Prevent default asyncio event loop policy + modification warning after test_asyncio execution. + - bpo-46678: The function make_legacy_pyc in + Lib/test/support/import_helper.py no longer fails when + PYTHONPYCACHEPREFIX is set to a directory on a different + device from where tempfiles are stored. + - bpo-46616: Ensures test_importlib.test_windows cleans up + registry keys after completion. + - bpo-44359: test_ftplib now silently ignores socket errors to + prevent logging unhandled threading exceptions. Patch by + Victor Stinner. + - bpo-46542: Fix a Python crash in test_lib2to3 when using + Python built in debug mode: limit the recursion limit. Patch + by Victor Stinner. + - bpo-46576: test_peg_generator now disables compiler + optimization when testing compilation of its own C extensions + to significantly speed up the testing on non-debug builds of + CPython. + - bpo-46542: Fix test_json tests checking for RecursionError: + modify these tests to use support.infinite_recursion(). Patch + by Victor Stinner. + - bpo-13886: Skip test_builtin PTY tests on non-ASCII + characters if the readline module is loaded. The readline + module changes input() behavior, but test_builtin is not + intented to test the readline module. Patch by Victor + Stinner. + - bpo-38472: Fix GCC detection in setup.py when + cross-compiling. The C compiler is now run with LC_ALL=C. + Previously, the detection failed with a German locale. + - bpo-46513: configure no longer uses AC_C_CHAR_UNSIGNED macro + and pyconfig.h no longer defines reserved symbol + __CHAR_UNSIGNED__. + - bpo-45296: Clarify close, quit, and exit in IDLE. In the File + menu, ‘Close’ and ‘Exit’ are now ‘Close Window’ (the current + one) and ‘Exit’ is now ‘Exit IDLE’ (by closing all windows). + In Shell, ‘quit()’ and ‘exit()’ mean ‘close Shell’. If there + are no other windows, this also exits IDLE. + - bpo-45447: Apply IDLE syntax highlighting to pyi files. Patch + by Alex Waygood and Terry Jan Reedy. + - bpo-46433: The internal function _PyType_GetModuleByDef now + correctly handles inheritance patterns involving static + types. + - bpo-14916: Fixed bug in the tokenizer that prevented + PyRun_InteractiveOne from parsing from the provided FD. + +- Remove upstreamed patches: + - support-expat-245.patch + +------------------------------------------------------------------- +Tue Feb 22 05:53:06 UTC 2022 - Steve Kowalik + +- Add patch support-expat-245.patch: + * Support Expat >= 2.4.5 + +------------------------------------------------------------------- +Tue Feb 15 23:05:55 UTC 2022 - Matej Cepl + +- bsc#1195831 Obsolete older "most modern" versions of python + packages (python39 for python310 and so forth). For next + versions it is necessary just to edit the macro. + +------------------------------------------------------------------- +Tue Jan 25 16:09:25 UTC 2022 - Matej Cepl + +- Remove second superfluous BR rpm-build-python + +------------------------------------------------------------------- +Tue Jan 25 16:09:25 UTC 2022 - Matej Cepl + +- Remove second superfluous BR rpm-build-python +- Add fix_configure_rst.patch, which removes duplicate link + targets and make documentation with old Sphinx in SLE +- Skip test_capi (bsc#1195140 and bpo#37169) + +------------------------------------------------------------------- +Wed Jan 19 22:01:51 UTC 2022 - Matej Cepl + +- Update to 3.10.2: + Bugfix only + - bpo#46347 memory leak in PyEval_EvalCodeEx (especially + visible with Cython code) + - and many others + +------------------------------------------------------------------- +Wed Dec 8 13:07:25 UTC 2021 - Matej Cepl + +- Upgrade to 3.10.1 (jsc#SLE-18038): + - PEP 623 – Deprecate and prepare for the removal of the wstr + member in PyUnicodeObject. + - PEP 604 – Allow writing union types as X | Y + - PEP 612 – Parameter Specification Variables + - PEP 626 – Precise line numbers for debugging and other tools. + - PEP 618 – Add Optional Length-Checking To zip. + - bpo-12782: Parenthesized context managers are now officially + allowed. + - PEP 632 – Deprecate distutils module. + - PEP 613 – Explicit Type Aliases + - PEP 634 – Structural Pattern Matching: Specification + - PEP 635 – Structural Pattern Matching: Motivation and + Rationale + - PEP 636 – Structural Pattern Matching: Tutorial + - PEP 644 – Require OpenSSL 1.1.1 or newer + - PEP 624 – Remove Py_UNICODE encoder APIs + - PEP 597 – Add optional EncodingWarning +- Patches readjusted: + - bpo-31046_ensurepip_honours_prefix.patch + - python-3.3.0b1-fix_date_time_compiler.patch + +------------------------------------------------------------------- +Sat Dec 4 18:40:28 UTC 2021 - Matej Cepl + +- Remove pdb_adjust_breakpoints.patch and instead just adjust location + of the test breakpoint in Lib/test/test_pdb.py via sed, because we + have shortened Lib/pdb.py by removing the shebang (bpo#45964). + +------------------------------------------------------------------- +Thu Dec 2 13:51:57 UTC 2021 - Matej Cepl + +- Add pdb_adjust_breakpoints.patch fixing expectd results in + test_pdb_breakpoints_preserved_across_interactive_sessions + (bpo#45964). + +------------------------------------------------------------------- +Mon Nov 29 00:17:07 UTC 2021 - Matej Cepl + +- Remove shebangs from from python-base libraries in _libdir + (bsc#1193179). +- Readjust patches: + - bpo-31046_ensurepip_honours_prefix.patch + - decimal.patch + - python-3.3.0b1-fix_date_time_compiler.patch + +------------------------------------------------------------------- +Tue Nov 16 16:03:43 UTC 2021 - Matej Cepl + +- Move rpm-build-python construct to correct place. + +------------------------------------------------------------------- +Wed Oct 13 08:52:47 UTC 2021 - Dominique Leuenberger + +- BuildRequire rpm-build-python: The provider to inject python(abi) + has been moved there. rpm-build pulls rpm-build-python + automatically in when building anything against python3-base, but + this implies that the initial build of python3-base does not + trigger the automatic installation. + +------------------------------------------------------------------- +Tue Oct 5 22:36:51 UTC 2021 - Matej Cepl + +- Final release of 3.10.0: + Complete list on https://www.python.org/downloads/release/python-3100/, + but highlights are: + - PEP 623 – Deprecate and prepare for the removal of the wstr + member in PyUnicodeObject. + - PEP 604 – Allow writing union types as X | Y + - PEP 612 – Parameter Specification Variables + - PEP 626 – Precise line numbers for debugging and other + tools. + - PEP 618 – Add Optional Length-Checking To zip. + - PEP 632 – Deprecate distutils module. + - PEP 613 – Explicit Type Aliases + - PEP 634 – Structural Pattern Matching: Specification + - PEP 635 – Structural Pattern Matching: Motivation and + Rationale + - PEP 636 – Structural Pattern Matching: Tutorial + - PEP 644 – Require OpenSSL 1.1.1 or newer + - PEP 624 – Remove Py_UNICODE encoder APIs + - PEP 597 – Add optional EncodingWarning + - bpo-12782: Parenthesized context managers are now officially + allowed. + +------------------------------------------------------------------- +Mon Aug 30 12:48:25 UTC 2021 - Matej Cepl + +- Switch on option --with-system-libmpdec (bsc#1189356). + +------------------------------------------------------------------- +Fri Aug 27 13:15:03 UTC 2021 - Andreas Schwab + +- Reenable profileopt with qemu emulation, test_faulthandler is no longer + run during profiling + +------------------------------------------------------------------- +Thu Aug 12 15:11:39 UTC 2021 - Andreas Schwab + +- test_faulthandler is still problematic under qemu linux-user emulation, + disable it there + +------------------------------------------------------------------- +Wed Aug 11 05:57:11 UTC 2021 - Matej Cepl + +- Update to 3.10.0rc1 (the penultimate prerelease), which contains + plenty of small bugfixes among others: + - bpo#38605: from __future__ import annotations (PEP 563) used to be + on this list in previous pre-releases but it has been postponed to + Python 3.11 due to some compatibility concerns. + - bpo-44600: Fix incorrect line numbers while tracing some failed + patterns in match statements. Patch by Charles Burkland. + - plenty of modifications in types.Union + +------------------------------------------------------------------- +Wed Jul 21 13:44:48 UTC 2021 - Matej Cepl + +- Update to 3.10.0b4: + https://docs.python.org/3.10/whatsnew/changelog.html#python-3-10-0-beta-4 +- Remove python3-imp-returntype.patch which has been upstreamed. + +------------------------------------------------------------------- +Mon Jun 7 15:52:44 UTC 2021 - Matej Cepl + +- Update to 3.10.0b2: + - PEP 623 -- Deprecate and prepare for the removal of the wstr + member in PyUnicodeObject. + - PEP 604 -- Allow writing union types as X | Y + - PEP 612 -- Parameter Specification Variables + - PEP 626 -- Precise line numbers for debugging and other + tools. + - PEP 618 -- Add Optional Length-Checking To zip. + - bpo-12782: Parenthesized context managers are now officially + allowed. + - PEP 632 -- Deprecate distutils module. + - PEP 613 -- Explicit Type Aliases + - PEP 634 -- Structural Pattern Matching: Specification + - PEP 635 -- Structural Pattern Matching: Motivation and + Rationale + - PEP 636 -- Structural Pattern Matching: Tutorial + - PEP 644 -- Require OpenSSL 1.1.1 or newer + - PEP 624 -- Remove Py_UNICODE encoder APIs + - PEP 597 -- Add optional EncodingWarning +- Removed patches (assumed upstream): + - sphinx-update-removed-function.patch + +------------------------------------------------------------------- +Sat Jun 5 21:21:38 UTC 2021 - Matej Cepl + +- Revert previous skip over test_capi +- Add skip-test_pyobject_freed_is_freed.patch to skip failing + test on SLE-15. + +------------------------------------------------------------------- +Fri Jun 4 21:36:30 UTC 2021 - Dirk Müller + +- allow build with Sphinx >= 3.x + +------------------------------------------------------------------- +Wed Jun 2 13:12:04 UTC 2021 - Dan Čermák + +- Exclude test_capi on Leap (test fails there) + +------------------------------------------------------------------- +Fri May 21 15:13:59 UTC 2021 - Matej Cepl + +- Stop providing "python" symbol (bsc#1185588), which means + python2 currently. + +------------------------------------------------------------------- +Wed May 5 15:16:58 UTC 2021 - Matej Cepl + +- Update to 3.9.5: + * Security + - bpo-43434: Creating a sqlite3.Connection object now also + produces a sqlite3.connect auditing event. Previously this + event was only produced by sqlite3.connect() calls. Patch + by Erlend E. Aasland. + - bpo-43882: The presence of newline or tab characters in + parts of a URL could allow some forms of attacks. + - Following the controlling specification for URLs defined by + WHATWG urllib.parse() now removes ASCII newlines and tabs + from URLs, preventing such attacks. + - bpo-43472: Ensures interpreter-level audit hooks receive + the cpython.PyInterpreterState_New event when called + through the _xxsubinterpreters module. + - bpo-36384: ipaddress module no longer accepts any leading + zeros in IPv4 address strings. Leading zeros are ambiguous + and interpreted as octal notation by some libraries. For + example the legacy function socket.inet_aton() treats + leading zeros as octal notatation. glibc implementation of + modern inet_pton() does not accept any leading zeros. For + a while the ipaddress module used to accept ambiguous + leading zeros. + - bpo-43075: Fix Regular Expression Denial of Service (ReDoS) + vulnerability in urllib.request.AbstractBasicAuthHandler. + The ReDoS-vulnerable regex has quadratic worst-case + complexity and it allows cause a denial of service when + identifying crafted invalid RFCs. This ReDoS issue is on + the client side and needs remote attackers to control the + HTTP server. + - bpo-42800: Audit hooks are now fired for frame.f_code, + traceback.tb_frame, and generator code/frame attribute + access. + * Core and Builtins + - bpo-43105: Importlib now resolves relative paths when + creating module spec objects from file locations. + - bpo-42924: Fix bytearray repetition incorrectly copying + data from the start of the buffer, even if the data is + offset within the buffer (e.g. after reassigning a slice at + the start of the bytearray to a shorter byte string). + * Library + - bpo-43993: Update bundled pip to 21.1.1. + - bpo-43937: Fixed the turtle module working with non-default + root window. + - bpo-43930: Update bundled pip to 21.1 and setuptools to + 56.0.0 + - bpo-43920: OpenSSL 3.0.0: load_verify_locations() now + returns a consistent error message when cadata contains no + valid certificate. + - bpo-43607: urllib can now convert Windows paths with \\?\ + prefixes into URL paths. + - bpo-43284: platform.win32_ver derives the windows version + from sys.getwindowsversion().platform_version which in turn + derives the version from kernel32.dll (which can be of + a different version than Windows itself). Therefore change + the platform.win32_ver to determine the version using the + platform module’s _syscmd_ver private function to return an + accurate version. + - bpo-42248: [Enum] ensure exceptions raised in _missing__ + are released + - bpo-43799: OpenSSL 3.0.0: define OPENSSL_API_COMPAT 1.1.1 + to suppress deprecation warnings. Python requires OpenSSL + 1.1.1 APIs. + - bpo-43794: Add ssl.OP_IGNORE_UNEXPECTED_EOF constants + (OpenSSL 3.0.0) + - bpo-43789: OpenSSL 3.0.0: Don’t call the password callback + function a second time when first call has signaled an + error condition. + - bpo-43788: The header files for ssl error codes are now + OpenSSL version-specific. Exceptions will now show correct + reason and library codes. The make_ssl_data.py script has + been rewritten to use OpenSSL’s text file with error codes. + - bpo-43655: tkinter dialog windows are now recognized as + dialogs by window managers on macOS and X Window. + - bpo-43534: turtle.textinput() and turtle.numinput() create + now a transient window working on behalf of the canvas + window. + - bpo-43522: Fix problem with hostname_checks_common_name. + OpenSSL does not copy hostflags from struct SSL_CTX to + struct SSL. + - bpo-42967: Allow bytes separator argument in + urllib.parse.parse_qs and urllib.parse.parse_qsl when + parsing str query strings. Previously, this raised + a TypeError. + - bpo-43176: Fixed processing of a dataclass that inherits + from a frozen dataclass with no fields. It is now correctly + detected as an error. + - bpo-41735: Fix thread locks in zlib module may go wrong in + rare case. Patch by Ma Lin. + - bpo-36470: Fix dataclasses with InitVars and replace(). + Patch by Claudiu Popa. + - bpo-32745: Fix a regression in the handling of ctypes’ + ctypes.c_wchar_p type: embedded null characters would cause + a ValueError to be raised. Patch by Zackery Spytz. + * Documentation + - bpo-43959: The documentation on the PyContextVar C-API was + clarified. + - bpo-43938: Update dataclasses documentation to express that + FrozenInstanceError is derived from AttributeError. + - bpo-43755: Update documentation to reflect that + unparenthesized lambda expressions can no longer be the + expression part in an if clause in comprehensions and + generator expressions since Python 3.9. + - bpo-43739: Fixing the example code in + Doc/extending/extending.rst to declare and initialize the + pmodule variable to be of the right type. + * Tests + - bpo-43961: Fix + test_logging.test_namer_rotator_inheritance() on Windows: + use os.replace() rather than os.rename(). Patch by Victor + Stinner. + - bpo-43842: Fix a race condition in the SMTP test of + test_logging. Don’t close a file descriptor (socket) from + a different thread while asyncore.loop() is polling the + file descriptor. Patch by Victor Stinner. + - bpo-43811: Tests multiple OpenSSL versions on GitHub + Actions. Use ccache to speed up testing. + - bpo-43791: OpenSSL 3.0.0: Disable testing of legacy + protocols TLS 1.0 and 1.1. Tests are failing with + TLSV1_ALERT_INTERNAL_ERROR. +- Refreshed patches: + - bpo-31046_ensurepip_honours_prefix.patch + - python-3.3.0b1-fix_date_time_compiler.patch +- Add vendorized files from bluez-devel to enable building support for + Bluetooth. + +------------------------------------------------------------------- +Sun May 2 09:20:06 UTC 2021 - Ben Greiner + +- Make sure to close the import_failed.map file after the exception + has been raised in order to avoid ResourceWarnings when the + failing import is part of a try...except block. + +------------------------------------------------------------------- +Wed Apr 28 16:39:54 UTC 2021 - Matej Cepl + +- Update to 3.9.4: + - bpo#43710: Reverted the fix for https://bugs.python.org/issue42500 + as it changed the PyThreadState struct size and broke the 3.9.x ABI + in the 3.9.3 release (visible on 32-bit platforms using binaries + compiled using an earlier version of Python 3.9.x headers). + - bpo#26053: Fixed bug where the pdb interactive run command echoed + the args from the shell command line, even if those have been + overridden at the pdb prompt. + - bpo#42988 (bsc#1183374) CVE-2021-3426: Remove the getfile + feature of the pydoc module which could be abused to read + arbitrary files on the disk (directory traversal + vulnerability). Moreover, even source code of Python modules + can contain sensitive data like passwords. Vulnerability + reported by David Schwörer. + - bpo#43285: ftplib no longer trusts the IP address value + returned from the server in response to the PASV command by + default. This prevents a malicious FTP server from using the + response to probe IPv4 address and port combinations on the + client network. Code that requires the former vulnerable + behavior may set a trust_server_pasv_ipv4_address attribute + on their ftplib.FTP instances to True to re-enable it. + - bpo#43439: Add audit hooks for gc.get_objects(), + gc.get_referrers() and gc.get_referents(). Patch by Pablo + Galindo. + - bpo#43660: Fix crash that happens when replacing sys.stderr + with a callable that can remove the object while an exception + is being printed. Patch by Pablo Galindo. + - bpo#43555: Report the column offset for SyntaxError for + invalid line continuation characters. Patch by Pablo Galindo. + - bpo#43517: Fix misdetection of circular imports when using + from pkg.mod import attr, which caused false positives in + non-trivial multi-threaded code. + - bpo#35883: Python no longer fails at startup with a fatal + error if a command line argument contains an invalid Unicode + character. The Py_DecodeLocale() function now escapes byte + sequences which would be decoded as Unicode characters + outside the [U+0000; U+10ffff] range. + - bpo#43406: Fix a possible race condition where + PyErr_CheckSignals tries to execute a non-Python signal + handler. + - bpo#42500: Improve handling of exceptions near recursion + limit. Converts a number of Fatal Errors in RecursionErrors. + - bpo#43433: xmlrpc.client.ServerProxy no longer ignores query + and fragment in the URL of the server. + - bpo#35930: Raising an exception raised in a “future” instance + will create reference cycles. + - bpo#43577: Fix deadlock when using ssl.SSLContext debug + callback with ssl.SSLContext.sni_callback(). + - bpo#43521: ast.unparse can now render NaNs and empty sets. + - bpo#43423: subprocess.communicate() no longer raises an + IndexError when there is an empty stdout or stderr IO buffer + during a timeout on Windows. + - bpo#27820: Fixed long-standing bug of smtplib.SMTP where + doing AUTH LOGIN with initial_response_ok=False will fail. + The cause is that SMTP.auth_login _always_ returns a password + if provided with a challenge string, thus non-compliant with + the standard for AUTH LOGIN. Also fixes bug with the test for + smtpd. + - bpo#43332: Improves the networking efficiency of http.client + when using a proxy via set_tunnel(). Fewer small send calls + are made during connection setup. + - bpo#43399: Fix ElementTree.extend not working on iterators + when using the Python implementation + - bpo#43316: The python -m gzip command line application now + properly fails when detecting an unsupported extension. It + exits with a non-zero exit code and prints an error message + to stderr. + - bpo#43260: Fix TextIOWrapper can not flush internal buffer + forever after very large text is written. + - bpo#42782: Fail fast in shutil.move() to avoid creating + destination directories on failure. + - bpo#37193: Fixed memory leak in socketserver.ThreadingMixIn + introduced in Python 3.7. + - bpo#43199: Answer “Why is there no goto?” in the Design and + History FAQ. + - bpo#43407: Clarified that a result from time.monotonic(), + time.perf_counter(), time.process_time(), or + time.thread_time() can be compared with the result from any + following call to the same function - not just the next + immediate call. + - bpo#27646: Clarify that ‘yield from ’ works with any + iterable, not just iterators. + - bpo#36346: Update some deprecated unicode APIs which are + documented as “will be removed in 4.0” to “3.12”. See PEP 623 + for detail. + - bpo#37945: Fix test_getsetlocale_issue1813() of test_locale: + skip the test if setlocale() fails. Patch by Victor Stinner. + - bpo#41561: Add workaround for Ubuntu’s custom OpenSSL + security level policy. + - bpo#43288: Fix test_importlib to correctly skip Unicode file + tests if the fileystem does not support them. + - bpo#43617: Improve configure.ac: Check for presence of + autoconf-archive package and remove our copies of M4 macros. + - bpo#42225: Document that IDLE can fail on Unix either from + misconfigured IP masquerage rules or failure displaying + complex colored (non-ascii) characters. + - bpo#43283: Document why printing to IDLE’s Shell is often + slower than printing to a system terminal and that it can be + made faster by pre-formatting a single string before + printing. + +------------------------------------------------------------------- +Fri Feb 19 16:58:38 UTC 2021 - Matej Cepl + +- Update to 3.9.2: + - bpo#42938 (bsc#1181126): Avoid static buffers when computing + the repr of ctypes.c_double and ctypes.c_longdouble + values. This issue was assigned CVE-2021-3177. + - bpo#42967 (bsc#1182379): Fix web cache poisoning + vulnerability by defaulting the query args separator to &, + and allowing the user to choose a custom separator. This + issue was assigned CVE-2021-23336. +- Upstreamed patches were removed: + - CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch + - bsc1167501-invalid-alignment.patch + - skip_random_failing_tests.patch + - CVE-2019-5010-null-defer-x509-cert-DOS.patch + +------------------------------------------------------------------- +Tue Feb 9 01:37:59 UTC 2021 - Steve Kowalik + +- Add Obsoletes for python3-base when primary interpreter is set to + properly replace it during upgrades. (bsc#1181324) + +------------------------------------------------------------------- +Mon Feb 8 22:02:03 UTC 2021 - Matej Cepl + +- Update to 3.9.1: + Security bugs: + - Prevented potential DoS attack via CPU and RAM exhaustion + when processing malformed Apple Property List files in binary + format. + - The plistlib module no longer accepts entity declarations in + XML plist files to avoid XML vulnerabilities. This should not + affect users as entity declarations are not used in regular + plist files. + - Add volatile to the accumulator variable in + hmac.compare_digest, making constant-time-defeating + optimizations less likely. + Core and Builtins + - Allow assignment expressions in set literals and set + comprehensions as per PEP 572. Patch by Pablo Galindo. + - Fix a regression introduced by the new parser, where an + unparenthesized walrus operator was not allowed within + generator expressions. + - types.GenericAlias objects can now be the targets of + weakrefs. + - Fixed a bug in the PEG parser that was causing crashes in + debug mode. Now errors are checked in left-recursive rules to + avoid cases where such errors do not get handled in time and + appear as long-distance crashes in other places. + - Fixed a possible crash in the PEG parser when checking for + the ‘!=’ token in the barry_as_flufl rule. Patch by Pablo + Galindo. + - Fix handling of errors during creation of PyFunctionObject, + which resulted in operations on uninitialized memory. Patch + by Yonatan Goldschmidt. + - Fix a bug in the parser, where a curly brace following + a primary didn’t fail immediately. This led to invalid + expressions like a {b} to throw a SyntaxError with a wrong + offset, or invalid expressions ending with a curly brace like + a { to not fail immediately in the REPL. + - Fix possible buffer overflow in the new parser when checking + for continuation lines. Patch by Pablo Galindo. + - Run the parser two times. On the first run, disable all the + rules that only generate better error messages to gain + performance. If there’s a parse failure, run the parser + a second time with those enabled. + - Document the default implementation of object.__eq__. + - Fix peephole optimizer misoptimize conditional jump + + JUMP_IF_NOT_EXC_MATCH pair. + - The garbage collector now tracks all user-defined classes. + Patch by Brandt Bucher. + - Fixed potential issues with removing not completely + initialized module from sys.modules when import fails. + - Star-unpacking is now allowed for with item’s targets in the + PEG parser. + - Fixed stack overflow in issubclass() and isinstance() when + getting the __bases__ attribute leads to infinite recursion. + - When loading a native module and a load failure occurs, + prevent a possible UnicodeDecodeError when not running in + a UTF-8 locale by decoding the load error message using the + current locale’s encoding. + - Correctly count control blocks in ‘except’ in compiler. + Ensures that a syntax error, rather a fatal error, occurs for + deeply nested, named exception handlers. + Library + - types.GenericAlias will now raise a TypeError when attempting + to initialize with a keyword argument. Previously, this would + cause the interpreter to crash if the interpreter was + compiled with debug symbols. This does not affect + interpreters compiled for release. Patch by Ken Jin. + - CGIHTTPRequestHandler.run_cgi() HTTP_ACCEPT improperly + parsed. Replace the special purpose getallmatchingheaders + with generic get_all method and add relevant tests. + - inspect.findsource() now raises OSError instead of IndexError + when co_lineno of a code object is greater than the file + length. This can happen, for example, when a file is edited + after it was imported. PR by Irit Katriel. + - Fix handling of trailing comments by inspect.getsource(). + - ChainMap.__iter__ no longer calls __getitem__ on underlying + maps + - TracebackException no longer holds a reference to the + exception’s traceback object. Consequently, instances of + TracebackException for equivalent but non-equal exceptions + now compare as equal. + - We fixed an issue in pickle.whichmodule in which importing + multiprocessing could change the how pickle identifies which + module an object belongs to, potentially breaking the + unpickling of those objects. + - Clarify the error message for asyncio.IncompleteReadError + when expected is None. + - Extracting a symlink from a tarball should succeed and + overwrite the symlink if it already exists. The fix is to + remove the existing file or symlink before extraction. Based + on patch by Chris AtLee, Jeffrey Kintscher, and Senthil + Kumaran. + - Fixed tkinter.ttk.Style.map(). The function accepts now the + representation of the default state as empty sequence (as + returned by Style.map()). The structure of the result is now + the same on all platform and does not depend on the value of + wantobjects. + - Fix various issues with typing.Literal parameter handling + (flatten, deduplicate, use type to cache key). Patch provided + by Yurii Karabas. + - Fix the threading.Thread class at fork: do nothing if the + thread is already stopped (ex: fork called at Python exit). + Previously, an error was logged in the child process. + - The onerror callback from shutil.rmtree now receives correct + function when os.open fails. + - Fix os.sendfile() on illumos. + - Fixed writing binary Plist files larger than 4 GiB. + - The repr() of typing types containing Generic Alias Types + previously did not show the parameterized types in the + GenericAlias. They have now been changed to do so. + - webbrowser: Ignore NotADirectoryError when calling + xdg-settings. + - binhex.binhex() consisently writes macOS 9 line endings. + - Fix a stack overflow error for asyncio Task or Future repr(). + - The overflow occurs under some circumstances when a Task or + Future recursively returns itself. + - Fix memory leak in subprocess.Popen() in case an uid (gid) + specified in user (group, extra_groups) overflows uid_t + (gid_t). + - Improve asyncio.wait function to create the futures set just + one time. + - InvalidFileException and RecursionError are now the only + errors caused by loading malformed binary Plist file + (previously ValueError and TypeError could be raised in some + specific cases). + - Pickling heap types implemented in C with protocols 0 and + 1 raises now an error instead of producing incorrect data. + - plistlib: fix parsing XML plists with hexadecimal integer + values + - Fix an incorrectly formatted error from + _codecs.charmap_decode() when called with a mapped value + outside the range of valid Unicode code points. PR by Max + Bernstein. + - Fix pickling pure Python datetime.time subclasses. Patch by + Dean Inwood. + - Fixed a bug that was causing ctypes.util.find_library() to + return None when triying to locate a library in an + environment when gcc>=9 is available and ldconfig is not. + Patch by Pablo Galindo + - C14N 2.0 serialisation in xml.etree.ElementTree failed for + unprefixed attributes when a default namespace was defined. + - Fix a bug in the symtable module that was causing + module-scope global variables to not be reported as both + local and global. Patch by Pablo Galindo. + - str() for the type attribute of the tkinter.Event object + always returns now the numeric code returned by Tk instead of + the name of the event type. + - fix tkinter.EventType Enum so all members are strings, and + none are tuples + - Fix SQLite3 segfault when backing up closed database. Patch + contributed by Peter David McCormick. + - Fix the tarfile module to write only basename of TAR file to + GZIP compression header. + - Allow ctypes.wintypes to be imported on non-Windows systems. + - shutil.which() now ignores empty entries in PATHEXT instead + of treating them as a match. + - Fix time-of-check/time-of-action issue in + subprocess.Popen.send_signal. + - Fix --outfile for cProfile / profile not writing the output + file in the original directory when the program being + profiled changes the working directory. PR by Anthony + Sottile. + - ZipFile truncates files to avoid corruption when a shorter + comment is provided in append (“a”) mode. Patch by Jan Mazur. + - Fixed KeyError exception when flattening an email to a string + attempts to replace a non-existent Content-Transfer-Encoding + header. + Documentation + - Fix the URL for the IMAP protocol documents. + - Document __format__ functionality for IP addresses. + - Clarify that subscription expressions are also valid for + certain classes and types in the standard library, and for + user-defined classes and types if the classmethod + __class_getitem__() is provided. + - Documented generic alias type and types.GenericAlias. Also + added an entry in glossary for generic types. + - In Programming FAQ “Sequences (Tuples/Lists)” section, add + “How do you remove multiple items from a list”. + - Fix RemovedInSphinx40Warning when building the documentation. + Patch by Dong-hee Na. + - Update the refcounts info of PyType_FromModuleAndSpec. + - Fix tarfile’s extractfile documentation + - Document some restrictions on the default string + representations of numeric classes. + Tests + - Reenable test_gdb on gdb 9.2 and newer: + https://bugzilla.redhat.com/show_bug.cgi?id=1866884 bug is + fixed in gdb 10.1. + - Fix test_asyncio.test_call_later() race condition: don’t + measure asyncio performance in the call_later() unit test. + The test failed randomly on the CI. + - Include _testinternalcapi module in Windows installer for + test suite + - Fix test_logging.test_race_between_set_target_and_flush(): + the test now waits until all threads complete to avoid + leaking running threads. + - Avoid a test failure in test_lib2to3 if the module has + already imported at the time the test executes. Patch by + Pablo Galindo. + - Tests for CJK codecs no longer call eval() on content + received via HTTP. + - Fix test_site.test_license_exists_at_url(): call + urllib.request.urlcleanup() to reset the global + urllib.request._opener. Patch by Victor Stinner. + - test_ssl: skip test_min_max_version_mismatch when TLS 1.0 is + not available + - Add tests for SIGINT handling in the runpy module. + - Fixed a failure in test_tk.test_widgets.ScaleTest happening + when executing the test with Tk 8.6.10. + Build + - Fix a race condition in “make regen-all” when make -jN option + is used to run jobs in parallel. The clinic.py script now + only use atomic write to write files. Moveover, generated + files are now left unchanged if the content does not change, + to not change the file modification time. + - Update Py_UNREACHABLE to use __builtin_unreachable() if only + the compiler is able to use it. Patch by Dong-hee Na. + - Addressed three compiler warnings found by undefined behavior + sanitizer (ubsan). + IDLE + - Fix reporting offset of the RE error in searchengine. + - Get docstrings for IDLE calltips more often by using + inspect.getdoc. + - Mostly finish using ttk widgets, mainly for editor, settings, + and searches. Some patches by Mark Roseman. + - Use ‘IDLE Shell’ as shell title + - Rewrite the Calltips doc section. + - In calltips, stop reminding that ‘/’ marks the end of + positional-only arguments. + - Typing opening and closing parentheses inside the parentheses + of a function call will no longer cause unnecessary + “flashing” off and on of an existing open call-tip, e.g. when + typed in a string literal. + C API + - Fix potential crash in deallocating method objects when + dynamically allocated PyMethodDef’s lifetime is managed + through the self argument of a PyCFunction. + - Py_FileSystemDefaultEncodeErrors and Py_UTF8Mode are + available again in limited API. +- Readjustet and reapplied patches: + - CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch + - bpo-31046_ensurepip_honours_prefix.patch + - python-3.3.0b1-fix_date_time_compiler.patch + - skip_random_failing_tests.patch + - sphinx-update-removed-function.patch + +------------------------------------------------------------------- +Fri Jan 29 17:22:48 UTC 2021 - Matej Cepl + +- Add CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch fixing + bsc#1181126 (CVE-2021-3177) buffer overflow in PyCArg_repr in + _ctypes/callproc.c, which may lead to remote code execution. + +------------------------------------------------------------------- +Tue Jan 5 09:15:36 UTC 2021 - Matej Cepl + +- (bsc#1180125) We really don't Require python-rpm-macros package. + Unnecessary dependency. + +------------------------------------------------------------------- +Wed Dec 16 16:08:42 UTC 2020 - Matej Cepl + +- Make python39-doc building again +- Add no-skipif-doctests.patch, because SLE-15 version of Sphinx + doesn't know about skipif directive in doctests. + +------------------------------------------------------------------- +Sat Dec 12 14:29:33 UTC 2020 - Matej Cepl + +- Update sphinx-update-removed-function.patch patch to the latest + version in python36. + +------------------------------------------------------------------- +Thu Dec 10 00:26:51 UTC 2020 - Benjamin Greiner + +- Last try before this results in an editwar: + * remove importlib_resources and importlib-metadata + provides/obsoletes + * import importlib_resources is not the same as + import importlib.resources, same for metadata + * The backport packages from PyPI needed for older flavors are + specified as such for setuptools or in pyproject.toml. If a + package requires them they typically add them with a python + version qualifier and the packages have their own version + numbers. + +------------------------------------------------------------------- +Sat Dec 5 16:55:12 UTC 2020 - Matej Cepl + +- Add patch sphinx-update-removed-function.patch to no longer call + a now removed function and to make documentation build independent of + the Sphinx version (bsc#1179630, gh#python/cpython#13236). + +------------------------------------------------------------------- +Fri Nov 13 17:20:08 UTC 2020 - Matej Cepl + +- Don't require packages which break build on SLE-15 although we really + don't need them (python3-python-docs-theme and + python3-sphinxcontrib-qthelp). + +------------------------------------------------------------------- +Fri Oct 9 16:05:50 UTC 2020 - Dominique Leuenberger + +- Fix build with RPM 4.16: error: bare words are no longer + supported, please use "...": x86 == ppc. + +------------------------------------------------------------------- +Tue Oct 6 07:30:56 UTC 2020 - Matej Cepl + +- Update to the final version 3.9.0: + Complete changelog with all (many) + changes from previous version is on + https://docs.python.org/release/3.9.0/whatsnew/3.9.html + Changes from the previous RC versions (not that many) are on + https://docs.python.org/release/3.9.0/whatsnew/changelog.html#changelog + +------------------------------------------------------------------- +Fri Sep 25 06:58:03 UTC 2020 - Dominique Leuenberger + +- Buildrequire timezone only for general flavor. It's used in this + flavor for the test suite. + +------------------------------------------------------------------- +Wed Sep 2 14:39:44 UTC 2020 - Matej Cepl + +- Update to 3.9.0rc1: + * Core and Builtins + - bpo-38156: Handle interrupts that come after EOF + correctly in PyOS_StdioReadline. + * Library + - bpo-41497: Fix potential UnicodeDecodeError in dis + module. + - bpo-41490: Update ensurepip to install pip 20.2.1 and + setuptools 49.2.1. + - bpo-41467: On Windows, fix asyncio recv_into() return + value when the socket/pipe is closed (BrokenPipeError): + return 0 rather than an empty byte string (b''). + - bpo-41425: Make tkinter doc example runnable. + - bpo-41384: Raise TclError instead of TypeError when an + unknown option is passed to tkinter.OptionMenu. + - bpo-38731: Fix NameError in command-line interface of + py_compile. + - bpo-41317: Use add_done_callback() in + asyncio.loop.sock_accept() to unsubscribe reader early on + cancellation. + - bpo-41364: Reduce import overhead of uuid. + - bpo-41341: Recursive evaluation of typing.ForwardRef in + get_type_hints. + - bpo-41182: selector: use DefaultSelector based upon + implementation + - bpo-40726: Handle cases where the end_lineno is None on + ast.increment_lineno(). + * Documentation + - bpo-41045: Add documentation for debug feature of + f-strings. + - bpo-41314: Changed the release when from __future__ + import annotations becomes the default from 4.0 to 3.10 + (following a change in PEP 563). + * Windows + - bpo-41492: Fixes the description that appears in UAC + prompts. + - bpo-40948: Improve post-install message to direct people + to the “py” command. + - bpo-41412: The installer will now fail to install on + Windows 7 and Windows 8. Further, the UCRT dependency is + now always downloaded on demand. + - bpo-40741: Update Windows release to include SQLite + 3.32.3. + * IDLE + - bpo-41468: Improve IDLE run crash error message (which + users should never see). + - bpo-41373: Save files loaded with no line ending, as when + blank, or different line endings, by setting its line + ending to the system default. Fix regression in 3.8.4 and + 3.9.0b4. + +------------------------------------------------------------------- +Tue Sep 1 10:15:06 UTC 2020 - Matej Cepl + +- Synchronize formatting and fixes with python38. + +------------------------------------------------------------------- +Thu Aug 20 15:41:28 UTC 2020 - Andreas Schwab + +- Increase testsuite timeout to account for super long running + test_peg_generator + +------------------------------------------------------------------- +Tue Jul 21 09:53:06 UTC 2020 - Callum Farmer + +- Removed CVE-2019-20907_tarfile-inf-loop.patch: fixed in upstream +- Removed recursion.tar: contained in upstream +- Update to 3.9.0b5: + - bpo-41304: Fixes python3x._pth being ignored on Windows, caused + by the fix for bpo-29778 (CVE-2020-15801). + - bpo-41162: Audit hooks are now cleared later during + finalization to avoid missing events. + - bpo-29778: Ensure python3.dll is loaded from correct locations + when Python is embedded (CVE-2020-15523). + - bpo-39603: Prevent http header injection by rejecting control + characters in http.client.putrequest(…). + - bpo-41295: Resolve a regression in CPython 3.8.4 where defining + “__setattr__” in a multi-inheritance setup and + calling up the hierarchy chain could fail if builtins/extension + types were involved in the base types. + - bpo-41247: Always cache the running loop holder when running + asyncio.set_running_loop. + - bpo-41252: Fix incorrect refcounting in + _ssl.c’s _servername_callback(). + - bpo-41215: Use non-NULL default values in the PEG parser + keyword list to overcome a bug that was ' + preventing Python from being properly compiled when using the + XLC compiler. Patch by Pablo Galindo. + - bpo-41218: Python 3.8.3 had a regression where compiling with + ast.PyCF_ALLOW_TOP_LEVEL_AWAIT would + aggressively mark list comprehension with CO_COROUTINE. Now only + list comprehension making use of async/await will tagged as so. + - bpo-41175: Guard against a NULL pointer dereference within + bytearrayobject triggered by the bytearray() + bytearray() operation. + - bpo-39960: The “hackcheck” that prevents sneaking around a type’s + __setattr__() by calling the superclass method was + rewritten to allow C implemented heap types. + - bpo-41288: Unpickling invalid NEWOBJ_EX opcode with the + C implementation raises now UnpicklingError instead of crashing. + - bpo-39017: Avoid infinite loop when reading specially crafted + TAR files using the tarfile module (CVE-2019-20907, bsc#1174091). + - bpo-41235: Fix the error handling in ssl.SSLContext.load_dh_params(). + - bpo-41207: In distutils.spawn, restore expectation that + DistutilsExecError is raised when the command is not found. + - bpo-39168: Remove the __new__ method of typing.Generic. + - bpo-41194: Fix a crash in the _ast module: it can no longer be + loaded more than once. It now uses a global state rather than a module state. + - bpo-39384: Fixed email.contentmanager to allow set_content() to set a + null string. + - bpo-41300: Save files with non-ascii chars. + Fix regression released in 3.9.0b4 and 3.8.4. + - bpo-37765: Add keywords to module name completion list. + Rewrite Completions section of IDLE doc. + - bpo-40170: Revert PyType_HasFeature() change: it reads + again directly the PyTypeObject.tp_flags + member when the limited C API is not used, rather than always calling + PyType_GetFlags() which hides implementation details. + +------------------------------------------------------------------- +Mon Jul 20 12:06:41 UTC 2020 - Matej Cepl + +- Add CVE-2019-20907_tarfile-inf-loop.patch fixing bsc#1174091 + (CVE-2019-20907, bpo#39017) avoiding possible infinite loop + in specifically crafted tarball. + Add recursion.tar as a testing tarball for the patch. + +------------------------------------------------------------------- +Fri Jul 17 07:07:19 UTC 2020 - Callum Farmer + +- Changed bpo-31046_ensurepip_honours_prefix.patch to include fix from py3.8 + +------------------------------------------------------------------- +Thu Jul 16 21:45:50 UTC 2020 - Callum Farmer + +- Spec file fixes +- Re-added subprocess-raise-timeout.patch: now compatible +- Removed bpo34022-stop_hash-based_invalidation_w_SOURCE_DATE_EPOCH.patch: contained in upstream + +------------------------------------------------------------------- +Wed Jul 15 09:10:42 UTC 2020 - Tomáš Chvátal + +- Fix minor issues found in the staging. + +------------------------------------------------------------------- +Wed Jul 15 06:13:33 UTC 2020 - Tomáš Chvátal + +- Do not set ourselves as primary interpreter + +------------------------------------------------------------------- +Tue Jul 14 20:45:11 UTC 2020 - Matej Cepl + +- Update to 3.9.0b4: + - PEP 584, Union Operators in dict + - PEP 585, Type Hinting Generics In Standard Collections + - PEP 593, Flexible function and variable annotations + - PEP 602, Python adopts a stable annual release cadence + - PEP 615, Support for the IANA Time Zone Database in the + Standard Library + - PEP 616, String methods to remove prefixes and suffixes + - PEP 617, New PEG parser for CPython + - bpo#38379, garbage collection does not block on resurrected + objects; + - bpo#38692, os.pidfd_open added that allows process + management without races and signals; + - bpo#39926, Unicode support updated to version 13.0.0; + - bpo#1635741, when Python is initialized multiple times in + the same process, it does not leak memory anymore; + - A number of Python builtins (range, tuple, set, frozenset, + list, dict) are now sped up using PEP 590 vectorcall; + - A number of Python modules (_abc, audioop, _bz2, _codecs, + _contextvars, _crypt, _functools, _json, _locale, operator, + resource, time, _weakref) now use multiphase initialization + as defined by PEP 489; + - A number of standard library modules (audioop, ast, grp, + _hashlib, pwd, _posixsubprocess, random, select, struct, + termios, zlib) are now using the stable ABI defined by + PEP 384. +- Remove upstreamed patches: + - F00102-lib64.patch + - SUSE-FEDORA-multilib.patch + - OBS_dev-shm.patch + - subprocess-raise-timeout.patch + - bpo36302-sort-module-sources.patch + - bpo40784-Fix-sqlite3-deterministic-test.patch + +------------------------------------------------------------------- +Fri Jul 10 10:55:15 UTC 2020 - Tomáš Chvátal + +- Update pre_checkin.sh and regenerate + +------------------------------------------------------------------- +Fri Jul 10 10:11:39 UTC 2020 - Tomáš Chvátal + +- Convert few dependencies to their pkgconfig counterparts + +------------------------------------------------------------------- +Fri Jul 10 10:08:48 UTC 2020 - Tomáš Chvátal + +- Remove release requirement on libpython, it is not really needed + to be equal as the abi changes with versions + +------------------------------------------------------------------- +Fri Jul 10 10:07:50 UTC 2020 - Tomáš Chvátal + +- Add provides python3-bla on all the subpkgs in case we are + primary provider of the functionality + +------------------------------------------------------------------- +Fri Jul 10 10:02:01 UTC 2020 - Tomáš Chvátal + +- Remove unversioned files from devel subpkg too +- Remove main python3 files from -base based whether we are + primary interpreter or not +- Fix idle to be co-installable +- Add condition to be primary to provide/obsolete python3-* +- Fix doc to build in versioned folder so the pythons can be + installed next to each other + +------------------------------------------------------------------- +Fri Jul 10 07:57:10 UTC 2020 - Tomáš Chvátal + +- Revert the full versioning of calls on the macros. These + are generic so they should really just call python3 X + +------------------------------------------------------------------- +Fri Jul 10 07:56:11 UTC 2020 - Tomáš Chvátal + +- For the doc package we can build with generic flavor, we don't + need the our-interpreter based one + +------------------------------------------------------------------- +Fri Jul 10 07:18:53 UTC 2020 - Tomáš Chvátal + +- Add provides for pytohn3X-typing/etc to allow BR on those still + to work when needed + +------------------------------------------------------------------- +Fri Jul 10 07:14:33 UTC 2020 - Tomáš Chvátal + +- Change macros.python3 to use full versioned 3.8 instead of just 3 + for python interpreter + +------------------------------------------------------------------- +Wed Jul 1 11:50:19 UTC 2020 - Tomáš Chvátal + +- Reduce some now unused conditionals + +------------------------------------------------------------------- +Wed Jul 1 11:00:40 UTC 2020 - Tomáš Chvátal + +- Redux the -base dependencies to match up pre-merge layout + +------------------------------------------------------------------- +Wed Jul 1 09:24:39 UTC 2020 - Tomáš Chvátal + +- Generate baselibs in pre-checkin too + +------------------------------------------------------------------- +Wed Jul 1 09:14:33 UTC 2020 - Tomáš Chvátal + +- Generate the importlib-failed using pre_checking again +- Add back the information about skipped tests on the pre_checkin + output + +------------------------------------------------------------------- +Tue Jun 30 07:11:19 UTC 2020 - Tomáš Chvátal + +- Use %python_pkg_name instead of hardcoding python3 where + applicable +- Sort out preamble with spec-cleaner + +------------------------------------------------------------------- +Mon Jun 29 14:36:10 UTC 2020 - Matej Cepl + +- Calculate required variables instead of relying on their continuous manual update + +------------------------------------------------------------------- +Thu Jun 25 10:44:08 UTC 2020 - Tomáš Chvátal + +- Fix the -base module build again to generate only the deps + we need + +------------------------------------------------------------------- +Wed Jun 17 18:42:51 UTC 2020 - Matej Cepl + +- Replace OBS_dev-shm.patch with the upstream PR#20944 + +------------------------------------------------------------------- +Thu Jun 10 14:30:15 UTC 2020 - Tomáš Chvátal + +- Use the %{python_pkg_name} on more places to allow easier + multiversioning +- Switch to _multibuild approach for easier maintenance of this + package. All is now in one spec file with 3 conditionals: + * bcond_with base + * bcond_with doc + * bcond_with general + +------------------------------------------------------------------- +Mon Jun 8 14:26:00 UTC 2020 - Matej Cepl + +- add requires python3-base on libpython subpackage (bsc#1167008) + +------------------------------------------------------------------- +Fri Jun 5 06:08:12 UTC 2020 - Dirk Mueller + +- build against Sphinx 2.x until python is compatible with + Sphinx 3.x (see gh#python/cpython#19397, bpo#40204) + +------------------------------------------------------------------- +Fri May 29 19:59:01 UTC 2020 - Andreas Stieger + +- Fix build with SQLite 3.32 (bpo#40783) + add bpo40784-Fix-sqlite3-deterministic-test.patch + +------------------------------------------------------------------- +Sun May 17 15:37:35 UTC 2020 - Callum Farmer + +- Update to version 3.8.3: + - Complete list of changes is available at + https://docs.python.org/release/3.8.3/whatsnew/changelog.html#python-3-8-3-final, + but most of them are just bugfixes. + - Removed patch CVE-2020-8492-urllib-ReDoS.patch: contained in upstream + +------------------------------------------------------------------- +Thu Apr 16 12:06:01 UTC 2020 - Matej Cepl + +- Add #!BuildIgnore: gdk-pixbuf-loader-rsvg to python3 SPEC + +------------------------------------------------------------------- +Thu Mar 26 15:36:55 UTC 2020 - Matej Cepl + +- Add patch bsc1167501-invalid-alignment.patch + (bsc#1167501, bpo#40052) to fix alignment in abstract.h header file. + +------------------------------------------------------------------- +Wed Mar 11 11:09:41 UTC 2020 - Andreas Schwab + +- Update list of skipped tests for qemu linux-user build, test_setegid + (test.test_os.PosixUidGidTests) is confusing it + +------------------------------------------------------------------- +Thu Mar 5 18:40:29 UTC 2020 - Matej Cepl + +- Update to 3.8.2: + - Complete list of changes is available at + https://docs.python.org/release/3.8.2/whatsnew/changelog.html#python-3-8-2-final, + but most of them are just bugfixes. + - Updated patches: + - F00102-lib64.patch + - OBS_dev-shm.patch + - SUSE-FEDORA-multilib.patch + - subprocess-raise-timeout.patch + +------------------------------------------------------------------- +Sun Feb 9 00:14:24 CET 2020 - Matej Cepl + +- Add CVE-2020-8492-urllib-ReDoS.patch fixing the security bug + "Python urrlib allowed an HTTP server to conduct Regular + Expression Denial of Service (ReDoS)" (bsc#1162367) + +------------------------------------------------------------------- +Sat Feb 8 22:21:10 CET 2020 - Matej Cepl + +- Add Requires: libpython%{so_version} == %{version}-%{release} + to python3-base to keep both packages always synchronized + (bsc#1162224). + +------------------------------------------------------------------- +Mon Feb 3 20:27:54 UTC 2020 - Tomáš Chvátal + +- Do not pull in bluez in base again, explain the cycle, + it needs to be solved by bluez maintainer for us by providing + just the headers separately + +------------------------------------------------------------------- +Mon Feb 3 19:54:25 UTC 2020 - Tomáš Chvátal + +- Reame idle icons to idle3 in order to not conflict with python2 + variant of the package + * renamed the icons + * renamed icon load in desktop file + +------------------------------------------------------------------- +Thu Jan 16 09:50:03 UTC 2020 - Tomáš Chvátal + +- Add importlib_resources provide/obsolete as it is integral + part of the lang since 3.7 release + +------------------------------------------------------------------- +Mon Jan 13 11:10:47 UTC 2020 - Martin Liška + +- Add -fno-semantic-interposition as it brings speed up: + https://fedoraproject.org/wiki/Changes/PythonNoSemanticInterpositionSpeedup + +------------------------------------------------------------------- +Thu Dec 19 16:25:26 CET 2019 - Matej Cepl + +- Update to 3.8.1: + - This is mainly bugfix release and no significant changes to + API are expected. The full changelog is available on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-1 + - Remove bpo-38688_shutil.copytree_prevent-infinite-recursion.patch, + which is included in the upstream tarball. + +------------------------------------------------------------------- +Thu Dec 19 14:57:32 CET 2019 - Matej Cepl + +- Add bpo-31046_ensurepip_honours_prefix.patch which makes + ensurepip to honour the value of $(prefix). Proposed fix for + bpo#31046.. + +------------------------------------------------------------------- +Tue Dec 10 11:07:16 UTC 2019 - Tomáš Chvátal + +- Move bluez-devel dependency to base as it is needed for + socket.AF_BLUETOOTH and otherwise does not work + +------------------------------------------------------------------- +Mon Dec 2 16:52:32 CET 2019 - Matej Cepl + +- Reintroduce QtHelp with the help of the new BR + python-sphinxcontrib-qthelp. + +------------------------------------------------------------------- +Mon Oct 21 18:51:00 UTC 2019 - Stefan Brüns + +- Fix SUSE-FEDORA-multilib.patch, the platform agnostic infix for + library installation is "lib", not "dir". + +------------------------------------------------------------------- +Thu Oct 17 14:19:20 UTC 2019 - Stefan Brüns + +- Move idle subpackage build from python3-base to python3. + appstream-glib required for packaging introduces considerable + extra dependencies and a build loop via rust/librsvg. +- Correct installation of idle IDE icons: + + idle.png is not the target directory + + non-GNOME-specific icons belong into icons/hicolor +- Add required Name key to idle3 desktop file + +------------------------------------------------------------------- +Tue Oct 15 16:39:12 CEST 2019 - Matej Cepl + +- Update to the final release 3.8.0. . + - New Features: + - Assignment expressions + - Positional-only parameters + - Parallel filesystem cache for compiled bytecode files + - Debug build uses the same ABI as release build + - f-strings support = for self-documenting expressions and + debugging + - PEP 578: Python Runtime Audit Hooks + - PEP 587: Python Initialization Configuration + - Vectorcall: a fast calling protocol for CPython + - Pickle protocol 5 with out-of-band data buffers + - New modules: + - importlib.metadata + - Improved modules: + - ast asyncio, builtins, collections, curses, ctypes, + datetime, functools, gc, gettext, gzip, idelib and IDLE, + inspect, io, json.tool, math, mmap, multiprocessing, os, + os.path, pathlib, pickle, plistlib, py_compile, shlex, + shutil, socket, ssl, statistics, sys, tarfile, threading, + tokenize, tkinter, time, typing, unicodedata, unittest, + venv, weakref, xml + - C API improvements + - bdist_winnst command has been deprecated (use bdist_wheel) +- https://docs.python.org/3.8/whatsnew/3.8.html remains rest of + changes including documentation on how to port your programs to + the current version of Python. + +------------------------------------------------------------------- +Mon Oct 14 15:02:08 CEST 2019 - Matej Cepl + +- Add idle3.appdata.xml and idle3.desktop (originally from + Fedora) to make Idle3 full GUI desktop application. + (bsc#1153830) + +------------------------------------------------------------------- +Wed Oct 9 19:09:16 UTC 2019 - Michael Gorse + +- Drop intltool from BuildRequires. Doesn't appear to be used. + +------------------------------------------------------------------- +Wed Oct 9 10:37:59 UTC 2019 - Tomáš Chvátal + +- Add folder version to allow tarball downloads even for beta/rc + releases + +------------------------------------------------------------------- +Tue Oct 8 14:53:54 CEST 2019 - Matej Cepl + +- Revert patches from Fedora (F00102-lib64.patch and + F00251-change-user-install-location.patch) into their original + prisitine Fedora versions, SUSE-FEDORA-multilib.patch refreshed + accordingly. + +------------------------------------------------------------------- +Mon Oct 7 14:33:30 UTC 2019 - Matej Cepl + +- Correct quotation of platsubdir in Lib/distutils/command/install.py + +------------------------------------------------------------------- +Thu Oct 3 13:59:57 CEST 2019 - Matej Cepl + +- Replace python-3.6.0-multilib.patch with two patches from + Fedora (F00102-lib64.patch and + F00251-change-user-install-location.patch), and our own + SUSE-FEDORA-multilib.patch to allow better cooperation with + Fedora and better upstreaming. +- Add OBS_dev-shm.patch fixing bpo#38377 + +------------------------------------------------------------------- +Thu Oct 3 08:39:18 UTC 2019 - Tomáš Chvátal + +- Pull in just gettext and let solver to sort out between: + gettext-runtime-mini and gettext-runtime + +------------------------------------------------------------------- +Wed Oct 2 15:00:09 CEST 2019 - Matej Cepl + +- Update to 3.8.0rc1. Overall changes from 3.7: + - PEP 572, Assignment expressions + - PEP 570, Positional-only arguments + - PEP 587, Python Initialization Configuration (improved + embedding) + - PEP 590, Vectorcall: a fast calling protocol for CPython + - PEP 578, Runtime audit hooks + - PEP 574, Pickle protocol 5 with out-of-band data + - Typing-related: PEP 591 (Final qualifier), PEP 586 (Literal + types), and PEP 589 (TypedDict) + - Parallel filesystem cache for compiled bytecode + - Debug builds share ABI as release builds, also the 'm' ABI + tag was removed (irrelevant since 3.4), bpo#36707 + - f-strings support a handy = specifier for debugging + - continue is now legal in finally: blocks + - on Windows, the default asyncio event loop is now + ProactorEventLoop + - on macOS, the spawn start method is now used by default in + multiprocessing + - multiprocessing can now use shared memory segments to avoid + pickling costs between processes + - typed_ast is merged back to CPython + - LOAD_GLOBAL is now 40% faster + - pickle now uses Protocol 4 by default, improving performance +- Refreshed patches: + - CVE-2019-5010-null-defer-x509-cert-DOS.patch + - python-3.3.0b1-fix_date_time_compiler.patch + - python-3.6.0-multilib.patch + - subprocess-raise-timeout.patch + +------------------------------------------------------------------- +Wed Sep 25 09:46:41 UTC 2019 - Bernhard Wiedemann + +- Add bpo36302-sort-module-sources.patch (boo#1041090) + +------------------------------------------------------------------- +Tue Sep 10 13:43:18 UTC 2019 - Tomáš Chvátal + +- Try harder obsoleting importlib-metadata + +------------------------------------------------------------------- +Sat Aug 31 00:16:47 CEST 2019 - Matej Cepl + +- Update to 3.8.0b4: + Many bugfixes, full list on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-0-beta-4 + +------------------------------------------------------------------- +Thu Aug 29 06:28:15 UTC 2019 - Guillaume GARDET + +- Re-enable test_threading on aarch64 + +------------------------------------------------------------------- +Sat Aug 17 13:21:15 UTC 2019 - John Vandenberg + +- Remove xrpm from subpackage tk description + +------------------------------------------------------------------- +Tue Aug 6 14:24:55 CEST 2019 - Matej Cepl + +- Update to 3.8.0b3: + Many bugfixes, full list on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-0-beta-3 +- Patches reapplied: + - python-3.3.0b1-fix_date_time_compiler.patch + - python-3.3.0b1-test-posix_fadvise.patch + - python-3.6.0-multilib.patch + - subprocess-raise-timeout.patch + +------------------------------------------------------------------- +Tue Jul 23 13:20:49 UTC 2019 - Matej Cepl + +- Add Provides: python3-importlib-metadata + +------------------------------------------------------------------- +Sun Jul 7 19:08:48 CEST 2019 - Matej Cepl + +- Update to 3.8.0b2: + Many bugfixes, full list on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-0-beta-2 +- Patches included in upstream: + - bpo-37169_PyObject_IsFreed.patch +- Patches reapplied: + - 00251-change-user-install-location.patch + - distutils-reproducible-compile.patch + - python-3.3.0b1-localpath.patch + - python-3.6.0-multilib.patch + +------------------------------------------------------------------- +Tue Jul 2 09:03:04 UTC 2019 - Andreas Schwab + +- Update list of skipped tests for qemu linux-user build +- Don't do profiling in qemu linux-user build + +------------------------------------------------------------------- +Wed Jun 5 12:19:09 CEST 2019 - Matej Cepl + +- Update to 3.8.0b1 (changes since 3.7.*): + - PEP 572, Assignment expressions + - PEP 570, Positional-only arguments + - PEP 587, Python Initialization Configuration (improved embedding) + - PEP 590, Vectorcall: a fast calling protocol for CPython + - PEP 578, Runtime audit hooks + - PEP 574, Pickle protocol 5 with out-of-band data + - Typing-related: PEP 591 (Final qualifier), PEP 586 (Literal + types), and PEP 589 (TypedDict) + - Parallel filesystem cache for compiled bytecode + - Debug builds share ABI as release builds + - f-strings support a handy = specifier for debugging + - continue is now legal in finally: blocks + - multiprocessing can now use shared memory segments to avoid + pickling costs between processes + - typed_ast is merged back to CPython + - LOAD_GLOBAL is now 40% faster + - pickle now uses Protocol 4 by default, improving performance +- Remove patches which were included in the upstream: + - 00251-change-user-install-location.patch + - 00316-mark-bdist_wininst-unsupported.patch + - CVE-2019-9947-no-ctrl-char-http.patch + - raise_SIGING_not_handled.patch + +------------------------------------------------------------------- +Wed May 22 10:53:03 UTC 2019 - Martin Liška + +- Set _lto_cflags to nil as the package is using LTO via --enable-lto. + That will prevent to propage LTO for Python modules that are + built in a separate package. + +------------------------------------------------------------------- +Sat May 4 21:29:20 CEST 2019 - Matej Cepl + +- Update to 3.8.0.a3: + - PEP 572: Assignment Expressions. + - Other (mostly small) changes are on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-0-alpha-3 + +------------------------------------------------------------------- +Mon Apr 29 15:40:34 CEST 2019 - Matej Cepl + +- bsc#1130840 (CVE-2019-9947): add CVE-2019-9947-no-ctrl-char-http.patch + Address the issue by disallowing URL paths with embedded + whitespace or control characters through into the underlying + http client request. Such potentially malicious header + injection URLs now cause a ValueError to be raised. + +------------------------------------------------------------------- +Wed Apr 10 10:22:58 CEST 2019 - Matej Cepl + +- Fix metadata of patches. +- Rename boo1071941-make-install-in-sep-loc.patch to + 00251-change-user-install-location.patch which is the original + name, so it can be looked up in the Fedora VCS. + +------------------------------------------------------------------- +Tue Apr 9 04:55:24 UTC 2019 - John Vandenberg + +- Mark distutils bdist_wininst command unsupported + with 00316-mark-bdist_wininst-unsupported.patch +- Remove Windows bdist_wininst executables from runtime package + +------------------------------------------------------------------- +Tue Apr 9 01:21:45 CEST 2019 - Matej Cepl + +- Update to 3.7.3, which is the maintenance release without any + significant changes in API. + - Updated patches: + - CVE-2019-5010-null-defer-x509-cert-DOS.patch + - distutils-reproducible-compile.patch + - python-3.3.0b1-fix_date_time_compiler.patch + - python-3.6.0-multilib.patch + - raise_SIGING_not_handled.patch + +------------------------------------------------------------------ +Wed Mar 20 14:59:58 UTC 2019 - Matěj Cepl + +- Remove building of Qt Develop help files. + +------------------------------------------------------------------- +Fri Mar 15 15:10:30 CET 2019 - Matej Cepl + +- Return distutils-reproducible-compile.patch which is still + missing (still unfinished bpo#29708). + +------------------------------------------------------------------- +Mon Feb 25 23:30:56 CET 2019 - Matej Cepl + +- Update to 3.8.0a2: + * List of all (mostly small) changes are on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-0-alpha-2 + +------------------------------------------------------------------- +Tue Feb 12 10:25:52 CET 2019 - Matej Cepl + +- Build nis module again. + +------------------------------------------------------------------- +Tue Feb 12 10:06:17 CET 2019 - Matej Cepl + +- Update to 3.8.0a1: + * The most visible change so far is probably the + implementation of PEP 572: Assignment Expressions. For + a detailed list of changes, see: + https://docs.python.org/3.8/whatsnew/changelog.html + * Recover building of nis module properly in python3 package +- Update patches: + * CVE-2019-5010-null-defer-x509-cert-DOS.patch + * python-3.3.0b1-fix_date_time_compiler.patch + * python-3.3.0b1-test-posix_fadvise.patch + * python-3.6.0-multilib.patch + * raise_SIGING_not_handled.patch + +------------------------------------------------------------------- +Wed Jan 30 18:07:49 CET 2019 - mcepl@suse.com + +- Put LICENSE file where it belongs (bsc#1121852) + +------------------------------------------------------------------- +Sat Jan 19 16:19:38 CET 2019 - mcepl@suse.com + +- bsc#1122191: add CVE-2019-5010-null-defer-x509-cert-DOS.patch + fixing bpo-35746. + An exploitable denial-of-service vulnerability exists in the + X509 certificate parser of Python.org Python 2.7.11 / 3.7.2. + A specially crafted X509 certificate can cause a NULL pointer + dereference, resulting in a denial of service. An attacker can + initiate or accept TLS connections using crafted certificates + to trigger this vulnerability. + +------------------------------------------------------------------- +Tue Jan 8 12:51:01 UTC 2019 - Tomáš Chvátal + +- Do not require full gettext in order to avoid pulling in the + glib2 as a dependency + +------------------------------------------------------------------- +Tue Jan 8 12:25:27 UTC 2019 - Tomáš Chvátal + +- Update to 3.7.2: + * bugfix release: + https://docs.python.org/3.7/whatsnew/changelog.html#changelog + +------------------------------------------------------------------- +Wed Jan 2 12:51:48 CET 2019 - mcepl@suse.com + +- Stop applying python-3.6.0-multilib-new.patch (which is still + WIP), and apply the old proven python-3.6.0-multilib.patch + instead. + +------------------------------------------------------------------- +Wed Dec 19 19:29:44 UTC 2018 - Todd R + +- Use upstream-recommended %{_rpmconfigdir}/macros.d directory + for the rpm macros. + +------------------------------------------------------------------- +Mon Dec 17 17:24:49 CET 2018 - mcepl@suse.com + +- Upgrade to 3.7.2rc1: + * bugfix release, for the full list of all changes see + https://docs.python.org/3.7/whatsnew/changelog.html#changelog +- Make run of the test suite more verbose + +------------------------------------------------------------------- +Tue Dec 11 01:52:45 UTC 2018 - Jan Engelhardt + +- Write summaries without em dashes. + +------------------------------------------------------------------- +Mon Dec 3 13:27:54 UTC 2018 - Matěj Cepl + +- Remove python-3.3.0b1-curses-panel.patch it is unnecessary anymore. +- Add boo1071941-make-install-in-sep-loc.patch to make pip and + distutils in user environment install into separate location + (boo#1071941) + + Set values of prefix and exec_prefix in distutils install + command to /usr/local if executable is /usr/bin/python* and RPM + build is not detected to make pip and distutils install into + separate location +- Remove finally python-3.3.3-skip-distutils-test_sysconfig_module.patch +- Remove distutils-reproducible-compile.patch which doesn't make + really much difference in reproducibility (see + gh#python/cpython#8057 and discussion there). + +------------------------------------------------------------------- +Sat Dec 1 00:14:28 CET 2018 - mcepl@suse.com + +- Rename Stop_hash-based_invalidation_w_SOURCE_DATE_EPOCH.patch + to bpo34022-stop_hash-based_invalidation_w_SOURCE_DATE_EPOCH.patch + +------------------------------------------------------------------- +Wed Nov 7 12:10:41 CET 2018 - mcepl@suse.com + +- Add dependency on bluez-devel to build support for Bluetooth + (boo#1109998) + +------------------------------------------------------------------- +Tue Nov 6 13:52:45 CET 2018 - mcepl@suse.com + +- Add devhelp subpackage and split qthelp into another + subpackage. + +------------------------------------------------------------------- +Wed Oct 24 12:38:00 UTC 2018 - Matěj Cepl + +- Remove python-3.0b1-record-rpm.patch and + Python-3.0b1-record-rpm.patch, as they are not needed anymore + +------------------------------------------------------------------- +Tue Oct 23 14:14:16 UTC 2018 - Matej Cepl + +- Switch off test_threading for optimization builds. + +------------------------------------------------------------------- +Mon Oct 22 14:41:59 CEST 2018 - mcepl@suse.com + +- Update to python-3.7.1. This is just a brief overview, complete + changelog available at + https://docs.python.org/3.7/whatsnew/changelog.html#python-3-7-1-final: + Library + bpo-34970: Protect tasks weak set manipulation in asyncio.all_tasks() +- Patches already accepted upstream are removed: + * 00307-allow-to-call-Py_Main-after-Py_Initialize.patch + * 00308-tls-1.3.patch +- New patches added: + * Stop_hash-based_invalidation_w_SOURCE_DATE_EPOCH.patch + * raise_SIGING_not_handled.patch +- All other patches refreshed via quilt. + +------------------------------------------------------------------- +Mon Oct 22 12:22:19 UTC 2018 - Matej Cepl + +- Add raise_SIGING_not_handled.patch to fix bsc#1094814 + +------------------------------------------------------------------- +Wed Oct 17 14:04:35 UTC 2018 - Tomáš Chvátal + +- Add patch to fix importlib return types: + * python3-imp-returntype.patch + +------------------------------------------------------------------- +Mon Oct 15 13:46:32 CEST 2018 - mcepl@suse.com + +- bpo-34022 still not completely fixed, so we have to keep + excluding test_cmd_line_script, + test_multiprocessing_main_handling, and test_runpy from the + test suite. + +------------------------------------------------------------------- +Sun Oct 14 15:57:24 UTC 2018 - Matej Cepl + +- Update to python 3.7.1~rc2: + Core and Builtins + bpo-34879: Fix a possible null pointer dereference in + bytesobject.c. Patch by Zackery Spytz. + bpo-34854: Fixed a crash in compiling string annotations + containing a lambda with a keyword-only argument that + doesn’t have a default value. + bpo-34320: Fix dict(od) didn’t copy iteration order of + OrderedDict. + Library + bpo-34769: Fix for async generators not finalizing when event + loop is in debug mode and garbage collector runs in another + thread. + bpo-34922: Fixed integer overflow in the digest() and + hexdigest() methods for the SHAKE algorithm in the hashlib + module. + bpo-34900: Fixed unittest.TestCase.debug() when used to call + test methods with subtests. Patch by Bruno Oliveira. + bpo-34871: Fix inspect module polluted sys.modules when parsing + __text_signature__ of callable. + bpo-34872: Fix self-cancellation in C implementation of + asyncio.Task + bpo-34819: Use a monotonic clock to compute timeouts in + Executor.map() and as_completed(), in order to prevent + timeouts from deviating when the system clock is adjusted. + bpo-34334: In QueueHandler, clear exc_text from LogRecord to + prevent traceback from being written twice. + bpo-6721: Acquire the logging module’s commonly used internal + locks while fork()ing to avoid deadlocks in the child + process. + bpo-34172: Fix a reference issue inside multiprocessing.Pool + that caused the pool to remain alive if it was deleted + without being closed or terminated explicitly. + Documentation + bpo-32174: chm document displays non-ASCII charaters properly on + some MBCS Windows systems. + Tests + bpo-32962: Fixed test_gdb when Python is compiled with flags + -mcet -fcf-protection -O0. + C API + bpo-34910: Ensure that PyObject_Print() always returns -1 on + error. Patch by Zackery Spytz. + +------------------------------------------------------------------- +Fri Oct 12 20:46:58 CEST 2018 - mcepl@suse.com + +- Add Stop_hash-based_invalidation_w_SOURCE_DATE_EPOCH.patch to + fix problems with SOURCE_DATE_EPOCH variable (bpo-34022) + +------------------------------------------------------------------- +Mon Sep 17 09:44:02 UTC 2018 - Tomáš Chvátal + +- Add patch to fix build with tls1.3 supported openssl + * 00308-tls-1.3.patch +- Add patch to fix Py_Main calls after Py_initialize + * 00307-allow-to-call-Py_Main-after-Py_Initialize.patch + +------------------------------------------------------------------- +Mon Sep 3 15:22:42 UTC 2018 - Matěj Cepl + +- Add -fwrapv to OPTS, which is default for python3 anyway + See for example https://github.com/zopefoundation/persistent/issues/86 + for bugs which are caused by avoiding it. + +------------------------------------------------------------------- +Tue Jul 10 11:12:32 UTC 2018 - mcepl@suse.com + +- Fix ownership of _contextvars, _queue, and _xxtestfuzz + +------------------------------------------------------------------- +Tue Jul 3 15:04:48 UTC 2018 - mcepl@suse.com + +- Switch off LTO for distros with older GCC +- Fix %files + +------------------------------------------------------------------- +Fri Jun 29 14:20:03 UTC 2018 - tchvatal@suse.com + +- Add dependency over libuuid-devel + +------------------------------------------------------------------- +Thu Jun 28 10:42:15 UTC 2018 - mimi.vx@gmail.com + +- update to python 3.7.0 + Complete overview of changes is available on + https://docs.python.org/3/whatsnew/3.7.html, these are just + highlights: + * PEP 563, postponed evaluation of type annotations. + * async and await are now reserved keywords. + * New library modules: + contextvars: PEP 567 – Context Variables + dataclasses: PEP 557 – Data Classes + importlib.resources + * New built-in features: + PEP 553, the new breakpoint() function. + * Python data model improvements: + PEP 562, customization of access to module attributes. + PEP 560, core support for typing module and generic types. + the insertion-order preservation nature of dict objects + has been declared to be an official part of the Python + language spec. + * Significant improvements in the standard library: + The asyncio module has received new features, significant + usability and performance improvements. + The time module gained support for functions with + nanosecond resolution. + * CPython implementation improvements: + Avoiding the use of ASCII as a default text encoding: + PEP 538, legacy C locale coercion + PEP 540, forced UTF-8 runtime mode + PEP 552, deterministic .pycs + the new development runtime mode + PEP 565, improved DeprecationWarning handling + * C API improvements: + PEP 539, new C API for thread-local storage + * Documentation improvements: + PEP 545, Python documentation translations + New documentation translations: Japanese, French, and Korean. +- drop python3-sorted_tar.patch +- drop 0001-allow-for-reproducible-builds-of-python-packages.patch +- refresh python-3.6.0-multilib-new.patch +- refresh subprocess-raise-timeout.patch + * new C API for thread-local storage + * Deterministic pyc files + * Built-in breakpoint() + * Data Classes + * Core support for typing module and generic types + * Customization of access to module attributes + * Postponed evaluation of annotations + * Time functions with nanosecond resolution + * Improved DeprecationWarning handling + * Context Variables + * Avoiding the use of ASCII as a default text encoding + (PEP 538, legacy C locale coercion and PEP 540, forced UTF-8 runtime mode) + * The insertion-order preservation nature of dict objects is now + an official part of the Python language spec. + * Notable performance improvements in many areas. + +------------------------------------------------------------------- +Thu May 17 18:26:42 UTC 2018 - hpj@urpla.net + +- disable lto with gcc versions below 7 (results in link failures) + +------------------------------------------------------------------- +Mon Apr 30 15:23:24 UTC 2018 - jengelh@inai.de + +- Use faster find subcommand execution strategies. + +------------------------------------------------------------------- +Fri Apr 20 16:17:29 UTC 2018 - tchvatal@suse.com + +- Do not mention the testsuite disabling in opts as it was moved to + main pkg so base is test-free + +------------------------------------------------------------------- +Tue Apr 17 08:36:08 UTC 2018 - tchvatal@suse.com + +- As we run in main python package do not generate the pre_checkin + from both now + +------------------------------------------------------------------- +Mon Apr 16 14:11:56 UTC 2018 - tchvatal@suse.com + +- Move the tests from base to generic package wrt bsc#1088573 + * We still fail the whole distro if python3 is not build + * The other archs than x86_64 took couple of hours to unblock + build of other software, this way we work around the issue +- Some tests are still run in -base for the LTO tweaking, but at + least it is not run twice + +------------------------------------------------------------------- +Sat Mar 31 19:41:12 UTC 2018 - mimi.vx@gmail.com + +- update to 3.6.5 + * bugfix release + * see Misc/NEWS for details +- drop ctypes-pass-by-value.patch +- drop fix-localeconv-encoding-for-LC_NUMERIC.patch +- refresh python-3.6.0-multilib-new.patch + +------------------------------------------------------------------ +Wed Mar 7 09:16:39 UTC 2018 - adam@mizerski.pl + +- Created %so_major and %so_minor macros +- Put Tools/gdb/libpython.py script into proper place and ship it with devel + subpackage. + +------------------------------------------------------------------- +Tue Feb 20 15:04:56 UTC 2018 - schwab@suse.de + +- ctypes-pass-by-value.patch: Fix pass by value for structs on aarch64 + +------------------------------------------------------------------- +Tue Feb 20 14:28:00 UTC 2018 - bwiedemann@suse.com + +- Add python3-sorted_tar.patch (boo#1081750) + +------------------------------------------------------------------- +Tue Feb 20 14:08:57 UTC 2018 - tchvatal@suse.com + +- Drop python3-tk and python3-idle recommends to reduce python3 + always pulling X stack bsc#1081751 + +------------------------------------------------------------------- +Wed Feb 7 09:10:03 UTC 2018 - tchvatal@suse.com + +- Add patch to fix glibc 2.27 fail bsc#1079761: + * fix-localeconv-encoding-for-LC_NUMERIC.patch + +------------------------------------------------------------------- +Mon Feb 5 17:14:43 UTC 2018 - normand@linux.vnet.ibm.com + +- Update skip_random_failing_tests.patch (for PowerPC) + to avoid test_call_later failure + +------------------------------------------------------------------- +Wed Jan 24 14:35:58 UTC 2018 - jmatejek@suse.com + +- move XML modules and python3-xml provide to python3-base + (fixes bsc#1077230) +- move ensurepip to base + +------------------------------------------------------------------- +Thu Jan 18 12:31:47 UTC 2018 - normand@linux.vnet.ibm.com + +- Add skip_random_failing_tests.patch only for PowerPC + +------------------------------------------------------------------- +Wed Jan 3 12:18:51 UTC 2018 - jmatejek@suse.com + +- update to 3.6.4 + * bugfix release, over a hundred bugs fixed + * see Misc/NEWS for details +- drop upstreamed python3-ncurses-6.0-accessors.patch +- drop PYTHONSTARTUP hooks that cause spurious startup errors + * fixes bsc#1070738 + * the relevant feature (REPL history) is now built into Python itself + +------------------------------------------------------------------- +Sat Dec 2 11:11:46 UTC 2017 - dimstar@opensuse.org + +- Install 2to3-%{python_version} executable (override defattr of + the -tools package). 2to3 (unversioned) is a symlink and does not + carry permissions (bsc#1070853). + +------------------------------------------------------------------- +Thu Nov 16 11:02:18 UTC 2017 - mimi.vx@gmail.com + +- move 2to3 to python3-tools package + +------------------------------------------------------------------- +Wed Oct 11 13:15:23 UTC 2017 - jmatejek@suse.com + +- update to 3.6.3 + * bugfix release, over a hundred bugs fixed + * see Misc/NEWS for details +- drop upstreamed 0001-3.6-bpo-30714-ALPN-changes-for-OpenSSL-1.1.0f-3093.patch + +------------------------------------------------------------------- +Wed Sep 20 09:54:05 UTC 2017 - dmueller@suse.com + +- drop python-2.7-libffi-aarch64.patch: this patches the intree + copy of libffi which is unused/deleted in the line afterwards +- fix build against system libffi: include flags weren't set + so it actually used the in-tree libffi headers. + +------------------------------------------------------------------- +Thu Sep 14 13:23:10 UTC 2017 - vcizek@suse.com + +- Fix test broken with OpenSSL 1.1 (bsc#1042670) + * add 0001-3.6-bpo-30714-ALPN-changes-for-OpenSSL-1.1.0f-3093.patch + +------------------------------------------------------------------- +Tue Sep 5 11:47:05 UTC 2017 - jengelh@inai.de + +- Update RPM group for python documentation. + +------------------------------------------------------------------- +Thu Aug 31 08:39:31 UTC 2017 - schwab@suse.de + +- fix missing %{?armsuffix} + +------------------------------------------------------------------- +Wed Aug 30 13:41:38 UTC 2017 - jmatejek@suse.com + +- distutils-reproducible-compile.patch: ensure distutils order files + before compiling, which works around bsc#1049186 + +------------------------------------------------------------------- +Thu Aug 17 08:59:05 CEST 2017 - kukuk@suse.de + +- Add libnsl-devel build requires for glibc obsoleting libnsl + +------------------------------------------------------------------- +Thu Aug 3 16:09:26 UTC 2017 - jmatejek@suse.com + +- update to 3.6.2 + * bugfix release, over a hundred bugs fixed + * see Misc/NEWS for details +- drop upstreamed test-socket-aead-kernel49.patch +- add Provides: python3-typing (fixes bsc#1050653) +- drop duplicate Provides: python3 + +------------------------------------------------------------------- +Mon Jun 26 12:10:07 UTC 2017 - jmatejek@suse.com + +- drop db-devel from requirements + +------------------------------------------------------------------- +Tue Jun 20 09:26:52 UTC 2017 - asn@cryptomilk.org + +- Add missing link to python library in config dir (bsc#1040164) + +------------------------------------------------------------------- +Thu Mar 23 12:42:59 UTC 2017 - jmatejek@suse.com + +- update to 3.6.1 + * bugfix release, over a hundred bugs fixed + * never add import location's parent directory to sys.path + * switch to git for version control, build changes related to that + * fix "failed to get random numbers" on old kernels (bsc#1029902) + * several crashes and memory leaks corrected + * f-string are no longer accepted as docstrings + +------------------------------------------------------------------- +Mon Mar 13 14:04:22 UTC 2017 - jmatejek@suse.com + +- prevent regenerating AST at build-time more robustly +- add "--without profileopt" and "--without testsuite" options to python3-base + to allow short circuiting when working on the package + +------------------------------------------------------------------- +Sat Feb 25 20:55:57 UTC 2017 - bwiedemann@suse.com + +- Add 0001-allow-for-reproducible-builds-of-python-packages.patch + upstream https://github.com/python/cpython/pull/296 + +------------------------------------------------------------------- +Wed Feb 8 12:30:20 UTC 2017 - jmatejek@suse.com + +- reenable test_socket with AEAD patch (test-socket-aead-kernel49.patch) +- reintroduce %py3_soflags macro (and better named %cpython3_soabi equivalent) + +------------------------------------------------------------------- +Wed Jan 11 14:57:07 UTC 2017 - jmatejek@suse.com + +- update to 3.6.0 + * PEP 498 Formated string literals + * PEP 515 Underscores in numeric literals + * PEP 526 Syntax for variable annotations + * PEP 525 Asynchronous generators + * PEP 530 Asynchronous comprehensions + * PEP 506 New "secrets" module for safe key generation + * less memory consumed by dicts + * dtrace and systemtap support + * improved asyncio module + * better defaults for ssl + * new hashing algorithms in hashlib + * bytecode format changed to allow more optimizations + * "async" and "await" are on track to be reserved words + * StopIteration from generators is deprecated + * support for openssl < 1.0.2 is deprecated + * os.urandom now blocks when getrandom() blocks + * huge number of new features, bugfixes and optimizations + * see https://docs.python.org/3.6/whatsnew/3.6.html for details +- rework multilib patch: drop Python-3.5.0-multilib.patch, implement + upstreamable python-3.6.0-multilib-new.patch +- refresh python-3.3.0b1-localpath.patch, subprocess-raise-timeout.patch +- drop upstreamed Python-3.5.1-fix_lru_cache_copying.patch +- finally drop python-2.6b1-canonicalize2.patch that was not applied in source + and only kept around in case we needed it in the future. (which we don't, as it seems) +- update import_failed map and baselibs +- build ctypes against system libffi + (buildrequire libffi-devel in python3-base) +- add new key to keyring (signed by keys already in keyring) +- introduced common configure section between python3 and python3-base +- moved pyconfig.h and Makefile to devel subpackage as distutils no longer + need it at runtime +- added python-rpm-macros dependency, regenerated macros file, drop macros.python3.py + because it is not used now +- improve summaries and descriptions (fixes bsc#917607) +- enabled Link-Time Optimization, see what happens +- including skipped_tests.py in pre_checkin.sh run +- run specs through spec-cleaner, rearrange sections + +------------------------------------------------------------------- +Fri Apr 22 17:20:29 UTC 2016 - jmatejek@suse.com + +- move _hashlib and _ssl modules and tests to python3-base +- recommend python3 + +------------------------------------------------------------------- +Tue Mar 15 15:05:23 UTC 2016 - schwab@suse.de + +- Skip test_asyncio under qemu_user_space_build + +------------------------------------------------------------------- +Mon Mar 7 20:38:11 UTC 2016 - toddrme2178@gmail.com + +- Add Python-3.5.1-fix_lru_cache_copying.patch + Fix copying the lru_cache() wrapper object. + Fixes deep-copying lru_cache regression, which worked on + previous versions of python but fails on python 3.5. + This fixes a bunch of packages in devel:languages:python3. + See: https://bugs.python.org/issue25447 + +------------------------------------------------------------------- +Sun Jan 24 00:44:08 UTC 2016 - arichardson.kde@gmail.com + +- Build the docs in .qch format as well + +------------------------------------------------------------------- +Wed Dec 9 07:35:20 UTC 2015 - toddrme2178@gmail.com + +- update to 3.5.1 + * bugfix-only release, dozens of bugs fixed +- Drop upstreamed Python-3.5.0-_Py_atomic_xxx-symbols.patch +- "Python3" to "Python 3" in summary + * This seems cleaner and fixes and rpmlint warning + +------------------------------------------------------------------- +Wed Oct 14 20:21:52 UTC 2015 - toddrme2178@gmail.com + +- Add Python-3.5.0-_Py_atomic_xxx-symbols.patch + This fixes a build error for many packages that use the Python, + C-API. + This patch is already accepted upstream and is slated to appear in + python 3.5.1. + +------------------------------------------------------------------- +Tue Sep 29 15:53:24 UTC 2015 - jmatejek@suse.com + +- update to 3.5.0 + * coroutines with async/await syntax + * matrix multiplication operator `@` + * unpacking generalizations + * new modules `typing` and `zipapp` + * type annotations + * .pyo files replaced by custom suffixes for optimization levels in __pycache__ + * support for memory BIO in ssl module + * performance improvements in several modules + * and many more +- removals and behavior changes + * deprecated `__version__` is removed + * support for .pyo files was removed + * system calls are auto-retried on EINTR + * bare generator expressions in function calls now cause SyntaxError + (change "f(x for x in i)" to "f((x for x in i))" to fix) + * removed undocumented `format` member of private `PyMemoryViewObject` struct + * renamed `PyMemAllocator` to `PyMemAllocatorEx` +- redefine %dynlib macro to reflect that modules now have arch+os as part of name +- module `time` is now built-in +- dropped upstreamed patches: + python-3.4.1-fix-faulthandler.patch + python-3.4.3-test-conditional-ssl.patch + python-fix-short-dh.patch (also dropped dh2048.pem required for this patch) +- updated patch Python-3.3.0b2-multilib.patch to Python-3.5.0-multilib.patch +- python-ncurses-6.0-accessors.patch taken from python 2 to fix build failure + with new gcc + ncurses + +------------------------------------------------------------------- +Wed Sep 9 11:51:22 UTC 2015 - dimstar@opensuse.org + +- Add python3-ncurses-6.0-accessors.patch: Fix build with + NCurses 6.0 and OPAQUE_WINDOW set to 1. + +------------------------------------------------------------------- +Mon Aug 24 17:02:08 UTC 2015 - jmatejek@suse.com + +- improve import_failed hook to do the right thing when invoking + missing modules with "python3 -m modulename" (boo#942751) + +------------------------------------------------------------------- +Thu Jul 23 22:08:10 UTC 2015 - fisiu@opensuse.org + +- Build with --enable-loadable-sqlite-extensions to make it works + as geospatial database. + +------------------------------------------------------------------- +Wed Jul 1 07:07:26 UTC 2015 - dimstar@opensuse.org + +- Fix source list for previous change (add dh2048.pem). + +------------------------------------------------------------------- +Wed Jun 24 06:54:30 UTC 2015 - meissner@suse.com + +- dh2048.pem: added generated 2048 dh parameter set to fix + ssl test (bsc#935856) +- python-fix-short-dh.patch: replace the 512 bits dh parameter set + by 2048 bits to fix build with new openssl 1.0.2c (bsc#935856) + +------------------------------------------------------------------- +Tue May 19 14:59:30 UTC 2015 - schwab@suse.de + +- ctypes-libffi-aarch64.patch: remove upstreamed patch +- python-2.7-libffi-aarch64.patch: Fix argument passing in libffi for + aarch64 + +------------------------------------------------------------------- +Thu May 14 10:58:36 UTC 2015 - jmatejek@suse.com + +- drop the PDF subpackage + (removes the massive texlive dependency, and most likely nobody is + using the PDFs anyway) + +------------------------------------------------------------------- +Thu May 14 09:53:29 UTC 2015 - jmatejek@suse.com + +- python-3.4.3-test-conditional-ssl.patch - restore tests failing because + test_urllib was unconditionally importing ssl (without really needing it) +- restore functionality of multilib patch +- drop libffi-ppc64le.diff because upstream completely changed everything + yet again (sorry ppc64 folks :| ) + + +------------------------------------------------------------------- +Fri May 1 15:11:21 UTC 2015 - mailaender@opensuse.org + +- Update to version 3.4.3 +- Drop upstreamed CVE-2014-4650-CGIHTTPServer-traversal.patch + (bpo#21766) + +------------------------------------------------------------------- +Wed Mar 25 10:57:28 UTC 2015 - rguenther@suse.com + +- Add python-3.4.1-fix-faulthandler.patch, upstream patch for bogus + faulthandler which fails with GCC 5. + +------------------------------------------------------------------- +Sun Jan 11 13:01:30 UTC 2015 - p.drouand@gmail.com + +- asyncio has been merged in python3 main package; provide and + obsolete it +- Remove obsolete AUTHORS section +- Remove redundant %clean section + +------------------------------------------------------------------- +Sat Oct 18 20:14:54 UTC 2014 - crrodriguez@opensuse.org + +- Only pkgconfig(x11) is required for build, not the whole + set of packages provided by xorg-x11-devel metapackage. + +------------------------------------------------------------------- +Mon Oct 13 13:38:20 UTC 2014 - jmatejek@suse.com + +- add %python3_version rpm macro for Fedora compatibility +- add missing argument in import_failed, rename Novell Bugzilla + to SUSE Bugzilla + +------------------------------------------------------------------- +Thu Jul 31 17:24:59 UTC 2014 - dimstar@opensuse.org + +- Rename rpmlintrc to %{name}-rpmlintrc. + Follow the packaging guidelines. + +------------------------------------------------------------------- +Wed Jul 23 16:31:02 UTC 2014 - jmatejek@suse.com + +- CVE-2014-4650-CGIHTTPServer-traversal.patch: CGIHTTPServer file + disclosure and directory traversal through URL-encoded characters + (CVE-2014-4650, bnc#885882) + +------------------------------------------------------------------- +Tue Jul 22 13:55:57 UTC 2014 - jmatejek@suse.com + +- drop python-3.4.1-SUSE-ensurepip.patch for compatibility reasons, + reinstate bundled copies of pip and setuptools + (fixes bnc#885662) +- add more files as sources to silence the validator + +------------------------------------------------------------------- +Wed May 21 11:01:56 UTC 2014 - jmatejek@suse.com + +- update to 3.4.1 + * bugfix-only release, over 300 bugs fixed +- drop upstreamed python-3.4.0rc2-sqlite-3.8.4-tests.patch +- drop upstreamed CVE-2014-2667-mkdir.patch +- include Python release manager keyring and signature file + for the source archive (thus renumbering of source files) + (see https://www.python.org/download/#openpgp-public-keys ) +- move ensurepip to python3, because it transitively requires ssl + +------------------------------------------------------------------- +Fri Apr 4 16:21:40 UTC 2014 - jmatejek@suse.com + +- CVE-2014-2667-mkdir.patch: race condition with reseting umask + in os.makedirs + (CVE-2014-2667, bnc#871152) +- updated multilib patch to include ~/.local/lib64 (bnc#637176) + +------------------------------------------------------------------- +Wed Mar 26 15:24:46 UTC 2014 - jmatejek@suse.com + +- raise timeout value for test_subprocess to 10s (might fix + intermittent build failures in OBS) + +------------------------------------------------------------------- +Mon Mar 24 17:29:31 UTC 2014 - dmueller@suse.com + +- remove blacklisting of test_posix on aarch64: qemu bug is fixed + +------------------------------------------------------------------- +Mon Mar 17 18:26:58 UTC 2014 - jmatejek@suse.com + +- update to 3.4.0 final +- drop upstreamed python-3.4rc2-importlib.patch + +------------------------------------------------------------------- +Sun Mar 16 16:33:25 UTC 2014 - schwab@suse.de + +- Only build with profile-opt if profiling is enabled +- Update test exclusion lists: + * test_ctypes no longer fails on arm + * test_io no longer fails on ppc* + * test_multiprocessing has been split in multiple tests + * test_posix and test_signal fail due to qemu bugs + +------------------------------------------------------------------- +Fri Mar 14 20:26:03 UTC 2014 - andreas.stieger@gmx.de + +- Fix build with SQLite 3.8.4 [bnc#867887], fixing SQLite tests, + adding python-2.7.6-sqlite-3.8.4-tests.patch + +------------------------------------------------------------------- +Thu Feb 27 14:08:40 UTC 2014 - jmatejek@suse.com + +- update to 3.4.0 rc2 + * pre-release bugfixes + * improvements to asyncio library +- drop upstreamed tracemalloc_gcov.patch +- python-3.4rc2-importlib.patch fixes backwards-incompatibility + in the reworked importlib module that blocks build of vim + +------------------------------------------------------------------- +Fri Jan 17 18:45:27 UTC 2014 - jmatejek@suse.com + +- initial commit of 3.4.0 beta 3 + * new stdlib modules: pathlib, enum, statistics, tracemalloc + * asynchronous IO with new asyncio module + * introspection data for builtins + * subprocesses no longer inherit open file descriptors + * standardized metadata for packages + * internal hashing changed to SipHash + * new pickle protocol + * improved handling of codecs + * TLS 1.2 support + * major speed improvements for internal unicode handling + * many bugfixes and optimizations +- see porting guide at: + http://docs.python.org/3.4/whatsnew/3.4.html#porting-to-python-3-4 +- moved several modules to -testsuite subpackage +- updated list of binary extensions, refreshed patches +- tracemalloc_gcov.patch fixes profile-based optimization build +- updated packages and pre_checkin.sh to use ~-version notation + for prereleases +- fix-shebangs part of build process moved to common %prep +- drop python-3.3.2-no-REUSEPORT.patch (upstreamed) +- update baselibs for new soname + +- TODOs: + * require python-pip, make ensurepip work with zypper + +------------------------------------------------------------------- +Wed Dec 4 13:21:26 UTC 2013 - matz@suse.de + +- add ppc64le (ELFv2) support for libffi copy for ctypes module +- Adjust Python-3.3.0b2-multilib.patch for ppc64le (make sys.lib be + "lib64"). +- added patches: + * libffi-ppc64le.diff +------------------------------------------------------------------- +Tue Dec 3 09:51:43 UTC 2013 - adrian@suse.de + +- add ppc64le rules + +------------------------------------------------------------------- +Fri Nov 22 13:17:23 UTC 2013 - speilicke@suse.com + +- Add python-3.3.3-skip-distutils-test_sysconfig_module.patch: + + Disable global and distutils sysconfig comparison test, we deviate + from the default depending on optflags + +------------------------------------------------------------------- +Tue Nov 19 14:28:41 UTC 2013 - jmatejek@suse.com + +- update to 3.3.3 + * bugfix-only release + * many SSL-related fixes + * upstream fix for CVE-2013-4238 + * upstream fixes for CVE-2013-1752 +- move example module xxlimited to python3-testsuite +- drop CVE-2013-4238_py33.patch - it is upstreamed +- remove --with-wide-unicode config option, it is now the default + (and only) choice +- don't touch anything between make and makeinstall +- drop python-3.2b2-buildtime-generate.patch - the issue was caused + by touching things between make and makeinstall +- link pycache entries for import_failed hooks properly + +------------------------------------------------------------------- +Tue Oct 15 17:44:08 UTC 2013 - crrodriguez@opensuse.org + +- build with -DOPENSSL_LOAD_CONF for the same reasons + described in the python2 package. + +------------------------------------------------------------------- +Fri Aug 16 11:35:15 UTC 2013 - jmatejek@suse.com + +- handle NULL bytes in certain fields of SSL certificates + (CVE-2013-4238, bnc#834601) + +------------------------------------------------------------------- +Thu Aug 8 14:54:49 UTC 2013 - dvaleev@suse.com + +- Exclue test_faulthandler from tests on powerpc due to bnc#831629 + +------------------------------------------------------------------- +Thu Jun 13 15:05:34 UTC 2013 - jmatejek@suse.com + +- update to 3.3.2 + * bugfix-only release + * fixes several regressions introduced in 3.3.1 +- switch to xz compression +- move _lzma module to python3-base +- python-3.3.2-no-REUSEPORT.patch to fix build on kernels without SO_REUSEPORT + +------------------------------------------------------------------- +Mon Apr 29 22:32:43 UTC 2013 - schwab@suse.de + +- Readd missing bits from ctypes-libffi-aarch64.patch + +------------------------------------------------------------------- +Sat Apr 13 07:56:51 UTC 2013 - idonmez@suse.com + +- Update to version 3.3.1 + * Fix the –enable-profiling configure switch. + * In IDLE, close the replace dialog after it is used. +- Too many bugfixes to list here, + see See http://hg.python.org/cpython/file/v3.3.0/Misc/NEWS +- Refresh Python-3.3.0b2-multilib.patch +- Refresh python-3.2b2-buildtime-generate.patch +- Drop upstream patches: ctypes-libffi-aarch64.patch, + python-3.2.3rc2-pypirc-secure.patch, python-3.3.0-getdents64.patch + +------------------------------------------------------------------- +Mon Apr 8 11:25:30 UTC 2013 - speilicke@suse.com + +- Exclude sqlite/test and tk/test directories from the respective + sub-packages. These are owned by the testsuite sub-package already + +------------------------------------------------------------------- +Fri Apr 5 12:59:20 UTC 2013 - idonmez@suse.com + +- Add Source URL, see https://en.opensuse.org/title=SourceUrls + +------------------------------------------------------------------- +Wed Apr 3 15:36:04 UTC 2013 - jmatejek@suse.com + +- remove spurious modification of python-3.3.0b1-localpath.patch + that would force installation into /usr/local. + this fixes bnc#809831 + +------------------------------------------------------------------- +Thu Mar 28 18:38:51 UTC 2013 - jmatejek@suse.com + +- replace broken movetogetdents64.diff patch with a correct one + from upstream repo (python-3.3.0-getdents64.patch) + +------------------------------------------------------------------- +Fri Mar 1 07:42:21 UTC 2013 - dmueller@suse.com + +- add ctypes-libffi-aarch64.patch: + * import aarch64 support for libffi in _ctypes module +- add aarch64 to the list of lib64 based archs +- add movetogetdents64.diff: + * port to getdents64, as SYS_getdents is not implemented everywhere + +------------------------------------------------------------------- +Tue Feb 26 08:57:55 UTC 2013 - saschpe@suse.de + +- /etc/rpm/macros.python3 is no %config, it is not meant to be changed + by users. +- Add rpmlintrc with some obvious filters + +------------------------------------------------------------------- +Mon Jan 28 18:14:39 UTC 2013 - jmatejek@suse.com + +- update baselibs for new version of libpython3 + +------------------------------------------------------------------- +Thu Nov 29 17:02:37 UTC 2012 - jmatejek@suse.com + +- fix include path in macros (bnc#787526) +- implement failed import handlers for modules that live in + subpackages - e.g. "import ssl" will now throw a sensible error + message telling you to install "python3" + +------------------------------------------------------------------- +Wed Nov 28 17:02:07 UTC 2012 - jmatejek@suse.com + +- merge python3-xml into python3 +- merge python3-2to3 library into python3-base + and the 2to3 binary into python3-devel + (python3-devel is now in conflict with python-2to3, which + will be dropped) +- enable --with-system-expat for python3, making the xml modules + (and thus python3) depend on expat +- reconfigure tests to disable network and GUI resources, which + the upstream apparently thought is a good idea to enable by default. + this fixes build failures in Factory +- add lzma-devel to build the _lzma module +- moved %dynlib macro definition to common section + +------------------------------------------------------------------- +Mon Nov 5 20:01:46 UTC 2012 - coolo@suse.com + +- buildrequire timezone for the test suite + +------------------------------------------------------------------- +Mon Oct 29 18:21:45 UTC 2012 - dmueller@suse.com + +- disable more checks for qemu builds as they use syscalls not + implemented yet + +------------------------------------------------------------------- +Thu Oct 25 08:14:36 UTC 2012 - Rene.vanPaassen@gmail.com + +- exclude test_math for SLE 11; math library fails on negative + gamma function values close to integers and 0, probably + due to imprecision in -lm on SLE_11_SP2. + +------------------------------------------------------------------- +Tue Oct 16 12:15:34 UTC 2012 - coolo@suse.com + +- buildrequire libbz2-devel explicitly + +------------------------------------------------------------------- +Mon Oct 8 14:33:08 UTC 2012 - jmatejek@suse.com + +- remove distutils.cfg (bnc#658604) + * this changes default prefix for distutils to /usr + * see ML for details: +http://lists.opensuse.org/opensuse-packaging/2012-09/msg00254.html + +------------------------------------------------------------------- +Mon Oct 1 08:53:03 UTC 2012 - idonmez@suse.com + +- Update to final 3.3.0 release + * See http://hg.python.org/cpython/file/v3.3.0/Misc/NEWS + +------------------------------------------------------------------- +Thu Sep 27 12:35:01 UTC 2012 - idonmez@suse.com + +- Correct dependency for python3-testsuite, + python3-tkinter -> python3-tk + +------------------------------------------------------------------- +Thu Aug 23 13:08:11 UTC 2012 - jmatejek@suse.com + +- update to 3.3.0 RC1 + +------------------------------------------------------------------- +Fri Aug 3 12:09:34 UTC 2012 - jmatejek@suse.com + +- update to 3.3.0 beta 1 + * flexible string representation, no longer distinguishing + between wide and narrow Unicode builds + * importlib-based import system + * virtualenv support in core + * namespace packages + * explicit Unicode literals for easier porting + * key-sharing dict implementation reduces memory footprint + of OO code + * hash randomization on by default + * many other new bugfixes and features, check NEWS for details + +- pre_checkin.sh now autofills various version strings in specs +- ship hashlib's fallback modules - those uselessly take up space + when real _hashlib.so from python3 is present, but the space wasted + is only 114kB and it provides python3-base with a working hashlib + module. + (also, this fixes bnc#743787) + +------------------------------------------------------------------- +Fri Jul 27 09:02:41 UTC 2012 - dvaleev@suse.com + +- skip test_io on ppc +- drop test_io ppc patch + +------------------------------------------------------------------- +Thu Jun 28 07:57:58 UTC 2012 - saschpe@suse.de + +- Satisfy source_validator by uncommenting an otherwise unused "Patch" + line + +------------------------------------------------------------------- +Tue Jun 12 15:39:08 UTC 2012 - adrian@suse.de + +- fix logic of checks exclusion + +------------------------------------------------------------------- +Fri May 18 11:50:27 UTC 2012 - idonmez@suse.com + +- update to 3.2.3 + * No changes since rc2 + +------------------------------------------------------------------- +Thu Mar 29 15:44:33 UTC 2012 - jmatejek@suse.com + +- update to 3.2.3rc2 + * fixes several security issues: + * CVE-2012-0845, bnc#747125 + * CVE-2012-1150, bnc#751718 + * CVE-2011-4944, bnc#754447 + * CVE-2011-3389, bnc#754677 +- fix for insecure .pypirc (CVE-2011-4944, bnc#754447) +- disable test_gdb because it is broken by our gdb + +------------------------------------------------------------------- +Thu Feb 16 12:33:12 UTC 2012 - dvaleev@suse.com + +- skip broken test_io test on ppc + +------------------------------------------------------------------- +Wed Jan 18 15:49:47 UTC 2012 - jmatejek@suse.com + +- update to 3.2.2 + * bugfix-only release + * reports "linux2" as sys.platform regardless of Linux kernel +- added pre_checkin.sh to copy common spec sections to python3.spec +- added PACKAGING-NOTES with some helpful info for packagers + +------------------------------------------------------------------- +Sun Dec 25 13:25:01 UTC 2011 - idonmez@suse.com + +- Use system ffi, included one is broken see + http://bugs.python.org/issue11729 and + http://bugs.python.org/issue12081 + +------------------------------------------------------------------- +Fri Dec 9 17:19:55 UTC 2011 - jmatejek@suse.com + +- license.opensuse.org-compatible license headers + +------------------------------------------------------------------- +Fri Dec 2 16:46:44 UTC 2011 - coolo@suse.com + +- add automake as buildrequire to avoid implicit dependency + +------------------------------------------------------------------- +Thu Nov 24 12:42:25 UTC 2011 - agraf@suse.com + +- fix ARM build (exclude some test cases which break for us) + +------------------------------------------------------------------- +Tue Aug 16 17:02:22 UTC 2011 - termim@gmail.com + +- use sysconfig module to get py3_incdir, py3_abiflags, + py3_soflags, python3_sitelib and python3_sitearch + +------------------------------------------------------------------- +Mon Jul 18 16:22:31 UTC 2011 - jmatejek@novell.com + +- update to 3.2.1 + * bugfix-only release, no major changes +- fix build on linux3 platform +- remove upstreamed pybench patch +- install /usr/lib directories in all cases to prevent spurious + "directory not owned" in dependent packages + +------------------------------------------------------------------- +Wed Jun 15 14:16:38 UTC 2011 - jmatejek@novell.com + +- replaced dynamic so version with manual so version, because + autobuild does not support autogeneration + +------------------------------------------------------------------- +Tue May 24 13:39:06 UTC 2011 - jmatejek@novell.com + +- generate macros.python3 at compile-time with fixed values +- don't include bogus values in pyconfig.h, as they can break + third-party packages (bnc#673071) + +------------------------------------------------------------------- +Tue May 17 12:52:51 UTC 2011 - jmatejek@novell.com + +- added Obsoletes: python3 < 3.1 so that the transition from + non-split to split packages goes smoothly + +------------------------------------------------------------------- +Fri May 13 12:38:19 UTC 2011 - jmatejek@novell.com + +- fixed RPM macros to use python3 instead of python +- updated to build --with-wide-unicode (for compatibility with + fedora and our own python 2.x series) + +------------------------------------------------------------------- +Thu Apr 21 03:39:25 UTC 2011 - termim@gmail.com + +- fix python3-base build failure due to pybench.py crash by + python-3.2-pybench.patch +- move pyconfig.h from python3-devel to python3-base package to + make python3-base functional again + +------------------------------------------------------------------- +Wed Mar 23 04:26:28 UTC 2011 - termim@gmail.com + +- update to python 3.2 + * stable ABI, ABI-tagged .so files + * concurrent.futures and many other new or upgraded modules + * PYC repository directories ( __pycache__ ) + * python WSGI 1.0.1 + * Unicode 6.0.0 support + * a great number of bugfixes and assorted improvements + +------------------------------------------------------------------- +Tue Feb 8 19:42:17 CET 2011 - matejcik@suse.cz + +- update to python 3.2 RC2 +- renamed python3-demo to python3-tools, because the demo part + became much smaller than the tools part +- added rpm macros + +------------------------------------------------------------------- +Tue Jan 18 14:13:04 UTC 2011 - jmatejek@novell.com + +- update to python 3.2 beta 2, see NEWS for details +- split off -base package with less dependencies, and a shlib-policy + compliant libpython3 package +- mostly rewritten the spec file with more detailed comments +- cleaned up lists of patches + diff --git a/python311.spec b/python311.spec new file mode 100644 index 0000000..9a0cc4b --- /dev/null +++ b/python311.spec @@ -0,0 +1,1052 @@ +# +# spec file for package python311 +# +# Copyright (c) 2024 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%global flavor @BUILD_FLAVOR@%{nil} +%if "%{flavor}" == "doc" +%define psuffix -documentation +%bcond_without doc +%bcond_with base +%bcond_with general +%endif +%if "%{flavor}" == "base" +%define psuffix -core +%bcond_with doc +%bcond_without base +%bcond_with general +%endif +%if "%{flavor}" == "" +%define psuffix %{nil} +%bcond_with doc +%bcond_with base +%bcond_without general +%endif + +%if 0%{?do_profiling} +%bcond_without profileopt +%else +%bcond_with profileopt +%endif + +%define python_pkg_name python311 +%if "%{python_pkg_name}" == "%{primary_python}" +%define primary_interpreter 1 +%else +%define primary_interpreter 0 +%endif + +# Setting up variables +%define _version %(c=%{version}; echo ${c/[a-z]*/}) +%define tar_suffix %(c=%{_version}; echo ${c#%{_version}}) +%define python_version %(echo %{_version}|cut -d. -f1-2) +# based on the current source tarball +%define python_version_abitag %(c=%{python_version}; echo ${c//./}) +# FIXME %%define python_version_soname %%(c=%%{python_version}; echo ${c//./_}) +%define python_version_soname 3_11 +%if 0%(test -n "%{tar_suffix}" && echo 1) +%define _version %(echo "%{_version}~%{tar_suffix}") +%define tarversion %{version} +%else +%define tarversion %{version} +%endif +# We don't process beta signs well +%define folderversion %{tarversion} +%define tarname Python-%{tarversion} +%define sitedir %{_libdir}/python%{python_version} +# three possible ABI kinds: m - pymalloc, d - debug build; see PEP 3149 +%define abi_kind %{nil} +# python ABI version - used in some file names +%define python_abi %{python_version}%{abi_kind} +# soname ABI tag defined in PEP 3149 +%define abi_tag %{python_version_abitag}%{abi_kind} +# version part of "libpython" package +%define so_major 1 +%define so_minor 0 +%define so_version %{python_version_soname}%{abi_kind}-%{so_major}_%{so_minor} +# rpm and python have different ideas about what is an arch-dependent name, so: +%if "%{__isa_name}" == "ppc" +%define archname %(echo %{_arch} | sed s/ppc/powerpc/) +%else +%define archname %{_arch} +%endif +# our arm has Hardware-Floatingpoint +%if "%{_arch}" == "arm" +%define armsuffix hf +%endif +# Decide whether we want to use mpdecimal +%if 0%{?suse_version} >= 1550 +%bcond_without mpdecimal +%else +%bcond_with mpdecimal +%endif +# pyexpat.cpython-35m-x86_64-linux-gnu +# pyexpat.cpython-35m-powerpc64le-linux-gnu +# pyexpat.cpython-35m-armv7-linux-gnueabihf +# _md5.cpython-38m-x86_64-linux-gnu.so +%define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so +%bcond_without profileopt +Name: %{python_pkg_name}%{psuffix} +Version: 3.11.11 +Release: 0 +Summary: Python 3 Interpreter +License: Python-2.0 +URL: https://www.python.org/ +Source0: https://www.python.org/ftp/python/%{folderversion}/%{tarname}.tar.xz +Source1: https://www.python.org/ftp/python/%{folderversion}/%{tarname}.tar.xz.sigstore +Source2: baselibs.conf +Source3: README.SUSE +Source4: externally_managed.in +Source7: macros.python3 +Source8: import_failed.py +Source9: import_failed.map +Source10: pre_checkin.sh +Source11: skipped_tests.py +Source19: idle3.desktop +Source20: idle3.appdata.xml +# content of bluez-devel: +# 1. sudo zypper --pkg-cache-dir /tmp install -f -d --no-recommends bluez-devel +# 2. rpm2cpio /tmp/*/*/bluez-devel-*.rpm|cpio -idu +# 3. mkdir Vendor && mv usr/include/* Vendor/ +# 4. tar cJf bluez-devel-vendor.tar.xz Vendor/ +Source21: bluez-devel-vendor.tar.xz +Source98: python311-rpmlintrc +# Tarball is signed by the GPG key of Pablo Galindo Salgado (0x64E628F8D684696D) +# https://keybase.io/pablogsal/pgp_keys.asc?fingerprint=a035c8c19219ba821ecea86b64e628f8d684696d +Source99: python.keyring +# The following files are not used in the build. +# They are listed here to work around missing functionality in rpmbuild, +# which would otherwise exclude them from distributed src.rpm files. +Source100: PACKAGING-NOTES +# PATCH-FEATURE-UPSTREAM F00251-change-user-install-location.patch bsc#[0-9]+ mcepl@suse.com +# Fix installation in /usr/local (boo#1071941), originally from Fedora +# https://src.fedoraproject.org/rpms/python3.12/blob/rawhide/f/00251-change-user-install-location.patch +# Set values of prefix and exec_prefix in distutils install command +# to /usr/local if executable is /usr/bin/python* and RPM build +# is not detected to make pip and distutils install into separate location +Patch02: F00251-change-user-install-location.patch +# PATCH-FEATURE-UPSTREAM distutils-reproducible-compile.patch gh#python/cpython#8057 mcepl@suse.com +# Improve reproduceability +Patch03: distutils-reproducible-compile.patch +# support finding packages in /usr/local, install to /usr/local by default +Patch04: python-3.3.0b1-localpath.patch +# replace DATE, TIME and COMPILER by fixed definitions to aid reproducible builds +Patch05: python-3.3.0b1-fix_date_time_compiler.patch +# POSIX_FADV_WILLNEED throws EINVAL. Use a different constant in test +Patch06: python-3.3.0b1-test-posix_fadvise.patch +# Raise timeout value for test_subprocess +Patch07: subprocess-raise-timeout.patch +# PATCH-FEATURE-UPSTREAM bpo-31046_ensurepip_honours_prefix.patch bpo#31046 mcepl@suse.com +# ensurepip should honour the value of $(prefix) +Patch08: bpo-31046_ensurepip_honours_prefix.patch +# PATCH-FIX-SLE no-skipif-doctests.patch jsc#SLE-13738 mcepl@suse.com +# SLE-15 version of Sphinx doesn't know about skipif directive in doctests. +Patch09: no-skipif-doctests.patch +# PATCH-FIX-SLE skip-test_pyobject_freed_is_freed.patch mcepl@suse.com +# skip a test failing on SLE-15 +Patch10: skip-test_pyobject_freed_is_freed.patch +# PATCH-FIX-SLE fix_configure_rst.patch bpo#43774 mcepl@suse.com +# remove duplicate link targets and make documentation with old Sphinx in SLE +Patch11: fix_configure_rst.patch +# PATCH-FIX-UPSTREAM skip_if_buildbot-extend.patch gh#python/cpython#103053 mcepl@suse.com +# Skip test_freeze_simple_script +Patch13: skip_if_buildbot-extend.patch +# PATCH-FIX-UPSTREAM bsc1221260-test_asyncio-ResourceWarning.patch bsc#1221260 mcepl@suse.com +# prevent ResourceWarning in test_asyncio tests +Patch15: bsc1221260-test_asyncio-ResourceWarning.patch +# PATCH-FIX-OPENSUSE CVE-2023-52425-libexpat-2.6.0-backport.patch +# This problem on libexpat is patched on SLE without version +# update, this patch changes the tests to match the libexpat provided +# by SUSE +Patch16: CVE-2023-52425-libexpat-2.6.0-backport.patch +Patch17: CVE-2023-52425-remove-reparse_deferral-tests.patch +# PATCH-FIX-UPSTREAM bso1227999-reproducible-builds.patch bsc#1227999 mcepl@suse.com +# reproducibility patches +Patch19: bso1227999-reproducible-builds.patch +# PATCH-FIX-UPSTREAM gh120226-fix-sendfile-test-kernel-610.patch gh#python/cpython#120226 mcepl@suse.com +# Fix test_sendfile_close_peer_in_the_middle_of_receiving on Linux >= 6.10 (GH-120227) +Patch22: gh120226-fix-sendfile-test-kernel-610.patch +# PATCH-FIX-UPSTREAM Add platform triplets for 64-bit LoongArch gh#python/cpython#30939 glaubitz@suse.com +Patch24: add-loongarch64-support.patch +BuildRequires: autoconf-archive +BuildRequires: automake +BuildRequires: fdupes +BuildRequires: gmp-devel +BuildRequires: lzma-devel +BuildRequires: netcfg +BuildRequires: openssl-devel +BuildRequires: pkgconfig +BuildRequires: xz +BuildRequires: pkgconfig(bzip2) +BuildRequires: pkgconfig(expat) +BuildRequires: pkgconfig(libffi) +BuildRequires: pkgconfig(uuid) +BuildRequires: pkgconfig(zlib) +#!BuildIgnore: gdk-pixbuf-loader-rsvg +%if 0%{?suse_version} >= 1550 +# The provider for python(abi) is in rpm-build-python +BuildRequires: rpm-build-python +%endif +%if 0%{?suse_version} >= 1500 && 0%{?suse_version} < 1599 +BuildRequires: pkgconfig(libnsl) +BuildRequires: pkgconfig(libtirpc) +%endif +%if %{with mpdecimal} +BuildRequires: mpdecimal-devel +%endif +%if %{with doc} +BuildRequires: python3-Sphinx >= 4.0.0 +%if 0%{?suse_version} >= 1500 +BuildRequires: python3-python-docs-theme >= 2022.1 +%endif +%endif +%if %{with general} +# required for idle3 (.desktop and .appdata.xml files) +BuildRequires: appstream-glib +BuildRequires: gcc-c++ +BuildRequires: gdbm-devel +BuildRequires: gettext +BuildRequires: readline-devel +BuildRequires: sqlite-devel +BuildRequires: timezone +BuildRequires: pkgconfig(ncurses) +BuildRequires: pkgconfig(tk) +BuildRequires: pkgconfig(x11) +Requires: %{python_pkg_name}-base = %{version} +Provides: %{python_pkg_name}-readline +Provides: %{python_pkg_name}-sqlite3 +Recommends: %{python_pkg_name}-curses +Recommends: %{python_pkg_name}-dbm +Recommends: %{python_pkg_name}-pip +%if %{primary_interpreter} +Provides: python3 = %{python_version} +Provides: python3-readline +Provides: python3-sqlite3 +%endif +%endif +%{?suse_build_hwcaps_libs} + +%description +Python 3 is modern interpreted, object-oriented programming language, +often compared to Tcl, Perl, Scheme, or Java. You can find an overview +of Python in the documentation and tutorials included in the python3-doc +package. + +This package supplies rich command line features provided by readline, +and sqlite3 support for the interpreter core, thus forming a so called +"extended" runtime. +Installing "python3" is sufficient for the vast majority of usecases. +In addition, recommended packages provide UI toolkit support (python3-curses, +python3-tk), legacy UNIX database bindings (python3-dbm), and the IDLE +development environment (python3-idle). + +%package -n %{python_pkg_name}-tk +Summary: TkInter, a Python Tk Interface +Requires: %{python_pkg_name} = %{version} +%if %{primary_interpreter} +Provides: python3-tk = %{version} +%endif + +%description -n %{python_pkg_name}-tk +Python interface to Tk. Tk is the GUI toolkit that comes with Tcl. + +%package -n %{python_pkg_name}-curses +Summary: Python Interface to the (N)Curses Library +Requires: %{python_pkg_name} = %{version} +%if %{primary_interpreter} +Provides: python3-curses +%endif + +%description -n %{python_pkg_name}-curses +An easy to use interface to the (n)curses CUI library. CUI stands for +Console User Interface. + +%package -n %{python_pkg_name}-dbm +Summary: Python Interface to the GDBM Library +Requires: %{python_pkg_name} = %{version} +%if %{primary_interpreter} +Provides: python3-dbm +%endif + +%description -n %{python_pkg_name}-dbm +An easy to use interface for Unix DBM databases, and more specifically, +the GNU implementation GDBM. + +%package -n %{python_pkg_name}-idle +Summary: An Integrated Development Environment for Python +Requires: %{python_pkg_name} = %{version} +Requires: %{python_pkg_name}-tk +%if %{primary_interpreter} +Provides: python3-idle = %{version} +%endif + +%description -n %{python_pkg_name}-idle +IDLE is a Tkinter based integrated development environment for Python. +It features a multi-window text editor with multiple undo, Python +colorizing, and many other things, as well as a Python shell window and +a debugger. + +%package -n %{python_pkg_name}-doc +Summary: Package Documentation for Python 3 +Enhances: %{python_pkg_name} = %{python_version} +%if %{primary_interpreter} +Provides: python3-doc = %{version} +%endif + +%description -n %{python_pkg_name}-doc +Tutorial, Global Module Index, Language Reference, Library Reference, +Extending and Embedding Reference, Python/C API Reference, Documenting +Python, and Macintosh Module Reference in HTML format. + +%package -n %{python_pkg_name}-doc-devhelp +Summary: Additional Package Documentation for Python 3 in devhelp format +%if %{primary_interpreter} +Provides: python3-doc-devhelp = %{version} +%endif + +%description -n %{python_pkg_name}-doc-devhelp +Tutorial, Global Module Index, Language Reference, Library Reference, +Extending and Embedding Reference, Python/C API Reference, Documenting +Python, and Macintosh Module Reference in format for devhelp. + +%package -n %{python_pkg_name}-base +Summary: Python 3 Interpreter and Stdlib Core +Requires: libpython%{so_version} = %{version} +Recommends: %{python_pkg_name} = %{version} +#Recommends: python3-ensurepip +# python 3.1 didn't have a separate python-base, so it is wrongly +# not a conflict to have python3-3.1 and python3-base > 3.1 +Obsoletes: python3 < 3.2 +# no Provides, because python3 is obviously provided by package python3 +# python 3.4 provides asyncio +Provides: %{python_pkg_name}-asyncio = %{version} +# python 3.6 provides typing +Provides: %{python_pkg_name}-typing = %{version} +# python3-xml was merged into python3, now moved into -base +Provides: %{python_pkg_name}-xml = %{version} +%if %{primary_interpreter} +Provides: python3-asyncio = %{version} +Obsoletes: python3-asyncio < %{version} +Provides: python3-base = %{version} +Obsoletes: python3-base < %{version} +Provides: python3-typing = %{version} +Obsoletes: python3-typing < %{version} +Provides: python3-xml = %{version} +Obsoletes: python3-xml < %{version} +%endif + +%description -n %{python_pkg_name}-base +Python is an interpreted, object-oriented programming language, and is +often compared to Tcl, Perl, Scheme, or Java. You can find an overview +of Python in the documentation and tutorials included in the python-doc +package. + +This package contains the interpreter core and most commonly used modules +from the standard library. This is sufficient for many usecases, but it +excludes components that depend on external libraries, most notably XML, +database and UI toolkits support. + +%package -n %{python_pkg_name}-tools +Summary: Python Utility and Demonstration Scripts +Requires: %{python_pkg_name}-base = %{version} +Provides: %{python_pkg_name}-2to3 = %{version} +Provides: %{python_pkg_name}-demo = %{version} +%if %{primary_interpreter} +Provides: python3-2to3 = %{version} +Provides: python3-demo = %{version} +Provides: python3-tools = %{version} +Obsoletes: python3-2to3 < %{version} +Obsoletes: python3-demo < %{version} +%endif + +%description -n %{python_pkg_name}-tools +A number of scripts that are useful for building, testing or extending Python, +and a set of demonstration programs. + +%package -n %{python_pkg_name}-devel +Summary: Include Files and Libraries Mandatory for Building Python Modules +Requires: %{python_pkg_name}-base = %{version} +%if %{primary_interpreter} +Provides: python3-devel = %{version} +%endif + +%description -n %{python_pkg_name}-devel +The Python programming language's interpreter can be extended with +dynamically loaded extensions and can be embedded in other programs. + +This package contains header files, a static library, and development +tools for building Python modules, extending the Python interpreter or +embedding Python in applications. + +This also includes the Python distutils, which were in the Python +package up to version 2.2.2. + +%package -n %{python_pkg_name}-testsuite +Summary: Unit tests for Python and its standard library +Requires: %{python_pkg_name} = %{version} +Requires: %{python_pkg_name}-tk = %{version} +%if %{primary_interpreter} +Provides: python3-testsuite = %{version} +%endif + +%description -n %{python_pkg_name}-testsuite +Unit tests that are useful for verifying integrity and functionality +of the installed Python interpreter and standard library. +They are a documented part of stdlib, as a module 'test'. + +%package -n libpython%{so_version} +Summary: Python Interpreter shared library +Requires: %{python_pkg_name}-base >= %{version} + +%description -n libpython%{so_version} +Python is an interpreted, object-oriented programming language, and is +often compared to Tcl, Perl, Scheme, or Java. You can find an overview +of Python in the documentation and tutorials included in the python-doc +(HTML) or python-doc-pdf (PDF) packages. + +This package contains libpython3.2 shared library for embedding in +other applications. + +%prep +%setup -q -n %{tarname} + +%patch -p1 -P 02 +%patch -p1 -P 03 +%patch -p1 -P 04 +%patch -p1 -P 05 +%patch -p1 -P 06 +%patch -p1 -P 07 +%patch -p1 -P 08 + +%if 0%{?suse_version} <= 1500 +%patch -P 09 -p1 +%endif + +%patch -p1 -P 10 +%patch -p1 -P 11 +%patch -p1 -P 13 +%patch -p1 -P 15 +%patch -p1 -P 16 +%patch -p1 -P 17 +%patch -p1 -P 19 +%patch -p1 -P 22 +%patch -p1 -P 24 + +# drop Autoconf version requirement +sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac + +%if %{primary_interpreter} +# fix shebangs - convert /usr/local/bin/python and /usr/bin/env/python to /usr/bin/python3 +for dir in Lib Tools; do + # find *.py, filter to files that contain bad shebangs + # break up "/""usr" like this to prevent replacing with %%{_prefix} + find $dir -name '*.py' -type f -print0 \ + | xargs -0 grep -lE '^#! *(/''usr/.*bin/(env +)?)?python' \ + | xargs sed -r -i -e '1s@^#![[:space:]]*(/''usr/(local/)?bin/(env +)?)?python([0-9]+(\.[0-9]+)?)?@#!%{_bindir}/python3@' +done +%else +# For non-primary Python, just don't bother (bsc#1193179) and remove all +# those shebangs +for dir in Lib Tools; do + find $dir -name '*.py' -type f -exec sed -i '1{/^#!.*python/ d}' '{}' \; +done +# We shortened the file Lib/pdb.py so we have to move the test breakpoint location +sed -i -e '/Breakpoint 3 at ...pdb.py:97/s/97/96/' Lib/test/test_pdb.py +%endif + +# drop in-tree libffi and expat +rm -r Modules/_ctypes/libffi* Modules/_ctypes/darwin +# Cannot remove it because of gh#python/cpython#92875 +# rm -r Modules/expat + +# drop duplicate README from site-packages +rm Lib/site-packages/README.txt + +# Add vendored bluez-devel files +tar xvf %{SOURCE21} + +# Don't fail on warnings when building documentation +sed -i -e '/^SPHINXERRORHANDLING/s/-W//' Doc/Makefile + +%build +%if %{with doc} +TODAY_DATE=`date -r %{SOURCE0} "+%%B %%d, %%Y"` +# TODO use not date of tarball but date of latest patch + +cd Doc +sed -i "s/^today = .*/today = '$TODAY_DATE'/" conf.py +%make_build -j1 html + +# Build also devhelp files +sphinx-build -a -b devhelp . build/devhelp +rm -rfv build/devhelp/.doctrees +%else +%define _lto_cflags %{nil} +# use rpm_opt_flags +export OPT="%{optflags} -DOPENSSL_LOAD_CONF -fwrapv $(pkg-config --cflags-only-I libffi) -fno-semantic-interposition" + +touch -r %{SOURCE0} Makefile.pre.in + +autoreconf -fvi + +%if 0%{?sles_version} +sed -e 's/-fprofile-correction//' -i Makefile.pre.in +%endif + +export CFLAGS="%{optflags} -IVendor/" + +%configure \ + --with-platlibdir=%{_lib} \ + --docdir=%{_docdir}/python \ + --enable-ipv6 \ + --enable-shared \ + --with-ensurepip=no \ + --with-system-ffi \ + --with-system-expat \ + --with-lto \ +%if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150400 + --with-ssl-default-suites=openssl \ +%endif +%if %{with profileopt} + --enable-optimizations \ +%endif +%if %{with mpdecimal} + --with-system-libmpdec \ +%endif + --enable-loadable-sqlite-extensions + +# prevent make from trying to rebuild PYTHON_FOR_GEN stuff +# %%make_build -t Python/Python-ast.c \ + # Include/Python-ast.h \ + # Objects/typeslots.inc \ + # Python/opcode_targets.h \ + # Include/opcode.h +%make_build + +%if %{with general} +%make_build +%endif +%if %{with base} +%if %{with profileopt} + target=profile-opt +%else + target=all +%endif +LD_LIBRARY_PATH=.:$LD_LIBRARY_PATH \ + %make_build $target +%endif +%endif + +%check +export SUSE_VERSION="0%{?suse_version}" +export SLE_VERSION="0%{?sle_version}" +%if %{with general} +# exclude test_gdb -- it doesn't run in buildservice anyway, and fails on missing debuginfos +# when you install gdb into your test env +EXCLUDE="test_gdb" +# we patch out the message to recommend zypper in and thus this would fail +EXCLUDE="$EXCLUDE test_pydoc" + +%ifarch %{arm} s390x +# test_multiprocessing_forkserver is racy +EXCLUDE="$EXCLUDE test_multiprocessing_forkserver" +%endif +%ifarch ppc ppc64 ppc64le +# exclue test_faulthandler due to bnc#831629 +EXCLUDE="$EXCLUDE test_faulthandler" +%endif +# some tests break in QEMU +%if 0%{?qemu_user_space_build} +EXCLUDE="$EXCLUDE test_faulthandler test_multiprocessing_forkserver test_multiprocessing_spawn test_os test_posix test_signal test_socket test_subprocess" +%endif + +# This test (part of test_uuid) requires real network interfaces +# so that ifconfig output has "HWaddr ". Some kvm instances +# done have any such interface breaking the uuid module. +EXCLUDE="$EXCLUDE test_uuid" + +# bsc#1195140 and bpo#37169 - test_capi is failing on openSUSE, and not sure why +EXCLUDE="$EXCLUDE test_capi" + +# Limit virtual memory to avoid spurious failures +if test $(ulimit -v) = unlimited || test $(ulimit -v) -gt 10000000; then + ulimit -v 11000000 || : +fi + +# test_freeze_simple_script in test.test_tools.test_freeze.TestFreeze +# uses CONFIG_ARGS to run ./configure. +export CONFIG_ARGS="--enable-ipv6 --enable-shared --with-ensurepip=no \ + --with-system-ffi --with-system-expat --with-lto --enable-optimizations \ + --with-system-libmpdec --enable-loadable-sqlite-extensions" + +export PYTHONPATH="$(pwd -P)/Lib" +# Use timeout, like make target buildbottest +# We cannot run tests parallel, because osc build environment doesn’t +# have /dev/shm +%make_build -j1 test TESTOPTS="-u curses -v -x $EXCLUDE --timeout=5400" +# use network, be verbose: +#make test TESTOPTS="-l -u network -v" +%endif + +%install +%if %{with doc} +export PDOCS=%{buildroot}%{_docdir}/python%{python_version} +mkdir -p $PDOCS +# generated docs +rm Doc/build/*/.buildinfo +cp -r Doc/build/html $PDOCS +# misc +install -d -m 755 $PDOCS/Misc +rm Misc/README.AIX +for i in Misc/* ; do + [ -f $i ] && install -c -m 644 $i $PDOCS/Misc/ +done +# devhelp +mkdir -p %{buildroot}%{_datadir}/gtk-doc/html +cp -r Doc/build/devhelp %{buildroot}%{_datadir}/gtk-doc/html/Python%{python_version} +rm -rf %{buildroot}%{_datadir}/gtk-doc/html/Python%{python_version}/.doctrees +%endif +%if %{with general} +%make_install + +# clean out stuff that is in python-base and subpackages + +find %{buildroot}%{_bindir} -mindepth 1 -not -name "*idle3*" -print -delete +rm %{buildroot}%{_libdir}/lib* +rm -r %{buildroot}%{_libdir}/pkgconfig +rm -r %{buildroot}%{_mandir}/* +rm -r %{buildroot}%{_includedir}/* + +rm -r %{buildroot}%{sitedir}/config* +find %{buildroot}%{sitedir} -name "*.egg-info" -delete +rm -r %{buildroot}%{sitedir}/__pycache__ +rm -r %{buildroot}%{sitedir}/site-packages +rm %{buildroot}%{sitedir}/*.* + +for module in \ + asyncio ctypes collections concurrent distutils email encodings \ + ensurepip html http re \ + importlib json logging multiprocessing pydoc_data unittest \ + urllib venv wsgiref lib2to3 test tomllib turtledemo \ + xml xmlrpc zoneinfo __phello__ +do + rm -r %{buildroot}%{sitedir}/$module +done + +for library in \ + array _asyncio audioop binascii _bisect _bz2 cmath _codecs_* \ + _contextvars _crypt _csv _ctypes _datetime _decimal fcntl grp \ + _hashlib _heapq _json _lsprof _lzma math mmap _multibytecodec \ + _multiprocessing _opcode ossaudiodev _pickle _posixshmem \ + _posixsubprocess _queue _random resource select _ssl _socket spwd \ + _statistics _struct syslog termios _testbuffer _testimportmultiple \ + _testmultiphase unicodedata zlib _ctypes_test _testinternalcapi _testcapi \ + _typing _testclinic xxlimited xxlimited_35 \ + _xxtestfuzz _xxsubinterpreters _elementtree pyexpat _md5 _sha1 \ + _sha256 _sha512 _blake2 _sha3 _uuid _zoneinfo +do + eval rm "%{buildroot}%{sitedir}/lib-dynload/$library.*" +done + +# Idle is not packaged in base due to the appstream-glib dependency +# move idle config into /etc +install -d -m 755 %{buildroot}%{_sysconfdir}/idle%{python_version} +( + cd %{buildroot}/%{sitedir}/idlelib/ + for file in *.def ; do + mv $file %{buildroot}%{_sysconfdir}/idle%{python_version}/ + ln -sf %{_sysconfdir}/idle%{python_version}/$file %{buildroot}/%{sitedir}/idlelib/ + done +) + +# keep just idle3.X +rm %{buildroot}%{_bindir}/idle3 + +# install idle icons +for size in 16 32 48 ; do + install -m 644 -D Lib/idlelib/Icons/idle_${size}.png \ + %{buildroot}%{_datadir}/icons/hicolor/${size}x${size}/apps/idle%{python_version}.png +done + +# install idle desktop file +cp %{SOURCE19} idle%{python_version}.desktop +sed -i -e 's:idle3:idle%{python_version}:g' idle%{python_version}.desktop +install -m 644 -D -t %{buildroot}%{_datadir}/applications idle%{python_version}.desktop + +cp %{SOURCE20} idle%{python_version}.appdata.xml +sed -i -e 's:idle3.desktop:idle%{python_version}.desktop:g' idle%{python_version}.appdata.xml +install -m 644 -D -t %{buildroot}%{_datadir}/metainfo idle%{python_version}.appdata.xml +appstream-util validate-relax --nonet %{buildroot}%{_datadir}/metainfo/idle%{python_version}.appdata.xml + +%fdupes %{buildroot}/%{_libdir}/python%{python_version} +%endif +%if %{with base} +%make_install + +# remove .a +find %{buildroot} -name "*.a" -delete + +# install "site-packages" and __pycache__ for third parties +install -d -m 755 %{buildroot}%{sitedir}/site-packages +install -d -m 755 %{buildroot}%{sitedir}/site-packages/__pycache__ +# and their 32bit counterparts explicitly +mkdir -p %{buildroot}%{_prefix}/lib/python%{python_version}/site-packages/__pycache__ + +# cleanup parts that don't belong +for dir in curses dbm sqlite3 tkinter idlelib; do + find "%{buildroot}/%{sitedir}/$dir"/* -maxdepth 0 -name "test" -o -exec rm -rf {} + +done +rm -fv %{buildroot}%{dynlib nis} + +# overwrite the copied binary with a link +ln -sf python%{python_version} %{buildroot}%{_bindir}/python3 + +# decide to ship python3 or just python3.X +%if !%{primary_interpreter} +# base +rm %{buildroot}%{_bindir}/python3 +rm %{buildroot}%{_bindir}/pydoc3 +rm %{buildroot}%{_mandir}/man1/python3.1 +# devel +rm %{buildroot}%{_bindir}/python3-config +rm %{buildroot}%{_libdir}/libpython3.so +rm %{buildroot}%{_libdir}/pkgconfig/{python3,python3-embed}.pc +%endif + +%if %{suse_version} > 1550 +# PEP-0668 mark this as a distro maintained python +sed -e 's,__PYTHONPREFIX__,%{python_pkg_name},' -e 's,__PYTHON__,python%{python_version},' < %{SOURCE4} > %{buildroot}%{sitedir}/EXTERNALLY-MANAGED +%endif + +# link shared library instead of static library that tools expect +ln -s ../../libpython%{python_abi}.so %{buildroot}%{_libdir}/python%{python_version}/config-%{python_abi}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}/libpython%{python_abi}.so + +# delete idle3, which has to many packaging dependencies for base +rm %{buildroot}%{_bindir}/idle3* + +# delete the generic 2to3 binary if we are not primary +%if !%{primary_interpreter} +rm %{buildroot}%{_bindir}/2to3 +%endif + +# replace duplicate .pyo/.pyc with hardlinks +%fdupes %{buildroot}/%{sitedir} + +# documentation +export PDOCS=%{buildroot}%{_docdir}/%{name} +install -d -m 755 $PDOCS +install -c -m 644 %{SOURCE3} $PDOCS/ +install -c -m 644 README.rst $PDOCS/ + +# tools +for x in `find Tools/ \( -not -name Makefile \) -print | sort` ; do + test -d $x && ( install -c -m 755 -d $PDOCS/$x ) \ + || ( install -c -m 644 $x $PDOCS/$x ) +done +# gdb script is shipped with devel subpackage +rm -r $PDOCS/Tools/gdb +# clean up the bat files +find "$PDOCS" -name "*.bat" -delete + +# put gdb helper script into place +install -m 755 -D Tools/gdb/libpython.py %{buildroot}%{_datadir}/gdb/auto-load/%{_libdir}/libpython%{python_abi}.so.%{so_major}.%{so_minor}-gdb.py + +# install devel files to /config +#cp Makefile Makefile.pre.in Makefile.pre $RPM_BUILD_ROOT%%{sitedir}/config-%%{python_abi}/ + +# Remove -IVendor/ from python-config boo#1231795 +sed -i 's/-IVendor\///' %{buildroot}%{_bindir}/python%{python_abi}-config + +# RPM macros +%if %{primary_interpreter} +mkdir -p %{buildroot}%{_rpmconfigdir}/macros.d/ +install -m 644 %{SOURCE7} %{buildroot}%{_rpmconfigdir}/macros.d/ # macros.python3 +%endif + +# import_failed hooks +FAILDIR=%{buildroot}/%{sitedir}/_import_failed +mkdir $FAILDIR +install -m 644 %{SOURCE8} %{SOURCE9} $FAILDIR # import_failed.* +LD_LIBRARY_PATH=. ./python -c "from py_compile import compile; compile('$FAILDIR/import_failed.py', dfile='%{sitedir}/_import_failed/import_failed.py')" +LD_LIBRARY_PATH=. ./python -O -c "from py_compile import compile; compile('$FAILDIR/import_failed.py', dfile='%{sitedir}/_import_failed/import_failed.py')" +( + cd $FAILDIR + while read package modules; do + for module in $modules; do + ln import_failed.py $module.py + pushd __pycache__ + for i in import_failed*; do + ln $i "$module${i#import_failed}" + done + popd + done + done < %{SOURCE9} +) +echo %{sitedir}/_import_failed > %{buildroot}/%{sitedir}/site-packages/zzzz-import-failed-hooks.pth +%endif + +# For the purposes of reproducibility, it is necessary to eliminate any *.pyc files inside documentation dirs +if [ -d %{buildroot}%{_defaultdocdir} ] ; then +find %{buildroot}%{_defaultdocdir} -type f -name \*.pyc -ls -exec rm -vf '{}' \; +fi + +%if %{with general} +%files -n %{python_pkg_name}-tk +%{sitedir}/tkinter +%exclude %{sitedir}/tkinter/test +%{dynlib _tkinter} + +%files -n %{python_pkg_name}-curses +%{sitedir}/curses +%{dynlib _curses} +%{dynlib _curses_panel} + +%files -n %{python_pkg_name}-dbm +%{sitedir}/dbm +%{dynlib _dbm} +%{dynlib _gdbm} + +%files -n %{python_pkg_name} +%dir %{sitedir} +%dir %{sitedir}/lib-dynload +%{sitedir}/sqlite3 +%exclude %{sitedir}/sqlite3/test +%{dynlib readline} +%{dynlib _sqlite3} +%if 0%{?suse_version} < 1599 +%{dynlib nis} +%endif + +%files -n %{python_pkg_name}-idle +%{sitedir}/idlelib +%dir %{_sysconfdir}/idle%{python_version} +%config %{_sysconfdir}/idle%{python_version}/* +%doc Lib/idlelib/README.txt +%doc Lib/idlelib/TODO.txt +%doc Lib/idlelib/extend.txt +%doc Lib/idlelib/ChangeLog +%{_bindir}/idle%{python_version} +%{_datadir}/applications/idle%{python_version}.desktop +%{_datadir}/metainfo/idle%{python_version}.appdata.xml +%{_datadir}/icons/hicolor/*/apps/idle%{python_version}.png +%dir %{_datadir}/icons/hicolor +%dir %{_datadir}/icons/hicolor/16x16 +%dir %{_datadir}/icons/hicolor/32x32 +%dir %{_datadir}/icons/hicolor/48x48 +%dir %{_datadir}/icons/hicolor/*/apps +# endif for if general +%endif + +%if %{with doc} +%files -n %{python_pkg_name}-doc +%dir %{_docdir}/python%{python_version} +%doc %{_docdir}/python%{python_version}/Misc +%doc %{_docdir}/python%{python_version}/html + +%files -n %{python_pkg_name}-doc-devhelp +%dir %{_datadir}/gtk-doc +%dir %{_datadir}/gtk-doc/html +%doc %{_datadir}/gtk-doc/html/Python%{python_version} +%endif + +%if %{with base} +%post -n libpython%{so_version} -p /sbin/ldconfig +%postun -n libpython%{so_version} -p /sbin/ldconfig + +%files -n libpython%{so_version} +%{_libdir}/libpython%{python_abi}.so.%{so_major}.%{so_minor} + +%files -n %{python_pkg_name}-tools +%{sitedir}/turtledemo +%if %{primary_interpreter} +%{_bindir}/2to3 +%endif +%attr(755, root, root)%{_bindir}/2to3-%{python_version} +%doc %{_docdir}/%{name}/Tools + +%files -n %{python_pkg_name}-devel +%{_libdir}/libpython%{python_abi}.so +%if %{primary_interpreter} +%{_libdir}/libpython3.so +%endif +%{_libdir}/pkgconfig/* +%{_includedir}/python%{python_abi} +%{sitedir}/config-%{python_abi}-* +%{_bindir}/python%{python_abi}-config +%if %{primary_interpreter} +%{_bindir}/python3-config +%endif +# Own these directories to not depend on gdb +%dir %{_datadir}/gdb +%dir %{_datadir}/gdb/auto-load +%dir %{_datadir}/gdb/auto-load%{_prefix} +%dir %{_datadir}/gdb/auto-load%{_libdir} +%{_datadir}/gdb/auto-load/%{_libdir}/libpython%{python_abi}.so.%{so_major}.%{so_minor}-gdb.py + +%files -n %{python_pkg_name}-testsuite +%{sitedir}/test +%{sitedir}/*/test +%{sitedir}/*/tests +%{dynlib _ctypes_test} +%{dynlib _testbuffer} +%{dynlib _testcapi} +%{dynlib _testclinic} +%{dynlib _testinternalcapi} +%{dynlib _testimportmultiple} +%{dynlib _testmultiphase} +%{dynlib xxlimited} +# workaround for missing packages +%dir %{sitedir}/sqlite3 +%dir %{sitedir}/tkinter + +%files -n %{python_pkg_name}-base +# docs +%dir %{_docdir}/%{name} +%doc %{_docdir}/%{name}/README.rst +%license LICENSE +%doc %{_docdir}/%{name}/README.SUSE +%if %{primary_interpreter} +%{_mandir}/man1/python3.1%{?ext_man} +%endif +%{_mandir}/man1/python%{python_version}.1%{?ext_man} +%if 0%{?suse_version} > 1550 +# PEP-0668 +%{sitedir}/EXTERNALLY-MANAGED +%endif +# license text, not a doc because the code can use it at run-time +%{sitedir}/LICENSE.txt +# RPM macros +%if %{primary_interpreter} +%{_rpmconfigdir}/macros.d/macros.python3 +%endif +# binary parts +%dir %{sitedir}/lib-dynload +%{dynlib array} +%{dynlib _asyncio} +%{dynlib audioop} +%{dynlib binascii} +%{dynlib _bisect} +%{dynlib _bz2} +%{dynlib cmath} +%{dynlib _codecs_cn} +%{dynlib _codecs_hk} +%{dynlib _codecs_iso2022} +%{dynlib _codecs_jp} +%{dynlib _codecs_kr} +%{dynlib _codecs_tw} +%{dynlib _contextvars} +%{dynlib _crypt} +%{dynlib _csv} +%{dynlib _ctypes} +%{dynlib _datetime} +%{dynlib _decimal} +%{dynlib _elementtree} +%{dynlib fcntl} +%{dynlib grp} +%{dynlib _hashlib} +%{dynlib _heapq} +%{dynlib _json} +%{dynlib _lsprof} +%{dynlib _lzma} +%{dynlib math} +%{dynlib mmap} +%{dynlib _multibytecodec} +%{dynlib _multiprocessing} +%{dynlib _opcode} +%{dynlib ossaudiodev} +%{dynlib _pickle} +%{dynlib _posixshmem} +%{dynlib _posixsubprocess} +%{dynlib pyexpat} +%{dynlib _queue} +%{dynlib _random} +%{dynlib resource} +%{dynlib select} +%{dynlib _socket} +%{dynlib spwd} +%{dynlib _ssl} +%{dynlib _statistics} +%{dynlib _struct} +%{dynlib syslog} +%{dynlib termios} +%{dynlib _typing} +%{dynlib unicodedata} +%{dynlib _uuid} +%{dynlib _xxsubinterpreters} +%{dynlib _xxtestfuzz} +%{dynlib xxlimited_35} +%{dynlib zlib} +%{dynlib _zoneinfo} +# hashlib fallback modules +%{dynlib _blake2} +%{dynlib _md5} +%{dynlib _sha1} +%{dynlib _sha256} +%{dynlib _sha512} +%{dynlib _sha3} +# python parts +%dir %{_prefix}/lib/python%{python_version} +%dir %{_prefix}/lib/python%{python_version}/site-packages +%dir %{_prefix}/lib/python%{python_version}/site-packages/__pycache__ +%dir %{sitedir} +%dir %{sitedir}/site-packages +%dir %{sitedir}/site-packages/__pycache__ +%exclude %{sitedir}/*/test +%exclude %{sitedir}/*/tests +%{sitedir}/*.py +%{sitedir}/asyncio +%{sitedir}/ctypes +%{sitedir}/collections +%{sitedir}/concurrent +%{sitedir}/distutils +%{sitedir}/email +%{sitedir}/encodings +%{sitedir}/ensurepip +%{sitedir}/html +%{sitedir}/http +%{sitedir}/importlib +%{sitedir}/json +%{sitedir}/lib2to3 +%{sitedir}/logging +%{sitedir}/multiprocessing +%{sitedir}/pydoc_data +%{sitedir}/re +%{sitedir}/tomllib +%{sitedir}/unittest +%{sitedir}/urllib +%{sitedir}/venv +%{sitedir}/wsgiref +%{sitedir}/xml +%{sitedir}/xmlrpc +%{sitedir}/zoneinfo +%{sitedir}/__phello__ +%{sitedir}/__pycache__ +# import-failed hooks +%{sitedir}/_import_failed +%{sitedir}/site-packages/zzzz-import-failed-hooks.pth +# symlinks +%if %{primary_interpreter} +%{_bindir}/python3 +%{_bindir}/pydoc3 +%endif +# executables +%attr(755, root, root) %{_bindir}/pydoc%{python_version} +# %%attr(755, root, root) %%{_bindir}/python%%{python_abi} +%attr(755, root, root) %{_bindir}/python%{python_version} +# endif for if base +%endif + +%changelog diff --git a/skip-test_pyobject_freed_is_freed.patch b/skip-test_pyobject_freed_is_freed.patch new file mode 100644 index 0000000..6f48b09 --- /dev/null +++ b/skip-test_pyobject_freed_is_freed.patch @@ -0,0 +1,23 @@ +--- + Lib/test/test_capi/test_misc.py | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/Lib/test/test_capi/test_misc.py ++++ b/Lib/test/test_capi/test_misc.py +@@ -40,6 +40,8 @@ import _testinternalcapi + # Were we compiled --with-pydebug or with #define Py_DEBUG? + Py_DEBUG = hasattr(sys, 'gettotalrefcount') + ++# Which version of the SLE distro we build on? ++SLE_VERSION = int(os.environ.get('SLE_VERSION', '0'), 10) + + NULL = None + +@@ -1281,6 +1283,7 @@ class PyMemDebugTests(unittest.TestCase) + def test_pyobject_forbidden_bytes_is_freed(self): + self.check_pyobject_is_freed('check_pyobject_forbidden_bytes_is_freed') + ++ @unittest.skipIf(0 < SLE_VERSION < 150300, 'Failing on Leap 15.*') + def test_pyobject_freed_is_freed(self): + self.check_pyobject_is_freed('check_pyobject_freed_is_freed') + diff --git a/skip_if_buildbot-extend.patch b/skip_if_buildbot-extend.patch new file mode 100644 index 0000000..fd9a584 --- /dev/null +++ b/skip_if_buildbot-extend.patch @@ -0,0 +1,15 @@ +--- + Lib/test/support/__init__.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/Lib/test/support/__init__.py ++++ b/Lib/test/support/__init__.py +@@ -384,7 +384,7 @@ def skip_if_buildbot(reason=None): + if not reason: + reason = 'not suitable for buildbots' + try: +- isbuildbot = getpass.getuser().lower() == 'buildbot' ++ isbuildbot = getpass.getuser().lower() in ['buildbot', 'abuild'] + except (KeyError, EnvironmentError) as err: + warnings.warn(f'getpass.getuser() failed {err}.', RuntimeWarning) + isbuildbot = False diff --git a/skipped_tests.py b/skipped_tests.py new file mode 100644 index 0000000..47002e6 --- /dev/null +++ b/skipped_tests.py @@ -0,0 +1,69 @@ +#!/usr/bin/python3 +""" +Simple regexp-based skipped test checker. +It lists tests that are mentioned (presumably for exclusion) +in BASE, and in MAIN (presumably for inclusion) +and reports discrepancies. + +This will have a number of +""" + +MAIN = "python39.spec" + +import glob +import re +from os.path import basename + +alltests = set() +qemu_exclusions = set() + +for item in glob.glob("Python-*/Lib/test/test_*"): + testname = basename(item) + if testname.endswith(".py"): + testname = testname[:-3] + alltests.add(testname) + +testre = re.compile(r'[\s"](test_\w+)\b') + +def find_tests_in_spec(specname): + global qemu_exclusions + + found_tests = set() + with open(specname) as spec: + in_qemu = False + for line in spec: + line = line.strip() + if "#" in line: + line = line[:line.index("#")] + tests = set(testre.findall(line)) + found_tests |= tests + if line == "%if 0%{?qemu_user_space_build} > 0": + in_qemu = True + if in_qemu: + if line == "%endif": + in_qemu = False + qemu_exclusions |= tests + return found_tests + +excluded = find_tests_in_spec(MAIN) + +#print("--- excluded tests:", " ".join(sorted(excluded))) +#print("--- included tests:", " ".join(sorted(included))) + +mentioned = excluded +nonexistent = mentioned - alltests +missing = excluded - qemu_exclusions + +print("--- the following tests are excluded for QEMU and not tested in python") +print("--- (that probably means we don't need to worry about them)") +for test in sorted(qemu_exclusions - excluded): + print(test) + +print("--- the following tests might be excluded in python:") +for test in sorted(missing): + print(test) + +if nonexistent: + print("--- the following tests don't exist:") + for test in sorted(nonexistent): + print(test) diff --git a/subprocess-raise-timeout.patch b/subprocess-raise-timeout.patch new file mode 100644 index 0000000..ab29d50 --- /dev/null +++ b/subprocess-raise-timeout.patch @@ -0,0 +1,18 @@ +--- + Lib/test/test_subprocess.py | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +Index: Python-3.11.8/Lib/test/test_subprocess.py +=================================================================== +--- Python-3.11.8.orig/Lib/test/test_subprocess.py ++++ Python-3.11.8/Lib/test/test_subprocess.py +@@ -280,7 +280,8 @@ class ProcessTestCase(BaseTestCase): + "time.sleep(3600)"], + # Some heavily loaded buildbots (sparc Debian 3.x) require + # this much time to start and print. +- timeout=3) ++ # OBS might require even more ++ timeout=10) + self.fail("Expected TimeoutExpired.") + self.assertEqual(c.exception.output, b'BDFL') + -- 2.51.1 From a36cc2d393882e9d603384fcda11631e310a3a675591138a5f0207af3735f6cb Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Thu, 30 Jan 2025 12:53:34 +0000 Subject: [PATCH 109/135] - Configure externally_managed with a bcond https://en.opensuse.org/openSUSE:Python:Externally_managed bsc#1228165 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=156 --- .gitattributes | 23 + .gitignore | 1 + CVE-2023-52425-libexpat-2.6.0-backport.patch | 223 + ...-52425-remove-reparse_deferral-tests.patch | 60 + CVE-2024-9287-venv_path_unquoted.patch | 299 + F00251-change-user-install-location.patch | 215 + PACKAGING-NOTES | 26 + Python-3.11.10.tar.xz | 3 + Python-3.11.10.tar.xz.asc | 16 + Python-3.11.11.tar.xz | 3 + Python-3.11.11.tar.xz.sigstore | 1 + README.SUSE | 43 + _multibuild | 4 + add-loongarch64-support.patch | 25 + baselibs.conf | 3 + bluez-devel-vendor.tar.xz | 3 + bpo-31046_ensurepip_honours_prefix.patch | 173 + bsc1221260-test_asyncio-ResourceWarning.patch | 21 + bso1227999-reproducible-builds.patch | 37 + distutils-reproducible-compile.patch | 17 + externally_managed.in | 12 + fix_configure_rst.patch | 40 + gh120226-fix-sendfile-test-kernel-610.patch | 35 + idle3.appdata.xml | 35 + idle3.desktop | 12 + import_failed.map | 7 + import_failed.py | 23 + macros.python3 | 28 + no-skipif-doctests.patch | 653 ++ pre_checkin.sh | 78 + python-3.3.0b1-fix_date_time_compiler.patch | 27 + python-3.3.0b1-localpath.patch | 13 + python-3.3.0b1-test-posix_fadvise.patch | 17 + python.keyring | 109 + python311-rpmlintrc | 3 + python311.changes | 5503 +++++++++++++++++ python311.spec | 1060 ++++ skip-test_pyobject_freed_is_freed.patch | 23 + skip_if_buildbot-extend.patch | 15 + skipped_tests.py | 69 + subprocess-raise-timeout.patch | 18 + 41 files changed, 8976 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 CVE-2023-52425-libexpat-2.6.0-backport.patch create mode 100644 CVE-2023-52425-remove-reparse_deferral-tests.patch create mode 100644 CVE-2024-9287-venv_path_unquoted.patch create mode 100644 F00251-change-user-install-location.patch create mode 100644 PACKAGING-NOTES create mode 100644 Python-3.11.10.tar.xz create mode 100644 Python-3.11.10.tar.xz.asc create mode 100644 Python-3.11.11.tar.xz create mode 100644 Python-3.11.11.tar.xz.sigstore create mode 100644 README.SUSE create mode 100644 _multibuild create mode 100644 add-loongarch64-support.patch create mode 100644 baselibs.conf create mode 100644 bluez-devel-vendor.tar.xz create mode 100644 bpo-31046_ensurepip_honours_prefix.patch create mode 100644 bsc1221260-test_asyncio-ResourceWarning.patch create mode 100644 bso1227999-reproducible-builds.patch create mode 100644 distutils-reproducible-compile.patch create mode 100644 externally_managed.in create mode 100644 fix_configure_rst.patch create mode 100644 gh120226-fix-sendfile-test-kernel-610.patch create mode 100644 idle3.appdata.xml create mode 100644 idle3.desktop create mode 100644 import_failed.map create mode 100644 import_failed.py create mode 100644 macros.python3 create mode 100644 no-skipif-doctests.patch create mode 100644 pre_checkin.sh create mode 100644 python-3.3.0b1-fix_date_time_compiler.patch create mode 100644 python-3.3.0b1-localpath.patch create mode 100644 python-3.3.0b1-test-posix_fadvise.patch create mode 100644 python.keyring create mode 100644 python311-rpmlintrc create mode 100644 python311.changes create mode 100644 python311.spec create mode 100644 skip-test_pyobject_freed_is_freed.patch create mode 100644 skip_if_buildbot-extend.patch create mode 100644 skipped_tests.py create mode 100644 subprocess-raise-timeout.patch diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/CVE-2023-52425-libexpat-2.6.0-backport.patch b/CVE-2023-52425-libexpat-2.6.0-backport.patch new file mode 100644 index 0000000..c1c66b7 --- /dev/null +++ b/CVE-2023-52425-libexpat-2.6.0-backport.patch @@ -0,0 +1,223 @@ +--- + Lib/test/support/__init__.py | 16 ++++++++++++++-- + Lib/test/test_minidom.py | 23 +++++++++-------------- + Lib/test/test_pyexpat.py | 12 +++++------- + Lib/test/test_sax.py | 18 +++++++++--------- + Lib/test/test_xml_etree.py | 12 ------------ + 5 files changed, 37 insertions(+), 44 deletions(-) + +--- a/Lib/test/support/__init__.py ++++ b/Lib/test/support/__init__.py +@@ -8,6 +8,7 @@ import dataclasses + import functools + import os + import re ++import pyexpat + import stat + import sys + import sysconfig +@@ -56,7 +57,7 @@ __all__ = [ + "run_with_tz", "PGO", "missing_compiler_executable", + "ALWAYS_EQ", "NEVER_EQ", "LARGEST", "SMALLEST", + "LOOPBACK_TIMEOUT", "INTERNET_TIMEOUT", "SHORT_TIMEOUT", "LONG_TIMEOUT", +- "skip_on_s390x", ++ "skip_on_s390x", "fails_with_expat_2_6_0", "is_expat_2_6_0" + ] + + +@@ -2240,6 +2241,17 @@ def copy_python_src_ignore(path, names): + } + return ignored + +-#Windows doesn't have os.uname() but it doesn't support s390x. ++ ++# Windows doesn't have os.uname() but it doesn't support s390x. + skip_on_s390x = unittest.skipIf(hasattr(os, 'uname') and os.uname().machine == 's390x', + 'skipped on s390x') ++ ++ ++@functools.lru_cache ++def _is_expat_2_6_0(): ++ return hasattr(pyexpat.ParserCreate(), 'SetReparseDeferralEnabled') ++is_expat_2_6_0 = _is_expat_2_6_0() ++ ++fails_with_expat_2_6_0 = (unittest.expectedFailure ++ if is_expat_2_6_0 ++ else lambda test: test) +--- a/Lib/test/test_minidom.py ++++ b/Lib/test/test_minidom.py +@@ -6,7 +6,6 @@ import io + from test import support + import unittest + +-import pyexpat + import xml.dom.minidom + + from xml.dom.minidom import parse, Attr, Node, Document, parseString +@@ -1163,13 +1162,11 @@ class MinidomTest(unittest.TestCase): + + # Verify that character decoding errors raise exceptions instead + # of crashing +- if pyexpat.version_info >= (2, 4, 5): +- self.assertRaises(ExpatError, parseString, +- b'') +- self.assertRaises(ExpatError, parseString, +- b'Comment \xe7a va ? Tr\xe8s bien ?') +- else: +- self.assertRaises(UnicodeDecodeError, parseString, ++ # It doesn’t make any sense to insist on the exact text of the ++ # error message, or even the exact Exception … it is enough that ++ # the error has been discovered. ++ with self.assertRaises((UnicodeDecodeError, ExpatError)): ++ parseString( + b'Comment \xe7a va ? Tr\xe8s bien ?') + + doc.unlink() +@@ -1631,12 +1628,10 @@ class MinidomTest(unittest.TestCase): + self.confirm(doc2.namespaceURI == xml.dom.EMPTY_NAMESPACE) + + def testExceptionOnSpacesInXMLNSValue(self): +- if pyexpat.version_info >= (2, 4, 5): +- context = self.assertRaisesRegex(ExpatError, 'syntax error') +- else: +- context = self.assertRaisesRegex(ValueError, 'Unsupported syntax') +- +- with context: ++ # It doesn’t make any sense to insist on the exact text of the ++ # error message, or even the exact Exception … it is enough that ++ # the error has been discovered. ++ with self.assertRaises((ExpatError, ValueError)): + parseString('') + + def testDocRemoveChild(self): +--- a/Lib/test/test_pyexpat.py ++++ b/Lib/test/test_pyexpat.py +@@ -14,8 +14,7 @@ from test.support import os_helper + from xml.parsers import expat + from xml.parsers.expat import errors + +-from test.support import sortdict, is_emscripten, is_wasi +- ++from test.support import sortdict, is_emscripten, is_wasi, is_expat_2_6_0 + + class SetAttributeTest(unittest.TestCase): + def setUp(self): +@@ -770,9 +769,8 @@ class ReparseDeferralTest(unittest.TestC + self.assertIs(parser.GetReparseDeferralEnabled(), enabled) + + def test_reparse_deferral_enabled(self): +- if expat.version_info < (2, 6, 0): +- self.skipTest(f'Expat {expat.version_info} does not ' +- 'support reparse deferral') ++ if not is_expat_2_6_0: ++ self.skipTest("Linked libexpat doesn't support reparse deferral") + + started = [] + +@@ -801,9 +799,9 @@ class ReparseDeferralTest(unittest.TestC + + parser = expat.ParserCreate() + parser.StartElementHandler = start_element +- if expat.version_info >= (2, 6, 0): ++ if is_expat_2_6_0: + parser.SetReparseDeferralEnabled(False) +- self.assertFalse(parser.GetReparseDeferralEnabled()) ++ self.assertFalse(parser.GetReparseDeferralEnabled()) + + for chunk in (b''): + parser.Parse(chunk, False) +--- a/Lib/test/test_sax.py ++++ b/Lib/test/test_sax.py +@@ -19,13 +19,11 @@ from xml.sax.xmlreader import InputSourc + from io import BytesIO, StringIO + import codecs + import os.path +-import pyexpat + import shutil + import sys + from urllib.error import URLError + import urllib.request +-from test.support import os_helper +-from test.support import findfile ++from test.support import os_helper, findfile, is_expat_2_6_0 + from test.support.os_helper import FakePath, TESTFN + + +@@ -1215,10 +1213,10 @@ class ExpatReaderTest(XmlTestBase): + + self.assertEqual(result.getvalue(), start + b"text") + +- @unittest.skipIf(pyexpat.version_info < (2, 6, 0), +- f'Expat {pyexpat.version_info} does not ' +- 'support reparse deferral') + def test_flush_reparse_deferral_enabled(self): ++ if not is_expat_2_6_0: ++ self.skipTest("Linked libexpat doesn't support reparse deferral") ++ + result = BytesIO() + xmlgen = XMLGenerator(result) + parser = create_parser() +@@ -1241,6 +1239,9 @@ class ExpatReaderTest(XmlTestBase): + self.assertEqual(result.getvalue(), start + b"") + + def test_flush_reparse_deferral_disabled(self): ++ if not is_expat_2_6_0: ++ self.skipTest("Linked libexpat doesn't support reparse deferral") ++ + result = BytesIO() + xmlgen = XMLGenerator(result) + parser = create_parser() +@@ -1249,9 +1250,8 @@ class ExpatReaderTest(XmlTestBase): + for chunk in (""): + parser.feed(chunk) + +- if pyexpat.version_info >= (2, 6, 0): +- parser._parser.SetReparseDeferralEnabled(False) +- self.assertEqual(result.getvalue(), start) # i.e. no elements started ++ parser._parser.SetReparseDeferralEnabled(False) ++ self.assertEqual(result.getvalue(), start) # i.e. no elements started + + self.assertFalse(parser._parser.GetReparseDeferralEnabled()) + +--- a/Lib/test/test_xml_etree.py ++++ b/Lib/test/test_xml_etree.py +@@ -13,7 +13,6 @@ import itertools + import operator + import os + import pickle +-import pyexpat + import sys + import textwrap + import types +@@ -1424,12 +1423,6 @@ class XMLPullParserTest(unittest.TestCas + self.assert_event_tags(parser, [('end', 'root')]) + self.assertIsNone(parser.close()) + +- def test_simple_xml_chunk_1(self): +- self.test_simple_xml(chunk_size=1, flush=True) +- +- def test_simple_xml_chunk_5(self): +- self.test_simple_xml(chunk_size=5, flush=True) +- + def test_simple_xml_chunk_22(self): + self.test_simple_xml(chunk_size=22) + +@@ -1627,9 +1620,6 @@ class XMLPullParserTest(unittest.TestCas + with self.assertRaises(ValueError): + ET.XMLPullParser(events=('start', 'end', 'bogus')) + +- @unittest.skipIf(pyexpat.version_info < (2, 6, 0), +- f'Expat {pyexpat.version_info} does not ' +- 'support reparse deferral') + def test_flush_reparse_deferral_enabled(self): + parser = ET.XMLPullParser(events=('start', 'end')) + +@@ -1656,8 +1646,6 @@ class XMLPullParserTest(unittest.TestCas + + for chunk in (""): + parser.feed(chunk) +- +- if pyexpat.version_info >= (2, 6, 0): + if not ET is pyET: + self.skipTest(f'XMLParser.(Get|Set)ReparseDeferralEnabled ' + 'methods not available in C') diff --git a/CVE-2023-52425-remove-reparse_deferral-tests.patch b/CVE-2023-52425-remove-reparse_deferral-tests.patch new file mode 100644 index 0000000..553bdf8 --- /dev/null +++ b/CVE-2023-52425-remove-reparse_deferral-tests.patch @@ -0,0 +1,60 @@ +--- + Lib/test/test_pyexpat.py | 2 ++ + Lib/test/test_sax.py | 2 ++ + Lib/test/test_xml_etree.py | 2 ++ + 3 files changed, 6 insertions(+) + +--- a/Lib/test/test_pyexpat.py ++++ b/Lib/test/test_pyexpat.py +@@ -768,6 +768,7 @@ class ReparseDeferralTest(unittest.TestC + parser.SetReparseDeferralEnabled(True) + self.assertIs(parser.GetReparseDeferralEnabled(), enabled) + ++ @unittest.skip('Tests are failing.') + def test_reparse_deferral_enabled(self): + if not is_expat_2_6_0: + self.skipTest("Linked libexpat doesn't support reparse deferral") +@@ -791,6 +792,7 @@ class ReparseDeferralTest(unittest.TestC + + self.assertEqual(started, ['doc']) + ++ @unittest.skip('Tests are failing.') + def test_reparse_deferral_disabled(self): + started = [] + +--- a/Lib/test/test_sax.py ++++ b/Lib/test/test_sax.py +@@ -1213,6 +1213,7 @@ class ExpatReaderTest(XmlTestBase): + + self.assertEqual(result.getvalue(), start + b"text") + ++ @unittest.skip('Tests are failing.') + def test_flush_reparse_deferral_enabled(self): + if not is_expat_2_6_0: + self.skipTest("Linked libexpat doesn't support reparse deferral") +@@ -1238,6 +1239,7 @@ class ExpatReaderTest(XmlTestBase): + + self.assertEqual(result.getvalue(), start + b"") + ++ @unittest.skip('Tests are failing.') + def test_flush_reparse_deferral_disabled(self): + if not is_expat_2_6_0: + self.skipTest("Linked libexpat doesn't support reparse deferral") +--- a/Lib/test/test_xml_etree.py ++++ b/Lib/test/test_xml_etree.py +@@ -1620,6 +1620,7 @@ class XMLPullParserTest(unittest.TestCas + with self.assertRaises(ValueError): + ET.XMLPullParser(events=('start', 'end', 'bogus')) + ++ @unittest.skip('Tests are failing.') + def test_flush_reparse_deferral_enabled(self): + parser = ET.XMLPullParser(events=('start', 'end')) + +@@ -1641,6 +1642,7 @@ class XMLPullParserTest(unittest.TestCas + + self.assert_event_tags(parser, [('end', 'doc')]) + ++ @unittest.skip('Tests are failing.') + def test_flush_reparse_deferral_disabled(self): + parser = ET.XMLPullParser(events=('start', 'end')) + diff --git a/CVE-2024-9287-venv_path_unquoted.patch b/CVE-2024-9287-venv_path_unquoted.patch new file mode 100644 index 0000000..541a907 --- /dev/null +++ b/CVE-2024-9287-venv_path_unquoted.patch @@ -0,0 +1,299 @@ +From 1408cc9bf9e8b19968761548c30b78d37074c21c Mon Sep 17 00:00:00 2001 +From: Y5 <124019959+y5c4l3@users.noreply.github.com> +Date: Tue, 22 Oct 2024 04:48:04 +0800 +Subject: [PATCH] gh-124651: Quote template strings in `venv` activation + scripts (GH-124712) + +This patch properly quotes template strings in `venv` activation +scripts. This mitigates potential command injection. + +(cherry picked from commit d48cc82ed25e26b02eb97c6263d95dcaa1e9111b) +--- + Lib/test/test_venv.py | 81 ++++++++++ + Lib/venv/__init__.py | 42 ++++- + Lib/venv/scripts/common/activate | 8 + Lib/venv/scripts/nt/activate.bat | 6 + Lib/venv/scripts/posix/activate.csh | 8 + Lib/venv/scripts/posix/activate.fish | 8 + Misc/NEWS.d/next/Library/2024-09-28-02-03-04.gh-issue-124651.bLBGtH.rst | 1 + 7 files changed, 134 insertions(+), 20 deletions(-) + create mode 100644 Misc/NEWS.d/next/Library/2024-09-28-02-03-04.gh-issue-124651.bLBGtH.rst + +--- a/Lib/test/test_venv.py ++++ b/Lib/test/test_venv.py +@@ -11,6 +11,7 @@ import os + import os.path + import pathlib + import re ++import shlex + import shutil + import struct + import subprocess +@@ -96,6 +97,10 @@ class BaseTest(unittest.TestCase): + result = f.read() + return result + ++ def assertEndsWith(self, string, tail): ++ if not string.endswith(tail): ++ self.fail(f"String {string!r} does not end with {tail!r}") ++ + class BasicTest(BaseTest): + """Test venv module functionality.""" + +@@ -446,6 +451,82 @@ class BasicTest(BaseTest): + 'import sys; print(sys.executable)']) + self.assertEqual(out.strip(), envpy.encode()) + ++ # gh-124651: test quoted strings ++ @unittest.skipIf(os.name == 'nt', 'contains invalid characters on Windows') ++ def test_special_chars_bash(self): ++ """ ++ Test that the template strings are quoted properly (bash) ++ """ ++ rmtree(self.env_dir) ++ bash = shutil.which('bash') ++ if bash is None: ++ self.skipTest('bash required for this test') ++ env_name = '"\';&&$e|\'"' ++ env_dir = os.path.join(os.path.realpath(self.env_dir), env_name) ++ builder = venv.EnvBuilder(clear=True) ++ builder.create(env_dir) ++ activate = os.path.join(env_dir, self.bindir, 'activate') ++ test_script = os.path.join(self.env_dir, 'test_special_chars.sh') ++ with open(test_script, "w") as f: ++ f.write(f'source {shlex.quote(activate)}\n' ++ 'python -c \'import sys; print(sys.executable)\'\n' ++ 'python -c \'import os; print(os.environ["VIRTUAL_ENV"])\'\n' ++ 'deactivate\n') ++ out, err = check_output([bash, test_script]) ++ lines = out.splitlines() ++ self.assertTrue(env_name.encode() in lines[0]) ++ self.assertEndsWith(lines[1], env_name.encode()) ++ ++ # gh-124651: test quoted strings ++ @unittest.skipIf(os.name == 'nt', 'contains invalid characters on Windows') ++ def test_special_chars_csh(self): ++ """ ++ Test that the template strings are quoted properly (csh) ++ """ ++ rmtree(self.env_dir) ++ csh = shutil.which('tcsh') or shutil.which('csh') ++ if csh is None: ++ self.skipTest('csh required for this test') ++ env_name = '"\';&&$e|\'"' ++ env_dir = os.path.join(os.path.realpath(self.env_dir), env_name) ++ builder = venv.EnvBuilder(clear=True) ++ builder.create(env_dir) ++ activate = os.path.join(env_dir, self.bindir, 'activate.csh') ++ test_script = os.path.join(self.env_dir, 'test_special_chars.csh') ++ with open(test_script, "w") as f: ++ f.write(f'source {shlex.quote(activate)}\n' ++ 'python -c \'import sys; print(sys.executable)\'\n' ++ 'python -c \'import os; print(os.environ["VIRTUAL_ENV"])\'\n' ++ 'deactivate\n') ++ out, err = check_output([csh, test_script]) ++ lines = out.splitlines() ++ self.assertTrue(env_name.encode() in lines[0]) ++ self.assertEndsWith(lines[1], env_name.encode()) ++ ++ # gh-124651: test quoted strings on Windows ++ @unittest.skipUnless(os.name == 'nt', 'only relevant on Windows') ++ def test_special_chars_windows(self): ++ """ ++ Test that the template strings are quoted properly on Windows ++ """ ++ rmtree(self.env_dir) ++ env_name = "'&&^$e" ++ env_dir = os.path.join(os.path.realpath(self.env_dir), env_name) ++ builder = venv.EnvBuilder(clear=True) ++ builder.create(env_dir) ++ activate = os.path.join(env_dir, self.bindir, 'activate.bat') ++ test_batch = os.path.join(self.env_dir, 'test_special_chars.bat') ++ with open(test_batch, "w") as f: ++ f.write('@echo off\n' ++ f'"{activate}" & ' ++ f'{self.exe} -c "import sys; print(sys.executable)" & ' ++ f'{self.exe} -c "import os; print(os.environ[\'VIRTUAL_ENV\'])" & ' ++ 'deactivate') ++ out, err = check_output([test_batch]) ++ lines = out.splitlines() ++ self.assertTrue(env_name.encode() in lines[0]) ++ self.assertEndsWith(lines[1], env_name.encode()) ++ + @unittest.skipUnless(os.name == 'nt', 'only relevant on Windows') + def test_unicode_in_batch_file(self): + """ +--- a/Lib/venv/__init__.py ++++ b/Lib/venv/__init__.py +@@ -11,6 +11,7 @@ import subprocess + import sys + import sysconfig + import types ++import shlex + + + CORE_VENV_DEPS = ('pip', 'setuptools') +@@ -394,11 +395,41 @@ class EnvBuilder: + :param context: The information for the environment creation request + being processed. + """ +- text = text.replace('__VENV_DIR__', context.env_dir) +- text = text.replace('__VENV_NAME__', context.env_name) +- text = text.replace('__VENV_PROMPT__', context.prompt) +- text = text.replace('__VENV_BIN_NAME__', context.bin_name) +- text = text.replace('__VENV_PYTHON__', context.env_exe) ++ replacements = { ++ '__VENV_DIR__': context.env_dir, ++ '__VENV_NAME__': context.env_name, ++ '__VENV_PROMPT__': context.prompt, ++ '__VENV_BIN_NAME__': context.bin_name, ++ '__VENV_PYTHON__': context.env_exe, ++ } ++ ++ def quote_ps1(s): ++ """ ++ This should satisfy PowerShell quoting rules [1], unless the quoted ++ string is passed directly to Windows native commands [2]. ++ [1]: https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_quoting_rules ++ [2]: https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_parsing#passing-arguments-that-contain-quote-characters ++ """ ++ s = s.replace("'", "''") ++ return f"'{s}'" ++ ++ def quote_bat(s): ++ return s ++ ++ # gh-124651: need to quote the template strings properly ++ quote = shlex.quote ++ script_path = context.script_path ++ if script_path.endswith('.ps1'): ++ quote = quote_ps1 ++ elif script_path.endswith('.bat'): ++ quote = quote_bat ++ else: ++ # fallbacks to POSIX shell compliant quote ++ quote = shlex.quote ++ ++ replacements = {key: quote(s) for key, s in replacements.items()} ++ for key, quoted in replacements.items(): ++ text = text.replace(key, quoted) + return text + + def install_scripts(self, context, path): +@@ -438,6 +469,7 @@ class EnvBuilder: + with open(srcfile, 'rb') as f: + data = f.read() + if not srcfile.endswith(('.exe', '.pdb')): ++ context.script_path = srcfile + try: + data = data.decode('utf-8') + data = self.replace_variables(data, context) +--- a/Lib/venv/scripts/common/activate ++++ b/Lib/venv/scripts/common/activate +@@ -35,11 +35,11 @@ deactivate () { + # unset irrelevant variables + deactivate nondestructive + +-VIRTUAL_ENV="__VENV_DIR__" ++VIRTUAL_ENV=__VENV_DIR__ + export VIRTUAL_ENV + + _OLD_VIRTUAL_PATH="$PATH" +-PATH="$VIRTUAL_ENV/__VENV_BIN_NAME__:$PATH" ++PATH="$VIRTUAL_ENV/"__VENV_BIN_NAME__":$PATH" + export PATH + + # unset PYTHONHOME if set +@@ -52,9 +52,9 @@ fi + + if [ -z "${VIRTUAL_ENV_DISABLE_PROMPT:-}" ] ; then + _OLD_VIRTUAL_PS1="${PS1:-}" +- PS1="__VENV_PROMPT__${PS1:-}" ++ PS1=__VENV_PROMPT__"${PS1:-}" + export PS1 +- VIRTUAL_ENV_PROMPT="__VENV_PROMPT__" ++ VIRTUAL_ENV_PROMPT=__VENV_PROMPT__ + export VIRTUAL_ENV_PROMPT + fi + +--- a/Lib/venv/scripts/nt/activate.bat ++++ b/Lib/venv/scripts/nt/activate.bat +@@ -8,7 +8,7 @@ if defined _OLD_CODEPAGE ( + "%SystemRoot%\System32\chcp.com" 65001 > nul + ) + +-set VIRTUAL_ENV=__VENV_DIR__ ++set "VIRTUAL_ENV=__VENV_DIR__" + + if not defined PROMPT set PROMPT=$P$G + +@@ -24,8 +24,8 @@ set PYTHONHOME= + if defined _OLD_VIRTUAL_PATH set PATH=%_OLD_VIRTUAL_PATH% + if not defined _OLD_VIRTUAL_PATH set _OLD_VIRTUAL_PATH=%PATH% + +-set PATH=%VIRTUAL_ENV%\__VENV_BIN_NAME__;%PATH% +-set VIRTUAL_ENV_PROMPT=__VENV_PROMPT__ ++set "PATH=%VIRTUAL_ENV%\__VENV_BIN_NAME__;%PATH%" ++set "VIRTUAL_ENV_PROMPT=__VENV_PROMPT__" + + :END + if defined _OLD_CODEPAGE ( +--- a/Lib/venv/scripts/posix/activate.csh ++++ b/Lib/venv/scripts/posix/activate.csh +@@ -8,17 +8,17 @@ alias deactivate 'test $?_OLD_VIRTUAL_PA + # Unset irrelevant variables. + deactivate nondestructive + +-setenv VIRTUAL_ENV "__VENV_DIR__" ++setenv VIRTUAL_ENV __VENV_DIR__ + + set _OLD_VIRTUAL_PATH="$PATH" +-setenv PATH "$VIRTUAL_ENV/__VENV_BIN_NAME__:$PATH" ++setenv PATH "$VIRTUAL_ENV/"__VENV_BIN_NAME__":$PATH" + + + set _OLD_VIRTUAL_PROMPT="$prompt" + + if (! "$?VIRTUAL_ENV_DISABLE_PROMPT") then +- set prompt = "__VENV_PROMPT__$prompt" +- setenv VIRTUAL_ENV_PROMPT "__VENV_PROMPT__" ++ set prompt = __VENV_PROMPT__"$prompt" ++ setenv VIRTUAL_ENV_PROMPT __VENV_PROMPT__ + endif + + alias pydoc python -m pydoc +--- a/Lib/venv/scripts/posix/activate.fish ++++ b/Lib/venv/scripts/posix/activate.fish +@@ -33,10 +33,10 @@ end + # Unset irrelevant variables. + deactivate nondestructive + +-set -gx VIRTUAL_ENV "__VENV_DIR__" ++set -gx VIRTUAL_ENV __VENV_DIR__ + + set -gx _OLD_VIRTUAL_PATH $PATH +-set -gx PATH "$VIRTUAL_ENV/__VENV_BIN_NAME__" $PATH ++set -gx PATH "$VIRTUAL_ENV/"__VENV_BIN_NAME__ $PATH + + # Unset PYTHONHOME if set. + if set -q PYTHONHOME +@@ -56,7 +56,7 @@ if test -z "$VIRTUAL_ENV_DISABLE_PROMPT" + set -l old_status $status + + # Output the venv prompt; color taken from the blue of the Python logo. +- printf "%s%s%s" (set_color 4B8BBE) "__VENV_PROMPT__" (set_color normal) ++ printf "%s%s%s" (set_color 4B8BBE) __VENV_PROMPT__ (set_color normal) + + # Restore the return status of the previous command. + echo "exit $old_status" | . +@@ -65,5 +65,5 @@ if test -z "$VIRTUAL_ENV_DISABLE_PROMPT" + end + + set -gx _OLD_FISH_PROMPT_OVERRIDE "$VIRTUAL_ENV" +- set -gx VIRTUAL_ENV_PROMPT "__VENV_PROMPT__" ++ set -gx VIRTUAL_ENV_PROMPT __VENV_PROMPT__ + end +--- /dev/null ++++ b/Misc/NEWS.d/next/Library/2024-09-28-02-03-04.gh-issue-124651.bLBGtH.rst +@@ -0,0 +1 @@ ++Properly quote template strings in :mod:`venv` activation scripts. diff --git a/F00251-change-user-install-location.patch b/F00251-change-user-install-location.patch new file mode 100644 index 0000000..fa38a94 --- /dev/null +++ b/F00251-change-user-install-location.patch @@ -0,0 +1,215 @@ +From 910f38d9768d39d4d31426743ae4081ed1ab66b6 Mon Sep 17 00:00:00 2001 +From: Michal Cyprian +Date: Mon, 26 Jun 2017 16:32:56 +0200 +Subject: [PATCH] 00251: Change user install location + +Set values of prefix and exec_prefix in distutils install command +to /usr/local if executable is /usr/bin/python* and RPM build +is not detected to make pip and distutils install into separate location. + +Fedora Change: https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe +--- + Lib/distutils/command/install.py | 15 +++++++++++++-- + Lib/site.py | 9 ++++++++- + 2 files changed, 21 insertions(+), 3 deletions(-) + +Index: Python-3.11.8/Lib/distutils/command/install.py +=================================================================== +--- Python-3.11.8.orig/Lib/distutils/command/install.py ++++ Python-3.11.8/Lib/distutils/command/install.py +@@ -441,8 +441,19 @@ class install(Command): + raise DistutilsOptionError( + "must not supply exec-prefix without prefix") + +- self.prefix = os.path.normpath(sys.prefix) +- self.exec_prefix = os.path.normpath(sys.exec_prefix) ++ # self.prefix is set to sys.prefix + /local/ ++ # if neither RPM build nor virtual environment is ++ # detected to make pip and distutils install packages ++ # into the separate location. ++ if (not (hasattr(sys, 'real_prefix') or ++ sys.prefix != sys.base_prefix) and ++ 'RPM_BUILD_ROOT' not in os.environ): ++ addition = "/local" ++ else: ++ addition = "" ++ ++ self.prefix = os.path.normpath(sys.prefix) + addition ++ self.exec_prefix = os.path.normpath(sys.exec_prefix) + addition + + else: + if self.exec_prefix is None: +Index: Python-3.11.8/Lib/site.py +=================================================================== +--- Python-3.11.8.orig/Lib/site.py ++++ Python-3.11.8/Lib/site.py +@@ -387,8 +387,15 @@ def getsitepackages(prefixes=None): + return sitepackages + + def addsitepackages(known_paths, prefixes=None): +- """Add site-packages to sys.path""" ++ """Add site-packages to sys.path ++ ++ '/usr/local' is included in PREFIXES if RPM build is not detected ++ to make packages installed into this location visible. ++ ++ """ + _trace("Processing global site-packages") ++ if ENABLE_USER_SITE and 'RPM_BUILD_ROOT' not in os.environ: ++ PREFIXES.insert(0, "/usr/local") + for sitedir in getsitepackages(prefixes): + if os.path.isdir(sitedir): + addsitedir(sitedir, known_paths) + +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= +Date: Mon, 15 Feb 2021 12:19:27 +0100 +Subject: [PATCH] 00251: Change user install location +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Set values of base and platbase in sysconfig from /usr +to /usr/local when RPM build is not detected +to make pip and similar tools install into separate location. + +Fedora Change: https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe +Downstream only. + +We've tried to rework in Fedora 36/Python 3.10 to follow https://bugs.python.org/issue43976 +but we have identified serious problems with that approach, +see https://bugzilla.redhat.com/2026979 or https://bugzilla.redhat.com/2097183 + +pypa/distutils integration: https://github.com/pypa/distutils/pull/70 + +Co-authored-by: Petr Viktorin +Co-authored-by: Miro Hrončok +Co-authored-by: Michal Cyprian +Co-authored-by: Lumír Balhar +--- + Lib/site.py | 9 ++++++- + Lib/sysconfig.py | 49 +++++++++++++++++++++++++++++++++++++- + Lib/test/test_sysconfig.py | 17 +++++++++++-- + 3 files changed, 71 insertions(+), 4 deletions(-) + +Index: Python-3.11.9/Lib/sysconfig.py +=================================================================== +--- Python-3.11.9.orig/Lib/sysconfig.py ++++ Python-3.11.9/Lib/sysconfig.py +@@ -103,6 +103,11 @@ if os.name == 'nt': + else: + _INSTALL_SCHEMES['venv'] = _INSTALL_SCHEMES['posix_venv'] + ++# For a brief period of time in the Fedora 36 life cycle, ++# this installation scheme existed and was documented in the release notes. ++# For backwards compatibility, we keep it here (at least on 3.10 and 3.11). ++_INSTALL_SCHEMES['rpm_prefix'] = _INSTALL_SCHEMES['posix_prefix'] ++ + + # NOTE: site.py has copy of this function. + # Sync it when modify this function. +@@ -162,6 +167,19 @@ if _HAS_USER_BASE: + }, + } + ++# This is used by distutils.command.install in the stdlib ++# as well as pypa/distutils (e.g. bundled in setuptools). ++# The self.prefix value is set to sys.prefix + /local/ ++# if neither RPM build nor virtual environment is ++# detected to make distutils install packages ++# into the separate location. ++# https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe ++if (not (hasattr(sys, 'real_prefix') or ++ sys.prefix != sys.base_prefix) and ++ 'RPM_BUILD_ROOT' not in os.environ): ++ _prefix_addition = '/local' ++ ++ + _SCHEME_KEYS = ('stdlib', 'platstdlib', 'purelib', 'platlib', 'include', + 'scripts', 'data') + +@@ -258,11 +276,40 @@ def _extend_dict(target_dict, other_dict + target_dict[key] = value + + ++_CONFIG_VARS_LOCAL = None ++ ++ ++def _config_vars_local(): ++ # This function returns the config vars with prefixes amended to /usr/local ++ # https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe ++ global _CONFIG_VARS_LOCAL ++ if _CONFIG_VARS_LOCAL is None: ++ _CONFIG_VARS_LOCAL = dict(get_config_vars()) ++ _CONFIG_VARS_LOCAL['base'] = '/usr/local' ++ _CONFIG_VARS_LOCAL['platbase'] = '/usr/local' ++ return _CONFIG_VARS_LOCAL ++ ++ + def _expand_vars(scheme, vars): + res = {} + if vars is None: + vars = {} +- _extend_dict(vars, get_config_vars()) ++ ++ # when we are not in a virtual environment or an RPM build ++ # we change '/usr' to '/usr/local' ++ # to avoid surprises, we explicitly check for the /usr/ prefix ++ # Python virtual environments have different prefixes ++ # we only do this for posix_prefix, not to mangle the venv scheme ++ # posix_prefix is used by sudo pip install ++ # we only change the defaults here, so explicit --prefix will take precedence ++ # https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe ++ if (scheme == 'posix_prefix' and ++ _PREFIX == '/usr' and ++ 'RPM_BUILD_ROOT' not in os.environ): ++ _extend_dict(vars, _config_vars_local()) ++ else: ++ _extend_dict(vars, get_config_vars()) ++ + if os.name == 'nt': + # On Windows we want to substitute 'lib' for schemes rather + # than the native value (without modifying vars, in case it +Index: Python-3.11.9/Lib/test/test_sysconfig.py +=================================================================== +--- Python-3.11.9.orig/Lib/test/test_sysconfig.py ++++ Python-3.11.9/Lib/test/test_sysconfig.py +@@ -111,8 +111,19 @@ class TestSysConfig(unittest.TestCase): + for scheme in _INSTALL_SCHEMES: + for name in _INSTALL_SCHEMES[scheme]: + expected = _INSTALL_SCHEMES[scheme][name].format(**config_vars) ++ tested = get_path(name, scheme) ++ # https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe ++ if tested.startswith('/usr/local'): ++ # /usr/local should only be used in posix_prefix ++ self.assertEqual(scheme, 'posix_prefix') ++ # Fedora CI runs tests for venv and virtualenv that check for other prefixes ++ self.assertEqual(sys.prefix, '/usr') ++ # When building the RPM of Python, %check runs this with RPM_BUILD_ROOT set ++ # Fedora CI runs this with RPM_BUILD_ROOT unset ++ self.assertNotIn('RPM_BUILD_ROOT', os.environ) ++ tested = tested.replace('/usr/local', '/usr') + self.assertEqual( +- os.path.normpath(get_path(name, scheme)), ++ os.path.normpath(tested), + os.path.normpath(expected), + ) + +@@ -345,7 +356,7 @@ class TestSysConfig(unittest.TestCase): + self.assertTrue(os.path.isfile(config_h), config_h) + + def test_get_scheme_names(self): +- wanted = ['nt', 'posix_home', 'posix_prefix', 'posix_venv', 'nt_venv', 'venv'] ++ wanted = ['nt', 'posix_home', 'posix_prefix', 'posix_venv', 'nt_venv', 'venv', 'rpm_prefix'] + if HAS_USER_BASE: + wanted.extend(['nt_user', 'osx_framework_user', 'posix_user']) + self.assertEqual(get_scheme_names(), tuple(sorted(wanted))) +@@ -357,6 +368,8 @@ class TestSysConfig(unittest.TestCase): + cmd = "-c", "import sysconfig; print(sysconfig.get_platform())" + self.assertEqual(py.call_real(*cmd), py.call_link(*cmd)) + ++ @unittest.skipIf('RPM_BUILD_ROOT' not in os.environ, ++ "Test doesn't expect Fedora's paths") + def test_user_similar(self): + # Issue #8759: make sure the posix scheme for the users + # is similar to the global posix_prefix one diff --git a/PACKAGING-NOTES b/PACKAGING-NOTES new file mode 100644 index 0000000..e28c88c --- /dev/null +++ b/PACKAGING-NOTES @@ -0,0 +1,26 @@ +Notes for packagers of Python3 +============================== + +0. Faster build turnaround +-------------------------- + +By default, python builds with profile-guided optimization. This needs +an additional run of the test suite and it is generally slow. +PGO build takes around 50 minutes. + +For development, use "--without profileopt" option to disable PGO. This +shortens the build time to ~5 minutes including test suite. + +1. import_failed.map +---------------------- + +This is a mechanism installed as part of python3-base, that places shim modules +on python's path (through a generated zzzz-import-failed-hooks.pth file, so that +it is imported as much at the end as makes sense; and an _import_failed subdir +of /usr/lib/pythonX.Y). Then when the user tries to import a module that is part +of a subpackage, the ImportError will contain a helpful message telling them +which missing subpackage to install. + +This can sometimes cause problems on non-standard configurations, if the pth +gets included too early (for instance if you are using a script to include all +pths by hand in some strange order). Just something to look out for. diff --git a/Python-3.11.10.tar.xz b/Python-3.11.10.tar.xz new file mode 100644 index 0000000..f87e7ad --- /dev/null +++ b/Python-3.11.10.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:07a4356e912900e61a15cb0949a06c4a05012e213ecd6b4e84d0f67aabbee372 +size 20067656 diff --git a/Python-3.11.10.tar.xz.asc b/Python-3.11.10.tar.xz.asc new file mode 100644 index 0000000..243d1b1 --- /dev/null +++ b/Python-3.11.10.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEz9yiRbEEPPKl+Xhl/+h0BBaL2EcFAmbbrO0ACgkQ/+h0BBaL +2Ec+YBAAnQJLKYPjj7Yr7xkFU655Sv86JxeRAdWjnIapbiIuWg3Up8Pd8FTRgHGf +3XdTHw7b03lSjtzJwavzdnDklqAlBIGn9dVieljUIN7NYyNxoYOr/AiatimgSwv7 +dI5mfun5fLKV6ZcdNdQN5PJ3RZtF3I7VfkN2mlfZJHtxl1agdU/TfW2L+qJ7+JPY +cayjq2xKTLRNXOf2iV29GRRovLiqA+Dx0+cAwsScwreHMp3U4k3GkeHVoR6fldV4 +bVAM8GRl3CYVFePiqAbamKP1BSys44JOINWbWyd94JxzEAwXWz//Es0h73AzeRfK +ueORqzdoOGrVc74+HGlAHhqO1Gg7jMMmtkzCEuav+cGHYnMRMOngGR3q47aTJTVb +5UdP0oD4OlADPFVa6q0LCqN/IFlebWMh9pXYw7Wpek63oNuZHTfNPq4S1AUM2HJm +C3yzaOG9VAdYfLneJC4ldY4CVt1FKckfaXp5OAaMr71DI74e4CcEswlUupZJLZKV +TJRjQD15bnXGhHDqU4w3RmzpCWMh2mf4m4VMYQyObl3TtlX+gVvzIhDS5+mXqutB +F1pdXwaHHkTb2PLLxpwOGrnsp8XoW74tsylcYirQg8jSFMbgxfwgIjEIuRGXeDkT +B4QzmQ4SxsbLiH7etV6Fznl1h569Z4DO9OOs4i0ZzIjdhPDQtAs= +=TatG +-----END PGP SIGNATURE----- diff --git a/Python-3.11.11.tar.xz b/Python-3.11.11.tar.xz new file mode 100644 index 0000000..e0581b1 --- /dev/null +++ b/Python-3.11.11.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:2a9920c7a0cd236de33644ed980a13cbbc21058bfdc528febb6081575ed73be3 +size 20085792 diff --git a/Python-3.11.11.tar.xz.sigstore b/Python-3.11.11.tar.xz.sigstore new file mode 100644 index 0000000..782816a --- /dev/null +++ b/Python-3.11.11.tar.xz.sigstore @@ -0,0 +1 @@ +{"mediaType": "application/vnd.dev.sigstore.bundle.v0.3+json", "verificationMaterial": {"certificate": {"rawBytes": "MIICzDCCAlOgAwIBAgIUWcRolJPsPmtJKA6VkjHSj7PtjY8wCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjQxMjAzMTgxOTA1WhcNMjQxMjAzMTgyOTA1WjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEN+fBJCRZIAZiWPBdjyQVD+x5vgmjuuVct1HkPHIBMuEe7wI4mBG2BhJ3fHkpr97efIH6ELMmPV99edyAIZFXR6OCAXIwggFuMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUkutZdHfCCSvGI87mjnBRwZB8ihYwHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4YZD8wIgYDVR0RAQH/BBgwFoEUcGFibG9nc2FsQHB5dGhvbi5vcmcwKQYKKwYBBAGDvzABAQQbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMCsGCisGAQQBg78wAQgEHQwbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMIGKBgorBgEEAdZ5AgQCBHwEegB4AHYA3T0wasbHETJjGR4cmWc3AqJKXrjePK3/h4pygC8p7o4AAAGTjb9QlwAABAMARzBFAiEA4ddSINhYM+p0+DGzRqnA8rVtJF9YgI+9znXiq9fqQNkCIEErcSnQmN8jjErhwWWtcTM5GgH4ka/uk5kdHTycwxj3MAoGCCqGSM49BAMDA2cAMGQCMFmkCEH2pCBpFeFiUi2uA4opcJP6vh/zqb+D0tbxqd+jwbBkuDxDqA9/Ao3UWop+twIwO9o71KAlYWPSPYMeZERM4R8zWlp9mVJPiK3tgOJJi40MNmxwtfsQeQtncqiQLBAH"}, "tlogEntries": [{"logIndex": "153122039", "logId": {"keyId": "wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="}, "kindVersion": {"kind": "hashedrekord", "version": "0.0.1"}, "integratedTime": "1733249946", "inclusionPromise": {"signedEntryTimestamp": "MEUCIBL9zpVJtljIuZtAe8uptLfDmakmbAjy5ELp2q8WJTQ7AiEAv6lIpyJZycHwTS+JHYJFzMVv0SmA8yQ0eMneBivMhPY="}, "inclusionProof": {"logIndex": "31217777", "rootHash": "BMKHBPePzSbNqf2NyF/Ejuyy3troRGpNS41Dqe43nZ0=", "treeSize": "31217778", "hashes": ["lrr8dxmtgD09fnZTo1tMTY00HNKc2ZIpbZa1djDeTes=", "yFxGSg1RDbtZ/eNftnMdBJGNEZmmLyx2ZRDFtAIMHAk=", "GeqsQGnvgc+gcuaIC+vQ5b0RdTyBxBnYTpbeW2AeD+Q=", "dMTPeN/a9xCQQP+Hz7sddW0pPj8n54sfkhcf3XhjrMM=", "XjayhjKU3shP7q7lhmhKDv3Vpi4gJgAPCu0KlEzc9Qo=", "go1dmexQYS5etu69upRRX7IFvuA0rIcT9aYjMstmPIU=", "AYwr74Bm2w383UnS7DdbZUUAhusq28JoxKpWrQ7OvGQ=", "u+yWmGIR6sAH32wiSy22mz1Yf+jfPdBTjFbyRISuTZw=", "3eFC7Gp4fWecybDOAw9uUTrM1xB7YRYRAGsfYkiQbV8=", "1uKk2qjOliHMiTk906jrchP8mXWsRG8apaU1sa0lfh0=", "oOecFfN3YqDOkbijS/ej1WF5Da/Gt/AZNhbwE9uoOE8=", "4lUF0YOu9XkIDXKXA0wMSzd6VeDY3TZAgmoOeWmS2+Y=", "gf+9m552B3PnkWnO0o4KdVvjcT3WVHLrCbf1DoVYKFw="], "checkpoint": {"envelope": "rekor.sigstore.dev - 1193050959916656506\n31217778\nBMKHBPePzSbNqf2NyF/Ejuyy3troRGpNS41Dqe43nZ0=\n\n\u2014 rekor.sigstore.dev wNI9ajBEAiA7ed0HqugBwVpmxDAR1VN35J91/+DeRdj09y5lFY+bRwIgYe07JnZlJvp3MfAMXX3i4XBsZoDRZoXtwfBaRj/8x8s=\n"}}, "canonicalizedBody": "eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiaGFzaGVkcmVrb3JkIiwic3BlYyI6eyJkYXRhIjp7Imhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiIyYTk5MjBjN2EwY2QyMzZkZTMzNjQ0ZWQ5ODBhMTNjYmJjMjEwNThiZmRjNTI4ZmViYjYwODE1NzVlZDczYmUzIn19LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FVUNJRU5KSGllaWs5WkVibW83a0p4ZUhWY2FvVDVYOUxyWG1zRTVxc1I5R1JpSEFpRUFtcHZyV21vUHF5YzRpQ09VYXVmY3dKTllMK1lPTWU0b0NOaWRLVGduT1FBPSIsInB1YmxpY0tleSI6eyJjb250ZW50IjoiTFMwdExTMUNSVWRKVGlCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2sxSlNVTjZSRU5EUVd4UFowRjNTVUpCWjBsVlYyTlNiMnhLVUhOUWJYUktTMEUyVm10cVNGTnFOMUIwYWxrNGQwTm5XVWxMYjFwSmVtb3dSVUYzVFhjS1RucEZWazFDVFVkQk1WVkZRMmhOVFdNeWJHNWpNMUoyWTIxVmRWcEhWakpOVWpSM1NFRlpSRlpSVVVSRmVGWjZZVmRrZW1SSE9YbGFVekZ3WW01U2JBcGpiVEZzV2tkc2FHUkhWWGRJYUdOT1RXcFJlRTFxUVhwTlZHZDRUMVJCTVZkb1kwNU5hbEY0VFdwQmVrMVVaM2xQVkVFeFYycEJRVTFHYTNkRmQxbElDa3R2V2tsNmFqQkRRVkZaU1V0dldrbDZhakJFUVZGalJGRm5RVVZPSzJaQ1NrTlNXa2xCV21sWFVFSmthbmxSVmtRcmVEVjJaMjFxZFhWV1kzUXhTR3NLVUVoSlFrMTFSV1UzZDBrMGJVSkhNa0pvU2pObVNHdHdjamszWldaSlNEWkZURTF0VUZZNU9XVmtlVUZKV2taWVVqWlBRMEZZU1hkblowWjFUVUUwUndwQk1WVmtSSGRGUWk5M1VVVkJkMGxJWjBSQlZFSm5UbFpJVTFWRlJFUkJTMEpuWjNKQ1owVkdRbEZqUkVGNlFXUkNaMDVXU0ZFMFJVWm5VVlZyZFhSYUNtUklaa05EVTNaSFNUZzNiV3B1UWxKM1drSTRhV2haZDBoM1dVUldVakJxUWtKbmQwWnZRVlV6T1ZCd2VqRlphMFZhWWpWeFRtcHdTMFpYYVhocE5Ga0tXa1E0ZDBsbldVUldVakJTUVZGSUwwSkNaM2RHYjBWVlkwZEdhV0pIT1c1ak1rWnpVVWhDTldSSGFIWmlhVFYyWTIxamQwdFJXVXRMZDFsQ1FrRkhSQXAyZWtGQ1FWRlJZbUZJVWpCalNFMDJUSGs1YUZreVRuWmtWelV3WTNrMWJtSXlPVzVpUjFWMVdUSTVkRTFEYzBkRGFYTkhRVkZSUW1jM09IZEJVV2RGQ2toUmQySmhTRkl3WTBoTk5reDVPV2haTWs1MlpGYzFNR041Tlc1aU1qbHVZa2RWZFZreU9YUk5TVWRMUW1kdmNrSm5SVVZCWkZvMVFXZFJRMEpJZDBVS1pXZENORUZJV1VFelZEQjNZWE5pU0VWVVNtcEhValJqYlZkak0wRnhTa3RZY21wbFVFc3pMMmcwY0hsblF6aHdOMjgwUVVGQlIxUnFZamxSYkhkQlFRcENRVTFCVW5wQ1JrRnBSVUUwWkdSVFNVNW9XVTByY0RBclJFZDZVbkZ1UVRoeVZuUktSamxaWjBrck9YcHVXR2x4T1daeFVVNXJRMGxGUlhKalUyNVJDbTFPT0dwcVJYSm9kMWRYZEdOVVRUVkhaMGcwYTJFdmRXczFhMlJJVkhsamQzaHFNMDFCYjBkRFEzRkhVMDAwT1VKQlRVUkJNbU5CVFVkUlEwMUdiV3NLUTBWSU1uQkRRbkJHWlVacFZXa3lkVUUwYjNCalNsQTJkbWd2ZW5GaUswUXdkR0o0Y1dRcmFuZGlRbXQxUkhoRWNVRTVMMEZ2TTFWWGIzQXJkSGRKZHdwUE9XODNNVXRCYkZsWFVGTlFXVTFsV2tWU1RUUlNPSHBYYkhBNWJWWktVR2xMTTNSblQwcEthVFF3VFU1dGVIZDBabk5SWlZGMGJtTnhhVkZNUWtGSUNpMHRMUzB0UlU1RUlFTkZVbFJKUmtsRFFWUkZMUzB0TFMwSyJ9fX19"}]}, "messageSignature": {"messageDigest": {"algorithm": "SHA2_256", "digest": "Kpkgx6DNI23jNkTtmAoTy7whBYv9xSj+u2CBV17XO+M="}, "signature": "MEUCIENJHieik9ZEbmo7kJxeHVcaoT5X9LrXmsE5qsR9GRiHAiEAmpvrWmoPqyc4iCOUaufcwJNYL+YOMe4oCNidKTgnOQA="}} diff --git a/README.SUSE b/README.SUSE new file mode 100644 index 0000000..0053bcf --- /dev/null +++ b/README.SUSE @@ -0,0 +1,43 @@ +Python 3 in SUSE +============== + +* Subpackages * + +Python 3 is split into several subpackages, based on external dependencies. +The main package 'python3' has soft dependencies on all subpackages needed to +assemble the standard library; however, these might not all be installed by default. + +If you attempt to import a module that is currently not installed, an ImportError is thrown, +with instructions to install the missing subpackage. Installing the subpackage might result +in installing libraries that the subpackage requires to function. + + +* ensurepip * + +The 'ensurepip' module from Python 3 standard library (PEP 453) is supposed to deploy +a bundled copy of the pip installer. This makes no sense in a managed distribution like SUSE. +Instead, you need to install package 'python3-pip'. Usually this will be installed automatically +with 'python3'. + +Using 'ensurepip' when pip is not installed will result in an ImportError with instructions +to install 'python3-pip'. + + +* Documentation * + +You can find documentation in seprarate packages: python3-doc and +python3-doc-pdf. These contan following documents: + + Tutorial, What's New in Python, Global Module Index, Library Reference, + Macintosh Module Reference, Installing Python Modules, Distributing Python + Modules, Language Reference, Extending and Embedding, Python/C API, + Documenting Python + +The python3-doc package constains many text files from source tarball. + + +* Interactive mode * + +Interactive mode is by default enhanced with of history and command completion. +If you don't like these features, you can unset the PYTHONSTARTUP variable +in your .profile or disable it system wide in /etc/profile.d/python.sh. diff --git a/_multibuild b/_multibuild new file mode 100644 index 0000000..1d50bc4 --- /dev/null +++ b/_multibuild @@ -0,0 +1,4 @@ + + base + doc + diff --git a/add-loongarch64-support.patch b/add-loongarch64-support.patch new file mode 100644 index 0000000..f0c8035 --- /dev/null +++ b/add-loongarch64-support.patch @@ -0,0 +1,25 @@ +Description: Add platform triplets for LoongArch. + +--- a/configure.ac ++++ b/configure.ac +@@ -976,6 +976,20 @@ cat > conftest.c <=6) && defined(_MIPSEL) diff --git a/baselibs.conf b/baselibs.conf new file mode 100644 index 0000000..1793de8 --- /dev/null +++ b/baselibs.conf @@ -0,0 +1,3 @@ +python311-base +python311 +libpython3_11-1_0 diff --git a/bluez-devel-vendor.tar.xz b/bluez-devel-vendor.tar.xz new file mode 100644 index 0000000..57fb3e5 --- /dev/null +++ b/bluez-devel-vendor.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:868fbfba2ddaed62f2c45cf869fe2c648527ac3bac738f4f41f3c2872f5b0211 +size 25040 diff --git a/bpo-31046_ensurepip_honours_prefix.patch b/bpo-31046_ensurepip_honours_prefix.patch new file mode 100644 index 0000000..86882ae --- /dev/null +++ b/bpo-31046_ensurepip_honours_prefix.patch @@ -0,0 +1,173 @@ +From 5754521af1d51aa8e445cba07a093bbc0c88596d Mon Sep 17 00:00:00 2001 +From: Zackery Spytz +Date: Mon, 16 Dec 2019 18:24:08 -0700 +Subject: [PATCH] bpo-31046: ensurepip does not honour the value of $(prefix) + +Co-Authored-By: Xavier de Gaye +--- + Doc/library/ensurepip.rst | 9 +++-- + Lib/ensurepip/__init__.py | 18 +++++++--- + Lib/test/test_ensurepip.py | 11 ++++++ + Makefile.pre.in | 4 +- + Misc/NEWS.d/next/Build/2019-12-16-17-50-42.bpo-31046.XA-Qfr.rst | 1 + 5 files changed, 34 insertions(+), 9 deletions(-) + create mode 100644 Misc/NEWS.d/next/Build/2019-12-16-17-50-42.bpo-31046.XA-Qfr.rst + +Index: Python-3.11.8/Doc/library/ensurepip.rst +=================================================================== +--- Python-3.11.8.orig/Doc/library/ensurepip.rst ++++ Python-3.11.8/Doc/library/ensurepip.rst +@@ -59,7 +59,9 @@ is at least as recent as the one availab + By default, ``pip`` is installed into the current virtual environment + (if one is active) or into the system site packages (if there is no + active virtual environment). The installation location can be controlled +-through two additional command line options: ++through some additional command line options: ++ ++* ``--prefix ``: Installs ``pip`` using the given directory prefix. + + * :samp:`--root {dir}`: Installs ``pip`` relative to the given root directory + rather than the root of the currently active virtual environment (if any) +@@ -92,7 +94,7 @@ Module API + Returns a string specifying the available version of pip that will be + installed when bootstrapping an environment. + +-.. function:: bootstrap(root=None, upgrade=False, user=False, \ ++.. function:: bootstrap(root=None, prefix=None, upgrade=False, user=False, \ + altinstall=False, default_pip=False, \ + verbosity=0) + +@@ -102,6 +104,8 @@ Module API + If *root* is ``None``, then installation uses the default install location + for the current environment. + ++ *prefix* specifies the directory prefix to use when installing. ++ + *upgrade* indicates whether or not to upgrade an existing installation + of an earlier version of ``pip`` to the available version. + +@@ -122,6 +126,8 @@ Module API + *verbosity* controls the level of output to :data:`sys.stdout` from the + bootstrapping operation. + ++ .. versionchanged:: 3.9 the *prefix* parameter was added. ++ + .. audit-event:: ensurepip.bootstrap root ensurepip.bootstrap + + .. note:: +Index: Python-3.11.8/Lib/ensurepip/__init__.py +=================================================================== +--- Python-3.11.8.orig/Lib/ensurepip/__init__.py ++++ Python-3.11.8/Lib/ensurepip/__init__.py +@@ -122,27 +122,27 @@ def _disable_pip_configuration_settings( + os.environ['PIP_CONFIG_FILE'] = os.devnull + + +-def bootstrap(*, root=None, upgrade=False, user=False, ++def bootstrap(*, root=None, prefix=None, upgrade=False, user=False, + altinstall=False, default_pip=False, + verbosity=0): + """ + Bootstrap pip into the current Python installation (or the given root +- directory). ++ and directory prefix). + + Note that calling this function will alter both sys.path and os.environ. + """ + # Discard the return value +- _bootstrap(root=root, upgrade=upgrade, user=user, ++ _bootstrap(root=root, prefix=prefix, upgrade=upgrade, user=user, + altinstall=altinstall, default_pip=default_pip, + verbosity=verbosity) + + +-def _bootstrap(*, root=None, upgrade=False, user=False, ++def _bootstrap(*, root=None, prefix=None, upgrade=False, user=False, + altinstall=False, default_pip=False, + verbosity=0): + """ + Bootstrap pip into the current Python installation (or the given root +- directory). Returns pip command status code. ++ and directory prefix). Returns pip command status code. + + Note that calling this function will alter both sys.path and os.environ. + """ +@@ -192,6 +192,8 @@ def _bootstrap(*, root=None, upgrade=Fal + args = ["install", "--no-cache-dir", "--no-index", "--find-links", tmpdir] + if root: + args += ["--root", root] ++ if prefix: ++ args += ["--prefix", prefix] + if upgrade: + args += ["--upgrade"] + if user: +@@ -267,6 +269,11 @@ def _main(argv=None): + help="Install everything relative to this alternate root directory.", + ) + parser.add_argument( ++ "--prefix", ++ default=None, ++ help="Install everything using this prefix.", ++ ) ++ parser.add_argument( + "--altinstall", + action="store_true", + default=False, +@@ -285,6 +292,7 @@ def _main(argv=None): + + return _bootstrap( + root=args.root, ++ prefix=args.prefix, + upgrade=args.upgrade, + user=args.user, + verbosity=args.verbosity, +Index: Python-3.11.8/Lib/test/test_ensurepip.py +=================================================================== +--- Python-3.11.8.orig/Lib/test/test_ensurepip.py ++++ Python-3.11.8/Lib/test/test_ensurepip.py +@@ -112,6 +112,17 @@ class TestBootstrap(EnsurepipMixin, unit + unittest.mock.ANY, + ) + ++ def test_bootstrapping_with_prefix(self): ++ ensurepip.bootstrap(prefix="/foo/bar/") ++ self.run_pip.assert_called_once_with( ++ [ ++ "install", "--no-cache-dir", "--no-index", "--find-links", ++ unittest.mock.ANY, "--prefix", "/foo/bar/", ++ "setuptools", "pip", ++ ], ++ unittest.mock.ANY, ++ ) ++ + def test_bootstrapping_with_user(self): + ensurepip.bootstrap(user=True) + +Index: Python-3.11.8/Makefile.pre.in +=================================================================== +--- Python-3.11.8.orig/Makefile.pre.in ++++ Python-3.11.8/Makefile.pre.in +@@ -1761,7 +1761,7 @@ install: @FRAMEWORKINSTALLFIRST@ commoni + install|*) ensurepip="" ;; \ + esac; \ + $(RUNSHARED) $(PYTHON_FOR_BUILD) -m ensurepip \ +- $$ensurepip --root=$(DESTDIR)/ ; \ ++ $$ensurepip --root=$(DESTDIR)/ --prefix=$(prefix) ; \ + fi + + altinstall: commoninstall +@@ -1771,7 +1771,7 @@ altinstall: commoninstall + install|*) ensurepip="--altinstall" ;; \ + esac; \ + $(RUNSHARED) $(PYTHON_FOR_BUILD) -m ensurepip \ +- $$ensurepip --root=$(DESTDIR)/ ; \ ++ $$ensurepip --root=$(DESTDIR)/ --prefix=$(prefix) ; \ + fi + + commoninstall: check-clean-src @FRAMEWORKALTINSTALLFIRST@ \ +Index: Python-3.11.8/Misc/NEWS.d/next/Build/2019-12-16-17-50-42.bpo-31046.XA-Qfr.rst +=================================================================== +--- /dev/null ++++ Python-3.11.8/Misc/NEWS.d/next/Build/2019-12-16-17-50-42.bpo-31046.XA-Qfr.rst +@@ -0,0 +1 @@ ++A directory prefix can now be specified when using :mod:`ensurepip`. diff --git a/bsc1221260-test_asyncio-ResourceWarning.patch b/bsc1221260-test_asyncio-ResourceWarning.patch new file mode 100644 index 0000000..15d6b8d --- /dev/null +++ b/bsc1221260-test_asyncio-ResourceWarning.patch @@ -0,0 +1,21 @@ +From a3052035485bd2836e40f5284657ca105382cbfd Mon Sep 17 00:00:00 2001 +From: sobolevn +Date: Tue, 5 Mar 2024 20:24:16 +0300 +Subject: [PATCH] gh-116112: Fix `ResourceWarning` in + `test_asyncio.test_stream` + +Co-authored-by: @CendioOssman +--- + Lib/test/test_asyncio/test_streams.py | 1 + + 1 file changed, 1 insertion(+) + +--- a/Lib/test/test_asyncio/test_streams.py ++++ b/Lib/test/test_asyncio/test_streams.py +@@ -1156,6 +1156,7 @@ os.close(fd) + + def test_unhandled_cancel(self): + async def handle_echo(reader, writer): ++ writer.close() + asyncio.current_task().cancel() + messages = self._basetest_unhandled_exceptions(handle_echo) + self.assertEqual(messages, []) diff --git a/bso1227999-reproducible-builds.patch b/bso1227999-reproducible-builds.patch new file mode 100644 index 0000000..fb33d18 --- /dev/null +++ b/bso1227999-reproducible-builds.patch @@ -0,0 +1,37 @@ +From ac2b8869724d7a57d9b5efbdce2f20423214e8bb Mon Sep 17 00:00:00 2001 +From: "Bernhard M. Wiedemann" +Date: Tue, 16 Jul 2024 21:39:33 +0200 +Subject: [PATCH] Allow to override build date with SOURCE_DATE_EPOCH + +to make builds reproducible. +See https://reproducible-builds.org/ for why this is good +and https://reproducible-builds.org/specs/source-date-epoch/ +for the definition of this variable. +--- + Doc/conf.py | 3 ++- + Doc/library/functions.rst | 2 +- + 2 files changed, 3 insertions(+), 2 deletions(-) + +--- a/Doc/conf.py ++++ b/Doc/conf.py +@@ -316,7 +316,8 @@ html_context = { + } + + # This 'Last updated on:' timestamp is inserted at the bottom of every page. +-html_last_updated_fmt = time.strftime('%b %d, %Y (%H:%M UTC)', time.gmtime()) ++html_time = int(os.environ.get('SOURCE_DATE_EPOCH', time.time())) ++html_last_updated_fmt = time.strftime('%b %d, %Y (%H:%M UTC)', time.gmtime(html_time)) + + # Path to find HTML templates. + templates_path = ['tools/templates'] +--- a/Doc/library/functions.rst ++++ b/Doc/library/functions.rst +@@ -1356,7 +1356,7 @@ are always available. They are listed h + (where :func:`open` is declared), :mod:`os`, :mod:`os.path`, :mod:`tempfile`, + and :mod:`shutil`. + +- .. audit-event:: open file,mode,flags open ++ .. audit-event:: open path,mode,flags open + + The ``mode`` and ``flags`` arguments may have been modified or inferred from + the original call. diff --git a/distutils-reproducible-compile.patch b/distutils-reproducible-compile.patch new file mode 100644 index 0000000..17e8bd2 --- /dev/null +++ b/distutils-reproducible-compile.patch @@ -0,0 +1,17 @@ +--- + Lib/distutils/util.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +Index: Python-3.11.8/Lib/distutils/util.py +=================================================================== +--- Python-3.11.8.orig/Lib/distutils/util.py ++++ Python-3.11.8/Lib/distutils/util.py +@@ -436,7 +436,7 @@ byte_compile(files, optimize=%r, force=% + else: + from py_compile import compile + +- for file in py_files: ++ for file in sorted(py_files): + if file[-3:] != ".py": + # This lets us be lazy and not filter filenames in + # the "install_lib" command. diff --git a/externally_managed.in b/externally_managed.in new file mode 100644 index 0000000..54606b6 --- /dev/null +++ b/externally_managed.in @@ -0,0 +1,12 @@ +[externally-managed] +Error=To install Python packages system-wide, try + zypper install __PYTHONPREFIX__-xyz, where xyz is the package + you are trying to install. + + If you wish to install a non-rpm packaged Python package, + create a virtual environment using __PYTHON__ -m venv path/to/venv. + Then use path/to/venv/bin/python and path/to/venv/bin/pip. + + If you wish to install a non-rpm packaged Python application, + it may be easiest to use `pipx install xyz`, which will manage a + virtual environment for you. Install pipx via `zypper install __PYTHONPREFIX__-pipx` . diff --git a/fix_configure_rst.patch b/fix_configure_rst.patch new file mode 100644 index 0000000..7c6fd0e --- /dev/null +++ b/fix_configure_rst.patch @@ -0,0 +1,40 @@ +--- + Doc/using/configure.rst | 3 --- + Misc/NEWS | 2 +- + 2 files changed, 1 insertion(+), 4 deletions(-) + +--- a/Doc/using/configure.rst ++++ b/Doc/using/configure.rst +@@ -43,7 +43,6 @@ General Options + + See :data:`sys.int_info.bits_per_digit `. + +-.. option:: --with-cxx-main + .. option:: --with-cxx-main=COMPILER + + Compile the Python ``main()`` function and link Python executable with C++ +@@ -529,13 +528,11 @@ macOS Options + + See ``Mac/README.rst``. + +-.. option:: --enable-universalsdk + .. option:: --enable-universalsdk=SDKDIR + + Create a universal binary build. *SDKDIR* specifies which macOS SDK should + be used to perform the build (default is no). + +-.. option:: --enable-framework + .. option:: --enable-framework=INSTALLDIR + + Create a Python.framework rather than a traditional Unix install. Optional +--- a/Misc/NEWS ++++ b/Misc/NEWS +@@ -9774,7 +9774,7 @@ C API + - bpo-40939: Removed documentation for the removed ``PyParser_*`` C API. + + - bpo-43795: The list in :ref:`limited-api-list` now shows the public name +- :c:struct:`PyFrameObject` rather than ``_frame``. The non-existing entry ++ :c:type:`PyFrameObject` rather than ``_frame``. The non-existing entry + ``_node`` no longer appears in the list. + + - bpo-44378: :c:func:`Py_IS_TYPE` no longer uses :c:func:`Py_TYPE` to avoid diff --git a/gh120226-fix-sendfile-test-kernel-610.patch b/gh120226-fix-sendfile-test-kernel-610.patch new file mode 100644 index 0000000..2eb6f63 --- /dev/null +++ b/gh120226-fix-sendfile-test-kernel-610.patch @@ -0,0 +1,35 @@ +From 1b3f6523a5c83323cdc44031b33a1c062e5dc698 Mon Sep 17 00:00:00 2001 +From: Xi Ruoyao +Date: Fri, 7 Jun 2024 23:51:32 +0800 +Subject: [PATCH] gh-120226: Fix + test_sendfile_close_peer_in_the_middle_of_receiving on Linux >= 6.10 + (GH-120227) + +The worst case is that the kernel buffers 17 pages with a page size of 64k. +(cherry picked from commit a7584245661102a5768c643fbd7db8395fd3c90e) + +Co-authored-by: Xi Ruoyao +--- + Lib/test/test_asyncio/test_sendfile.py | 11 ++++------- + 1 file changed, 4 insertions(+), 7 deletions(-) + +--- a/Lib/test/test_asyncio/test_sendfile.py ++++ b/Lib/test/test_asyncio/test_sendfile.py +@@ -93,13 +93,10 @@ class MyProto(asyncio.Protocol): + + class SendfileBase: + +- # 256 KiB plus small unaligned to buffer chunk +- # Newer versions of Windows seems to have increased its internal +- # buffer and tries to send as much of the data as it can as it +- # has some form of buffering for this which is less than 256KiB +- # on newer server versions and Windows 11. +- # So DATA should be larger than 256 KiB to make this test reliable. +- DATA = b"x" * (1024 * 256 + 1) ++ # Linux >= 6.10 seems buffering up to 17 pages of data. ++ # So DATA should be large enough to make this test reliable even with a ++ # 64 KiB page configuration. ++ DATA = b"x" * (1024 * 17 * 64 + 1) + # Reduce socket buffer size to test on relative small data sets. + BUF_SIZE = 4 * 1024 # 4 KiB + diff --git a/idle3.appdata.xml b/idle3.appdata.xml new file mode 100644 index 0000000..554b7c4 --- /dev/null +++ b/idle3.appdata.xml @@ -0,0 +1,35 @@ + + + + + idle3.desktop + IDLE3 + CC0 + Python-2.0 + Python 3 Integrated Development and Learning Environment + +

+ IDLE is Python’s Integrated Development and Learning Environment. + The GUI is uniform between Windows, Unix, and Mac OS X. + IDLE provides an easy way to start writing, running, and debugging + Python code. +

+

+ IDLE is written in pure Python, and uses the tkinter GUI toolkit. + It provides: +

+
    +
  • a Python shell window (interactive interpreter) with colorizing of code input, output, and error messages,
    • +
  • a multi-window text editor with multiple undo, Python colorizing, smart indent, call tips, auto completion, and other features,
    • +
  • search within any window, replace within editor windows, and search through multiple files (grep),
    • +
  • a debugger with persistent breakpoints, stepping, and viewing of global and local namespaces.
    • +
+ + https://docs.python.org/3/library/idle.html + + http://in.waw.pl/~zbyszek/fedora/idle3-appdata/idle3-main-window.png + http://in.waw.pl/~zbyszek/fedora/idle3-appdata/idle3-class-browser.png + http://in.waw.pl/~zbyszek/fedora/idle3-appdata/idle3-code-viewer.png + + zbyszek@in.waw.pl + diff --git a/idle3.desktop b/idle3.desktop new file mode 100644 index 0000000..43f5a4c --- /dev/null +++ b/idle3.desktop @@ -0,0 +1,12 @@ +[Desktop Entry] +Version=1.0 +Name=IDLE 3 +GenericName=Python 3 IDE +Comment=Python 3 Integrated Development and Learning Environment +Exec=idle3 %F +TryExec=idle3 +Terminal=false +Type=Application +Icon=idle3 +Categories=Development;IDE; +MimeType=text/x-python; diff --git a/import_failed.map b/import_failed.map new file mode 100644 index 0000000..f33690c --- /dev/null +++ b/import_failed.map @@ -0,0 +1,7 @@ +python311-curses: curses _curses _curses_panel +python311-dbm: dbm _dbm _gdbm +python311-idle: idlelib +python311-testsuite: test _ctypes_test _testbuffer _testcapi _testinternalcapi _testimportmultiple _testmultiphase xxlimited +python311-tk: tkinter _tkinter +python311-tools: turtledemo +python311: sqlite3 readline _sqlite3 nis diff --git a/import_failed.py b/import_failed.py new file mode 100644 index 0000000..258b5a5 --- /dev/null +++ b/import_failed.py @@ -0,0 +1,23 @@ +import sys, os +from sysconfig import get_path + +failed_map_path = os.path.join(get_path('stdlib'), '_import_failed', 'import_failed.map') + +if __spec__: + failed_name = __spec__.name +else: + failed_name = __name__ + +with open(failed_map_path) as fd: + for line in fd: + package = line.split(':')[0] + imports = line.split(':')[1] + if failed_name in imports: + raise ImportError(f"""Module '{failed_name}' is not installed. +Use: + sudo zypper install {package} +to install it.""") + +raise ImportError(f"""Module '{failed_name}' is not installed. +It is supposed to be part of python3 distribution, but missing from failed import map. +Please file a bug on the SUSE Bugzilla.""") diff --git a/macros.python3 b/macros.python3 new file mode 100644 index 0000000..2bd193b --- /dev/null +++ b/macros.python3 @@ -0,0 +1,28 @@ +%have_python3 1 + +# commented out legacy macro definitions +#py3_prefix /usr +#py3_incdir /usr/include/python3.5m +#py3_ver 3.5 + +# these should now be provided by macros.python_all +#python3_sitearch /usr/lib64/python3.5/site-packages +#python3_sitelib /usr/lib/python3.5/site-packages +#python3_version 3.5 + +# hard to say if anyone ever used these? +#py3_soflags cpython-35m-x86_64-linux-gnu +#py3_abiflags m +%cpython3_soabi %(python3 -c "import sysconfig; print(sysconfig.get_config_var('SOABI'))") +%py3_soflags %cpython3_soabi + +# compilation macros that might be in use somewhere +%py3_compile(O) \ +find %1 -name '*.pyc' -exec rm -f {} ";"\ +python3 -c "import sys, os, compileall; br='%{buildroot}'; compileall.compile_dir(sys.argv[1], ddir=br and (sys.argv[1][len(os.path.abspath(br)):]+'/') or None)" %1\ +%{-O:\ +find %1 -name '*.pyo' -exec rm -f {} ";"\ +python3 -O -c "import sys, os, compileall; br='%{buildroot}'; compileall.compile_dir(sys.argv[1], ddir=br and (sys.argv[1][len(os.path.abspath(br)):]+'/') or None)" %1\ +} + + diff --git a/no-skipif-doctests.patch b/no-skipif-doctests.patch new file mode 100644 index 0000000..7e412d7 --- /dev/null +++ b/no-skipif-doctests.patch @@ -0,0 +1,653 @@ +only in patch2: +unchanged: +--- + Doc/library/turtle.rst | 82 ------------------------------------------------- + 1 file changed, 82 deletions(-) + +--- a/Doc/library/turtle.rst ++++ b/Doc/library/turtle.rst +@@ -440,7 +440,6 @@ Turtle motion + turtle is headed. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.position() + (0.00,0.00) +@@ -467,7 +466,6 @@ Turtle motion + >>> turtle.goto(0, 0) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.position() + (0.00,0.00) +@@ -486,13 +484,11 @@ Turtle motion + orientation depends on the turtle mode, see :func:`mode`. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.setheading(22) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.heading() + 22.0 +@@ -511,13 +507,11 @@ Turtle motion + orientation depends on the turtle mode, see :func:`mode`. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.setheading(22) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.heading() + 22.0 +@@ -540,13 +534,11 @@ Turtle motion + not change the turtle's orientation. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.goto(0, 0) + + .. doctest:: +- :skipif: _tkinter is None + + >>> tp = turtle.pos() + >>> tp +@@ -570,13 +562,11 @@ Turtle motion + unchanged. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.goto(0, 240) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.position() + (0.00,240.00) +@@ -592,13 +582,11 @@ Turtle motion + Set the turtle's second coordinate to *y*, leave first coordinate unchanged. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.goto(0, 40) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.position() + (0.00,40.00) +@@ -625,7 +613,6 @@ Turtle motion + =================== ==================== + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.setheading(90) + >>> turtle.heading() +@@ -638,14 +625,12 @@ Turtle motion + its start-orientation (which depends on the mode, see :func:`mode`). + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.setheading(90) + >>> turtle.goto(0, -10) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.heading() + 90.0 +@@ -677,7 +662,6 @@ Turtle motion + calculated automatically. May be used to draw regular polygons. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.position() +@@ -706,7 +690,6 @@ Turtle motion + + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.dot() +@@ -724,7 +707,6 @@ Turtle motion + it by calling ``clearstamp(stamp_id)``. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.color("blue") + >>> turtle.stamp() +@@ -740,7 +722,6 @@ Turtle motion + Delete stamp with given *stampid*. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.position() + (150.00,-0.00) +@@ -785,7 +766,6 @@ Turtle motion + undo actions is determined by the size of the undobuffer. + + .. doctest:: +- :skipif: _tkinter is None + + >>> for i in range(4): + ... turtle.fd(50); turtle.lt(80) +@@ -818,7 +798,6 @@ Turtle motion + turtle turn instantly. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.speed() + 3 +@@ -839,7 +818,6 @@ Tell Turtle's state + Return the turtle's current location (x,y) (as a :class:`Vec2D` vector). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.pos() + (440.00,-0.00) +@@ -855,7 +833,6 @@ Tell Turtle's state + orientation which depends on the mode - "standard"/"world" or "logo". + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.goto(10, 10) + >>> turtle.towards(0,0) +@@ -867,7 +844,6 @@ Tell Turtle's state + Return the turtle's x coordinate. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.left(50) +@@ -883,7 +859,6 @@ Tell Turtle's state + Return the turtle's y coordinate. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.left(60) +@@ -900,7 +875,6 @@ Tell Turtle's state + :func:`mode`). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.left(67) +@@ -917,7 +891,6 @@ Tell Turtle's state + other turtle, in turtle step units. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.distance(30,40) +@@ -941,7 +914,6 @@ Settings for measurement + Default value is 360 degrees. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.left(90) +@@ -964,7 +936,6 @@ Settings for measurement + ``degrees(2*math.pi)``. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.left(90) +@@ -975,7 +946,6 @@ Settings for measurement + 1.5707963267948966 + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.degrees(360) +@@ -1011,7 +981,6 @@ Drawing state + thickness. If no argument is given, the current pensize is returned. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.pensize() + 1 +@@ -1043,7 +1012,6 @@ Drawing state + attributes in one statement. + + .. doctest:: +- :skipif: _tkinter is None + :options: +NORMALIZE_WHITESPACE + + >>> turtle.pen(fillcolor="black", pencolor="red", pensize=10) +@@ -1066,7 +1034,6 @@ Drawing state + Return ``True`` if pen is down, ``False`` if it's up. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.penup() + >>> turtle.isdown() +@@ -1107,7 +1074,6 @@ Color control + newly set pencolor. + + .. doctest:: +- :skipif: _tkinter is None + + >>> colormode() + 1.0 +@@ -1156,7 +1122,6 @@ Color control + with the newly set fillcolor. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.fillcolor("violet") + >>> turtle.fillcolor() +@@ -1195,7 +1160,6 @@ Color control + with the newly set colors. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.color("red", "green") + >>> turtle.color() +@@ -1212,7 +1176,6 @@ Filling + ~~~~~~~ + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.home() +@@ -1222,7 +1185,6 @@ Filling + Return fillstate (``True`` if filling, ``False`` else). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.begin_fill() + >>> if turtle.filling(): +@@ -1247,7 +1209,6 @@ Filling + above may be either all yellow or have some white regions. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.color("black", "red") + >>> turtle.begin_fill() +@@ -1264,7 +1225,6 @@ More drawing control + variables to the default values. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.goto(0,-22) + >>> turtle.left(100) +@@ -1315,7 +1275,6 @@ Visibility + drawing observably. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.hideturtle() + +@@ -1326,7 +1285,6 @@ Visibility + Make the turtle visible. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.showturtle() + +@@ -1357,7 +1315,6 @@ Appearance + deal with shapes see Screen method :func:`register_shape`. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.shape() + 'classic' +@@ -1383,7 +1340,6 @@ Appearance + ``resizemode("user")`` is called by :func:`shapesize` when used with arguments. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.resizemode() + 'noresize' +@@ -1407,7 +1363,6 @@ Appearance + of the shape's outline. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.shapesize() + (1.0, 1.0, 1) +@@ -1432,7 +1387,6 @@ Appearance + heading of the turtle are sheared. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.shape("circle") + >>> turtle.shapesize(5,2) +@@ -1449,7 +1403,6 @@ Appearance + change the turtle's heading (direction of movement). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.reset() + >>> turtle.shape("circle") +@@ -1469,7 +1422,6 @@ Appearance + (direction of movement). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.reset() + >>> turtle.shape("circle") +@@ -1495,7 +1447,6 @@ Appearance + turtle (its direction of movement). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.reset() + >>> turtle.shape("circle") +@@ -1524,7 +1475,6 @@ Appearance + given matrix. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle = Turtle() + >>> turtle.shape("square") +@@ -1540,7 +1490,6 @@ Appearance + can be used to define a new shape or components of a compound shape. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.shape("square") + >>> turtle.shapetransform(4, -1, 0, 2) +@@ -1565,7 +1514,6 @@ Using events + procedural way: + + .. doctest:: +- :skipif: _tkinter is None + + >>> def turn(x, y): + ... left(180) +@@ -1586,7 +1534,6 @@ Using events + ``None``, existing bindings are removed. + + .. doctest:: +- :skipif: _tkinter is None + + >>> class MyTurtle(Turtle): + ... def glow(self,x,y): +@@ -1614,7 +1561,6 @@ Using events + mouse-click event on that turtle. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.ondrag(turtle.goto) + +@@ -1642,7 +1588,6 @@ Special Turtle methods + Return the last recorded polygon. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.begin_poly() +@@ -1662,7 +1607,6 @@ Special Turtle methods + turtle properties. + + .. doctest:: +- :skipif: _tkinter is None + + >>> mick = Turtle() + >>> joe = mick.clone() +@@ -1675,7 +1619,6 @@ Special Turtle methods + return the "anonymous turtle": + + .. doctest:: +- :skipif: _tkinter is None + + >>> pet = getturtle() + >>> pet.fd(50) +@@ -1689,7 +1632,6 @@ Special Turtle methods + TurtleScreen methods can then be called for that object. + + .. doctest:: +- :skipif: _tkinter is None + + >>> ts = turtle.getscreen() + >>> ts +@@ -1707,7 +1649,6 @@ Special Turtle methods + ``None``, the undobuffer is disabled. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.setundobuffer(42) + +@@ -1717,7 +1658,6 @@ Special Turtle methods + Return number of entries in the undobuffer. + + .. doctest:: +- :skipif: _tkinter is None + + >>> while undobufferentries(): + ... undo() +@@ -1740,7 +1680,6 @@ below: + For example: + + .. doctest:: +- :skipif: _tkinter is None + + >>> s = Shape("compound") + >>> poly1 = ((0,0),(10,-5),(0,10),(-10,-5)) +@@ -1751,7 +1690,6 @@ below: + 3. Now add the Shape to the Screen's shapelist and use it: + + .. doctest:: +- :skipif: _tkinter is None + + >>> register_shape("myshape", s) + >>> shape("myshape") +@@ -1771,7 +1709,6 @@ Most of the examples in this section ref + ``screen``. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> screen = Screen() +@@ -1788,7 +1725,6 @@ Window control + Set or return background color of the TurtleScreen. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.bgcolor("orange") + >>> screen.bgcolor() +@@ -1880,7 +1816,6 @@ Window control + distorted. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.reset() + >>> screen.setworldcoordinates(-50,-7.5,50,7.5) +@@ -1891,7 +1826,6 @@ Window control + ... left(45); fd(2) # a regular octagon + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> screen.reset() +@@ -1913,7 +1847,6 @@ Animation control + Optional argument: + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.delay() + 10 +@@ -1935,7 +1868,6 @@ Animation control + :func:`delay`). + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.tracer(8, 25) + >>> dist = 2 +@@ -1972,7 +1904,6 @@ Using screen events + must have the focus. (See method :func:`listen`.) + + .. doctest:: +- :skipif: _tkinter is None + + >>> def f(): + ... fd(50) +@@ -1993,7 +1924,6 @@ Using screen events + must have focus. (See method :func:`listen`.) + + .. doctest:: +- :skipif: _tkinter is None + + >>> def f(): + ... fd(50) +@@ -2018,7 +1948,6 @@ Using screen events + named ``turtle``: + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.onclick(turtle.goto) # Subsequently clicking into the TurtleScreen will + >>> # make the turtle move to the clicked point. +@@ -2038,7 +1967,6 @@ Using screen events + Install a timer that calls *fun* after *t* milliseconds. + + .. doctest:: +- :skipif: _tkinter is None + + >>> running = True + >>> def f(): +@@ -2120,7 +2048,6 @@ Settings and special methods + ============ ========================= =================== + + .. doctest:: +- :skipif: _tkinter is None + + >>> mode("logo") # resets turtle heading to north + >>> mode() +@@ -2135,7 +2062,6 @@ Settings and special methods + values of color triples have to be in the range 0..*cmode*. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.colormode(1) + >>> turtle.pencolor(240, 160, 80) +@@ -2156,7 +2082,6 @@ Settings and special methods + do with a Tkinter Canvas. + + .. doctest:: +- :skipif: _tkinter is None + + >>> cv = screen.getcanvas() + >>> cv +@@ -2168,7 +2093,6 @@ Settings and special methods + Return a list of names of all currently available turtle shapes. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.getshapes() + ['arrow', 'blank', 'circle', ..., 'turtle'] +@@ -2192,7 +2116,6 @@ Settings and special methods + coordinates: Install the corresponding polygon shape. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.register_shape("triangle", ((5,-3), (0,5), (-5,-3))) + +@@ -2208,7 +2131,6 @@ Settings and special methods + Return the list of turtles on the screen. + + .. doctest:: +- :skipif: _tkinter is None + + >>> for turtle in screen.turtles(): + ... turtle.color("red") +@@ -2270,7 +2192,6 @@ Methods specific to Screen, not inherite + center window vertically + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.setup (width=200, height=200, startx=0, starty=0) + >>> # sets window to 200x200 pixels, in upper left of screen +@@ -2286,7 +2207,6 @@ Methods specific to Screen, not inherite + Set title of turtle window to *titlestring*. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.title("Welcome to the turtle zoo!") + +@@ -2357,7 +2277,6 @@ Public classes + Example: + + .. doctest:: +- :skipif: _tkinter is None + + >>> poly = ((0,0),(10,-5),(0,10),(-10,-5)) + >>> s = Shape("compound") +@@ -2743,7 +2662,6 @@ Changes since Python 3.0 + + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> for turtle in turtles(): diff --git a/pre_checkin.sh b/pre_checkin.sh new file mode 100644 index 0000000..a2cf992 --- /dev/null +++ b/pre_checkin.sh @@ -0,0 +1,78 @@ +#!/bin/bash + +export LC_ALL=C + +master=python*.spec + +# create import_failed.map from package definitions +pkgname=$(grep python_pkg_name $master |grep define |awk -F' ' '{print $3}') +MAPFILE=import_failed.map +function new_map_line () { + package=$1 + package=$(echo $1 |sed -e "s:%{python_pkg_name}:$pkgname:") + modules=$2 + if [ -z "$package" -o -z "$modules" ]; then + return + fi + if [[ "$package" =~ "-base" ]]; then + return + fi + echo "$package:$modules" >> $MAPFILE.tmp +} + +for spec in *.spec; do + basename=${spec%.spec} + package= + modules= + while read line; do + case $line in + "%files -n "*) + new_map_line $package "$modules" + package=${line#"%files -n "} + modules= + ;; + "%files "*) + new_map_line $package "$modules" + package=$basename-${line#"%files "} + modules= + ;; + "%files") + new_map_line $package "$modules" + package=$basename + modules= + ;; + "%{sitedir}/config-"*) + # ignore + ;; + "%{sitedir}/"*) + word=${line#"%{sitedir}/"} + if ! echo $word | grep -q /; then + modules="$modules $word" + fi + ;; + "%{dynlib "*"}") + word=${line#"%{dynlib "} + word=${word%"}"} + modules="$modules $word" + ;; + esac + done < $spec + new_map_line $package "$modules" +done + +cat $MAPFILE.tmp |sort -u > $MAPFILE +rm $MAPFILE.tmp + +# run test inclusion check +tar xJf Python-*.xz +python3 skipped_tests.py + +# generate baselibs.conf +VERSION=$(grep ^Version $master|awk -F':' '{print $2}' |sed -e 's/ //g') +python_version=${VERSION:0:3} # 3.3 +python_version_abitag=${python_version//./} # 33 +python_version_soname=${python_version//./_} # 3_3 +echo "$pkgname-base" > baselibs.conf +echo "$pkgname" >> baselibs.conf +echo "libpython$python_version_soname-1_0" >> baselibs.conf + diff --git a/python-3.3.0b1-fix_date_time_compiler.patch b/python-3.3.0b1-fix_date_time_compiler.patch new file mode 100644 index 0000000..cda20d7 --- /dev/null +++ b/python-3.3.0b1-fix_date_time_compiler.patch @@ -0,0 +1,27 @@ +--- + Makefile.pre.in | 7 +++++++ + 1 file changed, 7 insertions(+) + +Index: Python-3.11.8/Makefile.pre.in +=================================================================== +--- Python-3.11.8.orig/Makefile.pre.in ++++ Python-3.11.8/Makefile.pre.in +@@ -1240,11 +1240,18 @@ Modules/getbuildinfo.o: $(PARSER_OBJS) \ + $(DTRACE_OBJS) \ + $(srcdir)/Modules/getbuildinfo.c + $(CC) -c $(PY_CORE_CFLAGS) \ ++ -DDATE="\"`date -u -r Makefile.pre.in +"%b %d %Y"`\"" \ ++ -DTIME="\"`date -u -r Makefile.pre.in +"%T"`\"" \ + -DGITVERSION="\"`LC_ALL=C $(GITVERSION)`\"" \ + -DGITTAG="\"`LC_ALL=C $(GITTAG)`\"" \ + -DGITBRANCH="\"`LC_ALL=C $(GITBRANCH)`\"" \ + -o $@ $(srcdir)/Modules/getbuildinfo.c + ++Python/getcompiler.o: $(srcdir)/Python/getcompiler.c Makefile ++ $(CC) -c $(PY_CORE_CFLAGS) \ ++ -DCOMPILER='"[GCC]"' \ ++ -o $@ $(srcdir)/Python/getcompiler.c ++ + Modules/getpath.o: $(srcdir)/Modules/getpath.c Python/frozen_modules/getpath.h Makefile $(PYTHON_HEADERS) + $(CC) -c $(PY_CORE_CFLAGS) -DPYTHONPATH='"$(PYTHONPATH)"' \ + -DPREFIX='"$(prefix)"' \ diff --git a/python-3.3.0b1-localpath.patch b/python-3.3.0b1-localpath.patch new file mode 100644 index 0000000..475497e --- /dev/null +++ b/python-3.3.0b1-localpath.patch @@ -0,0 +1,13 @@ +Index: Python-3.11.8/Lib/site.py +=================================================================== +--- Python-3.11.8.orig/Lib/site.py ++++ Python-3.11.8/Lib/site.py +@@ -77,7 +77,7 @@ import io + import stat + + # Prefixes for site-packages; add additional prefixes like /usr/local here +-PREFIXES = [sys.prefix, sys.exec_prefix] ++PREFIXES = [sys.prefix, sys.exec_prefix, '/usr/local'] + # Enable per user site-packages directory + # set it to False to disable the feature or True to force the feature + ENABLE_USER_SITE = None diff --git a/python-3.3.0b1-test-posix_fadvise.patch b/python-3.3.0b1-test-posix_fadvise.patch new file mode 100644 index 0000000..ac5d553 --- /dev/null +++ b/python-3.3.0b1-test-posix_fadvise.patch @@ -0,0 +1,17 @@ +--- + Lib/test/test_posix.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +Index: Python-3.11.8/Lib/test/test_posix.py +=================================================================== +--- Python-3.11.8.orig/Lib/test/test_posix.py ++++ Python-3.11.8/Lib/test/test_posix.py +@@ -430,7 +430,7 @@ class PosixTester(unittest.TestCase): + def test_posix_fadvise(self): + fd = os.open(os_helper.TESTFN, os.O_RDONLY) + try: +- posix.posix_fadvise(fd, 0, 0, posix.POSIX_FADV_WILLNEED) ++ posix.posix_fadvise(fd, 0, 0, posix.POSIX_FADV_RANDOM) + finally: + os.close(fd) + diff --git a/python.keyring b/python.keyring new file mode 100644 index 0000000..747bc27 --- /dev/null +++ b/python.keyring @@ -0,0 +1,109 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBFq+ToQBEADRYvIVtbK6owynD3j3nxwpW2KEk/p+aDvtXmc2SR2dBcZ8sFW2 +R5vEsG8d3/D3wgv5pcL3KfNNXQYUnXVbobrFUUWQYc79qIsE3MgiPf5NVOtwKPUR +i5g9YJgKvpBxkQfqp3LYGm9ZBtwo3DVLA3yn7KsazCmAgTNFJYw7ku1XxgmIzY6K +5J30DfbJiqDqj4f9GslCCCCH3qiPnuLG/HUyVLHMpbWlaiy9NI0GcaLxjJewHj9w +W2D2lydkxe5JGo7egUkV3ILcuLVSVKA35SKY27dYqfuyqp9tAzaRbjDYjsYdHA6G +BqrNrKBn/GwlFDPrVdcvN3ZSY2wMLTxWE3Axc/FweuHxFnou/80FwX7F3JD+oEQ6 +rofmcxOBCC7J98I7HZAhP9jBn88XIS2hztbLq8d6rZJZRtcz0k61VR0ddO+TrFmf +9rMYCPgCckRtVxeFIVIabrN1IzKynLFeo040h8hSGswd6YKDOVwjJY6Oa6EmVefZ +a8QSt4+M65RSzH6SEPY008F3nJUAK6MEkzTak+tFltZNrVWu8p2xd1j9nmxAwEhZ +/lgbxLqzYgaUWmfyHeZ8yVA0MhHzdiAL8nVUEdG3KecIq0RWCJLGLWWIjd6KAJl1 +yAmhRYKK/sjPDsL3elHsFACfZbyx3o5GGQNlas1FYoPLWbaNGaJtgFTF2QARAQAB +tCtQYWJsbyBHYWxpbmRvIFNhbGdhZG8gPHBhYmxvZ3NhbEBnbWFpbC5jb20+iQJO +BBMBCgA4FiEEoDXIwZIZuoIezqhrZOYo+NaEaW0FAlq+ToQCGwMFCwkIBwMFFQoJ +CAsFFgIDAQACHgECF4AACgkQZOYo+NaEaW2bmA/+PXIap2udLoUVOHxnsIBdqYwp +sv1Aj5lfIJmNhmxPbHShwp1Jg+w4urxe+2Dj5ofKVlIo1i83bQkvnKJMDXDVuc/K +P6zqhBJ3rT4Q3qx2mzX8bIfQoJ2JHuH4lkP+I7doDcHHRyeNASyk72VdQmU4twNw +Ibn8nSNV6ThKHdoPYzVnO2rZUFcGIqH5HNsvR+B7cc1MBCHsgURYwSVhSePIFGlZ +iasdBD6QQkDSe4QWi7AcJFWFElw4kbOKJWxAWsrEk+tMXJVGRjnmL289EmPCx/vx +BqKy7Mse0yWCSRR3vB+O6TB1S5SgEyEgqlYsfGNv1qf/rfRD4KkyCbNU3LhY1Aim +vJP4pDW+KFxTk2Ks8vrx8gOSd2aFqPeO/pFDrpsF7PD62XwsfoXu4xc5V0Giw7r1 +Nai0nax7kOrldNF8TbbtRjW0jmoC7wLIDujAkwDIOroZ0CXA3N4HVHdSbrHm/urX +nyxJXupXAQNwGx64JCBcbF2fp3Kvu1VAXBEFnd01KaopthHcbG5pA50Kl2Vhe+98 +OdezUX42fHkQpQkB7HgtXfm6W1bw6YRBamrNvs1OoHBYmUjlECpe566IIu25Hc8s +x3qA+6eca7iqizyLG+WyMT8ZIYTWGAS59jxwR4esqGczbbZPSAPHFwLbGv7Wr0Rd +TPu5B0FcKpDkTd4IxQW5Ag0EWr5O2gEQAMjLe4CtbSfofmJrz5wfNkMVsZ81Gbqe +MoYd3dtkJnQYERUj8flzBj3ucaxGJ+Cuf7ybh3naPopKvEI1q0vkcgCDqrEgXK// +jKJbP28uPSMGhOG28q4PbamG55gy5FtM3ezzAxPWWKe9qBpV65GMmFy7eBQx2iJs +yiDIOOQQ4kraS+cTqNFimEXAGLCOQRNLcwIZzwAAHoW7HEpNUfVwaBD9kMlbo1ND +I60IKcNrNcmcmRxhJqfxjj8YBMwcKHO6GBE3AVpaE/+UO9zyr4TH+0YuQUgxKlPW +Dkg5XlkDo0S1GyLY5e9ckIDIlkTdDa2pOkoE2yB5MQCEga3YiHrKUVTTWaxn9XVJ +6x5ZjUF6bgSWGkrG5dUqSYoO1iDMuNVjtiujNyf/rvfj5cNxS7/lgxchhQKZHZXL +WVqxlneeVJ6s0P4+ROVG9ga2Sve7aUJ6wXIewZwulBcV2sE/W/DgxHgLBi53CUQt +vEzFzKvo48GnDqL5VYjA7l0HMYHd4GksCLi8E8U6Cgj+imXiM8voL7pHRZfs8mY8 +udR+UT4e1Scl2MYP2qBJ9/17B/X52B3s1EZdqI/r+hfOyqrhPs+dbAN0mtMPn68+ +nrvY1+nscvrSYEP6ZBlc9Hp2mgJdb6IcTvINXBEeLRjgc3pjViva443pkiFp9Axm +ecOckMKP3uSlABEBAAGJBGwEGAEKACAWIQSgNcjBkhm6gh7OqGtk5ij41oRpbQUC +Wr5O2gIbAgJACRBk5ij41oRpbcF0IAQZAQoAHRYhBM/cokWxBDzypfl4Zf/odAQW +i9hHBQJavk7aAAoJEP/odAQWi9hHr7YP/RCLre1CmOoWYpAtoa1yVCeYMDV6eQgL +B488/BEZHQE1zbrYy16XkhORob3JF/kUMjmJW7XaFF8FrWvRcdj/xaUGbOOEulKg +v+8zWfswYQRiZ4/JlwER4vRLi6fTE89MVER6Fkj2ASD4D2cifY+EztD4flV3sq3s +vIogGFaN9IvdrdeptOVGXs1RmAyoTsiS2mKQ6xsGh8B9ZAm55W8fBOGiSzLX21Xk +Ofdw53BrFQxn3cu/JgIKpdeZxgukcvEAI62B6X+YL6Na4j0eqEGLzsNtU1+xeJlo +WtVvmRwnRHGSxF6fzIZ3mk/p/aFiXAEq/xITCTY6tDv7x7pFE/RpdlJZyNJ+R5Y4 +SQiuDsylxNCa/4G5EB6q+7iVYtbEQ9MnZg2phowEE42tlj0rz8/rvDK3LH3xibot +KHIodCWKlWByxH99u2PuHUQ0c1oCVBUE1KkruMpvI236DpU/dvdq4JLSg/fWrys/ +VIjqLZgsIE5g/KO9XqngWHkLcBLh4CNAmHJ8Iia+s+/rfgsejQWB5uJb6eYg2JjB +4WP1EI0rULM6fdrCNB+MJ36wE2Lnb4bfT0phOMgjjH5/Ki7ZCbkxkOsBs4SRjiS+ +weCsmpAtMqodWY/Cnw9pWSA/qLSRD5/mKeb9SO6OZ/OPfAatwnGHsvZ2sAueC6rR +04W5BfXZWrnJUXQP/id/EKE1Ksp5fKoxSCbkKTCig+Sf5Afwe36yFN+niZBqzn5b +BgL/HIKaZM97oDHersPPANeEgS+JVlBf95iKIYnQbZP43FLVbvOuaINhBIVtFO54 +2Y7EYwl41kP7ILDElVy36KAmdQyBAfrjnZiRA70xShOxApLug1L0lxhR3YfmLwNi +RJ0V6KnYDKf0pfdhO9VFyFFWUojX1usn2SmSsXNizsNtvRqHXzPnX0rbJzZ9+N4O +9k1nxygYFG/2R/jGonVmTjRzcAHrAkNJETMWXMA7/8wRMDwluz8j+cCldey9x8Vk +JwgLGnZSbQtVpcFAnm5r/36Gt+9wc1VWMyrUrVr6Z679aqAbG7PMaeR5h5ygMj1k +VqRTYAUPSk1f8bZKRssQkQwEbp9dVIjm9SsR8VT7/tB+UuB85dABxgHfv3psJRT+ +tL8g9V7kSZqQfcLNGmvEVvr2Zl9NtxwXtsFM2OBprxCenwb+e9Ppm1LjfJG/NE72 +mAnOERfDaiLt4bqNo36Ei5sGCJ4Fx61phzNBXzkdRNM47i8J5UZRKFkE91c99BVM +HKUaY61NRK24fR0zP98ftDU82YFw0VRFJpTeBrO5ivN1MlQxUPzUWxKxMxO+20wa +UOXroEw11Tb4SRLGOla1pCl6lCUPJRy9IzadPDgTr/OTMkob/snt/XLdnV5/uQIN +BFq+TvoBEAC8Oy1g6pPWBbrCMhIq7VWY2fjylJ1fwg5BPXkOKVK1dsGYO4QD7oW9 +L0aSqcFSNFGF9Cl0Ri4TFXZC3hnG4HeSXUWApuKdBLn21H3jba36Ay1oGcGfdm0v +Zght4c6BlMVBpGCw2wIkJbUNEy6InMM+O8CCbbaH3iJkJ4141P7pODHignx5AmZI +conMui4YOhC+IXQXynVEv1Juk7erB1Nh1RcRvsA4lb44HWx49lIwe85ejOmoZ0O3 +6f9NJRer6bV0+rHWmg4IV5Q9h/Gn4IhEDZxA0DZl1RQI7dMgaMbIFbXGq7Kgzstz +EUnOoy29hXodxVmwIsMrAiQUYtwJ9hW+ESsw47+W2iPHVgviGWl7r/SgcgMYmf6m +5kiTBtwU7BQPS9G3zwwP2Rm3AA/6g39Q+tQKjOwi1I8+GZsY2On44Zly7BreBNg5 +4gJgdAGcMOYU9etr050clH3UpTYcAEtX++ahtOKhJgLIPNcIAQNlnifqvU0VYpgw +R4YpZ7hgg+AVDzC73PIM0lFI0XiDuqChbxE+K1jmLXWe5iJF0dzgVTwP+PmsifNZ +Wg3+YxSsS+hDMPQ2xPiQN49gT4JJDHcDuyhHyCGYgyMiVJCsku9KrkubbfVRivyN +ZF2Zfo3f+nbrRxsftz0yjAq8byCvb0V0XOpt4pJ/ddlug9ytRxALNwARAQABiQI2 +BBgBCgAgFiEEoDXIwZIZuoIezqhrZOYo+NaEaW0FAlq+TvoCGwwACgkQZOYo+NaE +aW3urA//UQ/cKQ7HvWjcLphzQOZc+6m5YL0wxvZkSjemU7mqjZdpacteIvRAoers +EqXHc208liIBtNfRzoreXdcXNzie65xXkrRnWoHVH/fTWy4lOnHr2CMXLeHjUgg/ +M6PYi8+sARm05YFB8nsYhlhx3IdLhcfeVVbJedQKO0yL3CK1okT30DUVq5Lq6X/K +DC6AxuJR3D6UMSoT0WLaoX8qbhAp88qLynInfBVL18d97h916WPLTPeP0eHwhwND +bYtKDCMDuKQ9XX5+QsNH0RmbxlX274LHrUMMvkLKxcfCBvP+iuqrBeIuoeVzXYJZ +j7ZJtEH79bW44eecl/CY/STFYgSQ2XGTp2BI2q60wAmtKlNhwxY5ena0FgyFl6Tm +5OBHW/Pwo+ndQJGfbrCyWkTgRay9c8er3gl3GQYIBH6X0kCiG7h/Epj0b5CHOPU5 +hCw0kEB8MB4poTIjeiY+Q01472/lQ68CL3DX158hR5d3XaPSIxAN+qFsfB1o316p +yjxhfK1MD/IfrOgjlggPPnc/KmLkCzpgdwKcZwLCdZq9hYBvF1Zs34HbaVMYbWTK +uxLowtXGU43vatCXXqmPOvl4/g4tZD6rysJDgOrHQnEHzT+Napn07s0BRC0IbbNn +FynUrkr5KMSuRz7Hg7xMApENOrb0nqdHSUJ914ZpuMIS6RhJgGu5Ag0EWr5PIAEQ +ALfh9vPD2B+miHDTMADI8aRZ7g9tnzynZYkk3+2sCiiusetsQQ+HIPJ/ASEJB7On +ane9dyT/LTRhrK9qaxgVMimk2COXB/xyh7Mnw7nJgFU0aRSbtX0vbvQz2suSzrQ6 +9mPKzan28JGoClqB0bw1vwf3VjjxHV2dgD57CmqFPv7kAC/2a56dE+etzXattZAL ++2JWTpmfQ0ePRRadtBm0VahQhnU8x0+jvAVrEawqpVW83ozYFyW/0WInM2J7jHgQ +16OosY4lj5L/DxpVxaArhRFoRfWPXfC37iE8Mou/I95isvPQIhp1wTo4jG0KM02B +oIVbp/QRNBQ6WtpOzvJs1gqQiJJTfqbKJXQ3NDEY9crpVS83HJ+Zv99PNsyNkFjG +QpU84U3ZhsI4ygjdY45mpZueqI1RVcRQdu8Hgvoo/78Q/Sir6gMGop3mVdVo2guI +kFcJrXh0Xk3ech4aVqrmKx/mPXGwOAQU0DAul4RW3fKg1QxQE7Tlw3+95Ee/+q5j +HARL0uDbCJpRO8Sl8NDEuL32n/2Ot6kQeCSHrU7KJRYAkTxkKvr8zNow7hFhHFPE +SnHvTnskI6noh0VY6NwMhmLvhm0wKkRxZPzUNc3sgLvbK1NymIZ9aKCZamzhZrmG +vnblEz/OSLwGUua465H3hM1vvBQiartj7+6ZqWIkSmBPABEBAAGJAjYEGAEKACAW +IQSgNcjBkhm6gh7OqGtk5ij41oRpbQUCWr5PIAIbIAAKCRBk5ij41oRpbWmeEACG ++axtDC8UoNp9ORiYwEWLzZWDuugE+ah7DYYGD4Vs633FXVZW3SgM/bFtJ/0Lg8CF +74jI4LMHyIjDzEjcoItwnhBLix+kUoJTvrY58GPydwekLuw1p4KXLqtRs4fsZbNQ +YTknl4jYtRWoxO98x7tun7Gq2gqmJkIB2uj630fKz5cBk6p6oDFKjzyrHe+V7BiK +3okQPaD4x7hq8OnTy7lOy92ZZAqztS4tNEb4DkYW1MpuwsJ7hbBZitc1siI+FVVb +GjVVGZz6ssXoW67Tz8+VxdWJxNLXlv27eMcj4sme5S0th/YYNA5fRRv6zuzqZAru +YNGLpYYU7JLvZJ+3lCwa5j5ycOGBF0GvsGs6gj6h+CHkjR/BgzAgWC+GgUgslt6q +aH04rWtV6rVz+Y91LcrX5P6OM4anmXD3Gp3kl35AypXb4KyASF19+11RUziD4Z7q +wQEWfbwOltNyZv2lD8s2jPr7P02axWRQUbZAEhxRmvOQev/FZPyCF6gqUo/HxRbQ +y3bzmnipyHSv1DlXNfCFCHvN8kGyZnRWARqIKRg+j9ediJgOUqlLhg6KmrTVxd5v +3Dfv52PW2UODDTM20s3cQGuX/UswzMRwPI/+P44iCMwEKdm7duM/5oisZT9Vhy7g +P15MreFZLcZvUVgjqgy0u57cstyGK1Bo9e2sFcK2fA== +=6Zb4 +-----END PGP PUBLIC KEY BLOCK----- diff --git a/python311-rpmlintrc b/python311-rpmlintrc new file mode 100644 index 0000000..5b35f34 --- /dev/null +++ b/python311-rpmlintrc @@ -0,0 +1,3 @@ +addFilter("pem-certificate.*/usr/lib.*/python.*/test/*.pem") +addFilter("devel-file-in-non-devel-package.*/usr/lib.*/python.*/tests/*.c") +addFilter("devel-file-in-non-devel-package.*/usr/lib.*/python.*/test/*.cpp") diff --git a/python311.changes b/python311.changes new file mode 100644 index 0000000..2f977cc --- /dev/null +++ b/python311.changes @@ -0,0 +1,5503 @@ +------------------------------------------------------------------- +Mon Jan 27 09:00:48 UTC 2025 - Daniel Garcia + +- Configure externally_managed with a bcond + https://en.opensuse.org/openSUSE:Python:Externally_managed + bsc#1228165 + +------------------------------------------------------------------- +Wed Dec 4 21:40:41 UTC 2024 - Matej Cepl + +- Update to 3.11.11: + - Tools/Demos + - gh-123418: Update GitHub CI workflows to use OpenSSL 3.0.15 + and multissltests to use 3.0.15, 3.1.7, and 3.2.3. + - Tests + - gh-125041: Re-enable skipped tests for zlib on the + s390x architecture: only skip checks of the compressed + bytes, which can be different between zlib’s software + implementation and the hardware-accelerated implementation. + - Security + - gh-126623: Upgrade libexpat to 2.6.4 + - gh-122792: Changed IPv4-mapped ipaddress.IPv6Address to + consistently use the mapped IPv4 address value for deciding + properties. Properties which have their behavior fixed are + is_multicast, is_reserved, is_link_local, is_global, and + is_unspecified. + - Library + - gh-124651: Properly quote template strings in venv + activation scripts (bsc#1232241, CVE-2024-9287). +- Removed upstreamed patches: + - CVE-2024-9287-venv_path_unquoted.patch + +------------------------------------------------------------------- +Tue Dec 3 08:21:35 UTC 2024 - John Paul Adrian Glaubitz + +- Add add-loongarch64-support.patch to support loongarch64 + +------------------------------------------------------------------- +Mon Dec 2 22:50:07 UTC 2024 - Matej Cepl + +- Fix changelog + +------------------------------------------------------------------- +Mon Nov 11 12:43:40 UTC 2024 - Daniel Garcia + +- Remove -IVendor/ from python-config boo#1231795 + +------------------------------------------------------------------- +Fri Nov 1 16:32:10 UTC 2024 - Matej Cepl + +- Add CVE-2024-9287-venv_path_unquoted.patch to properly quote + path names provided when creating a virtual environment + (bsc#1232241, CVE-2024-9287) + +------------------------------------------------------------------- +Wed Oct 2 16:18:29 UTC 2024 - Matej Cepl + +- Drop .pyc files from docdir for reproducible builds + (bsc#1230906). + +------------------------------------------------------------------- +Mon Sep 9 16:53:07 UTC 2024 - Matej Cepl + +- Update to 3.11.10: + - Security + - gh-123678: Upgrade libexpat to 2.6.3 + - gh-121957: Fixed missing audit events around interactive + use of Python, now also properly firing for ``python -i``, + as well as for ``python -m asyncio``. The event in question + is ``cpython.run_stdin``. + - gh-122133: Authenticate the socket connection for the + ``socket.socketpair()`` fallback on platforms where + ``AF_UNIX`` is not available like Windows. Patch by + Gregory P. Smith and Seth Larson + . Reported by Ellie + - gh-121285: Remove backtracking from tarfile header parsing + for ``hdrcharset``, PAX, and GNU sparse headers + (bsc#1230227, CVE-2024-6232). + - gh-118486: :func:`os.mkdir` on Windows now accepts + *mode* of ``0o700`` to restrict the new directory to + the current user. This fixes CVE-2024-4030 affecting + :func:`tempfile.mkdtemp` in scenarios where the base + temporary directory is more permissive than the default. + - gh-116741: Update bundled libexpat to 2.6.2 + - Library + - gh-123270: Applied a more surgical fix for malformed + payloads in :class:`zipfile.Path` causing infinite loops + (gh-122905) without breaking contents using legitimate + characters (bsc#1229704, CVE-2024-8088). + - gh-123067: Fix quadratic complexity in parsing ``"``-quoted + cookie values with backslashes by :mod:`http.cookies` + (bsc#1229596, CVE-2024-7592). + - gh-122905: :class:`zipfile.Path` objects now sanitize names + from the zipfile. + - gh-121650: :mod:`email` headers with embedded newlines are + now quoted on output. The :mod:`~email.generator` will now + refuse to serialize (write) headers that are unsafely folded + or delimited; see :attr:`~email.policy.Policy.verify_generated_headers`. + (Contributed by Bas Bloemsaat and Petr Viktorin in + :gh:`121650`; CVE-2024-6923, bsc#1228780). + - gh-119506: Fix :meth:`!io.TextIOWrapper.write` method + breaks internal buffer when the method is called again + during flushing internal buffer. + - gh-118643: Fix an AttributeError in the :mod:`email` module + when re-fold a long address list. Also fix more cases of + incorrect encoding of the address separator in the address + list. + - gh-113171: Fixed various false positives and false + negatives in * :attr:`ipaddress.IPv4Address.is_private` + (see these docs for details) * + :attr:`ipaddress.IPv4Address.is_global` * + :attr:`ipaddress.IPv6Address.is_private` * + :attr:`ipaddress.IPv6Address.is_global` Also in the + corresponding :class:`ipaddress.IPv4Network` and + :class:`ipaddress.IPv6Network` attributes. + Fixes bsc#1226448 (CVE-2024-4032). + - gh-102988: :func:`email.utils.getaddresses` and + :func:`email.utils.parseaddr` now return ``('', '')`` + 2-tuples in more situations where invalid email addresses + are encountered instead of potentially inaccurate + values. Add optional *strict* parameter to these two + functions: use ``strict=False`` to get the old behavior, + accept malformed inputs. ``getattr(email.utils, + 'supports_strict_parsing', False)`` can be use to check if + the *strict* paramater is available. Patch by Thomas Dwyer + and Victor Stinner to improve the CVE-2023-27043 fix + (bsc#1210638). + - gh-67693: Fix :func:`urllib.parse.urlunparse` and + :func:`urllib.parse.urlunsplit` for URIs with path starting + with multiple slashes and no authority. Based on patch by + Ashwin Ramaswami. + - Core and Builtins + - gh-112275: A deadlock involving ``pystate.c``'s + ``HEAD_LOCK`` in ``posixmodule.c`` at fork is now + fixed. Patch by ChuBoning based on previous Python 3.12 fix + by Victor Stinner. + - gh-109120: Added handle of incorrect star expressions, e.g + ``f(3, *)``. Patch by Grigoryev Semyon +- Removed upstreamed patches: + - CVE-2023-27043-email-parsing-errors.patch + - CVE-2024-4032-private-IP-addrs.patch + - CVE-2024-6923-email-hdr-inject.patch + - CVE-2024-8088-inf-loop-zipfile_Path.patch + (renamed from CVE-2024-8088-zipfile-Path-sanitization.patch) + - CVE-2024-6232-ReDOS-backtrack-tarfile.patch + - CVE-2024-7592-quad-complex-cookies.patch + +------------------------------------------------------------------- +Mon Sep 2 09:44:26 UTC 2024 - Matej Cepl + +- Add gh120226-fix-sendfile-test-kernel-610.patch to avoid + failing test_sendfile_close_peer_in_the_middle_of_receiving + tests on Linux >= 6.10 (GH-120227). + +------------------------------------------------------------------- +Wed Aug 28 16:54:34 UTC 2024 - Matej Cepl + +- Add CVE-2024-8088-inf-loop-zipfile_Path.patch to prevent + malformed payload to cause infinite loops in zipfile.Path + (bsc#1229704, CVE-2024-8088). + +------------------------------------------------------------------- +Wed Aug 7 12:12:42 UTC 2024 - Matej Cepl + +- Add CVE-2024-6923-email-hdr-inject.patch to prevent email + header injection due to unquoted newlines (bsc#1228780, + CVE-2024-6923). +- %{profileopt} variable is set according to the variable + %{do_profiling} (bsc#1227999) + +------------------------------------------------------------------- +Mon Jul 22 21:20:55 UTC 2024 - Matej Cepl + +- Remove %suse_update_desktop_file macro as it is not useful any + more. + +------------------------------------------------------------------- +Thu Jul 18 22:37:07 UTC 2024 - Matej Cepl + +- Adding bso1227999-reproducible-builds.patch fixing bsc#1227999 + adding reproducibility patches from gh#python/cpython!121872 + and gh#python/cpython!121883. + +------------------------------------------------------------------- +Mon Jul 15 12:14:05 UTC 2024 - Matej Cepl + +- Stop using %%defattr, it seems to be breaking proper executable + attributes on /usr/bin/ scripts (bsc#1227378). + +------------------------------------------------------------------- +Tue Jul 2 10:32:58 UTC 2024 - Daniel Garcia + +- Update F00251-change-user-install-location.patch to make pip and + modern tools install directly in /usr/local when used by the user. + bsc#1225660 + +------------------------------------------------------------------- +Tue Jun 25 21:57:40 UTC 2024 - Matej Cepl + +- Add CVE-2024-4032-private-IP-addrs.patch to fix bsc#1226448 + (CVE-2024-4032) rearranging definition of private v global IP + addresses. + +------------------------------------------------------------------- +Wed May 1 08:39:08 UTC 2024 - Matej Cepl + +- Update CVE-2023-52425-libexpat-2.6.0-backport.patch + so that it uses features sniffing, not just + comparing version number. Include also + support-expat-CVE-2022-25236-patched.patch. +- Add CVE-2023-52425-remove-reparse_deferral-tests.patch skipping + failing tests. +- Refresh patches: + - CVE-2023-27043-email-parsing-errors.patch + - fix_configure_rst.patch + - skip_if_buildbot-extend.patch +- Remove included patch: + - support-expat-CVE-2022-25236-patched.patch + +------------------------------------------------------------------- +Mon Apr 15 10:31:32 UTC 2024 - Daniel Garcia + +- Add CVE-2023-52425-libexpat-2.6.0-backport.patch to fix tests with + patched libexpat below 2.6.0 that doesn't update the version number, + just in SLE. + +------------------------------------------------------------------- +Mon Apr 8 05:44:04 UTC 2024 - Daniel Garcia + +- Remove not needed upstream patches: + * libexpat260.patch + * CVE-2023-6597-TempDir-cleaning-symlink.patch, bsc#1219666 + * CVE-2024-0397-memrace_ssl.SSLContext_cert_store.patch + +- Update to 3.11.9: + * Security + - gh-115398: Allow controlling Expat >=2.6.0 reparse deferral + (CVE-2023-52425, bsc#1219559) by adding five new methods: + xml.etree.ElementTree.XMLParser.flush() + xml.etree.ElementTree.XMLPullParser.flush() + xml.parsers.expat.xmlparser.GetReparseDeferralEnabled() + xml.parsers.expat.xmlparser.SetReparseDeferralEnabled() + xml.sax.expatreader.ExpatParser.flush() + - gh-115399: Update bundled libexpat to 2.6.0 + - gh-115243: Fix possible crashes in collections.deque.index() + when the deque is concurrently modified. + - gh-114572: ssl.SSLContext.cert_store_stats() and + ssl.SSLContext.get_ca_certs() now correctly lock access to the + certificate store, when the ssl.SSLContext is shared across + multiple threads (bsc#1226447, CVE-2024-0397). + * Core and Builtins + - gh-116296: Fix possible refleak in object.__reduce__() internal + error handling. + - gh-116034: Fix location of the error on a failed assertion. + - gh-115823: Properly calculate error ranges in the parser when + raising SyntaxError exceptions caused by invalid byte sequences. + Patch by Pablo Galindo + - gh-112087: For an empty reverse iterator for list will be + reduced to reversed(). Patch by Donghee Na. + - gh-115011: Setters for members with an unsigned integer type now + support the same range of valid values for objects that has a + __index__() method as for int. + - gh-96497: Fix incorrect resolution of mangled class variables + used in assignment expressions in comprehensions. + * Library + - gh-117310: Fixed an unlikely early & extra Py_DECREF triggered + crash in ssl when creating a new _ssl._SSLContext if CPython was + built implausibly such that the default cipher list is empty or + the SSL library it was linked against reports a failure from its + C SSL_CTX_set_cipher_list() API. + - gh-117178: Fix regression in lazy loading of self-referential + modules, introduced in gh-114781. + - gh-117084: Fix zipfile extraction for directory entries with the + name containing backslashes on Windows. + - gh-117110: Fix a bug that prevents subclasses of typing.Any to + be instantiated with arguments. Patch by Chris Fu. + - gh-90872: On Windows, subprocess.Popen.wait() no longer calls + WaitForSingleObject() with a negative timeout: pass 0 ms if the + timeout is negative. Patch by Victor Stinner. + - gh-116957: configparser: Don’t leave ConfigParser values in an + invalid state (stored as a list instead of a str) after an + earlier read raised DuplicateSectionError or + DuplicateOptionError. + - gh-90095: Ignore empty lines and comments in .pdbrc + - gh-116764: Restore support of None and other false values in + urllib.parse functions parse_qs() and parse_qsl(). Also, they + now raise a TypeError for non-zero integers and non-empty + sequences. + - gh-116811: In PathFinder.invalidate_caches, delegate to + MetadataPathFinder.invalidate_caches. + - gh-116600: Fix repr() for global Flag members. + - gh-116484: Change automatically generated tkinter.Checkbutton + widget names to avoid collisions with automatically generated + tkinter.ttk.Checkbutton widget names within the same parent + widget. + - gh-116401: Fix blocking os.fwalk() and shutil.rmtree() on + opening named pipe. + - gh-116143: Fix a race in pydoc _start_server, eliminating a + window in which _start_server can return a thread that is + “serving” but without a docserver set. + - gh-116325: typing: raise SyntaxError instead of AttributeError + on forward references as empty strings. + - gh-90535: Fix support of interval values > 1 in + logging.TimedRotatingFileHandler for when='MIDNIGHT' and + when='Wx'. + - gh-115978: Disable preadv(), readv(), pwritev(), and writev() on + WASI. + - Under wasmtime for WASI 0.2, these functions don’t pass + test_posix + (https://github.com/bytecodealliance/wasmtime/issues/7830). + - gh-88352: Fix the computation of the next rollover time in the + logging.TimedRotatingFileHandler handler. computeRollover() now + always returns a timestamp larger than the specified time and + works correctly during the DST change. doRollover() no longer + overwrite the already rolled over file, saving from data loss + when run at midnight or during repeated time at the DST change. + - gh-87115: Set __main__.__spec__ to None when running a script + with pdb + - gh-76511: Fix UnicodeEncodeError in email.Message.as_string() + that results when a message that claims to be in the ascii + character set actually has non-ascii characters. Non-ascii + characters are now replaced with the U+FFFD replacement + character, like in the replace error handler. + - gh-75988: Fixed unittest.mock.create_autospec() to pass the call + through to the wrapped object to return the real result. + - gh-115881: Fix issue where ast.parse() would incorrectly flag + conditional context managers (such as with (x() if y else z()): + ...) as invalid syntax if feature_version=(3, 8) was passed. + This reverts changes to the grammar made as part of gh-94949. + - gh-115886: Fix silent truncation of the name with an embedded + null character in multiprocessing.shared_memory.SharedMemory. + - gh-115809: Improve algorithm for computing which rolled-over log + files to delete in logging.TimedRotatingFileHandler. It is now + reliable for handlers without namer and with arbitrary + deterministic namer that leaves the datetime part in the file + name unmodified. + - gh-74668: urllib.parse functions parse_qs() and parse_qsl() now + support bytes arguments containing raw and percent-encoded + non-ASCII data. + - gh-67044: csv.writer() now always quotes or escapes '\r' and + '\n', regardless of lineterminator value. + - gh-115712: csv.writer() now quotes empty fields if delimiter is + a space and skipinitialspace is true and raises exception if + quoting is not possible. + - gh-115618: Fix improper decreasing the reference count for None + argument in property methods getter(), setter() and deleter(). + - gh-115570: A DeprecationWarning is no longer omitted on access + to the __doc__ attributes of the deprecated typing.io and + typing.re pseudo-modules. + - gh-112006: Fix inspect.unwrap() for types with the __wrapper__ + data descriptor. + - gh-101293: Support callables with the __call__() method and + types with __new__() and __init__() methods set to class + methods, static methods, bound methods, partial functions, and + other types of methods and descriptors in + inspect.Signature.from_callable(). + - gh-115392: Fix a bug in doctest where incorrect line numbers + would be reported for decorated functions. + - gh-114563: Fix several format() bugs when using the C + implementation of Decimal: * memory leak in some rare cases when + using the z format option (coerce negative 0) * incorrect output + when applying the z format option to type F (fixed-point with + capital NAN / INF) * incorrect output when applying the # format + option (alternate form) + - gh-115197: urllib.request no longer resolves the hostname before + checking it against the system’s proxy bypass list on macOS and + Windows. + - gh-115198: Fix support of Docutils >= 0.19 in distutils. + - gh-115165: Most exceptions are now ignored when attempting to + set the __orig_class__ attribute on objects returned when + calling typing generic aliases (including generic aliases + created using typing.Annotated). Previously only AttributeError + was ignored. Patch by Dave Shawley. + - gh-115133: Fix tests for XMLPullParser with Expat 2.6.0. + - gh-115059: io.BufferedRandom.read1() now flushes the underlying + write buffer. + - gh-79382: Trailing ** no longer allows to match files and + non-existing paths in recursive glob(). + - gh-114763: Protect modules loaded with importlib.util.LazyLoader + from race conditions when multiple threads try to access + attributes before the loading is complete. + - gh-97959: Fix rendering class methods, bound methods, method and + function aliases in pydoc. Class methods no longer have “method + of builtins.type instance” note. Corresponding notes are now + added for class and unbound methods. Method and function aliases + now have references to the module or the class where the origin + was defined if it differs from the current. Bound methods are + now listed in the static methods section. Methods of builtin + classes are now supported as well as methods of Python classes. + - gh-112281: Allow creating union of types for typing.Annotated + with unhashable metadata. + - gh-111775: Fix importlib.resources.simple.ResourceHandle.open() + for text mode, added missed stream argument. + - gh-90095: Make .pdbrc and -c work with any valid pdb commands. + - gh-107155: Fix incorrect output of help(x) where x is a lambda + function, which has an __annotations__ dictionary attribute with + a "return" key. + - gh-105866: Fixed _get_slots bug which caused error when defining + dataclasses with slots and a weakref_slot. + - gh-60346: Fix ArgumentParser inconsistent with parse_known_args. + - gh-100985: Update HTTPSConnection to consistently wrap IPv6 + Addresses when using a proxy. + - gh-100884: email: fix misfolding of comma in address-lists over + multiple lines in combination with unicode encoding. + - gh-95782: Fix io.BufferedReader.tell(), + io.BufferedReader.seek(), _pyio.BufferedReader.tell(), + io.BufferedRandom.tell(), io.BufferedRandom.seek() and + _pyio.BufferedRandom.tell() being able to return negative + offsets. + - gh-96310: Fix a traceback in argparse when all options in a + mutually exclusive group are suppressed. + - gh-93205: Fixed a bug in + logging.handlers.TimedRotatingFileHandler where multiple + rotating handler instances pointing to files with the same name + but different extensions would conflict and not delete the + correct files. + - bpo-44865: Add missing call to localization function in + argparse. + - bpo-43952: Fix multiprocessing.connection.Listener.accept() to + accept empty bytes as authkey. Not accepting empty bytes as key + causes it to hang indefinitely. + - bpo-42125: linecache: get module name from __spec__ if + available. This allows getting source code for the __main__ + module when a custom loader is used. + - gh-66543: Make mimetypes.guess_type() properly parsing of URLs + with only a host name, URLs containing fragment or query, and + filenames with only a UNC sharepoint on Windows. Based on patch + by Dong-hee Na. + - bpo-33775: Add ‘default’ and ‘version’ help text for + localization in argparse. + * Documentation + - gh-115399: Document CVE-2023-52425 of Expat <2.6.0 under “XML + vulnerabilities”. + - gh-115233: Fix an example for LoggerAdapter in the Logging + Cookbook. + * Tests + - gh-83434: Disable JUnit XML output (--junit-xml=FILE command + line option) in regrtest when hunting for reference leaks (-R + option). Patch by Victor Stinner. + - gh-117187: Fix XML tests for vanilla Expat <2.6.0. + - gh-115979: Update test_importlib so that it passes under WASI + SDK 21. + - gh-116307: Added import helper isolated_modules as CleanImport + does not remove modules imported during the context. + - gh-115720: Leak tests (-R, --huntrleaks) now show a summary of + the number of leaks found in each iteration. + - gh-115122: Add --bisect option to regrtest test runner: run + failed tests with test.bisect_cmd to identify failing tests. + Patch by Victor Stinner. + - gh-115596: Fix ProgramPriorityTests in test_os permanently + changing the process priority. + - gh-115198: Fix test_check_metadata_deprecate in distutils tests + with a newer Docutils. + * Build + - gh-116313: Get WASI builds to work under wasmtime 18 w/ WASI + 0.2/preview2 primitives. + - gh-115167: Avoid vendoring vcruntime140_threads.dll when + building with Visual Studio 2022 version 17.8. + * Windows + - gh-116773: Fix instances of <_overlapped.Overlapped object at + 0xXXX> still has pending operation at deallocation, the process + may crash. + - gh-91227: Fix the asyncio ProactorEventLoop implementation so + that sending a datagram to an address that is not listening does + not prevent receiving any more datagrams. + - gh-115554: The installer now has more strict rules about + updating the Python Launcher for Windows. In general, most users + only have a single launcher installed and will see no + difference. When multiple launchers have been installed, the + option to install the launcher is disabled until all but one + have been removed. Downgrading the launcher (which was never + allowed) is now more obviously blocked. + - gh-115543: Python Launcher for Windows can now detect Python + 3.13 when installed from the Microsoft Store, and will install + Python 3.12 by default when PYLAUNCHER_ALLOW_INSTALL is set. + - gh-115009: Update Windows installer to use SQLite 3.45.1. + * IDLE + - gh-88516: On macOS show a proxy icon in the title bar of editor + windows to match platform behaviour. + * Tools/Demos + - gh-113516: Don’t set LDSHARED when building for WASI. + * C API + - gh-117021: Fix integer overflow in PyLong_AsPid() on non-Windows + 64-bit platforms. + +------------------------------------------------------------------- +Sun Mar 24 07:51:45 UTC 2024 - Matej Cepl + +- Add reference to CVE-2024-0450 (bsc#1221854) to changelog. + +------------------------------------------------------------------- +Fri Mar 22 21:22:27 UTC 2024 - Matej Cepl + +- Because of bsc#1189495 we have to revert use of %autopatch. + +------------------------------------------------------------------- +Tue Mar 12 08:44:47 UTC 2024 - Matej Cepl + +- Rewrite %prep to use %autosetup et al. for compatibility with + rpm 4.20. + +------------------------------------------------------------------- +Tue Mar 12 08:13:34 UTC 2024 - Matej Cepl + +- bsc#1221260 add bsc1221260-test_asyncio-ResourceWarning.patch + to eliminate ResourceWarning which broke the test suite in + test_asyncio. + +------------------------------------------------------------------- +Wed Mar 6 14:13:58 UTC 2024 - Pedro Monreal + +- Use the system-wide crypto-policies [bsc#1211301] + * Use the system default cipher list instead of hardcoded values + * Add the --with-ssl-default-suites=openssl configure option + +------------------------------------------------------------------- +Fri Feb 23 01:06:42 UTC 2024 - Matej Cepl + +- (bsc#1219666, CVE-2023-6597) Add + CVE-2023-6597-TempDir-cleaning-symlink.patch (patch from + gh#python/cpython!99930) fixing symlink bug in cleanup of + tempfile.TemporaryDirectory. + +------------------------------------------------------------------- +Tue Feb 20 22:14:02 UTC 2024 - Matej Cepl + +- Remove double definition of /usr/bin/idle%%{version} in + %%files. + +------------------------------------------------------------------- +Thu Feb 15 10:29:07 UTC 2024 - Daniel Garcia + +- Add upstream patch libexpat260.patch, Fix tests for XMLPullParser + with Expat 2.6.0, gh#python/cpython#115289 + +------------------------------------------------------------------- +Thu Feb 8 07:27:40 UTC 2024 - Daniel Garcia + +- Update to 3.11.8: + - Security + - gh-113659: Skip .pth files with names starting with a dot or + hidden file attribute. + - Core and Builtins + - gh-114887: Changed socket type validation in + create_datagram_endpoint() to accept all non-stream sockets. + This fixes a regression in compatibility with raw sockets. + - gh-114388: Fix a RuntimeWarning emitted when assign an + integer-like value that is not an instance of int to an + attribute that corresponds to a C struct member of type T_UINT + and T_ULONG. Fix a double RuntimeWarning emitted when assign a + negative integer value to an attribute that corresponds to a C + struct member of type T_UINT. + - gh-89811: Check for a valid tp_version_tag before performing + bytecode specializations that rely on this value being usable. + - gh-113602: Fix an error that was causing the parser to try to + overwrite existing errors and crashing in the process. Patch by + Pablo Galindo + - gh-113566: Fix a 3.11-specific crash when the repr of a Future + is requested after the module has already been + garbage-collected. + - gh-106905: Use per AST-parser state rather than global state to + track recursion depth within the AST parser to prevent potential + race condition due to simultaneous parsing. + - The issue primarily showed up in 3.11 by multithreaded users of + ast.parse(). In 3.12 a change to when garbage collection can be + triggered prevented the race condition from occurring. + - gh-112716: Fix SystemError in the import statement and in + __reduce__() methods of builtin types when __builtins__ is not a + dict. + - gh-105967: Workaround a bug in Apple’s macOS platform zlib + library where zlib.crc32() and binascii.crc32() could produce + incorrect results on multi-gigabyte inputs. Including when using + zipfile on zips containing large data. + - gh-94606: Fix UnicodeEncodeError when + email.message.get_payload() reads a message with a Unicode + surrogate character and the message content is not well-formed + for surrogateescape encoding. Patch by Sidney Markowitz. + - Library + - gh-114965: Update bundled pip to 24.0 + - gh-114959: tarfile no longer ignores errors when trying to + extract a directory on top of a file. + - gh-109475: Fix support of explicit option value “–” in argparse + (e.g. --option=--). + - gh-110190: Fix ctypes structs with array on Windows ARM64 + platform by setting MAX_STRUCT_SIZE to 32 in stgdict. Patch by + Diego Russo + - gh-113280: Fix a leak of open socket in rare cases when error + occurred in ssl.SSLSocket creation. + - gh-77749: email.policy.EmailPolicy.fold() now always encodes + non-ASCII characters in headers if utf8 is false. + - gh-114492: Make the result of termios.tcgetattr() reproducible + on Alpine Linux. Previously it could leave a random garbage in + some fields. + - gh-75128: Ignore an OSError in + asyncio.BaseEventLoop.create_server() when IPv6 is available but + the interface cannot actually support it. + - gh-114257: Dismiss the FileNotFound error in + ctypes.util.find_library() and just return None on Linux. + - gh-101438: Avoid reference cycle in ElementTree.iterparse. The + iterator returned by ElementTree.iterparse may hold on to a file + descriptor. The reference cycle prevented prompt clean-up of the + file descriptor if the returned iterator was not exhausted. + - gh-104522: OSError raised when run a subprocess now only has + filename attribute set to cwd if the error was caused by a + failed attempt to change the current directory. + - gh-109534: Fix a reference leak in + asyncio.selector_events.BaseSelectorEventLoop when SSL + handshakes fail. Patch contributed by Jamie Phan. + - gh-114077: Fix possible OverflowError in + socket.socket.sendfile() when pass count larger than 2 GiB on + 32-bit platform. + - gh-114014: Fixed a bug in fractions.Fraction where an invalid + string using d in the decimals part creates a different error + compared to other invalid letters/characters. Patch by Jeremiah + Gabriel Pascual. + - gh-113951: Fix the behavior of tag_unbind() methods of + tkinter.Text and tkinter.Canvas classes with three arguments. + Previously, widget.tag_unbind(tag, sequence, funcid) destroyed + the current binding for sequence, leaving sequence unbound, and + deleted the funcid command. Now it removes only funcid from the + binding for sequence, keeping other commands, and deletes the + funcid command. It leaves sequence unbound only if funcid was + the last bound command. + - gh-113877: Fix tkinter method winfo_pathname() on 64-bit + Windows. + - gh-113781: Silence unraisable AttributeError when warnings are + emitted during Python finalization. + - gh-113594: Fix UnicodeEncodeError in email when re-fold lines + that contain unknown-8bit encoded part followed by + non-unknown-8bit encoded part. + - gh-113538: In asyncio.StreamReaderProtocol.connection_made(), + there is callback that logs an error if the task wrapping the + “connected callback” fails. This callback would itself fail if + the task was cancelled. Prevent this by checking whether the + task was cancelled first. If so, close the transport but don’t + log an error. + - gh-85567: Fix resource warnings for unclosed files in pickle and + pickletools command line interfaces. + - gh-101225: Increase the backlog for + multiprocessing.connection.Listener objects created by + multiprocessing.manager and multiprocessing.resource_sharer to + significantly reduce the risk of getting a connection refused + error when creating a multiprocessing.connection.Connection to + them. + - gh-113543: Make sure that webbrowser.MacOSXOSAScript sends + webbrowser.open audit event. + - gh-113028: When a second reference to a string appears in the + input to pickle, and the Python implementation is in use, we are + guaranteed that a single copy gets pickled and a single object + is shared when reloaded. Previously, in protocol 0, when a + string contained certain characters (e.g. newline) it resulted + in duplicate objects. + - gh-113421: Fix multiprocessing logger for %(filename)s. + - gh-113358: Fix rendering tracebacks for exceptions with a broken + __getattr__. + - gh-113214: Fix an AttributeError during asyncio SSL protocol + aborts in SSL-over-SSL scenarios. + - gh-113246: Update bundled pip to 23.3.2. + - gh-113199: Make http.client.HTTPResponse.read1 and + http.client.HTTPResponse.readline close IO after reading all + data when content length is known. Patch by Illia Volochii. + - gh-113188: Fix shutil.copymode() and shutil.copystat() on + Windows. Previously they worked differenly if dst is a symbolic + link: they modified the permission bits of dst itself rather + than the file it points to if follow_symlinks is true or src is + not a symbolic link, and did not modify the permission bits if + follow_symlinks is false and src is a symbolic link. + - gh-61648: Detect line numbers of properties in doctests. + - gh-112559: signal.signal() and signal.getsignal() no longer call + repr on callable handlers. asyncio.run() and + asyncio.Runner.run() no longer call repr on the task results. + Patch by Yilei Yang. + - gh-110190: Fix ctypes structs with array on PPC64LE platform by + setting MAX_STRUCT_SIZE to 64 in stgdict. Patch by Diego Russo. + - gh-79429: Ignore FileNotFoundError when remove a temporary + directory in the multiprocessing finalizer. + - gh-79325: Fix an infinite recursion error in + tempfile.TemporaryDirectory() cleanup on Windows. + - gh-110190: Fix ctypes structs with array on Arm platform by + setting MAX_STRUCT_SIZE to 32 in stgdict. Patch by Diego Russo. + - gh-81194: Fix a crash in socket.if_indextoname() with specific + value (UINT_MAX). Fix an integer overflow in + socket.if_indextoname() on 64-bit non-Windows platforms. + - gh-75666: Fix the behavior of tkinter widget’s unbind() method + with two arguments. Previously, widget.unbind(sequence, funcid) + destroyed the current binding for sequence, leaving sequence + unbound, and deleted the funcid command. Now it removes only + funcid from the binding for sequence, keeping other commands, + and deletes the funcid command. It leaves sequence unbound only + if funcid was the last bound command. + - gh-110345: Show the Tcl/Tk patchlevel (rather than version) in + tkinter._test(). + - gh-109858: Protect zipfile from “quoted-overlap” zipbomb. It now + raises BadZipFile when try to read an entry that overlaps with + other entry or central directory (bsc#1221854, CVE-2024-0450). + - gh-38807: Fix race condition in trace. Instead of checking if a + directory exists and creating it, directly call os.makedirs() + with the kwarg exist_ok=True. + - gh-75705: Set unixfrom envelope in mailbox.mbox and + mailbox.MMDF. + - gh-105102: Allow ctypes.Union to be nested in ctypes.Structure + when the system endianness is the opposite of the classes. + - gh-104282: Fix null pointer dereference in + lzma._decode_filter_properties() due to improper handling of BCJ + filters with properties of zero length. Patch by Radislav + Chugunov. + - gh-102512: When os.fork() is called from a foreign thread (aka + _DummyThread), the type of the thread in a child process is + changed to _MainThread. Also changed its name and daemonic + status, it can be now joined. + - gh-91133: Fix a bug in tempfile.TemporaryDirectory cleanup, + which now no longer dereferences symlinks when working around + file system permission errors. + - bpo-43153: On Windows, tempfile.TemporaryDirectory previously + masked a PermissionError with NotADirectoryError during + directory cleanup. It now correctly raises PermissionError if + errors are not ignored. Patch by Andrei Kulakov and Ken Jin. + - bpo-35332: The shutil.rmtree() function now ignores errors when + calling os.close() when ignore_errors is True, and os.close() no + longer retried after error. + - bpo-35928: io.TextIOWrapper now correctly handles the decoding + buffer after read() and write(). + - bpo-26791: shutil.move() now moves a symlink into a directory + when that directory is the target of the symlink. This provides + the same behavior as the mv shell command. The previous behavior + raised an exception. Patch by Jeffrey Kintscher. + - bpo-36959: Fix some error messages for invalid ISO format string + combinations in strptime() that referred to directives not + contained in the format string. Patch by Gordon P. Hemsley. + - bpo-18060: Fixed a class inheritance issue that can cause + segfaults when deriving two or more levels of subclasses from a + base class of Structure or Union. + - Documentation + - gh-110746: Improved markup for valid options/values for methods + ttk.treeview.column and ttk.treeview.heading, and for Layouts. + - gh-95649: Document that the asyncio module contains code taken + from v0.16.0 of the uvloop project, as well as the required MIT + licensing information. + - Tests + - gh-109980: Fix test_tarfile_vs_tar in test_shutil for macOS, + where system tar can include more information in the archive + than shutil.make_archive. + - gh-112769: The tests now correctly compare zlib version when + zlib.ZLIB_RUNTIME_VERSION contains non-integer suffixes. For + example zlib-ng defines the version as 1.3.0.zlib-ng. + - gh-105089: Fix + test.test_zipfile.test_core.TestWithDirectory.test_create_directory_with_write + test in AIX by doing a bitwise AND of 0xFFFF on mode , so that + it will be in sync with zinfo.external_attr + - bpo-40648: Test modes that file can get with chmod() on Windows. + - Build + - gh-101778: Fix build error when there’s a dangling symlink in + the directory containing ffi.h. + - gh-112305: Fixed the check-clean-src step performed on out of + tree builds to detect errant $(srcdir)/Python/frozen_modules/*.h + files and recommend appropriate source tree cleanup steps to get + a working build again. + - bpo-11102: The os.major(), os.makedev(), and os.minor() + functions are now available on HP-UX v3. + - bpo-36351: Do not set ipv6type when cross-compiling. + - IDLE + - gh-96905: In idlelib code, stop redefining built-ins ‘dict’ and + ‘object’. + - gh-72284: Improve the lists of features, editor key bindings, + and shell key bingings in the IDLE doc. + - gh-113903: Fix rare failure of test.test_idle, in + test_configdialog. + - gh-113729: Fix the “Help -> IDLE Doc” menu bug in 3.11.7 and + 3.12.1. + - gh-113269: Fix test_editor hang on macOS Catalina. + - gh-112898: Fix processing unsaved files when quitting IDLE on + macOS. + - gh-103820: Revise IDLE bindings so that events from mouse button + 4/5 on non-X11 windowing systems (i.e. Win32 and Aqua) are not + mistaken for scrolling. + - bpo-13586: Enter the selected text when opening the “Replace” + dialog. + - Tools/Demos + - gh-109991: Update GitHub CI workflows to use OpenSSL 3.0.13 and + multissltests to use 1.1.1w, 3.0.13, 3.1.5, and 3.2.1. + - gh-115015: Fix a bug in Argument Clinic that generated incorrect + code for methods with no parameters that use the METH_METHOD | + METH_FASTCALL | METH_KEYWORDS calling convention. Only the + positional parameter count was checked; any keyword argument + passed would be silently accepted. +- Remove upstreamed patches: + - CVE-2024-0450-zipfile-avoid-quoted-overlap-zipbomb.patch +- Refresh all patches: + - CVE-2023-27043-email-parsing-errors.patch + - F00251-change-user-install-location.patch + - bpo-31046_ensurepip_honours_prefix.patch + - distutils-reproducible-compile.patch + - fix_configure_rst.patch + - python-3.3.0b1-fix_date_time_compiler.patch + - python-3.3.0b1-localpath.patch + - python-3.3.0b1-test-posix_fadvise.patch + - skip_if_buildbot-extend.patch + - subprocess-raise-timeout.patch + - support-expat-CVE-2022-25236-patched.patch + +------------------------------------------------------------------- +Tue Dec 19 16:34:50 UTC 2023 - Daniel Garcia + +- Update patch fix_configure_rst.patch +- Update to 3.11.7: + - Core and Builtins + - gh-112625: Fixes a bug where a bytearray object could be cleared + while iterating over an argument in the bytearray.join() method + that could result in reading memory after it was freed. + - gh-112388: Fix an error that was causing the parser to try to + overwrite tokenizer errors. Patch by pablo Galindo + - gh-112387: Fix error positions for decoded strings with + backwards tokenize errors. Patch by Pablo Galindo + - gh-112266: Change docstrings of __dict__ and __weakref__. + - gh-109181: Speed up Traceback object creation by lazily compute + the line number. Patch by Pablo Galindo + - gh-102388: Fix a bug where iso2022_jp_3 and iso2022_jp_2004 + codecs read out of bounds + - gh-111366: Fix an issue in the codeop that was causing + SyntaxError exceptions raised in the presence of invalid syntax + to not contain precise error messages. Patch by Pablo Galindo + - gh-111380: Fix a bug that was causing SyntaxWarning to appear + twice when parsing if invalid syntax is encountered later. Patch + by Pablo galindo + - gh-88116: Traceback location ranges involving wide unicode + characters (like emoji and asian characters) now are properly + highlighted. Patch by Batuhan Taskaya and Pablo Galindo. + - gh-94438: Fix a regression that prevented jumping across is None + and is not None when debugging. Patch by Savannah Ostrowski. + - gh-110696: Fix incorrect error message for invalid argument + unpacking. Patch by Pablo Galindo + - gh-110237: Fix missing error checks for calls to PyList_Append + in _PyEval_MatchClass. + - gh-109216: Fix possible memory leak in BUILD_MAP. + + - Library + - gh-112618: Fix a caching bug relating to typing.Annotated. + Annotated[str, True] is no longer identical to Annotated[str, + 1]. + - gh-112509: Fix edge cases that could cause a key to be present + in both the __required_keys__ and __optional_keys__ attributes + of a typing.TypedDict. Patch by Jelle Zijlstra. + - gh-94722: Fix bug where comparison between instances of DocTest + fails if one of them has None as its lineno. + - gh-112105: Make readline.set_completer_delims() work with + libedit + - gh-111942: Fix SystemError in the TextIOWrapper constructor with + non-encodable “errors” argument in non-debug mode. + - gh-109538: Issue warning message instead of having RuntimeError + be displayed when event loop has already been closed at + StreamWriter.__del__(). + - gh-111942: Fix crashes in io.TextIOWrapper.reconfigure() when + pass invalid arguments, e.g. non-string encoding. + - gh-111804: Remove posix.fallocate() under WASI as the underlying + posix_fallocate() is not available in WASI preview2. + - gh-111841: Fix truncating arguments on an embedded null + character in os.putenv() and os.unsetenv() on Windows. + - gh-111541: Fix doctest for SyntaxError not-builtin subclasses. + - gh-110894: Call loop exception handler for exceptions in + client_connected_cb of asyncio.start_server() so that + applications can handle it. Patch by Kumar Aditya. + - gh-111531: Fix reference leaks in bind_class() and bind_all() + methods of tkinter widgets. + - gh-111356: Added io.text_encoding(), io.DEFAULT_BUFFER_SIZE, and + io.IncrementalNewlineDecoder to io.__all__. + - gh-68166: Remove mention of not supported “vsapi” element type + in tkinter.ttk.Style.element_create(). Add tests for + element_create() and other ttk.Style methods. Add examples for + element_create() in the documentation. + - gh-111251: Fix _blake2 not checking for errors when + initializing. + - gh-111174: Fix crash in io.BytesIO.getbuffer() called repeatedly + for empty BytesIO. + - gh-111187: Postpone removal version for + locale.getdefaultlocale() to Python 3.15. + - gh-111159: Fix doctest output comparison for exceptions with + notes. + - gh-110910: Fix invalid state handling in asyncio.TaskGroup and + asyncio.Timeout. They now raise proper RuntimeError if they are + improperly used and are left in consistent state after this. + - gh-111092: Make turtledemo run without default root enabled. + - gh-110590: Fix a bug in _sre.compile() where TypeError would be + overwritten by OverflowError when the code argument was a list + of non-ints. + - gh-65052: Prevent pdb from crashing when trying to display + undisplayable objects + - gh-110519: Deprecation warning about non-integer number in + gettext now alwais refers to the line in the user code where + gettext function or method is used. Previously it could refer to + a line in gettext code. + - gh-110378: contextmanager() and asynccontextmanager() context + managers now close an invalid underlying generator object that + yields more then one value. + - gh-110365: Fix termios.tcsetattr() bug that was overwritting + existing errors during parsing integers from term list. + - gh-110196: Add __reduce__ method to IPv6Address in order to keep + scope_id + - gh-109747: Improve errors for unsupported look-behind patterns. + Now re.error is raised instead of OverflowError or RuntimeError + for too large width of look-behind pattern. + - gh-109786: Fix possible reference leaks and crash when re-enter + the __next__() method of itertools.pairwise. + - gh-108791: Improved error handling in pdb command line + interface, making it produce more concise error messages. + - gh-73561: Omit the interface scope from an IPv6 address when + used as Host header by http.client. + - gh-86826: zipinfo now supports the full range of values in the + TZ string determined by RFC 8536 and detects all invalid + formats. Both Python and C implementations now raise exceptions + of the same type on invalid data. + - bpo-41422: Fixed memory leaks of pickle.Pickler and + pickle.Unpickler involving cyclic references via the internal + memo mapping. + - bpo-40262: The ssl.SSLSocket.recv_into() method no longer + requires the buffer argument to implement __len__ and supports + buffers with arbitrary item size. + - bpo-35191: Fix unexpected integer truncation in + socket.setblocking() which caused it to interpret multiples of + 2**32 as False. + + - Documentation + - gh-108826: dis module command-line interface is now mentioned in + documentation. + + - Tests + - gh-110367: Make regrtest --verbose3 option compatible with + --huntrleaks -jN options. The ./python -m test -j1 -R 3:3 + --verbose3 command now works as expected. Patch by Victor + Stinner. + - gh-111309: distutils tests can now be run via unittest. + - gh-111165: Remove no longer used functions run_unittest() and + run_doctest() and class BasicTestRunner from the test.support + module. + - gh-110932: Fix regrtest if the SOURCE_DATE_EPOCH environment + variable is defined: use the variable value as the random seed. + Patch by Victor Stinner. + - gh-110995: test_gdb: Fix detection of gdb built without Python + scripting support. Patch by Victor Stinner. + - gh-110918: Test case matching patterns specified by options + --match, --ignore, --matchfile and --ignorefile are now tested + in the order of specification, and the last match determines + whether the test case be run or ignored. + - gh-110647: Fix test_stress_modifying_handlers() of test_signal. + Patch by Victor Stinner. + - gh-103053: Fix test_tools.test_freeze on FreeBSD: run “make + distclean” instead of “make clean” in the copied source + directory to remove also the “python” program. Patch by Victor + Stinner. + - gh-110167: Fix a deadlock in test_socket when server fails with + a timeout but the client is still running in its thread. Don’t + hold a lock to call cleanup functions in doCleanups(). One of + the cleanup function waits until the client completes, whereas + the client could deadlock if it called addCleanup() in such + situation. Patch by Victor Stinner. + - gh-110388: Add tests for tty. + - gh-81002: Add tests for termios. + - gh-110267: Add tests for pickling and copying PyStructSequence + objects. Patched by Xuehai Pan. + - gh-109974: Fix race conditions in test_threading lock tests. + Wait until a condition is met rather than using time.sleep() + with a hardcoded number of seconds. Patch by Victor Stinner. + - gh-109972: Split test_gdb.py file into a test_gdb package made + of multiple tests, so tests can now be run in parallel. Patch by + Victor Stinner. + - gh-104736: Fix test_gdb on Python built with LLVM clang 16 on + Linux ppc64le (ex: Fedora 38). Search patterns in gdb “bt” + command output to detect when gdb fails to retrieve the + traceback. For example, skip a test if Backtrace stopped: frame + did not save the PC is found. Patch by Victor Stinner. + - gh-108927: Fixed order dependence in running tests in the same + process when a test that has submodules (e.g. test_importlib) + follows a test that imports its submodule (e.g. + test_importlib.util) and precedes a test (e.g. test_unittest or + test_compileall) that uses that submodule. + + - Build + - gh-103053: “make check-clean-src” now also checks if the + “python” program is found in the source directory: fail with an + error if it does exist. Patch by Victor Stinner. + - gh-109191: Fix compile error when building with recent versions + of libedit. + + - IDLE + - bpo-35668: Add docstrings to the IDLE debugger module. Fix two + bugs: initialize Idb.botframe (should be in Bdb); in + Idb.in_rpc_code, check whether prev_frame is None before trying + to use it. Greatly expand test_debugger. + + - C API + - gh-112438: Fix support of format units “es”, “et”, “es#”, and + “et#” in nested tuples in PyArg_ParseTuple()-like functions. + - gh-109521: PyImport_GetImporter() now sets RuntimeError if it + fails to get sys.path_hooks or sys.path_importer_cache or they + are not list and dict correspondingly. Previously it could + return NULL without setting error in obscure cases, crash or + raise SystemError if these attributes have wrong type. +------------------------------------------------------------------- +Mon Dec 18 16:20:58 UTC 2023 - Matej Cepl + +- Refresh CVE-2023-27043-email-parsing-errors.patch to + gh#python/cpython!111116, fixing bsc#1210638 (CVE-2023-27043). +- Thus we can remove Revert-gh105127-left-tests.patch, which is + now useless. + +------------------------------------------------------------------- +Wed Nov 15 09:06:16 UTC 2023 - Daniel Garcia + +- Remove not needed patch 103213-fetch-CONFIG_ARGS.patch +- Refresh patches: + - bpo-31046_ensurepip_honours_prefix.patch + - fix_configure_rst.patch + +- Update to 3.11.6: + - Core and Builtins + - gh-109351: Fix crash when compiling an invalid AST involving a + named (walrus) expression. + - gh-109207: Fix a SystemError in __repr__ of symtable entry + object. + - gh-109179: Fix bug where the C traceback display drops notes + from SyntaxError. + - gh-88943: Improve syntax error for non-ASCII character that + follows a numerical literal. It now points on the invalid + non-ASCII character, not on the valid numerical literal. + - gh-108959: Fix caret placement for error locations for subscript + and binary operations that involve non-semantic parentheses and + spaces. Patch by Pablo Galindo + - gh-108520: Fix + multiprocessing.synchronize.SemLock.__setstate__() to properly + initialize multiprocessing.synchronize.SemLock._is_fork_ctx. + This fixes a regression when passing a SemLock accross nested + processes. + - Rename multiprocessing.synchronize.SemLock.is_fork_ctx to + multiprocessing.synchronize.SemLock._is_fork_ctx to avoid + exposing it as public API. + - Library + - gh-110036: On Windows, multiprocessing Popen.terminate() now + catchs PermissionError and get the process exit code. If the + process is still running, raise again the PermissionError. + Otherwise, the process terminated as expected: store its exit + code. Patch by Victor Stinner. + - gh-110038: Fixed an issue that caused KqueueSelector.select() to + not return all the ready events in some cases when a file + descriptor is registered for both read and write. + - gh-109631: re functions such as re.findall(), re.split(), + re.search() and re.sub() which perform short repeated matches + can now be interrupted by user. + - gh-109593: Avoid deadlocking on a reentrant call to the + multiprocessing resource tracker. Such a reentrant call, though + unlikely, can happen if a GC pass invokes the finalizer for a + multiprocessing object such as SemLock. + - gh-109613: Fix os.stat() and os.DirEntry.stat(): check for + exceptions. Previously, on Python built in debug mode, these + functions could trigger a fatal Python error (and abort the + process) when a function succeeded with an exception set. Patch + by Victor Stinner. + - gh-109375: The pdb alias command now prevents registering + aliases without arguments. + - gh-107219: Fix a race condition in concurrent.futures. When a + process in the process pool was terminated abruptly (while the + future was running or pending), close the connection write end. + If the call queue is blocked on sending bytes to a worker + process, closing the connection write end interrupts the send, + so the queue can be closed. Patch by Victor Stinner. + - gh-50644: Attempts to pickle or create a shallow or deep copy of + codecs streams now raise a TypeError. Previously, copying failed + with a RecursionError, while pickling produced wrong results + that eventually caused unpickling to fail with a RecursionError. + - gh-108987: Fix _thread.start_new_thread() race condition. If a + thread is created during Python finalization, the newly spawned + thread now exits immediately instead of trying to access freed + memory and lead to a crash. Patch by Victor Stinner. + - gh-108843: Fix an issue in ast.unparse() when unparsing + f-strings containing many quote types. + - gh-108682: Enum: raise TypeError if super().__new__() is called + from a custom __new__. + - gh-105829: Fix concurrent.futures.ProcessPoolExecutor deadlock + - gh-64662: Fix support for virtual tables in + sqlite3.Connection.iterdump(). Patch by Aviv Palivoda. + - gh-107913: Fix possible losses of errno and winerror values in + OSError exceptions if they were cleared or modified by the + cleanup code before creating the exception object. + - gh-104372: On Linux where subprocess can use the vfork() syscall + for faster spawning, prevent the parent process from blocking + other threads by dropping the GIL while it waits for the + vfork’ed child process exec() outcome. This prevents spawning a + binary from a slow filesystem from blocking the rest of the + application. + - gh-84867: unittest.TestLoader no longer loads test cases from + exact unittest.TestCase and unittest.FunctionTestCase classes. + - Documentation + - gh-109209: The minimum Sphinx version required for the + documentation is now 4.2. + - gh-105052: Update timeit doc to specify that time in seconds is + just the default. + - gh-102823: Document the return type of x // y when x and y have + type float. + - Tests + - gh-110031: Skip test_threading tests using thread+fork if Python + is built with Address Sanitizer (ASAN). Patch by Victor Stinner. + - gh-110088: Fix test_asyncio timeouts: don’t measure the maximum + duration, a test should not measure a CI performance. Only + measure the minimum duration when a task has a timeout or delay. + Add CLOCK_RES to test_asyncio.utils. Patch by Victor Stinner. + - gh-110033: Fix test_interprocess_signal() of test_signal. Make + sure that the subprocess.Popen object is deleted before the test + raising an exception in a signal handler. Otherwise, + Popen.__del__() can get the exception which is logged as + Exception ignored in: ... and the test fails. Patch by Victor + Stinner. + - gh-109594: Fix test_timeout() of + test_concurrent_futures.test_wait. Remove the future which may + or may not complete depending if it takes longer than the + timeout ot not. Keep the second future which does not complete + before wait() timeout. Patch by Victor Stinner. + - gh-109748: Fix test_zippath_from_non_installed_posix() of + test_venv: don’t copy __pycache__/ sub-directories, because they + can be modified by other Python tests running in parallel. Patch + by Victor Stinner. + - gh-103053: Skip test_freeze_simple_script() of + test_tools.test_freeze if Python is built with ./configure + --enable-optimizations, which means with Profile Guided + Optimization (PGO): it just makes the test too slow. The freeze + tool is tested by many other CIs with other (faster) compiler + flags. Patch by Victor Stinner. + - gh-109396: Fix test_socket.test_hmac_sha1() in FIPS mode. Use a + longer key: FIPS mode requires at least of at least 112 bits. + The previous key was only 32 bits. Patch by Victor Stinner. + - gh-104736: Fix test_gdb on Python built with LLVM clang 16 on + Linux ppc64le (ex: Fedora 38). Search patterns in gdb “bt” + command output to detect when gdb fails to retrieve the + traceback. For example, skip a test if Backtrace stopped: frame + did not save the PC is found. Patch by Victor Stinner. + - gh-109237: Fix test_site.test_underpth_basic() when the working + directory contains at least one non-ASCII character: encode the + ._pth file to UTF-8 and enable the UTF-8 Mode to use UTF-8 for + the child process stdout. Patch by Victor Stinner. + - gh-109230: Fix test_pyexpat.test_exception(): it can now be run + from a directory different than Python source code directory. + Before, the test failed in this case. Skip the test if + Modules/pyexpat.c source is not available. Skip also the test on + Python implementations other than CPython. Patch by Victor + Stinner. + - gh-109015: Fix test_asyncio, test_imaplib and test_socket tests + on FreeBSD if the TCP blackhole is enabled (sysctl + net.inet.tcp.blackhole). Skip the few tests which failed with + ETIMEDOUT which such non standard configuration. Currently, the + FreeBSD GCP image enables TCP and UDP blackhole (sysctl + net.inet.tcp.blackhole=2 and sysctl net.inet.udp.blackhole=1). + Patch by Victor Stinner. + - gh-91960: Skip test_gdb if gdb is unable to retrieve Python + frame objects: if a frame is . When Python is + built with “clang -Og”, gdb can fail to retrive the frame + parameter of _PyEval_EvalFrameDefault(). In this case, tests + like py_bt() are likely to fail. Without getting access to + Python frames, python-gdb.py is mostly clueless on retrieving + the Python traceback. Moreover, test_gdb is no longer skipped on + macOS if Python is built with Clang. Patch by Victor Stinner. + - gh-108962: Skip test_tempfile.test_flags() if chflags() fails + with “OSError: [Errno 45] Operation not supported” (ex: on + FreeBSD 13). Patch by Victor Stinner. + - gh-89392: Removed support of test_main() function in tests. They + now always use normal unittest test runner. + - gh-108851: Fix test_tomllib recursion tests for WASI buildbots: + reduce the recursion limit and compute the maximum nested + array/dict depending on the current available recursion limit. + Patch by Victor Stinner. + - gh-108851: Add get_recursion_available() and + get_recursion_depth() functions to the test.support module. + Patch by Victor Stinner. + - gh-108822: regrtest now computes statistics on all tests: + successes, failures and skipped. test_netrc, test_pep646_syntax + and test_xml_etree now return results in their test_main() + function. Patch by Victor Stinner and Alex Waygood. + - gh-108388: Convert test_concurrent_futures to a package of 7 + sub-tests. Patch by Victor Stinner. + - gh-108388: Split test_multiprocessing_fork, + test_multiprocessing_forkserver and test_multiprocessing_spawn + into test packages. Each package is made of 4 sub-tests: + processes, threads, manager and misc. It allows running more + tests in parallel and so reduce the total test duration. Patch + by Victor Stinner. + - gh-101634: When running the Python test suite with -jN option, + if a worker stdout cannot be decoded from the locale encoding + report a failed testn so the exitcode is non-zero. Patch by + Victor Stinner. + - gh-100086: The Python test runner (libregrtest) now logs Python + build information like “debug” vs “release” build, or LTO and + PGO optimizations. Patch by Victor Stinner. + - gh-98903: The Python test suite now fails wit exit code 4 if no + tests ran. It should help detecting typos in test names and test + methods. + - gh-95027: On Windows, when the Python test suite is run with the + -jN option, the ANSI code page is now used as the encoding for + the stdout temporary file, rather than using UTF-8 which can + lead to decoding errors. Patch by Victor Stinner. + - gh-93353: regrtest now checks if a test leaks temporary files or + directories if run with -jN option. Patch by Victor Stinner. + - Build + - gh-63760: Fix Solaris build: no longer redefine the + gethostname() function. Solaris defines the function since 2005. + Patch by Victor Stinner, original patch by Jakub Kulík. + - gh-108740: Fix a race condition in make regen-all. The + deepfreeze.c source and files generated by Argument Clinic are + now generated or updated before generating “global objects”. + Previously, some identifiers may miss depending on the order in + which these files were generated. Patch by Victor Stinner. + - Windows + - gh-109991: Update Windows build to use OpenSSL 3.0.11. + - gh-107565: Update Windows build to use OpenSSL 3.0.10. + - macOS + - gh-109991: Update macOS installer to use OpenSSL 3.0.11. + - Tools/Demos + - gh-109991: Update GitHub CI workflows to use OpenSSL 3.0.11 and + multissltests to use 1.1.1w, 3.0.11, and 3.1.3. + +------------------------------------------------------------------- +Wed Sep 6 07:52:11 UTC 2023 - Daniel Garcia + +- Update to 3.11.5 (bsc#1214692): + - Security + - gh-108310: Fixed an issue where instances of ssl.SSLSocket were + vulnerable to a bypass of the TLS handshake and included + protections (like certificate verification) and treating sent + unencrypted data as if it were post-handshake TLS encrypted data. + Security issue reported as CVE-2023-40217 by Aapo Oksman. Patch by + Gregory P. Smith. + - Core and Builtins + - gh-104432: Fix potential unaligned memory access on C APIs + involving returned sequences of char * pointers within the grp + and socket modules. These were revealed using a + -fsaniziter=alignment build on ARM macOS. Patch by Christopher + Chavez. + - gh-77377: Ensure that multiprocessing synchronization objects + created in a fork context are not sent to a different process + created in a spawn context. This changes a segfault into an + actionable RuntimeError in the parent process. + - gh-106092: Fix a segmentation fault caused by a use-after-free + bug in frame_dealloc when the trashcan delays the deallocation + of a PyFrameObject. + - gh-106719: No longer suppress arbitrary errors in the + __annotations__ getter and setter in the type and module types. + - gh-106723: Propagate frozen_modules to multiprocessing spawned + process interpreters. + - gh-105979: Fix crash in _imp.get_frozen_object() due to improper + exception handling. + - gh-105840: Fix possible crashes when specializing function calls + with too many __defaults__. + - gh-105588: Fix an issue that could result in crashes when + compiling malformed ast nodes. + - gh-105375: Fix bugs in the builtins module where exceptions + could end up being overwritten. + - gh-105375: Fix bug in the compiler where an exception could end + up being overwritten. + - gh-105375: Improve error handling in + PyUnicode_BuildEncodingMap() where an exception could end up + being overwritten. + - gh-105235: Prevent out-of-bounds memory access during + mmap.find() calls. + - gh-101006: Improve error handling when read marshal data. + - Library + - gh-105736: Harmonized the pure Python version of OrderedDict + with the C version. Now, both versions set up their internal + state in __new__. Formerly, the pure Python version did the set + up in __init__. + - gh-107963: Fix multiprocessing.set_forkserver_preload() to check + the given list of modules names. Patch by Dong-hee Na. + - gh-106242: Fixes os.path.normpath() to handle embedded null + characters without truncating the path (bsc#1214693, + CVE-2023-41105). + - gh-107845: tarfile.data_filter() now takes the location of + symlinks into account when determining their target, so it will + no longer reject some valid tarballs with + LinkOutsideDestinationError. + - gh-107715: Fix doctest.DocTestFinder.find() in presence of class + names with special characters. Patch by Gertjan van Zwieten. + - gh-100814: Passing a callable object as an option value to a + Tkinter image now raises the expected TclError instead of an + AttributeError. + - gh-106684: Close asyncio.StreamWriter when it is not closed by + application leading to memory leaks. Patch by Kumar Aditya. + - gh-107077: Seems that in some conditions, OpenSSL will return + SSL_ERROR_SYSCALL instead of SSL_ERROR_SSL when a certification + verification has failed, but the error parameters will still + contain ERR_LIB_SSL and SSL_R_CERTIFICATE_VERIFY_FAILED. We are + now detecting this situation and raising the appropiate + ssl.SSLCertVerificationError. Patch by Pablo Galindo + - gh-107396: tarfiles; Fixed use before assignment of + self.exception for gzip decompression + - gh-62519: Make gettext.pgettext() search plural definitions when + translation is not found. + - gh-83006: Document behavior of shutil.disk_usage() for + non-mounted filesystems on Unix. + - gh-106186: Do not report MultipartInvariantViolationDefect + defect when the email.parser.Parser class is used to parse + emails with headersonly=True. + - gh-106831: Fix potential missing NULL check of d2i_SSL_SESSION + result in _ssl.c. + - gh-106774: Update the bundled copy of pip to version 23.2.1. + - gh-106752: Fixed several bug in zipfile.Path in + name/suffix/suffixes/stem operations when no filename is present + and the Path is not at the root of the zipfile. + - gh-106602: Add __copy__ and __deepcopy__ in enum + - gh-106530: Revert a change to colorsys.rgb_to_hls() that caused + division by zero for certain almost-white inputs. Patch by Terry + Jan Reedy. + - gh-106052: re module: fix the matching of possessive quantifiers + in the case of a subpattern containing backtracking. + - gh-106510: Improve debug output for atomic groups in regular + expressions. + - gh-105497: Fix flag mask inversion when unnamed flags exist. + - gh-90876: Prevent multiprocessing.spawn from failing to import + in environments where sys.executable is None. This regressed in + 3.11 with the addition of support for path-like objects in + multiprocessing. + - gh-106350: Detect possible memory allocation failure in the + libtommath function mp_init() used by the _tkinter module. + - gh-102541: Make pydoc.doc catch bad module ImportError when + output stream is not None. + - gh-106263: Fix crash when calling repr with a manually + constructed SignalDict object. Patch by Charlie Zhao. + - gh-105375: Fix a bug in _Unpickler_SetInputStream() where an + exception could end up being overwritten in case of failure. + - gh-105375: Fix bugs in sys where exceptions could end up being + overwritten because of deferred error handling. + - gh-105605: Harden pyexpat error handling during module + initialisation to prevent exceptions from possibly being + overwritten, and objects from being dereferenced twice. + - gh-105375: Fix bug in decimal where an exception could end up + being overwritten. + - gh-105375: Fix bugs in _datetime where exceptions could be + overwritten in case of module initialisation failure. + - gh-105375: Fix bugs in _ssl initialisation which could lead to + leaked references and overwritten exceptions. + - gh-105375: Fix a bug in array.array where an exception could end + up being overwritten. + - gh-105375: Fix bugs in _ctypes where exceptions could end up + being overwritten. + - gh-105375: Fix a bug in the posix module where an exception + could be overwritten. + - gh-105375: Fix bugs in _elementtree where exceptions could be + overwritten. + - gh-105375: Fix bugs in zoneinfo where exceptions could be + overwritten. + - gh-105375: Fix bugs in pickle where exceptions could be + overwritten. + - gh-105497: Fix flag inversion when alias/mask members exist. + - gh-105375: Fix bugs in pickle where exceptions could be + overwritten. + - gh-103171: Revert undocumented behaviour change with + runtime-checkable protocols decorated with typing.final() in + Python 3.11. The behaviour change had meant that objects would + not be considered instances of these protocols at runtime unless + they had a __final__ attribute. Patch by Alex Waygood. + - gh-105375: Fix a bug in sqlite3 where an exception could be + overwritten in the collation callback. + - gh-105332: Revert pickling method from by-name back to by-value. + - gh-104554: Add RTSPS scheme support in urllib.parse + - gh-100061: Fix a bug that causes wrong matches for regular + expressions with possessive qualifier. + - gh-102541: Hide traceback in help() prompt, when import failed. + - gh-99203: Restore following CPython <= 3.10.5 behavior of + shutil.make_archive(): do not create an empty archive if + root_dir is not a directory, and, in that case, raise + FileNotFoundError or NotADirectoryError regardless of format + choice. Beyond the brought-back behavior, the function may now + also raise these exceptions in dry_run mode. + - gh-94777: Fix hanging multiprocessing ProcessPoolExecutor when a + child process crashes while data is being written in the call + queue. + - bpo-18319: Ensure gettext(msg) retrieve translations even if a + plural form exists. In other words: gettext(msg) == + ngettext(msg, '', 1). + - Documentation + - gh-107008: Document the curses module variables LINES and COLS. + - gh-106948: Add a number of standard external names to + nitpick_ignore. + - gh-54738: Add documentation on how to localize the argparse + module. + - Tests + - gh-105776: Fix test_cppext when the C compiler command -std=c11 + option: remove -std= options from the compiler command. Patch by + Victor Stinner. + - gh-107237: test_logging: Fix test_udp_reconnection() by + increasing the timeout from 100 ms to 5 minutes (LONG_TIMEOUT). + Patch by Victor Stinner. + - gh-101634: When running the Python test suite with -jN option, + if a worker stdout cannot be decoded from the locale encoding + report a failed testn so the exitcode is non-zero. Patch by + Victor Stinner. + - Build + - gh-107814: When calling find_python.bat with -q it did not + properly silence the output of nuget. That is now fixed. + - gh-106881: Check for linux/limits.h before including it in + Modules/posixmodule.c. + - gh-104692: Include commoninstall as a prerequisite for + bininstall + - This ensures that commoninstall is completed before bininstall + is started when parallel builds are used (make -j install), and + so the python3 symlink is only installed after all standard + library modules are installed. + - gh-100340: Allows -Wno-int-conversion for wasm-sdk 17 and + onwards, thus enables building WASI builds once against the + latest sdk. + - Windows + - gh-106242: Fixes realpath() to behave consistently when passed a + path containing an embedded null character on Windows. In strict + mode, it now raises OSError instead of the unexpected + ValueError, and in non-strict mode will make the path absolute. + - gh-106844: Fix integer overflow in _winapi.LCMapStringEx() which + affects ntpath.normcase(). + - gh-99079: Update Windows build to use OpenSSL 3.0.9 + - gh-105436: Ensure that an empty environment block is terminated + by two null characters, as is required by Windows. + - macOS + - gh-107565: Update macOS installer to use OpenSSL 3.0.10. + - gh-99079: Update macOS installer to use OpenSSL 3.0.9. + - Tools/Demos + - gh-107565: Update multissltests and GitHub CI workflows to use + OpenSSL 1.1.1v, 3.0.10, and 3.1.2. + - gh-95065: Argument Clinic now supports overriding automatically + generated signature by using directive @text_signature. See How + to override the generated signature. + - gh-106970: Fix bugs in the Argument Clinic destination + clear command; the destination buffers would never be cleared, + and the destination directive parser would simply continue to + the fault handler after processing the command. Patch by Erlend + E. Aasland. + - C API + - gh-107916: C API functions PyErr_SetFromErrnoWithFilename(), + PyErr_SetExcFromWindowsErrWithFilename() and + PyErr_SetFromWindowsErrWithFilename() save now the error code + before calling PyUnicode_DecodeFSDefault(). + - gh-107915: Such C API functions as PyErr_SetString(), + PyErr_Format(), PyErr_SetFromErrnoWithFilename() and many others + no longer crash or ignore errors if it failed to format the + error message or decode the filename. Instead, they keep a + corresponding error. + - gh-107226: PyModule_AddObjectRef() is now only available in the + limited API version 3.10 or later. + - gh-105375: Fix a bug in PyErr_WarnExplicit() where an exception + could end up being overwritten if the API failed internally. + - gh-99612: Fix PyUnicode_DecodeUTF8Stateful() for ASCII-only + data: *consumed was not set. + +------------------------------------------------------------------- +Thu Aug 10 09:33:26 UTC 2023 - Dirk Müller + +- restrict PEP668 to ALP/Tumbleweed + +------------------------------------------------------------------- +Fri Aug 4 06:37:41 UTC 2023 - Dirk Müller + +- add externally_managed.in to label this build as PEP-668 managed + +------------------------------------------------------------------- +Thu Aug 3 14:53:38 UTC 2023 - Matej Cepl + +- IT MEANS THAT bsc#1210638 STILL HAS NOT BEEN FIXED! +- Add Revert-gh105127-left-tests.patch (gh#python/cpython!106941) + partially reverting CVE-2023-27043-email-parsing-errors.patch, + because of the regression in gh#python/cpython#106669. +- (bsc#1210638, CVE-2023-27043) Add + CVE-2023-27043-email-parsing-errors.patch, which detects email + address parsing errors and returns empty tuple to indicate the + parsing error (old API). (The patch is faulty, + gh#python/cpython#106669, but upstream decided not to just + revert it). + +------------------------------------------------------------------- +Wed Jun 28 19:47:28 UTC 2023 - Matej Cepl + +- Update to Python 3.11.4: + - gh-103142: The version of OpenSSL used in Windows and + Mac installers has been upgraded to 1.1.1u to address + CVE-2023-2650, CVE-2023-0465, CVE-2023-0466, CVE-2023-0464, + as well as CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303 + fixed previously in 1.1.1t (gh-101727). + - gh-102153: urllib.parse.urlsplit() now strips leading C0 + control and space characters following the specification for + URLs defined by WHATWG in response to CVE-2023-24329 + (bsc#1208471). + - gh-99889: Fixed a security in flaw in uu.decode() that could + allow for directory traversal based on the input if no + out_file was specified. + - gh-104049: Do not expose the local on-disk + location in directory indexes produced by + http.client.SimpleHTTPRequestHandler. + - gh-103935: trace.__main__ now uses io.open_code() for files + to be executed instead of raw open(). + - gh-102953: The extraction methods in tarfile, and + shutil.unpack_archive(), have a new filter argument that + allows limiting tar features than may be surprising or + dangerous, such as creating files outside the destination + directory. See Extraction filters for details (fixing + CVE-2007-4559, bsc#1203750). +- Remove upstreamed patches: + - CVE-2007-4559-filter-tarfile_extractall.patch + +------------------------------------------------------------------- +Mon Jun 26 13:02:05 UTC 2023 - Matej Cepl + +- Remove obsolete_python_versioned macro again. This mechanism + has no business to be in Python 3.11, because we have abolished + with it whole interpreter+setuptools+pip product. Python 3.11 + should not be replaced by later versions anymore. + +------------------------------------------------------------------- +Sun Apr 30 18:13:16 UTC 2023 - Matej Cepl + +- Add 103213-fetch-CONFIG_ARGS.patch (gh#python/cpython#103053). +- Add skip_if_buildbot-extend.patch to avoid the bug altogether + (extending what skip_if_buildbot covers). +- Add CVE-2007-4559-filter-tarfile_extractall.patch to fix + bsc#1203750 (CVE-2007-4559) and implementing "PEP 706 – Filter + for tarfile.extractall". + +------------------------------------------------------------------- +Thu Apr 27 21:57:15 UTC 2023 - Matej Cepl + +- Update to 3.11.3: + - Security + - gh-101727: Updated the OpenSSL version used in Windows + and macOS binary release builds to 1.1.1t to address + CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303 per the + OpenSSL 2023-02-07 security advisory. + - Core and Builtins + - gh-101975: Fixed stacktop value on tracing entries to avoid + corruption on garbage collection. + - gh-102701: Fix overflow when creating very large dict. + - gh-102416: Do not memoize incorrectly automatically + generated loop rules in the parser. Patch by Pablo Galindo. + - gh-102356: Fix a bug that caused a crash when deallocating + deeply nested filter objects. Patch by Marta Gómez Macías. + - gh-102397: Fix segfault from race condition in signal + handling during garbage collection. Patch by Kumar Aditya. + - gh-102281: Fix potential nullptr dereference and use of + uninitialized memory in fileutils. Patch by Max Bachmann. + - gh-102126: Fix deadlock at shutdown when clearing thread + states if any finalizer tries to acquire the runtime head + lock. Patch by Kumar Aditya. + - gh-102027: Fix SSE2 and SSE3 detection in _blake2 internal + module. Patch by Max Bachmann. + - gh-101967: Fix possible segfault in + positional_only_passed_as_keyword function, when new list + created. + - gh-101765: Fix SystemError / segmentation fault in iter + __reduce__ when internal access of builtins.__dict__ keys + mutates the iter object. + - gh-101696: Invalidate type version tag in + _PyStaticType_Dealloc for static types, avoiding bug where + a false cache hit could crash the interpreter. Patch by + Kumar Aditya. + - Library + - gh-102549: Don’t ignore exceptions in member type creation. + - gh-102947: Improve traceback when dataclasses.fields() is + called on a non-dataclass. Patch by Alex Waygood + - gh-102780: The asyncio.Timeout context manager now + works reliably even when performing cleanup due to task + cancellation. Previously it could raise a CancelledError + instead of an TimeoutError in such cases. + - gh-88965: typing: Fix a bug relating to substitution in . + Pacustom classes generic over a ParamSpec. Previously, if . + Pathe ParamSpec was substituted with a parameters list that . + Paitself contained a TypeVar, the TypeVar in the parameters . + Palist could not be subsequently substituted. This is now . + Pafixed tch by Nikita Sobolev . + - gh-101979: Fix a bug where parentheses in the metavar + argument to argparse.ArgumentParser.add_argument() were + dropped. Patch by Yeojin Kim. + - gh-102179: Fix os.dup2() error message for negative fds. + - gh-101961: For the binary mode, fileinput.hookcompressed() + doesn’t set the encoding value even if the value is + None. Patch by Gihwan Kim. + - gh-101936: The default value of fp becomes io.BytesIO + if HTTPError is initialized without a designated fp + parameter. Patch by Long Vo. + - gh-102069: Fix __weakref__ descriptor generation for custom + dataclasses. + - gh-101566: In zipfile, apply fix for extractall on the + underlying zipfile after being wrapped in Path. + - gh-101892: Callable iterators no longer raise SystemError + when the callable object exhausts the iterator but forgets + to either return a sentinel value or raise StopIteration. + - gh-97786: Fix potential undefined behaviour in corner cases + of floating-point-to-time conversions. + - gh-101517: Fixed bug where bdb looks up the source line + with linecache with a lineno=None, which causes it to fail + with an unhandled exception. + - gh-101673: Fix a pdb bug where ll clears the changes to + local variables. + - gh-96931: Fix incorrect results from + ssl.SSLSocket.shared_ciphers() + - gh-88233: Correctly preserve “extra” fields in zipfile + regardless of their ordering relative to a zip64 “extra.” + - gh-96127: inspect.signature was raising TypeError on + call with mock objects. Now it correctly returns (*args, + **kwargs) as infered signature. + - gh-95495: When built against OpenSSL 3.0, the ssl module + had a bug where it reported unauthenticated EOFs (i.e. + without close_notify) as a clean TLS-level EOF. It now + raises SSLEOFError, matching the behavior in previous + versions of OpenSSL. The options attribute on SSLContext + also no longer includes OP_IGNORE_UNEXPECTED_EOF by + default. This option may be set to specify the previous + OpenSSL 3.0 behavior. + - gh-94440: Fix a concurrent.futures.process bug where + ProcessPoolExecutor shutdown could hang after a future has + been quickly submitted and canceled. + - Documentation + - gh-103112: Add docstring to http.client.HTTPResponse.read() + to fix pydoc output. + - gh-85417: Update cmath documentation to clarify behaviour + on branch cuts. + - gh-97725: Fix asyncio.Task.print_stack() description for + file=None. Patch by Oleg Iarygin. + - Tests + - gh-102980: Improve test coverage on pdb. + - gh-102537: Adjust the error handling strategy in + test_zoneinfo.TzPathTest.python_tzpath_context. Patch by + Paul Ganssle. + - gh-89792: test_tools now copies up to 10x less source data + to a temporary directory during the freeze test by ignoring + git metadata and other artifacts. It also limits its python + build parallelism based on os.cpu_count instead of hard + coding it as 8 cores. + - gh-101377: Improved test_locale_calendar_formatweekday of + calendar. + - Build + - gh-102711: Fix -Wstrict-prototypes compiler warnings. + +------------------------------------------------------------------- +Fri Mar 3 17:23:35 UTC 2023 - Matej Cepl + +- Update to 3.11.2: + Bug fixes, no changes in API and no security bugs. + +------------------------------------------------------------------- +Wed Mar 1 20:50:04 UTC 2023 - Matej Cepl + +- Add python310 Obsoletes line to obsolete_python_versioned macro. + +------------------------------------------------------------------- +Tue Feb 21 11:34:49 UTC 2023 - Matej Cepl + +- Add provides for readline and sqlite3 to the main Python + package. + +------------------------------------------------------------------- +Thu Jan 26 13:28:24 UTC 2023 - Thorsten Kukuk + +- Disable NIS for new products, it's deprecated and gets removed + +------------------------------------------------------------------- +Tue Jan 24 12:23:34 UTC 2023 - Dirk Müller + +- build GLIBC hwcaps optimized versions of the interpreter + +------------------------------------------------------------------- +Tue Jan 10 11:11:56 UTC 2023 - Matej Cepl + +- Don't fail on Sphinx build warnings. +- For jsc#PED-1570, jsc#PED-2217 and jsc#PED-68, + providing Python 3.11 for SLE-15-SP4. + +------------------------------------------------------------------- +Thu Dec 8 14:59:50 UTC 2022 - Matej Cepl + +- Update to 3.11.1: + - python -m http.server no longer allows terminal control + characters sent within a garbage request to be printed + to the stderr server lo This is done by changing the + http.server BaseHTTPRequestHandler .log_message method to + replace control characters with a \xHH hex escape before + printin + - Avoid publishing list of active per-interpreter audit hooks + via the gc module + - The IDNA codec decoder used on DNS hostnames by socket or + asyncio related name resolution functions no longer involves + a quadratic algorithm. This prevents a potential CPU denial + of service if an out-of-spec excessive length hostname + involving bidirectional characters were decoded. Some + protocols such as urllib http 3xx redirects potentially allow + for an attacker to supply such a name (CVE-2022-45061). + - Update bundled libexpat to 2.5.0 + - Fix a shell code injection vulnerability in the + get-remote-certificate.py example script. The script no + longer uses a shell to run openssl commands. Issue reported + and initial fix by Caleb Shortt. Patch by Victor Stinner. + - Fix a crash when an object which does not have a dictionary + frees its instance values. + - Fix a bug in the tokenizer that could cause infinite + recursion when showing syntax warnings that happen in the + first line of the source. Patch by Pablo Galindo + - Fix an issue that could cause frames to be visible to Python + code as they are being torn down, possibly leading to memory + corruption or hard crashes of the interpreter. + - Fix a reference bug in _imp.create_builtin() after the + creation of the first sub-interpreter for modules builtins + and sys. Patch by Victor Stinner. + - Fixed a bug that was causing a buffer overflow if the + tokenizer copies a line missing the newline caracter from a + file that is as long as the available tokenizer buffer. Patch + by Pablo galindo + - Fix bug where an ExceptionGroup subclass can wrap a + BaseException. + - Fix zip path for venv created from a non-installed python on + POSIX platforms. + - Fix an issue that could potentially cause incorrect error + handling for some bytecode instructions. + - Fix an issue that prevented PyThreadState and + PyInterpreterState memory from being freed properly. + - Fix failure in except* with unhashable exceptions. + - Fix calculation of sys._base_executable when inside a POSIX + virtual environment using copies of the python binary when + the base installation does not provide the executable name + used by the venv. Calculation will fall back to alternative + names (“python”, “python.”). + - Update faulthandler to emit an error message with the proper + unexpected signal number. Patch by Dong-hee Na. + - Fix location of SyntaxError for a try block with both except + and except*. + - Fix the error reporting positions of specialized traceback + anchors when the source line contains Unicode characters. + - Fix subscription of type aliases containing bare generic + types or types like TypeVar: for example tuple[A, T][int] and + tuple[TypeVar, T][int], where A is a generic type, and T is a + type variable. + - Lower the recursion depth for marshal on WASI to support + wasmtime 2.0/main. + - Fix multiple crashes in debug mode when str subclasses are + used instead of str itself. + - Fix an issue where member descriptors (such as those for + __slots__) could behave incorrectly or crash instead of + raising a TypeError when accessed via an instance of an + invalid type. + - Suppress ImportError for invalid query for help() + command. Patch by Dong-hee Na. + - Fix detection of MAC addresses for uuid on certain OSs. Patch + by Chaim Sanders + - Print exception class name instead of its string + representation when raising errors from ctypes calls. + - os.sched_yield() now release the GIL while calling + sched_yield(2). Patch by Dong-hee Na. + - Fix an issue that could delay the specialization of PRECALL + instructions. + - Bugfix: PyFunction_GetAnnotations() should return a borrowed + reference. It was returning a new reference. + - Ensure that all Python frame objects are backed by “complete” + frames. + - Fixed a missing incref/decref pair in + Exception.__setstate__(). Patch by Ofey Chan. + - Fix the Python path configuration used to initialized + sys.path at Python startup. Paths are no longer encoded + to UTF-8/strict to avoid encoding errors if it contains + surrogate characters (bytes paths are decoded with the + surrogateescape error handler). Patch by Victor Stinner. + - Fix overly-broad source position information for chained + comparisons used as branching conditions. + - At Python exit, sometimes a thread holding the GIL can + wait forever for a thread (usually a daemon thread) which + requested to drop the GIL, whereas the thread already + exited. To fix the race condition, the thread which requested + the GIL drop now resets its request before exiting. Issue + discovered and analyzed by Mingliang ZHAO. Patch by Victor + Stinner. + - Fix a possible assertion failure, fatal error, or SystemError + if a line tracing event raises an exception while opcode + tracing is enabled. + - Fix undefined behaviour in C code of null pointer arithmetic. + - Make sure that all frame objects created are created from + valid interpreter frames. Prevents the possibility of invalid + frames in backtraces and signal handlers. + - Disable incorrect pickling of the C implemented classmethod + descriptors. + - On WASI ENOTCAPABLE is now mapped to PermissionError. The + errno modules exposes the new error number. getpath.py now + ignores PermissionError when it cannot open landmark files + pybuilddir.txt and pyenv.cfg. + - Allow pdb to locate source for frozen modules in the standard + library. + - Raise ValueError instead of SystemError when methods of + uninitialized io.IncrementalNewlineDecoder objects are + called. Patch by Oren Milman. + - Fix a possible assertion failure in io.FileIO when the opener + returns an invalid file descriptor. + - Also escape s in the http.server + BaseHTTPRequestHandler.log_message so that it is technically + possible to parse the line and reconstruct what the original + data was. Without this a xHH is ambiguious as to if it is a + hex replacement we put in or the characters r”x” came through + in the original request line. + - asyncio.get_event_loop() now only emits a deprecation warning + when a new event loop was created implicitly. It no longer + emits a deprecation warning if the current event loop was + set. + - Fix bug when calling trace.CoverageResults with valid infile. + - Fix a bug in handling class cleanups in + unittest.TestCase. Now addClassCleanup() uses separate lists + for different TestCase subclasses, and doClassCleanups() only + cleans up the particular class. + - Release the GIL when calling termios APIs to avoid blocking + threads. + - Fix ast.increment_lineno() to also cover ast.TypeIgnore when + changing line numbers. + - Fix bug in urllib.parse.urlparse() that causes URL schemes + that begin with a digit, a plus sign, or a minus sign to be + parsed incorrectly. + - Check the number of arguments in substitution in user + generics containing a TypeVarTuple and one or more TypeVar. + - Fix substitution of ParamSpec followed by TypeVarTuple in + generic aliases. + - Fix substitution of TypeVarTuple and ParamSpec together in + user generics. + - Fixed bug where inspect.signature() reported incorrect + arguments for decorated methods. + - Fix SystemError in ctypes when exception was not set during + __initsubclass__. + - Remove older version of + _SSLProtocolTransport.get_write_buffer_limits in + asyncio.sslproto + - fix negative numbers failing in verify() + - Fix statistics.NormalDist pickle with 0 and 1 protocols. + - enum.auto() is now correctly activated when combined with + other assignment values. E.g. ONE = auto(), 'some text' will + now evaluate as (1, 'some text'). + - Update the bundled copy of pip to version 22.3.1. + - Clean up refleak on failed module initialisation in _zoneinfo + - Clean up refleaks on failed module initialisation in in + _pickle + - Clean up refleak on failed module initialisation in _io. + - Fix memory leak in math.dist() when both points don’t have + the same dimension. Patch by Kumar Aditya. + - [3.11] Applied changes from importlib_metadata 4.11.4 + through 4.13, including compatibility and robustness + fixes for Distribution objects without _normalized_name, + disallowing invalid inputs to Distribution.from_name, and + refined behaviors in PathDistribution._name_from_stem and + PathDistribution._normalized_name. + - Fix argument typechecks in _overlapped.WSAConnect() and + _overlapped.Overlapped.WSASendTo() functions. + - Prevent crashing in traceback when retrieving the byte-offset + for some source files that contain certain unicode + characters. + - Fix internal error in the re module which in very rare + circumstances prevented compilation of a regular expression + containing a conditional expression without the “else” + branch. + - Fix asyncio.StreamWriter.drain() to call + protocol.connection_lost callback only once on Windows. + - Add a mutex to unittest.mock.NonCallableMock to protect + concurrent access to mock attributes. + - Fix hang on Windows in subprocess.wait_closed() in asyncio + with ProactorEventLoop. Patch by Kumar Aditya. + - Fix infinite loop in unittest when a self-referencing chained + exception is raised + - tkinter.Text.count() raises now an exception for options + starting with “-” instead of silently ignoring them. + - On uname_result, restored expectation that _fields and + _asdict would include all six properties including processor. + - A createSocket() method was added to SysLogHandler. + - Fix bug in urllib.parse.urlparse() that causes certain port + numbers containing whitespace, underscores, plus and minus + signs, or non-ASCII digits to be incorrectly accepted. + - Allow venv to pass along PYTHON* variables to ensurepip and + pip when they do not impact path resolution + - On macOS, fix a crash in syslog.syslog() in multi-threaded + applications. On macOS, the libc syslog() function is not + thread-safe, so syslog.syslog() no longer releases the GIL to + call it. Patch by Victor Stinner. + - Allow BUILTINS to be a valid field name for frozen + dataclasses. + - Wrap network errors consistently in urllib FTP support, so + the test suite doesn’t fail when a network is available but + the public internet is not reachable. + - Make sure patch.dict() can be applied on async functions. + - Earlier in 3.11 we deprecated + asyncio.Task.cancel("message"). We realized we were too + harsh, and have undeprecated it. + - Change deprecate warning message in unittest from It is + deprecated to return a value!=None to It is deprecated to + return a value that is not None from a test case + - Fixes AttributeError when subprocess.check_output() is used + with argument input=None and either of the arguments encoding + or errors are used. + - Fix is_private properties in the ipaddress module. Previously + non-private networks (0.0.0.0/0) would return True from this + method; now they correctly return False. + - Avoid spurious tracebacks from asyncio when default executor + cleanup is delayed until after the event loop is closed (e.g. + as the result of a keyboard interrupt). + - Avoid a crash in the C version of + asyncio.Future.remove_done_callback() when an evil argument + is passed. + - Remove tokenize.NL check from tabnanny. + - Fix generation of the default name of + tkinter.Checkbutton. Previously, checkbuttons in different + parent widgets could have the same short name and share + the same state if arguments “name” and “variable” are not + specified. Now they are globally unique. + - Update bundled libexpat to 2.4.9 + - Fix race condition in asyncio where process_exited() called + before the pipe_data_received() leading to inconsistent + output. Patch by Kumar Aditya. + - Fixed check in multiprocessing.resource_tracker that + guarantees that the length of a write to a pipe is not + greater than PIPE_BUF. + - Corrected type annotation for dataclass attribute + pstats.FunctionProfile.ncalls to be str. + - Fix repr of Any subclasses. + - Work around missing socket functions in socket’s __repr__. + - In inspect, fix overeager replacement of “typing.” in + formatting annotations. + - Fix handling of bytes path-like objects in os.ismount(). + - Fix handling compiler warnings (SyntaxWarning and + DeprecationWarning) in codeop.compile_command() when checking + for incomplete input. Previously it emitted warnings and + raised a SyntaxError. Now it always returns None for + incomplete input without emitting any warnings. + - To avoid apparent memory leaks when asyncio.open_connection() + raises, break reference cycles generated by local exception + and future instances (which has exception instance as its + member var). Patch by Dong Uk, Kang. + - Fixed flickering of the turtle window when the tracer is + turned off. Patch by Shin-myoung-serp. + - Fix asyncio subprocess transport to kill process cleanly + when process is blocked and avoid RuntimeError when loop is + closed. Patch by Kumar Aditya. + - Prevent error when activating venv in nested fish instances. + - TarFile.next() now returns None when called on an empty + tarfile. + - Document the optional callback parameter of WeakMethod. Patch + by Géry Ogam. + - Restrict use of sockets instead of pipes for stdin of + subprocesses created by asyncio to AIX platform only. + - shutil.copytree() now applies the ignore_dangling_symlinks + argument recursively. + - Fix IndexError in argparse.ArgumentParser when a store_true + action is given an explicit argument. + - Document that calling variadic functions with ctypes requires + special care on macOS/arm64 (and possibly other platforms). + - Remove extra row + - Clarified the conflicting advice given in the ast + documentation about ast.literal_eval() being “safe” for use + on untrusted input while at the same time warning that it + can crash the process. The latter statement is true and is + deemed unfixable without a large amount of work unsuitable + for a bugfix. So we keep the warning and no longer claim that + literal_eval is safe. + - Restructured the documentation for the os.wait* family of + functions, and improved the docs for os.waitid() with more + explanation of the possible argument constants. + - Skip test_normalization() of test_unicodedata if it + fails to download NormalizationTest.txt file from + pythontest.net. Patch by Victor Stinner. + - Correct test_marsh on (32 bit) x86: test_deterministic sets + was failing. + - Optional big memory tests in test_sqlite3 now catch the + correct sqlite.DataError exception type in case of too large + strings and/or blobs passed. + - Fix a bug in the typing tests where a test relying + on CPython-specific implementation details was not + decorated with @cpython_only and was not skipped on other + implementations. + - Add tests for star-unpacking with PEP 646, and some other + miscellaneous PEP 646 tests. + - Added explicit coverage of Py_Initialize (and hence + Py_InitializeEx) back to the embedding tests (all other + embedding tests migrated to Py_InitializeFromConfig in Python + 3.11) + - Some C API tests were moved into the new Lib/test/test_capi/ + directory. + - Fix -Wimplicit-int, -Wstrict-prototypes, and + -Wimplicit-function-declaration compiler warnings in + configure checks. + - Fix a compilation issue with GCC 12 on macOS. + - Fix -Wimplicit-int compiler warning in configure check for + PTHREAD_SCOPE_SYSTEM. + - Fix a possible fd leak in Programs/_freeze_module.c + introduced in Python 3.11. + - Fix build with PYTHON_FOR_REGEN=python3.8. + - Specify the full path to the source location for make + docclean (needed for cross-builds). + - Don’t use vendored libmpdec headers if --with-system-libmpdec + is passed to configure. Don’t use vendored libexpat headers + if --with-system-expat is passed to !configure. + - Fix the build process of clang compiler for _bootstrap_python + if LTO optimization is applied. Patch by Matthias Görgens and + Dong-hee Na. + - wasm32-emscripten builds for browsers now include + concurrent.futures for asyncio and unittest.mock. + - wasm32-emscripten platform no longer builds resource module, + getresuid(), getresgid(), and their setters. The APIs are + stubs and not functional. + - Updated pegen regeneration script on Windows to find and + use Python 3.9 or higher. Prior to this, pegen regeneration + already required 3.9 or higher, but the script may have used + lower versions of Python. + - Fix a bug in the previous bugfix that caused IDLE to + not start when run with 3.10.8, 3.12.0a1, and at least + Microsoft Python 3.10.2288.0 installed without the Lib/test + package. 3.11.0 was never affected. + - The wasm_build.py script now pre-builds Emscripten ports, + checks for broken EMSDK versions, and warns about pkg-config + env vars. + - The new tool Tools/wasm/wasm_builder.py automates configure, + compile, and test steps for building CPython on WebAssembly + platforms. + - Fix handling of module docstrings in Tools/i18n/pygettext.py. + - PyBUF_* constants were marked as part of Limited API + of Python 3.11+. These were available in 3.11.0 with + Py_LIMITED_API defined for 3.11, and are necessary to use the + buffer API. + - Fix use-after-free in Py_SetPythonHome(NULL), + Py_SetProgramName(NULL) and _Py_SetProgramFullPath(NULL) + function calls. Issue reported by Benedikt Reinartz. Patch by + Victor Stinner. + - Py_InitializeEx now correctly calls PyConfig_Clear after + initializing the interpreter (the omission didn’t cause a + memory leak only because none of the dynamically allocated + config fields are populated by the wrapper function) +- Removed upstreamed patches: + - 98437-sphinx.locale._-as-gettext-in-pyspecific.patch + - CVE-2022-45061-DoS-by-IDNA-decode.patch + +------------------------------------------------------------------- +Wed Nov 9 18:31:23 UTC 2022 - Matej Cepl + +- Add CVE-2022-45061-DoS-by-IDNA-decode.patch to avoid + CVE-2022-45061 (bsc#1205244) allowing DoS by IDNA decoding + extremely long domain names. + +------------------------------------------------------------------- +Tue Oct 25 08:39:47 UTC 2022 - Matej Cepl + +- Update to 3.11.0 (overall changes from 3.10.*): + - General changes + - PEP 657 -- Include Fine-Grained Error Locations in + Tracebacks + - PEP 654 -- Exception Groups and except* + - PEP 680 -- tomllib: Support for Parsing TOML in the + Standard Library + - gh-90908 -- Introduce task groups to asyncio + - gh-34627 -- Atomic grouping ((?>...)) and possessive + quantifiers (*+, ++, ?+, {m,n}+) are now supported in + regular expressions. + - The Faster CPython Project is already yielding some + exciting results. Python 3.11 is up to 10-60% faster than + Python 3.10. On average, we measured a 1.22x speedup on the + standard benchmark suite. See Faster CPython for details. + - Typing and typing language changes + - PEP 673 -- Self Type + - PEP 646 -- Variadic Generics + - PEP 675 -- Arbitrary Literal String Type + - PEP 655 -- Marking individual TypedDict items as required + or potentially-missing + - PEP 681 -- Data Class Transforms +- (just changes from 3.11.0rc2): + - Fix multiplying a list by an integer (list *= int): detect + the integer overflow when the new allocated length is close + to the maximum size. Issue reported by Jordan Limor. Patch by + Victor Stinner. + - On Linux the multiprocessing module returns to using + filesystem backed unix domain sockets for communication + with the forkserver process instead of the Linux abstract + socket namespace. Only code that chooses to use the + “forkserver” start method is affected. Abstract sockets have + no permissions and could allow any user on the system in the + same network namespace (often the whole system) to inject + code into the multiprocessing forkserver process. This was + a potential privilege escalation. Filesystem based socket + permissions restrict this to the forkserver process user as + was the default in Python 3.8 and earlier. This prevents + Linux CVE-2022-42919. + - Fix an issue where several frame objects could be backed by + the same interpreter frame, possibly leading to corrupted + memory and hard crashes of the interpreter. + - Fix possible data corruption or crashes when accessing the + f_back member of newly-created generator or coroutine frames. + - Fix a crash occurring when PyEval_GetFrame() is called while + the topmost Python frame is in a partially-initialized state. + - Fix command line parsing: reject -X int_max_str_digits option + with no value (invalid) when the PYTHONINTMAXSTRDIGITS + environment variable is set to a valid limit. Patch by Victor + Stinner. + - Fix undefined behaviour in _testcapimodule.c. + - When ValueError is raised if an integer is larger than the + limit, mention the sys.set_int_max_str_digits() function in + the error message. Patch by Victor Stinner. + - Correctly raise SyntaxError on exception groups (PEP 654) on + python versions prior to 3.11 + - Document some places where an assignment expression needs + parentheses. + - Update the bundled copies of pip and setuptools to versions + 22.3 and 65.5.0 respectively. + - fix Flag to use boundary CONFORM + - This restores previous Flag behavior of allowing flags with + non-sequential values to be combined; e.g. + - class Skip(Flag): TWO = 2 EIGHT = 8 + - Skip.TWO | Skip.EIGHT -> + - Fix ! in c domain ref target syntax via a conf.py patch, so + it works as intended to disable ref target resolution. + - Update tutorial introduction output to use 3.10+ SyntaxError + invalid range. + +------------------------------------------------------------------- +Fri Oct 21 10:14:03 UTC 2022 - Matej Cepl + +- Add 98437-sphinx.locale._-as-gettext-in-pyspecific.patch to + allow building of documentation with the latest Sphinx 5.3.0 + (gh#python/cpython#98366). + +------------------------------------------------------------------- +Thu Sep 15 08:43:07 UTC 2022 - Matej Cepl + +- Update to 3.11.0rc2: + - Converting between int and str in bases other than 2 + (binary), 4, 8 (octal), 16 (hexadecimal), or 32 such as base + 10 (decimal) now raises a ValueError if the number of digits + in string form is above a limit to avoid potential denial of + service attacks due to the algorithmic complexity. This is + a mitigation for CVE-2020-10735. + This new limit can be configured or disabled by environment + variable, command line flag, or sys APIs. See the integer + string conversion length limitation documentation. The + default limit is 4300 digits in string form. + - Fix case of undefined behavior in ceval.c + - Do not expose KeyWrapper in _functools. + - Ensure that tracing, sys.setrace(), is turned on + immediately. In pre-release versions of 3.11, some tracing + events might have been lost when turning on tracing in a + __del__ method or interrupt. + - Fix use after free in trace refs build mode. Patch by Kumar + Aditya. + - When loading a file with invalid UTF-8 inside a multi-line + string, a correct SyntaxError is emitted. + - Make sure that incomplete frames do not show up in + tracemalloc traces. + - Remove two cases of undefined behavior, by adding NULL + checks. + - Fix possible NULL pointer dereference in + _PyThread_CurrentFrames. Patch by Kumar Aditya. + - Fix AttributeError missing name and obj attributes in + object.__getattribute__(). Patch by Philip Georgi. + - Loading a file with invalid UTF-8 will now report the broken + character at the correct location. + - Fixed a bug that caused _PyCode_GetExtra to return garbage + for negative indexes. Patch by Pablo Galindo + - Fix a deadlock in PyGILState_Ensure() when allocating new + thread state. Patch by Kumar Aditya. + - PyType_Ready() now initializes ht_cached_keys and performs + additional checks to ensure that type objects are properly + configured. This avoids crashes in 3rd party packages that + don’t use regular API to create new types. + - Skip over incomplete frames in PyThreadState_GetFrame(). + - Fix format string in _PyPegen_raise_error_known_location that + can lead to memory corruption on some 64bit systems. The + function was building a tuple with i (int) instead of n + (Py_ssize_t) for Py_ssize_t arguments. + - Fix misleading contents of error message when converting an + all-whitespace string to float. + - ast.parse() will no longer parse function definitions with + positional-only params when passed feature_version less than + (3, 8). Patch by Shantanu Jain. + - Fix incorrect error message in the io module. + - Fix the faulthandler implementation of + faulthandler.register(signal, chain=True) if the sigaction() + function is not available: don’t call the previous signal + handler if it’s NULL. Patch by Victor Stinner. + - Correct conversion of numbers.Rational’s to float. + - Fix TypeVarTuple.__typing_prepare_subst__. TypeError was not + raised when using more than one TypeVarTuple, like [*T, *V] + in type alias substitutions. + - Fix asyncio.streams.StreamReaderProtocol to keep a strong + reference to the created task, so that it’s not garbage + collected + - Fix a performance regression in logging + TimedRotatingFileHandler. Only check for special files when + the rollover time has passed. + - Fix unused localName parameter in the Attr class in + xml.dom.minidom. + - Fix incorrect condition that causes sys.thread_info.name to + be wrong on pthread platforms. + - Remove an incompatible change from bpo-28080 that caused a + regression that ignored the utf8 in ZipInfo.flag_bits. Patch + by Pablo Galindo. + - Fix asyncio.Runner to call asyncio.set_event_loop() only + once to avoid calling attach_loop() multiple times on child + watchers. Patch by Kumar Aditya. + - Fix unittest.IsolatedAsyncioTestCase to set event loop before + calling setup functions. Patch by Kumar Aditya. + - When a task catches asyncio.CancelledError and raises some + other error, the other error should generally not silently be + suppressed. + - Fail gracefully if EPERM or ENOSYS is raised when loading + crypt methods. This may happen when trying to load MD5 on a + Linux kernel with FIPS enabled. + - Allow asyncio.StreamWriter.drain() to be awaited concurrently + by multiple tasks. Patch by Kumar Aditya. + - Fix ast.unparse() when ImportFrom.level is None + - Improve discoverability of the higher level + concurrent.futures module by providing clearer links from the + lower level threading and multiprocessing modules. + - What’s New 3.11 now has instructions for how to provide + compiler and linker flags for Tcl/Tk and OpenSSL on RHEL 7 + and CentOS 7. + - Mitigate the inherent race condition from using + find_unused_port() in testSockName() by trying to find an + unused port a few times before failing. Patch by Ross Burton. + - Build and test with OpenSSL 1.1.1q +- Use support-expat-CVE-2022-25236-patched.patch from the current + version of gh#python/cpython#93900 instead of the old + support-expat-245.patch. +- Reapply fix_configure_rst.patch. + +------------------------------------------------------------------- +Mon Sep 5 08:43:49 UTC 2022 - Andreas Schwab + +- Increase testsuite timeout for test_freeze_simple_script + +------------------------------------------------------------------- +Sat Aug 20 21:31:40 UTC 2022 - Matej Cepl + +- fix import_failed.map to refer to the python 3.11 package versions + +------------------------------------------------------------------- +Sat Aug 20 14:05:21 UTC 2022 - Matej Cepl + +- Update to 3.11.0rc1: + - Core and Builtins + - Update code object hashing and equality to consider all + debugging and exception handling tables. This fixes an + issue where certain non-identical code objects could be + “deduplicated” during compilation. + - _PyPegen_Parser_New now properly detects token memory + allocation errors. Patch by Honglin Zhu. + - Run Python code in tracer/profiler function at full + speed. Fixes slowdown in earlier versions of 3.11. + - Emit a warning in debug mode if an object does not call + PyObject_GC_UnTrack() before deallocation. Patch by Pablo + Galindo. + - Prevented crashes in the AST constructor when + compiling some absurdly long expressions like + "+0"*1000000. RecursionError is now raised instead. Patch + by Pablo Galindo + - ast.AST node positions are now validated when provided to + compile() and other related functions. If invalid positions + are detected, a ValueError will be raised. + - Fix error detection in some builtin functions when keyword + argument name is an instance of a str subclass with + overloaded __eq__ and __hash__. Previously it could cause + SystemError or other undesired behavior. + - Library + - Update bundled pip to 22.2.2. + - Fix asyncio.TaskGroup to propagate exception when + asyncio.CancelledError was replaced with another exception + by a context manger. Patch by Kumar Aditya and Guido van + Rossum. + - Update bundled pip to 22.2.1. + - Fix GC crash when deallocating _lsprof.Profiler by + untracking it before calling any callbacks. Patch by Kumar + Aditya. + - Fix asyncio.run() for asyncio.Task implementations without + uncancel() method. Patch by Kumar Aditya. + - Fix check for existence of os.EFD_CLOEXEC, os.EFD_NONBLOCK + and os.EFD_SEMAPHORE flags on older kernel versions where + these flags are not present. Patch by Kumar Aditya. + - Fix concurrent.futures.Executor.map() to cancel the + currently waiting on future on an error - e.g. TimeoutError + or KeyboardInterrupt. + - Ensure that timeouts scheduled with asyncio.Timeout that + have already expired are delivered promptly. + - Suppress writing an XML declaration in open files + in ElementTree.write() with encoding='unicode' and + xml_declaration=None. + - Fix findtext in the xml module to only give an empty string + when the text attribute is set to None. + - Documentation + - Fix stylesheet not working in Windows CHM htmlhelp docs + and add warning that they are deprecated. Contributed by + C.A.M. Gerlach. + - Update library documentation with availability information + on WebAssembly platforms wasm32-emscripten and wasm32-wasi. + - Use consistent syntax for platform availability. The + directive now supports a content body and emits a warning + when it encounters an unknown platform. + - Document a limitation in ThreadPoolExecutor where its exit + handler is executed before any handlers in atexit. + - Tests + - Lib/test/test_asyncio/test_ssl.py exposed a bug in the + macOS kernel where intense concurrent load on non-blocking + sockets occasionally causes errno.ENOBUFS (“No buffer space + available”) to be emitted. FB11063974 filed with Apple, in + the mean time as a workaround buffer size used in tests on + macOS is decreased to avoid intermittent failures. Patch by + Fantix King. + - Fix problem with test_ssl test_get_ciphers on systems that + require perfect forward secrecy (PFS) ciphers. + - Add a regression test for re exponentional slowdown when + using rjsmin. + - Build + - Fix a regression in configure script that caused some + header checks to ignore custom CPPFLAGS. The regression was + introduced in gh-94802. + - wasm32-wasi builds no longer depend on WASIX’s pthread + stubs. Python now has its own stubbed pthread API. + - Python now detects missing dup function in WASI and works + around some missing errno, select, and socket constants. + - Python now skips missing socket functions and methods on + WASI. WASI can only create sockets from existing fd / + accept and has no netdb. + - Platforms wasm32-unknown-emscripten and wasm32-unknown-wasi + have been promoted to PEP 11 tier 3 platform support. + - IDLE + - Document handling of extensions in Save As dialogs. + - Include prompts when saving Shell (interactive input and + output). + - Fix the Shell context menu copy-with-prompts bug of copying + an extra line when one selects whole lines. + - In the Edit menu, move Select All and add a new separator. + - Enable using IDLE’s module browser with .pyw files. + - Add .pyi as a recognized extension for IDLE on macOS. This + allows opening stub files by double clicking on them in the + Finder. + - C API + - Restore the 3.10 behavior for multiple inheritance of C + extension classes that store their dictionary at the end of + the struct. + - Added PyCode_GetVarnames(), PyCode_GetCellvars() and + PyCode_GetFreevars() for accessing co_varnames, co_cellvars + and co_freevars respectively via the C API. + +------------------------------------------------------------------- +Tue Jul 26 10:37:31 UTC 2022 - Matej Cepl + +- Update to 3.11.0b5: + - Core and Builtins + - gh-93351: ast.AST node positions are now validated when + provided to compile() and other related functions. If + invalid positions are detected, a ValueError will be + raised. + - gh-94438: Fix an issue that caused extended opcode + arguments and some conditional pops to be ignored when + calculating valid jump targets for assignments to the + f_lineno attribute of frame objects. In some cases, this + could cause inconsistent internal state, resulting in a + hard crash of the interpreter. + - gh-95060: Undocumented PyCode_Addr2Location function now + properly returns when addrq argument is less than zero. + - gh-95113: Replace all EXTENDED_ARG_QUICK instructions + with basic EXTENDED_ARG instructions in unquickened + code. Consumers of non-adaptive bytecode should be able to + handle extended arguments the same way they were handled in + CPython 3.10 and older. + - gh-91409: Fix incorrect source location info caused by + certain optimizations in the bytecode compiler. + - gh-94036: Fix incorrect source location info for some + multi-line attribute accesses and method calls. + - gh-94739: Allow jumping within, out of, and across + exception handlers in the debugger. + - gh-94949: ast.parse() will no longer parse parenthesized + context managers when passed feature_version less than (3, + 9). Patch by Shantanu Jain. + - gh-94947: ast.parse() will no longer parse assignment + expressions when passed feature_version less than (3, + 8). Patch by Shantanu Jain. + - gh-91256: Ensures the program name is known for help text + during interpreter startup. + - gh-94869: Fix the column offsets for some expressions in + multi-line f-strings ast nodes. Patch by Pablo Galindo. + - gh-94822: Fix an issue where lookups of metaclass + descriptors may be ignored when an identically-named + attribute also exists on the class itself. + - gh-91153: Fix an issue where a bytearray item assignment + could crash if it’s resized by the new value’s __index__() + method. + - gh-90699: Fix reference counting bug in + bool.__repr__(). Patch by Kumar Aditya. + - Library + - gh-95087: Fix IndexError in parsing invalid date in the + email module. + - gh-95199: Upgrade bundled setuptools to 63.2.0. + - gh-95194: Upgrade bundled pip to 22.2. + - gh-95132: Fix a sqlite3 regression where *args and **kwds + were incorrectly relayed from connect() to the Connection + factory. The regression was introduced in 3.11a1 with PR + 24421 (gh-85128). Patch by Erlend E. Aasland.` + - gh-93157: Fix fileinput module didn’t support errors option + when inplace is true. + - gh-95105: wsgiref.types.InputStream.__iter__() should + return Iterator[bytes], not Iterable[bytes]. Patch by + Shantanu Jain. + - gh-94857: Fix refleak in + _io.TextIOWrapper.reconfigure. Patch by Kumar Aditya. + - gh-94821: Fix binding of unix socket to empty address + on Linux to use an available address from the abstract + namespace, instead of “0”. + - gh-89988: Fix memory leak in pickle.Pickler when looking up + dispatch_table. Patch by Kumar Aditya. + - bpo-47025: Drop support for bytes on sys.path. + - Tests + - gh-95212: Make multiprocessing test case + test_shared_memory_recreate parallel-safe. + - Build + - gh-94847: Fixed _decimal module build issue on GCC when + compiling with LTO and pydebug. Debug builds no longer + force inlining of functions. + - gh-94841: Fix the possible performance regression of + PyObject_Free() compiled with MSVC version 1932. + - gh-94801: configure now uses custom flags like ZLIB_CFLAGS + and ZLIB_LIBS when searching for headers and libraries. + - gh-94773: deepfreeze.py now supports code object with + frozensets that contain incompatible, unsortable types. + - C API + - gh-94930: Fix SystemError raised when + PyArg_ParseTupleAndKeywords() is used with # in (...) but + without PY_SSIZE_T_CLEAN defined. + - gh-94864: Fix PyArg_Parse* with deprecated format units “u” + and “Z”. It returned 1 (success) when warnings are turned + into exceptions. + - gh-94731: Python again uses C-style casts for + most casting operations when compiled with + C++. This may trigger compiler warnings, if they + are enabled with e.g. -Wold-style-cast `` or + ``-Wzero-as-null-pointer-constant options for g++. + +------------------------------------------------------------------- +Thu Jul 21 14:19:53 UTC 2022 - Matej Cepl + +- Switch from %primary_interpreter to prjconf-defined + %primary_python (gh#openSUSE/python-rpm-macros#127). + +------------------------------------------------------------------- +Thu Jul 14 15:37:35 UTC 2022 - Matej Cepl + +- Update to 3.11.0b4: +- Fixes many bugs and adds following more significant changes +- Security + - gh-68966: The deprecated mailcap module now refuses to inject + Coreunsafe text (filenames, MIME types, parameters) into + shell Corecommands. Instead of using such text, it will + warn and act Coreas if a match was not found (or for test + commands, as if the Coretest failed). and Builtins + - gh-93516: Lazily create a table mapping bytecode offsets to + line numbers to speed up calculation of line numbers when + tracing. + - gh-93461: importlib.invalidate_caches() now drops entries + from sys.path_importer_cache with a relative path as + name. This solves a caching issue when a process changes its + current working directory. + - FileFinder no longer inserts a dot in the path, e.g. + /egg/./spam is now /egg/spam. +Library + - gh-93896: Fix asyncio.run() and + unittest.IsolatedAsyncioTestCase to always the set event loop + as it was done in Python 3.10 and earlier. Patch by Kumar + Aditya. + - gh-94101: Manual instantiation of ssl.SSLSession objects is + no longer allowed as it lead to misconfigured instances that + crashed the interpreter when attributes where accessed on + them. + - gh-83658: Make multiprocessing.Pool raise an exception if + maxtasksperchild is not None or a positive int. + - gh-61162: Clarify sqlite3 behavior when Using the connection + as a context manager. +Tools/Demos + - gh-94538: Fix Argument Clinic output to custom file + destinations. Patch by Erlend E. Aasland. +C API + - gh-93937: The following frame functions and type are now + directly available with #include , it’s no longer + needed to add #include : + PyFrame_Check() + PyFrame_GetBack() + PyFrame_GetBuiltins() + PyFrame_GetGenerator() + PyFrame_GetGlobals() + PyFrame_GetLasti() + PyFrame_GetLocals() + PyFrame_Type + +------------------------------------------------------------------- +Tue May 31 20:54:36 UTC 2022 - Matej Cepl + +- Update to 3.11.0b2: + - many small updates +- Add patch support-expat-245.patch: + * Support Expat >= 2.4.4 (jsc#SLE-21253) + +------------------------------------------------------------------- +Tue May 10 15:01:18 UTC 2022 - Matej Cepl + +- Refresh bluez-devel-vendor.tar.xz +- Fix building with system-expat (gh#python/cpython#92875). Nope, + it didn't work, worked around it. + +------------------------------------------------------------------- +Mon May 9 15:09:03 UTC 2022 - Matej Cepl + +- Update to pre-release version 3.11.0b1: + - PEP 657 – Include Fine-Grained Error Locations in Tracebacks + - PEP 654 – Exception Groups and except* + - PEP 673 – Self Type + - PEP 646 – Variadic Generics + - PEP 680– tomllib: Support for Parsing TOML in the Standard Library + - PEP 675– Arbitrary Literal String Type + - PEP 655– Marking individual TypedDict items as required or potentially-missing + - bpo-46752– Introduce task groups to asyncio + - The Faster Cpython Project is already yielding some exciting + results. Python 3.11 is up to 10-60% faster than Python + 3.10. On average, we measured a 1.22x speedup on the standard + benchmark suite. See + https://docs.python.org/3.11/whatsnew/3.11.html#faster-cpython + for details. + +------------------------------------------------------------------- +Thu May 5 14:35:56 UTC 2022 - Matej Cepl + +- Switch primary_interpreter from python38 to python310 + +------------------------------------------------------------------- +Sat Mar 26 22:52:45 UTC 2022 - Matej Cepl + +- Update to 3.10.4: + - bpo-46968: Check for the existence of the “sys/auxv.h” header + in faulthandler to avoid compilation problems in systems + where this header doesn’t exist. Patch by Pablo Galindo + - bpo-23691: Protect the re.finditer() iterator from + re-entering. + - bpo-42369: Fix thread safety of zipfile._SharedFile.tell() to + avoid a “zipfile.BadZipFile: Bad CRC-32 for file” exception + when reading a ZipFile from multiple threads. + - bpo-38256: Fix binascii.crc32() when it is compiled to use + zlib’c crc32 to work properly on inputs 4+GiB in length + instead of returning the wrong result. The workaround prior + to this was to always feed the function data in increments + smaller than 4GiB or to just call the zlib module function. + - bpo-39394: A warning about inline flags not at the start of + the regular expression now contains the position of the flag. + - bpo-47061: Deprecate the various modules listed by PEP 594: + - aifc, asynchat, asyncore, audioop, cgi, cgitb, chunk, crypt, + imghdr, msilib, nntplib, nis, ossaudiodev, pipes, smtpd, + sndhdr, spwd, sunau, telnetlib, uu, xdrlib + - bpo-2604: Fix bug where doctests using globals would fail + when run multiple times. + - bpo-45997: Fix asyncio.Semaphore re-aquiring FIFO order. + - bpo-47022: The asynchat, asyncore and smtpd modules have been + deprecated since at least Python 3.6. Their documentation and + deprecation warnings and have now been updated to note they + will removed in Python 3.12 (PEP 594). + - bpo-46421: Fix a unittest issue where if the command was + invoked as python -m unittest and the filename(s) began with + a dot (.), a ValueError is returned. + - bpo-40296: Fix supporting generic aliases in pydoc. + +- Update to 3.10.3: + - bpo-46940: Avoid overriding AttributeError metadata + information for nested attribute access calls. Patch by Pablo + Galindo. + - bpo-46852: Rename the private undocumented + float.__set_format__() method to float.__setformat__() to fix + a typo introduced in Python 3.7. The method is only used by + test_float. Patch by Victor Stinner. + - bpo-46794: Bump up the libexpat version into 2.4.6 + - bpo-46820: Fix parsing a numeric literal immediately (without + spaces) followed by “not in” keywords, like in 1not in x. Now + the parser only emits a warning, not a syntax error. + - bpo-46762: Fix an assert failure in debug builds when a ‘<’, + ‘>’, or ‘=’ is the last character in an f-string that’s + missing a closing right brace. + - bpo-46724: Make sure that all backwards jumps use the + JUMP_ABSOLUTE instruction, rather than JUMP_FORWARD with an + argument of (2**32)+offset. + - bpo-46732: Correct the docstring for the __bool__() method. + Patch by Jelle Zijlstra. + - bpo-46707: Avoid potential exponential backtracking when + producing some syntax errors involving lots of brackets. + Patch by Pablo Galindo. + - bpo-40479: Add a missing call to va_end() in + Modules/_hashopenssl.c. + - bpo-46615: When iterating over sets internally in + setobject.c, acquire strong references to the resulting items + from the set. This prevents crashes in corner-cases of + various set operations where the set gets mutated. + - bpo-45773: Remove two invalid “peephole” optimizations from + the bytecode compiler. + - bpo-43721: Fix docstrings of getter, setter, and deleter to + clarify that they create a new copy of the property. + - bpo-46503: Fix an assert when parsing some invalid N escape + sequences in f-strings. + - bpo-46417: Fix a race condition on setting a type __bases__ + attribute: the internal function add_subclass() now gets the + PyTypeObject.tp_subclasses member after calling + PyWeakref_NewRef() which can trigger a garbage collection + which can indirectly modify PyTypeObject.tp_subclasses. Patch + by Victor Stinner. + - bpo-46383: Fix invalid signature of _zoneinfo’s module_free + function to resolve a crash on wasm32-emscripten platform. + - bpo-46070: Py_EndInterpreter() now explicitly untracks all + objects currently tracked by the GC. Previously, if an object + was used later by another interpreter, calling + PyObject_GC_UnTrack() on the object crashed if the previous + or the next object of the PyGC_Head structure became + a dangling pointer. Patch by Victor Stinner. + - bpo-46339: Fix a crash in the parser when retrieving the + error text for multi-line f-strings expressions that do not + start in the first line of the string. Patch by Pablo Galindo + - bpo-46240: Correct the error message for unclosed parentheses + when the tokenizer doesn’t reach the end of the source when + the error is reported. Patch by Pablo Galindo + - bpo-46091: Correctly calculate indentation levels for lines + with whitespace character that are ended by line continuation + characters. Patch by Pablo Galindo + - bpo-43253: Fix a crash when closing transports where the + underlying socket handle is already invalid on the Proactor + event loop. + - bpo-47004: Apply bugfixes from importlib_metadata 4.11.3, + including bugfix for EntryPoint.extras, which was returning + match objects and not the extras strings. + - bpo-46985: Upgrade pip wheel bundled with ensurepip (pip + 22.0.4) + - bpo-46968: faulthandler: On Linux 5.14 and newer, dynamically + determine size of signal handler stack size CPython allocates + using getauxval(AT_MINSIGSTKSZ). This changes allows for + Python extension’s request to Linux kernel to use AMX_TILE + instruction set on Sapphire Rapids Xeon processor to succeed, + unblocking use of the ISA in frameworks. + - bpo-46955: Expose asyncio.base_events.Server as + asyncio.Server. Patch by Stefan Zabka. + - bpo-23325: The signal module no longer assumes that SIG_IGN + and SIG_DFL are small int singletons. + - bpo-46932: Update bundled libexpat to 2.4.7 + - bpo-25707: Fixed a file leak in + xml.etree.ElementTree.iterparse() when the iterator is not + exhausted. Patch by Jacob Walls. + - bpo-44886: Inherit asyncio proactor datagram transport from + asyncio.DatagramTransport. + - bpo-46827: Support UDP sockets in asyncio.loop.sock_connect() + for selector-based event loops. Patch by Thomas Grainger. + - bpo-46811: Make test suite support Expat >=2.4.5 + - bpo-46252: Raise TypeError if ssl.SSLSocket is passed to + transport-based APIs. + - bpo-46784: Fix libexpat symbols collisions with user + dynamically loaded or statically linked libexpat in embedded + Python. + - bpo-39327: shutil.rmtree() can now work with VirtualBox + shared folders when running from the guest operating-system. + - bpo-46756: Fix a bug in + urllib.request.HTTPPasswordMgr.find_user_password() and + urllib.request.HTTPPasswordMgrWithPriorAuth.is_authenticated() + which allowed to bypass authorization. For example, access to + URI example.org/foobar was allowed if the user was authorized + for URI example.org/foo. + - bpo-46643: In typing.get_type_hints(), support evaluating + stringified ParamSpecArgs and ParamSpecKwargs annotations. + Patch by Gregory Beauregard. + - bpo-45863: When the tarfile module creates a pax format + archive, it will put an integer representation of timestamps + in the ustar header (if possible) for the benefit of older + unarchivers, in addition to the existing full-precision + timestamps in the pax extended header. + - bpo-46676: Make typing.ParamSpec args and kwargs equal to + themselves. Patch by Gregory Beauregard. + - bpo-46672: Fix NameError in asyncio.gather() when initial + type check fails. + - bpo-46655: In typing.get_type_hints(), support evaluating + bare stringified TypeAlias annotations. Patch by Gregory + Beauregard. + - bpo-45948: Fixed a discrepancy in the C implementation of the + xml.etree.ElementTree module. Now, instantiating an + xml.etree.ElementTree.XMLParser with a target=None keyword + provides a default xml.etree.ElementTree.TreeBuilder target + as the Python implementation does. + - bpo-46521: Fix a bug in the codeop module that was + incorrectly identifying invalid code involving string quotes + as valid code. + - bpo-46581: Brings ParamSpec propagation for GenericAlias in + line with Concatenate (and others). + - bpo-46591: Make the IDLE doc URL on the About IDLE dialog + clickable. + - bpo-46400: expat: Update libexpat from 2.4.1 to 2.4.4 + - bpo-46487: Add the get_write_buffer_limits method to + asyncio.transports.WriteTransport and to the SSL transport. + - bpo-45173: Note the configparser deprecations will be removed + in Python 3.12. + - bpo-46539: In typing.get_type_hints(), support evaluating + stringified ClassVar and Final annotations inside Annotated. + Patch by Gregory Beauregard. + - bpo-46491: Allow typing.Annotated to wrap typing.Final and + typing.ClassVar. Patch by Gregory Beauregard. + - bpo-46436: Fix command-line option -d/--directory in module + http.server which is ignored when combined with command-line + option --cgi. Patch by Géry Ogam. + - bpo-41403: Make mock.patch() raise a TypeError with + a relevant error message on invalid arg. Previously it + allowed a cryptic AttributeError to escape. + - bpo-46474: In importlib.metadata.EntryPoint.pattern, avoid + potential REDoS by limiting ambiguity in consecutive + whitespace. + - bpo-46469: asyncio generic classes now return + types.GenericAlias in __class_getitem__ instead of the same + class. + - bpo-46434: pdb now gracefully handles help when __doc__ is + missing, for example when run with pregenerated optimized + .pyc files. + - bpo-46333: The __eq__() and __hash__() methods of + typing.ForwardRef now honor the module parameter of + typing.ForwardRef. Forward references from different modules + are now differentiated. + - bpo-46246: Add missing __slots__ to + importlib.metadata.DeprecatedList. Patch by Arie Bovenberg. + - bpo-46266: Improve day constants in calendar. + - Now all constants (MONDAY … SUNDAY) are documented, tested, + and added to __all__. + - bpo-46232: The ssl module now handles certificates with bit + strings in DN correctly. + - bpo-43118: Fix a bug in inspect.signature() that was causing + it to fail on some subclasses of classes with + a __text_signature__ referencing module globals. Patch by + Weipeng Hong. + - bpo-26552: Fixed case where failing asyncio.ensure_future() + did not close the coroutine. Patch by Kumar Aditya. + - bpo-21987: Fix an issue with tarfile.TarFile.getmember() + getting a directory name with a trailing slash. + - bpo-20392: Fix inconsistency with uppercase file extensions + in MimeTypes.guess_type(). Patch by Kumar Aditya. + - bpo-46080: Fix exception in argparse help text generation if + a argparse.BooleanOptionalAction argument’s default is + argparse.SUPPRESS and it has help specified. Patch by Felix + Fontein. + - bpo-44439: Fix .write() method of a member file in ZipFile, + when the input data is an object that supports the buffer + protocol, the file length may be wrong. + - bpo-45703: When a namespace package is imported before + another module from the same namespace is created/installed + in a different sys.path location while the program is + running, calling the importlib.invalidate_caches() function + will now also guarantee the new module is noticed. + - bpo-24959: Fix bug where unittest sometimes drops frames from + tracebacks of exceptions raised in tests. + - bpo-44791: Fix substitution of ParamSpec in Concatenate with + different parameter expressions. Substitution with a list of + types returns now a tuple of types. Substitution with + Concatenate returns now a Concatenate with concatenated lists + of arguments. + - bpo-14156: argparse.FileType now supports an argument of ‘-’ + in binary mode, returning the .buffer attribute of + sys.stdin/sys.stdout as appropriate. Modes including ‘x’ and + ‘a’ are treated equivalently to ‘w’ when argument is ‘-’. + Patch contributed by Josh Rosenberg + - bpo-46463: Fixes escape4chm.py script used when building the + CHM documentation file + - bpo-46913: Fix test_faulthandler.test_sigfpe() if Python is + built with undefined behavior sanitizer (UBSAN): disable + UBSAN on the faulthandler_sigfpe() function. Patch by Victor + Stinner. + - bpo-46708: Prevent default asyncio event loop policy + modification warning after test_asyncio execution. + - bpo-46678: The function make_legacy_pyc in + Lib/test/support/import_helper.py no longer fails when + PYTHONPYCACHEPREFIX is set to a directory on a different + device from where tempfiles are stored. + - bpo-46616: Ensures test_importlib.test_windows cleans up + registry keys after completion. + - bpo-44359: test_ftplib now silently ignores socket errors to + prevent logging unhandled threading exceptions. Patch by + Victor Stinner. + - bpo-46542: Fix a Python crash in test_lib2to3 when using + Python built in debug mode: limit the recursion limit. Patch + by Victor Stinner. + - bpo-46576: test_peg_generator now disables compiler + optimization when testing compilation of its own C extensions + to significantly speed up the testing on non-debug builds of + CPython. + - bpo-46542: Fix test_json tests checking for RecursionError: + modify these tests to use support.infinite_recursion(). Patch + by Victor Stinner. + - bpo-13886: Skip test_builtin PTY tests on non-ASCII + characters if the readline module is loaded. The readline + module changes input() behavior, but test_builtin is not + intented to test the readline module. Patch by Victor + Stinner. + - bpo-38472: Fix GCC detection in setup.py when + cross-compiling. The C compiler is now run with LC_ALL=C. + Previously, the detection failed with a German locale. + - bpo-46513: configure no longer uses AC_C_CHAR_UNSIGNED macro + and pyconfig.h no longer defines reserved symbol + __CHAR_UNSIGNED__. + - bpo-45296: Clarify close, quit, and exit in IDLE. In the File + menu, ‘Close’ and ‘Exit’ are now ‘Close Window’ (the current + one) and ‘Exit’ is now ‘Exit IDLE’ (by closing all windows). + In Shell, ‘quit()’ and ‘exit()’ mean ‘close Shell’. If there + are no other windows, this also exits IDLE. + - bpo-45447: Apply IDLE syntax highlighting to pyi files. Patch + by Alex Waygood and Terry Jan Reedy. + - bpo-46433: The internal function _PyType_GetModuleByDef now + correctly handles inheritance patterns involving static + types. + - bpo-14916: Fixed bug in the tokenizer that prevented + PyRun_InteractiveOne from parsing from the provided FD. + +- Remove upstreamed patches: + - support-expat-245.patch + +------------------------------------------------------------------- +Tue Feb 22 05:53:06 UTC 2022 - Steve Kowalik + +- Add patch support-expat-245.patch: + * Support Expat >= 2.4.5 + +------------------------------------------------------------------- +Tue Feb 15 23:05:55 UTC 2022 - Matej Cepl + +- bsc#1195831 Obsolete older "most modern" versions of python + packages (python39 for python310 and so forth). For next + versions it is necessary just to edit the macro. + +------------------------------------------------------------------- +Tue Jan 25 16:09:25 UTC 2022 - Matej Cepl + +- Remove second superfluous BR rpm-build-python + +------------------------------------------------------------------- +Tue Jan 25 16:09:25 UTC 2022 - Matej Cepl + +- Remove second superfluous BR rpm-build-python +- Add fix_configure_rst.patch, which removes duplicate link + targets and make documentation with old Sphinx in SLE +- Skip test_capi (bsc#1195140 and bpo#37169) + +------------------------------------------------------------------- +Wed Jan 19 22:01:51 UTC 2022 - Matej Cepl + +- Update to 3.10.2: + Bugfix only + - bpo#46347 memory leak in PyEval_EvalCodeEx (especially + visible with Cython code) + - and many others + +------------------------------------------------------------------- +Wed Dec 8 13:07:25 UTC 2021 - Matej Cepl + +- Upgrade to 3.10.1 (jsc#SLE-18038): + - PEP 623 – Deprecate and prepare for the removal of the wstr + member in PyUnicodeObject. + - PEP 604 – Allow writing union types as X | Y + - PEP 612 – Parameter Specification Variables + - PEP 626 – Precise line numbers for debugging and other tools. + - PEP 618 – Add Optional Length-Checking To zip. + - bpo-12782: Parenthesized context managers are now officially + allowed. + - PEP 632 – Deprecate distutils module. + - PEP 613 – Explicit Type Aliases + - PEP 634 – Structural Pattern Matching: Specification + - PEP 635 – Structural Pattern Matching: Motivation and + Rationale + - PEP 636 – Structural Pattern Matching: Tutorial + - PEP 644 – Require OpenSSL 1.1.1 or newer + - PEP 624 – Remove Py_UNICODE encoder APIs + - PEP 597 – Add optional EncodingWarning +- Patches readjusted: + - bpo-31046_ensurepip_honours_prefix.patch + - python-3.3.0b1-fix_date_time_compiler.patch + +------------------------------------------------------------------- +Sat Dec 4 18:40:28 UTC 2021 - Matej Cepl + +- Remove pdb_adjust_breakpoints.patch and instead just adjust location + of the test breakpoint in Lib/test/test_pdb.py via sed, because we + have shortened Lib/pdb.py by removing the shebang (bpo#45964). + +------------------------------------------------------------------- +Thu Dec 2 13:51:57 UTC 2021 - Matej Cepl + +- Add pdb_adjust_breakpoints.patch fixing expectd results in + test_pdb_breakpoints_preserved_across_interactive_sessions + (bpo#45964). + +------------------------------------------------------------------- +Mon Nov 29 00:17:07 UTC 2021 - Matej Cepl + +- Remove shebangs from from python-base libraries in _libdir + (bsc#1193179). +- Readjust patches: + - bpo-31046_ensurepip_honours_prefix.patch + - decimal.patch + - python-3.3.0b1-fix_date_time_compiler.patch + +------------------------------------------------------------------- +Tue Nov 16 16:03:43 UTC 2021 - Matej Cepl + +- Move rpm-build-python construct to correct place. + +------------------------------------------------------------------- +Wed Oct 13 08:52:47 UTC 2021 - Dominique Leuenberger + +- BuildRequire rpm-build-python: The provider to inject python(abi) + has been moved there. rpm-build pulls rpm-build-python + automatically in when building anything against python3-base, but + this implies that the initial build of python3-base does not + trigger the automatic installation. + +------------------------------------------------------------------- +Tue Oct 5 22:36:51 UTC 2021 - Matej Cepl + +- Final release of 3.10.0: + Complete list on https://www.python.org/downloads/release/python-3100/, + but highlights are: + - PEP 623 – Deprecate and prepare for the removal of the wstr + member in PyUnicodeObject. + - PEP 604 – Allow writing union types as X | Y + - PEP 612 – Parameter Specification Variables + - PEP 626 – Precise line numbers for debugging and other + tools. + - PEP 618 – Add Optional Length-Checking To zip. + - PEP 632 – Deprecate distutils module. + - PEP 613 – Explicit Type Aliases + - PEP 634 – Structural Pattern Matching: Specification + - PEP 635 – Structural Pattern Matching: Motivation and + Rationale + - PEP 636 – Structural Pattern Matching: Tutorial + - PEP 644 – Require OpenSSL 1.1.1 or newer + - PEP 624 – Remove Py_UNICODE encoder APIs + - PEP 597 – Add optional EncodingWarning + - bpo-12782: Parenthesized context managers are now officially + allowed. + +------------------------------------------------------------------- +Mon Aug 30 12:48:25 UTC 2021 - Matej Cepl + +- Switch on option --with-system-libmpdec (bsc#1189356). + +------------------------------------------------------------------- +Fri Aug 27 13:15:03 UTC 2021 - Andreas Schwab + +- Reenable profileopt with qemu emulation, test_faulthandler is no longer + run during profiling + +------------------------------------------------------------------- +Thu Aug 12 15:11:39 UTC 2021 - Andreas Schwab + +- test_faulthandler is still problematic under qemu linux-user emulation, + disable it there + +------------------------------------------------------------------- +Wed Aug 11 05:57:11 UTC 2021 - Matej Cepl + +- Update to 3.10.0rc1 (the penultimate prerelease), which contains + plenty of small bugfixes among others: + - bpo#38605: from __future__ import annotations (PEP 563) used to be + on this list in previous pre-releases but it has been postponed to + Python 3.11 due to some compatibility concerns. + - bpo-44600: Fix incorrect line numbers while tracing some failed + patterns in match statements. Patch by Charles Burkland. + - plenty of modifications in types.Union + +------------------------------------------------------------------- +Wed Jul 21 13:44:48 UTC 2021 - Matej Cepl + +- Update to 3.10.0b4: + https://docs.python.org/3.10/whatsnew/changelog.html#python-3-10-0-beta-4 +- Remove python3-imp-returntype.patch which has been upstreamed. + +------------------------------------------------------------------- +Mon Jun 7 15:52:44 UTC 2021 - Matej Cepl + +- Update to 3.10.0b2: + - PEP 623 -- Deprecate and prepare for the removal of the wstr + member in PyUnicodeObject. + - PEP 604 -- Allow writing union types as X | Y + - PEP 612 -- Parameter Specification Variables + - PEP 626 -- Precise line numbers for debugging and other + tools. + - PEP 618 -- Add Optional Length-Checking To zip. + - bpo-12782: Parenthesized context managers are now officially + allowed. + - PEP 632 -- Deprecate distutils module. + - PEP 613 -- Explicit Type Aliases + - PEP 634 -- Structural Pattern Matching: Specification + - PEP 635 -- Structural Pattern Matching: Motivation and + Rationale + - PEP 636 -- Structural Pattern Matching: Tutorial + - PEP 644 -- Require OpenSSL 1.1.1 or newer + - PEP 624 -- Remove Py_UNICODE encoder APIs + - PEP 597 -- Add optional EncodingWarning +- Removed patches (assumed upstream): + - sphinx-update-removed-function.patch + +------------------------------------------------------------------- +Sat Jun 5 21:21:38 UTC 2021 - Matej Cepl + +- Revert previous skip over test_capi +- Add skip-test_pyobject_freed_is_freed.patch to skip failing + test on SLE-15. + +------------------------------------------------------------------- +Fri Jun 4 21:36:30 UTC 2021 - Dirk Müller + +- allow build with Sphinx >= 3.x + +------------------------------------------------------------------- +Wed Jun 2 13:12:04 UTC 2021 - Dan Čermák + +- Exclude test_capi on Leap (test fails there) + +------------------------------------------------------------------- +Fri May 21 15:13:59 UTC 2021 - Matej Cepl + +- Stop providing "python" symbol (bsc#1185588), which means + python2 currently. + +------------------------------------------------------------------- +Wed May 5 15:16:58 UTC 2021 - Matej Cepl + +- Update to 3.9.5: + * Security + - bpo-43434: Creating a sqlite3.Connection object now also + produces a sqlite3.connect auditing event. Previously this + event was only produced by sqlite3.connect() calls. Patch + by Erlend E. Aasland. + - bpo-43882: The presence of newline or tab characters in + parts of a URL could allow some forms of attacks. + - Following the controlling specification for URLs defined by + WHATWG urllib.parse() now removes ASCII newlines and tabs + from URLs, preventing such attacks. + - bpo-43472: Ensures interpreter-level audit hooks receive + the cpython.PyInterpreterState_New event when called + through the _xxsubinterpreters module. + - bpo-36384: ipaddress module no longer accepts any leading + zeros in IPv4 address strings. Leading zeros are ambiguous + and interpreted as octal notation by some libraries. For + example the legacy function socket.inet_aton() treats + leading zeros as octal notatation. glibc implementation of + modern inet_pton() does not accept any leading zeros. For + a while the ipaddress module used to accept ambiguous + leading zeros. + - bpo-43075: Fix Regular Expression Denial of Service (ReDoS) + vulnerability in urllib.request.AbstractBasicAuthHandler. + The ReDoS-vulnerable regex has quadratic worst-case + complexity and it allows cause a denial of service when + identifying crafted invalid RFCs. This ReDoS issue is on + the client side and needs remote attackers to control the + HTTP server. + - bpo-42800: Audit hooks are now fired for frame.f_code, + traceback.tb_frame, and generator code/frame attribute + access. + * Core and Builtins + - bpo-43105: Importlib now resolves relative paths when + creating module spec objects from file locations. + - bpo-42924: Fix bytearray repetition incorrectly copying + data from the start of the buffer, even if the data is + offset within the buffer (e.g. after reassigning a slice at + the start of the bytearray to a shorter byte string). + * Library + - bpo-43993: Update bundled pip to 21.1.1. + - bpo-43937: Fixed the turtle module working with non-default + root window. + - bpo-43930: Update bundled pip to 21.1 and setuptools to + 56.0.0 + - bpo-43920: OpenSSL 3.0.0: load_verify_locations() now + returns a consistent error message when cadata contains no + valid certificate. + - bpo-43607: urllib can now convert Windows paths with \\?\ + prefixes into URL paths. + - bpo-43284: platform.win32_ver derives the windows version + from sys.getwindowsversion().platform_version which in turn + derives the version from kernel32.dll (which can be of + a different version than Windows itself). Therefore change + the platform.win32_ver to determine the version using the + platform module’s _syscmd_ver private function to return an + accurate version. + - bpo-42248: [Enum] ensure exceptions raised in _missing__ + are released + - bpo-43799: OpenSSL 3.0.0: define OPENSSL_API_COMPAT 1.1.1 + to suppress deprecation warnings. Python requires OpenSSL + 1.1.1 APIs. + - bpo-43794: Add ssl.OP_IGNORE_UNEXPECTED_EOF constants + (OpenSSL 3.0.0) + - bpo-43789: OpenSSL 3.0.0: Don’t call the password callback + function a second time when first call has signaled an + error condition. + - bpo-43788: The header files for ssl error codes are now + OpenSSL version-specific. Exceptions will now show correct + reason and library codes. The make_ssl_data.py script has + been rewritten to use OpenSSL’s text file with error codes. + - bpo-43655: tkinter dialog windows are now recognized as + dialogs by window managers on macOS and X Window. + - bpo-43534: turtle.textinput() and turtle.numinput() create + now a transient window working on behalf of the canvas + window. + - bpo-43522: Fix problem with hostname_checks_common_name. + OpenSSL does not copy hostflags from struct SSL_CTX to + struct SSL. + - bpo-42967: Allow bytes separator argument in + urllib.parse.parse_qs and urllib.parse.parse_qsl when + parsing str query strings. Previously, this raised + a TypeError. + - bpo-43176: Fixed processing of a dataclass that inherits + from a frozen dataclass with no fields. It is now correctly + detected as an error. + - bpo-41735: Fix thread locks in zlib module may go wrong in + rare case. Patch by Ma Lin. + - bpo-36470: Fix dataclasses with InitVars and replace(). + Patch by Claudiu Popa. + - bpo-32745: Fix a regression in the handling of ctypes’ + ctypes.c_wchar_p type: embedded null characters would cause + a ValueError to be raised. Patch by Zackery Spytz. + * Documentation + - bpo-43959: The documentation on the PyContextVar C-API was + clarified. + - bpo-43938: Update dataclasses documentation to express that + FrozenInstanceError is derived from AttributeError. + - bpo-43755: Update documentation to reflect that + unparenthesized lambda expressions can no longer be the + expression part in an if clause in comprehensions and + generator expressions since Python 3.9. + - bpo-43739: Fixing the example code in + Doc/extending/extending.rst to declare and initialize the + pmodule variable to be of the right type. + * Tests + - bpo-43961: Fix + test_logging.test_namer_rotator_inheritance() on Windows: + use os.replace() rather than os.rename(). Patch by Victor + Stinner. + - bpo-43842: Fix a race condition in the SMTP test of + test_logging. Don’t close a file descriptor (socket) from + a different thread while asyncore.loop() is polling the + file descriptor. Patch by Victor Stinner. + - bpo-43811: Tests multiple OpenSSL versions on GitHub + Actions. Use ccache to speed up testing. + - bpo-43791: OpenSSL 3.0.0: Disable testing of legacy + protocols TLS 1.0 and 1.1. Tests are failing with + TLSV1_ALERT_INTERNAL_ERROR. +- Refreshed patches: + - bpo-31046_ensurepip_honours_prefix.patch + - python-3.3.0b1-fix_date_time_compiler.patch +- Add vendorized files from bluez-devel to enable building support for + Bluetooth. + +------------------------------------------------------------------- +Sun May 2 09:20:06 UTC 2021 - Ben Greiner + +- Make sure to close the import_failed.map file after the exception + has been raised in order to avoid ResourceWarnings when the + failing import is part of a try...except block. + +------------------------------------------------------------------- +Wed Apr 28 16:39:54 UTC 2021 - Matej Cepl + +- Update to 3.9.4: + - bpo#43710: Reverted the fix for https://bugs.python.org/issue42500 + as it changed the PyThreadState struct size and broke the 3.9.x ABI + in the 3.9.3 release (visible on 32-bit platforms using binaries + compiled using an earlier version of Python 3.9.x headers). + - bpo#26053: Fixed bug where the pdb interactive run command echoed + the args from the shell command line, even if those have been + overridden at the pdb prompt. + - bpo#42988 (bsc#1183374) CVE-2021-3426: Remove the getfile + feature of the pydoc module which could be abused to read + arbitrary files on the disk (directory traversal + vulnerability). Moreover, even source code of Python modules + can contain sensitive data like passwords. Vulnerability + reported by David Schwörer. + - bpo#43285: ftplib no longer trusts the IP address value + returned from the server in response to the PASV command by + default. This prevents a malicious FTP server from using the + response to probe IPv4 address and port combinations on the + client network. Code that requires the former vulnerable + behavior may set a trust_server_pasv_ipv4_address attribute + on their ftplib.FTP instances to True to re-enable it. + - bpo#43439: Add audit hooks for gc.get_objects(), + gc.get_referrers() and gc.get_referents(). Patch by Pablo + Galindo. + - bpo#43660: Fix crash that happens when replacing sys.stderr + with a callable that can remove the object while an exception + is being printed. Patch by Pablo Galindo. + - bpo#43555: Report the column offset for SyntaxError for + invalid line continuation characters. Patch by Pablo Galindo. + - bpo#43517: Fix misdetection of circular imports when using + from pkg.mod import attr, which caused false positives in + non-trivial multi-threaded code. + - bpo#35883: Python no longer fails at startup with a fatal + error if a command line argument contains an invalid Unicode + character. The Py_DecodeLocale() function now escapes byte + sequences which would be decoded as Unicode characters + outside the [U+0000; U+10ffff] range. + - bpo#43406: Fix a possible race condition where + PyErr_CheckSignals tries to execute a non-Python signal + handler. + - bpo#42500: Improve handling of exceptions near recursion + limit. Converts a number of Fatal Errors in RecursionErrors. + - bpo#43433: xmlrpc.client.ServerProxy no longer ignores query + and fragment in the URL of the server. + - bpo#35930: Raising an exception raised in a “future” instance + will create reference cycles. + - bpo#43577: Fix deadlock when using ssl.SSLContext debug + callback with ssl.SSLContext.sni_callback(). + - bpo#43521: ast.unparse can now render NaNs and empty sets. + - bpo#43423: subprocess.communicate() no longer raises an + IndexError when there is an empty stdout or stderr IO buffer + during a timeout on Windows. + - bpo#27820: Fixed long-standing bug of smtplib.SMTP where + doing AUTH LOGIN with initial_response_ok=False will fail. + The cause is that SMTP.auth_login _always_ returns a password + if provided with a challenge string, thus non-compliant with + the standard for AUTH LOGIN. Also fixes bug with the test for + smtpd. + - bpo#43332: Improves the networking efficiency of http.client + when using a proxy via set_tunnel(). Fewer small send calls + are made during connection setup. + - bpo#43399: Fix ElementTree.extend not working on iterators + when using the Python implementation + - bpo#43316: The python -m gzip command line application now + properly fails when detecting an unsupported extension. It + exits with a non-zero exit code and prints an error message + to stderr. + - bpo#43260: Fix TextIOWrapper can not flush internal buffer + forever after very large text is written. + - bpo#42782: Fail fast in shutil.move() to avoid creating + destination directories on failure. + - bpo#37193: Fixed memory leak in socketserver.ThreadingMixIn + introduced in Python 3.7. + - bpo#43199: Answer “Why is there no goto?” in the Design and + History FAQ. + - bpo#43407: Clarified that a result from time.monotonic(), + time.perf_counter(), time.process_time(), or + time.thread_time() can be compared with the result from any + following call to the same function - not just the next + immediate call. + - bpo#27646: Clarify that ‘yield from ’ works with any + iterable, not just iterators. + - bpo#36346: Update some deprecated unicode APIs which are + documented as “will be removed in 4.0” to “3.12”. See PEP 623 + for detail. + - bpo#37945: Fix test_getsetlocale_issue1813() of test_locale: + skip the test if setlocale() fails. Patch by Victor Stinner. + - bpo#41561: Add workaround for Ubuntu’s custom OpenSSL + security level policy. + - bpo#43288: Fix test_importlib to correctly skip Unicode file + tests if the fileystem does not support them. + - bpo#43617: Improve configure.ac: Check for presence of + autoconf-archive package and remove our copies of M4 macros. + - bpo#42225: Document that IDLE can fail on Unix either from + misconfigured IP masquerage rules or failure displaying + complex colored (non-ascii) characters. + - bpo#43283: Document why printing to IDLE’s Shell is often + slower than printing to a system terminal and that it can be + made faster by pre-formatting a single string before + printing. + +------------------------------------------------------------------- +Fri Feb 19 16:58:38 UTC 2021 - Matej Cepl + +- Update to 3.9.2: + - bpo#42938 (bsc#1181126): Avoid static buffers when computing + the repr of ctypes.c_double and ctypes.c_longdouble + values. This issue was assigned CVE-2021-3177. + - bpo#42967 (bsc#1182379): Fix web cache poisoning + vulnerability by defaulting the query args separator to &, + and allowing the user to choose a custom separator. This + issue was assigned CVE-2021-23336. +- Upstreamed patches were removed: + - CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch + - bsc1167501-invalid-alignment.patch + - skip_random_failing_tests.patch + - CVE-2019-5010-null-defer-x509-cert-DOS.patch + +------------------------------------------------------------------- +Tue Feb 9 01:37:59 UTC 2021 - Steve Kowalik + +- Add Obsoletes for python3-base when primary interpreter is set to + properly replace it during upgrades. (bsc#1181324) + +------------------------------------------------------------------- +Mon Feb 8 22:02:03 UTC 2021 - Matej Cepl + +- Update to 3.9.1: + Security bugs: + - Prevented potential DoS attack via CPU and RAM exhaustion + when processing malformed Apple Property List files in binary + format. + - The plistlib module no longer accepts entity declarations in + XML plist files to avoid XML vulnerabilities. This should not + affect users as entity declarations are not used in regular + plist files. + - Add volatile to the accumulator variable in + hmac.compare_digest, making constant-time-defeating + optimizations less likely. + Core and Builtins + - Allow assignment expressions in set literals and set + comprehensions as per PEP 572. Patch by Pablo Galindo. + - Fix a regression introduced by the new parser, where an + unparenthesized walrus operator was not allowed within + generator expressions. + - types.GenericAlias objects can now be the targets of + weakrefs. + - Fixed a bug in the PEG parser that was causing crashes in + debug mode. Now errors are checked in left-recursive rules to + avoid cases where such errors do not get handled in time and + appear as long-distance crashes in other places. + - Fixed a possible crash in the PEG parser when checking for + the ‘!=’ token in the barry_as_flufl rule. Patch by Pablo + Galindo. + - Fix handling of errors during creation of PyFunctionObject, + which resulted in operations on uninitialized memory. Patch + by Yonatan Goldschmidt. + - Fix a bug in the parser, where a curly brace following + a primary didn’t fail immediately. This led to invalid + expressions like a {b} to throw a SyntaxError with a wrong + offset, or invalid expressions ending with a curly brace like + a { to not fail immediately in the REPL. + - Fix possible buffer overflow in the new parser when checking + for continuation lines. Patch by Pablo Galindo. + - Run the parser two times. On the first run, disable all the + rules that only generate better error messages to gain + performance. If there’s a parse failure, run the parser + a second time with those enabled. + - Document the default implementation of object.__eq__. + - Fix peephole optimizer misoptimize conditional jump + + JUMP_IF_NOT_EXC_MATCH pair. + - The garbage collector now tracks all user-defined classes. + Patch by Brandt Bucher. + - Fixed potential issues with removing not completely + initialized module from sys.modules when import fails. + - Star-unpacking is now allowed for with item’s targets in the + PEG parser. + - Fixed stack overflow in issubclass() and isinstance() when + getting the __bases__ attribute leads to infinite recursion. + - When loading a native module and a load failure occurs, + prevent a possible UnicodeDecodeError when not running in + a UTF-8 locale by decoding the load error message using the + current locale’s encoding. + - Correctly count control blocks in ‘except’ in compiler. + Ensures that a syntax error, rather a fatal error, occurs for + deeply nested, named exception handlers. + Library + - types.GenericAlias will now raise a TypeError when attempting + to initialize with a keyword argument. Previously, this would + cause the interpreter to crash if the interpreter was + compiled with debug symbols. This does not affect + interpreters compiled for release. Patch by Ken Jin. + - CGIHTTPRequestHandler.run_cgi() HTTP_ACCEPT improperly + parsed. Replace the special purpose getallmatchingheaders + with generic get_all method and add relevant tests. + - inspect.findsource() now raises OSError instead of IndexError + when co_lineno of a code object is greater than the file + length. This can happen, for example, when a file is edited + after it was imported. PR by Irit Katriel. + - Fix handling of trailing comments by inspect.getsource(). + - ChainMap.__iter__ no longer calls __getitem__ on underlying + maps + - TracebackException no longer holds a reference to the + exception’s traceback object. Consequently, instances of + TracebackException for equivalent but non-equal exceptions + now compare as equal. + - We fixed an issue in pickle.whichmodule in which importing + multiprocessing could change the how pickle identifies which + module an object belongs to, potentially breaking the + unpickling of those objects. + - Clarify the error message for asyncio.IncompleteReadError + when expected is None. + - Extracting a symlink from a tarball should succeed and + overwrite the symlink if it already exists. The fix is to + remove the existing file or symlink before extraction. Based + on patch by Chris AtLee, Jeffrey Kintscher, and Senthil + Kumaran. + - Fixed tkinter.ttk.Style.map(). The function accepts now the + representation of the default state as empty sequence (as + returned by Style.map()). The structure of the result is now + the same on all platform and does not depend on the value of + wantobjects. + - Fix various issues with typing.Literal parameter handling + (flatten, deduplicate, use type to cache key). Patch provided + by Yurii Karabas. + - Fix the threading.Thread class at fork: do nothing if the + thread is already stopped (ex: fork called at Python exit). + Previously, an error was logged in the child process. + - The onerror callback from shutil.rmtree now receives correct + function when os.open fails. + - Fix os.sendfile() on illumos. + - Fixed writing binary Plist files larger than 4 GiB. + - The repr() of typing types containing Generic Alias Types + previously did not show the parameterized types in the + GenericAlias. They have now been changed to do so. + - webbrowser: Ignore NotADirectoryError when calling + xdg-settings. + - binhex.binhex() consisently writes macOS 9 line endings. + - Fix a stack overflow error for asyncio Task or Future repr(). + - The overflow occurs under some circumstances when a Task or + Future recursively returns itself. + - Fix memory leak in subprocess.Popen() in case an uid (gid) + specified in user (group, extra_groups) overflows uid_t + (gid_t). + - Improve asyncio.wait function to create the futures set just + one time. + - InvalidFileException and RecursionError are now the only + errors caused by loading malformed binary Plist file + (previously ValueError and TypeError could be raised in some + specific cases). + - Pickling heap types implemented in C with protocols 0 and + 1 raises now an error instead of producing incorrect data. + - plistlib: fix parsing XML plists with hexadecimal integer + values + - Fix an incorrectly formatted error from + _codecs.charmap_decode() when called with a mapped value + outside the range of valid Unicode code points. PR by Max + Bernstein. + - Fix pickling pure Python datetime.time subclasses. Patch by + Dean Inwood. + - Fixed a bug that was causing ctypes.util.find_library() to + return None when triying to locate a library in an + environment when gcc>=9 is available and ldconfig is not. + Patch by Pablo Galindo + - C14N 2.0 serialisation in xml.etree.ElementTree failed for + unprefixed attributes when a default namespace was defined. + - Fix a bug in the symtable module that was causing + module-scope global variables to not be reported as both + local and global. Patch by Pablo Galindo. + - str() for the type attribute of the tkinter.Event object + always returns now the numeric code returned by Tk instead of + the name of the event type. + - fix tkinter.EventType Enum so all members are strings, and + none are tuples + - Fix SQLite3 segfault when backing up closed database. Patch + contributed by Peter David McCormick. + - Fix the tarfile module to write only basename of TAR file to + GZIP compression header. + - Allow ctypes.wintypes to be imported on non-Windows systems. + - shutil.which() now ignores empty entries in PATHEXT instead + of treating them as a match. + - Fix time-of-check/time-of-action issue in + subprocess.Popen.send_signal. + - Fix --outfile for cProfile / profile not writing the output + file in the original directory when the program being + profiled changes the working directory. PR by Anthony + Sottile. + - ZipFile truncates files to avoid corruption when a shorter + comment is provided in append (“a”) mode. Patch by Jan Mazur. + - Fixed KeyError exception when flattening an email to a string + attempts to replace a non-existent Content-Transfer-Encoding + header. + Documentation + - Fix the URL for the IMAP protocol documents. + - Document __format__ functionality for IP addresses. + - Clarify that subscription expressions are also valid for + certain classes and types in the standard library, and for + user-defined classes and types if the classmethod + __class_getitem__() is provided. + - Documented generic alias type and types.GenericAlias. Also + added an entry in glossary for generic types. + - In Programming FAQ “Sequences (Tuples/Lists)” section, add + “How do you remove multiple items from a list”. + - Fix RemovedInSphinx40Warning when building the documentation. + Patch by Dong-hee Na. + - Update the refcounts info of PyType_FromModuleAndSpec. + - Fix tarfile’s extractfile documentation + - Document some restrictions on the default string + representations of numeric classes. + Tests + - Reenable test_gdb on gdb 9.2 and newer: + https://bugzilla.redhat.com/show_bug.cgi?id=1866884 bug is + fixed in gdb 10.1. + - Fix test_asyncio.test_call_later() race condition: don’t + measure asyncio performance in the call_later() unit test. + The test failed randomly on the CI. + - Include _testinternalcapi module in Windows installer for + test suite + - Fix test_logging.test_race_between_set_target_and_flush(): + the test now waits until all threads complete to avoid + leaking running threads. + - Avoid a test failure in test_lib2to3 if the module has + already imported at the time the test executes. Patch by + Pablo Galindo. + - Tests for CJK codecs no longer call eval() on content + received via HTTP. + - Fix test_site.test_license_exists_at_url(): call + urllib.request.urlcleanup() to reset the global + urllib.request._opener. Patch by Victor Stinner. + - test_ssl: skip test_min_max_version_mismatch when TLS 1.0 is + not available + - Add tests for SIGINT handling in the runpy module. + - Fixed a failure in test_tk.test_widgets.ScaleTest happening + when executing the test with Tk 8.6.10. + Build + - Fix a race condition in “make regen-all” when make -jN option + is used to run jobs in parallel. The clinic.py script now + only use atomic write to write files. Moveover, generated + files are now left unchanged if the content does not change, + to not change the file modification time. + - Update Py_UNREACHABLE to use __builtin_unreachable() if only + the compiler is able to use it. Patch by Dong-hee Na. + - Addressed three compiler warnings found by undefined behavior + sanitizer (ubsan). + IDLE + - Fix reporting offset of the RE error in searchengine. + - Get docstrings for IDLE calltips more often by using + inspect.getdoc. + - Mostly finish using ttk widgets, mainly for editor, settings, + and searches. Some patches by Mark Roseman. + - Use ‘IDLE Shell’ as shell title + - Rewrite the Calltips doc section. + - In calltips, stop reminding that ‘/’ marks the end of + positional-only arguments. + - Typing opening and closing parentheses inside the parentheses + of a function call will no longer cause unnecessary + “flashing” off and on of an existing open call-tip, e.g. when + typed in a string literal. + C API + - Fix potential crash in deallocating method objects when + dynamically allocated PyMethodDef’s lifetime is managed + through the self argument of a PyCFunction. + - Py_FileSystemDefaultEncodeErrors and Py_UTF8Mode are + available again in limited API. +- Readjustet and reapplied patches: + - CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch + - bpo-31046_ensurepip_honours_prefix.patch + - python-3.3.0b1-fix_date_time_compiler.patch + - skip_random_failing_tests.patch + - sphinx-update-removed-function.patch + +------------------------------------------------------------------- +Fri Jan 29 17:22:48 UTC 2021 - Matej Cepl + +- Add CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch fixing + bsc#1181126 (CVE-2021-3177) buffer overflow in PyCArg_repr in + _ctypes/callproc.c, which may lead to remote code execution. + +------------------------------------------------------------------- +Tue Jan 5 09:15:36 UTC 2021 - Matej Cepl + +- (bsc#1180125) We really don't Require python-rpm-macros package. + Unnecessary dependency. + +------------------------------------------------------------------- +Wed Dec 16 16:08:42 UTC 2020 - Matej Cepl + +- Make python39-doc building again +- Add no-skipif-doctests.patch, because SLE-15 version of Sphinx + doesn't know about skipif directive in doctests. + +------------------------------------------------------------------- +Sat Dec 12 14:29:33 UTC 2020 - Matej Cepl + +- Update sphinx-update-removed-function.patch patch to the latest + version in python36. + +------------------------------------------------------------------- +Thu Dec 10 00:26:51 UTC 2020 - Benjamin Greiner + +- Last try before this results in an editwar: + * remove importlib_resources and importlib-metadata + provides/obsoletes + * import importlib_resources is not the same as + import importlib.resources, same for metadata + * The backport packages from PyPI needed for older flavors are + specified as such for setuptools or in pyproject.toml. If a + package requires them they typically add them with a python + version qualifier and the packages have their own version + numbers. + +------------------------------------------------------------------- +Sat Dec 5 16:55:12 UTC 2020 - Matej Cepl + +- Add patch sphinx-update-removed-function.patch to no longer call + a now removed function and to make documentation build independent of + the Sphinx version (bsc#1179630, gh#python/cpython#13236). + +------------------------------------------------------------------- +Fri Nov 13 17:20:08 UTC 2020 - Matej Cepl + +- Don't require packages which break build on SLE-15 although we really + don't need them (python3-python-docs-theme and + python3-sphinxcontrib-qthelp). + +------------------------------------------------------------------- +Fri Oct 9 16:05:50 UTC 2020 - Dominique Leuenberger + +- Fix build with RPM 4.16: error: bare words are no longer + supported, please use "...": x86 == ppc. + +------------------------------------------------------------------- +Tue Oct 6 07:30:56 UTC 2020 - Matej Cepl + +- Update to the final version 3.9.0: + Complete changelog with all (many) + changes from previous version is on + https://docs.python.org/release/3.9.0/whatsnew/3.9.html + Changes from the previous RC versions (not that many) are on + https://docs.python.org/release/3.9.0/whatsnew/changelog.html#changelog + +------------------------------------------------------------------- +Fri Sep 25 06:58:03 UTC 2020 - Dominique Leuenberger + +- Buildrequire timezone only for general flavor. It's used in this + flavor for the test suite. + +------------------------------------------------------------------- +Wed Sep 2 14:39:44 UTC 2020 - Matej Cepl + +- Update to 3.9.0rc1: + * Core and Builtins + - bpo-38156: Handle interrupts that come after EOF + correctly in PyOS_StdioReadline. + * Library + - bpo-41497: Fix potential UnicodeDecodeError in dis + module. + - bpo-41490: Update ensurepip to install pip 20.2.1 and + setuptools 49.2.1. + - bpo-41467: On Windows, fix asyncio recv_into() return + value when the socket/pipe is closed (BrokenPipeError): + return 0 rather than an empty byte string (b''). + - bpo-41425: Make tkinter doc example runnable. + - bpo-41384: Raise TclError instead of TypeError when an + unknown option is passed to tkinter.OptionMenu. + - bpo-38731: Fix NameError in command-line interface of + py_compile. + - bpo-41317: Use add_done_callback() in + asyncio.loop.sock_accept() to unsubscribe reader early on + cancellation. + - bpo-41364: Reduce import overhead of uuid. + - bpo-41341: Recursive evaluation of typing.ForwardRef in + get_type_hints. + - bpo-41182: selector: use DefaultSelector based upon + implementation + - bpo-40726: Handle cases where the end_lineno is None on + ast.increment_lineno(). + * Documentation + - bpo-41045: Add documentation for debug feature of + f-strings. + - bpo-41314: Changed the release when from __future__ + import annotations becomes the default from 4.0 to 3.10 + (following a change in PEP 563). + * Windows + - bpo-41492: Fixes the description that appears in UAC + prompts. + - bpo-40948: Improve post-install message to direct people + to the “py” command. + - bpo-41412: The installer will now fail to install on + Windows 7 and Windows 8. Further, the UCRT dependency is + now always downloaded on demand. + - bpo-40741: Update Windows release to include SQLite + 3.32.3. + * IDLE + - bpo-41468: Improve IDLE run crash error message (which + users should never see). + - bpo-41373: Save files loaded with no line ending, as when + blank, or different line endings, by setting its line + ending to the system default. Fix regression in 3.8.4 and + 3.9.0b4. + +------------------------------------------------------------------- +Tue Sep 1 10:15:06 UTC 2020 - Matej Cepl + +- Synchronize formatting and fixes with python38. + +------------------------------------------------------------------- +Thu Aug 20 15:41:28 UTC 2020 - Andreas Schwab + +- Increase testsuite timeout to account for super long running + test_peg_generator + +------------------------------------------------------------------- +Tue Jul 21 09:53:06 UTC 2020 - Callum Farmer + +- Removed CVE-2019-20907_tarfile-inf-loop.patch: fixed in upstream +- Removed recursion.tar: contained in upstream +- Update to 3.9.0b5: + - bpo-41304: Fixes python3x._pth being ignored on Windows, caused + by the fix for bpo-29778 (CVE-2020-15801). + - bpo-41162: Audit hooks are now cleared later during + finalization to avoid missing events. + - bpo-29778: Ensure python3.dll is loaded from correct locations + when Python is embedded (CVE-2020-15523). + - bpo-39603: Prevent http header injection by rejecting control + characters in http.client.putrequest(…). + - bpo-41295: Resolve a regression in CPython 3.8.4 where defining + “__setattr__” in a multi-inheritance setup and + calling up the hierarchy chain could fail if builtins/extension + types were involved in the base types. + - bpo-41247: Always cache the running loop holder when running + asyncio.set_running_loop. + - bpo-41252: Fix incorrect refcounting in + _ssl.c’s _servername_callback(). + - bpo-41215: Use non-NULL default values in the PEG parser + keyword list to overcome a bug that was ' + preventing Python from being properly compiled when using the + XLC compiler. Patch by Pablo Galindo. + - bpo-41218: Python 3.8.3 had a regression where compiling with + ast.PyCF_ALLOW_TOP_LEVEL_AWAIT would + aggressively mark list comprehension with CO_COROUTINE. Now only + list comprehension making use of async/await will tagged as so. + - bpo-41175: Guard against a NULL pointer dereference within + bytearrayobject triggered by the bytearray() + bytearray() operation. + - bpo-39960: The “hackcheck” that prevents sneaking around a type’s + __setattr__() by calling the superclass method was + rewritten to allow C implemented heap types. + - bpo-41288: Unpickling invalid NEWOBJ_EX opcode with the + C implementation raises now UnpicklingError instead of crashing. + - bpo-39017: Avoid infinite loop when reading specially crafted + TAR files using the tarfile module (CVE-2019-20907, bsc#1174091). + - bpo-41235: Fix the error handling in ssl.SSLContext.load_dh_params(). + - bpo-41207: In distutils.spawn, restore expectation that + DistutilsExecError is raised when the command is not found. + - bpo-39168: Remove the __new__ method of typing.Generic. + - bpo-41194: Fix a crash in the _ast module: it can no longer be + loaded more than once. It now uses a global state rather than a module state. + - bpo-39384: Fixed email.contentmanager to allow set_content() to set a + null string. + - bpo-41300: Save files with non-ascii chars. + Fix regression released in 3.9.0b4 and 3.8.4. + - bpo-37765: Add keywords to module name completion list. + Rewrite Completions section of IDLE doc. + - bpo-40170: Revert PyType_HasFeature() change: it reads + again directly the PyTypeObject.tp_flags + member when the limited C API is not used, rather than always calling + PyType_GetFlags() which hides implementation details. + +------------------------------------------------------------------- +Mon Jul 20 12:06:41 UTC 2020 - Matej Cepl + +- Add CVE-2019-20907_tarfile-inf-loop.patch fixing bsc#1174091 + (CVE-2019-20907, bpo#39017) avoiding possible infinite loop + in specifically crafted tarball. + Add recursion.tar as a testing tarball for the patch. + +------------------------------------------------------------------- +Fri Jul 17 07:07:19 UTC 2020 - Callum Farmer + +- Changed bpo-31046_ensurepip_honours_prefix.patch to include fix from py3.8 + +------------------------------------------------------------------- +Thu Jul 16 21:45:50 UTC 2020 - Callum Farmer + +- Spec file fixes +- Re-added subprocess-raise-timeout.patch: now compatible +- Removed bpo34022-stop_hash-based_invalidation_w_SOURCE_DATE_EPOCH.patch: contained in upstream + +------------------------------------------------------------------- +Wed Jul 15 09:10:42 UTC 2020 - Tomáš Chvátal + +- Fix minor issues found in the staging. + +------------------------------------------------------------------- +Wed Jul 15 06:13:33 UTC 2020 - Tomáš Chvátal + +- Do not set ourselves as primary interpreter + +------------------------------------------------------------------- +Tue Jul 14 20:45:11 UTC 2020 - Matej Cepl + +- Update to 3.9.0b4: + - PEP 584, Union Operators in dict + - PEP 585, Type Hinting Generics In Standard Collections + - PEP 593, Flexible function and variable annotations + - PEP 602, Python adopts a stable annual release cadence + - PEP 615, Support for the IANA Time Zone Database in the + Standard Library + - PEP 616, String methods to remove prefixes and suffixes + - PEP 617, New PEG parser for CPython + - bpo#38379, garbage collection does not block on resurrected + objects; + - bpo#38692, os.pidfd_open added that allows process + management without races and signals; + - bpo#39926, Unicode support updated to version 13.0.0; + - bpo#1635741, when Python is initialized multiple times in + the same process, it does not leak memory anymore; + - A number of Python builtins (range, tuple, set, frozenset, + list, dict) are now sped up using PEP 590 vectorcall; + - A number of Python modules (_abc, audioop, _bz2, _codecs, + _contextvars, _crypt, _functools, _json, _locale, operator, + resource, time, _weakref) now use multiphase initialization + as defined by PEP 489; + - A number of standard library modules (audioop, ast, grp, + _hashlib, pwd, _posixsubprocess, random, select, struct, + termios, zlib) are now using the stable ABI defined by + PEP 384. +- Remove upstreamed patches: + - F00102-lib64.patch + - SUSE-FEDORA-multilib.patch + - OBS_dev-shm.patch + - subprocess-raise-timeout.patch + - bpo36302-sort-module-sources.patch + - bpo40784-Fix-sqlite3-deterministic-test.patch + +------------------------------------------------------------------- +Fri Jul 10 10:55:15 UTC 2020 - Tomáš Chvátal + +- Update pre_checkin.sh and regenerate + +------------------------------------------------------------------- +Fri Jul 10 10:11:39 UTC 2020 - Tomáš Chvátal + +- Convert few dependencies to their pkgconfig counterparts + +------------------------------------------------------------------- +Fri Jul 10 10:08:48 UTC 2020 - Tomáš Chvátal + +- Remove release requirement on libpython, it is not really needed + to be equal as the abi changes with versions + +------------------------------------------------------------------- +Fri Jul 10 10:07:50 UTC 2020 - Tomáš Chvátal + +- Add provides python3-bla on all the subpkgs in case we are + primary provider of the functionality + +------------------------------------------------------------------- +Fri Jul 10 10:02:01 UTC 2020 - Tomáš Chvátal + +- Remove unversioned files from devel subpkg too +- Remove main python3 files from -base based whether we are + primary interpreter or not +- Fix idle to be co-installable +- Add condition to be primary to provide/obsolete python3-* +- Fix doc to build in versioned folder so the pythons can be + installed next to each other + +------------------------------------------------------------------- +Fri Jul 10 07:57:10 UTC 2020 - Tomáš Chvátal + +- Revert the full versioning of calls on the macros. These + are generic so they should really just call python3 X + +------------------------------------------------------------------- +Fri Jul 10 07:56:11 UTC 2020 - Tomáš Chvátal + +- For the doc package we can build with generic flavor, we don't + need the our-interpreter based one + +------------------------------------------------------------------- +Fri Jul 10 07:18:53 UTC 2020 - Tomáš Chvátal + +- Add provides for pytohn3X-typing/etc to allow BR on those still + to work when needed + +------------------------------------------------------------------- +Fri Jul 10 07:14:33 UTC 2020 - Tomáš Chvátal + +- Change macros.python3 to use full versioned 3.8 instead of just 3 + for python interpreter + +------------------------------------------------------------------- +Wed Jul 1 11:50:19 UTC 2020 - Tomáš Chvátal + +- Reduce some now unused conditionals + +------------------------------------------------------------------- +Wed Jul 1 11:00:40 UTC 2020 - Tomáš Chvátal + +- Redux the -base dependencies to match up pre-merge layout + +------------------------------------------------------------------- +Wed Jul 1 09:24:39 UTC 2020 - Tomáš Chvátal + +- Generate baselibs in pre-checkin too + +------------------------------------------------------------------- +Wed Jul 1 09:14:33 UTC 2020 - Tomáš Chvátal + +- Generate the importlib-failed using pre_checking again +- Add back the information about skipped tests on the pre_checkin + output + +------------------------------------------------------------------- +Tue Jun 30 07:11:19 UTC 2020 - Tomáš Chvátal + +- Use %python_pkg_name instead of hardcoding python3 where + applicable +- Sort out preamble with spec-cleaner + +------------------------------------------------------------------- +Mon Jun 29 14:36:10 UTC 2020 - Matej Cepl + +- Calculate required variables instead of relying on their continuous manual update + +------------------------------------------------------------------- +Thu Jun 25 10:44:08 UTC 2020 - Tomáš Chvátal + +- Fix the -base module build again to generate only the deps + we need + +------------------------------------------------------------------- +Wed Jun 17 18:42:51 UTC 2020 - Matej Cepl + +- Replace OBS_dev-shm.patch with the upstream PR#20944 + +------------------------------------------------------------------- +Thu Jun 10 14:30:15 UTC 2020 - Tomáš Chvátal + +- Use the %{python_pkg_name} on more places to allow easier + multiversioning +- Switch to _multibuild approach for easier maintenance of this + package. All is now in one spec file with 3 conditionals: + * bcond_with base + * bcond_with doc + * bcond_with general + +------------------------------------------------------------------- +Mon Jun 8 14:26:00 UTC 2020 - Matej Cepl + +- add requires python3-base on libpython subpackage (bsc#1167008) + +------------------------------------------------------------------- +Fri Jun 5 06:08:12 UTC 2020 - Dirk Mueller + +- build against Sphinx 2.x until python is compatible with + Sphinx 3.x (see gh#python/cpython#19397, bpo#40204) + +------------------------------------------------------------------- +Fri May 29 19:59:01 UTC 2020 - Andreas Stieger + +- Fix build with SQLite 3.32 (bpo#40783) + add bpo40784-Fix-sqlite3-deterministic-test.patch + +------------------------------------------------------------------- +Sun May 17 15:37:35 UTC 2020 - Callum Farmer + +- Update to version 3.8.3: + - Complete list of changes is available at + https://docs.python.org/release/3.8.3/whatsnew/changelog.html#python-3-8-3-final, + but most of them are just bugfixes. + - Removed patch CVE-2020-8492-urllib-ReDoS.patch: contained in upstream + +------------------------------------------------------------------- +Thu Apr 16 12:06:01 UTC 2020 - Matej Cepl + +- Add #!BuildIgnore: gdk-pixbuf-loader-rsvg to python3 SPEC + +------------------------------------------------------------------- +Thu Mar 26 15:36:55 UTC 2020 - Matej Cepl + +- Add patch bsc1167501-invalid-alignment.patch + (bsc#1167501, bpo#40052) to fix alignment in abstract.h header file. + +------------------------------------------------------------------- +Wed Mar 11 11:09:41 UTC 2020 - Andreas Schwab + +- Update list of skipped tests for qemu linux-user build, test_setegid + (test.test_os.PosixUidGidTests) is confusing it + +------------------------------------------------------------------- +Thu Mar 5 18:40:29 UTC 2020 - Matej Cepl + +- Update to 3.8.2: + - Complete list of changes is available at + https://docs.python.org/release/3.8.2/whatsnew/changelog.html#python-3-8-2-final, + but most of them are just bugfixes. + - Updated patches: + - F00102-lib64.patch + - OBS_dev-shm.patch + - SUSE-FEDORA-multilib.patch + - subprocess-raise-timeout.patch + +------------------------------------------------------------------- +Sun Feb 9 00:14:24 CET 2020 - Matej Cepl + +- Add CVE-2020-8492-urllib-ReDoS.patch fixing the security bug + "Python urrlib allowed an HTTP server to conduct Regular + Expression Denial of Service (ReDoS)" (bsc#1162367) + +------------------------------------------------------------------- +Sat Feb 8 22:21:10 CET 2020 - Matej Cepl + +- Add Requires: libpython%{so_version} == %{version}-%{release} + to python3-base to keep both packages always synchronized + (bsc#1162224). + +------------------------------------------------------------------- +Mon Feb 3 20:27:54 UTC 2020 - Tomáš Chvátal + +- Do not pull in bluez in base again, explain the cycle, + it needs to be solved by bluez maintainer for us by providing + just the headers separately + +------------------------------------------------------------------- +Mon Feb 3 19:54:25 UTC 2020 - Tomáš Chvátal + +- Reame idle icons to idle3 in order to not conflict with python2 + variant of the package + * renamed the icons + * renamed icon load in desktop file + +------------------------------------------------------------------- +Thu Jan 16 09:50:03 UTC 2020 - Tomáš Chvátal + +- Add importlib_resources provide/obsolete as it is integral + part of the lang since 3.7 release + +------------------------------------------------------------------- +Mon Jan 13 11:10:47 UTC 2020 - Martin Liška + +- Add -fno-semantic-interposition as it brings speed up: + https://fedoraproject.org/wiki/Changes/PythonNoSemanticInterpositionSpeedup + +------------------------------------------------------------------- +Thu Dec 19 16:25:26 CET 2019 - Matej Cepl + +- Update to 3.8.1: + - This is mainly bugfix release and no significant changes to + API are expected. The full changelog is available on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-1 + - Remove bpo-38688_shutil.copytree_prevent-infinite-recursion.patch, + which is included in the upstream tarball. + +------------------------------------------------------------------- +Thu Dec 19 14:57:32 CET 2019 - Matej Cepl + +- Add bpo-31046_ensurepip_honours_prefix.patch which makes + ensurepip to honour the value of $(prefix). Proposed fix for + bpo#31046.. + +------------------------------------------------------------------- +Tue Dec 10 11:07:16 UTC 2019 - Tomáš Chvátal + +- Move bluez-devel dependency to base as it is needed for + socket.AF_BLUETOOTH and otherwise does not work + +------------------------------------------------------------------- +Mon Dec 2 16:52:32 CET 2019 - Matej Cepl + +- Reintroduce QtHelp with the help of the new BR + python-sphinxcontrib-qthelp. + +------------------------------------------------------------------- +Mon Oct 21 18:51:00 UTC 2019 - Stefan Brüns + +- Fix SUSE-FEDORA-multilib.patch, the platform agnostic infix for + library installation is "lib", not "dir". + +------------------------------------------------------------------- +Thu Oct 17 14:19:20 UTC 2019 - Stefan Brüns + +- Move idle subpackage build from python3-base to python3. + appstream-glib required for packaging introduces considerable + extra dependencies and a build loop via rust/librsvg. +- Correct installation of idle IDE icons: + + idle.png is not the target directory + + non-GNOME-specific icons belong into icons/hicolor +- Add required Name key to idle3 desktop file + +------------------------------------------------------------------- +Tue Oct 15 16:39:12 CEST 2019 - Matej Cepl + +- Update to the final release 3.8.0. . + - New Features: + - Assignment expressions + - Positional-only parameters + - Parallel filesystem cache for compiled bytecode files + - Debug build uses the same ABI as release build + - f-strings support = for self-documenting expressions and + debugging + - PEP 578: Python Runtime Audit Hooks + - PEP 587: Python Initialization Configuration + - Vectorcall: a fast calling protocol for CPython + - Pickle protocol 5 with out-of-band data buffers + - New modules: + - importlib.metadata + - Improved modules: + - ast asyncio, builtins, collections, curses, ctypes, + datetime, functools, gc, gettext, gzip, idelib and IDLE, + inspect, io, json.tool, math, mmap, multiprocessing, os, + os.path, pathlib, pickle, plistlib, py_compile, shlex, + shutil, socket, ssl, statistics, sys, tarfile, threading, + tokenize, tkinter, time, typing, unicodedata, unittest, + venv, weakref, xml + - C API improvements + - bdist_winnst command has been deprecated (use bdist_wheel) +- https://docs.python.org/3.8/whatsnew/3.8.html remains rest of + changes including documentation on how to port your programs to + the current version of Python. + +------------------------------------------------------------------- +Mon Oct 14 15:02:08 CEST 2019 - Matej Cepl + +- Add idle3.appdata.xml and idle3.desktop (originally from + Fedora) to make Idle3 full GUI desktop application. + (bsc#1153830) + +------------------------------------------------------------------- +Wed Oct 9 19:09:16 UTC 2019 - Michael Gorse + +- Drop intltool from BuildRequires. Doesn't appear to be used. + +------------------------------------------------------------------- +Wed Oct 9 10:37:59 UTC 2019 - Tomáš Chvátal + +- Add folder version to allow tarball downloads even for beta/rc + releases + +------------------------------------------------------------------- +Tue Oct 8 14:53:54 CEST 2019 - Matej Cepl + +- Revert patches from Fedora (F00102-lib64.patch and + F00251-change-user-install-location.patch) into their original + prisitine Fedora versions, SUSE-FEDORA-multilib.patch refreshed + accordingly. + +------------------------------------------------------------------- +Mon Oct 7 14:33:30 UTC 2019 - Matej Cepl + +- Correct quotation of platsubdir in Lib/distutils/command/install.py + +------------------------------------------------------------------- +Thu Oct 3 13:59:57 CEST 2019 - Matej Cepl + +- Replace python-3.6.0-multilib.patch with two patches from + Fedora (F00102-lib64.patch and + F00251-change-user-install-location.patch), and our own + SUSE-FEDORA-multilib.patch to allow better cooperation with + Fedora and better upstreaming. +- Add OBS_dev-shm.patch fixing bpo#38377 + +------------------------------------------------------------------- +Thu Oct 3 08:39:18 UTC 2019 - Tomáš Chvátal + +- Pull in just gettext and let solver to sort out between: + gettext-runtime-mini and gettext-runtime + +------------------------------------------------------------------- +Wed Oct 2 15:00:09 CEST 2019 - Matej Cepl + +- Update to 3.8.0rc1. Overall changes from 3.7: + - PEP 572, Assignment expressions + - PEP 570, Positional-only arguments + - PEP 587, Python Initialization Configuration (improved + embedding) + - PEP 590, Vectorcall: a fast calling protocol for CPython + - PEP 578, Runtime audit hooks + - PEP 574, Pickle protocol 5 with out-of-band data + - Typing-related: PEP 591 (Final qualifier), PEP 586 (Literal + types), and PEP 589 (TypedDict) + - Parallel filesystem cache for compiled bytecode + - Debug builds share ABI as release builds, also the 'm' ABI + tag was removed (irrelevant since 3.4), bpo#36707 + - f-strings support a handy = specifier for debugging + - continue is now legal in finally: blocks + - on Windows, the default asyncio event loop is now + ProactorEventLoop + - on macOS, the spawn start method is now used by default in + multiprocessing + - multiprocessing can now use shared memory segments to avoid + pickling costs between processes + - typed_ast is merged back to CPython + - LOAD_GLOBAL is now 40% faster + - pickle now uses Protocol 4 by default, improving performance +- Refreshed patches: + - CVE-2019-5010-null-defer-x509-cert-DOS.patch + - python-3.3.0b1-fix_date_time_compiler.patch + - python-3.6.0-multilib.patch + - subprocess-raise-timeout.patch + +------------------------------------------------------------------- +Wed Sep 25 09:46:41 UTC 2019 - Bernhard Wiedemann + +- Add bpo36302-sort-module-sources.patch (boo#1041090) + +------------------------------------------------------------------- +Tue Sep 10 13:43:18 UTC 2019 - Tomáš Chvátal + +- Try harder obsoleting importlib-metadata + +------------------------------------------------------------------- +Sat Aug 31 00:16:47 CEST 2019 - Matej Cepl + +- Update to 3.8.0b4: + Many bugfixes, full list on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-0-beta-4 + +------------------------------------------------------------------- +Thu Aug 29 06:28:15 UTC 2019 - Guillaume GARDET + +- Re-enable test_threading on aarch64 + +------------------------------------------------------------------- +Sat Aug 17 13:21:15 UTC 2019 - John Vandenberg + +- Remove xrpm from subpackage tk description + +------------------------------------------------------------------- +Tue Aug 6 14:24:55 CEST 2019 - Matej Cepl + +- Update to 3.8.0b3: + Many bugfixes, full list on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-0-beta-3 +- Patches reapplied: + - python-3.3.0b1-fix_date_time_compiler.patch + - python-3.3.0b1-test-posix_fadvise.patch + - python-3.6.0-multilib.patch + - subprocess-raise-timeout.patch + +------------------------------------------------------------------- +Tue Jul 23 13:20:49 UTC 2019 - Matej Cepl + +- Add Provides: python3-importlib-metadata + +------------------------------------------------------------------- +Sun Jul 7 19:08:48 CEST 2019 - Matej Cepl + +- Update to 3.8.0b2: + Many bugfixes, full list on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-0-beta-2 +- Patches included in upstream: + - bpo-37169_PyObject_IsFreed.patch +- Patches reapplied: + - 00251-change-user-install-location.patch + - distutils-reproducible-compile.patch + - python-3.3.0b1-localpath.patch + - python-3.6.0-multilib.patch + +------------------------------------------------------------------- +Tue Jul 2 09:03:04 UTC 2019 - Andreas Schwab + +- Update list of skipped tests for qemu linux-user build +- Don't do profiling in qemu linux-user build + +------------------------------------------------------------------- +Wed Jun 5 12:19:09 CEST 2019 - Matej Cepl + +- Update to 3.8.0b1 (changes since 3.7.*): + - PEP 572, Assignment expressions + - PEP 570, Positional-only arguments + - PEP 587, Python Initialization Configuration (improved embedding) + - PEP 590, Vectorcall: a fast calling protocol for CPython + - PEP 578, Runtime audit hooks + - PEP 574, Pickle protocol 5 with out-of-band data + - Typing-related: PEP 591 (Final qualifier), PEP 586 (Literal + types), and PEP 589 (TypedDict) + - Parallel filesystem cache for compiled bytecode + - Debug builds share ABI as release builds + - f-strings support a handy = specifier for debugging + - continue is now legal in finally: blocks + - multiprocessing can now use shared memory segments to avoid + pickling costs between processes + - typed_ast is merged back to CPython + - LOAD_GLOBAL is now 40% faster + - pickle now uses Protocol 4 by default, improving performance +- Remove patches which were included in the upstream: + - 00251-change-user-install-location.patch + - 00316-mark-bdist_wininst-unsupported.patch + - CVE-2019-9947-no-ctrl-char-http.patch + - raise_SIGING_not_handled.patch + +------------------------------------------------------------------- +Wed May 22 10:53:03 UTC 2019 - Martin Liška + +- Set _lto_cflags to nil as the package is using LTO via --enable-lto. + That will prevent to propage LTO for Python modules that are + built in a separate package. + +------------------------------------------------------------------- +Sat May 4 21:29:20 CEST 2019 - Matej Cepl + +- Update to 3.8.0.a3: + - PEP 572: Assignment Expressions. + - Other (mostly small) changes are on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-0-alpha-3 + +------------------------------------------------------------------- +Mon Apr 29 15:40:34 CEST 2019 - Matej Cepl + +- bsc#1130840 (CVE-2019-9947): add CVE-2019-9947-no-ctrl-char-http.patch + Address the issue by disallowing URL paths with embedded + whitespace or control characters through into the underlying + http client request. Such potentially malicious header + injection URLs now cause a ValueError to be raised. + +------------------------------------------------------------------- +Wed Apr 10 10:22:58 CEST 2019 - Matej Cepl + +- Fix metadata of patches. +- Rename boo1071941-make-install-in-sep-loc.patch to + 00251-change-user-install-location.patch which is the original + name, so it can be looked up in the Fedora VCS. + +------------------------------------------------------------------- +Tue Apr 9 04:55:24 UTC 2019 - John Vandenberg + +- Mark distutils bdist_wininst command unsupported + with 00316-mark-bdist_wininst-unsupported.patch +- Remove Windows bdist_wininst executables from runtime package + +------------------------------------------------------------------- +Tue Apr 9 01:21:45 CEST 2019 - Matej Cepl + +- Update to 3.7.3, which is the maintenance release without any + significant changes in API. + - Updated patches: + - CVE-2019-5010-null-defer-x509-cert-DOS.patch + - distutils-reproducible-compile.patch + - python-3.3.0b1-fix_date_time_compiler.patch + - python-3.6.0-multilib.patch + - raise_SIGING_not_handled.patch + +------------------------------------------------------------------ +Wed Mar 20 14:59:58 UTC 2019 - Matěj Cepl + +- Remove building of Qt Develop help files. + +------------------------------------------------------------------- +Fri Mar 15 15:10:30 CET 2019 - Matej Cepl + +- Return distutils-reproducible-compile.patch which is still + missing (still unfinished bpo#29708). + +------------------------------------------------------------------- +Mon Feb 25 23:30:56 CET 2019 - Matej Cepl + +- Update to 3.8.0a2: + * List of all (mostly small) changes are on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-0-alpha-2 + +------------------------------------------------------------------- +Tue Feb 12 10:25:52 CET 2019 - Matej Cepl + +- Build nis module again. + +------------------------------------------------------------------- +Tue Feb 12 10:06:17 CET 2019 - Matej Cepl + +- Update to 3.8.0a1: + * The most visible change so far is probably the + implementation of PEP 572: Assignment Expressions. For + a detailed list of changes, see: + https://docs.python.org/3.8/whatsnew/changelog.html + * Recover building of nis module properly in python3 package +- Update patches: + * CVE-2019-5010-null-defer-x509-cert-DOS.patch + * python-3.3.0b1-fix_date_time_compiler.patch + * python-3.3.0b1-test-posix_fadvise.patch + * python-3.6.0-multilib.patch + * raise_SIGING_not_handled.patch + +------------------------------------------------------------------- +Wed Jan 30 18:07:49 CET 2019 - mcepl@suse.com + +- Put LICENSE file where it belongs (bsc#1121852) + +------------------------------------------------------------------- +Sat Jan 19 16:19:38 CET 2019 - mcepl@suse.com + +- bsc#1122191: add CVE-2019-5010-null-defer-x509-cert-DOS.patch + fixing bpo-35746. + An exploitable denial-of-service vulnerability exists in the + X509 certificate parser of Python.org Python 2.7.11 / 3.7.2. + A specially crafted X509 certificate can cause a NULL pointer + dereference, resulting in a denial of service. An attacker can + initiate or accept TLS connections using crafted certificates + to trigger this vulnerability. + +------------------------------------------------------------------- +Tue Jan 8 12:51:01 UTC 2019 - Tomáš Chvátal + +- Do not require full gettext in order to avoid pulling in the + glib2 as a dependency + +------------------------------------------------------------------- +Tue Jan 8 12:25:27 UTC 2019 - Tomáš Chvátal + +- Update to 3.7.2: + * bugfix release: + https://docs.python.org/3.7/whatsnew/changelog.html#changelog + +------------------------------------------------------------------- +Wed Jan 2 12:51:48 CET 2019 - mcepl@suse.com + +- Stop applying python-3.6.0-multilib-new.patch (which is still + WIP), and apply the old proven python-3.6.0-multilib.patch + instead. + +------------------------------------------------------------------- +Wed Dec 19 19:29:44 UTC 2018 - Todd R + +- Use upstream-recommended %{_rpmconfigdir}/macros.d directory + for the rpm macros. + +------------------------------------------------------------------- +Mon Dec 17 17:24:49 CET 2018 - mcepl@suse.com + +- Upgrade to 3.7.2rc1: + * bugfix release, for the full list of all changes see + https://docs.python.org/3.7/whatsnew/changelog.html#changelog +- Make run of the test suite more verbose + +------------------------------------------------------------------- +Tue Dec 11 01:52:45 UTC 2018 - Jan Engelhardt + +- Write summaries without em dashes. + +------------------------------------------------------------------- +Mon Dec 3 13:27:54 UTC 2018 - Matěj Cepl + +- Remove python-3.3.0b1-curses-panel.patch it is unnecessary anymore. +- Add boo1071941-make-install-in-sep-loc.patch to make pip and + distutils in user environment install into separate location + (boo#1071941) + + Set values of prefix and exec_prefix in distutils install + command to /usr/local if executable is /usr/bin/python* and RPM + build is not detected to make pip and distutils install into + separate location +- Remove finally python-3.3.3-skip-distutils-test_sysconfig_module.patch +- Remove distutils-reproducible-compile.patch which doesn't make + really much difference in reproducibility (see + gh#python/cpython#8057 and discussion there). + +------------------------------------------------------------------- +Sat Dec 1 00:14:28 CET 2018 - mcepl@suse.com + +- Rename Stop_hash-based_invalidation_w_SOURCE_DATE_EPOCH.patch + to bpo34022-stop_hash-based_invalidation_w_SOURCE_DATE_EPOCH.patch + +------------------------------------------------------------------- +Wed Nov 7 12:10:41 CET 2018 - mcepl@suse.com + +- Add dependency on bluez-devel to build support for Bluetooth + (boo#1109998) + +------------------------------------------------------------------- +Tue Nov 6 13:52:45 CET 2018 - mcepl@suse.com + +- Add devhelp subpackage and split qthelp into another + subpackage. + +------------------------------------------------------------------- +Wed Oct 24 12:38:00 UTC 2018 - Matěj Cepl + +- Remove python-3.0b1-record-rpm.patch and + Python-3.0b1-record-rpm.patch, as they are not needed anymore + +------------------------------------------------------------------- +Tue Oct 23 14:14:16 UTC 2018 - Matej Cepl + +- Switch off test_threading for optimization builds. + +------------------------------------------------------------------- +Mon Oct 22 14:41:59 CEST 2018 - mcepl@suse.com + +- Update to python-3.7.1. This is just a brief overview, complete + changelog available at + https://docs.python.org/3.7/whatsnew/changelog.html#python-3-7-1-final: + Library + bpo-34970: Protect tasks weak set manipulation in asyncio.all_tasks() +- Patches already accepted upstream are removed: + * 00307-allow-to-call-Py_Main-after-Py_Initialize.patch + * 00308-tls-1.3.patch +- New patches added: + * Stop_hash-based_invalidation_w_SOURCE_DATE_EPOCH.patch + * raise_SIGING_not_handled.patch +- All other patches refreshed via quilt. + +------------------------------------------------------------------- +Mon Oct 22 12:22:19 UTC 2018 - Matej Cepl + +- Add raise_SIGING_not_handled.patch to fix bsc#1094814 + +------------------------------------------------------------------- +Wed Oct 17 14:04:35 UTC 2018 - Tomáš Chvátal + +- Add patch to fix importlib return types: + * python3-imp-returntype.patch + +------------------------------------------------------------------- +Mon Oct 15 13:46:32 CEST 2018 - mcepl@suse.com + +- bpo-34022 still not completely fixed, so we have to keep + excluding test_cmd_line_script, + test_multiprocessing_main_handling, and test_runpy from the + test suite. + +------------------------------------------------------------------- +Sun Oct 14 15:57:24 UTC 2018 - Matej Cepl + +- Update to python 3.7.1~rc2: + Core and Builtins + bpo-34879: Fix a possible null pointer dereference in + bytesobject.c. Patch by Zackery Spytz. + bpo-34854: Fixed a crash in compiling string annotations + containing a lambda with a keyword-only argument that + doesn’t have a default value. + bpo-34320: Fix dict(od) didn’t copy iteration order of + OrderedDict. + Library + bpo-34769: Fix for async generators not finalizing when event + loop is in debug mode and garbage collector runs in another + thread. + bpo-34922: Fixed integer overflow in the digest() and + hexdigest() methods for the SHAKE algorithm in the hashlib + module. + bpo-34900: Fixed unittest.TestCase.debug() when used to call + test methods with subtests. Patch by Bruno Oliveira. + bpo-34871: Fix inspect module polluted sys.modules when parsing + __text_signature__ of callable. + bpo-34872: Fix self-cancellation in C implementation of + asyncio.Task + bpo-34819: Use a monotonic clock to compute timeouts in + Executor.map() and as_completed(), in order to prevent + timeouts from deviating when the system clock is adjusted. + bpo-34334: In QueueHandler, clear exc_text from LogRecord to + prevent traceback from being written twice. + bpo-6721: Acquire the logging module’s commonly used internal + locks while fork()ing to avoid deadlocks in the child + process. + bpo-34172: Fix a reference issue inside multiprocessing.Pool + that caused the pool to remain alive if it was deleted + without being closed or terminated explicitly. + Documentation + bpo-32174: chm document displays non-ASCII charaters properly on + some MBCS Windows systems. + Tests + bpo-32962: Fixed test_gdb when Python is compiled with flags + -mcet -fcf-protection -O0. + C API + bpo-34910: Ensure that PyObject_Print() always returns -1 on + error. Patch by Zackery Spytz. + +------------------------------------------------------------------- +Fri Oct 12 20:46:58 CEST 2018 - mcepl@suse.com + +- Add Stop_hash-based_invalidation_w_SOURCE_DATE_EPOCH.patch to + fix problems with SOURCE_DATE_EPOCH variable (bpo-34022) + +------------------------------------------------------------------- +Mon Sep 17 09:44:02 UTC 2018 - Tomáš Chvátal + +- Add patch to fix build with tls1.3 supported openssl + * 00308-tls-1.3.patch +- Add patch to fix Py_Main calls after Py_initialize + * 00307-allow-to-call-Py_Main-after-Py_Initialize.patch + +------------------------------------------------------------------- +Mon Sep 3 15:22:42 UTC 2018 - Matěj Cepl + +- Add -fwrapv to OPTS, which is default for python3 anyway + See for example https://github.com/zopefoundation/persistent/issues/86 + for bugs which are caused by avoiding it. + +------------------------------------------------------------------- +Tue Jul 10 11:12:32 UTC 2018 - mcepl@suse.com + +- Fix ownership of _contextvars, _queue, and _xxtestfuzz + +------------------------------------------------------------------- +Tue Jul 3 15:04:48 UTC 2018 - mcepl@suse.com + +- Switch off LTO for distros with older GCC +- Fix %files + +------------------------------------------------------------------- +Fri Jun 29 14:20:03 UTC 2018 - tchvatal@suse.com + +- Add dependency over libuuid-devel + +------------------------------------------------------------------- +Thu Jun 28 10:42:15 UTC 2018 - mimi.vx@gmail.com + +- update to python 3.7.0 + Complete overview of changes is available on + https://docs.python.org/3/whatsnew/3.7.html, these are just + highlights: + * PEP 563, postponed evaluation of type annotations. + * async and await are now reserved keywords. + * New library modules: + contextvars: PEP 567 – Context Variables + dataclasses: PEP 557 – Data Classes + importlib.resources + * New built-in features: + PEP 553, the new breakpoint() function. + * Python data model improvements: + PEP 562, customization of access to module attributes. + PEP 560, core support for typing module and generic types. + the insertion-order preservation nature of dict objects + has been declared to be an official part of the Python + language spec. + * Significant improvements in the standard library: + The asyncio module has received new features, significant + usability and performance improvements. + The time module gained support for functions with + nanosecond resolution. + * CPython implementation improvements: + Avoiding the use of ASCII as a default text encoding: + PEP 538, legacy C locale coercion + PEP 540, forced UTF-8 runtime mode + PEP 552, deterministic .pycs + the new development runtime mode + PEP 565, improved DeprecationWarning handling + * C API improvements: + PEP 539, new C API for thread-local storage + * Documentation improvements: + PEP 545, Python documentation translations + New documentation translations: Japanese, French, and Korean. +- drop python3-sorted_tar.patch +- drop 0001-allow-for-reproducible-builds-of-python-packages.patch +- refresh python-3.6.0-multilib-new.patch +- refresh subprocess-raise-timeout.patch + * new C API for thread-local storage + * Deterministic pyc files + * Built-in breakpoint() + * Data Classes + * Core support for typing module and generic types + * Customization of access to module attributes + * Postponed evaluation of annotations + * Time functions with nanosecond resolution + * Improved DeprecationWarning handling + * Context Variables + * Avoiding the use of ASCII as a default text encoding + (PEP 538, legacy C locale coercion and PEP 540, forced UTF-8 runtime mode) + * The insertion-order preservation nature of dict objects is now + an official part of the Python language spec. + * Notable performance improvements in many areas. + +------------------------------------------------------------------- +Thu May 17 18:26:42 UTC 2018 - hpj@urpla.net + +- disable lto with gcc versions below 7 (results in link failures) + +------------------------------------------------------------------- +Mon Apr 30 15:23:24 UTC 2018 - jengelh@inai.de + +- Use faster find subcommand execution strategies. + +------------------------------------------------------------------- +Fri Apr 20 16:17:29 UTC 2018 - tchvatal@suse.com + +- Do not mention the testsuite disabling in opts as it was moved to + main pkg so base is test-free + +------------------------------------------------------------------- +Tue Apr 17 08:36:08 UTC 2018 - tchvatal@suse.com + +- As we run in main python package do not generate the pre_checkin + from both now + +------------------------------------------------------------------- +Mon Apr 16 14:11:56 UTC 2018 - tchvatal@suse.com + +- Move the tests from base to generic package wrt bsc#1088573 + * We still fail the whole distro if python3 is not build + * The other archs than x86_64 took couple of hours to unblock + build of other software, this way we work around the issue +- Some tests are still run in -base for the LTO tweaking, but at + least it is not run twice + +------------------------------------------------------------------- +Sat Mar 31 19:41:12 UTC 2018 - mimi.vx@gmail.com + +- update to 3.6.5 + * bugfix release + * see Misc/NEWS for details +- drop ctypes-pass-by-value.patch +- drop fix-localeconv-encoding-for-LC_NUMERIC.patch +- refresh python-3.6.0-multilib-new.patch + +------------------------------------------------------------------ +Wed Mar 7 09:16:39 UTC 2018 - adam@mizerski.pl + +- Created %so_major and %so_minor macros +- Put Tools/gdb/libpython.py script into proper place and ship it with devel + subpackage. + +------------------------------------------------------------------- +Tue Feb 20 15:04:56 UTC 2018 - schwab@suse.de + +- ctypes-pass-by-value.patch: Fix pass by value for structs on aarch64 + +------------------------------------------------------------------- +Tue Feb 20 14:28:00 UTC 2018 - bwiedemann@suse.com + +- Add python3-sorted_tar.patch (boo#1081750) + +------------------------------------------------------------------- +Tue Feb 20 14:08:57 UTC 2018 - tchvatal@suse.com + +- Drop python3-tk and python3-idle recommends to reduce python3 + always pulling X stack bsc#1081751 + +------------------------------------------------------------------- +Wed Feb 7 09:10:03 UTC 2018 - tchvatal@suse.com + +- Add patch to fix glibc 2.27 fail bsc#1079761: + * fix-localeconv-encoding-for-LC_NUMERIC.patch + +------------------------------------------------------------------- +Mon Feb 5 17:14:43 UTC 2018 - normand@linux.vnet.ibm.com + +- Update skip_random_failing_tests.patch (for PowerPC) + to avoid test_call_later failure + +------------------------------------------------------------------- +Wed Jan 24 14:35:58 UTC 2018 - jmatejek@suse.com + +- move XML modules and python3-xml provide to python3-base + (fixes bsc#1077230) +- move ensurepip to base + +------------------------------------------------------------------- +Thu Jan 18 12:31:47 UTC 2018 - normand@linux.vnet.ibm.com + +- Add skip_random_failing_tests.patch only for PowerPC + +------------------------------------------------------------------- +Wed Jan 3 12:18:51 UTC 2018 - jmatejek@suse.com + +- update to 3.6.4 + * bugfix release, over a hundred bugs fixed + * see Misc/NEWS for details +- drop upstreamed python3-ncurses-6.0-accessors.patch +- drop PYTHONSTARTUP hooks that cause spurious startup errors + * fixes bsc#1070738 + * the relevant feature (REPL history) is now built into Python itself + +------------------------------------------------------------------- +Sat Dec 2 11:11:46 UTC 2017 - dimstar@opensuse.org + +- Install 2to3-%{python_version} executable (override defattr of + the -tools package). 2to3 (unversioned) is a symlink and does not + carry permissions (bsc#1070853). + +------------------------------------------------------------------- +Thu Nov 16 11:02:18 UTC 2017 - mimi.vx@gmail.com + +- move 2to3 to python3-tools package + +------------------------------------------------------------------- +Wed Oct 11 13:15:23 UTC 2017 - jmatejek@suse.com + +- update to 3.6.3 + * bugfix release, over a hundred bugs fixed + * see Misc/NEWS for details +- drop upstreamed 0001-3.6-bpo-30714-ALPN-changes-for-OpenSSL-1.1.0f-3093.patch + +------------------------------------------------------------------- +Wed Sep 20 09:54:05 UTC 2017 - dmueller@suse.com + +- drop python-2.7-libffi-aarch64.patch: this patches the intree + copy of libffi which is unused/deleted in the line afterwards +- fix build against system libffi: include flags weren't set + so it actually used the in-tree libffi headers. + +------------------------------------------------------------------- +Thu Sep 14 13:23:10 UTC 2017 - vcizek@suse.com + +- Fix test broken with OpenSSL 1.1 (bsc#1042670) + * add 0001-3.6-bpo-30714-ALPN-changes-for-OpenSSL-1.1.0f-3093.patch + +------------------------------------------------------------------- +Tue Sep 5 11:47:05 UTC 2017 - jengelh@inai.de + +- Update RPM group for python documentation. + +------------------------------------------------------------------- +Thu Aug 31 08:39:31 UTC 2017 - schwab@suse.de + +- fix missing %{?armsuffix} + +------------------------------------------------------------------- +Wed Aug 30 13:41:38 UTC 2017 - jmatejek@suse.com + +- distutils-reproducible-compile.patch: ensure distutils order files + before compiling, which works around bsc#1049186 + +------------------------------------------------------------------- +Thu Aug 17 08:59:05 CEST 2017 - kukuk@suse.de + +- Add libnsl-devel build requires for glibc obsoleting libnsl + +------------------------------------------------------------------- +Thu Aug 3 16:09:26 UTC 2017 - jmatejek@suse.com + +- update to 3.6.2 + * bugfix release, over a hundred bugs fixed + * see Misc/NEWS for details +- drop upstreamed test-socket-aead-kernel49.patch +- add Provides: python3-typing (fixes bsc#1050653) +- drop duplicate Provides: python3 + +------------------------------------------------------------------- +Mon Jun 26 12:10:07 UTC 2017 - jmatejek@suse.com + +- drop db-devel from requirements + +------------------------------------------------------------------- +Tue Jun 20 09:26:52 UTC 2017 - asn@cryptomilk.org + +- Add missing link to python library in config dir (bsc#1040164) + +------------------------------------------------------------------- +Thu Mar 23 12:42:59 UTC 2017 - jmatejek@suse.com + +- update to 3.6.1 + * bugfix release, over a hundred bugs fixed + * never add import location's parent directory to sys.path + * switch to git for version control, build changes related to that + * fix "failed to get random numbers" on old kernels (bsc#1029902) + * several crashes and memory leaks corrected + * f-string are no longer accepted as docstrings + +------------------------------------------------------------------- +Mon Mar 13 14:04:22 UTC 2017 - jmatejek@suse.com + +- prevent regenerating AST at build-time more robustly +- add "--without profileopt" and "--without testsuite" options to python3-base + to allow short circuiting when working on the package + +------------------------------------------------------------------- +Sat Feb 25 20:55:57 UTC 2017 - bwiedemann@suse.com + +- Add 0001-allow-for-reproducible-builds-of-python-packages.patch + upstream https://github.com/python/cpython/pull/296 + +------------------------------------------------------------------- +Wed Feb 8 12:30:20 UTC 2017 - jmatejek@suse.com + +- reenable test_socket with AEAD patch (test-socket-aead-kernel49.patch) +- reintroduce %py3_soflags macro (and better named %cpython3_soabi equivalent) + +------------------------------------------------------------------- +Wed Jan 11 14:57:07 UTC 2017 - jmatejek@suse.com + +- update to 3.6.0 + * PEP 498 Formated string literals + * PEP 515 Underscores in numeric literals + * PEP 526 Syntax for variable annotations + * PEP 525 Asynchronous generators + * PEP 530 Asynchronous comprehensions + * PEP 506 New "secrets" module for safe key generation + * less memory consumed by dicts + * dtrace and systemtap support + * improved asyncio module + * better defaults for ssl + * new hashing algorithms in hashlib + * bytecode format changed to allow more optimizations + * "async" and "await" are on track to be reserved words + * StopIteration from generators is deprecated + * support for openssl < 1.0.2 is deprecated + * os.urandom now blocks when getrandom() blocks + * huge number of new features, bugfixes and optimizations + * see https://docs.python.org/3.6/whatsnew/3.6.html for details +- rework multilib patch: drop Python-3.5.0-multilib.patch, implement + upstreamable python-3.6.0-multilib-new.patch +- refresh python-3.3.0b1-localpath.patch, subprocess-raise-timeout.patch +- drop upstreamed Python-3.5.1-fix_lru_cache_copying.patch +- finally drop python-2.6b1-canonicalize2.patch that was not applied in source + and only kept around in case we needed it in the future. (which we don't, as it seems) +- update import_failed map and baselibs +- build ctypes against system libffi + (buildrequire libffi-devel in python3-base) +- add new key to keyring (signed by keys already in keyring) +- introduced common configure section between python3 and python3-base +- moved pyconfig.h and Makefile to devel subpackage as distutils no longer + need it at runtime +- added python-rpm-macros dependency, regenerated macros file, drop macros.python3.py + because it is not used now +- improve summaries and descriptions (fixes bsc#917607) +- enabled Link-Time Optimization, see what happens +- including skipped_tests.py in pre_checkin.sh run +- run specs through spec-cleaner, rearrange sections + +------------------------------------------------------------------- +Fri Apr 22 17:20:29 UTC 2016 - jmatejek@suse.com + +- move _hashlib and _ssl modules and tests to python3-base +- recommend python3 + +------------------------------------------------------------------- +Tue Mar 15 15:05:23 UTC 2016 - schwab@suse.de + +- Skip test_asyncio under qemu_user_space_build + +------------------------------------------------------------------- +Mon Mar 7 20:38:11 UTC 2016 - toddrme2178@gmail.com + +- Add Python-3.5.1-fix_lru_cache_copying.patch + Fix copying the lru_cache() wrapper object. + Fixes deep-copying lru_cache regression, which worked on + previous versions of python but fails on python 3.5. + This fixes a bunch of packages in devel:languages:python3. + See: https://bugs.python.org/issue25447 + +------------------------------------------------------------------- +Sun Jan 24 00:44:08 UTC 2016 - arichardson.kde@gmail.com + +- Build the docs in .qch format as well + +------------------------------------------------------------------- +Wed Dec 9 07:35:20 UTC 2015 - toddrme2178@gmail.com + +- update to 3.5.1 + * bugfix-only release, dozens of bugs fixed +- Drop upstreamed Python-3.5.0-_Py_atomic_xxx-symbols.patch +- "Python3" to "Python 3" in summary + * This seems cleaner and fixes and rpmlint warning + +------------------------------------------------------------------- +Wed Oct 14 20:21:52 UTC 2015 - toddrme2178@gmail.com + +- Add Python-3.5.0-_Py_atomic_xxx-symbols.patch + This fixes a build error for many packages that use the Python, + C-API. + This patch is already accepted upstream and is slated to appear in + python 3.5.1. + +------------------------------------------------------------------- +Tue Sep 29 15:53:24 UTC 2015 - jmatejek@suse.com + +- update to 3.5.0 + * coroutines with async/await syntax + * matrix multiplication operator `@` + * unpacking generalizations + * new modules `typing` and `zipapp` + * type annotations + * .pyo files replaced by custom suffixes for optimization levels in __pycache__ + * support for memory BIO in ssl module + * performance improvements in several modules + * and many more +- removals and behavior changes + * deprecated `__version__` is removed + * support for .pyo files was removed + * system calls are auto-retried on EINTR + * bare generator expressions in function calls now cause SyntaxError + (change "f(x for x in i)" to "f((x for x in i))" to fix) + * removed undocumented `format` member of private `PyMemoryViewObject` struct + * renamed `PyMemAllocator` to `PyMemAllocatorEx` +- redefine %dynlib macro to reflect that modules now have arch+os as part of name +- module `time` is now built-in +- dropped upstreamed patches: + python-3.4.1-fix-faulthandler.patch + python-3.4.3-test-conditional-ssl.patch + python-fix-short-dh.patch (also dropped dh2048.pem required for this patch) +- updated patch Python-3.3.0b2-multilib.patch to Python-3.5.0-multilib.patch +- python-ncurses-6.0-accessors.patch taken from python 2 to fix build failure + with new gcc + ncurses + +------------------------------------------------------------------- +Wed Sep 9 11:51:22 UTC 2015 - dimstar@opensuse.org + +- Add python3-ncurses-6.0-accessors.patch: Fix build with + NCurses 6.0 and OPAQUE_WINDOW set to 1. + +------------------------------------------------------------------- +Mon Aug 24 17:02:08 UTC 2015 - jmatejek@suse.com + +- improve import_failed hook to do the right thing when invoking + missing modules with "python3 -m modulename" (boo#942751) + +------------------------------------------------------------------- +Thu Jul 23 22:08:10 UTC 2015 - fisiu@opensuse.org + +- Build with --enable-loadable-sqlite-extensions to make it works + as geospatial database. + +------------------------------------------------------------------- +Wed Jul 1 07:07:26 UTC 2015 - dimstar@opensuse.org + +- Fix source list for previous change (add dh2048.pem). + +------------------------------------------------------------------- +Wed Jun 24 06:54:30 UTC 2015 - meissner@suse.com + +- dh2048.pem: added generated 2048 dh parameter set to fix + ssl test (bsc#935856) +- python-fix-short-dh.patch: replace the 512 bits dh parameter set + by 2048 bits to fix build with new openssl 1.0.2c (bsc#935856) + +------------------------------------------------------------------- +Tue May 19 14:59:30 UTC 2015 - schwab@suse.de + +- ctypes-libffi-aarch64.patch: remove upstreamed patch +- python-2.7-libffi-aarch64.patch: Fix argument passing in libffi for + aarch64 + +------------------------------------------------------------------- +Thu May 14 10:58:36 UTC 2015 - jmatejek@suse.com + +- drop the PDF subpackage + (removes the massive texlive dependency, and most likely nobody is + using the PDFs anyway) + +------------------------------------------------------------------- +Thu May 14 09:53:29 UTC 2015 - jmatejek@suse.com + +- python-3.4.3-test-conditional-ssl.patch - restore tests failing because + test_urllib was unconditionally importing ssl (without really needing it) +- restore functionality of multilib patch +- drop libffi-ppc64le.diff because upstream completely changed everything + yet again (sorry ppc64 folks :| ) + + +------------------------------------------------------------------- +Fri May 1 15:11:21 UTC 2015 - mailaender@opensuse.org + +- Update to version 3.4.3 +- Drop upstreamed CVE-2014-4650-CGIHTTPServer-traversal.patch + (bpo#21766) + +------------------------------------------------------------------- +Wed Mar 25 10:57:28 UTC 2015 - rguenther@suse.com + +- Add python-3.4.1-fix-faulthandler.patch, upstream patch for bogus + faulthandler which fails with GCC 5. + +------------------------------------------------------------------- +Sun Jan 11 13:01:30 UTC 2015 - p.drouand@gmail.com + +- asyncio has been merged in python3 main package; provide and + obsolete it +- Remove obsolete AUTHORS section +- Remove redundant %clean section + +------------------------------------------------------------------- +Sat Oct 18 20:14:54 UTC 2014 - crrodriguez@opensuse.org + +- Only pkgconfig(x11) is required for build, not the whole + set of packages provided by xorg-x11-devel metapackage. + +------------------------------------------------------------------- +Mon Oct 13 13:38:20 UTC 2014 - jmatejek@suse.com + +- add %python3_version rpm macro for Fedora compatibility +- add missing argument in import_failed, rename Novell Bugzilla + to SUSE Bugzilla + +------------------------------------------------------------------- +Thu Jul 31 17:24:59 UTC 2014 - dimstar@opensuse.org + +- Rename rpmlintrc to %{name}-rpmlintrc. + Follow the packaging guidelines. + +------------------------------------------------------------------- +Wed Jul 23 16:31:02 UTC 2014 - jmatejek@suse.com + +- CVE-2014-4650-CGIHTTPServer-traversal.patch: CGIHTTPServer file + disclosure and directory traversal through URL-encoded characters + (CVE-2014-4650, bnc#885882) + +------------------------------------------------------------------- +Tue Jul 22 13:55:57 UTC 2014 - jmatejek@suse.com + +- drop python-3.4.1-SUSE-ensurepip.patch for compatibility reasons, + reinstate bundled copies of pip and setuptools + (fixes bnc#885662) +- add more files as sources to silence the validator + +------------------------------------------------------------------- +Wed May 21 11:01:56 UTC 2014 - jmatejek@suse.com + +- update to 3.4.1 + * bugfix-only release, over 300 bugs fixed +- drop upstreamed python-3.4.0rc2-sqlite-3.8.4-tests.patch +- drop upstreamed CVE-2014-2667-mkdir.patch +- include Python release manager keyring and signature file + for the source archive (thus renumbering of source files) + (see https://www.python.org/download/#openpgp-public-keys ) +- move ensurepip to python3, because it transitively requires ssl + +------------------------------------------------------------------- +Fri Apr 4 16:21:40 UTC 2014 - jmatejek@suse.com + +- CVE-2014-2667-mkdir.patch: race condition with reseting umask + in os.makedirs + (CVE-2014-2667, bnc#871152) +- updated multilib patch to include ~/.local/lib64 (bnc#637176) + +------------------------------------------------------------------- +Wed Mar 26 15:24:46 UTC 2014 - jmatejek@suse.com + +- raise timeout value for test_subprocess to 10s (might fix + intermittent build failures in OBS) + +------------------------------------------------------------------- +Mon Mar 24 17:29:31 UTC 2014 - dmueller@suse.com + +- remove blacklisting of test_posix on aarch64: qemu bug is fixed + +------------------------------------------------------------------- +Mon Mar 17 18:26:58 UTC 2014 - jmatejek@suse.com + +- update to 3.4.0 final +- drop upstreamed python-3.4rc2-importlib.patch + +------------------------------------------------------------------- +Sun Mar 16 16:33:25 UTC 2014 - schwab@suse.de + +- Only build with profile-opt if profiling is enabled +- Update test exclusion lists: + * test_ctypes no longer fails on arm + * test_io no longer fails on ppc* + * test_multiprocessing has been split in multiple tests + * test_posix and test_signal fail due to qemu bugs + +------------------------------------------------------------------- +Fri Mar 14 20:26:03 UTC 2014 - andreas.stieger@gmx.de + +- Fix build with SQLite 3.8.4 [bnc#867887], fixing SQLite tests, + adding python-2.7.6-sqlite-3.8.4-tests.patch + +------------------------------------------------------------------- +Thu Feb 27 14:08:40 UTC 2014 - jmatejek@suse.com + +- update to 3.4.0 rc2 + * pre-release bugfixes + * improvements to asyncio library +- drop upstreamed tracemalloc_gcov.patch +- python-3.4rc2-importlib.patch fixes backwards-incompatibility + in the reworked importlib module that blocks build of vim + +------------------------------------------------------------------- +Fri Jan 17 18:45:27 UTC 2014 - jmatejek@suse.com + +- initial commit of 3.4.0 beta 3 + * new stdlib modules: pathlib, enum, statistics, tracemalloc + * asynchronous IO with new asyncio module + * introspection data for builtins + * subprocesses no longer inherit open file descriptors + * standardized metadata for packages + * internal hashing changed to SipHash + * new pickle protocol + * improved handling of codecs + * TLS 1.2 support + * major speed improvements for internal unicode handling + * many bugfixes and optimizations +- see porting guide at: + http://docs.python.org/3.4/whatsnew/3.4.html#porting-to-python-3-4 +- moved several modules to -testsuite subpackage +- updated list of binary extensions, refreshed patches +- tracemalloc_gcov.patch fixes profile-based optimization build +- updated packages and pre_checkin.sh to use ~-version notation + for prereleases +- fix-shebangs part of build process moved to common %prep +- drop python-3.3.2-no-REUSEPORT.patch (upstreamed) +- update baselibs for new soname + +- TODOs: + * require python-pip, make ensurepip work with zypper + +------------------------------------------------------------------- +Wed Dec 4 13:21:26 UTC 2013 - matz@suse.de + +- add ppc64le (ELFv2) support for libffi copy for ctypes module +- Adjust Python-3.3.0b2-multilib.patch for ppc64le (make sys.lib be + "lib64"). +- added patches: + * libffi-ppc64le.diff +------------------------------------------------------------------- +Tue Dec 3 09:51:43 UTC 2013 - adrian@suse.de + +- add ppc64le rules + +------------------------------------------------------------------- +Fri Nov 22 13:17:23 UTC 2013 - speilicke@suse.com + +- Add python-3.3.3-skip-distutils-test_sysconfig_module.patch: + + Disable global and distutils sysconfig comparison test, we deviate + from the default depending on optflags + +------------------------------------------------------------------- +Tue Nov 19 14:28:41 UTC 2013 - jmatejek@suse.com + +- update to 3.3.3 + * bugfix-only release + * many SSL-related fixes + * upstream fix for CVE-2013-4238 + * upstream fixes for CVE-2013-1752 +- move example module xxlimited to python3-testsuite +- drop CVE-2013-4238_py33.patch - it is upstreamed +- remove --with-wide-unicode config option, it is now the default + (and only) choice +- don't touch anything between make and makeinstall +- drop python-3.2b2-buildtime-generate.patch - the issue was caused + by touching things between make and makeinstall +- link pycache entries for import_failed hooks properly + +------------------------------------------------------------------- +Tue Oct 15 17:44:08 UTC 2013 - crrodriguez@opensuse.org + +- build with -DOPENSSL_LOAD_CONF for the same reasons + described in the python2 package. + +------------------------------------------------------------------- +Fri Aug 16 11:35:15 UTC 2013 - jmatejek@suse.com + +- handle NULL bytes in certain fields of SSL certificates + (CVE-2013-4238, bnc#834601) + +------------------------------------------------------------------- +Thu Aug 8 14:54:49 UTC 2013 - dvaleev@suse.com + +- Exclue test_faulthandler from tests on powerpc due to bnc#831629 + +------------------------------------------------------------------- +Thu Jun 13 15:05:34 UTC 2013 - jmatejek@suse.com + +- update to 3.3.2 + * bugfix-only release + * fixes several regressions introduced in 3.3.1 +- switch to xz compression +- move _lzma module to python3-base +- python-3.3.2-no-REUSEPORT.patch to fix build on kernels without SO_REUSEPORT + +------------------------------------------------------------------- +Mon Apr 29 22:32:43 UTC 2013 - schwab@suse.de + +- Readd missing bits from ctypes-libffi-aarch64.patch + +------------------------------------------------------------------- +Sat Apr 13 07:56:51 UTC 2013 - idonmez@suse.com + +- Update to version 3.3.1 + * Fix the –enable-profiling configure switch. + * In IDLE, close the replace dialog after it is used. +- Too many bugfixes to list here, + see See http://hg.python.org/cpython/file/v3.3.0/Misc/NEWS +- Refresh Python-3.3.0b2-multilib.patch +- Refresh python-3.2b2-buildtime-generate.patch +- Drop upstream patches: ctypes-libffi-aarch64.patch, + python-3.2.3rc2-pypirc-secure.patch, python-3.3.0-getdents64.patch + +------------------------------------------------------------------- +Mon Apr 8 11:25:30 UTC 2013 - speilicke@suse.com + +- Exclude sqlite/test and tk/test directories from the respective + sub-packages. These are owned by the testsuite sub-package already + +------------------------------------------------------------------- +Fri Apr 5 12:59:20 UTC 2013 - idonmez@suse.com + +- Add Source URL, see https://en.opensuse.org/title=SourceUrls + +------------------------------------------------------------------- +Wed Apr 3 15:36:04 UTC 2013 - jmatejek@suse.com + +- remove spurious modification of python-3.3.0b1-localpath.patch + that would force installation into /usr/local. + this fixes bnc#809831 + +------------------------------------------------------------------- +Thu Mar 28 18:38:51 UTC 2013 - jmatejek@suse.com + +- replace broken movetogetdents64.diff patch with a correct one + from upstream repo (python-3.3.0-getdents64.patch) + +------------------------------------------------------------------- +Fri Mar 1 07:42:21 UTC 2013 - dmueller@suse.com + +- add ctypes-libffi-aarch64.patch: + * import aarch64 support for libffi in _ctypes module +- add aarch64 to the list of lib64 based archs +- add movetogetdents64.diff: + * port to getdents64, as SYS_getdents is not implemented everywhere + +------------------------------------------------------------------- +Tue Feb 26 08:57:55 UTC 2013 - saschpe@suse.de + +- /etc/rpm/macros.python3 is no %config, it is not meant to be changed + by users. +- Add rpmlintrc with some obvious filters + +------------------------------------------------------------------- +Mon Jan 28 18:14:39 UTC 2013 - jmatejek@suse.com + +- update baselibs for new version of libpython3 + +------------------------------------------------------------------- +Thu Nov 29 17:02:37 UTC 2012 - jmatejek@suse.com + +- fix include path in macros (bnc#787526) +- implement failed import handlers for modules that live in + subpackages - e.g. "import ssl" will now throw a sensible error + message telling you to install "python3" + +------------------------------------------------------------------- +Wed Nov 28 17:02:07 UTC 2012 - jmatejek@suse.com + +- merge python3-xml into python3 +- merge python3-2to3 library into python3-base + and the 2to3 binary into python3-devel + (python3-devel is now in conflict with python-2to3, which + will be dropped) +- enable --with-system-expat for python3, making the xml modules + (and thus python3) depend on expat +- reconfigure tests to disable network and GUI resources, which + the upstream apparently thought is a good idea to enable by default. + this fixes build failures in Factory +- add lzma-devel to build the _lzma module +- moved %dynlib macro definition to common section + +------------------------------------------------------------------- +Mon Nov 5 20:01:46 UTC 2012 - coolo@suse.com + +- buildrequire timezone for the test suite + +------------------------------------------------------------------- +Mon Oct 29 18:21:45 UTC 2012 - dmueller@suse.com + +- disable more checks for qemu builds as they use syscalls not + implemented yet + +------------------------------------------------------------------- +Thu Oct 25 08:14:36 UTC 2012 - Rene.vanPaassen@gmail.com + +- exclude test_math for SLE 11; math library fails on negative + gamma function values close to integers and 0, probably + due to imprecision in -lm on SLE_11_SP2. + +------------------------------------------------------------------- +Tue Oct 16 12:15:34 UTC 2012 - coolo@suse.com + +- buildrequire libbz2-devel explicitly + +------------------------------------------------------------------- +Mon Oct 8 14:33:08 UTC 2012 - jmatejek@suse.com + +- remove distutils.cfg (bnc#658604) + * this changes default prefix for distutils to /usr + * see ML for details: +http://lists.opensuse.org/opensuse-packaging/2012-09/msg00254.html + +------------------------------------------------------------------- +Mon Oct 1 08:53:03 UTC 2012 - idonmez@suse.com + +- Update to final 3.3.0 release + * See http://hg.python.org/cpython/file/v3.3.0/Misc/NEWS + +------------------------------------------------------------------- +Thu Sep 27 12:35:01 UTC 2012 - idonmez@suse.com + +- Correct dependency for python3-testsuite, + python3-tkinter -> python3-tk + +------------------------------------------------------------------- +Thu Aug 23 13:08:11 UTC 2012 - jmatejek@suse.com + +- update to 3.3.0 RC1 + +------------------------------------------------------------------- +Fri Aug 3 12:09:34 UTC 2012 - jmatejek@suse.com + +- update to 3.3.0 beta 1 + * flexible string representation, no longer distinguishing + between wide and narrow Unicode builds + * importlib-based import system + * virtualenv support in core + * namespace packages + * explicit Unicode literals for easier porting + * key-sharing dict implementation reduces memory footprint + of OO code + * hash randomization on by default + * many other new bugfixes and features, check NEWS for details + +- pre_checkin.sh now autofills various version strings in specs +- ship hashlib's fallback modules - those uselessly take up space + when real _hashlib.so from python3 is present, but the space wasted + is only 114kB and it provides python3-base with a working hashlib + module. + (also, this fixes bnc#743787) + +------------------------------------------------------------------- +Fri Jul 27 09:02:41 UTC 2012 - dvaleev@suse.com + +- skip test_io on ppc +- drop test_io ppc patch + +------------------------------------------------------------------- +Thu Jun 28 07:57:58 UTC 2012 - saschpe@suse.de + +- Satisfy source_validator by uncommenting an otherwise unused "Patch" + line + +------------------------------------------------------------------- +Tue Jun 12 15:39:08 UTC 2012 - adrian@suse.de + +- fix logic of checks exclusion + +------------------------------------------------------------------- +Fri May 18 11:50:27 UTC 2012 - idonmez@suse.com + +- update to 3.2.3 + * No changes since rc2 + +------------------------------------------------------------------- +Thu Mar 29 15:44:33 UTC 2012 - jmatejek@suse.com + +- update to 3.2.3rc2 + * fixes several security issues: + * CVE-2012-0845, bnc#747125 + * CVE-2012-1150, bnc#751718 + * CVE-2011-4944, bnc#754447 + * CVE-2011-3389, bnc#754677 +- fix for insecure .pypirc (CVE-2011-4944, bnc#754447) +- disable test_gdb because it is broken by our gdb + +------------------------------------------------------------------- +Thu Feb 16 12:33:12 UTC 2012 - dvaleev@suse.com + +- skip broken test_io test on ppc + +------------------------------------------------------------------- +Wed Jan 18 15:49:47 UTC 2012 - jmatejek@suse.com + +- update to 3.2.2 + * bugfix-only release + * reports "linux2" as sys.platform regardless of Linux kernel +- added pre_checkin.sh to copy common spec sections to python3.spec +- added PACKAGING-NOTES with some helpful info for packagers + +------------------------------------------------------------------- +Sun Dec 25 13:25:01 UTC 2011 - idonmez@suse.com + +- Use system ffi, included one is broken see + http://bugs.python.org/issue11729 and + http://bugs.python.org/issue12081 + +------------------------------------------------------------------- +Fri Dec 9 17:19:55 UTC 2011 - jmatejek@suse.com + +- license.opensuse.org-compatible license headers + +------------------------------------------------------------------- +Fri Dec 2 16:46:44 UTC 2011 - coolo@suse.com + +- add automake as buildrequire to avoid implicit dependency + +------------------------------------------------------------------- +Thu Nov 24 12:42:25 UTC 2011 - agraf@suse.com + +- fix ARM build (exclude some test cases which break for us) + +------------------------------------------------------------------- +Tue Aug 16 17:02:22 UTC 2011 - termim@gmail.com + +- use sysconfig module to get py3_incdir, py3_abiflags, + py3_soflags, python3_sitelib and python3_sitearch + +------------------------------------------------------------------- +Mon Jul 18 16:22:31 UTC 2011 - jmatejek@novell.com + +- update to 3.2.1 + * bugfix-only release, no major changes +- fix build on linux3 platform +- remove upstreamed pybench patch +- install /usr/lib directories in all cases to prevent spurious + "directory not owned" in dependent packages + +------------------------------------------------------------------- +Wed Jun 15 14:16:38 UTC 2011 - jmatejek@novell.com + +- replaced dynamic so version with manual so version, because + autobuild does not support autogeneration + +------------------------------------------------------------------- +Tue May 24 13:39:06 UTC 2011 - jmatejek@novell.com + +- generate macros.python3 at compile-time with fixed values +- don't include bogus values in pyconfig.h, as they can break + third-party packages (bnc#673071) + +------------------------------------------------------------------- +Tue May 17 12:52:51 UTC 2011 - jmatejek@novell.com + +- added Obsoletes: python3 < 3.1 so that the transition from + non-split to split packages goes smoothly + +------------------------------------------------------------------- +Fri May 13 12:38:19 UTC 2011 - jmatejek@novell.com + +- fixed RPM macros to use python3 instead of python +- updated to build --with-wide-unicode (for compatibility with + fedora and our own python 2.x series) + +------------------------------------------------------------------- +Thu Apr 21 03:39:25 UTC 2011 - termim@gmail.com + +- fix python3-base build failure due to pybench.py crash by + python-3.2-pybench.patch +- move pyconfig.h from python3-devel to python3-base package to + make python3-base functional again + +------------------------------------------------------------------- +Wed Mar 23 04:26:28 UTC 2011 - termim@gmail.com + +- update to python 3.2 + * stable ABI, ABI-tagged .so files + * concurrent.futures and many other new or upgraded modules + * PYC repository directories ( __pycache__ ) + * python WSGI 1.0.1 + * Unicode 6.0.0 support + * a great number of bugfixes and assorted improvements + +------------------------------------------------------------------- +Tue Feb 8 19:42:17 CET 2011 - matejcik@suse.cz + +- update to python 3.2 RC2 +- renamed python3-demo to python3-tools, because the demo part + became much smaller than the tools part +- added rpm macros + +------------------------------------------------------------------- +Tue Jan 18 14:13:04 UTC 2011 - jmatejek@novell.com + +- update to python 3.2 beta 2, see NEWS for details +- split off -base package with less dependencies, and a shlib-policy + compliant libpython3 package +- mostly rewritten the spec file with more detailed comments +- cleaned up lists of patches + diff --git a/python311.spec b/python311.spec new file mode 100644 index 0000000..3896850 --- /dev/null +++ b/python311.spec @@ -0,0 +1,1060 @@ +# +# spec file for package python311 +# +# Copyright (c) 2025 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%global flavor @BUILD_FLAVOR@%{nil} +%if "%{flavor}" == "doc" +%define psuffix -documentation +%bcond_without doc +%bcond_with base +%bcond_with general +%endif +%if "%{flavor}" == "base" +%define psuffix -core +%bcond_with doc +%bcond_without base +%bcond_with general +%endif +%if "%{flavor}" == "" +%define psuffix %{nil} +%bcond_with doc +%bcond_with base +%bcond_without general +%endif + +%if 0%{?do_profiling} +%bcond_without profileopt +%else +%bcond_with profileopt +%endif + +# Only for Tumbleweed +# https://en.opensuse.org/openSUSE:Python:Externally_managed +%if 0%{?suse_version} > 1600 +%bcond_without externally_managed +%else +%bcond_with externally_managed +%endif + +%define python_pkg_name python311 +%if "%{python_pkg_name}" == "%{primary_python}" +%define primary_interpreter 1 +%else +%define primary_interpreter 0 +%endif + +# Setting up variables +%define _version %(c=%{version}; echo ${c/[a-z]*/}) +%define tar_suffix %(c=%{_version}; echo ${c#%{_version}}) +%define python_version %(echo %{_version}|cut -d. -f1-2) +# based on the current source tarball +%define python_version_abitag %(c=%{python_version}; echo ${c//./}) +# FIXME %%define python_version_soname %%(c=%%{python_version}; echo ${c//./_}) +%define python_version_soname 3_11 +%if 0%(test -n "%{tar_suffix}" && echo 1) +%define _version %(echo "%{_version}~%{tar_suffix}") +%define tarversion %{version} +%else +%define tarversion %{version} +%endif +# We don't process beta signs well +%define folderversion %{tarversion} +%define tarname Python-%{tarversion} +%define sitedir %{_libdir}/python%{python_version} +# three possible ABI kinds: m - pymalloc, d - debug build; see PEP 3149 +%define abi_kind %{nil} +# python ABI version - used in some file names +%define python_abi %{python_version}%{abi_kind} +# soname ABI tag defined in PEP 3149 +%define abi_tag %{python_version_abitag}%{abi_kind} +# version part of "libpython" package +%define so_major 1 +%define so_minor 0 +%define so_version %{python_version_soname}%{abi_kind}-%{so_major}_%{so_minor} +# rpm and python have different ideas about what is an arch-dependent name, so: +%if "%{__isa_name}" == "ppc" +%define archname %(echo %{_arch} | sed s/ppc/powerpc/) +%else +%define archname %{_arch} +%endif +# our arm has Hardware-Floatingpoint +%if "%{_arch}" == "arm" +%define armsuffix hf +%endif +# Decide whether we want to use mpdecimal +%if 0%{?suse_version} >= 1550 +%bcond_without mpdecimal +%else +%bcond_with mpdecimal +%endif +# pyexpat.cpython-35m-x86_64-linux-gnu +# pyexpat.cpython-35m-powerpc64le-linux-gnu +# pyexpat.cpython-35m-armv7-linux-gnueabihf +# _md5.cpython-38m-x86_64-linux-gnu.so +%define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so +%bcond_without profileopt +Name: %{python_pkg_name}%{psuffix} +Version: 3.11.11 +Release: 0 +Summary: Python 3 Interpreter +License: Python-2.0 +URL: https://www.python.org/ +Source0: https://www.python.org/ftp/python/%{folderversion}/%{tarname}.tar.xz +Source1: https://www.python.org/ftp/python/%{folderversion}/%{tarname}.tar.xz.sigstore +Source2: baselibs.conf +Source3: README.SUSE +Source4: externally_managed.in +Source7: macros.python3 +Source8: import_failed.py +Source9: import_failed.map +Source10: pre_checkin.sh +Source11: skipped_tests.py +Source19: idle3.desktop +Source20: idle3.appdata.xml +# content of bluez-devel: +# 1. sudo zypper --pkg-cache-dir /tmp install -f -d --no-recommends bluez-devel +# 2. rpm2cpio /tmp/*/*/bluez-devel-*.rpm|cpio -idu +# 3. mkdir Vendor && mv usr/include/* Vendor/ +# 4. tar cJf bluez-devel-vendor.tar.xz Vendor/ +Source21: bluez-devel-vendor.tar.xz +Source98: python311-rpmlintrc +# Tarball is signed by the GPG key of Pablo Galindo Salgado (0x64E628F8D684696D) +# https://keybase.io/pablogsal/pgp_keys.asc?fingerprint=a035c8c19219ba821ecea86b64e628f8d684696d +Source99: python.keyring +# The following files are not used in the build. +# They are listed here to work around missing functionality in rpmbuild, +# which would otherwise exclude them from distributed src.rpm files. +Source100: PACKAGING-NOTES +# PATCH-FEATURE-UPSTREAM F00251-change-user-install-location.patch bsc#[0-9]+ mcepl@suse.com +# Fix installation in /usr/local (boo#1071941), originally from Fedora +# https://src.fedoraproject.org/rpms/python3.12/blob/rawhide/f/00251-change-user-install-location.patch +# Set values of prefix and exec_prefix in distutils install command +# to /usr/local if executable is /usr/bin/python* and RPM build +# is not detected to make pip and distutils install into separate location +Patch02: F00251-change-user-install-location.patch +# PATCH-FEATURE-UPSTREAM distutils-reproducible-compile.patch gh#python/cpython#8057 mcepl@suse.com +# Improve reproduceability +Patch03: distutils-reproducible-compile.patch +# support finding packages in /usr/local, install to /usr/local by default +Patch04: python-3.3.0b1-localpath.patch +# replace DATE, TIME and COMPILER by fixed definitions to aid reproducible builds +Patch05: python-3.3.0b1-fix_date_time_compiler.patch +# POSIX_FADV_WILLNEED throws EINVAL. Use a different constant in test +Patch06: python-3.3.0b1-test-posix_fadvise.patch +# Raise timeout value for test_subprocess +Patch07: subprocess-raise-timeout.patch +# PATCH-FEATURE-UPSTREAM bpo-31046_ensurepip_honours_prefix.patch bpo#31046 mcepl@suse.com +# ensurepip should honour the value of $(prefix) +Patch08: bpo-31046_ensurepip_honours_prefix.patch +# PATCH-FIX-SLE no-skipif-doctests.patch jsc#SLE-13738 mcepl@suse.com +# SLE-15 version of Sphinx doesn't know about skipif directive in doctests. +Patch09: no-skipif-doctests.patch +# PATCH-FIX-SLE skip-test_pyobject_freed_is_freed.patch mcepl@suse.com +# skip a test failing on SLE-15 +Patch10: skip-test_pyobject_freed_is_freed.patch +# PATCH-FIX-SLE fix_configure_rst.patch bpo#43774 mcepl@suse.com +# remove duplicate link targets and make documentation with old Sphinx in SLE +Patch11: fix_configure_rst.patch +# PATCH-FIX-UPSTREAM skip_if_buildbot-extend.patch gh#python/cpython#103053 mcepl@suse.com +# Skip test_freeze_simple_script +Patch13: skip_if_buildbot-extend.patch +# PATCH-FIX-UPSTREAM bsc1221260-test_asyncio-ResourceWarning.patch bsc#1221260 mcepl@suse.com +# prevent ResourceWarning in test_asyncio tests +Patch15: bsc1221260-test_asyncio-ResourceWarning.patch +# PATCH-FIX-OPENSUSE CVE-2023-52425-libexpat-2.6.0-backport.patch +# This problem on libexpat is patched on SLE without version +# update, this patch changes the tests to match the libexpat provided +# by SUSE +Patch16: CVE-2023-52425-libexpat-2.6.0-backport.patch +Patch17: CVE-2023-52425-remove-reparse_deferral-tests.patch +# PATCH-FIX-UPSTREAM bso1227999-reproducible-builds.patch bsc#1227999 mcepl@suse.com +# reproducibility patches +Patch19: bso1227999-reproducible-builds.patch +# PATCH-FIX-UPSTREAM gh120226-fix-sendfile-test-kernel-610.patch gh#python/cpython#120226 mcepl@suse.com +# Fix test_sendfile_close_peer_in_the_middle_of_receiving on Linux >= 6.10 (GH-120227) +Patch22: gh120226-fix-sendfile-test-kernel-610.patch +# PATCH-FIX-UPSTREAM Add platform triplets for 64-bit LoongArch gh#python/cpython#30939 glaubitz@suse.com +Patch24: add-loongarch64-support.patch +BuildRequires: autoconf-archive +BuildRequires: automake +BuildRequires: fdupes +BuildRequires: gmp-devel +BuildRequires: lzma-devel +BuildRequires: netcfg +BuildRequires: openssl-devel +BuildRequires: pkgconfig +BuildRequires: xz +BuildRequires: pkgconfig(bzip2) +BuildRequires: pkgconfig(expat) +BuildRequires: pkgconfig(libffi) +BuildRequires: pkgconfig(uuid) +BuildRequires: pkgconfig(zlib) +#!BuildIgnore: gdk-pixbuf-loader-rsvg +%if 0%{?suse_version} >= 1550 +# The provider for python(abi) is in rpm-build-python +BuildRequires: rpm-build-python +%endif +%if 0%{?suse_version} >= 1500 && 0%{?suse_version} < 1599 +BuildRequires: pkgconfig(libnsl) +BuildRequires: pkgconfig(libtirpc) +%endif +%if %{with mpdecimal} +BuildRequires: mpdecimal-devel +%endif +%if %{with doc} +BuildRequires: python3-Sphinx >= 4.0.0 +%if 0%{?suse_version} >= 1500 +BuildRequires: python3-python-docs-theme >= 2022.1 +%endif +%endif +%if %{with general} +# required for idle3 (.desktop and .appdata.xml files) +BuildRequires: appstream-glib +BuildRequires: gcc-c++ +BuildRequires: gdbm-devel +BuildRequires: gettext +BuildRequires: readline-devel +BuildRequires: sqlite-devel +BuildRequires: timezone +BuildRequires: pkgconfig(ncurses) +BuildRequires: pkgconfig(tk) +BuildRequires: pkgconfig(x11) +Requires: %{python_pkg_name}-base = %{version} +Provides: %{python_pkg_name}-readline +Provides: %{python_pkg_name}-sqlite3 +Recommends: %{python_pkg_name}-curses +Recommends: %{python_pkg_name}-dbm +Recommends: %{python_pkg_name}-pip +%if %{primary_interpreter} +Provides: python3 = %{python_version} +Provides: python3-readline +Provides: python3-sqlite3 +%endif +%endif +%{?suse_build_hwcaps_libs} + +%description +Python 3 is modern interpreted, object-oriented programming language, +often compared to Tcl, Perl, Scheme, or Java. You can find an overview +of Python in the documentation and tutorials included in the python3-doc +package. + +This package supplies rich command line features provided by readline, +and sqlite3 support for the interpreter core, thus forming a so called +"extended" runtime. +Installing "python3" is sufficient for the vast majority of usecases. +In addition, recommended packages provide UI toolkit support (python3-curses, +python3-tk), legacy UNIX database bindings (python3-dbm), and the IDLE +development environment (python3-idle). + +%package -n %{python_pkg_name}-tk +Summary: TkInter, a Python Tk Interface +Requires: %{python_pkg_name} = %{version} +%if %{primary_interpreter} +Provides: python3-tk = %{version} +%endif + +%description -n %{python_pkg_name}-tk +Python interface to Tk. Tk is the GUI toolkit that comes with Tcl. + +%package -n %{python_pkg_name}-curses +Summary: Python Interface to the (N)Curses Library +Requires: %{python_pkg_name} = %{version} +%if %{primary_interpreter} +Provides: python3-curses +%endif + +%description -n %{python_pkg_name}-curses +An easy to use interface to the (n)curses CUI library. CUI stands for +Console User Interface. + +%package -n %{python_pkg_name}-dbm +Summary: Python Interface to the GDBM Library +Requires: %{python_pkg_name} = %{version} +%if %{primary_interpreter} +Provides: python3-dbm +%endif + +%description -n %{python_pkg_name}-dbm +An easy to use interface for Unix DBM databases, and more specifically, +the GNU implementation GDBM. + +%package -n %{python_pkg_name}-idle +Summary: An Integrated Development Environment for Python +Requires: %{python_pkg_name} = %{version} +Requires: %{python_pkg_name}-tk +%if %{primary_interpreter} +Provides: python3-idle = %{version} +%endif + +%description -n %{python_pkg_name}-idle +IDLE is a Tkinter based integrated development environment for Python. +It features a multi-window text editor with multiple undo, Python +colorizing, and many other things, as well as a Python shell window and +a debugger. + +%package -n %{python_pkg_name}-doc +Summary: Package Documentation for Python 3 +Enhances: %{python_pkg_name} = %{python_version} +%if %{primary_interpreter} +Provides: python3-doc = %{version} +%endif + +%description -n %{python_pkg_name}-doc +Tutorial, Global Module Index, Language Reference, Library Reference, +Extending and Embedding Reference, Python/C API Reference, Documenting +Python, and Macintosh Module Reference in HTML format. + +%package -n %{python_pkg_name}-doc-devhelp +Summary: Additional Package Documentation for Python 3 in devhelp format +%if %{primary_interpreter} +Provides: python3-doc-devhelp = %{version} +%endif + +%description -n %{python_pkg_name}-doc-devhelp +Tutorial, Global Module Index, Language Reference, Library Reference, +Extending and Embedding Reference, Python/C API Reference, Documenting +Python, and Macintosh Module Reference in format for devhelp. + +%package -n %{python_pkg_name}-base +Summary: Python 3 Interpreter and Stdlib Core +Requires: libpython%{so_version} = %{version} +Recommends: %{python_pkg_name} = %{version} +#Recommends: python3-ensurepip +# python 3.1 didn't have a separate python-base, so it is wrongly +# not a conflict to have python3-3.1 and python3-base > 3.1 +Obsoletes: python3 < 3.2 +# no Provides, because python3 is obviously provided by package python3 +# python 3.4 provides asyncio +Provides: %{python_pkg_name}-asyncio = %{version} +# python 3.6 provides typing +Provides: %{python_pkg_name}-typing = %{version} +# python3-xml was merged into python3, now moved into -base +Provides: %{python_pkg_name}-xml = %{version} +%if %{primary_interpreter} +Provides: python3-asyncio = %{version} +Obsoletes: python3-asyncio < %{version} +Provides: python3-base = %{version} +Obsoletes: python3-base < %{version} +Provides: python3-typing = %{version} +Obsoletes: python3-typing < %{version} +Provides: python3-xml = %{version} +Obsoletes: python3-xml < %{version} +%endif + +%description -n %{python_pkg_name}-base +Python is an interpreted, object-oriented programming language, and is +often compared to Tcl, Perl, Scheme, or Java. You can find an overview +of Python in the documentation and tutorials included in the python-doc +package. + +This package contains the interpreter core and most commonly used modules +from the standard library. This is sufficient for many usecases, but it +excludes components that depend on external libraries, most notably XML, +database and UI toolkits support. + +%package -n %{python_pkg_name}-tools +Summary: Python Utility and Demonstration Scripts +Requires: %{python_pkg_name}-base = %{version} +Provides: %{python_pkg_name}-2to3 = %{version} +Provides: %{python_pkg_name}-demo = %{version} +%if %{primary_interpreter} +Provides: python3-2to3 = %{version} +Provides: python3-demo = %{version} +Provides: python3-tools = %{version} +Obsoletes: python3-2to3 < %{version} +Obsoletes: python3-demo < %{version} +%endif + +%description -n %{python_pkg_name}-tools +A number of scripts that are useful for building, testing or extending Python, +and a set of demonstration programs. + +%package -n %{python_pkg_name}-devel +Summary: Include Files and Libraries Mandatory for Building Python Modules +Requires: %{python_pkg_name}-base = %{version} +%if %{primary_interpreter} +Provides: python3-devel = %{version} +%endif + +%description -n %{python_pkg_name}-devel +The Python programming language's interpreter can be extended with +dynamically loaded extensions and can be embedded in other programs. + +This package contains header files, a static library, and development +tools for building Python modules, extending the Python interpreter or +embedding Python in applications. + +This also includes the Python distutils, which were in the Python +package up to version 2.2.2. + +%package -n %{python_pkg_name}-testsuite +Summary: Unit tests for Python and its standard library +Requires: %{python_pkg_name} = %{version} +Requires: %{python_pkg_name}-tk = %{version} +%if %{primary_interpreter} +Provides: python3-testsuite = %{version} +%endif + +%description -n %{python_pkg_name}-testsuite +Unit tests that are useful for verifying integrity and functionality +of the installed Python interpreter and standard library. +They are a documented part of stdlib, as a module 'test'. + +%package -n libpython%{so_version} +Summary: Python Interpreter shared library +Requires: %{python_pkg_name}-base >= %{version} + +%description -n libpython%{so_version} +Python is an interpreted, object-oriented programming language, and is +often compared to Tcl, Perl, Scheme, or Java. You can find an overview +of Python in the documentation and tutorials included in the python-doc +(HTML) or python-doc-pdf (PDF) packages. + +This package contains libpython3.2 shared library for embedding in +other applications. + +%prep +%setup -q -n %{tarname} + +%patch -p1 -P 02 +%patch -p1 -P 03 +%patch -p1 -P 04 +%patch -p1 -P 05 +%patch -p1 -P 06 +%patch -p1 -P 07 +%patch -p1 -P 08 + +%if 0%{?suse_version} <= 1500 +%patch -P 09 -p1 +%endif + +%patch -p1 -P 10 +%patch -p1 -P 11 +%patch -p1 -P 13 +%patch -p1 -P 15 +%patch -p1 -P 16 +%patch -p1 -P 17 +%patch -p1 -P 19 +%patch -p1 -P 22 +%patch -p1 -P 24 + +# drop Autoconf version requirement +sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac + +%if %{primary_interpreter} +# fix shebangs - convert /usr/local/bin/python and /usr/bin/env/python to /usr/bin/python3 +for dir in Lib Tools; do + # find *.py, filter to files that contain bad shebangs + # break up "/""usr" like this to prevent replacing with %%{_prefix} + find $dir -name '*.py' -type f -print0 \ + | xargs -0 grep -lE '^#! *(/''usr/.*bin/(env +)?)?python' \ + | xargs sed -r -i -e '1s@^#![[:space:]]*(/''usr/(local/)?bin/(env +)?)?python([0-9]+(\.[0-9]+)?)?@#!%{_bindir}/python3@' +done +%else +# For non-primary Python, just don't bother (bsc#1193179) and remove all +# those shebangs +for dir in Lib Tools; do + find $dir -name '*.py' -type f -exec sed -i '1{/^#!.*python/ d}' '{}' \; +done +# We shortened the file Lib/pdb.py so we have to move the test breakpoint location +sed -i -e '/Breakpoint 3 at ...pdb.py:97/s/97/96/' Lib/test/test_pdb.py +%endif + +# drop in-tree libffi and expat +rm -r Modules/_ctypes/libffi* Modules/_ctypes/darwin +# Cannot remove it because of gh#python/cpython#92875 +# rm -r Modules/expat + +# drop duplicate README from site-packages +rm Lib/site-packages/README.txt + +# Add vendored bluez-devel files +tar xvf %{SOURCE21} + +# Don't fail on warnings when building documentation +sed -i -e '/^SPHINXERRORHANDLING/s/-W//' Doc/Makefile + +%build +%if %{with doc} +TODAY_DATE=`date -r %{SOURCE0} "+%%B %%d, %%Y"` +# TODO use not date of tarball but date of latest patch + +cd Doc +sed -i "s/^today = .*/today = '$TODAY_DATE'/" conf.py +%make_build -j1 html + +# Build also devhelp files +sphinx-build -a -b devhelp . build/devhelp +rm -rfv build/devhelp/.doctrees +%else +%define _lto_cflags %{nil} +# use rpm_opt_flags +export OPT="%{optflags} -DOPENSSL_LOAD_CONF -fwrapv $(pkg-config --cflags-only-I libffi) -fno-semantic-interposition" + +touch -r %{SOURCE0} Makefile.pre.in + +autoreconf -fvi + +%if 0%{?sles_version} +sed -e 's/-fprofile-correction//' -i Makefile.pre.in +%endif + +export CFLAGS="%{optflags} -IVendor/" + +%configure \ + --with-platlibdir=%{_lib} \ + --docdir=%{_docdir}/python \ + --enable-ipv6 \ + --enable-shared \ + --with-ensurepip=no \ + --with-system-ffi \ + --with-system-expat \ + --with-lto \ +%if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150400 + --with-ssl-default-suites=openssl \ +%endif +%if %{with profileopt} + --enable-optimizations \ +%endif +%if %{with mpdecimal} + --with-system-libmpdec \ +%endif + --enable-loadable-sqlite-extensions + +# prevent make from trying to rebuild PYTHON_FOR_GEN stuff +# %%make_build -t Python/Python-ast.c \ + # Include/Python-ast.h \ + # Objects/typeslots.inc \ + # Python/opcode_targets.h \ + # Include/opcode.h +%make_build + +%if %{with general} +%make_build +%endif +%if %{with base} +%if %{with profileopt} + target=profile-opt +%else + target=all +%endif +LD_LIBRARY_PATH=.:$LD_LIBRARY_PATH \ + %make_build $target +%endif +%endif + +%check +export SUSE_VERSION="0%{?suse_version}" +export SLE_VERSION="0%{?sle_version}" +%if %{with general} +# exclude test_gdb -- it doesn't run in buildservice anyway, and fails on missing debuginfos +# when you install gdb into your test env +EXCLUDE="test_gdb" +# we patch out the message to recommend zypper in and thus this would fail +EXCLUDE="$EXCLUDE test_pydoc" + +%ifarch %{arm} s390x +# test_multiprocessing_forkserver is racy +EXCLUDE="$EXCLUDE test_multiprocessing_forkserver" +%endif +%ifarch ppc ppc64 ppc64le +# exclue test_faulthandler due to bnc#831629 +EXCLUDE="$EXCLUDE test_faulthandler" +%endif +# some tests break in QEMU +%if 0%{?qemu_user_space_build} +EXCLUDE="$EXCLUDE test_faulthandler test_multiprocessing_forkserver test_multiprocessing_spawn test_os test_posix test_signal test_socket test_subprocess" +%endif + +# This test (part of test_uuid) requires real network interfaces +# so that ifconfig output has "HWaddr ". Some kvm instances +# done have any such interface breaking the uuid module. +EXCLUDE="$EXCLUDE test_uuid" + +# bsc#1195140 and bpo#37169 - test_capi is failing on openSUSE, and not sure why +EXCLUDE="$EXCLUDE test_capi" + +# Limit virtual memory to avoid spurious failures +if test $(ulimit -v) = unlimited || test $(ulimit -v) -gt 10000000; then + ulimit -v 11000000 || : +fi + +# test_freeze_simple_script in test.test_tools.test_freeze.TestFreeze +# uses CONFIG_ARGS to run ./configure. +export CONFIG_ARGS="--enable-ipv6 --enable-shared --with-ensurepip=no \ + --with-system-ffi --with-system-expat --with-lto --enable-optimizations \ + --with-system-libmpdec --enable-loadable-sqlite-extensions" + +export PYTHONPATH="$(pwd -P)/Lib" +# Use timeout, like make target buildbottest +# We cannot run tests parallel, because osc build environment doesn’t +# have /dev/shm +%make_build -j1 test TESTOPTS="-u curses -v -x $EXCLUDE --timeout=5400" +# use network, be verbose: +#make test TESTOPTS="-l -u network -v" +%endif + +%install +%if %{with doc} +export PDOCS=%{buildroot}%{_docdir}/python%{python_version} +mkdir -p $PDOCS +# generated docs +rm Doc/build/*/.buildinfo +cp -r Doc/build/html $PDOCS +# misc +install -d -m 755 $PDOCS/Misc +rm Misc/README.AIX +for i in Misc/* ; do + [ -f $i ] && install -c -m 644 $i $PDOCS/Misc/ +done +# devhelp +mkdir -p %{buildroot}%{_datadir}/gtk-doc/html +cp -r Doc/build/devhelp %{buildroot}%{_datadir}/gtk-doc/html/Python%{python_version} +rm -rf %{buildroot}%{_datadir}/gtk-doc/html/Python%{python_version}/.doctrees +%endif +%if %{with general} +%make_install + +# clean out stuff that is in python-base and subpackages + +find %{buildroot}%{_bindir} -mindepth 1 -not -name "*idle3*" -print -delete +rm %{buildroot}%{_libdir}/lib* +rm -r %{buildroot}%{_libdir}/pkgconfig +rm -r %{buildroot}%{_mandir}/* +rm -r %{buildroot}%{_includedir}/* + +rm -r %{buildroot}%{sitedir}/config* +find %{buildroot}%{sitedir} -name "*.egg-info" -delete +rm -r %{buildroot}%{sitedir}/__pycache__ +rm -r %{buildroot}%{sitedir}/site-packages +rm %{buildroot}%{sitedir}/*.* + +for module in \ + asyncio ctypes collections concurrent distutils email encodings \ + ensurepip html http re \ + importlib json logging multiprocessing pydoc_data unittest \ + urllib venv wsgiref lib2to3 test tomllib turtledemo \ + xml xmlrpc zoneinfo __phello__ +do + rm -r %{buildroot}%{sitedir}/$module +done + +for library in \ + array _asyncio audioop binascii _bisect _bz2 cmath _codecs_* \ + _contextvars _crypt _csv _ctypes _datetime _decimal fcntl grp \ + _hashlib _heapq _json _lsprof _lzma math mmap _multibytecodec \ + _multiprocessing _opcode ossaudiodev _pickle _posixshmem \ + _posixsubprocess _queue _random resource select _ssl _socket spwd \ + _statistics _struct syslog termios _testbuffer _testimportmultiple \ + _testmultiphase unicodedata zlib _ctypes_test _testinternalcapi _testcapi \ + _typing _testclinic xxlimited xxlimited_35 \ + _xxtestfuzz _xxsubinterpreters _elementtree pyexpat _md5 _sha1 \ + _sha256 _sha512 _blake2 _sha3 _uuid _zoneinfo +do + eval rm "%{buildroot}%{sitedir}/lib-dynload/$library.*" +done + +# Idle is not packaged in base due to the appstream-glib dependency +# move idle config into /etc +install -d -m 755 %{buildroot}%{_sysconfdir}/idle%{python_version} +( + cd %{buildroot}/%{sitedir}/idlelib/ + for file in *.def ; do + mv $file %{buildroot}%{_sysconfdir}/idle%{python_version}/ + ln -sf %{_sysconfdir}/idle%{python_version}/$file %{buildroot}/%{sitedir}/idlelib/ + done +) + +# keep just idle3.X +rm %{buildroot}%{_bindir}/idle3 + +# install idle icons +for size in 16 32 48 ; do + install -m 644 -D Lib/idlelib/Icons/idle_${size}.png \ + %{buildroot}%{_datadir}/icons/hicolor/${size}x${size}/apps/idle%{python_version}.png +done + +# install idle desktop file +cp %{SOURCE19} idle%{python_version}.desktop +sed -i -e 's:idle3:idle%{python_version}:g' idle%{python_version}.desktop +install -m 644 -D -t %{buildroot}%{_datadir}/applications idle%{python_version}.desktop + +cp %{SOURCE20} idle%{python_version}.appdata.xml +sed -i -e 's:idle3.desktop:idle%{python_version}.desktop:g' idle%{python_version}.appdata.xml +install -m 644 -D -t %{buildroot}%{_datadir}/metainfo idle%{python_version}.appdata.xml +appstream-util validate-relax --nonet %{buildroot}%{_datadir}/metainfo/idle%{python_version}.appdata.xml + +%fdupes %{buildroot}/%{_libdir}/python%{python_version} +%endif +%if %{with base} +%make_install + +# remove .a +find %{buildroot} -name "*.a" -delete + +# install "site-packages" and __pycache__ for third parties +install -d -m 755 %{buildroot}%{sitedir}/site-packages +install -d -m 755 %{buildroot}%{sitedir}/site-packages/__pycache__ +# and their 32bit counterparts explicitly +mkdir -p %{buildroot}%{_prefix}/lib/python%{python_version}/site-packages/__pycache__ + +# cleanup parts that don't belong +for dir in curses dbm sqlite3 tkinter idlelib; do + find "%{buildroot}/%{sitedir}/$dir"/* -maxdepth 0 -name "test" -o -exec rm -rf {} + +done +rm -fv %{buildroot}%{dynlib nis} + +# overwrite the copied binary with a link +ln -sf python%{python_version} %{buildroot}%{_bindir}/python3 + +# decide to ship python3 or just python3.X +%if !%{primary_interpreter} +# base +rm %{buildroot}%{_bindir}/python3 +rm %{buildroot}%{_bindir}/pydoc3 +rm %{buildroot}%{_mandir}/man1/python3.1 +# devel +rm %{buildroot}%{_bindir}/python3-config +rm %{buildroot}%{_libdir}/libpython3.so +rm %{buildroot}%{_libdir}/pkgconfig/{python3,python3-embed}.pc +%endif + +%if %{with externally_managed} +# PEP-0668 mark this as a distro maintained python +sed -e 's,__PYTHONPREFIX__,%{python_pkg_name},' -e 's,__PYTHON__,python%{python_version},' < %{SOURCE4} > %{buildroot}%{sitedir}/EXTERNALLY-MANAGED +%endif + +# link shared library instead of static library that tools expect +ln -s ../../libpython%{python_abi}.so %{buildroot}%{_libdir}/python%{python_version}/config-%{python_abi}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}/libpython%{python_abi}.so + +# delete idle3, which has to many packaging dependencies for base +rm %{buildroot}%{_bindir}/idle3* + +# delete the generic 2to3 binary if we are not primary +%if !%{primary_interpreter} +rm %{buildroot}%{_bindir}/2to3 +%endif + +# replace duplicate .pyo/.pyc with hardlinks +%fdupes %{buildroot}/%{sitedir} + +# documentation +export PDOCS=%{buildroot}%{_docdir}/%{name} +install -d -m 755 $PDOCS +install -c -m 644 %{SOURCE3} $PDOCS/ +install -c -m 644 README.rst $PDOCS/ + +# tools +for x in `find Tools/ \( -not -name Makefile \) -print | sort` ; do + test -d $x && ( install -c -m 755 -d $PDOCS/$x ) \ + || ( install -c -m 644 $x $PDOCS/$x ) +done +# gdb script is shipped with devel subpackage +rm -r $PDOCS/Tools/gdb +# clean up the bat files +find "$PDOCS" -name "*.bat" -delete + +# put gdb helper script into place +install -m 755 -D Tools/gdb/libpython.py %{buildroot}%{_datadir}/gdb/auto-load/%{_libdir}/libpython%{python_abi}.so.%{so_major}.%{so_minor}-gdb.py + +# install devel files to /config +#cp Makefile Makefile.pre.in Makefile.pre $RPM_BUILD_ROOT%%{sitedir}/config-%%{python_abi}/ + +# Remove -IVendor/ from python-config boo#1231795 +sed -i 's/-IVendor\///' %{buildroot}%{_bindir}/python%{python_abi}-config + +# RPM macros +%if %{primary_interpreter} +mkdir -p %{buildroot}%{_rpmconfigdir}/macros.d/ +install -m 644 %{SOURCE7} %{buildroot}%{_rpmconfigdir}/macros.d/ # macros.python3 +%endif + +# import_failed hooks +FAILDIR=%{buildroot}/%{sitedir}/_import_failed +mkdir $FAILDIR +install -m 644 %{SOURCE8} %{SOURCE9} $FAILDIR # import_failed.* +LD_LIBRARY_PATH=. ./python -c "from py_compile import compile; compile('$FAILDIR/import_failed.py', dfile='%{sitedir}/_import_failed/import_failed.py')" +LD_LIBRARY_PATH=. ./python -O -c "from py_compile import compile; compile('$FAILDIR/import_failed.py', dfile='%{sitedir}/_import_failed/import_failed.py')" +( + cd $FAILDIR + while read package modules; do + for module in $modules; do + ln import_failed.py $module.py + pushd __pycache__ + for i in import_failed*; do + ln $i "$module${i#import_failed}" + done + popd + done + done < %{SOURCE9} +) +echo %{sitedir}/_import_failed > %{buildroot}/%{sitedir}/site-packages/zzzz-import-failed-hooks.pth +%endif + +# For the purposes of reproducibility, it is necessary to eliminate any *.pyc files inside documentation dirs +if [ -d %{buildroot}%{_defaultdocdir} ] ; then +find %{buildroot}%{_defaultdocdir} -type f -name \*.pyc -ls -exec rm -vf '{}' \; +fi + +%if %{with general} +%files -n %{python_pkg_name}-tk +%{sitedir}/tkinter +%exclude %{sitedir}/tkinter/test +%{dynlib _tkinter} + +%files -n %{python_pkg_name}-curses +%{sitedir}/curses +%{dynlib _curses} +%{dynlib _curses_panel} + +%files -n %{python_pkg_name}-dbm +%{sitedir}/dbm +%{dynlib _dbm} +%{dynlib _gdbm} + +%files -n %{python_pkg_name} +%dir %{sitedir} +%dir %{sitedir}/lib-dynload +%{sitedir}/sqlite3 +%exclude %{sitedir}/sqlite3/test +%{dynlib readline} +%{dynlib _sqlite3} +%if 0%{?suse_version} < 1599 +%{dynlib nis} +%endif + +%files -n %{python_pkg_name}-idle +%{sitedir}/idlelib +%dir %{_sysconfdir}/idle%{python_version} +%config %{_sysconfdir}/idle%{python_version}/* +%doc Lib/idlelib/README.txt +%doc Lib/idlelib/TODO.txt +%doc Lib/idlelib/extend.txt +%doc Lib/idlelib/ChangeLog +%{_bindir}/idle%{python_version} +%{_datadir}/applications/idle%{python_version}.desktop +%{_datadir}/metainfo/idle%{python_version}.appdata.xml +%{_datadir}/icons/hicolor/*/apps/idle%{python_version}.png +%dir %{_datadir}/icons/hicolor +%dir %{_datadir}/icons/hicolor/16x16 +%dir %{_datadir}/icons/hicolor/32x32 +%dir %{_datadir}/icons/hicolor/48x48 +%dir %{_datadir}/icons/hicolor/*/apps +# endif for if general +%endif + +%if %{with doc} +%files -n %{python_pkg_name}-doc +%dir %{_docdir}/python%{python_version} +%doc %{_docdir}/python%{python_version}/Misc +%doc %{_docdir}/python%{python_version}/html + +%files -n %{python_pkg_name}-doc-devhelp +%dir %{_datadir}/gtk-doc +%dir %{_datadir}/gtk-doc/html +%doc %{_datadir}/gtk-doc/html/Python%{python_version} +%endif + +%if %{with base} +%post -n libpython%{so_version} -p /sbin/ldconfig +%postun -n libpython%{so_version} -p /sbin/ldconfig + +%files -n libpython%{so_version} +%{_libdir}/libpython%{python_abi}.so.%{so_major}.%{so_minor} + +%files -n %{python_pkg_name}-tools +%{sitedir}/turtledemo +%if %{primary_interpreter} +%{_bindir}/2to3 +%endif +%attr(755, root, root)%{_bindir}/2to3-%{python_version} +%doc %{_docdir}/%{name}/Tools + +%files -n %{python_pkg_name}-devel +%{_libdir}/libpython%{python_abi}.so +%if %{primary_interpreter} +%{_libdir}/libpython3.so +%endif +%{_libdir}/pkgconfig/* +%{_includedir}/python%{python_abi} +%{sitedir}/config-%{python_abi}-* +%{_bindir}/python%{python_abi}-config +%if %{primary_interpreter} +%{_bindir}/python3-config +%endif +# Own these directories to not depend on gdb +%dir %{_datadir}/gdb +%dir %{_datadir}/gdb/auto-load +%dir %{_datadir}/gdb/auto-load%{_prefix} +%dir %{_datadir}/gdb/auto-load%{_libdir} +%{_datadir}/gdb/auto-load/%{_libdir}/libpython%{python_abi}.so.%{so_major}.%{so_minor}-gdb.py + +%files -n %{python_pkg_name}-testsuite +%{sitedir}/test +%{sitedir}/*/test +%{sitedir}/*/tests +%{dynlib _ctypes_test} +%{dynlib _testbuffer} +%{dynlib _testcapi} +%{dynlib _testclinic} +%{dynlib _testinternalcapi} +%{dynlib _testimportmultiple} +%{dynlib _testmultiphase} +%{dynlib xxlimited} +# workaround for missing packages +%dir %{sitedir}/sqlite3 +%dir %{sitedir}/tkinter + +%files -n %{python_pkg_name}-base +# docs +%dir %{_docdir}/%{name} +%doc %{_docdir}/%{name}/README.rst +%license LICENSE +%doc %{_docdir}/%{name}/README.SUSE +%if %{primary_interpreter} +%{_mandir}/man1/python3.1%{?ext_man} +%endif +%{_mandir}/man1/python%{python_version}.1%{?ext_man} +%if %{with externally_managed} +# PEP-0668 +%{sitedir}/EXTERNALLY-MANAGED +%endif +# license text, not a doc because the code can use it at run-time +%{sitedir}/LICENSE.txt +# RPM macros +%if %{primary_interpreter} +%{_rpmconfigdir}/macros.d/macros.python3 +%endif +# binary parts +%dir %{sitedir}/lib-dynload +%{dynlib array} +%{dynlib _asyncio} +%{dynlib audioop} +%{dynlib binascii} +%{dynlib _bisect} +%{dynlib _bz2} +%{dynlib cmath} +%{dynlib _codecs_cn} +%{dynlib _codecs_hk} +%{dynlib _codecs_iso2022} +%{dynlib _codecs_jp} +%{dynlib _codecs_kr} +%{dynlib _codecs_tw} +%{dynlib _contextvars} +%{dynlib _crypt} +%{dynlib _csv} +%{dynlib _ctypes} +%{dynlib _datetime} +%{dynlib _decimal} +%{dynlib _elementtree} +%{dynlib fcntl} +%{dynlib grp} +%{dynlib _hashlib} +%{dynlib _heapq} +%{dynlib _json} +%{dynlib _lsprof} +%{dynlib _lzma} +%{dynlib math} +%{dynlib mmap} +%{dynlib _multibytecodec} +%{dynlib _multiprocessing} +%{dynlib _opcode} +%{dynlib ossaudiodev} +%{dynlib _pickle} +%{dynlib _posixshmem} +%{dynlib _posixsubprocess} +%{dynlib pyexpat} +%{dynlib _queue} +%{dynlib _random} +%{dynlib resource} +%{dynlib select} +%{dynlib _socket} +%{dynlib spwd} +%{dynlib _ssl} +%{dynlib _statistics} +%{dynlib _struct} +%{dynlib syslog} +%{dynlib termios} +%{dynlib _typing} +%{dynlib unicodedata} +%{dynlib _uuid} +%{dynlib _xxsubinterpreters} +%{dynlib _xxtestfuzz} +%{dynlib xxlimited_35} +%{dynlib zlib} +%{dynlib _zoneinfo} +# hashlib fallback modules +%{dynlib _blake2} +%{dynlib _md5} +%{dynlib _sha1} +%{dynlib _sha256} +%{dynlib _sha512} +%{dynlib _sha3} +# python parts +%dir %{_prefix}/lib/python%{python_version} +%dir %{_prefix}/lib/python%{python_version}/site-packages +%dir %{_prefix}/lib/python%{python_version}/site-packages/__pycache__ +%dir %{sitedir} +%dir %{sitedir}/site-packages +%dir %{sitedir}/site-packages/__pycache__ +%exclude %{sitedir}/*/test +%exclude %{sitedir}/*/tests +%{sitedir}/*.py +%{sitedir}/asyncio +%{sitedir}/ctypes +%{sitedir}/collections +%{sitedir}/concurrent +%{sitedir}/distutils +%{sitedir}/email +%{sitedir}/encodings +%{sitedir}/ensurepip +%{sitedir}/html +%{sitedir}/http +%{sitedir}/importlib +%{sitedir}/json +%{sitedir}/lib2to3 +%{sitedir}/logging +%{sitedir}/multiprocessing +%{sitedir}/pydoc_data +%{sitedir}/re +%{sitedir}/tomllib +%{sitedir}/unittest +%{sitedir}/urllib +%{sitedir}/venv +%{sitedir}/wsgiref +%{sitedir}/xml +%{sitedir}/xmlrpc +%{sitedir}/zoneinfo +%{sitedir}/__phello__ +%{sitedir}/__pycache__ +# import-failed hooks +%{sitedir}/_import_failed +%{sitedir}/site-packages/zzzz-import-failed-hooks.pth +# symlinks +%if %{primary_interpreter} +%{_bindir}/python3 +%{_bindir}/pydoc3 +%endif +# executables +%attr(755, root, root) %{_bindir}/pydoc%{python_version} +# %%attr(755, root, root) %%{_bindir}/python%%{python_abi} +%attr(755, root, root) %{_bindir}/python%{python_version} +# endif for if base +%endif + +%changelog diff --git a/skip-test_pyobject_freed_is_freed.patch b/skip-test_pyobject_freed_is_freed.patch new file mode 100644 index 0000000..6f48b09 --- /dev/null +++ b/skip-test_pyobject_freed_is_freed.patch @@ -0,0 +1,23 @@ +--- + Lib/test/test_capi/test_misc.py | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/Lib/test/test_capi/test_misc.py ++++ b/Lib/test/test_capi/test_misc.py +@@ -40,6 +40,8 @@ import _testinternalcapi + # Were we compiled --with-pydebug or with #define Py_DEBUG? + Py_DEBUG = hasattr(sys, 'gettotalrefcount') + ++# Which version of the SLE distro we build on? ++SLE_VERSION = int(os.environ.get('SLE_VERSION', '0'), 10) + + NULL = None + +@@ -1281,6 +1283,7 @@ class PyMemDebugTests(unittest.TestCase) + def test_pyobject_forbidden_bytes_is_freed(self): + self.check_pyobject_is_freed('check_pyobject_forbidden_bytes_is_freed') + ++ @unittest.skipIf(0 < SLE_VERSION < 150300, 'Failing on Leap 15.*') + def test_pyobject_freed_is_freed(self): + self.check_pyobject_is_freed('check_pyobject_freed_is_freed') + diff --git a/skip_if_buildbot-extend.patch b/skip_if_buildbot-extend.patch new file mode 100644 index 0000000..fd9a584 --- /dev/null +++ b/skip_if_buildbot-extend.patch @@ -0,0 +1,15 @@ +--- + Lib/test/support/__init__.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/Lib/test/support/__init__.py ++++ b/Lib/test/support/__init__.py +@@ -384,7 +384,7 @@ def skip_if_buildbot(reason=None): + if not reason: + reason = 'not suitable for buildbots' + try: +- isbuildbot = getpass.getuser().lower() == 'buildbot' ++ isbuildbot = getpass.getuser().lower() in ['buildbot', 'abuild'] + except (KeyError, EnvironmentError) as err: + warnings.warn(f'getpass.getuser() failed {err}.', RuntimeWarning) + isbuildbot = False diff --git a/skipped_tests.py b/skipped_tests.py new file mode 100644 index 0000000..47002e6 --- /dev/null +++ b/skipped_tests.py @@ -0,0 +1,69 @@ +#!/usr/bin/python3 +""" +Simple regexp-based skipped test checker. +It lists tests that are mentioned (presumably for exclusion) +in BASE, and in MAIN (presumably for inclusion) +and reports discrepancies. + +This will have a number of +""" + +MAIN = "python39.spec" + +import glob +import re +from os.path import basename + +alltests = set() +qemu_exclusions = set() + +for item in glob.glob("Python-*/Lib/test/test_*"): + testname = basename(item) + if testname.endswith(".py"): + testname = testname[:-3] + alltests.add(testname) + +testre = re.compile(r'[\s"](test_\w+)\b') + +def find_tests_in_spec(specname): + global qemu_exclusions + + found_tests = set() + with open(specname) as spec: + in_qemu = False + for line in spec: + line = line.strip() + if "#" in line: + line = line[:line.index("#")] + tests = set(testre.findall(line)) + found_tests |= tests + if line == "%if 0%{?qemu_user_space_build} > 0": + in_qemu = True + if in_qemu: + if line == "%endif": + in_qemu = False + qemu_exclusions |= tests + return found_tests + +excluded = find_tests_in_spec(MAIN) + +#print("--- excluded tests:", " ".join(sorted(excluded))) +#print("--- included tests:", " ".join(sorted(included))) + +mentioned = excluded +nonexistent = mentioned - alltests +missing = excluded - qemu_exclusions + +print("--- the following tests are excluded for QEMU and not tested in python") +print("--- (that probably means we don't need to worry about them)") +for test in sorted(qemu_exclusions - excluded): + print(test) + +print("--- the following tests might be excluded in python:") +for test in sorted(missing): + print(test) + +if nonexistent: + print("--- the following tests don't exist:") + for test in sorted(nonexistent): + print(test) diff --git a/subprocess-raise-timeout.patch b/subprocess-raise-timeout.patch new file mode 100644 index 0000000..ab29d50 --- /dev/null +++ b/subprocess-raise-timeout.patch @@ -0,0 +1,18 @@ +--- + Lib/test/test_subprocess.py | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +Index: Python-3.11.8/Lib/test/test_subprocess.py +=================================================================== +--- Python-3.11.8.orig/Lib/test/test_subprocess.py ++++ Python-3.11.8/Lib/test/test_subprocess.py +@@ -280,7 +280,8 @@ class ProcessTestCase(BaseTestCase): + "time.sleep(3600)"], + # Some heavily loaded buildbots (sparc Debian 3.x) require + # this much time to start and print. +- timeout=3) ++ # OBS might require even more ++ timeout=10) + self.fail("Expected TimeoutExpired.") + self.assertEqual(c.exception.output, b'BDFL') + -- 2.51.1 From 108a2a7e18ddb56bbb7e39d345300ce3fdeb69ed2a6326a67cb37d4aedb82146 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Tue, 4 Feb 2025 14:51:05 +0000 Subject: [PATCH 110/135] - Add CVE-2025-0938-sq-brackets-domain-names.patch which disallows square brackets ([ and ]) in domain names for parsed URLs (bsc#1236705, CVE-2025-0938, gh#python/cpython#105704) OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=158 --- .gitattributes | 23 + .gitignore | 1 + 129528.patch | 134 + CVE-2023-52425-libexpat-2.6.0-backport.patch | 223 + ...-52425-remove-reparse_deferral-tests.patch | 60 + CVE-2024-9287-venv_path_unquoted.patch | 299 + CVE-2025-0938-sq-brackets-domain-names.patch | 127 + F00251-change-user-install-location.patch | 215 + PACKAGING-NOTES | 26 + Python-3.11.10.tar.xz | 3 + Python-3.11.10.tar.xz.asc | 16 + Python-3.11.11.tar.xz | 3 + Python-3.11.11.tar.xz.sigstore | 1 + README.SUSE | 43 + _multibuild | 4 + add-loongarch64-support.patch | 25 + baselibs.conf | 3 + bluez-devel-vendor.tar.xz | 3 + bpo-31046_ensurepip_honours_prefix.patch | 173 + bsc1221260-test_asyncio-ResourceWarning.patch | 21 + bso1227999-reproducible-builds.patch | 37 + distutils-reproducible-compile.patch | 17 + externally_managed.in | 12 + fix_configure_rst.patch | 40 + gh120226-fix-sendfile-test-kernel-610.patch | 35 + idle3.appdata.xml | 35 + idle3.desktop | 12 + import_failed.map | 7 + import_failed.py | 23 + macros.python3 | 28 + no-skipif-doctests.patch | 653 ++ pre_checkin.sh | 78 + python-3.3.0b1-fix_date_time_compiler.patch | 27 + python-3.3.0b1-localpath.patch | 13 + python-3.3.0b1-test-posix_fadvise.patch | 17 + python.keyring | 109 + python311-rpmlintrc | 3 + python311.changes | 5510 +++++++++++++++++ python311.spec | 1064 ++++ skip-test_pyobject_freed_is_freed.patch | 23 + skip_if_buildbot-extend.patch | 15 + skipped_tests.py | 69 + subprocess-raise-timeout.patch | 18 + 43 files changed, 9248 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 129528.patch create mode 100644 CVE-2023-52425-libexpat-2.6.0-backport.patch create mode 100644 CVE-2023-52425-remove-reparse_deferral-tests.patch create mode 100644 CVE-2024-9287-venv_path_unquoted.patch create mode 100644 CVE-2025-0938-sq-brackets-domain-names.patch create mode 100644 F00251-change-user-install-location.patch create mode 100644 PACKAGING-NOTES create mode 100644 Python-3.11.10.tar.xz create mode 100644 Python-3.11.10.tar.xz.asc create mode 100644 Python-3.11.11.tar.xz create mode 100644 Python-3.11.11.tar.xz.sigstore create mode 100644 README.SUSE create mode 100644 _multibuild create mode 100644 add-loongarch64-support.patch create mode 100644 baselibs.conf create mode 100644 bluez-devel-vendor.tar.xz create mode 100644 bpo-31046_ensurepip_honours_prefix.patch create mode 100644 bsc1221260-test_asyncio-ResourceWarning.patch create mode 100644 bso1227999-reproducible-builds.patch create mode 100644 distutils-reproducible-compile.patch create mode 100644 externally_managed.in create mode 100644 fix_configure_rst.patch create mode 100644 gh120226-fix-sendfile-test-kernel-610.patch create mode 100644 idle3.appdata.xml create mode 100644 idle3.desktop create mode 100644 import_failed.map create mode 100644 import_failed.py create mode 100644 macros.python3 create mode 100644 no-skipif-doctests.patch create mode 100644 pre_checkin.sh create mode 100644 python-3.3.0b1-fix_date_time_compiler.patch create mode 100644 python-3.3.0b1-localpath.patch create mode 100644 python-3.3.0b1-test-posix_fadvise.patch create mode 100644 python.keyring create mode 100644 python311-rpmlintrc create mode 100644 python311.changes create mode 100644 python311.spec create mode 100644 skip-test_pyobject_freed_is_freed.patch create mode 100644 skip_if_buildbot-extend.patch create mode 100644 skipped_tests.py create mode 100644 subprocess-raise-timeout.patch diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/129528.patch b/129528.patch new file mode 100644 index 0000000..75d4a6c --- /dev/null +++ b/129528.patch @@ -0,0 +1,134 @@ +From d91e2c740890837edafaee24d68112b776cda9c5 Mon Sep 17 00:00:00 2001 +From: Seth Michael Larson +Date: Fri, 31 Jan 2025 11:41:34 -0600 +Subject: [PATCH] gh-105704: Disallow square brackets (`[` and `]`) in domain + names for parsed URLs (GH-129418) + +* gh-105704: Disallow square brackets ( and ) in domain names for parsed URLs + +* Use Sphinx references + +Co-authored-by: Peter Bierma + +* Add mismatched bracket test cases, fix news format + +* Add more test coverage for ports + +--------- + +(cherry picked from commit d89a5f6a6e65511a5f6e0618c4c30a7aa5aba56a) + +Co-authored-by: Seth Michael Larson +Co-authored-by: Peter Bierma +--- + Lib/test/test_urlparse.py | 37 ++++++++++++++++++- + Lib/urllib/parse.py | 20 +++++++++- + ...-01-28-14-08-03.gh-issue-105704.EnhHxu.rst | 4 ++ + 3 files changed, 58 insertions(+), 3 deletions(-) + create mode 100644 Misc/NEWS.d/next/Security/2025-01-28-14-08-03.gh-issue-105704.EnhHxu.rst + +diff --git a/Lib/test/test_urlparse.py b/Lib/test/test_urlparse.py +index 2376dad81b2fbc..a283063f24f16e 100644 +--- a/Lib/test/test_urlparse.py ++++ b/Lib/test/test_urlparse.py +@@ -1224,16 +1224,51 @@ def test_invalid_bracketed_hosts(self): + self.assertRaises(ValueError, urllib.parse.urlsplit, 'Scheme://user@[0439:23af::2309::fae7:1234]/Path?Query') + self.assertRaises(ValueError, urllib.parse.urlsplit, 'Scheme://user@[0439:23af:2309::fae7:1234:2342:438e:192.0.2.146]/Path?Query') + self.assertRaises(ValueError, urllib.parse.urlsplit, 'Scheme://user@]v6a.ip[/Path') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[v6a.ip]') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[v6a.ip].suffix') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[v6a.ip]/') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[v6a.ip].suffix/') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[v6a.ip]?') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[v6a.ip].suffix?') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]/') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix/') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]?') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix?') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]:a') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix:a') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]:a1') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix:a1') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]:1a') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix:1a') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]:') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix:/') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]:?') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://user@prefix.[v6a.ip]') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://user@[v6a.ip].suffix') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[v6a.ip') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://v6a.ip]') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://]v6a.ip[') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://]v6a.ip') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://v6a.ip[') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[v6a.ip') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://v6a.ip].suffix') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix]v6a.ip[suffix') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix]v6a.ip') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://v6a.ip[suffix') + + def test_splitting_bracketed_hosts(self): +- p1 = urllib.parse.urlsplit('scheme://user@[v6a.ip]/path?query') ++ p1 = urllib.parse.urlsplit('scheme://user@[v6a.ip]:1234/path?query') + self.assertEqual(p1.hostname, 'v6a.ip') + self.assertEqual(p1.username, 'user') + self.assertEqual(p1.path, '/path') ++ self.assertEqual(p1.port, 1234) + p2 = urllib.parse.urlsplit('scheme://user@[0439:23af:2309::fae7%test]/path?query') + self.assertEqual(p2.hostname, '0439:23af:2309::fae7%test') + self.assertEqual(p2.username, 'user') + self.assertEqual(p2.path, '/path') ++ self.assertIs(p2.port, None) + p3 = urllib.parse.urlsplit('scheme://user@[0439:23af:2309::fae7:1234:192.0.2.146%test]/path?query') + self.assertEqual(p3.hostname, '0439:23af:2309::fae7:1234:192.0.2.146%test') + self.assertEqual(p3.username, 'user') +diff --git a/Lib/urllib/parse.py b/Lib/urllib/parse.py +index abf1d1b546682a..724cce8d39785d 100644 +--- a/Lib/urllib/parse.py ++++ b/Lib/urllib/parse.py +@@ -436,6 +436,23 @@ def _checknetloc(netloc): + raise ValueError("netloc '" + netloc + "' contains invalid " + + "characters under NFKC normalization") + ++def _check_bracketed_netloc(netloc): ++ # Note that this function must mirror the splitting ++ # done in NetlocResultMixins._hostinfo(). ++ hostname_and_port = netloc.rpartition('@')[2] ++ before_bracket, have_open_br, bracketed = hostname_and_port.partition('[') ++ if have_open_br: ++ # No data is allowed before a bracket. ++ if before_bracket: ++ raise ValueError("Invalid IPv6 URL") ++ hostname, _, port = bracketed.partition(']') ++ # No data is allowed after the bracket but before the port delimiter. ++ if port and not port.startswith(":"): ++ raise ValueError("Invalid IPv6 URL") ++ else: ++ hostname, _, port = hostname_and_port.partition(':') ++ _check_bracketed_host(hostname) ++ + # Valid bracketed hosts are defined in + # https://www.rfc-editor.org/rfc/rfc3986#page-49 and https://url.spec.whatwg.org/ + def _check_bracketed_host(hostname): +@@ -496,8 +513,7 @@ def urlsplit(url, scheme='', allow_fragments=True): + (']' in netloc and '[' not in netloc)): + raise ValueError("Invalid IPv6 URL") + if '[' in netloc and ']' in netloc: +- bracketed_host = netloc.partition('[')[2].partition(']')[0] +- _check_bracketed_host(bracketed_host) ++ _check_bracketed_netloc(netloc) + if allow_fragments and '#' in url: + url, fragment = url.split('#', 1) + if '?' in url: +diff --git a/Misc/NEWS.d/next/Security/2025-01-28-14-08-03.gh-issue-105704.EnhHxu.rst b/Misc/NEWS.d/next/Security/2025-01-28-14-08-03.gh-issue-105704.EnhHxu.rst +new file mode 100644 +index 00000000000000..bff1bc6b0d609c +--- /dev/null ++++ b/Misc/NEWS.d/next/Security/2025-01-28-14-08-03.gh-issue-105704.EnhHxu.rst +@@ -0,0 +1,4 @@ ++When using :func:`urllib.parse.urlsplit` and :func:`urllib.parse.urlparse` host ++parsing would not reject domain names containing square brackets (``[`` and ++``]``). Square brackets are only valid for IPv6 and IPvFuture hosts according to ++`RFC 3986 Section 3.2.2 `__. diff --git a/CVE-2023-52425-libexpat-2.6.0-backport.patch b/CVE-2023-52425-libexpat-2.6.0-backport.patch new file mode 100644 index 0000000..c1c66b7 --- /dev/null +++ b/CVE-2023-52425-libexpat-2.6.0-backport.patch @@ -0,0 +1,223 @@ +--- + Lib/test/support/__init__.py | 16 ++++++++++++++-- + Lib/test/test_minidom.py | 23 +++++++++-------------- + Lib/test/test_pyexpat.py | 12 +++++------- + Lib/test/test_sax.py | 18 +++++++++--------- + Lib/test/test_xml_etree.py | 12 ------------ + 5 files changed, 37 insertions(+), 44 deletions(-) + +--- a/Lib/test/support/__init__.py ++++ b/Lib/test/support/__init__.py +@@ -8,6 +8,7 @@ import dataclasses + import functools + import os + import re ++import pyexpat + import stat + import sys + import sysconfig +@@ -56,7 +57,7 @@ __all__ = [ + "run_with_tz", "PGO", "missing_compiler_executable", + "ALWAYS_EQ", "NEVER_EQ", "LARGEST", "SMALLEST", + "LOOPBACK_TIMEOUT", "INTERNET_TIMEOUT", "SHORT_TIMEOUT", "LONG_TIMEOUT", +- "skip_on_s390x", ++ "skip_on_s390x", "fails_with_expat_2_6_0", "is_expat_2_6_0" + ] + + +@@ -2240,6 +2241,17 @@ def copy_python_src_ignore(path, names): + } + return ignored + +-#Windows doesn't have os.uname() but it doesn't support s390x. ++ ++# Windows doesn't have os.uname() but it doesn't support s390x. + skip_on_s390x = unittest.skipIf(hasattr(os, 'uname') and os.uname().machine == 's390x', + 'skipped on s390x') ++ ++ ++@functools.lru_cache ++def _is_expat_2_6_0(): ++ return hasattr(pyexpat.ParserCreate(), 'SetReparseDeferralEnabled') ++is_expat_2_6_0 = _is_expat_2_6_0() ++ ++fails_with_expat_2_6_0 = (unittest.expectedFailure ++ if is_expat_2_6_0 ++ else lambda test: test) +--- a/Lib/test/test_minidom.py ++++ b/Lib/test/test_minidom.py +@@ -6,7 +6,6 @@ import io + from test import support + import unittest + +-import pyexpat + import xml.dom.minidom + + from xml.dom.minidom import parse, Attr, Node, Document, parseString +@@ -1163,13 +1162,11 @@ class MinidomTest(unittest.TestCase): + + # Verify that character decoding errors raise exceptions instead + # of crashing +- if pyexpat.version_info >= (2, 4, 5): +- self.assertRaises(ExpatError, parseString, +- b'') +- self.assertRaises(ExpatError, parseString, +- b'Comment \xe7a va ? Tr\xe8s bien ?') +- else: +- self.assertRaises(UnicodeDecodeError, parseString, ++ # It doesn’t make any sense to insist on the exact text of the ++ # error message, or even the exact Exception … it is enough that ++ # the error has been discovered. ++ with self.assertRaises((UnicodeDecodeError, ExpatError)): ++ parseString( + b'Comment \xe7a va ? Tr\xe8s bien ?') + + doc.unlink() +@@ -1631,12 +1628,10 @@ class MinidomTest(unittest.TestCase): + self.confirm(doc2.namespaceURI == xml.dom.EMPTY_NAMESPACE) + + def testExceptionOnSpacesInXMLNSValue(self): +- if pyexpat.version_info >= (2, 4, 5): +- context = self.assertRaisesRegex(ExpatError, 'syntax error') +- else: +- context = self.assertRaisesRegex(ValueError, 'Unsupported syntax') +- +- with context: ++ # It doesn’t make any sense to insist on the exact text of the ++ # error message, or even the exact Exception … it is enough that ++ # the error has been discovered. ++ with self.assertRaises((ExpatError, ValueError)): + parseString('') + + def testDocRemoveChild(self): +--- a/Lib/test/test_pyexpat.py ++++ b/Lib/test/test_pyexpat.py +@@ -14,8 +14,7 @@ from test.support import os_helper + from xml.parsers import expat + from xml.parsers.expat import errors + +-from test.support import sortdict, is_emscripten, is_wasi +- ++from test.support import sortdict, is_emscripten, is_wasi, is_expat_2_6_0 + + class SetAttributeTest(unittest.TestCase): + def setUp(self): +@@ -770,9 +769,8 @@ class ReparseDeferralTest(unittest.TestC + self.assertIs(parser.GetReparseDeferralEnabled(), enabled) + + def test_reparse_deferral_enabled(self): +- if expat.version_info < (2, 6, 0): +- self.skipTest(f'Expat {expat.version_info} does not ' +- 'support reparse deferral') ++ if not is_expat_2_6_0: ++ self.skipTest("Linked libexpat doesn't support reparse deferral") + + started = [] + +@@ -801,9 +799,9 @@ class ReparseDeferralTest(unittest.TestC + + parser = expat.ParserCreate() + parser.StartElementHandler = start_element +- if expat.version_info >= (2, 6, 0): ++ if is_expat_2_6_0: + parser.SetReparseDeferralEnabled(False) +- self.assertFalse(parser.GetReparseDeferralEnabled()) ++ self.assertFalse(parser.GetReparseDeferralEnabled()) + + for chunk in (b''): + parser.Parse(chunk, False) +--- a/Lib/test/test_sax.py ++++ b/Lib/test/test_sax.py +@@ -19,13 +19,11 @@ from xml.sax.xmlreader import InputSourc + from io import BytesIO, StringIO + import codecs + import os.path +-import pyexpat + import shutil + import sys + from urllib.error import URLError + import urllib.request +-from test.support import os_helper +-from test.support import findfile ++from test.support import os_helper, findfile, is_expat_2_6_0 + from test.support.os_helper import FakePath, TESTFN + + +@@ -1215,10 +1213,10 @@ class ExpatReaderTest(XmlTestBase): + + self.assertEqual(result.getvalue(), start + b"text") + +- @unittest.skipIf(pyexpat.version_info < (2, 6, 0), +- f'Expat {pyexpat.version_info} does not ' +- 'support reparse deferral') + def test_flush_reparse_deferral_enabled(self): ++ if not is_expat_2_6_0: ++ self.skipTest("Linked libexpat doesn't support reparse deferral") ++ + result = BytesIO() + xmlgen = XMLGenerator(result) + parser = create_parser() +@@ -1241,6 +1239,9 @@ class ExpatReaderTest(XmlTestBase): + self.assertEqual(result.getvalue(), start + b"") + + def test_flush_reparse_deferral_disabled(self): ++ if not is_expat_2_6_0: ++ self.skipTest("Linked libexpat doesn't support reparse deferral") ++ + result = BytesIO() + xmlgen = XMLGenerator(result) + parser = create_parser() +@@ -1249,9 +1250,8 @@ class ExpatReaderTest(XmlTestBase): + for chunk in (""): + parser.feed(chunk) + +- if pyexpat.version_info >= (2, 6, 0): +- parser._parser.SetReparseDeferralEnabled(False) +- self.assertEqual(result.getvalue(), start) # i.e. no elements started ++ parser._parser.SetReparseDeferralEnabled(False) ++ self.assertEqual(result.getvalue(), start) # i.e. no elements started + + self.assertFalse(parser._parser.GetReparseDeferralEnabled()) + +--- a/Lib/test/test_xml_etree.py ++++ b/Lib/test/test_xml_etree.py +@@ -13,7 +13,6 @@ import itertools + import operator + import os + import pickle +-import pyexpat + import sys + import textwrap + import types +@@ -1424,12 +1423,6 @@ class XMLPullParserTest(unittest.TestCas + self.assert_event_tags(parser, [('end', 'root')]) + self.assertIsNone(parser.close()) + +- def test_simple_xml_chunk_1(self): +- self.test_simple_xml(chunk_size=1, flush=True) +- +- def test_simple_xml_chunk_5(self): +- self.test_simple_xml(chunk_size=5, flush=True) +- + def test_simple_xml_chunk_22(self): + self.test_simple_xml(chunk_size=22) + +@@ -1627,9 +1620,6 @@ class XMLPullParserTest(unittest.TestCas + with self.assertRaises(ValueError): + ET.XMLPullParser(events=('start', 'end', 'bogus')) + +- @unittest.skipIf(pyexpat.version_info < (2, 6, 0), +- f'Expat {pyexpat.version_info} does not ' +- 'support reparse deferral') + def test_flush_reparse_deferral_enabled(self): + parser = ET.XMLPullParser(events=('start', 'end')) + +@@ -1656,8 +1646,6 @@ class XMLPullParserTest(unittest.TestCas + + for chunk in (""): + parser.feed(chunk) +- +- if pyexpat.version_info >= (2, 6, 0): + if not ET is pyET: + self.skipTest(f'XMLParser.(Get|Set)ReparseDeferralEnabled ' + 'methods not available in C') diff --git a/CVE-2023-52425-remove-reparse_deferral-tests.patch b/CVE-2023-52425-remove-reparse_deferral-tests.patch new file mode 100644 index 0000000..553bdf8 --- /dev/null +++ b/CVE-2023-52425-remove-reparse_deferral-tests.patch @@ -0,0 +1,60 @@ +--- + Lib/test/test_pyexpat.py | 2 ++ + Lib/test/test_sax.py | 2 ++ + Lib/test/test_xml_etree.py | 2 ++ + 3 files changed, 6 insertions(+) + +--- a/Lib/test/test_pyexpat.py ++++ b/Lib/test/test_pyexpat.py +@@ -768,6 +768,7 @@ class ReparseDeferralTest(unittest.TestC + parser.SetReparseDeferralEnabled(True) + self.assertIs(parser.GetReparseDeferralEnabled(), enabled) + ++ @unittest.skip('Tests are failing.') + def test_reparse_deferral_enabled(self): + if not is_expat_2_6_0: + self.skipTest("Linked libexpat doesn't support reparse deferral") +@@ -791,6 +792,7 @@ class ReparseDeferralTest(unittest.TestC + + self.assertEqual(started, ['doc']) + ++ @unittest.skip('Tests are failing.') + def test_reparse_deferral_disabled(self): + started = [] + +--- a/Lib/test/test_sax.py ++++ b/Lib/test/test_sax.py +@@ -1213,6 +1213,7 @@ class ExpatReaderTest(XmlTestBase): + + self.assertEqual(result.getvalue(), start + b"text") + ++ @unittest.skip('Tests are failing.') + def test_flush_reparse_deferral_enabled(self): + if not is_expat_2_6_0: + self.skipTest("Linked libexpat doesn't support reparse deferral") +@@ -1238,6 +1239,7 @@ class ExpatReaderTest(XmlTestBase): + + self.assertEqual(result.getvalue(), start + b"") + ++ @unittest.skip('Tests are failing.') + def test_flush_reparse_deferral_disabled(self): + if not is_expat_2_6_0: + self.skipTest("Linked libexpat doesn't support reparse deferral") +--- a/Lib/test/test_xml_etree.py ++++ b/Lib/test/test_xml_etree.py +@@ -1620,6 +1620,7 @@ class XMLPullParserTest(unittest.TestCas + with self.assertRaises(ValueError): + ET.XMLPullParser(events=('start', 'end', 'bogus')) + ++ @unittest.skip('Tests are failing.') + def test_flush_reparse_deferral_enabled(self): + parser = ET.XMLPullParser(events=('start', 'end')) + +@@ -1641,6 +1642,7 @@ class XMLPullParserTest(unittest.TestCas + + self.assert_event_tags(parser, [('end', 'doc')]) + ++ @unittest.skip('Tests are failing.') + def test_flush_reparse_deferral_disabled(self): + parser = ET.XMLPullParser(events=('start', 'end')) + diff --git a/CVE-2024-9287-venv_path_unquoted.patch b/CVE-2024-9287-venv_path_unquoted.patch new file mode 100644 index 0000000..541a907 --- /dev/null +++ b/CVE-2024-9287-venv_path_unquoted.patch @@ -0,0 +1,299 @@ +From 1408cc9bf9e8b19968761548c30b78d37074c21c Mon Sep 17 00:00:00 2001 +From: Y5 <124019959+y5c4l3@users.noreply.github.com> +Date: Tue, 22 Oct 2024 04:48:04 +0800 +Subject: [PATCH] gh-124651: Quote template strings in `venv` activation + scripts (GH-124712) + +This patch properly quotes template strings in `venv` activation +scripts. This mitigates potential command injection. + +(cherry picked from commit d48cc82ed25e26b02eb97c6263d95dcaa1e9111b) +--- + Lib/test/test_venv.py | 81 ++++++++++ + Lib/venv/__init__.py | 42 ++++- + Lib/venv/scripts/common/activate | 8 + Lib/venv/scripts/nt/activate.bat | 6 + Lib/venv/scripts/posix/activate.csh | 8 + Lib/venv/scripts/posix/activate.fish | 8 + Misc/NEWS.d/next/Library/2024-09-28-02-03-04.gh-issue-124651.bLBGtH.rst | 1 + 7 files changed, 134 insertions(+), 20 deletions(-) + create mode 100644 Misc/NEWS.d/next/Library/2024-09-28-02-03-04.gh-issue-124651.bLBGtH.rst + +--- a/Lib/test/test_venv.py ++++ b/Lib/test/test_venv.py +@@ -11,6 +11,7 @@ import os + import os.path + import pathlib + import re ++import shlex + import shutil + import struct + import subprocess +@@ -96,6 +97,10 @@ class BaseTest(unittest.TestCase): + result = f.read() + return result + ++ def assertEndsWith(self, string, tail): ++ if not string.endswith(tail): ++ self.fail(f"String {string!r} does not end with {tail!r}") ++ + class BasicTest(BaseTest): + """Test venv module functionality.""" + +@@ -446,6 +451,82 @@ class BasicTest(BaseTest): + 'import sys; print(sys.executable)']) + self.assertEqual(out.strip(), envpy.encode()) + ++ # gh-124651: test quoted strings ++ @unittest.skipIf(os.name == 'nt', 'contains invalid characters on Windows') ++ def test_special_chars_bash(self): ++ """ ++ Test that the template strings are quoted properly (bash) ++ """ ++ rmtree(self.env_dir) ++ bash = shutil.which('bash') ++ if bash is None: ++ self.skipTest('bash required for this test') ++ env_name = '"\';&&$e|\'"' ++ env_dir = os.path.join(os.path.realpath(self.env_dir), env_name) ++ builder = venv.EnvBuilder(clear=True) ++ builder.create(env_dir) ++ activate = os.path.join(env_dir, self.bindir, 'activate') ++ test_script = os.path.join(self.env_dir, 'test_special_chars.sh') ++ with open(test_script, "w") as f: ++ f.write(f'source {shlex.quote(activate)}\n' ++ 'python -c \'import sys; print(sys.executable)\'\n' ++ 'python -c \'import os; print(os.environ["VIRTUAL_ENV"])\'\n' ++ 'deactivate\n') ++ out, err = check_output([bash, test_script]) ++ lines = out.splitlines() ++ self.assertTrue(env_name.encode() in lines[0]) ++ self.assertEndsWith(lines[1], env_name.encode()) ++ ++ # gh-124651: test quoted strings ++ @unittest.skipIf(os.name == 'nt', 'contains invalid characters on Windows') ++ def test_special_chars_csh(self): ++ """ ++ Test that the template strings are quoted properly (csh) ++ """ ++ rmtree(self.env_dir) ++ csh = shutil.which('tcsh') or shutil.which('csh') ++ if csh is None: ++ self.skipTest('csh required for this test') ++ env_name = '"\';&&$e|\'"' ++ env_dir = os.path.join(os.path.realpath(self.env_dir), env_name) ++ builder = venv.EnvBuilder(clear=True) ++ builder.create(env_dir) ++ activate = os.path.join(env_dir, self.bindir, 'activate.csh') ++ test_script = os.path.join(self.env_dir, 'test_special_chars.csh') ++ with open(test_script, "w") as f: ++ f.write(f'source {shlex.quote(activate)}\n' ++ 'python -c \'import sys; print(sys.executable)\'\n' ++ 'python -c \'import os; print(os.environ["VIRTUAL_ENV"])\'\n' ++ 'deactivate\n') ++ out, err = check_output([csh, test_script]) ++ lines = out.splitlines() ++ self.assertTrue(env_name.encode() in lines[0]) ++ self.assertEndsWith(lines[1], env_name.encode()) ++ ++ # gh-124651: test quoted strings on Windows ++ @unittest.skipUnless(os.name == 'nt', 'only relevant on Windows') ++ def test_special_chars_windows(self): ++ """ ++ Test that the template strings are quoted properly on Windows ++ """ ++ rmtree(self.env_dir) ++ env_name = "'&&^$e" ++ env_dir = os.path.join(os.path.realpath(self.env_dir), env_name) ++ builder = venv.EnvBuilder(clear=True) ++ builder.create(env_dir) ++ activate = os.path.join(env_dir, self.bindir, 'activate.bat') ++ test_batch = os.path.join(self.env_dir, 'test_special_chars.bat') ++ with open(test_batch, "w") as f: ++ f.write('@echo off\n' ++ f'"{activate}" & ' ++ f'{self.exe} -c "import sys; print(sys.executable)" & ' ++ f'{self.exe} -c "import os; print(os.environ[\'VIRTUAL_ENV\'])" & ' ++ 'deactivate') ++ out, err = check_output([test_batch]) ++ lines = out.splitlines() ++ self.assertTrue(env_name.encode() in lines[0]) ++ self.assertEndsWith(lines[1], env_name.encode()) ++ + @unittest.skipUnless(os.name == 'nt', 'only relevant on Windows') + def test_unicode_in_batch_file(self): + """ +--- a/Lib/venv/__init__.py ++++ b/Lib/venv/__init__.py +@@ -11,6 +11,7 @@ import subprocess + import sys + import sysconfig + import types ++import shlex + + + CORE_VENV_DEPS = ('pip', 'setuptools') +@@ -394,11 +395,41 @@ class EnvBuilder: + :param context: The information for the environment creation request + being processed. + """ +- text = text.replace('__VENV_DIR__', context.env_dir) +- text = text.replace('__VENV_NAME__', context.env_name) +- text = text.replace('__VENV_PROMPT__', context.prompt) +- text = text.replace('__VENV_BIN_NAME__', context.bin_name) +- text = text.replace('__VENV_PYTHON__', context.env_exe) ++ replacements = { ++ '__VENV_DIR__': context.env_dir, ++ '__VENV_NAME__': context.env_name, ++ '__VENV_PROMPT__': context.prompt, ++ '__VENV_BIN_NAME__': context.bin_name, ++ '__VENV_PYTHON__': context.env_exe, ++ } ++ ++ def quote_ps1(s): ++ """ ++ This should satisfy PowerShell quoting rules [1], unless the quoted ++ string is passed directly to Windows native commands [2]. ++ [1]: https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_quoting_rules ++ [2]: https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_parsing#passing-arguments-that-contain-quote-characters ++ """ ++ s = s.replace("'", "''") ++ return f"'{s}'" ++ ++ def quote_bat(s): ++ return s ++ ++ # gh-124651: need to quote the template strings properly ++ quote = shlex.quote ++ script_path = context.script_path ++ if script_path.endswith('.ps1'): ++ quote = quote_ps1 ++ elif script_path.endswith('.bat'): ++ quote = quote_bat ++ else: ++ # fallbacks to POSIX shell compliant quote ++ quote = shlex.quote ++ ++ replacements = {key: quote(s) for key, s in replacements.items()} ++ for key, quoted in replacements.items(): ++ text = text.replace(key, quoted) + return text + + def install_scripts(self, context, path): +@@ -438,6 +469,7 @@ class EnvBuilder: + with open(srcfile, 'rb') as f: + data = f.read() + if not srcfile.endswith(('.exe', '.pdb')): ++ context.script_path = srcfile + try: + data = data.decode('utf-8') + data = self.replace_variables(data, context) +--- a/Lib/venv/scripts/common/activate ++++ b/Lib/venv/scripts/common/activate +@@ -35,11 +35,11 @@ deactivate () { + # unset irrelevant variables + deactivate nondestructive + +-VIRTUAL_ENV="__VENV_DIR__" ++VIRTUAL_ENV=__VENV_DIR__ + export VIRTUAL_ENV + + _OLD_VIRTUAL_PATH="$PATH" +-PATH="$VIRTUAL_ENV/__VENV_BIN_NAME__:$PATH" ++PATH="$VIRTUAL_ENV/"__VENV_BIN_NAME__":$PATH" + export PATH + + # unset PYTHONHOME if set +@@ -52,9 +52,9 @@ fi + + if [ -z "${VIRTUAL_ENV_DISABLE_PROMPT:-}" ] ; then + _OLD_VIRTUAL_PS1="${PS1:-}" +- PS1="__VENV_PROMPT__${PS1:-}" ++ PS1=__VENV_PROMPT__"${PS1:-}" + export PS1 +- VIRTUAL_ENV_PROMPT="__VENV_PROMPT__" ++ VIRTUAL_ENV_PROMPT=__VENV_PROMPT__ + export VIRTUAL_ENV_PROMPT + fi + +--- a/Lib/venv/scripts/nt/activate.bat ++++ b/Lib/venv/scripts/nt/activate.bat +@@ -8,7 +8,7 @@ if defined _OLD_CODEPAGE ( + "%SystemRoot%\System32\chcp.com" 65001 > nul + ) + +-set VIRTUAL_ENV=__VENV_DIR__ ++set "VIRTUAL_ENV=__VENV_DIR__" + + if not defined PROMPT set PROMPT=$P$G + +@@ -24,8 +24,8 @@ set PYTHONHOME= + if defined _OLD_VIRTUAL_PATH set PATH=%_OLD_VIRTUAL_PATH% + if not defined _OLD_VIRTUAL_PATH set _OLD_VIRTUAL_PATH=%PATH% + +-set PATH=%VIRTUAL_ENV%\__VENV_BIN_NAME__;%PATH% +-set VIRTUAL_ENV_PROMPT=__VENV_PROMPT__ ++set "PATH=%VIRTUAL_ENV%\__VENV_BIN_NAME__;%PATH%" ++set "VIRTUAL_ENV_PROMPT=__VENV_PROMPT__" + + :END + if defined _OLD_CODEPAGE ( +--- a/Lib/venv/scripts/posix/activate.csh ++++ b/Lib/venv/scripts/posix/activate.csh +@@ -8,17 +8,17 @@ alias deactivate 'test $?_OLD_VIRTUAL_PA + # Unset irrelevant variables. + deactivate nondestructive + +-setenv VIRTUAL_ENV "__VENV_DIR__" ++setenv VIRTUAL_ENV __VENV_DIR__ + + set _OLD_VIRTUAL_PATH="$PATH" +-setenv PATH "$VIRTUAL_ENV/__VENV_BIN_NAME__:$PATH" ++setenv PATH "$VIRTUAL_ENV/"__VENV_BIN_NAME__":$PATH" + + + set _OLD_VIRTUAL_PROMPT="$prompt" + + if (! "$?VIRTUAL_ENV_DISABLE_PROMPT") then +- set prompt = "__VENV_PROMPT__$prompt" +- setenv VIRTUAL_ENV_PROMPT "__VENV_PROMPT__" ++ set prompt = __VENV_PROMPT__"$prompt" ++ setenv VIRTUAL_ENV_PROMPT __VENV_PROMPT__ + endif + + alias pydoc python -m pydoc +--- a/Lib/venv/scripts/posix/activate.fish ++++ b/Lib/venv/scripts/posix/activate.fish +@@ -33,10 +33,10 @@ end + # Unset irrelevant variables. + deactivate nondestructive + +-set -gx VIRTUAL_ENV "__VENV_DIR__" ++set -gx VIRTUAL_ENV __VENV_DIR__ + + set -gx _OLD_VIRTUAL_PATH $PATH +-set -gx PATH "$VIRTUAL_ENV/__VENV_BIN_NAME__" $PATH ++set -gx PATH "$VIRTUAL_ENV/"__VENV_BIN_NAME__ $PATH + + # Unset PYTHONHOME if set. + if set -q PYTHONHOME +@@ -56,7 +56,7 @@ if test -z "$VIRTUAL_ENV_DISABLE_PROMPT" + set -l old_status $status + + # Output the venv prompt; color taken from the blue of the Python logo. +- printf "%s%s%s" (set_color 4B8BBE) "__VENV_PROMPT__" (set_color normal) ++ printf "%s%s%s" (set_color 4B8BBE) __VENV_PROMPT__ (set_color normal) + + # Restore the return status of the previous command. + echo "exit $old_status" | . +@@ -65,5 +65,5 @@ if test -z "$VIRTUAL_ENV_DISABLE_PROMPT" + end + + set -gx _OLD_FISH_PROMPT_OVERRIDE "$VIRTUAL_ENV" +- set -gx VIRTUAL_ENV_PROMPT "__VENV_PROMPT__" ++ set -gx VIRTUAL_ENV_PROMPT __VENV_PROMPT__ + end +--- /dev/null ++++ b/Misc/NEWS.d/next/Library/2024-09-28-02-03-04.gh-issue-124651.bLBGtH.rst +@@ -0,0 +1 @@ ++Properly quote template strings in :mod:`venv` activation scripts. diff --git a/CVE-2025-0938-sq-brackets-domain-names.patch b/CVE-2025-0938-sq-brackets-domain-names.patch new file mode 100644 index 0000000..7db4656 --- /dev/null +++ b/CVE-2025-0938-sq-brackets-domain-names.patch @@ -0,0 +1,127 @@ +From d91e2c740890837edafaee24d68112b776cda9c5 Mon Sep 17 00:00:00 2001 +From: Seth Michael Larson +Date: Fri, 31 Jan 2025 11:41:34 -0600 +Subject: [PATCH] gh-105704: Disallow square brackets (`[` and `]`) in domain + names for parsed URLs (GH-129418) + +* gh-105704: Disallow square brackets ( and ) in domain names for parsed URLs + +* Use Sphinx references + +Co-authored-by: Peter Bierma + +* Add mismatched bracket test cases, fix news format + +* Add more test coverage for ports + +--------- + +(cherry picked from commit d89a5f6a6e65511a5f6e0618c4c30a7aa5aba56a) + +Co-authored-by: Seth Michael Larson +Co-authored-by: Peter Bierma +--- + Lib/test/test_urlparse.py | 37 +++++++++- + Lib/urllib/parse.py | 20 ++++- + Misc/NEWS.d/next/Security/2025-01-28-14-08-03.gh-issue-105704.EnhHxu.rst | 4 + + 3 files changed, 58 insertions(+), 3 deletions(-) + create mode 100644 Misc/NEWS.d/next/Security/2025-01-28-14-08-03.gh-issue-105704.EnhHxu.rst + +--- a/Lib/test/test_urlparse.py ++++ b/Lib/test/test_urlparse.py +@@ -1224,16 +1224,51 @@ class UrlParseTestCase(unittest.TestCase + self.assertRaises(ValueError, urllib.parse.urlsplit, 'Scheme://user@[0439:23af::2309::fae7:1234]/Path?Query') + self.assertRaises(ValueError, urllib.parse.urlsplit, 'Scheme://user@[0439:23af:2309::fae7:1234:2342:438e:192.0.2.146]/Path?Query') + self.assertRaises(ValueError, urllib.parse.urlsplit, 'Scheme://user@]v6a.ip[/Path') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[v6a.ip]') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[v6a.ip].suffix') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[v6a.ip]/') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[v6a.ip].suffix/') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[v6a.ip]?') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[v6a.ip].suffix?') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]/') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix/') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]?') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix?') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]:a') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix:a') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]:a1') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix:a1') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]:1a') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix:1a') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]:') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix:/') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]:?') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://user@prefix.[v6a.ip]') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://user@[v6a.ip].suffix') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[v6a.ip') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://v6a.ip]') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://]v6a.ip[') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://]v6a.ip') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://v6a.ip[') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[v6a.ip') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://v6a.ip].suffix') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix]v6a.ip[suffix') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix]v6a.ip') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://v6a.ip[suffix') + + def test_splitting_bracketed_hosts(self): +- p1 = urllib.parse.urlsplit('scheme://user@[v6a.ip]/path?query') ++ p1 = urllib.parse.urlsplit('scheme://user@[v6a.ip]:1234/path?query') + self.assertEqual(p1.hostname, 'v6a.ip') + self.assertEqual(p1.username, 'user') + self.assertEqual(p1.path, '/path') ++ self.assertEqual(p1.port, 1234) + p2 = urllib.parse.urlsplit('scheme://user@[0439:23af:2309::fae7%test]/path?query') + self.assertEqual(p2.hostname, '0439:23af:2309::fae7%test') + self.assertEqual(p2.username, 'user') + self.assertEqual(p2.path, '/path') ++ self.assertIs(p2.port, None) + p3 = urllib.parse.urlsplit('scheme://user@[0439:23af:2309::fae7:1234:192.0.2.146%test]/path?query') + self.assertEqual(p3.hostname, '0439:23af:2309::fae7:1234:192.0.2.146%test') + self.assertEqual(p3.username, 'user') +--- a/Lib/urllib/parse.py ++++ b/Lib/urllib/parse.py +@@ -436,6 +436,23 @@ def _checknetloc(netloc): + raise ValueError("netloc '" + netloc + "' contains invalid " + + "characters under NFKC normalization") + ++def _check_bracketed_netloc(netloc): ++ # Note that this function must mirror the splitting ++ # done in NetlocResultMixins._hostinfo(). ++ hostname_and_port = netloc.rpartition('@')[2] ++ before_bracket, have_open_br, bracketed = hostname_and_port.partition('[') ++ if have_open_br: ++ # No data is allowed before a bracket. ++ if before_bracket: ++ raise ValueError("Invalid IPv6 URL") ++ hostname, _, port = bracketed.partition(']') ++ # No data is allowed after the bracket but before the port delimiter. ++ if port and not port.startswith(":"): ++ raise ValueError("Invalid IPv6 URL") ++ else: ++ hostname, _, port = hostname_and_port.partition(':') ++ _check_bracketed_host(hostname) ++ + # Valid bracketed hosts are defined in + # https://www.rfc-editor.org/rfc/rfc3986#page-49 and https://url.spec.whatwg.org/ + def _check_bracketed_host(hostname): +@@ -496,8 +513,7 @@ def urlsplit(url, scheme='', allow_fragm + (']' in netloc and '[' not in netloc)): + raise ValueError("Invalid IPv6 URL") + if '[' in netloc and ']' in netloc: +- bracketed_host = netloc.partition('[')[2].partition(']')[0] +- _check_bracketed_host(bracketed_host) ++ _check_bracketed_netloc(netloc) + if allow_fragments and '#' in url: + url, fragment = url.split('#', 1) + if '?' in url: +--- /dev/null ++++ b/Misc/NEWS.d/next/Security/2025-01-28-14-08-03.gh-issue-105704.EnhHxu.rst +@@ -0,0 +1,4 @@ ++When using :func:`urllib.parse.urlsplit` and :func:`urllib.parse.urlparse` host ++parsing would not reject domain names containing square brackets (``[`` and ++``]``). Square brackets are only valid for IPv6 and IPvFuture hosts according to ++`RFC 3986 Section 3.2.2 `__. diff --git a/F00251-change-user-install-location.patch b/F00251-change-user-install-location.patch new file mode 100644 index 0000000..fa38a94 --- /dev/null +++ b/F00251-change-user-install-location.patch @@ -0,0 +1,215 @@ +From 910f38d9768d39d4d31426743ae4081ed1ab66b6 Mon Sep 17 00:00:00 2001 +From: Michal Cyprian +Date: Mon, 26 Jun 2017 16:32:56 +0200 +Subject: [PATCH] 00251: Change user install location + +Set values of prefix and exec_prefix in distutils install command +to /usr/local if executable is /usr/bin/python* and RPM build +is not detected to make pip and distutils install into separate location. + +Fedora Change: https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe +--- + Lib/distutils/command/install.py | 15 +++++++++++++-- + Lib/site.py | 9 ++++++++- + 2 files changed, 21 insertions(+), 3 deletions(-) + +Index: Python-3.11.8/Lib/distutils/command/install.py +=================================================================== +--- Python-3.11.8.orig/Lib/distutils/command/install.py ++++ Python-3.11.8/Lib/distutils/command/install.py +@@ -441,8 +441,19 @@ class install(Command): + raise DistutilsOptionError( + "must not supply exec-prefix without prefix") + +- self.prefix = os.path.normpath(sys.prefix) +- self.exec_prefix = os.path.normpath(sys.exec_prefix) ++ # self.prefix is set to sys.prefix + /local/ ++ # if neither RPM build nor virtual environment is ++ # detected to make pip and distutils install packages ++ # into the separate location. ++ if (not (hasattr(sys, 'real_prefix') or ++ sys.prefix != sys.base_prefix) and ++ 'RPM_BUILD_ROOT' not in os.environ): ++ addition = "/local" ++ else: ++ addition = "" ++ ++ self.prefix = os.path.normpath(sys.prefix) + addition ++ self.exec_prefix = os.path.normpath(sys.exec_prefix) + addition + + else: + if self.exec_prefix is None: +Index: Python-3.11.8/Lib/site.py +=================================================================== +--- Python-3.11.8.orig/Lib/site.py ++++ Python-3.11.8/Lib/site.py +@@ -387,8 +387,15 @@ def getsitepackages(prefixes=None): + return sitepackages + + def addsitepackages(known_paths, prefixes=None): +- """Add site-packages to sys.path""" ++ """Add site-packages to sys.path ++ ++ '/usr/local' is included in PREFIXES if RPM build is not detected ++ to make packages installed into this location visible. ++ ++ """ + _trace("Processing global site-packages") ++ if ENABLE_USER_SITE and 'RPM_BUILD_ROOT' not in os.environ: ++ PREFIXES.insert(0, "/usr/local") + for sitedir in getsitepackages(prefixes): + if os.path.isdir(sitedir): + addsitedir(sitedir, known_paths) + +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= +Date: Mon, 15 Feb 2021 12:19:27 +0100 +Subject: [PATCH] 00251: Change user install location +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Set values of base and platbase in sysconfig from /usr +to /usr/local when RPM build is not detected +to make pip and similar tools install into separate location. + +Fedora Change: https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe +Downstream only. + +We've tried to rework in Fedora 36/Python 3.10 to follow https://bugs.python.org/issue43976 +but we have identified serious problems with that approach, +see https://bugzilla.redhat.com/2026979 or https://bugzilla.redhat.com/2097183 + +pypa/distutils integration: https://github.com/pypa/distutils/pull/70 + +Co-authored-by: Petr Viktorin +Co-authored-by: Miro Hrončok +Co-authored-by: Michal Cyprian +Co-authored-by: Lumír Balhar +--- + Lib/site.py | 9 ++++++- + Lib/sysconfig.py | 49 +++++++++++++++++++++++++++++++++++++- + Lib/test/test_sysconfig.py | 17 +++++++++++-- + 3 files changed, 71 insertions(+), 4 deletions(-) + +Index: Python-3.11.9/Lib/sysconfig.py +=================================================================== +--- Python-3.11.9.orig/Lib/sysconfig.py ++++ Python-3.11.9/Lib/sysconfig.py +@@ -103,6 +103,11 @@ if os.name == 'nt': + else: + _INSTALL_SCHEMES['venv'] = _INSTALL_SCHEMES['posix_venv'] + ++# For a brief period of time in the Fedora 36 life cycle, ++# this installation scheme existed and was documented in the release notes. ++# For backwards compatibility, we keep it here (at least on 3.10 and 3.11). ++_INSTALL_SCHEMES['rpm_prefix'] = _INSTALL_SCHEMES['posix_prefix'] ++ + + # NOTE: site.py has copy of this function. + # Sync it when modify this function. +@@ -162,6 +167,19 @@ if _HAS_USER_BASE: + }, + } + ++# This is used by distutils.command.install in the stdlib ++# as well as pypa/distutils (e.g. bundled in setuptools). ++# The self.prefix value is set to sys.prefix + /local/ ++# if neither RPM build nor virtual environment is ++# detected to make distutils install packages ++# into the separate location. ++# https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe ++if (not (hasattr(sys, 'real_prefix') or ++ sys.prefix != sys.base_prefix) and ++ 'RPM_BUILD_ROOT' not in os.environ): ++ _prefix_addition = '/local' ++ ++ + _SCHEME_KEYS = ('stdlib', 'platstdlib', 'purelib', 'platlib', 'include', + 'scripts', 'data') + +@@ -258,11 +276,40 @@ def _extend_dict(target_dict, other_dict + target_dict[key] = value + + ++_CONFIG_VARS_LOCAL = None ++ ++ ++def _config_vars_local(): ++ # This function returns the config vars with prefixes amended to /usr/local ++ # https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe ++ global _CONFIG_VARS_LOCAL ++ if _CONFIG_VARS_LOCAL is None: ++ _CONFIG_VARS_LOCAL = dict(get_config_vars()) ++ _CONFIG_VARS_LOCAL['base'] = '/usr/local' ++ _CONFIG_VARS_LOCAL['platbase'] = '/usr/local' ++ return _CONFIG_VARS_LOCAL ++ ++ + def _expand_vars(scheme, vars): + res = {} + if vars is None: + vars = {} +- _extend_dict(vars, get_config_vars()) ++ ++ # when we are not in a virtual environment or an RPM build ++ # we change '/usr' to '/usr/local' ++ # to avoid surprises, we explicitly check for the /usr/ prefix ++ # Python virtual environments have different prefixes ++ # we only do this for posix_prefix, not to mangle the venv scheme ++ # posix_prefix is used by sudo pip install ++ # we only change the defaults here, so explicit --prefix will take precedence ++ # https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe ++ if (scheme == 'posix_prefix' and ++ _PREFIX == '/usr' and ++ 'RPM_BUILD_ROOT' not in os.environ): ++ _extend_dict(vars, _config_vars_local()) ++ else: ++ _extend_dict(vars, get_config_vars()) ++ + if os.name == 'nt': + # On Windows we want to substitute 'lib' for schemes rather + # than the native value (without modifying vars, in case it +Index: Python-3.11.9/Lib/test/test_sysconfig.py +=================================================================== +--- Python-3.11.9.orig/Lib/test/test_sysconfig.py ++++ Python-3.11.9/Lib/test/test_sysconfig.py +@@ -111,8 +111,19 @@ class TestSysConfig(unittest.TestCase): + for scheme in _INSTALL_SCHEMES: + for name in _INSTALL_SCHEMES[scheme]: + expected = _INSTALL_SCHEMES[scheme][name].format(**config_vars) ++ tested = get_path(name, scheme) ++ # https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe ++ if tested.startswith('/usr/local'): ++ # /usr/local should only be used in posix_prefix ++ self.assertEqual(scheme, 'posix_prefix') ++ # Fedora CI runs tests for venv and virtualenv that check for other prefixes ++ self.assertEqual(sys.prefix, '/usr') ++ # When building the RPM of Python, %check runs this with RPM_BUILD_ROOT set ++ # Fedora CI runs this with RPM_BUILD_ROOT unset ++ self.assertNotIn('RPM_BUILD_ROOT', os.environ) ++ tested = tested.replace('/usr/local', '/usr') + self.assertEqual( +- os.path.normpath(get_path(name, scheme)), ++ os.path.normpath(tested), + os.path.normpath(expected), + ) + +@@ -345,7 +356,7 @@ class TestSysConfig(unittest.TestCase): + self.assertTrue(os.path.isfile(config_h), config_h) + + def test_get_scheme_names(self): +- wanted = ['nt', 'posix_home', 'posix_prefix', 'posix_venv', 'nt_venv', 'venv'] ++ wanted = ['nt', 'posix_home', 'posix_prefix', 'posix_venv', 'nt_venv', 'venv', 'rpm_prefix'] + if HAS_USER_BASE: + wanted.extend(['nt_user', 'osx_framework_user', 'posix_user']) + self.assertEqual(get_scheme_names(), tuple(sorted(wanted))) +@@ -357,6 +368,8 @@ class TestSysConfig(unittest.TestCase): + cmd = "-c", "import sysconfig; print(sysconfig.get_platform())" + self.assertEqual(py.call_real(*cmd), py.call_link(*cmd)) + ++ @unittest.skipIf('RPM_BUILD_ROOT' not in os.environ, ++ "Test doesn't expect Fedora's paths") + def test_user_similar(self): + # Issue #8759: make sure the posix scheme for the users + # is similar to the global posix_prefix one diff --git a/PACKAGING-NOTES b/PACKAGING-NOTES new file mode 100644 index 0000000..e28c88c --- /dev/null +++ b/PACKAGING-NOTES @@ -0,0 +1,26 @@ +Notes for packagers of Python3 +============================== + +0. Faster build turnaround +-------------------------- + +By default, python builds with profile-guided optimization. This needs +an additional run of the test suite and it is generally slow. +PGO build takes around 50 minutes. + +For development, use "--without profileopt" option to disable PGO. This +shortens the build time to ~5 minutes including test suite. + +1. import_failed.map +---------------------- + +This is a mechanism installed as part of python3-base, that places shim modules +on python's path (through a generated zzzz-import-failed-hooks.pth file, so that +it is imported as much at the end as makes sense; and an _import_failed subdir +of /usr/lib/pythonX.Y). Then when the user tries to import a module that is part +of a subpackage, the ImportError will contain a helpful message telling them +which missing subpackage to install. + +This can sometimes cause problems on non-standard configurations, if the pth +gets included too early (for instance if you are using a script to include all +pths by hand in some strange order). Just something to look out for. diff --git a/Python-3.11.10.tar.xz b/Python-3.11.10.tar.xz new file mode 100644 index 0000000..f87e7ad --- /dev/null +++ b/Python-3.11.10.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:07a4356e912900e61a15cb0949a06c4a05012e213ecd6b4e84d0f67aabbee372 +size 20067656 diff --git a/Python-3.11.10.tar.xz.asc b/Python-3.11.10.tar.xz.asc new file mode 100644 index 0000000..243d1b1 --- /dev/null +++ b/Python-3.11.10.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEz9yiRbEEPPKl+Xhl/+h0BBaL2EcFAmbbrO0ACgkQ/+h0BBaL +2Ec+YBAAnQJLKYPjj7Yr7xkFU655Sv86JxeRAdWjnIapbiIuWg3Up8Pd8FTRgHGf +3XdTHw7b03lSjtzJwavzdnDklqAlBIGn9dVieljUIN7NYyNxoYOr/AiatimgSwv7 +dI5mfun5fLKV6ZcdNdQN5PJ3RZtF3I7VfkN2mlfZJHtxl1agdU/TfW2L+qJ7+JPY +cayjq2xKTLRNXOf2iV29GRRovLiqA+Dx0+cAwsScwreHMp3U4k3GkeHVoR6fldV4 +bVAM8GRl3CYVFePiqAbamKP1BSys44JOINWbWyd94JxzEAwXWz//Es0h73AzeRfK +ueORqzdoOGrVc74+HGlAHhqO1Gg7jMMmtkzCEuav+cGHYnMRMOngGR3q47aTJTVb +5UdP0oD4OlADPFVa6q0LCqN/IFlebWMh9pXYw7Wpek63oNuZHTfNPq4S1AUM2HJm +C3yzaOG9VAdYfLneJC4ldY4CVt1FKckfaXp5OAaMr71DI74e4CcEswlUupZJLZKV +TJRjQD15bnXGhHDqU4w3RmzpCWMh2mf4m4VMYQyObl3TtlX+gVvzIhDS5+mXqutB +F1pdXwaHHkTb2PLLxpwOGrnsp8XoW74tsylcYirQg8jSFMbgxfwgIjEIuRGXeDkT +B4QzmQ4SxsbLiH7etV6Fznl1h569Z4DO9OOs4i0ZzIjdhPDQtAs= +=TatG +-----END PGP SIGNATURE----- diff --git a/Python-3.11.11.tar.xz b/Python-3.11.11.tar.xz new file mode 100644 index 0000000..e0581b1 --- /dev/null +++ b/Python-3.11.11.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:2a9920c7a0cd236de33644ed980a13cbbc21058bfdc528febb6081575ed73be3 +size 20085792 diff --git a/Python-3.11.11.tar.xz.sigstore b/Python-3.11.11.tar.xz.sigstore new file mode 100644 index 0000000..782816a --- /dev/null +++ b/Python-3.11.11.tar.xz.sigstore @@ -0,0 +1 @@ +{"mediaType": "application/vnd.dev.sigstore.bundle.v0.3+json", "verificationMaterial": {"certificate": {"rawBytes": "MIICzDCCAlOgAwIBAgIUWcRolJPsPmtJKA6VkjHSj7PtjY8wCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjQxMjAzMTgxOTA1WhcNMjQxMjAzMTgyOTA1WjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEN+fBJCRZIAZiWPBdjyQVD+x5vgmjuuVct1HkPHIBMuEe7wI4mBG2BhJ3fHkpr97efIH6ELMmPV99edyAIZFXR6OCAXIwggFuMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUkutZdHfCCSvGI87mjnBRwZB8ihYwHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4YZD8wIgYDVR0RAQH/BBgwFoEUcGFibG9nc2FsQHB5dGhvbi5vcmcwKQYKKwYBBAGDvzABAQQbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMCsGCisGAQQBg78wAQgEHQwbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMIGKBgorBgEEAdZ5AgQCBHwEegB4AHYA3T0wasbHETJjGR4cmWc3AqJKXrjePK3/h4pygC8p7o4AAAGTjb9QlwAABAMARzBFAiEA4ddSINhYM+p0+DGzRqnA8rVtJF9YgI+9znXiq9fqQNkCIEErcSnQmN8jjErhwWWtcTM5GgH4ka/uk5kdHTycwxj3MAoGCCqGSM49BAMDA2cAMGQCMFmkCEH2pCBpFeFiUi2uA4opcJP6vh/zqb+D0tbxqd+jwbBkuDxDqA9/Ao3UWop+twIwO9o71KAlYWPSPYMeZERM4R8zWlp9mVJPiK3tgOJJi40MNmxwtfsQeQtncqiQLBAH"}, "tlogEntries": [{"logIndex": "153122039", "logId": {"keyId": "wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="}, "kindVersion": {"kind": "hashedrekord", "version": "0.0.1"}, "integratedTime": "1733249946", "inclusionPromise": {"signedEntryTimestamp": "MEUCIBL9zpVJtljIuZtAe8uptLfDmakmbAjy5ELp2q8WJTQ7AiEAv6lIpyJZycHwTS+JHYJFzMVv0SmA8yQ0eMneBivMhPY="}, "inclusionProof": {"logIndex": "31217777", "rootHash": "BMKHBPePzSbNqf2NyF/Ejuyy3troRGpNS41Dqe43nZ0=", "treeSize": "31217778", "hashes": ["lrr8dxmtgD09fnZTo1tMTY00HNKc2ZIpbZa1djDeTes=", "yFxGSg1RDbtZ/eNftnMdBJGNEZmmLyx2ZRDFtAIMHAk=", "GeqsQGnvgc+gcuaIC+vQ5b0RdTyBxBnYTpbeW2AeD+Q=", "dMTPeN/a9xCQQP+Hz7sddW0pPj8n54sfkhcf3XhjrMM=", "XjayhjKU3shP7q7lhmhKDv3Vpi4gJgAPCu0KlEzc9Qo=", "go1dmexQYS5etu69upRRX7IFvuA0rIcT9aYjMstmPIU=", "AYwr74Bm2w383UnS7DdbZUUAhusq28JoxKpWrQ7OvGQ=", "u+yWmGIR6sAH32wiSy22mz1Yf+jfPdBTjFbyRISuTZw=", "3eFC7Gp4fWecybDOAw9uUTrM1xB7YRYRAGsfYkiQbV8=", "1uKk2qjOliHMiTk906jrchP8mXWsRG8apaU1sa0lfh0=", "oOecFfN3YqDOkbijS/ej1WF5Da/Gt/AZNhbwE9uoOE8=", "4lUF0YOu9XkIDXKXA0wMSzd6VeDY3TZAgmoOeWmS2+Y=", "gf+9m552B3PnkWnO0o4KdVvjcT3WVHLrCbf1DoVYKFw="], "checkpoint": {"envelope": "rekor.sigstore.dev - 1193050959916656506\n31217778\nBMKHBPePzSbNqf2NyF/Ejuyy3troRGpNS41Dqe43nZ0=\n\n\u2014 rekor.sigstore.dev wNI9ajBEAiA7ed0HqugBwVpmxDAR1VN35J91/+DeRdj09y5lFY+bRwIgYe07JnZlJvp3MfAMXX3i4XBsZoDRZoXtwfBaRj/8x8s=\n"}}, "canonicalizedBody": "eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiaGFzaGVkcmVrb3JkIiwic3BlYyI6eyJkYXRhIjp7Imhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiIyYTk5MjBjN2EwY2QyMzZkZTMzNjQ0ZWQ5ODBhMTNjYmJjMjEwNThiZmRjNTI4ZmViYjYwODE1NzVlZDczYmUzIn19LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FVUNJRU5KSGllaWs5WkVibW83a0p4ZUhWY2FvVDVYOUxyWG1zRTVxc1I5R1JpSEFpRUFtcHZyV21vUHF5YzRpQ09VYXVmY3dKTllMK1lPTWU0b0NOaWRLVGduT1FBPSIsInB1YmxpY0tleSI6eyJjb250ZW50IjoiTFMwdExTMUNSVWRKVGlCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2sxSlNVTjZSRU5EUVd4UFowRjNTVUpCWjBsVlYyTlNiMnhLVUhOUWJYUktTMEUyVm10cVNGTnFOMUIwYWxrNGQwTm5XVWxMYjFwSmVtb3dSVUYzVFhjS1RucEZWazFDVFVkQk1WVkZRMmhOVFdNeWJHNWpNMUoyWTIxVmRWcEhWakpOVWpSM1NFRlpSRlpSVVVSRmVGWjZZVmRrZW1SSE9YbGFVekZ3WW01U2JBcGpiVEZzV2tkc2FHUkhWWGRJYUdOT1RXcFJlRTFxUVhwTlZHZDRUMVJCTVZkb1kwNU5hbEY0VFdwQmVrMVVaM2xQVkVFeFYycEJRVTFHYTNkRmQxbElDa3R2V2tsNmFqQkRRVkZaU1V0dldrbDZhakJFUVZGalJGRm5RVVZPSzJaQ1NrTlNXa2xCV21sWFVFSmthbmxSVmtRcmVEVjJaMjFxZFhWV1kzUXhTR3NLVUVoSlFrMTFSV1UzZDBrMGJVSkhNa0pvU2pObVNHdHdjamszWldaSlNEWkZURTF0VUZZNU9XVmtlVUZKV2taWVVqWlBRMEZZU1hkblowWjFUVUUwUndwQk1WVmtSSGRGUWk5M1VVVkJkMGxJWjBSQlZFSm5UbFpJVTFWRlJFUkJTMEpuWjNKQ1owVkdRbEZqUkVGNlFXUkNaMDVXU0ZFMFJVWm5VVlZyZFhSYUNtUklaa05EVTNaSFNUZzNiV3B1UWxKM1drSTRhV2haZDBoM1dVUldVakJxUWtKbmQwWnZRVlV6T1ZCd2VqRlphMFZhWWpWeFRtcHdTMFpYYVhocE5Ga0tXa1E0ZDBsbldVUldVakJTUVZGSUwwSkNaM2RHYjBWVlkwZEdhV0pIT1c1ak1rWnpVVWhDTldSSGFIWmlhVFYyWTIxamQwdFJXVXRMZDFsQ1FrRkhSQXAyZWtGQ1FWRlJZbUZJVWpCalNFMDJUSGs1YUZreVRuWmtWelV3WTNrMWJtSXlPVzVpUjFWMVdUSTVkRTFEYzBkRGFYTkhRVkZSUW1jM09IZEJVV2RGQ2toUmQySmhTRkl3WTBoTk5reDVPV2haTWs1MlpGYzFNR041Tlc1aU1qbHVZa2RWZFZreU9YUk5TVWRMUW1kdmNrSm5SVVZCWkZvMVFXZFJRMEpJZDBVS1pXZENORUZJV1VFelZEQjNZWE5pU0VWVVNtcEhValJqYlZkak0wRnhTa3RZY21wbFVFc3pMMmcwY0hsblF6aHdOMjgwUVVGQlIxUnFZamxSYkhkQlFRcENRVTFCVW5wQ1JrRnBSVUUwWkdSVFNVNW9XVTByY0RBclJFZDZVbkZ1UVRoeVZuUktSamxaWjBrck9YcHVXR2x4T1daeFVVNXJRMGxGUlhKalUyNVJDbTFPT0dwcVJYSm9kMWRYZEdOVVRUVkhaMGcwYTJFdmRXczFhMlJJVkhsamQzaHFNMDFCYjBkRFEzRkhVMDAwT1VKQlRVUkJNbU5CVFVkUlEwMUdiV3NLUTBWSU1uQkRRbkJHWlVacFZXa3lkVUUwYjNCalNsQTJkbWd2ZW5GaUswUXdkR0o0Y1dRcmFuZGlRbXQxUkhoRWNVRTVMMEZ2TTFWWGIzQXJkSGRKZHdwUE9XODNNVXRCYkZsWFVGTlFXVTFsV2tWU1RUUlNPSHBYYkhBNWJWWktVR2xMTTNSblQwcEthVFF3VFU1dGVIZDBabk5SWlZGMGJtTnhhVkZNUWtGSUNpMHRMUzB0UlU1RUlFTkZVbFJKUmtsRFFWUkZMUzB0TFMwSyJ9fX19"}]}, "messageSignature": {"messageDigest": {"algorithm": "SHA2_256", "digest": "Kpkgx6DNI23jNkTtmAoTy7whBYv9xSj+u2CBV17XO+M="}, "signature": "MEUCIENJHieik9ZEbmo7kJxeHVcaoT5X9LrXmsE5qsR9GRiHAiEAmpvrWmoPqyc4iCOUaufcwJNYL+YOMe4oCNidKTgnOQA="}} diff --git a/README.SUSE b/README.SUSE new file mode 100644 index 0000000..0053bcf --- /dev/null +++ b/README.SUSE @@ -0,0 +1,43 @@ +Python 3 in SUSE +============== + +* Subpackages * + +Python 3 is split into several subpackages, based on external dependencies. +The main package 'python3' has soft dependencies on all subpackages needed to +assemble the standard library; however, these might not all be installed by default. + +If you attempt to import a module that is currently not installed, an ImportError is thrown, +with instructions to install the missing subpackage. Installing the subpackage might result +in installing libraries that the subpackage requires to function. + + +* ensurepip * + +The 'ensurepip' module from Python 3 standard library (PEP 453) is supposed to deploy +a bundled copy of the pip installer. This makes no sense in a managed distribution like SUSE. +Instead, you need to install package 'python3-pip'. Usually this will be installed automatically +with 'python3'. + +Using 'ensurepip' when pip is not installed will result in an ImportError with instructions +to install 'python3-pip'. + + +* Documentation * + +You can find documentation in seprarate packages: python3-doc and +python3-doc-pdf. These contan following documents: + + Tutorial, What's New in Python, Global Module Index, Library Reference, + Macintosh Module Reference, Installing Python Modules, Distributing Python + Modules, Language Reference, Extending and Embedding, Python/C API, + Documenting Python + +The python3-doc package constains many text files from source tarball. + + +* Interactive mode * + +Interactive mode is by default enhanced with of history and command completion. +If you don't like these features, you can unset the PYTHONSTARTUP variable +in your .profile or disable it system wide in /etc/profile.d/python.sh. diff --git a/_multibuild b/_multibuild new file mode 100644 index 0000000..1d50bc4 --- /dev/null +++ b/_multibuild @@ -0,0 +1,4 @@ + + base + doc + diff --git a/add-loongarch64-support.patch b/add-loongarch64-support.patch new file mode 100644 index 0000000..f0c8035 --- /dev/null +++ b/add-loongarch64-support.patch @@ -0,0 +1,25 @@ +Description: Add platform triplets for LoongArch. + +--- a/configure.ac ++++ b/configure.ac +@@ -976,6 +976,20 @@ cat > conftest.c <=6) && defined(_MIPSEL) diff --git a/baselibs.conf b/baselibs.conf new file mode 100644 index 0000000..1793de8 --- /dev/null +++ b/baselibs.conf @@ -0,0 +1,3 @@ +python311-base +python311 +libpython3_11-1_0 diff --git a/bluez-devel-vendor.tar.xz b/bluez-devel-vendor.tar.xz new file mode 100644 index 0000000..57fb3e5 --- /dev/null +++ b/bluez-devel-vendor.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:868fbfba2ddaed62f2c45cf869fe2c648527ac3bac738f4f41f3c2872f5b0211 +size 25040 diff --git a/bpo-31046_ensurepip_honours_prefix.patch b/bpo-31046_ensurepip_honours_prefix.patch new file mode 100644 index 0000000..86882ae --- /dev/null +++ b/bpo-31046_ensurepip_honours_prefix.patch @@ -0,0 +1,173 @@ +From 5754521af1d51aa8e445cba07a093bbc0c88596d Mon Sep 17 00:00:00 2001 +From: Zackery Spytz +Date: Mon, 16 Dec 2019 18:24:08 -0700 +Subject: [PATCH] bpo-31046: ensurepip does not honour the value of $(prefix) + +Co-Authored-By: Xavier de Gaye +--- + Doc/library/ensurepip.rst | 9 +++-- + Lib/ensurepip/__init__.py | 18 +++++++--- + Lib/test/test_ensurepip.py | 11 ++++++ + Makefile.pre.in | 4 +- + Misc/NEWS.d/next/Build/2019-12-16-17-50-42.bpo-31046.XA-Qfr.rst | 1 + 5 files changed, 34 insertions(+), 9 deletions(-) + create mode 100644 Misc/NEWS.d/next/Build/2019-12-16-17-50-42.bpo-31046.XA-Qfr.rst + +Index: Python-3.11.8/Doc/library/ensurepip.rst +=================================================================== +--- Python-3.11.8.orig/Doc/library/ensurepip.rst ++++ Python-3.11.8/Doc/library/ensurepip.rst +@@ -59,7 +59,9 @@ is at least as recent as the one availab + By default, ``pip`` is installed into the current virtual environment + (if one is active) or into the system site packages (if there is no + active virtual environment). The installation location can be controlled +-through two additional command line options: ++through some additional command line options: ++ ++* ``--prefix ``: Installs ``pip`` using the given directory prefix. + + * :samp:`--root {dir}`: Installs ``pip`` relative to the given root directory + rather than the root of the currently active virtual environment (if any) +@@ -92,7 +94,7 @@ Module API + Returns a string specifying the available version of pip that will be + installed when bootstrapping an environment. + +-.. function:: bootstrap(root=None, upgrade=False, user=False, \ ++.. function:: bootstrap(root=None, prefix=None, upgrade=False, user=False, \ + altinstall=False, default_pip=False, \ + verbosity=0) + +@@ -102,6 +104,8 @@ Module API + If *root* is ``None``, then installation uses the default install location + for the current environment. + ++ *prefix* specifies the directory prefix to use when installing. ++ + *upgrade* indicates whether or not to upgrade an existing installation + of an earlier version of ``pip`` to the available version. + +@@ -122,6 +126,8 @@ Module API + *verbosity* controls the level of output to :data:`sys.stdout` from the + bootstrapping operation. + ++ .. versionchanged:: 3.9 the *prefix* parameter was added. ++ + .. audit-event:: ensurepip.bootstrap root ensurepip.bootstrap + + .. note:: +Index: Python-3.11.8/Lib/ensurepip/__init__.py +=================================================================== +--- Python-3.11.8.orig/Lib/ensurepip/__init__.py ++++ Python-3.11.8/Lib/ensurepip/__init__.py +@@ -122,27 +122,27 @@ def _disable_pip_configuration_settings( + os.environ['PIP_CONFIG_FILE'] = os.devnull + + +-def bootstrap(*, root=None, upgrade=False, user=False, ++def bootstrap(*, root=None, prefix=None, upgrade=False, user=False, + altinstall=False, default_pip=False, + verbosity=0): + """ + Bootstrap pip into the current Python installation (or the given root +- directory). ++ and directory prefix). + + Note that calling this function will alter both sys.path and os.environ. + """ + # Discard the return value +- _bootstrap(root=root, upgrade=upgrade, user=user, ++ _bootstrap(root=root, prefix=prefix, upgrade=upgrade, user=user, + altinstall=altinstall, default_pip=default_pip, + verbosity=verbosity) + + +-def _bootstrap(*, root=None, upgrade=False, user=False, ++def _bootstrap(*, root=None, prefix=None, upgrade=False, user=False, + altinstall=False, default_pip=False, + verbosity=0): + """ + Bootstrap pip into the current Python installation (or the given root +- directory). Returns pip command status code. ++ and directory prefix). Returns pip command status code. + + Note that calling this function will alter both sys.path and os.environ. + """ +@@ -192,6 +192,8 @@ def _bootstrap(*, root=None, upgrade=Fal + args = ["install", "--no-cache-dir", "--no-index", "--find-links", tmpdir] + if root: + args += ["--root", root] ++ if prefix: ++ args += ["--prefix", prefix] + if upgrade: + args += ["--upgrade"] + if user: +@@ -267,6 +269,11 @@ def _main(argv=None): + help="Install everything relative to this alternate root directory.", + ) + parser.add_argument( ++ "--prefix", ++ default=None, ++ help="Install everything using this prefix.", ++ ) ++ parser.add_argument( + "--altinstall", + action="store_true", + default=False, +@@ -285,6 +292,7 @@ def _main(argv=None): + + return _bootstrap( + root=args.root, ++ prefix=args.prefix, + upgrade=args.upgrade, + user=args.user, + verbosity=args.verbosity, +Index: Python-3.11.8/Lib/test/test_ensurepip.py +=================================================================== +--- Python-3.11.8.orig/Lib/test/test_ensurepip.py ++++ Python-3.11.8/Lib/test/test_ensurepip.py +@@ -112,6 +112,17 @@ class TestBootstrap(EnsurepipMixin, unit + unittest.mock.ANY, + ) + ++ def test_bootstrapping_with_prefix(self): ++ ensurepip.bootstrap(prefix="/foo/bar/") ++ self.run_pip.assert_called_once_with( ++ [ ++ "install", "--no-cache-dir", "--no-index", "--find-links", ++ unittest.mock.ANY, "--prefix", "/foo/bar/", ++ "setuptools", "pip", ++ ], ++ unittest.mock.ANY, ++ ) ++ + def test_bootstrapping_with_user(self): + ensurepip.bootstrap(user=True) + +Index: Python-3.11.8/Makefile.pre.in +=================================================================== +--- Python-3.11.8.orig/Makefile.pre.in ++++ Python-3.11.8/Makefile.pre.in +@@ -1761,7 +1761,7 @@ install: @FRAMEWORKINSTALLFIRST@ commoni + install|*) ensurepip="" ;; \ + esac; \ + $(RUNSHARED) $(PYTHON_FOR_BUILD) -m ensurepip \ +- $$ensurepip --root=$(DESTDIR)/ ; \ ++ $$ensurepip --root=$(DESTDIR)/ --prefix=$(prefix) ; \ + fi + + altinstall: commoninstall +@@ -1771,7 +1771,7 @@ altinstall: commoninstall + install|*) ensurepip="--altinstall" ;; \ + esac; \ + $(RUNSHARED) $(PYTHON_FOR_BUILD) -m ensurepip \ +- $$ensurepip --root=$(DESTDIR)/ ; \ ++ $$ensurepip --root=$(DESTDIR)/ --prefix=$(prefix) ; \ + fi + + commoninstall: check-clean-src @FRAMEWORKALTINSTALLFIRST@ \ +Index: Python-3.11.8/Misc/NEWS.d/next/Build/2019-12-16-17-50-42.bpo-31046.XA-Qfr.rst +=================================================================== +--- /dev/null ++++ Python-3.11.8/Misc/NEWS.d/next/Build/2019-12-16-17-50-42.bpo-31046.XA-Qfr.rst +@@ -0,0 +1 @@ ++A directory prefix can now be specified when using :mod:`ensurepip`. diff --git a/bsc1221260-test_asyncio-ResourceWarning.patch b/bsc1221260-test_asyncio-ResourceWarning.patch new file mode 100644 index 0000000..15d6b8d --- /dev/null +++ b/bsc1221260-test_asyncio-ResourceWarning.patch @@ -0,0 +1,21 @@ +From a3052035485bd2836e40f5284657ca105382cbfd Mon Sep 17 00:00:00 2001 +From: sobolevn +Date: Tue, 5 Mar 2024 20:24:16 +0300 +Subject: [PATCH] gh-116112: Fix `ResourceWarning` in + `test_asyncio.test_stream` + +Co-authored-by: @CendioOssman +--- + Lib/test/test_asyncio/test_streams.py | 1 + + 1 file changed, 1 insertion(+) + +--- a/Lib/test/test_asyncio/test_streams.py ++++ b/Lib/test/test_asyncio/test_streams.py +@@ -1156,6 +1156,7 @@ os.close(fd) + + def test_unhandled_cancel(self): + async def handle_echo(reader, writer): ++ writer.close() + asyncio.current_task().cancel() + messages = self._basetest_unhandled_exceptions(handle_echo) + self.assertEqual(messages, []) diff --git a/bso1227999-reproducible-builds.patch b/bso1227999-reproducible-builds.patch new file mode 100644 index 0000000..fb33d18 --- /dev/null +++ b/bso1227999-reproducible-builds.patch @@ -0,0 +1,37 @@ +From ac2b8869724d7a57d9b5efbdce2f20423214e8bb Mon Sep 17 00:00:00 2001 +From: "Bernhard M. Wiedemann" +Date: Tue, 16 Jul 2024 21:39:33 +0200 +Subject: [PATCH] Allow to override build date with SOURCE_DATE_EPOCH + +to make builds reproducible. +See https://reproducible-builds.org/ for why this is good +and https://reproducible-builds.org/specs/source-date-epoch/ +for the definition of this variable. +--- + Doc/conf.py | 3 ++- + Doc/library/functions.rst | 2 +- + 2 files changed, 3 insertions(+), 2 deletions(-) + +--- a/Doc/conf.py ++++ b/Doc/conf.py +@@ -316,7 +316,8 @@ html_context = { + } + + # This 'Last updated on:' timestamp is inserted at the bottom of every page. +-html_last_updated_fmt = time.strftime('%b %d, %Y (%H:%M UTC)', time.gmtime()) ++html_time = int(os.environ.get('SOURCE_DATE_EPOCH', time.time())) ++html_last_updated_fmt = time.strftime('%b %d, %Y (%H:%M UTC)', time.gmtime(html_time)) + + # Path to find HTML templates. + templates_path = ['tools/templates'] +--- a/Doc/library/functions.rst ++++ b/Doc/library/functions.rst +@@ -1356,7 +1356,7 @@ are always available. They are listed h + (where :func:`open` is declared), :mod:`os`, :mod:`os.path`, :mod:`tempfile`, + and :mod:`shutil`. + +- .. audit-event:: open file,mode,flags open ++ .. audit-event:: open path,mode,flags open + + The ``mode`` and ``flags`` arguments may have been modified or inferred from + the original call. diff --git a/distutils-reproducible-compile.patch b/distutils-reproducible-compile.patch new file mode 100644 index 0000000..17e8bd2 --- /dev/null +++ b/distutils-reproducible-compile.patch @@ -0,0 +1,17 @@ +--- + Lib/distutils/util.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +Index: Python-3.11.8/Lib/distutils/util.py +=================================================================== +--- Python-3.11.8.orig/Lib/distutils/util.py ++++ Python-3.11.8/Lib/distutils/util.py +@@ -436,7 +436,7 @@ byte_compile(files, optimize=%r, force=% + else: + from py_compile import compile + +- for file in py_files: ++ for file in sorted(py_files): + if file[-3:] != ".py": + # This lets us be lazy and not filter filenames in + # the "install_lib" command. diff --git a/externally_managed.in b/externally_managed.in new file mode 100644 index 0000000..54606b6 --- /dev/null +++ b/externally_managed.in @@ -0,0 +1,12 @@ +[externally-managed] +Error=To install Python packages system-wide, try + zypper install __PYTHONPREFIX__-xyz, where xyz is the package + you are trying to install. + + If you wish to install a non-rpm packaged Python package, + create a virtual environment using __PYTHON__ -m venv path/to/venv. + Then use path/to/venv/bin/python and path/to/venv/bin/pip. + + If you wish to install a non-rpm packaged Python application, + it may be easiest to use `pipx install xyz`, which will manage a + virtual environment for you. Install pipx via `zypper install __PYTHONPREFIX__-pipx` . diff --git a/fix_configure_rst.patch b/fix_configure_rst.patch new file mode 100644 index 0000000..7c6fd0e --- /dev/null +++ b/fix_configure_rst.patch @@ -0,0 +1,40 @@ +--- + Doc/using/configure.rst | 3 --- + Misc/NEWS | 2 +- + 2 files changed, 1 insertion(+), 4 deletions(-) + +--- a/Doc/using/configure.rst ++++ b/Doc/using/configure.rst +@@ -43,7 +43,6 @@ General Options + + See :data:`sys.int_info.bits_per_digit `. + +-.. option:: --with-cxx-main + .. option:: --with-cxx-main=COMPILER + + Compile the Python ``main()`` function and link Python executable with C++ +@@ -529,13 +528,11 @@ macOS Options + + See ``Mac/README.rst``. + +-.. option:: --enable-universalsdk + .. option:: --enable-universalsdk=SDKDIR + + Create a universal binary build. *SDKDIR* specifies which macOS SDK should + be used to perform the build (default is no). + +-.. option:: --enable-framework + .. option:: --enable-framework=INSTALLDIR + + Create a Python.framework rather than a traditional Unix install. Optional +--- a/Misc/NEWS ++++ b/Misc/NEWS +@@ -9774,7 +9774,7 @@ C API + - bpo-40939: Removed documentation for the removed ``PyParser_*`` C API. + + - bpo-43795: The list in :ref:`limited-api-list` now shows the public name +- :c:struct:`PyFrameObject` rather than ``_frame``. The non-existing entry ++ :c:type:`PyFrameObject` rather than ``_frame``. The non-existing entry + ``_node`` no longer appears in the list. + + - bpo-44378: :c:func:`Py_IS_TYPE` no longer uses :c:func:`Py_TYPE` to avoid diff --git a/gh120226-fix-sendfile-test-kernel-610.patch b/gh120226-fix-sendfile-test-kernel-610.patch new file mode 100644 index 0000000..2eb6f63 --- /dev/null +++ b/gh120226-fix-sendfile-test-kernel-610.patch @@ -0,0 +1,35 @@ +From 1b3f6523a5c83323cdc44031b33a1c062e5dc698 Mon Sep 17 00:00:00 2001 +From: Xi Ruoyao +Date: Fri, 7 Jun 2024 23:51:32 +0800 +Subject: [PATCH] gh-120226: Fix + test_sendfile_close_peer_in_the_middle_of_receiving on Linux >= 6.10 + (GH-120227) + +The worst case is that the kernel buffers 17 pages with a page size of 64k. +(cherry picked from commit a7584245661102a5768c643fbd7db8395fd3c90e) + +Co-authored-by: Xi Ruoyao +--- + Lib/test/test_asyncio/test_sendfile.py | 11 ++++------- + 1 file changed, 4 insertions(+), 7 deletions(-) + +--- a/Lib/test/test_asyncio/test_sendfile.py ++++ b/Lib/test/test_asyncio/test_sendfile.py +@@ -93,13 +93,10 @@ class MyProto(asyncio.Protocol): + + class SendfileBase: + +- # 256 KiB plus small unaligned to buffer chunk +- # Newer versions of Windows seems to have increased its internal +- # buffer and tries to send as much of the data as it can as it +- # has some form of buffering for this which is less than 256KiB +- # on newer server versions and Windows 11. +- # So DATA should be larger than 256 KiB to make this test reliable. +- DATA = b"x" * (1024 * 256 + 1) ++ # Linux >= 6.10 seems buffering up to 17 pages of data. ++ # So DATA should be large enough to make this test reliable even with a ++ # 64 KiB page configuration. ++ DATA = b"x" * (1024 * 17 * 64 + 1) + # Reduce socket buffer size to test on relative small data sets. + BUF_SIZE = 4 * 1024 # 4 KiB + diff --git a/idle3.appdata.xml b/idle3.appdata.xml new file mode 100644 index 0000000..554b7c4 --- /dev/null +++ b/idle3.appdata.xml @@ -0,0 +1,35 @@ + + + + + idle3.desktop + IDLE3 + CC0 + Python-2.0 + Python 3 Integrated Development and Learning Environment + +

+ IDLE is Python’s Integrated Development and Learning Environment. + The GUI is uniform between Windows, Unix, and Mac OS X. + IDLE provides an easy way to start writing, running, and debugging + Python code. +

+

+ IDLE is written in pure Python, and uses the tkinter GUI toolkit. + It provides: +

+
    +
  • a Python shell window (interactive interpreter) with colorizing of code input, output, and error messages,
    • +
  • a multi-window text editor with multiple undo, Python colorizing, smart indent, call tips, auto completion, and other features,
    • +
  • search within any window, replace within editor windows, and search through multiple files (grep),
    • +
  • a debugger with persistent breakpoints, stepping, and viewing of global and local namespaces.
    • +
+ + https://docs.python.org/3/library/idle.html + + http://in.waw.pl/~zbyszek/fedora/idle3-appdata/idle3-main-window.png + http://in.waw.pl/~zbyszek/fedora/idle3-appdata/idle3-class-browser.png + http://in.waw.pl/~zbyszek/fedora/idle3-appdata/idle3-code-viewer.png + + zbyszek@in.waw.pl + diff --git a/idle3.desktop b/idle3.desktop new file mode 100644 index 0000000..43f5a4c --- /dev/null +++ b/idle3.desktop @@ -0,0 +1,12 @@ +[Desktop Entry] +Version=1.0 +Name=IDLE 3 +GenericName=Python 3 IDE +Comment=Python 3 Integrated Development and Learning Environment +Exec=idle3 %F +TryExec=idle3 +Terminal=false +Type=Application +Icon=idle3 +Categories=Development;IDE; +MimeType=text/x-python; diff --git a/import_failed.map b/import_failed.map new file mode 100644 index 0000000..f33690c --- /dev/null +++ b/import_failed.map @@ -0,0 +1,7 @@ +python311-curses: curses _curses _curses_panel +python311-dbm: dbm _dbm _gdbm +python311-idle: idlelib +python311-testsuite: test _ctypes_test _testbuffer _testcapi _testinternalcapi _testimportmultiple _testmultiphase xxlimited +python311-tk: tkinter _tkinter +python311-tools: turtledemo +python311: sqlite3 readline _sqlite3 nis diff --git a/import_failed.py b/import_failed.py new file mode 100644 index 0000000..258b5a5 --- /dev/null +++ b/import_failed.py @@ -0,0 +1,23 @@ +import sys, os +from sysconfig import get_path + +failed_map_path = os.path.join(get_path('stdlib'), '_import_failed', 'import_failed.map') + +if __spec__: + failed_name = __spec__.name +else: + failed_name = __name__ + +with open(failed_map_path) as fd: + for line in fd: + package = line.split(':')[0] + imports = line.split(':')[1] + if failed_name in imports: + raise ImportError(f"""Module '{failed_name}' is not installed. +Use: + sudo zypper install {package} +to install it.""") + +raise ImportError(f"""Module '{failed_name}' is not installed. +It is supposed to be part of python3 distribution, but missing from failed import map. +Please file a bug on the SUSE Bugzilla.""") diff --git a/macros.python3 b/macros.python3 new file mode 100644 index 0000000..2bd193b --- /dev/null +++ b/macros.python3 @@ -0,0 +1,28 @@ +%have_python3 1 + +# commented out legacy macro definitions +#py3_prefix /usr +#py3_incdir /usr/include/python3.5m +#py3_ver 3.5 + +# these should now be provided by macros.python_all +#python3_sitearch /usr/lib64/python3.5/site-packages +#python3_sitelib /usr/lib/python3.5/site-packages +#python3_version 3.5 + +# hard to say if anyone ever used these? +#py3_soflags cpython-35m-x86_64-linux-gnu +#py3_abiflags m +%cpython3_soabi %(python3 -c "import sysconfig; print(sysconfig.get_config_var('SOABI'))") +%py3_soflags %cpython3_soabi + +# compilation macros that might be in use somewhere +%py3_compile(O) \ +find %1 -name '*.pyc' -exec rm -f {} ";"\ +python3 -c "import sys, os, compileall; br='%{buildroot}'; compileall.compile_dir(sys.argv[1], ddir=br and (sys.argv[1][len(os.path.abspath(br)):]+'/') or None)" %1\ +%{-O:\ +find %1 -name '*.pyo' -exec rm -f {} ";"\ +python3 -O -c "import sys, os, compileall; br='%{buildroot}'; compileall.compile_dir(sys.argv[1], ddir=br and (sys.argv[1][len(os.path.abspath(br)):]+'/') or None)" %1\ +} + + diff --git a/no-skipif-doctests.patch b/no-skipif-doctests.patch new file mode 100644 index 0000000..7e412d7 --- /dev/null +++ b/no-skipif-doctests.patch @@ -0,0 +1,653 @@ +only in patch2: +unchanged: +--- + Doc/library/turtle.rst | 82 ------------------------------------------------- + 1 file changed, 82 deletions(-) + +--- a/Doc/library/turtle.rst ++++ b/Doc/library/turtle.rst +@@ -440,7 +440,6 @@ Turtle motion + turtle is headed. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.position() + (0.00,0.00) +@@ -467,7 +466,6 @@ Turtle motion + >>> turtle.goto(0, 0) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.position() + (0.00,0.00) +@@ -486,13 +484,11 @@ Turtle motion + orientation depends on the turtle mode, see :func:`mode`. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.setheading(22) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.heading() + 22.0 +@@ -511,13 +507,11 @@ Turtle motion + orientation depends on the turtle mode, see :func:`mode`. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.setheading(22) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.heading() + 22.0 +@@ -540,13 +534,11 @@ Turtle motion + not change the turtle's orientation. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.goto(0, 0) + + .. doctest:: +- :skipif: _tkinter is None + + >>> tp = turtle.pos() + >>> tp +@@ -570,13 +562,11 @@ Turtle motion + unchanged. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.goto(0, 240) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.position() + (0.00,240.00) +@@ -592,13 +582,11 @@ Turtle motion + Set the turtle's second coordinate to *y*, leave first coordinate unchanged. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.goto(0, 40) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.position() + (0.00,40.00) +@@ -625,7 +613,6 @@ Turtle motion + =================== ==================== + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.setheading(90) + >>> turtle.heading() +@@ -638,14 +625,12 @@ Turtle motion + its start-orientation (which depends on the mode, see :func:`mode`). + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.setheading(90) + >>> turtle.goto(0, -10) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.heading() + 90.0 +@@ -677,7 +662,6 @@ Turtle motion + calculated automatically. May be used to draw regular polygons. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.position() +@@ -706,7 +690,6 @@ Turtle motion + + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.dot() +@@ -724,7 +707,6 @@ Turtle motion + it by calling ``clearstamp(stamp_id)``. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.color("blue") + >>> turtle.stamp() +@@ -740,7 +722,6 @@ Turtle motion + Delete stamp with given *stampid*. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.position() + (150.00,-0.00) +@@ -785,7 +766,6 @@ Turtle motion + undo actions is determined by the size of the undobuffer. + + .. doctest:: +- :skipif: _tkinter is None + + >>> for i in range(4): + ... turtle.fd(50); turtle.lt(80) +@@ -818,7 +798,6 @@ Turtle motion + turtle turn instantly. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.speed() + 3 +@@ -839,7 +818,6 @@ Tell Turtle's state + Return the turtle's current location (x,y) (as a :class:`Vec2D` vector). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.pos() + (440.00,-0.00) +@@ -855,7 +833,6 @@ Tell Turtle's state + orientation which depends on the mode - "standard"/"world" or "logo". + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.goto(10, 10) + >>> turtle.towards(0,0) +@@ -867,7 +844,6 @@ Tell Turtle's state + Return the turtle's x coordinate. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.left(50) +@@ -883,7 +859,6 @@ Tell Turtle's state + Return the turtle's y coordinate. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.left(60) +@@ -900,7 +875,6 @@ Tell Turtle's state + :func:`mode`). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.left(67) +@@ -917,7 +891,6 @@ Tell Turtle's state + other turtle, in turtle step units. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.distance(30,40) +@@ -941,7 +914,6 @@ Settings for measurement + Default value is 360 degrees. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.left(90) +@@ -964,7 +936,6 @@ Settings for measurement + ``degrees(2*math.pi)``. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.left(90) +@@ -975,7 +946,6 @@ Settings for measurement + 1.5707963267948966 + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.degrees(360) +@@ -1011,7 +981,6 @@ Drawing state + thickness. If no argument is given, the current pensize is returned. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.pensize() + 1 +@@ -1043,7 +1012,6 @@ Drawing state + attributes in one statement. + + .. doctest:: +- :skipif: _tkinter is None + :options: +NORMALIZE_WHITESPACE + + >>> turtle.pen(fillcolor="black", pencolor="red", pensize=10) +@@ -1066,7 +1034,6 @@ Drawing state + Return ``True`` if pen is down, ``False`` if it's up. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.penup() + >>> turtle.isdown() +@@ -1107,7 +1074,6 @@ Color control + newly set pencolor. + + .. doctest:: +- :skipif: _tkinter is None + + >>> colormode() + 1.0 +@@ -1156,7 +1122,6 @@ Color control + with the newly set fillcolor. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.fillcolor("violet") + >>> turtle.fillcolor() +@@ -1195,7 +1160,6 @@ Color control + with the newly set colors. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.color("red", "green") + >>> turtle.color() +@@ -1212,7 +1176,6 @@ Filling + ~~~~~~~ + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.home() +@@ -1222,7 +1185,6 @@ Filling + Return fillstate (``True`` if filling, ``False`` else). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.begin_fill() + >>> if turtle.filling(): +@@ -1247,7 +1209,6 @@ Filling + above may be either all yellow or have some white regions. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.color("black", "red") + >>> turtle.begin_fill() +@@ -1264,7 +1225,6 @@ More drawing control + variables to the default values. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.goto(0,-22) + >>> turtle.left(100) +@@ -1315,7 +1275,6 @@ Visibility + drawing observably. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.hideturtle() + +@@ -1326,7 +1285,6 @@ Visibility + Make the turtle visible. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.showturtle() + +@@ -1357,7 +1315,6 @@ Appearance + deal with shapes see Screen method :func:`register_shape`. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.shape() + 'classic' +@@ -1383,7 +1340,6 @@ Appearance + ``resizemode("user")`` is called by :func:`shapesize` when used with arguments. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.resizemode() + 'noresize' +@@ -1407,7 +1363,6 @@ Appearance + of the shape's outline. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.shapesize() + (1.0, 1.0, 1) +@@ -1432,7 +1387,6 @@ Appearance + heading of the turtle are sheared. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.shape("circle") + >>> turtle.shapesize(5,2) +@@ -1449,7 +1403,6 @@ Appearance + change the turtle's heading (direction of movement). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.reset() + >>> turtle.shape("circle") +@@ -1469,7 +1422,6 @@ Appearance + (direction of movement). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.reset() + >>> turtle.shape("circle") +@@ -1495,7 +1447,6 @@ Appearance + turtle (its direction of movement). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.reset() + >>> turtle.shape("circle") +@@ -1524,7 +1475,6 @@ Appearance + given matrix. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle = Turtle() + >>> turtle.shape("square") +@@ -1540,7 +1490,6 @@ Appearance + can be used to define a new shape or components of a compound shape. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.shape("square") + >>> turtle.shapetransform(4, -1, 0, 2) +@@ -1565,7 +1514,6 @@ Using events + procedural way: + + .. doctest:: +- :skipif: _tkinter is None + + >>> def turn(x, y): + ... left(180) +@@ -1586,7 +1534,6 @@ Using events + ``None``, existing bindings are removed. + + .. doctest:: +- :skipif: _tkinter is None + + >>> class MyTurtle(Turtle): + ... def glow(self,x,y): +@@ -1614,7 +1561,6 @@ Using events + mouse-click event on that turtle. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.ondrag(turtle.goto) + +@@ -1642,7 +1588,6 @@ Special Turtle methods + Return the last recorded polygon. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.begin_poly() +@@ -1662,7 +1607,6 @@ Special Turtle methods + turtle properties. + + .. doctest:: +- :skipif: _tkinter is None + + >>> mick = Turtle() + >>> joe = mick.clone() +@@ -1675,7 +1619,6 @@ Special Turtle methods + return the "anonymous turtle": + + .. doctest:: +- :skipif: _tkinter is None + + >>> pet = getturtle() + >>> pet.fd(50) +@@ -1689,7 +1632,6 @@ Special Turtle methods + TurtleScreen methods can then be called for that object. + + .. doctest:: +- :skipif: _tkinter is None + + >>> ts = turtle.getscreen() + >>> ts +@@ -1707,7 +1649,6 @@ Special Turtle methods + ``None``, the undobuffer is disabled. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.setundobuffer(42) + +@@ -1717,7 +1658,6 @@ Special Turtle methods + Return number of entries in the undobuffer. + + .. doctest:: +- :skipif: _tkinter is None + + >>> while undobufferentries(): + ... undo() +@@ -1740,7 +1680,6 @@ below: + For example: + + .. doctest:: +- :skipif: _tkinter is None + + >>> s = Shape("compound") + >>> poly1 = ((0,0),(10,-5),(0,10),(-10,-5)) +@@ -1751,7 +1690,6 @@ below: + 3. Now add the Shape to the Screen's shapelist and use it: + + .. doctest:: +- :skipif: _tkinter is None + + >>> register_shape("myshape", s) + >>> shape("myshape") +@@ -1771,7 +1709,6 @@ Most of the examples in this section ref + ``screen``. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> screen = Screen() +@@ -1788,7 +1725,6 @@ Window control + Set or return background color of the TurtleScreen. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.bgcolor("orange") + >>> screen.bgcolor() +@@ -1880,7 +1816,6 @@ Window control + distorted. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.reset() + >>> screen.setworldcoordinates(-50,-7.5,50,7.5) +@@ -1891,7 +1826,6 @@ Window control + ... left(45); fd(2) # a regular octagon + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> screen.reset() +@@ -1913,7 +1847,6 @@ Animation control + Optional argument: + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.delay() + 10 +@@ -1935,7 +1868,6 @@ Animation control + :func:`delay`). + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.tracer(8, 25) + >>> dist = 2 +@@ -1972,7 +1904,6 @@ Using screen events + must have the focus. (See method :func:`listen`.) + + .. doctest:: +- :skipif: _tkinter is None + + >>> def f(): + ... fd(50) +@@ -1993,7 +1924,6 @@ Using screen events + must have focus. (See method :func:`listen`.) + + .. doctest:: +- :skipif: _tkinter is None + + >>> def f(): + ... fd(50) +@@ -2018,7 +1948,6 @@ Using screen events + named ``turtle``: + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.onclick(turtle.goto) # Subsequently clicking into the TurtleScreen will + >>> # make the turtle move to the clicked point. +@@ -2038,7 +1967,6 @@ Using screen events + Install a timer that calls *fun* after *t* milliseconds. + + .. doctest:: +- :skipif: _tkinter is None + + >>> running = True + >>> def f(): +@@ -2120,7 +2048,6 @@ Settings and special methods + ============ ========================= =================== + + .. doctest:: +- :skipif: _tkinter is None + + >>> mode("logo") # resets turtle heading to north + >>> mode() +@@ -2135,7 +2062,6 @@ Settings and special methods + values of color triples have to be in the range 0..*cmode*. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.colormode(1) + >>> turtle.pencolor(240, 160, 80) +@@ -2156,7 +2082,6 @@ Settings and special methods + do with a Tkinter Canvas. + + .. doctest:: +- :skipif: _tkinter is None + + >>> cv = screen.getcanvas() + >>> cv +@@ -2168,7 +2093,6 @@ Settings and special methods + Return a list of names of all currently available turtle shapes. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.getshapes() + ['arrow', 'blank', 'circle', ..., 'turtle'] +@@ -2192,7 +2116,6 @@ Settings and special methods + coordinates: Install the corresponding polygon shape. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.register_shape("triangle", ((5,-3), (0,5), (-5,-3))) + +@@ -2208,7 +2131,6 @@ Settings and special methods + Return the list of turtles on the screen. + + .. doctest:: +- :skipif: _tkinter is None + + >>> for turtle in screen.turtles(): + ... turtle.color("red") +@@ -2270,7 +2192,6 @@ Methods specific to Screen, not inherite + center window vertically + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.setup (width=200, height=200, startx=0, starty=0) + >>> # sets window to 200x200 pixels, in upper left of screen +@@ -2286,7 +2207,6 @@ Methods specific to Screen, not inherite + Set title of turtle window to *titlestring*. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.title("Welcome to the turtle zoo!") + +@@ -2357,7 +2277,6 @@ Public classes + Example: + + .. doctest:: +- :skipif: _tkinter is None + + >>> poly = ((0,0),(10,-5),(0,10),(-10,-5)) + >>> s = Shape("compound") +@@ -2743,7 +2662,6 @@ Changes since Python 3.0 + + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> for turtle in turtles(): diff --git a/pre_checkin.sh b/pre_checkin.sh new file mode 100644 index 0000000..a2cf992 --- /dev/null +++ b/pre_checkin.sh @@ -0,0 +1,78 @@ +#!/bin/bash + +export LC_ALL=C + +master=python*.spec + +# create import_failed.map from package definitions +pkgname=$(grep python_pkg_name $master |grep define |awk -F' ' '{print $3}') +MAPFILE=import_failed.map +function new_map_line () { + package=$1 + package=$(echo $1 |sed -e "s:%{python_pkg_name}:$pkgname:") + modules=$2 + if [ -z "$package" -o -z "$modules" ]; then + return + fi + if [[ "$package" =~ "-base" ]]; then + return + fi + echo "$package:$modules" >> $MAPFILE.tmp +} + +for spec in *.spec; do + basename=${spec%.spec} + package= + modules= + while read line; do + case $line in + "%files -n "*) + new_map_line $package "$modules" + package=${line#"%files -n "} + modules= + ;; + "%files "*) + new_map_line $package "$modules" + package=$basename-${line#"%files "} + modules= + ;; + "%files") + new_map_line $package "$modules" + package=$basename + modules= + ;; + "%{sitedir}/config-"*) + # ignore + ;; + "%{sitedir}/"*) + word=${line#"%{sitedir}/"} + if ! echo $word | grep -q /; then + modules="$modules $word" + fi + ;; + "%{dynlib "*"}") + word=${line#"%{dynlib "} + word=${word%"}"} + modules="$modules $word" + ;; + esac + done < $spec + new_map_line $package "$modules" +done + +cat $MAPFILE.tmp |sort -u > $MAPFILE +rm $MAPFILE.tmp + +# run test inclusion check +tar xJf Python-*.xz +python3 skipped_tests.py + +# generate baselibs.conf +VERSION=$(grep ^Version $master|awk -F':' '{print $2}' |sed -e 's/ //g') +python_version=${VERSION:0:3} # 3.3 +python_version_abitag=${python_version//./} # 33 +python_version_soname=${python_version//./_} # 3_3 +echo "$pkgname-base" > baselibs.conf +echo "$pkgname" >> baselibs.conf +echo "libpython$python_version_soname-1_0" >> baselibs.conf + diff --git a/python-3.3.0b1-fix_date_time_compiler.patch b/python-3.3.0b1-fix_date_time_compiler.patch new file mode 100644 index 0000000..cda20d7 --- /dev/null +++ b/python-3.3.0b1-fix_date_time_compiler.patch @@ -0,0 +1,27 @@ +--- + Makefile.pre.in | 7 +++++++ + 1 file changed, 7 insertions(+) + +Index: Python-3.11.8/Makefile.pre.in +=================================================================== +--- Python-3.11.8.orig/Makefile.pre.in ++++ Python-3.11.8/Makefile.pre.in +@@ -1240,11 +1240,18 @@ Modules/getbuildinfo.o: $(PARSER_OBJS) \ + $(DTRACE_OBJS) \ + $(srcdir)/Modules/getbuildinfo.c + $(CC) -c $(PY_CORE_CFLAGS) \ ++ -DDATE="\"`date -u -r Makefile.pre.in +"%b %d %Y"`\"" \ ++ -DTIME="\"`date -u -r Makefile.pre.in +"%T"`\"" \ + -DGITVERSION="\"`LC_ALL=C $(GITVERSION)`\"" \ + -DGITTAG="\"`LC_ALL=C $(GITTAG)`\"" \ + -DGITBRANCH="\"`LC_ALL=C $(GITBRANCH)`\"" \ + -o $@ $(srcdir)/Modules/getbuildinfo.c + ++Python/getcompiler.o: $(srcdir)/Python/getcompiler.c Makefile ++ $(CC) -c $(PY_CORE_CFLAGS) \ ++ -DCOMPILER='"[GCC]"' \ ++ -o $@ $(srcdir)/Python/getcompiler.c ++ + Modules/getpath.o: $(srcdir)/Modules/getpath.c Python/frozen_modules/getpath.h Makefile $(PYTHON_HEADERS) + $(CC) -c $(PY_CORE_CFLAGS) -DPYTHONPATH='"$(PYTHONPATH)"' \ + -DPREFIX='"$(prefix)"' \ diff --git a/python-3.3.0b1-localpath.patch b/python-3.3.0b1-localpath.patch new file mode 100644 index 0000000..475497e --- /dev/null +++ b/python-3.3.0b1-localpath.patch @@ -0,0 +1,13 @@ +Index: Python-3.11.8/Lib/site.py +=================================================================== +--- Python-3.11.8.orig/Lib/site.py ++++ Python-3.11.8/Lib/site.py +@@ -77,7 +77,7 @@ import io + import stat + + # Prefixes for site-packages; add additional prefixes like /usr/local here +-PREFIXES = [sys.prefix, sys.exec_prefix] ++PREFIXES = [sys.prefix, sys.exec_prefix, '/usr/local'] + # Enable per user site-packages directory + # set it to False to disable the feature or True to force the feature + ENABLE_USER_SITE = None diff --git a/python-3.3.0b1-test-posix_fadvise.patch b/python-3.3.0b1-test-posix_fadvise.patch new file mode 100644 index 0000000..ac5d553 --- /dev/null +++ b/python-3.3.0b1-test-posix_fadvise.patch @@ -0,0 +1,17 @@ +--- + Lib/test/test_posix.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +Index: Python-3.11.8/Lib/test/test_posix.py +=================================================================== +--- Python-3.11.8.orig/Lib/test/test_posix.py ++++ Python-3.11.8/Lib/test/test_posix.py +@@ -430,7 +430,7 @@ class PosixTester(unittest.TestCase): + def test_posix_fadvise(self): + fd = os.open(os_helper.TESTFN, os.O_RDONLY) + try: +- posix.posix_fadvise(fd, 0, 0, posix.POSIX_FADV_WILLNEED) ++ posix.posix_fadvise(fd, 0, 0, posix.POSIX_FADV_RANDOM) + finally: + os.close(fd) + diff --git a/python.keyring b/python.keyring new file mode 100644 index 0000000..747bc27 --- /dev/null +++ b/python.keyring @@ -0,0 +1,109 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBFq+ToQBEADRYvIVtbK6owynD3j3nxwpW2KEk/p+aDvtXmc2SR2dBcZ8sFW2 +R5vEsG8d3/D3wgv5pcL3KfNNXQYUnXVbobrFUUWQYc79qIsE3MgiPf5NVOtwKPUR +i5g9YJgKvpBxkQfqp3LYGm9ZBtwo3DVLA3yn7KsazCmAgTNFJYw7ku1XxgmIzY6K +5J30DfbJiqDqj4f9GslCCCCH3qiPnuLG/HUyVLHMpbWlaiy9NI0GcaLxjJewHj9w +W2D2lydkxe5JGo7egUkV3ILcuLVSVKA35SKY27dYqfuyqp9tAzaRbjDYjsYdHA6G +BqrNrKBn/GwlFDPrVdcvN3ZSY2wMLTxWE3Axc/FweuHxFnou/80FwX7F3JD+oEQ6 +rofmcxOBCC7J98I7HZAhP9jBn88XIS2hztbLq8d6rZJZRtcz0k61VR0ddO+TrFmf +9rMYCPgCckRtVxeFIVIabrN1IzKynLFeo040h8hSGswd6YKDOVwjJY6Oa6EmVefZ +a8QSt4+M65RSzH6SEPY008F3nJUAK6MEkzTak+tFltZNrVWu8p2xd1j9nmxAwEhZ +/lgbxLqzYgaUWmfyHeZ8yVA0MhHzdiAL8nVUEdG3KecIq0RWCJLGLWWIjd6KAJl1 +yAmhRYKK/sjPDsL3elHsFACfZbyx3o5GGQNlas1FYoPLWbaNGaJtgFTF2QARAQAB +tCtQYWJsbyBHYWxpbmRvIFNhbGdhZG8gPHBhYmxvZ3NhbEBnbWFpbC5jb20+iQJO +BBMBCgA4FiEEoDXIwZIZuoIezqhrZOYo+NaEaW0FAlq+ToQCGwMFCwkIBwMFFQoJ +CAsFFgIDAQACHgECF4AACgkQZOYo+NaEaW2bmA/+PXIap2udLoUVOHxnsIBdqYwp +sv1Aj5lfIJmNhmxPbHShwp1Jg+w4urxe+2Dj5ofKVlIo1i83bQkvnKJMDXDVuc/K +P6zqhBJ3rT4Q3qx2mzX8bIfQoJ2JHuH4lkP+I7doDcHHRyeNASyk72VdQmU4twNw +Ibn8nSNV6ThKHdoPYzVnO2rZUFcGIqH5HNsvR+B7cc1MBCHsgURYwSVhSePIFGlZ +iasdBD6QQkDSe4QWi7AcJFWFElw4kbOKJWxAWsrEk+tMXJVGRjnmL289EmPCx/vx +BqKy7Mse0yWCSRR3vB+O6TB1S5SgEyEgqlYsfGNv1qf/rfRD4KkyCbNU3LhY1Aim +vJP4pDW+KFxTk2Ks8vrx8gOSd2aFqPeO/pFDrpsF7PD62XwsfoXu4xc5V0Giw7r1 +Nai0nax7kOrldNF8TbbtRjW0jmoC7wLIDujAkwDIOroZ0CXA3N4HVHdSbrHm/urX +nyxJXupXAQNwGx64JCBcbF2fp3Kvu1VAXBEFnd01KaopthHcbG5pA50Kl2Vhe+98 +OdezUX42fHkQpQkB7HgtXfm6W1bw6YRBamrNvs1OoHBYmUjlECpe566IIu25Hc8s +x3qA+6eca7iqizyLG+WyMT8ZIYTWGAS59jxwR4esqGczbbZPSAPHFwLbGv7Wr0Rd +TPu5B0FcKpDkTd4IxQW5Ag0EWr5O2gEQAMjLe4CtbSfofmJrz5wfNkMVsZ81Gbqe +MoYd3dtkJnQYERUj8flzBj3ucaxGJ+Cuf7ybh3naPopKvEI1q0vkcgCDqrEgXK// +jKJbP28uPSMGhOG28q4PbamG55gy5FtM3ezzAxPWWKe9qBpV65GMmFy7eBQx2iJs +yiDIOOQQ4kraS+cTqNFimEXAGLCOQRNLcwIZzwAAHoW7HEpNUfVwaBD9kMlbo1ND +I60IKcNrNcmcmRxhJqfxjj8YBMwcKHO6GBE3AVpaE/+UO9zyr4TH+0YuQUgxKlPW +Dkg5XlkDo0S1GyLY5e9ckIDIlkTdDa2pOkoE2yB5MQCEga3YiHrKUVTTWaxn9XVJ +6x5ZjUF6bgSWGkrG5dUqSYoO1iDMuNVjtiujNyf/rvfj5cNxS7/lgxchhQKZHZXL +WVqxlneeVJ6s0P4+ROVG9ga2Sve7aUJ6wXIewZwulBcV2sE/W/DgxHgLBi53CUQt +vEzFzKvo48GnDqL5VYjA7l0HMYHd4GksCLi8E8U6Cgj+imXiM8voL7pHRZfs8mY8 +udR+UT4e1Scl2MYP2qBJ9/17B/X52B3s1EZdqI/r+hfOyqrhPs+dbAN0mtMPn68+ +nrvY1+nscvrSYEP6ZBlc9Hp2mgJdb6IcTvINXBEeLRjgc3pjViva443pkiFp9Axm +ecOckMKP3uSlABEBAAGJBGwEGAEKACAWIQSgNcjBkhm6gh7OqGtk5ij41oRpbQUC +Wr5O2gIbAgJACRBk5ij41oRpbcF0IAQZAQoAHRYhBM/cokWxBDzypfl4Zf/odAQW +i9hHBQJavk7aAAoJEP/odAQWi9hHr7YP/RCLre1CmOoWYpAtoa1yVCeYMDV6eQgL +B488/BEZHQE1zbrYy16XkhORob3JF/kUMjmJW7XaFF8FrWvRcdj/xaUGbOOEulKg +v+8zWfswYQRiZ4/JlwER4vRLi6fTE89MVER6Fkj2ASD4D2cifY+EztD4flV3sq3s +vIogGFaN9IvdrdeptOVGXs1RmAyoTsiS2mKQ6xsGh8B9ZAm55W8fBOGiSzLX21Xk +Ofdw53BrFQxn3cu/JgIKpdeZxgukcvEAI62B6X+YL6Na4j0eqEGLzsNtU1+xeJlo +WtVvmRwnRHGSxF6fzIZ3mk/p/aFiXAEq/xITCTY6tDv7x7pFE/RpdlJZyNJ+R5Y4 +SQiuDsylxNCa/4G5EB6q+7iVYtbEQ9MnZg2phowEE42tlj0rz8/rvDK3LH3xibot +KHIodCWKlWByxH99u2PuHUQ0c1oCVBUE1KkruMpvI236DpU/dvdq4JLSg/fWrys/ +VIjqLZgsIE5g/KO9XqngWHkLcBLh4CNAmHJ8Iia+s+/rfgsejQWB5uJb6eYg2JjB +4WP1EI0rULM6fdrCNB+MJ36wE2Lnb4bfT0phOMgjjH5/Ki7ZCbkxkOsBs4SRjiS+ +weCsmpAtMqodWY/Cnw9pWSA/qLSRD5/mKeb9SO6OZ/OPfAatwnGHsvZ2sAueC6rR +04W5BfXZWrnJUXQP/id/EKE1Ksp5fKoxSCbkKTCig+Sf5Afwe36yFN+niZBqzn5b +BgL/HIKaZM97oDHersPPANeEgS+JVlBf95iKIYnQbZP43FLVbvOuaINhBIVtFO54 +2Y7EYwl41kP7ILDElVy36KAmdQyBAfrjnZiRA70xShOxApLug1L0lxhR3YfmLwNi +RJ0V6KnYDKf0pfdhO9VFyFFWUojX1usn2SmSsXNizsNtvRqHXzPnX0rbJzZ9+N4O +9k1nxygYFG/2R/jGonVmTjRzcAHrAkNJETMWXMA7/8wRMDwluz8j+cCldey9x8Vk +JwgLGnZSbQtVpcFAnm5r/36Gt+9wc1VWMyrUrVr6Z679aqAbG7PMaeR5h5ygMj1k +VqRTYAUPSk1f8bZKRssQkQwEbp9dVIjm9SsR8VT7/tB+UuB85dABxgHfv3psJRT+ +tL8g9V7kSZqQfcLNGmvEVvr2Zl9NtxwXtsFM2OBprxCenwb+e9Ppm1LjfJG/NE72 +mAnOERfDaiLt4bqNo36Ei5sGCJ4Fx61phzNBXzkdRNM47i8J5UZRKFkE91c99BVM +HKUaY61NRK24fR0zP98ftDU82YFw0VRFJpTeBrO5ivN1MlQxUPzUWxKxMxO+20wa +UOXroEw11Tb4SRLGOla1pCl6lCUPJRy9IzadPDgTr/OTMkob/snt/XLdnV5/uQIN +BFq+TvoBEAC8Oy1g6pPWBbrCMhIq7VWY2fjylJ1fwg5BPXkOKVK1dsGYO4QD7oW9 +L0aSqcFSNFGF9Cl0Ri4TFXZC3hnG4HeSXUWApuKdBLn21H3jba36Ay1oGcGfdm0v +Zght4c6BlMVBpGCw2wIkJbUNEy6InMM+O8CCbbaH3iJkJ4141P7pODHignx5AmZI +conMui4YOhC+IXQXynVEv1Juk7erB1Nh1RcRvsA4lb44HWx49lIwe85ejOmoZ0O3 +6f9NJRer6bV0+rHWmg4IV5Q9h/Gn4IhEDZxA0DZl1RQI7dMgaMbIFbXGq7Kgzstz +EUnOoy29hXodxVmwIsMrAiQUYtwJ9hW+ESsw47+W2iPHVgviGWl7r/SgcgMYmf6m +5kiTBtwU7BQPS9G3zwwP2Rm3AA/6g39Q+tQKjOwi1I8+GZsY2On44Zly7BreBNg5 +4gJgdAGcMOYU9etr050clH3UpTYcAEtX++ahtOKhJgLIPNcIAQNlnifqvU0VYpgw +R4YpZ7hgg+AVDzC73PIM0lFI0XiDuqChbxE+K1jmLXWe5iJF0dzgVTwP+PmsifNZ +Wg3+YxSsS+hDMPQ2xPiQN49gT4JJDHcDuyhHyCGYgyMiVJCsku9KrkubbfVRivyN +ZF2Zfo3f+nbrRxsftz0yjAq8byCvb0V0XOpt4pJ/ddlug9ytRxALNwARAQABiQI2 +BBgBCgAgFiEEoDXIwZIZuoIezqhrZOYo+NaEaW0FAlq+TvoCGwwACgkQZOYo+NaE +aW3urA//UQ/cKQ7HvWjcLphzQOZc+6m5YL0wxvZkSjemU7mqjZdpacteIvRAoers +EqXHc208liIBtNfRzoreXdcXNzie65xXkrRnWoHVH/fTWy4lOnHr2CMXLeHjUgg/ +M6PYi8+sARm05YFB8nsYhlhx3IdLhcfeVVbJedQKO0yL3CK1okT30DUVq5Lq6X/K +DC6AxuJR3D6UMSoT0WLaoX8qbhAp88qLynInfBVL18d97h916WPLTPeP0eHwhwND +bYtKDCMDuKQ9XX5+QsNH0RmbxlX274LHrUMMvkLKxcfCBvP+iuqrBeIuoeVzXYJZ +j7ZJtEH79bW44eecl/CY/STFYgSQ2XGTp2BI2q60wAmtKlNhwxY5ena0FgyFl6Tm +5OBHW/Pwo+ndQJGfbrCyWkTgRay9c8er3gl3GQYIBH6X0kCiG7h/Epj0b5CHOPU5 +hCw0kEB8MB4poTIjeiY+Q01472/lQ68CL3DX158hR5d3XaPSIxAN+qFsfB1o316p +yjxhfK1MD/IfrOgjlggPPnc/KmLkCzpgdwKcZwLCdZq9hYBvF1Zs34HbaVMYbWTK +uxLowtXGU43vatCXXqmPOvl4/g4tZD6rysJDgOrHQnEHzT+Napn07s0BRC0IbbNn +FynUrkr5KMSuRz7Hg7xMApENOrb0nqdHSUJ914ZpuMIS6RhJgGu5Ag0EWr5PIAEQ +ALfh9vPD2B+miHDTMADI8aRZ7g9tnzynZYkk3+2sCiiusetsQQ+HIPJ/ASEJB7On +ane9dyT/LTRhrK9qaxgVMimk2COXB/xyh7Mnw7nJgFU0aRSbtX0vbvQz2suSzrQ6 +9mPKzan28JGoClqB0bw1vwf3VjjxHV2dgD57CmqFPv7kAC/2a56dE+etzXattZAL ++2JWTpmfQ0ePRRadtBm0VahQhnU8x0+jvAVrEawqpVW83ozYFyW/0WInM2J7jHgQ +16OosY4lj5L/DxpVxaArhRFoRfWPXfC37iE8Mou/I95isvPQIhp1wTo4jG0KM02B +oIVbp/QRNBQ6WtpOzvJs1gqQiJJTfqbKJXQ3NDEY9crpVS83HJ+Zv99PNsyNkFjG +QpU84U3ZhsI4ygjdY45mpZueqI1RVcRQdu8Hgvoo/78Q/Sir6gMGop3mVdVo2guI +kFcJrXh0Xk3ech4aVqrmKx/mPXGwOAQU0DAul4RW3fKg1QxQE7Tlw3+95Ee/+q5j +HARL0uDbCJpRO8Sl8NDEuL32n/2Ot6kQeCSHrU7KJRYAkTxkKvr8zNow7hFhHFPE +SnHvTnskI6noh0VY6NwMhmLvhm0wKkRxZPzUNc3sgLvbK1NymIZ9aKCZamzhZrmG +vnblEz/OSLwGUua465H3hM1vvBQiartj7+6ZqWIkSmBPABEBAAGJAjYEGAEKACAW +IQSgNcjBkhm6gh7OqGtk5ij41oRpbQUCWr5PIAIbIAAKCRBk5ij41oRpbWmeEACG ++axtDC8UoNp9ORiYwEWLzZWDuugE+ah7DYYGD4Vs633FXVZW3SgM/bFtJ/0Lg8CF +74jI4LMHyIjDzEjcoItwnhBLix+kUoJTvrY58GPydwekLuw1p4KXLqtRs4fsZbNQ +YTknl4jYtRWoxO98x7tun7Gq2gqmJkIB2uj630fKz5cBk6p6oDFKjzyrHe+V7BiK +3okQPaD4x7hq8OnTy7lOy92ZZAqztS4tNEb4DkYW1MpuwsJ7hbBZitc1siI+FVVb +GjVVGZz6ssXoW67Tz8+VxdWJxNLXlv27eMcj4sme5S0th/YYNA5fRRv6zuzqZAru +YNGLpYYU7JLvZJ+3lCwa5j5ycOGBF0GvsGs6gj6h+CHkjR/BgzAgWC+GgUgslt6q +aH04rWtV6rVz+Y91LcrX5P6OM4anmXD3Gp3kl35AypXb4KyASF19+11RUziD4Z7q +wQEWfbwOltNyZv2lD8s2jPr7P02axWRQUbZAEhxRmvOQev/FZPyCF6gqUo/HxRbQ +y3bzmnipyHSv1DlXNfCFCHvN8kGyZnRWARqIKRg+j9ediJgOUqlLhg6KmrTVxd5v +3Dfv52PW2UODDTM20s3cQGuX/UswzMRwPI/+P44iCMwEKdm7duM/5oisZT9Vhy7g +P15MreFZLcZvUVgjqgy0u57cstyGK1Bo9e2sFcK2fA== +=6Zb4 +-----END PGP PUBLIC KEY BLOCK----- diff --git a/python311-rpmlintrc b/python311-rpmlintrc new file mode 100644 index 0000000..5b35f34 --- /dev/null +++ b/python311-rpmlintrc @@ -0,0 +1,3 @@ +addFilter("pem-certificate.*/usr/lib.*/python.*/test/*.pem") +addFilter("devel-file-in-non-devel-package.*/usr/lib.*/python.*/tests/*.c") +addFilter("devel-file-in-non-devel-package.*/usr/lib.*/python.*/test/*.cpp") diff --git a/python311.changes b/python311.changes new file mode 100644 index 0000000..0a5a4ea --- /dev/null +++ b/python311.changes @@ -0,0 +1,5510 @@ +------------------------------------------------------------------- +Tue Feb 4 14:43:13 UTC 2025 - Matej Cepl + +- Add CVE-2025-0938-sq-brackets-domain-names.patch which + disallows square brackets ([ and ]) in domain names for parsed + URLs (bsc#1236705, CVE-2025-0938, gh#python/cpython#105704) + +------------------------------------------------------------------- +Mon Jan 27 09:00:48 UTC 2025 - Daniel Garcia + +- Configure externally_managed with a bcond + https://en.opensuse.org/openSUSE:Python:Externally_managed + bsc#1228165 + +------------------------------------------------------------------- +Wed Dec 4 21:40:41 UTC 2024 - Matej Cepl + +- Update to 3.11.11: + - Tools/Demos + - gh-123418: Update GitHub CI workflows to use OpenSSL 3.0.15 + and multissltests to use 3.0.15, 3.1.7, and 3.2.3. + - Tests + - gh-125041: Re-enable skipped tests for zlib on the + s390x architecture: only skip checks of the compressed + bytes, which can be different between zlib’s software + implementation and the hardware-accelerated implementation. + - Security + - gh-126623: Upgrade libexpat to 2.6.4 + - gh-122792: Changed IPv4-mapped ipaddress.IPv6Address to + consistently use the mapped IPv4 address value for deciding + properties. Properties which have their behavior fixed are + is_multicast, is_reserved, is_link_local, is_global, and + is_unspecified. + - Library + - gh-124651: Properly quote template strings in venv + activation scripts (bsc#1232241, CVE-2024-9287). +- Removed upstreamed patches: + - CVE-2024-9287-venv_path_unquoted.patch + +------------------------------------------------------------------- +Tue Dec 3 08:21:35 UTC 2024 - John Paul Adrian Glaubitz + +- Add add-loongarch64-support.patch to support loongarch64 + +------------------------------------------------------------------- +Mon Dec 2 22:50:07 UTC 2024 - Matej Cepl + +- Fix changelog + +------------------------------------------------------------------- +Mon Nov 11 12:43:40 UTC 2024 - Daniel Garcia + +- Remove -IVendor/ from python-config boo#1231795 + +------------------------------------------------------------------- +Fri Nov 1 16:32:10 UTC 2024 - Matej Cepl + +- Add CVE-2024-9287-venv_path_unquoted.patch to properly quote + path names provided when creating a virtual environment + (bsc#1232241, CVE-2024-9287) + +------------------------------------------------------------------- +Wed Oct 2 16:18:29 UTC 2024 - Matej Cepl + +- Drop .pyc files from docdir for reproducible builds + (bsc#1230906). + +------------------------------------------------------------------- +Mon Sep 9 16:53:07 UTC 2024 - Matej Cepl + +- Update to 3.11.10: + - Security + - gh-123678: Upgrade libexpat to 2.6.3 + - gh-121957: Fixed missing audit events around interactive + use of Python, now also properly firing for ``python -i``, + as well as for ``python -m asyncio``. The event in question + is ``cpython.run_stdin``. + - gh-122133: Authenticate the socket connection for the + ``socket.socketpair()`` fallback on platforms where + ``AF_UNIX`` is not available like Windows. Patch by + Gregory P. Smith and Seth Larson + . Reported by Ellie + - gh-121285: Remove backtracking from tarfile header parsing + for ``hdrcharset``, PAX, and GNU sparse headers + (bsc#1230227, CVE-2024-6232). + - gh-118486: :func:`os.mkdir` on Windows now accepts + *mode* of ``0o700`` to restrict the new directory to + the current user. This fixes CVE-2024-4030 affecting + :func:`tempfile.mkdtemp` in scenarios where the base + temporary directory is more permissive than the default. + - gh-116741: Update bundled libexpat to 2.6.2 + - Library + - gh-123270: Applied a more surgical fix for malformed + payloads in :class:`zipfile.Path` causing infinite loops + (gh-122905) without breaking contents using legitimate + characters (bsc#1229704, CVE-2024-8088). + - gh-123067: Fix quadratic complexity in parsing ``"``-quoted + cookie values with backslashes by :mod:`http.cookies` + (bsc#1229596, CVE-2024-7592). + - gh-122905: :class:`zipfile.Path` objects now sanitize names + from the zipfile. + - gh-121650: :mod:`email` headers with embedded newlines are + now quoted on output. The :mod:`~email.generator` will now + refuse to serialize (write) headers that are unsafely folded + or delimited; see :attr:`~email.policy.Policy.verify_generated_headers`. + (Contributed by Bas Bloemsaat and Petr Viktorin in + :gh:`121650`; CVE-2024-6923, bsc#1228780). + - gh-119506: Fix :meth:`!io.TextIOWrapper.write` method + breaks internal buffer when the method is called again + during flushing internal buffer. + - gh-118643: Fix an AttributeError in the :mod:`email` module + when re-fold a long address list. Also fix more cases of + incorrect encoding of the address separator in the address + list. + - gh-113171: Fixed various false positives and false + negatives in * :attr:`ipaddress.IPv4Address.is_private` + (see these docs for details) * + :attr:`ipaddress.IPv4Address.is_global` * + :attr:`ipaddress.IPv6Address.is_private` * + :attr:`ipaddress.IPv6Address.is_global` Also in the + corresponding :class:`ipaddress.IPv4Network` and + :class:`ipaddress.IPv6Network` attributes. + Fixes bsc#1226448 (CVE-2024-4032). + - gh-102988: :func:`email.utils.getaddresses` and + :func:`email.utils.parseaddr` now return ``('', '')`` + 2-tuples in more situations where invalid email addresses + are encountered instead of potentially inaccurate + values. Add optional *strict* parameter to these two + functions: use ``strict=False`` to get the old behavior, + accept malformed inputs. ``getattr(email.utils, + 'supports_strict_parsing', False)`` can be use to check if + the *strict* paramater is available. Patch by Thomas Dwyer + and Victor Stinner to improve the CVE-2023-27043 fix + (bsc#1210638). + - gh-67693: Fix :func:`urllib.parse.urlunparse` and + :func:`urllib.parse.urlunsplit` for URIs with path starting + with multiple slashes and no authority. Based on patch by + Ashwin Ramaswami. + - Core and Builtins + - gh-112275: A deadlock involving ``pystate.c``'s + ``HEAD_LOCK`` in ``posixmodule.c`` at fork is now + fixed. Patch by ChuBoning based on previous Python 3.12 fix + by Victor Stinner. + - gh-109120: Added handle of incorrect star expressions, e.g + ``f(3, *)``. Patch by Grigoryev Semyon +- Removed upstreamed patches: + - CVE-2023-27043-email-parsing-errors.patch + - CVE-2024-4032-private-IP-addrs.patch + - CVE-2024-6923-email-hdr-inject.patch + - CVE-2024-8088-inf-loop-zipfile_Path.patch + (renamed from CVE-2024-8088-zipfile-Path-sanitization.patch) + - CVE-2024-6232-ReDOS-backtrack-tarfile.patch + - CVE-2024-7592-quad-complex-cookies.patch + +------------------------------------------------------------------- +Mon Sep 2 09:44:26 UTC 2024 - Matej Cepl + +- Add gh120226-fix-sendfile-test-kernel-610.patch to avoid + failing test_sendfile_close_peer_in_the_middle_of_receiving + tests on Linux >= 6.10 (GH-120227). + +------------------------------------------------------------------- +Wed Aug 28 16:54:34 UTC 2024 - Matej Cepl + +- Add CVE-2024-8088-inf-loop-zipfile_Path.patch to prevent + malformed payload to cause infinite loops in zipfile.Path + (bsc#1229704, CVE-2024-8088). + +------------------------------------------------------------------- +Wed Aug 7 12:12:42 UTC 2024 - Matej Cepl + +- Add CVE-2024-6923-email-hdr-inject.patch to prevent email + header injection due to unquoted newlines (bsc#1228780, + CVE-2024-6923). +- %{profileopt} variable is set according to the variable + %{do_profiling} (bsc#1227999) + +------------------------------------------------------------------- +Mon Jul 22 21:20:55 UTC 2024 - Matej Cepl + +- Remove %suse_update_desktop_file macro as it is not useful any + more. + +------------------------------------------------------------------- +Thu Jul 18 22:37:07 UTC 2024 - Matej Cepl + +- Adding bso1227999-reproducible-builds.patch fixing bsc#1227999 + adding reproducibility patches from gh#python/cpython!121872 + and gh#python/cpython!121883. + +------------------------------------------------------------------- +Mon Jul 15 12:14:05 UTC 2024 - Matej Cepl + +- Stop using %%defattr, it seems to be breaking proper executable + attributes on /usr/bin/ scripts (bsc#1227378). + +------------------------------------------------------------------- +Tue Jul 2 10:32:58 UTC 2024 - Daniel Garcia + +- Update F00251-change-user-install-location.patch to make pip and + modern tools install directly in /usr/local when used by the user. + bsc#1225660 + +------------------------------------------------------------------- +Tue Jun 25 21:57:40 UTC 2024 - Matej Cepl + +- Add CVE-2024-4032-private-IP-addrs.patch to fix bsc#1226448 + (CVE-2024-4032) rearranging definition of private v global IP + addresses. + +------------------------------------------------------------------- +Wed May 1 08:39:08 UTC 2024 - Matej Cepl + +- Update CVE-2023-52425-libexpat-2.6.0-backport.patch + so that it uses features sniffing, not just + comparing version number. Include also + support-expat-CVE-2022-25236-patched.patch. +- Add CVE-2023-52425-remove-reparse_deferral-tests.patch skipping + failing tests. +- Refresh patches: + - CVE-2023-27043-email-parsing-errors.patch + - fix_configure_rst.patch + - skip_if_buildbot-extend.patch +- Remove included patch: + - support-expat-CVE-2022-25236-patched.patch + +------------------------------------------------------------------- +Mon Apr 15 10:31:32 UTC 2024 - Daniel Garcia + +- Add CVE-2023-52425-libexpat-2.6.0-backport.patch to fix tests with + patched libexpat below 2.6.0 that doesn't update the version number, + just in SLE. + +------------------------------------------------------------------- +Mon Apr 8 05:44:04 UTC 2024 - Daniel Garcia + +- Remove not needed upstream patches: + * libexpat260.patch + * CVE-2023-6597-TempDir-cleaning-symlink.patch, bsc#1219666 + * CVE-2024-0397-memrace_ssl.SSLContext_cert_store.patch + +- Update to 3.11.9: + * Security + - gh-115398: Allow controlling Expat >=2.6.0 reparse deferral + (CVE-2023-52425, bsc#1219559) by adding five new methods: + xml.etree.ElementTree.XMLParser.flush() + xml.etree.ElementTree.XMLPullParser.flush() + xml.parsers.expat.xmlparser.GetReparseDeferralEnabled() + xml.parsers.expat.xmlparser.SetReparseDeferralEnabled() + xml.sax.expatreader.ExpatParser.flush() + - gh-115399: Update bundled libexpat to 2.6.0 + - gh-115243: Fix possible crashes in collections.deque.index() + when the deque is concurrently modified. + - gh-114572: ssl.SSLContext.cert_store_stats() and + ssl.SSLContext.get_ca_certs() now correctly lock access to the + certificate store, when the ssl.SSLContext is shared across + multiple threads (bsc#1226447, CVE-2024-0397). + * Core and Builtins + - gh-116296: Fix possible refleak in object.__reduce__() internal + error handling. + - gh-116034: Fix location of the error on a failed assertion. + - gh-115823: Properly calculate error ranges in the parser when + raising SyntaxError exceptions caused by invalid byte sequences. + Patch by Pablo Galindo + - gh-112087: For an empty reverse iterator for list will be + reduced to reversed(). Patch by Donghee Na. + - gh-115011: Setters for members with an unsigned integer type now + support the same range of valid values for objects that has a + __index__() method as for int. + - gh-96497: Fix incorrect resolution of mangled class variables + used in assignment expressions in comprehensions. + * Library + - gh-117310: Fixed an unlikely early & extra Py_DECREF triggered + crash in ssl when creating a new _ssl._SSLContext if CPython was + built implausibly such that the default cipher list is empty or + the SSL library it was linked against reports a failure from its + C SSL_CTX_set_cipher_list() API. + - gh-117178: Fix regression in lazy loading of self-referential + modules, introduced in gh-114781. + - gh-117084: Fix zipfile extraction for directory entries with the + name containing backslashes on Windows. + - gh-117110: Fix a bug that prevents subclasses of typing.Any to + be instantiated with arguments. Patch by Chris Fu. + - gh-90872: On Windows, subprocess.Popen.wait() no longer calls + WaitForSingleObject() with a negative timeout: pass 0 ms if the + timeout is negative. Patch by Victor Stinner. + - gh-116957: configparser: Don’t leave ConfigParser values in an + invalid state (stored as a list instead of a str) after an + earlier read raised DuplicateSectionError or + DuplicateOptionError. + - gh-90095: Ignore empty lines and comments in .pdbrc + - gh-116764: Restore support of None and other false values in + urllib.parse functions parse_qs() and parse_qsl(). Also, they + now raise a TypeError for non-zero integers and non-empty + sequences. + - gh-116811: In PathFinder.invalidate_caches, delegate to + MetadataPathFinder.invalidate_caches. + - gh-116600: Fix repr() for global Flag members. + - gh-116484: Change automatically generated tkinter.Checkbutton + widget names to avoid collisions with automatically generated + tkinter.ttk.Checkbutton widget names within the same parent + widget. + - gh-116401: Fix blocking os.fwalk() and shutil.rmtree() on + opening named pipe. + - gh-116143: Fix a race in pydoc _start_server, eliminating a + window in which _start_server can return a thread that is + “serving” but without a docserver set. + - gh-116325: typing: raise SyntaxError instead of AttributeError + on forward references as empty strings. + - gh-90535: Fix support of interval values > 1 in + logging.TimedRotatingFileHandler for when='MIDNIGHT' and + when='Wx'. + - gh-115978: Disable preadv(), readv(), pwritev(), and writev() on + WASI. + - Under wasmtime for WASI 0.2, these functions don’t pass + test_posix + (https://github.com/bytecodealliance/wasmtime/issues/7830). + - gh-88352: Fix the computation of the next rollover time in the + logging.TimedRotatingFileHandler handler. computeRollover() now + always returns a timestamp larger than the specified time and + works correctly during the DST change. doRollover() no longer + overwrite the already rolled over file, saving from data loss + when run at midnight or during repeated time at the DST change. + - gh-87115: Set __main__.__spec__ to None when running a script + with pdb + - gh-76511: Fix UnicodeEncodeError in email.Message.as_string() + that results when a message that claims to be in the ascii + character set actually has non-ascii characters. Non-ascii + characters are now replaced with the U+FFFD replacement + character, like in the replace error handler. + - gh-75988: Fixed unittest.mock.create_autospec() to pass the call + through to the wrapped object to return the real result. + - gh-115881: Fix issue where ast.parse() would incorrectly flag + conditional context managers (such as with (x() if y else z()): + ...) as invalid syntax if feature_version=(3, 8) was passed. + This reverts changes to the grammar made as part of gh-94949. + - gh-115886: Fix silent truncation of the name with an embedded + null character in multiprocessing.shared_memory.SharedMemory. + - gh-115809: Improve algorithm for computing which rolled-over log + files to delete in logging.TimedRotatingFileHandler. It is now + reliable for handlers without namer and with arbitrary + deterministic namer that leaves the datetime part in the file + name unmodified. + - gh-74668: urllib.parse functions parse_qs() and parse_qsl() now + support bytes arguments containing raw and percent-encoded + non-ASCII data. + - gh-67044: csv.writer() now always quotes or escapes '\r' and + '\n', regardless of lineterminator value. + - gh-115712: csv.writer() now quotes empty fields if delimiter is + a space and skipinitialspace is true and raises exception if + quoting is not possible. + - gh-115618: Fix improper decreasing the reference count for None + argument in property methods getter(), setter() and deleter(). + - gh-115570: A DeprecationWarning is no longer omitted on access + to the __doc__ attributes of the deprecated typing.io and + typing.re pseudo-modules. + - gh-112006: Fix inspect.unwrap() for types with the __wrapper__ + data descriptor. + - gh-101293: Support callables with the __call__() method and + types with __new__() and __init__() methods set to class + methods, static methods, bound methods, partial functions, and + other types of methods and descriptors in + inspect.Signature.from_callable(). + - gh-115392: Fix a bug in doctest where incorrect line numbers + would be reported for decorated functions. + - gh-114563: Fix several format() bugs when using the C + implementation of Decimal: * memory leak in some rare cases when + using the z format option (coerce negative 0) * incorrect output + when applying the z format option to type F (fixed-point with + capital NAN / INF) * incorrect output when applying the # format + option (alternate form) + - gh-115197: urllib.request no longer resolves the hostname before + checking it against the system’s proxy bypass list on macOS and + Windows. + - gh-115198: Fix support of Docutils >= 0.19 in distutils. + - gh-115165: Most exceptions are now ignored when attempting to + set the __orig_class__ attribute on objects returned when + calling typing generic aliases (including generic aliases + created using typing.Annotated). Previously only AttributeError + was ignored. Patch by Dave Shawley. + - gh-115133: Fix tests for XMLPullParser with Expat 2.6.0. + - gh-115059: io.BufferedRandom.read1() now flushes the underlying + write buffer. + - gh-79382: Trailing ** no longer allows to match files and + non-existing paths in recursive glob(). + - gh-114763: Protect modules loaded with importlib.util.LazyLoader + from race conditions when multiple threads try to access + attributes before the loading is complete. + - gh-97959: Fix rendering class methods, bound methods, method and + function aliases in pydoc. Class methods no longer have “method + of builtins.type instance” note. Corresponding notes are now + added for class and unbound methods. Method and function aliases + now have references to the module or the class where the origin + was defined if it differs from the current. Bound methods are + now listed in the static methods section. Methods of builtin + classes are now supported as well as methods of Python classes. + - gh-112281: Allow creating union of types for typing.Annotated + with unhashable metadata. + - gh-111775: Fix importlib.resources.simple.ResourceHandle.open() + for text mode, added missed stream argument. + - gh-90095: Make .pdbrc and -c work with any valid pdb commands. + - gh-107155: Fix incorrect output of help(x) where x is a lambda + function, which has an __annotations__ dictionary attribute with + a "return" key. + - gh-105866: Fixed _get_slots bug which caused error when defining + dataclasses with slots and a weakref_slot. + - gh-60346: Fix ArgumentParser inconsistent with parse_known_args. + - gh-100985: Update HTTPSConnection to consistently wrap IPv6 + Addresses when using a proxy. + - gh-100884: email: fix misfolding of comma in address-lists over + multiple lines in combination with unicode encoding. + - gh-95782: Fix io.BufferedReader.tell(), + io.BufferedReader.seek(), _pyio.BufferedReader.tell(), + io.BufferedRandom.tell(), io.BufferedRandom.seek() and + _pyio.BufferedRandom.tell() being able to return negative + offsets. + - gh-96310: Fix a traceback in argparse when all options in a + mutually exclusive group are suppressed. + - gh-93205: Fixed a bug in + logging.handlers.TimedRotatingFileHandler where multiple + rotating handler instances pointing to files with the same name + but different extensions would conflict and not delete the + correct files. + - bpo-44865: Add missing call to localization function in + argparse. + - bpo-43952: Fix multiprocessing.connection.Listener.accept() to + accept empty bytes as authkey. Not accepting empty bytes as key + causes it to hang indefinitely. + - bpo-42125: linecache: get module name from __spec__ if + available. This allows getting source code for the __main__ + module when a custom loader is used. + - gh-66543: Make mimetypes.guess_type() properly parsing of URLs + with only a host name, URLs containing fragment or query, and + filenames with only a UNC sharepoint on Windows. Based on patch + by Dong-hee Na. + - bpo-33775: Add ‘default’ and ‘version’ help text for + localization in argparse. + * Documentation + - gh-115399: Document CVE-2023-52425 of Expat <2.6.0 under “XML + vulnerabilities”. + - gh-115233: Fix an example for LoggerAdapter in the Logging + Cookbook. + * Tests + - gh-83434: Disable JUnit XML output (--junit-xml=FILE command + line option) in regrtest when hunting for reference leaks (-R + option). Patch by Victor Stinner. + - gh-117187: Fix XML tests for vanilla Expat <2.6.0. + - gh-115979: Update test_importlib so that it passes under WASI + SDK 21. + - gh-116307: Added import helper isolated_modules as CleanImport + does not remove modules imported during the context. + - gh-115720: Leak tests (-R, --huntrleaks) now show a summary of + the number of leaks found in each iteration. + - gh-115122: Add --bisect option to regrtest test runner: run + failed tests with test.bisect_cmd to identify failing tests. + Patch by Victor Stinner. + - gh-115596: Fix ProgramPriorityTests in test_os permanently + changing the process priority. + - gh-115198: Fix test_check_metadata_deprecate in distutils tests + with a newer Docutils. + * Build + - gh-116313: Get WASI builds to work under wasmtime 18 w/ WASI + 0.2/preview2 primitives. + - gh-115167: Avoid vendoring vcruntime140_threads.dll when + building with Visual Studio 2022 version 17.8. + * Windows + - gh-116773: Fix instances of <_overlapped.Overlapped object at + 0xXXX> still has pending operation at deallocation, the process + may crash. + - gh-91227: Fix the asyncio ProactorEventLoop implementation so + that sending a datagram to an address that is not listening does + not prevent receiving any more datagrams. + - gh-115554: The installer now has more strict rules about + updating the Python Launcher for Windows. In general, most users + only have a single launcher installed and will see no + difference. When multiple launchers have been installed, the + option to install the launcher is disabled until all but one + have been removed. Downgrading the launcher (which was never + allowed) is now more obviously blocked. + - gh-115543: Python Launcher for Windows can now detect Python + 3.13 when installed from the Microsoft Store, and will install + Python 3.12 by default when PYLAUNCHER_ALLOW_INSTALL is set. + - gh-115009: Update Windows installer to use SQLite 3.45.1. + * IDLE + - gh-88516: On macOS show a proxy icon in the title bar of editor + windows to match platform behaviour. + * Tools/Demos + - gh-113516: Don’t set LDSHARED when building for WASI. + * C API + - gh-117021: Fix integer overflow in PyLong_AsPid() on non-Windows + 64-bit platforms. + +------------------------------------------------------------------- +Sun Mar 24 07:51:45 UTC 2024 - Matej Cepl + +- Add reference to CVE-2024-0450 (bsc#1221854) to changelog. + +------------------------------------------------------------------- +Fri Mar 22 21:22:27 UTC 2024 - Matej Cepl + +- Because of bsc#1189495 we have to revert use of %autopatch. + +------------------------------------------------------------------- +Tue Mar 12 08:44:47 UTC 2024 - Matej Cepl + +- Rewrite %prep to use %autosetup et al. for compatibility with + rpm 4.20. + +------------------------------------------------------------------- +Tue Mar 12 08:13:34 UTC 2024 - Matej Cepl + +- bsc#1221260 add bsc1221260-test_asyncio-ResourceWarning.patch + to eliminate ResourceWarning which broke the test suite in + test_asyncio. + +------------------------------------------------------------------- +Wed Mar 6 14:13:58 UTC 2024 - Pedro Monreal + +- Use the system-wide crypto-policies [bsc#1211301] + * Use the system default cipher list instead of hardcoded values + * Add the --with-ssl-default-suites=openssl configure option + +------------------------------------------------------------------- +Fri Feb 23 01:06:42 UTC 2024 - Matej Cepl + +- (bsc#1219666, CVE-2023-6597) Add + CVE-2023-6597-TempDir-cleaning-symlink.patch (patch from + gh#python/cpython!99930) fixing symlink bug in cleanup of + tempfile.TemporaryDirectory. + +------------------------------------------------------------------- +Tue Feb 20 22:14:02 UTC 2024 - Matej Cepl + +- Remove double definition of /usr/bin/idle%%{version} in + %%files. + +------------------------------------------------------------------- +Thu Feb 15 10:29:07 UTC 2024 - Daniel Garcia + +- Add upstream patch libexpat260.patch, Fix tests for XMLPullParser + with Expat 2.6.0, gh#python/cpython#115289 + +------------------------------------------------------------------- +Thu Feb 8 07:27:40 UTC 2024 - Daniel Garcia + +- Update to 3.11.8: + - Security + - gh-113659: Skip .pth files with names starting with a dot or + hidden file attribute. + - Core and Builtins + - gh-114887: Changed socket type validation in + create_datagram_endpoint() to accept all non-stream sockets. + This fixes a regression in compatibility with raw sockets. + - gh-114388: Fix a RuntimeWarning emitted when assign an + integer-like value that is not an instance of int to an + attribute that corresponds to a C struct member of type T_UINT + and T_ULONG. Fix a double RuntimeWarning emitted when assign a + negative integer value to an attribute that corresponds to a C + struct member of type T_UINT. + - gh-89811: Check for a valid tp_version_tag before performing + bytecode specializations that rely on this value being usable. + - gh-113602: Fix an error that was causing the parser to try to + overwrite existing errors and crashing in the process. Patch by + Pablo Galindo + - gh-113566: Fix a 3.11-specific crash when the repr of a Future + is requested after the module has already been + garbage-collected. + - gh-106905: Use per AST-parser state rather than global state to + track recursion depth within the AST parser to prevent potential + race condition due to simultaneous parsing. + - The issue primarily showed up in 3.11 by multithreaded users of + ast.parse(). In 3.12 a change to when garbage collection can be + triggered prevented the race condition from occurring. + - gh-112716: Fix SystemError in the import statement and in + __reduce__() methods of builtin types when __builtins__ is not a + dict. + - gh-105967: Workaround a bug in Apple’s macOS platform zlib + library where zlib.crc32() and binascii.crc32() could produce + incorrect results on multi-gigabyte inputs. Including when using + zipfile on zips containing large data. + - gh-94606: Fix UnicodeEncodeError when + email.message.get_payload() reads a message with a Unicode + surrogate character and the message content is not well-formed + for surrogateescape encoding. Patch by Sidney Markowitz. + - Library + - gh-114965: Update bundled pip to 24.0 + - gh-114959: tarfile no longer ignores errors when trying to + extract a directory on top of a file. + - gh-109475: Fix support of explicit option value “–” in argparse + (e.g. --option=--). + - gh-110190: Fix ctypes structs with array on Windows ARM64 + platform by setting MAX_STRUCT_SIZE to 32 in stgdict. Patch by + Diego Russo + - gh-113280: Fix a leak of open socket in rare cases when error + occurred in ssl.SSLSocket creation. + - gh-77749: email.policy.EmailPolicy.fold() now always encodes + non-ASCII characters in headers if utf8 is false. + - gh-114492: Make the result of termios.tcgetattr() reproducible + on Alpine Linux. Previously it could leave a random garbage in + some fields. + - gh-75128: Ignore an OSError in + asyncio.BaseEventLoop.create_server() when IPv6 is available but + the interface cannot actually support it. + - gh-114257: Dismiss the FileNotFound error in + ctypes.util.find_library() and just return None on Linux. + - gh-101438: Avoid reference cycle in ElementTree.iterparse. The + iterator returned by ElementTree.iterparse may hold on to a file + descriptor. The reference cycle prevented prompt clean-up of the + file descriptor if the returned iterator was not exhausted. + - gh-104522: OSError raised when run a subprocess now only has + filename attribute set to cwd if the error was caused by a + failed attempt to change the current directory. + - gh-109534: Fix a reference leak in + asyncio.selector_events.BaseSelectorEventLoop when SSL + handshakes fail. Patch contributed by Jamie Phan. + - gh-114077: Fix possible OverflowError in + socket.socket.sendfile() when pass count larger than 2 GiB on + 32-bit platform. + - gh-114014: Fixed a bug in fractions.Fraction where an invalid + string using d in the decimals part creates a different error + compared to other invalid letters/characters. Patch by Jeremiah + Gabriel Pascual. + - gh-113951: Fix the behavior of tag_unbind() methods of + tkinter.Text and tkinter.Canvas classes with three arguments. + Previously, widget.tag_unbind(tag, sequence, funcid) destroyed + the current binding for sequence, leaving sequence unbound, and + deleted the funcid command. Now it removes only funcid from the + binding for sequence, keeping other commands, and deletes the + funcid command. It leaves sequence unbound only if funcid was + the last bound command. + - gh-113877: Fix tkinter method winfo_pathname() on 64-bit + Windows. + - gh-113781: Silence unraisable AttributeError when warnings are + emitted during Python finalization. + - gh-113594: Fix UnicodeEncodeError in email when re-fold lines + that contain unknown-8bit encoded part followed by + non-unknown-8bit encoded part. + - gh-113538: In asyncio.StreamReaderProtocol.connection_made(), + there is callback that logs an error if the task wrapping the + “connected callback” fails. This callback would itself fail if + the task was cancelled. Prevent this by checking whether the + task was cancelled first. If so, close the transport but don’t + log an error. + - gh-85567: Fix resource warnings for unclosed files in pickle and + pickletools command line interfaces. + - gh-101225: Increase the backlog for + multiprocessing.connection.Listener objects created by + multiprocessing.manager and multiprocessing.resource_sharer to + significantly reduce the risk of getting a connection refused + error when creating a multiprocessing.connection.Connection to + them. + - gh-113543: Make sure that webbrowser.MacOSXOSAScript sends + webbrowser.open audit event. + - gh-113028: When a second reference to a string appears in the + input to pickle, and the Python implementation is in use, we are + guaranteed that a single copy gets pickled and a single object + is shared when reloaded. Previously, in protocol 0, when a + string contained certain characters (e.g. newline) it resulted + in duplicate objects. + - gh-113421: Fix multiprocessing logger for %(filename)s. + - gh-113358: Fix rendering tracebacks for exceptions with a broken + __getattr__. + - gh-113214: Fix an AttributeError during asyncio SSL protocol + aborts in SSL-over-SSL scenarios. + - gh-113246: Update bundled pip to 23.3.2. + - gh-113199: Make http.client.HTTPResponse.read1 and + http.client.HTTPResponse.readline close IO after reading all + data when content length is known. Patch by Illia Volochii. + - gh-113188: Fix shutil.copymode() and shutil.copystat() on + Windows. Previously they worked differenly if dst is a symbolic + link: they modified the permission bits of dst itself rather + than the file it points to if follow_symlinks is true or src is + not a symbolic link, and did not modify the permission bits if + follow_symlinks is false and src is a symbolic link. + - gh-61648: Detect line numbers of properties in doctests. + - gh-112559: signal.signal() and signal.getsignal() no longer call + repr on callable handlers. asyncio.run() and + asyncio.Runner.run() no longer call repr on the task results. + Patch by Yilei Yang. + - gh-110190: Fix ctypes structs with array on PPC64LE platform by + setting MAX_STRUCT_SIZE to 64 in stgdict. Patch by Diego Russo. + - gh-79429: Ignore FileNotFoundError when remove a temporary + directory in the multiprocessing finalizer. + - gh-79325: Fix an infinite recursion error in + tempfile.TemporaryDirectory() cleanup on Windows. + - gh-110190: Fix ctypes structs with array on Arm platform by + setting MAX_STRUCT_SIZE to 32 in stgdict. Patch by Diego Russo. + - gh-81194: Fix a crash in socket.if_indextoname() with specific + value (UINT_MAX). Fix an integer overflow in + socket.if_indextoname() on 64-bit non-Windows platforms. + - gh-75666: Fix the behavior of tkinter widget’s unbind() method + with two arguments. Previously, widget.unbind(sequence, funcid) + destroyed the current binding for sequence, leaving sequence + unbound, and deleted the funcid command. Now it removes only + funcid from the binding for sequence, keeping other commands, + and deletes the funcid command. It leaves sequence unbound only + if funcid was the last bound command. + - gh-110345: Show the Tcl/Tk patchlevel (rather than version) in + tkinter._test(). + - gh-109858: Protect zipfile from “quoted-overlap” zipbomb. It now + raises BadZipFile when try to read an entry that overlaps with + other entry or central directory (bsc#1221854, CVE-2024-0450). + - gh-38807: Fix race condition in trace. Instead of checking if a + directory exists and creating it, directly call os.makedirs() + with the kwarg exist_ok=True. + - gh-75705: Set unixfrom envelope in mailbox.mbox and + mailbox.MMDF. + - gh-105102: Allow ctypes.Union to be nested in ctypes.Structure + when the system endianness is the opposite of the classes. + - gh-104282: Fix null pointer dereference in + lzma._decode_filter_properties() due to improper handling of BCJ + filters with properties of zero length. Patch by Radislav + Chugunov. + - gh-102512: When os.fork() is called from a foreign thread (aka + _DummyThread), the type of the thread in a child process is + changed to _MainThread. Also changed its name and daemonic + status, it can be now joined. + - gh-91133: Fix a bug in tempfile.TemporaryDirectory cleanup, + which now no longer dereferences symlinks when working around + file system permission errors. + - bpo-43153: On Windows, tempfile.TemporaryDirectory previously + masked a PermissionError with NotADirectoryError during + directory cleanup. It now correctly raises PermissionError if + errors are not ignored. Patch by Andrei Kulakov and Ken Jin. + - bpo-35332: The shutil.rmtree() function now ignores errors when + calling os.close() when ignore_errors is True, and os.close() no + longer retried after error. + - bpo-35928: io.TextIOWrapper now correctly handles the decoding + buffer after read() and write(). + - bpo-26791: shutil.move() now moves a symlink into a directory + when that directory is the target of the symlink. This provides + the same behavior as the mv shell command. The previous behavior + raised an exception. Patch by Jeffrey Kintscher. + - bpo-36959: Fix some error messages for invalid ISO format string + combinations in strptime() that referred to directives not + contained in the format string. Patch by Gordon P. Hemsley. + - bpo-18060: Fixed a class inheritance issue that can cause + segfaults when deriving two or more levels of subclasses from a + base class of Structure or Union. + - Documentation + - gh-110746: Improved markup for valid options/values for methods + ttk.treeview.column and ttk.treeview.heading, and for Layouts. + - gh-95649: Document that the asyncio module contains code taken + from v0.16.0 of the uvloop project, as well as the required MIT + licensing information. + - Tests + - gh-109980: Fix test_tarfile_vs_tar in test_shutil for macOS, + where system tar can include more information in the archive + than shutil.make_archive. + - gh-112769: The tests now correctly compare zlib version when + zlib.ZLIB_RUNTIME_VERSION contains non-integer suffixes. For + example zlib-ng defines the version as 1.3.0.zlib-ng. + - gh-105089: Fix + test.test_zipfile.test_core.TestWithDirectory.test_create_directory_with_write + test in AIX by doing a bitwise AND of 0xFFFF on mode , so that + it will be in sync with zinfo.external_attr + - bpo-40648: Test modes that file can get with chmod() on Windows. + - Build + - gh-101778: Fix build error when there’s a dangling symlink in + the directory containing ffi.h. + - gh-112305: Fixed the check-clean-src step performed on out of + tree builds to detect errant $(srcdir)/Python/frozen_modules/*.h + files and recommend appropriate source tree cleanup steps to get + a working build again. + - bpo-11102: The os.major(), os.makedev(), and os.minor() + functions are now available on HP-UX v3. + - bpo-36351: Do not set ipv6type when cross-compiling. + - IDLE + - gh-96905: In idlelib code, stop redefining built-ins ‘dict’ and + ‘object’. + - gh-72284: Improve the lists of features, editor key bindings, + and shell key bingings in the IDLE doc. + - gh-113903: Fix rare failure of test.test_idle, in + test_configdialog. + - gh-113729: Fix the “Help -> IDLE Doc” menu bug in 3.11.7 and + 3.12.1. + - gh-113269: Fix test_editor hang on macOS Catalina. + - gh-112898: Fix processing unsaved files when quitting IDLE on + macOS. + - gh-103820: Revise IDLE bindings so that events from mouse button + 4/5 on non-X11 windowing systems (i.e. Win32 and Aqua) are not + mistaken for scrolling. + - bpo-13586: Enter the selected text when opening the “Replace” + dialog. + - Tools/Demos + - gh-109991: Update GitHub CI workflows to use OpenSSL 3.0.13 and + multissltests to use 1.1.1w, 3.0.13, 3.1.5, and 3.2.1. + - gh-115015: Fix a bug in Argument Clinic that generated incorrect + code for methods with no parameters that use the METH_METHOD | + METH_FASTCALL | METH_KEYWORDS calling convention. Only the + positional parameter count was checked; any keyword argument + passed would be silently accepted. +- Remove upstreamed patches: + - CVE-2024-0450-zipfile-avoid-quoted-overlap-zipbomb.patch +- Refresh all patches: + - CVE-2023-27043-email-parsing-errors.patch + - F00251-change-user-install-location.patch + - bpo-31046_ensurepip_honours_prefix.patch + - distutils-reproducible-compile.patch + - fix_configure_rst.patch + - python-3.3.0b1-fix_date_time_compiler.patch + - python-3.3.0b1-localpath.patch + - python-3.3.0b1-test-posix_fadvise.patch + - skip_if_buildbot-extend.patch + - subprocess-raise-timeout.patch + - support-expat-CVE-2022-25236-patched.patch + +------------------------------------------------------------------- +Tue Dec 19 16:34:50 UTC 2023 - Daniel Garcia + +- Update patch fix_configure_rst.patch +- Update to 3.11.7: + - Core and Builtins + - gh-112625: Fixes a bug where a bytearray object could be cleared + while iterating over an argument in the bytearray.join() method + that could result in reading memory after it was freed. + - gh-112388: Fix an error that was causing the parser to try to + overwrite tokenizer errors. Patch by pablo Galindo + - gh-112387: Fix error positions for decoded strings with + backwards tokenize errors. Patch by Pablo Galindo + - gh-112266: Change docstrings of __dict__ and __weakref__. + - gh-109181: Speed up Traceback object creation by lazily compute + the line number. Patch by Pablo Galindo + - gh-102388: Fix a bug where iso2022_jp_3 and iso2022_jp_2004 + codecs read out of bounds + - gh-111366: Fix an issue in the codeop that was causing + SyntaxError exceptions raised in the presence of invalid syntax + to not contain precise error messages. Patch by Pablo Galindo + - gh-111380: Fix a bug that was causing SyntaxWarning to appear + twice when parsing if invalid syntax is encountered later. Patch + by Pablo galindo + - gh-88116: Traceback location ranges involving wide unicode + characters (like emoji and asian characters) now are properly + highlighted. Patch by Batuhan Taskaya and Pablo Galindo. + - gh-94438: Fix a regression that prevented jumping across is None + and is not None when debugging. Patch by Savannah Ostrowski. + - gh-110696: Fix incorrect error message for invalid argument + unpacking. Patch by Pablo Galindo + - gh-110237: Fix missing error checks for calls to PyList_Append + in _PyEval_MatchClass. + - gh-109216: Fix possible memory leak in BUILD_MAP. + + - Library + - gh-112618: Fix a caching bug relating to typing.Annotated. + Annotated[str, True] is no longer identical to Annotated[str, + 1]. + - gh-112509: Fix edge cases that could cause a key to be present + in both the __required_keys__ and __optional_keys__ attributes + of a typing.TypedDict. Patch by Jelle Zijlstra. + - gh-94722: Fix bug where comparison between instances of DocTest + fails if one of them has None as its lineno. + - gh-112105: Make readline.set_completer_delims() work with + libedit + - gh-111942: Fix SystemError in the TextIOWrapper constructor with + non-encodable “errors” argument in non-debug mode. + - gh-109538: Issue warning message instead of having RuntimeError + be displayed when event loop has already been closed at + StreamWriter.__del__(). + - gh-111942: Fix crashes in io.TextIOWrapper.reconfigure() when + pass invalid arguments, e.g. non-string encoding. + - gh-111804: Remove posix.fallocate() under WASI as the underlying + posix_fallocate() is not available in WASI preview2. + - gh-111841: Fix truncating arguments on an embedded null + character in os.putenv() and os.unsetenv() on Windows. + - gh-111541: Fix doctest for SyntaxError not-builtin subclasses. + - gh-110894: Call loop exception handler for exceptions in + client_connected_cb of asyncio.start_server() so that + applications can handle it. Patch by Kumar Aditya. + - gh-111531: Fix reference leaks in bind_class() and bind_all() + methods of tkinter widgets. + - gh-111356: Added io.text_encoding(), io.DEFAULT_BUFFER_SIZE, and + io.IncrementalNewlineDecoder to io.__all__. + - gh-68166: Remove mention of not supported “vsapi” element type + in tkinter.ttk.Style.element_create(). Add tests for + element_create() and other ttk.Style methods. Add examples for + element_create() in the documentation. + - gh-111251: Fix _blake2 not checking for errors when + initializing. + - gh-111174: Fix crash in io.BytesIO.getbuffer() called repeatedly + for empty BytesIO. + - gh-111187: Postpone removal version for + locale.getdefaultlocale() to Python 3.15. + - gh-111159: Fix doctest output comparison for exceptions with + notes. + - gh-110910: Fix invalid state handling in asyncio.TaskGroup and + asyncio.Timeout. They now raise proper RuntimeError if they are + improperly used and are left in consistent state after this. + - gh-111092: Make turtledemo run without default root enabled. + - gh-110590: Fix a bug in _sre.compile() where TypeError would be + overwritten by OverflowError when the code argument was a list + of non-ints. + - gh-65052: Prevent pdb from crashing when trying to display + undisplayable objects + - gh-110519: Deprecation warning about non-integer number in + gettext now alwais refers to the line in the user code where + gettext function or method is used. Previously it could refer to + a line in gettext code. + - gh-110378: contextmanager() and asynccontextmanager() context + managers now close an invalid underlying generator object that + yields more then one value. + - gh-110365: Fix termios.tcsetattr() bug that was overwritting + existing errors during parsing integers from term list. + - gh-110196: Add __reduce__ method to IPv6Address in order to keep + scope_id + - gh-109747: Improve errors for unsupported look-behind patterns. + Now re.error is raised instead of OverflowError or RuntimeError + for too large width of look-behind pattern. + - gh-109786: Fix possible reference leaks and crash when re-enter + the __next__() method of itertools.pairwise. + - gh-108791: Improved error handling in pdb command line + interface, making it produce more concise error messages. + - gh-73561: Omit the interface scope from an IPv6 address when + used as Host header by http.client. + - gh-86826: zipinfo now supports the full range of values in the + TZ string determined by RFC 8536 and detects all invalid + formats. Both Python and C implementations now raise exceptions + of the same type on invalid data. + - bpo-41422: Fixed memory leaks of pickle.Pickler and + pickle.Unpickler involving cyclic references via the internal + memo mapping. + - bpo-40262: The ssl.SSLSocket.recv_into() method no longer + requires the buffer argument to implement __len__ and supports + buffers with arbitrary item size. + - bpo-35191: Fix unexpected integer truncation in + socket.setblocking() which caused it to interpret multiples of + 2**32 as False. + + - Documentation + - gh-108826: dis module command-line interface is now mentioned in + documentation. + + - Tests + - gh-110367: Make regrtest --verbose3 option compatible with + --huntrleaks -jN options. The ./python -m test -j1 -R 3:3 + --verbose3 command now works as expected. Patch by Victor + Stinner. + - gh-111309: distutils tests can now be run via unittest. + - gh-111165: Remove no longer used functions run_unittest() and + run_doctest() and class BasicTestRunner from the test.support + module. + - gh-110932: Fix regrtest if the SOURCE_DATE_EPOCH environment + variable is defined: use the variable value as the random seed. + Patch by Victor Stinner. + - gh-110995: test_gdb: Fix detection of gdb built without Python + scripting support. Patch by Victor Stinner. + - gh-110918: Test case matching patterns specified by options + --match, --ignore, --matchfile and --ignorefile are now tested + in the order of specification, and the last match determines + whether the test case be run or ignored. + - gh-110647: Fix test_stress_modifying_handlers() of test_signal. + Patch by Victor Stinner. + - gh-103053: Fix test_tools.test_freeze on FreeBSD: run “make + distclean” instead of “make clean” in the copied source + directory to remove also the “python” program. Patch by Victor + Stinner. + - gh-110167: Fix a deadlock in test_socket when server fails with + a timeout but the client is still running in its thread. Don’t + hold a lock to call cleanup functions in doCleanups(). One of + the cleanup function waits until the client completes, whereas + the client could deadlock if it called addCleanup() in such + situation. Patch by Victor Stinner. + - gh-110388: Add tests for tty. + - gh-81002: Add tests for termios. + - gh-110267: Add tests for pickling and copying PyStructSequence + objects. Patched by Xuehai Pan. + - gh-109974: Fix race conditions in test_threading lock tests. + Wait until a condition is met rather than using time.sleep() + with a hardcoded number of seconds. Patch by Victor Stinner. + - gh-109972: Split test_gdb.py file into a test_gdb package made + of multiple tests, so tests can now be run in parallel. Patch by + Victor Stinner. + - gh-104736: Fix test_gdb on Python built with LLVM clang 16 on + Linux ppc64le (ex: Fedora 38). Search patterns in gdb “bt” + command output to detect when gdb fails to retrieve the + traceback. For example, skip a test if Backtrace stopped: frame + did not save the PC is found. Patch by Victor Stinner. + - gh-108927: Fixed order dependence in running tests in the same + process when a test that has submodules (e.g. test_importlib) + follows a test that imports its submodule (e.g. + test_importlib.util) and precedes a test (e.g. test_unittest or + test_compileall) that uses that submodule. + + - Build + - gh-103053: “make check-clean-src” now also checks if the + “python” program is found in the source directory: fail with an + error if it does exist. Patch by Victor Stinner. + - gh-109191: Fix compile error when building with recent versions + of libedit. + + - IDLE + - bpo-35668: Add docstrings to the IDLE debugger module. Fix two + bugs: initialize Idb.botframe (should be in Bdb); in + Idb.in_rpc_code, check whether prev_frame is None before trying + to use it. Greatly expand test_debugger. + + - C API + - gh-112438: Fix support of format units “es”, “et”, “es#”, and + “et#” in nested tuples in PyArg_ParseTuple()-like functions. + - gh-109521: PyImport_GetImporter() now sets RuntimeError if it + fails to get sys.path_hooks or sys.path_importer_cache or they + are not list and dict correspondingly. Previously it could + return NULL without setting error in obscure cases, crash or + raise SystemError if these attributes have wrong type. +------------------------------------------------------------------- +Mon Dec 18 16:20:58 UTC 2023 - Matej Cepl + +- Refresh CVE-2023-27043-email-parsing-errors.patch to + gh#python/cpython!111116, fixing bsc#1210638 (CVE-2023-27043). +- Thus we can remove Revert-gh105127-left-tests.patch, which is + now useless. + +------------------------------------------------------------------- +Wed Nov 15 09:06:16 UTC 2023 - Daniel Garcia + +- Remove not needed patch 103213-fetch-CONFIG_ARGS.patch +- Refresh patches: + - bpo-31046_ensurepip_honours_prefix.patch + - fix_configure_rst.patch + +- Update to 3.11.6: + - Core and Builtins + - gh-109351: Fix crash when compiling an invalid AST involving a + named (walrus) expression. + - gh-109207: Fix a SystemError in __repr__ of symtable entry + object. + - gh-109179: Fix bug where the C traceback display drops notes + from SyntaxError. + - gh-88943: Improve syntax error for non-ASCII character that + follows a numerical literal. It now points on the invalid + non-ASCII character, not on the valid numerical literal. + - gh-108959: Fix caret placement for error locations for subscript + and binary operations that involve non-semantic parentheses and + spaces. Patch by Pablo Galindo + - gh-108520: Fix + multiprocessing.synchronize.SemLock.__setstate__() to properly + initialize multiprocessing.synchronize.SemLock._is_fork_ctx. + This fixes a regression when passing a SemLock accross nested + processes. + - Rename multiprocessing.synchronize.SemLock.is_fork_ctx to + multiprocessing.synchronize.SemLock._is_fork_ctx to avoid + exposing it as public API. + - Library + - gh-110036: On Windows, multiprocessing Popen.terminate() now + catchs PermissionError and get the process exit code. If the + process is still running, raise again the PermissionError. + Otherwise, the process terminated as expected: store its exit + code. Patch by Victor Stinner. + - gh-110038: Fixed an issue that caused KqueueSelector.select() to + not return all the ready events in some cases when a file + descriptor is registered for both read and write. + - gh-109631: re functions such as re.findall(), re.split(), + re.search() and re.sub() which perform short repeated matches + can now be interrupted by user. + - gh-109593: Avoid deadlocking on a reentrant call to the + multiprocessing resource tracker. Such a reentrant call, though + unlikely, can happen if a GC pass invokes the finalizer for a + multiprocessing object such as SemLock. + - gh-109613: Fix os.stat() and os.DirEntry.stat(): check for + exceptions. Previously, on Python built in debug mode, these + functions could trigger a fatal Python error (and abort the + process) when a function succeeded with an exception set. Patch + by Victor Stinner. + - gh-109375: The pdb alias command now prevents registering + aliases without arguments. + - gh-107219: Fix a race condition in concurrent.futures. When a + process in the process pool was terminated abruptly (while the + future was running or pending), close the connection write end. + If the call queue is blocked on sending bytes to a worker + process, closing the connection write end interrupts the send, + so the queue can be closed. Patch by Victor Stinner. + - gh-50644: Attempts to pickle or create a shallow or deep copy of + codecs streams now raise a TypeError. Previously, copying failed + with a RecursionError, while pickling produced wrong results + that eventually caused unpickling to fail with a RecursionError. + - gh-108987: Fix _thread.start_new_thread() race condition. If a + thread is created during Python finalization, the newly spawned + thread now exits immediately instead of trying to access freed + memory and lead to a crash. Patch by Victor Stinner. + - gh-108843: Fix an issue in ast.unparse() when unparsing + f-strings containing many quote types. + - gh-108682: Enum: raise TypeError if super().__new__() is called + from a custom __new__. + - gh-105829: Fix concurrent.futures.ProcessPoolExecutor deadlock + - gh-64662: Fix support for virtual tables in + sqlite3.Connection.iterdump(). Patch by Aviv Palivoda. + - gh-107913: Fix possible losses of errno and winerror values in + OSError exceptions if they were cleared or modified by the + cleanup code before creating the exception object. + - gh-104372: On Linux where subprocess can use the vfork() syscall + for faster spawning, prevent the parent process from blocking + other threads by dropping the GIL while it waits for the + vfork’ed child process exec() outcome. This prevents spawning a + binary from a slow filesystem from blocking the rest of the + application. + - gh-84867: unittest.TestLoader no longer loads test cases from + exact unittest.TestCase and unittest.FunctionTestCase classes. + - Documentation + - gh-109209: The minimum Sphinx version required for the + documentation is now 4.2. + - gh-105052: Update timeit doc to specify that time in seconds is + just the default. + - gh-102823: Document the return type of x // y when x and y have + type float. + - Tests + - gh-110031: Skip test_threading tests using thread+fork if Python + is built with Address Sanitizer (ASAN). Patch by Victor Stinner. + - gh-110088: Fix test_asyncio timeouts: don’t measure the maximum + duration, a test should not measure a CI performance. Only + measure the minimum duration when a task has a timeout or delay. + Add CLOCK_RES to test_asyncio.utils. Patch by Victor Stinner. + - gh-110033: Fix test_interprocess_signal() of test_signal. Make + sure that the subprocess.Popen object is deleted before the test + raising an exception in a signal handler. Otherwise, + Popen.__del__() can get the exception which is logged as + Exception ignored in: ... and the test fails. Patch by Victor + Stinner. + - gh-109594: Fix test_timeout() of + test_concurrent_futures.test_wait. Remove the future which may + or may not complete depending if it takes longer than the + timeout ot not. Keep the second future which does not complete + before wait() timeout. Patch by Victor Stinner. + - gh-109748: Fix test_zippath_from_non_installed_posix() of + test_venv: don’t copy __pycache__/ sub-directories, because they + can be modified by other Python tests running in parallel. Patch + by Victor Stinner. + - gh-103053: Skip test_freeze_simple_script() of + test_tools.test_freeze if Python is built with ./configure + --enable-optimizations, which means with Profile Guided + Optimization (PGO): it just makes the test too slow. The freeze + tool is tested by many other CIs with other (faster) compiler + flags. Patch by Victor Stinner. + - gh-109396: Fix test_socket.test_hmac_sha1() in FIPS mode. Use a + longer key: FIPS mode requires at least of at least 112 bits. + The previous key was only 32 bits. Patch by Victor Stinner. + - gh-104736: Fix test_gdb on Python built with LLVM clang 16 on + Linux ppc64le (ex: Fedora 38). Search patterns in gdb “bt” + command output to detect when gdb fails to retrieve the + traceback. For example, skip a test if Backtrace stopped: frame + did not save the PC is found. Patch by Victor Stinner. + - gh-109237: Fix test_site.test_underpth_basic() when the working + directory contains at least one non-ASCII character: encode the + ._pth file to UTF-8 and enable the UTF-8 Mode to use UTF-8 for + the child process stdout. Patch by Victor Stinner. + - gh-109230: Fix test_pyexpat.test_exception(): it can now be run + from a directory different than Python source code directory. + Before, the test failed in this case. Skip the test if + Modules/pyexpat.c source is not available. Skip also the test on + Python implementations other than CPython. Patch by Victor + Stinner. + - gh-109015: Fix test_asyncio, test_imaplib and test_socket tests + on FreeBSD if the TCP blackhole is enabled (sysctl + net.inet.tcp.blackhole). Skip the few tests which failed with + ETIMEDOUT which such non standard configuration. Currently, the + FreeBSD GCP image enables TCP and UDP blackhole (sysctl + net.inet.tcp.blackhole=2 and sysctl net.inet.udp.blackhole=1). + Patch by Victor Stinner. + - gh-91960: Skip test_gdb if gdb is unable to retrieve Python + frame objects: if a frame is . When Python is + built with “clang -Og”, gdb can fail to retrive the frame + parameter of _PyEval_EvalFrameDefault(). In this case, tests + like py_bt() are likely to fail. Without getting access to + Python frames, python-gdb.py is mostly clueless on retrieving + the Python traceback. Moreover, test_gdb is no longer skipped on + macOS if Python is built with Clang. Patch by Victor Stinner. + - gh-108962: Skip test_tempfile.test_flags() if chflags() fails + with “OSError: [Errno 45] Operation not supported” (ex: on + FreeBSD 13). Patch by Victor Stinner. + - gh-89392: Removed support of test_main() function in tests. They + now always use normal unittest test runner. + - gh-108851: Fix test_tomllib recursion tests for WASI buildbots: + reduce the recursion limit and compute the maximum nested + array/dict depending on the current available recursion limit. + Patch by Victor Stinner. + - gh-108851: Add get_recursion_available() and + get_recursion_depth() functions to the test.support module. + Patch by Victor Stinner. + - gh-108822: regrtest now computes statistics on all tests: + successes, failures and skipped. test_netrc, test_pep646_syntax + and test_xml_etree now return results in their test_main() + function. Patch by Victor Stinner and Alex Waygood. + - gh-108388: Convert test_concurrent_futures to a package of 7 + sub-tests. Patch by Victor Stinner. + - gh-108388: Split test_multiprocessing_fork, + test_multiprocessing_forkserver and test_multiprocessing_spawn + into test packages. Each package is made of 4 sub-tests: + processes, threads, manager and misc. It allows running more + tests in parallel and so reduce the total test duration. Patch + by Victor Stinner. + - gh-101634: When running the Python test suite with -jN option, + if a worker stdout cannot be decoded from the locale encoding + report a failed testn so the exitcode is non-zero. Patch by + Victor Stinner. + - gh-100086: The Python test runner (libregrtest) now logs Python + build information like “debug” vs “release” build, or LTO and + PGO optimizations. Patch by Victor Stinner. + - gh-98903: The Python test suite now fails wit exit code 4 if no + tests ran. It should help detecting typos in test names and test + methods. + - gh-95027: On Windows, when the Python test suite is run with the + -jN option, the ANSI code page is now used as the encoding for + the stdout temporary file, rather than using UTF-8 which can + lead to decoding errors. Patch by Victor Stinner. + - gh-93353: regrtest now checks if a test leaks temporary files or + directories if run with -jN option. Patch by Victor Stinner. + - Build + - gh-63760: Fix Solaris build: no longer redefine the + gethostname() function. Solaris defines the function since 2005. + Patch by Victor Stinner, original patch by Jakub Kulík. + - gh-108740: Fix a race condition in make regen-all. The + deepfreeze.c source and files generated by Argument Clinic are + now generated or updated before generating “global objects”. + Previously, some identifiers may miss depending on the order in + which these files were generated. Patch by Victor Stinner. + - Windows + - gh-109991: Update Windows build to use OpenSSL 3.0.11. + - gh-107565: Update Windows build to use OpenSSL 3.0.10. + - macOS + - gh-109991: Update macOS installer to use OpenSSL 3.0.11. + - Tools/Demos + - gh-109991: Update GitHub CI workflows to use OpenSSL 3.0.11 and + multissltests to use 1.1.1w, 3.0.11, and 3.1.3. + +------------------------------------------------------------------- +Wed Sep 6 07:52:11 UTC 2023 - Daniel Garcia + +- Update to 3.11.5 (bsc#1214692): + - Security + - gh-108310: Fixed an issue where instances of ssl.SSLSocket were + vulnerable to a bypass of the TLS handshake and included + protections (like certificate verification) and treating sent + unencrypted data as if it were post-handshake TLS encrypted data. + Security issue reported as CVE-2023-40217 by Aapo Oksman. Patch by + Gregory P. Smith. + - Core and Builtins + - gh-104432: Fix potential unaligned memory access on C APIs + involving returned sequences of char * pointers within the grp + and socket modules. These were revealed using a + -fsaniziter=alignment build on ARM macOS. Patch by Christopher + Chavez. + - gh-77377: Ensure that multiprocessing synchronization objects + created in a fork context are not sent to a different process + created in a spawn context. This changes a segfault into an + actionable RuntimeError in the parent process. + - gh-106092: Fix a segmentation fault caused by a use-after-free + bug in frame_dealloc when the trashcan delays the deallocation + of a PyFrameObject. + - gh-106719: No longer suppress arbitrary errors in the + __annotations__ getter and setter in the type and module types. + - gh-106723: Propagate frozen_modules to multiprocessing spawned + process interpreters. + - gh-105979: Fix crash in _imp.get_frozen_object() due to improper + exception handling. + - gh-105840: Fix possible crashes when specializing function calls + with too many __defaults__. + - gh-105588: Fix an issue that could result in crashes when + compiling malformed ast nodes. + - gh-105375: Fix bugs in the builtins module where exceptions + could end up being overwritten. + - gh-105375: Fix bug in the compiler where an exception could end + up being overwritten. + - gh-105375: Improve error handling in + PyUnicode_BuildEncodingMap() where an exception could end up + being overwritten. + - gh-105235: Prevent out-of-bounds memory access during + mmap.find() calls. + - gh-101006: Improve error handling when read marshal data. + - Library + - gh-105736: Harmonized the pure Python version of OrderedDict + with the C version. Now, both versions set up their internal + state in __new__. Formerly, the pure Python version did the set + up in __init__. + - gh-107963: Fix multiprocessing.set_forkserver_preload() to check + the given list of modules names. Patch by Dong-hee Na. + - gh-106242: Fixes os.path.normpath() to handle embedded null + characters without truncating the path (bsc#1214693, + CVE-2023-41105). + - gh-107845: tarfile.data_filter() now takes the location of + symlinks into account when determining their target, so it will + no longer reject some valid tarballs with + LinkOutsideDestinationError. + - gh-107715: Fix doctest.DocTestFinder.find() in presence of class + names with special characters. Patch by Gertjan van Zwieten. + - gh-100814: Passing a callable object as an option value to a + Tkinter image now raises the expected TclError instead of an + AttributeError. + - gh-106684: Close asyncio.StreamWriter when it is not closed by + application leading to memory leaks. Patch by Kumar Aditya. + - gh-107077: Seems that in some conditions, OpenSSL will return + SSL_ERROR_SYSCALL instead of SSL_ERROR_SSL when a certification + verification has failed, but the error parameters will still + contain ERR_LIB_SSL and SSL_R_CERTIFICATE_VERIFY_FAILED. We are + now detecting this situation and raising the appropiate + ssl.SSLCertVerificationError. Patch by Pablo Galindo + - gh-107396: tarfiles; Fixed use before assignment of + self.exception for gzip decompression + - gh-62519: Make gettext.pgettext() search plural definitions when + translation is not found. + - gh-83006: Document behavior of shutil.disk_usage() for + non-mounted filesystems on Unix. + - gh-106186: Do not report MultipartInvariantViolationDefect + defect when the email.parser.Parser class is used to parse + emails with headersonly=True. + - gh-106831: Fix potential missing NULL check of d2i_SSL_SESSION + result in _ssl.c. + - gh-106774: Update the bundled copy of pip to version 23.2.1. + - gh-106752: Fixed several bug in zipfile.Path in + name/suffix/suffixes/stem operations when no filename is present + and the Path is not at the root of the zipfile. + - gh-106602: Add __copy__ and __deepcopy__ in enum + - gh-106530: Revert a change to colorsys.rgb_to_hls() that caused + division by zero for certain almost-white inputs. Patch by Terry + Jan Reedy. + - gh-106052: re module: fix the matching of possessive quantifiers + in the case of a subpattern containing backtracking. + - gh-106510: Improve debug output for atomic groups in regular + expressions. + - gh-105497: Fix flag mask inversion when unnamed flags exist. + - gh-90876: Prevent multiprocessing.spawn from failing to import + in environments where sys.executable is None. This regressed in + 3.11 with the addition of support for path-like objects in + multiprocessing. + - gh-106350: Detect possible memory allocation failure in the + libtommath function mp_init() used by the _tkinter module. + - gh-102541: Make pydoc.doc catch bad module ImportError when + output stream is not None. + - gh-106263: Fix crash when calling repr with a manually + constructed SignalDict object. Patch by Charlie Zhao. + - gh-105375: Fix a bug in _Unpickler_SetInputStream() where an + exception could end up being overwritten in case of failure. + - gh-105375: Fix bugs in sys where exceptions could end up being + overwritten because of deferred error handling. + - gh-105605: Harden pyexpat error handling during module + initialisation to prevent exceptions from possibly being + overwritten, and objects from being dereferenced twice. + - gh-105375: Fix bug in decimal where an exception could end up + being overwritten. + - gh-105375: Fix bugs in _datetime where exceptions could be + overwritten in case of module initialisation failure. + - gh-105375: Fix bugs in _ssl initialisation which could lead to + leaked references and overwritten exceptions. + - gh-105375: Fix a bug in array.array where an exception could end + up being overwritten. + - gh-105375: Fix bugs in _ctypes where exceptions could end up + being overwritten. + - gh-105375: Fix a bug in the posix module where an exception + could be overwritten. + - gh-105375: Fix bugs in _elementtree where exceptions could be + overwritten. + - gh-105375: Fix bugs in zoneinfo where exceptions could be + overwritten. + - gh-105375: Fix bugs in pickle where exceptions could be + overwritten. + - gh-105497: Fix flag inversion when alias/mask members exist. + - gh-105375: Fix bugs in pickle where exceptions could be + overwritten. + - gh-103171: Revert undocumented behaviour change with + runtime-checkable protocols decorated with typing.final() in + Python 3.11. The behaviour change had meant that objects would + not be considered instances of these protocols at runtime unless + they had a __final__ attribute. Patch by Alex Waygood. + - gh-105375: Fix a bug in sqlite3 where an exception could be + overwritten in the collation callback. + - gh-105332: Revert pickling method from by-name back to by-value. + - gh-104554: Add RTSPS scheme support in urllib.parse + - gh-100061: Fix a bug that causes wrong matches for regular + expressions with possessive qualifier. + - gh-102541: Hide traceback in help() prompt, when import failed. + - gh-99203: Restore following CPython <= 3.10.5 behavior of + shutil.make_archive(): do not create an empty archive if + root_dir is not a directory, and, in that case, raise + FileNotFoundError or NotADirectoryError regardless of format + choice. Beyond the brought-back behavior, the function may now + also raise these exceptions in dry_run mode. + - gh-94777: Fix hanging multiprocessing ProcessPoolExecutor when a + child process crashes while data is being written in the call + queue. + - bpo-18319: Ensure gettext(msg) retrieve translations even if a + plural form exists. In other words: gettext(msg) == + ngettext(msg, '', 1). + - Documentation + - gh-107008: Document the curses module variables LINES and COLS. + - gh-106948: Add a number of standard external names to + nitpick_ignore. + - gh-54738: Add documentation on how to localize the argparse + module. + - Tests + - gh-105776: Fix test_cppext when the C compiler command -std=c11 + option: remove -std= options from the compiler command. Patch by + Victor Stinner. + - gh-107237: test_logging: Fix test_udp_reconnection() by + increasing the timeout from 100 ms to 5 minutes (LONG_TIMEOUT). + Patch by Victor Stinner. + - gh-101634: When running the Python test suite with -jN option, + if a worker stdout cannot be decoded from the locale encoding + report a failed testn so the exitcode is non-zero. Patch by + Victor Stinner. + - Build + - gh-107814: When calling find_python.bat with -q it did not + properly silence the output of nuget. That is now fixed. + - gh-106881: Check for linux/limits.h before including it in + Modules/posixmodule.c. + - gh-104692: Include commoninstall as a prerequisite for + bininstall + - This ensures that commoninstall is completed before bininstall + is started when parallel builds are used (make -j install), and + so the python3 symlink is only installed after all standard + library modules are installed. + - gh-100340: Allows -Wno-int-conversion for wasm-sdk 17 and + onwards, thus enables building WASI builds once against the + latest sdk. + - Windows + - gh-106242: Fixes realpath() to behave consistently when passed a + path containing an embedded null character on Windows. In strict + mode, it now raises OSError instead of the unexpected + ValueError, and in non-strict mode will make the path absolute. + - gh-106844: Fix integer overflow in _winapi.LCMapStringEx() which + affects ntpath.normcase(). + - gh-99079: Update Windows build to use OpenSSL 3.0.9 + - gh-105436: Ensure that an empty environment block is terminated + by two null characters, as is required by Windows. + - macOS + - gh-107565: Update macOS installer to use OpenSSL 3.0.10. + - gh-99079: Update macOS installer to use OpenSSL 3.0.9. + - Tools/Demos + - gh-107565: Update multissltests and GitHub CI workflows to use + OpenSSL 1.1.1v, 3.0.10, and 3.1.2. + - gh-95065: Argument Clinic now supports overriding automatically + generated signature by using directive @text_signature. See How + to override the generated signature. + - gh-106970: Fix bugs in the Argument Clinic destination + clear command; the destination buffers would never be cleared, + and the destination directive parser would simply continue to + the fault handler after processing the command. Patch by Erlend + E. Aasland. + - C API + - gh-107916: C API functions PyErr_SetFromErrnoWithFilename(), + PyErr_SetExcFromWindowsErrWithFilename() and + PyErr_SetFromWindowsErrWithFilename() save now the error code + before calling PyUnicode_DecodeFSDefault(). + - gh-107915: Such C API functions as PyErr_SetString(), + PyErr_Format(), PyErr_SetFromErrnoWithFilename() and many others + no longer crash or ignore errors if it failed to format the + error message or decode the filename. Instead, they keep a + corresponding error. + - gh-107226: PyModule_AddObjectRef() is now only available in the + limited API version 3.10 or later. + - gh-105375: Fix a bug in PyErr_WarnExplicit() where an exception + could end up being overwritten if the API failed internally. + - gh-99612: Fix PyUnicode_DecodeUTF8Stateful() for ASCII-only + data: *consumed was not set. + +------------------------------------------------------------------- +Thu Aug 10 09:33:26 UTC 2023 - Dirk Müller + +- restrict PEP668 to ALP/Tumbleweed + +------------------------------------------------------------------- +Fri Aug 4 06:37:41 UTC 2023 - Dirk Müller + +- add externally_managed.in to label this build as PEP-668 managed + +------------------------------------------------------------------- +Thu Aug 3 14:53:38 UTC 2023 - Matej Cepl + +- IT MEANS THAT bsc#1210638 STILL HAS NOT BEEN FIXED! +- Add Revert-gh105127-left-tests.patch (gh#python/cpython!106941) + partially reverting CVE-2023-27043-email-parsing-errors.patch, + because of the regression in gh#python/cpython#106669. +- (bsc#1210638, CVE-2023-27043) Add + CVE-2023-27043-email-parsing-errors.patch, which detects email + address parsing errors and returns empty tuple to indicate the + parsing error (old API). (The patch is faulty, + gh#python/cpython#106669, but upstream decided not to just + revert it). + +------------------------------------------------------------------- +Wed Jun 28 19:47:28 UTC 2023 - Matej Cepl + +- Update to Python 3.11.4: + - gh-103142: The version of OpenSSL used in Windows and + Mac installers has been upgraded to 1.1.1u to address + CVE-2023-2650, CVE-2023-0465, CVE-2023-0466, CVE-2023-0464, + as well as CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303 + fixed previously in 1.1.1t (gh-101727). + - gh-102153: urllib.parse.urlsplit() now strips leading C0 + control and space characters following the specification for + URLs defined by WHATWG in response to CVE-2023-24329 + (bsc#1208471). + - gh-99889: Fixed a security in flaw in uu.decode() that could + allow for directory traversal based on the input if no + out_file was specified. + - gh-104049: Do not expose the local on-disk + location in directory indexes produced by + http.client.SimpleHTTPRequestHandler. + - gh-103935: trace.__main__ now uses io.open_code() for files + to be executed instead of raw open(). + - gh-102953: The extraction methods in tarfile, and + shutil.unpack_archive(), have a new filter argument that + allows limiting tar features than may be surprising or + dangerous, such as creating files outside the destination + directory. See Extraction filters for details (fixing + CVE-2007-4559, bsc#1203750). +- Remove upstreamed patches: + - CVE-2007-4559-filter-tarfile_extractall.patch + +------------------------------------------------------------------- +Mon Jun 26 13:02:05 UTC 2023 - Matej Cepl + +- Remove obsolete_python_versioned macro again. This mechanism + has no business to be in Python 3.11, because we have abolished + with it whole interpreter+setuptools+pip product. Python 3.11 + should not be replaced by later versions anymore. + +------------------------------------------------------------------- +Sun Apr 30 18:13:16 UTC 2023 - Matej Cepl + +- Add 103213-fetch-CONFIG_ARGS.patch (gh#python/cpython#103053). +- Add skip_if_buildbot-extend.patch to avoid the bug altogether + (extending what skip_if_buildbot covers). +- Add CVE-2007-4559-filter-tarfile_extractall.patch to fix + bsc#1203750 (CVE-2007-4559) and implementing "PEP 706 – Filter + for tarfile.extractall". + +------------------------------------------------------------------- +Thu Apr 27 21:57:15 UTC 2023 - Matej Cepl + +- Update to 3.11.3: + - Security + - gh-101727: Updated the OpenSSL version used in Windows + and macOS binary release builds to 1.1.1t to address + CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303 per the + OpenSSL 2023-02-07 security advisory. + - Core and Builtins + - gh-101975: Fixed stacktop value on tracing entries to avoid + corruption on garbage collection. + - gh-102701: Fix overflow when creating very large dict. + - gh-102416: Do not memoize incorrectly automatically + generated loop rules in the parser. Patch by Pablo Galindo. + - gh-102356: Fix a bug that caused a crash when deallocating + deeply nested filter objects. Patch by Marta Gómez Macías. + - gh-102397: Fix segfault from race condition in signal + handling during garbage collection. Patch by Kumar Aditya. + - gh-102281: Fix potential nullptr dereference and use of + uninitialized memory in fileutils. Patch by Max Bachmann. + - gh-102126: Fix deadlock at shutdown when clearing thread + states if any finalizer tries to acquire the runtime head + lock. Patch by Kumar Aditya. + - gh-102027: Fix SSE2 and SSE3 detection in _blake2 internal + module. Patch by Max Bachmann. + - gh-101967: Fix possible segfault in + positional_only_passed_as_keyword function, when new list + created. + - gh-101765: Fix SystemError / segmentation fault in iter + __reduce__ when internal access of builtins.__dict__ keys + mutates the iter object. + - gh-101696: Invalidate type version tag in + _PyStaticType_Dealloc for static types, avoiding bug where + a false cache hit could crash the interpreter. Patch by + Kumar Aditya. + - Library + - gh-102549: Don’t ignore exceptions in member type creation. + - gh-102947: Improve traceback when dataclasses.fields() is + called on a non-dataclass. Patch by Alex Waygood + - gh-102780: The asyncio.Timeout context manager now + works reliably even when performing cleanup due to task + cancellation. Previously it could raise a CancelledError + instead of an TimeoutError in such cases. + - gh-88965: typing: Fix a bug relating to substitution in . + Pacustom classes generic over a ParamSpec. Previously, if . + Pathe ParamSpec was substituted with a parameters list that . + Paitself contained a TypeVar, the TypeVar in the parameters . + Palist could not be subsequently substituted. This is now . + Pafixed tch by Nikita Sobolev . + - gh-101979: Fix a bug where parentheses in the metavar + argument to argparse.ArgumentParser.add_argument() were + dropped. Patch by Yeojin Kim. + - gh-102179: Fix os.dup2() error message for negative fds. + - gh-101961: For the binary mode, fileinput.hookcompressed() + doesn’t set the encoding value even if the value is + None. Patch by Gihwan Kim. + - gh-101936: The default value of fp becomes io.BytesIO + if HTTPError is initialized without a designated fp + parameter. Patch by Long Vo. + - gh-102069: Fix __weakref__ descriptor generation for custom + dataclasses. + - gh-101566: In zipfile, apply fix for extractall on the + underlying zipfile after being wrapped in Path. + - gh-101892: Callable iterators no longer raise SystemError + when the callable object exhausts the iterator but forgets + to either return a sentinel value or raise StopIteration. + - gh-97786: Fix potential undefined behaviour in corner cases + of floating-point-to-time conversions. + - gh-101517: Fixed bug where bdb looks up the source line + with linecache with a lineno=None, which causes it to fail + with an unhandled exception. + - gh-101673: Fix a pdb bug where ll clears the changes to + local variables. + - gh-96931: Fix incorrect results from + ssl.SSLSocket.shared_ciphers() + - gh-88233: Correctly preserve “extra” fields in zipfile + regardless of their ordering relative to a zip64 “extra.” + - gh-96127: inspect.signature was raising TypeError on + call with mock objects. Now it correctly returns (*args, + **kwargs) as infered signature. + - gh-95495: When built against OpenSSL 3.0, the ssl module + had a bug where it reported unauthenticated EOFs (i.e. + without close_notify) as a clean TLS-level EOF. It now + raises SSLEOFError, matching the behavior in previous + versions of OpenSSL. The options attribute on SSLContext + also no longer includes OP_IGNORE_UNEXPECTED_EOF by + default. This option may be set to specify the previous + OpenSSL 3.0 behavior. + - gh-94440: Fix a concurrent.futures.process bug where + ProcessPoolExecutor shutdown could hang after a future has + been quickly submitted and canceled. + - Documentation + - gh-103112: Add docstring to http.client.HTTPResponse.read() + to fix pydoc output. + - gh-85417: Update cmath documentation to clarify behaviour + on branch cuts. + - gh-97725: Fix asyncio.Task.print_stack() description for + file=None. Patch by Oleg Iarygin. + - Tests + - gh-102980: Improve test coverage on pdb. + - gh-102537: Adjust the error handling strategy in + test_zoneinfo.TzPathTest.python_tzpath_context. Patch by + Paul Ganssle. + - gh-89792: test_tools now copies up to 10x less source data + to a temporary directory during the freeze test by ignoring + git metadata and other artifacts. It also limits its python + build parallelism based on os.cpu_count instead of hard + coding it as 8 cores. + - gh-101377: Improved test_locale_calendar_formatweekday of + calendar. + - Build + - gh-102711: Fix -Wstrict-prototypes compiler warnings. + +------------------------------------------------------------------- +Fri Mar 3 17:23:35 UTC 2023 - Matej Cepl + +- Update to 3.11.2: + Bug fixes, no changes in API and no security bugs. + +------------------------------------------------------------------- +Wed Mar 1 20:50:04 UTC 2023 - Matej Cepl + +- Add python310 Obsoletes line to obsolete_python_versioned macro. + +------------------------------------------------------------------- +Tue Feb 21 11:34:49 UTC 2023 - Matej Cepl + +- Add provides for readline and sqlite3 to the main Python + package. + +------------------------------------------------------------------- +Thu Jan 26 13:28:24 UTC 2023 - Thorsten Kukuk + +- Disable NIS for new products, it's deprecated and gets removed + +------------------------------------------------------------------- +Tue Jan 24 12:23:34 UTC 2023 - Dirk Müller + +- build GLIBC hwcaps optimized versions of the interpreter + +------------------------------------------------------------------- +Tue Jan 10 11:11:56 UTC 2023 - Matej Cepl + +- Don't fail on Sphinx build warnings. +- For jsc#PED-1570, jsc#PED-2217 and jsc#PED-68, + providing Python 3.11 for SLE-15-SP4. + +------------------------------------------------------------------- +Thu Dec 8 14:59:50 UTC 2022 - Matej Cepl + +- Update to 3.11.1: + - python -m http.server no longer allows terminal control + characters sent within a garbage request to be printed + to the stderr server lo This is done by changing the + http.server BaseHTTPRequestHandler .log_message method to + replace control characters with a \xHH hex escape before + printin + - Avoid publishing list of active per-interpreter audit hooks + via the gc module + - The IDNA codec decoder used on DNS hostnames by socket or + asyncio related name resolution functions no longer involves + a quadratic algorithm. This prevents a potential CPU denial + of service if an out-of-spec excessive length hostname + involving bidirectional characters were decoded. Some + protocols such as urllib http 3xx redirects potentially allow + for an attacker to supply such a name (CVE-2022-45061). + - Update bundled libexpat to 2.5.0 + - Fix a shell code injection vulnerability in the + get-remote-certificate.py example script. The script no + longer uses a shell to run openssl commands. Issue reported + and initial fix by Caleb Shortt. Patch by Victor Stinner. + - Fix a crash when an object which does not have a dictionary + frees its instance values. + - Fix a bug in the tokenizer that could cause infinite + recursion when showing syntax warnings that happen in the + first line of the source. Patch by Pablo Galindo + - Fix an issue that could cause frames to be visible to Python + code as they are being torn down, possibly leading to memory + corruption or hard crashes of the interpreter. + - Fix a reference bug in _imp.create_builtin() after the + creation of the first sub-interpreter for modules builtins + and sys. Patch by Victor Stinner. + - Fixed a bug that was causing a buffer overflow if the + tokenizer copies a line missing the newline caracter from a + file that is as long as the available tokenizer buffer. Patch + by Pablo galindo + - Fix bug where an ExceptionGroup subclass can wrap a + BaseException. + - Fix zip path for venv created from a non-installed python on + POSIX platforms. + - Fix an issue that could potentially cause incorrect error + handling for some bytecode instructions. + - Fix an issue that prevented PyThreadState and + PyInterpreterState memory from being freed properly. + - Fix failure in except* with unhashable exceptions. + - Fix calculation of sys._base_executable when inside a POSIX + virtual environment using copies of the python binary when + the base installation does not provide the executable name + used by the venv. Calculation will fall back to alternative + names (“python”, “python.”). + - Update faulthandler to emit an error message with the proper + unexpected signal number. Patch by Dong-hee Na. + - Fix location of SyntaxError for a try block with both except + and except*. + - Fix the error reporting positions of specialized traceback + anchors when the source line contains Unicode characters. + - Fix subscription of type aliases containing bare generic + types or types like TypeVar: for example tuple[A, T][int] and + tuple[TypeVar, T][int], where A is a generic type, and T is a + type variable. + - Lower the recursion depth for marshal on WASI to support + wasmtime 2.0/main. + - Fix multiple crashes in debug mode when str subclasses are + used instead of str itself. + - Fix an issue where member descriptors (such as those for + __slots__) could behave incorrectly or crash instead of + raising a TypeError when accessed via an instance of an + invalid type. + - Suppress ImportError for invalid query for help() + command. Patch by Dong-hee Na. + - Fix detection of MAC addresses for uuid on certain OSs. Patch + by Chaim Sanders + - Print exception class name instead of its string + representation when raising errors from ctypes calls. + - os.sched_yield() now release the GIL while calling + sched_yield(2). Patch by Dong-hee Na. + - Fix an issue that could delay the specialization of PRECALL + instructions. + - Bugfix: PyFunction_GetAnnotations() should return a borrowed + reference. It was returning a new reference. + - Ensure that all Python frame objects are backed by “complete” + frames. + - Fixed a missing incref/decref pair in + Exception.__setstate__(). Patch by Ofey Chan. + - Fix the Python path configuration used to initialized + sys.path at Python startup. Paths are no longer encoded + to UTF-8/strict to avoid encoding errors if it contains + surrogate characters (bytes paths are decoded with the + surrogateescape error handler). Patch by Victor Stinner. + - Fix overly-broad source position information for chained + comparisons used as branching conditions. + - At Python exit, sometimes a thread holding the GIL can + wait forever for a thread (usually a daemon thread) which + requested to drop the GIL, whereas the thread already + exited. To fix the race condition, the thread which requested + the GIL drop now resets its request before exiting. Issue + discovered and analyzed by Mingliang ZHAO. Patch by Victor + Stinner. + - Fix a possible assertion failure, fatal error, or SystemError + if a line tracing event raises an exception while opcode + tracing is enabled. + - Fix undefined behaviour in C code of null pointer arithmetic. + - Make sure that all frame objects created are created from + valid interpreter frames. Prevents the possibility of invalid + frames in backtraces and signal handlers. + - Disable incorrect pickling of the C implemented classmethod + descriptors. + - On WASI ENOTCAPABLE is now mapped to PermissionError. The + errno modules exposes the new error number. getpath.py now + ignores PermissionError when it cannot open landmark files + pybuilddir.txt and pyenv.cfg. + - Allow pdb to locate source for frozen modules in the standard + library. + - Raise ValueError instead of SystemError when methods of + uninitialized io.IncrementalNewlineDecoder objects are + called. Patch by Oren Milman. + - Fix a possible assertion failure in io.FileIO when the opener + returns an invalid file descriptor. + - Also escape s in the http.server + BaseHTTPRequestHandler.log_message so that it is technically + possible to parse the line and reconstruct what the original + data was. Without this a xHH is ambiguious as to if it is a + hex replacement we put in or the characters r”x” came through + in the original request line. + - asyncio.get_event_loop() now only emits a deprecation warning + when a new event loop was created implicitly. It no longer + emits a deprecation warning if the current event loop was + set. + - Fix bug when calling trace.CoverageResults with valid infile. + - Fix a bug in handling class cleanups in + unittest.TestCase. Now addClassCleanup() uses separate lists + for different TestCase subclasses, and doClassCleanups() only + cleans up the particular class. + - Release the GIL when calling termios APIs to avoid blocking + threads. + - Fix ast.increment_lineno() to also cover ast.TypeIgnore when + changing line numbers. + - Fix bug in urllib.parse.urlparse() that causes URL schemes + that begin with a digit, a plus sign, or a minus sign to be + parsed incorrectly. + - Check the number of arguments in substitution in user + generics containing a TypeVarTuple and one or more TypeVar. + - Fix substitution of ParamSpec followed by TypeVarTuple in + generic aliases. + - Fix substitution of TypeVarTuple and ParamSpec together in + user generics. + - Fixed bug where inspect.signature() reported incorrect + arguments for decorated methods. + - Fix SystemError in ctypes when exception was not set during + __initsubclass__. + - Remove older version of + _SSLProtocolTransport.get_write_buffer_limits in + asyncio.sslproto + - fix negative numbers failing in verify() + - Fix statistics.NormalDist pickle with 0 and 1 protocols. + - enum.auto() is now correctly activated when combined with + other assignment values. E.g. ONE = auto(), 'some text' will + now evaluate as (1, 'some text'). + - Update the bundled copy of pip to version 22.3.1. + - Clean up refleak on failed module initialisation in _zoneinfo + - Clean up refleaks on failed module initialisation in in + _pickle + - Clean up refleak on failed module initialisation in _io. + - Fix memory leak in math.dist() when both points don’t have + the same dimension. Patch by Kumar Aditya. + - [3.11] Applied changes from importlib_metadata 4.11.4 + through 4.13, including compatibility and robustness + fixes for Distribution objects without _normalized_name, + disallowing invalid inputs to Distribution.from_name, and + refined behaviors in PathDistribution._name_from_stem and + PathDistribution._normalized_name. + - Fix argument typechecks in _overlapped.WSAConnect() and + _overlapped.Overlapped.WSASendTo() functions. + - Prevent crashing in traceback when retrieving the byte-offset + for some source files that contain certain unicode + characters. + - Fix internal error in the re module which in very rare + circumstances prevented compilation of a regular expression + containing a conditional expression without the “else” + branch. + - Fix asyncio.StreamWriter.drain() to call + protocol.connection_lost callback only once on Windows. + - Add a mutex to unittest.mock.NonCallableMock to protect + concurrent access to mock attributes. + - Fix hang on Windows in subprocess.wait_closed() in asyncio + with ProactorEventLoop. Patch by Kumar Aditya. + - Fix infinite loop in unittest when a self-referencing chained + exception is raised + - tkinter.Text.count() raises now an exception for options + starting with “-” instead of silently ignoring them. + - On uname_result, restored expectation that _fields and + _asdict would include all six properties including processor. + - A createSocket() method was added to SysLogHandler. + - Fix bug in urllib.parse.urlparse() that causes certain port + numbers containing whitespace, underscores, plus and minus + signs, or non-ASCII digits to be incorrectly accepted. + - Allow venv to pass along PYTHON* variables to ensurepip and + pip when they do not impact path resolution + - On macOS, fix a crash in syslog.syslog() in multi-threaded + applications. On macOS, the libc syslog() function is not + thread-safe, so syslog.syslog() no longer releases the GIL to + call it. Patch by Victor Stinner. + - Allow BUILTINS to be a valid field name for frozen + dataclasses. + - Wrap network errors consistently in urllib FTP support, so + the test suite doesn’t fail when a network is available but + the public internet is not reachable. + - Make sure patch.dict() can be applied on async functions. + - Earlier in 3.11 we deprecated + asyncio.Task.cancel("message"). We realized we were too + harsh, and have undeprecated it. + - Change deprecate warning message in unittest from It is + deprecated to return a value!=None to It is deprecated to + return a value that is not None from a test case + - Fixes AttributeError when subprocess.check_output() is used + with argument input=None and either of the arguments encoding + or errors are used. + - Fix is_private properties in the ipaddress module. Previously + non-private networks (0.0.0.0/0) would return True from this + method; now they correctly return False. + - Avoid spurious tracebacks from asyncio when default executor + cleanup is delayed until after the event loop is closed (e.g. + as the result of a keyboard interrupt). + - Avoid a crash in the C version of + asyncio.Future.remove_done_callback() when an evil argument + is passed. + - Remove tokenize.NL check from tabnanny. + - Fix generation of the default name of + tkinter.Checkbutton. Previously, checkbuttons in different + parent widgets could have the same short name and share + the same state if arguments “name” and “variable” are not + specified. Now they are globally unique. + - Update bundled libexpat to 2.4.9 + - Fix race condition in asyncio where process_exited() called + before the pipe_data_received() leading to inconsistent + output. Patch by Kumar Aditya. + - Fixed check in multiprocessing.resource_tracker that + guarantees that the length of a write to a pipe is not + greater than PIPE_BUF. + - Corrected type annotation for dataclass attribute + pstats.FunctionProfile.ncalls to be str. + - Fix repr of Any subclasses. + - Work around missing socket functions in socket’s __repr__. + - In inspect, fix overeager replacement of “typing.” in + formatting annotations. + - Fix handling of bytes path-like objects in os.ismount(). + - Fix handling compiler warnings (SyntaxWarning and + DeprecationWarning) in codeop.compile_command() when checking + for incomplete input. Previously it emitted warnings and + raised a SyntaxError. Now it always returns None for + incomplete input without emitting any warnings. + - To avoid apparent memory leaks when asyncio.open_connection() + raises, break reference cycles generated by local exception + and future instances (which has exception instance as its + member var). Patch by Dong Uk, Kang. + - Fixed flickering of the turtle window when the tracer is + turned off. Patch by Shin-myoung-serp. + - Fix asyncio subprocess transport to kill process cleanly + when process is blocked and avoid RuntimeError when loop is + closed. Patch by Kumar Aditya. + - Prevent error when activating venv in nested fish instances. + - TarFile.next() now returns None when called on an empty + tarfile. + - Document the optional callback parameter of WeakMethod. Patch + by Géry Ogam. + - Restrict use of sockets instead of pipes for stdin of + subprocesses created by asyncio to AIX platform only. + - shutil.copytree() now applies the ignore_dangling_symlinks + argument recursively. + - Fix IndexError in argparse.ArgumentParser when a store_true + action is given an explicit argument. + - Document that calling variadic functions with ctypes requires + special care on macOS/arm64 (and possibly other platforms). + - Remove extra row + - Clarified the conflicting advice given in the ast + documentation about ast.literal_eval() being “safe” for use + on untrusted input while at the same time warning that it + can crash the process. The latter statement is true and is + deemed unfixable without a large amount of work unsuitable + for a bugfix. So we keep the warning and no longer claim that + literal_eval is safe. + - Restructured the documentation for the os.wait* family of + functions, and improved the docs for os.waitid() with more + explanation of the possible argument constants. + - Skip test_normalization() of test_unicodedata if it + fails to download NormalizationTest.txt file from + pythontest.net. Patch by Victor Stinner. + - Correct test_marsh on (32 bit) x86: test_deterministic sets + was failing. + - Optional big memory tests in test_sqlite3 now catch the + correct sqlite.DataError exception type in case of too large + strings and/or blobs passed. + - Fix a bug in the typing tests where a test relying + on CPython-specific implementation details was not + decorated with @cpython_only and was not skipped on other + implementations. + - Add tests for star-unpacking with PEP 646, and some other + miscellaneous PEP 646 tests. + - Added explicit coverage of Py_Initialize (and hence + Py_InitializeEx) back to the embedding tests (all other + embedding tests migrated to Py_InitializeFromConfig in Python + 3.11) + - Some C API tests were moved into the new Lib/test/test_capi/ + directory. + - Fix -Wimplicit-int, -Wstrict-prototypes, and + -Wimplicit-function-declaration compiler warnings in + configure checks. + - Fix a compilation issue with GCC 12 on macOS. + - Fix -Wimplicit-int compiler warning in configure check for + PTHREAD_SCOPE_SYSTEM. + - Fix a possible fd leak in Programs/_freeze_module.c + introduced in Python 3.11. + - Fix build with PYTHON_FOR_REGEN=python3.8. + - Specify the full path to the source location for make + docclean (needed for cross-builds). + - Don’t use vendored libmpdec headers if --with-system-libmpdec + is passed to configure. Don’t use vendored libexpat headers + if --with-system-expat is passed to !configure. + - Fix the build process of clang compiler for _bootstrap_python + if LTO optimization is applied. Patch by Matthias Görgens and + Dong-hee Na. + - wasm32-emscripten builds for browsers now include + concurrent.futures for asyncio and unittest.mock. + - wasm32-emscripten platform no longer builds resource module, + getresuid(), getresgid(), and their setters. The APIs are + stubs and not functional. + - Updated pegen regeneration script on Windows to find and + use Python 3.9 or higher. Prior to this, pegen regeneration + already required 3.9 or higher, but the script may have used + lower versions of Python. + - Fix a bug in the previous bugfix that caused IDLE to + not start when run with 3.10.8, 3.12.0a1, and at least + Microsoft Python 3.10.2288.0 installed without the Lib/test + package. 3.11.0 was never affected. + - The wasm_build.py script now pre-builds Emscripten ports, + checks for broken EMSDK versions, and warns about pkg-config + env vars. + - The new tool Tools/wasm/wasm_builder.py automates configure, + compile, and test steps for building CPython on WebAssembly + platforms. + - Fix handling of module docstrings in Tools/i18n/pygettext.py. + - PyBUF_* constants were marked as part of Limited API + of Python 3.11+. These were available in 3.11.0 with + Py_LIMITED_API defined for 3.11, and are necessary to use the + buffer API. + - Fix use-after-free in Py_SetPythonHome(NULL), + Py_SetProgramName(NULL) and _Py_SetProgramFullPath(NULL) + function calls. Issue reported by Benedikt Reinartz. Patch by + Victor Stinner. + - Py_InitializeEx now correctly calls PyConfig_Clear after + initializing the interpreter (the omission didn’t cause a + memory leak only because none of the dynamically allocated + config fields are populated by the wrapper function) +- Removed upstreamed patches: + - 98437-sphinx.locale._-as-gettext-in-pyspecific.patch + - CVE-2022-45061-DoS-by-IDNA-decode.patch + +------------------------------------------------------------------- +Wed Nov 9 18:31:23 UTC 2022 - Matej Cepl + +- Add CVE-2022-45061-DoS-by-IDNA-decode.patch to avoid + CVE-2022-45061 (bsc#1205244) allowing DoS by IDNA decoding + extremely long domain names. + +------------------------------------------------------------------- +Tue Oct 25 08:39:47 UTC 2022 - Matej Cepl + +- Update to 3.11.0 (overall changes from 3.10.*): + - General changes + - PEP 657 -- Include Fine-Grained Error Locations in + Tracebacks + - PEP 654 -- Exception Groups and except* + - PEP 680 -- tomllib: Support for Parsing TOML in the + Standard Library + - gh-90908 -- Introduce task groups to asyncio + - gh-34627 -- Atomic grouping ((?>...)) and possessive + quantifiers (*+, ++, ?+, {m,n}+) are now supported in + regular expressions. + - The Faster CPython Project is already yielding some + exciting results. Python 3.11 is up to 10-60% faster than + Python 3.10. On average, we measured a 1.22x speedup on the + standard benchmark suite. See Faster CPython for details. + - Typing and typing language changes + - PEP 673 -- Self Type + - PEP 646 -- Variadic Generics + - PEP 675 -- Arbitrary Literal String Type + - PEP 655 -- Marking individual TypedDict items as required + or potentially-missing + - PEP 681 -- Data Class Transforms +- (just changes from 3.11.0rc2): + - Fix multiplying a list by an integer (list *= int): detect + the integer overflow when the new allocated length is close + to the maximum size. Issue reported by Jordan Limor. Patch by + Victor Stinner. + - On Linux the multiprocessing module returns to using + filesystem backed unix domain sockets for communication + with the forkserver process instead of the Linux abstract + socket namespace. Only code that chooses to use the + “forkserver” start method is affected. Abstract sockets have + no permissions and could allow any user on the system in the + same network namespace (often the whole system) to inject + code into the multiprocessing forkserver process. This was + a potential privilege escalation. Filesystem based socket + permissions restrict this to the forkserver process user as + was the default in Python 3.8 and earlier. This prevents + Linux CVE-2022-42919. + - Fix an issue where several frame objects could be backed by + the same interpreter frame, possibly leading to corrupted + memory and hard crashes of the interpreter. + - Fix possible data corruption or crashes when accessing the + f_back member of newly-created generator or coroutine frames. + - Fix a crash occurring when PyEval_GetFrame() is called while + the topmost Python frame is in a partially-initialized state. + - Fix command line parsing: reject -X int_max_str_digits option + with no value (invalid) when the PYTHONINTMAXSTRDIGITS + environment variable is set to a valid limit. Patch by Victor + Stinner. + - Fix undefined behaviour in _testcapimodule.c. + - When ValueError is raised if an integer is larger than the + limit, mention the sys.set_int_max_str_digits() function in + the error message. Patch by Victor Stinner. + - Correctly raise SyntaxError on exception groups (PEP 654) on + python versions prior to 3.11 + - Document some places where an assignment expression needs + parentheses. + - Update the bundled copies of pip and setuptools to versions + 22.3 and 65.5.0 respectively. + - fix Flag to use boundary CONFORM + - This restores previous Flag behavior of allowing flags with + non-sequential values to be combined; e.g. + - class Skip(Flag): TWO = 2 EIGHT = 8 + - Skip.TWO | Skip.EIGHT -> + - Fix ! in c domain ref target syntax via a conf.py patch, so + it works as intended to disable ref target resolution. + - Update tutorial introduction output to use 3.10+ SyntaxError + invalid range. + +------------------------------------------------------------------- +Fri Oct 21 10:14:03 UTC 2022 - Matej Cepl + +- Add 98437-sphinx.locale._-as-gettext-in-pyspecific.patch to + allow building of documentation with the latest Sphinx 5.3.0 + (gh#python/cpython#98366). + +------------------------------------------------------------------- +Thu Sep 15 08:43:07 UTC 2022 - Matej Cepl + +- Update to 3.11.0rc2: + - Converting between int and str in bases other than 2 + (binary), 4, 8 (octal), 16 (hexadecimal), or 32 such as base + 10 (decimal) now raises a ValueError if the number of digits + in string form is above a limit to avoid potential denial of + service attacks due to the algorithmic complexity. This is + a mitigation for CVE-2020-10735. + This new limit can be configured or disabled by environment + variable, command line flag, or sys APIs. See the integer + string conversion length limitation documentation. The + default limit is 4300 digits in string form. + - Fix case of undefined behavior in ceval.c + - Do not expose KeyWrapper in _functools. + - Ensure that tracing, sys.setrace(), is turned on + immediately. In pre-release versions of 3.11, some tracing + events might have been lost when turning on tracing in a + __del__ method or interrupt. + - Fix use after free in trace refs build mode. Patch by Kumar + Aditya. + - When loading a file with invalid UTF-8 inside a multi-line + string, a correct SyntaxError is emitted. + - Make sure that incomplete frames do not show up in + tracemalloc traces. + - Remove two cases of undefined behavior, by adding NULL + checks. + - Fix possible NULL pointer dereference in + _PyThread_CurrentFrames. Patch by Kumar Aditya. + - Fix AttributeError missing name and obj attributes in + object.__getattribute__(). Patch by Philip Georgi. + - Loading a file with invalid UTF-8 will now report the broken + character at the correct location. + - Fixed a bug that caused _PyCode_GetExtra to return garbage + for negative indexes. Patch by Pablo Galindo + - Fix a deadlock in PyGILState_Ensure() when allocating new + thread state. Patch by Kumar Aditya. + - PyType_Ready() now initializes ht_cached_keys and performs + additional checks to ensure that type objects are properly + configured. This avoids crashes in 3rd party packages that + don’t use regular API to create new types. + - Skip over incomplete frames in PyThreadState_GetFrame(). + - Fix format string in _PyPegen_raise_error_known_location that + can lead to memory corruption on some 64bit systems. The + function was building a tuple with i (int) instead of n + (Py_ssize_t) for Py_ssize_t arguments. + - Fix misleading contents of error message when converting an + all-whitespace string to float. + - ast.parse() will no longer parse function definitions with + positional-only params when passed feature_version less than + (3, 8). Patch by Shantanu Jain. + - Fix incorrect error message in the io module. + - Fix the faulthandler implementation of + faulthandler.register(signal, chain=True) if the sigaction() + function is not available: don’t call the previous signal + handler if it’s NULL. Patch by Victor Stinner. + - Correct conversion of numbers.Rational’s to float. + - Fix TypeVarTuple.__typing_prepare_subst__. TypeError was not + raised when using more than one TypeVarTuple, like [*T, *V] + in type alias substitutions. + - Fix asyncio.streams.StreamReaderProtocol to keep a strong + reference to the created task, so that it’s not garbage + collected + - Fix a performance regression in logging + TimedRotatingFileHandler. Only check for special files when + the rollover time has passed. + - Fix unused localName parameter in the Attr class in + xml.dom.minidom. + - Fix incorrect condition that causes sys.thread_info.name to + be wrong on pthread platforms. + - Remove an incompatible change from bpo-28080 that caused a + regression that ignored the utf8 in ZipInfo.flag_bits. Patch + by Pablo Galindo. + - Fix asyncio.Runner to call asyncio.set_event_loop() only + once to avoid calling attach_loop() multiple times on child + watchers. Patch by Kumar Aditya. + - Fix unittest.IsolatedAsyncioTestCase to set event loop before + calling setup functions. Patch by Kumar Aditya. + - When a task catches asyncio.CancelledError and raises some + other error, the other error should generally not silently be + suppressed. + - Fail gracefully if EPERM or ENOSYS is raised when loading + crypt methods. This may happen when trying to load MD5 on a + Linux kernel with FIPS enabled. + - Allow asyncio.StreamWriter.drain() to be awaited concurrently + by multiple tasks. Patch by Kumar Aditya. + - Fix ast.unparse() when ImportFrom.level is None + - Improve discoverability of the higher level + concurrent.futures module by providing clearer links from the + lower level threading and multiprocessing modules. + - What’s New 3.11 now has instructions for how to provide + compiler and linker flags for Tcl/Tk and OpenSSL on RHEL 7 + and CentOS 7. + - Mitigate the inherent race condition from using + find_unused_port() in testSockName() by trying to find an + unused port a few times before failing. Patch by Ross Burton. + - Build and test with OpenSSL 1.1.1q +- Use support-expat-CVE-2022-25236-patched.patch from the current + version of gh#python/cpython#93900 instead of the old + support-expat-245.patch. +- Reapply fix_configure_rst.patch. + +------------------------------------------------------------------- +Mon Sep 5 08:43:49 UTC 2022 - Andreas Schwab + +- Increase testsuite timeout for test_freeze_simple_script + +------------------------------------------------------------------- +Sat Aug 20 21:31:40 UTC 2022 - Matej Cepl + +- fix import_failed.map to refer to the python 3.11 package versions + +------------------------------------------------------------------- +Sat Aug 20 14:05:21 UTC 2022 - Matej Cepl + +- Update to 3.11.0rc1: + - Core and Builtins + - Update code object hashing and equality to consider all + debugging and exception handling tables. This fixes an + issue where certain non-identical code objects could be + “deduplicated” during compilation. + - _PyPegen_Parser_New now properly detects token memory + allocation errors. Patch by Honglin Zhu. + - Run Python code in tracer/profiler function at full + speed. Fixes slowdown in earlier versions of 3.11. + - Emit a warning in debug mode if an object does not call + PyObject_GC_UnTrack() before deallocation. Patch by Pablo + Galindo. + - Prevented crashes in the AST constructor when + compiling some absurdly long expressions like + "+0"*1000000. RecursionError is now raised instead. Patch + by Pablo Galindo + - ast.AST node positions are now validated when provided to + compile() and other related functions. If invalid positions + are detected, a ValueError will be raised. + - Fix error detection in some builtin functions when keyword + argument name is an instance of a str subclass with + overloaded __eq__ and __hash__. Previously it could cause + SystemError or other undesired behavior. + - Library + - Update bundled pip to 22.2.2. + - Fix asyncio.TaskGroup to propagate exception when + asyncio.CancelledError was replaced with another exception + by a context manger. Patch by Kumar Aditya and Guido van + Rossum. + - Update bundled pip to 22.2.1. + - Fix GC crash when deallocating _lsprof.Profiler by + untracking it before calling any callbacks. Patch by Kumar + Aditya. + - Fix asyncio.run() for asyncio.Task implementations without + uncancel() method. Patch by Kumar Aditya. + - Fix check for existence of os.EFD_CLOEXEC, os.EFD_NONBLOCK + and os.EFD_SEMAPHORE flags on older kernel versions where + these flags are not present. Patch by Kumar Aditya. + - Fix concurrent.futures.Executor.map() to cancel the + currently waiting on future on an error - e.g. TimeoutError + or KeyboardInterrupt. + - Ensure that timeouts scheduled with asyncio.Timeout that + have already expired are delivered promptly. + - Suppress writing an XML declaration in open files + in ElementTree.write() with encoding='unicode' and + xml_declaration=None. + - Fix findtext in the xml module to only give an empty string + when the text attribute is set to None. + - Documentation + - Fix stylesheet not working in Windows CHM htmlhelp docs + and add warning that they are deprecated. Contributed by + C.A.M. Gerlach. + - Update library documentation with availability information + on WebAssembly platforms wasm32-emscripten and wasm32-wasi. + - Use consistent syntax for platform availability. The + directive now supports a content body and emits a warning + when it encounters an unknown platform. + - Document a limitation in ThreadPoolExecutor where its exit + handler is executed before any handlers in atexit. + - Tests + - Lib/test/test_asyncio/test_ssl.py exposed a bug in the + macOS kernel where intense concurrent load on non-blocking + sockets occasionally causes errno.ENOBUFS (“No buffer space + available”) to be emitted. FB11063974 filed with Apple, in + the mean time as a workaround buffer size used in tests on + macOS is decreased to avoid intermittent failures. Patch by + Fantix King. + - Fix problem with test_ssl test_get_ciphers on systems that + require perfect forward secrecy (PFS) ciphers. + - Add a regression test for re exponentional slowdown when + using rjsmin. + - Build + - Fix a regression in configure script that caused some + header checks to ignore custom CPPFLAGS. The regression was + introduced in gh-94802. + - wasm32-wasi builds no longer depend on WASIX’s pthread + stubs. Python now has its own stubbed pthread API. + - Python now detects missing dup function in WASI and works + around some missing errno, select, and socket constants. + - Python now skips missing socket functions and methods on + WASI. WASI can only create sockets from existing fd / + accept and has no netdb. + - Platforms wasm32-unknown-emscripten and wasm32-unknown-wasi + have been promoted to PEP 11 tier 3 platform support. + - IDLE + - Document handling of extensions in Save As dialogs. + - Include prompts when saving Shell (interactive input and + output). + - Fix the Shell context menu copy-with-prompts bug of copying + an extra line when one selects whole lines. + - In the Edit menu, move Select All and add a new separator. + - Enable using IDLE’s module browser with .pyw files. + - Add .pyi as a recognized extension for IDLE on macOS. This + allows opening stub files by double clicking on them in the + Finder. + - C API + - Restore the 3.10 behavior for multiple inheritance of C + extension classes that store their dictionary at the end of + the struct. + - Added PyCode_GetVarnames(), PyCode_GetCellvars() and + PyCode_GetFreevars() for accessing co_varnames, co_cellvars + and co_freevars respectively via the C API. + +------------------------------------------------------------------- +Tue Jul 26 10:37:31 UTC 2022 - Matej Cepl + +- Update to 3.11.0b5: + - Core and Builtins + - gh-93351: ast.AST node positions are now validated when + provided to compile() and other related functions. If + invalid positions are detected, a ValueError will be + raised. + - gh-94438: Fix an issue that caused extended opcode + arguments and some conditional pops to be ignored when + calculating valid jump targets for assignments to the + f_lineno attribute of frame objects. In some cases, this + could cause inconsistent internal state, resulting in a + hard crash of the interpreter. + - gh-95060: Undocumented PyCode_Addr2Location function now + properly returns when addrq argument is less than zero. + - gh-95113: Replace all EXTENDED_ARG_QUICK instructions + with basic EXTENDED_ARG instructions in unquickened + code. Consumers of non-adaptive bytecode should be able to + handle extended arguments the same way they were handled in + CPython 3.10 and older. + - gh-91409: Fix incorrect source location info caused by + certain optimizations in the bytecode compiler. + - gh-94036: Fix incorrect source location info for some + multi-line attribute accesses and method calls. + - gh-94739: Allow jumping within, out of, and across + exception handlers in the debugger. + - gh-94949: ast.parse() will no longer parse parenthesized + context managers when passed feature_version less than (3, + 9). Patch by Shantanu Jain. + - gh-94947: ast.parse() will no longer parse assignment + expressions when passed feature_version less than (3, + 8). Patch by Shantanu Jain. + - gh-91256: Ensures the program name is known for help text + during interpreter startup. + - gh-94869: Fix the column offsets for some expressions in + multi-line f-strings ast nodes. Patch by Pablo Galindo. + - gh-94822: Fix an issue where lookups of metaclass + descriptors may be ignored when an identically-named + attribute also exists on the class itself. + - gh-91153: Fix an issue where a bytearray item assignment + could crash if it’s resized by the new value’s __index__() + method. + - gh-90699: Fix reference counting bug in + bool.__repr__(). Patch by Kumar Aditya. + - Library + - gh-95087: Fix IndexError in parsing invalid date in the + email module. + - gh-95199: Upgrade bundled setuptools to 63.2.0. + - gh-95194: Upgrade bundled pip to 22.2. + - gh-95132: Fix a sqlite3 regression where *args and **kwds + were incorrectly relayed from connect() to the Connection + factory. The regression was introduced in 3.11a1 with PR + 24421 (gh-85128). Patch by Erlend E. Aasland.` + - gh-93157: Fix fileinput module didn’t support errors option + when inplace is true. + - gh-95105: wsgiref.types.InputStream.__iter__() should + return Iterator[bytes], not Iterable[bytes]. Patch by + Shantanu Jain. + - gh-94857: Fix refleak in + _io.TextIOWrapper.reconfigure. Patch by Kumar Aditya. + - gh-94821: Fix binding of unix socket to empty address + on Linux to use an available address from the abstract + namespace, instead of “0”. + - gh-89988: Fix memory leak in pickle.Pickler when looking up + dispatch_table. Patch by Kumar Aditya. + - bpo-47025: Drop support for bytes on sys.path. + - Tests + - gh-95212: Make multiprocessing test case + test_shared_memory_recreate parallel-safe. + - Build + - gh-94847: Fixed _decimal module build issue on GCC when + compiling with LTO and pydebug. Debug builds no longer + force inlining of functions. + - gh-94841: Fix the possible performance regression of + PyObject_Free() compiled with MSVC version 1932. + - gh-94801: configure now uses custom flags like ZLIB_CFLAGS + and ZLIB_LIBS when searching for headers and libraries. + - gh-94773: deepfreeze.py now supports code object with + frozensets that contain incompatible, unsortable types. + - C API + - gh-94930: Fix SystemError raised when + PyArg_ParseTupleAndKeywords() is used with # in (...) but + without PY_SSIZE_T_CLEAN defined. + - gh-94864: Fix PyArg_Parse* with deprecated format units “u” + and “Z”. It returned 1 (success) when warnings are turned + into exceptions. + - gh-94731: Python again uses C-style casts for + most casting operations when compiled with + C++. This may trigger compiler warnings, if they + are enabled with e.g. -Wold-style-cast `` or + ``-Wzero-as-null-pointer-constant options for g++. + +------------------------------------------------------------------- +Thu Jul 21 14:19:53 UTC 2022 - Matej Cepl + +- Switch from %primary_interpreter to prjconf-defined + %primary_python (gh#openSUSE/python-rpm-macros#127). + +------------------------------------------------------------------- +Thu Jul 14 15:37:35 UTC 2022 - Matej Cepl + +- Update to 3.11.0b4: +- Fixes many bugs and adds following more significant changes +- Security + - gh-68966: The deprecated mailcap module now refuses to inject + Coreunsafe text (filenames, MIME types, parameters) into + shell Corecommands. Instead of using such text, it will + warn and act Coreas if a match was not found (or for test + commands, as if the Coretest failed). and Builtins + - gh-93516: Lazily create a table mapping bytecode offsets to + line numbers to speed up calculation of line numbers when + tracing. + - gh-93461: importlib.invalidate_caches() now drops entries + from sys.path_importer_cache with a relative path as + name. This solves a caching issue when a process changes its + current working directory. + - FileFinder no longer inserts a dot in the path, e.g. + /egg/./spam is now /egg/spam. +Library + - gh-93896: Fix asyncio.run() and + unittest.IsolatedAsyncioTestCase to always the set event loop + as it was done in Python 3.10 and earlier. Patch by Kumar + Aditya. + - gh-94101: Manual instantiation of ssl.SSLSession objects is + no longer allowed as it lead to misconfigured instances that + crashed the interpreter when attributes where accessed on + them. + - gh-83658: Make multiprocessing.Pool raise an exception if + maxtasksperchild is not None or a positive int. + - gh-61162: Clarify sqlite3 behavior when Using the connection + as a context manager. +Tools/Demos + - gh-94538: Fix Argument Clinic output to custom file + destinations. Patch by Erlend E. Aasland. +C API + - gh-93937: The following frame functions and type are now + directly available with #include , it’s no longer + needed to add #include : + PyFrame_Check() + PyFrame_GetBack() + PyFrame_GetBuiltins() + PyFrame_GetGenerator() + PyFrame_GetGlobals() + PyFrame_GetLasti() + PyFrame_GetLocals() + PyFrame_Type + +------------------------------------------------------------------- +Tue May 31 20:54:36 UTC 2022 - Matej Cepl + +- Update to 3.11.0b2: + - many small updates +- Add patch support-expat-245.patch: + * Support Expat >= 2.4.4 (jsc#SLE-21253) + +------------------------------------------------------------------- +Tue May 10 15:01:18 UTC 2022 - Matej Cepl + +- Refresh bluez-devel-vendor.tar.xz +- Fix building with system-expat (gh#python/cpython#92875). Nope, + it didn't work, worked around it. + +------------------------------------------------------------------- +Mon May 9 15:09:03 UTC 2022 - Matej Cepl + +- Update to pre-release version 3.11.0b1: + - PEP 657 – Include Fine-Grained Error Locations in Tracebacks + - PEP 654 – Exception Groups and except* + - PEP 673 – Self Type + - PEP 646 – Variadic Generics + - PEP 680– tomllib: Support for Parsing TOML in the Standard Library + - PEP 675– Arbitrary Literal String Type + - PEP 655– Marking individual TypedDict items as required or potentially-missing + - bpo-46752– Introduce task groups to asyncio + - The Faster Cpython Project is already yielding some exciting + results. Python 3.11 is up to 10-60% faster than Python + 3.10. On average, we measured a 1.22x speedup on the standard + benchmark suite. See + https://docs.python.org/3.11/whatsnew/3.11.html#faster-cpython + for details. + +------------------------------------------------------------------- +Thu May 5 14:35:56 UTC 2022 - Matej Cepl + +- Switch primary_interpreter from python38 to python310 + +------------------------------------------------------------------- +Sat Mar 26 22:52:45 UTC 2022 - Matej Cepl + +- Update to 3.10.4: + - bpo-46968: Check for the existence of the “sys/auxv.h” header + in faulthandler to avoid compilation problems in systems + where this header doesn’t exist. Patch by Pablo Galindo + - bpo-23691: Protect the re.finditer() iterator from + re-entering. + - bpo-42369: Fix thread safety of zipfile._SharedFile.tell() to + avoid a “zipfile.BadZipFile: Bad CRC-32 for file” exception + when reading a ZipFile from multiple threads. + - bpo-38256: Fix binascii.crc32() when it is compiled to use + zlib’c crc32 to work properly on inputs 4+GiB in length + instead of returning the wrong result. The workaround prior + to this was to always feed the function data in increments + smaller than 4GiB or to just call the zlib module function. + - bpo-39394: A warning about inline flags not at the start of + the regular expression now contains the position of the flag. + - bpo-47061: Deprecate the various modules listed by PEP 594: + - aifc, asynchat, asyncore, audioop, cgi, cgitb, chunk, crypt, + imghdr, msilib, nntplib, nis, ossaudiodev, pipes, smtpd, + sndhdr, spwd, sunau, telnetlib, uu, xdrlib + - bpo-2604: Fix bug where doctests using globals would fail + when run multiple times. + - bpo-45997: Fix asyncio.Semaphore re-aquiring FIFO order. + - bpo-47022: The asynchat, asyncore and smtpd modules have been + deprecated since at least Python 3.6. Their documentation and + deprecation warnings and have now been updated to note they + will removed in Python 3.12 (PEP 594). + - bpo-46421: Fix a unittest issue where if the command was + invoked as python -m unittest and the filename(s) began with + a dot (.), a ValueError is returned. + - bpo-40296: Fix supporting generic aliases in pydoc. + +- Update to 3.10.3: + - bpo-46940: Avoid overriding AttributeError metadata + information for nested attribute access calls. Patch by Pablo + Galindo. + - bpo-46852: Rename the private undocumented + float.__set_format__() method to float.__setformat__() to fix + a typo introduced in Python 3.7. The method is only used by + test_float. Patch by Victor Stinner. + - bpo-46794: Bump up the libexpat version into 2.4.6 + - bpo-46820: Fix parsing a numeric literal immediately (without + spaces) followed by “not in” keywords, like in 1not in x. Now + the parser only emits a warning, not a syntax error. + - bpo-46762: Fix an assert failure in debug builds when a ‘<’, + ‘>’, or ‘=’ is the last character in an f-string that’s + missing a closing right brace. + - bpo-46724: Make sure that all backwards jumps use the + JUMP_ABSOLUTE instruction, rather than JUMP_FORWARD with an + argument of (2**32)+offset. + - bpo-46732: Correct the docstring for the __bool__() method. + Patch by Jelle Zijlstra. + - bpo-46707: Avoid potential exponential backtracking when + producing some syntax errors involving lots of brackets. + Patch by Pablo Galindo. + - bpo-40479: Add a missing call to va_end() in + Modules/_hashopenssl.c. + - bpo-46615: When iterating over sets internally in + setobject.c, acquire strong references to the resulting items + from the set. This prevents crashes in corner-cases of + various set operations where the set gets mutated. + - bpo-45773: Remove two invalid “peephole” optimizations from + the bytecode compiler. + - bpo-43721: Fix docstrings of getter, setter, and deleter to + clarify that they create a new copy of the property. + - bpo-46503: Fix an assert when parsing some invalid N escape + sequences in f-strings. + - bpo-46417: Fix a race condition on setting a type __bases__ + attribute: the internal function add_subclass() now gets the + PyTypeObject.tp_subclasses member after calling + PyWeakref_NewRef() which can trigger a garbage collection + which can indirectly modify PyTypeObject.tp_subclasses. Patch + by Victor Stinner. + - bpo-46383: Fix invalid signature of _zoneinfo’s module_free + function to resolve a crash on wasm32-emscripten platform. + - bpo-46070: Py_EndInterpreter() now explicitly untracks all + objects currently tracked by the GC. Previously, if an object + was used later by another interpreter, calling + PyObject_GC_UnTrack() on the object crashed if the previous + or the next object of the PyGC_Head structure became + a dangling pointer. Patch by Victor Stinner. + - bpo-46339: Fix a crash in the parser when retrieving the + error text for multi-line f-strings expressions that do not + start in the first line of the string. Patch by Pablo Galindo + - bpo-46240: Correct the error message for unclosed parentheses + when the tokenizer doesn’t reach the end of the source when + the error is reported. Patch by Pablo Galindo + - bpo-46091: Correctly calculate indentation levels for lines + with whitespace character that are ended by line continuation + characters. Patch by Pablo Galindo + - bpo-43253: Fix a crash when closing transports where the + underlying socket handle is already invalid on the Proactor + event loop. + - bpo-47004: Apply bugfixes from importlib_metadata 4.11.3, + including bugfix for EntryPoint.extras, which was returning + match objects and not the extras strings. + - bpo-46985: Upgrade pip wheel bundled with ensurepip (pip + 22.0.4) + - bpo-46968: faulthandler: On Linux 5.14 and newer, dynamically + determine size of signal handler stack size CPython allocates + using getauxval(AT_MINSIGSTKSZ). This changes allows for + Python extension’s request to Linux kernel to use AMX_TILE + instruction set on Sapphire Rapids Xeon processor to succeed, + unblocking use of the ISA in frameworks. + - bpo-46955: Expose asyncio.base_events.Server as + asyncio.Server. Patch by Stefan Zabka. + - bpo-23325: The signal module no longer assumes that SIG_IGN + and SIG_DFL are small int singletons. + - bpo-46932: Update bundled libexpat to 2.4.7 + - bpo-25707: Fixed a file leak in + xml.etree.ElementTree.iterparse() when the iterator is not + exhausted. Patch by Jacob Walls. + - bpo-44886: Inherit asyncio proactor datagram transport from + asyncio.DatagramTransport. + - bpo-46827: Support UDP sockets in asyncio.loop.sock_connect() + for selector-based event loops. Patch by Thomas Grainger. + - bpo-46811: Make test suite support Expat >=2.4.5 + - bpo-46252: Raise TypeError if ssl.SSLSocket is passed to + transport-based APIs. + - bpo-46784: Fix libexpat symbols collisions with user + dynamically loaded or statically linked libexpat in embedded + Python. + - bpo-39327: shutil.rmtree() can now work with VirtualBox + shared folders when running from the guest operating-system. + - bpo-46756: Fix a bug in + urllib.request.HTTPPasswordMgr.find_user_password() and + urllib.request.HTTPPasswordMgrWithPriorAuth.is_authenticated() + which allowed to bypass authorization. For example, access to + URI example.org/foobar was allowed if the user was authorized + for URI example.org/foo. + - bpo-46643: In typing.get_type_hints(), support evaluating + stringified ParamSpecArgs and ParamSpecKwargs annotations. + Patch by Gregory Beauregard. + - bpo-45863: When the tarfile module creates a pax format + archive, it will put an integer representation of timestamps + in the ustar header (if possible) for the benefit of older + unarchivers, in addition to the existing full-precision + timestamps in the pax extended header. + - bpo-46676: Make typing.ParamSpec args and kwargs equal to + themselves. Patch by Gregory Beauregard. + - bpo-46672: Fix NameError in asyncio.gather() when initial + type check fails. + - bpo-46655: In typing.get_type_hints(), support evaluating + bare stringified TypeAlias annotations. Patch by Gregory + Beauregard. + - bpo-45948: Fixed a discrepancy in the C implementation of the + xml.etree.ElementTree module. Now, instantiating an + xml.etree.ElementTree.XMLParser with a target=None keyword + provides a default xml.etree.ElementTree.TreeBuilder target + as the Python implementation does. + - bpo-46521: Fix a bug in the codeop module that was + incorrectly identifying invalid code involving string quotes + as valid code. + - bpo-46581: Brings ParamSpec propagation for GenericAlias in + line with Concatenate (and others). + - bpo-46591: Make the IDLE doc URL on the About IDLE dialog + clickable. + - bpo-46400: expat: Update libexpat from 2.4.1 to 2.4.4 + - bpo-46487: Add the get_write_buffer_limits method to + asyncio.transports.WriteTransport and to the SSL transport. + - bpo-45173: Note the configparser deprecations will be removed + in Python 3.12. + - bpo-46539: In typing.get_type_hints(), support evaluating + stringified ClassVar and Final annotations inside Annotated. + Patch by Gregory Beauregard. + - bpo-46491: Allow typing.Annotated to wrap typing.Final and + typing.ClassVar. Patch by Gregory Beauregard. + - bpo-46436: Fix command-line option -d/--directory in module + http.server which is ignored when combined with command-line + option --cgi. Patch by Géry Ogam. + - bpo-41403: Make mock.patch() raise a TypeError with + a relevant error message on invalid arg. Previously it + allowed a cryptic AttributeError to escape. + - bpo-46474: In importlib.metadata.EntryPoint.pattern, avoid + potential REDoS by limiting ambiguity in consecutive + whitespace. + - bpo-46469: asyncio generic classes now return + types.GenericAlias in __class_getitem__ instead of the same + class. + - bpo-46434: pdb now gracefully handles help when __doc__ is + missing, for example when run with pregenerated optimized + .pyc files. + - bpo-46333: The __eq__() and __hash__() methods of + typing.ForwardRef now honor the module parameter of + typing.ForwardRef. Forward references from different modules + are now differentiated. + - bpo-46246: Add missing __slots__ to + importlib.metadata.DeprecatedList. Patch by Arie Bovenberg. + - bpo-46266: Improve day constants in calendar. + - Now all constants (MONDAY … SUNDAY) are documented, tested, + and added to __all__. + - bpo-46232: The ssl module now handles certificates with bit + strings in DN correctly. + - bpo-43118: Fix a bug in inspect.signature() that was causing + it to fail on some subclasses of classes with + a __text_signature__ referencing module globals. Patch by + Weipeng Hong. + - bpo-26552: Fixed case where failing asyncio.ensure_future() + did not close the coroutine. Patch by Kumar Aditya. + - bpo-21987: Fix an issue with tarfile.TarFile.getmember() + getting a directory name with a trailing slash. + - bpo-20392: Fix inconsistency with uppercase file extensions + in MimeTypes.guess_type(). Patch by Kumar Aditya. + - bpo-46080: Fix exception in argparse help text generation if + a argparse.BooleanOptionalAction argument’s default is + argparse.SUPPRESS and it has help specified. Patch by Felix + Fontein. + - bpo-44439: Fix .write() method of a member file in ZipFile, + when the input data is an object that supports the buffer + protocol, the file length may be wrong. + - bpo-45703: When a namespace package is imported before + another module from the same namespace is created/installed + in a different sys.path location while the program is + running, calling the importlib.invalidate_caches() function + will now also guarantee the new module is noticed. + - bpo-24959: Fix bug where unittest sometimes drops frames from + tracebacks of exceptions raised in tests. + - bpo-44791: Fix substitution of ParamSpec in Concatenate with + different parameter expressions. Substitution with a list of + types returns now a tuple of types. Substitution with + Concatenate returns now a Concatenate with concatenated lists + of arguments. + - bpo-14156: argparse.FileType now supports an argument of ‘-’ + in binary mode, returning the .buffer attribute of + sys.stdin/sys.stdout as appropriate. Modes including ‘x’ and + ‘a’ are treated equivalently to ‘w’ when argument is ‘-’. + Patch contributed by Josh Rosenberg + - bpo-46463: Fixes escape4chm.py script used when building the + CHM documentation file + - bpo-46913: Fix test_faulthandler.test_sigfpe() if Python is + built with undefined behavior sanitizer (UBSAN): disable + UBSAN on the faulthandler_sigfpe() function. Patch by Victor + Stinner. + - bpo-46708: Prevent default asyncio event loop policy + modification warning after test_asyncio execution. + - bpo-46678: The function make_legacy_pyc in + Lib/test/support/import_helper.py no longer fails when + PYTHONPYCACHEPREFIX is set to a directory on a different + device from where tempfiles are stored. + - bpo-46616: Ensures test_importlib.test_windows cleans up + registry keys after completion. + - bpo-44359: test_ftplib now silently ignores socket errors to + prevent logging unhandled threading exceptions. Patch by + Victor Stinner. + - bpo-46542: Fix a Python crash in test_lib2to3 when using + Python built in debug mode: limit the recursion limit. Patch + by Victor Stinner. + - bpo-46576: test_peg_generator now disables compiler + optimization when testing compilation of its own C extensions + to significantly speed up the testing on non-debug builds of + CPython. + - bpo-46542: Fix test_json tests checking for RecursionError: + modify these tests to use support.infinite_recursion(). Patch + by Victor Stinner. + - bpo-13886: Skip test_builtin PTY tests on non-ASCII + characters if the readline module is loaded. The readline + module changes input() behavior, but test_builtin is not + intented to test the readline module. Patch by Victor + Stinner. + - bpo-38472: Fix GCC detection in setup.py when + cross-compiling. The C compiler is now run with LC_ALL=C. + Previously, the detection failed with a German locale. + - bpo-46513: configure no longer uses AC_C_CHAR_UNSIGNED macro + and pyconfig.h no longer defines reserved symbol + __CHAR_UNSIGNED__. + - bpo-45296: Clarify close, quit, and exit in IDLE. In the File + menu, ‘Close’ and ‘Exit’ are now ‘Close Window’ (the current + one) and ‘Exit’ is now ‘Exit IDLE’ (by closing all windows). + In Shell, ‘quit()’ and ‘exit()’ mean ‘close Shell’. If there + are no other windows, this also exits IDLE. + - bpo-45447: Apply IDLE syntax highlighting to pyi files. Patch + by Alex Waygood and Terry Jan Reedy. + - bpo-46433: The internal function _PyType_GetModuleByDef now + correctly handles inheritance patterns involving static + types. + - bpo-14916: Fixed bug in the tokenizer that prevented + PyRun_InteractiveOne from parsing from the provided FD. + +- Remove upstreamed patches: + - support-expat-245.patch + +------------------------------------------------------------------- +Tue Feb 22 05:53:06 UTC 2022 - Steve Kowalik + +- Add patch support-expat-245.patch: + * Support Expat >= 2.4.5 + +------------------------------------------------------------------- +Tue Feb 15 23:05:55 UTC 2022 - Matej Cepl + +- bsc#1195831 Obsolete older "most modern" versions of python + packages (python39 for python310 and so forth). For next + versions it is necessary just to edit the macro. + +------------------------------------------------------------------- +Tue Jan 25 16:09:25 UTC 2022 - Matej Cepl + +- Remove second superfluous BR rpm-build-python + +------------------------------------------------------------------- +Tue Jan 25 16:09:25 UTC 2022 - Matej Cepl + +- Remove second superfluous BR rpm-build-python +- Add fix_configure_rst.patch, which removes duplicate link + targets and make documentation with old Sphinx in SLE +- Skip test_capi (bsc#1195140 and bpo#37169) + +------------------------------------------------------------------- +Wed Jan 19 22:01:51 UTC 2022 - Matej Cepl + +- Update to 3.10.2: + Bugfix only + - bpo#46347 memory leak in PyEval_EvalCodeEx (especially + visible with Cython code) + - and many others + +------------------------------------------------------------------- +Wed Dec 8 13:07:25 UTC 2021 - Matej Cepl + +- Upgrade to 3.10.1 (jsc#SLE-18038): + - PEP 623 – Deprecate and prepare for the removal of the wstr + member in PyUnicodeObject. + - PEP 604 – Allow writing union types as X | Y + - PEP 612 – Parameter Specification Variables + - PEP 626 – Precise line numbers for debugging and other tools. + - PEP 618 – Add Optional Length-Checking To zip. + - bpo-12782: Parenthesized context managers are now officially + allowed. + - PEP 632 – Deprecate distutils module. + - PEP 613 – Explicit Type Aliases + - PEP 634 – Structural Pattern Matching: Specification + - PEP 635 – Structural Pattern Matching: Motivation and + Rationale + - PEP 636 – Structural Pattern Matching: Tutorial + - PEP 644 – Require OpenSSL 1.1.1 or newer + - PEP 624 – Remove Py_UNICODE encoder APIs + - PEP 597 – Add optional EncodingWarning +- Patches readjusted: + - bpo-31046_ensurepip_honours_prefix.patch + - python-3.3.0b1-fix_date_time_compiler.patch + +------------------------------------------------------------------- +Sat Dec 4 18:40:28 UTC 2021 - Matej Cepl + +- Remove pdb_adjust_breakpoints.patch and instead just adjust location + of the test breakpoint in Lib/test/test_pdb.py via sed, because we + have shortened Lib/pdb.py by removing the shebang (bpo#45964). + +------------------------------------------------------------------- +Thu Dec 2 13:51:57 UTC 2021 - Matej Cepl + +- Add pdb_adjust_breakpoints.patch fixing expectd results in + test_pdb_breakpoints_preserved_across_interactive_sessions + (bpo#45964). + +------------------------------------------------------------------- +Mon Nov 29 00:17:07 UTC 2021 - Matej Cepl + +- Remove shebangs from from python-base libraries in _libdir + (bsc#1193179). +- Readjust patches: + - bpo-31046_ensurepip_honours_prefix.patch + - decimal.patch + - python-3.3.0b1-fix_date_time_compiler.patch + +------------------------------------------------------------------- +Tue Nov 16 16:03:43 UTC 2021 - Matej Cepl + +- Move rpm-build-python construct to correct place. + +------------------------------------------------------------------- +Wed Oct 13 08:52:47 UTC 2021 - Dominique Leuenberger + +- BuildRequire rpm-build-python: The provider to inject python(abi) + has been moved there. rpm-build pulls rpm-build-python + automatically in when building anything against python3-base, but + this implies that the initial build of python3-base does not + trigger the automatic installation. + +------------------------------------------------------------------- +Tue Oct 5 22:36:51 UTC 2021 - Matej Cepl + +- Final release of 3.10.0: + Complete list on https://www.python.org/downloads/release/python-3100/, + but highlights are: + - PEP 623 – Deprecate and prepare for the removal of the wstr + member in PyUnicodeObject. + - PEP 604 – Allow writing union types as X | Y + - PEP 612 – Parameter Specification Variables + - PEP 626 – Precise line numbers for debugging and other + tools. + - PEP 618 – Add Optional Length-Checking To zip. + - PEP 632 – Deprecate distutils module. + - PEP 613 – Explicit Type Aliases + - PEP 634 – Structural Pattern Matching: Specification + - PEP 635 – Structural Pattern Matching: Motivation and + Rationale + - PEP 636 – Structural Pattern Matching: Tutorial + - PEP 644 – Require OpenSSL 1.1.1 or newer + - PEP 624 – Remove Py_UNICODE encoder APIs + - PEP 597 – Add optional EncodingWarning + - bpo-12782: Parenthesized context managers are now officially + allowed. + +------------------------------------------------------------------- +Mon Aug 30 12:48:25 UTC 2021 - Matej Cepl + +- Switch on option --with-system-libmpdec (bsc#1189356). + +------------------------------------------------------------------- +Fri Aug 27 13:15:03 UTC 2021 - Andreas Schwab + +- Reenable profileopt with qemu emulation, test_faulthandler is no longer + run during profiling + +------------------------------------------------------------------- +Thu Aug 12 15:11:39 UTC 2021 - Andreas Schwab + +- test_faulthandler is still problematic under qemu linux-user emulation, + disable it there + +------------------------------------------------------------------- +Wed Aug 11 05:57:11 UTC 2021 - Matej Cepl + +- Update to 3.10.0rc1 (the penultimate prerelease), which contains + plenty of small bugfixes among others: + - bpo#38605: from __future__ import annotations (PEP 563) used to be + on this list in previous pre-releases but it has been postponed to + Python 3.11 due to some compatibility concerns. + - bpo-44600: Fix incorrect line numbers while tracing some failed + patterns in match statements. Patch by Charles Burkland. + - plenty of modifications in types.Union + +------------------------------------------------------------------- +Wed Jul 21 13:44:48 UTC 2021 - Matej Cepl + +- Update to 3.10.0b4: + https://docs.python.org/3.10/whatsnew/changelog.html#python-3-10-0-beta-4 +- Remove python3-imp-returntype.patch which has been upstreamed. + +------------------------------------------------------------------- +Mon Jun 7 15:52:44 UTC 2021 - Matej Cepl + +- Update to 3.10.0b2: + - PEP 623 -- Deprecate and prepare for the removal of the wstr + member in PyUnicodeObject. + - PEP 604 -- Allow writing union types as X | Y + - PEP 612 -- Parameter Specification Variables + - PEP 626 -- Precise line numbers for debugging and other + tools. + - PEP 618 -- Add Optional Length-Checking To zip. + - bpo-12782: Parenthesized context managers are now officially + allowed. + - PEP 632 -- Deprecate distutils module. + - PEP 613 -- Explicit Type Aliases + - PEP 634 -- Structural Pattern Matching: Specification + - PEP 635 -- Structural Pattern Matching: Motivation and + Rationale + - PEP 636 -- Structural Pattern Matching: Tutorial + - PEP 644 -- Require OpenSSL 1.1.1 or newer + - PEP 624 -- Remove Py_UNICODE encoder APIs + - PEP 597 -- Add optional EncodingWarning +- Removed patches (assumed upstream): + - sphinx-update-removed-function.patch + +------------------------------------------------------------------- +Sat Jun 5 21:21:38 UTC 2021 - Matej Cepl + +- Revert previous skip over test_capi +- Add skip-test_pyobject_freed_is_freed.patch to skip failing + test on SLE-15. + +------------------------------------------------------------------- +Fri Jun 4 21:36:30 UTC 2021 - Dirk Müller + +- allow build with Sphinx >= 3.x + +------------------------------------------------------------------- +Wed Jun 2 13:12:04 UTC 2021 - Dan Čermák + +- Exclude test_capi on Leap (test fails there) + +------------------------------------------------------------------- +Fri May 21 15:13:59 UTC 2021 - Matej Cepl + +- Stop providing "python" symbol (bsc#1185588), which means + python2 currently. + +------------------------------------------------------------------- +Wed May 5 15:16:58 UTC 2021 - Matej Cepl + +- Update to 3.9.5: + * Security + - bpo-43434: Creating a sqlite3.Connection object now also + produces a sqlite3.connect auditing event. Previously this + event was only produced by sqlite3.connect() calls. Patch + by Erlend E. Aasland. + - bpo-43882: The presence of newline or tab characters in + parts of a URL could allow some forms of attacks. + - Following the controlling specification for URLs defined by + WHATWG urllib.parse() now removes ASCII newlines and tabs + from URLs, preventing such attacks. + - bpo-43472: Ensures interpreter-level audit hooks receive + the cpython.PyInterpreterState_New event when called + through the _xxsubinterpreters module. + - bpo-36384: ipaddress module no longer accepts any leading + zeros in IPv4 address strings. Leading zeros are ambiguous + and interpreted as octal notation by some libraries. For + example the legacy function socket.inet_aton() treats + leading zeros as octal notatation. glibc implementation of + modern inet_pton() does not accept any leading zeros. For + a while the ipaddress module used to accept ambiguous + leading zeros. + - bpo-43075: Fix Regular Expression Denial of Service (ReDoS) + vulnerability in urllib.request.AbstractBasicAuthHandler. + The ReDoS-vulnerable regex has quadratic worst-case + complexity and it allows cause a denial of service when + identifying crafted invalid RFCs. This ReDoS issue is on + the client side and needs remote attackers to control the + HTTP server. + - bpo-42800: Audit hooks are now fired for frame.f_code, + traceback.tb_frame, and generator code/frame attribute + access. + * Core and Builtins + - bpo-43105: Importlib now resolves relative paths when + creating module spec objects from file locations. + - bpo-42924: Fix bytearray repetition incorrectly copying + data from the start of the buffer, even if the data is + offset within the buffer (e.g. after reassigning a slice at + the start of the bytearray to a shorter byte string). + * Library + - bpo-43993: Update bundled pip to 21.1.1. + - bpo-43937: Fixed the turtle module working with non-default + root window. + - bpo-43930: Update bundled pip to 21.1 and setuptools to + 56.0.0 + - bpo-43920: OpenSSL 3.0.0: load_verify_locations() now + returns a consistent error message when cadata contains no + valid certificate. + - bpo-43607: urllib can now convert Windows paths with \\?\ + prefixes into URL paths. + - bpo-43284: platform.win32_ver derives the windows version + from sys.getwindowsversion().platform_version which in turn + derives the version from kernel32.dll (which can be of + a different version than Windows itself). Therefore change + the platform.win32_ver to determine the version using the + platform module’s _syscmd_ver private function to return an + accurate version. + - bpo-42248: [Enum] ensure exceptions raised in _missing__ + are released + - bpo-43799: OpenSSL 3.0.0: define OPENSSL_API_COMPAT 1.1.1 + to suppress deprecation warnings. Python requires OpenSSL + 1.1.1 APIs. + - bpo-43794: Add ssl.OP_IGNORE_UNEXPECTED_EOF constants + (OpenSSL 3.0.0) + - bpo-43789: OpenSSL 3.0.0: Don’t call the password callback + function a second time when first call has signaled an + error condition. + - bpo-43788: The header files for ssl error codes are now + OpenSSL version-specific. Exceptions will now show correct + reason and library codes. The make_ssl_data.py script has + been rewritten to use OpenSSL’s text file with error codes. + - bpo-43655: tkinter dialog windows are now recognized as + dialogs by window managers on macOS and X Window. + - bpo-43534: turtle.textinput() and turtle.numinput() create + now a transient window working on behalf of the canvas + window. + - bpo-43522: Fix problem with hostname_checks_common_name. + OpenSSL does not copy hostflags from struct SSL_CTX to + struct SSL. + - bpo-42967: Allow bytes separator argument in + urllib.parse.parse_qs and urllib.parse.parse_qsl when + parsing str query strings. Previously, this raised + a TypeError. + - bpo-43176: Fixed processing of a dataclass that inherits + from a frozen dataclass with no fields. It is now correctly + detected as an error. + - bpo-41735: Fix thread locks in zlib module may go wrong in + rare case. Patch by Ma Lin. + - bpo-36470: Fix dataclasses with InitVars and replace(). + Patch by Claudiu Popa. + - bpo-32745: Fix a regression in the handling of ctypes’ + ctypes.c_wchar_p type: embedded null characters would cause + a ValueError to be raised. Patch by Zackery Spytz. + * Documentation + - bpo-43959: The documentation on the PyContextVar C-API was + clarified. + - bpo-43938: Update dataclasses documentation to express that + FrozenInstanceError is derived from AttributeError. + - bpo-43755: Update documentation to reflect that + unparenthesized lambda expressions can no longer be the + expression part in an if clause in comprehensions and + generator expressions since Python 3.9. + - bpo-43739: Fixing the example code in + Doc/extending/extending.rst to declare and initialize the + pmodule variable to be of the right type. + * Tests + - bpo-43961: Fix + test_logging.test_namer_rotator_inheritance() on Windows: + use os.replace() rather than os.rename(). Patch by Victor + Stinner. + - bpo-43842: Fix a race condition in the SMTP test of + test_logging. Don’t close a file descriptor (socket) from + a different thread while asyncore.loop() is polling the + file descriptor. Patch by Victor Stinner. + - bpo-43811: Tests multiple OpenSSL versions on GitHub + Actions. Use ccache to speed up testing. + - bpo-43791: OpenSSL 3.0.0: Disable testing of legacy + protocols TLS 1.0 and 1.1. Tests are failing with + TLSV1_ALERT_INTERNAL_ERROR. +- Refreshed patches: + - bpo-31046_ensurepip_honours_prefix.patch + - python-3.3.0b1-fix_date_time_compiler.patch +- Add vendorized files from bluez-devel to enable building support for + Bluetooth. + +------------------------------------------------------------------- +Sun May 2 09:20:06 UTC 2021 - Ben Greiner + +- Make sure to close the import_failed.map file after the exception + has been raised in order to avoid ResourceWarnings when the + failing import is part of a try...except block. + +------------------------------------------------------------------- +Wed Apr 28 16:39:54 UTC 2021 - Matej Cepl + +- Update to 3.9.4: + - bpo#43710: Reverted the fix for https://bugs.python.org/issue42500 + as it changed the PyThreadState struct size and broke the 3.9.x ABI + in the 3.9.3 release (visible on 32-bit platforms using binaries + compiled using an earlier version of Python 3.9.x headers). + - bpo#26053: Fixed bug where the pdb interactive run command echoed + the args from the shell command line, even if those have been + overridden at the pdb prompt. + - bpo#42988 (bsc#1183374) CVE-2021-3426: Remove the getfile + feature of the pydoc module which could be abused to read + arbitrary files on the disk (directory traversal + vulnerability). Moreover, even source code of Python modules + can contain sensitive data like passwords. Vulnerability + reported by David Schwörer. + - bpo#43285: ftplib no longer trusts the IP address value + returned from the server in response to the PASV command by + default. This prevents a malicious FTP server from using the + response to probe IPv4 address and port combinations on the + client network. Code that requires the former vulnerable + behavior may set a trust_server_pasv_ipv4_address attribute + on their ftplib.FTP instances to True to re-enable it. + - bpo#43439: Add audit hooks for gc.get_objects(), + gc.get_referrers() and gc.get_referents(). Patch by Pablo + Galindo. + - bpo#43660: Fix crash that happens when replacing sys.stderr + with a callable that can remove the object while an exception + is being printed. Patch by Pablo Galindo. + - bpo#43555: Report the column offset for SyntaxError for + invalid line continuation characters. Patch by Pablo Galindo. + - bpo#43517: Fix misdetection of circular imports when using + from pkg.mod import attr, which caused false positives in + non-trivial multi-threaded code. + - bpo#35883: Python no longer fails at startup with a fatal + error if a command line argument contains an invalid Unicode + character. The Py_DecodeLocale() function now escapes byte + sequences which would be decoded as Unicode characters + outside the [U+0000; U+10ffff] range. + - bpo#43406: Fix a possible race condition where + PyErr_CheckSignals tries to execute a non-Python signal + handler. + - bpo#42500: Improve handling of exceptions near recursion + limit. Converts a number of Fatal Errors in RecursionErrors. + - bpo#43433: xmlrpc.client.ServerProxy no longer ignores query + and fragment in the URL of the server. + - bpo#35930: Raising an exception raised in a “future” instance + will create reference cycles. + - bpo#43577: Fix deadlock when using ssl.SSLContext debug + callback with ssl.SSLContext.sni_callback(). + - bpo#43521: ast.unparse can now render NaNs and empty sets. + - bpo#43423: subprocess.communicate() no longer raises an + IndexError when there is an empty stdout or stderr IO buffer + during a timeout on Windows. + - bpo#27820: Fixed long-standing bug of smtplib.SMTP where + doing AUTH LOGIN with initial_response_ok=False will fail. + The cause is that SMTP.auth_login _always_ returns a password + if provided with a challenge string, thus non-compliant with + the standard for AUTH LOGIN. Also fixes bug with the test for + smtpd. + - bpo#43332: Improves the networking efficiency of http.client + when using a proxy via set_tunnel(). Fewer small send calls + are made during connection setup. + - bpo#43399: Fix ElementTree.extend not working on iterators + when using the Python implementation + - bpo#43316: The python -m gzip command line application now + properly fails when detecting an unsupported extension. It + exits with a non-zero exit code and prints an error message + to stderr. + - bpo#43260: Fix TextIOWrapper can not flush internal buffer + forever after very large text is written. + - bpo#42782: Fail fast in shutil.move() to avoid creating + destination directories on failure. + - bpo#37193: Fixed memory leak in socketserver.ThreadingMixIn + introduced in Python 3.7. + - bpo#43199: Answer “Why is there no goto?” in the Design and + History FAQ. + - bpo#43407: Clarified that a result from time.monotonic(), + time.perf_counter(), time.process_time(), or + time.thread_time() can be compared with the result from any + following call to the same function - not just the next + immediate call. + - bpo#27646: Clarify that ‘yield from ’ works with any + iterable, not just iterators. + - bpo#36346: Update some deprecated unicode APIs which are + documented as “will be removed in 4.0” to “3.12”. See PEP 623 + for detail. + - bpo#37945: Fix test_getsetlocale_issue1813() of test_locale: + skip the test if setlocale() fails. Patch by Victor Stinner. + - bpo#41561: Add workaround for Ubuntu’s custom OpenSSL + security level policy. + - bpo#43288: Fix test_importlib to correctly skip Unicode file + tests if the fileystem does not support them. + - bpo#43617: Improve configure.ac: Check for presence of + autoconf-archive package and remove our copies of M4 macros. + - bpo#42225: Document that IDLE can fail on Unix either from + misconfigured IP masquerage rules or failure displaying + complex colored (non-ascii) characters. + - bpo#43283: Document why printing to IDLE’s Shell is often + slower than printing to a system terminal and that it can be + made faster by pre-formatting a single string before + printing. + +------------------------------------------------------------------- +Fri Feb 19 16:58:38 UTC 2021 - Matej Cepl + +- Update to 3.9.2: + - bpo#42938 (bsc#1181126): Avoid static buffers when computing + the repr of ctypes.c_double and ctypes.c_longdouble + values. This issue was assigned CVE-2021-3177. + - bpo#42967 (bsc#1182379): Fix web cache poisoning + vulnerability by defaulting the query args separator to &, + and allowing the user to choose a custom separator. This + issue was assigned CVE-2021-23336. +- Upstreamed patches were removed: + - CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch + - bsc1167501-invalid-alignment.patch + - skip_random_failing_tests.patch + - CVE-2019-5010-null-defer-x509-cert-DOS.patch + +------------------------------------------------------------------- +Tue Feb 9 01:37:59 UTC 2021 - Steve Kowalik + +- Add Obsoletes for python3-base when primary interpreter is set to + properly replace it during upgrades. (bsc#1181324) + +------------------------------------------------------------------- +Mon Feb 8 22:02:03 UTC 2021 - Matej Cepl + +- Update to 3.9.1: + Security bugs: + - Prevented potential DoS attack via CPU and RAM exhaustion + when processing malformed Apple Property List files in binary + format. + - The plistlib module no longer accepts entity declarations in + XML plist files to avoid XML vulnerabilities. This should not + affect users as entity declarations are not used in regular + plist files. + - Add volatile to the accumulator variable in + hmac.compare_digest, making constant-time-defeating + optimizations less likely. + Core and Builtins + - Allow assignment expressions in set literals and set + comprehensions as per PEP 572. Patch by Pablo Galindo. + - Fix a regression introduced by the new parser, where an + unparenthesized walrus operator was not allowed within + generator expressions. + - types.GenericAlias objects can now be the targets of + weakrefs. + - Fixed a bug in the PEG parser that was causing crashes in + debug mode. Now errors are checked in left-recursive rules to + avoid cases where such errors do not get handled in time and + appear as long-distance crashes in other places. + - Fixed a possible crash in the PEG parser when checking for + the ‘!=’ token in the barry_as_flufl rule. Patch by Pablo + Galindo. + - Fix handling of errors during creation of PyFunctionObject, + which resulted in operations on uninitialized memory. Patch + by Yonatan Goldschmidt. + - Fix a bug in the parser, where a curly brace following + a primary didn’t fail immediately. This led to invalid + expressions like a {b} to throw a SyntaxError with a wrong + offset, or invalid expressions ending with a curly brace like + a { to not fail immediately in the REPL. + - Fix possible buffer overflow in the new parser when checking + for continuation lines. Patch by Pablo Galindo. + - Run the parser two times. On the first run, disable all the + rules that only generate better error messages to gain + performance. If there’s a parse failure, run the parser + a second time with those enabled. + - Document the default implementation of object.__eq__. + - Fix peephole optimizer misoptimize conditional jump + + JUMP_IF_NOT_EXC_MATCH pair. + - The garbage collector now tracks all user-defined classes. + Patch by Brandt Bucher. + - Fixed potential issues with removing not completely + initialized module from sys.modules when import fails. + - Star-unpacking is now allowed for with item’s targets in the + PEG parser. + - Fixed stack overflow in issubclass() and isinstance() when + getting the __bases__ attribute leads to infinite recursion. + - When loading a native module and a load failure occurs, + prevent a possible UnicodeDecodeError when not running in + a UTF-8 locale by decoding the load error message using the + current locale’s encoding. + - Correctly count control blocks in ‘except’ in compiler. + Ensures that a syntax error, rather a fatal error, occurs for + deeply nested, named exception handlers. + Library + - types.GenericAlias will now raise a TypeError when attempting + to initialize with a keyword argument. Previously, this would + cause the interpreter to crash if the interpreter was + compiled with debug symbols. This does not affect + interpreters compiled for release. Patch by Ken Jin. + - CGIHTTPRequestHandler.run_cgi() HTTP_ACCEPT improperly + parsed. Replace the special purpose getallmatchingheaders + with generic get_all method and add relevant tests. + - inspect.findsource() now raises OSError instead of IndexError + when co_lineno of a code object is greater than the file + length. This can happen, for example, when a file is edited + after it was imported. PR by Irit Katriel. + - Fix handling of trailing comments by inspect.getsource(). + - ChainMap.__iter__ no longer calls __getitem__ on underlying + maps + - TracebackException no longer holds a reference to the + exception’s traceback object. Consequently, instances of + TracebackException for equivalent but non-equal exceptions + now compare as equal. + - We fixed an issue in pickle.whichmodule in which importing + multiprocessing could change the how pickle identifies which + module an object belongs to, potentially breaking the + unpickling of those objects. + - Clarify the error message for asyncio.IncompleteReadError + when expected is None. + - Extracting a symlink from a tarball should succeed and + overwrite the symlink if it already exists. The fix is to + remove the existing file or symlink before extraction. Based + on patch by Chris AtLee, Jeffrey Kintscher, and Senthil + Kumaran. + - Fixed tkinter.ttk.Style.map(). The function accepts now the + representation of the default state as empty sequence (as + returned by Style.map()). The structure of the result is now + the same on all platform and does not depend on the value of + wantobjects. + - Fix various issues with typing.Literal parameter handling + (flatten, deduplicate, use type to cache key). Patch provided + by Yurii Karabas. + - Fix the threading.Thread class at fork: do nothing if the + thread is already stopped (ex: fork called at Python exit). + Previously, an error was logged in the child process. + - The onerror callback from shutil.rmtree now receives correct + function when os.open fails. + - Fix os.sendfile() on illumos. + - Fixed writing binary Plist files larger than 4 GiB. + - The repr() of typing types containing Generic Alias Types + previously did not show the parameterized types in the + GenericAlias. They have now been changed to do so. + - webbrowser: Ignore NotADirectoryError when calling + xdg-settings. + - binhex.binhex() consisently writes macOS 9 line endings. + - Fix a stack overflow error for asyncio Task or Future repr(). + - The overflow occurs under some circumstances when a Task or + Future recursively returns itself. + - Fix memory leak in subprocess.Popen() in case an uid (gid) + specified in user (group, extra_groups) overflows uid_t + (gid_t). + - Improve asyncio.wait function to create the futures set just + one time. + - InvalidFileException and RecursionError are now the only + errors caused by loading malformed binary Plist file + (previously ValueError and TypeError could be raised in some + specific cases). + - Pickling heap types implemented in C with protocols 0 and + 1 raises now an error instead of producing incorrect data. + - plistlib: fix parsing XML plists with hexadecimal integer + values + - Fix an incorrectly formatted error from + _codecs.charmap_decode() when called with a mapped value + outside the range of valid Unicode code points. PR by Max + Bernstein. + - Fix pickling pure Python datetime.time subclasses. Patch by + Dean Inwood. + - Fixed a bug that was causing ctypes.util.find_library() to + return None when triying to locate a library in an + environment when gcc>=9 is available and ldconfig is not. + Patch by Pablo Galindo + - C14N 2.0 serialisation in xml.etree.ElementTree failed for + unprefixed attributes when a default namespace was defined. + - Fix a bug in the symtable module that was causing + module-scope global variables to not be reported as both + local and global. Patch by Pablo Galindo. + - str() for the type attribute of the tkinter.Event object + always returns now the numeric code returned by Tk instead of + the name of the event type. + - fix tkinter.EventType Enum so all members are strings, and + none are tuples + - Fix SQLite3 segfault when backing up closed database. Patch + contributed by Peter David McCormick. + - Fix the tarfile module to write only basename of TAR file to + GZIP compression header. + - Allow ctypes.wintypes to be imported on non-Windows systems. + - shutil.which() now ignores empty entries in PATHEXT instead + of treating them as a match. + - Fix time-of-check/time-of-action issue in + subprocess.Popen.send_signal. + - Fix --outfile for cProfile / profile not writing the output + file in the original directory when the program being + profiled changes the working directory. PR by Anthony + Sottile. + - ZipFile truncates files to avoid corruption when a shorter + comment is provided in append (“a”) mode. Patch by Jan Mazur. + - Fixed KeyError exception when flattening an email to a string + attempts to replace a non-existent Content-Transfer-Encoding + header. + Documentation + - Fix the URL for the IMAP protocol documents. + - Document __format__ functionality for IP addresses. + - Clarify that subscription expressions are also valid for + certain classes and types in the standard library, and for + user-defined classes and types if the classmethod + __class_getitem__() is provided. + - Documented generic alias type and types.GenericAlias. Also + added an entry in glossary for generic types. + - In Programming FAQ “Sequences (Tuples/Lists)” section, add + “How do you remove multiple items from a list”. + - Fix RemovedInSphinx40Warning when building the documentation. + Patch by Dong-hee Na. + - Update the refcounts info of PyType_FromModuleAndSpec. + - Fix tarfile’s extractfile documentation + - Document some restrictions on the default string + representations of numeric classes. + Tests + - Reenable test_gdb on gdb 9.2 and newer: + https://bugzilla.redhat.com/show_bug.cgi?id=1866884 bug is + fixed in gdb 10.1. + - Fix test_asyncio.test_call_later() race condition: don’t + measure asyncio performance in the call_later() unit test. + The test failed randomly on the CI. + - Include _testinternalcapi module in Windows installer for + test suite + - Fix test_logging.test_race_between_set_target_and_flush(): + the test now waits until all threads complete to avoid + leaking running threads. + - Avoid a test failure in test_lib2to3 if the module has + already imported at the time the test executes. Patch by + Pablo Galindo. + - Tests for CJK codecs no longer call eval() on content + received via HTTP. + - Fix test_site.test_license_exists_at_url(): call + urllib.request.urlcleanup() to reset the global + urllib.request._opener. Patch by Victor Stinner. + - test_ssl: skip test_min_max_version_mismatch when TLS 1.0 is + not available + - Add tests for SIGINT handling in the runpy module. + - Fixed a failure in test_tk.test_widgets.ScaleTest happening + when executing the test with Tk 8.6.10. + Build + - Fix a race condition in “make regen-all” when make -jN option + is used to run jobs in parallel. The clinic.py script now + only use atomic write to write files. Moveover, generated + files are now left unchanged if the content does not change, + to not change the file modification time. + - Update Py_UNREACHABLE to use __builtin_unreachable() if only + the compiler is able to use it. Patch by Dong-hee Na. + - Addressed three compiler warnings found by undefined behavior + sanitizer (ubsan). + IDLE + - Fix reporting offset of the RE error in searchengine. + - Get docstrings for IDLE calltips more often by using + inspect.getdoc. + - Mostly finish using ttk widgets, mainly for editor, settings, + and searches. Some patches by Mark Roseman. + - Use ‘IDLE Shell’ as shell title + - Rewrite the Calltips doc section. + - In calltips, stop reminding that ‘/’ marks the end of + positional-only arguments. + - Typing opening and closing parentheses inside the parentheses + of a function call will no longer cause unnecessary + “flashing” off and on of an existing open call-tip, e.g. when + typed in a string literal. + C API + - Fix potential crash in deallocating method objects when + dynamically allocated PyMethodDef’s lifetime is managed + through the self argument of a PyCFunction. + - Py_FileSystemDefaultEncodeErrors and Py_UTF8Mode are + available again in limited API. +- Readjustet and reapplied patches: + - CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch + - bpo-31046_ensurepip_honours_prefix.patch + - python-3.3.0b1-fix_date_time_compiler.patch + - skip_random_failing_tests.patch + - sphinx-update-removed-function.patch + +------------------------------------------------------------------- +Fri Jan 29 17:22:48 UTC 2021 - Matej Cepl + +- Add CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch fixing + bsc#1181126 (CVE-2021-3177) buffer overflow in PyCArg_repr in + _ctypes/callproc.c, which may lead to remote code execution. + +------------------------------------------------------------------- +Tue Jan 5 09:15:36 UTC 2021 - Matej Cepl + +- (bsc#1180125) We really don't Require python-rpm-macros package. + Unnecessary dependency. + +------------------------------------------------------------------- +Wed Dec 16 16:08:42 UTC 2020 - Matej Cepl + +- Make python39-doc building again +- Add no-skipif-doctests.patch, because SLE-15 version of Sphinx + doesn't know about skipif directive in doctests. + +------------------------------------------------------------------- +Sat Dec 12 14:29:33 UTC 2020 - Matej Cepl + +- Update sphinx-update-removed-function.patch patch to the latest + version in python36. + +------------------------------------------------------------------- +Thu Dec 10 00:26:51 UTC 2020 - Benjamin Greiner + +- Last try before this results in an editwar: + * remove importlib_resources and importlib-metadata + provides/obsoletes + * import importlib_resources is not the same as + import importlib.resources, same for metadata + * The backport packages from PyPI needed for older flavors are + specified as such for setuptools or in pyproject.toml. If a + package requires them they typically add them with a python + version qualifier and the packages have their own version + numbers. + +------------------------------------------------------------------- +Sat Dec 5 16:55:12 UTC 2020 - Matej Cepl + +- Add patch sphinx-update-removed-function.patch to no longer call + a now removed function and to make documentation build independent of + the Sphinx version (bsc#1179630, gh#python/cpython#13236). + +------------------------------------------------------------------- +Fri Nov 13 17:20:08 UTC 2020 - Matej Cepl + +- Don't require packages which break build on SLE-15 although we really + don't need them (python3-python-docs-theme and + python3-sphinxcontrib-qthelp). + +------------------------------------------------------------------- +Fri Oct 9 16:05:50 UTC 2020 - Dominique Leuenberger + +- Fix build with RPM 4.16: error: bare words are no longer + supported, please use "...": x86 == ppc. + +------------------------------------------------------------------- +Tue Oct 6 07:30:56 UTC 2020 - Matej Cepl + +- Update to the final version 3.9.0: + Complete changelog with all (many) + changes from previous version is on + https://docs.python.org/release/3.9.0/whatsnew/3.9.html + Changes from the previous RC versions (not that many) are on + https://docs.python.org/release/3.9.0/whatsnew/changelog.html#changelog + +------------------------------------------------------------------- +Fri Sep 25 06:58:03 UTC 2020 - Dominique Leuenberger + +- Buildrequire timezone only for general flavor. It's used in this + flavor for the test suite. + +------------------------------------------------------------------- +Wed Sep 2 14:39:44 UTC 2020 - Matej Cepl + +- Update to 3.9.0rc1: + * Core and Builtins + - bpo-38156: Handle interrupts that come after EOF + correctly in PyOS_StdioReadline. + * Library + - bpo-41497: Fix potential UnicodeDecodeError in dis + module. + - bpo-41490: Update ensurepip to install pip 20.2.1 and + setuptools 49.2.1. + - bpo-41467: On Windows, fix asyncio recv_into() return + value when the socket/pipe is closed (BrokenPipeError): + return 0 rather than an empty byte string (b''). + - bpo-41425: Make tkinter doc example runnable. + - bpo-41384: Raise TclError instead of TypeError when an + unknown option is passed to tkinter.OptionMenu. + - bpo-38731: Fix NameError in command-line interface of + py_compile. + - bpo-41317: Use add_done_callback() in + asyncio.loop.sock_accept() to unsubscribe reader early on + cancellation. + - bpo-41364: Reduce import overhead of uuid. + - bpo-41341: Recursive evaluation of typing.ForwardRef in + get_type_hints. + - bpo-41182: selector: use DefaultSelector based upon + implementation + - bpo-40726: Handle cases where the end_lineno is None on + ast.increment_lineno(). + * Documentation + - bpo-41045: Add documentation for debug feature of + f-strings. + - bpo-41314: Changed the release when from __future__ + import annotations becomes the default from 4.0 to 3.10 + (following a change in PEP 563). + * Windows + - bpo-41492: Fixes the description that appears in UAC + prompts. + - bpo-40948: Improve post-install message to direct people + to the “py” command. + - bpo-41412: The installer will now fail to install on + Windows 7 and Windows 8. Further, the UCRT dependency is + now always downloaded on demand. + - bpo-40741: Update Windows release to include SQLite + 3.32.3. + * IDLE + - bpo-41468: Improve IDLE run crash error message (which + users should never see). + - bpo-41373: Save files loaded with no line ending, as when + blank, or different line endings, by setting its line + ending to the system default. Fix regression in 3.8.4 and + 3.9.0b4. + +------------------------------------------------------------------- +Tue Sep 1 10:15:06 UTC 2020 - Matej Cepl + +- Synchronize formatting and fixes with python38. + +------------------------------------------------------------------- +Thu Aug 20 15:41:28 UTC 2020 - Andreas Schwab + +- Increase testsuite timeout to account for super long running + test_peg_generator + +------------------------------------------------------------------- +Tue Jul 21 09:53:06 UTC 2020 - Callum Farmer + +- Removed CVE-2019-20907_tarfile-inf-loop.patch: fixed in upstream +- Removed recursion.tar: contained in upstream +- Update to 3.9.0b5: + - bpo-41304: Fixes python3x._pth being ignored on Windows, caused + by the fix for bpo-29778 (CVE-2020-15801). + - bpo-41162: Audit hooks are now cleared later during + finalization to avoid missing events. + - bpo-29778: Ensure python3.dll is loaded from correct locations + when Python is embedded (CVE-2020-15523). + - bpo-39603: Prevent http header injection by rejecting control + characters in http.client.putrequest(…). + - bpo-41295: Resolve a regression in CPython 3.8.4 where defining + “__setattr__” in a multi-inheritance setup and + calling up the hierarchy chain could fail if builtins/extension + types were involved in the base types. + - bpo-41247: Always cache the running loop holder when running + asyncio.set_running_loop. + - bpo-41252: Fix incorrect refcounting in + _ssl.c’s _servername_callback(). + - bpo-41215: Use non-NULL default values in the PEG parser + keyword list to overcome a bug that was ' + preventing Python from being properly compiled when using the + XLC compiler. Patch by Pablo Galindo. + - bpo-41218: Python 3.8.3 had a regression where compiling with + ast.PyCF_ALLOW_TOP_LEVEL_AWAIT would + aggressively mark list comprehension with CO_COROUTINE. Now only + list comprehension making use of async/await will tagged as so. + - bpo-41175: Guard against a NULL pointer dereference within + bytearrayobject triggered by the bytearray() + bytearray() operation. + - bpo-39960: The “hackcheck” that prevents sneaking around a type’s + __setattr__() by calling the superclass method was + rewritten to allow C implemented heap types. + - bpo-41288: Unpickling invalid NEWOBJ_EX opcode with the + C implementation raises now UnpicklingError instead of crashing. + - bpo-39017: Avoid infinite loop when reading specially crafted + TAR files using the tarfile module (CVE-2019-20907, bsc#1174091). + - bpo-41235: Fix the error handling in ssl.SSLContext.load_dh_params(). + - bpo-41207: In distutils.spawn, restore expectation that + DistutilsExecError is raised when the command is not found. + - bpo-39168: Remove the __new__ method of typing.Generic. + - bpo-41194: Fix a crash in the _ast module: it can no longer be + loaded more than once. It now uses a global state rather than a module state. + - bpo-39384: Fixed email.contentmanager to allow set_content() to set a + null string. + - bpo-41300: Save files with non-ascii chars. + Fix regression released in 3.9.0b4 and 3.8.4. + - bpo-37765: Add keywords to module name completion list. + Rewrite Completions section of IDLE doc. + - bpo-40170: Revert PyType_HasFeature() change: it reads + again directly the PyTypeObject.tp_flags + member when the limited C API is not used, rather than always calling + PyType_GetFlags() which hides implementation details. + +------------------------------------------------------------------- +Mon Jul 20 12:06:41 UTC 2020 - Matej Cepl + +- Add CVE-2019-20907_tarfile-inf-loop.patch fixing bsc#1174091 + (CVE-2019-20907, bpo#39017) avoiding possible infinite loop + in specifically crafted tarball. + Add recursion.tar as a testing tarball for the patch. + +------------------------------------------------------------------- +Fri Jul 17 07:07:19 UTC 2020 - Callum Farmer + +- Changed bpo-31046_ensurepip_honours_prefix.patch to include fix from py3.8 + +------------------------------------------------------------------- +Thu Jul 16 21:45:50 UTC 2020 - Callum Farmer + +- Spec file fixes +- Re-added subprocess-raise-timeout.patch: now compatible +- Removed bpo34022-stop_hash-based_invalidation_w_SOURCE_DATE_EPOCH.patch: contained in upstream + +------------------------------------------------------------------- +Wed Jul 15 09:10:42 UTC 2020 - Tomáš Chvátal + +- Fix minor issues found in the staging. + +------------------------------------------------------------------- +Wed Jul 15 06:13:33 UTC 2020 - Tomáš Chvátal + +- Do not set ourselves as primary interpreter + +------------------------------------------------------------------- +Tue Jul 14 20:45:11 UTC 2020 - Matej Cepl + +- Update to 3.9.0b4: + - PEP 584, Union Operators in dict + - PEP 585, Type Hinting Generics In Standard Collections + - PEP 593, Flexible function and variable annotations + - PEP 602, Python adopts a stable annual release cadence + - PEP 615, Support for the IANA Time Zone Database in the + Standard Library + - PEP 616, String methods to remove prefixes and suffixes + - PEP 617, New PEG parser for CPython + - bpo#38379, garbage collection does not block on resurrected + objects; + - bpo#38692, os.pidfd_open added that allows process + management without races and signals; + - bpo#39926, Unicode support updated to version 13.0.0; + - bpo#1635741, when Python is initialized multiple times in + the same process, it does not leak memory anymore; + - A number of Python builtins (range, tuple, set, frozenset, + list, dict) are now sped up using PEP 590 vectorcall; + - A number of Python modules (_abc, audioop, _bz2, _codecs, + _contextvars, _crypt, _functools, _json, _locale, operator, + resource, time, _weakref) now use multiphase initialization + as defined by PEP 489; + - A number of standard library modules (audioop, ast, grp, + _hashlib, pwd, _posixsubprocess, random, select, struct, + termios, zlib) are now using the stable ABI defined by + PEP 384. +- Remove upstreamed patches: + - F00102-lib64.patch + - SUSE-FEDORA-multilib.patch + - OBS_dev-shm.patch + - subprocess-raise-timeout.patch + - bpo36302-sort-module-sources.patch + - bpo40784-Fix-sqlite3-deterministic-test.patch + +------------------------------------------------------------------- +Fri Jul 10 10:55:15 UTC 2020 - Tomáš Chvátal + +- Update pre_checkin.sh and regenerate + +------------------------------------------------------------------- +Fri Jul 10 10:11:39 UTC 2020 - Tomáš Chvátal + +- Convert few dependencies to their pkgconfig counterparts + +------------------------------------------------------------------- +Fri Jul 10 10:08:48 UTC 2020 - Tomáš Chvátal + +- Remove release requirement on libpython, it is not really needed + to be equal as the abi changes with versions + +------------------------------------------------------------------- +Fri Jul 10 10:07:50 UTC 2020 - Tomáš Chvátal + +- Add provides python3-bla on all the subpkgs in case we are + primary provider of the functionality + +------------------------------------------------------------------- +Fri Jul 10 10:02:01 UTC 2020 - Tomáš Chvátal + +- Remove unversioned files from devel subpkg too +- Remove main python3 files from -base based whether we are + primary interpreter or not +- Fix idle to be co-installable +- Add condition to be primary to provide/obsolete python3-* +- Fix doc to build in versioned folder so the pythons can be + installed next to each other + +------------------------------------------------------------------- +Fri Jul 10 07:57:10 UTC 2020 - Tomáš Chvátal + +- Revert the full versioning of calls on the macros. These + are generic so they should really just call python3 X + +------------------------------------------------------------------- +Fri Jul 10 07:56:11 UTC 2020 - Tomáš Chvátal + +- For the doc package we can build with generic flavor, we don't + need the our-interpreter based one + +------------------------------------------------------------------- +Fri Jul 10 07:18:53 UTC 2020 - Tomáš Chvátal + +- Add provides for pytohn3X-typing/etc to allow BR on those still + to work when needed + +------------------------------------------------------------------- +Fri Jul 10 07:14:33 UTC 2020 - Tomáš Chvátal + +- Change macros.python3 to use full versioned 3.8 instead of just 3 + for python interpreter + +------------------------------------------------------------------- +Wed Jul 1 11:50:19 UTC 2020 - Tomáš Chvátal + +- Reduce some now unused conditionals + +------------------------------------------------------------------- +Wed Jul 1 11:00:40 UTC 2020 - Tomáš Chvátal + +- Redux the -base dependencies to match up pre-merge layout + +------------------------------------------------------------------- +Wed Jul 1 09:24:39 UTC 2020 - Tomáš Chvátal + +- Generate baselibs in pre-checkin too + +------------------------------------------------------------------- +Wed Jul 1 09:14:33 UTC 2020 - Tomáš Chvátal + +- Generate the importlib-failed using pre_checking again +- Add back the information about skipped tests on the pre_checkin + output + +------------------------------------------------------------------- +Tue Jun 30 07:11:19 UTC 2020 - Tomáš Chvátal + +- Use %python_pkg_name instead of hardcoding python3 where + applicable +- Sort out preamble with spec-cleaner + +------------------------------------------------------------------- +Mon Jun 29 14:36:10 UTC 2020 - Matej Cepl + +- Calculate required variables instead of relying on their continuous manual update + +------------------------------------------------------------------- +Thu Jun 25 10:44:08 UTC 2020 - Tomáš Chvátal + +- Fix the -base module build again to generate only the deps + we need + +------------------------------------------------------------------- +Wed Jun 17 18:42:51 UTC 2020 - Matej Cepl + +- Replace OBS_dev-shm.patch with the upstream PR#20944 + +------------------------------------------------------------------- +Thu Jun 10 14:30:15 UTC 2020 - Tomáš Chvátal + +- Use the %{python_pkg_name} on more places to allow easier + multiversioning +- Switch to _multibuild approach for easier maintenance of this + package. All is now in one spec file with 3 conditionals: + * bcond_with base + * bcond_with doc + * bcond_with general + +------------------------------------------------------------------- +Mon Jun 8 14:26:00 UTC 2020 - Matej Cepl + +- add requires python3-base on libpython subpackage (bsc#1167008) + +------------------------------------------------------------------- +Fri Jun 5 06:08:12 UTC 2020 - Dirk Mueller + +- build against Sphinx 2.x until python is compatible with + Sphinx 3.x (see gh#python/cpython#19397, bpo#40204) + +------------------------------------------------------------------- +Fri May 29 19:59:01 UTC 2020 - Andreas Stieger + +- Fix build with SQLite 3.32 (bpo#40783) + add bpo40784-Fix-sqlite3-deterministic-test.patch + +------------------------------------------------------------------- +Sun May 17 15:37:35 UTC 2020 - Callum Farmer + +- Update to version 3.8.3: + - Complete list of changes is available at + https://docs.python.org/release/3.8.3/whatsnew/changelog.html#python-3-8-3-final, + but most of them are just bugfixes. + - Removed patch CVE-2020-8492-urllib-ReDoS.patch: contained in upstream + +------------------------------------------------------------------- +Thu Apr 16 12:06:01 UTC 2020 - Matej Cepl + +- Add #!BuildIgnore: gdk-pixbuf-loader-rsvg to python3 SPEC + +------------------------------------------------------------------- +Thu Mar 26 15:36:55 UTC 2020 - Matej Cepl + +- Add patch bsc1167501-invalid-alignment.patch + (bsc#1167501, bpo#40052) to fix alignment in abstract.h header file. + +------------------------------------------------------------------- +Wed Mar 11 11:09:41 UTC 2020 - Andreas Schwab + +- Update list of skipped tests for qemu linux-user build, test_setegid + (test.test_os.PosixUidGidTests) is confusing it + +------------------------------------------------------------------- +Thu Mar 5 18:40:29 UTC 2020 - Matej Cepl + +- Update to 3.8.2: + - Complete list of changes is available at + https://docs.python.org/release/3.8.2/whatsnew/changelog.html#python-3-8-2-final, + but most of them are just bugfixes. + - Updated patches: + - F00102-lib64.patch + - OBS_dev-shm.patch + - SUSE-FEDORA-multilib.patch + - subprocess-raise-timeout.patch + +------------------------------------------------------------------- +Sun Feb 9 00:14:24 CET 2020 - Matej Cepl + +- Add CVE-2020-8492-urllib-ReDoS.patch fixing the security bug + "Python urrlib allowed an HTTP server to conduct Regular + Expression Denial of Service (ReDoS)" (bsc#1162367) + +------------------------------------------------------------------- +Sat Feb 8 22:21:10 CET 2020 - Matej Cepl + +- Add Requires: libpython%{so_version} == %{version}-%{release} + to python3-base to keep both packages always synchronized + (bsc#1162224). + +------------------------------------------------------------------- +Mon Feb 3 20:27:54 UTC 2020 - Tomáš Chvátal + +- Do not pull in bluez in base again, explain the cycle, + it needs to be solved by bluez maintainer for us by providing + just the headers separately + +------------------------------------------------------------------- +Mon Feb 3 19:54:25 UTC 2020 - Tomáš Chvátal + +- Reame idle icons to idle3 in order to not conflict with python2 + variant of the package + * renamed the icons + * renamed icon load in desktop file + +------------------------------------------------------------------- +Thu Jan 16 09:50:03 UTC 2020 - Tomáš Chvátal + +- Add importlib_resources provide/obsolete as it is integral + part of the lang since 3.7 release + +------------------------------------------------------------------- +Mon Jan 13 11:10:47 UTC 2020 - Martin Liška + +- Add -fno-semantic-interposition as it brings speed up: + https://fedoraproject.org/wiki/Changes/PythonNoSemanticInterpositionSpeedup + +------------------------------------------------------------------- +Thu Dec 19 16:25:26 CET 2019 - Matej Cepl + +- Update to 3.8.1: + - This is mainly bugfix release and no significant changes to + API are expected. The full changelog is available on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-1 + - Remove bpo-38688_shutil.copytree_prevent-infinite-recursion.patch, + which is included in the upstream tarball. + +------------------------------------------------------------------- +Thu Dec 19 14:57:32 CET 2019 - Matej Cepl + +- Add bpo-31046_ensurepip_honours_prefix.patch which makes + ensurepip to honour the value of $(prefix). Proposed fix for + bpo#31046.. + +------------------------------------------------------------------- +Tue Dec 10 11:07:16 UTC 2019 - Tomáš Chvátal + +- Move bluez-devel dependency to base as it is needed for + socket.AF_BLUETOOTH and otherwise does not work + +------------------------------------------------------------------- +Mon Dec 2 16:52:32 CET 2019 - Matej Cepl + +- Reintroduce QtHelp with the help of the new BR + python-sphinxcontrib-qthelp. + +------------------------------------------------------------------- +Mon Oct 21 18:51:00 UTC 2019 - Stefan Brüns + +- Fix SUSE-FEDORA-multilib.patch, the platform agnostic infix for + library installation is "lib", not "dir". + +------------------------------------------------------------------- +Thu Oct 17 14:19:20 UTC 2019 - Stefan Brüns + +- Move idle subpackage build from python3-base to python3. + appstream-glib required for packaging introduces considerable + extra dependencies and a build loop via rust/librsvg. +- Correct installation of idle IDE icons: + + idle.png is not the target directory + + non-GNOME-specific icons belong into icons/hicolor +- Add required Name key to idle3 desktop file + +------------------------------------------------------------------- +Tue Oct 15 16:39:12 CEST 2019 - Matej Cepl + +- Update to the final release 3.8.0. . + - New Features: + - Assignment expressions + - Positional-only parameters + - Parallel filesystem cache for compiled bytecode files + - Debug build uses the same ABI as release build + - f-strings support = for self-documenting expressions and + debugging + - PEP 578: Python Runtime Audit Hooks + - PEP 587: Python Initialization Configuration + - Vectorcall: a fast calling protocol for CPython + - Pickle protocol 5 with out-of-band data buffers + - New modules: + - importlib.metadata + - Improved modules: + - ast asyncio, builtins, collections, curses, ctypes, + datetime, functools, gc, gettext, gzip, idelib and IDLE, + inspect, io, json.tool, math, mmap, multiprocessing, os, + os.path, pathlib, pickle, plistlib, py_compile, shlex, + shutil, socket, ssl, statistics, sys, tarfile, threading, + tokenize, tkinter, time, typing, unicodedata, unittest, + venv, weakref, xml + - C API improvements + - bdist_winnst command has been deprecated (use bdist_wheel) +- https://docs.python.org/3.8/whatsnew/3.8.html remains rest of + changes including documentation on how to port your programs to + the current version of Python. + +------------------------------------------------------------------- +Mon Oct 14 15:02:08 CEST 2019 - Matej Cepl + +- Add idle3.appdata.xml and idle3.desktop (originally from + Fedora) to make Idle3 full GUI desktop application. + (bsc#1153830) + +------------------------------------------------------------------- +Wed Oct 9 19:09:16 UTC 2019 - Michael Gorse + +- Drop intltool from BuildRequires. Doesn't appear to be used. + +------------------------------------------------------------------- +Wed Oct 9 10:37:59 UTC 2019 - Tomáš Chvátal + +- Add folder version to allow tarball downloads even for beta/rc + releases + +------------------------------------------------------------------- +Tue Oct 8 14:53:54 CEST 2019 - Matej Cepl + +- Revert patches from Fedora (F00102-lib64.patch and + F00251-change-user-install-location.patch) into their original + prisitine Fedora versions, SUSE-FEDORA-multilib.patch refreshed + accordingly. + +------------------------------------------------------------------- +Mon Oct 7 14:33:30 UTC 2019 - Matej Cepl + +- Correct quotation of platsubdir in Lib/distutils/command/install.py + +------------------------------------------------------------------- +Thu Oct 3 13:59:57 CEST 2019 - Matej Cepl + +- Replace python-3.6.0-multilib.patch with two patches from + Fedora (F00102-lib64.patch and + F00251-change-user-install-location.patch), and our own + SUSE-FEDORA-multilib.patch to allow better cooperation with + Fedora and better upstreaming. +- Add OBS_dev-shm.patch fixing bpo#38377 + +------------------------------------------------------------------- +Thu Oct 3 08:39:18 UTC 2019 - Tomáš Chvátal + +- Pull in just gettext and let solver to sort out between: + gettext-runtime-mini and gettext-runtime + +------------------------------------------------------------------- +Wed Oct 2 15:00:09 CEST 2019 - Matej Cepl + +- Update to 3.8.0rc1. Overall changes from 3.7: + - PEP 572, Assignment expressions + - PEP 570, Positional-only arguments + - PEP 587, Python Initialization Configuration (improved + embedding) + - PEP 590, Vectorcall: a fast calling protocol for CPython + - PEP 578, Runtime audit hooks + - PEP 574, Pickle protocol 5 with out-of-band data + - Typing-related: PEP 591 (Final qualifier), PEP 586 (Literal + types), and PEP 589 (TypedDict) + - Parallel filesystem cache for compiled bytecode + - Debug builds share ABI as release builds, also the 'm' ABI + tag was removed (irrelevant since 3.4), bpo#36707 + - f-strings support a handy = specifier for debugging + - continue is now legal in finally: blocks + - on Windows, the default asyncio event loop is now + ProactorEventLoop + - on macOS, the spawn start method is now used by default in + multiprocessing + - multiprocessing can now use shared memory segments to avoid + pickling costs between processes + - typed_ast is merged back to CPython + - LOAD_GLOBAL is now 40% faster + - pickle now uses Protocol 4 by default, improving performance +- Refreshed patches: + - CVE-2019-5010-null-defer-x509-cert-DOS.patch + - python-3.3.0b1-fix_date_time_compiler.patch + - python-3.6.0-multilib.patch + - subprocess-raise-timeout.patch + +------------------------------------------------------------------- +Wed Sep 25 09:46:41 UTC 2019 - Bernhard Wiedemann + +- Add bpo36302-sort-module-sources.patch (boo#1041090) + +------------------------------------------------------------------- +Tue Sep 10 13:43:18 UTC 2019 - Tomáš Chvátal + +- Try harder obsoleting importlib-metadata + +------------------------------------------------------------------- +Sat Aug 31 00:16:47 CEST 2019 - Matej Cepl + +- Update to 3.8.0b4: + Many bugfixes, full list on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-0-beta-4 + +------------------------------------------------------------------- +Thu Aug 29 06:28:15 UTC 2019 - Guillaume GARDET + +- Re-enable test_threading on aarch64 + +------------------------------------------------------------------- +Sat Aug 17 13:21:15 UTC 2019 - John Vandenberg + +- Remove xrpm from subpackage tk description + +------------------------------------------------------------------- +Tue Aug 6 14:24:55 CEST 2019 - Matej Cepl + +- Update to 3.8.0b3: + Many bugfixes, full list on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-0-beta-3 +- Patches reapplied: + - python-3.3.0b1-fix_date_time_compiler.patch + - python-3.3.0b1-test-posix_fadvise.patch + - python-3.6.0-multilib.patch + - subprocess-raise-timeout.patch + +------------------------------------------------------------------- +Tue Jul 23 13:20:49 UTC 2019 - Matej Cepl + +- Add Provides: python3-importlib-metadata + +------------------------------------------------------------------- +Sun Jul 7 19:08:48 CEST 2019 - Matej Cepl + +- Update to 3.8.0b2: + Many bugfixes, full list on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-0-beta-2 +- Patches included in upstream: + - bpo-37169_PyObject_IsFreed.patch +- Patches reapplied: + - 00251-change-user-install-location.patch + - distutils-reproducible-compile.patch + - python-3.3.0b1-localpath.patch + - python-3.6.0-multilib.patch + +------------------------------------------------------------------- +Tue Jul 2 09:03:04 UTC 2019 - Andreas Schwab + +- Update list of skipped tests for qemu linux-user build +- Don't do profiling in qemu linux-user build + +------------------------------------------------------------------- +Wed Jun 5 12:19:09 CEST 2019 - Matej Cepl + +- Update to 3.8.0b1 (changes since 3.7.*): + - PEP 572, Assignment expressions + - PEP 570, Positional-only arguments + - PEP 587, Python Initialization Configuration (improved embedding) + - PEP 590, Vectorcall: a fast calling protocol for CPython + - PEP 578, Runtime audit hooks + - PEP 574, Pickle protocol 5 with out-of-band data + - Typing-related: PEP 591 (Final qualifier), PEP 586 (Literal + types), and PEP 589 (TypedDict) + - Parallel filesystem cache for compiled bytecode + - Debug builds share ABI as release builds + - f-strings support a handy = specifier for debugging + - continue is now legal in finally: blocks + - multiprocessing can now use shared memory segments to avoid + pickling costs between processes + - typed_ast is merged back to CPython + - LOAD_GLOBAL is now 40% faster + - pickle now uses Protocol 4 by default, improving performance +- Remove patches which were included in the upstream: + - 00251-change-user-install-location.patch + - 00316-mark-bdist_wininst-unsupported.patch + - CVE-2019-9947-no-ctrl-char-http.patch + - raise_SIGING_not_handled.patch + +------------------------------------------------------------------- +Wed May 22 10:53:03 UTC 2019 - Martin Liška + +- Set _lto_cflags to nil as the package is using LTO via --enable-lto. + That will prevent to propage LTO for Python modules that are + built in a separate package. + +------------------------------------------------------------------- +Sat May 4 21:29:20 CEST 2019 - Matej Cepl + +- Update to 3.8.0.a3: + - PEP 572: Assignment Expressions. + - Other (mostly small) changes are on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-0-alpha-3 + +------------------------------------------------------------------- +Mon Apr 29 15:40:34 CEST 2019 - Matej Cepl + +- bsc#1130840 (CVE-2019-9947): add CVE-2019-9947-no-ctrl-char-http.patch + Address the issue by disallowing URL paths with embedded + whitespace or control characters through into the underlying + http client request. Such potentially malicious header + injection URLs now cause a ValueError to be raised. + +------------------------------------------------------------------- +Wed Apr 10 10:22:58 CEST 2019 - Matej Cepl + +- Fix metadata of patches. +- Rename boo1071941-make-install-in-sep-loc.patch to + 00251-change-user-install-location.patch which is the original + name, so it can be looked up in the Fedora VCS. + +------------------------------------------------------------------- +Tue Apr 9 04:55:24 UTC 2019 - John Vandenberg + +- Mark distutils bdist_wininst command unsupported + with 00316-mark-bdist_wininst-unsupported.patch +- Remove Windows bdist_wininst executables from runtime package + +------------------------------------------------------------------- +Tue Apr 9 01:21:45 CEST 2019 - Matej Cepl + +- Update to 3.7.3, which is the maintenance release without any + significant changes in API. + - Updated patches: + - CVE-2019-5010-null-defer-x509-cert-DOS.patch + - distutils-reproducible-compile.patch + - python-3.3.0b1-fix_date_time_compiler.patch + - python-3.6.0-multilib.patch + - raise_SIGING_not_handled.patch + +------------------------------------------------------------------ +Wed Mar 20 14:59:58 UTC 2019 - Matěj Cepl + +- Remove building of Qt Develop help files. + +------------------------------------------------------------------- +Fri Mar 15 15:10:30 CET 2019 - Matej Cepl + +- Return distutils-reproducible-compile.patch which is still + missing (still unfinished bpo#29708). + +------------------------------------------------------------------- +Mon Feb 25 23:30:56 CET 2019 - Matej Cepl + +- Update to 3.8.0a2: + * List of all (mostly small) changes are on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-0-alpha-2 + +------------------------------------------------------------------- +Tue Feb 12 10:25:52 CET 2019 - Matej Cepl + +- Build nis module again. + +------------------------------------------------------------------- +Tue Feb 12 10:06:17 CET 2019 - Matej Cepl + +- Update to 3.8.0a1: + * The most visible change so far is probably the + implementation of PEP 572: Assignment Expressions. For + a detailed list of changes, see: + https://docs.python.org/3.8/whatsnew/changelog.html + * Recover building of nis module properly in python3 package +- Update patches: + * CVE-2019-5010-null-defer-x509-cert-DOS.patch + * python-3.3.0b1-fix_date_time_compiler.patch + * python-3.3.0b1-test-posix_fadvise.patch + * python-3.6.0-multilib.patch + * raise_SIGING_not_handled.patch + +------------------------------------------------------------------- +Wed Jan 30 18:07:49 CET 2019 - mcepl@suse.com + +- Put LICENSE file where it belongs (bsc#1121852) + +------------------------------------------------------------------- +Sat Jan 19 16:19:38 CET 2019 - mcepl@suse.com + +- bsc#1122191: add CVE-2019-5010-null-defer-x509-cert-DOS.patch + fixing bpo-35746. + An exploitable denial-of-service vulnerability exists in the + X509 certificate parser of Python.org Python 2.7.11 / 3.7.2. + A specially crafted X509 certificate can cause a NULL pointer + dereference, resulting in a denial of service. An attacker can + initiate or accept TLS connections using crafted certificates + to trigger this vulnerability. + +------------------------------------------------------------------- +Tue Jan 8 12:51:01 UTC 2019 - Tomáš Chvátal + +- Do not require full gettext in order to avoid pulling in the + glib2 as a dependency + +------------------------------------------------------------------- +Tue Jan 8 12:25:27 UTC 2019 - Tomáš Chvátal + +- Update to 3.7.2: + * bugfix release: + https://docs.python.org/3.7/whatsnew/changelog.html#changelog + +------------------------------------------------------------------- +Wed Jan 2 12:51:48 CET 2019 - mcepl@suse.com + +- Stop applying python-3.6.0-multilib-new.patch (which is still + WIP), and apply the old proven python-3.6.0-multilib.patch + instead. + +------------------------------------------------------------------- +Wed Dec 19 19:29:44 UTC 2018 - Todd R + +- Use upstream-recommended %{_rpmconfigdir}/macros.d directory + for the rpm macros. + +------------------------------------------------------------------- +Mon Dec 17 17:24:49 CET 2018 - mcepl@suse.com + +- Upgrade to 3.7.2rc1: + * bugfix release, for the full list of all changes see + https://docs.python.org/3.7/whatsnew/changelog.html#changelog +- Make run of the test suite more verbose + +------------------------------------------------------------------- +Tue Dec 11 01:52:45 UTC 2018 - Jan Engelhardt + +- Write summaries without em dashes. + +------------------------------------------------------------------- +Mon Dec 3 13:27:54 UTC 2018 - Matěj Cepl + +- Remove python-3.3.0b1-curses-panel.patch it is unnecessary anymore. +- Add boo1071941-make-install-in-sep-loc.patch to make pip and + distutils in user environment install into separate location + (boo#1071941) + + Set values of prefix and exec_prefix in distutils install + command to /usr/local if executable is /usr/bin/python* and RPM + build is not detected to make pip and distutils install into + separate location +- Remove finally python-3.3.3-skip-distutils-test_sysconfig_module.patch +- Remove distutils-reproducible-compile.patch which doesn't make + really much difference in reproducibility (see + gh#python/cpython#8057 and discussion there). + +------------------------------------------------------------------- +Sat Dec 1 00:14:28 CET 2018 - mcepl@suse.com + +- Rename Stop_hash-based_invalidation_w_SOURCE_DATE_EPOCH.patch + to bpo34022-stop_hash-based_invalidation_w_SOURCE_DATE_EPOCH.patch + +------------------------------------------------------------------- +Wed Nov 7 12:10:41 CET 2018 - mcepl@suse.com + +- Add dependency on bluez-devel to build support for Bluetooth + (boo#1109998) + +------------------------------------------------------------------- +Tue Nov 6 13:52:45 CET 2018 - mcepl@suse.com + +- Add devhelp subpackage and split qthelp into another + subpackage. + +------------------------------------------------------------------- +Wed Oct 24 12:38:00 UTC 2018 - Matěj Cepl + +- Remove python-3.0b1-record-rpm.patch and + Python-3.0b1-record-rpm.patch, as they are not needed anymore + +------------------------------------------------------------------- +Tue Oct 23 14:14:16 UTC 2018 - Matej Cepl + +- Switch off test_threading for optimization builds. + +------------------------------------------------------------------- +Mon Oct 22 14:41:59 CEST 2018 - mcepl@suse.com + +- Update to python-3.7.1. This is just a brief overview, complete + changelog available at + https://docs.python.org/3.7/whatsnew/changelog.html#python-3-7-1-final: + Library + bpo-34970: Protect tasks weak set manipulation in asyncio.all_tasks() +- Patches already accepted upstream are removed: + * 00307-allow-to-call-Py_Main-after-Py_Initialize.patch + * 00308-tls-1.3.patch +- New patches added: + * Stop_hash-based_invalidation_w_SOURCE_DATE_EPOCH.patch + * raise_SIGING_not_handled.patch +- All other patches refreshed via quilt. + +------------------------------------------------------------------- +Mon Oct 22 12:22:19 UTC 2018 - Matej Cepl + +- Add raise_SIGING_not_handled.patch to fix bsc#1094814 + +------------------------------------------------------------------- +Wed Oct 17 14:04:35 UTC 2018 - Tomáš Chvátal + +- Add patch to fix importlib return types: + * python3-imp-returntype.patch + +------------------------------------------------------------------- +Mon Oct 15 13:46:32 CEST 2018 - mcepl@suse.com + +- bpo-34022 still not completely fixed, so we have to keep + excluding test_cmd_line_script, + test_multiprocessing_main_handling, and test_runpy from the + test suite. + +------------------------------------------------------------------- +Sun Oct 14 15:57:24 UTC 2018 - Matej Cepl + +- Update to python 3.7.1~rc2: + Core and Builtins + bpo-34879: Fix a possible null pointer dereference in + bytesobject.c. Patch by Zackery Spytz. + bpo-34854: Fixed a crash in compiling string annotations + containing a lambda with a keyword-only argument that + doesn’t have a default value. + bpo-34320: Fix dict(od) didn’t copy iteration order of + OrderedDict. + Library + bpo-34769: Fix for async generators not finalizing when event + loop is in debug mode and garbage collector runs in another + thread. + bpo-34922: Fixed integer overflow in the digest() and + hexdigest() methods for the SHAKE algorithm in the hashlib + module. + bpo-34900: Fixed unittest.TestCase.debug() when used to call + test methods with subtests. Patch by Bruno Oliveira. + bpo-34871: Fix inspect module polluted sys.modules when parsing + __text_signature__ of callable. + bpo-34872: Fix self-cancellation in C implementation of + asyncio.Task + bpo-34819: Use a monotonic clock to compute timeouts in + Executor.map() and as_completed(), in order to prevent + timeouts from deviating when the system clock is adjusted. + bpo-34334: In QueueHandler, clear exc_text from LogRecord to + prevent traceback from being written twice. + bpo-6721: Acquire the logging module’s commonly used internal + locks while fork()ing to avoid deadlocks in the child + process. + bpo-34172: Fix a reference issue inside multiprocessing.Pool + that caused the pool to remain alive if it was deleted + without being closed or terminated explicitly. + Documentation + bpo-32174: chm document displays non-ASCII charaters properly on + some MBCS Windows systems. + Tests + bpo-32962: Fixed test_gdb when Python is compiled with flags + -mcet -fcf-protection -O0. + C API + bpo-34910: Ensure that PyObject_Print() always returns -1 on + error. Patch by Zackery Spytz. + +------------------------------------------------------------------- +Fri Oct 12 20:46:58 CEST 2018 - mcepl@suse.com + +- Add Stop_hash-based_invalidation_w_SOURCE_DATE_EPOCH.patch to + fix problems with SOURCE_DATE_EPOCH variable (bpo-34022) + +------------------------------------------------------------------- +Mon Sep 17 09:44:02 UTC 2018 - Tomáš Chvátal + +- Add patch to fix build with tls1.3 supported openssl + * 00308-tls-1.3.patch +- Add patch to fix Py_Main calls after Py_initialize + * 00307-allow-to-call-Py_Main-after-Py_Initialize.patch + +------------------------------------------------------------------- +Mon Sep 3 15:22:42 UTC 2018 - Matěj Cepl + +- Add -fwrapv to OPTS, which is default for python3 anyway + See for example https://github.com/zopefoundation/persistent/issues/86 + for bugs which are caused by avoiding it. + +------------------------------------------------------------------- +Tue Jul 10 11:12:32 UTC 2018 - mcepl@suse.com + +- Fix ownership of _contextvars, _queue, and _xxtestfuzz + +------------------------------------------------------------------- +Tue Jul 3 15:04:48 UTC 2018 - mcepl@suse.com + +- Switch off LTO for distros with older GCC +- Fix %files + +------------------------------------------------------------------- +Fri Jun 29 14:20:03 UTC 2018 - tchvatal@suse.com + +- Add dependency over libuuid-devel + +------------------------------------------------------------------- +Thu Jun 28 10:42:15 UTC 2018 - mimi.vx@gmail.com + +- update to python 3.7.0 + Complete overview of changes is available on + https://docs.python.org/3/whatsnew/3.7.html, these are just + highlights: + * PEP 563, postponed evaluation of type annotations. + * async and await are now reserved keywords. + * New library modules: + contextvars: PEP 567 – Context Variables + dataclasses: PEP 557 – Data Classes + importlib.resources + * New built-in features: + PEP 553, the new breakpoint() function. + * Python data model improvements: + PEP 562, customization of access to module attributes. + PEP 560, core support for typing module and generic types. + the insertion-order preservation nature of dict objects + has been declared to be an official part of the Python + language spec. + * Significant improvements in the standard library: + The asyncio module has received new features, significant + usability and performance improvements. + The time module gained support for functions with + nanosecond resolution. + * CPython implementation improvements: + Avoiding the use of ASCII as a default text encoding: + PEP 538, legacy C locale coercion + PEP 540, forced UTF-8 runtime mode + PEP 552, deterministic .pycs + the new development runtime mode + PEP 565, improved DeprecationWarning handling + * C API improvements: + PEP 539, new C API for thread-local storage + * Documentation improvements: + PEP 545, Python documentation translations + New documentation translations: Japanese, French, and Korean. +- drop python3-sorted_tar.patch +- drop 0001-allow-for-reproducible-builds-of-python-packages.patch +- refresh python-3.6.0-multilib-new.patch +- refresh subprocess-raise-timeout.patch + * new C API for thread-local storage + * Deterministic pyc files + * Built-in breakpoint() + * Data Classes + * Core support for typing module and generic types + * Customization of access to module attributes + * Postponed evaluation of annotations + * Time functions with nanosecond resolution + * Improved DeprecationWarning handling + * Context Variables + * Avoiding the use of ASCII as a default text encoding + (PEP 538, legacy C locale coercion and PEP 540, forced UTF-8 runtime mode) + * The insertion-order preservation nature of dict objects is now + an official part of the Python language spec. + * Notable performance improvements in many areas. + +------------------------------------------------------------------- +Thu May 17 18:26:42 UTC 2018 - hpj@urpla.net + +- disable lto with gcc versions below 7 (results in link failures) + +------------------------------------------------------------------- +Mon Apr 30 15:23:24 UTC 2018 - jengelh@inai.de + +- Use faster find subcommand execution strategies. + +------------------------------------------------------------------- +Fri Apr 20 16:17:29 UTC 2018 - tchvatal@suse.com + +- Do not mention the testsuite disabling in opts as it was moved to + main pkg so base is test-free + +------------------------------------------------------------------- +Tue Apr 17 08:36:08 UTC 2018 - tchvatal@suse.com + +- As we run in main python package do not generate the pre_checkin + from both now + +------------------------------------------------------------------- +Mon Apr 16 14:11:56 UTC 2018 - tchvatal@suse.com + +- Move the tests from base to generic package wrt bsc#1088573 + * We still fail the whole distro if python3 is not build + * The other archs than x86_64 took couple of hours to unblock + build of other software, this way we work around the issue +- Some tests are still run in -base for the LTO tweaking, but at + least it is not run twice + +------------------------------------------------------------------- +Sat Mar 31 19:41:12 UTC 2018 - mimi.vx@gmail.com + +- update to 3.6.5 + * bugfix release + * see Misc/NEWS for details +- drop ctypes-pass-by-value.patch +- drop fix-localeconv-encoding-for-LC_NUMERIC.patch +- refresh python-3.6.0-multilib-new.patch + +------------------------------------------------------------------ +Wed Mar 7 09:16:39 UTC 2018 - adam@mizerski.pl + +- Created %so_major and %so_minor macros +- Put Tools/gdb/libpython.py script into proper place and ship it with devel + subpackage. + +------------------------------------------------------------------- +Tue Feb 20 15:04:56 UTC 2018 - schwab@suse.de + +- ctypes-pass-by-value.patch: Fix pass by value for structs on aarch64 + +------------------------------------------------------------------- +Tue Feb 20 14:28:00 UTC 2018 - bwiedemann@suse.com + +- Add python3-sorted_tar.patch (boo#1081750) + +------------------------------------------------------------------- +Tue Feb 20 14:08:57 UTC 2018 - tchvatal@suse.com + +- Drop python3-tk and python3-idle recommends to reduce python3 + always pulling X stack bsc#1081751 + +------------------------------------------------------------------- +Wed Feb 7 09:10:03 UTC 2018 - tchvatal@suse.com + +- Add patch to fix glibc 2.27 fail bsc#1079761: + * fix-localeconv-encoding-for-LC_NUMERIC.patch + +------------------------------------------------------------------- +Mon Feb 5 17:14:43 UTC 2018 - normand@linux.vnet.ibm.com + +- Update skip_random_failing_tests.patch (for PowerPC) + to avoid test_call_later failure + +------------------------------------------------------------------- +Wed Jan 24 14:35:58 UTC 2018 - jmatejek@suse.com + +- move XML modules and python3-xml provide to python3-base + (fixes bsc#1077230) +- move ensurepip to base + +------------------------------------------------------------------- +Thu Jan 18 12:31:47 UTC 2018 - normand@linux.vnet.ibm.com + +- Add skip_random_failing_tests.patch only for PowerPC + +------------------------------------------------------------------- +Wed Jan 3 12:18:51 UTC 2018 - jmatejek@suse.com + +- update to 3.6.4 + * bugfix release, over a hundred bugs fixed + * see Misc/NEWS for details +- drop upstreamed python3-ncurses-6.0-accessors.patch +- drop PYTHONSTARTUP hooks that cause spurious startup errors + * fixes bsc#1070738 + * the relevant feature (REPL history) is now built into Python itself + +------------------------------------------------------------------- +Sat Dec 2 11:11:46 UTC 2017 - dimstar@opensuse.org + +- Install 2to3-%{python_version} executable (override defattr of + the -tools package). 2to3 (unversioned) is a symlink and does not + carry permissions (bsc#1070853). + +------------------------------------------------------------------- +Thu Nov 16 11:02:18 UTC 2017 - mimi.vx@gmail.com + +- move 2to3 to python3-tools package + +------------------------------------------------------------------- +Wed Oct 11 13:15:23 UTC 2017 - jmatejek@suse.com + +- update to 3.6.3 + * bugfix release, over a hundred bugs fixed + * see Misc/NEWS for details +- drop upstreamed 0001-3.6-bpo-30714-ALPN-changes-for-OpenSSL-1.1.0f-3093.patch + +------------------------------------------------------------------- +Wed Sep 20 09:54:05 UTC 2017 - dmueller@suse.com + +- drop python-2.7-libffi-aarch64.patch: this patches the intree + copy of libffi which is unused/deleted in the line afterwards +- fix build against system libffi: include flags weren't set + so it actually used the in-tree libffi headers. + +------------------------------------------------------------------- +Thu Sep 14 13:23:10 UTC 2017 - vcizek@suse.com + +- Fix test broken with OpenSSL 1.1 (bsc#1042670) + * add 0001-3.6-bpo-30714-ALPN-changes-for-OpenSSL-1.1.0f-3093.patch + +------------------------------------------------------------------- +Tue Sep 5 11:47:05 UTC 2017 - jengelh@inai.de + +- Update RPM group for python documentation. + +------------------------------------------------------------------- +Thu Aug 31 08:39:31 UTC 2017 - schwab@suse.de + +- fix missing %{?armsuffix} + +------------------------------------------------------------------- +Wed Aug 30 13:41:38 UTC 2017 - jmatejek@suse.com + +- distutils-reproducible-compile.patch: ensure distutils order files + before compiling, which works around bsc#1049186 + +------------------------------------------------------------------- +Thu Aug 17 08:59:05 CEST 2017 - kukuk@suse.de + +- Add libnsl-devel build requires for glibc obsoleting libnsl + +------------------------------------------------------------------- +Thu Aug 3 16:09:26 UTC 2017 - jmatejek@suse.com + +- update to 3.6.2 + * bugfix release, over a hundred bugs fixed + * see Misc/NEWS for details +- drop upstreamed test-socket-aead-kernel49.patch +- add Provides: python3-typing (fixes bsc#1050653) +- drop duplicate Provides: python3 + +------------------------------------------------------------------- +Mon Jun 26 12:10:07 UTC 2017 - jmatejek@suse.com + +- drop db-devel from requirements + +------------------------------------------------------------------- +Tue Jun 20 09:26:52 UTC 2017 - asn@cryptomilk.org + +- Add missing link to python library in config dir (bsc#1040164) + +------------------------------------------------------------------- +Thu Mar 23 12:42:59 UTC 2017 - jmatejek@suse.com + +- update to 3.6.1 + * bugfix release, over a hundred bugs fixed + * never add import location's parent directory to sys.path + * switch to git for version control, build changes related to that + * fix "failed to get random numbers" on old kernels (bsc#1029902) + * several crashes and memory leaks corrected + * f-string are no longer accepted as docstrings + +------------------------------------------------------------------- +Mon Mar 13 14:04:22 UTC 2017 - jmatejek@suse.com + +- prevent regenerating AST at build-time more robustly +- add "--without profileopt" and "--without testsuite" options to python3-base + to allow short circuiting when working on the package + +------------------------------------------------------------------- +Sat Feb 25 20:55:57 UTC 2017 - bwiedemann@suse.com + +- Add 0001-allow-for-reproducible-builds-of-python-packages.patch + upstream https://github.com/python/cpython/pull/296 + +------------------------------------------------------------------- +Wed Feb 8 12:30:20 UTC 2017 - jmatejek@suse.com + +- reenable test_socket with AEAD patch (test-socket-aead-kernel49.patch) +- reintroduce %py3_soflags macro (and better named %cpython3_soabi equivalent) + +------------------------------------------------------------------- +Wed Jan 11 14:57:07 UTC 2017 - jmatejek@suse.com + +- update to 3.6.0 + * PEP 498 Formated string literals + * PEP 515 Underscores in numeric literals + * PEP 526 Syntax for variable annotations + * PEP 525 Asynchronous generators + * PEP 530 Asynchronous comprehensions + * PEP 506 New "secrets" module for safe key generation + * less memory consumed by dicts + * dtrace and systemtap support + * improved asyncio module + * better defaults for ssl + * new hashing algorithms in hashlib + * bytecode format changed to allow more optimizations + * "async" and "await" are on track to be reserved words + * StopIteration from generators is deprecated + * support for openssl < 1.0.2 is deprecated + * os.urandom now blocks when getrandom() blocks + * huge number of new features, bugfixes and optimizations + * see https://docs.python.org/3.6/whatsnew/3.6.html for details +- rework multilib patch: drop Python-3.5.0-multilib.patch, implement + upstreamable python-3.6.0-multilib-new.patch +- refresh python-3.3.0b1-localpath.patch, subprocess-raise-timeout.patch +- drop upstreamed Python-3.5.1-fix_lru_cache_copying.patch +- finally drop python-2.6b1-canonicalize2.patch that was not applied in source + and only kept around in case we needed it in the future. (which we don't, as it seems) +- update import_failed map and baselibs +- build ctypes against system libffi + (buildrequire libffi-devel in python3-base) +- add new key to keyring (signed by keys already in keyring) +- introduced common configure section between python3 and python3-base +- moved pyconfig.h and Makefile to devel subpackage as distutils no longer + need it at runtime +- added python-rpm-macros dependency, regenerated macros file, drop macros.python3.py + because it is not used now +- improve summaries and descriptions (fixes bsc#917607) +- enabled Link-Time Optimization, see what happens +- including skipped_tests.py in pre_checkin.sh run +- run specs through spec-cleaner, rearrange sections + +------------------------------------------------------------------- +Fri Apr 22 17:20:29 UTC 2016 - jmatejek@suse.com + +- move _hashlib and _ssl modules and tests to python3-base +- recommend python3 + +------------------------------------------------------------------- +Tue Mar 15 15:05:23 UTC 2016 - schwab@suse.de + +- Skip test_asyncio under qemu_user_space_build + +------------------------------------------------------------------- +Mon Mar 7 20:38:11 UTC 2016 - toddrme2178@gmail.com + +- Add Python-3.5.1-fix_lru_cache_copying.patch + Fix copying the lru_cache() wrapper object. + Fixes deep-copying lru_cache regression, which worked on + previous versions of python but fails on python 3.5. + This fixes a bunch of packages in devel:languages:python3. + See: https://bugs.python.org/issue25447 + +------------------------------------------------------------------- +Sun Jan 24 00:44:08 UTC 2016 - arichardson.kde@gmail.com + +- Build the docs in .qch format as well + +------------------------------------------------------------------- +Wed Dec 9 07:35:20 UTC 2015 - toddrme2178@gmail.com + +- update to 3.5.1 + * bugfix-only release, dozens of bugs fixed +- Drop upstreamed Python-3.5.0-_Py_atomic_xxx-symbols.patch +- "Python3" to "Python 3" in summary + * This seems cleaner and fixes and rpmlint warning + +------------------------------------------------------------------- +Wed Oct 14 20:21:52 UTC 2015 - toddrme2178@gmail.com + +- Add Python-3.5.0-_Py_atomic_xxx-symbols.patch + This fixes a build error for many packages that use the Python, + C-API. + This patch is already accepted upstream and is slated to appear in + python 3.5.1. + +------------------------------------------------------------------- +Tue Sep 29 15:53:24 UTC 2015 - jmatejek@suse.com + +- update to 3.5.0 + * coroutines with async/await syntax + * matrix multiplication operator `@` + * unpacking generalizations + * new modules `typing` and `zipapp` + * type annotations + * .pyo files replaced by custom suffixes for optimization levels in __pycache__ + * support for memory BIO in ssl module + * performance improvements in several modules + * and many more +- removals and behavior changes + * deprecated `__version__` is removed + * support for .pyo files was removed + * system calls are auto-retried on EINTR + * bare generator expressions in function calls now cause SyntaxError + (change "f(x for x in i)" to "f((x for x in i))" to fix) + * removed undocumented `format` member of private `PyMemoryViewObject` struct + * renamed `PyMemAllocator` to `PyMemAllocatorEx` +- redefine %dynlib macro to reflect that modules now have arch+os as part of name +- module `time` is now built-in +- dropped upstreamed patches: + python-3.4.1-fix-faulthandler.patch + python-3.4.3-test-conditional-ssl.patch + python-fix-short-dh.patch (also dropped dh2048.pem required for this patch) +- updated patch Python-3.3.0b2-multilib.patch to Python-3.5.0-multilib.patch +- python-ncurses-6.0-accessors.patch taken from python 2 to fix build failure + with new gcc + ncurses + +------------------------------------------------------------------- +Wed Sep 9 11:51:22 UTC 2015 - dimstar@opensuse.org + +- Add python3-ncurses-6.0-accessors.patch: Fix build with + NCurses 6.0 and OPAQUE_WINDOW set to 1. + +------------------------------------------------------------------- +Mon Aug 24 17:02:08 UTC 2015 - jmatejek@suse.com + +- improve import_failed hook to do the right thing when invoking + missing modules with "python3 -m modulename" (boo#942751) + +------------------------------------------------------------------- +Thu Jul 23 22:08:10 UTC 2015 - fisiu@opensuse.org + +- Build with --enable-loadable-sqlite-extensions to make it works + as geospatial database. + +------------------------------------------------------------------- +Wed Jul 1 07:07:26 UTC 2015 - dimstar@opensuse.org + +- Fix source list for previous change (add dh2048.pem). + +------------------------------------------------------------------- +Wed Jun 24 06:54:30 UTC 2015 - meissner@suse.com + +- dh2048.pem: added generated 2048 dh parameter set to fix + ssl test (bsc#935856) +- python-fix-short-dh.patch: replace the 512 bits dh parameter set + by 2048 bits to fix build with new openssl 1.0.2c (bsc#935856) + +------------------------------------------------------------------- +Tue May 19 14:59:30 UTC 2015 - schwab@suse.de + +- ctypes-libffi-aarch64.patch: remove upstreamed patch +- python-2.7-libffi-aarch64.patch: Fix argument passing in libffi for + aarch64 + +------------------------------------------------------------------- +Thu May 14 10:58:36 UTC 2015 - jmatejek@suse.com + +- drop the PDF subpackage + (removes the massive texlive dependency, and most likely nobody is + using the PDFs anyway) + +------------------------------------------------------------------- +Thu May 14 09:53:29 UTC 2015 - jmatejek@suse.com + +- python-3.4.3-test-conditional-ssl.patch - restore tests failing because + test_urllib was unconditionally importing ssl (without really needing it) +- restore functionality of multilib patch +- drop libffi-ppc64le.diff because upstream completely changed everything + yet again (sorry ppc64 folks :| ) + + +------------------------------------------------------------------- +Fri May 1 15:11:21 UTC 2015 - mailaender@opensuse.org + +- Update to version 3.4.3 +- Drop upstreamed CVE-2014-4650-CGIHTTPServer-traversal.patch + (bpo#21766) + +------------------------------------------------------------------- +Wed Mar 25 10:57:28 UTC 2015 - rguenther@suse.com + +- Add python-3.4.1-fix-faulthandler.patch, upstream patch for bogus + faulthandler which fails with GCC 5. + +------------------------------------------------------------------- +Sun Jan 11 13:01:30 UTC 2015 - p.drouand@gmail.com + +- asyncio has been merged in python3 main package; provide and + obsolete it +- Remove obsolete AUTHORS section +- Remove redundant %clean section + +------------------------------------------------------------------- +Sat Oct 18 20:14:54 UTC 2014 - crrodriguez@opensuse.org + +- Only pkgconfig(x11) is required for build, not the whole + set of packages provided by xorg-x11-devel metapackage. + +------------------------------------------------------------------- +Mon Oct 13 13:38:20 UTC 2014 - jmatejek@suse.com + +- add %python3_version rpm macro for Fedora compatibility +- add missing argument in import_failed, rename Novell Bugzilla + to SUSE Bugzilla + +------------------------------------------------------------------- +Thu Jul 31 17:24:59 UTC 2014 - dimstar@opensuse.org + +- Rename rpmlintrc to %{name}-rpmlintrc. + Follow the packaging guidelines. + +------------------------------------------------------------------- +Wed Jul 23 16:31:02 UTC 2014 - jmatejek@suse.com + +- CVE-2014-4650-CGIHTTPServer-traversal.patch: CGIHTTPServer file + disclosure and directory traversal through URL-encoded characters + (CVE-2014-4650, bnc#885882) + +------------------------------------------------------------------- +Tue Jul 22 13:55:57 UTC 2014 - jmatejek@suse.com + +- drop python-3.4.1-SUSE-ensurepip.patch for compatibility reasons, + reinstate bundled copies of pip and setuptools + (fixes bnc#885662) +- add more files as sources to silence the validator + +------------------------------------------------------------------- +Wed May 21 11:01:56 UTC 2014 - jmatejek@suse.com + +- update to 3.4.1 + * bugfix-only release, over 300 bugs fixed +- drop upstreamed python-3.4.0rc2-sqlite-3.8.4-tests.patch +- drop upstreamed CVE-2014-2667-mkdir.patch +- include Python release manager keyring and signature file + for the source archive (thus renumbering of source files) + (see https://www.python.org/download/#openpgp-public-keys ) +- move ensurepip to python3, because it transitively requires ssl + +------------------------------------------------------------------- +Fri Apr 4 16:21:40 UTC 2014 - jmatejek@suse.com + +- CVE-2014-2667-mkdir.patch: race condition with reseting umask + in os.makedirs + (CVE-2014-2667, bnc#871152) +- updated multilib patch to include ~/.local/lib64 (bnc#637176) + +------------------------------------------------------------------- +Wed Mar 26 15:24:46 UTC 2014 - jmatejek@suse.com + +- raise timeout value for test_subprocess to 10s (might fix + intermittent build failures in OBS) + +------------------------------------------------------------------- +Mon Mar 24 17:29:31 UTC 2014 - dmueller@suse.com + +- remove blacklisting of test_posix on aarch64: qemu bug is fixed + +------------------------------------------------------------------- +Mon Mar 17 18:26:58 UTC 2014 - jmatejek@suse.com + +- update to 3.4.0 final +- drop upstreamed python-3.4rc2-importlib.patch + +------------------------------------------------------------------- +Sun Mar 16 16:33:25 UTC 2014 - schwab@suse.de + +- Only build with profile-opt if profiling is enabled +- Update test exclusion lists: + * test_ctypes no longer fails on arm + * test_io no longer fails on ppc* + * test_multiprocessing has been split in multiple tests + * test_posix and test_signal fail due to qemu bugs + +------------------------------------------------------------------- +Fri Mar 14 20:26:03 UTC 2014 - andreas.stieger@gmx.de + +- Fix build with SQLite 3.8.4 [bnc#867887], fixing SQLite tests, + adding python-2.7.6-sqlite-3.8.4-tests.patch + +------------------------------------------------------------------- +Thu Feb 27 14:08:40 UTC 2014 - jmatejek@suse.com + +- update to 3.4.0 rc2 + * pre-release bugfixes + * improvements to asyncio library +- drop upstreamed tracemalloc_gcov.patch +- python-3.4rc2-importlib.patch fixes backwards-incompatibility + in the reworked importlib module that blocks build of vim + +------------------------------------------------------------------- +Fri Jan 17 18:45:27 UTC 2014 - jmatejek@suse.com + +- initial commit of 3.4.0 beta 3 + * new stdlib modules: pathlib, enum, statistics, tracemalloc + * asynchronous IO with new asyncio module + * introspection data for builtins + * subprocesses no longer inherit open file descriptors + * standardized metadata for packages + * internal hashing changed to SipHash + * new pickle protocol + * improved handling of codecs + * TLS 1.2 support + * major speed improvements for internal unicode handling + * many bugfixes and optimizations +- see porting guide at: + http://docs.python.org/3.4/whatsnew/3.4.html#porting-to-python-3-4 +- moved several modules to -testsuite subpackage +- updated list of binary extensions, refreshed patches +- tracemalloc_gcov.patch fixes profile-based optimization build +- updated packages and pre_checkin.sh to use ~-version notation + for prereleases +- fix-shebangs part of build process moved to common %prep +- drop python-3.3.2-no-REUSEPORT.patch (upstreamed) +- update baselibs for new soname + +- TODOs: + * require python-pip, make ensurepip work with zypper + +------------------------------------------------------------------- +Wed Dec 4 13:21:26 UTC 2013 - matz@suse.de + +- add ppc64le (ELFv2) support for libffi copy for ctypes module +- Adjust Python-3.3.0b2-multilib.patch for ppc64le (make sys.lib be + "lib64"). +- added patches: + * libffi-ppc64le.diff +------------------------------------------------------------------- +Tue Dec 3 09:51:43 UTC 2013 - adrian@suse.de + +- add ppc64le rules + +------------------------------------------------------------------- +Fri Nov 22 13:17:23 UTC 2013 - speilicke@suse.com + +- Add python-3.3.3-skip-distutils-test_sysconfig_module.patch: + + Disable global and distutils sysconfig comparison test, we deviate + from the default depending on optflags + +------------------------------------------------------------------- +Tue Nov 19 14:28:41 UTC 2013 - jmatejek@suse.com + +- update to 3.3.3 + * bugfix-only release + * many SSL-related fixes + * upstream fix for CVE-2013-4238 + * upstream fixes for CVE-2013-1752 +- move example module xxlimited to python3-testsuite +- drop CVE-2013-4238_py33.patch - it is upstreamed +- remove --with-wide-unicode config option, it is now the default + (and only) choice +- don't touch anything between make and makeinstall +- drop python-3.2b2-buildtime-generate.patch - the issue was caused + by touching things between make and makeinstall +- link pycache entries for import_failed hooks properly + +------------------------------------------------------------------- +Tue Oct 15 17:44:08 UTC 2013 - crrodriguez@opensuse.org + +- build with -DOPENSSL_LOAD_CONF for the same reasons + described in the python2 package. + +------------------------------------------------------------------- +Fri Aug 16 11:35:15 UTC 2013 - jmatejek@suse.com + +- handle NULL bytes in certain fields of SSL certificates + (CVE-2013-4238, bnc#834601) + +------------------------------------------------------------------- +Thu Aug 8 14:54:49 UTC 2013 - dvaleev@suse.com + +- Exclue test_faulthandler from tests on powerpc due to bnc#831629 + +------------------------------------------------------------------- +Thu Jun 13 15:05:34 UTC 2013 - jmatejek@suse.com + +- update to 3.3.2 + * bugfix-only release + * fixes several regressions introduced in 3.3.1 +- switch to xz compression +- move _lzma module to python3-base +- python-3.3.2-no-REUSEPORT.patch to fix build on kernels without SO_REUSEPORT + +------------------------------------------------------------------- +Mon Apr 29 22:32:43 UTC 2013 - schwab@suse.de + +- Readd missing bits from ctypes-libffi-aarch64.patch + +------------------------------------------------------------------- +Sat Apr 13 07:56:51 UTC 2013 - idonmez@suse.com + +- Update to version 3.3.1 + * Fix the –enable-profiling configure switch. + * In IDLE, close the replace dialog after it is used. +- Too many bugfixes to list here, + see See http://hg.python.org/cpython/file/v3.3.0/Misc/NEWS +- Refresh Python-3.3.0b2-multilib.patch +- Refresh python-3.2b2-buildtime-generate.patch +- Drop upstream patches: ctypes-libffi-aarch64.patch, + python-3.2.3rc2-pypirc-secure.patch, python-3.3.0-getdents64.patch + +------------------------------------------------------------------- +Mon Apr 8 11:25:30 UTC 2013 - speilicke@suse.com + +- Exclude sqlite/test and tk/test directories from the respective + sub-packages. These are owned by the testsuite sub-package already + +------------------------------------------------------------------- +Fri Apr 5 12:59:20 UTC 2013 - idonmez@suse.com + +- Add Source URL, see https://en.opensuse.org/title=SourceUrls + +------------------------------------------------------------------- +Wed Apr 3 15:36:04 UTC 2013 - jmatejek@suse.com + +- remove spurious modification of python-3.3.0b1-localpath.patch + that would force installation into /usr/local. + this fixes bnc#809831 + +------------------------------------------------------------------- +Thu Mar 28 18:38:51 UTC 2013 - jmatejek@suse.com + +- replace broken movetogetdents64.diff patch with a correct one + from upstream repo (python-3.3.0-getdents64.patch) + +------------------------------------------------------------------- +Fri Mar 1 07:42:21 UTC 2013 - dmueller@suse.com + +- add ctypes-libffi-aarch64.patch: + * import aarch64 support for libffi in _ctypes module +- add aarch64 to the list of lib64 based archs +- add movetogetdents64.diff: + * port to getdents64, as SYS_getdents is not implemented everywhere + +------------------------------------------------------------------- +Tue Feb 26 08:57:55 UTC 2013 - saschpe@suse.de + +- /etc/rpm/macros.python3 is no %config, it is not meant to be changed + by users. +- Add rpmlintrc with some obvious filters + +------------------------------------------------------------------- +Mon Jan 28 18:14:39 UTC 2013 - jmatejek@suse.com + +- update baselibs for new version of libpython3 + +------------------------------------------------------------------- +Thu Nov 29 17:02:37 UTC 2012 - jmatejek@suse.com + +- fix include path in macros (bnc#787526) +- implement failed import handlers for modules that live in + subpackages - e.g. "import ssl" will now throw a sensible error + message telling you to install "python3" + +------------------------------------------------------------------- +Wed Nov 28 17:02:07 UTC 2012 - jmatejek@suse.com + +- merge python3-xml into python3 +- merge python3-2to3 library into python3-base + and the 2to3 binary into python3-devel + (python3-devel is now in conflict with python-2to3, which + will be dropped) +- enable --with-system-expat for python3, making the xml modules + (and thus python3) depend on expat +- reconfigure tests to disable network and GUI resources, which + the upstream apparently thought is a good idea to enable by default. + this fixes build failures in Factory +- add lzma-devel to build the _lzma module +- moved %dynlib macro definition to common section + +------------------------------------------------------------------- +Mon Nov 5 20:01:46 UTC 2012 - coolo@suse.com + +- buildrequire timezone for the test suite + +------------------------------------------------------------------- +Mon Oct 29 18:21:45 UTC 2012 - dmueller@suse.com + +- disable more checks for qemu builds as they use syscalls not + implemented yet + +------------------------------------------------------------------- +Thu Oct 25 08:14:36 UTC 2012 - Rene.vanPaassen@gmail.com + +- exclude test_math for SLE 11; math library fails on negative + gamma function values close to integers and 0, probably + due to imprecision in -lm on SLE_11_SP2. + +------------------------------------------------------------------- +Tue Oct 16 12:15:34 UTC 2012 - coolo@suse.com + +- buildrequire libbz2-devel explicitly + +------------------------------------------------------------------- +Mon Oct 8 14:33:08 UTC 2012 - jmatejek@suse.com + +- remove distutils.cfg (bnc#658604) + * this changes default prefix for distutils to /usr + * see ML for details: +http://lists.opensuse.org/opensuse-packaging/2012-09/msg00254.html + +------------------------------------------------------------------- +Mon Oct 1 08:53:03 UTC 2012 - idonmez@suse.com + +- Update to final 3.3.0 release + * See http://hg.python.org/cpython/file/v3.3.0/Misc/NEWS + +------------------------------------------------------------------- +Thu Sep 27 12:35:01 UTC 2012 - idonmez@suse.com + +- Correct dependency for python3-testsuite, + python3-tkinter -> python3-tk + +------------------------------------------------------------------- +Thu Aug 23 13:08:11 UTC 2012 - jmatejek@suse.com + +- update to 3.3.0 RC1 + +------------------------------------------------------------------- +Fri Aug 3 12:09:34 UTC 2012 - jmatejek@suse.com + +- update to 3.3.0 beta 1 + * flexible string representation, no longer distinguishing + between wide and narrow Unicode builds + * importlib-based import system + * virtualenv support in core + * namespace packages + * explicit Unicode literals for easier porting + * key-sharing dict implementation reduces memory footprint + of OO code + * hash randomization on by default + * many other new bugfixes and features, check NEWS for details + +- pre_checkin.sh now autofills various version strings in specs +- ship hashlib's fallback modules - those uselessly take up space + when real _hashlib.so from python3 is present, but the space wasted + is only 114kB and it provides python3-base with a working hashlib + module. + (also, this fixes bnc#743787) + +------------------------------------------------------------------- +Fri Jul 27 09:02:41 UTC 2012 - dvaleev@suse.com + +- skip test_io on ppc +- drop test_io ppc patch + +------------------------------------------------------------------- +Thu Jun 28 07:57:58 UTC 2012 - saschpe@suse.de + +- Satisfy source_validator by uncommenting an otherwise unused "Patch" + line + +------------------------------------------------------------------- +Tue Jun 12 15:39:08 UTC 2012 - adrian@suse.de + +- fix logic of checks exclusion + +------------------------------------------------------------------- +Fri May 18 11:50:27 UTC 2012 - idonmez@suse.com + +- update to 3.2.3 + * No changes since rc2 + +------------------------------------------------------------------- +Thu Mar 29 15:44:33 UTC 2012 - jmatejek@suse.com + +- update to 3.2.3rc2 + * fixes several security issues: + * CVE-2012-0845, bnc#747125 + * CVE-2012-1150, bnc#751718 + * CVE-2011-4944, bnc#754447 + * CVE-2011-3389, bnc#754677 +- fix for insecure .pypirc (CVE-2011-4944, bnc#754447) +- disable test_gdb because it is broken by our gdb + +------------------------------------------------------------------- +Thu Feb 16 12:33:12 UTC 2012 - dvaleev@suse.com + +- skip broken test_io test on ppc + +------------------------------------------------------------------- +Wed Jan 18 15:49:47 UTC 2012 - jmatejek@suse.com + +- update to 3.2.2 + * bugfix-only release + * reports "linux2" as sys.platform regardless of Linux kernel +- added pre_checkin.sh to copy common spec sections to python3.spec +- added PACKAGING-NOTES with some helpful info for packagers + +------------------------------------------------------------------- +Sun Dec 25 13:25:01 UTC 2011 - idonmez@suse.com + +- Use system ffi, included one is broken see + http://bugs.python.org/issue11729 and + http://bugs.python.org/issue12081 + +------------------------------------------------------------------- +Fri Dec 9 17:19:55 UTC 2011 - jmatejek@suse.com + +- license.opensuse.org-compatible license headers + +------------------------------------------------------------------- +Fri Dec 2 16:46:44 UTC 2011 - coolo@suse.com + +- add automake as buildrequire to avoid implicit dependency + +------------------------------------------------------------------- +Thu Nov 24 12:42:25 UTC 2011 - agraf@suse.com + +- fix ARM build (exclude some test cases which break for us) + +------------------------------------------------------------------- +Tue Aug 16 17:02:22 UTC 2011 - termim@gmail.com + +- use sysconfig module to get py3_incdir, py3_abiflags, + py3_soflags, python3_sitelib and python3_sitearch + +------------------------------------------------------------------- +Mon Jul 18 16:22:31 UTC 2011 - jmatejek@novell.com + +- update to 3.2.1 + * bugfix-only release, no major changes +- fix build on linux3 platform +- remove upstreamed pybench patch +- install /usr/lib directories in all cases to prevent spurious + "directory not owned" in dependent packages + +------------------------------------------------------------------- +Wed Jun 15 14:16:38 UTC 2011 - jmatejek@novell.com + +- replaced dynamic so version with manual so version, because + autobuild does not support autogeneration + +------------------------------------------------------------------- +Tue May 24 13:39:06 UTC 2011 - jmatejek@novell.com + +- generate macros.python3 at compile-time with fixed values +- don't include bogus values in pyconfig.h, as they can break + third-party packages (bnc#673071) + +------------------------------------------------------------------- +Tue May 17 12:52:51 UTC 2011 - jmatejek@novell.com + +- added Obsoletes: python3 < 3.1 so that the transition from + non-split to split packages goes smoothly + +------------------------------------------------------------------- +Fri May 13 12:38:19 UTC 2011 - jmatejek@novell.com + +- fixed RPM macros to use python3 instead of python +- updated to build --with-wide-unicode (for compatibility with + fedora and our own python 2.x series) + +------------------------------------------------------------------- +Thu Apr 21 03:39:25 UTC 2011 - termim@gmail.com + +- fix python3-base build failure due to pybench.py crash by + python-3.2-pybench.patch +- move pyconfig.h from python3-devel to python3-base package to + make python3-base functional again + +------------------------------------------------------------------- +Wed Mar 23 04:26:28 UTC 2011 - termim@gmail.com + +- update to python 3.2 + * stable ABI, ABI-tagged .so files + * concurrent.futures and many other new or upgraded modules + * PYC repository directories ( __pycache__ ) + * python WSGI 1.0.1 + * Unicode 6.0.0 support + * a great number of bugfixes and assorted improvements + +------------------------------------------------------------------- +Tue Feb 8 19:42:17 CET 2011 - matejcik@suse.cz + +- update to python 3.2 RC2 +- renamed python3-demo to python3-tools, because the demo part + became much smaller than the tools part +- added rpm macros + +------------------------------------------------------------------- +Tue Jan 18 14:13:04 UTC 2011 - jmatejek@novell.com + +- update to python 3.2 beta 2, see NEWS for details +- split off -base package with less dependencies, and a shlib-policy + compliant libpython3 package +- mostly rewritten the spec file with more detailed comments +- cleaned up lists of patches + diff --git a/python311.spec b/python311.spec new file mode 100644 index 0000000..21a9e00 --- /dev/null +++ b/python311.spec @@ -0,0 +1,1064 @@ +# +# spec file for package python311 +# +# Copyright (c) 2025 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%global flavor @BUILD_FLAVOR@%{nil} +%if "%{flavor}" == "doc" +%define psuffix -documentation +%bcond_without doc +%bcond_with base +%bcond_with general +%endif +%if "%{flavor}" == "base" +%define psuffix -core +%bcond_with doc +%bcond_without base +%bcond_with general +%endif +%if "%{flavor}" == "" +%define psuffix %{nil} +%bcond_with doc +%bcond_with base +%bcond_without general +%endif + +%if 0%{?do_profiling} +%bcond_without profileopt +%else +%bcond_with profileopt +%endif + +# Only for Tumbleweed +# https://en.opensuse.org/openSUSE:Python:Externally_managed +%if 0%{?suse_version} > 1600 +%bcond_without externally_managed +%else +%bcond_with externally_managed +%endif + +%define python_pkg_name python311 +%if "%{python_pkg_name}" == "%{primary_python}" +%define primary_interpreter 1 +%else +%define primary_interpreter 0 +%endif + +# Setting up variables +%define _version %(c=%{version}; echo ${c/[a-z]*/}) +%define tar_suffix %(c=%{_version}; echo ${c#%{_version}}) +%define python_version %(echo %{_version}|cut -d. -f1-2) +# based on the current source tarball +%define python_version_abitag %(c=%{python_version}; echo ${c//./}) +# FIXME %%define python_version_soname %%(c=%%{python_version}; echo ${c//./_}) +%define python_version_soname 3_11 +%if 0%(test -n "%{tar_suffix}" && echo 1) +%define _version %(echo "%{_version}~%{tar_suffix}") +%define tarversion %{version} +%else +%define tarversion %{version} +%endif +# We don't process beta signs well +%define folderversion %{tarversion} +%define tarname Python-%{tarversion} +%define sitedir %{_libdir}/python%{python_version} +# three possible ABI kinds: m - pymalloc, d - debug build; see PEP 3149 +%define abi_kind %{nil} +# python ABI version - used in some file names +%define python_abi %{python_version}%{abi_kind} +# soname ABI tag defined in PEP 3149 +%define abi_tag %{python_version_abitag}%{abi_kind} +# version part of "libpython" package +%define so_major 1 +%define so_minor 0 +%define so_version %{python_version_soname}%{abi_kind}-%{so_major}_%{so_minor} +# rpm and python have different ideas about what is an arch-dependent name, so: +%if "%{__isa_name}" == "ppc" +%define archname %(echo %{_arch} | sed s/ppc/powerpc/) +%else +%define archname %{_arch} +%endif +# our arm has Hardware-Floatingpoint +%if "%{_arch}" == "arm" +%define armsuffix hf +%endif +# Decide whether we want to use mpdecimal +%if 0%{?suse_version} >= 1550 +%bcond_without mpdecimal +%else +%bcond_with mpdecimal +%endif +# pyexpat.cpython-35m-x86_64-linux-gnu +# pyexpat.cpython-35m-powerpc64le-linux-gnu +# pyexpat.cpython-35m-armv7-linux-gnueabihf +# _md5.cpython-38m-x86_64-linux-gnu.so +%define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so +%bcond_without profileopt +Name: %{python_pkg_name}%{psuffix} +Version: 3.11.11 +Release: 0 +Summary: Python 3 Interpreter +License: Python-2.0 +URL: https://www.python.org/ +Source0: https://www.python.org/ftp/python/%{folderversion}/%{tarname}.tar.xz +Source1: https://www.python.org/ftp/python/%{folderversion}/%{tarname}.tar.xz.sigstore +Source2: baselibs.conf +Source3: README.SUSE +Source4: externally_managed.in +Source7: macros.python3 +Source8: import_failed.py +Source9: import_failed.map +Source10: pre_checkin.sh +Source11: skipped_tests.py +Source19: idle3.desktop +Source20: idle3.appdata.xml +# content of bluez-devel: +# 1. sudo zypper --pkg-cache-dir /tmp install -f -d --no-recommends bluez-devel +# 2. rpm2cpio /tmp/*/*/bluez-devel-*.rpm|cpio -idu +# 3. mkdir Vendor && mv usr/include/* Vendor/ +# 4. tar cJf bluez-devel-vendor.tar.xz Vendor/ +Source21: bluez-devel-vendor.tar.xz +Source98: python311-rpmlintrc +# Tarball is signed by the GPG key of Pablo Galindo Salgado (0x64E628F8D684696D) +# https://keybase.io/pablogsal/pgp_keys.asc?fingerprint=a035c8c19219ba821ecea86b64e628f8d684696d +Source99: python.keyring +# The following files are not used in the build. +# They are listed here to work around missing functionality in rpmbuild, +# which would otherwise exclude them from distributed src.rpm files. +Source100: PACKAGING-NOTES +# PATCH-FEATURE-UPSTREAM F00251-change-user-install-location.patch bsc#[0-9]+ mcepl@suse.com +# Fix installation in /usr/local (boo#1071941), originally from Fedora +# https://src.fedoraproject.org/rpms/python3.12/blob/rawhide/f/00251-change-user-install-location.patch +# Set values of prefix and exec_prefix in distutils install command +# to /usr/local if executable is /usr/bin/python* and RPM build +# is not detected to make pip and distutils install into separate location +Patch02: F00251-change-user-install-location.patch +# PATCH-FEATURE-UPSTREAM distutils-reproducible-compile.patch gh#python/cpython#8057 mcepl@suse.com +# Improve reproduceability +Patch03: distutils-reproducible-compile.patch +# support finding packages in /usr/local, install to /usr/local by default +Patch04: python-3.3.0b1-localpath.patch +# replace DATE, TIME and COMPILER by fixed definitions to aid reproducible builds +Patch05: python-3.3.0b1-fix_date_time_compiler.patch +# POSIX_FADV_WILLNEED throws EINVAL. Use a different constant in test +Patch06: python-3.3.0b1-test-posix_fadvise.patch +# Raise timeout value for test_subprocess +Patch07: subprocess-raise-timeout.patch +# PATCH-FEATURE-UPSTREAM bpo-31046_ensurepip_honours_prefix.patch bpo#31046 mcepl@suse.com +# ensurepip should honour the value of $(prefix) +Patch08: bpo-31046_ensurepip_honours_prefix.patch +# PATCH-FIX-SLE no-skipif-doctests.patch jsc#SLE-13738 mcepl@suse.com +# SLE-15 version of Sphinx doesn't know about skipif directive in doctests. +Patch09: no-skipif-doctests.patch +# PATCH-FIX-SLE skip-test_pyobject_freed_is_freed.patch mcepl@suse.com +# skip a test failing on SLE-15 +Patch10: skip-test_pyobject_freed_is_freed.patch +# PATCH-FIX-SLE fix_configure_rst.patch bpo#43774 mcepl@suse.com +# remove duplicate link targets and make documentation with old Sphinx in SLE +Patch11: fix_configure_rst.patch +# PATCH-FIX-UPSTREAM skip_if_buildbot-extend.patch gh#python/cpython#103053 mcepl@suse.com +# Skip test_freeze_simple_script +Patch13: skip_if_buildbot-extend.patch +# PATCH-FIX-UPSTREAM bsc1221260-test_asyncio-ResourceWarning.patch bsc#1221260 mcepl@suse.com +# prevent ResourceWarning in test_asyncio tests +Patch15: bsc1221260-test_asyncio-ResourceWarning.patch +# PATCH-FIX-OPENSUSE CVE-2023-52425-libexpat-2.6.0-backport.patch +# This problem on libexpat is patched on SLE without version +# update, this patch changes the tests to match the libexpat provided +# by SUSE +Patch16: CVE-2023-52425-libexpat-2.6.0-backport.patch +Patch17: CVE-2023-52425-remove-reparse_deferral-tests.patch +# PATCH-FIX-UPSTREAM bso1227999-reproducible-builds.patch bsc#1227999 mcepl@suse.com +# reproducibility patches +Patch19: bso1227999-reproducible-builds.patch +# PATCH-FIX-UPSTREAM gh120226-fix-sendfile-test-kernel-610.patch gh#python/cpython#120226 mcepl@suse.com +# Fix test_sendfile_close_peer_in_the_middle_of_receiving on Linux >= 6.10 (GH-120227) +Patch22: gh120226-fix-sendfile-test-kernel-610.patch +# PATCH-FIX-UPSTREAM Add platform triplets for 64-bit LoongArch gh#python/cpython#30939 glaubitz@suse.com +Patch24: add-loongarch64-support.patch +# PATCH-FIX-UPSTREAM CVE-2025-0938-sq-brackets-domain-names.patch bsc#1236705 mcepl@suse.com +# functions `urllib.parse.urlsplit` and `urlparse` accept domain names including square brackets +Patch25: CVE-2025-0938-sq-brackets-domain-names.patch +BuildRequires: autoconf-archive +BuildRequires: automake +BuildRequires: fdupes +BuildRequires: gmp-devel +BuildRequires: lzma-devel +BuildRequires: netcfg +BuildRequires: openssl-devel +BuildRequires: pkgconfig +BuildRequires: xz +BuildRequires: pkgconfig(bzip2) +BuildRequires: pkgconfig(expat) +BuildRequires: pkgconfig(libffi) +BuildRequires: pkgconfig(uuid) +BuildRequires: pkgconfig(zlib) +#!BuildIgnore: gdk-pixbuf-loader-rsvg +%if 0%{?suse_version} >= 1550 +# The provider for python(abi) is in rpm-build-python +BuildRequires: rpm-build-python +%endif +%if 0%{?suse_version} >= 1500 && 0%{?suse_version} < 1599 +BuildRequires: pkgconfig(libnsl) +BuildRequires: pkgconfig(libtirpc) +%endif +%if %{with mpdecimal} +BuildRequires: mpdecimal-devel +%endif +%if %{with doc} +BuildRequires: python3-Sphinx >= 4.0.0 +%if 0%{?suse_version} >= 1500 +BuildRequires: python3-python-docs-theme >= 2022.1 +%endif +%endif +%if %{with general} +# required for idle3 (.desktop and .appdata.xml files) +BuildRequires: appstream-glib +BuildRequires: gcc-c++ +BuildRequires: gdbm-devel +BuildRequires: gettext +BuildRequires: readline-devel +BuildRequires: sqlite-devel +BuildRequires: timezone +BuildRequires: pkgconfig(ncurses) +BuildRequires: pkgconfig(tk) +BuildRequires: pkgconfig(x11) +Requires: %{python_pkg_name}-base = %{version} +Provides: %{python_pkg_name}-readline +Provides: %{python_pkg_name}-sqlite3 +Recommends: %{python_pkg_name}-curses +Recommends: %{python_pkg_name}-dbm +Recommends: %{python_pkg_name}-pip +%if %{primary_interpreter} +Provides: python3 = %{python_version} +Provides: python3-readline +Provides: python3-sqlite3 +%endif +%endif +%{?suse_build_hwcaps_libs} + +%description +Python 3 is modern interpreted, object-oriented programming language, +often compared to Tcl, Perl, Scheme, or Java. You can find an overview +of Python in the documentation and tutorials included in the python3-doc +package. + +This package supplies rich command line features provided by readline, +and sqlite3 support for the interpreter core, thus forming a so called +"extended" runtime. +Installing "python3" is sufficient for the vast majority of usecases. +In addition, recommended packages provide UI toolkit support (python3-curses, +python3-tk), legacy UNIX database bindings (python3-dbm), and the IDLE +development environment (python3-idle). + +%package -n %{python_pkg_name}-tk +Summary: TkInter, a Python Tk Interface +Requires: %{python_pkg_name} = %{version} +%if %{primary_interpreter} +Provides: python3-tk = %{version} +%endif + +%description -n %{python_pkg_name}-tk +Python interface to Tk. Tk is the GUI toolkit that comes with Tcl. + +%package -n %{python_pkg_name}-curses +Summary: Python Interface to the (N)Curses Library +Requires: %{python_pkg_name} = %{version} +%if %{primary_interpreter} +Provides: python3-curses +%endif + +%description -n %{python_pkg_name}-curses +An easy to use interface to the (n)curses CUI library. CUI stands for +Console User Interface. + +%package -n %{python_pkg_name}-dbm +Summary: Python Interface to the GDBM Library +Requires: %{python_pkg_name} = %{version} +%if %{primary_interpreter} +Provides: python3-dbm +%endif + +%description -n %{python_pkg_name}-dbm +An easy to use interface for Unix DBM databases, and more specifically, +the GNU implementation GDBM. + +%package -n %{python_pkg_name}-idle +Summary: An Integrated Development Environment for Python +Requires: %{python_pkg_name} = %{version} +Requires: %{python_pkg_name}-tk +%if %{primary_interpreter} +Provides: python3-idle = %{version} +%endif + +%description -n %{python_pkg_name}-idle +IDLE is a Tkinter based integrated development environment for Python. +It features a multi-window text editor with multiple undo, Python +colorizing, and many other things, as well as a Python shell window and +a debugger. + +%package -n %{python_pkg_name}-doc +Summary: Package Documentation for Python 3 +Enhances: %{python_pkg_name} = %{python_version} +%if %{primary_interpreter} +Provides: python3-doc = %{version} +%endif + +%description -n %{python_pkg_name}-doc +Tutorial, Global Module Index, Language Reference, Library Reference, +Extending and Embedding Reference, Python/C API Reference, Documenting +Python, and Macintosh Module Reference in HTML format. + +%package -n %{python_pkg_name}-doc-devhelp +Summary: Additional Package Documentation for Python 3 in devhelp format +%if %{primary_interpreter} +Provides: python3-doc-devhelp = %{version} +%endif + +%description -n %{python_pkg_name}-doc-devhelp +Tutorial, Global Module Index, Language Reference, Library Reference, +Extending and Embedding Reference, Python/C API Reference, Documenting +Python, and Macintosh Module Reference in format for devhelp. + +%package -n %{python_pkg_name}-base +Summary: Python 3 Interpreter and Stdlib Core +Requires: libpython%{so_version} = %{version} +Recommends: %{python_pkg_name} = %{version} +#Recommends: python3-ensurepip +# python 3.1 didn't have a separate python-base, so it is wrongly +# not a conflict to have python3-3.1 and python3-base > 3.1 +Obsoletes: python3 < 3.2 +# no Provides, because python3 is obviously provided by package python3 +# python 3.4 provides asyncio +Provides: %{python_pkg_name}-asyncio = %{version} +# python 3.6 provides typing +Provides: %{python_pkg_name}-typing = %{version} +# python3-xml was merged into python3, now moved into -base +Provides: %{python_pkg_name}-xml = %{version} +%if %{primary_interpreter} +Provides: python3-asyncio = %{version} +Obsoletes: python3-asyncio < %{version} +Provides: python3-base = %{version} +Obsoletes: python3-base < %{version} +Provides: python3-typing = %{version} +Obsoletes: python3-typing < %{version} +Provides: python3-xml = %{version} +Obsoletes: python3-xml < %{version} +%endif + +%description -n %{python_pkg_name}-base +Python is an interpreted, object-oriented programming language, and is +often compared to Tcl, Perl, Scheme, or Java. You can find an overview +of Python in the documentation and tutorials included in the python-doc +package. + +This package contains the interpreter core and most commonly used modules +from the standard library. This is sufficient for many usecases, but it +excludes components that depend on external libraries, most notably XML, +database and UI toolkits support. + +%package -n %{python_pkg_name}-tools +Summary: Python Utility and Demonstration Scripts +Requires: %{python_pkg_name}-base = %{version} +Provides: %{python_pkg_name}-2to3 = %{version} +Provides: %{python_pkg_name}-demo = %{version} +%if %{primary_interpreter} +Provides: python3-2to3 = %{version} +Provides: python3-demo = %{version} +Provides: python3-tools = %{version} +Obsoletes: python3-2to3 < %{version} +Obsoletes: python3-demo < %{version} +%endif + +%description -n %{python_pkg_name}-tools +A number of scripts that are useful for building, testing or extending Python, +and a set of demonstration programs. + +%package -n %{python_pkg_name}-devel +Summary: Include Files and Libraries Mandatory for Building Python Modules +Requires: %{python_pkg_name}-base = %{version} +%if %{primary_interpreter} +Provides: python3-devel = %{version} +%endif + +%description -n %{python_pkg_name}-devel +The Python programming language's interpreter can be extended with +dynamically loaded extensions and can be embedded in other programs. + +This package contains header files, a static library, and development +tools for building Python modules, extending the Python interpreter or +embedding Python in applications. + +This also includes the Python distutils, which were in the Python +package up to version 2.2.2. + +%package -n %{python_pkg_name}-testsuite +Summary: Unit tests for Python and its standard library +Requires: %{python_pkg_name} = %{version} +Requires: %{python_pkg_name}-tk = %{version} +%if %{primary_interpreter} +Provides: python3-testsuite = %{version} +%endif + +%description -n %{python_pkg_name}-testsuite +Unit tests that are useful for verifying integrity and functionality +of the installed Python interpreter and standard library. +They are a documented part of stdlib, as a module 'test'. + +%package -n libpython%{so_version} +Summary: Python Interpreter shared library +Requires: %{python_pkg_name}-base >= %{version} + +%description -n libpython%{so_version} +Python is an interpreted, object-oriented programming language, and is +often compared to Tcl, Perl, Scheme, or Java. You can find an overview +of Python in the documentation and tutorials included in the python-doc +(HTML) or python-doc-pdf (PDF) packages. + +This package contains libpython3.2 shared library for embedding in +other applications. + +%prep +%setup -q -n %{tarname} + +%patch -p1 -P 02 +%patch -p1 -P 03 +%patch -p1 -P 04 +%patch -p1 -P 05 +%patch -p1 -P 06 +%patch -p1 -P 07 +%patch -p1 -P 08 + +%if 0%{?suse_version} <= 1500 +%patch -P 09 -p1 +%endif + +%patch -p1 -P 10 +%patch -p1 -P 11 +%patch -p1 -P 13 +%patch -p1 -P 15 +%patch -p1 -P 16 +%patch -p1 -P 17 +%patch -p1 -P 19 +%patch -p1 -P 22 +%patch -p1 -P 24 +%patch -p1 -P 25 + +# drop Autoconf version requirement +sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac + +%if %{primary_interpreter} +# fix shebangs - convert /usr/local/bin/python and /usr/bin/env/python to /usr/bin/python3 +for dir in Lib Tools; do + # find *.py, filter to files that contain bad shebangs + # break up "/""usr" like this to prevent replacing with %%{_prefix} + find $dir -name '*.py' -type f -print0 \ + | xargs -0 grep -lE '^#! *(/''usr/.*bin/(env +)?)?python' \ + | xargs sed -r -i -e '1s@^#![[:space:]]*(/''usr/(local/)?bin/(env +)?)?python([0-9]+(\.[0-9]+)?)?@#!%{_bindir}/python3@' +done +%else +# For non-primary Python, just don't bother (bsc#1193179) and remove all +# those shebangs +for dir in Lib Tools; do + find $dir -name '*.py' -type f -exec sed -i '1{/^#!.*python/ d}' '{}' \; +done +# We shortened the file Lib/pdb.py so we have to move the test breakpoint location +sed -i -e '/Breakpoint 3 at ...pdb.py:97/s/97/96/' Lib/test/test_pdb.py +%endif + +# drop in-tree libffi and expat +rm -r Modules/_ctypes/libffi* Modules/_ctypes/darwin +# Cannot remove it because of gh#python/cpython#92875 +# rm -r Modules/expat + +# drop duplicate README from site-packages +rm Lib/site-packages/README.txt + +# Add vendored bluez-devel files +tar xvf %{SOURCE21} + +# Don't fail on warnings when building documentation +sed -i -e '/^SPHINXERRORHANDLING/s/-W//' Doc/Makefile + +%build +%if %{with doc} +TODAY_DATE=`date -r %{SOURCE0} "+%%B %%d, %%Y"` +# TODO use not date of tarball but date of latest patch + +cd Doc +sed -i "s/^today = .*/today = '$TODAY_DATE'/" conf.py +%make_build -j1 html + +# Build also devhelp files +sphinx-build -a -b devhelp . build/devhelp +rm -rfv build/devhelp/.doctrees +%else +%define _lto_cflags %{nil} +# use rpm_opt_flags +export OPT="%{optflags} -DOPENSSL_LOAD_CONF -fwrapv $(pkg-config --cflags-only-I libffi) -fno-semantic-interposition" + +touch -r %{SOURCE0} Makefile.pre.in + +autoreconf -fvi + +%if 0%{?sles_version} +sed -e 's/-fprofile-correction//' -i Makefile.pre.in +%endif + +export CFLAGS="%{optflags} -IVendor/" + +%configure \ + --with-platlibdir=%{_lib} \ + --docdir=%{_docdir}/python \ + --enable-ipv6 \ + --enable-shared \ + --with-ensurepip=no \ + --with-system-ffi \ + --with-system-expat \ + --with-lto \ +%if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150400 + --with-ssl-default-suites=openssl \ +%endif +%if %{with profileopt} + --enable-optimizations \ +%endif +%if %{with mpdecimal} + --with-system-libmpdec \ +%endif + --enable-loadable-sqlite-extensions + +# prevent make from trying to rebuild PYTHON_FOR_GEN stuff +# %%make_build -t Python/Python-ast.c \ + # Include/Python-ast.h \ + # Objects/typeslots.inc \ + # Python/opcode_targets.h \ + # Include/opcode.h +%make_build + +%if %{with general} +%make_build +%endif +%if %{with base} +%if %{with profileopt} + target=profile-opt +%else + target=all +%endif +LD_LIBRARY_PATH=.:$LD_LIBRARY_PATH \ + %make_build $target +%endif +%endif + +%check +export SUSE_VERSION="0%{?suse_version}" +export SLE_VERSION="0%{?sle_version}" +%if %{with general} +# exclude test_gdb -- it doesn't run in buildservice anyway, and fails on missing debuginfos +# when you install gdb into your test env +EXCLUDE="test_gdb" +# we patch out the message to recommend zypper in and thus this would fail +EXCLUDE="$EXCLUDE test_pydoc" + +%ifarch %{arm} s390x +# test_multiprocessing_forkserver is racy +EXCLUDE="$EXCLUDE test_multiprocessing_forkserver" +%endif +%ifarch ppc ppc64 ppc64le +# exclue test_faulthandler due to bnc#831629 +EXCLUDE="$EXCLUDE test_faulthandler" +%endif +# some tests break in QEMU +%if 0%{?qemu_user_space_build} +EXCLUDE="$EXCLUDE test_faulthandler test_multiprocessing_forkserver test_multiprocessing_spawn test_os test_posix test_signal test_socket test_subprocess" +%endif + +# This test (part of test_uuid) requires real network interfaces +# so that ifconfig output has "HWaddr ". Some kvm instances +# done have any such interface breaking the uuid module. +EXCLUDE="$EXCLUDE test_uuid" + +# bsc#1195140 and bpo#37169 - test_capi is failing on openSUSE, and not sure why +EXCLUDE="$EXCLUDE test_capi" + +# Limit virtual memory to avoid spurious failures +if test $(ulimit -v) = unlimited || test $(ulimit -v) -gt 10000000; then + ulimit -v 11000000 || : +fi + +# test_freeze_simple_script in test.test_tools.test_freeze.TestFreeze +# uses CONFIG_ARGS to run ./configure. +export CONFIG_ARGS="--enable-ipv6 --enable-shared --with-ensurepip=no \ + --with-system-ffi --with-system-expat --with-lto --enable-optimizations \ + --with-system-libmpdec --enable-loadable-sqlite-extensions" + +export PYTHONPATH="$(pwd -P)/Lib" +# Use timeout, like make target buildbottest +# We cannot run tests parallel, because osc build environment doesn’t +# have /dev/shm +%make_build -j1 test TESTOPTS="-u curses -v -x $EXCLUDE --timeout=5400" +# use network, be verbose: +#make test TESTOPTS="-l -u network -v" +%endif + +%install +%if %{with doc} +export PDOCS=%{buildroot}%{_docdir}/python%{python_version} +mkdir -p $PDOCS +# generated docs +rm Doc/build/*/.buildinfo +cp -r Doc/build/html $PDOCS +# misc +install -d -m 755 $PDOCS/Misc +rm Misc/README.AIX +for i in Misc/* ; do + [ -f $i ] && install -c -m 644 $i $PDOCS/Misc/ +done +# devhelp +mkdir -p %{buildroot}%{_datadir}/gtk-doc/html +cp -r Doc/build/devhelp %{buildroot}%{_datadir}/gtk-doc/html/Python%{python_version} +rm -rf %{buildroot}%{_datadir}/gtk-doc/html/Python%{python_version}/.doctrees +%endif +%if %{with general} +%make_install + +# clean out stuff that is in python-base and subpackages + +find %{buildroot}%{_bindir} -mindepth 1 -not -name "*idle3*" -print -delete +rm %{buildroot}%{_libdir}/lib* +rm -r %{buildroot}%{_libdir}/pkgconfig +rm -r %{buildroot}%{_mandir}/* +rm -r %{buildroot}%{_includedir}/* + +rm -r %{buildroot}%{sitedir}/config* +find %{buildroot}%{sitedir} -name "*.egg-info" -delete +rm -r %{buildroot}%{sitedir}/__pycache__ +rm -r %{buildroot}%{sitedir}/site-packages +rm %{buildroot}%{sitedir}/*.* + +for module in \ + asyncio ctypes collections concurrent distutils email encodings \ + ensurepip html http re \ + importlib json logging multiprocessing pydoc_data unittest \ + urllib venv wsgiref lib2to3 test tomllib turtledemo \ + xml xmlrpc zoneinfo __phello__ +do + rm -r %{buildroot}%{sitedir}/$module +done + +for library in \ + array _asyncio audioop binascii _bisect _bz2 cmath _codecs_* \ + _contextvars _crypt _csv _ctypes _datetime _decimal fcntl grp \ + _hashlib _heapq _json _lsprof _lzma math mmap _multibytecodec \ + _multiprocessing _opcode ossaudiodev _pickle _posixshmem \ + _posixsubprocess _queue _random resource select _ssl _socket spwd \ + _statistics _struct syslog termios _testbuffer _testimportmultiple \ + _testmultiphase unicodedata zlib _ctypes_test _testinternalcapi _testcapi \ + _typing _testclinic xxlimited xxlimited_35 \ + _xxtestfuzz _xxsubinterpreters _elementtree pyexpat _md5 _sha1 \ + _sha256 _sha512 _blake2 _sha3 _uuid _zoneinfo +do + eval rm "%{buildroot}%{sitedir}/lib-dynload/$library.*" +done + +# Idle is not packaged in base due to the appstream-glib dependency +# move idle config into /etc +install -d -m 755 %{buildroot}%{_sysconfdir}/idle%{python_version} +( + cd %{buildroot}/%{sitedir}/idlelib/ + for file in *.def ; do + mv $file %{buildroot}%{_sysconfdir}/idle%{python_version}/ + ln -sf %{_sysconfdir}/idle%{python_version}/$file %{buildroot}/%{sitedir}/idlelib/ + done +) + +# keep just idle3.X +rm %{buildroot}%{_bindir}/idle3 + +# install idle icons +for size in 16 32 48 ; do + install -m 644 -D Lib/idlelib/Icons/idle_${size}.png \ + %{buildroot}%{_datadir}/icons/hicolor/${size}x${size}/apps/idle%{python_version}.png +done + +# install idle desktop file +cp %{SOURCE19} idle%{python_version}.desktop +sed -i -e 's:idle3:idle%{python_version}:g' idle%{python_version}.desktop +install -m 644 -D -t %{buildroot}%{_datadir}/applications idle%{python_version}.desktop + +cp %{SOURCE20} idle%{python_version}.appdata.xml +sed -i -e 's:idle3.desktop:idle%{python_version}.desktop:g' idle%{python_version}.appdata.xml +install -m 644 -D -t %{buildroot}%{_datadir}/metainfo idle%{python_version}.appdata.xml +appstream-util validate-relax --nonet %{buildroot}%{_datadir}/metainfo/idle%{python_version}.appdata.xml + +%fdupes %{buildroot}/%{_libdir}/python%{python_version} +%endif +%if %{with base} +%make_install + +# remove .a +find %{buildroot} -name "*.a" -delete + +# install "site-packages" and __pycache__ for third parties +install -d -m 755 %{buildroot}%{sitedir}/site-packages +install -d -m 755 %{buildroot}%{sitedir}/site-packages/__pycache__ +# and their 32bit counterparts explicitly +mkdir -p %{buildroot}%{_prefix}/lib/python%{python_version}/site-packages/__pycache__ + +# cleanup parts that don't belong +for dir in curses dbm sqlite3 tkinter idlelib; do + find "%{buildroot}/%{sitedir}/$dir"/* -maxdepth 0 -name "test" -o -exec rm -rf {} + +done +rm -fv %{buildroot}%{dynlib nis} + +# overwrite the copied binary with a link +ln -sf python%{python_version} %{buildroot}%{_bindir}/python3 + +# decide to ship python3 or just python3.X +%if !%{primary_interpreter} +# base +rm %{buildroot}%{_bindir}/python3 +rm %{buildroot}%{_bindir}/pydoc3 +rm %{buildroot}%{_mandir}/man1/python3.1 +# devel +rm %{buildroot}%{_bindir}/python3-config +rm %{buildroot}%{_libdir}/libpython3.so +rm %{buildroot}%{_libdir}/pkgconfig/{python3,python3-embed}.pc +%endif + +%if %{with externally_managed} +# PEP-0668 mark this as a distro maintained python +sed -e 's,__PYTHONPREFIX__,%{python_pkg_name},' -e 's,__PYTHON__,python%{python_version},' < %{SOURCE4} > %{buildroot}%{sitedir}/EXTERNALLY-MANAGED +%endif + +# link shared library instead of static library that tools expect +ln -s ../../libpython%{python_abi}.so %{buildroot}%{_libdir}/python%{python_version}/config-%{python_abi}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}/libpython%{python_abi}.so + +# delete idle3, which has to many packaging dependencies for base +rm %{buildroot}%{_bindir}/idle3* + +# delete the generic 2to3 binary if we are not primary +%if !%{primary_interpreter} +rm %{buildroot}%{_bindir}/2to3 +%endif + +# replace duplicate .pyo/.pyc with hardlinks +%fdupes %{buildroot}/%{sitedir} + +# documentation +export PDOCS=%{buildroot}%{_docdir}/%{name} +install -d -m 755 $PDOCS +install -c -m 644 %{SOURCE3} $PDOCS/ +install -c -m 644 README.rst $PDOCS/ + +# tools +for x in `find Tools/ \( -not -name Makefile \) -print | sort` ; do + test -d $x && ( install -c -m 755 -d $PDOCS/$x ) \ + || ( install -c -m 644 $x $PDOCS/$x ) +done +# gdb script is shipped with devel subpackage +rm -r $PDOCS/Tools/gdb +# clean up the bat files +find "$PDOCS" -name "*.bat" -delete + +# put gdb helper script into place +install -m 755 -D Tools/gdb/libpython.py %{buildroot}%{_datadir}/gdb/auto-load/%{_libdir}/libpython%{python_abi}.so.%{so_major}.%{so_minor}-gdb.py + +# install devel files to /config +#cp Makefile Makefile.pre.in Makefile.pre $RPM_BUILD_ROOT%%{sitedir}/config-%%{python_abi}/ + +# Remove -IVendor/ from python-config boo#1231795 +sed -i 's/-IVendor\///' %{buildroot}%{_bindir}/python%{python_abi}-config + +# RPM macros +%if %{primary_interpreter} +mkdir -p %{buildroot}%{_rpmconfigdir}/macros.d/ +install -m 644 %{SOURCE7} %{buildroot}%{_rpmconfigdir}/macros.d/ # macros.python3 +%endif + +# import_failed hooks +FAILDIR=%{buildroot}/%{sitedir}/_import_failed +mkdir $FAILDIR +install -m 644 %{SOURCE8} %{SOURCE9} $FAILDIR # import_failed.* +LD_LIBRARY_PATH=. ./python -c "from py_compile import compile; compile('$FAILDIR/import_failed.py', dfile='%{sitedir}/_import_failed/import_failed.py')" +LD_LIBRARY_PATH=. ./python -O -c "from py_compile import compile; compile('$FAILDIR/import_failed.py', dfile='%{sitedir}/_import_failed/import_failed.py')" +( + cd $FAILDIR + while read package modules; do + for module in $modules; do + ln import_failed.py $module.py + pushd __pycache__ + for i in import_failed*; do + ln $i "$module${i#import_failed}" + done + popd + done + done < %{SOURCE9} +) +echo %{sitedir}/_import_failed > %{buildroot}/%{sitedir}/site-packages/zzzz-import-failed-hooks.pth +%endif + +# For the purposes of reproducibility, it is necessary to eliminate any *.pyc files inside documentation dirs +if [ -d %{buildroot}%{_defaultdocdir} ] ; then +find %{buildroot}%{_defaultdocdir} -type f -name \*.pyc -ls -exec rm -vf '{}' \; +fi + +%if %{with general} +%files -n %{python_pkg_name}-tk +%{sitedir}/tkinter +%exclude %{sitedir}/tkinter/test +%{dynlib _tkinter} + +%files -n %{python_pkg_name}-curses +%{sitedir}/curses +%{dynlib _curses} +%{dynlib _curses_panel} + +%files -n %{python_pkg_name}-dbm +%{sitedir}/dbm +%{dynlib _dbm} +%{dynlib _gdbm} + +%files -n %{python_pkg_name} +%dir %{sitedir} +%dir %{sitedir}/lib-dynload +%{sitedir}/sqlite3 +%exclude %{sitedir}/sqlite3/test +%{dynlib readline} +%{dynlib _sqlite3} +%if 0%{?suse_version} < 1599 +%{dynlib nis} +%endif + +%files -n %{python_pkg_name}-idle +%{sitedir}/idlelib +%dir %{_sysconfdir}/idle%{python_version} +%config %{_sysconfdir}/idle%{python_version}/* +%doc Lib/idlelib/README.txt +%doc Lib/idlelib/TODO.txt +%doc Lib/idlelib/extend.txt +%doc Lib/idlelib/ChangeLog +%{_bindir}/idle%{python_version} +%{_datadir}/applications/idle%{python_version}.desktop +%{_datadir}/metainfo/idle%{python_version}.appdata.xml +%{_datadir}/icons/hicolor/*/apps/idle%{python_version}.png +%dir %{_datadir}/icons/hicolor +%dir %{_datadir}/icons/hicolor/16x16 +%dir %{_datadir}/icons/hicolor/32x32 +%dir %{_datadir}/icons/hicolor/48x48 +%dir %{_datadir}/icons/hicolor/*/apps +# endif for if general +%endif + +%if %{with doc} +%files -n %{python_pkg_name}-doc +%dir %{_docdir}/python%{python_version} +%doc %{_docdir}/python%{python_version}/Misc +%doc %{_docdir}/python%{python_version}/html + +%files -n %{python_pkg_name}-doc-devhelp +%dir %{_datadir}/gtk-doc +%dir %{_datadir}/gtk-doc/html +%doc %{_datadir}/gtk-doc/html/Python%{python_version} +%endif + +%if %{with base} +%post -n libpython%{so_version} -p /sbin/ldconfig +%postun -n libpython%{so_version} -p /sbin/ldconfig + +%files -n libpython%{so_version} +%{_libdir}/libpython%{python_abi}.so.%{so_major}.%{so_minor} + +%files -n %{python_pkg_name}-tools +%{sitedir}/turtledemo +%if %{primary_interpreter} +%{_bindir}/2to3 +%endif +%attr(755, root, root)%{_bindir}/2to3-%{python_version} +%doc %{_docdir}/%{name}/Tools + +%files -n %{python_pkg_name}-devel +%{_libdir}/libpython%{python_abi}.so +%if %{primary_interpreter} +%{_libdir}/libpython3.so +%endif +%{_libdir}/pkgconfig/* +%{_includedir}/python%{python_abi} +%{sitedir}/config-%{python_abi}-* +%{_bindir}/python%{python_abi}-config +%if %{primary_interpreter} +%{_bindir}/python3-config +%endif +# Own these directories to not depend on gdb +%dir %{_datadir}/gdb +%dir %{_datadir}/gdb/auto-load +%dir %{_datadir}/gdb/auto-load%{_prefix} +%dir %{_datadir}/gdb/auto-load%{_libdir} +%{_datadir}/gdb/auto-load/%{_libdir}/libpython%{python_abi}.so.%{so_major}.%{so_minor}-gdb.py + +%files -n %{python_pkg_name}-testsuite +%{sitedir}/test +%{sitedir}/*/test +%{sitedir}/*/tests +%{dynlib _ctypes_test} +%{dynlib _testbuffer} +%{dynlib _testcapi} +%{dynlib _testclinic} +%{dynlib _testinternalcapi} +%{dynlib _testimportmultiple} +%{dynlib _testmultiphase} +%{dynlib xxlimited} +# workaround for missing packages +%dir %{sitedir}/sqlite3 +%dir %{sitedir}/tkinter + +%files -n %{python_pkg_name}-base +# docs +%dir %{_docdir}/%{name} +%doc %{_docdir}/%{name}/README.rst +%license LICENSE +%doc %{_docdir}/%{name}/README.SUSE +%if %{primary_interpreter} +%{_mandir}/man1/python3.1%{?ext_man} +%endif +%{_mandir}/man1/python%{python_version}.1%{?ext_man} +%if %{with externally_managed} +# PEP-0668 +%{sitedir}/EXTERNALLY-MANAGED +%endif +# license text, not a doc because the code can use it at run-time +%{sitedir}/LICENSE.txt +# RPM macros +%if %{primary_interpreter} +%{_rpmconfigdir}/macros.d/macros.python3 +%endif +# binary parts +%dir %{sitedir}/lib-dynload +%{dynlib array} +%{dynlib _asyncio} +%{dynlib audioop} +%{dynlib binascii} +%{dynlib _bisect} +%{dynlib _bz2} +%{dynlib cmath} +%{dynlib _codecs_cn} +%{dynlib _codecs_hk} +%{dynlib _codecs_iso2022} +%{dynlib _codecs_jp} +%{dynlib _codecs_kr} +%{dynlib _codecs_tw} +%{dynlib _contextvars} +%{dynlib _crypt} +%{dynlib _csv} +%{dynlib _ctypes} +%{dynlib _datetime} +%{dynlib _decimal} +%{dynlib _elementtree} +%{dynlib fcntl} +%{dynlib grp} +%{dynlib _hashlib} +%{dynlib _heapq} +%{dynlib _json} +%{dynlib _lsprof} +%{dynlib _lzma} +%{dynlib math} +%{dynlib mmap} +%{dynlib _multibytecodec} +%{dynlib _multiprocessing} +%{dynlib _opcode} +%{dynlib ossaudiodev} +%{dynlib _pickle} +%{dynlib _posixshmem} +%{dynlib _posixsubprocess} +%{dynlib pyexpat} +%{dynlib _queue} +%{dynlib _random} +%{dynlib resource} +%{dynlib select} +%{dynlib _socket} +%{dynlib spwd} +%{dynlib _ssl} +%{dynlib _statistics} +%{dynlib _struct} +%{dynlib syslog} +%{dynlib termios} +%{dynlib _typing} +%{dynlib unicodedata} +%{dynlib _uuid} +%{dynlib _xxsubinterpreters} +%{dynlib _xxtestfuzz} +%{dynlib xxlimited_35} +%{dynlib zlib} +%{dynlib _zoneinfo} +# hashlib fallback modules +%{dynlib _blake2} +%{dynlib _md5} +%{dynlib _sha1} +%{dynlib _sha256} +%{dynlib _sha512} +%{dynlib _sha3} +# python parts +%dir %{_prefix}/lib/python%{python_version} +%dir %{_prefix}/lib/python%{python_version}/site-packages +%dir %{_prefix}/lib/python%{python_version}/site-packages/__pycache__ +%dir %{sitedir} +%dir %{sitedir}/site-packages +%dir %{sitedir}/site-packages/__pycache__ +%exclude %{sitedir}/*/test +%exclude %{sitedir}/*/tests +%{sitedir}/*.py +%{sitedir}/asyncio +%{sitedir}/ctypes +%{sitedir}/collections +%{sitedir}/concurrent +%{sitedir}/distutils +%{sitedir}/email +%{sitedir}/encodings +%{sitedir}/ensurepip +%{sitedir}/html +%{sitedir}/http +%{sitedir}/importlib +%{sitedir}/json +%{sitedir}/lib2to3 +%{sitedir}/logging +%{sitedir}/multiprocessing +%{sitedir}/pydoc_data +%{sitedir}/re +%{sitedir}/tomllib +%{sitedir}/unittest +%{sitedir}/urllib +%{sitedir}/venv +%{sitedir}/wsgiref +%{sitedir}/xml +%{sitedir}/xmlrpc +%{sitedir}/zoneinfo +%{sitedir}/__phello__ +%{sitedir}/__pycache__ +# import-failed hooks +%{sitedir}/_import_failed +%{sitedir}/site-packages/zzzz-import-failed-hooks.pth +# symlinks +%if %{primary_interpreter} +%{_bindir}/python3 +%{_bindir}/pydoc3 +%endif +# executables +%attr(755, root, root) %{_bindir}/pydoc%{python_version} +# %%attr(755, root, root) %%{_bindir}/python%%{python_abi} +%attr(755, root, root) %{_bindir}/python%{python_version} +# endif for if base +%endif + +%changelog diff --git a/skip-test_pyobject_freed_is_freed.patch b/skip-test_pyobject_freed_is_freed.patch new file mode 100644 index 0000000..6f48b09 --- /dev/null +++ b/skip-test_pyobject_freed_is_freed.patch @@ -0,0 +1,23 @@ +--- + Lib/test/test_capi/test_misc.py | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/Lib/test/test_capi/test_misc.py ++++ b/Lib/test/test_capi/test_misc.py +@@ -40,6 +40,8 @@ import _testinternalcapi + # Were we compiled --with-pydebug or with #define Py_DEBUG? + Py_DEBUG = hasattr(sys, 'gettotalrefcount') + ++# Which version of the SLE distro we build on? ++SLE_VERSION = int(os.environ.get('SLE_VERSION', '0'), 10) + + NULL = None + +@@ -1281,6 +1283,7 @@ class PyMemDebugTests(unittest.TestCase) + def test_pyobject_forbidden_bytes_is_freed(self): + self.check_pyobject_is_freed('check_pyobject_forbidden_bytes_is_freed') + ++ @unittest.skipIf(0 < SLE_VERSION < 150300, 'Failing on Leap 15.*') + def test_pyobject_freed_is_freed(self): + self.check_pyobject_is_freed('check_pyobject_freed_is_freed') + diff --git a/skip_if_buildbot-extend.patch b/skip_if_buildbot-extend.patch new file mode 100644 index 0000000..fd9a584 --- /dev/null +++ b/skip_if_buildbot-extend.patch @@ -0,0 +1,15 @@ +--- + Lib/test/support/__init__.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/Lib/test/support/__init__.py ++++ b/Lib/test/support/__init__.py +@@ -384,7 +384,7 @@ def skip_if_buildbot(reason=None): + if not reason: + reason = 'not suitable for buildbots' + try: +- isbuildbot = getpass.getuser().lower() == 'buildbot' ++ isbuildbot = getpass.getuser().lower() in ['buildbot', 'abuild'] + except (KeyError, EnvironmentError) as err: + warnings.warn(f'getpass.getuser() failed {err}.', RuntimeWarning) + isbuildbot = False diff --git a/skipped_tests.py b/skipped_tests.py new file mode 100644 index 0000000..47002e6 --- /dev/null +++ b/skipped_tests.py @@ -0,0 +1,69 @@ +#!/usr/bin/python3 +""" +Simple regexp-based skipped test checker. +It lists tests that are mentioned (presumably for exclusion) +in BASE, and in MAIN (presumably for inclusion) +and reports discrepancies. + +This will have a number of +""" + +MAIN = "python39.spec" + +import glob +import re +from os.path import basename + +alltests = set() +qemu_exclusions = set() + +for item in glob.glob("Python-*/Lib/test/test_*"): + testname = basename(item) + if testname.endswith(".py"): + testname = testname[:-3] + alltests.add(testname) + +testre = re.compile(r'[\s"](test_\w+)\b') + +def find_tests_in_spec(specname): + global qemu_exclusions + + found_tests = set() + with open(specname) as spec: + in_qemu = False + for line in spec: + line = line.strip() + if "#" in line: + line = line[:line.index("#")] + tests = set(testre.findall(line)) + found_tests |= tests + if line == "%if 0%{?qemu_user_space_build} > 0": + in_qemu = True + if in_qemu: + if line == "%endif": + in_qemu = False + qemu_exclusions |= tests + return found_tests + +excluded = find_tests_in_spec(MAIN) + +#print("--- excluded tests:", " ".join(sorted(excluded))) +#print("--- included tests:", " ".join(sorted(included))) + +mentioned = excluded +nonexistent = mentioned - alltests +missing = excluded - qemu_exclusions + +print("--- the following tests are excluded for QEMU and not tested in python") +print("--- (that probably means we don't need to worry about them)") +for test in sorted(qemu_exclusions - excluded): + print(test) + +print("--- the following tests might be excluded in python:") +for test in sorted(missing): + print(test) + +if nonexistent: + print("--- the following tests don't exist:") + for test in sorted(nonexistent): + print(test) diff --git a/subprocess-raise-timeout.patch b/subprocess-raise-timeout.patch new file mode 100644 index 0000000..ab29d50 --- /dev/null +++ b/subprocess-raise-timeout.patch @@ -0,0 +1,18 @@ +--- + Lib/test/test_subprocess.py | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +Index: Python-3.11.8/Lib/test/test_subprocess.py +=================================================================== +--- Python-3.11.8.orig/Lib/test/test_subprocess.py ++++ Python-3.11.8/Lib/test/test_subprocess.py +@@ -280,7 +280,8 @@ class ProcessTestCase(BaseTestCase): + "time.sleep(3600)"], + # Some heavily loaded buildbots (sparc Debian 3.x) require + # this much time to start and print. +- timeout=3) ++ # OBS might require even more ++ timeout=10) + self.fail("Expected TimeoutExpired.") + self.assertEqual(c.exception.output, b'BDFL') + -- 2.51.1 From 3e044ac945810180a47f54d962b444fb383c017f9e5d67d9c52415be4ab6c7be Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Tue, 4 Feb 2025 14:57:26 +0000 Subject: [PATCH 111/135] Remove unnecessary patch file. OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=159 --- 129528.patch | 134 --------------------------------------------------- 1 file changed, 134 deletions(-) delete mode 100644 129528.patch diff --git a/129528.patch b/129528.patch deleted file mode 100644 index 75d4a6c..0000000 --- a/129528.patch +++ /dev/null @@ -1,134 +0,0 @@ -From d91e2c740890837edafaee24d68112b776cda9c5 Mon Sep 17 00:00:00 2001 -From: Seth Michael Larson -Date: Fri, 31 Jan 2025 11:41:34 -0600 -Subject: [PATCH] gh-105704: Disallow square brackets (`[` and `]`) in domain - names for parsed URLs (GH-129418) - -* gh-105704: Disallow square brackets ( and ) in domain names for parsed URLs - -* Use Sphinx references - -Co-authored-by: Peter Bierma - -* Add mismatched bracket test cases, fix news format - -* Add more test coverage for ports - ---------- - -(cherry picked from commit d89a5f6a6e65511a5f6e0618c4c30a7aa5aba56a) - -Co-authored-by: Seth Michael Larson -Co-authored-by: Peter Bierma ---- - Lib/test/test_urlparse.py | 37 ++++++++++++++++++- - Lib/urllib/parse.py | 20 +++++++++- - ...-01-28-14-08-03.gh-issue-105704.EnhHxu.rst | 4 ++ - 3 files changed, 58 insertions(+), 3 deletions(-) - create mode 100644 Misc/NEWS.d/next/Security/2025-01-28-14-08-03.gh-issue-105704.EnhHxu.rst - -diff --git a/Lib/test/test_urlparse.py b/Lib/test/test_urlparse.py -index 2376dad81b2fbc..a283063f24f16e 100644 ---- a/Lib/test/test_urlparse.py -+++ b/Lib/test/test_urlparse.py -@@ -1224,16 +1224,51 @@ def test_invalid_bracketed_hosts(self): - self.assertRaises(ValueError, urllib.parse.urlsplit, 'Scheme://user@[0439:23af::2309::fae7:1234]/Path?Query') - self.assertRaises(ValueError, urllib.parse.urlsplit, 'Scheme://user@[0439:23af:2309::fae7:1234:2342:438e:192.0.2.146]/Path?Query') - self.assertRaises(ValueError, urllib.parse.urlsplit, 'Scheme://user@]v6a.ip[/Path') -+ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[v6a.ip]') -+ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[v6a.ip].suffix') -+ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[v6a.ip]/') -+ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[v6a.ip].suffix/') -+ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[v6a.ip]?') -+ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[v6a.ip].suffix?') -+ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]') -+ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix') -+ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]/') -+ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix/') -+ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]?') -+ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix?') -+ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]:a') -+ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix:a') -+ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]:a1') -+ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix:a1') -+ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]:1a') -+ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix:1a') -+ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]:') -+ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix:/') -+ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]:?') -+ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://user@prefix.[v6a.ip]') -+ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://user@[v6a.ip].suffix') -+ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[v6a.ip') -+ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://v6a.ip]') -+ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://]v6a.ip[') -+ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://]v6a.ip') -+ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://v6a.ip[') -+ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[v6a.ip') -+ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://v6a.ip].suffix') -+ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix]v6a.ip[suffix') -+ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix]v6a.ip') -+ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://v6a.ip[suffix') - - def test_splitting_bracketed_hosts(self): -- p1 = urllib.parse.urlsplit('scheme://user@[v6a.ip]/path?query') -+ p1 = urllib.parse.urlsplit('scheme://user@[v6a.ip]:1234/path?query') - self.assertEqual(p1.hostname, 'v6a.ip') - self.assertEqual(p1.username, 'user') - self.assertEqual(p1.path, '/path') -+ self.assertEqual(p1.port, 1234) - p2 = urllib.parse.urlsplit('scheme://user@[0439:23af:2309::fae7%test]/path?query') - self.assertEqual(p2.hostname, '0439:23af:2309::fae7%test') - self.assertEqual(p2.username, 'user') - self.assertEqual(p2.path, '/path') -+ self.assertIs(p2.port, None) - p3 = urllib.parse.urlsplit('scheme://user@[0439:23af:2309::fae7:1234:192.0.2.146%test]/path?query') - self.assertEqual(p3.hostname, '0439:23af:2309::fae7:1234:192.0.2.146%test') - self.assertEqual(p3.username, 'user') -diff --git a/Lib/urllib/parse.py b/Lib/urllib/parse.py -index abf1d1b546682a..724cce8d39785d 100644 ---- a/Lib/urllib/parse.py -+++ b/Lib/urllib/parse.py -@@ -436,6 +436,23 @@ def _checknetloc(netloc): - raise ValueError("netloc '" + netloc + "' contains invalid " + - "characters under NFKC normalization") - -+def _check_bracketed_netloc(netloc): -+ # Note that this function must mirror the splitting -+ # done in NetlocResultMixins._hostinfo(). -+ hostname_and_port = netloc.rpartition('@')[2] -+ before_bracket, have_open_br, bracketed = hostname_and_port.partition('[') -+ if have_open_br: -+ # No data is allowed before a bracket. -+ if before_bracket: -+ raise ValueError("Invalid IPv6 URL") -+ hostname, _, port = bracketed.partition(']') -+ # No data is allowed after the bracket but before the port delimiter. -+ if port and not port.startswith(":"): -+ raise ValueError("Invalid IPv6 URL") -+ else: -+ hostname, _, port = hostname_and_port.partition(':') -+ _check_bracketed_host(hostname) -+ - # Valid bracketed hosts are defined in - # https://www.rfc-editor.org/rfc/rfc3986#page-49 and https://url.spec.whatwg.org/ - def _check_bracketed_host(hostname): -@@ -496,8 +513,7 @@ def urlsplit(url, scheme='', allow_fragments=True): - (']' in netloc and '[' not in netloc)): - raise ValueError("Invalid IPv6 URL") - if '[' in netloc and ']' in netloc: -- bracketed_host = netloc.partition('[')[2].partition(']')[0] -- _check_bracketed_host(bracketed_host) -+ _check_bracketed_netloc(netloc) - if allow_fragments and '#' in url: - url, fragment = url.split('#', 1) - if '?' in url: -diff --git a/Misc/NEWS.d/next/Security/2025-01-28-14-08-03.gh-issue-105704.EnhHxu.rst b/Misc/NEWS.d/next/Security/2025-01-28-14-08-03.gh-issue-105704.EnhHxu.rst -new file mode 100644 -index 00000000000000..bff1bc6b0d609c ---- /dev/null -+++ b/Misc/NEWS.d/next/Security/2025-01-28-14-08-03.gh-issue-105704.EnhHxu.rst -@@ -0,0 +1,4 @@ -+When using :func:`urllib.parse.urlsplit` and :func:`urllib.parse.urlparse` host -+parsing would not reject domain names containing square brackets (``[`` and -+``]``). Square brackets are only valid for IPv6 and IPvFuture hosts according to -+`RFC 3986 Section 3.2.2 `__. -- 2.51.1 From 1bdf1122986168e33763f29b638b441b96133380e55b4bbcd3c95b488bc5465d Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Mon, 10 Mar 2025 18:50:17 +0000 Subject: [PATCH 112/135] - Skip PGO with %want_reproducible_builds (boo#1040589) OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=161 --- .gitattributes | 23 + .gitignore | 1 + CVE-2023-52425-libexpat-2.6.0-backport.patch | 223 + ...-52425-remove-reparse_deferral-tests.patch | 60 + CVE-2024-9287-venv_path_unquoted.patch | 299 + CVE-2025-0938-sq-brackets-domain-names.patch | 127 + F00251-change-user-install-location.patch | 215 + PACKAGING-NOTES | 26 + Python-3.11.10.tar.xz | 3 + Python-3.11.10.tar.xz.asc | 16 + Python-3.11.11.tar.xz | 3 + Python-3.11.11.tar.xz.sigstore | 1 + README.SUSE | 43 + _multibuild | 4 + add-loongarch64-support.patch | 25 + baselibs.conf | 3 + bluez-devel-vendor.tar.xz | 3 + bpo-31046_ensurepip_honours_prefix.patch | 173 + bsc1221260-test_asyncio-ResourceWarning.patch | 21 + bso1227999-reproducible-builds.patch | 37 + distutils-reproducible-compile.patch | 17 + externally_managed.in | 12 + fix_configure_rst.patch | 40 + gh120226-fix-sendfile-test-kernel-610.patch | 35 + idle3.appdata.xml | 35 + idle3.desktop | 12 + import_failed.map | 7 + import_failed.py | 23 + macros.python3 | 28 + no-skipif-doctests.patch | 653 ++ pre_checkin.sh | 78 + python-3.3.0b1-fix_date_time_compiler.patch | 27 + python-3.3.0b1-localpath.patch | 13 + python-3.3.0b1-test-posix_fadvise.patch | 17 + python.keyring | 109 + python311-rpmlintrc | 3 + python311.changes | 5515 +++++++++++++++++ python311.spec | 1064 ++++ skip-test_pyobject_freed_is_freed.patch | 23 + skip_if_buildbot-extend.patch | 15 + skipped_tests.py | 69 + subprocess-raise-timeout.patch | 18 + 42 files changed, 9119 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 CVE-2023-52425-libexpat-2.6.0-backport.patch create mode 100644 CVE-2023-52425-remove-reparse_deferral-tests.patch create mode 100644 CVE-2024-9287-venv_path_unquoted.patch create mode 100644 CVE-2025-0938-sq-brackets-domain-names.patch create mode 100644 F00251-change-user-install-location.patch create mode 100644 PACKAGING-NOTES create mode 100644 Python-3.11.10.tar.xz create mode 100644 Python-3.11.10.tar.xz.asc create mode 100644 Python-3.11.11.tar.xz create mode 100644 Python-3.11.11.tar.xz.sigstore create mode 100644 README.SUSE create mode 100644 _multibuild create mode 100644 add-loongarch64-support.patch create mode 100644 baselibs.conf create mode 100644 bluez-devel-vendor.tar.xz create mode 100644 bpo-31046_ensurepip_honours_prefix.patch create mode 100644 bsc1221260-test_asyncio-ResourceWarning.patch create mode 100644 bso1227999-reproducible-builds.patch create mode 100644 distutils-reproducible-compile.patch create mode 100644 externally_managed.in create mode 100644 fix_configure_rst.patch create mode 100644 gh120226-fix-sendfile-test-kernel-610.patch create mode 100644 idle3.appdata.xml create mode 100644 idle3.desktop create mode 100644 import_failed.map create mode 100644 import_failed.py create mode 100644 macros.python3 create mode 100644 no-skipif-doctests.patch create mode 100644 pre_checkin.sh create mode 100644 python-3.3.0b1-fix_date_time_compiler.patch create mode 100644 python-3.3.0b1-localpath.patch create mode 100644 python-3.3.0b1-test-posix_fadvise.patch create mode 100644 python.keyring create mode 100644 python311-rpmlintrc create mode 100644 python311.changes create mode 100644 python311.spec create mode 100644 skip-test_pyobject_freed_is_freed.patch create mode 100644 skip_if_buildbot-extend.patch create mode 100644 skipped_tests.py create mode 100644 subprocess-raise-timeout.patch diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/CVE-2023-52425-libexpat-2.6.0-backport.patch b/CVE-2023-52425-libexpat-2.6.0-backport.patch new file mode 100644 index 0000000..c1c66b7 --- /dev/null +++ b/CVE-2023-52425-libexpat-2.6.0-backport.patch @@ -0,0 +1,223 @@ +--- + Lib/test/support/__init__.py | 16 ++++++++++++++-- + Lib/test/test_minidom.py | 23 +++++++++-------------- + Lib/test/test_pyexpat.py | 12 +++++------- + Lib/test/test_sax.py | 18 +++++++++--------- + Lib/test/test_xml_etree.py | 12 ------------ + 5 files changed, 37 insertions(+), 44 deletions(-) + +--- a/Lib/test/support/__init__.py ++++ b/Lib/test/support/__init__.py +@@ -8,6 +8,7 @@ import dataclasses + import functools + import os + import re ++import pyexpat + import stat + import sys + import sysconfig +@@ -56,7 +57,7 @@ __all__ = [ + "run_with_tz", "PGO", "missing_compiler_executable", + "ALWAYS_EQ", "NEVER_EQ", "LARGEST", "SMALLEST", + "LOOPBACK_TIMEOUT", "INTERNET_TIMEOUT", "SHORT_TIMEOUT", "LONG_TIMEOUT", +- "skip_on_s390x", ++ "skip_on_s390x", "fails_with_expat_2_6_0", "is_expat_2_6_0" + ] + + +@@ -2240,6 +2241,17 @@ def copy_python_src_ignore(path, names): + } + return ignored + +-#Windows doesn't have os.uname() but it doesn't support s390x. ++ ++# Windows doesn't have os.uname() but it doesn't support s390x. + skip_on_s390x = unittest.skipIf(hasattr(os, 'uname') and os.uname().machine == 's390x', + 'skipped on s390x') ++ ++ ++@functools.lru_cache ++def _is_expat_2_6_0(): ++ return hasattr(pyexpat.ParserCreate(), 'SetReparseDeferralEnabled') ++is_expat_2_6_0 = _is_expat_2_6_0() ++ ++fails_with_expat_2_6_0 = (unittest.expectedFailure ++ if is_expat_2_6_0 ++ else lambda test: test) +--- a/Lib/test/test_minidom.py ++++ b/Lib/test/test_minidom.py +@@ -6,7 +6,6 @@ import io + from test import support + import unittest + +-import pyexpat + import xml.dom.minidom + + from xml.dom.minidom import parse, Attr, Node, Document, parseString +@@ -1163,13 +1162,11 @@ class MinidomTest(unittest.TestCase): + + # Verify that character decoding errors raise exceptions instead + # of crashing +- if pyexpat.version_info >= (2, 4, 5): +- self.assertRaises(ExpatError, parseString, +- b'') +- self.assertRaises(ExpatError, parseString, +- b'Comment \xe7a va ? Tr\xe8s bien ?') +- else: +- self.assertRaises(UnicodeDecodeError, parseString, ++ # It doesn’t make any sense to insist on the exact text of the ++ # error message, or even the exact Exception … it is enough that ++ # the error has been discovered. ++ with self.assertRaises((UnicodeDecodeError, ExpatError)): ++ parseString( + b'Comment \xe7a va ? Tr\xe8s bien ?') + + doc.unlink() +@@ -1631,12 +1628,10 @@ class MinidomTest(unittest.TestCase): + self.confirm(doc2.namespaceURI == xml.dom.EMPTY_NAMESPACE) + + def testExceptionOnSpacesInXMLNSValue(self): +- if pyexpat.version_info >= (2, 4, 5): +- context = self.assertRaisesRegex(ExpatError, 'syntax error') +- else: +- context = self.assertRaisesRegex(ValueError, 'Unsupported syntax') +- +- with context: ++ # It doesn’t make any sense to insist on the exact text of the ++ # error message, or even the exact Exception … it is enough that ++ # the error has been discovered. ++ with self.assertRaises((ExpatError, ValueError)): + parseString('') + + def testDocRemoveChild(self): +--- a/Lib/test/test_pyexpat.py ++++ b/Lib/test/test_pyexpat.py +@@ -14,8 +14,7 @@ from test.support import os_helper + from xml.parsers import expat + from xml.parsers.expat import errors + +-from test.support import sortdict, is_emscripten, is_wasi +- ++from test.support import sortdict, is_emscripten, is_wasi, is_expat_2_6_0 + + class SetAttributeTest(unittest.TestCase): + def setUp(self): +@@ -770,9 +769,8 @@ class ReparseDeferralTest(unittest.TestC + self.assertIs(parser.GetReparseDeferralEnabled(), enabled) + + def test_reparse_deferral_enabled(self): +- if expat.version_info < (2, 6, 0): +- self.skipTest(f'Expat {expat.version_info} does not ' +- 'support reparse deferral') ++ if not is_expat_2_6_0: ++ self.skipTest("Linked libexpat doesn't support reparse deferral") + + started = [] + +@@ -801,9 +799,9 @@ class ReparseDeferralTest(unittest.TestC + + parser = expat.ParserCreate() + parser.StartElementHandler = start_element +- if expat.version_info >= (2, 6, 0): ++ if is_expat_2_6_0: + parser.SetReparseDeferralEnabled(False) +- self.assertFalse(parser.GetReparseDeferralEnabled()) ++ self.assertFalse(parser.GetReparseDeferralEnabled()) + + for chunk in (b''): + parser.Parse(chunk, False) +--- a/Lib/test/test_sax.py ++++ b/Lib/test/test_sax.py +@@ -19,13 +19,11 @@ from xml.sax.xmlreader import InputSourc + from io import BytesIO, StringIO + import codecs + import os.path +-import pyexpat + import shutil + import sys + from urllib.error import URLError + import urllib.request +-from test.support import os_helper +-from test.support import findfile ++from test.support import os_helper, findfile, is_expat_2_6_0 + from test.support.os_helper import FakePath, TESTFN + + +@@ -1215,10 +1213,10 @@ class ExpatReaderTest(XmlTestBase): + + self.assertEqual(result.getvalue(), start + b"text") + +- @unittest.skipIf(pyexpat.version_info < (2, 6, 0), +- f'Expat {pyexpat.version_info} does not ' +- 'support reparse deferral') + def test_flush_reparse_deferral_enabled(self): ++ if not is_expat_2_6_0: ++ self.skipTest("Linked libexpat doesn't support reparse deferral") ++ + result = BytesIO() + xmlgen = XMLGenerator(result) + parser = create_parser() +@@ -1241,6 +1239,9 @@ class ExpatReaderTest(XmlTestBase): + self.assertEqual(result.getvalue(), start + b"") + + def test_flush_reparse_deferral_disabled(self): ++ if not is_expat_2_6_0: ++ self.skipTest("Linked libexpat doesn't support reparse deferral") ++ + result = BytesIO() + xmlgen = XMLGenerator(result) + parser = create_parser() +@@ -1249,9 +1250,8 @@ class ExpatReaderTest(XmlTestBase): + for chunk in (""): + parser.feed(chunk) + +- if pyexpat.version_info >= (2, 6, 0): +- parser._parser.SetReparseDeferralEnabled(False) +- self.assertEqual(result.getvalue(), start) # i.e. no elements started ++ parser._parser.SetReparseDeferralEnabled(False) ++ self.assertEqual(result.getvalue(), start) # i.e. no elements started + + self.assertFalse(parser._parser.GetReparseDeferralEnabled()) + +--- a/Lib/test/test_xml_etree.py ++++ b/Lib/test/test_xml_etree.py +@@ -13,7 +13,6 @@ import itertools + import operator + import os + import pickle +-import pyexpat + import sys + import textwrap + import types +@@ -1424,12 +1423,6 @@ class XMLPullParserTest(unittest.TestCas + self.assert_event_tags(parser, [('end', 'root')]) + self.assertIsNone(parser.close()) + +- def test_simple_xml_chunk_1(self): +- self.test_simple_xml(chunk_size=1, flush=True) +- +- def test_simple_xml_chunk_5(self): +- self.test_simple_xml(chunk_size=5, flush=True) +- + def test_simple_xml_chunk_22(self): + self.test_simple_xml(chunk_size=22) + +@@ -1627,9 +1620,6 @@ class XMLPullParserTest(unittest.TestCas + with self.assertRaises(ValueError): + ET.XMLPullParser(events=('start', 'end', 'bogus')) + +- @unittest.skipIf(pyexpat.version_info < (2, 6, 0), +- f'Expat {pyexpat.version_info} does not ' +- 'support reparse deferral') + def test_flush_reparse_deferral_enabled(self): + parser = ET.XMLPullParser(events=('start', 'end')) + +@@ -1656,8 +1646,6 @@ class XMLPullParserTest(unittest.TestCas + + for chunk in (""): + parser.feed(chunk) +- +- if pyexpat.version_info >= (2, 6, 0): + if not ET is pyET: + self.skipTest(f'XMLParser.(Get|Set)ReparseDeferralEnabled ' + 'methods not available in C') diff --git a/CVE-2023-52425-remove-reparse_deferral-tests.patch b/CVE-2023-52425-remove-reparse_deferral-tests.patch new file mode 100644 index 0000000..553bdf8 --- /dev/null +++ b/CVE-2023-52425-remove-reparse_deferral-tests.patch @@ -0,0 +1,60 @@ +--- + Lib/test/test_pyexpat.py | 2 ++ + Lib/test/test_sax.py | 2 ++ + Lib/test/test_xml_etree.py | 2 ++ + 3 files changed, 6 insertions(+) + +--- a/Lib/test/test_pyexpat.py ++++ b/Lib/test/test_pyexpat.py +@@ -768,6 +768,7 @@ class ReparseDeferralTest(unittest.TestC + parser.SetReparseDeferralEnabled(True) + self.assertIs(parser.GetReparseDeferralEnabled(), enabled) + ++ @unittest.skip('Tests are failing.') + def test_reparse_deferral_enabled(self): + if not is_expat_2_6_0: + self.skipTest("Linked libexpat doesn't support reparse deferral") +@@ -791,6 +792,7 @@ class ReparseDeferralTest(unittest.TestC + + self.assertEqual(started, ['doc']) + ++ @unittest.skip('Tests are failing.') + def test_reparse_deferral_disabled(self): + started = [] + +--- a/Lib/test/test_sax.py ++++ b/Lib/test/test_sax.py +@@ -1213,6 +1213,7 @@ class ExpatReaderTest(XmlTestBase): + + self.assertEqual(result.getvalue(), start + b"text") + ++ @unittest.skip('Tests are failing.') + def test_flush_reparse_deferral_enabled(self): + if not is_expat_2_6_0: + self.skipTest("Linked libexpat doesn't support reparse deferral") +@@ -1238,6 +1239,7 @@ class ExpatReaderTest(XmlTestBase): + + self.assertEqual(result.getvalue(), start + b"") + ++ @unittest.skip('Tests are failing.') + def test_flush_reparse_deferral_disabled(self): + if not is_expat_2_6_0: + self.skipTest("Linked libexpat doesn't support reparse deferral") +--- a/Lib/test/test_xml_etree.py ++++ b/Lib/test/test_xml_etree.py +@@ -1620,6 +1620,7 @@ class XMLPullParserTest(unittest.TestCas + with self.assertRaises(ValueError): + ET.XMLPullParser(events=('start', 'end', 'bogus')) + ++ @unittest.skip('Tests are failing.') + def test_flush_reparse_deferral_enabled(self): + parser = ET.XMLPullParser(events=('start', 'end')) + +@@ -1641,6 +1642,7 @@ class XMLPullParserTest(unittest.TestCas + + self.assert_event_tags(parser, [('end', 'doc')]) + ++ @unittest.skip('Tests are failing.') + def test_flush_reparse_deferral_disabled(self): + parser = ET.XMLPullParser(events=('start', 'end')) + diff --git a/CVE-2024-9287-venv_path_unquoted.patch b/CVE-2024-9287-venv_path_unquoted.patch new file mode 100644 index 0000000..541a907 --- /dev/null +++ b/CVE-2024-9287-venv_path_unquoted.patch @@ -0,0 +1,299 @@ +From 1408cc9bf9e8b19968761548c30b78d37074c21c Mon Sep 17 00:00:00 2001 +From: Y5 <124019959+y5c4l3@users.noreply.github.com> +Date: Tue, 22 Oct 2024 04:48:04 +0800 +Subject: [PATCH] gh-124651: Quote template strings in `venv` activation + scripts (GH-124712) + +This patch properly quotes template strings in `venv` activation +scripts. This mitigates potential command injection. + +(cherry picked from commit d48cc82ed25e26b02eb97c6263d95dcaa1e9111b) +--- + Lib/test/test_venv.py | 81 ++++++++++ + Lib/venv/__init__.py | 42 ++++- + Lib/venv/scripts/common/activate | 8 + Lib/venv/scripts/nt/activate.bat | 6 + Lib/venv/scripts/posix/activate.csh | 8 + Lib/venv/scripts/posix/activate.fish | 8 + Misc/NEWS.d/next/Library/2024-09-28-02-03-04.gh-issue-124651.bLBGtH.rst | 1 + 7 files changed, 134 insertions(+), 20 deletions(-) + create mode 100644 Misc/NEWS.d/next/Library/2024-09-28-02-03-04.gh-issue-124651.bLBGtH.rst + +--- a/Lib/test/test_venv.py ++++ b/Lib/test/test_venv.py +@@ -11,6 +11,7 @@ import os + import os.path + import pathlib + import re ++import shlex + import shutil + import struct + import subprocess +@@ -96,6 +97,10 @@ class BaseTest(unittest.TestCase): + result = f.read() + return result + ++ def assertEndsWith(self, string, tail): ++ if not string.endswith(tail): ++ self.fail(f"String {string!r} does not end with {tail!r}") ++ + class BasicTest(BaseTest): + """Test venv module functionality.""" + +@@ -446,6 +451,82 @@ class BasicTest(BaseTest): + 'import sys; print(sys.executable)']) + self.assertEqual(out.strip(), envpy.encode()) + ++ # gh-124651: test quoted strings ++ @unittest.skipIf(os.name == 'nt', 'contains invalid characters on Windows') ++ def test_special_chars_bash(self): ++ """ ++ Test that the template strings are quoted properly (bash) ++ """ ++ rmtree(self.env_dir) ++ bash = shutil.which('bash') ++ if bash is None: ++ self.skipTest('bash required for this test') ++ env_name = '"\';&&$e|\'"' ++ env_dir = os.path.join(os.path.realpath(self.env_dir), env_name) ++ builder = venv.EnvBuilder(clear=True) ++ builder.create(env_dir) ++ activate = os.path.join(env_dir, self.bindir, 'activate') ++ test_script = os.path.join(self.env_dir, 'test_special_chars.sh') ++ with open(test_script, "w") as f: ++ f.write(f'source {shlex.quote(activate)}\n' ++ 'python -c \'import sys; print(sys.executable)\'\n' ++ 'python -c \'import os; print(os.environ["VIRTUAL_ENV"])\'\n' ++ 'deactivate\n') ++ out, err = check_output([bash, test_script]) ++ lines = out.splitlines() ++ self.assertTrue(env_name.encode() in lines[0]) ++ self.assertEndsWith(lines[1], env_name.encode()) ++ ++ # gh-124651: test quoted strings ++ @unittest.skipIf(os.name == 'nt', 'contains invalid characters on Windows') ++ def test_special_chars_csh(self): ++ """ ++ Test that the template strings are quoted properly (csh) ++ """ ++ rmtree(self.env_dir) ++ csh = shutil.which('tcsh') or shutil.which('csh') ++ if csh is None: ++ self.skipTest('csh required for this test') ++ env_name = '"\';&&$e|\'"' ++ env_dir = os.path.join(os.path.realpath(self.env_dir), env_name) ++ builder = venv.EnvBuilder(clear=True) ++ builder.create(env_dir) ++ activate = os.path.join(env_dir, self.bindir, 'activate.csh') ++ test_script = os.path.join(self.env_dir, 'test_special_chars.csh') ++ with open(test_script, "w") as f: ++ f.write(f'source {shlex.quote(activate)}\n' ++ 'python -c \'import sys; print(sys.executable)\'\n' ++ 'python -c \'import os; print(os.environ["VIRTUAL_ENV"])\'\n' ++ 'deactivate\n') ++ out, err = check_output([csh, test_script]) ++ lines = out.splitlines() ++ self.assertTrue(env_name.encode() in lines[0]) ++ self.assertEndsWith(lines[1], env_name.encode()) ++ ++ # gh-124651: test quoted strings on Windows ++ @unittest.skipUnless(os.name == 'nt', 'only relevant on Windows') ++ def test_special_chars_windows(self): ++ """ ++ Test that the template strings are quoted properly on Windows ++ """ ++ rmtree(self.env_dir) ++ env_name = "'&&^$e" ++ env_dir = os.path.join(os.path.realpath(self.env_dir), env_name) ++ builder = venv.EnvBuilder(clear=True) ++ builder.create(env_dir) ++ activate = os.path.join(env_dir, self.bindir, 'activate.bat') ++ test_batch = os.path.join(self.env_dir, 'test_special_chars.bat') ++ with open(test_batch, "w") as f: ++ f.write('@echo off\n' ++ f'"{activate}" & ' ++ f'{self.exe} -c "import sys; print(sys.executable)" & ' ++ f'{self.exe} -c "import os; print(os.environ[\'VIRTUAL_ENV\'])" & ' ++ 'deactivate') ++ out, err = check_output([test_batch]) ++ lines = out.splitlines() ++ self.assertTrue(env_name.encode() in lines[0]) ++ self.assertEndsWith(lines[1], env_name.encode()) ++ + @unittest.skipUnless(os.name == 'nt', 'only relevant on Windows') + def test_unicode_in_batch_file(self): + """ +--- a/Lib/venv/__init__.py ++++ b/Lib/venv/__init__.py +@@ -11,6 +11,7 @@ import subprocess + import sys + import sysconfig + import types ++import shlex + + + CORE_VENV_DEPS = ('pip', 'setuptools') +@@ -394,11 +395,41 @@ class EnvBuilder: + :param context: The information for the environment creation request + being processed. + """ +- text = text.replace('__VENV_DIR__', context.env_dir) +- text = text.replace('__VENV_NAME__', context.env_name) +- text = text.replace('__VENV_PROMPT__', context.prompt) +- text = text.replace('__VENV_BIN_NAME__', context.bin_name) +- text = text.replace('__VENV_PYTHON__', context.env_exe) ++ replacements = { ++ '__VENV_DIR__': context.env_dir, ++ '__VENV_NAME__': context.env_name, ++ '__VENV_PROMPT__': context.prompt, ++ '__VENV_BIN_NAME__': context.bin_name, ++ '__VENV_PYTHON__': context.env_exe, ++ } ++ ++ def quote_ps1(s): ++ """ ++ This should satisfy PowerShell quoting rules [1], unless the quoted ++ string is passed directly to Windows native commands [2]. ++ [1]: https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_quoting_rules ++ [2]: https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_parsing#passing-arguments-that-contain-quote-characters ++ """ ++ s = s.replace("'", "''") ++ return f"'{s}'" ++ ++ def quote_bat(s): ++ return s ++ ++ # gh-124651: need to quote the template strings properly ++ quote = shlex.quote ++ script_path = context.script_path ++ if script_path.endswith('.ps1'): ++ quote = quote_ps1 ++ elif script_path.endswith('.bat'): ++ quote = quote_bat ++ else: ++ # fallbacks to POSIX shell compliant quote ++ quote = shlex.quote ++ ++ replacements = {key: quote(s) for key, s in replacements.items()} ++ for key, quoted in replacements.items(): ++ text = text.replace(key, quoted) + return text + + def install_scripts(self, context, path): +@@ -438,6 +469,7 @@ class EnvBuilder: + with open(srcfile, 'rb') as f: + data = f.read() + if not srcfile.endswith(('.exe', '.pdb')): ++ context.script_path = srcfile + try: + data = data.decode('utf-8') + data = self.replace_variables(data, context) +--- a/Lib/venv/scripts/common/activate ++++ b/Lib/venv/scripts/common/activate +@@ -35,11 +35,11 @@ deactivate () { + # unset irrelevant variables + deactivate nondestructive + +-VIRTUAL_ENV="__VENV_DIR__" ++VIRTUAL_ENV=__VENV_DIR__ + export VIRTUAL_ENV + + _OLD_VIRTUAL_PATH="$PATH" +-PATH="$VIRTUAL_ENV/__VENV_BIN_NAME__:$PATH" ++PATH="$VIRTUAL_ENV/"__VENV_BIN_NAME__":$PATH" + export PATH + + # unset PYTHONHOME if set +@@ -52,9 +52,9 @@ fi + + if [ -z "${VIRTUAL_ENV_DISABLE_PROMPT:-}" ] ; then + _OLD_VIRTUAL_PS1="${PS1:-}" +- PS1="__VENV_PROMPT__${PS1:-}" ++ PS1=__VENV_PROMPT__"${PS1:-}" + export PS1 +- VIRTUAL_ENV_PROMPT="__VENV_PROMPT__" ++ VIRTUAL_ENV_PROMPT=__VENV_PROMPT__ + export VIRTUAL_ENV_PROMPT + fi + +--- a/Lib/venv/scripts/nt/activate.bat ++++ b/Lib/venv/scripts/nt/activate.bat +@@ -8,7 +8,7 @@ if defined _OLD_CODEPAGE ( + "%SystemRoot%\System32\chcp.com" 65001 > nul + ) + +-set VIRTUAL_ENV=__VENV_DIR__ ++set "VIRTUAL_ENV=__VENV_DIR__" + + if not defined PROMPT set PROMPT=$P$G + +@@ -24,8 +24,8 @@ set PYTHONHOME= + if defined _OLD_VIRTUAL_PATH set PATH=%_OLD_VIRTUAL_PATH% + if not defined _OLD_VIRTUAL_PATH set _OLD_VIRTUAL_PATH=%PATH% + +-set PATH=%VIRTUAL_ENV%\__VENV_BIN_NAME__;%PATH% +-set VIRTUAL_ENV_PROMPT=__VENV_PROMPT__ ++set "PATH=%VIRTUAL_ENV%\__VENV_BIN_NAME__;%PATH%" ++set "VIRTUAL_ENV_PROMPT=__VENV_PROMPT__" + + :END + if defined _OLD_CODEPAGE ( +--- a/Lib/venv/scripts/posix/activate.csh ++++ b/Lib/venv/scripts/posix/activate.csh +@@ -8,17 +8,17 @@ alias deactivate 'test $?_OLD_VIRTUAL_PA + # Unset irrelevant variables. + deactivate nondestructive + +-setenv VIRTUAL_ENV "__VENV_DIR__" ++setenv VIRTUAL_ENV __VENV_DIR__ + + set _OLD_VIRTUAL_PATH="$PATH" +-setenv PATH "$VIRTUAL_ENV/__VENV_BIN_NAME__:$PATH" ++setenv PATH "$VIRTUAL_ENV/"__VENV_BIN_NAME__":$PATH" + + + set _OLD_VIRTUAL_PROMPT="$prompt" + + if (! "$?VIRTUAL_ENV_DISABLE_PROMPT") then +- set prompt = "__VENV_PROMPT__$prompt" +- setenv VIRTUAL_ENV_PROMPT "__VENV_PROMPT__" ++ set prompt = __VENV_PROMPT__"$prompt" ++ setenv VIRTUAL_ENV_PROMPT __VENV_PROMPT__ + endif + + alias pydoc python -m pydoc +--- a/Lib/venv/scripts/posix/activate.fish ++++ b/Lib/venv/scripts/posix/activate.fish +@@ -33,10 +33,10 @@ end + # Unset irrelevant variables. + deactivate nondestructive + +-set -gx VIRTUAL_ENV "__VENV_DIR__" ++set -gx VIRTUAL_ENV __VENV_DIR__ + + set -gx _OLD_VIRTUAL_PATH $PATH +-set -gx PATH "$VIRTUAL_ENV/__VENV_BIN_NAME__" $PATH ++set -gx PATH "$VIRTUAL_ENV/"__VENV_BIN_NAME__ $PATH + + # Unset PYTHONHOME if set. + if set -q PYTHONHOME +@@ -56,7 +56,7 @@ if test -z "$VIRTUAL_ENV_DISABLE_PROMPT" + set -l old_status $status + + # Output the venv prompt; color taken from the blue of the Python logo. +- printf "%s%s%s" (set_color 4B8BBE) "__VENV_PROMPT__" (set_color normal) ++ printf "%s%s%s" (set_color 4B8BBE) __VENV_PROMPT__ (set_color normal) + + # Restore the return status of the previous command. + echo "exit $old_status" | . +@@ -65,5 +65,5 @@ if test -z "$VIRTUAL_ENV_DISABLE_PROMPT" + end + + set -gx _OLD_FISH_PROMPT_OVERRIDE "$VIRTUAL_ENV" +- set -gx VIRTUAL_ENV_PROMPT "__VENV_PROMPT__" ++ set -gx VIRTUAL_ENV_PROMPT __VENV_PROMPT__ + end +--- /dev/null ++++ b/Misc/NEWS.d/next/Library/2024-09-28-02-03-04.gh-issue-124651.bLBGtH.rst +@@ -0,0 +1 @@ ++Properly quote template strings in :mod:`venv` activation scripts. diff --git a/CVE-2025-0938-sq-brackets-domain-names.patch b/CVE-2025-0938-sq-brackets-domain-names.patch new file mode 100644 index 0000000..7db4656 --- /dev/null +++ b/CVE-2025-0938-sq-brackets-domain-names.patch @@ -0,0 +1,127 @@ +From d91e2c740890837edafaee24d68112b776cda9c5 Mon Sep 17 00:00:00 2001 +From: Seth Michael Larson +Date: Fri, 31 Jan 2025 11:41:34 -0600 +Subject: [PATCH] gh-105704: Disallow square brackets (`[` and `]`) in domain + names for parsed URLs (GH-129418) + +* gh-105704: Disallow square brackets ( and ) in domain names for parsed URLs + +* Use Sphinx references + +Co-authored-by: Peter Bierma + +* Add mismatched bracket test cases, fix news format + +* Add more test coverage for ports + +--------- + +(cherry picked from commit d89a5f6a6e65511a5f6e0618c4c30a7aa5aba56a) + +Co-authored-by: Seth Michael Larson +Co-authored-by: Peter Bierma +--- + Lib/test/test_urlparse.py | 37 +++++++++- + Lib/urllib/parse.py | 20 ++++- + Misc/NEWS.d/next/Security/2025-01-28-14-08-03.gh-issue-105704.EnhHxu.rst | 4 + + 3 files changed, 58 insertions(+), 3 deletions(-) + create mode 100644 Misc/NEWS.d/next/Security/2025-01-28-14-08-03.gh-issue-105704.EnhHxu.rst + +--- a/Lib/test/test_urlparse.py ++++ b/Lib/test/test_urlparse.py +@@ -1224,16 +1224,51 @@ class UrlParseTestCase(unittest.TestCase + self.assertRaises(ValueError, urllib.parse.urlsplit, 'Scheme://user@[0439:23af::2309::fae7:1234]/Path?Query') + self.assertRaises(ValueError, urllib.parse.urlsplit, 'Scheme://user@[0439:23af:2309::fae7:1234:2342:438e:192.0.2.146]/Path?Query') + self.assertRaises(ValueError, urllib.parse.urlsplit, 'Scheme://user@]v6a.ip[/Path') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[v6a.ip]') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[v6a.ip].suffix') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[v6a.ip]/') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[v6a.ip].suffix/') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[v6a.ip]?') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[v6a.ip].suffix?') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]/') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix/') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]?') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix?') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]:a') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix:a') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]:a1') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix:a1') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]:1a') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix:1a') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]:') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix:/') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]:?') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://user@prefix.[v6a.ip]') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://user@[v6a.ip].suffix') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[v6a.ip') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://v6a.ip]') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://]v6a.ip[') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://]v6a.ip') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://v6a.ip[') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[v6a.ip') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://v6a.ip].suffix') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix]v6a.ip[suffix') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix]v6a.ip') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://v6a.ip[suffix') + + def test_splitting_bracketed_hosts(self): +- p1 = urllib.parse.urlsplit('scheme://user@[v6a.ip]/path?query') ++ p1 = urllib.parse.urlsplit('scheme://user@[v6a.ip]:1234/path?query') + self.assertEqual(p1.hostname, 'v6a.ip') + self.assertEqual(p1.username, 'user') + self.assertEqual(p1.path, '/path') ++ self.assertEqual(p1.port, 1234) + p2 = urllib.parse.urlsplit('scheme://user@[0439:23af:2309::fae7%test]/path?query') + self.assertEqual(p2.hostname, '0439:23af:2309::fae7%test') + self.assertEqual(p2.username, 'user') + self.assertEqual(p2.path, '/path') ++ self.assertIs(p2.port, None) + p3 = urllib.parse.urlsplit('scheme://user@[0439:23af:2309::fae7:1234:192.0.2.146%test]/path?query') + self.assertEqual(p3.hostname, '0439:23af:2309::fae7:1234:192.0.2.146%test') + self.assertEqual(p3.username, 'user') +--- a/Lib/urllib/parse.py ++++ b/Lib/urllib/parse.py +@@ -436,6 +436,23 @@ def _checknetloc(netloc): + raise ValueError("netloc '" + netloc + "' contains invalid " + + "characters under NFKC normalization") + ++def _check_bracketed_netloc(netloc): ++ # Note that this function must mirror the splitting ++ # done in NetlocResultMixins._hostinfo(). ++ hostname_and_port = netloc.rpartition('@')[2] ++ before_bracket, have_open_br, bracketed = hostname_and_port.partition('[') ++ if have_open_br: ++ # No data is allowed before a bracket. ++ if before_bracket: ++ raise ValueError("Invalid IPv6 URL") ++ hostname, _, port = bracketed.partition(']') ++ # No data is allowed after the bracket but before the port delimiter. ++ if port and not port.startswith(":"): ++ raise ValueError("Invalid IPv6 URL") ++ else: ++ hostname, _, port = hostname_and_port.partition(':') ++ _check_bracketed_host(hostname) ++ + # Valid bracketed hosts are defined in + # https://www.rfc-editor.org/rfc/rfc3986#page-49 and https://url.spec.whatwg.org/ + def _check_bracketed_host(hostname): +@@ -496,8 +513,7 @@ def urlsplit(url, scheme='', allow_fragm + (']' in netloc and '[' not in netloc)): + raise ValueError("Invalid IPv6 URL") + if '[' in netloc and ']' in netloc: +- bracketed_host = netloc.partition('[')[2].partition(']')[0] +- _check_bracketed_host(bracketed_host) ++ _check_bracketed_netloc(netloc) + if allow_fragments and '#' in url: + url, fragment = url.split('#', 1) + if '?' in url: +--- /dev/null ++++ b/Misc/NEWS.d/next/Security/2025-01-28-14-08-03.gh-issue-105704.EnhHxu.rst +@@ -0,0 +1,4 @@ ++When using :func:`urllib.parse.urlsplit` and :func:`urllib.parse.urlparse` host ++parsing would not reject domain names containing square brackets (``[`` and ++``]``). Square brackets are only valid for IPv6 and IPvFuture hosts according to ++`RFC 3986 Section 3.2.2 `__. diff --git a/F00251-change-user-install-location.patch b/F00251-change-user-install-location.patch new file mode 100644 index 0000000..fa38a94 --- /dev/null +++ b/F00251-change-user-install-location.patch @@ -0,0 +1,215 @@ +From 910f38d9768d39d4d31426743ae4081ed1ab66b6 Mon Sep 17 00:00:00 2001 +From: Michal Cyprian +Date: Mon, 26 Jun 2017 16:32:56 +0200 +Subject: [PATCH] 00251: Change user install location + +Set values of prefix and exec_prefix in distutils install command +to /usr/local if executable is /usr/bin/python* and RPM build +is not detected to make pip and distutils install into separate location. + +Fedora Change: https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe +--- + Lib/distutils/command/install.py | 15 +++++++++++++-- + Lib/site.py | 9 ++++++++- + 2 files changed, 21 insertions(+), 3 deletions(-) + +Index: Python-3.11.8/Lib/distutils/command/install.py +=================================================================== +--- Python-3.11.8.orig/Lib/distutils/command/install.py ++++ Python-3.11.8/Lib/distutils/command/install.py +@@ -441,8 +441,19 @@ class install(Command): + raise DistutilsOptionError( + "must not supply exec-prefix without prefix") + +- self.prefix = os.path.normpath(sys.prefix) +- self.exec_prefix = os.path.normpath(sys.exec_prefix) ++ # self.prefix is set to sys.prefix + /local/ ++ # if neither RPM build nor virtual environment is ++ # detected to make pip and distutils install packages ++ # into the separate location. ++ if (not (hasattr(sys, 'real_prefix') or ++ sys.prefix != sys.base_prefix) and ++ 'RPM_BUILD_ROOT' not in os.environ): ++ addition = "/local" ++ else: ++ addition = "" ++ ++ self.prefix = os.path.normpath(sys.prefix) + addition ++ self.exec_prefix = os.path.normpath(sys.exec_prefix) + addition + + else: + if self.exec_prefix is None: +Index: Python-3.11.8/Lib/site.py +=================================================================== +--- Python-3.11.8.orig/Lib/site.py ++++ Python-3.11.8/Lib/site.py +@@ -387,8 +387,15 @@ def getsitepackages(prefixes=None): + return sitepackages + + def addsitepackages(known_paths, prefixes=None): +- """Add site-packages to sys.path""" ++ """Add site-packages to sys.path ++ ++ '/usr/local' is included in PREFIXES if RPM build is not detected ++ to make packages installed into this location visible. ++ ++ """ + _trace("Processing global site-packages") ++ if ENABLE_USER_SITE and 'RPM_BUILD_ROOT' not in os.environ: ++ PREFIXES.insert(0, "/usr/local") + for sitedir in getsitepackages(prefixes): + if os.path.isdir(sitedir): + addsitedir(sitedir, known_paths) + +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= +Date: Mon, 15 Feb 2021 12:19:27 +0100 +Subject: [PATCH] 00251: Change user install location +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Set values of base and platbase in sysconfig from /usr +to /usr/local when RPM build is not detected +to make pip and similar tools install into separate location. + +Fedora Change: https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe +Downstream only. + +We've tried to rework in Fedora 36/Python 3.10 to follow https://bugs.python.org/issue43976 +but we have identified serious problems with that approach, +see https://bugzilla.redhat.com/2026979 or https://bugzilla.redhat.com/2097183 + +pypa/distutils integration: https://github.com/pypa/distutils/pull/70 + +Co-authored-by: Petr Viktorin +Co-authored-by: Miro Hrončok +Co-authored-by: Michal Cyprian +Co-authored-by: Lumír Balhar +--- + Lib/site.py | 9 ++++++- + Lib/sysconfig.py | 49 +++++++++++++++++++++++++++++++++++++- + Lib/test/test_sysconfig.py | 17 +++++++++++-- + 3 files changed, 71 insertions(+), 4 deletions(-) + +Index: Python-3.11.9/Lib/sysconfig.py +=================================================================== +--- Python-3.11.9.orig/Lib/sysconfig.py ++++ Python-3.11.9/Lib/sysconfig.py +@@ -103,6 +103,11 @@ if os.name == 'nt': + else: + _INSTALL_SCHEMES['venv'] = _INSTALL_SCHEMES['posix_venv'] + ++# For a brief period of time in the Fedora 36 life cycle, ++# this installation scheme existed and was documented in the release notes. ++# For backwards compatibility, we keep it here (at least on 3.10 and 3.11). ++_INSTALL_SCHEMES['rpm_prefix'] = _INSTALL_SCHEMES['posix_prefix'] ++ + + # NOTE: site.py has copy of this function. + # Sync it when modify this function. +@@ -162,6 +167,19 @@ if _HAS_USER_BASE: + }, + } + ++# This is used by distutils.command.install in the stdlib ++# as well as pypa/distutils (e.g. bundled in setuptools). ++# The self.prefix value is set to sys.prefix + /local/ ++# if neither RPM build nor virtual environment is ++# detected to make distutils install packages ++# into the separate location. ++# https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe ++if (not (hasattr(sys, 'real_prefix') or ++ sys.prefix != sys.base_prefix) and ++ 'RPM_BUILD_ROOT' not in os.environ): ++ _prefix_addition = '/local' ++ ++ + _SCHEME_KEYS = ('stdlib', 'platstdlib', 'purelib', 'platlib', 'include', + 'scripts', 'data') + +@@ -258,11 +276,40 @@ def _extend_dict(target_dict, other_dict + target_dict[key] = value + + ++_CONFIG_VARS_LOCAL = None ++ ++ ++def _config_vars_local(): ++ # This function returns the config vars with prefixes amended to /usr/local ++ # https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe ++ global _CONFIG_VARS_LOCAL ++ if _CONFIG_VARS_LOCAL is None: ++ _CONFIG_VARS_LOCAL = dict(get_config_vars()) ++ _CONFIG_VARS_LOCAL['base'] = '/usr/local' ++ _CONFIG_VARS_LOCAL['platbase'] = '/usr/local' ++ return _CONFIG_VARS_LOCAL ++ ++ + def _expand_vars(scheme, vars): + res = {} + if vars is None: + vars = {} +- _extend_dict(vars, get_config_vars()) ++ ++ # when we are not in a virtual environment or an RPM build ++ # we change '/usr' to '/usr/local' ++ # to avoid surprises, we explicitly check for the /usr/ prefix ++ # Python virtual environments have different prefixes ++ # we only do this for posix_prefix, not to mangle the venv scheme ++ # posix_prefix is used by sudo pip install ++ # we only change the defaults here, so explicit --prefix will take precedence ++ # https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe ++ if (scheme == 'posix_prefix' and ++ _PREFIX == '/usr' and ++ 'RPM_BUILD_ROOT' not in os.environ): ++ _extend_dict(vars, _config_vars_local()) ++ else: ++ _extend_dict(vars, get_config_vars()) ++ + if os.name == 'nt': + # On Windows we want to substitute 'lib' for schemes rather + # than the native value (without modifying vars, in case it +Index: Python-3.11.9/Lib/test/test_sysconfig.py +=================================================================== +--- Python-3.11.9.orig/Lib/test/test_sysconfig.py ++++ Python-3.11.9/Lib/test/test_sysconfig.py +@@ -111,8 +111,19 @@ class TestSysConfig(unittest.TestCase): + for scheme in _INSTALL_SCHEMES: + for name in _INSTALL_SCHEMES[scheme]: + expected = _INSTALL_SCHEMES[scheme][name].format(**config_vars) ++ tested = get_path(name, scheme) ++ # https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe ++ if tested.startswith('/usr/local'): ++ # /usr/local should only be used in posix_prefix ++ self.assertEqual(scheme, 'posix_prefix') ++ # Fedora CI runs tests for venv and virtualenv that check for other prefixes ++ self.assertEqual(sys.prefix, '/usr') ++ # When building the RPM of Python, %check runs this with RPM_BUILD_ROOT set ++ # Fedora CI runs this with RPM_BUILD_ROOT unset ++ self.assertNotIn('RPM_BUILD_ROOT', os.environ) ++ tested = tested.replace('/usr/local', '/usr') + self.assertEqual( +- os.path.normpath(get_path(name, scheme)), ++ os.path.normpath(tested), + os.path.normpath(expected), + ) + +@@ -345,7 +356,7 @@ class TestSysConfig(unittest.TestCase): + self.assertTrue(os.path.isfile(config_h), config_h) + + def test_get_scheme_names(self): +- wanted = ['nt', 'posix_home', 'posix_prefix', 'posix_venv', 'nt_venv', 'venv'] ++ wanted = ['nt', 'posix_home', 'posix_prefix', 'posix_venv', 'nt_venv', 'venv', 'rpm_prefix'] + if HAS_USER_BASE: + wanted.extend(['nt_user', 'osx_framework_user', 'posix_user']) + self.assertEqual(get_scheme_names(), tuple(sorted(wanted))) +@@ -357,6 +368,8 @@ class TestSysConfig(unittest.TestCase): + cmd = "-c", "import sysconfig; print(sysconfig.get_platform())" + self.assertEqual(py.call_real(*cmd), py.call_link(*cmd)) + ++ @unittest.skipIf('RPM_BUILD_ROOT' not in os.environ, ++ "Test doesn't expect Fedora's paths") + def test_user_similar(self): + # Issue #8759: make sure the posix scheme for the users + # is similar to the global posix_prefix one diff --git a/PACKAGING-NOTES b/PACKAGING-NOTES new file mode 100644 index 0000000..e28c88c --- /dev/null +++ b/PACKAGING-NOTES @@ -0,0 +1,26 @@ +Notes for packagers of Python3 +============================== + +0. Faster build turnaround +-------------------------- + +By default, python builds with profile-guided optimization. This needs +an additional run of the test suite and it is generally slow. +PGO build takes around 50 minutes. + +For development, use "--without profileopt" option to disable PGO. This +shortens the build time to ~5 minutes including test suite. + +1. import_failed.map +---------------------- + +This is a mechanism installed as part of python3-base, that places shim modules +on python's path (through a generated zzzz-import-failed-hooks.pth file, so that +it is imported as much at the end as makes sense; and an _import_failed subdir +of /usr/lib/pythonX.Y). Then when the user tries to import a module that is part +of a subpackage, the ImportError will contain a helpful message telling them +which missing subpackage to install. + +This can sometimes cause problems on non-standard configurations, if the pth +gets included too early (for instance if you are using a script to include all +pths by hand in some strange order). Just something to look out for. diff --git a/Python-3.11.10.tar.xz b/Python-3.11.10.tar.xz new file mode 100644 index 0000000..f87e7ad --- /dev/null +++ b/Python-3.11.10.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:07a4356e912900e61a15cb0949a06c4a05012e213ecd6b4e84d0f67aabbee372 +size 20067656 diff --git a/Python-3.11.10.tar.xz.asc b/Python-3.11.10.tar.xz.asc new file mode 100644 index 0000000..243d1b1 --- /dev/null +++ b/Python-3.11.10.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEz9yiRbEEPPKl+Xhl/+h0BBaL2EcFAmbbrO0ACgkQ/+h0BBaL +2Ec+YBAAnQJLKYPjj7Yr7xkFU655Sv86JxeRAdWjnIapbiIuWg3Up8Pd8FTRgHGf +3XdTHw7b03lSjtzJwavzdnDklqAlBIGn9dVieljUIN7NYyNxoYOr/AiatimgSwv7 +dI5mfun5fLKV6ZcdNdQN5PJ3RZtF3I7VfkN2mlfZJHtxl1agdU/TfW2L+qJ7+JPY +cayjq2xKTLRNXOf2iV29GRRovLiqA+Dx0+cAwsScwreHMp3U4k3GkeHVoR6fldV4 +bVAM8GRl3CYVFePiqAbamKP1BSys44JOINWbWyd94JxzEAwXWz//Es0h73AzeRfK +ueORqzdoOGrVc74+HGlAHhqO1Gg7jMMmtkzCEuav+cGHYnMRMOngGR3q47aTJTVb +5UdP0oD4OlADPFVa6q0LCqN/IFlebWMh9pXYw7Wpek63oNuZHTfNPq4S1AUM2HJm +C3yzaOG9VAdYfLneJC4ldY4CVt1FKckfaXp5OAaMr71DI74e4CcEswlUupZJLZKV +TJRjQD15bnXGhHDqU4w3RmzpCWMh2mf4m4VMYQyObl3TtlX+gVvzIhDS5+mXqutB +F1pdXwaHHkTb2PLLxpwOGrnsp8XoW74tsylcYirQg8jSFMbgxfwgIjEIuRGXeDkT +B4QzmQ4SxsbLiH7etV6Fznl1h569Z4DO9OOs4i0ZzIjdhPDQtAs= +=TatG +-----END PGP SIGNATURE----- diff --git a/Python-3.11.11.tar.xz b/Python-3.11.11.tar.xz new file mode 100644 index 0000000..e0581b1 --- /dev/null +++ b/Python-3.11.11.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:2a9920c7a0cd236de33644ed980a13cbbc21058bfdc528febb6081575ed73be3 +size 20085792 diff --git a/Python-3.11.11.tar.xz.sigstore b/Python-3.11.11.tar.xz.sigstore new file mode 100644 index 0000000..782816a --- /dev/null +++ b/Python-3.11.11.tar.xz.sigstore @@ -0,0 +1 @@ +{"mediaType": "application/vnd.dev.sigstore.bundle.v0.3+json", "verificationMaterial": {"certificate": {"rawBytes": "MIICzDCCAlOgAwIBAgIUWcRolJPsPmtJKA6VkjHSj7PtjY8wCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjQxMjAzMTgxOTA1WhcNMjQxMjAzMTgyOTA1WjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEN+fBJCRZIAZiWPBdjyQVD+x5vgmjuuVct1HkPHIBMuEe7wI4mBG2BhJ3fHkpr97efIH6ELMmPV99edyAIZFXR6OCAXIwggFuMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUkutZdHfCCSvGI87mjnBRwZB8ihYwHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4YZD8wIgYDVR0RAQH/BBgwFoEUcGFibG9nc2FsQHB5dGhvbi5vcmcwKQYKKwYBBAGDvzABAQQbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMCsGCisGAQQBg78wAQgEHQwbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMIGKBgorBgEEAdZ5AgQCBHwEegB4AHYA3T0wasbHETJjGR4cmWc3AqJKXrjePK3/h4pygC8p7o4AAAGTjb9QlwAABAMARzBFAiEA4ddSINhYM+p0+DGzRqnA8rVtJF9YgI+9znXiq9fqQNkCIEErcSnQmN8jjErhwWWtcTM5GgH4ka/uk5kdHTycwxj3MAoGCCqGSM49BAMDA2cAMGQCMFmkCEH2pCBpFeFiUi2uA4opcJP6vh/zqb+D0tbxqd+jwbBkuDxDqA9/Ao3UWop+twIwO9o71KAlYWPSPYMeZERM4R8zWlp9mVJPiK3tgOJJi40MNmxwtfsQeQtncqiQLBAH"}, "tlogEntries": [{"logIndex": "153122039", "logId": {"keyId": "wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="}, "kindVersion": {"kind": "hashedrekord", "version": "0.0.1"}, "integratedTime": "1733249946", "inclusionPromise": {"signedEntryTimestamp": "MEUCIBL9zpVJtljIuZtAe8uptLfDmakmbAjy5ELp2q8WJTQ7AiEAv6lIpyJZycHwTS+JHYJFzMVv0SmA8yQ0eMneBivMhPY="}, "inclusionProof": {"logIndex": "31217777", "rootHash": "BMKHBPePzSbNqf2NyF/Ejuyy3troRGpNS41Dqe43nZ0=", "treeSize": "31217778", "hashes": ["lrr8dxmtgD09fnZTo1tMTY00HNKc2ZIpbZa1djDeTes=", "yFxGSg1RDbtZ/eNftnMdBJGNEZmmLyx2ZRDFtAIMHAk=", "GeqsQGnvgc+gcuaIC+vQ5b0RdTyBxBnYTpbeW2AeD+Q=", "dMTPeN/a9xCQQP+Hz7sddW0pPj8n54sfkhcf3XhjrMM=", "XjayhjKU3shP7q7lhmhKDv3Vpi4gJgAPCu0KlEzc9Qo=", "go1dmexQYS5etu69upRRX7IFvuA0rIcT9aYjMstmPIU=", "AYwr74Bm2w383UnS7DdbZUUAhusq28JoxKpWrQ7OvGQ=", "u+yWmGIR6sAH32wiSy22mz1Yf+jfPdBTjFbyRISuTZw=", "3eFC7Gp4fWecybDOAw9uUTrM1xB7YRYRAGsfYkiQbV8=", "1uKk2qjOliHMiTk906jrchP8mXWsRG8apaU1sa0lfh0=", "oOecFfN3YqDOkbijS/ej1WF5Da/Gt/AZNhbwE9uoOE8=", "4lUF0YOu9XkIDXKXA0wMSzd6VeDY3TZAgmoOeWmS2+Y=", "gf+9m552B3PnkWnO0o4KdVvjcT3WVHLrCbf1DoVYKFw="], "checkpoint": {"envelope": "rekor.sigstore.dev - 1193050959916656506\n31217778\nBMKHBPePzSbNqf2NyF/Ejuyy3troRGpNS41Dqe43nZ0=\n\n\u2014 rekor.sigstore.dev wNI9ajBEAiA7ed0HqugBwVpmxDAR1VN35J91/+DeRdj09y5lFY+bRwIgYe07JnZlJvp3MfAMXX3i4XBsZoDRZoXtwfBaRj/8x8s=\n"}}, "canonicalizedBody": "eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiaGFzaGVkcmVrb3JkIiwic3BlYyI6eyJkYXRhIjp7Imhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiIyYTk5MjBjN2EwY2QyMzZkZTMzNjQ0ZWQ5ODBhMTNjYmJjMjEwNThiZmRjNTI4ZmViYjYwODE1NzVlZDczYmUzIn19LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FVUNJRU5KSGllaWs5WkVibW83a0p4ZUhWY2FvVDVYOUxyWG1zRTVxc1I5R1JpSEFpRUFtcHZyV21vUHF5YzRpQ09VYXVmY3dKTllMK1lPTWU0b0NOaWRLVGduT1FBPSIsInB1YmxpY0tleSI6eyJjb250ZW50IjoiTFMwdExTMUNSVWRKVGlCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2sxSlNVTjZSRU5EUVd4UFowRjNTVUpCWjBsVlYyTlNiMnhLVUhOUWJYUktTMEUyVm10cVNGTnFOMUIwYWxrNGQwTm5XVWxMYjFwSmVtb3dSVUYzVFhjS1RucEZWazFDVFVkQk1WVkZRMmhOVFdNeWJHNWpNMUoyWTIxVmRWcEhWakpOVWpSM1NFRlpSRlpSVVVSRmVGWjZZVmRrZW1SSE9YbGFVekZ3WW01U2JBcGpiVEZzV2tkc2FHUkhWWGRJYUdOT1RXcFJlRTFxUVhwTlZHZDRUMVJCTVZkb1kwNU5hbEY0VFdwQmVrMVVaM2xQVkVFeFYycEJRVTFHYTNkRmQxbElDa3R2V2tsNmFqQkRRVkZaU1V0dldrbDZhakJFUVZGalJGRm5RVVZPSzJaQ1NrTlNXa2xCV21sWFVFSmthbmxSVmtRcmVEVjJaMjFxZFhWV1kzUXhTR3NLVUVoSlFrMTFSV1UzZDBrMGJVSkhNa0pvU2pObVNHdHdjamszWldaSlNEWkZURTF0VUZZNU9XVmtlVUZKV2taWVVqWlBRMEZZU1hkblowWjFUVUUwUndwQk1WVmtSSGRGUWk5M1VVVkJkMGxJWjBSQlZFSm5UbFpJVTFWRlJFUkJTMEpuWjNKQ1owVkdRbEZqUkVGNlFXUkNaMDVXU0ZFMFJVWm5VVlZyZFhSYUNtUklaa05EVTNaSFNUZzNiV3B1UWxKM1drSTRhV2haZDBoM1dVUldVakJxUWtKbmQwWnZRVlV6T1ZCd2VqRlphMFZhWWpWeFRtcHdTMFpYYVhocE5Ga0tXa1E0ZDBsbldVUldVakJTUVZGSUwwSkNaM2RHYjBWVlkwZEdhV0pIT1c1ak1rWnpVVWhDTldSSGFIWmlhVFYyWTIxamQwdFJXVXRMZDFsQ1FrRkhSQXAyZWtGQ1FWRlJZbUZJVWpCalNFMDJUSGs1YUZreVRuWmtWelV3WTNrMWJtSXlPVzVpUjFWMVdUSTVkRTFEYzBkRGFYTkhRVkZSUW1jM09IZEJVV2RGQ2toUmQySmhTRkl3WTBoTk5reDVPV2haTWs1MlpGYzFNR041Tlc1aU1qbHVZa2RWZFZreU9YUk5TVWRMUW1kdmNrSm5SVVZCWkZvMVFXZFJRMEpJZDBVS1pXZENORUZJV1VFelZEQjNZWE5pU0VWVVNtcEhValJqYlZkak0wRnhTa3RZY21wbFVFc3pMMmcwY0hsblF6aHdOMjgwUVVGQlIxUnFZamxSYkhkQlFRcENRVTFCVW5wQ1JrRnBSVUUwWkdSVFNVNW9XVTByY0RBclJFZDZVbkZ1UVRoeVZuUktSamxaWjBrck9YcHVXR2x4T1daeFVVNXJRMGxGUlhKalUyNVJDbTFPT0dwcVJYSm9kMWRYZEdOVVRUVkhaMGcwYTJFdmRXczFhMlJJVkhsamQzaHFNMDFCYjBkRFEzRkhVMDAwT1VKQlRVUkJNbU5CVFVkUlEwMUdiV3NLUTBWSU1uQkRRbkJHWlVacFZXa3lkVUUwYjNCalNsQTJkbWd2ZW5GaUswUXdkR0o0Y1dRcmFuZGlRbXQxUkhoRWNVRTVMMEZ2TTFWWGIzQXJkSGRKZHdwUE9XODNNVXRCYkZsWFVGTlFXVTFsV2tWU1RUUlNPSHBYYkhBNWJWWktVR2xMTTNSblQwcEthVFF3VFU1dGVIZDBabk5SWlZGMGJtTnhhVkZNUWtGSUNpMHRMUzB0UlU1RUlFTkZVbFJKUmtsRFFWUkZMUzB0TFMwSyJ9fX19"}]}, "messageSignature": {"messageDigest": {"algorithm": "SHA2_256", "digest": "Kpkgx6DNI23jNkTtmAoTy7whBYv9xSj+u2CBV17XO+M="}, "signature": "MEUCIENJHieik9ZEbmo7kJxeHVcaoT5X9LrXmsE5qsR9GRiHAiEAmpvrWmoPqyc4iCOUaufcwJNYL+YOMe4oCNidKTgnOQA="}} diff --git a/README.SUSE b/README.SUSE new file mode 100644 index 0000000..0053bcf --- /dev/null +++ b/README.SUSE @@ -0,0 +1,43 @@ +Python 3 in SUSE +============== + +* Subpackages * + +Python 3 is split into several subpackages, based on external dependencies. +The main package 'python3' has soft dependencies on all subpackages needed to +assemble the standard library; however, these might not all be installed by default. + +If you attempt to import a module that is currently not installed, an ImportError is thrown, +with instructions to install the missing subpackage. Installing the subpackage might result +in installing libraries that the subpackage requires to function. + + +* ensurepip * + +The 'ensurepip' module from Python 3 standard library (PEP 453) is supposed to deploy +a bundled copy of the pip installer. This makes no sense in a managed distribution like SUSE. +Instead, you need to install package 'python3-pip'. Usually this will be installed automatically +with 'python3'. + +Using 'ensurepip' when pip is not installed will result in an ImportError with instructions +to install 'python3-pip'. + + +* Documentation * + +You can find documentation in seprarate packages: python3-doc and +python3-doc-pdf. These contan following documents: + + Tutorial, What's New in Python, Global Module Index, Library Reference, + Macintosh Module Reference, Installing Python Modules, Distributing Python + Modules, Language Reference, Extending and Embedding, Python/C API, + Documenting Python + +The python3-doc package constains many text files from source tarball. + + +* Interactive mode * + +Interactive mode is by default enhanced with of history and command completion. +If you don't like these features, you can unset the PYTHONSTARTUP variable +in your .profile or disable it system wide in /etc/profile.d/python.sh. diff --git a/_multibuild b/_multibuild new file mode 100644 index 0000000..1d50bc4 --- /dev/null +++ b/_multibuild @@ -0,0 +1,4 @@ + + base + doc + diff --git a/add-loongarch64-support.patch b/add-loongarch64-support.patch new file mode 100644 index 0000000..f0c8035 --- /dev/null +++ b/add-loongarch64-support.patch @@ -0,0 +1,25 @@ +Description: Add platform triplets for LoongArch. + +--- a/configure.ac ++++ b/configure.ac +@@ -976,6 +976,20 @@ cat > conftest.c <=6) && defined(_MIPSEL) diff --git a/baselibs.conf b/baselibs.conf new file mode 100644 index 0000000..1793de8 --- /dev/null +++ b/baselibs.conf @@ -0,0 +1,3 @@ +python311-base +python311 +libpython3_11-1_0 diff --git a/bluez-devel-vendor.tar.xz b/bluez-devel-vendor.tar.xz new file mode 100644 index 0000000..57fb3e5 --- /dev/null +++ b/bluez-devel-vendor.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:868fbfba2ddaed62f2c45cf869fe2c648527ac3bac738f4f41f3c2872f5b0211 +size 25040 diff --git a/bpo-31046_ensurepip_honours_prefix.patch b/bpo-31046_ensurepip_honours_prefix.patch new file mode 100644 index 0000000..86882ae --- /dev/null +++ b/bpo-31046_ensurepip_honours_prefix.patch @@ -0,0 +1,173 @@ +From 5754521af1d51aa8e445cba07a093bbc0c88596d Mon Sep 17 00:00:00 2001 +From: Zackery Spytz +Date: Mon, 16 Dec 2019 18:24:08 -0700 +Subject: [PATCH] bpo-31046: ensurepip does not honour the value of $(prefix) + +Co-Authored-By: Xavier de Gaye +--- + Doc/library/ensurepip.rst | 9 +++-- + Lib/ensurepip/__init__.py | 18 +++++++--- + Lib/test/test_ensurepip.py | 11 ++++++ + Makefile.pre.in | 4 +- + Misc/NEWS.d/next/Build/2019-12-16-17-50-42.bpo-31046.XA-Qfr.rst | 1 + 5 files changed, 34 insertions(+), 9 deletions(-) + create mode 100644 Misc/NEWS.d/next/Build/2019-12-16-17-50-42.bpo-31046.XA-Qfr.rst + +Index: Python-3.11.8/Doc/library/ensurepip.rst +=================================================================== +--- Python-3.11.8.orig/Doc/library/ensurepip.rst ++++ Python-3.11.8/Doc/library/ensurepip.rst +@@ -59,7 +59,9 @@ is at least as recent as the one availab + By default, ``pip`` is installed into the current virtual environment + (if one is active) or into the system site packages (if there is no + active virtual environment). The installation location can be controlled +-through two additional command line options: ++through some additional command line options: ++ ++* ``--prefix ``: Installs ``pip`` using the given directory prefix. + + * :samp:`--root {dir}`: Installs ``pip`` relative to the given root directory + rather than the root of the currently active virtual environment (if any) +@@ -92,7 +94,7 @@ Module API + Returns a string specifying the available version of pip that will be + installed when bootstrapping an environment. + +-.. function:: bootstrap(root=None, upgrade=False, user=False, \ ++.. function:: bootstrap(root=None, prefix=None, upgrade=False, user=False, \ + altinstall=False, default_pip=False, \ + verbosity=0) + +@@ -102,6 +104,8 @@ Module API + If *root* is ``None``, then installation uses the default install location + for the current environment. + ++ *prefix* specifies the directory prefix to use when installing. ++ + *upgrade* indicates whether or not to upgrade an existing installation + of an earlier version of ``pip`` to the available version. + +@@ -122,6 +126,8 @@ Module API + *verbosity* controls the level of output to :data:`sys.stdout` from the + bootstrapping operation. + ++ .. versionchanged:: 3.9 the *prefix* parameter was added. ++ + .. audit-event:: ensurepip.bootstrap root ensurepip.bootstrap + + .. note:: +Index: Python-3.11.8/Lib/ensurepip/__init__.py +=================================================================== +--- Python-3.11.8.orig/Lib/ensurepip/__init__.py ++++ Python-3.11.8/Lib/ensurepip/__init__.py +@@ -122,27 +122,27 @@ def _disable_pip_configuration_settings( + os.environ['PIP_CONFIG_FILE'] = os.devnull + + +-def bootstrap(*, root=None, upgrade=False, user=False, ++def bootstrap(*, root=None, prefix=None, upgrade=False, user=False, + altinstall=False, default_pip=False, + verbosity=0): + """ + Bootstrap pip into the current Python installation (or the given root +- directory). ++ and directory prefix). + + Note that calling this function will alter both sys.path and os.environ. + """ + # Discard the return value +- _bootstrap(root=root, upgrade=upgrade, user=user, ++ _bootstrap(root=root, prefix=prefix, upgrade=upgrade, user=user, + altinstall=altinstall, default_pip=default_pip, + verbosity=verbosity) + + +-def _bootstrap(*, root=None, upgrade=False, user=False, ++def _bootstrap(*, root=None, prefix=None, upgrade=False, user=False, + altinstall=False, default_pip=False, + verbosity=0): + """ + Bootstrap pip into the current Python installation (or the given root +- directory). Returns pip command status code. ++ and directory prefix). Returns pip command status code. + + Note that calling this function will alter both sys.path and os.environ. + """ +@@ -192,6 +192,8 @@ def _bootstrap(*, root=None, upgrade=Fal + args = ["install", "--no-cache-dir", "--no-index", "--find-links", tmpdir] + if root: + args += ["--root", root] ++ if prefix: ++ args += ["--prefix", prefix] + if upgrade: + args += ["--upgrade"] + if user: +@@ -267,6 +269,11 @@ def _main(argv=None): + help="Install everything relative to this alternate root directory.", + ) + parser.add_argument( ++ "--prefix", ++ default=None, ++ help="Install everything using this prefix.", ++ ) ++ parser.add_argument( + "--altinstall", + action="store_true", + default=False, +@@ -285,6 +292,7 @@ def _main(argv=None): + + return _bootstrap( + root=args.root, ++ prefix=args.prefix, + upgrade=args.upgrade, + user=args.user, + verbosity=args.verbosity, +Index: Python-3.11.8/Lib/test/test_ensurepip.py +=================================================================== +--- Python-3.11.8.orig/Lib/test/test_ensurepip.py ++++ Python-3.11.8/Lib/test/test_ensurepip.py +@@ -112,6 +112,17 @@ class TestBootstrap(EnsurepipMixin, unit + unittest.mock.ANY, + ) + ++ def test_bootstrapping_with_prefix(self): ++ ensurepip.bootstrap(prefix="/foo/bar/") ++ self.run_pip.assert_called_once_with( ++ [ ++ "install", "--no-cache-dir", "--no-index", "--find-links", ++ unittest.mock.ANY, "--prefix", "/foo/bar/", ++ "setuptools", "pip", ++ ], ++ unittest.mock.ANY, ++ ) ++ + def test_bootstrapping_with_user(self): + ensurepip.bootstrap(user=True) + +Index: Python-3.11.8/Makefile.pre.in +=================================================================== +--- Python-3.11.8.orig/Makefile.pre.in ++++ Python-3.11.8/Makefile.pre.in +@@ -1761,7 +1761,7 @@ install: @FRAMEWORKINSTALLFIRST@ commoni + install|*) ensurepip="" ;; \ + esac; \ + $(RUNSHARED) $(PYTHON_FOR_BUILD) -m ensurepip \ +- $$ensurepip --root=$(DESTDIR)/ ; \ ++ $$ensurepip --root=$(DESTDIR)/ --prefix=$(prefix) ; \ + fi + + altinstall: commoninstall +@@ -1771,7 +1771,7 @@ altinstall: commoninstall + install|*) ensurepip="--altinstall" ;; \ + esac; \ + $(RUNSHARED) $(PYTHON_FOR_BUILD) -m ensurepip \ +- $$ensurepip --root=$(DESTDIR)/ ; \ ++ $$ensurepip --root=$(DESTDIR)/ --prefix=$(prefix) ; \ + fi + + commoninstall: check-clean-src @FRAMEWORKALTINSTALLFIRST@ \ +Index: Python-3.11.8/Misc/NEWS.d/next/Build/2019-12-16-17-50-42.bpo-31046.XA-Qfr.rst +=================================================================== +--- /dev/null ++++ Python-3.11.8/Misc/NEWS.d/next/Build/2019-12-16-17-50-42.bpo-31046.XA-Qfr.rst +@@ -0,0 +1 @@ ++A directory prefix can now be specified when using :mod:`ensurepip`. diff --git a/bsc1221260-test_asyncio-ResourceWarning.patch b/bsc1221260-test_asyncio-ResourceWarning.patch new file mode 100644 index 0000000..15d6b8d --- /dev/null +++ b/bsc1221260-test_asyncio-ResourceWarning.patch @@ -0,0 +1,21 @@ +From a3052035485bd2836e40f5284657ca105382cbfd Mon Sep 17 00:00:00 2001 +From: sobolevn +Date: Tue, 5 Mar 2024 20:24:16 +0300 +Subject: [PATCH] gh-116112: Fix `ResourceWarning` in + `test_asyncio.test_stream` + +Co-authored-by: @CendioOssman +--- + Lib/test/test_asyncio/test_streams.py | 1 + + 1 file changed, 1 insertion(+) + +--- a/Lib/test/test_asyncio/test_streams.py ++++ b/Lib/test/test_asyncio/test_streams.py +@@ -1156,6 +1156,7 @@ os.close(fd) + + def test_unhandled_cancel(self): + async def handle_echo(reader, writer): ++ writer.close() + asyncio.current_task().cancel() + messages = self._basetest_unhandled_exceptions(handle_echo) + self.assertEqual(messages, []) diff --git a/bso1227999-reproducible-builds.patch b/bso1227999-reproducible-builds.patch new file mode 100644 index 0000000..fb33d18 --- /dev/null +++ b/bso1227999-reproducible-builds.patch @@ -0,0 +1,37 @@ +From ac2b8869724d7a57d9b5efbdce2f20423214e8bb Mon Sep 17 00:00:00 2001 +From: "Bernhard M. Wiedemann" +Date: Tue, 16 Jul 2024 21:39:33 +0200 +Subject: [PATCH] Allow to override build date with SOURCE_DATE_EPOCH + +to make builds reproducible. +See https://reproducible-builds.org/ for why this is good +and https://reproducible-builds.org/specs/source-date-epoch/ +for the definition of this variable. +--- + Doc/conf.py | 3 ++- + Doc/library/functions.rst | 2 +- + 2 files changed, 3 insertions(+), 2 deletions(-) + +--- a/Doc/conf.py ++++ b/Doc/conf.py +@@ -316,7 +316,8 @@ html_context = { + } + + # This 'Last updated on:' timestamp is inserted at the bottom of every page. +-html_last_updated_fmt = time.strftime('%b %d, %Y (%H:%M UTC)', time.gmtime()) ++html_time = int(os.environ.get('SOURCE_DATE_EPOCH', time.time())) ++html_last_updated_fmt = time.strftime('%b %d, %Y (%H:%M UTC)', time.gmtime(html_time)) + + # Path to find HTML templates. + templates_path = ['tools/templates'] +--- a/Doc/library/functions.rst ++++ b/Doc/library/functions.rst +@@ -1356,7 +1356,7 @@ are always available. They are listed h + (where :func:`open` is declared), :mod:`os`, :mod:`os.path`, :mod:`tempfile`, + and :mod:`shutil`. + +- .. audit-event:: open file,mode,flags open ++ .. audit-event:: open path,mode,flags open + + The ``mode`` and ``flags`` arguments may have been modified or inferred from + the original call. diff --git a/distutils-reproducible-compile.patch b/distutils-reproducible-compile.patch new file mode 100644 index 0000000..17e8bd2 --- /dev/null +++ b/distutils-reproducible-compile.patch @@ -0,0 +1,17 @@ +--- + Lib/distutils/util.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +Index: Python-3.11.8/Lib/distutils/util.py +=================================================================== +--- Python-3.11.8.orig/Lib/distutils/util.py ++++ Python-3.11.8/Lib/distutils/util.py +@@ -436,7 +436,7 @@ byte_compile(files, optimize=%r, force=% + else: + from py_compile import compile + +- for file in py_files: ++ for file in sorted(py_files): + if file[-3:] != ".py": + # This lets us be lazy and not filter filenames in + # the "install_lib" command. diff --git a/externally_managed.in b/externally_managed.in new file mode 100644 index 0000000..54606b6 --- /dev/null +++ b/externally_managed.in @@ -0,0 +1,12 @@ +[externally-managed] +Error=To install Python packages system-wide, try + zypper install __PYTHONPREFIX__-xyz, where xyz is the package + you are trying to install. + + If you wish to install a non-rpm packaged Python package, + create a virtual environment using __PYTHON__ -m venv path/to/venv. + Then use path/to/venv/bin/python and path/to/venv/bin/pip. + + If you wish to install a non-rpm packaged Python application, + it may be easiest to use `pipx install xyz`, which will manage a + virtual environment for you. Install pipx via `zypper install __PYTHONPREFIX__-pipx` . diff --git a/fix_configure_rst.patch b/fix_configure_rst.patch new file mode 100644 index 0000000..7c6fd0e --- /dev/null +++ b/fix_configure_rst.patch @@ -0,0 +1,40 @@ +--- + Doc/using/configure.rst | 3 --- + Misc/NEWS | 2 +- + 2 files changed, 1 insertion(+), 4 deletions(-) + +--- a/Doc/using/configure.rst ++++ b/Doc/using/configure.rst +@@ -43,7 +43,6 @@ General Options + + See :data:`sys.int_info.bits_per_digit `. + +-.. option:: --with-cxx-main + .. option:: --with-cxx-main=COMPILER + + Compile the Python ``main()`` function and link Python executable with C++ +@@ -529,13 +528,11 @@ macOS Options + + See ``Mac/README.rst``. + +-.. option:: --enable-universalsdk + .. option:: --enable-universalsdk=SDKDIR + + Create a universal binary build. *SDKDIR* specifies which macOS SDK should + be used to perform the build (default is no). + +-.. option:: --enable-framework + .. option:: --enable-framework=INSTALLDIR + + Create a Python.framework rather than a traditional Unix install. Optional +--- a/Misc/NEWS ++++ b/Misc/NEWS +@@ -9774,7 +9774,7 @@ C API + - bpo-40939: Removed documentation for the removed ``PyParser_*`` C API. + + - bpo-43795: The list in :ref:`limited-api-list` now shows the public name +- :c:struct:`PyFrameObject` rather than ``_frame``. The non-existing entry ++ :c:type:`PyFrameObject` rather than ``_frame``. The non-existing entry + ``_node`` no longer appears in the list. + + - bpo-44378: :c:func:`Py_IS_TYPE` no longer uses :c:func:`Py_TYPE` to avoid diff --git a/gh120226-fix-sendfile-test-kernel-610.patch b/gh120226-fix-sendfile-test-kernel-610.patch new file mode 100644 index 0000000..2eb6f63 --- /dev/null +++ b/gh120226-fix-sendfile-test-kernel-610.patch @@ -0,0 +1,35 @@ +From 1b3f6523a5c83323cdc44031b33a1c062e5dc698 Mon Sep 17 00:00:00 2001 +From: Xi Ruoyao +Date: Fri, 7 Jun 2024 23:51:32 +0800 +Subject: [PATCH] gh-120226: Fix + test_sendfile_close_peer_in_the_middle_of_receiving on Linux >= 6.10 + (GH-120227) + +The worst case is that the kernel buffers 17 pages with a page size of 64k. +(cherry picked from commit a7584245661102a5768c643fbd7db8395fd3c90e) + +Co-authored-by: Xi Ruoyao +--- + Lib/test/test_asyncio/test_sendfile.py | 11 ++++------- + 1 file changed, 4 insertions(+), 7 deletions(-) + +--- a/Lib/test/test_asyncio/test_sendfile.py ++++ b/Lib/test/test_asyncio/test_sendfile.py +@@ -93,13 +93,10 @@ class MyProto(asyncio.Protocol): + + class SendfileBase: + +- # 256 KiB plus small unaligned to buffer chunk +- # Newer versions of Windows seems to have increased its internal +- # buffer and tries to send as much of the data as it can as it +- # has some form of buffering for this which is less than 256KiB +- # on newer server versions and Windows 11. +- # So DATA should be larger than 256 KiB to make this test reliable. +- DATA = b"x" * (1024 * 256 + 1) ++ # Linux >= 6.10 seems buffering up to 17 pages of data. ++ # So DATA should be large enough to make this test reliable even with a ++ # 64 KiB page configuration. ++ DATA = b"x" * (1024 * 17 * 64 + 1) + # Reduce socket buffer size to test on relative small data sets. + BUF_SIZE = 4 * 1024 # 4 KiB + diff --git a/idle3.appdata.xml b/idle3.appdata.xml new file mode 100644 index 0000000..554b7c4 --- /dev/null +++ b/idle3.appdata.xml @@ -0,0 +1,35 @@ + + + + + idle3.desktop + IDLE3 + CC0 + Python-2.0 + Python 3 Integrated Development and Learning Environment + +

+ IDLE is Python’s Integrated Development and Learning Environment. + The GUI is uniform between Windows, Unix, and Mac OS X. + IDLE provides an easy way to start writing, running, and debugging + Python code. +

+

+ IDLE is written in pure Python, and uses the tkinter GUI toolkit. + It provides: +

+
    +
  • a Python shell window (interactive interpreter) with colorizing of code input, output, and error messages,
    • +
  • a multi-window text editor with multiple undo, Python colorizing, smart indent, call tips, auto completion, and other features,
    • +
  • search within any window, replace within editor windows, and search through multiple files (grep),
    • +
  • a debugger with persistent breakpoints, stepping, and viewing of global and local namespaces.
    • +
+ + https://docs.python.org/3/library/idle.html + + http://in.waw.pl/~zbyszek/fedora/idle3-appdata/idle3-main-window.png + http://in.waw.pl/~zbyszek/fedora/idle3-appdata/idle3-class-browser.png + http://in.waw.pl/~zbyszek/fedora/idle3-appdata/idle3-code-viewer.png + + zbyszek@in.waw.pl + diff --git a/idle3.desktop b/idle3.desktop new file mode 100644 index 0000000..43f5a4c --- /dev/null +++ b/idle3.desktop @@ -0,0 +1,12 @@ +[Desktop Entry] +Version=1.0 +Name=IDLE 3 +GenericName=Python 3 IDE +Comment=Python 3 Integrated Development and Learning Environment +Exec=idle3 %F +TryExec=idle3 +Terminal=false +Type=Application +Icon=idle3 +Categories=Development;IDE; +MimeType=text/x-python; diff --git a/import_failed.map b/import_failed.map new file mode 100644 index 0000000..f33690c --- /dev/null +++ b/import_failed.map @@ -0,0 +1,7 @@ +python311-curses: curses _curses _curses_panel +python311-dbm: dbm _dbm _gdbm +python311-idle: idlelib +python311-testsuite: test _ctypes_test _testbuffer _testcapi _testinternalcapi _testimportmultiple _testmultiphase xxlimited +python311-tk: tkinter _tkinter +python311-tools: turtledemo +python311: sqlite3 readline _sqlite3 nis diff --git a/import_failed.py b/import_failed.py new file mode 100644 index 0000000..258b5a5 --- /dev/null +++ b/import_failed.py @@ -0,0 +1,23 @@ +import sys, os +from sysconfig import get_path + +failed_map_path = os.path.join(get_path('stdlib'), '_import_failed', 'import_failed.map') + +if __spec__: + failed_name = __spec__.name +else: + failed_name = __name__ + +with open(failed_map_path) as fd: + for line in fd: + package = line.split(':')[0] + imports = line.split(':')[1] + if failed_name in imports: + raise ImportError(f"""Module '{failed_name}' is not installed. +Use: + sudo zypper install {package} +to install it.""") + +raise ImportError(f"""Module '{failed_name}' is not installed. +It is supposed to be part of python3 distribution, but missing from failed import map. +Please file a bug on the SUSE Bugzilla.""") diff --git a/macros.python3 b/macros.python3 new file mode 100644 index 0000000..2bd193b --- /dev/null +++ b/macros.python3 @@ -0,0 +1,28 @@ +%have_python3 1 + +# commented out legacy macro definitions +#py3_prefix /usr +#py3_incdir /usr/include/python3.5m +#py3_ver 3.5 + +# these should now be provided by macros.python_all +#python3_sitearch /usr/lib64/python3.5/site-packages +#python3_sitelib /usr/lib/python3.5/site-packages +#python3_version 3.5 + +# hard to say if anyone ever used these? +#py3_soflags cpython-35m-x86_64-linux-gnu +#py3_abiflags m +%cpython3_soabi %(python3 -c "import sysconfig; print(sysconfig.get_config_var('SOABI'))") +%py3_soflags %cpython3_soabi + +# compilation macros that might be in use somewhere +%py3_compile(O) \ +find %1 -name '*.pyc' -exec rm -f {} ";"\ +python3 -c "import sys, os, compileall; br='%{buildroot}'; compileall.compile_dir(sys.argv[1], ddir=br and (sys.argv[1][len(os.path.abspath(br)):]+'/') or None)" %1\ +%{-O:\ +find %1 -name '*.pyo' -exec rm -f {} ";"\ +python3 -O -c "import sys, os, compileall; br='%{buildroot}'; compileall.compile_dir(sys.argv[1], ddir=br and (sys.argv[1][len(os.path.abspath(br)):]+'/') or None)" %1\ +} + + diff --git a/no-skipif-doctests.patch b/no-skipif-doctests.patch new file mode 100644 index 0000000..7e412d7 --- /dev/null +++ b/no-skipif-doctests.patch @@ -0,0 +1,653 @@ +only in patch2: +unchanged: +--- + Doc/library/turtle.rst | 82 ------------------------------------------------- + 1 file changed, 82 deletions(-) + +--- a/Doc/library/turtle.rst ++++ b/Doc/library/turtle.rst +@@ -440,7 +440,6 @@ Turtle motion + turtle is headed. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.position() + (0.00,0.00) +@@ -467,7 +466,6 @@ Turtle motion + >>> turtle.goto(0, 0) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.position() + (0.00,0.00) +@@ -486,13 +484,11 @@ Turtle motion + orientation depends on the turtle mode, see :func:`mode`. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.setheading(22) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.heading() + 22.0 +@@ -511,13 +507,11 @@ Turtle motion + orientation depends on the turtle mode, see :func:`mode`. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.setheading(22) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.heading() + 22.0 +@@ -540,13 +534,11 @@ Turtle motion + not change the turtle's orientation. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.goto(0, 0) + + .. doctest:: +- :skipif: _tkinter is None + + >>> tp = turtle.pos() + >>> tp +@@ -570,13 +562,11 @@ Turtle motion + unchanged. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.goto(0, 240) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.position() + (0.00,240.00) +@@ -592,13 +582,11 @@ Turtle motion + Set the turtle's second coordinate to *y*, leave first coordinate unchanged. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.goto(0, 40) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.position() + (0.00,40.00) +@@ -625,7 +613,6 @@ Turtle motion + =================== ==================== + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.setheading(90) + >>> turtle.heading() +@@ -638,14 +625,12 @@ Turtle motion + its start-orientation (which depends on the mode, see :func:`mode`). + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.setheading(90) + >>> turtle.goto(0, -10) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.heading() + 90.0 +@@ -677,7 +662,6 @@ Turtle motion + calculated automatically. May be used to draw regular polygons. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.position() +@@ -706,7 +690,6 @@ Turtle motion + + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.dot() +@@ -724,7 +707,6 @@ Turtle motion + it by calling ``clearstamp(stamp_id)``. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.color("blue") + >>> turtle.stamp() +@@ -740,7 +722,6 @@ Turtle motion + Delete stamp with given *stampid*. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.position() + (150.00,-0.00) +@@ -785,7 +766,6 @@ Turtle motion + undo actions is determined by the size of the undobuffer. + + .. doctest:: +- :skipif: _tkinter is None + + >>> for i in range(4): + ... turtle.fd(50); turtle.lt(80) +@@ -818,7 +798,6 @@ Turtle motion + turtle turn instantly. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.speed() + 3 +@@ -839,7 +818,6 @@ Tell Turtle's state + Return the turtle's current location (x,y) (as a :class:`Vec2D` vector). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.pos() + (440.00,-0.00) +@@ -855,7 +833,6 @@ Tell Turtle's state + orientation which depends on the mode - "standard"/"world" or "logo". + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.goto(10, 10) + >>> turtle.towards(0,0) +@@ -867,7 +844,6 @@ Tell Turtle's state + Return the turtle's x coordinate. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.left(50) +@@ -883,7 +859,6 @@ Tell Turtle's state + Return the turtle's y coordinate. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.left(60) +@@ -900,7 +875,6 @@ Tell Turtle's state + :func:`mode`). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.left(67) +@@ -917,7 +891,6 @@ Tell Turtle's state + other turtle, in turtle step units. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.distance(30,40) +@@ -941,7 +914,6 @@ Settings for measurement + Default value is 360 degrees. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.left(90) +@@ -964,7 +936,6 @@ Settings for measurement + ``degrees(2*math.pi)``. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.left(90) +@@ -975,7 +946,6 @@ Settings for measurement + 1.5707963267948966 + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.degrees(360) +@@ -1011,7 +981,6 @@ Drawing state + thickness. If no argument is given, the current pensize is returned. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.pensize() + 1 +@@ -1043,7 +1012,6 @@ Drawing state + attributes in one statement. + + .. doctest:: +- :skipif: _tkinter is None + :options: +NORMALIZE_WHITESPACE + + >>> turtle.pen(fillcolor="black", pencolor="red", pensize=10) +@@ -1066,7 +1034,6 @@ Drawing state + Return ``True`` if pen is down, ``False`` if it's up. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.penup() + >>> turtle.isdown() +@@ -1107,7 +1074,6 @@ Color control + newly set pencolor. + + .. doctest:: +- :skipif: _tkinter is None + + >>> colormode() + 1.0 +@@ -1156,7 +1122,6 @@ Color control + with the newly set fillcolor. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.fillcolor("violet") + >>> turtle.fillcolor() +@@ -1195,7 +1160,6 @@ Color control + with the newly set colors. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.color("red", "green") + >>> turtle.color() +@@ -1212,7 +1176,6 @@ Filling + ~~~~~~~ + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.home() +@@ -1222,7 +1185,6 @@ Filling + Return fillstate (``True`` if filling, ``False`` else). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.begin_fill() + >>> if turtle.filling(): +@@ -1247,7 +1209,6 @@ Filling + above may be either all yellow or have some white regions. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.color("black", "red") + >>> turtle.begin_fill() +@@ -1264,7 +1225,6 @@ More drawing control + variables to the default values. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.goto(0,-22) + >>> turtle.left(100) +@@ -1315,7 +1275,6 @@ Visibility + drawing observably. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.hideturtle() + +@@ -1326,7 +1285,6 @@ Visibility + Make the turtle visible. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.showturtle() + +@@ -1357,7 +1315,6 @@ Appearance + deal with shapes see Screen method :func:`register_shape`. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.shape() + 'classic' +@@ -1383,7 +1340,6 @@ Appearance + ``resizemode("user")`` is called by :func:`shapesize` when used with arguments. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.resizemode() + 'noresize' +@@ -1407,7 +1363,6 @@ Appearance + of the shape's outline. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.shapesize() + (1.0, 1.0, 1) +@@ -1432,7 +1387,6 @@ Appearance + heading of the turtle are sheared. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.shape("circle") + >>> turtle.shapesize(5,2) +@@ -1449,7 +1403,6 @@ Appearance + change the turtle's heading (direction of movement). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.reset() + >>> turtle.shape("circle") +@@ -1469,7 +1422,6 @@ Appearance + (direction of movement). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.reset() + >>> turtle.shape("circle") +@@ -1495,7 +1447,6 @@ Appearance + turtle (its direction of movement). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.reset() + >>> turtle.shape("circle") +@@ -1524,7 +1475,6 @@ Appearance + given matrix. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle = Turtle() + >>> turtle.shape("square") +@@ -1540,7 +1490,6 @@ Appearance + can be used to define a new shape or components of a compound shape. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.shape("square") + >>> turtle.shapetransform(4, -1, 0, 2) +@@ -1565,7 +1514,6 @@ Using events + procedural way: + + .. doctest:: +- :skipif: _tkinter is None + + >>> def turn(x, y): + ... left(180) +@@ -1586,7 +1534,6 @@ Using events + ``None``, existing bindings are removed. + + .. doctest:: +- :skipif: _tkinter is None + + >>> class MyTurtle(Turtle): + ... def glow(self,x,y): +@@ -1614,7 +1561,6 @@ Using events + mouse-click event on that turtle. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.ondrag(turtle.goto) + +@@ -1642,7 +1588,6 @@ Special Turtle methods + Return the last recorded polygon. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.begin_poly() +@@ -1662,7 +1607,6 @@ Special Turtle methods + turtle properties. + + .. doctest:: +- :skipif: _tkinter is None + + >>> mick = Turtle() + >>> joe = mick.clone() +@@ -1675,7 +1619,6 @@ Special Turtle methods + return the "anonymous turtle": + + .. doctest:: +- :skipif: _tkinter is None + + >>> pet = getturtle() + >>> pet.fd(50) +@@ -1689,7 +1632,6 @@ Special Turtle methods + TurtleScreen methods can then be called for that object. + + .. doctest:: +- :skipif: _tkinter is None + + >>> ts = turtle.getscreen() + >>> ts +@@ -1707,7 +1649,6 @@ Special Turtle methods + ``None``, the undobuffer is disabled. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.setundobuffer(42) + +@@ -1717,7 +1658,6 @@ Special Turtle methods + Return number of entries in the undobuffer. + + .. doctest:: +- :skipif: _tkinter is None + + >>> while undobufferentries(): + ... undo() +@@ -1740,7 +1680,6 @@ below: + For example: + + .. doctest:: +- :skipif: _tkinter is None + + >>> s = Shape("compound") + >>> poly1 = ((0,0),(10,-5),(0,10),(-10,-5)) +@@ -1751,7 +1690,6 @@ below: + 3. Now add the Shape to the Screen's shapelist and use it: + + .. doctest:: +- :skipif: _tkinter is None + + >>> register_shape("myshape", s) + >>> shape("myshape") +@@ -1771,7 +1709,6 @@ Most of the examples in this section ref + ``screen``. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> screen = Screen() +@@ -1788,7 +1725,6 @@ Window control + Set or return background color of the TurtleScreen. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.bgcolor("orange") + >>> screen.bgcolor() +@@ -1880,7 +1816,6 @@ Window control + distorted. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.reset() + >>> screen.setworldcoordinates(-50,-7.5,50,7.5) +@@ -1891,7 +1826,6 @@ Window control + ... left(45); fd(2) # a regular octagon + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> screen.reset() +@@ -1913,7 +1847,6 @@ Animation control + Optional argument: + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.delay() + 10 +@@ -1935,7 +1868,6 @@ Animation control + :func:`delay`). + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.tracer(8, 25) + >>> dist = 2 +@@ -1972,7 +1904,6 @@ Using screen events + must have the focus. (See method :func:`listen`.) + + .. doctest:: +- :skipif: _tkinter is None + + >>> def f(): + ... fd(50) +@@ -1993,7 +1924,6 @@ Using screen events + must have focus. (See method :func:`listen`.) + + .. doctest:: +- :skipif: _tkinter is None + + >>> def f(): + ... fd(50) +@@ -2018,7 +1948,6 @@ Using screen events + named ``turtle``: + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.onclick(turtle.goto) # Subsequently clicking into the TurtleScreen will + >>> # make the turtle move to the clicked point. +@@ -2038,7 +1967,6 @@ Using screen events + Install a timer that calls *fun* after *t* milliseconds. + + .. doctest:: +- :skipif: _tkinter is None + + >>> running = True + >>> def f(): +@@ -2120,7 +2048,6 @@ Settings and special methods + ============ ========================= =================== + + .. doctest:: +- :skipif: _tkinter is None + + >>> mode("logo") # resets turtle heading to north + >>> mode() +@@ -2135,7 +2062,6 @@ Settings and special methods + values of color triples have to be in the range 0..*cmode*. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.colormode(1) + >>> turtle.pencolor(240, 160, 80) +@@ -2156,7 +2082,6 @@ Settings and special methods + do with a Tkinter Canvas. + + .. doctest:: +- :skipif: _tkinter is None + + >>> cv = screen.getcanvas() + >>> cv +@@ -2168,7 +2093,6 @@ Settings and special methods + Return a list of names of all currently available turtle shapes. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.getshapes() + ['arrow', 'blank', 'circle', ..., 'turtle'] +@@ -2192,7 +2116,6 @@ Settings and special methods + coordinates: Install the corresponding polygon shape. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.register_shape("triangle", ((5,-3), (0,5), (-5,-3))) + +@@ -2208,7 +2131,6 @@ Settings and special methods + Return the list of turtles on the screen. + + .. doctest:: +- :skipif: _tkinter is None + + >>> for turtle in screen.turtles(): + ... turtle.color("red") +@@ -2270,7 +2192,6 @@ Methods specific to Screen, not inherite + center window vertically + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.setup (width=200, height=200, startx=0, starty=0) + >>> # sets window to 200x200 pixels, in upper left of screen +@@ -2286,7 +2207,6 @@ Methods specific to Screen, not inherite + Set title of turtle window to *titlestring*. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.title("Welcome to the turtle zoo!") + +@@ -2357,7 +2277,6 @@ Public classes + Example: + + .. doctest:: +- :skipif: _tkinter is None + + >>> poly = ((0,0),(10,-5),(0,10),(-10,-5)) + >>> s = Shape("compound") +@@ -2743,7 +2662,6 @@ Changes since Python 3.0 + + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> for turtle in turtles(): diff --git a/pre_checkin.sh b/pre_checkin.sh new file mode 100644 index 0000000..a2cf992 --- /dev/null +++ b/pre_checkin.sh @@ -0,0 +1,78 @@ +#!/bin/bash + +export LC_ALL=C + +master=python*.spec + +# create import_failed.map from package definitions +pkgname=$(grep python_pkg_name $master |grep define |awk -F' ' '{print $3}') +MAPFILE=import_failed.map +function new_map_line () { + package=$1 + package=$(echo $1 |sed -e "s:%{python_pkg_name}:$pkgname:") + modules=$2 + if [ -z "$package" -o -z "$modules" ]; then + return + fi + if [[ "$package" =~ "-base" ]]; then + return + fi + echo "$package:$modules" >> $MAPFILE.tmp +} + +for spec in *.spec; do + basename=${spec%.spec} + package= + modules= + while read line; do + case $line in + "%files -n "*) + new_map_line $package "$modules" + package=${line#"%files -n "} + modules= + ;; + "%files "*) + new_map_line $package "$modules" + package=$basename-${line#"%files "} + modules= + ;; + "%files") + new_map_line $package "$modules" + package=$basename + modules= + ;; + "%{sitedir}/config-"*) + # ignore + ;; + "%{sitedir}/"*) + word=${line#"%{sitedir}/"} + if ! echo $word | grep -q /; then + modules="$modules $word" + fi + ;; + "%{dynlib "*"}") + word=${line#"%{dynlib "} + word=${word%"}"} + modules="$modules $word" + ;; + esac + done < $spec + new_map_line $package "$modules" +done + +cat $MAPFILE.tmp |sort -u > $MAPFILE +rm $MAPFILE.tmp + +# run test inclusion check +tar xJf Python-*.xz +python3 skipped_tests.py + +# generate baselibs.conf +VERSION=$(grep ^Version $master|awk -F':' '{print $2}' |sed -e 's/ //g') +python_version=${VERSION:0:3} # 3.3 +python_version_abitag=${python_version//./} # 33 +python_version_soname=${python_version//./_} # 3_3 +echo "$pkgname-base" > baselibs.conf +echo "$pkgname" >> baselibs.conf +echo "libpython$python_version_soname-1_0" >> baselibs.conf + diff --git a/python-3.3.0b1-fix_date_time_compiler.patch b/python-3.3.0b1-fix_date_time_compiler.patch new file mode 100644 index 0000000..cda20d7 --- /dev/null +++ b/python-3.3.0b1-fix_date_time_compiler.patch @@ -0,0 +1,27 @@ +--- + Makefile.pre.in | 7 +++++++ + 1 file changed, 7 insertions(+) + +Index: Python-3.11.8/Makefile.pre.in +=================================================================== +--- Python-3.11.8.orig/Makefile.pre.in ++++ Python-3.11.8/Makefile.pre.in +@@ -1240,11 +1240,18 @@ Modules/getbuildinfo.o: $(PARSER_OBJS) \ + $(DTRACE_OBJS) \ + $(srcdir)/Modules/getbuildinfo.c + $(CC) -c $(PY_CORE_CFLAGS) \ ++ -DDATE="\"`date -u -r Makefile.pre.in +"%b %d %Y"`\"" \ ++ -DTIME="\"`date -u -r Makefile.pre.in +"%T"`\"" \ + -DGITVERSION="\"`LC_ALL=C $(GITVERSION)`\"" \ + -DGITTAG="\"`LC_ALL=C $(GITTAG)`\"" \ + -DGITBRANCH="\"`LC_ALL=C $(GITBRANCH)`\"" \ + -o $@ $(srcdir)/Modules/getbuildinfo.c + ++Python/getcompiler.o: $(srcdir)/Python/getcompiler.c Makefile ++ $(CC) -c $(PY_CORE_CFLAGS) \ ++ -DCOMPILER='"[GCC]"' \ ++ -o $@ $(srcdir)/Python/getcompiler.c ++ + Modules/getpath.o: $(srcdir)/Modules/getpath.c Python/frozen_modules/getpath.h Makefile $(PYTHON_HEADERS) + $(CC) -c $(PY_CORE_CFLAGS) -DPYTHONPATH='"$(PYTHONPATH)"' \ + -DPREFIX='"$(prefix)"' \ diff --git a/python-3.3.0b1-localpath.patch b/python-3.3.0b1-localpath.patch new file mode 100644 index 0000000..475497e --- /dev/null +++ b/python-3.3.0b1-localpath.patch @@ -0,0 +1,13 @@ +Index: Python-3.11.8/Lib/site.py +=================================================================== +--- Python-3.11.8.orig/Lib/site.py ++++ Python-3.11.8/Lib/site.py +@@ -77,7 +77,7 @@ import io + import stat + + # Prefixes for site-packages; add additional prefixes like /usr/local here +-PREFIXES = [sys.prefix, sys.exec_prefix] ++PREFIXES = [sys.prefix, sys.exec_prefix, '/usr/local'] + # Enable per user site-packages directory + # set it to False to disable the feature or True to force the feature + ENABLE_USER_SITE = None diff --git a/python-3.3.0b1-test-posix_fadvise.patch b/python-3.3.0b1-test-posix_fadvise.patch new file mode 100644 index 0000000..ac5d553 --- /dev/null +++ b/python-3.3.0b1-test-posix_fadvise.patch @@ -0,0 +1,17 @@ +--- + Lib/test/test_posix.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +Index: Python-3.11.8/Lib/test/test_posix.py +=================================================================== +--- Python-3.11.8.orig/Lib/test/test_posix.py ++++ Python-3.11.8/Lib/test/test_posix.py +@@ -430,7 +430,7 @@ class PosixTester(unittest.TestCase): + def test_posix_fadvise(self): + fd = os.open(os_helper.TESTFN, os.O_RDONLY) + try: +- posix.posix_fadvise(fd, 0, 0, posix.POSIX_FADV_WILLNEED) ++ posix.posix_fadvise(fd, 0, 0, posix.POSIX_FADV_RANDOM) + finally: + os.close(fd) + diff --git a/python.keyring b/python.keyring new file mode 100644 index 0000000..747bc27 --- /dev/null +++ b/python.keyring @@ -0,0 +1,109 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBFq+ToQBEADRYvIVtbK6owynD3j3nxwpW2KEk/p+aDvtXmc2SR2dBcZ8sFW2 +R5vEsG8d3/D3wgv5pcL3KfNNXQYUnXVbobrFUUWQYc79qIsE3MgiPf5NVOtwKPUR +i5g9YJgKvpBxkQfqp3LYGm9ZBtwo3DVLA3yn7KsazCmAgTNFJYw7ku1XxgmIzY6K +5J30DfbJiqDqj4f9GslCCCCH3qiPnuLG/HUyVLHMpbWlaiy9NI0GcaLxjJewHj9w +W2D2lydkxe5JGo7egUkV3ILcuLVSVKA35SKY27dYqfuyqp9tAzaRbjDYjsYdHA6G +BqrNrKBn/GwlFDPrVdcvN3ZSY2wMLTxWE3Axc/FweuHxFnou/80FwX7F3JD+oEQ6 +rofmcxOBCC7J98I7HZAhP9jBn88XIS2hztbLq8d6rZJZRtcz0k61VR0ddO+TrFmf +9rMYCPgCckRtVxeFIVIabrN1IzKynLFeo040h8hSGswd6YKDOVwjJY6Oa6EmVefZ +a8QSt4+M65RSzH6SEPY008F3nJUAK6MEkzTak+tFltZNrVWu8p2xd1j9nmxAwEhZ +/lgbxLqzYgaUWmfyHeZ8yVA0MhHzdiAL8nVUEdG3KecIq0RWCJLGLWWIjd6KAJl1 +yAmhRYKK/sjPDsL3elHsFACfZbyx3o5GGQNlas1FYoPLWbaNGaJtgFTF2QARAQAB +tCtQYWJsbyBHYWxpbmRvIFNhbGdhZG8gPHBhYmxvZ3NhbEBnbWFpbC5jb20+iQJO +BBMBCgA4FiEEoDXIwZIZuoIezqhrZOYo+NaEaW0FAlq+ToQCGwMFCwkIBwMFFQoJ +CAsFFgIDAQACHgECF4AACgkQZOYo+NaEaW2bmA/+PXIap2udLoUVOHxnsIBdqYwp +sv1Aj5lfIJmNhmxPbHShwp1Jg+w4urxe+2Dj5ofKVlIo1i83bQkvnKJMDXDVuc/K +P6zqhBJ3rT4Q3qx2mzX8bIfQoJ2JHuH4lkP+I7doDcHHRyeNASyk72VdQmU4twNw +Ibn8nSNV6ThKHdoPYzVnO2rZUFcGIqH5HNsvR+B7cc1MBCHsgURYwSVhSePIFGlZ +iasdBD6QQkDSe4QWi7AcJFWFElw4kbOKJWxAWsrEk+tMXJVGRjnmL289EmPCx/vx +BqKy7Mse0yWCSRR3vB+O6TB1S5SgEyEgqlYsfGNv1qf/rfRD4KkyCbNU3LhY1Aim +vJP4pDW+KFxTk2Ks8vrx8gOSd2aFqPeO/pFDrpsF7PD62XwsfoXu4xc5V0Giw7r1 +Nai0nax7kOrldNF8TbbtRjW0jmoC7wLIDujAkwDIOroZ0CXA3N4HVHdSbrHm/urX +nyxJXupXAQNwGx64JCBcbF2fp3Kvu1VAXBEFnd01KaopthHcbG5pA50Kl2Vhe+98 +OdezUX42fHkQpQkB7HgtXfm6W1bw6YRBamrNvs1OoHBYmUjlECpe566IIu25Hc8s +x3qA+6eca7iqizyLG+WyMT8ZIYTWGAS59jxwR4esqGczbbZPSAPHFwLbGv7Wr0Rd +TPu5B0FcKpDkTd4IxQW5Ag0EWr5O2gEQAMjLe4CtbSfofmJrz5wfNkMVsZ81Gbqe +MoYd3dtkJnQYERUj8flzBj3ucaxGJ+Cuf7ybh3naPopKvEI1q0vkcgCDqrEgXK// +jKJbP28uPSMGhOG28q4PbamG55gy5FtM3ezzAxPWWKe9qBpV65GMmFy7eBQx2iJs +yiDIOOQQ4kraS+cTqNFimEXAGLCOQRNLcwIZzwAAHoW7HEpNUfVwaBD9kMlbo1ND +I60IKcNrNcmcmRxhJqfxjj8YBMwcKHO6GBE3AVpaE/+UO9zyr4TH+0YuQUgxKlPW +Dkg5XlkDo0S1GyLY5e9ckIDIlkTdDa2pOkoE2yB5MQCEga3YiHrKUVTTWaxn9XVJ +6x5ZjUF6bgSWGkrG5dUqSYoO1iDMuNVjtiujNyf/rvfj5cNxS7/lgxchhQKZHZXL +WVqxlneeVJ6s0P4+ROVG9ga2Sve7aUJ6wXIewZwulBcV2sE/W/DgxHgLBi53CUQt +vEzFzKvo48GnDqL5VYjA7l0HMYHd4GksCLi8E8U6Cgj+imXiM8voL7pHRZfs8mY8 +udR+UT4e1Scl2MYP2qBJ9/17B/X52B3s1EZdqI/r+hfOyqrhPs+dbAN0mtMPn68+ +nrvY1+nscvrSYEP6ZBlc9Hp2mgJdb6IcTvINXBEeLRjgc3pjViva443pkiFp9Axm +ecOckMKP3uSlABEBAAGJBGwEGAEKACAWIQSgNcjBkhm6gh7OqGtk5ij41oRpbQUC +Wr5O2gIbAgJACRBk5ij41oRpbcF0IAQZAQoAHRYhBM/cokWxBDzypfl4Zf/odAQW +i9hHBQJavk7aAAoJEP/odAQWi9hHr7YP/RCLre1CmOoWYpAtoa1yVCeYMDV6eQgL +B488/BEZHQE1zbrYy16XkhORob3JF/kUMjmJW7XaFF8FrWvRcdj/xaUGbOOEulKg +v+8zWfswYQRiZ4/JlwER4vRLi6fTE89MVER6Fkj2ASD4D2cifY+EztD4flV3sq3s +vIogGFaN9IvdrdeptOVGXs1RmAyoTsiS2mKQ6xsGh8B9ZAm55W8fBOGiSzLX21Xk +Ofdw53BrFQxn3cu/JgIKpdeZxgukcvEAI62B6X+YL6Na4j0eqEGLzsNtU1+xeJlo +WtVvmRwnRHGSxF6fzIZ3mk/p/aFiXAEq/xITCTY6tDv7x7pFE/RpdlJZyNJ+R5Y4 +SQiuDsylxNCa/4G5EB6q+7iVYtbEQ9MnZg2phowEE42tlj0rz8/rvDK3LH3xibot +KHIodCWKlWByxH99u2PuHUQ0c1oCVBUE1KkruMpvI236DpU/dvdq4JLSg/fWrys/ +VIjqLZgsIE5g/KO9XqngWHkLcBLh4CNAmHJ8Iia+s+/rfgsejQWB5uJb6eYg2JjB +4WP1EI0rULM6fdrCNB+MJ36wE2Lnb4bfT0phOMgjjH5/Ki7ZCbkxkOsBs4SRjiS+ +weCsmpAtMqodWY/Cnw9pWSA/qLSRD5/mKeb9SO6OZ/OPfAatwnGHsvZ2sAueC6rR +04W5BfXZWrnJUXQP/id/EKE1Ksp5fKoxSCbkKTCig+Sf5Afwe36yFN+niZBqzn5b +BgL/HIKaZM97oDHersPPANeEgS+JVlBf95iKIYnQbZP43FLVbvOuaINhBIVtFO54 +2Y7EYwl41kP7ILDElVy36KAmdQyBAfrjnZiRA70xShOxApLug1L0lxhR3YfmLwNi +RJ0V6KnYDKf0pfdhO9VFyFFWUojX1usn2SmSsXNizsNtvRqHXzPnX0rbJzZ9+N4O +9k1nxygYFG/2R/jGonVmTjRzcAHrAkNJETMWXMA7/8wRMDwluz8j+cCldey9x8Vk +JwgLGnZSbQtVpcFAnm5r/36Gt+9wc1VWMyrUrVr6Z679aqAbG7PMaeR5h5ygMj1k +VqRTYAUPSk1f8bZKRssQkQwEbp9dVIjm9SsR8VT7/tB+UuB85dABxgHfv3psJRT+ +tL8g9V7kSZqQfcLNGmvEVvr2Zl9NtxwXtsFM2OBprxCenwb+e9Ppm1LjfJG/NE72 +mAnOERfDaiLt4bqNo36Ei5sGCJ4Fx61phzNBXzkdRNM47i8J5UZRKFkE91c99BVM +HKUaY61NRK24fR0zP98ftDU82YFw0VRFJpTeBrO5ivN1MlQxUPzUWxKxMxO+20wa +UOXroEw11Tb4SRLGOla1pCl6lCUPJRy9IzadPDgTr/OTMkob/snt/XLdnV5/uQIN +BFq+TvoBEAC8Oy1g6pPWBbrCMhIq7VWY2fjylJ1fwg5BPXkOKVK1dsGYO4QD7oW9 +L0aSqcFSNFGF9Cl0Ri4TFXZC3hnG4HeSXUWApuKdBLn21H3jba36Ay1oGcGfdm0v +Zght4c6BlMVBpGCw2wIkJbUNEy6InMM+O8CCbbaH3iJkJ4141P7pODHignx5AmZI +conMui4YOhC+IXQXynVEv1Juk7erB1Nh1RcRvsA4lb44HWx49lIwe85ejOmoZ0O3 +6f9NJRer6bV0+rHWmg4IV5Q9h/Gn4IhEDZxA0DZl1RQI7dMgaMbIFbXGq7Kgzstz +EUnOoy29hXodxVmwIsMrAiQUYtwJ9hW+ESsw47+W2iPHVgviGWl7r/SgcgMYmf6m +5kiTBtwU7BQPS9G3zwwP2Rm3AA/6g39Q+tQKjOwi1I8+GZsY2On44Zly7BreBNg5 +4gJgdAGcMOYU9etr050clH3UpTYcAEtX++ahtOKhJgLIPNcIAQNlnifqvU0VYpgw +R4YpZ7hgg+AVDzC73PIM0lFI0XiDuqChbxE+K1jmLXWe5iJF0dzgVTwP+PmsifNZ +Wg3+YxSsS+hDMPQ2xPiQN49gT4JJDHcDuyhHyCGYgyMiVJCsku9KrkubbfVRivyN +ZF2Zfo3f+nbrRxsftz0yjAq8byCvb0V0XOpt4pJ/ddlug9ytRxALNwARAQABiQI2 +BBgBCgAgFiEEoDXIwZIZuoIezqhrZOYo+NaEaW0FAlq+TvoCGwwACgkQZOYo+NaE +aW3urA//UQ/cKQ7HvWjcLphzQOZc+6m5YL0wxvZkSjemU7mqjZdpacteIvRAoers +EqXHc208liIBtNfRzoreXdcXNzie65xXkrRnWoHVH/fTWy4lOnHr2CMXLeHjUgg/ +M6PYi8+sARm05YFB8nsYhlhx3IdLhcfeVVbJedQKO0yL3CK1okT30DUVq5Lq6X/K +DC6AxuJR3D6UMSoT0WLaoX8qbhAp88qLynInfBVL18d97h916WPLTPeP0eHwhwND +bYtKDCMDuKQ9XX5+QsNH0RmbxlX274LHrUMMvkLKxcfCBvP+iuqrBeIuoeVzXYJZ +j7ZJtEH79bW44eecl/CY/STFYgSQ2XGTp2BI2q60wAmtKlNhwxY5ena0FgyFl6Tm +5OBHW/Pwo+ndQJGfbrCyWkTgRay9c8er3gl3GQYIBH6X0kCiG7h/Epj0b5CHOPU5 +hCw0kEB8MB4poTIjeiY+Q01472/lQ68CL3DX158hR5d3XaPSIxAN+qFsfB1o316p +yjxhfK1MD/IfrOgjlggPPnc/KmLkCzpgdwKcZwLCdZq9hYBvF1Zs34HbaVMYbWTK +uxLowtXGU43vatCXXqmPOvl4/g4tZD6rysJDgOrHQnEHzT+Napn07s0BRC0IbbNn +FynUrkr5KMSuRz7Hg7xMApENOrb0nqdHSUJ914ZpuMIS6RhJgGu5Ag0EWr5PIAEQ +ALfh9vPD2B+miHDTMADI8aRZ7g9tnzynZYkk3+2sCiiusetsQQ+HIPJ/ASEJB7On +ane9dyT/LTRhrK9qaxgVMimk2COXB/xyh7Mnw7nJgFU0aRSbtX0vbvQz2suSzrQ6 +9mPKzan28JGoClqB0bw1vwf3VjjxHV2dgD57CmqFPv7kAC/2a56dE+etzXattZAL ++2JWTpmfQ0ePRRadtBm0VahQhnU8x0+jvAVrEawqpVW83ozYFyW/0WInM2J7jHgQ +16OosY4lj5L/DxpVxaArhRFoRfWPXfC37iE8Mou/I95isvPQIhp1wTo4jG0KM02B +oIVbp/QRNBQ6WtpOzvJs1gqQiJJTfqbKJXQ3NDEY9crpVS83HJ+Zv99PNsyNkFjG +QpU84U3ZhsI4ygjdY45mpZueqI1RVcRQdu8Hgvoo/78Q/Sir6gMGop3mVdVo2guI +kFcJrXh0Xk3ech4aVqrmKx/mPXGwOAQU0DAul4RW3fKg1QxQE7Tlw3+95Ee/+q5j +HARL0uDbCJpRO8Sl8NDEuL32n/2Ot6kQeCSHrU7KJRYAkTxkKvr8zNow7hFhHFPE +SnHvTnskI6noh0VY6NwMhmLvhm0wKkRxZPzUNc3sgLvbK1NymIZ9aKCZamzhZrmG +vnblEz/OSLwGUua465H3hM1vvBQiartj7+6ZqWIkSmBPABEBAAGJAjYEGAEKACAW +IQSgNcjBkhm6gh7OqGtk5ij41oRpbQUCWr5PIAIbIAAKCRBk5ij41oRpbWmeEACG ++axtDC8UoNp9ORiYwEWLzZWDuugE+ah7DYYGD4Vs633FXVZW3SgM/bFtJ/0Lg8CF +74jI4LMHyIjDzEjcoItwnhBLix+kUoJTvrY58GPydwekLuw1p4KXLqtRs4fsZbNQ +YTknl4jYtRWoxO98x7tun7Gq2gqmJkIB2uj630fKz5cBk6p6oDFKjzyrHe+V7BiK +3okQPaD4x7hq8OnTy7lOy92ZZAqztS4tNEb4DkYW1MpuwsJ7hbBZitc1siI+FVVb +GjVVGZz6ssXoW67Tz8+VxdWJxNLXlv27eMcj4sme5S0th/YYNA5fRRv6zuzqZAru +YNGLpYYU7JLvZJ+3lCwa5j5ycOGBF0GvsGs6gj6h+CHkjR/BgzAgWC+GgUgslt6q +aH04rWtV6rVz+Y91LcrX5P6OM4anmXD3Gp3kl35AypXb4KyASF19+11RUziD4Z7q +wQEWfbwOltNyZv2lD8s2jPr7P02axWRQUbZAEhxRmvOQev/FZPyCF6gqUo/HxRbQ +y3bzmnipyHSv1DlXNfCFCHvN8kGyZnRWARqIKRg+j9ediJgOUqlLhg6KmrTVxd5v +3Dfv52PW2UODDTM20s3cQGuX/UswzMRwPI/+P44iCMwEKdm7duM/5oisZT9Vhy7g +P15MreFZLcZvUVgjqgy0u57cstyGK1Bo9e2sFcK2fA== +=6Zb4 +-----END PGP PUBLIC KEY BLOCK----- diff --git a/python311-rpmlintrc b/python311-rpmlintrc new file mode 100644 index 0000000..5b35f34 --- /dev/null +++ b/python311-rpmlintrc @@ -0,0 +1,3 @@ +addFilter("pem-certificate.*/usr/lib.*/python.*/test/*.pem") +addFilter("devel-file-in-non-devel-package.*/usr/lib.*/python.*/tests/*.c") +addFilter("devel-file-in-non-devel-package.*/usr/lib.*/python.*/test/*.cpp") diff --git a/python311.changes b/python311.changes new file mode 100644 index 0000000..638e10e --- /dev/null +++ b/python311.changes @@ -0,0 +1,5515 @@ +------------------------------------------------------------------- +Mon Mar 10 15:44:31 UTC 2025 - Bernhard Wiedemann + +- Skip PGO with %want_reproducible_builds (boo#1040589) + +------------------------------------------------------------------- +Tue Feb 4 14:43:13 UTC 2025 - Matej Cepl + +- Add CVE-2025-0938-sq-brackets-domain-names.patch which + disallows square brackets ([ and ]) in domain names for parsed + URLs (bsc#1236705, CVE-2025-0938, gh#python/cpython#105704) + +------------------------------------------------------------------- +Mon Jan 27 09:00:48 UTC 2025 - Daniel Garcia + +- Configure externally_managed with a bcond + https://en.opensuse.org/openSUSE:Python:Externally_managed + bsc#1228165 + +------------------------------------------------------------------- +Wed Dec 4 21:40:41 UTC 2024 - Matej Cepl + +- Update to 3.11.11: + - Tools/Demos + - gh-123418: Update GitHub CI workflows to use OpenSSL 3.0.15 + and multissltests to use 3.0.15, 3.1.7, and 3.2.3. + - Tests + - gh-125041: Re-enable skipped tests for zlib on the + s390x architecture: only skip checks of the compressed + bytes, which can be different between zlib’s software + implementation and the hardware-accelerated implementation. + - Security + - gh-126623: Upgrade libexpat to 2.6.4 + - gh-122792: Changed IPv4-mapped ipaddress.IPv6Address to + consistently use the mapped IPv4 address value for deciding + properties. Properties which have their behavior fixed are + is_multicast, is_reserved, is_link_local, is_global, and + is_unspecified. + - Library + - gh-124651: Properly quote template strings in venv + activation scripts (bsc#1232241, CVE-2024-9287). +- Removed upstreamed patches: + - CVE-2024-9287-venv_path_unquoted.patch + +------------------------------------------------------------------- +Tue Dec 3 08:21:35 UTC 2024 - John Paul Adrian Glaubitz + +- Add add-loongarch64-support.patch to support loongarch64 + +------------------------------------------------------------------- +Mon Dec 2 22:50:07 UTC 2024 - Matej Cepl + +- Fix changelog + +------------------------------------------------------------------- +Mon Nov 11 12:43:40 UTC 2024 - Daniel Garcia + +- Remove -IVendor/ from python-config boo#1231795 + +------------------------------------------------------------------- +Fri Nov 1 16:32:10 UTC 2024 - Matej Cepl + +- Add CVE-2024-9287-venv_path_unquoted.patch to properly quote + path names provided when creating a virtual environment + (bsc#1232241, CVE-2024-9287) + +------------------------------------------------------------------- +Wed Oct 2 16:18:29 UTC 2024 - Matej Cepl + +- Drop .pyc files from docdir for reproducible builds + (bsc#1230906). + +------------------------------------------------------------------- +Mon Sep 9 16:53:07 UTC 2024 - Matej Cepl + +- Update to 3.11.10: + - Security + - gh-123678: Upgrade libexpat to 2.6.3 + - gh-121957: Fixed missing audit events around interactive + use of Python, now also properly firing for ``python -i``, + as well as for ``python -m asyncio``. The event in question + is ``cpython.run_stdin``. + - gh-122133: Authenticate the socket connection for the + ``socket.socketpair()`` fallback on platforms where + ``AF_UNIX`` is not available like Windows. Patch by + Gregory P. Smith and Seth Larson + . Reported by Ellie + - gh-121285: Remove backtracking from tarfile header parsing + for ``hdrcharset``, PAX, and GNU sparse headers + (bsc#1230227, CVE-2024-6232). + - gh-118486: :func:`os.mkdir` on Windows now accepts + *mode* of ``0o700`` to restrict the new directory to + the current user. This fixes CVE-2024-4030 affecting + :func:`tempfile.mkdtemp` in scenarios where the base + temporary directory is more permissive than the default. + - gh-116741: Update bundled libexpat to 2.6.2 + - Library + - gh-123270: Applied a more surgical fix for malformed + payloads in :class:`zipfile.Path` causing infinite loops + (gh-122905) without breaking contents using legitimate + characters (bsc#1229704, CVE-2024-8088). + - gh-123067: Fix quadratic complexity in parsing ``"``-quoted + cookie values with backslashes by :mod:`http.cookies` + (bsc#1229596, CVE-2024-7592). + - gh-122905: :class:`zipfile.Path` objects now sanitize names + from the zipfile. + - gh-121650: :mod:`email` headers with embedded newlines are + now quoted on output. The :mod:`~email.generator` will now + refuse to serialize (write) headers that are unsafely folded + or delimited; see :attr:`~email.policy.Policy.verify_generated_headers`. + (Contributed by Bas Bloemsaat and Petr Viktorin in + :gh:`121650`; CVE-2024-6923, bsc#1228780). + - gh-119506: Fix :meth:`!io.TextIOWrapper.write` method + breaks internal buffer when the method is called again + during flushing internal buffer. + - gh-118643: Fix an AttributeError in the :mod:`email` module + when re-fold a long address list. Also fix more cases of + incorrect encoding of the address separator in the address + list. + - gh-113171: Fixed various false positives and false + negatives in * :attr:`ipaddress.IPv4Address.is_private` + (see these docs for details) * + :attr:`ipaddress.IPv4Address.is_global` * + :attr:`ipaddress.IPv6Address.is_private` * + :attr:`ipaddress.IPv6Address.is_global` Also in the + corresponding :class:`ipaddress.IPv4Network` and + :class:`ipaddress.IPv6Network` attributes. + Fixes bsc#1226448 (CVE-2024-4032). + - gh-102988: :func:`email.utils.getaddresses` and + :func:`email.utils.parseaddr` now return ``('', '')`` + 2-tuples in more situations where invalid email addresses + are encountered instead of potentially inaccurate + values. Add optional *strict* parameter to these two + functions: use ``strict=False`` to get the old behavior, + accept malformed inputs. ``getattr(email.utils, + 'supports_strict_parsing', False)`` can be use to check if + the *strict* paramater is available. Patch by Thomas Dwyer + and Victor Stinner to improve the CVE-2023-27043 fix + (bsc#1210638). + - gh-67693: Fix :func:`urllib.parse.urlunparse` and + :func:`urllib.parse.urlunsplit` for URIs with path starting + with multiple slashes and no authority. Based on patch by + Ashwin Ramaswami. + - Core and Builtins + - gh-112275: A deadlock involving ``pystate.c``'s + ``HEAD_LOCK`` in ``posixmodule.c`` at fork is now + fixed. Patch by ChuBoning based on previous Python 3.12 fix + by Victor Stinner. + - gh-109120: Added handle of incorrect star expressions, e.g + ``f(3, *)``. Patch by Grigoryev Semyon +- Removed upstreamed patches: + - CVE-2023-27043-email-parsing-errors.patch + - CVE-2024-4032-private-IP-addrs.patch + - CVE-2024-6923-email-hdr-inject.patch + - CVE-2024-8088-inf-loop-zipfile_Path.patch + (renamed from CVE-2024-8088-zipfile-Path-sanitization.patch) + - CVE-2024-6232-ReDOS-backtrack-tarfile.patch + - CVE-2024-7592-quad-complex-cookies.patch + +------------------------------------------------------------------- +Mon Sep 2 09:44:26 UTC 2024 - Matej Cepl + +- Add gh120226-fix-sendfile-test-kernel-610.patch to avoid + failing test_sendfile_close_peer_in_the_middle_of_receiving + tests on Linux >= 6.10 (GH-120227). + +------------------------------------------------------------------- +Wed Aug 28 16:54:34 UTC 2024 - Matej Cepl + +- Add CVE-2024-8088-inf-loop-zipfile_Path.patch to prevent + malformed payload to cause infinite loops in zipfile.Path + (bsc#1229704, CVE-2024-8088). + +------------------------------------------------------------------- +Wed Aug 7 12:12:42 UTC 2024 - Matej Cepl + +- Add CVE-2024-6923-email-hdr-inject.patch to prevent email + header injection due to unquoted newlines (bsc#1228780, + CVE-2024-6923). +- %{profileopt} variable is set according to the variable + %{do_profiling} (bsc#1227999) + +------------------------------------------------------------------- +Mon Jul 22 21:20:55 UTC 2024 - Matej Cepl + +- Remove %suse_update_desktop_file macro as it is not useful any + more. + +------------------------------------------------------------------- +Thu Jul 18 22:37:07 UTC 2024 - Matej Cepl + +- Adding bso1227999-reproducible-builds.patch fixing bsc#1227999 + adding reproducibility patches from gh#python/cpython!121872 + and gh#python/cpython!121883. + +------------------------------------------------------------------- +Mon Jul 15 12:14:05 UTC 2024 - Matej Cepl + +- Stop using %%defattr, it seems to be breaking proper executable + attributes on /usr/bin/ scripts (bsc#1227378). + +------------------------------------------------------------------- +Tue Jul 2 10:32:58 UTC 2024 - Daniel Garcia + +- Update F00251-change-user-install-location.patch to make pip and + modern tools install directly in /usr/local when used by the user. + bsc#1225660 + +------------------------------------------------------------------- +Tue Jun 25 21:57:40 UTC 2024 - Matej Cepl + +- Add CVE-2024-4032-private-IP-addrs.patch to fix bsc#1226448 + (CVE-2024-4032) rearranging definition of private v global IP + addresses. + +------------------------------------------------------------------- +Wed May 1 08:39:08 UTC 2024 - Matej Cepl + +- Update CVE-2023-52425-libexpat-2.6.0-backport.patch + so that it uses features sniffing, not just + comparing version number. Include also + support-expat-CVE-2022-25236-patched.patch. +- Add CVE-2023-52425-remove-reparse_deferral-tests.patch skipping + failing tests. +- Refresh patches: + - CVE-2023-27043-email-parsing-errors.patch + - fix_configure_rst.patch + - skip_if_buildbot-extend.patch +- Remove included patch: + - support-expat-CVE-2022-25236-patched.patch + +------------------------------------------------------------------- +Mon Apr 15 10:31:32 UTC 2024 - Daniel Garcia + +- Add CVE-2023-52425-libexpat-2.6.0-backport.patch to fix tests with + patched libexpat below 2.6.0 that doesn't update the version number, + just in SLE. + +------------------------------------------------------------------- +Mon Apr 8 05:44:04 UTC 2024 - Daniel Garcia + +- Remove not needed upstream patches: + * libexpat260.patch + * CVE-2023-6597-TempDir-cleaning-symlink.patch, bsc#1219666 + * CVE-2024-0397-memrace_ssl.SSLContext_cert_store.patch + +- Update to 3.11.9: + * Security + - gh-115398: Allow controlling Expat >=2.6.0 reparse deferral + (CVE-2023-52425, bsc#1219559) by adding five new methods: + xml.etree.ElementTree.XMLParser.flush() + xml.etree.ElementTree.XMLPullParser.flush() + xml.parsers.expat.xmlparser.GetReparseDeferralEnabled() + xml.parsers.expat.xmlparser.SetReparseDeferralEnabled() + xml.sax.expatreader.ExpatParser.flush() + - gh-115399: Update bundled libexpat to 2.6.0 + - gh-115243: Fix possible crashes in collections.deque.index() + when the deque is concurrently modified. + - gh-114572: ssl.SSLContext.cert_store_stats() and + ssl.SSLContext.get_ca_certs() now correctly lock access to the + certificate store, when the ssl.SSLContext is shared across + multiple threads (bsc#1226447, CVE-2024-0397). + * Core and Builtins + - gh-116296: Fix possible refleak in object.__reduce__() internal + error handling. + - gh-116034: Fix location of the error on a failed assertion. + - gh-115823: Properly calculate error ranges in the parser when + raising SyntaxError exceptions caused by invalid byte sequences. + Patch by Pablo Galindo + - gh-112087: For an empty reverse iterator for list will be + reduced to reversed(). Patch by Donghee Na. + - gh-115011: Setters for members with an unsigned integer type now + support the same range of valid values for objects that has a + __index__() method as for int. + - gh-96497: Fix incorrect resolution of mangled class variables + used in assignment expressions in comprehensions. + * Library + - gh-117310: Fixed an unlikely early & extra Py_DECREF triggered + crash in ssl when creating a new _ssl._SSLContext if CPython was + built implausibly such that the default cipher list is empty or + the SSL library it was linked against reports a failure from its + C SSL_CTX_set_cipher_list() API. + - gh-117178: Fix regression in lazy loading of self-referential + modules, introduced in gh-114781. + - gh-117084: Fix zipfile extraction for directory entries with the + name containing backslashes on Windows. + - gh-117110: Fix a bug that prevents subclasses of typing.Any to + be instantiated with arguments. Patch by Chris Fu. + - gh-90872: On Windows, subprocess.Popen.wait() no longer calls + WaitForSingleObject() with a negative timeout: pass 0 ms if the + timeout is negative. Patch by Victor Stinner. + - gh-116957: configparser: Don’t leave ConfigParser values in an + invalid state (stored as a list instead of a str) after an + earlier read raised DuplicateSectionError or + DuplicateOptionError. + - gh-90095: Ignore empty lines and comments in .pdbrc + - gh-116764: Restore support of None and other false values in + urllib.parse functions parse_qs() and parse_qsl(). Also, they + now raise a TypeError for non-zero integers and non-empty + sequences. + - gh-116811: In PathFinder.invalidate_caches, delegate to + MetadataPathFinder.invalidate_caches. + - gh-116600: Fix repr() for global Flag members. + - gh-116484: Change automatically generated tkinter.Checkbutton + widget names to avoid collisions with automatically generated + tkinter.ttk.Checkbutton widget names within the same parent + widget. + - gh-116401: Fix blocking os.fwalk() and shutil.rmtree() on + opening named pipe. + - gh-116143: Fix a race in pydoc _start_server, eliminating a + window in which _start_server can return a thread that is + “serving” but without a docserver set. + - gh-116325: typing: raise SyntaxError instead of AttributeError + on forward references as empty strings. + - gh-90535: Fix support of interval values > 1 in + logging.TimedRotatingFileHandler for when='MIDNIGHT' and + when='Wx'. + - gh-115978: Disable preadv(), readv(), pwritev(), and writev() on + WASI. + - Under wasmtime for WASI 0.2, these functions don’t pass + test_posix + (https://github.com/bytecodealliance/wasmtime/issues/7830). + - gh-88352: Fix the computation of the next rollover time in the + logging.TimedRotatingFileHandler handler. computeRollover() now + always returns a timestamp larger than the specified time and + works correctly during the DST change. doRollover() no longer + overwrite the already rolled over file, saving from data loss + when run at midnight or during repeated time at the DST change. + - gh-87115: Set __main__.__spec__ to None when running a script + with pdb + - gh-76511: Fix UnicodeEncodeError in email.Message.as_string() + that results when a message that claims to be in the ascii + character set actually has non-ascii characters. Non-ascii + characters are now replaced with the U+FFFD replacement + character, like in the replace error handler. + - gh-75988: Fixed unittest.mock.create_autospec() to pass the call + through to the wrapped object to return the real result. + - gh-115881: Fix issue where ast.parse() would incorrectly flag + conditional context managers (such as with (x() if y else z()): + ...) as invalid syntax if feature_version=(3, 8) was passed. + This reverts changes to the grammar made as part of gh-94949. + - gh-115886: Fix silent truncation of the name with an embedded + null character in multiprocessing.shared_memory.SharedMemory. + - gh-115809: Improve algorithm for computing which rolled-over log + files to delete in logging.TimedRotatingFileHandler. It is now + reliable for handlers without namer and with arbitrary + deterministic namer that leaves the datetime part in the file + name unmodified. + - gh-74668: urllib.parse functions parse_qs() and parse_qsl() now + support bytes arguments containing raw and percent-encoded + non-ASCII data. + - gh-67044: csv.writer() now always quotes or escapes '\r' and + '\n', regardless of lineterminator value. + - gh-115712: csv.writer() now quotes empty fields if delimiter is + a space and skipinitialspace is true and raises exception if + quoting is not possible. + - gh-115618: Fix improper decreasing the reference count for None + argument in property methods getter(), setter() and deleter(). + - gh-115570: A DeprecationWarning is no longer omitted on access + to the __doc__ attributes of the deprecated typing.io and + typing.re pseudo-modules. + - gh-112006: Fix inspect.unwrap() for types with the __wrapper__ + data descriptor. + - gh-101293: Support callables with the __call__() method and + types with __new__() and __init__() methods set to class + methods, static methods, bound methods, partial functions, and + other types of methods and descriptors in + inspect.Signature.from_callable(). + - gh-115392: Fix a bug in doctest where incorrect line numbers + would be reported for decorated functions. + - gh-114563: Fix several format() bugs when using the C + implementation of Decimal: * memory leak in some rare cases when + using the z format option (coerce negative 0) * incorrect output + when applying the z format option to type F (fixed-point with + capital NAN / INF) * incorrect output when applying the # format + option (alternate form) + - gh-115197: urllib.request no longer resolves the hostname before + checking it against the system’s proxy bypass list on macOS and + Windows. + - gh-115198: Fix support of Docutils >= 0.19 in distutils. + - gh-115165: Most exceptions are now ignored when attempting to + set the __orig_class__ attribute on objects returned when + calling typing generic aliases (including generic aliases + created using typing.Annotated). Previously only AttributeError + was ignored. Patch by Dave Shawley. + - gh-115133: Fix tests for XMLPullParser with Expat 2.6.0. + - gh-115059: io.BufferedRandom.read1() now flushes the underlying + write buffer. + - gh-79382: Trailing ** no longer allows to match files and + non-existing paths in recursive glob(). + - gh-114763: Protect modules loaded with importlib.util.LazyLoader + from race conditions when multiple threads try to access + attributes before the loading is complete. + - gh-97959: Fix rendering class methods, bound methods, method and + function aliases in pydoc. Class methods no longer have “method + of builtins.type instance” note. Corresponding notes are now + added for class and unbound methods. Method and function aliases + now have references to the module or the class where the origin + was defined if it differs from the current. Bound methods are + now listed in the static methods section. Methods of builtin + classes are now supported as well as methods of Python classes. + - gh-112281: Allow creating union of types for typing.Annotated + with unhashable metadata. + - gh-111775: Fix importlib.resources.simple.ResourceHandle.open() + for text mode, added missed stream argument. + - gh-90095: Make .pdbrc and -c work with any valid pdb commands. + - gh-107155: Fix incorrect output of help(x) where x is a lambda + function, which has an __annotations__ dictionary attribute with + a "return" key. + - gh-105866: Fixed _get_slots bug which caused error when defining + dataclasses with slots and a weakref_slot. + - gh-60346: Fix ArgumentParser inconsistent with parse_known_args. + - gh-100985: Update HTTPSConnection to consistently wrap IPv6 + Addresses when using a proxy. + - gh-100884: email: fix misfolding of comma in address-lists over + multiple lines in combination with unicode encoding. + - gh-95782: Fix io.BufferedReader.tell(), + io.BufferedReader.seek(), _pyio.BufferedReader.tell(), + io.BufferedRandom.tell(), io.BufferedRandom.seek() and + _pyio.BufferedRandom.tell() being able to return negative + offsets. + - gh-96310: Fix a traceback in argparse when all options in a + mutually exclusive group are suppressed. + - gh-93205: Fixed a bug in + logging.handlers.TimedRotatingFileHandler where multiple + rotating handler instances pointing to files with the same name + but different extensions would conflict and not delete the + correct files. + - bpo-44865: Add missing call to localization function in + argparse. + - bpo-43952: Fix multiprocessing.connection.Listener.accept() to + accept empty bytes as authkey. Not accepting empty bytes as key + causes it to hang indefinitely. + - bpo-42125: linecache: get module name from __spec__ if + available. This allows getting source code for the __main__ + module when a custom loader is used. + - gh-66543: Make mimetypes.guess_type() properly parsing of URLs + with only a host name, URLs containing fragment or query, and + filenames with only a UNC sharepoint on Windows. Based on patch + by Dong-hee Na. + - bpo-33775: Add ‘default’ and ‘version’ help text for + localization in argparse. + * Documentation + - gh-115399: Document CVE-2023-52425 of Expat <2.6.0 under “XML + vulnerabilities”. + - gh-115233: Fix an example for LoggerAdapter in the Logging + Cookbook. + * Tests + - gh-83434: Disable JUnit XML output (--junit-xml=FILE command + line option) in regrtest when hunting for reference leaks (-R + option). Patch by Victor Stinner. + - gh-117187: Fix XML tests for vanilla Expat <2.6.0. + - gh-115979: Update test_importlib so that it passes under WASI + SDK 21. + - gh-116307: Added import helper isolated_modules as CleanImport + does not remove modules imported during the context. + - gh-115720: Leak tests (-R, --huntrleaks) now show a summary of + the number of leaks found in each iteration. + - gh-115122: Add --bisect option to regrtest test runner: run + failed tests with test.bisect_cmd to identify failing tests. + Patch by Victor Stinner. + - gh-115596: Fix ProgramPriorityTests in test_os permanently + changing the process priority. + - gh-115198: Fix test_check_metadata_deprecate in distutils tests + with a newer Docutils. + * Build + - gh-116313: Get WASI builds to work under wasmtime 18 w/ WASI + 0.2/preview2 primitives. + - gh-115167: Avoid vendoring vcruntime140_threads.dll when + building with Visual Studio 2022 version 17.8. + * Windows + - gh-116773: Fix instances of <_overlapped.Overlapped object at + 0xXXX> still has pending operation at deallocation, the process + may crash. + - gh-91227: Fix the asyncio ProactorEventLoop implementation so + that sending a datagram to an address that is not listening does + not prevent receiving any more datagrams. + - gh-115554: The installer now has more strict rules about + updating the Python Launcher for Windows. In general, most users + only have a single launcher installed and will see no + difference. When multiple launchers have been installed, the + option to install the launcher is disabled until all but one + have been removed. Downgrading the launcher (which was never + allowed) is now more obviously blocked. + - gh-115543: Python Launcher for Windows can now detect Python + 3.13 when installed from the Microsoft Store, and will install + Python 3.12 by default when PYLAUNCHER_ALLOW_INSTALL is set. + - gh-115009: Update Windows installer to use SQLite 3.45.1. + * IDLE + - gh-88516: On macOS show a proxy icon in the title bar of editor + windows to match platform behaviour. + * Tools/Demos + - gh-113516: Don’t set LDSHARED when building for WASI. + * C API + - gh-117021: Fix integer overflow in PyLong_AsPid() on non-Windows + 64-bit platforms. + +------------------------------------------------------------------- +Sun Mar 24 07:51:45 UTC 2024 - Matej Cepl + +- Add reference to CVE-2024-0450 (bsc#1221854) to changelog. + +------------------------------------------------------------------- +Fri Mar 22 21:22:27 UTC 2024 - Matej Cepl + +- Because of bsc#1189495 we have to revert use of %autopatch. + +------------------------------------------------------------------- +Tue Mar 12 08:44:47 UTC 2024 - Matej Cepl + +- Rewrite %prep to use %autosetup et al. for compatibility with + rpm 4.20. + +------------------------------------------------------------------- +Tue Mar 12 08:13:34 UTC 2024 - Matej Cepl + +- bsc#1221260 add bsc1221260-test_asyncio-ResourceWarning.patch + to eliminate ResourceWarning which broke the test suite in + test_asyncio. + +------------------------------------------------------------------- +Wed Mar 6 14:13:58 UTC 2024 - Pedro Monreal + +- Use the system-wide crypto-policies [bsc#1211301] + * Use the system default cipher list instead of hardcoded values + * Add the --with-ssl-default-suites=openssl configure option + +------------------------------------------------------------------- +Fri Feb 23 01:06:42 UTC 2024 - Matej Cepl + +- (bsc#1219666, CVE-2023-6597) Add + CVE-2023-6597-TempDir-cleaning-symlink.patch (patch from + gh#python/cpython!99930) fixing symlink bug in cleanup of + tempfile.TemporaryDirectory. + +------------------------------------------------------------------- +Tue Feb 20 22:14:02 UTC 2024 - Matej Cepl + +- Remove double definition of /usr/bin/idle%%{version} in + %%files. + +------------------------------------------------------------------- +Thu Feb 15 10:29:07 UTC 2024 - Daniel Garcia + +- Add upstream patch libexpat260.patch, Fix tests for XMLPullParser + with Expat 2.6.0, gh#python/cpython#115289 + +------------------------------------------------------------------- +Thu Feb 8 07:27:40 UTC 2024 - Daniel Garcia + +- Update to 3.11.8: + - Security + - gh-113659: Skip .pth files with names starting with a dot or + hidden file attribute. + - Core and Builtins + - gh-114887: Changed socket type validation in + create_datagram_endpoint() to accept all non-stream sockets. + This fixes a regression in compatibility with raw sockets. + - gh-114388: Fix a RuntimeWarning emitted when assign an + integer-like value that is not an instance of int to an + attribute that corresponds to a C struct member of type T_UINT + and T_ULONG. Fix a double RuntimeWarning emitted when assign a + negative integer value to an attribute that corresponds to a C + struct member of type T_UINT. + - gh-89811: Check for a valid tp_version_tag before performing + bytecode specializations that rely on this value being usable. + - gh-113602: Fix an error that was causing the parser to try to + overwrite existing errors and crashing in the process. Patch by + Pablo Galindo + - gh-113566: Fix a 3.11-specific crash when the repr of a Future + is requested after the module has already been + garbage-collected. + - gh-106905: Use per AST-parser state rather than global state to + track recursion depth within the AST parser to prevent potential + race condition due to simultaneous parsing. + - The issue primarily showed up in 3.11 by multithreaded users of + ast.parse(). In 3.12 a change to when garbage collection can be + triggered prevented the race condition from occurring. + - gh-112716: Fix SystemError in the import statement and in + __reduce__() methods of builtin types when __builtins__ is not a + dict. + - gh-105967: Workaround a bug in Apple’s macOS platform zlib + library where zlib.crc32() and binascii.crc32() could produce + incorrect results on multi-gigabyte inputs. Including when using + zipfile on zips containing large data. + - gh-94606: Fix UnicodeEncodeError when + email.message.get_payload() reads a message with a Unicode + surrogate character and the message content is not well-formed + for surrogateescape encoding. Patch by Sidney Markowitz. + - Library + - gh-114965: Update bundled pip to 24.0 + - gh-114959: tarfile no longer ignores errors when trying to + extract a directory on top of a file. + - gh-109475: Fix support of explicit option value “–” in argparse + (e.g. --option=--). + - gh-110190: Fix ctypes structs with array on Windows ARM64 + platform by setting MAX_STRUCT_SIZE to 32 in stgdict. Patch by + Diego Russo + - gh-113280: Fix a leak of open socket in rare cases when error + occurred in ssl.SSLSocket creation. + - gh-77749: email.policy.EmailPolicy.fold() now always encodes + non-ASCII characters in headers if utf8 is false. + - gh-114492: Make the result of termios.tcgetattr() reproducible + on Alpine Linux. Previously it could leave a random garbage in + some fields. + - gh-75128: Ignore an OSError in + asyncio.BaseEventLoop.create_server() when IPv6 is available but + the interface cannot actually support it. + - gh-114257: Dismiss the FileNotFound error in + ctypes.util.find_library() and just return None on Linux. + - gh-101438: Avoid reference cycle in ElementTree.iterparse. The + iterator returned by ElementTree.iterparse may hold on to a file + descriptor. The reference cycle prevented prompt clean-up of the + file descriptor if the returned iterator was not exhausted. + - gh-104522: OSError raised when run a subprocess now only has + filename attribute set to cwd if the error was caused by a + failed attempt to change the current directory. + - gh-109534: Fix a reference leak in + asyncio.selector_events.BaseSelectorEventLoop when SSL + handshakes fail. Patch contributed by Jamie Phan. + - gh-114077: Fix possible OverflowError in + socket.socket.sendfile() when pass count larger than 2 GiB on + 32-bit platform. + - gh-114014: Fixed a bug in fractions.Fraction where an invalid + string using d in the decimals part creates a different error + compared to other invalid letters/characters. Patch by Jeremiah + Gabriel Pascual. + - gh-113951: Fix the behavior of tag_unbind() methods of + tkinter.Text and tkinter.Canvas classes with three arguments. + Previously, widget.tag_unbind(tag, sequence, funcid) destroyed + the current binding for sequence, leaving sequence unbound, and + deleted the funcid command. Now it removes only funcid from the + binding for sequence, keeping other commands, and deletes the + funcid command. It leaves sequence unbound only if funcid was + the last bound command. + - gh-113877: Fix tkinter method winfo_pathname() on 64-bit + Windows. + - gh-113781: Silence unraisable AttributeError when warnings are + emitted during Python finalization. + - gh-113594: Fix UnicodeEncodeError in email when re-fold lines + that contain unknown-8bit encoded part followed by + non-unknown-8bit encoded part. + - gh-113538: In asyncio.StreamReaderProtocol.connection_made(), + there is callback that logs an error if the task wrapping the + “connected callback” fails. This callback would itself fail if + the task was cancelled. Prevent this by checking whether the + task was cancelled first. If so, close the transport but don’t + log an error. + - gh-85567: Fix resource warnings for unclosed files in pickle and + pickletools command line interfaces. + - gh-101225: Increase the backlog for + multiprocessing.connection.Listener objects created by + multiprocessing.manager and multiprocessing.resource_sharer to + significantly reduce the risk of getting a connection refused + error when creating a multiprocessing.connection.Connection to + them. + - gh-113543: Make sure that webbrowser.MacOSXOSAScript sends + webbrowser.open audit event. + - gh-113028: When a second reference to a string appears in the + input to pickle, and the Python implementation is in use, we are + guaranteed that a single copy gets pickled and a single object + is shared when reloaded. Previously, in protocol 0, when a + string contained certain characters (e.g. newline) it resulted + in duplicate objects. + - gh-113421: Fix multiprocessing logger for %(filename)s. + - gh-113358: Fix rendering tracebacks for exceptions with a broken + __getattr__. + - gh-113214: Fix an AttributeError during asyncio SSL protocol + aborts in SSL-over-SSL scenarios. + - gh-113246: Update bundled pip to 23.3.2. + - gh-113199: Make http.client.HTTPResponse.read1 and + http.client.HTTPResponse.readline close IO after reading all + data when content length is known. Patch by Illia Volochii. + - gh-113188: Fix shutil.copymode() and shutil.copystat() on + Windows. Previously they worked differenly if dst is a symbolic + link: they modified the permission bits of dst itself rather + than the file it points to if follow_symlinks is true or src is + not a symbolic link, and did not modify the permission bits if + follow_symlinks is false and src is a symbolic link. + - gh-61648: Detect line numbers of properties in doctests. + - gh-112559: signal.signal() and signal.getsignal() no longer call + repr on callable handlers. asyncio.run() and + asyncio.Runner.run() no longer call repr on the task results. + Patch by Yilei Yang. + - gh-110190: Fix ctypes structs with array on PPC64LE platform by + setting MAX_STRUCT_SIZE to 64 in stgdict. Patch by Diego Russo. + - gh-79429: Ignore FileNotFoundError when remove a temporary + directory in the multiprocessing finalizer. + - gh-79325: Fix an infinite recursion error in + tempfile.TemporaryDirectory() cleanup on Windows. + - gh-110190: Fix ctypes structs with array on Arm platform by + setting MAX_STRUCT_SIZE to 32 in stgdict. Patch by Diego Russo. + - gh-81194: Fix a crash in socket.if_indextoname() with specific + value (UINT_MAX). Fix an integer overflow in + socket.if_indextoname() on 64-bit non-Windows platforms. + - gh-75666: Fix the behavior of tkinter widget’s unbind() method + with two arguments. Previously, widget.unbind(sequence, funcid) + destroyed the current binding for sequence, leaving sequence + unbound, and deleted the funcid command. Now it removes only + funcid from the binding for sequence, keeping other commands, + and deletes the funcid command. It leaves sequence unbound only + if funcid was the last bound command. + - gh-110345: Show the Tcl/Tk patchlevel (rather than version) in + tkinter._test(). + - gh-109858: Protect zipfile from “quoted-overlap” zipbomb. It now + raises BadZipFile when try to read an entry that overlaps with + other entry or central directory (bsc#1221854, CVE-2024-0450). + - gh-38807: Fix race condition in trace. Instead of checking if a + directory exists and creating it, directly call os.makedirs() + with the kwarg exist_ok=True. + - gh-75705: Set unixfrom envelope in mailbox.mbox and + mailbox.MMDF. + - gh-105102: Allow ctypes.Union to be nested in ctypes.Structure + when the system endianness is the opposite of the classes. + - gh-104282: Fix null pointer dereference in + lzma._decode_filter_properties() due to improper handling of BCJ + filters with properties of zero length. Patch by Radislav + Chugunov. + - gh-102512: When os.fork() is called from a foreign thread (aka + _DummyThread), the type of the thread in a child process is + changed to _MainThread. Also changed its name and daemonic + status, it can be now joined. + - gh-91133: Fix a bug in tempfile.TemporaryDirectory cleanup, + which now no longer dereferences symlinks when working around + file system permission errors. + - bpo-43153: On Windows, tempfile.TemporaryDirectory previously + masked a PermissionError with NotADirectoryError during + directory cleanup. It now correctly raises PermissionError if + errors are not ignored. Patch by Andrei Kulakov and Ken Jin. + - bpo-35332: The shutil.rmtree() function now ignores errors when + calling os.close() when ignore_errors is True, and os.close() no + longer retried after error. + - bpo-35928: io.TextIOWrapper now correctly handles the decoding + buffer after read() and write(). + - bpo-26791: shutil.move() now moves a symlink into a directory + when that directory is the target of the symlink. This provides + the same behavior as the mv shell command. The previous behavior + raised an exception. Patch by Jeffrey Kintscher. + - bpo-36959: Fix some error messages for invalid ISO format string + combinations in strptime() that referred to directives not + contained in the format string. Patch by Gordon P. Hemsley. + - bpo-18060: Fixed a class inheritance issue that can cause + segfaults when deriving two or more levels of subclasses from a + base class of Structure or Union. + - Documentation + - gh-110746: Improved markup for valid options/values for methods + ttk.treeview.column and ttk.treeview.heading, and for Layouts. + - gh-95649: Document that the asyncio module contains code taken + from v0.16.0 of the uvloop project, as well as the required MIT + licensing information. + - Tests + - gh-109980: Fix test_tarfile_vs_tar in test_shutil for macOS, + where system tar can include more information in the archive + than shutil.make_archive. + - gh-112769: The tests now correctly compare zlib version when + zlib.ZLIB_RUNTIME_VERSION contains non-integer suffixes. For + example zlib-ng defines the version as 1.3.0.zlib-ng. + - gh-105089: Fix + test.test_zipfile.test_core.TestWithDirectory.test_create_directory_with_write + test in AIX by doing a bitwise AND of 0xFFFF on mode , so that + it will be in sync with zinfo.external_attr + - bpo-40648: Test modes that file can get with chmod() on Windows. + - Build + - gh-101778: Fix build error when there’s a dangling symlink in + the directory containing ffi.h. + - gh-112305: Fixed the check-clean-src step performed on out of + tree builds to detect errant $(srcdir)/Python/frozen_modules/*.h + files and recommend appropriate source tree cleanup steps to get + a working build again. + - bpo-11102: The os.major(), os.makedev(), and os.minor() + functions are now available on HP-UX v3. + - bpo-36351: Do not set ipv6type when cross-compiling. + - IDLE + - gh-96905: In idlelib code, stop redefining built-ins ‘dict’ and + ‘object’. + - gh-72284: Improve the lists of features, editor key bindings, + and shell key bingings in the IDLE doc. + - gh-113903: Fix rare failure of test.test_idle, in + test_configdialog. + - gh-113729: Fix the “Help -> IDLE Doc” menu bug in 3.11.7 and + 3.12.1. + - gh-113269: Fix test_editor hang on macOS Catalina. + - gh-112898: Fix processing unsaved files when quitting IDLE on + macOS. + - gh-103820: Revise IDLE bindings so that events from mouse button + 4/5 on non-X11 windowing systems (i.e. Win32 and Aqua) are not + mistaken for scrolling. + - bpo-13586: Enter the selected text when opening the “Replace” + dialog. + - Tools/Demos + - gh-109991: Update GitHub CI workflows to use OpenSSL 3.0.13 and + multissltests to use 1.1.1w, 3.0.13, 3.1.5, and 3.2.1. + - gh-115015: Fix a bug in Argument Clinic that generated incorrect + code for methods with no parameters that use the METH_METHOD | + METH_FASTCALL | METH_KEYWORDS calling convention. Only the + positional parameter count was checked; any keyword argument + passed would be silently accepted. +- Remove upstreamed patches: + - CVE-2024-0450-zipfile-avoid-quoted-overlap-zipbomb.patch +- Refresh all patches: + - CVE-2023-27043-email-parsing-errors.patch + - F00251-change-user-install-location.patch + - bpo-31046_ensurepip_honours_prefix.patch + - distutils-reproducible-compile.patch + - fix_configure_rst.patch + - python-3.3.0b1-fix_date_time_compiler.patch + - python-3.3.0b1-localpath.patch + - python-3.3.0b1-test-posix_fadvise.patch + - skip_if_buildbot-extend.patch + - subprocess-raise-timeout.patch + - support-expat-CVE-2022-25236-patched.patch + +------------------------------------------------------------------- +Tue Dec 19 16:34:50 UTC 2023 - Daniel Garcia + +- Update patch fix_configure_rst.patch +- Update to 3.11.7: + - Core and Builtins + - gh-112625: Fixes a bug where a bytearray object could be cleared + while iterating over an argument in the bytearray.join() method + that could result in reading memory after it was freed. + - gh-112388: Fix an error that was causing the parser to try to + overwrite tokenizer errors. Patch by pablo Galindo + - gh-112387: Fix error positions for decoded strings with + backwards tokenize errors. Patch by Pablo Galindo + - gh-112266: Change docstrings of __dict__ and __weakref__. + - gh-109181: Speed up Traceback object creation by lazily compute + the line number. Patch by Pablo Galindo + - gh-102388: Fix a bug where iso2022_jp_3 and iso2022_jp_2004 + codecs read out of bounds + - gh-111366: Fix an issue in the codeop that was causing + SyntaxError exceptions raised in the presence of invalid syntax + to not contain precise error messages. Patch by Pablo Galindo + - gh-111380: Fix a bug that was causing SyntaxWarning to appear + twice when parsing if invalid syntax is encountered later. Patch + by Pablo galindo + - gh-88116: Traceback location ranges involving wide unicode + characters (like emoji and asian characters) now are properly + highlighted. Patch by Batuhan Taskaya and Pablo Galindo. + - gh-94438: Fix a regression that prevented jumping across is None + and is not None when debugging. Patch by Savannah Ostrowski. + - gh-110696: Fix incorrect error message for invalid argument + unpacking. Patch by Pablo Galindo + - gh-110237: Fix missing error checks for calls to PyList_Append + in _PyEval_MatchClass. + - gh-109216: Fix possible memory leak in BUILD_MAP. + + - Library + - gh-112618: Fix a caching bug relating to typing.Annotated. + Annotated[str, True] is no longer identical to Annotated[str, + 1]. + - gh-112509: Fix edge cases that could cause a key to be present + in both the __required_keys__ and __optional_keys__ attributes + of a typing.TypedDict. Patch by Jelle Zijlstra. + - gh-94722: Fix bug where comparison between instances of DocTest + fails if one of them has None as its lineno. + - gh-112105: Make readline.set_completer_delims() work with + libedit + - gh-111942: Fix SystemError in the TextIOWrapper constructor with + non-encodable “errors” argument in non-debug mode. + - gh-109538: Issue warning message instead of having RuntimeError + be displayed when event loop has already been closed at + StreamWriter.__del__(). + - gh-111942: Fix crashes in io.TextIOWrapper.reconfigure() when + pass invalid arguments, e.g. non-string encoding. + - gh-111804: Remove posix.fallocate() under WASI as the underlying + posix_fallocate() is not available in WASI preview2. + - gh-111841: Fix truncating arguments on an embedded null + character in os.putenv() and os.unsetenv() on Windows. + - gh-111541: Fix doctest for SyntaxError not-builtin subclasses. + - gh-110894: Call loop exception handler for exceptions in + client_connected_cb of asyncio.start_server() so that + applications can handle it. Patch by Kumar Aditya. + - gh-111531: Fix reference leaks in bind_class() and bind_all() + methods of tkinter widgets. + - gh-111356: Added io.text_encoding(), io.DEFAULT_BUFFER_SIZE, and + io.IncrementalNewlineDecoder to io.__all__. + - gh-68166: Remove mention of not supported “vsapi” element type + in tkinter.ttk.Style.element_create(). Add tests for + element_create() and other ttk.Style methods. Add examples for + element_create() in the documentation. + - gh-111251: Fix _blake2 not checking for errors when + initializing. + - gh-111174: Fix crash in io.BytesIO.getbuffer() called repeatedly + for empty BytesIO. + - gh-111187: Postpone removal version for + locale.getdefaultlocale() to Python 3.15. + - gh-111159: Fix doctest output comparison for exceptions with + notes. + - gh-110910: Fix invalid state handling in asyncio.TaskGroup and + asyncio.Timeout. They now raise proper RuntimeError if they are + improperly used and are left in consistent state after this. + - gh-111092: Make turtledemo run without default root enabled. + - gh-110590: Fix a bug in _sre.compile() where TypeError would be + overwritten by OverflowError when the code argument was a list + of non-ints. + - gh-65052: Prevent pdb from crashing when trying to display + undisplayable objects + - gh-110519: Deprecation warning about non-integer number in + gettext now alwais refers to the line in the user code where + gettext function or method is used. Previously it could refer to + a line in gettext code. + - gh-110378: contextmanager() and asynccontextmanager() context + managers now close an invalid underlying generator object that + yields more then one value. + - gh-110365: Fix termios.tcsetattr() bug that was overwritting + existing errors during parsing integers from term list. + - gh-110196: Add __reduce__ method to IPv6Address in order to keep + scope_id + - gh-109747: Improve errors for unsupported look-behind patterns. + Now re.error is raised instead of OverflowError or RuntimeError + for too large width of look-behind pattern. + - gh-109786: Fix possible reference leaks and crash when re-enter + the __next__() method of itertools.pairwise. + - gh-108791: Improved error handling in pdb command line + interface, making it produce more concise error messages. + - gh-73561: Omit the interface scope from an IPv6 address when + used as Host header by http.client. + - gh-86826: zipinfo now supports the full range of values in the + TZ string determined by RFC 8536 and detects all invalid + formats. Both Python and C implementations now raise exceptions + of the same type on invalid data. + - bpo-41422: Fixed memory leaks of pickle.Pickler and + pickle.Unpickler involving cyclic references via the internal + memo mapping. + - bpo-40262: The ssl.SSLSocket.recv_into() method no longer + requires the buffer argument to implement __len__ and supports + buffers with arbitrary item size. + - bpo-35191: Fix unexpected integer truncation in + socket.setblocking() which caused it to interpret multiples of + 2**32 as False. + + - Documentation + - gh-108826: dis module command-line interface is now mentioned in + documentation. + + - Tests + - gh-110367: Make regrtest --verbose3 option compatible with + --huntrleaks -jN options. The ./python -m test -j1 -R 3:3 + --verbose3 command now works as expected. Patch by Victor + Stinner. + - gh-111309: distutils tests can now be run via unittest. + - gh-111165: Remove no longer used functions run_unittest() and + run_doctest() and class BasicTestRunner from the test.support + module. + - gh-110932: Fix regrtest if the SOURCE_DATE_EPOCH environment + variable is defined: use the variable value as the random seed. + Patch by Victor Stinner. + - gh-110995: test_gdb: Fix detection of gdb built without Python + scripting support. Patch by Victor Stinner. + - gh-110918: Test case matching patterns specified by options + --match, --ignore, --matchfile and --ignorefile are now tested + in the order of specification, and the last match determines + whether the test case be run or ignored. + - gh-110647: Fix test_stress_modifying_handlers() of test_signal. + Patch by Victor Stinner. + - gh-103053: Fix test_tools.test_freeze on FreeBSD: run “make + distclean” instead of “make clean” in the copied source + directory to remove also the “python” program. Patch by Victor + Stinner. + - gh-110167: Fix a deadlock in test_socket when server fails with + a timeout but the client is still running in its thread. Don’t + hold a lock to call cleanup functions in doCleanups(). One of + the cleanup function waits until the client completes, whereas + the client could deadlock if it called addCleanup() in such + situation. Patch by Victor Stinner. + - gh-110388: Add tests for tty. + - gh-81002: Add tests for termios. + - gh-110267: Add tests for pickling and copying PyStructSequence + objects. Patched by Xuehai Pan. + - gh-109974: Fix race conditions in test_threading lock tests. + Wait until a condition is met rather than using time.sleep() + with a hardcoded number of seconds. Patch by Victor Stinner. + - gh-109972: Split test_gdb.py file into a test_gdb package made + of multiple tests, so tests can now be run in parallel. Patch by + Victor Stinner. + - gh-104736: Fix test_gdb on Python built with LLVM clang 16 on + Linux ppc64le (ex: Fedora 38). Search patterns in gdb “bt” + command output to detect when gdb fails to retrieve the + traceback. For example, skip a test if Backtrace stopped: frame + did not save the PC is found. Patch by Victor Stinner. + - gh-108927: Fixed order dependence in running tests in the same + process when a test that has submodules (e.g. test_importlib) + follows a test that imports its submodule (e.g. + test_importlib.util) and precedes a test (e.g. test_unittest or + test_compileall) that uses that submodule. + + - Build + - gh-103053: “make check-clean-src” now also checks if the + “python” program is found in the source directory: fail with an + error if it does exist. Patch by Victor Stinner. + - gh-109191: Fix compile error when building with recent versions + of libedit. + + - IDLE + - bpo-35668: Add docstrings to the IDLE debugger module. Fix two + bugs: initialize Idb.botframe (should be in Bdb); in + Idb.in_rpc_code, check whether prev_frame is None before trying + to use it. Greatly expand test_debugger. + + - C API + - gh-112438: Fix support of format units “es”, “et”, “es#”, and + “et#” in nested tuples in PyArg_ParseTuple()-like functions. + - gh-109521: PyImport_GetImporter() now sets RuntimeError if it + fails to get sys.path_hooks or sys.path_importer_cache or they + are not list and dict correspondingly. Previously it could + return NULL without setting error in obscure cases, crash or + raise SystemError if these attributes have wrong type. +------------------------------------------------------------------- +Mon Dec 18 16:20:58 UTC 2023 - Matej Cepl + +- Refresh CVE-2023-27043-email-parsing-errors.patch to + gh#python/cpython!111116, fixing bsc#1210638 (CVE-2023-27043). +- Thus we can remove Revert-gh105127-left-tests.patch, which is + now useless. + +------------------------------------------------------------------- +Wed Nov 15 09:06:16 UTC 2023 - Daniel Garcia + +- Remove not needed patch 103213-fetch-CONFIG_ARGS.patch +- Refresh patches: + - bpo-31046_ensurepip_honours_prefix.patch + - fix_configure_rst.patch + +- Update to 3.11.6: + - Core and Builtins + - gh-109351: Fix crash when compiling an invalid AST involving a + named (walrus) expression. + - gh-109207: Fix a SystemError in __repr__ of symtable entry + object. + - gh-109179: Fix bug where the C traceback display drops notes + from SyntaxError. + - gh-88943: Improve syntax error for non-ASCII character that + follows a numerical literal. It now points on the invalid + non-ASCII character, not on the valid numerical literal. + - gh-108959: Fix caret placement for error locations for subscript + and binary operations that involve non-semantic parentheses and + spaces. Patch by Pablo Galindo + - gh-108520: Fix + multiprocessing.synchronize.SemLock.__setstate__() to properly + initialize multiprocessing.synchronize.SemLock._is_fork_ctx. + This fixes a regression when passing a SemLock accross nested + processes. + - Rename multiprocessing.synchronize.SemLock.is_fork_ctx to + multiprocessing.synchronize.SemLock._is_fork_ctx to avoid + exposing it as public API. + - Library + - gh-110036: On Windows, multiprocessing Popen.terminate() now + catchs PermissionError and get the process exit code. If the + process is still running, raise again the PermissionError. + Otherwise, the process terminated as expected: store its exit + code. Patch by Victor Stinner. + - gh-110038: Fixed an issue that caused KqueueSelector.select() to + not return all the ready events in some cases when a file + descriptor is registered for both read and write. + - gh-109631: re functions such as re.findall(), re.split(), + re.search() and re.sub() which perform short repeated matches + can now be interrupted by user. + - gh-109593: Avoid deadlocking on a reentrant call to the + multiprocessing resource tracker. Such a reentrant call, though + unlikely, can happen if a GC pass invokes the finalizer for a + multiprocessing object such as SemLock. + - gh-109613: Fix os.stat() and os.DirEntry.stat(): check for + exceptions. Previously, on Python built in debug mode, these + functions could trigger a fatal Python error (and abort the + process) when a function succeeded with an exception set. Patch + by Victor Stinner. + - gh-109375: The pdb alias command now prevents registering + aliases without arguments. + - gh-107219: Fix a race condition in concurrent.futures. When a + process in the process pool was terminated abruptly (while the + future was running or pending), close the connection write end. + If the call queue is blocked on sending bytes to a worker + process, closing the connection write end interrupts the send, + so the queue can be closed. Patch by Victor Stinner. + - gh-50644: Attempts to pickle or create a shallow or deep copy of + codecs streams now raise a TypeError. Previously, copying failed + with a RecursionError, while pickling produced wrong results + that eventually caused unpickling to fail with a RecursionError. + - gh-108987: Fix _thread.start_new_thread() race condition. If a + thread is created during Python finalization, the newly spawned + thread now exits immediately instead of trying to access freed + memory and lead to a crash. Patch by Victor Stinner. + - gh-108843: Fix an issue in ast.unparse() when unparsing + f-strings containing many quote types. + - gh-108682: Enum: raise TypeError if super().__new__() is called + from a custom __new__. + - gh-105829: Fix concurrent.futures.ProcessPoolExecutor deadlock + - gh-64662: Fix support for virtual tables in + sqlite3.Connection.iterdump(). Patch by Aviv Palivoda. + - gh-107913: Fix possible losses of errno and winerror values in + OSError exceptions if they were cleared or modified by the + cleanup code before creating the exception object. + - gh-104372: On Linux where subprocess can use the vfork() syscall + for faster spawning, prevent the parent process from blocking + other threads by dropping the GIL while it waits for the + vfork’ed child process exec() outcome. This prevents spawning a + binary from a slow filesystem from blocking the rest of the + application. + - gh-84867: unittest.TestLoader no longer loads test cases from + exact unittest.TestCase and unittest.FunctionTestCase classes. + - Documentation + - gh-109209: The minimum Sphinx version required for the + documentation is now 4.2. + - gh-105052: Update timeit doc to specify that time in seconds is + just the default. + - gh-102823: Document the return type of x // y when x and y have + type float. + - Tests + - gh-110031: Skip test_threading tests using thread+fork if Python + is built with Address Sanitizer (ASAN). Patch by Victor Stinner. + - gh-110088: Fix test_asyncio timeouts: don’t measure the maximum + duration, a test should not measure a CI performance. Only + measure the minimum duration when a task has a timeout or delay. + Add CLOCK_RES to test_asyncio.utils. Patch by Victor Stinner. + - gh-110033: Fix test_interprocess_signal() of test_signal. Make + sure that the subprocess.Popen object is deleted before the test + raising an exception in a signal handler. Otherwise, + Popen.__del__() can get the exception which is logged as + Exception ignored in: ... and the test fails. Patch by Victor + Stinner. + - gh-109594: Fix test_timeout() of + test_concurrent_futures.test_wait. Remove the future which may + or may not complete depending if it takes longer than the + timeout ot not. Keep the second future which does not complete + before wait() timeout. Patch by Victor Stinner. + - gh-109748: Fix test_zippath_from_non_installed_posix() of + test_venv: don’t copy __pycache__/ sub-directories, because they + can be modified by other Python tests running in parallel. Patch + by Victor Stinner. + - gh-103053: Skip test_freeze_simple_script() of + test_tools.test_freeze if Python is built with ./configure + --enable-optimizations, which means with Profile Guided + Optimization (PGO): it just makes the test too slow. The freeze + tool is tested by many other CIs with other (faster) compiler + flags. Patch by Victor Stinner. + - gh-109396: Fix test_socket.test_hmac_sha1() in FIPS mode. Use a + longer key: FIPS mode requires at least of at least 112 bits. + The previous key was only 32 bits. Patch by Victor Stinner. + - gh-104736: Fix test_gdb on Python built with LLVM clang 16 on + Linux ppc64le (ex: Fedora 38). Search patterns in gdb “bt” + command output to detect when gdb fails to retrieve the + traceback. For example, skip a test if Backtrace stopped: frame + did not save the PC is found. Patch by Victor Stinner. + - gh-109237: Fix test_site.test_underpth_basic() when the working + directory contains at least one non-ASCII character: encode the + ._pth file to UTF-8 and enable the UTF-8 Mode to use UTF-8 for + the child process stdout. Patch by Victor Stinner. + - gh-109230: Fix test_pyexpat.test_exception(): it can now be run + from a directory different than Python source code directory. + Before, the test failed in this case. Skip the test if + Modules/pyexpat.c source is not available. Skip also the test on + Python implementations other than CPython. Patch by Victor + Stinner. + - gh-109015: Fix test_asyncio, test_imaplib and test_socket tests + on FreeBSD if the TCP blackhole is enabled (sysctl + net.inet.tcp.blackhole). Skip the few tests which failed with + ETIMEDOUT which such non standard configuration. Currently, the + FreeBSD GCP image enables TCP and UDP blackhole (sysctl + net.inet.tcp.blackhole=2 and sysctl net.inet.udp.blackhole=1). + Patch by Victor Stinner. + - gh-91960: Skip test_gdb if gdb is unable to retrieve Python + frame objects: if a frame is . When Python is + built with “clang -Og”, gdb can fail to retrive the frame + parameter of _PyEval_EvalFrameDefault(). In this case, tests + like py_bt() are likely to fail. Without getting access to + Python frames, python-gdb.py is mostly clueless on retrieving + the Python traceback. Moreover, test_gdb is no longer skipped on + macOS if Python is built with Clang. Patch by Victor Stinner. + - gh-108962: Skip test_tempfile.test_flags() if chflags() fails + with “OSError: [Errno 45] Operation not supported” (ex: on + FreeBSD 13). Patch by Victor Stinner. + - gh-89392: Removed support of test_main() function in tests. They + now always use normal unittest test runner. + - gh-108851: Fix test_tomllib recursion tests for WASI buildbots: + reduce the recursion limit and compute the maximum nested + array/dict depending on the current available recursion limit. + Patch by Victor Stinner. + - gh-108851: Add get_recursion_available() and + get_recursion_depth() functions to the test.support module. + Patch by Victor Stinner. + - gh-108822: regrtest now computes statistics on all tests: + successes, failures and skipped. test_netrc, test_pep646_syntax + and test_xml_etree now return results in their test_main() + function. Patch by Victor Stinner and Alex Waygood. + - gh-108388: Convert test_concurrent_futures to a package of 7 + sub-tests. Patch by Victor Stinner. + - gh-108388: Split test_multiprocessing_fork, + test_multiprocessing_forkserver and test_multiprocessing_spawn + into test packages. Each package is made of 4 sub-tests: + processes, threads, manager and misc. It allows running more + tests in parallel and so reduce the total test duration. Patch + by Victor Stinner. + - gh-101634: When running the Python test suite with -jN option, + if a worker stdout cannot be decoded from the locale encoding + report a failed testn so the exitcode is non-zero. Patch by + Victor Stinner. + - gh-100086: The Python test runner (libregrtest) now logs Python + build information like “debug” vs “release” build, or LTO and + PGO optimizations. Patch by Victor Stinner. + - gh-98903: The Python test suite now fails wit exit code 4 if no + tests ran. It should help detecting typos in test names and test + methods. + - gh-95027: On Windows, when the Python test suite is run with the + -jN option, the ANSI code page is now used as the encoding for + the stdout temporary file, rather than using UTF-8 which can + lead to decoding errors. Patch by Victor Stinner. + - gh-93353: regrtest now checks if a test leaks temporary files or + directories if run with -jN option. Patch by Victor Stinner. + - Build + - gh-63760: Fix Solaris build: no longer redefine the + gethostname() function. Solaris defines the function since 2005. + Patch by Victor Stinner, original patch by Jakub Kulík. + - gh-108740: Fix a race condition in make regen-all. The + deepfreeze.c source and files generated by Argument Clinic are + now generated or updated before generating “global objects”. + Previously, some identifiers may miss depending on the order in + which these files were generated. Patch by Victor Stinner. + - Windows + - gh-109991: Update Windows build to use OpenSSL 3.0.11. + - gh-107565: Update Windows build to use OpenSSL 3.0.10. + - macOS + - gh-109991: Update macOS installer to use OpenSSL 3.0.11. + - Tools/Demos + - gh-109991: Update GitHub CI workflows to use OpenSSL 3.0.11 and + multissltests to use 1.1.1w, 3.0.11, and 3.1.3. + +------------------------------------------------------------------- +Wed Sep 6 07:52:11 UTC 2023 - Daniel Garcia + +- Update to 3.11.5 (bsc#1214692): + - Security + - gh-108310: Fixed an issue where instances of ssl.SSLSocket were + vulnerable to a bypass of the TLS handshake and included + protections (like certificate verification) and treating sent + unencrypted data as if it were post-handshake TLS encrypted data. + Security issue reported as CVE-2023-40217 by Aapo Oksman. Patch by + Gregory P. Smith. + - Core and Builtins + - gh-104432: Fix potential unaligned memory access on C APIs + involving returned sequences of char * pointers within the grp + and socket modules. These were revealed using a + -fsaniziter=alignment build on ARM macOS. Patch by Christopher + Chavez. + - gh-77377: Ensure that multiprocessing synchronization objects + created in a fork context are not sent to a different process + created in a spawn context. This changes a segfault into an + actionable RuntimeError in the parent process. + - gh-106092: Fix a segmentation fault caused by a use-after-free + bug in frame_dealloc when the trashcan delays the deallocation + of a PyFrameObject. + - gh-106719: No longer suppress arbitrary errors in the + __annotations__ getter and setter in the type and module types. + - gh-106723: Propagate frozen_modules to multiprocessing spawned + process interpreters. + - gh-105979: Fix crash in _imp.get_frozen_object() due to improper + exception handling. + - gh-105840: Fix possible crashes when specializing function calls + with too many __defaults__. + - gh-105588: Fix an issue that could result in crashes when + compiling malformed ast nodes. + - gh-105375: Fix bugs in the builtins module where exceptions + could end up being overwritten. + - gh-105375: Fix bug in the compiler where an exception could end + up being overwritten. + - gh-105375: Improve error handling in + PyUnicode_BuildEncodingMap() where an exception could end up + being overwritten. + - gh-105235: Prevent out-of-bounds memory access during + mmap.find() calls. + - gh-101006: Improve error handling when read marshal data. + - Library + - gh-105736: Harmonized the pure Python version of OrderedDict + with the C version. Now, both versions set up their internal + state in __new__. Formerly, the pure Python version did the set + up in __init__. + - gh-107963: Fix multiprocessing.set_forkserver_preload() to check + the given list of modules names. Patch by Dong-hee Na. + - gh-106242: Fixes os.path.normpath() to handle embedded null + characters without truncating the path (bsc#1214693, + CVE-2023-41105). + - gh-107845: tarfile.data_filter() now takes the location of + symlinks into account when determining their target, so it will + no longer reject some valid tarballs with + LinkOutsideDestinationError. + - gh-107715: Fix doctest.DocTestFinder.find() in presence of class + names with special characters. Patch by Gertjan van Zwieten. + - gh-100814: Passing a callable object as an option value to a + Tkinter image now raises the expected TclError instead of an + AttributeError. + - gh-106684: Close asyncio.StreamWriter when it is not closed by + application leading to memory leaks. Patch by Kumar Aditya. + - gh-107077: Seems that in some conditions, OpenSSL will return + SSL_ERROR_SYSCALL instead of SSL_ERROR_SSL when a certification + verification has failed, but the error parameters will still + contain ERR_LIB_SSL and SSL_R_CERTIFICATE_VERIFY_FAILED. We are + now detecting this situation and raising the appropiate + ssl.SSLCertVerificationError. Patch by Pablo Galindo + - gh-107396: tarfiles; Fixed use before assignment of + self.exception for gzip decompression + - gh-62519: Make gettext.pgettext() search plural definitions when + translation is not found. + - gh-83006: Document behavior of shutil.disk_usage() for + non-mounted filesystems on Unix. + - gh-106186: Do not report MultipartInvariantViolationDefect + defect when the email.parser.Parser class is used to parse + emails with headersonly=True. + - gh-106831: Fix potential missing NULL check of d2i_SSL_SESSION + result in _ssl.c. + - gh-106774: Update the bundled copy of pip to version 23.2.1. + - gh-106752: Fixed several bug in zipfile.Path in + name/suffix/suffixes/stem operations when no filename is present + and the Path is not at the root of the zipfile. + - gh-106602: Add __copy__ and __deepcopy__ in enum + - gh-106530: Revert a change to colorsys.rgb_to_hls() that caused + division by zero for certain almost-white inputs. Patch by Terry + Jan Reedy. + - gh-106052: re module: fix the matching of possessive quantifiers + in the case of a subpattern containing backtracking. + - gh-106510: Improve debug output for atomic groups in regular + expressions. + - gh-105497: Fix flag mask inversion when unnamed flags exist. + - gh-90876: Prevent multiprocessing.spawn from failing to import + in environments where sys.executable is None. This regressed in + 3.11 with the addition of support for path-like objects in + multiprocessing. + - gh-106350: Detect possible memory allocation failure in the + libtommath function mp_init() used by the _tkinter module. + - gh-102541: Make pydoc.doc catch bad module ImportError when + output stream is not None. + - gh-106263: Fix crash when calling repr with a manually + constructed SignalDict object. Patch by Charlie Zhao. + - gh-105375: Fix a bug in _Unpickler_SetInputStream() where an + exception could end up being overwritten in case of failure. + - gh-105375: Fix bugs in sys where exceptions could end up being + overwritten because of deferred error handling. + - gh-105605: Harden pyexpat error handling during module + initialisation to prevent exceptions from possibly being + overwritten, and objects from being dereferenced twice. + - gh-105375: Fix bug in decimal where an exception could end up + being overwritten. + - gh-105375: Fix bugs in _datetime where exceptions could be + overwritten in case of module initialisation failure. + - gh-105375: Fix bugs in _ssl initialisation which could lead to + leaked references and overwritten exceptions. + - gh-105375: Fix a bug in array.array where an exception could end + up being overwritten. + - gh-105375: Fix bugs in _ctypes where exceptions could end up + being overwritten. + - gh-105375: Fix a bug in the posix module where an exception + could be overwritten. + - gh-105375: Fix bugs in _elementtree where exceptions could be + overwritten. + - gh-105375: Fix bugs in zoneinfo where exceptions could be + overwritten. + - gh-105375: Fix bugs in pickle where exceptions could be + overwritten. + - gh-105497: Fix flag inversion when alias/mask members exist. + - gh-105375: Fix bugs in pickle where exceptions could be + overwritten. + - gh-103171: Revert undocumented behaviour change with + runtime-checkable protocols decorated with typing.final() in + Python 3.11. The behaviour change had meant that objects would + not be considered instances of these protocols at runtime unless + they had a __final__ attribute. Patch by Alex Waygood. + - gh-105375: Fix a bug in sqlite3 where an exception could be + overwritten in the collation callback. + - gh-105332: Revert pickling method from by-name back to by-value. + - gh-104554: Add RTSPS scheme support in urllib.parse + - gh-100061: Fix a bug that causes wrong matches for regular + expressions with possessive qualifier. + - gh-102541: Hide traceback in help() prompt, when import failed. + - gh-99203: Restore following CPython <= 3.10.5 behavior of + shutil.make_archive(): do not create an empty archive if + root_dir is not a directory, and, in that case, raise + FileNotFoundError or NotADirectoryError regardless of format + choice. Beyond the brought-back behavior, the function may now + also raise these exceptions in dry_run mode. + - gh-94777: Fix hanging multiprocessing ProcessPoolExecutor when a + child process crashes while data is being written in the call + queue. + - bpo-18319: Ensure gettext(msg) retrieve translations even if a + plural form exists. In other words: gettext(msg) == + ngettext(msg, '', 1). + - Documentation + - gh-107008: Document the curses module variables LINES and COLS. + - gh-106948: Add a number of standard external names to + nitpick_ignore. + - gh-54738: Add documentation on how to localize the argparse + module. + - Tests + - gh-105776: Fix test_cppext when the C compiler command -std=c11 + option: remove -std= options from the compiler command. Patch by + Victor Stinner. + - gh-107237: test_logging: Fix test_udp_reconnection() by + increasing the timeout from 100 ms to 5 minutes (LONG_TIMEOUT). + Patch by Victor Stinner. + - gh-101634: When running the Python test suite with -jN option, + if a worker stdout cannot be decoded from the locale encoding + report a failed testn so the exitcode is non-zero. Patch by + Victor Stinner. + - Build + - gh-107814: When calling find_python.bat with -q it did not + properly silence the output of nuget. That is now fixed. + - gh-106881: Check for linux/limits.h before including it in + Modules/posixmodule.c. + - gh-104692: Include commoninstall as a prerequisite for + bininstall + - This ensures that commoninstall is completed before bininstall + is started when parallel builds are used (make -j install), and + so the python3 symlink is only installed after all standard + library modules are installed. + - gh-100340: Allows -Wno-int-conversion for wasm-sdk 17 and + onwards, thus enables building WASI builds once against the + latest sdk. + - Windows + - gh-106242: Fixes realpath() to behave consistently when passed a + path containing an embedded null character on Windows. In strict + mode, it now raises OSError instead of the unexpected + ValueError, and in non-strict mode will make the path absolute. + - gh-106844: Fix integer overflow in _winapi.LCMapStringEx() which + affects ntpath.normcase(). + - gh-99079: Update Windows build to use OpenSSL 3.0.9 + - gh-105436: Ensure that an empty environment block is terminated + by two null characters, as is required by Windows. + - macOS + - gh-107565: Update macOS installer to use OpenSSL 3.0.10. + - gh-99079: Update macOS installer to use OpenSSL 3.0.9. + - Tools/Demos + - gh-107565: Update multissltests and GitHub CI workflows to use + OpenSSL 1.1.1v, 3.0.10, and 3.1.2. + - gh-95065: Argument Clinic now supports overriding automatically + generated signature by using directive @text_signature. See How + to override the generated signature. + - gh-106970: Fix bugs in the Argument Clinic destination + clear command; the destination buffers would never be cleared, + and the destination directive parser would simply continue to + the fault handler after processing the command. Patch by Erlend + E. Aasland. + - C API + - gh-107916: C API functions PyErr_SetFromErrnoWithFilename(), + PyErr_SetExcFromWindowsErrWithFilename() and + PyErr_SetFromWindowsErrWithFilename() save now the error code + before calling PyUnicode_DecodeFSDefault(). + - gh-107915: Such C API functions as PyErr_SetString(), + PyErr_Format(), PyErr_SetFromErrnoWithFilename() and many others + no longer crash or ignore errors if it failed to format the + error message or decode the filename. Instead, they keep a + corresponding error. + - gh-107226: PyModule_AddObjectRef() is now only available in the + limited API version 3.10 or later. + - gh-105375: Fix a bug in PyErr_WarnExplicit() where an exception + could end up being overwritten if the API failed internally. + - gh-99612: Fix PyUnicode_DecodeUTF8Stateful() for ASCII-only + data: *consumed was not set. + +------------------------------------------------------------------- +Thu Aug 10 09:33:26 UTC 2023 - Dirk Müller + +- restrict PEP668 to ALP/Tumbleweed + +------------------------------------------------------------------- +Fri Aug 4 06:37:41 UTC 2023 - Dirk Müller + +- add externally_managed.in to label this build as PEP-668 managed + +------------------------------------------------------------------- +Thu Aug 3 14:53:38 UTC 2023 - Matej Cepl + +- IT MEANS THAT bsc#1210638 STILL HAS NOT BEEN FIXED! +- Add Revert-gh105127-left-tests.patch (gh#python/cpython!106941) + partially reverting CVE-2023-27043-email-parsing-errors.patch, + because of the regression in gh#python/cpython#106669. +- (bsc#1210638, CVE-2023-27043) Add + CVE-2023-27043-email-parsing-errors.patch, which detects email + address parsing errors and returns empty tuple to indicate the + parsing error (old API). (The patch is faulty, + gh#python/cpython#106669, but upstream decided not to just + revert it). + +------------------------------------------------------------------- +Wed Jun 28 19:47:28 UTC 2023 - Matej Cepl + +- Update to Python 3.11.4: + - gh-103142: The version of OpenSSL used in Windows and + Mac installers has been upgraded to 1.1.1u to address + CVE-2023-2650, CVE-2023-0465, CVE-2023-0466, CVE-2023-0464, + as well as CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303 + fixed previously in 1.1.1t (gh-101727). + - gh-102153: urllib.parse.urlsplit() now strips leading C0 + control and space characters following the specification for + URLs defined by WHATWG in response to CVE-2023-24329 + (bsc#1208471). + - gh-99889: Fixed a security in flaw in uu.decode() that could + allow for directory traversal based on the input if no + out_file was specified. + - gh-104049: Do not expose the local on-disk + location in directory indexes produced by + http.client.SimpleHTTPRequestHandler. + - gh-103935: trace.__main__ now uses io.open_code() for files + to be executed instead of raw open(). + - gh-102953: The extraction methods in tarfile, and + shutil.unpack_archive(), have a new filter argument that + allows limiting tar features than may be surprising or + dangerous, such as creating files outside the destination + directory. See Extraction filters for details (fixing + CVE-2007-4559, bsc#1203750). +- Remove upstreamed patches: + - CVE-2007-4559-filter-tarfile_extractall.patch + +------------------------------------------------------------------- +Mon Jun 26 13:02:05 UTC 2023 - Matej Cepl + +- Remove obsolete_python_versioned macro again. This mechanism + has no business to be in Python 3.11, because we have abolished + with it whole interpreter+setuptools+pip product. Python 3.11 + should not be replaced by later versions anymore. + +------------------------------------------------------------------- +Sun Apr 30 18:13:16 UTC 2023 - Matej Cepl + +- Add 103213-fetch-CONFIG_ARGS.patch (gh#python/cpython#103053). +- Add skip_if_buildbot-extend.patch to avoid the bug altogether + (extending what skip_if_buildbot covers). +- Add CVE-2007-4559-filter-tarfile_extractall.patch to fix + bsc#1203750 (CVE-2007-4559) and implementing "PEP 706 – Filter + for tarfile.extractall". + +------------------------------------------------------------------- +Thu Apr 27 21:57:15 UTC 2023 - Matej Cepl + +- Update to 3.11.3: + - Security + - gh-101727: Updated the OpenSSL version used in Windows + and macOS binary release builds to 1.1.1t to address + CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303 per the + OpenSSL 2023-02-07 security advisory. + - Core and Builtins + - gh-101975: Fixed stacktop value on tracing entries to avoid + corruption on garbage collection. + - gh-102701: Fix overflow when creating very large dict. + - gh-102416: Do not memoize incorrectly automatically + generated loop rules in the parser. Patch by Pablo Galindo. + - gh-102356: Fix a bug that caused a crash when deallocating + deeply nested filter objects. Patch by Marta Gómez Macías. + - gh-102397: Fix segfault from race condition in signal + handling during garbage collection. Patch by Kumar Aditya. + - gh-102281: Fix potential nullptr dereference and use of + uninitialized memory in fileutils. Patch by Max Bachmann. + - gh-102126: Fix deadlock at shutdown when clearing thread + states if any finalizer tries to acquire the runtime head + lock. Patch by Kumar Aditya. + - gh-102027: Fix SSE2 and SSE3 detection in _blake2 internal + module. Patch by Max Bachmann. + - gh-101967: Fix possible segfault in + positional_only_passed_as_keyword function, when new list + created. + - gh-101765: Fix SystemError / segmentation fault in iter + __reduce__ when internal access of builtins.__dict__ keys + mutates the iter object. + - gh-101696: Invalidate type version tag in + _PyStaticType_Dealloc for static types, avoiding bug where + a false cache hit could crash the interpreter. Patch by + Kumar Aditya. + - Library + - gh-102549: Don’t ignore exceptions in member type creation. + - gh-102947: Improve traceback when dataclasses.fields() is + called on a non-dataclass. Patch by Alex Waygood + - gh-102780: The asyncio.Timeout context manager now + works reliably even when performing cleanup due to task + cancellation. Previously it could raise a CancelledError + instead of an TimeoutError in such cases. + - gh-88965: typing: Fix a bug relating to substitution in . + Pacustom classes generic over a ParamSpec. Previously, if . + Pathe ParamSpec was substituted with a parameters list that . + Paitself contained a TypeVar, the TypeVar in the parameters . + Palist could not be subsequently substituted. This is now . + Pafixed tch by Nikita Sobolev . + - gh-101979: Fix a bug where parentheses in the metavar + argument to argparse.ArgumentParser.add_argument() were + dropped. Patch by Yeojin Kim. + - gh-102179: Fix os.dup2() error message for negative fds. + - gh-101961: For the binary mode, fileinput.hookcompressed() + doesn’t set the encoding value even if the value is + None. Patch by Gihwan Kim. + - gh-101936: The default value of fp becomes io.BytesIO + if HTTPError is initialized without a designated fp + parameter. Patch by Long Vo. + - gh-102069: Fix __weakref__ descriptor generation for custom + dataclasses. + - gh-101566: In zipfile, apply fix for extractall on the + underlying zipfile after being wrapped in Path. + - gh-101892: Callable iterators no longer raise SystemError + when the callable object exhausts the iterator but forgets + to either return a sentinel value or raise StopIteration. + - gh-97786: Fix potential undefined behaviour in corner cases + of floating-point-to-time conversions. + - gh-101517: Fixed bug where bdb looks up the source line + with linecache with a lineno=None, which causes it to fail + with an unhandled exception. + - gh-101673: Fix a pdb bug where ll clears the changes to + local variables. + - gh-96931: Fix incorrect results from + ssl.SSLSocket.shared_ciphers() + - gh-88233: Correctly preserve “extra” fields in zipfile + regardless of their ordering relative to a zip64 “extra.” + - gh-96127: inspect.signature was raising TypeError on + call with mock objects. Now it correctly returns (*args, + **kwargs) as infered signature. + - gh-95495: When built against OpenSSL 3.0, the ssl module + had a bug where it reported unauthenticated EOFs (i.e. + without close_notify) as a clean TLS-level EOF. It now + raises SSLEOFError, matching the behavior in previous + versions of OpenSSL. The options attribute on SSLContext + also no longer includes OP_IGNORE_UNEXPECTED_EOF by + default. This option may be set to specify the previous + OpenSSL 3.0 behavior. + - gh-94440: Fix a concurrent.futures.process bug where + ProcessPoolExecutor shutdown could hang after a future has + been quickly submitted and canceled. + - Documentation + - gh-103112: Add docstring to http.client.HTTPResponse.read() + to fix pydoc output. + - gh-85417: Update cmath documentation to clarify behaviour + on branch cuts. + - gh-97725: Fix asyncio.Task.print_stack() description for + file=None. Patch by Oleg Iarygin. + - Tests + - gh-102980: Improve test coverage on pdb. + - gh-102537: Adjust the error handling strategy in + test_zoneinfo.TzPathTest.python_tzpath_context. Patch by + Paul Ganssle. + - gh-89792: test_tools now copies up to 10x less source data + to a temporary directory during the freeze test by ignoring + git metadata and other artifacts. It also limits its python + build parallelism based on os.cpu_count instead of hard + coding it as 8 cores. + - gh-101377: Improved test_locale_calendar_formatweekday of + calendar. + - Build + - gh-102711: Fix -Wstrict-prototypes compiler warnings. + +------------------------------------------------------------------- +Fri Mar 3 17:23:35 UTC 2023 - Matej Cepl + +- Update to 3.11.2: + Bug fixes, no changes in API and no security bugs. + +------------------------------------------------------------------- +Wed Mar 1 20:50:04 UTC 2023 - Matej Cepl + +- Add python310 Obsoletes line to obsolete_python_versioned macro. + +------------------------------------------------------------------- +Tue Feb 21 11:34:49 UTC 2023 - Matej Cepl + +- Add provides for readline and sqlite3 to the main Python + package. + +------------------------------------------------------------------- +Thu Jan 26 13:28:24 UTC 2023 - Thorsten Kukuk + +- Disable NIS for new products, it's deprecated and gets removed + +------------------------------------------------------------------- +Tue Jan 24 12:23:34 UTC 2023 - Dirk Müller + +- build GLIBC hwcaps optimized versions of the interpreter + +------------------------------------------------------------------- +Tue Jan 10 11:11:56 UTC 2023 - Matej Cepl + +- Don't fail on Sphinx build warnings. +- For jsc#PED-1570, jsc#PED-2217 and jsc#PED-68, + providing Python 3.11 for SLE-15-SP4. + +------------------------------------------------------------------- +Thu Dec 8 14:59:50 UTC 2022 - Matej Cepl + +- Update to 3.11.1: + - python -m http.server no longer allows terminal control + characters sent within a garbage request to be printed + to the stderr server lo This is done by changing the + http.server BaseHTTPRequestHandler .log_message method to + replace control characters with a \xHH hex escape before + printin + - Avoid publishing list of active per-interpreter audit hooks + via the gc module + - The IDNA codec decoder used on DNS hostnames by socket or + asyncio related name resolution functions no longer involves + a quadratic algorithm. This prevents a potential CPU denial + of service if an out-of-spec excessive length hostname + involving bidirectional characters were decoded. Some + protocols such as urllib http 3xx redirects potentially allow + for an attacker to supply such a name (CVE-2022-45061). + - Update bundled libexpat to 2.5.0 + - Fix a shell code injection vulnerability in the + get-remote-certificate.py example script. The script no + longer uses a shell to run openssl commands. Issue reported + and initial fix by Caleb Shortt. Patch by Victor Stinner. + - Fix a crash when an object which does not have a dictionary + frees its instance values. + - Fix a bug in the tokenizer that could cause infinite + recursion when showing syntax warnings that happen in the + first line of the source. Patch by Pablo Galindo + - Fix an issue that could cause frames to be visible to Python + code as they are being torn down, possibly leading to memory + corruption or hard crashes of the interpreter. + - Fix a reference bug in _imp.create_builtin() after the + creation of the first sub-interpreter for modules builtins + and sys. Patch by Victor Stinner. + - Fixed a bug that was causing a buffer overflow if the + tokenizer copies a line missing the newline caracter from a + file that is as long as the available tokenizer buffer. Patch + by Pablo galindo + - Fix bug where an ExceptionGroup subclass can wrap a + BaseException. + - Fix zip path for venv created from a non-installed python on + POSIX platforms. + - Fix an issue that could potentially cause incorrect error + handling for some bytecode instructions. + - Fix an issue that prevented PyThreadState and + PyInterpreterState memory from being freed properly. + - Fix failure in except* with unhashable exceptions. + - Fix calculation of sys._base_executable when inside a POSIX + virtual environment using copies of the python binary when + the base installation does not provide the executable name + used by the venv. Calculation will fall back to alternative + names (“python”, “python.”). + - Update faulthandler to emit an error message with the proper + unexpected signal number. Patch by Dong-hee Na. + - Fix location of SyntaxError for a try block with both except + and except*. + - Fix the error reporting positions of specialized traceback + anchors when the source line contains Unicode characters. + - Fix subscription of type aliases containing bare generic + types or types like TypeVar: for example tuple[A, T][int] and + tuple[TypeVar, T][int], where A is a generic type, and T is a + type variable. + - Lower the recursion depth for marshal on WASI to support + wasmtime 2.0/main. + - Fix multiple crashes in debug mode when str subclasses are + used instead of str itself. + - Fix an issue where member descriptors (such as those for + __slots__) could behave incorrectly or crash instead of + raising a TypeError when accessed via an instance of an + invalid type. + - Suppress ImportError for invalid query for help() + command. Patch by Dong-hee Na. + - Fix detection of MAC addresses for uuid on certain OSs. Patch + by Chaim Sanders + - Print exception class name instead of its string + representation when raising errors from ctypes calls. + - os.sched_yield() now release the GIL while calling + sched_yield(2). Patch by Dong-hee Na. + - Fix an issue that could delay the specialization of PRECALL + instructions. + - Bugfix: PyFunction_GetAnnotations() should return a borrowed + reference. It was returning a new reference. + - Ensure that all Python frame objects are backed by “complete” + frames. + - Fixed a missing incref/decref pair in + Exception.__setstate__(). Patch by Ofey Chan. + - Fix the Python path configuration used to initialized + sys.path at Python startup. Paths are no longer encoded + to UTF-8/strict to avoid encoding errors if it contains + surrogate characters (bytes paths are decoded with the + surrogateescape error handler). Patch by Victor Stinner. + - Fix overly-broad source position information for chained + comparisons used as branching conditions. + - At Python exit, sometimes a thread holding the GIL can + wait forever for a thread (usually a daemon thread) which + requested to drop the GIL, whereas the thread already + exited. To fix the race condition, the thread which requested + the GIL drop now resets its request before exiting. Issue + discovered and analyzed by Mingliang ZHAO. Patch by Victor + Stinner. + - Fix a possible assertion failure, fatal error, or SystemError + if a line tracing event raises an exception while opcode + tracing is enabled. + - Fix undefined behaviour in C code of null pointer arithmetic. + - Make sure that all frame objects created are created from + valid interpreter frames. Prevents the possibility of invalid + frames in backtraces and signal handlers. + - Disable incorrect pickling of the C implemented classmethod + descriptors. + - On WASI ENOTCAPABLE is now mapped to PermissionError. The + errno modules exposes the new error number. getpath.py now + ignores PermissionError when it cannot open landmark files + pybuilddir.txt and pyenv.cfg. + - Allow pdb to locate source for frozen modules in the standard + library. + - Raise ValueError instead of SystemError when methods of + uninitialized io.IncrementalNewlineDecoder objects are + called. Patch by Oren Milman. + - Fix a possible assertion failure in io.FileIO when the opener + returns an invalid file descriptor. + - Also escape s in the http.server + BaseHTTPRequestHandler.log_message so that it is technically + possible to parse the line and reconstruct what the original + data was. Without this a xHH is ambiguious as to if it is a + hex replacement we put in or the characters r”x” came through + in the original request line. + - asyncio.get_event_loop() now only emits a deprecation warning + when a new event loop was created implicitly. It no longer + emits a deprecation warning if the current event loop was + set. + - Fix bug when calling trace.CoverageResults with valid infile. + - Fix a bug in handling class cleanups in + unittest.TestCase. Now addClassCleanup() uses separate lists + for different TestCase subclasses, and doClassCleanups() only + cleans up the particular class. + - Release the GIL when calling termios APIs to avoid blocking + threads. + - Fix ast.increment_lineno() to also cover ast.TypeIgnore when + changing line numbers. + - Fix bug in urllib.parse.urlparse() that causes URL schemes + that begin with a digit, a plus sign, or a minus sign to be + parsed incorrectly. + - Check the number of arguments in substitution in user + generics containing a TypeVarTuple and one or more TypeVar. + - Fix substitution of ParamSpec followed by TypeVarTuple in + generic aliases. + - Fix substitution of TypeVarTuple and ParamSpec together in + user generics. + - Fixed bug where inspect.signature() reported incorrect + arguments for decorated methods. + - Fix SystemError in ctypes when exception was not set during + __initsubclass__. + - Remove older version of + _SSLProtocolTransport.get_write_buffer_limits in + asyncio.sslproto + - fix negative numbers failing in verify() + - Fix statistics.NormalDist pickle with 0 and 1 protocols. + - enum.auto() is now correctly activated when combined with + other assignment values. E.g. ONE = auto(), 'some text' will + now evaluate as (1, 'some text'). + - Update the bundled copy of pip to version 22.3.1. + - Clean up refleak on failed module initialisation in _zoneinfo + - Clean up refleaks on failed module initialisation in in + _pickle + - Clean up refleak on failed module initialisation in _io. + - Fix memory leak in math.dist() when both points don’t have + the same dimension. Patch by Kumar Aditya. + - [3.11] Applied changes from importlib_metadata 4.11.4 + through 4.13, including compatibility and robustness + fixes for Distribution objects without _normalized_name, + disallowing invalid inputs to Distribution.from_name, and + refined behaviors in PathDistribution._name_from_stem and + PathDistribution._normalized_name. + - Fix argument typechecks in _overlapped.WSAConnect() and + _overlapped.Overlapped.WSASendTo() functions. + - Prevent crashing in traceback when retrieving the byte-offset + for some source files that contain certain unicode + characters. + - Fix internal error in the re module which in very rare + circumstances prevented compilation of a regular expression + containing a conditional expression without the “else” + branch. + - Fix asyncio.StreamWriter.drain() to call + protocol.connection_lost callback only once on Windows. + - Add a mutex to unittest.mock.NonCallableMock to protect + concurrent access to mock attributes. + - Fix hang on Windows in subprocess.wait_closed() in asyncio + with ProactorEventLoop. Patch by Kumar Aditya. + - Fix infinite loop in unittest when a self-referencing chained + exception is raised + - tkinter.Text.count() raises now an exception for options + starting with “-” instead of silently ignoring them. + - On uname_result, restored expectation that _fields and + _asdict would include all six properties including processor. + - A createSocket() method was added to SysLogHandler. + - Fix bug in urllib.parse.urlparse() that causes certain port + numbers containing whitespace, underscores, plus and minus + signs, or non-ASCII digits to be incorrectly accepted. + - Allow venv to pass along PYTHON* variables to ensurepip and + pip when they do not impact path resolution + - On macOS, fix a crash in syslog.syslog() in multi-threaded + applications. On macOS, the libc syslog() function is not + thread-safe, so syslog.syslog() no longer releases the GIL to + call it. Patch by Victor Stinner. + - Allow BUILTINS to be a valid field name for frozen + dataclasses. + - Wrap network errors consistently in urllib FTP support, so + the test suite doesn’t fail when a network is available but + the public internet is not reachable. + - Make sure patch.dict() can be applied on async functions. + - Earlier in 3.11 we deprecated + asyncio.Task.cancel("message"). We realized we were too + harsh, and have undeprecated it. + - Change deprecate warning message in unittest from It is + deprecated to return a value!=None to It is deprecated to + return a value that is not None from a test case + - Fixes AttributeError when subprocess.check_output() is used + with argument input=None and either of the arguments encoding + or errors are used. + - Fix is_private properties in the ipaddress module. Previously + non-private networks (0.0.0.0/0) would return True from this + method; now they correctly return False. + - Avoid spurious tracebacks from asyncio when default executor + cleanup is delayed until after the event loop is closed (e.g. + as the result of a keyboard interrupt). + - Avoid a crash in the C version of + asyncio.Future.remove_done_callback() when an evil argument + is passed. + - Remove tokenize.NL check from tabnanny. + - Fix generation of the default name of + tkinter.Checkbutton. Previously, checkbuttons in different + parent widgets could have the same short name and share + the same state if arguments “name” and “variable” are not + specified. Now they are globally unique. + - Update bundled libexpat to 2.4.9 + - Fix race condition in asyncio where process_exited() called + before the pipe_data_received() leading to inconsistent + output. Patch by Kumar Aditya. + - Fixed check in multiprocessing.resource_tracker that + guarantees that the length of a write to a pipe is not + greater than PIPE_BUF. + - Corrected type annotation for dataclass attribute + pstats.FunctionProfile.ncalls to be str. + - Fix repr of Any subclasses. + - Work around missing socket functions in socket’s __repr__. + - In inspect, fix overeager replacement of “typing.” in + formatting annotations. + - Fix handling of bytes path-like objects in os.ismount(). + - Fix handling compiler warnings (SyntaxWarning and + DeprecationWarning) in codeop.compile_command() when checking + for incomplete input. Previously it emitted warnings and + raised a SyntaxError. Now it always returns None for + incomplete input without emitting any warnings. + - To avoid apparent memory leaks when asyncio.open_connection() + raises, break reference cycles generated by local exception + and future instances (which has exception instance as its + member var). Patch by Dong Uk, Kang. + - Fixed flickering of the turtle window when the tracer is + turned off. Patch by Shin-myoung-serp. + - Fix asyncio subprocess transport to kill process cleanly + when process is blocked and avoid RuntimeError when loop is + closed. Patch by Kumar Aditya. + - Prevent error when activating venv in nested fish instances. + - TarFile.next() now returns None when called on an empty + tarfile. + - Document the optional callback parameter of WeakMethod. Patch + by Géry Ogam. + - Restrict use of sockets instead of pipes for stdin of + subprocesses created by asyncio to AIX platform only. + - shutil.copytree() now applies the ignore_dangling_symlinks + argument recursively. + - Fix IndexError in argparse.ArgumentParser when a store_true + action is given an explicit argument. + - Document that calling variadic functions with ctypes requires + special care on macOS/arm64 (and possibly other platforms). + - Remove extra row + - Clarified the conflicting advice given in the ast + documentation about ast.literal_eval() being “safe” for use + on untrusted input while at the same time warning that it + can crash the process. The latter statement is true and is + deemed unfixable without a large amount of work unsuitable + for a bugfix. So we keep the warning and no longer claim that + literal_eval is safe. + - Restructured the documentation for the os.wait* family of + functions, and improved the docs for os.waitid() with more + explanation of the possible argument constants. + - Skip test_normalization() of test_unicodedata if it + fails to download NormalizationTest.txt file from + pythontest.net. Patch by Victor Stinner. + - Correct test_marsh on (32 bit) x86: test_deterministic sets + was failing. + - Optional big memory tests in test_sqlite3 now catch the + correct sqlite.DataError exception type in case of too large + strings and/or blobs passed. + - Fix a bug in the typing tests where a test relying + on CPython-specific implementation details was not + decorated with @cpython_only and was not skipped on other + implementations. + - Add tests for star-unpacking with PEP 646, and some other + miscellaneous PEP 646 tests. + - Added explicit coverage of Py_Initialize (and hence + Py_InitializeEx) back to the embedding tests (all other + embedding tests migrated to Py_InitializeFromConfig in Python + 3.11) + - Some C API tests were moved into the new Lib/test/test_capi/ + directory. + - Fix -Wimplicit-int, -Wstrict-prototypes, and + -Wimplicit-function-declaration compiler warnings in + configure checks. + - Fix a compilation issue with GCC 12 on macOS. + - Fix -Wimplicit-int compiler warning in configure check for + PTHREAD_SCOPE_SYSTEM. + - Fix a possible fd leak in Programs/_freeze_module.c + introduced in Python 3.11. + - Fix build with PYTHON_FOR_REGEN=python3.8. + - Specify the full path to the source location for make + docclean (needed for cross-builds). + - Don’t use vendored libmpdec headers if --with-system-libmpdec + is passed to configure. Don’t use vendored libexpat headers + if --with-system-expat is passed to !configure. + - Fix the build process of clang compiler for _bootstrap_python + if LTO optimization is applied. Patch by Matthias Görgens and + Dong-hee Na. + - wasm32-emscripten builds for browsers now include + concurrent.futures for asyncio and unittest.mock. + - wasm32-emscripten platform no longer builds resource module, + getresuid(), getresgid(), and their setters. The APIs are + stubs and not functional. + - Updated pegen regeneration script on Windows to find and + use Python 3.9 or higher. Prior to this, pegen regeneration + already required 3.9 or higher, but the script may have used + lower versions of Python. + - Fix a bug in the previous bugfix that caused IDLE to + not start when run with 3.10.8, 3.12.0a1, and at least + Microsoft Python 3.10.2288.0 installed without the Lib/test + package. 3.11.0 was never affected. + - The wasm_build.py script now pre-builds Emscripten ports, + checks for broken EMSDK versions, and warns about pkg-config + env vars. + - The new tool Tools/wasm/wasm_builder.py automates configure, + compile, and test steps for building CPython on WebAssembly + platforms. + - Fix handling of module docstrings in Tools/i18n/pygettext.py. + - PyBUF_* constants were marked as part of Limited API + of Python 3.11+. These were available in 3.11.0 with + Py_LIMITED_API defined for 3.11, and are necessary to use the + buffer API. + - Fix use-after-free in Py_SetPythonHome(NULL), + Py_SetProgramName(NULL) and _Py_SetProgramFullPath(NULL) + function calls. Issue reported by Benedikt Reinartz. Patch by + Victor Stinner. + - Py_InitializeEx now correctly calls PyConfig_Clear after + initializing the interpreter (the omission didn’t cause a + memory leak only because none of the dynamically allocated + config fields are populated by the wrapper function) +- Removed upstreamed patches: + - 98437-sphinx.locale._-as-gettext-in-pyspecific.patch + - CVE-2022-45061-DoS-by-IDNA-decode.patch + +------------------------------------------------------------------- +Wed Nov 9 18:31:23 UTC 2022 - Matej Cepl + +- Add CVE-2022-45061-DoS-by-IDNA-decode.patch to avoid + CVE-2022-45061 (bsc#1205244) allowing DoS by IDNA decoding + extremely long domain names. + +------------------------------------------------------------------- +Tue Oct 25 08:39:47 UTC 2022 - Matej Cepl + +- Update to 3.11.0 (overall changes from 3.10.*): + - General changes + - PEP 657 -- Include Fine-Grained Error Locations in + Tracebacks + - PEP 654 -- Exception Groups and except* + - PEP 680 -- tomllib: Support for Parsing TOML in the + Standard Library + - gh-90908 -- Introduce task groups to asyncio + - gh-34627 -- Atomic grouping ((?>...)) and possessive + quantifiers (*+, ++, ?+, {m,n}+) are now supported in + regular expressions. + - The Faster CPython Project is already yielding some + exciting results. Python 3.11 is up to 10-60% faster than + Python 3.10. On average, we measured a 1.22x speedup on the + standard benchmark suite. See Faster CPython for details. + - Typing and typing language changes + - PEP 673 -- Self Type + - PEP 646 -- Variadic Generics + - PEP 675 -- Arbitrary Literal String Type + - PEP 655 -- Marking individual TypedDict items as required + or potentially-missing + - PEP 681 -- Data Class Transforms +- (just changes from 3.11.0rc2): + - Fix multiplying a list by an integer (list *= int): detect + the integer overflow when the new allocated length is close + to the maximum size. Issue reported by Jordan Limor. Patch by + Victor Stinner. + - On Linux the multiprocessing module returns to using + filesystem backed unix domain sockets for communication + with the forkserver process instead of the Linux abstract + socket namespace. Only code that chooses to use the + “forkserver” start method is affected. Abstract sockets have + no permissions and could allow any user on the system in the + same network namespace (often the whole system) to inject + code into the multiprocessing forkserver process. This was + a potential privilege escalation. Filesystem based socket + permissions restrict this to the forkserver process user as + was the default in Python 3.8 and earlier. This prevents + Linux CVE-2022-42919. + - Fix an issue where several frame objects could be backed by + the same interpreter frame, possibly leading to corrupted + memory and hard crashes of the interpreter. + - Fix possible data corruption or crashes when accessing the + f_back member of newly-created generator or coroutine frames. + - Fix a crash occurring when PyEval_GetFrame() is called while + the topmost Python frame is in a partially-initialized state. + - Fix command line parsing: reject -X int_max_str_digits option + with no value (invalid) when the PYTHONINTMAXSTRDIGITS + environment variable is set to a valid limit. Patch by Victor + Stinner. + - Fix undefined behaviour in _testcapimodule.c. + - When ValueError is raised if an integer is larger than the + limit, mention the sys.set_int_max_str_digits() function in + the error message. Patch by Victor Stinner. + - Correctly raise SyntaxError on exception groups (PEP 654) on + python versions prior to 3.11 + - Document some places where an assignment expression needs + parentheses. + - Update the bundled copies of pip and setuptools to versions + 22.3 and 65.5.0 respectively. + - fix Flag to use boundary CONFORM + - This restores previous Flag behavior of allowing flags with + non-sequential values to be combined; e.g. + - class Skip(Flag): TWO = 2 EIGHT = 8 + - Skip.TWO | Skip.EIGHT -> + - Fix ! in c domain ref target syntax via a conf.py patch, so + it works as intended to disable ref target resolution. + - Update tutorial introduction output to use 3.10+ SyntaxError + invalid range. + +------------------------------------------------------------------- +Fri Oct 21 10:14:03 UTC 2022 - Matej Cepl + +- Add 98437-sphinx.locale._-as-gettext-in-pyspecific.patch to + allow building of documentation with the latest Sphinx 5.3.0 + (gh#python/cpython#98366). + +------------------------------------------------------------------- +Thu Sep 15 08:43:07 UTC 2022 - Matej Cepl + +- Update to 3.11.0rc2: + - Converting between int and str in bases other than 2 + (binary), 4, 8 (octal), 16 (hexadecimal), or 32 such as base + 10 (decimal) now raises a ValueError if the number of digits + in string form is above a limit to avoid potential denial of + service attacks due to the algorithmic complexity. This is + a mitigation for CVE-2020-10735. + This new limit can be configured or disabled by environment + variable, command line flag, or sys APIs. See the integer + string conversion length limitation documentation. The + default limit is 4300 digits in string form. + - Fix case of undefined behavior in ceval.c + - Do not expose KeyWrapper in _functools. + - Ensure that tracing, sys.setrace(), is turned on + immediately. In pre-release versions of 3.11, some tracing + events might have been lost when turning on tracing in a + __del__ method or interrupt. + - Fix use after free in trace refs build mode. Patch by Kumar + Aditya. + - When loading a file with invalid UTF-8 inside a multi-line + string, a correct SyntaxError is emitted. + - Make sure that incomplete frames do not show up in + tracemalloc traces. + - Remove two cases of undefined behavior, by adding NULL + checks. + - Fix possible NULL pointer dereference in + _PyThread_CurrentFrames. Patch by Kumar Aditya. + - Fix AttributeError missing name and obj attributes in + object.__getattribute__(). Patch by Philip Georgi. + - Loading a file with invalid UTF-8 will now report the broken + character at the correct location. + - Fixed a bug that caused _PyCode_GetExtra to return garbage + for negative indexes. Patch by Pablo Galindo + - Fix a deadlock in PyGILState_Ensure() when allocating new + thread state. Patch by Kumar Aditya. + - PyType_Ready() now initializes ht_cached_keys and performs + additional checks to ensure that type objects are properly + configured. This avoids crashes in 3rd party packages that + don’t use regular API to create new types. + - Skip over incomplete frames in PyThreadState_GetFrame(). + - Fix format string in _PyPegen_raise_error_known_location that + can lead to memory corruption on some 64bit systems. The + function was building a tuple with i (int) instead of n + (Py_ssize_t) for Py_ssize_t arguments. + - Fix misleading contents of error message when converting an + all-whitespace string to float. + - ast.parse() will no longer parse function definitions with + positional-only params when passed feature_version less than + (3, 8). Patch by Shantanu Jain. + - Fix incorrect error message in the io module. + - Fix the faulthandler implementation of + faulthandler.register(signal, chain=True) if the sigaction() + function is not available: don’t call the previous signal + handler if it’s NULL. Patch by Victor Stinner. + - Correct conversion of numbers.Rational’s to float. + - Fix TypeVarTuple.__typing_prepare_subst__. TypeError was not + raised when using more than one TypeVarTuple, like [*T, *V] + in type alias substitutions. + - Fix asyncio.streams.StreamReaderProtocol to keep a strong + reference to the created task, so that it’s not garbage + collected + - Fix a performance regression in logging + TimedRotatingFileHandler. Only check for special files when + the rollover time has passed. + - Fix unused localName parameter in the Attr class in + xml.dom.minidom. + - Fix incorrect condition that causes sys.thread_info.name to + be wrong on pthread platforms. + - Remove an incompatible change from bpo-28080 that caused a + regression that ignored the utf8 in ZipInfo.flag_bits. Patch + by Pablo Galindo. + - Fix asyncio.Runner to call asyncio.set_event_loop() only + once to avoid calling attach_loop() multiple times on child + watchers. Patch by Kumar Aditya. + - Fix unittest.IsolatedAsyncioTestCase to set event loop before + calling setup functions. Patch by Kumar Aditya. + - When a task catches asyncio.CancelledError and raises some + other error, the other error should generally not silently be + suppressed. + - Fail gracefully if EPERM or ENOSYS is raised when loading + crypt methods. This may happen when trying to load MD5 on a + Linux kernel with FIPS enabled. + - Allow asyncio.StreamWriter.drain() to be awaited concurrently + by multiple tasks. Patch by Kumar Aditya. + - Fix ast.unparse() when ImportFrom.level is None + - Improve discoverability of the higher level + concurrent.futures module by providing clearer links from the + lower level threading and multiprocessing modules. + - What’s New 3.11 now has instructions for how to provide + compiler and linker flags for Tcl/Tk and OpenSSL on RHEL 7 + and CentOS 7. + - Mitigate the inherent race condition from using + find_unused_port() in testSockName() by trying to find an + unused port a few times before failing. Patch by Ross Burton. + - Build and test with OpenSSL 1.1.1q +- Use support-expat-CVE-2022-25236-patched.patch from the current + version of gh#python/cpython#93900 instead of the old + support-expat-245.patch. +- Reapply fix_configure_rst.patch. + +------------------------------------------------------------------- +Mon Sep 5 08:43:49 UTC 2022 - Andreas Schwab + +- Increase testsuite timeout for test_freeze_simple_script + +------------------------------------------------------------------- +Sat Aug 20 21:31:40 UTC 2022 - Matej Cepl + +- fix import_failed.map to refer to the python 3.11 package versions + +------------------------------------------------------------------- +Sat Aug 20 14:05:21 UTC 2022 - Matej Cepl + +- Update to 3.11.0rc1: + - Core and Builtins + - Update code object hashing and equality to consider all + debugging and exception handling tables. This fixes an + issue where certain non-identical code objects could be + “deduplicated” during compilation. + - _PyPegen_Parser_New now properly detects token memory + allocation errors. Patch by Honglin Zhu. + - Run Python code in tracer/profiler function at full + speed. Fixes slowdown in earlier versions of 3.11. + - Emit a warning in debug mode if an object does not call + PyObject_GC_UnTrack() before deallocation. Patch by Pablo + Galindo. + - Prevented crashes in the AST constructor when + compiling some absurdly long expressions like + "+0"*1000000. RecursionError is now raised instead. Patch + by Pablo Galindo + - ast.AST node positions are now validated when provided to + compile() and other related functions. If invalid positions + are detected, a ValueError will be raised. + - Fix error detection in some builtin functions when keyword + argument name is an instance of a str subclass with + overloaded __eq__ and __hash__. Previously it could cause + SystemError or other undesired behavior. + - Library + - Update bundled pip to 22.2.2. + - Fix asyncio.TaskGroup to propagate exception when + asyncio.CancelledError was replaced with another exception + by a context manger. Patch by Kumar Aditya and Guido van + Rossum. + - Update bundled pip to 22.2.1. + - Fix GC crash when deallocating _lsprof.Profiler by + untracking it before calling any callbacks. Patch by Kumar + Aditya. + - Fix asyncio.run() for asyncio.Task implementations without + uncancel() method. Patch by Kumar Aditya. + - Fix check for existence of os.EFD_CLOEXEC, os.EFD_NONBLOCK + and os.EFD_SEMAPHORE flags on older kernel versions where + these flags are not present. Patch by Kumar Aditya. + - Fix concurrent.futures.Executor.map() to cancel the + currently waiting on future on an error - e.g. TimeoutError + or KeyboardInterrupt. + - Ensure that timeouts scheduled with asyncio.Timeout that + have already expired are delivered promptly. + - Suppress writing an XML declaration in open files + in ElementTree.write() with encoding='unicode' and + xml_declaration=None. + - Fix findtext in the xml module to only give an empty string + when the text attribute is set to None. + - Documentation + - Fix stylesheet not working in Windows CHM htmlhelp docs + and add warning that they are deprecated. Contributed by + C.A.M. Gerlach. + - Update library documentation with availability information + on WebAssembly platforms wasm32-emscripten and wasm32-wasi. + - Use consistent syntax for platform availability. The + directive now supports a content body and emits a warning + when it encounters an unknown platform. + - Document a limitation in ThreadPoolExecutor where its exit + handler is executed before any handlers in atexit. + - Tests + - Lib/test/test_asyncio/test_ssl.py exposed a bug in the + macOS kernel where intense concurrent load on non-blocking + sockets occasionally causes errno.ENOBUFS (“No buffer space + available”) to be emitted. FB11063974 filed with Apple, in + the mean time as a workaround buffer size used in tests on + macOS is decreased to avoid intermittent failures. Patch by + Fantix King. + - Fix problem with test_ssl test_get_ciphers on systems that + require perfect forward secrecy (PFS) ciphers. + - Add a regression test for re exponentional slowdown when + using rjsmin. + - Build + - Fix a regression in configure script that caused some + header checks to ignore custom CPPFLAGS. The regression was + introduced in gh-94802. + - wasm32-wasi builds no longer depend on WASIX’s pthread + stubs. Python now has its own stubbed pthread API. + - Python now detects missing dup function in WASI and works + around some missing errno, select, and socket constants. + - Python now skips missing socket functions and methods on + WASI. WASI can only create sockets from existing fd / + accept and has no netdb. + - Platforms wasm32-unknown-emscripten and wasm32-unknown-wasi + have been promoted to PEP 11 tier 3 platform support. + - IDLE + - Document handling of extensions in Save As dialogs. + - Include prompts when saving Shell (interactive input and + output). + - Fix the Shell context menu copy-with-prompts bug of copying + an extra line when one selects whole lines. + - In the Edit menu, move Select All and add a new separator. + - Enable using IDLE’s module browser with .pyw files. + - Add .pyi as a recognized extension for IDLE on macOS. This + allows opening stub files by double clicking on them in the + Finder. + - C API + - Restore the 3.10 behavior for multiple inheritance of C + extension classes that store their dictionary at the end of + the struct. + - Added PyCode_GetVarnames(), PyCode_GetCellvars() and + PyCode_GetFreevars() for accessing co_varnames, co_cellvars + and co_freevars respectively via the C API. + +------------------------------------------------------------------- +Tue Jul 26 10:37:31 UTC 2022 - Matej Cepl + +- Update to 3.11.0b5: + - Core and Builtins + - gh-93351: ast.AST node positions are now validated when + provided to compile() and other related functions. If + invalid positions are detected, a ValueError will be + raised. + - gh-94438: Fix an issue that caused extended opcode + arguments and some conditional pops to be ignored when + calculating valid jump targets for assignments to the + f_lineno attribute of frame objects. In some cases, this + could cause inconsistent internal state, resulting in a + hard crash of the interpreter. + - gh-95060: Undocumented PyCode_Addr2Location function now + properly returns when addrq argument is less than zero. + - gh-95113: Replace all EXTENDED_ARG_QUICK instructions + with basic EXTENDED_ARG instructions in unquickened + code. Consumers of non-adaptive bytecode should be able to + handle extended arguments the same way they were handled in + CPython 3.10 and older. + - gh-91409: Fix incorrect source location info caused by + certain optimizations in the bytecode compiler. + - gh-94036: Fix incorrect source location info for some + multi-line attribute accesses and method calls. + - gh-94739: Allow jumping within, out of, and across + exception handlers in the debugger. + - gh-94949: ast.parse() will no longer parse parenthesized + context managers when passed feature_version less than (3, + 9). Patch by Shantanu Jain. + - gh-94947: ast.parse() will no longer parse assignment + expressions when passed feature_version less than (3, + 8). Patch by Shantanu Jain. + - gh-91256: Ensures the program name is known for help text + during interpreter startup. + - gh-94869: Fix the column offsets for some expressions in + multi-line f-strings ast nodes. Patch by Pablo Galindo. + - gh-94822: Fix an issue where lookups of metaclass + descriptors may be ignored when an identically-named + attribute also exists on the class itself. + - gh-91153: Fix an issue where a bytearray item assignment + could crash if it’s resized by the new value’s __index__() + method. + - gh-90699: Fix reference counting bug in + bool.__repr__(). Patch by Kumar Aditya. + - Library + - gh-95087: Fix IndexError in parsing invalid date in the + email module. + - gh-95199: Upgrade bundled setuptools to 63.2.0. + - gh-95194: Upgrade bundled pip to 22.2. + - gh-95132: Fix a sqlite3 regression where *args and **kwds + were incorrectly relayed from connect() to the Connection + factory. The regression was introduced in 3.11a1 with PR + 24421 (gh-85128). Patch by Erlend E. Aasland.` + - gh-93157: Fix fileinput module didn’t support errors option + when inplace is true. + - gh-95105: wsgiref.types.InputStream.__iter__() should + return Iterator[bytes], not Iterable[bytes]. Patch by + Shantanu Jain. + - gh-94857: Fix refleak in + _io.TextIOWrapper.reconfigure. Patch by Kumar Aditya. + - gh-94821: Fix binding of unix socket to empty address + on Linux to use an available address from the abstract + namespace, instead of “0”. + - gh-89988: Fix memory leak in pickle.Pickler when looking up + dispatch_table. Patch by Kumar Aditya. + - bpo-47025: Drop support for bytes on sys.path. + - Tests + - gh-95212: Make multiprocessing test case + test_shared_memory_recreate parallel-safe. + - Build + - gh-94847: Fixed _decimal module build issue on GCC when + compiling with LTO and pydebug. Debug builds no longer + force inlining of functions. + - gh-94841: Fix the possible performance regression of + PyObject_Free() compiled with MSVC version 1932. + - gh-94801: configure now uses custom flags like ZLIB_CFLAGS + and ZLIB_LIBS when searching for headers and libraries. + - gh-94773: deepfreeze.py now supports code object with + frozensets that contain incompatible, unsortable types. + - C API + - gh-94930: Fix SystemError raised when + PyArg_ParseTupleAndKeywords() is used with # in (...) but + without PY_SSIZE_T_CLEAN defined. + - gh-94864: Fix PyArg_Parse* with deprecated format units “u” + and “Z”. It returned 1 (success) when warnings are turned + into exceptions. + - gh-94731: Python again uses C-style casts for + most casting operations when compiled with + C++. This may trigger compiler warnings, if they + are enabled with e.g. -Wold-style-cast `` or + ``-Wzero-as-null-pointer-constant options for g++. + +------------------------------------------------------------------- +Thu Jul 21 14:19:53 UTC 2022 - Matej Cepl + +- Switch from %primary_interpreter to prjconf-defined + %primary_python (gh#openSUSE/python-rpm-macros#127). + +------------------------------------------------------------------- +Thu Jul 14 15:37:35 UTC 2022 - Matej Cepl + +- Update to 3.11.0b4: +- Fixes many bugs and adds following more significant changes +- Security + - gh-68966: The deprecated mailcap module now refuses to inject + Coreunsafe text (filenames, MIME types, parameters) into + shell Corecommands. Instead of using such text, it will + warn and act Coreas if a match was not found (or for test + commands, as if the Coretest failed). and Builtins + - gh-93516: Lazily create a table mapping bytecode offsets to + line numbers to speed up calculation of line numbers when + tracing. + - gh-93461: importlib.invalidate_caches() now drops entries + from sys.path_importer_cache with a relative path as + name. This solves a caching issue when a process changes its + current working directory. + - FileFinder no longer inserts a dot in the path, e.g. + /egg/./spam is now /egg/spam. +Library + - gh-93896: Fix asyncio.run() and + unittest.IsolatedAsyncioTestCase to always the set event loop + as it was done in Python 3.10 and earlier. Patch by Kumar + Aditya. + - gh-94101: Manual instantiation of ssl.SSLSession objects is + no longer allowed as it lead to misconfigured instances that + crashed the interpreter when attributes where accessed on + them. + - gh-83658: Make multiprocessing.Pool raise an exception if + maxtasksperchild is not None or a positive int. + - gh-61162: Clarify sqlite3 behavior when Using the connection + as a context manager. +Tools/Demos + - gh-94538: Fix Argument Clinic output to custom file + destinations. Patch by Erlend E. Aasland. +C API + - gh-93937: The following frame functions and type are now + directly available with #include , it’s no longer + needed to add #include : + PyFrame_Check() + PyFrame_GetBack() + PyFrame_GetBuiltins() + PyFrame_GetGenerator() + PyFrame_GetGlobals() + PyFrame_GetLasti() + PyFrame_GetLocals() + PyFrame_Type + +------------------------------------------------------------------- +Tue May 31 20:54:36 UTC 2022 - Matej Cepl + +- Update to 3.11.0b2: + - many small updates +- Add patch support-expat-245.patch: + * Support Expat >= 2.4.4 (jsc#SLE-21253) + +------------------------------------------------------------------- +Tue May 10 15:01:18 UTC 2022 - Matej Cepl + +- Refresh bluez-devel-vendor.tar.xz +- Fix building with system-expat (gh#python/cpython#92875). Nope, + it didn't work, worked around it. + +------------------------------------------------------------------- +Mon May 9 15:09:03 UTC 2022 - Matej Cepl + +- Update to pre-release version 3.11.0b1: + - PEP 657 – Include Fine-Grained Error Locations in Tracebacks + - PEP 654 – Exception Groups and except* + - PEP 673 – Self Type + - PEP 646 – Variadic Generics + - PEP 680– tomllib: Support for Parsing TOML in the Standard Library + - PEP 675– Arbitrary Literal String Type + - PEP 655– Marking individual TypedDict items as required or potentially-missing + - bpo-46752– Introduce task groups to asyncio + - The Faster Cpython Project is already yielding some exciting + results. Python 3.11 is up to 10-60% faster than Python + 3.10. On average, we measured a 1.22x speedup on the standard + benchmark suite. See + https://docs.python.org/3.11/whatsnew/3.11.html#faster-cpython + for details. + +------------------------------------------------------------------- +Thu May 5 14:35:56 UTC 2022 - Matej Cepl + +- Switch primary_interpreter from python38 to python310 + +------------------------------------------------------------------- +Sat Mar 26 22:52:45 UTC 2022 - Matej Cepl + +- Update to 3.10.4: + - bpo-46968: Check for the existence of the “sys/auxv.h” header + in faulthandler to avoid compilation problems in systems + where this header doesn’t exist. Patch by Pablo Galindo + - bpo-23691: Protect the re.finditer() iterator from + re-entering. + - bpo-42369: Fix thread safety of zipfile._SharedFile.tell() to + avoid a “zipfile.BadZipFile: Bad CRC-32 for file” exception + when reading a ZipFile from multiple threads. + - bpo-38256: Fix binascii.crc32() when it is compiled to use + zlib’c crc32 to work properly on inputs 4+GiB in length + instead of returning the wrong result. The workaround prior + to this was to always feed the function data in increments + smaller than 4GiB or to just call the zlib module function. + - bpo-39394: A warning about inline flags not at the start of + the regular expression now contains the position of the flag. + - bpo-47061: Deprecate the various modules listed by PEP 594: + - aifc, asynchat, asyncore, audioop, cgi, cgitb, chunk, crypt, + imghdr, msilib, nntplib, nis, ossaudiodev, pipes, smtpd, + sndhdr, spwd, sunau, telnetlib, uu, xdrlib + - bpo-2604: Fix bug where doctests using globals would fail + when run multiple times. + - bpo-45997: Fix asyncio.Semaphore re-aquiring FIFO order. + - bpo-47022: The asynchat, asyncore and smtpd modules have been + deprecated since at least Python 3.6. Their documentation and + deprecation warnings and have now been updated to note they + will removed in Python 3.12 (PEP 594). + - bpo-46421: Fix a unittest issue where if the command was + invoked as python -m unittest and the filename(s) began with + a dot (.), a ValueError is returned. + - bpo-40296: Fix supporting generic aliases in pydoc. + +- Update to 3.10.3: + - bpo-46940: Avoid overriding AttributeError metadata + information for nested attribute access calls. Patch by Pablo + Galindo. + - bpo-46852: Rename the private undocumented + float.__set_format__() method to float.__setformat__() to fix + a typo introduced in Python 3.7. The method is only used by + test_float. Patch by Victor Stinner. + - bpo-46794: Bump up the libexpat version into 2.4.6 + - bpo-46820: Fix parsing a numeric literal immediately (without + spaces) followed by “not in” keywords, like in 1not in x. Now + the parser only emits a warning, not a syntax error. + - bpo-46762: Fix an assert failure in debug builds when a ‘<’, + ‘>’, or ‘=’ is the last character in an f-string that’s + missing a closing right brace. + - bpo-46724: Make sure that all backwards jumps use the + JUMP_ABSOLUTE instruction, rather than JUMP_FORWARD with an + argument of (2**32)+offset. + - bpo-46732: Correct the docstring for the __bool__() method. + Patch by Jelle Zijlstra. + - bpo-46707: Avoid potential exponential backtracking when + producing some syntax errors involving lots of brackets. + Patch by Pablo Galindo. + - bpo-40479: Add a missing call to va_end() in + Modules/_hashopenssl.c. + - bpo-46615: When iterating over sets internally in + setobject.c, acquire strong references to the resulting items + from the set. This prevents crashes in corner-cases of + various set operations where the set gets mutated. + - bpo-45773: Remove two invalid “peephole” optimizations from + the bytecode compiler. + - bpo-43721: Fix docstrings of getter, setter, and deleter to + clarify that they create a new copy of the property. + - bpo-46503: Fix an assert when parsing some invalid N escape + sequences in f-strings. + - bpo-46417: Fix a race condition on setting a type __bases__ + attribute: the internal function add_subclass() now gets the + PyTypeObject.tp_subclasses member after calling + PyWeakref_NewRef() which can trigger a garbage collection + which can indirectly modify PyTypeObject.tp_subclasses. Patch + by Victor Stinner. + - bpo-46383: Fix invalid signature of _zoneinfo’s module_free + function to resolve a crash on wasm32-emscripten platform. + - bpo-46070: Py_EndInterpreter() now explicitly untracks all + objects currently tracked by the GC. Previously, if an object + was used later by another interpreter, calling + PyObject_GC_UnTrack() on the object crashed if the previous + or the next object of the PyGC_Head structure became + a dangling pointer. Patch by Victor Stinner. + - bpo-46339: Fix a crash in the parser when retrieving the + error text for multi-line f-strings expressions that do not + start in the first line of the string. Patch by Pablo Galindo + - bpo-46240: Correct the error message for unclosed parentheses + when the tokenizer doesn’t reach the end of the source when + the error is reported. Patch by Pablo Galindo + - bpo-46091: Correctly calculate indentation levels for lines + with whitespace character that are ended by line continuation + characters. Patch by Pablo Galindo + - bpo-43253: Fix a crash when closing transports where the + underlying socket handle is already invalid on the Proactor + event loop. + - bpo-47004: Apply bugfixes from importlib_metadata 4.11.3, + including bugfix for EntryPoint.extras, which was returning + match objects and not the extras strings. + - bpo-46985: Upgrade pip wheel bundled with ensurepip (pip + 22.0.4) + - bpo-46968: faulthandler: On Linux 5.14 and newer, dynamically + determine size of signal handler stack size CPython allocates + using getauxval(AT_MINSIGSTKSZ). This changes allows for + Python extension’s request to Linux kernel to use AMX_TILE + instruction set on Sapphire Rapids Xeon processor to succeed, + unblocking use of the ISA in frameworks. + - bpo-46955: Expose asyncio.base_events.Server as + asyncio.Server. Patch by Stefan Zabka. + - bpo-23325: The signal module no longer assumes that SIG_IGN + and SIG_DFL are small int singletons. + - bpo-46932: Update bundled libexpat to 2.4.7 + - bpo-25707: Fixed a file leak in + xml.etree.ElementTree.iterparse() when the iterator is not + exhausted. Patch by Jacob Walls. + - bpo-44886: Inherit asyncio proactor datagram transport from + asyncio.DatagramTransport. + - bpo-46827: Support UDP sockets in asyncio.loop.sock_connect() + for selector-based event loops. Patch by Thomas Grainger. + - bpo-46811: Make test suite support Expat >=2.4.5 + - bpo-46252: Raise TypeError if ssl.SSLSocket is passed to + transport-based APIs. + - bpo-46784: Fix libexpat symbols collisions with user + dynamically loaded or statically linked libexpat in embedded + Python. + - bpo-39327: shutil.rmtree() can now work with VirtualBox + shared folders when running from the guest operating-system. + - bpo-46756: Fix a bug in + urllib.request.HTTPPasswordMgr.find_user_password() and + urllib.request.HTTPPasswordMgrWithPriorAuth.is_authenticated() + which allowed to bypass authorization. For example, access to + URI example.org/foobar was allowed if the user was authorized + for URI example.org/foo. + - bpo-46643: In typing.get_type_hints(), support evaluating + stringified ParamSpecArgs and ParamSpecKwargs annotations. + Patch by Gregory Beauregard. + - bpo-45863: When the tarfile module creates a pax format + archive, it will put an integer representation of timestamps + in the ustar header (if possible) for the benefit of older + unarchivers, in addition to the existing full-precision + timestamps in the pax extended header. + - bpo-46676: Make typing.ParamSpec args and kwargs equal to + themselves. Patch by Gregory Beauregard. + - bpo-46672: Fix NameError in asyncio.gather() when initial + type check fails. + - bpo-46655: In typing.get_type_hints(), support evaluating + bare stringified TypeAlias annotations. Patch by Gregory + Beauregard. + - bpo-45948: Fixed a discrepancy in the C implementation of the + xml.etree.ElementTree module. Now, instantiating an + xml.etree.ElementTree.XMLParser with a target=None keyword + provides a default xml.etree.ElementTree.TreeBuilder target + as the Python implementation does. + - bpo-46521: Fix a bug in the codeop module that was + incorrectly identifying invalid code involving string quotes + as valid code. + - bpo-46581: Brings ParamSpec propagation for GenericAlias in + line with Concatenate (and others). + - bpo-46591: Make the IDLE doc URL on the About IDLE dialog + clickable. + - bpo-46400: expat: Update libexpat from 2.4.1 to 2.4.4 + - bpo-46487: Add the get_write_buffer_limits method to + asyncio.transports.WriteTransport and to the SSL transport. + - bpo-45173: Note the configparser deprecations will be removed + in Python 3.12. + - bpo-46539: In typing.get_type_hints(), support evaluating + stringified ClassVar and Final annotations inside Annotated. + Patch by Gregory Beauregard. + - bpo-46491: Allow typing.Annotated to wrap typing.Final and + typing.ClassVar. Patch by Gregory Beauregard. + - bpo-46436: Fix command-line option -d/--directory in module + http.server which is ignored when combined with command-line + option --cgi. Patch by Géry Ogam. + - bpo-41403: Make mock.patch() raise a TypeError with + a relevant error message on invalid arg. Previously it + allowed a cryptic AttributeError to escape. + - bpo-46474: In importlib.metadata.EntryPoint.pattern, avoid + potential REDoS by limiting ambiguity in consecutive + whitespace. + - bpo-46469: asyncio generic classes now return + types.GenericAlias in __class_getitem__ instead of the same + class. + - bpo-46434: pdb now gracefully handles help when __doc__ is + missing, for example when run with pregenerated optimized + .pyc files. + - bpo-46333: The __eq__() and __hash__() methods of + typing.ForwardRef now honor the module parameter of + typing.ForwardRef. Forward references from different modules + are now differentiated. + - bpo-46246: Add missing __slots__ to + importlib.metadata.DeprecatedList. Patch by Arie Bovenberg. + - bpo-46266: Improve day constants in calendar. + - Now all constants (MONDAY … SUNDAY) are documented, tested, + and added to __all__. + - bpo-46232: The ssl module now handles certificates with bit + strings in DN correctly. + - bpo-43118: Fix a bug in inspect.signature() that was causing + it to fail on some subclasses of classes with + a __text_signature__ referencing module globals. Patch by + Weipeng Hong. + - bpo-26552: Fixed case where failing asyncio.ensure_future() + did not close the coroutine. Patch by Kumar Aditya. + - bpo-21987: Fix an issue with tarfile.TarFile.getmember() + getting a directory name with a trailing slash. + - bpo-20392: Fix inconsistency with uppercase file extensions + in MimeTypes.guess_type(). Patch by Kumar Aditya. + - bpo-46080: Fix exception in argparse help text generation if + a argparse.BooleanOptionalAction argument’s default is + argparse.SUPPRESS and it has help specified. Patch by Felix + Fontein. + - bpo-44439: Fix .write() method of a member file in ZipFile, + when the input data is an object that supports the buffer + protocol, the file length may be wrong. + - bpo-45703: When a namespace package is imported before + another module from the same namespace is created/installed + in a different sys.path location while the program is + running, calling the importlib.invalidate_caches() function + will now also guarantee the new module is noticed. + - bpo-24959: Fix bug where unittest sometimes drops frames from + tracebacks of exceptions raised in tests. + - bpo-44791: Fix substitution of ParamSpec in Concatenate with + different parameter expressions. Substitution with a list of + types returns now a tuple of types. Substitution with + Concatenate returns now a Concatenate with concatenated lists + of arguments. + - bpo-14156: argparse.FileType now supports an argument of ‘-’ + in binary mode, returning the .buffer attribute of + sys.stdin/sys.stdout as appropriate. Modes including ‘x’ and + ‘a’ are treated equivalently to ‘w’ when argument is ‘-’. + Patch contributed by Josh Rosenberg + - bpo-46463: Fixes escape4chm.py script used when building the + CHM documentation file + - bpo-46913: Fix test_faulthandler.test_sigfpe() if Python is + built with undefined behavior sanitizer (UBSAN): disable + UBSAN on the faulthandler_sigfpe() function. Patch by Victor + Stinner. + - bpo-46708: Prevent default asyncio event loop policy + modification warning after test_asyncio execution. + - bpo-46678: The function make_legacy_pyc in + Lib/test/support/import_helper.py no longer fails when + PYTHONPYCACHEPREFIX is set to a directory on a different + device from where tempfiles are stored. + - bpo-46616: Ensures test_importlib.test_windows cleans up + registry keys after completion. + - bpo-44359: test_ftplib now silently ignores socket errors to + prevent logging unhandled threading exceptions. Patch by + Victor Stinner. + - bpo-46542: Fix a Python crash in test_lib2to3 when using + Python built in debug mode: limit the recursion limit. Patch + by Victor Stinner. + - bpo-46576: test_peg_generator now disables compiler + optimization when testing compilation of its own C extensions + to significantly speed up the testing on non-debug builds of + CPython. + - bpo-46542: Fix test_json tests checking for RecursionError: + modify these tests to use support.infinite_recursion(). Patch + by Victor Stinner. + - bpo-13886: Skip test_builtin PTY tests on non-ASCII + characters if the readline module is loaded. The readline + module changes input() behavior, but test_builtin is not + intented to test the readline module. Patch by Victor + Stinner. + - bpo-38472: Fix GCC detection in setup.py when + cross-compiling. The C compiler is now run with LC_ALL=C. + Previously, the detection failed with a German locale. + - bpo-46513: configure no longer uses AC_C_CHAR_UNSIGNED macro + and pyconfig.h no longer defines reserved symbol + __CHAR_UNSIGNED__. + - bpo-45296: Clarify close, quit, and exit in IDLE. In the File + menu, ‘Close’ and ‘Exit’ are now ‘Close Window’ (the current + one) and ‘Exit’ is now ‘Exit IDLE’ (by closing all windows). + In Shell, ‘quit()’ and ‘exit()’ mean ‘close Shell’. If there + are no other windows, this also exits IDLE. + - bpo-45447: Apply IDLE syntax highlighting to pyi files. Patch + by Alex Waygood and Terry Jan Reedy. + - bpo-46433: The internal function _PyType_GetModuleByDef now + correctly handles inheritance patterns involving static + types. + - bpo-14916: Fixed bug in the tokenizer that prevented + PyRun_InteractiveOne from parsing from the provided FD. + +- Remove upstreamed patches: + - support-expat-245.patch + +------------------------------------------------------------------- +Tue Feb 22 05:53:06 UTC 2022 - Steve Kowalik + +- Add patch support-expat-245.patch: + * Support Expat >= 2.4.5 + +------------------------------------------------------------------- +Tue Feb 15 23:05:55 UTC 2022 - Matej Cepl + +- bsc#1195831 Obsolete older "most modern" versions of python + packages (python39 for python310 and so forth). For next + versions it is necessary just to edit the macro. + +------------------------------------------------------------------- +Tue Jan 25 16:09:25 UTC 2022 - Matej Cepl + +- Remove second superfluous BR rpm-build-python + +------------------------------------------------------------------- +Tue Jan 25 16:09:25 UTC 2022 - Matej Cepl + +- Remove second superfluous BR rpm-build-python +- Add fix_configure_rst.patch, which removes duplicate link + targets and make documentation with old Sphinx in SLE +- Skip test_capi (bsc#1195140 and bpo#37169) + +------------------------------------------------------------------- +Wed Jan 19 22:01:51 UTC 2022 - Matej Cepl + +- Update to 3.10.2: + Bugfix only + - bpo#46347 memory leak in PyEval_EvalCodeEx (especially + visible with Cython code) + - and many others + +------------------------------------------------------------------- +Wed Dec 8 13:07:25 UTC 2021 - Matej Cepl + +- Upgrade to 3.10.1 (jsc#SLE-18038): + - PEP 623 – Deprecate and prepare for the removal of the wstr + member in PyUnicodeObject. + - PEP 604 – Allow writing union types as X | Y + - PEP 612 – Parameter Specification Variables + - PEP 626 – Precise line numbers for debugging and other tools. + - PEP 618 – Add Optional Length-Checking To zip. + - bpo-12782: Parenthesized context managers are now officially + allowed. + - PEP 632 – Deprecate distutils module. + - PEP 613 – Explicit Type Aliases + - PEP 634 – Structural Pattern Matching: Specification + - PEP 635 – Structural Pattern Matching: Motivation and + Rationale + - PEP 636 – Structural Pattern Matching: Tutorial + - PEP 644 – Require OpenSSL 1.1.1 or newer + - PEP 624 – Remove Py_UNICODE encoder APIs + - PEP 597 – Add optional EncodingWarning +- Patches readjusted: + - bpo-31046_ensurepip_honours_prefix.patch + - python-3.3.0b1-fix_date_time_compiler.patch + +------------------------------------------------------------------- +Sat Dec 4 18:40:28 UTC 2021 - Matej Cepl + +- Remove pdb_adjust_breakpoints.patch and instead just adjust location + of the test breakpoint in Lib/test/test_pdb.py via sed, because we + have shortened Lib/pdb.py by removing the shebang (bpo#45964). + +------------------------------------------------------------------- +Thu Dec 2 13:51:57 UTC 2021 - Matej Cepl + +- Add pdb_adjust_breakpoints.patch fixing expectd results in + test_pdb_breakpoints_preserved_across_interactive_sessions + (bpo#45964). + +------------------------------------------------------------------- +Mon Nov 29 00:17:07 UTC 2021 - Matej Cepl + +- Remove shebangs from from python-base libraries in _libdir + (bsc#1193179). +- Readjust patches: + - bpo-31046_ensurepip_honours_prefix.patch + - decimal.patch + - python-3.3.0b1-fix_date_time_compiler.patch + +------------------------------------------------------------------- +Tue Nov 16 16:03:43 UTC 2021 - Matej Cepl + +- Move rpm-build-python construct to correct place. + +------------------------------------------------------------------- +Wed Oct 13 08:52:47 UTC 2021 - Dominique Leuenberger + +- BuildRequire rpm-build-python: The provider to inject python(abi) + has been moved there. rpm-build pulls rpm-build-python + automatically in when building anything against python3-base, but + this implies that the initial build of python3-base does not + trigger the automatic installation. + +------------------------------------------------------------------- +Tue Oct 5 22:36:51 UTC 2021 - Matej Cepl + +- Final release of 3.10.0: + Complete list on https://www.python.org/downloads/release/python-3100/, + but highlights are: + - PEP 623 – Deprecate and prepare for the removal of the wstr + member in PyUnicodeObject. + - PEP 604 – Allow writing union types as X | Y + - PEP 612 – Parameter Specification Variables + - PEP 626 – Precise line numbers for debugging and other + tools. + - PEP 618 – Add Optional Length-Checking To zip. + - PEP 632 – Deprecate distutils module. + - PEP 613 – Explicit Type Aliases + - PEP 634 – Structural Pattern Matching: Specification + - PEP 635 – Structural Pattern Matching: Motivation and + Rationale + - PEP 636 – Structural Pattern Matching: Tutorial + - PEP 644 – Require OpenSSL 1.1.1 or newer + - PEP 624 – Remove Py_UNICODE encoder APIs + - PEP 597 – Add optional EncodingWarning + - bpo-12782: Parenthesized context managers are now officially + allowed. + +------------------------------------------------------------------- +Mon Aug 30 12:48:25 UTC 2021 - Matej Cepl + +- Switch on option --with-system-libmpdec (bsc#1189356). + +------------------------------------------------------------------- +Fri Aug 27 13:15:03 UTC 2021 - Andreas Schwab + +- Reenable profileopt with qemu emulation, test_faulthandler is no longer + run during profiling + +------------------------------------------------------------------- +Thu Aug 12 15:11:39 UTC 2021 - Andreas Schwab + +- test_faulthandler is still problematic under qemu linux-user emulation, + disable it there + +------------------------------------------------------------------- +Wed Aug 11 05:57:11 UTC 2021 - Matej Cepl + +- Update to 3.10.0rc1 (the penultimate prerelease), which contains + plenty of small bugfixes among others: + - bpo#38605: from __future__ import annotations (PEP 563) used to be + on this list in previous pre-releases but it has been postponed to + Python 3.11 due to some compatibility concerns. + - bpo-44600: Fix incorrect line numbers while tracing some failed + patterns in match statements. Patch by Charles Burkland. + - plenty of modifications in types.Union + +------------------------------------------------------------------- +Wed Jul 21 13:44:48 UTC 2021 - Matej Cepl + +- Update to 3.10.0b4: + https://docs.python.org/3.10/whatsnew/changelog.html#python-3-10-0-beta-4 +- Remove python3-imp-returntype.patch which has been upstreamed. + +------------------------------------------------------------------- +Mon Jun 7 15:52:44 UTC 2021 - Matej Cepl + +- Update to 3.10.0b2: + - PEP 623 -- Deprecate and prepare for the removal of the wstr + member in PyUnicodeObject. + - PEP 604 -- Allow writing union types as X | Y + - PEP 612 -- Parameter Specification Variables + - PEP 626 -- Precise line numbers for debugging and other + tools. + - PEP 618 -- Add Optional Length-Checking To zip. + - bpo-12782: Parenthesized context managers are now officially + allowed. + - PEP 632 -- Deprecate distutils module. + - PEP 613 -- Explicit Type Aliases + - PEP 634 -- Structural Pattern Matching: Specification + - PEP 635 -- Structural Pattern Matching: Motivation and + Rationale + - PEP 636 -- Structural Pattern Matching: Tutorial + - PEP 644 -- Require OpenSSL 1.1.1 or newer + - PEP 624 -- Remove Py_UNICODE encoder APIs + - PEP 597 -- Add optional EncodingWarning +- Removed patches (assumed upstream): + - sphinx-update-removed-function.patch + +------------------------------------------------------------------- +Sat Jun 5 21:21:38 UTC 2021 - Matej Cepl + +- Revert previous skip over test_capi +- Add skip-test_pyobject_freed_is_freed.patch to skip failing + test on SLE-15. + +------------------------------------------------------------------- +Fri Jun 4 21:36:30 UTC 2021 - Dirk Müller + +- allow build with Sphinx >= 3.x + +------------------------------------------------------------------- +Wed Jun 2 13:12:04 UTC 2021 - Dan Čermák + +- Exclude test_capi on Leap (test fails there) + +------------------------------------------------------------------- +Fri May 21 15:13:59 UTC 2021 - Matej Cepl + +- Stop providing "python" symbol (bsc#1185588), which means + python2 currently. + +------------------------------------------------------------------- +Wed May 5 15:16:58 UTC 2021 - Matej Cepl + +- Update to 3.9.5: + * Security + - bpo-43434: Creating a sqlite3.Connection object now also + produces a sqlite3.connect auditing event. Previously this + event was only produced by sqlite3.connect() calls. Patch + by Erlend E. Aasland. + - bpo-43882: The presence of newline or tab characters in + parts of a URL could allow some forms of attacks. + - Following the controlling specification for URLs defined by + WHATWG urllib.parse() now removes ASCII newlines and tabs + from URLs, preventing such attacks. + - bpo-43472: Ensures interpreter-level audit hooks receive + the cpython.PyInterpreterState_New event when called + through the _xxsubinterpreters module. + - bpo-36384: ipaddress module no longer accepts any leading + zeros in IPv4 address strings. Leading zeros are ambiguous + and interpreted as octal notation by some libraries. For + example the legacy function socket.inet_aton() treats + leading zeros as octal notatation. glibc implementation of + modern inet_pton() does not accept any leading zeros. For + a while the ipaddress module used to accept ambiguous + leading zeros. + - bpo-43075: Fix Regular Expression Denial of Service (ReDoS) + vulnerability in urllib.request.AbstractBasicAuthHandler. + The ReDoS-vulnerable regex has quadratic worst-case + complexity and it allows cause a denial of service when + identifying crafted invalid RFCs. This ReDoS issue is on + the client side and needs remote attackers to control the + HTTP server. + - bpo-42800: Audit hooks are now fired for frame.f_code, + traceback.tb_frame, and generator code/frame attribute + access. + * Core and Builtins + - bpo-43105: Importlib now resolves relative paths when + creating module spec objects from file locations. + - bpo-42924: Fix bytearray repetition incorrectly copying + data from the start of the buffer, even if the data is + offset within the buffer (e.g. after reassigning a slice at + the start of the bytearray to a shorter byte string). + * Library + - bpo-43993: Update bundled pip to 21.1.1. + - bpo-43937: Fixed the turtle module working with non-default + root window. + - bpo-43930: Update bundled pip to 21.1 and setuptools to + 56.0.0 + - bpo-43920: OpenSSL 3.0.0: load_verify_locations() now + returns a consistent error message when cadata contains no + valid certificate. + - bpo-43607: urllib can now convert Windows paths with \\?\ + prefixes into URL paths. + - bpo-43284: platform.win32_ver derives the windows version + from sys.getwindowsversion().platform_version which in turn + derives the version from kernel32.dll (which can be of + a different version than Windows itself). Therefore change + the platform.win32_ver to determine the version using the + platform module’s _syscmd_ver private function to return an + accurate version. + - bpo-42248: [Enum] ensure exceptions raised in _missing__ + are released + - bpo-43799: OpenSSL 3.0.0: define OPENSSL_API_COMPAT 1.1.1 + to suppress deprecation warnings. Python requires OpenSSL + 1.1.1 APIs. + - bpo-43794: Add ssl.OP_IGNORE_UNEXPECTED_EOF constants + (OpenSSL 3.0.0) + - bpo-43789: OpenSSL 3.0.0: Don’t call the password callback + function a second time when first call has signaled an + error condition. + - bpo-43788: The header files for ssl error codes are now + OpenSSL version-specific. Exceptions will now show correct + reason and library codes. The make_ssl_data.py script has + been rewritten to use OpenSSL’s text file with error codes. + - bpo-43655: tkinter dialog windows are now recognized as + dialogs by window managers on macOS and X Window. + - bpo-43534: turtle.textinput() and turtle.numinput() create + now a transient window working on behalf of the canvas + window. + - bpo-43522: Fix problem with hostname_checks_common_name. + OpenSSL does not copy hostflags from struct SSL_CTX to + struct SSL. + - bpo-42967: Allow bytes separator argument in + urllib.parse.parse_qs and urllib.parse.parse_qsl when + parsing str query strings. Previously, this raised + a TypeError. + - bpo-43176: Fixed processing of a dataclass that inherits + from a frozen dataclass with no fields. It is now correctly + detected as an error. + - bpo-41735: Fix thread locks in zlib module may go wrong in + rare case. Patch by Ma Lin. + - bpo-36470: Fix dataclasses with InitVars and replace(). + Patch by Claudiu Popa. + - bpo-32745: Fix a regression in the handling of ctypes’ + ctypes.c_wchar_p type: embedded null characters would cause + a ValueError to be raised. Patch by Zackery Spytz. + * Documentation + - bpo-43959: The documentation on the PyContextVar C-API was + clarified. + - bpo-43938: Update dataclasses documentation to express that + FrozenInstanceError is derived from AttributeError. + - bpo-43755: Update documentation to reflect that + unparenthesized lambda expressions can no longer be the + expression part in an if clause in comprehensions and + generator expressions since Python 3.9. + - bpo-43739: Fixing the example code in + Doc/extending/extending.rst to declare and initialize the + pmodule variable to be of the right type. + * Tests + - bpo-43961: Fix + test_logging.test_namer_rotator_inheritance() on Windows: + use os.replace() rather than os.rename(). Patch by Victor + Stinner. + - bpo-43842: Fix a race condition in the SMTP test of + test_logging. Don’t close a file descriptor (socket) from + a different thread while asyncore.loop() is polling the + file descriptor. Patch by Victor Stinner. + - bpo-43811: Tests multiple OpenSSL versions on GitHub + Actions. Use ccache to speed up testing. + - bpo-43791: OpenSSL 3.0.0: Disable testing of legacy + protocols TLS 1.0 and 1.1. Tests are failing with + TLSV1_ALERT_INTERNAL_ERROR. +- Refreshed patches: + - bpo-31046_ensurepip_honours_prefix.patch + - python-3.3.0b1-fix_date_time_compiler.patch +- Add vendorized files from bluez-devel to enable building support for + Bluetooth. + +------------------------------------------------------------------- +Sun May 2 09:20:06 UTC 2021 - Ben Greiner + +- Make sure to close the import_failed.map file after the exception + has been raised in order to avoid ResourceWarnings when the + failing import is part of a try...except block. + +------------------------------------------------------------------- +Wed Apr 28 16:39:54 UTC 2021 - Matej Cepl + +- Update to 3.9.4: + - bpo#43710: Reverted the fix for https://bugs.python.org/issue42500 + as it changed the PyThreadState struct size and broke the 3.9.x ABI + in the 3.9.3 release (visible on 32-bit platforms using binaries + compiled using an earlier version of Python 3.9.x headers). + - bpo#26053: Fixed bug where the pdb interactive run command echoed + the args from the shell command line, even if those have been + overridden at the pdb prompt. + - bpo#42988 (bsc#1183374) CVE-2021-3426: Remove the getfile + feature of the pydoc module which could be abused to read + arbitrary files on the disk (directory traversal + vulnerability). Moreover, even source code of Python modules + can contain sensitive data like passwords. Vulnerability + reported by David Schwörer. + - bpo#43285: ftplib no longer trusts the IP address value + returned from the server in response to the PASV command by + default. This prevents a malicious FTP server from using the + response to probe IPv4 address and port combinations on the + client network. Code that requires the former vulnerable + behavior may set a trust_server_pasv_ipv4_address attribute + on their ftplib.FTP instances to True to re-enable it. + - bpo#43439: Add audit hooks for gc.get_objects(), + gc.get_referrers() and gc.get_referents(). Patch by Pablo + Galindo. + - bpo#43660: Fix crash that happens when replacing sys.stderr + with a callable that can remove the object while an exception + is being printed. Patch by Pablo Galindo. + - bpo#43555: Report the column offset for SyntaxError for + invalid line continuation characters. Patch by Pablo Galindo. + - bpo#43517: Fix misdetection of circular imports when using + from pkg.mod import attr, which caused false positives in + non-trivial multi-threaded code. + - bpo#35883: Python no longer fails at startup with a fatal + error if a command line argument contains an invalid Unicode + character. The Py_DecodeLocale() function now escapes byte + sequences which would be decoded as Unicode characters + outside the [U+0000; U+10ffff] range. + - bpo#43406: Fix a possible race condition where + PyErr_CheckSignals tries to execute a non-Python signal + handler. + - bpo#42500: Improve handling of exceptions near recursion + limit. Converts a number of Fatal Errors in RecursionErrors. + - bpo#43433: xmlrpc.client.ServerProxy no longer ignores query + and fragment in the URL of the server. + - bpo#35930: Raising an exception raised in a “future” instance + will create reference cycles. + - bpo#43577: Fix deadlock when using ssl.SSLContext debug + callback with ssl.SSLContext.sni_callback(). + - bpo#43521: ast.unparse can now render NaNs and empty sets. + - bpo#43423: subprocess.communicate() no longer raises an + IndexError when there is an empty stdout or stderr IO buffer + during a timeout on Windows. + - bpo#27820: Fixed long-standing bug of smtplib.SMTP where + doing AUTH LOGIN with initial_response_ok=False will fail. + The cause is that SMTP.auth_login _always_ returns a password + if provided with a challenge string, thus non-compliant with + the standard for AUTH LOGIN. Also fixes bug with the test for + smtpd. + - bpo#43332: Improves the networking efficiency of http.client + when using a proxy via set_tunnel(). Fewer small send calls + are made during connection setup. + - bpo#43399: Fix ElementTree.extend not working on iterators + when using the Python implementation + - bpo#43316: The python -m gzip command line application now + properly fails when detecting an unsupported extension. It + exits with a non-zero exit code and prints an error message + to stderr. + - bpo#43260: Fix TextIOWrapper can not flush internal buffer + forever after very large text is written. + - bpo#42782: Fail fast in shutil.move() to avoid creating + destination directories on failure. + - bpo#37193: Fixed memory leak in socketserver.ThreadingMixIn + introduced in Python 3.7. + - bpo#43199: Answer “Why is there no goto?” in the Design and + History FAQ. + - bpo#43407: Clarified that a result from time.monotonic(), + time.perf_counter(), time.process_time(), or + time.thread_time() can be compared with the result from any + following call to the same function - not just the next + immediate call. + - bpo#27646: Clarify that ‘yield from ’ works with any + iterable, not just iterators. + - bpo#36346: Update some deprecated unicode APIs which are + documented as “will be removed in 4.0” to “3.12”. See PEP 623 + for detail. + - bpo#37945: Fix test_getsetlocale_issue1813() of test_locale: + skip the test if setlocale() fails. Patch by Victor Stinner. + - bpo#41561: Add workaround for Ubuntu’s custom OpenSSL + security level policy. + - bpo#43288: Fix test_importlib to correctly skip Unicode file + tests if the fileystem does not support them. + - bpo#43617: Improve configure.ac: Check for presence of + autoconf-archive package and remove our copies of M4 macros. + - bpo#42225: Document that IDLE can fail on Unix either from + misconfigured IP masquerage rules or failure displaying + complex colored (non-ascii) characters. + - bpo#43283: Document why printing to IDLE’s Shell is often + slower than printing to a system terminal and that it can be + made faster by pre-formatting a single string before + printing. + +------------------------------------------------------------------- +Fri Feb 19 16:58:38 UTC 2021 - Matej Cepl + +- Update to 3.9.2: + - bpo#42938 (bsc#1181126): Avoid static buffers when computing + the repr of ctypes.c_double and ctypes.c_longdouble + values. This issue was assigned CVE-2021-3177. + - bpo#42967 (bsc#1182379): Fix web cache poisoning + vulnerability by defaulting the query args separator to &, + and allowing the user to choose a custom separator. This + issue was assigned CVE-2021-23336. +- Upstreamed patches were removed: + - CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch + - bsc1167501-invalid-alignment.patch + - skip_random_failing_tests.patch + - CVE-2019-5010-null-defer-x509-cert-DOS.patch + +------------------------------------------------------------------- +Tue Feb 9 01:37:59 UTC 2021 - Steve Kowalik + +- Add Obsoletes for python3-base when primary interpreter is set to + properly replace it during upgrades. (bsc#1181324) + +------------------------------------------------------------------- +Mon Feb 8 22:02:03 UTC 2021 - Matej Cepl + +- Update to 3.9.1: + Security bugs: + - Prevented potential DoS attack via CPU and RAM exhaustion + when processing malformed Apple Property List files in binary + format. + - The plistlib module no longer accepts entity declarations in + XML plist files to avoid XML vulnerabilities. This should not + affect users as entity declarations are not used in regular + plist files. + - Add volatile to the accumulator variable in + hmac.compare_digest, making constant-time-defeating + optimizations less likely. + Core and Builtins + - Allow assignment expressions in set literals and set + comprehensions as per PEP 572. Patch by Pablo Galindo. + - Fix a regression introduced by the new parser, where an + unparenthesized walrus operator was not allowed within + generator expressions. + - types.GenericAlias objects can now be the targets of + weakrefs. + - Fixed a bug in the PEG parser that was causing crashes in + debug mode. Now errors are checked in left-recursive rules to + avoid cases where such errors do not get handled in time and + appear as long-distance crashes in other places. + - Fixed a possible crash in the PEG parser when checking for + the ‘!=’ token in the barry_as_flufl rule. Patch by Pablo + Galindo. + - Fix handling of errors during creation of PyFunctionObject, + which resulted in operations on uninitialized memory. Patch + by Yonatan Goldschmidt. + - Fix a bug in the parser, where a curly brace following + a primary didn’t fail immediately. This led to invalid + expressions like a {b} to throw a SyntaxError with a wrong + offset, or invalid expressions ending with a curly brace like + a { to not fail immediately in the REPL. + - Fix possible buffer overflow in the new parser when checking + for continuation lines. Patch by Pablo Galindo. + - Run the parser two times. On the first run, disable all the + rules that only generate better error messages to gain + performance. If there’s a parse failure, run the parser + a second time with those enabled. + - Document the default implementation of object.__eq__. + - Fix peephole optimizer misoptimize conditional jump + + JUMP_IF_NOT_EXC_MATCH pair. + - The garbage collector now tracks all user-defined classes. + Patch by Brandt Bucher. + - Fixed potential issues with removing not completely + initialized module from sys.modules when import fails. + - Star-unpacking is now allowed for with item’s targets in the + PEG parser. + - Fixed stack overflow in issubclass() and isinstance() when + getting the __bases__ attribute leads to infinite recursion. + - When loading a native module and a load failure occurs, + prevent a possible UnicodeDecodeError when not running in + a UTF-8 locale by decoding the load error message using the + current locale’s encoding. + - Correctly count control blocks in ‘except’ in compiler. + Ensures that a syntax error, rather a fatal error, occurs for + deeply nested, named exception handlers. + Library + - types.GenericAlias will now raise a TypeError when attempting + to initialize with a keyword argument. Previously, this would + cause the interpreter to crash if the interpreter was + compiled with debug symbols. This does not affect + interpreters compiled for release. Patch by Ken Jin. + - CGIHTTPRequestHandler.run_cgi() HTTP_ACCEPT improperly + parsed. Replace the special purpose getallmatchingheaders + with generic get_all method and add relevant tests. + - inspect.findsource() now raises OSError instead of IndexError + when co_lineno of a code object is greater than the file + length. This can happen, for example, when a file is edited + after it was imported. PR by Irit Katriel. + - Fix handling of trailing comments by inspect.getsource(). + - ChainMap.__iter__ no longer calls __getitem__ on underlying + maps + - TracebackException no longer holds a reference to the + exception’s traceback object. Consequently, instances of + TracebackException for equivalent but non-equal exceptions + now compare as equal. + - We fixed an issue in pickle.whichmodule in which importing + multiprocessing could change the how pickle identifies which + module an object belongs to, potentially breaking the + unpickling of those objects. + - Clarify the error message for asyncio.IncompleteReadError + when expected is None. + - Extracting a symlink from a tarball should succeed and + overwrite the symlink if it already exists. The fix is to + remove the existing file or symlink before extraction. Based + on patch by Chris AtLee, Jeffrey Kintscher, and Senthil + Kumaran. + - Fixed tkinter.ttk.Style.map(). The function accepts now the + representation of the default state as empty sequence (as + returned by Style.map()). The structure of the result is now + the same on all platform and does not depend on the value of + wantobjects. + - Fix various issues with typing.Literal parameter handling + (flatten, deduplicate, use type to cache key). Patch provided + by Yurii Karabas. + - Fix the threading.Thread class at fork: do nothing if the + thread is already stopped (ex: fork called at Python exit). + Previously, an error was logged in the child process. + - The onerror callback from shutil.rmtree now receives correct + function when os.open fails. + - Fix os.sendfile() on illumos. + - Fixed writing binary Plist files larger than 4 GiB. + - The repr() of typing types containing Generic Alias Types + previously did not show the parameterized types in the + GenericAlias. They have now been changed to do so. + - webbrowser: Ignore NotADirectoryError when calling + xdg-settings. + - binhex.binhex() consisently writes macOS 9 line endings. + - Fix a stack overflow error for asyncio Task or Future repr(). + - The overflow occurs under some circumstances when a Task or + Future recursively returns itself. + - Fix memory leak in subprocess.Popen() in case an uid (gid) + specified in user (group, extra_groups) overflows uid_t + (gid_t). + - Improve asyncio.wait function to create the futures set just + one time. + - InvalidFileException and RecursionError are now the only + errors caused by loading malformed binary Plist file + (previously ValueError and TypeError could be raised in some + specific cases). + - Pickling heap types implemented in C with protocols 0 and + 1 raises now an error instead of producing incorrect data. + - plistlib: fix parsing XML plists with hexadecimal integer + values + - Fix an incorrectly formatted error from + _codecs.charmap_decode() when called with a mapped value + outside the range of valid Unicode code points. PR by Max + Bernstein. + - Fix pickling pure Python datetime.time subclasses. Patch by + Dean Inwood. + - Fixed a bug that was causing ctypes.util.find_library() to + return None when triying to locate a library in an + environment when gcc>=9 is available and ldconfig is not. + Patch by Pablo Galindo + - C14N 2.0 serialisation in xml.etree.ElementTree failed for + unprefixed attributes when a default namespace was defined. + - Fix a bug in the symtable module that was causing + module-scope global variables to not be reported as both + local and global. Patch by Pablo Galindo. + - str() for the type attribute of the tkinter.Event object + always returns now the numeric code returned by Tk instead of + the name of the event type. + - fix tkinter.EventType Enum so all members are strings, and + none are tuples + - Fix SQLite3 segfault when backing up closed database. Patch + contributed by Peter David McCormick. + - Fix the tarfile module to write only basename of TAR file to + GZIP compression header. + - Allow ctypes.wintypes to be imported on non-Windows systems. + - shutil.which() now ignores empty entries in PATHEXT instead + of treating them as a match. + - Fix time-of-check/time-of-action issue in + subprocess.Popen.send_signal. + - Fix --outfile for cProfile / profile not writing the output + file in the original directory when the program being + profiled changes the working directory. PR by Anthony + Sottile. + - ZipFile truncates files to avoid corruption when a shorter + comment is provided in append (“a”) mode. Patch by Jan Mazur. + - Fixed KeyError exception when flattening an email to a string + attempts to replace a non-existent Content-Transfer-Encoding + header. + Documentation + - Fix the URL for the IMAP protocol documents. + - Document __format__ functionality for IP addresses. + - Clarify that subscription expressions are also valid for + certain classes and types in the standard library, and for + user-defined classes and types if the classmethod + __class_getitem__() is provided. + - Documented generic alias type and types.GenericAlias. Also + added an entry in glossary for generic types. + - In Programming FAQ “Sequences (Tuples/Lists)” section, add + “How do you remove multiple items from a list”. + - Fix RemovedInSphinx40Warning when building the documentation. + Patch by Dong-hee Na. + - Update the refcounts info of PyType_FromModuleAndSpec. + - Fix tarfile’s extractfile documentation + - Document some restrictions on the default string + representations of numeric classes. + Tests + - Reenable test_gdb on gdb 9.2 and newer: + https://bugzilla.redhat.com/show_bug.cgi?id=1866884 bug is + fixed in gdb 10.1. + - Fix test_asyncio.test_call_later() race condition: don’t + measure asyncio performance in the call_later() unit test. + The test failed randomly on the CI. + - Include _testinternalcapi module in Windows installer for + test suite + - Fix test_logging.test_race_between_set_target_and_flush(): + the test now waits until all threads complete to avoid + leaking running threads. + - Avoid a test failure in test_lib2to3 if the module has + already imported at the time the test executes. Patch by + Pablo Galindo. + - Tests for CJK codecs no longer call eval() on content + received via HTTP. + - Fix test_site.test_license_exists_at_url(): call + urllib.request.urlcleanup() to reset the global + urllib.request._opener. Patch by Victor Stinner. + - test_ssl: skip test_min_max_version_mismatch when TLS 1.0 is + not available + - Add tests for SIGINT handling in the runpy module. + - Fixed a failure in test_tk.test_widgets.ScaleTest happening + when executing the test with Tk 8.6.10. + Build + - Fix a race condition in “make regen-all” when make -jN option + is used to run jobs in parallel. The clinic.py script now + only use atomic write to write files. Moveover, generated + files are now left unchanged if the content does not change, + to not change the file modification time. + - Update Py_UNREACHABLE to use __builtin_unreachable() if only + the compiler is able to use it. Patch by Dong-hee Na. + - Addressed three compiler warnings found by undefined behavior + sanitizer (ubsan). + IDLE + - Fix reporting offset of the RE error in searchengine. + - Get docstrings for IDLE calltips more often by using + inspect.getdoc. + - Mostly finish using ttk widgets, mainly for editor, settings, + and searches. Some patches by Mark Roseman. + - Use ‘IDLE Shell’ as shell title + - Rewrite the Calltips doc section. + - In calltips, stop reminding that ‘/’ marks the end of + positional-only arguments. + - Typing opening and closing parentheses inside the parentheses + of a function call will no longer cause unnecessary + “flashing” off and on of an existing open call-tip, e.g. when + typed in a string literal. + C API + - Fix potential crash in deallocating method objects when + dynamically allocated PyMethodDef’s lifetime is managed + through the self argument of a PyCFunction. + - Py_FileSystemDefaultEncodeErrors and Py_UTF8Mode are + available again in limited API. +- Readjustet and reapplied patches: + - CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch + - bpo-31046_ensurepip_honours_prefix.patch + - python-3.3.0b1-fix_date_time_compiler.patch + - skip_random_failing_tests.patch + - sphinx-update-removed-function.patch + +------------------------------------------------------------------- +Fri Jan 29 17:22:48 UTC 2021 - Matej Cepl + +- Add CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch fixing + bsc#1181126 (CVE-2021-3177) buffer overflow in PyCArg_repr in + _ctypes/callproc.c, which may lead to remote code execution. + +------------------------------------------------------------------- +Tue Jan 5 09:15:36 UTC 2021 - Matej Cepl + +- (bsc#1180125) We really don't Require python-rpm-macros package. + Unnecessary dependency. + +------------------------------------------------------------------- +Wed Dec 16 16:08:42 UTC 2020 - Matej Cepl + +- Make python39-doc building again +- Add no-skipif-doctests.patch, because SLE-15 version of Sphinx + doesn't know about skipif directive in doctests. + +------------------------------------------------------------------- +Sat Dec 12 14:29:33 UTC 2020 - Matej Cepl + +- Update sphinx-update-removed-function.patch patch to the latest + version in python36. + +------------------------------------------------------------------- +Thu Dec 10 00:26:51 UTC 2020 - Benjamin Greiner + +- Last try before this results in an editwar: + * remove importlib_resources and importlib-metadata + provides/obsoletes + * import importlib_resources is not the same as + import importlib.resources, same for metadata + * The backport packages from PyPI needed for older flavors are + specified as such for setuptools or in pyproject.toml. If a + package requires them they typically add them with a python + version qualifier and the packages have their own version + numbers. + +------------------------------------------------------------------- +Sat Dec 5 16:55:12 UTC 2020 - Matej Cepl + +- Add patch sphinx-update-removed-function.patch to no longer call + a now removed function and to make documentation build independent of + the Sphinx version (bsc#1179630, gh#python/cpython#13236). + +------------------------------------------------------------------- +Fri Nov 13 17:20:08 UTC 2020 - Matej Cepl + +- Don't require packages which break build on SLE-15 although we really + don't need them (python3-python-docs-theme and + python3-sphinxcontrib-qthelp). + +------------------------------------------------------------------- +Fri Oct 9 16:05:50 UTC 2020 - Dominique Leuenberger + +- Fix build with RPM 4.16: error: bare words are no longer + supported, please use "...": x86 == ppc. + +------------------------------------------------------------------- +Tue Oct 6 07:30:56 UTC 2020 - Matej Cepl + +- Update to the final version 3.9.0: + Complete changelog with all (many) + changes from previous version is on + https://docs.python.org/release/3.9.0/whatsnew/3.9.html + Changes from the previous RC versions (not that many) are on + https://docs.python.org/release/3.9.0/whatsnew/changelog.html#changelog + +------------------------------------------------------------------- +Fri Sep 25 06:58:03 UTC 2020 - Dominique Leuenberger + +- Buildrequire timezone only for general flavor. It's used in this + flavor for the test suite. + +------------------------------------------------------------------- +Wed Sep 2 14:39:44 UTC 2020 - Matej Cepl + +- Update to 3.9.0rc1: + * Core and Builtins + - bpo-38156: Handle interrupts that come after EOF + correctly in PyOS_StdioReadline. + * Library + - bpo-41497: Fix potential UnicodeDecodeError in dis + module. + - bpo-41490: Update ensurepip to install pip 20.2.1 and + setuptools 49.2.1. + - bpo-41467: On Windows, fix asyncio recv_into() return + value when the socket/pipe is closed (BrokenPipeError): + return 0 rather than an empty byte string (b''). + - bpo-41425: Make tkinter doc example runnable. + - bpo-41384: Raise TclError instead of TypeError when an + unknown option is passed to tkinter.OptionMenu. + - bpo-38731: Fix NameError in command-line interface of + py_compile. + - bpo-41317: Use add_done_callback() in + asyncio.loop.sock_accept() to unsubscribe reader early on + cancellation. + - bpo-41364: Reduce import overhead of uuid. + - bpo-41341: Recursive evaluation of typing.ForwardRef in + get_type_hints. + - bpo-41182: selector: use DefaultSelector based upon + implementation + - bpo-40726: Handle cases where the end_lineno is None on + ast.increment_lineno(). + * Documentation + - bpo-41045: Add documentation for debug feature of + f-strings. + - bpo-41314: Changed the release when from __future__ + import annotations becomes the default from 4.0 to 3.10 + (following a change in PEP 563). + * Windows + - bpo-41492: Fixes the description that appears in UAC + prompts. + - bpo-40948: Improve post-install message to direct people + to the “py” command. + - bpo-41412: The installer will now fail to install on + Windows 7 and Windows 8. Further, the UCRT dependency is + now always downloaded on demand. + - bpo-40741: Update Windows release to include SQLite + 3.32.3. + * IDLE + - bpo-41468: Improve IDLE run crash error message (which + users should never see). + - bpo-41373: Save files loaded with no line ending, as when + blank, or different line endings, by setting its line + ending to the system default. Fix regression in 3.8.4 and + 3.9.0b4. + +------------------------------------------------------------------- +Tue Sep 1 10:15:06 UTC 2020 - Matej Cepl + +- Synchronize formatting and fixes with python38. + +------------------------------------------------------------------- +Thu Aug 20 15:41:28 UTC 2020 - Andreas Schwab + +- Increase testsuite timeout to account for super long running + test_peg_generator + +------------------------------------------------------------------- +Tue Jul 21 09:53:06 UTC 2020 - Callum Farmer + +- Removed CVE-2019-20907_tarfile-inf-loop.patch: fixed in upstream +- Removed recursion.tar: contained in upstream +- Update to 3.9.0b5: + - bpo-41304: Fixes python3x._pth being ignored on Windows, caused + by the fix for bpo-29778 (CVE-2020-15801). + - bpo-41162: Audit hooks are now cleared later during + finalization to avoid missing events. + - bpo-29778: Ensure python3.dll is loaded from correct locations + when Python is embedded (CVE-2020-15523). + - bpo-39603: Prevent http header injection by rejecting control + characters in http.client.putrequest(…). + - bpo-41295: Resolve a regression in CPython 3.8.4 where defining + “__setattr__” in a multi-inheritance setup and + calling up the hierarchy chain could fail if builtins/extension + types were involved in the base types. + - bpo-41247: Always cache the running loop holder when running + asyncio.set_running_loop. + - bpo-41252: Fix incorrect refcounting in + _ssl.c’s _servername_callback(). + - bpo-41215: Use non-NULL default values in the PEG parser + keyword list to overcome a bug that was ' + preventing Python from being properly compiled when using the + XLC compiler. Patch by Pablo Galindo. + - bpo-41218: Python 3.8.3 had a regression where compiling with + ast.PyCF_ALLOW_TOP_LEVEL_AWAIT would + aggressively mark list comprehension with CO_COROUTINE. Now only + list comprehension making use of async/await will tagged as so. + - bpo-41175: Guard against a NULL pointer dereference within + bytearrayobject triggered by the bytearray() + bytearray() operation. + - bpo-39960: The “hackcheck” that prevents sneaking around a type’s + __setattr__() by calling the superclass method was + rewritten to allow C implemented heap types. + - bpo-41288: Unpickling invalid NEWOBJ_EX opcode with the + C implementation raises now UnpicklingError instead of crashing. + - bpo-39017: Avoid infinite loop when reading specially crafted + TAR files using the tarfile module (CVE-2019-20907, bsc#1174091). + - bpo-41235: Fix the error handling in ssl.SSLContext.load_dh_params(). + - bpo-41207: In distutils.spawn, restore expectation that + DistutilsExecError is raised when the command is not found. + - bpo-39168: Remove the __new__ method of typing.Generic. + - bpo-41194: Fix a crash in the _ast module: it can no longer be + loaded more than once. It now uses a global state rather than a module state. + - bpo-39384: Fixed email.contentmanager to allow set_content() to set a + null string. + - bpo-41300: Save files with non-ascii chars. + Fix regression released in 3.9.0b4 and 3.8.4. + - bpo-37765: Add keywords to module name completion list. + Rewrite Completions section of IDLE doc. + - bpo-40170: Revert PyType_HasFeature() change: it reads + again directly the PyTypeObject.tp_flags + member when the limited C API is not used, rather than always calling + PyType_GetFlags() which hides implementation details. + +------------------------------------------------------------------- +Mon Jul 20 12:06:41 UTC 2020 - Matej Cepl + +- Add CVE-2019-20907_tarfile-inf-loop.patch fixing bsc#1174091 + (CVE-2019-20907, bpo#39017) avoiding possible infinite loop + in specifically crafted tarball. + Add recursion.tar as a testing tarball for the patch. + +------------------------------------------------------------------- +Fri Jul 17 07:07:19 UTC 2020 - Callum Farmer + +- Changed bpo-31046_ensurepip_honours_prefix.patch to include fix from py3.8 + +------------------------------------------------------------------- +Thu Jul 16 21:45:50 UTC 2020 - Callum Farmer + +- Spec file fixes +- Re-added subprocess-raise-timeout.patch: now compatible +- Removed bpo34022-stop_hash-based_invalidation_w_SOURCE_DATE_EPOCH.patch: contained in upstream + +------------------------------------------------------------------- +Wed Jul 15 09:10:42 UTC 2020 - Tomáš Chvátal + +- Fix minor issues found in the staging. + +------------------------------------------------------------------- +Wed Jul 15 06:13:33 UTC 2020 - Tomáš Chvátal + +- Do not set ourselves as primary interpreter + +------------------------------------------------------------------- +Tue Jul 14 20:45:11 UTC 2020 - Matej Cepl + +- Update to 3.9.0b4: + - PEP 584, Union Operators in dict + - PEP 585, Type Hinting Generics In Standard Collections + - PEP 593, Flexible function and variable annotations + - PEP 602, Python adopts a stable annual release cadence + - PEP 615, Support for the IANA Time Zone Database in the + Standard Library + - PEP 616, String methods to remove prefixes and suffixes + - PEP 617, New PEG parser for CPython + - bpo#38379, garbage collection does not block on resurrected + objects; + - bpo#38692, os.pidfd_open added that allows process + management without races and signals; + - bpo#39926, Unicode support updated to version 13.0.0; + - bpo#1635741, when Python is initialized multiple times in + the same process, it does not leak memory anymore; + - A number of Python builtins (range, tuple, set, frozenset, + list, dict) are now sped up using PEP 590 vectorcall; + - A number of Python modules (_abc, audioop, _bz2, _codecs, + _contextvars, _crypt, _functools, _json, _locale, operator, + resource, time, _weakref) now use multiphase initialization + as defined by PEP 489; + - A number of standard library modules (audioop, ast, grp, + _hashlib, pwd, _posixsubprocess, random, select, struct, + termios, zlib) are now using the stable ABI defined by + PEP 384. +- Remove upstreamed patches: + - F00102-lib64.patch + - SUSE-FEDORA-multilib.patch + - OBS_dev-shm.patch + - subprocess-raise-timeout.patch + - bpo36302-sort-module-sources.patch + - bpo40784-Fix-sqlite3-deterministic-test.patch + +------------------------------------------------------------------- +Fri Jul 10 10:55:15 UTC 2020 - Tomáš Chvátal + +- Update pre_checkin.sh and regenerate + +------------------------------------------------------------------- +Fri Jul 10 10:11:39 UTC 2020 - Tomáš Chvátal + +- Convert few dependencies to their pkgconfig counterparts + +------------------------------------------------------------------- +Fri Jul 10 10:08:48 UTC 2020 - Tomáš Chvátal + +- Remove release requirement on libpython, it is not really needed + to be equal as the abi changes with versions + +------------------------------------------------------------------- +Fri Jul 10 10:07:50 UTC 2020 - Tomáš Chvátal + +- Add provides python3-bla on all the subpkgs in case we are + primary provider of the functionality + +------------------------------------------------------------------- +Fri Jul 10 10:02:01 UTC 2020 - Tomáš Chvátal + +- Remove unversioned files from devel subpkg too +- Remove main python3 files from -base based whether we are + primary interpreter or not +- Fix idle to be co-installable +- Add condition to be primary to provide/obsolete python3-* +- Fix doc to build in versioned folder so the pythons can be + installed next to each other + +------------------------------------------------------------------- +Fri Jul 10 07:57:10 UTC 2020 - Tomáš Chvátal + +- Revert the full versioning of calls on the macros. These + are generic so they should really just call python3 X + +------------------------------------------------------------------- +Fri Jul 10 07:56:11 UTC 2020 - Tomáš Chvátal + +- For the doc package we can build with generic flavor, we don't + need the our-interpreter based one + +------------------------------------------------------------------- +Fri Jul 10 07:18:53 UTC 2020 - Tomáš Chvátal + +- Add provides for pytohn3X-typing/etc to allow BR on those still + to work when needed + +------------------------------------------------------------------- +Fri Jul 10 07:14:33 UTC 2020 - Tomáš Chvátal + +- Change macros.python3 to use full versioned 3.8 instead of just 3 + for python interpreter + +------------------------------------------------------------------- +Wed Jul 1 11:50:19 UTC 2020 - Tomáš Chvátal + +- Reduce some now unused conditionals + +------------------------------------------------------------------- +Wed Jul 1 11:00:40 UTC 2020 - Tomáš Chvátal + +- Redux the -base dependencies to match up pre-merge layout + +------------------------------------------------------------------- +Wed Jul 1 09:24:39 UTC 2020 - Tomáš Chvátal + +- Generate baselibs in pre-checkin too + +------------------------------------------------------------------- +Wed Jul 1 09:14:33 UTC 2020 - Tomáš Chvátal + +- Generate the importlib-failed using pre_checking again +- Add back the information about skipped tests on the pre_checkin + output + +------------------------------------------------------------------- +Tue Jun 30 07:11:19 UTC 2020 - Tomáš Chvátal + +- Use %python_pkg_name instead of hardcoding python3 where + applicable +- Sort out preamble with spec-cleaner + +------------------------------------------------------------------- +Mon Jun 29 14:36:10 UTC 2020 - Matej Cepl + +- Calculate required variables instead of relying on their continuous manual update + +------------------------------------------------------------------- +Thu Jun 25 10:44:08 UTC 2020 - Tomáš Chvátal + +- Fix the -base module build again to generate only the deps + we need + +------------------------------------------------------------------- +Wed Jun 17 18:42:51 UTC 2020 - Matej Cepl + +- Replace OBS_dev-shm.patch with the upstream PR#20944 + +------------------------------------------------------------------- +Thu Jun 10 14:30:15 UTC 2020 - Tomáš Chvátal + +- Use the %{python_pkg_name} on more places to allow easier + multiversioning +- Switch to _multibuild approach for easier maintenance of this + package. All is now in one spec file with 3 conditionals: + * bcond_with base + * bcond_with doc + * bcond_with general + +------------------------------------------------------------------- +Mon Jun 8 14:26:00 UTC 2020 - Matej Cepl + +- add requires python3-base on libpython subpackage (bsc#1167008) + +------------------------------------------------------------------- +Fri Jun 5 06:08:12 UTC 2020 - Dirk Mueller + +- build against Sphinx 2.x until python is compatible with + Sphinx 3.x (see gh#python/cpython#19397, bpo#40204) + +------------------------------------------------------------------- +Fri May 29 19:59:01 UTC 2020 - Andreas Stieger + +- Fix build with SQLite 3.32 (bpo#40783) + add bpo40784-Fix-sqlite3-deterministic-test.patch + +------------------------------------------------------------------- +Sun May 17 15:37:35 UTC 2020 - Callum Farmer + +- Update to version 3.8.3: + - Complete list of changes is available at + https://docs.python.org/release/3.8.3/whatsnew/changelog.html#python-3-8-3-final, + but most of them are just bugfixes. + - Removed patch CVE-2020-8492-urllib-ReDoS.patch: contained in upstream + +------------------------------------------------------------------- +Thu Apr 16 12:06:01 UTC 2020 - Matej Cepl + +- Add #!BuildIgnore: gdk-pixbuf-loader-rsvg to python3 SPEC + +------------------------------------------------------------------- +Thu Mar 26 15:36:55 UTC 2020 - Matej Cepl + +- Add patch bsc1167501-invalid-alignment.patch + (bsc#1167501, bpo#40052) to fix alignment in abstract.h header file. + +------------------------------------------------------------------- +Wed Mar 11 11:09:41 UTC 2020 - Andreas Schwab + +- Update list of skipped tests for qemu linux-user build, test_setegid + (test.test_os.PosixUidGidTests) is confusing it + +------------------------------------------------------------------- +Thu Mar 5 18:40:29 UTC 2020 - Matej Cepl + +- Update to 3.8.2: + - Complete list of changes is available at + https://docs.python.org/release/3.8.2/whatsnew/changelog.html#python-3-8-2-final, + but most of them are just bugfixes. + - Updated patches: + - F00102-lib64.patch + - OBS_dev-shm.patch + - SUSE-FEDORA-multilib.patch + - subprocess-raise-timeout.patch + +------------------------------------------------------------------- +Sun Feb 9 00:14:24 CET 2020 - Matej Cepl + +- Add CVE-2020-8492-urllib-ReDoS.patch fixing the security bug + "Python urrlib allowed an HTTP server to conduct Regular + Expression Denial of Service (ReDoS)" (bsc#1162367) + +------------------------------------------------------------------- +Sat Feb 8 22:21:10 CET 2020 - Matej Cepl + +- Add Requires: libpython%{so_version} == %{version}-%{release} + to python3-base to keep both packages always synchronized + (bsc#1162224). + +------------------------------------------------------------------- +Mon Feb 3 20:27:54 UTC 2020 - Tomáš Chvátal + +- Do not pull in bluez in base again, explain the cycle, + it needs to be solved by bluez maintainer for us by providing + just the headers separately + +------------------------------------------------------------------- +Mon Feb 3 19:54:25 UTC 2020 - Tomáš Chvátal + +- Reame idle icons to idle3 in order to not conflict with python2 + variant of the package + * renamed the icons + * renamed icon load in desktop file + +------------------------------------------------------------------- +Thu Jan 16 09:50:03 UTC 2020 - Tomáš Chvátal + +- Add importlib_resources provide/obsolete as it is integral + part of the lang since 3.7 release + +------------------------------------------------------------------- +Mon Jan 13 11:10:47 UTC 2020 - Martin Liška + +- Add -fno-semantic-interposition as it brings speed up: + https://fedoraproject.org/wiki/Changes/PythonNoSemanticInterpositionSpeedup + +------------------------------------------------------------------- +Thu Dec 19 16:25:26 CET 2019 - Matej Cepl + +- Update to 3.8.1: + - This is mainly bugfix release and no significant changes to + API are expected. The full changelog is available on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-1 + - Remove bpo-38688_shutil.copytree_prevent-infinite-recursion.patch, + which is included in the upstream tarball. + +------------------------------------------------------------------- +Thu Dec 19 14:57:32 CET 2019 - Matej Cepl + +- Add bpo-31046_ensurepip_honours_prefix.patch which makes + ensurepip to honour the value of $(prefix). Proposed fix for + bpo#31046.. + +------------------------------------------------------------------- +Tue Dec 10 11:07:16 UTC 2019 - Tomáš Chvátal + +- Move bluez-devel dependency to base as it is needed for + socket.AF_BLUETOOTH and otherwise does not work + +------------------------------------------------------------------- +Mon Dec 2 16:52:32 CET 2019 - Matej Cepl + +- Reintroduce QtHelp with the help of the new BR + python-sphinxcontrib-qthelp. + +------------------------------------------------------------------- +Mon Oct 21 18:51:00 UTC 2019 - Stefan Brüns + +- Fix SUSE-FEDORA-multilib.patch, the platform agnostic infix for + library installation is "lib", not "dir". + +------------------------------------------------------------------- +Thu Oct 17 14:19:20 UTC 2019 - Stefan Brüns + +- Move idle subpackage build from python3-base to python3. + appstream-glib required for packaging introduces considerable + extra dependencies and a build loop via rust/librsvg. +- Correct installation of idle IDE icons: + + idle.png is not the target directory + + non-GNOME-specific icons belong into icons/hicolor +- Add required Name key to idle3 desktop file + +------------------------------------------------------------------- +Tue Oct 15 16:39:12 CEST 2019 - Matej Cepl + +- Update to the final release 3.8.0. . + - New Features: + - Assignment expressions + - Positional-only parameters + - Parallel filesystem cache for compiled bytecode files + - Debug build uses the same ABI as release build + - f-strings support = for self-documenting expressions and + debugging + - PEP 578: Python Runtime Audit Hooks + - PEP 587: Python Initialization Configuration + - Vectorcall: a fast calling protocol for CPython + - Pickle protocol 5 with out-of-band data buffers + - New modules: + - importlib.metadata + - Improved modules: + - ast asyncio, builtins, collections, curses, ctypes, + datetime, functools, gc, gettext, gzip, idelib and IDLE, + inspect, io, json.tool, math, mmap, multiprocessing, os, + os.path, pathlib, pickle, plistlib, py_compile, shlex, + shutil, socket, ssl, statistics, sys, tarfile, threading, + tokenize, tkinter, time, typing, unicodedata, unittest, + venv, weakref, xml + - C API improvements + - bdist_winnst command has been deprecated (use bdist_wheel) +- https://docs.python.org/3.8/whatsnew/3.8.html remains rest of + changes including documentation on how to port your programs to + the current version of Python. + +------------------------------------------------------------------- +Mon Oct 14 15:02:08 CEST 2019 - Matej Cepl + +- Add idle3.appdata.xml and idle3.desktop (originally from + Fedora) to make Idle3 full GUI desktop application. + (bsc#1153830) + +------------------------------------------------------------------- +Wed Oct 9 19:09:16 UTC 2019 - Michael Gorse + +- Drop intltool from BuildRequires. Doesn't appear to be used. + +------------------------------------------------------------------- +Wed Oct 9 10:37:59 UTC 2019 - Tomáš Chvátal + +- Add folder version to allow tarball downloads even for beta/rc + releases + +------------------------------------------------------------------- +Tue Oct 8 14:53:54 CEST 2019 - Matej Cepl + +- Revert patches from Fedora (F00102-lib64.patch and + F00251-change-user-install-location.patch) into their original + prisitine Fedora versions, SUSE-FEDORA-multilib.patch refreshed + accordingly. + +------------------------------------------------------------------- +Mon Oct 7 14:33:30 UTC 2019 - Matej Cepl + +- Correct quotation of platsubdir in Lib/distutils/command/install.py + +------------------------------------------------------------------- +Thu Oct 3 13:59:57 CEST 2019 - Matej Cepl + +- Replace python-3.6.0-multilib.patch with two patches from + Fedora (F00102-lib64.patch and + F00251-change-user-install-location.patch), and our own + SUSE-FEDORA-multilib.patch to allow better cooperation with + Fedora and better upstreaming. +- Add OBS_dev-shm.patch fixing bpo#38377 + +------------------------------------------------------------------- +Thu Oct 3 08:39:18 UTC 2019 - Tomáš Chvátal + +- Pull in just gettext and let solver to sort out between: + gettext-runtime-mini and gettext-runtime + +------------------------------------------------------------------- +Wed Oct 2 15:00:09 CEST 2019 - Matej Cepl + +- Update to 3.8.0rc1. Overall changes from 3.7: + - PEP 572, Assignment expressions + - PEP 570, Positional-only arguments + - PEP 587, Python Initialization Configuration (improved + embedding) + - PEP 590, Vectorcall: a fast calling protocol for CPython + - PEP 578, Runtime audit hooks + - PEP 574, Pickle protocol 5 with out-of-band data + - Typing-related: PEP 591 (Final qualifier), PEP 586 (Literal + types), and PEP 589 (TypedDict) + - Parallel filesystem cache for compiled bytecode + - Debug builds share ABI as release builds, also the 'm' ABI + tag was removed (irrelevant since 3.4), bpo#36707 + - f-strings support a handy = specifier for debugging + - continue is now legal in finally: blocks + - on Windows, the default asyncio event loop is now + ProactorEventLoop + - on macOS, the spawn start method is now used by default in + multiprocessing + - multiprocessing can now use shared memory segments to avoid + pickling costs between processes + - typed_ast is merged back to CPython + - LOAD_GLOBAL is now 40% faster + - pickle now uses Protocol 4 by default, improving performance +- Refreshed patches: + - CVE-2019-5010-null-defer-x509-cert-DOS.patch + - python-3.3.0b1-fix_date_time_compiler.patch + - python-3.6.0-multilib.patch + - subprocess-raise-timeout.patch + +------------------------------------------------------------------- +Wed Sep 25 09:46:41 UTC 2019 - Bernhard Wiedemann + +- Add bpo36302-sort-module-sources.patch (boo#1041090) + +------------------------------------------------------------------- +Tue Sep 10 13:43:18 UTC 2019 - Tomáš Chvátal + +- Try harder obsoleting importlib-metadata + +------------------------------------------------------------------- +Sat Aug 31 00:16:47 CEST 2019 - Matej Cepl + +- Update to 3.8.0b4: + Many bugfixes, full list on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-0-beta-4 + +------------------------------------------------------------------- +Thu Aug 29 06:28:15 UTC 2019 - Guillaume GARDET + +- Re-enable test_threading on aarch64 + +------------------------------------------------------------------- +Sat Aug 17 13:21:15 UTC 2019 - John Vandenberg + +- Remove xrpm from subpackage tk description + +------------------------------------------------------------------- +Tue Aug 6 14:24:55 CEST 2019 - Matej Cepl + +- Update to 3.8.0b3: + Many bugfixes, full list on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-0-beta-3 +- Patches reapplied: + - python-3.3.0b1-fix_date_time_compiler.patch + - python-3.3.0b1-test-posix_fadvise.patch + - python-3.6.0-multilib.patch + - subprocess-raise-timeout.patch + +------------------------------------------------------------------- +Tue Jul 23 13:20:49 UTC 2019 - Matej Cepl + +- Add Provides: python3-importlib-metadata + +------------------------------------------------------------------- +Sun Jul 7 19:08:48 CEST 2019 - Matej Cepl + +- Update to 3.8.0b2: + Many bugfixes, full list on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-0-beta-2 +- Patches included in upstream: + - bpo-37169_PyObject_IsFreed.patch +- Patches reapplied: + - 00251-change-user-install-location.patch + - distutils-reproducible-compile.patch + - python-3.3.0b1-localpath.patch + - python-3.6.0-multilib.patch + +------------------------------------------------------------------- +Tue Jul 2 09:03:04 UTC 2019 - Andreas Schwab + +- Update list of skipped tests for qemu linux-user build +- Don't do profiling in qemu linux-user build + +------------------------------------------------------------------- +Wed Jun 5 12:19:09 CEST 2019 - Matej Cepl + +- Update to 3.8.0b1 (changes since 3.7.*): + - PEP 572, Assignment expressions + - PEP 570, Positional-only arguments + - PEP 587, Python Initialization Configuration (improved embedding) + - PEP 590, Vectorcall: a fast calling protocol for CPython + - PEP 578, Runtime audit hooks + - PEP 574, Pickle protocol 5 with out-of-band data + - Typing-related: PEP 591 (Final qualifier), PEP 586 (Literal + types), and PEP 589 (TypedDict) + - Parallel filesystem cache for compiled bytecode + - Debug builds share ABI as release builds + - f-strings support a handy = specifier for debugging + - continue is now legal in finally: blocks + - multiprocessing can now use shared memory segments to avoid + pickling costs between processes + - typed_ast is merged back to CPython + - LOAD_GLOBAL is now 40% faster + - pickle now uses Protocol 4 by default, improving performance +- Remove patches which were included in the upstream: + - 00251-change-user-install-location.patch + - 00316-mark-bdist_wininst-unsupported.patch + - CVE-2019-9947-no-ctrl-char-http.patch + - raise_SIGING_not_handled.patch + +------------------------------------------------------------------- +Wed May 22 10:53:03 UTC 2019 - Martin Liška + +- Set _lto_cflags to nil as the package is using LTO via --enable-lto. + That will prevent to propage LTO for Python modules that are + built in a separate package. + +------------------------------------------------------------------- +Sat May 4 21:29:20 CEST 2019 - Matej Cepl + +- Update to 3.8.0.a3: + - PEP 572: Assignment Expressions. + - Other (mostly small) changes are on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-0-alpha-3 + +------------------------------------------------------------------- +Mon Apr 29 15:40:34 CEST 2019 - Matej Cepl + +- bsc#1130840 (CVE-2019-9947): add CVE-2019-9947-no-ctrl-char-http.patch + Address the issue by disallowing URL paths with embedded + whitespace or control characters through into the underlying + http client request. Such potentially malicious header + injection URLs now cause a ValueError to be raised. + +------------------------------------------------------------------- +Wed Apr 10 10:22:58 CEST 2019 - Matej Cepl + +- Fix metadata of patches. +- Rename boo1071941-make-install-in-sep-loc.patch to + 00251-change-user-install-location.patch which is the original + name, so it can be looked up in the Fedora VCS. + +------------------------------------------------------------------- +Tue Apr 9 04:55:24 UTC 2019 - John Vandenberg + +- Mark distutils bdist_wininst command unsupported + with 00316-mark-bdist_wininst-unsupported.patch +- Remove Windows bdist_wininst executables from runtime package + +------------------------------------------------------------------- +Tue Apr 9 01:21:45 CEST 2019 - Matej Cepl + +- Update to 3.7.3, which is the maintenance release without any + significant changes in API. + - Updated patches: + - CVE-2019-5010-null-defer-x509-cert-DOS.patch + - distutils-reproducible-compile.patch + - python-3.3.0b1-fix_date_time_compiler.patch + - python-3.6.0-multilib.patch + - raise_SIGING_not_handled.patch + +------------------------------------------------------------------ +Wed Mar 20 14:59:58 UTC 2019 - Matěj Cepl + +- Remove building of Qt Develop help files. + +------------------------------------------------------------------- +Fri Mar 15 15:10:30 CET 2019 - Matej Cepl + +- Return distutils-reproducible-compile.patch which is still + missing (still unfinished bpo#29708). + +------------------------------------------------------------------- +Mon Feb 25 23:30:56 CET 2019 - Matej Cepl + +- Update to 3.8.0a2: + * List of all (mostly small) changes are on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-0-alpha-2 + +------------------------------------------------------------------- +Tue Feb 12 10:25:52 CET 2019 - Matej Cepl + +- Build nis module again. + +------------------------------------------------------------------- +Tue Feb 12 10:06:17 CET 2019 - Matej Cepl + +- Update to 3.8.0a1: + * The most visible change so far is probably the + implementation of PEP 572: Assignment Expressions. For + a detailed list of changes, see: + https://docs.python.org/3.8/whatsnew/changelog.html + * Recover building of nis module properly in python3 package +- Update patches: + * CVE-2019-5010-null-defer-x509-cert-DOS.patch + * python-3.3.0b1-fix_date_time_compiler.patch + * python-3.3.0b1-test-posix_fadvise.patch + * python-3.6.0-multilib.patch + * raise_SIGING_not_handled.patch + +------------------------------------------------------------------- +Wed Jan 30 18:07:49 CET 2019 - mcepl@suse.com + +- Put LICENSE file where it belongs (bsc#1121852) + +------------------------------------------------------------------- +Sat Jan 19 16:19:38 CET 2019 - mcepl@suse.com + +- bsc#1122191: add CVE-2019-5010-null-defer-x509-cert-DOS.patch + fixing bpo-35746. + An exploitable denial-of-service vulnerability exists in the + X509 certificate parser of Python.org Python 2.7.11 / 3.7.2. + A specially crafted X509 certificate can cause a NULL pointer + dereference, resulting in a denial of service. An attacker can + initiate or accept TLS connections using crafted certificates + to trigger this vulnerability. + +------------------------------------------------------------------- +Tue Jan 8 12:51:01 UTC 2019 - Tomáš Chvátal + +- Do not require full gettext in order to avoid pulling in the + glib2 as a dependency + +------------------------------------------------------------------- +Tue Jan 8 12:25:27 UTC 2019 - Tomáš Chvátal + +- Update to 3.7.2: + * bugfix release: + https://docs.python.org/3.7/whatsnew/changelog.html#changelog + +------------------------------------------------------------------- +Wed Jan 2 12:51:48 CET 2019 - mcepl@suse.com + +- Stop applying python-3.6.0-multilib-new.patch (which is still + WIP), and apply the old proven python-3.6.0-multilib.patch + instead. + +------------------------------------------------------------------- +Wed Dec 19 19:29:44 UTC 2018 - Todd R + +- Use upstream-recommended %{_rpmconfigdir}/macros.d directory + for the rpm macros. + +------------------------------------------------------------------- +Mon Dec 17 17:24:49 CET 2018 - mcepl@suse.com + +- Upgrade to 3.7.2rc1: + * bugfix release, for the full list of all changes see + https://docs.python.org/3.7/whatsnew/changelog.html#changelog +- Make run of the test suite more verbose + +------------------------------------------------------------------- +Tue Dec 11 01:52:45 UTC 2018 - Jan Engelhardt + +- Write summaries without em dashes. + +------------------------------------------------------------------- +Mon Dec 3 13:27:54 UTC 2018 - Matěj Cepl + +- Remove python-3.3.0b1-curses-panel.patch it is unnecessary anymore. +- Add boo1071941-make-install-in-sep-loc.patch to make pip and + distutils in user environment install into separate location + (boo#1071941) + + Set values of prefix and exec_prefix in distutils install + command to /usr/local if executable is /usr/bin/python* and RPM + build is not detected to make pip and distutils install into + separate location +- Remove finally python-3.3.3-skip-distutils-test_sysconfig_module.patch +- Remove distutils-reproducible-compile.patch which doesn't make + really much difference in reproducibility (see + gh#python/cpython#8057 and discussion there). + +------------------------------------------------------------------- +Sat Dec 1 00:14:28 CET 2018 - mcepl@suse.com + +- Rename Stop_hash-based_invalidation_w_SOURCE_DATE_EPOCH.patch + to bpo34022-stop_hash-based_invalidation_w_SOURCE_DATE_EPOCH.patch + +------------------------------------------------------------------- +Wed Nov 7 12:10:41 CET 2018 - mcepl@suse.com + +- Add dependency on bluez-devel to build support for Bluetooth + (boo#1109998) + +------------------------------------------------------------------- +Tue Nov 6 13:52:45 CET 2018 - mcepl@suse.com + +- Add devhelp subpackage and split qthelp into another + subpackage. + +------------------------------------------------------------------- +Wed Oct 24 12:38:00 UTC 2018 - Matěj Cepl + +- Remove python-3.0b1-record-rpm.patch and + Python-3.0b1-record-rpm.patch, as they are not needed anymore + +------------------------------------------------------------------- +Tue Oct 23 14:14:16 UTC 2018 - Matej Cepl + +- Switch off test_threading for optimization builds. + +------------------------------------------------------------------- +Mon Oct 22 14:41:59 CEST 2018 - mcepl@suse.com + +- Update to python-3.7.1. This is just a brief overview, complete + changelog available at + https://docs.python.org/3.7/whatsnew/changelog.html#python-3-7-1-final: + Library + bpo-34970: Protect tasks weak set manipulation in asyncio.all_tasks() +- Patches already accepted upstream are removed: + * 00307-allow-to-call-Py_Main-after-Py_Initialize.patch + * 00308-tls-1.3.patch +- New patches added: + * Stop_hash-based_invalidation_w_SOURCE_DATE_EPOCH.patch + * raise_SIGING_not_handled.patch +- All other patches refreshed via quilt. + +------------------------------------------------------------------- +Mon Oct 22 12:22:19 UTC 2018 - Matej Cepl + +- Add raise_SIGING_not_handled.patch to fix bsc#1094814 + +------------------------------------------------------------------- +Wed Oct 17 14:04:35 UTC 2018 - Tomáš Chvátal + +- Add patch to fix importlib return types: + * python3-imp-returntype.patch + +------------------------------------------------------------------- +Mon Oct 15 13:46:32 CEST 2018 - mcepl@suse.com + +- bpo-34022 still not completely fixed, so we have to keep + excluding test_cmd_line_script, + test_multiprocessing_main_handling, and test_runpy from the + test suite. + +------------------------------------------------------------------- +Sun Oct 14 15:57:24 UTC 2018 - Matej Cepl + +- Update to python 3.7.1~rc2: + Core and Builtins + bpo-34879: Fix a possible null pointer dereference in + bytesobject.c. Patch by Zackery Spytz. + bpo-34854: Fixed a crash in compiling string annotations + containing a lambda with a keyword-only argument that + doesn’t have a default value. + bpo-34320: Fix dict(od) didn’t copy iteration order of + OrderedDict. + Library + bpo-34769: Fix for async generators not finalizing when event + loop is in debug mode and garbage collector runs in another + thread. + bpo-34922: Fixed integer overflow in the digest() and + hexdigest() methods for the SHAKE algorithm in the hashlib + module. + bpo-34900: Fixed unittest.TestCase.debug() when used to call + test methods with subtests. Patch by Bruno Oliveira. + bpo-34871: Fix inspect module polluted sys.modules when parsing + __text_signature__ of callable. + bpo-34872: Fix self-cancellation in C implementation of + asyncio.Task + bpo-34819: Use a monotonic clock to compute timeouts in + Executor.map() and as_completed(), in order to prevent + timeouts from deviating when the system clock is adjusted. + bpo-34334: In QueueHandler, clear exc_text from LogRecord to + prevent traceback from being written twice. + bpo-6721: Acquire the logging module’s commonly used internal + locks while fork()ing to avoid deadlocks in the child + process. + bpo-34172: Fix a reference issue inside multiprocessing.Pool + that caused the pool to remain alive if it was deleted + without being closed or terminated explicitly. + Documentation + bpo-32174: chm document displays non-ASCII charaters properly on + some MBCS Windows systems. + Tests + bpo-32962: Fixed test_gdb when Python is compiled with flags + -mcet -fcf-protection -O0. + C API + bpo-34910: Ensure that PyObject_Print() always returns -1 on + error. Patch by Zackery Spytz. + +------------------------------------------------------------------- +Fri Oct 12 20:46:58 CEST 2018 - mcepl@suse.com + +- Add Stop_hash-based_invalidation_w_SOURCE_DATE_EPOCH.patch to + fix problems with SOURCE_DATE_EPOCH variable (bpo-34022) + +------------------------------------------------------------------- +Mon Sep 17 09:44:02 UTC 2018 - Tomáš Chvátal + +- Add patch to fix build with tls1.3 supported openssl + * 00308-tls-1.3.patch +- Add patch to fix Py_Main calls after Py_initialize + * 00307-allow-to-call-Py_Main-after-Py_Initialize.patch + +------------------------------------------------------------------- +Mon Sep 3 15:22:42 UTC 2018 - Matěj Cepl + +- Add -fwrapv to OPTS, which is default for python3 anyway + See for example https://github.com/zopefoundation/persistent/issues/86 + for bugs which are caused by avoiding it. + +------------------------------------------------------------------- +Tue Jul 10 11:12:32 UTC 2018 - mcepl@suse.com + +- Fix ownership of _contextvars, _queue, and _xxtestfuzz + +------------------------------------------------------------------- +Tue Jul 3 15:04:48 UTC 2018 - mcepl@suse.com + +- Switch off LTO for distros with older GCC +- Fix %files + +------------------------------------------------------------------- +Fri Jun 29 14:20:03 UTC 2018 - tchvatal@suse.com + +- Add dependency over libuuid-devel + +------------------------------------------------------------------- +Thu Jun 28 10:42:15 UTC 2018 - mimi.vx@gmail.com + +- update to python 3.7.0 + Complete overview of changes is available on + https://docs.python.org/3/whatsnew/3.7.html, these are just + highlights: + * PEP 563, postponed evaluation of type annotations. + * async and await are now reserved keywords. + * New library modules: + contextvars: PEP 567 – Context Variables + dataclasses: PEP 557 – Data Classes + importlib.resources + * New built-in features: + PEP 553, the new breakpoint() function. + * Python data model improvements: + PEP 562, customization of access to module attributes. + PEP 560, core support for typing module and generic types. + the insertion-order preservation nature of dict objects + has been declared to be an official part of the Python + language spec. + * Significant improvements in the standard library: + The asyncio module has received new features, significant + usability and performance improvements. + The time module gained support for functions with + nanosecond resolution. + * CPython implementation improvements: + Avoiding the use of ASCII as a default text encoding: + PEP 538, legacy C locale coercion + PEP 540, forced UTF-8 runtime mode + PEP 552, deterministic .pycs + the new development runtime mode + PEP 565, improved DeprecationWarning handling + * C API improvements: + PEP 539, new C API for thread-local storage + * Documentation improvements: + PEP 545, Python documentation translations + New documentation translations: Japanese, French, and Korean. +- drop python3-sorted_tar.patch +- drop 0001-allow-for-reproducible-builds-of-python-packages.patch +- refresh python-3.6.0-multilib-new.patch +- refresh subprocess-raise-timeout.patch + * new C API for thread-local storage + * Deterministic pyc files + * Built-in breakpoint() + * Data Classes + * Core support for typing module and generic types + * Customization of access to module attributes + * Postponed evaluation of annotations + * Time functions with nanosecond resolution + * Improved DeprecationWarning handling + * Context Variables + * Avoiding the use of ASCII as a default text encoding + (PEP 538, legacy C locale coercion and PEP 540, forced UTF-8 runtime mode) + * The insertion-order preservation nature of dict objects is now + an official part of the Python language spec. + * Notable performance improvements in many areas. + +------------------------------------------------------------------- +Thu May 17 18:26:42 UTC 2018 - hpj@urpla.net + +- disable lto with gcc versions below 7 (results in link failures) + +------------------------------------------------------------------- +Mon Apr 30 15:23:24 UTC 2018 - jengelh@inai.de + +- Use faster find subcommand execution strategies. + +------------------------------------------------------------------- +Fri Apr 20 16:17:29 UTC 2018 - tchvatal@suse.com + +- Do not mention the testsuite disabling in opts as it was moved to + main pkg so base is test-free + +------------------------------------------------------------------- +Tue Apr 17 08:36:08 UTC 2018 - tchvatal@suse.com + +- As we run in main python package do not generate the pre_checkin + from both now + +------------------------------------------------------------------- +Mon Apr 16 14:11:56 UTC 2018 - tchvatal@suse.com + +- Move the tests from base to generic package wrt bsc#1088573 + * We still fail the whole distro if python3 is not build + * The other archs than x86_64 took couple of hours to unblock + build of other software, this way we work around the issue +- Some tests are still run in -base for the LTO tweaking, but at + least it is not run twice + +------------------------------------------------------------------- +Sat Mar 31 19:41:12 UTC 2018 - mimi.vx@gmail.com + +- update to 3.6.5 + * bugfix release + * see Misc/NEWS for details +- drop ctypes-pass-by-value.patch +- drop fix-localeconv-encoding-for-LC_NUMERIC.patch +- refresh python-3.6.0-multilib-new.patch + +------------------------------------------------------------------ +Wed Mar 7 09:16:39 UTC 2018 - adam@mizerski.pl + +- Created %so_major and %so_minor macros +- Put Tools/gdb/libpython.py script into proper place and ship it with devel + subpackage. + +------------------------------------------------------------------- +Tue Feb 20 15:04:56 UTC 2018 - schwab@suse.de + +- ctypes-pass-by-value.patch: Fix pass by value for structs on aarch64 + +------------------------------------------------------------------- +Tue Feb 20 14:28:00 UTC 2018 - bwiedemann@suse.com + +- Add python3-sorted_tar.patch (boo#1081750) + +------------------------------------------------------------------- +Tue Feb 20 14:08:57 UTC 2018 - tchvatal@suse.com + +- Drop python3-tk and python3-idle recommends to reduce python3 + always pulling X stack bsc#1081751 + +------------------------------------------------------------------- +Wed Feb 7 09:10:03 UTC 2018 - tchvatal@suse.com + +- Add patch to fix glibc 2.27 fail bsc#1079761: + * fix-localeconv-encoding-for-LC_NUMERIC.patch + +------------------------------------------------------------------- +Mon Feb 5 17:14:43 UTC 2018 - normand@linux.vnet.ibm.com + +- Update skip_random_failing_tests.patch (for PowerPC) + to avoid test_call_later failure + +------------------------------------------------------------------- +Wed Jan 24 14:35:58 UTC 2018 - jmatejek@suse.com + +- move XML modules and python3-xml provide to python3-base + (fixes bsc#1077230) +- move ensurepip to base + +------------------------------------------------------------------- +Thu Jan 18 12:31:47 UTC 2018 - normand@linux.vnet.ibm.com + +- Add skip_random_failing_tests.patch only for PowerPC + +------------------------------------------------------------------- +Wed Jan 3 12:18:51 UTC 2018 - jmatejek@suse.com + +- update to 3.6.4 + * bugfix release, over a hundred bugs fixed + * see Misc/NEWS for details +- drop upstreamed python3-ncurses-6.0-accessors.patch +- drop PYTHONSTARTUP hooks that cause spurious startup errors + * fixes bsc#1070738 + * the relevant feature (REPL history) is now built into Python itself + +------------------------------------------------------------------- +Sat Dec 2 11:11:46 UTC 2017 - dimstar@opensuse.org + +- Install 2to3-%{python_version} executable (override defattr of + the -tools package). 2to3 (unversioned) is a symlink and does not + carry permissions (bsc#1070853). + +------------------------------------------------------------------- +Thu Nov 16 11:02:18 UTC 2017 - mimi.vx@gmail.com + +- move 2to3 to python3-tools package + +------------------------------------------------------------------- +Wed Oct 11 13:15:23 UTC 2017 - jmatejek@suse.com + +- update to 3.6.3 + * bugfix release, over a hundred bugs fixed + * see Misc/NEWS for details +- drop upstreamed 0001-3.6-bpo-30714-ALPN-changes-for-OpenSSL-1.1.0f-3093.patch + +------------------------------------------------------------------- +Wed Sep 20 09:54:05 UTC 2017 - dmueller@suse.com + +- drop python-2.7-libffi-aarch64.patch: this patches the intree + copy of libffi which is unused/deleted in the line afterwards +- fix build against system libffi: include flags weren't set + so it actually used the in-tree libffi headers. + +------------------------------------------------------------------- +Thu Sep 14 13:23:10 UTC 2017 - vcizek@suse.com + +- Fix test broken with OpenSSL 1.1 (bsc#1042670) + * add 0001-3.6-bpo-30714-ALPN-changes-for-OpenSSL-1.1.0f-3093.patch + +------------------------------------------------------------------- +Tue Sep 5 11:47:05 UTC 2017 - jengelh@inai.de + +- Update RPM group for python documentation. + +------------------------------------------------------------------- +Thu Aug 31 08:39:31 UTC 2017 - schwab@suse.de + +- fix missing %{?armsuffix} + +------------------------------------------------------------------- +Wed Aug 30 13:41:38 UTC 2017 - jmatejek@suse.com + +- distutils-reproducible-compile.patch: ensure distutils order files + before compiling, which works around bsc#1049186 + +------------------------------------------------------------------- +Thu Aug 17 08:59:05 CEST 2017 - kukuk@suse.de + +- Add libnsl-devel build requires for glibc obsoleting libnsl + +------------------------------------------------------------------- +Thu Aug 3 16:09:26 UTC 2017 - jmatejek@suse.com + +- update to 3.6.2 + * bugfix release, over a hundred bugs fixed + * see Misc/NEWS for details +- drop upstreamed test-socket-aead-kernel49.patch +- add Provides: python3-typing (fixes bsc#1050653) +- drop duplicate Provides: python3 + +------------------------------------------------------------------- +Mon Jun 26 12:10:07 UTC 2017 - jmatejek@suse.com + +- drop db-devel from requirements + +------------------------------------------------------------------- +Tue Jun 20 09:26:52 UTC 2017 - asn@cryptomilk.org + +- Add missing link to python library in config dir (bsc#1040164) + +------------------------------------------------------------------- +Thu Mar 23 12:42:59 UTC 2017 - jmatejek@suse.com + +- update to 3.6.1 + * bugfix release, over a hundred bugs fixed + * never add import location's parent directory to sys.path + * switch to git for version control, build changes related to that + * fix "failed to get random numbers" on old kernels (bsc#1029902) + * several crashes and memory leaks corrected + * f-string are no longer accepted as docstrings + +------------------------------------------------------------------- +Mon Mar 13 14:04:22 UTC 2017 - jmatejek@suse.com + +- prevent regenerating AST at build-time more robustly +- add "--without profileopt" and "--without testsuite" options to python3-base + to allow short circuiting when working on the package + +------------------------------------------------------------------- +Sat Feb 25 20:55:57 UTC 2017 - bwiedemann@suse.com + +- Add 0001-allow-for-reproducible-builds-of-python-packages.patch + upstream https://github.com/python/cpython/pull/296 + +------------------------------------------------------------------- +Wed Feb 8 12:30:20 UTC 2017 - jmatejek@suse.com + +- reenable test_socket with AEAD patch (test-socket-aead-kernel49.patch) +- reintroduce %py3_soflags macro (and better named %cpython3_soabi equivalent) + +------------------------------------------------------------------- +Wed Jan 11 14:57:07 UTC 2017 - jmatejek@suse.com + +- update to 3.6.0 + * PEP 498 Formated string literals + * PEP 515 Underscores in numeric literals + * PEP 526 Syntax for variable annotations + * PEP 525 Asynchronous generators + * PEP 530 Asynchronous comprehensions + * PEP 506 New "secrets" module for safe key generation + * less memory consumed by dicts + * dtrace and systemtap support + * improved asyncio module + * better defaults for ssl + * new hashing algorithms in hashlib + * bytecode format changed to allow more optimizations + * "async" and "await" are on track to be reserved words + * StopIteration from generators is deprecated + * support for openssl < 1.0.2 is deprecated + * os.urandom now blocks when getrandom() blocks + * huge number of new features, bugfixes and optimizations + * see https://docs.python.org/3.6/whatsnew/3.6.html for details +- rework multilib patch: drop Python-3.5.0-multilib.patch, implement + upstreamable python-3.6.0-multilib-new.patch +- refresh python-3.3.0b1-localpath.patch, subprocess-raise-timeout.patch +- drop upstreamed Python-3.5.1-fix_lru_cache_copying.patch +- finally drop python-2.6b1-canonicalize2.patch that was not applied in source + and only kept around in case we needed it in the future. (which we don't, as it seems) +- update import_failed map and baselibs +- build ctypes against system libffi + (buildrequire libffi-devel in python3-base) +- add new key to keyring (signed by keys already in keyring) +- introduced common configure section between python3 and python3-base +- moved pyconfig.h and Makefile to devel subpackage as distutils no longer + need it at runtime +- added python-rpm-macros dependency, regenerated macros file, drop macros.python3.py + because it is not used now +- improve summaries and descriptions (fixes bsc#917607) +- enabled Link-Time Optimization, see what happens +- including skipped_tests.py in pre_checkin.sh run +- run specs through spec-cleaner, rearrange sections + +------------------------------------------------------------------- +Fri Apr 22 17:20:29 UTC 2016 - jmatejek@suse.com + +- move _hashlib and _ssl modules and tests to python3-base +- recommend python3 + +------------------------------------------------------------------- +Tue Mar 15 15:05:23 UTC 2016 - schwab@suse.de + +- Skip test_asyncio under qemu_user_space_build + +------------------------------------------------------------------- +Mon Mar 7 20:38:11 UTC 2016 - toddrme2178@gmail.com + +- Add Python-3.5.1-fix_lru_cache_copying.patch + Fix copying the lru_cache() wrapper object. + Fixes deep-copying lru_cache regression, which worked on + previous versions of python but fails on python 3.5. + This fixes a bunch of packages in devel:languages:python3. + See: https://bugs.python.org/issue25447 + +------------------------------------------------------------------- +Sun Jan 24 00:44:08 UTC 2016 - arichardson.kde@gmail.com + +- Build the docs in .qch format as well + +------------------------------------------------------------------- +Wed Dec 9 07:35:20 UTC 2015 - toddrme2178@gmail.com + +- update to 3.5.1 + * bugfix-only release, dozens of bugs fixed +- Drop upstreamed Python-3.5.0-_Py_atomic_xxx-symbols.patch +- "Python3" to "Python 3" in summary + * This seems cleaner and fixes and rpmlint warning + +------------------------------------------------------------------- +Wed Oct 14 20:21:52 UTC 2015 - toddrme2178@gmail.com + +- Add Python-3.5.0-_Py_atomic_xxx-symbols.patch + This fixes a build error for many packages that use the Python, + C-API. + This patch is already accepted upstream and is slated to appear in + python 3.5.1. + +------------------------------------------------------------------- +Tue Sep 29 15:53:24 UTC 2015 - jmatejek@suse.com + +- update to 3.5.0 + * coroutines with async/await syntax + * matrix multiplication operator `@` + * unpacking generalizations + * new modules `typing` and `zipapp` + * type annotations + * .pyo files replaced by custom suffixes for optimization levels in __pycache__ + * support for memory BIO in ssl module + * performance improvements in several modules + * and many more +- removals and behavior changes + * deprecated `__version__` is removed + * support for .pyo files was removed + * system calls are auto-retried on EINTR + * bare generator expressions in function calls now cause SyntaxError + (change "f(x for x in i)" to "f((x for x in i))" to fix) + * removed undocumented `format` member of private `PyMemoryViewObject` struct + * renamed `PyMemAllocator` to `PyMemAllocatorEx` +- redefine %dynlib macro to reflect that modules now have arch+os as part of name +- module `time` is now built-in +- dropped upstreamed patches: + python-3.4.1-fix-faulthandler.patch + python-3.4.3-test-conditional-ssl.patch + python-fix-short-dh.patch (also dropped dh2048.pem required for this patch) +- updated patch Python-3.3.0b2-multilib.patch to Python-3.5.0-multilib.patch +- python-ncurses-6.0-accessors.patch taken from python 2 to fix build failure + with new gcc + ncurses + +------------------------------------------------------------------- +Wed Sep 9 11:51:22 UTC 2015 - dimstar@opensuse.org + +- Add python3-ncurses-6.0-accessors.patch: Fix build with + NCurses 6.0 and OPAQUE_WINDOW set to 1. + +------------------------------------------------------------------- +Mon Aug 24 17:02:08 UTC 2015 - jmatejek@suse.com + +- improve import_failed hook to do the right thing when invoking + missing modules with "python3 -m modulename" (boo#942751) + +------------------------------------------------------------------- +Thu Jul 23 22:08:10 UTC 2015 - fisiu@opensuse.org + +- Build with --enable-loadable-sqlite-extensions to make it works + as geospatial database. + +------------------------------------------------------------------- +Wed Jul 1 07:07:26 UTC 2015 - dimstar@opensuse.org + +- Fix source list for previous change (add dh2048.pem). + +------------------------------------------------------------------- +Wed Jun 24 06:54:30 UTC 2015 - meissner@suse.com + +- dh2048.pem: added generated 2048 dh parameter set to fix + ssl test (bsc#935856) +- python-fix-short-dh.patch: replace the 512 bits dh parameter set + by 2048 bits to fix build with new openssl 1.0.2c (bsc#935856) + +------------------------------------------------------------------- +Tue May 19 14:59:30 UTC 2015 - schwab@suse.de + +- ctypes-libffi-aarch64.patch: remove upstreamed patch +- python-2.7-libffi-aarch64.patch: Fix argument passing in libffi for + aarch64 + +------------------------------------------------------------------- +Thu May 14 10:58:36 UTC 2015 - jmatejek@suse.com + +- drop the PDF subpackage + (removes the massive texlive dependency, and most likely nobody is + using the PDFs anyway) + +------------------------------------------------------------------- +Thu May 14 09:53:29 UTC 2015 - jmatejek@suse.com + +- python-3.4.3-test-conditional-ssl.patch - restore tests failing because + test_urllib was unconditionally importing ssl (without really needing it) +- restore functionality of multilib patch +- drop libffi-ppc64le.diff because upstream completely changed everything + yet again (sorry ppc64 folks :| ) + + +------------------------------------------------------------------- +Fri May 1 15:11:21 UTC 2015 - mailaender@opensuse.org + +- Update to version 3.4.3 +- Drop upstreamed CVE-2014-4650-CGIHTTPServer-traversal.patch + (bpo#21766) + +------------------------------------------------------------------- +Wed Mar 25 10:57:28 UTC 2015 - rguenther@suse.com + +- Add python-3.4.1-fix-faulthandler.patch, upstream patch for bogus + faulthandler which fails with GCC 5. + +------------------------------------------------------------------- +Sun Jan 11 13:01:30 UTC 2015 - p.drouand@gmail.com + +- asyncio has been merged in python3 main package; provide and + obsolete it +- Remove obsolete AUTHORS section +- Remove redundant %clean section + +------------------------------------------------------------------- +Sat Oct 18 20:14:54 UTC 2014 - crrodriguez@opensuse.org + +- Only pkgconfig(x11) is required for build, not the whole + set of packages provided by xorg-x11-devel metapackage. + +------------------------------------------------------------------- +Mon Oct 13 13:38:20 UTC 2014 - jmatejek@suse.com + +- add %python3_version rpm macro for Fedora compatibility +- add missing argument in import_failed, rename Novell Bugzilla + to SUSE Bugzilla + +------------------------------------------------------------------- +Thu Jul 31 17:24:59 UTC 2014 - dimstar@opensuse.org + +- Rename rpmlintrc to %{name}-rpmlintrc. + Follow the packaging guidelines. + +------------------------------------------------------------------- +Wed Jul 23 16:31:02 UTC 2014 - jmatejek@suse.com + +- CVE-2014-4650-CGIHTTPServer-traversal.patch: CGIHTTPServer file + disclosure and directory traversal through URL-encoded characters + (CVE-2014-4650, bnc#885882) + +------------------------------------------------------------------- +Tue Jul 22 13:55:57 UTC 2014 - jmatejek@suse.com + +- drop python-3.4.1-SUSE-ensurepip.patch for compatibility reasons, + reinstate bundled copies of pip and setuptools + (fixes bnc#885662) +- add more files as sources to silence the validator + +------------------------------------------------------------------- +Wed May 21 11:01:56 UTC 2014 - jmatejek@suse.com + +- update to 3.4.1 + * bugfix-only release, over 300 bugs fixed +- drop upstreamed python-3.4.0rc2-sqlite-3.8.4-tests.patch +- drop upstreamed CVE-2014-2667-mkdir.patch +- include Python release manager keyring and signature file + for the source archive (thus renumbering of source files) + (see https://www.python.org/download/#openpgp-public-keys ) +- move ensurepip to python3, because it transitively requires ssl + +------------------------------------------------------------------- +Fri Apr 4 16:21:40 UTC 2014 - jmatejek@suse.com + +- CVE-2014-2667-mkdir.patch: race condition with reseting umask + in os.makedirs + (CVE-2014-2667, bnc#871152) +- updated multilib patch to include ~/.local/lib64 (bnc#637176) + +------------------------------------------------------------------- +Wed Mar 26 15:24:46 UTC 2014 - jmatejek@suse.com + +- raise timeout value for test_subprocess to 10s (might fix + intermittent build failures in OBS) + +------------------------------------------------------------------- +Mon Mar 24 17:29:31 UTC 2014 - dmueller@suse.com + +- remove blacklisting of test_posix on aarch64: qemu bug is fixed + +------------------------------------------------------------------- +Mon Mar 17 18:26:58 UTC 2014 - jmatejek@suse.com + +- update to 3.4.0 final +- drop upstreamed python-3.4rc2-importlib.patch + +------------------------------------------------------------------- +Sun Mar 16 16:33:25 UTC 2014 - schwab@suse.de + +- Only build with profile-opt if profiling is enabled +- Update test exclusion lists: + * test_ctypes no longer fails on arm + * test_io no longer fails on ppc* + * test_multiprocessing has been split in multiple tests + * test_posix and test_signal fail due to qemu bugs + +------------------------------------------------------------------- +Fri Mar 14 20:26:03 UTC 2014 - andreas.stieger@gmx.de + +- Fix build with SQLite 3.8.4 [bnc#867887], fixing SQLite tests, + adding python-2.7.6-sqlite-3.8.4-tests.patch + +------------------------------------------------------------------- +Thu Feb 27 14:08:40 UTC 2014 - jmatejek@suse.com + +- update to 3.4.0 rc2 + * pre-release bugfixes + * improvements to asyncio library +- drop upstreamed tracemalloc_gcov.patch +- python-3.4rc2-importlib.patch fixes backwards-incompatibility + in the reworked importlib module that blocks build of vim + +------------------------------------------------------------------- +Fri Jan 17 18:45:27 UTC 2014 - jmatejek@suse.com + +- initial commit of 3.4.0 beta 3 + * new stdlib modules: pathlib, enum, statistics, tracemalloc + * asynchronous IO with new asyncio module + * introspection data for builtins + * subprocesses no longer inherit open file descriptors + * standardized metadata for packages + * internal hashing changed to SipHash + * new pickle protocol + * improved handling of codecs + * TLS 1.2 support + * major speed improvements for internal unicode handling + * many bugfixes and optimizations +- see porting guide at: + http://docs.python.org/3.4/whatsnew/3.4.html#porting-to-python-3-4 +- moved several modules to -testsuite subpackage +- updated list of binary extensions, refreshed patches +- tracemalloc_gcov.patch fixes profile-based optimization build +- updated packages and pre_checkin.sh to use ~-version notation + for prereleases +- fix-shebangs part of build process moved to common %prep +- drop python-3.3.2-no-REUSEPORT.patch (upstreamed) +- update baselibs for new soname + +- TODOs: + * require python-pip, make ensurepip work with zypper + +------------------------------------------------------------------- +Wed Dec 4 13:21:26 UTC 2013 - matz@suse.de + +- add ppc64le (ELFv2) support for libffi copy for ctypes module +- Adjust Python-3.3.0b2-multilib.patch for ppc64le (make sys.lib be + "lib64"). +- added patches: + * libffi-ppc64le.diff +------------------------------------------------------------------- +Tue Dec 3 09:51:43 UTC 2013 - adrian@suse.de + +- add ppc64le rules + +------------------------------------------------------------------- +Fri Nov 22 13:17:23 UTC 2013 - speilicke@suse.com + +- Add python-3.3.3-skip-distutils-test_sysconfig_module.patch: + + Disable global and distutils sysconfig comparison test, we deviate + from the default depending on optflags + +------------------------------------------------------------------- +Tue Nov 19 14:28:41 UTC 2013 - jmatejek@suse.com + +- update to 3.3.3 + * bugfix-only release + * many SSL-related fixes + * upstream fix for CVE-2013-4238 + * upstream fixes for CVE-2013-1752 +- move example module xxlimited to python3-testsuite +- drop CVE-2013-4238_py33.patch - it is upstreamed +- remove --with-wide-unicode config option, it is now the default + (and only) choice +- don't touch anything between make and makeinstall +- drop python-3.2b2-buildtime-generate.patch - the issue was caused + by touching things between make and makeinstall +- link pycache entries for import_failed hooks properly + +------------------------------------------------------------------- +Tue Oct 15 17:44:08 UTC 2013 - crrodriguez@opensuse.org + +- build with -DOPENSSL_LOAD_CONF for the same reasons + described in the python2 package. + +------------------------------------------------------------------- +Fri Aug 16 11:35:15 UTC 2013 - jmatejek@suse.com + +- handle NULL bytes in certain fields of SSL certificates + (CVE-2013-4238, bnc#834601) + +------------------------------------------------------------------- +Thu Aug 8 14:54:49 UTC 2013 - dvaleev@suse.com + +- Exclue test_faulthandler from tests on powerpc due to bnc#831629 + +------------------------------------------------------------------- +Thu Jun 13 15:05:34 UTC 2013 - jmatejek@suse.com + +- update to 3.3.2 + * bugfix-only release + * fixes several regressions introduced in 3.3.1 +- switch to xz compression +- move _lzma module to python3-base +- python-3.3.2-no-REUSEPORT.patch to fix build on kernels without SO_REUSEPORT + +------------------------------------------------------------------- +Mon Apr 29 22:32:43 UTC 2013 - schwab@suse.de + +- Readd missing bits from ctypes-libffi-aarch64.patch + +------------------------------------------------------------------- +Sat Apr 13 07:56:51 UTC 2013 - idonmez@suse.com + +- Update to version 3.3.1 + * Fix the –enable-profiling configure switch. + * In IDLE, close the replace dialog after it is used. +- Too many bugfixes to list here, + see See http://hg.python.org/cpython/file/v3.3.0/Misc/NEWS +- Refresh Python-3.3.0b2-multilib.patch +- Refresh python-3.2b2-buildtime-generate.patch +- Drop upstream patches: ctypes-libffi-aarch64.patch, + python-3.2.3rc2-pypirc-secure.patch, python-3.3.0-getdents64.patch + +------------------------------------------------------------------- +Mon Apr 8 11:25:30 UTC 2013 - speilicke@suse.com + +- Exclude sqlite/test and tk/test directories from the respective + sub-packages. These are owned by the testsuite sub-package already + +------------------------------------------------------------------- +Fri Apr 5 12:59:20 UTC 2013 - idonmez@suse.com + +- Add Source URL, see https://en.opensuse.org/title=SourceUrls + +------------------------------------------------------------------- +Wed Apr 3 15:36:04 UTC 2013 - jmatejek@suse.com + +- remove spurious modification of python-3.3.0b1-localpath.patch + that would force installation into /usr/local. + this fixes bnc#809831 + +------------------------------------------------------------------- +Thu Mar 28 18:38:51 UTC 2013 - jmatejek@suse.com + +- replace broken movetogetdents64.diff patch with a correct one + from upstream repo (python-3.3.0-getdents64.patch) + +------------------------------------------------------------------- +Fri Mar 1 07:42:21 UTC 2013 - dmueller@suse.com + +- add ctypes-libffi-aarch64.patch: + * import aarch64 support for libffi in _ctypes module +- add aarch64 to the list of lib64 based archs +- add movetogetdents64.diff: + * port to getdents64, as SYS_getdents is not implemented everywhere + +------------------------------------------------------------------- +Tue Feb 26 08:57:55 UTC 2013 - saschpe@suse.de + +- /etc/rpm/macros.python3 is no %config, it is not meant to be changed + by users. +- Add rpmlintrc with some obvious filters + +------------------------------------------------------------------- +Mon Jan 28 18:14:39 UTC 2013 - jmatejek@suse.com + +- update baselibs for new version of libpython3 + +------------------------------------------------------------------- +Thu Nov 29 17:02:37 UTC 2012 - jmatejek@suse.com + +- fix include path in macros (bnc#787526) +- implement failed import handlers for modules that live in + subpackages - e.g. "import ssl" will now throw a sensible error + message telling you to install "python3" + +------------------------------------------------------------------- +Wed Nov 28 17:02:07 UTC 2012 - jmatejek@suse.com + +- merge python3-xml into python3 +- merge python3-2to3 library into python3-base + and the 2to3 binary into python3-devel + (python3-devel is now in conflict with python-2to3, which + will be dropped) +- enable --with-system-expat for python3, making the xml modules + (and thus python3) depend on expat +- reconfigure tests to disable network and GUI resources, which + the upstream apparently thought is a good idea to enable by default. + this fixes build failures in Factory +- add lzma-devel to build the _lzma module +- moved %dynlib macro definition to common section + +------------------------------------------------------------------- +Mon Nov 5 20:01:46 UTC 2012 - coolo@suse.com + +- buildrequire timezone for the test suite + +------------------------------------------------------------------- +Mon Oct 29 18:21:45 UTC 2012 - dmueller@suse.com + +- disable more checks for qemu builds as they use syscalls not + implemented yet + +------------------------------------------------------------------- +Thu Oct 25 08:14:36 UTC 2012 - Rene.vanPaassen@gmail.com + +- exclude test_math for SLE 11; math library fails on negative + gamma function values close to integers and 0, probably + due to imprecision in -lm on SLE_11_SP2. + +------------------------------------------------------------------- +Tue Oct 16 12:15:34 UTC 2012 - coolo@suse.com + +- buildrequire libbz2-devel explicitly + +------------------------------------------------------------------- +Mon Oct 8 14:33:08 UTC 2012 - jmatejek@suse.com + +- remove distutils.cfg (bnc#658604) + * this changes default prefix for distutils to /usr + * see ML for details: +http://lists.opensuse.org/opensuse-packaging/2012-09/msg00254.html + +------------------------------------------------------------------- +Mon Oct 1 08:53:03 UTC 2012 - idonmez@suse.com + +- Update to final 3.3.0 release + * See http://hg.python.org/cpython/file/v3.3.0/Misc/NEWS + +------------------------------------------------------------------- +Thu Sep 27 12:35:01 UTC 2012 - idonmez@suse.com + +- Correct dependency for python3-testsuite, + python3-tkinter -> python3-tk + +------------------------------------------------------------------- +Thu Aug 23 13:08:11 UTC 2012 - jmatejek@suse.com + +- update to 3.3.0 RC1 + +------------------------------------------------------------------- +Fri Aug 3 12:09:34 UTC 2012 - jmatejek@suse.com + +- update to 3.3.0 beta 1 + * flexible string representation, no longer distinguishing + between wide and narrow Unicode builds + * importlib-based import system + * virtualenv support in core + * namespace packages + * explicit Unicode literals for easier porting + * key-sharing dict implementation reduces memory footprint + of OO code + * hash randomization on by default + * many other new bugfixes and features, check NEWS for details + +- pre_checkin.sh now autofills various version strings in specs +- ship hashlib's fallback modules - those uselessly take up space + when real _hashlib.so from python3 is present, but the space wasted + is only 114kB and it provides python3-base with a working hashlib + module. + (also, this fixes bnc#743787) + +------------------------------------------------------------------- +Fri Jul 27 09:02:41 UTC 2012 - dvaleev@suse.com + +- skip test_io on ppc +- drop test_io ppc patch + +------------------------------------------------------------------- +Thu Jun 28 07:57:58 UTC 2012 - saschpe@suse.de + +- Satisfy source_validator by uncommenting an otherwise unused "Patch" + line + +------------------------------------------------------------------- +Tue Jun 12 15:39:08 UTC 2012 - adrian@suse.de + +- fix logic of checks exclusion + +------------------------------------------------------------------- +Fri May 18 11:50:27 UTC 2012 - idonmez@suse.com + +- update to 3.2.3 + * No changes since rc2 + +------------------------------------------------------------------- +Thu Mar 29 15:44:33 UTC 2012 - jmatejek@suse.com + +- update to 3.2.3rc2 + * fixes several security issues: + * CVE-2012-0845, bnc#747125 + * CVE-2012-1150, bnc#751718 + * CVE-2011-4944, bnc#754447 + * CVE-2011-3389, bnc#754677 +- fix for insecure .pypirc (CVE-2011-4944, bnc#754447) +- disable test_gdb because it is broken by our gdb + +------------------------------------------------------------------- +Thu Feb 16 12:33:12 UTC 2012 - dvaleev@suse.com + +- skip broken test_io test on ppc + +------------------------------------------------------------------- +Wed Jan 18 15:49:47 UTC 2012 - jmatejek@suse.com + +- update to 3.2.2 + * bugfix-only release + * reports "linux2" as sys.platform regardless of Linux kernel +- added pre_checkin.sh to copy common spec sections to python3.spec +- added PACKAGING-NOTES with some helpful info for packagers + +------------------------------------------------------------------- +Sun Dec 25 13:25:01 UTC 2011 - idonmez@suse.com + +- Use system ffi, included one is broken see + http://bugs.python.org/issue11729 and + http://bugs.python.org/issue12081 + +------------------------------------------------------------------- +Fri Dec 9 17:19:55 UTC 2011 - jmatejek@suse.com + +- license.opensuse.org-compatible license headers + +------------------------------------------------------------------- +Fri Dec 2 16:46:44 UTC 2011 - coolo@suse.com + +- add automake as buildrequire to avoid implicit dependency + +------------------------------------------------------------------- +Thu Nov 24 12:42:25 UTC 2011 - agraf@suse.com + +- fix ARM build (exclude some test cases which break for us) + +------------------------------------------------------------------- +Tue Aug 16 17:02:22 UTC 2011 - termim@gmail.com + +- use sysconfig module to get py3_incdir, py3_abiflags, + py3_soflags, python3_sitelib and python3_sitearch + +------------------------------------------------------------------- +Mon Jul 18 16:22:31 UTC 2011 - jmatejek@novell.com + +- update to 3.2.1 + * bugfix-only release, no major changes +- fix build on linux3 platform +- remove upstreamed pybench patch +- install /usr/lib directories in all cases to prevent spurious + "directory not owned" in dependent packages + +------------------------------------------------------------------- +Wed Jun 15 14:16:38 UTC 2011 - jmatejek@novell.com + +- replaced dynamic so version with manual so version, because + autobuild does not support autogeneration + +------------------------------------------------------------------- +Tue May 24 13:39:06 UTC 2011 - jmatejek@novell.com + +- generate macros.python3 at compile-time with fixed values +- don't include bogus values in pyconfig.h, as they can break + third-party packages (bnc#673071) + +------------------------------------------------------------------- +Tue May 17 12:52:51 UTC 2011 - jmatejek@novell.com + +- added Obsoletes: python3 < 3.1 so that the transition from + non-split to split packages goes smoothly + +------------------------------------------------------------------- +Fri May 13 12:38:19 UTC 2011 - jmatejek@novell.com + +- fixed RPM macros to use python3 instead of python +- updated to build --with-wide-unicode (for compatibility with + fedora and our own python 2.x series) + +------------------------------------------------------------------- +Thu Apr 21 03:39:25 UTC 2011 - termim@gmail.com + +- fix python3-base build failure due to pybench.py crash by + python-3.2-pybench.patch +- move pyconfig.h from python3-devel to python3-base package to + make python3-base functional again + +------------------------------------------------------------------- +Wed Mar 23 04:26:28 UTC 2011 - termim@gmail.com + +- update to python 3.2 + * stable ABI, ABI-tagged .so files + * concurrent.futures and many other new or upgraded modules + * PYC repository directories ( __pycache__ ) + * python WSGI 1.0.1 + * Unicode 6.0.0 support + * a great number of bugfixes and assorted improvements + +------------------------------------------------------------------- +Tue Feb 8 19:42:17 CET 2011 - matejcik@suse.cz + +- update to python 3.2 RC2 +- renamed python3-demo to python3-tools, because the demo part + became much smaller than the tools part +- added rpm macros + +------------------------------------------------------------------- +Tue Jan 18 14:13:04 UTC 2011 - jmatejek@novell.com + +- update to python 3.2 beta 2, see NEWS for details +- split off -base package with less dependencies, and a shlib-policy + compliant libpython3 package +- mostly rewritten the spec file with more detailed comments +- cleaned up lists of patches + diff --git a/python311.spec b/python311.spec new file mode 100644 index 0000000..03cbe24 --- /dev/null +++ b/python311.spec @@ -0,0 +1,1064 @@ +# +# spec file for package python311 +# +# Copyright (c) 2025 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%global flavor @BUILD_FLAVOR@%{nil} +%if "%{flavor}" == "doc" +%define psuffix -documentation +%bcond_without doc +%bcond_with base +%bcond_with general +%endif +%if "%{flavor}" == "base" +%define psuffix -core +%bcond_with doc +%bcond_without base +%bcond_with general +%endif +%if "%{flavor}" == "" +%define psuffix %{nil} +%bcond_with doc +%bcond_with base +%bcond_without general +%endif + +%if 0%{?do_profiling} && !0%{?want_reproducible_builds} +%bcond_without profileopt +%else +%bcond_with profileopt +%endif + +# Only for Tumbleweed +# https://en.opensuse.org/openSUSE:Python:Externally_managed +%if 0%{?suse_version} > 1600 +%bcond_without externally_managed +%else +%bcond_with externally_managed +%endif + +%define python_pkg_name python311 +%if "%{python_pkg_name}" == "%{primary_python}" +%define primary_interpreter 1 +%else +%define primary_interpreter 0 +%endif + +# Setting up variables +%define _version %(c=%{version}; echo ${c/[a-z]*/}) +%define tar_suffix %(c=%{_version}; echo ${c#%{_version}}) +%define python_version %(echo %{_version}|cut -d. -f1-2) +# based on the current source tarball +%define python_version_abitag %(c=%{python_version}; echo ${c//./}) +# FIXME %%define python_version_soname %%(c=%%{python_version}; echo ${c//./_}) +%define python_version_soname 3_11 +%if 0%(test -n "%{tar_suffix}" && echo 1) +%define _version %(echo "%{_version}~%{tar_suffix}") +%define tarversion %{version} +%else +%define tarversion %{version} +%endif +# We don't process beta signs well +%define folderversion %{tarversion} +%define tarname Python-%{tarversion} +%define sitedir %{_libdir}/python%{python_version} +# three possible ABI kinds: m - pymalloc, d - debug build; see PEP 3149 +%define abi_kind %{nil} +# python ABI version - used in some file names +%define python_abi %{python_version}%{abi_kind} +# soname ABI tag defined in PEP 3149 +%define abi_tag %{python_version_abitag}%{abi_kind} +# version part of "libpython" package +%define so_major 1 +%define so_minor 0 +%define so_version %{python_version_soname}%{abi_kind}-%{so_major}_%{so_minor} +# rpm and python have different ideas about what is an arch-dependent name, so: +%if "%{__isa_name}" == "ppc" +%define archname %(echo %{_arch} | sed s/ppc/powerpc/) +%else +%define archname %{_arch} +%endif +# our arm has Hardware-Floatingpoint +%if "%{_arch}" == "arm" +%define armsuffix hf +%endif +# Decide whether we want to use mpdecimal +%if 0%{?suse_version} >= 1550 +%bcond_without mpdecimal +%else +%bcond_with mpdecimal +%endif +# pyexpat.cpython-35m-x86_64-linux-gnu +# pyexpat.cpython-35m-powerpc64le-linux-gnu +# pyexpat.cpython-35m-armv7-linux-gnueabihf +# _md5.cpython-38m-x86_64-linux-gnu.so +%define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so +%bcond_without profileopt +Name: %{python_pkg_name}%{psuffix} +Version: 3.11.11 +Release: 0 +Summary: Python 3 Interpreter +License: Python-2.0 +URL: https://www.python.org/ +Source0: https://www.python.org/ftp/python/%{folderversion}/%{tarname}.tar.xz +Source1: https://www.python.org/ftp/python/%{folderversion}/%{tarname}.tar.xz.sigstore +Source2: baselibs.conf +Source3: README.SUSE +Source4: externally_managed.in +Source7: macros.python3 +Source8: import_failed.py +Source9: import_failed.map +Source10: pre_checkin.sh +Source11: skipped_tests.py +Source19: idle3.desktop +Source20: idle3.appdata.xml +# content of bluez-devel: +# 1. sudo zypper --pkg-cache-dir /tmp install -f -d --no-recommends bluez-devel +# 2. rpm2cpio /tmp/*/*/bluez-devel-*.rpm|cpio -idu +# 3. mkdir Vendor && mv usr/include/* Vendor/ +# 4. tar cJf bluez-devel-vendor.tar.xz Vendor/ +Source21: bluez-devel-vendor.tar.xz +Source98: python311-rpmlintrc +# Tarball is signed by the GPG key of Pablo Galindo Salgado (0x64E628F8D684696D) +# https://keybase.io/pablogsal/pgp_keys.asc?fingerprint=a035c8c19219ba821ecea86b64e628f8d684696d +Source99: python.keyring +# The following files are not used in the build. +# They are listed here to work around missing functionality in rpmbuild, +# which would otherwise exclude them from distributed src.rpm files. +Source100: PACKAGING-NOTES +# PATCH-FEATURE-UPSTREAM F00251-change-user-install-location.patch bsc#[0-9]+ mcepl@suse.com +# Fix installation in /usr/local (boo#1071941), originally from Fedora +# https://src.fedoraproject.org/rpms/python3.12/blob/rawhide/f/00251-change-user-install-location.patch +# Set values of prefix and exec_prefix in distutils install command +# to /usr/local if executable is /usr/bin/python* and RPM build +# is not detected to make pip and distutils install into separate location +Patch02: F00251-change-user-install-location.patch +# PATCH-FEATURE-UPSTREAM distutils-reproducible-compile.patch gh#python/cpython#8057 mcepl@suse.com +# Improve reproduceability +Patch03: distutils-reproducible-compile.patch +# support finding packages in /usr/local, install to /usr/local by default +Patch04: python-3.3.0b1-localpath.patch +# replace DATE, TIME and COMPILER by fixed definitions to aid reproducible builds +Patch05: python-3.3.0b1-fix_date_time_compiler.patch +# POSIX_FADV_WILLNEED throws EINVAL. Use a different constant in test +Patch06: python-3.3.0b1-test-posix_fadvise.patch +# Raise timeout value for test_subprocess +Patch07: subprocess-raise-timeout.patch +# PATCH-FEATURE-UPSTREAM bpo-31046_ensurepip_honours_prefix.patch bpo#31046 mcepl@suse.com +# ensurepip should honour the value of $(prefix) +Patch08: bpo-31046_ensurepip_honours_prefix.patch +# PATCH-FIX-SLE no-skipif-doctests.patch jsc#SLE-13738 mcepl@suse.com +# SLE-15 version of Sphinx doesn't know about skipif directive in doctests. +Patch09: no-skipif-doctests.patch +# PATCH-FIX-SLE skip-test_pyobject_freed_is_freed.patch mcepl@suse.com +# skip a test failing on SLE-15 +Patch10: skip-test_pyobject_freed_is_freed.patch +# PATCH-FIX-SLE fix_configure_rst.patch bpo#43774 mcepl@suse.com +# remove duplicate link targets and make documentation with old Sphinx in SLE +Patch11: fix_configure_rst.patch +# PATCH-FIX-UPSTREAM skip_if_buildbot-extend.patch gh#python/cpython#103053 mcepl@suse.com +# Skip test_freeze_simple_script +Patch13: skip_if_buildbot-extend.patch +# PATCH-FIX-UPSTREAM bsc1221260-test_asyncio-ResourceWarning.patch bsc#1221260 mcepl@suse.com +# prevent ResourceWarning in test_asyncio tests +Patch15: bsc1221260-test_asyncio-ResourceWarning.patch +# PATCH-FIX-OPENSUSE CVE-2023-52425-libexpat-2.6.0-backport.patch +# This problem on libexpat is patched on SLE without version +# update, this patch changes the tests to match the libexpat provided +# by SUSE +Patch16: CVE-2023-52425-libexpat-2.6.0-backport.patch +Patch17: CVE-2023-52425-remove-reparse_deferral-tests.patch +# PATCH-FIX-UPSTREAM bso1227999-reproducible-builds.patch bsc#1227999 mcepl@suse.com +# reproducibility patches +Patch19: bso1227999-reproducible-builds.patch +# PATCH-FIX-UPSTREAM gh120226-fix-sendfile-test-kernel-610.patch gh#python/cpython#120226 mcepl@suse.com +# Fix test_sendfile_close_peer_in_the_middle_of_receiving on Linux >= 6.10 (GH-120227) +Patch22: gh120226-fix-sendfile-test-kernel-610.patch +# PATCH-FIX-UPSTREAM Add platform triplets for 64-bit LoongArch gh#python/cpython#30939 glaubitz@suse.com +Patch24: add-loongarch64-support.patch +# PATCH-FIX-UPSTREAM CVE-2025-0938-sq-brackets-domain-names.patch bsc#1236705 mcepl@suse.com +# functions `urllib.parse.urlsplit` and `urlparse` accept domain names including square brackets +Patch25: CVE-2025-0938-sq-brackets-domain-names.patch +BuildRequires: autoconf-archive +BuildRequires: automake +BuildRequires: fdupes +BuildRequires: gmp-devel +BuildRequires: lzma-devel +BuildRequires: netcfg +BuildRequires: openssl-devel +BuildRequires: pkgconfig +BuildRequires: xz +BuildRequires: pkgconfig(bzip2) +BuildRequires: pkgconfig(expat) +BuildRequires: pkgconfig(libffi) +BuildRequires: pkgconfig(uuid) +BuildRequires: pkgconfig(zlib) +#!BuildIgnore: gdk-pixbuf-loader-rsvg +%if 0%{?suse_version} >= 1550 +# The provider for python(abi) is in rpm-build-python +BuildRequires: rpm-build-python +%endif +%if 0%{?suse_version} >= 1500 && 0%{?suse_version} < 1599 +BuildRequires: pkgconfig(libnsl) +BuildRequires: pkgconfig(libtirpc) +%endif +%if %{with mpdecimal} +BuildRequires: mpdecimal-devel +%endif +%if %{with doc} +BuildRequires: python3-Sphinx >= 4.0.0 +%if 0%{?suse_version} >= 1500 +BuildRequires: python3-python-docs-theme >= 2022.1 +%endif +%endif +%if %{with general} +# required for idle3 (.desktop and .appdata.xml files) +BuildRequires: appstream-glib +BuildRequires: gcc-c++ +BuildRequires: gdbm-devel +BuildRequires: gettext +BuildRequires: readline-devel +BuildRequires: sqlite-devel +BuildRequires: timezone +BuildRequires: pkgconfig(ncurses) +BuildRequires: pkgconfig(tk) +BuildRequires: pkgconfig(x11) +Requires: %{python_pkg_name}-base = %{version} +Provides: %{python_pkg_name}-readline +Provides: %{python_pkg_name}-sqlite3 +Recommends: %{python_pkg_name}-curses +Recommends: %{python_pkg_name}-dbm +Recommends: %{python_pkg_name}-pip +%if %{primary_interpreter} +Provides: python3 = %{python_version} +Provides: python3-readline +Provides: python3-sqlite3 +%endif +%endif +%{?suse_build_hwcaps_libs} + +%description +Python 3 is modern interpreted, object-oriented programming language, +often compared to Tcl, Perl, Scheme, or Java. You can find an overview +of Python in the documentation and tutorials included in the python3-doc +package. + +This package supplies rich command line features provided by readline, +and sqlite3 support for the interpreter core, thus forming a so called +"extended" runtime. +Installing "python3" is sufficient for the vast majority of usecases. +In addition, recommended packages provide UI toolkit support (python3-curses, +python3-tk), legacy UNIX database bindings (python3-dbm), and the IDLE +development environment (python3-idle). + +%package -n %{python_pkg_name}-tk +Summary: TkInter, a Python Tk Interface +Requires: %{python_pkg_name} = %{version} +%if %{primary_interpreter} +Provides: python3-tk = %{version} +%endif + +%description -n %{python_pkg_name}-tk +Python interface to Tk. Tk is the GUI toolkit that comes with Tcl. + +%package -n %{python_pkg_name}-curses +Summary: Python Interface to the (N)Curses Library +Requires: %{python_pkg_name} = %{version} +%if %{primary_interpreter} +Provides: python3-curses +%endif + +%description -n %{python_pkg_name}-curses +An easy to use interface to the (n)curses CUI library. CUI stands for +Console User Interface. + +%package -n %{python_pkg_name}-dbm +Summary: Python Interface to the GDBM Library +Requires: %{python_pkg_name} = %{version} +%if %{primary_interpreter} +Provides: python3-dbm +%endif + +%description -n %{python_pkg_name}-dbm +An easy to use interface for Unix DBM databases, and more specifically, +the GNU implementation GDBM. + +%package -n %{python_pkg_name}-idle +Summary: An Integrated Development Environment for Python +Requires: %{python_pkg_name} = %{version} +Requires: %{python_pkg_name}-tk +%if %{primary_interpreter} +Provides: python3-idle = %{version} +%endif + +%description -n %{python_pkg_name}-idle +IDLE is a Tkinter based integrated development environment for Python. +It features a multi-window text editor with multiple undo, Python +colorizing, and many other things, as well as a Python shell window and +a debugger. + +%package -n %{python_pkg_name}-doc +Summary: Package Documentation for Python 3 +Enhances: %{python_pkg_name} = %{python_version} +%if %{primary_interpreter} +Provides: python3-doc = %{version} +%endif + +%description -n %{python_pkg_name}-doc +Tutorial, Global Module Index, Language Reference, Library Reference, +Extending and Embedding Reference, Python/C API Reference, Documenting +Python, and Macintosh Module Reference in HTML format. + +%package -n %{python_pkg_name}-doc-devhelp +Summary: Additional Package Documentation for Python 3 in devhelp format +%if %{primary_interpreter} +Provides: python3-doc-devhelp = %{version} +%endif + +%description -n %{python_pkg_name}-doc-devhelp +Tutorial, Global Module Index, Language Reference, Library Reference, +Extending and Embedding Reference, Python/C API Reference, Documenting +Python, and Macintosh Module Reference in format for devhelp. + +%package -n %{python_pkg_name}-base +Summary: Python 3 Interpreter and Stdlib Core +Requires: libpython%{so_version} = %{version} +Recommends: %{python_pkg_name} = %{version} +#Recommends: python3-ensurepip +# python 3.1 didn't have a separate python-base, so it is wrongly +# not a conflict to have python3-3.1 and python3-base > 3.1 +Obsoletes: python3 < 3.2 +# no Provides, because python3 is obviously provided by package python3 +# python 3.4 provides asyncio +Provides: %{python_pkg_name}-asyncio = %{version} +# python 3.6 provides typing +Provides: %{python_pkg_name}-typing = %{version} +# python3-xml was merged into python3, now moved into -base +Provides: %{python_pkg_name}-xml = %{version} +%if %{primary_interpreter} +Provides: python3-asyncio = %{version} +Obsoletes: python3-asyncio < %{version} +Provides: python3-base = %{version} +Obsoletes: python3-base < %{version} +Provides: python3-typing = %{version} +Obsoletes: python3-typing < %{version} +Provides: python3-xml = %{version} +Obsoletes: python3-xml < %{version} +%endif + +%description -n %{python_pkg_name}-base +Python is an interpreted, object-oriented programming language, and is +often compared to Tcl, Perl, Scheme, or Java. You can find an overview +of Python in the documentation and tutorials included in the python-doc +package. + +This package contains the interpreter core and most commonly used modules +from the standard library. This is sufficient for many usecases, but it +excludes components that depend on external libraries, most notably XML, +database and UI toolkits support. + +%package -n %{python_pkg_name}-tools +Summary: Python Utility and Demonstration Scripts +Requires: %{python_pkg_name}-base = %{version} +Provides: %{python_pkg_name}-2to3 = %{version} +Provides: %{python_pkg_name}-demo = %{version} +%if %{primary_interpreter} +Provides: python3-2to3 = %{version} +Provides: python3-demo = %{version} +Provides: python3-tools = %{version} +Obsoletes: python3-2to3 < %{version} +Obsoletes: python3-demo < %{version} +%endif + +%description -n %{python_pkg_name}-tools +A number of scripts that are useful for building, testing or extending Python, +and a set of demonstration programs. + +%package -n %{python_pkg_name}-devel +Summary: Include Files and Libraries Mandatory for Building Python Modules +Requires: %{python_pkg_name}-base = %{version} +%if %{primary_interpreter} +Provides: python3-devel = %{version} +%endif + +%description -n %{python_pkg_name}-devel +The Python programming language's interpreter can be extended with +dynamically loaded extensions and can be embedded in other programs. + +This package contains header files, a static library, and development +tools for building Python modules, extending the Python interpreter or +embedding Python in applications. + +This also includes the Python distutils, which were in the Python +package up to version 2.2.2. + +%package -n %{python_pkg_name}-testsuite +Summary: Unit tests for Python and its standard library +Requires: %{python_pkg_name} = %{version} +Requires: %{python_pkg_name}-tk = %{version} +%if %{primary_interpreter} +Provides: python3-testsuite = %{version} +%endif + +%description -n %{python_pkg_name}-testsuite +Unit tests that are useful for verifying integrity and functionality +of the installed Python interpreter and standard library. +They are a documented part of stdlib, as a module 'test'. + +%package -n libpython%{so_version} +Summary: Python Interpreter shared library +Requires: %{python_pkg_name}-base >= %{version} + +%description -n libpython%{so_version} +Python is an interpreted, object-oriented programming language, and is +often compared to Tcl, Perl, Scheme, or Java. You can find an overview +of Python in the documentation and tutorials included in the python-doc +(HTML) or python-doc-pdf (PDF) packages. + +This package contains libpython3.2 shared library for embedding in +other applications. + +%prep +%setup -q -n %{tarname} + +%patch -p1 -P 02 +%patch -p1 -P 03 +%patch -p1 -P 04 +%patch -p1 -P 05 +%patch -p1 -P 06 +%patch -p1 -P 07 +%patch -p1 -P 08 + +%if 0%{?suse_version} <= 1500 +%patch -P 09 -p1 +%endif + +%patch -p1 -P 10 +%patch -p1 -P 11 +%patch -p1 -P 13 +%patch -p1 -P 15 +%patch -p1 -P 16 +%patch -p1 -P 17 +%patch -p1 -P 19 +%patch -p1 -P 22 +%patch -p1 -P 24 +%patch -p1 -P 25 + +# drop Autoconf version requirement +sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac + +%if %{primary_interpreter} +# fix shebangs - convert /usr/local/bin/python and /usr/bin/env/python to /usr/bin/python3 +for dir in Lib Tools; do + # find *.py, filter to files that contain bad shebangs + # break up "/""usr" like this to prevent replacing with %%{_prefix} + find $dir -name '*.py' -type f -print0 \ + | xargs -0 grep -lE '^#! *(/''usr/.*bin/(env +)?)?python' \ + | xargs sed -r -i -e '1s@^#![[:space:]]*(/''usr/(local/)?bin/(env +)?)?python([0-9]+(\.[0-9]+)?)?@#!%{_bindir}/python3@' +done +%else +# For non-primary Python, just don't bother (bsc#1193179) and remove all +# those shebangs +for dir in Lib Tools; do + find $dir -name '*.py' -type f -exec sed -i '1{/^#!.*python/ d}' '{}' \; +done +# We shortened the file Lib/pdb.py so we have to move the test breakpoint location +sed -i -e '/Breakpoint 3 at ...pdb.py:97/s/97/96/' Lib/test/test_pdb.py +%endif + +# drop in-tree libffi and expat +rm -r Modules/_ctypes/libffi* Modules/_ctypes/darwin +# Cannot remove it because of gh#python/cpython#92875 +# rm -r Modules/expat + +# drop duplicate README from site-packages +rm Lib/site-packages/README.txt + +# Add vendored bluez-devel files +tar xvf %{SOURCE21} + +# Don't fail on warnings when building documentation +sed -i -e '/^SPHINXERRORHANDLING/s/-W//' Doc/Makefile + +%build +%if %{with doc} +TODAY_DATE=`date -r %{SOURCE0} "+%%B %%d, %%Y"` +# TODO use not date of tarball but date of latest patch + +cd Doc +sed -i "s/^today = .*/today = '$TODAY_DATE'/" conf.py +%make_build -j1 html + +# Build also devhelp files +sphinx-build -a -b devhelp . build/devhelp +rm -rfv build/devhelp/.doctrees +%else +%define _lto_cflags %{nil} +# use rpm_opt_flags +export OPT="%{optflags} -DOPENSSL_LOAD_CONF -fwrapv $(pkg-config --cflags-only-I libffi) -fno-semantic-interposition" + +touch -r %{SOURCE0} Makefile.pre.in + +autoreconf -fvi + +%if 0%{?sles_version} +sed -e 's/-fprofile-correction//' -i Makefile.pre.in +%endif + +export CFLAGS="%{optflags} -IVendor/" + +%configure \ + --with-platlibdir=%{_lib} \ + --docdir=%{_docdir}/python \ + --enable-ipv6 \ + --enable-shared \ + --with-ensurepip=no \ + --with-system-ffi \ + --with-system-expat \ + --with-lto \ +%if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150400 + --with-ssl-default-suites=openssl \ +%endif +%if %{with profileopt} + --enable-optimizations \ +%endif +%if %{with mpdecimal} + --with-system-libmpdec \ +%endif + --enable-loadable-sqlite-extensions + +# prevent make from trying to rebuild PYTHON_FOR_GEN stuff +# %%make_build -t Python/Python-ast.c \ + # Include/Python-ast.h \ + # Objects/typeslots.inc \ + # Python/opcode_targets.h \ + # Include/opcode.h +%make_build + +%if %{with general} +%make_build +%endif +%if %{with base} +%if %{with profileopt} + target=profile-opt +%else + target=all +%endif +LD_LIBRARY_PATH=.:$LD_LIBRARY_PATH \ + %make_build $target +%endif +%endif + +%check +export SUSE_VERSION="0%{?suse_version}" +export SLE_VERSION="0%{?sle_version}" +%if %{with general} +# exclude test_gdb -- it doesn't run in buildservice anyway, and fails on missing debuginfos +# when you install gdb into your test env +EXCLUDE="test_gdb" +# we patch out the message to recommend zypper in and thus this would fail +EXCLUDE="$EXCLUDE test_pydoc" + +%ifarch %{arm} s390x +# test_multiprocessing_forkserver is racy +EXCLUDE="$EXCLUDE test_multiprocessing_forkserver" +%endif +%ifarch ppc ppc64 ppc64le +# exclue test_faulthandler due to bnc#831629 +EXCLUDE="$EXCLUDE test_faulthandler" +%endif +# some tests break in QEMU +%if 0%{?qemu_user_space_build} +EXCLUDE="$EXCLUDE test_faulthandler test_multiprocessing_forkserver test_multiprocessing_spawn test_os test_posix test_signal test_socket test_subprocess" +%endif + +# This test (part of test_uuid) requires real network interfaces +# so that ifconfig output has "HWaddr ". Some kvm instances +# done have any such interface breaking the uuid module. +EXCLUDE="$EXCLUDE test_uuid" + +# bsc#1195140 and bpo#37169 - test_capi is failing on openSUSE, and not sure why +EXCLUDE="$EXCLUDE test_capi" + +# Limit virtual memory to avoid spurious failures +if test $(ulimit -v) = unlimited || test $(ulimit -v) -gt 10000000; then + ulimit -v 11000000 || : +fi + +# test_freeze_simple_script in test.test_tools.test_freeze.TestFreeze +# uses CONFIG_ARGS to run ./configure. +export CONFIG_ARGS="--enable-ipv6 --enable-shared --with-ensurepip=no \ + --with-system-ffi --with-system-expat --with-lto --enable-optimizations \ + --with-system-libmpdec --enable-loadable-sqlite-extensions" + +export PYTHONPATH="$(pwd -P)/Lib" +# Use timeout, like make target buildbottest +# We cannot run tests parallel, because osc build environment doesn’t +# have /dev/shm +%make_build -j1 test TESTOPTS="-u curses -v -x $EXCLUDE --timeout=5400" +# use network, be verbose: +#make test TESTOPTS="-l -u network -v" +%endif + +%install +%if %{with doc} +export PDOCS=%{buildroot}%{_docdir}/python%{python_version} +mkdir -p $PDOCS +# generated docs +rm Doc/build/*/.buildinfo +cp -r Doc/build/html $PDOCS +# misc +install -d -m 755 $PDOCS/Misc +rm Misc/README.AIX +for i in Misc/* ; do + [ -f $i ] && install -c -m 644 $i $PDOCS/Misc/ +done +# devhelp +mkdir -p %{buildroot}%{_datadir}/gtk-doc/html +cp -r Doc/build/devhelp %{buildroot}%{_datadir}/gtk-doc/html/Python%{python_version} +rm -rf %{buildroot}%{_datadir}/gtk-doc/html/Python%{python_version}/.doctrees +%endif +%if %{with general} +%make_install + +# clean out stuff that is in python-base and subpackages + +find %{buildroot}%{_bindir} -mindepth 1 -not -name "*idle3*" -print -delete +rm %{buildroot}%{_libdir}/lib* +rm -r %{buildroot}%{_libdir}/pkgconfig +rm -r %{buildroot}%{_mandir}/* +rm -r %{buildroot}%{_includedir}/* + +rm -r %{buildroot}%{sitedir}/config* +find %{buildroot}%{sitedir} -name "*.egg-info" -delete +rm -r %{buildroot}%{sitedir}/__pycache__ +rm -r %{buildroot}%{sitedir}/site-packages +rm %{buildroot}%{sitedir}/*.* + +for module in \ + asyncio ctypes collections concurrent distutils email encodings \ + ensurepip html http re \ + importlib json logging multiprocessing pydoc_data unittest \ + urllib venv wsgiref lib2to3 test tomllib turtledemo \ + xml xmlrpc zoneinfo __phello__ +do + rm -r %{buildroot}%{sitedir}/$module +done + +for library in \ + array _asyncio audioop binascii _bisect _bz2 cmath _codecs_* \ + _contextvars _crypt _csv _ctypes _datetime _decimal fcntl grp \ + _hashlib _heapq _json _lsprof _lzma math mmap _multibytecodec \ + _multiprocessing _opcode ossaudiodev _pickle _posixshmem \ + _posixsubprocess _queue _random resource select _ssl _socket spwd \ + _statistics _struct syslog termios _testbuffer _testimportmultiple \ + _testmultiphase unicodedata zlib _ctypes_test _testinternalcapi _testcapi \ + _typing _testclinic xxlimited xxlimited_35 \ + _xxtestfuzz _xxsubinterpreters _elementtree pyexpat _md5 _sha1 \ + _sha256 _sha512 _blake2 _sha3 _uuid _zoneinfo +do + eval rm "%{buildroot}%{sitedir}/lib-dynload/$library.*" +done + +# Idle is not packaged in base due to the appstream-glib dependency +# move idle config into /etc +install -d -m 755 %{buildroot}%{_sysconfdir}/idle%{python_version} +( + cd %{buildroot}/%{sitedir}/idlelib/ + for file in *.def ; do + mv $file %{buildroot}%{_sysconfdir}/idle%{python_version}/ + ln -sf %{_sysconfdir}/idle%{python_version}/$file %{buildroot}/%{sitedir}/idlelib/ + done +) + +# keep just idle3.X +rm %{buildroot}%{_bindir}/idle3 + +# install idle icons +for size in 16 32 48 ; do + install -m 644 -D Lib/idlelib/Icons/idle_${size}.png \ + %{buildroot}%{_datadir}/icons/hicolor/${size}x${size}/apps/idle%{python_version}.png +done + +# install idle desktop file +cp %{SOURCE19} idle%{python_version}.desktop +sed -i -e 's:idle3:idle%{python_version}:g' idle%{python_version}.desktop +install -m 644 -D -t %{buildroot}%{_datadir}/applications idle%{python_version}.desktop + +cp %{SOURCE20} idle%{python_version}.appdata.xml +sed -i -e 's:idle3.desktop:idle%{python_version}.desktop:g' idle%{python_version}.appdata.xml +install -m 644 -D -t %{buildroot}%{_datadir}/metainfo idle%{python_version}.appdata.xml +appstream-util validate-relax --nonet %{buildroot}%{_datadir}/metainfo/idle%{python_version}.appdata.xml + +%fdupes %{buildroot}/%{_libdir}/python%{python_version} +%endif +%if %{with base} +%make_install + +# remove .a +find %{buildroot} -name "*.a" -delete + +# install "site-packages" and __pycache__ for third parties +install -d -m 755 %{buildroot}%{sitedir}/site-packages +install -d -m 755 %{buildroot}%{sitedir}/site-packages/__pycache__ +# and their 32bit counterparts explicitly +mkdir -p %{buildroot}%{_prefix}/lib/python%{python_version}/site-packages/__pycache__ + +# cleanup parts that don't belong +for dir in curses dbm sqlite3 tkinter idlelib; do + find "%{buildroot}/%{sitedir}/$dir"/* -maxdepth 0 -name "test" -o -exec rm -rf {} + +done +rm -fv %{buildroot}%{dynlib nis} + +# overwrite the copied binary with a link +ln -sf python%{python_version} %{buildroot}%{_bindir}/python3 + +# decide to ship python3 or just python3.X +%if !%{primary_interpreter} +# base +rm %{buildroot}%{_bindir}/python3 +rm %{buildroot}%{_bindir}/pydoc3 +rm %{buildroot}%{_mandir}/man1/python3.1 +# devel +rm %{buildroot}%{_bindir}/python3-config +rm %{buildroot}%{_libdir}/libpython3.so +rm %{buildroot}%{_libdir}/pkgconfig/{python3,python3-embed}.pc +%endif + +%if %{with externally_managed} +# PEP-0668 mark this as a distro maintained python +sed -e 's,__PYTHONPREFIX__,%{python_pkg_name},' -e 's,__PYTHON__,python%{python_version},' < %{SOURCE4} > %{buildroot}%{sitedir}/EXTERNALLY-MANAGED +%endif + +# link shared library instead of static library that tools expect +ln -s ../../libpython%{python_abi}.so %{buildroot}%{_libdir}/python%{python_version}/config-%{python_abi}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}/libpython%{python_abi}.so + +# delete idle3, which has to many packaging dependencies for base +rm %{buildroot}%{_bindir}/idle3* + +# delete the generic 2to3 binary if we are not primary +%if !%{primary_interpreter} +rm %{buildroot}%{_bindir}/2to3 +%endif + +# replace duplicate .pyo/.pyc with hardlinks +%fdupes %{buildroot}/%{sitedir} + +# documentation +export PDOCS=%{buildroot}%{_docdir}/%{name} +install -d -m 755 $PDOCS +install -c -m 644 %{SOURCE3} $PDOCS/ +install -c -m 644 README.rst $PDOCS/ + +# tools +for x in `find Tools/ \( -not -name Makefile \) -print | sort` ; do + test -d $x && ( install -c -m 755 -d $PDOCS/$x ) \ + || ( install -c -m 644 $x $PDOCS/$x ) +done +# gdb script is shipped with devel subpackage +rm -r $PDOCS/Tools/gdb +# clean up the bat files +find "$PDOCS" -name "*.bat" -delete + +# put gdb helper script into place +install -m 755 -D Tools/gdb/libpython.py %{buildroot}%{_datadir}/gdb/auto-load/%{_libdir}/libpython%{python_abi}.so.%{so_major}.%{so_minor}-gdb.py + +# install devel files to /config +#cp Makefile Makefile.pre.in Makefile.pre $RPM_BUILD_ROOT%%{sitedir}/config-%%{python_abi}/ + +# Remove -IVendor/ from python-config boo#1231795 +sed -i 's/-IVendor\///' %{buildroot}%{_bindir}/python%{python_abi}-config + +# RPM macros +%if %{primary_interpreter} +mkdir -p %{buildroot}%{_rpmconfigdir}/macros.d/ +install -m 644 %{SOURCE7} %{buildroot}%{_rpmconfigdir}/macros.d/ # macros.python3 +%endif + +# import_failed hooks +FAILDIR=%{buildroot}/%{sitedir}/_import_failed +mkdir $FAILDIR +install -m 644 %{SOURCE8} %{SOURCE9} $FAILDIR # import_failed.* +LD_LIBRARY_PATH=. ./python -c "from py_compile import compile; compile('$FAILDIR/import_failed.py', dfile='%{sitedir}/_import_failed/import_failed.py')" +LD_LIBRARY_PATH=. ./python -O -c "from py_compile import compile; compile('$FAILDIR/import_failed.py', dfile='%{sitedir}/_import_failed/import_failed.py')" +( + cd $FAILDIR + while read package modules; do + for module in $modules; do + ln import_failed.py $module.py + pushd __pycache__ + for i in import_failed*; do + ln $i "$module${i#import_failed}" + done + popd + done + done < %{SOURCE9} +) +echo %{sitedir}/_import_failed > %{buildroot}/%{sitedir}/site-packages/zzzz-import-failed-hooks.pth +%endif + +# For the purposes of reproducibility, it is necessary to eliminate any *.pyc files inside documentation dirs +if [ -d %{buildroot}%{_defaultdocdir} ] ; then +find %{buildroot}%{_defaultdocdir} -type f -name \*.pyc -ls -exec rm -vf '{}' \; +fi + +%if %{with general} +%files -n %{python_pkg_name}-tk +%{sitedir}/tkinter +%exclude %{sitedir}/tkinter/test +%{dynlib _tkinter} + +%files -n %{python_pkg_name}-curses +%{sitedir}/curses +%{dynlib _curses} +%{dynlib _curses_panel} + +%files -n %{python_pkg_name}-dbm +%{sitedir}/dbm +%{dynlib _dbm} +%{dynlib _gdbm} + +%files -n %{python_pkg_name} +%dir %{sitedir} +%dir %{sitedir}/lib-dynload +%{sitedir}/sqlite3 +%exclude %{sitedir}/sqlite3/test +%{dynlib readline} +%{dynlib _sqlite3} +%if 0%{?suse_version} < 1599 +%{dynlib nis} +%endif + +%files -n %{python_pkg_name}-idle +%{sitedir}/idlelib +%dir %{_sysconfdir}/idle%{python_version} +%config %{_sysconfdir}/idle%{python_version}/* +%doc Lib/idlelib/README.txt +%doc Lib/idlelib/TODO.txt +%doc Lib/idlelib/extend.txt +%doc Lib/idlelib/ChangeLog +%{_bindir}/idle%{python_version} +%{_datadir}/applications/idle%{python_version}.desktop +%{_datadir}/metainfo/idle%{python_version}.appdata.xml +%{_datadir}/icons/hicolor/*/apps/idle%{python_version}.png +%dir %{_datadir}/icons/hicolor +%dir %{_datadir}/icons/hicolor/16x16 +%dir %{_datadir}/icons/hicolor/32x32 +%dir %{_datadir}/icons/hicolor/48x48 +%dir %{_datadir}/icons/hicolor/*/apps +# endif for if general +%endif + +%if %{with doc} +%files -n %{python_pkg_name}-doc +%dir %{_docdir}/python%{python_version} +%doc %{_docdir}/python%{python_version}/Misc +%doc %{_docdir}/python%{python_version}/html + +%files -n %{python_pkg_name}-doc-devhelp +%dir %{_datadir}/gtk-doc +%dir %{_datadir}/gtk-doc/html +%doc %{_datadir}/gtk-doc/html/Python%{python_version} +%endif + +%if %{with base} +%post -n libpython%{so_version} -p /sbin/ldconfig +%postun -n libpython%{so_version} -p /sbin/ldconfig + +%files -n libpython%{so_version} +%{_libdir}/libpython%{python_abi}.so.%{so_major}.%{so_minor} + +%files -n %{python_pkg_name}-tools +%{sitedir}/turtledemo +%if %{primary_interpreter} +%{_bindir}/2to3 +%endif +%attr(755, root, root)%{_bindir}/2to3-%{python_version} +%doc %{_docdir}/%{name}/Tools + +%files -n %{python_pkg_name}-devel +%{_libdir}/libpython%{python_abi}.so +%if %{primary_interpreter} +%{_libdir}/libpython3.so +%endif +%{_libdir}/pkgconfig/* +%{_includedir}/python%{python_abi} +%{sitedir}/config-%{python_abi}-* +%{_bindir}/python%{python_abi}-config +%if %{primary_interpreter} +%{_bindir}/python3-config +%endif +# Own these directories to not depend on gdb +%dir %{_datadir}/gdb +%dir %{_datadir}/gdb/auto-load +%dir %{_datadir}/gdb/auto-load%{_prefix} +%dir %{_datadir}/gdb/auto-load%{_libdir} +%{_datadir}/gdb/auto-load/%{_libdir}/libpython%{python_abi}.so.%{so_major}.%{so_minor}-gdb.py + +%files -n %{python_pkg_name}-testsuite +%{sitedir}/test +%{sitedir}/*/test +%{sitedir}/*/tests +%{dynlib _ctypes_test} +%{dynlib _testbuffer} +%{dynlib _testcapi} +%{dynlib _testclinic} +%{dynlib _testinternalcapi} +%{dynlib _testimportmultiple} +%{dynlib _testmultiphase} +%{dynlib xxlimited} +# workaround for missing packages +%dir %{sitedir}/sqlite3 +%dir %{sitedir}/tkinter + +%files -n %{python_pkg_name}-base +# docs +%dir %{_docdir}/%{name} +%doc %{_docdir}/%{name}/README.rst +%license LICENSE +%doc %{_docdir}/%{name}/README.SUSE +%if %{primary_interpreter} +%{_mandir}/man1/python3.1%{?ext_man} +%endif +%{_mandir}/man1/python%{python_version}.1%{?ext_man} +%if %{with externally_managed} +# PEP-0668 +%{sitedir}/EXTERNALLY-MANAGED +%endif +# license text, not a doc because the code can use it at run-time +%{sitedir}/LICENSE.txt +# RPM macros +%if %{primary_interpreter} +%{_rpmconfigdir}/macros.d/macros.python3 +%endif +# binary parts +%dir %{sitedir}/lib-dynload +%{dynlib array} +%{dynlib _asyncio} +%{dynlib audioop} +%{dynlib binascii} +%{dynlib _bisect} +%{dynlib _bz2} +%{dynlib cmath} +%{dynlib _codecs_cn} +%{dynlib _codecs_hk} +%{dynlib _codecs_iso2022} +%{dynlib _codecs_jp} +%{dynlib _codecs_kr} +%{dynlib _codecs_tw} +%{dynlib _contextvars} +%{dynlib _crypt} +%{dynlib _csv} +%{dynlib _ctypes} +%{dynlib _datetime} +%{dynlib _decimal} +%{dynlib _elementtree} +%{dynlib fcntl} +%{dynlib grp} +%{dynlib _hashlib} +%{dynlib _heapq} +%{dynlib _json} +%{dynlib _lsprof} +%{dynlib _lzma} +%{dynlib math} +%{dynlib mmap} +%{dynlib _multibytecodec} +%{dynlib _multiprocessing} +%{dynlib _opcode} +%{dynlib ossaudiodev} +%{dynlib _pickle} +%{dynlib _posixshmem} +%{dynlib _posixsubprocess} +%{dynlib pyexpat} +%{dynlib _queue} +%{dynlib _random} +%{dynlib resource} +%{dynlib select} +%{dynlib _socket} +%{dynlib spwd} +%{dynlib _ssl} +%{dynlib _statistics} +%{dynlib _struct} +%{dynlib syslog} +%{dynlib termios} +%{dynlib _typing} +%{dynlib unicodedata} +%{dynlib _uuid} +%{dynlib _xxsubinterpreters} +%{dynlib _xxtestfuzz} +%{dynlib xxlimited_35} +%{dynlib zlib} +%{dynlib _zoneinfo} +# hashlib fallback modules +%{dynlib _blake2} +%{dynlib _md5} +%{dynlib _sha1} +%{dynlib _sha256} +%{dynlib _sha512} +%{dynlib _sha3} +# python parts +%dir %{_prefix}/lib/python%{python_version} +%dir %{_prefix}/lib/python%{python_version}/site-packages +%dir %{_prefix}/lib/python%{python_version}/site-packages/__pycache__ +%dir %{sitedir} +%dir %{sitedir}/site-packages +%dir %{sitedir}/site-packages/__pycache__ +%exclude %{sitedir}/*/test +%exclude %{sitedir}/*/tests +%{sitedir}/*.py +%{sitedir}/asyncio +%{sitedir}/ctypes +%{sitedir}/collections +%{sitedir}/concurrent +%{sitedir}/distutils +%{sitedir}/email +%{sitedir}/encodings +%{sitedir}/ensurepip +%{sitedir}/html +%{sitedir}/http +%{sitedir}/importlib +%{sitedir}/json +%{sitedir}/lib2to3 +%{sitedir}/logging +%{sitedir}/multiprocessing +%{sitedir}/pydoc_data +%{sitedir}/re +%{sitedir}/tomllib +%{sitedir}/unittest +%{sitedir}/urllib +%{sitedir}/venv +%{sitedir}/wsgiref +%{sitedir}/xml +%{sitedir}/xmlrpc +%{sitedir}/zoneinfo +%{sitedir}/__phello__ +%{sitedir}/__pycache__ +# import-failed hooks +%{sitedir}/_import_failed +%{sitedir}/site-packages/zzzz-import-failed-hooks.pth +# symlinks +%if %{primary_interpreter} +%{_bindir}/python3 +%{_bindir}/pydoc3 +%endif +# executables +%attr(755, root, root) %{_bindir}/pydoc%{python_version} +# %%attr(755, root, root) %%{_bindir}/python%%{python_abi} +%attr(755, root, root) %{_bindir}/python%{python_version} +# endif for if base +%endif + +%changelog diff --git a/skip-test_pyobject_freed_is_freed.patch b/skip-test_pyobject_freed_is_freed.patch new file mode 100644 index 0000000..6f48b09 --- /dev/null +++ b/skip-test_pyobject_freed_is_freed.patch @@ -0,0 +1,23 @@ +--- + Lib/test/test_capi/test_misc.py | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/Lib/test/test_capi/test_misc.py ++++ b/Lib/test/test_capi/test_misc.py +@@ -40,6 +40,8 @@ import _testinternalcapi + # Were we compiled --with-pydebug or with #define Py_DEBUG? + Py_DEBUG = hasattr(sys, 'gettotalrefcount') + ++# Which version of the SLE distro we build on? ++SLE_VERSION = int(os.environ.get('SLE_VERSION', '0'), 10) + + NULL = None + +@@ -1281,6 +1283,7 @@ class PyMemDebugTests(unittest.TestCase) + def test_pyobject_forbidden_bytes_is_freed(self): + self.check_pyobject_is_freed('check_pyobject_forbidden_bytes_is_freed') + ++ @unittest.skipIf(0 < SLE_VERSION < 150300, 'Failing on Leap 15.*') + def test_pyobject_freed_is_freed(self): + self.check_pyobject_is_freed('check_pyobject_freed_is_freed') + diff --git a/skip_if_buildbot-extend.patch b/skip_if_buildbot-extend.patch new file mode 100644 index 0000000..fd9a584 --- /dev/null +++ b/skip_if_buildbot-extend.patch @@ -0,0 +1,15 @@ +--- + Lib/test/support/__init__.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/Lib/test/support/__init__.py ++++ b/Lib/test/support/__init__.py +@@ -384,7 +384,7 @@ def skip_if_buildbot(reason=None): + if not reason: + reason = 'not suitable for buildbots' + try: +- isbuildbot = getpass.getuser().lower() == 'buildbot' ++ isbuildbot = getpass.getuser().lower() in ['buildbot', 'abuild'] + except (KeyError, EnvironmentError) as err: + warnings.warn(f'getpass.getuser() failed {err}.', RuntimeWarning) + isbuildbot = False diff --git a/skipped_tests.py b/skipped_tests.py new file mode 100644 index 0000000..47002e6 --- /dev/null +++ b/skipped_tests.py @@ -0,0 +1,69 @@ +#!/usr/bin/python3 +""" +Simple regexp-based skipped test checker. +It lists tests that are mentioned (presumably for exclusion) +in BASE, and in MAIN (presumably for inclusion) +and reports discrepancies. + +This will have a number of +""" + +MAIN = "python39.spec" + +import glob +import re +from os.path import basename + +alltests = set() +qemu_exclusions = set() + +for item in glob.glob("Python-*/Lib/test/test_*"): + testname = basename(item) + if testname.endswith(".py"): + testname = testname[:-3] + alltests.add(testname) + +testre = re.compile(r'[\s"](test_\w+)\b') + +def find_tests_in_spec(specname): + global qemu_exclusions + + found_tests = set() + with open(specname) as spec: + in_qemu = False + for line in spec: + line = line.strip() + if "#" in line: + line = line[:line.index("#")] + tests = set(testre.findall(line)) + found_tests |= tests + if line == "%if 0%{?qemu_user_space_build} > 0": + in_qemu = True + if in_qemu: + if line == "%endif": + in_qemu = False + qemu_exclusions |= tests + return found_tests + +excluded = find_tests_in_spec(MAIN) + +#print("--- excluded tests:", " ".join(sorted(excluded))) +#print("--- included tests:", " ".join(sorted(included))) + +mentioned = excluded +nonexistent = mentioned - alltests +missing = excluded - qemu_exclusions + +print("--- the following tests are excluded for QEMU and not tested in python") +print("--- (that probably means we don't need to worry about them)") +for test in sorted(qemu_exclusions - excluded): + print(test) + +print("--- the following tests might be excluded in python:") +for test in sorted(missing): + print(test) + +if nonexistent: + print("--- the following tests don't exist:") + for test in sorted(nonexistent): + print(test) diff --git a/subprocess-raise-timeout.patch b/subprocess-raise-timeout.patch new file mode 100644 index 0000000..ab29d50 --- /dev/null +++ b/subprocess-raise-timeout.patch @@ -0,0 +1,18 @@ +--- + Lib/test/test_subprocess.py | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +Index: Python-3.11.8/Lib/test/test_subprocess.py +=================================================================== +--- Python-3.11.8.orig/Lib/test/test_subprocess.py ++++ Python-3.11.8/Lib/test/test_subprocess.py +@@ -280,7 +280,8 @@ class ProcessTestCase(BaseTestCase): + "time.sleep(3600)"], + # Some heavily loaded buildbots (sparc Debian 3.x) require + # this much time to start and print. +- timeout=3) ++ # OBS might require even more ++ timeout=10) + self.fail("Expected TimeoutExpired.") + self.assertEqual(c.exception.output, b'BDFL') + -- 2.51.1 From 04b6209620c189c43c7765b29c1b0565c52034c8ebcccbc93abaad7e2ee894af Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Tue, 11 Mar 2025 06:13:03 +0000 Subject: [PATCH 113/135] Fix bug reference in the changelog OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=162 --- python311.changes | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/python311.changes b/python311.changes index 638e10e..e113225 100644 --- a/python311.changes +++ b/python311.changes @@ -1,7 +1,7 @@ ------------------------------------------------------------------- Mon Mar 10 15:44:31 UTC 2025 - Bernhard Wiedemann -- Skip PGO with %want_reproducible_builds (boo#1040589) +- Skip PGO with %want_reproducible_builds (bsc#1239210) ------------------------------------------------------------------- Tue Feb 4 14:43:13 UTC 2025 - Matej Cepl -- 2.51.1 From 578ac9ee0d2de73afbae9ad7981f4034b50ee1f444392c3466360df148be4b93 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Tue, 11 Mar 2025 06:56:33 +0000 Subject: [PATCH 114/135] Fix bug reference in the changelog OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=163 --- python311.changes | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/python311.changes b/python311.changes index e113225..5ae8f88 100644 --- a/python311.changes +++ b/python311.changes @@ -412,8 +412,9 @@ Mon Apr 8 05:44:04 UTC 2024 - Daniel Garcia - gh-60346: Fix ArgumentParser inconsistent with parse_known_args. - gh-100985: Update HTTPSConnection to consistently wrap IPv6 Addresses when using a proxy. - - gh-100884: email: fix misfolding of comma in address-lists over - multiple lines in combination with unicode encoding. + - gh-100884: email: fix misfolding of comma in address-lists + over multiple lines in combination with unicode encoding + (bsc#1238450 CVE-2025-1795) - gh-95782: Fix io.BufferedReader.tell(), io.BufferedReader.seek(), _pyio.BufferedReader.tell(), io.BufferedRandom.tell(), io.BufferedRandom.seek() and -- 2.51.1 From 6935cf305ab2e290d069e8314f9a9dcaac32fbf6a41c4fc1cd3b34ff75f67740 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Thu, 13 Mar 2025 08:01:05 +0000 Subject: [PATCH 115/135] Allow to disable PGO OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=165 --- python311.changes | 5 +++++ python311.spec | 1 - 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/python311.changes b/python311.changes index 5ae8f88..9a15ce8 100644 --- a/python311.changes +++ b/python311.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Wed Mar 12 15:05:46 UTC 2025 - Bernhard Wiedemann + +- Allow to disable PGO + ------------------------------------------------------------------- Mon Mar 10 15:44:31 UTC 2025 - Bernhard Wiedemann diff --git a/python311.spec b/python311.spec index 03cbe24..3cce41e 100644 --- a/python311.spec +++ b/python311.spec @@ -106,7 +106,6 @@ # pyexpat.cpython-35m-armv7-linux-gnueabihf # _md5.cpython-38m-x86_64-linux-gnu.so %define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so -%bcond_without profileopt Name: %{python_pkg_name}%{psuffix} Version: 3.11.11 Release: 0 -- 2.51.1 From 93c48806cff86135431e83d0e89c36c16f07856544d2d6c72544f303eff3e9e4 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Fri, 11 Apr 2025 08:56:48 +0000 Subject: [PATCH 116/135] - Update to 3.11.12: - gh-131809: Update bundled libexpat to 2.7.1 - gh-131261: Upgrade to libexpat 2.7.0 - gh-105704: When using urllib.parse.urlsplit() and urllib.parse.urlparse() host parsing would not reject domain names containing square brackets ([ and ]). Square brackets are only valid for IPv6 and IPvFuture hosts according to RFC 3986 Section 3.2.2 (bsc#1236705, CVE-2025-0938, gh#python/cpython#105704). - gh-121284: Fix bug in the folding of rfc2047 encoded-words when flattening an email message using a modern email policy. Previously when an encoded-word was too long for a line, it would be decoded, split across lines, and re-encoded. But commas and other special characters in the original text could be left unencoded and unquoted. This could theoretically be used to spoof header lines using a carefully constructed encoded-word if the resulting rendered email was transmitted or re-parsed. - gh-80222: Fix bug in the folding of quoted strings when flattening an email message using a modern email policy. Previously when a quoted string was folded so that it spanned more than one line, the surrounding quotes and internal escapes would be omitted. This could theoretically be used to spoof header lines using a carefully constructed quoted string if the resulting rendered email was transmitted or re-parsed. - gh-119511: Fix a potential denial of service in the imaplib module. When connecting to a malicious server, it could cause an arbitrary amount of memory to be allocated. On many systems this is harmless as unused virtual memory is only OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=167 --- .gitattributes | 23 + .gitignore | 1 + CVE-2023-52425-libexpat-2.6.0-backport.patch | 233 + ...-52425-remove-reparse_deferral-tests.patch | 60 + CVE-2024-9287-venv_path_unquoted.patch | 299 + CVE-2025-0938-sq-brackets-domain-names.patch | 127 + F00251-change-user-install-location.patch | 215 + PACKAGING-NOTES | 26 + Python-3.11.10.tar.xz | 3 + Python-3.11.10.tar.xz.asc | 16 + Python-3.11.11.tar.xz | 3 + Python-3.11.11.tar.xz.sigstore | 1 + Python-3.11.12.tar.xz | 3 + Python-3.11.12.tar.xz.sigstore | 1 + README.SUSE | 43 + _multibuild | 4 + add-loongarch64-support.patch | 25 + baselibs.conf | 3 + bluez-devel-vendor.tar.xz | 3 + bpo-31046_ensurepip_honours_prefix.patch | 173 + bsc1221260-test_asyncio-ResourceWarning.patch | 21 + bso1227999-reproducible-builds.patch | 37 + distutils-reproducible-compile.patch | 17 + externally_managed.in | 12 + fix_configure_rst.patch | 44 + gh120226-fix-sendfile-test-kernel-610.patch | 35 + idle3.appdata.xml | 35 + idle3.desktop | 12 + import_failed.map | 7 + import_failed.py | 23 + macros.python3 | 28 + no-skipif-doctests.patch | 653 ++ pre_checkin.sh | 78 + python-3.3.0b1-fix_date_time_compiler.patch | 27 + python-3.3.0b1-localpath.patch | 13 + python-3.3.0b1-test-posix_fadvise.patch | 17 + python.keyring | 109 + python311-rpmlintrc | 3 + python311.changes | 5570 +++++++++++++++++ python311.spec | 1059 ++++ skip-test_pyobject_freed_is_freed.patch | 23 + skip_if_buildbot-extend.patch | 15 + skipped_tests.py | 69 + subprocess-raise-timeout.patch | 18 + 44 files changed, 9187 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 CVE-2023-52425-libexpat-2.6.0-backport.patch create mode 100644 CVE-2023-52425-remove-reparse_deferral-tests.patch create mode 100644 CVE-2024-9287-venv_path_unquoted.patch create mode 100644 CVE-2025-0938-sq-brackets-domain-names.patch create mode 100644 F00251-change-user-install-location.patch create mode 100644 PACKAGING-NOTES create mode 100644 Python-3.11.10.tar.xz create mode 100644 Python-3.11.10.tar.xz.asc create mode 100644 Python-3.11.11.tar.xz create mode 100644 Python-3.11.11.tar.xz.sigstore create mode 100644 Python-3.11.12.tar.xz create mode 100644 Python-3.11.12.tar.xz.sigstore create mode 100644 README.SUSE create mode 100644 _multibuild create mode 100644 add-loongarch64-support.patch create mode 100644 baselibs.conf create mode 100644 bluez-devel-vendor.tar.xz create mode 100644 bpo-31046_ensurepip_honours_prefix.patch create mode 100644 bsc1221260-test_asyncio-ResourceWarning.patch create mode 100644 bso1227999-reproducible-builds.patch create mode 100644 distutils-reproducible-compile.patch create mode 100644 externally_managed.in create mode 100644 fix_configure_rst.patch create mode 100644 gh120226-fix-sendfile-test-kernel-610.patch create mode 100644 idle3.appdata.xml create mode 100644 idle3.desktop create mode 100644 import_failed.map create mode 100644 import_failed.py create mode 100644 macros.python3 create mode 100644 no-skipif-doctests.patch create mode 100644 pre_checkin.sh create mode 100644 python-3.3.0b1-fix_date_time_compiler.patch create mode 100644 python-3.3.0b1-localpath.patch create mode 100644 python-3.3.0b1-test-posix_fadvise.patch create mode 100644 python.keyring create mode 100644 python311-rpmlintrc create mode 100644 python311.changes create mode 100644 python311.spec create mode 100644 skip-test_pyobject_freed_is_freed.patch create mode 100644 skip_if_buildbot-extend.patch create mode 100644 skipped_tests.py create mode 100644 subprocess-raise-timeout.patch diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/CVE-2023-52425-libexpat-2.6.0-backport.patch b/CVE-2023-52425-libexpat-2.6.0-backport.patch new file mode 100644 index 0000000..1acc25a --- /dev/null +++ b/CVE-2023-52425-libexpat-2.6.0-backport.patch @@ -0,0 +1,233 @@ +--- + Lib/test/support/__init__.py | 16 ++++++++++++++-- + Lib/test/test_minidom.py | 23 +++++++++-------------- + Lib/test/test_pyexpat.py | 12 +++++------- + Lib/test/test_sax.py | 18 +++++++++--------- + Lib/test/test_xml_etree.py | 12 ------------ + 5 files changed, 37 insertions(+), 44 deletions(-) + +Index: Python-3.11.12/Lib/test/support/__init__.py +=================================================================== +--- Python-3.11.12.orig/Lib/test/support/__init__.py 2025-04-11 10:52:43.191010503 +0200 ++++ Python-3.11.12/Lib/test/support/__init__.py 2025-04-11 10:52:44.802161741 +0200 +@@ -8,6 +8,7 @@ + import functools + import os + import re ++import pyexpat + import stat + import sys + import sysconfig +@@ -56,7 +57,7 @@ + "run_with_tz", "PGO", "missing_compiler_executable", + "ALWAYS_EQ", "NEVER_EQ", "LARGEST", "SMALLEST", + "LOOPBACK_TIMEOUT", "INTERNET_TIMEOUT", "SHORT_TIMEOUT", "LONG_TIMEOUT", +- "skip_on_s390x", ++ "skip_on_s390x", "fails_with_expat_2_6_0", "is_expat_2_6_0" + ] + + +@@ -2244,6 +2245,17 @@ + } + return ignored + +-#Windows doesn't have os.uname() but it doesn't support s390x. ++ ++# Windows doesn't have os.uname() but it doesn't support s390x. + skip_on_s390x = unittest.skipIf(hasattr(os, 'uname') and os.uname().machine == 's390x', + 'skipped on s390x') ++ ++ ++@functools.lru_cache ++def _is_expat_2_6_0(): ++ return hasattr(pyexpat.ParserCreate(), 'SetReparseDeferralEnabled') ++is_expat_2_6_0 = _is_expat_2_6_0() ++ ++fails_with_expat_2_6_0 = (unittest.expectedFailure ++ if is_expat_2_6_0 ++ else lambda test: test) +Index: Python-3.11.12/Lib/test/test_minidom.py +=================================================================== +--- Python-3.11.12.orig/Lib/test/test_minidom.py 2025-04-11 10:52:21.907086938 +0200 ++++ Python-3.11.12/Lib/test/test_minidom.py 2025-04-11 10:52:44.802522893 +0200 +@@ -6,7 +6,6 @@ + from test import support + import unittest + +-import pyexpat + import xml.dom.minidom + + from xml.dom.minidom import parse, Attr, Node, Document, parseString +@@ -1163,13 +1162,11 @@ + + # Verify that character decoding errors raise exceptions instead + # of crashing +- if pyexpat.version_info >= (2, 4, 5): +- self.assertRaises(ExpatError, parseString, +- b'') +- self.assertRaises(ExpatError, parseString, +- b'Comment \xe7a va ? Tr\xe8s bien ?') +- else: +- self.assertRaises(UnicodeDecodeError, parseString, ++ # It doesn’t make any sense to insist on the exact text of the ++ # error message, or even the exact Exception … it is enough that ++ # the error has been discovered. ++ with self.assertRaises((UnicodeDecodeError, ExpatError)): ++ parseString( + b'Comment \xe7a va ? Tr\xe8s bien ?') + + doc.unlink() +@@ -1631,12 +1628,10 @@ + self.confirm(doc2.namespaceURI == xml.dom.EMPTY_NAMESPACE) + + def testExceptionOnSpacesInXMLNSValue(self): +- if pyexpat.version_info >= (2, 4, 5): +- context = self.assertRaisesRegex(ExpatError, 'syntax error') +- else: +- context = self.assertRaisesRegex(ValueError, 'Unsupported syntax') +- +- with context: ++ # It doesn’t make any sense to insist on the exact text of the ++ # error message, or even the exact Exception … it is enough that ++ # the error has been discovered. ++ with self.assertRaises((ExpatError, ValueError)): + parseString('') + + def testDocRemoveChild(self): +Index: Python-3.11.12/Lib/test/test_pyexpat.py +=================================================================== +--- Python-3.11.12.orig/Lib/test/test_pyexpat.py 2025-04-11 10:52:22.076696906 +0200 ++++ Python-3.11.12/Lib/test/test_pyexpat.py 2025-04-11 10:52:44.803228085 +0200 +@@ -14,8 +14,7 @@ + from xml.parsers import expat + from xml.parsers.expat import errors + +-from test.support import sortdict, is_emscripten, is_wasi +- ++from test.support import sortdict, is_emscripten, is_wasi, is_expat_2_6_0 + + class SetAttributeTest(unittest.TestCase): + def setUp(self): +@@ -770,9 +769,8 @@ + self.assertIs(parser.GetReparseDeferralEnabled(), enabled) + + def test_reparse_deferral_enabled(self): +- if expat.version_info < (2, 6, 0): +- self.skipTest(f'Expat {expat.version_info} does not ' +- 'support reparse deferral') ++ if not is_expat_2_6_0: ++ self.skipTest("Linked libexpat doesn't support reparse deferral") + + started = [] + +@@ -801,9 +799,9 @@ + + parser = expat.ParserCreate() + parser.StartElementHandler = start_element +- if expat.version_info >= (2, 6, 0): ++ if is_expat_2_6_0: + parser.SetReparseDeferralEnabled(False) +- self.assertFalse(parser.GetReparseDeferralEnabled()) ++ self.assertFalse(parser.GetReparseDeferralEnabled()) + + for chunk in (b''): + parser.Parse(chunk, False) +Index: Python-3.11.12/Lib/test/test_sax.py +=================================================================== +--- Python-3.11.12.orig/Lib/test/test_sax.py 2025-04-11 10:52:22.111440337 +0200 ++++ Python-3.11.12/Lib/test/test_sax.py 2025-04-11 10:52:44.803567098 +0200 +@@ -19,13 +19,11 @@ + from io import BytesIO, StringIO + import codecs + import os.path +-import pyexpat + import shutil + import sys + from urllib.error import URLError + import urllib.request +-from test.support import os_helper +-from test.support import findfile ++from test.support import os_helper, findfile, is_expat_2_6_0 + from test.support.os_helper import FakePath, TESTFN + + +@@ -1215,10 +1213,10 @@ + + self.assertEqual(result.getvalue(), start + b"text") + +- @unittest.skipIf(pyexpat.version_info < (2, 6, 0), +- f'Expat {pyexpat.version_info} does not ' +- 'support reparse deferral') + def test_flush_reparse_deferral_enabled(self): ++ if not is_expat_2_6_0: ++ self.skipTest("Linked libexpat doesn't support reparse deferral") ++ + result = BytesIO() + xmlgen = XMLGenerator(result) + parser = create_parser() +@@ -1241,6 +1239,9 @@ + self.assertEqual(result.getvalue(), start + b"") + + def test_flush_reparse_deferral_disabled(self): ++ if not is_expat_2_6_0: ++ self.skipTest("Linked libexpat doesn't support reparse deferral") ++ + result = BytesIO() + xmlgen = XMLGenerator(result) + parser = create_parser() +@@ -1249,9 +1250,8 @@ + for chunk in (""): + parser.feed(chunk) + +- if pyexpat.version_info >= (2, 6, 0): +- parser._parser.SetReparseDeferralEnabled(False) +- self.assertEqual(result.getvalue(), start) # i.e. no elements started ++ parser._parser.SetReparseDeferralEnabled(False) ++ self.assertEqual(result.getvalue(), start) # i.e. no elements started + + self.assertFalse(parser._parser.GetReparseDeferralEnabled()) + +Index: Python-3.11.12/Lib/test/test_xml_etree.py +=================================================================== +--- Python-3.11.12.orig/Lib/test/test_xml_etree.py 2025-04-11 10:52:22.425637912 +0200 ++++ Python-3.11.12/Lib/test/test_xml_etree.py 2025-04-11 10:52:44.804234785 +0200 +@@ -13,7 +13,6 @@ + import operator + import os + import pickle +-import pyexpat + import sys + import textwrap + import types +@@ -1424,12 +1423,6 @@ + self.assert_event_tags(parser, [('end', 'root')]) + self.assertIsNone(parser.close()) + +- def test_simple_xml_chunk_1(self): +- self.test_simple_xml(chunk_size=1, flush=True) +- +- def test_simple_xml_chunk_5(self): +- self.test_simple_xml(chunk_size=5, flush=True) +- + def test_simple_xml_chunk_22(self): + self.test_simple_xml(chunk_size=22) + +@@ -1627,9 +1620,6 @@ + with self.assertRaises(ValueError): + ET.XMLPullParser(events=('start', 'end', 'bogus')) + +- @unittest.skipIf(pyexpat.version_info < (2, 6, 0), +- f'Expat {pyexpat.version_info} does not ' +- 'support reparse deferral') + def test_flush_reparse_deferral_enabled(self): + parser = ET.XMLPullParser(events=('start', 'end')) + +@@ -1656,8 +1646,6 @@ + + for chunk in (""): + parser.feed(chunk) +- +- if pyexpat.version_info >= (2, 6, 0): + if not ET is pyET: + self.skipTest(f'XMLParser.(Get|Set)ReparseDeferralEnabled ' + 'methods not available in C') diff --git a/CVE-2023-52425-remove-reparse_deferral-tests.patch b/CVE-2023-52425-remove-reparse_deferral-tests.patch new file mode 100644 index 0000000..553bdf8 --- /dev/null +++ b/CVE-2023-52425-remove-reparse_deferral-tests.patch @@ -0,0 +1,60 @@ +--- + Lib/test/test_pyexpat.py | 2 ++ + Lib/test/test_sax.py | 2 ++ + Lib/test/test_xml_etree.py | 2 ++ + 3 files changed, 6 insertions(+) + +--- a/Lib/test/test_pyexpat.py ++++ b/Lib/test/test_pyexpat.py +@@ -768,6 +768,7 @@ class ReparseDeferralTest(unittest.TestC + parser.SetReparseDeferralEnabled(True) + self.assertIs(parser.GetReparseDeferralEnabled(), enabled) + ++ @unittest.skip('Tests are failing.') + def test_reparse_deferral_enabled(self): + if not is_expat_2_6_0: + self.skipTest("Linked libexpat doesn't support reparse deferral") +@@ -791,6 +792,7 @@ class ReparseDeferralTest(unittest.TestC + + self.assertEqual(started, ['doc']) + ++ @unittest.skip('Tests are failing.') + def test_reparse_deferral_disabled(self): + started = [] + +--- a/Lib/test/test_sax.py ++++ b/Lib/test/test_sax.py +@@ -1213,6 +1213,7 @@ class ExpatReaderTest(XmlTestBase): + + self.assertEqual(result.getvalue(), start + b"text") + ++ @unittest.skip('Tests are failing.') + def test_flush_reparse_deferral_enabled(self): + if not is_expat_2_6_0: + self.skipTest("Linked libexpat doesn't support reparse deferral") +@@ -1238,6 +1239,7 @@ class ExpatReaderTest(XmlTestBase): + + self.assertEqual(result.getvalue(), start + b"") + ++ @unittest.skip('Tests are failing.') + def test_flush_reparse_deferral_disabled(self): + if not is_expat_2_6_0: + self.skipTest("Linked libexpat doesn't support reparse deferral") +--- a/Lib/test/test_xml_etree.py ++++ b/Lib/test/test_xml_etree.py +@@ -1620,6 +1620,7 @@ class XMLPullParserTest(unittest.TestCas + with self.assertRaises(ValueError): + ET.XMLPullParser(events=('start', 'end', 'bogus')) + ++ @unittest.skip('Tests are failing.') + def test_flush_reparse_deferral_enabled(self): + parser = ET.XMLPullParser(events=('start', 'end')) + +@@ -1641,6 +1642,7 @@ class XMLPullParserTest(unittest.TestCas + + self.assert_event_tags(parser, [('end', 'doc')]) + ++ @unittest.skip('Tests are failing.') + def test_flush_reparse_deferral_disabled(self): + parser = ET.XMLPullParser(events=('start', 'end')) + diff --git a/CVE-2024-9287-venv_path_unquoted.patch b/CVE-2024-9287-venv_path_unquoted.patch new file mode 100644 index 0000000..541a907 --- /dev/null +++ b/CVE-2024-9287-venv_path_unquoted.patch @@ -0,0 +1,299 @@ +From 1408cc9bf9e8b19968761548c30b78d37074c21c Mon Sep 17 00:00:00 2001 +From: Y5 <124019959+y5c4l3@users.noreply.github.com> +Date: Tue, 22 Oct 2024 04:48:04 +0800 +Subject: [PATCH] gh-124651: Quote template strings in `venv` activation + scripts (GH-124712) + +This patch properly quotes template strings in `venv` activation +scripts. This mitigates potential command injection. + +(cherry picked from commit d48cc82ed25e26b02eb97c6263d95dcaa1e9111b) +--- + Lib/test/test_venv.py | 81 ++++++++++ + Lib/venv/__init__.py | 42 ++++- + Lib/venv/scripts/common/activate | 8 + Lib/venv/scripts/nt/activate.bat | 6 + Lib/venv/scripts/posix/activate.csh | 8 + Lib/venv/scripts/posix/activate.fish | 8 + Misc/NEWS.d/next/Library/2024-09-28-02-03-04.gh-issue-124651.bLBGtH.rst | 1 + 7 files changed, 134 insertions(+), 20 deletions(-) + create mode 100644 Misc/NEWS.d/next/Library/2024-09-28-02-03-04.gh-issue-124651.bLBGtH.rst + +--- a/Lib/test/test_venv.py ++++ b/Lib/test/test_venv.py +@@ -11,6 +11,7 @@ import os + import os.path + import pathlib + import re ++import shlex + import shutil + import struct + import subprocess +@@ -96,6 +97,10 @@ class BaseTest(unittest.TestCase): + result = f.read() + return result + ++ def assertEndsWith(self, string, tail): ++ if not string.endswith(tail): ++ self.fail(f"String {string!r} does not end with {tail!r}") ++ + class BasicTest(BaseTest): + """Test venv module functionality.""" + +@@ -446,6 +451,82 @@ class BasicTest(BaseTest): + 'import sys; print(sys.executable)']) + self.assertEqual(out.strip(), envpy.encode()) + ++ # gh-124651: test quoted strings ++ @unittest.skipIf(os.name == 'nt', 'contains invalid characters on Windows') ++ def test_special_chars_bash(self): ++ """ ++ Test that the template strings are quoted properly (bash) ++ """ ++ rmtree(self.env_dir) ++ bash = shutil.which('bash') ++ if bash is None: ++ self.skipTest('bash required for this test') ++ env_name = '"\';&&$e|\'"' ++ env_dir = os.path.join(os.path.realpath(self.env_dir), env_name) ++ builder = venv.EnvBuilder(clear=True) ++ builder.create(env_dir) ++ activate = os.path.join(env_dir, self.bindir, 'activate') ++ test_script = os.path.join(self.env_dir, 'test_special_chars.sh') ++ with open(test_script, "w") as f: ++ f.write(f'source {shlex.quote(activate)}\n' ++ 'python -c \'import sys; print(sys.executable)\'\n' ++ 'python -c \'import os; print(os.environ["VIRTUAL_ENV"])\'\n' ++ 'deactivate\n') ++ out, err = check_output([bash, test_script]) ++ lines = out.splitlines() ++ self.assertTrue(env_name.encode() in lines[0]) ++ self.assertEndsWith(lines[1], env_name.encode()) ++ ++ # gh-124651: test quoted strings ++ @unittest.skipIf(os.name == 'nt', 'contains invalid characters on Windows') ++ def test_special_chars_csh(self): ++ """ ++ Test that the template strings are quoted properly (csh) ++ """ ++ rmtree(self.env_dir) ++ csh = shutil.which('tcsh') or shutil.which('csh') ++ if csh is None: ++ self.skipTest('csh required for this test') ++ env_name = '"\';&&$e|\'"' ++ env_dir = os.path.join(os.path.realpath(self.env_dir), env_name) ++ builder = venv.EnvBuilder(clear=True) ++ builder.create(env_dir) ++ activate = os.path.join(env_dir, self.bindir, 'activate.csh') ++ test_script = os.path.join(self.env_dir, 'test_special_chars.csh') ++ with open(test_script, "w") as f: ++ f.write(f'source {shlex.quote(activate)}\n' ++ 'python -c \'import sys; print(sys.executable)\'\n' ++ 'python -c \'import os; print(os.environ["VIRTUAL_ENV"])\'\n' ++ 'deactivate\n') ++ out, err = check_output([csh, test_script]) ++ lines = out.splitlines() ++ self.assertTrue(env_name.encode() in lines[0]) ++ self.assertEndsWith(lines[1], env_name.encode()) ++ ++ # gh-124651: test quoted strings on Windows ++ @unittest.skipUnless(os.name == 'nt', 'only relevant on Windows') ++ def test_special_chars_windows(self): ++ """ ++ Test that the template strings are quoted properly on Windows ++ """ ++ rmtree(self.env_dir) ++ env_name = "'&&^$e" ++ env_dir = os.path.join(os.path.realpath(self.env_dir), env_name) ++ builder = venv.EnvBuilder(clear=True) ++ builder.create(env_dir) ++ activate = os.path.join(env_dir, self.bindir, 'activate.bat') ++ test_batch = os.path.join(self.env_dir, 'test_special_chars.bat') ++ with open(test_batch, "w") as f: ++ f.write('@echo off\n' ++ f'"{activate}" & ' ++ f'{self.exe} -c "import sys; print(sys.executable)" & ' ++ f'{self.exe} -c "import os; print(os.environ[\'VIRTUAL_ENV\'])" & ' ++ 'deactivate') ++ out, err = check_output([test_batch]) ++ lines = out.splitlines() ++ self.assertTrue(env_name.encode() in lines[0]) ++ self.assertEndsWith(lines[1], env_name.encode()) ++ + @unittest.skipUnless(os.name == 'nt', 'only relevant on Windows') + def test_unicode_in_batch_file(self): + """ +--- a/Lib/venv/__init__.py ++++ b/Lib/venv/__init__.py +@@ -11,6 +11,7 @@ import subprocess + import sys + import sysconfig + import types ++import shlex + + + CORE_VENV_DEPS = ('pip', 'setuptools') +@@ -394,11 +395,41 @@ class EnvBuilder: + :param context: The information for the environment creation request + being processed. + """ +- text = text.replace('__VENV_DIR__', context.env_dir) +- text = text.replace('__VENV_NAME__', context.env_name) +- text = text.replace('__VENV_PROMPT__', context.prompt) +- text = text.replace('__VENV_BIN_NAME__', context.bin_name) +- text = text.replace('__VENV_PYTHON__', context.env_exe) ++ replacements = { ++ '__VENV_DIR__': context.env_dir, ++ '__VENV_NAME__': context.env_name, ++ '__VENV_PROMPT__': context.prompt, ++ '__VENV_BIN_NAME__': context.bin_name, ++ '__VENV_PYTHON__': context.env_exe, ++ } ++ ++ def quote_ps1(s): ++ """ ++ This should satisfy PowerShell quoting rules [1], unless the quoted ++ string is passed directly to Windows native commands [2]. ++ [1]: https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_quoting_rules ++ [2]: https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_parsing#passing-arguments-that-contain-quote-characters ++ """ ++ s = s.replace("'", "''") ++ return f"'{s}'" ++ ++ def quote_bat(s): ++ return s ++ ++ # gh-124651: need to quote the template strings properly ++ quote = shlex.quote ++ script_path = context.script_path ++ if script_path.endswith('.ps1'): ++ quote = quote_ps1 ++ elif script_path.endswith('.bat'): ++ quote = quote_bat ++ else: ++ # fallbacks to POSIX shell compliant quote ++ quote = shlex.quote ++ ++ replacements = {key: quote(s) for key, s in replacements.items()} ++ for key, quoted in replacements.items(): ++ text = text.replace(key, quoted) + return text + + def install_scripts(self, context, path): +@@ -438,6 +469,7 @@ class EnvBuilder: + with open(srcfile, 'rb') as f: + data = f.read() + if not srcfile.endswith(('.exe', '.pdb')): ++ context.script_path = srcfile + try: + data = data.decode('utf-8') + data = self.replace_variables(data, context) +--- a/Lib/venv/scripts/common/activate ++++ b/Lib/venv/scripts/common/activate +@@ -35,11 +35,11 @@ deactivate () { + # unset irrelevant variables + deactivate nondestructive + +-VIRTUAL_ENV="__VENV_DIR__" ++VIRTUAL_ENV=__VENV_DIR__ + export VIRTUAL_ENV + + _OLD_VIRTUAL_PATH="$PATH" +-PATH="$VIRTUAL_ENV/__VENV_BIN_NAME__:$PATH" ++PATH="$VIRTUAL_ENV/"__VENV_BIN_NAME__":$PATH" + export PATH + + # unset PYTHONHOME if set +@@ -52,9 +52,9 @@ fi + + if [ -z "${VIRTUAL_ENV_DISABLE_PROMPT:-}" ] ; then + _OLD_VIRTUAL_PS1="${PS1:-}" +- PS1="__VENV_PROMPT__${PS1:-}" ++ PS1=__VENV_PROMPT__"${PS1:-}" + export PS1 +- VIRTUAL_ENV_PROMPT="__VENV_PROMPT__" ++ VIRTUAL_ENV_PROMPT=__VENV_PROMPT__ + export VIRTUAL_ENV_PROMPT + fi + +--- a/Lib/venv/scripts/nt/activate.bat ++++ b/Lib/venv/scripts/nt/activate.bat +@@ -8,7 +8,7 @@ if defined _OLD_CODEPAGE ( + "%SystemRoot%\System32\chcp.com" 65001 > nul + ) + +-set VIRTUAL_ENV=__VENV_DIR__ ++set "VIRTUAL_ENV=__VENV_DIR__" + + if not defined PROMPT set PROMPT=$P$G + +@@ -24,8 +24,8 @@ set PYTHONHOME= + if defined _OLD_VIRTUAL_PATH set PATH=%_OLD_VIRTUAL_PATH% + if not defined _OLD_VIRTUAL_PATH set _OLD_VIRTUAL_PATH=%PATH% + +-set PATH=%VIRTUAL_ENV%\__VENV_BIN_NAME__;%PATH% +-set VIRTUAL_ENV_PROMPT=__VENV_PROMPT__ ++set "PATH=%VIRTUAL_ENV%\__VENV_BIN_NAME__;%PATH%" ++set "VIRTUAL_ENV_PROMPT=__VENV_PROMPT__" + + :END + if defined _OLD_CODEPAGE ( +--- a/Lib/venv/scripts/posix/activate.csh ++++ b/Lib/venv/scripts/posix/activate.csh +@@ -8,17 +8,17 @@ alias deactivate 'test $?_OLD_VIRTUAL_PA + # Unset irrelevant variables. + deactivate nondestructive + +-setenv VIRTUAL_ENV "__VENV_DIR__" ++setenv VIRTUAL_ENV __VENV_DIR__ + + set _OLD_VIRTUAL_PATH="$PATH" +-setenv PATH "$VIRTUAL_ENV/__VENV_BIN_NAME__:$PATH" ++setenv PATH "$VIRTUAL_ENV/"__VENV_BIN_NAME__":$PATH" + + + set _OLD_VIRTUAL_PROMPT="$prompt" + + if (! "$?VIRTUAL_ENV_DISABLE_PROMPT") then +- set prompt = "__VENV_PROMPT__$prompt" +- setenv VIRTUAL_ENV_PROMPT "__VENV_PROMPT__" ++ set prompt = __VENV_PROMPT__"$prompt" ++ setenv VIRTUAL_ENV_PROMPT __VENV_PROMPT__ + endif + + alias pydoc python -m pydoc +--- a/Lib/venv/scripts/posix/activate.fish ++++ b/Lib/venv/scripts/posix/activate.fish +@@ -33,10 +33,10 @@ end + # Unset irrelevant variables. + deactivate nondestructive + +-set -gx VIRTUAL_ENV "__VENV_DIR__" ++set -gx VIRTUAL_ENV __VENV_DIR__ + + set -gx _OLD_VIRTUAL_PATH $PATH +-set -gx PATH "$VIRTUAL_ENV/__VENV_BIN_NAME__" $PATH ++set -gx PATH "$VIRTUAL_ENV/"__VENV_BIN_NAME__ $PATH + + # Unset PYTHONHOME if set. + if set -q PYTHONHOME +@@ -56,7 +56,7 @@ if test -z "$VIRTUAL_ENV_DISABLE_PROMPT" + set -l old_status $status + + # Output the venv prompt; color taken from the blue of the Python logo. +- printf "%s%s%s" (set_color 4B8BBE) "__VENV_PROMPT__" (set_color normal) ++ printf "%s%s%s" (set_color 4B8BBE) __VENV_PROMPT__ (set_color normal) + + # Restore the return status of the previous command. + echo "exit $old_status" | . +@@ -65,5 +65,5 @@ if test -z "$VIRTUAL_ENV_DISABLE_PROMPT" + end + + set -gx _OLD_FISH_PROMPT_OVERRIDE "$VIRTUAL_ENV" +- set -gx VIRTUAL_ENV_PROMPT "__VENV_PROMPT__" ++ set -gx VIRTUAL_ENV_PROMPT __VENV_PROMPT__ + end +--- /dev/null ++++ b/Misc/NEWS.d/next/Library/2024-09-28-02-03-04.gh-issue-124651.bLBGtH.rst +@@ -0,0 +1 @@ ++Properly quote template strings in :mod:`venv` activation scripts. diff --git a/CVE-2025-0938-sq-brackets-domain-names.patch b/CVE-2025-0938-sq-brackets-domain-names.patch new file mode 100644 index 0000000..7db4656 --- /dev/null +++ b/CVE-2025-0938-sq-brackets-domain-names.patch @@ -0,0 +1,127 @@ +From d91e2c740890837edafaee24d68112b776cda9c5 Mon Sep 17 00:00:00 2001 +From: Seth Michael Larson +Date: Fri, 31 Jan 2025 11:41:34 -0600 +Subject: [PATCH] gh-105704: Disallow square brackets (`[` and `]`) in domain + names for parsed URLs (GH-129418) + +* gh-105704: Disallow square brackets ( and ) in domain names for parsed URLs + +* Use Sphinx references + +Co-authored-by: Peter Bierma + +* Add mismatched bracket test cases, fix news format + +* Add more test coverage for ports + +--------- + +(cherry picked from commit d89a5f6a6e65511a5f6e0618c4c30a7aa5aba56a) + +Co-authored-by: Seth Michael Larson +Co-authored-by: Peter Bierma +--- + Lib/test/test_urlparse.py | 37 +++++++++- + Lib/urllib/parse.py | 20 ++++- + Misc/NEWS.d/next/Security/2025-01-28-14-08-03.gh-issue-105704.EnhHxu.rst | 4 + + 3 files changed, 58 insertions(+), 3 deletions(-) + create mode 100644 Misc/NEWS.d/next/Security/2025-01-28-14-08-03.gh-issue-105704.EnhHxu.rst + +--- a/Lib/test/test_urlparse.py ++++ b/Lib/test/test_urlparse.py +@@ -1224,16 +1224,51 @@ class UrlParseTestCase(unittest.TestCase + self.assertRaises(ValueError, urllib.parse.urlsplit, 'Scheme://user@[0439:23af::2309::fae7:1234]/Path?Query') + self.assertRaises(ValueError, urllib.parse.urlsplit, 'Scheme://user@[0439:23af:2309::fae7:1234:2342:438e:192.0.2.146]/Path?Query') + self.assertRaises(ValueError, urllib.parse.urlsplit, 'Scheme://user@]v6a.ip[/Path') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[v6a.ip]') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[v6a.ip].suffix') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[v6a.ip]/') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[v6a.ip].suffix/') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[v6a.ip]?') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[v6a.ip].suffix?') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]/') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix/') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]?') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix?') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]:a') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix:a') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]:a1') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix:a1') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]:1a') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix:1a') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]:') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix:/') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]:?') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://user@prefix.[v6a.ip]') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://user@[v6a.ip].suffix') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[v6a.ip') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://v6a.ip]') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://]v6a.ip[') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://]v6a.ip') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://v6a.ip[') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[v6a.ip') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://v6a.ip].suffix') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix]v6a.ip[suffix') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix]v6a.ip') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://v6a.ip[suffix') + + def test_splitting_bracketed_hosts(self): +- p1 = urllib.parse.urlsplit('scheme://user@[v6a.ip]/path?query') ++ p1 = urllib.parse.urlsplit('scheme://user@[v6a.ip]:1234/path?query') + self.assertEqual(p1.hostname, 'v6a.ip') + self.assertEqual(p1.username, 'user') + self.assertEqual(p1.path, '/path') ++ self.assertEqual(p1.port, 1234) + p2 = urllib.parse.urlsplit('scheme://user@[0439:23af:2309::fae7%test]/path?query') + self.assertEqual(p2.hostname, '0439:23af:2309::fae7%test') + self.assertEqual(p2.username, 'user') + self.assertEqual(p2.path, '/path') ++ self.assertIs(p2.port, None) + p3 = urllib.parse.urlsplit('scheme://user@[0439:23af:2309::fae7:1234:192.0.2.146%test]/path?query') + self.assertEqual(p3.hostname, '0439:23af:2309::fae7:1234:192.0.2.146%test') + self.assertEqual(p3.username, 'user') +--- a/Lib/urllib/parse.py ++++ b/Lib/urllib/parse.py +@@ -436,6 +436,23 @@ def _checknetloc(netloc): + raise ValueError("netloc '" + netloc + "' contains invalid " + + "characters under NFKC normalization") + ++def _check_bracketed_netloc(netloc): ++ # Note that this function must mirror the splitting ++ # done in NetlocResultMixins._hostinfo(). ++ hostname_and_port = netloc.rpartition('@')[2] ++ before_bracket, have_open_br, bracketed = hostname_and_port.partition('[') ++ if have_open_br: ++ # No data is allowed before a bracket. ++ if before_bracket: ++ raise ValueError("Invalid IPv6 URL") ++ hostname, _, port = bracketed.partition(']') ++ # No data is allowed after the bracket but before the port delimiter. ++ if port and not port.startswith(":"): ++ raise ValueError("Invalid IPv6 URL") ++ else: ++ hostname, _, port = hostname_and_port.partition(':') ++ _check_bracketed_host(hostname) ++ + # Valid bracketed hosts are defined in + # https://www.rfc-editor.org/rfc/rfc3986#page-49 and https://url.spec.whatwg.org/ + def _check_bracketed_host(hostname): +@@ -496,8 +513,7 @@ def urlsplit(url, scheme='', allow_fragm + (']' in netloc and '[' not in netloc)): + raise ValueError("Invalid IPv6 URL") + if '[' in netloc and ']' in netloc: +- bracketed_host = netloc.partition('[')[2].partition(']')[0] +- _check_bracketed_host(bracketed_host) ++ _check_bracketed_netloc(netloc) + if allow_fragments and '#' in url: + url, fragment = url.split('#', 1) + if '?' in url: +--- /dev/null ++++ b/Misc/NEWS.d/next/Security/2025-01-28-14-08-03.gh-issue-105704.EnhHxu.rst +@@ -0,0 +1,4 @@ ++When using :func:`urllib.parse.urlsplit` and :func:`urllib.parse.urlparse` host ++parsing would not reject domain names containing square brackets (``[`` and ++``]``). Square brackets are only valid for IPv6 and IPvFuture hosts according to ++`RFC 3986 Section 3.2.2 `__. diff --git a/F00251-change-user-install-location.patch b/F00251-change-user-install-location.patch new file mode 100644 index 0000000..fa38a94 --- /dev/null +++ b/F00251-change-user-install-location.patch @@ -0,0 +1,215 @@ +From 910f38d9768d39d4d31426743ae4081ed1ab66b6 Mon Sep 17 00:00:00 2001 +From: Michal Cyprian +Date: Mon, 26 Jun 2017 16:32:56 +0200 +Subject: [PATCH] 00251: Change user install location + +Set values of prefix and exec_prefix in distutils install command +to /usr/local if executable is /usr/bin/python* and RPM build +is not detected to make pip and distutils install into separate location. + +Fedora Change: https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe +--- + Lib/distutils/command/install.py | 15 +++++++++++++-- + Lib/site.py | 9 ++++++++- + 2 files changed, 21 insertions(+), 3 deletions(-) + +Index: Python-3.11.8/Lib/distutils/command/install.py +=================================================================== +--- Python-3.11.8.orig/Lib/distutils/command/install.py ++++ Python-3.11.8/Lib/distutils/command/install.py +@@ -441,8 +441,19 @@ class install(Command): + raise DistutilsOptionError( + "must not supply exec-prefix without prefix") + +- self.prefix = os.path.normpath(sys.prefix) +- self.exec_prefix = os.path.normpath(sys.exec_prefix) ++ # self.prefix is set to sys.prefix + /local/ ++ # if neither RPM build nor virtual environment is ++ # detected to make pip and distutils install packages ++ # into the separate location. ++ if (not (hasattr(sys, 'real_prefix') or ++ sys.prefix != sys.base_prefix) and ++ 'RPM_BUILD_ROOT' not in os.environ): ++ addition = "/local" ++ else: ++ addition = "" ++ ++ self.prefix = os.path.normpath(sys.prefix) + addition ++ self.exec_prefix = os.path.normpath(sys.exec_prefix) + addition + + else: + if self.exec_prefix is None: +Index: Python-3.11.8/Lib/site.py +=================================================================== +--- Python-3.11.8.orig/Lib/site.py ++++ Python-3.11.8/Lib/site.py +@@ -387,8 +387,15 @@ def getsitepackages(prefixes=None): + return sitepackages + + def addsitepackages(known_paths, prefixes=None): +- """Add site-packages to sys.path""" ++ """Add site-packages to sys.path ++ ++ '/usr/local' is included in PREFIXES if RPM build is not detected ++ to make packages installed into this location visible. ++ ++ """ + _trace("Processing global site-packages") ++ if ENABLE_USER_SITE and 'RPM_BUILD_ROOT' not in os.environ: ++ PREFIXES.insert(0, "/usr/local") + for sitedir in getsitepackages(prefixes): + if os.path.isdir(sitedir): + addsitedir(sitedir, known_paths) + +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= +Date: Mon, 15 Feb 2021 12:19:27 +0100 +Subject: [PATCH] 00251: Change user install location +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Set values of base and platbase in sysconfig from /usr +to /usr/local when RPM build is not detected +to make pip and similar tools install into separate location. + +Fedora Change: https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe +Downstream only. + +We've tried to rework in Fedora 36/Python 3.10 to follow https://bugs.python.org/issue43976 +but we have identified serious problems with that approach, +see https://bugzilla.redhat.com/2026979 or https://bugzilla.redhat.com/2097183 + +pypa/distutils integration: https://github.com/pypa/distutils/pull/70 + +Co-authored-by: Petr Viktorin +Co-authored-by: Miro Hrončok +Co-authored-by: Michal Cyprian +Co-authored-by: Lumír Balhar +--- + Lib/site.py | 9 ++++++- + Lib/sysconfig.py | 49 +++++++++++++++++++++++++++++++++++++- + Lib/test/test_sysconfig.py | 17 +++++++++++-- + 3 files changed, 71 insertions(+), 4 deletions(-) + +Index: Python-3.11.9/Lib/sysconfig.py +=================================================================== +--- Python-3.11.9.orig/Lib/sysconfig.py ++++ Python-3.11.9/Lib/sysconfig.py +@@ -103,6 +103,11 @@ if os.name == 'nt': + else: + _INSTALL_SCHEMES['venv'] = _INSTALL_SCHEMES['posix_venv'] + ++# For a brief period of time in the Fedora 36 life cycle, ++# this installation scheme existed and was documented in the release notes. ++# For backwards compatibility, we keep it here (at least on 3.10 and 3.11). ++_INSTALL_SCHEMES['rpm_prefix'] = _INSTALL_SCHEMES['posix_prefix'] ++ + + # NOTE: site.py has copy of this function. + # Sync it when modify this function. +@@ -162,6 +167,19 @@ if _HAS_USER_BASE: + }, + } + ++# This is used by distutils.command.install in the stdlib ++# as well as pypa/distutils (e.g. bundled in setuptools). ++# The self.prefix value is set to sys.prefix + /local/ ++# if neither RPM build nor virtual environment is ++# detected to make distutils install packages ++# into the separate location. ++# https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe ++if (not (hasattr(sys, 'real_prefix') or ++ sys.prefix != sys.base_prefix) and ++ 'RPM_BUILD_ROOT' not in os.environ): ++ _prefix_addition = '/local' ++ ++ + _SCHEME_KEYS = ('stdlib', 'platstdlib', 'purelib', 'platlib', 'include', + 'scripts', 'data') + +@@ -258,11 +276,40 @@ def _extend_dict(target_dict, other_dict + target_dict[key] = value + + ++_CONFIG_VARS_LOCAL = None ++ ++ ++def _config_vars_local(): ++ # This function returns the config vars with prefixes amended to /usr/local ++ # https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe ++ global _CONFIG_VARS_LOCAL ++ if _CONFIG_VARS_LOCAL is None: ++ _CONFIG_VARS_LOCAL = dict(get_config_vars()) ++ _CONFIG_VARS_LOCAL['base'] = '/usr/local' ++ _CONFIG_VARS_LOCAL['platbase'] = '/usr/local' ++ return _CONFIG_VARS_LOCAL ++ ++ + def _expand_vars(scheme, vars): + res = {} + if vars is None: + vars = {} +- _extend_dict(vars, get_config_vars()) ++ ++ # when we are not in a virtual environment or an RPM build ++ # we change '/usr' to '/usr/local' ++ # to avoid surprises, we explicitly check for the /usr/ prefix ++ # Python virtual environments have different prefixes ++ # we only do this for posix_prefix, not to mangle the venv scheme ++ # posix_prefix is used by sudo pip install ++ # we only change the defaults here, so explicit --prefix will take precedence ++ # https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe ++ if (scheme == 'posix_prefix' and ++ _PREFIX == '/usr' and ++ 'RPM_BUILD_ROOT' not in os.environ): ++ _extend_dict(vars, _config_vars_local()) ++ else: ++ _extend_dict(vars, get_config_vars()) ++ + if os.name == 'nt': + # On Windows we want to substitute 'lib' for schemes rather + # than the native value (without modifying vars, in case it +Index: Python-3.11.9/Lib/test/test_sysconfig.py +=================================================================== +--- Python-3.11.9.orig/Lib/test/test_sysconfig.py ++++ Python-3.11.9/Lib/test/test_sysconfig.py +@@ -111,8 +111,19 @@ class TestSysConfig(unittest.TestCase): + for scheme in _INSTALL_SCHEMES: + for name in _INSTALL_SCHEMES[scheme]: + expected = _INSTALL_SCHEMES[scheme][name].format(**config_vars) ++ tested = get_path(name, scheme) ++ # https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe ++ if tested.startswith('/usr/local'): ++ # /usr/local should only be used in posix_prefix ++ self.assertEqual(scheme, 'posix_prefix') ++ # Fedora CI runs tests for venv and virtualenv that check for other prefixes ++ self.assertEqual(sys.prefix, '/usr') ++ # When building the RPM of Python, %check runs this with RPM_BUILD_ROOT set ++ # Fedora CI runs this with RPM_BUILD_ROOT unset ++ self.assertNotIn('RPM_BUILD_ROOT', os.environ) ++ tested = tested.replace('/usr/local', '/usr') + self.assertEqual( +- os.path.normpath(get_path(name, scheme)), ++ os.path.normpath(tested), + os.path.normpath(expected), + ) + +@@ -345,7 +356,7 @@ class TestSysConfig(unittest.TestCase): + self.assertTrue(os.path.isfile(config_h), config_h) + + def test_get_scheme_names(self): +- wanted = ['nt', 'posix_home', 'posix_prefix', 'posix_venv', 'nt_venv', 'venv'] ++ wanted = ['nt', 'posix_home', 'posix_prefix', 'posix_venv', 'nt_venv', 'venv', 'rpm_prefix'] + if HAS_USER_BASE: + wanted.extend(['nt_user', 'osx_framework_user', 'posix_user']) + self.assertEqual(get_scheme_names(), tuple(sorted(wanted))) +@@ -357,6 +368,8 @@ class TestSysConfig(unittest.TestCase): + cmd = "-c", "import sysconfig; print(sysconfig.get_platform())" + self.assertEqual(py.call_real(*cmd), py.call_link(*cmd)) + ++ @unittest.skipIf('RPM_BUILD_ROOT' not in os.environ, ++ "Test doesn't expect Fedora's paths") + def test_user_similar(self): + # Issue #8759: make sure the posix scheme for the users + # is similar to the global posix_prefix one diff --git a/PACKAGING-NOTES b/PACKAGING-NOTES new file mode 100644 index 0000000..e28c88c --- /dev/null +++ b/PACKAGING-NOTES @@ -0,0 +1,26 @@ +Notes for packagers of Python3 +============================== + +0. Faster build turnaround +-------------------------- + +By default, python builds with profile-guided optimization. This needs +an additional run of the test suite and it is generally slow. +PGO build takes around 50 minutes. + +For development, use "--without profileopt" option to disable PGO. This +shortens the build time to ~5 minutes including test suite. + +1. import_failed.map +---------------------- + +This is a mechanism installed as part of python3-base, that places shim modules +on python's path (through a generated zzzz-import-failed-hooks.pth file, so that +it is imported as much at the end as makes sense; and an _import_failed subdir +of /usr/lib/pythonX.Y). Then when the user tries to import a module that is part +of a subpackage, the ImportError will contain a helpful message telling them +which missing subpackage to install. + +This can sometimes cause problems on non-standard configurations, if the pth +gets included too early (for instance if you are using a script to include all +pths by hand in some strange order). Just something to look out for. diff --git a/Python-3.11.10.tar.xz b/Python-3.11.10.tar.xz new file mode 100644 index 0000000..f87e7ad --- /dev/null +++ b/Python-3.11.10.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:07a4356e912900e61a15cb0949a06c4a05012e213ecd6b4e84d0f67aabbee372 +size 20067656 diff --git a/Python-3.11.10.tar.xz.asc b/Python-3.11.10.tar.xz.asc new file mode 100644 index 0000000..243d1b1 --- /dev/null +++ b/Python-3.11.10.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEz9yiRbEEPPKl+Xhl/+h0BBaL2EcFAmbbrO0ACgkQ/+h0BBaL +2Ec+YBAAnQJLKYPjj7Yr7xkFU655Sv86JxeRAdWjnIapbiIuWg3Up8Pd8FTRgHGf +3XdTHw7b03lSjtzJwavzdnDklqAlBIGn9dVieljUIN7NYyNxoYOr/AiatimgSwv7 +dI5mfun5fLKV6ZcdNdQN5PJ3RZtF3I7VfkN2mlfZJHtxl1agdU/TfW2L+qJ7+JPY +cayjq2xKTLRNXOf2iV29GRRovLiqA+Dx0+cAwsScwreHMp3U4k3GkeHVoR6fldV4 +bVAM8GRl3CYVFePiqAbamKP1BSys44JOINWbWyd94JxzEAwXWz//Es0h73AzeRfK +ueORqzdoOGrVc74+HGlAHhqO1Gg7jMMmtkzCEuav+cGHYnMRMOngGR3q47aTJTVb +5UdP0oD4OlADPFVa6q0LCqN/IFlebWMh9pXYw7Wpek63oNuZHTfNPq4S1AUM2HJm +C3yzaOG9VAdYfLneJC4ldY4CVt1FKckfaXp5OAaMr71DI74e4CcEswlUupZJLZKV +TJRjQD15bnXGhHDqU4w3RmzpCWMh2mf4m4VMYQyObl3TtlX+gVvzIhDS5+mXqutB +F1pdXwaHHkTb2PLLxpwOGrnsp8XoW74tsylcYirQg8jSFMbgxfwgIjEIuRGXeDkT +B4QzmQ4SxsbLiH7etV6Fznl1h569Z4DO9OOs4i0ZzIjdhPDQtAs= +=TatG +-----END PGP SIGNATURE----- diff --git a/Python-3.11.11.tar.xz b/Python-3.11.11.tar.xz new file mode 100644 index 0000000..e0581b1 --- /dev/null +++ b/Python-3.11.11.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:2a9920c7a0cd236de33644ed980a13cbbc21058bfdc528febb6081575ed73be3 +size 20085792 diff --git a/Python-3.11.11.tar.xz.sigstore b/Python-3.11.11.tar.xz.sigstore new file mode 100644 index 0000000..782816a --- /dev/null +++ b/Python-3.11.11.tar.xz.sigstore @@ -0,0 +1 @@ +{"mediaType": "application/vnd.dev.sigstore.bundle.v0.3+json", "verificationMaterial": {"certificate": {"rawBytes": "MIICzDCCAlOgAwIBAgIUWcRolJPsPmtJKA6VkjHSj7PtjY8wCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjQxMjAzMTgxOTA1WhcNMjQxMjAzMTgyOTA1WjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEN+fBJCRZIAZiWPBdjyQVD+x5vgmjuuVct1HkPHIBMuEe7wI4mBG2BhJ3fHkpr97efIH6ELMmPV99edyAIZFXR6OCAXIwggFuMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUkutZdHfCCSvGI87mjnBRwZB8ihYwHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4YZD8wIgYDVR0RAQH/BBgwFoEUcGFibG9nc2FsQHB5dGhvbi5vcmcwKQYKKwYBBAGDvzABAQQbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMCsGCisGAQQBg78wAQgEHQwbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMIGKBgorBgEEAdZ5AgQCBHwEegB4AHYA3T0wasbHETJjGR4cmWc3AqJKXrjePK3/h4pygC8p7o4AAAGTjb9QlwAABAMARzBFAiEA4ddSINhYM+p0+DGzRqnA8rVtJF9YgI+9znXiq9fqQNkCIEErcSnQmN8jjErhwWWtcTM5GgH4ka/uk5kdHTycwxj3MAoGCCqGSM49BAMDA2cAMGQCMFmkCEH2pCBpFeFiUi2uA4opcJP6vh/zqb+D0tbxqd+jwbBkuDxDqA9/Ao3UWop+twIwO9o71KAlYWPSPYMeZERM4R8zWlp9mVJPiK3tgOJJi40MNmxwtfsQeQtncqiQLBAH"}, "tlogEntries": [{"logIndex": "153122039", "logId": {"keyId": "wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="}, "kindVersion": {"kind": "hashedrekord", "version": "0.0.1"}, "integratedTime": "1733249946", "inclusionPromise": {"signedEntryTimestamp": "MEUCIBL9zpVJtljIuZtAe8uptLfDmakmbAjy5ELp2q8WJTQ7AiEAv6lIpyJZycHwTS+JHYJFzMVv0SmA8yQ0eMneBivMhPY="}, "inclusionProof": {"logIndex": "31217777", "rootHash": "BMKHBPePzSbNqf2NyF/Ejuyy3troRGpNS41Dqe43nZ0=", "treeSize": "31217778", "hashes": ["lrr8dxmtgD09fnZTo1tMTY00HNKc2ZIpbZa1djDeTes=", "yFxGSg1RDbtZ/eNftnMdBJGNEZmmLyx2ZRDFtAIMHAk=", "GeqsQGnvgc+gcuaIC+vQ5b0RdTyBxBnYTpbeW2AeD+Q=", "dMTPeN/a9xCQQP+Hz7sddW0pPj8n54sfkhcf3XhjrMM=", "XjayhjKU3shP7q7lhmhKDv3Vpi4gJgAPCu0KlEzc9Qo=", "go1dmexQYS5etu69upRRX7IFvuA0rIcT9aYjMstmPIU=", "AYwr74Bm2w383UnS7DdbZUUAhusq28JoxKpWrQ7OvGQ=", "u+yWmGIR6sAH32wiSy22mz1Yf+jfPdBTjFbyRISuTZw=", "3eFC7Gp4fWecybDOAw9uUTrM1xB7YRYRAGsfYkiQbV8=", "1uKk2qjOliHMiTk906jrchP8mXWsRG8apaU1sa0lfh0=", "oOecFfN3YqDOkbijS/ej1WF5Da/Gt/AZNhbwE9uoOE8=", "4lUF0YOu9XkIDXKXA0wMSzd6VeDY3TZAgmoOeWmS2+Y=", "gf+9m552B3PnkWnO0o4KdVvjcT3WVHLrCbf1DoVYKFw="], "checkpoint": {"envelope": "rekor.sigstore.dev - 1193050959916656506\n31217778\nBMKHBPePzSbNqf2NyF/Ejuyy3troRGpNS41Dqe43nZ0=\n\n\u2014 rekor.sigstore.dev wNI9ajBEAiA7ed0HqugBwVpmxDAR1VN35J91/+DeRdj09y5lFY+bRwIgYe07JnZlJvp3MfAMXX3i4XBsZoDRZoXtwfBaRj/8x8s=\n"}}, "canonicalizedBody": "eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiaGFzaGVkcmVrb3JkIiwic3BlYyI6eyJkYXRhIjp7Imhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiIyYTk5MjBjN2EwY2QyMzZkZTMzNjQ0ZWQ5ODBhMTNjYmJjMjEwNThiZmRjNTI4ZmViYjYwODE1NzVlZDczYmUzIn19LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FVUNJRU5KSGllaWs5WkVibW83a0p4ZUhWY2FvVDVYOUxyWG1zRTVxc1I5R1JpSEFpRUFtcHZyV21vUHF5YzRpQ09VYXVmY3dKTllMK1lPTWU0b0NOaWRLVGduT1FBPSIsInB1YmxpY0tleSI6eyJjb250ZW50IjoiTFMwdExTMUNSVWRKVGlCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2sxSlNVTjZSRU5EUVd4UFowRjNTVUpCWjBsVlYyTlNiMnhLVUhOUWJYUktTMEUyVm10cVNGTnFOMUIwYWxrNGQwTm5XVWxMYjFwSmVtb3dSVUYzVFhjS1RucEZWazFDVFVkQk1WVkZRMmhOVFdNeWJHNWpNMUoyWTIxVmRWcEhWakpOVWpSM1NFRlpSRlpSVVVSRmVGWjZZVmRrZW1SSE9YbGFVekZ3WW01U2JBcGpiVEZzV2tkc2FHUkhWWGRJYUdOT1RXcFJlRTFxUVhwTlZHZDRUMVJCTVZkb1kwNU5hbEY0VFdwQmVrMVVaM2xQVkVFeFYycEJRVTFHYTNkRmQxbElDa3R2V2tsNmFqQkRRVkZaU1V0dldrbDZhakJFUVZGalJGRm5RVVZPSzJaQ1NrTlNXa2xCV21sWFVFSmthbmxSVmtRcmVEVjJaMjFxZFhWV1kzUXhTR3NLVUVoSlFrMTFSV1UzZDBrMGJVSkhNa0pvU2pObVNHdHdjamszWldaSlNEWkZURTF0VUZZNU9XVmtlVUZKV2taWVVqWlBRMEZZU1hkblowWjFUVUUwUndwQk1WVmtSSGRGUWk5M1VVVkJkMGxJWjBSQlZFSm5UbFpJVTFWRlJFUkJTMEpuWjNKQ1owVkdRbEZqUkVGNlFXUkNaMDVXU0ZFMFJVWm5VVlZyZFhSYUNtUklaa05EVTNaSFNUZzNiV3B1UWxKM1drSTRhV2haZDBoM1dVUldVakJxUWtKbmQwWnZRVlV6T1ZCd2VqRlphMFZhWWpWeFRtcHdTMFpYYVhocE5Ga0tXa1E0ZDBsbldVUldVakJTUVZGSUwwSkNaM2RHYjBWVlkwZEdhV0pIT1c1ak1rWnpVVWhDTldSSGFIWmlhVFYyWTIxamQwdFJXVXRMZDFsQ1FrRkhSQXAyZWtGQ1FWRlJZbUZJVWpCalNFMDJUSGs1YUZreVRuWmtWelV3WTNrMWJtSXlPVzVpUjFWMVdUSTVkRTFEYzBkRGFYTkhRVkZSUW1jM09IZEJVV2RGQ2toUmQySmhTRkl3WTBoTk5reDVPV2haTWs1MlpGYzFNR041Tlc1aU1qbHVZa2RWZFZreU9YUk5TVWRMUW1kdmNrSm5SVVZCWkZvMVFXZFJRMEpJZDBVS1pXZENORUZJV1VFelZEQjNZWE5pU0VWVVNtcEhValJqYlZkak0wRnhTa3RZY21wbFVFc3pMMmcwY0hsblF6aHdOMjgwUVVGQlIxUnFZamxSYkhkQlFRcENRVTFCVW5wQ1JrRnBSVUUwWkdSVFNVNW9XVTByY0RBclJFZDZVbkZ1UVRoeVZuUktSamxaWjBrck9YcHVXR2x4T1daeFVVNXJRMGxGUlhKalUyNVJDbTFPT0dwcVJYSm9kMWRYZEdOVVRUVkhaMGcwYTJFdmRXczFhMlJJVkhsamQzaHFNMDFCYjBkRFEzRkhVMDAwT1VKQlRVUkJNbU5CVFVkUlEwMUdiV3NLUTBWSU1uQkRRbkJHWlVacFZXa3lkVUUwYjNCalNsQTJkbWd2ZW5GaUswUXdkR0o0Y1dRcmFuZGlRbXQxUkhoRWNVRTVMMEZ2TTFWWGIzQXJkSGRKZHdwUE9XODNNVXRCYkZsWFVGTlFXVTFsV2tWU1RUUlNPSHBYYkhBNWJWWktVR2xMTTNSblQwcEthVFF3VFU1dGVIZDBabk5SWlZGMGJtTnhhVkZNUWtGSUNpMHRMUzB0UlU1RUlFTkZVbFJKUmtsRFFWUkZMUzB0TFMwSyJ9fX19"}]}, "messageSignature": {"messageDigest": {"algorithm": "SHA2_256", "digest": "Kpkgx6DNI23jNkTtmAoTy7whBYv9xSj+u2CBV17XO+M="}, "signature": "MEUCIENJHieik9ZEbmo7kJxeHVcaoT5X9LrXmsE5qsR9GRiHAiEAmpvrWmoPqyc4iCOUaufcwJNYL+YOMe4oCNidKTgnOQA="}} diff --git a/Python-3.11.12.tar.xz b/Python-3.11.12.tar.xz new file mode 100644 index 0000000..e2b3c80 --- /dev/null +++ b/Python-3.11.12.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:849da87af4df137710c1796e276a955f7a85c9f971081067c8f565d15c352a09 +size 20112232 diff --git a/Python-3.11.12.tar.xz.sigstore b/Python-3.11.12.tar.xz.sigstore new file mode 100644 index 0000000..36fb8a6 --- /dev/null +++ b/Python-3.11.12.tar.xz.sigstore @@ -0,0 +1 @@ +{"mediaType": "application/vnd.dev.sigstore.bundle.v0.3+json", "verificationMaterial": {"certificate": {"rawBytes": "MIICzDCCAlOgAwIBAgIUdXXo3kfUuTRxhwfBaDz2hbLdc00wCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjUwNDA4MTUwMzI1WhcNMjUwNDA4MTUxMzI1WjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEChWB96w27HEQAug03xOuj5aVvdcEBkLaseC6PKbhc3lq1vL78o96RMSdWdBSmBQ4OrRHKvop8VRwn4SI6KPIN6OCAXIwggFuMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUDQFNdUPu8lJprLgYTWMF//JnS0owHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4YZD8wIgYDVR0RAQH/BBgwFoEUcGFibG9nc2FsQHB5dGhvbi5vcmcwKQYKKwYBBAGDvzABAQQbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMCsGCisGAQQBg78wAQgEHQwbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMIGKBgorBgEEAdZ5AgQCBHwEegB4AHYA3T0wasbHETJjGR4cmWc3AqJKXrjePK3/h4pygC8p7o4AAAGWFe1zcgAABAMARzBFAiAMLue9b86BfjeZl9ML7LekLskkUPTEhI2ciiZrYgaF/gIhAIt66OYOVpC39L+bRXJd1K+T39IGMxYcKoaDrMk0DX59MAoGCCqGSM49BAMDA2cAMGQCMEJ+IEScHRIlOwToBZxVVJjrSxOVvqRSfUO5hvYNkqhYz97LxxUFWpcB/DMiQJOUbwIwKJRh5d7c30z1XyE5zsjOZZmz37ah6aJtyuHLCn3QKJniWBMxIMy9lbXlRZWZgsf0"}, "tlogEntries": [{"logIndex": "193896942", "logId": {"keyId": "wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="}, "kindVersion": {"kind": "hashedrekord", "version": "0.0.1"}, "integratedTime": "1744124605", "inclusionPromise": {"signedEntryTimestamp": "MEUCIQDBvc4N4pmeJKalSbAgT5X5MiHnHfiFJ3q/ifYIUDQORwIgNCMUBexEGM4B8VSSWkSDK8uZDGqzA7bgurZdWE0z/vc="}, "inclusionProof": {"logIndex": "71992680", "rootHash": "jow4GaqK8wgGK0YaQkHyINNk1eJRvrgCUSax5oC+bgc=", "treeSize": "71992683", "hashes": ["V5p0el9OkIku5PMpzeGtSeSQLNkd4d0DVh6qNlixrlk=", "CbJfH60w3vsS3xzOzbMZQaokwVM+6efm7OCLjQ5og/k=", "fJZsSVsDo+dpw5484/+8Rm3EH3JostySBfLMVDBUZOU=", "/C+wK2WU/SrXLMnuHDzeBP4K+Jlt/S0nAvzvcXJPp30=", "m6j5meZeKpBfFqNeI7qiCogWjT2IT5NZkgJYwot9sRo=", "V7VMIiqIq7yvzO+ic8vLqIJr3+iGA6whYAGN7YvWhsQ=", "2ap6N1WIsMWGC/Zrnzsx//K9223/3B9lLpJP87M+rXE=", "2kwW2rqY/EMS68q/rOjagVYsEMybFHgxIfbokSa8yKU=", "QReFEOB9XSZtDKsjRtA0fGnYGMYD2Z7qn50auG1YlWo=", "K26LG80DXyb+bC58c4Nw00WigG52v0PCsZGY3ExGsts=", "WEm5OgPzJpYROv+4CcrieexCYyQKrLUH3hbxmcQQ+DM=", "7v8qPHNDLerpduaMx06eb/MwgoQwczTn/cYGKX/9wZ4="], "checkpoint": {"envelope": "rekor.sigstore.dev - 1193050959916656506\n71992683\njow4GaqK8wgGK0YaQkHyINNk1eJRvrgCUSax5oC+bgc=\n\n\u2014 rekor.sigstore.dev wNI9ajBGAiEA7u1b4P659JpwuXMf6lhvC1RhOj/ZH7CpYcAQbitQSwUCIQDJrflW8FGweaiB88lSuLfpfD/a6l6jWhUyOQB/mIJ9rA==\n"}}, "canonicalizedBody": "eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiaGFzaGVkcmVrb3JkIiwic3BlYyI6eyJkYXRhIjp7Imhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiI4NDlkYTg3YWY0ZGYxMzc3MTBjMTc5NmUyNzZhOTU1ZjdhODVjOWY5NzEwODEwNjdjOGY1NjVkMTVjMzUyYTA5In19LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FUUNJRnMzQi9oTk9OMVY2TXFaUkxzRmNHNlU2Qjkza2FsL1VLZWsvYkRVb3o2MUFpQWZydmsrWXpjK0hHZGJYemRRQ203cjlKU2RNUCtuR1BOblVCZzFoSnAySVE9PSIsInB1YmxpY0tleSI6eyJjb250ZW50IjoiTFMwdExTMUNSVWRKVGlCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2sxSlNVTjZSRU5EUVd4UFowRjNTVUpCWjBsVlpGaFliek5yWmxWMVZGSjRhSGRtUW1GRWVqSm9Za3hrWXpBd2QwTm5XVWxMYjFwSmVtb3dSVUYzVFhjS1RucEZWazFDVFVkQk1WVkZRMmhOVFdNeWJHNWpNMUoyWTIxVmRWcEhWakpOVWpSM1NFRlpSRlpSVVVSRmVGWjZZVmRrZW1SSE9YbGFVekZ3WW01U2JBcGpiVEZzV2tkc2FHUkhWWGRJYUdOT1RXcFZkMDVFUVRSTlZGVjNUWHBKTVZkb1kwNU5hbFYzVGtSQk5FMVVWWGhOZWtreFYycEJRVTFHYTNkRmQxbElDa3R2V2tsNmFqQkRRVkZaU1V0dldrbDZhakJFUVZGalJGRm5RVVZEYUZkQ09UWjNNamRJUlZGQmRXY3dNM2hQZFdvMVlWWjJaR05GUW10TVlYTmxRellLVUV0aWFHTXpiSEV4ZGt3M09HODVObEpOVTJSWFpFSlRiVUpSTkU5eVVraExkbTl3T0ZaU2QyNDBVMGsyUzFCSlRqWlBRMEZZU1hkblowWjFUVUUwUndwQk1WVmtSSGRGUWk5M1VVVkJkMGxJWjBSQlZFSm5UbFpJVTFWRlJFUkJTMEpuWjNKQ1owVkdRbEZqUkVGNlFXUkNaMDVXU0ZFMFJVWm5VVlZFVVVaT0NtUlZVSFU0YkVwd2NreG5XVlJYVFVZdkwwcHVVekJ2ZDBoM1dVUldVakJxUWtKbmQwWnZRVlV6T1ZCd2VqRlphMFZhWWpWeFRtcHdTMFpYYVhocE5Ga0tXa1E0ZDBsbldVUldVakJTUVZGSUwwSkNaM2RHYjBWVlkwZEdhV0pIT1c1ak1rWnpVVWhDTldSSGFIWmlhVFYyWTIxamQwdFJXVXRMZDFsQ1FrRkhSQXAyZWtGQ1FWRlJZbUZJVWpCalNFMDJUSGs1YUZreVRuWmtWelV3WTNrMWJtSXlPVzVpUjFWMVdUSTVkRTFEYzBkRGFYTkhRVkZSUW1jM09IZEJVV2RGQ2toUmQySmhTRkl3WTBoTk5reDVPV2haTWs1MlpGYzFNR041Tlc1aU1qbHVZa2RWZFZreU9YUk5TVWRMUW1kdmNrSm5SVVZCWkZvMVFXZFJRMEpJZDBVS1pXZENORUZJV1VFelZEQjNZWE5pU0VWVVNtcEhValJqYlZkak0wRnhTa3RZY21wbFVFc3pMMmcwY0hsblF6aHdOMjgwUVVGQlIxZEdaVEY2WTJkQlFRcENRVTFCVW5wQ1JrRnBRVTFNZFdVNVlqZzJRbVpxWlZwc09VMU1OMHhsYTB4emEydFZVRlJGYUVreVkybHBXbkpaWjJGR0wyZEphRUZKZERZMlQxbFBDbFp3UXpNNVRDdGlVbGhLWkRGTEsxUXpPVWxIVFhoWlkwdHZZVVJ5VFdzd1JGZzFPVTFCYjBkRFEzRkhVMDAwT1VKQlRVUkJNbU5CVFVkUlEwMUZTaXNLU1VWVFkwaFNTV3hQZDFSdlFscDRWbFpLYW5KVGVFOVdkbkZTVTJaVlR6Vm9kbGxPYTNGb1dYbzVOMHg0ZUZWR1YzQmpRaTlFVFdsUlNrOVZZbmRKZHdwTFNsSm9OV1EzWXpNd2VqRlllVVUxZW5OcVQxcGFiWG96TjJGb05tRktkSGwxU0V4RGJqTlJTMHB1YVZkQ1RYaEpUWGs1YkdKWWJGSmFWMXBuYzJZd0NpMHRMUzB0UlU1RUlFTkZVbFJKUmtsRFFWUkZMUzB0TFMwSyJ9fX19"}], "timestampVerificationData": {}}, "messageSignature": {"messageDigest": {"algorithm": "SHA2_256", "digest": "hJ2oevTfE3cQwXluJ2qVX3qFyflxCBBnyPVl0Vw1Kgk="}, "signature": "MEQCIFs3B/hNON1V6MqZRLsFcG6U6B93kal/UKek/bDUoz61AiAfrvk+Yzc+HGdbXzdQCm7r9JSdMP+nGPNnUBg1hJp2IQ=="}} diff --git a/README.SUSE b/README.SUSE new file mode 100644 index 0000000..0053bcf --- /dev/null +++ b/README.SUSE @@ -0,0 +1,43 @@ +Python 3 in SUSE +============== + +* Subpackages * + +Python 3 is split into several subpackages, based on external dependencies. +The main package 'python3' has soft dependencies on all subpackages needed to +assemble the standard library; however, these might not all be installed by default. + +If you attempt to import a module that is currently not installed, an ImportError is thrown, +with instructions to install the missing subpackage. Installing the subpackage might result +in installing libraries that the subpackage requires to function. + + +* ensurepip * + +The 'ensurepip' module from Python 3 standard library (PEP 453) is supposed to deploy +a bundled copy of the pip installer. This makes no sense in a managed distribution like SUSE. +Instead, you need to install package 'python3-pip'. Usually this will be installed automatically +with 'python3'. + +Using 'ensurepip' when pip is not installed will result in an ImportError with instructions +to install 'python3-pip'. + + +* Documentation * + +You can find documentation in seprarate packages: python3-doc and +python3-doc-pdf. These contan following documents: + + Tutorial, What's New in Python, Global Module Index, Library Reference, + Macintosh Module Reference, Installing Python Modules, Distributing Python + Modules, Language Reference, Extending and Embedding, Python/C API, + Documenting Python + +The python3-doc package constains many text files from source tarball. + + +* Interactive mode * + +Interactive mode is by default enhanced with of history and command completion. +If you don't like these features, you can unset the PYTHONSTARTUP variable +in your .profile or disable it system wide in /etc/profile.d/python.sh. diff --git a/_multibuild b/_multibuild new file mode 100644 index 0000000..1d50bc4 --- /dev/null +++ b/_multibuild @@ -0,0 +1,4 @@ + + base + doc + diff --git a/add-loongarch64-support.patch b/add-loongarch64-support.patch new file mode 100644 index 0000000..f0c8035 --- /dev/null +++ b/add-loongarch64-support.patch @@ -0,0 +1,25 @@ +Description: Add platform triplets for LoongArch. + +--- a/configure.ac ++++ b/configure.ac +@@ -976,6 +976,20 @@ cat > conftest.c <=6) && defined(_MIPSEL) diff --git a/baselibs.conf b/baselibs.conf new file mode 100644 index 0000000..1793de8 --- /dev/null +++ b/baselibs.conf @@ -0,0 +1,3 @@ +python311-base +python311 +libpython3_11-1_0 diff --git a/bluez-devel-vendor.tar.xz b/bluez-devel-vendor.tar.xz new file mode 100644 index 0000000..57fb3e5 --- /dev/null +++ b/bluez-devel-vendor.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:868fbfba2ddaed62f2c45cf869fe2c648527ac3bac738f4f41f3c2872f5b0211 +size 25040 diff --git a/bpo-31046_ensurepip_honours_prefix.patch b/bpo-31046_ensurepip_honours_prefix.patch new file mode 100644 index 0000000..86882ae --- /dev/null +++ b/bpo-31046_ensurepip_honours_prefix.patch @@ -0,0 +1,173 @@ +From 5754521af1d51aa8e445cba07a093bbc0c88596d Mon Sep 17 00:00:00 2001 +From: Zackery Spytz +Date: Mon, 16 Dec 2019 18:24:08 -0700 +Subject: [PATCH] bpo-31046: ensurepip does not honour the value of $(prefix) + +Co-Authored-By: Xavier de Gaye +--- + Doc/library/ensurepip.rst | 9 +++-- + Lib/ensurepip/__init__.py | 18 +++++++--- + Lib/test/test_ensurepip.py | 11 ++++++ + Makefile.pre.in | 4 +- + Misc/NEWS.d/next/Build/2019-12-16-17-50-42.bpo-31046.XA-Qfr.rst | 1 + 5 files changed, 34 insertions(+), 9 deletions(-) + create mode 100644 Misc/NEWS.d/next/Build/2019-12-16-17-50-42.bpo-31046.XA-Qfr.rst + +Index: Python-3.11.8/Doc/library/ensurepip.rst +=================================================================== +--- Python-3.11.8.orig/Doc/library/ensurepip.rst ++++ Python-3.11.8/Doc/library/ensurepip.rst +@@ -59,7 +59,9 @@ is at least as recent as the one availab + By default, ``pip`` is installed into the current virtual environment + (if one is active) or into the system site packages (if there is no + active virtual environment). The installation location can be controlled +-through two additional command line options: ++through some additional command line options: ++ ++* ``--prefix ``: Installs ``pip`` using the given directory prefix. + + * :samp:`--root {dir}`: Installs ``pip`` relative to the given root directory + rather than the root of the currently active virtual environment (if any) +@@ -92,7 +94,7 @@ Module API + Returns a string specifying the available version of pip that will be + installed when bootstrapping an environment. + +-.. function:: bootstrap(root=None, upgrade=False, user=False, \ ++.. function:: bootstrap(root=None, prefix=None, upgrade=False, user=False, \ + altinstall=False, default_pip=False, \ + verbosity=0) + +@@ -102,6 +104,8 @@ Module API + If *root* is ``None``, then installation uses the default install location + for the current environment. + ++ *prefix* specifies the directory prefix to use when installing. ++ + *upgrade* indicates whether or not to upgrade an existing installation + of an earlier version of ``pip`` to the available version. + +@@ -122,6 +126,8 @@ Module API + *verbosity* controls the level of output to :data:`sys.stdout` from the + bootstrapping operation. + ++ .. versionchanged:: 3.9 the *prefix* parameter was added. ++ + .. audit-event:: ensurepip.bootstrap root ensurepip.bootstrap + + .. note:: +Index: Python-3.11.8/Lib/ensurepip/__init__.py +=================================================================== +--- Python-3.11.8.orig/Lib/ensurepip/__init__.py ++++ Python-3.11.8/Lib/ensurepip/__init__.py +@@ -122,27 +122,27 @@ def _disable_pip_configuration_settings( + os.environ['PIP_CONFIG_FILE'] = os.devnull + + +-def bootstrap(*, root=None, upgrade=False, user=False, ++def bootstrap(*, root=None, prefix=None, upgrade=False, user=False, + altinstall=False, default_pip=False, + verbosity=0): + """ + Bootstrap pip into the current Python installation (or the given root +- directory). ++ and directory prefix). + + Note that calling this function will alter both sys.path and os.environ. + """ + # Discard the return value +- _bootstrap(root=root, upgrade=upgrade, user=user, ++ _bootstrap(root=root, prefix=prefix, upgrade=upgrade, user=user, + altinstall=altinstall, default_pip=default_pip, + verbosity=verbosity) + + +-def _bootstrap(*, root=None, upgrade=False, user=False, ++def _bootstrap(*, root=None, prefix=None, upgrade=False, user=False, + altinstall=False, default_pip=False, + verbosity=0): + """ + Bootstrap pip into the current Python installation (or the given root +- directory). Returns pip command status code. ++ and directory prefix). Returns pip command status code. + + Note that calling this function will alter both sys.path and os.environ. + """ +@@ -192,6 +192,8 @@ def _bootstrap(*, root=None, upgrade=Fal + args = ["install", "--no-cache-dir", "--no-index", "--find-links", tmpdir] + if root: + args += ["--root", root] ++ if prefix: ++ args += ["--prefix", prefix] + if upgrade: + args += ["--upgrade"] + if user: +@@ -267,6 +269,11 @@ def _main(argv=None): + help="Install everything relative to this alternate root directory.", + ) + parser.add_argument( ++ "--prefix", ++ default=None, ++ help="Install everything using this prefix.", ++ ) ++ parser.add_argument( + "--altinstall", + action="store_true", + default=False, +@@ -285,6 +292,7 @@ def _main(argv=None): + + return _bootstrap( + root=args.root, ++ prefix=args.prefix, + upgrade=args.upgrade, + user=args.user, + verbosity=args.verbosity, +Index: Python-3.11.8/Lib/test/test_ensurepip.py +=================================================================== +--- Python-3.11.8.orig/Lib/test/test_ensurepip.py ++++ Python-3.11.8/Lib/test/test_ensurepip.py +@@ -112,6 +112,17 @@ class TestBootstrap(EnsurepipMixin, unit + unittest.mock.ANY, + ) + ++ def test_bootstrapping_with_prefix(self): ++ ensurepip.bootstrap(prefix="/foo/bar/") ++ self.run_pip.assert_called_once_with( ++ [ ++ "install", "--no-cache-dir", "--no-index", "--find-links", ++ unittest.mock.ANY, "--prefix", "/foo/bar/", ++ "setuptools", "pip", ++ ], ++ unittest.mock.ANY, ++ ) ++ + def test_bootstrapping_with_user(self): + ensurepip.bootstrap(user=True) + +Index: Python-3.11.8/Makefile.pre.in +=================================================================== +--- Python-3.11.8.orig/Makefile.pre.in ++++ Python-3.11.8/Makefile.pre.in +@@ -1761,7 +1761,7 @@ install: @FRAMEWORKINSTALLFIRST@ commoni + install|*) ensurepip="" ;; \ + esac; \ + $(RUNSHARED) $(PYTHON_FOR_BUILD) -m ensurepip \ +- $$ensurepip --root=$(DESTDIR)/ ; \ ++ $$ensurepip --root=$(DESTDIR)/ --prefix=$(prefix) ; \ + fi + + altinstall: commoninstall +@@ -1771,7 +1771,7 @@ altinstall: commoninstall + install|*) ensurepip="--altinstall" ;; \ + esac; \ + $(RUNSHARED) $(PYTHON_FOR_BUILD) -m ensurepip \ +- $$ensurepip --root=$(DESTDIR)/ ; \ ++ $$ensurepip --root=$(DESTDIR)/ --prefix=$(prefix) ; \ + fi + + commoninstall: check-clean-src @FRAMEWORKALTINSTALLFIRST@ \ +Index: Python-3.11.8/Misc/NEWS.d/next/Build/2019-12-16-17-50-42.bpo-31046.XA-Qfr.rst +=================================================================== +--- /dev/null ++++ Python-3.11.8/Misc/NEWS.d/next/Build/2019-12-16-17-50-42.bpo-31046.XA-Qfr.rst +@@ -0,0 +1 @@ ++A directory prefix can now be specified when using :mod:`ensurepip`. diff --git a/bsc1221260-test_asyncio-ResourceWarning.patch b/bsc1221260-test_asyncio-ResourceWarning.patch new file mode 100644 index 0000000..15d6b8d --- /dev/null +++ b/bsc1221260-test_asyncio-ResourceWarning.patch @@ -0,0 +1,21 @@ +From a3052035485bd2836e40f5284657ca105382cbfd Mon Sep 17 00:00:00 2001 +From: sobolevn +Date: Tue, 5 Mar 2024 20:24:16 +0300 +Subject: [PATCH] gh-116112: Fix `ResourceWarning` in + `test_asyncio.test_stream` + +Co-authored-by: @CendioOssman +--- + Lib/test/test_asyncio/test_streams.py | 1 + + 1 file changed, 1 insertion(+) + +--- a/Lib/test/test_asyncio/test_streams.py ++++ b/Lib/test/test_asyncio/test_streams.py +@@ -1156,6 +1156,7 @@ os.close(fd) + + def test_unhandled_cancel(self): + async def handle_echo(reader, writer): ++ writer.close() + asyncio.current_task().cancel() + messages = self._basetest_unhandled_exceptions(handle_echo) + self.assertEqual(messages, []) diff --git a/bso1227999-reproducible-builds.patch b/bso1227999-reproducible-builds.patch new file mode 100644 index 0000000..fb33d18 --- /dev/null +++ b/bso1227999-reproducible-builds.patch @@ -0,0 +1,37 @@ +From ac2b8869724d7a57d9b5efbdce2f20423214e8bb Mon Sep 17 00:00:00 2001 +From: "Bernhard M. Wiedemann" +Date: Tue, 16 Jul 2024 21:39:33 +0200 +Subject: [PATCH] Allow to override build date with SOURCE_DATE_EPOCH + +to make builds reproducible. +See https://reproducible-builds.org/ for why this is good +and https://reproducible-builds.org/specs/source-date-epoch/ +for the definition of this variable. +--- + Doc/conf.py | 3 ++- + Doc/library/functions.rst | 2 +- + 2 files changed, 3 insertions(+), 2 deletions(-) + +--- a/Doc/conf.py ++++ b/Doc/conf.py +@@ -316,7 +316,8 @@ html_context = { + } + + # This 'Last updated on:' timestamp is inserted at the bottom of every page. +-html_last_updated_fmt = time.strftime('%b %d, %Y (%H:%M UTC)', time.gmtime()) ++html_time = int(os.environ.get('SOURCE_DATE_EPOCH', time.time())) ++html_last_updated_fmt = time.strftime('%b %d, %Y (%H:%M UTC)', time.gmtime(html_time)) + + # Path to find HTML templates. + templates_path = ['tools/templates'] +--- a/Doc/library/functions.rst ++++ b/Doc/library/functions.rst +@@ -1356,7 +1356,7 @@ are always available. They are listed h + (where :func:`open` is declared), :mod:`os`, :mod:`os.path`, :mod:`tempfile`, + and :mod:`shutil`. + +- .. audit-event:: open file,mode,flags open ++ .. audit-event:: open path,mode,flags open + + The ``mode`` and ``flags`` arguments may have been modified or inferred from + the original call. diff --git a/distutils-reproducible-compile.patch b/distutils-reproducible-compile.patch new file mode 100644 index 0000000..17e8bd2 --- /dev/null +++ b/distutils-reproducible-compile.patch @@ -0,0 +1,17 @@ +--- + Lib/distutils/util.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +Index: Python-3.11.8/Lib/distutils/util.py +=================================================================== +--- Python-3.11.8.orig/Lib/distutils/util.py ++++ Python-3.11.8/Lib/distutils/util.py +@@ -436,7 +436,7 @@ byte_compile(files, optimize=%r, force=% + else: + from py_compile import compile + +- for file in py_files: ++ for file in sorted(py_files): + if file[-3:] != ".py": + # This lets us be lazy and not filter filenames in + # the "install_lib" command. diff --git a/externally_managed.in b/externally_managed.in new file mode 100644 index 0000000..54606b6 --- /dev/null +++ b/externally_managed.in @@ -0,0 +1,12 @@ +[externally-managed] +Error=To install Python packages system-wide, try + zypper install __PYTHONPREFIX__-xyz, where xyz is the package + you are trying to install. + + If you wish to install a non-rpm packaged Python package, + create a virtual environment using __PYTHON__ -m venv path/to/venv. + Then use path/to/venv/bin/python and path/to/venv/bin/pip. + + If you wish to install a non-rpm packaged Python application, + it may be easiest to use `pipx install xyz`, which will manage a + virtual environment for you. Install pipx via `zypper install __PYTHONPREFIX__-pipx` . diff --git a/fix_configure_rst.patch b/fix_configure_rst.patch new file mode 100644 index 0000000..b3f5e0c --- /dev/null +++ b/fix_configure_rst.patch @@ -0,0 +1,44 @@ +--- + Doc/using/configure.rst | 3 --- + Misc/NEWS | 2 +- + 2 files changed, 1 insertion(+), 4 deletions(-) + +Index: Python-3.11.12/Doc/using/configure.rst +=================================================================== +--- Python-3.11.12.orig/Doc/using/configure.rst 2025-04-08 16:15:29.000000000 +0200 ++++ Python-3.11.12/Doc/using/configure.rst 2025-04-11 10:52:39.419877561 +0200 +@@ -43,7 +43,6 @@ + + See :data:`sys.int_info.bits_per_digit `. + +-.. option:: --with-cxx-main + .. option:: --with-cxx-main=COMPILER + + Compile the Python ``main()`` function and link Python executable with C++ +@@ -529,13 +528,11 @@ + + See ``Mac/README.rst``. + +-.. option:: --enable-universalsdk + .. option:: --enable-universalsdk=SDKDIR + + Create a universal binary build. *SDKDIR* specifies which macOS SDK should + be used to perform the build (default is no). + +-.. option:: --enable-framework + .. option:: --enable-framework=INSTALLDIR + + Create a Python.framework rather than a traditional Unix install. Optional +Index: Python-3.11.12/Misc/NEWS +=================================================================== +--- Python-3.11.12.orig/Misc/NEWS 2025-04-08 16:15:29.000000000 +0200 ++++ Python-3.11.12/Misc/NEWS 2025-04-11 10:52:39.425550531 +0200 +@@ -9872,7 +9872,7 @@ + - bpo-40939: Removed documentation for the removed ``PyParser_*`` C API. + + - bpo-43795: The list in :ref:`limited-api-list` now shows the public name +- :c:struct:`PyFrameObject` rather than ``_frame``. The non-existing entry ++ :c:type:`PyFrameObject` rather than ``_frame``. The non-existing entry + ``_node`` no longer appears in the list. + + - bpo-44378: :c:func:`Py_IS_TYPE` no longer uses :c:func:`Py_TYPE` to avoid diff --git a/gh120226-fix-sendfile-test-kernel-610.patch b/gh120226-fix-sendfile-test-kernel-610.patch new file mode 100644 index 0000000..2eb6f63 --- /dev/null +++ b/gh120226-fix-sendfile-test-kernel-610.patch @@ -0,0 +1,35 @@ +From 1b3f6523a5c83323cdc44031b33a1c062e5dc698 Mon Sep 17 00:00:00 2001 +From: Xi Ruoyao +Date: Fri, 7 Jun 2024 23:51:32 +0800 +Subject: [PATCH] gh-120226: Fix + test_sendfile_close_peer_in_the_middle_of_receiving on Linux >= 6.10 + (GH-120227) + +The worst case is that the kernel buffers 17 pages with a page size of 64k. +(cherry picked from commit a7584245661102a5768c643fbd7db8395fd3c90e) + +Co-authored-by: Xi Ruoyao +--- + Lib/test/test_asyncio/test_sendfile.py | 11 ++++------- + 1 file changed, 4 insertions(+), 7 deletions(-) + +--- a/Lib/test/test_asyncio/test_sendfile.py ++++ b/Lib/test/test_asyncio/test_sendfile.py +@@ -93,13 +93,10 @@ class MyProto(asyncio.Protocol): + + class SendfileBase: + +- # 256 KiB plus small unaligned to buffer chunk +- # Newer versions of Windows seems to have increased its internal +- # buffer and tries to send as much of the data as it can as it +- # has some form of buffering for this which is less than 256KiB +- # on newer server versions and Windows 11. +- # So DATA should be larger than 256 KiB to make this test reliable. +- DATA = b"x" * (1024 * 256 + 1) ++ # Linux >= 6.10 seems buffering up to 17 pages of data. ++ # So DATA should be large enough to make this test reliable even with a ++ # 64 KiB page configuration. ++ DATA = b"x" * (1024 * 17 * 64 + 1) + # Reduce socket buffer size to test on relative small data sets. + BUF_SIZE = 4 * 1024 # 4 KiB + diff --git a/idle3.appdata.xml b/idle3.appdata.xml new file mode 100644 index 0000000..554b7c4 --- /dev/null +++ b/idle3.appdata.xml @@ -0,0 +1,35 @@ + + + + + idle3.desktop + IDLE3 + CC0 + Python-2.0 + Python 3 Integrated Development and Learning Environment + +

+ IDLE is Python’s Integrated Development and Learning Environment. + The GUI is uniform between Windows, Unix, and Mac OS X. + IDLE provides an easy way to start writing, running, and debugging + Python code. +

+

+ IDLE is written in pure Python, and uses the tkinter GUI toolkit. + It provides: +

+
    +
  • a Python shell window (interactive interpreter) with colorizing of code input, output, and error messages,
    • +
  • a multi-window text editor with multiple undo, Python colorizing, smart indent, call tips, auto completion, and other features,
    • +
  • search within any window, replace within editor windows, and search through multiple files (grep),
    • +
  • a debugger with persistent breakpoints, stepping, and viewing of global and local namespaces.
    • +
+ + https://docs.python.org/3/library/idle.html + + http://in.waw.pl/~zbyszek/fedora/idle3-appdata/idle3-main-window.png + http://in.waw.pl/~zbyszek/fedora/idle3-appdata/idle3-class-browser.png + http://in.waw.pl/~zbyszek/fedora/idle3-appdata/idle3-code-viewer.png + + zbyszek@in.waw.pl + diff --git a/idle3.desktop b/idle3.desktop new file mode 100644 index 0000000..43f5a4c --- /dev/null +++ b/idle3.desktop @@ -0,0 +1,12 @@ +[Desktop Entry] +Version=1.0 +Name=IDLE 3 +GenericName=Python 3 IDE +Comment=Python 3 Integrated Development and Learning Environment +Exec=idle3 %F +TryExec=idle3 +Terminal=false +Type=Application +Icon=idle3 +Categories=Development;IDE; +MimeType=text/x-python; diff --git a/import_failed.map b/import_failed.map new file mode 100644 index 0000000..f33690c --- /dev/null +++ b/import_failed.map @@ -0,0 +1,7 @@ +python311-curses: curses _curses _curses_panel +python311-dbm: dbm _dbm _gdbm +python311-idle: idlelib +python311-testsuite: test _ctypes_test _testbuffer _testcapi _testinternalcapi _testimportmultiple _testmultiphase xxlimited +python311-tk: tkinter _tkinter +python311-tools: turtledemo +python311: sqlite3 readline _sqlite3 nis diff --git a/import_failed.py b/import_failed.py new file mode 100644 index 0000000..258b5a5 --- /dev/null +++ b/import_failed.py @@ -0,0 +1,23 @@ +import sys, os +from sysconfig import get_path + +failed_map_path = os.path.join(get_path('stdlib'), '_import_failed', 'import_failed.map') + +if __spec__: + failed_name = __spec__.name +else: + failed_name = __name__ + +with open(failed_map_path) as fd: + for line in fd: + package = line.split(':')[0] + imports = line.split(':')[1] + if failed_name in imports: + raise ImportError(f"""Module '{failed_name}' is not installed. +Use: + sudo zypper install {package} +to install it.""") + +raise ImportError(f"""Module '{failed_name}' is not installed. +It is supposed to be part of python3 distribution, but missing from failed import map. +Please file a bug on the SUSE Bugzilla.""") diff --git a/macros.python3 b/macros.python3 new file mode 100644 index 0000000..2bd193b --- /dev/null +++ b/macros.python3 @@ -0,0 +1,28 @@ +%have_python3 1 + +# commented out legacy macro definitions +#py3_prefix /usr +#py3_incdir /usr/include/python3.5m +#py3_ver 3.5 + +# these should now be provided by macros.python_all +#python3_sitearch /usr/lib64/python3.5/site-packages +#python3_sitelib /usr/lib/python3.5/site-packages +#python3_version 3.5 + +# hard to say if anyone ever used these? +#py3_soflags cpython-35m-x86_64-linux-gnu +#py3_abiflags m +%cpython3_soabi %(python3 -c "import sysconfig; print(sysconfig.get_config_var('SOABI'))") +%py3_soflags %cpython3_soabi + +# compilation macros that might be in use somewhere +%py3_compile(O) \ +find %1 -name '*.pyc' -exec rm -f {} ";"\ +python3 -c "import sys, os, compileall; br='%{buildroot}'; compileall.compile_dir(sys.argv[1], ddir=br and (sys.argv[1][len(os.path.abspath(br)):]+'/') or None)" %1\ +%{-O:\ +find %1 -name '*.pyo' -exec rm -f {} ";"\ +python3 -O -c "import sys, os, compileall; br='%{buildroot}'; compileall.compile_dir(sys.argv[1], ddir=br and (sys.argv[1][len(os.path.abspath(br)):]+'/') or None)" %1\ +} + + diff --git a/no-skipif-doctests.patch b/no-skipif-doctests.patch new file mode 100644 index 0000000..7e412d7 --- /dev/null +++ b/no-skipif-doctests.patch @@ -0,0 +1,653 @@ +only in patch2: +unchanged: +--- + Doc/library/turtle.rst | 82 ------------------------------------------------- + 1 file changed, 82 deletions(-) + +--- a/Doc/library/turtle.rst ++++ b/Doc/library/turtle.rst +@@ -440,7 +440,6 @@ Turtle motion + turtle is headed. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.position() + (0.00,0.00) +@@ -467,7 +466,6 @@ Turtle motion + >>> turtle.goto(0, 0) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.position() + (0.00,0.00) +@@ -486,13 +484,11 @@ Turtle motion + orientation depends on the turtle mode, see :func:`mode`. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.setheading(22) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.heading() + 22.0 +@@ -511,13 +507,11 @@ Turtle motion + orientation depends on the turtle mode, see :func:`mode`. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.setheading(22) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.heading() + 22.0 +@@ -540,13 +534,11 @@ Turtle motion + not change the turtle's orientation. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.goto(0, 0) + + .. doctest:: +- :skipif: _tkinter is None + + >>> tp = turtle.pos() + >>> tp +@@ -570,13 +562,11 @@ Turtle motion + unchanged. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.goto(0, 240) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.position() + (0.00,240.00) +@@ -592,13 +582,11 @@ Turtle motion + Set the turtle's second coordinate to *y*, leave first coordinate unchanged. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.goto(0, 40) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.position() + (0.00,40.00) +@@ -625,7 +613,6 @@ Turtle motion + =================== ==================== + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.setheading(90) + >>> turtle.heading() +@@ -638,14 +625,12 @@ Turtle motion + its start-orientation (which depends on the mode, see :func:`mode`). + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.setheading(90) + >>> turtle.goto(0, -10) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.heading() + 90.0 +@@ -677,7 +662,6 @@ Turtle motion + calculated automatically. May be used to draw regular polygons. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.position() +@@ -706,7 +690,6 @@ Turtle motion + + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.dot() +@@ -724,7 +707,6 @@ Turtle motion + it by calling ``clearstamp(stamp_id)``. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.color("blue") + >>> turtle.stamp() +@@ -740,7 +722,6 @@ Turtle motion + Delete stamp with given *stampid*. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.position() + (150.00,-0.00) +@@ -785,7 +766,6 @@ Turtle motion + undo actions is determined by the size of the undobuffer. + + .. doctest:: +- :skipif: _tkinter is None + + >>> for i in range(4): + ... turtle.fd(50); turtle.lt(80) +@@ -818,7 +798,6 @@ Turtle motion + turtle turn instantly. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.speed() + 3 +@@ -839,7 +818,6 @@ Tell Turtle's state + Return the turtle's current location (x,y) (as a :class:`Vec2D` vector). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.pos() + (440.00,-0.00) +@@ -855,7 +833,6 @@ Tell Turtle's state + orientation which depends on the mode - "standard"/"world" or "logo". + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.goto(10, 10) + >>> turtle.towards(0,0) +@@ -867,7 +844,6 @@ Tell Turtle's state + Return the turtle's x coordinate. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.left(50) +@@ -883,7 +859,6 @@ Tell Turtle's state + Return the turtle's y coordinate. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.left(60) +@@ -900,7 +875,6 @@ Tell Turtle's state + :func:`mode`). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.left(67) +@@ -917,7 +891,6 @@ Tell Turtle's state + other turtle, in turtle step units. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.distance(30,40) +@@ -941,7 +914,6 @@ Settings for measurement + Default value is 360 degrees. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.left(90) +@@ -964,7 +936,6 @@ Settings for measurement + ``degrees(2*math.pi)``. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.left(90) +@@ -975,7 +946,6 @@ Settings for measurement + 1.5707963267948966 + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.degrees(360) +@@ -1011,7 +981,6 @@ Drawing state + thickness. If no argument is given, the current pensize is returned. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.pensize() + 1 +@@ -1043,7 +1012,6 @@ Drawing state + attributes in one statement. + + .. doctest:: +- :skipif: _tkinter is None + :options: +NORMALIZE_WHITESPACE + + >>> turtle.pen(fillcolor="black", pencolor="red", pensize=10) +@@ -1066,7 +1034,6 @@ Drawing state + Return ``True`` if pen is down, ``False`` if it's up. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.penup() + >>> turtle.isdown() +@@ -1107,7 +1074,6 @@ Color control + newly set pencolor. + + .. doctest:: +- :skipif: _tkinter is None + + >>> colormode() + 1.0 +@@ -1156,7 +1122,6 @@ Color control + with the newly set fillcolor. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.fillcolor("violet") + >>> turtle.fillcolor() +@@ -1195,7 +1160,6 @@ Color control + with the newly set colors. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.color("red", "green") + >>> turtle.color() +@@ -1212,7 +1176,6 @@ Filling + ~~~~~~~ + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.home() +@@ -1222,7 +1185,6 @@ Filling + Return fillstate (``True`` if filling, ``False`` else). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.begin_fill() + >>> if turtle.filling(): +@@ -1247,7 +1209,6 @@ Filling + above may be either all yellow or have some white regions. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.color("black", "red") + >>> turtle.begin_fill() +@@ -1264,7 +1225,6 @@ More drawing control + variables to the default values. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.goto(0,-22) + >>> turtle.left(100) +@@ -1315,7 +1275,6 @@ Visibility + drawing observably. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.hideturtle() + +@@ -1326,7 +1285,6 @@ Visibility + Make the turtle visible. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.showturtle() + +@@ -1357,7 +1315,6 @@ Appearance + deal with shapes see Screen method :func:`register_shape`. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.shape() + 'classic' +@@ -1383,7 +1340,6 @@ Appearance + ``resizemode("user")`` is called by :func:`shapesize` when used with arguments. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.resizemode() + 'noresize' +@@ -1407,7 +1363,6 @@ Appearance + of the shape's outline. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.shapesize() + (1.0, 1.0, 1) +@@ -1432,7 +1387,6 @@ Appearance + heading of the turtle are sheared. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.shape("circle") + >>> turtle.shapesize(5,2) +@@ -1449,7 +1403,6 @@ Appearance + change the turtle's heading (direction of movement). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.reset() + >>> turtle.shape("circle") +@@ -1469,7 +1422,6 @@ Appearance + (direction of movement). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.reset() + >>> turtle.shape("circle") +@@ -1495,7 +1447,6 @@ Appearance + turtle (its direction of movement). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.reset() + >>> turtle.shape("circle") +@@ -1524,7 +1475,6 @@ Appearance + given matrix. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle = Turtle() + >>> turtle.shape("square") +@@ -1540,7 +1490,6 @@ Appearance + can be used to define a new shape or components of a compound shape. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.shape("square") + >>> turtle.shapetransform(4, -1, 0, 2) +@@ -1565,7 +1514,6 @@ Using events + procedural way: + + .. doctest:: +- :skipif: _tkinter is None + + >>> def turn(x, y): + ... left(180) +@@ -1586,7 +1534,6 @@ Using events + ``None``, existing bindings are removed. + + .. doctest:: +- :skipif: _tkinter is None + + >>> class MyTurtle(Turtle): + ... def glow(self,x,y): +@@ -1614,7 +1561,6 @@ Using events + mouse-click event on that turtle. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.ondrag(turtle.goto) + +@@ -1642,7 +1588,6 @@ Special Turtle methods + Return the last recorded polygon. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.begin_poly() +@@ -1662,7 +1607,6 @@ Special Turtle methods + turtle properties. + + .. doctest:: +- :skipif: _tkinter is None + + >>> mick = Turtle() + >>> joe = mick.clone() +@@ -1675,7 +1619,6 @@ Special Turtle methods + return the "anonymous turtle": + + .. doctest:: +- :skipif: _tkinter is None + + >>> pet = getturtle() + >>> pet.fd(50) +@@ -1689,7 +1632,6 @@ Special Turtle methods + TurtleScreen methods can then be called for that object. + + .. doctest:: +- :skipif: _tkinter is None + + >>> ts = turtle.getscreen() + >>> ts +@@ -1707,7 +1649,6 @@ Special Turtle methods + ``None``, the undobuffer is disabled. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.setundobuffer(42) + +@@ -1717,7 +1658,6 @@ Special Turtle methods + Return number of entries in the undobuffer. + + .. doctest:: +- :skipif: _tkinter is None + + >>> while undobufferentries(): + ... undo() +@@ -1740,7 +1680,6 @@ below: + For example: + + .. doctest:: +- :skipif: _tkinter is None + + >>> s = Shape("compound") + >>> poly1 = ((0,0),(10,-5),(0,10),(-10,-5)) +@@ -1751,7 +1690,6 @@ below: + 3. Now add the Shape to the Screen's shapelist and use it: + + .. doctest:: +- :skipif: _tkinter is None + + >>> register_shape("myshape", s) + >>> shape("myshape") +@@ -1771,7 +1709,6 @@ Most of the examples in this section ref + ``screen``. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> screen = Screen() +@@ -1788,7 +1725,6 @@ Window control + Set or return background color of the TurtleScreen. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.bgcolor("orange") + >>> screen.bgcolor() +@@ -1880,7 +1816,6 @@ Window control + distorted. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.reset() + >>> screen.setworldcoordinates(-50,-7.5,50,7.5) +@@ -1891,7 +1826,6 @@ Window control + ... left(45); fd(2) # a regular octagon + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> screen.reset() +@@ -1913,7 +1847,6 @@ Animation control + Optional argument: + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.delay() + 10 +@@ -1935,7 +1868,6 @@ Animation control + :func:`delay`). + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.tracer(8, 25) + >>> dist = 2 +@@ -1972,7 +1904,6 @@ Using screen events + must have the focus. (See method :func:`listen`.) + + .. doctest:: +- :skipif: _tkinter is None + + >>> def f(): + ... fd(50) +@@ -1993,7 +1924,6 @@ Using screen events + must have focus. (See method :func:`listen`.) + + .. doctest:: +- :skipif: _tkinter is None + + >>> def f(): + ... fd(50) +@@ -2018,7 +1948,6 @@ Using screen events + named ``turtle``: + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.onclick(turtle.goto) # Subsequently clicking into the TurtleScreen will + >>> # make the turtle move to the clicked point. +@@ -2038,7 +1967,6 @@ Using screen events + Install a timer that calls *fun* after *t* milliseconds. + + .. doctest:: +- :skipif: _tkinter is None + + >>> running = True + >>> def f(): +@@ -2120,7 +2048,6 @@ Settings and special methods + ============ ========================= =================== + + .. doctest:: +- :skipif: _tkinter is None + + >>> mode("logo") # resets turtle heading to north + >>> mode() +@@ -2135,7 +2062,6 @@ Settings and special methods + values of color triples have to be in the range 0..*cmode*. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.colormode(1) + >>> turtle.pencolor(240, 160, 80) +@@ -2156,7 +2082,6 @@ Settings and special methods + do with a Tkinter Canvas. + + .. doctest:: +- :skipif: _tkinter is None + + >>> cv = screen.getcanvas() + >>> cv +@@ -2168,7 +2093,6 @@ Settings and special methods + Return a list of names of all currently available turtle shapes. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.getshapes() + ['arrow', 'blank', 'circle', ..., 'turtle'] +@@ -2192,7 +2116,6 @@ Settings and special methods + coordinates: Install the corresponding polygon shape. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.register_shape("triangle", ((5,-3), (0,5), (-5,-3))) + +@@ -2208,7 +2131,6 @@ Settings and special methods + Return the list of turtles on the screen. + + .. doctest:: +- :skipif: _tkinter is None + + >>> for turtle in screen.turtles(): + ... turtle.color("red") +@@ -2270,7 +2192,6 @@ Methods specific to Screen, not inherite + center window vertically + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.setup (width=200, height=200, startx=0, starty=0) + >>> # sets window to 200x200 pixels, in upper left of screen +@@ -2286,7 +2207,6 @@ Methods specific to Screen, not inherite + Set title of turtle window to *titlestring*. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.title("Welcome to the turtle zoo!") + +@@ -2357,7 +2277,6 @@ Public classes + Example: + + .. doctest:: +- :skipif: _tkinter is None + + >>> poly = ((0,0),(10,-5),(0,10),(-10,-5)) + >>> s = Shape("compound") +@@ -2743,7 +2662,6 @@ Changes since Python 3.0 + + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> for turtle in turtles(): diff --git a/pre_checkin.sh b/pre_checkin.sh new file mode 100644 index 0000000..a2cf992 --- /dev/null +++ b/pre_checkin.sh @@ -0,0 +1,78 @@ +#!/bin/bash + +export LC_ALL=C + +master=python*.spec + +# create import_failed.map from package definitions +pkgname=$(grep python_pkg_name $master |grep define |awk -F' ' '{print $3}') +MAPFILE=import_failed.map +function new_map_line () { + package=$1 + package=$(echo $1 |sed -e "s:%{python_pkg_name}:$pkgname:") + modules=$2 + if [ -z "$package" -o -z "$modules" ]; then + return + fi + if [[ "$package" =~ "-base" ]]; then + return + fi + echo "$package:$modules" >> $MAPFILE.tmp +} + +for spec in *.spec; do + basename=${spec%.spec} + package= + modules= + while read line; do + case $line in + "%files -n "*) + new_map_line $package "$modules" + package=${line#"%files -n "} + modules= + ;; + "%files "*) + new_map_line $package "$modules" + package=$basename-${line#"%files "} + modules= + ;; + "%files") + new_map_line $package "$modules" + package=$basename + modules= + ;; + "%{sitedir}/config-"*) + # ignore + ;; + "%{sitedir}/"*) + word=${line#"%{sitedir}/"} + if ! echo $word | grep -q /; then + modules="$modules $word" + fi + ;; + "%{dynlib "*"}") + word=${line#"%{dynlib "} + word=${word%"}"} + modules="$modules $word" + ;; + esac + done < $spec + new_map_line $package "$modules" +done + +cat $MAPFILE.tmp |sort -u > $MAPFILE +rm $MAPFILE.tmp + +# run test inclusion check +tar xJf Python-*.xz +python3 skipped_tests.py + +# generate baselibs.conf +VERSION=$(grep ^Version $master|awk -F':' '{print $2}' |sed -e 's/ //g') +python_version=${VERSION:0:3} # 3.3 +python_version_abitag=${python_version//./} # 33 +python_version_soname=${python_version//./_} # 3_3 +echo "$pkgname-base" > baselibs.conf +echo "$pkgname" >> baselibs.conf +echo "libpython$python_version_soname-1_0" >> baselibs.conf + diff --git a/python-3.3.0b1-fix_date_time_compiler.patch b/python-3.3.0b1-fix_date_time_compiler.patch new file mode 100644 index 0000000..cda20d7 --- /dev/null +++ b/python-3.3.0b1-fix_date_time_compiler.patch @@ -0,0 +1,27 @@ +--- + Makefile.pre.in | 7 +++++++ + 1 file changed, 7 insertions(+) + +Index: Python-3.11.8/Makefile.pre.in +=================================================================== +--- Python-3.11.8.orig/Makefile.pre.in ++++ Python-3.11.8/Makefile.pre.in +@@ -1240,11 +1240,18 @@ Modules/getbuildinfo.o: $(PARSER_OBJS) \ + $(DTRACE_OBJS) \ + $(srcdir)/Modules/getbuildinfo.c + $(CC) -c $(PY_CORE_CFLAGS) \ ++ -DDATE="\"`date -u -r Makefile.pre.in +"%b %d %Y"`\"" \ ++ -DTIME="\"`date -u -r Makefile.pre.in +"%T"`\"" \ + -DGITVERSION="\"`LC_ALL=C $(GITVERSION)`\"" \ + -DGITTAG="\"`LC_ALL=C $(GITTAG)`\"" \ + -DGITBRANCH="\"`LC_ALL=C $(GITBRANCH)`\"" \ + -o $@ $(srcdir)/Modules/getbuildinfo.c + ++Python/getcompiler.o: $(srcdir)/Python/getcompiler.c Makefile ++ $(CC) -c $(PY_CORE_CFLAGS) \ ++ -DCOMPILER='"[GCC]"' \ ++ -o $@ $(srcdir)/Python/getcompiler.c ++ + Modules/getpath.o: $(srcdir)/Modules/getpath.c Python/frozen_modules/getpath.h Makefile $(PYTHON_HEADERS) + $(CC) -c $(PY_CORE_CFLAGS) -DPYTHONPATH='"$(PYTHONPATH)"' \ + -DPREFIX='"$(prefix)"' \ diff --git a/python-3.3.0b1-localpath.patch b/python-3.3.0b1-localpath.patch new file mode 100644 index 0000000..475497e --- /dev/null +++ b/python-3.3.0b1-localpath.patch @@ -0,0 +1,13 @@ +Index: Python-3.11.8/Lib/site.py +=================================================================== +--- Python-3.11.8.orig/Lib/site.py ++++ Python-3.11.8/Lib/site.py +@@ -77,7 +77,7 @@ import io + import stat + + # Prefixes for site-packages; add additional prefixes like /usr/local here +-PREFIXES = [sys.prefix, sys.exec_prefix] ++PREFIXES = [sys.prefix, sys.exec_prefix, '/usr/local'] + # Enable per user site-packages directory + # set it to False to disable the feature or True to force the feature + ENABLE_USER_SITE = None diff --git a/python-3.3.0b1-test-posix_fadvise.patch b/python-3.3.0b1-test-posix_fadvise.patch new file mode 100644 index 0000000..ac5d553 --- /dev/null +++ b/python-3.3.0b1-test-posix_fadvise.patch @@ -0,0 +1,17 @@ +--- + Lib/test/test_posix.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +Index: Python-3.11.8/Lib/test/test_posix.py +=================================================================== +--- Python-3.11.8.orig/Lib/test/test_posix.py ++++ Python-3.11.8/Lib/test/test_posix.py +@@ -430,7 +430,7 @@ class PosixTester(unittest.TestCase): + def test_posix_fadvise(self): + fd = os.open(os_helper.TESTFN, os.O_RDONLY) + try: +- posix.posix_fadvise(fd, 0, 0, posix.POSIX_FADV_WILLNEED) ++ posix.posix_fadvise(fd, 0, 0, posix.POSIX_FADV_RANDOM) + finally: + os.close(fd) + diff --git a/python.keyring b/python.keyring new file mode 100644 index 0000000..747bc27 --- /dev/null +++ b/python.keyring @@ -0,0 +1,109 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBFq+ToQBEADRYvIVtbK6owynD3j3nxwpW2KEk/p+aDvtXmc2SR2dBcZ8sFW2 +R5vEsG8d3/D3wgv5pcL3KfNNXQYUnXVbobrFUUWQYc79qIsE3MgiPf5NVOtwKPUR +i5g9YJgKvpBxkQfqp3LYGm9ZBtwo3DVLA3yn7KsazCmAgTNFJYw7ku1XxgmIzY6K +5J30DfbJiqDqj4f9GslCCCCH3qiPnuLG/HUyVLHMpbWlaiy9NI0GcaLxjJewHj9w +W2D2lydkxe5JGo7egUkV3ILcuLVSVKA35SKY27dYqfuyqp9tAzaRbjDYjsYdHA6G +BqrNrKBn/GwlFDPrVdcvN3ZSY2wMLTxWE3Axc/FweuHxFnou/80FwX7F3JD+oEQ6 +rofmcxOBCC7J98I7HZAhP9jBn88XIS2hztbLq8d6rZJZRtcz0k61VR0ddO+TrFmf +9rMYCPgCckRtVxeFIVIabrN1IzKynLFeo040h8hSGswd6YKDOVwjJY6Oa6EmVefZ +a8QSt4+M65RSzH6SEPY008F3nJUAK6MEkzTak+tFltZNrVWu8p2xd1j9nmxAwEhZ +/lgbxLqzYgaUWmfyHeZ8yVA0MhHzdiAL8nVUEdG3KecIq0RWCJLGLWWIjd6KAJl1 +yAmhRYKK/sjPDsL3elHsFACfZbyx3o5GGQNlas1FYoPLWbaNGaJtgFTF2QARAQAB +tCtQYWJsbyBHYWxpbmRvIFNhbGdhZG8gPHBhYmxvZ3NhbEBnbWFpbC5jb20+iQJO +BBMBCgA4FiEEoDXIwZIZuoIezqhrZOYo+NaEaW0FAlq+ToQCGwMFCwkIBwMFFQoJ +CAsFFgIDAQACHgECF4AACgkQZOYo+NaEaW2bmA/+PXIap2udLoUVOHxnsIBdqYwp +sv1Aj5lfIJmNhmxPbHShwp1Jg+w4urxe+2Dj5ofKVlIo1i83bQkvnKJMDXDVuc/K +P6zqhBJ3rT4Q3qx2mzX8bIfQoJ2JHuH4lkP+I7doDcHHRyeNASyk72VdQmU4twNw +Ibn8nSNV6ThKHdoPYzVnO2rZUFcGIqH5HNsvR+B7cc1MBCHsgURYwSVhSePIFGlZ +iasdBD6QQkDSe4QWi7AcJFWFElw4kbOKJWxAWsrEk+tMXJVGRjnmL289EmPCx/vx +BqKy7Mse0yWCSRR3vB+O6TB1S5SgEyEgqlYsfGNv1qf/rfRD4KkyCbNU3LhY1Aim +vJP4pDW+KFxTk2Ks8vrx8gOSd2aFqPeO/pFDrpsF7PD62XwsfoXu4xc5V0Giw7r1 +Nai0nax7kOrldNF8TbbtRjW0jmoC7wLIDujAkwDIOroZ0CXA3N4HVHdSbrHm/urX +nyxJXupXAQNwGx64JCBcbF2fp3Kvu1VAXBEFnd01KaopthHcbG5pA50Kl2Vhe+98 +OdezUX42fHkQpQkB7HgtXfm6W1bw6YRBamrNvs1OoHBYmUjlECpe566IIu25Hc8s +x3qA+6eca7iqizyLG+WyMT8ZIYTWGAS59jxwR4esqGczbbZPSAPHFwLbGv7Wr0Rd +TPu5B0FcKpDkTd4IxQW5Ag0EWr5O2gEQAMjLe4CtbSfofmJrz5wfNkMVsZ81Gbqe +MoYd3dtkJnQYERUj8flzBj3ucaxGJ+Cuf7ybh3naPopKvEI1q0vkcgCDqrEgXK// +jKJbP28uPSMGhOG28q4PbamG55gy5FtM3ezzAxPWWKe9qBpV65GMmFy7eBQx2iJs +yiDIOOQQ4kraS+cTqNFimEXAGLCOQRNLcwIZzwAAHoW7HEpNUfVwaBD9kMlbo1ND +I60IKcNrNcmcmRxhJqfxjj8YBMwcKHO6GBE3AVpaE/+UO9zyr4TH+0YuQUgxKlPW +Dkg5XlkDo0S1GyLY5e9ckIDIlkTdDa2pOkoE2yB5MQCEga3YiHrKUVTTWaxn9XVJ +6x5ZjUF6bgSWGkrG5dUqSYoO1iDMuNVjtiujNyf/rvfj5cNxS7/lgxchhQKZHZXL +WVqxlneeVJ6s0P4+ROVG9ga2Sve7aUJ6wXIewZwulBcV2sE/W/DgxHgLBi53CUQt +vEzFzKvo48GnDqL5VYjA7l0HMYHd4GksCLi8E8U6Cgj+imXiM8voL7pHRZfs8mY8 +udR+UT4e1Scl2MYP2qBJ9/17B/X52B3s1EZdqI/r+hfOyqrhPs+dbAN0mtMPn68+ +nrvY1+nscvrSYEP6ZBlc9Hp2mgJdb6IcTvINXBEeLRjgc3pjViva443pkiFp9Axm +ecOckMKP3uSlABEBAAGJBGwEGAEKACAWIQSgNcjBkhm6gh7OqGtk5ij41oRpbQUC +Wr5O2gIbAgJACRBk5ij41oRpbcF0IAQZAQoAHRYhBM/cokWxBDzypfl4Zf/odAQW +i9hHBQJavk7aAAoJEP/odAQWi9hHr7YP/RCLre1CmOoWYpAtoa1yVCeYMDV6eQgL +B488/BEZHQE1zbrYy16XkhORob3JF/kUMjmJW7XaFF8FrWvRcdj/xaUGbOOEulKg +v+8zWfswYQRiZ4/JlwER4vRLi6fTE89MVER6Fkj2ASD4D2cifY+EztD4flV3sq3s +vIogGFaN9IvdrdeptOVGXs1RmAyoTsiS2mKQ6xsGh8B9ZAm55W8fBOGiSzLX21Xk +Ofdw53BrFQxn3cu/JgIKpdeZxgukcvEAI62B6X+YL6Na4j0eqEGLzsNtU1+xeJlo +WtVvmRwnRHGSxF6fzIZ3mk/p/aFiXAEq/xITCTY6tDv7x7pFE/RpdlJZyNJ+R5Y4 +SQiuDsylxNCa/4G5EB6q+7iVYtbEQ9MnZg2phowEE42tlj0rz8/rvDK3LH3xibot +KHIodCWKlWByxH99u2PuHUQ0c1oCVBUE1KkruMpvI236DpU/dvdq4JLSg/fWrys/ +VIjqLZgsIE5g/KO9XqngWHkLcBLh4CNAmHJ8Iia+s+/rfgsejQWB5uJb6eYg2JjB +4WP1EI0rULM6fdrCNB+MJ36wE2Lnb4bfT0phOMgjjH5/Ki7ZCbkxkOsBs4SRjiS+ +weCsmpAtMqodWY/Cnw9pWSA/qLSRD5/mKeb9SO6OZ/OPfAatwnGHsvZ2sAueC6rR +04W5BfXZWrnJUXQP/id/EKE1Ksp5fKoxSCbkKTCig+Sf5Afwe36yFN+niZBqzn5b +BgL/HIKaZM97oDHersPPANeEgS+JVlBf95iKIYnQbZP43FLVbvOuaINhBIVtFO54 +2Y7EYwl41kP7ILDElVy36KAmdQyBAfrjnZiRA70xShOxApLug1L0lxhR3YfmLwNi +RJ0V6KnYDKf0pfdhO9VFyFFWUojX1usn2SmSsXNizsNtvRqHXzPnX0rbJzZ9+N4O +9k1nxygYFG/2R/jGonVmTjRzcAHrAkNJETMWXMA7/8wRMDwluz8j+cCldey9x8Vk +JwgLGnZSbQtVpcFAnm5r/36Gt+9wc1VWMyrUrVr6Z679aqAbG7PMaeR5h5ygMj1k +VqRTYAUPSk1f8bZKRssQkQwEbp9dVIjm9SsR8VT7/tB+UuB85dABxgHfv3psJRT+ +tL8g9V7kSZqQfcLNGmvEVvr2Zl9NtxwXtsFM2OBprxCenwb+e9Ppm1LjfJG/NE72 +mAnOERfDaiLt4bqNo36Ei5sGCJ4Fx61phzNBXzkdRNM47i8J5UZRKFkE91c99BVM +HKUaY61NRK24fR0zP98ftDU82YFw0VRFJpTeBrO5ivN1MlQxUPzUWxKxMxO+20wa +UOXroEw11Tb4SRLGOla1pCl6lCUPJRy9IzadPDgTr/OTMkob/snt/XLdnV5/uQIN +BFq+TvoBEAC8Oy1g6pPWBbrCMhIq7VWY2fjylJ1fwg5BPXkOKVK1dsGYO4QD7oW9 +L0aSqcFSNFGF9Cl0Ri4TFXZC3hnG4HeSXUWApuKdBLn21H3jba36Ay1oGcGfdm0v +Zght4c6BlMVBpGCw2wIkJbUNEy6InMM+O8CCbbaH3iJkJ4141P7pODHignx5AmZI +conMui4YOhC+IXQXynVEv1Juk7erB1Nh1RcRvsA4lb44HWx49lIwe85ejOmoZ0O3 +6f9NJRer6bV0+rHWmg4IV5Q9h/Gn4IhEDZxA0DZl1RQI7dMgaMbIFbXGq7Kgzstz +EUnOoy29hXodxVmwIsMrAiQUYtwJ9hW+ESsw47+W2iPHVgviGWl7r/SgcgMYmf6m +5kiTBtwU7BQPS9G3zwwP2Rm3AA/6g39Q+tQKjOwi1I8+GZsY2On44Zly7BreBNg5 +4gJgdAGcMOYU9etr050clH3UpTYcAEtX++ahtOKhJgLIPNcIAQNlnifqvU0VYpgw +R4YpZ7hgg+AVDzC73PIM0lFI0XiDuqChbxE+K1jmLXWe5iJF0dzgVTwP+PmsifNZ +Wg3+YxSsS+hDMPQ2xPiQN49gT4JJDHcDuyhHyCGYgyMiVJCsku9KrkubbfVRivyN +ZF2Zfo3f+nbrRxsftz0yjAq8byCvb0V0XOpt4pJ/ddlug9ytRxALNwARAQABiQI2 +BBgBCgAgFiEEoDXIwZIZuoIezqhrZOYo+NaEaW0FAlq+TvoCGwwACgkQZOYo+NaE +aW3urA//UQ/cKQ7HvWjcLphzQOZc+6m5YL0wxvZkSjemU7mqjZdpacteIvRAoers +EqXHc208liIBtNfRzoreXdcXNzie65xXkrRnWoHVH/fTWy4lOnHr2CMXLeHjUgg/ +M6PYi8+sARm05YFB8nsYhlhx3IdLhcfeVVbJedQKO0yL3CK1okT30DUVq5Lq6X/K +DC6AxuJR3D6UMSoT0WLaoX8qbhAp88qLynInfBVL18d97h916WPLTPeP0eHwhwND +bYtKDCMDuKQ9XX5+QsNH0RmbxlX274LHrUMMvkLKxcfCBvP+iuqrBeIuoeVzXYJZ +j7ZJtEH79bW44eecl/CY/STFYgSQ2XGTp2BI2q60wAmtKlNhwxY5ena0FgyFl6Tm +5OBHW/Pwo+ndQJGfbrCyWkTgRay9c8er3gl3GQYIBH6X0kCiG7h/Epj0b5CHOPU5 +hCw0kEB8MB4poTIjeiY+Q01472/lQ68CL3DX158hR5d3XaPSIxAN+qFsfB1o316p +yjxhfK1MD/IfrOgjlggPPnc/KmLkCzpgdwKcZwLCdZq9hYBvF1Zs34HbaVMYbWTK +uxLowtXGU43vatCXXqmPOvl4/g4tZD6rysJDgOrHQnEHzT+Napn07s0BRC0IbbNn +FynUrkr5KMSuRz7Hg7xMApENOrb0nqdHSUJ914ZpuMIS6RhJgGu5Ag0EWr5PIAEQ +ALfh9vPD2B+miHDTMADI8aRZ7g9tnzynZYkk3+2sCiiusetsQQ+HIPJ/ASEJB7On +ane9dyT/LTRhrK9qaxgVMimk2COXB/xyh7Mnw7nJgFU0aRSbtX0vbvQz2suSzrQ6 +9mPKzan28JGoClqB0bw1vwf3VjjxHV2dgD57CmqFPv7kAC/2a56dE+etzXattZAL ++2JWTpmfQ0ePRRadtBm0VahQhnU8x0+jvAVrEawqpVW83ozYFyW/0WInM2J7jHgQ +16OosY4lj5L/DxpVxaArhRFoRfWPXfC37iE8Mou/I95isvPQIhp1wTo4jG0KM02B +oIVbp/QRNBQ6WtpOzvJs1gqQiJJTfqbKJXQ3NDEY9crpVS83HJ+Zv99PNsyNkFjG +QpU84U3ZhsI4ygjdY45mpZueqI1RVcRQdu8Hgvoo/78Q/Sir6gMGop3mVdVo2guI +kFcJrXh0Xk3ech4aVqrmKx/mPXGwOAQU0DAul4RW3fKg1QxQE7Tlw3+95Ee/+q5j +HARL0uDbCJpRO8Sl8NDEuL32n/2Ot6kQeCSHrU7KJRYAkTxkKvr8zNow7hFhHFPE +SnHvTnskI6noh0VY6NwMhmLvhm0wKkRxZPzUNc3sgLvbK1NymIZ9aKCZamzhZrmG +vnblEz/OSLwGUua465H3hM1vvBQiartj7+6ZqWIkSmBPABEBAAGJAjYEGAEKACAW +IQSgNcjBkhm6gh7OqGtk5ij41oRpbQUCWr5PIAIbIAAKCRBk5ij41oRpbWmeEACG ++axtDC8UoNp9ORiYwEWLzZWDuugE+ah7DYYGD4Vs633FXVZW3SgM/bFtJ/0Lg8CF +74jI4LMHyIjDzEjcoItwnhBLix+kUoJTvrY58GPydwekLuw1p4KXLqtRs4fsZbNQ +YTknl4jYtRWoxO98x7tun7Gq2gqmJkIB2uj630fKz5cBk6p6oDFKjzyrHe+V7BiK +3okQPaD4x7hq8OnTy7lOy92ZZAqztS4tNEb4DkYW1MpuwsJ7hbBZitc1siI+FVVb +GjVVGZz6ssXoW67Tz8+VxdWJxNLXlv27eMcj4sme5S0th/YYNA5fRRv6zuzqZAru +YNGLpYYU7JLvZJ+3lCwa5j5ycOGBF0GvsGs6gj6h+CHkjR/BgzAgWC+GgUgslt6q +aH04rWtV6rVz+Y91LcrX5P6OM4anmXD3Gp3kl35AypXb4KyASF19+11RUziD4Z7q +wQEWfbwOltNyZv2lD8s2jPr7P02axWRQUbZAEhxRmvOQev/FZPyCF6gqUo/HxRbQ +y3bzmnipyHSv1DlXNfCFCHvN8kGyZnRWARqIKRg+j9ediJgOUqlLhg6KmrTVxd5v +3Dfv52PW2UODDTM20s3cQGuX/UswzMRwPI/+P44iCMwEKdm7duM/5oisZT9Vhy7g +P15MreFZLcZvUVgjqgy0u57cstyGK1Bo9e2sFcK2fA== +=6Zb4 +-----END PGP PUBLIC KEY BLOCK----- diff --git a/python311-rpmlintrc b/python311-rpmlintrc new file mode 100644 index 0000000..5b35f34 --- /dev/null +++ b/python311-rpmlintrc @@ -0,0 +1,3 @@ +addFilter("pem-certificate.*/usr/lib.*/python.*/test/*.pem") +addFilter("devel-file-in-non-devel-package.*/usr/lib.*/python.*/tests/*.c") +addFilter("devel-file-in-non-devel-package.*/usr/lib.*/python.*/test/*.cpp") diff --git a/python311.changes b/python311.changes new file mode 100644 index 0000000..f3694cf --- /dev/null +++ b/python311.changes @@ -0,0 +1,5570 @@ +------------------------------------------------------------------- +Fri Apr 11 08:54:19 UTC 2025 - Matej Cepl + +- Update to 3.11.12: + - gh-131809: Update bundled libexpat to 2.7.1 + - gh-131261: Upgrade to libexpat 2.7.0 + - gh-105704: When using urllib.parse.urlsplit() and + urllib.parse.urlparse() host parsing would not reject domain + names containing square brackets ([ and ]). Square brackets + are only valid for IPv6 and IPvFuture hosts according to RFC + 3986 Section 3.2.2 (bsc#1236705, CVE-2025-0938, + gh#python/cpython#105704). + - gh-121284: Fix bug in the folding of rfc2047 encoded-words + when flattening an email message using a modern email + policy. Previously when an encoded-word was too long for + a line, it would be decoded, split across lines, and + re-encoded. But commas and other special characters in the + original text could be left unencoded and unquoted. This + could theoretically be used to spoof header lines using a + carefully constructed encoded-word if the resulting rendered + email was transmitted or re-parsed. + - gh-80222: Fix bug in the folding of quoted strings + when flattening an email message using a modern email + policy. Previously when a quoted string was folded so that + it spanned more than one line, the surrounding quotes and + internal escapes would be omitted. This could theoretically + be used to spoof header lines using a carefully constructed + quoted string if the resulting rendered email was transmitted + or re-parsed. + - gh-119511: Fix a potential denial of service in the imaplib + module. When connecting to a malicious server, it could + cause an arbitrary amount of memory to be allocated. On many + systems this is harmless as unused virtual memory is only + a mapping, but if this hit a virtual address size limit + it could lead to a MemoryError or other process crash. On + unusual systems or builds where all allocated memory is + touched and backed by actual ram or storage it could’ve + consumed resources doing so until similarly crashing. + - gh-127257: In ssl, system call failures that OpenSSL reports + using ERR_LIB_SYS are now raised as OSError. + - gh-121277: Writers of CPython’s documentation can now use + next as the version for the versionchanged, versionadded, + deprecated directives. + - gh-106883: Disable GC during the _PyThread_CurrentFrames() + and _PyThread_CurrentExceptions() calls to avoid the + interpreter to deadlock. +- Remote upstreamed patch: + - CVE-2025-0938-sq-brackets-domain-names.patch + +------------------------------------------------------------------- +Wed Mar 12 15:05:46 UTC 2025 - Bernhard Wiedemann + +- Allow to disable PGO + +------------------------------------------------------------------- +Mon Mar 10 15:44:31 UTC 2025 - Bernhard Wiedemann + +- Skip PGO with %want_reproducible_builds (bsc#1239210) + +------------------------------------------------------------------- +Tue Feb 4 14:43:13 UTC 2025 - Matej Cepl + +- Add CVE-2025-0938-sq-brackets-domain-names.patch which + disallows square brackets ([ and ]) in domain names for parsed + URLs (bsc#1236705, CVE-2025-0938, gh#python/cpython#105704) + +------------------------------------------------------------------- +Mon Jan 27 09:00:48 UTC 2025 - Daniel Garcia + +- Configure externally_managed with a bcond + https://en.opensuse.org/openSUSE:Python:Externally_managed + bsc#1228165 + +------------------------------------------------------------------- +Wed Dec 4 21:40:41 UTC 2024 - Matej Cepl + +- Update to 3.11.11: + - Tools/Demos + - gh-123418: Update GitHub CI workflows to use OpenSSL 3.0.15 + and multissltests to use 3.0.15, 3.1.7, and 3.2.3. + - Tests + - gh-125041: Re-enable skipped tests for zlib on the + s390x architecture: only skip checks of the compressed + bytes, which can be different between zlib’s software + implementation and the hardware-accelerated implementation. + - Security + - gh-126623: Upgrade libexpat to 2.6.4 + - gh-122792: Changed IPv4-mapped ipaddress.IPv6Address to + consistently use the mapped IPv4 address value for deciding + properties. Properties which have their behavior fixed are + is_multicast, is_reserved, is_link_local, is_global, and + is_unspecified. + - Library + - gh-124651: Properly quote template strings in venv + activation scripts (bsc#1232241, CVE-2024-9287). +- Removed upstreamed patches: + - CVE-2024-9287-venv_path_unquoted.patch + +------------------------------------------------------------------- +Tue Dec 3 08:21:35 UTC 2024 - John Paul Adrian Glaubitz + +- Add add-loongarch64-support.patch to support loongarch64 + +------------------------------------------------------------------- +Mon Dec 2 22:50:07 UTC 2024 - Matej Cepl + +- Fix changelog + +------------------------------------------------------------------- +Mon Nov 11 12:43:40 UTC 2024 - Daniel Garcia + +- Remove -IVendor/ from python-config boo#1231795 + +------------------------------------------------------------------- +Fri Nov 1 16:32:10 UTC 2024 - Matej Cepl + +- Add CVE-2024-9287-venv_path_unquoted.patch to properly quote + path names provided when creating a virtual environment + (bsc#1232241, CVE-2024-9287) + +------------------------------------------------------------------- +Wed Oct 2 16:18:29 UTC 2024 - Matej Cepl + +- Drop .pyc files from docdir for reproducible builds + (bsc#1230906). + +------------------------------------------------------------------- +Mon Sep 9 16:53:07 UTC 2024 - Matej Cepl + +- Update to 3.11.10: + - Security + - gh-123678: Upgrade libexpat to 2.6.3 + - gh-121957: Fixed missing audit events around interactive + use of Python, now also properly firing for ``python -i``, + as well as for ``python -m asyncio``. The event in question + is ``cpython.run_stdin``. + - gh-122133: Authenticate the socket connection for the + ``socket.socketpair()`` fallback on platforms where + ``AF_UNIX`` is not available like Windows. Patch by + Gregory P. Smith and Seth Larson + . Reported by Ellie + - gh-121285: Remove backtracking from tarfile header parsing + for ``hdrcharset``, PAX, and GNU sparse headers + (bsc#1230227, CVE-2024-6232). + - gh-118486: :func:`os.mkdir` on Windows now accepts + *mode* of ``0o700`` to restrict the new directory to + the current user. This fixes CVE-2024-4030 affecting + :func:`tempfile.mkdtemp` in scenarios where the base + temporary directory is more permissive than the default. + - gh-116741: Update bundled libexpat to 2.6.2 + - Library + - gh-123270: Applied a more surgical fix for malformed + payloads in :class:`zipfile.Path` causing infinite loops + (gh-122905) without breaking contents using legitimate + characters (bsc#1229704, CVE-2024-8088). + - gh-123067: Fix quadratic complexity in parsing ``"``-quoted + cookie values with backslashes by :mod:`http.cookies` + (bsc#1229596, CVE-2024-7592). + - gh-122905: :class:`zipfile.Path` objects now sanitize names + from the zipfile. + - gh-121650: :mod:`email` headers with embedded newlines are + now quoted on output. The :mod:`~email.generator` will now + refuse to serialize (write) headers that are unsafely folded + or delimited; see :attr:`~email.policy.Policy.verify_generated_headers`. + (Contributed by Bas Bloemsaat and Petr Viktorin in + :gh:`121650`; CVE-2024-6923, bsc#1228780). + - gh-119506: Fix :meth:`!io.TextIOWrapper.write` method + breaks internal buffer when the method is called again + during flushing internal buffer. + - gh-118643: Fix an AttributeError in the :mod:`email` module + when re-fold a long address list. Also fix more cases of + incorrect encoding of the address separator in the address + list. + - gh-113171: Fixed various false positives and false + negatives in * :attr:`ipaddress.IPv4Address.is_private` + (see these docs for details) * + :attr:`ipaddress.IPv4Address.is_global` * + :attr:`ipaddress.IPv6Address.is_private` * + :attr:`ipaddress.IPv6Address.is_global` Also in the + corresponding :class:`ipaddress.IPv4Network` and + :class:`ipaddress.IPv6Network` attributes. + Fixes bsc#1226448 (CVE-2024-4032). + - gh-102988: :func:`email.utils.getaddresses` and + :func:`email.utils.parseaddr` now return ``('', '')`` + 2-tuples in more situations where invalid email addresses + are encountered instead of potentially inaccurate + values. Add optional *strict* parameter to these two + functions: use ``strict=False`` to get the old behavior, + accept malformed inputs. ``getattr(email.utils, + 'supports_strict_parsing', False)`` can be use to check if + the *strict* paramater is available. Patch by Thomas Dwyer + and Victor Stinner to improve the CVE-2023-27043 fix + (bsc#1210638). + - gh-67693: Fix :func:`urllib.parse.urlunparse` and + :func:`urllib.parse.urlunsplit` for URIs with path starting + with multiple slashes and no authority. Based on patch by + Ashwin Ramaswami. + - Core and Builtins + - gh-112275: A deadlock involving ``pystate.c``'s + ``HEAD_LOCK`` in ``posixmodule.c`` at fork is now + fixed. Patch by ChuBoning based on previous Python 3.12 fix + by Victor Stinner. + - gh-109120: Added handle of incorrect star expressions, e.g + ``f(3, *)``. Patch by Grigoryev Semyon +- Removed upstreamed patches: + - CVE-2023-27043-email-parsing-errors.patch + - CVE-2024-4032-private-IP-addrs.patch + - CVE-2024-6923-email-hdr-inject.patch + - CVE-2024-8088-inf-loop-zipfile_Path.patch + (renamed from CVE-2024-8088-zipfile-Path-sanitization.patch) + - CVE-2024-6232-ReDOS-backtrack-tarfile.patch + - CVE-2024-7592-quad-complex-cookies.patch + +------------------------------------------------------------------- +Mon Sep 2 09:44:26 UTC 2024 - Matej Cepl + +- Add gh120226-fix-sendfile-test-kernel-610.patch to avoid + failing test_sendfile_close_peer_in_the_middle_of_receiving + tests on Linux >= 6.10 (GH-120227). + +------------------------------------------------------------------- +Wed Aug 28 16:54:34 UTC 2024 - Matej Cepl + +- Add CVE-2024-8088-inf-loop-zipfile_Path.patch to prevent + malformed payload to cause infinite loops in zipfile.Path + (bsc#1229704, CVE-2024-8088). + +------------------------------------------------------------------- +Wed Aug 7 12:12:42 UTC 2024 - Matej Cepl + +- Add CVE-2024-6923-email-hdr-inject.patch to prevent email + header injection due to unquoted newlines (bsc#1228780, + CVE-2024-6923). +- %{profileopt} variable is set according to the variable + %{do_profiling} (bsc#1227999) + +------------------------------------------------------------------- +Mon Jul 22 21:20:55 UTC 2024 - Matej Cepl + +- Remove %suse_update_desktop_file macro as it is not useful any + more. + +------------------------------------------------------------------- +Thu Jul 18 22:37:07 UTC 2024 - Matej Cepl + +- Adding bso1227999-reproducible-builds.patch fixing bsc#1227999 + adding reproducibility patches from gh#python/cpython!121872 + and gh#python/cpython!121883. + +------------------------------------------------------------------- +Mon Jul 15 12:14:05 UTC 2024 - Matej Cepl + +- Stop using %%defattr, it seems to be breaking proper executable + attributes on /usr/bin/ scripts (bsc#1227378). + +------------------------------------------------------------------- +Tue Jul 2 10:32:58 UTC 2024 - Daniel Garcia + +- Update F00251-change-user-install-location.patch to make pip and + modern tools install directly in /usr/local when used by the user. + bsc#1225660 + +------------------------------------------------------------------- +Tue Jun 25 21:57:40 UTC 2024 - Matej Cepl + +- Add CVE-2024-4032-private-IP-addrs.patch to fix bsc#1226448 + (CVE-2024-4032) rearranging definition of private v global IP + addresses. + +------------------------------------------------------------------- +Wed May 1 08:39:08 UTC 2024 - Matej Cepl + +- Update CVE-2023-52425-libexpat-2.6.0-backport.patch + so that it uses features sniffing, not just + comparing version number. Include also + support-expat-CVE-2022-25236-patched.patch. +- Add CVE-2023-52425-remove-reparse_deferral-tests.patch skipping + failing tests. +- Refresh patches: + - CVE-2023-27043-email-parsing-errors.patch + - fix_configure_rst.patch + - skip_if_buildbot-extend.patch +- Remove included patch: + - support-expat-CVE-2022-25236-patched.patch + +------------------------------------------------------------------- +Mon Apr 15 10:31:32 UTC 2024 - Daniel Garcia + +- Add CVE-2023-52425-libexpat-2.6.0-backport.patch to fix tests with + patched libexpat below 2.6.0 that doesn't update the version number, + just in SLE. + +------------------------------------------------------------------- +Mon Apr 8 05:44:04 UTC 2024 - Daniel Garcia + +- Remove not needed upstream patches: + * libexpat260.patch + * CVE-2023-6597-TempDir-cleaning-symlink.patch, bsc#1219666 + * CVE-2024-0397-memrace_ssl.SSLContext_cert_store.patch + +- Update to 3.11.9: + * Security + - gh-115398: Allow controlling Expat >=2.6.0 reparse deferral + (CVE-2023-52425, bsc#1219559) by adding five new methods: + xml.etree.ElementTree.XMLParser.flush() + xml.etree.ElementTree.XMLPullParser.flush() + xml.parsers.expat.xmlparser.GetReparseDeferralEnabled() + xml.parsers.expat.xmlparser.SetReparseDeferralEnabled() + xml.sax.expatreader.ExpatParser.flush() + - gh-115399: Update bundled libexpat to 2.6.0 + - gh-115243: Fix possible crashes in collections.deque.index() + when the deque is concurrently modified. + - gh-114572: ssl.SSLContext.cert_store_stats() and + ssl.SSLContext.get_ca_certs() now correctly lock access to the + certificate store, when the ssl.SSLContext is shared across + multiple threads (bsc#1226447, CVE-2024-0397). + * Core and Builtins + - gh-116296: Fix possible refleak in object.__reduce__() internal + error handling. + - gh-116034: Fix location of the error on a failed assertion. + - gh-115823: Properly calculate error ranges in the parser when + raising SyntaxError exceptions caused by invalid byte sequences. + Patch by Pablo Galindo + - gh-112087: For an empty reverse iterator for list will be + reduced to reversed(). Patch by Donghee Na. + - gh-115011: Setters for members with an unsigned integer type now + support the same range of valid values for objects that has a + __index__() method as for int. + - gh-96497: Fix incorrect resolution of mangled class variables + used in assignment expressions in comprehensions. + * Library + - gh-117310: Fixed an unlikely early & extra Py_DECREF triggered + crash in ssl when creating a new _ssl._SSLContext if CPython was + built implausibly such that the default cipher list is empty or + the SSL library it was linked against reports a failure from its + C SSL_CTX_set_cipher_list() API. + - gh-117178: Fix regression in lazy loading of self-referential + modules, introduced in gh-114781. + - gh-117084: Fix zipfile extraction for directory entries with the + name containing backslashes on Windows. + - gh-117110: Fix a bug that prevents subclasses of typing.Any to + be instantiated with arguments. Patch by Chris Fu. + - gh-90872: On Windows, subprocess.Popen.wait() no longer calls + WaitForSingleObject() with a negative timeout: pass 0 ms if the + timeout is negative. Patch by Victor Stinner. + - gh-116957: configparser: Don’t leave ConfigParser values in an + invalid state (stored as a list instead of a str) after an + earlier read raised DuplicateSectionError or + DuplicateOptionError. + - gh-90095: Ignore empty lines and comments in .pdbrc + - gh-116764: Restore support of None and other false values in + urllib.parse functions parse_qs() and parse_qsl(). Also, they + now raise a TypeError for non-zero integers and non-empty + sequences. + - gh-116811: In PathFinder.invalidate_caches, delegate to + MetadataPathFinder.invalidate_caches. + - gh-116600: Fix repr() for global Flag members. + - gh-116484: Change automatically generated tkinter.Checkbutton + widget names to avoid collisions with automatically generated + tkinter.ttk.Checkbutton widget names within the same parent + widget. + - gh-116401: Fix blocking os.fwalk() and shutil.rmtree() on + opening named pipe. + - gh-116143: Fix a race in pydoc _start_server, eliminating a + window in which _start_server can return a thread that is + “serving” but without a docserver set. + - gh-116325: typing: raise SyntaxError instead of AttributeError + on forward references as empty strings. + - gh-90535: Fix support of interval values > 1 in + logging.TimedRotatingFileHandler for when='MIDNIGHT' and + when='Wx'. + - gh-115978: Disable preadv(), readv(), pwritev(), and writev() on + WASI. + - Under wasmtime for WASI 0.2, these functions don’t pass + test_posix + (https://github.com/bytecodealliance/wasmtime/issues/7830). + - gh-88352: Fix the computation of the next rollover time in the + logging.TimedRotatingFileHandler handler. computeRollover() now + always returns a timestamp larger than the specified time and + works correctly during the DST change. doRollover() no longer + overwrite the already rolled over file, saving from data loss + when run at midnight or during repeated time at the DST change. + - gh-87115: Set __main__.__spec__ to None when running a script + with pdb + - gh-76511: Fix UnicodeEncodeError in email.Message.as_string() + that results when a message that claims to be in the ascii + character set actually has non-ascii characters. Non-ascii + characters are now replaced with the U+FFFD replacement + character, like in the replace error handler. + - gh-75988: Fixed unittest.mock.create_autospec() to pass the call + through to the wrapped object to return the real result. + - gh-115881: Fix issue where ast.parse() would incorrectly flag + conditional context managers (such as with (x() if y else z()): + ...) as invalid syntax if feature_version=(3, 8) was passed. + This reverts changes to the grammar made as part of gh-94949. + - gh-115886: Fix silent truncation of the name with an embedded + null character in multiprocessing.shared_memory.SharedMemory. + - gh-115809: Improve algorithm for computing which rolled-over log + files to delete in logging.TimedRotatingFileHandler. It is now + reliable for handlers without namer and with arbitrary + deterministic namer that leaves the datetime part in the file + name unmodified. + - gh-74668: urllib.parse functions parse_qs() and parse_qsl() now + support bytes arguments containing raw and percent-encoded + non-ASCII data. + - gh-67044: csv.writer() now always quotes or escapes '\r' and + '\n', regardless of lineterminator value. + - gh-115712: csv.writer() now quotes empty fields if delimiter is + a space and skipinitialspace is true and raises exception if + quoting is not possible. + - gh-115618: Fix improper decreasing the reference count for None + argument in property methods getter(), setter() and deleter(). + - gh-115570: A DeprecationWarning is no longer omitted on access + to the __doc__ attributes of the deprecated typing.io and + typing.re pseudo-modules. + - gh-112006: Fix inspect.unwrap() for types with the __wrapper__ + data descriptor. + - gh-101293: Support callables with the __call__() method and + types with __new__() and __init__() methods set to class + methods, static methods, bound methods, partial functions, and + other types of methods and descriptors in + inspect.Signature.from_callable(). + - gh-115392: Fix a bug in doctest where incorrect line numbers + would be reported for decorated functions. + - gh-114563: Fix several format() bugs when using the C + implementation of Decimal: * memory leak in some rare cases when + using the z format option (coerce negative 0) * incorrect output + when applying the z format option to type F (fixed-point with + capital NAN / INF) * incorrect output when applying the # format + option (alternate form) + - gh-115197: urllib.request no longer resolves the hostname before + checking it against the system’s proxy bypass list on macOS and + Windows. + - gh-115198: Fix support of Docutils >= 0.19 in distutils. + - gh-115165: Most exceptions are now ignored when attempting to + set the __orig_class__ attribute on objects returned when + calling typing generic aliases (including generic aliases + created using typing.Annotated). Previously only AttributeError + was ignored. Patch by Dave Shawley. + - gh-115133: Fix tests for XMLPullParser with Expat 2.6.0. + - gh-115059: io.BufferedRandom.read1() now flushes the underlying + write buffer. + - gh-79382: Trailing ** no longer allows to match files and + non-existing paths in recursive glob(). + - gh-114763: Protect modules loaded with importlib.util.LazyLoader + from race conditions when multiple threads try to access + attributes before the loading is complete. + - gh-97959: Fix rendering class methods, bound methods, method and + function aliases in pydoc. Class methods no longer have “method + of builtins.type instance” note. Corresponding notes are now + added for class and unbound methods. Method and function aliases + now have references to the module or the class where the origin + was defined if it differs from the current. Bound methods are + now listed in the static methods section. Methods of builtin + classes are now supported as well as methods of Python classes. + - gh-112281: Allow creating union of types for typing.Annotated + with unhashable metadata. + - gh-111775: Fix importlib.resources.simple.ResourceHandle.open() + for text mode, added missed stream argument. + - gh-90095: Make .pdbrc and -c work with any valid pdb commands. + - gh-107155: Fix incorrect output of help(x) where x is a lambda + function, which has an __annotations__ dictionary attribute with + a "return" key. + - gh-105866: Fixed _get_slots bug which caused error when defining + dataclasses with slots and a weakref_slot. + - gh-60346: Fix ArgumentParser inconsistent with parse_known_args. + - gh-100985: Update HTTPSConnection to consistently wrap IPv6 + Addresses when using a proxy. + - gh-100884: email: fix misfolding of comma in address-lists + over multiple lines in combination with unicode encoding + (bsc#1238450 CVE-2025-1795) + - gh-95782: Fix io.BufferedReader.tell(), + io.BufferedReader.seek(), _pyio.BufferedReader.tell(), + io.BufferedRandom.tell(), io.BufferedRandom.seek() and + _pyio.BufferedRandom.tell() being able to return negative + offsets. + - gh-96310: Fix a traceback in argparse when all options in a + mutually exclusive group are suppressed. + - gh-93205: Fixed a bug in + logging.handlers.TimedRotatingFileHandler where multiple + rotating handler instances pointing to files with the same name + but different extensions would conflict and not delete the + correct files. + - bpo-44865: Add missing call to localization function in + argparse. + - bpo-43952: Fix multiprocessing.connection.Listener.accept() to + accept empty bytes as authkey. Not accepting empty bytes as key + causes it to hang indefinitely. + - bpo-42125: linecache: get module name from __spec__ if + available. This allows getting source code for the __main__ + module when a custom loader is used. + - gh-66543: Make mimetypes.guess_type() properly parsing of URLs + with only a host name, URLs containing fragment or query, and + filenames with only a UNC sharepoint on Windows. Based on patch + by Dong-hee Na. + - bpo-33775: Add ‘default’ and ‘version’ help text for + localization in argparse. + * Documentation + - gh-115399: Document CVE-2023-52425 of Expat <2.6.0 under “XML + vulnerabilities”. + - gh-115233: Fix an example for LoggerAdapter in the Logging + Cookbook. + * Tests + - gh-83434: Disable JUnit XML output (--junit-xml=FILE command + line option) in regrtest when hunting for reference leaks (-R + option). Patch by Victor Stinner. + - gh-117187: Fix XML tests for vanilla Expat <2.6.0. + - gh-115979: Update test_importlib so that it passes under WASI + SDK 21. + - gh-116307: Added import helper isolated_modules as CleanImport + does not remove modules imported during the context. + - gh-115720: Leak tests (-R, --huntrleaks) now show a summary of + the number of leaks found in each iteration. + - gh-115122: Add --bisect option to regrtest test runner: run + failed tests with test.bisect_cmd to identify failing tests. + Patch by Victor Stinner. + - gh-115596: Fix ProgramPriorityTests in test_os permanently + changing the process priority. + - gh-115198: Fix test_check_metadata_deprecate in distutils tests + with a newer Docutils. + * Build + - gh-116313: Get WASI builds to work under wasmtime 18 w/ WASI + 0.2/preview2 primitives. + - gh-115167: Avoid vendoring vcruntime140_threads.dll when + building with Visual Studio 2022 version 17.8. + * Windows + - gh-116773: Fix instances of <_overlapped.Overlapped object at + 0xXXX> still has pending operation at deallocation, the process + may crash. + - gh-91227: Fix the asyncio ProactorEventLoop implementation so + that sending a datagram to an address that is not listening does + not prevent receiving any more datagrams. + - gh-115554: The installer now has more strict rules about + updating the Python Launcher for Windows. In general, most users + only have a single launcher installed and will see no + difference. When multiple launchers have been installed, the + option to install the launcher is disabled until all but one + have been removed. Downgrading the launcher (which was never + allowed) is now more obviously blocked. + - gh-115543: Python Launcher for Windows can now detect Python + 3.13 when installed from the Microsoft Store, and will install + Python 3.12 by default when PYLAUNCHER_ALLOW_INSTALL is set. + - gh-115009: Update Windows installer to use SQLite 3.45.1. + * IDLE + - gh-88516: On macOS show a proxy icon in the title bar of editor + windows to match platform behaviour. + * Tools/Demos + - gh-113516: Don’t set LDSHARED when building for WASI. + * C API + - gh-117021: Fix integer overflow in PyLong_AsPid() on non-Windows + 64-bit platforms. + +------------------------------------------------------------------- +Sun Mar 24 07:51:45 UTC 2024 - Matej Cepl + +- Add reference to CVE-2024-0450 (bsc#1221854) to changelog. + +------------------------------------------------------------------- +Fri Mar 22 21:22:27 UTC 2024 - Matej Cepl + +- Because of bsc#1189495 we have to revert use of %autopatch. + +------------------------------------------------------------------- +Tue Mar 12 08:44:47 UTC 2024 - Matej Cepl + +- Rewrite %prep to use %autosetup et al. for compatibility with + rpm 4.20. + +------------------------------------------------------------------- +Tue Mar 12 08:13:34 UTC 2024 - Matej Cepl + +- bsc#1221260 add bsc1221260-test_asyncio-ResourceWarning.patch + to eliminate ResourceWarning which broke the test suite in + test_asyncio. + +------------------------------------------------------------------- +Wed Mar 6 14:13:58 UTC 2024 - Pedro Monreal + +- Use the system-wide crypto-policies [bsc#1211301] + * Use the system default cipher list instead of hardcoded values + * Add the --with-ssl-default-suites=openssl configure option + +------------------------------------------------------------------- +Fri Feb 23 01:06:42 UTC 2024 - Matej Cepl + +- (bsc#1219666, CVE-2023-6597) Add + CVE-2023-6597-TempDir-cleaning-symlink.patch (patch from + gh#python/cpython!99930) fixing symlink bug in cleanup of + tempfile.TemporaryDirectory. + +------------------------------------------------------------------- +Tue Feb 20 22:14:02 UTC 2024 - Matej Cepl + +- Remove double definition of /usr/bin/idle%%{version} in + %%files. + +------------------------------------------------------------------- +Thu Feb 15 10:29:07 UTC 2024 - Daniel Garcia + +- Add upstream patch libexpat260.patch, Fix tests for XMLPullParser + with Expat 2.6.0, gh#python/cpython#115289 + +------------------------------------------------------------------- +Thu Feb 8 07:27:40 UTC 2024 - Daniel Garcia + +- Update to 3.11.8: + - Security + - gh-113659: Skip .pth files with names starting with a dot or + hidden file attribute. + - Core and Builtins + - gh-114887: Changed socket type validation in + create_datagram_endpoint() to accept all non-stream sockets. + This fixes a regression in compatibility with raw sockets. + - gh-114388: Fix a RuntimeWarning emitted when assign an + integer-like value that is not an instance of int to an + attribute that corresponds to a C struct member of type T_UINT + and T_ULONG. Fix a double RuntimeWarning emitted when assign a + negative integer value to an attribute that corresponds to a C + struct member of type T_UINT. + - gh-89811: Check for a valid tp_version_tag before performing + bytecode specializations that rely on this value being usable. + - gh-113602: Fix an error that was causing the parser to try to + overwrite existing errors and crashing in the process. Patch by + Pablo Galindo + - gh-113566: Fix a 3.11-specific crash when the repr of a Future + is requested after the module has already been + garbage-collected. + - gh-106905: Use per AST-parser state rather than global state to + track recursion depth within the AST parser to prevent potential + race condition due to simultaneous parsing. + - The issue primarily showed up in 3.11 by multithreaded users of + ast.parse(). In 3.12 a change to when garbage collection can be + triggered prevented the race condition from occurring. + - gh-112716: Fix SystemError in the import statement and in + __reduce__() methods of builtin types when __builtins__ is not a + dict. + - gh-105967: Workaround a bug in Apple’s macOS platform zlib + library where zlib.crc32() and binascii.crc32() could produce + incorrect results on multi-gigabyte inputs. Including when using + zipfile on zips containing large data. + - gh-94606: Fix UnicodeEncodeError when + email.message.get_payload() reads a message with a Unicode + surrogate character and the message content is not well-formed + for surrogateescape encoding. Patch by Sidney Markowitz. + - Library + - gh-114965: Update bundled pip to 24.0 + - gh-114959: tarfile no longer ignores errors when trying to + extract a directory on top of a file. + - gh-109475: Fix support of explicit option value “–” in argparse + (e.g. --option=--). + - gh-110190: Fix ctypes structs with array on Windows ARM64 + platform by setting MAX_STRUCT_SIZE to 32 in stgdict. Patch by + Diego Russo + - gh-113280: Fix a leak of open socket in rare cases when error + occurred in ssl.SSLSocket creation. + - gh-77749: email.policy.EmailPolicy.fold() now always encodes + non-ASCII characters in headers if utf8 is false. + - gh-114492: Make the result of termios.tcgetattr() reproducible + on Alpine Linux. Previously it could leave a random garbage in + some fields. + - gh-75128: Ignore an OSError in + asyncio.BaseEventLoop.create_server() when IPv6 is available but + the interface cannot actually support it. + - gh-114257: Dismiss the FileNotFound error in + ctypes.util.find_library() and just return None on Linux. + - gh-101438: Avoid reference cycle in ElementTree.iterparse. The + iterator returned by ElementTree.iterparse may hold on to a file + descriptor. The reference cycle prevented prompt clean-up of the + file descriptor if the returned iterator was not exhausted. + - gh-104522: OSError raised when run a subprocess now only has + filename attribute set to cwd if the error was caused by a + failed attempt to change the current directory. + - gh-109534: Fix a reference leak in + asyncio.selector_events.BaseSelectorEventLoop when SSL + handshakes fail. Patch contributed by Jamie Phan. + - gh-114077: Fix possible OverflowError in + socket.socket.sendfile() when pass count larger than 2 GiB on + 32-bit platform. + - gh-114014: Fixed a bug in fractions.Fraction where an invalid + string using d in the decimals part creates a different error + compared to other invalid letters/characters. Patch by Jeremiah + Gabriel Pascual. + - gh-113951: Fix the behavior of tag_unbind() methods of + tkinter.Text and tkinter.Canvas classes with three arguments. + Previously, widget.tag_unbind(tag, sequence, funcid) destroyed + the current binding for sequence, leaving sequence unbound, and + deleted the funcid command. Now it removes only funcid from the + binding for sequence, keeping other commands, and deletes the + funcid command. It leaves sequence unbound only if funcid was + the last bound command. + - gh-113877: Fix tkinter method winfo_pathname() on 64-bit + Windows. + - gh-113781: Silence unraisable AttributeError when warnings are + emitted during Python finalization. + - gh-113594: Fix UnicodeEncodeError in email when re-fold lines + that contain unknown-8bit encoded part followed by + non-unknown-8bit encoded part. + - gh-113538: In asyncio.StreamReaderProtocol.connection_made(), + there is callback that logs an error if the task wrapping the + “connected callback” fails. This callback would itself fail if + the task was cancelled. Prevent this by checking whether the + task was cancelled first. If so, close the transport but don’t + log an error. + - gh-85567: Fix resource warnings for unclosed files in pickle and + pickletools command line interfaces. + - gh-101225: Increase the backlog for + multiprocessing.connection.Listener objects created by + multiprocessing.manager and multiprocessing.resource_sharer to + significantly reduce the risk of getting a connection refused + error when creating a multiprocessing.connection.Connection to + them. + - gh-113543: Make sure that webbrowser.MacOSXOSAScript sends + webbrowser.open audit event. + - gh-113028: When a second reference to a string appears in the + input to pickle, and the Python implementation is in use, we are + guaranteed that a single copy gets pickled and a single object + is shared when reloaded. Previously, in protocol 0, when a + string contained certain characters (e.g. newline) it resulted + in duplicate objects. + - gh-113421: Fix multiprocessing logger for %(filename)s. + - gh-113358: Fix rendering tracebacks for exceptions with a broken + __getattr__. + - gh-113214: Fix an AttributeError during asyncio SSL protocol + aborts in SSL-over-SSL scenarios. + - gh-113246: Update bundled pip to 23.3.2. + - gh-113199: Make http.client.HTTPResponse.read1 and + http.client.HTTPResponse.readline close IO after reading all + data when content length is known. Patch by Illia Volochii. + - gh-113188: Fix shutil.copymode() and shutil.copystat() on + Windows. Previously they worked differenly if dst is a symbolic + link: they modified the permission bits of dst itself rather + than the file it points to if follow_symlinks is true or src is + not a symbolic link, and did not modify the permission bits if + follow_symlinks is false and src is a symbolic link. + - gh-61648: Detect line numbers of properties in doctests. + - gh-112559: signal.signal() and signal.getsignal() no longer call + repr on callable handlers. asyncio.run() and + asyncio.Runner.run() no longer call repr on the task results. + Patch by Yilei Yang. + - gh-110190: Fix ctypes structs with array on PPC64LE platform by + setting MAX_STRUCT_SIZE to 64 in stgdict. Patch by Diego Russo. + - gh-79429: Ignore FileNotFoundError when remove a temporary + directory in the multiprocessing finalizer. + - gh-79325: Fix an infinite recursion error in + tempfile.TemporaryDirectory() cleanup on Windows. + - gh-110190: Fix ctypes structs with array on Arm platform by + setting MAX_STRUCT_SIZE to 32 in stgdict. Patch by Diego Russo. + - gh-81194: Fix a crash in socket.if_indextoname() with specific + value (UINT_MAX). Fix an integer overflow in + socket.if_indextoname() on 64-bit non-Windows platforms. + - gh-75666: Fix the behavior of tkinter widget’s unbind() method + with two arguments. Previously, widget.unbind(sequence, funcid) + destroyed the current binding for sequence, leaving sequence + unbound, and deleted the funcid command. Now it removes only + funcid from the binding for sequence, keeping other commands, + and deletes the funcid command. It leaves sequence unbound only + if funcid was the last bound command. + - gh-110345: Show the Tcl/Tk patchlevel (rather than version) in + tkinter._test(). + - gh-109858: Protect zipfile from “quoted-overlap” zipbomb. It now + raises BadZipFile when try to read an entry that overlaps with + other entry or central directory (bsc#1221854, CVE-2024-0450). + - gh-38807: Fix race condition in trace. Instead of checking if a + directory exists and creating it, directly call os.makedirs() + with the kwarg exist_ok=True. + - gh-75705: Set unixfrom envelope in mailbox.mbox and + mailbox.MMDF. + - gh-105102: Allow ctypes.Union to be nested in ctypes.Structure + when the system endianness is the opposite of the classes. + - gh-104282: Fix null pointer dereference in + lzma._decode_filter_properties() due to improper handling of BCJ + filters with properties of zero length. Patch by Radislav + Chugunov. + - gh-102512: When os.fork() is called from a foreign thread (aka + _DummyThread), the type of the thread in a child process is + changed to _MainThread. Also changed its name and daemonic + status, it can be now joined. + - gh-91133: Fix a bug in tempfile.TemporaryDirectory cleanup, + which now no longer dereferences symlinks when working around + file system permission errors. + - bpo-43153: On Windows, tempfile.TemporaryDirectory previously + masked a PermissionError with NotADirectoryError during + directory cleanup. It now correctly raises PermissionError if + errors are not ignored. Patch by Andrei Kulakov and Ken Jin. + - bpo-35332: The shutil.rmtree() function now ignores errors when + calling os.close() when ignore_errors is True, and os.close() no + longer retried after error. + - bpo-35928: io.TextIOWrapper now correctly handles the decoding + buffer after read() and write(). + - bpo-26791: shutil.move() now moves a symlink into a directory + when that directory is the target of the symlink. This provides + the same behavior as the mv shell command. The previous behavior + raised an exception. Patch by Jeffrey Kintscher. + - bpo-36959: Fix some error messages for invalid ISO format string + combinations in strptime() that referred to directives not + contained in the format string. Patch by Gordon P. Hemsley. + - bpo-18060: Fixed a class inheritance issue that can cause + segfaults when deriving two or more levels of subclasses from a + base class of Structure or Union. + - Documentation + - gh-110746: Improved markup for valid options/values for methods + ttk.treeview.column and ttk.treeview.heading, and for Layouts. + - gh-95649: Document that the asyncio module contains code taken + from v0.16.0 of the uvloop project, as well as the required MIT + licensing information. + - Tests + - gh-109980: Fix test_tarfile_vs_tar in test_shutil for macOS, + where system tar can include more information in the archive + than shutil.make_archive. + - gh-112769: The tests now correctly compare zlib version when + zlib.ZLIB_RUNTIME_VERSION contains non-integer suffixes. For + example zlib-ng defines the version as 1.3.0.zlib-ng. + - gh-105089: Fix + test.test_zipfile.test_core.TestWithDirectory.test_create_directory_with_write + test in AIX by doing a bitwise AND of 0xFFFF on mode , so that + it will be in sync with zinfo.external_attr + - bpo-40648: Test modes that file can get with chmod() on Windows. + - Build + - gh-101778: Fix build error when there’s a dangling symlink in + the directory containing ffi.h. + - gh-112305: Fixed the check-clean-src step performed on out of + tree builds to detect errant $(srcdir)/Python/frozen_modules/*.h + files and recommend appropriate source tree cleanup steps to get + a working build again. + - bpo-11102: The os.major(), os.makedev(), and os.minor() + functions are now available on HP-UX v3. + - bpo-36351: Do not set ipv6type when cross-compiling. + - IDLE + - gh-96905: In idlelib code, stop redefining built-ins ‘dict’ and + ‘object’. + - gh-72284: Improve the lists of features, editor key bindings, + and shell key bingings in the IDLE doc. + - gh-113903: Fix rare failure of test.test_idle, in + test_configdialog. + - gh-113729: Fix the “Help -> IDLE Doc” menu bug in 3.11.7 and + 3.12.1. + - gh-113269: Fix test_editor hang on macOS Catalina. + - gh-112898: Fix processing unsaved files when quitting IDLE on + macOS. + - gh-103820: Revise IDLE bindings so that events from mouse button + 4/5 on non-X11 windowing systems (i.e. Win32 and Aqua) are not + mistaken for scrolling. + - bpo-13586: Enter the selected text when opening the “Replace” + dialog. + - Tools/Demos + - gh-109991: Update GitHub CI workflows to use OpenSSL 3.0.13 and + multissltests to use 1.1.1w, 3.0.13, 3.1.5, and 3.2.1. + - gh-115015: Fix a bug in Argument Clinic that generated incorrect + code for methods with no parameters that use the METH_METHOD | + METH_FASTCALL | METH_KEYWORDS calling convention. Only the + positional parameter count was checked; any keyword argument + passed would be silently accepted. +- Remove upstreamed patches: + - CVE-2024-0450-zipfile-avoid-quoted-overlap-zipbomb.patch +- Refresh all patches: + - CVE-2023-27043-email-parsing-errors.patch + - F00251-change-user-install-location.patch + - bpo-31046_ensurepip_honours_prefix.patch + - distutils-reproducible-compile.patch + - fix_configure_rst.patch + - python-3.3.0b1-fix_date_time_compiler.patch + - python-3.3.0b1-localpath.patch + - python-3.3.0b1-test-posix_fadvise.patch + - skip_if_buildbot-extend.patch + - subprocess-raise-timeout.patch + - support-expat-CVE-2022-25236-patched.patch + +------------------------------------------------------------------- +Tue Dec 19 16:34:50 UTC 2023 - Daniel Garcia + +- Update patch fix_configure_rst.patch +- Update to 3.11.7: + - Core and Builtins + - gh-112625: Fixes a bug where a bytearray object could be cleared + while iterating over an argument in the bytearray.join() method + that could result in reading memory after it was freed. + - gh-112388: Fix an error that was causing the parser to try to + overwrite tokenizer errors. Patch by pablo Galindo + - gh-112387: Fix error positions for decoded strings with + backwards tokenize errors. Patch by Pablo Galindo + - gh-112266: Change docstrings of __dict__ and __weakref__. + - gh-109181: Speed up Traceback object creation by lazily compute + the line number. Patch by Pablo Galindo + - gh-102388: Fix a bug where iso2022_jp_3 and iso2022_jp_2004 + codecs read out of bounds + - gh-111366: Fix an issue in the codeop that was causing + SyntaxError exceptions raised in the presence of invalid syntax + to not contain precise error messages. Patch by Pablo Galindo + - gh-111380: Fix a bug that was causing SyntaxWarning to appear + twice when parsing if invalid syntax is encountered later. Patch + by Pablo galindo + - gh-88116: Traceback location ranges involving wide unicode + characters (like emoji and asian characters) now are properly + highlighted. Patch by Batuhan Taskaya and Pablo Galindo. + - gh-94438: Fix a regression that prevented jumping across is None + and is not None when debugging. Patch by Savannah Ostrowski. + - gh-110696: Fix incorrect error message for invalid argument + unpacking. Patch by Pablo Galindo + - gh-110237: Fix missing error checks for calls to PyList_Append + in _PyEval_MatchClass. + - gh-109216: Fix possible memory leak in BUILD_MAP. + + - Library + - gh-112618: Fix a caching bug relating to typing.Annotated. + Annotated[str, True] is no longer identical to Annotated[str, + 1]. + - gh-112509: Fix edge cases that could cause a key to be present + in both the __required_keys__ and __optional_keys__ attributes + of a typing.TypedDict. Patch by Jelle Zijlstra. + - gh-94722: Fix bug where comparison between instances of DocTest + fails if one of them has None as its lineno. + - gh-112105: Make readline.set_completer_delims() work with + libedit + - gh-111942: Fix SystemError in the TextIOWrapper constructor with + non-encodable “errors” argument in non-debug mode. + - gh-109538: Issue warning message instead of having RuntimeError + be displayed when event loop has already been closed at + StreamWriter.__del__(). + - gh-111942: Fix crashes in io.TextIOWrapper.reconfigure() when + pass invalid arguments, e.g. non-string encoding. + - gh-111804: Remove posix.fallocate() under WASI as the underlying + posix_fallocate() is not available in WASI preview2. + - gh-111841: Fix truncating arguments on an embedded null + character in os.putenv() and os.unsetenv() on Windows. + - gh-111541: Fix doctest for SyntaxError not-builtin subclasses. + - gh-110894: Call loop exception handler for exceptions in + client_connected_cb of asyncio.start_server() so that + applications can handle it. Patch by Kumar Aditya. + - gh-111531: Fix reference leaks in bind_class() and bind_all() + methods of tkinter widgets. + - gh-111356: Added io.text_encoding(), io.DEFAULT_BUFFER_SIZE, and + io.IncrementalNewlineDecoder to io.__all__. + - gh-68166: Remove mention of not supported “vsapi” element type + in tkinter.ttk.Style.element_create(). Add tests for + element_create() and other ttk.Style methods. Add examples for + element_create() in the documentation. + - gh-111251: Fix _blake2 not checking for errors when + initializing. + - gh-111174: Fix crash in io.BytesIO.getbuffer() called repeatedly + for empty BytesIO. + - gh-111187: Postpone removal version for + locale.getdefaultlocale() to Python 3.15. + - gh-111159: Fix doctest output comparison for exceptions with + notes. + - gh-110910: Fix invalid state handling in asyncio.TaskGroup and + asyncio.Timeout. They now raise proper RuntimeError if they are + improperly used and are left in consistent state after this. + - gh-111092: Make turtledemo run without default root enabled. + - gh-110590: Fix a bug in _sre.compile() where TypeError would be + overwritten by OverflowError when the code argument was a list + of non-ints. + - gh-65052: Prevent pdb from crashing when trying to display + undisplayable objects + - gh-110519: Deprecation warning about non-integer number in + gettext now alwais refers to the line in the user code where + gettext function or method is used. Previously it could refer to + a line in gettext code. + - gh-110378: contextmanager() and asynccontextmanager() context + managers now close an invalid underlying generator object that + yields more then one value. + - gh-110365: Fix termios.tcsetattr() bug that was overwritting + existing errors during parsing integers from term list. + - gh-110196: Add __reduce__ method to IPv6Address in order to keep + scope_id + - gh-109747: Improve errors for unsupported look-behind patterns. + Now re.error is raised instead of OverflowError or RuntimeError + for too large width of look-behind pattern. + - gh-109786: Fix possible reference leaks and crash when re-enter + the __next__() method of itertools.pairwise. + - gh-108791: Improved error handling in pdb command line + interface, making it produce more concise error messages. + - gh-73561: Omit the interface scope from an IPv6 address when + used as Host header by http.client. + - gh-86826: zipinfo now supports the full range of values in the + TZ string determined by RFC 8536 and detects all invalid + formats. Both Python and C implementations now raise exceptions + of the same type on invalid data. + - bpo-41422: Fixed memory leaks of pickle.Pickler and + pickle.Unpickler involving cyclic references via the internal + memo mapping. + - bpo-40262: The ssl.SSLSocket.recv_into() method no longer + requires the buffer argument to implement __len__ and supports + buffers with arbitrary item size. + - bpo-35191: Fix unexpected integer truncation in + socket.setblocking() which caused it to interpret multiples of + 2**32 as False. + + - Documentation + - gh-108826: dis module command-line interface is now mentioned in + documentation. + + - Tests + - gh-110367: Make regrtest --verbose3 option compatible with + --huntrleaks -jN options. The ./python -m test -j1 -R 3:3 + --verbose3 command now works as expected. Patch by Victor + Stinner. + - gh-111309: distutils tests can now be run via unittest. + - gh-111165: Remove no longer used functions run_unittest() and + run_doctest() and class BasicTestRunner from the test.support + module. + - gh-110932: Fix regrtest if the SOURCE_DATE_EPOCH environment + variable is defined: use the variable value as the random seed. + Patch by Victor Stinner. + - gh-110995: test_gdb: Fix detection of gdb built without Python + scripting support. Patch by Victor Stinner. + - gh-110918: Test case matching patterns specified by options + --match, --ignore, --matchfile and --ignorefile are now tested + in the order of specification, and the last match determines + whether the test case be run or ignored. + - gh-110647: Fix test_stress_modifying_handlers() of test_signal. + Patch by Victor Stinner. + - gh-103053: Fix test_tools.test_freeze on FreeBSD: run “make + distclean” instead of “make clean” in the copied source + directory to remove also the “python” program. Patch by Victor + Stinner. + - gh-110167: Fix a deadlock in test_socket when server fails with + a timeout but the client is still running in its thread. Don’t + hold a lock to call cleanup functions in doCleanups(). One of + the cleanup function waits until the client completes, whereas + the client could deadlock if it called addCleanup() in such + situation. Patch by Victor Stinner. + - gh-110388: Add tests for tty. + - gh-81002: Add tests for termios. + - gh-110267: Add tests for pickling and copying PyStructSequence + objects. Patched by Xuehai Pan. + - gh-109974: Fix race conditions in test_threading lock tests. + Wait until a condition is met rather than using time.sleep() + with a hardcoded number of seconds. Patch by Victor Stinner. + - gh-109972: Split test_gdb.py file into a test_gdb package made + of multiple tests, so tests can now be run in parallel. Patch by + Victor Stinner. + - gh-104736: Fix test_gdb on Python built with LLVM clang 16 on + Linux ppc64le (ex: Fedora 38). Search patterns in gdb “bt” + command output to detect when gdb fails to retrieve the + traceback. For example, skip a test if Backtrace stopped: frame + did not save the PC is found. Patch by Victor Stinner. + - gh-108927: Fixed order dependence in running tests in the same + process when a test that has submodules (e.g. test_importlib) + follows a test that imports its submodule (e.g. + test_importlib.util) and precedes a test (e.g. test_unittest or + test_compileall) that uses that submodule. + + - Build + - gh-103053: “make check-clean-src” now also checks if the + “python” program is found in the source directory: fail with an + error if it does exist. Patch by Victor Stinner. + - gh-109191: Fix compile error when building with recent versions + of libedit. + + - IDLE + - bpo-35668: Add docstrings to the IDLE debugger module. Fix two + bugs: initialize Idb.botframe (should be in Bdb); in + Idb.in_rpc_code, check whether prev_frame is None before trying + to use it. Greatly expand test_debugger. + + - C API + - gh-112438: Fix support of format units “es”, “et”, “es#”, and + “et#” in nested tuples in PyArg_ParseTuple()-like functions. + - gh-109521: PyImport_GetImporter() now sets RuntimeError if it + fails to get sys.path_hooks or sys.path_importer_cache or they + are not list and dict correspondingly. Previously it could + return NULL without setting error in obscure cases, crash or + raise SystemError if these attributes have wrong type. +------------------------------------------------------------------- +Mon Dec 18 16:20:58 UTC 2023 - Matej Cepl + +- Refresh CVE-2023-27043-email-parsing-errors.patch to + gh#python/cpython!111116, fixing bsc#1210638 (CVE-2023-27043). +- Thus we can remove Revert-gh105127-left-tests.patch, which is + now useless. + +------------------------------------------------------------------- +Wed Nov 15 09:06:16 UTC 2023 - Daniel Garcia + +- Remove not needed patch 103213-fetch-CONFIG_ARGS.patch +- Refresh patches: + - bpo-31046_ensurepip_honours_prefix.patch + - fix_configure_rst.patch + +- Update to 3.11.6: + - Core and Builtins + - gh-109351: Fix crash when compiling an invalid AST involving a + named (walrus) expression. + - gh-109207: Fix a SystemError in __repr__ of symtable entry + object. + - gh-109179: Fix bug where the C traceback display drops notes + from SyntaxError. + - gh-88943: Improve syntax error for non-ASCII character that + follows a numerical literal. It now points on the invalid + non-ASCII character, not on the valid numerical literal. + - gh-108959: Fix caret placement for error locations for subscript + and binary operations that involve non-semantic parentheses and + spaces. Patch by Pablo Galindo + - gh-108520: Fix + multiprocessing.synchronize.SemLock.__setstate__() to properly + initialize multiprocessing.synchronize.SemLock._is_fork_ctx. + This fixes a regression when passing a SemLock accross nested + processes. + - Rename multiprocessing.synchronize.SemLock.is_fork_ctx to + multiprocessing.synchronize.SemLock._is_fork_ctx to avoid + exposing it as public API. + - Library + - gh-110036: On Windows, multiprocessing Popen.terminate() now + catchs PermissionError and get the process exit code. If the + process is still running, raise again the PermissionError. + Otherwise, the process terminated as expected: store its exit + code. Patch by Victor Stinner. + - gh-110038: Fixed an issue that caused KqueueSelector.select() to + not return all the ready events in some cases when a file + descriptor is registered for both read and write. + - gh-109631: re functions such as re.findall(), re.split(), + re.search() and re.sub() which perform short repeated matches + can now be interrupted by user. + - gh-109593: Avoid deadlocking on a reentrant call to the + multiprocessing resource tracker. Such a reentrant call, though + unlikely, can happen if a GC pass invokes the finalizer for a + multiprocessing object such as SemLock. + - gh-109613: Fix os.stat() and os.DirEntry.stat(): check for + exceptions. Previously, on Python built in debug mode, these + functions could trigger a fatal Python error (and abort the + process) when a function succeeded with an exception set. Patch + by Victor Stinner. + - gh-109375: The pdb alias command now prevents registering + aliases without arguments. + - gh-107219: Fix a race condition in concurrent.futures. When a + process in the process pool was terminated abruptly (while the + future was running or pending), close the connection write end. + If the call queue is blocked on sending bytes to a worker + process, closing the connection write end interrupts the send, + so the queue can be closed. Patch by Victor Stinner. + - gh-50644: Attempts to pickle or create a shallow or deep copy of + codecs streams now raise a TypeError. Previously, copying failed + with a RecursionError, while pickling produced wrong results + that eventually caused unpickling to fail with a RecursionError. + - gh-108987: Fix _thread.start_new_thread() race condition. If a + thread is created during Python finalization, the newly spawned + thread now exits immediately instead of trying to access freed + memory and lead to a crash. Patch by Victor Stinner. + - gh-108843: Fix an issue in ast.unparse() when unparsing + f-strings containing many quote types. + - gh-108682: Enum: raise TypeError if super().__new__() is called + from a custom __new__. + - gh-105829: Fix concurrent.futures.ProcessPoolExecutor deadlock + - gh-64662: Fix support for virtual tables in + sqlite3.Connection.iterdump(). Patch by Aviv Palivoda. + - gh-107913: Fix possible losses of errno and winerror values in + OSError exceptions if they were cleared or modified by the + cleanup code before creating the exception object. + - gh-104372: On Linux where subprocess can use the vfork() syscall + for faster spawning, prevent the parent process from blocking + other threads by dropping the GIL while it waits for the + vfork’ed child process exec() outcome. This prevents spawning a + binary from a slow filesystem from blocking the rest of the + application. + - gh-84867: unittest.TestLoader no longer loads test cases from + exact unittest.TestCase and unittest.FunctionTestCase classes. + - Documentation + - gh-109209: The minimum Sphinx version required for the + documentation is now 4.2. + - gh-105052: Update timeit doc to specify that time in seconds is + just the default. + - gh-102823: Document the return type of x // y when x and y have + type float. + - Tests + - gh-110031: Skip test_threading tests using thread+fork if Python + is built with Address Sanitizer (ASAN). Patch by Victor Stinner. + - gh-110088: Fix test_asyncio timeouts: don’t measure the maximum + duration, a test should not measure a CI performance. Only + measure the minimum duration when a task has a timeout or delay. + Add CLOCK_RES to test_asyncio.utils. Patch by Victor Stinner. + - gh-110033: Fix test_interprocess_signal() of test_signal. Make + sure that the subprocess.Popen object is deleted before the test + raising an exception in a signal handler. Otherwise, + Popen.__del__() can get the exception which is logged as + Exception ignored in: ... and the test fails. Patch by Victor + Stinner. + - gh-109594: Fix test_timeout() of + test_concurrent_futures.test_wait. Remove the future which may + or may not complete depending if it takes longer than the + timeout ot not. Keep the second future which does not complete + before wait() timeout. Patch by Victor Stinner. + - gh-109748: Fix test_zippath_from_non_installed_posix() of + test_venv: don’t copy __pycache__/ sub-directories, because they + can be modified by other Python tests running in parallel. Patch + by Victor Stinner. + - gh-103053: Skip test_freeze_simple_script() of + test_tools.test_freeze if Python is built with ./configure + --enable-optimizations, which means with Profile Guided + Optimization (PGO): it just makes the test too slow. The freeze + tool is tested by many other CIs with other (faster) compiler + flags. Patch by Victor Stinner. + - gh-109396: Fix test_socket.test_hmac_sha1() in FIPS mode. Use a + longer key: FIPS mode requires at least of at least 112 bits. + The previous key was only 32 bits. Patch by Victor Stinner. + - gh-104736: Fix test_gdb on Python built with LLVM clang 16 on + Linux ppc64le (ex: Fedora 38). Search patterns in gdb “bt” + command output to detect when gdb fails to retrieve the + traceback. For example, skip a test if Backtrace stopped: frame + did not save the PC is found. Patch by Victor Stinner. + - gh-109237: Fix test_site.test_underpth_basic() when the working + directory contains at least one non-ASCII character: encode the + ._pth file to UTF-8 and enable the UTF-8 Mode to use UTF-8 for + the child process stdout. Patch by Victor Stinner. + - gh-109230: Fix test_pyexpat.test_exception(): it can now be run + from a directory different than Python source code directory. + Before, the test failed in this case. Skip the test if + Modules/pyexpat.c source is not available. Skip also the test on + Python implementations other than CPython. Patch by Victor + Stinner. + - gh-109015: Fix test_asyncio, test_imaplib and test_socket tests + on FreeBSD if the TCP blackhole is enabled (sysctl + net.inet.tcp.blackhole). Skip the few tests which failed with + ETIMEDOUT which such non standard configuration. Currently, the + FreeBSD GCP image enables TCP and UDP blackhole (sysctl + net.inet.tcp.blackhole=2 and sysctl net.inet.udp.blackhole=1). + Patch by Victor Stinner. + - gh-91960: Skip test_gdb if gdb is unable to retrieve Python + frame objects: if a frame is . When Python is + built with “clang -Og”, gdb can fail to retrive the frame + parameter of _PyEval_EvalFrameDefault(). In this case, tests + like py_bt() are likely to fail. Without getting access to + Python frames, python-gdb.py is mostly clueless on retrieving + the Python traceback. Moreover, test_gdb is no longer skipped on + macOS if Python is built with Clang. Patch by Victor Stinner. + - gh-108962: Skip test_tempfile.test_flags() if chflags() fails + with “OSError: [Errno 45] Operation not supported” (ex: on + FreeBSD 13). Patch by Victor Stinner. + - gh-89392: Removed support of test_main() function in tests. They + now always use normal unittest test runner. + - gh-108851: Fix test_tomllib recursion tests for WASI buildbots: + reduce the recursion limit and compute the maximum nested + array/dict depending on the current available recursion limit. + Patch by Victor Stinner. + - gh-108851: Add get_recursion_available() and + get_recursion_depth() functions to the test.support module. + Patch by Victor Stinner. + - gh-108822: regrtest now computes statistics on all tests: + successes, failures and skipped. test_netrc, test_pep646_syntax + and test_xml_etree now return results in their test_main() + function. Patch by Victor Stinner and Alex Waygood. + - gh-108388: Convert test_concurrent_futures to a package of 7 + sub-tests. Patch by Victor Stinner. + - gh-108388: Split test_multiprocessing_fork, + test_multiprocessing_forkserver and test_multiprocessing_spawn + into test packages. Each package is made of 4 sub-tests: + processes, threads, manager and misc. It allows running more + tests in parallel and so reduce the total test duration. Patch + by Victor Stinner. + - gh-101634: When running the Python test suite with -jN option, + if a worker stdout cannot be decoded from the locale encoding + report a failed testn so the exitcode is non-zero. Patch by + Victor Stinner. + - gh-100086: The Python test runner (libregrtest) now logs Python + build information like “debug” vs “release” build, or LTO and + PGO optimizations. Patch by Victor Stinner. + - gh-98903: The Python test suite now fails wit exit code 4 if no + tests ran. It should help detecting typos in test names and test + methods. + - gh-95027: On Windows, when the Python test suite is run with the + -jN option, the ANSI code page is now used as the encoding for + the stdout temporary file, rather than using UTF-8 which can + lead to decoding errors. Patch by Victor Stinner. + - gh-93353: regrtest now checks if a test leaks temporary files or + directories if run with -jN option. Patch by Victor Stinner. + - Build + - gh-63760: Fix Solaris build: no longer redefine the + gethostname() function. Solaris defines the function since 2005. + Patch by Victor Stinner, original patch by Jakub Kulík. + - gh-108740: Fix a race condition in make regen-all. The + deepfreeze.c source and files generated by Argument Clinic are + now generated or updated before generating “global objects”. + Previously, some identifiers may miss depending on the order in + which these files were generated. Patch by Victor Stinner. + - Windows + - gh-109991: Update Windows build to use OpenSSL 3.0.11. + - gh-107565: Update Windows build to use OpenSSL 3.0.10. + - macOS + - gh-109991: Update macOS installer to use OpenSSL 3.0.11. + - Tools/Demos + - gh-109991: Update GitHub CI workflows to use OpenSSL 3.0.11 and + multissltests to use 1.1.1w, 3.0.11, and 3.1.3. + +------------------------------------------------------------------- +Wed Sep 6 07:52:11 UTC 2023 - Daniel Garcia + +- Update to 3.11.5 (bsc#1214692): + - Security + - gh-108310: Fixed an issue where instances of ssl.SSLSocket were + vulnerable to a bypass of the TLS handshake and included + protections (like certificate verification) and treating sent + unencrypted data as if it were post-handshake TLS encrypted data. + Security issue reported as CVE-2023-40217 by Aapo Oksman. Patch by + Gregory P. Smith. + - Core and Builtins + - gh-104432: Fix potential unaligned memory access on C APIs + involving returned sequences of char * pointers within the grp + and socket modules. These were revealed using a + -fsaniziter=alignment build on ARM macOS. Patch by Christopher + Chavez. + - gh-77377: Ensure that multiprocessing synchronization objects + created in a fork context are not sent to a different process + created in a spawn context. This changes a segfault into an + actionable RuntimeError in the parent process. + - gh-106092: Fix a segmentation fault caused by a use-after-free + bug in frame_dealloc when the trashcan delays the deallocation + of a PyFrameObject. + - gh-106719: No longer suppress arbitrary errors in the + __annotations__ getter and setter in the type and module types. + - gh-106723: Propagate frozen_modules to multiprocessing spawned + process interpreters. + - gh-105979: Fix crash in _imp.get_frozen_object() due to improper + exception handling. + - gh-105840: Fix possible crashes when specializing function calls + with too many __defaults__. + - gh-105588: Fix an issue that could result in crashes when + compiling malformed ast nodes. + - gh-105375: Fix bugs in the builtins module where exceptions + could end up being overwritten. + - gh-105375: Fix bug in the compiler where an exception could end + up being overwritten. + - gh-105375: Improve error handling in + PyUnicode_BuildEncodingMap() where an exception could end up + being overwritten. + - gh-105235: Prevent out-of-bounds memory access during + mmap.find() calls. + - gh-101006: Improve error handling when read marshal data. + - Library + - gh-105736: Harmonized the pure Python version of OrderedDict + with the C version. Now, both versions set up their internal + state in __new__. Formerly, the pure Python version did the set + up in __init__. + - gh-107963: Fix multiprocessing.set_forkserver_preload() to check + the given list of modules names. Patch by Dong-hee Na. + - gh-106242: Fixes os.path.normpath() to handle embedded null + characters without truncating the path (bsc#1214693, + CVE-2023-41105). + - gh-107845: tarfile.data_filter() now takes the location of + symlinks into account when determining their target, so it will + no longer reject some valid tarballs with + LinkOutsideDestinationError. + - gh-107715: Fix doctest.DocTestFinder.find() in presence of class + names with special characters. Patch by Gertjan van Zwieten. + - gh-100814: Passing a callable object as an option value to a + Tkinter image now raises the expected TclError instead of an + AttributeError. + - gh-106684: Close asyncio.StreamWriter when it is not closed by + application leading to memory leaks. Patch by Kumar Aditya. + - gh-107077: Seems that in some conditions, OpenSSL will return + SSL_ERROR_SYSCALL instead of SSL_ERROR_SSL when a certification + verification has failed, but the error parameters will still + contain ERR_LIB_SSL and SSL_R_CERTIFICATE_VERIFY_FAILED. We are + now detecting this situation and raising the appropiate + ssl.SSLCertVerificationError. Patch by Pablo Galindo + - gh-107396: tarfiles; Fixed use before assignment of + self.exception for gzip decompression + - gh-62519: Make gettext.pgettext() search plural definitions when + translation is not found. + - gh-83006: Document behavior of shutil.disk_usage() for + non-mounted filesystems on Unix. + - gh-106186: Do not report MultipartInvariantViolationDefect + defect when the email.parser.Parser class is used to parse + emails with headersonly=True. + - gh-106831: Fix potential missing NULL check of d2i_SSL_SESSION + result in _ssl.c. + - gh-106774: Update the bundled copy of pip to version 23.2.1. + - gh-106752: Fixed several bug in zipfile.Path in + name/suffix/suffixes/stem operations when no filename is present + and the Path is not at the root of the zipfile. + - gh-106602: Add __copy__ and __deepcopy__ in enum + - gh-106530: Revert a change to colorsys.rgb_to_hls() that caused + division by zero for certain almost-white inputs. Patch by Terry + Jan Reedy. + - gh-106052: re module: fix the matching of possessive quantifiers + in the case of a subpattern containing backtracking. + - gh-106510: Improve debug output for atomic groups in regular + expressions. + - gh-105497: Fix flag mask inversion when unnamed flags exist. + - gh-90876: Prevent multiprocessing.spawn from failing to import + in environments where sys.executable is None. This regressed in + 3.11 with the addition of support for path-like objects in + multiprocessing. + - gh-106350: Detect possible memory allocation failure in the + libtommath function mp_init() used by the _tkinter module. + - gh-102541: Make pydoc.doc catch bad module ImportError when + output stream is not None. + - gh-106263: Fix crash when calling repr with a manually + constructed SignalDict object. Patch by Charlie Zhao. + - gh-105375: Fix a bug in _Unpickler_SetInputStream() where an + exception could end up being overwritten in case of failure. + - gh-105375: Fix bugs in sys where exceptions could end up being + overwritten because of deferred error handling. + - gh-105605: Harden pyexpat error handling during module + initialisation to prevent exceptions from possibly being + overwritten, and objects from being dereferenced twice. + - gh-105375: Fix bug in decimal where an exception could end up + being overwritten. + - gh-105375: Fix bugs in _datetime where exceptions could be + overwritten in case of module initialisation failure. + - gh-105375: Fix bugs in _ssl initialisation which could lead to + leaked references and overwritten exceptions. + - gh-105375: Fix a bug in array.array where an exception could end + up being overwritten. + - gh-105375: Fix bugs in _ctypes where exceptions could end up + being overwritten. + - gh-105375: Fix a bug in the posix module where an exception + could be overwritten. + - gh-105375: Fix bugs in _elementtree where exceptions could be + overwritten. + - gh-105375: Fix bugs in zoneinfo where exceptions could be + overwritten. + - gh-105375: Fix bugs in pickle where exceptions could be + overwritten. + - gh-105497: Fix flag inversion when alias/mask members exist. + - gh-105375: Fix bugs in pickle where exceptions could be + overwritten. + - gh-103171: Revert undocumented behaviour change with + runtime-checkable protocols decorated with typing.final() in + Python 3.11. The behaviour change had meant that objects would + not be considered instances of these protocols at runtime unless + they had a __final__ attribute. Patch by Alex Waygood. + - gh-105375: Fix a bug in sqlite3 where an exception could be + overwritten in the collation callback. + - gh-105332: Revert pickling method from by-name back to by-value. + - gh-104554: Add RTSPS scheme support in urllib.parse + - gh-100061: Fix a bug that causes wrong matches for regular + expressions with possessive qualifier. + - gh-102541: Hide traceback in help() prompt, when import failed. + - gh-99203: Restore following CPython <= 3.10.5 behavior of + shutil.make_archive(): do not create an empty archive if + root_dir is not a directory, and, in that case, raise + FileNotFoundError or NotADirectoryError regardless of format + choice. Beyond the brought-back behavior, the function may now + also raise these exceptions in dry_run mode. + - gh-94777: Fix hanging multiprocessing ProcessPoolExecutor when a + child process crashes while data is being written in the call + queue. + - bpo-18319: Ensure gettext(msg) retrieve translations even if a + plural form exists. In other words: gettext(msg) == + ngettext(msg, '', 1). + - Documentation + - gh-107008: Document the curses module variables LINES and COLS. + - gh-106948: Add a number of standard external names to + nitpick_ignore. + - gh-54738: Add documentation on how to localize the argparse + module. + - Tests + - gh-105776: Fix test_cppext when the C compiler command -std=c11 + option: remove -std= options from the compiler command. Patch by + Victor Stinner. + - gh-107237: test_logging: Fix test_udp_reconnection() by + increasing the timeout from 100 ms to 5 minutes (LONG_TIMEOUT). + Patch by Victor Stinner. + - gh-101634: When running the Python test suite with -jN option, + if a worker stdout cannot be decoded from the locale encoding + report a failed testn so the exitcode is non-zero. Patch by + Victor Stinner. + - Build + - gh-107814: When calling find_python.bat with -q it did not + properly silence the output of nuget. That is now fixed. + - gh-106881: Check for linux/limits.h before including it in + Modules/posixmodule.c. + - gh-104692: Include commoninstall as a prerequisite for + bininstall + - This ensures that commoninstall is completed before bininstall + is started when parallel builds are used (make -j install), and + so the python3 symlink is only installed after all standard + library modules are installed. + - gh-100340: Allows -Wno-int-conversion for wasm-sdk 17 and + onwards, thus enables building WASI builds once against the + latest sdk. + - Windows + - gh-106242: Fixes realpath() to behave consistently when passed a + path containing an embedded null character on Windows. In strict + mode, it now raises OSError instead of the unexpected + ValueError, and in non-strict mode will make the path absolute. + - gh-106844: Fix integer overflow in _winapi.LCMapStringEx() which + affects ntpath.normcase(). + - gh-99079: Update Windows build to use OpenSSL 3.0.9 + - gh-105436: Ensure that an empty environment block is terminated + by two null characters, as is required by Windows. + - macOS + - gh-107565: Update macOS installer to use OpenSSL 3.0.10. + - gh-99079: Update macOS installer to use OpenSSL 3.0.9. + - Tools/Demos + - gh-107565: Update multissltests and GitHub CI workflows to use + OpenSSL 1.1.1v, 3.0.10, and 3.1.2. + - gh-95065: Argument Clinic now supports overriding automatically + generated signature by using directive @text_signature. See How + to override the generated signature. + - gh-106970: Fix bugs in the Argument Clinic destination + clear command; the destination buffers would never be cleared, + and the destination directive parser would simply continue to + the fault handler after processing the command. Patch by Erlend + E. Aasland. + - C API + - gh-107916: C API functions PyErr_SetFromErrnoWithFilename(), + PyErr_SetExcFromWindowsErrWithFilename() and + PyErr_SetFromWindowsErrWithFilename() save now the error code + before calling PyUnicode_DecodeFSDefault(). + - gh-107915: Such C API functions as PyErr_SetString(), + PyErr_Format(), PyErr_SetFromErrnoWithFilename() and many others + no longer crash or ignore errors if it failed to format the + error message or decode the filename. Instead, they keep a + corresponding error. + - gh-107226: PyModule_AddObjectRef() is now only available in the + limited API version 3.10 or later. + - gh-105375: Fix a bug in PyErr_WarnExplicit() where an exception + could end up being overwritten if the API failed internally. + - gh-99612: Fix PyUnicode_DecodeUTF8Stateful() for ASCII-only + data: *consumed was not set. + +------------------------------------------------------------------- +Thu Aug 10 09:33:26 UTC 2023 - Dirk Müller + +- restrict PEP668 to ALP/Tumbleweed + +------------------------------------------------------------------- +Fri Aug 4 06:37:41 UTC 2023 - Dirk Müller + +- add externally_managed.in to label this build as PEP-668 managed + +------------------------------------------------------------------- +Thu Aug 3 14:53:38 UTC 2023 - Matej Cepl + +- IT MEANS THAT bsc#1210638 STILL HAS NOT BEEN FIXED! +- Add Revert-gh105127-left-tests.patch (gh#python/cpython!106941) + partially reverting CVE-2023-27043-email-parsing-errors.patch, + because of the regression in gh#python/cpython#106669. +- (bsc#1210638, CVE-2023-27043) Add + CVE-2023-27043-email-parsing-errors.patch, which detects email + address parsing errors and returns empty tuple to indicate the + parsing error (old API). (The patch is faulty, + gh#python/cpython#106669, but upstream decided not to just + revert it). + +------------------------------------------------------------------- +Wed Jun 28 19:47:28 UTC 2023 - Matej Cepl + +- Update to Python 3.11.4: + - gh-103142: The version of OpenSSL used in Windows and + Mac installers has been upgraded to 1.1.1u to address + CVE-2023-2650, CVE-2023-0465, CVE-2023-0466, CVE-2023-0464, + as well as CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303 + fixed previously in 1.1.1t (gh-101727). + - gh-102153: urllib.parse.urlsplit() now strips leading C0 + control and space characters following the specification for + URLs defined by WHATWG in response to CVE-2023-24329 + (bsc#1208471). + - gh-99889: Fixed a security in flaw in uu.decode() that could + allow for directory traversal based on the input if no + out_file was specified. + - gh-104049: Do not expose the local on-disk + location in directory indexes produced by + http.client.SimpleHTTPRequestHandler. + - gh-103935: trace.__main__ now uses io.open_code() for files + to be executed instead of raw open(). + - gh-102953: The extraction methods in tarfile, and + shutil.unpack_archive(), have a new filter argument that + allows limiting tar features than may be surprising or + dangerous, such as creating files outside the destination + directory. See Extraction filters for details (fixing + CVE-2007-4559, bsc#1203750). +- Remove upstreamed patches: + - CVE-2007-4559-filter-tarfile_extractall.patch + +------------------------------------------------------------------- +Mon Jun 26 13:02:05 UTC 2023 - Matej Cepl + +- Remove obsolete_python_versioned macro again. This mechanism + has no business to be in Python 3.11, because we have abolished + with it whole interpreter+setuptools+pip product. Python 3.11 + should not be replaced by later versions anymore. + +------------------------------------------------------------------- +Sun Apr 30 18:13:16 UTC 2023 - Matej Cepl + +- Add 103213-fetch-CONFIG_ARGS.patch (gh#python/cpython#103053). +- Add skip_if_buildbot-extend.patch to avoid the bug altogether + (extending what skip_if_buildbot covers). +- Add CVE-2007-4559-filter-tarfile_extractall.patch to fix + bsc#1203750 (CVE-2007-4559) and implementing "PEP 706 – Filter + for tarfile.extractall". + +------------------------------------------------------------------- +Thu Apr 27 21:57:15 UTC 2023 - Matej Cepl + +- Update to 3.11.3: + - Security + - gh-101727: Updated the OpenSSL version used in Windows + and macOS binary release builds to 1.1.1t to address + CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303 per the + OpenSSL 2023-02-07 security advisory. + - Core and Builtins + - gh-101975: Fixed stacktop value on tracing entries to avoid + corruption on garbage collection. + - gh-102701: Fix overflow when creating very large dict. + - gh-102416: Do not memoize incorrectly automatically + generated loop rules in the parser. Patch by Pablo Galindo. + - gh-102356: Fix a bug that caused a crash when deallocating + deeply nested filter objects. Patch by Marta Gómez Macías. + - gh-102397: Fix segfault from race condition in signal + handling during garbage collection. Patch by Kumar Aditya. + - gh-102281: Fix potential nullptr dereference and use of + uninitialized memory in fileutils. Patch by Max Bachmann. + - gh-102126: Fix deadlock at shutdown when clearing thread + states if any finalizer tries to acquire the runtime head + lock. Patch by Kumar Aditya. + - gh-102027: Fix SSE2 and SSE3 detection in _blake2 internal + module. Patch by Max Bachmann. + - gh-101967: Fix possible segfault in + positional_only_passed_as_keyword function, when new list + created. + - gh-101765: Fix SystemError / segmentation fault in iter + __reduce__ when internal access of builtins.__dict__ keys + mutates the iter object. + - gh-101696: Invalidate type version tag in + _PyStaticType_Dealloc for static types, avoiding bug where + a false cache hit could crash the interpreter. Patch by + Kumar Aditya. + - Library + - gh-102549: Don’t ignore exceptions in member type creation. + - gh-102947: Improve traceback when dataclasses.fields() is + called on a non-dataclass. Patch by Alex Waygood + - gh-102780: The asyncio.Timeout context manager now + works reliably even when performing cleanup due to task + cancellation. Previously it could raise a CancelledError + instead of an TimeoutError in such cases. + - gh-88965: typing: Fix a bug relating to substitution in . + Pacustom classes generic over a ParamSpec. Previously, if . + Pathe ParamSpec was substituted with a parameters list that . + Paitself contained a TypeVar, the TypeVar in the parameters . + Palist could not be subsequently substituted. This is now . + Pafixed tch by Nikita Sobolev . + - gh-101979: Fix a bug where parentheses in the metavar + argument to argparse.ArgumentParser.add_argument() were + dropped. Patch by Yeojin Kim. + - gh-102179: Fix os.dup2() error message for negative fds. + - gh-101961: For the binary mode, fileinput.hookcompressed() + doesn’t set the encoding value even if the value is + None. Patch by Gihwan Kim. + - gh-101936: The default value of fp becomes io.BytesIO + if HTTPError is initialized without a designated fp + parameter. Patch by Long Vo. + - gh-102069: Fix __weakref__ descriptor generation for custom + dataclasses. + - gh-101566: In zipfile, apply fix for extractall on the + underlying zipfile after being wrapped in Path. + - gh-101892: Callable iterators no longer raise SystemError + when the callable object exhausts the iterator but forgets + to either return a sentinel value or raise StopIteration. + - gh-97786: Fix potential undefined behaviour in corner cases + of floating-point-to-time conversions. + - gh-101517: Fixed bug where bdb looks up the source line + with linecache with a lineno=None, which causes it to fail + with an unhandled exception. + - gh-101673: Fix a pdb bug where ll clears the changes to + local variables. + - gh-96931: Fix incorrect results from + ssl.SSLSocket.shared_ciphers() + - gh-88233: Correctly preserve “extra” fields in zipfile + regardless of their ordering relative to a zip64 “extra.” + - gh-96127: inspect.signature was raising TypeError on + call with mock objects. Now it correctly returns (*args, + **kwargs) as infered signature. + - gh-95495: When built against OpenSSL 3.0, the ssl module + had a bug where it reported unauthenticated EOFs (i.e. + without close_notify) as a clean TLS-level EOF. It now + raises SSLEOFError, matching the behavior in previous + versions of OpenSSL. The options attribute on SSLContext + also no longer includes OP_IGNORE_UNEXPECTED_EOF by + default. This option may be set to specify the previous + OpenSSL 3.0 behavior. + - gh-94440: Fix a concurrent.futures.process bug where + ProcessPoolExecutor shutdown could hang after a future has + been quickly submitted and canceled. + - Documentation + - gh-103112: Add docstring to http.client.HTTPResponse.read() + to fix pydoc output. + - gh-85417: Update cmath documentation to clarify behaviour + on branch cuts. + - gh-97725: Fix asyncio.Task.print_stack() description for + file=None. Patch by Oleg Iarygin. + - Tests + - gh-102980: Improve test coverage on pdb. + - gh-102537: Adjust the error handling strategy in + test_zoneinfo.TzPathTest.python_tzpath_context. Patch by + Paul Ganssle. + - gh-89792: test_tools now copies up to 10x less source data + to a temporary directory during the freeze test by ignoring + git metadata and other artifacts. It also limits its python + build parallelism based on os.cpu_count instead of hard + coding it as 8 cores. + - gh-101377: Improved test_locale_calendar_formatweekday of + calendar. + - Build + - gh-102711: Fix -Wstrict-prototypes compiler warnings. + +------------------------------------------------------------------- +Fri Mar 3 17:23:35 UTC 2023 - Matej Cepl + +- Update to 3.11.2: + Bug fixes, no changes in API and no security bugs. + +------------------------------------------------------------------- +Wed Mar 1 20:50:04 UTC 2023 - Matej Cepl + +- Add python310 Obsoletes line to obsolete_python_versioned macro. + +------------------------------------------------------------------- +Tue Feb 21 11:34:49 UTC 2023 - Matej Cepl + +- Add provides for readline and sqlite3 to the main Python + package. + +------------------------------------------------------------------- +Thu Jan 26 13:28:24 UTC 2023 - Thorsten Kukuk + +- Disable NIS for new products, it's deprecated and gets removed + +------------------------------------------------------------------- +Tue Jan 24 12:23:34 UTC 2023 - Dirk Müller + +- build GLIBC hwcaps optimized versions of the interpreter + +------------------------------------------------------------------- +Tue Jan 10 11:11:56 UTC 2023 - Matej Cepl + +- Don't fail on Sphinx build warnings. +- For jsc#PED-1570, jsc#PED-2217 and jsc#PED-68, + providing Python 3.11 for SLE-15-SP4. + +------------------------------------------------------------------- +Thu Dec 8 14:59:50 UTC 2022 - Matej Cepl + +- Update to 3.11.1: + - python -m http.server no longer allows terminal control + characters sent within a garbage request to be printed + to the stderr server lo This is done by changing the + http.server BaseHTTPRequestHandler .log_message method to + replace control characters with a \xHH hex escape before + printin + - Avoid publishing list of active per-interpreter audit hooks + via the gc module + - The IDNA codec decoder used on DNS hostnames by socket or + asyncio related name resolution functions no longer involves + a quadratic algorithm. This prevents a potential CPU denial + of service if an out-of-spec excessive length hostname + involving bidirectional characters were decoded. Some + protocols such as urllib http 3xx redirects potentially allow + for an attacker to supply such a name (CVE-2022-45061). + - Update bundled libexpat to 2.5.0 + - Fix a shell code injection vulnerability in the + get-remote-certificate.py example script. The script no + longer uses a shell to run openssl commands. Issue reported + and initial fix by Caleb Shortt. Patch by Victor Stinner. + - Fix a crash when an object which does not have a dictionary + frees its instance values. + - Fix a bug in the tokenizer that could cause infinite + recursion when showing syntax warnings that happen in the + first line of the source. Patch by Pablo Galindo + - Fix an issue that could cause frames to be visible to Python + code as they are being torn down, possibly leading to memory + corruption or hard crashes of the interpreter. + - Fix a reference bug in _imp.create_builtin() after the + creation of the first sub-interpreter for modules builtins + and sys. Patch by Victor Stinner. + - Fixed a bug that was causing a buffer overflow if the + tokenizer copies a line missing the newline caracter from a + file that is as long as the available tokenizer buffer. Patch + by Pablo galindo + - Fix bug where an ExceptionGroup subclass can wrap a + BaseException. + - Fix zip path for venv created from a non-installed python on + POSIX platforms. + - Fix an issue that could potentially cause incorrect error + handling for some bytecode instructions. + - Fix an issue that prevented PyThreadState and + PyInterpreterState memory from being freed properly. + - Fix failure in except* with unhashable exceptions. + - Fix calculation of sys._base_executable when inside a POSIX + virtual environment using copies of the python binary when + the base installation does not provide the executable name + used by the venv. Calculation will fall back to alternative + names (“python”, “python.”). + - Update faulthandler to emit an error message with the proper + unexpected signal number. Patch by Dong-hee Na. + - Fix location of SyntaxError for a try block with both except + and except*. + - Fix the error reporting positions of specialized traceback + anchors when the source line contains Unicode characters. + - Fix subscription of type aliases containing bare generic + types or types like TypeVar: for example tuple[A, T][int] and + tuple[TypeVar, T][int], where A is a generic type, and T is a + type variable. + - Lower the recursion depth for marshal on WASI to support + wasmtime 2.0/main. + - Fix multiple crashes in debug mode when str subclasses are + used instead of str itself. + - Fix an issue where member descriptors (such as those for + __slots__) could behave incorrectly or crash instead of + raising a TypeError when accessed via an instance of an + invalid type. + - Suppress ImportError for invalid query for help() + command. Patch by Dong-hee Na. + - Fix detection of MAC addresses for uuid on certain OSs. Patch + by Chaim Sanders + - Print exception class name instead of its string + representation when raising errors from ctypes calls. + - os.sched_yield() now release the GIL while calling + sched_yield(2). Patch by Dong-hee Na. + - Fix an issue that could delay the specialization of PRECALL + instructions. + - Bugfix: PyFunction_GetAnnotations() should return a borrowed + reference. It was returning a new reference. + - Ensure that all Python frame objects are backed by “complete” + frames. + - Fixed a missing incref/decref pair in + Exception.__setstate__(). Patch by Ofey Chan. + - Fix the Python path configuration used to initialized + sys.path at Python startup. Paths are no longer encoded + to UTF-8/strict to avoid encoding errors if it contains + surrogate characters (bytes paths are decoded with the + surrogateescape error handler). Patch by Victor Stinner. + - Fix overly-broad source position information for chained + comparisons used as branching conditions. + - At Python exit, sometimes a thread holding the GIL can + wait forever for a thread (usually a daemon thread) which + requested to drop the GIL, whereas the thread already + exited. To fix the race condition, the thread which requested + the GIL drop now resets its request before exiting. Issue + discovered and analyzed by Mingliang ZHAO. Patch by Victor + Stinner. + - Fix a possible assertion failure, fatal error, or SystemError + if a line tracing event raises an exception while opcode + tracing is enabled. + - Fix undefined behaviour in C code of null pointer arithmetic. + - Make sure that all frame objects created are created from + valid interpreter frames. Prevents the possibility of invalid + frames in backtraces and signal handlers. + - Disable incorrect pickling of the C implemented classmethod + descriptors. + - On WASI ENOTCAPABLE is now mapped to PermissionError. The + errno modules exposes the new error number. getpath.py now + ignores PermissionError when it cannot open landmark files + pybuilddir.txt and pyenv.cfg. + - Allow pdb to locate source for frozen modules in the standard + library. + - Raise ValueError instead of SystemError when methods of + uninitialized io.IncrementalNewlineDecoder objects are + called. Patch by Oren Milman. + - Fix a possible assertion failure in io.FileIO when the opener + returns an invalid file descriptor. + - Also escape s in the http.server + BaseHTTPRequestHandler.log_message so that it is technically + possible to parse the line and reconstruct what the original + data was. Without this a xHH is ambiguious as to if it is a + hex replacement we put in or the characters r”x” came through + in the original request line. + - asyncio.get_event_loop() now only emits a deprecation warning + when a new event loop was created implicitly. It no longer + emits a deprecation warning if the current event loop was + set. + - Fix bug when calling trace.CoverageResults with valid infile. + - Fix a bug in handling class cleanups in + unittest.TestCase. Now addClassCleanup() uses separate lists + for different TestCase subclasses, and doClassCleanups() only + cleans up the particular class. + - Release the GIL when calling termios APIs to avoid blocking + threads. + - Fix ast.increment_lineno() to also cover ast.TypeIgnore when + changing line numbers. + - Fix bug in urllib.parse.urlparse() that causes URL schemes + that begin with a digit, a plus sign, or a minus sign to be + parsed incorrectly. + - Check the number of arguments in substitution in user + generics containing a TypeVarTuple and one or more TypeVar. + - Fix substitution of ParamSpec followed by TypeVarTuple in + generic aliases. + - Fix substitution of TypeVarTuple and ParamSpec together in + user generics. + - Fixed bug where inspect.signature() reported incorrect + arguments for decorated methods. + - Fix SystemError in ctypes when exception was not set during + __initsubclass__. + - Remove older version of + _SSLProtocolTransport.get_write_buffer_limits in + asyncio.sslproto + - fix negative numbers failing in verify() + - Fix statistics.NormalDist pickle with 0 and 1 protocols. + - enum.auto() is now correctly activated when combined with + other assignment values. E.g. ONE = auto(), 'some text' will + now evaluate as (1, 'some text'). + - Update the bundled copy of pip to version 22.3.1. + - Clean up refleak on failed module initialisation in _zoneinfo + - Clean up refleaks on failed module initialisation in in + _pickle + - Clean up refleak on failed module initialisation in _io. + - Fix memory leak in math.dist() when both points don’t have + the same dimension. Patch by Kumar Aditya. + - [3.11] Applied changes from importlib_metadata 4.11.4 + through 4.13, including compatibility and robustness + fixes for Distribution objects without _normalized_name, + disallowing invalid inputs to Distribution.from_name, and + refined behaviors in PathDistribution._name_from_stem and + PathDistribution._normalized_name. + - Fix argument typechecks in _overlapped.WSAConnect() and + _overlapped.Overlapped.WSASendTo() functions. + - Prevent crashing in traceback when retrieving the byte-offset + for some source files that contain certain unicode + characters. + - Fix internal error in the re module which in very rare + circumstances prevented compilation of a regular expression + containing a conditional expression without the “else” + branch. + - Fix asyncio.StreamWriter.drain() to call + protocol.connection_lost callback only once on Windows. + - Add a mutex to unittest.mock.NonCallableMock to protect + concurrent access to mock attributes. + - Fix hang on Windows in subprocess.wait_closed() in asyncio + with ProactorEventLoop. Patch by Kumar Aditya. + - Fix infinite loop in unittest when a self-referencing chained + exception is raised + - tkinter.Text.count() raises now an exception for options + starting with “-” instead of silently ignoring them. + - On uname_result, restored expectation that _fields and + _asdict would include all six properties including processor. + - A createSocket() method was added to SysLogHandler. + - Fix bug in urllib.parse.urlparse() that causes certain port + numbers containing whitespace, underscores, plus and minus + signs, or non-ASCII digits to be incorrectly accepted. + - Allow venv to pass along PYTHON* variables to ensurepip and + pip when they do not impact path resolution + - On macOS, fix a crash in syslog.syslog() in multi-threaded + applications. On macOS, the libc syslog() function is not + thread-safe, so syslog.syslog() no longer releases the GIL to + call it. Patch by Victor Stinner. + - Allow BUILTINS to be a valid field name for frozen + dataclasses. + - Wrap network errors consistently in urllib FTP support, so + the test suite doesn’t fail when a network is available but + the public internet is not reachable. + - Make sure patch.dict() can be applied on async functions. + - Earlier in 3.11 we deprecated + asyncio.Task.cancel("message"). We realized we were too + harsh, and have undeprecated it. + - Change deprecate warning message in unittest from It is + deprecated to return a value!=None to It is deprecated to + return a value that is not None from a test case + - Fixes AttributeError when subprocess.check_output() is used + with argument input=None and either of the arguments encoding + or errors are used. + - Fix is_private properties in the ipaddress module. Previously + non-private networks (0.0.0.0/0) would return True from this + method; now they correctly return False. + - Avoid spurious tracebacks from asyncio when default executor + cleanup is delayed until after the event loop is closed (e.g. + as the result of a keyboard interrupt). + - Avoid a crash in the C version of + asyncio.Future.remove_done_callback() when an evil argument + is passed. + - Remove tokenize.NL check from tabnanny. + - Fix generation of the default name of + tkinter.Checkbutton. Previously, checkbuttons in different + parent widgets could have the same short name and share + the same state if arguments “name” and “variable” are not + specified. Now they are globally unique. + - Update bundled libexpat to 2.4.9 + - Fix race condition in asyncio where process_exited() called + before the pipe_data_received() leading to inconsistent + output. Patch by Kumar Aditya. + - Fixed check in multiprocessing.resource_tracker that + guarantees that the length of a write to a pipe is not + greater than PIPE_BUF. + - Corrected type annotation for dataclass attribute + pstats.FunctionProfile.ncalls to be str. + - Fix repr of Any subclasses. + - Work around missing socket functions in socket’s __repr__. + - In inspect, fix overeager replacement of “typing.” in + formatting annotations. + - Fix handling of bytes path-like objects in os.ismount(). + - Fix handling compiler warnings (SyntaxWarning and + DeprecationWarning) in codeop.compile_command() when checking + for incomplete input. Previously it emitted warnings and + raised a SyntaxError. Now it always returns None for + incomplete input without emitting any warnings. + - To avoid apparent memory leaks when asyncio.open_connection() + raises, break reference cycles generated by local exception + and future instances (which has exception instance as its + member var). Patch by Dong Uk, Kang. + - Fixed flickering of the turtle window when the tracer is + turned off. Patch by Shin-myoung-serp. + - Fix asyncio subprocess transport to kill process cleanly + when process is blocked and avoid RuntimeError when loop is + closed. Patch by Kumar Aditya. + - Prevent error when activating venv in nested fish instances. + - TarFile.next() now returns None when called on an empty + tarfile. + - Document the optional callback parameter of WeakMethod. Patch + by Géry Ogam. + - Restrict use of sockets instead of pipes for stdin of + subprocesses created by asyncio to AIX platform only. + - shutil.copytree() now applies the ignore_dangling_symlinks + argument recursively. + - Fix IndexError in argparse.ArgumentParser when a store_true + action is given an explicit argument. + - Document that calling variadic functions with ctypes requires + special care on macOS/arm64 (and possibly other platforms). + - Remove extra row + - Clarified the conflicting advice given in the ast + documentation about ast.literal_eval() being “safe” for use + on untrusted input while at the same time warning that it + can crash the process. The latter statement is true and is + deemed unfixable without a large amount of work unsuitable + for a bugfix. So we keep the warning and no longer claim that + literal_eval is safe. + - Restructured the documentation for the os.wait* family of + functions, and improved the docs for os.waitid() with more + explanation of the possible argument constants. + - Skip test_normalization() of test_unicodedata if it + fails to download NormalizationTest.txt file from + pythontest.net. Patch by Victor Stinner. + - Correct test_marsh on (32 bit) x86: test_deterministic sets + was failing. + - Optional big memory tests in test_sqlite3 now catch the + correct sqlite.DataError exception type in case of too large + strings and/or blobs passed. + - Fix a bug in the typing tests where a test relying + on CPython-specific implementation details was not + decorated with @cpython_only and was not skipped on other + implementations. + - Add tests for star-unpacking with PEP 646, and some other + miscellaneous PEP 646 tests. + - Added explicit coverage of Py_Initialize (and hence + Py_InitializeEx) back to the embedding tests (all other + embedding tests migrated to Py_InitializeFromConfig in Python + 3.11) + - Some C API tests were moved into the new Lib/test/test_capi/ + directory. + - Fix -Wimplicit-int, -Wstrict-prototypes, and + -Wimplicit-function-declaration compiler warnings in + configure checks. + - Fix a compilation issue with GCC 12 on macOS. + - Fix -Wimplicit-int compiler warning in configure check for + PTHREAD_SCOPE_SYSTEM. + - Fix a possible fd leak in Programs/_freeze_module.c + introduced in Python 3.11. + - Fix build with PYTHON_FOR_REGEN=python3.8. + - Specify the full path to the source location for make + docclean (needed for cross-builds). + - Don’t use vendored libmpdec headers if --with-system-libmpdec + is passed to configure. Don’t use vendored libexpat headers + if --with-system-expat is passed to !configure. + - Fix the build process of clang compiler for _bootstrap_python + if LTO optimization is applied. Patch by Matthias Görgens and + Dong-hee Na. + - wasm32-emscripten builds for browsers now include + concurrent.futures for asyncio and unittest.mock. + - wasm32-emscripten platform no longer builds resource module, + getresuid(), getresgid(), and their setters. The APIs are + stubs and not functional. + - Updated pegen regeneration script on Windows to find and + use Python 3.9 or higher. Prior to this, pegen regeneration + already required 3.9 or higher, but the script may have used + lower versions of Python. + - Fix a bug in the previous bugfix that caused IDLE to + not start when run with 3.10.8, 3.12.0a1, and at least + Microsoft Python 3.10.2288.0 installed without the Lib/test + package. 3.11.0 was never affected. + - The wasm_build.py script now pre-builds Emscripten ports, + checks for broken EMSDK versions, and warns about pkg-config + env vars. + - The new tool Tools/wasm/wasm_builder.py automates configure, + compile, and test steps for building CPython on WebAssembly + platforms. + - Fix handling of module docstrings in Tools/i18n/pygettext.py. + - PyBUF_* constants were marked as part of Limited API + of Python 3.11+. These were available in 3.11.0 with + Py_LIMITED_API defined for 3.11, and are necessary to use the + buffer API. + - Fix use-after-free in Py_SetPythonHome(NULL), + Py_SetProgramName(NULL) and _Py_SetProgramFullPath(NULL) + function calls. Issue reported by Benedikt Reinartz. Patch by + Victor Stinner. + - Py_InitializeEx now correctly calls PyConfig_Clear after + initializing the interpreter (the omission didn’t cause a + memory leak only because none of the dynamically allocated + config fields are populated by the wrapper function) +- Removed upstreamed patches: + - 98437-sphinx.locale._-as-gettext-in-pyspecific.patch + - CVE-2022-45061-DoS-by-IDNA-decode.patch + +------------------------------------------------------------------- +Wed Nov 9 18:31:23 UTC 2022 - Matej Cepl + +- Add CVE-2022-45061-DoS-by-IDNA-decode.patch to avoid + CVE-2022-45061 (bsc#1205244) allowing DoS by IDNA decoding + extremely long domain names. + +------------------------------------------------------------------- +Tue Oct 25 08:39:47 UTC 2022 - Matej Cepl + +- Update to 3.11.0 (overall changes from 3.10.*): + - General changes + - PEP 657 -- Include Fine-Grained Error Locations in + Tracebacks + - PEP 654 -- Exception Groups and except* + - PEP 680 -- tomllib: Support for Parsing TOML in the + Standard Library + - gh-90908 -- Introduce task groups to asyncio + - gh-34627 -- Atomic grouping ((?>...)) and possessive + quantifiers (*+, ++, ?+, {m,n}+) are now supported in + regular expressions. + - The Faster CPython Project is already yielding some + exciting results. Python 3.11 is up to 10-60% faster than + Python 3.10. On average, we measured a 1.22x speedup on the + standard benchmark suite. See Faster CPython for details. + - Typing and typing language changes + - PEP 673 -- Self Type + - PEP 646 -- Variadic Generics + - PEP 675 -- Arbitrary Literal String Type + - PEP 655 -- Marking individual TypedDict items as required + or potentially-missing + - PEP 681 -- Data Class Transforms +- (just changes from 3.11.0rc2): + - Fix multiplying a list by an integer (list *= int): detect + the integer overflow when the new allocated length is close + to the maximum size. Issue reported by Jordan Limor. Patch by + Victor Stinner. + - On Linux the multiprocessing module returns to using + filesystem backed unix domain sockets for communication + with the forkserver process instead of the Linux abstract + socket namespace. Only code that chooses to use the + “forkserver” start method is affected. Abstract sockets have + no permissions and could allow any user on the system in the + same network namespace (often the whole system) to inject + code into the multiprocessing forkserver process. This was + a potential privilege escalation. Filesystem based socket + permissions restrict this to the forkserver process user as + was the default in Python 3.8 and earlier. This prevents + Linux CVE-2022-42919. + - Fix an issue where several frame objects could be backed by + the same interpreter frame, possibly leading to corrupted + memory and hard crashes of the interpreter. + - Fix possible data corruption or crashes when accessing the + f_back member of newly-created generator or coroutine frames. + - Fix a crash occurring when PyEval_GetFrame() is called while + the topmost Python frame is in a partially-initialized state. + - Fix command line parsing: reject -X int_max_str_digits option + with no value (invalid) when the PYTHONINTMAXSTRDIGITS + environment variable is set to a valid limit. Patch by Victor + Stinner. + - Fix undefined behaviour in _testcapimodule.c. + - When ValueError is raised if an integer is larger than the + limit, mention the sys.set_int_max_str_digits() function in + the error message. Patch by Victor Stinner. + - Correctly raise SyntaxError on exception groups (PEP 654) on + python versions prior to 3.11 + - Document some places where an assignment expression needs + parentheses. + - Update the bundled copies of pip and setuptools to versions + 22.3 and 65.5.0 respectively. + - fix Flag to use boundary CONFORM + - This restores previous Flag behavior of allowing flags with + non-sequential values to be combined; e.g. + - class Skip(Flag): TWO = 2 EIGHT = 8 + - Skip.TWO | Skip.EIGHT -> + - Fix ! in c domain ref target syntax via a conf.py patch, so + it works as intended to disable ref target resolution. + - Update tutorial introduction output to use 3.10+ SyntaxError + invalid range. + +------------------------------------------------------------------- +Fri Oct 21 10:14:03 UTC 2022 - Matej Cepl + +- Add 98437-sphinx.locale._-as-gettext-in-pyspecific.patch to + allow building of documentation with the latest Sphinx 5.3.0 + (gh#python/cpython#98366). + +------------------------------------------------------------------- +Thu Sep 15 08:43:07 UTC 2022 - Matej Cepl + +- Update to 3.11.0rc2: + - Converting between int and str in bases other than 2 + (binary), 4, 8 (octal), 16 (hexadecimal), or 32 such as base + 10 (decimal) now raises a ValueError if the number of digits + in string form is above a limit to avoid potential denial of + service attacks due to the algorithmic complexity. This is + a mitigation for CVE-2020-10735. + This new limit can be configured or disabled by environment + variable, command line flag, or sys APIs. See the integer + string conversion length limitation documentation. The + default limit is 4300 digits in string form. + - Fix case of undefined behavior in ceval.c + - Do not expose KeyWrapper in _functools. + - Ensure that tracing, sys.setrace(), is turned on + immediately. In pre-release versions of 3.11, some tracing + events might have been lost when turning on tracing in a + __del__ method or interrupt. + - Fix use after free in trace refs build mode. Patch by Kumar + Aditya. + - When loading a file with invalid UTF-8 inside a multi-line + string, a correct SyntaxError is emitted. + - Make sure that incomplete frames do not show up in + tracemalloc traces. + - Remove two cases of undefined behavior, by adding NULL + checks. + - Fix possible NULL pointer dereference in + _PyThread_CurrentFrames. Patch by Kumar Aditya. + - Fix AttributeError missing name and obj attributes in + object.__getattribute__(). Patch by Philip Georgi. + - Loading a file with invalid UTF-8 will now report the broken + character at the correct location. + - Fixed a bug that caused _PyCode_GetExtra to return garbage + for negative indexes. Patch by Pablo Galindo + - Fix a deadlock in PyGILState_Ensure() when allocating new + thread state. Patch by Kumar Aditya. + - PyType_Ready() now initializes ht_cached_keys and performs + additional checks to ensure that type objects are properly + configured. This avoids crashes in 3rd party packages that + don’t use regular API to create new types. + - Skip over incomplete frames in PyThreadState_GetFrame(). + - Fix format string in _PyPegen_raise_error_known_location that + can lead to memory corruption on some 64bit systems. The + function was building a tuple with i (int) instead of n + (Py_ssize_t) for Py_ssize_t arguments. + - Fix misleading contents of error message when converting an + all-whitespace string to float. + - ast.parse() will no longer parse function definitions with + positional-only params when passed feature_version less than + (3, 8). Patch by Shantanu Jain. + - Fix incorrect error message in the io module. + - Fix the faulthandler implementation of + faulthandler.register(signal, chain=True) if the sigaction() + function is not available: don’t call the previous signal + handler if it’s NULL. Patch by Victor Stinner. + - Correct conversion of numbers.Rational’s to float. + - Fix TypeVarTuple.__typing_prepare_subst__. TypeError was not + raised when using more than one TypeVarTuple, like [*T, *V] + in type alias substitutions. + - Fix asyncio.streams.StreamReaderProtocol to keep a strong + reference to the created task, so that it’s not garbage + collected + - Fix a performance regression in logging + TimedRotatingFileHandler. Only check for special files when + the rollover time has passed. + - Fix unused localName parameter in the Attr class in + xml.dom.minidom. + - Fix incorrect condition that causes sys.thread_info.name to + be wrong on pthread platforms. + - Remove an incompatible change from bpo-28080 that caused a + regression that ignored the utf8 in ZipInfo.flag_bits. Patch + by Pablo Galindo. + - Fix asyncio.Runner to call asyncio.set_event_loop() only + once to avoid calling attach_loop() multiple times on child + watchers. Patch by Kumar Aditya. + - Fix unittest.IsolatedAsyncioTestCase to set event loop before + calling setup functions. Patch by Kumar Aditya. + - When a task catches asyncio.CancelledError and raises some + other error, the other error should generally not silently be + suppressed. + - Fail gracefully if EPERM or ENOSYS is raised when loading + crypt methods. This may happen when trying to load MD5 on a + Linux kernel with FIPS enabled. + - Allow asyncio.StreamWriter.drain() to be awaited concurrently + by multiple tasks. Patch by Kumar Aditya. + - Fix ast.unparse() when ImportFrom.level is None + - Improve discoverability of the higher level + concurrent.futures module by providing clearer links from the + lower level threading and multiprocessing modules. + - What’s New 3.11 now has instructions for how to provide + compiler and linker flags for Tcl/Tk and OpenSSL on RHEL 7 + and CentOS 7. + - Mitigate the inherent race condition from using + find_unused_port() in testSockName() by trying to find an + unused port a few times before failing. Patch by Ross Burton. + - Build and test with OpenSSL 1.1.1q +- Use support-expat-CVE-2022-25236-patched.patch from the current + version of gh#python/cpython#93900 instead of the old + support-expat-245.patch. +- Reapply fix_configure_rst.patch. + +------------------------------------------------------------------- +Mon Sep 5 08:43:49 UTC 2022 - Andreas Schwab + +- Increase testsuite timeout for test_freeze_simple_script + +------------------------------------------------------------------- +Sat Aug 20 21:31:40 UTC 2022 - Matej Cepl + +- fix import_failed.map to refer to the python 3.11 package versions + +------------------------------------------------------------------- +Sat Aug 20 14:05:21 UTC 2022 - Matej Cepl + +- Update to 3.11.0rc1: + - Core and Builtins + - Update code object hashing and equality to consider all + debugging and exception handling tables. This fixes an + issue where certain non-identical code objects could be + “deduplicated” during compilation. + - _PyPegen_Parser_New now properly detects token memory + allocation errors. Patch by Honglin Zhu. + - Run Python code in tracer/profiler function at full + speed. Fixes slowdown in earlier versions of 3.11. + - Emit a warning in debug mode if an object does not call + PyObject_GC_UnTrack() before deallocation. Patch by Pablo + Galindo. + - Prevented crashes in the AST constructor when + compiling some absurdly long expressions like + "+0"*1000000. RecursionError is now raised instead. Patch + by Pablo Galindo + - ast.AST node positions are now validated when provided to + compile() and other related functions. If invalid positions + are detected, a ValueError will be raised. + - Fix error detection in some builtin functions when keyword + argument name is an instance of a str subclass with + overloaded __eq__ and __hash__. Previously it could cause + SystemError or other undesired behavior. + - Library + - Update bundled pip to 22.2.2. + - Fix asyncio.TaskGroup to propagate exception when + asyncio.CancelledError was replaced with another exception + by a context manger. Patch by Kumar Aditya and Guido van + Rossum. + - Update bundled pip to 22.2.1. + - Fix GC crash when deallocating _lsprof.Profiler by + untracking it before calling any callbacks. Patch by Kumar + Aditya. + - Fix asyncio.run() for asyncio.Task implementations without + uncancel() method. Patch by Kumar Aditya. + - Fix check for existence of os.EFD_CLOEXEC, os.EFD_NONBLOCK + and os.EFD_SEMAPHORE flags on older kernel versions where + these flags are not present. Patch by Kumar Aditya. + - Fix concurrent.futures.Executor.map() to cancel the + currently waiting on future on an error - e.g. TimeoutError + or KeyboardInterrupt. + - Ensure that timeouts scheduled with asyncio.Timeout that + have already expired are delivered promptly. + - Suppress writing an XML declaration in open files + in ElementTree.write() with encoding='unicode' and + xml_declaration=None. + - Fix findtext in the xml module to only give an empty string + when the text attribute is set to None. + - Documentation + - Fix stylesheet not working in Windows CHM htmlhelp docs + and add warning that they are deprecated. Contributed by + C.A.M. Gerlach. + - Update library documentation with availability information + on WebAssembly platforms wasm32-emscripten and wasm32-wasi. + - Use consistent syntax for platform availability. The + directive now supports a content body and emits a warning + when it encounters an unknown platform. + - Document a limitation in ThreadPoolExecutor where its exit + handler is executed before any handlers in atexit. + - Tests + - Lib/test/test_asyncio/test_ssl.py exposed a bug in the + macOS kernel where intense concurrent load on non-blocking + sockets occasionally causes errno.ENOBUFS (“No buffer space + available”) to be emitted. FB11063974 filed with Apple, in + the mean time as a workaround buffer size used in tests on + macOS is decreased to avoid intermittent failures. Patch by + Fantix King. + - Fix problem with test_ssl test_get_ciphers on systems that + require perfect forward secrecy (PFS) ciphers. + - Add a regression test for re exponentional slowdown when + using rjsmin. + - Build + - Fix a regression in configure script that caused some + header checks to ignore custom CPPFLAGS. The regression was + introduced in gh-94802. + - wasm32-wasi builds no longer depend on WASIX’s pthread + stubs. Python now has its own stubbed pthread API. + - Python now detects missing dup function in WASI and works + around some missing errno, select, and socket constants. + - Python now skips missing socket functions and methods on + WASI. WASI can only create sockets from existing fd / + accept and has no netdb. + - Platforms wasm32-unknown-emscripten and wasm32-unknown-wasi + have been promoted to PEP 11 tier 3 platform support. + - IDLE + - Document handling of extensions in Save As dialogs. + - Include prompts when saving Shell (interactive input and + output). + - Fix the Shell context menu copy-with-prompts bug of copying + an extra line when one selects whole lines. + - In the Edit menu, move Select All and add a new separator. + - Enable using IDLE’s module browser with .pyw files. + - Add .pyi as a recognized extension for IDLE on macOS. This + allows opening stub files by double clicking on them in the + Finder. + - C API + - Restore the 3.10 behavior for multiple inheritance of C + extension classes that store their dictionary at the end of + the struct. + - Added PyCode_GetVarnames(), PyCode_GetCellvars() and + PyCode_GetFreevars() for accessing co_varnames, co_cellvars + and co_freevars respectively via the C API. + +------------------------------------------------------------------- +Tue Jul 26 10:37:31 UTC 2022 - Matej Cepl + +- Update to 3.11.0b5: + - Core and Builtins + - gh-93351: ast.AST node positions are now validated when + provided to compile() and other related functions. If + invalid positions are detected, a ValueError will be + raised. + - gh-94438: Fix an issue that caused extended opcode + arguments and some conditional pops to be ignored when + calculating valid jump targets for assignments to the + f_lineno attribute of frame objects. In some cases, this + could cause inconsistent internal state, resulting in a + hard crash of the interpreter. + - gh-95060: Undocumented PyCode_Addr2Location function now + properly returns when addrq argument is less than zero. + - gh-95113: Replace all EXTENDED_ARG_QUICK instructions + with basic EXTENDED_ARG instructions in unquickened + code. Consumers of non-adaptive bytecode should be able to + handle extended arguments the same way they were handled in + CPython 3.10 and older. + - gh-91409: Fix incorrect source location info caused by + certain optimizations in the bytecode compiler. + - gh-94036: Fix incorrect source location info for some + multi-line attribute accesses and method calls. + - gh-94739: Allow jumping within, out of, and across + exception handlers in the debugger. + - gh-94949: ast.parse() will no longer parse parenthesized + context managers when passed feature_version less than (3, + 9). Patch by Shantanu Jain. + - gh-94947: ast.parse() will no longer parse assignment + expressions when passed feature_version less than (3, + 8). Patch by Shantanu Jain. + - gh-91256: Ensures the program name is known for help text + during interpreter startup. + - gh-94869: Fix the column offsets for some expressions in + multi-line f-strings ast nodes. Patch by Pablo Galindo. + - gh-94822: Fix an issue where lookups of metaclass + descriptors may be ignored when an identically-named + attribute also exists on the class itself. + - gh-91153: Fix an issue where a bytearray item assignment + could crash if it’s resized by the new value’s __index__() + method. + - gh-90699: Fix reference counting bug in + bool.__repr__(). Patch by Kumar Aditya. + - Library + - gh-95087: Fix IndexError in parsing invalid date in the + email module. + - gh-95199: Upgrade bundled setuptools to 63.2.0. + - gh-95194: Upgrade bundled pip to 22.2. + - gh-95132: Fix a sqlite3 regression where *args and **kwds + were incorrectly relayed from connect() to the Connection + factory. The regression was introduced in 3.11a1 with PR + 24421 (gh-85128). Patch by Erlend E. Aasland.` + - gh-93157: Fix fileinput module didn’t support errors option + when inplace is true. + - gh-95105: wsgiref.types.InputStream.__iter__() should + return Iterator[bytes], not Iterable[bytes]. Patch by + Shantanu Jain. + - gh-94857: Fix refleak in + _io.TextIOWrapper.reconfigure. Patch by Kumar Aditya. + - gh-94821: Fix binding of unix socket to empty address + on Linux to use an available address from the abstract + namespace, instead of “0”. + - gh-89988: Fix memory leak in pickle.Pickler when looking up + dispatch_table. Patch by Kumar Aditya. + - bpo-47025: Drop support for bytes on sys.path. + - Tests + - gh-95212: Make multiprocessing test case + test_shared_memory_recreate parallel-safe. + - Build + - gh-94847: Fixed _decimal module build issue on GCC when + compiling with LTO and pydebug. Debug builds no longer + force inlining of functions. + - gh-94841: Fix the possible performance regression of + PyObject_Free() compiled with MSVC version 1932. + - gh-94801: configure now uses custom flags like ZLIB_CFLAGS + and ZLIB_LIBS when searching for headers and libraries. + - gh-94773: deepfreeze.py now supports code object with + frozensets that contain incompatible, unsortable types. + - C API + - gh-94930: Fix SystemError raised when + PyArg_ParseTupleAndKeywords() is used with # in (...) but + without PY_SSIZE_T_CLEAN defined. + - gh-94864: Fix PyArg_Parse* with deprecated format units “u” + and “Z”. It returned 1 (success) when warnings are turned + into exceptions. + - gh-94731: Python again uses C-style casts for + most casting operations when compiled with + C++. This may trigger compiler warnings, if they + are enabled with e.g. -Wold-style-cast `` or + ``-Wzero-as-null-pointer-constant options for g++. + +------------------------------------------------------------------- +Thu Jul 21 14:19:53 UTC 2022 - Matej Cepl + +- Switch from %primary_interpreter to prjconf-defined + %primary_python (gh#openSUSE/python-rpm-macros#127). + +------------------------------------------------------------------- +Thu Jul 14 15:37:35 UTC 2022 - Matej Cepl + +- Update to 3.11.0b4: +- Fixes many bugs and adds following more significant changes +- Security + - gh-68966: The deprecated mailcap module now refuses to inject + Coreunsafe text (filenames, MIME types, parameters) into + shell Corecommands. Instead of using such text, it will + warn and act Coreas if a match was not found (or for test + commands, as if the Coretest failed). and Builtins + - gh-93516: Lazily create a table mapping bytecode offsets to + line numbers to speed up calculation of line numbers when + tracing. + - gh-93461: importlib.invalidate_caches() now drops entries + from sys.path_importer_cache with a relative path as + name. This solves a caching issue when a process changes its + current working directory. + - FileFinder no longer inserts a dot in the path, e.g. + /egg/./spam is now /egg/spam. +Library + - gh-93896: Fix asyncio.run() and + unittest.IsolatedAsyncioTestCase to always the set event loop + as it was done in Python 3.10 and earlier. Patch by Kumar + Aditya. + - gh-94101: Manual instantiation of ssl.SSLSession objects is + no longer allowed as it lead to misconfigured instances that + crashed the interpreter when attributes where accessed on + them. + - gh-83658: Make multiprocessing.Pool raise an exception if + maxtasksperchild is not None or a positive int. + - gh-61162: Clarify sqlite3 behavior when Using the connection + as a context manager. +Tools/Demos + - gh-94538: Fix Argument Clinic output to custom file + destinations. Patch by Erlend E. Aasland. +C API + - gh-93937: The following frame functions and type are now + directly available with #include , it’s no longer + needed to add #include : + PyFrame_Check() + PyFrame_GetBack() + PyFrame_GetBuiltins() + PyFrame_GetGenerator() + PyFrame_GetGlobals() + PyFrame_GetLasti() + PyFrame_GetLocals() + PyFrame_Type + +------------------------------------------------------------------- +Tue May 31 20:54:36 UTC 2022 - Matej Cepl + +- Update to 3.11.0b2: + - many small updates +- Add patch support-expat-245.patch: + * Support Expat >= 2.4.4 (jsc#SLE-21253) + +------------------------------------------------------------------- +Tue May 10 15:01:18 UTC 2022 - Matej Cepl + +- Refresh bluez-devel-vendor.tar.xz +- Fix building with system-expat (gh#python/cpython#92875). Nope, + it didn't work, worked around it. + +------------------------------------------------------------------- +Mon May 9 15:09:03 UTC 2022 - Matej Cepl + +- Update to pre-release version 3.11.0b1: + - PEP 657 – Include Fine-Grained Error Locations in Tracebacks + - PEP 654 – Exception Groups and except* + - PEP 673 – Self Type + - PEP 646 – Variadic Generics + - PEP 680– tomllib: Support for Parsing TOML in the Standard Library + - PEP 675– Arbitrary Literal String Type + - PEP 655– Marking individual TypedDict items as required or potentially-missing + - bpo-46752– Introduce task groups to asyncio + - The Faster Cpython Project is already yielding some exciting + results. Python 3.11 is up to 10-60% faster than Python + 3.10. On average, we measured a 1.22x speedup on the standard + benchmark suite. See + https://docs.python.org/3.11/whatsnew/3.11.html#faster-cpython + for details. + +------------------------------------------------------------------- +Thu May 5 14:35:56 UTC 2022 - Matej Cepl + +- Switch primary_interpreter from python38 to python310 + +------------------------------------------------------------------- +Sat Mar 26 22:52:45 UTC 2022 - Matej Cepl + +- Update to 3.10.4: + - bpo-46968: Check for the existence of the “sys/auxv.h” header + in faulthandler to avoid compilation problems in systems + where this header doesn’t exist. Patch by Pablo Galindo + - bpo-23691: Protect the re.finditer() iterator from + re-entering. + - bpo-42369: Fix thread safety of zipfile._SharedFile.tell() to + avoid a “zipfile.BadZipFile: Bad CRC-32 for file” exception + when reading a ZipFile from multiple threads. + - bpo-38256: Fix binascii.crc32() when it is compiled to use + zlib’c crc32 to work properly on inputs 4+GiB in length + instead of returning the wrong result. The workaround prior + to this was to always feed the function data in increments + smaller than 4GiB or to just call the zlib module function. + - bpo-39394: A warning about inline flags not at the start of + the regular expression now contains the position of the flag. + - bpo-47061: Deprecate the various modules listed by PEP 594: + - aifc, asynchat, asyncore, audioop, cgi, cgitb, chunk, crypt, + imghdr, msilib, nntplib, nis, ossaudiodev, pipes, smtpd, + sndhdr, spwd, sunau, telnetlib, uu, xdrlib + - bpo-2604: Fix bug where doctests using globals would fail + when run multiple times. + - bpo-45997: Fix asyncio.Semaphore re-aquiring FIFO order. + - bpo-47022: The asynchat, asyncore and smtpd modules have been + deprecated since at least Python 3.6. Their documentation and + deprecation warnings and have now been updated to note they + will removed in Python 3.12 (PEP 594). + - bpo-46421: Fix a unittest issue where if the command was + invoked as python -m unittest and the filename(s) began with + a dot (.), a ValueError is returned. + - bpo-40296: Fix supporting generic aliases in pydoc. + +- Update to 3.10.3: + - bpo-46940: Avoid overriding AttributeError metadata + information for nested attribute access calls. Patch by Pablo + Galindo. + - bpo-46852: Rename the private undocumented + float.__set_format__() method to float.__setformat__() to fix + a typo introduced in Python 3.7. The method is only used by + test_float. Patch by Victor Stinner. + - bpo-46794: Bump up the libexpat version into 2.4.6 + - bpo-46820: Fix parsing a numeric literal immediately (without + spaces) followed by “not in” keywords, like in 1not in x. Now + the parser only emits a warning, not a syntax error. + - bpo-46762: Fix an assert failure in debug builds when a ‘<’, + ‘>’, or ‘=’ is the last character in an f-string that’s + missing a closing right brace. + - bpo-46724: Make sure that all backwards jumps use the + JUMP_ABSOLUTE instruction, rather than JUMP_FORWARD with an + argument of (2**32)+offset. + - bpo-46732: Correct the docstring for the __bool__() method. + Patch by Jelle Zijlstra. + - bpo-46707: Avoid potential exponential backtracking when + producing some syntax errors involving lots of brackets. + Patch by Pablo Galindo. + - bpo-40479: Add a missing call to va_end() in + Modules/_hashopenssl.c. + - bpo-46615: When iterating over sets internally in + setobject.c, acquire strong references to the resulting items + from the set. This prevents crashes in corner-cases of + various set operations where the set gets mutated. + - bpo-45773: Remove two invalid “peephole” optimizations from + the bytecode compiler. + - bpo-43721: Fix docstrings of getter, setter, and deleter to + clarify that they create a new copy of the property. + - bpo-46503: Fix an assert when parsing some invalid N escape + sequences in f-strings. + - bpo-46417: Fix a race condition on setting a type __bases__ + attribute: the internal function add_subclass() now gets the + PyTypeObject.tp_subclasses member after calling + PyWeakref_NewRef() which can trigger a garbage collection + which can indirectly modify PyTypeObject.tp_subclasses. Patch + by Victor Stinner. + - bpo-46383: Fix invalid signature of _zoneinfo’s module_free + function to resolve a crash on wasm32-emscripten platform. + - bpo-46070: Py_EndInterpreter() now explicitly untracks all + objects currently tracked by the GC. Previously, if an object + was used later by another interpreter, calling + PyObject_GC_UnTrack() on the object crashed if the previous + or the next object of the PyGC_Head structure became + a dangling pointer. Patch by Victor Stinner. + - bpo-46339: Fix a crash in the parser when retrieving the + error text for multi-line f-strings expressions that do not + start in the first line of the string. Patch by Pablo Galindo + - bpo-46240: Correct the error message for unclosed parentheses + when the tokenizer doesn’t reach the end of the source when + the error is reported. Patch by Pablo Galindo + - bpo-46091: Correctly calculate indentation levels for lines + with whitespace character that are ended by line continuation + characters. Patch by Pablo Galindo + - bpo-43253: Fix a crash when closing transports where the + underlying socket handle is already invalid on the Proactor + event loop. + - bpo-47004: Apply bugfixes from importlib_metadata 4.11.3, + including bugfix for EntryPoint.extras, which was returning + match objects and not the extras strings. + - bpo-46985: Upgrade pip wheel bundled with ensurepip (pip + 22.0.4) + - bpo-46968: faulthandler: On Linux 5.14 and newer, dynamically + determine size of signal handler stack size CPython allocates + using getauxval(AT_MINSIGSTKSZ). This changes allows for + Python extension’s request to Linux kernel to use AMX_TILE + instruction set on Sapphire Rapids Xeon processor to succeed, + unblocking use of the ISA in frameworks. + - bpo-46955: Expose asyncio.base_events.Server as + asyncio.Server. Patch by Stefan Zabka. + - bpo-23325: The signal module no longer assumes that SIG_IGN + and SIG_DFL are small int singletons. + - bpo-46932: Update bundled libexpat to 2.4.7 + - bpo-25707: Fixed a file leak in + xml.etree.ElementTree.iterparse() when the iterator is not + exhausted. Patch by Jacob Walls. + - bpo-44886: Inherit asyncio proactor datagram transport from + asyncio.DatagramTransport. + - bpo-46827: Support UDP sockets in asyncio.loop.sock_connect() + for selector-based event loops. Patch by Thomas Grainger. + - bpo-46811: Make test suite support Expat >=2.4.5 + - bpo-46252: Raise TypeError if ssl.SSLSocket is passed to + transport-based APIs. + - bpo-46784: Fix libexpat symbols collisions with user + dynamically loaded or statically linked libexpat in embedded + Python. + - bpo-39327: shutil.rmtree() can now work with VirtualBox + shared folders when running from the guest operating-system. + - bpo-46756: Fix a bug in + urllib.request.HTTPPasswordMgr.find_user_password() and + urllib.request.HTTPPasswordMgrWithPriorAuth.is_authenticated() + which allowed to bypass authorization. For example, access to + URI example.org/foobar was allowed if the user was authorized + for URI example.org/foo. + - bpo-46643: In typing.get_type_hints(), support evaluating + stringified ParamSpecArgs and ParamSpecKwargs annotations. + Patch by Gregory Beauregard. + - bpo-45863: When the tarfile module creates a pax format + archive, it will put an integer representation of timestamps + in the ustar header (if possible) for the benefit of older + unarchivers, in addition to the existing full-precision + timestamps in the pax extended header. + - bpo-46676: Make typing.ParamSpec args and kwargs equal to + themselves. Patch by Gregory Beauregard. + - bpo-46672: Fix NameError in asyncio.gather() when initial + type check fails. + - bpo-46655: In typing.get_type_hints(), support evaluating + bare stringified TypeAlias annotations. Patch by Gregory + Beauregard. + - bpo-45948: Fixed a discrepancy in the C implementation of the + xml.etree.ElementTree module. Now, instantiating an + xml.etree.ElementTree.XMLParser with a target=None keyword + provides a default xml.etree.ElementTree.TreeBuilder target + as the Python implementation does. + - bpo-46521: Fix a bug in the codeop module that was + incorrectly identifying invalid code involving string quotes + as valid code. + - bpo-46581: Brings ParamSpec propagation for GenericAlias in + line with Concatenate (and others). + - bpo-46591: Make the IDLE doc URL on the About IDLE dialog + clickable. + - bpo-46400: expat: Update libexpat from 2.4.1 to 2.4.4 + - bpo-46487: Add the get_write_buffer_limits method to + asyncio.transports.WriteTransport and to the SSL transport. + - bpo-45173: Note the configparser deprecations will be removed + in Python 3.12. + - bpo-46539: In typing.get_type_hints(), support evaluating + stringified ClassVar and Final annotations inside Annotated. + Patch by Gregory Beauregard. + - bpo-46491: Allow typing.Annotated to wrap typing.Final and + typing.ClassVar. Patch by Gregory Beauregard. + - bpo-46436: Fix command-line option -d/--directory in module + http.server which is ignored when combined with command-line + option --cgi. Patch by Géry Ogam. + - bpo-41403: Make mock.patch() raise a TypeError with + a relevant error message on invalid arg. Previously it + allowed a cryptic AttributeError to escape. + - bpo-46474: In importlib.metadata.EntryPoint.pattern, avoid + potential REDoS by limiting ambiguity in consecutive + whitespace. + - bpo-46469: asyncio generic classes now return + types.GenericAlias in __class_getitem__ instead of the same + class. + - bpo-46434: pdb now gracefully handles help when __doc__ is + missing, for example when run with pregenerated optimized + .pyc files. + - bpo-46333: The __eq__() and __hash__() methods of + typing.ForwardRef now honor the module parameter of + typing.ForwardRef. Forward references from different modules + are now differentiated. + - bpo-46246: Add missing __slots__ to + importlib.metadata.DeprecatedList. Patch by Arie Bovenberg. + - bpo-46266: Improve day constants in calendar. + - Now all constants (MONDAY … SUNDAY) are documented, tested, + and added to __all__. + - bpo-46232: The ssl module now handles certificates with bit + strings in DN correctly. + - bpo-43118: Fix a bug in inspect.signature() that was causing + it to fail on some subclasses of classes with + a __text_signature__ referencing module globals. Patch by + Weipeng Hong. + - bpo-26552: Fixed case where failing asyncio.ensure_future() + did not close the coroutine. Patch by Kumar Aditya. + - bpo-21987: Fix an issue with tarfile.TarFile.getmember() + getting a directory name with a trailing slash. + - bpo-20392: Fix inconsistency with uppercase file extensions + in MimeTypes.guess_type(). Patch by Kumar Aditya. + - bpo-46080: Fix exception in argparse help text generation if + a argparse.BooleanOptionalAction argument’s default is + argparse.SUPPRESS and it has help specified. Patch by Felix + Fontein. + - bpo-44439: Fix .write() method of a member file in ZipFile, + when the input data is an object that supports the buffer + protocol, the file length may be wrong. + - bpo-45703: When a namespace package is imported before + another module from the same namespace is created/installed + in a different sys.path location while the program is + running, calling the importlib.invalidate_caches() function + will now also guarantee the new module is noticed. + - bpo-24959: Fix bug where unittest sometimes drops frames from + tracebacks of exceptions raised in tests. + - bpo-44791: Fix substitution of ParamSpec in Concatenate with + different parameter expressions. Substitution with a list of + types returns now a tuple of types. Substitution with + Concatenate returns now a Concatenate with concatenated lists + of arguments. + - bpo-14156: argparse.FileType now supports an argument of ‘-’ + in binary mode, returning the .buffer attribute of + sys.stdin/sys.stdout as appropriate. Modes including ‘x’ and + ‘a’ are treated equivalently to ‘w’ when argument is ‘-’. + Patch contributed by Josh Rosenberg + - bpo-46463: Fixes escape4chm.py script used when building the + CHM documentation file + - bpo-46913: Fix test_faulthandler.test_sigfpe() if Python is + built with undefined behavior sanitizer (UBSAN): disable + UBSAN on the faulthandler_sigfpe() function. Patch by Victor + Stinner. + - bpo-46708: Prevent default asyncio event loop policy + modification warning after test_asyncio execution. + - bpo-46678: The function make_legacy_pyc in + Lib/test/support/import_helper.py no longer fails when + PYTHONPYCACHEPREFIX is set to a directory on a different + device from where tempfiles are stored. + - bpo-46616: Ensures test_importlib.test_windows cleans up + registry keys after completion. + - bpo-44359: test_ftplib now silently ignores socket errors to + prevent logging unhandled threading exceptions. Patch by + Victor Stinner. + - bpo-46542: Fix a Python crash in test_lib2to3 when using + Python built in debug mode: limit the recursion limit. Patch + by Victor Stinner. + - bpo-46576: test_peg_generator now disables compiler + optimization when testing compilation of its own C extensions + to significantly speed up the testing on non-debug builds of + CPython. + - bpo-46542: Fix test_json tests checking for RecursionError: + modify these tests to use support.infinite_recursion(). Patch + by Victor Stinner. + - bpo-13886: Skip test_builtin PTY tests on non-ASCII + characters if the readline module is loaded. The readline + module changes input() behavior, but test_builtin is not + intented to test the readline module. Patch by Victor + Stinner. + - bpo-38472: Fix GCC detection in setup.py when + cross-compiling. The C compiler is now run with LC_ALL=C. + Previously, the detection failed with a German locale. + - bpo-46513: configure no longer uses AC_C_CHAR_UNSIGNED macro + and pyconfig.h no longer defines reserved symbol + __CHAR_UNSIGNED__. + - bpo-45296: Clarify close, quit, and exit in IDLE. In the File + menu, ‘Close’ and ‘Exit’ are now ‘Close Window’ (the current + one) and ‘Exit’ is now ‘Exit IDLE’ (by closing all windows). + In Shell, ‘quit()’ and ‘exit()’ mean ‘close Shell’. If there + are no other windows, this also exits IDLE. + - bpo-45447: Apply IDLE syntax highlighting to pyi files. Patch + by Alex Waygood and Terry Jan Reedy. + - bpo-46433: The internal function _PyType_GetModuleByDef now + correctly handles inheritance patterns involving static + types. + - bpo-14916: Fixed bug in the tokenizer that prevented + PyRun_InteractiveOne from parsing from the provided FD. + +- Remove upstreamed patches: + - support-expat-245.patch + +------------------------------------------------------------------- +Tue Feb 22 05:53:06 UTC 2022 - Steve Kowalik + +- Add patch support-expat-245.patch: + * Support Expat >= 2.4.5 + +------------------------------------------------------------------- +Tue Feb 15 23:05:55 UTC 2022 - Matej Cepl + +- bsc#1195831 Obsolete older "most modern" versions of python + packages (python39 for python310 and so forth). For next + versions it is necessary just to edit the macro. + +------------------------------------------------------------------- +Tue Jan 25 16:09:25 UTC 2022 - Matej Cepl + +- Remove second superfluous BR rpm-build-python + +------------------------------------------------------------------- +Tue Jan 25 16:09:25 UTC 2022 - Matej Cepl + +- Remove second superfluous BR rpm-build-python +- Add fix_configure_rst.patch, which removes duplicate link + targets and make documentation with old Sphinx in SLE +- Skip test_capi (bsc#1195140 and bpo#37169) + +------------------------------------------------------------------- +Wed Jan 19 22:01:51 UTC 2022 - Matej Cepl + +- Update to 3.10.2: + Bugfix only + - bpo#46347 memory leak in PyEval_EvalCodeEx (especially + visible with Cython code) + - and many others + +------------------------------------------------------------------- +Wed Dec 8 13:07:25 UTC 2021 - Matej Cepl + +- Upgrade to 3.10.1 (jsc#SLE-18038): + - PEP 623 – Deprecate and prepare for the removal of the wstr + member in PyUnicodeObject. + - PEP 604 – Allow writing union types as X | Y + - PEP 612 – Parameter Specification Variables + - PEP 626 – Precise line numbers for debugging and other tools. + - PEP 618 – Add Optional Length-Checking To zip. + - bpo-12782: Parenthesized context managers are now officially + allowed. + - PEP 632 – Deprecate distutils module. + - PEP 613 – Explicit Type Aliases + - PEP 634 – Structural Pattern Matching: Specification + - PEP 635 – Structural Pattern Matching: Motivation and + Rationale + - PEP 636 – Structural Pattern Matching: Tutorial + - PEP 644 – Require OpenSSL 1.1.1 or newer + - PEP 624 – Remove Py_UNICODE encoder APIs + - PEP 597 – Add optional EncodingWarning +- Patches readjusted: + - bpo-31046_ensurepip_honours_prefix.patch + - python-3.3.0b1-fix_date_time_compiler.patch + +------------------------------------------------------------------- +Sat Dec 4 18:40:28 UTC 2021 - Matej Cepl + +- Remove pdb_adjust_breakpoints.patch and instead just adjust location + of the test breakpoint in Lib/test/test_pdb.py via sed, because we + have shortened Lib/pdb.py by removing the shebang (bpo#45964). + +------------------------------------------------------------------- +Thu Dec 2 13:51:57 UTC 2021 - Matej Cepl + +- Add pdb_adjust_breakpoints.patch fixing expectd results in + test_pdb_breakpoints_preserved_across_interactive_sessions + (bpo#45964). + +------------------------------------------------------------------- +Mon Nov 29 00:17:07 UTC 2021 - Matej Cepl + +- Remove shebangs from from python-base libraries in _libdir + (bsc#1193179). +- Readjust patches: + - bpo-31046_ensurepip_honours_prefix.patch + - decimal.patch + - python-3.3.0b1-fix_date_time_compiler.patch + +------------------------------------------------------------------- +Tue Nov 16 16:03:43 UTC 2021 - Matej Cepl + +- Move rpm-build-python construct to correct place. + +------------------------------------------------------------------- +Wed Oct 13 08:52:47 UTC 2021 - Dominique Leuenberger + +- BuildRequire rpm-build-python: The provider to inject python(abi) + has been moved there. rpm-build pulls rpm-build-python + automatically in when building anything against python3-base, but + this implies that the initial build of python3-base does not + trigger the automatic installation. + +------------------------------------------------------------------- +Tue Oct 5 22:36:51 UTC 2021 - Matej Cepl + +- Final release of 3.10.0: + Complete list on https://www.python.org/downloads/release/python-3100/, + but highlights are: + - PEP 623 – Deprecate and prepare for the removal of the wstr + member in PyUnicodeObject. + - PEP 604 – Allow writing union types as X | Y + - PEP 612 – Parameter Specification Variables + - PEP 626 – Precise line numbers for debugging and other + tools. + - PEP 618 – Add Optional Length-Checking To zip. + - PEP 632 – Deprecate distutils module. + - PEP 613 – Explicit Type Aliases + - PEP 634 – Structural Pattern Matching: Specification + - PEP 635 – Structural Pattern Matching: Motivation and + Rationale + - PEP 636 – Structural Pattern Matching: Tutorial + - PEP 644 – Require OpenSSL 1.1.1 or newer + - PEP 624 – Remove Py_UNICODE encoder APIs + - PEP 597 – Add optional EncodingWarning + - bpo-12782: Parenthesized context managers are now officially + allowed. + +------------------------------------------------------------------- +Mon Aug 30 12:48:25 UTC 2021 - Matej Cepl + +- Switch on option --with-system-libmpdec (bsc#1189356). + +------------------------------------------------------------------- +Fri Aug 27 13:15:03 UTC 2021 - Andreas Schwab + +- Reenable profileopt with qemu emulation, test_faulthandler is no longer + run during profiling + +------------------------------------------------------------------- +Thu Aug 12 15:11:39 UTC 2021 - Andreas Schwab + +- test_faulthandler is still problematic under qemu linux-user emulation, + disable it there + +------------------------------------------------------------------- +Wed Aug 11 05:57:11 UTC 2021 - Matej Cepl + +- Update to 3.10.0rc1 (the penultimate prerelease), which contains + plenty of small bugfixes among others: + - bpo#38605: from __future__ import annotations (PEP 563) used to be + on this list in previous pre-releases but it has been postponed to + Python 3.11 due to some compatibility concerns. + - bpo-44600: Fix incorrect line numbers while tracing some failed + patterns in match statements. Patch by Charles Burkland. + - plenty of modifications in types.Union + +------------------------------------------------------------------- +Wed Jul 21 13:44:48 UTC 2021 - Matej Cepl + +- Update to 3.10.0b4: + https://docs.python.org/3.10/whatsnew/changelog.html#python-3-10-0-beta-4 +- Remove python3-imp-returntype.patch which has been upstreamed. + +------------------------------------------------------------------- +Mon Jun 7 15:52:44 UTC 2021 - Matej Cepl + +- Update to 3.10.0b2: + - PEP 623 -- Deprecate and prepare for the removal of the wstr + member in PyUnicodeObject. + - PEP 604 -- Allow writing union types as X | Y + - PEP 612 -- Parameter Specification Variables + - PEP 626 -- Precise line numbers for debugging and other + tools. + - PEP 618 -- Add Optional Length-Checking To zip. + - bpo-12782: Parenthesized context managers are now officially + allowed. + - PEP 632 -- Deprecate distutils module. + - PEP 613 -- Explicit Type Aliases + - PEP 634 -- Structural Pattern Matching: Specification + - PEP 635 -- Structural Pattern Matching: Motivation and + Rationale + - PEP 636 -- Structural Pattern Matching: Tutorial + - PEP 644 -- Require OpenSSL 1.1.1 or newer + - PEP 624 -- Remove Py_UNICODE encoder APIs + - PEP 597 -- Add optional EncodingWarning +- Removed patches (assumed upstream): + - sphinx-update-removed-function.patch + +------------------------------------------------------------------- +Sat Jun 5 21:21:38 UTC 2021 - Matej Cepl + +- Revert previous skip over test_capi +- Add skip-test_pyobject_freed_is_freed.patch to skip failing + test on SLE-15. + +------------------------------------------------------------------- +Fri Jun 4 21:36:30 UTC 2021 - Dirk Müller + +- allow build with Sphinx >= 3.x + +------------------------------------------------------------------- +Wed Jun 2 13:12:04 UTC 2021 - Dan Čermák + +- Exclude test_capi on Leap (test fails there) + +------------------------------------------------------------------- +Fri May 21 15:13:59 UTC 2021 - Matej Cepl + +- Stop providing "python" symbol (bsc#1185588), which means + python2 currently. + +------------------------------------------------------------------- +Wed May 5 15:16:58 UTC 2021 - Matej Cepl + +- Update to 3.9.5: + * Security + - bpo-43434: Creating a sqlite3.Connection object now also + produces a sqlite3.connect auditing event. Previously this + event was only produced by sqlite3.connect() calls. Patch + by Erlend E. Aasland. + - bpo-43882: The presence of newline or tab characters in + parts of a URL could allow some forms of attacks. + - Following the controlling specification for URLs defined by + WHATWG urllib.parse() now removes ASCII newlines and tabs + from URLs, preventing such attacks. + - bpo-43472: Ensures interpreter-level audit hooks receive + the cpython.PyInterpreterState_New event when called + through the _xxsubinterpreters module. + - bpo-36384: ipaddress module no longer accepts any leading + zeros in IPv4 address strings. Leading zeros are ambiguous + and interpreted as octal notation by some libraries. For + example the legacy function socket.inet_aton() treats + leading zeros as octal notatation. glibc implementation of + modern inet_pton() does not accept any leading zeros. For + a while the ipaddress module used to accept ambiguous + leading zeros. + - bpo-43075: Fix Regular Expression Denial of Service (ReDoS) + vulnerability in urllib.request.AbstractBasicAuthHandler. + The ReDoS-vulnerable regex has quadratic worst-case + complexity and it allows cause a denial of service when + identifying crafted invalid RFCs. This ReDoS issue is on + the client side and needs remote attackers to control the + HTTP server. + - bpo-42800: Audit hooks are now fired for frame.f_code, + traceback.tb_frame, and generator code/frame attribute + access. + * Core and Builtins + - bpo-43105: Importlib now resolves relative paths when + creating module spec objects from file locations. + - bpo-42924: Fix bytearray repetition incorrectly copying + data from the start of the buffer, even if the data is + offset within the buffer (e.g. after reassigning a slice at + the start of the bytearray to a shorter byte string). + * Library + - bpo-43993: Update bundled pip to 21.1.1. + - bpo-43937: Fixed the turtle module working with non-default + root window. + - bpo-43930: Update bundled pip to 21.1 and setuptools to + 56.0.0 + - bpo-43920: OpenSSL 3.0.0: load_verify_locations() now + returns a consistent error message when cadata contains no + valid certificate. + - bpo-43607: urllib can now convert Windows paths with \\?\ + prefixes into URL paths. + - bpo-43284: platform.win32_ver derives the windows version + from sys.getwindowsversion().platform_version which in turn + derives the version from kernel32.dll (which can be of + a different version than Windows itself). Therefore change + the platform.win32_ver to determine the version using the + platform module’s _syscmd_ver private function to return an + accurate version. + - bpo-42248: [Enum] ensure exceptions raised in _missing__ + are released + - bpo-43799: OpenSSL 3.0.0: define OPENSSL_API_COMPAT 1.1.1 + to suppress deprecation warnings. Python requires OpenSSL + 1.1.1 APIs. + - bpo-43794: Add ssl.OP_IGNORE_UNEXPECTED_EOF constants + (OpenSSL 3.0.0) + - bpo-43789: OpenSSL 3.0.0: Don’t call the password callback + function a second time when first call has signaled an + error condition. + - bpo-43788: The header files for ssl error codes are now + OpenSSL version-specific. Exceptions will now show correct + reason and library codes. The make_ssl_data.py script has + been rewritten to use OpenSSL’s text file with error codes. + - bpo-43655: tkinter dialog windows are now recognized as + dialogs by window managers on macOS and X Window. + - bpo-43534: turtle.textinput() and turtle.numinput() create + now a transient window working on behalf of the canvas + window. + - bpo-43522: Fix problem with hostname_checks_common_name. + OpenSSL does not copy hostflags from struct SSL_CTX to + struct SSL. + - bpo-42967: Allow bytes separator argument in + urllib.parse.parse_qs and urllib.parse.parse_qsl when + parsing str query strings. Previously, this raised + a TypeError. + - bpo-43176: Fixed processing of a dataclass that inherits + from a frozen dataclass with no fields. It is now correctly + detected as an error. + - bpo-41735: Fix thread locks in zlib module may go wrong in + rare case. Patch by Ma Lin. + - bpo-36470: Fix dataclasses with InitVars and replace(). + Patch by Claudiu Popa. + - bpo-32745: Fix a regression in the handling of ctypes’ + ctypes.c_wchar_p type: embedded null characters would cause + a ValueError to be raised. Patch by Zackery Spytz. + * Documentation + - bpo-43959: The documentation on the PyContextVar C-API was + clarified. + - bpo-43938: Update dataclasses documentation to express that + FrozenInstanceError is derived from AttributeError. + - bpo-43755: Update documentation to reflect that + unparenthesized lambda expressions can no longer be the + expression part in an if clause in comprehensions and + generator expressions since Python 3.9. + - bpo-43739: Fixing the example code in + Doc/extending/extending.rst to declare and initialize the + pmodule variable to be of the right type. + * Tests + - bpo-43961: Fix + test_logging.test_namer_rotator_inheritance() on Windows: + use os.replace() rather than os.rename(). Patch by Victor + Stinner. + - bpo-43842: Fix a race condition in the SMTP test of + test_logging. Don’t close a file descriptor (socket) from + a different thread while asyncore.loop() is polling the + file descriptor. Patch by Victor Stinner. + - bpo-43811: Tests multiple OpenSSL versions on GitHub + Actions. Use ccache to speed up testing. + - bpo-43791: OpenSSL 3.0.0: Disable testing of legacy + protocols TLS 1.0 and 1.1. Tests are failing with + TLSV1_ALERT_INTERNAL_ERROR. +- Refreshed patches: + - bpo-31046_ensurepip_honours_prefix.patch + - python-3.3.0b1-fix_date_time_compiler.patch +- Add vendorized files from bluez-devel to enable building support for + Bluetooth. + +------------------------------------------------------------------- +Sun May 2 09:20:06 UTC 2021 - Ben Greiner + +- Make sure to close the import_failed.map file after the exception + has been raised in order to avoid ResourceWarnings when the + failing import is part of a try...except block. + +------------------------------------------------------------------- +Wed Apr 28 16:39:54 UTC 2021 - Matej Cepl + +- Update to 3.9.4: + - bpo#43710: Reverted the fix for https://bugs.python.org/issue42500 + as it changed the PyThreadState struct size and broke the 3.9.x ABI + in the 3.9.3 release (visible on 32-bit platforms using binaries + compiled using an earlier version of Python 3.9.x headers). + - bpo#26053: Fixed bug where the pdb interactive run command echoed + the args from the shell command line, even if those have been + overridden at the pdb prompt. + - bpo#42988 (bsc#1183374) CVE-2021-3426: Remove the getfile + feature of the pydoc module which could be abused to read + arbitrary files on the disk (directory traversal + vulnerability). Moreover, even source code of Python modules + can contain sensitive data like passwords. Vulnerability + reported by David Schwörer. + - bpo#43285: ftplib no longer trusts the IP address value + returned from the server in response to the PASV command by + default. This prevents a malicious FTP server from using the + response to probe IPv4 address and port combinations on the + client network. Code that requires the former vulnerable + behavior may set a trust_server_pasv_ipv4_address attribute + on their ftplib.FTP instances to True to re-enable it. + - bpo#43439: Add audit hooks for gc.get_objects(), + gc.get_referrers() and gc.get_referents(). Patch by Pablo + Galindo. + - bpo#43660: Fix crash that happens when replacing sys.stderr + with a callable that can remove the object while an exception + is being printed. Patch by Pablo Galindo. + - bpo#43555: Report the column offset for SyntaxError for + invalid line continuation characters. Patch by Pablo Galindo. + - bpo#43517: Fix misdetection of circular imports when using + from pkg.mod import attr, which caused false positives in + non-trivial multi-threaded code. + - bpo#35883: Python no longer fails at startup with a fatal + error if a command line argument contains an invalid Unicode + character. The Py_DecodeLocale() function now escapes byte + sequences which would be decoded as Unicode characters + outside the [U+0000; U+10ffff] range. + - bpo#43406: Fix a possible race condition where + PyErr_CheckSignals tries to execute a non-Python signal + handler. + - bpo#42500: Improve handling of exceptions near recursion + limit. Converts a number of Fatal Errors in RecursionErrors. + - bpo#43433: xmlrpc.client.ServerProxy no longer ignores query + and fragment in the URL of the server. + - bpo#35930: Raising an exception raised in a “future” instance + will create reference cycles. + - bpo#43577: Fix deadlock when using ssl.SSLContext debug + callback with ssl.SSLContext.sni_callback(). + - bpo#43521: ast.unparse can now render NaNs and empty sets. + - bpo#43423: subprocess.communicate() no longer raises an + IndexError when there is an empty stdout or stderr IO buffer + during a timeout on Windows. + - bpo#27820: Fixed long-standing bug of smtplib.SMTP where + doing AUTH LOGIN with initial_response_ok=False will fail. + The cause is that SMTP.auth_login _always_ returns a password + if provided with a challenge string, thus non-compliant with + the standard for AUTH LOGIN. Also fixes bug with the test for + smtpd. + - bpo#43332: Improves the networking efficiency of http.client + when using a proxy via set_tunnel(). Fewer small send calls + are made during connection setup. + - bpo#43399: Fix ElementTree.extend not working on iterators + when using the Python implementation + - bpo#43316: The python -m gzip command line application now + properly fails when detecting an unsupported extension. It + exits with a non-zero exit code and prints an error message + to stderr. + - bpo#43260: Fix TextIOWrapper can not flush internal buffer + forever after very large text is written. + - bpo#42782: Fail fast in shutil.move() to avoid creating + destination directories on failure. + - bpo#37193: Fixed memory leak in socketserver.ThreadingMixIn + introduced in Python 3.7. + - bpo#43199: Answer “Why is there no goto?” in the Design and + History FAQ. + - bpo#43407: Clarified that a result from time.monotonic(), + time.perf_counter(), time.process_time(), or + time.thread_time() can be compared with the result from any + following call to the same function - not just the next + immediate call. + - bpo#27646: Clarify that ‘yield from ’ works with any + iterable, not just iterators. + - bpo#36346: Update some deprecated unicode APIs which are + documented as “will be removed in 4.0” to “3.12”. See PEP 623 + for detail. + - bpo#37945: Fix test_getsetlocale_issue1813() of test_locale: + skip the test if setlocale() fails. Patch by Victor Stinner. + - bpo#41561: Add workaround for Ubuntu’s custom OpenSSL + security level policy. + - bpo#43288: Fix test_importlib to correctly skip Unicode file + tests if the fileystem does not support them. + - bpo#43617: Improve configure.ac: Check for presence of + autoconf-archive package and remove our copies of M4 macros. + - bpo#42225: Document that IDLE can fail on Unix either from + misconfigured IP masquerage rules or failure displaying + complex colored (non-ascii) characters. + - bpo#43283: Document why printing to IDLE’s Shell is often + slower than printing to a system terminal and that it can be + made faster by pre-formatting a single string before + printing. + +------------------------------------------------------------------- +Fri Feb 19 16:58:38 UTC 2021 - Matej Cepl + +- Update to 3.9.2: + - bpo#42938 (bsc#1181126): Avoid static buffers when computing + the repr of ctypes.c_double and ctypes.c_longdouble + values. This issue was assigned CVE-2021-3177. + - bpo#42967 (bsc#1182379): Fix web cache poisoning + vulnerability by defaulting the query args separator to &, + and allowing the user to choose a custom separator. This + issue was assigned CVE-2021-23336. +- Upstreamed patches were removed: + - CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch + - bsc1167501-invalid-alignment.patch + - skip_random_failing_tests.patch + - CVE-2019-5010-null-defer-x509-cert-DOS.patch + +------------------------------------------------------------------- +Tue Feb 9 01:37:59 UTC 2021 - Steve Kowalik + +- Add Obsoletes for python3-base when primary interpreter is set to + properly replace it during upgrades. (bsc#1181324) + +------------------------------------------------------------------- +Mon Feb 8 22:02:03 UTC 2021 - Matej Cepl + +- Update to 3.9.1: + Security bugs: + - Prevented potential DoS attack via CPU and RAM exhaustion + when processing malformed Apple Property List files in binary + format. + - The plistlib module no longer accepts entity declarations in + XML plist files to avoid XML vulnerabilities. This should not + affect users as entity declarations are not used in regular + plist files. + - Add volatile to the accumulator variable in + hmac.compare_digest, making constant-time-defeating + optimizations less likely. + Core and Builtins + - Allow assignment expressions in set literals and set + comprehensions as per PEP 572. Patch by Pablo Galindo. + - Fix a regression introduced by the new parser, where an + unparenthesized walrus operator was not allowed within + generator expressions. + - types.GenericAlias objects can now be the targets of + weakrefs. + - Fixed a bug in the PEG parser that was causing crashes in + debug mode. Now errors are checked in left-recursive rules to + avoid cases where such errors do not get handled in time and + appear as long-distance crashes in other places. + - Fixed a possible crash in the PEG parser when checking for + the ‘!=’ token in the barry_as_flufl rule. Patch by Pablo + Galindo. + - Fix handling of errors during creation of PyFunctionObject, + which resulted in operations on uninitialized memory. Patch + by Yonatan Goldschmidt. + - Fix a bug in the parser, where a curly brace following + a primary didn’t fail immediately. This led to invalid + expressions like a {b} to throw a SyntaxError with a wrong + offset, or invalid expressions ending with a curly brace like + a { to not fail immediately in the REPL. + - Fix possible buffer overflow in the new parser when checking + for continuation lines. Patch by Pablo Galindo. + - Run the parser two times. On the first run, disable all the + rules that only generate better error messages to gain + performance. If there’s a parse failure, run the parser + a second time with those enabled. + - Document the default implementation of object.__eq__. + - Fix peephole optimizer misoptimize conditional jump + + JUMP_IF_NOT_EXC_MATCH pair. + - The garbage collector now tracks all user-defined classes. + Patch by Brandt Bucher. + - Fixed potential issues with removing not completely + initialized module from sys.modules when import fails. + - Star-unpacking is now allowed for with item’s targets in the + PEG parser. + - Fixed stack overflow in issubclass() and isinstance() when + getting the __bases__ attribute leads to infinite recursion. + - When loading a native module and a load failure occurs, + prevent a possible UnicodeDecodeError when not running in + a UTF-8 locale by decoding the load error message using the + current locale’s encoding. + - Correctly count control blocks in ‘except’ in compiler. + Ensures that a syntax error, rather a fatal error, occurs for + deeply nested, named exception handlers. + Library + - types.GenericAlias will now raise a TypeError when attempting + to initialize with a keyword argument. Previously, this would + cause the interpreter to crash if the interpreter was + compiled with debug symbols. This does not affect + interpreters compiled for release. Patch by Ken Jin. + - CGIHTTPRequestHandler.run_cgi() HTTP_ACCEPT improperly + parsed. Replace the special purpose getallmatchingheaders + with generic get_all method and add relevant tests. + - inspect.findsource() now raises OSError instead of IndexError + when co_lineno of a code object is greater than the file + length. This can happen, for example, when a file is edited + after it was imported. PR by Irit Katriel. + - Fix handling of trailing comments by inspect.getsource(). + - ChainMap.__iter__ no longer calls __getitem__ on underlying + maps + - TracebackException no longer holds a reference to the + exception’s traceback object. Consequently, instances of + TracebackException for equivalent but non-equal exceptions + now compare as equal. + - We fixed an issue in pickle.whichmodule in which importing + multiprocessing could change the how pickle identifies which + module an object belongs to, potentially breaking the + unpickling of those objects. + - Clarify the error message for asyncio.IncompleteReadError + when expected is None. + - Extracting a symlink from a tarball should succeed and + overwrite the symlink if it already exists. The fix is to + remove the existing file or symlink before extraction. Based + on patch by Chris AtLee, Jeffrey Kintscher, and Senthil + Kumaran. + - Fixed tkinter.ttk.Style.map(). The function accepts now the + representation of the default state as empty sequence (as + returned by Style.map()). The structure of the result is now + the same on all platform and does not depend on the value of + wantobjects. + - Fix various issues with typing.Literal parameter handling + (flatten, deduplicate, use type to cache key). Patch provided + by Yurii Karabas. + - Fix the threading.Thread class at fork: do nothing if the + thread is already stopped (ex: fork called at Python exit). + Previously, an error was logged in the child process. + - The onerror callback from shutil.rmtree now receives correct + function when os.open fails. + - Fix os.sendfile() on illumos. + - Fixed writing binary Plist files larger than 4 GiB. + - The repr() of typing types containing Generic Alias Types + previously did not show the parameterized types in the + GenericAlias. They have now been changed to do so. + - webbrowser: Ignore NotADirectoryError when calling + xdg-settings. + - binhex.binhex() consisently writes macOS 9 line endings. + - Fix a stack overflow error for asyncio Task or Future repr(). + - The overflow occurs under some circumstances when a Task or + Future recursively returns itself. + - Fix memory leak in subprocess.Popen() in case an uid (gid) + specified in user (group, extra_groups) overflows uid_t + (gid_t). + - Improve asyncio.wait function to create the futures set just + one time. + - InvalidFileException and RecursionError are now the only + errors caused by loading malformed binary Plist file + (previously ValueError and TypeError could be raised in some + specific cases). + - Pickling heap types implemented in C with protocols 0 and + 1 raises now an error instead of producing incorrect data. + - plistlib: fix parsing XML plists with hexadecimal integer + values + - Fix an incorrectly formatted error from + _codecs.charmap_decode() when called with a mapped value + outside the range of valid Unicode code points. PR by Max + Bernstein. + - Fix pickling pure Python datetime.time subclasses. Patch by + Dean Inwood. + - Fixed a bug that was causing ctypes.util.find_library() to + return None when triying to locate a library in an + environment when gcc>=9 is available and ldconfig is not. + Patch by Pablo Galindo + - C14N 2.0 serialisation in xml.etree.ElementTree failed for + unprefixed attributes when a default namespace was defined. + - Fix a bug in the symtable module that was causing + module-scope global variables to not be reported as both + local and global. Patch by Pablo Galindo. + - str() for the type attribute of the tkinter.Event object + always returns now the numeric code returned by Tk instead of + the name of the event type. + - fix tkinter.EventType Enum so all members are strings, and + none are tuples + - Fix SQLite3 segfault when backing up closed database. Patch + contributed by Peter David McCormick. + - Fix the tarfile module to write only basename of TAR file to + GZIP compression header. + - Allow ctypes.wintypes to be imported on non-Windows systems. + - shutil.which() now ignores empty entries in PATHEXT instead + of treating them as a match. + - Fix time-of-check/time-of-action issue in + subprocess.Popen.send_signal. + - Fix --outfile for cProfile / profile not writing the output + file in the original directory when the program being + profiled changes the working directory. PR by Anthony + Sottile. + - ZipFile truncates files to avoid corruption when a shorter + comment is provided in append (“a”) mode. Patch by Jan Mazur. + - Fixed KeyError exception when flattening an email to a string + attempts to replace a non-existent Content-Transfer-Encoding + header. + Documentation + - Fix the URL for the IMAP protocol documents. + - Document __format__ functionality for IP addresses. + - Clarify that subscription expressions are also valid for + certain classes and types in the standard library, and for + user-defined classes and types if the classmethod + __class_getitem__() is provided. + - Documented generic alias type and types.GenericAlias. Also + added an entry in glossary for generic types. + - In Programming FAQ “Sequences (Tuples/Lists)” section, add + “How do you remove multiple items from a list”. + - Fix RemovedInSphinx40Warning when building the documentation. + Patch by Dong-hee Na. + - Update the refcounts info of PyType_FromModuleAndSpec. + - Fix tarfile’s extractfile documentation + - Document some restrictions on the default string + representations of numeric classes. + Tests + - Reenable test_gdb on gdb 9.2 and newer: + https://bugzilla.redhat.com/show_bug.cgi?id=1866884 bug is + fixed in gdb 10.1. + - Fix test_asyncio.test_call_later() race condition: don’t + measure asyncio performance in the call_later() unit test. + The test failed randomly on the CI. + - Include _testinternalcapi module in Windows installer for + test suite + - Fix test_logging.test_race_between_set_target_and_flush(): + the test now waits until all threads complete to avoid + leaking running threads. + - Avoid a test failure in test_lib2to3 if the module has + already imported at the time the test executes. Patch by + Pablo Galindo. + - Tests for CJK codecs no longer call eval() on content + received via HTTP. + - Fix test_site.test_license_exists_at_url(): call + urllib.request.urlcleanup() to reset the global + urllib.request._opener. Patch by Victor Stinner. + - test_ssl: skip test_min_max_version_mismatch when TLS 1.0 is + not available + - Add tests for SIGINT handling in the runpy module. + - Fixed a failure in test_tk.test_widgets.ScaleTest happening + when executing the test with Tk 8.6.10. + Build + - Fix a race condition in “make regen-all” when make -jN option + is used to run jobs in parallel. The clinic.py script now + only use atomic write to write files. Moveover, generated + files are now left unchanged if the content does not change, + to not change the file modification time. + - Update Py_UNREACHABLE to use __builtin_unreachable() if only + the compiler is able to use it. Patch by Dong-hee Na. + - Addressed three compiler warnings found by undefined behavior + sanitizer (ubsan). + IDLE + - Fix reporting offset of the RE error in searchengine. + - Get docstrings for IDLE calltips more often by using + inspect.getdoc. + - Mostly finish using ttk widgets, mainly for editor, settings, + and searches. Some patches by Mark Roseman. + - Use ‘IDLE Shell’ as shell title + - Rewrite the Calltips doc section. + - In calltips, stop reminding that ‘/’ marks the end of + positional-only arguments. + - Typing opening and closing parentheses inside the parentheses + of a function call will no longer cause unnecessary + “flashing” off and on of an existing open call-tip, e.g. when + typed in a string literal. + C API + - Fix potential crash in deallocating method objects when + dynamically allocated PyMethodDef’s lifetime is managed + through the self argument of a PyCFunction. + - Py_FileSystemDefaultEncodeErrors and Py_UTF8Mode are + available again in limited API. +- Readjustet and reapplied patches: + - CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch + - bpo-31046_ensurepip_honours_prefix.patch + - python-3.3.0b1-fix_date_time_compiler.patch + - skip_random_failing_tests.patch + - sphinx-update-removed-function.patch + +------------------------------------------------------------------- +Fri Jan 29 17:22:48 UTC 2021 - Matej Cepl + +- Add CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch fixing + bsc#1181126 (CVE-2021-3177) buffer overflow in PyCArg_repr in + _ctypes/callproc.c, which may lead to remote code execution. + +------------------------------------------------------------------- +Tue Jan 5 09:15:36 UTC 2021 - Matej Cepl + +- (bsc#1180125) We really don't Require python-rpm-macros package. + Unnecessary dependency. + +------------------------------------------------------------------- +Wed Dec 16 16:08:42 UTC 2020 - Matej Cepl + +- Make python39-doc building again +- Add no-skipif-doctests.patch, because SLE-15 version of Sphinx + doesn't know about skipif directive in doctests. + +------------------------------------------------------------------- +Sat Dec 12 14:29:33 UTC 2020 - Matej Cepl + +- Update sphinx-update-removed-function.patch patch to the latest + version in python36. + +------------------------------------------------------------------- +Thu Dec 10 00:26:51 UTC 2020 - Benjamin Greiner + +- Last try before this results in an editwar: + * remove importlib_resources and importlib-metadata + provides/obsoletes + * import importlib_resources is not the same as + import importlib.resources, same for metadata + * The backport packages from PyPI needed for older flavors are + specified as such for setuptools or in pyproject.toml. If a + package requires them they typically add them with a python + version qualifier and the packages have their own version + numbers. + +------------------------------------------------------------------- +Sat Dec 5 16:55:12 UTC 2020 - Matej Cepl + +- Add patch sphinx-update-removed-function.patch to no longer call + a now removed function and to make documentation build independent of + the Sphinx version (bsc#1179630, gh#python/cpython#13236). + +------------------------------------------------------------------- +Fri Nov 13 17:20:08 UTC 2020 - Matej Cepl + +- Don't require packages which break build on SLE-15 although we really + don't need them (python3-python-docs-theme and + python3-sphinxcontrib-qthelp). + +------------------------------------------------------------------- +Fri Oct 9 16:05:50 UTC 2020 - Dominique Leuenberger + +- Fix build with RPM 4.16: error: bare words are no longer + supported, please use "...": x86 == ppc. + +------------------------------------------------------------------- +Tue Oct 6 07:30:56 UTC 2020 - Matej Cepl + +- Update to the final version 3.9.0: + Complete changelog with all (many) + changes from previous version is on + https://docs.python.org/release/3.9.0/whatsnew/3.9.html + Changes from the previous RC versions (not that many) are on + https://docs.python.org/release/3.9.0/whatsnew/changelog.html#changelog + +------------------------------------------------------------------- +Fri Sep 25 06:58:03 UTC 2020 - Dominique Leuenberger + +- Buildrequire timezone only for general flavor. It's used in this + flavor for the test suite. + +------------------------------------------------------------------- +Wed Sep 2 14:39:44 UTC 2020 - Matej Cepl + +- Update to 3.9.0rc1: + * Core and Builtins + - bpo-38156: Handle interrupts that come after EOF + correctly in PyOS_StdioReadline. + * Library + - bpo-41497: Fix potential UnicodeDecodeError in dis + module. + - bpo-41490: Update ensurepip to install pip 20.2.1 and + setuptools 49.2.1. + - bpo-41467: On Windows, fix asyncio recv_into() return + value when the socket/pipe is closed (BrokenPipeError): + return 0 rather than an empty byte string (b''). + - bpo-41425: Make tkinter doc example runnable. + - bpo-41384: Raise TclError instead of TypeError when an + unknown option is passed to tkinter.OptionMenu. + - bpo-38731: Fix NameError in command-line interface of + py_compile. + - bpo-41317: Use add_done_callback() in + asyncio.loop.sock_accept() to unsubscribe reader early on + cancellation. + - bpo-41364: Reduce import overhead of uuid. + - bpo-41341: Recursive evaluation of typing.ForwardRef in + get_type_hints. + - bpo-41182: selector: use DefaultSelector based upon + implementation + - bpo-40726: Handle cases where the end_lineno is None on + ast.increment_lineno(). + * Documentation + - bpo-41045: Add documentation for debug feature of + f-strings. + - bpo-41314: Changed the release when from __future__ + import annotations becomes the default from 4.0 to 3.10 + (following a change in PEP 563). + * Windows + - bpo-41492: Fixes the description that appears in UAC + prompts. + - bpo-40948: Improve post-install message to direct people + to the “py” command. + - bpo-41412: The installer will now fail to install on + Windows 7 and Windows 8. Further, the UCRT dependency is + now always downloaded on demand. + - bpo-40741: Update Windows release to include SQLite + 3.32.3. + * IDLE + - bpo-41468: Improve IDLE run crash error message (which + users should never see). + - bpo-41373: Save files loaded with no line ending, as when + blank, or different line endings, by setting its line + ending to the system default. Fix regression in 3.8.4 and + 3.9.0b4. + +------------------------------------------------------------------- +Tue Sep 1 10:15:06 UTC 2020 - Matej Cepl + +- Synchronize formatting and fixes with python38. + +------------------------------------------------------------------- +Thu Aug 20 15:41:28 UTC 2020 - Andreas Schwab + +- Increase testsuite timeout to account for super long running + test_peg_generator + +------------------------------------------------------------------- +Tue Jul 21 09:53:06 UTC 2020 - Callum Farmer + +- Removed CVE-2019-20907_tarfile-inf-loop.patch: fixed in upstream +- Removed recursion.tar: contained in upstream +- Update to 3.9.0b5: + - bpo-41304: Fixes python3x._pth being ignored on Windows, caused + by the fix for bpo-29778 (CVE-2020-15801). + - bpo-41162: Audit hooks are now cleared later during + finalization to avoid missing events. + - bpo-29778: Ensure python3.dll is loaded from correct locations + when Python is embedded (CVE-2020-15523). + - bpo-39603: Prevent http header injection by rejecting control + characters in http.client.putrequest(…). + - bpo-41295: Resolve a regression in CPython 3.8.4 where defining + “__setattr__” in a multi-inheritance setup and + calling up the hierarchy chain could fail if builtins/extension + types were involved in the base types. + - bpo-41247: Always cache the running loop holder when running + asyncio.set_running_loop. + - bpo-41252: Fix incorrect refcounting in + _ssl.c’s _servername_callback(). + - bpo-41215: Use non-NULL default values in the PEG parser + keyword list to overcome a bug that was ' + preventing Python from being properly compiled when using the + XLC compiler. Patch by Pablo Galindo. + - bpo-41218: Python 3.8.3 had a regression where compiling with + ast.PyCF_ALLOW_TOP_LEVEL_AWAIT would + aggressively mark list comprehension with CO_COROUTINE. Now only + list comprehension making use of async/await will tagged as so. + - bpo-41175: Guard against a NULL pointer dereference within + bytearrayobject triggered by the bytearray() + bytearray() operation. + - bpo-39960: The “hackcheck” that prevents sneaking around a type’s + __setattr__() by calling the superclass method was + rewritten to allow C implemented heap types. + - bpo-41288: Unpickling invalid NEWOBJ_EX opcode with the + C implementation raises now UnpicklingError instead of crashing. + - bpo-39017: Avoid infinite loop when reading specially crafted + TAR files using the tarfile module (CVE-2019-20907, bsc#1174091). + - bpo-41235: Fix the error handling in ssl.SSLContext.load_dh_params(). + - bpo-41207: In distutils.spawn, restore expectation that + DistutilsExecError is raised when the command is not found. + - bpo-39168: Remove the __new__ method of typing.Generic. + - bpo-41194: Fix a crash in the _ast module: it can no longer be + loaded more than once. It now uses a global state rather than a module state. + - bpo-39384: Fixed email.contentmanager to allow set_content() to set a + null string. + - bpo-41300: Save files with non-ascii chars. + Fix regression released in 3.9.0b4 and 3.8.4. + - bpo-37765: Add keywords to module name completion list. + Rewrite Completions section of IDLE doc. + - bpo-40170: Revert PyType_HasFeature() change: it reads + again directly the PyTypeObject.tp_flags + member when the limited C API is not used, rather than always calling + PyType_GetFlags() which hides implementation details. + +------------------------------------------------------------------- +Mon Jul 20 12:06:41 UTC 2020 - Matej Cepl + +- Add CVE-2019-20907_tarfile-inf-loop.patch fixing bsc#1174091 + (CVE-2019-20907, bpo#39017) avoiding possible infinite loop + in specifically crafted tarball. + Add recursion.tar as a testing tarball for the patch. + +------------------------------------------------------------------- +Fri Jul 17 07:07:19 UTC 2020 - Callum Farmer + +- Changed bpo-31046_ensurepip_honours_prefix.patch to include fix from py3.8 + +------------------------------------------------------------------- +Thu Jul 16 21:45:50 UTC 2020 - Callum Farmer + +- Spec file fixes +- Re-added subprocess-raise-timeout.patch: now compatible +- Removed bpo34022-stop_hash-based_invalidation_w_SOURCE_DATE_EPOCH.patch: contained in upstream + +------------------------------------------------------------------- +Wed Jul 15 09:10:42 UTC 2020 - Tomáš Chvátal + +- Fix minor issues found in the staging. + +------------------------------------------------------------------- +Wed Jul 15 06:13:33 UTC 2020 - Tomáš Chvátal + +- Do not set ourselves as primary interpreter + +------------------------------------------------------------------- +Tue Jul 14 20:45:11 UTC 2020 - Matej Cepl + +- Update to 3.9.0b4: + - PEP 584, Union Operators in dict + - PEP 585, Type Hinting Generics In Standard Collections + - PEP 593, Flexible function and variable annotations + - PEP 602, Python adopts a stable annual release cadence + - PEP 615, Support for the IANA Time Zone Database in the + Standard Library + - PEP 616, String methods to remove prefixes and suffixes + - PEP 617, New PEG parser for CPython + - bpo#38379, garbage collection does not block on resurrected + objects; + - bpo#38692, os.pidfd_open added that allows process + management without races and signals; + - bpo#39926, Unicode support updated to version 13.0.0; + - bpo#1635741, when Python is initialized multiple times in + the same process, it does not leak memory anymore; + - A number of Python builtins (range, tuple, set, frozenset, + list, dict) are now sped up using PEP 590 vectorcall; + - A number of Python modules (_abc, audioop, _bz2, _codecs, + _contextvars, _crypt, _functools, _json, _locale, operator, + resource, time, _weakref) now use multiphase initialization + as defined by PEP 489; + - A number of standard library modules (audioop, ast, grp, + _hashlib, pwd, _posixsubprocess, random, select, struct, + termios, zlib) are now using the stable ABI defined by + PEP 384. +- Remove upstreamed patches: + - F00102-lib64.patch + - SUSE-FEDORA-multilib.patch + - OBS_dev-shm.patch + - subprocess-raise-timeout.patch + - bpo36302-sort-module-sources.patch + - bpo40784-Fix-sqlite3-deterministic-test.patch + +------------------------------------------------------------------- +Fri Jul 10 10:55:15 UTC 2020 - Tomáš Chvátal + +- Update pre_checkin.sh and regenerate + +------------------------------------------------------------------- +Fri Jul 10 10:11:39 UTC 2020 - Tomáš Chvátal + +- Convert few dependencies to their pkgconfig counterparts + +------------------------------------------------------------------- +Fri Jul 10 10:08:48 UTC 2020 - Tomáš Chvátal + +- Remove release requirement on libpython, it is not really needed + to be equal as the abi changes with versions + +------------------------------------------------------------------- +Fri Jul 10 10:07:50 UTC 2020 - Tomáš Chvátal + +- Add provides python3-bla on all the subpkgs in case we are + primary provider of the functionality + +------------------------------------------------------------------- +Fri Jul 10 10:02:01 UTC 2020 - Tomáš Chvátal + +- Remove unversioned files from devel subpkg too +- Remove main python3 files from -base based whether we are + primary interpreter or not +- Fix idle to be co-installable +- Add condition to be primary to provide/obsolete python3-* +- Fix doc to build in versioned folder so the pythons can be + installed next to each other + +------------------------------------------------------------------- +Fri Jul 10 07:57:10 UTC 2020 - Tomáš Chvátal + +- Revert the full versioning of calls on the macros. These + are generic so they should really just call python3 X + +------------------------------------------------------------------- +Fri Jul 10 07:56:11 UTC 2020 - Tomáš Chvátal + +- For the doc package we can build with generic flavor, we don't + need the our-interpreter based one + +------------------------------------------------------------------- +Fri Jul 10 07:18:53 UTC 2020 - Tomáš Chvátal + +- Add provides for pytohn3X-typing/etc to allow BR on those still + to work when needed + +------------------------------------------------------------------- +Fri Jul 10 07:14:33 UTC 2020 - Tomáš Chvátal + +- Change macros.python3 to use full versioned 3.8 instead of just 3 + for python interpreter + +------------------------------------------------------------------- +Wed Jul 1 11:50:19 UTC 2020 - Tomáš Chvátal + +- Reduce some now unused conditionals + +------------------------------------------------------------------- +Wed Jul 1 11:00:40 UTC 2020 - Tomáš Chvátal + +- Redux the -base dependencies to match up pre-merge layout + +------------------------------------------------------------------- +Wed Jul 1 09:24:39 UTC 2020 - Tomáš Chvátal + +- Generate baselibs in pre-checkin too + +------------------------------------------------------------------- +Wed Jul 1 09:14:33 UTC 2020 - Tomáš Chvátal + +- Generate the importlib-failed using pre_checking again +- Add back the information about skipped tests on the pre_checkin + output + +------------------------------------------------------------------- +Tue Jun 30 07:11:19 UTC 2020 - Tomáš Chvátal + +- Use %python_pkg_name instead of hardcoding python3 where + applicable +- Sort out preamble with spec-cleaner + +------------------------------------------------------------------- +Mon Jun 29 14:36:10 UTC 2020 - Matej Cepl + +- Calculate required variables instead of relying on their continuous manual update + +------------------------------------------------------------------- +Thu Jun 25 10:44:08 UTC 2020 - Tomáš Chvátal + +- Fix the -base module build again to generate only the deps + we need + +------------------------------------------------------------------- +Wed Jun 17 18:42:51 UTC 2020 - Matej Cepl + +- Replace OBS_dev-shm.patch with the upstream PR#20944 + +------------------------------------------------------------------- +Thu Jun 10 14:30:15 UTC 2020 - Tomáš Chvátal + +- Use the %{python_pkg_name} on more places to allow easier + multiversioning +- Switch to _multibuild approach for easier maintenance of this + package. All is now in one spec file with 3 conditionals: + * bcond_with base + * bcond_with doc + * bcond_with general + +------------------------------------------------------------------- +Mon Jun 8 14:26:00 UTC 2020 - Matej Cepl + +- add requires python3-base on libpython subpackage (bsc#1167008) + +------------------------------------------------------------------- +Fri Jun 5 06:08:12 UTC 2020 - Dirk Mueller + +- build against Sphinx 2.x until python is compatible with + Sphinx 3.x (see gh#python/cpython#19397, bpo#40204) + +------------------------------------------------------------------- +Fri May 29 19:59:01 UTC 2020 - Andreas Stieger + +- Fix build with SQLite 3.32 (bpo#40783) + add bpo40784-Fix-sqlite3-deterministic-test.patch + +------------------------------------------------------------------- +Sun May 17 15:37:35 UTC 2020 - Callum Farmer + +- Update to version 3.8.3: + - Complete list of changes is available at + https://docs.python.org/release/3.8.3/whatsnew/changelog.html#python-3-8-3-final, + but most of them are just bugfixes. + - Removed patch CVE-2020-8492-urllib-ReDoS.patch: contained in upstream + +------------------------------------------------------------------- +Thu Apr 16 12:06:01 UTC 2020 - Matej Cepl + +- Add #!BuildIgnore: gdk-pixbuf-loader-rsvg to python3 SPEC + +------------------------------------------------------------------- +Thu Mar 26 15:36:55 UTC 2020 - Matej Cepl + +- Add patch bsc1167501-invalid-alignment.patch + (bsc#1167501, bpo#40052) to fix alignment in abstract.h header file. + +------------------------------------------------------------------- +Wed Mar 11 11:09:41 UTC 2020 - Andreas Schwab + +- Update list of skipped tests for qemu linux-user build, test_setegid + (test.test_os.PosixUidGidTests) is confusing it + +------------------------------------------------------------------- +Thu Mar 5 18:40:29 UTC 2020 - Matej Cepl + +- Update to 3.8.2: + - Complete list of changes is available at + https://docs.python.org/release/3.8.2/whatsnew/changelog.html#python-3-8-2-final, + but most of them are just bugfixes. + - Updated patches: + - F00102-lib64.patch + - OBS_dev-shm.patch + - SUSE-FEDORA-multilib.patch + - subprocess-raise-timeout.patch + +------------------------------------------------------------------- +Sun Feb 9 00:14:24 CET 2020 - Matej Cepl + +- Add CVE-2020-8492-urllib-ReDoS.patch fixing the security bug + "Python urrlib allowed an HTTP server to conduct Regular + Expression Denial of Service (ReDoS)" (bsc#1162367) + +------------------------------------------------------------------- +Sat Feb 8 22:21:10 CET 2020 - Matej Cepl + +- Add Requires: libpython%{so_version} == %{version}-%{release} + to python3-base to keep both packages always synchronized + (bsc#1162224). + +------------------------------------------------------------------- +Mon Feb 3 20:27:54 UTC 2020 - Tomáš Chvátal + +- Do not pull in bluez in base again, explain the cycle, + it needs to be solved by bluez maintainer for us by providing + just the headers separately + +------------------------------------------------------------------- +Mon Feb 3 19:54:25 UTC 2020 - Tomáš Chvátal + +- Reame idle icons to idle3 in order to not conflict with python2 + variant of the package + * renamed the icons + * renamed icon load in desktop file + +------------------------------------------------------------------- +Thu Jan 16 09:50:03 UTC 2020 - Tomáš Chvátal + +- Add importlib_resources provide/obsolete as it is integral + part of the lang since 3.7 release + +------------------------------------------------------------------- +Mon Jan 13 11:10:47 UTC 2020 - Martin Liška + +- Add -fno-semantic-interposition as it brings speed up: + https://fedoraproject.org/wiki/Changes/PythonNoSemanticInterpositionSpeedup + +------------------------------------------------------------------- +Thu Dec 19 16:25:26 CET 2019 - Matej Cepl + +- Update to 3.8.1: + - This is mainly bugfix release and no significant changes to + API are expected. The full changelog is available on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-1 + - Remove bpo-38688_shutil.copytree_prevent-infinite-recursion.patch, + which is included in the upstream tarball. + +------------------------------------------------------------------- +Thu Dec 19 14:57:32 CET 2019 - Matej Cepl + +- Add bpo-31046_ensurepip_honours_prefix.patch which makes + ensurepip to honour the value of $(prefix). Proposed fix for + bpo#31046.. + +------------------------------------------------------------------- +Tue Dec 10 11:07:16 UTC 2019 - Tomáš Chvátal + +- Move bluez-devel dependency to base as it is needed for + socket.AF_BLUETOOTH and otherwise does not work + +------------------------------------------------------------------- +Mon Dec 2 16:52:32 CET 2019 - Matej Cepl + +- Reintroduce QtHelp with the help of the new BR + python-sphinxcontrib-qthelp. + +------------------------------------------------------------------- +Mon Oct 21 18:51:00 UTC 2019 - Stefan Brüns + +- Fix SUSE-FEDORA-multilib.patch, the platform agnostic infix for + library installation is "lib", not "dir". + +------------------------------------------------------------------- +Thu Oct 17 14:19:20 UTC 2019 - Stefan Brüns + +- Move idle subpackage build from python3-base to python3. + appstream-glib required for packaging introduces considerable + extra dependencies and a build loop via rust/librsvg. +- Correct installation of idle IDE icons: + + idle.png is not the target directory + + non-GNOME-specific icons belong into icons/hicolor +- Add required Name key to idle3 desktop file + +------------------------------------------------------------------- +Tue Oct 15 16:39:12 CEST 2019 - Matej Cepl + +- Update to the final release 3.8.0. . + - New Features: + - Assignment expressions + - Positional-only parameters + - Parallel filesystem cache for compiled bytecode files + - Debug build uses the same ABI as release build + - f-strings support = for self-documenting expressions and + debugging + - PEP 578: Python Runtime Audit Hooks + - PEP 587: Python Initialization Configuration + - Vectorcall: a fast calling protocol for CPython + - Pickle protocol 5 with out-of-band data buffers + - New modules: + - importlib.metadata + - Improved modules: + - ast asyncio, builtins, collections, curses, ctypes, + datetime, functools, gc, gettext, gzip, idelib and IDLE, + inspect, io, json.tool, math, mmap, multiprocessing, os, + os.path, pathlib, pickle, plistlib, py_compile, shlex, + shutil, socket, ssl, statistics, sys, tarfile, threading, + tokenize, tkinter, time, typing, unicodedata, unittest, + venv, weakref, xml + - C API improvements + - bdist_winnst command has been deprecated (use bdist_wheel) +- https://docs.python.org/3.8/whatsnew/3.8.html remains rest of + changes including documentation on how to port your programs to + the current version of Python. + +------------------------------------------------------------------- +Mon Oct 14 15:02:08 CEST 2019 - Matej Cepl + +- Add idle3.appdata.xml and idle3.desktop (originally from + Fedora) to make Idle3 full GUI desktop application. + (bsc#1153830) + +------------------------------------------------------------------- +Wed Oct 9 19:09:16 UTC 2019 - Michael Gorse + +- Drop intltool from BuildRequires. Doesn't appear to be used. + +------------------------------------------------------------------- +Wed Oct 9 10:37:59 UTC 2019 - Tomáš Chvátal + +- Add folder version to allow tarball downloads even for beta/rc + releases + +------------------------------------------------------------------- +Tue Oct 8 14:53:54 CEST 2019 - Matej Cepl + +- Revert patches from Fedora (F00102-lib64.patch and + F00251-change-user-install-location.patch) into their original + prisitine Fedora versions, SUSE-FEDORA-multilib.patch refreshed + accordingly. + +------------------------------------------------------------------- +Mon Oct 7 14:33:30 UTC 2019 - Matej Cepl + +- Correct quotation of platsubdir in Lib/distutils/command/install.py + +------------------------------------------------------------------- +Thu Oct 3 13:59:57 CEST 2019 - Matej Cepl + +- Replace python-3.6.0-multilib.patch with two patches from + Fedora (F00102-lib64.patch and + F00251-change-user-install-location.patch), and our own + SUSE-FEDORA-multilib.patch to allow better cooperation with + Fedora and better upstreaming. +- Add OBS_dev-shm.patch fixing bpo#38377 + +------------------------------------------------------------------- +Thu Oct 3 08:39:18 UTC 2019 - Tomáš Chvátal + +- Pull in just gettext and let solver to sort out between: + gettext-runtime-mini and gettext-runtime + +------------------------------------------------------------------- +Wed Oct 2 15:00:09 CEST 2019 - Matej Cepl + +- Update to 3.8.0rc1. Overall changes from 3.7: + - PEP 572, Assignment expressions + - PEP 570, Positional-only arguments + - PEP 587, Python Initialization Configuration (improved + embedding) + - PEP 590, Vectorcall: a fast calling protocol for CPython + - PEP 578, Runtime audit hooks + - PEP 574, Pickle protocol 5 with out-of-band data + - Typing-related: PEP 591 (Final qualifier), PEP 586 (Literal + types), and PEP 589 (TypedDict) + - Parallel filesystem cache for compiled bytecode + - Debug builds share ABI as release builds, also the 'm' ABI + tag was removed (irrelevant since 3.4), bpo#36707 + - f-strings support a handy = specifier for debugging + - continue is now legal in finally: blocks + - on Windows, the default asyncio event loop is now + ProactorEventLoop + - on macOS, the spawn start method is now used by default in + multiprocessing + - multiprocessing can now use shared memory segments to avoid + pickling costs between processes + - typed_ast is merged back to CPython + - LOAD_GLOBAL is now 40% faster + - pickle now uses Protocol 4 by default, improving performance +- Refreshed patches: + - CVE-2019-5010-null-defer-x509-cert-DOS.patch + - python-3.3.0b1-fix_date_time_compiler.patch + - python-3.6.0-multilib.patch + - subprocess-raise-timeout.patch + +------------------------------------------------------------------- +Wed Sep 25 09:46:41 UTC 2019 - Bernhard Wiedemann + +- Add bpo36302-sort-module-sources.patch (boo#1041090) + +------------------------------------------------------------------- +Tue Sep 10 13:43:18 UTC 2019 - Tomáš Chvátal + +- Try harder obsoleting importlib-metadata + +------------------------------------------------------------------- +Sat Aug 31 00:16:47 CEST 2019 - Matej Cepl + +- Update to 3.8.0b4: + Many bugfixes, full list on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-0-beta-4 + +------------------------------------------------------------------- +Thu Aug 29 06:28:15 UTC 2019 - Guillaume GARDET + +- Re-enable test_threading on aarch64 + +------------------------------------------------------------------- +Sat Aug 17 13:21:15 UTC 2019 - John Vandenberg + +- Remove xrpm from subpackage tk description + +------------------------------------------------------------------- +Tue Aug 6 14:24:55 CEST 2019 - Matej Cepl + +- Update to 3.8.0b3: + Many bugfixes, full list on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-0-beta-3 +- Patches reapplied: + - python-3.3.0b1-fix_date_time_compiler.patch + - python-3.3.0b1-test-posix_fadvise.patch + - python-3.6.0-multilib.patch + - subprocess-raise-timeout.patch + +------------------------------------------------------------------- +Tue Jul 23 13:20:49 UTC 2019 - Matej Cepl + +- Add Provides: python3-importlib-metadata + +------------------------------------------------------------------- +Sun Jul 7 19:08:48 CEST 2019 - Matej Cepl + +- Update to 3.8.0b2: + Many bugfixes, full list on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-0-beta-2 +- Patches included in upstream: + - bpo-37169_PyObject_IsFreed.patch +- Patches reapplied: + - 00251-change-user-install-location.patch + - distutils-reproducible-compile.patch + - python-3.3.0b1-localpath.patch + - python-3.6.0-multilib.patch + +------------------------------------------------------------------- +Tue Jul 2 09:03:04 UTC 2019 - Andreas Schwab + +- Update list of skipped tests for qemu linux-user build +- Don't do profiling in qemu linux-user build + +------------------------------------------------------------------- +Wed Jun 5 12:19:09 CEST 2019 - Matej Cepl + +- Update to 3.8.0b1 (changes since 3.7.*): + - PEP 572, Assignment expressions + - PEP 570, Positional-only arguments + - PEP 587, Python Initialization Configuration (improved embedding) + - PEP 590, Vectorcall: a fast calling protocol for CPython + - PEP 578, Runtime audit hooks + - PEP 574, Pickle protocol 5 with out-of-band data + - Typing-related: PEP 591 (Final qualifier), PEP 586 (Literal + types), and PEP 589 (TypedDict) + - Parallel filesystem cache for compiled bytecode + - Debug builds share ABI as release builds + - f-strings support a handy = specifier for debugging + - continue is now legal in finally: blocks + - multiprocessing can now use shared memory segments to avoid + pickling costs between processes + - typed_ast is merged back to CPython + - LOAD_GLOBAL is now 40% faster + - pickle now uses Protocol 4 by default, improving performance +- Remove patches which were included in the upstream: + - 00251-change-user-install-location.patch + - 00316-mark-bdist_wininst-unsupported.patch + - CVE-2019-9947-no-ctrl-char-http.patch + - raise_SIGING_not_handled.patch + +------------------------------------------------------------------- +Wed May 22 10:53:03 UTC 2019 - Martin Liška + +- Set _lto_cflags to nil as the package is using LTO via --enable-lto. + That will prevent to propage LTO for Python modules that are + built in a separate package. + +------------------------------------------------------------------- +Sat May 4 21:29:20 CEST 2019 - Matej Cepl + +- Update to 3.8.0.a3: + - PEP 572: Assignment Expressions. + - Other (mostly small) changes are on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-0-alpha-3 + +------------------------------------------------------------------- +Mon Apr 29 15:40:34 CEST 2019 - Matej Cepl + +- bsc#1130840 (CVE-2019-9947): add CVE-2019-9947-no-ctrl-char-http.patch + Address the issue by disallowing URL paths with embedded + whitespace or control characters through into the underlying + http client request. Such potentially malicious header + injection URLs now cause a ValueError to be raised. + +------------------------------------------------------------------- +Wed Apr 10 10:22:58 CEST 2019 - Matej Cepl + +- Fix metadata of patches. +- Rename boo1071941-make-install-in-sep-loc.patch to + 00251-change-user-install-location.patch which is the original + name, so it can be looked up in the Fedora VCS. + +------------------------------------------------------------------- +Tue Apr 9 04:55:24 UTC 2019 - John Vandenberg + +- Mark distutils bdist_wininst command unsupported + with 00316-mark-bdist_wininst-unsupported.patch +- Remove Windows bdist_wininst executables from runtime package + +------------------------------------------------------------------- +Tue Apr 9 01:21:45 CEST 2019 - Matej Cepl + +- Update to 3.7.3, which is the maintenance release without any + significant changes in API. + - Updated patches: + - CVE-2019-5010-null-defer-x509-cert-DOS.patch + - distutils-reproducible-compile.patch + - python-3.3.0b1-fix_date_time_compiler.patch + - python-3.6.0-multilib.patch + - raise_SIGING_not_handled.patch + +------------------------------------------------------------------ +Wed Mar 20 14:59:58 UTC 2019 - Matěj Cepl + +- Remove building of Qt Develop help files. + +------------------------------------------------------------------- +Fri Mar 15 15:10:30 CET 2019 - Matej Cepl + +- Return distutils-reproducible-compile.patch which is still + missing (still unfinished bpo#29708). + +------------------------------------------------------------------- +Mon Feb 25 23:30:56 CET 2019 - Matej Cepl + +- Update to 3.8.0a2: + * List of all (mostly small) changes are on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-0-alpha-2 + +------------------------------------------------------------------- +Tue Feb 12 10:25:52 CET 2019 - Matej Cepl + +- Build nis module again. + +------------------------------------------------------------------- +Tue Feb 12 10:06:17 CET 2019 - Matej Cepl + +- Update to 3.8.0a1: + * The most visible change so far is probably the + implementation of PEP 572: Assignment Expressions. For + a detailed list of changes, see: + https://docs.python.org/3.8/whatsnew/changelog.html + * Recover building of nis module properly in python3 package +- Update patches: + * CVE-2019-5010-null-defer-x509-cert-DOS.patch + * python-3.3.0b1-fix_date_time_compiler.patch + * python-3.3.0b1-test-posix_fadvise.patch + * python-3.6.0-multilib.patch + * raise_SIGING_not_handled.patch + +------------------------------------------------------------------- +Wed Jan 30 18:07:49 CET 2019 - mcepl@suse.com + +- Put LICENSE file where it belongs (bsc#1121852) + +------------------------------------------------------------------- +Sat Jan 19 16:19:38 CET 2019 - mcepl@suse.com + +- bsc#1122191: add CVE-2019-5010-null-defer-x509-cert-DOS.patch + fixing bpo-35746. + An exploitable denial-of-service vulnerability exists in the + X509 certificate parser of Python.org Python 2.7.11 / 3.7.2. + A specially crafted X509 certificate can cause a NULL pointer + dereference, resulting in a denial of service. An attacker can + initiate or accept TLS connections using crafted certificates + to trigger this vulnerability. + +------------------------------------------------------------------- +Tue Jan 8 12:51:01 UTC 2019 - Tomáš Chvátal + +- Do not require full gettext in order to avoid pulling in the + glib2 as a dependency + +------------------------------------------------------------------- +Tue Jan 8 12:25:27 UTC 2019 - Tomáš Chvátal + +- Update to 3.7.2: + * bugfix release: + https://docs.python.org/3.7/whatsnew/changelog.html#changelog + +------------------------------------------------------------------- +Wed Jan 2 12:51:48 CET 2019 - mcepl@suse.com + +- Stop applying python-3.6.0-multilib-new.patch (which is still + WIP), and apply the old proven python-3.6.0-multilib.patch + instead. + +------------------------------------------------------------------- +Wed Dec 19 19:29:44 UTC 2018 - Todd R + +- Use upstream-recommended %{_rpmconfigdir}/macros.d directory + for the rpm macros. + +------------------------------------------------------------------- +Mon Dec 17 17:24:49 CET 2018 - mcepl@suse.com + +- Upgrade to 3.7.2rc1: + * bugfix release, for the full list of all changes see + https://docs.python.org/3.7/whatsnew/changelog.html#changelog +- Make run of the test suite more verbose + +------------------------------------------------------------------- +Tue Dec 11 01:52:45 UTC 2018 - Jan Engelhardt + +- Write summaries without em dashes. + +------------------------------------------------------------------- +Mon Dec 3 13:27:54 UTC 2018 - Matěj Cepl + +- Remove python-3.3.0b1-curses-panel.patch it is unnecessary anymore. +- Add boo1071941-make-install-in-sep-loc.patch to make pip and + distutils in user environment install into separate location + (boo#1071941) + + Set values of prefix and exec_prefix in distutils install + command to /usr/local if executable is /usr/bin/python* and RPM + build is not detected to make pip and distutils install into + separate location +- Remove finally python-3.3.3-skip-distutils-test_sysconfig_module.patch +- Remove distutils-reproducible-compile.patch which doesn't make + really much difference in reproducibility (see + gh#python/cpython#8057 and discussion there). + +------------------------------------------------------------------- +Sat Dec 1 00:14:28 CET 2018 - mcepl@suse.com + +- Rename Stop_hash-based_invalidation_w_SOURCE_DATE_EPOCH.patch + to bpo34022-stop_hash-based_invalidation_w_SOURCE_DATE_EPOCH.patch + +------------------------------------------------------------------- +Wed Nov 7 12:10:41 CET 2018 - mcepl@suse.com + +- Add dependency on bluez-devel to build support for Bluetooth + (boo#1109998) + +------------------------------------------------------------------- +Tue Nov 6 13:52:45 CET 2018 - mcepl@suse.com + +- Add devhelp subpackage and split qthelp into another + subpackage. + +------------------------------------------------------------------- +Wed Oct 24 12:38:00 UTC 2018 - Matěj Cepl + +- Remove python-3.0b1-record-rpm.patch and + Python-3.0b1-record-rpm.patch, as they are not needed anymore + +------------------------------------------------------------------- +Tue Oct 23 14:14:16 UTC 2018 - Matej Cepl + +- Switch off test_threading for optimization builds. + +------------------------------------------------------------------- +Mon Oct 22 14:41:59 CEST 2018 - mcepl@suse.com + +- Update to python-3.7.1. This is just a brief overview, complete + changelog available at + https://docs.python.org/3.7/whatsnew/changelog.html#python-3-7-1-final: + Library + bpo-34970: Protect tasks weak set manipulation in asyncio.all_tasks() +- Patches already accepted upstream are removed: + * 00307-allow-to-call-Py_Main-after-Py_Initialize.patch + * 00308-tls-1.3.patch +- New patches added: + * Stop_hash-based_invalidation_w_SOURCE_DATE_EPOCH.patch + * raise_SIGING_not_handled.patch +- All other patches refreshed via quilt. + +------------------------------------------------------------------- +Mon Oct 22 12:22:19 UTC 2018 - Matej Cepl + +- Add raise_SIGING_not_handled.patch to fix bsc#1094814 + +------------------------------------------------------------------- +Wed Oct 17 14:04:35 UTC 2018 - Tomáš Chvátal + +- Add patch to fix importlib return types: + * python3-imp-returntype.patch + +------------------------------------------------------------------- +Mon Oct 15 13:46:32 CEST 2018 - mcepl@suse.com + +- bpo-34022 still not completely fixed, so we have to keep + excluding test_cmd_line_script, + test_multiprocessing_main_handling, and test_runpy from the + test suite. + +------------------------------------------------------------------- +Sun Oct 14 15:57:24 UTC 2018 - Matej Cepl + +- Update to python 3.7.1~rc2: + Core and Builtins + bpo-34879: Fix a possible null pointer dereference in + bytesobject.c. Patch by Zackery Spytz. + bpo-34854: Fixed a crash in compiling string annotations + containing a lambda with a keyword-only argument that + doesn’t have a default value. + bpo-34320: Fix dict(od) didn’t copy iteration order of + OrderedDict. + Library + bpo-34769: Fix for async generators not finalizing when event + loop is in debug mode and garbage collector runs in another + thread. + bpo-34922: Fixed integer overflow in the digest() and + hexdigest() methods for the SHAKE algorithm in the hashlib + module. + bpo-34900: Fixed unittest.TestCase.debug() when used to call + test methods with subtests. Patch by Bruno Oliveira. + bpo-34871: Fix inspect module polluted sys.modules when parsing + __text_signature__ of callable. + bpo-34872: Fix self-cancellation in C implementation of + asyncio.Task + bpo-34819: Use a monotonic clock to compute timeouts in + Executor.map() and as_completed(), in order to prevent + timeouts from deviating when the system clock is adjusted. + bpo-34334: In QueueHandler, clear exc_text from LogRecord to + prevent traceback from being written twice. + bpo-6721: Acquire the logging module’s commonly used internal + locks while fork()ing to avoid deadlocks in the child + process. + bpo-34172: Fix a reference issue inside multiprocessing.Pool + that caused the pool to remain alive if it was deleted + without being closed or terminated explicitly. + Documentation + bpo-32174: chm document displays non-ASCII charaters properly on + some MBCS Windows systems. + Tests + bpo-32962: Fixed test_gdb when Python is compiled with flags + -mcet -fcf-protection -O0. + C API + bpo-34910: Ensure that PyObject_Print() always returns -1 on + error. Patch by Zackery Spytz. + +------------------------------------------------------------------- +Fri Oct 12 20:46:58 CEST 2018 - mcepl@suse.com + +- Add Stop_hash-based_invalidation_w_SOURCE_DATE_EPOCH.patch to + fix problems with SOURCE_DATE_EPOCH variable (bpo-34022) + +------------------------------------------------------------------- +Mon Sep 17 09:44:02 UTC 2018 - Tomáš Chvátal + +- Add patch to fix build with tls1.3 supported openssl + * 00308-tls-1.3.patch +- Add patch to fix Py_Main calls after Py_initialize + * 00307-allow-to-call-Py_Main-after-Py_Initialize.patch + +------------------------------------------------------------------- +Mon Sep 3 15:22:42 UTC 2018 - Matěj Cepl + +- Add -fwrapv to OPTS, which is default for python3 anyway + See for example https://github.com/zopefoundation/persistent/issues/86 + for bugs which are caused by avoiding it. + +------------------------------------------------------------------- +Tue Jul 10 11:12:32 UTC 2018 - mcepl@suse.com + +- Fix ownership of _contextvars, _queue, and _xxtestfuzz + +------------------------------------------------------------------- +Tue Jul 3 15:04:48 UTC 2018 - mcepl@suse.com + +- Switch off LTO for distros with older GCC +- Fix %files + +------------------------------------------------------------------- +Fri Jun 29 14:20:03 UTC 2018 - tchvatal@suse.com + +- Add dependency over libuuid-devel + +------------------------------------------------------------------- +Thu Jun 28 10:42:15 UTC 2018 - mimi.vx@gmail.com + +- update to python 3.7.0 + Complete overview of changes is available on + https://docs.python.org/3/whatsnew/3.7.html, these are just + highlights: + * PEP 563, postponed evaluation of type annotations. + * async and await are now reserved keywords. + * New library modules: + contextvars: PEP 567 – Context Variables + dataclasses: PEP 557 – Data Classes + importlib.resources + * New built-in features: + PEP 553, the new breakpoint() function. + * Python data model improvements: + PEP 562, customization of access to module attributes. + PEP 560, core support for typing module and generic types. + the insertion-order preservation nature of dict objects + has been declared to be an official part of the Python + language spec. + * Significant improvements in the standard library: + The asyncio module has received new features, significant + usability and performance improvements. + The time module gained support for functions with + nanosecond resolution. + * CPython implementation improvements: + Avoiding the use of ASCII as a default text encoding: + PEP 538, legacy C locale coercion + PEP 540, forced UTF-8 runtime mode + PEP 552, deterministic .pycs + the new development runtime mode + PEP 565, improved DeprecationWarning handling + * C API improvements: + PEP 539, new C API for thread-local storage + * Documentation improvements: + PEP 545, Python documentation translations + New documentation translations: Japanese, French, and Korean. +- drop python3-sorted_tar.patch +- drop 0001-allow-for-reproducible-builds-of-python-packages.patch +- refresh python-3.6.0-multilib-new.patch +- refresh subprocess-raise-timeout.patch + * new C API for thread-local storage + * Deterministic pyc files + * Built-in breakpoint() + * Data Classes + * Core support for typing module and generic types + * Customization of access to module attributes + * Postponed evaluation of annotations + * Time functions with nanosecond resolution + * Improved DeprecationWarning handling + * Context Variables + * Avoiding the use of ASCII as a default text encoding + (PEP 538, legacy C locale coercion and PEP 540, forced UTF-8 runtime mode) + * The insertion-order preservation nature of dict objects is now + an official part of the Python language spec. + * Notable performance improvements in many areas. + +------------------------------------------------------------------- +Thu May 17 18:26:42 UTC 2018 - hpj@urpla.net + +- disable lto with gcc versions below 7 (results in link failures) + +------------------------------------------------------------------- +Mon Apr 30 15:23:24 UTC 2018 - jengelh@inai.de + +- Use faster find subcommand execution strategies. + +------------------------------------------------------------------- +Fri Apr 20 16:17:29 UTC 2018 - tchvatal@suse.com + +- Do not mention the testsuite disabling in opts as it was moved to + main pkg so base is test-free + +------------------------------------------------------------------- +Tue Apr 17 08:36:08 UTC 2018 - tchvatal@suse.com + +- As we run in main python package do not generate the pre_checkin + from both now + +------------------------------------------------------------------- +Mon Apr 16 14:11:56 UTC 2018 - tchvatal@suse.com + +- Move the tests from base to generic package wrt bsc#1088573 + * We still fail the whole distro if python3 is not build + * The other archs than x86_64 took couple of hours to unblock + build of other software, this way we work around the issue +- Some tests are still run in -base for the LTO tweaking, but at + least it is not run twice + +------------------------------------------------------------------- +Sat Mar 31 19:41:12 UTC 2018 - mimi.vx@gmail.com + +- update to 3.6.5 + * bugfix release + * see Misc/NEWS for details +- drop ctypes-pass-by-value.patch +- drop fix-localeconv-encoding-for-LC_NUMERIC.patch +- refresh python-3.6.0-multilib-new.patch + +------------------------------------------------------------------ +Wed Mar 7 09:16:39 UTC 2018 - adam@mizerski.pl + +- Created %so_major and %so_minor macros +- Put Tools/gdb/libpython.py script into proper place and ship it with devel + subpackage. + +------------------------------------------------------------------- +Tue Feb 20 15:04:56 UTC 2018 - schwab@suse.de + +- ctypes-pass-by-value.patch: Fix pass by value for structs on aarch64 + +------------------------------------------------------------------- +Tue Feb 20 14:28:00 UTC 2018 - bwiedemann@suse.com + +- Add python3-sorted_tar.patch (boo#1081750) + +------------------------------------------------------------------- +Tue Feb 20 14:08:57 UTC 2018 - tchvatal@suse.com + +- Drop python3-tk and python3-idle recommends to reduce python3 + always pulling X stack bsc#1081751 + +------------------------------------------------------------------- +Wed Feb 7 09:10:03 UTC 2018 - tchvatal@suse.com + +- Add patch to fix glibc 2.27 fail bsc#1079761: + * fix-localeconv-encoding-for-LC_NUMERIC.patch + +------------------------------------------------------------------- +Mon Feb 5 17:14:43 UTC 2018 - normand@linux.vnet.ibm.com + +- Update skip_random_failing_tests.patch (for PowerPC) + to avoid test_call_later failure + +------------------------------------------------------------------- +Wed Jan 24 14:35:58 UTC 2018 - jmatejek@suse.com + +- move XML modules and python3-xml provide to python3-base + (fixes bsc#1077230) +- move ensurepip to base + +------------------------------------------------------------------- +Thu Jan 18 12:31:47 UTC 2018 - normand@linux.vnet.ibm.com + +- Add skip_random_failing_tests.patch only for PowerPC + +------------------------------------------------------------------- +Wed Jan 3 12:18:51 UTC 2018 - jmatejek@suse.com + +- update to 3.6.4 + * bugfix release, over a hundred bugs fixed + * see Misc/NEWS for details +- drop upstreamed python3-ncurses-6.0-accessors.patch +- drop PYTHONSTARTUP hooks that cause spurious startup errors + * fixes bsc#1070738 + * the relevant feature (REPL history) is now built into Python itself + +------------------------------------------------------------------- +Sat Dec 2 11:11:46 UTC 2017 - dimstar@opensuse.org + +- Install 2to3-%{python_version} executable (override defattr of + the -tools package). 2to3 (unversioned) is a symlink and does not + carry permissions (bsc#1070853). + +------------------------------------------------------------------- +Thu Nov 16 11:02:18 UTC 2017 - mimi.vx@gmail.com + +- move 2to3 to python3-tools package + +------------------------------------------------------------------- +Wed Oct 11 13:15:23 UTC 2017 - jmatejek@suse.com + +- update to 3.6.3 + * bugfix release, over a hundred bugs fixed + * see Misc/NEWS for details +- drop upstreamed 0001-3.6-bpo-30714-ALPN-changes-for-OpenSSL-1.1.0f-3093.patch + +------------------------------------------------------------------- +Wed Sep 20 09:54:05 UTC 2017 - dmueller@suse.com + +- drop python-2.7-libffi-aarch64.patch: this patches the intree + copy of libffi which is unused/deleted in the line afterwards +- fix build against system libffi: include flags weren't set + so it actually used the in-tree libffi headers. + +------------------------------------------------------------------- +Thu Sep 14 13:23:10 UTC 2017 - vcizek@suse.com + +- Fix test broken with OpenSSL 1.1 (bsc#1042670) + * add 0001-3.6-bpo-30714-ALPN-changes-for-OpenSSL-1.1.0f-3093.patch + +------------------------------------------------------------------- +Tue Sep 5 11:47:05 UTC 2017 - jengelh@inai.de + +- Update RPM group for python documentation. + +------------------------------------------------------------------- +Thu Aug 31 08:39:31 UTC 2017 - schwab@suse.de + +- fix missing %{?armsuffix} + +------------------------------------------------------------------- +Wed Aug 30 13:41:38 UTC 2017 - jmatejek@suse.com + +- distutils-reproducible-compile.patch: ensure distutils order files + before compiling, which works around bsc#1049186 + +------------------------------------------------------------------- +Thu Aug 17 08:59:05 CEST 2017 - kukuk@suse.de + +- Add libnsl-devel build requires for glibc obsoleting libnsl + +------------------------------------------------------------------- +Thu Aug 3 16:09:26 UTC 2017 - jmatejek@suse.com + +- update to 3.6.2 + * bugfix release, over a hundred bugs fixed + * see Misc/NEWS for details +- drop upstreamed test-socket-aead-kernel49.patch +- add Provides: python3-typing (fixes bsc#1050653) +- drop duplicate Provides: python3 + +------------------------------------------------------------------- +Mon Jun 26 12:10:07 UTC 2017 - jmatejek@suse.com + +- drop db-devel from requirements + +------------------------------------------------------------------- +Tue Jun 20 09:26:52 UTC 2017 - asn@cryptomilk.org + +- Add missing link to python library in config dir (bsc#1040164) + +------------------------------------------------------------------- +Thu Mar 23 12:42:59 UTC 2017 - jmatejek@suse.com + +- update to 3.6.1 + * bugfix release, over a hundred bugs fixed + * never add import location's parent directory to sys.path + * switch to git for version control, build changes related to that + * fix "failed to get random numbers" on old kernels (bsc#1029902) + * several crashes and memory leaks corrected + * f-string are no longer accepted as docstrings + +------------------------------------------------------------------- +Mon Mar 13 14:04:22 UTC 2017 - jmatejek@suse.com + +- prevent regenerating AST at build-time more robustly +- add "--without profileopt" and "--without testsuite" options to python3-base + to allow short circuiting when working on the package + +------------------------------------------------------------------- +Sat Feb 25 20:55:57 UTC 2017 - bwiedemann@suse.com + +- Add 0001-allow-for-reproducible-builds-of-python-packages.patch + upstream https://github.com/python/cpython/pull/296 + +------------------------------------------------------------------- +Wed Feb 8 12:30:20 UTC 2017 - jmatejek@suse.com + +- reenable test_socket with AEAD patch (test-socket-aead-kernel49.patch) +- reintroduce %py3_soflags macro (and better named %cpython3_soabi equivalent) + +------------------------------------------------------------------- +Wed Jan 11 14:57:07 UTC 2017 - jmatejek@suse.com + +- update to 3.6.0 + * PEP 498 Formated string literals + * PEP 515 Underscores in numeric literals + * PEP 526 Syntax for variable annotations + * PEP 525 Asynchronous generators + * PEP 530 Asynchronous comprehensions + * PEP 506 New "secrets" module for safe key generation + * less memory consumed by dicts + * dtrace and systemtap support + * improved asyncio module + * better defaults for ssl + * new hashing algorithms in hashlib + * bytecode format changed to allow more optimizations + * "async" and "await" are on track to be reserved words + * StopIteration from generators is deprecated + * support for openssl < 1.0.2 is deprecated + * os.urandom now blocks when getrandom() blocks + * huge number of new features, bugfixes and optimizations + * see https://docs.python.org/3.6/whatsnew/3.6.html for details +- rework multilib patch: drop Python-3.5.0-multilib.patch, implement + upstreamable python-3.6.0-multilib-new.patch +- refresh python-3.3.0b1-localpath.patch, subprocess-raise-timeout.patch +- drop upstreamed Python-3.5.1-fix_lru_cache_copying.patch +- finally drop python-2.6b1-canonicalize2.patch that was not applied in source + and only kept around in case we needed it in the future. (which we don't, as it seems) +- update import_failed map and baselibs +- build ctypes against system libffi + (buildrequire libffi-devel in python3-base) +- add new key to keyring (signed by keys already in keyring) +- introduced common configure section between python3 and python3-base +- moved pyconfig.h and Makefile to devel subpackage as distutils no longer + need it at runtime +- added python-rpm-macros dependency, regenerated macros file, drop macros.python3.py + because it is not used now +- improve summaries and descriptions (fixes bsc#917607) +- enabled Link-Time Optimization, see what happens +- including skipped_tests.py in pre_checkin.sh run +- run specs through spec-cleaner, rearrange sections + +------------------------------------------------------------------- +Fri Apr 22 17:20:29 UTC 2016 - jmatejek@suse.com + +- move _hashlib and _ssl modules and tests to python3-base +- recommend python3 + +------------------------------------------------------------------- +Tue Mar 15 15:05:23 UTC 2016 - schwab@suse.de + +- Skip test_asyncio under qemu_user_space_build + +------------------------------------------------------------------- +Mon Mar 7 20:38:11 UTC 2016 - toddrme2178@gmail.com + +- Add Python-3.5.1-fix_lru_cache_copying.patch + Fix copying the lru_cache() wrapper object. + Fixes deep-copying lru_cache regression, which worked on + previous versions of python but fails on python 3.5. + This fixes a bunch of packages in devel:languages:python3. + See: https://bugs.python.org/issue25447 + +------------------------------------------------------------------- +Sun Jan 24 00:44:08 UTC 2016 - arichardson.kde@gmail.com + +- Build the docs in .qch format as well + +------------------------------------------------------------------- +Wed Dec 9 07:35:20 UTC 2015 - toddrme2178@gmail.com + +- update to 3.5.1 + * bugfix-only release, dozens of bugs fixed +- Drop upstreamed Python-3.5.0-_Py_atomic_xxx-symbols.patch +- "Python3" to "Python 3" in summary + * This seems cleaner and fixes and rpmlint warning + +------------------------------------------------------------------- +Wed Oct 14 20:21:52 UTC 2015 - toddrme2178@gmail.com + +- Add Python-3.5.0-_Py_atomic_xxx-symbols.patch + This fixes a build error for many packages that use the Python, + C-API. + This patch is already accepted upstream and is slated to appear in + python 3.5.1. + +------------------------------------------------------------------- +Tue Sep 29 15:53:24 UTC 2015 - jmatejek@suse.com + +- update to 3.5.0 + * coroutines with async/await syntax + * matrix multiplication operator `@` + * unpacking generalizations + * new modules `typing` and `zipapp` + * type annotations + * .pyo files replaced by custom suffixes for optimization levels in __pycache__ + * support for memory BIO in ssl module + * performance improvements in several modules + * and many more +- removals and behavior changes + * deprecated `__version__` is removed + * support for .pyo files was removed + * system calls are auto-retried on EINTR + * bare generator expressions in function calls now cause SyntaxError + (change "f(x for x in i)" to "f((x for x in i))" to fix) + * removed undocumented `format` member of private `PyMemoryViewObject` struct + * renamed `PyMemAllocator` to `PyMemAllocatorEx` +- redefine %dynlib macro to reflect that modules now have arch+os as part of name +- module `time` is now built-in +- dropped upstreamed patches: + python-3.4.1-fix-faulthandler.patch + python-3.4.3-test-conditional-ssl.patch + python-fix-short-dh.patch (also dropped dh2048.pem required for this patch) +- updated patch Python-3.3.0b2-multilib.patch to Python-3.5.0-multilib.patch +- python-ncurses-6.0-accessors.patch taken from python 2 to fix build failure + with new gcc + ncurses + +------------------------------------------------------------------- +Wed Sep 9 11:51:22 UTC 2015 - dimstar@opensuse.org + +- Add python3-ncurses-6.0-accessors.patch: Fix build with + NCurses 6.0 and OPAQUE_WINDOW set to 1. + +------------------------------------------------------------------- +Mon Aug 24 17:02:08 UTC 2015 - jmatejek@suse.com + +- improve import_failed hook to do the right thing when invoking + missing modules with "python3 -m modulename" (boo#942751) + +------------------------------------------------------------------- +Thu Jul 23 22:08:10 UTC 2015 - fisiu@opensuse.org + +- Build with --enable-loadable-sqlite-extensions to make it works + as geospatial database. + +------------------------------------------------------------------- +Wed Jul 1 07:07:26 UTC 2015 - dimstar@opensuse.org + +- Fix source list for previous change (add dh2048.pem). + +------------------------------------------------------------------- +Wed Jun 24 06:54:30 UTC 2015 - meissner@suse.com + +- dh2048.pem: added generated 2048 dh parameter set to fix + ssl test (bsc#935856) +- python-fix-short-dh.patch: replace the 512 bits dh parameter set + by 2048 bits to fix build with new openssl 1.0.2c (bsc#935856) + +------------------------------------------------------------------- +Tue May 19 14:59:30 UTC 2015 - schwab@suse.de + +- ctypes-libffi-aarch64.patch: remove upstreamed patch +- python-2.7-libffi-aarch64.patch: Fix argument passing in libffi for + aarch64 + +------------------------------------------------------------------- +Thu May 14 10:58:36 UTC 2015 - jmatejek@suse.com + +- drop the PDF subpackage + (removes the massive texlive dependency, and most likely nobody is + using the PDFs anyway) + +------------------------------------------------------------------- +Thu May 14 09:53:29 UTC 2015 - jmatejek@suse.com + +- python-3.4.3-test-conditional-ssl.patch - restore tests failing because + test_urllib was unconditionally importing ssl (without really needing it) +- restore functionality of multilib patch +- drop libffi-ppc64le.diff because upstream completely changed everything + yet again (sorry ppc64 folks :| ) + + +------------------------------------------------------------------- +Fri May 1 15:11:21 UTC 2015 - mailaender@opensuse.org + +- Update to version 3.4.3 +- Drop upstreamed CVE-2014-4650-CGIHTTPServer-traversal.patch + (bpo#21766) + +------------------------------------------------------------------- +Wed Mar 25 10:57:28 UTC 2015 - rguenther@suse.com + +- Add python-3.4.1-fix-faulthandler.patch, upstream patch for bogus + faulthandler which fails with GCC 5. + +------------------------------------------------------------------- +Sun Jan 11 13:01:30 UTC 2015 - p.drouand@gmail.com + +- asyncio has been merged in python3 main package; provide and + obsolete it +- Remove obsolete AUTHORS section +- Remove redundant %clean section + +------------------------------------------------------------------- +Sat Oct 18 20:14:54 UTC 2014 - crrodriguez@opensuse.org + +- Only pkgconfig(x11) is required for build, not the whole + set of packages provided by xorg-x11-devel metapackage. + +------------------------------------------------------------------- +Mon Oct 13 13:38:20 UTC 2014 - jmatejek@suse.com + +- add %python3_version rpm macro for Fedora compatibility +- add missing argument in import_failed, rename Novell Bugzilla + to SUSE Bugzilla + +------------------------------------------------------------------- +Thu Jul 31 17:24:59 UTC 2014 - dimstar@opensuse.org + +- Rename rpmlintrc to %{name}-rpmlintrc. + Follow the packaging guidelines. + +------------------------------------------------------------------- +Wed Jul 23 16:31:02 UTC 2014 - jmatejek@suse.com + +- CVE-2014-4650-CGIHTTPServer-traversal.patch: CGIHTTPServer file + disclosure and directory traversal through URL-encoded characters + (CVE-2014-4650, bnc#885882) + +------------------------------------------------------------------- +Tue Jul 22 13:55:57 UTC 2014 - jmatejek@suse.com + +- drop python-3.4.1-SUSE-ensurepip.patch for compatibility reasons, + reinstate bundled copies of pip and setuptools + (fixes bnc#885662) +- add more files as sources to silence the validator + +------------------------------------------------------------------- +Wed May 21 11:01:56 UTC 2014 - jmatejek@suse.com + +- update to 3.4.1 + * bugfix-only release, over 300 bugs fixed +- drop upstreamed python-3.4.0rc2-sqlite-3.8.4-tests.patch +- drop upstreamed CVE-2014-2667-mkdir.patch +- include Python release manager keyring and signature file + for the source archive (thus renumbering of source files) + (see https://www.python.org/download/#openpgp-public-keys ) +- move ensurepip to python3, because it transitively requires ssl + +------------------------------------------------------------------- +Fri Apr 4 16:21:40 UTC 2014 - jmatejek@suse.com + +- CVE-2014-2667-mkdir.patch: race condition with reseting umask + in os.makedirs + (CVE-2014-2667, bnc#871152) +- updated multilib patch to include ~/.local/lib64 (bnc#637176) + +------------------------------------------------------------------- +Wed Mar 26 15:24:46 UTC 2014 - jmatejek@suse.com + +- raise timeout value for test_subprocess to 10s (might fix + intermittent build failures in OBS) + +------------------------------------------------------------------- +Mon Mar 24 17:29:31 UTC 2014 - dmueller@suse.com + +- remove blacklisting of test_posix on aarch64: qemu bug is fixed + +------------------------------------------------------------------- +Mon Mar 17 18:26:58 UTC 2014 - jmatejek@suse.com + +- update to 3.4.0 final +- drop upstreamed python-3.4rc2-importlib.patch + +------------------------------------------------------------------- +Sun Mar 16 16:33:25 UTC 2014 - schwab@suse.de + +- Only build with profile-opt if profiling is enabled +- Update test exclusion lists: + * test_ctypes no longer fails on arm + * test_io no longer fails on ppc* + * test_multiprocessing has been split in multiple tests + * test_posix and test_signal fail due to qemu bugs + +------------------------------------------------------------------- +Fri Mar 14 20:26:03 UTC 2014 - andreas.stieger@gmx.de + +- Fix build with SQLite 3.8.4 [bnc#867887], fixing SQLite tests, + adding python-2.7.6-sqlite-3.8.4-tests.patch + +------------------------------------------------------------------- +Thu Feb 27 14:08:40 UTC 2014 - jmatejek@suse.com + +- update to 3.4.0 rc2 + * pre-release bugfixes + * improvements to asyncio library +- drop upstreamed tracemalloc_gcov.patch +- python-3.4rc2-importlib.patch fixes backwards-incompatibility + in the reworked importlib module that blocks build of vim + +------------------------------------------------------------------- +Fri Jan 17 18:45:27 UTC 2014 - jmatejek@suse.com + +- initial commit of 3.4.0 beta 3 + * new stdlib modules: pathlib, enum, statistics, tracemalloc + * asynchronous IO with new asyncio module + * introspection data for builtins + * subprocesses no longer inherit open file descriptors + * standardized metadata for packages + * internal hashing changed to SipHash + * new pickle protocol + * improved handling of codecs + * TLS 1.2 support + * major speed improvements for internal unicode handling + * many bugfixes and optimizations +- see porting guide at: + http://docs.python.org/3.4/whatsnew/3.4.html#porting-to-python-3-4 +- moved several modules to -testsuite subpackage +- updated list of binary extensions, refreshed patches +- tracemalloc_gcov.patch fixes profile-based optimization build +- updated packages and pre_checkin.sh to use ~-version notation + for prereleases +- fix-shebangs part of build process moved to common %prep +- drop python-3.3.2-no-REUSEPORT.patch (upstreamed) +- update baselibs for new soname + +- TODOs: + * require python-pip, make ensurepip work with zypper + +------------------------------------------------------------------- +Wed Dec 4 13:21:26 UTC 2013 - matz@suse.de + +- add ppc64le (ELFv2) support for libffi copy for ctypes module +- Adjust Python-3.3.0b2-multilib.patch for ppc64le (make sys.lib be + "lib64"). +- added patches: + * libffi-ppc64le.diff +------------------------------------------------------------------- +Tue Dec 3 09:51:43 UTC 2013 - adrian@suse.de + +- add ppc64le rules + +------------------------------------------------------------------- +Fri Nov 22 13:17:23 UTC 2013 - speilicke@suse.com + +- Add python-3.3.3-skip-distutils-test_sysconfig_module.patch: + + Disable global and distutils sysconfig comparison test, we deviate + from the default depending on optflags + +------------------------------------------------------------------- +Tue Nov 19 14:28:41 UTC 2013 - jmatejek@suse.com + +- update to 3.3.3 + * bugfix-only release + * many SSL-related fixes + * upstream fix for CVE-2013-4238 + * upstream fixes for CVE-2013-1752 +- move example module xxlimited to python3-testsuite +- drop CVE-2013-4238_py33.patch - it is upstreamed +- remove --with-wide-unicode config option, it is now the default + (and only) choice +- don't touch anything between make and makeinstall +- drop python-3.2b2-buildtime-generate.patch - the issue was caused + by touching things between make and makeinstall +- link pycache entries for import_failed hooks properly + +------------------------------------------------------------------- +Tue Oct 15 17:44:08 UTC 2013 - crrodriguez@opensuse.org + +- build with -DOPENSSL_LOAD_CONF for the same reasons + described in the python2 package. + +------------------------------------------------------------------- +Fri Aug 16 11:35:15 UTC 2013 - jmatejek@suse.com + +- handle NULL bytes in certain fields of SSL certificates + (CVE-2013-4238, bnc#834601) + +------------------------------------------------------------------- +Thu Aug 8 14:54:49 UTC 2013 - dvaleev@suse.com + +- Exclue test_faulthandler from tests on powerpc due to bnc#831629 + +------------------------------------------------------------------- +Thu Jun 13 15:05:34 UTC 2013 - jmatejek@suse.com + +- update to 3.3.2 + * bugfix-only release + * fixes several regressions introduced in 3.3.1 +- switch to xz compression +- move _lzma module to python3-base +- python-3.3.2-no-REUSEPORT.patch to fix build on kernels without SO_REUSEPORT + +------------------------------------------------------------------- +Mon Apr 29 22:32:43 UTC 2013 - schwab@suse.de + +- Readd missing bits from ctypes-libffi-aarch64.patch + +------------------------------------------------------------------- +Sat Apr 13 07:56:51 UTC 2013 - idonmez@suse.com + +- Update to version 3.3.1 + * Fix the –enable-profiling configure switch. + * In IDLE, close the replace dialog after it is used. +- Too many bugfixes to list here, + see See http://hg.python.org/cpython/file/v3.3.0/Misc/NEWS +- Refresh Python-3.3.0b2-multilib.patch +- Refresh python-3.2b2-buildtime-generate.patch +- Drop upstream patches: ctypes-libffi-aarch64.patch, + python-3.2.3rc2-pypirc-secure.patch, python-3.3.0-getdents64.patch + +------------------------------------------------------------------- +Mon Apr 8 11:25:30 UTC 2013 - speilicke@suse.com + +- Exclude sqlite/test and tk/test directories from the respective + sub-packages. These are owned by the testsuite sub-package already + +------------------------------------------------------------------- +Fri Apr 5 12:59:20 UTC 2013 - idonmez@suse.com + +- Add Source URL, see https://en.opensuse.org/title=SourceUrls + +------------------------------------------------------------------- +Wed Apr 3 15:36:04 UTC 2013 - jmatejek@suse.com + +- remove spurious modification of python-3.3.0b1-localpath.patch + that would force installation into /usr/local. + this fixes bnc#809831 + +------------------------------------------------------------------- +Thu Mar 28 18:38:51 UTC 2013 - jmatejek@suse.com + +- replace broken movetogetdents64.diff patch with a correct one + from upstream repo (python-3.3.0-getdents64.patch) + +------------------------------------------------------------------- +Fri Mar 1 07:42:21 UTC 2013 - dmueller@suse.com + +- add ctypes-libffi-aarch64.patch: + * import aarch64 support for libffi in _ctypes module +- add aarch64 to the list of lib64 based archs +- add movetogetdents64.diff: + * port to getdents64, as SYS_getdents is not implemented everywhere + +------------------------------------------------------------------- +Tue Feb 26 08:57:55 UTC 2013 - saschpe@suse.de + +- /etc/rpm/macros.python3 is no %config, it is not meant to be changed + by users. +- Add rpmlintrc with some obvious filters + +------------------------------------------------------------------- +Mon Jan 28 18:14:39 UTC 2013 - jmatejek@suse.com + +- update baselibs for new version of libpython3 + +------------------------------------------------------------------- +Thu Nov 29 17:02:37 UTC 2012 - jmatejek@suse.com + +- fix include path in macros (bnc#787526) +- implement failed import handlers for modules that live in + subpackages - e.g. "import ssl" will now throw a sensible error + message telling you to install "python3" + +------------------------------------------------------------------- +Wed Nov 28 17:02:07 UTC 2012 - jmatejek@suse.com + +- merge python3-xml into python3 +- merge python3-2to3 library into python3-base + and the 2to3 binary into python3-devel + (python3-devel is now in conflict with python-2to3, which + will be dropped) +- enable --with-system-expat for python3, making the xml modules + (and thus python3) depend on expat +- reconfigure tests to disable network and GUI resources, which + the upstream apparently thought is a good idea to enable by default. + this fixes build failures in Factory +- add lzma-devel to build the _lzma module +- moved %dynlib macro definition to common section + +------------------------------------------------------------------- +Mon Nov 5 20:01:46 UTC 2012 - coolo@suse.com + +- buildrequire timezone for the test suite + +------------------------------------------------------------------- +Mon Oct 29 18:21:45 UTC 2012 - dmueller@suse.com + +- disable more checks for qemu builds as they use syscalls not + implemented yet + +------------------------------------------------------------------- +Thu Oct 25 08:14:36 UTC 2012 - Rene.vanPaassen@gmail.com + +- exclude test_math for SLE 11; math library fails on negative + gamma function values close to integers and 0, probably + due to imprecision in -lm on SLE_11_SP2. + +------------------------------------------------------------------- +Tue Oct 16 12:15:34 UTC 2012 - coolo@suse.com + +- buildrequire libbz2-devel explicitly + +------------------------------------------------------------------- +Mon Oct 8 14:33:08 UTC 2012 - jmatejek@suse.com + +- remove distutils.cfg (bnc#658604) + * this changes default prefix for distutils to /usr + * see ML for details: +http://lists.opensuse.org/opensuse-packaging/2012-09/msg00254.html + +------------------------------------------------------------------- +Mon Oct 1 08:53:03 UTC 2012 - idonmez@suse.com + +- Update to final 3.3.0 release + * See http://hg.python.org/cpython/file/v3.3.0/Misc/NEWS + +------------------------------------------------------------------- +Thu Sep 27 12:35:01 UTC 2012 - idonmez@suse.com + +- Correct dependency for python3-testsuite, + python3-tkinter -> python3-tk + +------------------------------------------------------------------- +Thu Aug 23 13:08:11 UTC 2012 - jmatejek@suse.com + +- update to 3.3.0 RC1 + +------------------------------------------------------------------- +Fri Aug 3 12:09:34 UTC 2012 - jmatejek@suse.com + +- update to 3.3.0 beta 1 + * flexible string representation, no longer distinguishing + between wide and narrow Unicode builds + * importlib-based import system + * virtualenv support in core + * namespace packages + * explicit Unicode literals for easier porting + * key-sharing dict implementation reduces memory footprint + of OO code + * hash randomization on by default + * many other new bugfixes and features, check NEWS for details + +- pre_checkin.sh now autofills various version strings in specs +- ship hashlib's fallback modules - those uselessly take up space + when real _hashlib.so from python3 is present, but the space wasted + is only 114kB and it provides python3-base with a working hashlib + module. + (also, this fixes bnc#743787) + +------------------------------------------------------------------- +Fri Jul 27 09:02:41 UTC 2012 - dvaleev@suse.com + +- skip test_io on ppc +- drop test_io ppc patch + +------------------------------------------------------------------- +Thu Jun 28 07:57:58 UTC 2012 - saschpe@suse.de + +- Satisfy source_validator by uncommenting an otherwise unused "Patch" + line + +------------------------------------------------------------------- +Tue Jun 12 15:39:08 UTC 2012 - adrian@suse.de + +- fix logic of checks exclusion + +------------------------------------------------------------------- +Fri May 18 11:50:27 UTC 2012 - idonmez@suse.com + +- update to 3.2.3 + * No changes since rc2 + +------------------------------------------------------------------- +Thu Mar 29 15:44:33 UTC 2012 - jmatejek@suse.com + +- update to 3.2.3rc2 + * fixes several security issues: + * CVE-2012-0845, bnc#747125 + * CVE-2012-1150, bnc#751718 + * CVE-2011-4944, bnc#754447 + * CVE-2011-3389, bnc#754677 +- fix for insecure .pypirc (CVE-2011-4944, bnc#754447) +- disable test_gdb because it is broken by our gdb + +------------------------------------------------------------------- +Thu Feb 16 12:33:12 UTC 2012 - dvaleev@suse.com + +- skip broken test_io test on ppc + +------------------------------------------------------------------- +Wed Jan 18 15:49:47 UTC 2012 - jmatejek@suse.com + +- update to 3.2.2 + * bugfix-only release + * reports "linux2" as sys.platform regardless of Linux kernel +- added pre_checkin.sh to copy common spec sections to python3.spec +- added PACKAGING-NOTES with some helpful info for packagers + +------------------------------------------------------------------- +Sun Dec 25 13:25:01 UTC 2011 - idonmez@suse.com + +- Use system ffi, included one is broken see + http://bugs.python.org/issue11729 and + http://bugs.python.org/issue12081 + +------------------------------------------------------------------- +Fri Dec 9 17:19:55 UTC 2011 - jmatejek@suse.com + +- license.opensuse.org-compatible license headers + +------------------------------------------------------------------- +Fri Dec 2 16:46:44 UTC 2011 - coolo@suse.com + +- add automake as buildrequire to avoid implicit dependency + +------------------------------------------------------------------- +Thu Nov 24 12:42:25 UTC 2011 - agraf@suse.com + +- fix ARM build (exclude some test cases which break for us) + +------------------------------------------------------------------- +Tue Aug 16 17:02:22 UTC 2011 - termim@gmail.com + +- use sysconfig module to get py3_incdir, py3_abiflags, + py3_soflags, python3_sitelib and python3_sitearch + +------------------------------------------------------------------- +Mon Jul 18 16:22:31 UTC 2011 - jmatejek@novell.com + +- update to 3.2.1 + * bugfix-only release, no major changes +- fix build on linux3 platform +- remove upstreamed pybench patch +- install /usr/lib directories in all cases to prevent spurious + "directory not owned" in dependent packages + +------------------------------------------------------------------- +Wed Jun 15 14:16:38 UTC 2011 - jmatejek@novell.com + +- replaced dynamic so version with manual so version, because + autobuild does not support autogeneration + +------------------------------------------------------------------- +Tue May 24 13:39:06 UTC 2011 - jmatejek@novell.com + +- generate macros.python3 at compile-time with fixed values +- don't include bogus values in pyconfig.h, as they can break + third-party packages (bnc#673071) + +------------------------------------------------------------------- +Tue May 17 12:52:51 UTC 2011 - jmatejek@novell.com + +- added Obsoletes: python3 < 3.1 so that the transition from + non-split to split packages goes smoothly + +------------------------------------------------------------------- +Fri May 13 12:38:19 UTC 2011 - jmatejek@novell.com + +- fixed RPM macros to use python3 instead of python +- updated to build --with-wide-unicode (for compatibility with + fedora and our own python 2.x series) + +------------------------------------------------------------------- +Thu Apr 21 03:39:25 UTC 2011 - termim@gmail.com + +- fix python3-base build failure due to pybench.py crash by + python-3.2-pybench.patch +- move pyconfig.h from python3-devel to python3-base package to + make python3-base functional again + +------------------------------------------------------------------- +Wed Mar 23 04:26:28 UTC 2011 - termim@gmail.com + +- update to python 3.2 + * stable ABI, ABI-tagged .so files + * concurrent.futures and many other new or upgraded modules + * PYC repository directories ( __pycache__ ) + * python WSGI 1.0.1 + * Unicode 6.0.0 support + * a great number of bugfixes and assorted improvements + +------------------------------------------------------------------- +Tue Feb 8 19:42:17 CET 2011 - matejcik@suse.cz + +- update to python 3.2 RC2 +- renamed python3-demo to python3-tools, because the demo part + became much smaller than the tools part +- added rpm macros + +------------------------------------------------------------------- +Tue Jan 18 14:13:04 UTC 2011 - jmatejek@novell.com + +- update to python 3.2 beta 2, see NEWS for details +- split off -base package with less dependencies, and a shlib-policy + compliant libpython3 package +- mostly rewritten the spec file with more detailed comments +- cleaned up lists of patches + diff --git a/python311.spec b/python311.spec new file mode 100644 index 0000000..592223c --- /dev/null +++ b/python311.spec @@ -0,0 +1,1059 @@ +# +# spec file for package python311 +# +# Copyright (c) 2025 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%global flavor @BUILD_FLAVOR@%{nil} +%if "%{flavor}" == "doc" +%define psuffix -documentation +%bcond_without doc +%bcond_with base +%bcond_with general +%endif +%if "%{flavor}" == "base" +%define psuffix -core +%bcond_with doc +%bcond_without base +%bcond_with general +%endif +%if "%{flavor}" == "" +%define psuffix %{nil} +%bcond_with doc +%bcond_with base +%bcond_without general +%endif + +%if 0%{?do_profiling} && !0%{?want_reproducible_builds} +%bcond_without profileopt +%else +%bcond_with profileopt +%endif + +# Only for Tumbleweed +# https://en.opensuse.org/openSUSE:Python:Externally_managed +%if 0%{?suse_version} > 1600 +%bcond_without externally_managed +%else +%bcond_with externally_managed +%endif + +%define python_pkg_name python311 +%if "%{python_pkg_name}" == "%{primary_python}" +%define primary_interpreter 1 +%else +%define primary_interpreter 0 +%endif + +# Setting up variables +%define _version %(c=%{version}; echo ${c/[a-z]*/}) +%define tar_suffix %(c=%{_version}; echo ${c#%{_version}}) +%define python_version %(echo %{_version}|cut -d. -f1-2) +# based on the current source tarball +%define python_version_abitag %(c=%{python_version}; echo ${c//./}) +# FIXME %%define python_version_soname %%(c=%%{python_version}; echo ${c//./_}) +%define python_version_soname 3_11 +%if 0%(test -n "%{tar_suffix}" && echo 1) +%define _version %(echo "%{_version}~%{tar_suffix}") +%define tarversion %{version} +%else +%define tarversion %{version} +%endif +# We don't process beta signs well +%define folderversion %{tarversion} +%define tarname Python-%{tarversion} +%define sitedir %{_libdir}/python%{python_version} +# three possible ABI kinds: m - pymalloc, d - debug build; see PEP 3149 +%define abi_kind %{nil} +# python ABI version - used in some file names +%define python_abi %{python_version}%{abi_kind} +# soname ABI tag defined in PEP 3149 +%define abi_tag %{python_version_abitag}%{abi_kind} +# version part of "libpython" package +%define so_major 1 +%define so_minor 0 +%define so_version %{python_version_soname}%{abi_kind}-%{so_major}_%{so_minor} +# rpm and python have different ideas about what is an arch-dependent name, so: +%if "%{__isa_name}" == "ppc" +%define archname %(echo %{_arch} | sed s/ppc/powerpc/) +%else +%define archname %{_arch} +%endif +# our arm has Hardware-Floatingpoint +%if "%{_arch}" == "arm" +%define armsuffix hf +%endif +# Decide whether we want to use mpdecimal +%if 0%{?suse_version} >= 1550 +%bcond_without mpdecimal +%else +%bcond_with mpdecimal +%endif +# pyexpat.cpython-35m-x86_64-linux-gnu +# pyexpat.cpython-35m-powerpc64le-linux-gnu +# pyexpat.cpython-35m-armv7-linux-gnueabihf +# _md5.cpython-38m-x86_64-linux-gnu.so +%define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so +Name: %{python_pkg_name}%{psuffix} +Version: 3.11.12 +Release: 0 +Summary: Python 3 Interpreter +License: Python-2.0 +URL: https://www.python.org/ +Source0: https://www.python.org/ftp/python/%{folderversion}/%{tarname}.tar.xz +Source1: https://www.python.org/ftp/python/%{folderversion}/%{tarname}.tar.xz.sigstore +Source2: baselibs.conf +Source3: README.SUSE +Source4: externally_managed.in +Source7: macros.python3 +Source8: import_failed.py +Source9: import_failed.map +Source10: pre_checkin.sh +Source11: skipped_tests.py +Source19: idle3.desktop +Source20: idle3.appdata.xml +# content of bluez-devel: +# 1. sudo zypper --pkg-cache-dir /tmp install -f -d --no-recommends bluez-devel +# 2. rpm2cpio /tmp/*/*/bluez-devel-*.rpm|cpio -idu +# 3. mkdir Vendor && mv usr/include/* Vendor/ +# 4. tar cJf bluez-devel-vendor.tar.xz Vendor/ +Source21: bluez-devel-vendor.tar.xz +Source98: python311-rpmlintrc +# Tarball is signed by the GPG key of Pablo Galindo Salgado (0x64E628F8D684696D) +# https://keybase.io/pablogsal/pgp_keys.asc?fingerprint=a035c8c19219ba821ecea86b64e628f8d684696d +Source99: python.keyring +# The following files are not used in the build. +# They are listed here to work around missing functionality in rpmbuild, +# which would otherwise exclude them from distributed src.rpm files. +Source100: PACKAGING-NOTES +# PATCH-FEATURE-UPSTREAM F00251-change-user-install-location.patch bsc#[0-9]+ mcepl@suse.com +# Fix installation in /usr/local (boo#1071941), originally from Fedora +# https://src.fedoraproject.org/rpms/python3.12/blob/rawhide/f/00251-change-user-install-location.patch +# Set values of prefix and exec_prefix in distutils install command +# to /usr/local if executable is /usr/bin/python* and RPM build +# is not detected to make pip and distutils install into separate location +Patch02: F00251-change-user-install-location.patch +# PATCH-FEATURE-UPSTREAM distutils-reproducible-compile.patch gh#python/cpython#8057 mcepl@suse.com +# Improve reproduceability +Patch03: distutils-reproducible-compile.patch +# support finding packages in /usr/local, install to /usr/local by default +Patch04: python-3.3.0b1-localpath.patch +# replace DATE, TIME and COMPILER by fixed definitions to aid reproducible builds +Patch05: python-3.3.0b1-fix_date_time_compiler.patch +# POSIX_FADV_WILLNEED throws EINVAL. Use a different constant in test +Patch06: python-3.3.0b1-test-posix_fadvise.patch +# Raise timeout value for test_subprocess +Patch07: subprocess-raise-timeout.patch +# PATCH-FEATURE-UPSTREAM bpo-31046_ensurepip_honours_prefix.patch bpo#31046 mcepl@suse.com +# ensurepip should honour the value of $(prefix) +Patch08: bpo-31046_ensurepip_honours_prefix.patch +# PATCH-FIX-SLE no-skipif-doctests.patch jsc#SLE-13738 mcepl@suse.com +# SLE-15 version of Sphinx doesn't know about skipif directive in doctests. +Patch09: no-skipif-doctests.patch +# PATCH-FIX-SLE skip-test_pyobject_freed_is_freed.patch mcepl@suse.com +# skip a test failing on SLE-15 +Patch10: skip-test_pyobject_freed_is_freed.patch +# PATCH-FIX-SLE fix_configure_rst.patch bpo#43774 mcepl@suse.com +# remove duplicate link targets and make documentation with old Sphinx in SLE +Patch11: fix_configure_rst.patch +# PATCH-FIX-UPSTREAM skip_if_buildbot-extend.patch gh#python/cpython#103053 mcepl@suse.com +# Skip test_freeze_simple_script +Patch13: skip_if_buildbot-extend.patch +# PATCH-FIX-UPSTREAM bsc1221260-test_asyncio-ResourceWarning.patch bsc#1221260 mcepl@suse.com +# prevent ResourceWarning in test_asyncio tests +Patch15: bsc1221260-test_asyncio-ResourceWarning.patch +# PATCH-FIX-OPENSUSE CVE-2023-52425-libexpat-2.6.0-backport.patch +# This problem on libexpat is patched on SLE without version +# update, this patch changes the tests to match the libexpat provided +# by SUSE +Patch16: CVE-2023-52425-libexpat-2.6.0-backport.patch +Patch17: CVE-2023-52425-remove-reparse_deferral-tests.patch +# PATCH-FIX-UPSTREAM bso1227999-reproducible-builds.patch bsc#1227999 mcepl@suse.com +# reproducibility patches +Patch19: bso1227999-reproducible-builds.patch +# PATCH-FIX-UPSTREAM gh120226-fix-sendfile-test-kernel-610.patch gh#python/cpython#120226 mcepl@suse.com +# Fix test_sendfile_close_peer_in_the_middle_of_receiving on Linux >= 6.10 (GH-120227) +Patch22: gh120226-fix-sendfile-test-kernel-610.patch +# PATCH-FIX-UPSTREAM Add platform triplets for 64-bit LoongArch gh#python/cpython#30939 glaubitz@suse.com +Patch24: add-loongarch64-support.patch +BuildRequires: autoconf-archive +BuildRequires: automake +BuildRequires: fdupes +BuildRequires: gmp-devel +BuildRequires: lzma-devel +BuildRequires: netcfg +BuildRequires: openssl-devel +BuildRequires: pkgconfig +BuildRequires: xz +BuildRequires: pkgconfig(bzip2) +BuildRequires: pkgconfig(expat) +BuildRequires: pkgconfig(libffi) +BuildRequires: pkgconfig(uuid) +BuildRequires: pkgconfig(zlib) +#!BuildIgnore: gdk-pixbuf-loader-rsvg +%if 0%{?suse_version} >= 1550 +# The provider for python(abi) is in rpm-build-python +BuildRequires: rpm-build-python +%endif +%if 0%{?suse_version} >= 1500 && 0%{?suse_version} < 1599 +BuildRequires: pkgconfig(libnsl) +BuildRequires: pkgconfig(libtirpc) +%endif +%if %{with mpdecimal} +BuildRequires: mpdecimal-devel +%endif +%if %{with doc} +BuildRequires: python3-Sphinx >= 4.0.0 +%if 0%{?suse_version} >= 1500 +BuildRequires: python3-python-docs-theme >= 2022.1 +%endif +%endif +%if %{with general} +# required for idle3 (.desktop and .appdata.xml files) +BuildRequires: appstream-glib +BuildRequires: gcc-c++ +BuildRequires: gdbm-devel +BuildRequires: gettext +BuildRequires: readline-devel +BuildRequires: sqlite-devel +BuildRequires: timezone +BuildRequires: pkgconfig(ncurses) +BuildRequires: pkgconfig(tk) +BuildRequires: pkgconfig(x11) +Requires: %{python_pkg_name}-base = %{version} +Provides: %{python_pkg_name}-readline +Provides: %{python_pkg_name}-sqlite3 +Recommends: %{python_pkg_name}-curses +Recommends: %{python_pkg_name}-dbm +Recommends: %{python_pkg_name}-pip +%if %{primary_interpreter} +Provides: python3 = %{python_version} +Provides: python3-readline +Provides: python3-sqlite3 +%endif +%endif +%{?suse_build_hwcaps_libs} + +%description +Python 3 is modern interpreted, object-oriented programming language, +often compared to Tcl, Perl, Scheme, or Java. You can find an overview +of Python in the documentation and tutorials included in the python3-doc +package. + +This package supplies rich command line features provided by readline, +and sqlite3 support for the interpreter core, thus forming a so called +"extended" runtime. +Installing "python3" is sufficient for the vast majority of usecases. +In addition, recommended packages provide UI toolkit support (python3-curses, +python3-tk), legacy UNIX database bindings (python3-dbm), and the IDLE +development environment (python3-idle). + +%package -n %{python_pkg_name}-tk +Summary: TkInter, a Python Tk Interface +Requires: %{python_pkg_name} = %{version} +%if %{primary_interpreter} +Provides: python3-tk = %{version} +%endif + +%description -n %{python_pkg_name}-tk +Python interface to Tk. Tk is the GUI toolkit that comes with Tcl. + +%package -n %{python_pkg_name}-curses +Summary: Python Interface to the (N)Curses Library +Requires: %{python_pkg_name} = %{version} +%if %{primary_interpreter} +Provides: python3-curses +%endif + +%description -n %{python_pkg_name}-curses +An easy to use interface to the (n)curses CUI library. CUI stands for +Console User Interface. + +%package -n %{python_pkg_name}-dbm +Summary: Python Interface to the GDBM Library +Requires: %{python_pkg_name} = %{version} +%if %{primary_interpreter} +Provides: python3-dbm +%endif + +%description -n %{python_pkg_name}-dbm +An easy to use interface for Unix DBM databases, and more specifically, +the GNU implementation GDBM. + +%package -n %{python_pkg_name}-idle +Summary: An Integrated Development Environment for Python +Requires: %{python_pkg_name} = %{version} +Requires: %{python_pkg_name}-tk +%if %{primary_interpreter} +Provides: python3-idle = %{version} +%endif + +%description -n %{python_pkg_name}-idle +IDLE is a Tkinter based integrated development environment for Python. +It features a multi-window text editor with multiple undo, Python +colorizing, and many other things, as well as a Python shell window and +a debugger. + +%package -n %{python_pkg_name}-doc +Summary: Package Documentation for Python 3 +Enhances: %{python_pkg_name} = %{python_version} +%if %{primary_interpreter} +Provides: python3-doc = %{version} +%endif + +%description -n %{python_pkg_name}-doc +Tutorial, Global Module Index, Language Reference, Library Reference, +Extending and Embedding Reference, Python/C API Reference, Documenting +Python, and Macintosh Module Reference in HTML format. + +%package -n %{python_pkg_name}-doc-devhelp +Summary: Additional Package Documentation for Python 3 in devhelp format +%if %{primary_interpreter} +Provides: python3-doc-devhelp = %{version} +%endif + +%description -n %{python_pkg_name}-doc-devhelp +Tutorial, Global Module Index, Language Reference, Library Reference, +Extending and Embedding Reference, Python/C API Reference, Documenting +Python, and Macintosh Module Reference in format for devhelp. + +%package -n %{python_pkg_name}-base +Summary: Python 3 Interpreter and Stdlib Core +Requires: libpython%{so_version} = %{version} +Recommends: %{python_pkg_name} = %{version} +#Recommends: python3-ensurepip +# python 3.1 didn't have a separate python-base, so it is wrongly +# not a conflict to have python3-3.1 and python3-base > 3.1 +Obsoletes: python3 < 3.2 +# no Provides, because python3 is obviously provided by package python3 +# python 3.4 provides asyncio +Provides: %{python_pkg_name}-asyncio = %{version} +# python 3.6 provides typing +Provides: %{python_pkg_name}-typing = %{version} +# python3-xml was merged into python3, now moved into -base +Provides: %{python_pkg_name}-xml = %{version} +%if %{primary_interpreter} +Provides: python3-asyncio = %{version} +Obsoletes: python3-asyncio < %{version} +Provides: python3-base = %{version} +Obsoletes: python3-base < %{version} +Provides: python3-typing = %{version} +Obsoletes: python3-typing < %{version} +Provides: python3-xml = %{version} +Obsoletes: python3-xml < %{version} +%endif + +%description -n %{python_pkg_name}-base +Python is an interpreted, object-oriented programming language, and is +often compared to Tcl, Perl, Scheme, or Java. You can find an overview +of Python in the documentation and tutorials included in the python-doc +package. + +This package contains the interpreter core and most commonly used modules +from the standard library. This is sufficient for many usecases, but it +excludes components that depend on external libraries, most notably XML, +database and UI toolkits support. + +%package -n %{python_pkg_name}-tools +Summary: Python Utility and Demonstration Scripts +Requires: %{python_pkg_name}-base = %{version} +Provides: %{python_pkg_name}-2to3 = %{version} +Provides: %{python_pkg_name}-demo = %{version} +%if %{primary_interpreter} +Provides: python3-2to3 = %{version} +Provides: python3-demo = %{version} +Provides: python3-tools = %{version} +Obsoletes: python3-2to3 < %{version} +Obsoletes: python3-demo < %{version} +%endif + +%description -n %{python_pkg_name}-tools +A number of scripts that are useful for building, testing or extending Python, +and a set of demonstration programs. + +%package -n %{python_pkg_name}-devel +Summary: Include Files and Libraries Mandatory for Building Python Modules +Requires: %{python_pkg_name}-base = %{version} +%if %{primary_interpreter} +Provides: python3-devel = %{version} +%endif + +%description -n %{python_pkg_name}-devel +The Python programming language's interpreter can be extended with +dynamically loaded extensions and can be embedded in other programs. + +This package contains header files, a static library, and development +tools for building Python modules, extending the Python interpreter or +embedding Python in applications. + +This also includes the Python distutils, which were in the Python +package up to version 2.2.2. + +%package -n %{python_pkg_name}-testsuite +Summary: Unit tests for Python and its standard library +Requires: %{python_pkg_name} = %{version} +Requires: %{python_pkg_name}-tk = %{version} +%if %{primary_interpreter} +Provides: python3-testsuite = %{version} +%endif + +%description -n %{python_pkg_name}-testsuite +Unit tests that are useful for verifying integrity and functionality +of the installed Python interpreter and standard library. +They are a documented part of stdlib, as a module 'test'. + +%package -n libpython%{so_version} +Summary: Python Interpreter shared library +Requires: %{python_pkg_name}-base >= %{version} + +%description -n libpython%{so_version} +Python is an interpreted, object-oriented programming language, and is +often compared to Tcl, Perl, Scheme, or Java. You can find an overview +of Python in the documentation and tutorials included in the python-doc +(HTML) or python-doc-pdf (PDF) packages. + +This package contains libpython3.2 shared library for embedding in +other applications. + +%prep +%setup -q -n %{tarname} + +%patch -p1 -P 02 +%patch -p1 -P 03 +%patch -p1 -P 04 +%patch -p1 -P 05 +%patch -p1 -P 06 +%patch -p1 -P 07 +%patch -p1 -P 08 + +%if 0%{?suse_version} <= 1500 +%patch -P 09 -p1 +%endif + +%patch -p1 -P 10 +%patch -p1 -P 11 +%patch -p1 -P 13 +%patch -p1 -P 15 +%patch -p1 -P 16 +%patch -p1 -P 17 +%patch -p1 -P 19 +%patch -p1 -P 22 +%patch -p1 -P 24 + +# drop Autoconf version requirement +sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac + +%if %{primary_interpreter} +# fix shebangs - convert /usr/local/bin/python and /usr/bin/env/python to /usr/bin/python3 +for dir in Lib Tools; do + # find *.py, filter to files that contain bad shebangs + # break up "/""usr" like this to prevent replacing with %%{_prefix} + find $dir -name '*.py' -type f -print0 \ + | xargs -0 grep -lE '^#! *(/''usr/.*bin/(env +)?)?python' \ + | xargs sed -r -i -e '1s@^#![[:space:]]*(/''usr/(local/)?bin/(env +)?)?python([0-9]+(\.[0-9]+)?)?@#!%{_bindir}/python3@' +done +%else +# For non-primary Python, just don't bother (bsc#1193179) and remove all +# those shebangs +for dir in Lib Tools; do + find $dir -name '*.py' -type f -exec sed -i '1{/^#!.*python/ d}' '{}' \; +done +# We shortened the file Lib/pdb.py so we have to move the test breakpoint location +sed -i -e '/Breakpoint 3 at ...pdb.py:97/s/97/96/' Lib/test/test_pdb.py +%endif + +# drop in-tree libffi and expat +rm -r Modules/_ctypes/libffi* Modules/_ctypes/darwin +# Cannot remove it because of gh#python/cpython#92875 +# rm -r Modules/expat + +# drop duplicate README from site-packages +rm Lib/site-packages/README.txt + +# Add vendored bluez-devel files +tar xvf %{SOURCE21} + +# Don't fail on warnings when building documentation +sed -i -e '/^SPHINXERRORHANDLING/s/-W//' Doc/Makefile + +%build +%if %{with doc} +TODAY_DATE=`date -r %{SOURCE0} "+%%B %%d, %%Y"` +# TODO use not date of tarball but date of latest patch + +cd Doc +sed -i "s/^today = .*/today = '$TODAY_DATE'/" conf.py +%make_build -j1 html + +# Build also devhelp files +sphinx-build -a -b devhelp . build/devhelp +rm -rfv build/devhelp/.doctrees +%else +%define _lto_cflags %{nil} +# use rpm_opt_flags +export OPT="%{optflags} -DOPENSSL_LOAD_CONF -fwrapv $(pkg-config --cflags-only-I libffi) -fno-semantic-interposition" + +touch -r %{SOURCE0} Makefile.pre.in + +autoreconf -fvi + +%if 0%{?sles_version} +sed -e 's/-fprofile-correction//' -i Makefile.pre.in +%endif + +export CFLAGS="%{optflags} -IVendor/" + +%configure \ + --with-platlibdir=%{_lib} \ + --docdir=%{_docdir}/python \ + --enable-ipv6 \ + --enable-shared \ + --with-ensurepip=no \ + --with-system-ffi \ + --with-system-expat \ + --with-lto \ +%if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150400 + --with-ssl-default-suites=openssl \ +%endif +%if %{with profileopt} + --enable-optimizations \ +%endif +%if %{with mpdecimal} + --with-system-libmpdec \ +%endif + --enable-loadable-sqlite-extensions + +# prevent make from trying to rebuild PYTHON_FOR_GEN stuff +# %%make_build -t Python/Python-ast.c \ + # Include/Python-ast.h \ + # Objects/typeslots.inc \ + # Python/opcode_targets.h \ + # Include/opcode.h +%make_build + +%if %{with general} +%make_build +%endif +%if %{with base} +%if %{with profileopt} + target=profile-opt +%else + target=all +%endif +LD_LIBRARY_PATH=.:$LD_LIBRARY_PATH \ + %make_build $target +%endif +%endif + +%check +export SUSE_VERSION="0%{?suse_version}" +export SLE_VERSION="0%{?sle_version}" +%if %{with general} +# exclude test_gdb -- it doesn't run in buildservice anyway, and fails on missing debuginfos +# when you install gdb into your test env +EXCLUDE="test_gdb" +# we patch out the message to recommend zypper in and thus this would fail +EXCLUDE="$EXCLUDE test_pydoc" + +%ifarch %{arm} s390x +# test_multiprocessing_forkserver is racy +EXCLUDE="$EXCLUDE test_multiprocessing_forkserver" +%endif +%ifarch ppc ppc64 ppc64le +# exclue test_faulthandler due to bnc#831629 +EXCLUDE="$EXCLUDE test_faulthandler" +%endif +# some tests break in QEMU +%if 0%{?qemu_user_space_build} +EXCLUDE="$EXCLUDE test_faulthandler test_multiprocessing_forkserver test_multiprocessing_spawn test_os test_posix test_signal test_socket test_subprocess" +%endif + +# This test (part of test_uuid) requires real network interfaces +# so that ifconfig output has "HWaddr ". Some kvm instances +# done have any such interface breaking the uuid module. +EXCLUDE="$EXCLUDE test_uuid" + +# bsc#1195140 and bpo#37169 - test_capi is failing on openSUSE, and not sure why +EXCLUDE="$EXCLUDE test_capi" + +# Limit virtual memory to avoid spurious failures +if test $(ulimit -v) = unlimited || test $(ulimit -v) -gt 10000000; then + ulimit -v 11000000 || : +fi + +# test_freeze_simple_script in test.test_tools.test_freeze.TestFreeze +# uses CONFIG_ARGS to run ./configure. +export CONFIG_ARGS="--enable-ipv6 --enable-shared --with-ensurepip=no \ + --with-system-ffi --with-system-expat --with-lto --enable-optimizations \ + --with-system-libmpdec --enable-loadable-sqlite-extensions" + +export PYTHONPATH="$(pwd -P)/Lib" +# Use timeout, like make target buildbottest +# We cannot run tests parallel, because osc build environment doesn’t +# have /dev/shm +%make_build -j1 test TESTOPTS="-u curses -v -x $EXCLUDE --timeout=5400" +# use network, be verbose: +#make test TESTOPTS="-l -u network -v" +%endif + +%install +%if %{with doc} +export PDOCS=%{buildroot}%{_docdir}/python%{python_version} +mkdir -p $PDOCS +# generated docs +rm Doc/build/*/.buildinfo +cp -r Doc/build/html $PDOCS +# misc +install -d -m 755 $PDOCS/Misc +rm Misc/README.AIX +for i in Misc/* ; do + [ -f $i ] && install -c -m 644 $i $PDOCS/Misc/ +done +# devhelp +mkdir -p %{buildroot}%{_datadir}/gtk-doc/html +cp -r Doc/build/devhelp %{buildroot}%{_datadir}/gtk-doc/html/Python%{python_version} +rm -rf %{buildroot}%{_datadir}/gtk-doc/html/Python%{python_version}/.doctrees +%endif +%if %{with general} +%make_install + +# clean out stuff that is in python-base and subpackages + +find %{buildroot}%{_bindir} -mindepth 1 -not -name "*idle3*" -print -delete +rm %{buildroot}%{_libdir}/lib* +rm -r %{buildroot}%{_libdir}/pkgconfig +rm -r %{buildroot}%{_mandir}/* +rm -r %{buildroot}%{_includedir}/* + +rm -r %{buildroot}%{sitedir}/config* +find %{buildroot}%{sitedir} -name "*.egg-info" -delete +rm -r %{buildroot}%{sitedir}/__pycache__ +rm -r %{buildroot}%{sitedir}/site-packages +rm %{buildroot}%{sitedir}/*.* + +for module in \ + asyncio ctypes collections concurrent distutils email encodings \ + ensurepip html http re \ + importlib json logging multiprocessing pydoc_data unittest \ + urllib venv wsgiref lib2to3 test tomllib turtledemo \ + xml xmlrpc zoneinfo __phello__ +do + rm -r %{buildroot}%{sitedir}/$module +done + +for library in \ + array _asyncio audioop binascii _bisect _bz2 cmath _codecs_* \ + _contextvars _crypt _csv _ctypes _datetime _decimal fcntl grp \ + _hashlib _heapq _json _lsprof _lzma math mmap _multibytecodec \ + _multiprocessing _opcode ossaudiodev _pickle _posixshmem \ + _posixsubprocess _queue _random resource select _ssl _socket spwd \ + _statistics _struct syslog termios _testbuffer _testimportmultiple \ + _testmultiphase unicodedata zlib _ctypes_test _testinternalcapi _testcapi \ + _typing _testclinic xxlimited xxlimited_35 \ + _xxtestfuzz _xxsubinterpreters _elementtree pyexpat _md5 _sha1 \ + _sha256 _sha512 _blake2 _sha3 _uuid _zoneinfo +do + eval rm "%{buildroot}%{sitedir}/lib-dynload/$library.*" +done + +# Idle is not packaged in base due to the appstream-glib dependency +# move idle config into /etc +install -d -m 755 %{buildroot}%{_sysconfdir}/idle%{python_version} +( + cd %{buildroot}/%{sitedir}/idlelib/ + for file in *.def ; do + mv $file %{buildroot}%{_sysconfdir}/idle%{python_version}/ + ln -sf %{_sysconfdir}/idle%{python_version}/$file %{buildroot}/%{sitedir}/idlelib/ + done +) + +# keep just idle3.X +rm %{buildroot}%{_bindir}/idle3 + +# install idle icons +for size in 16 32 48 ; do + install -m 644 -D Lib/idlelib/Icons/idle_${size}.png \ + %{buildroot}%{_datadir}/icons/hicolor/${size}x${size}/apps/idle%{python_version}.png +done + +# install idle desktop file +cp %{SOURCE19} idle%{python_version}.desktop +sed -i -e 's:idle3:idle%{python_version}:g' idle%{python_version}.desktop +install -m 644 -D -t %{buildroot}%{_datadir}/applications idle%{python_version}.desktop + +cp %{SOURCE20} idle%{python_version}.appdata.xml +sed -i -e 's:idle3.desktop:idle%{python_version}.desktop:g' idle%{python_version}.appdata.xml +install -m 644 -D -t %{buildroot}%{_datadir}/metainfo idle%{python_version}.appdata.xml +appstream-util validate-relax --nonet %{buildroot}%{_datadir}/metainfo/idle%{python_version}.appdata.xml + +%fdupes %{buildroot}/%{_libdir}/python%{python_version} +%endif +%if %{with base} +%make_install + +# remove .a +find %{buildroot} -name "*.a" -delete + +# install "site-packages" and __pycache__ for third parties +install -d -m 755 %{buildroot}%{sitedir}/site-packages +install -d -m 755 %{buildroot}%{sitedir}/site-packages/__pycache__ +# and their 32bit counterparts explicitly +mkdir -p %{buildroot}%{_prefix}/lib/python%{python_version}/site-packages/__pycache__ + +# cleanup parts that don't belong +for dir in curses dbm sqlite3 tkinter idlelib; do + find "%{buildroot}/%{sitedir}/$dir"/* -maxdepth 0 -name "test" -o -exec rm -rf {} + +done +rm -fv %{buildroot}%{dynlib nis} + +# overwrite the copied binary with a link +ln -sf python%{python_version} %{buildroot}%{_bindir}/python3 + +# decide to ship python3 or just python3.X +%if !%{primary_interpreter} +# base +rm %{buildroot}%{_bindir}/python3 +rm %{buildroot}%{_bindir}/pydoc3 +rm %{buildroot}%{_mandir}/man1/python3.1 +# devel +rm %{buildroot}%{_bindir}/python3-config +rm %{buildroot}%{_libdir}/libpython3.so +rm %{buildroot}%{_libdir}/pkgconfig/{python3,python3-embed}.pc +%endif + +%if %{with externally_managed} +# PEP-0668 mark this as a distro maintained python +sed -e 's,__PYTHONPREFIX__,%{python_pkg_name},' -e 's,__PYTHON__,python%{python_version},' < %{SOURCE4} > %{buildroot}%{sitedir}/EXTERNALLY-MANAGED +%endif + +# link shared library instead of static library that tools expect +ln -s ../../libpython%{python_abi}.so %{buildroot}%{_libdir}/python%{python_version}/config-%{python_abi}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}/libpython%{python_abi}.so + +# delete idle3, which has to many packaging dependencies for base +rm %{buildroot}%{_bindir}/idle3* + +# delete the generic 2to3 binary if we are not primary +%if !%{primary_interpreter} +rm %{buildroot}%{_bindir}/2to3 +%endif + +# replace duplicate .pyo/.pyc with hardlinks +%fdupes %{buildroot}/%{sitedir} + +# documentation +export PDOCS=%{buildroot}%{_docdir}/%{name} +install -d -m 755 $PDOCS +install -c -m 644 %{SOURCE3} $PDOCS/ +install -c -m 644 README.rst $PDOCS/ + +# tools +for x in `find Tools/ \( -not -name Makefile \) -print | sort` ; do + test -d $x && ( install -c -m 755 -d $PDOCS/$x ) \ + || ( install -c -m 644 $x $PDOCS/$x ) +done +# gdb script is shipped with devel subpackage +rm -r $PDOCS/Tools/gdb +# clean up the bat files +find "$PDOCS" -name "*.bat" -delete + +# put gdb helper script into place +install -m 755 -D Tools/gdb/libpython.py %{buildroot}%{_datadir}/gdb/auto-load/%{_libdir}/libpython%{python_abi}.so.%{so_major}.%{so_minor}-gdb.py + +# install devel files to /config +#cp Makefile Makefile.pre.in Makefile.pre $RPM_BUILD_ROOT%%{sitedir}/config-%%{python_abi}/ + +# Remove -IVendor/ from python-config boo#1231795 +sed -i 's/-IVendor\///' %{buildroot}%{_bindir}/python%{python_abi}-config + +# RPM macros +%if %{primary_interpreter} +mkdir -p %{buildroot}%{_rpmconfigdir}/macros.d/ +install -m 644 %{SOURCE7} %{buildroot}%{_rpmconfigdir}/macros.d/ # macros.python3 +%endif + +# import_failed hooks +FAILDIR=%{buildroot}/%{sitedir}/_import_failed +mkdir $FAILDIR +install -m 644 %{SOURCE8} %{SOURCE9} $FAILDIR # import_failed.* +LD_LIBRARY_PATH=. ./python -c "from py_compile import compile; compile('$FAILDIR/import_failed.py', dfile='%{sitedir}/_import_failed/import_failed.py')" +LD_LIBRARY_PATH=. ./python -O -c "from py_compile import compile; compile('$FAILDIR/import_failed.py', dfile='%{sitedir}/_import_failed/import_failed.py')" +( + cd $FAILDIR + while read package modules; do + for module in $modules; do + ln import_failed.py $module.py + pushd __pycache__ + for i in import_failed*; do + ln $i "$module${i#import_failed}" + done + popd + done + done < %{SOURCE9} +) +echo %{sitedir}/_import_failed > %{buildroot}/%{sitedir}/site-packages/zzzz-import-failed-hooks.pth +%endif + +# For the purposes of reproducibility, it is necessary to eliminate any *.pyc files inside documentation dirs +if [ -d %{buildroot}%{_defaultdocdir} ] ; then +find %{buildroot}%{_defaultdocdir} -type f -name \*.pyc -ls -exec rm -vf '{}' \; +fi + +%if %{with general} +%files -n %{python_pkg_name}-tk +%{sitedir}/tkinter +%exclude %{sitedir}/tkinter/test +%{dynlib _tkinter} + +%files -n %{python_pkg_name}-curses +%{sitedir}/curses +%{dynlib _curses} +%{dynlib _curses_panel} + +%files -n %{python_pkg_name}-dbm +%{sitedir}/dbm +%{dynlib _dbm} +%{dynlib _gdbm} + +%files -n %{python_pkg_name} +%dir %{sitedir} +%dir %{sitedir}/lib-dynload +%{sitedir}/sqlite3 +%exclude %{sitedir}/sqlite3/test +%{dynlib readline} +%{dynlib _sqlite3} +%if 0%{?suse_version} < 1599 +%{dynlib nis} +%endif + +%files -n %{python_pkg_name}-idle +%{sitedir}/idlelib +%dir %{_sysconfdir}/idle%{python_version} +%config %{_sysconfdir}/idle%{python_version}/* +%doc Lib/idlelib/README.txt +%doc Lib/idlelib/TODO.txt +%doc Lib/idlelib/extend.txt +%doc Lib/idlelib/ChangeLog +%{_bindir}/idle%{python_version} +%{_datadir}/applications/idle%{python_version}.desktop +%{_datadir}/metainfo/idle%{python_version}.appdata.xml +%{_datadir}/icons/hicolor/*/apps/idle%{python_version}.png +%dir %{_datadir}/icons/hicolor +%dir %{_datadir}/icons/hicolor/16x16 +%dir %{_datadir}/icons/hicolor/32x32 +%dir %{_datadir}/icons/hicolor/48x48 +%dir %{_datadir}/icons/hicolor/*/apps +# endif for if general +%endif + +%if %{with doc} +%files -n %{python_pkg_name}-doc +%dir %{_docdir}/python%{python_version} +%doc %{_docdir}/python%{python_version}/Misc +%doc %{_docdir}/python%{python_version}/html + +%files -n %{python_pkg_name}-doc-devhelp +%dir %{_datadir}/gtk-doc +%dir %{_datadir}/gtk-doc/html +%doc %{_datadir}/gtk-doc/html/Python%{python_version} +%endif + +%if %{with base} +%post -n libpython%{so_version} -p /sbin/ldconfig +%postun -n libpython%{so_version} -p /sbin/ldconfig + +%files -n libpython%{so_version} +%{_libdir}/libpython%{python_abi}.so.%{so_major}.%{so_minor} + +%files -n %{python_pkg_name}-tools +%{sitedir}/turtledemo +%if %{primary_interpreter} +%{_bindir}/2to3 +%endif +%attr(755, root, root)%{_bindir}/2to3-%{python_version} +%doc %{_docdir}/%{name}/Tools + +%files -n %{python_pkg_name}-devel +%{_libdir}/libpython%{python_abi}.so +%if %{primary_interpreter} +%{_libdir}/libpython3.so +%endif +%{_libdir}/pkgconfig/* +%{_includedir}/python%{python_abi} +%{sitedir}/config-%{python_abi}-* +%{_bindir}/python%{python_abi}-config +%if %{primary_interpreter} +%{_bindir}/python3-config +%endif +# Own these directories to not depend on gdb +%dir %{_datadir}/gdb +%dir %{_datadir}/gdb/auto-load +%dir %{_datadir}/gdb/auto-load%{_prefix} +%dir %{_datadir}/gdb/auto-load%{_libdir} +%{_datadir}/gdb/auto-load/%{_libdir}/libpython%{python_abi}.so.%{so_major}.%{so_minor}-gdb.py + +%files -n %{python_pkg_name}-testsuite +%{sitedir}/test +%{sitedir}/*/test +%{sitedir}/*/tests +%{dynlib _ctypes_test} +%{dynlib _testbuffer} +%{dynlib _testcapi} +%{dynlib _testclinic} +%{dynlib _testinternalcapi} +%{dynlib _testimportmultiple} +%{dynlib _testmultiphase} +%{dynlib xxlimited} +# workaround for missing packages +%dir %{sitedir}/sqlite3 +%dir %{sitedir}/tkinter + +%files -n %{python_pkg_name}-base +# docs +%dir %{_docdir}/%{name} +%doc %{_docdir}/%{name}/README.rst +%license LICENSE +%doc %{_docdir}/%{name}/README.SUSE +%if %{primary_interpreter} +%{_mandir}/man1/python3.1%{?ext_man} +%endif +%{_mandir}/man1/python%{python_version}.1%{?ext_man} +%if %{with externally_managed} +# PEP-0668 +%{sitedir}/EXTERNALLY-MANAGED +%endif +# license text, not a doc because the code can use it at run-time +%{sitedir}/LICENSE.txt +# RPM macros +%if %{primary_interpreter} +%{_rpmconfigdir}/macros.d/macros.python3 +%endif +# binary parts +%dir %{sitedir}/lib-dynload +%{dynlib array} +%{dynlib _asyncio} +%{dynlib audioop} +%{dynlib binascii} +%{dynlib _bisect} +%{dynlib _bz2} +%{dynlib cmath} +%{dynlib _codecs_cn} +%{dynlib _codecs_hk} +%{dynlib _codecs_iso2022} +%{dynlib _codecs_jp} +%{dynlib _codecs_kr} +%{dynlib _codecs_tw} +%{dynlib _contextvars} +%{dynlib _crypt} +%{dynlib _csv} +%{dynlib _ctypes} +%{dynlib _datetime} +%{dynlib _decimal} +%{dynlib _elementtree} +%{dynlib fcntl} +%{dynlib grp} +%{dynlib _hashlib} +%{dynlib _heapq} +%{dynlib _json} +%{dynlib _lsprof} +%{dynlib _lzma} +%{dynlib math} +%{dynlib mmap} +%{dynlib _multibytecodec} +%{dynlib _multiprocessing} +%{dynlib _opcode} +%{dynlib ossaudiodev} +%{dynlib _pickle} +%{dynlib _posixshmem} +%{dynlib _posixsubprocess} +%{dynlib pyexpat} +%{dynlib _queue} +%{dynlib _random} +%{dynlib resource} +%{dynlib select} +%{dynlib _socket} +%{dynlib spwd} +%{dynlib _ssl} +%{dynlib _statistics} +%{dynlib _struct} +%{dynlib syslog} +%{dynlib termios} +%{dynlib _typing} +%{dynlib unicodedata} +%{dynlib _uuid} +%{dynlib _xxsubinterpreters} +%{dynlib _xxtestfuzz} +%{dynlib xxlimited_35} +%{dynlib zlib} +%{dynlib _zoneinfo} +# hashlib fallback modules +%{dynlib _blake2} +%{dynlib _md5} +%{dynlib _sha1} +%{dynlib _sha256} +%{dynlib _sha512} +%{dynlib _sha3} +# python parts +%dir %{_prefix}/lib/python%{python_version} +%dir %{_prefix}/lib/python%{python_version}/site-packages +%dir %{_prefix}/lib/python%{python_version}/site-packages/__pycache__ +%dir %{sitedir} +%dir %{sitedir}/site-packages +%dir %{sitedir}/site-packages/__pycache__ +%exclude %{sitedir}/*/test +%exclude %{sitedir}/*/tests +%{sitedir}/*.py +%{sitedir}/asyncio +%{sitedir}/ctypes +%{sitedir}/collections +%{sitedir}/concurrent +%{sitedir}/distutils +%{sitedir}/email +%{sitedir}/encodings +%{sitedir}/ensurepip +%{sitedir}/html +%{sitedir}/http +%{sitedir}/importlib +%{sitedir}/json +%{sitedir}/lib2to3 +%{sitedir}/logging +%{sitedir}/multiprocessing +%{sitedir}/pydoc_data +%{sitedir}/re +%{sitedir}/tomllib +%{sitedir}/unittest +%{sitedir}/urllib +%{sitedir}/venv +%{sitedir}/wsgiref +%{sitedir}/xml +%{sitedir}/xmlrpc +%{sitedir}/zoneinfo +%{sitedir}/__phello__ +%{sitedir}/__pycache__ +# import-failed hooks +%{sitedir}/_import_failed +%{sitedir}/site-packages/zzzz-import-failed-hooks.pth +# symlinks +%if %{primary_interpreter} +%{_bindir}/python3 +%{_bindir}/pydoc3 +%endif +# executables +%attr(755, root, root) %{_bindir}/pydoc%{python_version} +# %%attr(755, root, root) %%{_bindir}/python%%{python_abi} +%attr(755, root, root) %{_bindir}/python%{python_version} +# endif for if base +%endif + +%changelog diff --git a/skip-test_pyobject_freed_is_freed.patch b/skip-test_pyobject_freed_is_freed.patch new file mode 100644 index 0000000..6f48b09 --- /dev/null +++ b/skip-test_pyobject_freed_is_freed.patch @@ -0,0 +1,23 @@ +--- + Lib/test/test_capi/test_misc.py | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/Lib/test/test_capi/test_misc.py ++++ b/Lib/test/test_capi/test_misc.py +@@ -40,6 +40,8 @@ import _testinternalcapi + # Were we compiled --with-pydebug or with #define Py_DEBUG? + Py_DEBUG = hasattr(sys, 'gettotalrefcount') + ++# Which version of the SLE distro we build on? ++SLE_VERSION = int(os.environ.get('SLE_VERSION', '0'), 10) + + NULL = None + +@@ -1281,6 +1283,7 @@ class PyMemDebugTests(unittest.TestCase) + def test_pyobject_forbidden_bytes_is_freed(self): + self.check_pyobject_is_freed('check_pyobject_forbidden_bytes_is_freed') + ++ @unittest.skipIf(0 < SLE_VERSION < 150300, 'Failing on Leap 15.*') + def test_pyobject_freed_is_freed(self): + self.check_pyobject_is_freed('check_pyobject_freed_is_freed') + diff --git a/skip_if_buildbot-extend.patch b/skip_if_buildbot-extend.patch new file mode 100644 index 0000000..fd9a584 --- /dev/null +++ b/skip_if_buildbot-extend.patch @@ -0,0 +1,15 @@ +--- + Lib/test/support/__init__.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/Lib/test/support/__init__.py ++++ b/Lib/test/support/__init__.py +@@ -384,7 +384,7 @@ def skip_if_buildbot(reason=None): + if not reason: + reason = 'not suitable for buildbots' + try: +- isbuildbot = getpass.getuser().lower() == 'buildbot' ++ isbuildbot = getpass.getuser().lower() in ['buildbot', 'abuild'] + except (KeyError, EnvironmentError) as err: + warnings.warn(f'getpass.getuser() failed {err}.', RuntimeWarning) + isbuildbot = False diff --git a/skipped_tests.py b/skipped_tests.py new file mode 100644 index 0000000..47002e6 --- /dev/null +++ b/skipped_tests.py @@ -0,0 +1,69 @@ +#!/usr/bin/python3 +""" +Simple regexp-based skipped test checker. +It lists tests that are mentioned (presumably for exclusion) +in BASE, and in MAIN (presumably for inclusion) +and reports discrepancies. + +This will have a number of +""" + +MAIN = "python39.spec" + +import glob +import re +from os.path import basename + +alltests = set() +qemu_exclusions = set() + +for item in glob.glob("Python-*/Lib/test/test_*"): + testname = basename(item) + if testname.endswith(".py"): + testname = testname[:-3] + alltests.add(testname) + +testre = re.compile(r'[\s"](test_\w+)\b') + +def find_tests_in_spec(specname): + global qemu_exclusions + + found_tests = set() + with open(specname) as spec: + in_qemu = False + for line in spec: + line = line.strip() + if "#" in line: + line = line[:line.index("#")] + tests = set(testre.findall(line)) + found_tests |= tests + if line == "%if 0%{?qemu_user_space_build} > 0": + in_qemu = True + if in_qemu: + if line == "%endif": + in_qemu = False + qemu_exclusions |= tests + return found_tests + +excluded = find_tests_in_spec(MAIN) + +#print("--- excluded tests:", " ".join(sorted(excluded))) +#print("--- included tests:", " ".join(sorted(included))) + +mentioned = excluded +nonexistent = mentioned - alltests +missing = excluded - qemu_exclusions + +print("--- the following tests are excluded for QEMU and not tested in python") +print("--- (that probably means we don't need to worry about them)") +for test in sorted(qemu_exclusions - excluded): + print(test) + +print("--- the following tests might be excluded in python:") +for test in sorted(missing): + print(test) + +if nonexistent: + print("--- the following tests don't exist:") + for test in sorted(nonexistent): + print(test) diff --git a/subprocess-raise-timeout.patch b/subprocess-raise-timeout.patch new file mode 100644 index 0000000..ab29d50 --- /dev/null +++ b/subprocess-raise-timeout.patch @@ -0,0 +1,18 @@ +--- + Lib/test/test_subprocess.py | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +Index: Python-3.11.8/Lib/test/test_subprocess.py +=================================================================== +--- Python-3.11.8.orig/Lib/test/test_subprocess.py ++++ Python-3.11.8/Lib/test/test_subprocess.py +@@ -280,7 +280,8 @@ class ProcessTestCase(BaseTestCase): + "time.sleep(3600)"], + # Some heavily loaded buildbots (sparc Debian 3.x) require + # this much time to start and print. +- timeout=3) ++ # OBS might require even more ++ timeout=10) + self.fail("Expected TimeoutExpired.") + self.assertEqual(c.exception.output, b'BDFL') + -- 2.51.1 From 6bf579cdde695666e269b9a985c0ed461142d4070bb6ec03df5ba13d8036295a Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Tue, 15 Apr 2025 13:00:57 +0000 Subject: [PATCH 117/135] Fix changelog OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=168 --- python311.changes | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/python311.changes b/python311.changes index f3694cf..8cee3dc 100644 --- a/python311.changes +++ b/python311.changes @@ -44,7 +44,7 @@ Fri Apr 11 08:54:19 UTC 2025 - Matej Cepl - gh-106883: Disable GC during the _PyThread_CurrentFrames() and _PyThread_CurrentExceptions() calls to avoid the interpreter to deadlock. -- Remote upstreamed patch: +- Remove upstreamed patch: - CVE-2025-0938-sq-brackets-domain-names.patch ------------------------------------------------------------------- -- 2.51.1 From 1dad22a3529ac9d4945ee8b9be8bdb89649dd0975047917f4210eaa26a070160 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Sat, 19 Apr 2025 18:46:57 +0000 Subject: [PATCH 118/135] - Add gh-126572-test_ssl-no-stop-ThreadedEchoServer-OSError.patch which makes test_ssl not to stop ThreadedEchoServer on OSError, which makes test_ssl pass with OpenSSL 3.5 (bsc#1241067, gh#python/cpython!126572) OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=170 --- ...l-no-stop-ThreadedEchoServer-OSError.patch | 82 +++++++++++++++++++ python311-rpmlintrc | 1 + python311.changes | 6 +- python311.spec | 5 ++ 4 files changed, 93 insertions(+), 1 deletion(-) create mode 100644 gh-126572-test_ssl-no-stop-ThreadedEchoServer-OSError.patch diff --git a/gh-126572-test_ssl-no-stop-ThreadedEchoServer-OSError.patch b/gh-126572-test_ssl-no-stop-ThreadedEchoServer-OSError.patch new file mode 100644 index 0000000..5c26386 --- /dev/null +++ b/gh-126572-test_ssl-no-stop-ThreadedEchoServer-OSError.patch @@ -0,0 +1,82 @@ +From 3d390148c05a7ea2d401c4633e7d4db75ebf97d9 Mon Sep 17 00:00:00 2001 +From: Petr Viktorin +Date: Thu, 7 Nov 2024 11:07:02 +0100 +Subject: [PATCH] gh-126500: test_ssl: Don't stop ThreadedEchoServer on OSError + in ConnectionHandler; rely on __exit__ (GH-126503) + +If `read()` in the ConnectionHandler thread raises `OSError` (except `ConnectionError`), +the ConnectionHandler shuts down the entire ThreadedEchoServer, +preventing further connections. +It also does that for `EPROTOTYPE` in `wrap_conn`. + +As far as I can see, this is done to avoid the server thread getting stuck, +forgotten, in its accept loop. However, since 2011 (5b95eb90a7167285b6544b50865227c584943c9a) +the server is used as a context manager, and its `__exit__` does `stop()` and `join()`. +(I'm not sure if we *always* used `with` since that commit, but currently we do.) + +Make sure that the context manager *is* used, and remove the `server.stop()` +calls from ConnectionHandler. +(cherry picked from commit c9cda1608edf7664c10f4f467e24591062c2fe62) + +Co-authored-by: Petr Viktorin +--- + Lib/test/test_ssl.py | 17 ++++++++++++----- + 1 file changed, 12 insertions(+), 5 deletions(-) + +Index: Python-3.11.12/Lib/test/test_ssl.py +=================================================================== +--- Python-3.11.12.orig/Lib/test/test_ssl.py 2025-04-19 19:55:02.157545844 +0200 ++++ Python-3.11.12/Lib/test/test_ssl.py 2025-04-19 19:55:05.014552345 +0200 +@@ -2516,7 +2516,6 @@ + # See also http://erickt.github.io/blog/2014/11/19/adventures-in-debugging-a-potential-osx-kernel-bug/ + if e.errno != errno.EPROTOTYPE and sys.platform != "darwin": + self.running = False +- self.server.stop() + self.close() + return False + else: +@@ -2651,10 +2650,6 @@ + self.close() + self.running = False + +- # normally, we'd just stop here, but for the test +- # harness, we want to stop the server +- self.server.stop() +- + def __init__(self, certificate=None, ssl_version=None, + certreqs=None, cacerts=None, + chatty=True, connectionchatty=False, starttls_server=False, +@@ -2688,21 +2683,33 @@ + self.conn_errors = [] + threading.Thread.__init__(self) + self.daemon = True ++ self._in_context = False + + def __enter__(self): ++ if self._in_context: ++ raise ValueError('Re-entering ThreadedEchoServer context') ++ self._in_context = True + self.start(threading.Event()) + self.flag.wait() + return self + + def __exit__(self, *args): ++ assert self._in_context ++ self._in_context = False + self.stop() + self.join() + + def start(self, flag=None): ++ if not self._in_context: ++ raise ValueError( ++ 'ThreadedEchoServer must be used as a context manager') + self.flag = flag + threading.Thread.start(self) + + def run(self): ++ if not self._in_context: ++ raise ValueError( ++ 'ThreadedEchoServer must be used as a context manager') + self.sock.settimeout(1.0) + self.sock.listen(5) + self.active = True diff --git a/python311-rpmlintrc b/python311-rpmlintrc index 5b35f34..6c3d3b0 100644 --- a/python311-rpmlintrc +++ b/python311-rpmlintrc @@ -1,3 +1,4 @@ addFilter("pem-certificate.*/usr/lib.*/python.*/test/*.pem") addFilter("devel-file-in-non-devel-package.*/usr/lib.*/python.*/tests/*.c") addFilter("devel-file-in-non-devel-package.*/usr/lib.*/python.*/test/*.cpp") +addFilter("python-bytecode-inconsistent-mtime.*\.pyc") diff --git a/python311.changes b/python311.changes index 8cee3dc..04405ea 100644 --- a/python311.changes +++ b/python311.changes @@ -1,5 +1,5 @@ ------------------------------------------------------------------- -Fri Apr 11 08:54:19 UTC 2025 - Matej Cepl +Fri Apr 18 14:05:38 UTC 2025 - Matej Cepl - Update to 3.11.12: - gh-131809: Update bundled libexpat to 2.7.1 @@ -46,6 +46,10 @@ Fri Apr 11 08:54:19 UTC 2025 - Matej Cepl interpreter to deadlock. - Remove upstreamed patch: - CVE-2025-0938-sq-brackets-domain-names.patch +- Add gh-126572-test_ssl-no-stop-ThreadedEchoServer-OSError.patch + which makes test_ssl not to stop ThreadedEchoServer on OSError, + which makes test_ssl pass with OpenSSL 3.5 (bsc#1241067, + gh#python/cpython!126572) ------------------------------------------------------------------- Wed Mar 12 15:05:46 UTC 2025 - Bernhard Wiedemann diff --git a/python311.spec b/python311.spec index 592223c..9293320 100644 --- a/python311.spec +++ b/python311.spec @@ -188,8 +188,12 @@ Patch19: bso1227999-reproducible-builds.patch Patch22: gh120226-fix-sendfile-test-kernel-610.patch # PATCH-FIX-UPSTREAM Add platform triplets for 64-bit LoongArch gh#python/cpython#30939 glaubitz@suse.com Patch24: add-loongarch64-support.patch +# PATCH-FIX-UPSTREAM gh-126572-test_ssl-no-stop-ThreadedEchoServer-OSError.patch bsc#1241067 mcepl@suse.com +# don't stop ThreadedEchoServer on OSError, makes test_ssl fail with OpenSSL 3.5 +Patch25: gh-126572-test_ssl-no-stop-ThreadedEchoServer-OSError.patch BuildRequires: autoconf-archive BuildRequires: automake +BuildRequires: crypto-policies-scripts BuildRequires: fdupes BuildRequires: gmp-devel BuildRequires: lzma-devel @@ -451,6 +455,7 @@ other applications. %patch -p1 -P 19 %patch -p1 -P 22 %patch -p1 -P 24 +%patch -p1 -P 25 # drop Autoconf version requirement sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac -- 2.51.1 From 42e3868a51f274d2b68758aab1e02e693cfd2f654b083d9296a7fa135f04ddec Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Sat, 10 May 2025 11:43:09 +0000 Subject: [PATCH 119/135] - Remove python-3.3.0b1-test-posix_fadvise.patch (not needed since kernel 3.6-rc1) OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=173 --- .gitattributes | 23 + .gitignore | 1 + CVE-2023-52425-libexpat-2.6.0-backport.patch | 233 + ...-52425-remove-reparse_deferral-tests.patch | 60 + CVE-2024-9287-venv_path_unquoted.patch | 299 + CVE-2025-0938-sq-brackets-domain-names.patch | 127 + F00251-change-user-install-location.patch | 215 + PACKAGING-NOTES | 26 + Python-3.11.10.tar.xz | 3 + Python-3.11.10.tar.xz.asc | 16 + Python-3.11.11.tar.xz | 3 + Python-3.11.11.tar.xz.sigstore | 1 + Python-3.11.12.tar.xz | 3 + Python-3.11.12.tar.xz.sigstore | 1 + README.SUSE | 43 + _multibuild | 4 + add-loongarch64-support.patch | 25 + baselibs.conf | 3 + bluez-devel-vendor.tar.xz | 3 + bpo-31046_ensurepip_honours_prefix.patch | 173 + bsc1221260-test_asyncio-ResourceWarning.patch | 21 + bso1227999-reproducible-builds.patch | 37 + distutils-reproducible-compile.patch | 17 + externally_managed.in | 12 + fix_configure_rst.patch | 44 + ...l-no-stop-ThreadedEchoServer-OSError.patch | 82 + gh120226-fix-sendfile-test-kernel-610.patch | 35 + idle3.appdata.xml | 35 + idle3.desktop | 12 + import_failed.map | 7 + import_failed.py | 23 + macros.python3 | 28 + no-skipif-doctests.patch | 653 ++ pre_checkin.sh | 78 + python-3.3.0b1-fix_date_time_compiler.patch | 27 + python-3.3.0b1-localpath.patch | 13 + python-3.3.0b1-test-posix_fadvise.patch | 17 + python.keyring | 109 + python311-rpmlintrc | 4 + python311.changes | 5580 +++++++++++++++++ python311.spec | 1061 ++++ skip-test_pyobject_freed_is_freed.patch | 23 + skip_if_buildbot-extend.patch | 15 + skipped_tests.py | 69 + subprocess-raise-timeout.patch | 18 + 45 files changed, 9282 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 CVE-2023-52425-libexpat-2.6.0-backport.patch create mode 100644 CVE-2023-52425-remove-reparse_deferral-tests.patch create mode 100644 CVE-2024-9287-venv_path_unquoted.patch create mode 100644 CVE-2025-0938-sq-brackets-domain-names.patch create mode 100644 F00251-change-user-install-location.patch create mode 100644 PACKAGING-NOTES create mode 100644 Python-3.11.10.tar.xz create mode 100644 Python-3.11.10.tar.xz.asc create mode 100644 Python-3.11.11.tar.xz create mode 100644 Python-3.11.11.tar.xz.sigstore create mode 100644 Python-3.11.12.tar.xz create mode 100644 Python-3.11.12.tar.xz.sigstore create mode 100644 README.SUSE create mode 100644 _multibuild create mode 100644 add-loongarch64-support.patch create mode 100644 baselibs.conf create mode 100644 bluez-devel-vendor.tar.xz create mode 100644 bpo-31046_ensurepip_honours_prefix.patch create mode 100644 bsc1221260-test_asyncio-ResourceWarning.patch create mode 100644 bso1227999-reproducible-builds.patch create mode 100644 distutils-reproducible-compile.patch create mode 100644 externally_managed.in create mode 100644 fix_configure_rst.patch create mode 100644 gh-126572-test_ssl-no-stop-ThreadedEchoServer-OSError.patch create mode 100644 gh120226-fix-sendfile-test-kernel-610.patch create mode 100644 idle3.appdata.xml create mode 100644 idle3.desktop create mode 100644 import_failed.map create mode 100644 import_failed.py create mode 100644 macros.python3 create mode 100644 no-skipif-doctests.patch create mode 100644 pre_checkin.sh create mode 100644 python-3.3.0b1-fix_date_time_compiler.patch create mode 100644 python-3.3.0b1-localpath.patch create mode 100644 python-3.3.0b1-test-posix_fadvise.patch create mode 100644 python.keyring create mode 100644 python311-rpmlintrc create mode 100644 python311.changes create mode 100644 python311.spec create mode 100644 skip-test_pyobject_freed_is_freed.patch create mode 100644 skip_if_buildbot-extend.patch create mode 100644 skipped_tests.py create mode 100644 subprocess-raise-timeout.patch diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/CVE-2023-52425-libexpat-2.6.0-backport.patch b/CVE-2023-52425-libexpat-2.6.0-backport.patch new file mode 100644 index 0000000..1acc25a --- /dev/null +++ b/CVE-2023-52425-libexpat-2.6.0-backport.patch @@ -0,0 +1,233 @@ +--- + Lib/test/support/__init__.py | 16 ++++++++++++++-- + Lib/test/test_minidom.py | 23 +++++++++-------------- + Lib/test/test_pyexpat.py | 12 +++++------- + Lib/test/test_sax.py | 18 +++++++++--------- + Lib/test/test_xml_etree.py | 12 ------------ + 5 files changed, 37 insertions(+), 44 deletions(-) + +Index: Python-3.11.12/Lib/test/support/__init__.py +=================================================================== +--- Python-3.11.12.orig/Lib/test/support/__init__.py 2025-04-11 10:52:43.191010503 +0200 ++++ Python-3.11.12/Lib/test/support/__init__.py 2025-04-11 10:52:44.802161741 +0200 +@@ -8,6 +8,7 @@ + import functools + import os + import re ++import pyexpat + import stat + import sys + import sysconfig +@@ -56,7 +57,7 @@ + "run_with_tz", "PGO", "missing_compiler_executable", + "ALWAYS_EQ", "NEVER_EQ", "LARGEST", "SMALLEST", + "LOOPBACK_TIMEOUT", "INTERNET_TIMEOUT", "SHORT_TIMEOUT", "LONG_TIMEOUT", +- "skip_on_s390x", ++ "skip_on_s390x", "fails_with_expat_2_6_0", "is_expat_2_6_0" + ] + + +@@ -2244,6 +2245,17 @@ + } + return ignored + +-#Windows doesn't have os.uname() but it doesn't support s390x. ++ ++# Windows doesn't have os.uname() but it doesn't support s390x. + skip_on_s390x = unittest.skipIf(hasattr(os, 'uname') and os.uname().machine == 's390x', + 'skipped on s390x') ++ ++ ++@functools.lru_cache ++def _is_expat_2_6_0(): ++ return hasattr(pyexpat.ParserCreate(), 'SetReparseDeferralEnabled') ++is_expat_2_6_0 = _is_expat_2_6_0() ++ ++fails_with_expat_2_6_0 = (unittest.expectedFailure ++ if is_expat_2_6_0 ++ else lambda test: test) +Index: Python-3.11.12/Lib/test/test_minidom.py +=================================================================== +--- Python-3.11.12.orig/Lib/test/test_minidom.py 2025-04-11 10:52:21.907086938 +0200 ++++ Python-3.11.12/Lib/test/test_minidom.py 2025-04-11 10:52:44.802522893 +0200 +@@ -6,7 +6,6 @@ + from test import support + import unittest + +-import pyexpat + import xml.dom.minidom + + from xml.dom.minidom import parse, Attr, Node, Document, parseString +@@ -1163,13 +1162,11 @@ + + # Verify that character decoding errors raise exceptions instead + # of crashing +- if pyexpat.version_info >= (2, 4, 5): +- self.assertRaises(ExpatError, parseString, +- b'') +- self.assertRaises(ExpatError, parseString, +- b'Comment \xe7a va ? Tr\xe8s bien ?') +- else: +- self.assertRaises(UnicodeDecodeError, parseString, ++ # It doesn’t make any sense to insist on the exact text of the ++ # error message, or even the exact Exception … it is enough that ++ # the error has been discovered. ++ with self.assertRaises((UnicodeDecodeError, ExpatError)): ++ parseString( + b'Comment \xe7a va ? Tr\xe8s bien ?') + + doc.unlink() +@@ -1631,12 +1628,10 @@ + self.confirm(doc2.namespaceURI == xml.dom.EMPTY_NAMESPACE) + + def testExceptionOnSpacesInXMLNSValue(self): +- if pyexpat.version_info >= (2, 4, 5): +- context = self.assertRaisesRegex(ExpatError, 'syntax error') +- else: +- context = self.assertRaisesRegex(ValueError, 'Unsupported syntax') +- +- with context: ++ # It doesn’t make any sense to insist on the exact text of the ++ # error message, or even the exact Exception … it is enough that ++ # the error has been discovered. ++ with self.assertRaises((ExpatError, ValueError)): + parseString('') + + def testDocRemoveChild(self): +Index: Python-3.11.12/Lib/test/test_pyexpat.py +=================================================================== +--- Python-3.11.12.orig/Lib/test/test_pyexpat.py 2025-04-11 10:52:22.076696906 +0200 ++++ Python-3.11.12/Lib/test/test_pyexpat.py 2025-04-11 10:52:44.803228085 +0200 +@@ -14,8 +14,7 @@ + from xml.parsers import expat + from xml.parsers.expat import errors + +-from test.support import sortdict, is_emscripten, is_wasi +- ++from test.support import sortdict, is_emscripten, is_wasi, is_expat_2_6_0 + + class SetAttributeTest(unittest.TestCase): + def setUp(self): +@@ -770,9 +769,8 @@ + self.assertIs(parser.GetReparseDeferralEnabled(), enabled) + + def test_reparse_deferral_enabled(self): +- if expat.version_info < (2, 6, 0): +- self.skipTest(f'Expat {expat.version_info} does not ' +- 'support reparse deferral') ++ if not is_expat_2_6_0: ++ self.skipTest("Linked libexpat doesn't support reparse deferral") + + started = [] + +@@ -801,9 +799,9 @@ + + parser = expat.ParserCreate() + parser.StartElementHandler = start_element +- if expat.version_info >= (2, 6, 0): ++ if is_expat_2_6_0: + parser.SetReparseDeferralEnabled(False) +- self.assertFalse(parser.GetReparseDeferralEnabled()) ++ self.assertFalse(parser.GetReparseDeferralEnabled()) + + for chunk in (b''): + parser.Parse(chunk, False) +Index: Python-3.11.12/Lib/test/test_sax.py +=================================================================== +--- Python-3.11.12.orig/Lib/test/test_sax.py 2025-04-11 10:52:22.111440337 +0200 ++++ Python-3.11.12/Lib/test/test_sax.py 2025-04-11 10:52:44.803567098 +0200 +@@ -19,13 +19,11 @@ + from io import BytesIO, StringIO + import codecs + import os.path +-import pyexpat + import shutil + import sys + from urllib.error import URLError + import urllib.request +-from test.support import os_helper +-from test.support import findfile ++from test.support import os_helper, findfile, is_expat_2_6_0 + from test.support.os_helper import FakePath, TESTFN + + +@@ -1215,10 +1213,10 @@ + + self.assertEqual(result.getvalue(), start + b"text") + +- @unittest.skipIf(pyexpat.version_info < (2, 6, 0), +- f'Expat {pyexpat.version_info} does not ' +- 'support reparse deferral') + def test_flush_reparse_deferral_enabled(self): ++ if not is_expat_2_6_0: ++ self.skipTest("Linked libexpat doesn't support reparse deferral") ++ + result = BytesIO() + xmlgen = XMLGenerator(result) + parser = create_parser() +@@ -1241,6 +1239,9 @@ + self.assertEqual(result.getvalue(), start + b"") + + def test_flush_reparse_deferral_disabled(self): ++ if not is_expat_2_6_0: ++ self.skipTest("Linked libexpat doesn't support reparse deferral") ++ + result = BytesIO() + xmlgen = XMLGenerator(result) + parser = create_parser() +@@ -1249,9 +1250,8 @@ + for chunk in (""): + parser.feed(chunk) + +- if pyexpat.version_info >= (2, 6, 0): +- parser._parser.SetReparseDeferralEnabled(False) +- self.assertEqual(result.getvalue(), start) # i.e. no elements started ++ parser._parser.SetReparseDeferralEnabled(False) ++ self.assertEqual(result.getvalue(), start) # i.e. no elements started + + self.assertFalse(parser._parser.GetReparseDeferralEnabled()) + +Index: Python-3.11.12/Lib/test/test_xml_etree.py +=================================================================== +--- Python-3.11.12.orig/Lib/test/test_xml_etree.py 2025-04-11 10:52:22.425637912 +0200 ++++ Python-3.11.12/Lib/test/test_xml_etree.py 2025-04-11 10:52:44.804234785 +0200 +@@ -13,7 +13,6 @@ + import operator + import os + import pickle +-import pyexpat + import sys + import textwrap + import types +@@ -1424,12 +1423,6 @@ + self.assert_event_tags(parser, [('end', 'root')]) + self.assertIsNone(parser.close()) + +- def test_simple_xml_chunk_1(self): +- self.test_simple_xml(chunk_size=1, flush=True) +- +- def test_simple_xml_chunk_5(self): +- self.test_simple_xml(chunk_size=5, flush=True) +- + def test_simple_xml_chunk_22(self): + self.test_simple_xml(chunk_size=22) + +@@ -1627,9 +1620,6 @@ + with self.assertRaises(ValueError): + ET.XMLPullParser(events=('start', 'end', 'bogus')) + +- @unittest.skipIf(pyexpat.version_info < (2, 6, 0), +- f'Expat {pyexpat.version_info} does not ' +- 'support reparse deferral') + def test_flush_reparse_deferral_enabled(self): + parser = ET.XMLPullParser(events=('start', 'end')) + +@@ -1656,8 +1646,6 @@ + + for chunk in (""): + parser.feed(chunk) +- +- if pyexpat.version_info >= (2, 6, 0): + if not ET is pyET: + self.skipTest(f'XMLParser.(Get|Set)ReparseDeferralEnabled ' + 'methods not available in C') diff --git a/CVE-2023-52425-remove-reparse_deferral-tests.patch b/CVE-2023-52425-remove-reparse_deferral-tests.patch new file mode 100644 index 0000000..553bdf8 --- /dev/null +++ b/CVE-2023-52425-remove-reparse_deferral-tests.patch @@ -0,0 +1,60 @@ +--- + Lib/test/test_pyexpat.py | 2 ++ + Lib/test/test_sax.py | 2 ++ + Lib/test/test_xml_etree.py | 2 ++ + 3 files changed, 6 insertions(+) + +--- a/Lib/test/test_pyexpat.py ++++ b/Lib/test/test_pyexpat.py +@@ -768,6 +768,7 @@ class ReparseDeferralTest(unittest.TestC + parser.SetReparseDeferralEnabled(True) + self.assertIs(parser.GetReparseDeferralEnabled(), enabled) + ++ @unittest.skip('Tests are failing.') + def test_reparse_deferral_enabled(self): + if not is_expat_2_6_0: + self.skipTest("Linked libexpat doesn't support reparse deferral") +@@ -791,6 +792,7 @@ class ReparseDeferralTest(unittest.TestC + + self.assertEqual(started, ['doc']) + ++ @unittest.skip('Tests are failing.') + def test_reparse_deferral_disabled(self): + started = [] + +--- a/Lib/test/test_sax.py ++++ b/Lib/test/test_sax.py +@@ -1213,6 +1213,7 @@ class ExpatReaderTest(XmlTestBase): + + self.assertEqual(result.getvalue(), start + b"text") + ++ @unittest.skip('Tests are failing.') + def test_flush_reparse_deferral_enabled(self): + if not is_expat_2_6_0: + self.skipTest("Linked libexpat doesn't support reparse deferral") +@@ -1238,6 +1239,7 @@ class ExpatReaderTest(XmlTestBase): + + self.assertEqual(result.getvalue(), start + b"") + ++ @unittest.skip('Tests are failing.') + def test_flush_reparse_deferral_disabled(self): + if not is_expat_2_6_0: + self.skipTest("Linked libexpat doesn't support reparse deferral") +--- a/Lib/test/test_xml_etree.py ++++ b/Lib/test/test_xml_etree.py +@@ -1620,6 +1620,7 @@ class XMLPullParserTest(unittest.TestCas + with self.assertRaises(ValueError): + ET.XMLPullParser(events=('start', 'end', 'bogus')) + ++ @unittest.skip('Tests are failing.') + def test_flush_reparse_deferral_enabled(self): + parser = ET.XMLPullParser(events=('start', 'end')) + +@@ -1641,6 +1642,7 @@ class XMLPullParserTest(unittest.TestCas + + self.assert_event_tags(parser, [('end', 'doc')]) + ++ @unittest.skip('Tests are failing.') + def test_flush_reparse_deferral_disabled(self): + parser = ET.XMLPullParser(events=('start', 'end')) + diff --git a/CVE-2024-9287-venv_path_unquoted.patch b/CVE-2024-9287-venv_path_unquoted.patch new file mode 100644 index 0000000..541a907 --- /dev/null +++ b/CVE-2024-9287-venv_path_unquoted.patch @@ -0,0 +1,299 @@ +From 1408cc9bf9e8b19968761548c30b78d37074c21c Mon Sep 17 00:00:00 2001 +From: Y5 <124019959+y5c4l3@users.noreply.github.com> +Date: Tue, 22 Oct 2024 04:48:04 +0800 +Subject: [PATCH] gh-124651: Quote template strings in `venv` activation + scripts (GH-124712) + +This patch properly quotes template strings in `venv` activation +scripts. This mitigates potential command injection. + +(cherry picked from commit d48cc82ed25e26b02eb97c6263d95dcaa1e9111b) +--- + Lib/test/test_venv.py | 81 ++++++++++ + Lib/venv/__init__.py | 42 ++++- + Lib/venv/scripts/common/activate | 8 + Lib/venv/scripts/nt/activate.bat | 6 + Lib/venv/scripts/posix/activate.csh | 8 + Lib/venv/scripts/posix/activate.fish | 8 + Misc/NEWS.d/next/Library/2024-09-28-02-03-04.gh-issue-124651.bLBGtH.rst | 1 + 7 files changed, 134 insertions(+), 20 deletions(-) + create mode 100644 Misc/NEWS.d/next/Library/2024-09-28-02-03-04.gh-issue-124651.bLBGtH.rst + +--- a/Lib/test/test_venv.py ++++ b/Lib/test/test_venv.py +@@ -11,6 +11,7 @@ import os + import os.path + import pathlib + import re ++import shlex + import shutil + import struct + import subprocess +@@ -96,6 +97,10 @@ class BaseTest(unittest.TestCase): + result = f.read() + return result + ++ def assertEndsWith(self, string, tail): ++ if not string.endswith(tail): ++ self.fail(f"String {string!r} does not end with {tail!r}") ++ + class BasicTest(BaseTest): + """Test venv module functionality.""" + +@@ -446,6 +451,82 @@ class BasicTest(BaseTest): + 'import sys; print(sys.executable)']) + self.assertEqual(out.strip(), envpy.encode()) + ++ # gh-124651: test quoted strings ++ @unittest.skipIf(os.name == 'nt', 'contains invalid characters on Windows') ++ def test_special_chars_bash(self): ++ """ ++ Test that the template strings are quoted properly (bash) ++ """ ++ rmtree(self.env_dir) ++ bash = shutil.which('bash') ++ if bash is None: ++ self.skipTest('bash required for this test') ++ env_name = '"\';&&$e|\'"' ++ env_dir = os.path.join(os.path.realpath(self.env_dir), env_name) ++ builder = venv.EnvBuilder(clear=True) ++ builder.create(env_dir) ++ activate = os.path.join(env_dir, self.bindir, 'activate') ++ test_script = os.path.join(self.env_dir, 'test_special_chars.sh') ++ with open(test_script, "w") as f: ++ f.write(f'source {shlex.quote(activate)}\n' ++ 'python -c \'import sys; print(sys.executable)\'\n' ++ 'python -c \'import os; print(os.environ["VIRTUAL_ENV"])\'\n' ++ 'deactivate\n') ++ out, err = check_output([bash, test_script]) ++ lines = out.splitlines() ++ self.assertTrue(env_name.encode() in lines[0]) ++ self.assertEndsWith(lines[1], env_name.encode()) ++ ++ # gh-124651: test quoted strings ++ @unittest.skipIf(os.name == 'nt', 'contains invalid characters on Windows') ++ def test_special_chars_csh(self): ++ """ ++ Test that the template strings are quoted properly (csh) ++ """ ++ rmtree(self.env_dir) ++ csh = shutil.which('tcsh') or shutil.which('csh') ++ if csh is None: ++ self.skipTest('csh required for this test') ++ env_name = '"\';&&$e|\'"' ++ env_dir = os.path.join(os.path.realpath(self.env_dir), env_name) ++ builder = venv.EnvBuilder(clear=True) ++ builder.create(env_dir) ++ activate = os.path.join(env_dir, self.bindir, 'activate.csh') ++ test_script = os.path.join(self.env_dir, 'test_special_chars.csh') ++ with open(test_script, "w") as f: ++ f.write(f'source {shlex.quote(activate)}\n' ++ 'python -c \'import sys; print(sys.executable)\'\n' ++ 'python -c \'import os; print(os.environ["VIRTUAL_ENV"])\'\n' ++ 'deactivate\n') ++ out, err = check_output([csh, test_script]) ++ lines = out.splitlines() ++ self.assertTrue(env_name.encode() in lines[0]) ++ self.assertEndsWith(lines[1], env_name.encode()) ++ ++ # gh-124651: test quoted strings on Windows ++ @unittest.skipUnless(os.name == 'nt', 'only relevant on Windows') ++ def test_special_chars_windows(self): ++ """ ++ Test that the template strings are quoted properly on Windows ++ """ ++ rmtree(self.env_dir) ++ env_name = "'&&^$e" ++ env_dir = os.path.join(os.path.realpath(self.env_dir), env_name) ++ builder = venv.EnvBuilder(clear=True) ++ builder.create(env_dir) ++ activate = os.path.join(env_dir, self.bindir, 'activate.bat') ++ test_batch = os.path.join(self.env_dir, 'test_special_chars.bat') ++ with open(test_batch, "w") as f: ++ f.write('@echo off\n' ++ f'"{activate}" & ' ++ f'{self.exe} -c "import sys; print(sys.executable)" & ' ++ f'{self.exe} -c "import os; print(os.environ[\'VIRTUAL_ENV\'])" & ' ++ 'deactivate') ++ out, err = check_output([test_batch]) ++ lines = out.splitlines() ++ self.assertTrue(env_name.encode() in lines[0]) ++ self.assertEndsWith(lines[1], env_name.encode()) ++ + @unittest.skipUnless(os.name == 'nt', 'only relevant on Windows') + def test_unicode_in_batch_file(self): + """ +--- a/Lib/venv/__init__.py ++++ b/Lib/venv/__init__.py +@@ -11,6 +11,7 @@ import subprocess + import sys + import sysconfig + import types ++import shlex + + + CORE_VENV_DEPS = ('pip', 'setuptools') +@@ -394,11 +395,41 @@ class EnvBuilder: + :param context: The information for the environment creation request + being processed. + """ +- text = text.replace('__VENV_DIR__', context.env_dir) +- text = text.replace('__VENV_NAME__', context.env_name) +- text = text.replace('__VENV_PROMPT__', context.prompt) +- text = text.replace('__VENV_BIN_NAME__', context.bin_name) +- text = text.replace('__VENV_PYTHON__', context.env_exe) ++ replacements = { ++ '__VENV_DIR__': context.env_dir, ++ '__VENV_NAME__': context.env_name, ++ '__VENV_PROMPT__': context.prompt, ++ '__VENV_BIN_NAME__': context.bin_name, ++ '__VENV_PYTHON__': context.env_exe, ++ } ++ ++ def quote_ps1(s): ++ """ ++ This should satisfy PowerShell quoting rules [1], unless the quoted ++ string is passed directly to Windows native commands [2]. ++ [1]: https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_quoting_rules ++ [2]: https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_parsing#passing-arguments-that-contain-quote-characters ++ """ ++ s = s.replace("'", "''") ++ return f"'{s}'" ++ ++ def quote_bat(s): ++ return s ++ ++ # gh-124651: need to quote the template strings properly ++ quote = shlex.quote ++ script_path = context.script_path ++ if script_path.endswith('.ps1'): ++ quote = quote_ps1 ++ elif script_path.endswith('.bat'): ++ quote = quote_bat ++ else: ++ # fallbacks to POSIX shell compliant quote ++ quote = shlex.quote ++ ++ replacements = {key: quote(s) for key, s in replacements.items()} ++ for key, quoted in replacements.items(): ++ text = text.replace(key, quoted) + return text + + def install_scripts(self, context, path): +@@ -438,6 +469,7 @@ class EnvBuilder: + with open(srcfile, 'rb') as f: + data = f.read() + if not srcfile.endswith(('.exe', '.pdb')): ++ context.script_path = srcfile + try: + data = data.decode('utf-8') + data = self.replace_variables(data, context) +--- a/Lib/venv/scripts/common/activate ++++ b/Lib/venv/scripts/common/activate +@@ -35,11 +35,11 @@ deactivate () { + # unset irrelevant variables + deactivate nondestructive + +-VIRTUAL_ENV="__VENV_DIR__" ++VIRTUAL_ENV=__VENV_DIR__ + export VIRTUAL_ENV + + _OLD_VIRTUAL_PATH="$PATH" +-PATH="$VIRTUAL_ENV/__VENV_BIN_NAME__:$PATH" ++PATH="$VIRTUAL_ENV/"__VENV_BIN_NAME__":$PATH" + export PATH + + # unset PYTHONHOME if set +@@ -52,9 +52,9 @@ fi + + if [ -z "${VIRTUAL_ENV_DISABLE_PROMPT:-}" ] ; then + _OLD_VIRTUAL_PS1="${PS1:-}" +- PS1="__VENV_PROMPT__${PS1:-}" ++ PS1=__VENV_PROMPT__"${PS1:-}" + export PS1 +- VIRTUAL_ENV_PROMPT="__VENV_PROMPT__" ++ VIRTUAL_ENV_PROMPT=__VENV_PROMPT__ + export VIRTUAL_ENV_PROMPT + fi + +--- a/Lib/venv/scripts/nt/activate.bat ++++ b/Lib/venv/scripts/nt/activate.bat +@@ -8,7 +8,7 @@ if defined _OLD_CODEPAGE ( + "%SystemRoot%\System32\chcp.com" 65001 > nul + ) + +-set VIRTUAL_ENV=__VENV_DIR__ ++set "VIRTUAL_ENV=__VENV_DIR__" + + if not defined PROMPT set PROMPT=$P$G + +@@ -24,8 +24,8 @@ set PYTHONHOME= + if defined _OLD_VIRTUAL_PATH set PATH=%_OLD_VIRTUAL_PATH% + if not defined _OLD_VIRTUAL_PATH set _OLD_VIRTUAL_PATH=%PATH% + +-set PATH=%VIRTUAL_ENV%\__VENV_BIN_NAME__;%PATH% +-set VIRTUAL_ENV_PROMPT=__VENV_PROMPT__ ++set "PATH=%VIRTUAL_ENV%\__VENV_BIN_NAME__;%PATH%" ++set "VIRTUAL_ENV_PROMPT=__VENV_PROMPT__" + + :END + if defined _OLD_CODEPAGE ( +--- a/Lib/venv/scripts/posix/activate.csh ++++ b/Lib/venv/scripts/posix/activate.csh +@@ -8,17 +8,17 @@ alias deactivate 'test $?_OLD_VIRTUAL_PA + # Unset irrelevant variables. + deactivate nondestructive + +-setenv VIRTUAL_ENV "__VENV_DIR__" ++setenv VIRTUAL_ENV __VENV_DIR__ + + set _OLD_VIRTUAL_PATH="$PATH" +-setenv PATH "$VIRTUAL_ENV/__VENV_BIN_NAME__:$PATH" ++setenv PATH "$VIRTUAL_ENV/"__VENV_BIN_NAME__":$PATH" + + + set _OLD_VIRTUAL_PROMPT="$prompt" + + if (! "$?VIRTUAL_ENV_DISABLE_PROMPT") then +- set prompt = "__VENV_PROMPT__$prompt" +- setenv VIRTUAL_ENV_PROMPT "__VENV_PROMPT__" ++ set prompt = __VENV_PROMPT__"$prompt" ++ setenv VIRTUAL_ENV_PROMPT __VENV_PROMPT__ + endif + + alias pydoc python -m pydoc +--- a/Lib/venv/scripts/posix/activate.fish ++++ b/Lib/venv/scripts/posix/activate.fish +@@ -33,10 +33,10 @@ end + # Unset irrelevant variables. + deactivate nondestructive + +-set -gx VIRTUAL_ENV "__VENV_DIR__" ++set -gx VIRTUAL_ENV __VENV_DIR__ + + set -gx _OLD_VIRTUAL_PATH $PATH +-set -gx PATH "$VIRTUAL_ENV/__VENV_BIN_NAME__" $PATH ++set -gx PATH "$VIRTUAL_ENV/"__VENV_BIN_NAME__ $PATH + + # Unset PYTHONHOME if set. + if set -q PYTHONHOME +@@ -56,7 +56,7 @@ if test -z "$VIRTUAL_ENV_DISABLE_PROMPT" + set -l old_status $status + + # Output the venv prompt; color taken from the blue of the Python logo. +- printf "%s%s%s" (set_color 4B8BBE) "__VENV_PROMPT__" (set_color normal) ++ printf "%s%s%s" (set_color 4B8BBE) __VENV_PROMPT__ (set_color normal) + + # Restore the return status of the previous command. + echo "exit $old_status" | . +@@ -65,5 +65,5 @@ if test -z "$VIRTUAL_ENV_DISABLE_PROMPT" + end + + set -gx _OLD_FISH_PROMPT_OVERRIDE "$VIRTUAL_ENV" +- set -gx VIRTUAL_ENV_PROMPT "__VENV_PROMPT__" ++ set -gx VIRTUAL_ENV_PROMPT __VENV_PROMPT__ + end +--- /dev/null ++++ b/Misc/NEWS.d/next/Library/2024-09-28-02-03-04.gh-issue-124651.bLBGtH.rst +@@ -0,0 +1 @@ ++Properly quote template strings in :mod:`venv` activation scripts. diff --git a/CVE-2025-0938-sq-brackets-domain-names.patch b/CVE-2025-0938-sq-brackets-domain-names.patch new file mode 100644 index 0000000..7db4656 --- /dev/null +++ b/CVE-2025-0938-sq-brackets-domain-names.patch @@ -0,0 +1,127 @@ +From d91e2c740890837edafaee24d68112b776cda9c5 Mon Sep 17 00:00:00 2001 +From: Seth Michael Larson +Date: Fri, 31 Jan 2025 11:41:34 -0600 +Subject: [PATCH] gh-105704: Disallow square brackets (`[` and `]`) in domain + names for parsed URLs (GH-129418) + +* gh-105704: Disallow square brackets ( and ) in domain names for parsed URLs + +* Use Sphinx references + +Co-authored-by: Peter Bierma + +* Add mismatched bracket test cases, fix news format + +* Add more test coverage for ports + +--------- + +(cherry picked from commit d89a5f6a6e65511a5f6e0618c4c30a7aa5aba56a) + +Co-authored-by: Seth Michael Larson +Co-authored-by: Peter Bierma +--- + Lib/test/test_urlparse.py | 37 +++++++++- + Lib/urllib/parse.py | 20 ++++- + Misc/NEWS.d/next/Security/2025-01-28-14-08-03.gh-issue-105704.EnhHxu.rst | 4 + + 3 files changed, 58 insertions(+), 3 deletions(-) + create mode 100644 Misc/NEWS.d/next/Security/2025-01-28-14-08-03.gh-issue-105704.EnhHxu.rst + +--- a/Lib/test/test_urlparse.py ++++ b/Lib/test/test_urlparse.py +@@ -1224,16 +1224,51 @@ class UrlParseTestCase(unittest.TestCase + self.assertRaises(ValueError, urllib.parse.urlsplit, 'Scheme://user@[0439:23af::2309::fae7:1234]/Path?Query') + self.assertRaises(ValueError, urllib.parse.urlsplit, 'Scheme://user@[0439:23af:2309::fae7:1234:2342:438e:192.0.2.146]/Path?Query') + self.assertRaises(ValueError, urllib.parse.urlsplit, 'Scheme://user@]v6a.ip[/Path') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[v6a.ip]') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[v6a.ip].suffix') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[v6a.ip]/') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[v6a.ip].suffix/') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[v6a.ip]?') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[v6a.ip].suffix?') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]/') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix/') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]?') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix?') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]:a') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix:a') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]:a1') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix:a1') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]:1a') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix:1a') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]:') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix:/') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]:?') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://user@prefix.[v6a.ip]') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://user@[v6a.ip].suffix') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[v6a.ip') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://v6a.ip]') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://]v6a.ip[') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://]v6a.ip') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://v6a.ip[') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[v6a.ip') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://v6a.ip].suffix') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix]v6a.ip[suffix') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix]v6a.ip') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://v6a.ip[suffix') + + def test_splitting_bracketed_hosts(self): +- p1 = urllib.parse.urlsplit('scheme://user@[v6a.ip]/path?query') ++ p1 = urllib.parse.urlsplit('scheme://user@[v6a.ip]:1234/path?query') + self.assertEqual(p1.hostname, 'v6a.ip') + self.assertEqual(p1.username, 'user') + self.assertEqual(p1.path, '/path') ++ self.assertEqual(p1.port, 1234) + p2 = urllib.parse.urlsplit('scheme://user@[0439:23af:2309::fae7%test]/path?query') + self.assertEqual(p2.hostname, '0439:23af:2309::fae7%test') + self.assertEqual(p2.username, 'user') + self.assertEqual(p2.path, '/path') ++ self.assertIs(p2.port, None) + p3 = urllib.parse.urlsplit('scheme://user@[0439:23af:2309::fae7:1234:192.0.2.146%test]/path?query') + self.assertEqual(p3.hostname, '0439:23af:2309::fae7:1234:192.0.2.146%test') + self.assertEqual(p3.username, 'user') +--- a/Lib/urllib/parse.py ++++ b/Lib/urllib/parse.py +@@ -436,6 +436,23 @@ def _checknetloc(netloc): + raise ValueError("netloc '" + netloc + "' contains invalid " + + "characters under NFKC normalization") + ++def _check_bracketed_netloc(netloc): ++ # Note that this function must mirror the splitting ++ # done in NetlocResultMixins._hostinfo(). ++ hostname_and_port = netloc.rpartition('@')[2] ++ before_bracket, have_open_br, bracketed = hostname_and_port.partition('[') ++ if have_open_br: ++ # No data is allowed before a bracket. ++ if before_bracket: ++ raise ValueError("Invalid IPv6 URL") ++ hostname, _, port = bracketed.partition(']') ++ # No data is allowed after the bracket but before the port delimiter. ++ if port and not port.startswith(":"): ++ raise ValueError("Invalid IPv6 URL") ++ else: ++ hostname, _, port = hostname_and_port.partition(':') ++ _check_bracketed_host(hostname) ++ + # Valid bracketed hosts are defined in + # https://www.rfc-editor.org/rfc/rfc3986#page-49 and https://url.spec.whatwg.org/ + def _check_bracketed_host(hostname): +@@ -496,8 +513,7 @@ def urlsplit(url, scheme='', allow_fragm + (']' in netloc and '[' not in netloc)): + raise ValueError("Invalid IPv6 URL") + if '[' in netloc and ']' in netloc: +- bracketed_host = netloc.partition('[')[2].partition(']')[0] +- _check_bracketed_host(bracketed_host) ++ _check_bracketed_netloc(netloc) + if allow_fragments and '#' in url: + url, fragment = url.split('#', 1) + if '?' in url: +--- /dev/null ++++ b/Misc/NEWS.d/next/Security/2025-01-28-14-08-03.gh-issue-105704.EnhHxu.rst +@@ -0,0 +1,4 @@ ++When using :func:`urllib.parse.urlsplit` and :func:`urllib.parse.urlparse` host ++parsing would not reject domain names containing square brackets (``[`` and ++``]``). Square brackets are only valid for IPv6 and IPvFuture hosts according to ++`RFC 3986 Section 3.2.2 `__. diff --git a/F00251-change-user-install-location.patch b/F00251-change-user-install-location.patch new file mode 100644 index 0000000..fa38a94 --- /dev/null +++ b/F00251-change-user-install-location.patch @@ -0,0 +1,215 @@ +From 910f38d9768d39d4d31426743ae4081ed1ab66b6 Mon Sep 17 00:00:00 2001 +From: Michal Cyprian +Date: Mon, 26 Jun 2017 16:32:56 +0200 +Subject: [PATCH] 00251: Change user install location + +Set values of prefix and exec_prefix in distutils install command +to /usr/local if executable is /usr/bin/python* and RPM build +is not detected to make pip and distutils install into separate location. + +Fedora Change: https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe +--- + Lib/distutils/command/install.py | 15 +++++++++++++-- + Lib/site.py | 9 ++++++++- + 2 files changed, 21 insertions(+), 3 deletions(-) + +Index: Python-3.11.8/Lib/distutils/command/install.py +=================================================================== +--- Python-3.11.8.orig/Lib/distutils/command/install.py ++++ Python-3.11.8/Lib/distutils/command/install.py +@@ -441,8 +441,19 @@ class install(Command): + raise DistutilsOptionError( + "must not supply exec-prefix without prefix") + +- self.prefix = os.path.normpath(sys.prefix) +- self.exec_prefix = os.path.normpath(sys.exec_prefix) ++ # self.prefix is set to sys.prefix + /local/ ++ # if neither RPM build nor virtual environment is ++ # detected to make pip and distutils install packages ++ # into the separate location. ++ if (not (hasattr(sys, 'real_prefix') or ++ sys.prefix != sys.base_prefix) and ++ 'RPM_BUILD_ROOT' not in os.environ): ++ addition = "/local" ++ else: ++ addition = "" ++ ++ self.prefix = os.path.normpath(sys.prefix) + addition ++ self.exec_prefix = os.path.normpath(sys.exec_prefix) + addition + + else: + if self.exec_prefix is None: +Index: Python-3.11.8/Lib/site.py +=================================================================== +--- Python-3.11.8.orig/Lib/site.py ++++ Python-3.11.8/Lib/site.py +@@ -387,8 +387,15 @@ def getsitepackages(prefixes=None): + return sitepackages + + def addsitepackages(known_paths, prefixes=None): +- """Add site-packages to sys.path""" ++ """Add site-packages to sys.path ++ ++ '/usr/local' is included in PREFIXES if RPM build is not detected ++ to make packages installed into this location visible. ++ ++ """ + _trace("Processing global site-packages") ++ if ENABLE_USER_SITE and 'RPM_BUILD_ROOT' not in os.environ: ++ PREFIXES.insert(0, "/usr/local") + for sitedir in getsitepackages(prefixes): + if os.path.isdir(sitedir): + addsitedir(sitedir, known_paths) + +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= +Date: Mon, 15 Feb 2021 12:19:27 +0100 +Subject: [PATCH] 00251: Change user install location +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Set values of base and platbase in sysconfig from /usr +to /usr/local when RPM build is not detected +to make pip and similar tools install into separate location. + +Fedora Change: https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe +Downstream only. + +We've tried to rework in Fedora 36/Python 3.10 to follow https://bugs.python.org/issue43976 +but we have identified serious problems with that approach, +see https://bugzilla.redhat.com/2026979 or https://bugzilla.redhat.com/2097183 + +pypa/distutils integration: https://github.com/pypa/distutils/pull/70 + +Co-authored-by: Petr Viktorin +Co-authored-by: Miro Hrončok +Co-authored-by: Michal Cyprian +Co-authored-by: Lumír Balhar +--- + Lib/site.py | 9 ++++++- + Lib/sysconfig.py | 49 +++++++++++++++++++++++++++++++++++++- + Lib/test/test_sysconfig.py | 17 +++++++++++-- + 3 files changed, 71 insertions(+), 4 deletions(-) + +Index: Python-3.11.9/Lib/sysconfig.py +=================================================================== +--- Python-3.11.9.orig/Lib/sysconfig.py ++++ Python-3.11.9/Lib/sysconfig.py +@@ -103,6 +103,11 @@ if os.name == 'nt': + else: + _INSTALL_SCHEMES['venv'] = _INSTALL_SCHEMES['posix_venv'] + ++# For a brief period of time in the Fedora 36 life cycle, ++# this installation scheme existed and was documented in the release notes. ++# For backwards compatibility, we keep it here (at least on 3.10 and 3.11). ++_INSTALL_SCHEMES['rpm_prefix'] = _INSTALL_SCHEMES['posix_prefix'] ++ + + # NOTE: site.py has copy of this function. + # Sync it when modify this function. +@@ -162,6 +167,19 @@ if _HAS_USER_BASE: + }, + } + ++# This is used by distutils.command.install in the stdlib ++# as well as pypa/distutils (e.g. bundled in setuptools). ++# The self.prefix value is set to sys.prefix + /local/ ++# if neither RPM build nor virtual environment is ++# detected to make distutils install packages ++# into the separate location. ++# https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe ++if (not (hasattr(sys, 'real_prefix') or ++ sys.prefix != sys.base_prefix) and ++ 'RPM_BUILD_ROOT' not in os.environ): ++ _prefix_addition = '/local' ++ ++ + _SCHEME_KEYS = ('stdlib', 'platstdlib', 'purelib', 'platlib', 'include', + 'scripts', 'data') + +@@ -258,11 +276,40 @@ def _extend_dict(target_dict, other_dict + target_dict[key] = value + + ++_CONFIG_VARS_LOCAL = None ++ ++ ++def _config_vars_local(): ++ # This function returns the config vars with prefixes amended to /usr/local ++ # https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe ++ global _CONFIG_VARS_LOCAL ++ if _CONFIG_VARS_LOCAL is None: ++ _CONFIG_VARS_LOCAL = dict(get_config_vars()) ++ _CONFIG_VARS_LOCAL['base'] = '/usr/local' ++ _CONFIG_VARS_LOCAL['platbase'] = '/usr/local' ++ return _CONFIG_VARS_LOCAL ++ ++ + def _expand_vars(scheme, vars): + res = {} + if vars is None: + vars = {} +- _extend_dict(vars, get_config_vars()) ++ ++ # when we are not in a virtual environment or an RPM build ++ # we change '/usr' to '/usr/local' ++ # to avoid surprises, we explicitly check for the /usr/ prefix ++ # Python virtual environments have different prefixes ++ # we only do this for posix_prefix, not to mangle the venv scheme ++ # posix_prefix is used by sudo pip install ++ # we only change the defaults here, so explicit --prefix will take precedence ++ # https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe ++ if (scheme == 'posix_prefix' and ++ _PREFIX == '/usr' and ++ 'RPM_BUILD_ROOT' not in os.environ): ++ _extend_dict(vars, _config_vars_local()) ++ else: ++ _extend_dict(vars, get_config_vars()) ++ + if os.name == 'nt': + # On Windows we want to substitute 'lib' for schemes rather + # than the native value (without modifying vars, in case it +Index: Python-3.11.9/Lib/test/test_sysconfig.py +=================================================================== +--- Python-3.11.9.orig/Lib/test/test_sysconfig.py ++++ Python-3.11.9/Lib/test/test_sysconfig.py +@@ -111,8 +111,19 @@ class TestSysConfig(unittest.TestCase): + for scheme in _INSTALL_SCHEMES: + for name in _INSTALL_SCHEMES[scheme]: + expected = _INSTALL_SCHEMES[scheme][name].format(**config_vars) ++ tested = get_path(name, scheme) ++ # https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe ++ if tested.startswith('/usr/local'): ++ # /usr/local should only be used in posix_prefix ++ self.assertEqual(scheme, 'posix_prefix') ++ # Fedora CI runs tests for venv and virtualenv that check for other prefixes ++ self.assertEqual(sys.prefix, '/usr') ++ # When building the RPM of Python, %check runs this with RPM_BUILD_ROOT set ++ # Fedora CI runs this with RPM_BUILD_ROOT unset ++ self.assertNotIn('RPM_BUILD_ROOT', os.environ) ++ tested = tested.replace('/usr/local', '/usr') + self.assertEqual( +- os.path.normpath(get_path(name, scheme)), ++ os.path.normpath(tested), + os.path.normpath(expected), + ) + +@@ -345,7 +356,7 @@ class TestSysConfig(unittest.TestCase): + self.assertTrue(os.path.isfile(config_h), config_h) + + def test_get_scheme_names(self): +- wanted = ['nt', 'posix_home', 'posix_prefix', 'posix_venv', 'nt_venv', 'venv'] ++ wanted = ['nt', 'posix_home', 'posix_prefix', 'posix_venv', 'nt_venv', 'venv', 'rpm_prefix'] + if HAS_USER_BASE: + wanted.extend(['nt_user', 'osx_framework_user', 'posix_user']) + self.assertEqual(get_scheme_names(), tuple(sorted(wanted))) +@@ -357,6 +368,8 @@ class TestSysConfig(unittest.TestCase): + cmd = "-c", "import sysconfig; print(sysconfig.get_platform())" + self.assertEqual(py.call_real(*cmd), py.call_link(*cmd)) + ++ @unittest.skipIf('RPM_BUILD_ROOT' not in os.environ, ++ "Test doesn't expect Fedora's paths") + def test_user_similar(self): + # Issue #8759: make sure the posix scheme for the users + # is similar to the global posix_prefix one diff --git a/PACKAGING-NOTES b/PACKAGING-NOTES new file mode 100644 index 0000000..e28c88c --- /dev/null +++ b/PACKAGING-NOTES @@ -0,0 +1,26 @@ +Notes for packagers of Python3 +============================== + +0. Faster build turnaround +-------------------------- + +By default, python builds with profile-guided optimization. This needs +an additional run of the test suite and it is generally slow. +PGO build takes around 50 minutes. + +For development, use "--without profileopt" option to disable PGO. This +shortens the build time to ~5 minutes including test suite. + +1. import_failed.map +---------------------- + +This is a mechanism installed as part of python3-base, that places shim modules +on python's path (through a generated zzzz-import-failed-hooks.pth file, so that +it is imported as much at the end as makes sense; and an _import_failed subdir +of /usr/lib/pythonX.Y). Then when the user tries to import a module that is part +of a subpackage, the ImportError will contain a helpful message telling them +which missing subpackage to install. + +This can sometimes cause problems on non-standard configurations, if the pth +gets included too early (for instance if you are using a script to include all +pths by hand in some strange order). Just something to look out for. diff --git a/Python-3.11.10.tar.xz b/Python-3.11.10.tar.xz new file mode 100644 index 0000000..f87e7ad --- /dev/null +++ b/Python-3.11.10.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:07a4356e912900e61a15cb0949a06c4a05012e213ecd6b4e84d0f67aabbee372 +size 20067656 diff --git a/Python-3.11.10.tar.xz.asc b/Python-3.11.10.tar.xz.asc new file mode 100644 index 0000000..243d1b1 --- /dev/null +++ b/Python-3.11.10.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEz9yiRbEEPPKl+Xhl/+h0BBaL2EcFAmbbrO0ACgkQ/+h0BBaL +2Ec+YBAAnQJLKYPjj7Yr7xkFU655Sv86JxeRAdWjnIapbiIuWg3Up8Pd8FTRgHGf +3XdTHw7b03lSjtzJwavzdnDklqAlBIGn9dVieljUIN7NYyNxoYOr/AiatimgSwv7 +dI5mfun5fLKV6ZcdNdQN5PJ3RZtF3I7VfkN2mlfZJHtxl1agdU/TfW2L+qJ7+JPY +cayjq2xKTLRNXOf2iV29GRRovLiqA+Dx0+cAwsScwreHMp3U4k3GkeHVoR6fldV4 +bVAM8GRl3CYVFePiqAbamKP1BSys44JOINWbWyd94JxzEAwXWz//Es0h73AzeRfK +ueORqzdoOGrVc74+HGlAHhqO1Gg7jMMmtkzCEuav+cGHYnMRMOngGR3q47aTJTVb +5UdP0oD4OlADPFVa6q0LCqN/IFlebWMh9pXYw7Wpek63oNuZHTfNPq4S1AUM2HJm +C3yzaOG9VAdYfLneJC4ldY4CVt1FKckfaXp5OAaMr71DI74e4CcEswlUupZJLZKV +TJRjQD15bnXGhHDqU4w3RmzpCWMh2mf4m4VMYQyObl3TtlX+gVvzIhDS5+mXqutB +F1pdXwaHHkTb2PLLxpwOGrnsp8XoW74tsylcYirQg8jSFMbgxfwgIjEIuRGXeDkT +B4QzmQ4SxsbLiH7etV6Fznl1h569Z4DO9OOs4i0ZzIjdhPDQtAs= +=TatG +-----END PGP SIGNATURE----- diff --git a/Python-3.11.11.tar.xz b/Python-3.11.11.tar.xz new file mode 100644 index 0000000..e0581b1 --- /dev/null +++ b/Python-3.11.11.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:2a9920c7a0cd236de33644ed980a13cbbc21058bfdc528febb6081575ed73be3 +size 20085792 diff --git a/Python-3.11.11.tar.xz.sigstore b/Python-3.11.11.tar.xz.sigstore new file mode 100644 index 0000000..782816a --- /dev/null +++ b/Python-3.11.11.tar.xz.sigstore @@ -0,0 +1 @@ +{"mediaType": "application/vnd.dev.sigstore.bundle.v0.3+json", "verificationMaterial": {"certificate": {"rawBytes": "MIICzDCCAlOgAwIBAgIUWcRolJPsPmtJKA6VkjHSj7PtjY8wCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjQxMjAzMTgxOTA1WhcNMjQxMjAzMTgyOTA1WjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEN+fBJCRZIAZiWPBdjyQVD+x5vgmjuuVct1HkPHIBMuEe7wI4mBG2BhJ3fHkpr97efIH6ELMmPV99edyAIZFXR6OCAXIwggFuMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUkutZdHfCCSvGI87mjnBRwZB8ihYwHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4YZD8wIgYDVR0RAQH/BBgwFoEUcGFibG9nc2FsQHB5dGhvbi5vcmcwKQYKKwYBBAGDvzABAQQbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMCsGCisGAQQBg78wAQgEHQwbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMIGKBgorBgEEAdZ5AgQCBHwEegB4AHYA3T0wasbHETJjGR4cmWc3AqJKXrjePK3/h4pygC8p7o4AAAGTjb9QlwAABAMARzBFAiEA4ddSINhYM+p0+DGzRqnA8rVtJF9YgI+9znXiq9fqQNkCIEErcSnQmN8jjErhwWWtcTM5GgH4ka/uk5kdHTycwxj3MAoGCCqGSM49BAMDA2cAMGQCMFmkCEH2pCBpFeFiUi2uA4opcJP6vh/zqb+D0tbxqd+jwbBkuDxDqA9/Ao3UWop+twIwO9o71KAlYWPSPYMeZERM4R8zWlp9mVJPiK3tgOJJi40MNmxwtfsQeQtncqiQLBAH"}, "tlogEntries": [{"logIndex": "153122039", "logId": {"keyId": "wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="}, "kindVersion": {"kind": "hashedrekord", "version": "0.0.1"}, "integratedTime": "1733249946", "inclusionPromise": {"signedEntryTimestamp": "MEUCIBL9zpVJtljIuZtAe8uptLfDmakmbAjy5ELp2q8WJTQ7AiEAv6lIpyJZycHwTS+JHYJFzMVv0SmA8yQ0eMneBivMhPY="}, "inclusionProof": {"logIndex": "31217777", "rootHash": "BMKHBPePzSbNqf2NyF/Ejuyy3troRGpNS41Dqe43nZ0=", "treeSize": "31217778", "hashes": ["lrr8dxmtgD09fnZTo1tMTY00HNKc2ZIpbZa1djDeTes=", "yFxGSg1RDbtZ/eNftnMdBJGNEZmmLyx2ZRDFtAIMHAk=", "GeqsQGnvgc+gcuaIC+vQ5b0RdTyBxBnYTpbeW2AeD+Q=", "dMTPeN/a9xCQQP+Hz7sddW0pPj8n54sfkhcf3XhjrMM=", "XjayhjKU3shP7q7lhmhKDv3Vpi4gJgAPCu0KlEzc9Qo=", "go1dmexQYS5etu69upRRX7IFvuA0rIcT9aYjMstmPIU=", "AYwr74Bm2w383UnS7DdbZUUAhusq28JoxKpWrQ7OvGQ=", "u+yWmGIR6sAH32wiSy22mz1Yf+jfPdBTjFbyRISuTZw=", "3eFC7Gp4fWecybDOAw9uUTrM1xB7YRYRAGsfYkiQbV8=", "1uKk2qjOliHMiTk906jrchP8mXWsRG8apaU1sa0lfh0=", "oOecFfN3YqDOkbijS/ej1WF5Da/Gt/AZNhbwE9uoOE8=", "4lUF0YOu9XkIDXKXA0wMSzd6VeDY3TZAgmoOeWmS2+Y=", "gf+9m552B3PnkWnO0o4KdVvjcT3WVHLrCbf1DoVYKFw="], "checkpoint": {"envelope": "rekor.sigstore.dev - 1193050959916656506\n31217778\nBMKHBPePzSbNqf2NyF/Ejuyy3troRGpNS41Dqe43nZ0=\n\n\u2014 rekor.sigstore.dev wNI9ajBEAiA7ed0HqugBwVpmxDAR1VN35J91/+DeRdj09y5lFY+bRwIgYe07JnZlJvp3MfAMXX3i4XBsZoDRZoXtwfBaRj/8x8s=\n"}}, "canonicalizedBody": "eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiaGFzaGVkcmVrb3JkIiwic3BlYyI6eyJkYXRhIjp7Imhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiIyYTk5MjBjN2EwY2QyMzZkZTMzNjQ0ZWQ5ODBhMTNjYmJjMjEwNThiZmRjNTI4ZmViYjYwODE1NzVlZDczYmUzIn19LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FVUNJRU5KSGllaWs5WkVibW83a0p4ZUhWY2FvVDVYOUxyWG1zRTVxc1I5R1JpSEFpRUFtcHZyV21vUHF5YzRpQ09VYXVmY3dKTllMK1lPTWU0b0NOaWRLVGduT1FBPSIsInB1YmxpY0tleSI6eyJjb250ZW50IjoiTFMwdExTMUNSVWRKVGlCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2sxSlNVTjZSRU5EUVd4UFowRjNTVUpCWjBsVlYyTlNiMnhLVUhOUWJYUktTMEUyVm10cVNGTnFOMUIwYWxrNGQwTm5XVWxMYjFwSmVtb3dSVUYzVFhjS1RucEZWazFDVFVkQk1WVkZRMmhOVFdNeWJHNWpNMUoyWTIxVmRWcEhWakpOVWpSM1NFRlpSRlpSVVVSRmVGWjZZVmRrZW1SSE9YbGFVekZ3WW01U2JBcGpiVEZzV2tkc2FHUkhWWGRJYUdOT1RXcFJlRTFxUVhwTlZHZDRUMVJCTVZkb1kwNU5hbEY0VFdwQmVrMVVaM2xQVkVFeFYycEJRVTFHYTNkRmQxbElDa3R2V2tsNmFqQkRRVkZaU1V0dldrbDZhakJFUVZGalJGRm5RVVZPSzJaQ1NrTlNXa2xCV21sWFVFSmthbmxSVmtRcmVEVjJaMjFxZFhWV1kzUXhTR3NLVUVoSlFrMTFSV1UzZDBrMGJVSkhNa0pvU2pObVNHdHdjamszWldaSlNEWkZURTF0VUZZNU9XVmtlVUZKV2taWVVqWlBRMEZZU1hkblowWjFUVUUwUndwQk1WVmtSSGRGUWk5M1VVVkJkMGxJWjBSQlZFSm5UbFpJVTFWRlJFUkJTMEpuWjNKQ1owVkdRbEZqUkVGNlFXUkNaMDVXU0ZFMFJVWm5VVlZyZFhSYUNtUklaa05EVTNaSFNUZzNiV3B1UWxKM1drSTRhV2haZDBoM1dVUldVakJxUWtKbmQwWnZRVlV6T1ZCd2VqRlphMFZhWWpWeFRtcHdTMFpYYVhocE5Ga0tXa1E0ZDBsbldVUldVakJTUVZGSUwwSkNaM2RHYjBWVlkwZEdhV0pIT1c1ak1rWnpVVWhDTldSSGFIWmlhVFYyWTIxamQwdFJXVXRMZDFsQ1FrRkhSQXAyZWtGQ1FWRlJZbUZJVWpCalNFMDJUSGs1YUZreVRuWmtWelV3WTNrMWJtSXlPVzVpUjFWMVdUSTVkRTFEYzBkRGFYTkhRVkZSUW1jM09IZEJVV2RGQ2toUmQySmhTRkl3WTBoTk5reDVPV2haTWs1MlpGYzFNR041Tlc1aU1qbHVZa2RWZFZreU9YUk5TVWRMUW1kdmNrSm5SVVZCWkZvMVFXZFJRMEpJZDBVS1pXZENORUZJV1VFelZEQjNZWE5pU0VWVVNtcEhValJqYlZkak0wRnhTa3RZY21wbFVFc3pMMmcwY0hsblF6aHdOMjgwUVVGQlIxUnFZamxSYkhkQlFRcENRVTFCVW5wQ1JrRnBSVUUwWkdSVFNVNW9XVTByY0RBclJFZDZVbkZ1UVRoeVZuUktSamxaWjBrck9YcHVXR2x4T1daeFVVNXJRMGxGUlhKalUyNVJDbTFPT0dwcVJYSm9kMWRYZEdOVVRUVkhaMGcwYTJFdmRXczFhMlJJVkhsamQzaHFNMDFCYjBkRFEzRkhVMDAwT1VKQlRVUkJNbU5CVFVkUlEwMUdiV3NLUTBWSU1uQkRRbkJHWlVacFZXa3lkVUUwYjNCalNsQTJkbWd2ZW5GaUswUXdkR0o0Y1dRcmFuZGlRbXQxUkhoRWNVRTVMMEZ2TTFWWGIzQXJkSGRKZHdwUE9XODNNVXRCYkZsWFVGTlFXVTFsV2tWU1RUUlNPSHBYYkhBNWJWWktVR2xMTTNSblQwcEthVFF3VFU1dGVIZDBabk5SWlZGMGJtTnhhVkZNUWtGSUNpMHRMUzB0UlU1RUlFTkZVbFJKUmtsRFFWUkZMUzB0TFMwSyJ9fX19"}]}, "messageSignature": {"messageDigest": {"algorithm": "SHA2_256", "digest": "Kpkgx6DNI23jNkTtmAoTy7whBYv9xSj+u2CBV17XO+M="}, "signature": "MEUCIENJHieik9ZEbmo7kJxeHVcaoT5X9LrXmsE5qsR9GRiHAiEAmpvrWmoPqyc4iCOUaufcwJNYL+YOMe4oCNidKTgnOQA="}} diff --git a/Python-3.11.12.tar.xz b/Python-3.11.12.tar.xz new file mode 100644 index 0000000..e2b3c80 --- /dev/null +++ b/Python-3.11.12.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:849da87af4df137710c1796e276a955f7a85c9f971081067c8f565d15c352a09 +size 20112232 diff --git a/Python-3.11.12.tar.xz.sigstore b/Python-3.11.12.tar.xz.sigstore new file mode 100644 index 0000000..36fb8a6 --- /dev/null +++ b/Python-3.11.12.tar.xz.sigstore @@ -0,0 +1 @@ +{"mediaType": "application/vnd.dev.sigstore.bundle.v0.3+json", "verificationMaterial": {"certificate": {"rawBytes": "MIICzDCCAlOgAwIBAgIUdXXo3kfUuTRxhwfBaDz2hbLdc00wCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjUwNDA4MTUwMzI1WhcNMjUwNDA4MTUxMzI1WjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEChWB96w27HEQAug03xOuj5aVvdcEBkLaseC6PKbhc3lq1vL78o96RMSdWdBSmBQ4OrRHKvop8VRwn4SI6KPIN6OCAXIwggFuMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUDQFNdUPu8lJprLgYTWMF//JnS0owHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4YZD8wIgYDVR0RAQH/BBgwFoEUcGFibG9nc2FsQHB5dGhvbi5vcmcwKQYKKwYBBAGDvzABAQQbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMCsGCisGAQQBg78wAQgEHQwbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMIGKBgorBgEEAdZ5AgQCBHwEegB4AHYA3T0wasbHETJjGR4cmWc3AqJKXrjePK3/h4pygC8p7o4AAAGWFe1zcgAABAMARzBFAiAMLue9b86BfjeZl9ML7LekLskkUPTEhI2ciiZrYgaF/gIhAIt66OYOVpC39L+bRXJd1K+T39IGMxYcKoaDrMk0DX59MAoGCCqGSM49BAMDA2cAMGQCMEJ+IEScHRIlOwToBZxVVJjrSxOVvqRSfUO5hvYNkqhYz97LxxUFWpcB/DMiQJOUbwIwKJRh5d7c30z1XyE5zsjOZZmz37ah6aJtyuHLCn3QKJniWBMxIMy9lbXlRZWZgsf0"}, "tlogEntries": [{"logIndex": "193896942", "logId": {"keyId": "wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="}, "kindVersion": {"kind": "hashedrekord", "version": "0.0.1"}, "integratedTime": "1744124605", "inclusionPromise": {"signedEntryTimestamp": "MEUCIQDBvc4N4pmeJKalSbAgT5X5MiHnHfiFJ3q/ifYIUDQORwIgNCMUBexEGM4B8VSSWkSDK8uZDGqzA7bgurZdWE0z/vc="}, "inclusionProof": {"logIndex": "71992680", "rootHash": "jow4GaqK8wgGK0YaQkHyINNk1eJRvrgCUSax5oC+bgc=", "treeSize": "71992683", "hashes": ["V5p0el9OkIku5PMpzeGtSeSQLNkd4d0DVh6qNlixrlk=", "CbJfH60w3vsS3xzOzbMZQaokwVM+6efm7OCLjQ5og/k=", "fJZsSVsDo+dpw5484/+8Rm3EH3JostySBfLMVDBUZOU=", "/C+wK2WU/SrXLMnuHDzeBP4K+Jlt/S0nAvzvcXJPp30=", "m6j5meZeKpBfFqNeI7qiCogWjT2IT5NZkgJYwot9sRo=", "V7VMIiqIq7yvzO+ic8vLqIJr3+iGA6whYAGN7YvWhsQ=", "2ap6N1WIsMWGC/Zrnzsx//K9223/3B9lLpJP87M+rXE=", "2kwW2rqY/EMS68q/rOjagVYsEMybFHgxIfbokSa8yKU=", "QReFEOB9XSZtDKsjRtA0fGnYGMYD2Z7qn50auG1YlWo=", "K26LG80DXyb+bC58c4Nw00WigG52v0PCsZGY3ExGsts=", "WEm5OgPzJpYROv+4CcrieexCYyQKrLUH3hbxmcQQ+DM=", "7v8qPHNDLerpduaMx06eb/MwgoQwczTn/cYGKX/9wZ4="], "checkpoint": {"envelope": "rekor.sigstore.dev - 1193050959916656506\n71992683\njow4GaqK8wgGK0YaQkHyINNk1eJRvrgCUSax5oC+bgc=\n\n\u2014 rekor.sigstore.dev wNI9ajBGAiEA7u1b4P659JpwuXMf6lhvC1RhOj/ZH7CpYcAQbitQSwUCIQDJrflW8FGweaiB88lSuLfpfD/a6l6jWhUyOQB/mIJ9rA==\n"}}, "canonicalizedBody": "eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiaGFzaGVkcmVrb3JkIiwic3BlYyI6eyJkYXRhIjp7Imhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiI4NDlkYTg3YWY0ZGYxMzc3MTBjMTc5NmUyNzZhOTU1ZjdhODVjOWY5NzEwODEwNjdjOGY1NjVkMTVjMzUyYTA5In19LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FUUNJRnMzQi9oTk9OMVY2TXFaUkxzRmNHNlU2Qjkza2FsL1VLZWsvYkRVb3o2MUFpQWZydmsrWXpjK0hHZGJYemRRQ203cjlKU2RNUCtuR1BOblVCZzFoSnAySVE9PSIsInB1YmxpY0tleSI6eyJjb250ZW50IjoiTFMwdExTMUNSVWRKVGlCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2sxSlNVTjZSRU5EUVd4UFowRjNTVUpCWjBsVlpGaFliek5yWmxWMVZGSjRhSGRtUW1GRWVqSm9Za3hrWXpBd2QwTm5XVWxMYjFwSmVtb3dSVUYzVFhjS1RucEZWazFDVFVkQk1WVkZRMmhOVFdNeWJHNWpNMUoyWTIxVmRWcEhWakpOVWpSM1NFRlpSRlpSVVVSRmVGWjZZVmRrZW1SSE9YbGFVekZ3WW01U2JBcGpiVEZzV2tkc2FHUkhWWGRJYUdOT1RXcFZkMDVFUVRSTlZGVjNUWHBKTVZkb1kwNU5hbFYzVGtSQk5FMVVWWGhOZWtreFYycEJRVTFHYTNkRmQxbElDa3R2V2tsNmFqQkRRVkZaU1V0dldrbDZhakJFUVZGalJGRm5RVVZEYUZkQ09UWjNNamRJUlZGQmRXY3dNM2hQZFdvMVlWWjJaR05GUW10TVlYTmxRellLVUV0aWFHTXpiSEV4ZGt3M09HODVObEpOVTJSWFpFSlRiVUpSTkU5eVVraExkbTl3T0ZaU2QyNDBVMGsyUzFCSlRqWlBRMEZZU1hkblowWjFUVUUwUndwQk1WVmtSSGRGUWk5M1VVVkJkMGxJWjBSQlZFSm5UbFpJVTFWRlJFUkJTMEpuWjNKQ1owVkdRbEZqUkVGNlFXUkNaMDVXU0ZFMFJVWm5VVlZFVVVaT0NtUlZVSFU0YkVwd2NreG5XVlJYVFVZdkwwcHVVekJ2ZDBoM1dVUldVakJxUWtKbmQwWnZRVlV6T1ZCd2VqRlphMFZhWWpWeFRtcHdTMFpYYVhocE5Ga0tXa1E0ZDBsbldVUldVakJTUVZGSUwwSkNaM2RHYjBWVlkwZEdhV0pIT1c1ak1rWnpVVWhDTldSSGFIWmlhVFYyWTIxamQwdFJXVXRMZDFsQ1FrRkhSQXAyZWtGQ1FWRlJZbUZJVWpCalNFMDJUSGs1YUZreVRuWmtWelV3WTNrMWJtSXlPVzVpUjFWMVdUSTVkRTFEYzBkRGFYTkhRVkZSUW1jM09IZEJVV2RGQ2toUmQySmhTRkl3WTBoTk5reDVPV2haTWs1MlpGYzFNR041Tlc1aU1qbHVZa2RWZFZreU9YUk5TVWRMUW1kdmNrSm5SVVZCWkZvMVFXZFJRMEpJZDBVS1pXZENORUZJV1VFelZEQjNZWE5pU0VWVVNtcEhValJqYlZkak0wRnhTa3RZY21wbFVFc3pMMmcwY0hsblF6aHdOMjgwUVVGQlIxZEdaVEY2WTJkQlFRcENRVTFCVW5wQ1JrRnBRVTFNZFdVNVlqZzJRbVpxWlZwc09VMU1OMHhsYTB4emEydFZVRlJGYUVreVkybHBXbkpaWjJGR0wyZEphRUZKZERZMlQxbFBDbFp3UXpNNVRDdGlVbGhLWkRGTEsxUXpPVWxIVFhoWlkwdHZZVVJ5VFdzd1JGZzFPVTFCYjBkRFEzRkhVMDAwT1VKQlRVUkJNbU5CVFVkUlEwMUZTaXNLU1VWVFkwaFNTV3hQZDFSdlFscDRWbFpLYW5KVGVFOVdkbkZTVTJaVlR6Vm9kbGxPYTNGb1dYbzVOMHg0ZUZWR1YzQmpRaTlFVFdsUlNrOVZZbmRKZHdwTFNsSm9OV1EzWXpNd2VqRlllVVUxZW5OcVQxcGFiWG96TjJGb05tRktkSGwxU0V4RGJqTlJTMHB1YVZkQ1RYaEpUWGs1YkdKWWJGSmFWMXBuYzJZd0NpMHRMUzB0UlU1RUlFTkZVbFJKUmtsRFFWUkZMUzB0TFMwSyJ9fX19"}], "timestampVerificationData": {}}, "messageSignature": {"messageDigest": {"algorithm": "SHA2_256", "digest": "hJ2oevTfE3cQwXluJ2qVX3qFyflxCBBnyPVl0Vw1Kgk="}, "signature": "MEQCIFs3B/hNON1V6MqZRLsFcG6U6B93kal/UKek/bDUoz61AiAfrvk+Yzc+HGdbXzdQCm7r9JSdMP+nGPNnUBg1hJp2IQ=="}} diff --git a/README.SUSE b/README.SUSE new file mode 100644 index 0000000..0053bcf --- /dev/null +++ b/README.SUSE @@ -0,0 +1,43 @@ +Python 3 in SUSE +============== + +* Subpackages * + +Python 3 is split into several subpackages, based on external dependencies. +The main package 'python3' has soft dependencies on all subpackages needed to +assemble the standard library; however, these might not all be installed by default. + +If you attempt to import a module that is currently not installed, an ImportError is thrown, +with instructions to install the missing subpackage. Installing the subpackage might result +in installing libraries that the subpackage requires to function. + + +* ensurepip * + +The 'ensurepip' module from Python 3 standard library (PEP 453) is supposed to deploy +a bundled copy of the pip installer. This makes no sense in a managed distribution like SUSE. +Instead, you need to install package 'python3-pip'. Usually this will be installed automatically +with 'python3'. + +Using 'ensurepip' when pip is not installed will result in an ImportError with instructions +to install 'python3-pip'. + + +* Documentation * + +You can find documentation in seprarate packages: python3-doc and +python3-doc-pdf. These contan following documents: + + Tutorial, What's New in Python, Global Module Index, Library Reference, + Macintosh Module Reference, Installing Python Modules, Distributing Python + Modules, Language Reference, Extending and Embedding, Python/C API, + Documenting Python + +The python3-doc package constains many text files from source tarball. + + +* Interactive mode * + +Interactive mode is by default enhanced with of history and command completion. +If you don't like these features, you can unset the PYTHONSTARTUP variable +in your .profile or disable it system wide in /etc/profile.d/python.sh. diff --git a/_multibuild b/_multibuild new file mode 100644 index 0000000..1d50bc4 --- /dev/null +++ b/_multibuild @@ -0,0 +1,4 @@ + + base + doc + diff --git a/add-loongarch64-support.patch b/add-loongarch64-support.patch new file mode 100644 index 0000000..f0c8035 --- /dev/null +++ b/add-loongarch64-support.patch @@ -0,0 +1,25 @@ +Description: Add platform triplets for LoongArch. + +--- a/configure.ac ++++ b/configure.ac +@@ -976,6 +976,20 @@ cat > conftest.c <=6) && defined(_MIPSEL) diff --git a/baselibs.conf b/baselibs.conf new file mode 100644 index 0000000..1793de8 --- /dev/null +++ b/baselibs.conf @@ -0,0 +1,3 @@ +python311-base +python311 +libpython3_11-1_0 diff --git a/bluez-devel-vendor.tar.xz b/bluez-devel-vendor.tar.xz new file mode 100644 index 0000000..57fb3e5 --- /dev/null +++ b/bluez-devel-vendor.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:868fbfba2ddaed62f2c45cf869fe2c648527ac3bac738f4f41f3c2872f5b0211 +size 25040 diff --git a/bpo-31046_ensurepip_honours_prefix.patch b/bpo-31046_ensurepip_honours_prefix.patch new file mode 100644 index 0000000..86882ae --- /dev/null +++ b/bpo-31046_ensurepip_honours_prefix.patch @@ -0,0 +1,173 @@ +From 5754521af1d51aa8e445cba07a093bbc0c88596d Mon Sep 17 00:00:00 2001 +From: Zackery Spytz +Date: Mon, 16 Dec 2019 18:24:08 -0700 +Subject: [PATCH] bpo-31046: ensurepip does not honour the value of $(prefix) + +Co-Authored-By: Xavier de Gaye +--- + Doc/library/ensurepip.rst | 9 +++-- + Lib/ensurepip/__init__.py | 18 +++++++--- + Lib/test/test_ensurepip.py | 11 ++++++ + Makefile.pre.in | 4 +- + Misc/NEWS.d/next/Build/2019-12-16-17-50-42.bpo-31046.XA-Qfr.rst | 1 + 5 files changed, 34 insertions(+), 9 deletions(-) + create mode 100644 Misc/NEWS.d/next/Build/2019-12-16-17-50-42.bpo-31046.XA-Qfr.rst + +Index: Python-3.11.8/Doc/library/ensurepip.rst +=================================================================== +--- Python-3.11.8.orig/Doc/library/ensurepip.rst ++++ Python-3.11.8/Doc/library/ensurepip.rst +@@ -59,7 +59,9 @@ is at least as recent as the one availab + By default, ``pip`` is installed into the current virtual environment + (if one is active) or into the system site packages (if there is no + active virtual environment). The installation location can be controlled +-through two additional command line options: ++through some additional command line options: ++ ++* ``--prefix ``: Installs ``pip`` using the given directory prefix. + + * :samp:`--root {dir}`: Installs ``pip`` relative to the given root directory + rather than the root of the currently active virtual environment (if any) +@@ -92,7 +94,7 @@ Module API + Returns a string specifying the available version of pip that will be + installed when bootstrapping an environment. + +-.. function:: bootstrap(root=None, upgrade=False, user=False, \ ++.. function:: bootstrap(root=None, prefix=None, upgrade=False, user=False, \ + altinstall=False, default_pip=False, \ + verbosity=0) + +@@ -102,6 +104,8 @@ Module API + If *root* is ``None``, then installation uses the default install location + for the current environment. + ++ *prefix* specifies the directory prefix to use when installing. ++ + *upgrade* indicates whether or not to upgrade an existing installation + of an earlier version of ``pip`` to the available version. + +@@ -122,6 +126,8 @@ Module API + *verbosity* controls the level of output to :data:`sys.stdout` from the + bootstrapping operation. + ++ .. versionchanged:: 3.9 the *prefix* parameter was added. ++ + .. audit-event:: ensurepip.bootstrap root ensurepip.bootstrap + + .. note:: +Index: Python-3.11.8/Lib/ensurepip/__init__.py +=================================================================== +--- Python-3.11.8.orig/Lib/ensurepip/__init__.py ++++ Python-3.11.8/Lib/ensurepip/__init__.py +@@ -122,27 +122,27 @@ def _disable_pip_configuration_settings( + os.environ['PIP_CONFIG_FILE'] = os.devnull + + +-def bootstrap(*, root=None, upgrade=False, user=False, ++def bootstrap(*, root=None, prefix=None, upgrade=False, user=False, + altinstall=False, default_pip=False, + verbosity=0): + """ + Bootstrap pip into the current Python installation (or the given root +- directory). ++ and directory prefix). + + Note that calling this function will alter both sys.path and os.environ. + """ + # Discard the return value +- _bootstrap(root=root, upgrade=upgrade, user=user, ++ _bootstrap(root=root, prefix=prefix, upgrade=upgrade, user=user, + altinstall=altinstall, default_pip=default_pip, + verbosity=verbosity) + + +-def _bootstrap(*, root=None, upgrade=False, user=False, ++def _bootstrap(*, root=None, prefix=None, upgrade=False, user=False, + altinstall=False, default_pip=False, + verbosity=0): + """ + Bootstrap pip into the current Python installation (or the given root +- directory). Returns pip command status code. ++ and directory prefix). Returns pip command status code. + + Note that calling this function will alter both sys.path and os.environ. + """ +@@ -192,6 +192,8 @@ def _bootstrap(*, root=None, upgrade=Fal + args = ["install", "--no-cache-dir", "--no-index", "--find-links", tmpdir] + if root: + args += ["--root", root] ++ if prefix: ++ args += ["--prefix", prefix] + if upgrade: + args += ["--upgrade"] + if user: +@@ -267,6 +269,11 @@ def _main(argv=None): + help="Install everything relative to this alternate root directory.", + ) + parser.add_argument( ++ "--prefix", ++ default=None, ++ help="Install everything using this prefix.", ++ ) ++ parser.add_argument( + "--altinstall", + action="store_true", + default=False, +@@ -285,6 +292,7 @@ def _main(argv=None): + + return _bootstrap( + root=args.root, ++ prefix=args.prefix, + upgrade=args.upgrade, + user=args.user, + verbosity=args.verbosity, +Index: Python-3.11.8/Lib/test/test_ensurepip.py +=================================================================== +--- Python-3.11.8.orig/Lib/test/test_ensurepip.py ++++ Python-3.11.8/Lib/test/test_ensurepip.py +@@ -112,6 +112,17 @@ class TestBootstrap(EnsurepipMixin, unit + unittest.mock.ANY, + ) + ++ def test_bootstrapping_with_prefix(self): ++ ensurepip.bootstrap(prefix="/foo/bar/") ++ self.run_pip.assert_called_once_with( ++ [ ++ "install", "--no-cache-dir", "--no-index", "--find-links", ++ unittest.mock.ANY, "--prefix", "/foo/bar/", ++ "setuptools", "pip", ++ ], ++ unittest.mock.ANY, ++ ) ++ + def test_bootstrapping_with_user(self): + ensurepip.bootstrap(user=True) + +Index: Python-3.11.8/Makefile.pre.in +=================================================================== +--- Python-3.11.8.orig/Makefile.pre.in ++++ Python-3.11.8/Makefile.pre.in +@@ -1761,7 +1761,7 @@ install: @FRAMEWORKINSTALLFIRST@ commoni + install|*) ensurepip="" ;; \ + esac; \ + $(RUNSHARED) $(PYTHON_FOR_BUILD) -m ensurepip \ +- $$ensurepip --root=$(DESTDIR)/ ; \ ++ $$ensurepip --root=$(DESTDIR)/ --prefix=$(prefix) ; \ + fi + + altinstall: commoninstall +@@ -1771,7 +1771,7 @@ altinstall: commoninstall + install|*) ensurepip="--altinstall" ;; \ + esac; \ + $(RUNSHARED) $(PYTHON_FOR_BUILD) -m ensurepip \ +- $$ensurepip --root=$(DESTDIR)/ ; \ ++ $$ensurepip --root=$(DESTDIR)/ --prefix=$(prefix) ; \ + fi + + commoninstall: check-clean-src @FRAMEWORKALTINSTALLFIRST@ \ +Index: Python-3.11.8/Misc/NEWS.d/next/Build/2019-12-16-17-50-42.bpo-31046.XA-Qfr.rst +=================================================================== +--- /dev/null ++++ Python-3.11.8/Misc/NEWS.d/next/Build/2019-12-16-17-50-42.bpo-31046.XA-Qfr.rst +@@ -0,0 +1 @@ ++A directory prefix can now be specified when using :mod:`ensurepip`. diff --git a/bsc1221260-test_asyncio-ResourceWarning.patch b/bsc1221260-test_asyncio-ResourceWarning.patch new file mode 100644 index 0000000..15d6b8d --- /dev/null +++ b/bsc1221260-test_asyncio-ResourceWarning.patch @@ -0,0 +1,21 @@ +From a3052035485bd2836e40f5284657ca105382cbfd Mon Sep 17 00:00:00 2001 +From: sobolevn +Date: Tue, 5 Mar 2024 20:24:16 +0300 +Subject: [PATCH] gh-116112: Fix `ResourceWarning` in + `test_asyncio.test_stream` + +Co-authored-by: @CendioOssman +--- + Lib/test/test_asyncio/test_streams.py | 1 + + 1 file changed, 1 insertion(+) + +--- a/Lib/test/test_asyncio/test_streams.py ++++ b/Lib/test/test_asyncio/test_streams.py +@@ -1156,6 +1156,7 @@ os.close(fd) + + def test_unhandled_cancel(self): + async def handle_echo(reader, writer): ++ writer.close() + asyncio.current_task().cancel() + messages = self._basetest_unhandled_exceptions(handle_echo) + self.assertEqual(messages, []) diff --git a/bso1227999-reproducible-builds.patch b/bso1227999-reproducible-builds.patch new file mode 100644 index 0000000..fb33d18 --- /dev/null +++ b/bso1227999-reproducible-builds.patch @@ -0,0 +1,37 @@ +From ac2b8869724d7a57d9b5efbdce2f20423214e8bb Mon Sep 17 00:00:00 2001 +From: "Bernhard M. Wiedemann" +Date: Tue, 16 Jul 2024 21:39:33 +0200 +Subject: [PATCH] Allow to override build date with SOURCE_DATE_EPOCH + +to make builds reproducible. +See https://reproducible-builds.org/ for why this is good +and https://reproducible-builds.org/specs/source-date-epoch/ +for the definition of this variable. +--- + Doc/conf.py | 3 ++- + Doc/library/functions.rst | 2 +- + 2 files changed, 3 insertions(+), 2 deletions(-) + +--- a/Doc/conf.py ++++ b/Doc/conf.py +@@ -316,7 +316,8 @@ html_context = { + } + + # This 'Last updated on:' timestamp is inserted at the bottom of every page. +-html_last_updated_fmt = time.strftime('%b %d, %Y (%H:%M UTC)', time.gmtime()) ++html_time = int(os.environ.get('SOURCE_DATE_EPOCH', time.time())) ++html_last_updated_fmt = time.strftime('%b %d, %Y (%H:%M UTC)', time.gmtime(html_time)) + + # Path to find HTML templates. + templates_path = ['tools/templates'] +--- a/Doc/library/functions.rst ++++ b/Doc/library/functions.rst +@@ -1356,7 +1356,7 @@ are always available. They are listed h + (where :func:`open` is declared), :mod:`os`, :mod:`os.path`, :mod:`tempfile`, + and :mod:`shutil`. + +- .. audit-event:: open file,mode,flags open ++ .. audit-event:: open path,mode,flags open + + The ``mode`` and ``flags`` arguments may have been modified or inferred from + the original call. diff --git a/distutils-reproducible-compile.patch b/distutils-reproducible-compile.patch new file mode 100644 index 0000000..17e8bd2 --- /dev/null +++ b/distutils-reproducible-compile.patch @@ -0,0 +1,17 @@ +--- + Lib/distutils/util.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +Index: Python-3.11.8/Lib/distutils/util.py +=================================================================== +--- Python-3.11.8.orig/Lib/distutils/util.py ++++ Python-3.11.8/Lib/distutils/util.py +@@ -436,7 +436,7 @@ byte_compile(files, optimize=%r, force=% + else: + from py_compile import compile + +- for file in py_files: ++ for file in sorted(py_files): + if file[-3:] != ".py": + # This lets us be lazy and not filter filenames in + # the "install_lib" command. diff --git a/externally_managed.in b/externally_managed.in new file mode 100644 index 0000000..54606b6 --- /dev/null +++ b/externally_managed.in @@ -0,0 +1,12 @@ +[externally-managed] +Error=To install Python packages system-wide, try + zypper install __PYTHONPREFIX__-xyz, where xyz is the package + you are trying to install. + + If you wish to install a non-rpm packaged Python package, + create a virtual environment using __PYTHON__ -m venv path/to/venv. + Then use path/to/venv/bin/python and path/to/venv/bin/pip. + + If you wish to install a non-rpm packaged Python application, + it may be easiest to use `pipx install xyz`, which will manage a + virtual environment for you. Install pipx via `zypper install __PYTHONPREFIX__-pipx` . diff --git a/fix_configure_rst.patch b/fix_configure_rst.patch new file mode 100644 index 0000000..b3f5e0c --- /dev/null +++ b/fix_configure_rst.patch @@ -0,0 +1,44 @@ +--- + Doc/using/configure.rst | 3 --- + Misc/NEWS | 2 +- + 2 files changed, 1 insertion(+), 4 deletions(-) + +Index: Python-3.11.12/Doc/using/configure.rst +=================================================================== +--- Python-3.11.12.orig/Doc/using/configure.rst 2025-04-08 16:15:29.000000000 +0200 ++++ Python-3.11.12/Doc/using/configure.rst 2025-04-11 10:52:39.419877561 +0200 +@@ -43,7 +43,6 @@ + + See :data:`sys.int_info.bits_per_digit `. + +-.. option:: --with-cxx-main + .. option:: --with-cxx-main=COMPILER + + Compile the Python ``main()`` function and link Python executable with C++ +@@ -529,13 +528,11 @@ + + See ``Mac/README.rst``. + +-.. option:: --enable-universalsdk + .. option:: --enable-universalsdk=SDKDIR + + Create a universal binary build. *SDKDIR* specifies which macOS SDK should + be used to perform the build (default is no). + +-.. option:: --enable-framework + .. option:: --enable-framework=INSTALLDIR + + Create a Python.framework rather than a traditional Unix install. Optional +Index: Python-3.11.12/Misc/NEWS +=================================================================== +--- Python-3.11.12.orig/Misc/NEWS 2025-04-08 16:15:29.000000000 +0200 ++++ Python-3.11.12/Misc/NEWS 2025-04-11 10:52:39.425550531 +0200 +@@ -9872,7 +9872,7 @@ + - bpo-40939: Removed documentation for the removed ``PyParser_*`` C API. + + - bpo-43795: The list in :ref:`limited-api-list` now shows the public name +- :c:struct:`PyFrameObject` rather than ``_frame``. The non-existing entry ++ :c:type:`PyFrameObject` rather than ``_frame``. The non-existing entry + ``_node`` no longer appears in the list. + + - bpo-44378: :c:func:`Py_IS_TYPE` no longer uses :c:func:`Py_TYPE` to avoid diff --git a/gh-126572-test_ssl-no-stop-ThreadedEchoServer-OSError.patch b/gh-126572-test_ssl-no-stop-ThreadedEchoServer-OSError.patch new file mode 100644 index 0000000..5c26386 --- /dev/null +++ b/gh-126572-test_ssl-no-stop-ThreadedEchoServer-OSError.patch @@ -0,0 +1,82 @@ +From 3d390148c05a7ea2d401c4633e7d4db75ebf97d9 Mon Sep 17 00:00:00 2001 +From: Petr Viktorin +Date: Thu, 7 Nov 2024 11:07:02 +0100 +Subject: [PATCH] gh-126500: test_ssl: Don't stop ThreadedEchoServer on OSError + in ConnectionHandler; rely on __exit__ (GH-126503) + +If `read()` in the ConnectionHandler thread raises `OSError` (except `ConnectionError`), +the ConnectionHandler shuts down the entire ThreadedEchoServer, +preventing further connections. +It also does that for `EPROTOTYPE` in `wrap_conn`. + +As far as I can see, this is done to avoid the server thread getting stuck, +forgotten, in its accept loop. However, since 2011 (5b95eb90a7167285b6544b50865227c584943c9a) +the server is used as a context manager, and its `__exit__` does `stop()` and `join()`. +(I'm not sure if we *always* used `with` since that commit, but currently we do.) + +Make sure that the context manager *is* used, and remove the `server.stop()` +calls from ConnectionHandler. +(cherry picked from commit c9cda1608edf7664c10f4f467e24591062c2fe62) + +Co-authored-by: Petr Viktorin +--- + Lib/test/test_ssl.py | 17 ++++++++++++----- + 1 file changed, 12 insertions(+), 5 deletions(-) + +Index: Python-3.11.12/Lib/test/test_ssl.py +=================================================================== +--- Python-3.11.12.orig/Lib/test/test_ssl.py 2025-04-19 19:55:02.157545844 +0200 ++++ Python-3.11.12/Lib/test/test_ssl.py 2025-04-19 19:55:05.014552345 +0200 +@@ -2516,7 +2516,6 @@ + # See also http://erickt.github.io/blog/2014/11/19/adventures-in-debugging-a-potential-osx-kernel-bug/ + if e.errno != errno.EPROTOTYPE and sys.platform != "darwin": + self.running = False +- self.server.stop() + self.close() + return False + else: +@@ -2651,10 +2650,6 @@ + self.close() + self.running = False + +- # normally, we'd just stop here, but for the test +- # harness, we want to stop the server +- self.server.stop() +- + def __init__(self, certificate=None, ssl_version=None, + certreqs=None, cacerts=None, + chatty=True, connectionchatty=False, starttls_server=False, +@@ -2688,21 +2683,33 @@ + self.conn_errors = [] + threading.Thread.__init__(self) + self.daemon = True ++ self._in_context = False + + def __enter__(self): ++ if self._in_context: ++ raise ValueError('Re-entering ThreadedEchoServer context') ++ self._in_context = True + self.start(threading.Event()) + self.flag.wait() + return self + + def __exit__(self, *args): ++ assert self._in_context ++ self._in_context = False + self.stop() + self.join() + + def start(self, flag=None): ++ if not self._in_context: ++ raise ValueError( ++ 'ThreadedEchoServer must be used as a context manager') + self.flag = flag + threading.Thread.start(self) + + def run(self): ++ if not self._in_context: ++ raise ValueError( ++ 'ThreadedEchoServer must be used as a context manager') + self.sock.settimeout(1.0) + self.sock.listen(5) + self.active = True diff --git a/gh120226-fix-sendfile-test-kernel-610.patch b/gh120226-fix-sendfile-test-kernel-610.patch new file mode 100644 index 0000000..2eb6f63 --- /dev/null +++ b/gh120226-fix-sendfile-test-kernel-610.patch @@ -0,0 +1,35 @@ +From 1b3f6523a5c83323cdc44031b33a1c062e5dc698 Mon Sep 17 00:00:00 2001 +From: Xi Ruoyao +Date: Fri, 7 Jun 2024 23:51:32 +0800 +Subject: [PATCH] gh-120226: Fix + test_sendfile_close_peer_in_the_middle_of_receiving on Linux >= 6.10 + (GH-120227) + +The worst case is that the kernel buffers 17 pages with a page size of 64k. +(cherry picked from commit a7584245661102a5768c643fbd7db8395fd3c90e) + +Co-authored-by: Xi Ruoyao +--- + Lib/test/test_asyncio/test_sendfile.py | 11 ++++------- + 1 file changed, 4 insertions(+), 7 deletions(-) + +--- a/Lib/test/test_asyncio/test_sendfile.py ++++ b/Lib/test/test_asyncio/test_sendfile.py +@@ -93,13 +93,10 @@ class MyProto(asyncio.Protocol): + + class SendfileBase: + +- # 256 KiB plus small unaligned to buffer chunk +- # Newer versions of Windows seems to have increased its internal +- # buffer and tries to send as much of the data as it can as it +- # has some form of buffering for this which is less than 256KiB +- # on newer server versions and Windows 11. +- # So DATA should be larger than 256 KiB to make this test reliable. +- DATA = b"x" * (1024 * 256 + 1) ++ # Linux >= 6.10 seems buffering up to 17 pages of data. ++ # So DATA should be large enough to make this test reliable even with a ++ # 64 KiB page configuration. ++ DATA = b"x" * (1024 * 17 * 64 + 1) + # Reduce socket buffer size to test on relative small data sets. + BUF_SIZE = 4 * 1024 # 4 KiB + diff --git a/idle3.appdata.xml b/idle3.appdata.xml new file mode 100644 index 0000000..554b7c4 --- /dev/null +++ b/idle3.appdata.xml @@ -0,0 +1,35 @@ + + + + + idle3.desktop + IDLE3 + CC0 + Python-2.0 + Python 3 Integrated Development and Learning Environment + +

+ IDLE is Python’s Integrated Development and Learning Environment. + The GUI is uniform between Windows, Unix, and Mac OS X. + IDLE provides an easy way to start writing, running, and debugging + Python code. +

+

+ IDLE is written in pure Python, and uses the tkinter GUI toolkit. + It provides: +

+
    +
  • a Python shell window (interactive interpreter) with colorizing of code input, output, and error messages,
    • +
  • a multi-window text editor with multiple undo, Python colorizing, smart indent, call tips, auto completion, and other features,
    • +
  • search within any window, replace within editor windows, and search through multiple files (grep),
    • +
  • a debugger with persistent breakpoints, stepping, and viewing of global and local namespaces.
    • +
+ + https://docs.python.org/3/library/idle.html + + http://in.waw.pl/~zbyszek/fedora/idle3-appdata/idle3-main-window.png + http://in.waw.pl/~zbyszek/fedora/idle3-appdata/idle3-class-browser.png + http://in.waw.pl/~zbyszek/fedora/idle3-appdata/idle3-code-viewer.png + + zbyszek@in.waw.pl + diff --git a/idle3.desktop b/idle3.desktop new file mode 100644 index 0000000..43f5a4c --- /dev/null +++ b/idle3.desktop @@ -0,0 +1,12 @@ +[Desktop Entry] +Version=1.0 +Name=IDLE 3 +GenericName=Python 3 IDE +Comment=Python 3 Integrated Development and Learning Environment +Exec=idle3 %F +TryExec=idle3 +Terminal=false +Type=Application +Icon=idle3 +Categories=Development;IDE; +MimeType=text/x-python; diff --git a/import_failed.map b/import_failed.map new file mode 100644 index 0000000..f33690c --- /dev/null +++ b/import_failed.map @@ -0,0 +1,7 @@ +python311-curses: curses _curses _curses_panel +python311-dbm: dbm _dbm _gdbm +python311-idle: idlelib +python311-testsuite: test _ctypes_test _testbuffer _testcapi _testinternalcapi _testimportmultiple _testmultiphase xxlimited +python311-tk: tkinter _tkinter +python311-tools: turtledemo +python311: sqlite3 readline _sqlite3 nis diff --git a/import_failed.py b/import_failed.py new file mode 100644 index 0000000..258b5a5 --- /dev/null +++ b/import_failed.py @@ -0,0 +1,23 @@ +import sys, os +from sysconfig import get_path + +failed_map_path = os.path.join(get_path('stdlib'), '_import_failed', 'import_failed.map') + +if __spec__: + failed_name = __spec__.name +else: + failed_name = __name__ + +with open(failed_map_path) as fd: + for line in fd: + package = line.split(':')[0] + imports = line.split(':')[1] + if failed_name in imports: + raise ImportError(f"""Module '{failed_name}' is not installed. +Use: + sudo zypper install {package} +to install it.""") + +raise ImportError(f"""Module '{failed_name}' is not installed. +It is supposed to be part of python3 distribution, but missing from failed import map. +Please file a bug on the SUSE Bugzilla.""") diff --git a/macros.python3 b/macros.python3 new file mode 100644 index 0000000..2bd193b --- /dev/null +++ b/macros.python3 @@ -0,0 +1,28 @@ +%have_python3 1 + +# commented out legacy macro definitions +#py3_prefix /usr +#py3_incdir /usr/include/python3.5m +#py3_ver 3.5 + +# these should now be provided by macros.python_all +#python3_sitearch /usr/lib64/python3.5/site-packages +#python3_sitelib /usr/lib/python3.5/site-packages +#python3_version 3.5 + +# hard to say if anyone ever used these? +#py3_soflags cpython-35m-x86_64-linux-gnu +#py3_abiflags m +%cpython3_soabi %(python3 -c "import sysconfig; print(sysconfig.get_config_var('SOABI'))") +%py3_soflags %cpython3_soabi + +# compilation macros that might be in use somewhere +%py3_compile(O) \ +find %1 -name '*.pyc' -exec rm -f {} ";"\ +python3 -c "import sys, os, compileall; br='%{buildroot}'; compileall.compile_dir(sys.argv[1], ddir=br and (sys.argv[1][len(os.path.abspath(br)):]+'/') or None)" %1\ +%{-O:\ +find %1 -name '*.pyo' -exec rm -f {} ";"\ +python3 -O -c "import sys, os, compileall; br='%{buildroot}'; compileall.compile_dir(sys.argv[1], ddir=br and (sys.argv[1][len(os.path.abspath(br)):]+'/') or None)" %1\ +} + + diff --git a/no-skipif-doctests.patch b/no-skipif-doctests.patch new file mode 100644 index 0000000..7e412d7 --- /dev/null +++ b/no-skipif-doctests.patch @@ -0,0 +1,653 @@ +only in patch2: +unchanged: +--- + Doc/library/turtle.rst | 82 ------------------------------------------------- + 1 file changed, 82 deletions(-) + +--- a/Doc/library/turtle.rst ++++ b/Doc/library/turtle.rst +@@ -440,7 +440,6 @@ Turtle motion + turtle is headed. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.position() + (0.00,0.00) +@@ -467,7 +466,6 @@ Turtle motion + >>> turtle.goto(0, 0) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.position() + (0.00,0.00) +@@ -486,13 +484,11 @@ Turtle motion + orientation depends on the turtle mode, see :func:`mode`. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.setheading(22) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.heading() + 22.0 +@@ -511,13 +507,11 @@ Turtle motion + orientation depends on the turtle mode, see :func:`mode`. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.setheading(22) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.heading() + 22.0 +@@ -540,13 +534,11 @@ Turtle motion + not change the turtle's orientation. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.goto(0, 0) + + .. doctest:: +- :skipif: _tkinter is None + + >>> tp = turtle.pos() + >>> tp +@@ -570,13 +562,11 @@ Turtle motion + unchanged. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.goto(0, 240) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.position() + (0.00,240.00) +@@ -592,13 +582,11 @@ Turtle motion + Set the turtle's second coordinate to *y*, leave first coordinate unchanged. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.goto(0, 40) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.position() + (0.00,40.00) +@@ -625,7 +613,6 @@ Turtle motion + =================== ==================== + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.setheading(90) + >>> turtle.heading() +@@ -638,14 +625,12 @@ Turtle motion + its start-orientation (which depends on the mode, see :func:`mode`). + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.setheading(90) + >>> turtle.goto(0, -10) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.heading() + 90.0 +@@ -677,7 +662,6 @@ Turtle motion + calculated automatically. May be used to draw regular polygons. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.position() +@@ -706,7 +690,6 @@ Turtle motion + + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.dot() +@@ -724,7 +707,6 @@ Turtle motion + it by calling ``clearstamp(stamp_id)``. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.color("blue") + >>> turtle.stamp() +@@ -740,7 +722,6 @@ Turtle motion + Delete stamp with given *stampid*. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.position() + (150.00,-0.00) +@@ -785,7 +766,6 @@ Turtle motion + undo actions is determined by the size of the undobuffer. + + .. doctest:: +- :skipif: _tkinter is None + + >>> for i in range(4): + ... turtle.fd(50); turtle.lt(80) +@@ -818,7 +798,6 @@ Turtle motion + turtle turn instantly. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.speed() + 3 +@@ -839,7 +818,6 @@ Tell Turtle's state + Return the turtle's current location (x,y) (as a :class:`Vec2D` vector). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.pos() + (440.00,-0.00) +@@ -855,7 +833,6 @@ Tell Turtle's state + orientation which depends on the mode - "standard"/"world" or "logo". + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.goto(10, 10) + >>> turtle.towards(0,0) +@@ -867,7 +844,6 @@ Tell Turtle's state + Return the turtle's x coordinate. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.left(50) +@@ -883,7 +859,6 @@ Tell Turtle's state + Return the turtle's y coordinate. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.left(60) +@@ -900,7 +875,6 @@ Tell Turtle's state + :func:`mode`). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.left(67) +@@ -917,7 +891,6 @@ Tell Turtle's state + other turtle, in turtle step units. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.distance(30,40) +@@ -941,7 +914,6 @@ Settings for measurement + Default value is 360 degrees. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.left(90) +@@ -964,7 +936,6 @@ Settings for measurement + ``degrees(2*math.pi)``. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.left(90) +@@ -975,7 +946,6 @@ Settings for measurement + 1.5707963267948966 + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.degrees(360) +@@ -1011,7 +981,6 @@ Drawing state + thickness. If no argument is given, the current pensize is returned. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.pensize() + 1 +@@ -1043,7 +1012,6 @@ Drawing state + attributes in one statement. + + .. doctest:: +- :skipif: _tkinter is None + :options: +NORMALIZE_WHITESPACE + + >>> turtle.pen(fillcolor="black", pencolor="red", pensize=10) +@@ -1066,7 +1034,6 @@ Drawing state + Return ``True`` if pen is down, ``False`` if it's up. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.penup() + >>> turtle.isdown() +@@ -1107,7 +1074,6 @@ Color control + newly set pencolor. + + .. doctest:: +- :skipif: _tkinter is None + + >>> colormode() + 1.0 +@@ -1156,7 +1122,6 @@ Color control + with the newly set fillcolor. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.fillcolor("violet") + >>> turtle.fillcolor() +@@ -1195,7 +1160,6 @@ Color control + with the newly set colors. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.color("red", "green") + >>> turtle.color() +@@ -1212,7 +1176,6 @@ Filling + ~~~~~~~ + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.home() +@@ -1222,7 +1185,6 @@ Filling + Return fillstate (``True`` if filling, ``False`` else). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.begin_fill() + >>> if turtle.filling(): +@@ -1247,7 +1209,6 @@ Filling + above may be either all yellow or have some white regions. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.color("black", "red") + >>> turtle.begin_fill() +@@ -1264,7 +1225,6 @@ More drawing control + variables to the default values. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.goto(0,-22) + >>> turtle.left(100) +@@ -1315,7 +1275,6 @@ Visibility + drawing observably. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.hideturtle() + +@@ -1326,7 +1285,6 @@ Visibility + Make the turtle visible. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.showturtle() + +@@ -1357,7 +1315,6 @@ Appearance + deal with shapes see Screen method :func:`register_shape`. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.shape() + 'classic' +@@ -1383,7 +1340,6 @@ Appearance + ``resizemode("user")`` is called by :func:`shapesize` when used with arguments. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.resizemode() + 'noresize' +@@ -1407,7 +1363,6 @@ Appearance + of the shape's outline. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.shapesize() + (1.0, 1.0, 1) +@@ -1432,7 +1387,6 @@ Appearance + heading of the turtle are sheared. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.shape("circle") + >>> turtle.shapesize(5,2) +@@ -1449,7 +1403,6 @@ Appearance + change the turtle's heading (direction of movement). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.reset() + >>> turtle.shape("circle") +@@ -1469,7 +1422,6 @@ Appearance + (direction of movement). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.reset() + >>> turtle.shape("circle") +@@ -1495,7 +1447,6 @@ Appearance + turtle (its direction of movement). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.reset() + >>> turtle.shape("circle") +@@ -1524,7 +1475,6 @@ Appearance + given matrix. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle = Turtle() + >>> turtle.shape("square") +@@ -1540,7 +1490,6 @@ Appearance + can be used to define a new shape or components of a compound shape. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.shape("square") + >>> turtle.shapetransform(4, -1, 0, 2) +@@ -1565,7 +1514,6 @@ Using events + procedural way: + + .. doctest:: +- :skipif: _tkinter is None + + >>> def turn(x, y): + ... left(180) +@@ -1586,7 +1534,6 @@ Using events + ``None``, existing bindings are removed. + + .. doctest:: +- :skipif: _tkinter is None + + >>> class MyTurtle(Turtle): + ... def glow(self,x,y): +@@ -1614,7 +1561,6 @@ Using events + mouse-click event on that turtle. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.ondrag(turtle.goto) + +@@ -1642,7 +1588,6 @@ Special Turtle methods + Return the last recorded polygon. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.begin_poly() +@@ -1662,7 +1607,6 @@ Special Turtle methods + turtle properties. + + .. doctest:: +- :skipif: _tkinter is None + + >>> mick = Turtle() + >>> joe = mick.clone() +@@ -1675,7 +1619,6 @@ Special Turtle methods + return the "anonymous turtle": + + .. doctest:: +- :skipif: _tkinter is None + + >>> pet = getturtle() + >>> pet.fd(50) +@@ -1689,7 +1632,6 @@ Special Turtle methods + TurtleScreen methods can then be called for that object. + + .. doctest:: +- :skipif: _tkinter is None + + >>> ts = turtle.getscreen() + >>> ts +@@ -1707,7 +1649,6 @@ Special Turtle methods + ``None``, the undobuffer is disabled. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.setundobuffer(42) + +@@ -1717,7 +1658,6 @@ Special Turtle methods + Return number of entries in the undobuffer. + + .. doctest:: +- :skipif: _tkinter is None + + >>> while undobufferentries(): + ... undo() +@@ -1740,7 +1680,6 @@ below: + For example: + + .. doctest:: +- :skipif: _tkinter is None + + >>> s = Shape("compound") + >>> poly1 = ((0,0),(10,-5),(0,10),(-10,-5)) +@@ -1751,7 +1690,6 @@ below: + 3. Now add the Shape to the Screen's shapelist and use it: + + .. doctest:: +- :skipif: _tkinter is None + + >>> register_shape("myshape", s) + >>> shape("myshape") +@@ -1771,7 +1709,6 @@ Most of the examples in this section ref + ``screen``. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> screen = Screen() +@@ -1788,7 +1725,6 @@ Window control + Set or return background color of the TurtleScreen. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.bgcolor("orange") + >>> screen.bgcolor() +@@ -1880,7 +1816,6 @@ Window control + distorted. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.reset() + >>> screen.setworldcoordinates(-50,-7.5,50,7.5) +@@ -1891,7 +1826,6 @@ Window control + ... left(45); fd(2) # a regular octagon + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> screen.reset() +@@ -1913,7 +1847,6 @@ Animation control + Optional argument: + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.delay() + 10 +@@ -1935,7 +1868,6 @@ Animation control + :func:`delay`). + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.tracer(8, 25) + >>> dist = 2 +@@ -1972,7 +1904,6 @@ Using screen events + must have the focus. (See method :func:`listen`.) + + .. doctest:: +- :skipif: _tkinter is None + + >>> def f(): + ... fd(50) +@@ -1993,7 +1924,6 @@ Using screen events + must have focus. (See method :func:`listen`.) + + .. doctest:: +- :skipif: _tkinter is None + + >>> def f(): + ... fd(50) +@@ -2018,7 +1948,6 @@ Using screen events + named ``turtle``: + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.onclick(turtle.goto) # Subsequently clicking into the TurtleScreen will + >>> # make the turtle move to the clicked point. +@@ -2038,7 +1967,6 @@ Using screen events + Install a timer that calls *fun* after *t* milliseconds. + + .. doctest:: +- :skipif: _tkinter is None + + >>> running = True + >>> def f(): +@@ -2120,7 +2048,6 @@ Settings and special methods + ============ ========================= =================== + + .. doctest:: +- :skipif: _tkinter is None + + >>> mode("logo") # resets turtle heading to north + >>> mode() +@@ -2135,7 +2062,6 @@ Settings and special methods + values of color triples have to be in the range 0..*cmode*. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.colormode(1) + >>> turtle.pencolor(240, 160, 80) +@@ -2156,7 +2082,6 @@ Settings and special methods + do with a Tkinter Canvas. + + .. doctest:: +- :skipif: _tkinter is None + + >>> cv = screen.getcanvas() + >>> cv +@@ -2168,7 +2093,6 @@ Settings and special methods + Return a list of names of all currently available turtle shapes. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.getshapes() + ['arrow', 'blank', 'circle', ..., 'turtle'] +@@ -2192,7 +2116,6 @@ Settings and special methods + coordinates: Install the corresponding polygon shape. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.register_shape("triangle", ((5,-3), (0,5), (-5,-3))) + +@@ -2208,7 +2131,6 @@ Settings and special methods + Return the list of turtles on the screen. + + .. doctest:: +- :skipif: _tkinter is None + + >>> for turtle in screen.turtles(): + ... turtle.color("red") +@@ -2270,7 +2192,6 @@ Methods specific to Screen, not inherite + center window vertically + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.setup (width=200, height=200, startx=0, starty=0) + >>> # sets window to 200x200 pixels, in upper left of screen +@@ -2286,7 +2207,6 @@ Methods specific to Screen, not inherite + Set title of turtle window to *titlestring*. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.title("Welcome to the turtle zoo!") + +@@ -2357,7 +2277,6 @@ Public classes + Example: + + .. doctest:: +- :skipif: _tkinter is None + + >>> poly = ((0,0),(10,-5),(0,10),(-10,-5)) + >>> s = Shape("compound") +@@ -2743,7 +2662,6 @@ Changes since Python 3.0 + + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> for turtle in turtles(): diff --git a/pre_checkin.sh b/pre_checkin.sh new file mode 100644 index 0000000..a2cf992 --- /dev/null +++ b/pre_checkin.sh @@ -0,0 +1,78 @@ +#!/bin/bash + +export LC_ALL=C + +master=python*.spec + +# create import_failed.map from package definitions +pkgname=$(grep python_pkg_name $master |grep define |awk -F' ' '{print $3}') +MAPFILE=import_failed.map +function new_map_line () { + package=$1 + package=$(echo $1 |sed -e "s:%{python_pkg_name}:$pkgname:") + modules=$2 + if [ -z "$package" -o -z "$modules" ]; then + return + fi + if [[ "$package" =~ "-base" ]]; then + return + fi + echo "$package:$modules" >> $MAPFILE.tmp +} + +for spec in *.spec; do + basename=${spec%.spec} + package= + modules= + while read line; do + case $line in + "%files -n "*) + new_map_line $package "$modules" + package=${line#"%files -n "} + modules= + ;; + "%files "*) + new_map_line $package "$modules" + package=$basename-${line#"%files "} + modules= + ;; + "%files") + new_map_line $package "$modules" + package=$basename + modules= + ;; + "%{sitedir}/config-"*) + # ignore + ;; + "%{sitedir}/"*) + word=${line#"%{sitedir}/"} + if ! echo $word | grep -q /; then + modules="$modules $word" + fi + ;; + "%{dynlib "*"}") + word=${line#"%{dynlib "} + word=${word%"}"} + modules="$modules $word" + ;; + esac + done < $spec + new_map_line $package "$modules" +done + +cat $MAPFILE.tmp |sort -u > $MAPFILE +rm $MAPFILE.tmp + +# run test inclusion check +tar xJf Python-*.xz +python3 skipped_tests.py + +# generate baselibs.conf +VERSION=$(grep ^Version $master|awk -F':' '{print $2}' |sed -e 's/ //g') +python_version=${VERSION:0:3} # 3.3 +python_version_abitag=${python_version//./} # 33 +python_version_soname=${python_version//./_} # 3_3 +echo "$pkgname-base" > baselibs.conf +echo "$pkgname" >> baselibs.conf +echo "libpython$python_version_soname-1_0" >> baselibs.conf + diff --git a/python-3.3.0b1-fix_date_time_compiler.patch b/python-3.3.0b1-fix_date_time_compiler.patch new file mode 100644 index 0000000..cda20d7 --- /dev/null +++ b/python-3.3.0b1-fix_date_time_compiler.patch @@ -0,0 +1,27 @@ +--- + Makefile.pre.in | 7 +++++++ + 1 file changed, 7 insertions(+) + +Index: Python-3.11.8/Makefile.pre.in +=================================================================== +--- Python-3.11.8.orig/Makefile.pre.in ++++ Python-3.11.8/Makefile.pre.in +@@ -1240,11 +1240,18 @@ Modules/getbuildinfo.o: $(PARSER_OBJS) \ + $(DTRACE_OBJS) \ + $(srcdir)/Modules/getbuildinfo.c + $(CC) -c $(PY_CORE_CFLAGS) \ ++ -DDATE="\"`date -u -r Makefile.pre.in +"%b %d %Y"`\"" \ ++ -DTIME="\"`date -u -r Makefile.pre.in +"%T"`\"" \ + -DGITVERSION="\"`LC_ALL=C $(GITVERSION)`\"" \ + -DGITTAG="\"`LC_ALL=C $(GITTAG)`\"" \ + -DGITBRANCH="\"`LC_ALL=C $(GITBRANCH)`\"" \ + -o $@ $(srcdir)/Modules/getbuildinfo.c + ++Python/getcompiler.o: $(srcdir)/Python/getcompiler.c Makefile ++ $(CC) -c $(PY_CORE_CFLAGS) \ ++ -DCOMPILER='"[GCC]"' \ ++ -o $@ $(srcdir)/Python/getcompiler.c ++ + Modules/getpath.o: $(srcdir)/Modules/getpath.c Python/frozen_modules/getpath.h Makefile $(PYTHON_HEADERS) + $(CC) -c $(PY_CORE_CFLAGS) -DPYTHONPATH='"$(PYTHONPATH)"' \ + -DPREFIX='"$(prefix)"' \ diff --git a/python-3.3.0b1-localpath.patch b/python-3.3.0b1-localpath.patch new file mode 100644 index 0000000..475497e --- /dev/null +++ b/python-3.3.0b1-localpath.patch @@ -0,0 +1,13 @@ +Index: Python-3.11.8/Lib/site.py +=================================================================== +--- Python-3.11.8.orig/Lib/site.py ++++ Python-3.11.8/Lib/site.py +@@ -77,7 +77,7 @@ import io + import stat + + # Prefixes for site-packages; add additional prefixes like /usr/local here +-PREFIXES = [sys.prefix, sys.exec_prefix] ++PREFIXES = [sys.prefix, sys.exec_prefix, '/usr/local'] + # Enable per user site-packages directory + # set it to False to disable the feature or True to force the feature + ENABLE_USER_SITE = None diff --git a/python-3.3.0b1-test-posix_fadvise.patch b/python-3.3.0b1-test-posix_fadvise.patch new file mode 100644 index 0000000..ac5d553 --- /dev/null +++ b/python-3.3.0b1-test-posix_fadvise.patch @@ -0,0 +1,17 @@ +--- + Lib/test/test_posix.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +Index: Python-3.11.8/Lib/test/test_posix.py +=================================================================== +--- Python-3.11.8.orig/Lib/test/test_posix.py ++++ Python-3.11.8/Lib/test/test_posix.py +@@ -430,7 +430,7 @@ class PosixTester(unittest.TestCase): + def test_posix_fadvise(self): + fd = os.open(os_helper.TESTFN, os.O_RDONLY) + try: +- posix.posix_fadvise(fd, 0, 0, posix.POSIX_FADV_WILLNEED) ++ posix.posix_fadvise(fd, 0, 0, posix.POSIX_FADV_RANDOM) + finally: + os.close(fd) + diff --git a/python.keyring b/python.keyring new file mode 100644 index 0000000..747bc27 --- /dev/null +++ b/python.keyring @@ -0,0 +1,109 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBFq+ToQBEADRYvIVtbK6owynD3j3nxwpW2KEk/p+aDvtXmc2SR2dBcZ8sFW2 +R5vEsG8d3/D3wgv5pcL3KfNNXQYUnXVbobrFUUWQYc79qIsE3MgiPf5NVOtwKPUR +i5g9YJgKvpBxkQfqp3LYGm9ZBtwo3DVLA3yn7KsazCmAgTNFJYw7ku1XxgmIzY6K +5J30DfbJiqDqj4f9GslCCCCH3qiPnuLG/HUyVLHMpbWlaiy9NI0GcaLxjJewHj9w +W2D2lydkxe5JGo7egUkV3ILcuLVSVKA35SKY27dYqfuyqp9tAzaRbjDYjsYdHA6G +BqrNrKBn/GwlFDPrVdcvN3ZSY2wMLTxWE3Axc/FweuHxFnou/80FwX7F3JD+oEQ6 +rofmcxOBCC7J98I7HZAhP9jBn88XIS2hztbLq8d6rZJZRtcz0k61VR0ddO+TrFmf +9rMYCPgCckRtVxeFIVIabrN1IzKynLFeo040h8hSGswd6YKDOVwjJY6Oa6EmVefZ +a8QSt4+M65RSzH6SEPY008F3nJUAK6MEkzTak+tFltZNrVWu8p2xd1j9nmxAwEhZ +/lgbxLqzYgaUWmfyHeZ8yVA0MhHzdiAL8nVUEdG3KecIq0RWCJLGLWWIjd6KAJl1 +yAmhRYKK/sjPDsL3elHsFACfZbyx3o5GGQNlas1FYoPLWbaNGaJtgFTF2QARAQAB +tCtQYWJsbyBHYWxpbmRvIFNhbGdhZG8gPHBhYmxvZ3NhbEBnbWFpbC5jb20+iQJO +BBMBCgA4FiEEoDXIwZIZuoIezqhrZOYo+NaEaW0FAlq+ToQCGwMFCwkIBwMFFQoJ +CAsFFgIDAQACHgECF4AACgkQZOYo+NaEaW2bmA/+PXIap2udLoUVOHxnsIBdqYwp +sv1Aj5lfIJmNhmxPbHShwp1Jg+w4urxe+2Dj5ofKVlIo1i83bQkvnKJMDXDVuc/K +P6zqhBJ3rT4Q3qx2mzX8bIfQoJ2JHuH4lkP+I7doDcHHRyeNASyk72VdQmU4twNw +Ibn8nSNV6ThKHdoPYzVnO2rZUFcGIqH5HNsvR+B7cc1MBCHsgURYwSVhSePIFGlZ +iasdBD6QQkDSe4QWi7AcJFWFElw4kbOKJWxAWsrEk+tMXJVGRjnmL289EmPCx/vx +BqKy7Mse0yWCSRR3vB+O6TB1S5SgEyEgqlYsfGNv1qf/rfRD4KkyCbNU3LhY1Aim +vJP4pDW+KFxTk2Ks8vrx8gOSd2aFqPeO/pFDrpsF7PD62XwsfoXu4xc5V0Giw7r1 +Nai0nax7kOrldNF8TbbtRjW0jmoC7wLIDujAkwDIOroZ0CXA3N4HVHdSbrHm/urX +nyxJXupXAQNwGx64JCBcbF2fp3Kvu1VAXBEFnd01KaopthHcbG5pA50Kl2Vhe+98 +OdezUX42fHkQpQkB7HgtXfm6W1bw6YRBamrNvs1OoHBYmUjlECpe566IIu25Hc8s +x3qA+6eca7iqizyLG+WyMT8ZIYTWGAS59jxwR4esqGczbbZPSAPHFwLbGv7Wr0Rd +TPu5B0FcKpDkTd4IxQW5Ag0EWr5O2gEQAMjLe4CtbSfofmJrz5wfNkMVsZ81Gbqe +MoYd3dtkJnQYERUj8flzBj3ucaxGJ+Cuf7ybh3naPopKvEI1q0vkcgCDqrEgXK// +jKJbP28uPSMGhOG28q4PbamG55gy5FtM3ezzAxPWWKe9qBpV65GMmFy7eBQx2iJs +yiDIOOQQ4kraS+cTqNFimEXAGLCOQRNLcwIZzwAAHoW7HEpNUfVwaBD9kMlbo1ND +I60IKcNrNcmcmRxhJqfxjj8YBMwcKHO6GBE3AVpaE/+UO9zyr4TH+0YuQUgxKlPW +Dkg5XlkDo0S1GyLY5e9ckIDIlkTdDa2pOkoE2yB5MQCEga3YiHrKUVTTWaxn9XVJ +6x5ZjUF6bgSWGkrG5dUqSYoO1iDMuNVjtiujNyf/rvfj5cNxS7/lgxchhQKZHZXL +WVqxlneeVJ6s0P4+ROVG9ga2Sve7aUJ6wXIewZwulBcV2sE/W/DgxHgLBi53CUQt +vEzFzKvo48GnDqL5VYjA7l0HMYHd4GksCLi8E8U6Cgj+imXiM8voL7pHRZfs8mY8 +udR+UT4e1Scl2MYP2qBJ9/17B/X52B3s1EZdqI/r+hfOyqrhPs+dbAN0mtMPn68+ +nrvY1+nscvrSYEP6ZBlc9Hp2mgJdb6IcTvINXBEeLRjgc3pjViva443pkiFp9Axm +ecOckMKP3uSlABEBAAGJBGwEGAEKACAWIQSgNcjBkhm6gh7OqGtk5ij41oRpbQUC +Wr5O2gIbAgJACRBk5ij41oRpbcF0IAQZAQoAHRYhBM/cokWxBDzypfl4Zf/odAQW +i9hHBQJavk7aAAoJEP/odAQWi9hHr7YP/RCLre1CmOoWYpAtoa1yVCeYMDV6eQgL +B488/BEZHQE1zbrYy16XkhORob3JF/kUMjmJW7XaFF8FrWvRcdj/xaUGbOOEulKg +v+8zWfswYQRiZ4/JlwER4vRLi6fTE89MVER6Fkj2ASD4D2cifY+EztD4flV3sq3s +vIogGFaN9IvdrdeptOVGXs1RmAyoTsiS2mKQ6xsGh8B9ZAm55W8fBOGiSzLX21Xk +Ofdw53BrFQxn3cu/JgIKpdeZxgukcvEAI62B6X+YL6Na4j0eqEGLzsNtU1+xeJlo +WtVvmRwnRHGSxF6fzIZ3mk/p/aFiXAEq/xITCTY6tDv7x7pFE/RpdlJZyNJ+R5Y4 +SQiuDsylxNCa/4G5EB6q+7iVYtbEQ9MnZg2phowEE42tlj0rz8/rvDK3LH3xibot +KHIodCWKlWByxH99u2PuHUQ0c1oCVBUE1KkruMpvI236DpU/dvdq4JLSg/fWrys/ +VIjqLZgsIE5g/KO9XqngWHkLcBLh4CNAmHJ8Iia+s+/rfgsejQWB5uJb6eYg2JjB +4WP1EI0rULM6fdrCNB+MJ36wE2Lnb4bfT0phOMgjjH5/Ki7ZCbkxkOsBs4SRjiS+ +weCsmpAtMqodWY/Cnw9pWSA/qLSRD5/mKeb9SO6OZ/OPfAatwnGHsvZ2sAueC6rR +04W5BfXZWrnJUXQP/id/EKE1Ksp5fKoxSCbkKTCig+Sf5Afwe36yFN+niZBqzn5b +BgL/HIKaZM97oDHersPPANeEgS+JVlBf95iKIYnQbZP43FLVbvOuaINhBIVtFO54 +2Y7EYwl41kP7ILDElVy36KAmdQyBAfrjnZiRA70xShOxApLug1L0lxhR3YfmLwNi +RJ0V6KnYDKf0pfdhO9VFyFFWUojX1usn2SmSsXNizsNtvRqHXzPnX0rbJzZ9+N4O +9k1nxygYFG/2R/jGonVmTjRzcAHrAkNJETMWXMA7/8wRMDwluz8j+cCldey9x8Vk +JwgLGnZSbQtVpcFAnm5r/36Gt+9wc1VWMyrUrVr6Z679aqAbG7PMaeR5h5ygMj1k +VqRTYAUPSk1f8bZKRssQkQwEbp9dVIjm9SsR8VT7/tB+UuB85dABxgHfv3psJRT+ +tL8g9V7kSZqQfcLNGmvEVvr2Zl9NtxwXtsFM2OBprxCenwb+e9Ppm1LjfJG/NE72 +mAnOERfDaiLt4bqNo36Ei5sGCJ4Fx61phzNBXzkdRNM47i8J5UZRKFkE91c99BVM +HKUaY61NRK24fR0zP98ftDU82YFw0VRFJpTeBrO5ivN1MlQxUPzUWxKxMxO+20wa +UOXroEw11Tb4SRLGOla1pCl6lCUPJRy9IzadPDgTr/OTMkob/snt/XLdnV5/uQIN +BFq+TvoBEAC8Oy1g6pPWBbrCMhIq7VWY2fjylJ1fwg5BPXkOKVK1dsGYO4QD7oW9 +L0aSqcFSNFGF9Cl0Ri4TFXZC3hnG4HeSXUWApuKdBLn21H3jba36Ay1oGcGfdm0v +Zght4c6BlMVBpGCw2wIkJbUNEy6InMM+O8CCbbaH3iJkJ4141P7pODHignx5AmZI +conMui4YOhC+IXQXynVEv1Juk7erB1Nh1RcRvsA4lb44HWx49lIwe85ejOmoZ0O3 +6f9NJRer6bV0+rHWmg4IV5Q9h/Gn4IhEDZxA0DZl1RQI7dMgaMbIFbXGq7Kgzstz +EUnOoy29hXodxVmwIsMrAiQUYtwJ9hW+ESsw47+W2iPHVgviGWl7r/SgcgMYmf6m +5kiTBtwU7BQPS9G3zwwP2Rm3AA/6g39Q+tQKjOwi1I8+GZsY2On44Zly7BreBNg5 +4gJgdAGcMOYU9etr050clH3UpTYcAEtX++ahtOKhJgLIPNcIAQNlnifqvU0VYpgw +R4YpZ7hgg+AVDzC73PIM0lFI0XiDuqChbxE+K1jmLXWe5iJF0dzgVTwP+PmsifNZ +Wg3+YxSsS+hDMPQ2xPiQN49gT4JJDHcDuyhHyCGYgyMiVJCsku9KrkubbfVRivyN +ZF2Zfo3f+nbrRxsftz0yjAq8byCvb0V0XOpt4pJ/ddlug9ytRxALNwARAQABiQI2 +BBgBCgAgFiEEoDXIwZIZuoIezqhrZOYo+NaEaW0FAlq+TvoCGwwACgkQZOYo+NaE +aW3urA//UQ/cKQ7HvWjcLphzQOZc+6m5YL0wxvZkSjemU7mqjZdpacteIvRAoers +EqXHc208liIBtNfRzoreXdcXNzie65xXkrRnWoHVH/fTWy4lOnHr2CMXLeHjUgg/ +M6PYi8+sARm05YFB8nsYhlhx3IdLhcfeVVbJedQKO0yL3CK1okT30DUVq5Lq6X/K +DC6AxuJR3D6UMSoT0WLaoX8qbhAp88qLynInfBVL18d97h916WPLTPeP0eHwhwND +bYtKDCMDuKQ9XX5+QsNH0RmbxlX274LHrUMMvkLKxcfCBvP+iuqrBeIuoeVzXYJZ +j7ZJtEH79bW44eecl/CY/STFYgSQ2XGTp2BI2q60wAmtKlNhwxY5ena0FgyFl6Tm +5OBHW/Pwo+ndQJGfbrCyWkTgRay9c8er3gl3GQYIBH6X0kCiG7h/Epj0b5CHOPU5 +hCw0kEB8MB4poTIjeiY+Q01472/lQ68CL3DX158hR5d3XaPSIxAN+qFsfB1o316p +yjxhfK1MD/IfrOgjlggPPnc/KmLkCzpgdwKcZwLCdZq9hYBvF1Zs34HbaVMYbWTK +uxLowtXGU43vatCXXqmPOvl4/g4tZD6rysJDgOrHQnEHzT+Napn07s0BRC0IbbNn +FynUrkr5KMSuRz7Hg7xMApENOrb0nqdHSUJ914ZpuMIS6RhJgGu5Ag0EWr5PIAEQ +ALfh9vPD2B+miHDTMADI8aRZ7g9tnzynZYkk3+2sCiiusetsQQ+HIPJ/ASEJB7On +ane9dyT/LTRhrK9qaxgVMimk2COXB/xyh7Mnw7nJgFU0aRSbtX0vbvQz2suSzrQ6 +9mPKzan28JGoClqB0bw1vwf3VjjxHV2dgD57CmqFPv7kAC/2a56dE+etzXattZAL ++2JWTpmfQ0ePRRadtBm0VahQhnU8x0+jvAVrEawqpVW83ozYFyW/0WInM2J7jHgQ +16OosY4lj5L/DxpVxaArhRFoRfWPXfC37iE8Mou/I95isvPQIhp1wTo4jG0KM02B +oIVbp/QRNBQ6WtpOzvJs1gqQiJJTfqbKJXQ3NDEY9crpVS83HJ+Zv99PNsyNkFjG +QpU84U3ZhsI4ygjdY45mpZueqI1RVcRQdu8Hgvoo/78Q/Sir6gMGop3mVdVo2guI +kFcJrXh0Xk3ech4aVqrmKx/mPXGwOAQU0DAul4RW3fKg1QxQE7Tlw3+95Ee/+q5j +HARL0uDbCJpRO8Sl8NDEuL32n/2Ot6kQeCSHrU7KJRYAkTxkKvr8zNow7hFhHFPE +SnHvTnskI6noh0VY6NwMhmLvhm0wKkRxZPzUNc3sgLvbK1NymIZ9aKCZamzhZrmG +vnblEz/OSLwGUua465H3hM1vvBQiartj7+6ZqWIkSmBPABEBAAGJAjYEGAEKACAW +IQSgNcjBkhm6gh7OqGtk5ij41oRpbQUCWr5PIAIbIAAKCRBk5ij41oRpbWmeEACG ++axtDC8UoNp9ORiYwEWLzZWDuugE+ah7DYYGD4Vs633FXVZW3SgM/bFtJ/0Lg8CF +74jI4LMHyIjDzEjcoItwnhBLix+kUoJTvrY58GPydwekLuw1p4KXLqtRs4fsZbNQ +YTknl4jYtRWoxO98x7tun7Gq2gqmJkIB2uj630fKz5cBk6p6oDFKjzyrHe+V7BiK +3okQPaD4x7hq8OnTy7lOy92ZZAqztS4tNEb4DkYW1MpuwsJ7hbBZitc1siI+FVVb +GjVVGZz6ssXoW67Tz8+VxdWJxNLXlv27eMcj4sme5S0th/YYNA5fRRv6zuzqZAru +YNGLpYYU7JLvZJ+3lCwa5j5ycOGBF0GvsGs6gj6h+CHkjR/BgzAgWC+GgUgslt6q +aH04rWtV6rVz+Y91LcrX5P6OM4anmXD3Gp3kl35AypXb4KyASF19+11RUziD4Z7q +wQEWfbwOltNyZv2lD8s2jPr7P02axWRQUbZAEhxRmvOQev/FZPyCF6gqUo/HxRbQ +y3bzmnipyHSv1DlXNfCFCHvN8kGyZnRWARqIKRg+j9ediJgOUqlLhg6KmrTVxd5v +3Dfv52PW2UODDTM20s3cQGuX/UswzMRwPI/+P44iCMwEKdm7duM/5oisZT9Vhy7g +P15MreFZLcZvUVgjqgy0u57cstyGK1Bo9e2sFcK2fA== +=6Zb4 +-----END PGP PUBLIC KEY BLOCK----- diff --git a/python311-rpmlintrc b/python311-rpmlintrc new file mode 100644 index 0000000..6c3d3b0 --- /dev/null +++ b/python311-rpmlintrc @@ -0,0 +1,4 @@ +addFilter("pem-certificate.*/usr/lib.*/python.*/test/*.pem") +addFilter("devel-file-in-non-devel-package.*/usr/lib.*/python.*/tests/*.c") +addFilter("devel-file-in-non-devel-package.*/usr/lib.*/python.*/test/*.cpp") +addFilter("python-bytecode-inconsistent-mtime.*\.pyc") diff --git a/python311.changes b/python311.changes new file mode 100644 index 0000000..120d3cd --- /dev/null +++ b/python311.changes @@ -0,0 +1,5580 @@ +------------------------------------------------------------------- +Sat May 10 11:38:24 UTC 2025 - Matej Cepl + +- Remove python-3.3.0b1-test-posix_fadvise.patch (not needed + since kernel 3.6-rc1) + +------------------------------------------------------------------- +Fri Apr 18 14:05:38 UTC 2025 - Matej Cepl + +- Update to 3.11.12: + - gh-131809: Update bundled libexpat to 2.7.1 + - gh-131261: Upgrade to libexpat 2.7.0 + - gh-105704: When using urllib.parse.urlsplit() and + urllib.parse.urlparse() host parsing would not reject domain + names containing square brackets ([ and ]). Square brackets + are only valid for IPv6 and IPvFuture hosts according to RFC + 3986 Section 3.2.2 (bsc#1236705, CVE-2025-0938, + gh#python/cpython#105704). + - gh-121284: Fix bug in the folding of rfc2047 encoded-words + when flattening an email message using a modern email + policy. Previously when an encoded-word was too long for + a line, it would be decoded, split across lines, and + re-encoded. But commas and other special characters in the + original text could be left unencoded and unquoted. This + could theoretically be used to spoof header lines using a + carefully constructed encoded-word if the resulting rendered + email was transmitted or re-parsed. + - gh-80222: Fix bug in the folding of quoted strings + when flattening an email message using a modern email + policy. Previously when a quoted string was folded so that + it spanned more than one line, the surrounding quotes and + internal escapes would be omitted. This could theoretically + be used to spoof header lines using a carefully constructed + quoted string if the resulting rendered email was transmitted + or re-parsed. + - gh-119511: Fix a potential denial of service in the imaplib + module. When connecting to a malicious server, it could + cause an arbitrary amount of memory to be allocated. On many + systems this is harmless as unused virtual memory is only + a mapping, but if this hit a virtual address size limit + it could lead to a MemoryError or other process crash. On + unusual systems or builds where all allocated memory is + touched and backed by actual ram or storage it could’ve + consumed resources doing so until similarly crashing. + - gh-127257: In ssl, system call failures that OpenSSL reports + using ERR_LIB_SYS are now raised as OSError. + - gh-121277: Writers of CPython’s documentation can now use + next as the version for the versionchanged, versionadded, + deprecated directives. + - gh-106883: Disable GC during the _PyThread_CurrentFrames() + and _PyThread_CurrentExceptions() calls to avoid the + interpreter to deadlock. +- Remove upstreamed patch: + - CVE-2025-0938-sq-brackets-domain-names.patch +- Add gh-126572-test_ssl-no-stop-ThreadedEchoServer-OSError.patch + which makes test_ssl not to stop ThreadedEchoServer on OSError, + which makes test_ssl pass with OpenSSL 3.5 (bsc#1241067, + gh#python/cpython!126572) + +------------------------------------------------------------------- +Wed Mar 12 15:05:46 UTC 2025 - Bernhard Wiedemann + +- Allow to disable PGO + +------------------------------------------------------------------- +Mon Mar 10 15:44:31 UTC 2025 - Bernhard Wiedemann + +- Skip PGO with %want_reproducible_builds (bsc#1239210) + +------------------------------------------------------------------- +Tue Feb 4 14:43:13 UTC 2025 - Matej Cepl + +- Add CVE-2025-0938-sq-brackets-domain-names.patch which + disallows square brackets ([ and ]) in domain names for parsed + URLs (bsc#1236705, CVE-2025-0938, gh#python/cpython#105704) + +------------------------------------------------------------------- +Mon Jan 27 09:00:48 UTC 2025 - Daniel Garcia + +- Configure externally_managed with a bcond + https://en.opensuse.org/openSUSE:Python:Externally_managed + bsc#1228165 + +------------------------------------------------------------------- +Wed Dec 4 21:40:41 UTC 2024 - Matej Cepl + +- Update to 3.11.11: + - Tools/Demos + - gh-123418: Update GitHub CI workflows to use OpenSSL 3.0.15 + and multissltests to use 3.0.15, 3.1.7, and 3.2.3. + - Tests + - gh-125041: Re-enable skipped tests for zlib on the + s390x architecture: only skip checks of the compressed + bytes, which can be different between zlib’s software + implementation and the hardware-accelerated implementation. + - Security + - gh-126623: Upgrade libexpat to 2.6.4 + - gh-122792: Changed IPv4-mapped ipaddress.IPv6Address to + consistently use the mapped IPv4 address value for deciding + properties. Properties which have their behavior fixed are + is_multicast, is_reserved, is_link_local, is_global, and + is_unspecified. + - Library + - gh-124651: Properly quote template strings in venv + activation scripts (bsc#1232241, CVE-2024-9287). +- Removed upstreamed patches: + - CVE-2024-9287-venv_path_unquoted.patch + +------------------------------------------------------------------- +Tue Dec 3 08:21:35 UTC 2024 - John Paul Adrian Glaubitz + +- Add add-loongarch64-support.patch to support loongarch64 + +------------------------------------------------------------------- +Mon Dec 2 22:50:07 UTC 2024 - Matej Cepl + +- Fix changelog + +------------------------------------------------------------------- +Mon Nov 11 12:43:40 UTC 2024 - Daniel Garcia + +- Remove -IVendor/ from python-config boo#1231795 + +------------------------------------------------------------------- +Fri Nov 1 16:32:10 UTC 2024 - Matej Cepl + +- Add CVE-2024-9287-venv_path_unquoted.patch to properly quote + path names provided when creating a virtual environment + (bsc#1232241, CVE-2024-9287) + +------------------------------------------------------------------- +Wed Oct 2 16:18:29 UTC 2024 - Matej Cepl + +- Drop .pyc files from docdir for reproducible builds + (bsc#1230906). + +------------------------------------------------------------------- +Mon Sep 9 16:53:07 UTC 2024 - Matej Cepl + +- Update to 3.11.10: + - Security + - gh-123678: Upgrade libexpat to 2.6.3 + - gh-121957: Fixed missing audit events around interactive + use of Python, now also properly firing for ``python -i``, + as well as for ``python -m asyncio``. The event in question + is ``cpython.run_stdin``. + - gh-122133: Authenticate the socket connection for the + ``socket.socketpair()`` fallback on platforms where + ``AF_UNIX`` is not available like Windows. Patch by + Gregory P. Smith and Seth Larson + . Reported by Ellie + - gh-121285: Remove backtracking from tarfile header parsing + for ``hdrcharset``, PAX, and GNU sparse headers + (bsc#1230227, CVE-2024-6232). + - gh-118486: :func:`os.mkdir` on Windows now accepts + *mode* of ``0o700`` to restrict the new directory to + the current user. This fixes CVE-2024-4030 affecting + :func:`tempfile.mkdtemp` in scenarios where the base + temporary directory is more permissive than the default. + - gh-116741: Update bundled libexpat to 2.6.2 + - Library + - gh-123270: Applied a more surgical fix for malformed + payloads in :class:`zipfile.Path` causing infinite loops + (gh-122905) without breaking contents using legitimate + characters (bsc#1229704, CVE-2024-8088). + - gh-123067: Fix quadratic complexity in parsing ``"``-quoted + cookie values with backslashes by :mod:`http.cookies` + (bsc#1229596, CVE-2024-7592). + - gh-122905: :class:`zipfile.Path` objects now sanitize names + from the zipfile. + - gh-121650: :mod:`email` headers with embedded newlines are + now quoted on output. The :mod:`~email.generator` will now + refuse to serialize (write) headers that are unsafely folded + or delimited; see :attr:`~email.policy.Policy.verify_generated_headers`. + (Contributed by Bas Bloemsaat and Petr Viktorin in + :gh:`121650`; CVE-2024-6923, bsc#1228780). + - gh-119506: Fix :meth:`!io.TextIOWrapper.write` method + breaks internal buffer when the method is called again + during flushing internal buffer. + - gh-118643: Fix an AttributeError in the :mod:`email` module + when re-fold a long address list. Also fix more cases of + incorrect encoding of the address separator in the address + list. + - gh-113171: Fixed various false positives and false + negatives in * :attr:`ipaddress.IPv4Address.is_private` + (see these docs for details) * + :attr:`ipaddress.IPv4Address.is_global` * + :attr:`ipaddress.IPv6Address.is_private` * + :attr:`ipaddress.IPv6Address.is_global` Also in the + corresponding :class:`ipaddress.IPv4Network` and + :class:`ipaddress.IPv6Network` attributes. + Fixes bsc#1226448 (CVE-2024-4032). + - gh-102988: :func:`email.utils.getaddresses` and + :func:`email.utils.parseaddr` now return ``('', '')`` + 2-tuples in more situations where invalid email addresses + are encountered instead of potentially inaccurate + values. Add optional *strict* parameter to these two + functions: use ``strict=False`` to get the old behavior, + accept malformed inputs. ``getattr(email.utils, + 'supports_strict_parsing', False)`` can be use to check if + the *strict* paramater is available. Patch by Thomas Dwyer + and Victor Stinner to improve the CVE-2023-27043 fix + (bsc#1210638). + - gh-67693: Fix :func:`urllib.parse.urlunparse` and + :func:`urllib.parse.urlunsplit` for URIs with path starting + with multiple slashes and no authority. Based on patch by + Ashwin Ramaswami. + - Core and Builtins + - gh-112275: A deadlock involving ``pystate.c``'s + ``HEAD_LOCK`` in ``posixmodule.c`` at fork is now + fixed. Patch by ChuBoning based on previous Python 3.12 fix + by Victor Stinner. + - gh-109120: Added handle of incorrect star expressions, e.g + ``f(3, *)``. Patch by Grigoryev Semyon +- Removed upstreamed patches: + - CVE-2023-27043-email-parsing-errors.patch + - CVE-2024-4032-private-IP-addrs.patch + - CVE-2024-6923-email-hdr-inject.patch + - CVE-2024-8088-inf-loop-zipfile_Path.patch + (renamed from CVE-2024-8088-zipfile-Path-sanitization.patch) + - CVE-2024-6232-ReDOS-backtrack-tarfile.patch + - CVE-2024-7592-quad-complex-cookies.patch + +------------------------------------------------------------------- +Mon Sep 2 09:44:26 UTC 2024 - Matej Cepl + +- Add gh120226-fix-sendfile-test-kernel-610.patch to avoid + failing test_sendfile_close_peer_in_the_middle_of_receiving + tests on Linux >= 6.10 (GH-120227). + +------------------------------------------------------------------- +Wed Aug 28 16:54:34 UTC 2024 - Matej Cepl + +- Add CVE-2024-8088-inf-loop-zipfile_Path.patch to prevent + malformed payload to cause infinite loops in zipfile.Path + (bsc#1229704, CVE-2024-8088). + +------------------------------------------------------------------- +Wed Aug 7 12:12:42 UTC 2024 - Matej Cepl + +- Add CVE-2024-6923-email-hdr-inject.patch to prevent email + header injection due to unquoted newlines (bsc#1228780, + CVE-2024-6923). +- %{profileopt} variable is set according to the variable + %{do_profiling} (bsc#1227999) + +------------------------------------------------------------------- +Mon Jul 22 21:20:55 UTC 2024 - Matej Cepl + +- Remove %suse_update_desktop_file macro as it is not useful any + more. + +------------------------------------------------------------------- +Thu Jul 18 22:37:07 UTC 2024 - Matej Cepl + +- Adding bso1227999-reproducible-builds.patch fixing bsc#1227999 + adding reproducibility patches from gh#python/cpython!121872 + and gh#python/cpython!121883. + +------------------------------------------------------------------- +Mon Jul 15 12:14:05 UTC 2024 - Matej Cepl + +- Stop using %%defattr, it seems to be breaking proper executable + attributes on /usr/bin/ scripts (bsc#1227378). + +------------------------------------------------------------------- +Tue Jul 2 10:32:58 UTC 2024 - Daniel Garcia + +- Update F00251-change-user-install-location.patch to make pip and + modern tools install directly in /usr/local when used by the user. + bsc#1225660 + +------------------------------------------------------------------- +Tue Jun 25 21:57:40 UTC 2024 - Matej Cepl + +- Add CVE-2024-4032-private-IP-addrs.patch to fix bsc#1226448 + (CVE-2024-4032) rearranging definition of private v global IP + addresses. + +------------------------------------------------------------------- +Wed May 1 08:39:08 UTC 2024 - Matej Cepl + +- Update CVE-2023-52425-libexpat-2.6.0-backport.patch + so that it uses features sniffing, not just + comparing version number. Include also + support-expat-CVE-2022-25236-patched.patch. +- Add CVE-2023-52425-remove-reparse_deferral-tests.patch skipping + failing tests. +- Refresh patches: + - CVE-2023-27043-email-parsing-errors.patch + - fix_configure_rst.patch + - skip_if_buildbot-extend.patch +- Remove included patch: + - support-expat-CVE-2022-25236-patched.patch + +------------------------------------------------------------------- +Mon Apr 15 10:31:32 UTC 2024 - Daniel Garcia + +- Add CVE-2023-52425-libexpat-2.6.0-backport.patch to fix tests with + patched libexpat below 2.6.0 that doesn't update the version number, + just in SLE. + +------------------------------------------------------------------- +Mon Apr 8 05:44:04 UTC 2024 - Daniel Garcia + +- Remove not needed upstream patches: + * libexpat260.patch + * CVE-2023-6597-TempDir-cleaning-symlink.patch, bsc#1219666 + * CVE-2024-0397-memrace_ssl.SSLContext_cert_store.patch + +- Update to 3.11.9: + * Security + - gh-115398: Allow controlling Expat >=2.6.0 reparse deferral + (CVE-2023-52425, bsc#1219559) by adding five new methods: + xml.etree.ElementTree.XMLParser.flush() + xml.etree.ElementTree.XMLPullParser.flush() + xml.parsers.expat.xmlparser.GetReparseDeferralEnabled() + xml.parsers.expat.xmlparser.SetReparseDeferralEnabled() + xml.sax.expatreader.ExpatParser.flush() + - gh-115399: Update bundled libexpat to 2.6.0 + - gh-115243: Fix possible crashes in collections.deque.index() + when the deque is concurrently modified. + - gh-114572: ssl.SSLContext.cert_store_stats() and + ssl.SSLContext.get_ca_certs() now correctly lock access to the + certificate store, when the ssl.SSLContext is shared across + multiple threads (bsc#1226447, CVE-2024-0397). + * Core and Builtins + - gh-116296: Fix possible refleak in object.__reduce__() internal + error handling. + - gh-116034: Fix location of the error on a failed assertion. + - gh-115823: Properly calculate error ranges in the parser when + raising SyntaxError exceptions caused by invalid byte sequences. + Patch by Pablo Galindo + - gh-112087: For an empty reverse iterator for list will be + reduced to reversed(). Patch by Donghee Na. + - gh-115011: Setters for members with an unsigned integer type now + support the same range of valid values for objects that has a + __index__() method as for int. + - gh-96497: Fix incorrect resolution of mangled class variables + used in assignment expressions in comprehensions. + * Library + - gh-117310: Fixed an unlikely early & extra Py_DECREF triggered + crash in ssl when creating a new _ssl._SSLContext if CPython was + built implausibly such that the default cipher list is empty or + the SSL library it was linked against reports a failure from its + C SSL_CTX_set_cipher_list() API. + - gh-117178: Fix regression in lazy loading of self-referential + modules, introduced in gh-114781. + - gh-117084: Fix zipfile extraction for directory entries with the + name containing backslashes on Windows. + - gh-117110: Fix a bug that prevents subclasses of typing.Any to + be instantiated with arguments. Patch by Chris Fu. + - gh-90872: On Windows, subprocess.Popen.wait() no longer calls + WaitForSingleObject() with a negative timeout: pass 0 ms if the + timeout is negative. Patch by Victor Stinner. + - gh-116957: configparser: Don’t leave ConfigParser values in an + invalid state (stored as a list instead of a str) after an + earlier read raised DuplicateSectionError or + DuplicateOptionError. + - gh-90095: Ignore empty lines and comments in .pdbrc + - gh-116764: Restore support of None and other false values in + urllib.parse functions parse_qs() and parse_qsl(). Also, they + now raise a TypeError for non-zero integers and non-empty + sequences. + - gh-116811: In PathFinder.invalidate_caches, delegate to + MetadataPathFinder.invalidate_caches. + - gh-116600: Fix repr() for global Flag members. + - gh-116484: Change automatically generated tkinter.Checkbutton + widget names to avoid collisions with automatically generated + tkinter.ttk.Checkbutton widget names within the same parent + widget. + - gh-116401: Fix blocking os.fwalk() and shutil.rmtree() on + opening named pipe. + - gh-116143: Fix a race in pydoc _start_server, eliminating a + window in which _start_server can return a thread that is + “serving” but without a docserver set. + - gh-116325: typing: raise SyntaxError instead of AttributeError + on forward references as empty strings. + - gh-90535: Fix support of interval values > 1 in + logging.TimedRotatingFileHandler for when='MIDNIGHT' and + when='Wx'. + - gh-115978: Disable preadv(), readv(), pwritev(), and writev() on + WASI. + - Under wasmtime for WASI 0.2, these functions don’t pass + test_posix + (https://github.com/bytecodealliance/wasmtime/issues/7830). + - gh-88352: Fix the computation of the next rollover time in the + logging.TimedRotatingFileHandler handler. computeRollover() now + always returns a timestamp larger than the specified time and + works correctly during the DST change. doRollover() no longer + overwrite the already rolled over file, saving from data loss + when run at midnight or during repeated time at the DST change. + - gh-87115: Set __main__.__spec__ to None when running a script + with pdb + - gh-76511: Fix UnicodeEncodeError in email.Message.as_string() + that results when a message that claims to be in the ascii + character set actually has non-ascii characters. Non-ascii + characters are now replaced with the U+FFFD replacement + character, like in the replace error handler. + - gh-75988: Fixed unittest.mock.create_autospec() to pass the call + through to the wrapped object to return the real result. + - gh-115881: Fix issue where ast.parse() would incorrectly flag + conditional context managers (such as with (x() if y else z()): + ...) as invalid syntax if feature_version=(3, 8) was passed. + This reverts changes to the grammar made as part of gh-94949. + - gh-115886: Fix silent truncation of the name with an embedded + null character in multiprocessing.shared_memory.SharedMemory. + - gh-115809: Improve algorithm for computing which rolled-over log + files to delete in logging.TimedRotatingFileHandler. It is now + reliable for handlers without namer and with arbitrary + deterministic namer that leaves the datetime part in the file + name unmodified. + - gh-74668: urllib.parse functions parse_qs() and parse_qsl() now + support bytes arguments containing raw and percent-encoded + non-ASCII data. + - gh-67044: csv.writer() now always quotes or escapes '\r' and + '\n', regardless of lineterminator value. + - gh-115712: csv.writer() now quotes empty fields if delimiter is + a space and skipinitialspace is true and raises exception if + quoting is not possible. + - gh-115618: Fix improper decreasing the reference count for None + argument in property methods getter(), setter() and deleter(). + - gh-115570: A DeprecationWarning is no longer omitted on access + to the __doc__ attributes of the deprecated typing.io and + typing.re pseudo-modules. + - gh-112006: Fix inspect.unwrap() for types with the __wrapper__ + data descriptor. + - gh-101293: Support callables with the __call__() method and + types with __new__() and __init__() methods set to class + methods, static methods, bound methods, partial functions, and + other types of methods and descriptors in + inspect.Signature.from_callable(). + - gh-115392: Fix a bug in doctest where incorrect line numbers + would be reported for decorated functions. + - gh-114563: Fix several format() bugs when using the C + implementation of Decimal: * memory leak in some rare cases when + using the z format option (coerce negative 0) * incorrect output + when applying the z format option to type F (fixed-point with + capital NAN / INF) * incorrect output when applying the # format + option (alternate form) + - gh-115197: urllib.request no longer resolves the hostname before + checking it against the system’s proxy bypass list on macOS and + Windows. + - gh-115198: Fix support of Docutils >= 0.19 in distutils. + - gh-115165: Most exceptions are now ignored when attempting to + set the __orig_class__ attribute on objects returned when + calling typing generic aliases (including generic aliases + created using typing.Annotated). Previously only AttributeError + was ignored. Patch by Dave Shawley. + - gh-115133: Fix tests for XMLPullParser with Expat 2.6.0. + - gh-115059: io.BufferedRandom.read1() now flushes the underlying + write buffer. + - gh-79382: Trailing ** no longer allows to match files and + non-existing paths in recursive glob(). + - gh-114763: Protect modules loaded with importlib.util.LazyLoader + from race conditions when multiple threads try to access + attributes before the loading is complete. + - gh-97959: Fix rendering class methods, bound methods, method and + function aliases in pydoc. Class methods no longer have “method + of builtins.type instance” note. Corresponding notes are now + added for class and unbound methods. Method and function aliases + now have references to the module or the class where the origin + was defined if it differs from the current. Bound methods are + now listed in the static methods section. Methods of builtin + classes are now supported as well as methods of Python classes. + - gh-112281: Allow creating union of types for typing.Annotated + with unhashable metadata. + - gh-111775: Fix importlib.resources.simple.ResourceHandle.open() + for text mode, added missed stream argument. + - gh-90095: Make .pdbrc and -c work with any valid pdb commands. + - gh-107155: Fix incorrect output of help(x) where x is a lambda + function, which has an __annotations__ dictionary attribute with + a "return" key. + - gh-105866: Fixed _get_slots bug which caused error when defining + dataclasses with slots and a weakref_slot. + - gh-60346: Fix ArgumentParser inconsistent with parse_known_args. + - gh-100985: Update HTTPSConnection to consistently wrap IPv6 + Addresses when using a proxy. + - gh-100884: email: fix misfolding of comma in address-lists + over multiple lines in combination with unicode encoding + (bsc#1238450 CVE-2025-1795) + - gh-95782: Fix io.BufferedReader.tell(), + io.BufferedReader.seek(), _pyio.BufferedReader.tell(), + io.BufferedRandom.tell(), io.BufferedRandom.seek() and + _pyio.BufferedRandom.tell() being able to return negative + offsets. + - gh-96310: Fix a traceback in argparse when all options in a + mutually exclusive group are suppressed. + - gh-93205: Fixed a bug in + logging.handlers.TimedRotatingFileHandler where multiple + rotating handler instances pointing to files with the same name + but different extensions would conflict and not delete the + correct files. + - bpo-44865: Add missing call to localization function in + argparse. + - bpo-43952: Fix multiprocessing.connection.Listener.accept() to + accept empty bytes as authkey. Not accepting empty bytes as key + causes it to hang indefinitely. + - bpo-42125: linecache: get module name from __spec__ if + available. This allows getting source code for the __main__ + module when a custom loader is used. + - gh-66543: Make mimetypes.guess_type() properly parsing of URLs + with only a host name, URLs containing fragment or query, and + filenames with only a UNC sharepoint on Windows. Based on patch + by Dong-hee Na. + - bpo-33775: Add ‘default’ and ‘version’ help text for + localization in argparse. + * Documentation + - gh-115399: Document CVE-2023-52425 of Expat <2.6.0 under “XML + vulnerabilities”. + - gh-115233: Fix an example for LoggerAdapter in the Logging + Cookbook. + * Tests + - gh-83434: Disable JUnit XML output (--junit-xml=FILE command + line option) in regrtest when hunting for reference leaks (-R + option). Patch by Victor Stinner. + - gh-117187: Fix XML tests for vanilla Expat <2.6.0. + - gh-115979: Update test_importlib so that it passes under WASI + SDK 21. + - gh-116307: Added import helper isolated_modules as CleanImport + does not remove modules imported during the context. + - gh-115720: Leak tests (-R, --huntrleaks) now show a summary of + the number of leaks found in each iteration. + - gh-115122: Add --bisect option to regrtest test runner: run + failed tests with test.bisect_cmd to identify failing tests. + Patch by Victor Stinner. + - gh-115596: Fix ProgramPriorityTests in test_os permanently + changing the process priority. + - gh-115198: Fix test_check_metadata_deprecate in distutils tests + with a newer Docutils. + * Build + - gh-116313: Get WASI builds to work under wasmtime 18 w/ WASI + 0.2/preview2 primitives. + - gh-115167: Avoid vendoring vcruntime140_threads.dll when + building with Visual Studio 2022 version 17.8. + * Windows + - gh-116773: Fix instances of <_overlapped.Overlapped object at + 0xXXX> still has pending operation at deallocation, the process + may crash. + - gh-91227: Fix the asyncio ProactorEventLoop implementation so + that sending a datagram to an address that is not listening does + not prevent receiving any more datagrams. + - gh-115554: The installer now has more strict rules about + updating the Python Launcher for Windows. In general, most users + only have a single launcher installed and will see no + difference. When multiple launchers have been installed, the + option to install the launcher is disabled until all but one + have been removed. Downgrading the launcher (which was never + allowed) is now more obviously blocked. + - gh-115543: Python Launcher for Windows can now detect Python + 3.13 when installed from the Microsoft Store, and will install + Python 3.12 by default when PYLAUNCHER_ALLOW_INSTALL is set. + - gh-115009: Update Windows installer to use SQLite 3.45.1. + * IDLE + - gh-88516: On macOS show a proxy icon in the title bar of editor + windows to match platform behaviour. + * Tools/Demos + - gh-113516: Don’t set LDSHARED when building for WASI. + * C API + - gh-117021: Fix integer overflow in PyLong_AsPid() on non-Windows + 64-bit platforms. + +------------------------------------------------------------------- +Sun Mar 24 07:51:45 UTC 2024 - Matej Cepl + +- Add reference to CVE-2024-0450 (bsc#1221854) to changelog. + +------------------------------------------------------------------- +Fri Mar 22 21:22:27 UTC 2024 - Matej Cepl + +- Because of bsc#1189495 we have to revert use of %autopatch. + +------------------------------------------------------------------- +Tue Mar 12 08:44:47 UTC 2024 - Matej Cepl + +- Rewrite %prep to use %autosetup et al. for compatibility with + rpm 4.20. + +------------------------------------------------------------------- +Tue Mar 12 08:13:34 UTC 2024 - Matej Cepl + +- bsc#1221260 add bsc1221260-test_asyncio-ResourceWarning.patch + to eliminate ResourceWarning which broke the test suite in + test_asyncio. + +------------------------------------------------------------------- +Wed Mar 6 14:13:58 UTC 2024 - Pedro Monreal + +- Use the system-wide crypto-policies [bsc#1211301] + * Use the system default cipher list instead of hardcoded values + * Add the --with-ssl-default-suites=openssl configure option + +------------------------------------------------------------------- +Fri Feb 23 01:06:42 UTC 2024 - Matej Cepl + +- (bsc#1219666, CVE-2023-6597) Add + CVE-2023-6597-TempDir-cleaning-symlink.patch (patch from + gh#python/cpython!99930) fixing symlink bug in cleanup of + tempfile.TemporaryDirectory. + +------------------------------------------------------------------- +Tue Feb 20 22:14:02 UTC 2024 - Matej Cepl + +- Remove double definition of /usr/bin/idle%%{version} in + %%files. + +------------------------------------------------------------------- +Thu Feb 15 10:29:07 UTC 2024 - Daniel Garcia + +- Add upstream patch libexpat260.patch, Fix tests for XMLPullParser + with Expat 2.6.0, gh#python/cpython#115289 + +------------------------------------------------------------------- +Thu Feb 8 07:27:40 UTC 2024 - Daniel Garcia + +- Update to 3.11.8: + - Security + - gh-113659: Skip .pth files with names starting with a dot or + hidden file attribute. + - Core and Builtins + - gh-114887: Changed socket type validation in + create_datagram_endpoint() to accept all non-stream sockets. + This fixes a regression in compatibility with raw sockets. + - gh-114388: Fix a RuntimeWarning emitted when assign an + integer-like value that is not an instance of int to an + attribute that corresponds to a C struct member of type T_UINT + and T_ULONG. Fix a double RuntimeWarning emitted when assign a + negative integer value to an attribute that corresponds to a C + struct member of type T_UINT. + - gh-89811: Check for a valid tp_version_tag before performing + bytecode specializations that rely on this value being usable. + - gh-113602: Fix an error that was causing the parser to try to + overwrite existing errors and crashing in the process. Patch by + Pablo Galindo + - gh-113566: Fix a 3.11-specific crash when the repr of a Future + is requested after the module has already been + garbage-collected. + - gh-106905: Use per AST-parser state rather than global state to + track recursion depth within the AST parser to prevent potential + race condition due to simultaneous parsing. + - The issue primarily showed up in 3.11 by multithreaded users of + ast.parse(). In 3.12 a change to when garbage collection can be + triggered prevented the race condition from occurring. + - gh-112716: Fix SystemError in the import statement and in + __reduce__() methods of builtin types when __builtins__ is not a + dict. + - gh-105967: Workaround a bug in Apple’s macOS platform zlib + library where zlib.crc32() and binascii.crc32() could produce + incorrect results on multi-gigabyte inputs. Including when using + zipfile on zips containing large data. + - gh-94606: Fix UnicodeEncodeError when + email.message.get_payload() reads a message with a Unicode + surrogate character and the message content is not well-formed + for surrogateescape encoding. Patch by Sidney Markowitz. + - Library + - gh-114965: Update bundled pip to 24.0 + - gh-114959: tarfile no longer ignores errors when trying to + extract a directory on top of a file. + - gh-109475: Fix support of explicit option value “–” in argparse + (e.g. --option=--). + - gh-110190: Fix ctypes structs with array on Windows ARM64 + platform by setting MAX_STRUCT_SIZE to 32 in stgdict. Patch by + Diego Russo + - gh-113280: Fix a leak of open socket in rare cases when error + occurred in ssl.SSLSocket creation. + - gh-77749: email.policy.EmailPolicy.fold() now always encodes + non-ASCII characters in headers if utf8 is false. + - gh-114492: Make the result of termios.tcgetattr() reproducible + on Alpine Linux. Previously it could leave a random garbage in + some fields. + - gh-75128: Ignore an OSError in + asyncio.BaseEventLoop.create_server() when IPv6 is available but + the interface cannot actually support it. + - gh-114257: Dismiss the FileNotFound error in + ctypes.util.find_library() and just return None on Linux. + - gh-101438: Avoid reference cycle in ElementTree.iterparse. The + iterator returned by ElementTree.iterparse may hold on to a file + descriptor. The reference cycle prevented prompt clean-up of the + file descriptor if the returned iterator was not exhausted. + - gh-104522: OSError raised when run a subprocess now only has + filename attribute set to cwd if the error was caused by a + failed attempt to change the current directory. + - gh-109534: Fix a reference leak in + asyncio.selector_events.BaseSelectorEventLoop when SSL + handshakes fail. Patch contributed by Jamie Phan. + - gh-114077: Fix possible OverflowError in + socket.socket.sendfile() when pass count larger than 2 GiB on + 32-bit platform. + - gh-114014: Fixed a bug in fractions.Fraction where an invalid + string using d in the decimals part creates a different error + compared to other invalid letters/characters. Patch by Jeremiah + Gabriel Pascual. + - gh-113951: Fix the behavior of tag_unbind() methods of + tkinter.Text and tkinter.Canvas classes with three arguments. + Previously, widget.tag_unbind(tag, sequence, funcid) destroyed + the current binding for sequence, leaving sequence unbound, and + deleted the funcid command. Now it removes only funcid from the + binding for sequence, keeping other commands, and deletes the + funcid command. It leaves sequence unbound only if funcid was + the last bound command. + - gh-113877: Fix tkinter method winfo_pathname() on 64-bit + Windows. + - gh-113781: Silence unraisable AttributeError when warnings are + emitted during Python finalization. + - gh-113594: Fix UnicodeEncodeError in email when re-fold lines + that contain unknown-8bit encoded part followed by + non-unknown-8bit encoded part. + - gh-113538: In asyncio.StreamReaderProtocol.connection_made(), + there is callback that logs an error if the task wrapping the + “connected callback” fails. This callback would itself fail if + the task was cancelled. Prevent this by checking whether the + task was cancelled first. If so, close the transport but don’t + log an error. + - gh-85567: Fix resource warnings for unclosed files in pickle and + pickletools command line interfaces. + - gh-101225: Increase the backlog for + multiprocessing.connection.Listener objects created by + multiprocessing.manager and multiprocessing.resource_sharer to + significantly reduce the risk of getting a connection refused + error when creating a multiprocessing.connection.Connection to + them. + - gh-113543: Make sure that webbrowser.MacOSXOSAScript sends + webbrowser.open audit event. + - gh-113028: When a second reference to a string appears in the + input to pickle, and the Python implementation is in use, we are + guaranteed that a single copy gets pickled and a single object + is shared when reloaded. Previously, in protocol 0, when a + string contained certain characters (e.g. newline) it resulted + in duplicate objects. + - gh-113421: Fix multiprocessing logger for %(filename)s. + - gh-113358: Fix rendering tracebacks for exceptions with a broken + __getattr__. + - gh-113214: Fix an AttributeError during asyncio SSL protocol + aborts in SSL-over-SSL scenarios. + - gh-113246: Update bundled pip to 23.3.2. + - gh-113199: Make http.client.HTTPResponse.read1 and + http.client.HTTPResponse.readline close IO after reading all + data when content length is known. Patch by Illia Volochii. + - gh-113188: Fix shutil.copymode() and shutil.copystat() on + Windows. Previously they worked differenly if dst is a symbolic + link: they modified the permission bits of dst itself rather + than the file it points to if follow_symlinks is true or src is + not a symbolic link, and did not modify the permission bits if + follow_symlinks is false and src is a symbolic link. + - gh-61648: Detect line numbers of properties in doctests. + - gh-112559: signal.signal() and signal.getsignal() no longer call + repr on callable handlers. asyncio.run() and + asyncio.Runner.run() no longer call repr on the task results. + Patch by Yilei Yang. + - gh-110190: Fix ctypes structs with array on PPC64LE platform by + setting MAX_STRUCT_SIZE to 64 in stgdict. Patch by Diego Russo. + - gh-79429: Ignore FileNotFoundError when remove a temporary + directory in the multiprocessing finalizer. + - gh-79325: Fix an infinite recursion error in + tempfile.TemporaryDirectory() cleanup on Windows. + - gh-110190: Fix ctypes structs with array on Arm platform by + setting MAX_STRUCT_SIZE to 32 in stgdict. Patch by Diego Russo. + - gh-81194: Fix a crash in socket.if_indextoname() with specific + value (UINT_MAX). Fix an integer overflow in + socket.if_indextoname() on 64-bit non-Windows platforms. + - gh-75666: Fix the behavior of tkinter widget’s unbind() method + with two arguments. Previously, widget.unbind(sequence, funcid) + destroyed the current binding for sequence, leaving sequence + unbound, and deleted the funcid command. Now it removes only + funcid from the binding for sequence, keeping other commands, + and deletes the funcid command. It leaves sequence unbound only + if funcid was the last bound command. + - gh-110345: Show the Tcl/Tk patchlevel (rather than version) in + tkinter._test(). + - gh-109858: Protect zipfile from “quoted-overlap” zipbomb. It now + raises BadZipFile when try to read an entry that overlaps with + other entry or central directory (bsc#1221854, CVE-2024-0450). + - gh-38807: Fix race condition in trace. Instead of checking if a + directory exists and creating it, directly call os.makedirs() + with the kwarg exist_ok=True. + - gh-75705: Set unixfrom envelope in mailbox.mbox and + mailbox.MMDF. + - gh-105102: Allow ctypes.Union to be nested in ctypes.Structure + when the system endianness is the opposite of the classes. + - gh-104282: Fix null pointer dereference in + lzma._decode_filter_properties() due to improper handling of BCJ + filters with properties of zero length. Patch by Radislav + Chugunov. + - gh-102512: When os.fork() is called from a foreign thread (aka + _DummyThread), the type of the thread in a child process is + changed to _MainThread. Also changed its name and daemonic + status, it can be now joined. + - gh-91133: Fix a bug in tempfile.TemporaryDirectory cleanup, + which now no longer dereferences symlinks when working around + file system permission errors. + - bpo-43153: On Windows, tempfile.TemporaryDirectory previously + masked a PermissionError with NotADirectoryError during + directory cleanup. It now correctly raises PermissionError if + errors are not ignored. Patch by Andrei Kulakov and Ken Jin. + - bpo-35332: The shutil.rmtree() function now ignores errors when + calling os.close() when ignore_errors is True, and os.close() no + longer retried after error. + - bpo-35928: io.TextIOWrapper now correctly handles the decoding + buffer after read() and write(). + - bpo-26791: shutil.move() now moves a symlink into a directory + when that directory is the target of the symlink. This provides + the same behavior as the mv shell command. The previous behavior + raised an exception. Patch by Jeffrey Kintscher. + - bpo-36959: Fix some error messages for invalid ISO format string + combinations in strptime() that referred to directives not + contained in the format string. Patch by Gordon P. Hemsley. + - bpo-18060: Fixed a class inheritance issue that can cause + segfaults when deriving two or more levels of subclasses from a + base class of Structure or Union. + - Documentation + - gh-110746: Improved markup for valid options/values for methods + ttk.treeview.column and ttk.treeview.heading, and for Layouts. + - gh-95649: Document that the asyncio module contains code taken + from v0.16.0 of the uvloop project, as well as the required MIT + licensing information. + - Tests + - gh-109980: Fix test_tarfile_vs_tar in test_shutil for macOS, + where system tar can include more information in the archive + than shutil.make_archive. + - gh-112769: The tests now correctly compare zlib version when + zlib.ZLIB_RUNTIME_VERSION contains non-integer suffixes. For + example zlib-ng defines the version as 1.3.0.zlib-ng. + - gh-105089: Fix + test.test_zipfile.test_core.TestWithDirectory.test_create_directory_with_write + test in AIX by doing a bitwise AND of 0xFFFF on mode , so that + it will be in sync with zinfo.external_attr + - bpo-40648: Test modes that file can get with chmod() on Windows. + - Build + - gh-101778: Fix build error when there’s a dangling symlink in + the directory containing ffi.h. + - gh-112305: Fixed the check-clean-src step performed on out of + tree builds to detect errant $(srcdir)/Python/frozen_modules/*.h + files and recommend appropriate source tree cleanup steps to get + a working build again. + - bpo-11102: The os.major(), os.makedev(), and os.minor() + functions are now available on HP-UX v3. + - bpo-36351: Do not set ipv6type when cross-compiling. + - IDLE + - gh-96905: In idlelib code, stop redefining built-ins ‘dict’ and + ‘object’. + - gh-72284: Improve the lists of features, editor key bindings, + and shell key bingings in the IDLE doc. + - gh-113903: Fix rare failure of test.test_idle, in + test_configdialog. + - gh-113729: Fix the “Help -> IDLE Doc” menu bug in 3.11.7 and + 3.12.1. + - gh-113269: Fix test_editor hang on macOS Catalina. + - gh-112898: Fix processing unsaved files when quitting IDLE on + macOS. + - gh-103820: Revise IDLE bindings so that events from mouse button + 4/5 on non-X11 windowing systems (i.e. Win32 and Aqua) are not + mistaken for scrolling. + - bpo-13586: Enter the selected text when opening the “Replace” + dialog. + - Tools/Demos + - gh-109991: Update GitHub CI workflows to use OpenSSL 3.0.13 and + multissltests to use 1.1.1w, 3.0.13, 3.1.5, and 3.2.1. + - gh-115015: Fix a bug in Argument Clinic that generated incorrect + code for methods with no parameters that use the METH_METHOD | + METH_FASTCALL | METH_KEYWORDS calling convention. Only the + positional parameter count was checked; any keyword argument + passed would be silently accepted. +- Remove upstreamed patches: + - CVE-2024-0450-zipfile-avoid-quoted-overlap-zipbomb.patch +- Refresh all patches: + - CVE-2023-27043-email-parsing-errors.patch + - F00251-change-user-install-location.patch + - bpo-31046_ensurepip_honours_prefix.patch + - distutils-reproducible-compile.patch + - fix_configure_rst.patch + - python-3.3.0b1-fix_date_time_compiler.patch + - python-3.3.0b1-localpath.patch + - python-3.3.0b1-test-posix_fadvise.patch + - skip_if_buildbot-extend.patch + - subprocess-raise-timeout.patch + - support-expat-CVE-2022-25236-patched.patch + +------------------------------------------------------------------- +Tue Dec 19 16:34:50 UTC 2023 - Daniel Garcia + +- Update patch fix_configure_rst.patch +- Update to 3.11.7: + - Core and Builtins + - gh-112625: Fixes a bug where a bytearray object could be cleared + while iterating over an argument in the bytearray.join() method + that could result in reading memory after it was freed. + - gh-112388: Fix an error that was causing the parser to try to + overwrite tokenizer errors. Patch by pablo Galindo + - gh-112387: Fix error positions for decoded strings with + backwards tokenize errors. Patch by Pablo Galindo + - gh-112266: Change docstrings of __dict__ and __weakref__. + - gh-109181: Speed up Traceback object creation by lazily compute + the line number. Patch by Pablo Galindo + - gh-102388: Fix a bug where iso2022_jp_3 and iso2022_jp_2004 + codecs read out of bounds + - gh-111366: Fix an issue in the codeop that was causing + SyntaxError exceptions raised in the presence of invalid syntax + to not contain precise error messages. Patch by Pablo Galindo + - gh-111380: Fix a bug that was causing SyntaxWarning to appear + twice when parsing if invalid syntax is encountered later. Patch + by Pablo galindo + - gh-88116: Traceback location ranges involving wide unicode + characters (like emoji and asian characters) now are properly + highlighted. Patch by Batuhan Taskaya and Pablo Galindo. + - gh-94438: Fix a regression that prevented jumping across is None + and is not None when debugging. Patch by Savannah Ostrowski. + - gh-110696: Fix incorrect error message for invalid argument + unpacking. Patch by Pablo Galindo + - gh-110237: Fix missing error checks for calls to PyList_Append + in _PyEval_MatchClass. + - gh-109216: Fix possible memory leak in BUILD_MAP. + + - Library + - gh-112618: Fix a caching bug relating to typing.Annotated. + Annotated[str, True] is no longer identical to Annotated[str, + 1]. + - gh-112509: Fix edge cases that could cause a key to be present + in both the __required_keys__ and __optional_keys__ attributes + of a typing.TypedDict. Patch by Jelle Zijlstra. + - gh-94722: Fix bug where comparison between instances of DocTest + fails if one of them has None as its lineno. + - gh-112105: Make readline.set_completer_delims() work with + libedit + - gh-111942: Fix SystemError in the TextIOWrapper constructor with + non-encodable “errors” argument in non-debug mode. + - gh-109538: Issue warning message instead of having RuntimeError + be displayed when event loop has already been closed at + StreamWriter.__del__(). + - gh-111942: Fix crashes in io.TextIOWrapper.reconfigure() when + pass invalid arguments, e.g. non-string encoding. + - gh-111804: Remove posix.fallocate() under WASI as the underlying + posix_fallocate() is not available in WASI preview2. + - gh-111841: Fix truncating arguments on an embedded null + character in os.putenv() and os.unsetenv() on Windows. + - gh-111541: Fix doctest for SyntaxError not-builtin subclasses. + - gh-110894: Call loop exception handler for exceptions in + client_connected_cb of asyncio.start_server() so that + applications can handle it. Patch by Kumar Aditya. + - gh-111531: Fix reference leaks in bind_class() and bind_all() + methods of tkinter widgets. + - gh-111356: Added io.text_encoding(), io.DEFAULT_BUFFER_SIZE, and + io.IncrementalNewlineDecoder to io.__all__. + - gh-68166: Remove mention of not supported “vsapi” element type + in tkinter.ttk.Style.element_create(). Add tests for + element_create() and other ttk.Style methods. Add examples for + element_create() in the documentation. + - gh-111251: Fix _blake2 not checking for errors when + initializing. + - gh-111174: Fix crash in io.BytesIO.getbuffer() called repeatedly + for empty BytesIO. + - gh-111187: Postpone removal version for + locale.getdefaultlocale() to Python 3.15. + - gh-111159: Fix doctest output comparison for exceptions with + notes. + - gh-110910: Fix invalid state handling in asyncio.TaskGroup and + asyncio.Timeout. They now raise proper RuntimeError if they are + improperly used and are left in consistent state after this. + - gh-111092: Make turtledemo run without default root enabled. + - gh-110590: Fix a bug in _sre.compile() where TypeError would be + overwritten by OverflowError when the code argument was a list + of non-ints. + - gh-65052: Prevent pdb from crashing when trying to display + undisplayable objects + - gh-110519: Deprecation warning about non-integer number in + gettext now alwais refers to the line in the user code where + gettext function or method is used. Previously it could refer to + a line in gettext code. + - gh-110378: contextmanager() and asynccontextmanager() context + managers now close an invalid underlying generator object that + yields more then one value. + - gh-110365: Fix termios.tcsetattr() bug that was overwritting + existing errors during parsing integers from term list. + - gh-110196: Add __reduce__ method to IPv6Address in order to keep + scope_id + - gh-109747: Improve errors for unsupported look-behind patterns. + Now re.error is raised instead of OverflowError or RuntimeError + for too large width of look-behind pattern. + - gh-109786: Fix possible reference leaks and crash when re-enter + the __next__() method of itertools.pairwise. + - gh-108791: Improved error handling in pdb command line + interface, making it produce more concise error messages. + - gh-73561: Omit the interface scope from an IPv6 address when + used as Host header by http.client. + - gh-86826: zipinfo now supports the full range of values in the + TZ string determined by RFC 8536 and detects all invalid + formats. Both Python and C implementations now raise exceptions + of the same type on invalid data. + - bpo-41422: Fixed memory leaks of pickle.Pickler and + pickle.Unpickler involving cyclic references via the internal + memo mapping. + - bpo-40262: The ssl.SSLSocket.recv_into() method no longer + requires the buffer argument to implement __len__ and supports + buffers with arbitrary item size. + - bpo-35191: Fix unexpected integer truncation in + socket.setblocking() which caused it to interpret multiples of + 2**32 as False. + + - Documentation + - gh-108826: dis module command-line interface is now mentioned in + documentation. + + - Tests + - gh-110367: Make regrtest --verbose3 option compatible with + --huntrleaks -jN options. The ./python -m test -j1 -R 3:3 + --verbose3 command now works as expected. Patch by Victor + Stinner. + - gh-111309: distutils tests can now be run via unittest. + - gh-111165: Remove no longer used functions run_unittest() and + run_doctest() and class BasicTestRunner from the test.support + module. + - gh-110932: Fix regrtest if the SOURCE_DATE_EPOCH environment + variable is defined: use the variable value as the random seed. + Patch by Victor Stinner. + - gh-110995: test_gdb: Fix detection of gdb built without Python + scripting support. Patch by Victor Stinner. + - gh-110918: Test case matching patterns specified by options + --match, --ignore, --matchfile and --ignorefile are now tested + in the order of specification, and the last match determines + whether the test case be run or ignored. + - gh-110647: Fix test_stress_modifying_handlers() of test_signal. + Patch by Victor Stinner. + - gh-103053: Fix test_tools.test_freeze on FreeBSD: run “make + distclean” instead of “make clean” in the copied source + directory to remove also the “python” program. Patch by Victor + Stinner. + - gh-110167: Fix a deadlock in test_socket when server fails with + a timeout but the client is still running in its thread. Don’t + hold a lock to call cleanup functions in doCleanups(). One of + the cleanup function waits until the client completes, whereas + the client could deadlock if it called addCleanup() in such + situation. Patch by Victor Stinner. + - gh-110388: Add tests for tty. + - gh-81002: Add tests for termios. + - gh-110267: Add tests for pickling and copying PyStructSequence + objects. Patched by Xuehai Pan. + - gh-109974: Fix race conditions in test_threading lock tests. + Wait until a condition is met rather than using time.sleep() + with a hardcoded number of seconds. Patch by Victor Stinner. + - gh-109972: Split test_gdb.py file into a test_gdb package made + of multiple tests, so tests can now be run in parallel. Patch by + Victor Stinner. + - gh-104736: Fix test_gdb on Python built with LLVM clang 16 on + Linux ppc64le (ex: Fedora 38). Search patterns in gdb “bt” + command output to detect when gdb fails to retrieve the + traceback. For example, skip a test if Backtrace stopped: frame + did not save the PC is found. Patch by Victor Stinner. + - gh-108927: Fixed order dependence in running tests in the same + process when a test that has submodules (e.g. test_importlib) + follows a test that imports its submodule (e.g. + test_importlib.util) and precedes a test (e.g. test_unittest or + test_compileall) that uses that submodule. + + - Build + - gh-103053: “make check-clean-src” now also checks if the + “python” program is found in the source directory: fail with an + error if it does exist. Patch by Victor Stinner. + - gh-109191: Fix compile error when building with recent versions + of libedit. + + - IDLE + - bpo-35668: Add docstrings to the IDLE debugger module. Fix two + bugs: initialize Idb.botframe (should be in Bdb); in + Idb.in_rpc_code, check whether prev_frame is None before trying + to use it. Greatly expand test_debugger. + + - C API + - gh-112438: Fix support of format units “es”, “et”, “es#”, and + “et#” in nested tuples in PyArg_ParseTuple()-like functions. + - gh-109521: PyImport_GetImporter() now sets RuntimeError if it + fails to get sys.path_hooks or sys.path_importer_cache or they + are not list and dict correspondingly. Previously it could + return NULL without setting error in obscure cases, crash or + raise SystemError if these attributes have wrong type. +------------------------------------------------------------------- +Mon Dec 18 16:20:58 UTC 2023 - Matej Cepl + +- Refresh CVE-2023-27043-email-parsing-errors.patch to + gh#python/cpython!111116, fixing bsc#1210638 (CVE-2023-27043). +- Thus we can remove Revert-gh105127-left-tests.patch, which is + now useless. + +------------------------------------------------------------------- +Wed Nov 15 09:06:16 UTC 2023 - Daniel Garcia + +- Remove not needed patch 103213-fetch-CONFIG_ARGS.patch +- Refresh patches: + - bpo-31046_ensurepip_honours_prefix.patch + - fix_configure_rst.patch + +- Update to 3.11.6: + - Core and Builtins + - gh-109351: Fix crash when compiling an invalid AST involving a + named (walrus) expression. + - gh-109207: Fix a SystemError in __repr__ of symtable entry + object. + - gh-109179: Fix bug where the C traceback display drops notes + from SyntaxError. + - gh-88943: Improve syntax error for non-ASCII character that + follows a numerical literal. It now points on the invalid + non-ASCII character, not on the valid numerical literal. + - gh-108959: Fix caret placement for error locations for subscript + and binary operations that involve non-semantic parentheses and + spaces. Patch by Pablo Galindo + - gh-108520: Fix + multiprocessing.synchronize.SemLock.__setstate__() to properly + initialize multiprocessing.synchronize.SemLock._is_fork_ctx. + This fixes a regression when passing a SemLock accross nested + processes. + - Rename multiprocessing.synchronize.SemLock.is_fork_ctx to + multiprocessing.synchronize.SemLock._is_fork_ctx to avoid + exposing it as public API. + - Library + - gh-110036: On Windows, multiprocessing Popen.terminate() now + catchs PermissionError and get the process exit code. If the + process is still running, raise again the PermissionError. + Otherwise, the process terminated as expected: store its exit + code. Patch by Victor Stinner. + - gh-110038: Fixed an issue that caused KqueueSelector.select() to + not return all the ready events in some cases when a file + descriptor is registered for both read and write. + - gh-109631: re functions such as re.findall(), re.split(), + re.search() and re.sub() which perform short repeated matches + can now be interrupted by user. + - gh-109593: Avoid deadlocking on a reentrant call to the + multiprocessing resource tracker. Such a reentrant call, though + unlikely, can happen if a GC pass invokes the finalizer for a + multiprocessing object such as SemLock. + - gh-109613: Fix os.stat() and os.DirEntry.stat(): check for + exceptions. Previously, on Python built in debug mode, these + functions could trigger a fatal Python error (and abort the + process) when a function succeeded with an exception set. Patch + by Victor Stinner. + - gh-109375: The pdb alias command now prevents registering + aliases without arguments. + - gh-107219: Fix a race condition in concurrent.futures. When a + process in the process pool was terminated abruptly (while the + future was running or pending), close the connection write end. + If the call queue is blocked on sending bytes to a worker + process, closing the connection write end interrupts the send, + so the queue can be closed. Patch by Victor Stinner. + - gh-50644: Attempts to pickle or create a shallow or deep copy of + codecs streams now raise a TypeError. Previously, copying failed + with a RecursionError, while pickling produced wrong results + that eventually caused unpickling to fail with a RecursionError. + - gh-108987: Fix _thread.start_new_thread() race condition. If a + thread is created during Python finalization, the newly spawned + thread now exits immediately instead of trying to access freed + memory and lead to a crash. Patch by Victor Stinner. + - gh-108843: Fix an issue in ast.unparse() when unparsing + f-strings containing many quote types. + - gh-108682: Enum: raise TypeError if super().__new__() is called + from a custom __new__. + - gh-105829: Fix concurrent.futures.ProcessPoolExecutor deadlock + - gh-64662: Fix support for virtual tables in + sqlite3.Connection.iterdump(). Patch by Aviv Palivoda. + - gh-107913: Fix possible losses of errno and winerror values in + OSError exceptions if they were cleared or modified by the + cleanup code before creating the exception object. + - gh-104372: On Linux where subprocess can use the vfork() syscall + for faster spawning, prevent the parent process from blocking + other threads by dropping the GIL while it waits for the + vfork’ed child process exec() outcome. This prevents spawning a + binary from a slow filesystem from blocking the rest of the + application. + - gh-84867: unittest.TestLoader no longer loads test cases from + exact unittest.TestCase and unittest.FunctionTestCase classes. + - Documentation + - gh-109209: The minimum Sphinx version required for the + documentation is now 4.2. + - gh-105052: Update timeit doc to specify that time in seconds is + just the default. + - gh-102823: Document the return type of x // y when x and y have + type float. + - Tests + - gh-110031: Skip test_threading tests using thread+fork if Python + is built with Address Sanitizer (ASAN). Patch by Victor Stinner. + - gh-110088: Fix test_asyncio timeouts: don’t measure the maximum + duration, a test should not measure a CI performance. Only + measure the minimum duration when a task has a timeout or delay. + Add CLOCK_RES to test_asyncio.utils. Patch by Victor Stinner. + - gh-110033: Fix test_interprocess_signal() of test_signal. Make + sure that the subprocess.Popen object is deleted before the test + raising an exception in a signal handler. Otherwise, + Popen.__del__() can get the exception which is logged as + Exception ignored in: ... and the test fails. Patch by Victor + Stinner. + - gh-109594: Fix test_timeout() of + test_concurrent_futures.test_wait. Remove the future which may + or may not complete depending if it takes longer than the + timeout ot not. Keep the second future which does not complete + before wait() timeout. Patch by Victor Stinner. + - gh-109748: Fix test_zippath_from_non_installed_posix() of + test_venv: don’t copy __pycache__/ sub-directories, because they + can be modified by other Python tests running in parallel. Patch + by Victor Stinner. + - gh-103053: Skip test_freeze_simple_script() of + test_tools.test_freeze if Python is built with ./configure + --enable-optimizations, which means with Profile Guided + Optimization (PGO): it just makes the test too slow. The freeze + tool is tested by many other CIs with other (faster) compiler + flags. Patch by Victor Stinner. + - gh-109396: Fix test_socket.test_hmac_sha1() in FIPS mode. Use a + longer key: FIPS mode requires at least of at least 112 bits. + The previous key was only 32 bits. Patch by Victor Stinner. + - gh-104736: Fix test_gdb on Python built with LLVM clang 16 on + Linux ppc64le (ex: Fedora 38). Search patterns in gdb “bt” + command output to detect when gdb fails to retrieve the + traceback. For example, skip a test if Backtrace stopped: frame + did not save the PC is found. Patch by Victor Stinner. + - gh-109237: Fix test_site.test_underpth_basic() when the working + directory contains at least one non-ASCII character: encode the + ._pth file to UTF-8 and enable the UTF-8 Mode to use UTF-8 for + the child process stdout. Patch by Victor Stinner. + - gh-109230: Fix test_pyexpat.test_exception(): it can now be run + from a directory different than Python source code directory. + Before, the test failed in this case. Skip the test if + Modules/pyexpat.c source is not available. Skip also the test on + Python implementations other than CPython. Patch by Victor + Stinner. + - gh-109015: Fix test_asyncio, test_imaplib and test_socket tests + on FreeBSD if the TCP blackhole is enabled (sysctl + net.inet.tcp.blackhole). Skip the few tests which failed with + ETIMEDOUT which such non standard configuration. Currently, the + FreeBSD GCP image enables TCP and UDP blackhole (sysctl + net.inet.tcp.blackhole=2 and sysctl net.inet.udp.blackhole=1). + Patch by Victor Stinner. + - gh-91960: Skip test_gdb if gdb is unable to retrieve Python + frame objects: if a frame is . When Python is + built with “clang -Og”, gdb can fail to retrive the frame + parameter of _PyEval_EvalFrameDefault(). In this case, tests + like py_bt() are likely to fail. Without getting access to + Python frames, python-gdb.py is mostly clueless on retrieving + the Python traceback. Moreover, test_gdb is no longer skipped on + macOS if Python is built with Clang. Patch by Victor Stinner. + - gh-108962: Skip test_tempfile.test_flags() if chflags() fails + with “OSError: [Errno 45] Operation not supported” (ex: on + FreeBSD 13). Patch by Victor Stinner. + - gh-89392: Removed support of test_main() function in tests. They + now always use normal unittest test runner. + - gh-108851: Fix test_tomllib recursion tests for WASI buildbots: + reduce the recursion limit and compute the maximum nested + array/dict depending on the current available recursion limit. + Patch by Victor Stinner. + - gh-108851: Add get_recursion_available() and + get_recursion_depth() functions to the test.support module. + Patch by Victor Stinner. + - gh-108822: regrtest now computes statistics on all tests: + successes, failures and skipped. test_netrc, test_pep646_syntax + and test_xml_etree now return results in their test_main() + function. Patch by Victor Stinner and Alex Waygood. + - gh-108388: Convert test_concurrent_futures to a package of 7 + sub-tests. Patch by Victor Stinner. + - gh-108388: Split test_multiprocessing_fork, + test_multiprocessing_forkserver and test_multiprocessing_spawn + into test packages. Each package is made of 4 sub-tests: + processes, threads, manager and misc. It allows running more + tests in parallel and so reduce the total test duration. Patch + by Victor Stinner. + - gh-101634: When running the Python test suite with -jN option, + if a worker stdout cannot be decoded from the locale encoding + report a failed testn so the exitcode is non-zero. Patch by + Victor Stinner. + - gh-100086: The Python test runner (libregrtest) now logs Python + build information like “debug” vs “release” build, or LTO and + PGO optimizations. Patch by Victor Stinner. + - gh-98903: The Python test suite now fails wit exit code 4 if no + tests ran. It should help detecting typos in test names and test + methods. + - gh-95027: On Windows, when the Python test suite is run with the + -jN option, the ANSI code page is now used as the encoding for + the stdout temporary file, rather than using UTF-8 which can + lead to decoding errors. Patch by Victor Stinner. + - gh-93353: regrtest now checks if a test leaks temporary files or + directories if run with -jN option. Patch by Victor Stinner. + - Build + - gh-63760: Fix Solaris build: no longer redefine the + gethostname() function. Solaris defines the function since 2005. + Patch by Victor Stinner, original patch by Jakub Kulík. + - gh-108740: Fix a race condition in make regen-all. The + deepfreeze.c source and files generated by Argument Clinic are + now generated or updated before generating “global objects”. + Previously, some identifiers may miss depending on the order in + which these files were generated. Patch by Victor Stinner. + - Windows + - gh-109991: Update Windows build to use OpenSSL 3.0.11. + - gh-107565: Update Windows build to use OpenSSL 3.0.10. + - macOS + - gh-109991: Update macOS installer to use OpenSSL 3.0.11. + - Tools/Demos + - gh-109991: Update GitHub CI workflows to use OpenSSL 3.0.11 and + multissltests to use 1.1.1w, 3.0.11, and 3.1.3. + +------------------------------------------------------------------- +Wed Sep 6 07:52:11 UTC 2023 - Daniel Garcia + +- Update to 3.11.5 (bsc#1214692): + - Security + - gh-108310: Fixed an issue where instances of ssl.SSLSocket were + vulnerable to a bypass of the TLS handshake and included + protections (like certificate verification) and treating sent + unencrypted data as if it were post-handshake TLS encrypted data. + Security issue reported as CVE-2023-40217 by Aapo Oksman. Patch by + Gregory P. Smith. + - Core and Builtins + - gh-104432: Fix potential unaligned memory access on C APIs + involving returned sequences of char * pointers within the grp + and socket modules. These were revealed using a + -fsaniziter=alignment build on ARM macOS. Patch by Christopher + Chavez. + - gh-77377: Ensure that multiprocessing synchronization objects + created in a fork context are not sent to a different process + created in a spawn context. This changes a segfault into an + actionable RuntimeError in the parent process. + - gh-106092: Fix a segmentation fault caused by a use-after-free + bug in frame_dealloc when the trashcan delays the deallocation + of a PyFrameObject. + - gh-106719: No longer suppress arbitrary errors in the + __annotations__ getter and setter in the type and module types. + - gh-106723: Propagate frozen_modules to multiprocessing spawned + process interpreters. + - gh-105979: Fix crash in _imp.get_frozen_object() due to improper + exception handling. + - gh-105840: Fix possible crashes when specializing function calls + with too many __defaults__. + - gh-105588: Fix an issue that could result in crashes when + compiling malformed ast nodes. + - gh-105375: Fix bugs in the builtins module where exceptions + could end up being overwritten. + - gh-105375: Fix bug in the compiler where an exception could end + up being overwritten. + - gh-105375: Improve error handling in + PyUnicode_BuildEncodingMap() where an exception could end up + being overwritten. + - gh-105235: Prevent out-of-bounds memory access during + mmap.find() calls. + - gh-101006: Improve error handling when read marshal data. + - Library + - gh-105736: Harmonized the pure Python version of OrderedDict + with the C version. Now, both versions set up their internal + state in __new__. Formerly, the pure Python version did the set + up in __init__. + - gh-107963: Fix multiprocessing.set_forkserver_preload() to check + the given list of modules names. Patch by Dong-hee Na. + - gh-106242: Fixes os.path.normpath() to handle embedded null + characters without truncating the path (bsc#1214693, + CVE-2023-41105). + - gh-107845: tarfile.data_filter() now takes the location of + symlinks into account when determining their target, so it will + no longer reject some valid tarballs with + LinkOutsideDestinationError. + - gh-107715: Fix doctest.DocTestFinder.find() in presence of class + names with special characters. Patch by Gertjan van Zwieten. + - gh-100814: Passing a callable object as an option value to a + Tkinter image now raises the expected TclError instead of an + AttributeError. + - gh-106684: Close asyncio.StreamWriter when it is not closed by + application leading to memory leaks. Patch by Kumar Aditya. + - gh-107077: Seems that in some conditions, OpenSSL will return + SSL_ERROR_SYSCALL instead of SSL_ERROR_SSL when a certification + verification has failed, but the error parameters will still + contain ERR_LIB_SSL and SSL_R_CERTIFICATE_VERIFY_FAILED. We are + now detecting this situation and raising the appropiate + ssl.SSLCertVerificationError. Patch by Pablo Galindo + - gh-107396: tarfiles; Fixed use before assignment of + self.exception for gzip decompression + - gh-62519: Make gettext.pgettext() search plural definitions when + translation is not found. + - gh-83006: Document behavior of shutil.disk_usage() for + non-mounted filesystems on Unix. + - gh-106186: Do not report MultipartInvariantViolationDefect + defect when the email.parser.Parser class is used to parse + emails with headersonly=True. + - gh-106831: Fix potential missing NULL check of d2i_SSL_SESSION + result in _ssl.c. + - gh-106774: Update the bundled copy of pip to version 23.2.1. + - gh-106752: Fixed several bug in zipfile.Path in + name/suffix/suffixes/stem operations when no filename is present + and the Path is not at the root of the zipfile. + - gh-106602: Add __copy__ and __deepcopy__ in enum + - gh-106530: Revert a change to colorsys.rgb_to_hls() that caused + division by zero for certain almost-white inputs. Patch by Terry + Jan Reedy. + - gh-106052: re module: fix the matching of possessive quantifiers + in the case of a subpattern containing backtracking. + - gh-106510: Improve debug output for atomic groups in regular + expressions. + - gh-105497: Fix flag mask inversion when unnamed flags exist. + - gh-90876: Prevent multiprocessing.spawn from failing to import + in environments where sys.executable is None. This regressed in + 3.11 with the addition of support for path-like objects in + multiprocessing. + - gh-106350: Detect possible memory allocation failure in the + libtommath function mp_init() used by the _tkinter module. + - gh-102541: Make pydoc.doc catch bad module ImportError when + output stream is not None. + - gh-106263: Fix crash when calling repr with a manually + constructed SignalDict object. Patch by Charlie Zhao. + - gh-105375: Fix a bug in _Unpickler_SetInputStream() where an + exception could end up being overwritten in case of failure. + - gh-105375: Fix bugs in sys where exceptions could end up being + overwritten because of deferred error handling. + - gh-105605: Harden pyexpat error handling during module + initialisation to prevent exceptions from possibly being + overwritten, and objects from being dereferenced twice. + - gh-105375: Fix bug in decimal where an exception could end up + being overwritten. + - gh-105375: Fix bugs in _datetime where exceptions could be + overwritten in case of module initialisation failure. + - gh-105375: Fix bugs in _ssl initialisation which could lead to + leaked references and overwritten exceptions. + - gh-105375: Fix a bug in array.array where an exception could end + up being overwritten. + - gh-105375: Fix bugs in _ctypes where exceptions could end up + being overwritten. + - gh-105375: Fix a bug in the posix module where an exception + could be overwritten. + - gh-105375: Fix bugs in _elementtree where exceptions could be + overwritten. + - gh-105375: Fix bugs in zoneinfo where exceptions could be + overwritten. + - gh-105375: Fix bugs in pickle where exceptions could be + overwritten. + - gh-105497: Fix flag inversion when alias/mask members exist. + - gh-105375: Fix bugs in pickle where exceptions could be + overwritten. + - gh-103171: Revert undocumented behaviour change with + runtime-checkable protocols decorated with typing.final() in + Python 3.11. The behaviour change had meant that objects would + not be considered instances of these protocols at runtime unless + they had a __final__ attribute. Patch by Alex Waygood. + - gh-105375: Fix a bug in sqlite3 where an exception could be + overwritten in the collation callback. + - gh-105332: Revert pickling method from by-name back to by-value. + - gh-104554: Add RTSPS scheme support in urllib.parse + - gh-100061: Fix a bug that causes wrong matches for regular + expressions with possessive qualifier. + - gh-102541: Hide traceback in help() prompt, when import failed. + - gh-99203: Restore following CPython <= 3.10.5 behavior of + shutil.make_archive(): do not create an empty archive if + root_dir is not a directory, and, in that case, raise + FileNotFoundError or NotADirectoryError regardless of format + choice. Beyond the brought-back behavior, the function may now + also raise these exceptions in dry_run mode. + - gh-94777: Fix hanging multiprocessing ProcessPoolExecutor when a + child process crashes while data is being written in the call + queue. + - bpo-18319: Ensure gettext(msg) retrieve translations even if a + plural form exists. In other words: gettext(msg) == + ngettext(msg, '', 1). + - Documentation + - gh-107008: Document the curses module variables LINES and COLS. + - gh-106948: Add a number of standard external names to + nitpick_ignore. + - gh-54738: Add documentation on how to localize the argparse + module. + - Tests + - gh-105776: Fix test_cppext when the C compiler command -std=c11 + option: remove -std= options from the compiler command. Patch by + Victor Stinner. + - gh-107237: test_logging: Fix test_udp_reconnection() by + increasing the timeout from 100 ms to 5 minutes (LONG_TIMEOUT). + Patch by Victor Stinner. + - gh-101634: When running the Python test suite with -jN option, + if a worker stdout cannot be decoded from the locale encoding + report a failed testn so the exitcode is non-zero. Patch by + Victor Stinner. + - Build + - gh-107814: When calling find_python.bat with -q it did not + properly silence the output of nuget. That is now fixed. + - gh-106881: Check for linux/limits.h before including it in + Modules/posixmodule.c. + - gh-104692: Include commoninstall as a prerequisite for + bininstall + - This ensures that commoninstall is completed before bininstall + is started when parallel builds are used (make -j install), and + so the python3 symlink is only installed after all standard + library modules are installed. + - gh-100340: Allows -Wno-int-conversion for wasm-sdk 17 and + onwards, thus enables building WASI builds once against the + latest sdk. + - Windows + - gh-106242: Fixes realpath() to behave consistently when passed a + path containing an embedded null character on Windows. In strict + mode, it now raises OSError instead of the unexpected + ValueError, and in non-strict mode will make the path absolute. + - gh-106844: Fix integer overflow in _winapi.LCMapStringEx() which + affects ntpath.normcase(). + - gh-99079: Update Windows build to use OpenSSL 3.0.9 + - gh-105436: Ensure that an empty environment block is terminated + by two null characters, as is required by Windows. + - macOS + - gh-107565: Update macOS installer to use OpenSSL 3.0.10. + - gh-99079: Update macOS installer to use OpenSSL 3.0.9. + - Tools/Demos + - gh-107565: Update multissltests and GitHub CI workflows to use + OpenSSL 1.1.1v, 3.0.10, and 3.1.2. + - gh-95065: Argument Clinic now supports overriding automatically + generated signature by using directive @text_signature. See How + to override the generated signature. + - gh-106970: Fix bugs in the Argument Clinic destination + clear command; the destination buffers would never be cleared, + and the destination directive parser would simply continue to + the fault handler after processing the command. Patch by Erlend + E. Aasland. + - C API + - gh-107916: C API functions PyErr_SetFromErrnoWithFilename(), + PyErr_SetExcFromWindowsErrWithFilename() and + PyErr_SetFromWindowsErrWithFilename() save now the error code + before calling PyUnicode_DecodeFSDefault(). + - gh-107915: Such C API functions as PyErr_SetString(), + PyErr_Format(), PyErr_SetFromErrnoWithFilename() and many others + no longer crash or ignore errors if it failed to format the + error message or decode the filename. Instead, they keep a + corresponding error. + - gh-107226: PyModule_AddObjectRef() is now only available in the + limited API version 3.10 or later. + - gh-105375: Fix a bug in PyErr_WarnExplicit() where an exception + could end up being overwritten if the API failed internally. + - gh-99612: Fix PyUnicode_DecodeUTF8Stateful() for ASCII-only + data: *consumed was not set. + +------------------------------------------------------------------- +Thu Aug 10 09:33:26 UTC 2023 - Dirk Müller + +- restrict PEP668 to ALP/Tumbleweed + +------------------------------------------------------------------- +Fri Aug 4 06:37:41 UTC 2023 - Dirk Müller + +- add externally_managed.in to label this build as PEP-668 managed + +------------------------------------------------------------------- +Thu Aug 3 14:53:38 UTC 2023 - Matej Cepl + +- IT MEANS THAT bsc#1210638 STILL HAS NOT BEEN FIXED! +- Add Revert-gh105127-left-tests.patch (gh#python/cpython!106941) + partially reverting CVE-2023-27043-email-parsing-errors.patch, + because of the regression in gh#python/cpython#106669. +- (bsc#1210638, CVE-2023-27043) Add + CVE-2023-27043-email-parsing-errors.patch, which detects email + address parsing errors and returns empty tuple to indicate the + parsing error (old API). (The patch is faulty, + gh#python/cpython#106669, but upstream decided not to just + revert it). + +------------------------------------------------------------------- +Wed Jun 28 19:47:28 UTC 2023 - Matej Cepl + +- Update to Python 3.11.4: + - gh-103142: The version of OpenSSL used in Windows and + Mac installers has been upgraded to 1.1.1u to address + CVE-2023-2650, CVE-2023-0465, CVE-2023-0466, CVE-2023-0464, + as well as CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303 + fixed previously in 1.1.1t (gh-101727). + - gh-102153: urllib.parse.urlsplit() now strips leading C0 + control and space characters following the specification for + URLs defined by WHATWG in response to CVE-2023-24329 + (bsc#1208471). + - gh-99889: Fixed a security in flaw in uu.decode() that could + allow for directory traversal based on the input if no + out_file was specified. + - gh-104049: Do not expose the local on-disk + location in directory indexes produced by + http.client.SimpleHTTPRequestHandler. + - gh-103935: trace.__main__ now uses io.open_code() for files + to be executed instead of raw open(). + - gh-102953: The extraction methods in tarfile, and + shutil.unpack_archive(), have a new filter argument that + allows limiting tar features than may be surprising or + dangerous, such as creating files outside the destination + directory. See Extraction filters for details (fixing + CVE-2007-4559, bsc#1203750). +- Remove upstreamed patches: + - CVE-2007-4559-filter-tarfile_extractall.patch + +------------------------------------------------------------------- +Mon Jun 26 13:02:05 UTC 2023 - Matej Cepl + +- Remove obsolete_python_versioned macro again. This mechanism + has no business to be in Python 3.11, because we have abolished + with it whole interpreter+setuptools+pip product. Python 3.11 + should not be replaced by later versions anymore. + +------------------------------------------------------------------- +Sun Apr 30 18:13:16 UTC 2023 - Matej Cepl + +- Add 103213-fetch-CONFIG_ARGS.patch (gh#python/cpython#103053). +- Add skip_if_buildbot-extend.patch to avoid the bug altogether + (extending what skip_if_buildbot covers). +- Add CVE-2007-4559-filter-tarfile_extractall.patch to fix + bsc#1203750 (CVE-2007-4559) and implementing "PEP 706 – Filter + for tarfile.extractall". + +------------------------------------------------------------------- +Thu Apr 27 21:57:15 UTC 2023 - Matej Cepl + +- Update to 3.11.3: + - Security + - gh-101727: Updated the OpenSSL version used in Windows + and macOS binary release builds to 1.1.1t to address + CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303 per the + OpenSSL 2023-02-07 security advisory. + - Core and Builtins + - gh-101975: Fixed stacktop value on tracing entries to avoid + corruption on garbage collection. + - gh-102701: Fix overflow when creating very large dict. + - gh-102416: Do not memoize incorrectly automatically + generated loop rules in the parser. Patch by Pablo Galindo. + - gh-102356: Fix a bug that caused a crash when deallocating + deeply nested filter objects. Patch by Marta Gómez Macías. + - gh-102397: Fix segfault from race condition in signal + handling during garbage collection. Patch by Kumar Aditya. + - gh-102281: Fix potential nullptr dereference and use of + uninitialized memory in fileutils. Patch by Max Bachmann. + - gh-102126: Fix deadlock at shutdown when clearing thread + states if any finalizer tries to acquire the runtime head + lock. Patch by Kumar Aditya. + - gh-102027: Fix SSE2 and SSE3 detection in _blake2 internal + module. Patch by Max Bachmann. + - gh-101967: Fix possible segfault in + positional_only_passed_as_keyword function, when new list + created. + - gh-101765: Fix SystemError / segmentation fault in iter + __reduce__ when internal access of builtins.__dict__ keys + mutates the iter object. + - gh-101696: Invalidate type version tag in + _PyStaticType_Dealloc for static types, avoiding bug where + a false cache hit could crash the interpreter. Patch by + Kumar Aditya. + - Library + - gh-102549: Don’t ignore exceptions in member type creation. + - gh-102947: Improve traceback when dataclasses.fields() is + called on a non-dataclass. Patch by Alex Waygood + - gh-102780: The asyncio.Timeout context manager now + works reliably even when performing cleanup due to task + cancellation. Previously it could raise a CancelledError + instead of an TimeoutError in such cases. + - gh-88965: typing: Fix a bug relating to substitution in . + Pacustom classes generic over a ParamSpec. Previously, if . + Pathe ParamSpec was substituted with a parameters list that . + Paitself contained a TypeVar, the TypeVar in the parameters . + Palist could not be subsequently substituted. This is now . + Pafixed tch by Nikita Sobolev . + - gh-101979: Fix a bug where parentheses in the metavar + argument to argparse.ArgumentParser.add_argument() were + dropped. Patch by Yeojin Kim. + - gh-102179: Fix os.dup2() error message for negative fds. + - gh-101961: For the binary mode, fileinput.hookcompressed() + doesn’t set the encoding value even if the value is + None. Patch by Gihwan Kim. + - gh-101936: The default value of fp becomes io.BytesIO + if HTTPError is initialized without a designated fp + parameter. Patch by Long Vo. + - gh-102069: Fix __weakref__ descriptor generation for custom + dataclasses. + - gh-101566: In zipfile, apply fix for extractall on the + underlying zipfile after being wrapped in Path. + - gh-101892: Callable iterators no longer raise SystemError + when the callable object exhausts the iterator but forgets + to either return a sentinel value or raise StopIteration. + - gh-97786: Fix potential undefined behaviour in corner cases + of floating-point-to-time conversions. + - gh-101517: Fixed bug where bdb looks up the source line + with linecache with a lineno=None, which causes it to fail + with an unhandled exception. + - gh-101673: Fix a pdb bug where ll clears the changes to + local variables. + - gh-96931: Fix incorrect results from + ssl.SSLSocket.shared_ciphers() + - gh-88233: Correctly preserve “extra” fields in zipfile + regardless of their ordering relative to a zip64 “extra.” + - gh-96127: inspect.signature was raising TypeError on + call with mock objects. Now it correctly returns (*args, + **kwargs) as infered signature. + - gh-95495: When built against OpenSSL 3.0, the ssl module + had a bug where it reported unauthenticated EOFs (i.e. + without close_notify) as a clean TLS-level EOF. It now + raises SSLEOFError, matching the behavior in previous + versions of OpenSSL. The options attribute on SSLContext + also no longer includes OP_IGNORE_UNEXPECTED_EOF by + default. This option may be set to specify the previous + OpenSSL 3.0 behavior. + - gh-94440: Fix a concurrent.futures.process bug where + ProcessPoolExecutor shutdown could hang after a future has + been quickly submitted and canceled. + - Documentation + - gh-103112: Add docstring to http.client.HTTPResponse.read() + to fix pydoc output. + - gh-85417: Update cmath documentation to clarify behaviour + on branch cuts. + - gh-97725: Fix asyncio.Task.print_stack() description for + file=None. Patch by Oleg Iarygin. + - Tests + - gh-102980: Improve test coverage on pdb. + - gh-102537: Adjust the error handling strategy in + test_zoneinfo.TzPathTest.python_tzpath_context. Patch by + Paul Ganssle. + - gh-89792: test_tools now copies up to 10x less source data + to a temporary directory during the freeze test by ignoring + git metadata and other artifacts. It also limits its python + build parallelism based on os.cpu_count instead of hard + coding it as 8 cores. + - gh-101377: Improved test_locale_calendar_formatweekday of + calendar. + - Build + - gh-102711: Fix -Wstrict-prototypes compiler warnings. + +------------------------------------------------------------------- +Fri Mar 3 17:23:35 UTC 2023 - Matej Cepl + +- Update to 3.11.2: + Bug fixes, no changes in API and no security bugs. + +------------------------------------------------------------------- +Wed Mar 1 20:50:04 UTC 2023 - Matej Cepl + +- Add python310 Obsoletes line to obsolete_python_versioned macro. + +------------------------------------------------------------------- +Tue Feb 21 11:34:49 UTC 2023 - Matej Cepl + +- Add provides for readline and sqlite3 to the main Python + package. + +------------------------------------------------------------------- +Thu Jan 26 13:28:24 UTC 2023 - Thorsten Kukuk + +- Disable NIS for new products, it's deprecated and gets removed + +------------------------------------------------------------------- +Tue Jan 24 12:23:34 UTC 2023 - Dirk Müller + +- build GLIBC hwcaps optimized versions of the interpreter + +------------------------------------------------------------------- +Tue Jan 10 11:11:56 UTC 2023 - Matej Cepl + +- Don't fail on Sphinx build warnings. +- For jsc#PED-1570, jsc#PED-2217 and jsc#PED-68, + providing Python 3.11 for SLE-15-SP4. + +------------------------------------------------------------------- +Thu Dec 8 14:59:50 UTC 2022 - Matej Cepl + +- Update to 3.11.1: + - python -m http.server no longer allows terminal control + characters sent within a garbage request to be printed + to the stderr server lo This is done by changing the + http.server BaseHTTPRequestHandler .log_message method to + replace control characters with a \xHH hex escape before + printin + - Avoid publishing list of active per-interpreter audit hooks + via the gc module + - The IDNA codec decoder used on DNS hostnames by socket or + asyncio related name resolution functions no longer involves + a quadratic algorithm. This prevents a potential CPU denial + of service if an out-of-spec excessive length hostname + involving bidirectional characters were decoded. Some + protocols such as urllib http 3xx redirects potentially allow + for an attacker to supply such a name (CVE-2022-45061). + - Update bundled libexpat to 2.5.0 + - Fix a shell code injection vulnerability in the + get-remote-certificate.py example script. The script no + longer uses a shell to run openssl commands. Issue reported + and initial fix by Caleb Shortt. Patch by Victor Stinner. + - Fix a crash when an object which does not have a dictionary + frees its instance values. + - Fix a bug in the tokenizer that could cause infinite + recursion when showing syntax warnings that happen in the + first line of the source. Patch by Pablo Galindo + - Fix an issue that could cause frames to be visible to Python + code as they are being torn down, possibly leading to memory + corruption or hard crashes of the interpreter. + - Fix a reference bug in _imp.create_builtin() after the + creation of the first sub-interpreter for modules builtins + and sys. Patch by Victor Stinner. + - Fixed a bug that was causing a buffer overflow if the + tokenizer copies a line missing the newline caracter from a + file that is as long as the available tokenizer buffer. Patch + by Pablo galindo + - Fix bug where an ExceptionGroup subclass can wrap a + BaseException. + - Fix zip path for venv created from a non-installed python on + POSIX platforms. + - Fix an issue that could potentially cause incorrect error + handling for some bytecode instructions. + - Fix an issue that prevented PyThreadState and + PyInterpreterState memory from being freed properly. + - Fix failure in except* with unhashable exceptions. + - Fix calculation of sys._base_executable when inside a POSIX + virtual environment using copies of the python binary when + the base installation does not provide the executable name + used by the venv. Calculation will fall back to alternative + names (“python”, “python.”). + - Update faulthandler to emit an error message with the proper + unexpected signal number. Patch by Dong-hee Na. + - Fix location of SyntaxError for a try block with both except + and except*. + - Fix the error reporting positions of specialized traceback + anchors when the source line contains Unicode characters. + - Fix subscription of type aliases containing bare generic + types or types like TypeVar: for example tuple[A, T][int] and + tuple[TypeVar, T][int], where A is a generic type, and T is a + type variable. + - Lower the recursion depth for marshal on WASI to support + wasmtime 2.0/main. + - Fix multiple crashes in debug mode when str subclasses are + used instead of str itself. + - Fix an issue where member descriptors (such as those for + __slots__) could behave incorrectly or crash instead of + raising a TypeError when accessed via an instance of an + invalid type. + - Suppress ImportError for invalid query for help() + command. Patch by Dong-hee Na. + - Fix detection of MAC addresses for uuid on certain OSs. Patch + by Chaim Sanders + - Print exception class name instead of its string + representation when raising errors from ctypes calls. + - os.sched_yield() now release the GIL while calling + sched_yield(2). Patch by Dong-hee Na. + - Fix an issue that could delay the specialization of PRECALL + instructions. + - Bugfix: PyFunction_GetAnnotations() should return a borrowed + reference. It was returning a new reference. + - Ensure that all Python frame objects are backed by “complete” + frames. + - Fixed a missing incref/decref pair in + Exception.__setstate__(). Patch by Ofey Chan. + - Fix the Python path configuration used to initialized + sys.path at Python startup. Paths are no longer encoded + to UTF-8/strict to avoid encoding errors if it contains + surrogate characters (bytes paths are decoded with the + surrogateescape error handler). Patch by Victor Stinner. + - Fix overly-broad source position information for chained + comparisons used as branching conditions. + - At Python exit, sometimes a thread holding the GIL can + wait forever for a thread (usually a daemon thread) which + requested to drop the GIL, whereas the thread already + exited. To fix the race condition, the thread which requested + the GIL drop now resets its request before exiting. Issue + discovered and analyzed by Mingliang ZHAO. Patch by Victor + Stinner. + - Fix a possible assertion failure, fatal error, or SystemError + if a line tracing event raises an exception while opcode + tracing is enabled. + - Fix undefined behaviour in C code of null pointer arithmetic. + - Make sure that all frame objects created are created from + valid interpreter frames. Prevents the possibility of invalid + frames in backtraces and signal handlers. + - Disable incorrect pickling of the C implemented classmethod + descriptors. + - On WASI ENOTCAPABLE is now mapped to PermissionError. The + errno modules exposes the new error number. getpath.py now + ignores PermissionError when it cannot open landmark files + pybuilddir.txt and pyenv.cfg. + - Allow pdb to locate source for frozen modules in the standard + library. + - Raise ValueError instead of SystemError when methods of + uninitialized io.IncrementalNewlineDecoder objects are + called. Patch by Oren Milman. + - Fix a possible assertion failure in io.FileIO when the opener + returns an invalid file descriptor. + - Also escape s in the http.server + BaseHTTPRequestHandler.log_message so that it is technically + possible to parse the line and reconstruct what the original + data was. Without this a xHH is ambiguious as to if it is a + hex replacement we put in or the characters r”x” came through + in the original request line. + - asyncio.get_event_loop() now only emits a deprecation warning + when a new event loop was created implicitly. It no longer + emits a deprecation warning if the current event loop was + set. + - Fix bug when calling trace.CoverageResults with valid infile. + - Fix a bug in handling class cleanups in + unittest.TestCase. Now addClassCleanup() uses separate lists + for different TestCase subclasses, and doClassCleanups() only + cleans up the particular class. + - Release the GIL when calling termios APIs to avoid blocking + threads. + - Fix ast.increment_lineno() to also cover ast.TypeIgnore when + changing line numbers. + - Fix bug in urllib.parse.urlparse() that causes URL schemes + that begin with a digit, a plus sign, or a minus sign to be + parsed incorrectly. + - Check the number of arguments in substitution in user + generics containing a TypeVarTuple and one or more TypeVar. + - Fix substitution of ParamSpec followed by TypeVarTuple in + generic aliases. + - Fix substitution of TypeVarTuple and ParamSpec together in + user generics. + - Fixed bug where inspect.signature() reported incorrect + arguments for decorated methods. + - Fix SystemError in ctypes when exception was not set during + __initsubclass__. + - Remove older version of + _SSLProtocolTransport.get_write_buffer_limits in + asyncio.sslproto + - fix negative numbers failing in verify() + - Fix statistics.NormalDist pickle with 0 and 1 protocols. + - enum.auto() is now correctly activated when combined with + other assignment values. E.g. ONE = auto(), 'some text' will + now evaluate as (1, 'some text'). + - Update the bundled copy of pip to version 22.3.1. + - Clean up refleak on failed module initialisation in _zoneinfo + - Clean up refleaks on failed module initialisation in in + _pickle + - Clean up refleak on failed module initialisation in _io. + - Fix memory leak in math.dist() when both points don’t have + the same dimension. Patch by Kumar Aditya. + - [3.11] Applied changes from importlib_metadata 4.11.4 + through 4.13, including compatibility and robustness + fixes for Distribution objects without _normalized_name, + disallowing invalid inputs to Distribution.from_name, and + refined behaviors in PathDistribution._name_from_stem and + PathDistribution._normalized_name. + - Fix argument typechecks in _overlapped.WSAConnect() and + _overlapped.Overlapped.WSASendTo() functions. + - Prevent crashing in traceback when retrieving the byte-offset + for some source files that contain certain unicode + characters. + - Fix internal error in the re module which in very rare + circumstances prevented compilation of a regular expression + containing a conditional expression without the “else” + branch. + - Fix asyncio.StreamWriter.drain() to call + protocol.connection_lost callback only once on Windows. + - Add a mutex to unittest.mock.NonCallableMock to protect + concurrent access to mock attributes. + - Fix hang on Windows in subprocess.wait_closed() in asyncio + with ProactorEventLoop. Patch by Kumar Aditya. + - Fix infinite loop in unittest when a self-referencing chained + exception is raised + - tkinter.Text.count() raises now an exception for options + starting with “-” instead of silently ignoring them. + - On uname_result, restored expectation that _fields and + _asdict would include all six properties including processor. + - A createSocket() method was added to SysLogHandler. + - Fix bug in urllib.parse.urlparse() that causes certain port + numbers containing whitespace, underscores, plus and minus + signs, or non-ASCII digits to be incorrectly accepted. + - Allow venv to pass along PYTHON* variables to ensurepip and + pip when they do not impact path resolution + - On macOS, fix a crash in syslog.syslog() in multi-threaded + applications. On macOS, the libc syslog() function is not + thread-safe, so syslog.syslog() no longer releases the GIL to + call it. Patch by Victor Stinner. + - Allow BUILTINS to be a valid field name for frozen + dataclasses. + - Wrap network errors consistently in urllib FTP support, so + the test suite doesn’t fail when a network is available but + the public internet is not reachable. + - Make sure patch.dict() can be applied on async functions. + - Earlier in 3.11 we deprecated + asyncio.Task.cancel("message"). We realized we were too + harsh, and have undeprecated it. + - Change deprecate warning message in unittest from It is + deprecated to return a value!=None to It is deprecated to + return a value that is not None from a test case + - Fixes AttributeError when subprocess.check_output() is used + with argument input=None and either of the arguments encoding + or errors are used. + - Fix is_private properties in the ipaddress module. Previously + non-private networks (0.0.0.0/0) would return True from this + method; now they correctly return False. + - Avoid spurious tracebacks from asyncio when default executor + cleanup is delayed until after the event loop is closed (e.g. + as the result of a keyboard interrupt). + - Avoid a crash in the C version of + asyncio.Future.remove_done_callback() when an evil argument + is passed. + - Remove tokenize.NL check from tabnanny. + - Fix generation of the default name of + tkinter.Checkbutton. Previously, checkbuttons in different + parent widgets could have the same short name and share + the same state if arguments “name” and “variable” are not + specified. Now they are globally unique. + - Update bundled libexpat to 2.4.9 + - Fix race condition in asyncio where process_exited() called + before the pipe_data_received() leading to inconsistent + output. Patch by Kumar Aditya. + - Fixed check in multiprocessing.resource_tracker that + guarantees that the length of a write to a pipe is not + greater than PIPE_BUF. + - Corrected type annotation for dataclass attribute + pstats.FunctionProfile.ncalls to be str. + - Fix repr of Any subclasses. + - Work around missing socket functions in socket’s __repr__. + - In inspect, fix overeager replacement of “typing.” in + formatting annotations. + - Fix handling of bytes path-like objects in os.ismount(). + - Fix handling compiler warnings (SyntaxWarning and + DeprecationWarning) in codeop.compile_command() when checking + for incomplete input. Previously it emitted warnings and + raised a SyntaxError. Now it always returns None for + incomplete input without emitting any warnings. + - To avoid apparent memory leaks when asyncio.open_connection() + raises, break reference cycles generated by local exception + and future instances (which has exception instance as its + member var). Patch by Dong Uk, Kang. + - Fixed flickering of the turtle window when the tracer is + turned off. Patch by Shin-myoung-serp. + - Fix asyncio subprocess transport to kill process cleanly + when process is blocked and avoid RuntimeError when loop is + closed. Patch by Kumar Aditya. + - Prevent error when activating venv in nested fish instances. + - TarFile.next() now returns None when called on an empty + tarfile. + - Document the optional callback parameter of WeakMethod. Patch + by Géry Ogam. + - Restrict use of sockets instead of pipes for stdin of + subprocesses created by asyncio to AIX platform only. + - shutil.copytree() now applies the ignore_dangling_symlinks + argument recursively. + - Fix IndexError in argparse.ArgumentParser when a store_true + action is given an explicit argument. + - Document that calling variadic functions with ctypes requires + special care on macOS/arm64 (and possibly other platforms). + - Remove extra row + - Clarified the conflicting advice given in the ast + documentation about ast.literal_eval() being “safe” for use + on untrusted input while at the same time warning that it + can crash the process. The latter statement is true and is + deemed unfixable without a large amount of work unsuitable + for a bugfix. So we keep the warning and no longer claim that + literal_eval is safe. + - Restructured the documentation for the os.wait* family of + functions, and improved the docs for os.waitid() with more + explanation of the possible argument constants. + - Skip test_normalization() of test_unicodedata if it + fails to download NormalizationTest.txt file from + pythontest.net. Patch by Victor Stinner. + - Correct test_marsh on (32 bit) x86: test_deterministic sets + was failing. + - Optional big memory tests in test_sqlite3 now catch the + correct sqlite.DataError exception type in case of too large + strings and/or blobs passed. + - Fix a bug in the typing tests where a test relying + on CPython-specific implementation details was not + decorated with @cpython_only and was not skipped on other + implementations. + - Add tests for star-unpacking with PEP 646, and some other + miscellaneous PEP 646 tests. + - Added explicit coverage of Py_Initialize (and hence + Py_InitializeEx) back to the embedding tests (all other + embedding tests migrated to Py_InitializeFromConfig in Python + 3.11) + - Some C API tests were moved into the new Lib/test/test_capi/ + directory. + - Fix -Wimplicit-int, -Wstrict-prototypes, and + -Wimplicit-function-declaration compiler warnings in + configure checks. + - Fix a compilation issue with GCC 12 on macOS. + - Fix -Wimplicit-int compiler warning in configure check for + PTHREAD_SCOPE_SYSTEM. + - Fix a possible fd leak in Programs/_freeze_module.c + introduced in Python 3.11. + - Fix build with PYTHON_FOR_REGEN=python3.8. + - Specify the full path to the source location for make + docclean (needed for cross-builds). + - Don’t use vendored libmpdec headers if --with-system-libmpdec + is passed to configure. Don’t use vendored libexpat headers + if --with-system-expat is passed to !configure. + - Fix the build process of clang compiler for _bootstrap_python + if LTO optimization is applied. Patch by Matthias Görgens and + Dong-hee Na. + - wasm32-emscripten builds for browsers now include + concurrent.futures for asyncio and unittest.mock. + - wasm32-emscripten platform no longer builds resource module, + getresuid(), getresgid(), and their setters. The APIs are + stubs and not functional. + - Updated pegen regeneration script on Windows to find and + use Python 3.9 or higher. Prior to this, pegen regeneration + already required 3.9 or higher, but the script may have used + lower versions of Python. + - Fix a bug in the previous bugfix that caused IDLE to + not start when run with 3.10.8, 3.12.0a1, and at least + Microsoft Python 3.10.2288.0 installed without the Lib/test + package. 3.11.0 was never affected. + - The wasm_build.py script now pre-builds Emscripten ports, + checks for broken EMSDK versions, and warns about pkg-config + env vars. + - The new tool Tools/wasm/wasm_builder.py automates configure, + compile, and test steps for building CPython on WebAssembly + platforms. + - Fix handling of module docstrings in Tools/i18n/pygettext.py. + - PyBUF_* constants were marked as part of Limited API + of Python 3.11+. These were available in 3.11.0 with + Py_LIMITED_API defined for 3.11, and are necessary to use the + buffer API. + - Fix use-after-free in Py_SetPythonHome(NULL), + Py_SetProgramName(NULL) and _Py_SetProgramFullPath(NULL) + function calls. Issue reported by Benedikt Reinartz. Patch by + Victor Stinner. + - Py_InitializeEx now correctly calls PyConfig_Clear after + initializing the interpreter (the omission didn’t cause a + memory leak only because none of the dynamically allocated + config fields are populated by the wrapper function) +- Removed upstreamed patches: + - 98437-sphinx.locale._-as-gettext-in-pyspecific.patch + - CVE-2022-45061-DoS-by-IDNA-decode.patch + +------------------------------------------------------------------- +Wed Nov 9 18:31:23 UTC 2022 - Matej Cepl + +- Add CVE-2022-45061-DoS-by-IDNA-decode.patch to avoid + CVE-2022-45061 (bsc#1205244) allowing DoS by IDNA decoding + extremely long domain names. + +------------------------------------------------------------------- +Tue Oct 25 08:39:47 UTC 2022 - Matej Cepl + +- Update to 3.11.0 (overall changes from 3.10.*): + - General changes + - PEP 657 -- Include Fine-Grained Error Locations in + Tracebacks + - PEP 654 -- Exception Groups and except* + - PEP 680 -- tomllib: Support for Parsing TOML in the + Standard Library + - gh-90908 -- Introduce task groups to asyncio + - gh-34627 -- Atomic grouping ((?>...)) and possessive + quantifiers (*+, ++, ?+, {m,n}+) are now supported in + regular expressions. + - The Faster CPython Project is already yielding some + exciting results. Python 3.11 is up to 10-60% faster than + Python 3.10. On average, we measured a 1.22x speedup on the + standard benchmark suite. See Faster CPython for details. + - Typing and typing language changes + - PEP 673 -- Self Type + - PEP 646 -- Variadic Generics + - PEP 675 -- Arbitrary Literal String Type + - PEP 655 -- Marking individual TypedDict items as required + or potentially-missing + - PEP 681 -- Data Class Transforms +- (just changes from 3.11.0rc2): + - Fix multiplying a list by an integer (list *= int): detect + the integer overflow when the new allocated length is close + to the maximum size. Issue reported by Jordan Limor. Patch by + Victor Stinner. + - On Linux the multiprocessing module returns to using + filesystem backed unix domain sockets for communication + with the forkserver process instead of the Linux abstract + socket namespace. Only code that chooses to use the + “forkserver” start method is affected. Abstract sockets have + no permissions and could allow any user on the system in the + same network namespace (often the whole system) to inject + code into the multiprocessing forkserver process. This was + a potential privilege escalation. Filesystem based socket + permissions restrict this to the forkserver process user as + was the default in Python 3.8 and earlier. This prevents + Linux CVE-2022-42919. + - Fix an issue where several frame objects could be backed by + the same interpreter frame, possibly leading to corrupted + memory and hard crashes of the interpreter. + - Fix possible data corruption or crashes when accessing the + f_back member of newly-created generator or coroutine frames. + - Fix a crash occurring when PyEval_GetFrame() is called while + the topmost Python frame is in a partially-initialized state. + - Fix command line parsing: reject -X int_max_str_digits option + with no value (invalid) when the PYTHONINTMAXSTRDIGITS + environment variable is set to a valid limit. Patch by Victor + Stinner. + - Fix undefined behaviour in _testcapimodule.c. + - When ValueError is raised if an integer is larger than the + limit, mention the sys.set_int_max_str_digits() function in + the error message. Patch by Victor Stinner. + - Correctly raise SyntaxError on exception groups (PEP 654) on + python versions prior to 3.11 + - Document some places where an assignment expression needs + parentheses. + - Update the bundled copies of pip and setuptools to versions + 22.3 and 65.5.0 respectively. + - fix Flag to use boundary CONFORM + - This restores previous Flag behavior of allowing flags with + non-sequential values to be combined; e.g. + - class Skip(Flag): TWO = 2 EIGHT = 8 + - Skip.TWO | Skip.EIGHT -> + - Fix ! in c domain ref target syntax via a conf.py patch, so + it works as intended to disable ref target resolution. + - Update tutorial introduction output to use 3.10+ SyntaxError + invalid range. + +------------------------------------------------------------------- +Fri Oct 21 10:14:03 UTC 2022 - Matej Cepl + +- Add 98437-sphinx.locale._-as-gettext-in-pyspecific.patch to + allow building of documentation with the latest Sphinx 5.3.0 + (gh#python/cpython#98366). + +------------------------------------------------------------------- +Thu Sep 15 08:43:07 UTC 2022 - Matej Cepl + +- Update to 3.11.0rc2: + - Converting between int and str in bases other than 2 + (binary), 4, 8 (octal), 16 (hexadecimal), or 32 such as base + 10 (decimal) now raises a ValueError if the number of digits + in string form is above a limit to avoid potential denial of + service attacks due to the algorithmic complexity. This is + a mitigation for CVE-2020-10735. + This new limit can be configured or disabled by environment + variable, command line flag, or sys APIs. See the integer + string conversion length limitation documentation. The + default limit is 4300 digits in string form. + - Fix case of undefined behavior in ceval.c + - Do not expose KeyWrapper in _functools. + - Ensure that tracing, sys.setrace(), is turned on + immediately. In pre-release versions of 3.11, some tracing + events might have been lost when turning on tracing in a + __del__ method or interrupt. + - Fix use after free in trace refs build mode. Patch by Kumar + Aditya. + - When loading a file with invalid UTF-8 inside a multi-line + string, a correct SyntaxError is emitted. + - Make sure that incomplete frames do not show up in + tracemalloc traces. + - Remove two cases of undefined behavior, by adding NULL + checks. + - Fix possible NULL pointer dereference in + _PyThread_CurrentFrames. Patch by Kumar Aditya. + - Fix AttributeError missing name and obj attributes in + object.__getattribute__(). Patch by Philip Georgi. + - Loading a file with invalid UTF-8 will now report the broken + character at the correct location. + - Fixed a bug that caused _PyCode_GetExtra to return garbage + for negative indexes. Patch by Pablo Galindo + - Fix a deadlock in PyGILState_Ensure() when allocating new + thread state. Patch by Kumar Aditya. + - PyType_Ready() now initializes ht_cached_keys and performs + additional checks to ensure that type objects are properly + configured. This avoids crashes in 3rd party packages that + don’t use regular API to create new types. + - Skip over incomplete frames in PyThreadState_GetFrame(). + - Fix format string in _PyPegen_raise_error_known_location that + can lead to memory corruption on some 64bit systems. The + function was building a tuple with i (int) instead of n + (Py_ssize_t) for Py_ssize_t arguments. + - Fix misleading contents of error message when converting an + all-whitespace string to float. + - ast.parse() will no longer parse function definitions with + positional-only params when passed feature_version less than + (3, 8). Patch by Shantanu Jain. + - Fix incorrect error message in the io module. + - Fix the faulthandler implementation of + faulthandler.register(signal, chain=True) if the sigaction() + function is not available: don’t call the previous signal + handler if it’s NULL. Patch by Victor Stinner. + - Correct conversion of numbers.Rational’s to float. + - Fix TypeVarTuple.__typing_prepare_subst__. TypeError was not + raised when using more than one TypeVarTuple, like [*T, *V] + in type alias substitutions. + - Fix asyncio.streams.StreamReaderProtocol to keep a strong + reference to the created task, so that it’s not garbage + collected + - Fix a performance regression in logging + TimedRotatingFileHandler. Only check for special files when + the rollover time has passed. + - Fix unused localName parameter in the Attr class in + xml.dom.minidom. + - Fix incorrect condition that causes sys.thread_info.name to + be wrong on pthread platforms. + - Remove an incompatible change from bpo-28080 that caused a + regression that ignored the utf8 in ZipInfo.flag_bits. Patch + by Pablo Galindo. + - Fix asyncio.Runner to call asyncio.set_event_loop() only + once to avoid calling attach_loop() multiple times on child + watchers. Patch by Kumar Aditya. + - Fix unittest.IsolatedAsyncioTestCase to set event loop before + calling setup functions. Patch by Kumar Aditya. + - When a task catches asyncio.CancelledError and raises some + other error, the other error should generally not silently be + suppressed. + - Fail gracefully if EPERM or ENOSYS is raised when loading + crypt methods. This may happen when trying to load MD5 on a + Linux kernel with FIPS enabled. + - Allow asyncio.StreamWriter.drain() to be awaited concurrently + by multiple tasks. Patch by Kumar Aditya. + - Fix ast.unparse() when ImportFrom.level is None + - Improve discoverability of the higher level + concurrent.futures module by providing clearer links from the + lower level threading and multiprocessing modules. + - What’s New 3.11 now has instructions for how to provide + compiler and linker flags for Tcl/Tk and OpenSSL on RHEL 7 + and CentOS 7. + - Mitigate the inherent race condition from using + find_unused_port() in testSockName() by trying to find an + unused port a few times before failing. Patch by Ross Burton. + - Build and test with OpenSSL 1.1.1q +- Use support-expat-CVE-2022-25236-patched.patch from the current + version of gh#python/cpython#93900 instead of the old + support-expat-245.patch. +- Reapply fix_configure_rst.patch. + +------------------------------------------------------------------- +Mon Sep 5 08:43:49 UTC 2022 - Andreas Schwab + +- Increase testsuite timeout for test_freeze_simple_script + +------------------------------------------------------------------- +Sat Aug 20 21:31:40 UTC 2022 - Matej Cepl + +- fix import_failed.map to refer to the python 3.11 package versions + +------------------------------------------------------------------- +Sat Aug 20 14:05:21 UTC 2022 - Matej Cepl + +- Update to 3.11.0rc1: + - Core and Builtins + - Update code object hashing and equality to consider all + debugging and exception handling tables. This fixes an + issue where certain non-identical code objects could be + “deduplicated” during compilation. + - _PyPegen_Parser_New now properly detects token memory + allocation errors. Patch by Honglin Zhu. + - Run Python code in tracer/profiler function at full + speed. Fixes slowdown in earlier versions of 3.11. + - Emit a warning in debug mode if an object does not call + PyObject_GC_UnTrack() before deallocation. Patch by Pablo + Galindo. + - Prevented crashes in the AST constructor when + compiling some absurdly long expressions like + "+0"*1000000. RecursionError is now raised instead. Patch + by Pablo Galindo + - ast.AST node positions are now validated when provided to + compile() and other related functions. If invalid positions + are detected, a ValueError will be raised. + - Fix error detection in some builtin functions when keyword + argument name is an instance of a str subclass with + overloaded __eq__ and __hash__. Previously it could cause + SystemError or other undesired behavior. + - Library + - Update bundled pip to 22.2.2. + - Fix asyncio.TaskGroup to propagate exception when + asyncio.CancelledError was replaced with another exception + by a context manger. Patch by Kumar Aditya and Guido van + Rossum. + - Update bundled pip to 22.2.1. + - Fix GC crash when deallocating _lsprof.Profiler by + untracking it before calling any callbacks. Patch by Kumar + Aditya. + - Fix asyncio.run() for asyncio.Task implementations without + uncancel() method. Patch by Kumar Aditya. + - Fix check for existence of os.EFD_CLOEXEC, os.EFD_NONBLOCK + and os.EFD_SEMAPHORE flags on older kernel versions where + these flags are not present. Patch by Kumar Aditya. + - Fix concurrent.futures.Executor.map() to cancel the + currently waiting on future on an error - e.g. TimeoutError + or KeyboardInterrupt. + - Ensure that timeouts scheduled with asyncio.Timeout that + have already expired are delivered promptly. + - Suppress writing an XML declaration in open files + in ElementTree.write() with encoding='unicode' and + xml_declaration=None. + - Fix findtext in the xml module to only give an empty string + when the text attribute is set to None. + - Documentation + - Fix stylesheet not working in Windows CHM htmlhelp docs + and add warning that they are deprecated. Contributed by + C.A.M. Gerlach. + - Update library documentation with availability information + on WebAssembly platforms wasm32-emscripten and wasm32-wasi. + - Use consistent syntax for platform availability. The + directive now supports a content body and emits a warning + when it encounters an unknown platform. + - Document a limitation in ThreadPoolExecutor where its exit + handler is executed before any handlers in atexit. + - Tests + - Lib/test/test_asyncio/test_ssl.py exposed a bug in the + macOS kernel where intense concurrent load on non-blocking + sockets occasionally causes errno.ENOBUFS (“No buffer space + available”) to be emitted. FB11063974 filed with Apple, in + the mean time as a workaround buffer size used in tests on + macOS is decreased to avoid intermittent failures. Patch by + Fantix King. + - Fix problem with test_ssl test_get_ciphers on systems that + require perfect forward secrecy (PFS) ciphers. + - Add a regression test for re exponentional slowdown when + using rjsmin. + - Build + - Fix a regression in configure script that caused some + header checks to ignore custom CPPFLAGS. The regression was + introduced in gh-94802. + - wasm32-wasi builds no longer depend on WASIX’s pthread + stubs. Python now has its own stubbed pthread API. + - Python now detects missing dup function in WASI and works + around some missing errno, select, and socket constants. + - Python now skips missing socket functions and methods on + WASI. WASI can only create sockets from existing fd / + accept and has no netdb. + - Platforms wasm32-unknown-emscripten and wasm32-unknown-wasi + have been promoted to PEP 11 tier 3 platform support. + - IDLE + - Document handling of extensions in Save As dialogs. + - Include prompts when saving Shell (interactive input and + output). + - Fix the Shell context menu copy-with-prompts bug of copying + an extra line when one selects whole lines. + - In the Edit menu, move Select All and add a new separator. + - Enable using IDLE’s module browser with .pyw files. + - Add .pyi as a recognized extension for IDLE on macOS. This + allows opening stub files by double clicking on them in the + Finder. + - C API + - Restore the 3.10 behavior for multiple inheritance of C + extension classes that store their dictionary at the end of + the struct. + - Added PyCode_GetVarnames(), PyCode_GetCellvars() and + PyCode_GetFreevars() for accessing co_varnames, co_cellvars + and co_freevars respectively via the C API. + +------------------------------------------------------------------- +Tue Jul 26 10:37:31 UTC 2022 - Matej Cepl + +- Update to 3.11.0b5: + - Core and Builtins + - gh-93351: ast.AST node positions are now validated when + provided to compile() and other related functions. If + invalid positions are detected, a ValueError will be + raised. + - gh-94438: Fix an issue that caused extended opcode + arguments and some conditional pops to be ignored when + calculating valid jump targets for assignments to the + f_lineno attribute of frame objects. In some cases, this + could cause inconsistent internal state, resulting in a + hard crash of the interpreter. + - gh-95060: Undocumented PyCode_Addr2Location function now + properly returns when addrq argument is less than zero. + - gh-95113: Replace all EXTENDED_ARG_QUICK instructions + with basic EXTENDED_ARG instructions in unquickened + code. Consumers of non-adaptive bytecode should be able to + handle extended arguments the same way they were handled in + CPython 3.10 and older. + - gh-91409: Fix incorrect source location info caused by + certain optimizations in the bytecode compiler. + - gh-94036: Fix incorrect source location info for some + multi-line attribute accesses and method calls. + - gh-94739: Allow jumping within, out of, and across + exception handlers in the debugger. + - gh-94949: ast.parse() will no longer parse parenthesized + context managers when passed feature_version less than (3, + 9). Patch by Shantanu Jain. + - gh-94947: ast.parse() will no longer parse assignment + expressions when passed feature_version less than (3, + 8). Patch by Shantanu Jain. + - gh-91256: Ensures the program name is known for help text + during interpreter startup. + - gh-94869: Fix the column offsets for some expressions in + multi-line f-strings ast nodes. Patch by Pablo Galindo. + - gh-94822: Fix an issue where lookups of metaclass + descriptors may be ignored when an identically-named + attribute also exists on the class itself. + - gh-91153: Fix an issue where a bytearray item assignment + could crash if it’s resized by the new value’s __index__() + method. + - gh-90699: Fix reference counting bug in + bool.__repr__(). Patch by Kumar Aditya. + - Library + - gh-95087: Fix IndexError in parsing invalid date in the + email module. + - gh-95199: Upgrade bundled setuptools to 63.2.0. + - gh-95194: Upgrade bundled pip to 22.2. + - gh-95132: Fix a sqlite3 regression where *args and **kwds + were incorrectly relayed from connect() to the Connection + factory. The regression was introduced in 3.11a1 with PR + 24421 (gh-85128). Patch by Erlend E. Aasland.` + - gh-93157: Fix fileinput module didn’t support errors option + when inplace is true. + - gh-95105: wsgiref.types.InputStream.__iter__() should + return Iterator[bytes], not Iterable[bytes]. Patch by + Shantanu Jain. + - gh-94857: Fix refleak in + _io.TextIOWrapper.reconfigure. Patch by Kumar Aditya. + - gh-94821: Fix binding of unix socket to empty address + on Linux to use an available address from the abstract + namespace, instead of “0”. + - gh-89988: Fix memory leak in pickle.Pickler when looking up + dispatch_table. Patch by Kumar Aditya. + - bpo-47025: Drop support for bytes on sys.path. + - Tests + - gh-95212: Make multiprocessing test case + test_shared_memory_recreate parallel-safe. + - Build + - gh-94847: Fixed _decimal module build issue on GCC when + compiling with LTO and pydebug. Debug builds no longer + force inlining of functions. + - gh-94841: Fix the possible performance regression of + PyObject_Free() compiled with MSVC version 1932. + - gh-94801: configure now uses custom flags like ZLIB_CFLAGS + and ZLIB_LIBS when searching for headers and libraries. + - gh-94773: deepfreeze.py now supports code object with + frozensets that contain incompatible, unsortable types. + - C API + - gh-94930: Fix SystemError raised when + PyArg_ParseTupleAndKeywords() is used with # in (...) but + without PY_SSIZE_T_CLEAN defined. + - gh-94864: Fix PyArg_Parse* with deprecated format units “u” + and “Z”. It returned 1 (success) when warnings are turned + into exceptions. + - gh-94731: Python again uses C-style casts for + most casting operations when compiled with + C++. This may trigger compiler warnings, if they + are enabled with e.g. -Wold-style-cast `` or + ``-Wzero-as-null-pointer-constant options for g++. + +------------------------------------------------------------------- +Thu Jul 21 14:19:53 UTC 2022 - Matej Cepl + +- Switch from %primary_interpreter to prjconf-defined + %primary_python (gh#openSUSE/python-rpm-macros#127). + +------------------------------------------------------------------- +Thu Jul 14 15:37:35 UTC 2022 - Matej Cepl + +- Update to 3.11.0b4: +- Fixes many bugs and adds following more significant changes +- Security + - gh-68966: The deprecated mailcap module now refuses to inject + Coreunsafe text (filenames, MIME types, parameters) into + shell Corecommands. Instead of using such text, it will + warn and act Coreas if a match was not found (or for test + commands, as if the Coretest failed). and Builtins + - gh-93516: Lazily create a table mapping bytecode offsets to + line numbers to speed up calculation of line numbers when + tracing. + - gh-93461: importlib.invalidate_caches() now drops entries + from sys.path_importer_cache with a relative path as + name. This solves a caching issue when a process changes its + current working directory. + - FileFinder no longer inserts a dot in the path, e.g. + /egg/./spam is now /egg/spam. +Library + - gh-93896: Fix asyncio.run() and + unittest.IsolatedAsyncioTestCase to always the set event loop + as it was done in Python 3.10 and earlier. Patch by Kumar + Aditya. + - gh-94101: Manual instantiation of ssl.SSLSession objects is + no longer allowed as it lead to misconfigured instances that + crashed the interpreter when attributes where accessed on + them. + - gh-83658: Make multiprocessing.Pool raise an exception if + maxtasksperchild is not None or a positive int. + - gh-61162: Clarify sqlite3 behavior when Using the connection + as a context manager. +Tools/Demos + - gh-94538: Fix Argument Clinic output to custom file + destinations. Patch by Erlend E. Aasland. +C API + - gh-93937: The following frame functions and type are now + directly available with #include , it’s no longer + needed to add #include : + PyFrame_Check() + PyFrame_GetBack() + PyFrame_GetBuiltins() + PyFrame_GetGenerator() + PyFrame_GetGlobals() + PyFrame_GetLasti() + PyFrame_GetLocals() + PyFrame_Type + +------------------------------------------------------------------- +Tue May 31 20:54:36 UTC 2022 - Matej Cepl + +- Update to 3.11.0b2: + - many small updates +- Add patch support-expat-245.patch: + * Support Expat >= 2.4.4 (jsc#SLE-21253) + +------------------------------------------------------------------- +Tue May 10 15:01:18 UTC 2022 - Matej Cepl + +- Refresh bluez-devel-vendor.tar.xz +- Fix building with system-expat (gh#python/cpython#92875). Nope, + it didn't work, worked around it. + +------------------------------------------------------------------- +Mon May 9 15:09:03 UTC 2022 - Matej Cepl + +- Update to pre-release version 3.11.0b1: + - PEP 657 – Include Fine-Grained Error Locations in Tracebacks + - PEP 654 – Exception Groups and except* + - PEP 673 – Self Type + - PEP 646 – Variadic Generics + - PEP 680– tomllib: Support for Parsing TOML in the Standard Library + - PEP 675– Arbitrary Literal String Type + - PEP 655– Marking individual TypedDict items as required or potentially-missing + - bpo-46752– Introduce task groups to asyncio + - The Faster Cpython Project is already yielding some exciting + results. Python 3.11 is up to 10-60% faster than Python + 3.10. On average, we measured a 1.22x speedup on the standard + benchmark suite. See + https://docs.python.org/3.11/whatsnew/3.11.html#faster-cpython + for details. + +------------------------------------------------------------------- +Thu May 5 14:35:56 UTC 2022 - Matej Cepl + +- Switch primary_interpreter from python38 to python310 + +------------------------------------------------------------------- +Sat Mar 26 22:52:45 UTC 2022 - Matej Cepl + +- Update to 3.10.4: + - bpo-46968: Check for the existence of the “sys/auxv.h” header + in faulthandler to avoid compilation problems in systems + where this header doesn’t exist. Patch by Pablo Galindo + - bpo-23691: Protect the re.finditer() iterator from + re-entering. + - bpo-42369: Fix thread safety of zipfile._SharedFile.tell() to + avoid a “zipfile.BadZipFile: Bad CRC-32 for file” exception + when reading a ZipFile from multiple threads. + - bpo-38256: Fix binascii.crc32() when it is compiled to use + zlib’c crc32 to work properly on inputs 4+GiB in length + instead of returning the wrong result. The workaround prior + to this was to always feed the function data in increments + smaller than 4GiB or to just call the zlib module function. + - bpo-39394: A warning about inline flags not at the start of + the regular expression now contains the position of the flag. + - bpo-47061: Deprecate the various modules listed by PEP 594: + - aifc, asynchat, asyncore, audioop, cgi, cgitb, chunk, crypt, + imghdr, msilib, nntplib, nis, ossaudiodev, pipes, smtpd, + sndhdr, spwd, sunau, telnetlib, uu, xdrlib + - bpo-2604: Fix bug where doctests using globals would fail + when run multiple times. + - bpo-45997: Fix asyncio.Semaphore re-aquiring FIFO order. + - bpo-47022: The asynchat, asyncore and smtpd modules have been + deprecated since at least Python 3.6. Their documentation and + deprecation warnings and have now been updated to note they + will removed in Python 3.12 (PEP 594). + - bpo-46421: Fix a unittest issue where if the command was + invoked as python -m unittest and the filename(s) began with + a dot (.), a ValueError is returned. + - bpo-40296: Fix supporting generic aliases in pydoc. + +- Update to 3.10.3: + - bpo-46940: Avoid overriding AttributeError metadata + information for nested attribute access calls. Patch by Pablo + Galindo. + - bpo-46852: Rename the private undocumented + float.__set_format__() method to float.__setformat__() to fix + a typo introduced in Python 3.7. The method is only used by + test_float. Patch by Victor Stinner. + - bpo-46794: Bump up the libexpat version into 2.4.6 + - bpo-46820: Fix parsing a numeric literal immediately (without + spaces) followed by “not in” keywords, like in 1not in x. Now + the parser only emits a warning, not a syntax error. + - bpo-46762: Fix an assert failure in debug builds when a ‘<’, + ‘>’, or ‘=’ is the last character in an f-string that’s + missing a closing right brace. + - bpo-46724: Make sure that all backwards jumps use the + JUMP_ABSOLUTE instruction, rather than JUMP_FORWARD with an + argument of (2**32)+offset. + - bpo-46732: Correct the docstring for the __bool__() method. + Patch by Jelle Zijlstra. + - bpo-46707: Avoid potential exponential backtracking when + producing some syntax errors involving lots of brackets. + Patch by Pablo Galindo. + - bpo-40479: Add a missing call to va_end() in + Modules/_hashopenssl.c. + - bpo-46615: When iterating over sets internally in + setobject.c, acquire strong references to the resulting items + from the set. This prevents crashes in corner-cases of + various set operations where the set gets mutated. + - bpo-45773: Remove two invalid “peephole” optimizations from + the bytecode compiler. + - bpo-43721: Fix docstrings of getter, setter, and deleter to + clarify that they create a new copy of the property. + - bpo-46503: Fix an assert when parsing some invalid N escape + sequences in f-strings. + - bpo-46417: Fix a race condition on setting a type __bases__ + attribute: the internal function add_subclass() now gets the + PyTypeObject.tp_subclasses member after calling + PyWeakref_NewRef() which can trigger a garbage collection + which can indirectly modify PyTypeObject.tp_subclasses. Patch + by Victor Stinner. + - bpo-46383: Fix invalid signature of _zoneinfo’s module_free + function to resolve a crash on wasm32-emscripten platform. + - bpo-46070: Py_EndInterpreter() now explicitly untracks all + objects currently tracked by the GC. Previously, if an object + was used later by another interpreter, calling + PyObject_GC_UnTrack() on the object crashed if the previous + or the next object of the PyGC_Head structure became + a dangling pointer. Patch by Victor Stinner. + - bpo-46339: Fix a crash in the parser when retrieving the + error text for multi-line f-strings expressions that do not + start in the first line of the string. Patch by Pablo Galindo + - bpo-46240: Correct the error message for unclosed parentheses + when the tokenizer doesn’t reach the end of the source when + the error is reported. Patch by Pablo Galindo + - bpo-46091: Correctly calculate indentation levels for lines + with whitespace character that are ended by line continuation + characters. Patch by Pablo Galindo + - bpo-43253: Fix a crash when closing transports where the + underlying socket handle is already invalid on the Proactor + event loop. + - bpo-47004: Apply bugfixes from importlib_metadata 4.11.3, + including bugfix for EntryPoint.extras, which was returning + match objects and not the extras strings. + - bpo-46985: Upgrade pip wheel bundled with ensurepip (pip + 22.0.4) + - bpo-46968: faulthandler: On Linux 5.14 and newer, dynamically + determine size of signal handler stack size CPython allocates + using getauxval(AT_MINSIGSTKSZ). This changes allows for + Python extension’s request to Linux kernel to use AMX_TILE + instruction set on Sapphire Rapids Xeon processor to succeed, + unblocking use of the ISA in frameworks. + - bpo-46955: Expose asyncio.base_events.Server as + asyncio.Server. Patch by Stefan Zabka. + - bpo-23325: The signal module no longer assumes that SIG_IGN + and SIG_DFL are small int singletons. + - bpo-46932: Update bundled libexpat to 2.4.7 + - bpo-25707: Fixed a file leak in + xml.etree.ElementTree.iterparse() when the iterator is not + exhausted. Patch by Jacob Walls. + - bpo-44886: Inherit asyncio proactor datagram transport from + asyncio.DatagramTransport. + - bpo-46827: Support UDP sockets in asyncio.loop.sock_connect() + for selector-based event loops. Patch by Thomas Grainger. + - bpo-46811: Make test suite support Expat >=2.4.5 + - bpo-46252: Raise TypeError if ssl.SSLSocket is passed to + transport-based APIs. + - bpo-46784: Fix libexpat symbols collisions with user + dynamically loaded or statically linked libexpat in embedded + Python. + - bpo-39327: shutil.rmtree() can now work with VirtualBox + shared folders when running from the guest operating-system. + - bpo-46756: Fix a bug in + urllib.request.HTTPPasswordMgr.find_user_password() and + urllib.request.HTTPPasswordMgrWithPriorAuth.is_authenticated() + which allowed to bypass authorization. For example, access to + URI example.org/foobar was allowed if the user was authorized + for URI example.org/foo. + - bpo-46643: In typing.get_type_hints(), support evaluating + stringified ParamSpecArgs and ParamSpecKwargs annotations. + Patch by Gregory Beauregard. + - bpo-45863: When the tarfile module creates a pax format + archive, it will put an integer representation of timestamps + in the ustar header (if possible) for the benefit of older + unarchivers, in addition to the existing full-precision + timestamps in the pax extended header. + - bpo-46676: Make typing.ParamSpec args and kwargs equal to + themselves. Patch by Gregory Beauregard. + - bpo-46672: Fix NameError in asyncio.gather() when initial + type check fails. + - bpo-46655: In typing.get_type_hints(), support evaluating + bare stringified TypeAlias annotations. Patch by Gregory + Beauregard. + - bpo-45948: Fixed a discrepancy in the C implementation of the + xml.etree.ElementTree module. Now, instantiating an + xml.etree.ElementTree.XMLParser with a target=None keyword + provides a default xml.etree.ElementTree.TreeBuilder target + as the Python implementation does. + - bpo-46521: Fix a bug in the codeop module that was + incorrectly identifying invalid code involving string quotes + as valid code. + - bpo-46581: Brings ParamSpec propagation for GenericAlias in + line with Concatenate (and others). + - bpo-46591: Make the IDLE doc URL on the About IDLE dialog + clickable. + - bpo-46400: expat: Update libexpat from 2.4.1 to 2.4.4 + - bpo-46487: Add the get_write_buffer_limits method to + asyncio.transports.WriteTransport and to the SSL transport. + - bpo-45173: Note the configparser deprecations will be removed + in Python 3.12. + - bpo-46539: In typing.get_type_hints(), support evaluating + stringified ClassVar and Final annotations inside Annotated. + Patch by Gregory Beauregard. + - bpo-46491: Allow typing.Annotated to wrap typing.Final and + typing.ClassVar. Patch by Gregory Beauregard. + - bpo-46436: Fix command-line option -d/--directory in module + http.server which is ignored when combined with command-line + option --cgi. Patch by Géry Ogam. + - bpo-41403: Make mock.patch() raise a TypeError with + a relevant error message on invalid arg. Previously it + allowed a cryptic AttributeError to escape. + - bpo-46474: In importlib.metadata.EntryPoint.pattern, avoid + potential REDoS by limiting ambiguity in consecutive + whitespace. + - bpo-46469: asyncio generic classes now return + types.GenericAlias in __class_getitem__ instead of the same + class. + - bpo-46434: pdb now gracefully handles help when __doc__ is + missing, for example when run with pregenerated optimized + .pyc files. + - bpo-46333: The __eq__() and __hash__() methods of + typing.ForwardRef now honor the module parameter of + typing.ForwardRef. Forward references from different modules + are now differentiated. + - bpo-46246: Add missing __slots__ to + importlib.metadata.DeprecatedList. Patch by Arie Bovenberg. + - bpo-46266: Improve day constants in calendar. + - Now all constants (MONDAY … SUNDAY) are documented, tested, + and added to __all__. + - bpo-46232: The ssl module now handles certificates with bit + strings in DN correctly. + - bpo-43118: Fix a bug in inspect.signature() that was causing + it to fail on some subclasses of classes with + a __text_signature__ referencing module globals. Patch by + Weipeng Hong. + - bpo-26552: Fixed case where failing asyncio.ensure_future() + did not close the coroutine. Patch by Kumar Aditya. + - bpo-21987: Fix an issue with tarfile.TarFile.getmember() + getting a directory name with a trailing slash. + - bpo-20392: Fix inconsistency with uppercase file extensions + in MimeTypes.guess_type(). Patch by Kumar Aditya. + - bpo-46080: Fix exception in argparse help text generation if + a argparse.BooleanOptionalAction argument’s default is + argparse.SUPPRESS and it has help specified. Patch by Felix + Fontein. + - bpo-44439: Fix .write() method of a member file in ZipFile, + when the input data is an object that supports the buffer + protocol, the file length may be wrong. + - bpo-45703: When a namespace package is imported before + another module from the same namespace is created/installed + in a different sys.path location while the program is + running, calling the importlib.invalidate_caches() function + will now also guarantee the new module is noticed. + - bpo-24959: Fix bug where unittest sometimes drops frames from + tracebacks of exceptions raised in tests. + - bpo-44791: Fix substitution of ParamSpec in Concatenate with + different parameter expressions. Substitution with a list of + types returns now a tuple of types. Substitution with + Concatenate returns now a Concatenate with concatenated lists + of arguments. + - bpo-14156: argparse.FileType now supports an argument of ‘-’ + in binary mode, returning the .buffer attribute of + sys.stdin/sys.stdout as appropriate. Modes including ‘x’ and + ‘a’ are treated equivalently to ‘w’ when argument is ‘-’. + Patch contributed by Josh Rosenberg + - bpo-46463: Fixes escape4chm.py script used when building the + CHM documentation file + - bpo-46913: Fix test_faulthandler.test_sigfpe() if Python is + built with undefined behavior sanitizer (UBSAN): disable + UBSAN on the faulthandler_sigfpe() function. Patch by Victor + Stinner. + - bpo-46708: Prevent default asyncio event loop policy + modification warning after test_asyncio execution. + - bpo-46678: The function make_legacy_pyc in + Lib/test/support/import_helper.py no longer fails when + PYTHONPYCACHEPREFIX is set to a directory on a different + device from where tempfiles are stored. + - bpo-46616: Ensures test_importlib.test_windows cleans up + registry keys after completion. + - bpo-44359: test_ftplib now silently ignores socket errors to + prevent logging unhandled threading exceptions. Patch by + Victor Stinner. + - bpo-46542: Fix a Python crash in test_lib2to3 when using + Python built in debug mode: limit the recursion limit. Patch + by Victor Stinner. + - bpo-46576: test_peg_generator now disables compiler + optimization when testing compilation of its own C extensions + to significantly speed up the testing on non-debug builds of + CPython. + - bpo-46542: Fix test_json tests checking for RecursionError: + modify these tests to use support.infinite_recursion(). Patch + by Victor Stinner. + - bpo-13886: Skip test_builtin PTY tests on non-ASCII + characters if the readline module is loaded. The readline + module changes input() behavior, but test_builtin is not + intented to test the readline module. Patch by Victor + Stinner. + - bpo-38472: Fix GCC detection in setup.py when + cross-compiling. The C compiler is now run with LC_ALL=C. + Previously, the detection failed with a German locale. + - bpo-46513: configure no longer uses AC_C_CHAR_UNSIGNED macro + and pyconfig.h no longer defines reserved symbol + __CHAR_UNSIGNED__. + - bpo-45296: Clarify close, quit, and exit in IDLE. In the File + menu, ‘Close’ and ‘Exit’ are now ‘Close Window’ (the current + one) and ‘Exit’ is now ‘Exit IDLE’ (by closing all windows). + In Shell, ‘quit()’ and ‘exit()’ mean ‘close Shell’. If there + are no other windows, this also exits IDLE. + - bpo-45447: Apply IDLE syntax highlighting to pyi files. Patch + by Alex Waygood and Terry Jan Reedy. + - bpo-46433: The internal function _PyType_GetModuleByDef now + correctly handles inheritance patterns involving static + types. + - bpo-14916: Fixed bug in the tokenizer that prevented + PyRun_InteractiveOne from parsing from the provided FD. + +- Remove upstreamed patches: + - support-expat-245.patch + +------------------------------------------------------------------- +Tue Feb 22 05:53:06 UTC 2022 - Steve Kowalik + +- Add patch support-expat-245.patch: + * Support Expat >= 2.4.5 + +------------------------------------------------------------------- +Tue Feb 15 23:05:55 UTC 2022 - Matej Cepl + +- bsc#1195831 Obsolete older "most modern" versions of python + packages (python39 for python310 and so forth). For next + versions it is necessary just to edit the macro. + +------------------------------------------------------------------- +Tue Jan 25 16:09:25 UTC 2022 - Matej Cepl + +- Remove second superfluous BR rpm-build-python + +------------------------------------------------------------------- +Tue Jan 25 16:09:25 UTC 2022 - Matej Cepl + +- Remove second superfluous BR rpm-build-python +- Add fix_configure_rst.patch, which removes duplicate link + targets and make documentation with old Sphinx in SLE +- Skip test_capi (bsc#1195140 and bpo#37169) + +------------------------------------------------------------------- +Wed Jan 19 22:01:51 UTC 2022 - Matej Cepl + +- Update to 3.10.2: + Bugfix only + - bpo#46347 memory leak in PyEval_EvalCodeEx (especially + visible with Cython code) + - and many others + +------------------------------------------------------------------- +Wed Dec 8 13:07:25 UTC 2021 - Matej Cepl + +- Upgrade to 3.10.1 (jsc#SLE-18038): + - PEP 623 – Deprecate and prepare for the removal of the wstr + member in PyUnicodeObject. + - PEP 604 – Allow writing union types as X | Y + - PEP 612 – Parameter Specification Variables + - PEP 626 – Precise line numbers for debugging and other tools. + - PEP 618 – Add Optional Length-Checking To zip. + - bpo-12782: Parenthesized context managers are now officially + allowed. + - PEP 632 – Deprecate distutils module. + - PEP 613 – Explicit Type Aliases + - PEP 634 – Structural Pattern Matching: Specification + - PEP 635 – Structural Pattern Matching: Motivation and + Rationale + - PEP 636 – Structural Pattern Matching: Tutorial + - PEP 644 – Require OpenSSL 1.1.1 or newer + - PEP 624 – Remove Py_UNICODE encoder APIs + - PEP 597 – Add optional EncodingWarning +- Patches readjusted: + - bpo-31046_ensurepip_honours_prefix.patch + - python-3.3.0b1-fix_date_time_compiler.patch + +------------------------------------------------------------------- +Sat Dec 4 18:40:28 UTC 2021 - Matej Cepl + +- Remove pdb_adjust_breakpoints.patch and instead just adjust location + of the test breakpoint in Lib/test/test_pdb.py via sed, because we + have shortened Lib/pdb.py by removing the shebang (bpo#45964). + +------------------------------------------------------------------- +Thu Dec 2 13:51:57 UTC 2021 - Matej Cepl + +- Add pdb_adjust_breakpoints.patch fixing expectd results in + test_pdb_breakpoints_preserved_across_interactive_sessions + (bpo#45964). + +------------------------------------------------------------------- +Mon Nov 29 00:17:07 UTC 2021 - Matej Cepl + +- Remove shebangs from from python-base libraries in _libdir + (bsc#1193179). +- Readjust patches: + - bpo-31046_ensurepip_honours_prefix.patch + - decimal.patch + - python-3.3.0b1-fix_date_time_compiler.patch + +------------------------------------------------------------------- +Tue Nov 16 16:03:43 UTC 2021 - Matej Cepl + +- Move rpm-build-python construct to correct place. + +------------------------------------------------------------------- +Wed Oct 13 08:52:47 UTC 2021 - Dominique Leuenberger + +- BuildRequire rpm-build-python: The provider to inject python(abi) + has been moved there. rpm-build pulls rpm-build-python + automatically in when building anything against python3-base, but + this implies that the initial build of python3-base does not + trigger the automatic installation. + +------------------------------------------------------------------- +Tue Oct 5 22:36:51 UTC 2021 - Matej Cepl + +- Final release of 3.10.0: + Complete list on https://www.python.org/downloads/release/python-3100/, + but highlights are: + - PEP 623 – Deprecate and prepare for the removal of the wstr + member in PyUnicodeObject. + - PEP 604 – Allow writing union types as X | Y + - PEP 612 – Parameter Specification Variables + - PEP 626 – Precise line numbers for debugging and other + tools. + - PEP 618 – Add Optional Length-Checking To zip. + - PEP 632 – Deprecate distutils module. + - PEP 613 – Explicit Type Aliases + - PEP 634 – Structural Pattern Matching: Specification + - PEP 635 – Structural Pattern Matching: Motivation and + Rationale + - PEP 636 – Structural Pattern Matching: Tutorial + - PEP 644 – Require OpenSSL 1.1.1 or newer + - PEP 624 – Remove Py_UNICODE encoder APIs + - PEP 597 – Add optional EncodingWarning + - bpo-12782: Parenthesized context managers are now officially + allowed. + +------------------------------------------------------------------- +Mon Aug 30 12:48:25 UTC 2021 - Matej Cepl + +- Switch on option --with-system-libmpdec (bsc#1189356). + +------------------------------------------------------------------- +Fri Aug 27 13:15:03 UTC 2021 - Andreas Schwab + +- Reenable profileopt with qemu emulation, test_faulthandler is no longer + run during profiling + +------------------------------------------------------------------- +Thu Aug 12 15:11:39 UTC 2021 - Andreas Schwab + +- test_faulthandler is still problematic under qemu linux-user emulation, + disable it there + +------------------------------------------------------------------- +Wed Aug 11 05:57:11 UTC 2021 - Matej Cepl + +- Update to 3.10.0rc1 (the penultimate prerelease), which contains + plenty of small bugfixes among others: + - bpo#38605: from __future__ import annotations (PEP 563) used to be + on this list in previous pre-releases but it has been postponed to + Python 3.11 due to some compatibility concerns. + - bpo-44600: Fix incorrect line numbers while tracing some failed + patterns in match statements. Patch by Charles Burkland. + - plenty of modifications in types.Union + +------------------------------------------------------------------- +Wed Jul 21 13:44:48 UTC 2021 - Matej Cepl + +- Update to 3.10.0b4: + https://docs.python.org/3.10/whatsnew/changelog.html#python-3-10-0-beta-4 +- Remove python3-imp-returntype.patch which has been upstreamed. + +------------------------------------------------------------------- +Mon Jun 7 15:52:44 UTC 2021 - Matej Cepl + +- Update to 3.10.0b2: + - PEP 623 -- Deprecate and prepare for the removal of the wstr + member in PyUnicodeObject. + - PEP 604 -- Allow writing union types as X | Y + - PEP 612 -- Parameter Specification Variables + - PEP 626 -- Precise line numbers for debugging and other + tools. + - PEP 618 -- Add Optional Length-Checking To zip. + - bpo-12782: Parenthesized context managers are now officially + allowed. + - PEP 632 -- Deprecate distutils module. + - PEP 613 -- Explicit Type Aliases + - PEP 634 -- Structural Pattern Matching: Specification + - PEP 635 -- Structural Pattern Matching: Motivation and + Rationale + - PEP 636 -- Structural Pattern Matching: Tutorial + - PEP 644 -- Require OpenSSL 1.1.1 or newer + - PEP 624 -- Remove Py_UNICODE encoder APIs + - PEP 597 -- Add optional EncodingWarning +- Removed patches (assumed upstream): + - sphinx-update-removed-function.patch + +------------------------------------------------------------------- +Sat Jun 5 21:21:38 UTC 2021 - Matej Cepl + +- Revert previous skip over test_capi +- Add skip-test_pyobject_freed_is_freed.patch to skip failing + test on SLE-15. + +------------------------------------------------------------------- +Fri Jun 4 21:36:30 UTC 2021 - Dirk Müller + +- allow build with Sphinx >= 3.x + +------------------------------------------------------------------- +Wed Jun 2 13:12:04 UTC 2021 - Dan Čermák + +- Exclude test_capi on Leap (test fails there) + +------------------------------------------------------------------- +Fri May 21 15:13:59 UTC 2021 - Matej Cepl + +- Stop providing "python" symbol (bsc#1185588), which means + python2 currently. + +------------------------------------------------------------------- +Wed May 5 15:16:58 UTC 2021 - Matej Cepl + +- Update to 3.9.5: + * Security + - bpo-43434: Creating a sqlite3.Connection object now also + produces a sqlite3.connect auditing event. Previously this + event was only produced by sqlite3.connect() calls. Patch + by Erlend E. Aasland. + - bpo-43882: The presence of newline or tab characters in + parts of a URL could allow some forms of attacks. + - Following the controlling specification for URLs defined by + WHATWG urllib.parse() now removes ASCII newlines and tabs + from URLs, preventing such attacks. + - bpo-43472: Ensures interpreter-level audit hooks receive + the cpython.PyInterpreterState_New event when called + through the _xxsubinterpreters module. + - bpo-36384: ipaddress module no longer accepts any leading + zeros in IPv4 address strings. Leading zeros are ambiguous + and interpreted as octal notation by some libraries. For + example the legacy function socket.inet_aton() treats + leading zeros as octal notatation. glibc implementation of + modern inet_pton() does not accept any leading zeros. For + a while the ipaddress module used to accept ambiguous + leading zeros. + - bpo-43075: Fix Regular Expression Denial of Service (ReDoS) + vulnerability in urllib.request.AbstractBasicAuthHandler. + The ReDoS-vulnerable regex has quadratic worst-case + complexity and it allows cause a denial of service when + identifying crafted invalid RFCs. This ReDoS issue is on + the client side and needs remote attackers to control the + HTTP server. + - bpo-42800: Audit hooks are now fired for frame.f_code, + traceback.tb_frame, and generator code/frame attribute + access. + * Core and Builtins + - bpo-43105: Importlib now resolves relative paths when + creating module spec objects from file locations. + - bpo-42924: Fix bytearray repetition incorrectly copying + data from the start of the buffer, even if the data is + offset within the buffer (e.g. after reassigning a slice at + the start of the bytearray to a shorter byte string). + * Library + - bpo-43993: Update bundled pip to 21.1.1. + - bpo-43937: Fixed the turtle module working with non-default + root window. + - bpo-43930: Update bundled pip to 21.1 and setuptools to + 56.0.0 + - bpo-43920: OpenSSL 3.0.0: load_verify_locations() now + returns a consistent error message when cadata contains no + valid certificate. + - bpo-43607: urllib can now convert Windows paths with \\?\ + prefixes into URL paths. + - bpo-43284: platform.win32_ver derives the windows version + from sys.getwindowsversion().platform_version which in turn + derives the version from kernel32.dll (which can be of + a different version than Windows itself). Therefore change + the platform.win32_ver to determine the version using the + platform module’s _syscmd_ver private function to return an + accurate version. + - bpo-42248: [Enum] ensure exceptions raised in _missing__ + are released + - bpo-43799: OpenSSL 3.0.0: define OPENSSL_API_COMPAT 1.1.1 + to suppress deprecation warnings. Python requires OpenSSL + 1.1.1 APIs. + - bpo-43794: Add ssl.OP_IGNORE_UNEXPECTED_EOF constants + (OpenSSL 3.0.0) + - bpo-43789: OpenSSL 3.0.0: Don’t call the password callback + function a second time when first call has signaled an + error condition. + - bpo-43788: The header files for ssl error codes are now + OpenSSL version-specific. Exceptions will now show correct + reason and library codes. The make_ssl_data.py script has + been rewritten to use OpenSSL’s text file with error codes. + - bpo-43655: tkinter dialog windows are now recognized as + dialogs by window managers on macOS and X Window. + - bpo-43534: turtle.textinput() and turtle.numinput() create + now a transient window working on behalf of the canvas + window. + - bpo-43522: Fix problem with hostname_checks_common_name. + OpenSSL does not copy hostflags from struct SSL_CTX to + struct SSL. + - bpo-42967: Allow bytes separator argument in + urllib.parse.parse_qs and urllib.parse.parse_qsl when + parsing str query strings. Previously, this raised + a TypeError. + - bpo-43176: Fixed processing of a dataclass that inherits + from a frozen dataclass with no fields. It is now correctly + detected as an error. + - bpo-41735: Fix thread locks in zlib module may go wrong in + rare case. Patch by Ma Lin. + - bpo-36470: Fix dataclasses with InitVars and replace(). + Patch by Claudiu Popa. + - bpo-32745: Fix a regression in the handling of ctypes’ + ctypes.c_wchar_p type: embedded null characters would cause + a ValueError to be raised. Patch by Zackery Spytz. + * Documentation + - bpo-43959: The documentation on the PyContextVar C-API was + clarified. + - bpo-43938: Update dataclasses documentation to express that + FrozenInstanceError is derived from AttributeError. + - bpo-43755: Update documentation to reflect that + unparenthesized lambda expressions can no longer be the + expression part in an if clause in comprehensions and + generator expressions since Python 3.9. + - bpo-43739: Fixing the example code in + Doc/extending/extending.rst to declare and initialize the + pmodule variable to be of the right type. + * Tests + - bpo-43961: Fix + test_logging.test_namer_rotator_inheritance() on Windows: + use os.replace() rather than os.rename(). Patch by Victor + Stinner. + - bpo-43842: Fix a race condition in the SMTP test of + test_logging. Don’t close a file descriptor (socket) from + a different thread while asyncore.loop() is polling the + file descriptor. Patch by Victor Stinner. + - bpo-43811: Tests multiple OpenSSL versions on GitHub + Actions. Use ccache to speed up testing. + - bpo-43791: OpenSSL 3.0.0: Disable testing of legacy + protocols TLS 1.0 and 1.1. Tests are failing with + TLSV1_ALERT_INTERNAL_ERROR. +- Refreshed patches: + - bpo-31046_ensurepip_honours_prefix.patch + - python-3.3.0b1-fix_date_time_compiler.patch +- Add vendorized files from bluez-devel to enable building support for + Bluetooth. + +------------------------------------------------------------------- +Sun May 2 09:20:06 UTC 2021 - Ben Greiner + +- Make sure to close the import_failed.map file after the exception + has been raised in order to avoid ResourceWarnings when the + failing import is part of a try...except block. + +------------------------------------------------------------------- +Wed Apr 28 16:39:54 UTC 2021 - Matej Cepl + +- Update to 3.9.4: + - bpo#43710: Reverted the fix for https://bugs.python.org/issue42500 + as it changed the PyThreadState struct size and broke the 3.9.x ABI + in the 3.9.3 release (visible on 32-bit platforms using binaries + compiled using an earlier version of Python 3.9.x headers). + - bpo#26053: Fixed bug where the pdb interactive run command echoed + the args from the shell command line, even if those have been + overridden at the pdb prompt. + - bpo#42988 (bsc#1183374) CVE-2021-3426: Remove the getfile + feature of the pydoc module which could be abused to read + arbitrary files on the disk (directory traversal + vulnerability). Moreover, even source code of Python modules + can contain sensitive data like passwords. Vulnerability + reported by David Schwörer. + - bpo#43285: ftplib no longer trusts the IP address value + returned from the server in response to the PASV command by + default. This prevents a malicious FTP server from using the + response to probe IPv4 address and port combinations on the + client network. Code that requires the former vulnerable + behavior may set a trust_server_pasv_ipv4_address attribute + on their ftplib.FTP instances to True to re-enable it. + - bpo#43439: Add audit hooks for gc.get_objects(), + gc.get_referrers() and gc.get_referents(). Patch by Pablo + Galindo. + - bpo#43660: Fix crash that happens when replacing sys.stderr + with a callable that can remove the object while an exception + is being printed. Patch by Pablo Galindo. + - bpo#43555: Report the column offset for SyntaxError for + invalid line continuation characters. Patch by Pablo Galindo. + - bpo#43517: Fix misdetection of circular imports when using + from pkg.mod import attr, which caused false positives in + non-trivial multi-threaded code. + - bpo#35883: Python no longer fails at startup with a fatal + error if a command line argument contains an invalid Unicode + character. The Py_DecodeLocale() function now escapes byte + sequences which would be decoded as Unicode characters + outside the [U+0000; U+10ffff] range. + - bpo#43406: Fix a possible race condition where + PyErr_CheckSignals tries to execute a non-Python signal + handler. + - bpo#42500: Improve handling of exceptions near recursion + limit. Converts a number of Fatal Errors in RecursionErrors. + - bpo#43433: xmlrpc.client.ServerProxy no longer ignores query + and fragment in the URL of the server. + - bpo#35930: Raising an exception raised in a “future” instance + will create reference cycles. + - bpo#43577: Fix deadlock when using ssl.SSLContext debug + callback with ssl.SSLContext.sni_callback(). + - bpo#43521: ast.unparse can now render NaNs and empty sets. + - bpo#43423: subprocess.communicate() no longer raises an + IndexError when there is an empty stdout or stderr IO buffer + during a timeout on Windows. + - bpo#27820: Fixed long-standing bug of smtplib.SMTP where + doing AUTH LOGIN with initial_response_ok=False will fail. + The cause is that SMTP.auth_login _always_ returns a password + if provided with a challenge string, thus non-compliant with + the standard for AUTH LOGIN. Also fixes bug with the test for + smtpd. + - bpo#43332: Improves the networking efficiency of http.client + when using a proxy via set_tunnel(). Fewer small send calls + are made during connection setup. + - bpo#43399: Fix ElementTree.extend not working on iterators + when using the Python implementation + - bpo#43316: The python -m gzip command line application now + properly fails when detecting an unsupported extension. It + exits with a non-zero exit code and prints an error message + to stderr. + - bpo#43260: Fix TextIOWrapper can not flush internal buffer + forever after very large text is written. + - bpo#42782: Fail fast in shutil.move() to avoid creating + destination directories on failure. + - bpo#37193: Fixed memory leak in socketserver.ThreadingMixIn + introduced in Python 3.7. + - bpo#43199: Answer “Why is there no goto?” in the Design and + History FAQ. + - bpo#43407: Clarified that a result from time.monotonic(), + time.perf_counter(), time.process_time(), or + time.thread_time() can be compared with the result from any + following call to the same function - not just the next + immediate call. + - bpo#27646: Clarify that ‘yield from ’ works with any + iterable, not just iterators. + - bpo#36346: Update some deprecated unicode APIs which are + documented as “will be removed in 4.0” to “3.12”. See PEP 623 + for detail. + - bpo#37945: Fix test_getsetlocale_issue1813() of test_locale: + skip the test if setlocale() fails. Patch by Victor Stinner. + - bpo#41561: Add workaround for Ubuntu’s custom OpenSSL + security level policy. + - bpo#43288: Fix test_importlib to correctly skip Unicode file + tests if the fileystem does not support them. + - bpo#43617: Improve configure.ac: Check for presence of + autoconf-archive package and remove our copies of M4 macros. + - bpo#42225: Document that IDLE can fail on Unix either from + misconfigured IP masquerage rules or failure displaying + complex colored (non-ascii) characters. + - bpo#43283: Document why printing to IDLE’s Shell is often + slower than printing to a system terminal and that it can be + made faster by pre-formatting a single string before + printing. + +------------------------------------------------------------------- +Fri Feb 19 16:58:38 UTC 2021 - Matej Cepl + +- Update to 3.9.2: + - bpo#42938 (bsc#1181126): Avoid static buffers when computing + the repr of ctypes.c_double and ctypes.c_longdouble + values. This issue was assigned CVE-2021-3177. + - bpo#42967 (bsc#1182379): Fix web cache poisoning + vulnerability by defaulting the query args separator to &, + and allowing the user to choose a custom separator. This + issue was assigned CVE-2021-23336. +- Upstreamed patches were removed: + - CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch + - bsc1167501-invalid-alignment.patch + - skip_random_failing_tests.patch + - CVE-2019-5010-null-defer-x509-cert-DOS.patch + +------------------------------------------------------------------- +Tue Feb 9 01:37:59 UTC 2021 - Steve Kowalik + +- Add Obsoletes for python3-base when primary interpreter is set to + properly replace it during upgrades. (bsc#1181324) + +------------------------------------------------------------------- +Mon Feb 8 22:02:03 UTC 2021 - Matej Cepl + +- Update to 3.9.1: + Security bugs: + - Prevented potential DoS attack via CPU and RAM exhaustion + when processing malformed Apple Property List files in binary + format. + - The plistlib module no longer accepts entity declarations in + XML plist files to avoid XML vulnerabilities. This should not + affect users as entity declarations are not used in regular + plist files. + - Add volatile to the accumulator variable in + hmac.compare_digest, making constant-time-defeating + optimizations less likely. + Core and Builtins + - Allow assignment expressions in set literals and set + comprehensions as per PEP 572. Patch by Pablo Galindo. + - Fix a regression introduced by the new parser, where an + unparenthesized walrus operator was not allowed within + generator expressions. + - types.GenericAlias objects can now be the targets of + weakrefs. + - Fixed a bug in the PEG parser that was causing crashes in + debug mode. Now errors are checked in left-recursive rules to + avoid cases where such errors do not get handled in time and + appear as long-distance crashes in other places. + - Fixed a possible crash in the PEG parser when checking for + the ‘!=’ token in the barry_as_flufl rule. Patch by Pablo + Galindo. + - Fix handling of errors during creation of PyFunctionObject, + which resulted in operations on uninitialized memory. Patch + by Yonatan Goldschmidt. + - Fix a bug in the parser, where a curly brace following + a primary didn’t fail immediately. This led to invalid + expressions like a {b} to throw a SyntaxError with a wrong + offset, or invalid expressions ending with a curly brace like + a { to not fail immediately in the REPL. + - Fix possible buffer overflow in the new parser when checking + for continuation lines. Patch by Pablo Galindo. + - Run the parser two times. On the first run, disable all the + rules that only generate better error messages to gain + performance. If there’s a parse failure, run the parser + a second time with those enabled. + - Document the default implementation of object.__eq__. + - Fix peephole optimizer misoptimize conditional jump + + JUMP_IF_NOT_EXC_MATCH pair. + - The garbage collector now tracks all user-defined classes. + Patch by Brandt Bucher. + - Fixed potential issues with removing not completely + initialized module from sys.modules when import fails. + - Star-unpacking is now allowed for with item’s targets in the + PEG parser. + - Fixed stack overflow in issubclass() and isinstance() when + getting the __bases__ attribute leads to infinite recursion. + - When loading a native module and a load failure occurs, + prevent a possible UnicodeDecodeError when not running in + a UTF-8 locale by decoding the load error message using the + current locale’s encoding. + - Correctly count control blocks in ‘except’ in compiler. + Ensures that a syntax error, rather a fatal error, occurs for + deeply nested, named exception handlers. + Library + - types.GenericAlias will now raise a TypeError when attempting + to initialize with a keyword argument. Previously, this would + cause the interpreter to crash if the interpreter was + compiled with debug symbols. This does not affect + interpreters compiled for release. Patch by Ken Jin. + - CGIHTTPRequestHandler.run_cgi() HTTP_ACCEPT improperly + parsed. Replace the special purpose getallmatchingheaders + with generic get_all method and add relevant tests. + - inspect.findsource() now raises OSError instead of IndexError + when co_lineno of a code object is greater than the file + length. This can happen, for example, when a file is edited + after it was imported. PR by Irit Katriel. + - Fix handling of trailing comments by inspect.getsource(). + - ChainMap.__iter__ no longer calls __getitem__ on underlying + maps + - TracebackException no longer holds a reference to the + exception’s traceback object. Consequently, instances of + TracebackException for equivalent but non-equal exceptions + now compare as equal. + - We fixed an issue in pickle.whichmodule in which importing + multiprocessing could change the how pickle identifies which + module an object belongs to, potentially breaking the + unpickling of those objects. + - Clarify the error message for asyncio.IncompleteReadError + when expected is None. + - Extracting a symlink from a tarball should succeed and + overwrite the symlink if it already exists. The fix is to + remove the existing file or symlink before extraction. Based + on patch by Chris AtLee, Jeffrey Kintscher, and Senthil + Kumaran. + - Fixed tkinter.ttk.Style.map(). The function accepts now the + representation of the default state as empty sequence (as + returned by Style.map()). The structure of the result is now + the same on all platform and does not depend on the value of + wantobjects. + - Fix various issues with typing.Literal parameter handling + (flatten, deduplicate, use type to cache key). Patch provided + by Yurii Karabas. + - Fix the threading.Thread class at fork: do nothing if the + thread is already stopped (ex: fork called at Python exit). + Previously, an error was logged in the child process. + - The onerror callback from shutil.rmtree now receives correct + function when os.open fails. + - Fix os.sendfile() on illumos. + - Fixed writing binary Plist files larger than 4 GiB. + - The repr() of typing types containing Generic Alias Types + previously did not show the parameterized types in the + GenericAlias. They have now been changed to do so. + - webbrowser: Ignore NotADirectoryError when calling + xdg-settings. + - binhex.binhex() consisently writes macOS 9 line endings. + - Fix a stack overflow error for asyncio Task or Future repr(). + - The overflow occurs under some circumstances when a Task or + Future recursively returns itself. + - Fix memory leak in subprocess.Popen() in case an uid (gid) + specified in user (group, extra_groups) overflows uid_t + (gid_t). + - Improve asyncio.wait function to create the futures set just + one time. + - InvalidFileException and RecursionError are now the only + errors caused by loading malformed binary Plist file + (previously ValueError and TypeError could be raised in some + specific cases). + - Pickling heap types implemented in C with protocols 0 and + 1 raises now an error instead of producing incorrect data. + - plistlib: fix parsing XML plists with hexadecimal integer + values + - Fix an incorrectly formatted error from + _codecs.charmap_decode() when called with a mapped value + outside the range of valid Unicode code points. PR by Max + Bernstein. + - Fix pickling pure Python datetime.time subclasses. Patch by + Dean Inwood. + - Fixed a bug that was causing ctypes.util.find_library() to + return None when triying to locate a library in an + environment when gcc>=9 is available and ldconfig is not. + Patch by Pablo Galindo + - C14N 2.0 serialisation in xml.etree.ElementTree failed for + unprefixed attributes when a default namespace was defined. + - Fix a bug in the symtable module that was causing + module-scope global variables to not be reported as both + local and global. Patch by Pablo Galindo. + - str() for the type attribute of the tkinter.Event object + always returns now the numeric code returned by Tk instead of + the name of the event type. + - fix tkinter.EventType Enum so all members are strings, and + none are tuples + - Fix SQLite3 segfault when backing up closed database. Patch + contributed by Peter David McCormick. + - Fix the tarfile module to write only basename of TAR file to + GZIP compression header. + - Allow ctypes.wintypes to be imported on non-Windows systems. + - shutil.which() now ignores empty entries in PATHEXT instead + of treating them as a match. + - Fix time-of-check/time-of-action issue in + subprocess.Popen.send_signal. + - Fix --outfile for cProfile / profile not writing the output + file in the original directory when the program being + profiled changes the working directory. PR by Anthony + Sottile. + - ZipFile truncates files to avoid corruption when a shorter + comment is provided in append (“a”) mode. Patch by Jan Mazur. + - Fixed KeyError exception when flattening an email to a string + attempts to replace a non-existent Content-Transfer-Encoding + header. + Documentation + - Fix the URL for the IMAP protocol documents. + - Document __format__ functionality for IP addresses. + - Clarify that subscription expressions are also valid for + certain classes and types in the standard library, and for + user-defined classes and types if the classmethod + __class_getitem__() is provided. + - Documented generic alias type and types.GenericAlias. Also + added an entry in glossary for generic types. + - In Programming FAQ “Sequences (Tuples/Lists)” section, add + “How do you remove multiple items from a list”. + - Fix RemovedInSphinx40Warning when building the documentation. + Patch by Dong-hee Na. + - Update the refcounts info of PyType_FromModuleAndSpec. + - Fix tarfile’s extractfile documentation + - Document some restrictions on the default string + representations of numeric classes. + Tests + - Reenable test_gdb on gdb 9.2 and newer: + https://bugzilla.redhat.com/show_bug.cgi?id=1866884 bug is + fixed in gdb 10.1. + - Fix test_asyncio.test_call_later() race condition: don’t + measure asyncio performance in the call_later() unit test. + The test failed randomly on the CI. + - Include _testinternalcapi module in Windows installer for + test suite + - Fix test_logging.test_race_between_set_target_and_flush(): + the test now waits until all threads complete to avoid + leaking running threads. + - Avoid a test failure in test_lib2to3 if the module has + already imported at the time the test executes. Patch by + Pablo Galindo. + - Tests for CJK codecs no longer call eval() on content + received via HTTP. + - Fix test_site.test_license_exists_at_url(): call + urllib.request.urlcleanup() to reset the global + urllib.request._opener. Patch by Victor Stinner. + - test_ssl: skip test_min_max_version_mismatch when TLS 1.0 is + not available + - Add tests for SIGINT handling in the runpy module. + - Fixed a failure in test_tk.test_widgets.ScaleTest happening + when executing the test with Tk 8.6.10. + Build + - Fix a race condition in “make regen-all” when make -jN option + is used to run jobs in parallel. The clinic.py script now + only use atomic write to write files. Moveover, generated + files are now left unchanged if the content does not change, + to not change the file modification time. + - Update Py_UNREACHABLE to use __builtin_unreachable() if only + the compiler is able to use it. Patch by Dong-hee Na. + - Addressed three compiler warnings found by undefined behavior + sanitizer (ubsan). + IDLE + - Fix reporting offset of the RE error in searchengine. + - Get docstrings for IDLE calltips more often by using + inspect.getdoc. + - Mostly finish using ttk widgets, mainly for editor, settings, + and searches. Some patches by Mark Roseman. + - Use ‘IDLE Shell’ as shell title + - Rewrite the Calltips doc section. + - In calltips, stop reminding that ‘/’ marks the end of + positional-only arguments. + - Typing opening and closing parentheses inside the parentheses + of a function call will no longer cause unnecessary + “flashing” off and on of an existing open call-tip, e.g. when + typed in a string literal. + C API + - Fix potential crash in deallocating method objects when + dynamically allocated PyMethodDef’s lifetime is managed + through the self argument of a PyCFunction. + - Py_FileSystemDefaultEncodeErrors and Py_UTF8Mode are + available again in limited API. +- Readjustet and reapplied patches: + - CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch + - bpo-31046_ensurepip_honours_prefix.patch + - python-3.3.0b1-fix_date_time_compiler.patch + - skip_random_failing_tests.patch + - sphinx-update-removed-function.patch + +------------------------------------------------------------------- +Fri Jan 29 17:22:48 UTC 2021 - Matej Cepl + +- Add CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch fixing + bsc#1181126 (CVE-2021-3177) buffer overflow in PyCArg_repr in + _ctypes/callproc.c, which may lead to remote code execution. + +------------------------------------------------------------------- +Tue Jan 5 09:15:36 UTC 2021 - Matej Cepl + +- (bsc#1180125) We really don't Require python-rpm-macros package. + Unnecessary dependency. + +------------------------------------------------------------------- +Wed Dec 16 16:08:42 UTC 2020 - Matej Cepl + +- Make python39-doc building again +- Add no-skipif-doctests.patch, because SLE-15 version of Sphinx + doesn't know about skipif directive in doctests. + +------------------------------------------------------------------- +Sat Dec 12 14:29:33 UTC 2020 - Matej Cepl + +- Update sphinx-update-removed-function.patch patch to the latest + version in python36. + +------------------------------------------------------------------- +Thu Dec 10 00:26:51 UTC 2020 - Benjamin Greiner + +- Last try before this results in an editwar: + * remove importlib_resources and importlib-metadata + provides/obsoletes + * import importlib_resources is not the same as + import importlib.resources, same for metadata + * The backport packages from PyPI needed for older flavors are + specified as such for setuptools or in pyproject.toml. If a + package requires them they typically add them with a python + version qualifier and the packages have their own version + numbers. + +------------------------------------------------------------------- +Sat Dec 5 16:55:12 UTC 2020 - Matej Cepl + +- Add patch sphinx-update-removed-function.patch to no longer call + a now removed function and to make documentation build independent of + the Sphinx version (bsc#1179630, gh#python/cpython#13236). + +------------------------------------------------------------------- +Fri Nov 13 17:20:08 UTC 2020 - Matej Cepl + +- Don't require packages which break build on SLE-15 although we really + don't need them (python3-python-docs-theme and + python3-sphinxcontrib-qthelp). + +------------------------------------------------------------------- +Fri Oct 9 16:05:50 UTC 2020 - Dominique Leuenberger + +- Fix build with RPM 4.16: error: bare words are no longer + supported, please use "...": x86 == ppc. + +------------------------------------------------------------------- +Tue Oct 6 07:30:56 UTC 2020 - Matej Cepl + +- Update to the final version 3.9.0: + Complete changelog with all (many) + changes from previous version is on + https://docs.python.org/release/3.9.0/whatsnew/3.9.html + Changes from the previous RC versions (not that many) are on + https://docs.python.org/release/3.9.0/whatsnew/changelog.html#changelog + +------------------------------------------------------------------- +Fri Sep 25 06:58:03 UTC 2020 - Dominique Leuenberger + +- Buildrequire timezone only for general flavor. It's used in this + flavor for the test suite. + +------------------------------------------------------------------- +Wed Sep 2 14:39:44 UTC 2020 - Matej Cepl + +- Update to 3.9.0rc1: + * Core and Builtins + - bpo-38156: Handle interrupts that come after EOF + correctly in PyOS_StdioReadline. + * Library + - bpo-41497: Fix potential UnicodeDecodeError in dis + module. + - bpo-41490: Update ensurepip to install pip 20.2.1 and + setuptools 49.2.1. + - bpo-41467: On Windows, fix asyncio recv_into() return + value when the socket/pipe is closed (BrokenPipeError): + return 0 rather than an empty byte string (b''). + - bpo-41425: Make tkinter doc example runnable. + - bpo-41384: Raise TclError instead of TypeError when an + unknown option is passed to tkinter.OptionMenu. + - bpo-38731: Fix NameError in command-line interface of + py_compile. + - bpo-41317: Use add_done_callback() in + asyncio.loop.sock_accept() to unsubscribe reader early on + cancellation. + - bpo-41364: Reduce import overhead of uuid. + - bpo-41341: Recursive evaluation of typing.ForwardRef in + get_type_hints. + - bpo-41182: selector: use DefaultSelector based upon + implementation + - bpo-40726: Handle cases where the end_lineno is None on + ast.increment_lineno(). + * Documentation + - bpo-41045: Add documentation for debug feature of + f-strings. + - bpo-41314: Changed the release when from __future__ + import annotations becomes the default from 4.0 to 3.10 + (following a change in PEP 563). + * Windows + - bpo-41492: Fixes the description that appears in UAC + prompts. + - bpo-40948: Improve post-install message to direct people + to the “py” command. + - bpo-41412: The installer will now fail to install on + Windows 7 and Windows 8. Further, the UCRT dependency is + now always downloaded on demand. + - bpo-40741: Update Windows release to include SQLite + 3.32.3. + * IDLE + - bpo-41468: Improve IDLE run crash error message (which + users should never see). + - bpo-41373: Save files loaded with no line ending, as when + blank, or different line endings, by setting its line + ending to the system default. Fix regression in 3.8.4 and + 3.9.0b4. + +------------------------------------------------------------------- +Tue Sep 1 10:15:06 UTC 2020 - Matej Cepl + +- Synchronize formatting and fixes with python38. + +------------------------------------------------------------------- +Thu Aug 20 15:41:28 UTC 2020 - Andreas Schwab + +- Increase testsuite timeout to account for super long running + test_peg_generator + +------------------------------------------------------------------- +Tue Jul 21 09:53:06 UTC 2020 - Callum Farmer + +- Removed CVE-2019-20907_tarfile-inf-loop.patch: fixed in upstream +- Removed recursion.tar: contained in upstream +- Update to 3.9.0b5: + - bpo-41304: Fixes python3x._pth being ignored on Windows, caused + by the fix for bpo-29778 (CVE-2020-15801). + - bpo-41162: Audit hooks are now cleared later during + finalization to avoid missing events. + - bpo-29778: Ensure python3.dll is loaded from correct locations + when Python is embedded (CVE-2020-15523). + - bpo-39603: Prevent http header injection by rejecting control + characters in http.client.putrequest(…). + - bpo-41295: Resolve a regression in CPython 3.8.4 where defining + “__setattr__” in a multi-inheritance setup and + calling up the hierarchy chain could fail if builtins/extension + types were involved in the base types. + - bpo-41247: Always cache the running loop holder when running + asyncio.set_running_loop. + - bpo-41252: Fix incorrect refcounting in + _ssl.c’s _servername_callback(). + - bpo-41215: Use non-NULL default values in the PEG parser + keyword list to overcome a bug that was ' + preventing Python from being properly compiled when using the + XLC compiler. Patch by Pablo Galindo. + - bpo-41218: Python 3.8.3 had a regression where compiling with + ast.PyCF_ALLOW_TOP_LEVEL_AWAIT would + aggressively mark list comprehension with CO_COROUTINE. Now only + list comprehension making use of async/await will tagged as so. + - bpo-41175: Guard against a NULL pointer dereference within + bytearrayobject triggered by the bytearray() + bytearray() operation. + - bpo-39960: The “hackcheck” that prevents sneaking around a type’s + __setattr__() by calling the superclass method was + rewritten to allow C implemented heap types. + - bpo-41288: Unpickling invalid NEWOBJ_EX opcode with the + C implementation raises now UnpicklingError instead of crashing. + - bpo-39017: Avoid infinite loop when reading specially crafted + TAR files using the tarfile module (CVE-2019-20907, bsc#1174091). + - bpo-41235: Fix the error handling in ssl.SSLContext.load_dh_params(). + - bpo-41207: In distutils.spawn, restore expectation that + DistutilsExecError is raised when the command is not found. + - bpo-39168: Remove the __new__ method of typing.Generic. + - bpo-41194: Fix a crash in the _ast module: it can no longer be + loaded more than once. It now uses a global state rather than a module state. + - bpo-39384: Fixed email.contentmanager to allow set_content() to set a + null string. + - bpo-41300: Save files with non-ascii chars. + Fix regression released in 3.9.0b4 and 3.8.4. + - bpo-37765: Add keywords to module name completion list. + Rewrite Completions section of IDLE doc. + - bpo-40170: Revert PyType_HasFeature() change: it reads + again directly the PyTypeObject.tp_flags + member when the limited C API is not used, rather than always calling + PyType_GetFlags() which hides implementation details. + +------------------------------------------------------------------- +Mon Jul 20 12:06:41 UTC 2020 - Matej Cepl + +- Add CVE-2019-20907_tarfile-inf-loop.patch fixing bsc#1174091 + (CVE-2019-20907, bpo#39017) avoiding possible infinite loop + in specifically crafted tarball. + Add recursion.tar as a testing tarball for the patch. + +------------------------------------------------------------------- +Fri Jul 17 07:07:19 UTC 2020 - Callum Farmer + +- Changed bpo-31046_ensurepip_honours_prefix.patch to include fix from py3.8 + +------------------------------------------------------------------- +Thu Jul 16 21:45:50 UTC 2020 - Callum Farmer + +- Spec file fixes +- Re-added subprocess-raise-timeout.patch: now compatible +- Removed bpo34022-stop_hash-based_invalidation_w_SOURCE_DATE_EPOCH.patch: contained in upstream + +------------------------------------------------------------------- +Wed Jul 15 09:10:42 UTC 2020 - Tomáš Chvátal + +- Fix minor issues found in the staging. + +------------------------------------------------------------------- +Wed Jul 15 06:13:33 UTC 2020 - Tomáš Chvátal + +- Do not set ourselves as primary interpreter + +------------------------------------------------------------------- +Tue Jul 14 20:45:11 UTC 2020 - Matej Cepl + +- Update to 3.9.0b4: + - PEP 584, Union Operators in dict + - PEP 585, Type Hinting Generics In Standard Collections + - PEP 593, Flexible function and variable annotations + - PEP 602, Python adopts a stable annual release cadence + - PEP 615, Support for the IANA Time Zone Database in the + Standard Library + - PEP 616, String methods to remove prefixes and suffixes + - PEP 617, New PEG parser for CPython + - bpo#38379, garbage collection does not block on resurrected + objects; + - bpo#38692, os.pidfd_open added that allows process + management without races and signals; + - bpo#39926, Unicode support updated to version 13.0.0; + - bpo#1635741, when Python is initialized multiple times in + the same process, it does not leak memory anymore; + - A number of Python builtins (range, tuple, set, frozenset, + list, dict) are now sped up using PEP 590 vectorcall; + - A number of Python modules (_abc, audioop, _bz2, _codecs, + _contextvars, _crypt, _functools, _json, _locale, operator, + resource, time, _weakref) now use multiphase initialization + as defined by PEP 489; + - A number of standard library modules (audioop, ast, grp, + _hashlib, pwd, _posixsubprocess, random, select, struct, + termios, zlib) are now using the stable ABI defined by + PEP 384. +- Remove upstreamed patches: + - F00102-lib64.patch + - SUSE-FEDORA-multilib.patch + - OBS_dev-shm.patch + - subprocess-raise-timeout.patch + - bpo36302-sort-module-sources.patch + - bpo40784-Fix-sqlite3-deterministic-test.patch + +------------------------------------------------------------------- +Fri Jul 10 10:55:15 UTC 2020 - Tomáš Chvátal + +- Update pre_checkin.sh and regenerate + +------------------------------------------------------------------- +Fri Jul 10 10:11:39 UTC 2020 - Tomáš Chvátal + +- Convert few dependencies to their pkgconfig counterparts + +------------------------------------------------------------------- +Fri Jul 10 10:08:48 UTC 2020 - Tomáš Chvátal + +- Remove release requirement on libpython, it is not really needed + to be equal as the abi changes with versions + +------------------------------------------------------------------- +Fri Jul 10 10:07:50 UTC 2020 - Tomáš Chvátal + +- Add provides python3-bla on all the subpkgs in case we are + primary provider of the functionality + +------------------------------------------------------------------- +Fri Jul 10 10:02:01 UTC 2020 - Tomáš Chvátal + +- Remove unversioned files from devel subpkg too +- Remove main python3 files from -base based whether we are + primary interpreter or not +- Fix idle to be co-installable +- Add condition to be primary to provide/obsolete python3-* +- Fix doc to build in versioned folder so the pythons can be + installed next to each other + +------------------------------------------------------------------- +Fri Jul 10 07:57:10 UTC 2020 - Tomáš Chvátal + +- Revert the full versioning of calls on the macros. These + are generic so they should really just call python3 X + +------------------------------------------------------------------- +Fri Jul 10 07:56:11 UTC 2020 - Tomáš Chvátal + +- For the doc package we can build with generic flavor, we don't + need the our-interpreter based one + +------------------------------------------------------------------- +Fri Jul 10 07:18:53 UTC 2020 - Tomáš Chvátal + +- Add provides for pytohn3X-typing/etc to allow BR on those still + to work when needed + +------------------------------------------------------------------- +Fri Jul 10 07:14:33 UTC 2020 - Tomáš Chvátal + +- Change macros.python3 to use full versioned 3.8 instead of just 3 + for python interpreter + +------------------------------------------------------------------- +Wed Jul 1 11:50:19 UTC 2020 - Tomáš Chvátal + +- Reduce some now unused conditionals + +------------------------------------------------------------------- +Wed Jul 1 11:00:40 UTC 2020 - Tomáš Chvátal + +- Redux the -base dependencies to match up pre-merge layout + +------------------------------------------------------------------- +Wed Jul 1 09:24:39 UTC 2020 - Tomáš Chvátal + +- Generate baselibs in pre-checkin too + +------------------------------------------------------------------- +Wed Jul 1 09:14:33 UTC 2020 - Tomáš Chvátal + +- Generate the importlib-failed using pre_checking again +- Add back the information about skipped tests on the pre_checkin + output + +------------------------------------------------------------------- +Tue Jun 30 07:11:19 UTC 2020 - Tomáš Chvátal + +- Use %python_pkg_name instead of hardcoding python3 where + applicable +- Sort out preamble with spec-cleaner + +------------------------------------------------------------------- +Mon Jun 29 14:36:10 UTC 2020 - Matej Cepl + +- Calculate required variables instead of relying on their continuous manual update + +------------------------------------------------------------------- +Thu Jun 25 10:44:08 UTC 2020 - Tomáš Chvátal + +- Fix the -base module build again to generate only the deps + we need + +------------------------------------------------------------------- +Wed Jun 17 18:42:51 UTC 2020 - Matej Cepl + +- Replace OBS_dev-shm.patch with the upstream PR#20944 + +------------------------------------------------------------------- +Thu Jun 10 14:30:15 UTC 2020 - Tomáš Chvátal + +- Use the %{python_pkg_name} on more places to allow easier + multiversioning +- Switch to _multibuild approach for easier maintenance of this + package. All is now in one spec file with 3 conditionals: + * bcond_with base + * bcond_with doc + * bcond_with general + +------------------------------------------------------------------- +Mon Jun 8 14:26:00 UTC 2020 - Matej Cepl + +- add requires python3-base on libpython subpackage (bsc#1167008) + +------------------------------------------------------------------- +Fri Jun 5 06:08:12 UTC 2020 - Dirk Mueller + +- build against Sphinx 2.x until python is compatible with + Sphinx 3.x (see gh#python/cpython#19397, bpo#40204) + +------------------------------------------------------------------- +Fri May 29 19:59:01 UTC 2020 - Andreas Stieger + +- Fix build with SQLite 3.32 (bpo#40783) + add bpo40784-Fix-sqlite3-deterministic-test.patch + +------------------------------------------------------------------- +Sun May 17 15:37:35 UTC 2020 - Callum Farmer + +- Update to version 3.8.3: + - Complete list of changes is available at + https://docs.python.org/release/3.8.3/whatsnew/changelog.html#python-3-8-3-final, + but most of them are just bugfixes. + - Removed patch CVE-2020-8492-urllib-ReDoS.patch: contained in upstream + +------------------------------------------------------------------- +Thu Apr 16 12:06:01 UTC 2020 - Matej Cepl + +- Add #!BuildIgnore: gdk-pixbuf-loader-rsvg to python3 SPEC + +------------------------------------------------------------------- +Thu Mar 26 15:36:55 UTC 2020 - Matej Cepl + +- Add patch bsc1167501-invalid-alignment.patch + (bsc#1167501, bpo#40052) to fix alignment in abstract.h header file. + +------------------------------------------------------------------- +Wed Mar 11 11:09:41 UTC 2020 - Andreas Schwab + +- Update list of skipped tests for qemu linux-user build, test_setegid + (test.test_os.PosixUidGidTests) is confusing it + +------------------------------------------------------------------- +Thu Mar 5 18:40:29 UTC 2020 - Matej Cepl + +- Update to 3.8.2: + - Complete list of changes is available at + https://docs.python.org/release/3.8.2/whatsnew/changelog.html#python-3-8-2-final, + but most of them are just bugfixes. + - Updated patches: + - F00102-lib64.patch + - OBS_dev-shm.patch + - SUSE-FEDORA-multilib.patch + - subprocess-raise-timeout.patch + +------------------------------------------------------------------- +Sun Feb 9 00:14:24 CET 2020 - Matej Cepl + +- Add CVE-2020-8492-urllib-ReDoS.patch fixing the security bug + "Python urrlib allowed an HTTP server to conduct Regular + Expression Denial of Service (ReDoS)" (bsc#1162367) + +------------------------------------------------------------------- +Sat Feb 8 22:21:10 CET 2020 - Matej Cepl + +- Add Requires: libpython%{so_version} == %{version}-%{release} + to python3-base to keep both packages always synchronized + (bsc#1162224). + +------------------------------------------------------------------- +Mon Feb 3 20:27:54 UTC 2020 - Tomáš Chvátal + +- Do not pull in bluez in base again, explain the cycle, + it needs to be solved by bluez maintainer for us by providing + just the headers separately + +------------------------------------------------------------------- +Mon Feb 3 19:54:25 UTC 2020 - Tomáš Chvátal + +- Reame idle icons to idle3 in order to not conflict with python2 + variant of the package + * renamed the icons + * renamed icon load in desktop file + +------------------------------------------------------------------- +Thu Jan 16 09:50:03 UTC 2020 - Tomáš Chvátal + +- Add importlib_resources provide/obsolete as it is integral + part of the lang since 3.7 release + +------------------------------------------------------------------- +Mon Jan 13 11:10:47 UTC 2020 - Martin Liška + +- Add -fno-semantic-interposition as it brings speed up: + https://fedoraproject.org/wiki/Changes/PythonNoSemanticInterpositionSpeedup + +------------------------------------------------------------------- +Thu Dec 19 16:25:26 CET 2019 - Matej Cepl + +- Update to 3.8.1: + - This is mainly bugfix release and no significant changes to + API are expected. The full changelog is available on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-1 + - Remove bpo-38688_shutil.copytree_prevent-infinite-recursion.patch, + which is included in the upstream tarball. + +------------------------------------------------------------------- +Thu Dec 19 14:57:32 CET 2019 - Matej Cepl + +- Add bpo-31046_ensurepip_honours_prefix.patch which makes + ensurepip to honour the value of $(prefix). Proposed fix for + bpo#31046.. + +------------------------------------------------------------------- +Tue Dec 10 11:07:16 UTC 2019 - Tomáš Chvátal + +- Move bluez-devel dependency to base as it is needed for + socket.AF_BLUETOOTH and otherwise does not work + +------------------------------------------------------------------- +Mon Dec 2 16:52:32 CET 2019 - Matej Cepl + +- Reintroduce QtHelp with the help of the new BR + python-sphinxcontrib-qthelp. + +------------------------------------------------------------------- +Mon Oct 21 18:51:00 UTC 2019 - Stefan Brüns + +- Fix SUSE-FEDORA-multilib.patch, the platform agnostic infix for + library installation is "lib", not "dir". + +------------------------------------------------------------------- +Thu Oct 17 14:19:20 UTC 2019 - Stefan Brüns + +- Move idle subpackage build from python3-base to python3. + appstream-glib required for packaging introduces considerable + extra dependencies and a build loop via rust/librsvg. +- Correct installation of idle IDE icons: + + idle.png is not the target directory + + non-GNOME-specific icons belong into icons/hicolor +- Add required Name key to idle3 desktop file + +------------------------------------------------------------------- +Tue Oct 15 16:39:12 CEST 2019 - Matej Cepl + +- Update to the final release 3.8.0. . + - New Features: + - Assignment expressions + - Positional-only parameters + - Parallel filesystem cache for compiled bytecode files + - Debug build uses the same ABI as release build + - f-strings support = for self-documenting expressions and + debugging + - PEP 578: Python Runtime Audit Hooks + - PEP 587: Python Initialization Configuration + - Vectorcall: a fast calling protocol for CPython + - Pickle protocol 5 with out-of-band data buffers + - New modules: + - importlib.metadata + - Improved modules: + - ast asyncio, builtins, collections, curses, ctypes, + datetime, functools, gc, gettext, gzip, idelib and IDLE, + inspect, io, json.tool, math, mmap, multiprocessing, os, + os.path, pathlib, pickle, plistlib, py_compile, shlex, + shutil, socket, ssl, statistics, sys, tarfile, threading, + tokenize, tkinter, time, typing, unicodedata, unittest, + venv, weakref, xml + - C API improvements + - bdist_winnst command has been deprecated (use bdist_wheel) +- https://docs.python.org/3.8/whatsnew/3.8.html remains rest of + changes including documentation on how to port your programs to + the current version of Python. + +------------------------------------------------------------------- +Mon Oct 14 15:02:08 CEST 2019 - Matej Cepl + +- Add idle3.appdata.xml and idle3.desktop (originally from + Fedora) to make Idle3 full GUI desktop application. + (bsc#1153830) + +------------------------------------------------------------------- +Wed Oct 9 19:09:16 UTC 2019 - Michael Gorse + +- Drop intltool from BuildRequires. Doesn't appear to be used. + +------------------------------------------------------------------- +Wed Oct 9 10:37:59 UTC 2019 - Tomáš Chvátal + +- Add folder version to allow tarball downloads even for beta/rc + releases + +------------------------------------------------------------------- +Tue Oct 8 14:53:54 CEST 2019 - Matej Cepl + +- Revert patches from Fedora (F00102-lib64.patch and + F00251-change-user-install-location.patch) into their original + prisitine Fedora versions, SUSE-FEDORA-multilib.patch refreshed + accordingly. + +------------------------------------------------------------------- +Mon Oct 7 14:33:30 UTC 2019 - Matej Cepl + +- Correct quotation of platsubdir in Lib/distutils/command/install.py + +------------------------------------------------------------------- +Thu Oct 3 13:59:57 CEST 2019 - Matej Cepl + +- Replace python-3.6.0-multilib.patch with two patches from + Fedora (F00102-lib64.patch and + F00251-change-user-install-location.patch), and our own + SUSE-FEDORA-multilib.patch to allow better cooperation with + Fedora and better upstreaming. +- Add OBS_dev-shm.patch fixing bpo#38377 + +------------------------------------------------------------------- +Thu Oct 3 08:39:18 UTC 2019 - Tomáš Chvátal + +- Pull in just gettext and let solver to sort out between: + gettext-runtime-mini and gettext-runtime + +------------------------------------------------------------------- +Wed Oct 2 15:00:09 CEST 2019 - Matej Cepl + +- Update to 3.8.0rc1. Overall changes from 3.7: + - PEP 572, Assignment expressions + - PEP 570, Positional-only arguments + - PEP 587, Python Initialization Configuration (improved + embedding) + - PEP 590, Vectorcall: a fast calling protocol for CPython + - PEP 578, Runtime audit hooks + - PEP 574, Pickle protocol 5 with out-of-band data + - Typing-related: PEP 591 (Final qualifier), PEP 586 (Literal + types), and PEP 589 (TypedDict) + - Parallel filesystem cache for compiled bytecode + - Debug builds share ABI as release builds, also the 'm' ABI + tag was removed (irrelevant since 3.4), bpo#36707 + - f-strings support a handy = specifier for debugging + - continue is now legal in finally: blocks + - on Windows, the default asyncio event loop is now + ProactorEventLoop + - on macOS, the spawn start method is now used by default in + multiprocessing + - multiprocessing can now use shared memory segments to avoid + pickling costs between processes + - typed_ast is merged back to CPython + - LOAD_GLOBAL is now 40% faster + - pickle now uses Protocol 4 by default, improving performance +- Refreshed patches: + - CVE-2019-5010-null-defer-x509-cert-DOS.patch + - python-3.3.0b1-fix_date_time_compiler.patch + - python-3.6.0-multilib.patch + - subprocess-raise-timeout.patch + +------------------------------------------------------------------- +Wed Sep 25 09:46:41 UTC 2019 - Bernhard Wiedemann + +- Add bpo36302-sort-module-sources.patch (boo#1041090) + +------------------------------------------------------------------- +Tue Sep 10 13:43:18 UTC 2019 - Tomáš Chvátal + +- Try harder obsoleting importlib-metadata + +------------------------------------------------------------------- +Sat Aug 31 00:16:47 CEST 2019 - Matej Cepl + +- Update to 3.8.0b4: + Many bugfixes, full list on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-0-beta-4 + +------------------------------------------------------------------- +Thu Aug 29 06:28:15 UTC 2019 - Guillaume GARDET + +- Re-enable test_threading on aarch64 + +------------------------------------------------------------------- +Sat Aug 17 13:21:15 UTC 2019 - John Vandenberg + +- Remove xrpm from subpackage tk description + +------------------------------------------------------------------- +Tue Aug 6 14:24:55 CEST 2019 - Matej Cepl + +- Update to 3.8.0b3: + Many bugfixes, full list on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-0-beta-3 +- Patches reapplied: + - python-3.3.0b1-fix_date_time_compiler.patch + - python-3.3.0b1-test-posix_fadvise.patch + - python-3.6.0-multilib.patch + - subprocess-raise-timeout.patch + +------------------------------------------------------------------- +Tue Jul 23 13:20:49 UTC 2019 - Matej Cepl + +- Add Provides: python3-importlib-metadata + +------------------------------------------------------------------- +Sun Jul 7 19:08:48 CEST 2019 - Matej Cepl + +- Update to 3.8.0b2: + Many bugfixes, full list on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-0-beta-2 +- Patches included in upstream: + - bpo-37169_PyObject_IsFreed.patch +- Patches reapplied: + - 00251-change-user-install-location.patch + - distutils-reproducible-compile.patch + - python-3.3.0b1-localpath.patch + - python-3.6.0-multilib.patch + +------------------------------------------------------------------- +Tue Jul 2 09:03:04 UTC 2019 - Andreas Schwab + +- Update list of skipped tests for qemu linux-user build +- Don't do profiling in qemu linux-user build + +------------------------------------------------------------------- +Wed Jun 5 12:19:09 CEST 2019 - Matej Cepl + +- Update to 3.8.0b1 (changes since 3.7.*): + - PEP 572, Assignment expressions + - PEP 570, Positional-only arguments + - PEP 587, Python Initialization Configuration (improved embedding) + - PEP 590, Vectorcall: a fast calling protocol for CPython + - PEP 578, Runtime audit hooks + - PEP 574, Pickle protocol 5 with out-of-band data + - Typing-related: PEP 591 (Final qualifier), PEP 586 (Literal + types), and PEP 589 (TypedDict) + - Parallel filesystem cache for compiled bytecode + - Debug builds share ABI as release builds + - f-strings support a handy = specifier for debugging + - continue is now legal in finally: blocks + - multiprocessing can now use shared memory segments to avoid + pickling costs between processes + - typed_ast is merged back to CPython + - LOAD_GLOBAL is now 40% faster + - pickle now uses Protocol 4 by default, improving performance +- Remove patches which were included in the upstream: + - 00251-change-user-install-location.patch + - 00316-mark-bdist_wininst-unsupported.patch + - CVE-2019-9947-no-ctrl-char-http.patch + - raise_SIGING_not_handled.patch + +------------------------------------------------------------------- +Wed May 22 10:53:03 UTC 2019 - Martin Liška + +- Set _lto_cflags to nil as the package is using LTO via --enable-lto. + That will prevent to propage LTO for Python modules that are + built in a separate package. + +------------------------------------------------------------------- +Sat May 4 21:29:20 CEST 2019 - Matej Cepl + +- Update to 3.8.0.a3: + - PEP 572: Assignment Expressions. + - Other (mostly small) changes are on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-0-alpha-3 + +------------------------------------------------------------------- +Mon Apr 29 15:40:34 CEST 2019 - Matej Cepl + +- bsc#1130840 (CVE-2019-9947): add CVE-2019-9947-no-ctrl-char-http.patch + Address the issue by disallowing URL paths with embedded + whitespace or control characters through into the underlying + http client request. Such potentially malicious header + injection URLs now cause a ValueError to be raised. + +------------------------------------------------------------------- +Wed Apr 10 10:22:58 CEST 2019 - Matej Cepl + +- Fix metadata of patches. +- Rename boo1071941-make-install-in-sep-loc.patch to + 00251-change-user-install-location.patch which is the original + name, so it can be looked up in the Fedora VCS. + +------------------------------------------------------------------- +Tue Apr 9 04:55:24 UTC 2019 - John Vandenberg + +- Mark distutils bdist_wininst command unsupported + with 00316-mark-bdist_wininst-unsupported.patch +- Remove Windows bdist_wininst executables from runtime package + +------------------------------------------------------------------- +Tue Apr 9 01:21:45 CEST 2019 - Matej Cepl + +- Update to 3.7.3, which is the maintenance release without any + significant changes in API. + - Updated patches: + - CVE-2019-5010-null-defer-x509-cert-DOS.patch + - distutils-reproducible-compile.patch + - python-3.3.0b1-fix_date_time_compiler.patch + - python-3.6.0-multilib.patch + - raise_SIGING_not_handled.patch + +------------------------------------------------------------------ +Wed Mar 20 14:59:58 UTC 2019 - Matěj Cepl + +- Remove building of Qt Develop help files. + +------------------------------------------------------------------- +Fri Mar 15 15:10:30 CET 2019 - Matej Cepl + +- Return distutils-reproducible-compile.patch which is still + missing (still unfinished bpo#29708). + +------------------------------------------------------------------- +Mon Feb 25 23:30:56 CET 2019 - Matej Cepl + +- Update to 3.8.0a2: + * List of all (mostly small) changes are on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-0-alpha-2 + +------------------------------------------------------------------- +Tue Feb 12 10:25:52 CET 2019 - Matej Cepl + +- Build nis module again. + +------------------------------------------------------------------- +Tue Feb 12 10:06:17 CET 2019 - Matej Cepl + +- Update to 3.8.0a1: + * The most visible change so far is probably the + implementation of PEP 572: Assignment Expressions. For + a detailed list of changes, see: + https://docs.python.org/3.8/whatsnew/changelog.html + * Recover building of nis module properly in python3 package +- Update patches: + * CVE-2019-5010-null-defer-x509-cert-DOS.patch + * python-3.3.0b1-fix_date_time_compiler.patch + * python-3.3.0b1-test-posix_fadvise.patch + * python-3.6.0-multilib.patch + * raise_SIGING_not_handled.patch + +------------------------------------------------------------------- +Wed Jan 30 18:07:49 CET 2019 - mcepl@suse.com + +- Put LICENSE file where it belongs (bsc#1121852) + +------------------------------------------------------------------- +Sat Jan 19 16:19:38 CET 2019 - mcepl@suse.com + +- bsc#1122191: add CVE-2019-5010-null-defer-x509-cert-DOS.patch + fixing bpo-35746. + An exploitable denial-of-service vulnerability exists in the + X509 certificate parser of Python.org Python 2.7.11 / 3.7.2. + A specially crafted X509 certificate can cause a NULL pointer + dereference, resulting in a denial of service. An attacker can + initiate or accept TLS connections using crafted certificates + to trigger this vulnerability. + +------------------------------------------------------------------- +Tue Jan 8 12:51:01 UTC 2019 - Tomáš Chvátal + +- Do not require full gettext in order to avoid pulling in the + glib2 as a dependency + +------------------------------------------------------------------- +Tue Jan 8 12:25:27 UTC 2019 - Tomáš Chvátal + +- Update to 3.7.2: + * bugfix release: + https://docs.python.org/3.7/whatsnew/changelog.html#changelog + +------------------------------------------------------------------- +Wed Jan 2 12:51:48 CET 2019 - mcepl@suse.com + +- Stop applying python-3.6.0-multilib-new.patch (which is still + WIP), and apply the old proven python-3.6.0-multilib.patch + instead. + +------------------------------------------------------------------- +Wed Dec 19 19:29:44 UTC 2018 - Todd R + +- Use upstream-recommended %{_rpmconfigdir}/macros.d directory + for the rpm macros. + +------------------------------------------------------------------- +Mon Dec 17 17:24:49 CET 2018 - mcepl@suse.com + +- Upgrade to 3.7.2rc1: + * bugfix release, for the full list of all changes see + https://docs.python.org/3.7/whatsnew/changelog.html#changelog +- Make run of the test suite more verbose + +------------------------------------------------------------------- +Tue Dec 11 01:52:45 UTC 2018 - Jan Engelhardt + +- Write summaries without em dashes. + +------------------------------------------------------------------- +Mon Dec 3 13:27:54 UTC 2018 - Matěj Cepl + +- Remove python-3.3.0b1-curses-panel.patch it is unnecessary anymore. +- Add boo1071941-make-install-in-sep-loc.patch to make pip and + distutils in user environment install into separate location + (boo#1071941) + + Set values of prefix and exec_prefix in distutils install + command to /usr/local if executable is /usr/bin/python* and RPM + build is not detected to make pip and distutils install into + separate location +- Remove finally python-3.3.3-skip-distutils-test_sysconfig_module.patch +- Remove distutils-reproducible-compile.patch which doesn't make + really much difference in reproducibility (see + gh#python/cpython#8057 and discussion there). + +------------------------------------------------------------------- +Sat Dec 1 00:14:28 CET 2018 - mcepl@suse.com + +- Rename Stop_hash-based_invalidation_w_SOURCE_DATE_EPOCH.patch + to bpo34022-stop_hash-based_invalidation_w_SOURCE_DATE_EPOCH.patch + +------------------------------------------------------------------- +Wed Nov 7 12:10:41 CET 2018 - mcepl@suse.com + +- Add dependency on bluez-devel to build support for Bluetooth + (boo#1109998) + +------------------------------------------------------------------- +Tue Nov 6 13:52:45 CET 2018 - mcepl@suse.com + +- Add devhelp subpackage and split qthelp into another + subpackage. + +------------------------------------------------------------------- +Wed Oct 24 12:38:00 UTC 2018 - Matěj Cepl + +- Remove python-3.0b1-record-rpm.patch and + Python-3.0b1-record-rpm.patch, as they are not needed anymore + +------------------------------------------------------------------- +Tue Oct 23 14:14:16 UTC 2018 - Matej Cepl + +- Switch off test_threading for optimization builds. + +------------------------------------------------------------------- +Mon Oct 22 14:41:59 CEST 2018 - mcepl@suse.com + +- Update to python-3.7.1. This is just a brief overview, complete + changelog available at + https://docs.python.org/3.7/whatsnew/changelog.html#python-3-7-1-final: + Library + bpo-34970: Protect tasks weak set manipulation in asyncio.all_tasks() +- Patches already accepted upstream are removed: + * 00307-allow-to-call-Py_Main-after-Py_Initialize.patch + * 00308-tls-1.3.patch +- New patches added: + * Stop_hash-based_invalidation_w_SOURCE_DATE_EPOCH.patch + * raise_SIGING_not_handled.patch +- All other patches refreshed via quilt. + +------------------------------------------------------------------- +Mon Oct 22 12:22:19 UTC 2018 - Matej Cepl + +- Add raise_SIGING_not_handled.patch to fix bsc#1094814 + +------------------------------------------------------------------- +Wed Oct 17 14:04:35 UTC 2018 - Tomáš Chvátal + +- Add patch to fix importlib return types: + * python3-imp-returntype.patch + +------------------------------------------------------------------- +Mon Oct 15 13:46:32 CEST 2018 - mcepl@suse.com + +- bpo-34022 still not completely fixed, so we have to keep + excluding test_cmd_line_script, + test_multiprocessing_main_handling, and test_runpy from the + test suite. + +------------------------------------------------------------------- +Sun Oct 14 15:57:24 UTC 2018 - Matej Cepl + +- Update to python 3.7.1~rc2: + Core and Builtins + bpo-34879: Fix a possible null pointer dereference in + bytesobject.c. Patch by Zackery Spytz. + bpo-34854: Fixed a crash in compiling string annotations + containing a lambda with a keyword-only argument that + doesn’t have a default value. + bpo-34320: Fix dict(od) didn’t copy iteration order of + OrderedDict. + Library + bpo-34769: Fix for async generators not finalizing when event + loop is in debug mode and garbage collector runs in another + thread. + bpo-34922: Fixed integer overflow in the digest() and + hexdigest() methods for the SHAKE algorithm in the hashlib + module. + bpo-34900: Fixed unittest.TestCase.debug() when used to call + test methods with subtests. Patch by Bruno Oliveira. + bpo-34871: Fix inspect module polluted sys.modules when parsing + __text_signature__ of callable. + bpo-34872: Fix self-cancellation in C implementation of + asyncio.Task + bpo-34819: Use a monotonic clock to compute timeouts in + Executor.map() and as_completed(), in order to prevent + timeouts from deviating when the system clock is adjusted. + bpo-34334: In QueueHandler, clear exc_text from LogRecord to + prevent traceback from being written twice. + bpo-6721: Acquire the logging module’s commonly used internal + locks while fork()ing to avoid deadlocks in the child + process. + bpo-34172: Fix a reference issue inside multiprocessing.Pool + that caused the pool to remain alive if it was deleted + without being closed or terminated explicitly. + Documentation + bpo-32174: chm document displays non-ASCII charaters properly on + some MBCS Windows systems. + Tests + bpo-32962: Fixed test_gdb when Python is compiled with flags + -mcet -fcf-protection -O0. + C API + bpo-34910: Ensure that PyObject_Print() always returns -1 on + error. Patch by Zackery Spytz. + +------------------------------------------------------------------- +Fri Oct 12 20:46:58 CEST 2018 - mcepl@suse.com + +- Add Stop_hash-based_invalidation_w_SOURCE_DATE_EPOCH.patch to + fix problems with SOURCE_DATE_EPOCH variable (bpo-34022) + +------------------------------------------------------------------- +Mon Sep 17 09:44:02 UTC 2018 - Tomáš Chvátal + +- Add patch to fix build with tls1.3 supported openssl + * 00308-tls-1.3.patch +- Add patch to fix Py_Main calls after Py_initialize + * 00307-allow-to-call-Py_Main-after-Py_Initialize.patch + +------------------------------------------------------------------- +Mon Sep 3 15:22:42 UTC 2018 - Matěj Cepl + +- Add -fwrapv to OPTS, which is default for python3 anyway + See for example https://github.com/zopefoundation/persistent/issues/86 + for bugs which are caused by avoiding it. + +------------------------------------------------------------------- +Tue Jul 10 11:12:32 UTC 2018 - mcepl@suse.com + +- Fix ownership of _contextvars, _queue, and _xxtestfuzz + +------------------------------------------------------------------- +Tue Jul 3 15:04:48 UTC 2018 - mcepl@suse.com + +- Switch off LTO for distros with older GCC +- Fix %files + +------------------------------------------------------------------- +Fri Jun 29 14:20:03 UTC 2018 - tchvatal@suse.com + +- Add dependency over libuuid-devel + +------------------------------------------------------------------- +Thu Jun 28 10:42:15 UTC 2018 - mimi.vx@gmail.com + +- update to python 3.7.0 + Complete overview of changes is available on + https://docs.python.org/3/whatsnew/3.7.html, these are just + highlights: + * PEP 563, postponed evaluation of type annotations. + * async and await are now reserved keywords. + * New library modules: + contextvars: PEP 567 – Context Variables + dataclasses: PEP 557 – Data Classes + importlib.resources + * New built-in features: + PEP 553, the new breakpoint() function. + * Python data model improvements: + PEP 562, customization of access to module attributes. + PEP 560, core support for typing module and generic types. + the insertion-order preservation nature of dict objects + has been declared to be an official part of the Python + language spec. + * Significant improvements in the standard library: + The asyncio module has received new features, significant + usability and performance improvements. + The time module gained support for functions with + nanosecond resolution. + * CPython implementation improvements: + Avoiding the use of ASCII as a default text encoding: + PEP 538, legacy C locale coercion + PEP 540, forced UTF-8 runtime mode + PEP 552, deterministic .pycs + the new development runtime mode + PEP 565, improved DeprecationWarning handling + * C API improvements: + PEP 539, new C API for thread-local storage + * Documentation improvements: + PEP 545, Python documentation translations + New documentation translations: Japanese, French, and Korean. +- drop python3-sorted_tar.patch +- drop 0001-allow-for-reproducible-builds-of-python-packages.patch +- refresh python-3.6.0-multilib-new.patch +- refresh subprocess-raise-timeout.patch + * new C API for thread-local storage + * Deterministic pyc files + * Built-in breakpoint() + * Data Classes + * Core support for typing module and generic types + * Customization of access to module attributes + * Postponed evaluation of annotations + * Time functions with nanosecond resolution + * Improved DeprecationWarning handling + * Context Variables + * Avoiding the use of ASCII as a default text encoding + (PEP 538, legacy C locale coercion and PEP 540, forced UTF-8 runtime mode) + * The insertion-order preservation nature of dict objects is now + an official part of the Python language spec. + * Notable performance improvements in many areas. + +------------------------------------------------------------------- +Thu May 17 18:26:42 UTC 2018 - hpj@urpla.net + +- disable lto with gcc versions below 7 (results in link failures) + +------------------------------------------------------------------- +Mon Apr 30 15:23:24 UTC 2018 - jengelh@inai.de + +- Use faster find subcommand execution strategies. + +------------------------------------------------------------------- +Fri Apr 20 16:17:29 UTC 2018 - tchvatal@suse.com + +- Do not mention the testsuite disabling in opts as it was moved to + main pkg so base is test-free + +------------------------------------------------------------------- +Tue Apr 17 08:36:08 UTC 2018 - tchvatal@suse.com + +- As we run in main python package do not generate the pre_checkin + from both now + +------------------------------------------------------------------- +Mon Apr 16 14:11:56 UTC 2018 - tchvatal@suse.com + +- Move the tests from base to generic package wrt bsc#1088573 + * We still fail the whole distro if python3 is not build + * The other archs than x86_64 took couple of hours to unblock + build of other software, this way we work around the issue +- Some tests are still run in -base for the LTO tweaking, but at + least it is not run twice + +------------------------------------------------------------------- +Sat Mar 31 19:41:12 UTC 2018 - mimi.vx@gmail.com + +- update to 3.6.5 + * bugfix release + * see Misc/NEWS for details +- drop ctypes-pass-by-value.patch +- drop fix-localeconv-encoding-for-LC_NUMERIC.patch +- refresh python-3.6.0-multilib-new.patch + +------------------------------------------------------------------ +Wed Mar 7 09:16:39 UTC 2018 - adam@mizerski.pl + +- Created %so_major and %so_minor macros +- Put Tools/gdb/libpython.py script into proper place and ship it with devel + subpackage. + +------------------------------------------------------------------- +Tue Feb 20 15:04:56 UTC 2018 - schwab@suse.de + +- ctypes-pass-by-value.patch: Fix pass by value for structs on aarch64 + +------------------------------------------------------------------- +Tue Feb 20 14:28:00 UTC 2018 - bwiedemann@suse.com + +- Add python3-sorted_tar.patch (boo#1081750) + +------------------------------------------------------------------- +Tue Feb 20 14:08:57 UTC 2018 - tchvatal@suse.com + +- Drop python3-tk and python3-idle recommends to reduce python3 + always pulling X stack bsc#1081751 + +------------------------------------------------------------------- +Wed Feb 7 09:10:03 UTC 2018 - tchvatal@suse.com + +- Add patch to fix glibc 2.27 fail bsc#1079761: + * fix-localeconv-encoding-for-LC_NUMERIC.patch + +------------------------------------------------------------------- +Mon Feb 5 17:14:43 UTC 2018 - normand@linux.vnet.ibm.com + +- Update skip_random_failing_tests.patch (for PowerPC) + to avoid test_call_later failure + +------------------------------------------------------------------- +Wed Jan 24 14:35:58 UTC 2018 - jmatejek@suse.com + +- move XML modules and python3-xml provide to python3-base + (fixes bsc#1077230) +- move ensurepip to base + +------------------------------------------------------------------- +Thu Jan 18 12:31:47 UTC 2018 - normand@linux.vnet.ibm.com + +- Add skip_random_failing_tests.patch only for PowerPC + +------------------------------------------------------------------- +Wed Jan 3 12:18:51 UTC 2018 - jmatejek@suse.com + +- update to 3.6.4 + * bugfix release, over a hundred bugs fixed + * see Misc/NEWS for details +- drop upstreamed python3-ncurses-6.0-accessors.patch +- drop PYTHONSTARTUP hooks that cause spurious startup errors + * fixes bsc#1070738 + * the relevant feature (REPL history) is now built into Python itself + +------------------------------------------------------------------- +Sat Dec 2 11:11:46 UTC 2017 - dimstar@opensuse.org + +- Install 2to3-%{python_version} executable (override defattr of + the -tools package). 2to3 (unversioned) is a symlink and does not + carry permissions (bsc#1070853). + +------------------------------------------------------------------- +Thu Nov 16 11:02:18 UTC 2017 - mimi.vx@gmail.com + +- move 2to3 to python3-tools package + +------------------------------------------------------------------- +Wed Oct 11 13:15:23 UTC 2017 - jmatejek@suse.com + +- update to 3.6.3 + * bugfix release, over a hundred bugs fixed + * see Misc/NEWS for details +- drop upstreamed 0001-3.6-bpo-30714-ALPN-changes-for-OpenSSL-1.1.0f-3093.patch + +------------------------------------------------------------------- +Wed Sep 20 09:54:05 UTC 2017 - dmueller@suse.com + +- drop python-2.7-libffi-aarch64.patch: this patches the intree + copy of libffi which is unused/deleted in the line afterwards +- fix build against system libffi: include flags weren't set + so it actually used the in-tree libffi headers. + +------------------------------------------------------------------- +Thu Sep 14 13:23:10 UTC 2017 - vcizek@suse.com + +- Fix test broken with OpenSSL 1.1 (bsc#1042670) + * add 0001-3.6-bpo-30714-ALPN-changes-for-OpenSSL-1.1.0f-3093.patch + +------------------------------------------------------------------- +Tue Sep 5 11:47:05 UTC 2017 - jengelh@inai.de + +- Update RPM group for python documentation. + +------------------------------------------------------------------- +Thu Aug 31 08:39:31 UTC 2017 - schwab@suse.de + +- fix missing %{?armsuffix} + +------------------------------------------------------------------- +Wed Aug 30 13:41:38 UTC 2017 - jmatejek@suse.com + +- distutils-reproducible-compile.patch: ensure distutils order files + before compiling, which works around bsc#1049186 + +------------------------------------------------------------------- +Thu Aug 17 08:59:05 CEST 2017 - kukuk@suse.de + +- Add libnsl-devel build requires for glibc obsoleting libnsl + +------------------------------------------------------------------- +Thu Aug 3 16:09:26 UTC 2017 - jmatejek@suse.com + +- update to 3.6.2 + * bugfix release, over a hundred bugs fixed + * see Misc/NEWS for details +- drop upstreamed test-socket-aead-kernel49.patch +- add Provides: python3-typing (fixes bsc#1050653) +- drop duplicate Provides: python3 + +------------------------------------------------------------------- +Mon Jun 26 12:10:07 UTC 2017 - jmatejek@suse.com + +- drop db-devel from requirements + +------------------------------------------------------------------- +Tue Jun 20 09:26:52 UTC 2017 - asn@cryptomilk.org + +- Add missing link to python library in config dir (bsc#1040164) + +------------------------------------------------------------------- +Thu Mar 23 12:42:59 UTC 2017 - jmatejek@suse.com + +- update to 3.6.1 + * bugfix release, over a hundred bugs fixed + * never add import location's parent directory to sys.path + * switch to git for version control, build changes related to that + * fix "failed to get random numbers" on old kernels (bsc#1029902) + * several crashes and memory leaks corrected + * f-string are no longer accepted as docstrings + +------------------------------------------------------------------- +Mon Mar 13 14:04:22 UTC 2017 - jmatejek@suse.com + +- prevent regenerating AST at build-time more robustly +- add "--without profileopt" and "--without testsuite" options to python3-base + to allow short circuiting when working on the package + +------------------------------------------------------------------- +Sat Feb 25 20:55:57 UTC 2017 - bwiedemann@suse.com + +- Add 0001-allow-for-reproducible-builds-of-python-packages.patch + upstream https://github.com/python/cpython/pull/296 + +------------------------------------------------------------------- +Wed Feb 8 12:30:20 UTC 2017 - jmatejek@suse.com + +- reenable test_socket with AEAD patch (test-socket-aead-kernel49.patch) +- reintroduce %py3_soflags macro (and better named %cpython3_soabi equivalent) + +------------------------------------------------------------------- +Wed Jan 11 14:57:07 UTC 2017 - jmatejek@suse.com + +- update to 3.6.0 + * PEP 498 Formated string literals + * PEP 515 Underscores in numeric literals + * PEP 526 Syntax for variable annotations + * PEP 525 Asynchronous generators + * PEP 530 Asynchronous comprehensions + * PEP 506 New "secrets" module for safe key generation + * less memory consumed by dicts + * dtrace and systemtap support + * improved asyncio module + * better defaults for ssl + * new hashing algorithms in hashlib + * bytecode format changed to allow more optimizations + * "async" and "await" are on track to be reserved words + * StopIteration from generators is deprecated + * support for openssl < 1.0.2 is deprecated + * os.urandom now blocks when getrandom() blocks + * huge number of new features, bugfixes and optimizations + * see https://docs.python.org/3.6/whatsnew/3.6.html for details +- rework multilib patch: drop Python-3.5.0-multilib.patch, implement + upstreamable python-3.6.0-multilib-new.patch +- refresh python-3.3.0b1-localpath.patch, subprocess-raise-timeout.patch +- drop upstreamed Python-3.5.1-fix_lru_cache_copying.patch +- finally drop python-2.6b1-canonicalize2.patch that was not applied in source + and only kept around in case we needed it in the future. (which we don't, as it seems) +- update import_failed map and baselibs +- build ctypes against system libffi + (buildrequire libffi-devel in python3-base) +- add new key to keyring (signed by keys already in keyring) +- introduced common configure section between python3 and python3-base +- moved pyconfig.h and Makefile to devel subpackage as distutils no longer + need it at runtime +- added python-rpm-macros dependency, regenerated macros file, drop macros.python3.py + because it is not used now +- improve summaries and descriptions (fixes bsc#917607) +- enabled Link-Time Optimization, see what happens +- including skipped_tests.py in pre_checkin.sh run +- run specs through spec-cleaner, rearrange sections + +------------------------------------------------------------------- +Fri Apr 22 17:20:29 UTC 2016 - jmatejek@suse.com + +- move _hashlib and _ssl modules and tests to python3-base +- recommend python3 + +------------------------------------------------------------------- +Tue Mar 15 15:05:23 UTC 2016 - schwab@suse.de + +- Skip test_asyncio under qemu_user_space_build + +------------------------------------------------------------------- +Mon Mar 7 20:38:11 UTC 2016 - toddrme2178@gmail.com + +- Add Python-3.5.1-fix_lru_cache_copying.patch + Fix copying the lru_cache() wrapper object. + Fixes deep-copying lru_cache regression, which worked on + previous versions of python but fails on python 3.5. + This fixes a bunch of packages in devel:languages:python3. + See: https://bugs.python.org/issue25447 + +------------------------------------------------------------------- +Sun Jan 24 00:44:08 UTC 2016 - arichardson.kde@gmail.com + +- Build the docs in .qch format as well + +------------------------------------------------------------------- +Wed Dec 9 07:35:20 UTC 2015 - toddrme2178@gmail.com + +- update to 3.5.1 + * bugfix-only release, dozens of bugs fixed +- Drop upstreamed Python-3.5.0-_Py_atomic_xxx-symbols.patch +- "Python3" to "Python 3" in summary + * This seems cleaner and fixes and rpmlint warning + +------------------------------------------------------------------- +Wed Oct 14 20:21:52 UTC 2015 - toddrme2178@gmail.com + +- Add Python-3.5.0-_Py_atomic_xxx-symbols.patch + This fixes a build error for many packages that use the Python, + C-API. + This patch is already accepted upstream and is slated to appear in + python 3.5.1. + +------------------------------------------------------------------- +Tue Sep 29 15:53:24 UTC 2015 - jmatejek@suse.com + +- update to 3.5.0 + * coroutines with async/await syntax + * matrix multiplication operator `@` + * unpacking generalizations + * new modules `typing` and `zipapp` + * type annotations + * .pyo files replaced by custom suffixes for optimization levels in __pycache__ + * support for memory BIO in ssl module + * performance improvements in several modules + * and many more +- removals and behavior changes + * deprecated `__version__` is removed + * support for .pyo files was removed + * system calls are auto-retried on EINTR + * bare generator expressions in function calls now cause SyntaxError + (change "f(x for x in i)" to "f((x for x in i))" to fix) + * removed undocumented `format` member of private `PyMemoryViewObject` struct + * renamed `PyMemAllocator` to `PyMemAllocatorEx` +- redefine %dynlib macro to reflect that modules now have arch+os as part of name +- module `time` is now built-in +- dropped upstreamed patches: + python-3.4.1-fix-faulthandler.patch + python-3.4.3-test-conditional-ssl.patch + python-fix-short-dh.patch (also dropped dh2048.pem required for this patch) +- updated patch Python-3.3.0b2-multilib.patch to Python-3.5.0-multilib.patch +- python-ncurses-6.0-accessors.patch taken from python 2 to fix build failure + with new gcc + ncurses + +------------------------------------------------------------------- +Wed Sep 9 11:51:22 UTC 2015 - dimstar@opensuse.org + +- Add python3-ncurses-6.0-accessors.patch: Fix build with + NCurses 6.0 and OPAQUE_WINDOW set to 1. + +------------------------------------------------------------------- +Mon Aug 24 17:02:08 UTC 2015 - jmatejek@suse.com + +- improve import_failed hook to do the right thing when invoking + missing modules with "python3 -m modulename" (boo#942751) + +------------------------------------------------------------------- +Thu Jul 23 22:08:10 UTC 2015 - fisiu@opensuse.org + +- Build with --enable-loadable-sqlite-extensions to make it works + as geospatial database. + +------------------------------------------------------------------- +Wed Jul 1 07:07:26 UTC 2015 - dimstar@opensuse.org + +- Fix source list for previous change (add dh2048.pem). + +------------------------------------------------------------------- +Wed Jun 24 06:54:30 UTC 2015 - meissner@suse.com + +- dh2048.pem: added generated 2048 dh parameter set to fix + ssl test (bsc#935856) +- python-fix-short-dh.patch: replace the 512 bits dh parameter set + by 2048 bits to fix build with new openssl 1.0.2c (bsc#935856) + +------------------------------------------------------------------- +Tue May 19 14:59:30 UTC 2015 - schwab@suse.de + +- ctypes-libffi-aarch64.patch: remove upstreamed patch +- python-2.7-libffi-aarch64.patch: Fix argument passing in libffi for + aarch64 + +------------------------------------------------------------------- +Thu May 14 10:58:36 UTC 2015 - jmatejek@suse.com + +- drop the PDF subpackage + (removes the massive texlive dependency, and most likely nobody is + using the PDFs anyway) + +------------------------------------------------------------------- +Thu May 14 09:53:29 UTC 2015 - jmatejek@suse.com + +- python-3.4.3-test-conditional-ssl.patch - restore tests failing because + test_urllib was unconditionally importing ssl (without really needing it) +- restore functionality of multilib patch +- drop libffi-ppc64le.diff because upstream completely changed everything + yet again (sorry ppc64 folks :| ) + + +------------------------------------------------------------------- +Fri May 1 15:11:21 UTC 2015 - mailaender@opensuse.org + +- Update to version 3.4.3 +- Drop upstreamed CVE-2014-4650-CGIHTTPServer-traversal.patch + (bpo#21766) + +------------------------------------------------------------------- +Wed Mar 25 10:57:28 UTC 2015 - rguenther@suse.com + +- Add python-3.4.1-fix-faulthandler.patch, upstream patch for bogus + faulthandler which fails with GCC 5. + +------------------------------------------------------------------- +Sun Jan 11 13:01:30 UTC 2015 - p.drouand@gmail.com + +- asyncio has been merged in python3 main package; provide and + obsolete it +- Remove obsolete AUTHORS section +- Remove redundant %clean section + +------------------------------------------------------------------- +Sat Oct 18 20:14:54 UTC 2014 - crrodriguez@opensuse.org + +- Only pkgconfig(x11) is required for build, not the whole + set of packages provided by xorg-x11-devel metapackage. + +------------------------------------------------------------------- +Mon Oct 13 13:38:20 UTC 2014 - jmatejek@suse.com + +- add %python3_version rpm macro for Fedora compatibility +- add missing argument in import_failed, rename Novell Bugzilla + to SUSE Bugzilla + +------------------------------------------------------------------- +Thu Jul 31 17:24:59 UTC 2014 - dimstar@opensuse.org + +- Rename rpmlintrc to %{name}-rpmlintrc. + Follow the packaging guidelines. + +------------------------------------------------------------------- +Wed Jul 23 16:31:02 UTC 2014 - jmatejek@suse.com + +- CVE-2014-4650-CGIHTTPServer-traversal.patch: CGIHTTPServer file + disclosure and directory traversal through URL-encoded characters + (CVE-2014-4650, bnc#885882) + +------------------------------------------------------------------- +Tue Jul 22 13:55:57 UTC 2014 - jmatejek@suse.com + +- drop python-3.4.1-SUSE-ensurepip.patch for compatibility reasons, + reinstate bundled copies of pip and setuptools + (fixes bnc#885662) +- add more files as sources to silence the validator + +------------------------------------------------------------------- +Wed May 21 11:01:56 UTC 2014 - jmatejek@suse.com + +- update to 3.4.1 + * bugfix-only release, over 300 bugs fixed +- drop upstreamed python-3.4.0rc2-sqlite-3.8.4-tests.patch +- drop upstreamed CVE-2014-2667-mkdir.patch +- include Python release manager keyring and signature file + for the source archive (thus renumbering of source files) + (see https://www.python.org/download/#openpgp-public-keys ) +- move ensurepip to python3, because it transitively requires ssl + +------------------------------------------------------------------- +Fri Apr 4 16:21:40 UTC 2014 - jmatejek@suse.com + +- CVE-2014-2667-mkdir.patch: race condition with reseting umask + in os.makedirs + (CVE-2014-2667, bnc#871152) +- updated multilib patch to include ~/.local/lib64 (bnc#637176) + +------------------------------------------------------------------- +Wed Mar 26 15:24:46 UTC 2014 - jmatejek@suse.com + +- raise timeout value for test_subprocess to 10s (might fix + intermittent build failures in OBS) + +------------------------------------------------------------------- +Mon Mar 24 17:29:31 UTC 2014 - dmueller@suse.com + +- remove blacklisting of test_posix on aarch64: qemu bug is fixed + +------------------------------------------------------------------- +Mon Mar 17 18:26:58 UTC 2014 - jmatejek@suse.com + +- update to 3.4.0 final +- drop upstreamed python-3.4rc2-importlib.patch + +------------------------------------------------------------------- +Sun Mar 16 16:33:25 UTC 2014 - schwab@suse.de + +- Only build with profile-opt if profiling is enabled +- Update test exclusion lists: + * test_ctypes no longer fails on arm + * test_io no longer fails on ppc* + * test_multiprocessing has been split in multiple tests + * test_posix and test_signal fail due to qemu bugs + +------------------------------------------------------------------- +Fri Mar 14 20:26:03 UTC 2014 - andreas.stieger@gmx.de + +- Fix build with SQLite 3.8.4 [bnc#867887], fixing SQLite tests, + adding python-2.7.6-sqlite-3.8.4-tests.patch + +------------------------------------------------------------------- +Thu Feb 27 14:08:40 UTC 2014 - jmatejek@suse.com + +- update to 3.4.0 rc2 + * pre-release bugfixes + * improvements to asyncio library +- drop upstreamed tracemalloc_gcov.patch +- python-3.4rc2-importlib.patch fixes backwards-incompatibility + in the reworked importlib module that blocks build of vim + +------------------------------------------------------------------- +Fri Jan 17 18:45:27 UTC 2014 - jmatejek@suse.com + +- initial commit of 3.4.0 beta 3 + * new stdlib modules: pathlib, enum, statistics, tracemalloc + * asynchronous IO with new asyncio module + * introspection data for builtins + * subprocesses no longer inherit open file descriptors + * standardized metadata for packages + * internal hashing changed to SipHash + * new pickle protocol + * improved handling of codecs + * TLS 1.2 support + * major speed improvements for internal unicode handling + * many bugfixes and optimizations +- see porting guide at: + http://docs.python.org/3.4/whatsnew/3.4.html#porting-to-python-3-4 +- moved several modules to -testsuite subpackage +- updated list of binary extensions, refreshed patches +- tracemalloc_gcov.patch fixes profile-based optimization build +- updated packages and pre_checkin.sh to use ~-version notation + for prereleases +- fix-shebangs part of build process moved to common %prep +- drop python-3.3.2-no-REUSEPORT.patch (upstreamed) +- update baselibs for new soname + +- TODOs: + * require python-pip, make ensurepip work with zypper + +------------------------------------------------------------------- +Wed Dec 4 13:21:26 UTC 2013 - matz@suse.de + +- add ppc64le (ELFv2) support for libffi copy for ctypes module +- Adjust Python-3.3.0b2-multilib.patch for ppc64le (make sys.lib be + "lib64"). +- added patches: + * libffi-ppc64le.diff +------------------------------------------------------------------- +Tue Dec 3 09:51:43 UTC 2013 - adrian@suse.de + +- add ppc64le rules + +------------------------------------------------------------------- +Fri Nov 22 13:17:23 UTC 2013 - speilicke@suse.com + +- Add python-3.3.3-skip-distutils-test_sysconfig_module.patch: + + Disable global and distutils sysconfig comparison test, we deviate + from the default depending on optflags + +------------------------------------------------------------------- +Tue Nov 19 14:28:41 UTC 2013 - jmatejek@suse.com + +- update to 3.3.3 + * bugfix-only release + * many SSL-related fixes + * upstream fix for CVE-2013-4238 + * upstream fixes for CVE-2013-1752 +- move example module xxlimited to python3-testsuite +- drop CVE-2013-4238_py33.patch - it is upstreamed +- remove --with-wide-unicode config option, it is now the default + (and only) choice +- don't touch anything between make and makeinstall +- drop python-3.2b2-buildtime-generate.patch - the issue was caused + by touching things between make and makeinstall +- link pycache entries for import_failed hooks properly + +------------------------------------------------------------------- +Tue Oct 15 17:44:08 UTC 2013 - crrodriguez@opensuse.org + +- build with -DOPENSSL_LOAD_CONF for the same reasons + described in the python2 package. + +------------------------------------------------------------------- +Fri Aug 16 11:35:15 UTC 2013 - jmatejek@suse.com + +- handle NULL bytes in certain fields of SSL certificates + (CVE-2013-4238, bnc#834601) + +------------------------------------------------------------------- +Thu Aug 8 14:54:49 UTC 2013 - dvaleev@suse.com + +- Exclue test_faulthandler from tests on powerpc due to bnc#831629 + +------------------------------------------------------------------- +Thu Jun 13 15:05:34 UTC 2013 - jmatejek@suse.com + +- update to 3.3.2 + * bugfix-only release + * fixes several regressions introduced in 3.3.1 +- switch to xz compression +- move _lzma module to python3-base +- python-3.3.2-no-REUSEPORT.patch to fix build on kernels without SO_REUSEPORT + +------------------------------------------------------------------- +Mon Apr 29 22:32:43 UTC 2013 - schwab@suse.de + +- Readd missing bits from ctypes-libffi-aarch64.patch + +------------------------------------------------------------------- +Sat Apr 13 07:56:51 UTC 2013 - idonmez@suse.com + +- Update to version 3.3.1 + * Fix the –enable-profiling configure switch. + * In IDLE, close the replace dialog after it is used. +- Too many bugfixes to list here, + see See http://hg.python.org/cpython/file/v3.3.0/Misc/NEWS +- Refresh Python-3.3.0b2-multilib.patch +- Refresh python-3.2b2-buildtime-generate.patch +- Drop upstream patches: ctypes-libffi-aarch64.patch, + python-3.2.3rc2-pypirc-secure.patch, python-3.3.0-getdents64.patch + +------------------------------------------------------------------- +Mon Apr 8 11:25:30 UTC 2013 - speilicke@suse.com + +- Exclude sqlite/test and tk/test directories from the respective + sub-packages. These are owned by the testsuite sub-package already + +------------------------------------------------------------------- +Fri Apr 5 12:59:20 UTC 2013 - idonmez@suse.com + +- Add Source URL, see https://en.opensuse.org/title=SourceUrls + +------------------------------------------------------------------- +Wed Apr 3 15:36:04 UTC 2013 - jmatejek@suse.com + +- remove spurious modification of python-3.3.0b1-localpath.patch + that would force installation into /usr/local. + this fixes bnc#809831 + +------------------------------------------------------------------- +Thu Mar 28 18:38:51 UTC 2013 - jmatejek@suse.com + +- replace broken movetogetdents64.diff patch with a correct one + from upstream repo (python-3.3.0-getdents64.patch) + +------------------------------------------------------------------- +Fri Mar 1 07:42:21 UTC 2013 - dmueller@suse.com + +- add ctypes-libffi-aarch64.patch: + * import aarch64 support for libffi in _ctypes module +- add aarch64 to the list of lib64 based archs +- add movetogetdents64.diff: + * port to getdents64, as SYS_getdents is not implemented everywhere + +------------------------------------------------------------------- +Tue Feb 26 08:57:55 UTC 2013 - saschpe@suse.de + +- /etc/rpm/macros.python3 is no %config, it is not meant to be changed + by users. +- Add rpmlintrc with some obvious filters + +------------------------------------------------------------------- +Mon Jan 28 18:14:39 UTC 2013 - jmatejek@suse.com + +- update baselibs for new version of libpython3 + +------------------------------------------------------------------- +Thu Nov 29 17:02:37 UTC 2012 - jmatejek@suse.com + +- fix include path in macros (bnc#787526) +- implement failed import handlers for modules that live in + subpackages - e.g. "import ssl" will now throw a sensible error + message telling you to install "python3" + +------------------------------------------------------------------- +Wed Nov 28 17:02:07 UTC 2012 - jmatejek@suse.com + +- merge python3-xml into python3 +- merge python3-2to3 library into python3-base + and the 2to3 binary into python3-devel + (python3-devel is now in conflict with python-2to3, which + will be dropped) +- enable --with-system-expat for python3, making the xml modules + (and thus python3) depend on expat +- reconfigure tests to disable network and GUI resources, which + the upstream apparently thought is a good idea to enable by default. + this fixes build failures in Factory +- add lzma-devel to build the _lzma module +- moved %dynlib macro definition to common section + +------------------------------------------------------------------- +Mon Nov 5 20:01:46 UTC 2012 - coolo@suse.com + +- buildrequire timezone for the test suite + +------------------------------------------------------------------- +Mon Oct 29 18:21:45 UTC 2012 - dmueller@suse.com + +- disable more checks for qemu builds as they use syscalls not + implemented yet + +------------------------------------------------------------------- +Thu Oct 25 08:14:36 UTC 2012 - Rene.vanPaassen@gmail.com + +- exclude test_math for SLE 11; math library fails on negative + gamma function values close to integers and 0, probably + due to imprecision in -lm on SLE_11_SP2. + +------------------------------------------------------------------- +Tue Oct 16 12:15:34 UTC 2012 - coolo@suse.com + +- buildrequire libbz2-devel explicitly + +------------------------------------------------------------------- +Mon Oct 8 14:33:08 UTC 2012 - jmatejek@suse.com + +- remove distutils.cfg (bnc#658604) + * this changes default prefix for distutils to /usr + * see ML for details: +http://lists.opensuse.org/opensuse-packaging/2012-09/msg00254.html + +------------------------------------------------------------------- +Mon Oct 1 08:53:03 UTC 2012 - idonmez@suse.com + +- Update to final 3.3.0 release + * See http://hg.python.org/cpython/file/v3.3.0/Misc/NEWS + +------------------------------------------------------------------- +Thu Sep 27 12:35:01 UTC 2012 - idonmez@suse.com + +- Correct dependency for python3-testsuite, + python3-tkinter -> python3-tk + +------------------------------------------------------------------- +Thu Aug 23 13:08:11 UTC 2012 - jmatejek@suse.com + +- update to 3.3.0 RC1 + +------------------------------------------------------------------- +Fri Aug 3 12:09:34 UTC 2012 - jmatejek@suse.com + +- update to 3.3.0 beta 1 + * flexible string representation, no longer distinguishing + between wide and narrow Unicode builds + * importlib-based import system + * virtualenv support in core + * namespace packages + * explicit Unicode literals for easier porting + * key-sharing dict implementation reduces memory footprint + of OO code + * hash randomization on by default + * many other new bugfixes and features, check NEWS for details + +- pre_checkin.sh now autofills various version strings in specs +- ship hashlib's fallback modules - those uselessly take up space + when real _hashlib.so from python3 is present, but the space wasted + is only 114kB and it provides python3-base with a working hashlib + module. + (also, this fixes bnc#743787) + +------------------------------------------------------------------- +Fri Jul 27 09:02:41 UTC 2012 - dvaleev@suse.com + +- skip test_io on ppc +- drop test_io ppc patch + +------------------------------------------------------------------- +Thu Jun 28 07:57:58 UTC 2012 - saschpe@suse.de + +- Satisfy source_validator by uncommenting an otherwise unused "Patch" + line + +------------------------------------------------------------------- +Tue Jun 12 15:39:08 UTC 2012 - adrian@suse.de + +- fix logic of checks exclusion + +------------------------------------------------------------------- +Fri May 18 11:50:27 UTC 2012 - idonmez@suse.com + +- update to 3.2.3 + * No changes since rc2 + +------------------------------------------------------------------- +Thu Mar 29 15:44:33 UTC 2012 - jmatejek@suse.com + +- update to 3.2.3rc2 + * fixes several security issues: + * CVE-2012-0845, bnc#747125 + * CVE-2012-1150, bnc#751718 + * CVE-2011-4944, bnc#754447 + * CVE-2011-3389, bnc#754677 +- fix for insecure .pypirc (CVE-2011-4944, bnc#754447) +- disable test_gdb because it is broken by our gdb + +------------------------------------------------------------------- +Thu Feb 16 12:33:12 UTC 2012 - dvaleev@suse.com + +- skip broken test_io test on ppc + +------------------------------------------------------------------- +Wed Jan 18 15:49:47 UTC 2012 - jmatejek@suse.com + +- update to 3.2.2 + * bugfix-only release + * reports "linux2" as sys.platform regardless of Linux kernel +- added pre_checkin.sh to copy common spec sections to python3.spec +- added PACKAGING-NOTES with some helpful info for packagers + +------------------------------------------------------------------- +Sun Dec 25 13:25:01 UTC 2011 - idonmez@suse.com + +- Use system ffi, included one is broken see + http://bugs.python.org/issue11729 and + http://bugs.python.org/issue12081 + +------------------------------------------------------------------- +Fri Dec 9 17:19:55 UTC 2011 - jmatejek@suse.com + +- license.opensuse.org-compatible license headers + +------------------------------------------------------------------- +Fri Dec 2 16:46:44 UTC 2011 - coolo@suse.com + +- add automake as buildrequire to avoid implicit dependency + +------------------------------------------------------------------- +Thu Nov 24 12:42:25 UTC 2011 - agraf@suse.com + +- fix ARM build (exclude some test cases which break for us) + +------------------------------------------------------------------- +Tue Aug 16 17:02:22 UTC 2011 - termim@gmail.com + +- use sysconfig module to get py3_incdir, py3_abiflags, + py3_soflags, python3_sitelib and python3_sitearch + +------------------------------------------------------------------- +Mon Jul 18 16:22:31 UTC 2011 - jmatejek@novell.com + +- update to 3.2.1 + * bugfix-only release, no major changes +- fix build on linux3 platform +- remove upstreamed pybench patch +- install /usr/lib directories in all cases to prevent spurious + "directory not owned" in dependent packages + +------------------------------------------------------------------- +Wed Jun 15 14:16:38 UTC 2011 - jmatejek@novell.com + +- replaced dynamic so version with manual so version, because + autobuild does not support autogeneration + +------------------------------------------------------------------- +Tue May 24 13:39:06 UTC 2011 - jmatejek@novell.com + +- generate macros.python3 at compile-time with fixed values +- don't include bogus values in pyconfig.h, as they can break + third-party packages (bnc#673071) + +------------------------------------------------------------------- +Tue May 17 12:52:51 UTC 2011 - jmatejek@novell.com + +- added Obsoletes: python3 < 3.1 so that the transition from + non-split to split packages goes smoothly + +------------------------------------------------------------------- +Fri May 13 12:38:19 UTC 2011 - jmatejek@novell.com + +- fixed RPM macros to use python3 instead of python +- updated to build --with-wide-unicode (for compatibility with + fedora and our own python 2.x series) + +------------------------------------------------------------------- +Thu Apr 21 03:39:25 UTC 2011 - termim@gmail.com + +- fix python3-base build failure due to pybench.py crash by + python-3.2-pybench.patch +- move pyconfig.h from python3-devel to python3-base package to + make python3-base functional again + +------------------------------------------------------------------- +Wed Mar 23 04:26:28 UTC 2011 - termim@gmail.com + +- update to python 3.2 + * stable ABI, ABI-tagged .so files + * concurrent.futures and many other new or upgraded modules + * PYC repository directories ( __pycache__ ) + * python WSGI 1.0.1 + * Unicode 6.0.0 support + * a great number of bugfixes and assorted improvements + +------------------------------------------------------------------- +Tue Feb 8 19:42:17 CET 2011 - matejcik@suse.cz + +- update to python 3.2 RC2 +- renamed python3-demo to python3-tools, because the demo part + became much smaller than the tools part +- added rpm macros + +------------------------------------------------------------------- +Tue Jan 18 14:13:04 UTC 2011 - jmatejek@novell.com + +- update to python 3.2 beta 2, see NEWS for details +- split off -base package with less dependencies, and a shlib-policy + compliant libpython3 package +- mostly rewritten the spec file with more detailed comments +- cleaned up lists of patches + diff --git a/python311.spec b/python311.spec new file mode 100644 index 0000000..615dfd9 --- /dev/null +++ b/python311.spec @@ -0,0 +1,1061 @@ +# +# spec file for package python311 +# +# Copyright (c) 2025 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%global flavor @BUILD_FLAVOR@%{nil} +%if "%{flavor}" == "doc" +%define psuffix -documentation +%bcond_without doc +%bcond_with base +%bcond_with general +%endif +%if "%{flavor}" == "base" +%define psuffix -core +%bcond_with doc +%bcond_without base +%bcond_with general +%endif +%if "%{flavor}" == "" +%define psuffix %{nil} +%bcond_with doc +%bcond_with base +%bcond_without general +%endif + +%if 0%{?do_profiling} && !0%{?want_reproducible_builds} +%bcond_without profileopt +%else +%bcond_with profileopt +%endif + +# Only for Tumbleweed +# https://en.opensuse.org/openSUSE:Python:Externally_managed +%if 0%{?suse_version} > 1600 +%bcond_without externally_managed +%else +%bcond_with externally_managed +%endif + +%define python_pkg_name python311 +%if "%{python_pkg_name}" == "%{primary_python}" +%define primary_interpreter 1 +%else +%define primary_interpreter 0 +%endif + +# Setting up variables +%define _version %(c=%{version}; echo ${c/[a-z]*/}) +%define tar_suffix %(c=%{_version}; echo ${c#%{_version}}) +%define python_version %(echo %{_version}|cut -d. -f1-2) +# based on the current source tarball +%define python_version_abitag %(c=%{python_version}; echo ${c//./}) +# FIXME %%define python_version_soname %%(c=%%{python_version}; echo ${c//./_}) +%define python_version_soname 3_11 +%if 0%(test -n "%{tar_suffix}" && echo 1) +%define _version %(echo "%{_version}~%{tar_suffix}") +%define tarversion %{version} +%else +%define tarversion %{version} +%endif +# We don't process beta signs well +%define folderversion %{tarversion} +%define tarname Python-%{tarversion} +%define sitedir %{_libdir}/python%{python_version} +# three possible ABI kinds: m - pymalloc, d - debug build; see PEP 3149 +%define abi_kind %{nil} +# python ABI version - used in some file names +%define python_abi %{python_version}%{abi_kind} +# soname ABI tag defined in PEP 3149 +%define abi_tag %{python_version_abitag}%{abi_kind} +# version part of "libpython" package +%define so_major 1 +%define so_minor 0 +%define so_version %{python_version_soname}%{abi_kind}-%{so_major}_%{so_minor} +# rpm and python have different ideas about what is an arch-dependent name, so: +%if "%{__isa_name}" == "ppc" +%define archname %(echo %{_arch} | sed s/ppc/powerpc/) +%else +%define archname %{_arch} +%endif +# our arm has Hardware-Floatingpoint +%if "%{_arch}" == "arm" +%define armsuffix hf +%endif +# Decide whether we want to use mpdecimal +%if 0%{?suse_version} >= 1550 +%bcond_without mpdecimal +%else +%bcond_with mpdecimal +%endif +# pyexpat.cpython-35m-x86_64-linux-gnu +# pyexpat.cpython-35m-powerpc64le-linux-gnu +# pyexpat.cpython-35m-armv7-linux-gnueabihf +# _md5.cpython-38m-x86_64-linux-gnu.so +%define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so +Name: %{python_pkg_name}%{psuffix} +Version: 3.11.12 +Release: 0 +Summary: Python 3 Interpreter +License: Python-2.0 +URL: https://www.python.org/ +Source0: https://www.python.org/ftp/python/%{folderversion}/%{tarname}.tar.xz +Source1: https://www.python.org/ftp/python/%{folderversion}/%{tarname}.tar.xz.sigstore +Source2: baselibs.conf +Source3: README.SUSE +Source4: externally_managed.in +Source7: macros.python3 +Source8: import_failed.py +Source9: import_failed.map +Source10: pre_checkin.sh +Source11: skipped_tests.py +Source19: idle3.desktop +Source20: idle3.appdata.xml +# content of bluez-devel: +# 1. sudo zypper --pkg-cache-dir /tmp install -f -d --no-recommends bluez-devel +# 2. rpm2cpio /tmp/*/*/bluez-devel-*.rpm|cpio -idu +# 3. mkdir Vendor && mv usr/include/* Vendor/ +# 4. tar cJf bluez-devel-vendor.tar.xz Vendor/ +Source21: bluez-devel-vendor.tar.xz +Source98: python311-rpmlintrc +# Tarball is signed by the GPG key of Pablo Galindo Salgado (0x64E628F8D684696D) +# https://keybase.io/pablogsal/pgp_keys.asc?fingerprint=a035c8c19219ba821ecea86b64e628f8d684696d +Source99: python.keyring +# The following files are not used in the build. +# They are listed here to work around missing functionality in rpmbuild, +# which would otherwise exclude them from distributed src.rpm files. +Source100: PACKAGING-NOTES +# PATCH-FEATURE-UPSTREAM F00251-change-user-install-location.patch bsc#[0-9]+ mcepl@suse.com +# Fix installation in /usr/local (boo#1071941), originally from Fedora +# https://src.fedoraproject.org/rpms/python3.12/blob/rawhide/f/00251-change-user-install-location.patch +# Set values of prefix and exec_prefix in distutils install command +# to /usr/local if executable is /usr/bin/python* and RPM build +# is not detected to make pip and distutils install into separate location +Patch02: F00251-change-user-install-location.patch +# PATCH-FEATURE-UPSTREAM distutils-reproducible-compile.patch gh#python/cpython#8057 mcepl@suse.com +# Improve reproduceability +Patch03: distutils-reproducible-compile.patch +# support finding packages in /usr/local, install to /usr/local by default +Patch04: python-3.3.0b1-localpath.patch +# replace DATE, TIME and COMPILER by fixed definitions to aid reproducible builds +Patch05: python-3.3.0b1-fix_date_time_compiler.patch +# Raise timeout value for test_subprocess +Patch07: subprocess-raise-timeout.patch +# PATCH-FEATURE-UPSTREAM bpo-31046_ensurepip_honours_prefix.patch bpo#31046 mcepl@suse.com +# ensurepip should honour the value of $(prefix) +Patch08: bpo-31046_ensurepip_honours_prefix.patch +# PATCH-FIX-SLE no-skipif-doctests.patch jsc#SLE-13738 mcepl@suse.com +# SLE-15 version of Sphinx doesn't know about skipif directive in doctests. +Patch09: no-skipif-doctests.patch +# PATCH-FIX-SLE skip-test_pyobject_freed_is_freed.patch mcepl@suse.com +# skip a test failing on SLE-15 +Patch10: skip-test_pyobject_freed_is_freed.patch +# PATCH-FIX-SLE fix_configure_rst.patch bpo#43774 mcepl@suse.com +# remove duplicate link targets and make documentation with old Sphinx in SLE +Patch11: fix_configure_rst.patch +# PATCH-FIX-UPSTREAM skip_if_buildbot-extend.patch gh#python/cpython#103053 mcepl@suse.com +# Skip test_freeze_simple_script +Patch13: skip_if_buildbot-extend.patch +# PATCH-FIX-UPSTREAM bsc1221260-test_asyncio-ResourceWarning.patch bsc#1221260 mcepl@suse.com +# prevent ResourceWarning in test_asyncio tests +Patch15: bsc1221260-test_asyncio-ResourceWarning.patch +# PATCH-FIX-OPENSUSE CVE-2023-52425-libexpat-2.6.0-backport.patch +# This problem on libexpat is patched on SLE without version +# update, this patch changes the tests to match the libexpat provided +# by SUSE +Patch16: CVE-2023-52425-libexpat-2.6.0-backport.patch +Patch17: CVE-2023-52425-remove-reparse_deferral-tests.patch +# PATCH-FIX-UPSTREAM bso1227999-reproducible-builds.patch bsc#1227999 mcepl@suse.com +# reproducibility patches +Patch19: bso1227999-reproducible-builds.patch +# PATCH-FIX-UPSTREAM gh120226-fix-sendfile-test-kernel-610.patch gh#python/cpython#120226 mcepl@suse.com +# Fix test_sendfile_close_peer_in_the_middle_of_receiving on Linux >= 6.10 (GH-120227) +Patch22: gh120226-fix-sendfile-test-kernel-610.patch +# PATCH-FIX-UPSTREAM Add platform triplets for 64-bit LoongArch gh#python/cpython#30939 glaubitz@suse.com +Patch24: add-loongarch64-support.patch +# PATCH-FIX-UPSTREAM gh-126572-test_ssl-no-stop-ThreadedEchoServer-OSError.patch bsc#1241067 mcepl@suse.com +# don't stop ThreadedEchoServer on OSError, makes test_ssl fail with OpenSSL 3.5 +Patch25: gh-126572-test_ssl-no-stop-ThreadedEchoServer-OSError.patch +BuildRequires: autoconf-archive +BuildRequires: automake +BuildRequires: crypto-policies-scripts +BuildRequires: fdupes +BuildRequires: gmp-devel +BuildRequires: lzma-devel +BuildRequires: netcfg +BuildRequires: openssl-devel +BuildRequires: pkgconfig +BuildRequires: xz +BuildRequires: pkgconfig(bzip2) +BuildRequires: pkgconfig(expat) +BuildRequires: pkgconfig(libffi) +BuildRequires: pkgconfig(uuid) +BuildRequires: pkgconfig(zlib) +#!BuildIgnore: gdk-pixbuf-loader-rsvg +%if 0%{?suse_version} >= 1550 +# The provider for python(abi) is in rpm-build-python +BuildRequires: rpm-build-python +%endif +%if 0%{?suse_version} >= 1500 && 0%{?suse_version} < 1599 +BuildRequires: pkgconfig(libnsl) +BuildRequires: pkgconfig(libtirpc) +%endif +%if %{with mpdecimal} +BuildRequires: mpdecimal-devel +%endif +%if %{with doc} +BuildRequires: python3-Sphinx >= 4.0.0 +%if 0%{?suse_version} >= 1500 +BuildRequires: python3-python-docs-theme >= 2022.1 +%endif +%endif +%if %{with general} +# required for idle3 (.desktop and .appdata.xml files) +BuildRequires: appstream-glib +BuildRequires: gcc-c++ +BuildRequires: gdbm-devel +BuildRequires: gettext +BuildRequires: readline-devel +BuildRequires: sqlite-devel +BuildRequires: timezone +BuildRequires: pkgconfig(ncurses) +BuildRequires: pkgconfig(tk) +BuildRequires: pkgconfig(x11) +Requires: %{python_pkg_name}-base = %{version} +Provides: %{python_pkg_name}-readline +Provides: %{python_pkg_name}-sqlite3 +Recommends: %{python_pkg_name}-curses +Recommends: %{python_pkg_name}-dbm +Recommends: %{python_pkg_name}-pip +%if %{primary_interpreter} +Provides: python3 = %{python_version} +Provides: python3-readline +Provides: python3-sqlite3 +%endif +%endif +%{?suse_build_hwcaps_libs} + +%description +Python 3 is modern interpreted, object-oriented programming language, +often compared to Tcl, Perl, Scheme, or Java. You can find an overview +of Python in the documentation and tutorials included in the python3-doc +package. + +This package supplies rich command line features provided by readline, +and sqlite3 support for the interpreter core, thus forming a so called +"extended" runtime. +Installing "python3" is sufficient for the vast majority of usecases. +In addition, recommended packages provide UI toolkit support (python3-curses, +python3-tk), legacy UNIX database bindings (python3-dbm), and the IDLE +development environment (python3-idle). + +%package -n %{python_pkg_name}-tk +Summary: TkInter, a Python Tk Interface +Requires: %{python_pkg_name} = %{version} +%if %{primary_interpreter} +Provides: python3-tk = %{version} +%endif + +%description -n %{python_pkg_name}-tk +Python interface to Tk. Tk is the GUI toolkit that comes with Tcl. + +%package -n %{python_pkg_name}-curses +Summary: Python Interface to the (N)Curses Library +Requires: %{python_pkg_name} = %{version} +%if %{primary_interpreter} +Provides: python3-curses +%endif + +%description -n %{python_pkg_name}-curses +An easy to use interface to the (n)curses CUI library. CUI stands for +Console User Interface. + +%package -n %{python_pkg_name}-dbm +Summary: Python Interface to the GDBM Library +Requires: %{python_pkg_name} = %{version} +%if %{primary_interpreter} +Provides: python3-dbm +%endif + +%description -n %{python_pkg_name}-dbm +An easy to use interface for Unix DBM databases, and more specifically, +the GNU implementation GDBM. + +%package -n %{python_pkg_name}-idle +Summary: An Integrated Development Environment for Python +Requires: %{python_pkg_name} = %{version} +Requires: %{python_pkg_name}-tk +%if %{primary_interpreter} +Provides: python3-idle = %{version} +%endif + +%description -n %{python_pkg_name}-idle +IDLE is a Tkinter based integrated development environment for Python. +It features a multi-window text editor with multiple undo, Python +colorizing, and many other things, as well as a Python shell window and +a debugger. + +%package -n %{python_pkg_name}-doc +Summary: Package Documentation for Python 3 +Enhances: %{python_pkg_name} = %{python_version} +%if %{primary_interpreter} +Provides: python3-doc = %{version} +%endif + +%description -n %{python_pkg_name}-doc +Tutorial, Global Module Index, Language Reference, Library Reference, +Extending and Embedding Reference, Python/C API Reference, Documenting +Python, and Macintosh Module Reference in HTML format. + +%package -n %{python_pkg_name}-doc-devhelp +Summary: Additional Package Documentation for Python 3 in devhelp format +%if %{primary_interpreter} +Provides: python3-doc-devhelp = %{version} +%endif + +%description -n %{python_pkg_name}-doc-devhelp +Tutorial, Global Module Index, Language Reference, Library Reference, +Extending and Embedding Reference, Python/C API Reference, Documenting +Python, and Macintosh Module Reference in format for devhelp. + +%package -n %{python_pkg_name}-base +Summary: Python 3 Interpreter and Stdlib Core +Requires: libpython%{so_version} = %{version} +Recommends: %{python_pkg_name} = %{version} +#Recommends: python3-ensurepip +# python 3.1 didn't have a separate python-base, so it is wrongly +# not a conflict to have python3-3.1 and python3-base > 3.1 +Obsoletes: python3 < 3.2 +# no Provides, because python3 is obviously provided by package python3 +# python 3.4 provides asyncio +Provides: %{python_pkg_name}-asyncio = %{version} +# python 3.6 provides typing +Provides: %{python_pkg_name}-typing = %{version} +# python3-xml was merged into python3, now moved into -base +Provides: %{python_pkg_name}-xml = %{version} +%if %{primary_interpreter} +Provides: python3-asyncio = %{version} +Obsoletes: python3-asyncio < %{version} +Provides: python3-base = %{version} +Obsoletes: python3-base < %{version} +Provides: python3-typing = %{version} +Obsoletes: python3-typing < %{version} +Provides: python3-xml = %{version} +Obsoletes: python3-xml < %{version} +%endif + +%description -n %{python_pkg_name}-base +Python is an interpreted, object-oriented programming language, and is +often compared to Tcl, Perl, Scheme, or Java. You can find an overview +of Python in the documentation and tutorials included in the python-doc +package. + +This package contains the interpreter core and most commonly used modules +from the standard library. This is sufficient for many usecases, but it +excludes components that depend on external libraries, most notably XML, +database and UI toolkits support. + +%package -n %{python_pkg_name}-tools +Summary: Python Utility and Demonstration Scripts +Requires: %{python_pkg_name}-base = %{version} +Provides: %{python_pkg_name}-2to3 = %{version} +Provides: %{python_pkg_name}-demo = %{version} +%if %{primary_interpreter} +Provides: python3-2to3 = %{version} +Provides: python3-demo = %{version} +Provides: python3-tools = %{version} +Obsoletes: python3-2to3 < %{version} +Obsoletes: python3-demo < %{version} +%endif + +%description -n %{python_pkg_name}-tools +A number of scripts that are useful for building, testing or extending Python, +and a set of demonstration programs. + +%package -n %{python_pkg_name}-devel +Summary: Include Files and Libraries Mandatory for Building Python Modules +Requires: %{python_pkg_name}-base = %{version} +%if %{primary_interpreter} +Provides: python3-devel = %{version} +%endif + +%description -n %{python_pkg_name}-devel +The Python programming language's interpreter can be extended with +dynamically loaded extensions and can be embedded in other programs. + +This package contains header files, a static library, and development +tools for building Python modules, extending the Python interpreter or +embedding Python in applications. + +This also includes the Python distutils, which were in the Python +package up to version 2.2.2. + +%package -n %{python_pkg_name}-testsuite +Summary: Unit tests for Python and its standard library +Requires: %{python_pkg_name} = %{version} +Requires: %{python_pkg_name}-tk = %{version} +%if %{primary_interpreter} +Provides: python3-testsuite = %{version} +%endif + +%description -n %{python_pkg_name}-testsuite +Unit tests that are useful for verifying integrity and functionality +of the installed Python interpreter and standard library. +They are a documented part of stdlib, as a module 'test'. + +%package -n libpython%{so_version} +Summary: Python Interpreter shared library +Requires: %{python_pkg_name}-base >= %{version} + +%description -n libpython%{so_version} +Python is an interpreted, object-oriented programming language, and is +often compared to Tcl, Perl, Scheme, or Java. You can find an overview +of Python in the documentation and tutorials included in the python-doc +(HTML) or python-doc-pdf (PDF) packages. + +This package contains libpython3.2 shared library for embedding in +other applications. + +%prep +%setup -q -n %{tarname} + +%patch -p1 -P 02 +%patch -p1 -P 03 +%patch -p1 -P 04 +%patch -p1 -P 05 +%patch -p1 -P 07 +%patch -p1 -P 08 + +%if 0%{?suse_version} <= 1500 +%patch -P 09 -p1 +%endif + +%patch -p1 -P 10 +%patch -p1 -P 11 +%patch -p1 -P 13 +%patch -p1 -P 15 +%patch -p1 -P 16 +%patch -p1 -P 17 +%patch -p1 -P 19 +%patch -p1 -P 22 +%patch -p1 -P 24 +%patch -p1 -P 25 + +# drop Autoconf version requirement +sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac + +%if %{primary_interpreter} +# fix shebangs - convert /usr/local/bin/python and /usr/bin/env/python to /usr/bin/python3 +for dir in Lib Tools; do + # find *.py, filter to files that contain bad shebangs + # break up "/""usr" like this to prevent replacing with %%{_prefix} + find $dir -name '*.py' -type f -print0 \ + | xargs -0 grep -lE '^#! *(/''usr/.*bin/(env +)?)?python' \ + | xargs sed -r -i -e '1s@^#![[:space:]]*(/''usr/(local/)?bin/(env +)?)?python([0-9]+(\.[0-9]+)?)?@#!%{_bindir}/python3@' +done +%else +# For non-primary Python, just don't bother (bsc#1193179) and remove all +# those shebangs +for dir in Lib Tools; do + find $dir -name '*.py' -type f -exec sed -i '1{/^#!.*python/ d}' '{}' \; +done +# We shortened the file Lib/pdb.py so we have to move the test breakpoint location +sed -i -e '/Breakpoint 3 at ...pdb.py:97/s/97/96/' Lib/test/test_pdb.py +%endif + +# drop in-tree libffi and expat +rm -r Modules/_ctypes/libffi* Modules/_ctypes/darwin +# Cannot remove it because of gh#python/cpython#92875 +# rm -r Modules/expat + +# drop duplicate README from site-packages +rm Lib/site-packages/README.txt + +# Add vendored bluez-devel files +tar xvf %{SOURCE21} + +# Don't fail on warnings when building documentation +sed -i -e '/^SPHINXERRORHANDLING/s/-W//' Doc/Makefile + +%build +%if %{with doc} +TODAY_DATE=`date -r %{SOURCE0} "+%%B %%d, %%Y"` +# TODO use not date of tarball but date of latest patch + +cd Doc +sed -i "s/^today = .*/today = '$TODAY_DATE'/" conf.py +%make_build -j1 html + +# Build also devhelp files +sphinx-build -a -b devhelp . build/devhelp +rm -rfv build/devhelp/.doctrees +%else +%define _lto_cflags %{nil} +# use rpm_opt_flags +export OPT="%{optflags} -DOPENSSL_LOAD_CONF -fwrapv $(pkg-config --cflags-only-I libffi) -fno-semantic-interposition" + +touch -r %{SOURCE0} Makefile.pre.in + +autoreconf -fvi + +%if 0%{?sles_version} +sed -e 's/-fprofile-correction//' -i Makefile.pre.in +%endif + +export CFLAGS="%{optflags} -IVendor/" + +%configure \ + --with-platlibdir=%{_lib} \ + --docdir=%{_docdir}/python \ + --enable-ipv6 \ + --enable-shared \ + --with-ensurepip=no \ + --with-system-ffi \ + --with-system-expat \ + --with-lto \ +%if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150400 + --with-ssl-default-suites=openssl \ +%endif +%if %{with profileopt} + --enable-optimizations \ +%endif +%if %{with mpdecimal} + --with-system-libmpdec \ +%endif + --enable-loadable-sqlite-extensions + +# prevent make from trying to rebuild PYTHON_FOR_GEN stuff +# %%make_build -t Python/Python-ast.c \ + # Include/Python-ast.h \ + # Objects/typeslots.inc \ + # Python/opcode_targets.h \ + # Include/opcode.h +%make_build + +%if %{with general} +%make_build +%endif +%if %{with base} +%if %{with profileopt} + target=profile-opt +%else + target=all +%endif +LD_LIBRARY_PATH=.:$LD_LIBRARY_PATH \ + %make_build $target +%endif +%endif + +%check +export SUSE_VERSION="0%{?suse_version}" +export SLE_VERSION="0%{?sle_version}" +%if %{with general} +# exclude test_gdb -- it doesn't run in buildservice anyway, and fails on missing debuginfos +# when you install gdb into your test env +EXCLUDE="test_gdb" +# we patch out the message to recommend zypper in and thus this would fail +EXCLUDE="$EXCLUDE test_pydoc" + +%ifarch %{arm} s390x +# test_multiprocessing_forkserver is racy +EXCLUDE="$EXCLUDE test_multiprocessing_forkserver" +%endif +%ifarch ppc ppc64 ppc64le +# exclue test_faulthandler due to bnc#831629 +EXCLUDE="$EXCLUDE test_faulthandler" +%endif +# some tests break in QEMU +%if 0%{?qemu_user_space_build} +EXCLUDE="$EXCLUDE test_faulthandler test_multiprocessing_forkserver test_multiprocessing_spawn test_os test_posix test_signal test_socket test_subprocess" +%endif + +# This test (part of test_uuid) requires real network interfaces +# so that ifconfig output has "HWaddr ". Some kvm instances +# done have any such interface breaking the uuid module. +EXCLUDE="$EXCLUDE test_uuid" + +# bsc#1195140 and bpo#37169 - test_capi is failing on openSUSE, and not sure why +EXCLUDE="$EXCLUDE test_capi" + +# Limit virtual memory to avoid spurious failures +if test $(ulimit -v) = unlimited || test $(ulimit -v) -gt 10000000; then + ulimit -v 11000000 || : +fi + +# test_freeze_simple_script in test.test_tools.test_freeze.TestFreeze +# uses CONFIG_ARGS to run ./configure. +export CONFIG_ARGS="--enable-ipv6 --enable-shared --with-ensurepip=no \ + --with-system-ffi --with-system-expat --with-lto --enable-optimizations \ + --with-system-libmpdec --enable-loadable-sqlite-extensions" + +export PYTHONPATH="$(pwd -P)/Lib" +# Use timeout, like make target buildbottest +# We cannot run tests parallel, because osc build environment doesn’t +# have /dev/shm +%make_build -j1 test TESTOPTS="-u curses -v -x $EXCLUDE --timeout=5400" +# use network, be verbose: +#make test TESTOPTS="-l -u network -v" +%endif + +%install +%if %{with doc} +export PDOCS=%{buildroot}%{_docdir}/python%{python_version} +mkdir -p $PDOCS +# generated docs +rm Doc/build/*/.buildinfo +cp -r Doc/build/html $PDOCS +# misc +install -d -m 755 $PDOCS/Misc +rm Misc/README.AIX +for i in Misc/* ; do + [ -f $i ] && install -c -m 644 $i $PDOCS/Misc/ +done +# devhelp +mkdir -p %{buildroot}%{_datadir}/gtk-doc/html +cp -r Doc/build/devhelp %{buildroot}%{_datadir}/gtk-doc/html/Python%{python_version} +rm -rf %{buildroot}%{_datadir}/gtk-doc/html/Python%{python_version}/.doctrees +%endif +%if %{with general} +%make_install + +# clean out stuff that is in python-base and subpackages + +find %{buildroot}%{_bindir} -mindepth 1 -not -name "*idle3*" -print -delete +rm %{buildroot}%{_libdir}/lib* +rm -r %{buildroot}%{_libdir}/pkgconfig +rm -r %{buildroot}%{_mandir}/* +rm -r %{buildroot}%{_includedir}/* + +rm -r %{buildroot}%{sitedir}/config* +find %{buildroot}%{sitedir} -name "*.egg-info" -delete +rm -r %{buildroot}%{sitedir}/__pycache__ +rm -r %{buildroot}%{sitedir}/site-packages +rm %{buildroot}%{sitedir}/*.* + +for module in \ + asyncio ctypes collections concurrent distutils email encodings \ + ensurepip html http re \ + importlib json logging multiprocessing pydoc_data unittest \ + urllib venv wsgiref lib2to3 test tomllib turtledemo \ + xml xmlrpc zoneinfo __phello__ +do + rm -r %{buildroot}%{sitedir}/$module +done + +for library in \ + array _asyncio audioop binascii _bisect _bz2 cmath _codecs_* \ + _contextvars _crypt _csv _ctypes _datetime _decimal fcntl grp \ + _hashlib _heapq _json _lsprof _lzma math mmap _multibytecodec \ + _multiprocessing _opcode ossaudiodev _pickle _posixshmem \ + _posixsubprocess _queue _random resource select _ssl _socket spwd \ + _statistics _struct syslog termios _testbuffer _testimportmultiple \ + _testmultiphase unicodedata zlib _ctypes_test _testinternalcapi _testcapi \ + _typing _testclinic xxlimited xxlimited_35 \ + _xxtestfuzz _xxsubinterpreters _elementtree pyexpat _md5 _sha1 \ + _sha256 _sha512 _blake2 _sha3 _uuid _zoneinfo +do + eval rm "%{buildroot}%{sitedir}/lib-dynload/$library.*" +done + +# Idle is not packaged in base due to the appstream-glib dependency +# move idle config into /etc +install -d -m 755 %{buildroot}%{_sysconfdir}/idle%{python_version} +( + cd %{buildroot}/%{sitedir}/idlelib/ + for file in *.def ; do + mv $file %{buildroot}%{_sysconfdir}/idle%{python_version}/ + ln -sf %{_sysconfdir}/idle%{python_version}/$file %{buildroot}/%{sitedir}/idlelib/ + done +) + +# keep just idle3.X +rm %{buildroot}%{_bindir}/idle3 + +# install idle icons +for size in 16 32 48 ; do + install -m 644 -D Lib/idlelib/Icons/idle_${size}.png \ + %{buildroot}%{_datadir}/icons/hicolor/${size}x${size}/apps/idle%{python_version}.png +done + +# install idle desktop file +cp %{SOURCE19} idle%{python_version}.desktop +sed -i -e 's:idle3:idle%{python_version}:g' idle%{python_version}.desktop +install -m 644 -D -t %{buildroot}%{_datadir}/applications idle%{python_version}.desktop + +cp %{SOURCE20} idle%{python_version}.appdata.xml +sed -i -e 's:idle3.desktop:idle%{python_version}.desktop:g' idle%{python_version}.appdata.xml +install -m 644 -D -t %{buildroot}%{_datadir}/metainfo idle%{python_version}.appdata.xml +appstream-util validate-relax --nonet %{buildroot}%{_datadir}/metainfo/idle%{python_version}.appdata.xml + +%fdupes %{buildroot}/%{_libdir}/python%{python_version} +%endif +%if %{with base} +%make_install + +# remove .a +find %{buildroot} -name "*.a" -delete + +# install "site-packages" and __pycache__ for third parties +install -d -m 755 %{buildroot}%{sitedir}/site-packages +install -d -m 755 %{buildroot}%{sitedir}/site-packages/__pycache__ +# and their 32bit counterparts explicitly +mkdir -p %{buildroot}%{_prefix}/lib/python%{python_version}/site-packages/__pycache__ + +# cleanup parts that don't belong +for dir in curses dbm sqlite3 tkinter idlelib; do + find "%{buildroot}/%{sitedir}/$dir"/* -maxdepth 0 -name "test" -o -exec rm -rf {} + +done +rm -fv %{buildroot}%{dynlib nis} + +# overwrite the copied binary with a link +ln -sf python%{python_version} %{buildroot}%{_bindir}/python3 + +# decide to ship python3 or just python3.X +%if !%{primary_interpreter} +# base +rm %{buildroot}%{_bindir}/python3 +rm %{buildroot}%{_bindir}/pydoc3 +rm %{buildroot}%{_mandir}/man1/python3.1 +# devel +rm %{buildroot}%{_bindir}/python3-config +rm %{buildroot}%{_libdir}/libpython3.so +rm %{buildroot}%{_libdir}/pkgconfig/{python3,python3-embed}.pc +%endif + +%if %{with externally_managed} +# PEP-0668 mark this as a distro maintained python +sed -e 's,__PYTHONPREFIX__,%{python_pkg_name},' -e 's,__PYTHON__,python%{python_version},' < %{SOURCE4} > %{buildroot}%{sitedir}/EXTERNALLY-MANAGED +%endif + +# link shared library instead of static library that tools expect +ln -s ../../libpython%{python_abi}.so %{buildroot}%{_libdir}/python%{python_version}/config-%{python_abi}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}/libpython%{python_abi}.so + +# delete idle3, which has to many packaging dependencies for base +rm %{buildroot}%{_bindir}/idle3* + +# delete the generic 2to3 binary if we are not primary +%if !%{primary_interpreter} +rm %{buildroot}%{_bindir}/2to3 +%endif + +# replace duplicate .pyo/.pyc with hardlinks +%fdupes %{buildroot}/%{sitedir} + +# documentation +export PDOCS=%{buildroot}%{_docdir}/%{name} +install -d -m 755 $PDOCS +install -c -m 644 %{SOURCE3} $PDOCS/ +install -c -m 644 README.rst $PDOCS/ + +# tools +for x in `find Tools/ \( -not -name Makefile \) -print | sort` ; do + test -d $x && ( install -c -m 755 -d $PDOCS/$x ) \ + || ( install -c -m 644 $x $PDOCS/$x ) +done +# gdb script is shipped with devel subpackage +rm -r $PDOCS/Tools/gdb +# clean up the bat files +find "$PDOCS" -name "*.bat" -delete + +# put gdb helper script into place +install -m 755 -D Tools/gdb/libpython.py %{buildroot}%{_datadir}/gdb/auto-load/%{_libdir}/libpython%{python_abi}.so.%{so_major}.%{so_minor}-gdb.py + +# install devel files to /config +#cp Makefile Makefile.pre.in Makefile.pre $RPM_BUILD_ROOT%%{sitedir}/config-%%{python_abi}/ + +# Remove -IVendor/ from python-config boo#1231795 +sed -i 's/-IVendor\///' %{buildroot}%{_bindir}/python%{python_abi}-config + +# RPM macros +%if %{primary_interpreter} +mkdir -p %{buildroot}%{_rpmconfigdir}/macros.d/ +install -m 644 %{SOURCE7} %{buildroot}%{_rpmconfigdir}/macros.d/ # macros.python3 +%endif + +# import_failed hooks +FAILDIR=%{buildroot}/%{sitedir}/_import_failed +mkdir $FAILDIR +install -m 644 %{SOURCE8} %{SOURCE9} $FAILDIR # import_failed.* +LD_LIBRARY_PATH=. ./python -c "from py_compile import compile; compile('$FAILDIR/import_failed.py', dfile='%{sitedir}/_import_failed/import_failed.py')" +LD_LIBRARY_PATH=. ./python -O -c "from py_compile import compile; compile('$FAILDIR/import_failed.py', dfile='%{sitedir}/_import_failed/import_failed.py')" +( + cd $FAILDIR + while read package modules; do + for module in $modules; do + ln import_failed.py $module.py + pushd __pycache__ + for i in import_failed*; do + ln $i "$module${i#import_failed}" + done + popd + done + done < %{SOURCE9} +) +echo %{sitedir}/_import_failed > %{buildroot}/%{sitedir}/site-packages/zzzz-import-failed-hooks.pth +%endif + +# For the purposes of reproducibility, it is necessary to eliminate any *.pyc files inside documentation dirs +if [ -d %{buildroot}%{_defaultdocdir} ] ; then +find %{buildroot}%{_defaultdocdir} -type f -name \*.pyc -ls -exec rm -vf '{}' \; +fi + +%if %{with general} +%files -n %{python_pkg_name}-tk +%{sitedir}/tkinter +%exclude %{sitedir}/tkinter/test +%{dynlib _tkinter} + +%files -n %{python_pkg_name}-curses +%{sitedir}/curses +%{dynlib _curses} +%{dynlib _curses_panel} + +%files -n %{python_pkg_name}-dbm +%{sitedir}/dbm +%{dynlib _dbm} +%{dynlib _gdbm} + +%files -n %{python_pkg_name} +%dir %{sitedir} +%dir %{sitedir}/lib-dynload +%{sitedir}/sqlite3 +%exclude %{sitedir}/sqlite3/test +%{dynlib readline} +%{dynlib _sqlite3} +%if 0%{?suse_version} < 1599 +%{dynlib nis} +%endif + +%files -n %{python_pkg_name}-idle +%{sitedir}/idlelib +%dir %{_sysconfdir}/idle%{python_version} +%config %{_sysconfdir}/idle%{python_version}/* +%doc Lib/idlelib/README.txt +%doc Lib/idlelib/TODO.txt +%doc Lib/idlelib/extend.txt +%doc Lib/idlelib/ChangeLog +%{_bindir}/idle%{python_version} +%{_datadir}/applications/idle%{python_version}.desktop +%{_datadir}/metainfo/idle%{python_version}.appdata.xml +%{_datadir}/icons/hicolor/*/apps/idle%{python_version}.png +%dir %{_datadir}/icons/hicolor +%dir %{_datadir}/icons/hicolor/16x16 +%dir %{_datadir}/icons/hicolor/32x32 +%dir %{_datadir}/icons/hicolor/48x48 +%dir %{_datadir}/icons/hicolor/*/apps +# endif for if general +%endif + +%if %{with doc} +%files -n %{python_pkg_name}-doc +%dir %{_docdir}/python%{python_version} +%doc %{_docdir}/python%{python_version}/Misc +%doc %{_docdir}/python%{python_version}/html + +%files -n %{python_pkg_name}-doc-devhelp +%dir %{_datadir}/gtk-doc +%dir %{_datadir}/gtk-doc/html +%doc %{_datadir}/gtk-doc/html/Python%{python_version} +%endif + +%if %{with base} +%post -n libpython%{so_version} -p /sbin/ldconfig +%postun -n libpython%{so_version} -p /sbin/ldconfig + +%files -n libpython%{so_version} +%{_libdir}/libpython%{python_abi}.so.%{so_major}.%{so_minor} + +%files -n %{python_pkg_name}-tools +%{sitedir}/turtledemo +%if %{primary_interpreter} +%{_bindir}/2to3 +%endif +%attr(755, root, root)%{_bindir}/2to3-%{python_version} +%doc %{_docdir}/%{name}/Tools + +%files -n %{python_pkg_name}-devel +%{_libdir}/libpython%{python_abi}.so +%if %{primary_interpreter} +%{_libdir}/libpython3.so +%endif +%{_libdir}/pkgconfig/* +%{_includedir}/python%{python_abi} +%{sitedir}/config-%{python_abi}-* +%{_bindir}/python%{python_abi}-config +%if %{primary_interpreter} +%{_bindir}/python3-config +%endif +# Own these directories to not depend on gdb +%dir %{_datadir}/gdb +%dir %{_datadir}/gdb/auto-load +%dir %{_datadir}/gdb/auto-load%{_prefix} +%dir %{_datadir}/gdb/auto-load%{_libdir} +%{_datadir}/gdb/auto-load/%{_libdir}/libpython%{python_abi}.so.%{so_major}.%{so_minor}-gdb.py + +%files -n %{python_pkg_name}-testsuite +%{sitedir}/test +%{sitedir}/*/test +%{sitedir}/*/tests +%{dynlib _ctypes_test} +%{dynlib _testbuffer} +%{dynlib _testcapi} +%{dynlib _testclinic} +%{dynlib _testinternalcapi} +%{dynlib _testimportmultiple} +%{dynlib _testmultiphase} +%{dynlib xxlimited} +# workaround for missing packages +%dir %{sitedir}/sqlite3 +%dir %{sitedir}/tkinter + +%files -n %{python_pkg_name}-base +# docs +%dir %{_docdir}/%{name} +%doc %{_docdir}/%{name}/README.rst +%license LICENSE +%doc %{_docdir}/%{name}/README.SUSE +%if %{primary_interpreter} +%{_mandir}/man1/python3.1%{?ext_man} +%endif +%{_mandir}/man1/python%{python_version}.1%{?ext_man} +%if %{with externally_managed} +# PEP-0668 +%{sitedir}/EXTERNALLY-MANAGED +%endif +# license text, not a doc because the code can use it at run-time +%{sitedir}/LICENSE.txt +# RPM macros +%if %{primary_interpreter} +%{_rpmconfigdir}/macros.d/macros.python3 +%endif +# binary parts +%dir %{sitedir}/lib-dynload +%{dynlib array} +%{dynlib _asyncio} +%{dynlib audioop} +%{dynlib binascii} +%{dynlib _bisect} +%{dynlib _bz2} +%{dynlib cmath} +%{dynlib _codecs_cn} +%{dynlib _codecs_hk} +%{dynlib _codecs_iso2022} +%{dynlib _codecs_jp} +%{dynlib _codecs_kr} +%{dynlib _codecs_tw} +%{dynlib _contextvars} +%{dynlib _crypt} +%{dynlib _csv} +%{dynlib _ctypes} +%{dynlib _datetime} +%{dynlib _decimal} +%{dynlib _elementtree} +%{dynlib fcntl} +%{dynlib grp} +%{dynlib _hashlib} +%{dynlib _heapq} +%{dynlib _json} +%{dynlib _lsprof} +%{dynlib _lzma} +%{dynlib math} +%{dynlib mmap} +%{dynlib _multibytecodec} +%{dynlib _multiprocessing} +%{dynlib _opcode} +%{dynlib ossaudiodev} +%{dynlib _pickle} +%{dynlib _posixshmem} +%{dynlib _posixsubprocess} +%{dynlib pyexpat} +%{dynlib _queue} +%{dynlib _random} +%{dynlib resource} +%{dynlib select} +%{dynlib _socket} +%{dynlib spwd} +%{dynlib _ssl} +%{dynlib _statistics} +%{dynlib _struct} +%{dynlib syslog} +%{dynlib termios} +%{dynlib _typing} +%{dynlib unicodedata} +%{dynlib _uuid} +%{dynlib _xxsubinterpreters} +%{dynlib _xxtestfuzz} +%{dynlib xxlimited_35} +%{dynlib zlib} +%{dynlib _zoneinfo} +# hashlib fallback modules +%{dynlib _blake2} +%{dynlib _md5} +%{dynlib _sha1} +%{dynlib _sha256} +%{dynlib _sha512} +%{dynlib _sha3} +# python parts +%dir %{_prefix}/lib/python%{python_version} +%dir %{_prefix}/lib/python%{python_version}/site-packages +%dir %{_prefix}/lib/python%{python_version}/site-packages/__pycache__ +%dir %{sitedir} +%dir %{sitedir}/site-packages +%dir %{sitedir}/site-packages/__pycache__ +%exclude %{sitedir}/*/test +%exclude %{sitedir}/*/tests +%{sitedir}/*.py +%{sitedir}/asyncio +%{sitedir}/ctypes +%{sitedir}/collections +%{sitedir}/concurrent +%{sitedir}/distutils +%{sitedir}/email +%{sitedir}/encodings +%{sitedir}/ensurepip +%{sitedir}/html +%{sitedir}/http +%{sitedir}/importlib +%{sitedir}/json +%{sitedir}/lib2to3 +%{sitedir}/logging +%{sitedir}/multiprocessing +%{sitedir}/pydoc_data +%{sitedir}/re +%{sitedir}/tomllib +%{sitedir}/unittest +%{sitedir}/urllib +%{sitedir}/venv +%{sitedir}/wsgiref +%{sitedir}/xml +%{sitedir}/xmlrpc +%{sitedir}/zoneinfo +%{sitedir}/__phello__ +%{sitedir}/__pycache__ +# import-failed hooks +%{sitedir}/_import_failed +%{sitedir}/site-packages/zzzz-import-failed-hooks.pth +# symlinks +%if %{primary_interpreter} +%{_bindir}/python3 +%{_bindir}/pydoc3 +%endif +# executables +%attr(755, root, root) %{_bindir}/pydoc%{python_version} +# %%attr(755, root, root) %%{_bindir}/python%%{python_abi} +%attr(755, root, root) %{_bindir}/python%{python_version} +# endif for if base +%endif + +%changelog diff --git a/skip-test_pyobject_freed_is_freed.patch b/skip-test_pyobject_freed_is_freed.patch new file mode 100644 index 0000000..6f48b09 --- /dev/null +++ b/skip-test_pyobject_freed_is_freed.patch @@ -0,0 +1,23 @@ +--- + Lib/test/test_capi/test_misc.py | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/Lib/test/test_capi/test_misc.py ++++ b/Lib/test/test_capi/test_misc.py +@@ -40,6 +40,8 @@ import _testinternalcapi + # Were we compiled --with-pydebug or with #define Py_DEBUG? + Py_DEBUG = hasattr(sys, 'gettotalrefcount') + ++# Which version of the SLE distro we build on? ++SLE_VERSION = int(os.environ.get('SLE_VERSION', '0'), 10) + + NULL = None + +@@ -1281,6 +1283,7 @@ class PyMemDebugTests(unittest.TestCase) + def test_pyobject_forbidden_bytes_is_freed(self): + self.check_pyobject_is_freed('check_pyobject_forbidden_bytes_is_freed') + ++ @unittest.skipIf(0 < SLE_VERSION < 150300, 'Failing on Leap 15.*') + def test_pyobject_freed_is_freed(self): + self.check_pyobject_is_freed('check_pyobject_freed_is_freed') + diff --git a/skip_if_buildbot-extend.patch b/skip_if_buildbot-extend.patch new file mode 100644 index 0000000..fd9a584 --- /dev/null +++ b/skip_if_buildbot-extend.patch @@ -0,0 +1,15 @@ +--- + Lib/test/support/__init__.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/Lib/test/support/__init__.py ++++ b/Lib/test/support/__init__.py +@@ -384,7 +384,7 @@ def skip_if_buildbot(reason=None): + if not reason: + reason = 'not suitable for buildbots' + try: +- isbuildbot = getpass.getuser().lower() == 'buildbot' ++ isbuildbot = getpass.getuser().lower() in ['buildbot', 'abuild'] + except (KeyError, EnvironmentError) as err: + warnings.warn(f'getpass.getuser() failed {err}.', RuntimeWarning) + isbuildbot = False diff --git a/skipped_tests.py b/skipped_tests.py new file mode 100644 index 0000000..47002e6 --- /dev/null +++ b/skipped_tests.py @@ -0,0 +1,69 @@ +#!/usr/bin/python3 +""" +Simple regexp-based skipped test checker. +It lists tests that are mentioned (presumably for exclusion) +in BASE, and in MAIN (presumably for inclusion) +and reports discrepancies. + +This will have a number of +""" + +MAIN = "python39.spec" + +import glob +import re +from os.path import basename + +alltests = set() +qemu_exclusions = set() + +for item in glob.glob("Python-*/Lib/test/test_*"): + testname = basename(item) + if testname.endswith(".py"): + testname = testname[:-3] + alltests.add(testname) + +testre = re.compile(r'[\s"](test_\w+)\b') + +def find_tests_in_spec(specname): + global qemu_exclusions + + found_tests = set() + with open(specname) as spec: + in_qemu = False + for line in spec: + line = line.strip() + if "#" in line: + line = line[:line.index("#")] + tests = set(testre.findall(line)) + found_tests |= tests + if line == "%if 0%{?qemu_user_space_build} > 0": + in_qemu = True + if in_qemu: + if line == "%endif": + in_qemu = False + qemu_exclusions |= tests + return found_tests + +excluded = find_tests_in_spec(MAIN) + +#print("--- excluded tests:", " ".join(sorted(excluded))) +#print("--- included tests:", " ".join(sorted(included))) + +mentioned = excluded +nonexistent = mentioned - alltests +missing = excluded - qemu_exclusions + +print("--- the following tests are excluded for QEMU and not tested in python") +print("--- (that probably means we don't need to worry about them)") +for test in sorted(qemu_exclusions - excluded): + print(test) + +print("--- the following tests might be excluded in python:") +for test in sorted(missing): + print(test) + +if nonexistent: + print("--- the following tests don't exist:") + for test in sorted(nonexistent): + print(test) diff --git a/subprocess-raise-timeout.patch b/subprocess-raise-timeout.patch new file mode 100644 index 0000000..ab29d50 --- /dev/null +++ b/subprocess-raise-timeout.patch @@ -0,0 +1,18 @@ +--- + Lib/test/test_subprocess.py | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +Index: Python-3.11.8/Lib/test/test_subprocess.py +=================================================================== +--- Python-3.11.8.orig/Lib/test/test_subprocess.py ++++ Python-3.11.8/Lib/test/test_subprocess.py +@@ -280,7 +280,8 @@ class ProcessTestCase(BaseTestCase): + "time.sleep(3600)"], + # Some heavily loaded buildbots (sparc Debian 3.x) require + # this much time to start and print. +- timeout=3) ++ # OBS might require even more ++ timeout=10) + self.fail("Expected TimeoutExpired.") + self.assertEqual(c.exception.output, b'BDFL') + -- 2.51.1 From ea222077b1c4460c05811e5b6609cb22144da5bc953f97636cab6b5918d63368 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Mon, 12 May 2025 11:13:34 +0000 Subject: [PATCH 120/135] strip trailing spaces OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=174 --- .gitattributes | 23 + .gitignore | 1 + CVE-2023-52425-libexpat-2.6.0-backport.patch | 233 + ...-52425-remove-reparse_deferral-tests.patch | 60 + CVE-2024-9287-venv_path_unquoted.patch | 299 + CVE-2025-0938-sq-brackets-domain-names.patch | 127 + F00251-change-user-install-location.patch | 215 + PACKAGING-NOTES | 26 + Python-3.11.10.tar.xz | 3 + Python-3.11.10.tar.xz.asc | 16 + Python-3.11.11.tar.xz | 3 + Python-3.11.11.tar.xz.sigstore | 1 + Python-3.11.12.tar.xz | 3 + Python-3.11.12.tar.xz.sigstore | 1 + README.SUSE | 43 + _multibuild | 4 + add-loongarch64-support.patch | 25 + baselibs.conf | 3 + bluez-devel-vendor.tar.xz | 3 + bpo-31046_ensurepip_honours_prefix.patch | 173 + bsc1221260-test_asyncio-ResourceWarning.patch | 21 + bso1227999-reproducible-builds.patch | 37 + distutils-reproducible-compile.patch | 17 + externally_managed.in | 12 + fix_configure_rst.patch | 44 + ...l-no-stop-ThreadedEchoServer-OSError.patch | 82 + gh120226-fix-sendfile-test-kernel-610.patch | 35 + idle3.appdata.xml | 35 + idle3.desktop | 12 + import_failed.map | 7 + import_failed.py | 23 + macros.python3 | 28 + no-skipif-doctests.patch | 653 ++ pre_checkin.sh | 78 + python-3.3.0b1-fix_date_time_compiler.patch | 27 + python-3.3.0b1-localpath.patch | 13 + python-3.3.0b1-test-posix_fadvise.patch | 17 + python.keyring | 109 + python311-rpmlintrc | 4 + python311.changes | 5580 +++++++++++++++++ python311.spec | 1061 ++++ skip-test_pyobject_freed_is_freed.patch | 23 + skip_if_buildbot-extend.patch | 15 + skipped_tests.py | 69 + subprocess-raise-timeout.patch | 18 + 45 files changed, 9282 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 CVE-2023-52425-libexpat-2.6.0-backport.patch create mode 100644 CVE-2023-52425-remove-reparse_deferral-tests.patch create mode 100644 CVE-2024-9287-venv_path_unquoted.patch create mode 100644 CVE-2025-0938-sq-brackets-domain-names.patch create mode 100644 F00251-change-user-install-location.patch create mode 100644 PACKAGING-NOTES create mode 100644 Python-3.11.10.tar.xz create mode 100644 Python-3.11.10.tar.xz.asc create mode 100644 Python-3.11.11.tar.xz create mode 100644 Python-3.11.11.tar.xz.sigstore create mode 100644 Python-3.11.12.tar.xz create mode 100644 Python-3.11.12.tar.xz.sigstore create mode 100644 README.SUSE create mode 100644 _multibuild create mode 100644 add-loongarch64-support.patch create mode 100644 baselibs.conf create mode 100644 bluez-devel-vendor.tar.xz create mode 100644 bpo-31046_ensurepip_honours_prefix.patch create mode 100644 bsc1221260-test_asyncio-ResourceWarning.patch create mode 100644 bso1227999-reproducible-builds.patch create mode 100644 distutils-reproducible-compile.patch create mode 100644 externally_managed.in create mode 100644 fix_configure_rst.patch create mode 100644 gh-126572-test_ssl-no-stop-ThreadedEchoServer-OSError.patch create mode 100644 gh120226-fix-sendfile-test-kernel-610.patch create mode 100644 idle3.appdata.xml create mode 100644 idle3.desktop create mode 100644 import_failed.map create mode 100644 import_failed.py create mode 100644 macros.python3 create mode 100644 no-skipif-doctests.patch create mode 100644 pre_checkin.sh create mode 100644 python-3.3.0b1-fix_date_time_compiler.patch create mode 100644 python-3.3.0b1-localpath.patch create mode 100644 python-3.3.0b1-test-posix_fadvise.patch create mode 100644 python.keyring create mode 100644 python311-rpmlintrc create mode 100644 python311.changes create mode 100644 python311.spec create mode 100644 skip-test_pyobject_freed_is_freed.patch create mode 100644 skip_if_buildbot-extend.patch create mode 100644 skipped_tests.py create mode 100644 subprocess-raise-timeout.patch diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/CVE-2023-52425-libexpat-2.6.0-backport.patch b/CVE-2023-52425-libexpat-2.6.0-backport.patch new file mode 100644 index 0000000..1acc25a --- /dev/null +++ b/CVE-2023-52425-libexpat-2.6.0-backport.patch @@ -0,0 +1,233 @@ +--- + Lib/test/support/__init__.py | 16 ++++++++++++++-- + Lib/test/test_minidom.py | 23 +++++++++-------------- + Lib/test/test_pyexpat.py | 12 +++++------- + Lib/test/test_sax.py | 18 +++++++++--------- + Lib/test/test_xml_etree.py | 12 ------------ + 5 files changed, 37 insertions(+), 44 deletions(-) + +Index: Python-3.11.12/Lib/test/support/__init__.py +=================================================================== +--- Python-3.11.12.orig/Lib/test/support/__init__.py 2025-04-11 10:52:43.191010503 +0200 ++++ Python-3.11.12/Lib/test/support/__init__.py 2025-04-11 10:52:44.802161741 +0200 +@@ -8,6 +8,7 @@ + import functools + import os + import re ++import pyexpat + import stat + import sys + import sysconfig +@@ -56,7 +57,7 @@ + "run_with_tz", "PGO", "missing_compiler_executable", + "ALWAYS_EQ", "NEVER_EQ", "LARGEST", "SMALLEST", + "LOOPBACK_TIMEOUT", "INTERNET_TIMEOUT", "SHORT_TIMEOUT", "LONG_TIMEOUT", +- "skip_on_s390x", ++ "skip_on_s390x", "fails_with_expat_2_6_0", "is_expat_2_6_0" + ] + + +@@ -2244,6 +2245,17 @@ + } + return ignored + +-#Windows doesn't have os.uname() but it doesn't support s390x. ++ ++# Windows doesn't have os.uname() but it doesn't support s390x. + skip_on_s390x = unittest.skipIf(hasattr(os, 'uname') and os.uname().machine == 's390x', + 'skipped on s390x') ++ ++ ++@functools.lru_cache ++def _is_expat_2_6_0(): ++ return hasattr(pyexpat.ParserCreate(), 'SetReparseDeferralEnabled') ++is_expat_2_6_0 = _is_expat_2_6_0() ++ ++fails_with_expat_2_6_0 = (unittest.expectedFailure ++ if is_expat_2_6_0 ++ else lambda test: test) +Index: Python-3.11.12/Lib/test/test_minidom.py +=================================================================== +--- Python-3.11.12.orig/Lib/test/test_minidom.py 2025-04-11 10:52:21.907086938 +0200 ++++ Python-3.11.12/Lib/test/test_minidom.py 2025-04-11 10:52:44.802522893 +0200 +@@ -6,7 +6,6 @@ + from test import support + import unittest + +-import pyexpat + import xml.dom.minidom + + from xml.dom.minidom import parse, Attr, Node, Document, parseString +@@ -1163,13 +1162,11 @@ + + # Verify that character decoding errors raise exceptions instead + # of crashing +- if pyexpat.version_info >= (2, 4, 5): +- self.assertRaises(ExpatError, parseString, +- b'') +- self.assertRaises(ExpatError, parseString, +- b'Comment \xe7a va ? Tr\xe8s bien ?') +- else: +- self.assertRaises(UnicodeDecodeError, parseString, ++ # It doesn’t make any sense to insist on the exact text of the ++ # error message, or even the exact Exception … it is enough that ++ # the error has been discovered. ++ with self.assertRaises((UnicodeDecodeError, ExpatError)): ++ parseString( + b'Comment \xe7a va ? Tr\xe8s bien ?') + + doc.unlink() +@@ -1631,12 +1628,10 @@ + self.confirm(doc2.namespaceURI == xml.dom.EMPTY_NAMESPACE) + + def testExceptionOnSpacesInXMLNSValue(self): +- if pyexpat.version_info >= (2, 4, 5): +- context = self.assertRaisesRegex(ExpatError, 'syntax error') +- else: +- context = self.assertRaisesRegex(ValueError, 'Unsupported syntax') +- +- with context: ++ # It doesn’t make any sense to insist on the exact text of the ++ # error message, or even the exact Exception … it is enough that ++ # the error has been discovered. ++ with self.assertRaises((ExpatError, ValueError)): + parseString('') + + def testDocRemoveChild(self): +Index: Python-3.11.12/Lib/test/test_pyexpat.py +=================================================================== +--- Python-3.11.12.orig/Lib/test/test_pyexpat.py 2025-04-11 10:52:22.076696906 +0200 ++++ Python-3.11.12/Lib/test/test_pyexpat.py 2025-04-11 10:52:44.803228085 +0200 +@@ -14,8 +14,7 @@ + from xml.parsers import expat + from xml.parsers.expat import errors + +-from test.support import sortdict, is_emscripten, is_wasi +- ++from test.support import sortdict, is_emscripten, is_wasi, is_expat_2_6_0 + + class SetAttributeTest(unittest.TestCase): + def setUp(self): +@@ -770,9 +769,8 @@ + self.assertIs(parser.GetReparseDeferralEnabled(), enabled) + + def test_reparse_deferral_enabled(self): +- if expat.version_info < (2, 6, 0): +- self.skipTest(f'Expat {expat.version_info} does not ' +- 'support reparse deferral') ++ if not is_expat_2_6_0: ++ self.skipTest("Linked libexpat doesn't support reparse deferral") + + started = [] + +@@ -801,9 +799,9 @@ + + parser = expat.ParserCreate() + parser.StartElementHandler = start_element +- if expat.version_info >= (2, 6, 0): ++ if is_expat_2_6_0: + parser.SetReparseDeferralEnabled(False) +- self.assertFalse(parser.GetReparseDeferralEnabled()) ++ self.assertFalse(parser.GetReparseDeferralEnabled()) + + for chunk in (b''): + parser.Parse(chunk, False) +Index: Python-3.11.12/Lib/test/test_sax.py +=================================================================== +--- Python-3.11.12.orig/Lib/test/test_sax.py 2025-04-11 10:52:22.111440337 +0200 ++++ Python-3.11.12/Lib/test/test_sax.py 2025-04-11 10:52:44.803567098 +0200 +@@ -19,13 +19,11 @@ + from io import BytesIO, StringIO + import codecs + import os.path +-import pyexpat + import shutil + import sys + from urllib.error import URLError + import urllib.request +-from test.support import os_helper +-from test.support import findfile ++from test.support import os_helper, findfile, is_expat_2_6_0 + from test.support.os_helper import FakePath, TESTFN + + +@@ -1215,10 +1213,10 @@ + + self.assertEqual(result.getvalue(), start + b"text") + +- @unittest.skipIf(pyexpat.version_info < (2, 6, 0), +- f'Expat {pyexpat.version_info} does not ' +- 'support reparse deferral') + def test_flush_reparse_deferral_enabled(self): ++ if not is_expat_2_6_0: ++ self.skipTest("Linked libexpat doesn't support reparse deferral") ++ + result = BytesIO() + xmlgen = XMLGenerator(result) + parser = create_parser() +@@ -1241,6 +1239,9 @@ + self.assertEqual(result.getvalue(), start + b"") + + def test_flush_reparse_deferral_disabled(self): ++ if not is_expat_2_6_0: ++ self.skipTest("Linked libexpat doesn't support reparse deferral") ++ + result = BytesIO() + xmlgen = XMLGenerator(result) + parser = create_parser() +@@ -1249,9 +1250,8 @@ + for chunk in (""): + parser.feed(chunk) + +- if pyexpat.version_info >= (2, 6, 0): +- parser._parser.SetReparseDeferralEnabled(False) +- self.assertEqual(result.getvalue(), start) # i.e. no elements started ++ parser._parser.SetReparseDeferralEnabled(False) ++ self.assertEqual(result.getvalue(), start) # i.e. no elements started + + self.assertFalse(parser._parser.GetReparseDeferralEnabled()) + +Index: Python-3.11.12/Lib/test/test_xml_etree.py +=================================================================== +--- Python-3.11.12.orig/Lib/test/test_xml_etree.py 2025-04-11 10:52:22.425637912 +0200 ++++ Python-3.11.12/Lib/test/test_xml_etree.py 2025-04-11 10:52:44.804234785 +0200 +@@ -13,7 +13,6 @@ + import operator + import os + import pickle +-import pyexpat + import sys + import textwrap + import types +@@ -1424,12 +1423,6 @@ + self.assert_event_tags(parser, [('end', 'root')]) + self.assertIsNone(parser.close()) + +- def test_simple_xml_chunk_1(self): +- self.test_simple_xml(chunk_size=1, flush=True) +- +- def test_simple_xml_chunk_5(self): +- self.test_simple_xml(chunk_size=5, flush=True) +- + def test_simple_xml_chunk_22(self): + self.test_simple_xml(chunk_size=22) + +@@ -1627,9 +1620,6 @@ + with self.assertRaises(ValueError): + ET.XMLPullParser(events=('start', 'end', 'bogus')) + +- @unittest.skipIf(pyexpat.version_info < (2, 6, 0), +- f'Expat {pyexpat.version_info} does not ' +- 'support reparse deferral') + def test_flush_reparse_deferral_enabled(self): + parser = ET.XMLPullParser(events=('start', 'end')) + +@@ -1656,8 +1646,6 @@ + + for chunk in (""): + parser.feed(chunk) +- +- if pyexpat.version_info >= (2, 6, 0): + if not ET is pyET: + self.skipTest(f'XMLParser.(Get|Set)ReparseDeferralEnabled ' + 'methods not available in C') diff --git a/CVE-2023-52425-remove-reparse_deferral-tests.patch b/CVE-2023-52425-remove-reparse_deferral-tests.patch new file mode 100644 index 0000000..553bdf8 --- /dev/null +++ b/CVE-2023-52425-remove-reparse_deferral-tests.patch @@ -0,0 +1,60 @@ +--- + Lib/test/test_pyexpat.py | 2 ++ + Lib/test/test_sax.py | 2 ++ + Lib/test/test_xml_etree.py | 2 ++ + 3 files changed, 6 insertions(+) + +--- a/Lib/test/test_pyexpat.py ++++ b/Lib/test/test_pyexpat.py +@@ -768,6 +768,7 @@ class ReparseDeferralTest(unittest.TestC + parser.SetReparseDeferralEnabled(True) + self.assertIs(parser.GetReparseDeferralEnabled(), enabled) + ++ @unittest.skip('Tests are failing.') + def test_reparse_deferral_enabled(self): + if not is_expat_2_6_0: + self.skipTest("Linked libexpat doesn't support reparse deferral") +@@ -791,6 +792,7 @@ class ReparseDeferralTest(unittest.TestC + + self.assertEqual(started, ['doc']) + ++ @unittest.skip('Tests are failing.') + def test_reparse_deferral_disabled(self): + started = [] + +--- a/Lib/test/test_sax.py ++++ b/Lib/test/test_sax.py +@@ -1213,6 +1213,7 @@ class ExpatReaderTest(XmlTestBase): + + self.assertEqual(result.getvalue(), start + b"text") + ++ @unittest.skip('Tests are failing.') + def test_flush_reparse_deferral_enabled(self): + if not is_expat_2_6_0: + self.skipTest("Linked libexpat doesn't support reparse deferral") +@@ -1238,6 +1239,7 @@ class ExpatReaderTest(XmlTestBase): + + self.assertEqual(result.getvalue(), start + b"") + ++ @unittest.skip('Tests are failing.') + def test_flush_reparse_deferral_disabled(self): + if not is_expat_2_6_0: + self.skipTest("Linked libexpat doesn't support reparse deferral") +--- a/Lib/test/test_xml_etree.py ++++ b/Lib/test/test_xml_etree.py +@@ -1620,6 +1620,7 @@ class XMLPullParserTest(unittest.TestCas + with self.assertRaises(ValueError): + ET.XMLPullParser(events=('start', 'end', 'bogus')) + ++ @unittest.skip('Tests are failing.') + def test_flush_reparse_deferral_enabled(self): + parser = ET.XMLPullParser(events=('start', 'end')) + +@@ -1641,6 +1642,7 @@ class XMLPullParserTest(unittest.TestCas + + self.assert_event_tags(parser, [('end', 'doc')]) + ++ @unittest.skip('Tests are failing.') + def test_flush_reparse_deferral_disabled(self): + parser = ET.XMLPullParser(events=('start', 'end')) + diff --git a/CVE-2024-9287-venv_path_unquoted.patch b/CVE-2024-9287-venv_path_unquoted.patch new file mode 100644 index 0000000..541a907 --- /dev/null +++ b/CVE-2024-9287-venv_path_unquoted.patch @@ -0,0 +1,299 @@ +From 1408cc9bf9e8b19968761548c30b78d37074c21c Mon Sep 17 00:00:00 2001 +From: Y5 <124019959+y5c4l3@users.noreply.github.com> +Date: Tue, 22 Oct 2024 04:48:04 +0800 +Subject: [PATCH] gh-124651: Quote template strings in `venv` activation + scripts (GH-124712) + +This patch properly quotes template strings in `venv` activation +scripts. This mitigates potential command injection. + +(cherry picked from commit d48cc82ed25e26b02eb97c6263d95dcaa1e9111b) +--- + Lib/test/test_venv.py | 81 ++++++++++ + Lib/venv/__init__.py | 42 ++++- + Lib/venv/scripts/common/activate | 8 + Lib/venv/scripts/nt/activate.bat | 6 + Lib/venv/scripts/posix/activate.csh | 8 + Lib/venv/scripts/posix/activate.fish | 8 + Misc/NEWS.d/next/Library/2024-09-28-02-03-04.gh-issue-124651.bLBGtH.rst | 1 + 7 files changed, 134 insertions(+), 20 deletions(-) + create mode 100644 Misc/NEWS.d/next/Library/2024-09-28-02-03-04.gh-issue-124651.bLBGtH.rst + +--- a/Lib/test/test_venv.py ++++ b/Lib/test/test_venv.py +@@ -11,6 +11,7 @@ import os + import os.path + import pathlib + import re ++import shlex + import shutil + import struct + import subprocess +@@ -96,6 +97,10 @@ class BaseTest(unittest.TestCase): + result = f.read() + return result + ++ def assertEndsWith(self, string, tail): ++ if not string.endswith(tail): ++ self.fail(f"String {string!r} does not end with {tail!r}") ++ + class BasicTest(BaseTest): + """Test venv module functionality.""" + +@@ -446,6 +451,82 @@ class BasicTest(BaseTest): + 'import sys; print(sys.executable)']) + self.assertEqual(out.strip(), envpy.encode()) + ++ # gh-124651: test quoted strings ++ @unittest.skipIf(os.name == 'nt', 'contains invalid characters on Windows') ++ def test_special_chars_bash(self): ++ """ ++ Test that the template strings are quoted properly (bash) ++ """ ++ rmtree(self.env_dir) ++ bash = shutil.which('bash') ++ if bash is None: ++ self.skipTest('bash required for this test') ++ env_name = '"\';&&$e|\'"' ++ env_dir = os.path.join(os.path.realpath(self.env_dir), env_name) ++ builder = venv.EnvBuilder(clear=True) ++ builder.create(env_dir) ++ activate = os.path.join(env_dir, self.bindir, 'activate') ++ test_script = os.path.join(self.env_dir, 'test_special_chars.sh') ++ with open(test_script, "w") as f: ++ f.write(f'source {shlex.quote(activate)}\n' ++ 'python -c \'import sys; print(sys.executable)\'\n' ++ 'python -c \'import os; print(os.environ["VIRTUAL_ENV"])\'\n' ++ 'deactivate\n') ++ out, err = check_output([bash, test_script]) ++ lines = out.splitlines() ++ self.assertTrue(env_name.encode() in lines[0]) ++ self.assertEndsWith(lines[1], env_name.encode()) ++ ++ # gh-124651: test quoted strings ++ @unittest.skipIf(os.name == 'nt', 'contains invalid characters on Windows') ++ def test_special_chars_csh(self): ++ """ ++ Test that the template strings are quoted properly (csh) ++ """ ++ rmtree(self.env_dir) ++ csh = shutil.which('tcsh') or shutil.which('csh') ++ if csh is None: ++ self.skipTest('csh required for this test') ++ env_name = '"\';&&$e|\'"' ++ env_dir = os.path.join(os.path.realpath(self.env_dir), env_name) ++ builder = venv.EnvBuilder(clear=True) ++ builder.create(env_dir) ++ activate = os.path.join(env_dir, self.bindir, 'activate.csh') ++ test_script = os.path.join(self.env_dir, 'test_special_chars.csh') ++ with open(test_script, "w") as f: ++ f.write(f'source {shlex.quote(activate)}\n' ++ 'python -c \'import sys; print(sys.executable)\'\n' ++ 'python -c \'import os; print(os.environ["VIRTUAL_ENV"])\'\n' ++ 'deactivate\n') ++ out, err = check_output([csh, test_script]) ++ lines = out.splitlines() ++ self.assertTrue(env_name.encode() in lines[0]) ++ self.assertEndsWith(lines[1], env_name.encode()) ++ ++ # gh-124651: test quoted strings on Windows ++ @unittest.skipUnless(os.name == 'nt', 'only relevant on Windows') ++ def test_special_chars_windows(self): ++ """ ++ Test that the template strings are quoted properly on Windows ++ """ ++ rmtree(self.env_dir) ++ env_name = "'&&^$e" ++ env_dir = os.path.join(os.path.realpath(self.env_dir), env_name) ++ builder = venv.EnvBuilder(clear=True) ++ builder.create(env_dir) ++ activate = os.path.join(env_dir, self.bindir, 'activate.bat') ++ test_batch = os.path.join(self.env_dir, 'test_special_chars.bat') ++ with open(test_batch, "w") as f: ++ f.write('@echo off\n' ++ f'"{activate}" & ' ++ f'{self.exe} -c "import sys; print(sys.executable)" & ' ++ f'{self.exe} -c "import os; print(os.environ[\'VIRTUAL_ENV\'])" & ' ++ 'deactivate') ++ out, err = check_output([test_batch]) ++ lines = out.splitlines() ++ self.assertTrue(env_name.encode() in lines[0]) ++ self.assertEndsWith(lines[1], env_name.encode()) ++ + @unittest.skipUnless(os.name == 'nt', 'only relevant on Windows') + def test_unicode_in_batch_file(self): + """ +--- a/Lib/venv/__init__.py ++++ b/Lib/venv/__init__.py +@@ -11,6 +11,7 @@ import subprocess + import sys + import sysconfig + import types ++import shlex + + + CORE_VENV_DEPS = ('pip', 'setuptools') +@@ -394,11 +395,41 @@ class EnvBuilder: + :param context: The information for the environment creation request + being processed. + """ +- text = text.replace('__VENV_DIR__', context.env_dir) +- text = text.replace('__VENV_NAME__', context.env_name) +- text = text.replace('__VENV_PROMPT__', context.prompt) +- text = text.replace('__VENV_BIN_NAME__', context.bin_name) +- text = text.replace('__VENV_PYTHON__', context.env_exe) ++ replacements = { ++ '__VENV_DIR__': context.env_dir, ++ '__VENV_NAME__': context.env_name, ++ '__VENV_PROMPT__': context.prompt, ++ '__VENV_BIN_NAME__': context.bin_name, ++ '__VENV_PYTHON__': context.env_exe, ++ } ++ ++ def quote_ps1(s): ++ """ ++ This should satisfy PowerShell quoting rules [1], unless the quoted ++ string is passed directly to Windows native commands [2]. ++ [1]: https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_quoting_rules ++ [2]: https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_parsing#passing-arguments-that-contain-quote-characters ++ """ ++ s = s.replace("'", "''") ++ return f"'{s}'" ++ ++ def quote_bat(s): ++ return s ++ ++ # gh-124651: need to quote the template strings properly ++ quote = shlex.quote ++ script_path = context.script_path ++ if script_path.endswith('.ps1'): ++ quote = quote_ps1 ++ elif script_path.endswith('.bat'): ++ quote = quote_bat ++ else: ++ # fallbacks to POSIX shell compliant quote ++ quote = shlex.quote ++ ++ replacements = {key: quote(s) for key, s in replacements.items()} ++ for key, quoted in replacements.items(): ++ text = text.replace(key, quoted) + return text + + def install_scripts(self, context, path): +@@ -438,6 +469,7 @@ class EnvBuilder: + with open(srcfile, 'rb') as f: + data = f.read() + if not srcfile.endswith(('.exe', '.pdb')): ++ context.script_path = srcfile + try: + data = data.decode('utf-8') + data = self.replace_variables(data, context) +--- a/Lib/venv/scripts/common/activate ++++ b/Lib/venv/scripts/common/activate +@@ -35,11 +35,11 @@ deactivate () { + # unset irrelevant variables + deactivate nondestructive + +-VIRTUAL_ENV="__VENV_DIR__" ++VIRTUAL_ENV=__VENV_DIR__ + export VIRTUAL_ENV + + _OLD_VIRTUAL_PATH="$PATH" +-PATH="$VIRTUAL_ENV/__VENV_BIN_NAME__:$PATH" ++PATH="$VIRTUAL_ENV/"__VENV_BIN_NAME__":$PATH" + export PATH + + # unset PYTHONHOME if set +@@ -52,9 +52,9 @@ fi + + if [ -z "${VIRTUAL_ENV_DISABLE_PROMPT:-}" ] ; then + _OLD_VIRTUAL_PS1="${PS1:-}" +- PS1="__VENV_PROMPT__${PS1:-}" ++ PS1=__VENV_PROMPT__"${PS1:-}" + export PS1 +- VIRTUAL_ENV_PROMPT="__VENV_PROMPT__" ++ VIRTUAL_ENV_PROMPT=__VENV_PROMPT__ + export VIRTUAL_ENV_PROMPT + fi + +--- a/Lib/venv/scripts/nt/activate.bat ++++ b/Lib/venv/scripts/nt/activate.bat +@@ -8,7 +8,7 @@ if defined _OLD_CODEPAGE ( + "%SystemRoot%\System32\chcp.com" 65001 > nul + ) + +-set VIRTUAL_ENV=__VENV_DIR__ ++set "VIRTUAL_ENV=__VENV_DIR__" + + if not defined PROMPT set PROMPT=$P$G + +@@ -24,8 +24,8 @@ set PYTHONHOME= + if defined _OLD_VIRTUAL_PATH set PATH=%_OLD_VIRTUAL_PATH% + if not defined _OLD_VIRTUAL_PATH set _OLD_VIRTUAL_PATH=%PATH% + +-set PATH=%VIRTUAL_ENV%\__VENV_BIN_NAME__;%PATH% +-set VIRTUAL_ENV_PROMPT=__VENV_PROMPT__ ++set "PATH=%VIRTUAL_ENV%\__VENV_BIN_NAME__;%PATH%" ++set "VIRTUAL_ENV_PROMPT=__VENV_PROMPT__" + + :END + if defined _OLD_CODEPAGE ( +--- a/Lib/venv/scripts/posix/activate.csh ++++ b/Lib/venv/scripts/posix/activate.csh +@@ -8,17 +8,17 @@ alias deactivate 'test $?_OLD_VIRTUAL_PA + # Unset irrelevant variables. + deactivate nondestructive + +-setenv VIRTUAL_ENV "__VENV_DIR__" ++setenv VIRTUAL_ENV __VENV_DIR__ + + set _OLD_VIRTUAL_PATH="$PATH" +-setenv PATH "$VIRTUAL_ENV/__VENV_BIN_NAME__:$PATH" ++setenv PATH "$VIRTUAL_ENV/"__VENV_BIN_NAME__":$PATH" + + + set _OLD_VIRTUAL_PROMPT="$prompt" + + if (! "$?VIRTUAL_ENV_DISABLE_PROMPT") then +- set prompt = "__VENV_PROMPT__$prompt" +- setenv VIRTUAL_ENV_PROMPT "__VENV_PROMPT__" ++ set prompt = __VENV_PROMPT__"$prompt" ++ setenv VIRTUAL_ENV_PROMPT __VENV_PROMPT__ + endif + + alias pydoc python -m pydoc +--- a/Lib/venv/scripts/posix/activate.fish ++++ b/Lib/venv/scripts/posix/activate.fish +@@ -33,10 +33,10 @@ end + # Unset irrelevant variables. + deactivate nondestructive + +-set -gx VIRTUAL_ENV "__VENV_DIR__" ++set -gx VIRTUAL_ENV __VENV_DIR__ + + set -gx _OLD_VIRTUAL_PATH $PATH +-set -gx PATH "$VIRTUAL_ENV/__VENV_BIN_NAME__" $PATH ++set -gx PATH "$VIRTUAL_ENV/"__VENV_BIN_NAME__ $PATH + + # Unset PYTHONHOME if set. + if set -q PYTHONHOME +@@ -56,7 +56,7 @@ if test -z "$VIRTUAL_ENV_DISABLE_PROMPT" + set -l old_status $status + + # Output the venv prompt; color taken from the blue of the Python logo. +- printf "%s%s%s" (set_color 4B8BBE) "__VENV_PROMPT__" (set_color normal) ++ printf "%s%s%s" (set_color 4B8BBE) __VENV_PROMPT__ (set_color normal) + + # Restore the return status of the previous command. + echo "exit $old_status" | . +@@ -65,5 +65,5 @@ if test -z "$VIRTUAL_ENV_DISABLE_PROMPT" + end + + set -gx _OLD_FISH_PROMPT_OVERRIDE "$VIRTUAL_ENV" +- set -gx VIRTUAL_ENV_PROMPT "__VENV_PROMPT__" ++ set -gx VIRTUAL_ENV_PROMPT __VENV_PROMPT__ + end +--- /dev/null ++++ b/Misc/NEWS.d/next/Library/2024-09-28-02-03-04.gh-issue-124651.bLBGtH.rst +@@ -0,0 +1 @@ ++Properly quote template strings in :mod:`venv` activation scripts. diff --git a/CVE-2025-0938-sq-brackets-domain-names.patch b/CVE-2025-0938-sq-brackets-domain-names.patch new file mode 100644 index 0000000..7db4656 --- /dev/null +++ b/CVE-2025-0938-sq-brackets-domain-names.patch @@ -0,0 +1,127 @@ +From d91e2c740890837edafaee24d68112b776cda9c5 Mon Sep 17 00:00:00 2001 +From: Seth Michael Larson +Date: Fri, 31 Jan 2025 11:41:34 -0600 +Subject: [PATCH] gh-105704: Disallow square brackets (`[` and `]`) in domain + names for parsed URLs (GH-129418) + +* gh-105704: Disallow square brackets ( and ) in domain names for parsed URLs + +* Use Sphinx references + +Co-authored-by: Peter Bierma + +* Add mismatched bracket test cases, fix news format + +* Add more test coverage for ports + +--------- + +(cherry picked from commit d89a5f6a6e65511a5f6e0618c4c30a7aa5aba56a) + +Co-authored-by: Seth Michael Larson +Co-authored-by: Peter Bierma +--- + Lib/test/test_urlparse.py | 37 +++++++++- + Lib/urllib/parse.py | 20 ++++- + Misc/NEWS.d/next/Security/2025-01-28-14-08-03.gh-issue-105704.EnhHxu.rst | 4 + + 3 files changed, 58 insertions(+), 3 deletions(-) + create mode 100644 Misc/NEWS.d/next/Security/2025-01-28-14-08-03.gh-issue-105704.EnhHxu.rst + +--- a/Lib/test/test_urlparse.py ++++ b/Lib/test/test_urlparse.py +@@ -1224,16 +1224,51 @@ class UrlParseTestCase(unittest.TestCase + self.assertRaises(ValueError, urllib.parse.urlsplit, 'Scheme://user@[0439:23af::2309::fae7:1234]/Path?Query') + self.assertRaises(ValueError, urllib.parse.urlsplit, 'Scheme://user@[0439:23af:2309::fae7:1234:2342:438e:192.0.2.146]/Path?Query') + self.assertRaises(ValueError, urllib.parse.urlsplit, 'Scheme://user@]v6a.ip[/Path') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[v6a.ip]') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[v6a.ip].suffix') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[v6a.ip]/') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[v6a.ip].suffix/') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[v6a.ip]?') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[v6a.ip].suffix?') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]/') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix/') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]?') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix?') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]:a') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix:a') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]:a1') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix:a1') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]:1a') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix:1a') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]:') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix:/') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]:?') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://user@prefix.[v6a.ip]') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://user@[v6a.ip].suffix') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[v6a.ip') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://v6a.ip]') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://]v6a.ip[') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://]v6a.ip') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://v6a.ip[') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[v6a.ip') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://v6a.ip].suffix') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix]v6a.ip[suffix') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix]v6a.ip') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://v6a.ip[suffix') + + def test_splitting_bracketed_hosts(self): +- p1 = urllib.parse.urlsplit('scheme://user@[v6a.ip]/path?query') ++ p1 = urllib.parse.urlsplit('scheme://user@[v6a.ip]:1234/path?query') + self.assertEqual(p1.hostname, 'v6a.ip') + self.assertEqual(p1.username, 'user') + self.assertEqual(p1.path, '/path') ++ self.assertEqual(p1.port, 1234) + p2 = urllib.parse.urlsplit('scheme://user@[0439:23af:2309::fae7%test]/path?query') + self.assertEqual(p2.hostname, '0439:23af:2309::fae7%test') + self.assertEqual(p2.username, 'user') + self.assertEqual(p2.path, '/path') ++ self.assertIs(p2.port, None) + p3 = urllib.parse.urlsplit('scheme://user@[0439:23af:2309::fae7:1234:192.0.2.146%test]/path?query') + self.assertEqual(p3.hostname, '0439:23af:2309::fae7:1234:192.0.2.146%test') + self.assertEqual(p3.username, 'user') +--- a/Lib/urllib/parse.py ++++ b/Lib/urllib/parse.py +@@ -436,6 +436,23 @@ def _checknetloc(netloc): + raise ValueError("netloc '" + netloc + "' contains invalid " + + "characters under NFKC normalization") + ++def _check_bracketed_netloc(netloc): ++ # Note that this function must mirror the splitting ++ # done in NetlocResultMixins._hostinfo(). ++ hostname_and_port = netloc.rpartition('@')[2] ++ before_bracket, have_open_br, bracketed = hostname_and_port.partition('[') ++ if have_open_br: ++ # No data is allowed before a bracket. ++ if before_bracket: ++ raise ValueError("Invalid IPv6 URL") ++ hostname, _, port = bracketed.partition(']') ++ # No data is allowed after the bracket but before the port delimiter. ++ if port and not port.startswith(":"): ++ raise ValueError("Invalid IPv6 URL") ++ else: ++ hostname, _, port = hostname_and_port.partition(':') ++ _check_bracketed_host(hostname) ++ + # Valid bracketed hosts are defined in + # https://www.rfc-editor.org/rfc/rfc3986#page-49 and https://url.spec.whatwg.org/ + def _check_bracketed_host(hostname): +@@ -496,8 +513,7 @@ def urlsplit(url, scheme='', allow_fragm + (']' in netloc and '[' not in netloc)): + raise ValueError("Invalid IPv6 URL") + if '[' in netloc and ']' in netloc: +- bracketed_host = netloc.partition('[')[2].partition(']')[0] +- _check_bracketed_host(bracketed_host) ++ _check_bracketed_netloc(netloc) + if allow_fragments and '#' in url: + url, fragment = url.split('#', 1) + if '?' in url: +--- /dev/null ++++ b/Misc/NEWS.d/next/Security/2025-01-28-14-08-03.gh-issue-105704.EnhHxu.rst +@@ -0,0 +1,4 @@ ++When using :func:`urllib.parse.urlsplit` and :func:`urllib.parse.urlparse` host ++parsing would not reject domain names containing square brackets (``[`` and ++``]``). Square brackets are only valid for IPv6 and IPvFuture hosts according to ++`RFC 3986 Section 3.2.2 `__. diff --git a/F00251-change-user-install-location.patch b/F00251-change-user-install-location.patch new file mode 100644 index 0000000..fa38a94 --- /dev/null +++ b/F00251-change-user-install-location.patch @@ -0,0 +1,215 @@ +From 910f38d9768d39d4d31426743ae4081ed1ab66b6 Mon Sep 17 00:00:00 2001 +From: Michal Cyprian +Date: Mon, 26 Jun 2017 16:32:56 +0200 +Subject: [PATCH] 00251: Change user install location + +Set values of prefix and exec_prefix in distutils install command +to /usr/local if executable is /usr/bin/python* and RPM build +is not detected to make pip and distutils install into separate location. + +Fedora Change: https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe +--- + Lib/distutils/command/install.py | 15 +++++++++++++-- + Lib/site.py | 9 ++++++++- + 2 files changed, 21 insertions(+), 3 deletions(-) + +Index: Python-3.11.8/Lib/distutils/command/install.py +=================================================================== +--- Python-3.11.8.orig/Lib/distutils/command/install.py ++++ Python-3.11.8/Lib/distutils/command/install.py +@@ -441,8 +441,19 @@ class install(Command): + raise DistutilsOptionError( + "must not supply exec-prefix without prefix") + +- self.prefix = os.path.normpath(sys.prefix) +- self.exec_prefix = os.path.normpath(sys.exec_prefix) ++ # self.prefix is set to sys.prefix + /local/ ++ # if neither RPM build nor virtual environment is ++ # detected to make pip and distutils install packages ++ # into the separate location. ++ if (not (hasattr(sys, 'real_prefix') or ++ sys.prefix != sys.base_prefix) and ++ 'RPM_BUILD_ROOT' not in os.environ): ++ addition = "/local" ++ else: ++ addition = "" ++ ++ self.prefix = os.path.normpath(sys.prefix) + addition ++ self.exec_prefix = os.path.normpath(sys.exec_prefix) + addition + + else: + if self.exec_prefix is None: +Index: Python-3.11.8/Lib/site.py +=================================================================== +--- Python-3.11.8.orig/Lib/site.py ++++ Python-3.11.8/Lib/site.py +@@ -387,8 +387,15 @@ def getsitepackages(prefixes=None): + return sitepackages + + def addsitepackages(known_paths, prefixes=None): +- """Add site-packages to sys.path""" ++ """Add site-packages to sys.path ++ ++ '/usr/local' is included in PREFIXES if RPM build is not detected ++ to make packages installed into this location visible. ++ ++ """ + _trace("Processing global site-packages") ++ if ENABLE_USER_SITE and 'RPM_BUILD_ROOT' not in os.environ: ++ PREFIXES.insert(0, "/usr/local") + for sitedir in getsitepackages(prefixes): + if os.path.isdir(sitedir): + addsitedir(sitedir, known_paths) + +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= +Date: Mon, 15 Feb 2021 12:19:27 +0100 +Subject: [PATCH] 00251: Change user install location +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Set values of base and platbase in sysconfig from /usr +to /usr/local when RPM build is not detected +to make pip and similar tools install into separate location. + +Fedora Change: https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe +Downstream only. + +We've tried to rework in Fedora 36/Python 3.10 to follow https://bugs.python.org/issue43976 +but we have identified serious problems with that approach, +see https://bugzilla.redhat.com/2026979 or https://bugzilla.redhat.com/2097183 + +pypa/distutils integration: https://github.com/pypa/distutils/pull/70 + +Co-authored-by: Petr Viktorin +Co-authored-by: Miro Hrončok +Co-authored-by: Michal Cyprian +Co-authored-by: Lumír Balhar +--- + Lib/site.py | 9 ++++++- + Lib/sysconfig.py | 49 +++++++++++++++++++++++++++++++++++++- + Lib/test/test_sysconfig.py | 17 +++++++++++-- + 3 files changed, 71 insertions(+), 4 deletions(-) + +Index: Python-3.11.9/Lib/sysconfig.py +=================================================================== +--- Python-3.11.9.orig/Lib/sysconfig.py ++++ Python-3.11.9/Lib/sysconfig.py +@@ -103,6 +103,11 @@ if os.name == 'nt': + else: + _INSTALL_SCHEMES['venv'] = _INSTALL_SCHEMES['posix_venv'] + ++# For a brief period of time in the Fedora 36 life cycle, ++# this installation scheme existed and was documented in the release notes. ++# For backwards compatibility, we keep it here (at least on 3.10 and 3.11). ++_INSTALL_SCHEMES['rpm_prefix'] = _INSTALL_SCHEMES['posix_prefix'] ++ + + # NOTE: site.py has copy of this function. + # Sync it when modify this function. +@@ -162,6 +167,19 @@ if _HAS_USER_BASE: + }, + } + ++# This is used by distutils.command.install in the stdlib ++# as well as pypa/distutils (e.g. bundled in setuptools). ++# The self.prefix value is set to sys.prefix + /local/ ++# if neither RPM build nor virtual environment is ++# detected to make distutils install packages ++# into the separate location. ++# https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe ++if (not (hasattr(sys, 'real_prefix') or ++ sys.prefix != sys.base_prefix) and ++ 'RPM_BUILD_ROOT' not in os.environ): ++ _prefix_addition = '/local' ++ ++ + _SCHEME_KEYS = ('stdlib', 'platstdlib', 'purelib', 'platlib', 'include', + 'scripts', 'data') + +@@ -258,11 +276,40 @@ def _extend_dict(target_dict, other_dict + target_dict[key] = value + + ++_CONFIG_VARS_LOCAL = None ++ ++ ++def _config_vars_local(): ++ # This function returns the config vars with prefixes amended to /usr/local ++ # https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe ++ global _CONFIG_VARS_LOCAL ++ if _CONFIG_VARS_LOCAL is None: ++ _CONFIG_VARS_LOCAL = dict(get_config_vars()) ++ _CONFIG_VARS_LOCAL['base'] = '/usr/local' ++ _CONFIG_VARS_LOCAL['platbase'] = '/usr/local' ++ return _CONFIG_VARS_LOCAL ++ ++ + def _expand_vars(scheme, vars): + res = {} + if vars is None: + vars = {} +- _extend_dict(vars, get_config_vars()) ++ ++ # when we are not in a virtual environment or an RPM build ++ # we change '/usr' to '/usr/local' ++ # to avoid surprises, we explicitly check for the /usr/ prefix ++ # Python virtual environments have different prefixes ++ # we only do this for posix_prefix, not to mangle the venv scheme ++ # posix_prefix is used by sudo pip install ++ # we only change the defaults here, so explicit --prefix will take precedence ++ # https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe ++ if (scheme == 'posix_prefix' and ++ _PREFIX == '/usr' and ++ 'RPM_BUILD_ROOT' not in os.environ): ++ _extend_dict(vars, _config_vars_local()) ++ else: ++ _extend_dict(vars, get_config_vars()) ++ + if os.name == 'nt': + # On Windows we want to substitute 'lib' for schemes rather + # than the native value (without modifying vars, in case it +Index: Python-3.11.9/Lib/test/test_sysconfig.py +=================================================================== +--- Python-3.11.9.orig/Lib/test/test_sysconfig.py ++++ Python-3.11.9/Lib/test/test_sysconfig.py +@@ -111,8 +111,19 @@ class TestSysConfig(unittest.TestCase): + for scheme in _INSTALL_SCHEMES: + for name in _INSTALL_SCHEMES[scheme]: + expected = _INSTALL_SCHEMES[scheme][name].format(**config_vars) ++ tested = get_path(name, scheme) ++ # https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe ++ if tested.startswith('/usr/local'): ++ # /usr/local should only be used in posix_prefix ++ self.assertEqual(scheme, 'posix_prefix') ++ # Fedora CI runs tests for venv and virtualenv that check for other prefixes ++ self.assertEqual(sys.prefix, '/usr') ++ # When building the RPM of Python, %check runs this with RPM_BUILD_ROOT set ++ # Fedora CI runs this with RPM_BUILD_ROOT unset ++ self.assertNotIn('RPM_BUILD_ROOT', os.environ) ++ tested = tested.replace('/usr/local', '/usr') + self.assertEqual( +- os.path.normpath(get_path(name, scheme)), ++ os.path.normpath(tested), + os.path.normpath(expected), + ) + +@@ -345,7 +356,7 @@ class TestSysConfig(unittest.TestCase): + self.assertTrue(os.path.isfile(config_h), config_h) + + def test_get_scheme_names(self): +- wanted = ['nt', 'posix_home', 'posix_prefix', 'posix_venv', 'nt_venv', 'venv'] ++ wanted = ['nt', 'posix_home', 'posix_prefix', 'posix_venv', 'nt_venv', 'venv', 'rpm_prefix'] + if HAS_USER_BASE: + wanted.extend(['nt_user', 'osx_framework_user', 'posix_user']) + self.assertEqual(get_scheme_names(), tuple(sorted(wanted))) +@@ -357,6 +368,8 @@ class TestSysConfig(unittest.TestCase): + cmd = "-c", "import sysconfig; print(sysconfig.get_platform())" + self.assertEqual(py.call_real(*cmd), py.call_link(*cmd)) + ++ @unittest.skipIf('RPM_BUILD_ROOT' not in os.environ, ++ "Test doesn't expect Fedora's paths") + def test_user_similar(self): + # Issue #8759: make sure the posix scheme for the users + # is similar to the global posix_prefix one diff --git a/PACKAGING-NOTES b/PACKAGING-NOTES new file mode 100644 index 0000000..e28c88c --- /dev/null +++ b/PACKAGING-NOTES @@ -0,0 +1,26 @@ +Notes for packagers of Python3 +============================== + +0. Faster build turnaround +-------------------------- + +By default, python builds with profile-guided optimization. This needs +an additional run of the test suite and it is generally slow. +PGO build takes around 50 minutes. + +For development, use "--without profileopt" option to disable PGO. This +shortens the build time to ~5 minutes including test suite. + +1. import_failed.map +---------------------- + +This is a mechanism installed as part of python3-base, that places shim modules +on python's path (through a generated zzzz-import-failed-hooks.pth file, so that +it is imported as much at the end as makes sense; and an _import_failed subdir +of /usr/lib/pythonX.Y). Then when the user tries to import a module that is part +of a subpackage, the ImportError will contain a helpful message telling them +which missing subpackage to install. + +This can sometimes cause problems on non-standard configurations, if the pth +gets included too early (for instance if you are using a script to include all +pths by hand in some strange order). Just something to look out for. diff --git a/Python-3.11.10.tar.xz b/Python-3.11.10.tar.xz new file mode 100644 index 0000000..f87e7ad --- /dev/null +++ b/Python-3.11.10.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:07a4356e912900e61a15cb0949a06c4a05012e213ecd6b4e84d0f67aabbee372 +size 20067656 diff --git a/Python-3.11.10.tar.xz.asc b/Python-3.11.10.tar.xz.asc new file mode 100644 index 0000000..243d1b1 --- /dev/null +++ b/Python-3.11.10.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEz9yiRbEEPPKl+Xhl/+h0BBaL2EcFAmbbrO0ACgkQ/+h0BBaL +2Ec+YBAAnQJLKYPjj7Yr7xkFU655Sv86JxeRAdWjnIapbiIuWg3Up8Pd8FTRgHGf +3XdTHw7b03lSjtzJwavzdnDklqAlBIGn9dVieljUIN7NYyNxoYOr/AiatimgSwv7 +dI5mfun5fLKV6ZcdNdQN5PJ3RZtF3I7VfkN2mlfZJHtxl1agdU/TfW2L+qJ7+JPY +cayjq2xKTLRNXOf2iV29GRRovLiqA+Dx0+cAwsScwreHMp3U4k3GkeHVoR6fldV4 +bVAM8GRl3CYVFePiqAbamKP1BSys44JOINWbWyd94JxzEAwXWz//Es0h73AzeRfK +ueORqzdoOGrVc74+HGlAHhqO1Gg7jMMmtkzCEuav+cGHYnMRMOngGR3q47aTJTVb +5UdP0oD4OlADPFVa6q0LCqN/IFlebWMh9pXYw7Wpek63oNuZHTfNPq4S1AUM2HJm +C3yzaOG9VAdYfLneJC4ldY4CVt1FKckfaXp5OAaMr71DI74e4CcEswlUupZJLZKV +TJRjQD15bnXGhHDqU4w3RmzpCWMh2mf4m4VMYQyObl3TtlX+gVvzIhDS5+mXqutB +F1pdXwaHHkTb2PLLxpwOGrnsp8XoW74tsylcYirQg8jSFMbgxfwgIjEIuRGXeDkT +B4QzmQ4SxsbLiH7etV6Fznl1h569Z4DO9OOs4i0ZzIjdhPDQtAs= +=TatG +-----END PGP SIGNATURE----- diff --git a/Python-3.11.11.tar.xz b/Python-3.11.11.tar.xz new file mode 100644 index 0000000..e0581b1 --- /dev/null +++ b/Python-3.11.11.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:2a9920c7a0cd236de33644ed980a13cbbc21058bfdc528febb6081575ed73be3 +size 20085792 diff --git a/Python-3.11.11.tar.xz.sigstore b/Python-3.11.11.tar.xz.sigstore new file mode 100644 index 0000000..782816a --- /dev/null +++ b/Python-3.11.11.tar.xz.sigstore @@ -0,0 +1 @@ +{"mediaType": "application/vnd.dev.sigstore.bundle.v0.3+json", "verificationMaterial": {"certificate": {"rawBytes": "MIICzDCCAlOgAwIBAgIUWcRolJPsPmtJKA6VkjHSj7PtjY8wCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjQxMjAzMTgxOTA1WhcNMjQxMjAzMTgyOTA1WjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEN+fBJCRZIAZiWPBdjyQVD+x5vgmjuuVct1HkPHIBMuEe7wI4mBG2BhJ3fHkpr97efIH6ELMmPV99edyAIZFXR6OCAXIwggFuMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUkutZdHfCCSvGI87mjnBRwZB8ihYwHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4YZD8wIgYDVR0RAQH/BBgwFoEUcGFibG9nc2FsQHB5dGhvbi5vcmcwKQYKKwYBBAGDvzABAQQbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMCsGCisGAQQBg78wAQgEHQwbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMIGKBgorBgEEAdZ5AgQCBHwEegB4AHYA3T0wasbHETJjGR4cmWc3AqJKXrjePK3/h4pygC8p7o4AAAGTjb9QlwAABAMARzBFAiEA4ddSINhYM+p0+DGzRqnA8rVtJF9YgI+9znXiq9fqQNkCIEErcSnQmN8jjErhwWWtcTM5GgH4ka/uk5kdHTycwxj3MAoGCCqGSM49BAMDA2cAMGQCMFmkCEH2pCBpFeFiUi2uA4opcJP6vh/zqb+D0tbxqd+jwbBkuDxDqA9/Ao3UWop+twIwO9o71KAlYWPSPYMeZERM4R8zWlp9mVJPiK3tgOJJi40MNmxwtfsQeQtncqiQLBAH"}, "tlogEntries": [{"logIndex": "153122039", "logId": {"keyId": "wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="}, "kindVersion": {"kind": "hashedrekord", "version": "0.0.1"}, "integratedTime": "1733249946", "inclusionPromise": {"signedEntryTimestamp": "MEUCIBL9zpVJtljIuZtAe8uptLfDmakmbAjy5ELp2q8WJTQ7AiEAv6lIpyJZycHwTS+JHYJFzMVv0SmA8yQ0eMneBivMhPY="}, "inclusionProof": {"logIndex": "31217777", "rootHash": "BMKHBPePzSbNqf2NyF/Ejuyy3troRGpNS41Dqe43nZ0=", "treeSize": "31217778", "hashes": ["lrr8dxmtgD09fnZTo1tMTY00HNKc2ZIpbZa1djDeTes=", "yFxGSg1RDbtZ/eNftnMdBJGNEZmmLyx2ZRDFtAIMHAk=", "GeqsQGnvgc+gcuaIC+vQ5b0RdTyBxBnYTpbeW2AeD+Q=", "dMTPeN/a9xCQQP+Hz7sddW0pPj8n54sfkhcf3XhjrMM=", "XjayhjKU3shP7q7lhmhKDv3Vpi4gJgAPCu0KlEzc9Qo=", "go1dmexQYS5etu69upRRX7IFvuA0rIcT9aYjMstmPIU=", "AYwr74Bm2w383UnS7DdbZUUAhusq28JoxKpWrQ7OvGQ=", "u+yWmGIR6sAH32wiSy22mz1Yf+jfPdBTjFbyRISuTZw=", "3eFC7Gp4fWecybDOAw9uUTrM1xB7YRYRAGsfYkiQbV8=", "1uKk2qjOliHMiTk906jrchP8mXWsRG8apaU1sa0lfh0=", "oOecFfN3YqDOkbijS/ej1WF5Da/Gt/AZNhbwE9uoOE8=", "4lUF0YOu9XkIDXKXA0wMSzd6VeDY3TZAgmoOeWmS2+Y=", "gf+9m552B3PnkWnO0o4KdVvjcT3WVHLrCbf1DoVYKFw="], "checkpoint": {"envelope": "rekor.sigstore.dev - 1193050959916656506\n31217778\nBMKHBPePzSbNqf2NyF/Ejuyy3troRGpNS41Dqe43nZ0=\n\n\u2014 rekor.sigstore.dev wNI9ajBEAiA7ed0HqugBwVpmxDAR1VN35J91/+DeRdj09y5lFY+bRwIgYe07JnZlJvp3MfAMXX3i4XBsZoDRZoXtwfBaRj/8x8s=\n"}}, "canonicalizedBody": "eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiaGFzaGVkcmVrb3JkIiwic3BlYyI6eyJkYXRhIjp7Imhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiIyYTk5MjBjN2EwY2QyMzZkZTMzNjQ0ZWQ5ODBhMTNjYmJjMjEwNThiZmRjNTI4ZmViYjYwODE1NzVlZDczYmUzIn19LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FVUNJRU5KSGllaWs5WkVibW83a0p4ZUhWY2FvVDVYOUxyWG1zRTVxc1I5R1JpSEFpRUFtcHZyV21vUHF5YzRpQ09VYXVmY3dKTllMK1lPTWU0b0NOaWRLVGduT1FBPSIsInB1YmxpY0tleSI6eyJjb250ZW50IjoiTFMwdExTMUNSVWRKVGlCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2sxSlNVTjZSRU5EUVd4UFowRjNTVUpCWjBsVlYyTlNiMnhLVUhOUWJYUktTMEUyVm10cVNGTnFOMUIwYWxrNGQwTm5XVWxMYjFwSmVtb3dSVUYzVFhjS1RucEZWazFDVFVkQk1WVkZRMmhOVFdNeWJHNWpNMUoyWTIxVmRWcEhWakpOVWpSM1NFRlpSRlpSVVVSRmVGWjZZVmRrZW1SSE9YbGFVekZ3WW01U2JBcGpiVEZzV2tkc2FHUkhWWGRJYUdOT1RXcFJlRTFxUVhwTlZHZDRUMVJCTVZkb1kwNU5hbEY0VFdwQmVrMVVaM2xQVkVFeFYycEJRVTFHYTNkRmQxbElDa3R2V2tsNmFqQkRRVkZaU1V0dldrbDZhakJFUVZGalJGRm5RVVZPSzJaQ1NrTlNXa2xCV21sWFVFSmthbmxSVmtRcmVEVjJaMjFxZFhWV1kzUXhTR3NLVUVoSlFrMTFSV1UzZDBrMGJVSkhNa0pvU2pObVNHdHdjamszWldaSlNEWkZURTF0VUZZNU9XVmtlVUZKV2taWVVqWlBRMEZZU1hkblowWjFUVUUwUndwQk1WVmtSSGRGUWk5M1VVVkJkMGxJWjBSQlZFSm5UbFpJVTFWRlJFUkJTMEpuWjNKQ1owVkdRbEZqUkVGNlFXUkNaMDVXU0ZFMFJVWm5VVlZyZFhSYUNtUklaa05EVTNaSFNUZzNiV3B1UWxKM1drSTRhV2haZDBoM1dVUldVakJxUWtKbmQwWnZRVlV6T1ZCd2VqRlphMFZhWWpWeFRtcHdTMFpYYVhocE5Ga0tXa1E0ZDBsbldVUldVakJTUVZGSUwwSkNaM2RHYjBWVlkwZEdhV0pIT1c1ak1rWnpVVWhDTldSSGFIWmlhVFYyWTIxamQwdFJXVXRMZDFsQ1FrRkhSQXAyZWtGQ1FWRlJZbUZJVWpCalNFMDJUSGs1YUZreVRuWmtWelV3WTNrMWJtSXlPVzVpUjFWMVdUSTVkRTFEYzBkRGFYTkhRVkZSUW1jM09IZEJVV2RGQ2toUmQySmhTRkl3WTBoTk5reDVPV2haTWs1MlpGYzFNR041Tlc1aU1qbHVZa2RWZFZreU9YUk5TVWRMUW1kdmNrSm5SVVZCWkZvMVFXZFJRMEpJZDBVS1pXZENORUZJV1VFelZEQjNZWE5pU0VWVVNtcEhValJqYlZkak0wRnhTa3RZY21wbFVFc3pMMmcwY0hsblF6aHdOMjgwUVVGQlIxUnFZamxSYkhkQlFRcENRVTFCVW5wQ1JrRnBSVUUwWkdSVFNVNW9XVTByY0RBclJFZDZVbkZ1UVRoeVZuUktSamxaWjBrck9YcHVXR2x4T1daeFVVNXJRMGxGUlhKalUyNVJDbTFPT0dwcVJYSm9kMWRYZEdOVVRUVkhaMGcwYTJFdmRXczFhMlJJVkhsamQzaHFNMDFCYjBkRFEzRkhVMDAwT1VKQlRVUkJNbU5CVFVkUlEwMUdiV3NLUTBWSU1uQkRRbkJHWlVacFZXa3lkVUUwYjNCalNsQTJkbWd2ZW5GaUswUXdkR0o0Y1dRcmFuZGlRbXQxUkhoRWNVRTVMMEZ2TTFWWGIzQXJkSGRKZHdwUE9XODNNVXRCYkZsWFVGTlFXVTFsV2tWU1RUUlNPSHBYYkhBNWJWWktVR2xMTTNSblQwcEthVFF3VFU1dGVIZDBabk5SWlZGMGJtTnhhVkZNUWtGSUNpMHRMUzB0UlU1RUlFTkZVbFJKUmtsRFFWUkZMUzB0TFMwSyJ9fX19"}]}, "messageSignature": {"messageDigest": {"algorithm": "SHA2_256", "digest": "Kpkgx6DNI23jNkTtmAoTy7whBYv9xSj+u2CBV17XO+M="}, "signature": "MEUCIENJHieik9ZEbmo7kJxeHVcaoT5X9LrXmsE5qsR9GRiHAiEAmpvrWmoPqyc4iCOUaufcwJNYL+YOMe4oCNidKTgnOQA="}} diff --git a/Python-3.11.12.tar.xz b/Python-3.11.12.tar.xz new file mode 100644 index 0000000..e2b3c80 --- /dev/null +++ b/Python-3.11.12.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:849da87af4df137710c1796e276a955f7a85c9f971081067c8f565d15c352a09 +size 20112232 diff --git a/Python-3.11.12.tar.xz.sigstore b/Python-3.11.12.tar.xz.sigstore new file mode 100644 index 0000000..36fb8a6 --- /dev/null +++ b/Python-3.11.12.tar.xz.sigstore @@ -0,0 +1 @@ +{"mediaType": "application/vnd.dev.sigstore.bundle.v0.3+json", "verificationMaterial": {"certificate": {"rawBytes": "MIICzDCCAlOgAwIBAgIUdXXo3kfUuTRxhwfBaDz2hbLdc00wCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjUwNDA4MTUwMzI1WhcNMjUwNDA4MTUxMzI1WjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEChWB96w27HEQAug03xOuj5aVvdcEBkLaseC6PKbhc3lq1vL78o96RMSdWdBSmBQ4OrRHKvop8VRwn4SI6KPIN6OCAXIwggFuMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUDQFNdUPu8lJprLgYTWMF//JnS0owHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4YZD8wIgYDVR0RAQH/BBgwFoEUcGFibG9nc2FsQHB5dGhvbi5vcmcwKQYKKwYBBAGDvzABAQQbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMCsGCisGAQQBg78wAQgEHQwbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMIGKBgorBgEEAdZ5AgQCBHwEegB4AHYA3T0wasbHETJjGR4cmWc3AqJKXrjePK3/h4pygC8p7o4AAAGWFe1zcgAABAMARzBFAiAMLue9b86BfjeZl9ML7LekLskkUPTEhI2ciiZrYgaF/gIhAIt66OYOVpC39L+bRXJd1K+T39IGMxYcKoaDrMk0DX59MAoGCCqGSM49BAMDA2cAMGQCMEJ+IEScHRIlOwToBZxVVJjrSxOVvqRSfUO5hvYNkqhYz97LxxUFWpcB/DMiQJOUbwIwKJRh5d7c30z1XyE5zsjOZZmz37ah6aJtyuHLCn3QKJniWBMxIMy9lbXlRZWZgsf0"}, "tlogEntries": [{"logIndex": "193896942", "logId": {"keyId": "wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="}, "kindVersion": {"kind": "hashedrekord", "version": "0.0.1"}, "integratedTime": "1744124605", "inclusionPromise": {"signedEntryTimestamp": "MEUCIQDBvc4N4pmeJKalSbAgT5X5MiHnHfiFJ3q/ifYIUDQORwIgNCMUBexEGM4B8VSSWkSDK8uZDGqzA7bgurZdWE0z/vc="}, "inclusionProof": {"logIndex": "71992680", "rootHash": "jow4GaqK8wgGK0YaQkHyINNk1eJRvrgCUSax5oC+bgc=", "treeSize": "71992683", "hashes": ["V5p0el9OkIku5PMpzeGtSeSQLNkd4d0DVh6qNlixrlk=", "CbJfH60w3vsS3xzOzbMZQaokwVM+6efm7OCLjQ5og/k=", "fJZsSVsDo+dpw5484/+8Rm3EH3JostySBfLMVDBUZOU=", "/C+wK2WU/SrXLMnuHDzeBP4K+Jlt/S0nAvzvcXJPp30=", "m6j5meZeKpBfFqNeI7qiCogWjT2IT5NZkgJYwot9sRo=", "V7VMIiqIq7yvzO+ic8vLqIJr3+iGA6whYAGN7YvWhsQ=", "2ap6N1WIsMWGC/Zrnzsx//K9223/3B9lLpJP87M+rXE=", "2kwW2rqY/EMS68q/rOjagVYsEMybFHgxIfbokSa8yKU=", "QReFEOB9XSZtDKsjRtA0fGnYGMYD2Z7qn50auG1YlWo=", "K26LG80DXyb+bC58c4Nw00WigG52v0PCsZGY3ExGsts=", "WEm5OgPzJpYROv+4CcrieexCYyQKrLUH3hbxmcQQ+DM=", "7v8qPHNDLerpduaMx06eb/MwgoQwczTn/cYGKX/9wZ4="], "checkpoint": {"envelope": "rekor.sigstore.dev - 1193050959916656506\n71992683\njow4GaqK8wgGK0YaQkHyINNk1eJRvrgCUSax5oC+bgc=\n\n\u2014 rekor.sigstore.dev wNI9ajBGAiEA7u1b4P659JpwuXMf6lhvC1RhOj/ZH7CpYcAQbitQSwUCIQDJrflW8FGweaiB88lSuLfpfD/a6l6jWhUyOQB/mIJ9rA==\n"}}, "canonicalizedBody": "eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiaGFzaGVkcmVrb3JkIiwic3BlYyI6eyJkYXRhIjp7Imhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiI4NDlkYTg3YWY0ZGYxMzc3MTBjMTc5NmUyNzZhOTU1ZjdhODVjOWY5NzEwODEwNjdjOGY1NjVkMTVjMzUyYTA5In19LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FUUNJRnMzQi9oTk9OMVY2TXFaUkxzRmNHNlU2Qjkza2FsL1VLZWsvYkRVb3o2MUFpQWZydmsrWXpjK0hHZGJYemRRQ203cjlKU2RNUCtuR1BOblVCZzFoSnAySVE9PSIsInB1YmxpY0tleSI6eyJjb250ZW50IjoiTFMwdExTMUNSVWRKVGlCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2sxSlNVTjZSRU5EUVd4UFowRjNTVUpCWjBsVlpGaFliek5yWmxWMVZGSjRhSGRtUW1GRWVqSm9Za3hrWXpBd2QwTm5XVWxMYjFwSmVtb3dSVUYzVFhjS1RucEZWazFDVFVkQk1WVkZRMmhOVFdNeWJHNWpNMUoyWTIxVmRWcEhWakpOVWpSM1NFRlpSRlpSVVVSRmVGWjZZVmRrZW1SSE9YbGFVekZ3WW01U2JBcGpiVEZzV2tkc2FHUkhWWGRJYUdOT1RXcFZkMDVFUVRSTlZGVjNUWHBKTVZkb1kwNU5hbFYzVGtSQk5FMVVWWGhOZWtreFYycEJRVTFHYTNkRmQxbElDa3R2V2tsNmFqQkRRVkZaU1V0dldrbDZhakJFUVZGalJGRm5RVVZEYUZkQ09UWjNNamRJUlZGQmRXY3dNM2hQZFdvMVlWWjJaR05GUW10TVlYTmxRellLVUV0aWFHTXpiSEV4ZGt3M09HODVObEpOVTJSWFpFSlRiVUpSTkU5eVVraExkbTl3T0ZaU2QyNDBVMGsyUzFCSlRqWlBRMEZZU1hkblowWjFUVUUwUndwQk1WVmtSSGRGUWk5M1VVVkJkMGxJWjBSQlZFSm5UbFpJVTFWRlJFUkJTMEpuWjNKQ1owVkdRbEZqUkVGNlFXUkNaMDVXU0ZFMFJVWm5VVlZFVVVaT0NtUlZVSFU0YkVwd2NreG5XVlJYVFVZdkwwcHVVekJ2ZDBoM1dVUldVakJxUWtKbmQwWnZRVlV6T1ZCd2VqRlphMFZhWWpWeFRtcHdTMFpYYVhocE5Ga0tXa1E0ZDBsbldVUldVakJTUVZGSUwwSkNaM2RHYjBWVlkwZEdhV0pIT1c1ak1rWnpVVWhDTldSSGFIWmlhVFYyWTIxamQwdFJXVXRMZDFsQ1FrRkhSQXAyZWtGQ1FWRlJZbUZJVWpCalNFMDJUSGs1YUZreVRuWmtWelV3WTNrMWJtSXlPVzVpUjFWMVdUSTVkRTFEYzBkRGFYTkhRVkZSUW1jM09IZEJVV2RGQ2toUmQySmhTRkl3WTBoTk5reDVPV2haTWs1MlpGYzFNR041Tlc1aU1qbHVZa2RWZFZreU9YUk5TVWRMUW1kdmNrSm5SVVZCWkZvMVFXZFJRMEpJZDBVS1pXZENORUZJV1VFelZEQjNZWE5pU0VWVVNtcEhValJqYlZkak0wRnhTa3RZY21wbFVFc3pMMmcwY0hsblF6aHdOMjgwUVVGQlIxZEdaVEY2WTJkQlFRcENRVTFCVW5wQ1JrRnBRVTFNZFdVNVlqZzJRbVpxWlZwc09VMU1OMHhsYTB4emEydFZVRlJGYUVreVkybHBXbkpaWjJGR0wyZEphRUZKZERZMlQxbFBDbFp3UXpNNVRDdGlVbGhLWkRGTEsxUXpPVWxIVFhoWlkwdHZZVVJ5VFdzd1JGZzFPVTFCYjBkRFEzRkhVMDAwT1VKQlRVUkJNbU5CVFVkUlEwMUZTaXNLU1VWVFkwaFNTV3hQZDFSdlFscDRWbFpLYW5KVGVFOVdkbkZTVTJaVlR6Vm9kbGxPYTNGb1dYbzVOMHg0ZUZWR1YzQmpRaTlFVFdsUlNrOVZZbmRKZHdwTFNsSm9OV1EzWXpNd2VqRlllVVUxZW5OcVQxcGFiWG96TjJGb05tRktkSGwxU0V4RGJqTlJTMHB1YVZkQ1RYaEpUWGs1YkdKWWJGSmFWMXBuYzJZd0NpMHRMUzB0UlU1RUlFTkZVbFJKUmtsRFFWUkZMUzB0TFMwSyJ9fX19"}], "timestampVerificationData": {}}, "messageSignature": {"messageDigest": {"algorithm": "SHA2_256", "digest": "hJ2oevTfE3cQwXluJ2qVX3qFyflxCBBnyPVl0Vw1Kgk="}, "signature": "MEQCIFs3B/hNON1V6MqZRLsFcG6U6B93kal/UKek/bDUoz61AiAfrvk+Yzc+HGdbXzdQCm7r9JSdMP+nGPNnUBg1hJp2IQ=="}} diff --git a/README.SUSE b/README.SUSE new file mode 100644 index 0000000..0053bcf --- /dev/null +++ b/README.SUSE @@ -0,0 +1,43 @@ +Python 3 in SUSE +============== + +* Subpackages * + +Python 3 is split into several subpackages, based on external dependencies. +The main package 'python3' has soft dependencies on all subpackages needed to +assemble the standard library; however, these might not all be installed by default. + +If you attempt to import a module that is currently not installed, an ImportError is thrown, +with instructions to install the missing subpackage. Installing the subpackage might result +in installing libraries that the subpackage requires to function. + + +* ensurepip * + +The 'ensurepip' module from Python 3 standard library (PEP 453) is supposed to deploy +a bundled copy of the pip installer. This makes no sense in a managed distribution like SUSE. +Instead, you need to install package 'python3-pip'. Usually this will be installed automatically +with 'python3'. + +Using 'ensurepip' when pip is not installed will result in an ImportError with instructions +to install 'python3-pip'. + + +* Documentation * + +You can find documentation in seprarate packages: python3-doc and +python3-doc-pdf. These contan following documents: + + Tutorial, What's New in Python, Global Module Index, Library Reference, + Macintosh Module Reference, Installing Python Modules, Distributing Python + Modules, Language Reference, Extending and Embedding, Python/C API, + Documenting Python + +The python3-doc package constains many text files from source tarball. + + +* Interactive mode * + +Interactive mode is by default enhanced with of history and command completion. +If you don't like these features, you can unset the PYTHONSTARTUP variable +in your .profile or disable it system wide in /etc/profile.d/python.sh. diff --git a/_multibuild b/_multibuild new file mode 100644 index 0000000..1d50bc4 --- /dev/null +++ b/_multibuild @@ -0,0 +1,4 @@ + + base + doc + diff --git a/add-loongarch64-support.patch b/add-loongarch64-support.patch new file mode 100644 index 0000000..f0c8035 --- /dev/null +++ b/add-loongarch64-support.patch @@ -0,0 +1,25 @@ +Description: Add platform triplets for LoongArch. + +--- a/configure.ac ++++ b/configure.ac +@@ -976,6 +976,20 @@ cat > conftest.c <=6) && defined(_MIPSEL) diff --git a/baselibs.conf b/baselibs.conf new file mode 100644 index 0000000..1793de8 --- /dev/null +++ b/baselibs.conf @@ -0,0 +1,3 @@ +python311-base +python311 +libpython3_11-1_0 diff --git a/bluez-devel-vendor.tar.xz b/bluez-devel-vendor.tar.xz new file mode 100644 index 0000000..57fb3e5 --- /dev/null +++ b/bluez-devel-vendor.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:868fbfba2ddaed62f2c45cf869fe2c648527ac3bac738f4f41f3c2872f5b0211 +size 25040 diff --git a/bpo-31046_ensurepip_honours_prefix.patch b/bpo-31046_ensurepip_honours_prefix.patch new file mode 100644 index 0000000..86882ae --- /dev/null +++ b/bpo-31046_ensurepip_honours_prefix.patch @@ -0,0 +1,173 @@ +From 5754521af1d51aa8e445cba07a093bbc0c88596d Mon Sep 17 00:00:00 2001 +From: Zackery Spytz +Date: Mon, 16 Dec 2019 18:24:08 -0700 +Subject: [PATCH] bpo-31046: ensurepip does not honour the value of $(prefix) + +Co-Authored-By: Xavier de Gaye +--- + Doc/library/ensurepip.rst | 9 +++-- + Lib/ensurepip/__init__.py | 18 +++++++--- + Lib/test/test_ensurepip.py | 11 ++++++ + Makefile.pre.in | 4 +- + Misc/NEWS.d/next/Build/2019-12-16-17-50-42.bpo-31046.XA-Qfr.rst | 1 + 5 files changed, 34 insertions(+), 9 deletions(-) + create mode 100644 Misc/NEWS.d/next/Build/2019-12-16-17-50-42.bpo-31046.XA-Qfr.rst + +Index: Python-3.11.8/Doc/library/ensurepip.rst +=================================================================== +--- Python-3.11.8.orig/Doc/library/ensurepip.rst ++++ Python-3.11.8/Doc/library/ensurepip.rst +@@ -59,7 +59,9 @@ is at least as recent as the one availab + By default, ``pip`` is installed into the current virtual environment + (if one is active) or into the system site packages (if there is no + active virtual environment). The installation location can be controlled +-through two additional command line options: ++through some additional command line options: ++ ++* ``--prefix ``: Installs ``pip`` using the given directory prefix. + + * :samp:`--root {dir}`: Installs ``pip`` relative to the given root directory + rather than the root of the currently active virtual environment (if any) +@@ -92,7 +94,7 @@ Module API + Returns a string specifying the available version of pip that will be + installed when bootstrapping an environment. + +-.. function:: bootstrap(root=None, upgrade=False, user=False, \ ++.. function:: bootstrap(root=None, prefix=None, upgrade=False, user=False, \ + altinstall=False, default_pip=False, \ + verbosity=0) + +@@ -102,6 +104,8 @@ Module API + If *root* is ``None``, then installation uses the default install location + for the current environment. + ++ *prefix* specifies the directory prefix to use when installing. ++ + *upgrade* indicates whether or not to upgrade an existing installation + of an earlier version of ``pip`` to the available version. + +@@ -122,6 +126,8 @@ Module API + *verbosity* controls the level of output to :data:`sys.stdout` from the + bootstrapping operation. + ++ .. versionchanged:: 3.9 the *prefix* parameter was added. ++ + .. audit-event:: ensurepip.bootstrap root ensurepip.bootstrap + + .. note:: +Index: Python-3.11.8/Lib/ensurepip/__init__.py +=================================================================== +--- Python-3.11.8.orig/Lib/ensurepip/__init__.py ++++ Python-3.11.8/Lib/ensurepip/__init__.py +@@ -122,27 +122,27 @@ def _disable_pip_configuration_settings( + os.environ['PIP_CONFIG_FILE'] = os.devnull + + +-def bootstrap(*, root=None, upgrade=False, user=False, ++def bootstrap(*, root=None, prefix=None, upgrade=False, user=False, + altinstall=False, default_pip=False, + verbosity=0): + """ + Bootstrap pip into the current Python installation (or the given root +- directory). ++ and directory prefix). + + Note that calling this function will alter both sys.path and os.environ. + """ + # Discard the return value +- _bootstrap(root=root, upgrade=upgrade, user=user, ++ _bootstrap(root=root, prefix=prefix, upgrade=upgrade, user=user, + altinstall=altinstall, default_pip=default_pip, + verbosity=verbosity) + + +-def _bootstrap(*, root=None, upgrade=False, user=False, ++def _bootstrap(*, root=None, prefix=None, upgrade=False, user=False, + altinstall=False, default_pip=False, + verbosity=0): + """ + Bootstrap pip into the current Python installation (or the given root +- directory). Returns pip command status code. ++ and directory prefix). Returns pip command status code. + + Note that calling this function will alter both sys.path and os.environ. + """ +@@ -192,6 +192,8 @@ def _bootstrap(*, root=None, upgrade=Fal + args = ["install", "--no-cache-dir", "--no-index", "--find-links", tmpdir] + if root: + args += ["--root", root] ++ if prefix: ++ args += ["--prefix", prefix] + if upgrade: + args += ["--upgrade"] + if user: +@@ -267,6 +269,11 @@ def _main(argv=None): + help="Install everything relative to this alternate root directory.", + ) + parser.add_argument( ++ "--prefix", ++ default=None, ++ help="Install everything using this prefix.", ++ ) ++ parser.add_argument( + "--altinstall", + action="store_true", + default=False, +@@ -285,6 +292,7 @@ def _main(argv=None): + + return _bootstrap( + root=args.root, ++ prefix=args.prefix, + upgrade=args.upgrade, + user=args.user, + verbosity=args.verbosity, +Index: Python-3.11.8/Lib/test/test_ensurepip.py +=================================================================== +--- Python-3.11.8.orig/Lib/test/test_ensurepip.py ++++ Python-3.11.8/Lib/test/test_ensurepip.py +@@ -112,6 +112,17 @@ class TestBootstrap(EnsurepipMixin, unit + unittest.mock.ANY, + ) + ++ def test_bootstrapping_with_prefix(self): ++ ensurepip.bootstrap(prefix="/foo/bar/") ++ self.run_pip.assert_called_once_with( ++ [ ++ "install", "--no-cache-dir", "--no-index", "--find-links", ++ unittest.mock.ANY, "--prefix", "/foo/bar/", ++ "setuptools", "pip", ++ ], ++ unittest.mock.ANY, ++ ) ++ + def test_bootstrapping_with_user(self): + ensurepip.bootstrap(user=True) + +Index: Python-3.11.8/Makefile.pre.in +=================================================================== +--- Python-3.11.8.orig/Makefile.pre.in ++++ Python-3.11.8/Makefile.pre.in +@@ -1761,7 +1761,7 @@ install: @FRAMEWORKINSTALLFIRST@ commoni + install|*) ensurepip="" ;; \ + esac; \ + $(RUNSHARED) $(PYTHON_FOR_BUILD) -m ensurepip \ +- $$ensurepip --root=$(DESTDIR)/ ; \ ++ $$ensurepip --root=$(DESTDIR)/ --prefix=$(prefix) ; \ + fi + + altinstall: commoninstall +@@ -1771,7 +1771,7 @@ altinstall: commoninstall + install|*) ensurepip="--altinstall" ;; \ + esac; \ + $(RUNSHARED) $(PYTHON_FOR_BUILD) -m ensurepip \ +- $$ensurepip --root=$(DESTDIR)/ ; \ ++ $$ensurepip --root=$(DESTDIR)/ --prefix=$(prefix) ; \ + fi + + commoninstall: check-clean-src @FRAMEWORKALTINSTALLFIRST@ \ +Index: Python-3.11.8/Misc/NEWS.d/next/Build/2019-12-16-17-50-42.bpo-31046.XA-Qfr.rst +=================================================================== +--- /dev/null ++++ Python-3.11.8/Misc/NEWS.d/next/Build/2019-12-16-17-50-42.bpo-31046.XA-Qfr.rst +@@ -0,0 +1 @@ ++A directory prefix can now be specified when using :mod:`ensurepip`. diff --git a/bsc1221260-test_asyncio-ResourceWarning.patch b/bsc1221260-test_asyncio-ResourceWarning.patch new file mode 100644 index 0000000..15d6b8d --- /dev/null +++ b/bsc1221260-test_asyncio-ResourceWarning.patch @@ -0,0 +1,21 @@ +From a3052035485bd2836e40f5284657ca105382cbfd Mon Sep 17 00:00:00 2001 +From: sobolevn +Date: Tue, 5 Mar 2024 20:24:16 +0300 +Subject: [PATCH] gh-116112: Fix `ResourceWarning` in + `test_asyncio.test_stream` + +Co-authored-by: @CendioOssman +--- + Lib/test/test_asyncio/test_streams.py | 1 + + 1 file changed, 1 insertion(+) + +--- a/Lib/test/test_asyncio/test_streams.py ++++ b/Lib/test/test_asyncio/test_streams.py +@@ -1156,6 +1156,7 @@ os.close(fd) + + def test_unhandled_cancel(self): + async def handle_echo(reader, writer): ++ writer.close() + asyncio.current_task().cancel() + messages = self._basetest_unhandled_exceptions(handle_echo) + self.assertEqual(messages, []) diff --git a/bso1227999-reproducible-builds.patch b/bso1227999-reproducible-builds.patch new file mode 100644 index 0000000..fb33d18 --- /dev/null +++ b/bso1227999-reproducible-builds.patch @@ -0,0 +1,37 @@ +From ac2b8869724d7a57d9b5efbdce2f20423214e8bb Mon Sep 17 00:00:00 2001 +From: "Bernhard M. Wiedemann" +Date: Tue, 16 Jul 2024 21:39:33 +0200 +Subject: [PATCH] Allow to override build date with SOURCE_DATE_EPOCH + +to make builds reproducible. +See https://reproducible-builds.org/ for why this is good +and https://reproducible-builds.org/specs/source-date-epoch/ +for the definition of this variable. +--- + Doc/conf.py | 3 ++- + Doc/library/functions.rst | 2 +- + 2 files changed, 3 insertions(+), 2 deletions(-) + +--- a/Doc/conf.py ++++ b/Doc/conf.py +@@ -316,7 +316,8 @@ html_context = { + } + + # This 'Last updated on:' timestamp is inserted at the bottom of every page. +-html_last_updated_fmt = time.strftime('%b %d, %Y (%H:%M UTC)', time.gmtime()) ++html_time = int(os.environ.get('SOURCE_DATE_EPOCH', time.time())) ++html_last_updated_fmt = time.strftime('%b %d, %Y (%H:%M UTC)', time.gmtime(html_time)) + + # Path to find HTML templates. + templates_path = ['tools/templates'] +--- a/Doc/library/functions.rst ++++ b/Doc/library/functions.rst +@@ -1356,7 +1356,7 @@ are always available. They are listed h + (where :func:`open` is declared), :mod:`os`, :mod:`os.path`, :mod:`tempfile`, + and :mod:`shutil`. + +- .. audit-event:: open file,mode,flags open ++ .. audit-event:: open path,mode,flags open + + The ``mode`` and ``flags`` arguments may have been modified or inferred from + the original call. diff --git a/distutils-reproducible-compile.patch b/distutils-reproducible-compile.patch new file mode 100644 index 0000000..17e8bd2 --- /dev/null +++ b/distutils-reproducible-compile.patch @@ -0,0 +1,17 @@ +--- + Lib/distutils/util.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +Index: Python-3.11.8/Lib/distutils/util.py +=================================================================== +--- Python-3.11.8.orig/Lib/distutils/util.py ++++ Python-3.11.8/Lib/distutils/util.py +@@ -436,7 +436,7 @@ byte_compile(files, optimize=%r, force=% + else: + from py_compile import compile + +- for file in py_files: ++ for file in sorted(py_files): + if file[-3:] != ".py": + # This lets us be lazy and not filter filenames in + # the "install_lib" command. diff --git a/externally_managed.in b/externally_managed.in new file mode 100644 index 0000000..54606b6 --- /dev/null +++ b/externally_managed.in @@ -0,0 +1,12 @@ +[externally-managed] +Error=To install Python packages system-wide, try + zypper install __PYTHONPREFIX__-xyz, where xyz is the package + you are trying to install. + + If you wish to install a non-rpm packaged Python package, + create a virtual environment using __PYTHON__ -m venv path/to/venv. + Then use path/to/venv/bin/python and path/to/venv/bin/pip. + + If you wish to install a non-rpm packaged Python application, + it may be easiest to use `pipx install xyz`, which will manage a + virtual environment for you. Install pipx via `zypper install __PYTHONPREFIX__-pipx` . diff --git a/fix_configure_rst.patch b/fix_configure_rst.patch new file mode 100644 index 0000000..b3f5e0c --- /dev/null +++ b/fix_configure_rst.patch @@ -0,0 +1,44 @@ +--- + Doc/using/configure.rst | 3 --- + Misc/NEWS | 2 +- + 2 files changed, 1 insertion(+), 4 deletions(-) + +Index: Python-3.11.12/Doc/using/configure.rst +=================================================================== +--- Python-3.11.12.orig/Doc/using/configure.rst 2025-04-08 16:15:29.000000000 +0200 ++++ Python-3.11.12/Doc/using/configure.rst 2025-04-11 10:52:39.419877561 +0200 +@@ -43,7 +43,6 @@ + + See :data:`sys.int_info.bits_per_digit `. + +-.. option:: --with-cxx-main + .. option:: --with-cxx-main=COMPILER + + Compile the Python ``main()`` function and link Python executable with C++ +@@ -529,13 +528,11 @@ + + See ``Mac/README.rst``. + +-.. option:: --enable-universalsdk + .. option:: --enable-universalsdk=SDKDIR + + Create a universal binary build. *SDKDIR* specifies which macOS SDK should + be used to perform the build (default is no). + +-.. option:: --enable-framework + .. option:: --enable-framework=INSTALLDIR + + Create a Python.framework rather than a traditional Unix install. Optional +Index: Python-3.11.12/Misc/NEWS +=================================================================== +--- Python-3.11.12.orig/Misc/NEWS 2025-04-08 16:15:29.000000000 +0200 ++++ Python-3.11.12/Misc/NEWS 2025-04-11 10:52:39.425550531 +0200 +@@ -9872,7 +9872,7 @@ + - bpo-40939: Removed documentation for the removed ``PyParser_*`` C API. + + - bpo-43795: The list in :ref:`limited-api-list` now shows the public name +- :c:struct:`PyFrameObject` rather than ``_frame``. The non-existing entry ++ :c:type:`PyFrameObject` rather than ``_frame``. The non-existing entry + ``_node`` no longer appears in the list. + + - bpo-44378: :c:func:`Py_IS_TYPE` no longer uses :c:func:`Py_TYPE` to avoid diff --git a/gh-126572-test_ssl-no-stop-ThreadedEchoServer-OSError.patch b/gh-126572-test_ssl-no-stop-ThreadedEchoServer-OSError.patch new file mode 100644 index 0000000..5c26386 --- /dev/null +++ b/gh-126572-test_ssl-no-stop-ThreadedEchoServer-OSError.patch @@ -0,0 +1,82 @@ +From 3d390148c05a7ea2d401c4633e7d4db75ebf97d9 Mon Sep 17 00:00:00 2001 +From: Petr Viktorin +Date: Thu, 7 Nov 2024 11:07:02 +0100 +Subject: [PATCH] gh-126500: test_ssl: Don't stop ThreadedEchoServer on OSError + in ConnectionHandler; rely on __exit__ (GH-126503) + +If `read()` in the ConnectionHandler thread raises `OSError` (except `ConnectionError`), +the ConnectionHandler shuts down the entire ThreadedEchoServer, +preventing further connections. +It also does that for `EPROTOTYPE` in `wrap_conn`. + +As far as I can see, this is done to avoid the server thread getting stuck, +forgotten, in its accept loop. However, since 2011 (5b95eb90a7167285b6544b50865227c584943c9a) +the server is used as a context manager, and its `__exit__` does `stop()` and `join()`. +(I'm not sure if we *always* used `with` since that commit, but currently we do.) + +Make sure that the context manager *is* used, and remove the `server.stop()` +calls from ConnectionHandler. +(cherry picked from commit c9cda1608edf7664c10f4f467e24591062c2fe62) + +Co-authored-by: Petr Viktorin +--- + Lib/test/test_ssl.py | 17 ++++++++++++----- + 1 file changed, 12 insertions(+), 5 deletions(-) + +Index: Python-3.11.12/Lib/test/test_ssl.py +=================================================================== +--- Python-3.11.12.orig/Lib/test/test_ssl.py 2025-04-19 19:55:02.157545844 +0200 ++++ Python-3.11.12/Lib/test/test_ssl.py 2025-04-19 19:55:05.014552345 +0200 +@@ -2516,7 +2516,6 @@ + # See also http://erickt.github.io/blog/2014/11/19/adventures-in-debugging-a-potential-osx-kernel-bug/ + if e.errno != errno.EPROTOTYPE and sys.platform != "darwin": + self.running = False +- self.server.stop() + self.close() + return False + else: +@@ -2651,10 +2650,6 @@ + self.close() + self.running = False + +- # normally, we'd just stop here, but for the test +- # harness, we want to stop the server +- self.server.stop() +- + def __init__(self, certificate=None, ssl_version=None, + certreqs=None, cacerts=None, + chatty=True, connectionchatty=False, starttls_server=False, +@@ -2688,21 +2683,33 @@ + self.conn_errors = [] + threading.Thread.__init__(self) + self.daemon = True ++ self._in_context = False + + def __enter__(self): ++ if self._in_context: ++ raise ValueError('Re-entering ThreadedEchoServer context') ++ self._in_context = True + self.start(threading.Event()) + self.flag.wait() + return self + + def __exit__(self, *args): ++ assert self._in_context ++ self._in_context = False + self.stop() + self.join() + + def start(self, flag=None): ++ if not self._in_context: ++ raise ValueError( ++ 'ThreadedEchoServer must be used as a context manager') + self.flag = flag + threading.Thread.start(self) + + def run(self): ++ if not self._in_context: ++ raise ValueError( ++ 'ThreadedEchoServer must be used as a context manager') + self.sock.settimeout(1.0) + self.sock.listen(5) + self.active = True diff --git a/gh120226-fix-sendfile-test-kernel-610.patch b/gh120226-fix-sendfile-test-kernel-610.patch new file mode 100644 index 0000000..2eb6f63 --- /dev/null +++ b/gh120226-fix-sendfile-test-kernel-610.patch @@ -0,0 +1,35 @@ +From 1b3f6523a5c83323cdc44031b33a1c062e5dc698 Mon Sep 17 00:00:00 2001 +From: Xi Ruoyao +Date: Fri, 7 Jun 2024 23:51:32 +0800 +Subject: [PATCH] gh-120226: Fix + test_sendfile_close_peer_in_the_middle_of_receiving on Linux >= 6.10 + (GH-120227) + +The worst case is that the kernel buffers 17 pages with a page size of 64k. +(cherry picked from commit a7584245661102a5768c643fbd7db8395fd3c90e) + +Co-authored-by: Xi Ruoyao +--- + Lib/test/test_asyncio/test_sendfile.py | 11 ++++------- + 1 file changed, 4 insertions(+), 7 deletions(-) + +--- a/Lib/test/test_asyncio/test_sendfile.py ++++ b/Lib/test/test_asyncio/test_sendfile.py +@@ -93,13 +93,10 @@ class MyProto(asyncio.Protocol): + + class SendfileBase: + +- # 256 KiB plus small unaligned to buffer chunk +- # Newer versions of Windows seems to have increased its internal +- # buffer and tries to send as much of the data as it can as it +- # has some form of buffering for this which is less than 256KiB +- # on newer server versions and Windows 11. +- # So DATA should be larger than 256 KiB to make this test reliable. +- DATA = b"x" * (1024 * 256 + 1) ++ # Linux >= 6.10 seems buffering up to 17 pages of data. ++ # So DATA should be large enough to make this test reliable even with a ++ # 64 KiB page configuration. ++ DATA = b"x" * (1024 * 17 * 64 + 1) + # Reduce socket buffer size to test on relative small data sets. + BUF_SIZE = 4 * 1024 # 4 KiB + diff --git a/idle3.appdata.xml b/idle3.appdata.xml new file mode 100644 index 0000000..554b7c4 --- /dev/null +++ b/idle3.appdata.xml @@ -0,0 +1,35 @@ + + + + + idle3.desktop + IDLE3 + CC0 + Python-2.0 + Python 3 Integrated Development and Learning Environment + +

+ IDLE is Python’s Integrated Development and Learning Environment. + The GUI is uniform between Windows, Unix, and Mac OS X. + IDLE provides an easy way to start writing, running, and debugging + Python code. +

+

+ IDLE is written in pure Python, and uses the tkinter GUI toolkit. + It provides: +

+
    +
  • a Python shell window (interactive interpreter) with colorizing of code input, output, and error messages,
    • +
  • a multi-window text editor with multiple undo, Python colorizing, smart indent, call tips, auto completion, and other features,
    • +
  • search within any window, replace within editor windows, and search through multiple files (grep),
    • +
  • a debugger with persistent breakpoints, stepping, and viewing of global and local namespaces.
    • +
+ + https://docs.python.org/3/library/idle.html + + http://in.waw.pl/~zbyszek/fedora/idle3-appdata/idle3-main-window.png + http://in.waw.pl/~zbyszek/fedora/idle3-appdata/idle3-class-browser.png + http://in.waw.pl/~zbyszek/fedora/idle3-appdata/idle3-code-viewer.png + + zbyszek@in.waw.pl + diff --git a/idle3.desktop b/idle3.desktop new file mode 100644 index 0000000..43f5a4c --- /dev/null +++ b/idle3.desktop @@ -0,0 +1,12 @@ +[Desktop Entry] +Version=1.0 +Name=IDLE 3 +GenericName=Python 3 IDE +Comment=Python 3 Integrated Development and Learning Environment +Exec=idle3 %F +TryExec=idle3 +Terminal=false +Type=Application +Icon=idle3 +Categories=Development;IDE; +MimeType=text/x-python; diff --git a/import_failed.map b/import_failed.map new file mode 100644 index 0000000..f33690c --- /dev/null +++ b/import_failed.map @@ -0,0 +1,7 @@ +python311-curses: curses _curses _curses_panel +python311-dbm: dbm _dbm _gdbm +python311-idle: idlelib +python311-testsuite: test _ctypes_test _testbuffer _testcapi _testinternalcapi _testimportmultiple _testmultiphase xxlimited +python311-tk: tkinter _tkinter +python311-tools: turtledemo +python311: sqlite3 readline _sqlite3 nis diff --git a/import_failed.py b/import_failed.py new file mode 100644 index 0000000..258b5a5 --- /dev/null +++ b/import_failed.py @@ -0,0 +1,23 @@ +import sys, os +from sysconfig import get_path + +failed_map_path = os.path.join(get_path('stdlib'), '_import_failed', 'import_failed.map') + +if __spec__: + failed_name = __spec__.name +else: + failed_name = __name__ + +with open(failed_map_path) as fd: + for line in fd: + package = line.split(':')[0] + imports = line.split(':')[1] + if failed_name in imports: + raise ImportError(f"""Module '{failed_name}' is not installed. +Use: + sudo zypper install {package} +to install it.""") + +raise ImportError(f"""Module '{failed_name}' is not installed. +It is supposed to be part of python3 distribution, but missing from failed import map. +Please file a bug on the SUSE Bugzilla.""") diff --git a/macros.python3 b/macros.python3 new file mode 100644 index 0000000..2bd193b --- /dev/null +++ b/macros.python3 @@ -0,0 +1,28 @@ +%have_python3 1 + +# commented out legacy macro definitions +#py3_prefix /usr +#py3_incdir /usr/include/python3.5m +#py3_ver 3.5 + +# these should now be provided by macros.python_all +#python3_sitearch /usr/lib64/python3.5/site-packages +#python3_sitelib /usr/lib/python3.5/site-packages +#python3_version 3.5 + +# hard to say if anyone ever used these? +#py3_soflags cpython-35m-x86_64-linux-gnu +#py3_abiflags m +%cpython3_soabi %(python3 -c "import sysconfig; print(sysconfig.get_config_var('SOABI'))") +%py3_soflags %cpython3_soabi + +# compilation macros that might be in use somewhere +%py3_compile(O) \ +find %1 -name '*.pyc' -exec rm -f {} ";"\ +python3 -c "import sys, os, compileall; br='%{buildroot}'; compileall.compile_dir(sys.argv[1], ddir=br and (sys.argv[1][len(os.path.abspath(br)):]+'/') or None)" %1\ +%{-O:\ +find %1 -name '*.pyo' -exec rm -f {} ";"\ +python3 -O -c "import sys, os, compileall; br='%{buildroot}'; compileall.compile_dir(sys.argv[1], ddir=br and (sys.argv[1][len(os.path.abspath(br)):]+'/') or None)" %1\ +} + + diff --git a/no-skipif-doctests.patch b/no-skipif-doctests.patch new file mode 100644 index 0000000..7e412d7 --- /dev/null +++ b/no-skipif-doctests.patch @@ -0,0 +1,653 @@ +only in patch2: +unchanged: +--- + Doc/library/turtle.rst | 82 ------------------------------------------------- + 1 file changed, 82 deletions(-) + +--- a/Doc/library/turtle.rst ++++ b/Doc/library/turtle.rst +@@ -440,7 +440,6 @@ Turtle motion + turtle is headed. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.position() + (0.00,0.00) +@@ -467,7 +466,6 @@ Turtle motion + >>> turtle.goto(0, 0) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.position() + (0.00,0.00) +@@ -486,13 +484,11 @@ Turtle motion + orientation depends on the turtle mode, see :func:`mode`. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.setheading(22) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.heading() + 22.0 +@@ -511,13 +507,11 @@ Turtle motion + orientation depends on the turtle mode, see :func:`mode`. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.setheading(22) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.heading() + 22.0 +@@ -540,13 +534,11 @@ Turtle motion + not change the turtle's orientation. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.goto(0, 0) + + .. doctest:: +- :skipif: _tkinter is None + + >>> tp = turtle.pos() + >>> tp +@@ -570,13 +562,11 @@ Turtle motion + unchanged. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.goto(0, 240) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.position() + (0.00,240.00) +@@ -592,13 +582,11 @@ Turtle motion + Set the turtle's second coordinate to *y*, leave first coordinate unchanged. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.goto(0, 40) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.position() + (0.00,40.00) +@@ -625,7 +613,6 @@ Turtle motion + =================== ==================== + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.setheading(90) + >>> turtle.heading() +@@ -638,14 +625,12 @@ Turtle motion + its start-orientation (which depends on the mode, see :func:`mode`). + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.setheading(90) + >>> turtle.goto(0, -10) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.heading() + 90.0 +@@ -677,7 +662,6 @@ Turtle motion + calculated automatically. May be used to draw regular polygons. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.position() +@@ -706,7 +690,6 @@ Turtle motion + + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.dot() +@@ -724,7 +707,6 @@ Turtle motion + it by calling ``clearstamp(stamp_id)``. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.color("blue") + >>> turtle.stamp() +@@ -740,7 +722,6 @@ Turtle motion + Delete stamp with given *stampid*. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.position() + (150.00,-0.00) +@@ -785,7 +766,6 @@ Turtle motion + undo actions is determined by the size of the undobuffer. + + .. doctest:: +- :skipif: _tkinter is None + + >>> for i in range(4): + ... turtle.fd(50); turtle.lt(80) +@@ -818,7 +798,6 @@ Turtle motion + turtle turn instantly. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.speed() + 3 +@@ -839,7 +818,6 @@ Tell Turtle's state + Return the turtle's current location (x,y) (as a :class:`Vec2D` vector). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.pos() + (440.00,-0.00) +@@ -855,7 +833,6 @@ Tell Turtle's state + orientation which depends on the mode - "standard"/"world" or "logo". + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.goto(10, 10) + >>> turtle.towards(0,0) +@@ -867,7 +844,6 @@ Tell Turtle's state + Return the turtle's x coordinate. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.left(50) +@@ -883,7 +859,6 @@ Tell Turtle's state + Return the turtle's y coordinate. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.left(60) +@@ -900,7 +875,6 @@ Tell Turtle's state + :func:`mode`). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.left(67) +@@ -917,7 +891,6 @@ Tell Turtle's state + other turtle, in turtle step units. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.distance(30,40) +@@ -941,7 +914,6 @@ Settings for measurement + Default value is 360 degrees. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.left(90) +@@ -964,7 +936,6 @@ Settings for measurement + ``degrees(2*math.pi)``. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.left(90) +@@ -975,7 +946,6 @@ Settings for measurement + 1.5707963267948966 + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.degrees(360) +@@ -1011,7 +981,6 @@ Drawing state + thickness. If no argument is given, the current pensize is returned. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.pensize() + 1 +@@ -1043,7 +1012,6 @@ Drawing state + attributes in one statement. + + .. doctest:: +- :skipif: _tkinter is None + :options: +NORMALIZE_WHITESPACE + + >>> turtle.pen(fillcolor="black", pencolor="red", pensize=10) +@@ -1066,7 +1034,6 @@ Drawing state + Return ``True`` if pen is down, ``False`` if it's up. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.penup() + >>> turtle.isdown() +@@ -1107,7 +1074,6 @@ Color control + newly set pencolor. + + .. doctest:: +- :skipif: _tkinter is None + + >>> colormode() + 1.0 +@@ -1156,7 +1122,6 @@ Color control + with the newly set fillcolor. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.fillcolor("violet") + >>> turtle.fillcolor() +@@ -1195,7 +1160,6 @@ Color control + with the newly set colors. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.color("red", "green") + >>> turtle.color() +@@ -1212,7 +1176,6 @@ Filling + ~~~~~~~ + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.home() +@@ -1222,7 +1185,6 @@ Filling + Return fillstate (``True`` if filling, ``False`` else). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.begin_fill() + >>> if turtle.filling(): +@@ -1247,7 +1209,6 @@ Filling + above may be either all yellow or have some white regions. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.color("black", "red") + >>> turtle.begin_fill() +@@ -1264,7 +1225,6 @@ More drawing control + variables to the default values. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.goto(0,-22) + >>> turtle.left(100) +@@ -1315,7 +1275,6 @@ Visibility + drawing observably. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.hideturtle() + +@@ -1326,7 +1285,6 @@ Visibility + Make the turtle visible. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.showturtle() + +@@ -1357,7 +1315,6 @@ Appearance + deal with shapes see Screen method :func:`register_shape`. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.shape() + 'classic' +@@ -1383,7 +1340,6 @@ Appearance + ``resizemode("user")`` is called by :func:`shapesize` when used with arguments. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.resizemode() + 'noresize' +@@ -1407,7 +1363,6 @@ Appearance + of the shape's outline. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.shapesize() + (1.0, 1.0, 1) +@@ -1432,7 +1387,6 @@ Appearance + heading of the turtle are sheared. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.shape("circle") + >>> turtle.shapesize(5,2) +@@ -1449,7 +1403,6 @@ Appearance + change the turtle's heading (direction of movement). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.reset() + >>> turtle.shape("circle") +@@ -1469,7 +1422,6 @@ Appearance + (direction of movement). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.reset() + >>> turtle.shape("circle") +@@ -1495,7 +1447,6 @@ Appearance + turtle (its direction of movement). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.reset() + >>> turtle.shape("circle") +@@ -1524,7 +1475,6 @@ Appearance + given matrix. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle = Turtle() + >>> turtle.shape("square") +@@ -1540,7 +1490,6 @@ Appearance + can be used to define a new shape or components of a compound shape. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.shape("square") + >>> turtle.shapetransform(4, -1, 0, 2) +@@ -1565,7 +1514,6 @@ Using events + procedural way: + + .. doctest:: +- :skipif: _tkinter is None + + >>> def turn(x, y): + ... left(180) +@@ -1586,7 +1534,6 @@ Using events + ``None``, existing bindings are removed. + + .. doctest:: +- :skipif: _tkinter is None + + >>> class MyTurtle(Turtle): + ... def glow(self,x,y): +@@ -1614,7 +1561,6 @@ Using events + mouse-click event on that turtle. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.ondrag(turtle.goto) + +@@ -1642,7 +1588,6 @@ Special Turtle methods + Return the last recorded polygon. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.begin_poly() +@@ -1662,7 +1607,6 @@ Special Turtle methods + turtle properties. + + .. doctest:: +- :skipif: _tkinter is None + + >>> mick = Turtle() + >>> joe = mick.clone() +@@ -1675,7 +1619,6 @@ Special Turtle methods + return the "anonymous turtle": + + .. doctest:: +- :skipif: _tkinter is None + + >>> pet = getturtle() + >>> pet.fd(50) +@@ -1689,7 +1632,6 @@ Special Turtle methods + TurtleScreen methods can then be called for that object. + + .. doctest:: +- :skipif: _tkinter is None + + >>> ts = turtle.getscreen() + >>> ts +@@ -1707,7 +1649,6 @@ Special Turtle methods + ``None``, the undobuffer is disabled. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.setundobuffer(42) + +@@ -1717,7 +1658,6 @@ Special Turtle methods + Return number of entries in the undobuffer. + + .. doctest:: +- :skipif: _tkinter is None + + >>> while undobufferentries(): + ... undo() +@@ -1740,7 +1680,6 @@ below: + For example: + + .. doctest:: +- :skipif: _tkinter is None + + >>> s = Shape("compound") + >>> poly1 = ((0,0),(10,-5),(0,10),(-10,-5)) +@@ -1751,7 +1690,6 @@ below: + 3. Now add the Shape to the Screen's shapelist and use it: + + .. doctest:: +- :skipif: _tkinter is None + + >>> register_shape("myshape", s) + >>> shape("myshape") +@@ -1771,7 +1709,6 @@ Most of the examples in this section ref + ``screen``. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> screen = Screen() +@@ -1788,7 +1725,6 @@ Window control + Set or return background color of the TurtleScreen. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.bgcolor("orange") + >>> screen.bgcolor() +@@ -1880,7 +1816,6 @@ Window control + distorted. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.reset() + >>> screen.setworldcoordinates(-50,-7.5,50,7.5) +@@ -1891,7 +1826,6 @@ Window control + ... left(45); fd(2) # a regular octagon + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> screen.reset() +@@ -1913,7 +1847,6 @@ Animation control + Optional argument: + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.delay() + 10 +@@ -1935,7 +1868,6 @@ Animation control + :func:`delay`). + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.tracer(8, 25) + >>> dist = 2 +@@ -1972,7 +1904,6 @@ Using screen events + must have the focus. (See method :func:`listen`.) + + .. doctest:: +- :skipif: _tkinter is None + + >>> def f(): + ... fd(50) +@@ -1993,7 +1924,6 @@ Using screen events + must have focus. (See method :func:`listen`.) + + .. doctest:: +- :skipif: _tkinter is None + + >>> def f(): + ... fd(50) +@@ -2018,7 +1948,6 @@ Using screen events + named ``turtle``: + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.onclick(turtle.goto) # Subsequently clicking into the TurtleScreen will + >>> # make the turtle move to the clicked point. +@@ -2038,7 +1967,6 @@ Using screen events + Install a timer that calls *fun* after *t* milliseconds. + + .. doctest:: +- :skipif: _tkinter is None + + >>> running = True + >>> def f(): +@@ -2120,7 +2048,6 @@ Settings and special methods + ============ ========================= =================== + + .. doctest:: +- :skipif: _tkinter is None + + >>> mode("logo") # resets turtle heading to north + >>> mode() +@@ -2135,7 +2062,6 @@ Settings and special methods + values of color triples have to be in the range 0..*cmode*. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.colormode(1) + >>> turtle.pencolor(240, 160, 80) +@@ -2156,7 +2082,6 @@ Settings and special methods + do with a Tkinter Canvas. + + .. doctest:: +- :skipif: _tkinter is None + + >>> cv = screen.getcanvas() + >>> cv +@@ -2168,7 +2093,6 @@ Settings and special methods + Return a list of names of all currently available turtle shapes. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.getshapes() + ['arrow', 'blank', 'circle', ..., 'turtle'] +@@ -2192,7 +2116,6 @@ Settings and special methods + coordinates: Install the corresponding polygon shape. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.register_shape("triangle", ((5,-3), (0,5), (-5,-3))) + +@@ -2208,7 +2131,6 @@ Settings and special methods + Return the list of turtles on the screen. + + .. doctest:: +- :skipif: _tkinter is None + + >>> for turtle in screen.turtles(): + ... turtle.color("red") +@@ -2270,7 +2192,6 @@ Methods specific to Screen, not inherite + center window vertically + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.setup (width=200, height=200, startx=0, starty=0) + >>> # sets window to 200x200 pixels, in upper left of screen +@@ -2286,7 +2207,6 @@ Methods specific to Screen, not inherite + Set title of turtle window to *titlestring*. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.title("Welcome to the turtle zoo!") + +@@ -2357,7 +2277,6 @@ Public classes + Example: + + .. doctest:: +- :skipif: _tkinter is None + + >>> poly = ((0,0),(10,-5),(0,10),(-10,-5)) + >>> s = Shape("compound") +@@ -2743,7 +2662,6 @@ Changes since Python 3.0 + + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> for turtle in turtles(): diff --git a/pre_checkin.sh b/pre_checkin.sh new file mode 100644 index 0000000..a2cf992 --- /dev/null +++ b/pre_checkin.sh @@ -0,0 +1,78 @@ +#!/bin/bash + +export LC_ALL=C + +master=python*.spec + +# create import_failed.map from package definitions +pkgname=$(grep python_pkg_name $master |grep define |awk -F' ' '{print $3}') +MAPFILE=import_failed.map +function new_map_line () { + package=$1 + package=$(echo $1 |sed -e "s:%{python_pkg_name}:$pkgname:") + modules=$2 + if [ -z "$package" -o -z "$modules" ]; then + return + fi + if [[ "$package" =~ "-base" ]]; then + return + fi + echo "$package:$modules" >> $MAPFILE.tmp +} + +for spec in *.spec; do + basename=${spec%.spec} + package= + modules= + while read line; do + case $line in + "%files -n "*) + new_map_line $package "$modules" + package=${line#"%files -n "} + modules= + ;; + "%files "*) + new_map_line $package "$modules" + package=$basename-${line#"%files "} + modules= + ;; + "%files") + new_map_line $package "$modules" + package=$basename + modules= + ;; + "%{sitedir}/config-"*) + # ignore + ;; + "%{sitedir}/"*) + word=${line#"%{sitedir}/"} + if ! echo $word | grep -q /; then + modules="$modules $word" + fi + ;; + "%{dynlib "*"}") + word=${line#"%{dynlib "} + word=${word%"}"} + modules="$modules $word" + ;; + esac + done < $spec + new_map_line $package "$modules" +done + +cat $MAPFILE.tmp |sort -u > $MAPFILE +rm $MAPFILE.tmp + +# run test inclusion check +tar xJf Python-*.xz +python3 skipped_tests.py + +# generate baselibs.conf +VERSION=$(grep ^Version $master|awk -F':' '{print $2}' |sed -e 's/ //g') +python_version=${VERSION:0:3} # 3.3 +python_version_abitag=${python_version//./} # 33 +python_version_soname=${python_version//./_} # 3_3 +echo "$pkgname-base" > baselibs.conf +echo "$pkgname" >> baselibs.conf +echo "libpython$python_version_soname-1_0" >> baselibs.conf + diff --git a/python-3.3.0b1-fix_date_time_compiler.patch b/python-3.3.0b1-fix_date_time_compiler.patch new file mode 100644 index 0000000..cda20d7 --- /dev/null +++ b/python-3.3.0b1-fix_date_time_compiler.patch @@ -0,0 +1,27 @@ +--- + Makefile.pre.in | 7 +++++++ + 1 file changed, 7 insertions(+) + +Index: Python-3.11.8/Makefile.pre.in +=================================================================== +--- Python-3.11.8.orig/Makefile.pre.in ++++ Python-3.11.8/Makefile.pre.in +@@ -1240,11 +1240,18 @@ Modules/getbuildinfo.o: $(PARSER_OBJS) \ + $(DTRACE_OBJS) \ + $(srcdir)/Modules/getbuildinfo.c + $(CC) -c $(PY_CORE_CFLAGS) \ ++ -DDATE="\"`date -u -r Makefile.pre.in +"%b %d %Y"`\"" \ ++ -DTIME="\"`date -u -r Makefile.pre.in +"%T"`\"" \ + -DGITVERSION="\"`LC_ALL=C $(GITVERSION)`\"" \ + -DGITTAG="\"`LC_ALL=C $(GITTAG)`\"" \ + -DGITBRANCH="\"`LC_ALL=C $(GITBRANCH)`\"" \ + -o $@ $(srcdir)/Modules/getbuildinfo.c + ++Python/getcompiler.o: $(srcdir)/Python/getcompiler.c Makefile ++ $(CC) -c $(PY_CORE_CFLAGS) \ ++ -DCOMPILER='"[GCC]"' \ ++ -o $@ $(srcdir)/Python/getcompiler.c ++ + Modules/getpath.o: $(srcdir)/Modules/getpath.c Python/frozen_modules/getpath.h Makefile $(PYTHON_HEADERS) + $(CC) -c $(PY_CORE_CFLAGS) -DPYTHONPATH='"$(PYTHONPATH)"' \ + -DPREFIX='"$(prefix)"' \ diff --git a/python-3.3.0b1-localpath.patch b/python-3.3.0b1-localpath.patch new file mode 100644 index 0000000..475497e --- /dev/null +++ b/python-3.3.0b1-localpath.patch @@ -0,0 +1,13 @@ +Index: Python-3.11.8/Lib/site.py +=================================================================== +--- Python-3.11.8.orig/Lib/site.py ++++ Python-3.11.8/Lib/site.py +@@ -77,7 +77,7 @@ import io + import stat + + # Prefixes for site-packages; add additional prefixes like /usr/local here +-PREFIXES = [sys.prefix, sys.exec_prefix] ++PREFIXES = [sys.prefix, sys.exec_prefix, '/usr/local'] + # Enable per user site-packages directory + # set it to False to disable the feature or True to force the feature + ENABLE_USER_SITE = None diff --git a/python-3.3.0b1-test-posix_fadvise.patch b/python-3.3.0b1-test-posix_fadvise.patch new file mode 100644 index 0000000..ac5d553 --- /dev/null +++ b/python-3.3.0b1-test-posix_fadvise.patch @@ -0,0 +1,17 @@ +--- + Lib/test/test_posix.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +Index: Python-3.11.8/Lib/test/test_posix.py +=================================================================== +--- Python-3.11.8.orig/Lib/test/test_posix.py ++++ Python-3.11.8/Lib/test/test_posix.py +@@ -430,7 +430,7 @@ class PosixTester(unittest.TestCase): + def test_posix_fadvise(self): + fd = os.open(os_helper.TESTFN, os.O_RDONLY) + try: +- posix.posix_fadvise(fd, 0, 0, posix.POSIX_FADV_WILLNEED) ++ posix.posix_fadvise(fd, 0, 0, posix.POSIX_FADV_RANDOM) + finally: + os.close(fd) + diff --git a/python.keyring b/python.keyring new file mode 100644 index 0000000..747bc27 --- /dev/null +++ b/python.keyring @@ -0,0 +1,109 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBFq+ToQBEADRYvIVtbK6owynD3j3nxwpW2KEk/p+aDvtXmc2SR2dBcZ8sFW2 +R5vEsG8d3/D3wgv5pcL3KfNNXQYUnXVbobrFUUWQYc79qIsE3MgiPf5NVOtwKPUR +i5g9YJgKvpBxkQfqp3LYGm9ZBtwo3DVLA3yn7KsazCmAgTNFJYw7ku1XxgmIzY6K +5J30DfbJiqDqj4f9GslCCCCH3qiPnuLG/HUyVLHMpbWlaiy9NI0GcaLxjJewHj9w +W2D2lydkxe5JGo7egUkV3ILcuLVSVKA35SKY27dYqfuyqp9tAzaRbjDYjsYdHA6G +BqrNrKBn/GwlFDPrVdcvN3ZSY2wMLTxWE3Axc/FweuHxFnou/80FwX7F3JD+oEQ6 +rofmcxOBCC7J98I7HZAhP9jBn88XIS2hztbLq8d6rZJZRtcz0k61VR0ddO+TrFmf +9rMYCPgCckRtVxeFIVIabrN1IzKynLFeo040h8hSGswd6YKDOVwjJY6Oa6EmVefZ +a8QSt4+M65RSzH6SEPY008F3nJUAK6MEkzTak+tFltZNrVWu8p2xd1j9nmxAwEhZ +/lgbxLqzYgaUWmfyHeZ8yVA0MhHzdiAL8nVUEdG3KecIq0RWCJLGLWWIjd6KAJl1 +yAmhRYKK/sjPDsL3elHsFACfZbyx3o5GGQNlas1FYoPLWbaNGaJtgFTF2QARAQAB +tCtQYWJsbyBHYWxpbmRvIFNhbGdhZG8gPHBhYmxvZ3NhbEBnbWFpbC5jb20+iQJO +BBMBCgA4FiEEoDXIwZIZuoIezqhrZOYo+NaEaW0FAlq+ToQCGwMFCwkIBwMFFQoJ +CAsFFgIDAQACHgECF4AACgkQZOYo+NaEaW2bmA/+PXIap2udLoUVOHxnsIBdqYwp +sv1Aj5lfIJmNhmxPbHShwp1Jg+w4urxe+2Dj5ofKVlIo1i83bQkvnKJMDXDVuc/K +P6zqhBJ3rT4Q3qx2mzX8bIfQoJ2JHuH4lkP+I7doDcHHRyeNASyk72VdQmU4twNw +Ibn8nSNV6ThKHdoPYzVnO2rZUFcGIqH5HNsvR+B7cc1MBCHsgURYwSVhSePIFGlZ +iasdBD6QQkDSe4QWi7AcJFWFElw4kbOKJWxAWsrEk+tMXJVGRjnmL289EmPCx/vx +BqKy7Mse0yWCSRR3vB+O6TB1S5SgEyEgqlYsfGNv1qf/rfRD4KkyCbNU3LhY1Aim +vJP4pDW+KFxTk2Ks8vrx8gOSd2aFqPeO/pFDrpsF7PD62XwsfoXu4xc5V0Giw7r1 +Nai0nax7kOrldNF8TbbtRjW0jmoC7wLIDujAkwDIOroZ0CXA3N4HVHdSbrHm/urX +nyxJXupXAQNwGx64JCBcbF2fp3Kvu1VAXBEFnd01KaopthHcbG5pA50Kl2Vhe+98 +OdezUX42fHkQpQkB7HgtXfm6W1bw6YRBamrNvs1OoHBYmUjlECpe566IIu25Hc8s +x3qA+6eca7iqizyLG+WyMT8ZIYTWGAS59jxwR4esqGczbbZPSAPHFwLbGv7Wr0Rd +TPu5B0FcKpDkTd4IxQW5Ag0EWr5O2gEQAMjLe4CtbSfofmJrz5wfNkMVsZ81Gbqe +MoYd3dtkJnQYERUj8flzBj3ucaxGJ+Cuf7ybh3naPopKvEI1q0vkcgCDqrEgXK// +jKJbP28uPSMGhOG28q4PbamG55gy5FtM3ezzAxPWWKe9qBpV65GMmFy7eBQx2iJs +yiDIOOQQ4kraS+cTqNFimEXAGLCOQRNLcwIZzwAAHoW7HEpNUfVwaBD9kMlbo1ND +I60IKcNrNcmcmRxhJqfxjj8YBMwcKHO6GBE3AVpaE/+UO9zyr4TH+0YuQUgxKlPW +Dkg5XlkDo0S1GyLY5e9ckIDIlkTdDa2pOkoE2yB5MQCEga3YiHrKUVTTWaxn9XVJ +6x5ZjUF6bgSWGkrG5dUqSYoO1iDMuNVjtiujNyf/rvfj5cNxS7/lgxchhQKZHZXL +WVqxlneeVJ6s0P4+ROVG9ga2Sve7aUJ6wXIewZwulBcV2sE/W/DgxHgLBi53CUQt +vEzFzKvo48GnDqL5VYjA7l0HMYHd4GksCLi8E8U6Cgj+imXiM8voL7pHRZfs8mY8 +udR+UT4e1Scl2MYP2qBJ9/17B/X52B3s1EZdqI/r+hfOyqrhPs+dbAN0mtMPn68+ +nrvY1+nscvrSYEP6ZBlc9Hp2mgJdb6IcTvINXBEeLRjgc3pjViva443pkiFp9Axm +ecOckMKP3uSlABEBAAGJBGwEGAEKACAWIQSgNcjBkhm6gh7OqGtk5ij41oRpbQUC +Wr5O2gIbAgJACRBk5ij41oRpbcF0IAQZAQoAHRYhBM/cokWxBDzypfl4Zf/odAQW +i9hHBQJavk7aAAoJEP/odAQWi9hHr7YP/RCLre1CmOoWYpAtoa1yVCeYMDV6eQgL +B488/BEZHQE1zbrYy16XkhORob3JF/kUMjmJW7XaFF8FrWvRcdj/xaUGbOOEulKg +v+8zWfswYQRiZ4/JlwER4vRLi6fTE89MVER6Fkj2ASD4D2cifY+EztD4flV3sq3s +vIogGFaN9IvdrdeptOVGXs1RmAyoTsiS2mKQ6xsGh8B9ZAm55W8fBOGiSzLX21Xk +Ofdw53BrFQxn3cu/JgIKpdeZxgukcvEAI62B6X+YL6Na4j0eqEGLzsNtU1+xeJlo +WtVvmRwnRHGSxF6fzIZ3mk/p/aFiXAEq/xITCTY6tDv7x7pFE/RpdlJZyNJ+R5Y4 +SQiuDsylxNCa/4G5EB6q+7iVYtbEQ9MnZg2phowEE42tlj0rz8/rvDK3LH3xibot +KHIodCWKlWByxH99u2PuHUQ0c1oCVBUE1KkruMpvI236DpU/dvdq4JLSg/fWrys/ +VIjqLZgsIE5g/KO9XqngWHkLcBLh4CNAmHJ8Iia+s+/rfgsejQWB5uJb6eYg2JjB +4WP1EI0rULM6fdrCNB+MJ36wE2Lnb4bfT0phOMgjjH5/Ki7ZCbkxkOsBs4SRjiS+ +weCsmpAtMqodWY/Cnw9pWSA/qLSRD5/mKeb9SO6OZ/OPfAatwnGHsvZ2sAueC6rR +04W5BfXZWrnJUXQP/id/EKE1Ksp5fKoxSCbkKTCig+Sf5Afwe36yFN+niZBqzn5b +BgL/HIKaZM97oDHersPPANeEgS+JVlBf95iKIYnQbZP43FLVbvOuaINhBIVtFO54 +2Y7EYwl41kP7ILDElVy36KAmdQyBAfrjnZiRA70xShOxApLug1L0lxhR3YfmLwNi +RJ0V6KnYDKf0pfdhO9VFyFFWUojX1usn2SmSsXNizsNtvRqHXzPnX0rbJzZ9+N4O +9k1nxygYFG/2R/jGonVmTjRzcAHrAkNJETMWXMA7/8wRMDwluz8j+cCldey9x8Vk +JwgLGnZSbQtVpcFAnm5r/36Gt+9wc1VWMyrUrVr6Z679aqAbG7PMaeR5h5ygMj1k +VqRTYAUPSk1f8bZKRssQkQwEbp9dVIjm9SsR8VT7/tB+UuB85dABxgHfv3psJRT+ +tL8g9V7kSZqQfcLNGmvEVvr2Zl9NtxwXtsFM2OBprxCenwb+e9Ppm1LjfJG/NE72 +mAnOERfDaiLt4bqNo36Ei5sGCJ4Fx61phzNBXzkdRNM47i8J5UZRKFkE91c99BVM +HKUaY61NRK24fR0zP98ftDU82YFw0VRFJpTeBrO5ivN1MlQxUPzUWxKxMxO+20wa +UOXroEw11Tb4SRLGOla1pCl6lCUPJRy9IzadPDgTr/OTMkob/snt/XLdnV5/uQIN +BFq+TvoBEAC8Oy1g6pPWBbrCMhIq7VWY2fjylJ1fwg5BPXkOKVK1dsGYO4QD7oW9 +L0aSqcFSNFGF9Cl0Ri4TFXZC3hnG4HeSXUWApuKdBLn21H3jba36Ay1oGcGfdm0v +Zght4c6BlMVBpGCw2wIkJbUNEy6InMM+O8CCbbaH3iJkJ4141P7pODHignx5AmZI +conMui4YOhC+IXQXynVEv1Juk7erB1Nh1RcRvsA4lb44HWx49lIwe85ejOmoZ0O3 +6f9NJRer6bV0+rHWmg4IV5Q9h/Gn4IhEDZxA0DZl1RQI7dMgaMbIFbXGq7Kgzstz +EUnOoy29hXodxVmwIsMrAiQUYtwJ9hW+ESsw47+W2iPHVgviGWl7r/SgcgMYmf6m +5kiTBtwU7BQPS9G3zwwP2Rm3AA/6g39Q+tQKjOwi1I8+GZsY2On44Zly7BreBNg5 +4gJgdAGcMOYU9etr050clH3UpTYcAEtX++ahtOKhJgLIPNcIAQNlnifqvU0VYpgw +R4YpZ7hgg+AVDzC73PIM0lFI0XiDuqChbxE+K1jmLXWe5iJF0dzgVTwP+PmsifNZ +Wg3+YxSsS+hDMPQ2xPiQN49gT4JJDHcDuyhHyCGYgyMiVJCsku9KrkubbfVRivyN +ZF2Zfo3f+nbrRxsftz0yjAq8byCvb0V0XOpt4pJ/ddlug9ytRxALNwARAQABiQI2 +BBgBCgAgFiEEoDXIwZIZuoIezqhrZOYo+NaEaW0FAlq+TvoCGwwACgkQZOYo+NaE +aW3urA//UQ/cKQ7HvWjcLphzQOZc+6m5YL0wxvZkSjemU7mqjZdpacteIvRAoers +EqXHc208liIBtNfRzoreXdcXNzie65xXkrRnWoHVH/fTWy4lOnHr2CMXLeHjUgg/ +M6PYi8+sARm05YFB8nsYhlhx3IdLhcfeVVbJedQKO0yL3CK1okT30DUVq5Lq6X/K +DC6AxuJR3D6UMSoT0WLaoX8qbhAp88qLynInfBVL18d97h916WPLTPeP0eHwhwND +bYtKDCMDuKQ9XX5+QsNH0RmbxlX274LHrUMMvkLKxcfCBvP+iuqrBeIuoeVzXYJZ +j7ZJtEH79bW44eecl/CY/STFYgSQ2XGTp2BI2q60wAmtKlNhwxY5ena0FgyFl6Tm +5OBHW/Pwo+ndQJGfbrCyWkTgRay9c8er3gl3GQYIBH6X0kCiG7h/Epj0b5CHOPU5 +hCw0kEB8MB4poTIjeiY+Q01472/lQ68CL3DX158hR5d3XaPSIxAN+qFsfB1o316p +yjxhfK1MD/IfrOgjlggPPnc/KmLkCzpgdwKcZwLCdZq9hYBvF1Zs34HbaVMYbWTK +uxLowtXGU43vatCXXqmPOvl4/g4tZD6rysJDgOrHQnEHzT+Napn07s0BRC0IbbNn +FynUrkr5KMSuRz7Hg7xMApENOrb0nqdHSUJ914ZpuMIS6RhJgGu5Ag0EWr5PIAEQ +ALfh9vPD2B+miHDTMADI8aRZ7g9tnzynZYkk3+2sCiiusetsQQ+HIPJ/ASEJB7On +ane9dyT/LTRhrK9qaxgVMimk2COXB/xyh7Mnw7nJgFU0aRSbtX0vbvQz2suSzrQ6 +9mPKzan28JGoClqB0bw1vwf3VjjxHV2dgD57CmqFPv7kAC/2a56dE+etzXattZAL ++2JWTpmfQ0ePRRadtBm0VahQhnU8x0+jvAVrEawqpVW83ozYFyW/0WInM2J7jHgQ +16OosY4lj5L/DxpVxaArhRFoRfWPXfC37iE8Mou/I95isvPQIhp1wTo4jG0KM02B +oIVbp/QRNBQ6WtpOzvJs1gqQiJJTfqbKJXQ3NDEY9crpVS83HJ+Zv99PNsyNkFjG +QpU84U3ZhsI4ygjdY45mpZueqI1RVcRQdu8Hgvoo/78Q/Sir6gMGop3mVdVo2guI +kFcJrXh0Xk3ech4aVqrmKx/mPXGwOAQU0DAul4RW3fKg1QxQE7Tlw3+95Ee/+q5j +HARL0uDbCJpRO8Sl8NDEuL32n/2Ot6kQeCSHrU7KJRYAkTxkKvr8zNow7hFhHFPE +SnHvTnskI6noh0VY6NwMhmLvhm0wKkRxZPzUNc3sgLvbK1NymIZ9aKCZamzhZrmG +vnblEz/OSLwGUua465H3hM1vvBQiartj7+6ZqWIkSmBPABEBAAGJAjYEGAEKACAW +IQSgNcjBkhm6gh7OqGtk5ij41oRpbQUCWr5PIAIbIAAKCRBk5ij41oRpbWmeEACG ++axtDC8UoNp9ORiYwEWLzZWDuugE+ah7DYYGD4Vs633FXVZW3SgM/bFtJ/0Lg8CF +74jI4LMHyIjDzEjcoItwnhBLix+kUoJTvrY58GPydwekLuw1p4KXLqtRs4fsZbNQ +YTknl4jYtRWoxO98x7tun7Gq2gqmJkIB2uj630fKz5cBk6p6oDFKjzyrHe+V7BiK +3okQPaD4x7hq8OnTy7lOy92ZZAqztS4tNEb4DkYW1MpuwsJ7hbBZitc1siI+FVVb +GjVVGZz6ssXoW67Tz8+VxdWJxNLXlv27eMcj4sme5S0th/YYNA5fRRv6zuzqZAru +YNGLpYYU7JLvZJ+3lCwa5j5ycOGBF0GvsGs6gj6h+CHkjR/BgzAgWC+GgUgslt6q +aH04rWtV6rVz+Y91LcrX5P6OM4anmXD3Gp3kl35AypXb4KyASF19+11RUziD4Z7q +wQEWfbwOltNyZv2lD8s2jPr7P02axWRQUbZAEhxRmvOQev/FZPyCF6gqUo/HxRbQ +y3bzmnipyHSv1DlXNfCFCHvN8kGyZnRWARqIKRg+j9ediJgOUqlLhg6KmrTVxd5v +3Dfv52PW2UODDTM20s3cQGuX/UswzMRwPI/+P44iCMwEKdm7duM/5oisZT9Vhy7g +P15MreFZLcZvUVgjqgy0u57cstyGK1Bo9e2sFcK2fA== +=6Zb4 +-----END PGP PUBLIC KEY BLOCK----- diff --git a/python311-rpmlintrc b/python311-rpmlintrc new file mode 100644 index 0000000..6c3d3b0 --- /dev/null +++ b/python311-rpmlintrc @@ -0,0 +1,4 @@ +addFilter("pem-certificate.*/usr/lib.*/python.*/test/*.pem") +addFilter("devel-file-in-non-devel-package.*/usr/lib.*/python.*/tests/*.c") +addFilter("devel-file-in-non-devel-package.*/usr/lib.*/python.*/test/*.cpp") +addFilter("python-bytecode-inconsistent-mtime.*\.pyc") diff --git a/python311.changes b/python311.changes new file mode 100644 index 0000000..362456b --- /dev/null +++ b/python311.changes @@ -0,0 +1,5580 @@ +------------------------------------------------------------------- +Sat May 10 11:38:24 UTC 2025 - Matej Cepl + +- Remove python-3.3.0b1-test-posix_fadvise.patch (not needed + since kernel 3.6-rc1) + +------------------------------------------------------------------- +Fri Apr 18 14:05:38 UTC 2025 - Matej Cepl + +- Update to 3.11.12: + - gh-131809: Update bundled libexpat to 2.7.1 + - gh-131261: Upgrade to libexpat 2.7.0 + - gh-105704: When using urllib.parse.urlsplit() and + urllib.parse.urlparse() host parsing would not reject domain + names containing square brackets ([ and ]). Square brackets + are only valid for IPv6 and IPvFuture hosts according to RFC + 3986 Section 3.2.2 (bsc#1236705, CVE-2025-0938, + gh#python/cpython#105704). + - gh-121284: Fix bug in the folding of rfc2047 encoded-words + when flattening an email message using a modern email + policy. Previously when an encoded-word was too long for + a line, it would be decoded, split across lines, and + re-encoded. But commas and other special characters in the + original text could be left unencoded and unquoted. This + could theoretically be used to spoof header lines using a + carefully constructed encoded-word if the resulting rendered + email was transmitted or re-parsed. + - gh-80222: Fix bug in the folding of quoted strings + when flattening an email message using a modern email + policy. Previously when a quoted string was folded so that + it spanned more than one line, the surrounding quotes and + internal escapes would be omitted. This could theoretically + be used to spoof header lines using a carefully constructed + quoted string if the resulting rendered email was transmitted + or re-parsed. + - gh-119511: Fix a potential denial of service in the imaplib + module. When connecting to a malicious server, it could + cause an arbitrary amount of memory to be allocated. On many + systems this is harmless as unused virtual memory is only + a mapping, but if this hit a virtual address size limit + it could lead to a MemoryError or other process crash. On + unusual systems or builds where all allocated memory is + touched and backed by actual ram or storage it could’ve + consumed resources doing so until similarly crashing. + - gh-127257: In ssl, system call failures that OpenSSL reports + using ERR_LIB_SYS are now raised as OSError. + - gh-121277: Writers of CPython’s documentation can now use + next as the version for the versionchanged, versionadded, + deprecated directives. + - gh-106883: Disable GC during the _PyThread_CurrentFrames() + and _PyThread_CurrentExceptions() calls to avoid the + interpreter to deadlock. +- Remove upstreamed patch: + - CVE-2025-0938-sq-brackets-domain-names.patch +- Add gh-126572-test_ssl-no-stop-ThreadedEchoServer-OSError.patch + which makes test_ssl not to stop ThreadedEchoServer on OSError, + which makes test_ssl pass with OpenSSL 3.5 (bsc#1241067, + gh#python/cpython!126572) + +------------------------------------------------------------------- +Wed Mar 12 15:05:46 UTC 2025 - Bernhard Wiedemann + +- Allow to disable PGO + +------------------------------------------------------------------- +Mon Mar 10 15:44:31 UTC 2025 - Bernhard Wiedemann + +- Skip PGO with %want_reproducible_builds (bsc#1239210) + +------------------------------------------------------------------- +Tue Feb 4 14:43:13 UTC 2025 - Matej Cepl + +- Add CVE-2025-0938-sq-brackets-domain-names.patch which + disallows square brackets ([ and ]) in domain names for parsed + URLs (bsc#1236705, CVE-2025-0938, gh#python/cpython#105704) + +------------------------------------------------------------------- +Mon Jan 27 09:00:48 UTC 2025 - Daniel Garcia + +- Configure externally_managed with a bcond + https://en.opensuse.org/openSUSE:Python:Externally_managed + bsc#1228165 + +------------------------------------------------------------------- +Wed Dec 4 21:40:41 UTC 2024 - Matej Cepl + +- Update to 3.11.11: + - Tools/Demos + - gh-123418: Update GitHub CI workflows to use OpenSSL 3.0.15 + and multissltests to use 3.0.15, 3.1.7, and 3.2.3. + - Tests + - gh-125041: Re-enable skipped tests for zlib on the + s390x architecture: only skip checks of the compressed + bytes, which can be different between zlib’s software + implementation and the hardware-accelerated implementation. + - Security + - gh-126623: Upgrade libexpat to 2.6.4 + - gh-122792: Changed IPv4-mapped ipaddress.IPv6Address to + consistently use the mapped IPv4 address value for deciding + properties. Properties which have their behavior fixed are + is_multicast, is_reserved, is_link_local, is_global, and + is_unspecified. + - Library + - gh-124651: Properly quote template strings in venv + activation scripts (bsc#1232241, CVE-2024-9287). +- Removed upstreamed patches: + - CVE-2024-9287-venv_path_unquoted.patch + +------------------------------------------------------------------- +Tue Dec 3 08:21:35 UTC 2024 - John Paul Adrian Glaubitz + +- Add add-loongarch64-support.patch to support loongarch64 + +------------------------------------------------------------------- +Mon Dec 2 22:50:07 UTC 2024 - Matej Cepl + +- Fix changelog + +------------------------------------------------------------------- +Mon Nov 11 12:43:40 UTC 2024 - Daniel Garcia + +- Remove -IVendor/ from python-config boo#1231795 + +------------------------------------------------------------------- +Fri Nov 1 16:32:10 UTC 2024 - Matej Cepl + +- Add CVE-2024-9287-venv_path_unquoted.patch to properly quote + path names provided when creating a virtual environment + (bsc#1232241, CVE-2024-9287) + +------------------------------------------------------------------- +Wed Oct 2 16:18:29 UTC 2024 - Matej Cepl + +- Drop .pyc files from docdir for reproducible builds + (bsc#1230906). + +------------------------------------------------------------------- +Mon Sep 9 16:53:07 UTC 2024 - Matej Cepl + +- Update to 3.11.10: + - Security + - gh-123678: Upgrade libexpat to 2.6.3 + - gh-121957: Fixed missing audit events around interactive + use of Python, now also properly firing for ``python -i``, + as well as for ``python -m asyncio``. The event in question + is ``cpython.run_stdin``. + - gh-122133: Authenticate the socket connection for the + ``socket.socketpair()`` fallback on platforms where + ``AF_UNIX`` is not available like Windows. Patch by + Gregory P. Smith and Seth Larson + . Reported by Ellie + - gh-121285: Remove backtracking from tarfile header parsing + for ``hdrcharset``, PAX, and GNU sparse headers + (bsc#1230227, CVE-2024-6232). + - gh-118486: :func:`os.mkdir` on Windows now accepts + *mode* of ``0o700`` to restrict the new directory to + the current user. This fixes CVE-2024-4030 affecting + :func:`tempfile.mkdtemp` in scenarios where the base + temporary directory is more permissive than the default. + - gh-116741: Update bundled libexpat to 2.6.2 + - Library + - gh-123270: Applied a more surgical fix for malformed + payloads in :class:`zipfile.Path` causing infinite loops + (gh-122905) without breaking contents using legitimate + characters (bsc#1229704, CVE-2024-8088). + - gh-123067: Fix quadratic complexity in parsing ``"``-quoted + cookie values with backslashes by :mod:`http.cookies` + (bsc#1229596, CVE-2024-7592). + - gh-122905: :class:`zipfile.Path` objects now sanitize names + from the zipfile. + - gh-121650: :mod:`email` headers with embedded newlines are + now quoted on output. The :mod:`~email.generator` will now + refuse to serialize (write) headers that are unsafely folded + or delimited; see :attr:`~email.policy.Policy.verify_generated_headers`. + (Contributed by Bas Bloemsaat and Petr Viktorin in + :gh:`121650`; CVE-2024-6923, bsc#1228780). + - gh-119506: Fix :meth:`!io.TextIOWrapper.write` method + breaks internal buffer when the method is called again + during flushing internal buffer. + - gh-118643: Fix an AttributeError in the :mod:`email` module + when re-fold a long address list. Also fix more cases of + incorrect encoding of the address separator in the address + list. + - gh-113171: Fixed various false positives and false + negatives in * :attr:`ipaddress.IPv4Address.is_private` + (see these docs for details) * + :attr:`ipaddress.IPv4Address.is_global` * + :attr:`ipaddress.IPv6Address.is_private` * + :attr:`ipaddress.IPv6Address.is_global` Also in the + corresponding :class:`ipaddress.IPv4Network` and + :class:`ipaddress.IPv6Network` attributes. + Fixes bsc#1226448 (CVE-2024-4032). + - gh-102988: :func:`email.utils.getaddresses` and + :func:`email.utils.parseaddr` now return ``('', '')`` + 2-tuples in more situations where invalid email addresses + are encountered instead of potentially inaccurate + values. Add optional *strict* parameter to these two + functions: use ``strict=False`` to get the old behavior, + accept malformed inputs. ``getattr(email.utils, + 'supports_strict_parsing', False)`` can be use to check if + the *strict* paramater is available. Patch by Thomas Dwyer + and Victor Stinner to improve the CVE-2023-27043 fix + (bsc#1210638). + - gh-67693: Fix :func:`urllib.parse.urlunparse` and + :func:`urllib.parse.urlunsplit` for URIs with path starting + with multiple slashes and no authority. Based on patch by + Ashwin Ramaswami. + - Core and Builtins + - gh-112275: A deadlock involving ``pystate.c``'s + ``HEAD_LOCK`` in ``posixmodule.c`` at fork is now + fixed. Patch by ChuBoning based on previous Python 3.12 fix + by Victor Stinner. + - gh-109120: Added handle of incorrect star expressions, e.g + ``f(3, *)``. Patch by Grigoryev Semyon +- Removed upstreamed patches: + - CVE-2023-27043-email-parsing-errors.patch + - CVE-2024-4032-private-IP-addrs.patch + - CVE-2024-6923-email-hdr-inject.patch + - CVE-2024-8088-inf-loop-zipfile_Path.patch + (renamed from CVE-2024-8088-zipfile-Path-sanitization.patch) + - CVE-2024-6232-ReDOS-backtrack-tarfile.patch + - CVE-2024-7592-quad-complex-cookies.patch + +------------------------------------------------------------------- +Mon Sep 2 09:44:26 UTC 2024 - Matej Cepl + +- Add gh120226-fix-sendfile-test-kernel-610.patch to avoid + failing test_sendfile_close_peer_in_the_middle_of_receiving + tests on Linux >= 6.10 (GH-120227). + +------------------------------------------------------------------- +Wed Aug 28 16:54:34 UTC 2024 - Matej Cepl + +- Add CVE-2024-8088-inf-loop-zipfile_Path.patch to prevent + malformed payload to cause infinite loops in zipfile.Path + (bsc#1229704, CVE-2024-8088). + +------------------------------------------------------------------- +Wed Aug 7 12:12:42 UTC 2024 - Matej Cepl + +- Add CVE-2024-6923-email-hdr-inject.patch to prevent email + header injection due to unquoted newlines (bsc#1228780, + CVE-2024-6923). +- %{profileopt} variable is set according to the variable + %{do_profiling} (bsc#1227999) + +------------------------------------------------------------------- +Mon Jul 22 21:20:55 UTC 2024 - Matej Cepl + +- Remove %suse_update_desktop_file macro as it is not useful any + more. + +------------------------------------------------------------------- +Thu Jul 18 22:37:07 UTC 2024 - Matej Cepl + +- Adding bso1227999-reproducible-builds.patch fixing bsc#1227999 + adding reproducibility patches from gh#python/cpython!121872 + and gh#python/cpython!121883. + +------------------------------------------------------------------- +Mon Jul 15 12:14:05 UTC 2024 - Matej Cepl + +- Stop using %%defattr, it seems to be breaking proper executable + attributes on /usr/bin/ scripts (bsc#1227378). + +------------------------------------------------------------------- +Tue Jul 2 10:32:58 UTC 2024 - Daniel Garcia + +- Update F00251-change-user-install-location.patch to make pip and + modern tools install directly in /usr/local when used by the user. + bsc#1225660 + +------------------------------------------------------------------- +Tue Jun 25 21:57:40 UTC 2024 - Matej Cepl + +- Add CVE-2024-4032-private-IP-addrs.patch to fix bsc#1226448 + (CVE-2024-4032) rearranging definition of private v global IP + addresses. + +------------------------------------------------------------------- +Wed May 1 08:39:08 UTC 2024 - Matej Cepl + +- Update CVE-2023-52425-libexpat-2.6.0-backport.patch + so that it uses features sniffing, not just + comparing version number. Include also + support-expat-CVE-2022-25236-patched.patch. +- Add CVE-2023-52425-remove-reparse_deferral-tests.patch skipping + failing tests. +- Refresh patches: + - CVE-2023-27043-email-parsing-errors.patch + - fix_configure_rst.patch + - skip_if_buildbot-extend.patch +- Remove included patch: + - support-expat-CVE-2022-25236-patched.patch + +------------------------------------------------------------------- +Mon Apr 15 10:31:32 UTC 2024 - Daniel Garcia + +- Add CVE-2023-52425-libexpat-2.6.0-backport.patch to fix tests with + patched libexpat below 2.6.0 that doesn't update the version number, + just in SLE. + +------------------------------------------------------------------- +Mon Apr 8 05:44:04 UTC 2024 - Daniel Garcia + +- Remove not needed upstream patches: + * libexpat260.patch + * CVE-2023-6597-TempDir-cleaning-symlink.patch, bsc#1219666 + * CVE-2024-0397-memrace_ssl.SSLContext_cert_store.patch + +- Update to 3.11.9: + * Security + - gh-115398: Allow controlling Expat >=2.6.0 reparse deferral + (CVE-2023-52425, bsc#1219559) by adding five new methods: + xml.etree.ElementTree.XMLParser.flush() + xml.etree.ElementTree.XMLPullParser.flush() + xml.parsers.expat.xmlparser.GetReparseDeferralEnabled() + xml.parsers.expat.xmlparser.SetReparseDeferralEnabled() + xml.sax.expatreader.ExpatParser.flush() + - gh-115399: Update bundled libexpat to 2.6.0 + - gh-115243: Fix possible crashes in collections.deque.index() + when the deque is concurrently modified. + - gh-114572: ssl.SSLContext.cert_store_stats() and + ssl.SSLContext.get_ca_certs() now correctly lock access to the + certificate store, when the ssl.SSLContext is shared across + multiple threads (bsc#1226447, CVE-2024-0397). + * Core and Builtins + - gh-116296: Fix possible refleak in object.__reduce__() internal + error handling. + - gh-116034: Fix location of the error on a failed assertion. + - gh-115823: Properly calculate error ranges in the parser when + raising SyntaxError exceptions caused by invalid byte sequences. + Patch by Pablo Galindo + - gh-112087: For an empty reverse iterator for list will be + reduced to reversed(). Patch by Donghee Na. + - gh-115011: Setters for members with an unsigned integer type now + support the same range of valid values for objects that has a + __index__() method as for int. + - gh-96497: Fix incorrect resolution of mangled class variables + used in assignment expressions in comprehensions. + * Library + - gh-117310: Fixed an unlikely early & extra Py_DECREF triggered + crash in ssl when creating a new _ssl._SSLContext if CPython was + built implausibly such that the default cipher list is empty or + the SSL library it was linked against reports a failure from its + C SSL_CTX_set_cipher_list() API. + - gh-117178: Fix regression in lazy loading of self-referential + modules, introduced in gh-114781. + - gh-117084: Fix zipfile extraction for directory entries with the + name containing backslashes on Windows. + - gh-117110: Fix a bug that prevents subclasses of typing.Any to + be instantiated with arguments. Patch by Chris Fu. + - gh-90872: On Windows, subprocess.Popen.wait() no longer calls + WaitForSingleObject() with a negative timeout: pass 0 ms if the + timeout is negative. Patch by Victor Stinner. + - gh-116957: configparser: Don’t leave ConfigParser values in an + invalid state (stored as a list instead of a str) after an + earlier read raised DuplicateSectionError or + DuplicateOptionError. + - gh-90095: Ignore empty lines and comments in .pdbrc + - gh-116764: Restore support of None and other false values in + urllib.parse functions parse_qs() and parse_qsl(). Also, they + now raise a TypeError for non-zero integers and non-empty + sequences. + - gh-116811: In PathFinder.invalidate_caches, delegate to + MetadataPathFinder.invalidate_caches. + - gh-116600: Fix repr() for global Flag members. + - gh-116484: Change automatically generated tkinter.Checkbutton + widget names to avoid collisions with automatically generated + tkinter.ttk.Checkbutton widget names within the same parent + widget. + - gh-116401: Fix blocking os.fwalk() and shutil.rmtree() on + opening named pipe. + - gh-116143: Fix a race in pydoc _start_server, eliminating a + window in which _start_server can return a thread that is + “serving” but without a docserver set. + - gh-116325: typing: raise SyntaxError instead of AttributeError + on forward references as empty strings. + - gh-90535: Fix support of interval values > 1 in + logging.TimedRotatingFileHandler for when='MIDNIGHT' and + when='Wx'. + - gh-115978: Disable preadv(), readv(), pwritev(), and writev() on + WASI. + - Under wasmtime for WASI 0.2, these functions don’t pass + test_posix + (https://github.com/bytecodealliance/wasmtime/issues/7830). + - gh-88352: Fix the computation of the next rollover time in the + logging.TimedRotatingFileHandler handler. computeRollover() now + always returns a timestamp larger than the specified time and + works correctly during the DST change. doRollover() no longer + overwrite the already rolled over file, saving from data loss + when run at midnight or during repeated time at the DST change. + - gh-87115: Set __main__.__spec__ to None when running a script + with pdb + - gh-76511: Fix UnicodeEncodeError in email.Message.as_string() + that results when a message that claims to be in the ascii + character set actually has non-ascii characters. Non-ascii + characters are now replaced with the U+FFFD replacement + character, like in the replace error handler. + - gh-75988: Fixed unittest.mock.create_autospec() to pass the call + through to the wrapped object to return the real result. + - gh-115881: Fix issue where ast.parse() would incorrectly flag + conditional context managers (such as with (x() if y else z()): + ...) as invalid syntax if feature_version=(3, 8) was passed. + This reverts changes to the grammar made as part of gh-94949. + - gh-115886: Fix silent truncation of the name with an embedded + null character in multiprocessing.shared_memory.SharedMemory. + - gh-115809: Improve algorithm for computing which rolled-over log + files to delete in logging.TimedRotatingFileHandler. It is now + reliable for handlers without namer and with arbitrary + deterministic namer that leaves the datetime part in the file + name unmodified. + - gh-74668: urllib.parse functions parse_qs() and parse_qsl() now + support bytes arguments containing raw and percent-encoded + non-ASCII data. + - gh-67044: csv.writer() now always quotes or escapes '\r' and + '\n', regardless of lineterminator value. + - gh-115712: csv.writer() now quotes empty fields if delimiter is + a space and skipinitialspace is true and raises exception if + quoting is not possible. + - gh-115618: Fix improper decreasing the reference count for None + argument in property methods getter(), setter() and deleter(). + - gh-115570: A DeprecationWarning is no longer omitted on access + to the __doc__ attributes of the deprecated typing.io and + typing.re pseudo-modules. + - gh-112006: Fix inspect.unwrap() for types with the __wrapper__ + data descriptor. + - gh-101293: Support callables with the __call__() method and + types with __new__() and __init__() methods set to class + methods, static methods, bound methods, partial functions, and + other types of methods and descriptors in + inspect.Signature.from_callable(). + - gh-115392: Fix a bug in doctest where incorrect line numbers + would be reported for decorated functions. + - gh-114563: Fix several format() bugs when using the C + implementation of Decimal: * memory leak in some rare cases when + using the z format option (coerce negative 0) * incorrect output + when applying the z format option to type F (fixed-point with + capital NAN / INF) * incorrect output when applying the # format + option (alternate form) + - gh-115197: urllib.request no longer resolves the hostname before + checking it against the system’s proxy bypass list on macOS and + Windows. + - gh-115198: Fix support of Docutils >= 0.19 in distutils. + - gh-115165: Most exceptions are now ignored when attempting to + set the __orig_class__ attribute on objects returned when + calling typing generic aliases (including generic aliases + created using typing.Annotated). Previously only AttributeError + was ignored. Patch by Dave Shawley. + - gh-115133: Fix tests for XMLPullParser with Expat 2.6.0. + - gh-115059: io.BufferedRandom.read1() now flushes the underlying + write buffer. + - gh-79382: Trailing ** no longer allows to match files and + non-existing paths in recursive glob(). + - gh-114763: Protect modules loaded with importlib.util.LazyLoader + from race conditions when multiple threads try to access + attributes before the loading is complete. + - gh-97959: Fix rendering class methods, bound methods, method and + function aliases in pydoc. Class methods no longer have “method + of builtins.type instance” note. Corresponding notes are now + added for class and unbound methods. Method and function aliases + now have references to the module or the class where the origin + was defined if it differs from the current. Bound methods are + now listed in the static methods section. Methods of builtin + classes are now supported as well as methods of Python classes. + - gh-112281: Allow creating union of types for typing.Annotated + with unhashable metadata. + - gh-111775: Fix importlib.resources.simple.ResourceHandle.open() + for text mode, added missed stream argument. + - gh-90095: Make .pdbrc and -c work with any valid pdb commands. + - gh-107155: Fix incorrect output of help(x) where x is a lambda + function, which has an __annotations__ dictionary attribute with + a "return" key. + - gh-105866: Fixed _get_slots bug which caused error when defining + dataclasses with slots and a weakref_slot. + - gh-60346: Fix ArgumentParser inconsistent with parse_known_args. + - gh-100985: Update HTTPSConnection to consistently wrap IPv6 + Addresses when using a proxy. + - gh-100884: email: fix misfolding of comma in address-lists + over multiple lines in combination with unicode encoding + (bsc#1238450 CVE-2025-1795) + - gh-95782: Fix io.BufferedReader.tell(), + io.BufferedReader.seek(), _pyio.BufferedReader.tell(), + io.BufferedRandom.tell(), io.BufferedRandom.seek() and + _pyio.BufferedRandom.tell() being able to return negative + offsets. + - gh-96310: Fix a traceback in argparse when all options in a + mutually exclusive group are suppressed. + - gh-93205: Fixed a bug in + logging.handlers.TimedRotatingFileHandler where multiple + rotating handler instances pointing to files with the same name + but different extensions would conflict and not delete the + correct files. + - bpo-44865: Add missing call to localization function in + argparse. + - bpo-43952: Fix multiprocessing.connection.Listener.accept() to + accept empty bytes as authkey. Not accepting empty bytes as key + causes it to hang indefinitely. + - bpo-42125: linecache: get module name from __spec__ if + available. This allows getting source code for the __main__ + module when a custom loader is used. + - gh-66543: Make mimetypes.guess_type() properly parsing of URLs + with only a host name, URLs containing fragment or query, and + filenames with only a UNC sharepoint on Windows. Based on patch + by Dong-hee Na. + - bpo-33775: Add ‘default’ and ‘version’ help text for + localization in argparse. + * Documentation + - gh-115399: Document CVE-2023-52425 of Expat <2.6.0 under “XML + vulnerabilities”. + - gh-115233: Fix an example for LoggerAdapter in the Logging + Cookbook. + * Tests + - gh-83434: Disable JUnit XML output (--junit-xml=FILE command + line option) in regrtest when hunting for reference leaks (-R + option). Patch by Victor Stinner. + - gh-117187: Fix XML tests for vanilla Expat <2.6.0. + - gh-115979: Update test_importlib so that it passes under WASI + SDK 21. + - gh-116307: Added import helper isolated_modules as CleanImport + does not remove modules imported during the context. + - gh-115720: Leak tests (-R, --huntrleaks) now show a summary of + the number of leaks found in each iteration. + - gh-115122: Add --bisect option to regrtest test runner: run + failed tests with test.bisect_cmd to identify failing tests. + Patch by Victor Stinner. + - gh-115596: Fix ProgramPriorityTests in test_os permanently + changing the process priority. + - gh-115198: Fix test_check_metadata_deprecate in distutils tests + with a newer Docutils. + * Build + - gh-116313: Get WASI builds to work under wasmtime 18 w/ WASI + 0.2/preview2 primitives. + - gh-115167: Avoid vendoring vcruntime140_threads.dll when + building with Visual Studio 2022 version 17.8. + * Windows + - gh-116773: Fix instances of <_overlapped.Overlapped object at + 0xXXX> still has pending operation at deallocation, the process + may crash. + - gh-91227: Fix the asyncio ProactorEventLoop implementation so + that sending a datagram to an address that is not listening does + not prevent receiving any more datagrams. + - gh-115554: The installer now has more strict rules about + updating the Python Launcher for Windows. In general, most users + only have a single launcher installed and will see no + difference. When multiple launchers have been installed, the + option to install the launcher is disabled until all but one + have been removed. Downgrading the launcher (which was never + allowed) is now more obviously blocked. + - gh-115543: Python Launcher for Windows can now detect Python + 3.13 when installed from the Microsoft Store, and will install + Python 3.12 by default when PYLAUNCHER_ALLOW_INSTALL is set. + - gh-115009: Update Windows installer to use SQLite 3.45.1. + * IDLE + - gh-88516: On macOS show a proxy icon in the title bar of editor + windows to match platform behaviour. + * Tools/Demos + - gh-113516: Don’t set LDSHARED when building for WASI. + * C API + - gh-117021: Fix integer overflow in PyLong_AsPid() on non-Windows + 64-bit platforms. + +------------------------------------------------------------------- +Sun Mar 24 07:51:45 UTC 2024 - Matej Cepl + +- Add reference to CVE-2024-0450 (bsc#1221854) to changelog. + +------------------------------------------------------------------- +Fri Mar 22 21:22:27 UTC 2024 - Matej Cepl + +- Because of bsc#1189495 we have to revert use of %autopatch. + +------------------------------------------------------------------- +Tue Mar 12 08:44:47 UTC 2024 - Matej Cepl + +- Rewrite %prep to use %autosetup et al. for compatibility with + rpm 4.20. + +------------------------------------------------------------------- +Tue Mar 12 08:13:34 UTC 2024 - Matej Cepl + +- bsc#1221260 add bsc1221260-test_asyncio-ResourceWarning.patch + to eliminate ResourceWarning which broke the test suite in + test_asyncio. + +------------------------------------------------------------------- +Wed Mar 6 14:13:58 UTC 2024 - Pedro Monreal + +- Use the system-wide crypto-policies [bsc#1211301] + * Use the system default cipher list instead of hardcoded values + * Add the --with-ssl-default-suites=openssl configure option + +------------------------------------------------------------------- +Fri Feb 23 01:06:42 UTC 2024 - Matej Cepl + +- (bsc#1219666, CVE-2023-6597) Add + CVE-2023-6597-TempDir-cleaning-symlink.patch (patch from + gh#python/cpython!99930) fixing symlink bug in cleanup of + tempfile.TemporaryDirectory. + +------------------------------------------------------------------- +Tue Feb 20 22:14:02 UTC 2024 - Matej Cepl + +- Remove double definition of /usr/bin/idle%%{version} in + %%files. + +------------------------------------------------------------------- +Thu Feb 15 10:29:07 UTC 2024 - Daniel Garcia + +- Add upstream patch libexpat260.patch, Fix tests for XMLPullParser + with Expat 2.6.0, gh#python/cpython#115289 + +------------------------------------------------------------------- +Thu Feb 8 07:27:40 UTC 2024 - Daniel Garcia + +- Update to 3.11.8: + - Security + - gh-113659: Skip .pth files with names starting with a dot or + hidden file attribute. + - Core and Builtins + - gh-114887: Changed socket type validation in + create_datagram_endpoint() to accept all non-stream sockets. + This fixes a regression in compatibility with raw sockets. + - gh-114388: Fix a RuntimeWarning emitted when assign an + integer-like value that is not an instance of int to an + attribute that corresponds to a C struct member of type T_UINT + and T_ULONG. Fix a double RuntimeWarning emitted when assign a + negative integer value to an attribute that corresponds to a C + struct member of type T_UINT. + - gh-89811: Check for a valid tp_version_tag before performing + bytecode specializations that rely on this value being usable. + - gh-113602: Fix an error that was causing the parser to try to + overwrite existing errors and crashing in the process. Patch by + Pablo Galindo + - gh-113566: Fix a 3.11-specific crash when the repr of a Future + is requested after the module has already been + garbage-collected. + - gh-106905: Use per AST-parser state rather than global state to + track recursion depth within the AST parser to prevent potential + race condition due to simultaneous parsing. + - The issue primarily showed up in 3.11 by multithreaded users of + ast.parse(). In 3.12 a change to when garbage collection can be + triggered prevented the race condition from occurring. + - gh-112716: Fix SystemError in the import statement and in + __reduce__() methods of builtin types when __builtins__ is not a + dict. + - gh-105967: Workaround a bug in Apple’s macOS platform zlib + library where zlib.crc32() and binascii.crc32() could produce + incorrect results on multi-gigabyte inputs. Including when using + zipfile on zips containing large data. + - gh-94606: Fix UnicodeEncodeError when + email.message.get_payload() reads a message with a Unicode + surrogate character and the message content is not well-formed + for surrogateescape encoding. Patch by Sidney Markowitz. + - Library + - gh-114965: Update bundled pip to 24.0 + - gh-114959: tarfile no longer ignores errors when trying to + extract a directory on top of a file. + - gh-109475: Fix support of explicit option value “–” in argparse + (e.g. --option=--). + - gh-110190: Fix ctypes structs with array on Windows ARM64 + platform by setting MAX_STRUCT_SIZE to 32 in stgdict. Patch by + Diego Russo + - gh-113280: Fix a leak of open socket in rare cases when error + occurred in ssl.SSLSocket creation. + - gh-77749: email.policy.EmailPolicy.fold() now always encodes + non-ASCII characters in headers if utf8 is false. + - gh-114492: Make the result of termios.tcgetattr() reproducible + on Alpine Linux. Previously it could leave a random garbage in + some fields. + - gh-75128: Ignore an OSError in + asyncio.BaseEventLoop.create_server() when IPv6 is available but + the interface cannot actually support it. + - gh-114257: Dismiss the FileNotFound error in + ctypes.util.find_library() and just return None on Linux. + - gh-101438: Avoid reference cycle in ElementTree.iterparse. The + iterator returned by ElementTree.iterparse may hold on to a file + descriptor. The reference cycle prevented prompt clean-up of the + file descriptor if the returned iterator was not exhausted. + - gh-104522: OSError raised when run a subprocess now only has + filename attribute set to cwd if the error was caused by a + failed attempt to change the current directory. + - gh-109534: Fix a reference leak in + asyncio.selector_events.BaseSelectorEventLoop when SSL + handshakes fail. Patch contributed by Jamie Phan. + - gh-114077: Fix possible OverflowError in + socket.socket.sendfile() when pass count larger than 2 GiB on + 32-bit platform. + - gh-114014: Fixed a bug in fractions.Fraction where an invalid + string using d in the decimals part creates a different error + compared to other invalid letters/characters. Patch by Jeremiah + Gabriel Pascual. + - gh-113951: Fix the behavior of tag_unbind() methods of + tkinter.Text and tkinter.Canvas classes with three arguments. + Previously, widget.tag_unbind(tag, sequence, funcid) destroyed + the current binding for sequence, leaving sequence unbound, and + deleted the funcid command. Now it removes only funcid from the + binding for sequence, keeping other commands, and deletes the + funcid command. It leaves sequence unbound only if funcid was + the last bound command. + - gh-113877: Fix tkinter method winfo_pathname() on 64-bit + Windows. + - gh-113781: Silence unraisable AttributeError when warnings are + emitted during Python finalization. + - gh-113594: Fix UnicodeEncodeError in email when re-fold lines + that contain unknown-8bit encoded part followed by + non-unknown-8bit encoded part. + - gh-113538: In asyncio.StreamReaderProtocol.connection_made(), + there is callback that logs an error if the task wrapping the + “connected callback” fails. This callback would itself fail if + the task was cancelled. Prevent this by checking whether the + task was cancelled first. If so, close the transport but don’t + log an error. + - gh-85567: Fix resource warnings for unclosed files in pickle and + pickletools command line interfaces. + - gh-101225: Increase the backlog for + multiprocessing.connection.Listener objects created by + multiprocessing.manager and multiprocessing.resource_sharer to + significantly reduce the risk of getting a connection refused + error when creating a multiprocessing.connection.Connection to + them. + - gh-113543: Make sure that webbrowser.MacOSXOSAScript sends + webbrowser.open audit event. + - gh-113028: When a second reference to a string appears in the + input to pickle, and the Python implementation is in use, we are + guaranteed that a single copy gets pickled and a single object + is shared when reloaded. Previously, in protocol 0, when a + string contained certain characters (e.g. newline) it resulted + in duplicate objects. + - gh-113421: Fix multiprocessing logger for %(filename)s. + - gh-113358: Fix rendering tracebacks for exceptions with a broken + __getattr__. + - gh-113214: Fix an AttributeError during asyncio SSL protocol + aborts in SSL-over-SSL scenarios. + - gh-113246: Update bundled pip to 23.3.2. + - gh-113199: Make http.client.HTTPResponse.read1 and + http.client.HTTPResponse.readline close IO after reading all + data when content length is known. Patch by Illia Volochii. + - gh-113188: Fix shutil.copymode() and shutil.copystat() on + Windows. Previously they worked differenly if dst is a symbolic + link: they modified the permission bits of dst itself rather + than the file it points to if follow_symlinks is true or src is + not a symbolic link, and did not modify the permission bits if + follow_symlinks is false and src is a symbolic link. + - gh-61648: Detect line numbers of properties in doctests. + - gh-112559: signal.signal() and signal.getsignal() no longer call + repr on callable handlers. asyncio.run() and + asyncio.Runner.run() no longer call repr on the task results. + Patch by Yilei Yang. + - gh-110190: Fix ctypes structs with array on PPC64LE platform by + setting MAX_STRUCT_SIZE to 64 in stgdict. Patch by Diego Russo. + - gh-79429: Ignore FileNotFoundError when remove a temporary + directory in the multiprocessing finalizer. + - gh-79325: Fix an infinite recursion error in + tempfile.TemporaryDirectory() cleanup on Windows. + - gh-110190: Fix ctypes structs with array on Arm platform by + setting MAX_STRUCT_SIZE to 32 in stgdict. Patch by Diego Russo. + - gh-81194: Fix a crash in socket.if_indextoname() with specific + value (UINT_MAX). Fix an integer overflow in + socket.if_indextoname() on 64-bit non-Windows platforms. + - gh-75666: Fix the behavior of tkinter widget’s unbind() method + with two arguments. Previously, widget.unbind(sequence, funcid) + destroyed the current binding for sequence, leaving sequence + unbound, and deleted the funcid command. Now it removes only + funcid from the binding for sequence, keeping other commands, + and deletes the funcid command. It leaves sequence unbound only + if funcid was the last bound command. + - gh-110345: Show the Tcl/Tk patchlevel (rather than version) in + tkinter._test(). + - gh-109858: Protect zipfile from “quoted-overlap” zipbomb. It now + raises BadZipFile when try to read an entry that overlaps with + other entry or central directory (bsc#1221854, CVE-2024-0450). + - gh-38807: Fix race condition in trace. Instead of checking if a + directory exists and creating it, directly call os.makedirs() + with the kwarg exist_ok=True. + - gh-75705: Set unixfrom envelope in mailbox.mbox and + mailbox.MMDF. + - gh-105102: Allow ctypes.Union to be nested in ctypes.Structure + when the system endianness is the opposite of the classes. + - gh-104282: Fix null pointer dereference in + lzma._decode_filter_properties() due to improper handling of BCJ + filters with properties of zero length. Patch by Radislav + Chugunov. + - gh-102512: When os.fork() is called from a foreign thread (aka + _DummyThread), the type of the thread in a child process is + changed to _MainThread. Also changed its name and daemonic + status, it can be now joined. + - gh-91133: Fix a bug in tempfile.TemporaryDirectory cleanup, + which now no longer dereferences symlinks when working around + file system permission errors. + - bpo-43153: On Windows, tempfile.TemporaryDirectory previously + masked a PermissionError with NotADirectoryError during + directory cleanup. It now correctly raises PermissionError if + errors are not ignored. Patch by Andrei Kulakov and Ken Jin. + - bpo-35332: The shutil.rmtree() function now ignores errors when + calling os.close() when ignore_errors is True, and os.close() no + longer retried after error. + - bpo-35928: io.TextIOWrapper now correctly handles the decoding + buffer after read() and write(). + - bpo-26791: shutil.move() now moves a symlink into a directory + when that directory is the target of the symlink. This provides + the same behavior as the mv shell command. The previous behavior + raised an exception. Patch by Jeffrey Kintscher. + - bpo-36959: Fix some error messages for invalid ISO format string + combinations in strptime() that referred to directives not + contained in the format string. Patch by Gordon P. Hemsley. + - bpo-18060: Fixed a class inheritance issue that can cause + segfaults when deriving two or more levels of subclasses from a + base class of Structure or Union. + - Documentation + - gh-110746: Improved markup for valid options/values for methods + ttk.treeview.column and ttk.treeview.heading, and for Layouts. + - gh-95649: Document that the asyncio module contains code taken + from v0.16.0 of the uvloop project, as well as the required MIT + licensing information. + - Tests + - gh-109980: Fix test_tarfile_vs_tar in test_shutil for macOS, + where system tar can include more information in the archive + than shutil.make_archive. + - gh-112769: The tests now correctly compare zlib version when + zlib.ZLIB_RUNTIME_VERSION contains non-integer suffixes. For + example zlib-ng defines the version as 1.3.0.zlib-ng. + - gh-105089: Fix + test.test_zipfile.test_core.TestWithDirectory.test_create_directory_with_write + test in AIX by doing a bitwise AND of 0xFFFF on mode , so that + it will be in sync with zinfo.external_attr + - bpo-40648: Test modes that file can get with chmod() on Windows. + - Build + - gh-101778: Fix build error when there’s a dangling symlink in + the directory containing ffi.h. + - gh-112305: Fixed the check-clean-src step performed on out of + tree builds to detect errant $(srcdir)/Python/frozen_modules/*.h + files and recommend appropriate source tree cleanup steps to get + a working build again. + - bpo-11102: The os.major(), os.makedev(), and os.minor() + functions are now available on HP-UX v3. + - bpo-36351: Do not set ipv6type when cross-compiling. + - IDLE + - gh-96905: In idlelib code, stop redefining built-ins ‘dict’ and + ‘object’. + - gh-72284: Improve the lists of features, editor key bindings, + and shell key bingings in the IDLE doc. + - gh-113903: Fix rare failure of test.test_idle, in + test_configdialog. + - gh-113729: Fix the “Help -> IDLE Doc” menu bug in 3.11.7 and + 3.12.1. + - gh-113269: Fix test_editor hang on macOS Catalina. + - gh-112898: Fix processing unsaved files when quitting IDLE on + macOS. + - gh-103820: Revise IDLE bindings so that events from mouse button + 4/5 on non-X11 windowing systems (i.e. Win32 and Aqua) are not + mistaken for scrolling. + - bpo-13586: Enter the selected text when opening the “Replace” + dialog. + - Tools/Demos + - gh-109991: Update GitHub CI workflows to use OpenSSL 3.0.13 and + multissltests to use 1.1.1w, 3.0.13, 3.1.5, and 3.2.1. + - gh-115015: Fix a bug in Argument Clinic that generated incorrect + code for methods with no parameters that use the METH_METHOD | + METH_FASTCALL | METH_KEYWORDS calling convention. Only the + positional parameter count was checked; any keyword argument + passed would be silently accepted. +- Remove upstreamed patches: + - CVE-2024-0450-zipfile-avoid-quoted-overlap-zipbomb.patch +- Refresh all patches: + - CVE-2023-27043-email-parsing-errors.patch + - F00251-change-user-install-location.patch + - bpo-31046_ensurepip_honours_prefix.patch + - distutils-reproducible-compile.patch + - fix_configure_rst.patch + - python-3.3.0b1-fix_date_time_compiler.patch + - python-3.3.0b1-localpath.patch + - python-3.3.0b1-test-posix_fadvise.patch + - skip_if_buildbot-extend.patch + - subprocess-raise-timeout.patch + - support-expat-CVE-2022-25236-patched.patch + +------------------------------------------------------------------- +Tue Dec 19 16:34:50 UTC 2023 - Daniel Garcia + +- Update patch fix_configure_rst.patch +- Update to 3.11.7: + - Core and Builtins + - gh-112625: Fixes a bug where a bytearray object could be cleared + while iterating over an argument in the bytearray.join() method + that could result in reading memory after it was freed. + - gh-112388: Fix an error that was causing the parser to try to + overwrite tokenizer errors. Patch by pablo Galindo + - gh-112387: Fix error positions for decoded strings with + backwards tokenize errors. Patch by Pablo Galindo + - gh-112266: Change docstrings of __dict__ and __weakref__. + - gh-109181: Speed up Traceback object creation by lazily compute + the line number. Patch by Pablo Galindo + - gh-102388: Fix a bug where iso2022_jp_3 and iso2022_jp_2004 + codecs read out of bounds + - gh-111366: Fix an issue in the codeop that was causing + SyntaxError exceptions raised in the presence of invalid syntax + to not contain precise error messages. Patch by Pablo Galindo + - gh-111380: Fix a bug that was causing SyntaxWarning to appear + twice when parsing if invalid syntax is encountered later. Patch + by Pablo galindo + - gh-88116: Traceback location ranges involving wide unicode + characters (like emoji and asian characters) now are properly + highlighted. Patch by Batuhan Taskaya and Pablo Galindo. + - gh-94438: Fix a regression that prevented jumping across is None + and is not None when debugging. Patch by Savannah Ostrowski. + - gh-110696: Fix incorrect error message for invalid argument + unpacking. Patch by Pablo Galindo + - gh-110237: Fix missing error checks for calls to PyList_Append + in _PyEval_MatchClass. + - gh-109216: Fix possible memory leak in BUILD_MAP. + + - Library + - gh-112618: Fix a caching bug relating to typing.Annotated. + Annotated[str, True] is no longer identical to Annotated[str, + 1]. + - gh-112509: Fix edge cases that could cause a key to be present + in both the __required_keys__ and __optional_keys__ attributes + of a typing.TypedDict. Patch by Jelle Zijlstra. + - gh-94722: Fix bug where comparison between instances of DocTest + fails if one of them has None as its lineno. + - gh-112105: Make readline.set_completer_delims() work with + libedit + - gh-111942: Fix SystemError in the TextIOWrapper constructor with + non-encodable “errors” argument in non-debug mode. + - gh-109538: Issue warning message instead of having RuntimeError + be displayed when event loop has already been closed at + StreamWriter.__del__(). + - gh-111942: Fix crashes in io.TextIOWrapper.reconfigure() when + pass invalid arguments, e.g. non-string encoding. + - gh-111804: Remove posix.fallocate() under WASI as the underlying + posix_fallocate() is not available in WASI preview2. + - gh-111841: Fix truncating arguments on an embedded null + character in os.putenv() and os.unsetenv() on Windows. + - gh-111541: Fix doctest for SyntaxError not-builtin subclasses. + - gh-110894: Call loop exception handler for exceptions in + client_connected_cb of asyncio.start_server() so that + applications can handle it. Patch by Kumar Aditya. + - gh-111531: Fix reference leaks in bind_class() and bind_all() + methods of tkinter widgets. + - gh-111356: Added io.text_encoding(), io.DEFAULT_BUFFER_SIZE, and + io.IncrementalNewlineDecoder to io.__all__. + - gh-68166: Remove mention of not supported “vsapi” element type + in tkinter.ttk.Style.element_create(). Add tests for + element_create() and other ttk.Style methods. Add examples for + element_create() in the documentation. + - gh-111251: Fix _blake2 not checking for errors when + initializing. + - gh-111174: Fix crash in io.BytesIO.getbuffer() called repeatedly + for empty BytesIO. + - gh-111187: Postpone removal version for + locale.getdefaultlocale() to Python 3.15. + - gh-111159: Fix doctest output comparison for exceptions with + notes. + - gh-110910: Fix invalid state handling in asyncio.TaskGroup and + asyncio.Timeout. They now raise proper RuntimeError if they are + improperly used and are left in consistent state after this. + - gh-111092: Make turtledemo run without default root enabled. + - gh-110590: Fix a bug in _sre.compile() where TypeError would be + overwritten by OverflowError when the code argument was a list + of non-ints. + - gh-65052: Prevent pdb from crashing when trying to display + undisplayable objects + - gh-110519: Deprecation warning about non-integer number in + gettext now alwais refers to the line in the user code where + gettext function or method is used. Previously it could refer to + a line in gettext code. + - gh-110378: contextmanager() and asynccontextmanager() context + managers now close an invalid underlying generator object that + yields more then one value. + - gh-110365: Fix termios.tcsetattr() bug that was overwritting + existing errors during parsing integers from term list. + - gh-110196: Add __reduce__ method to IPv6Address in order to keep + scope_id + - gh-109747: Improve errors for unsupported look-behind patterns. + Now re.error is raised instead of OverflowError or RuntimeError + for too large width of look-behind pattern. + - gh-109786: Fix possible reference leaks and crash when re-enter + the __next__() method of itertools.pairwise. + - gh-108791: Improved error handling in pdb command line + interface, making it produce more concise error messages. + - gh-73561: Omit the interface scope from an IPv6 address when + used as Host header by http.client. + - gh-86826: zipinfo now supports the full range of values in the + TZ string determined by RFC 8536 and detects all invalid + formats. Both Python and C implementations now raise exceptions + of the same type on invalid data. + - bpo-41422: Fixed memory leaks of pickle.Pickler and + pickle.Unpickler involving cyclic references via the internal + memo mapping. + - bpo-40262: The ssl.SSLSocket.recv_into() method no longer + requires the buffer argument to implement __len__ and supports + buffers with arbitrary item size. + - bpo-35191: Fix unexpected integer truncation in + socket.setblocking() which caused it to interpret multiples of + 2**32 as False. + + - Documentation + - gh-108826: dis module command-line interface is now mentioned in + documentation. + + - Tests + - gh-110367: Make regrtest --verbose3 option compatible with + --huntrleaks -jN options. The ./python -m test -j1 -R 3:3 + --verbose3 command now works as expected. Patch by Victor + Stinner. + - gh-111309: distutils tests can now be run via unittest. + - gh-111165: Remove no longer used functions run_unittest() and + run_doctest() and class BasicTestRunner from the test.support + module. + - gh-110932: Fix regrtest if the SOURCE_DATE_EPOCH environment + variable is defined: use the variable value as the random seed. + Patch by Victor Stinner. + - gh-110995: test_gdb: Fix detection of gdb built without Python + scripting support. Patch by Victor Stinner. + - gh-110918: Test case matching patterns specified by options + --match, --ignore, --matchfile and --ignorefile are now tested + in the order of specification, and the last match determines + whether the test case be run or ignored. + - gh-110647: Fix test_stress_modifying_handlers() of test_signal. + Patch by Victor Stinner. + - gh-103053: Fix test_tools.test_freeze on FreeBSD: run “make + distclean” instead of “make clean” in the copied source + directory to remove also the “python” program. Patch by Victor + Stinner. + - gh-110167: Fix a deadlock in test_socket when server fails with + a timeout but the client is still running in its thread. Don’t + hold a lock to call cleanup functions in doCleanups(). One of + the cleanup function waits until the client completes, whereas + the client could deadlock if it called addCleanup() in such + situation. Patch by Victor Stinner. + - gh-110388: Add tests for tty. + - gh-81002: Add tests for termios. + - gh-110267: Add tests for pickling and copying PyStructSequence + objects. Patched by Xuehai Pan. + - gh-109974: Fix race conditions in test_threading lock tests. + Wait until a condition is met rather than using time.sleep() + with a hardcoded number of seconds. Patch by Victor Stinner. + - gh-109972: Split test_gdb.py file into a test_gdb package made + of multiple tests, so tests can now be run in parallel. Patch by + Victor Stinner. + - gh-104736: Fix test_gdb on Python built with LLVM clang 16 on + Linux ppc64le (ex: Fedora 38). Search patterns in gdb “bt” + command output to detect when gdb fails to retrieve the + traceback. For example, skip a test if Backtrace stopped: frame + did not save the PC is found. Patch by Victor Stinner. + - gh-108927: Fixed order dependence in running tests in the same + process when a test that has submodules (e.g. test_importlib) + follows a test that imports its submodule (e.g. + test_importlib.util) and precedes a test (e.g. test_unittest or + test_compileall) that uses that submodule. + + - Build + - gh-103053: “make check-clean-src” now also checks if the + “python” program is found in the source directory: fail with an + error if it does exist. Patch by Victor Stinner. + - gh-109191: Fix compile error when building with recent versions + of libedit. + + - IDLE + - bpo-35668: Add docstrings to the IDLE debugger module. Fix two + bugs: initialize Idb.botframe (should be in Bdb); in + Idb.in_rpc_code, check whether prev_frame is None before trying + to use it. Greatly expand test_debugger. + + - C API + - gh-112438: Fix support of format units “es”, “et”, “es#”, and + “et#” in nested tuples in PyArg_ParseTuple()-like functions. + - gh-109521: PyImport_GetImporter() now sets RuntimeError if it + fails to get sys.path_hooks or sys.path_importer_cache or they + are not list and dict correspondingly. Previously it could + return NULL without setting error in obscure cases, crash or + raise SystemError if these attributes have wrong type. +------------------------------------------------------------------- +Mon Dec 18 16:20:58 UTC 2023 - Matej Cepl + +- Refresh CVE-2023-27043-email-parsing-errors.patch to + gh#python/cpython!111116, fixing bsc#1210638 (CVE-2023-27043). +- Thus we can remove Revert-gh105127-left-tests.patch, which is + now useless. + +------------------------------------------------------------------- +Wed Nov 15 09:06:16 UTC 2023 - Daniel Garcia + +- Remove not needed patch 103213-fetch-CONFIG_ARGS.patch +- Refresh patches: + - bpo-31046_ensurepip_honours_prefix.patch + - fix_configure_rst.patch + +- Update to 3.11.6: + - Core and Builtins + - gh-109351: Fix crash when compiling an invalid AST involving a + named (walrus) expression. + - gh-109207: Fix a SystemError in __repr__ of symtable entry + object. + - gh-109179: Fix bug where the C traceback display drops notes + from SyntaxError. + - gh-88943: Improve syntax error for non-ASCII character that + follows a numerical literal. It now points on the invalid + non-ASCII character, not on the valid numerical literal. + - gh-108959: Fix caret placement for error locations for subscript + and binary operations that involve non-semantic parentheses and + spaces. Patch by Pablo Galindo + - gh-108520: Fix + multiprocessing.synchronize.SemLock.__setstate__() to properly + initialize multiprocessing.synchronize.SemLock._is_fork_ctx. + This fixes a regression when passing a SemLock accross nested + processes. + - Rename multiprocessing.synchronize.SemLock.is_fork_ctx to + multiprocessing.synchronize.SemLock._is_fork_ctx to avoid + exposing it as public API. + - Library + - gh-110036: On Windows, multiprocessing Popen.terminate() now + catchs PermissionError and get the process exit code. If the + process is still running, raise again the PermissionError. + Otherwise, the process terminated as expected: store its exit + code. Patch by Victor Stinner. + - gh-110038: Fixed an issue that caused KqueueSelector.select() to + not return all the ready events in some cases when a file + descriptor is registered for both read and write. + - gh-109631: re functions such as re.findall(), re.split(), + re.search() and re.sub() which perform short repeated matches + can now be interrupted by user. + - gh-109593: Avoid deadlocking on a reentrant call to the + multiprocessing resource tracker. Such a reentrant call, though + unlikely, can happen if a GC pass invokes the finalizer for a + multiprocessing object such as SemLock. + - gh-109613: Fix os.stat() and os.DirEntry.stat(): check for + exceptions. Previously, on Python built in debug mode, these + functions could trigger a fatal Python error (and abort the + process) when a function succeeded with an exception set. Patch + by Victor Stinner. + - gh-109375: The pdb alias command now prevents registering + aliases without arguments. + - gh-107219: Fix a race condition in concurrent.futures. When a + process in the process pool was terminated abruptly (while the + future was running or pending), close the connection write end. + If the call queue is blocked on sending bytes to a worker + process, closing the connection write end interrupts the send, + so the queue can be closed. Patch by Victor Stinner. + - gh-50644: Attempts to pickle or create a shallow or deep copy of + codecs streams now raise a TypeError. Previously, copying failed + with a RecursionError, while pickling produced wrong results + that eventually caused unpickling to fail with a RecursionError. + - gh-108987: Fix _thread.start_new_thread() race condition. If a + thread is created during Python finalization, the newly spawned + thread now exits immediately instead of trying to access freed + memory and lead to a crash. Patch by Victor Stinner. + - gh-108843: Fix an issue in ast.unparse() when unparsing + f-strings containing many quote types. + - gh-108682: Enum: raise TypeError if super().__new__() is called + from a custom __new__. + - gh-105829: Fix concurrent.futures.ProcessPoolExecutor deadlock + - gh-64662: Fix support for virtual tables in + sqlite3.Connection.iterdump(). Patch by Aviv Palivoda. + - gh-107913: Fix possible losses of errno and winerror values in + OSError exceptions if they were cleared or modified by the + cleanup code before creating the exception object. + - gh-104372: On Linux where subprocess can use the vfork() syscall + for faster spawning, prevent the parent process from blocking + other threads by dropping the GIL while it waits for the + vfork’ed child process exec() outcome. This prevents spawning a + binary from a slow filesystem from blocking the rest of the + application. + - gh-84867: unittest.TestLoader no longer loads test cases from + exact unittest.TestCase and unittest.FunctionTestCase classes. + - Documentation + - gh-109209: The minimum Sphinx version required for the + documentation is now 4.2. + - gh-105052: Update timeit doc to specify that time in seconds is + just the default. + - gh-102823: Document the return type of x // y when x and y have + type float. + - Tests + - gh-110031: Skip test_threading tests using thread+fork if Python + is built with Address Sanitizer (ASAN). Patch by Victor Stinner. + - gh-110088: Fix test_asyncio timeouts: don’t measure the maximum + duration, a test should not measure a CI performance. Only + measure the minimum duration when a task has a timeout or delay. + Add CLOCK_RES to test_asyncio.utils. Patch by Victor Stinner. + - gh-110033: Fix test_interprocess_signal() of test_signal. Make + sure that the subprocess.Popen object is deleted before the test + raising an exception in a signal handler. Otherwise, + Popen.__del__() can get the exception which is logged as + Exception ignored in: ... and the test fails. Patch by Victor + Stinner. + - gh-109594: Fix test_timeout() of + test_concurrent_futures.test_wait. Remove the future which may + or may not complete depending if it takes longer than the + timeout ot not. Keep the second future which does not complete + before wait() timeout. Patch by Victor Stinner. + - gh-109748: Fix test_zippath_from_non_installed_posix() of + test_venv: don’t copy __pycache__/ sub-directories, because they + can be modified by other Python tests running in parallel. Patch + by Victor Stinner. + - gh-103053: Skip test_freeze_simple_script() of + test_tools.test_freeze if Python is built with ./configure + --enable-optimizations, which means with Profile Guided + Optimization (PGO): it just makes the test too slow. The freeze + tool is tested by many other CIs with other (faster) compiler + flags. Patch by Victor Stinner. + - gh-109396: Fix test_socket.test_hmac_sha1() in FIPS mode. Use a + longer key: FIPS mode requires at least of at least 112 bits. + The previous key was only 32 bits. Patch by Victor Stinner. + - gh-104736: Fix test_gdb on Python built with LLVM clang 16 on + Linux ppc64le (ex: Fedora 38). Search patterns in gdb “bt” + command output to detect when gdb fails to retrieve the + traceback. For example, skip a test if Backtrace stopped: frame + did not save the PC is found. Patch by Victor Stinner. + - gh-109237: Fix test_site.test_underpth_basic() when the working + directory contains at least one non-ASCII character: encode the + ._pth file to UTF-8 and enable the UTF-8 Mode to use UTF-8 for + the child process stdout. Patch by Victor Stinner. + - gh-109230: Fix test_pyexpat.test_exception(): it can now be run + from a directory different than Python source code directory. + Before, the test failed in this case. Skip the test if + Modules/pyexpat.c source is not available. Skip also the test on + Python implementations other than CPython. Patch by Victor + Stinner. + - gh-109015: Fix test_asyncio, test_imaplib and test_socket tests + on FreeBSD if the TCP blackhole is enabled (sysctl + net.inet.tcp.blackhole). Skip the few tests which failed with + ETIMEDOUT which such non standard configuration. Currently, the + FreeBSD GCP image enables TCP and UDP blackhole (sysctl + net.inet.tcp.blackhole=2 and sysctl net.inet.udp.blackhole=1). + Patch by Victor Stinner. + - gh-91960: Skip test_gdb if gdb is unable to retrieve Python + frame objects: if a frame is . When Python is + built with “clang -Og”, gdb can fail to retrive the frame + parameter of _PyEval_EvalFrameDefault(). In this case, tests + like py_bt() are likely to fail. Without getting access to + Python frames, python-gdb.py is mostly clueless on retrieving + the Python traceback. Moreover, test_gdb is no longer skipped on + macOS if Python is built with Clang. Patch by Victor Stinner. + - gh-108962: Skip test_tempfile.test_flags() if chflags() fails + with “OSError: [Errno 45] Operation not supported” (ex: on + FreeBSD 13). Patch by Victor Stinner. + - gh-89392: Removed support of test_main() function in tests. They + now always use normal unittest test runner. + - gh-108851: Fix test_tomllib recursion tests for WASI buildbots: + reduce the recursion limit and compute the maximum nested + array/dict depending on the current available recursion limit. + Patch by Victor Stinner. + - gh-108851: Add get_recursion_available() and + get_recursion_depth() functions to the test.support module. + Patch by Victor Stinner. + - gh-108822: regrtest now computes statistics on all tests: + successes, failures and skipped. test_netrc, test_pep646_syntax + and test_xml_etree now return results in their test_main() + function. Patch by Victor Stinner and Alex Waygood. + - gh-108388: Convert test_concurrent_futures to a package of 7 + sub-tests. Patch by Victor Stinner. + - gh-108388: Split test_multiprocessing_fork, + test_multiprocessing_forkserver and test_multiprocessing_spawn + into test packages. Each package is made of 4 sub-tests: + processes, threads, manager and misc. It allows running more + tests in parallel and so reduce the total test duration. Patch + by Victor Stinner. + - gh-101634: When running the Python test suite with -jN option, + if a worker stdout cannot be decoded from the locale encoding + report a failed testn so the exitcode is non-zero. Patch by + Victor Stinner. + - gh-100086: The Python test runner (libregrtest) now logs Python + build information like “debug” vs “release” build, or LTO and + PGO optimizations. Patch by Victor Stinner. + - gh-98903: The Python test suite now fails wit exit code 4 if no + tests ran. It should help detecting typos in test names and test + methods. + - gh-95027: On Windows, when the Python test suite is run with the + -jN option, the ANSI code page is now used as the encoding for + the stdout temporary file, rather than using UTF-8 which can + lead to decoding errors. Patch by Victor Stinner. + - gh-93353: regrtest now checks if a test leaks temporary files or + directories if run with -jN option. Patch by Victor Stinner. + - Build + - gh-63760: Fix Solaris build: no longer redefine the + gethostname() function. Solaris defines the function since 2005. + Patch by Victor Stinner, original patch by Jakub Kulík. + - gh-108740: Fix a race condition in make regen-all. The + deepfreeze.c source and files generated by Argument Clinic are + now generated or updated before generating “global objects”. + Previously, some identifiers may miss depending on the order in + which these files were generated. Patch by Victor Stinner. + - Windows + - gh-109991: Update Windows build to use OpenSSL 3.0.11. + - gh-107565: Update Windows build to use OpenSSL 3.0.10. + - macOS + - gh-109991: Update macOS installer to use OpenSSL 3.0.11. + - Tools/Demos + - gh-109991: Update GitHub CI workflows to use OpenSSL 3.0.11 and + multissltests to use 1.1.1w, 3.0.11, and 3.1.3. + +------------------------------------------------------------------- +Wed Sep 6 07:52:11 UTC 2023 - Daniel Garcia + +- Update to 3.11.5 (bsc#1214692): + - Security + - gh-108310: Fixed an issue where instances of ssl.SSLSocket were + vulnerable to a bypass of the TLS handshake and included + protections (like certificate verification) and treating sent + unencrypted data as if it were post-handshake TLS encrypted data. + Security issue reported as CVE-2023-40217 by Aapo Oksman. Patch by + Gregory P. Smith. + - Core and Builtins + - gh-104432: Fix potential unaligned memory access on C APIs + involving returned sequences of char * pointers within the grp + and socket modules. These were revealed using a + -fsaniziter=alignment build on ARM macOS. Patch by Christopher + Chavez. + - gh-77377: Ensure that multiprocessing synchronization objects + created in a fork context are not sent to a different process + created in a spawn context. This changes a segfault into an + actionable RuntimeError in the parent process. + - gh-106092: Fix a segmentation fault caused by a use-after-free + bug in frame_dealloc when the trashcan delays the deallocation + of a PyFrameObject. + - gh-106719: No longer suppress arbitrary errors in the + __annotations__ getter and setter in the type and module types. + - gh-106723: Propagate frozen_modules to multiprocessing spawned + process interpreters. + - gh-105979: Fix crash in _imp.get_frozen_object() due to improper + exception handling. + - gh-105840: Fix possible crashes when specializing function calls + with too many __defaults__. + - gh-105588: Fix an issue that could result in crashes when + compiling malformed ast nodes. + - gh-105375: Fix bugs in the builtins module where exceptions + could end up being overwritten. + - gh-105375: Fix bug in the compiler where an exception could end + up being overwritten. + - gh-105375: Improve error handling in + PyUnicode_BuildEncodingMap() where an exception could end up + being overwritten. + - gh-105235: Prevent out-of-bounds memory access during + mmap.find() calls. + - gh-101006: Improve error handling when read marshal data. + - Library + - gh-105736: Harmonized the pure Python version of OrderedDict + with the C version. Now, both versions set up their internal + state in __new__. Formerly, the pure Python version did the set + up in __init__. + - gh-107963: Fix multiprocessing.set_forkserver_preload() to check + the given list of modules names. Patch by Dong-hee Na. + - gh-106242: Fixes os.path.normpath() to handle embedded null + characters without truncating the path (bsc#1214693, + CVE-2023-41105). + - gh-107845: tarfile.data_filter() now takes the location of + symlinks into account when determining their target, so it will + no longer reject some valid tarballs with + LinkOutsideDestinationError. + - gh-107715: Fix doctest.DocTestFinder.find() in presence of class + names with special characters. Patch by Gertjan van Zwieten. + - gh-100814: Passing a callable object as an option value to a + Tkinter image now raises the expected TclError instead of an + AttributeError. + - gh-106684: Close asyncio.StreamWriter when it is not closed by + application leading to memory leaks. Patch by Kumar Aditya. + - gh-107077: Seems that in some conditions, OpenSSL will return + SSL_ERROR_SYSCALL instead of SSL_ERROR_SSL when a certification + verification has failed, but the error parameters will still + contain ERR_LIB_SSL and SSL_R_CERTIFICATE_VERIFY_FAILED. We are + now detecting this situation and raising the appropiate + ssl.SSLCertVerificationError. Patch by Pablo Galindo + - gh-107396: tarfiles; Fixed use before assignment of + self.exception for gzip decompression + - gh-62519: Make gettext.pgettext() search plural definitions when + translation is not found. + - gh-83006: Document behavior of shutil.disk_usage() for + non-mounted filesystems on Unix. + - gh-106186: Do not report MultipartInvariantViolationDefect + defect when the email.parser.Parser class is used to parse + emails with headersonly=True. + - gh-106831: Fix potential missing NULL check of d2i_SSL_SESSION + result in _ssl.c. + - gh-106774: Update the bundled copy of pip to version 23.2.1. + - gh-106752: Fixed several bug in zipfile.Path in + name/suffix/suffixes/stem operations when no filename is present + and the Path is not at the root of the zipfile. + - gh-106602: Add __copy__ and __deepcopy__ in enum + - gh-106530: Revert a change to colorsys.rgb_to_hls() that caused + division by zero for certain almost-white inputs. Patch by Terry + Jan Reedy. + - gh-106052: re module: fix the matching of possessive quantifiers + in the case of a subpattern containing backtracking. + - gh-106510: Improve debug output for atomic groups in regular + expressions. + - gh-105497: Fix flag mask inversion when unnamed flags exist. + - gh-90876: Prevent multiprocessing.spawn from failing to import + in environments where sys.executable is None. This regressed in + 3.11 with the addition of support for path-like objects in + multiprocessing. + - gh-106350: Detect possible memory allocation failure in the + libtommath function mp_init() used by the _tkinter module. + - gh-102541: Make pydoc.doc catch bad module ImportError when + output stream is not None. + - gh-106263: Fix crash when calling repr with a manually + constructed SignalDict object. Patch by Charlie Zhao. + - gh-105375: Fix a bug in _Unpickler_SetInputStream() where an + exception could end up being overwritten in case of failure. + - gh-105375: Fix bugs in sys where exceptions could end up being + overwritten because of deferred error handling. + - gh-105605: Harden pyexpat error handling during module + initialisation to prevent exceptions from possibly being + overwritten, and objects from being dereferenced twice. + - gh-105375: Fix bug in decimal where an exception could end up + being overwritten. + - gh-105375: Fix bugs in _datetime where exceptions could be + overwritten in case of module initialisation failure. + - gh-105375: Fix bugs in _ssl initialisation which could lead to + leaked references and overwritten exceptions. + - gh-105375: Fix a bug in array.array where an exception could end + up being overwritten. + - gh-105375: Fix bugs in _ctypes where exceptions could end up + being overwritten. + - gh-105375: Fix a bug in the posix module where an exception + could be overwritten. + - gh-105375: Fix bugs in _elementtree where exceptions could be + overwritten. + - gh-105375: Fix bugs in zoneinfo where exceptions could be + overwritten. + - gh-105375: Fix bugs in pickle where exceptions could be + overwritten. + - gh-105497: Fix flag inversion when alias/mask members exist. + - gh-105375: Fix bugs in pickle where exceptions could be + overwritten. + - gh-103171: Revert undocumented behaviour change with + runtime-checkable protocols decorated with typing.final() in + Python 3.11. The behaviour change had meant that objects would + not be considered instances of these protocols at runtime unless + they had a __final__ attribute. Patch by Alex Waygood. + - gh-105375: Fix a bug in sqlite3 where an exception could be + overwritten in the collation callback. + - gh-105332: Revert pickling method from by-name back to by-value. + - gh-104554: Add RTSPS scheme support in urllib.parse + - gh-100061: Fix a bug that causes wrong matches for regular + expressions with possessive qualifier. + - gh-102541: Hide traceback in help() prompt, when import failed. + - gh-99203: Restore following CPython <= 3.10.5 behavior of + shutil.make_archive(): do not create an empty archive if + root_dir is not a directory, and, in that case, raise + FileNotFoundError or NotADirectoryError regardless of format + choice. Beyond the brought-back behavior, the function may now + also raise these exceptions in dry_run mode. + - gh-94777: Fix hanging multiprocessing ProcessPoolExecutor when a + child process crashes while data is being written in the call + queue. + - bpo-18319: Ensure gettext(msg) retrieve translations even if a + plural form exists. In other words: gettext(msg) == + ngettext(msg, '', 1). + - Documentation + - gh-107008: Document the curses module variables LINES and COLS. + - gh-106948: Add a number of standard external names to + nitpick_ignore. + - gh-54738: Add documentation on how to localize the argparse + module. + - Tests + - gh-105776: Fix test_cppext when the C compiler command -std=c11 + option: remove -std= options from the compiler command. Patch by + Victor Stinner. + - gh-107237: test_logging: Fix test_udp_reconnection() by + increasing the timeout from 100 ms to 5 minutes (LONG_TIMEOUT). + Patch by Victor Stinner. + - gh-101634: When running the Python test suite with -jN option, + if a worker stdout cannot be decoded from the locale encoding + report a failed testn so the exitcode is non-zero. Patch by + Victor Stinner. + - Build + - gh-107814: When calling find_python.bat with -q it did not + properly silence the output of nuget. That is now fixed. + - gh-106881: Check for linux/limits.h before including it in + Modules/posixmodule.c. + - gh-104692: Include commoninstall as a prerequisite for + bininstall + - This ensures that commoninstall is completed before bininstall + is started when parallel builds are used (make -j install), and + so the python3 symlink is only installed after all standard + library modules are installed. + - gh-100340: Allows -Wno-int-conversion for wasm-sdk 17 and + onwards, thus enables building WASI builds once against the + latest sdk. + - Windows + - gh-106242: Fixes realpath() to behave consistently when passed a + path containing an embedded null character on Windows. In strict + mode, it now raises OSError instead of the unexpected + ValueError, and in non-strict mode will make the path absolute. + - gh-106844: Fix integer overflow in _winapi.LCMapStringEx() which + affects ntpath.normcase(). + - gh-99079: Update Windows build to use OpenSSL 3.0.9 + - gh-105436: Ensure that an empty environment block is terminated + by two null characters, as is required by Windows. + - macOS + - gh-107565: Update macOS installer to use OpenSSL 3.0.10. + - gh-99079: Update macOS installer to use OpenSSL 3.0.9. + - Tools/Demos + - gh-107565: Update multissltests and GitHub CI workflows to use + OpenSSL 1.1.1v, 3.0.10, and 3.1.2. + - gh-95065: Argument Clinic now supports overriding automatically + generated signature by using directive @text_signature. See How + to override the generated signature. + - gh-106970: Fix bugs in the Argument Clinic destination + clear command; the destination buffers would never be cleared, + and the destination directive parser would simply continue to + the fault handler after processing the command. Patch by Erlend + E. Aasland. + - C API + - gh-107916: C API functions PyErr_SetFromErrnoWithFilename(), + PyErr_SetExcFromWindowsErrWithFilename() and + PyErr_SetFromWindowsErrWithFilename() save now the error code + before calling PyUnicode_DecodeFSDefault(). + - gh-107915: Such C API functions as PyErr_SetString(), + PyErr_Format(), PyErr_SetFromErrnoWithFilename() and many others + no longer crash or ignore errors if it failed to format the + error message or decode the filename. Instead, they keep a + corresponding error. + - gh-107226: PyModule_AddObjectRef() is now only available in the + limited API version 3.10 or later. + - gh-105375: Fix a bug in PyErr_WarnExplicit() where an exception + could end up being overwritten if the API failed internally. + - gh-99612: Fix PyUnicode_DecodeUTF8Stateful() for ASCII-only + data: *consumed was not set. + +------------------------------------------------------------------- +Thu Aug 10 09:33:26 UTC 2023 - Dirk Müller + +- restrict PEP668 to ALP/Tumbleweed + +------------------------------------------------------------------- +Fri Aug 4 06:37:41 UTC 2023 - Dirk Müller + +- add externally_managed.in to label this build as PEP-668 managed + +------------------------------------------------------------------- +Thu Aug 3 14:53:38 UTC 2023 - Matej Cepl + +- IT MEANS THAT bsc#1210638 STILL HAS NOT BEEN FIXED! +- Add Revert-gh105127-left-tests.patch (gh#python/cpython!106941) + partially reverting CVE-2023-27043-email-parsing-errors.patch, + because of the regression in gh#python/cpython#106669. +- (bsc#1210638, CVE-2023-27043) Add + CVE-2023-27043-email-parsing-errors.patch, which detects email + address parsing errors and returns empty tuple to indicate the + parsing error (old API). (The patch is faulty, + gh#python/cpython#106669, but upstream decided not to just + revert it). + +------------------------------------------------------------------- +Wed Jun 28 19:47:28 UTC 2023 - Matej Cepl + +- Update to Python 3.11.4: + - gh-103142: The version of OpenSSL used in Windows and + Mac installers has been upgraded to 1.1.1u to address + CVE-2023-2650, CVE-2023-0465, CVE-2023-0466, CVE-2023-0464, + as well as CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303 + fixed previously in 1.1.1t (gh-101727). + - gh-102153: urllib.parse.urlsplit() now strips leading C0 + control and space characters following the specification for + URLs defined by WHATWG in response to CVE-2023-24329 + (bsc#1208471). + - gh-99889: Fixed a security in flaw in uu.decode() that could + allow for directory traversal based on the input if no + out_file was specified. + - gh-104049: Do not expose the local on-disk + location in directory indexes produced by + http.client.SimpleHTTPRequestHandler. + - gh-103935: trace.__main__ now uses io.open_code() for files + to be executed instead of raw open(). + - gh-102953: The extraction methods in tarfile, and + shutil.unpack_archive(), have a new filter argument that + allows limiting tar features than may be surprising or + dangerous, such as creating files outside the destination + directory. See Extraction filters for details (fixing + CVE-2007-4559, bsc#1203750). +- Remove upstreamed patches: + - CVE-2007-4559-filter-tarfile_extractall.patch + +------------------------------------------------------------------- +Mon Jun 26 13:02:05 UTC 2023 - Matej Cepl + +- Remove obsolete_python_versioned macro again. This mechanism + has no business to be in Python 3.11, because we have abolished + with it whole interpreter+setuptools+pip product. Python 3.11 + should not be replaced by later versions anymore. + +------------------------------------------------------------------- +Sun Apr 30 18:13:16 UTC 2023 - Matej Cepl + +- Add 103213-fetch-CONFIG_ARGS.patch (gh#python/cpython#103053). +- Add skip_if_buildbot-extend.patch to avoid the bug altogether + (extending what skip_if_buildbot covers). +- Add CVE-2007-4559-filter-tarfile_extractall.patch to fix + bsc#1203750 (CVE-2007-4559) and implementing "PEP 706 – Filter + for tarfile.extractall". + +------------------------------------------------------------------- +Thu Apr 27 21:57:15 UTC 2023 - Matej Cepl + +- Update to 3.11.3: + - Security + - gh-101727: Updated the OpenSSL version used in Windows + and macOS binary release builds to 1.1.1t to address + CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303 per the + OpenSSL 2023-02-07 security advisory. + - Core and Builtins + - gh-101975: Fixed stacktop value on tracing entries to avoid + corruption on garbage collection. + - gh-102701: Fix overflow when creating very large dict. + - gh-102416: Do not memoize incorrectly automatically + generated loop rules in the parser. Patch by Pablo Galindo. + - gh-102356: Fix a bug that caused a crash when deallocating + deeply nested filter objects. Patch by Marta Gómez Macías. + - gh-102397: Fix segfault from race condition in signal + handling during garbage collection. Patch by Kumar Aditya. + - gh-102281: Fix potential nullptr dereference and use of + uninitialized memory in fileutils. Patch by Max Bachmann. + - gh-102126: Fix deadlock at shutdown when clearing thread + states if any finalizer tries to acquire the runtime head + lock. Patch by Kumar Aditya. + - gh-102027: Fix SSE2 and SSE3 detection in _blake2 internal + module. Patch by Max Bachmann. + - gh-101967: Fix possible segfault in + positional_only_passed_as_keyword function, when new list + created. + - gh-101765: Fix SystemError / segmentation fault in iter + __reduce__ when internal access of builtins.__dict__ keys + mutates the iter object. + - gh-101696: Invalidate type version tag in + _PyStaticType_Dealloc for static types, avoiding bug where + a false cache hit could crash the interpreter. Patch by + Kumar Aditya. + - Library + - gh-102549: Don’t ignore exceptions in member type creation. + - gh-102947: Improve traceback when dataclasses.fields() is + called on a non-dataclass. Patch by Alex Waygood + - gh-102780: The asyncio.Timeout context manager now + works reliably even when performing cleanup due to task + cancellation. Previously it could raise a CancelledError + instead of an TimeoutError in such cases. + - gh-88965: typing: Fix a bug relating to substitution in . + Pacustom classes generic over a ParamSpec. Previously, if . + Pathe ParamSpec was substituted with a parameters list that . + Paitself contained a TypeVar, the TypeVar in the parameters . + Palist could not be subsequently substituted. This is now . + Pafixed tch by Nikita Sobolev . + - gh-101979: Fix a bug where parentheses in the metavar + argument to argparse.ArgumentParser.add_argument() were + dropped. Patch by Yeojin Kim. + - gh-102179: Fix os.dup2() error message for negative fds. + - gh-101961: For the binary mode, fileinput.hookcompressed() + doesn’t set the encoding value even if the value is + None. Patch by Gihwan Kim. + - gh-101936: The default value of fp becomes io.BytesIO + if HTTPError is initialized without a designated fp + parameter. Patch by Long Vo. + - gh-102069: Fix __weakref__ descriptor generation for custom + dataclasses. + - gh-101566: In zipfile, apply fix for extractall on the + underlying zipfile after being wrapped in Path. + - gh-101892: Callable iterators no longer raise SystemError + when the callable object exhausts the iterator but forgets + to either return a sentinel value or raise StopIteration. + - gh-97786: Fix potential undefined behaviour in corner cases + of floating-point-to-time conversions. + - gh-101517: Fixed bug where bdb looks up the source line + with linecache with a lineno=None, which causes it to fail + with an unhandled exception. + - gh-101673: Fix a pdb bug where ll clears the changes to + local variables. + - gh-96931: Fix incorrect results from + ssl.SSLSocket.shared_ciphers() + - gh-88233: Correctly preserve “extra” fields in zipfile + regardless of their ordering relative to a zip64 “extra.” + - gh-96127: inspect.signature was raising TypeError on + call with mock objects. Now it correctly returns (*args, + **kwargs) as infered signature. + - gh-95495: When built against OpenSSL 3.0, the ssl module + had a bug where it reported unauthenticated EOFs (i.e. + without close_notify) as a clean TLS-level EOF. It now + raises SSLEOFError, matching the behavior in previous + versions of OpenSSL. The options attribute on SSLContext + also no longer includes OP_IGNORE_UNEXPECTED_EOF by + default. This option may be set to specify the previous + OpenSSL 3.0 behavior. + - gh-94440: Fix a concurrent.futures.process bug where + ProcessPoolExecutor shutdown could hang after a future has + been quickly submitted and canceled. + - Documentation + - gh-103112: Add docstring to http.client.HTTPResponse.read() + to fix pydoc output. + - gh-85417: Update cmath documentation to clarify behaviour + on branch cuts. + - gh-97725: Fix asyncio.Task.print_stack() description for + file=None. Patch by Oleg Iarygin. + - Tests + - gh-102980: Improve test coverage on pdb. + - gh-102537: Adjust the error handling strategy in + test_zoneinfo.TzPathTest.python_tzpath_context. Patch by + Paul Ganssle. + - gh-89792: test_tools now copies up to 10x less source data + to a temporary directory during the freeze test by ignoring + git metadata and other artifacts. It also limits its python + build parallelism based on os.cpu_count instead of hard + coding it as 8 cores. + - gh-101377: Improved test_locale_calendar_formatweekday of + calendar. + - Build + - gh-102711: Fix -Wstrict-prototypes compiler warnings. + +------------------------------------------------------------------- +Fri Mar 3 17:23:35 UTC 2023 - Matej Cepl + +- Update to 3.11.2: + Bug fixes, no changes in API and no security bugs. + +------------------------------------------------------------------- +Wed Mar 1 20:50:04 UTC 2023 - Matej Cepl + +- Add python310 Obsoletes line to obsolete_python_versioned macro. + +------------------------------------------------------------------- +Tue Feb 21 11:34:49 UTC 2023 - Matej Cepl + +- Add provides for readline and sqlite3 to the main Python + package. + +------------------------------------------------------------------- +Thu Jan 26 13:28:24 UTC 2023 - Thorsten Kukuk + +- Disable NIS for new products, it's deprecated and gets removed + +------------------------------------------------------------------- +Tue Jan 24 12:23:34 UTC 2023 - Dirk Müller + +- build GLIBC hwcaps optimized versions of the interpreter + +------------------------------------------------------------------- +Tue Jan 10 11:11:56 UTC 2023 - Matej Cepl + +- Don't fail on Sphinx build warnings. +- For jsc#PED-1570, jsc#PED-2217 and jsc#PED-68, + providing Python 3.11 for SLE-15-SP4. + +------------------------------------------------------------------- +Thu Dec 8 14:59:50 UTC 2022 - Matej Cepl + +- Update to 3.11.1: + - python -m http.server no longer allows terminal control + characters sent within a garbage request to be printed + to the stderr server lo This is done by changing the + http.server BaseHTTPRequestHandler .log_message method to + replace control characters with a \xHH hex escape before + printin + - Avoid publishing list of active per-interpreter audit hooks + via the gc module + - The IDNA codec decoder used on DNS hostnames by socket or + asyncio related name resolution functions no longer involves + a quadratic algorithm. This prevents a potential CPU denial + of service if an out-of-spec excessive length hostname + involving bidirectional characters were decoded. Some + protocols such as urllib http 3xx redirects potentially allow + for an attacker to supply such a name (CVE-2022-45061). + - Update bundled libexpat to 2.5.0 + - Fix a shell code injection vulnerability in the + get-remote-certificate.py example script. The script no + longer uses a shell to run openssl commands. Issue reported + and initial fix by Caleb Shortt. Patch by Victor Stinner. + - Fix a crash when an object which does not have a dictionary + frees its instance values. + - Fix a bug in the tokenizer that could cause infinite + recursion when showing syntax warnings that happen in the + first line of the source. Patch by Pablo Galindo + - Fix an issue that could cause frames to be visible to Python + code as they are being torn down, possibly leading to memory + corruption or hard crashes of the interpreter. + - Fix a reference bug in _imp.create_builtin() after the + creation of the first sub-interpreter for modules builtins + and sys. Patch by Victor Stinner. + - Fixed a bug that was causing a buffer overflow if the + tokenizer copies a line missing the newline caracter from a + file that is as long as the available tokenizer buffer. Patch + by Pablo galindo + - Fix bug where an ExceptionGroup subclass can wrap a + BaseException. + - Fix zip path for venv created from a non-installed python on + POSIX platforms. + - Fix an issue that could potentially cause incorrect error + handling for some bytecode instructions. + - Fix an issue that prevented PyThreadState and + PyInterpreterState memory from being freed properly. + - Fix failure in except* with unhashable exceptions. + - Fix calculation of sys._base_executable when inside a POSIX + virtual environment using copies of the python binary when + the base installation does not provide the executable name + used by the venv. Calculation will fall back to alternative + names (“python”, “python.”). + - Update faulthandler to emit an error message with the proper + unexpected signal number. Patch by Dong-hee Na. + - Fix location of SyntaxError for a try block with both except + and except*. + - Fix the error reporting positions of specialized traceback + anchors when the source line contains Unicode characters. + - Fix subscription of type aliases containing bare generic + types or types like TypeVar: for example tuple[A, T][int] and + tuple[TypeVar, T][int], where A is a generic type, and T is a + type variable. + - Lower the recursion depth for marshal on WASI to support + wasmtime 2.0/main. + - Fix multiple crashes in debug mode when str subclasses are + used instead of str itself. + - Fix an issue where member descriptors (such as those for + __slots__) could behave incorrectly or crash instead of + raising a TypeError when accessed via an instance of an + invalid type. + - Suppress ImportError for invalid query for help() + command. Patch by Dong-hee Na. + - Fix detection of MAC addresses for uuid on certain OSs. Patch + by Chaim Sanders + - Print exception class name instead of its string + representation when raising errors from ctypes calls. + - os.sched_yield() now release the GIL while calling + sched_yield(2). Patch by Dong-hee Na. + - Fix an issue that could delay the specialization of PRECALL + instructions. + - Bugfix: PyFunction_GetAnnotations() should return a borrowed + reference. It was returning a new reference. + - Ensure that all Python frame objects are backed by “complete” + frames. + - Fixed a missing incref/decref pair in + Exception.__setstate__(). Patch by Ofey Chan. + - Fix the Python path configuration used to initialized + sys.path at Python startup. Paths are no longer encoded + to UTF-8/strict to avoid encoding errors if it contains + surrogate characters (bytes paths are decoded with the + surrogateescape error handler). Patch by Victor Stinner. + - Fix overly-broad source position information for chained + comparisons used as branching conditions. + - At Python exit, sometimes a thread holding the GIL can + wait forever for a thread (usually a daemon thread) which + requested to drop the GIL, whereas the thread already + exited. To fix the race condition, the thread which requested + the GIL drop now resets its request before exiting. Issue + discovered and analyzed by Mingliang ZHAO. Patch by Victor + Stinner. + - Fix a possible assertion failure, fatal error, or SystemError + if a line tracing event raises an exception while opcode + tracing is enabled. + - Fix undefined behaviour in C code of null pointer arithmetic. + - Make sure that all frame objects created are created from + valid interpreter frames. Prevents the possibility of invalid + frames in backtraces and signal handlers. + - Disable incorrect pickling of the C implemented classmethod + descriptors. + - On WASI ENOTCAPABLE is now mapped to PermissionError. The + errno modules exposes the new error number. getpath.py now + ignores PermissionError when it cannot open landmark files + pybuilddir.txt and pyenv.cfg. + - Allow pdb to locate source for frozen modules in the standard + library. + - Raise ValueError instead of SystemError when methods of + uninitialized io.IncrementalNewlineDecoder objects are + called. Patch by Oren Milman. + - Fix a possible assertion failure in io.FileIO when the opener + returns an invalid file descriptor. + - Also escape s in the http.server + BaseHTTPRequestHandler.log_message so that it is technically + possible to parse the line and reconstruct what the original + data was. Without this a xHH is ambiguious as to if it is a + hex replacement we put in or the characters r”x” came through + in the original request line. + - asyncio.get_event_loop() now only emits a deprecation warning + when a new event loop was created implicitly. It no longer + emits a deprecation warning if the current event loop was + set. + - Fix bug when calling trace.CoverageResults with valid infile. + - Fix a bug in handling class cleanups in + unittest.TestCase. Now addClassCleanup() uses separate lists + for different TestCase subclasses, and doClassCleanups() only + cleans up the particular class. + - Release the GIL when calling termios APIs to avoid blocking + threads. + - Fix ast.increment_lineno() to also cover ast.TypeIgnore when + changing line numbers. + - Fix bug in urllib.parse.urlparse() that causes URL schemes + that begin with a digit, a plus sign, or a minus sign to be + parsed incorrectly. + - Check the number of arguments in substitution in user + generics containing a TypeVarTuple and one or more TypeVar. + - Fix substitution of ParamSpec followed by TypeVarTuple in + generic aliases. + - Fix substitution of TypeVarTuple and ParamSpec together in + user generics. + - Fixed bug where inspect.signature() reported incorrect + arguments for decorated methods. + - Fix SystemError in ctypes when exception was not set during + __initsubclass__. + - Remove older version of + _SSLProtocolTransport.get_write_buffer_limits in + asyncio.sslproto + - fix negative numbers failing in verify() + - Fix statistics.NormalDist pickle with 0 and 1 protocols. + - enum.auto() is now correctly activated when combined with + other assignment values. E.g. ONE = auto(), 'some text' will + now evaluate as (1, 'some text'). + - Update the bundled copy of pip to version 22.3.1. + - Clean up refleak on failed module initialisation in _zoneinfo + - Clean up refleaks on failed module initialisation in in + _pickle + - Clean up refleak on failed module initialisation in _io. + - Fix memory leak in math.dist() when both points don’t have + the same dimension. Patch by Kumar Aditya. + - [3.11] Applied changes from importlib_metadata 4.11.4 + through 4.13, including compatibility and robustness + fixes for Distribution objects without _normalized_name, + disallowing invalid inputs to Distribution.from_name, and + refined behaviors in PathDistribution._name_from_stem and + PathDistribution._normalized_name. + - Fix argument typechecks in _overlapped.WSAConnect() and + _overlapped.Overlapped.WSASendTo() functions. + - Prevent crashing in traceback when retrieving the byte-offset + for some source files that contain certain unicode + characters. + - Fix internal error in the re module which in very rare + circumstances prevented compilation of a regular expression + containing a conditional expression without the “else” + branch. + - Fix asyncio.StreamWriter.drain() to call + protocol.connection_lost callback only once on Windows. + - Add a mutex to unittest.mock.NonCallableMock to protect + concurrent access to mock attributes. + - Fix hang on Windows in subprocess.wait_closed() in asyncio + with ProactorEventLoop. Patch by Kumar Aditya. + - Fix infinite loop in unittest when a self-referencing chained + exception is raised + - tkinter.Text.count() raises now an exception for options + starting with “-” instead of silently ignoring them. + - On uname_result, restored expectation that _fields and + _asdict would include all six properties including processor. + - A createSocket() method was added to SysLogHandler. + - Fix bug in urllib.parse.urlparse() that causes certain port + numbers containing whitespace, underscores, plus and minus + signs, or non-ASCII digits to be incorrectly accepted. + - Allow venv to pass along PYTHON* variables to ensurepip and + pip when they do not impact path resolution + - On macOS, fix a crash in syslog.syslog() in multi-threaded + applications. On macOS, the libc syslog() function is not + thread-safe, so syslog.syslog() no longer releases the GIL to + call it. Patch by Victor Stinner. + - Allow BUILTINS to be a valid field name for frozen + dataclasses. + - Wrap network errors consistently in urllib FTP support, so + the test suite doesn’t fail when a network is available but + the public internet is not reachable. + - Make sure patch.dict() can be applied on async functions. + - Earlier in 3.11 we deprecated + asyncio.Task.cancel("message"). We realized we were too + harsh, and have undeprecated it. + - Change deprecate warning message in unittest from It is + deprecated to return a value!=None to It is deprecated to + return a value that is not None from a test case + - Fixes AttributeError when subprocess.check_output() is used + with argument input=None and either of the arguments encoding + or errors are used. + - Fix is_private properties in the ipaddress module. Previously + non-private networks (0.0.0.0/0) would return True from this + method; now they correctly return False. + - Avoid spurious tracebacks from asyncio when default executor + cleanup is delayed until after the event loop is closed (e.g. + as the result of a keyboard interrupt). + - Avoid a crash in the C version of + asyncio.Future.remove_done_callback() when an evil argument + is passed. + - Remove tokenize.NL check from tabnanny. + - Fix generation of the default name of + tkinter.Checkbutton. Previously, checkbuttons in different + parent widgets could have the same short name and share + the same state if arguments “name” and “variable” are not + specified. Now they are globally unique. + - Update bundled libexpat to 2.4.9 + - Fix race condition in asyncio where process_exited() called + before the pipe_data_received() leading to inconsistent + output. Patch by Kumar Aditya. + - Fixed check in multiprocessing.resource_tracker that + guarantees that the length of a write to a pipe is not + greater than PIPE_BUF. + - Corrected type annotation for dataclass attribute + pstats.FunctionProfile.ncalls to be str. + - Fix repr of Any subclasses. + - Work around missing socket functions in socket’s __repr__. + - In inspect, fix overeager replacement of “typing.” in + formatting annotations. + - Fix handling of bytes path-like objects in os.ismount(). + - Fix handling compiler warnings (SyntaxWarning and + DeprecationWarning) in codeop.compile_command() when checking + for incomplete input. Previously it emitted warnings and + raised a SyntaxError. Now it always returns None for + incomplete input without emitting any warnings. + - To avoid apparent memory leaks when asyncio.open_connection() + raises, break reference cycles generated by local exception + and future instances (which has exception instance as its + member var). Patch by Dong Uk, Kang. + - Fixed flickering of the turtle window when the tracer is + turned off. Patch by Shin-myoung-serp. + - Fix asyncio subprocess transport to kill process cleanly + when process is blocked and avoid RuntimeError when loop is + closed. Patch by Kumar Aditya. + - Prevent error when activating venv in nested fish instances. + - TarFile.next() now returns None when called on an empty + tarfile. + - Document the optional callback parameter of WeakMethod. Patch + by Géry Ogam. + - Restrict use of sockets instead of pipes for stdin of + subprocesses created by asyncio to AIX platform only. + - shutil.copytree() now applies the ignore_dangling_symlinks + argument recursively. + - Fix IndexError in argparse.ArgumentParser when a store_true + action is given an explicit argument. + - Document that calling variadic functions with ctypes requires + special care on macOS/arm64 (and possibly other platforms). + - Remove extra row + - Clarified the conflicting advice given in the ast + documentation about ast.literal_eval() being “safe” for use + on untrusted input while at the same time warning that it + can crash the process. The latter statement is true and is + deemed unfixable without a large amount of work unsuitable + for a bugfix. So we keep the warning and no longer claim that + literal_eval is safe. + - Restructured the documentation for the os.wait* family of + functions, and improved the docs for os.waitid() with more + explanation of the possible argument constants. + - Skip test_normalization() of test_unicodedata if it + fails to download NormalizationTest.txt file from + pythontest.net. Patch by Victor Stinner. + - Correct test_marsh on (32 bit) x86: test_deterministic sets + was failing. + - Optional big memory tests in test_sqlite3 now catch the + correct sqlite.DataError exception type in case of too large + strings and/or blobs passed. + - Fix a bug in the typing tests where a test relying + on CPython-specific implementation details was not + decorated with @cpython_only and was not skipped on other + implementations. + - Add tests for star-unpacking with PEP 646, and some other + miscellaneous PEP 646 tests. + - Added explicit coverage of Py_Initialize (and hence + Py_InitializeEx) back to the embedding tests (all other + embedding tests migrated to Py_InitializeFromConfig in Python + 3.11) + - Some C API tests were moved into the new Lib/test/test_capi/ + directory. + - Fix -Wimplicit-int, -Wstrict-prototypes, and + -Wimplicit-function-declaration compiler warnings in + configure checks. + - Fix a compilation issue with GCC 12 on macOS. + - Fix -Wimplicit-int compiler warning in configure check for + PTHREAD_SCOPE_SYSTEM. + - Fix a possible fd leak in Programs/_freeze_module.c + introduced in Python 3.11. + - Fix build with PYTHON_FOR_REGEN=python3.8. + - Specify the full path to the source location for make + docclean (needed for cross-builds). + - Don’t use vendored libmpdec headers if --with-system-libmpdec + is passed to configure. Don’t use vendored libexpat headers + if --with-system-expat is passed to !configure. + - Fix the build process of clang compiler for _bootstrap_python + if LTO optimization is applied. Patch by Matthias Görgens and + Dong-hee Na. + - wasm32-emscripten builds for browsers now include + concurrent.futures for asyncio and unittest.mock. + - wasm32-emscripten platform no longer builds resource module, + getresuid(), getresgid(), and their setters. The APIs are + stubs and not functional. + - Updated pegen regeneration script on Windows to find and + use Python 3.9 or higher. Prior to this, pegen regeneration + already required 3.9 or higher, but the script may have used + lower versions of Python. + - Fix a bug in the previous bugfix that caused IDLE to + not start when run with 3.10.8, 3.12.0a1, and at least + Microsoft Python 3.10.2288.0 installed without the Lib/test + package. 3.11.0 was never affected. + - The wasm_build.py script now pre-builds Emscripten ports, + checks for broken EMSDK versions, and warns about pkg-config + env vars. + - The new tool Tools/wasm/wasm_builder.py automates configure, + compile, and test steps for building CPython on WebAssembly + platforms. + - Fix handling of module docstrings in Tools/i18n/pygettext.py. + - PyBUF_* constants were marked as part of Limited API + of Python 3.11+. These were available in 3.11.0 with + Py_LIMITED_API defined for 3.11, and are necessary to use the + buffer API. + - Fix use-after-free in Py_SetPythonHome(NULL), + Py_SetProgramName(NULL) and _Py_SetProgramFullPath(NULL) + function calls. Issue reported by Benedikt Reinartz. Patch by + Victor Stinner. + - Py_InitializeEx now correctly calls PyConfig_Clear after + initializing the interpreter (the omission didn’t cause a + memory leak only because none of the dynamically allocated + config fields are populated by the wrapper function) +- Removed upstreamed patches: + - 98437-sphinx.locale._-as-gettext-in-pyspecific.patch + - CVE-2022-45061-DoS-by-IDNA-decode.patch + +------------------------------------------------------------------- +Wed Nov 9 18:31:23 UTC 2022 - Matej Cepl + +- Add CVE-2022-45061-DoS-by-IDNA-decode.patch to avoid + CVE-2022-45061 (bsc#1205244) allowing DoS by IDNA decoding + extremely long domain names. + +------------------------------------------------------------------- +Tue Oct 25 08:39:47 UTC 2022 - Matej Cepl + +- Update to 3.11.0 (overall changes from 3.10.*): + - General changes + - PEP 657 -- Include Fine-Grained Error Locations in + Tracebacks + - PEP 654 -- Exception Groups and except* + - PEP 680 -- tomllib: Support for Parsing TOML in the + Standard Library + - gh-90908 -- Introduce task groups to asyncio + - gh-34627 -- Atomic grouping ((?>...)) and possessive + quantifiers (*+, ++, ?+, {m,n}+) are now supported in + regular expressions. + - The Faster CPython Project is already yielding some + exciting results. Python 3.11 is up to 10-60% faster than + Python 3.10. On average, we measured a 1.22x speedup on the + standard benchmark suite. See Faster CPython for details. + - Typing and typing language changes + - PEP 673 -- Self Type + - PEP 646 -- Variadic Generics + - PEP 675 -- Arbitrary Literal String Type + - PEP 655 -- Marking individual TypedDict items as required + or potentially-missing + - PEP 681 -- Data Class Transforms +- (just changes from 3.11.0rc2): + - Fix multiplying a list by an integer (list *= int): detect + the integer overflow when the new allocated length is close + to the maximum size. Issue reported by Jordan Limor. Patch by + Victor Stinner. + - On Linux the multiprocessing module returns to using + filesystem backed unix domain sockets for communication + with the forkserver process instead of the Linux abstract + socket namespace. Only code that chooses to use the + “forkserver” start method is affected. Abstract sockets have + no permissions and could allow any user on the system in the + same network namespace (often the whole system) to inject + code into the multiprocessing forkserver process. This was + a potential privilege escalation. Filesystem based socket + permissions restrict this to the forkserver process user as + was the default in Python 3.8 and earlier. This prevents + Linux CVE-2022-42919. + - Fix an issue where several frame objects could be backed by + the same interpreter frame, possibly leading to corrupted + memory and hard crashes of the interpreter. + - Fix possible data corruption or crashes when accessing the + f_back member of newly-created generator or coroutine frames. + - Fix a crash occurring when PyEval_GetFrame() is called while + the topmost Python frame is in a partially-initialized state. + - Fix command line parsing: reject -X int_max_str_digits option + with no value (invalid) when the PYTHONINTMAXSTRDIGITS + environment variable is set to a valid limit. Patch by Victor + Stinner. + - Fix undefined behaviour in _testcapimodule.c. + - When ValueError is raised if an integer is larger than the + limit, mention the sys.set_int_max_str_digits() function in + the error message. Patch by Victor Stinner. + - Correctly raise SyntaxError on exception groups (PEP 654) on + python versions prior to 3.11 + - Document some places where an assignment expression needs + parentheses. + - Update the bundled copies of pip and setuptools to versions + 22.3 and 65.5.0 respectively. + - fix Flag to use boundary CONFORM + - This restores previous Flag behavior of allowing flags with + non-sequential values to be combined; e.g. + - class Skip(Flag): TWO = 2 EIGHT = 8 + - Skip.TWO | Skip.EIGHT -> + - Fix ! in c domain ref target syntax via a conf.py patch, so + it works as intended to disable ref target resolution. + - Update tutorial introduction output to use 3.10+ SyntaxError + invalid range. + +------------------------------------------------------------------- +Fri Oct 21 10:14:03 UTC 2022 - Matej Cepl + +- Add 98437-sphinx.locale._-as-gettext-in-pyspecific.patch to + allow building of documentation with the latest Sphinx 5.3.0 + (gh#python/cpython#98366). + +------------------------------------------------------------------- +Thu Sep 15 08:43:07 UTC 2022 - Matej Cepl + +- Update to 3.11.0rc2: + - Converting between int and str in bases other than 2 + (binary), 4, 8 (octal), 16 (hexadecimal), or 32 such as base + 10 (decimal) now raises a ValueError if the number of digits + in string form is above a limit to avoid potential denial of + service attacks due to the algorithmic complexity. This is + a mitigation for CVE-2020-10735. + This new limit can be configured or disabled by environment + variable, command line flag, or sys APIs. See the integer + string conversion length limitation documentation. The + default limit is 4300 digits in string form. + - Fix case of undefined behavior in ceval.c + - Do not expose KeyWrapper in _functools. + - Ensure that tracing, sys.setrace(), is turned on + immediately. In pre-release versions of 3.11, some tracing + events might have been lost when turning on tracing in a + __del__ method or interrupt. + - Fix use after free in trace refs build mode. Patch by Kumar + Aditya. + - When loading a file with invalid UTF-8 inside a multi-line + string, a correct SyntaxError is emitted. + - Make sure that incomplete frames do not show up in + tracemalloc traces. + - Remove two cases of undefined behavior, by adding NULL + checks. + - Fix possible NULL pointer dereference in + _PyThread_CurrentFrames. Patch by Kumar Aditya. + - Fix AttributeError missing name and obj attributes in + object.__getattribute__(). Patch by Philip Georgi. + - Loading a file with invalid UTF-8 will now report the broken + character at the correct location. + - Fixed a bug that caused _PyCode_GetExtra to return garbage + for negative indexes. Patch by Pablo Galindo + - Fix a deadlock in PyGILState_Ensure() when allocating new + thread state. Patch by Kumar Aditya. + - PyType_Ready() now initializes ht_cached_keys and performs + additional checks to ensure that type objects are properly + configured. This avoids crashes in 3rd party packages that + don’t use regular API to create new types. + - Skip over incomplete frames in PyThreadState_GetFrame(). + - Fix format string in _PyPegen_raise_error_known_location that + can lead to memory corruption on some 64bit systems. The + function was building a tuple with i (int) instead of n + (Py_ssize_t) for Py_ssize_t arguments. + - Fix misleading contents of error message when converting an + all-whitespace string to float. + - ast.parse() will no longer parse function definitions with + positional-only params when passed feature_version less than + (3, 8). Patch by Shantanu Jain. + - Fix incorrect error message in the io module. + - Fix the faulthandler implementation of + faulthandler.register(signal, chain=True) if the sigaction() + function is not available: don’t call the previous signal + handler if it’s NULL. Patch by Victor Stinner. + - Correct conversion of numbers.Rational’s to float. + - Fix TypeVarTuple.__typing_prepare_subst__. TypeError was not + raised when using more than one TypeVarTuple, like [*T, *V] + in type alias substitutions. + - Fix asyncio.streams.StreamReaderProtocol to keep a strong + reference to the created task, so that it’s not garbage + collected + - Fix a performance regression in logging + TimedRotatingFileHandler. Only check for special files when + the rollover time has passed. + - Fix unused localName parameter in the Attr class in + xml.dom.minidom. + - Fix incorrect condition that causes sys.thread_info.name to + be wrong on pthread platforms. + - Remove an incompatible change from bpo-28080 that caused a + regression that ignored the utf8 in ZipInfo.flag_bits. Patch + by Pablo Galindo. + - Fix asyncio.Runner to call asyncio.set_event_loop() only + once to avoid calling attach_loop() multiple times on child + watchers. Patch by Kumar Aditya. + - Fix unittest.IsolatedAsyncioTestCase to set event loop before + calling setup functions. Patch by Kumar Aditya. + - When a task catches asyncio.CancelledError and raises some + other error, the other error should generally not silently be + suppressed. + - Fail gracefully if EPERM or ENOSYS is raised when loading + crypt methods. This may happen when trying to load MD5 on a + Linux kernel with FIPS enabled. + - Allow asyncio.StreamWriter.drain() to be awaited concurrently + by multiple tasks. Patch by Kumar Aditya. + - Fix ast.unparse() when ImportFrom.level is None + - Improve discoverability of the higher level + concurrent.futures module by providing clearer links from the + lower level threading and multiprocessing modules. + - What’s New 3.11 now has instructions for how to provide + compiler and linker flags for Tcl/Tk and OpenSSL on RHEL 7 + and CentOS 7. + - Mitigate the inherent race condition from using + find_unused_port() in testSockName() by trying to find an + unused port a few times before failing. Patch by Ross Burton. + - Build and test with OpenSSL 1.1.1q +- Use support-expat-CVE-2022-25236-patched.patch from the current + version of gh#python/cpython#93900 instead of the old + support-expat-245.patch. +- Reapply fix_configure_rst.patch. + +------------------------------------------------------------------- +Mon Sep 5 08:43:49 UTC 2022 - Andreas Schwab + +- Increase testsuite timeout for test_freeze_simple_script + +------------------------------------------------------------------- +Sat Aug 20 21:31:40 UTC 2022 - Matej Cepl + +- fix import_failed.map to refer to the python 3.11 package versions + +------------------------------------------------------------------- +Sat Aug 20 14:05:21 UTC 2022 - Matej Cepl + +- Update to 3.11.0rc1: + - Core and Builtins + - Update code object hashing and equality to consider all + debugging and exception handling tables. This fixes an + issue where certain non-identical code objects could be + “deduplicated” during compilation. + - _PyPegen_Parser_New now properly detects token memory + allocation errors. Patch by Honglin Zhu. + - Run Python code in tracer/profiler function at full + speed. Fixes slowdown in earlier versions of 3.11. + - Emit a warning in debug mode if an object does not call + PyObject_GC_UnTrack() before deallocation. Patch by Pablo + Galindo. + - Prevented crashes in the AST constructor when + compiling some absurdly long expressions like + "+0"*1000000. RecursionError is now raised instead. Patch + by Pablo Galindo + - ast.AST node positions are now validated when provided to + compile() and other related functions. If invalid positions + are detected, a ValueError will be raised. + - Fix error detection in some builtin functions when keyword + argument name is an instance of a str subclass with + overloaded __eq__ and __hash__. Previously it could cause + SystemError or other undesired behavior. + - Library + - Update bundled pip to 22.2.2. + - Fix asyncio.TaskGroup to propagate exception when + asyncio.CancelledError was replaced with another exception + by a context manger. Patch by Kumar Aditya and Guido van + Rossum. + - Update bundled pip to 22.2.1. + - Fix GC crash when deallocating _lsprof.Profiler by + untracking it before calling any callbacks. Patch by Kumar + Aditya. + - Fix asyncio.run() for asyncio.Task implementations without + uncancel() method. Patch by Kumar Aditya. + - Fix check for existence of os.EFD_CLOEXEC, os.EFD_NONBLOCK + and os.EFD_SEMAPHORE flags on older kernel versions where + these flags are not present. Patch by Kumar Aditya. + - Fix concurrent.futures.Executor.map() to cancel the + currently waiting on future on an error - e.g. TimeoutError + or KeyboardInterrupt. + - Ensure that timeouts scheduled with asyncio.Timeout that + have already expired are delivered promptly. + - Suppress writing an XML declaration in open files + in ElementTree.write() with encoding='unicode' and + xml_declaration=None. + - Fix findtext in the xml module to only give an empty string + when the text attribute is set to None. + - Documentation + - Fix stylesheet not working in Windows CHM htmlhelp docs + and add warning that they are deprecated. Contributed by + C.A.M. Gerlach. + - Update library documentation with availability information + on WebAssembly platforms wasm32-emscripten and wasm32-wasi. + - Use consistent syntax for platform availability. The + directive now supports a content body and emits a warning + when it encounters an unknown platform. + - Document a limitation in ThreadPoolExecutor where its exit + handler is executed before any handlers in atexit. + - Tests + - Lib/test/test_asyncio/test_ssl.py exposed a bug in the + macOS kernel where intense concurrent load on non-blocking + sockets occasionally causes errno.ENOBUFS (“No buffer space + available”) to be emitted. FB11063974 filed with Apple, in + the mean time as a workaround buffer size used in tests on + macOS is decreased to avoid intermittent failures. Patch by + Fantix King. + - Fix problem with test_ssl test_get_ciphers on systems that + require perfect forward secrecy (PFS) ciphers. + - Add a regression test for re exponentional slowdown when + using rjsmin. + - Build + - Fix a regression in configure script that caused some + header checks to ignore custom CPPFLAGS. The regression was + introduced in gh-94802. + - wasm32-wasi builds no longer depend on WASIX’s pthread + stubs. Python now has its own stubbed pthread API. + - Python now detects missing dup function in WASI and works + around some missing errno, select, and socket constants. + - Python now skips missing socket functions and methods on + WASI. WASI can only create sockets from existing fd / + accept and has no netdb. + - Platforms wasm32-unknown-emscripten and wasm32-unknown-wasi + have been promoted to PEP 11 tier 3 platform support. + - IDLE + - Document handling of extensions in Save As dialogs. + - Include prompts when saving Shell (interactive input and + output). + - Fix the Shell context menu copy-with-prompts bug of copying + an extra line when one selects whole lines. + - In the Edit menu, move Select All and add a new separator. + - Enable using IDLE’s module browser with .pyw files. + - Add .pyi as a recognized extension for IDLE on macOS. This + allows opening stub files by double clicking on them in the + Finder. + - C API + - Restore the 3.10 behavior for multiple inheritance of C + extension classes that store their dictionary at the end of + the struct. + - Added PyCode_GetVarnames(), PyCode_GetCellvars() and + PyCode_GetFreevars() for accessing co_varnames, co_cellvars + and co_freevars respectively via the C API. + +------------------------------------------------------------------- +Tue Jul 26 10:37:31 UTC 2022 - Matej Cepl + +- Update to 3.11.0b5: + - Core and Builtins + - gh-93351: ast.AST node positions are now validated when + provided to compile() and other related functions. If + invalid positions are detected, a ValueError will be + raised. + - gh-94438: Fix an issue that caused extended opcode + arguments and some conditional pops to be ignored when + calculating valid jump targets for assignments to the + f_lineno attribute of frame objects. In some cases, this + could cause inconsistent internal state, resulting in a + hard crash of the interpreter. + - gh-95060: Undocumented PyCode_Addr2Location function now + properly returns when addrq argument is less than zero. + - gh-95113: Replace all EXTENDED_ARG_QUICK instructions + with basic EXTENDED_ARG instructions in unquickened + code. Consumers of non-adaptive bytecode should be able to + handle extended arguments the same way they were handled in + CPython 3.10 and older. + - gh-91409: Fix incorrect source location info caused by + certain optimizations in the bytecode compiler. + - gh-94036: Fix incorrect source location info for some + multi-line attribute accesses and method calls. + - gh-94739: Allow jumping within, out of, and across + exception handlers in the debugger. + - gh-94949: ast.parse() will no longer parse parenthesized + context managers when passed feature_version less than (3, + 9). Patch by Shantanu Jain. + - gh-94947: ast.parse() will no longer parse assignment + expressions when passed feature_version less than (3, + 8). Patch by Shantanu Jain. + - gh-91256: Ensures the program name is known for help text + during interpreter startup. + - gh-94869: Fix the column offsets for some expressions in + multi-line f-strings ast nodes. Patch by Pablo Galindo. + - gh-94822: Fix an issue where lookups of metaclass + descriptors may be ignored when an identically-named + attribute also exists on the class itself. + - gh-91153: Fix an issue where a bytearray item assignment + could crash if it’s resized by the new value’s __index__() + method. + - gh-90699: Fix reference counting bug in + bool.__repr__(). Patch by Kumar Aditya. + - Library + - gh-95087: Fix IndexError in parsing invalid date in the + email module. + - gh-95199: Upgrade bundled setuptools to 63.2.0. + - gh-95194: Upgrade bundled pip to 22.2. + - gh-95132: Fix a sqlite3 regression where *args and **kwds + were incorrectly relayed from connect() to the Connection + factory. The regression was introduced in 3.11a1 with PR + 24421 (gh-85128). Patch by Erlend E. Aasland.` + - gh-93157: Fix fileinput module didn’t support errors option + when inplace is true. + - gh-95105: wsgiref.types.InputStream.__iter__() should + return Iterator[bytes], not Iterable[bytes]. Patch by + Shantanu Jain. + - gh-94857: Fix refleak in + _io.TextIOWrapper.reconfigure. Patch by Kumar Aditya. + - gh-94821: Fix binding of unix socket to empty address + on Linux to use an available address from the abstract + namespace, instead of “0”. + - gh-89988: Fix memory leak in pickle.Pickler when looking up + dispatch_table. Patch by Kumar Aditya. + - bpo-47025: Drop support for bytes on sys.path. + - Tests + - gh-95212: Make multiprocessing test case + test_shared_memory_recreate parallel-safe. + - Build + - gh-94847: Fixed _decimal module build issue on GCC when + compiling with LTO and pydebug. Debug builds no longer + force inlining of functions. + - gh-94841: Fix the possible performance regression of + PyObject_Free() compiled with MSVC version 1932. + - gh-94801: configure now uses custom flags like ZLIB_CFLAGS + and ZLIB_LIBS when searching for headers and libraries. + - gh-94773: deepfreeze.py now supports code object with + frozensets that contain incompatible, unsortable types. + - C API + - gh-94930: Fix SystemError raised when + PyArg_ParseTupleAndKeywords() is used with # in (...) but + without PY_SSIZE_T_CLEAN defined. + - gh-94864: Fix PyArg_Parse* with deprecated format units “u” + and “Z”. It returned 1 (success) when warnings are turned + into exceptions. + - gh-94731: Python again uses C-style casts for + most casting operations when compiled with + C++. This may trigger compiler warnings, if they + are enabled with e.g. -Wold-style-cast `` or + ``-Wzero-as-null-pointer-constant options for g++. + +------------------------------------------------------------------- +Thu Jul 21 14:19:53 UTC 2022 - Matej Cepl + +- Switch from %primary_interpreter to prjconf-defined + %primary_python (gh#openSUSE/python-rpm-macros#127). + +------------------------------------------------------------------- +Thu Jul 14 15:37:35 UTC 2022 - Matej Cepl + +- Update to 3.11.0b4: +- Fixes many bugs and adds following more significant changes +- Security + - gh-68966: The deprecated mailcap module now refuses to inject + Coreunsafe text (filenames, MIME types, parameters) into + shell Corecommands. Instead of using such text, it will + warn and act Coreas if a match was not found (or for test + commands, as if the Coretest failed). and Builtins + - gh-93516: Lazily create a table mapping bytecode offsets to + line numbers to speed up calculation of line numbers when + tracing. + - gh-93461: importlib.invalidate_caches() now drops entries + from sys.path_importer_cache with a relative path as + name. This solves a caching issue when a process changes its + current working directory. + - FileFinder no longer inserts a dot in the path, e.g. + /egg/./spam is now /egg/spam. +Library + - gh-93896: Fix asyncio.run() and + unittest.IsolatedAsyncioTestCase to always the set event loop + as it was done in Python 3.10 and earlier. Patch by Kumar + Aditya. + - gh-94101: Manual instantiation of ssl.SSLSession objects is + no longer allowed as it lead to misconfigured instances that + crashed the interpreter when attributes where accessed on + them. + - gh-83658: Make multiprocessing.Pool raise an exception if + maxtasksperchild is not None or a positive int. + - gh-61162: Clarify sqlite3 behavior when Using the connection + as a context manager. +Tools/Demos + - gh-94538: Fix Argument Clinic output to custom file + destinations. Patch by Erlend E. Aasland. +C API + - gh-93937: The following frame functions and type are now + directly available with #include , it’s no longer + needed to add #include : + PyFrame_Check() + PyFrame_GetBack() + PyFrame_GetBuiltins() + PyFrame_GetGenerator() + PyFrame_GetGlobals() + PyFrame_GetLasti() + PyFrame_GetLocals() + PyFrame_Type + +------------------------------------------------------------------- +Tue May 31 20:54:36 UTC 2022 - Matej Cepl + +- Update to 3.11.0b2: + - many small updates +- Add patch support-expat-245.patch: + * Support Expat >= 2.4.4 (jsc#SLE-21253) + +------------------------------------------------------------------- +Tue May 10 15:01:18 UTC 2022 - Matej Cepl + +- Refresh bluez-devel-vendor.tar.xz +- Fix building with system-expat (gh#python/cpython#92875). Nope, + it didn't work, worked around it. + +------------------------------------------------------------------- +Mon May 9 15:09:03 UTC 2022 - Matej Cepl + +- Update to pre-release version 3.11.0b1: + - PEP 657 – Include Fine-Grained Error Locations in Tracebacks + - PEP 654 – Exception Groups and except* + - PEP 673 – Self Type + - PEP 646 – Variadic Generics + - PEP 680– tomllib: Support for Parsing TOML in the Standard Library + - PEP 675– Arbitrary Literal String Type + - PEP 655– Marking individual TypedDict items as required or potentially-missing + - bpo-46752– Introduce task groups to asyncio + - The Faster Cpython Project is already yielding some exciting + results. Python 3.11 is up to 10-60% faster than Python + 3.10. On average, we measured a 1.22x speedup on the standard + benchmark suite. See + https://docs.python.org/3.11/whatsnew/3.11.html#faster-cpython + for details. + +------------------------------------------------------------------- +Thu May 5 14:35:56 UTC 2022 - Matej Cepl + +- Switch primary_interpreter from python38 to python310 + +------------------------------------------------------------------- +Sat Mar 26 22:52:45 UTC 2022 - Matej Cepl + +- Update to 3.10.4: + - bpo-46968: Check for the existence of the “sys/auxv.h” header + in faulthandler to avoid compilation problems in systems + where this header doesn’t exist. Patch by Pablo Galindo + - bpo-23691: Protect the re.finditer() iterator from + re-entering. + - bpo-42369: Fix thread safety of zipfile._SharedFile.tell() to + avoid a “zipfile.BadZipFile: Bad CRC-32 for file” exception + when reading a ZipFile from multiple threads. + - bpo-38256: Fix binascii.crc32() when it is compiled to use + zlib’c crc32 to work properly on inputs 4+GiB in length + instead of returning the wrong result. The workaround prior + to this was to always feed the function data in increments + smaller than 4GiB or to just call the zlib module function. + - bpo-39394: A warning about inline flags not at the start of + the regular expression now contains the position of the flag. + - bpo-47061: Deprecate the various modules listed by PEP 594: + - aifc, asynchat, asyncore, audioop, cgi, cgitb, chunk, crypt, + imghdr, msilib, nntplib, nis, ossaudiodev, pipes, smtpd, + sndhdr, spwd, sunau, telnetlib, uu, xdrlib + - bpo-2604: Fix bug where doctests using globals would fail + when run multiple times. + - bpo-45997: Fix asyncio.Semaphore re-aquiring FIFO order. + - bpo-47022: The asynchat, asyncore and smtpd modules have been + deprecated since at least Python 3.6. Their documentation and + deprecation warnings and have now been updated to note they + will removed in Python 3.12 (PEP 594). + - bpo-46421: Fix a unittest issue where if the command was + invoked as python -m unittest and the filename(s) began with + a dot (.), a ValueError is returned. + - bpo-40296: Fix supporting generic aliases in pydoc. + +- Update to 3.10.3: + - bpo-46940: Avoid overriding AttributeError metadata + information for nested attribute access calls. Patch by Pablo + Galindo. + - bpo-46852: Rename the private undocumented + float.__set_format__() method to float.__setformat__() to fix + a typo introduced in Python 3.7. The method is only used by + test_float. Patch by Victor Stinner. + - bpo-46794: Bump up the libexpat version into 2.4.6 + - bpo-46820: Fix parsing a numeric literal immediately (without + spaces) followed by “not in” keywords, like in 1not in x. Now + the parser only emits a warning, not a syntax error. + - bpo-46762: Fix an assert failure in debug builds when a ‘<’, + ‘>’, or ‘=’ is the last character in an f-string that’s + missing a closing right brace. + - bpo-46724: Make sure that all backwards jumps use the + JUMP_ABSOLUTE instruction, rather than JUMP_FORWARD with an + argument of (2**32)+offset. + - bpo-46732: Correct the docstring for the __bool__() method. + Patch by Jelle Zijlstra. + - bpo-46707: Avoid potential exponential backtracking when + producing some syntax errors involving lots of brackets. + Patch by Pablo Galindo. + - bpo-40479: Add a missing call to va_end() in + Modules/_hashopenssl.c. + - bpo-46615: When iterating over sets internally in + setobject.c, acquire strong references to the resulting items + from the set. This prevents crashes in corner-cases of + various set operations where the set gets mutated. + - bpo-45773: Remove two invalid “peephole” optimizations from + the bytecode compiler. + - bpo-43721: Fix docstrings of getter, setter, and deleter to + clarify that they create a new copy of the property. + - bpo-46503: Fix an assert when parsing some invalid N escape + sequences in f-strings. + - bpo-46417: Fix a race condition on setting a type __bases__ + attribute: the internal function add_subclass() now gets the + PyTypeObject.tp_subclasses member after calling + PyWeakref_NewRef() which can trigger a garbage collection + which can indirectly modify PyTypeObject.tp_subclasses. Patch + by Victor Stinner. + - bpo-46383: Fix invalid signature of _zoneinfo’s module_free + function to resolve a crash on wasm32-emscripten platform. + - bpo-46070: Py_EndInterpreter() now explicitly untracks all + objects currently tracked by the GC. Previously, if an object + was used later by another interpreter, calling + PyObject_GC_UnTrack() on the object crashed if the previous + or the next object of the PyGC_Head structure became + a dangling pointer. Patch by Victor Stinner. + - bpo-46339: Fix a crash in the parser when retrieving the + error text for multi-line f-strings expressions that do not + start in the first line of the string. Patch by Pablo Galindo + - bpo-46240: Correct the error message for unclosed parentheses + when the tokenizer doesn’t reach the end of the source when + the error is reported. Patch by Pablo Galindo + - bpo-46091: Correctly calculate indentation levels for lines + with whitespace character that are ended by line continuation + characters. Patch by Pablo Galindo + - bpo-43253: Fix a crash when closing transports where the + underlying socket handle is already invalid on the Proactor + event loop. + - bpo-47004: Apply bugfixes from importlib_metadata 4.11.3, + including bugfix for EntryPoint.extras, which was returning + match objects and not the extras strings. + - bpo-46985: Upgrade pip wheel bundled with ensurepip (pip + 22.0.4) + - bpo-46968: faulthandler: On Linux 5.14 and newer, dynamically + determine size of signal handler stack size CPython allocates + using getauxval(AT_MINSIGSTKSZ). This changes allows for + Python extension’s request to Linux kernel to use AMX_TILE + instruction set on Sapphire Rapids Xeon processor to succeed, + unblocking use of the ISA in frameworks. + - bpo-46955: Expose asyncio.base_events.Server as + asyncio.Server. Patch by Stefan Zabka. + - bpo-23325: The signal module no longer assumes that SIG_IGN + and SIG_DFL are small int singletons. + - bpo-46932: Update bundled libexpat to 2.4.7 + - bpo-25707: Fixed a file leak in + xml.etree.ElementTree.iterparse() when the iterator is not + exhausted. Patch by Jacob Walls. + - bpo-44886: Inherit asyncio proactor datagram transport from + asyncio.DatagramTransport. + - bpo-46827: Support UDP sockets in asyncio.loop.sock_connect() + for selector-based event loops. Patch by Thomas Grainger. + - bpo-46811: Make test suite support Expat >=2.4.5 + - bpo-46252: Raise TypeError if ssl.SSLSocket is passed to + transport-based APIs. + - bpo-46784: Fix libexpat symbols collisions with user + dynamically loaded or statically linked libexpat in embedded + Python. + - bpo-39327: shutil.rmtree() can now work with VirtualBox + shared folders when running from the guest operating-system. + - bpo-46756: Fix a bug in + urllib.request.HTTPPasswordMgr.find_user_password() and + urllib.request.HTTPPasswordMgrWithPriorAuth.is_authenticated() + which allowed to bypass authorization. For example, access to + URI example.org/foobar was allowed if the user was authorized + for URI example.org/foo. + - bpo-46643: In typing.get_type_hints(), support evaluating + stringified ParamSpecArgs and ParamSpecKwargs annotations. + Patch by Gregory Beauregard. + - bpo-45863: When the tarfile module creates a pax format + archive, it will put an integer representation of timestamps + in the ustar header (if possible) for the benefit of older + unarchivers, in addition to the existing full-precision + timestamps in the pax extended header. + - bpo-46676: Make typing.ParamSpec args and kwargs equal to + themselves. Patch by Gregory Beauregard. + - bpo-46672: Fix NameError in asyncio.gather() when initial + type check fails. + - bpo-46655: In typing.get_type_hints(), support evaluating + bare stringified TypeAlias annotations. Patch by Gregory + Beauregard. + - bpo-45948: Fixed a discrepancy in the C implementation of the + xml.etree.ElementTree module. Now, instantiating an + xml.etree.ElementTree.XMLParser with a target=None keyword + provides a default xml.etree.ElementTree.TreeBuilder target + as the Python implementation does. + - bpo-46521: Fix a bug in the codeop module that was + incorrectly identifying invalid code involving string quotes + as valid code. + - bpo-46581: Brings ParamSpec propagation for GenericAlias in + line with Concatenate (and others). + - bpo-46591: Make the IDLE doc URL on the About IDLE dialog + clickable. + - bpo-46400: expat: Update libexpat from 2.4.1 to 2.4.4 + - bpo-46487: Add the get_write_buffer_limits method to + asyncio.transports.WriteTransport and to the SSL transport. + - bpo-45173: Note the configparser deprecations will be removed + in Python 3.12. + - bpo-46539: In typing.get_type_hints(), support evaluating + stringified ClassVar and Final annotations inside Annotated. + Patch by Gregory Beauregard. + - bpo-46491: Allow typing.Annotated to wrap typing.Final and + typing.ClassVar. Patch by Gregory Beauregard. + - bpo-46436: Fix command-line option -d/--directory in module + http.server which is ignored when combined with command-line + option --cgi. Patch by Géry Ogam. + - bpo-41403: Make mock.patch() raise a TypeError with + a relevant error message on invalid arg. Previously it + allowed a cryptic AttributeError to escape. + - bpo-46474: In importlib.metadata.EntryPoint.pattern, avoid + potential REDoS by limiting ambiguity in consecutive + whitespace. + - bpo-46469: asyncio generic classes now return + types.GenericAlias in __class_getitem__ instead of the same + class. + - bpo-46434: pdb now gracefully handles help when __doc__ is + missing, for example when run with pregenerated optimized + .pyc files. + - bpo-46333: The __eq__() and __hash__() methods of + typing.ForwardRef now honor the module parameter of + typing.ForwardRef. Forward references from different modules + are now differentiated. + - bpo-46246: Add missing __slots__ to + importlib.metadata.DeprecatedList. Patch by Arie Bovenberg. + - bpo-46266: Improve day constants in calendar. + - Now all constants (MONDAY … SUNDAY) are documented, tested, + and added to __all__. + - bpo-46232: The ssl module now handles certificates with bit + strings in DN correctly. + - bpo-43118: Fix a bug in inspect.signature() that was causing + it to fail on some subclasses of classes with + a __text_signature__ referencing module globals. Patch by + Weipeng Hong. + - bpo-26552: Fixed case where failing asyncio.ensure_future() + did not close the coroutine. Patch by Kumar Aditya. + - bpo-21987: Fix an issue with tarfile.TarFile.getmember() + getting a directory name with a trailing slash. + - bpo-20392: Fix inconsistency with uppercase file extensions + in MimeTypes.guess_type(). Patch by Kumar Aditya. + - bpo-46080: Fix exception in argparse help text generation if + a argparse.BooleanOptionalAction argument’s default is + argparse.SUPPRESS and it has help specified. Patch by Felix + Fontein. + - bpo-44439: Fix .write() method of a member file in ZipFile, + when the input data is an object that supports the buffer + protocol, the file length may be wrong. + - bpo-45703: When a namespace package is imported before + another module from the same namespace is created/installed + in a different sys.path location while the program is + running, calling the importlib.invalidate_caches() function + will now also guarantee the new module is noticed. + - bpo-24959: Fix bug where unittest sometimes drops frames from + tracebacks of exceptions raised in tests. + - bpo-44791: Fix substitution of ParamSpec in Concatenate with + different parameter expressions. Substitution with a list of + types returns now a tuple of types. Substitution with + Concatenate returns now a Concatenate with concatenated lists + of arguments. + - bpo-14156: argparse.FileType now supports an argument of ‘-’ + in binary mode, returning the .buffer attribute of + sys.stdin/sys.stdout as appropriate. Modes including ‘x’ and + ‘a’ are treated equivalently to ‘w’ when argument is ‘-’. + Patch contributed by Josh Rosenberg + - bpo-46463: Fixes escape4chm.py script used when building the + CHM documentation file + - bpo-46913: Fix test_faulthandler.test_sigfpe() if Python is + built with undefined behavior sanitizer (UBSAN): disable + UBSAN on the faulthandler_sigfpe() function. Patch by Victor + Stinner. + - bpo-46708: Prevent default asyncio event loop policy + modification warning after test_asyncio execution. + - bpo-46678: The function make_legacy_pyc in + Lib/test/support/import_helper.py no longer fails when + PYTHONPYCACHEPREFIX is set to a directory on a different + device from where tempfiles are stored. + - bpo-46616: Ensures test_importlib.test_windows cleans up + registry keys after completion. + - bpo-44359: test_ftplib now silently ignores socket errors to + prevent logging unhandled threading exceptions. Patch by + Victor Stinner. + - bpo-46542: Fix a Python crash in test_lib2to3 when using + Python built in debug mode: limit the recursion limit. Patch + by Victor Stinner. + - bpo-46576: test_peg_generator now disables compiler + optimization when testing compilation of its own C extensions + to significantly speed up the testing on non-debug builds of + CPython. + - bpo-46542: Fix test_json tests checking for RecursionError: + modify these tests to use support.infinite_recursion(). Patch + by Victor Stinner. + - bpo-13886: Skip test_builtin PTY tests on non-ASCII + characters if the readline module is loaded. The readline + module changes input() behavior, but test_builtin is not + intented to test the readline module. Patch by Victor + Stinner. + - bpo-38472: Fix GCC detection in setup.py when + cross-compiling. The C compiler is now run with LC_ALL=C. + Previously, the detection failed with a German locale. + - bpo-46513: configure no longer uses AC_C_CHAR_UNSIGNED macro + and pyconfig.h no longer defines reserved symbol + __CHAR_UNSIGNED__. + - bpo-45296: Clarify close, quit, and exit in IDLE. In the File + menu, ‘Close’ and ‘Exit’ are now ‘Close Window’ (the current + one) and ‘Exit’ is now ‘Exit IDLE’ (by closing all windows). + In Shell, ‘quit()’ and ‘exit()’ mean ‘close Shell’. If there + are no other windows, this also exits IDLE. + - bpo-45447: Apply IDLE syntax highlighting to pyi files. Patch + by Alex Waygood and Terry Jan Reedy. + - bpo-46433: The internal function _PyType_GetModuleByDef now + correctly handles inheritance patterns involving static + types. + - bpo-14916: Fixed bug in the tokenizer that prevented + PyRun_InteractiveOne from parsing from the provided FD. + +- Remove upstreamed patches: + - support-expat-245.patch + +------------------------------------------------------------------- +Tue Feb 22 05:53:06 UTC 2022 - Steve Kowalik + +- Add patch support-expat-245.patch: + * Support Expat >= 2.4.5 + +------------------------------------------------------------------- +Tue Feb 15 23:05:55 UTC 2022 - Matej Cepl + +- bsc#1195831 Obsolete older "most modern" versions of python + packages (python39 for python310 and so forth). For next + versions it is necessary just to edit the macro. + +------------------------------------------------------------------- +Tue Jan 25 16:09:25 UTC 2022 - Matej Cepl + +- Remove second superfluous BR rpm-build-python + +------------------------------------------------------------------- +Tue Jan 25 16:09:25 UTC 2022 - Matej Cepl + +- Remove second superfluous BR rpm-build-python +- Add fix_configure_rst.patch, which removes duplicate link + targets and make documentation with old Sphinx in SLE +- Skip test_capi (bsc#1195140 and bpo#37169) + +------------------------------------------------------------------- +Wed Jan 19 22:01:51 UTC 2022 - Matej Cepl + +- Update to 3.10.2: + Bugfix only + - bpo#46347 memory leak in PyEval_EvalCodeEx (especially + visible with Cython code) + - and many others + +------------------------------------------------------------------- +Wed Dec 8 13:07:25 UTC 2021 - Matej Cepl + +- Upgrade to 3.10.1 (jsc#SLE-18038): + - PEP 623 – Deprecate and prepare for the removal of the wstr + member in PyUnicodeObject. + - PEP 604 – Allow writing union types as X | Y + - PEP 612 – Parameter Specification Variables + - PEP 626 – Precise line numbers for debugging and other tools. + - PEP 618 – Add Optional Length-Checking To zip. + - bpo-12782: Parenthesized context managers are now officially + allowed. + - PEP 632 – Deprecate distutils module. + - PEP 613 – Explicit Type Aliases + - PEP 634 – Structural Pattern Matching: Specification + - PEP 635 – Structural Pattern Matching: Motivation and + Rationale + - PEP 636 – Structural Pattern Matching: Tutorial + - PEP 644 – Require OpenSSL 1.1.1 or newer + - PEP 624 – Remove Py_UNICODE encoder APIs + - PEP 597 – Add optional EncodingWarning +- Patches readjusted: + - bpo-31046_ensurepip_honours_prefix.patch + - python-3.3.0b1-fix_date_time_compiler.patch + +------------------------------------------------------------------- +Sat Dec 4 18:40:28 UTC 2021 - Matej Cepl + +- Remove pdb_adjust_breakpoints.patch and instead just adjust location + of the test breakpoint in Lib/test/test_pdb.py via sed, because we + have shortened Lib/pdb.py by removing the shebang (bpo#45964). + +------------------------------------------------------------------- +Thu Dec 2 13:51:57 UTC 2021 - Matej Cepl + +- Add pdb_adjust_breakpoints.patch fixing expectd results in + test_pdb_breakpoints_preserved_across_interactive_sessions + (bpo#45964). + +------------------------------------------------------------------- +Mon Nov 29 00:17:07 UTC 2021 - Matej Cepl + +- Remove shebangs from from python-base libraries in _libdir + (bsc#1193179). +- Readjust patches: + - bpo-31046_ensurepip_honours_prefix.patch + - decimal.patch + - python-3.3.0b1-fix_date_time_compiler.patch + +------------------------------------------------------------------- +Tue Nov 16 16:03:43 UTC 2021 - Matej Cepl + +- Move rpm-build-python construct to correct place. + +------------------------------------------------------------------- +Wed Oct 13 08:52:47 UTC 2021 - Dominique Leuenberger + +- BuildRequire rpm-build-python: The provider to inject python(abi) + has been moved there. rpm-build pulls rpm-build-python + automatically in when building anything against python3-base, but + this implies that the initial build of python3-base does not + trigger the automatic installation. + +------------------------------------------------------------------- +Tue Oct 5 22:36:51 UTC 2021 - Matej Cepl + +- Final release of 3.10.0: + Complete list on https://www.python.org/downloads/release/python-3100/, + but highlights are: + - PEP 623 – Deprecate and prepare for the removal of the wstr + member in PyUnicodeObject. + - PEP 604 – Allow writing union types as X | Y + - PEP 612 – Parameter Specification Variables + - PEP 626 – Precise line numbers for debugging and other + tools. + - PEP 618 – Add Optional Length-Checking To zip. + - PEP 632 – Deprecate distutils module. + - PEP 613 – Explicit Type Aliases + - PEP 634 – Structural Pattern Matching: Specification + - PEP 635 – Structural Pattern Matching: Motivation and + Rationale + - PEP 636 – Structural Pattern Matching: Tutorial + - PEP 644 – Require OpenSSL 1.1.1 or newer + - PEP 624 – Remove Py_UNICODE encoder APIs + - PEP 597 – Add optional EncodingWarning + - bpo-12782: Parenthesized context managers are now officially + allowed. + +------------------------------------------------------------------- +Mon Aug 30 12:48:25 UTC 2021 - Matej Cepl + +- Switch on option --with-system-libmpdec (bsc#1189356). + +------------------------------------------------------------------- +Fri Aug 27 13:15:03 UTC 2021 - Andreas Schwab + +- Reenable profileopt with qemu emulation, test_faulthandler is no longer + run during profiling + +------------------------------------------------------------------- +Thu Aug 12 15:11:39 UTC 2021 - Andreas Schwab + +- test_faulthandler is still problematic under qemu linux-user emulation, + disable it there + +------------------------------------------------------------------- +Wed Aug 11 05:57:11 UTC 2021 - Matej Cepl + +- Update to 3.10.0rc1 (the penultimate prerelease), which contains + plenty of small bugfixes among others: + - bpo#38605: from __future__ import annotations (PEP 563) used to be + on this list in previous pre-releases but it has been postponed to + Python 3.11 due to some compatibility concerns. + - bpo-44600: Fix incorrect line numbers while tracing some failed + patterns in match statements. Patch by Charles Burkland. + - plenty of modifications in types.Union + +------------------------------------------------------------------- +Wed Jul 21 13:44:48 UTC 2021 - Matej Cepl + +- Update to 3.10.0b4: + https://docs.python.org/3.10/whatsnew/changelog.html#python-3-10-0-beta-4 +- Remove python3-imp-returntype.patch which has been upstreamed. + +------------------------------------------------------------------- +Mon Jun 7 15:52:44 UTC 2021 - Matej Cepl + +- Update to 3.10.0b2: + - PEP 623 -- Deprecate and prepare for the removal of the wstr + member in PyUnicodeObject. + - PEP 604 -- Allow writing union types as X | Y + - PEP 612 -- Parameter Specification Variables + - PEP 626 -- Precise line numbers for debugging and other + tools. + - PEP 618 -- Add Optional Length-Checking To zip. + - bpo-12782: Parenthesized context managers are now officially + allowed. + - PEP 632 -- Deprecate distutils module. + - PEP 613 -- Explicit Type Aliases + - PEP 634 -- Structural Pattern Matching: Specification + - PEP 635 -- Structural Pattern Matching: Motivation and + Rationale + - PEP 636 -- Structural Pattern Matching: Tutorial + - PEP 644 -- Require OpenSSL 1.1.1 or newer + - PEP 624 -- Remove Py_UNICODE encoder APIs + - PEP 597 -- Add optional EncodingWarning +- Removed patches (assumed upstream): + - sphinx-update-removed-function.patch + +------------------------------------------------------------------- +Sat Jun 5 21:21:38 UTC 2021 - Matej Cepl + +- Revert previous skip over test_capi +- Add skip-test_pyobject_freed_is_freed.patch to skip failing + test on SLE-15. + +------------------------------------------------------------------- +Fri Jun 4 21:36:30 UTC 2021 - Dirk Müller + +- allow build with Sphinx >= 3.x + +------------------------------------------------------------------- +Wed Jun 2 13:12:04 UTC 2021 - Dan Čermák + +- Exclude test_capi on Leap (test fails there) + +------------------------------------------------------------------- +Fri May 21 15:13:59 UTC 2021 - Matej Cepl + +- Stop providing "python" symbol (bsc#1185588), which means + python2 currently. + +------------------------------------------------------------------- +Wed May 5 15:16:58 UTC 2021 - Matej Cepl + +- Update to 3.9.5: + * Security + - bpo-43434: Creating a sqlite3.Connection object now also + produces a sqlite3.connect auditing event. Previously this + event was only produced by sqlite3.connect() calls. Patch + by Erlend E. Aasland. + - bpo-43882: The presence of newline or tab characters in + parts of a URL could allow some forms of attacks. + - Following the controlling specification for URLs defined by + WHATWG urllib.parse() now removes ASCII newlines and tabs + from URLs, preventing such attacks. + - bpo-43472: Ensures interpreter-level audit hooks receive + the cpython.PyInterpreterState_New event when called + through the _xxsubinterpreters module. + - bpo-36384: ipaddress module no longer accepts any leading + zeros in IPv4 address strings. Leading zeros are ambiguous + and interpreted as octal notation by some libraries. For + example the legacy function socket.inet_aton() treats + leading zeros as octal notatation. glibc implementation of + modern inet_pton() does not accept any leading zeros. For + a while the ipaddress module used to accept ambiguous + leading zeros. + - bpo-43075: Fix Regular Expression Denial of Service (ReDoS) + vulnerability in urllib.request.AbstractBasicAuthHandler. + The ReDoS-vulnerable regex has quadratic worst-case + complexity and it allows cause a denial of service when + identifying crafted invalid RFCs. This ReDoS issue is on + the client side and needs remote attackers to control the + HTTP server. + - bpo-42800: Audit hooks are now fired for frame.f_code, + traceback.tb_frame, and generator code/frame attribute + access. + * Core and Builtins + - bpo-43105: Importlib now resolves relative paths when + creating module spec objects from file locations. + - bpo-42924: Fix bytearray repetition incorrectly copying + data from the start of the buffer, even if the data is + offset within the buffer (e.g. after reassigning a slice at + the start of the bytearray to a shorter byte string). + * Library + - bpo-43993: Update bundled pip to 21.1.1. + - bpo-43937: Fixed the turtle module working with non-default + root window. + - bpo-43930: Update bundled pip to 21.1 and setuptools to + 56.0.0 + - bpo-43920: OpenSSL 3.0.0: load_verify_locations() now + returns a consistent error message when cadata contains no + valid certificate. + - bpo-43607: urllib can now convert Windows paths with \\?\ + prefixes into URL paths. + - bpo-43284: platform.win32_ver derives the windows version + from sys.getwindowsversion().platform_version which in turn + derives the version from kernel32.dll (which can be of + a different version than Windows itself). Therefore change + the platform.win32_ver to determine the version using the + platform module’s _syscmd_ver private function to return an + accurate version. + - bpo-42248: [Enum] ensure exceptions raised in _missing__ + are released + - bpo-43799: OpenSSL 3.0.0: define OPENSSL_API_COMPAT 1.1.1 + to suppress deprecation warnings. Python requires OpenSSL + 1.1.1 APIs. + - bpo-43794: Add ssl.OP_IGNORE_UNEXPECTED_EOF constants + (OpenSSL 3.0.0) + - bpo-43789: OpenSSL 3.0.0: Don’t call the password callback + function a second time when first call has signaled an + error condition. + - bpo-43788: The header files for ssl error codes are now + OpenSSL version-specific. Exceptions will now show correct + reason and library codes. The make_ssl_data.py script has + been rewritten to use OpenSSL’s text file with error codes. + - bpo-43655: tkinter dialog windows are now recognized as + dialogs by window managers on macOS and X Window. + - bpo-43534: turtle.textinput() and turtle.numinput() create + now a transient window working on behalf of the canvas + window. + - bpo-43522: Fix problem with hostname_checks_common_name. + OpenSSL does not copy hostflags from struct SSL_CTX to + struct SSL. + - bpo-42967: Allow bytes separator argument in + urllib.parse.parse_qs and urllib.parse.parse_qsl when + parsing str query strings. Previously, this raised + a TypeError. + - bpo-43176: Fixed processing of a dataclass that inherits + from a frozen dataclass with no fields. It is now correctly + detected as an error. + - bpo-41735: Fix thread locks in zlib module may go wrong in + rare case. Patch by Ma Lin. + - bpo-36470: Fix dataclasses with InitVars and replace(). + Patch by Claudiu Popa. + - bpo-32745: Fix a regression in the handling of ctypes’ + ctypes.c_wchar_p type: embedded null characters would cause + a ValueError to be raised. Patch by Zackery Spytz. + * Documentation + - bpo-43959: The documentation on the PyContextVar C-API was + clarified. + - bpo-43938: Update dataclasses documentation to express that + FrozenInstanceError is derived from AttributeError. + - bpo-43755: Update documentation to reflect that + unparenthesized lambda expressions can no longer be the + expression part in an if clause in comprehensions and + generator expressions since Python 3.9. + - bpo-43739: Fixing the example code in + Doc/extending/extending.rst to declare and initialize the + pmodule variable to be of the right type. + * Tests + - bpo-43961: Fix + test_logging.test_namer_rotator_inheritance() on Windows: + use os.replace() rather than os.rename(). Patch by Victor + Stinner. + - bpo-43842: Fix a race condition in the SMTP test of + test_logging. Don’t close a file descriptor (socket) from + a different thread while asyncore.loop() is polling the + file descriptor. Patch by Victor Stinner. + - bpo-43811: Tests multiple OpenSSL versions on GitHub + Actions. Use ccache to speed up testing. + - bpo-43791: OpenSSL 3.0.0: Disable testing of legacy + protocols TLS 1.0 and 1.1. Tests are failing with + TLSV1_ALERT_INTERNAL_ERROR. +- Refreshed patches: + - bpo-31046_ensurepip_honours_prefix.patch + - python-3.3.0b1-fix_date_time_compiler.patch +- Add vendorized files from bluez-devel to enable building support for + Bluetooth. + +------------------------------------------------------------------- +Sun May 2 09:20:06 UTC 2021 - Ben Greiner + +- Make sure to close the import_failed.map file after the exception + has been raised in order to avoid ResourceWarnings when the + failing import is part of a try...except block. + +------------------------------------------------------------------- +Wed Apr 28 16:39:54 UTC 2021 - Matej Cepl + +- Update to 3.9.4: + - bpo#43710: Reverted the fix for https://bugs.python.org/issue42500 + as it changed the PyThreadState struct size and broke the 3.9.x ABI + in the 3.9.3 release (visible on 32-bit platforms using binaries + compiled using an earlier version of Python 3.9.x headers). + - bpo#26053: Fixed bug where the pdb interactive run command echoed + the args from the shell command line, even if those have been + overridden at the pdb prompt. + - bpo#42988 (bsc#1183374) CVE-2021-3426: Remove the getfile + feature of the pydoc module which could be abused to read + arbitrary files on the disk (directory traversal + vulnerability). Moreover, even source code of Python modules + can contain sensitive data like passwords. Vulnerability + reported by David Schwörer. + - bpo#43285: ftplib no longer trusts the IP address value + returned from the server in response to the PASV command by + default. This prevents a malicious FTP server from using the + response to probe IPv4 address and port combinations on the + client network. Code that requires the former vulnerable + behavior may set a trust_server_pasv_ipv4_address attribute + on their ftplib.FTP instances to True to re-enable it. + - bpo#43439: Add audit hooks for gc.get_objects(), + gc.get_referrers() and gc.get_referents(). Patch by Pablo + Galindo. + - bpo#43660: Fix crash that happens when replacing sys.stderr + with a callable that can remove the object while an exception + is being printed. Patch by Pablo Galindo. + - bpo#43555: Report the column offset for SyntaxError for + invalid line continuation characters. Patch by Pablo Galindo. + - bpo#43517: Fix misdetection of circular imports when using + from pkg.mod import attr, which caused false positives in + non-trivial multi-threaded code. + - bpo#35883: Python no longer fails at startup with a fatal + error if a command line argument contains an invalid Unicode + character. The Py_DecodeLocale() function now escapes byte + sequences which would be decoded as Unicode characters + outside the [U+0000; U+10ffff] range. + - bpo#43406: Fix a possible race condition where + PyErr_CheckSignals tries to execute a non-Python signal + handler. + - bpo#42500: Improve handling of exceptions near recursion + limit. Converts a number of Fatal Errors in RecursionErrors. + - bpo#43433: xmlrpc.client.ServerProxy no longer ignores query + and fragment in the URL of the server. + - bpo#35930: Raising an exception raised in a “future” instance + will create reference cycles. + - bpo#43577: Fix deadlock when using ssl.SSLContext debug + callback with ssl.SSLContext.sni_callback(). + - bpo#43521: ast.unparse can now render NaNs and empty sets. + - bpo#43423: subprocess.communicate() no longer raises an + IndexError when there is an empty stdout or stderr IO buffer + during a timeout on Windows. + - bpo#27820: Fixed long-standing bug of smtplib.SMTP where + doing AUTH LOGIN with initial_response_ok=False will fail. + The cause is that SMTP.auth_login _always_ returns a password + if provided with a challenge string, thus non-compliant with + the standard for AUTH LOGIN. Also fixes bug with the test for + smtpd. + - bpo#43332: Improves the networking efficiency of http.client + when using a proxy via set_tunnel(). Fewer small send calls + are made during connection setup. + - bpo#43399: Fix ElementTree.extend not working on iterators + when using the Python implementation + - bpo#43316: The python -m gzip command line application now + properly fails when detecting an unsupported extension. It + exits with a non-zero exit code and prints an error message + to stderr. + - bpo#43260: Fix TextIOWrapper can not flush internal buffer + forever after very large text is written. + - bpo#42782: Fail fast in shutil.move() to avoid creating + destination directories on failure. + - bpo#37193: Fixed memory leak in socketserver.ThreadingMixIn + introduced in Python 3.7. + - bpo#43199: Answer “Why is there no goto?” in the Design and + History FAQ. + - bpo#43407: Clarified that a result from time.monotonic(), + time.perf_counter(), time.process_time(), or + time.thread_time() can be compared with the result from any + following call to the same function - not just the next + immediate call. + - bpo#27646: Clarify that ‘yield from ’ works with any + iterable, not just iterators. + - bpo#36346: Update some deprecated unicode APIs which are + documented as “will be removed in 4.0” to “3.12”. See PEP 623 + for detail. + - bpo#37945: Fix test_getsetlocale_issue1813() of test_locale: + skip the test if setlocale() fails. Patch by Victor Stinner. + - bpo#41561: Add workaround for Ubuntu’s custom OpenSSL + security level policy. + - bpo#43288: Fix test_importlib to correctly skip Unicode file + tests if the fileystem does not support them. + - bpo#43617: Improve configure.ac: Check for presence of + autoconf-archive package and remove our copies of M4 macros. + - bpo#42225: Document that IDLE can fail on Unix either from + misconfigured IP masquerage rules or failure displaying + complex colored (non-ascii) characters. + - bpo#43283: Document why printing to IDLE’s Shell is often + slower than printing to a system terminal and that it can be + made faster by pre-formatting a single string before + printing. + +------------------------------------------------------------------- +Fri Feb 19 16:58:38 UTC 2021 - Matej Cepl + +- Update to 3.9.2: + - bpo#42938 (bsc#1181126): Avoid static buffers when computing + the repr of ctypes.c_double and ctypes.c_longdouble + values. This issue was assigned CVE-2021-3177. + - bpo#42967 (bsc#1182379): Fix web cache poisoning + vulnerability by defaulting the query args separator to &, + and allowing the user to choose a custom separator. This + issue was assigned CVE-2021-23336. +- Upstreamed patches were removed: + - CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch + - bsc1167501-invalid-alignment.patch + - skip_random_failing_tests.patch + - CVE-2019-5010-null-defer-x509-cert-DOS.patch + +------------------------------------------------------------------- +Tue Feb 9 01:37:59 UTC 2021 - Steve Kowalik + +- Add Obsoletes for python3-base when primary interpreter is set to + properly replace it during upgrades. (bsc#1181324) + +------------------------------------------------------------------- +Mon Feb 8 22:02:03 UTC 2021 - Matej Cepl + +- Update to 3.9.1: + Security bugs: + - Prevented potential DoS attack via CPU and RAM exhaustion + when processing malformed Apple Property List files in binary + format. + - The plistlib module no longer accepts entity declarations in + XML plist files to avoid XML vulnerabilities. This should not + affect users as entity declarations are not used in regular + plist files. + - Add volatile to the accumulator variable in + hmac.compare_digest, making constant-time-defeating + optimizations less likely. + Core and Builtins + - Allow assignment expressions in set literals and set + comprehensions as per PEP 572. Patch by Pablo Galindo. + - Fix a regression introduced by the new parser, where an + unparenthesized walrus operator was not allowed within + generator expressions. + - types.GenericAlias objects can now be the targets of + weakrefs. + - Fixed a bug in the PEG parser that was causing crashes in + debug mode. Now errors are checked in left-recursive rules to + avoid cases where such errors do not get handled in time and + appear as long-distance crashes in other places. + - Fixed a possible crash in the PEG parser when checking for + the ‘!=’ token in the barry_as_flufl rule. Patch by Pablo + Galindo. + - Fix handling of errors during creation of PyFunctionObject, + which resulted in operations on uninitialized memory. Patch + by Yonatan Goldschmidt. + - Fix a bug in the parser, where a curly brace following + a primary didn’t fail immediately. This led to invalid + expressions like a {b} to throw a SyntaxError with a wrong + offset, or invalid expressions ending with a curly brace like + a { to not fail immediately in the REPL. + - Fix possible buffer overflow in the new parser when checking + for continuation lines. Patch by Pablo Galindo. + - Run the parser two times. On the first run, disable all the + rules that only generate better error messages to gain + performance. If there’s a parse failure, run the parser + a second time with those enabled. + - Document the default implementation of object.__eq__. + - Fix peephole optimizer misoptimize conditional jump + + JUMP_IF_NOT_EXC_MATCH pair. + - The garbage collector now tracks all user-defined classes. + Patch by Brandt Bucher. + - Fixed potential issues with removing not completely + initialized module from sys.modules when import fails. + - Star-unpacking is now allowed for with item’s targets in the + PEG parser. + - Fixed stack overflow in issubclass() and isinstance() when + getting the __bases__ attribute leads to infinite recursion. + - When loading a native module and a load failure occurs, + prevent a possible UnicodeDecodeError when not running in + a UTF-8 locale by decoding the load error message using the + current locale’s encoding. + - Correctly count control blocks in ‘except’ in compiler. + Ensures that a syntax error, rather a fatal error, occurs for + deeply nested, named exception handlers. + Library + - types.GenericAlias will now raise a TypeError when attempting + to initialize with a keyword argument. Previously, this would + cause the interpreter to crash if the interpreter was + compiled with debug symbols. This does not affect + interpreters compiled for release. Patch by Ken Jin. + - CGIHTTPRequestHandler.run_cgi() HTTP_ACCEPT improperly + parsed. Replace the special purpose getallmatchingheaders + with generic get_all method and add relevant tests. + - inspect.findsource() now raises OSError instead of IndexError + when co_lineno of a code object is greater than the file + length. This can happen, for example, when a file is edited + after it was imported. PR by Irit Katriel. + - Fix handling of trailing comments by inspect.getsource(). + - ChainMap.__iter__ no longer calls __getitem__ on underlying + maps + - TracebackException no longer holds a reference to the + exception’s traceback object. Consequently, instances of + TracebackException for equivalent but non-equal exceptions + now compare as equal. + - We fixed an issue in pickle.whichmodule in which importing + multiprocessing could change the how pickle identifies which + module an object belongs to, potentially breaking the + unpickling of those objects. + - Clarify the error message for asyncio.IncompleteReadError + when expected is None. + - Extracting a symlink from a tarball should succeed and + overwrite the symlink if it already exists. The fix is to + remove the existing file or symlink before extraction. Based + on patch by Chris AtLee, Jeffrey Kintscher, and Senthil + Kumaran. + - Fixed tkinter.ttk.Style.map(). The function accepts now the + representation of the default state as empty sequence (as + returned by Style.map()). The structure of the result is now + the same on all platform and does not depend on the value of + wantobjects. + - Fix various issues with typing.Literal parameter handling + (flatten, deduplicate, use type to cache key). Patch provided + by Yurii Karabas. + - Fix the threading.Thread class at fork: do nothing if the + thread is already stopped (ex: fork called at Python exit). + Previously, an error was logged in the child process. + - The onerror callback from shutil.rmtree now receives correct + function when os.open fails. + - Fix os.sendfile() on illumos. + - Fixed writing binary Plist files larger than 4 GiB. + - The repr() of typing types containing Generic Alias Types + previously did not show the parameterized types in the + GenericAlias. They have now been changed to do so. + - webbrowser: Ignore NotADirectoryError when calling + xdg-settings. + - binhex.binhex() consisently writes macOS 9 line endings. + - Fix a stack overflow error for asyncio Task or Future repr(). + - The overflow occurs under some circumstances when a Task or + Future recursively returns itself. + - Fix memory leak in subprocess.Popen() in case an uid (gid) + specified in user (group, extra_groups) overflows uid_t + (gid_t). + - Improve asyncio.wait function to create the futures set just + one time. + - InvalidFileException and RecursionError are now the only + errors caused by loading malformed binary Plist file + (previously ValueError and TypeError could be raised in some + specific cases). + - Pickling heap types implemented in C with protocols 0 and + 1 raises now an error instead of producing incorrect data. + - plistlib: fix parsing XML plists with hexadecimal integer + values + - Fix an incorrectly formatted error from + _codecs.charmap_decode() when called with a mapped value + outside the range of valid Unicode code points. PR by Max + Bernstein. + - Fix pickling pure Python datetime.time subclasses. Patch by + Dean Inwood. + - Fixed a bug that was causing ctypes.util.find_library() to + return None when triying to locate a library in an + environment when gcc>=9 is available and ldconfig is not. + Patch by Pablo Galindo + - C14N 2.0 serialisation in xml.etree.ElementTree failed for + unprefixed attributes when a default namespace was defined. + - Fix a bug in the symtable module that was causing + module-scope global variables to not be reported as both + local and global. Patch by Pablo Galindo. + - str() for the type attribute of the tkinter.Event object + always returns now the numeric code returned by Tk instead of + the name of the event type. + - fix tkinter.EventType Enum so all members are strings, and + none are tuples + - Fix SQLite3 segfault when backing up closed database. Patch + contributed by Peter David McCormick. + - Fix the tarfile module to write only basename of TAR file to + GZIP compression header. + - Allow ctypes.wintypes to be imported on non-Windows systems. + - shutil.which() now ignores empty entries in PATHEXT instead + of treating them as a match. + - Fix time-of-check/time-of-action issue in + subprocess.Popen.send_signal. + - Fix --outfile for cProfile / profile not writing the output + file in the original directory when the program being + profiled changes the working directory. PR by Anthony + Sottile. + - ZipFile truncates files to avoid corruption when a shorter + comment is provided in append (“a”) mode. Patch by Jan Mazur. + - Fixed KeyError exception when flattening an email to a string + attempts to replace a non-existent Content-Transfer-Encoding + header. + Documentation + - Fix the URL for the IMAP protocol documents. + - Document __format__ functionality for IP addresses. + - Clarify that subscription expressions are also valid for + certain classes and types in the standard library, and for + user-defined classes and types if the classmethod + __class_getitem__() is provided. + - Documented generic alias type and types.GenericAlias. Also + added an entry in glossary for generic types. + - In Programming FAQ “Sequences (Tuples/Lists)” section, add + “How do you remove multiple items from a list”. + - Fix RemovedInSphinx40Warning when building the documentation. + Patch by Dong-hee Na. + - Update the refcounts info of PyType_FromModuleAndSpec. + - Fix tarfile’s extractfile documentation + - Document some restrictions on the default string + representations of numeric classes. + Tests + - Reenable test_gdb on gdb 9.2 and newer: + https://bugzilla.redhat.com/show_bug.cgi?id=1866884 bug is + fixed in gdb 10.1. + - Fix test_asyncio.test_call_later() race condition: don’t + measure asyncio performance in the call_later() unit test. + The test failed randomly on the CI. + - Include _testinternalcapi module in Windows installer for + test suite + - Fix test_logging.test_race_between_set_target_and_flush(): + the test now waits until all threads complete to avoid + leaking running threads. + - Avoid a test failure in test_lib2to3 if the module has + already imported at the time the test executes. Patch by + Pablo Galindo. + - Tests for CJK codecs no longer call eval() on content + received via HTTP. + - Fix test_site.test_license_exists_at_url(): call + urllib.request.urlcleanup() to reset the global + urllib.request._opener. Patch by Victor Stinner. + - test_ssl: skip test_min_max_version_mismatch when TLS 1.0 is + not available + - Add tests for SIGINT handling in the runpy module. + - Fixed a failure in test_tk.test_widgets.ScaleTest happening + when executing the test with Tk 8.6.10. + Build + - Fix a race condition in “make regen-all” when make -jN option + is used to run jobs in parallel. The clinic.py script now + only use atomic write to write files. Moveover, generated + files are now left unchanged if the content does not change, + to not change the file modification time. + - Update Py_UNREACHABLE to use __builtin_unreachable() if only + the compiler is able to use it. Patch by Dong-hee Na. + - Addressed three compiler warnings found by undefined behavior + sanitizer (ubsan). + IDLE + - Fix reporting offset of the RE error in searchengine. + - Get docstrings for IDLE calltips more often by using + inspect.getdoc. + - Mostly finish using ttk widgets, mainly for editor, settings, + and searches. Some patches by Mark Roseman. + - Use ‘IDLE Shell’ as shell title + - Rewrite the Calltips doc section. + - In calltips, stop reminding that ‘/’ marks the end of + positional-only arguments. + - Typing opening and closing parentheses inside the parentheses + of a function call will no longer cause unnecessary + “flashing” off and on of an existing open call-tip, e.g. when + typed in a string literal. + C API + - Fix potential crash in deallocating method objects when + dynamically allocated PyMethodDef’s lifetime is managed + through the self argument of a PyCFunction. + - Py_FileSystemDefaultEncodeErrors and Py_UTF8Mode are + available again in limited API. +- Readjustet and reapplied patches: + - CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch + - bpo-31046_ensurepip_honours_prefix.patch + - python-3.3.0b1-fix_date_time_compiler.patch + - skip_random_failing_tests.patch + - sphinx-update-removed-function.patch + +------------------------------------------------------------------- +Fri Jan 29 17:22:48 UTC 2021 - Matej Cepl + +- Add CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch fixing + bsc#1181126 (CVE-2021-3177) buffer overflow in PyCArg_repr in + _ctypes/callproc.c, which may lead to remote code execution. + +------------------------------------------------------------------- +Tue Jan 5 09:15:36 UTC 2021 - Matej Cepl + +- (bsc#1180125) We really don't Require python-rpm-macros package. + Unnecessary dependency. + +------------------------------------------------------------------- +Wed Dec 16 16:08:42 UTC 2020 - Matej Cepl + +- Make python39-doc building again +- Add no-skipif-doctests.patch, because SLE-15 version of Sphinx + doesn't know about skipif directive in doctests. + +------------------------------------------------------------------- +Sat Dec 12 14:29:33 UTC 2020 - Matej Cepl + +- Update sphinx-update-removed-function.patch patch to the latest + version in python36. + +------------------------------------------------------------------- +Thu Dec 10 00:26:51 UTC 2020 - Benjamin Greiner + +- Last try before this results in an editwar: + * remove importlib_resources and importlib-metadata + provides/obsoletes + * import importlib_resources is not the same as + import importlib.resources, same for metadata + * The backport packages from PyPI needed for older flavors are + specified as such for setuptools or in pyproject.toml. If a + package requires them they typically add them with a python + version qualifier and the packages have their own version + numbers. + +------------------------------------------------------------------- +Sat Dec 5 16:55:12 UTC 2020 - Matej Cepl + +- Add patch sphinx-update-removed-function.patch to no longer call + a now removed function and to make documentation build independent of + the Sphinx version (bsc#1179630, gh#python/cpython#13236). + +------------------------------------------------------------------- +Fri Nov 13 17:20:08 UTC 2020 - Matej Cepl + +- Don't require packages which break build on SLE-15 although we really + don't need them (python3-python-docs-theme and + python3-sphinxcontrib-qthelp). + +------------------------------------------------------------------- +Fri Oct 9 16:05:50 UTC 2020 - Dominique Leuenberger + +- Fix build with RPM 4.16: error: bare words are no longer + supported, please use "...": x86 == ppc. + +------------------------------------------------------------------- +Tue Oct 6 07:30:56 UTC 2020 - Matej Cepl + +- Update to the final version 3.9.0: + Complete changelog with all (many) + changes from previous version is on + https://docs.python.org/release/3.9.0/whatsnew/3.9.html + Changes from the previous RC versions (not that many) are on + https://docs.python.org/release/3.9.0/whatsnew/changelog.html#changelog + +------------------------------------------------------------------- +Fri Sep 25 06:58:03 UTC 2020 - Dominique Leuenberger + +- Buildrequire timezone only for general flavor. It's used in this + flavor for the test suite. + +------------------------------------------------------------------- +Wed Sep 2 14:39:44 UTC 2020 - Matej Cepl + +- Update to 3.9.0rc1: + * Core and Builtins + - bpo-38156: Handle interrupts that come after EOF + correctly in PyOS_StdioReadline. + * Library + - bpo-41497: Fix potential UnicodeDecodeError in dis + module. + - bpo-41490: Update ensurepip to install pip 20.2.1 and + setuptools 49.2.1. + - bpo-41467: On Windows, fix asyncio recv_into() return + value when the socket/pipe is closed (BrokenPipeError): + return 0 rather than an empty byte string (b''). + - bpo-41425: Make tkinter doc example runnable. + - bpo-41384: Raise TclError instead of TypeError when an + unknown option is passed to tkinter.OptionMenu. + - bpo-38731: Fix NameError in command-line interface of + py_compile. + - bpo-41317: Use add_done_callback() in + asyncio.loop.sock_accept() to unsubscribe reader early on + cancellation. + - bpo-41364: Reduce import overhead of uuid. + - bpo-41341: Recursive evaluation of typing.ForwardRef in + get_type_hints. + - bpo-41182: selector: use DefaultSelector based upon + implementation + - bpo-40726: Handle cases where the end_lineno is None on + ast.increment_lineno(). + * Documentation + - bpo-41045: Add documentation for debug feature of + f-strings. + - bpo-41314: Changed the release when from __future__ + import annotations becomes the default from 4.0 to 3.10 + (following a change in PEP 563). + * Windows + - bpo-41492: Fixes the description that appears in UAC + prompts. + - bpo-40948: Improve post-install message to direct people + to the “py” command. + - bpo-41412: The installer will now fail to install on + Windows 7 and Windows 8. Further, the UCRT dependency is + now always downloaded on demand. + - bpo-40741: Update Windows release to include SQLite + 3.32.3. + * IDLE + - bpo-41468: Improve IDLE run crash error message (which + users should never see). + - bpo-41373: Save files loaded with no line ending, as when + blank, or different line endings, by setting its line + ending to the system default. Fix regression in 3.8.4 and + 3.9.0b4. + +------------------------------------------------------------------- +Tue Sep 1 10:15:06 UTC 2020 - Matej Cepl + +- Synchronize formatting and fixes with python38. + +------------------------------------------------------------------- +Thu Aug 20 15:41:28 UTC 2020 - Andreas Schwab + +- Increase testsuite timeout to account for super long running + test_peg_generator + +------------------------------------------------------------------- +Tue Jul 21 09:53:06 UTC 2020 - Callum Farmer + +- Removed CVE-2019-20907_tarfile-inf-loop.patch: fixed in upstream +- Removed recursion.tar: contained in upstream +- Update to 3.9.0b5: + - bpo-41304: Fixes python3x._pth being ignored on Windows, caused + by the fix for bpo-29778 (CVE-2020-15801). + - bpo-41162: Audit hooks are now cleared later during + finalization to avoid missing events. + - bpo-29778: Ensure python3.dll is loaded from correct locations + when Python is embedded (CVE-2020-15523). + - bpo-39603: Prevent http header injection by rejecting control + characters in http.client.putrequest(…). + - bpo-41295: Resolve a regression in CPython 3.8.4 where defining + “__setattr__” in a multi-inheritance setup and + calling up the hierarchy chain could fail if builtins/extension + types were involved in the base types. + - bpo-41247: Always cache the running loop holder when running + asyncio.set_running_loop. + - bpo-41252: Fix incorrect refcounting in + _ssl.c’s _servername_callback(). + - bpo-41215: Use non-NULL default values in the PEG parser + keyword list to overcome a bug that was ' + preventing Python from being properly compiled when using the + XLC compiler. Patch by Pablo Galindo. + - bpo-41218: Python 3.8.3 had a regression where compiling with + ast.PyCF_ALLOW_TOP_LEVEL_AWAIT would + aggressively mark list comprehension with CO_COROUTINE. Now only + list comprehension making use of async/await will tagged as so. + - bpo-41175: Guard against a NULL pointer dereference within + bytearrayobject triggered by the bytearray() + bytearray() operation. + - bpo-39960: The “hackcheck” that prevents sneaking around a type’s + __setattr__() by calling the superclass method was + rewritten to allow C implemented heap types. + - bpo-41288: Unpickling invalid NEWOBJ_EX opcode with the + C implementation raises now UnpicklingError instead of crashing. + - bpo-39017: Avoid infinite loop when reading specially crafted + TAR files using the tarfile module (CVE-2019-20907, bsc#1174091). + - bpo-41235: Fix the error handling in ssl.SSLContext.load_dh_params(). + - bpo-41207: In distutils.spawn, restore expectation that + DistutilsExecError is raised when the command is not found. + - bpo-39168: Remove the __new__ method of typing.Generic. + - bpo-41194: Fix a crash in the _ast module: it can no longer be + loaded more than once. It now uses a global state rather than a module state. + - bpo-39384: Fixed email.contentmanager to allow set_content() to set a + null string. + - bpo-41300: Save files with non-ascii chars. + Fix regression released in 3.9.0b4 and 3.8.4. + - bpo-37765: Add keywords to module name completion list. + Rewrite Completions section of IDLE doc. + - bpo-40170: Revert PyType_HasFeature() change: it reads + again directly the PyTypeObject.tp_flags + member when the limited C API is not used, rather than always calling + PyType_GetFlags() which hides implementation details. + +------------------------------------------------------------------- +Mon Jul 20 12:06:41 UTC 2020 - Matej Cepl + +- Add CVE-2019-20907_tarfile-inf-loop.patch fixing bsc#1174091 + (CVE-2019-20907, bpo#39017) avoiding possible infinite loop + in specifically crafted tarball. + Add recursion.tar as a testing tarball for the patch. + +------------------------------------------------------------------- +Fri Jul 17 07:07:19 UTC 2020 - Callum Farmer + +- Changed bpo-31046_ensurepip_honours_prefix.patch to include fix from py3.8 + +------------------------------------------------------------------- +Thu Jul 16 21:45:50 UTC 2020 - Callum Farmer + +- Spec file fixes +- Re-added subprocess-raise-timeout.patch: now compatible +- Removed bpo34022-stop_hash-based_invalidation_w_SOURCE_DATE_EPOCH.patch: contained in upstream + +------------------------------------------------------------------- +Wed Jul 15 09:10:42 UTC 2020 - Tomáš Chvátal + +- Fix minor issues found in the staging. + +------------------------------------------------------------------- +Wed Jul 15 06:13:33 UTC 2020 - Tomáš Chvátal + +- Do not set ourselves as primary interpreter + +------------------------------------------------------------------- +Tue Jul 14 20:45:11 UTC 2020 - Matej Cepl + +- Update to 3.9.0b4: + - PEP 584, Union Operators in dict + - PEP 585, Type Hinting Generics In Standard Collections + - PEP 593, Flexible function and variable annotations + - PEP 602, Python adopts a stable annual release cadence + - PEP 615, Support for the IANA Time Zone Database in the + Standard Library + - PEP 616, String methods to remove prefixes and suffixes + - PEP 617, New PEG parser for CPython + - bpo#38379, garbage collection does not block on resurrected + objects; + - bpo#38692, os.pidfd_open added that allows process + management without races and signals; + - bpo#39926, Unicode support updated to version 13.0.0; + - bpo#1635741, when Python is initialized multiple times in + the same process, it does not leak memory anymore; + - A number of Python builtins (range, tuple, set, frozenset, + list, dict) are now sped up using PEP 590 vectorcall; + - A number of Python modules (_abc, audioop, _bz2, _codecs, + _contextvars, _crypt, _functools, _json, _locale, operator, + resource, time, _weakref) now use multiphase initialization + as defined by PEP 489; + - A number of standard library modules (audioop, ast, grp, + _hashlib, pwd, _posixsubprocess, random, select, struct, + termios, zlib) are now using the stable ABI defined by + PEP 384. +- Remove upstreamed patches: + - F00102-lib64.patch + - SUSE-FEDORA-multilib.patch + - OBS_dev-shm.patch + - subprocess-raise-timeout.patch + - bpo36302-sort-module-sources.patch + - bpo40784-Fix-sqlite3-deterministic-test.patch + +------------------------------------------------------------------- +Fri Jul 10 10:55:15 UTC 2020 - Tomáš Chvátal + +- Update pre_checkin.sh and regenerate + +------------------------------------------------------------------- +Fri Jul 10 10:11:39 UTC 2020 - Tomáš Chvátal + +- Convert few dependencies to their pkgconfig counterparts + +------------------------------------------------------------------- +Fri Jul 10 10:08:48 UTC 2020 - Tomáš Chvátal + +- Remove release requirement on libpython, it is not really needed + to be equal as the abi changes with versions + +------------------------------------------------------------------- +Fri Jul 10 10:07:50 UTC 2020 - Tomáš Chvátal + +- Add provides python3-bla on all the subpkgs in case we are + primary provider of the functionality + +------------------------------------------------------------------- +Fri Jul 10 10:02:01 UTC 2020 - Tomáš Chvátal + +- Remove unversioned files from devel subpkg too +- Remove main python3 files from -base based whether we are + primary interpreter or not +- Fix idle to be co-installable +- Add condition to be primary to provide/obsolete python3-* +- Fix doc to build in versioned folder so the pythons can be + installed next to each other + +------------------------------------------------------------------- +Fri Jul 10 07:57:10 UTC 2020 - Tomáš Chvátal + +- Revert the full versioning of calls on the macros. These + are generic so they should really just call python3 X + +------------------------------------------------------------------- +Fri Jul 10 07:56:11 UTC 2020 - Tomáš Chvátal + +- For the doc package we can build with generic flavor, we don't + need the our-interpreter based one + +------------------------------------------------------------------- +Fri Jul 10 07:18:53 UTC 2020 - Tomáš Chvátal + +- Add provides for pytohn3X-typing/etc to allow BR on those still + to work when needed + +------------------------------------------------------------------- +Fri Jul 10 07:14:33 UTC 2020 - Tomáš Chvátal + +- Change macros.python3 to use full versioned 3.8 instead of just 3 + for python interpreter + +------------------------------------------------------------------- +Wed Jul 1 11:50:19 UTC 2020 - Tomáš Chvátal + +- Reduce some now unused conditionals + +------------------------------------------------------------------- +Wed Jul 1 11:00:40 UTC 2020 - Tomáš Chvátal + +- Redux the -base dependencies to match up pre-merge layout + +------------------------------------------------------------------- +Wed Jul 1 09:24:39 UTC 2020 - Tomáš Chvátal + +- Generate baselibs in pre-checkin too + +------------------------------------------------------------------- +Wed Jul 1 09:14:33 UTC 2020 - Tomáš Chvátal + +- Generate the importlib-failed using pre_checking again +- Add back the information about skipped tests on the pre_checkin + output + +------------------------------------------------------------------- +Tue Jun 30 07:11:19 UTC 2020 - Tomáš Chvátal + +- Use %python_pkg_name instead of hardcoding python3 where + applicable +- Sort out preamble with spec-cleaner + +------------------------------------------------------------------- +Mon Jun 29 14:36:10 UTC 2020 - Matej Cepl + +- Calculate required variables instead of relying on their continuous manual update + +------------------------------------------------------------------- +Thu Jun 25 10:44:08 UTC 2020 - Tomáš Chvátal + +- Fix the -base module build again to generate only the deps + we need + +------------------------------------------------------------------- +Wed Jun 17 18:42:51 UTC 2020 - Matej Cepl + +- Replace OBS_dev-shm.patch with the upstream PR#20944 + +------------------------------------------------------------------- +Thu Jun 10 14:30:15 UTC 2020 - Tomáš Chvátal + +- Use the %{python_pkg_name} on more places to allow easier + multiversioning +- Switch to _multibuild approach for easier maintenance of this + package. All is now in one spec file with 3 conditionals: + * bcond_with base + * bcond_with doc + * bcond_with general + +------------------------------------------------------------------- +Mon Jun 8 14:26:00 UTC 2020 - Matej Cepl + +- add requires python3-base on libpython subpackage (bsc#1167008) + +------------------------------------------------------------------- +Fri Jun 5 06:08:12 UTC 2020 - Dirk Mueller + +- build against Sphinx 2.x until python is compatible with + Sphinx 3.x (see gh#python/cpython#19397, bpo#40204) + +------------------------------------------------------------------- +Fri May 29 19:59:01 UTC 2020 - Andreas Stieger + +- Fix build with SQLite 3.32 (bpo#40783) + add bpo40784-Fix-sqlite3-deterministic-test.patch + +------------------------------------------------------------------- +Sun May 17 15:37:35 UTC 2020 - Callum Farmer + +- Update to version 3.8.3: + - Complete list of changes is available at + https://docs.python.org/release/3.8.3/whatsnew/changelog.html#python-3-8-3-final, + but most of them are just bugfixes. + - Removed patch CVE-2020-8492-urllib-ReDoS.patch: contained in upstream + +------------------------------------------------------------------- +Thu Apr 16 12:06:01 UTC 2020 - Matej Cepl + +- Add #!BuildIgnore: gdk-pixbuf-loader-rsvg to python3 SPEC + +------------------------------------------------------------------- +Thu Mar 26 15:36:55 UTC 2020 - Matej Cepl + +- Add patch bsc1167501-invalid-alignment.patch + (bsc#1167501, bpo#40052) to fix alignment in abstract.h header file. + +------------------------------------------------------------------- +Wed Mar 11 11:09:41 UTC 2020 - Andreas Schwab + +- Update list of skipped tests for qemu linux-user build, test_setegid + (test.test_os.PosixUidGidTests) is confusing it + +------------------------------------------------------------------- +Thu Mar 5 18:40:29 UTC 2020 - Matej Cepl + +- Update to 3.8.2: + - Complete list of changes is available at + https://docs.python.org/release/3.8.2/whatsnew/changelog.html#python-3-8-2-final, + but most of them are just bugfixes. + - Updated patches: + - F00102-lib64.patch + - OBS_dev-shm.patch + - SUSE-FEDORA-multilib.patch + - subprocess-raise-timeout.patch + +------------------------------------------------------------------- +Sun Feb 9 00:14:24 CET 2020 - Matej Cepl + +- Add CVE-2020-8492-urllib-ReDoS.patch fixing the security bug + "Python urrlib allowed an HTTP server to conduct Regular + Expression Denial of Service (ReDoS)" (bsc#1162367) + +------------------------------------------------------------------- +Sat Feb 8 22:21:10 CET 2020 - Matej Cepl + +- Add Requires: libpython%{so_version} == %{version}-%{release} + to python3-base to keep both packages always synchronized + (bsc#1162224). + +------------------------------------------------------------------- +Mon Feb 3 20:27:54 UTC 2020 - Tomáš Chvátal + +- Do not pull in bluez in base again, explain the cycle, + it needs to be solved by bluez maintainer for us by providing + just the headers separately + +------------------------------------------------------------------- +Mon Feb 3 19:54:25 UTC 2020 - Tomáš Chvátal + +- Reame idle icons to idle3 in order to not conflict with python2 + variant of the package + * renamed the icons + * renamed icon load in desktop file + +------------------------------------------------------------------- +Thu Jan 16 09:50:03 UTC 2020 - Tomáš Chvátal + +- Add importlib_resources provide/obsolete as it is integral + part of the lang since 3.7 release + +------------------------------------------------------------------- +Mon Jan 13 11:10:47 UTC 2020 - Martin Liška + +- Add -fno-semantic-interposition as it brings speed up: + https://fedoraproject.org/wiki/Changes/PythonNoSemanticInterpositionSpeedup + +------------------------------------------------------------------- +Thu Dec 19 16:25:26 CET 2019 - Matej Cepl + +- Update to 3.8.1: + - This is mainly bugfix release and no significant changes to + API are expected. The full changelog is available on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-1 + - Remove bpo-38688_shutil.copytree_prevent-infinite-recursion.patch, + which is included in the upstream tarball. + +------------------------------------------------------------------- +Thu Dec 19 14:57:32 CET 2019 - Matej Cepl + +- Add bpo-31046_ensurepip_honours_prefix.patch which makes + ensurepip to honour the value of $(prefix). Proposed fix for + bpo#31046.. + +------------------------------------------------------------------- +Tue Dec 10 11:07:16 UTC 2019 - Tomáš Chvátal + +- Move bluez-devel dependency to base as it is needed for + socket.AF_BLUETOOTH and otherwise does not work + +------------------------------------------------------------------- +Mon Dec 2 16:52:32 CET 2019 - Matej Cepl + +- Reintroduce QtHelp with the help of the new BR + python-sphinxcontrib-qthelp. + +------------------------------------------------------------------- +Mon Oct 21 18:51:00 UTC 2019 - Stefan Brüns + +- Fix SUSE-FEDORA-multilib.patch, the platform agnostic infix for + library installation is "lib", not "dir". + +------------------------------------------------------------------- +Thu Oct 17 14:19:20 UTC 2019 - Stefan Brüns + +- Move idle subpackage build from python3-base to python3. + appstream-glib required for packaging introduces considerable + extra dependencies and a build loop via rust/librsvg. +- Correct installation of idle IDE icons: + + idle.png is not the target directory + + non-GNOME-specific icons belong into icons/hicolor +- Add required Name key to idle3 desktop file + +------------------------------------------------------------------- +Tue Oct 15 16:39:12 CEST 2019 - Matej Cepl + +- Update to the final release 3.8.0. . + - New Features: + - Assignment expressions + - Positional-only parameters + - Parallel filesystem cache for compiled bytecode files + - Debug build uses the same ABI as release build + - f-strings support = for self-documenting expressions and + debugging + - PEP 578: Python Runtime Audit Hooks + - PEP 587: Python Initialization Configuration + - Vectorcall: a fast calling protocol for CPython + - Pickle protocol 5 with out-of-band data buffers + - New modules: + - importlib.metadata + - Improved modules: + - ast asyncio, builtins, collections, curses, ctypes, + datetime, functools, gc, gettext, gzip, idelib and IDLE, + inspect, io, json.tool, math, mmap, multiprocessing, os, + os.path, pathlib, pickle, plistlib, py_compile, shlex, + shutil, socket, ssl, statistics, sys, tarfile, threading, + tokenize, tkinter, time, typing, unicodedata, unittest, + venv, weakref, xml + - C API improvements + - bdist_winnst command has been deprecated (use bdist_wheel) +- https://docs.python.org/3.8/whatsnew/3.8.html remains rest of + changes including documentation on how to port your programs to + the current version of Python. + +------------------------------------------------------------------- +Mon Oct 14 15:02:08 CEST 2019 - Matej Cepl + +- Add idle3.appdata.xml and idle3.desktop (originally from + Fedora) to make Idle3 full GUI desktop application. + (bsc#1153830) + +------------------------------------------------------------------- +Wed Oct 9 19:09:16 UTC 2019 - Michael Gorse + +- Drop intltool from BuildRequires. Doesn't appear to be used. + +------------------------------------------------------------------- +Wed Oct 9 10:37:59 UTC 2019 - Tomáš Chvátal + +- Add folder version to allow tarball downloads even for beta/rc + releases + +------------------------------------------------------------------- +Tue Oct 8 14:53:54 CEST 2019 - Matej Cepl + +- Revert patches from Fedora (F00102-lib64.patch and + F00251-change-user-install-location.patch) into their original + prisitine Fedora versions, SUSE-FEDORA-multilib.patch refreshed + accordingly. + +------------------------------------------------------------------- +Mon Oct 7 14:33:30 UTC 2019 - Matej Cepl + +- Correct quotation of platsubdir in Lib/distutils/command/install.py + +------------------------------------------------------------------- +Thu Oct 3 13:59:57 CEST 2019 - Matej Cepl + +- Replace python-3.6.0-multilib.patch with two patches from + Fedora (F00102-lib64.patch and + F00251-change-user-install-location.patch), and our own + SUSE-FEDORA-multilib.patch to allow better cooperation with + Fedora and better upstreaming. +- Add OBS_dev-shm.patch fixing bpo#38377 + +------------------------------------------------------------------- +Thu Oct 3 08:39:18 UTC 2019 - Tomáš Chvátal + +- Pull in just gettext and let solver to sort out between: + gettext-runtime-mini and gettext-runtime + +------------------------------------------------------------------- +Wed Oct 2 15:00:09 CEST 2019 - Matej Cepl + +- Update to 3.8.0rc1. Overall changes from 3.7: + - PEP 572, Assignment expressions + - PEP 570, Positional-only arguments + - PEP 587, Python Initialization Configuration (improved + embedding) + - PEP 590, Vectorcall: a fast calling protocol for CPython + - PEP 578, Runtime audit hooks + - PEP 574, Pickle protocol 5 with out-of-band data + - Typing-related: PEP 591 (Final qualifier), PEP 586 (Literal + types), and PEP 589 (TypedDict) + - Parallel filesystem cache for compiled bytecode + - Debug builds share ABI as release builds, also the 'm' ABI + tag was removed (irrelevant since 3.4), bpo#36707 + - f-strings support a handy = specifier for debugging + - continue is now legal in finally: blocks + - on Windows, the default asyncio event loop is now + ProactorEventLoop + - on macOS, the spawn start method is now used by default in + multiprocessing + - multiprocessing can now use shared memory segments to avoid + pickling costs between processes + - typed_ast is merged back to CPython + - LOAD_GLOBAL is now 40% faster + - pickle now uses Protocol 4 by default, improving performance +- Refreshed patches: + - CVE-2019-5010-null-defer-x509-cert-DOS.patch + - python-3.3.0b1-fix_date_time_compiler.patch + - python-3.6.0-multilib.patch + - subprocess-raise-timeout.patch + +------------------------------------------------------------------- +Wed Sep 25 09:46:41 UTC 2019 - Bernhard Wiedemann + +- Add bpo36302-sort-module-sources.patch (boo#1041090) + +------------------------------------------------------------------- +Tue Sep 10 13:43:18 UTC 2019 - Tomáš Chvátal + +- Try harder obsoleting importlib-metadata + +------------------------------------------------------------------- +Sat Aug 31 00:16:47 CEST 2019 - Matej Cepl + +- Update to 3.8.0b4: + Many bugfixes, full list on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-0-beta-4 + +------------------------------------------------------------------- +Thu Aug 29 06:28:15 UTC 2019 - Guillaume GARDET + +- Re-enable test_threading on aarch64 + +------------------------------------------------------------------- +Sat Aug 17 13:21:15 UTC 2019 - John Vandenberg + +- Remove xrpm from subpackage tk description + +------------------------------------------------------------------- +Tue Aug 6 14:24:55 CEST 2019 - Matej Cepl + +- Update to 3.8.0b3: + Many bugfixes, full list on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-0-beta-3 +- Patches reapplied: + - python-3.3.0b1-fix_date_time_compiler.patch + - python-3.3.0b1-test-posix_fadvise.patch + - python-3.6.0-multilib.patch + - subprocess-raise-timeout.patch + +------------------------------------------------------------------- +Tue Jul 23 13:20:49 UTC 2019 - Matej Cepl + +- Add Provides: python3-importlib-metadata + +------------------------------------------------------------------- +Sun Jul 7 19:08:48 CEST 2019 - Matej Cepl + +- Update to 3.8.0b2: + Many bugfixes, full list on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-0-beta-2 +- Patches included in upstream: + - bpo-37169_PyObject_IsFreed.patch +- Patches reapplied: + - 00251-change-user-install-location.patch + - distutils-reproducible-compile.patch + - python-3.3.0b1-localpath.patch + - python-3.6.0-multilib.patch + +------------------------------------------------------------------- +Tue Jul 2 09:03:04 UTC 2019 - Andreas Schwab + +- Update list of skipped tests for qemu linux-user build +- Don't do profiling in qemu linux-user build + +------------------------------------------------------------------- +Wed Jun 5 12:19:09 CEST 2019 - Matej Cepl + +- Update to 3.8.0b1 (changes since 3.7.*): + - PEP 572, Assignment expressions + - PEP 570, Positional-only arguments + - PEP 587, Python Initialization Configuration (improved embedding) + - PEP 590, Vectorcall: a fast calling protocol for CPython + - PEP 578, Runtime audit hooks + - PEP 574, Pickle protocol 5 with out-of-band data + - Typing-related: PEP 591 (Final qualifier), PEP 586 (Literal + types), and PEP 589 (TypedDict) + - Parallel filesystem cache for compiled bytecode + - Debug builds share ABI as release builds + - f-strings support a handy = specifier for debugging + - continue is now legal in finally: blocks + - multiprocessing can now use shared memory segments to avoid + pickling costs between processes + - typed_ast is merged back to CPython + - LOAD_GLOBAL is now 40% faster + - pickle now uses Protocol 4 by default, improving performance +- Remove patches which were included in the upstream: + - 00251-change-user-install-location.patch + - 00316-mark-bdist_wininst-unsupported.patch + - CVE-2019-9947-no-ctrl-char-http.patch + - raise_SIGING_not_handled.patch + +------------------------------------------------------------------- +Wed May 22 10:53:03 UTC 2019 - Martin Liška + +- Set _lto_cflags to nil as the package is using LTO via --enable-lto. + That will prevent to propage LTO for Python modules that are + built in a separate package. + +------------------------------------------------------------------- +Sat May 4 21:29:20 CEST 2019 - Matej Cepl + +- Update to 3.8.0.a3: + - PEP 572: Assignment Expressions. + - Other (mostly small) changes are on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-0-alpha-3 + +------------------------------------------------------------------- +Mon Apr 29 15:40:34 CEST 2019 - Matej Cepl + +- bsc#1130840 (CVE-2019-9947): add CVE-2019-9947-no-ctrl-char-http.patch + Address the issue by disallowing URL paths with embedded + whitespace or control characters through into the underlying + http client request. Such potentially malicious header + injection URLs now cause a ValueError to be raised. + +------------------------------------------------------------------- +Wed Apr 10 10:22:58 CEST 2019 - Matej Cepl + +- Fix metadata of patches. +- Rename boo1071941-make-install-in-sep-loc.patch to + 00251-change-user-install-location.patch which is the original + name, so it can be looked up in the Fedora VCS. + +------------------------------------------------------------------- +Tue Apr 9 04:55:24 UTC 2019 - John Vandenberg + +- Mark distutils bdist_wininst command unsupported + with 00316-mark-bdist_wininst-unsupported.patch +- Remove Windows bdist_wininst executables from runtime package + +------------------------------------------------------------------- +Tue Apr 9 01:21:45 CEST 2019 - Matej Cepl + +- Update to 3.7.3, which is the maintenance release without any + significant changes in API. + - Updated patches: + - CVE-2019-5010-null-defer-x509-cert-DOS.patch + - distutils-reproducible-compile.patch + - python-3.3.0b1-fix_date_time_compiler.patch + - python-3.6.0-multilib.patch + - raise_SIGING_not_handled.patch + +------------------------------------------------------------------ +Wed Mar 20 14:59:58 UTC 2019 - Matěj Cepl + +- Remove building of Qt Develop help files. + +------------------------------------------------------------------- +Fri Mar 15 15:10:30 CET 2019 - Matej Cepl + +- Return distutils-reproducible-compile.patch which is still + missing (still unfinished bpo#29708). + +------------------------------------------------------------------- +Mon Feb 25 23:30:56 CET 2019 - Matej Cepl + +- Update to 3.8.0a2: + * List of all (mostly small) changes are on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-0-alpha-2 + +------------------------------------------------------------------- +Tue Feb 12 10:25:52 CET 2019 - Matej Cepl + +- Build nis module again. + +------------------------------------------------------------------- +Tue Feb 12 10:06:17 CET 2019 - Matej Cepl + +- Update to 3.8.0a1: + * The most visible change so far is probably the + implementation of PEP 572: Assignment Expressions. For + a detailed list of changes, see: + https://docs.python.org/3.8/whatsnew/changelog.html + * Recover building of nis module properly in python3 package +- Update patches: + * CVE-2019-5010-null-defer-x509-cert-DOS.patch + * python-3.3.0b1-fix_date_time_compiler.patch + * python-3.3.0b1-test-posix_fadvise.patch + * python-3.6.0-multilib.patch + * raise_SIGING_not_handled.patch + +------------------------------------------------------------------- +Wed Jan 30 18:07:49 CET 2019 - mcepl@suse.com + +- Put LICENSE file where it belongs (bsc#1121852) + +------------------------------------------------------------------- +Sat Jan 19 16:19:38 CET 2019 - mcepl@suse.com + +- bsc#1122191: add CVE-2019-5010-null-defer-x509-cert-DOS.patch + fixing bpo-35746. + An exploitable denial-of-service vulnerability exists in the + X509 certificate parser of Python.org Python 2.7.11 / 3.7.2. + A specially crafted X509 certificate can cause a NULL pointer + dereference, resulting in a denial of service. An attacker can + initiate or accept TLS connections using crafted certificates + to trigger this vulnerability. + +------------------------------------------------------------------- +Tue Jan 8 12:51:01 UTC 2019 - Tomáš Chvátal + +- Do not require full gettext in order to avoid pulling in the + glib2 as a dependency + +------------------------------------------------------------------- +Tue Jan 8 12:25:27 UTC 2019 - Tomáš Chvátal + +- Update to 3.7.2: + * bugfix release: + https://docs.python.org/3.7/whatsnew/changelog.html#changelog + +------------------------------------------------------------------- +Wed Jan 2 12:51:48 CET 2019 - mcepl@suse.com + +- Stop applying python-3.6.0-multilib-new.patch (which is still + WIP), and apply the old proven python-3.6.0-multilib.patch + instead. + +------------------------------------------------------------------- +Wed Dec 19 19:29:44 UTC 2018 - Todd R + +- Use upstream-recommended %{_rpmconfigdir}/macros.d directory + for the rpm macros. + +------------------------------------------------------------------- +Mon Dec 17 17:24:49 CET 2018 - mcepl@suse.com + +- Upgrade to 3.7.2rc1: + * bugfix release, for the full list of all changes see + https://docs.python.org/3.7/whatsnew/changelog.html#changelog +- Make run of the test suite more verbose + +------------------------------------------------------------------- +Tue Dec 11 01:52:45 UTC 2018 - Jan Engelhardt + +- Write summaries without em dashes. + +------------------------------------------------------------------- +Mon Dec 3 13:27:54 UTC 2018 - Matěj Cepl + +- Remove python-3.3.0b1-curses-panel.patch it is unnecessary anymore. +- Add boo1071941-make-install-in-sep-loc.patch to make pip and + distutils in user environment install into separate location + (boo#1071941) + + Set values of prefix and exec_prefix in distutils install + command to /usr/local if executable is /usr/bin/python* and RPM + build is not detected to make pip and distutils install into + separate location +- Remove finally python-3.3.3-skip-distutils-test_sysconfig_module.patch +- Remove distutils-reproducible-compile.patch which doesn't make + really much difference in reproducibility (see + gh#python/cpython#8057 and discussion there). + +------------------------------------------------------------------- +Sat Dec 1 00:14:28 CET 2018 - mcepl@suse.com + +- Rename Stop_hash-based_invalidation_w_SOURCE_DATE_EPOCH.patch + to bpo34022-stop_hash-based_invalidation_w_SOURCE_DATE_EPOCH.patch + +------------------------------------------------------------------- +Wed Nov 7 12:10:41 CET 2018 - mcepl@suse.com + +- Add dependency on bluez-devel to build support for Bluetooth + (boo#1109998) + +------------------------------------------------------------------- +Tue Nov 6 13:52:45 CET 2018 - mcepl@suse.com + +- Add devhelp subpackage and split qthelp into another + subpackage. + +------------------------------------------------------------------- +Wed Oct 24 12:38:00 UTC 2018 - Matěj Cepl + +- Remove python-3.0b1-record-rpm.patch and + Python-3.0b1-record-rpm.patch, as they are not needed anymore + +------------------------------------------------------------------- +Tue Oct 23 14:14:16 UTC 2018 - Matej Cepl + +- Switch off test_threading for optimization builds. + +------------------------------------------------------------------- +Mon Oct 22 14:41:59 CEST 2018 - mcepl@suse.com + +- Update to python-3.7.1. This is just a brief overview, complete + changelog available at + https://docs.python.org/3.7/whatsnew/changelog.html#python-3-7-1-final: + Library + bpo-34970: Protect tasks weak set manipulation in asyncio.all_tasks() +- Patches already accepted upstream are removed: + * 00307-allow-to-call-Py_Main-after-Py_Initialize.patch + * 00308-tls-1.3.patch +- New patches added: + * Stop_hash-based_invalidation_w_SOURCE_DATE_EPOCH.patch + * raise_SIGING_not_handled.patch +- All other patches refreshed via quilt. + +------------------------------------------------------------------- +Mon Oct 22 12:22:19 UTC 2018 - Matej Cepl + +- Add raise_SIGING_not_handled.patch to fix bsc#1094814 + +------------------------------------------------------------------- +Wed Oct 17 14:04:35 UTC 2018 - Tomáš Chvátal + +- Add patch to fix importlib return types: + * python3-imp-returntype.patch + +------------------------------------------------------------------- +Mon Oct 15 13:46:32 CEST 2018 - mcepl@suse.com + +- bpo-34022 still not completely fixed, so we have to keep + excluding test_cmd_line_script, + test_multiprocessing_main_handling, and test_runpy from the + test suite. + +------------------------------------------------------------------- +Sun Oct 14 15:57:24 UTC 2018 - Matej Cepl + +- Update to python 3.7.1~rc2: + Core and Builtins + bpo-34879: Fix a possible null pointer dereference in + bytesobject.c. Patch by Zackery Spytz. + bpo-34854: Fixed a crash in compiling string annotations + containing a lambda with a keyword-only argument that + doesn’t have a default value. + bpo-34320: Fix dict(od) didn’t copy iteration order of + OrderedDict. + Library + bpo-34769: Fix for async generators not finalizing when event + loop is in debug mode and garbage collector runs in another + thread. + bpo-34922: Fixed integer overflow in the digest() and + hexdigest() methods for the SHAKE algorithm in the hashlib + module. + bpo-34900: Fixed unittest.TestCase.debug() when used to call + test methods with subtests. Patch by Bruno Oliveira. + bpo-34871: Fix inspect module polluted sys.modules when parsing + __text_signature__ of callable. + bpo-34872: Fix self-cancellation in C implementation of + asyncio.Task + bpo-34819: Use a monotonic clock to compute timeouts in + Executor.map() and as_completed(), in order to prevent + timeouts from deviating when the system clock is adjusted. + bpo-34334: In QueueHandler, clear exc_text from LogRecord to + prevent traceback from being written twice. + bpo-6721: Acquire the logging module’s commonly used internal + locks while fork()ing to avoid deadlocks in the child + process. + bpo-34172: Fix a reference issue inside multiprocessing.Pool + that caused the pool to remain alive if it was deleted + without being closed or terminated explicitly. + Documentation + bpo-32174: chm document displays non-ASCII charaters properly on + some MBCS Windows systems. + Tests + bpo-32962: Fixed test_gdb when Python is compiled with flags + -mcet -fcf-protection -O0. + C API + bpo-34910: Ensure that PyObject_Print() always returns -1 on + error. Patch by Zackery Spytz. + +------------------------------------------------------------------- +Fri Oct 12 20:46:58 CEST 2018 - mcepl@suse.com + +- Add Stop_hash-based_invalidation_w_SOURCE_DATE_EPOCH.patch to + fix problems with SOURCE_DATE_EPOCH variable (bpo-34022) + +------------------------------------------------------------------- +Mon Sep 17 09:44:02 UTC 2018 - Tomáš Chvátal + +- Add patch to fix build with tls1.3 supported openssl + * 00308-tls-1.3.patch +- Add patch to fix Py_Main calls after Py_initialize + * 00307-allow-to-call-Py_Main-after-Py_Initialize.patch + +------------------------------------------------------------------- +Mon Sep 3 15:22:42 UTC 2018 - Matěj Cepl + +- Add -fwrapv to OPTS, which is default for python3 anyway + See for example https://github.com/zopefoundation/persistent/issues/86 + for bugs which are caused by avoiding it. + +------------------------------------------------------------------- +Tue Jul 10 11:12:32 UTC 2018 - mcepl@suse.com + +- Fix ownership of _contextvars, _queue, and _xxtestfuzz + +------------------------------------------------------------------- +Tue Jul 3 15:04:48 UTC 2018 - mcepl@suse.com + +- Switch off LTO for distros with older GCC +- Fix %files + +------------------------------------------------------------------- +Fri Jun 29 14:20:03 UTC 2018 - tchvatal@suse.com + +- Add dependency over libuuid-devel + +------------------------------------------------------------------- +Thu Jun 28 10:42:15 UTC 2018 - mimi.vx@gmail.com + +- update to python 3.7.0 + Complete overview of changes is available on + https://docs.python.org/3/whatsnew/3.7.html, these are just + highlights: + * PEP 563, postponed evaluation of type annotations. + * async and await are now reserved keywords. + * New library modules: + contextvars: PEP 567 – Context Variables + dataclasses: PEP 557 – Data Classes + importlib.resources + * New built-in features: + PEP 553, the new breakpoint() function. + * Python data model improvements: + PEP 562, customization of access to module attributes. + PEP 560, core support for typing module and generic types. + the insertion-order preservation nature of dict objects + has been declared to be an official part of the Python + language spec. + * Significant improvements in the standard library: + The asyncio module has received new features, significant + usability and performance improvements. + The time module gained support for functions with + nanosecond resolution. + * CPython implementation improvements: + Avoiding the use of ASCII as a default text encoding: + PEP 538, legacy C locale coercion + PEP 540, forced UTF-8 runtime mode + PEP 552, deterministic .pycs + the new development runtime mode + PEP 565, improved DeprecationWarning handling + * C API improvements: + PEP 539, new C API for thread-local storage + * Documentation improvements: + PEP 545, Python documentation translations + New documentation translations: Japanese, French, and Korean. +- drop python3-sorted_tar.patch +- drop 0001-allow-for-reproducible-builds-of-python-packages.patch +- refresh python-3.6.0-multilib-new.patch +- refresh subprocess-raise-timeout.patch + * new C API for thread-local storage + * Deterministic pyc files + * Built-in breakpoint() + * Data Classes + * Core support for typing module and generic types + * Customization of access to module attributes + * Postponed evaluation of annotations + * Time functions with nanosecond resolution + * Improved DeprecationWarning handling + * Context Variables + * Avoiding the use of ASCII as a default text encoding + (PEP 538, legacy C locale coercion and PEP 540, forced UTF-8 runtime mode) + * The insertion-order preservation nature of dict objects is now + an official part of the Python language spec. + * Notable performance improvements in many areas. + +------------------------------------------------------------------- +Thu May 17 18:26:42 UTC 2018 - hpj@urpla.net + +- disable lto with gcc versions below 7 (results in link failures) + +------------------------------------------------------------------- +Mon Apr 30 15:23:24 UTC 2018 - jengelh@inai.de + +- Use faster find subcommand execution strategies. + +------------------------------------------------------------------- +Fri Apr 20 16:17:29 UTC 2018 - tchvatal@suse.com + +- Do not mention the testsuite disabling in opts as it was moved to + main pkg so base is test-free + +------------------------------------------------------------------- +Tue Apr 17 08:36:08 UTC 2018 - tchvatal@suse.com + +- As we run in main python package do not generate the pre_checkin + from both now + +------------------------------------------------------------------- +Mon Apr 16 14:11:56 UTC 2018 - tchvatal@suse.com + +- Move the tests from base to generic package wrt bsc#1088573 + * We still fail the whole distro if python3 is not build + * The other archs than x86_64 took couple of hours to unblock + build of other software, this way we work around the issue +- Some tests are still run in -base for the LTO tweaking, but at + least it is not run twice + +------------------------------------------------------------------- +Sat Mar 31 19:41:12 UTC 2018 - mimi.vx@gmail.com + +- update to 3.6.5 + * bugfix release + * see Misc/NEWS for details +- drop ctypes-pass-by-value.patch +- drop fix-localeconv-encoding-for-LC_NUMERIC.patch +- refresh python-3.6.0-multilib-new.patch + +------------------------------------------------------------------ +Wed Mar 7 09:16:39 UTC 2018 - adam@mizerski.pl + +- Created %so_major and %so_minor macros +- Put Tools/gdb/libpython.py script into proper place and ship it with devel + subpackage. + +------------------------------------------------------------------- +Tue Feb 20 15:04:56 UTC 2018 - schwab@suse.de + +- ctypes-pass-by-value.patch: Fix pass by value for structs on aarch64 + +------------------------------------------------------------------- +Tue Feb 20 14:28:00 UTC 2018 - bwiedemann@suse.com + +- Add python3-sorted_tar.patch (boo#1081750) + +------------------------------------------------------------------- +Tue Feb 20 14:08:57 UTC 2018 - tchvatal@suse.com + +- Drop python3-tk and python3-idle recommends to reduce python3 + always pulling X stack bsc#1081751 + +------------------------------------------------------------------- +Wed Feb 7 09:10:03 UTC 2018 - tchvatal@suse.com + +- Add patch to fix glibc 2.27 fail bsc#1079761: + * fix-localeconv-encoding-for-LC_NUMERIC.patch + +------------------------------------------------------------------- +Mon Feb 5 17:14:43 UTC 2018 - normand@linux.vnet.ibm.com + +- Update skip_random_failing_tests.patch (for PowerPC) + to avoid test_call_later failure + +------------------------------------------------------------------- +Wed Jan 24 14:35:58 UTC 2018 - jmatejek@suse.com + +- move XML modules and python3-xml provide to python3-base + (fixes bsc#1077230) +- move ensurepip to base + +------------------------------------------------------------------- +Thu Jan 18 12:31:47 UTC 2018 - normand@linux.vnet.ibm.com + +- Add skip_random_failing_tests.patch only for PowerPC + +------------------------------------------------------------------- +Wed Jan 3 12:18:51 UTC 2018 - jmatejek@suse.com + +- update to 3.6.4 + * bugfix release, over a hundred bugs fixed + * see Misc/NEWS for details +- drop upstreamed python3-ncurses-6.0-accessors.patch +- drop PYTHONSTARTUP hooks that cause spurious startup errors + * fixes bsc#1070738 + * the relevant feature (REPL history) is now built into Python itself + +------------------------------------------------------------------- +Sat Dec 2 11:11:46 UTC 2017 - dimstar@opensuse.org + +- Install 2to3-%{python_version} executable (override defattr of + the -tools package). 2to3 (unversioned) is a symlink and does not + carry permissions (bsc#1070853). + +------------------------------------------------------------------- +Thu Nov 16 11:02:18 UTC 2017 - mimi.vx@gmail.com + +- move 2to3 to python3-tools package + +------------------------------------------------------------------- +Wed Oct 11 13:15:23 UTC 2017 - jmatejek@suse.com + +- update to 3.6.3 + * bugfix release, over a hundred bugs fixed + * see Misc/NEWS for details +- drop upstreamed 0001-3.6-bpo-30714-ALPN-changes-for-OpenSSL-1.1.0f-3093.patch + +------------------------------------------------------------------- +Wed Sep 20 09:54:05 UTC 2017 - dmueller@suse.com + +- drop python-2.7-libffi-aarch64.patch: this patches the intree + copy of libffi which is unused/deleted in the line afterwards +- fix build against system libffi: include flags weren't set + so it actually used the in-tree libffi headers. + +------------------------------------------------------------------- +Thu Sep 14 13:23:10 UTC 2017 - vcizek@suse.com + +- Fix test broken with OpenSSL 1.1 (bsc#1042670) + * add 0001-3.6-bpo-30714-ALPN-changes-for-OpenSSL-1.1.0f-3093.patch + +------------------------------------------------------------------- +Tue Sep 5 11:47:05 UTC 2017 - jengelh@inai.de + +- Update RPM group for python documentation. + +------------------------------------------------------------------- +Thu Aug 31 08:39:31 UTC 2017 - schwab@suse.de + +- fix missing %{?armsuffix} + +------------------------------------------------------------------- +Wed Aug 30 13:41:38 UTC 2017 - jmatejek@suse.com + +- distutils-reproducible-compile.patch: ensure distutils order files + before compiling, which works around bsc#1049186 + +------------------------------------------------------------------- +Thu Aug 17 08:59:05 CEST 2017 - kukuk@suse.de + +- Add libnsl-devel build requires for glibc obsoleting libnsl + +------------------------------------------------------------------- +Thu Aug 3 16:09:26 UTC 2017 - jmatejek@suse.com + +- update to 3.6.2 + * bugfix release, over a hundred bugs fixed + * see Misc/NEWS for details +- drop upstreamed test-socket-aead-kernel49.patch +- add Provides: python3-typing (fixes bsc#1050653) +- drop duplicate Provides: python3 + +------------------------------------------------------------------- +Mon Jun 26 12:10:07 UTC 2017 - jmatejek@suse.com + +- drop db-devel from requirements + +------------------------------------------------------------------- +Tue Jun 20 09:26:52 UTC 2017 - asn@cryptomilk.org + +- Add missing link to python library in config dir (bsc#1040164) + +------------------------------------------------------------------- +Thu Mar 23 12:42:59 UTC 2017 - jmatejek@suse.com + +- update to 3.6.1 + * bugfix release, over a hundred bugs fixed + * never add import location's parent directory to sys.path + * switch to git for version control, build changes related to that + * fix "failed to get random numbers" on old kernels (bsc#1029902) + * several crashes and memory leaks corrected + * f-string are no longer accepted as docstrings + +------------------------------------------------------------------- +Mon Mar 13 14:04:22 UTC 2017 - jmatejek@suse.com + +- prevent regenerating AST at build-time more robustly +- add "--without profileopt" and "--without testsuite" options to python3-base + to allow short circuiting when working on the package + +------------------------------------------------------------------- +Sat Feb 25 20:55:57 UTC 2017 - bwiedemann@suse.com + +- Add 0001-allow-for-reproducible-builds-of-python-packages.patch + upstream https://github.com/python/cpython/pull/296 + +------------------------------------------------------------------- +Wed Feb 8 12:30:20 UTC 2017 - jmatejek@suse.com + +- reenable test_socket with AEAD patch (test-socket-aead-kernel49.patch) +- reintroduce %py3_soflags macro (and better named %cpython3_soabi equivalent) + +------------------------------------------------------------------- +Wed Jan 11 14:57:07 UTC 2017 - jmatejek@suse.com + +- update to 3.6.0 + * PEP 498 Formated string literals + * PEP 515 Underscores in numeric literals + * PEP 526 Syntax for variable annotations + * PEP 525 Asynchronous generators + * PEP 530 Asynchronous comprehensions + * PEP 506 New "secrets" module for safe key generation + * less memory consumed by dicts + * dtrace and systemtap support + * improved asyncio module + * better defaults for ssl + * new hashing algorithms in hashlib + * bytecode format changed to allow more optimizations + * "async" and "await" are on track to be reserved words + * StopIteration from generators is deprecated + * support for openssl < 1.0.2 is deprecated + * os.urandom now blocks when getrandom() blocks + * huge number of new features, bugfixes and optimizations + * see https://docs.python.org/3.6/whatsnew/3.6.html for details +- rework multilib patch: drop Python-3.5.0-multilib.patch, implement + upstreamable python-3.6.0-multilib-new.patch +- refresh python-3.3.0b1-localpath.patch, subprocess-raise-timeout.patch +- drop upstreamed Python-3.5.1-fix_lru_cache_copying.patch +- finally drop python-2.6b1-canonicalize2.patch that was not applied in source + and only kept around in case we needed it in the future. (which we don't, as it seems) +- update import_failed map and baselibs +- build ctypes against system libffi + (buildrequire libffi-devel in python3-base) +- add new key to keyring (signed by keys already in keyring) +- introduced common configure section between python3 and python3-base +- moved pyconfig.h and Makefile to devel subpackage as distutils no longer + need it at runtime +- added python-rpm-macros dependency, regenerated macros file, drop macros.python3.py + because it is not used now +- improve summaries and descriptions (fixes bsc#917607) +- enabled Link-Time Optimization, see what happens +- including skipped_tests.py in pre_checkin.sh run +- run specs through spec-cleaner, rearrange sections + +------------------------------------------------------------------- +Fri Apr 22 17:20:29 UTC 2016 - jmatejek@suse.com + +- move _hashlib and _ssl modules and tests to python3-base +- recommend python3 + +------------------------------------------------------------------- +Tue Mar 15 15:05:23 UTC 2016 - schwab@suse.de + +- Skip test_asyncio under qemu_user_space_build + +------------------------------------------------------------------- +Mon Mar 7 20:38:11 UTC 2016 - toddrme2178@gmail.com + +- Add Python-3.5.1-fix_lru_cache_copying.patch + Fix copying the lru_cache() wrapper object. + Fixes deep-copying lru_cache regression, which worked on + previous versions of python but fails on python 3.5. + This fixes a bunch of packages in devel:languages:python3. + See: https://bugs.python.org/issue25447 + +------------------------------------------------------------------- +Sun Jan 24 00:44:08 UTC 2016 - arichardson.kde@gmail.com + +- Build the docs in .qch format as well + +------------------------------------------------------------------- +Wed Dec 9 07:35:20 UTC 2015 - toddrme2178@gmail.com + +- update to 3.5.1 + * bugfix-only release, dozens of bugs fixed +- Drop upstreamed Python-3.5.0-_Py_atomic_xxx-symbols.patch +- "Python3" to "Python 3" in summary + * This seems cleaner and fixes and rpmlint warning + +------------------------------------------------------------------- +Wed Oct 14 20:21:52 UTC 2015 - toddrme2178@gmail.com + +- Add Python-3.5.0-_Py_atomic_xxx-symbols.patch + This fixes a build error for many packages that use the Python, + C-API. + This patch is already accepted upstream and is slated to appear in + python 3.5.1. + +------------------------------------------------------------------- +Tue Sep 29 15:53:24 UTC 2015 - jmatejek@suse.com + +- update to 3.5.0 + * coroutines with async/await syntax + * matrix multiplication operator `@` + * unpacking generalizations + * new modules `typing` and `zipapp` + * type annotations + * .pyo files replaced by custom suffixes for optimization levels in __pycache__ + * support for memory BIO in ssl module + * performance improvements in several modules + * and many more +- removals and behavior changes + * deprecated `__version__` is removed + * support for .pyo files was removed + * system calls are auto-retried on EINTR + * bare generator expressions in function calls now cause SyntaxError + (change "f(x for x in i)" to "f((x for x in i))" to fix) + * removed undocumented `format` member of private `PyMemoryViewObject` struct + * renamed `PyMemAllocator` to `PyMemAllocatorEx` +- redefine %dynlib macro to reflect that modules now have arch+os as part of name +- module `time` is now built-in +- dropped upstreamed patches: + python-3.4.1-fix-faulthandler.patch + python-3.4.3-test-conditional-ssl.patch + python-fix-short-dh.patch (also dropped dh2048.pem required for this patch) +- updated patch Python-3.3.0b2-multilib.patch to Python-3.5.0-multilib.patch +- python-ncurses-6.0-accessors.patch taken from python 2 to fix build failure + with new gcc + ncurses + +------------------------------------------------------------------- +Wed Sep 9 11:51:22 UTC 2015 - dimstar@opensuse.org + +- Add python3-ncurses-6.0-accessors.patch: Fix build with + NCurses 6.0 and OPAQUE_WINDOW set to 1. + +------------------------------------------------------------------- +Mon Aug 24 17:02:08 UTC 2015 - jmatejek@suse.com + +- improve import_failed hook to do the right thing when invoking + missing modules with "python3 -m modulename" (boo#942751) + +------------------------------------------------------------------- +Thu Jul 23 22:08:10 UTC 2015 - fisiu@opensuse.org + +- Build with --enable-loadable-sqlite-extensions to make it works + as geospatial database. + +------------------------------------------------------------------- +Wed Jul 1 07:07:26 UTC 2015 - dimstar@opensuse.org + +- Fix source list for previous change (add dh2048.pem). + +------------------------------------------------------------------- +Wed Jun 24 06:54:30 UTC 2015 - meissner@suse.com + +- dh2048.pem: added generated 2048 dh parameter set to fix + ssl test (bsc#935856) +- python-fix-short-dh.patch: replace the 512 bits dh parameter set + by 2048 bits to fix build with new openssl 1.0.2c (bsc#935856) + +------------------------------------------------------------------- +Tue May 19 14:59:30 UTC 2015 - schwab@suse.de + +- ctypes-libffi-aarch64.patch: remove upstreamed patch +- python-2.7-libffi-aarch64.patch: Fix argument passing in libffi for + aarch64 + +------------------------------------------------------------------- +Thu May 14 10:58:36 UTC 2015 - jmatejek@suse.com + +- drop the PDF subpackage + (removes the massive texlive dependency, and most likely nobody is + using the PDFs anyway) + +------------------------------------------------------------------- +Thu May 14 09:53:29 UTC 2015 - jmatejek@suse.com + +- python-3.4.3-test-conditional-ssl.patch - restore tests failing because + test_urllib was unconditionally importing ssl (without really needing it) +- restore functionality of multilib patch +- drop libffi-ppc64le.diff because upstream completely changed everything + yet again (sorry ppc64 folks :| ) + + +------------------------------------------------------------------- +Fri May 1 15:11:21 UTC 2015 - mailaender@opensuse.org + +- Update to version 3.4.3 +- Drop upstreamed CVE-2014-4650-CGIHTTPServer-traversal.patch + (bpo#21766) + +------------------------------------------------------------------- +Wed Mar 25 10:57:28 UTC 2015 - rguenther@suse.com + +- Add python-3.4.1-fix-faulthandler.patch, upstream patch for bogus + faulthandler which fails with GCC 5. + +------------------------------------------------------------------- +Sun Jan 11 13:01:30 UTC 2015 - p.drouand@gmail.com + +- asyncio has been merged in python3 main package; provide and + obsolete it +- Remove obsolete AUTHORS section +- Remove redundant %clean section + +------------------------------------------------------------------- +Sat Oct 18 20:14:54 UTC 2014 - crrodriguez@opensuse.org + +- Only pkgconfig(x11) is required for build, not the whole + set of packages provided by xorg-x11-devel metapackage. + +------------------------------------------------------------------- +Mon Oct 13 13:38:20 UTC 2014 - jmatejek@suse.com + +- add %python3_version rpm macro for Fedora compatibility +- add missing argument in import_failed, rename Novell Bugzilla + to SUSE Bugzilla + +------------------------------------------------------------------- +Thu Jul 31 17:24:59 UTC 2014 - dimstar@opensuse.org + +- Rename rpmlintrc to %{name}-rpmlintrc. + Follow the packaging guidelines. + +------------------------------------------------------------------- +Wed Jul 23 16:31:02 UTC 2014 - jmatejek@suse.com + +- CVE-2014-4650-CGIHTTPServer-traversal.patch: CGIHTTPServer file + disclosure and directory traversal through URL-encoded characters + (CVE-2014-4650, bnc#885882) + +------------------------------------------------------------------- +Tue Jul 22 13:55:57 UTC 2014 - jmatejek@suse.com + +- drop python-3.4.1-SUSE-ensurepip.patch for compatibility reasons, + reinstate bundled copies of pip and setuptools + (fixes bnc#885662) +- add more files as sources to silence the validator + +------------------------------------------------------------------- +Wed May 21 11:01:56 UTC 2014 - jmatejek@suse.com + +- update to 3.4.1 + * bugfix-only release, over 300 bugs fixed +- drop upstreamed python-3.4.0rc2-sqlite-3.8.4-tests.patch +- drop upstreamed CVE-2014-2667-mkdir.patch +- include Python release manager keyring and signature file + for the source archive (thus renumbering of source files) + (see https://www.python.org/download/#openpgp-public-keys ) +- move ensurepip to python3, because it transitively requires ssl + +------------------------------------------------------------------- +Fri Apr 4 16:21:40 UTC 2014 - jmatejek@suse.com + +- CVE-2014-2667-mkdir.patch: race condition with reseting umask + in os.makedirs + (CVE-2014-2667, bnc#871152) +- updated multilib patch to include ~/.local/lib64 (bnc#637176) + +------------------------------------------------------------------- +Wed Mar 26 15:24:46 UTC 2014 - jmatejek@suse.com + +- raise timeout value for test_subprocess to 10s (might fix + intermittent build failures in OBS) + +------------------------------------------------------------------- +Mon Mar 24 17:29:31 UTC 2014 - dmueller@suse.com + +- remove blacklisting of test_posix on aarch64: qemu bug is fixed + +------------------------------------------------------------------- +Mon Mar 17 18:26:58 UTC 2014 - jmatejek@suse.com + +- update to 3.4.0 final +- drop upstreamed python-3.4rc2-importlib.patch + +------------------------------------------------------------------- +Sun Mar 16 16:33:25 UTC 2014 - schwab@suse.de + +- Only build with profile-opt if profiling is enabled +- Update test exclusion lists: + * test_ctypes no longer fails on arm + * test_io no longer fails on ppc* + * test_multiprocessing has been split in multiple tests + * test_posix and test_signal fail due to qemu bugs + +------------------------------------------------------------------- +Fri Mar 14 20:26:03 UTC 2014 - andreas.stieger@gmx.de + +- Fix build with SQLite 3.8.4 [bnc#867887], fixing SQLite tests, + adding python-2.7.6-sqlite-3.8.4-tests.patch + +------------------------------------------------------------------- +Thu Feb 27 14:08:40 UTC 2014 - jmatejek@suse.com + +- update to 3.4.0 rc2 + * pre-release bugfixes + * improvements to asyncio library +- drop upstreamed tracemalloc_gcov.patch +- python-3.4rc2-importlib.patch fixes backwards-incompatibility + in the reworked importlib module that blocks build of vim + +------------------------------------------------------------------- +Fri Jan 17 18:45:27 UTC 2014 - jmatejek@suse.com + +- initial commit of 3.4.0 beta 3 + * new stdlib modules: pathlib, enum, statistics, tracemalloc + * asynchronous IO with new asyncio module + * introspection data for builtins + * subprocesses no longer inherit open file descriptors + * standardized metadata for packages + * internal hashing changed to SipHash + * new pickle protocol + * improved handling of codecs + * TLS 1.2 support + * major speed improvements for internal unicode handling + * many bugfixes and optimizations +- see porting guide at: + http://docs.python.org/3.4/whatsnew/3.4.html#porting-to-python-3-4 +- moved several modules to -testsuite subpackage +- updated list of binary extensions, refreshed patches +- tracemalloc_gcov.patch fixes profile-based optimization build +- updated packages and pre_checkin.sh to use ~-version notation + for prereleases +- fix-shebangs part of build process moved to common %prep +- drop python-3.3.2-no-REUSEPORT.patch (upstreamed) +- update baselibs for new soname + +- TODOs: + * require python-pip, make ensurepip work with zypper + +------------------------------------------------------------------- +Wed Dec 4 13:21:26 UTC 2013 - matz@suse.de + +- add ppc64le (ELFv2) support for libffi copy for ctypes module +- Adjust Python-3.3.0b2-multilib.patch for ppc64le (make sys.lib be + "lib64"). +- added patches: + * libffi-ppc64le.diff +------------------------------------------------------------------- +Tue Dec 3 09:51:43 UTC 2013 - adrian@suse.de + +- add ppc64le rules + +------------------------------------------------------------------- +Fri Nov 22 13:17:23 UTC 2013 - speilicke@suse.com + +- Add python-3.3.3-skip-distutils-test_sysconfig_module.patch: + + Disable global and distutils sysconfig comparison test, we deviate + from the default depending on optflags + +------------------------------------------------------------------- +Tue Nov 19 14:28:41 UTC 2013 - jmatejek@suse.com + +- update to 3.3.3 + * bugfix-only release + * many SSL-related fixes + * upstream fix for CVE-2013-4238 + * upstream fixes for CVE-2013-1752 +- move example module xxlimited to python3-testsuite +- drop CVE-2013-4238_py33.patch - it is upstreamed +- remove --with-wide-unicode config option, it is now the default + (and only) choice +- don't touch anything between make and makeinstall +- drop python-3.2b2-buildtime-generate.patch - the issue was caused + by touching things between make and makeinstall +- link pycache entries for import_failed hooks properly + +------------------------------------------------------------------- +Tue Oct 15 17:44:08 UTC 2013 - crrodriguez@opensuse.org + +- build with -DOPENSSL_LOAD_CONF for the same reasons + described in the python2 package. + +------------------------------------------------------------------- +Fri Aug 16 11:35:15 UTC 2013 - jmatejek@suse.com + +- handle NULL bytes in certain fields of SSL certificates + (CVE-2013-4238, bnc#834601) + +------------------------------------------------------------------- +Thu Aug 8 14:54:49 UTC 2013 - dvaleev@suse.com + +- Exclue test_faulthandler from tests on powerpc due to bnc#831629 + +------------------------------------------------------------------- +Thu Jun 13 15:05:34 UTC 2013 - jmatejek@suse.com + +- update to 3.3.2 + * bugfix-only release + * fixes several regressions introduced in 3.3.1 +- switch to xz compression +- move _lzma module to python3-base +- python-3.3.2-no-REUSEPORT.patch to fix build on kernels without SO_REUSEPORT + +------------------------------------------------------------------- +Mon Apr 29 22:32:43 UTC 2013 - schwab@suse.de + +- Readd missing bits from ctypes-libffi-aarch64.patch + +------------------------------------------------------------------- +Sat Apr 13 07:56:51 UTC 2013 - idonmez@suse.com + +- Update to version 3.3.1 + * Fix the –enable-profiling configure switch. + * In IDLE, close the replace dialog after it is used. +- Too many bugfixes to list here, + see See http://hg.python.org/cpython/file/v3.3.0/Misc/NEWS +- Refresh Python-3.3.0b2-multilib.patch +- Refresh python-3.2b2-buildtime-generate.patch +- Drop upstream patches: ctypes-libffi-aarch64.patch, + python-3.2.3rc2-pypirc-secure.patch, python-3.3.0-getdents64.patch + +------------------------------------------------------------------- +Mon Apr 8 11:25:30 UTC 2013 - speilicke@suse.com + +- Exclude sqlite/test and tk/test directories from the respective + sub-packages. These are owned by the testsuite sub-package already + +------------------------------------------------------------------- +Fri Apr 5 12:59:20 UTC 2013 - idonmez@suse.com + +- Add Source URL, see https://en.opensuse.org/title=SourceUrls + +------------------------------------------------------------------- +Wed Apr 3 15:36:04 UTC 2013 - jmatejek@suse.com + +- remove spurious modification of python-3.3.0b1-localpath.patch + that would force installation into /usr/local. + this fixes bnc#809831 + +------------------------------------------------------------------- +Thu Mar 28 18:38:51 UTC 2013 - jmatejek@suse.com + +- replace broken movetogetdents64.diff patch with a correct one + from upstream repo (python-3.3.0-getdents64.patch) + +------------------------------------------------------------------- +Fri Mar 1 07:42:21 UTC 2013 - dmueller@suse.com + +- add ctypes-libffi-aarch64.patch: + * import aarch64 support for libffi in _ctypes module +- add aarch64 to the list of lib64 based archs +- add movetogetdents64.diff: + * port to getdents64, as SYS_getdents is not implemented everywhere + +------------------------------------------------------------------- +Tue Feb 26 08:57:55 UTC 2013 - saschpe@suse.de + +- /etc/rpm/macros.python3 is no %config, it is not meant to be changed + by users. +- Add rpmlintrc with some obvious filters + +------------------------------------------------------------------- +Mon Jan 28 18:14:39 UTC 2013 - jmatejek@suse.com + +- update baselibs for new version of libpython3 + +------------------------------------------------------------------- +Thu Nov 29 17:02:37 UTC 2012 - jmatejek@suse.com + +- fix include path in macros (bnc#787526) +- implement failed import handlers for modules that live in + subpackages - e.g. "import ssl" will now throw a sensible error + message telling you to install "python3" + +------------------------------------------------------------------- +Wed Nov 28 17:02:07 UTC 2012 - jmatejek@suse.com + +- merge python3-xml into python3 +- merge python3-2to3 library into python3-base + and the 2to3 binary into python3-devel + (python3-devel is now in conflict with python-2to3, which + will be dropped) +- enable --with-system-expat for python3, making the xml modules + (and thus python3) depend on expat +- reconfigure tests to disable network and GUI resources, which + the upstream apparently thought is a good idea to enable by default. + this fixes build failures in Factory +- add lzma-devel to build the _lzma module +- moved %dynlib macro definition to common section + +------------------------------------------------------------------- +Mon Nov 5 20:01:46 UTC 2012 - coolo@suse.com + +- buildrequire timezone for the test suite + +------------------------------------------------------------------- +Mon Oct 29 18:21:45 UTC 2012 - dmueller@suse.com + +- disable more checks for qemu builds as they use syscalls not + implemented yet + +------------------------------------------------------------------- +Thu Oct 25 08:14:36 UTC 2012 - Rene.vanPaassen@gmail.com + +- exclude test_math for SLE 11; math library fails on negative + gamma function values close to integers and 0, probably + due to imprecision in -lm on SLE_11_SP2. + +------------------------------------------------------------------- +Tue Oct 16 12:15:34 UTC 2012 - coolo@suse.com + +- buildrequire libbz2-devel explicitly + +------------------------------------------------------------------- +Mon Oct 8 14:33:08 UTC 2012 - jmatejek@suse.com + +- remove distutils.cfg (bnc#658604) + * this changes default prefix for distutils to /usr + * see ML for details: +http://lists.opensuse.org/opensuse-packaging/2012-09/msg00254.html + +------------------------------------------------------------------- +Mon Oct 1 08:53:03 UTC 2012 - idonmez@suse.com + +- Update to final 3.3.0 release + * See http://hg.python.org/cpython/file/v3.3.0/Misc/NEWS + +------------------------------------------------------------------- +Thu Sep 27 12:35:01 UTC 2012 - idonmez@suse.com + +- Correct dependency for python3-testsuite, + python3-tkinter -> python3-tk + +------------------------------------------------------------------- +Thu Aug 23 13:08:11 UTC 2012 - jmatejek@suse.com + +- update to 3.3.0 RC1 + +------------------------------------------------------------------- +Fri Aug 3 12:09:34 UTC 2012 - jmatejek@suse.com + +- update to 3.3.0 beta 1 + * flexible string representation, no longer distinguishing + between wide and narrow Unicode builds + * importlib-based import system + * virtualenv support in core + * namespace packages + * explicit Unicode literals for easier porting + * key-sharing dict implementation reduces memory footprint + of OO code + * hash randomization on by default + * many other new bugfixes and features, check NEWS for details + +- pre_checkin.sh now autofills various version strings in specs +- ship hashlib's fallback modules - those uselessly take up space + when real _hashlib.so from python3 is present, but the space wasted + is only 114kB and it provides python3-base with a working hashlib + module. + (also, this fixes bnc#743787) + +------------------------------------------------------------------- +Fri Jul 27 09:02:41 UTC 2012 - dvaleev@suse.com + +- skip test_io on ppc +- drop test_io ppc patch + +------------------------------------------------------------------- +Thu Jun 28 07:57:58 UTC 2012 - saschpe@suse.de + +- Satisfy source_validator by uncommenting an otherwise unused "Patch" + line + +------------------------------------------------------------------- +Tue Jun 12 15:39:08 UTC 2012 - adrian@suse.de + +- fix logic of checks exclusion + +------------------------------------------------------------------- +Fri May 18 11:50:27 UTC 2012 - idonmez@suse.com + +- update to 3.2.3 + * No changes since rc2 + +------------------------------------------------------------------- +Thu Mar 29 15:44:33 UTC 2012 - jmatejek@suse.com + +- update to 3.2.3rc2 + * fixes several security issues: + * CVE-2012-0845, bnc#747125 + * CVE-2012-1150, bnc#751718 + * CVE-2011-4944, bnc#754447 + * CVE-2011-3389, bnc#754677 +- fix for insecure .pypirc (CVE-2011-4944, bnc#754447) +- disable test_gdb because it is broken by our gdb + +------------------------------------------------------------------- +Thu Feb 16 12:33:12 UTC 2012 - dvaleev@suse.com + +- skip broken test_io test on ppc + +------------------------------------------------------------------- +Wed Jan 18 15:49:47 UTC 2012 - jmatejek@suse.com + +- update to 3.2.2 + * bugfix-only release + * reports "linux2" as sys.platform regardless of Linux kernel +- added pre_checkin.sh to copy common spec sections to python3.spec +- added PACKAGING-NOTES with some helpful info for packagers + +------------------------------------------------------------------- +Sun Dec 25 13:25:01 UTC 2011 - idonmez@suse.com + +- Use system ffi, included one is broken see + http://bugs.python.org/issue11729 and + http://bugs.python.org/issue12081 + +------------------------------------------------------------------- +Fri Dec 9 17:19:55 UTC 2011 - jmatejek@suse.com + +- license.opensuse.org-compatible license headers + +------------------------------------------------------------------- +Fri Dec 2 16:46:44 UTC 2011 - coolo@suse.com + +- add automake as buildrequire to avoid implicit dependency + +------------------------------------------------------------------- +Thu Nov 24 12:42:25 UTC 2011 - agraf@suse.com + +- fix ARM build (exclude some test cases which break for us) + +------------------------------------------------------------------- +Tue Aug 16 17:02:22 UTC 2011 - termim@gmail.com + +- use sysconfig module to get py3_incdir, py3_abiflags, + py3_soflags, python3_sitelib and python3_sitearch + +------------------------------------------------------------------- +Mon Jul 18 16:22:31 UTC 2011 - jmatejek@novell.com + +- update to 3.2.1 + * bugfix-only release, no major changes +- fix build on linux3 platform +- remove upstreamed pybench patch +- install /usr/lib directories in all cases to prevent spurious + "directory not owned" in dependent packages + +------------------------------------------------------------------- +Wed Jun 15 14:16:38 UTC 2011 - jmatejek@novell.com + +- replaced dynamic so version with manual so version, because + autobuild does not support autogeneration + +------------------------------------------------------------------- +Tue May 24 13:39:06 UTC 2011 - jmatejek@novell.com + +- generate macros.python3 at compile-time with fixed values +- don't include bogus values in pyconfig.h, as they can break + third-party packages (bnc#673071) + +------------------------------------------------------------------- +Tue May 17 12:52:51 UTC 2011 - jmatejek@novell.com + +- added Obsoletes: python3 < 3.1 so that the transition from + non-split to split packages goes smoothly + +------------------------------------------------------------------- +Fri May 13 12:38:19 UTC 2011 - jmatejek@novell.com + +- fixed RPM macros to use python3 instead of python +- updated to build --with-wide-unicode (for compatibility with + fedora and our own python 2.x series) + +------------------------------------------------------------------- +Thu Apr 21 03:39:25 UTC 2011 - termim@gmail.com + +- fix python3-base build failure due to pybench.py crash by + python-3.2-pybench.patch +- move pyconfig.h from python3-devel to python3-base package to + make python3-base functional again + +------------------------------------------------------------------- +Wed Mar 23 04:26:28 UTC 2011 - termim@gmail.com + +- update to python 3.2 + * stable ABI, ABI-tagged .so files + * concurrent.futures and many other new or upgraded modules + * PYC repository directories ( __pycache__ ) + * python WSGI 1.0.1 + * Unicode 6.0.0 support + * a great number of bugfixes and assorted improvements + +------------------------------------------------------------------- +Tue Feb 8 19:42:17 CET 2011 - matejcik@suse.cz + +- update to python 3.2 RC2 +- renamed python3-demo to python3-tools, because the demo part + became much smaller than the tools part +- added rpm macros + +------------------------------------------------------------------- +Tue Jan 18 14:13:04 UTC 2011 - jmatejek@novell.com + +- update to python 3.2 beta 2, see NEWS for details +- split off -base package with less dependencies, and a shlib-policy + compliant libpython3 package +- mostly rewritten the spec file with more detailed comments +- cleaned up lists of patches + diff --git a/python311.spec b/python311.spec new file mode 100644 index 0000000..615dfd9 --- /dev/null +++ b/python311.spec @@ -0,0 +1,1061 @@ +# +# spec file for package python311 +# +# Copyright (c) 2025 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%global flavor @BUILD_FLAVOR@%{nil} +%if "%{flavor}" == "doc" +%define psuffix -documentation +%bcond_without doc +%bcond_with base +%bcond_with general +%endif +%if "%{flavor}" == "base" +%define psuffix -core +%bcond_with doc +%bcond_without base +%bcond_with general +%endif +%if "%{flavor}" == "" +%define psuffix %{nil} +%bcond_with doc +%bcond_with base +%bcond_without general +%endif + +%if 0%{?do_profiling} && !0%{?want_reproducible_builds} +%bcond_without profileopt +%else +%bcond_with profileopt +%endif + +# Only for Tumbleweed +# https://en.opensuse.org/openSUSE:Python:Externally_managed +%if 0%{?suse_version} > 1600 +%bcond_without externally_managed +%else +%bcond_with externally_managed +%endif + +%define python_pkg_name python311 +%if "%{python_pkg_name}" == "%{primary_python}" +%define primary_interpreter 1 +%else +%define primary_interpreter 0 +%endif + +# Setting up variables +%define _version %(c=%{version}; echo ${c/[a-z]*/}) +%define tar_suffix %(c=%{_version}; echo ${c#%{_version}}) +%define python_version %(echo %{_version}|cut -d. -f1-2) +# based on the current source tarball +%define python_version_abitag %(c=%{python_version}; echo ${c//./}) +# FIXME %%define python_version_soname %%(c=%%{python_version}; echo ${c//./_}) +%define python_version_soname 3_11 +%if 0%(test -n "%{tar_suffix}" && echo 1) +%define _version %(echo "%{_version}~%{tar_suffix}") +%define tarversion %{version} +%else +%define tarversion %{version} +%endif +# We don't process beta signs well +%define folderversion %{tarversion} +%define tarname Python-%{tarversion} +%define sitedir %{_libdir}/python%{python_version} +# three possible ABI kinds: m - pymalloc, d - debug build; see PEP 3149 +%define abi_kind %{nil} +# python ABI version - used in some file names +%define python_abi %{python_version}%{abi_kind} +# soname ABI tag defined in PEP 3149 +%define abi_tag %{python_version_abitag}%{abi_kind} +# version part of "libpython" package +%define so_major 1 +%define so_minor 0 +%define so_version %{python_version_soname}%{abi_kind}-%{so_major}_%{so_minor} +# rpm and python have different ideas about what is an arch-dependent name, so: +%if "%{__isa_name}" == "ppc" +%define archname %(echo %{_arch} | sed s/ppc/powerpc/) +%else +%define archname %{_arch} +%endif +# our arm has Hardware-Floatingpoint +%if "%{_arch}" == "arm" +%define armsuffix hf +%endif +# Decide whether we want to use mpdecimal +%if 0%{?suse_version} >= 1550 +%bcond_without mpdecimal +%else +%bcond_with mpdecimal +%endif +# pyexpat.cpython-35m-x86_64-linux-gnu +# pyexpat.cpython-35m-powerpc64le-linux-gnu +# pyexpat.cpython-35m-armv7-linux-gnueabihf +# _md5.cpython-38m-x86_64-linux-gnu.so +%define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so +Name: %{python_pkg_name}%{psuffix} +Version: 3.11.12 +Release: 0 +Summary: Python 3 Interpreter +License: Python-2.0 +URL: https://www.python.org/ +Source0: https://www.python.org/ftp/python/%{folderversion}/%{tarname}.tar.xz +Source1: https://www.python.org/ftp/python/%{folderversion}/%{tarname}.tar.xz.sigstore +Source2: baselibs.conf +Source3: README.SUSE +Source4: externally_managed.in +Source7: macros.python3 +Source8: import_failed.py +Source9: import_failed.map +Source10: pre_checkin.sh +Source11: skipped_tests.py +Source19: idle3.desktop +Source20: idle3.appdata.xml +# content of bluez-devel: +# 1. sudo zypper --pkg-cache-dir /tmp install -f -d --no-recommends bluez-devel +# 2. rpm2cpio /tmp/*/*/bluez-devel-*.rpm|cpio -idu +# 3. mkdir Vendor && mv usr/include/* Vendor/ +# 4. tar cJf bluez-devel-vendor.tar.xz Vendor/ +Source21: bluez-devel-vendor.tar.xz +Source98: python311-rpmlintrc +# Tarball is signed by the GPG key of Pablo Galindo Salgado (0x64E628F8D684696D) +# https://keybase.io/pablogsal/pgp_keys.asc?fingerprint=a035c8c19219ba821ecea86b64e628f8d684696d +Source99: python.keyring +# The following files are not used in the build. +# They are listed here to work around missing functionality in rpmbuild, +# which would otherwise exclude them from distributed src.rpm files. +Source100: PACKAGING-NOTES +# PATCH-FEATURE-UPSTREAM F00251-change-user-install-location.patch bsc#[0-9]+ mcepl@suse.com +# Fix installation in /usr/local (boo#1071941), originally from Fedora +# https://src.fedoraproject.org/rpms/python3.12/blob/rawhide/f/00251-change-user-install-location.patch +# Set values of prefix and exec_prefix in distutils install command +# to /usr/local if executable is /usr/bin/python* and RPM build +# is not detected to make pip and distutils install into separate location +Patch02: F00251-change-user-install-location.patch +# PATCH-FEATURE-UPSTREAM distutils-reproducible-compile.patch gh#python/cpython#8057 mcepl@suse.com +# Improve reproduceability +Patch03: distutils-reproducible-compile.patch +# support finding packages in /usr/local, install to /usr/local by default +Patch04: python-3.3.0b1-localpath.patch +# replace DATE, TIME and COMPILER by fixed definitions to aid reproducible builds +Patch05: python-3.3.0b1-fix_date_time_compiler.patch +# Raise timeout value for test_subprocess +Patch07: subprocess-raise-timeout.patch +# PATCH-FEATURE-UPSTREAM bpo-31046_ensurepip_honours_prefix.patch bpo#31046 mcepl@suse.com +# ensurepip should honour the value of $(prefix) +Patch08: bpo-31046_ensurepip_honours_prefix.patch +# PATCH-FIX-SLE no-skipif-doctests.patch jsc#SLE-13738 mcepl@suse.com +# SLE-15 version of Sphinx doesn't know about skipif directive in doctests. +Patch09: no-skipif-doctests.patch +# PATCH-FIX-SLE skip-test_pyobject_freed_is_freed.patch mcepl@suse.com +# skip a test failing on SLE-15 +Patch10: skip-test_pyobject_freed_is_freed.patch +# PATCH-FIX-SLE fix_configure_rst.patch bpo#43774 mcepl@suse.com +# remove duplicate link targets and make documentation with old Sphinx in SLE +Patch11: fix_configure_rst.patch +# PATCH-FIX-UPSTREAM skip_if_buildbot-extend.patch gh#python/cpython#103053 mcepl@suse.com +# Skip test_freeze_simple_script +Patch13: skip_if_buildbot-extend.patch +# PATCH-FIX-UPSTREAM bsc1221260-test_asyncio-ResourceWarning.patch bsc#1221260 mcepl@suse.com +# prevent ResourceWarning in test_asyncio tests +Patch15: bsc1221260-test_asyncio-ResourceWarning.patch +# PATCH-FIX-OPENSUSE CVE-2023-52425-libexpat-2.6.0-backport.patch +# This problem on libexpat is patched on SLE without version +# update, this patch changes the tests to match the libexpat provided +# by SUSE +Patch16: CVE-2023-52425-libexpat-2.6.0-backport.patch +Patch17: CVE-2023-52425-remove-reparse_deferral-tests.patch +# PATCH-FIX-UPSTREAM bso1227999-reproducible-builds.patch bsc#1227999 mcepl@suse.com +# reproducibility patches +Patch19: bso1227999-reproducible-builds.patch +# PATCH-FIX-UPSTREAM gh120226-fix-sendfile-test-kernel-610.patch gh#python/cpython#120226 mcepl@suse.com +# Fix test_sendfile_close_peer_in_the_middle_of_receiving on Linux >= 6.10 (GH-120227) +Patch22: gh120226-fix-sendfile-test-kernel-610.patch +# PATCH-FIX-UPSTREAM Add platform triplets for 64-bit LoongArch gh#python/cpython#30939 glaubitz@suse.com +Patch24: add-loongarch64-support.patch +# PATCH-FIX-UPSTREAM gh-126572-test_ssl-no-stop-ThreadedEchoServer-OSError.patch bsc#1241067 mcepl@suse.com +# don't stop ThreadedEchoServer on OSError, makes test_ssl fail with OpenSSL 3.5 +Patch25: gh-126572-test_ssl-no-stop-ThreadedEchoServer-OSError.patch +BuildRequires: autoconf-archive +BuildRequires: automake +BuildRequires: crypto-policies-scripts +BuildRequires: fdupes +BuildRequires: gmp-devel +BuildRequires: lzma-devel +BuildRequires: netcfg +BuildRequires: openssl-devel +BuildRequires: pkgconfig +BuildRequires: xz +BuildRequires: pkgconfig(bzip2) +BuildRequires: pkgconfig(expat) +BuildRequires: pkgconfig(libffi) +BuildRequires: pkgconfig(uuid) +BuildRequires: pkgconfig(zlib) +#!BuildIgnore: gdk-pixbuf-loader-rsvg +%if 0%{?suse_version} >= 1550 +# The provider for python(abi) is in rpm-build-python +BuildRequires: rpm-build-python +%endif +%if 0%{?suse_version} >= 1500 && 0%{?suse_version} < 1599 +BuildRequires: pkgconfig(libnsl) +BuildRequires: pkgconfig(libtirpc) +%endif +%if %{with mpdecimal} +BuildRequires: mpdecimal-devel +%endif +%if %{with doc} +BuildRequires: python3-Sphinx >= 4.0.0 +%if 0%{?suse_version} >= 1500 +BuildRequires: python3-python-docs-theme >= 2022.1 +%endif +%endif +%if %{with general} +# required for idle3 (.desktop and .appdata.xml files) +BuildRequires: appstream-glib +BuildRequires: gcc-c++ +BuildRequires: gdbm-devel +BuildRequires: gettext +BuildRequires: readline-devel +BuildRequires: sqlite-devel +BuildRequires: timezone +BuildRequires: pkgconfig(ncurses) +BuildRequires: pkgconfig(tk) +BuildRequires: pkgconfig(x11) +Requires: %{python_pkg_name}-base = %{version} +Provides: %{python_pkg_name}-readline +Provides: %{python_pkg_name}-sqlite3 +Recommends: %{python_pkg_name}-curses +Recommends: %{python_pkg_name}-dbm +Recommends: %{python_pkg_name}-pip +%if %{primary_interpreter} +Provides: python3 = %{python_version} +Provides: python3-readline +Provides: python3-sqlite3 +%endif +%endif +%{?suse_build_hwcaps_libs} + +%description +Python 3 is modern interpreted, object-oriented programming language, +often compared to Tcl, Perl, Scheme, or Java. You can find an overview +of Python in the documentation and tutorials included in the python3-doc +package. + +This package supplies rich command line features provided by readline, +and sqlite3 support for the interpreter core, thus forming a so called +"extended" runtime. +Installing "python3" is sufficient for the vast majority of usecases. +In addition, recommended packages provide UI toolkit support (python3-curses, +python3-tk), legacy UNIX database bindings (python3-dbm), and the IDLE +development environment (python3-idle). + +%package -n %{python_pkg_name}-tk +Summary: TkInter, a Python Tk Interface +Requires: %{python_pkg_name} = %{version} +%if %{primary_interpreter} +Provides: python3-tk = %{version} +%endif + +%description -n %{python_pkg_name}-tk +Python interface to Tk. Tk is the GUI toolkit that comes with Tcl. + +%package -n %{python_pkg_name}-curses +Summary: Python Interface to the (N)Curses Library +Requires: %{python_pkg_name} = %{version} +%if %{primary_interpreter} +Provides: python3-curses +%endif + +%description -n %{python_pkg_name}-curses +An easy to use interface to the (n)curses CUI library. CUI stands for +Console User Interface. + +%package -n %{python_pkg_name}-dbm +Summary: Python Interface to the GDBM Library +Requires: %{python_pkg_name} = %{version} +%if %{primary_interpreter} +Provides: python3-dbm +%endif + +%description -n %{python_pkg_name}-dbm +An easy to use interface for Unix DBM databases, and more specifically, +the GNU implementation GDBM. + +%package -n %{python_pkg_name}-idle +Summary: An Integrated Development Environment for Python +Requires: %{python_pkg_name} = %{version} +Requires: %{python_pkg_name}-tk +%if %{primary_interpreter} +Provides: python3-idle = %{version} +%endif + +%description -n %{python_pkg_name}-idle +IDLE is a Tkinter based integrated development environment for Python. +It features a multi-window text editor with multiple undo, Python +colorizing, and many other things, as well as a Python shell window and +a debugger. + +%package -n %{python_pkg_name}-doc +Summary: Package Documentation for Python 3 +Enhances: %{python_pkg_name} = %{python_version} +%if %{primary_interpreter} +Provides: python3-doc = %{version} +%endif + +%description -n %{python_pkg_name}-doc +Tutorial, Global Module Index, Language Reference, Library Reference, +Extending and Embedding Reference, Python/C API Reference, Documenting +Python, and Macintosh Module Reference in HTML format. + +%package -n %{python_pkg_name}-doc-devhelp +Summary: Additional Package Documentation for Python 3 in devhelp format +%if %{primary_interpreter} +Provides: python3-doc-devhelp = %{version} +%endif + +%description -n %{python_pkg_name}-doc-devhelp +Tutorial, Global Module Index, Language Reference, Library Reference, +Extending and Embedding Reference, Python/C API Reference, Documenting +Python, and Macintosh Module Reference in format for devhelp. + +%package -n %{python_pkg_name}-base +Summary: Python 3 Interpreter and Stdlib Core +Requires: libpython%{so_version} = %{version} +Recommends: %{python_pkg_name} = %{version} +#Recommends: python3-ensurepip +# python 3.1 didn't have a separate python-base, so it is wrongly +# not a conflict to have python3-3.1 and python3-base > 3.1 +Obsoletes: python3 < 3.2 +# no Provides, because python3 is obviously provided by package python3 +# python 3.4 provides asyncio +Provides: %{python_pkg_name}-asyncio = %{version} +# python 3.6 provides typing +Provides: %{python_pkg_name}-typing = %{version} +# python3-xml was merged into python3, now moved into -base +Provides: %{python_pkg_name}-xml = %{version} +%if %{primary_interpreter} +Provides: python3-asyncio = %{version} +Obsoletes: python3-asyncio < %{version} +Provides: python3-base = %{version} +Obsoletes: python3-base < %{version} +Provides: python3-typing = %{version} +Obsoletes: python3-typing < %{version} +Provides: python3-xml = %{version} +Obsoletes: python3-xml < %{version} +%endif + +%description -n %{python_pkg_name}-base +Python is an interpreted, object-oriented programming language, and is +often compared to Tcl, Perl, Scheme, or Java. You can find an overview +of Python in the documentation and tutorials included in the python-doc +package. + +This package contains the interpreter core and most commonly used modules +from the standard library. This is sufficient for many usecases, but it +excludes components that depend on external libraries, most notably XML, +database and UI toolkits support. + +%package -n %{python_pkg_name}-tools +Summary: Python Utility and Demonstration Scripts +Requires: %{python_pkg_name}-base = %{version} +Provides: %{python_pkg_name}-2to3 = %{version} +Provides: %{python_pkg_name}-demo = %{version} +%if %{primary_interpreter} +Provides: python3-2to3 = %{version} +Provides: python3-demo = %{version} +Provides: python3-tools = %{version} +Obsoletes: python3-2to3 < %{version} +Obsoletes: python3-demo < %{version} +%endif + +%description -n %{python_pkg_name}-tools +A number of scripts that are useful for building, testing or extending Python, +and a set of demonstration programs. + +%package -n %{python_pkg_name}-devel +Summary: Include Files and Libraries Mandatory for Building Python Modules +Requires: %{python_pkg_name}-base = %{version} +%if %{primary_interpreter} +Provides: python3-devel = %{version} +%endif + +%description -n %{python_pkg_name}-devel +The Python programming language's interpreter can be extended with +dynamically loaded extensions and can be embedded in other programs. + +This package contains header files, a static library, and development +tools for building Python modules, extending the Python interpreter or +embedding Python in applications. + +This also includes the Python distutils, which were in the Python +package up to version 2.2.2. + +%package -n %{python_pkg_name}-testsuite +Summary: Unit tests for Python and its standard library +Requires: %{python_pkg_name} = %{version} +Requires: %{python_pkg_name}-tk = %{version} +%if %{primary_interpreter} +Provides: python3-testsuite = %{version} +%endif + +%description -n %{python_pkg_name}-testsuite +Unit tests that are useful for verifying integrity and functionality +of the installed Python interpreter and standard library. +They are a documented part of stdlib, as a module 'test'. + +%package -n libpython%{so_version} +Summary: Python Interpreter shared library +Requires: %{python_pkg_name}-base >= %{version} + +%description -n libpython%{so_version} +Python is an interpreted, object-oriented programming language, and is +often compared to Tcl, Perl, Scheme, or Java. You can find an overview +of Python in the documentation and tutorials included in the python-doc +(HTML) or python-doc-pdf (PDF) packages. + +This package contains libpython3.2 shared library for embedding in +other applications. + +%prep +%setup -q -n %{tarname} + +%patch -p1 -P 02 +%patch -p1 -P 03 +%patch -p1 -P 04 +%patch -p1 -P 05 +%patch -p1 -P 07 +%patch -p1 -P 08 + +%if 0%{?suse_version} <= 1500 +%patch -P 09 -p1 +%endif + +%patch -p1 -P 10 +%patch -p1 -P 11 +%patch -p1 -P 13 +%patch -p1 -P 15 +%patch -p1 -P 16 +%patch -p1 -P 17 +%patch -p1 -P 19 +%patch -p1 -P 22 +%patch -p1 -P 24 +%patch -p1 -P 25 + +# drop Autoconf version requirement +sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac + +%if %{primary_interpreter} +# fix shebangs - convert /usr/local/bin/python and /usr/bin/env/python to /usr/bin/python3 +for dir in Lib Tools; do + # find *.py, filter to files that contain bad shebangs + # break up "/""usr" like this to prevent replacing with %%{_prefix} + find $dir -name '*.py' -type f -print0 \ + | xargs -0 grep -lE '^#! *(/''usr/.*bin/(env +)?)?python' \ + | xargs sed -r -i -e '1s@^#![[:space:]]*(/''usr/(local/)?bin/(env +)?)?python([0-9]+(\.[0-9]+)?)?@#!%{_bindir}/python3@' +done +%else +# For non-primary Python, just don't bother (bsc#1193179) and remove all +# those shebangs +for dir in Lib Tools; do + find $dir -name '*.py' -type f -exec sed -i '1{/^#!.*python/ d}' '{}' \; +done +# We shortened the file Lib/pdb.py so we have to move the test breakpoint location +sed -i -e '/Breakpoint 3 at ...pdb.py:97/s/97/96/' Lib/test/test_pdb.py +%endif + +# drop in-tree libffi and expat +rm -r Modules/_ctypes/libffi* Modules/_ctypes/darwin +# Cannot remove it because of gh#python/cpython#92875 +# rm -r Modules/expat + +# drop duplicate README from site-packages +rm Lib/site-packages/README.txt + +# Add vendored bluez-devel files +tar xvf %{SOURCE21} + +# Don't fail on warnings when building documentation +sed -i -e '/^SPHINXERRORHANDLING/s/-W//' Doc/Makefile + +%build +%if %{with doc} +TODAY_DATE=`date -r %{SOURCE0} "+%%B %%d, %%Y"` +# TODO use not date of tarball but date of latest patch + +cd Doc +sed -i "s/^today = .*/today = '$TODAY_DATE'/" conf.py +%make_build -j1 html + +# Build also devhelp files +sphinx-build -a -b devhelp . build/devhelp +rm -rfv build/devhelp/.doctrees +%else +%define _lto_cflags %{nil} +# use rpm_opt_flags +export OPT="%{optflags} -DOPENSSL_LOAD_CONF -fwrapv $(pkg-config --cflags-only-I libffi) -fno-semantic-interposition" + +touch -r %{SOURCE0} Makefile.pre.in + +autoreconf -fvi + +%if 0%{?sles_version} +sed -e 's/-fprofile-correction//' -i Makefile.pre.in +%endif + +export CFLAGS="%{optflags} -IVendor/" + +%configure \ + --with-platlibdir=%{_lib} \ + --docdir=%{_docdir}/python \ + --enable-ipv6 \ + --enable-shared \ + --with-ensurepip=no \ + --with-system-ffi \ + --with-system-expat \ + --with-lto \ +%if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150400 + --with-ssl-default-suites=openssl \ +%endif +%if %{with profileopt} + --enable-optimizations \ +%endif +%if %{with mpdecimal} + --with-system-libmpdec \ +%endif + --enable-loadable-sqlite-extensions + +# prevent make from trying to rebuild PYTHON_FOR_GEN stuff +# %%make_build -t Python/Python-ast.c \ + # Include/Python-ast.h \ + # Objects/typeslots.inc \ + # Python/opcode_targets.h \ + # Include/opcode.h +%make_build + +%if %{with general} +%make_build +%endif +%if %{with base} +%if %{with profileopt} + target=profile-opt +%else + target=all +%endif +LD_LIBRARY_PATH=.:$LD_LIBRARY_PATH \ + %make_build $target +%endif +%endif + +%check +export SUSE_VERSION="0%{?suse_version}" +export SLE_VERSION="0%{?sle_version}" +%if %{with general} +# exclude test_gdb -- it doesn't run in buildservice anyway, and fails on missing debuginfos +# when you install gdb into your test env +EXCLUDE="test_gdb" +# we patch out the message to recommend zypper in and thus this would fail +EXCLUDE="$EXCLUDE test_pydoc" + +%ifarch %{arm} s390x +# test_multiprocessing_forkserver is racy +EXCLUDE="$EXCLUDE test_multiprocessing_forkserver" +%endif +%ifarch ppc ppc64 ppc64le +# exclue test_faulthandler due to bnc#831629 +EXCLUDE="$EXCLUDE test_faulthandler" +%endif +# some tests break in QEMU +%if 0%{?qemu_user_space_build} +EXCLUDE="$EXCLUDE test_faulthandler test_multiprocessing_forkserver test_multiprocessing_spawn test_os test_posix test_signal test_socket test_subprocess" +%endif + +# This test (part of test_uuid) requires real network interfaces +# so that ifconfig output has "HWaddr ". Some kvm instances +# done have any such interface breaking the uuid module. +EXCLUDE="$EXCLUDE test_uuid" + +# bsc#1195140 and bpo#37169 - test_capi is failing on openSUSE, and not sure why +EXCLUDE="$EXCLUDE test_capi" + +# Limit virtual memory to avoid spurious failures +if test $(ulimit -v) = unlimited || test $(ulimit -v) -gt 10000000; then + ulimit -v 11000000 || : +fi + +# test_freeze_simple_script in test.test_tools.test_freeze.TestFreeze +# uses CONFIG_ARGS to run ./configure. +export CONFIG_ARGS="--enable-ipv6 --enable-shared --with-ensurepip=no \ + --with-system-ffi --with-system-expat --with-lto --enable-optimizations \ + --with-system-libmpdec --enable-loadable-sqlite-extensions" + +export PYTHONPATH="$(pwd -P)/Lib" +# Use timeout, like make target buildbottest +# We cannot run tests parallel, because osc build environment doesn’t +# have /dev/shm +%make_build -j1 test TESTOPTS="-u curses -v -x $EXCLUDE --timeout=5400" +# use network, be verbose: +#make test TESTOPTS="-l -u network -v" +%endif + +%install +%if %{with doc} +export PDOCS=%{buildroot}%{_docdir}/python%{python_version} +mkdir -p $PDOCS +# generated docs +rm Doc/build/*/.buildinfo +cp -r Doc/build/html $PDOCS +# misc +install -d -m 755 $PDOCS/Misc +rm Misc/README.AIX +for i in Misc/* ; do + [ -f $i ] && install -c -m 644 $i $PDOCS/Misc/ +done +# devhelp +mkdir -p %{buildroot}%{_datadir}/gtk-doc/html +cp -r Doc/build/devhelp %{buildroot}%{_datadir}/gtk-doc/html/Python%{python_version} +rm -rf %{buildroot}%{_datadir}/gtk-doc/html/Python%{python_version}/.doctrees +%endif +%if %{with general} +%make_install + +# clean out stuff that is in python-base and subpackages + +find %{buildroot}%{_bindir} -mindepth 1 -not -name "*idle3*" -print -delete +rm %{buildroot}%{_libdir}/lib* +rm -r %{buildroot}%{_libdir}/pkgconfig +rm -r %{buildroot}%{_mandir}/* +rm -r %{buildroot}%{_includedir}/* + +rm -r %{buildroot}%{sitedir}/config* +find %{buildroot}%{sitedir} -name "*.egg-info" -delete +rm -r %{buildroot}%{sitedir}/__pycache__ +rm -r %{buildroot}%{sitedir}/site-packages +rm %{buildroot}%{sitedir}/*.* + +for module in \ + asyncio ctypes collections concurrent distutils email encodings \ + ensurepip html http re \ + importlib json logging multiprocessing pydoc_data unittest \ + urllib venv wsgiref lib2to3 test tomllib turtledemo \ + xml xmlrpc zoneinfo __phello__ +do + rm -r %{buildroot}%{sitedir}/$module +done + +for library in \ + array _asyncio audioop binascii _bisect _bz2 cmath _codecs_* \ + _contextvars _crypt _csv _ctypes _datetime _decimal fcntl grp \ + _hashlib _heapq _json _lsprof _lzma math mmap _multibytecodec \ + _multiprocessing _opcode ossaudiodev _pickle _posixshmem \ + _posixsubprocess _queue _random resource select _ssl _socket spwd \ + _statistics _struct syslog termios _testbuffer _testimportmultiple \ + _testmultiphase unicodedata zlib _ctypes_test _testinternalcapi _testcapi \ + _typing _testclinic xxlimited xxlimited_35 \ + _xxtestfuzz _xxsubinterpreters _elementtree pyexpat _md5 _sha1 \ + _sha256 _sha512 _blake2 _sha3 _uuid _zoneinfo +do + eval rm "%{buildroot}%{sitedir}/lib-dynload/$library.*" +done + +# Idle is not packaged in base due to the appstream-glib dependency +# move idle config into /etc +install -d -m 755 %{buildroot}%{_sysconfdir}/idle%{python_version} +( + cd %{buildroot}/%{sitedir}/idlelib/ + for file in *.def ; do + mv $file %{buildroot}%{_sysconfdir}/idle%{python_version}/ + ln -sf %{_sysconfdir}/idle%{python_version}/$file %{buildroot}/%{sitedir}/idlelib/ + done +) + +# keep just idle3.X +rm %{buildroot}%{_bindir}/idle3 + +# install idle icons +for size in 16 32 48 ; do + install -m 644 -D Lib/idlelib/Icons/idle_${size}.png \ + %{buildroot}%{_datadir}/icons/hicolor/${size}x${size}/apps/idle%{python_version}.png +done + +# install idle desktop file +cp %{SOURCE19} idle%{python_version}.desktop +sed -i -e 's:idle3:idle%{python_version}:g' idle%{python_version}.desktop +install -m 644 -D -t %{buildroot}%{_datadir}/applications idle%{python_version}.desktop + +cp %{SOURCE20} idle%{python_version}.appdata.xml +sed -i -e 's:idle3.desktop:idle%{python_version}.desktop:g' idle%{python_version}.appdata.xml +install -m 644 -D -t %{buildroot}%{_datadir}/metainfo idle%{python_version}.appdata.xml +appstream-util validate-relax --nonet %{buildroot}%{_datadir}/metainfo/idle%{python_version}.appdata.xml + +%fdupes %{buildroot}/%{_libdir}/python%{python_version} +%endif +%if %{with base} +%make_install + +# remove .a +find %{buildroot} -name "*.a" -delete + +# install "site-packages" and __pycache__ for third parties +install -d -m 755 %{buildroot}%{sitedir}/site-packages +install -d -m 755 %{buildroot}%{sitedir}/site-packages/__pycache__ +# and their 32bit counterparts explicitly +mkdir -p %{buildroot}%{_prefix}/lib/python%{python_version}/site-packages/__pycache__ + +# cleanup parts that don't belong +for dir in curses dbm sqlite3 tkinter idlelib; do + find "%{buildroot}/%{sitedir}/$dir"/* -maxdepth 0 -name "test" -o -exec rm -rf {} + +done +rm -fv %{buildroot}%{dynlib nis} + +# overwrite the copied binary with a link +ln -sf python%{python_version} %{buildroot}%{_bindir}/python3 + +# decide to ship python3 or just python3.X +%if !%{primary_interpreter} +# base +rm %{buildroot}%{_bindir}/python3 +rm %{buildroot}%{_bindir}/pydoc3 +rm %{buildroot}%{_mandir}/man1/python3.1 +# devel +rm %{buildroot}%{_bindir}/python3-config +rm %{buildroot}%{_libdir}/libpython3.so +rm %{buildroot}%{_libdir}/pkgconfig/{python3,python3-embed}.pc +%endif + +%if %{with externally_managed} +# PEP-0668 mark this as a distro maintained python +sed -e 's,__PYTHONPREFIX__,%{python_pkg_name},' -e 's,__PYTHON__,python%{python_version},' < %{SOURCE4} > %{buildroot}%{sitedir}/EXTERNALLY-MANAGED +%endif + +# link shared library instead of static library that tools expect +ln -s ../../libpython%{python_abi}.so %{buildroot}%{_libdir}/python%{python_version}/config-%{python_abi}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}/libpython%{python_abi}.so + +# delete idle3, which has to many packaging dependencies for base +rm %{buildroot}%{_bindir}/idle3* + +# delete the generic 2to3 binary if we are not primary +%if !%{primary_interpreter} +rm %{buildroot}%{_bindir}/2to3 +%endif + +# replace duplicate .pyo/.pyc with hardlinks +%fdupes %{buildroot}/%{sitedir} + +# documentation +export PDOCS=%{buildroot}%{_docdir}/%{name} +install -d -m 755 $PDOCS +install -c -m 644 %{SOURCE3} $PDOCS/ +install -c -m 644 README.rst $PDOCS/ + +# tools +for x in `find Tools/ \( -not -name Makefile \) -print | sort` ; do + test -d $x && ( install -c -m 755 -d $PDOCS/$x ) \ + || ( install -c -m 644 $x $PDOCS/$x ) +done +# gdb script is shipped with devel subpackage +rm -r $PDOCS/Tools/gdb +# clean up the bat files +find "$PDOCS" -name "*.bat" -delete + +# put gdb helper script into place +install -m 755 -D Tools/gdb/libpython.py %{buildroot}%{_datadir}/gdb/auto-load/%{_libdir}/libpython%{python_abi}.so.%{so_major}.%{so_minor}-gdb.py + +# install devel files to /config +#cp Makefile Makefile.pre.in Makefile.pre $RPM_BUILD_ROOT%%{sitedir}/config-%%{python_abi}/ + +# Remove -IVendor/ from python-config boo#1231795 +sed -i 's/-IVendor\///' %{buildroot}%{_bindir}/python%{python_abi}-config + +# RPM macros +%if %{primary_interpreter} +mkdir -p %{buildroot}%{_rpmconfigdir}/macros.d/ +install -m 644 %{SOURCE7} %{buildroot}%{_rpmconfigdir}/macros.d/ # macros.python3 +%endif + +# import_failed hooks +FAILDIR=%{buildroot}/%{sitedir}/_import_failed +mkdir $FAILDIR +install -m 644 %{SOURCE8} %{SOURCE9} $FAILDIR # import_failed.* +LD_LIBRARY_PATH=. ./python -c "from py_compile import compile; compile('$FAILDIR/import_failed.py', dfile='%{sitedir}/_import_failed/import_failed.py')" +LD_LIBRARY_PATH=. ./python -O -c "from py_compile import compile; compile('$FAILDIR/import_failed.py', dfile='%{sitedir}/_import_failed/import_failed.py')" +( + cd $FAILDIR + while read package modules; do + for module in $modules; do + ln import_failed.py $module.py + pushd __pycache__ + for i in import_failed*; do + ln $i "$module${i#import_failed}" + done + popd + done + done < %{SOURCE9} +) +echo %{sitedir}/_import_failed > %{buildroot}/%{sitedir}/site-packages/zzzz-import-failed-hooks.pth +%endif + +# For the purposes of reproducibility, it is necessary to eliminate any *.pyc files inside documentation dirs +if [ -d %{buildroot}%{_defaultdocdir} ] ; then +find %{buildroot}%{_defaultdocdir} -type f -name \*.pyc -ls -exec rm -vf '{}' \; +fi + +%if %{with general} +%files -n %{python_pkg_name}-tk +%{sitedir}/tkinter +%exclude %{sitedir}/tkinter/test +%{dynlib _tkinter} + +%files -n %{python_pkg_name}-curses +%{sitedir}/curses +%{dynlib _curses} +%{dynlib _curses_panel} + +%files -n %{python_pkg_name}-dbm +%{sitedir}/dbm +%{dynlib _dbm} +%{dynlib _gdbm} + +%files -n %{python_pkg_name} +%dir %{sitedir} +%dir %{sitedir}/lib-dynload +%{sitedir}/sqlite3 +%exclude %{sitedir}/sqlite3/test +%{dynlib readline} +%{dynlib _sqlite3} +%if 0%{?suse_version} < 1599 +%{dynlib nis} +%endif + +%files -n %{python_pkg_name}-idle +%{sitedir}/idlelib +%dir %{_sysconfdir}/idle%{python_version} +%config %{_sysconfdir}/idle%{python_version}/* +%doc Lib/idlelib/README.txt +%doc Lib/idlelib/TODO.txt +%doc Lib/idlelib/extend.txt +%doc Lib/idlelib/ChangeLog +%{_bindir}/idle%{python_version} +%{_datadir}/applications/idle%{python_version}.desktop +%{_datadir}/metainfo/idle%{python_version}.appdata.xml +%{_datadir}/icons/hicolor/*/apps/idle%{python_version}.png +%dir %{_datadir}/icons/hicolor +%dir %{_datadir}/icons/hicolor/16x16 +%dir %{_datadir}/icons/hicolor/32x32 +%dir %{_datadir}/icons/hicolor/48x48 +%dir %{_datadir}/icons/hicolor/*/apps +# endif for if general +%endif + +%if %{with doc} +%files -n %{python_pkg_name}-doc +%dir %{_docdir}/python%{python_version} +%doc %{_docdir}/python%{python_version}/Misc +%doc %{_docdir}/python%{python_version}/html + +%files -n %{python_pkg_name}-doc-devhelp +%dir %{_datadir}/gtk-doc +%dir %{_datadir}/gtk-doc/html +%doc %{_datadir}/gtk-doc/html/Python%{python_version} +%endif + +%if %{with base} +%post -n libpython%{so_version} -p /sbin/ldconfig +%postun -n libpython%{so_version} -p /sbin/ldconfig + +%files -n libpython%{so_version} +%{_libdir}/libpython%{python_abi}.so.%{so_major}.%{so_minor} + +%files -n %{python_pkg_name}-tools +%{sitedir}/turtledemo +%if %{primary_interpreter} +%{_bindir}/2to3 +%endif +%attr(755, root, root)%{_bindir}/2to3-%{python_version} +%doc %{_docdir}/%{name}/Tools + +%files -n %{python_pkg_name}-devel +%{_libdir}/libpython%{python_abi}.so +%if %{primary_interpreter} +%{_libdir}/libpython3.so +%endif +%{_libdir}/pkgconfig/* +%{_includedir}/python%{python_abi} +%{sitedir}/config-%{python_abi}-* +%{_bindir}/python%{python_abi}-config +%if %{primary_interpreter} +%{_bindir}/python3-config +%endif +# Own these directories to not depend on gdb +%dir %{_datadir}/gdb +%dir %{_datadir}/gdb/auto-load +%dir %{_datadir}/gdb/auto-load%{_prefix} +%dir %{_datadir}/gdb/auto-load%{_libdir} +%{_datadir}/gdb/auto-load/%{_libdir}/libpython%{python_abi}.so.%{so_major}.%{so_minor}-gdb.py + +%files -n %{python_pkg_name}-testsuite +%{sitedir}/test +%{sitedir}/*/test +%{sitedir}/*/tests +%{dynlib _ctypes_test} +%{dynlib _testbuffer} +%{dynlib _testcapi} +%{dynlib _testclinic} +%{dynlib _testinternalcapi} +%{dynlib _testimportmultiple} +%{dynlib _testmultiphase} +%{dynlib xxlimited} +# workaround for missing packages +%dir %{sitedir}/sqlite3 +%dir %{sitedir}/tkinter + +%files -n %{python_pkg_name}-base +# docs +%dir %{_docdir}/%{name} +%doc %{_docdir}/%{name}/README.rst +%license LICENSE +%doc %{_docdir}/%{name}/README.SUSE +%if %{primary_interpreter} +%{_mandir}/man1/python3.1%{?ext_man} +%endif +%{_mandir}/man1/python%{python_version}.1%{?ext_man} +%if %{with externally_managed} +# PEP-0668 +%{sitedir}/EXTERNALLY-MANAGED +%endif +# license text, not a doc because the code can use it at run-time +%{sitedir}/LICENSE.txt +# RPM macros +%if %{primary_interpreter} +%{_rpmconfigdir}/macros.d/macros.python3 +%endif +# binary parts +%dir %{sitedir}/lib-dynload +%{dynlib array} +%{dynlib _asyncio} +%{dynlib audioop} +%{dynlib binascii} +%{dynlib _bisect} +%{dynlib _bz2} +%{dynlib cmath} +%{dynlib _codecs_cn} +%{dynlib _codecs_hk} +%{dynlib _codecs_iso2022} +%{dynlib _codecs_jp} +%{dynlib _codecs_kr} +%{dynlib _codecs_tw} +%{dynlib _contextvars} +%{dynlib _crypt} +%{dynlib _csv} +%{dynlib _ctypes} +%{dynlib _datetime} +%{dynlib _decimal} +%{dynlib _elementtree} +%{dynlib fcntl} +%{dynlib grp} +%{dynlib _hashlib} +%{dynlib _heapq} +%{dynlib _json} +%{dynlib _lsprof} +%{dynlib _lzma} +%{dynlib math} +%{dynlib mmap} +%{dynlib _multibytecodec} +%{dynlib _multiprocessing} +%{dynlib _opcode} +%{dynlib ossaudiodev} +%{dynlib _pickle} +%{dynlib _posixshmem} +%{dynlib _posixsubprocess} +%{dynlib pyexpat} +%{dynlib _queue} +%{dynlib _random} +%{dynlib resource} +%{dynlib select} +%{dynlib _socket} +%{dynlib spwd} +%{dynlib _ssl} +%{dynlib _statistics} +%{dynlib _struct} +%{dynlib syslog} +%{dynlib termios} +%{dynlib _typing} +%{dynlib unicodedata} +%{dynlib _uuid} +%{dynlib _xxsubinterpreters} +%{dynlib _xxtestfuzz} +%{dynlib xxlimited_35} +%{dynlib zlib} +%{dynlib _zoneinfo} +# hashlib fallback modules +%{dynlib _blake2} +%{dynlib _md5} +%{dynlib _sha1} +%{dynlib _sha256} +%{dynlib _sha512} +%{dynlib _sha3} +# python parts +%dir %{_prefix}/lib/python%{python_version} +%dir %{_prefix}/lib/python%{python_version}/site-packages +%dir %{_prefix}/lib/python%{python_version}/site-packages/__pycache__ +%dir %{sitedir} +%dir %{sitedir}/site-packages +%dir %{sitedir}/site-packages/__pycache__ +%exclude %{sitedir}/*/test +%exclude %{sitedir}/*/tests +%{sitedir}/*.py +%{sitedir}/asyncio +%{sitedir}/ctypes +%{sitedir}/collections +%{sitedir}/concurrent +%{sitedir}/distutils +%{sitedir}/email +%{sitedir}/encodings +%{sitedir}/ensurepip +%{sitedir}/html +%{sitedir}/http +%{sitedir}/importlib +%{sitedir}/json +%{sitedir}/lib2to3 +%{sitedir}/logging +%{sitedir}/multiprocessing +%{sitedir}/pydoc_data +%{sitedir}/re +%{sitedir}/tomllib +%{sitedir}/unittest +%{sitedir}/urllib +%{sitedir}/venv +%{sitedir}/wsgiref +%{sitedir}/xml +%{sitedir}/xmlrpc +%{sitedir}/zoneinfo +%{sitedir}/__phello__ +%{sitedir}/__pycache__ +# import-failed hooks +%{sitedir}/_import_failed +%{sitedir}/site-packages/zzzz-import-failed-hooks.pth +# symlinks +%if %{primary_interpreter} +%{_bindir}/python3 +%{_bindir}/pydoc3 +%endif +# executables +%attr(755, root, root) %{_bindir}/pydoc%{python_version} +# %%attr(755, root, root) %%{_bindir}/python%%{python_abi} +%attr(755, root, root) %{_bindir}/python%{python_version} +# endif for if base +%endif + +%changelog diff --git a/skip-test_pyobject_freed_is_freed.patch b/skip-test_pyobject_freed_is_freed.patch new file mode 100644 index 0000000..6f48b09 --- /dev/null +++ b/skip-test_pyobject_freed_is_freed.patch @@ -0,0 +1,23 @@ +--- + Lib/test/test_capi/test_misc.py | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/Lib/test/test_capi/test_misc.py ++++ b/Lib/test/test_capi/test_misc.py +@@ -40,6 +40,8 @@ import _testinternalcapi + # Were we compiled --with-pydebug or with #define Py_DEBUG? + Py_DEBUG = hasattr(sys, 'gettotalrefcount') + ++# Which version of the SLE distro we build on? ++SLE_VERSION = int(os.environ.get('SLE_VERSION', '0'), 10) + + NULL = None + +@@ -1281,6 +1283,7 @@ class PyMemDebugTests(unittest.TestCase) + def test_pyobject_forbidden_bytes_is_freed(self): + self.check_pyobject_is_freed('check_pyobject_forbidden_bytes_is_freed') + ++ @unittest.skipIf(0 < SLE_VERSION < 150300, 'Failing on Leap 15.*') + def test_pyobject_freed_is_freed(self): + self.check_pyobject_is_freed('check_pyobject_freed_is_freed') + diff --git a/skip_if_buildbot-extend.patch b/skip_if_buildbot-extend.patch new file mode 100644 index 0000000..fd9a584 --- /dev/null +++ b/skip_if_buildbot-extend.patch @@ -0,0 +1,15 @@ +--- + Lib/test/support/__init__.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/Lib/test/support/__init__.py ++++ b/Lib/test/support/__init__.py +@@ -384,7 +384,7 @@ def skip_if_buildbot(reason=None): + if not reason: + reason = 'not suitable for buildbots' + try: +- isbuildbot = getpass.getuser().lower() == 'buildbot' ++ isbuildbot = getpass.getuser().lower() in ['buildbot', 'abuild'] + except (KeyError, EnvironmentError) as err: + warnings.warn(f'getpass.getuser() failed {err}.', RuntimeWarning) + isbuildbot = False diff --git a/skipped_tests.py b/skipped_tests.py new file mode 100644 index 0000000..47002e6 --- /dev/null +++ b/skipped_tests.py @@ -0,0 +1,69 @@ +#!/usr/bin/python3 +""" +Simple regexp-based skipped test checker. +It lists tests that are mentioned (presumably for exclusion) +in BASE, and in MAIN (presumably for inclusion) +and reports discrepancies. + +This will have a number of +""" + +MAIN = "python39.spec" + +import glob +import re +from os.path import basename + +alltests = set() +qemu_exclusions = set() + +for item in glob.glob("Python-*/Lib/test/test_*"): + testname = basename(item) + if testname.endswith(".py"): + testname = testname[:-3] + alltests.add(testname) + +testre = re.compile(r'[\s"](test_\w+)\b') + +def find_tests_in_spec(specname): + global qemu_exclusions + + found_tests = set() + with open(specname) as spec: + in_qemu = False + for line in spec: + line = line.strip() + if "#" in line: + line = line[:line.index("#")] + tests = set(testre.findall(line)) + found_tests |= tests + if line == "%if 0%{?qemu_user_space_build} > 0": + in_qemu = True + if in_qemu: + if line == "%endif": + in_qemu = False + qemu_exclusions |= tests + return found_tests + +excluded = find_tests_in_spec(MAIN) + +#print("--- excluded tests:", " ".join(sorted(excluded))) +#print("--- included tests:", " ".join(sorted(included))) + +mentioned = excluded +nonexistent = mentioned - alltests +missing = excluded - qemu_exclusions + +print("--- the following tests are excluded for QEMU and not tested in python") +print("--- (that probably means we don't need to worry about them)") +for test in sorted(qemu_exclusions - excluded): + print(test) + +print("--- the following tests might be excluded in python:") +for test in sorted(missing): + print(test) + +if nonexistent: + print("--- the following tests don't exist:") + for test in sorted(nonexistent): + print(test) diff --git a/subprocess-raise-timeout.patch b/subprocess-raise-timeout.patch new file mode 100644 index 0000000..ab29d50 --- /dev/null +++ b/subprocess-raise-timeout.patch @@ -0,0 +1,18 @@ +--- + Lib/test/test_subprocess.py | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +Index: Python-3.11.8/Lib/test/test_subprocess.py +=================================================================== +--- Python-3.11.8.orig/Lib/test/test_subprocess.py ++++ Python-3.11.8/Lib/test/test_subprocess.py +@@ -280,7 +280,8 @@ class ProcessTestCase(BaseTestCase): + "time.sleep(3600)"], + # Some heavily loaded buildbots (sparc Debian 3.x) require + # this much time to start and print. +- timeout=3) ++ # OBS might require even more ++ timeout=10) + self.fail("Expected TimeoutExpired.") + self.assertEqual(c.exception.output, b'BDFL') + -- 2.51.1 From 323372859ba390b82fbec0207f30668b3edb6d5e3822c75123efa91fe53d06a8 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Sat, 17 May 2025 10:02:52 +0000 Subject: [PATCH 121/135] - Use extended %autopatch. OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=176 --- python311.changes | 5 +++++ python311.spec | 20 ++------------------ 2 files changed, 7 insertions(+), 18 deletions(-) diff --git a/python311.changes b/python311.changes index 362456b..37954db 100644 --- a/python311.changes +++ b/python311.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Sat May 17 10:02:27 UTC 2025 - Matej Cepl + +- Use extended %autopatch. + ------------------------------------------------------------------- Sat May 10 11:38:24 UTC 2025 - Matej Cepl diff --git a/python311.spec b/python311.spec index 615dfd9..fc56507 100644 --- a/python311.spec +++ b/python311.spec @@ -432,27 +432,11 @@ other applications. %prep %setup -q -n %{tarname} -%patch -p1 -P 02 -%patch -p1 -P 03 -%patch -p1 -P 04 -%patch -p1 -P 05 -%patch -p1 -P 07 -%patch -p1 -P 08 - +%autopatch -p1 -M 08 %if 0%{?suse_version} <= 1500 %patch -P 09 -p1 %endif - -%patch -p1 -P 10 -%patch -p1 -P 11 -%patch -p1 -P 13 -%patch -p1 -P 15 -%patch -p1 -P 16 -%patch -p1 -P 17 -%patch -p1 -P 19 -%patch -p1 -P 22 -%patch -p1 -P 24 -%patch -p1 -P 25 +%autopatch -p1 -m 10 # drop Autoconf version requirement sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac -- 2.51.1 From ee7afa01a600f7fc034f131fa10ddd460e12fcf5da6d6de69d45abdc55d0651e Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Thu, 22 May 2025 13:01:41 +0000 Subject: [PATCH 122/135] - Add CVE-2025-4516-DecodeError-handler.patch fixing CVE-2025-4516 (bsc#1243273) blocking DecodeError handling vulnerability, which could lead to DoS. OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=177 --- CVE-2025-4516-DecodeError-handler.patch | 517 ++++++++++++++++++++++++ python311.changes | 7 + python311.spec | 3 + 3 files changed, 527 insertions(+) create mode 100644 CVE-2025-4516-DecodeError-handler.patch diff --git a/CVE-2025-4516-DecodeError-handler.patch b/CVE-2025-4516-DecodeError-handler.patch new file mode 100644 index 0000000..c007aef --- /dev/null +++ b/CVE-2025-4516-DecodeError-handler.patch @@ -0,0 +1,517 @@ +From a75953b347716fff694aa59a7c7c2489fa50d1f5 Mon Sep 17 00:00:00 2001 +From: Serhiy Storchaka +Date: Tue, 20 May 2025 15:46:57 +0300 +Subject: [PATCH] [3.12] gh-133767: Fix use-after-free in the unicode-escape + decoder with an error handler (GH-129648) (GH-133944) + +If the error handler is used, a new bytes object is created to set as +the object attribute of UnicodeDecodeError, and that bytes object then +replaces the original data. A pointer to the decoded data will became invalid +after destroying that temporary bytes object. So we need other way to return +the first invalid escape from _PyUnicode_DecodeUnicodeEscapeInternal(). + +_PyBytes_DecodeEscape() does not have such issue, because it does not +use the error handlers registry, but it should be changed for compatibility +with _PyUnicode_DecodeUnicodeEscapeInternal(). +(cherry picked from commit 9f69a58623bd01349a18ba0c7a9cb1dad6a51e8e) +(cherry picked from commit 6279eb8c076d89d3739a6edb393e43c7929b429d) + +Co-authored-by: Serhiy Storchaka +--- + Include/cpython/bytesobject.h | 4 + Include/cpython/unicodeobject.h | 13 ++ + Lib/test/test_codeccallbacks.py | 39 ++++++ + Lib/test/test_codecs.py | 52 ++++++-- + Misc/NEWS.d/next/Security/2025-05-09-20-22-54.gh-issue-133767.kN2i3Q.rst | 2 + Objects/bytesobject.c | 54 +++++--- + Objects/unicodeobject.c | 61 +++++++--- + Parser/string_parser.c | 26 ++-- + 8 files changed, 194 insertions(+), 57 deletions(-) + create mode 100644 Misc/NEWS.d/next/Security/2025-05-09-20-22-54.gh-issue-133767.kN2i3Q.rst + +Index: Python-3.11.12/Include/cpython/bytesobject.h +=================================================================== +--- Python-3.11.12.orig/Include/cpython/bytesobject.h 2025-04-08 14:15:29.000000000 +0000 ++++ Python-3.11.12/Include/cpython/bytesobject.h 2025-05-22 12:57:58.382969999 +0000 +@@ -25,6 +25,10 @@ + int use_bytearray); + + /* Helper for PyBytes_DecodeEscape that detects invalid escape chars. */ ++PyAPI_FUNC(PyObject*) _PyBytes_DecodeEscape2(const char *, Py_ssize_t, ++ const char *, ++ int *, const char **); ++// Export for binary compatibility. + PyAPI_FUNC(PyObject *) _PyBytes_DecodeEscape(const char *, Py_ssize_t, + const char *, const char **); + +Index: Python-3.11.12/Include/cpython/unicodeobject.h +=================================================================== +--- Python-3.11.12.orig/Include/cpython/unicodeobject.h 2025-04-08 14:15:29.000000000 +0000 ++++ Python-3.11.12/Include/cpython/unicodeobject.h 2025-05-22 12:57:58.383963607 +0000 +@@ -914,6 +914,19 @@ + ); + /* Helper for PyUnicode_DecodeUnicodeEscape that detects invalid escape + chars. */ ++PyAPI_FUNC(PyObject*) _PyUnicode_DecodeUnicodeEscapeInternal2( ++ const char *string, /* Unicode-Escape encoded string */ ++ Py_ssize_t length, /* size of string */ ++ const char *errors, /* error handling */ ++ Py_ssize_t *consumed, /* bytes consumed */ ++ int *first_invalid_escape_char, /* on return, if not -1, contain the first ++ invalid escaped char (<= 0xff) or invalid ++ octal escape (> 0xff) in string. */ ++ const char **first_invalid_escape_ptr); /* on return, if not NULL, may ++ point to the first invalid escaped ++ char in string. ++ May be NULL if errors is not NULL. */ ++// Export for binary compatibility. + PyAPI_FUNC(PyObject*) _PyUnicode_DecodeUnicodeEscapeInternal( + const char *string, /* Unicode-Escape encoded string */ + Py_ssize_t length, /* size of string */ +Index: Python-3.11.12/Lib/test/test_codeccallbacks.py +=================================================================== +--- Python-3.11.12.orig/Lib/test/test_codeccallbacks.py 2025-05-22 12:57:49.587342695 +0000 ++++ Python-3.11.12/Lib/test/test_codeccallbacks.py 2025-05-22 12:57:58.384369150 +0000 +@@ -1,6 +1,7 @@ + import codecs + import html.entities + import itertools ++import re + import sys + import unicodedata + import unittest +@@ -1124,7 +1125,7 @@ + text = 'abcghi'*n + text.translate(charmap) + +- def test_mutatingdecodehandler(self): ++ def test_mutating_decode_handler(self): + baddata = [ + ("ascii", b"\xff"), + ("utf-7", b"++"), +@@ -1159,6 +1160,42 @@ + for (encoding, data) in baddata: + self.assertEqual(data.decode(encoding, "test.mutating"), "\u4242") + ++ def test_mutating_decode_handler_unicode_escape(self): ++ decode = codecs.unicode_escape_decode ++ def mutating(exc): ++ if isinstance(exc, UnicodeDecodeError): ++ r = data.get(exc.object[:exc.end]) ++ if r is not None: ++ exc.object = r[0] + exc.object[exc.end:] ++ return ('\u0404', r[1]) ++ raise AssertionError("don't know how to handle %r" % exc) ++ ++ codecs.register_error('test.mutating2', mutating) ++ data = { ++ br'\x0': (b'\\', 0), ++ br'\x3': (b'xxx\\', 3), ++ br'\x5': (b'x\\', 1), ++ } ++ def check(input, expected, msg): ++ with self.assertWarns(DeprecationWarning) as cm: ++ self.assertEqual(decode(input, 'test.mutating2'), (expected, len(input))) ++ self.assertIn(msg, str(cm.warning)) ++ ++ check(br'\x0n\z', '\u0404\n\\z', r"invalid escape sequence '\z'") ++ check(br'\x0n\501', '\u0404\n\u0141', r"invalid octal escape sequence '\501'") ++ check(br'\x0z', '\u0404\\z', r"invalid escape sequence '\z'") ++ ++ check(br'\x3n\zr', '\u0404\n\\zr', r"invalid escape sequence '\z'") ++ check(br'\x3zr', '\u0404\\zr', r"invalid escape sequence '\z'") ++ check(br'\x3z5', '\u0404\\z5', r"invalid escape sequence '\z'") ++ check(memoryview(br'\x3z5x')[:-1], '\u0404\\z5', r"invalid escape sequence '\z'") ++ check(memoryview(br'\x3z5xy')[:-2], '\u0404\\z5', r"invalid escape sequence '\z'") ++ ++ check(br'\x5n\z', '\u0404\n\\z', r"invalid escape sequence '\z'") ++ check(br'\x5n\501', '\u0404\n\u0141', r"invalid octal escape sequence '\501'") ++ check(br'\x5z', '\u0404\\z', r"invalid escape sequence '\z'") ++ check(memoryview(br'\x5zy')[:-1], '\u0404\\z', r"invalid escape sequence '\z'") ++ + # issue32583 + def test_crashing_decode_handler(self): + # better generating one more character to fill the extra space slot +Index: Python-3.11.12/Lib/test/test_codecs.py +=================================================================== +--- Python-3.11.12.orig/Lib/test/test_codecs.py 2025-05-22 12:57:49.608177948 +0000 ++++ Python-3.11.12/Lib/test/test_codecs.py 2025-05-22 12:57:58.385050493 +0000 +@@ -1198,23 +1198,39 @@ + check(br"[\1010]", b"[A0]") + check(br"[\x41]", b"[A]") + check(br"[\x410]", b"[A0]") ++ ++ def test_warnings(self): ++ decode = codecs.escape_decode ++ check = coding_checker(self, decode) + for i in range(97, 123): + b = bytes([i]) + if b not in b'abfnrtvx': +- with self.assertWarns(DeprecationWarning): ++ with self.assertWarnsRegex(DeprecationWarning, ++ r"invalid escape sequence '\\%c'" % i): + check(b"\\" + b, b"\\" + b) +- with self.assertWarns(DeprecationWarning): ++ with self.assertWarnsRegex(DeprecationWarning, ++ r"invalid escape sequence '\\%c'" % (i-32)): + check(b"\\" + b.upper(), b"\\" + b.upper()) +- with self.assertWarns(DeprecationWarning): ++ with self.assertWarnsRegex(DeprecationWarning, ++ r"invalid escape sequence '\\8'"): + check(br"\8", b"\\8") + with self.assertWarns(DeprecationWarning): + check(br"\9", b"\\9") +- with self.assertWarns(DeprecationWarning): ++ with self.assertWarnsRegex(DeprecationWarning, ++ r"invalid escape sequence '\\\xfa'") as cm: + check(b"\\\xfa", b"\\\xfa") + for i in range(0o400, 0o1000): +- with self.assertWarns(DeprecationWarning): ++ with self.assertWarnsRegex(DeprecationWarning, ++ r"invalid octal escape sequence '\\%o'" % i): + check(rb'\%o' % i, bytes([i & 0o377])) + ++ with self.assertWarnsRegex(DeprecationWarning, ++ r"invalid escape sequence '\\z'"): ++ self.assertEqual(decode(br'\x\z', 'ignore'), (b'\\z', 4)) ++ with self.assertWarnsRegex(DeprecationWarning, ++ r"invalid octal escape sequence '\\501'"): ++ self.assertEqual(decode(br'\x\501', 'ignore'), (b'A', 6)) ++ + def test_errors(self): + decode = codecs.escape_decode + self.assertRaises(ValueError, decode, br"\x") +@@ -2487,24 +2503,40 @@ + check(br"[\x410]", "[A0]") + check(br"\u20ac", "\u20ac") + check(br"\U0001d120", "\U0001d120") ++ ++ def test_decode_warnings(self): ++ decode = codecs.unicode_escape_decode ++ check = coding_checker(self, decode) + for i in range(97, 123): + b = bytes([i]) + if b not in b'abfnrtuvx': +- with self.assertWarns(DeprecationWarning): ++ with self.assertWarnsRegex(DeprecationWarning, ++ r"invalid escape sequence '\\%c'" % i): + check(b"\\" + b, "\\" + chr(i)) + if b.upper() not in b'UN': +- with self.assertWarns(DeprecationWarning): ++ with self.assertWarnsRegex(DeprecationWarning, ++ r"invalid escape sequence '\\%c'" % (i-32)): + check(b"\\" + b.upper(), "\\" + chr(i-32)) +- with self.assertWarns(DeprecationWarning): ++ with self.assertWarnsRegex(DeprecationWarning, ++ r"invalid escape sequence '\\8'"): + check(br"\8", "\\8") + with self.assertWarns(DeprecationWarning): + check(br"\9", "\\9") +- with self.assertWarns(DeprecationWarning): ++ with self.assertWarnsRegex(DeprecationWarning, ++ r"invalid escape sequence '\\\xfa'") as cm: + check(b"\\\xfa", "\\\xfa") + for i in range(0o400, 0o1000): +- with self.assertWarns(DeprecationWarning): ++ with self.assertWarnsRegex(DeprecationWarning, ++ r"invalid octal escape sequence '\\%o'" % i): + check(rb'\%o' % i, chr(i)) + ++ with self.assertWarnsRegex(DeprecationWarning, ++ r"invalid escape sequence '\\z'"): ++ self.assertEqual(decode(br'\x\z', 'ignore'), ('\\z', 4)) ++ with self.assertWarnsRegex(DeprecationWarning, ++ r"invalid octal escape sequence '\\501'"): ++ self.assertEqual(decode(br'\x\501', 'ignore'), ('\u0141', 6)) ++ + def test_decode_errors(self): + decode = codecs.unicode_escape_decode + for c, d in (b'x', 2), (b'u', 4), (b'U', 4): +Index: Python-3.11.12/Misc/NEWS.d/next/Security/2025-05-09-20-22-54.gh-issue-133767.kN2i3Q.rst +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ Python-3.11.12/Misc/NEWS.d/next/Security/2025-05-09-20-22-54.gh-issue-133767.kN2i3Q.rst 2025-05-22 12:57:58.385668586 +0000 +@@ -0,0 +1,2 @@ ++Fix use-after-free in the "unicode-escape" decoder with a non-"strict" error ++handler. +Index: Python-3.11.12/Objects/bytesobject.c +=================================================================== +--- Python-3.11.12.orig/Objects/bytesobject.c 2025-04-08 14:15:29.000000000 +0000 ++++ Python-3.11.12/Objects/bytesobject.c 2025-05-22 12:57:58.386149592 +0000 +@@ -1057,10 +1057,11 @@ + } + + /* Unescape a backslash-escaped string. */ +-PyObject *_PyBytes_DecodeEscape(const char *s, ++PyObject *_PyBytes_DecodeEscape2(const char *s, + Py_ssize_t len, + const char *errors, +- const char **first_invalid_escape) ++ int *first_invalid_escape_char, ++ const char **first_invalid_escape_ptr) + { + int c; + char *p; +@@ -1074,7 +1075,8 @@ + return NULL; + writer.overallocate = 1; + +- *first_invalid_escape = NULL; ++ *first_invalid_escape_char = -1; ++ *first_invalid_escape_ptr = NULL; + + end = s + len; + while (s < end) { +@@ -1112,9 +1114,10 @@ + c = (c<<3) + *s++ - '0'; + } + if (c > 0377) { +- if (*first_invalid_escape == NULL) { +- *first_invalid_escape = s-3; /* Back up 3 chars, since we've +- already incremented s. */ ++ if (*first_invalid_escape_char == -1) { ++ *first_invalid_escape_char = c; ++ /* Back up 3 chars, since we've already incremented s. */ ++ *first_invalid_escape_ptr = s - 3; + } + } + *p++ = c; +@@ -1155,9 +1158,10 @@ + break; + + default: +- if (*first_invalid_escape == NULL) { +- *first_invalid_escape = s-1; /* Back up one char, since we've +- already incremented s. */ ++ if (*first_invalid_escape_char == -1) { ++ *first_invalid_escape_char = (unsigned char)s[-1]; ++ /* Back up one char, since we've already incremented s. */ ++ *first_invalid_escape_ptr = s - 1; + } + *p++ = '\\'; + s--; +@@ -1171,23 +1175,37 @@ + return NULL; + } + ++// Export for binary compatibility. ++PyObject *_PyBytes_DecodeEscape(const char *s, ++ Py_ssize_t len, ++ const char *errors, ++ const char **first_invalid_escape) ++{ ++ int first_invalid_escape_char; ++ return _PyBytes_DecodeEscape2( ++ s, len, errors, ++ &first_invalid_escape_char, ++ first_invalid_escape); ++} ++ + PyObject *PyBytes_DecodeEscape(const char *s, + Py_ssize_t len, + const char *errors, + Py_ssize_t Py_UNUSED(unicode), + const char *Py_UNUSED(recode_encoding)) + { +- const char* first_invalid_escape; +- PyObject *result = _PyBytes_DecodeEscape(s, len, errors, +- &first_invalid_escape); ++ int first_invalid_escape_char; ++ const char *first_invalid_escape_ptr; ++ PyObject *result = _PyBytes_DecodeEscape2(s, len, errors, ++ &first_invalid_escape_char, ++ &first_invalid_escape_ptr); + if (result == NULL) + return NULL; +- if (first_invalid_escape != NULL) { +- unsigned char c = *first_invalid_escape; +- if ('4' <= c && c <= '7') { ++ if (first_invalid_escape_char != -1) { ++ if (first_invalid_escape_char > 0xff) { + if (PyErr_WarnFormat(PyExc_DeprecationWarning, 1, +- "invalid octal escape sequence '\\%.3s'", +- first_invalid_escape) < 0) ++ "invalid octal escape sequence '\\%o'", ++ first_invalid_escape_char) < 0) + { + Py_DECREF(result); + return NULL; +@@ -1196,7 +1214,7 @@ + else { + if (PyErr_WarnFormat(PyExc_DeprecationWarning, 1, + "invalid escape sequence '\\%c'", +- c) < 0) ++ first_invalid_escape_char) < 0) + { + Py_DECREF(result); + return NULL; +Index: Python-3.11.12/Objects/unicodeobject.c +=================================================================== +--- Python-3.11.12.orig/Objects/unicodeobject.c 2025-04-08 14:15:29.000000000 +0000 ++++ Python-3.11.12/Objects/unicodeobject.c 2025-05-22 12:57:58.387970080 +0000 +@@ -6301,20 +6301,23 @@ + static _PyUnicode_Name_CAPI *ucnhash_capi = NULL; + + PyObject * +-_PyUnicode_DecodeUnicodeEscapeInternal(const char *s, ++_PyUnicode_DecodeUnicodeEscapeInternal2(const char *s, + Py_ssize_t size, + const char *errors, + Py_ssize_t *consumed, +- const char **first_invalid_escape) ++ int *first_invalid_escape_char, ++ const char **first_invalid_escape_ptr) + { + const char *starts = s; ++ const char *initial_starts = starts; + _PyUnicodeWriter writer; + const char *end; + PyObject *errorHandler = NULL; + PyObject *exc = NULL; + + // so we can remember if we've seen an invalid escape char or not +- *first_invalid_escape = NULL; ++ *first_invalid_escape_char = -1; ++ *first_invalid_escape_ptr = NULL; + + if (size == 0) { + if (consumed) { +@@ -6402,9 +6405,12 @@ + } + } + if (ch > 0377) { +- if (*first_invalid_escape == NULL) { +- *first_invalid_escape = s-3; /* Back up 3 chars, since we've +- already incremented s. */ ++ if (*first_invalid_escape_char == -1) { ++ *first_invalid_escape_char = ch; ++ if (starts == initial_starts) { ++ /* Back up 3 chars, since we've already incremented s. */ ++ *first_invalid_escape_ptr = s - 3; ++ } + } + } + WRITE_CHAR(ch); +@@ -6503,9 +6509,12 @@ + goto error; + + default: +- if (*first_invalid_escape == NULL) { +- *first_invalid_escape = s-1; /* Back up one char, since we've +- already incremented s. */ ++ if (*first_invalid_escape_char == -1) { ++ *first_invalid_escape_char = c; ++ if (starts == initial_starts) { ++ /* Back up one char, since we've already incremented s. */ ++ *first_invalid_escape_ptr = s - 1; ++ } + } + WRITE_ASCII_CHAR('\\'); + WRITE_CHAR(c); +@@ -6544,24 +6553,40 @@ + return NULL; + } + ++// Export for binary compatibility. ++PyObject * ++_PyUnicode_DecodeUnicodeEscapeInternal(const char *s, ++ Py_ssize_t size, ++ const char *errors, ++ Py_ssize_t *consumed, ++ const char **first_invalid_escape) ++{ ++ int first_invalid_escape_char; ++ return _PyUnicode_DecodeUnicodeEscapeInternal2( ++ s, size, errors, consumed, ++ &first_invalid_escape_char, ++ first_invalid_escape); ++} ++ + PyObject * + _PyUnicode_DecodeUnicodeEscapeStateful(const char *s, + Py_ssize_t size, + const char *errors, + Py_ssize_t *consumed) + { +- const char *first_invalid_escape; +- PyObject *result = _PyUnicode_DecodeUnicodeEscapeInternal(s, size, errors, ++ int first_invalid_escape_char; ++ const char *first_invalid_escape_ptr; ++ PyObject *result = _PyUnicode_DecodeUnicodeEscapeInternal2(s, size, errors, + consumed, +- &first_invalid_escape); ++ &first_invalid_escape_char, ++ &first_invalid_escape_ptr); + if (result == NULL) + return NULL; +- if (first_invalid_escape != NULL) { +- unsigned char c = *first_invalid_escape; +- if ('4' <= c && c <= '7') { ++ if (first_invalid_escape_char != -1) { ++ if (first_invalid_escape_char > 0xff) { + if (PyErr_WarnFormat(PyExc_DeprecationWarning, 1, +- "invalid octal escape sequence '\\%.3s'", +- first_invalid_escape) < 0) ++ "invalid octal escape sequence '\\%o'", ++ first_invalid_escape_char) < 0) + { + Py_DECREF(result); + return NULL; +@@ -6570,7 +6595,7 @@ + else { + if (PyErr_WarnFormat(PyExc_DeprecationWarning, 1, + "invalid escape sequence '\\%c'", +- c) < 0) ++ first_invalid_escape_char) < 0) + { + Py_DECREF(result); + return NULL; +Index: Python-3.11.12/Parser/string_parser.c +=================================================================== +--- Python-3.11.12.orig/Parser/string_parser.c 2025-04-08 14:15:29.000000000 +0000 ++++ Python-3.11.12/Parser/string_parser.c 2025-05-22 13:00:34.860750605 +0000 +@@ -130,13 +130,16 @@ + len = p - buf; + s = buf; + +- const char *first_invalid_escape; +- v = _PyUnicode_DecodeUnicodeEscapeInternal(s, len, NULL, NULL, &first_invalid_escape); ++ int first_invalid_escape_char; ++ const char *first_invalid_escape_ptr; ++ v = _PyUnicode_DecodeUnicodeEscapeInternal2(s, (Py_ssize_t)len, NULL, NULL, ++ &first_invalid_escape_char, ++ &first_invalid_escape_ptr); + +- if (v != NULL && first_invalid_escape != NULL) { +- if (warn_invalid_escape_sequence(parser, first_invalid_escape, t) < 0) { +- /* We have not decref u before because first_invalid_escape points +- inside u. */ ++ if (v != NULL && first_invalid_escape_ptr != NULL && t != NULL) { ++ if (warn_invalid_escape_sequence(parser, s, first_invalid_escape_ptr, t) < 0) { ++ /* We have not decref u before because first_invalid_escape_ptr ++ points inside u. */ + Py_XDECREF(u); + Py_DECREF(v); + return NULL; +@@ -149,14 +152,17 @@ + static PyObject * + decode_bytes_with_escapes(Parser *p, const char *s, Py_ssize_t len, Token *t) + { +- const char *first_invalid_escape; +- PyObject *result = _PyBytes_DecodeEscape(s, len, NULL, &first_invalid_escape); ++ int first_invalid_escape_char; ++ const char *first_invalid_escape_ptr; ++ PyObject *result = _PyBytes_DecodeEscape2(s, len, NULL, ++ &first_invalid_escape_char, ++ &first_invalid_escape_ptr); + if (result == NULL) { + return NULL; + } + +- if (first_invalid_escape != NULL) { +- if (warn_invalid_escape_sequence(p, first_invalid_escape, t) < 0) { ++ if (first_invalid_escape_ptr != NULL) { ++ if (warn_invalid_escape_sequence(p, s, first_invalid_escape_ptr, t) < 0) { + Py_DECREF(result); + return NULL; + } diff --git a/python311.changes b/python311.changes index 37954db..323f0c5 100644 --- a/python311.changes +++ b/python311.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Thu May 22 13:01:17 UTC 2025 - Matej Cepl + +- Add CVE-2025-4516-DecodeError-handler.patch fixing + CVE-2025-4516 (bsc#1243273) blocking DecodeError handling + vulnerability, which could lead to DoS. + ------------------------------------------------------------------- Sat May 17 10:02:27 UTC 2025 - Matej Cepl diff --git a/python311.spec b/python311.spec index fc56507..95d07f7 100644 --- a/python311.spec +++ b/python311.spec @@ -189,6 +189,9 @@ Patch24: add-loongarch64-support.patch # PATCH-FIX-UPSTREAM gh-126572-test_ssl-no-stop-ThreadedEchoServer-OSError.patch bsc#1241067 mcepl@suse.com # don't stop ThreadedEchoServer on OSError, makes test_ssl fail with OpenSSL 3.5 Patch25: gh-126572-test_ssl-no-stop-ThreadedEchoServer-OSError.patch +# PATCH-FIX-UPSTREAM CVE-2025-4516-DecodeError-handler.patch bsc#1243273 mcepl@suse.com +# this patch makes things totally awesome +Patch26: CVE-2025-4516-DecodeError-handler.patch BuildRequires: autoconf-archive BuildRequires: automake BuildRequires: crypto-policies-scripts -- 2.51.1 From d5adcdb437be5813a6e9793084b9c203aea61dbde97da6a594264b6bf60c101d Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Thu, 22 May 2025 14:14:05 +0000 Subject: [PATCH 123/135] Fix patch OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=178 --- CVE-2025-4516-DecodeError-handler.patch | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/CVE-2025-4516-DecodeError-handler.patch b/CVE-2025-4516-DecodeError-handler.patch index c007aef..23bc56c 100644 --- a/CVE-2025-4516-DecodeError-handler.patch +++ b/CVE-2025-4516-DecodeError-handler.patch @@ -469,7 +469,7 @@ Index: Python-3.11.12/Objects/unicodeobject.c Index: Python-3.11.12/Parser/string_parser.c =================================================================== --- Python-3.11.12.orig/Parser/string_parser.c 2025-04-08 14:15:29.000000000 +0000 -+++ Python-3.11.12/Parser/string_parser.c 2025-05-22 13:00:34.860750605 +0000 ++++ Python-3.11.12/Parser/string_parser.c 2025-05-22 14:13:25.035587017 +0000 @@ -130,13 +130,16 @@ len = p - buf; s = buf; @@ -487,7 +487,7 @@ Index: Python-3.11.12/Parser/string_parser.c - /* We have not decref u before because first_invalid_escape points - inside u. */ + if (v != NULL && first_invalid_escape_ptr != NULL && t != NULL) { -+ if (warn_invalid_escape_sequence(parser, s, first_invalid_escape_ptr, t) < 0) { ++ if (warn_invalid_escape_sequence(parser, first_invalid_escape_ptr, t) < 0) { + /* We have not decref u before because first_invalid_escape_ptr + points inside u. */ Py_XDECREF(u); @@ -511,7 +511,7 @@ Index: Python-3.11.12/Parser/string_parser.c - if (first_invalid_escape != NULL) { - if (warn_invalid_escape_sequence(p, first_invalid_escape, t) < 0) { + if (first_invalid_escape_ptr != NULL) { -+ if (warn_invalid_escape_sequence(p, s, first_invalid_escape_ptr, t) < 0) { ++ if (warn_invalid_escape_sequence(p, first_invalid_escape_ptr, t) < 0) { Py_DECREF(result); return NULL; } -- 2.51.1 From 69fa4c8b8f48f948c6e90717338b743d96e704f563bfa92761fcebe34d5e9785 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Tue, 27 May 2025 14:13:40 +0000 Subject: [PATCH 124/135] Use the upstream patch OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=179 --- CVE-2025-4516-DecodeError-handler.patch | 73 +++++++++++++------------ 1 file changed, 38 insertions(+), 35 deletions(-) diff --git a/CVE-2025-4516-DecodeError-handler.patch b/CVE-2025-4516-DecodeError-handler.patch index 23bc56c..c263eac 100644 --- a/CVE-2025-4516-DecodeError-handler.patch +++ b/CVE-2025-4516-DecodeError-handler.patch @@ -1,7 +1,7 @@ -From a75953b347716fff694aa59a7c7c2489fa50d1f5 Mon Sep 17 00:00:00 2001 +From 0c33e5baedf18ebcb04bc41dff7cfc614d5ea5fe Mon Sep 17 00:00:00 2001 From: Serhiy Storchaka Date: Tue, 20 May 2025 15:46:57 +0300 -Subject: [PATCH] [3.12] gh-133767: Fix use-after-free in the unicode-escape +Subject: [PATCH] [3.11] gh-133767: Fix use-after-free in the unicode-escape decoder with an error handler (GH-129648) (GH-133944) If the error handler is used, a new bytes object is created to set as @@ -15,6 +15,7 @@ use the error handlers registry, but it should be changed for compatibility with _PyUnicode_DecodeUnicodeEscapeInternal(). (cherry picked from commit 9f69a58623bd01349a18ba0c7a9cb1dad6a51e8e) (cherry picked from commit 6279eb8c076d89d3739a6edb393e43c7929b429d) +(cherry picked from commit a75953b347716fff694aa59a7c7c2489fa50d1f5) Co-authored-by: Serhiy Storchaka --- @@ -23,16 +24,16 @@ Co-authored-by: Serhiy Storchaka Lib/test/test_codeccallbacks.py | 39 ++++++ Lib/test/test_codecs.py | 52 ++++++-- Misc/NEWS.d/next/Security/2025-05-09-20-22-54.gh-issue-133767.kN2i3Q.rst | 2 - Objects/bytesobject.c | 54 +++++--- - Objects/unicodeobject.c | 61 +++++++--- - Parser/string_parser.c | 26 ++-- - 8 files changed, 194 insertions(+), 57 deletions(-) + Objects/bytesobject.c | 56 ++++++-- + Objects/unicodeobject.c | 63 +++++++--- + Parser/string_parser.c | 24 ++- + 8 files changed, 197 insertions(+), 56 deletions(-) create mode 100644 Misc/NEWS.d/next/Security/2025-05-09-20-22-54.gh-issue-133767.kN2i3Q.rst Index: Python-3.11.12/Include/cpython/bytesobject.h =================================================================== ---- Python-3.11.12.orig/Include/cpython/bytesobject.h 2025-04-08 14:15:29.000000000 +0000 -+++ Python-3.11.12/Include/cpython/bytesobject.h 2025-05-22 12:57:58.382969999 +0000 +--- Python-3.11.12.orig/Include/cpython/bytesobject.h 2025-05-27 16:12:54.739976905 +0200 ++++ Python-3.11.12/Include/cpython/bytesobject.h 2025-05-27 16:13:11.519989563 +0200 @@ -25,6 +25,10 @@ int use_bytearray); @@ -46,8 +47,8 @@ Index: Python-3.11.12/Include/cpython/bytesobject.h Index: Python-3.11.12/Include/cpython/unicodeobject.h =================================================================== ---- Python-3.11.12.orig/Include/cpython/unicodeobject.h 2025-04-08 14:15:29.000000000 +0000 -+++ Python-3.11.12/Include/cpython/unicodeobject.h 2025-05-22 12:57:58.383963607 +0000 +--- Python-3.11.12.orig/Include/cpython/unicodeobject.h 2025-05-27 16:12:54.739976905 +0200 ++++ Python-3.11.12/Include/cpython/unicodeobject.h 2025-05-27 16:13:11.520156067 +0200 @@ -914,6 +914,19 @@ ); /* Helper for PyUnicode_DecodeUnicodeEscape that detects invalid escape @@ -70,8 +71,8 @@ Index: Python-3.11.12/Include/cpython/unicodeobject.h Py_ssize_t length, /* size of string */ Index: Python-3.11.12/Lib/test/test_codeccallbacks.py =================================================================== ---- Python-3.11.12.orig/Lib/test/test_codeccallbacks.py 2025-05-22 12:57:49.587342695 +0000 -+++ Python-3.11.12/Lib/test/test_codeccallbacks.py 2025-05-22 12:57:58.384369150 +0000 +--- Python-3.11.12.orig/Lib/test/test_codeccallbacks.py 2025-05-27 16:12:54.739976905 +0200 ++++ Python-3.11.12/Lib/test/test_codeccallbacks.py 2025-05-27 16:13:11.520378996 +0200 @@ -1,6 +1,7 @@ import codecs import html.entities @@ -134,8 +135,8 @@ Index: Python-3.11.12/Lib/test/test_codeccallbacks.py # better generating one more character to fill the extra space slot Index: Python-3.11.12/Lib/test/test_codecs.py =================================================================== ---- Python-3.11.12.orig/Lib/test/test_codecs.py 2025-05-22 12:57:49.608177948 +0000 -+++ Python-3.11.12/Lib/test/test_codecs.py 2025-05-22 12:57:58.385050493 +0000 +--- Python-3.11.12.orig/Lib/test/test_codecs.py 2025-05-27 16:12:54.739976905 +0200 ++++ Python-3.11.12/Lib/test/test_codecs.py 2025-05-27 16:13:11.520814977 +0200 @@ -1198,23 +1198,39 @@ check(br"[\1010]", b"[A0]") check(br"[\x41]", b"[A]") @@ -230,14 +231,14 @@ Index: Python-3.11.12/Lib/test/test_codecs.py Index: Python-3.11.12/Misc/NEWS.d/next/Security/2025-05-09-20-22-54.gh-issue-133767.kN2i3Q.rst =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ Python-3.11.12/Misc/NEWS.d/next/Security/2025-05-09-20-22-54.gh-issue-133767.kN2i3Q.rst 2025-05-22 12:57:58.385668586 +0000 ++++ Python-3.11.12/Misc/NEWS.d/next/Security/2025-05-09-20-22-54.gh-issue-133767.kN2i3Q.rst 2025-05-27 16:13:11.521185394 +0200 @@ -0,0 +1,2 @@ +Fix use-after-free in the "unicode-escape" decoder with a non-"strict" error +handler. Index: Python-3.11.12/Objects/bytesobject.c =================================================================== ---- Python-3.11.12.orig/Objects/bytesobject.c 2025-04-08 14:15:29.000000000 +0000 -+++ Python-3.11.12/Objects/bytesobject.c 2025-05-22 12:57:58.386149592 +0000 +--- Python-3.11.12.orig/Objects/bytesobject.c 2025-05-27 16:12:54.739976905 +0200 ++++ Python-3.11.12/Objects/bytesobject.c 2025-05-27 16:13:11.521614202 +0200 @@ -1057,10 +1057,11 @@ } @@ -290,7 +291,7 @@ Index: Python-3.11.12/Objects/bytesobject.c } *p++ = '\\'; s--; -@@ -1171,23 +1175,37 @@ +@@ -1171,23 +1175,39 @@ return NULL; } @@ -328,15 +329,17 @@ Index: Python-3.11.12/Objects/bytesobject.c - if ('4' <= c && c <= '7') { + if (first_invalid_escape_char != -1) { + if (first_invalid_escape_char > 0xff) { ++ char buf[12] = ""; ++ snprintf(buf, sizeof buf, "%o", first_invalid_escape_char); if (PyErr_WarnFormat(PyExc_DeprecationWarning, 1, - "invalid octal escape sequence '\\%.3s'", - first_invalid_escape) < 0) -+ "invalid octal escape sequence '\\%o'", -+ first_invalid_escape_char) < 0) ++ "invalid octal escape sequence '\\%s'", ++ buf) < 0) { Py_DECREF(result); return NULL; -@@ -1196,7 +1214,7 @@ +@@ -1196,7 +1216,7 @@ else { if (PyErr_WarnFormat(PyExc_DeprecationWarning, 1, "invalid escape sequence '\\%c'", @@ -347,8 +350,8 @@ Index: Python-3.11.12/Objects/bytesobject.c return NULL; Index: Python-3.11.12/Objects/unicodeobject.c =================================================================== ---- Python-3.11.12.orig/Objects/unicodeobject.c 2025-04-08 14:15:29.000000000 +0000 -+++ Python-3.11.12/Objects/unicodeobject.c 2025-05-22 12:57:58.387970080 +0000 +--- Python-3.11.12.orig/Objects/unicodeobject.c 2025-05-27 16:12:54.739976905 +0200 ++++ Python-3.11.12/Objects/unicodeobject.c 2025-05-27 16:13:11.523098541 +0200 @@ -6301,20 +6301,23 @@ static _PyUnicode_Name_CAPI *ucnhash_capi = NULL; @@ -408,7 +411,7 @@ Index: Python-3.11.12/Objects/unicodeobject.c } WRITE_ASCII_CHAR('\\'); WRITE_CHAR(c); -@@ -6544,24 +6553,40 @@ +@@ -6544,24 +6553,42 @@ return NULL; } @@ -449,15 +452,17 @@ Index: Python-3.11.12/Objects/unicodeobject.c - if ('4' <= c && c <= '7') { + if (first_invalid_escape_char != -1) { + if (first_invalid_escape_char > 0xff) { ++ char buf[12] = ""; ++ snprintf(buf, sizeof buf, "%o", first_invalid_escape_char); if (PyErr_WarnFormat(PyExc_DeprecationWarning, 1, - "invalid octal escape sequence '\\%.3s'", - first_invalid_escape) < 0) -+ "invalid octal escape sequence '\\%o'", -+ first_invalid_escape_char) < 0) ++ "invalid octal escape sequence '\\%s'", ++ buf) < 0) { Py_DECREF(result); return NULL; -@@ -6570,7 +6595,7 @@ +@@ -6570,7 +6597,7 @@ else { if (PyErr_WarnFormat(PyExc_DeprecationWarning, 1, "invalid escape sequence '\\%c'", @@ -468,9 +473,9 @@ Index: Python-3.11.12/Objects/unicodeobject.c return NULL; Index: Python-3.11.12/Parser/string_parser.c =================================================================== ---- Python-3.11.12.orig/Parser/string_parser.c 2025-04-08 14:15:29.000000000 +0000 -+++ Python-3.11.12/Parser/string_parser.c 2025-05-22 14:13:25.035587017 +0000 -@@ -130,13 +130,16 @@ +--- Python-3.11.12.orig/Parser/string_parser.c 2025-05-27 16:12:54.739976905 +0200 ++++ Python-3.11.12/Parser/string_parser.c 2025-05-27 16:13:11.524051710 +0200 +@@ -130,12 +130,15 @@ len = p - buf; s = buf; @@ -485,14 +490,12 @@ Index: Python-3.11.12/Parser/string_parser.c - if (v != NULL && first_invalid_escape != NULL) { - if (warn_invalid_escape_sequence(parser, first_invalid_escape, t) < 0) { - /* We have not decref u before because first_invalid_escape points -- inside u. */ -+ if (v != NULL && first_invalid_escape_ptr != NULL && t != NULL) { ++ if (v != NULL && first_invalid_escape_ptr != NULL) { + if (warn_invalid_escape_sequence(parser, first_invalid_escape_ptr, t) < 0) { -+ /* We have not decref u before because first_invalid_escape_ptr -+ points inside u. */ ++ /* We have not decref u before because first_invalid_escape_ptr points + inside u. */ Py_XDECREF(u); Py_DECREF(v); - return NULL; @@ -149,14 +152,17 @@ static PyObject * decode_bytes_with_escapes(Parser *p, const char *s, Py_ssize_t len, Token *t) -- 2.51.1 From 4e3f0dd903ee0acb20c213b50510eafb337e080e19603d152ef5ec69297c220e Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Wed, 28 May 2025 09:17:38 +0000 Subject: [PATCH 125/135] remove trailing spaces OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=180 --- ...2-test_ssl-no-stop-ThreadedEchoServer-OSError.patch | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/gh-126572-test_ssl-no-stop-ThreadedEchoServer-OSError.patch b/gh-126572-test_ssl-no-stop-ThreadedEchoServer-OSError.patch index 5c26386..292efba 100644 --- a/gh-126572-test_ssl-no-stop-ThreadedEchoServer-OSError.patch +++ b/gh-126572-test_ssl-no-stop-ThreadedEchoServer-OSError.patch @@ -38,7 +38,7 @@ Index: Python-3.11.12/Lib/test/test_ssl.py @@ -2651,10 +2650,6 @@ self.close() self.running = False - + - # normally, we'd just stop here, but for the test - # harness, we want to stop the server - self.server.stop() @@ -51,7 +51,7 @@ Index: Python-3.11.12/Lib/test/test_ssl.py threading.Thread.__init__(self) self.daemon = True + self._in_context = False - + def __enter__(self): + if self._in_context: + raise ValueError('Re-entering ThreadedEchoServer context') @@ -59,20 +59,20 @@ Index: Python-3.11.12/Lib/test/test_ssl.py self.start(threading.Event()) self.flag.wait() return self - + def __exit__(self, *args): + assert self._in_context + self._in_context = False self.stop() self.join() - + def start(self, flag=None): + if not self._in_context: + raise ValueError( + 'ThreadedEchoServer must be used as a context manager') self.flag = flag threading.Thread.start(self) - + def run(self): + if not self._in_context: + raise ValueError( -- 2.51.1 From c1db13ef0fbe79a463cd2ec41004339b37fc0a686b491a6dbd70c2e144c11293 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Thu, 29 May 2025 16:42:17 +0000 Subject: [PATCH 126/135] Update the patch OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=181 --- CVE-2025-4516-DecodeError-handler.patch | 86 ++++++++++--------------- 1 file changed, 35 insertions(+), 51 deletions(-) diff --git a/CVE-2025-4516-DecodeError-handler.patch b/CVE-2025-4516-DecodeError-handler.patch index c263eac..fc4b1d6 100644 --- a/CVE-2025-4516-DecodeError-handler.patch +++ b/CVE-2025-4516-DecodeError-handler.patch @@ -30,11 +30,9 @@ Co-authored-by: Serhiy Storchaka 8 files changed, 197 insertions(+), 56 deletions(-) create mode 100644 Misc/NEWS.d/next/Security/2025-05-09-20-22-54.gh-issue-133767.kN2i3Q.rst -Index: Python-3.11.12/Include/cpython/bytesobject.h -=================================================================== ---- Python-3.11.12.orig/Include/cpython/bytesobject.h 2025-05-27 16:12:54.739976905 +0200 -+++ Python-3.11.12/Include/cpython/bytesobject.h 2025-05-27 16:13:11.519989563 +0200 -@@ -25,6 +25,10 @@ +--- a/Include/cpython/bytesobject.h ++++ b/Include/cpython/bytesobject.h +@@ -25,6 +25,10 @@ PyAPI_FUNC(PyObject*) _PyBytes_FromHex( int use_bytearray); /* Helper for PyBytes_DecodeEscape that detects invalid escape chars. */ @@ -45,11 +43,9 @@ Index: Python-3.11.12/Include/cpython/bytesobject.h PyAPI_FUNC(PyObject *) _PyBytes_DecodeEscape(const char *, Py_ssize_t, const char *, const char **); -Index: Python-3.11.12/Include/cpython/unicodeobject.h -=================================================================== ---- Python-3.11.12.orig/Include/cpython/unicodeobject.h 2025-05-27 16:12:54.739976905 +0200 -+++ Python-3.11.12/Include/cpython/unicodeobject.h 2025-05-27 16:13:11.520156067 +0200 -@@ -914,6 +914,19 @@ +--- a/Include/cpython/unicodeobject.h ++++ b/Include/cpython/unicodeobject.h +@@ -914,6 +914,19 @@ PyAPI_FUNC(PyObject*) _PyUnicode_DecodeU ); /* Helper for PyUnicode_DecodeUnicodeEscape that detects invalid escape chars. */ @@ -69,10 +65,8 @@ Index: Python-3.11.12/Include/cpython/unicodeobject.h PyAPI_FUNC(PyObject*) _PyUnicode_DecodeUnicodeEscapeInternal( const char *string, /* Unicode-Escape encoded string */ Py_ssize_t length, /* size of string */ -Index: Python-3.11.12/Lib/test/test_codeccallbacks.py -=================================================================== ---- Python-3.11.12.orig/Lib/test/test_codeccallbacks.py 2025-05-27 16:12:54.739976905 +0200 -+++ Python-3.11.12/Lib/test/test_codeccallbacks.py 2025-05-27 16:13:11.520378996 +0200 +--- a/Lib/test/test_codeccallbacks.py ++++ b/Lib/test/test_codeccallbacks.py @@ -1,6 +1,7 @@ import codecs import html.entities @@ -81,7 +75,7 @@ Index: Python-3.11.12/Lib/test/test_codeccallbacks.py import sys import unicodedata import unittest -@@ -1124,7 +1125,7 @@ +@@ -1124,7 +1125,7 @@ class CodecCallbackTest(unittest.TestCas text = 'abcghi'*n text.translate(charmap) @@ -90,7 +84,7 @@ Index: Python-3.11.12/Lib/test/test_codeccallbacks.py baddata = [ ("ascii", b"\xff"), ("utf-7", b"++"), -@@ -1159,6 +1160,42 @@ +@@ -1159,6 +1160,42 @@ class CodecCallbackTest(unittest.TestCas for (encoding, data) in baddata: self.assertEqual(data.decode(encoding, "test.mutating"), "\u4242") @@ -133,11 +127,9 @@ Index: Python-3.11.12/Lib/test/test_codeccallbacks.py # issue32583 def test_crashing_decode_handler(self): # better generating one more character to fill the extra space slot -Index: Python-3.11.12/Lib/test/test_codecs.py -=================================================================== ---- Python-3.11.12.orig/Lib/test/test_codecs.py 2025-05-27 16:12:54.739976905 +0200 -+++ Python-3.11.12/Lib/test/test_codecs.py 2025-05-27 16:13:11.520814977 +0200 -@@ -1198,23 +1198,39 @@ +--- a/Lib/test/test_codecs.py ++++ b/Lib/test/test_codecs.py +@@ -1198,23 +1198,39 @@ class EscapeDecodeTest(unittest.TestCase check(br"[\1010]", b"[A0]") check(br"[\x41]", b"[A]") check(br"[\x410]", b"[A0]") @@ -182,7 +174,7 @@ Index: Python-3.11.12/Lib/test/test_codecs.py def test_errors(self): decode = codecs.escape_decode self.assertRaises(ValueError, decode, br"\x") -@@ -2487,24 +2503,40 @@ +@@ -2487,24 +2503,40 @@ class UnicodeEscapeTest(ReadTest, unitte check(br"[\x410]", "[A0]") check(br"\u20ac", "\u20ac") check(br"\U0001d120", "\U0001d120") @@ -228,18 +220,14 @@ Index: Python-3.11.12/Lib/test/test_codecs.py def test_decode_errors(self): decode = codecs.unicode_escape_decode for c, d in (b'x', 2), (b'u', 4), (b'U', 4): -Index: Python-3.11.12/Misc/NEWS.d/next/Security/2025-05-09-20-22-54.gh-issue-133767.kN2i3Q.rst -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ Python-3.11.12/Misc/NEWS.d/next/Security/2025-05-09-20-22-54.gh-issue-133767.kN2i3Q.rst 2025-05-27 16:13:11.521185394 +0200 +--- /dev/null ++++ b/Misc/NEWS.d/next/Security/2025-05-09-20-22-54.gh-issue-133767.kN2i3Q.rst @@ -0,0 +1,2 @@ +Fix use-after-free in the "unicode-escape" decoder with a non-"strict" error +handler. -Index: Python-3.11.12/Objects/bytesobject.c -=================================================================== ---- Python-3.11.12.orig/Objects/bytesobject.c 2025-05-27 16:12:54.739976905 +0200 -+++ Python-3.11.12/Objects/bytesobject.c 2025-05-27 16:13:11.521614202 +0200 -@@ -1057,10 +1057,11 @@ +--- a/Objects/bytesobject.c ++++ b/Objects/bytesobject.c +@@ -1057,10 +1057,11 @@ _PyBytes_FormatEx(const char *format, Py } /* Unescape a backslash-escaped string. */ @@ -253,7 +241,7 @@ Index: Python-3.11.12/Objects/bytesobject.c { int c; char *p; -@@ -1074,7 +1075,8 @@ +@@ -1074,7 +1075,8 @@ PyObject *_PyBytes_DecodeEscape(const ch return NULL; writer.overallocate = 1; @@ -263,7 +251,7 @@ Index: Python-3.11.12/Objects/bytesobject.c end = s + len; while (s < end) { -@@ -1112,9 +1114,10 @@ +@@ -1112,9 +1114,10 @@ PyObject *_PyBytes_DecodeEscape(const ch c = (c<<3) + *s++ - '0'; } if (c > 0377) { @@ -277,7 +265,7 @@ Index: Python-3.11.12/Objects/bytesobject.c } } *p++ = c; -@@ -1155,9 +1158,10 @@ +@@ -1155,9 +1158,10 @@ PyObject *_PyBytes_DecodeEscape(const ch break; default: @@ -291,7 +279,7 @@ Index: Python-3.11.12/Objects/bytesobject.c } *p++ = '\\'; s--; -@@ -1171,23 +1175,39 @@ +@@ -1171,23 +1175,39 @@ PyObject *_PyBytes_DecodeEscape(const ch return NULL; } @@ -339,7 +327,7 @@ Index: Python-3.11.12/Objects/bytesobject.c { Py_DECREF(result); return NULL; -@@ -1196,7 +1216,7 @@ +@@ -1196,7 +1216,7 @@ PyObject *PyBytes_DecodeEscape(const cha else { if (PyErr_WarnFormat(PyExc_DeprecationWarning, 1, "invalid escape sequence '\\%c'", @@ -348,11 +336,9 @@ Index: Python-3.11.12/Objects/bytesobject.c { Py_DECREF(result); return NULL; -Index: Python-3.11.12/Objects/unicodeobject.c -=================================================================== ---- Python-3.11.12.orig/Objects/unicodeobject.c 2025-05-27 16:12:54.739976905 +0200 -+++ Python-3.11.12/Objects/unicodeobject.c 2025-05-27 16:13:11.523098541 +0200 -@@ -6301,20 +6301,23 @@ +--- a/Objects/unicodeobject.c ++++ b/Objects/unicodeobject.c +@@ -6301,20 +6301,23 @@ PyUnicode_AsUTF16String(PyObject *unicod static _PyUnicode_Name_CAPI *ucnhash_capi = NULL; PyObject * @@ -379,7 +365,7 @@ Index: Python-3.11.12/Objects/unicodeobject.c if (size == 0) { if (consumed) { -@@ -6402,9 +6405,12 @@ +@@ -6402,9 +6405,12 @@ _PyUnicode_DecodeUnicodeEscapeInternal(c } } if (ch > 0377) { @@ -395,7 +381,7 @@ Index: Python-3.11.12/Objects/unicodeobject.c } } WRITE_CHAR(ch); -@@ -6503,9 +6509,12 @@ +@@ -6503,9 +6509,12 @@ _PyUnicode_DecodeUnicodeEscapeInternal(c goto error; default: @@ -411,7 +397,7 @@ Index: Python-3.11.12/Objects/unicodeobject.c } WRITE_ASCII_CHAR('\\'); WRITE_CHAR(c); -@@ -6544,24 +6553,42 @@ +@@ -6544,24 +6553,42 @@ _PyUnicode_DecodeUnicodeEscapeInternal(c return NULL; } @@ -462,7 +448,7 @@ Index: Python-3.11.12/Objects/unicodeobject.c { Py_DECREF(result); return NULL; -@@ -6570,7 +6597,7 @@ +@@ -6570,7 +6597,7 @@ _PyUnicode_DecodeUnicodeEscapeStateful(c else { if (PyErr_WarnFormat(PyExc_DeprecationWarning, 1, "invalid escape sequence '\\%c'", @@ -471,11 +457,9 @@ Index: Python-3.11.12/Objects/unicodeobject.c { Py_DECREF(result); return NULL; -Index: Python-3.11.12/Parser/string_parser.c -=================================================================== ---- Python-3.11.12.orig/Parser/string_parser.c 2025-05-27 16:12:54.739976905 +0200 -+++ Python-3.11.12/Parser/string_parser.c 2025-05-27 16:13:11.524051710 +0200 -@@ -130,12 +130,15 @@ +--- a/Parser/string_parser.c ++++ b/Parser/string_parser.c +@@ -130,12 +130,15 @@ decode_unicode_with_escapes(Parser *pars len = p - buf; s = buf; @@ -496,7 +480,7 @@ Index: Python-3.11.12/Parser/string_parser.c inside u. */ Py_XDECREF(u); Py_DECREF(v); -@@ -149,14 +152,17 @@ +@@ -149,14 +152,17 @@ decode_unicode_with_escapes(Parser *pars static PyObject * decode_bytes_with_escapes(Parser *p, const char *s, Py_ssize_t len, Token *t) { -- 2.51.1 From 28749a59dd740f09e8006e0b4cae87df58b3e8243ca2eca505c2dc41e274b651 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Mon, 9 Jun 2025 17:26:24 +0000 Subject: [PATCH 127/135] =?UTF-8?q?-=20Update=20to=203.11.13:=20=20=20-=20?= =?UTF-8?q?Security=20=20=20=20=20-=20gh-135034:=20Fixes=20multiple=20issu?= =?UTF-8?q?es=20that=20allowed=20tarfile=20=20=20=20=20=20=20extraction=20?= =?UTF-8?q?filters=20(filter=3D"data"=20and=20filter=3D"tar")=20to=20be=20?= =?UTF-8?q?=20=20=20=20=20=20bypassed=20using=20crafted=20symlinks=20and?= =?UTF-8?q?=20hard=20links.=20=20=20=20=20=20=20Addresses=20CVE-2024-12718?= =?UTF-8?q?=20(bsc#1244056),=20CVE-2025-4138=20=20=20=20=20=20=20(bsc#1244?= =?UTF-8?q?059),=20CVE-2025-4330=20(bsc#1244060),=20and=20=20=20=20=20=20?= =?UTF-8?q?=20CVE-2025-4517=20(bsc#1244032).=20=20=20=20=20-=20gh-133767:?= =?UTF-8?q?=20Fix=20use-after-free=20in=20the=20=E2=80=9Cunicode-escape?= =?UTF-8?q?=E2=80=9D=20=20=20=20=20=20=20decoder=20with=20a=20non-?= =?UTF-8?q?=E2=80=9Cstrict=E2=80=9D=20error=20handler=20(CVE-2025-4516,=20?= =?UTF-8?q?=20=20=20=20=20=20bsc#1243273).=20=20=20=20=20-=20gh-128840:=20?= =?UTF-8?q?Short-circuit=20the=20processing=20of=20long=20IPv6=20=20=20=20?= =?UTF-8?q?=20=20=20addresses=20early=20in=20ipaddress=20to=20prevent=20ex?= =?UTF-8?q?cessive=20memory=20=20=20=20=20=20=20consumption=20and=20a=20mi?= =?UTF-8?q?nor=20denial-of-service.=20=20=20-=20Library=20=20=20=20=20-=20?= =?UTF-8?q?gh-128840:=20Fix=20parsing=20long=20IPv6=20addresses=20with=20e?= =?UTF-8?q?mbedded=20=20=20=20=20=20=20IPv4=20address.=20=20=20=20=20-=20g?= =?UTF-8?q?h-134062:=20ipaddress:=20fix=20collisions=20in=20=5F=5Fhash=5F?= =?UTF-8?q?=5F()=20for=20=20=20=20=20=20=20IPv4Network=20and=20IPv6Network?= =?UTF-8?q?=20objects.=20=20=20=20=20-=20gh-123409:=20Fix=20ipaddress.IPv6?= =?UTF-8?q?Address.reverse=5Fpointer=20output=20=20=20=20=20=20=20accordin?= =?UTF-8?q?g=20to=20RFC=203596,=20=C2=A72.5.=20Patch=20by=20B=C3=A9n=C3=A9?= =?UTF-8?q?dikt=20Tran.=20=20=20=20=20-=20bpo-43633:=20Improve=20the=20tex?= =?UTF-8?q?tual=20representation=20of=20=20=20=20=20=20=20IPv4-mapped=20IP?= =?UTF-8?q?v6=20addresses=20(RFC=204291=20Sections=202.2,=202.5.5.2)=20=20?= =?UTF-8?q?=20=20=20=20=20in=20ipaddress.=20Patch=20by=20Oleksandr=20Pavli?= =?UTF-8?q?uk.=20-=20Remove=20upstreamed=20patches:=20=20=20-=20gh-126572-?= =?UTF-8?q?test=5Fssl-no-stop-ThreadedEchoServer-OSError.patch=20=20=20-?= =?UTF-8?q?=20CVE-2025-4516-DecodeError-handler.patch?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=183 --- .gitattributes | 23 + .gitignore | 1 + CVE-2023-52425-libexpat-2.6.0-backport.patch | 233 + ...-52425-remove-reparse_deferral-tests.patch | 60 + CVE-2024-9287-venv_path_unquoted.patch | 299 + CVE-2025-0938-sq-brackets-domain-names.patch | 127 + CVE-2025-4516-DecodeError-handler.patch | 504 ++ F00251-change-user-install-location.patch | 215 + PACKAGING-NOTES | 26 + Python-3.11.10.tar.xz | 3 + Python-3.11.10.tar.xz.asc | 16 + Python-3.11.11.tar.xz | 3 + Python-3.11.11.tar.xz.sigstore | 1 + Python-3.11.12.tar.xz | 3 + Python-3.11.12.tar.xz.sigstore | 1 + Python-3.11.13.tar.xz | 3 + Python-3.11.13.tar.xz.sigstore | 1 + README.SUSE | 43 + _multibuild | 4 + add-loongarch64-support.patch | 29 + baselibs.conf | 3 + bluez-devel-vendor.tar.xz | 3 + bpo-31046_ensurepip_honours_prefix.patch | 173 + bsc1221260-test_asyncio-ResourceWarning.patch | 21 + bso1227999-reproducible-builds.patch | 37 + distutils-reproducible-compile.patch | 17 + externally_managed.in | 12 + fix_configure_rst.patch | 40 + ...l-no-stop-ThreadedEchoServer-OSError.patch | 82 + gh120226-fix-sendfile-test-kernel-610.patch | 35 + idle3.appdata.xml | 35 + idle3.desktop | 12 + import_failed.map | 7 + import_failed.py | 23 + macros.python3 | 28 + no-skipif-doctests.patch | 653 ++ pre_checkin.sh | 78 + python-3.3.0b1-fix_date_time_compiler.patch | 27 + python-3.3.0b1-localpath.patch | 13 + python-3.3.0b1-test-posix_fadvise.patch | 17 + python.keyring | 109 + python311-rpmlintrc | 4 + python311.changes | 5623 +++++++++++++++++ python311.spec | 1042 +++ skip-test_pyobject_freed_is_freed.patch | 23 + skip_if_buildbot-extend.patch | 15 + skipped_tests.py | 69 + subprocess-raise-timeout.patch | 18 + 48 files changed, 9814 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 CVE-2023-52425-libexpat-2.6.0-backport.patch create mode 100644 CVE-2023-52425-remove-reparse_deferral-tests.patch create mode 100644 CVE-2024-9287-venv_path_unquoted.patch create mode 100644 CVE-2025-0938-sq-brackets-domain-names.patch create mode 100644 CVE-2025-4516-DecodeError-handler.patch create mode 100644 F00251-change-user-install-location.patch create mode 100644 PACKAGING-NOTES create mode 100644 Python-3.11.10.tar.xz create mode 100644 Python-3.11.10.tar.xz.asc create mode 100644 Python-3.11.11.tar.xz create mode 100644 Python-3.11.11.tar.xz.sigstore create mode 100644 Python-3.11.12.tar.xz create mode 100644 Python-3.11.12.tar.xz.sigstore create mode 100644 Python-3.11.13.tar.xz create mode 100644 Python-3.11.13.tar.xz.sigstore create mode 100644 README.SUSE create mode 100644 _multibuild create mode 100644 add-loongarch64-support.patch create mode 100644 baselibs.conf create mode 100644 bluez-devel-vendor.tar.xz create mode 100644 bpo-31046_ensurepip_honours_prefix.patch create mode 100644 bsc1221260-test_asyncio-ResourceWarning.patch create mode 100644 bso1227999-reproducible-builds.patch create mode 100644 distutils-reproducible-compile.patch create mode 100644 externally_managed.in create mode 100644 fix_configure_rst.patch create mode 100644 gh-126572-test_ssl-no-stop-ThreadedEchoServer-OSError.patch create mode 100644 gh120226-fix-sendfile-test-kernel-610.patch create mode 100644 idle3.appdata.xml create mode 100644 idle3.desktop create mode 100644 import_failed.map create mode 100644 import_failed.py create mode 100644 macros.python3 create mode 100644 no-skipif-doctests.patch create mode 100644 pre_checkin.sh create mode 100644 python-3.3.0b1-fix_date_time_compiler.patch create mode 100644 python-3.3.0b1-localpath.patch create mode 100644 python-3.3.0b1-test-posix_fadvise.patch create mode 100644 python.keyring create mode 100644 python311-rpmlintrc create mode 100644 python311.changes create mode 100644 python311.spec create mode 100644 skip-test_pyobject_freed_is_freed.patch create mode 100644 skip_if_buildbot-extend.patch create mode 100644 skipped_tests.py create mode 100644 subprocess-raise-timeout.patch diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/CVE-2023-52425-libexpat-2.6.0-backport.patch b/CVE-2023-52425-libexpat-2.6.0-backport.patch new file mode 100644 index 0000000..1acc25a --- /dev/null +++ b/CVE-2023-52425-libexpat-2.6.0-backport.patch @@ -0,0 +1,233 @@ +--- + Lib/test/support/__init__.py | 16 ++++++++++++++-- + Lib/test/test_minidom.py | 23 +++++++++-------------- + Lib/test/test_pyexpat.py | 12 +++++------- + Lib/test/test_sax.py | 18 +++++++++--------- + Lib/test/test_xml_etree.py | 12 ------------ + 5 files changed, 37 insertions(+), 44 deletions(-) + +Index: Python-3.11.12/Lib/test/support/__init__.py +=================================================================== +--- Python-3.11.12.orig/Lib/test/support/__init__.py 2025-04-11 10:52:43.191010503 +0200 ++++ Python-3.11.12/Lib/test/support/__init__.py 2025-04-11 10:52:44.802161741 +0200 +@@ -8,6 +8,7 @@ + import functools + import os + import re ++import pyexpat + import stat + import sys + import sysconfig +@@ -56,7 +57,7 @@ + "run_with_tz", "PGO", "missing_compiler_executable", + "ALWAYS_EQ", "NEVER_EQ", "LARGEST", "SMALLEST", + "LOOPBACK_TIMEOUT", "INTERNET_TIMEOUT", "SHORT_TIMEOUT", "LONG_TIMEOUT", +- "skip_on_s390x", ++ "skip_on_s390x", "fails_with_expat_2_6_0", "is_expat_2_6_0" + ] + + +@@ -2244,6 +2245,17 @@ + } + return ignored + +-#Windows doesn't have os.uname() but it doesn't support s390x. ++ ++# Windows doesn't have os.uname() but it doesn't support s390x. + skip_on_s390x = unittest.skipIf(hasattr(os, 'uname') and os.uname().machine == 's390x', + 'skipped on s390x') ++ ++ ++@functools.lru_cache ++def _is_expat_2_6_0(): ++ return hasattr(pyexpat.ParserCreate(), 'SetReparseDeferralEnabled') ++is_expat_2_6_0 = _is_expat_2_6_0() ++ ++fails_with_expat_2_6_0 = (unittest.expectedFailure ++ if is_expat_2_6_0 ++ else lambda test: test) +Index: Python-3.11.12/Lib/test/test_minidom.py +=================================================================== +--- Python-3.11.12.orig/Lib/test/test_minidom.py 2025-04-11 10:52:21.907086938 +0200 ++++ Python-3.11.12/Lib/test/test_minidom.py 2025-04-11 10:52:44.802522893 +0200 +@@ -6,7 +6,6 @@ + from test import support + import unittest + +-import pyexpat + import xml.dom.minidom + + from xml.dom.minidom import parse, Attr, Node, Document, parseString +@@ -1163,13 +1162,11 @@ + + # Verify that character decoding errors raise exceptions instead + # of crashing +- if pyexpat.version_info >= (2, 4, 5): +- self.assertRaises(ExpatError, parseString, +- b'') +- self.assertRaises(ExpatError, parseString, +- b'Comment \xe7a va ? Tr\xe8s bien ?') +- else: +- self.assertRaises(UnicodeDecodeError, parseString, ++ # It doesn’t make any sense to insist on the exact text of the ++ # error message, or even the exact Exception … it is enough that ++ # the error has been discovered. ++ with self.assertRaises((UnicodeDecodeError, ExpatError)): ++ parseString( + b'Comment \xe7a va ? Tr\xe8s bien ?') + + doc.unlink() +@@ -1631,12 +1628,10 @@ + self.confirm(doc2.namespaceURI == xml.dom.EMPTY_NAMESPACE) + + def testExceptionOnSpacesInXMLNSValue(self): +- if pyexpat.version_info >= (2, 4, 5): +- context = self.assertRaisesRegex(ExpatError, 'syntax error') +- else: +- context = self.assertRaisesRegex(ValueError, 'Unsupported syntax') +- +- with context: ++ # It doesn’t make any sense to insist on the exact text of the ++ # error message, or even the exact Exception … it is enough that ++ # the error has been discovered. ++ with self.assertRaises((ExpatError, ValueError)): + parseString('') + + def testDocRemoveChild(self): +Index: Python-3.11.12/Lib/test/test_pyexpat.py +=================================================================== +--- Python-3.11.12.orig/Lib/test/test_pyexpat.py 2025-04-11 10:52:22.076696906 +0200 ++++ Python-3.11.12/Lib/test/test_pyexpat.py 2025-04-11 10:52:44.803228085 +0200 +@@ -14,8 +14,7 @@ + from xml.parsers import expat + from xml.parsers.expat import errors + +-from test.support import sortdict, is_emscripten, is_wasi +- ++from test.support import sortdict, is_emscripten, is_wasi, is_expat_2_6_0 + + class SetAttributeTest(unittest.TestCase): + def setUp(self): +@@ -770,9 +769,8 @@ + self.assertIs(parser.GetReparseDeferralEnabled(), enabled) + + def test_reparse_deferral_enabled(self): +- if expat.version_info < (2, 6, 0): +- self.skipTest(f'Expat {expat.version_info} does not ' +- 'support reparse deferral') ++ if not is_expat_2_6_0: ++ self.skipTest("Linked libexpat doesn't support reparse deferral") + + started = [] + +@@ -801,9 +799,9 @@ + + parser = expat.ParserCreate() + parser.StartElementHandler = start_element +- if expat.version_info >= (2, 6, 0): ++ if is_expat_2_6_0: + parser.SetReparseDeferralEnabled(False) +- self.assertFalse(parser.GetReparseDeferralEnabled()) ++ self.assertFalse(parser.GetReparseDeferralEnabled()) + + for chunk in (b''): + parser.Parse(chunk, False) +Index: Python-3.11.12/Lib/test/test_sax.py +=================================================================== +--- Python-3.11.12.orig/Lib/test/test_sax.py 2025-04-11 10:52:22.111440337 +0200 ++++ Python-3.11.12/Lib/test/test_sax.py 2025-04-11 10:52:44.803567098 +0200 +@@ -19,13 +19,11 @@ + from io import BytesIO, StringIO + import codecs + import os.path +-import pyexpat + import shutil + import sys + from urllib.error import URLError + import urllib.request +-from test.support import os_helper +-from test.support import findfile ++from test.support import os_helper, findfile, is_expat_2_6_0 + from test.support.os_helper import FakePath, TESTFN + + +@@ -1215,10 +1213,10 @@ + + self.assertEqual(result.getvalue(), start + b"text") + +- @unittest.skipIf(pyexpat.version_info < (2, 6, 0), +- f'Expat {pyexpat.version_info} does not ' +- 'support reparse deferral') + def test_flush_reparse_deferral_enabled(self): ++ if not is_expat_2_6_0: ++ self.skipTest("Linked libexpat doesn't support reparse deferral") ++ + result = BytesIO() + xmlgen = XMLGenerator(result) + parser = create_parser() +@@ -1241,6 +1239,9 @@ + self.assertEqual(result.getvalue(), start + b"") + + def test_flush_reparse_deferral_disabled(self): ++ if not is_expat_2_6_0: ++ self.skipTest("Linked libexpat doesn't support reparse deferral") ++ + result = BytesIO() + xmlgen = XMLGenerator(result) + parser = create_parser() +@@ -1249,9 +1250,8 @@ + for chunk in (""): + parser.feed(chunk) + +- if pyexpat.version_info >= (2, 6, 0): +- parser._parser.SetReparseDeferralEnabled(False) +- self.assertEqual(result.getvalue(), start) # i.e. no elements started ++ parser._parser.SetReparseDeferralEnabled(False) ++ self.assertEqual(result.getvalue(), start) # i.e. no elements started + + self.assertFalse(parser._parser.GetReparseDeferralEnabled()) + +Index: Python-3.11.12/Lib/test/test_xml_etree.py +=================================================================== +--- Python-3.11.12.orig/Lib/test/test_xml_etree.py 2025-04-11 10:52:22.425637912 +0200 ++++ Python-3.11.12/Lib/test/test_xml_etree.py 2025-04-11 10:52:44.804234785 +0200 +@@ -13,7 +13,6 @@ + import operator + import os + import pickle +-import pyexpat + import sys + import textwrap + import types +@@ -1424,12 +1423,6 @@ + self.assert_event_tags(parser, [('end', 'root')]) + self.assertIsNone(parser.close()) + +- def test_simple_xml_chunk_1(self): +- self.test_simple_xml(chunk_size=1, flush=True) +- +- def test_simple_xml_chunk_5(self): +- self.test_simple_xml(chunk_size=5, flush=True) +- + def test_simple_xml_chunk_22(self): + self.test_simple_xml(chunk_size=22) + +@@ -1627,9 +1620,6 @@ + with self.assertRaises(ValueError): + ET.XMLPullParser(events=('start', 'end', 'bogus')) + +- @unittest.skipIf(pyexpat.version_info < (2, 6, 0), +- f'Expat {pyexpat.version_info} does not ' +- 'support reparse deferral') + def test_flush_reparse_deferral_enabled(self): + parser = ET.XMLPullParser(events=('start', 'end')) + +@@ -1656,8 +1646,6 @@ + + for chunk in (""): + parser.feed(chunk) +- +- if pyexpat.version_info >= (2, 6, 0): + if not ET is pyET: + self.skipTest(f'XMLParser.(Get|Set)ReparseDeferralEnabled ' + 'methods not available in C') diff --git a/CVE-2023-52425-remove-reparse_deferral-tests.patch b/CVE-2023-52425-remove-reparse_deferral-tests.patch new file mode 100644 index 0000000..553bdf8 --- /dev/null +++ b/CVE-2023-52425-remove-reparse_deferral-tests.patch @@ -0,0 +1,60 @@ +--- + Lib/test/test_pyexpat.py | 2 ++ + Lib/test/test_sax.py | 2 ++ + Lib/test/test_xml_etree.py | 2 ++ + 3 files changed, 6 insertions(+) + +--- a/Lib/test/test_pyexpat.py ++++ b/Lib/test/test_pyexpat.py +@@ -768,6 +768,7 @@ class ReparseDeferralTest(unittest.TestC + parser.SetReparseDeferralEnabled(True) + self.assertIs(parser.GetReparseDeferralEnabled(), enabled) + ++ @unittest.skip('Tests are failing.') + def test_reparse_deferral_enabled(self): + if not is_expat_2_6_0: + self.skipTest("Linked libexpat doesn't support reparse deferral") +@@ -791,6 +792,7 @@ class ReparseDeferralTest(unittest.TestC + + self.assertEqual(started, ['doc']) + ++ @unittest.skip('Tests are failing.') + def test_reparse_deferral_disabled(self): + started = [] + +--- a/Lib/test/test_sax.py ++++ b/Lib/test/test_sax.py +@@ -1213,6 +1213,7 @@ class ExpatReaderTest(XmlTestBase): + + self.assertEqual(result.getvalue(), start + b"text") + ++ @unittest.skip('Tests are failing.') + def test_flush_reparse_deferral_enabled(self): + if not is_expat_2_6_0: + self.skipTest("Linked libexpat doesn't support reparse deferral") +@@ -1238,6 +1239,7 @@ class ExpatReaderTest(XmlTestBase): + + self.assertEqual(result.getvalue(), start + b"") + ++ @unittest.skip('Tests are failing.') + def test_flush_reparse_deferral_disabled(self): + if not is_expat_2_6_0: + self.skipTest("Linked libexpat doesn't support reparse deferral") +--- a/Lib/test/test_xml_etree.py ++++ b/Lib/test/test_xml_etree.py +@@ -1620,6 +1620,7 @@ class XMLPullParserTest(unittest.TestCas + with self.assertRaises(ValueError): + ET.XMLPullParser(events=('start', 'end', 'bogus')) + ++ @unittest.skip('Tests are failing.') + def test_flush_reparse_deferral_enabled(self): + parser = ET.XMLPullParser(events=('start', 'end')) + +@@ -1641,6 +1642,7 @@ class XMLPullParserTest(unittest.TestCas + + self.assert_event_tags(parser, [('end', 'doc')]) + ++ @unittest.skip('Tests are failing.') + def test_flush_reparse_deferral_disabled(self): + parser = ET.XMLPullParser(events=('start', 'end')) + diff --git a/CVE-2024-9287-venv_path_unquoted.patch b/CVE-2024-9287-venv_path_unquoted.patch new file mode 100644 index 0000000..541a907 --- /dev/null +++ b/CVE-2024-9287-venv_path_unquoted.patch @@ -0,0 +1,299 @@ +From 1408cc9bf9e8b19968761548c30b78d37074c21c Mon Sep 17 00:00:00 2001 +From: Y5 <124019959+y5c4l3@users.noreply.github.com> +Date: Tue, 22 Oct 2024 04:48:04 +0800 +Subject: [PATCH] gh-124651: Quote template strings in `venv` activation + scripts (GH-124712) + +This patch properly quotes template strings in `venv` activation +scripts. This mitigates potential command injection. + +(cherry picked from commit d48cc82ed25e26b02eb97c6263d95dcaa1e9111b) +--- + Lib/test/test_venv.py | 81 ++++++++++ + Lib/venv/__init__.py | 42 ++++- + Lib/venv/scripts/common/activate | 8 + Lib/venv/scripts/nt/activate.bat | 6 + Lib/venv/scripts/posix/activate.csh | 8 + Lib/venv/scripts/posix/activate.fish | 8 + Misc/NEWS.d/next/Library/2024-09-28-02-03-04.gh-issue-124651.bLBGtH.rst | 1 + 7 files changed, 134 insertions(+), 20 deletions(-) + create mode 100644 Misc/NEWS.d/next/Library/2024-09-28-02-03-04.gh-issue-124651.bLBGtH.rst + +--- a/Lib/test/test_venv.py ++++ b/Lib/test/test_venv.py +@@ -11,6 +11,7 @@ import os + import os.path + import pathlib + import re ++import shlex + import shutil + import struct + import subprocess +@@ -96,6 +97,10 @@ class BaseTest(unittest.TestCase): + result = f.read() + return result + ++ def assertEndsWith(self, string, tail): ++ if not string.endswith(tail): ++ self.fail(f"String {string!r} does not end with {tail!r}") ++ + class BasicTest(BaseTest): + """Test venv module functionality.""" + +@@ -446,6 +451,82 @@ class BasicTest(BaseTest): + 'import sys; print(sys.executable)']) + self.assertEqual(out.strip(), envpy.encode()) + ++ # gh-124651: test quoted strings ++ @unittest.skipIf(os.name == 'nt', 'contains invalid characters on Windows') ++ def test_special_chars_bash(self): ++ """ ++ Test that the template strings are quoted properly (bash) ++ """ ++ rmtree(self.env_dir) ++ bash = shutil.which('bash') ++ if bash is None: ++ self.skipTest('bash required for this test') ++ env_name = '"\';&&$e|\'"' ++ env_dir = os.path.join(os.path.realpath(self.env_dir), env_name) ++ builder = venv.EnvBuilder(clear=True) ++ builder.create(env_dir) ++ activate = os.path.join(env_dir, self.bindir, 'activate') ++ test_script = os.path.join(self.env_dir, 'test_special_chars.sh') ++ with open(test_script, "w") as f: ++ f.write(f'source {shlex.quote(activate)}\n' ++ 'python -c \'import sys; print(sys.executable)\'\n' ++ 'python -c \'import os; print(os.environ["VIRTUAL_ENV"])\'\n' ++ 'deactivate\n') ++ out, err = check_output([bash, test_script]) ++ lines = out.splitlines() ++ self.assertTrue(env_name.encode() in lines[0]) ++ self.assertEndsWith(lines[1], env_name.encode()) ++ ++ # gh-124651: test quoted strings ++ @unittest.skipIf(os.name == 'nt', 'contains invalid characters on Windows') ++ def test_special_chars_csh(self): ++ """ ++ Test that the template strings are quoted properly (csh) ++ """ ++ rmtree(self.env_dir) ++ csh = shutil.which('tcsh') or shutil.which('csh') ++ if csh is None: ++ self.skipTest('csh required for this test') ++ env_name = '"\';&&$e|\'"' ++ env_dir = os.path.join(os.path.realpath(self.env_dir), env_name) ++ builder = venv.EnvBuilder(clear=True) ++ builder.create(env_dir) ++ activate = os.path.join(env_dir, self.bindir, 'activate.csh') ++ test_script = os.path.join(self.env_dir, 'test_special_chars.csh') ++ with open(test_script, "w") as f: ++ f.write(f'source {shlex.quote(activate)}\n' ++ 'python -c \'import sys; print(sys.executable)\'\n' ++ 'python -c \'import os; print(os.environ["VIRTUAL_ENV"])\'\n' ++ 'deactivate\n') ++ out, err = check_output([csh, test_script]) ++ lines = out.splitlines() ++ self.assertTrue(env_name.encode() in lines[0]) ++ self.assertEndsWith(lines[1], env_name.encode()) ++ ++ # gh-124651: test quoted strings on Windows ++ @unittest.skipUnless(os.name == 'nt', 'only relevant on Windows') ++ def test_special_chars_windows(self): ++ """ ++ Test that the template strings are quoted properly on Windows ++ """ ++ rmtree(self.env_dir) ++ env_name = "'&&^$e" ++ env_dir = os.path.join(os.path.realpath(self.env_dir), env_name) ++ builder = venv.EnvBuilder(clear=True) ++ builder.create(env_dir) ++ activate = os.path.join(env_dir, self.bindir, 'activate.bat') ++ test_batch = os.path.join(self.env_dir, 'test_special_chars.bat') ++ with open(test_batch, "w") as f: ++ f.write('@echo off\n' ++ f'"{activate}" & ' ++ f'{self.exe} -c "import sys; print(sys.executable)" & ' ++ f'{self.exe} -c "import os; print(os.environ[\'VIRTUAL_ENV\'])" & ' ++ 'deactivate') ++ out, err = check_output([test_batch]) ++ lines = out.splitlines() ++ self.assertTrue(env_name.encode() in lines[0]) ++ self.assertEndsWith(lines[1], env_name.encode()) ++ + @unittest.skipUnless(os.name == 'nt', 'only relevant on Windows') + def test_unicode_in_batch_file(self): + """ +--- a/Lib/venv/__init__.py ++++ b/Lib/venv/__init__.py +@@ -11,6 +11,7 @@ import subprocess + import sys + import sysconfig + import types ++import shlex + + + CORE_VENV_DEPS = ('pip', 'setuptools') +@@ -394,11 +395,41 @@ class EnvBuilder: + :param context: The information for the environment creation request + being processed. + """ +- text = text.replace('__VENV_DIR__', context.env_dir) +- text = text.replace('__VENV_NAME__', context.env_name) +- text = text.replace('__VENV_PROMPT__', context.prompt) +- text = text.replace('__VENV_BIN_NAME__', context.bin_name) +- text = text.replace('__VENV_PYTHON__', context.env_exe) ++ replacements = { ++ '__VENV_DIR__': context.env_dir, ++ '__VENV_NAME__': context.env_name, ++ '__VENV_PROMPT__': context.prompt, ++ '__VENV_BIN_NAME__': context.bin_name, ++ '__VENV_PYTHON__': context.env_exe, ++ } ++ ++ def quote_ps1(s): ++ """ ++ This should satisfy PowerShell quoting rules [1], unless the quoted ++ string is passed directly to Windows native commands [2]. ++ [1]: https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_quoting_rules ++ [2]: https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_parsing#passing-arguments-that-contain-quote-characters ++ """ ++ s = s.replace("'", "''") ++ return f"'{s}'" ++ ++ def quote_bat(s): ++ return s ++ ++ # gh-124651: need to quote the template strings properly ++ quote = shlex.quote ++ script_path = context.script_path ++ if script_path.endswith('.ps1'): ++ quote = quote_ps1 ++ elif script_path.endswith('.bat'): ++ quote = quote_bat ++ else: ++ # fallbacks to POSIX shell compliant quote ++ quote = shlex.quote ++ ++ replacements = {key: quote(s) for key, s in replacements.items()} ++ for key, quoted in replacements.items(): ++ text = text.replace(key, quoted) + return text + + def install_scripts(self, context, path): +@@ -438,6 +469,7 @@ class EnvBuilder: + with open(srcfile, 'rb') as f: + data = f.read() + if not srcfile.endswith(('.exe', '.pdb')): ++ context.script_path = srcfile + try: + data = data.decode('utf-8') + data = self.replace_variables(data, context) +--- a/Lib/venv/scripts/common/activate ++++ b/Lib/venv/scripts/common/activate +@@ -35,11 +35,11 @@ deactivate () { + # unset irrelevant variables + deactivate nondestructive + +-VIRTUAL_ENV="__VENV_DIR__" ++VIRTUAL_ENV=__VENV_DIR__ + export VIRTUAL_ENV + + _OLD_VIRTUAL_PATH="$PATH" +-PATH="$VIRTUAL_ENV/__VENV_BIN_NAME__:$PATH" ++PATH="$VIRTUAL_ENV/"__VENV_BIN_NAME__":$PATH" + export PATH + + # unset PYTHONHOME if set +@@ -52,9 +52,9 @@ fi + + if [ -z "${VIRTUAL_ENV_DISABLE_PROMPT:-}" ] ; then + _OLD_VIRTUAL_PS1="${PS1:-}" +- PS1="__VENV_PROMPT__${PS1:-}" ++ PS1=__VENV_PROMPT__"${PS1:-}" + export PS1 +- VIRTUAL_ENV_PROMPT="__VENV_PROMPT__" ++ VIRTUAL_ENV_PROMPT=__VENV_PROMPT__ + export VIRTUAL_ENV_PROMPT + fi + +--- a/Lib/venv/scripts/nt/activate.bat ++++ b/Lib/venv/scripts/nt/activate.bat +@@ -8,7 +8,7 @@ if defined _OLD_CODEPAGE ( + "%SystemRoot%\System32\chcp.com" 65001 > nul + ) + +-set VIRTUAL_ENV=__VENV_DIR__ ++set "VIRTUAL_ENV=__VENV_DIR__" + + if not defined PROMPT set PROMPT=$P$G + +@@ -24,8 +24,8 @@ set PYTHONHOME= + if defined _OLD_VIRTUAL_PATH set PATH=%_OLD_VIRTUAL_PATH% + if not defined _OLD_VIRTUAL_PATH set _OLD_VIRTUAL_PATH=%PATH% + +-set PATH=%VIRTUAL_ENV%\__VENV_BIN_NAME__;%PATH% +-set VIRTUAL_ENV_PROMPT=__VENV_PROMPT__ ++set "PATH=%VIRTUAL_ENV%\__VENV_BIN_NAME__;%PATH%" ++set "VIRTUAL_ENV_PROMPT=__VENV_PROMPT__" + + :END + if defined _OLD_CODEPAGE ( +--- a/Lib/venv/scripts/posix/activate.csh ++++ b/Lib/venv/scripts/posix/activate.csh +@@ -8,17 +8,17 @@ alias deactivate 'test $?_OLD_VIRTUAL_PA + # Unset irrelevant variables. + deactivate nondestructive + +-setenv VIRTUAL_ENV "__VENV_DIR__" ++setenv VIRTUAL_ENV __VENV_DIR__ + + set _OLD_VIRTUAL_PATH="$PATH" +-setenv PATH "$VIRTUAL_ENV/__VENV_BIN_NAME__:$PATH" ++setenv PATH "$VIRTUAL_ENV/"__VENV_BIN_NAME__":$PATH" + + + set _OLD_VIRTUAL_PROMPT="$prompt" + + if (! "$?VIRTUAL_ENV_DISABLE_PROMPT") then +- set prompt = "__VENV_PROMPT__$prompt" +- setenv VIRTUAL_ENV_PROMPT "__VENV_PROMPT__" ++ set prompt = __VENV_PROMPT__"$prompt" ++ setenv VIRTUAL_ENV_PROMPT __VENV_PROMPT__ + endif + + alias pydoc python -m pydoc +--- a/Lib/venv/scripts/posix/activate.fish ++++ b/Lib/venv/scripts/posix/activate.fish +@@ -33,10 +33,10 @@ end + # Unset irrelevant variables. + deactivate nondestructive + +-set -gx VIRTUAL_ENV "__VENV_DIR__" ++set -gx VIRTUAL_ENV __VENV_DIR__ + + set -gx _OLD_VIRTUAL_PATH $PATH +-set -gx PATH "$VIRTUAL_ENV/__VENV_BIN_NAME__" $PATH ++set -gx PATH "$VIRTUAL_ENV/"__VENV_BIN_NAME__ $PATH + + # Unset PYTHONHOME if set. + if set -q PYTHONHOME +@@ -56,7 +56,7 @@ if test -z "$VIRTUAL_ENV_DISABLE_PROMPT" + set -l old_status $status + + # Output the venv prompt; color taken from the blue of the Python logo. +- printf "%s%s%s" (set_color 4B8BBE) "__VENV_PROMPT__" (set_color normal) ++ printf "%s%s%s" (set_color 4B8BBE) __VENV_PROMPT__ (set_color normal) + + # Restore the return status of the previous command. + echo "exit $old_status" | . +@@ -65,5 +65,5 @@ if test -z "$VIRTUAL_ENV_DISABLE_PROMPT" + end + + set -gx _OLD_FISH_PROMPT_OVERRIDE "$VIRTUAL_ENV" +- set -gx VIRTUAL_ENV_PROMPT "__VENV_PROMPT__" ++ set -gx VIRTUAL_ENV_PROMPT __VENV_PROMPT__ + end +--- /dev/null ++++ b/Misc/NEWS.d/next/Library/2024-09-28-02-03-04.gh-issue-124651.bLBGtH.rst +@@ -0,0 +1 @@ ++Properly quote template strings in :mod:`venv` activation scripts. diff --git a/CVE-2025-0938-sq-brackets-domain-names.patch b/CVE-2025-0938-sq-brackets-domain-names.patch new file mode 100644 index 0000000..7db4656 --- /dev/null +++ b/CVE-2025-0938-sq-brackets-domain-names.patch @@ -0,0 +1,127 @@ +From d91e2c740890837edafaee24d68112b776cda9c5 Mon Sep 17 00:00:00 2001 +From: Seth Michael Larson +Date: Fri, 31 Jan 2025 11:41:34 -0600 +Subject: [PATCH] gh-105704: Disallow square brackets (`[` and `]`) in domain + names for parsed URLs (GH-129418) + +* gh-105704: Disallow square brackets ( and ) in domain names for parsed URLs + +* Use Sphinx references + +Co-authored-by: Peter Bierma + +* Add mismatched bracket test cases, fix news format + +* Add more test coverage for ports + +--------- + +(cherry picked from commit d89a5f6a6e65511a5f6e0618c4c30a7aa5aba56a) + +Co-authored-by: Seth Michael Larson +Co-authored-by: Peter Bierma +--- + Lib/test/test_urlparse.py | 37 +++++++++- + Lib/urllib/parse.py | 20 ++++- + Misc/NEWS.d/next/Security/2025-01-28-14-08-03.gh-issue-105704.EnhHxu.rst | 4 + + 3 files changed, 58 insertions(+), 3 deletions(-) + create mode 100644 Misc/NEWS.d/next/Security/2025-01-28-14-08-03.gh-issue-105704.EnhHxu.rst + +--- a/Lib/test/test_urlparse.py ++++ b/Lib/test/test_urlparse.py +@@ -1224,16 +1224,51 @@ class UrlParseTestCase(unittest.TestCase + self.assertRaises(ValueError, urllib.parse.urlsplit, 'Scheme://user@[0439:23af::2309::fae7:1234]/Path?Query') + self.assertRaises(ValueError, urllib.parse.urlsplit, 'Scheme://user@[0439:23af:2309::fae7:1234:2342:438e:192.0.2.146]/Path?Query') + self.assertRaises(ValueError, urllib.parse.urlsplit, 'Scheme://user@]v6a.ip[/Path') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[v6a.ip]') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[v6a.ip].suffix') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[v6a.ip]/') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[v6a.ip].suffix/') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[v6a.ip]?') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[v6a.ip].suffix?') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]/') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix/') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]?') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix?') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]:a') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix:a') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]:a1') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix:a1') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]:1a') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix:1a') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]:') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix:/') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]:?') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://user@prefix.[v6a.ip]') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://user@[v6a.ip].suffix') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[v6a.ip') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://v6a.ip]') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://]v6a.ip[') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://]v6a.ip') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://v6a.ip[') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[v6a.ip') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://v6a.ip].suffix') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix]v6a.ip[suffix') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix]v6a.ip') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://v6a.ip[suffix') + + def test_splitting_bracketed_hosts(self): +- p1 = urllib.parse.urlsplit('scheme://user@[v6a.ip]/path?query') ++ p1 = urllib.parse.urlsplit('scheme://user@[v6a.ip]:1234/path?query') + self.assertEqual(p1.hostname, 'v6a.ip') + self.assertEqual(p1.username, 'user') + self.assertEqual(p1.path, '/path') ++ self.assertEqual(p1.port, 1234) + p2 = urllib.parse.urlsplit('scheme://user@[0439:23af:2309::fae7%test]/path?query') + self.assertEqual(p2.hostname, '0439:23af:2309::fae7%test') + self.assertEqual(p2.username, 'user') + self.assertEqual(p2.path, '/path') ++ self.assertIs(p2.port, None) + p3 = urllib.parse.urlsplit('scheme://user@[0439:23af:2309::fae7:1234:192.0.2.146%test]/path?query') + self.assertEqual(p3.hostname, '0439:23af:2309::fae7:1234:192.0.2.146%test') + self.assertEqual(p3.username, 'user') +--- a/Lib/urllib/parse.py ++++ b/Lib/urllib/parse.py +@@ -436,6 +436,23 @@ def _checknetloc(netloc): + raise ValueError("netloc '" + netloc + "' contains invalid " + + "characters under NFKC normalization") + ++def _check_bracketed_netloc(netloc): ++ # Note that this function must mirror the splitting ++ # done in NetlocResultMixins._hostinfo(). ++ hostname_and_port = netloc.rpartition('@')[2] ++ before_bracket, have_open_br, bracketed = hostname_and_port.partition('[') ++ if have_open_br: ++ # No data is allowed before a bracket. ++ if before_bracket: ++ raise ValueError("Invalid IPv6 URL") ++ hostname, _, port = bracketed.partition(']') ++ # No data is allowed after the bracket but before the port delimiter. ++ if port and not port.startswith(":"): ++ raise ValueError("Invalid IPv6 URL") ++ else: ++ hostname, _, port = hostname_and_port.partition(':') ++ _check_bracketed_host(hostname) ++ + # Valid bracketed hosts are defined in + # https://www.rfc-editor.org/rfc/rfc3986#page-49 and https://url.spec.whatwg.org/ + def _check_bracketed_host(hostname): +@@ -496,8 +513,7 @@ def urlsplit(url, scheme='', allow_fragm + (']' in netloc and '[' not in netloc)): + raise ValueError("Invalid IPv6 URL") + if '[' in netloc and ']' in netloc: +- bracketed_host = netloc.partition('[')[2].partition(']')[0] +- _check_bracketed_host(bracketed_host) ++ _check_bracketed_netloc(netloc) + if allow_fragments and '#' in url: + url, fragment = url.split('#', 1) + if '?' in url: +--- /dev/null ++++ b/Misc/NEWS.d/next/Security/2025-01-28-14-08-03.gh-issue-105704.EnhHxu.rst +@@ -0,0 +1,4 @@ ++When using :func:`urllib.parse.urlsplit` and :func:`urllib.parse.urlparse` host ++parsing would not reject domain names containing square brackets (``[`` and ++``]``). Square brackets are only valid for IPv6 and IPvFuture hosts according to ++`RFC 3986 Section 3.2.2 `__. diff --git a/CVE-2025-4516-DecodeError-handler.patch b/CVE-2025-4516-DecodeError-handler.patch new file mode 100644 index 0000000..fc4b1d6 --- /dev/null +++ b/CVE-2025-4516-DecodeError-handler.patch @@ -0,0 +1,504 @@ +From 0c33e5baedf18ebcb04bc41dff7cfc614d5ea5fe Mon Sep 17 00:00:00 2001 +From: Serhiy Storchaka +Date: Tue, 20 May 2025 15:46:57 +0300 +Subject: [PATCH] [3.11] gh-133767: Fix use-after-free in the unicode-escape + decoder with an error handler (GH-129648) (GH-133944) + +If the error handler is used, a new bytes object is created to set as +the object attribute of UnicodeDecodeError, and that bytes object then +replaces the original data. A pointer to the decoded data will became invalid +after destroying that temporary bytes object. So we need other way to return +the first invalid escape from _PyUnicode_DecodeUnicodeEscapeInternal(). + +_PyBytes_DecodeEscape() does not have such issue, because it does not +use the error handlers registry, but it should be changed for compatibility +with _PyUnicode_DecodeUnicodeEscapeInternal(). +(cherry picked from commit 9f69a58623bd01349a18ba0c7a9cb1dad6a51e8e) +(cherry picked from commit 6279eb8c076d89d3739a6edb393e43c7929b429d) +(cherry picked from commit a75953b347716fff694aa59a7c7c2489fa50d1f5) + +Co-authored-by: Serhiy Storchaka +--- + Include/cpython/bytesobject.h | 4 + Include/cpython/unicodeobject.h | 13 ++ + Lib/test/test_codeccallbacks.py | 39 ++++++ + Lib/test/test_codecs.py | 52 ++++++-- + Misc/NEWS.d/next/Security/2025-05-09-20-22-54.gh-issue-133767.kN2i3Q.rst | 2 + Objects/bytesobject.c | 56 ++++++-- + Objects/unicodeobject.c | 63 +++++++--- + Parser/string_parser.c | 24 ++- + 8 files changed, 197 insertions(+), 56 deletions(-) + create mode 100644 Misc/NEWS.d/next/Security/2025-05-09-20-22-54.gh-issue-133767.kN2i3Q.rst + +--- a/Include/cpython/bytesobject.h ++++ b/Include/cpython/bytesobject.h +@@ -25,6 +25,10 @@ PyAPI_FUNC(PyObject*) _PyBytes_FromHex( + int use_bytearray); + + /* Helper for PyBytes_DecodeEscape that detects invalid escape chars. */ ++PyAPI_FUNC(PyObject*) _PyBytes_DecodeEscape2(const char *, Py_ssize_t, ++ const char *, ++ int *, const char **); ++// Export for binary compatibility. + PyAPI_FUNC(PyObject *) _PyBytes_DecodeEscape(const char *, Py_ssize_t, + const char *, const char **); + +--- a/Include/cpython/unicodeobject.h ++++ b/Include/cpython/unicodeobject.h +@@ -914,6 +914,19 @@ PyAPI_FUNC(PyObject*) _PyUnicode_DecodeU + ); + /* Helper for PyUnicode_DecodeUnicodeEscape that detects invalid escape + chars. */ ++PyAPI_FUNC(PyObject*) _PyUnicode_DecodeUnicodeEscapeInternal2( ++ const char *string, /* Unicode-Escape encoded string */ ++ Py_ssize_t length, /* size of string */ ++ const char *errors, /* error handling */ ++ Py_ssize_t *consumed, /* bytes consumed */ ++ int *first_invalid_escape_char, /* on return, if not -1, contain the first ++ invalid escaped char (<= 0xff) or invalid ++ octal escape (> 0xff) in string. */ ++ const char **first_invalid_escape_ptr); /* on return, if not NULL, may ++ point to the first invalid escaped ++ char in string. ++ May be NULL if errors is not NULL. */ ++// Export for binary compatibility. + PyAPI_FUNC(PyObject*) _PyUnicode_DecodeUnicodeEscapeInternal( + const char *string, /* Unicode-Escape encoded string */ + Py_ssize_t length, /* size of string */ +--- a/Lib/test/test_codeccallbacks.py ++++ b/Lib/test/test_codeccallbacks.py +@@ -1,6 +1,7 @@ + import codecs + import html.entities + import itertools ++import re + import sys + import unicodedata + import unittest +@@ -1124,7 +1125,7 @@ class CodecCallbackTest(unittest.TestCas + text = 'abcghi'*n + text.translate(charmap) + +- def test_mutatingdecodehandler(self): ++ def test_mutating_decode_handler(self): + baddata = [ + ("ascii", b"\xff"), + ("utf-7", b"++"), +@@ -1159,6 +1160,42 @@ class CodecCallbackTest(unittest.TestCas + for (encoding, data) in baddata: + self.assertEqual(data.decode(encoding, "test.mutating"), "\u4242") + ++ def test_mutating_decode_handler_unicode_escape(self): ++ decode = codecs.unicode_escape_decode ++ def mutating(exc): ++ if isinstance(exc, UnicodeDecodeError): ++ r = data.get(exc.object[:exc.end]) ++ if r is not None: ++ exc.object = r[0] + exc.object[exc.end:] ++ return ('\u0404', r[1]) ++ raise AssertionError("don't know how to handle %r" % exc) ++ ++ codecs.register_error('test.mutating2', mutating) ++ data = { ++ br'\x0': (b'\\', 0), ++ br'\x3': (b'xxx\\', 3), ++ br'\x5': (b'x\\', 1), ++ } ++ def check(input, expected, msg): ++ with self.assertWarns(DeprecationWarning) as cm: ++ self.assertEqual(decode(input, 'test.mutating2'), (expected, len(input))) ++ self.assertIn(msg, str(cm.warning)) ++ ++ check(br'\x0n\z', '\u0404\n\\z', r"invalid escape sequence '\z'") ++ check(br'\x0n\501', '\u0404\n\u0141', r"invalid octal escape sequence '\501'") ++ check(br'\x0z', '\u0404\\z', r"invalid escape sequence '\z'") ++ ++ check(br'\x3n\zr', '\u0404\n\\zr', r"invalid escape sequence '\z'") ++ check(br'\x3zr', '\u0404\\zr', r"invalid escape sequence '\z'") ++ check(br'\x3z5', '\u0404\\z5', r"invalid escape sequence '\z'") ++ check(memoryview(br'\x3z5x')[:-1], '\u0404\\z5', r"invalid escape sequence '\z'") ++ check(memoryview(br'\x3z5xy')[:-2], '\u0404\\z5', r"invalid escape sequence '\z'") ++ ++ check(br'\x5n\z', '\u0404\n\\z', r"invalid escape sequence '\z'") ++ check(br'\x5n\501', '\u0404\n\u0141', r"invalid octal escape sequence '\501'") ++ check(br'\x5z', '\u0404\\z', r"invalid escape sequence '\z'") ++ check(memoryview(br'\x5zy')[:-1], '\u0404\\z', r"invalid escape sequence '\z'") ++ + # issue32583 + def test_crashing_decode_handler(self): + # better generating one more character to fill the extra space slot +--- a/Lib/test/test_codecs.py ++++ b/Lib/test/test_codecs.py +@@ -1198,23 +1198,39 @@ class EscapeDecodeTest(unittest.TestCase + check(br"[\1010]", b"[A0]") + check(br"[\x41]", b"[A]") + check(br"[\x410]", b"[A0]") ++ ++ def test_warnings(self): ++ decode = codecs.escape_decode ++ check = coding_checker(self, decode) + for i in range(97, 123): + b = bytes([i]) + if b not in b'abfnrtvx': +- with self.assertWarns(DeprecationWarning): ++ with self.assertWarnsRegex(DeprecationWarning, ++ r"invalid escape sequence '\\%c'" % i): + check(b"\\" + b, b"\\" + b) +- with self.assertWarns(DeprecationWarning): ++ with self.assertWarnsRegex(DeprecationWarning, ++ r"invalid escape sequence '\\%c'" % (i-32)): + check(b"\\" + b.upper(), b"\\" + b.upper()) +- with self.assertWarns(DeprecationWarning): ++ with self.assertWarnsRegex(DeprecationWarning, ++ r"invalid escape sequence '\\8'"): + check(br"\8", b"\\8") + with self.assertWarns(DeprecationWarning): + check(br"\9", b"\\9") +- with self.assertWarns(DeprecationWarning): ++ with self.assertWarnsRegex(DeprecationWarning, ++ r"invalid escape sequence '\\\xfa'") as cm: + check(b"\\\xfa", b"\\\xfa") + for i in range(0o400, 0o1000): +- with self.assertWarns(DeprecationWarning): ++ with self.assertWarnsRegex(DeprecationWarning, ++ r"invalid octal escape sequence '\\%o'" % i): + check(rb'\%o' % i, bytes([i & 0o377])) + ++ with self.assertWarnsRegex(DeprecationWarning, ++ r"invalid escape sequence '\\z'"): ++ self.assertEqual(decode(br'\x\z', 'ignore'), (b'\\z', 4)) ++ with self.assertWarnsRegex(DeprecationWarning, ++ r"invalid octal escape sequence '\\501'"): ++ self.assertEqual(decode(br'\x\501', 'ignore'), (b'A', 6)) ++ + def test_errors(self): + decode = codecs.escape_decode + self.assertRaises(ValueError, decode, br"\x") +@@ -2487,24 +2503,40 @@ class UnicodeEscapeTest(ReadTest, unitte + check(br"[\x410]", "[A0]") + check(br"\u20ac", "\u20ac") + check(br"\U0001d120", "\U0001d120") ++ ++ def test_decode_warnings(self): ++ decode = codecs.unicode_escape_decode ++ check = coding_checker(self, decode) + for i in range(97, 123): + b = bytes([i]) + if b not in b'abfnrtuvx': +- with self.assertWarns(DeprecationWarning): ++ with self.assertWarnsRegex(DeprecationWarning, ++ r"invalid escape sequence '\\%c'" % i): + check(b"\\" + b, "\\" + chr(i)) + if b.upper() not in b'UN': +- with self.assertWarns(DeprecationWarning): ++ with self.assertWarnsRegex(DeprecationWarning, ++ r"invalid escape sequence '\\%c'" % (i-32)): + check(b"\\" + b.upper(), "\\" + chr(i-32)) +- with self.assertWarns(DeprecationWarning): ++ with self.assertWarnsRegex(DeprecationWarning, ++ r"invalid escape sequence '\\8'"): + check(br"\8", "\\8") + with self.assertWarns(DeprecationWarning): + check(br"\9", "\\9") +- with self.assertWarns(DeprecationWarning): ++ with self.assertWarnsRegex(DeprecationWarning, ++ r"invalid escape sequence '\\\xfa'") as cm: + check(b"\\\xfa", "\\\xfa") + for i in range(0o400, 0o1000): +- with self.assertWarns(DeprecationWarning): ++ with self.assertWarnsRegex(DeprecationWarning, ++ r"invalid octal escape sequence '\\%o'" % i): + check(rb'\%o' % i, chr(i)) + ++ with self.assertWarnsRegex(DeprecationWarning, ++ r"invalid escape sequence '\\z'"): ++ self.assertEqual(decode(br'\x\z', 'ignore'), ('\\z', 4)) ++ with self.assertWarnsRegex(DeprecationWarning, ++ r"invalid octal escape sequence '\\501'"): ++ self.assertEqual(decode(br'\x\501', 'ignore'), ('\u0141', 6)) ++ + def test_decode_errors(self): + decode = codecs.unicode_escape_decode + for c, d in (b'x', 2), (b'u', 4), (b'U', 4): +--- /dev/null ++++ b/Misc/NEWS.d/next/Security/2025-05-09-20-22-54.gh-issue-133767.kN2i3Q.rst +@@ -0,0 +1,2 @@ ++Fix use-after-free in the "unicode-escape" decoder with a non-"strict" error ++handler. +--- a/Objects/bytesobject.c ++++ b/Objects/bytesobject.c +@@ -1057,10 +1057,11 @@ _PyBytes_FormatEx(const char *format, Py + } + + /* Unescape a backslash-escaped string. */ +-PyObject *_PyBytes_DecodeEscape(const char *s, ++PyObject *_PyBytes_DecodeEscape2(const char *s, + Py_ssize_t len, + const char *errors, +- const char **first_invalid_escape) ++ int *first_invalid_escape_char, ++ const char **first_invalid_escape_ptr) + { + int c; + char *p; +@@ -1074,7 +1075,8 @@ PyObject *_PyBytes_DecodeEscape(const ch + return NULL; + writer.overallocate = 1; + +- *first_invalid_escape = NULL; ++ *first_invalid_escape_char = -1; ++ *first_invalid_escape_ptr = NULL; + + end = s + len; + while (s < end) { +@@ -1112,9 +1114,10 @@ PyObject *_PyBytes_DecodeEscape(const ch + c = (c<<3) + *s++ - '0'; + } + if (c > 0377) { +- if (*first_invalid_escape == NULL) { +- *first_invalid_escape = s-3; /* Back up 3 chars, since we've +- already incremented s. */ ++ if (*first_invalid_escape_char == -1) { ++ *first_invalid_escape_char = c; ++ /* Back up 3 chars, since we've already incremented s. */ ++ *first_invalid_escape_ptr = s - 3; + } + } + *p++ = c; +@@ -1155,9 +1158,10 @@ PyObject *_PyBytes_DecodeEscape(const ch + break; + + default: +- if (*first_invalid_escape == NULL) { +- *first_invalid_escape = s-1; /* Back up one char, since we've +- already incremented s. */ ++ if (*first_invalid_escape_char == -1) { ++ *first_invalid_escape_char = (unsigned char)s[-1]; ++ /* Back up one char, since we've already incremented s. */ ++ *first_invalid_escape_ptr = s - 1; + } + *p++ = '\\'; + s--; +@@ -1171,23 +1175,39 @@ PyObject *_PyBytes_DecodeEscape(const ch + return NULL; + } + ++// Export for binary compatibility. ++PyObject *_PyBytes_DecodeEscape(const char *s, ++ Py_ssize_t len, ++ const char *errors, ++ const char **first_invalid_escape) ++{ ++ int first_invalid_escape_char; ++ return _PyBytes_DecodeEscape2( ++ s, len, errors, ++ &first_invalid_escape_char, ++ first_invalid_escape); ++} ++ + PyObject *PyBytes_DecodeEscape(const char *s, + Py_ssize_t len, + const char *errors, + Py_ssize_t Py_UNUSED(unicode), + const char *Py_UNUSED(recode_encoding)) + { +- const char* first_invalid_escape; +- PyObject *result = _PyBytes_DecodeEscape(s, len, errors, +- &first_invalid_escape); ++ int first_invalid_escape_char; ++ const char *first_invalid_escape_ptr; ++ PyObject *result = _PyBytes_DecodeEscape2(s, len, errors, ++ &first_invalid_escape_char, ++ &first_invalid_escape_ptr); + if (result == NULL) + return NULL; +- if (first_invalid_escape != NULL) { +- unsigned char c = *first_invalid_escape; +- if ('4' <= c && c <= '7') { ++ if (first_invalid_escape_char != -1) { ++ if (first_invalid_escape_char > 0xff) { ++ char buf[12] = ""; ++ snprintf(buf, sizeof buf, "%o", first_invalid_escape_char); + if (PyErr_WarnFormat(PyExc_DeprecationWarning, 1, +- "invalid octal escape sequence '\\%.3s'", +- first_invalid_escape) < 0) ++ "invalid octal escape sequence '\\%s'", ++ buf) < 0) + { + Py_DECREF(result); + return NULL; +@@ -1196,7 +1216,7 @@ PyObject *PyBytes_DecodeEscape(const cha + else { + if (PyErr_WarnFormat(PyExc_DeprecationWarning, 1, + "invalid escape sequence '\\%c'", +- c) < 0) ++ first_invalid_escape_char) < 0) + { + Py_DECREF(result); + return NULL; +--- a/Objects/unicodeobject.c ++++ b/Objects/unicodeobject.c +@@ -6301,20 +6301,23 @@ PyUnicode_AsUTF16String(PyObject *unicod + static _PyUnicode_Name_CAPI *ucnhash_capi = NULL; + + PyObject * +-_PyUnicode_DecodeUnicodeEscapeInternal(const char *s, ++_PyUnicode_DecodeUnicodeEscapeInternal2(const char *s, + Py_ssize_t size, + const char *errors, + Py_ssize_t *consumed, +- const char **first_invalid_escape) ++ int *first_invalid_escape_char, ++ const char **first_invalid_escape_ptr) + { + const char *starts = s; ++ const char *initial_starts = starts; + _PyUnicodeWriter writer; + const char *end; + PyObject *errorHandler = NULL; + PyObject *exc = NULL; + + // so we can remember if we've seen an invalid escape char or not +- *first_invalid_escape = NULL; ++ *first_invalid_escape_char = -1; ++ *first_invalid_escape_ptr = NULL; + + if (size == 0) { + if (consumed) { +@@ -6402,9 +6405,12 @@ _PyUnicode_DecodeUnicodeEscapeInternal(c + } + } + if (ch > 0377) { +- if (*first_invalid_escape == NULL) { +- *first_invalid_escape = s-3; /* Back up 3 chars, since we've +- already incremented s. */ ++ if (*first_invalid_escape_char == -1) { ++ *first_invalid_escape_char = ch; ++ if (starts == initial_starts) { ++ /* Back up 3 chars, since we've already incremented s. */ ++ *first_invalid_escape_ptr = s - 3; ++ } + } + } + WRITE_CHAR(ch); +@@ -6503,9 +6509,12 @@ _PyUnicode_DecodeUnicodeEscapeInternal(c + goto error; + + default: +- if (*first_invalid_escape == NULL) { +- *first_invalid_escape = s-1; /* Back up one char, since we've +- already incremented s. */ ++ if (*first_invalid_escape_char == -1) { ++ *first_invalid_escape_char = c; ++ if (starts == initial_starts) { ++ /* Back up one char, since we've already incremented s. */ ++ *first_invalid_escape_ptr = s - 1; ++ } + } + WRITE_ASCII_CHAR('\\'); + WRITE_CHAR(c); +@@ -6544,24 +6553,42 @@ _PyUnicode_DecodeUnicodeEscapeInternal(c + return NULL; + } + ++// Export for binary compatibility. ++PyObject * ++_PyUnicode_DecodeUnicodeEscapeInternal(const char *s, ++ Py_ssize_t size, ++ const char *errors, ++ Py_ssize_t *consumed, ++ const char **first_invalid_escape) ++{ ++ int first_invalid_escape_char; ++ return _PyUnicode_DecodeUnicodeEscapeInternal2( ++ s, size, errors, consumed, ++ &first_invalid_escape_char, ++ first_invalid_escape); ++} ++ + PyObject * + _PyUnicode_DecodeUnicodeEscapeStateful(const char *s, + Py_ssize_t size, + const char *errors, + Py_ssize_t *consumed) + { +- const char *first_invalid_escape; +- PyObject *result = _PyUnicode_DecodeUnicodeEscapeInternal(s, size, errors, ++ int first_invalid_escape_char; ++ const char *first_invalid_escape_ptr; ++ PyObject *result = _PyUnicode_DecodeUnicodeEscapeInternal2(s, size, errors, + consumed, +- &first_invalid_escape); ++ &first_invalid_escape_char, ++ &first_invalid_escape_ptr); + if (result == NULL) + return NULL; +- if (first_invalid_escape != NULL) { +- unsigned char c = *first_invalid_escape; +- if ('4' <= c && c <= '7') { ++ if (first_invalid_escape_char != -1) { ++ if (first_invalid_escape_char > 0xff) { ++ char buf[12] = ""; ++ snprintf(buf, sizeof buf, "%o", first_invalid_escape_char); + if (PyErr_WarnFormat(PyExc_DeprecationWarning, 1, +- "invalid octal escape sequence '\\%.3s'", +- first_invalid_escape) < 0) ++ "invalid octal escape sequence '\\%s'", ++ buf) < 0) + { + Py_DECREF(result); + return NULL; +@@ -6570,7 +6597,7 @@ _PyUnicode_DecodeUnicodeEscapeStateful(c + else { + if (PyErr_WarnFormat(PyExc_DeprecationWarning, 1, + "invalid escape sequence '\\%c'", +- c) < 0) ++ first_invalid_escape_char) < 0) + { + Py_DECREF(result); + return NULL; +--- a/Parser/string_parser.c ++++ b/Parser/string_parser.c +@@ -130,12 +130,15 @@ decode_unicode_with_escapes(Parser *pars + len = p - buf; + s = buf; + +- const char *first_invalid_escape; +- v = _PyUnicode_DecodeUnicodeEscapeInternal(s, len, NULL, NULL, &first_invalid_escape); ++ int first_invalid_escape_char; ++ const char *first_invalid_escape_ptr; ++ v = _PyUnicode_DecodeUnicodeEscapeInternal2(s, (Py_ssize_t)len, NULL, NULL, ++ &first_invalid_escape_char, ++ &first_invalid_escape_ptr); + +- if (v != NULL && first_invalid_escape != NULL) { +- if (warn_invalid_escape_sequence(parser, first_invalid_escape, t) < 0) { +- /* We have not decref u before because first_invalid_escape points ++ if (v != NULL && first_invalid_escape_ptr != NULL) { ++ if (warn_invalid_escape_sequence(parser, first_invalid_escape_ptr, t) < 0) { ++ /* We have not decref u before because first_invalid_escape_ptr points + inside u. */ + Py_XDECREF(u); + Py_DECREF(v); +@@ -149,14 +152,17 @@ decode_unicode_with_escapes(Parser *pars + static PyObject * + decode_bytes_with_escapes(Parser *p, const char *s, Py_ssize_t len, Token *t) + { +- const char *first_invalid_escape; +- PyObject *result = _PyBytes_DecodeEscape(s, len, NULL, &first_invalid_escape); ++ int first_invalid_escape_char; ++ const char *first_invalid_escape_ptr; ++ PyObject *result = _PyBytes_DecodeEscape2(s, len, NULL, ++ &first_invalid_escape_char, ++ &first_invalid_escape_ptr); + if (result == NULL) { + return NULL; + } + +- if (first_invalid_escape != NULL) { +- if (warn_invalid_escape_sequence(p, first_invalid_escape, t) < 0) { ++ if (first_invalid_escape_ptr != NULL) { ++ if (warn_invalid_escape_sequence(p, first_invalid_escape_ptr, t) < 0) { + Py_DECREF(result); + return NULL; + } diff --git a/F00251-change-user-install-location.patch b/F00251-change-user-install-location.patch new file mode 100644 index 0000000..fa38a94 --- /dev/null +++ b/F00251-change-user-install-location.patch @@ -0,0 +1,215 @@ +From 910f38d9768d39d4d31426743ae4081ed1ab66b6 Mon Sep 17 00:00:00 2001 +From: Michal Cyprian +Date: Mon, 26 Jun 2017 16:32:56 +0200 +Subject: [PATCH] 00251: Change user install location + +Set values of prefix and exec_prefix in distutils install command +to /usr/local if executable is /usr/bin/python* and RPM build +is not detected to make pip and distutils install into separate location. + +Fedora Change: https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe +--- + Lib/distutils/command/install.py | 15 +++++++++++++-- + Lib/site.py | 9 ++++++++- + 2 files changed, 21 insertions(+), 3 deletions(-) + +Index: Python-3.11.8/Lib/distutils/command/install.py +=================================================================== +--- Python-3.11.8.orig/Lib/distutils/command/install.py ++++ Python-3.11.8/Lib/distutils/command/install.py +@@ -441,8 +441,19 @@ class install(Command): + raise DistutilsOptionError( + "must not supply exec-prefix without prefix") + +- self.prefix = os.path.normpath(sys.prefix) +- self.exec_prefix = os.path.normpath(sys.exec_prefix) ++ # self.prefix is set to sys.prefix + /local/ ++ # if neither RPM build nor virtual environment is ++ # detected to make pip and distutils install packages ++ # into the separate location. ++ if (not (hasattr(sys, 'real_prefix') or ++ sys.prefix != sys.base_prefix) and ++ 'RPM_BUILD_ROOT' not in os.environ): ++ addition = "/local" ++ else: ++ addition = "" ++ ++ self.prefix = os.path.normpath(sys.prefix) + addition ++ self.exec_prefix = os.path.normpath(sys.exec_prefix) + addition + + else: + if self.exec_prefix is None: +Index: Python-3.11.8/Lib/site.py +=================================================================== +--- Python-3.11.8.orig/Lib/site.py ++++ Python-3.11.8/Lib/site.py +@@ -387,8 +387,15 @@ def getsitepackages(prefixes=None): + return sitepackages + + def addsitepackages(known_paths, prefixes=None): +- """Add site-packages to sys.path""" ++ """Add site-packages to sys.path ++ ++ '/usr/local' is included in PREFIXES if RPM build is not detected ++ to make packages installed into this location visible. ++ ++ """ + _trace("Processing global site-packages") ++ if ENABLE_USER_SITE and 'RPM_BUILD_ROOT' not in os.environ: ++ PREFIXES.insert(0, "/usr/local") + for sitedir in getsitepackages(prefixes): + if os.path.isdir(sitedir): + addsitedir(sitedir, known_paths) + +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= +Date: Mon, 15 Feb 2021 12:19:27 +0100 +Subject: [PATCH] 00251: Change user install location +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Set values of base and platbase in sysconfig from /usr +to /usr/local when RPM build is not detected +to make pip and similar tools install into separate location. + +Fedora Change: https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe +Downstream only. + +We've tried to rework in Fedora 36/Python 3.10 to follow https://bugs.python.org/issue43976 +but we have identified serious problems with that approach, +see https://bugzilla.redhat.com/2026979 or https://bugzilla.redhat.com/2097183 + +pypa/distutils integration: https://github.com/pypa/distutils/pull/70 + +Co-authored-by: Petr Viktorin +Co-authored-by: Miro Hrončok +Co-authored-by: Michal Cyprian +Co-authored-by: Lumír Balhar +--- + Lib/site.py | 9 ++++++- + Lib/sysconfig.py | 49 +++++++++++++++++++++++++++++++++++++- + Lib/test/test_sysconfig.py | 17 +++++++++++-- + 3 files changed, 71 insertions(+), 4 deletions(-) + +Index: Python-3.11.9/Lib/sysconfig.py +=================================================================== +--- Python-3.11.9.orig/Lib/sysconfig.py ++++ Python-3.11.9/Lib/sysconfig.py +@@ -103,6 +103,11 @@ if os.name == 'nt': + else: + _INSTALL_SCHEMES['venv'] = _INSTALL_SCHEMES['posix_venv'] + ++# For a brief period of time in the Fedora 36 life cycle, ++# this installation scheme existed and was documented in the release notes. ++# For backwards compatibility, we keep it here (at least on 3.10 and 3.11). ++_INSTALL_SCHEMES['rpm_prefix'] = _INSTALL_SCHEMES['posix_prefix'] ++ + + # NOTE: site.py has copy of this function. + # Sync it when modify this function. +@@ -162,6 +167,19 @@ if _HAS_USER_BASE: + }, + } + ++# This is used by distutils.command.install in the stdlib ++# as well as pypa/distutils (e.g. bundled in setuptools). ++# The self.prefix value is set to sys.prefix + /local/ ++# if neither RPM build nor virtual environment is ++# detected to make distutils install packages ++# into the separate location. ++# https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe ++if (not (hasattr(sys, 'real_prefix') or ++ sys.prefix != sys.base_prefix) and ++ 'RPM_BUILD_ROOT' not in os.environ): ++ _prefix_addition = '/local' ++ ++ + _SCHEME_KEYS = ('stdlib', 'platstdlib', 'purelib', 'platlib', 'include', + 'scripts', 'data') + +@@ -258,11 +276,40 @@ def _extend_dict(target_dict, other_dict + target_dict[key] = value + + ++_CONFIG_VARS_LOCAL = None ++ ++ ++def _config_vars_local(): ++ # This function returns the config vars with prefixes amended to /usr/local ++ # https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe ++ global _CONFIG_VARS_LOCAL ++ if _CONFIG_VARS_LOCAL is None: ++ _CONFIG_VARS_LOCAL = dict(get_config_vars()) ++ _CONFIG_VARS_LOCAL['base'] = '/usr/local' ++ _CONFIG_VARS_LOCAL['platbase'] = '/usr/local' ++ return _CONFIG_VARS_LOCAL ++ ++ + def _expand_vars(scheme, vars): + res = {} + if vars is None: + vars = {} +- _extend_dict(vars, get_config_vars()) ++ ++ # when we are not in a virtual environment or an RPM build ++ # we change '/usr' to '/usr/local' ++ # to avoid surprises, we explicitly check for the /usr/ prefix ++ # Python virtual environments have different prefixes ++ # we only do this for posix_prefix, not to mangle the venv scheme ++ # posix_prefix is used by sudo pip install ++ # we only change the defaults here, so explicit --prefix will take precedence ++ # https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe ++ if (scheme == 'posix_prefix' and ++ _PREFIX == '/usr' and ++ 'RPM_BUILD_ROOT' not in os.environ): ++ _extend_dict(vars, _config_vars_local()) ++ else: ++ _extend_dict(vars, get_config_vars()) ++ + if os.name == 'nt': + # On Windows we want to substitute 'lib' for schemes rather + # than the native value (without modifying vars, in case it +Index: Python-3.11.9/Lib/test/test_sysconfig.py +=================================================================== +--- Python-3.11.9.orig/Lib/test/test_sysconfig.py ++++ Python-3.11.9/Lib/test/test_sysconfig.py +@@ -111,8 +111,19 @@ class TestSysConfig(unittest.TestCase): + for scheme in _INSTALL_SCHEMES: + for name in _INSTALL_SCHEMES[scheme]: + expected = _INSTALL_SCHEMES[scheme][name].format(**config_vars) ++ tested = get_path(name, scheme) ++ # https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe ++ if tested.startswith('/usr/local'): ++ # /usr/local should only be used in posix_prefix ++ self.assertEqual(scheme, 'posix_prefix') ++ # Fedora CI runs tests for venv and virtualenv that check for other prefixes ++ self.assertEqual(sys.prefix, '/usr') ++ # When building the RPM of Python, %check runs this with RPM_BUILD_ROOT set ++ # Fedora CI runs this with RPM_BUILD_ROOT unset ++ self.assertNotIn('RPM_BUILD_ROOT', os.environ) ++ tested = tested.replace('/usr/local', '/usr') + self.assertEqual( +- os.path.normpath(get_path(name, scheme)), ++ os.path.normpath(tested), + os.path.normpath(expected), + ) + +@@ -345,7 +356,7 @@ class TestSysConfig(unittest.TestCase): + self.assertTrue(os.path.isfile(config_h), config_h) + + def test_get_scheme_names(self): +- wanted = ['nt', 'posix_home', 'posix_prefix', 'posix_venv', 'nt_venv', 'venv'] ++ wanted = ['nt', 'posix_home', 'posix_prefix', 'posix_venv', 'nt_venv', 'venv', 'rpm_prefix'] + if HAS_USER_BASE: + wanted.extend(['nt_user', 'osx_framework_user', 'posix_user']) + self.assertEqual(get_scheme_names(), tuple(sorted(wanted))) +@@ -357,6 +368,8 @@ class TestSysConfig(unittest.TestCase): + cmd = "-c", "import sysconfig; print(sysconfig.get_platform())" + self.assertEqual(py.call_real(*cmd), py.call_link(*cmd)) + ++ @unittest.skipIf('RPM_BUILD_ROOT' not in os.environ, ++ "Test doesn't expect Fedora's paths") + def test_user_similar(self): + # Issue #8759: make sure the posix scheme for the users + # is similar to the global posix_prefix one diff --git a/PACKAGING-NOTES b/PACKAGING-NOTES new file mode 100644 index 0000000..e28c88c --- /dev/null +++ b/PACKAGING-NOTES @@ -0,0 +1,26 @@ +Notes for packagers of Python3 +============================== + +0. Faster build turnaround +-------------------------- + +By default, python builds with profile-guided optimization. This needs +an additional run of the test suite and it is generally slow. +PGO build takes around 50 minutes. + +For development, use "--without profileopt" option to disable PGO. This +shortens the build time to ~5 minutes including test suite. + +1. import_failed.map +---------------------- + +This is a mechanism installed as part of python3-base, that places shim modules +on python's path (through a generated zzzz-import-failed-hooks.pth file, so that +it is imported as much at the end as makes sense; and an _import_failed subdir +of /usr/lib/pythonX.Y). Then when the user tries to import a module that is part +of a subpackage, the ImportError will contain a helpful message telling them +which missing subpackage to install. + +This can sometimes cause problems on non-standard configurations, if the pth +gets included too early (for instance if you are using a script to include all +pths by hand in some strange order). Just something to look out for. diff --git a/Python-3.11.10.tar.xz b/Python-3.11.10.tar.xz new file mode 100644 index 0000000..f87e7ad --- /dev/null +++ b/Python-3.11.10.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:07a4356e912900e61a15cb0949a06c4a05012e213ecd6b4e84d0f67aabbee372 +size 20067656 diff --git a/Python-3.11.10.tar.xz.asc b/Python-3.11.10.tar.xz.asc new file mode 100644 index 0000000..243d1b1 --- /dev/null +++ b/Python-3.11.10.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEz9yiRbEEPPKl+Xhl/+h0BBaL2EcFAmbbrO0ACgkQ/+h0BBaL +2Ec+YBAAnQJLKYPjj7Yr7xkFU655Sv86JxeRAdWjnIapbiIuWg3Up8Pd8FTRgHGf +3XdTHw7b03lSjtzJwavzdnDklqAlBIGn9dVieljUIN7NYyNxoYOr/AiatimgSwv7 +dI5mfun5fLKV6ZcdNdQN5PJ3RZtF3I7VfkN2mlfZJHtxl1agdU/TfW2L+qJ7+JPY +cayjq2xKTLRNXOf2iV29GRRovLiqA+Dx0+cAwsScwreHMp3U4k3GkeHVoR6fldV4 +bVAM8GRl3CYVFePiqAbamKP1BSys44JOINWbWyd94JxzEAwXWz//Es0h73AzeRfK +ueORqzdoOGrVc74+HGlAHhqO1Gg7jMMmtkzCEuav+cGHYnMRMOngGR3q47aTJTVb +5UdP0oD4OlADPFVa6q0LCqN/IFlebWMh9pXYw7Wpek63oNuZHTfNPq4S1AUM2HJm +C3yzaOG9VAdYfLneJC4ldY4CVt1FKckfaXp5OAaMr71DI74e4CcEswlUupZJLZKV +TJRjQD15bnXGhHDqU4w3RmzpCWMh2mf4m4VMYQyObl3TtlX+gVvzIhDS5+mXqutB +F1pdXwaHHkTb2PLLxpwOGrnsp8XoW74tsylcYirQg8jSFMbgxfwgIjEIuRGXeDkT +B4QzmQ4SxsbLiH7etV6Fznl1h569Z4DO9OOs4i0ZzIjdhPDQtAs= +=TatG +-----END PGP SIGNATURE----- diff --git a/Python-3.11.11.tar.xz b/Python-3.11.11.tar.xz new file mode 100644 index 0000000..e0581b1 --- /dev/null +++ b/Python-3.11.11.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:2a9920c7a0cd236de33644ed980a13cbbc21058bfdc528febb6081575ed73be3 +size 20085792 diff --git a/Python-3.11.11.tar.xz.sigstore b/Python-3.11.11.tar.xz.sigstore new file mode 100644 index 0000000..782816a --- /dev/null +++ b/Python-3.11.11.tar.xz.sigstore @@ -0,0 +1 @@ +{"mediaType": "application/vnd.dev.sigstore.bundle.v0.3+json", "verificationMaterial": {"certificate": {"rawBytes": "MIICzDCCAlOgAwIBAgIUWcRolJPsPmtJKA6VkjHSj7PtjY8wCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjQxMjAzMTgxOTA1WhcNMjQxMjAzMTgyOTA1WjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEN+fBJCRZIAZiWPBdjyQVD+x5vgmjuuVct1HkPHIBMuEe7wI4mBG2BhJ3fHkpr97efIH6ELMmPV99edyAIZFXR6OCAXIwggFuMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUkutZdHfCCSvGI87mjnBRwZB8ihYwHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4YZD8wIgYDVR0RAQH/BBgwFoEUcGFibG9nc2FsQHB5dGhvbi5vcmcwKQYKKwYBBAGDvzABAQQbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMCsGCisGAQQBg78wAQgEHQwbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMIGKBgorBgEEAdZ5AgQCBHwEegB4AHYA3T0wasbHETJjGR4cmWc3AqJKXrjePK3/h4pygC8p7o4AAAGTjb9QlwAABAMARzBFAiEA4ddSINhYM+p0+DGzRqnA8rVtJF9YgI+9znXiq9fqQNkCIEErcSnQmN8jjErhwWWtcTM5GgH4ka/uk5kdHTycwxj3MAoGCCqGSM49BAMDA2cAMGQCMFmkCEH2pCBpFeFiUi2uA4opcJP6vh/zqb+D0tbxqd+jwbBkuDxDqA9/Ao3UWop+twIwO9o71KAlYWPSPYMeZERM4R8zWlp9mVJPiK3tgOJJi40MNmxwtfsQeQtncqiQLBAH"}, "tlogEntries": [{"logIndex": "153122039", "logId": {"keyId": "wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="}, "kindVersion": {"kind": "hashedrekord", "version": "0.0.1"}, "integratedTime": "1733249946", "inclusionPromise": {"signedEntryTimestamp": "MEUCIBL9zpVJtljIuZtAe8uptLfDmakmbAjy5ELp2q8WJTQ7AiEAv6lIpyJZycHwTS+JHYJFzMVv0SmA8yQ0eMneBivMhPY="}, "inclusionProof": {"logIndex": "31217777", "rootHash": "BMKHBPePzSbNqf2NyF/Ejuyy3troRGpNS41Dqe43nZ0=", "treeSize": "31217778", "hashes": ["lrr8dxmtgD09fnZTo1tMTY00HNKc2ZIpbZa1djDeTes=", "yFxGSg1RDbtZ/eNftnMdBJGNEZmmLyx2ZRDFtAIMHAk=", "GeqsQGnvgc+gcuaIC+vQ5b0RdTyBxBnYTpbeW2AeD+Q=", "dMTPeN/a9xCQQP+Hz7sddW0pPj8n54sfkhcf3XhjrMM=", "XjayhjKU3shP7q7lhmhKDv3Vpi4gJgAPCu0KlEzc9Qo=", "go1dmexQYS5etu69upRRX7IFvuA0rIcT9aYjMstmPIU=", "AYwr74Bm2w383UnS7DdbZUUAhusq28JoxKpWrQ7OvGQ=", "u+yWmGIR6sAH32wiSy22mz1Yf+jfPdBTjFbyRISuTZw=", "3eFC7Gp4fWecybDOAw9uUTrM1xB7YRYRAGsfYkiQbV8=", "1uKk2qjOliHMiTk906jrchP8mXWsRG8apaU1sa0lfh0=", "oOecFfN3YqDOkbijS/ej1WF5Da/Gt/AZNhbwE9uoOE8=", "4lUF0YOu9XkIDXKXA0wMSzd6VeDY3TZAgmoOeWmS2+Y=", "gf+9m552B3PnkWnO0o4KdVvjcT3WVHLrCbf1DoVYKFw="], "checkpoint": {"envelope": "rekor.sigstore.dev - 1193050959916656506\n31217778\nBMKHBPePzSbNqf2NyF/Ejuyy3troRGpNS41Dqe43nZ0=\n\n\u2014 rekor.sigstore.dev wNI9ajBEAiA7ed0HqugBwVpmxDAR1VN35J91/+DeRdj09y5lFY+bRwIgYe07JnZlJvp3MfAMXX3i4XBsZoDRZoXtwfBaRj/8x8s=\n"}}, "canonicalizedBody": "eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiaGFzaGVkcmVrb3JkIiwic3BlYyI6eyJkYXRhIjp7Imhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiIyYTk5MjBjN2EwY2QyMzZkZTMzNjQ0ZWQ5ODBhMTNjYmJjMjEwNThiZmRjNTI4ZmViYjYwODE1NzVlZDczYmUzIn19LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FVUNJRU5KSGllaWs5WkVibW83a0p4ZUhWY2FvVDVYOUxyWG1zRTVxc1I5R1JpSEFpRUFtcHZyV21vUHF5YzRpQ09VYXVmY3dKTllMK1lPTWU0b0NOaWRLVGduT1FBPSIsInB1YmxpY0tleSI6eyJjb250ZW50IjoiTFMwdExTMUNSVWRKVGlCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2sxSlNVTjZSRU5EUVd4UFowRjNTVUpCWjBsVlYyTlNiMnhLVUhOUWJYUktTMEUyVm10cVNGTnFOMUIwYWxrNGQwTm5XVWxMYjFwSmVtb3dSVUYzVFhjS1RucEZWazFDVFVkQk1WVkZRMmhOVFdNeWJHNWpNMUoyWTIxVmRWcEhWakpOVWpSM1NFRlpSRlpSVVVSRmVGWjZZVmRrZW1SSE9YbGFVekZ3WW01U2JBcGpiVEZzV2tkc2FHUkhWWGRJYUdOT1RXcFJlRTFxUVhwTlZHZDRUMVJCTVZkb1kwNU5hbEY0VFdwQmVrMVVaM2xQVkVFeFYycEJRVTFHYTNkRmQxbElDa3R2V2tsNmFqQkRRVkZaU1V0dldrbDZhakJFUVZGalJGRm5RVVZPSzJaQ1NrTlNXa2xCV21sWFVFSmthbmxSVmtRcmVEVjJaMjFxZFhWV1kzUXhTR3NLVUVoSlFrMTFSV1UzZDBrMGJVSkhNa0pvU2pObVNHdHdjamszWldaSlNEWkZURTF0VUZZNU9XVmtlVUZKV2taWVVqWlBRMEZZU1hkblowWjFUVUUwUndwQk1WVmtSSGRGUWk5M1VVVkJkMGxJWjBSQlZFSm5UbFpJVTFWRlJFUkJTMEpuWjNKQ1owVkdRbEZqUkVGNlFXUkNaMDVXU0ZFMFJVWm5VVlZyZFhSYUNtUklaa05EVTNaSFNUZzNiV3B1UWxKM1drSTRhV2haZDBoM1dVUldVakJxUWtKbmQwWnZRVlV6T1ZCd2VqRlphMFZhWWpWeFRtcHdTMFpYYVhocE5Ga0tXa1E0ZDBsbldVUldVakJTUVZGSUwwSkNaM2RHYjBWVlkwZEdhV0pIT1c1ak1rWnpVVWhDTldSSGFIWmlhVFYyWTIxamQwdFJXVXRMZDFsQ1FrRkhSQXAyZWtGQ1FWRlJZbUZJVWpCalNFMDJUSGs1YUZreVRuWmtWelV3WTNrMWJtSXlPVzVpUjFWMVdUSTVkRTFEYzBkRGFYTkhRVkZSUW1jM09IZEJVV2RGQ2toUmQySmhTRkl3WTBoTk5reDVPV2haTWs1MlpGYzFNR041Tlc1aU1qbHVZa2RWZFZreU9YUk5TVWRMUW1kdmNrSm5SVVZCWkZvMVFXZFJRMEpJZDBVS1pXZENORUZJV1VFelZEQjNZWE5pU0VWVVNtcEhValJqYlZkak0wRnhTa3RZY21wbFVFc3pMMmcwY0hsblF6aHdOMjgwUVVGQlIxUnFZamxSYkhkQlFRcENRVTFCVW5wQ1JrRnBSVUUwWkdSVFNVNW9XVTByY0RBclJFZDZVbkZ1UVRoeVZuUktSamxaWjBrck9YcHVXR2x4T1daeFVVNXJRMGxGUlhKalUyNVJDbTFPT0dwcVJYSm9kMWRYZEdOVVRUVkhaMGcwYTJFdmRXczFhMlJJVkhsamQzaHFNMDFCYjBkRFEzRkhVMDAwT1VKQlRVUkJNbU5CVFVkUlEwMUdiV3NLUTBWSU1uQkRRbkJHWlVacFZXa3lkVUUwYjNCalNsQTJkbWd2ZW5GaUswUXdkR0o0Y1dRcmFuZGlRbXQxUkhoRWNVRTVMMEZ2TTFWWGIzQXJkSGRKZHdwUE9XODNNVXRCYkZsWFVGTlFXVTFsV2tWU1RUUlNPSHBYYkhBNWJWWktVR2xMTTNSblQwcEthVFF3VFU1dGVIZDBabk5SWlZGMGJtTnhhVkZNUWtGSUNpMHRMUzB0UlU1RUlFTkZVbFJKUmtsRFFWUkZMUzB0TFMwSyJ9fX19"}]}, "messageSignature": {"messageDigest": {"algorithm": "SHA2_256", "digest": "Kpkgx6DNI23jNkTtmAoTy7whBYv9xSj+u2CBV17XO+M="}, "signature": "MEUCIENJHieik9ZEbmo7kJxeHVcaoT5X9LrXmsE5qsR9GRiHAiEAmpvrWmoPqyc4iCOUaufcwJNYL+YOMe4oCNidKTgnOQA="}} diff --git a/Python-3.11.12.tar.xz b/Python-3.11.12.tar.xz new file mode 100644 index 0000000..e2b3c80 --- /dev/null +++ b/Python-3.11.12.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:849da87af4df137710c1796e276a955f7a85c9f971081067c8f565d15c352a09 +size 20112232 diff --git a/Python-3.11.12.tar.xz.sigstore b/Python-3.11.12.tar.xz.sigstore new file mode 100644 index 0000000..36fb8a6 --- /dev/null +++ b/Python-3.11.12.tar.xz.sigstore @@ -0,0 +1 @@ +{"mediaType": "application/vnd.dev.sigstore.bundle.v0.3+json", "verificationMaterial": {"certificate": {"rawBytes": "MIICzDCCAlOgAwIBAgIUdXXo3kfUuTRxhwfBaDz2hbLdc00wCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjUwNDA4MTUwMzI1WhcNMjUwNDA4MTUxMzI1WjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEChWB96w27HEQAug03xOuj5aVvdcEBkLaseC6PKbhc3lq1vL78o96RMSdWdBSmBQ4OrRHKvop8VRwn4SI6KPIN6OCAXIwggFuMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUDQFNdUPu8lJprLgYTWMF//JnS0owHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4YZD8wIgYDVR0RAQH/BBgwFoEUcGFibG9nc2FsQHB5dGhvbi5vcmcwKQYKKwYBBAGDvzABAQQbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMCsGCisGAQQBg78wAQgEHQwbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMIGKBgorBgEEAdZ5AgQCBHwEegB4AHYA3T0wasbHETJjGR4cmWc3AqJKXrjePK3/h4pygC8p7o4AAAGWFe1zcgAABAMARzBFAiAMLue9b86BfjeZl9ML7LekLskkUPTEhI2ciiZrYgaF/gIhAIt66OYOVpC39L+bRXJd1K+T39IGMxYcKoaDrMk0DX59MAoGCCqGSM49BAMDA2cAMGQCMEJ+IEScHRIlOwToBZxVVJjrSxOVvqRSfUO5hvYNkqhYz97LxxUFWpcB/DMiQJOUbwIwKJRh5d7c30z1XyE5zsjOZZmz37ah6aJtyuHLCn3QKJniWBMxIMy9lbXlRZWZgsf0"}, "tlogEntries": [{"logIndex": "193896942", "logId": {"keyId": "wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="}, "kindVersion": {"kind": "hashedrekord", "version": "0.0.1"}, "integratedTime": "1744124605", "inclusionPromise": {"signedEntryTimestamp": "MEUCIQDBvc4N4pmeJKalSbAgT5X5MiHnHfiFJ3q/ifYIUDQORwIgNCMUBexEGM4B8VSSWkSDK8uZDGqzA7bgurZdWE0z/vc="}, "inclusionProof": {"logIndex": "71992680", "rootHash": "jow4GaqK8wgGK0YaQkHyINNk1eJRvrgCUSax5oC+bgc=", "treeSize": "71992683", "hashes": ["V5p0el9OkIku5PMpzeGtSeSQLNkd4d0DVh6qNlixrlk=", "CbJfH60w3vsS3xzOzbMZQaokwVM+6efm7OCLjQ5og/k=", "fJZsSVsDo+dpw5484/+8Rm3EH3JostySBfLMVDBUZOU=", "/C+wK2WU/SrXLMnuHDzeBP4K+Jlt/S0nAvzvcXJPp30=", "m6j5meZeKpBfFqNeI7qiCogWjT2IT5NZkgJYwot9sRo=", "V7VMIiqIq7yvzO+ic8vLqIJr3+iGA6whYAGN7YvWhsQ=", "2ap6N1WIsMWGC/Zrnzsx//K9223/3B9lLpJP87M+rXE=", "2kwW2rqY/EMS68q/rOjagVYsEMybFHgxIfbokSa8yKU=", "QReFEOB9XSZtDKsjRtA0fGnYGMYD2Z7qn50auG1YlWo=", "K26LG80DXyb+bC58c4Nw00WigG52v0PCsZGY3ExGsts=", "WEm5OgPzJpYROv+4CcrieexCYyQKrLUH3hbxmcQQ+DM=", "7v8qPHNDLerpduaMx06eb/MwgoQwczTn/cYGKX/9wZ4="], "checkpoint": {"envelope": "rekor.sigstore.dev - 1193050959916656506\n71992683\njow4GaqK8wgGK0YaQkHyINNk1eJRvrgCUSax5oC+bgc=\n\n\u2014 rekor.sigstore.dev wNI9ajBGAiEA7u1b4P659JpwuXMf6lhvC1RhOj/ZH7CpYcAQbitQSwUCIQDJrflW8FGweaiB88lSuLfpfD/a6l6jWhUyOQB/mIJ9rA==\n"}}, "canonicalizedBody": "eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiaGFzaGVkcmVrb3JkIiwic3BlYyI6eyJkYXRhIjp7Imhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiI4NDlkYTg3YWY0ZGYxMzc3MTBjMTc5NmUyNzZhOTU1ZjdhODVjOWY5NzEwODEwNjdjOGY1NjVkMTVjMzUyYTA5In19LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FUUNJRnMzQi9oTk9OMVY2TXFaUkxzRmNHNlU2Qjkza2FsL1VLZWsvYkRVb3o2MUFpQWZydmsrWXpjK0hHZGJYemRRQ203cjlKU2RNUCtuR1BOblVCZzFoSnAySVE9PSIsInB1YmxpY0tleSI6eyJjb250ZW50IjoiTFMwdExTMUNSVWRKVGlCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2sxSlNVTjZSRU5EUVd4UFowRjNTVUpCWjBsVlpGaFliek5yWmxWMVZGSjRhSGRtUW1GRWVqSm9Za3hrWXpBd2QwTm5XVWxMYjFwSmVtb3dSVUYzVFhjS1RucEZWazFDVFVkQk1WVkZRMmhOVFdNeWJHNWpNMUoyWTIxVmRWcEhWakpOVWpSM1NFRlpSRlpSVVVSRmVGWjZZVmRrZW1SSE9YbGFVekZ3WW01U2JBcGpiVEZzV2tkc2FHUkhWWGRJYUdOT1RXcFZkMDVFUVRSTlZGVjNUWHBKTVZkb1kwNU5hbFYzVGtSQk5FMVVWWGhOZWtreFYycEJRVTFHYTNkRmQxbElDa3R2V2tsNmFqQkRRVkZaU1V0dldrbDZhakJFUVZGalJGRm5RVVZEYUZkQ09UWjNNamRJUlZGQmRXY3dNM2hQZFdvMVlWWjJaR05GUW10TVlYTmxRellLVUV0aWFHTXpiSEV4ZGt3M09HODVObEpOVTJSWFpFSlRiVUpSTkU5eVVraExkbTl3T0ZaU2QyNDBVMGsyUzFCSlRqWlBRMEZZU1hkblowWjFUVUUwUndwQk1WVmtSSGRGUWk5M1VVVkJkMGxJWjBSQlZFSm5UbFpJVTFWRlJFUkJTMEpuWjNKQ1owVkdRbEZqUkVGNlFXUkNaMDVXU0ZFMFJVWm5VVlZFVVVaT0NtUlZVSFU0YkVwd2NreG5XVlJYVFVZdkwwcHVVekJ2ZDBoM1dVUldVakJxUWtKbmQwWnZRVlV6T1ZCd2VqRlphMFZhWWpWeFRtcHdTMFpYYVhocE5Ga0tXa1E0ZDBsbldVUldVakJTUVZGSUwwSkNaM2RHYjBWVlkwZEdhV0pIT1c1ak1rWnpVVWhDTldSSGFIWmlhVFYyWTIxamQwdFJXVXRMZDFsQ1FrRkhSQXAyZWtGQ1FWRlJZbUZJVWpCalNFMDJUSGs1YUZreVRuWmtWelV3WTNrMWJtSXlPVzVpUjFWMVdUSTVkRTFEYzBkRGFYTkhRVkZSUW1jM09IZEJVV2RGQ2toUmQySmhTRkl3WTBoTk5reDVPV2haTWs1MlpGYzFNR041Tlc1aU1qbHVZa2RWZFZreU9YUk5TVWRMUW1kdmNrSm5SVVZCWkZvMVFXZFJRMEpJZDBVS1pXZENORUZJV1VFelZEQjNZWE5pU0VWVVNtcEhValJqYlZkak0wRnhTa3RZY21wbFVFc3pMMmcwY0hsblF6aHdOMjgwUVVGQlIxZEdaVEY2WTJkQlFRcENRVTFCVW5wQ1JrRnBRVTFNZFdVNVlqZzJRbVpxWlZwc09VMU1OMHhsYTB4emEydFZVRlJGYUVreVkybHBXbkpaWjJGR0wyZEphRUZKZERZMlQxbFBDbFp3UXpNNVRDdGlVbGhLWkRGTEsxUXpPVWxIVFhoWlkwdHZZVVJ5VFdzd1JGZzFPVTFCYjBkRFEzRkhVMDAwT1VKQlRVUkJNbU5CVFVkUlEwMUZTaXNLU1VWVFkwaFNTV3hQZDFSdlFscDRWbFpLYW5KVGVFOVdkbkZTVTJaVlR6Vm9kbGxPYTNGb1dYbzVOMHg0ZUZWR1YzQmpRaTlFVFdsUlNrOVZZbmRKZHdwTFNsSm9OV1EzWXpNd2VqRlllVVUxZW5OcVQxcGFiWG96TjJGb05tRktkSGwxU0V4RGJqTlJTMHB1YVZkQ1RYaEpUWGs1YkdKWWJGSmFWMXBuYzJZd0NpMHRMUzB0UlU1RUlFTkZVbFJKUmtsRFFWUkZMUzB0TFMwSyJ9fX19"}], "timestampVerificationData": {}}, "messageSignature": {"messageDigest": {"algorithm": "SHA2_256", "digest": "hJ2oevTfE3cQwXluJ2qVX3qFyflxCBBnyPVl0Vw1Kgk="}, "signature": "MEQCIFs3B/hNON1V6MqZRLsFcG6U6B93kal/UKek/bDUoz61AiAfrvk+Yzc+HGdbXzdQCm7r9JSdMP+nGPNnUBg1hJp2IQ=="}} diff --git a/Python-3.11.13.tar.xz b/Python-3.11.13.tar.xz new file mode 100644 index 0000000..80a2b4d --- /dev/null +++ b/Python-3.11.13.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:8fb5f9fbc7609fa822cb31549884575db7fd9657cbffb89510b5d7975963a83a +size 20117496 diff --git a/Python-3.11.13.tar.xz.sigstore b/Python-3.11.13.tar.xz.sigstore new file mode 100644 index 0000000..a6d0be7 --- /dev/null +++ b/Python-3.11.13.tar.xz.sigstore @@ -0,0 +1 @@ +{"mediaType": "application/vnd.dev.sigstore.bundle.v0.3+json", "verificationMaterial": {"certificate": {"rawBytes": "MIICzjCCAlSgAwIBAgIUfnOGm4U1QCsCXWiDvPy5Tgni2HUwCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjUwNjAzMTkyNzM1WhcNMjUwNjAzMTkzNzM1WjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEpTsf/wrCdu4Domf4WOtO4CLkj51wmj4iesYv5N6DYhghPjqQFwGYI9gFc/WX6QMIWh5YHU2NGxrmM7KfbAYzz6OCAXMwggFvMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUkQ2/O4Fivj1bTq7NTQczm1RdtYAwHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4YZD8wIgYDVR0RAQH/BBgwFoEUcGFibG9nc2FsQHB5dGhvbi5vcmcwKQYKKwYBBAGDvzABAQQbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMCsGCisGAQQBg78wAQgEHQwbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMIGLBgorBgEEAdZ5AgQCBH0EewB5AHcA3T0wasbHETJjGR4cmWc3AqJKXrjePK3/h4pygC8p7o4AAAGXN0NwGwAABAMASDBGAiEA6pD8PjS+5z2SQre/NS/wOdFSjVMsxvtfF6A1jg+1T3YCIQDC44S/Z3c0dNddM7EkE+A3j7Vft3hqRUoFkNe4U6g5qTAKBggqhkjOPQQDAwNoADBlAjA6lBI2r3KCZFc+2affpH3S3Xj3gMOKh8Lr5Z7TgkGp3Q6QsnExGmJJ0leXhqH6rQkCMQDfxk/6DyhbO7KTrIUfmrbZoa7dV75cresJS69Xk67XN57qsqY52DZj9o4fbUIw4ro="}, "tlogEntries": [{"logIndex": "228953871", "logId": {"keyId": "wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="}, "kindVersion": {"kind": "hashedrekord", "version": "0.0.1"}, "integratedTime": "1748978856", "inclusionPromise": {"signedEntryTimestamp": "MEUCIQC9nXmfcRqyOL2Zmw1zI7+kulTbmDE3Yfzew81mXJGU4QIgF8Uhdg2uzttSA6erOuEchX68PCyJ0cVFHE0XJX2+ZfE="}, "inclusionProof": {"logIndex": "107049609", "rootHash": "Ilofw5POqC/C3zqfrdMQP1DyhNW+UfB9fHdjrbK6qaM=", "treeSize": "107049610", "hashes": ["AcD1iyjU7nuIPqAq29ynz7PEdq6zPXglj6e2tkH+/do=", "1BNDCN01B3dbUo/TfLaQgKIYTvPyrkcrHKd69GxuF2E=", "t59A0CV2pHM2S9AgZgcEA6FbXhgNZGo0jMRIXHiqsJ0=", "bCrkgWpJ8MBic+mIfCRsKi+5XAMqgM8Lc6G0LLfzZ7M=", "4iwdOrGkcqdN0qqZUx/gv8a8qpLMqVj8aXRVmhQ558c=", "mAX/zvx1jR0ujLtDApsQpHyxmoDGidClHMOn0BX1aQA=", "u5LKLBPTYgXZg0fBi6/8LuEeNy3EBAxJF0AkkB4Co6E=", "SPUVncwJRVX/n/RICCYqLpAzraqx7S0eMdXRr1RLRgg=", "uEJFtwcGQJMd9kjQhkXb7gl2WD3WMElCc15uDFvFGxs=", "VdOKzpQhJlpXgijzXANf/hNlje1G/N1kUuVnKNskkso=", "mta5fH/gFwxJ/0fT8yGpn3sFCY0G1RY555Iflm0LInM=", "7v8qPHNDLerpduaMx06eb/MwgoQwczTn/cYGKX/9wZ4="], "checkpoint": {"envelope": "rekor.sigstore.dev - 1193050959916656506\n107049610\nIlofw5POqC/C3zqfrdMQP1DyhNW+UfB9fHdjrbK6qaM=\n\n\u2014 rekor.sigstore.dev wNI9ajBGAiEAjtzTnsnrGx0G3Dg99s89cPUh6EA+cxkicQ9j4qYU60wCIQCKcAL4kdakbq2JrBVgk7bRNf3FoJRrEI6SCjv16f7Crg==\n"}}, "canonicalizedBody": "eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiaGFzaGVkcmVrb3JkIiwic3BlYyI6eyJkYXRhIjp7Imhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiI4ZmI1ZjlmYmM3NjA5ZmE4MjJjYjMxNTQ5ODg0NTc1ZGI3ZmQ5NjU3Y2JmZmI4OTUxMGI1ZDc5NzU5NjNhODNhIn19LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FVUNJUUM5Q1JZRjNSWGUzdDNxQlBJd2UrR3pMMTJCOXVLTjIrRFpWa2JjZW1FTS93SWdPMDFKaVhnbUJxZEN5RVhoM05JUEt5QlRBb2hpcjZHTkhZdXhiSUxKNDlRPSIsInB1YmxpY0tleSI6eyJjb250ZW50IjoiTFMwdExTMUNSVWRKVGlCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2sxSlNVTjZha05EUVd4VFowRjNTVUpCWjBsVlptNVBSMjAwVlRGUlEzTkRXRmRwUkhaUWVUVlVaMjVwTWtoVmQwTm5XVWxMYjFwSmVtb3dSVUYzVFhjS1RucEZWazFDVFVkQk1WVkZRMmhOVFdNeWJHNWpNMUoyWTIxVmRWcEhWakpOVWpSM1NFRlpSRlpSVVVSRmVGWjZZVmRrZW1SSE9YbGFVekZ3WW01U2JBcGpiVEZzV2tkc2FHUkhWWGRJYUdOT1RXcFZkMDVxUVhwTlZHdDVUbnBOTVZkb1kwNU5hbFYzVG1wQmVrMVVhM3BPZWsweFYycEJRVTFHYTNkRmQxbElDa3R2V2tsNmFqQkRRVkZaU1V0dldrbDZhakJFUVZGalJGRm5RVVZ3VkhObUwzZHlRMlIxTkVSdmJXWTBWMDkwVHpSRFRHdHFOVEYzYldvMGFXVnpXWFlLTlU0MlJGbG9aMmhRYW5GUlJuZEhXVWs1WjBaakwxZFlObEZOU1Zkb05WbElWVEpPUjNoeWJVMDNTMlppUVZsNmVqWlBRMEZZVFhkblowWjJUVUUwUndwQk1WVmtSSGRGUWk5M1VVVkJkMGxJWjBSQlZFSm5UbFpJVTFWRlJFUkJTMEpuWjNKQ1owVkdRbEZqUkVGNlFXUkNaMDVXU0ZFMFJVWm5VVlZyVVRJdkNrODBSbWwyYWpGaVZIRTNUbFJSWTNwdE1WSmtkRmxCZDBoM1dVUldVakJxUWtKbmQwWnZRVlV6T1ZCd2VqRlphMFZhWWpWeFRtcHdTMFpYYVhocE5Ga0tXa1E0ZDBsbldVUldVakJTUVZGSUwwSkNaM2RHYjBWVlkwZEdhV0pIT1c1ak1rWnpVVWhDTldSSGFIWmlhVFYyWTIxamQwdFJXVXRMZDFsQ1FrRkhSQXAyZWtGQ1FWRlJZbUZJVWpCalNFMDJUSGs1YUZreVRuWmtWelV3WTNrMWJtSXlPVzVpUjFWMVdUSTVkRTFEYzBkRGFYTkhRVkZSUW1jM09IZEJVV2RGQ2toUmQySmhTRkl3WTBoTk5reDVPV2haTWs1MlpGYzFNR041Tlc1aU1qbHVZa2RWZFZreU9YUk5TVWRNUW1kdmNrSm5SVVZCWkZvMVFXZFJRMEpJTUVVS1pYZENOVUZJWTBFelZEQjNZWE5pU0VWVVNtcEhValJqYlZkak0wRnhTa3RZY21wbFVFc3pMMmcwY0hsblF6aHdOMjgwUVVGQlIxaE9NRTUzUjNkQlFRcENRVTFCVTBSQ1IwRnBSVUUyY0VRNFVHcFRLelY2TWxOUmNtVXZUbE12ZDA5a1JsTnFWazF6ZUhaMFprWTJRVEZxWnlzeFZETlpRMGxSUkVNME5GTXZDbG96WXpCa1RtUmtUVGRGYTBVclFUTnFOMVptZEROb2NWSlZiMFpyVG1VMFZUWm5OWEZVUVV0Q1oyZHhhR3RxVDFCUlVVUkJkMDV2UVVSQ2JFRnFRVFlLYkVKSk1uSXpTME5hUm1Nck1tRm1abkJJTTFNeldHb3paMDFQUzJnNFRISTFXamRVWjJ0SGNETlJObEZ6YmtWNFIyMUtTakJzWlZob2NVZzJjbEZyUXdwTlVVUm1lR3N2TmtSNWFHSlBOMHRVY2tsVlptMXlZbHB2WVRka1ZqYzFZM0psYzBwVE5qbFlhelkzV0U0MU4zRnpjVmsxTWtSYWFqbHZOR1ppVlVsM0NqUnliejBLTFMwdExTMUZUa1FnUTBWU1ZFbEdTVU5CVkVVdExTMHRMUW89In19fX0="}], "timestampVerificationData": {}}, "messageSignature": {"messageDigest": {"algorithm": "SHA2_256", "digest": "j7X5+8dgn6giyzFUmIRXXbf9llfL/7iVELXXl1ljqDo="}, "signature": "MEUCIQC9CRYF3RXe3t3qBPIwe+GzL12B9uKN2+DZVkbcemEM/wIgO01JiXgmBqdCyEXh3NIPKyBTAohir6GNHYuxbILJ49Q="}} diff --git a/README.SUSE b/README.SUSE new file mode 100644 index 0000000..0053bcf --- /dev/null +++ b/README.SUSE @@ -0,0 +1,43 @@ +Python 3 in SUSE +============== + +* Subpackages * + +Python 3 is split into several subpackages, based on external dependencies. +The main package 'python3' has soft dependencies on all subpackages needed to +assemble the standard library; however, these might not all be installed by default. + +If you attempt to import a module that is currently not installed, an ImportError is thrown, +with instructions to install the missing subpackage. Installing the subpackage might result +in installing libraries that the subpackage requires to function. + + +* ensurepip * + +The 'ensurepip' module from Python 3 standard library (PEP 453) is supposed to deploy +a bundled copy of the pip installer. This makes no sense in a managed distribution like SUSE. +Instead, you need to install package 'python3-pip'. Usually this will be installed automatically +with 'python3'. + +Using 'ensurepip' when pip is not installed will result in an ImportError with instructions +to install 'python3-pip'. + + +* Documentation * + +You can find documentation in seprarate packages: python3-doc and +python3-doc-pdf. These contan following documents: + + Tutorial, What's New in Python, Global Module Index, Library Reference, + Macintosh Module Reference, Installing Python Modules, Distributing Python + Modules, Language Reference, Extending and Embedding, Python/C API, + Documenting Python + +The python3-doc package constains many text files from source tarball. + + +* Interactive mode * + +Interactive mode is by default enhanced with of history and command completion. +If you don't like these features, you can unset the PYTHONSTARTUP variable +in your .profile or disable it system wide in /etc/profile.d/python.sh. diff --git a/_multibuild b/_multibuild new file mode 100644 index 0000000..1d50bc4 --- /dev/null +++ b/_multibuild @@ -0,0 +1,4 @@ + + base + doc + diff --git a/add-loongarch64-support.patch b/add-loongarch64-support.patch new file mode 100644 index 0000000..10cc846 --- /dev/null +++ b/add-loongarch64-support.patch @@ -0,0 +1,29 @@ +Description: Add platform triplets for LoongArch. + +--- + configure.ac | 14 ++++++++++++++ + 1 file changed, 14 insertions(+) + +--- a/configure.ac ++++ b/configure.ac +@@ -976,6 +976,20 @@ cat > conftest.c <=6) && defined(_MIPSEL) diff --git a/baselibs.conf b/baselibs.conf new file mode 100644 index 0000000..1793de8 --- /dev/null +++ b/baselibs.conf @@ -0,0 +1,3 @@ +python311-base +python311 +libpython3_11-1_0 diff --git a/bluez-devel-vendor.tar.xz b/bluez-devel-vendor.tar.xz new file mode 100644 index 0000000..57fb3e5 --- /dev/null +++ b/bluez-devel-vendor.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:868fbfba2ddaed62f2c45cf869fe2c648527ac3bac738f4f41f3c2872f5b0211 +size 25040 diff --git a/bpo-31046_ensurepip_honours_prefix.patch b/bpo-31046_ensurepip_honours_prefix.patch new file mode 100644 index 0000000..86882ae --- /dev/null +++ b/bpo-31046_ensurepip_honours_prefix.patch @@ -0,0 +1,173 @@ +From 5754521af1d51aa8e445cba07a093bbc0c88596d Mon Sep 17 00:00:00 2001 +From: Zackery Spytz +Date: Mon, 16 Dec 2019 18:24:08 -0700 +Subject: [PATCH] bpo-31046: ensurepip does not honour the value of $(prefix) + +Co-Authored-By: Xavier de Gaye +--- + Doc/library/ensurepip.rst | 9 +++-- + Lib/ensurepip/__init__.py | 18 +++++++--- + Lib/test/test_ensurepip.py | 11 ++++++ + Makefile.pre.in | 4 +- + Misc/NEWS.d/next/Build/2019-12-16-17-50-42.bpo-31046.XA-Qfr.rst | 1 + 5 files changed, 34 insertions(+), 9 deletions(-) + create mode 100644 Misc/NEWS.d/next/Build/2019-12-16-17-50-42.bpo-31046.XA-Qfr.rst + +Index: Python-3.11.8/Doc/library/ensurepip.rst +=================================================================== +--- Python-3.11.8.orig/Doc/library/ensurepip.rst ++++ Python-3.11.8/Doc/library/ensurepip.rst +@@ -59,7 +59,9 @@ is at least as recent as the one availab + By default, ``pip`` is installed into the current virtual environment + (if one is active) or into the system site packages (if there is no + active virtual environment). The installation location can be controlled +-through two additional command line options: ++through some additional command line options: ++ ++* ``--prefix ``: Installs ``pip`` using the given directory prefix. + + * :samp:`--root {dir}`: Installs ``pip`` relative to the given root directory + rather than the root of the currently active virtual environment (if any) +@@ -92,7 +94,7 @@ Module API + Returns a string specifying the available version of pip that will be + installed when bootstrapping an environment. + +-.. function:: bootstrap(root=None, upgrade=False, user=False, \ ++.. function:: bootstrap(root=None, prefix=None, upgrade=False, user=False, \ + altinstall=False, default_pip=False, \ + verbosity=0) + +@@ -102,6 +104,8 @@ Module API + If *root* is ``None``, then installation uses the default install location + for the current environment. + ++ *prefix* specifies the directory prefix to use when installing. ++ + *upgrade* indicates whether or not to upgrade an existing installation + of an earlier version of ``pip`` to the available version. + +@@ -122,6 +126,8 @@ Module API + *verbosity* controls the level of output to :data:`sys.stdout` from the + bootstrapping operation. + ++ .. versionchanged:: 3.9 the *prefix* parameter was added. ++ + .. audit-event:: ensurepip.bootstrap root ensurepip.bootstrap + + .. note:: +Index: Python-3.11.8/Lib/ensurepip/__init__.py +=================================================================== +--- Python-3.11.8.orig/Lib/ensurepip/__init__.py ++++ Python-3.11.8/Lib/ensurepip/__init__.py +@@ -122,27 +122,27 @@ def _disable_pip_configuration_settings( + os.environ['PIP_CONFIG_FILE'] = os.devnull + + +-def bootstrap(*, root=None, upgrade=False, user=False, ++def bootstrap(*, root=None, prefix=None, upgrade=False, user=False, + altinstall=False, default_pip=False, + verbosity=0): + """ + Bootstrap pip into the current Python installation (or the given root +- directory). ++ and directory prefix). + + Note that calling this function will alter both sys.path and os.environ. + """ + # Discard the return value +- _bootstrap(root=root, upgrade=upgrade, user=user, ++ _bootstrap(root=root, prefix=prefix, upgrade=upgrade, user=user, + altinstall=altinstall, default_pip=default_pip, + verbosity=verbosity) + + +-def _bootstrap(*, root=None, upgrade=False, user=False, ++def _bootstrap(*, root=None, prefix=None, upgrade=False, user=False, + altinstall=False, default_pip=False, + verbosity=0): + """ + Bootstrap pip into the current Python installation (or the given root +- directory). Returns pip command status code. ++ and directory prefix). Returns pip command status code. + + Note that calling this function will alter both sys.path and os.environ. + """ +@@ -192,6 +192,8 @@ def _bootstrap(*, root=None, upgrade=Fal + args = ["install", "--no-cache-dir", "--no-index", "--find-links", tmpdir] + if root: + args += ["--root", root] ++ if prefix: ++ args += ["--prefix", prefix] + if upgrade: + args += ["--upgrade"] + if user: +@@ -267,6 +269,11 @@ def _main(argv=None): + help="Install everything relative to this alternate root directory.", + ) + parser.add_argument( ++ "--prefix", ++ default=None, ++ help="Install everything using this prefix.", ++ ) ++ parser.add_argument( + "--altinstall", + action="store_true", + default=False, +@@ -285,6 +292,7 @@ def _main(argv=None): + + return _bootstrap( + root=args.root, ++ prefix=args.prefix, + upgrade=args.upgrade, + user=args.user, + verbosity=args.verbosity, +Index: Python-3.11.8/Lib/test/test_ensurepip.py +=================================================================== +--- Python-3.11.8.orig/Lib/test/test_ensurepip.py ++++ Python-3.11.8/Lib/test/test_ensurepip.py +@@ -112,6 +112,17 @@ class TestBootstrap(EnsurepipMixin, unit + unittest.mock.ANY, + ) + ++ def test_bootstrapping_with_prefix(self): ++ ensurepip.bootstrap(prefix="/foo/bar/") ++ self.run_pip.assert_called_once_with( ++ [ ++ "install", "--no-cache-dir", "--no-index", "--find-links", ++ unittest.mock.ANY, "--prefix", "/foo/bar/", ++ "setuptools", "pip", ++ ], ++ unittest.mock.ANY, ++ ) ++ + def test_bootstrapping_with_user(self): + ensurepip.bootstrap(user=True) + +Index: Python-3.11.8/Makefile.pre.in +=================================================================== +--- Python-3.11.8.orig/Makefile.pre.in ++++ Python-3.11.8/Makefile.pre.in +@@ -1761,7 +1761,7 @@ install: @FRAMEWORKINSTALLFIRST@ commoni + install|*) ensurepip="" ;; \ + esac; \ + $(RUNSHARED) $(PYTHON_FOR_BUILD) -m ensurepip \ +- $$ensurepip --root=$(DESTDIR)/ ; \ ++ $$ensurepip --root=$(DESTDIR)/ --prefix=$(prefix) ; \ + fi + + altinstall: commoninstall +@@ -1771,7 +1771,7 @@ altinstall: commoninstall + install|*) ensurepip="--altinstall" ;; \ + esac; \ + $(RUNSHARED) $(PYTHON_FOR_BUILD) -m ensurepip \ +- $$ensurepip --root=$(DESTDIR)/ ; \ ++ $$ensurepip --root=$(DESTDIR)/ --prefix=$(prefix) ; \ + fi + + commoninstall: check-clean-src @FRAMEWORKALTINSTALLFIRST@ \ +Index: Python-3.11.8/Misc/NEWS.d/next/Build/2019-12-16-17-50-42.bpo-31046.XA-Qfr.rst +=================================================================== +--- /dev/null ++++ Python-3.11.8/Misc/NEWS.d/next/Build/2019-12-16-17-50-42.bpo-31046.XA-Qfr.rst +@@ -0,0 +1 @@ ++A directory prefix can now be specified when using :mod:`ensurepip`. diff --git a/bsc1221260-test_asyncio-ResourceWarning.patch b/bsc1221260-test_asyncio-ResourceWarning.patch new file mode 100644 index 0000000..15d6b8d --- /dev/null +++ b/bsc1221260-test_asyncio-ResourceWarning.patch @@ -0,0 +1,21 @@ +From a3052035485bd2836e40f5284657ca105382cbfd Mon Sep 17 00:00:00 2001 +From: sobolevn +Date: Tue, 5 Mar 2024 20:24:16 +0300 +Subject: [PATCH] gh-116112: Fix `ResourceWarning` in + `test_asyncio.test_stream` + +Co-authored-by: @CendioOssman +--- + Lib/test/test_asyncio/test_streams.py | 1 + + 1 file changed, 1 insertion(+) + +--- a/Lib/test/test_asyncio/test_streams.py ++++ b/Lib/test/test_asyncio/test_streams.py +@@ -1156,6 +1156,7 @@ os.close(fd) + + def test_unhandled_cancel(self): + async def handle_echo(reader, writer): ++ writer.close() + asyncio.current_task().cancel() + messages = self._basetest_unhandled_exceptions(handle_echo) + self.assertEqual(messages, []) diff --git a/bso1227999-reproducible-builds.patch b/bso1227999-reproducible-builds.patch new file mode 100644 index 0000000..fb33d18 --- /dev/null +++ b/bso1227999-reproducible-builds.patch @@ -0,0 +1,37 @@ +From ac2b8869724d7a57d9b5efbdce2f20423214e8bb Mon Sep 17 00:00:00 2001 +From: "Bernhard M. Wiedemann" +Date: Tue, 16 Jul 2024 21:39:33 +0200 +Subject: [PATCH] Allow to override build date with SOURCE_DATE_EPOCH + +to make builds reproducible. +See https://reproducible-builds.org/ for why this is good +and https://reproducible-builds.org/specs/source-date-epoch/ +for the definition of this variable. +--- + Doc/conf.py | 3 ++- + Doc/library/functions.rst | 2 +- + 2 files changed, 3 insertions(+), 2 deletions(-) + +--- a/Doc/conf.py ++++ b/Doc/conf.py +@@ -316,7 +316,8 @@ html_context = { + } + + # This 'Last updated on:' timestamp is inserted at the bottom of every page. +-html_last_updated_fmt = time.strftime('%b %d, %Y (%H:%M UTC)', time.gmtime()) ++html_time = int(os.environ.get('SOURCE_DATE_EPOCH', time.time())) ++html_last_updated_fmt = time.strftime('%b %d, %Y (%H:%M UTC)', time.gmtime(html_time)) + + # Path to find HTML templates. + templates_path = ['tools/templates'] +--- a/Doc/library/functions.rst ++++ b/Doc/library/functions.rst +@@ -1356,7 +1356,7 @@ are always available. They are listed h + (where :func:`open` is declared), :mod:`os`, :mod:`os.path`, :mod:`tempfile`, + and :mod:`shutil`. + +- .. audit-event:: open file,mode,flags open ++ .. audit-event:: open path,mode,flags open + + The ``mode`` and ``flags`` arguments may have been modified or inferred from + the original call. diff --git a/distutils-reproducible-compile.patch b/distutils-reproducible-compile.patch new file mode 100644 index 0000000..17e8bd2 --- /dev/null +++ b/distutils-reproducible-compile.patch @@ -0,0 +1,17 @@ +--- + Lib/distutils/util.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +Index: Python-3.11.8/Lib/distutils/util.py +=================================================================== +--- Python-3.11.8.orig/Lib/distutils/util.py ++++ Python-3.11.8/Lib/distutils/util.py +@@ -436,7 +436,7 @@ byte_compile(files, optimize=%r, force=% + else: + from py_compile import compile + +- for file in py_files: ++ for file in sorted(py_files): + if file[-3:] != ".py": + # This lets us be lazy and not filter filenames in + # the "install_lib" command. diff --git a/externally_managed.in b/externally_managed.in new file mode 100644 index 0000000..54606b6 --- /dev/null +++ b/externally_managed.in @@ -0,0 +1,12 @@ +[externally-managed] +Error=To install Python packages system-wide, try + zypper install __PYTHONPREFIX__-xyz, where xyz is the package + you are trying to install. + + If you wish to install a non-rpm packaged Python package, + create a virtual environment using __PYTHON__ -m venv path/to/venv. + Then use path/to/venv/bin/python and path/to/venv/bin/pip. + + If you wish to install a non-rpm packaged Python application, + it may be easiest to use `pipx install xyz`, which will manage a + virtual environment for you. Install pipx via `zypper install __PYTHONPREFIX__-pipx` . diff --git a/fix_configure_rst.patch b/fix_configure_rst.patch new file mode 100644 index 0000000..a5fe82c --- /dev/null +++ b/fix_configure_rst.patch @@ -0,0 +1,40 @@ +--- + Doc/using/configure.rst | 3 --- + Misc/NEWS | 2 +- + 2 files changed, 1 insertion(+), 4 deletions(-) + +--- a/Doc/using/configure.rst ++++ b/Doc/using/configure.rst +@@ -43,7 +43,6 @@ General Options + + See :data:`sys.int_info.bits_per_digit `. + +-.. option:: --with-cxx-main + .. option:: --with-cxx-main=COMPILER + + Compile the Python ``main()`` function and link Python executable with C++ +@@ -529,13 +528,11 @@ macOS Options + + See ``Mac/README.rst``. + +-.. option:: --enable-universalsdk + .. option:: --enable-universalsdk=SDKDIR + + Create a universal binary build. *SDKDIR* specifies which macOS SDK should + be used to perform the build (default is no). + +-.. option:: --enable-framework + .. option:: --enable-framework=INSTALLDIR + + Create a Python.framework rather than a traditional Unix install. Optional +--- a/Misc/NEWS ++++ b/Misc/NEWS +@@ -9911,7 +9911,7 @@ C API + - bpo-40939: Removed documentation for the removed ``PyParser_*`` C API. + + - bpo-43795: The list in :ref:`limited-api-list` now shows the public name +- :c:struct:`PyFrameObject` rather than ``_frame``. The non-existing entry ++ :c:type:`PyFrameObject` rather than ``_frame``. The non-existing entry + ``_node`` no longer appears in the list. + + - bpo-44378: :c:func:`Py_IS_TYPE` no longer uses :c:func:`Py_TYPE` to avoid diff --git a/gh-126572-test_ssl-no-stop-ThreadedEchoServer-OSError.patch b/gh-126572-test_ssl-no-stop-ThreadedEchoServer-OSError.patch new file mode 100644 index 0000000..292efba --- /dev/null +++ b/gh-126572-test_ssl-no-stop-ThreadedEchoServer-OSError.patch @@ -0,0 +1,82 @@ +From 3d390148c05a7ea2d401c4633e7d4db75ebf97d9 Mon Sep 17 00:00:00 2001 +From: Petr Viktorin +Date: Thu, 7 Nov 2024 11:07:02 +0100 +Subject: [PATCH] gh-126500: test_ssl: Don't stop ThreadedEchoServer on OSError + in ConnectionHandler; rely on __exit__ (GH-126503) + +If `read()` in the ConnectionHandler thread raises `OSError` (except `ConnectionError`), +the ConnectionHandler shuts down the entire ThreadedEchoServer, +preventing further connections. +It also does that for `EPROTOTYPE` in `wrap_conn`. + +As far as I can see, this is done to avoid the server thread getting stuck, +forgotten, in its accept loop. However, since 2011 (5b95eb90a7167285b6544b50865227c584943c9a) +the server is used as a context manager, and its `__exit__` does `stop()` and `join()`. +(I'm not sure if we *always* used `with` since that commit, but currently we do.) + +Make sure that the context manager *is* used, and remove the `server.stop()` +calls from ConnectionHandler. +(cherry picked from commit c9cda1608edf7664c10f4f467e24591062c2fe62) + +Co-authored-by: Petr Viktorin +--- + Lib/test/test_ssl.py | 17 ++++++++++++----- + 1 file changed, 12 insertions(+), 5 deletions(-) + +Index: Python-3.11.12/Lib/test/test_ssl.py +=================================================================== +--- Python-3.11.12.orig/Lib/test/test_ssl.py 2025-04-19 19:55:02.157545844 +0200 ++++ Python-3.11.12/Lib/test/test_ssl.py 2025-04-19 19:55:05.014552345 +0200 +@@ -2516,7 +2516,6 @@ + # See also http://erickt.github.io/blog/2014/11/19/adventures-in-debugging-a-potential-osx-kernel-bug/ + if e.errno != errno.EPROTOTYPE and sys.platform != "darwin": + self.running = False +- self.server.stop() + self.close() + return False + else: +@@ -2651,10 +2650,6 @@ + self.close() + self.running = False + +- # normally, we'd just stop here, but for the test +- # harness, we want to stop the server +- self.server.stop() +- + def __init__(self, certificate=None, ssl_version=None, + certreqs=None, cacerts=None, + chatty=True, connectionchatty=False, starttls_server=False, +@@ -2688,21 +2683,33 @@ + self.conn_errors = [] + threading.Thread.__init__(self) + self.daemon = True ++ self._in_context = False + + def __enter__(self): ++ if self._in_context: ++ raise ValueError('Re-entering ThreadedEchoServer context') ++ self._in_context = True + self.start(threading.Event()) + self.flag.wait() + return self + + def __exit__(self, *args): ++ assert self._in_context ++ self._in_context = False + self.stop() + self.join() + + def start(self, flag=None): ++ if not self._in_context: ++ raise ValueError( ++ 'ThreadedEchoServer must be used as a context manager') + self.flag = flag + threading.Thread.start(self) + + def run(self): ++ if not self._in_context: ++ raise ValueError( ++ 'ThreadedEchoServer must be used as a context manager') + self.sock.settimeout(1.0) + self.sock.listen(5) + self.active = True diff --git a/gh120226-fix-sendfile-test-kernel-610.patch b/gh120226-fix-sendfile-test-kernel-610.patch new file mode 100644 index 0000000..2eb6f63 --- /dev/null +++ b/gh120226-fix-sendfile-test-kernel-610.patch @@ -0,0 +1,35 @@ +From 1b3f6523a5c83323cdc44031b33a1c062e5dc698 Mon Sep 17 00:00:00 2001 +From: Xi Ruoyao +Date: Fri, 7 Jun 2024 23:51:32 +0800 +Subject: [PATCH] gh-120226: Fix + test_sendfile_close_peer_in_the_middle_of_receiving on Linux >= 6.10 + (GH-120227) + +The worst case is that the kernel buffers 17 pages with a page size of 64k. +(cherry picked from commit a7584245661102a5768c643fbd7db8395fd3c90e) + +Co-authored-by: Xi Ruoyao +--- + Lib/test/test_asyncio/test_sendfile.py | 11 ++++------- + 1 file changed, 4 insertions(+), 7 deletions(-) + +--- a/Lib/test/test_asyncio/test_sendfile.py ++++ b/Lib/test/test_asyncio/test_sendfile.py +@@ -93,13 +93,10 @@ class MyProto(asyncio.Protocol): + + class SendfileBase: + +- # 256 KiB plus small unaligned to buffer chunk +- # Newer versions of Windows seems to have increased its internal +- # buffer and tries to send as much of the data as it can as it +- # has some form of buffering for this which is less than 256KiB +- # on newer server versions and Windows 11. +- # So DATA should be larger than 256 KiB to make this test reliable. +- DATA = b"x" * (1024 * 256 + 1) ++ # Linux >= 6.10 seems buffering up to 17 pages of data. ++ # So DATA should be large enough to make this test reliable even with a ++ # 64 KiB page configuration. ++ DATA = b"x" * (1024 * 17 * 64 + 1) + # Reduce socket buffer size to test on relative small data sets. + BUF_SIZE = 4 * 1024 # 4 KiB + diff --git a/idle3.appdata.xml b/idle3.appdata.xml new file mode 100644 index 0000000..554b7c4 --- /dev/null +++ b/idle3.appdata.xml @@ -0,0 +1,35 @@ + + + + + idle3.desktop + IDLE3 + CC0 + Python-2.0 + Python 3 Integrated Development and Learning Environment + +

+ IDLE is Python’s Integrated Development and Learning Environment. + The GUI is uniform between Windows, Unix, and Mac OS X. + IDLE provides an easy way to start writing, running, and debugging + Python code. +

+

+ IDLE is written in pure Python, and uses the tkinter GUI toolkit. + It provides: +

+
    +
  • a Python shell window (interactive interpreter) with colorizing of code input, output, and error messages,
    • +
  • a multi-window text editor with multiple undo, Python colorizing, smart indent, call tips, auto completion, and other features,
    • +
  • search within any window, replace within editor windows, and search through multiple files (grep),
    • +
  • a debugger with persistent breakpoints, stepping, and viewing of global and local namespaces.
    • +
+ + https://docs.python.org/3/library/idle.html + + http://in.waw.pl/~zbyszek/fedora/idle3-appdata/idle3-main-window.png + http://in.waw.pl/~zbyszek/fedora/idle3-appdata/idle3-class-browser.png + http://in.waw.pl/~zbyszek/fedora/idle3-appdata/idle3-code-viewer.png + + zbyszek@in.waw.pl + diff --git a/idle3.desktop b/idle3.desktop new file mode 100644 index 0000000..43f5a4c --- /dev/null +++ b/idle3.desktop @@ -0,0 +1,12 @@ +[Desktop Entry] +Version=1.0 +Name=IDLE 3 +GenericName=Python 3 IDE +Comment=Python 3 Integrated Development and Learning Environment +Exec=idle3 %F +TryExec=idle3 +Terminal=false +Type=Application +Icon=idle3 +Categories=Development;IDE; +MimeType=text/x-python; diff --git a/import_failed.map b/import_failed.map new file mode 100644 index 0000000..f33690c --- /dev/null +++ b/import_failed.map @@ -0,0 +1,7 @@ +python311-curses: curses _curses _curses_panel +python311-dbm: dbm _dbm _gdbm +python311-idle: idlelib +python311-testsuite: test _ctypes_test _testbuffer _testcapi _testinternalcapi _testimportmultiple _testmultiphase xxlimited +python311-tk: tkinter _tkinter +python311-tools: turtledemo +python311: sqlite3 readline _sqlite3 nis diff --git a/import_failed.py b/import_failed.py new file mode 100644 index 0000000..258b5a5 --- /dev/null +++ b/import_failed.py @@ -0,0 +1,23 @@ +import sys, os +from sysconfig import get_path + +failed_map_path = os.path.join(get_path('stdlib'), '_import_failed', 'import_failed.map') + +if __spec__: + failed_name = __spec__.name +else: + failed_name = __name__ + +with open(failed_map_path) as fd: + for line in fd: + package = line.split(':')[0] + imports = line.split(':')[1] + if failed_name in imports: + raise ImportError(f"""Module '{failed_name}' is not installed. +Use: + sudo zypper install {package} +to install it.""") + +raise ImportError(f"""Module '{failed_name}' is not installed. +It is supposed to be part of python3 distribution, but missing from failed import map. +Please file a bug on the SUSE Bugzilla.""") diff --git a/macros.python3 b/macros.python3 new file mode 100644 index 0000000..2bd193b --- /dev/null +++ b/macros.python3 @@ -0,0 +1,28 @@ +%have_python3 1 + +# commented out legacy macro definitions +#py3_prefix /usr +#py3_incdir /usr/include/python3.5m +#py3_ver 3.5 + +# these should now be provided by macros.python_all +#python3_sitearch /usr/lib64/python3.5/site-packages +#python3_sitelib /usr/lib/python3.5/site-packages +#python3_version 3.5 + +# hard to say if anyone ever used these? +#py3_soflags cpython-35m-x86_64-linux-gnu +#py3_abiflags m +%cpython3_soabi %(python3 -c "import sysconfig; print(sysconfig.get_config_var('SOABI'))") +%py3_soflags %cpython3_soabi + +# compilation macros that might be in use somewhere +%py3_compile(O) \ +find %1 -name '*.pyc' -exec rm -f {} ";"\ +python3 -c "import sys, os, compileall; br='%{buildroot}'; compileall.compile_dir(sys.argv[1], ddir=br and (sys.argv[1][len(os.path.abspath(br)):]+'/') or None)" %1\ +%{-O:\ +find %1 -name '*.pyo' -exec rm -f {} ";"\ +python3 -O -c "import sys, os, compileall; br='%{buildroot}'; compileall.compile_dir(sys.argv[1], ddir=br and (sys.argv[1][len(os.path.abspath(br)):]+'/') or None)" %1\ +} + + diff --git a/no-skipif-doctests.patch b/no-skipif-doctests.patch new file mode 100644 index 0000000..7e412d7 --- /dev/null +++ b/no-skipif-doctests.patch @@ -0,0 +1,653 @@ +only in patch2: +unchanged: +--- + Doc/library/turtle.rst | 82 ------------------------------------------------- + 1 file changed, 82 deletions(-) + +--- a/Doc/library/turtle.rst ++++ b/Doc/library/turtle.rst +@@ -440,7 +440,6 @@ Turtle motion + turtle is headed. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.position() + (0.00,0.00) +@@ -467,7 +466,6 @@ Turtle motion + >>> turtle.goto(0, 0) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.position() + (0.00,0.00) +@@ -486,13 +484,11 @@ Turtle motion + orientation depends on the turtle mode, see :func:`mode`. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.setheading(22) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.heading() + 22.0 +@@ -511,13 +507,11 @@ Turtle motion + orientation depends on the turtle mode, see :func:`mode`. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.setheading(22) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.heading() + 22.0 +@@ -540,13 +534,11 @@ Turtle motion + not change the turtle's orientation. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.goto(0, 0) + + .. doctest:: +- :skipif: _tkinter is None + + >>> tp = turtle.pos() + >>> tp +@@ -570,13 +562,11 @@ Turtle motion + unchanged. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.goto(0, 240) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.position() + (0.00,240.00) +@@ -592,13 +582,11 @@ Turtle motion + Set the turtle's second coordinate to *y*, leave first coordinate unchanged. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.goto(0, 40) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.position() + (0.00,40.00) +@@ -625,7 +613,6 @@ Turtle motion + =================== ==================== + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.setheading(90) + >>> turtle.heading() +@@ -638,14 +625,12 @@ Turtle motion + its start-orientation (which depends on the mode, see :func:`mode`). + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.setheading(90) + >>> turtle.goto(0, -10) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.heading() + 90.0 +@@ -677,7 +662,6 @@ Turtle motion + calculated automatically. May be used to draw regular polygons. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.position() +@@ -706,7 +690,6 @@ Turtle motion + + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.dot() +@@ -724,7 +707,6 @@ Turtle motion + it by calling ``clearstamp(stamp_id)``. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.color("blue") + >>> turtle.stamp() +@@ -740,7 +722,6 @@ Turtle motion + Delete stamp with given *stampid*. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.position() + (150.00,-0.00) +@@ -785,7 +766,6 @@ Turtle motion + undo actions is determined by the size of the undobuffer. + + .. doctest:: +- :skipif: _tkinter is None + + >>> for i in range(4): + ... turtle.fd(50); turtle.lt(80) +@@ -818,7 +798,6 @@ Turtle motion + turtle turn instantly. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.speed() + 3 +@@ -839,7 +818,6 @@ Tell Turtle's state + Return the turtle's current location (x,y) (as a :class:`Vec2D` vector). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.pos() + (440.00,-0.00) +@@ -855,7 +833,6 @@ Tell Turtle's state + orientation which depends on the mode - "standard"/"world" or "logo". + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.goto(10, 10) + >>> turtle.towards(0,0) +@@ -867,7 +844,6 @@ Tell Turtle's state + Return the turtle's x coordinate. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.left(50) +@@ -883,7 +859,6 @@ Tell Turtle's state + Return the turtle's y coordinate. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.left(60) +@@ -900,7 +875,6 @@ Tell Turtle's state + :func:`mode`). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.left(67) +@@ -917,7 +891,6 @@ Tell Turtle's state + other turtle, in turtle step units. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.distance(30,40) +@@ -941,7 +914,6 @@ Settings for measurement + Default value is 360 degrees. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.left(90) +@@ -964,7 +936,6 @@ Settings for measurement + ``degrees(2*math.pi)``. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.left(90) +@@ -975,7 +946,6 @@ Settings for measurement + 1.5707963267948966 + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.degrees(360) +@@ -1011,7 +981,6 @@ Drawing state + thickness. If no argument is given, the current pensize is returned. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.pensize() + 1 +@@ -1043,7 +1012,6 @@ Drawing state + attributes in one statement. + + .. doctest:: +- :skipif: _tkinter is None + :options: +NORMALIZE_WHITESPACE + + >>> turtle.pen(fillcolor="black", pencolor="red", pensize=10) +@@ -1066,7 +1034,6 @@ Drawing state + Return ``True`` if pen is down, ``False`` if it's up. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.penup() + >>> turtle.isdown() +@@ -1107,7 +1074,6 @@ Color control + newly set pencolor. + + .. doctest:: +- :skipif: _tkinter is None + + >>> colormode() + 1.0 +@@ -1156,7 +1122,6 @@ Color control + with the newly set fillcolor. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.fillcolor("violet") + >>> turtle.fillcolor() +@@ -1195,7 +1160,6 @@ Color control + with the newly set colors. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.color("red", "green") + >>> turtle.color() +@@ -1212,7 +1176,6 @@ Filling + ~~~~~~~ + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.home() +@@ -1222,7 +1185,6 @@ Filling + Return fillstate (``True`` if filling, ``False`` else). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.begin_fill() + >>> if turtle.filling(): +@@ -1247,7 +1209,6 @@ Filling + above may be either all yellow or have some white regions. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.color("black", "red") + >>> turtle.begin_fill() +@@ -1264,7 +1225,6 @@ More drawing control + variables to the default values. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.goto(0,-22) + >>> turtle.left(100) +@@ -1315,7 +1275,6 @@ Visibility + drawing observably. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.hideturtle() + +@@ -1326,7 +1285,6 @@ Visibility + Make the turtle visible. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.showturtle() + +@@ -1357,7 +1315,6 @@ Appearance + deal with shapes see Screen method :func:`register_shape`. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.shape() + 'classic' +@@ -1383,7 +1340,6 @@ Appearance + ``resizemode("user")`` is called by :func:`shapesize` when used with arguments. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.resizemode() + 'noresize' +@@ -1407,7 +1363,6 @@ Appearance + of the shape's outline. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.shapesize() + (1.0, 1.0, 1) +@@ -1432,7 +1387,6 @@ Appearance + heading of the turtle are sheared. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.shape("circle") + >>> turtle.shapesize(5,2) +@@ -1449,7 +1403,6 @@ Appearance + change the turtle's heading (direction of movement). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.reset() + >>> turtle.shape("circle") +@@ -1469,7 +1422,6 @@ Appearance + (direction of movement). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.reset() + >>> turtle.shape("circle") +@@ -1495,7 +1447,6 @@ Appearance + turtle (its direction of movement). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.reset() + >>> turtle.shape("circle") +@@ -1524,7 +1475,6 @@ Appearance + given matrix. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle = Turtle() + >>> turtle.shape("square") +@@ -1540,7 +1490,6 @@ Appearance + can be used to define a new shape or components of a compound shape. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.shape("square") + >>> turtle.shapetransform(4, -1, 0, 2) +@@ -1565,7 +1514,6 @@ Using events + procedural way: + + .. doctest:: +- :skipif: _tkinter is None + + >>> def turn(x, y): + ... left(180) +@@ -1586,7 +1534,6 @@ Using events + ``None``, existing bindings are removed. + + .. doctest:: +- :skipif: _tkinter is None + + >>> class MyTurtle(Turtle): + ... def glow(self,x,y): +@@ -1614,7 +1561,6 @@ Using events + mouse-click event on that turtle. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.ondrag(turtle.goto) + +@@ -1642,7 +1588,6 @@ Special Turtle methods + Return the last recorded polygon. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.begin_poly() +@@ -1662,7 +1607,6 @@ Special Turtle methods + turtle properties. + + .. doctest:: +- :skipif: _tkinter is None + + >>> mick = Turtle() + >>> joe = mick.clone() +@@ -1675,7 +1619,6 @@ Special Turtle methods + return the "anonymous turtle": + + .. doctest:: +- :skipif: _tkinter is None + + >>> pet = getturtle() + >>> pet.fd(50) +@@ -1689,7 +1632,6 @@ Special Turtle methods + TurtleScreen methods can then be called for that object. + + .. doctest:: +- :skipif: _tkinter is None + + >>> ts = turtle.getscreen() + >>> ts +@@ -1707,7 +1649,6 @@ Special Turtle methods + ``None``, the undobuffer is disabled. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.setundobuffer(42) + +@@ -1717,7 +1658,6 @@ Special Turtle methods + Return number of entries in the undobuffer. + + .. doctest:: +- :skipif: _tkinter is None + + >>> while undobufferentries(): + ... undo() +@@ -1740,7 +1680,6 @@ below: + For example: + + .. doctest:: +- :skipif: _tkinter is None + + >>> s = Shape("compound") + >>> poly1 = ((0,0),(10,-5),(0,10),(-10,-5)) +@@ -1751,7 +1690,6 @@ below: + 3. Now add the Shape to the Screen's shapelist and use it: + + .. doctest:: +- :skipif: _tkinter is None + + >>> register_shape("myshape", s) + >>> shape("myshape") +@@ -1771,7 +1709,6 @@ Most of the examples in this section ref + ``screen``. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> screen = Screen() +@@ -1788,7 +1725,6 @@ Window control + Set or return background color of the TurtleScreen. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.bgcolor("orange") + >>> screen.bgcolor() +@@ -1880,7 +1816,6 @@ Window control + distorted. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.reset() + >>> screen.setworldcoordinates(-50,-7.5,50,7.5) +@@ -1891,7 +1826,6 @@ Window control + ... left(45); fd(2) # a regular octagon + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> screen.reset() +@@ -1913,7 +1847,6 @@ Animation control + Optional argument: + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.delay() + 10 +@@ -1935,7 +1868,6 @@ Animation control + :func:`delay`). + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.tracer(8, 25) + >>> dist = 2 +@@ -1972,7 +1904,6 @@ Using screen events + must have the focus. (See method :func:`listen`.) + + .. doctest:: +- :skipif: _tkinter is None + + >>> def f(): + ... fd(50) +@@ -1993,7 +1924,6 @@ Using screen events + must have focus. (See method :func:`listen`.) + + .. doctest:: +- :skipif: _tkinter is None + + >>> def f(): + ... fd(50) +@@ -2018,7 +1948,6 @@ Using screen events + named ``turtle``: + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.onclick(turtle.goto) # Subsequently clicking into the TurtleScreen will + >>> # make the turtle move to the clicked point. +@@ -2038,7 +1967,6 @@ Using screen events + Install a timer that calls *fun* after *t* milliseconds. + + .. doctest:: +- :skipif: _tkinter is None + + >>> running = True + >>> def f(): +@@ -2120,7 +2048,6 @@ Settings and special methods + ============ ========================= =================== + + .. doctest:: +- :skipif: _tkinter is None + + >>> mode("logo") # resets turtle heading to north + >>> mode() +@@ -2135,7 +2062,6 @@ Settings and special methods + values of color triples have to be in the range 0..*cmode*. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.colormode(1) + >>> turtle.pencolor(240, 160, 80) +@@ -2156,7 +2082,6 @@ Settings and special methods + do with a Tkinter Canvas. + + .. doctest:: +- :skipif: _tkinter is None + + >>> cv = screen.getcanvas() + >>> cv +@@ -2168,7 +2093,6 @@ Settings and special methods + Return a list of names of all currently available turtle shapes. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.getshapes() + ['arrow', 'blank', 'circle', ..., 'turtle'] +@@ -2192,7 +2116,6 @@ Settings and special methods + coordinates: Install the corresponding polygon shape. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.register_shape("triangle", ((5,-3), (0,5), (-5,-3))) + +@@ -2208,7 +2131,6 @@ Settings and special methods + Return the list of turtles on the screen. + + .. doctest:: +- :skipif: _tkinter is None + + >>> for turtle in screen.turtles(): + ... turtle.color("red") +@@ -2270,7 +2192,6 @@ Methods specific to Screen, not inherite + center window vertically + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.setup (width=200, height=200, startx=0, starty=0) + >>> # sets window to 200x200 pixels, in upper left of screen +@@ -2286,7 +2207,6 @@ Methods specific to Screen, not inherite + Set title of turtle window to *titlestring*. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.title("Welcome to the turtle zoo!") + +@@ -2357,7 +2277,6 @@ Public classes + Example: + + .. doctest:: +- :skipif: _tkinter is None + + >>> poly = ((0,0),(10,-5),(0,10),(-10,-5)) + >>> s = Shape("compound") +@@ -2743,7 +2662,6 @@ Changes since Python 3.0 + + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> for turtle in turtles(): diff --git a/pre_checkin.sh b/pre_checkin.sh new file mode 100644 index 0000000..a2cf992 --- /dev/null +++ b/pre_checkin.sh @@ -0,0 +1,78 @@ +#!/bin/bash + +export LC_ALL=C + +master=python*.spec + +# create import_failed.map from package definitions +pkgname=$(grep python_pkg_name $master |grep define |awk -F' ' '{print $3}') +MAPFILE=import_failed.map +function new_map_line () { + package=$1 + package=$(echo $1 |sed -e "s:%{python_pkg_name}:$pkgname:") + modules=$2 + if [ -z "$package" -o -z "$modules" ]; then + return + fi + if [[ "$package" =~ "-base" ]]; then + return + fi + echo "$package:$modules" >> $MAPFILE.tmp +} + +for spec in *.spec; do + basename=${spec%.spec} + package= + modules= + while read line; do + case $line in + "%files -n "*) + new_map_line $package "$modules" + package=${line#"%files -n "} + modules= + ;; + "%files "*) + new_map_line $package "$modules" + package=$basename-${line#"%files "} + modules= + ;; + "%files") + new_map_line $package "$modules" + package=$basename + modules= + ;; + "%{sitedir}/config-"*) + # ignore + ;; + "%{sitedir}/"*) + word=${line#"%{sitedir}/"} + if ! echo $word | grep -q /; then + modules="$modules $word" + fi + ;; + "%{dynlib "*"}") + word=${line#"%{dynlib "} + word=${word%"}"} + modules="$modules $word" + ;; + esac + done < $spec + new_map_line $package "$modules" +done + +cat $MAPFILE.tmp |sort -u > $MAPFILE +rm $MAPFILE.tmp + +# run test inclusion check +tar xJf Python-*.xz +python3 skipped_tests.py + +# generate baselibs.conf +VERSION=$(grep ^Version $master|awk -F':' '{print $2}' |sed -e 's/ //g') +python_version=${VERSION:0:3} # 3.3 +python_version_abitag=${python_version//./} # 33 +python_version_soname=${python_version//./_} # 3_3 +echo "$pkgname-base" > baselibs.conf +echo "$pkgname" >> baselibs.conf +echo "libpython$python_version_soname-1_0" >> baselibs.conf + diff --git a/python-3.3.0b1-fix_date_time_compiler.patch b/python-3.3.0b1-fix_date_time_compiler.patch new file mode 100644 index 0000000..cda20d7 --- /dev/null +++ b/python-3.3.0b1-fix_date_time_compiler.patch @@ -0,0 +1,27 @@ +--- + Makefile.pre.in | 7 +++++++ + 1 file changed, 7 insertions(+) + +Index: Python-3.11.8/Makefile.pre.in +=================================================================== +--- Python-3.11.8.orig/Makefile.pre.in ++++ Python-3.11.8/Makefile.pre.in +@@ -1240,11 +1240,18 @@ Modules/getbuildinfo.o: $(PARSER_OBJS) \ + $(DTRACE_OBJS) \ + $(srcdir)/Modules/getbuildinfo.c + $(CC) -c $(PY_CORE_CFLAGS) \ ++ -DDATE="\"`date -u -r Makefile.pre.in +"%b %d %Y"`\"" \ ++ -DTIME="\"`date -u -r Makefile.pre.in +"%T"`\"" \ + -DGITVERSION="\"`LC_ALL=C $(GITVERSION)`\"" \ + -DGITTAG="\"`LC_ALL=C $(GITTAG)`\"" \ + -DGITBRANCH="\"`LC_ALL=C $(GITBRANCH)`\"" \ + -o $@ $(srcdir)/Modules/getbuildinfo.c + ++Python/getcompiler.o: $(srcdir)/Python/getcompiler.c Makefile ++ $(CC) -c $(PY_CORE_CFLAGS) \ ++ -DCOMPILER='"[GCC]"' \ ++ -o $@ $(srcdir)/Python/getcompiler.c ++ + Modules/getpath.o: $(srcdir)/Modules/getpath.c Python/frozen_modules/getpath.h Makefile $(PYTHON_HEADERS) + $(CC) -c $(PY_CORE_CFLAGS) -DPYTHONPATH='"$(PYTHONPATH)"' \ + -DPREFIX='"$(prefix)"' \ diff --git a/python-3.3.0b1-localpath.patch b/python-3.3.0b1-localpath.patch new file mode 100644 index 0000000..475497e --- /dev/null +++ b/python-3.3.0b1-localpath.patch @@ -0,0 +1,13 @@ +Index: Python-3.11.8/Lib/site.py +=================================================================== +--- Python-3.11.8.orig/Lib/site.py ++++ Python-3.11.8/Lib/site.py +@@ -77,7 +77,7 @@ import io + import stat + + # Prefixes for site-packages; add additional prefixes like /usr/local here +-PREFIXES = [sys.prefix, sys.exec_prefix] ++PREFIXES = [sys.prefix, sys.exec_prefix, '/usr/local'] + # Enable per user site-packages directory + # set it to False to disable the feature or True to force the feature + ENABLE_USER_SITE = None diff --git a/python-3.3.0b1-test-posix_fadvise.patch b/python-3.3.0b1-test-posix_fadvise.patch new file mode 100644 index 0000000..ac5d553 --- /dev/null +++ b/python-3.3.0b1-test-posix_fadvise.patch @@ -0,0 +1,17 @@ +--- + Lib/test/test_posix.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +Index: Python-3.11.8/Lib/test/test_posix.py +=================================================================== +--- Python-3.11.8.orig/Lib/test/test_posix.py ++++ Python-3.11.8/Lib/test/test_posix.py +@@ -430,7 +430,7 @@ class PosixTester(unittest.TestCase): + def test_posix_fadvise(self): + fd = os.open(os_helper.TESTFN, os.O_RDONLY) + try: +- posix.posix_fadvise(fd, 0, 0, posix.POSIX_FADV_WILLNEED) ++ posix.posix_fadvise(fd, 0, 0, posix.POSIX_FADV_RANDOM) + finally: + os.close(fd) + diff --git a/python.keyring b/python.keyring new file mode 100644 index 0000000..747bc27 --- /dev/null +++ b/python.keyring @@ -0,0 +1,109 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBFq+ToQBEADRYvIVtbK6owynD3j3nxwpW2KEk/p+aDvtXmc2SR2dBcZ8sFW2 +R5vEsG8d3/D3wgv5pcL3KfNNXQYUnXVbobrFUUWQYc79qIsE3MgiPf5NVOtwKPUR +i5g9YJgKvpBxkQfqp3LYGm9ZBtwo3DVLA3yn7KsazCmAgTNFJYw7ku1XxgmIzY6K +5J30DfbJiqDqj4f9GslCCCCH3qiPnuLG/HUyVLHMpbWlaiy9NI0GcaLxjJewHj9w +W2D2lydkxe5JGo7egUkV3ILcuLVSVKA35SKY27dYqfuyqp9tAzaRbjDYjsYdHA6G +BqrNrKBn/GwlFDPrVdcvN3ZSY2wMLTxWE3Axc/FweuHxFnou/80FwX7F3JD+oEQ6 +rofmcxOBCC7J98I7HZAhP9jBn88XIS2hztbLq8d6rZJZRtcz0k61VR0ddO+TrFmf +9rMYCPgCckRtVxeFIVIabrN1IzKynLFeo040h8hSGswd6YKDOVwjJY6Oa6EmVefZ +a8QSt4+M65RSzH6SEPY008F3nJUAK6MEkzTak+tFltZNrVWu8p2xd1j9nmxAwEhZ +/lgbxLqzYgaUWmfyHeZ8yVA0MhHzdiAL8nVUEdG3KecIq0RWCJLGLWWIjd6KAJl1 +yAmhRYKK/sjPDsL3elHsFACfZbyx3o5GGQNlas1FYoPLWbaNGaJtgFTF2QARAQAB +tCtQYWJsbyBHYWxpbmRvIFNhbGdhZG8gPHBhYmxvZ3NhbEBnbWFpbC5jb20+iQJO +BBMBCgA4FiEEoDXIwZIZuoIezqhrZOYo+NaEaW0FAlq+ToQCGwMFCwkIBwMFFQoJ +CAsFFgIDAQACHgECF4AACgkQZOYo+NaEaW2bmA/+PXIap2udLoUVOHxnsIBdqYwp +sv1Aj5lfIJmNhmxPbHShwp1Jg+w4urxe+2Dj5ofKVlIo1i83bQkvnKJMDXDVuc/K +P6zqhBJ3rT4Q3qx2mzX8bIfQoJ2JHuH4lkP+I7doDcHHRyeNASyk72VdQmU4twNw +Ibn8nSNV6ThKHdoPYzVnO2rZUFcGIqH5HNsvR+B7cc1MBCHsgURYwSVhSePIFGlZ +iasdBD6QQkDSe4QWi7AcJFWFElw4kbOKJWxAWsrEk+tMXJVGRjnmL289EmPCx/vx +BqKy7Mse0yWCSRR3vB+O6TB1S5SgEyEgqlYsfGNv1qf/rfRD4KkyCbNU3LhY1Aim +vJP4pDW+KFxTk2Ks8vrx8gOSd2aFqPeO/pFDrpsF7PD62XwsfoXu4xc5V0Giw7r1 +Nai0nax7kOrldNF8TbbtRjW0jmoC7wLIDujAkwDIOroZ0CXA3N4HVHdSbrHm/urX +nyxJXupXAQNwGx64JCBcbF2fp3Kvu1VAXBEFnd01KaopthHcbG5pA50Kl2Vhe+98 +OdezUX42fHkQpQkB7HgtXfm6W1bw6YRBamrNvs1OoHBYmUjlECpe566IIu25Hc8s +x3qA+6eca7iqizyLG+WyMT8ZIYTWGAS59jxwR4esqGczbbZPSAPHFwLbGv7Wr0Rd +TPu5B0FcKpDkTd4IxQW5Ag0EWr5O2gEQAMjLe4CtbSfofmJrz5wfNkMVsZ81Gbqe +MoYd3dtkJnQYERUj8flzBj3ucaxGJ+Cuf7ybh3naPopKvEI1q0vkcgCDqrEgXK// +jKJbP28uPSMGhOG28q4PbamG55gy5FtM3ezzAxPWWKe9qBpV65GMmFy7eBQx2iJs +yiDIOOQQ4kraS+cTqNFimEXAGLCOQRNLcwIZzwAAHoW7HEpNUfVwaBD9kMlbo1ND +I60IKcNrNcmcmRxhJqfxjj8YBMwcKHO6GBE3AVpaE/+UO9zyr4TH+0YuQUgxKlPW +Dkg5XlkDo0S1GyLY5e9ckIDIlkTdDa2pOkoE2yB5MQCEga3YiHrKUVTTWaxn9XVJ +6x5ZjUF6bgSWGkrG5dUqSYoO1iDMuNVjtiujNyf/rvfj5cNxS7/lgxchhQKZHZXL +WVqxlneeVJ6s0P4+ROVG9ga2Sve7aUJ6wXIewZwulBcV2sE/W/DgxHgLBi53CUQt +vEzFzKvo48GnDqL5VYjA7l0HMYHd4GksCLi8E8U6Cgj+imXiM8voL7pHRZfs8mY8 +udR+UT4e1Scl2MYP2qBJ9/17B/X52B3s1EZdqI/r+hfOyqrhPs+dbAN0mtMPn68+ +nrvY1+nscvrSYEP6ZBlc9Hp2mgJdb6IcTvINXBEeLRjgc3pjViva443pkiFp9Axm +ecOckMKP3uSlABEBAAGJBGwEGAEKACAWIQSgNcjBkhm6gh7OqGtk5ij41oRpbQUC +Wr5O2gIbAgJACRBk5ij41oRpbcF0IAQZAQoAHRYhBM/cokWxBDzypfl4Zf/odAQW +i9hHBQJavk7aAAoJEP/odAQWi9hHr7YP/RCLre1CmOoWYpAtoa1yVCeYMDV6eQgL +B488/BEZHQE1zbrYy16XkhORob3JF/kUMjmJW7XaFF8FrWvRcdj/xaUGbOOEulKg +v+8zWfswYQRiZ4/JlwER4vRLi6fTE89MVER6Fkj2ASD4D2cifY+EztD4flV3sq3s +vIogGFaN9IvdrdeptOVGXs1RmAyoTsiS2mKQ6xsGh8B9ZAm55W8fBOGiSzLX21Xk +Ofdw53BrFQxn3cu/JgIKpdeZxgukcvEAI62B6X+YL6Na4j0eqEGLzsNtU1+xeJlo +WtVvmRwnRHGSxF6fzIZ3mk/p/aFiXAEq/xITCTY6tDv7x7pFE/RpdlJZyNJ+R5Y4 +SQiuDsylxNCa/4G5EB6q+7iVYtbEQ9MnZg2phowEE42tlj0rz8/rvDK3LH3xibot +KHIodCWKlWByxH99u2PuHUQ0c1oCVBUE1KkruMpvI236DpU/dvdq4JLSg/fWrys/ +VIjqLZgsIE5g/KO9XqngWHkLcBLh4CNAmHJ8Iia+s+/rfgsejQWB5uJb6eYg2JjB +4WP1EI0rULM6fdrCNB+MJ36wE2Lnb4bfT0phOMgjjH5/Ki7ZCbkxkOsBs4SRjiS+ +weCsmpAtMqodWY/Cnw9pWSA/qLSRD5/mKeb9SO6OZ/OPfAatwnGHsvZ2sAueC6rR +04W5BfXZWrnJUXQP/id/EKE1Ksp5fKoxSCbkKTCig+Sf5Afwe36yFN+niZBqzn5b +BgL/HIKaZM97oDHersPPANeEgS+JVlBf95iKIYnQbZP43FLVbvOuaINhBIVtFO54 +2Y7EYwl41kP7ILDElVy36KAmdQyBAfrjnZiRA70xShOxApLug1L0lxhR3YfmLwNi +RJ0V6KnYDKf0pfdhO9VFyFFWUojX1usn2SmSsXNizsNtvRqHXzPnX0rbJzZ9+N4O +9k1nxygYFG/2R/jGonVmTjRzcAHrAkNJETMWXMA7/8wRMDwluz8j+cCldey9x8Vk +JwgLGnZSbQtVpcFAnm5r/36Gt+9wc1VWMyrUrVr6Z679aqAbG7PMaeR5h5ygMj1k +VqRTYAUPSk1f8bZKRssQkQwEbp9dVIjm9SsR8VT7/tB+UuB85dABxgHfv3psJRT+ +tL8g9V7kSZqQfcLNGmvEVvr2Zl9NtxwXtsFM2OBprxCenwb+e9Ppm1LjfJG/NE72 +mAnOERfDaiLt4bqNo36Ei5sGCJ4Fx61phzNBXzkdRNM47i8J5UZRKFkE91c99BVM +HKUaY61NRK24fR0zP98ftDU82YFw0VRFJpTeBrO5ivN1MlQxUPzUWxKxMxO+20wa +UOXroEw11Tb4SRLGOla1pCl6lCUPJRy9IzadPDgTr/OTMkob/snt/XLdnV5/uQIN +BFq+TvoBEAC8Oy1g6pPWBbrCMhIq7VWY2fjylJ1fwg5BPXkOKVK1dsGYO4QD7oW9 +L0aSqcFSNFGF9Cl0Ri4TFXZC3hnG4HeSXUWApuKdBLn21H3jba36Ay1oGcGfdm0v +Zght4c6BlMVBpGCw2wIkJbUNEy6InMM+O8CCbbaH3iJkJ4141P7pODHignx5AmZI +conMui4YOhC+IXQXynVEv1Juk7erB1Nh1RcRvsA4lb44HWx49lIwe85ejOmoZ0O3 +6f9NJRer6bV0+rHWmg4IV5Q9h/Gn4IhEDZxA0DZl1RQI7dMgaMbIFbXGq7Kgzstz +EUnOoy29hXodxVmwIsMrAiQUYtwJ9hW+ESsw47+W2iPHVgviGWl7r/SgcgMYmf6m +5kiTBtwU7BQPS9G3zwwP2Rm3AA/6g39Q+tQKjOwi1I8+GZsY2On44Zly7BreBNg5 +4gJgdAGcMOYU9etr050clH3UpTYcAEtX++ahtOKhJgLIPNcIAQNlnifqvU0VYpgw +R4YpZ7hgg+AVDzC73PIM0lFI0XiDuqChbxE+K1jmLXWe5iJF0dzgVTwP+PmsifNZ +Wg3+YxSsS+hDMPQ2xPiQN49gT4JJDHcDuyhHyCGYgyMiVJCsku9KrkubbfVRivyN +ZF2Zfo3f+nbrRxsftz0yjAq8byCvb0V0XOpt4pJ/ddlug9ytRxALNwARAQABiQI2 +BBgBCgAgFiEEoDXIwZIZuoIezqhrZOYo+NaEaW0FAlq+TvoCGwwACgkQZOYo+NaE +aW3urA//UQ/cKQ7HvWjcLphzQOZc+6m5YL0wxvZkSjemU7mqjZdpacteIvRAoers +EqXHc208liIBtNfRzoreXdcXNzie65xXkrRnWoHVH/fTWy4lOnHr2CMXLeHjUgg/ +M6PYi8+sARm05YFB8nsYhlhx3IdLhcfeVVbJedQKO0yL3CK1okT30DUVq5Lq6X/K +DC6AxuJR3D6UMSoT0WLaoX8qbhAp88qLynInfBVL18d97h916WPLTPeP0eHwhwND +bYtKDCMDuKQ9XX5+QsNH0RmbxlX274LHrUMMvkLKxcfCBvP+iuqrBeIuoeVzXYJZ +j7ZJtEH79bW44eecl/CY/STFYgSQ2XGTp2BI2q60wAmtKlNhwxY5ena0FgyFl6Tm +5OBHW/Pwo+ndQJGfbrCyWkTgRay9c8er3gl3GQYIBH6X0kCiG7h/Epj0b5CHOPU5 +hCw0kEB8MB4poTIjeiY+Q01472/lQ68CL3DX158hR5d3XaPSIxAN+qFsfB1o316p +yjxhfK1MD/IfrOgjlggPPnc/KmLkCzpgdwKcZwLCdZq9hYBvF1Zs34HbaVMYbWTK +uxLowtXGU43vatCXXqmPOvl4/g4tZD6rysJDgOrHQnEHzT+Napn07s0BRC0IbbNn +FynUrkr5KMSuRz7Hg7xMApENOrb0nqdHSUJ914ZpuMIS6RhJgGu5Ag0EWr5PIAEQ +ALfh9vPD2B+miHDTMADI8aRZ7g9tnzynZYkk3+2sCiiusetsQQ+HIPJ/ASEJB7On +ane9dyT/LTRhrK9qaxgVMimk2COXB/xyh7Mnw7nJgFU0aRSbtX0vbvQz2suSzrQ6 +9mPKzan28JGoClqB0bw1vwf3VjjxHV2dgD57CmqFPv7kAC/2a56dE+etzXattZAL ++2JWTpmfQ0ePRRadtBm0VahQhnU8x0+jvAVrEawqpVW83ozYFyW/0WInM2J7jHgQ +16OosY4lj5L/DxpVxaArhRFoRfWPXfC37iE8Mou/I95isvPQIhp1wTo4jG0KM02B +oIVbp/QRNBQ6WtpOzvJs1gqQiJJTfqbKJXQ3NDEY9crpVS83HJ+Zv99PNsyNkFjG +QpU84U3ZhsI4ygjdY45mpZueqI1RVcRQdu8Hgvoo/78Q/Sir6gMGop3mVdVo2guI +kFcJrXh0Xk3ech4aVqrmKx/mPXGwOAQU0DAul4RW3fKg1QxQE7Tlw3+95Ee/+q5j +HARL0uDbCJpRO8Sl8NDEuL32n/2Ot6kQeCSHrU7KJRYAkTxkKvr8zNow7hFhHFPE +SnHvTnskI6noh0VY6NwMhmLvhm0wKkRxZPzUNc3sgLvbK1NymIZ9aKCZamzhZrmG +vnblEz/OSLwGUua465H3hM1vvBQiartj7+6ZqWIkSmBPABEBAAGJAjYEGAEKACAW +IQSgNcjBkhm6gh7OqGtk5ij41oRpbQUCWr5PIAIbIAAKCRBk5ij41oRpbWmeEACG ++axtDC8UoNp9ORiYwEWLzZWDuugE+ah7DYYGD4Vs633FXVZW3SgM/bFtJ/0Lg8CF +74jI4LMHyIjDzEjcoItwnhBLix+kUoJTvrY58GPydwekLuw1p4KXLqtRs4fsZbNQ +YTknl4jYtRWoxO98x7tun7Gq2gqmJkIB2uj630fKz5cBk6p6oDFKjzyrHe+V7BiK +3okQPaD4x7hq8OnTy7lOy92ZZAqztS4tNEb4DkYW1MpuwsJ7hbBZitc1siI+FVVb +GjVVGZz6ssXoW67Tz8+VxdWJxNLXlv27eMcj4sme5S0th/YYNA5fRRv6zuzqZAru +YNGLpYYU7JLvZJ+3lCwa5j5ycOGBF0GvsGs6gj6h+CHkjR/BgzAgWC+GgUgslt6q +aH04rWtV6rVz+Y91LcrX5P6OM4anmXD3Gp3kl35AypXb4KyASF19+11RUziD4Z7q +wQEWfbwOltNyZv2lD8s2jPr7P02axWRQUbZAEhxRmvOQev/FZPyCF6gqUo/HxRbQ +y3bzmnipyHSv1DlXNfCFCHvN8kGyZnRWARqIKRg+j9ediJgOUqlLhg6KmrTVxd5v +3Dfv52PW2UODDTM20s3cQGuX/UswzMRwPI/+P44iCMwEKdm7duM/5oisZT9Vhy7g +P15MreFZLcZvUVgjqgy0u57cstyGK1Bo9e2sFcK2fA== +=6Zb4 +-----END PGP PUBLIC KEY BLOCK----- diff --git a/python311-rpmlintrc b/python311-rpmlintrc new file mode 100644 index 0000000..6c3d3b0 --- /dev/null +++ b/python311-rpmlintrc @@ -0,0 +1,4 @@ +addFilter("pem-certificate.*/usr/lib.*/python.*/test/*.pem") +addFilter("devel-file-in-non-devel-package.*/usr/lib.*/python.*/tests/*.c") +addFilter("devel-file-in-non-devel-package.*/usr/lib.*/python.*/test/*.cpp") +addFilter("python-bytecode-inconsistent-mtime.*\.pyc") diff --git a/python311.changes b/python311.changes new file mode 100644 index 0000000..35d93e5 --- /dev/null +++ b/python311.changes @@ -0,0 +1,5623 @@ +------------------------------------------------------------------- +Mon Jun 9 17:19:32 UTC 2025 - Matej Cepl + +- Update to 3.11.13: + - Security + - gh-135034: Fixes multiple issues that allowed tarfile + extraction filters (filter="data" and filter="tar") to be + bypassed using crafted symlinks and hard links. + Addresses CVE-2024-12718 (bsc#1244056), CVE-2025-4138 + (bsc#1244059), CVE-2025-4330 (bsc#1244060), and + CVE-2025-4517 (bsc#1244032). + - gh-133767: Fix use-after-free in the “unicode-escape” + decoder with a non-“strict” error handler (CVE-2025-4516, + bsc#1243273). + - gh-128840: Short-circuit the processing of long IPv6 + addresses early in ipaddress to prevent excessive memory + consumption and a minor denial-of-service. + - Library + - gh-128840: Fix parsing long IPv6 addresses with embedded + IPv4 address. + - gh-134062: ipaddress: fix collisions in __hash__() for + IPv4Network and IPv6Network objects. + - gh-123409: Fix ipaddress.IPv6Address.reverse_pointer output + according to RFC 3596, §2.5. Patch by Bénédikt Tran. + - bpo-43633: Improve the textual representation of + IPv4-mapped IPv6 addresses (RFC 4291 Sections 2.2, 2.5.5.2) + in ipaddress. Patch by Oleksandr Pavliuk. +- Remove upstreamed patches: + - gh-126572-test_ssl-no-stop-ThreadedEchoServer-OSError.patch + - CVE-2025-4516-DecodeError-handler.patch + +------------------------------------------------------------------- +Thu May 22 13:01:17 UTC 2025 - Matej Cepl + +- Add CVE-2025-4516-DecodeError-handler.patch fixing + CVE-2025-4516 (bsc#1243273) blocking DecodeError handling + vulnerability, which could lead to DoS. + +------------------------------------------------------------------- +Sat May 17 10:02:27 UTC 2025 - Matej Cepl + +- Use extended %autopatch. + +------------------------------------------------------------------- +Sat May 10 11:38:24 UTC 2025 - Matej Cepl + +- Remove python-3.3.0b1-test-posix_fadvise.patch (not needed + since kernel 3.6-rc1) + +------------------------------------------------------------------- +Fri Apr 18 14:05:38 UTC 2025 - Matej Cepl + +- Update to 3.11.12: + - gh-131809: Update bundled libexpat to 2.7.1 + - gh-131261: Upgrade to libexpat 2.7.0 + - gh-105704: When using urllib.parse.urlsplit() and + urllib.parse.urlparse() host parsing would not reject domain + names containing square brackets ([ and ]). Square brackets + are only valid for IPv6 and IPvFuture hosts according to RFC + 3986 Section 3.2.2 (bsc#1236705, CVE-2025-0938, + gh#python/cpython#105704). + - gh-121284: Fix bug in the folding of rfc2047 encoded-words + when flattening an email message using a modern email + policy. Previously when an encoded-word was too long for + a line, it would be decoded, split across lines, and + re-encoded. But commas and other special characters in the + original text could be left unencoded and unquoted. This + could theoretically be used to spoof header lines using a + carefully constructed encoded-word if the resulting rendered + email was transmitted or re-parsed. + - gh-80222: Fix bug in the folding of quoted strings + when flattening an email message using a modern email + policy. Previously when a quoted string was folded so that + it spanned more than one line, the surrounding quotes and + internal escapes would be omitted. This could theoretically + be used to spoof header lines using a carefully constructed + quoted string if the resulting rendered email was transmitted + or re-parsed. + - gh-119511: Fix a potential denial of service in the imaplib + module. When connecting to a malicious server, it could + cause an arbitrary amount of memory to be allocated. On many + systems this is harmless as unused virtual memory is only + a mapping, but if this hit a virtual address size limit + it could lead to a MemoryError or other process crash. On + unusual systems or builds where all allocated memory is + touched and backed by actual ram or storage it could’ve + consumed resources doing so until similarly crashing. + - gh-127257: In ssl, system call failures that OpenSSL reports + using ERR_LIB_SYS are now raised as OSError. + - gh-121277: Writers of CPython’s documentation can now use + next as the version for the versionchanged, versionadded, + deprecated directives. + - gh-106883: Disable GC during the _PyThread_CurrentFrames() + and _PyThread_CurrentExceptions() calls to avoid the + interpreter to deadlock. +- Remove upstreamed patch: + - CVE-2025-0938-sq-brackets-domain-names.patch +- Add gh-126572-test_ssl-no-stop-ThreadedEchoServer-OSError.patch + which makes test_ssl not to stop ThreadedEchoServer on OSError, + which makes test_ssl pass with OpenSSL 3.5 (bsc#1241067, + gh#python/cpython!126572) + +------------------------------------------------------------------- +Wed Mar 12 15:05:46 UTC 2025 - Bernhard Wiedemann + +- Allow to disable PGO + +------------------------------------------------------------------- +Mon Mar 10 15:44:31 UTC 2025 - Bernhard Wiedemann + +- Skip PGO with %want_reproducible_builds (bsc#1239210) + +------------------------------------------------------------------- +Tue Feb 4 14:43:13 UTC 2025 - Matej Cepl + +- Add CVE-2025-0938-sq-brackets-domain-names.patch which + disallows square brackets ([ and ]) in domain names for parsed + URLs (bsc#1236705, CVE-2025-0938, gh#python/cpython#105704) + +------------------------------------------------------------------- +Mon Jan 27 09:00:48 UTC 2025 - Daniel Garcia + +- Configure externally_managed with a bcond + https://en.opensuse.org/openSUSE:Python:Externally_managed + bsc#1228165 + +------------------------------------------------------------------- +Wed Dec 4 21:40:41 UTC 2024 - Matej Cepl + +- Update to 3.11.11: + - Tools/Demos + - gh-123418: Update GitHub CI workflows to use OpenSSL 3.0.15 + and multissltests to use 3.0.15, 3.1.7, and 3.2.3. + - Tests + - gh-125041: Re-enable skipped tests for zlib on the + s390x architecture: only skip checks of the compressed + bytes, which can be different between zlib’s software + implementation and the hardware-accelerated implementation. + - Security + - gh-126623: Upgrade libexpat to 2.6.4 + - gh-122792: Changed IPv4-mapped ipaddress.IPv6Address to + consistently use the mapped IPv4 address value for deciding + properties. Properties which have their behavior fixed are + is_multicast, is_reserved, is_link_local, is_global, and + is_unspecified. + - Library + - gh-124651: Properly quote template strings in venv + activation scripts (bsc#1232241, CVE-2024-9287). +- Removed upstreamed patches: + - CVE-2024-9287-venv_path_unquoted.patch + +------------------------------------------------------------------- +Tue Dec 3 08:21:35 UTC 2024 - John Paul Adrian Glaubitz + +- Add add-loongarch64-support.patch to support loongarch64 + +------------------------------------------------------------------- +Mon Dec 2 22:50:07 UTC 2024 - Matej Cepl + +- Fix changelog + +------------------------------------------------------------------- +Mon Nov 11 12:43:40 UTC 2024 - Daniel Garcia + +- Remove -IVendor/ from python-config boo#1231795 + +------------------------------------------------------------------- +Fri Nov 1 16:32:10 UTC 2024 - Matej Cepl + +- Add CVE-2024-9287-venv_path_unquoted.patch to properly quote + path names provided when creating a virtual environment + (bsc#1232241, CVE-2024-9287) + +------------------------------------------------------------------- +Wed Oct 2 16:18:29 UTC 2024 - Matej Cepl + +- Drop .pyc files from docdir for reproducible builds + (bsc#1230906). + +------------------------------------------------------------------- +Mon Sep 9 16:53:07 UTC 2024 - Matej Cepl + +- Update to 3.11.10: + - Security + - gh-123678: Upgrade libexpat to 2.6.3 + - gh-121957: Fixed missing audit events around interactive + use of Python, now also properly firing for ``python -i``, + as well as for ``python -m asyncio``. The event in question + is ``cpython.run_stdin``. + - gh-122133: Authenticate the socket connection for the + ``socket.socketpair()`` fallback on platforms where + ``AF_UNIX`` is not available like Windows. Patch by + Gregory P. Smith and Seth Larson + . Reported by Ellie + - gh-121285: Remove backtracking from tarfile header parsing + for ``hdrcharset``, PAX, and GNU sparse headers + (bsc#1230227, CVE-2024-6232). + - gh-118486: :func:`os.mkdir` on Windows now accepts + *mode* of ``0o700`` to restrict the new directory to + the current user. This fixes CVE-2024-4030 affecting + :func:`tempfile.mkdtemp` in scenarios where the base + temporary directory is more permissive than the default. + - gh-116741: Update bundled libexpat to 2.6.2 + - Library + - gh-123270: Applied a more surgical fix for malformed + payloads in :class:`zipfile.Path` causing infinite loops + (gh-122905) without breaking contents using legitimate + characters (bsc#1229704, CVE-2024-8088). + - gh-123067: Fix quadratic complexity in parsing ``"``-quoted + cookie values with backslashes by :mod:`http.cookies` + (bsc#1229596, CVE-2024-7592). + - gh-122905: :class:`zipfile.Path` objects now sanitize names + from the zipfile. + - gh-121650: :mod:`email` headers with embedded newlines are + now quoted on output. The :mod:`~email.generator` will now + refuse to serialize (write) headers that are unsafely folded + or delimited; see :attr:`~email.policy.Policy.verify_generated_headers`. + (Contributed by Bas Bloemsaat and Petr Viktorin in + :gh:`121650`; CVE-2024-6923, bsc#1228780). + - gh-119506: Fix :meth:`!io.TextIOWrapper.write` method + breaks internal buffer when the method is called again + during flushing internal buffer. + - gh-118643: Fix an AttributeError in the :mod:`email` module + when re-fold a long address list. Also fix more cases of + incorrect encoding of the address separator in the address + list. + - gh-113171: Fixed various false positives and false + negatives in * :attr:`ipaddress.IPv4Address.is_private` + (see these docs for details) * + :attr:`ipaddress.IPv4Address.is_global` * + :attr:`ipaddress.IPv6Address.is_private` * + :attr:`ipaddress.IPv6Address.is_global` Also in the + corresponding :class:`ipaddress.IPv4Network` and + :class:`ipaddress.IPv6Network` attributes. + Fixes bsc#1226448 (CVE-2024-4032). + - gh-102988: :func:`email.utils.getaddresses` and + :func:`email.utils.parseaddr` now return ``('', '')`` + 2-tuples in more situations where invalid email addresses + are encountered instead of potentially inaccurate + values. Add optional *strict* parameter to these two + functions: use ``strict=False`` to get the old behavior, + accept malformed inputs. ``getattr(email.utils, + 'supports_strict_parsing', False)`` can be use to check if + the *strict* paramater is available. Patch by Thomas Dwyer + and Victor Stinner to improve the CVE-2023-27043 fix + (bsc#1210638). + - gh-67693: Fix :func:`urllib.parse.urlunparse` and + :func:`urllib.parse.urlunsplit` for URIs with path starting + with multiple slashes and no authority. Based on patch by + Ashwin Ramaswami. + - Core and Builtins + - gh-112275: A deadlock involving ``pystate.c``'s + ``HEAD_LOCK`` in ``posixmodule.c`` at fork is now + fixed. Patch by ChuBoning based on previous Python 3.12 fix + by Victor Stinner. + - gh-109120: Added handle of incorrect star expressions, e.g + ``f(3, *)``. Patch by Grigoryev Semyon +- Removed upstreamed patches: + - CVE-2023-27043-email-parsing-errors.patch + - CVE-2024-4032-private-IP-addrs.patch + - CVE-2024-6923-email-hdr-inject.patch + - CVE-2024-8088-inf-loop-zipfile_Path.patch + (renamed from CVE-2024-8088-zipfile-Path-sanitization.patch) + - CVE-2024-6232-ReDOS-backtrack-tarfile.patch + - CVE-2024-7592-quad-complex-cookies.patch + +------------------------------------------------------------------- +Mon Sep 2 09:44:26 UTC 2024 - Matej Cepl + +- Add gh120226-fix-sendfile-test-kernel-610.patch to avoid + failing test_sendfile_close_peer_in_the_middle_of_receiving + tests on Linux >= 6.10 (GH-120227). + +------------------------------------------------------------------- +Wed Aug 28 16:54:34 UTC 2024 - Matej Cepl + +- Add CVE-2024-8088-inf-loop-zipfile_Path.patch to prevent + malformed payload to cause infinite loops in zipfile.Path + (bsc#1229704, CVE-2024-8088). + +------------------------------------------------------------------- +Wed Aug 7 12:12:42 UTC 2024 - Matej Cepl + +- Add CVE-2024-6923-email-hdr-inject.patch to prevent email + header injection due to unquoted newlines (bsc#1228780, + CVE-2024-6923). +- %{profileopt} variable is set according to the variable + %{do_profiling} (bsc#1227999) + +------------------------------------------------------------------- +Mon Jul 22 21:20:55 UTC 2024 - Matej Cepl + +- Remove %suse_update_desktop_file macro as it is not useful any + more. + +------------------------------------------------------------------- +Thu Jul 18 22:37:07 UTC 2024 - Matej Cepl + +- Adding bso1227999-reproducible-builds.patch fixing bsc#1227999 + adding reproducibility patches from gh#python/cpython!121872 + and gh#python/cpython!121883. + +------------------------------------------------------------------- +Mon Jul 15 12:14:05 UTC 2024 - Matej Cepl + +- Stop using %%defattr, it seems to be breaking proper executable + attributes on /usr/bin/ scripts (bsc#1227378). + +------------------------------------------------------------------- +Tue Jul 2 10:32:58 UTC 2024 - Daniel Garcia + +- Update F00251-change-user-install-location.patch to make pip and + modern tools install directly in /usr/local when used by the user. + bsc#1225660 + +------------------------------------------------------------------- +Tue Jun 25 21:57:40 UTC 2024 - Matej Cepl + +- Add CVE-2024-4032-private-IP-addrs.patch to fix bsc#1226448 + (CVE-2024-4032) rearranging definition of private v global IP + addresses. + +------------------------------------------------------------------- +Wed May 1 08:39:08 UTC 2024 - Matej Cepl + +- Update CVE-2023-52425-libexpat-2.6.0-backport.patch + so that it uses features sniffing, not just + comparing version number. Include also + support-expat-CVE-2022-25236-patched.patch. +- Add CVE-2023-52425-remove-reparse_deferral-tests.patch skipping + failing tests. +- Refresh patches: + - CVE-2023-27043-email-parsing-errors.patch + - fix_configure_rst.patch + - skip_if_buildbot-extend.patch +- Remove included patch: + - support-expat-CVE-2022-25236-patched.patch + +------------------------------------------------------------------- +Mon Apr 15 10:31:32 UTC 2024 - Daniel Garcia + +- Add CVE-2023-52425-libexpat-2.6.0-backport.patch to fix tests with + patched libexpat below 2.6.0 that doesn't update the version number, + just in SLE. + +------------------------------------------------------------------- +Mon Apr 8 05:44:04 UTC 2024 - Daniel Garcia + +- Remove not needed upstream patches: + * libexpat260.patch + * CVE-2023-6597-TempDir-cleaning-symlink.patch, bsc#1219666 + * CVE-2024-0397-memrace_ssl.SSLContext_cert_store.patch + +- Update to 3.11.9: + * Security + - gh-115398: Allow controlling Expat >=2.6.0 reparse deferral + (CVE-2023-52425, bsc#1219559) by adding five new methods: + xml.etree.ElementTree.XMLParser.flush() + xml.etree.ElementTree.XMLPullParser.flush() + xml.parsers.expat.xmlparser.GetReparseDeferralEnabled() + xml.parsers.expat.xmlparser.SetReparseDeferralEnabled() + xml.sax.expatreader.ExpatParser.flush() + - gh-115399: Update bundled libexpat to 2.6.0 + - gh-115243: Fix possible crashes in collections.deque.index() + when the deque is concurrently modified. + - gh-114572: ssl.SSLContext.cert_store_stats() and + ssl.SSLContext.get_ca_certs() now correctly lock access to the + certificate store, when the ssl.SSLContext is shared across + multiple threads (bsc#1226447, CVE-2024-0397). + * Core and Builtins + - gh-116296: Fix possible refleak in object.__reduce__() internal + error handling. + - gh-116034: Fix location of the error on a failed assertion. + - gh-115823: Properly calculate error ranges in the parser when + raising SyntaxError exceptions caused by invalid byte sequences. + Patch by Pablo Galindo + - gh-112087: For an empty reverse iterator for list will be + reduced to reversed(). Patch by Donghee Na. + - gh-115011: Setters for members with an unsigned integer type now + support the same range of valid values for objects that has a + __index__() method as for int. + - gh-96497: Fix incorrect resolution of mangled class variables + used in assignment expressions in comprehensions. + * Library + - gh-117310: Fixed an unlikely early & extra Py_DECREF triggered + crash in ssl when creating a new _ssl._SSLContext if CPython was + built implausibly such that the default cipher list is empty or + the SSL library it was linked against reports a failure from its + C SSL_CTX_set_cipher_list() API. + - gh-117178: Fix regression in lazy loading of self-referential + modules, introduced in gh-114781. + - gh-117084: Fix zipfile extraction for directory entries with the + name containing backslashes on Windows. + - gh-117110: Fix a bug that prevents subclasses of typing.Any to + be instantiated with arguments. Patch by Chris Fu. + - gh-90872: On Windows, subprocess.Popen.wait() no longer calls + WaitForSingleObject() with a negative timeout: pass 0 ms if the + timeout is negative. Patch by Victor Stinner. + - gh-116957: configparser: Don’t leave ConfigParser values in an + invalid state (stored as a list instead of a str) after an + earlier read raised DuplicateSectionError or + DuplicateOptionError. + - gh-90095: Ignore empty lines and comments in .pdbrc + - gh-116764: Restore support of None and other false values in + urllib.parse functions parse_qs() and parse_qsl(). Also, they + now raise a TypeError for non-zero integers and non-empty + sequences. + - gh-116811: In PathFinder.invalidate_caches, delegate to + MetadataPathFinder.invalidate_caches. + - gh-116600: Fix repr() for global Flag members. + - gh-116484: Change automatically generated tkinter.Checkbutton + widget names to avoid collisions with automatically generated + tkinter.ttk.Checkbutton widget names within the same parent + widget. + - gh-116401: Fix blocking os.fwalk() and shutil.rmtree() on + opening named pipe. + - gh-116143: Fix a race in pydoc _start_server, eliminating a + window in which _start_server can return a thread that is + “serving” but without a docserver set. + - gh-116325: typing: raise SyntaxError instead of AttributeError + on forward references as empty strings. + - gh-90535: Fix support of interval values > 1 in + logging.TimedRotatingFileHandler for when='MIDNIGHT' and + when='Wx'. + - gh-115978: Disable preadv(), readv(), pwritev(), and writev() on + WASI. + - Under wasmtime for WASI 0.2, these functions don’t pass + test_posix + (https://github.com/bytecodealliance/wasmtime/issues/7830). + - gh-88352: Fix the computation of the next rollover time in the + logging.TimedRotatingFileHandler handler. computeRollover() now + always returns a timestamp larger than the specified time and + works correctly during the DST change. doRollover() no longer + overwrite the already rolled over file, saving from data loss + when run at midnight or during repeated time at the DST change. + - gh-87115: Set __main__.__spec__ to None when running a script + with pdb + - gh-76511: Fix UnicodeEncodeError in email.Message.as_string() + that results when a message that claims to be in the ascii + character set actually has non-ascii characters. Non-ascii + characters are now replaced with the U+FFFD replacement + character, like in the replace error handler. + - gh-75988: Fixed unittest.mock.create_autospec() to pass the call + through to the wrapped object to return the real result. + - gh-115881: Fix issue where ast.parse() would incorrectly flag + conditional context managers (such as with (x() if y else z()): + ...) as invalid syntax if feature_version=(3, 8) was passed. + This reverts changes to the grammar made as part of gh-94949. + - gh-115886: Fix silent truncation of the name with an embedded + null character in multiprocessing.shared_memory.SharedMemory. + - gh-115809: Improve algorithm for computing which rolled-over log + files to delete in logging.TimedRotatingFileHandler. It is now + reliable for handlers without namer and with arbitrary + deterministic namer that leaves the datetime part in the file + name unmodified. + - gh-74668: urllib.parse functions parse_qs() and parse_qsl() now + support bytes arguments containing raw and percent-encoded + non-ASCII data. + - gh-67044: csv.writer() now always quotes or escapes '\r' and + '\n', regardless of lineterminator value. + - gh-115712: csv.writer() now quotes empty fields if delimiter is + a space and skipinitialspace is true and raises exception if + quoting is not possible. + - gh-115618: Fix improper decreasing the reference count for None + argument in property methods getter(), setter() and deleter(). + - gh-115570: A DeprecationWarning is no longer omitted on access + to the __doc__ attributes of the deprecated typing.io and + typing.re pseudo-modules. + - gh-112006: Fix inspect.unwrap() for types with the __wrapper__ + data descriptor. + - gh-101293: Support callables with the __call__() method and + types with __new__() and __init__() methods set to class + methods, static methods, bound methods, partial functions, and + other types of methods and descriptors in + inspect.Signature.from_callable(). + - gh-115392: Fix a bug in doctest where incorrect line numbers + would be reported for decorated functions. + - gh-114563: Fix several format() bugs when using the C + implementation of Decimal: * memory leak in some rare cases when + using the z format option (coerce negative 0) * incorrect output + when applying the z format option to type F (fixed-point with + capital NAN / INF) * incorrect output when applying the # format + option (alternate form) + - gh-115197: urllib.request no longer resolves the hostname before + checking it against the system’s proxy bypass list on macOS and + Windows. + - gh-115198: Fix support of Docutils >= 0.19 in distutils. + - gh-115165: Most exceptions are now ignored when attempting to + set the __orig_class__ attribute on objects returned when + calling typing generic aliases (including generic aliases + created using typing.Annotated). Previously only AttributeError + was ignored. Patch by Dave Shawley. + - gh-115133: Fix tests for XMLPullParser with Expat 2.6.0. + - gh-115059: io.BufferedRandom.read1() now flushes the underlying + write buffer. + - gh-79382: Trailing ** no longer allows to match files and + non-existing paths in recursive glob(). + - gh-114763: Protect modules loaded with importlib.util.LazyLoader + from race conditions when multiple threads try to access + attributes before the loading is complete. + - gh-97959: Fix rendering class methods, bound methods, method and + function aliases in pydoc. Class methods no longer have “method + of builtins.type instance” note. Corresponding notes are now + added for class and unbound methods. Method and function aliases + now have references to the module or the class where the origin + was defined if it differs from the current. Bound methods are + now listed in the static methods section. Methods of builtin + classes are now supported as well as methods of Python classes. + - gh-112281: Allow creating union of types for typing.Annotated + with unhashable metadata. + - gh-111775: Fix importlib.resources.simple.ResourceHandle.open() + for text mode, added missed stream argument. + - gh-90095: Make .pdbrc and -c work with any valid pdb commands. + - gh-107155: Fix incorrect output of help(x) where x is a lambda + function, which has an __annotations__ dictionary attribute with + a "return" key. + - gh-105866: Fixed _get_slots bug which caused error when defining + dataclasses with slots and a weakref_slot. + - gh-60346: Fix ArgumentParser inconsistent with parse_known_args. + - gh-100985: Update HTTPSConnection to consistently wrap IPv6 + Addresses when using a proxy. + - gh-100884: email: fix misfolding of comma in address-lists + over multiple lines in combination with unicode encoding + (bsc#1238450 CVE-2025-1795) + - gh-95782: Fix io.BufferedReader.tell(), + io.BufferedReader.seek(), _pyio.BufferedReader.tell(), + io.BufferedRandom.tell(), io.BufferedRandom.seek() and + _pyio.BufferedRandom.tell() being able to return negative + offsets. + - gh-96310: Fix a traceback in argparse when all options in a + mutually exclusive group are suppressed. + - gh-93205: Fixed a bug in + logging.handlers.TimedRotatingFileHandler where multiple + rotating handler instances pointing to files with the same name + but different extensions would conflict and not delete the + correct files. + - bpo-44865: Add missing call to localization function in + argparse. + - bpo-43952: Fix multiprocessing.connection.Listener.accept() to + accept empty bytes as authkey. Not accepting empty bytes as key + causes it to hang indefinitely. + - bpo-42125: linecache: get module name from __spec__ if + available. This allows getting source code for the __main__ + module when a custom loader is used. + - gh-66543: Make mimetypes.guess_type() properly parsing of URLs + with only a host name, URLs containing fragment or query, and + filenames with only a UNC sharepoint on Windows. Based on patch + by Dong-hee Na. + - bpo-33775: Add ‘default’ and ‘version’ help text for + localization in argparse. + * Documentation + - gh-115399: Document CVE-2023-52425 of Expat <2.6.0 under “XML + vulnerabilities”. + - gh-115233: Fix an example for LoggerAdapter in the Logging + Cookbook. + * Tests + - gh-83434: Disable JUnit XML output (--junit-xml=FILE command + line option) in regrtest when hunting for reference leaks (-R + option). Patch by Victor Stinner. + - gh-117187: Fix XML tests for vanilla Expat <2.6.0. + - gh-115979: Update test_importlib so that it passes under WASI + SDK 21. + - gh-116307: Added import helper isolated_modules as CleanImport + does not remove modules imported during the context. + - gh-115720: Leak tests (-R, --huntrleaks) now show a summary of + the number of leaks found in each iteration. + - gh-115122: Add --bisect option to regrtest test runner: run + failed tests with test.bisect_cmd to identify failing tests. + Patch by Victor Stinner. + - gh-115596: Fix ProgramPriorityTests in test_os permanently + changing the process priority. + - gh-115198: Fix test_check_metadata_deprecate in distutils tests + with a newer Docutils. + * Build + - gh-116313: Get WASI builds to work under wasmtime 18 w/ WASI + 0.2/preview2 primitives. + - gh-115167: Avoid vendoring vcruntime140_threads.dll when + building with Visual Studio 2022 version 17.8. + * Windows + - gh-116773: Fix instances of <_overlapped.Overlapped object at + 0xXXX> still has pending operation at deallocation, the process + may crash. + - gh-91227: Fix the asyncio ProactorEventLoop implementation so + that sending a datagram to an address that is not listening does + not prevent receiving any more datagrams. + - gh-115554: The installer now has more strict rules about + updating the Python Launcher for Windows. In general, most users + only have a single launcher installed and will see no + difference. When multiple launchers have been installed, the + option to install the launcher is disabled until all but one + have been removed. Downgrading the launcher (which was never + allowed) is now more obviously blocked. + - gh-115543: Python Launcher for Windows can now detect Python + 3.13 when installed from the Microsoft Store, and will install + Python 3.12 by default when PYLAUNCHER_ALLOW_INSTALL is set. + - gh-115009: Update Windows installer to use SQLite 3.45.1. + * IDLE + - gh-88516: On macOS show a proxy icon in the title bar of editor + windows to match platform behaviour. + * Tools/Demos + - gh-113516: Don’t set LDSHARED when building for WASI. + * C API + - gh-117021: Fix integer overflow in PyLong_AsPid() on non-Windows + 64-bit platforms. + +------------------------------------------------------------------- +Sun Mar 24 07:51:45 UTC 2024 - Matej Cepl + +- Add reference to CVE-2024-0450 (bsc#1221854) to changelog. + +------------------------------------------------------------------- +Fri Mar 22 21:22:27 UTC 2024 - Matej Cepl + +- Because of bsc#1189495 we have to revert use of %autopatch. + +------------------------------------------------------------------- +Tue Mar 12 08:44:47 UTC 2024 - Matej Cepl + +- Rewrite %prep to use %autosetup et al. for compatibility with + rpm 4.20. + +------------------------------------------------------------------- +Tue Mar 12 08:13:34 UTC 2024 - Matej Cepl + +- bsc#1221260 add bsc1221260-test_asyncio-ResourceWarning.patch + to eliminate ResourceWarning which broke the test suite in + test_asyncio. + +------------------------------------------------------------------- +Wed Mar 6 14:13:58 UTC 2024 - Pedro Monreal + +- Use the system-wide crypto-policies [bsc#1211301] + * Use the system default cipher list instead of hardcoded values + * Add the --with-ssl-default-suites=openssl configure option + +------------------------------------------------------------------- +Fri Feb 23 01:06:42 UTC 2024 - Matej Cepl + +- (bsc#1219666, CVE-2023-6597) Add + CVE-2023-6597-TempDir-cleaning-symlink.patch (patch from + gh#python/cpython!99930) fixing symlink bug in cleanup of + tempfile.TemporaryDirectory. + +------------------------------------------------------------------- +Tue Feb 20 22:14:02 UTC 2024 - Matej Cepl + +- Remove double definition of /usr/bin/idle%%{version} in + %%files. + +------------------------------------------------------------------- +Thu Feb 15 10:29:07 UTC 2024 - Daniel Garcia + +- Add upstream patch libexpat260.patch, Fix tests for XMLPullParser + with Expat 2.6.0, gh#python/cpython#115289 + +------------------------------------------------------------------- +Thu Feb 8 07:27:40 UTC 2024 - Daniel Garcia + +- Update to 3.11.8: + - Security + - gh-113659: Skip .pth files with names starting with a dot or + hidden file attribute. + - Core and Builtins + - gh-114887: Changed socket type validation in + create_datagram_endpoint() to accept all non-stream sockets. + This fixes a regression in compatibility with raw sockets. + - gh-114388: Fix a RuntimeWarning emitted when assign an + integer-like value that is not an instance of int to an + attribute that corresponds to a C struct member of type T_UINT + and T_ULONG. Fix a double RuntimeWarning emitted when assign a + negative integer value to an attribute that corresponds to a C + struct member of type T_UINT. + - gh-89811: Check for a valid tp_version_tag before performing + bytecode specializations that rely on this value being usable. + - gh-113602: Fix an error that was causing the parser to try to + overwrite existing errors and crashing in the process. Patch by + Pablo Galindo + - gh-113566: Fix a 3.11-specific crash when the repr of a Future + is requested after the module has already been + garbage-collected. + - gh-106905: Use per AST-parser state rather than global state to + track recursion depth within the AST parser to prevent potential + race condition due to simultaneous parsing. + - The issue primarily showed up in 3.11 by multithreaded users of + ast.parse(). In 3.12 a change to when garbage collection can be + triggered prevented the race condition from occurring. + - gh-112716: Fix SystemError in the import statement and in + __reduce__() methods of builtin types when __builtins__ is not a + dict. + - gh-105967: Workaround a bug in Apple’s macOS platform zlib + library where zlib.crc32() and binascii.crc32() could produce + incorrect results on multi-gigabyte inputs. Including when using + zipfile on zips containing large data. + - gh-94606: Fix UnicodeEncodeError when + email.message.get_payload() reads a message with a Unicode + surrogate character and the message content is not well-formed + for surrogateescape encoding. Patch by Sidney Markowitz. + - Library + - gh-114965: Update bundled pip to 24.0 + - gh-114959: tarfile no longer ignores errors when trying to + extract a directory on top of a file. + - gh-109475: Fix support of explicit option value “–” in argparse + (e.g. --option=--). + - gh-110190: Fix ctypes structs with array on Windows ARM64 + platform by setting MAX_STRUCT_SIZE to 32 in stgdict. Patch by + Diego Russo + - gh-113280: Fix a leak of open socket in rare cases when error + occurred in ssl.SSLSocket creation. + - gh-77749: email.policy.EmailPolicy.fold() now always encodes + non-ASCII characters in headers if utf8 is false. + - gh-114492: Make the result of termios.tcgetattr() reproducible + on Alpine Linux. Previously it could leave a random garbage in + some fields. + - gh-75128: Ignore an OSError in + asyncio.BaseEventLoop.create_server() when IPv6 is available but + the interface cannot actually support it. + - gh-114257: Dismiss the FileNotFound error in + ctypes.util.find_library() and just return None on Linux. + - gh-101438: Avoid reference cycle in ElementTree.iterparse. The + iterator returned by ElementTree.iterparse may hold on to a file + descriptor. The reference cycle prevented prompt clean-up of the + file descriptor if the returned iterator was not exhausted. + - gh-104522: OSError raised when run a subprocess now only has + filename attribute set to cwd if the error was caused by a + failed attempt to change the current directory. + - gh-109534: Fix a reference leak in + asyncio.selector_events.BaseSelectorEventLoop when SSL + handshakes fail. Patch contributed by Jamie Phan. + - gh-114077: Fix possible OverflowError in + socket.socket.sendfile() when pass count larger than 2 GiB on + 32-bit platform. + - gh-114014: Fixed a bug in fractions.Fraction where an invalid + string using d in the decimals part creates a different error + compared to other invalid letters/characters. Patch by Jeremiah + Gabriel Pascual. + - gh-113951: Fix the behavior of tag_unbind() methods of + tkinter.Text and tkinter.Canvas classes with three arguments. + Previously, widget.tag_unbind(tag, sequence, funcid) destroyed + the current binding for sequence, leaving sequence unbound, and + deleted the funcid command. Now it removes only funcid from the + binding for sequence, keeping other commands, and deletes the + funcid command. It leaves sequence unbound only if funcid was + the last bound command. + - gh-113877: Fix tkinter method winfo_pathname() on 64-bit + Windows. + - gh-113781: Silence unraisable AttributeError when warnings are + emitted during Python finalization. + - gh-113594: Fix UnicodeEncodeError in email when re-fold lines + that contain unknown-8bit encoded part followed by + non-unknown-8bit encoded part. + - gh-113538: In asyncio.StreamReaderProtocol.connection_made(), + there is callback that logs an error if the task wrapping the + “connected callback” fails. This callback would itself fail if + the task was cancelled. Prevent this by checking whether the + task was cancelled first. If so, close the transport but don’t + log an error. + - gh-85567: Fix resource warnings for unclosed files in pickle and + pickletools command line interfaces. + - gh-101225: Increase the backlog for + multiprocessing.connection.Listener objects created by + multiprocessing.manager and multiprocessing.resource_sharer to + significantly reduce the risk of getting a connection refused + error when creating a multiprocessing.connection.Connection to + them. + - gh-113543: Make sure that webbrowser.MacOSXOSAScript sends + webbrowser.open audit event. + - gh-113028: When a second reference to a string appears in the + input to pickle, and the Python implementation is in use, we are + guaranteed that a single copy gets pickled and a single object + is shared when reloaded. Previously, in protocol 0, when a + string contained certain characters (e.g. newline) it resulted + in duplicate objects. + - gh-113421: Fix multiprocessing logger for %(filename)s. + - gh-113358: Fix rendering tracebacks for exceptions with a broken + __getattr__. + - gh-113214: Fix an AttributeError during asyncio SSL protocol + aborts in SSL-over-SSL scenarios. + - gh-113246: Update bundled pip to 23.3.2. + - gh-113199: Make http.client.HTTPResponse.read1 and + http.client.HTTPResponse.readline close IO after reading all + data when content length is known. Patch by Illia Volochii. + - gh-113188: Fix shutil.copymode() and shutil.copystat() on + Windows. Previously they worked differenly if dst is a symbolic + link: they modified the permission bits of dst itself rather + than the file it points to if follow_symlinks is true or src is + not a symbolic link, and did not modify the permission bits if + follow_symlinks is false and src is a symbolic link. + - gh-61648: Detect line numbers of properties in doctests. + - gh-112559: signal.signal() and signal.getsignal() no longer call + repr on callable handlers. asyncio.run() and + asyncio.Runner.run() no longer call repr on the task results. + Patch by Yilei Yang. + - gh-110190: Fix ctypes structs with array on PPC64LE platform by + setting MAX_STRUCT_SIZE to 64 in stgdict. Patch by Diego Russo. + - gh-79429: Ignore FileNotFoundError when remove a temporary + directory in the multiprocessing finalizer. + - gh-79325: Fix an infinite recursion error in + tempfile.TemporaryDirectory() cleanup on Windows. + - gh-110190: Fix ctypes structs with array on Arm platform by + setting MAX_STRUCT_SIZE to 32 in stgdict. Patch by Diego Russo. + - gh-81194: Fix a crash in socket.if_indextoname() with specific + value (UINT_MAX). Fix an integer overflow in + socket.if_indextoname() on 64-bit non-Windows platforms. + - gh-75666: Fix the behavior of tkinter widget’s unbind() method + with two arguments. Previously, widget.unbind(sequence, funcid) + destroyed the current binding for sequence, leaving sequence + unbound, and deleted the funcid command. Now it removes only + funcid from the binding for sequence, keeping other commands, + and deletes the funcid command. It leaves sequence unbound only + if funcid was the last bound command. + - gh-110345: Show the Tcl/Tk patchlevel (rather than version) in + tkinter._test(). + - gh-109858: Protect zipfile from “quoted-overlap” zipbomb. It now + raises BadZipFile when try to read an entry that overlaps with + other entry or central directory (bsc#1221854, CVE-2024-0450). + - gh-38807: Fix race condition in trace. Instead of checking if a + directory exists and creating it, directly call os.makedirs() + with the kwarg exist_ok=True. + - gh-75705: Set unixfrom envelope in mailbox.mbox and + mailbox.MMDF. + - gh-105102: Allow ctypes.Union to be nested in ctypes.Structure + when the system endianness is the opposite of the classes. + - gh-104282: Fix null pointer dereference in + lzma._decode_filter_properties() due to improper handling of BCJ + filters with properties of zero length. Patch by Radislav + Chugunov. + - gh-102512: When os.fork() is called from a foreign thread (aka + _DummyThread), the type of the thread in a child process is + changed to _MainThread. Also changed its name and daemonic + status, it can be now joined. + - gh-91133: Fix a bug in tempfile.TemporaryDirectory cleanup, + which now no longer dereferences symlinks when working around + file system permission errors. + - bpo-43153: On Windows, tempfile.TemporaryDirectory previously + masked a PermissionError with NotADirectoryError during + directory cleanup. It now correctly raises PermissionError if + errors are not ignored. Patch by Andrei Kulakov and Ken Jin. + - bpo-35332: The shutil.rmtree() function now ignores errors when + calling os.close() when ignore_errors is True, and os.close() no + longer retried after error. + - bpo-35928: io.TextIOWrapper now correctly handles the decoding + buffer after read() and write(). + - bpo-26791: shutil.move() now moves a symlink into a directory + when that directory is the target of the symlink. This provides + the same behavior as the mv shell command. The previous behavior + raised an exception. Patch by Jeffrey Kintscher. + - bpo-36959: Fix some error messages for invalid ISO format string + combinations in strptime() that referred to directives not + contained in the format string. Patch by Gordon P. Hemsley. + - bpo-18060: Fixed a class inheritance issue that can cause + segfaults when deriving two or more levels of subclasses from a + base class of Structure or Union. + - Documentation + - gh-110746: Improved markup for valid options/values for methods + ttk.treeview.column and ttk.treeview.heading, and for Layouts. + - gh-95649: Document that the asyncio module contains code taken + from v0.16.0 of the uvloop project, as well as the required MIT + licensing information. + - Tests + - gh-109980: Fix test_tarfile_vs_tar in test_shutil for macOS, + where system tar can include more information in the archive + than shutil.make_archive. + - gh-112769: The tests now correctly compare zlib version when + zlib.ZLIB_RUNTIME_VERSION contains non-integer suffixes. For + example zlib-ng defines the version as 1.3.0.zlib-ng. + - gh-105089: Fix + test.test_zipfile.test_core.TestWithDirectory.test_create_directory_with_write + test in AIX by doing a bitwise AND of 0xFFFF on mode , so that + it will be in sync with zinfo.external_attr + - bpo-40648: Test modes that file can get with chmod() on Windows. + - Build + - gh-101778: Fix build error when there’s a dangling symlink in + the directory containing ffi.h. + - gh-112305: Fixed the check-clean-src step performed on out of + tree builds to detect errant $(srcdir)/Python/frozen_modules/*.h + files and recommend appropriate source tree cleanup steps to get + a working build again. + - bpo-11102: The os.major(), os.makedev(), and os.minor() + functions are now available on HP-UX v3. + - bpo-36351: Do not set ipv6type when cross-compiling. + - IDLE + - gh-96905: In idlelib code, stop redefining built-ins ‘dict’ and + ‘object’. + - gh-72284: Improve the lists of features, editor key bindings, + and shell key bingings in the IDLE doc. + - gh-113903: Fix rare failure of test.test_idle, in + test_configdialog. + - gh-113729: Fix the “Help -> IDLE Doc” menu bug in 3.11.7 and + 3.12.1. + - gh-113269: Fix test_editor hang on macOS Catalina. + - gh-112898: Fix processing unsaved files when quitting IDLE on + macOS. + - gh-103820: Revise IDLE bindings so that events from mouse button + 4/5 on non-X11 windowing systems (i.e. Win32 and Aqua) are not + mistaken for scrolling. + - bpo-13586: Enter the selected text when opening the “Replace” + dialog. + - Tools/Demos + - gh-109991: Update GitHub CI workflows to use OpenSSL 3.0.13 and + multissltests to use 1.1.1w, 3.0.13, 3.1.5, and 3.2.1. + - gh-115015: Fix a bug in Argument Clinic that generated incorrect + code for methods with no parameters that use the METH_METHOD | + METH_FASTCALL | METH_KEYWORDS calling convention. Only the + positional parameter count was checked; any keyword argument + passed would be silently accepted. +- Remove upstreamed patches: + - CVE-2024-0450-zipfile-avoid-quoted-overlap-zipbomb.patch +- Refresh all patches: + - CVE-2023-27043-email-parsing-errors.patch + - F00251-change-user-install-location.patch + - bpo-31046_ensurepip_honours_prefix.patch + - distutils-reproducible-compile.patch + - fix_configure_rst.patch + - python-3.3.0b1-fix_date_time_compiler.patch + - python-3.3.0b1-localpath.patch + - python-3.3.0b1-test-posix_fadvise.patch + - skip_if_buildbot-extend.patch + - subprocess-raise-timeout.patch + - support-expat-CVE-2022-25236-patched.patch + +------------------------------------------------------------------- +Tue Dec 19 16:34:50 UTC 2023 - Daniel Garcia + +- Update patch fix_configure_rst.patch +- Update to 3.11.7: + - Core and Builtins + - gh-112625: Fixes a bug where a bytearray object could be cleared + while iterating over an argument in the bytearray.join() method + that could result in reading memory after it was freed. + - gh-112388: Fix an error that was causing the parser to try to + overwrite tokenizer errors. Patch by pablo Galindo + - gh-112387: Fix error positions for decoded strings with + backwards tokenize errors. Patch by Pablo Galindo + - gh-112266: Change docstrings of __dict__ and __weakref__. + - gh-109181: Speed up Traceback object creation by lazily compute + the line number. Patch by Pablo Galindo + - gh-102388: Fix a bug where iso2022_jp_3 and iso2022_jp_2004 + codecs read out of bounds + - gh-111366: Fix an issue in the codeop that was causing + SyntaxError exceptions raised in the presence of invalid syntax + to not contain precise error messages. Patch by Pablo Galindo + - gh-111380: Fix a bug that was causing SyntaxWarning to appear + twice when parsing if invalid syntax is encountered later. Patch + by Pablo galindo + - gh-88116: Traceback location ranges involving wide unicode + characters (like emoji and asian characters) now are properly + highlighted. Patch by Batuhan Taskaya and Pablo Galindo. + - gh-94438: Fix a regression that prevented jumping across is None + and is not None when debugging. Patch by Savannah Ostrowski. + - gh-110696: Fix incorrect error message for invalid argument + unpacking. Patch by Pablo Galindo + - gh-110237: Fix missing error checks for calls to PyList_Append + in _PyEval_MatchClass. + - gh-109216: Fix possible memory leak in BUILD_MAP. + + - Library + - gh-112618: Fix a caching bug relating to typing.Annotated. + Annotated[str, True] is no longer identical to Annotated[str, + 1]. + - gh-112509: Fix edge cases that could cause a key to be present + in both the __required_keys__ and __optional_keys__ attributes + of a typing.TypedDict. Patch by Jelle Zijlstra. + - gh-94722: Fix bug where comparison between instances of DocTest + fails if one of them has None as its lineno. + - gh-112105: Make readline.set_completer_delims() work with + libedit + - gh-111942: Fix SystemError in the TextIOWrapper constructor with + non-encodable “errors” argument in non-debug mode. + - gh-109538: Issue warning message instead of having RuntimeError + be displayed when event loop has already been closed at + StreamWriter.__del__(). + - gh-111942: Fix crashes in io.TextIOWrapper.reconfigure() when + pass invalid arguments, e.g. non-string encoding. + - gh-111804: Remove posix.fallocate() under WASI as the underlying + posix_fallocate() is not available in WASI preview2. + - gh-111841: Fix truncating arguments on an embedded null + character in os.putenv() and os.unsetenv() on Windows. + - gh-111541: Fix doctest for SyntaxError not-builtin subclasses. + - gh-110894: Call loop exception handler for exceptions in + client_connected_cb of asyncio.start_server() so that + applications can handle it. Patch by Kumar Aditya. + - gh-111531: Fix reference leaks in bind_class() and bind_all() + methods of tkinter widgets. + - gh-111356: Added io.text_encoding(), io.DEFAULT_BUFFER_SIZE, and + io.IncrementalNewlineDecoder to io.__all__. + - gh-68166: Remove mention of not supported “vsapi” element type + in tkinter.ttk.Style.element_create(). Add tests for + element_create() and other ttk.Style methods. Add examples for + element_create() in the documentation. + - gh-111251: Fix _blake2 not checking for errors when + initializing. + - gh-111174: Fix crash in io.BytesIO.getbuffer() called repeatedly + for empty BytesIO. + - gh-111187: Postpone removal version for + locale.getdefaultlocale() to Python 3.15. + - gh-111159: Fix doctest output comparison for exceptions with + notes. + - gh-110910: Fix invalid state handling in asyncio.TaskGroup and + asyncio.Timeout. They now raise proper RuntimeError if they are + improperly used and are left in consistent state after this. + - gh-111092: Make turtledemo run without default root enabled. + - gh-110590: Fix a bug in _sre.compile() where TypeError would be + overwritten by OverflowError when the code argument was a list + of non-ints. + - gh-65052: Prevent pdb from crashing when trying to display + undisplayable objects + - gh-110519: Deprecation warning about non-integer number in + gettext now alwais refers to the line in the user code where + gettext function or method is used. Previously it could refer to + a line in gettext code. + - gh-110378: contextmanager() and asynccontextmanager() context + managers now close an invalid underlying generator object that + yields more then one value. + - gh-110365: Fix termios.tcsetattr() bug that was overwritting + existing errors during parsing integers from term list. + - gh-110196: Add __reduce__ method to IPv6Address in order to keep + scope_id + - gh-109747: Improve errors for unsupported look-behind patterns. + Now re.error is raised instead of OverflowError or RuntimeError + for too large width of look-behind pattern. + - gh-109786: Fix possible reference leaks and crash when re-enter + the __next__() method of itertools.pairwise. + - gh-108791: Improved error handling in pdb command line + interface, making it produce more concise error messages. + - gh-73561: Omit the interface scope from an IPv6 address when + used as Host header by http.client. + - gh-86826: zipinfo now supports the full range of values in the + TZ string determined by RFC 8536 and detects all invalid + formats. Both Python and C implementations now raise exceptions + of the same type on invalid data. + - bpo-41422: Fixed memory leaks of pickle.Pickler and + pickle.Unpickler involving cyclic references via the internal + memo mapping. + - bpo-40262: The ssl.SSLSocket.recv_into() method no longer + requires the buffer argument to implement __len__ and supports + buffers with arbitrary item size. + - bpo-35191: Fix unexpected integer truncation in + socket.setblocking() which caused it to interpret multiples of + 2**32 as False. + + - Documentation + - gh-108826: dis module command-line interface is now mentioned in + documentation. + + - Tests + - gh-110367: Make regrtest --verbose3 option compatible with + --huntrleaks -jN options. The ./python -m test -j1 -R 3:3 + --verbose3 command now works as expected. Patch by Victor + Stinner. + - gh-111309: distutils tests can now be run via unittest. + - gh-111165: Remove no longer used functions run_unittest() and + run_doctest() and class BasicTestRunner from the test.support + module. + - gh-110932: Fix regrtest if the SOURCE_DATE_EPOCH environment + variable is defined: use the variable value as the random seed. + Patch by Victor Stinner. + - gh-110995: test_gdb: Fix detection of gdb built without Python + scripting support. Patch by Victor Stinner. + - gh-110918: Test case matching patterns specified by options + --match, --ignore, --matchfile and --ignorefile are now tested + in the order of specification, and the last match determines + whether the test case be run or ignored. + - gh-110647: Fix test_stress_modifying_handlers() of test_signal. + Patch by Victor Stinner. + - gh-103053: Fix test_tools.test_freeze on FreeBSD: run “make + distclean” instead of “make clean” in the copied source + directory to remove also the “python” program. Patch by Victor + Stinner. + - gh-110167: Fix a deadlock in test_socket when server fails with + a timeout but the client is still running in its thread. Don’t + hold a lock to call cleanup functions in doCleanups(). One of + the cleanup function waits until the client completes, whereas + the client could deadlock if it called addCleanup() in such + situation. Patch by Victor Stinner. + - gh-110388: Add tests for tty. + - gh-81002: Add tests for termios. + - gh-110267: Add tests for pickling and copying PyStructSequence + objects. Patched by Xuehai Pan. + - gh-109974: Fix race conditions in test_threading lock tests. + Wait until a condition is met rather than using time.sleep() + with a hardcoded number of seconds. Patch by Victor Stinner. + - gh-109972: Split test_gdb.py file into a test_gdb package made + of multiple tests, so tests can now be run in parallel. Patch by + Victor Stinner. + - gh-104736: Fix test_gdb on Python built with LLVM clang 16 on + Linux ppc64le (ex: Fedora 38). Search patterns in gdb “bt” + command output to detect when gdb fails to retrieve the + traceback. For example, skip a test if Backtrace stopped: frame + did not save the PC is found. Patch by Victor Stinner. + - gh-108927: Fixed order dependence in running tests in the same + process when a test that has submodules (e.g. test_importlib) + follows a test that imports its submodule (e.g. + test_importlib.util) and precedes a test (e.g. test_unittest or + test_compileall) that uses that submodule. + + - Build + - gh-103053: “make check-clean-src” now also checks if the + “python” program is found in the source directory: fail with an + error if it does exist. Patch by Victor Stinner. + - gh-109191: Fix compile error when building with recent versions + of libedit. + + - IDLE + - bpo-35668: Add docstrings to the IDLE debugger module. Fix two + bugs: initialize Idb.botframe (should be in Bdb); in + Idb.in_rpc_code, check whether prev_frame is None before trying + to use it. Greatly expand test_debugger. + + - C API + - gh-112438: Fix support of format units “es”, “et”, “es#”, and + “et#” in nested tuples in PyArg_ParseTuple()-like functions. + - gh-109521: PyImport_GetImporter() now sets RuntimeError if it + fails to get sys.path_hooks or sys.path_importer_cache or they + are not list and dict correspondingly. Previously it could + return NULL without setting error in obscure cases, crash or + raise SystemError if these attributes have wrong type. +------------------------------------------------------------------- +Mon Dec 18 16:20:58 UTC 2023 - Matej Cepl + +- Refresh CVE-2023-27043-email-parsing-errors.patch to + gh#python/cpython!111116, fixing bsc#1210638 (CVE-2023-27043). +- Thus we can remove Revert-gh105127-left-tests.patch, which is + now useless. + +------------------------------------------------------------------- +Wed Nov 15 09:06:16 UTC 2023 - Daniel Garcia + +- Remove not needed patch 103213-fetch-CONFIG_ARGS.patch +- Refresh patches: + - bpo-31046_ensurepip_honours_prefix.patch + - fix_configure_rst.patch + +- Update to 3.11.6: + - Core and Builtins + - gh-109351: Fix crash when compiling an invalid AST involving a + named (walrus) expression. + - gh-109207: Fix a SystemError in __repr__ of symtable entry + object. + - gh-109179: Fix bug where the C traceback display drops notes + from SyntaxError. + - gh-88943: Improve syntax error for non-ASCII character that + follows a numerical literal. It now points on the invalid + non-ASCII character, not on the valid numerical literal. + - gh-108959: Fix caret placement for error locations for subscript + and binary operations that involve non-semantic parentheses and + spaces. Patch by Pablo Galindo + - gh-108520: Fix + multiprocessing.synchronize.SemLock.__setstate__() to properly + initialize multiprocessing.synchronize.SemLock._is_fork_ctx. + This fixes a regression when passing a SemLock accross nested + processes. + - Rename multiprocessing.synchronize.SemLock.is_fork_ctx to + multiprocessing.synchronize.SemLock._is_fork_ctx to avoid + exposing it as public API. + - Library + - gh-110036: On Windows, multiprocessing Popen.terminate() now + catchs PermissionError and get the process exit code. If the + process is still running, raise again the PermissionError. + Otherwise, the process terminated as expected: store its exit + code. Patch by Victor Stinner. + - gh-110038: Fixed an issue that caused KqueueSelector.select() to + not return all the ready events in some cases when a file + descriptor is registered for both read and write. + - gh-109631: re functions such as re.findall(), re.split(), + re.search() and re.sub() which perform short repeated matches + can now be interrupted by user. + - gh-109593: Avoid deadlocking on a reentrant call to the + multiprocessing resource tracker. Such a reentrant call, though + unlikely, can happen if a GC pass invokes the finalizer for a + multiprocessing object such as SemLock. + - gh-109613: Fix os.stat() and os.DirEntry.stat(): check for + exceptions. Previously, on Python built in debug mode, these + functions could trigger a fatal Python error (and abort the + process) when a function succeeded with an exception set. Patch + by Victor Stinner. + - gh-109375: The pdb alias command now prevents registering + aliases without arguments. + - gh-107219: Fix a race condition in concurrent.futures. When a + process in the process pool was terminated abruptly (while the + future was running or pending), close the connection write end. + If the call queue is blocked on sending bytes to a worker + process, closing the connection write end interrupts the send, + so the queue can be closed. Patch by Victor Stinner. + - gh-50644: Attempts to pickle or create a shallow or deep copy of + codecs streams now raise a TypeError. Previously, copying failed + with a RecursionError, while pickling produced wrong results + that eventually caused unpickling to fail with a RecursionError. + - gh-108987: Fix _thread.start_new_thread() race condition. If a + thread is created during Python finalization, the newly spawned + thread now exits immediately instead of trying to access freed + memory and lead to a crash. Patch by Victor Stinner. + - gh-108843: Fix an issue in ast.unparse() when unparsing + f-strings containing many quote types. + - gh-108682: Enum: raise TypeError if super().__new__() is called + from a custom __new__. + - gh-105829: Fix concurrent.futures.ProcessPoolExecutor deadlock + - gh-64662: Fix support for virtual tables in + sqlite3.Connection.iterdump(). Patch by Aviv Palivoda. + - gh-107913: Fix possible losses of errno and winerror values in + OSError exceptions if they were cleared or modified by the + cleanup code before creating the exception object. + - gh-104372: On Linux where subprocess can use the vfork() syscall + for faster spawning, prevent the parent process from blocking + other threads by dropping the GIL while it waits for the + vfork’ed child process exec() outcome. This prevents spawning a + binary from a slow filesystem from blocking the rest of the + application. + - gh-84867: unittest.TestLoader no longer loads test cases from + exact unittest.TestCase and unittest.FunctionTestCase classes. + - Documentation + - gh-109209: The minimum Sphinx version required for the + documentation is now 4.2. + - gh-105052: Update timeit doc to specify that time in seconds is + just the default. + - gh-102823: Document the return type of x // y when x and y have + type float. + - Tests + - gh-110031: Skip test_threading tests using thread+fork if Python + is built with Address Sanitizer (ASAN). Patch by Victor Stinner. + - gh-110088: Fix test_asyncio timeouts: don’t measure the maximum + duration, a test should not measure a CI performance. Only + measure the minimum duration when a task has a timeout or delay. + Add CLOCK_RES to test_asyncio.utils. Patch by Victor Stinner. + - gh-110033: Fix test_interprocess_signal() of test_signal. Make + sure that the subprocess.Popen object is deleted before the test + raising an exception in a signal handler. Otherwise, + Popen.__del__() can get the exception which is logged as + Exception ignored in: ... and the test fails. Patch by Victor + Stinner. + - gh-109594: Fix test_timeout() of + test_concurrent_futures.test_wait. Remove the future which may + or may not complete depending if it takes longer than the + timeout ot not. Keep the second future which does not complete + before wait() timeout. Patch by Victor Stinner. + - gh-109748: Fix test_zippath_from_non_installed_posix() of + test_venv: don’t copy __pycache__/ sub-directories, because they + can be modified by other Python tests running in parallel. Patch + by Victor Stinner. + - gh-103053: Skip test_freeze_simple_script() of + test_tools.test_freeze if Python is built with ./configure + --enable-optimizations, which means with Profile Guided + Optimization (PGO): it just makes the test too slow. The freeze + tool is tested by many other CIs with other (faster) compiler + flags. Patch by Victor Stinner. + - gh-109396: Fix test_socket.test_hmac_sha1() in FIPS mode. Use a + longer key: FIPS mode requires at least of at least 112 bits. + The previous key was only 32 bits. Patch by Victor Stinner. + - gh-104736: Fix test_gdb on Python built with LLVM clang 16 on + Linux ppc64le (ex: Fedora 38). Search patterns in gdb “bt” + command output to detect when gdb fails to retrieve the + traceback. For example, skip a test if Backtrace stopped: frame + did not save the PC is found. Patch by Victor Stinner. + - gh-109237: Fix test_site.test_underpth_basic() when the working + directory contains at least one non-ASCII character: encode the + ._pth file to UTF-8 and enable the UTF-8 Mode to use UTF-8 for + the child process stdout. Patch by Victor Stinner. + - gh-109230: Fix test_pyexpat.test_exception(): it can now be run + from a directory different than Python source code directory. + Before, the test failed in this case. Skip the test if + Modules/pyexpat.c source is not available. Skip also the test on + Python implementations other than CPython. Patch by Victor + Stinner. + - gh-109015: Fix test_asyncio, test_imaplib and test_socket tests + on FreeBSD if the TCP blackhole is enabled (sysctl + net.inet.tcp.blackhole). Skip the few tests which failed with + ETIMEDOUT which such non standard configuration. Currently, the + FreeBSD GCP image enables TCP and UDP blackhole (sysctl + net.inet.tcp.blackhole=2 and sysctl net.inet.udp.blackhole=1). + Patch by Victor Stinner. + - gh-91960: Skip test_gdb if gdb is unable to retrieve Python + frame objects: if a frame is . When Python is + built with “clang -Og”, gdb can fail to retrive the frame + parameter of _PyEval_EvalFrameDefault(). In this case, tests + like py_bt() are likely to fail. Without getting access to + Python frames, python-gdb.py is mostly clueless on retrieving + the Python traceback. Moreover, test_gdb is no longer skipped on + macOS if Python is built with Clang. Patch by Victor Stinner. + - gh-108962: Skip test_tempfile.test_flags() if chflags() fails + with “OSError: [Errno 45] Operation not supported” (ex: on + FreeBSD 13). Patch by Victor Stinner. + - gh-89392: Removed support of test_main() function in tests. They + now always use normal unittest test runner. + - gh-108851: Fix test_tomllib recursion tests for WASI buildbots: + reduce the recursion limit and compute the maximum nested + array/dict depending on the current available recursion limit. + Patch by Victor Stinner. + - gh-108851: Add get_recursion_available() and + get_recursion_depth() functions to the test.support module. + Patch by Victor Stinner. + - gh-108822: regrtest now computes statistics on all tests: + successes, failures and skipped. test_netrc, test_pep646_syntax + and test_xml_etree now return results in their test_main() + function. Patch by Victor Stinner and Alex Waygood. + - gh-108388: Convert test_concurrent_futures to a package of 7 + sub-tests. Patch by Victor Stinner. + - gh-108388: Split test_multiprocessing_fork, + test_multiprocessing_forkserver and test_multiprocessing_spawn + into test packages. Each package is made of 4 sub-tests: + processes, threads, manager and misc. It allows running more + tests in parallel and so reduce the total test duration. Patch + by Victor Stinner. + - gh-101634: When running the Python test suite with -jN option, + if a worker stdout cannot be decoded from the locale encoding + report a failed testn so the exitcode is non-zero. Patch by + Victor Stinner. + - gh-100086: The Python test runner (libregrtest) now logs Python + build information like “debug” vs “release” build, or LTO and + PGO optimizations. Patch by Victor Stinner. + - gh-98903: The Python test suite now fails wit exit code 4 if no + tests ran. It should help detecting typos in test names and test + methods. + - gh-95027: On Windows, when the Python test suite is run with the + -jN option, the ANSI code page is now used as the encoding for + the stdout temporary file, rather than using UTF-8 which can + lead to decoding errors. Patch by Victor Stinner. + - gh-93353: regrtest now checks if a test leaks temporary files or + directories if run with -jN option. Patch by Victor Stinner. + - Build + - gh-63760: Fix Solaris build: no longer redefine the + gethostname() function. Solaris defines the function since 2005. + Patch by Victor Stinner, original patch by Jakub Kulík. + - gh-108740: Fix a race condition in make regen-all. The + deepfreeze.c source and files generated by Argument Clinic are + now generated or updated before generating “global objects”. + Previously, some identifiers may miss depending on the order in + which these files were generated. Patch by Victor Stinner. + - Windows + - gh-109991: Update Windows build to use OpenSSL 3.0.11. + - gh-107565: Update Windows build to use OpenSSL 3.0.10. + - macOS + - gh-109991: Update macOS installer to use OpenSSL 3.0.11. + - Tools/Demos + - gh-109991: Update GitHub CI workflows to use OpenSSL 3.0.11 and + multissltests to use 1.1.1w, 3.0.11, and 3.1.3. + +------------------------------------------------------------------- +Wed Sep 6 07:52:11 UTC 2023 - Daniel Garcia + +- Update to 3.11.5 (bsc#1214692): + - Security + - gh-108310: Fixed an issue where instances of ssl.SSLSocket were + vulnerable to a bypass of the TLS handshake and included + protections (like certificate verification) and treating sent + unencrypted data as if it were post-handshake TLS encrypted data. + Security issue reported as CVE-2023-40217 by Aapo Oksman. Patch by + Gregory P. Smith. + - Core and Builtins + - gh-104432: Fix potential unaligned memory access on C APIs + involving returned sequences of char * pointers within the grp + and socket modules. These were revealed using a + -fsaniziter=alignment build on ARM macOS. Patch by Christopher + Chavez. + - gh-77377: Ensure that multiprocessing synchronization objects + created in a fork context are not sent to a different process + created in a spawn context. This changes a segfault into an + actionable RuntimeError in the parent process. + - gh-106092: Fix a segmentation fault caused by a use-after-free + bug in frame_dealloc when the trashcan delays the deallocation + of a PyFrameObject. + - gh-106719: No longer suppress arbitrary errors in the + __annotations__ getter and setter in the type and module types. + - gh-106723: Propagate frozen_modules to multiprocessing spawned + process interpreters. + - gh-105979: Fix crash in _imp.get_frozen_object() due to improper + exception handling. + - gh-105840: Fix possible crashes when specializing function calls + with too many __defaults__. + - gh-105588: Fix an issue that could result in crashes when + compiling malformed ast nodes. + - gh-105375: Fix bugs in the builtins module where exceptions + could end up being overwritten. + - gh-105375: Fix bug in the compiler where an exception could end + up being overwritten. + - gh-105375: Improve error handling in + PyUnicode_BuildEncodingMap() where an exception could end up + being overwritten. + - gh-105235: Prevent out-of-bounds memory access during + mmap.find() calls. + - gh-101006: Improve error handling when read marshal data. + - Library + - gh-105736: Harmonized the pure Python version of OrderedDict + with the C version. Now, both versions set up their internal + state in __new__. Formerly, the pure Python version did the set + up in __init__. + - gh-107963: Fix multiprocessing.set_forkserver_preload() to check + the given list of modules names. Patch by Dong-hee Na. + - gh-106242: Fixes os.path.normpath() to handle embedded null + characters without truncating the path (bsc#1214693, + CVE-2023-41105). + - gh-107845: tarfile.data_filter() now takes the location of + symlinks into account when determining their target, so it will + no longer reject some valid tarballs with + LinkOutsideDestinationError. + - gh-107715: Fix doctest.DocTestFinder.find() in presence of class + names with special characters. Patch by Gertjan van Zwieten. + - gh-100814: Passing a callable object as an option value to a + Tkinter image now raises the expected TclError instead of an + AttributeError. + - gh-106684: Close asyncio.StreamWriter when it is not closed by + application leading to memory leaks. Patch by Kumar Aditya. + - gh-107077: Seems that in some conditions, OpenSSL will return + SSL_ERROR_SYSCALL instead of SSL_ERROR_SSL when a certification + verification has failed, but the error parameters will still + contain ERR_LIB_SSL and SSL_R_CERTIFICATE_VERIFY_FAILED. We are + now detecting this situation and raising the appropiate + ssl.SSLCertVerificationError. Patch by Pablo Galindo + - gh-107396: tarfiles; Fixed use before assignment of + self.exception for gzip decompression + - gh-62519: Make gettext.pgettext() search plural definitions when + translation is not found. + - gh-83006: Document behavior of shutil.disk_usage() for + non-mounted filesystems on Unix. + - gh-106186: Do not report MultipartInvariantViolationDefect + defect when the email.parser.Parser class is used to parse + emails with headersonly=True. + - gh-106831: Fix potential missing NULL check of d2i_SSL_SESSION + result in _ssl.c. + - gh-106774: Update the bundled copy of pip to version 23.2.1. + - gh-106752: Fixed several bug in zipfile.Path in + name/suffix/suffixes/stem operations when no filename is present + and the Path is not at the root of the zipfile. + - gh-106602: Add __copy__ and __deepcopy__ in enum + - gh-106530: Revert a change to colorsys.rgb_to_hls() that caused + division by zero for certain almost-white inputs. Patch by Terry + Jan Reedy. + - gh-106052: re module: fix the matching of possessive quantifiers + in the case of a subpattern containing backtracking. + - gh-106510: Improve debug output for atomic groups in regular + expressions. + - gh-105497: Fix flag mask inversion when unnamed flags exist. + - gh-90876: Prevent multiprocessing.spawn from failing to import + in environments where sys.executable is None. This regressed in + 3.11 with the addition of support for path-like objects in + multiprocessing. + - gh-106350: Detect possible memory allocation failure in the + libtommath function mp_init() used by the _tkinter module. + - gh-102541: Make pydoc.doc catch bad module ImportError when + output stream is not None. + - gh-106263: Fix crash when calling repr with a manually + constructed SignalDict object. Patch by Charlie Zhao. + - gh-105375: Fix a bug in _Unpickler_SetInputStream() where an + exception could end up being overwritten in case of failure. + - gh-105375: Fix bugs in sys where exceptions could end up being + overwritten because of deferred error handling. + - gh-105605: Harden pyexpat error handling during module + initialisation to prevent exceptions from possibly being + overwritten, and objects from being dereferenced twice. + - gh-105375: Fix bug in decimal where an exception could end up + being overwritten. + - gh-105375: Fix bugs in _datetime where exceptions could be + overwritten in case of module initialisation failure. + - gh-105375: Fix bugs in _ssl initialisation which could lead to + leaked references and overwritten exceptions. + - gh-105375: Fix a bug in array.array where an exception could end + up being overwritten. + - gh-105375: Fix bugs in _ctypes where exceptions could end up + being overwritten. + - gh-105375: Fix a bug in the posix module where an exception + could be overwritten. + - gh-105375: Fix bugs in _elementtree where exceptions could be + overwritten. + - gh-105375: Fix bugs in zoneinfo where exceptions could be + overwritten. + - gh-105375: Fix bugs in pickle where exceptions could be + overwritten. + - gh-105497: Fix flag inversion when alias/mask members exist. + - gh-105375: Fix bugs in pickle where exceptions could be + overwritten. + - gh-103171: Revert undocumented behaviour change with + runtime-checkable protocols decorated with typing.final() in + Python 3.11. The behaviour change had meant that objects would + not be considered instances of these protocols at runtime unless + they had a __final__ attribute. Patch by Alex Waygood. + - gh-105375: Fix a bug in sqlite3 where an exception could be + overwritten in the collation callback. + - gh-105332: Revert pickling method from by-name back to by-value. + - gh-104554: Add RTSPS scheme support in urllib.parse + - gh-100061: Fix a bug that causes wrong matches for regular + expressions with possessive qualifier. + - gh-102541: Hide traceback in help() prompt, when import failed. + - gh-99203: Restore following CPython <= 3.10.5 behavior of + shutil.make_archive(): do not create an empty archive if + root_dir is not a directory, and, in that case, raise + FileNotFoundError or NotADirectoryError regardless of format + choice. Beyond the brought-back behavior, the function may now + also raise these exceptions in dry_run mode. + - gh-94777: Fix hanging multiprocessing ProcessPoolExecutor when a + child process crashes while data is being written in the call + queue. + - bpo-18319: Ensure gettext(msg) retrieve translations even if a + plural form exists. In other words: gettext(msg) == + ngettext(msg, '', 1). + - Documentation + - gh-107008: Document the curses module variables LINES and COLS. + - gh-106948: Add a number of standard external names to + nitpick_ignore. + - gh-54738: Add documentation on how to localize the argparse + module. + - Tests + - gh-105776: Fix test_cppext when the C compiler command -std=c11 + option: remove -std= options from the compiler command. Patch by + Victor Stinner. + - gh-107237: test_logging: Fix test_udp_reconnection() by + increasing the timeout from 100 ms to 5 minutes (LONG_TIMEOUT). + Patch by Victor Stinner. + - gh-101634: When running the Python test suite with -jN option, + if a worker stdout cannot be decoded from the locale encoding + report a failed testn so the exitcode is non-zero. Patch by + Victor Stinner. + - Build + - gh-107814: When calling find_python.bat with -q it did not + properly silence the output of nuget. That is now fixed. + - gh-106881: Check for linux/limits.h before including it in + Modules/posixmodule.c. + - gh-104692: Include commoninstall as a prerequisite for + bininstall + - This ensures that commoninstall is completed before bininstall + is started when parallel builds are used (make -j install), and + so the python3 symlink is only installed after all standard + library modules are installed. + - gh-100340: Allows -Wno-int-conversion for wasm-sdk 17 and + onwards, thus enables building WASI builds once against the + latest sdk. + - Windows + - gh-106242: Fixes realpath() to behave consistently when passed a + path containing an embedded null character on Windows. In strict + mode, it now raises OSError instead of the unexpected + ValueError, and in non-strict mode will make the path absolute. + - gh-106844: Fix integer overflow in _winapi.LCMapStringEx() which + affects ntpath.normcase(). + - gh-99079: Update Windows build to use OpenSSL 3.0.9 + - gh-105436: Ensure that an empty environment block is terminated + by two null characters, as is required by Windows. + - macOS + - gh-107565: Update macOS installer to use OpenSSL 3.0.10. + - gh-99079: Update macOS installer to use OpenSSL 3.0.9. + - Tools/Demos + - gh-107565: Update multissltests and GitHub CI workflows to use + OpenSSL 1.1.1v, 3.0.10, and 3.1.2. + - gh-95065: Argument Clinic now supports overriding automatically + generated signature by using directive @text_signature. See How + to override the generated signature. + - gh-106970: Fix bugs in the Argument Clinic destination + clear command; the destination buffers would never be cleared, + and the destination directive parser would simply continue to + the fault handler after processing the command. Patch by Erlend + E. Aasland. + - C API + - gh-107916: C API functions PyErr_SetFromErrnoWithFilename(), + PyErr_SetExcFromWindowsErrWithFilename() and + PyErr_SetFromWindowsErrWithFilename() save now the error code + before calling PyUnicode_DecodeFSDefault(). + - gh-107915: Such C API functions as PyErr_SetString(), + PyErr_Format(), PyErr_SetFromErrnoWithFilename() and many others + no longer crash or ignore errors if it failed to format the + error message or decode the filename. Instead, they keep a + corresponding error. + - gh-107226: PyModule_AddObjectRef() is now only available in the + limited API version 3.10 or later. + - gh-105375: Fix a bug in PyErr_WarnExplicit() where an exception + could end up being overwritten if the API failed internally. + - gh-99612: Fix PyUnicode_DecodeUTF8Stateful() for ASCII-only + data: *consumed was not set. + +------------------------------------------------------------------- +Thu Aug 10 09:33:26 UTC 2023 - Dirk Müller + +- restrict PEP668 to ALP/Tumbleweed + +------------------------------------------------------------------- +Fri Aug 4 06:37:41 UTC 2023 - Dirk Müller + +- add externally_managed.in to label this build as PEP-668 managed + +------------------------------------------------------------------- +Thu Aug 3 14:53:38 UTC 2023 - Matej Cepl + +- IT MEANS THAT bsc#1210638 STILL HAS NOT BEEN FIXED! +- Add Revert-gh105127-left-tests.patch (gh#python/cpython!106941) + partially reverting CVE-2023-27043-email-parsing-errors.patch, + because of the regression in gh#python/cpython#106669. +- (bsc#1210638, CVE-2023-27043) Add + CVE-2023-27043-email-parsing-errors.patch, which detects email + address parsing errors and returns empty tuple to indicate the + parsing error (old API). (The patch is faulty, + gh#python/cpython#106669, but upstream decided not to just + revert it). + +------------------------------------------------------------------- +Wed Jun 28 19:47:28 UTC 2023 - Matej Cepl + +- Update to Python 3.11.4: + - gh-103142: The version of OpenSSL used in Windows and + Mac installers has been upgraded to 1.1.1u to address + CVE-2023-2650, CVE-2023-0465, CVE-2023-0466, CVE-2023-0464, + as well as CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303 + fixed previously in 1.1.1t (gh-101727). + - gh-102153: urllib.parse.urlsplit() now strips leading C0 + control and space characters following the specification for + URLs defined by WHATWG in response to CVE-2023-24329 + (bsc#1208471). + - gh-99889: Fixed a security in flaw in uu.decode() that could + allow for directory traversal based on the input if no + out_file was specified. + - gh-104049: Do not expose the local on-disk + location in directory indexes produced by + http.client.SimpleHTTPRequestHandler. + - gh-103935: trace.__main__ now uses io.open_code() for files + to be executed instead of raw open(). + - gh-102953: The extraction methods in tarfile, and + shutil.unpack_archive(), have a new filter argument that + allows limiting tar features than may be surprising or + dangerous, such as creating files outside the destination + directory. See Extraction filters for details (fixing + CVE-2007-4559, bsc#1203750). +- Remove upstreamed patches: + - CVE-2007-4559-filter-tarfile_extractall.patch + +------------------------------------------------------------------- +Mon Jun 26 13:02:05 UTC 2023 - Matej Cepl + +- Remove obsolete_python_versioned macro again. This mechanism + has no business to be in Python 3.11, because we have abolished + with it whole interpreter+setuptools+pip product. Python 3.11 + should not be replaced by later versions anymore. + +------------------------------------------------------------------- +Sun Apr 30 18:13:16 UTC 2023 - Matej Cepl + +- Add 103213-fetch-CONFIG_ARGS.patch (gh#python/cpython#103053). +- Add skip_if_buildbot-extend.patch to avoid the bug altogether + (extending what skip_if_buildbot covers). +- Add CVE-2007-4559-filter-tarfile_extractall.patch to fix + bsc#1203750 (CVE-2007-4559) and implementing "PEP 706 – Filter + for tarfile.extractall". + +------------------------------------------------------------------- +Thu Apr 27 21:57:15 UTC 2023 - Matej Cepl + +- Update to 3.11.3: + - Security + - gh-101727: Updated the OpenSSL version used in Windows + and macOS binary release builds to 1.1.1t to address + CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303 per the + OpenSSL 2023-02-07 security advisory. + - Core and Builtins + - gh-101975: Fixed stacktop value on tracing entries to avoid + corruption on garbage collection. + - gh-102701: Fix overflow when creating very large dict. + - gh-102416: Do not memoize incorrectly automatically + generated loop rules in the parser. Patch by Pablo Galindo. + - gh-102356: Fix a bug that caused a crash when deallocating + deeply nested filter objects. Patch by Marta Gómez Macías. + - gh-102397: Fix segfault from race condition in signal + handling during garbage collection. Patch by Kumar Aditya. + - gh-102281: Fix potential nullptr dereference and use of + uninitialized memory in fileutils. Patch by Max Bachmann. + - gh-102126: Fix deadlock at shutdown when clearing thread + states if any finalizer tries to acquire the runtime head + lock. Patch by Kumar Aditya. + - gh-102027: Fix SSE2 and SSE3 detection in _blake2 internal + module. Patch by Max Bachmann. + - gh-101967: Fix possible segfault in + positional_only_passed_as_keyword function, when new list + created. + - gh-101765: Fix SystemError / segmentation fault in iter + __reduce__ when internal access of builtins.__dict__ keys + mutates the iter object. + - gh-101696: Invalidate type version tag in + _PyStaticType_Dealloc for static types, avoiding bug where + a false cache hit could crash the interpreter. Patch by + Kumar Aditya. + - Library + - gh-102549: Don’t ignore exceptions in member type creation. + - gh-102947: Improve traceback when dataclasses.fields() is + called on a non-dataclass. Patch by Alex Waygood + - gh-102780: The asyncio.Timeout context manager now + works reliably even when performing cleanup due to task + cancellation. Previously it could raise a CancelledError + instead of an TimeoutError in such cases. + - gh-88965: typing: Fix a bug relating to substitution in . + Pacustom classes generic over a ParamSpec. Previously, if . + Pathe ParamSpec was substituted with a parameters list that . + Paitself contained a TypeVar, the TypeVar in the parameters . + Palist could not be subsequently substituted. This is now . + Pafixed tch by Nikita Sobolev . + - gh-101979: Fix a bug where parentheses in the metavar + argument to argparse.ArgumentParser.add_argument() were + dropped. Patch by Yeojin Kim. + - gh-102179: Fix os.dup2() error message for negative fds. + - gh-101961: For the binary mode, fileinput.hookcompressed() + doesn’t set the encoding value even if the value is + None. Patch by Gihwan Kim. + - gh-101936: The default value of fp becomes io.BytesIO + if HTTPError is initialized without a designated fp + parameter. Patch by Long Vo. + - gh-102069: Fix __weakref__ descriptor generation for custom + dataclasses. + - gh-101566: In zipfile, apply fix for extractall on the + underlying zipfile after being wrapped in Path. + - gh-101892: Callable iterators no longer raise SystemError + when the callable object exhausts the iterator but forgets + to either return a sentinel value or raise StopIteration. + - gh-97786: Fix potential undefined behaviour in corner cases + of floating-point-to-time conversions. + - gh-101517: Fixed bug where bdb looks up the source line + with linecache with a lineno=None, which causes it to fail + with an unhandled exception. + - gh-101673: Fix a pdb bug where ll clears the changes to + local variables. + - gh-96931: Fix incorrect results from + ssl.SSLSocket.shared_ciphers() + - gh-88233: Correctly preserve “extra” fields in zipfile + regardless of their ordering relative to a zip64 “extra.” + - gh-96127: inspect.signature was raising TypeError on + call with mock objects. Now it correctly returns (*args, + **kwargs) as infered signature. + - gh-95495: When built against OpenSSL 3.0, the ssl module + had a bug where it reported unauthenticated EOFs (i.e. + without close_notify) as a clean TLS-level EOF. It now + raises SSLEOFError, matching the behavior in previous + versions of OpenSSL. The options attribute on SSLContext + also no longer includes OP_IGNORE_UNEXPECTED_EOF by + default. This option may be set to specify the previous + OpenSSL 3.0 behavior. + - gh-94440: Fix a concurrent.futures.process bug where + ProcessPoolExecutor shutdown could hang after a future has + been quickly submitted and canceled. + - Documentation + - gh-103112: Add docstring to http.client.HTTPResponse.read() + to fix pydoc output. + - gh-85417: Update cmath documentation to clarify behaviour + on branch cuts. + - gh-97725: Fix asyncio.Task.print_stack() description for + file=None. Patch by Oleg Iarygin. + - Tests + - gh-102980: Improve test coverage on pdb. + - gh-102537: Adjust the error handling strategy in + test_zoneinfo.TzPathTest.python_tzpath_context. Patch by + Paul Ganssle. + - gh-89792: test_tools now copies up to 10x less source data + to a temporary directory during the freeze test by ignoring + git metadata and other artifacts. It also limits its python + build parallelism based on os.cpu_count instead of hard + coding it as 8 cores. + - gh-101377: Improved test_locale_calendar_formatweekday of + calendar. + - Build + - gh-102711: Fix -Wstrict-prototypes compiler warnings. + +------------------------------------------------------------------- +Fri Mar 3 17:23:35 UTC 2023 - Matej Cepl + +- Update to 3.11.2: + Bug fixes, no changes in API and no security bugs. + +------------------------------------------------------------------- +Wed Mar 1 20:50:04 UTC 2023 - Matej Cepl + +- Add python310 Obsoletes line to obsolete_python_versioned macro. + +------------------------------------------------------------------- +Tue Feb 21 11:34:49 UTC 2023 - Matej Cepl + +- Add provides for readline and sqlite3 to the main Python + package. + +------------------------------------------------------------------- +Thu Jan 26 13:28:24 UTC 2023 - Thorsten Kukuk + +- Disable NIS for new products, it's deprecated and gets removed + +------------------------------------------------------------------- +Tue Jan 24 12:23:34 UTC 2023 - Dirk Müller + +- build GLIBC hwcaps optimized versions of the interpreter + +------------------------------------------------------------------- +Tue Jan 10 11:11:56 UTC 2023 - Matej Cepl + +- Don't fail on Sphinx build warnings. +- For jsc#PED-1570, jsc#PED-2217 and jsc#PED-68, + providing Python 3.11 for SLE-15-SP4. + +------------------------------------------------------------------- +Thu Dec 8 14:59:50 UTC 2022 - Matej Cepl + +- Update to 3.11.1: + - python -m http.server no longer allows terminal control + characters sent within a garbage request to be printed + to the stderr server lo This is done by changing the + http.server BaseHTTPRequestHandler .log_message method to + replace control characters with a \xHH hex escape before + printin + - Avoid publishing list of active per-interpreter audit hooks + via the gc module + - The IDNA codec decoder used on DNS hostnames by socket or + asyncio related name resolution functions no longer involves + a quadratic algorithm. This prevents a potential CPU denial + of service if an out-of-spec excessive length hostname + involving bidirectional characters were decoded. Some + protocols such as urllib http 3xx redirects potentially allow + for an attacker to supply such a name (CVE-2022-45061). + - Update bundled libexpat to 2.5.0 + - Fix a shell code injection vulnerability in the + get-remote-certificate.py example script. The script no + longer uses a shell to run openssl commands. Issue reported + and initial fix by Caleb Shortt. Patch by Victor Stinner. + - Fix a crash when an object which does not have a dictionary + frees its instance values. + - Fix a bug in the tokenizer that could cause infinite + recursion when showing syntax warnings that happen in the + first line of the source. Patch by Pablo Galindo + - Fix an issue that could cause frames to be visible to Python + code as they are being torn down, possibly leading to memory + corruption or hard crashes of the interpreter. + - Fix a reference bug in _imp.create_builtin() after the + creation of the first sub-interpreter for modules builtins + and sys. Patch by Victor Stinner. + - Fixed a bug that was causing a buffer overflow if the + tokenizer copies a line missing the newline caracter from a + file that is as long as the available tokenizer buffer. Patch + by Pablo galindo + - Fix bug where an ExceptionGroup subclass can wrap a + BaseException. + - Fix zip path for venv created from a non-installed python on + POSIX platforms. + - Fix an issue that could potentially cause incorrect error + handling for some bytecode instructions. + - Fix an issue that prevented PyThreadState and + PyInterpreterState memory from being freed properly. + - Fix failure in except* with unhashable exceptions. + - Fix calculation of sys._base_executable when inside a POSIX + virtual environment using copies of the python binary when + the base installation does not provide the executable name + used by the venv. Calculation will fall back to alternative + names (“python”, “python.”). + - Update faulthandler to emit an error message with the proper + unexpected signal number. Patch by Dong-hee Na. + - Fix location of SyntaxError for a try block with both except + and except*. + - Fix the error reporting positions of specialized traceback + anchors when the source line contains Unicode characters. + - Fix subscription of type aliases containing bare generic + types or types like TypeVar: for example tuple[A, T][int] and + tuple[TypeVar, T][int], where A is a generic type, and T is a + type variable. + - Lower the recursion depth for marshal on WASI to support + wasmtime 2.0/main. + - Fix multiple crashes in debug mode when str subclasses are + used instead of str itself. + - Fix an issue where member descriptors (such as those for + __slots__) could behave incorrectly or crash instead of + raising a TypeError when accessed via an instance of an + invalid type. + - Suppress ImportError for invalid query for help() + command. Patch by Dong-hee Na. + - Fix detection of MAC addresses for uuid on certain OSs. Patch + by Chaim Sanders + - Print exception class name instead of its string + representation when raising errors from ctypes calls. + - os.sched_yield() now release the GIL while calling + sched_yield(2). Patch by Dong-hee Na. + - Fix an issue that could delay the specialization of PRECALL + instructions. + - Bugfix: PyFunction_GetAnnotations() should return a borrowed + reference. It was returning a new reference. + - Ensure that all Python frame objects are backed by “complete” + frames. + - Fixed a missing incref/decref pair in + Exception.__setstate__(). Patch by Ofey Chan. + - Fix the Python path configuration used to initialized + sys.path at Python startup. Paths are no longer encoded + to UTF-8/strict to avoid encoding errors if it contains + surrogate characters (bytes paths are decoded with the + surrogateescape error handler). Patch by Victor Stinner. + - Fix overly-broad source position information for chained + comparisons used as branching conditions. + - At Python exit, sometimes a thread holding the GIL can + wait forever for a thread (usually a daemon thread) which + requested to drop the GIL, whereas the thread already + exited. To fix the race condition, the thread which requested + the GIL drop now resets its request before exiting. Issue + discovered and analyzed by Mingliang ZHAO. Patch by Victor + Stinner. + - Fix a possible assertion failure, fatal error, or SystemError + if a line tracing event raises an exception while opcode + tracing is enabled. + - Fix undefined behaviour in C code of null pointer arithmetic. + - Make sure that all frame objects created are created from + valid interpreter frames. Prevents the possibility of invalid + frames in backtraces and signal handlers. + - Disable incorrect pickling of the C implemented classmethod + descriptors. + - On WASI ENOTCAPABLE is now mapped to PermissionError. The + errno modules exposes the new error number. getpath.py now + ignores PermissionError when it cannot open landmark files + pybuilddir.txt and pyenv.cfg. + - Allow pdb to locate source for frozen modules in the standard + library. + - Raise ValueError instead of SystemError when methods of + uninitialized io.IncrementalNewlineDecoder objects are + called. Patch by Oren Milman. + - Fix a possible assertion failure in io.FileIO when the opener + returns an invalid file descriptor. + - Also escape s in the http.server + BaseHTTPRequestHandler.log_message so that it is technically + possible to parse the line and reconstruct what the original + data was. Without this a xHH is ambiguious as to if it is a + hex replacement we put in or the characters r”x” came through + in the original request line. + - asyncio.get_event_loop() now only emits a deprecation warning + when a new event loop was created implicitly. It no longer + emits a deprecation warning if the current event loop was + set. + - Fix bug when calling trace.CoverageResults with valid infile. + - Fix a bug in handling class cleanups in + unittest.TestCase. Now addClassCleanup() uses separate lists + for different TestCase subclasses, and doClassCleanups() only + cleans up the particular class. + - Release the GIL when calling termios APIs to avoid blocking + threads. + - Fix ast.increment_lineno() to also cover ast.TypeIgnore when + changing line numbers. + - Fix bug in urllib.parse.urlparse() that causes URL schemes + that begin with a digit, a plus sign, or a minus sign to be + parsed incorrectly. + - Check the number of arguments in substitution in user + generics containing a TypeVarTuple and one or more TypeVar. + - Fix substitution of ParamSpec followed by TypeVarTuple in + generic aliases. + - Fix substitution of TypeVarTuple and ParamSpec together in + user generics. + - Fixed bug where inspect.signature() reported incorrect + arguments for decorated methods. + - Fix SystemError in ctypes when exception was not set during + __initsubclass__. + - Remove older version of + _SSLProtocolTransport.get_write_buffer_limits in + asyncio.sslproto + - fix negative numbers failing in verify() + - Fix statistics.NormalDist pickle with 0 and 1 protocols. + - enum.auto() is now correctly activated when combined with + other assignment values. E.g. ONE = auto(), 'some text' will + now evaluate as (1, 'some text'). + - Update the bundled copy of pip to version 22.3.1. + - Clean up refleak on failed module initialisation in _zoneinfo + - Clean up refleaks on failed module initialisation in in + _pickle + - Clean up refleak on failed module initialisation in _io. + - Fix memory leak in math.dist() when both points don’t have + the same dimension. Patch by Kumar Aditya. + - [3.11] Applied changes from importlib_metadata 4.11.4 + through 4.13, including compatibility and robustness + fixes for Distribution objects without _normalized_name, + disallowing invalid inputs to Distribution.from_name, and + refined behaviors in PathDistribution._name_from_stem and + PathDistribution._normalized_name. + - Fix argument typechecks in _overlapped.WSAConnect() and + _overlapped.Overlapped.WSASendTo() functions. + - Prevent crashing in traceback when retrieving the byte-offset + for some source files that contain certain unicode + characters. + - Fix internal error in the re module which in very rare + circumstances prevented compilation of a regular expression + containing a conditional expression without the “else” + branch. + - Fix asyncio.StreamWriter.drain() to call + protocol.connection_lost callback only once on Windows. + - Add a mutex to unittest.mock.NonCallableMock to protect + concurrent access to mock attributes. + - Fix hang on Windows in subprocess.wait_closed() in asyncio + with ProactorEventLoop. Patch by Kumar Aditya. + - Fix infinite loop in unittest when a self-referencing chained + exception is raised + - tkinter.Text.count() raises now an exception for options + starting with “-” instead of silently ignoring them. + - On uname_result, restored expectation that _fields and + _asdict would include all six properties including processor. + - A createSocket() method was added to SysLogHandler. + - Fix bug in urllib.parse.urlparse() that causes certain port + numbers containing whitespace, underscores, plus and minus + signs, or non-ASCII digits to be incorrectly accepted. + - Allow venv to pass along PYTHON* variables to ensurepip and + pip when they do not impact path resolution + - On macOS, fix a crash in syslog.syslog() in multi-threaded + applications. On macOS, the libc syslog() function is not + thread-safe, so syslog.syslog() no longer releases the GIL to + call it. Patch by Victor Stinner. + - Allow BUILTINS to be a valid field name for frozen + dataclasses. + - Wrap network errors consistently in urllib FTP support, so + the test suite doesn’t fail when a network is available but + the public internet is not reachable. + - Make sure patch.dict() can be applied on async functions. + - Earlier in 3.11 we deprecated + asyncio.Task.cancel("message"). We realized we were too + harsh, and have undeprecated it. + - Change deprecate warning message in unittest from It is + deprecated to return a value!=None to It is deprecated to + return a value that is not None from a test case + - Fixes AttributeError when subprocess.check_output() is used + with argument input=None and either of the arguments encoding + or errors are used. + - Fix is_private properties in the ipaddress module. Previously + non-private networks (0.0.0.0/0) would return True from this + method; now they correctly return False. + - Avoid spurious tracebacks from asyncio when default executor + cleanup is delayed until after the event loop is closed (e.g. + as the result of a keyboard interrupt). + - Avoid a crash in the C version of + asyncio.Future.remove_done_callback() when an evil argument + is passed. + - Remove tokenize.NL check from tabnanny. + - Fix generation of the default name of + tkinter.Checkbutton. Previously, checkbuttons in different + parent widgets could have the same short name and share + the same state if arguments “name” and “variable” are not + specified. Now they are globally unique. + - Update bundled libexpat to 2.4.9 + - Fix race condition in asyncio where process_exited() called + before the pipe_data_received() leading to inconsistent + output. Patch by Kumar Aditya. + - Fixed check in multiprocessing.resource_tracker that + guarantees that the length of a write to a pipe is not + greater than PIPE_BUF. + - Corrected type annotation for dataclass attribute + pstats.FunctionProfile.ncalls to be str. + - Fix repr of Any subclasses. + - Work around missing socket functions in socket’s __repr__. + - In inspect, fix overeager replacement of “typing.” in + formatting annotations. + - Fix handling of bytes path-like objects in os.ismount(). + - Fix handling compiler warnings (SyntaxWarning and + DeprecationWarning) in codeop.compile_command() when checking + for incomplete input. Previously it emitted warnings and + raised a SyntaxError. Now it always returns None for + incomplete input without emitting any warnings. + - To avoid apparent memory leaks when asyncio.open_connection() + raises, break reference cycles generated by local exception + and future instances (which has exception instance as its + member var). Patch by Dong Uk, Kang. + - Fixed flickering of the turtle window when the tracer is + turned off. Patch by Shin-myoung-serp. + - Fix asyncio subprocess transport to kill process cleanly + when process is blocked and avoid RuntimeError when loop is + closed. Patch by Kumar Aditya. + - Prevent error when activating venv in nested fish instances. + - TarFile.next() now returns None when called on an empty + tarfile. + - Document the optional callback parameter of WeakMethod. Patch + by Géry Ogam. + - Restrict use of sockets instead of pipes for stdin of + subprocesses created by asyncio to AIX platform only. + - shutil.copytree() now applies the ignore_dangling_symlinks + argument recursively. + - Fix IndexError in argparse.ArgumentParser when a store_true + action is given an explicit argument. + - Document that calling variadic functions with ctypes requires + special care on macOS/arm64 (and possibly other platforms). + - Remove extra row + - Clarified the conflicting advice given in the ast + documentation about ast.literal_eval() being “safe” for use + on untrusted input while at the same time warning that it + can crash the process. The latter statement is true and is + deemed unfixable without a large amount of work unsuitable + for a bugfix. So we keep the warning and no longer claim that + literal_eval is safe. + - Restructured the documentation for the os.wait* family of + functions, and improved the docs for os.waitid() with more + explanation of the possible argument constants. + - Skip test_normalization() of test_unicodedata if it + fails to download NormalizationTest.txt file from + pythontest.net. Patch by Victor Stinner. + - Correct test_marsh on (32 bit) x86: test_deterministic sets + was failing. + - Optional big memory tests in test_sqlite3 now catch the + correct sqlite.DataError exception type in case of too large + strings and/or blobs passed. + - Fix a bug in the typing tests where a test relying + on CPython-specific implementation details was not + decorated with @cpython_only and was not skipped on other + implementations. + - Add tests for star-unpacking with PEP 646, and some other + miscellaneous PEP 646 tests. + - Added explicit coverage of Py_Initialize (and hence + Py_InitializeEx) back to the embedding tests (all other + embedding tests migrated to Py_InitializeFromConfig in Python + 3.11) + - Some C API tests were moved into the new Lib/test/test_capi/ + directory. + - Fix -Wimplicit-int, -Wstrict-prototypes, and + -Wimplicit-function-declaration compiler warnings in + configure checks. + - Fix a compilation issue with GCC 12 on macOS. + - Fix -Wimplicit-int compiler warning in configure check for + PTHREAD_SCOPE_SYSTEM. + - Fix a possible fd leak in Programs/_freeze_module.c + introduced in Python 3.11. + - Fix build with PYTHON_FOR_REGEN=python3.8. + - Specify the full path to the source location for make + docclean (needed for cross-builds). + - Don’t use vendored libmpdec headers if --with-system-libmpdec + is passed to configure. Don’t use vendored libexpat headers + if --with-system-expat is passed to !configure. + - Fix the build process of clang compiler for _bootstrap_python + if LTO optimization is applied. Patch by Matthias Görgens and + Dong-hee Na. + - wasm32-emscripten builds for browsers now include + concurrent.futures for asyncio and unittest.mock. + - wasm32-emscripten platform no longer builds resource module, + getresuid(), getresgid(), and their setters. The APIs are + stubs and not functional. + - Updated pegen regeneration script on Windows to find and + use Python 3.9 or higher. Prior to this, pegen regeneration + already required 3.9 or higher, but the script may have used + lower versions of Python. + - Fix a bug in the previous bugfix that caused IDLE to + not start when run with 3.10.8, 3.12.0a1, and at least + Microsoft Python 3.10.2288.0 installed without the Lib/test + package. 3.11.0 was never affected. + - The wasm_build.py script now pre-builds Emscripten ports, + checks for broken EMSDK versions, and warns about pkg-config + env vars. + - The new tool Tools/wasm/wasm_builder.py automates configure, + compile, and test steps for building CPython on WebAssembly + platforms. + - Fix handling of module docstrings in Tools/i18n/pygettext.py. + - PyBUF_* constants were marked as part of Limited API + of Python 3.11+. These were available in 3.11.0 with + Py_LIMITED_API defined for 3.11, and are necessary to use the + buffer API. + - Fix use-after-free in Py_SetPythonHome(NULL), + Py_SetProgramName(NULL) and _Py_SetProgramFullPath(NULL) + function calls. Issue reported by Benedikt Reinartz. Patch by + Victor Stinner. + - Py_InitializeEx now correctly calls PyConfig_Clear after + initializing the interpreter (the omission didn’t cause a + memory leak only because none of the dynamically allocated + config fields are populated by the wrapper function) +- Removed upstreamed patches: + - 98437-sphinx.locale._-as-gettext-in-pyspecific.patch + - CVE-2022-45061-DoS-by-IDNA-decode.patch + +------------------------------------------------------------------- +Wed Nov 9 18:31:23 UTC 2022 - Matej Cepl + +- Add CVE-2022-45061-DoS-by-IDNA-decode.patch to avoid + CVE-2022-45061 (bsc#1205244) allowing DoS by IDNA decoding + extremely long domain names. + +------------------------------------------------------------------- +Tue Oct 25 08:39:47 UTC 2022 - Matej Cepl + +- Update to 3.11.0 (overall changes from 3.10.*): + - General changes + - PEP 657 -- Include Fine-Grained Error Locations in + Tracebacks + - PEP 654 -- Exception Groups and except* + - PEP 680 -- tomllib: Support for Parsing TOML in the + Standard Library + - gh-90908 -- Introduce task groups to asyncio + - gh-34627 -- Atomic grouping ((?>...)) and possessive + quantifiers (*+, ++, ?+, {m,n}+) are now supported in + regular expressions. + - The Faster CPython Project is already yielding some + exciting results. Python 3.11 is up to 10-60% faster than + Python 3.10. On average, we measured a 1.22x speedup on the + standard benchmark suite. See Faster CPython for details. + - Typing and typing language changes + - PEP 673 -- Self Type + - PEP 646 -- Variadic Generics + - PEP 675 -- Arbitrary Literal String Type + - PEP 655 -- Marking individual TypedDict items as required + or potentially-missing + - PEP 681 -- Data Class Transforms +- (just changes from 3.11.0rc2): + - Fix multiplying a list by an integer (list *= int): detect + the integer overflow when the new allocated length is close + to the maximum size. Issue reported by Jordan Limor. Patch by + Victor Stinner. + - On Linux the multiprocessing module returns to using + filesystem backed unix domain sockets for communication + with the forkserver process instead of the Linux abstract + socket namespace. Only code that chooses to use the + “forkserver” start method is affected. Abstract sockets have + no permissions and could allow any user on the system in the + same network namespace (often the whole system) to inject + code into the multiprocessing forkserver process. This was + a potential privilege escalation. Filesystem based socket + permissions restrict this to the forkserver process user as + was the default in Python 3.8 and earlier. This prevents + Linux CVE-2022-42919. + - Fix an issue where several frame objects could be backed by + the same interpreter frame, possibly leading to corrupted + memory and hard crashes of the interpreter. + - Fix possible data corruption or crashes when accessing the + f_back member of newly-created generator or coroutine frames. + - Fix a crash occurring when PyEval_GetFrame() is called while + the topmost Python frame is in a partially-initialized state. + - Fix command line parsing: reject -X int_max_str_digits option + with no value (invalid) when the PYTHONINTMAXSTRDIGITS + environment variable is set to a valid limit. Patch by Victor + Stinner. + - Fix undefined behaviour in _testcapimodule.c. + - When ValueError is raised if an integer is larger than the + limit, mention the sys.set_int_max_str_digits() function in + the error message. Patch by Victor Stinner. + - Correctly raise SyntaxError on exception groups (PEP 654) on + python versions prior to 3.11 + - Document some places where an assignment expression needs + parentheses. + - Update the bundled copies of pip and setuptools to versions + 22.3 and 65.5.0 respectively. + - fix Flag to use boundary CONFORM + - This restores previous Flag behavior of allowing flags with + non-sequential values to be combined; e.g. + - class Skip(Flag): TWO = 2 EIGHT = 8 + - Skip.TWO | Skip.EIGHT -> + - Fix ! in c domain ref target syntax via a conf.py patch, so + it works as intended to disable ref target resolution. + - Update tutorial introduction output to use 3.10+ SyntaxError + invalid range. + +------------------------------------------------------------------- +Fri Oct 21 10:14:03 UTC 2022 - Matej Cepl + +- Add 98437-sphinx.locale._-as-gettext-in-pyspecific.patch to + allow building of documentation with the latest Sphinx 5.3.0 + (gh#python/cpython#98366). + +------------------------------------------------------------------- +Thu Sep 15 08:43:07 UTC 2022 - Matej Cepl + +- Update to 3.11.0rc2: + - Converting between int and str in bases other than 2 + (binary), 4, 8 (octal), 16 (hexadecimal), or 32 such as base + 10 (decimal) now raises a ValueError if the number of digits + in string form is above a limit to avoid potential denial of + service attacks due to the algorithmic complexity. This is + a mitigation for CVE-2020-10735. + This new limit can be configured or disabled by environment + variable, command line flag, or sys APIs. See the integer + string conversion length limitation documentation. The + default limit is 4300 digits in string form. + - Fix case of undefined behavior in ceval.c + - Do not expose KeyWrapper in _functools. + - Ensure that tracing, sys.setrace(), is turned on + immediately. In pre-release versions of 3.11, some tracing + events might have been lost when turning on tracing in a + __del__ method or interrupt. + - Fix use after free in trace refs build mode. Patch by Kumar + Aditya. + - When loading a file with invalid UTF-8 inside a multi-line + string, a correct SyntaxError is emitted. + - Make sure that incomplete frames do not show up in + tracemalloc traces. + - Remove two cases of undefined behavior, by adding NULL + checks. + - Fix possible NULL pointer dereference in + _PyThread_CurrentFrames. Patch by Kumar Aditya. + - Fix AttributeError missing name and obj attributes in + object.__getattribute__(). Patch by Philip Georgi. + - Loading a file with invalid UTF-8 will now report the broken + character at the correct location. + - Fixed a bug that caused _PyCode_GetExtra to return garbage + for negative indexes. Patch by Pablo Galindo + - Fix a deadlock in PyGILState_Ensure() when allocating new + thread state. Patch by Kumar Aditya. + - PyType_Ready() now initializes ht_cached_keys and performs + additional checks to ensure that type objects are properly + configured. This avoids crashes in 3rd party packages that + don’t use regular API to create new types. + - Skip over incomplete frames in PyThreadState_GetFrame(). + - Fix format string in _PyPegen_raise_error_known_location that + can lead to memory corruption on some 64bit systems. The + function was building a tuple with i (int) instead of n + (Py_ssize_t) for Py_ssize_t arguments. + - Fix misleading contents of error message when converting an + all-whitespace string to float. + - ast.parse() will no longer parse function definitions with + positional-only params when passed feature_version less than + (3, 8). Patch by Shantanu Jain. + - Fix incorrect error message in the io module. + - Fix the faulthandler implementation of + faulthandler.register(signal, chain=True) if the sigaction() + function is not available: don’t call the previous signal + handler if it’s NULL. Patch by Victor Stinner. + - Correct conversion of numbers.Rational’s to float. + - Fix TypeVarTuple.__typing_prepare_subst__. TypeError was not + raised when using more than one TypeVarTuple, like [*T, *V] + in type alias substitutions. + - Fix asyncio.streams.StreamReaderProtocol to keep a strong + reference to the created task, so that it’s not garbage + collected + - Fix a performance regression in logging + TimedRotatingFileHandler. Only check for special files when + the rollover time has passed. + - Fix unused localName parameter in the Attr class in + xml.dom.minidom. + - Fix incorrect condition that causes sys.thread_info.name to + be wrong on pthread platforms. + - Remove an incompatible change from bpo-28080 that caused a + regression that ignored the utf8 in ZipInfo.flag_bits. Patch + by Pablo Galindo. + - Fix asyncio.Runner to call asyncio.set_event_loop() only + once to avoid calling attach_loop() multiple times on child + watchers. Patch by Kumar Aditya. + - Fix unittest.IsolatedAsyncioTestCase to set event loop before + calling setup functions. Patch by Kumar Aditya. + - When a task catches asyncio.CancelledError and raises some + other error, the other error should generally not silently be + suppressed. + - Fail gracefully if EPERM or ENOSYS is raised when loading + crypt methods. This may happen when trying to load MD5 on a + Linux kernel with FIPS enabled. + - Allow asyncio.StreamWriter.drain() to be awaited concurrently + by multiple tasks. Patch by Kumar Aditya. + - Fix ast.unparse() when ImportFrom.level is None + - Improve discoverability of the higher level + concurrent.futures module by providing clearer links from the + lower level threading and multiprocessing modules. + - What’s New 3.11 now has instructions for how to provide + compiler and linker flags for Tcl/Tk and OpenSSL on RHEL 7 + and CentOS 7. + - Mitigate the inherent race condition from using + find_unused_port() in testSockName() by trying to find an + unused port a few times before failing. Patch by Ross Burton. + - Build and test with OpenSSL 1.1.1q +- Use support-expat-CVE-2022-25236-patched.patch from the current + version of gh#python/cpython#93900 instead of the old + support-expat-245.patch. +- Reapply fix_configure_rst.patch. + +------------------------------------------------------------------- +Mon Sep 5 08:43:49 UTC 2022 - Andreas Schwab + +- Increase testsuite timeout for test_freeze_simple_script + +------------------------------------------------------------------- +Sat Aug 20 21:31:40 UTC 2022 - Matej Cepl + +- fix import_failed.map to refer to the python 3.11 package versions + +------------------------------------------------------------------- +Sat Aug 20 14:05:21 UTC 2022 - Matej Cepl + +- Update to 3.11.0rc1: + - Core and Builtins + - Update code object hashing and equality to consider all + debugging and exception handling tables. This fixes an + issue where certain non-identical code objects could be + “deduplicated” during compilation. + - _PyPegen_Parser_New now properly detects token memory + allocation errors. Patch by Honglin Zhu. + - Run Python code in tracer/profiler function at full + speed. Fixes slowdown in earlier versions of 3.11. + - Emit a warning in debug mode if an object does not call + PyObject_GC_UnTrack() before deallocation. Patch by Pablo + Galindo. + - Prevented crashes in the AST constructor when + compiling some absurdly long expressions like + "+0"*1000000. RecursionError is now raised instead. Patch + by Pablo Galindo + - ast.AST node positions are now validated when provided to + compile() and other related functions. If invalid positions + are detected, a ValueError will be raised. + - Fix error detection in some builtin functions when keyword + argument name is an instance of a str subclass with + overloaded __eq__ and __hash__. Previously it could cause + SystemError or other undesired behavior. + - Library + - Update bundled pip to 22.2.2. + - Fix asyncio.TaskGroup to propagate exception when + asyncio.CancelledError was replaced with another exception + by a context manger. Patch by Kumar Aditya and Guido van + Rossum. + - Update bundled pip to 22.2.1. + - Fix GC crash when deallocating _lsprof.Profiler by + untracking it before calling any callbacks. Patch by Kumar + Aditya. + - Fix asyncio.run() for asyncio.Task implementations without + uncancel() method. Patch by Kumar Aditya. + - Fix check for existence of os.EFD_CLOEXEC, os.EFD_NONBLOCK + and os.EFD_SEMAPHORE flags on older kernel versions where + these flags are not present. Patch by Kumar Aditya. + - Fix concurrent.futures.Executor.map() to cancel the + currently waiting on future on an error - e.g. TimeoutError + or KeyboardInterrupt. + - Ensure that timeouts scheduled with asyncio.Timeout that + have already expired are delivered promptly. + - Suppress writing an XML declaration in open files + in ElementTree.write() with encoding='unicode' and + xml_declaration=None. + - Fix findtext in the xml module to only give an empty string + when the text attribute is set to None. + - Documentation + - Fix stylesheet not working in Windows CHM htmlhelp docs + and add warning that they are deprecated. Contributed by + C.A.M. Gerlach. + - Update library documentation with availability information + on WebAssembly platforms wasm32-emscripten and wasm32-wasi. + - Use consistent syntax for platform availability. The + directive now supports a content body and emits a warning + when it encounters an unknown platform. + - Document a limitation in ThreadPoolExecutor where its exit + handler is executed before any handlers in atexit. + - Tests + - Lib/test/test_asyncio/test_ssl.py exposed a bug in the + macOS kernel where intense concurrent load on non-blocking + sockets occasionally causes errno.ENOBUFS (“No buffer space + available”) to be emitted. FB11063974 filed with Apple, in + the mean time as a workaround buffer size used in tests on + macOS is decreased to avoid intermittent failures. Patch by + Fantix King. + - Fix problem with test_ssl test_get_ciphers on systems that + require perfect forward secrecy (PFS) ciphers. + - Add a regression test for re exponentional slowdown when + using rjsmin. + - Build + - Fix a regression in configure script that caused some + header checks to ignore custom CPPFLAGS. The regression was + introduced in gh-94802. + - wasm32-wasi builds no longer depend on WASIX’s pthread + stubs. Python now has its own stubbed pthread API. + - Python now detects missing dup function in WASI and works + around some missing errno, select, and socket constants. + - Python now skips missing socket functions and methods on + WASI. WASI can only create sockets from existing fd / + accept and has no netdb. + - Platforms wasm32-unknown-emscripten and wasm32-unknown-wasi + have been promoted to PEP 11 tier 3 platform support. + - IDLE + - Document handling of extensions in Save As dialogs. + - Include prompts when saving Shell (interactive input and + output). + - Fix the Shell context menu copy-with-prompts bug of copying + an extra line when one selects whole lines. + - In the Edit menu, move Select All and add a new separator. + - Enable using IDLE’s module browser with .pyw files. + - Add .pyi as a recognized extension for IDLE on macOS. This + allows opening stub files by double clicking on them in the + Finder. + - C API + - Restore the 3.10 behavior for multiple inheritance of C + extension classes that store their dictionary at the end of + the struct. + - Added PyCode_GetVarnames(), PyCode_GetCellvars() and + PyCode_GetFreevars() for accessing co_varnames, co_cellvars + and co_freevars respectively via the C API. + +------------------------------------------------------------------- +Tue Jul 26 10:37:31 UTC 2022 - Matej Cepl + +- Update to 3.11.0b5: + - Core and Builtins + - gh-93351: ast.AST node positions are now validated when + provided to compile() and other related functions. If + invalid positions are detected, a ValueError will be + raised. + - gh-94438: Fix an issue that caused extended opcode + arguments and some conditional pops to be ignored when + calculating valid jump targets for assignments to the + f_lineno attribute of frame objects. In some cases, this + could cause inconsistent internal state, resulting in a + hard crash of the interpreter. + - gh-95060: Undocumented PyCode_Addr2Location function now + properly returns when addrq argument is less than zero. + - gh-95113: Replace all EXTENDED_ARG_QUICK instructions + with basic EXTENDED_ARG instructions in unquickened + code. Consumers of non-adaptive bytecode should be able to + handle extended arguments the same way they were handled in + CPython 3.10 and older. + - gh-91409: Fix incorrect source location info caused by + certain optimizations in the bytecode compiler. + - gh-94036: Fix incorrect source location info for some + multi-line attribute accesses and method calls. + - gh-94739: Allow jumping within, out of, and across + exception handlers in the debugger. + - gh-94949: ast.parse() will no longer parse parenthesized + context managers when passed feature_version less than (3, + 9). Patch by Shantanu Jain. + - gh-94947: ast.parse() will no longer parse assignment + expressions when passed feature_version less than (3, + 8). Patch by Shantanu Jain. + - gh-91256: Ensures the program name is known for help text + during interpreter startup. + - gh-94869: Fix the column offsets for some expressions in + multi-line f-strings ast nodes. Patch by Pablo Galindo. + - gh-94822: Fix an issue where lookups of metaclass + descriptors may be ignored when an identically-named + attribute also exists on the class itself. + - gh-91153: Fix an issue where a bytearray item assignment + could crash if it’s resized by the new value’s __index__() + method. + - gh-90699: Fix reference counting bug in + bool.__repr__(). Patch by Kumar Aditya. + - Library + - gh-95087: Fix IndexError in parsing invalid date in the + email module. + - gh-95199: Upgrade bundled setuptools to 63.2.0. + - gh-95194: Upgrade bundled pip to 22.2. + - gh-95132: Fix a sqlite3 regression where *args and **kwds + were incorrectly relayed from connect() to the Connection + factory. The regression was introduced in 3.11a1 with PR + 24421 (gh-85128). Patch by Erlend E. Aasland.` + - gh-93157: Fix fileinput module didn’t support errors option + when inplace is true. + - gh-95105: wsgiref.types.InputStream.__iter__() should + return Iterator[bytes], not Iterable[bytes]. Patch by + Shantanu Jain. + - gh-94857: Fix refleak in + _io.TextIOWrapper.reconfigure. Patch by Kumar Aditya. + - gh-94821: Fix binding of unix socket to empty address + on Linux to use an available address from the abstract + namespace, instead of “0”. + - gh-89988: Fix memory leak in pickle.Pickler when looking up + dispatch_table. Patch by Kumar Aditya. + - bpo-47025: Drop support for bytes on sys.path. + - Tests + - gh-95212: Make multiprocessing test case + test_shared_memory_recreate parallel-safe. + - Build + - gh-94847: Fixed _decimal module build issue on GCC when + compiling with LTO and pydebug. Debug builds no longer + force inlining of functions. + - gh-94841: Fix the possible performance regression of + PyObject_Free() compiled with MSVC version 1932. + - gh-94801: configure now uses custom flags like ZLIB_CFLAGS + and ZLIB_LIBS when searching for headers and libraries. + - gh-94773: deepfreeze.py now supports code object with + frozensets that contain incompatible, unsortable types. + - C API + - gh-94930: Fix SystemError raised when + PyArg_ParseTupleAndKeywords() is used with # in (...) but + without PY_SSIZE_T_CLEAN defined. + - gh-94864: Fix PyArg_Parse* with deprecated format units “u” + and “Z”. It returned 1 (success) when warnings are turned + into exceptions. + - gh-94731: Python again uses C-style casts for + most casting operations when compiled with + C++. This may trigger compiler warnings, if they + are enabled with e.g. -Wold-style-cast `` or + ``-Wzero-as-null-pointer-constant options for g++. + +------------------------------------------------------------------- +Thu Jul 21 14:19:53 UTC 2022 - Matej Cepl + +- Switch from %primary_interpreter to prjconf-defined + %primary_python (gh#openSUSE/python-rpm-macros#127). + +------------------------------------------------------------------- +Thu Jul 14 15:37:35 UTC 2022 - Matej Cepl + +- Update to 3.11.0b4: +- Fixes many bugs and adds following more significant changes +- Security + - gh-68966: The deprecated mailcap module now refuses to inject + Coreunsafe text (filenames, MIME types, parameters) into + shell Corecommands. Instead of using such text, it will + warn and act Coreas if a match was not found (or for test + commands, as if the Coretest failed). and Builtins + - gh-93516: Lazily create a table mapping bytecode offsets to + line numbers to speed up calculation of line numbers when + tracing. + - gh-93461: importlib.invalidate_caches() now drops entries + from sys.path_importer_cache with a relative path as + name. This solves a caching issue when a process changes its + current working directory. + - FileFinder no longer inserts a dot in the path, e.g. + /egg/./spam is now /egg/spam. +Library + - gh-93896: Fix asyncio.run() and + unittest.IsolatedAsyncioTestCase to always the set event loop + as it was done in Python 3.10 and earlier. Patch by Kumar + Aditya. + - gh-94101: Manual instantiation of ssl.SSLSession objects is + no longer allowed as it lead to misconfigured instances that + crashed the interpreter when attributes where accessed on + them. + - gh-83658: Make multiprocessing.Pool raise an exception if + maxtasksperchild is not None or a positive int. + - gh-61162: Clarify sqlite3 behavior when Using the connection + as a context manager. +Tools/Demos + - gh-94538: Fix Argument Clinic output to custom file + destinations. Patch by Erlend E. Aasland. +C API + - gh-93937: The following frame functions and type are now + directly available with #include , it’s no longer + needed to add #include : + PyFrame_Check() + PyFrame_GetBack() + PyFrame_GetBuiltins() + PyFrame_GetGenerator() + PyFrame_GetGlobals() + PyFrame_GetLasti() + PyFrame_GetLocals() + PyFrame_Type + +------------------------------------------------------------------- +Tue May 31 20:54:36 UTC 2022 - Matej Cepl + +- Update to 3.11.0b2: + - many small updates +- Add patch support-expat-245.patch: + * Support Expat >= 2.4.4 (jsc#SLE-21253) + +------------------------------------------------------------------- +Tue May 10 15:01:18 UTC 2022 - Matej Cepl + +- Refresh bluez-devel-vendor.tar.xz +- Fix building with system-expat (gh#python/cpython#92875). Nope, + it didn't work, worked around it. + +------------------------------------------------------------------- +Mon May 9 15:09:03 UTC 2022 - Matej Cepl + +- Update to pre-release version 3.11.0b1: + - PEP 657 – Include Fine-Grained Error Locations in Tracebacks + - PEP 654 – Exception Groups and except* + - PEP 673 – Self Type + - PEP 646 – Variadic Generics + - PEP 680– tomllib: Support for Parsing TOML in the Standard Library + - PEP 675– Arbitrary Literal String Type + - PEP 655– Marking individual TypedDict items as required or potentially-missing + - bpo-46752– Introduce task groups to asyncio + - The Faster Cpython Project is already yielding some exciting + results. Python 3.11 is up to 10-60% faster than Python + 3.10. On average, we measured a 1.22x speedup on the standard + benchmark suite. See + https://docs.python.org/3.11/whatsnew/3.11.html#faster-cpython + for details. + +------------------------------------------------------------------- +Thu May 5 14:35:56 UTC 2022 - Matej Cepl + +- Switch primary_interpreter from python38 to python310 + +------------------------------------------------------------------- +Sat Mar 26 22:52:45 UTC 2022 - Matej Cepl + +- Update to 3.10.4: + - bpo-46968: Check for the existence of the “sys/auxv.h” header + in faulthandler to avoid compilation problems in systems + where this header doesn’t exist. Patch by Pablo Galindo + - bpo-23691: Protect the re.finditer() iterator from + re-entering. + - bpo-42369: Fix thread safety of zipfile._SharedFile.tell() to + avoid a “zipfile.BadZipFile: Bad CRC-32 for file” exception + when reading a ZipFile from multiple threads. + - bpo-38256: Fix binascii.crc32() when it is compiled to use + zlib’c crc32 to work properly on inputs 4+GiB in length + instead of returning the wrong result. The workaround prior + to this was to always feed the function data in increments + smaller than 4GiB or to just call the zlib module function. + - bpo-39394: A warning about inline flags not at the start of + the regular expression now contains the position of the flag. + - bpo-47061: Deprecate the various modules listed by PEP 594: + - aifc, asynchat, asyncore, audioop, cgi, cgitb, chunk, crypt, + imghdr, msilib, nntplib, nis, ossaudiodev, pipes, smtpd, + sndhdr, spwd, sunau, telnetlib, uu, xdrlib + - bpo-2604: Fix bug where doctests using globals would fail + when run multiple times. + - bpo-45997: Fix asyncio.Semaphore re-aquiring FIFO order. + - bpo-47022: The asynchat, asyncore and smtpd modules have been + deprecated since at least Python 3.6. Their documentation and + deprecation warnings and have now been updated to note they + will removed in Python 3.12 (PEP 594). + - bpo-46421: Fix a unittest issue where if the command was + invoked as python -m unittest and the filename(s) began with + a dot (.), a ValueError is returned. + - bpo-40296: Fix supporting generic aliases in pydoc. + +- Update to 3.10.3: + - bpo-46940: Avoid overriding AttributeError metadata + information for nested attribute access calls. Patch by Pablo + Galindo. + - bpo-46852: Rename the private undocumented + float.__set_format__() method to float.__setformat__() to fix + a typo introduced in Python 3.7. The method is only used by + test_float. Patch by Victor Stinner. + - bpo-46794: Bump up the libexpat version into 2.4.6 + - bpo-46820: Fix parsing a numeric literal immediately (without + spaces) followed by “not in” keywords, like in 1not in x. Now + the parser only emits a warning, not a syntax error. + - bpo-46762: Fix an assert failure in debug builds when a ‘<’, + ‘>’, or ‘=’ is the last character in an f-string that’s + missing a closing right brace. + - bpo-46724: Make sure that all backwards jumps use the + JUMP_ABSOLUTE instruction, rather than JUMP_FORWARD with an + argument of (2**32)+offset. + - bpo-46732: Correct the docstring for the __bool__() method. + Patch by Jelle Zijlstra. + - bpo-46707: Avoid potential exponential backtracking when + producing some syntax errors involving lots of brackets. + Patch by Pablo Galindo. + - bpo-40479: Add a missing call to va_end() in + Modules/_hashopenssl.c. + - bpo-46615: When iterating over sets internally in + setobject.c, acquire strong references to the resulting items + from the set. This prevents crashes in corner-cases of + various set operations where the set gets mutated. + - bpo-45773: Remove two invalid “peephole” optimizations from + the bytecode compiler. + - bpo-43721: Fix docstrings of getter, setter, and deleter to + clarify that they create a new copy of the property. + - bpo-46503: Fix an assert when parsing some invalid N escape + sequences in f-strings. + - bpo-46417: Fix a race condition on setting a type __bases__ + attribute: the internal function add_subclass() now gets the + PyTypeObject.tp_subclasses member after calling + PyWeakref_NewRef() which can trigger a garbage collection + which can indirectly modify PyTypeObject.tp_subclasses. Patch + by Victor Stinner. + - bpo-46383: Fix invalid signature of _zoneinfo’s module_free + function to resolve a crash on wasm32-emscripten platform. + - bpo-46070: Py_EndInterpreter() now explicitly untracks all + objects currently tracked by the GC. Previously, if an object + was used later by another interpreter, calling + PyObject_GC_UnTrack() on the object crashed if the previous + or the next object of the PyGC_Head structure became + a dangling pointer. Patch by Victor Stinner. + - bpo-46339: Fix a crash in the parser when retrieving the + error text for multi-line f-strings expressions that do not + start in the first line of the string. Patch by Pablo Galindo + - bpo-46240: Correct the error message for unclosed parentheses + when the tokenizer doesn’t reach the end of the source when + the error is reported. Patch by Pablo Galindo + - bpo-46091: Correctly calculate indentation levels for lines + with whitespace character that are ended by line continuation + characters. Patch by Pablo Galindo + - bpo-43253: Fix a crash when closing transports where the + underlying socket handle is already invalid on the Proactor + event loop. + - bpo-47004: Apply bugfixes from importlib_metadata 4.11.3, + including bugfix for EntryPoint.extras, which was returning + match objects and not the extras strings. + - bpo-46985: Upgrade pip wheel bundled with ensurepip (pip + 22.0.4) + - bpo-46968: faulthandler: On Linux 5.14 and newer, dynamically + determine size of signal handler stack size CPython allocates + using getauxval(AT_MINSIGSTKSZ). This changes allows for + Python extension’s request to Linux kernel to use AMX_TILE + instruction set on Sapphire Rapids Xeon processor to succeed, + unblocking use of the ISA in frameworks. + - bpo-46955: Expose asyncio.base_events.Server as + asyncio.Server. Patch by Stefan Zabka. + - bpo-23325: The signal module no longer assumes that SIG_IGN + and SIG_DFL are small int singletons. + - bpo-46932: Update bundled libexpat to 2.4.7 + - bpo-25707: Fixed a file leak in + xml.etree.ElementTree.iterparse() when the iterator is not + exhausted. Patch by Jacob Walls. + - bpo-44886: Inherit asyncio proactor datagram transport from + asyncio.DatagramTransport. + - bpo-46827: Support UDP sockets in asyncio.loop.sock_connect() + for selector-based event loops. Patch by Thomas Grainger. + - bpo-46811: Make test suite support Expat >=2.4.5 + - bpo-46252: Raise TypeError if ssl.SSLSocket is passed to + transport-based APIs. + - bpo-46784: Fix libexpat symbols collisions with user + dynamically loaded or statically linked libexpat in embedded + Python. + - bpo-39327: shutil.rmtree() can now work with VirtualBox + shared folders when running from the guest operating-system. + - bpo-46756: Fix a bug in + urllib.request.HTTPPasswordMgr.find_user_password() and + urllib.request.HTTPPasswordMgrWithPriorAuth.is_authenticated() + which allowed to bypass authorization. For example, access to + URI example.org/foobar was allowed if the user was authorized + for URI example.org/foo. + - bpo-46643: In typing.get_type_hints(), support evaluating + stringified ParamSpecArgs and ParamSpecKwargs annotations. + Patch by Gregory Beauregard. + - bpo-45863: When the tarfile module creates a pax format + archive, it will put an integer representation of timestamps + in the ustar header (if possible) for the benefit of older + unarchivers, in addition to the existing full-precision + timestamps in the pax extended header. + - bpo-46676: Make typing.ParamSpec args and kwargs equal to + themselves. Patch by Gregory Beauregard. + - bpo-46672: Fix NameError in asyncio.gather() when initial + type check fails. + - bpo-46655: In typing.get_type_hints(), support evaluating + bare stringified TypeAlias annotations. Patch by Gregory + Beauregard. + - bpo-45948: Fixed a discrepancy in the C implementation of the + xml.etree.ElementTree module. Now, instantiating an + xml.etree.ElementTree.XMLParser with a target=None keyword + provides a default xml.etree.ElementTree.TreeBuilder target + as the Python implementation does. + - bpo-46521: Fix a bug in the codeop module that was + incorrectly identifying invalid code involving string quotes + as valid code. + - bpo-46581: Brings ParamSpec propagation for GenericAlias in + line with Concatenate (and others). + - bpo-46591: Make the IDLE doc URL on the About IDLE dialog + clickable. + - bpo-46400: expat: Update libexpat from 2.4.1 to 2.4.4 + - bpo-46487: Add the get_write_buffer_limits method to + asyncio.transports.WriteTransport and to the SSL transport. + - bpo-45173: Note the configparser deprecations will be removed + in Python 3.12. + - bpo-46539: In typing.get_type_hints(), support evaluating + stringified ClassVar and Final annotations inside Annotated. + Patch by Gregory Beauregard. + - bpo-46491: Allow typing.Annotated to wrap typing.Final and + typing.ClassVar. Patch by Gregory Beauregard. + - bpo-46436: Fix command-line option -d/--directory in module + http.server which is ignored when combined with command-line + option --cgi. Patch by Géry Ogam. + - bpo-41403: Make mock.patch() raise a TypeError with + a relevant error message on invalid arg. Previously it + allowed a cryptic AttributeError to escape. + - bpo-46474: In importlib.metadata.EntryPoint.pattern, avoid + potential REDoS by limiting ambiguity in consecutive + whitespace. + - bpo-46469: asyncio generic classes now return + types.GenericAlias in __class_getitem__ instead of the same + class. + - bpo-46434: pdb now gracefully handles help when __doc__ is + missing, for example when run with pregenerated optimized + .pyc files. + - bpo-46333: The __eq__() and __hash__() methods of + typing.ForwardRef now honor the module parameter of + typing.ForwardRef. Forward references from different modules + are now differentiated. + - bpo-46246: Add missing __slots__ to + importlib.metadata.DeprecatedList. Patch by Arie Bovenberg. + - bpo-46266: Improve day constants in calendar. + - Now all constants (MONDAY … SUNDAY) are documented, tested, + and added to __all__. + - bpo-46232: The ssl module now handles certificates with bit + strings in DN correctly. + - bpo-43118: Fix a bug in inspect.signature() that was causing + it to fail on some subclasses of classes with + a __text_signature__ referencing module globals. Patch by + Weipeng Hong. + - bpo-26552: Fixed case where failing asyncio.ensure_future() + did not close the coroutine. Patch by Kumar Aditya. + - bpo-21987: Fix an issue with tarfile.TarFile.getmember() + getting a directory name with a trailing slash. + - bpo-20392: Fix inconsistency with uppercase file extensions + in MimeTypes.guess_type(). Patch by Kumar Aditya. + - bpo-46080: Fix exception in argparse help text generation if + a argparse.BooleanOptionalAction argument’s default is + argparse.SUPPRESS and it has help specified. Patch by Felix + Fontein. + - bpo-44439: Fix .write() method of a member file in ZipFile, + when the input data is an object that supports the buffer + protocol, the file length may be wrong. + - bpo-45703: When a namespace package is imported before + another module from the same namespace is created/installed + in a different sys.path location while the program is + running, calling the importlib.invalidate_caches() function + will now also guarantee the new module is noticed. + - bpo-24959: Fix bug where unittest sometimes drops frames from + tracebacks of exceptions raised in tests. + - bpo-44791: Fix substitution of ParamSpec in Concatenate with + different parameter expressions. Substitution with a list of + types returns now a tuple of types. Substitution with + Concatenate returns now a Concatenate with concatenated lists + of arguments. + - bpo-14156: argparse.FileType now supports an argument of ‘-’ + in binary mode, returning the .buffer attribute of + sys.stdin/sys.stdout as appropriate. Modes including ‘x’ and + ‘a’ are treated equivalently to ‘w’ when argument is ‘-’. + Patch contributed by Josh Rosenberg + - bpo-46463: Fixes escape4chm.py script used when building the + CHM documentation file + - bpo-46913: Fix test_faulthandler.test_sigfpe() if Python is + built with undefined behavior sanitizer (UBSAN): disable + UBSAN on the faulthandler_sigfpe() function. Patch by Victor + Stinner. + - bpo-46708: Prevent default asyncio event loop policy + modification warning after test_asyncio execution. + - bpo-46678: The function make_legacy_pyc in + Lib/test/support/import_helper.py no longer fails when + PYTHONPYCACHEPREFIX is set to a directory on a different + device from where tempfiles are stored. + - bpo-46616: Ensures test_importlib.test_windows cleans up + registry keys after completion. + - bpo-44359: test_ftplib now silently ignores socket errors to + prevent logging unhandled threading exceptions. Patch by + Victor Stinner. + - bpo-46542: Fix a Python crash in test_lib2to3 when using + Python built in debug mode: limit the recursion limit. Patch + by Victor Stinner. + - bpo-46576: test_peg_generator now disables compiler + optimization when testing compilation of its own C extensions + to significantly speed up the testing on non-debug builds of + CPython. + - bpo-46542: Fix test_json tests checking for RecursionError: + modify these tests to use support.infinite_recursion(). Patch + by Victor Stinner. + - bpo-13886: Skip test_builtin PTY tests on non-ASCII + characters if the readline module is loaded. The readline + module changes input() behavior, but test_builtin is not + intented to test the readline module. Patch by Victor + Stinner. + - bpo-38472: Fix GCC detection in setup.py when + cross-compiling. The C compiler is now run with LC_ALL=C. + Previously, the detection failed with a German locale. + - bpo-46513: configure no longer uses AC_C_CHAR_UNSIGNED macro + and pyconfig.h no longer defines reserved symbol + __CHAR_UNSIGNED__. + - bpo-45296: Clarify close, quit, and exit in IDLE. In the File + menu, ‘Close’ and ‘Exit’ are now ‘Close Window’ (the current + one) and ‘Exit’ is now ‘Exit IDLE’ (by closing all windows). + In Shell, ‘quit()’ and ‘exit()’ mean ‘close Shell’. If there + are no other windows, this also exits IDLE. + - bpo-45447: Apply IDLE syntax highlighting to pyi files. Patch + by Alex Waygood and Terry Jan Reedy. + - bpo-46433: The internal function _PyType_GetModuleByDef now + correctly handles inheritance patterns involving static + types. + - bpo-14916: Fixed bug in the tokenizer that prevented + PyRun_InteractiveOne from parsing from the provided FD. + +- Remove upstreamed patches: + - support-expat-245.patch + +------------------------------------------------------------------- +Tue Feb 22 05:53:06 UTC 2022 - Steve Kowalik + +- Add patch support-expat-245.patch: + * Support Expat >= 2.4.5 + +------------------------------------------------------------------- +Tue Feb 15 23:05:55 UTC 2022 - Matej Cepl + +- bsc#1195831 Obsolete older "most modern" versions of python + packages (python39 for python310 and so forth). For next + versions it is necessary just to edit the macro. + +------------------------------------------------------------------- +Tue Jan 25 16:09:25 UTC 2022 - Matej Cepl + +- Remove second superfluous BR rpm-build-python + +------------------------------------------------------------------- +Tue Jan 25 16:09:25 UTC 2022 - Matej Cepl + +- Remove second superfluous BR rpm-build-python +- Add fix_configure_rst.patch, which removes duplicate link + targets and make documentation with old Sphinx in SLE +- Skip test_capi (bsc#1195140 and bpo#37169) + +------------------------------------------------------------------- +Wed Jan 19 22:01:51 UTC 2022 - Matej Cepl + +- Update to 3.10.2: + Bugfix only + - bpo#46347 memory leak in PyEval_EvalCodeEx (especially + visible with Cython code) + - and many others + +------------------------------------------------------------------- +Wed Dec 8 13:07:25 UTC 2021 - Matej Cepl + +- Upgrade to 3.10.1 (jsc#SLE-18038): + - PEP 623 – Deprecate and prepare for the removal of the wstr + member in PyUnicodeObject. + - PEP 604 – Allow writing union types as X | Y + - PEP 612 – Parameter Specification Variables + - PEP 626 – Precise line numbers for debugging and other tools. + - PEP 618 – Add Optional Length-Checking To zip. + - bpo-12782: Parenthesized context managers are now officially + allowed. + - PEP 632 – Deprecate distutils module. + - PEP 613 – Explicit Type Aliases + - PEP 634 – Structural Pattern Matching: Specification + - PEP 635 – Structural Pattern Matching: Motivation and + Rationale + - PEP 636 – Structural Pattern Matching: Tutorial + - PEP 644 – Require OpenSSL 1.1.1 or newer + - PEP 624 – Remove Py_UNICODE encoder APIs + - PEP 597 – Add optional EncodingWarning +- Patches readjusted: + - bpo-31046_ensurepip_honours_prefix.patch + - python-3.3.0b1-fix_date_time_compiler.patch + +------------------------------------------------------------------- +Sat Dec 4 18:40:28 UTC 2021 - Matej Cepl + +- Remove pdb_adjust_breakpoints.patch and instead just adjust location + of the test breakpoint in Lib/test/test_pdb.py via sed, because we + have shortened Lib/pdb.py by removing the shebang (bpo#45964). + +------------------------------------------------------------------- +Thu Dec 2 13:51:57 UTC 2021 - Matej Cepl + +- Add pdb_adjust_breakpoints.patch fixing expectd results in + test_pdb_breakpoints_preserved_across_interactive_sessions + (bpo#45964). + +------------------------------------------------------------------- +Mon Nov 29 00:17:07 UTC 2021 - Matej Cepl + +- Remove shebangs from from python-base libraries in _libdir + (bsc#1193179). +- Readjust patches: + - bpo-31046_ensurepip_honours_prefix.patch + - decimal.patch + - python-3.3.0b1-fix_date_time_compiler.patch + +------------------------------------------------------------------- +Tue Nov 16 16:03:43 UTC 2021 - Matej Cepl + +- Move rpm-build-python construct to correct place. + +------------------------------------------------------------------- +Wed Oct 13 08:52:47 UTC 2021 - Dominique Leuenberger + +- BuildRequire rpm-build-python: The provider to inject python(abi) + has been moved there. rpm-build pulls rpm-build-python + automatically in when building anything against python3-base, but + this implies that the initial build of python3-base does not + trigger the automatic installation. + +------------------------------------------------------------------- +Tue Oct 5 22:36:51 UTC 2021 - Matej Cepl + +- Final release of 3.10.0: + Complete list on https://www.python.org/downloads/release/python-3100/, + but highlights are: + - PEP 623 – Deprecate and prepare for the removal of the wstr + member in PyUnicodeObject. + - PEP 604 – Allow writing union types as X | Y + - PEP 612 – Parameter Specification Variables + - PEP 626 – Precise line numbers for debugging and other + tools. + - PEP 618 – Add Optional Length-Checking To zip. + - PEP 632 – Deprecate distutils module. + - PEP 613 – Explicit Type Aliases + - PEP 634 – Structural Pattern Matching: Specification + - PEP 635 – Structural Pattern Matching: Motivation and + Rationale + - PEP 636 – Structural Pattern Matching: Tutorial + - PEP 644 – Require OpenSSL 1.1.1 or newer + - PEP 624 – Remove Py_UNICODE encoder APIs + - PEP 597 – Add optional EncodingWarning + - bpo-12782: Parenthesized context managers are now officially + allowed. + +------------------------------------------------------------------- +Mon Aug 30 12:48:25 UTC 2021 - Matej Cepl + +- Switch on option --with-system-libmpdec (bsc#1189356). + +------------------------------------------------------------------- +Fri Aug 27 13:15:03 UTC 2021 - Andreas Schwab + +- Reenable profileopt with qemu emulation, test_faulthandler is no longer + run during profiling + +------------------------------------------------------------------- +Thu Aug 12 15:11:39 UTC 2021 - Andreas Schwab + +- test_faulthandler is still problematic under qemu linux-user emulation, + disable it there + +------------------------------------------------------------------- +Wed Aug 11 05:57:11 UTC 2021 - Matej Cepl + +- Update to 3.10.0rc1 (the penultimate prerelease), which contains + plenty of small bugfixes among others: + - bpo#38605: from __future__ import annotations (PEP 563) used to be + on this list in previous pre-releases but it has been postponed to + Python 3.11 due to some compatibility concerns. + - bpo-44600: Fix incorrect line numbers while tracing some failed + patterns in match statements. Patch by Charles Burkland. + - plenty of modifications in types.Union + +------------------------------------------------------------------- +Wed Jul 21 13:44:48 UTC 2021 - Matej Cepl + +- Update to 3.10.0b4: + https://docs.python.org/3.10/whatsnew/changelog.html#python-3-10-0-beta-4 +- Remove python3-imp-returntype.patch which has been upstreamed. + +------------------------------------------------------------------- +Mon Jun 7 15:52:44 UTC 2021 - Matej Cepl + +- Update to 3.10.0b2: + - PEP 623 -- Deprecate and prepare for the removal of the wstr + member in PyUnicodeObject. + - PEP 604 -- Allow writing union types as X | Y + - PEP 612 -- Parameter Specification Variables + - PEP 626 -- Precise line numbers for debugging and other + tools. + - PEP 618 -- Add Optional Length-Checking To zip. + - bpo-12782: Parenthesized context managers are now officially + allowed. + - PEP 632 -- Deprecate distutils module. + - PEP 613 -- Explicit Type Aliases + - PEP 634 -- Structural Pattern Matching: Specification + - PEP 635 -- Structural Pattern Matching: Motivation and + Rationale + - PEP 636 -- Structural Pattern Matching: Tutorial + - PEP 644 -- Require OpenSSL 1.1.1 or newer + - PEP 624 -- Remove Py_UNICODE encoder APIs + - PEP 597 -- Add optional EncodingWarning +- Removed patches (assumed upstream): + - sphinx-update-removed-function.patch + +------------------------------------------------------------------- +Sat Jun 5 21:21:38 UTC 2021 - Matej Cepl + +- Revert previous skip over test_capi +- Add skip-test_pyobject_freed_is_freed.patch to skip failing + test on SLE-15. + +------------------------------------------------------------------- +Fri Jun 4 21:36:30 UTC 2021 - Dirk Müller + +- allow build with Sphinx >= 3.x + +------------------------------------------------------------------- +Wed Jun 2 13:12:04 UTC 2021 - Dan Čermák + +- Exclude test_capi on Leap (test fails there) + +------------------------------------------------------------------- +Fri May 21 15:13:59 UTC 2021 - Matej Cepl + +- Stop providing "python" symbol (bsc#1185588), which means + python2 currently. + +------------------------------------------------------------------- +Wed May 5 15:16:58 UTC 2021 - Matej Cepl + +- Update to 3.9.5: + * Security + - bpo-43434: Creating a sqlite3.Connection object now also + produces a sqlite3.connect auditing event. Previously this + event was only produced by sqlite3.connect() calls. Patch + by Erlend E. Aasland. + - bpo-43882: The presence of newline or tab characters in + parts of a URL could allow some forms of attacks. + - Following the controlling specification for URLs defined by + WHATWG urllib.parse() now removes ASCII newlines and tabs + from URLs, preventing such attacks. + - bpo-43472: Ensures interpreter-level audit hooks receive + the cpython.PyInterpreterState_New event when called + through the _xxsubinterpreters module. + - bpo-36384: ipaddress module no longer accepts any leading + zeros in IPv4 address strings. Leading zeros are ambiguous + and interpreted as octal notation by some libraries. For + example the legacy function socket.inet_aton() treats + leading zeros as octal notatation. glibc implementation of + modern inet_pton() does not accept any leading zeros. For + a while the ipaddress module used to accept ambiguous + leading zeros. + - bpo-43075: Fix Regular Expression Denial of Service (ReDoS) + vulnerability in urllib.request.AbstractBasicAuthHandler. + The ReDoS-vulnerable regex has quadratic worst-case + complexity and it allows cause a denial of service when + identifying crafted invalid RFCs. This ReDoS issue is on + the client side and needs remote attackers to control the + HTTP server. + - bpo-42800: Audit hooks are now fired for frame.f_code, + traceback.tb_frame, and generator code/frame attribute + access. + * Core and Builtins + - bpo-43105: Importlib now resolves relative paths when + creating module spec objects from file locations. + - bpo-42924: Fix bytearray repetition incorrectly copying + data from the start of the buffer, even if the data is + offset within the buffer (e.g. after reassigning a slice at + the start of the bytearray to a shorter byte string). + * Library + - bpo-43993: Update bundled pip to 21.1.1. + - bpo-43937: Fixed the turtle module working with non-default + root window. + - bpo-43930: Update bundled pip to 21.1 and setuptools to + 56.0.0 + - bpo-43920: OpenSSL 3.0.0: load_verify_locations() now + returns a consistent error message when cadata contains no + valid certificate. + - bpo-43607: urllib can now convert Windows paths with \\?\ + prefixes into URL paths. + - bpo-43284: platform.win32_ver derives the windows version + from sys.getwindowsversion().platform_version which in turn + derives the version from kernel32.dll (which can be of + a different version than Windows itself). Therefore change + the platform.win32_ver to determine the version using the + platform module’s _syscmd_ver private function to return an + accurate version. + - bpo-42248: [Enum] ensure exceptions raised in _missing__ + are released + - bpo-43799: OpenSSL 3.0.0: define OPENSSL_API_COMPAT 1.1.1 + to suppress deprecation warnings. Python requires OpenSSL + 1.1.1 APIs. + - bpo-43794: Add ssl.OP_IGNORE_UNEXPECTED_EOF constants + (OpenSSL 3.0.0) + - bpo-43789: OpenSSL 3.0.0: Don’t call the password callback + function a second time when first call has signaled an + error condition. + - bpo-43788: The header files for ssl error codes are now + OpenSSL version-specific. Exceptions will now show correct + reason and library codes. The make_ssl_data.py script has + been rewritten to use OpenSSL’s text file with error codes. + - bpo-43655: tkinter dialog windows are now recognized as + dialogs by window managers on macOS and X Window. + - bpo-43534: turtle.textinput() and turtle.numinput() create + now a transient window working on behalf of the canvas + window. + - bpo-43522: Fix problem with hostname_checks_common_name. + OpenSSL does not copy hostflags from struct SSL_CTX to + struct SSL. + - bpo-42967: Allow bytes separator argument in + urllib.parse.parse_qs and urllib.parse.parse_qsl when + parsing str query strings. Previously, this raised + a TypeError. + - bpo-43176: Fixed processing of a dataclass that inherits + from a frozen dataclass with no fields. It is now correctly + detected as an error. + - bpo-41735: Fix thread locks in zlib module may go wrong in + rare case. Patch by Ma Lin. + - bpo-36470: Fix dataclasses with InitVars and replace(). + Patch by Claudiu Popa. + - bpo-32745: Fix a regression in the handling of ctypes’ + ctypes.c_wchar_p type: embedded null characters would cause + a ValueError to be raised. Patch by Zackery Spytz. + * Documentation + - bpo-43959: The documentation on the PyContextVar C-API was + clarified. + - bpo-43938: Update dataclasses documentation to express that + FrozenInstanceError is derived from AttributeError. + - bpo-43755: Update documentation to reflect that + unparenthesized lambda expressions can no longer be the + expression part in an if clause in comprehensions and + generator expressions since Python 3.9. + - bpo-43739: Fixing the example code in + Doc/extending/extending.rst to declare and initialize the + pmodule variable to be of the right type. + * Tests + - bpo-43961: Fix + test_logging.test_namer_rotator_inheritance() on Windows: + use os.replace() rather than os.rename(). Patch by Victor + Stinner. + - bpo-43842: Fix a race condition in the SMTP test of + test_logging. Don’t close a file descriptor (socket) from + a different thread while asyncore.loop() is polling the + file descriptor. Patch by Victor Stinner. + - bpo-43811: Tests multiple OpenSSL versions on GitHub + Actions. Use ccache to speed up testing. + - bpo-43791: OpenSSL 3.0.0: Disable testing of legacy + protocols TLS 1.0 and 1.1. Tests are failing with + TLSV1_ALERT_INTERNAL_ERROR. +- Refreshed patches: + - bpo-31046_ensurepip_honours_prefix.patch + - python-3.3.0b1-fix_date_time_compiler.patch +- Add vendorized files from bluez-devel to enable building support for + Bluetooth. + +------------------------------------------------------------------- +Sun May 2 09:20:06 UTC 2021 - Ben Greiner + +- Make sure to close the import_failed.map file after the exception + has been raised in order to avoid ResourceWarnings when the + failing import is part of a try...except block. + +------------------------------------------------------------------- +Wed Apr 28 16:39:54 UTC 2021 - Matej Cepl + +- Update to 3.9.4: + - bpo#43710: Reverted the fix for https://bugs.python.org/issue42500 + as it changed the PyThreadState struct size and broke the 3.9.x ABI + in the 3.9.3 release (visible on 32-bit platforms using binaries + compiled using an earlier version of Python 3.9.x headers). + - bpo#26053: Fixed bug where the pdb interactive run command echoed + the args from the shell command line, even if those have been + overridden at the pdb prompt. + - bpo#42988 (bsc#1183374) CVE-2021-3426: Remove the getfile + feature of the pydoc module which could be abused to read + arbitrary files on the disk (directory traversal + vulnerability). Moreover, even source code of Python modules + can contain sensitive data like passwords. Vulnerability + reported by David Schwörer. + - bpo#43285: ftplib no longer trusts the IP address value + returned from the server in response to the PASV command by + default. This prevents a malicious FTP server from using the + response to probe IPv4 address and port combinations on the + client network. Code that requires the former vulnerable + behavior may set a trust_server_pasv_ipv4_address attribute + on their ftplib.FTP instances to True to re-enable it. + - bpo#43439: Add audit hooks for gc.get_objects(), + gc.get_referrers() and gc.get_referents(). Patch by Pablo + Galindo. + - bpo#43660: Fix crash that happens when replacing sys.stderr + with a callable that can remove the object while an exception + is being printed. Patch by Pablo Galindo. + - bpo#43555: Report the column offset for SyntaxError for + invalid line continuation characters. Patch by Pablo Galindo. + - bpo#43517: Fix misdetection of circular imports when using + from pkg.mod import attr, which caused false positives in + non-trivial multi-threaded code. + - bpo#35883: Python no longer fails at startup with a fatal + error if a command line argument contains an invalid Unicode + character. The Py_DecodeLocale() function now escapes byte + sequences which would be decoded as Unicode characters + outside the [U+0000; U+10ffff] range. + - bpo#43406: Fix a possible race condition where + PyErr_CheckSignals tries to execute a non-Python signal + handler. + - bpo#42500: Improve handling of exceptions near recursion + limit. Converts a number of Fatal Errors in RecursionErrors. + - bpo#43433: xmlrpc.client.ServerProxy no longer ignores query + and fragment in the URL of the server. + - bpo#35930: Raising an exception raised in a “future” instance + will create reference cycles. + - bpo#43577: Fix deadlock when using ssl.SSLContext debug + callback with ssl.SSLContext.sni_callback(). + - bpo#43521: ast.unparse can now render NaNs and empty sets. + - bpo#43423: subprocess.communicate() no longer raises an + IndexError when there is an empty stdout or stderr IO buffer + during a timeout on Windows. + - bpo#27820: Fixed long-standing bug of smtplib.SMTP where + doing AUTH LOGIN with initial_response_ok=False will fail. + The cause is that SMTP.auth_login _always_ returns a password + if provided with a challenge string, thus non-compliant with + the standard for AUTH LOGIN. Also fixes bug with the test for + smtpd. + - bpo#43332: Improves the networking efficiency of http.client + when using a proxy via set_tunnel(). Fewer small send calls + are made during connection setup. + - bpo#43399: Fix ElementTree.extend not working on iterators + when using the Python implementation + - bpo#43316: The python -m gzip command line application now + properly fails when detecting an unsupported extension. It + exits with a non-zero exit code and prints an error message + to stderr. + - bpo#43260: Fix TextIOWrapper can not flush internal buffer + forever after very large text is written. + - bpo#42782: Fail fast in shutil.move() to avoid creating + destination directories on failure. + - bpo#37193: Fixed memory leak in socketserver.ThreadingMixIn + introduced in Python 3.7. + - bpo#43199: Answer “Why is there no goto?” in the Design and + History FAQ. + - bpo#43407: Clarified that a result from time.monotonic(), + time.perf_counter(), time.process_time(), or + time.thread_time() can be compared with the result from any + following call to the same function - not just the next + immediate call. + - bpo#27646: Clarify that ‘yield from ’ works with any + iterable, not just iterators. + - bpo#36346: Update some deprecated unicode APIs which are + documented as “will be removed in 4.0” to “3.12”. See PEP 623 + for detail. + - bpo#37945: Fix test_getsetlocale_issue1813() of test_locale: + skip the test if setlocale() fails. Patch by Victor Stinner. + - bpo#41561: Add workaround for Ubuntu’s custom OpenSSL + security level policy. + - bpo#43288: Fix test_importlib to correctly skip Unicode file + tests if the fileystem does not support them. + - bpo#43617: Improve configure.ac: Check for presence of + autoconf-archive package and remove our copies of M4 macros. + - bpo#42225: Document that IDLE can fail on Unix either from + misconfigured IP masquerage rules or failure displaying + complex colored (non-ascii) characters. + - bpo#43283: Document why printing to IDLE’s Shell is often + slower than printing to a system terminal and that it can be + made faster by pre-formatting a single string before + printing. + +------------------------------------------------------------------- +Fri Feb 19 16:58:38 UTC 2021 - Matej Cepl + +- Update to 3.9.2: + - bpo#42938 (bsc#1181126): Avoid static buffers when computing + the repr of ctypes.c_double and ctypes.c_longdouble + values. This issue was assigned CVE-2021-3177. + - bpo#42967 (bsc#1182379): Fix web cache poisoning + vulnerability by defaulting the query args separator to &, + and allowing the user to choose a custom separator. This + issue was assigned CVE-2021-23336. +- Upstreamed patches were removed: + - CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch + - bsc1167501-invalid-alignment.patch + - skip_random_failing_tests.patch + - CVE-2019-5010-null-defer-x509-cert-DOS.patch + +------------------------------------------------------------------- +Tue Feb 9 01:37:59 UTC 2021 - Steve Kowalik + +- Add Obsoletes for python3-base when primary interpreter is set to + properly replace it during upgrades. (bsc#1181324) + +------------------------------------------------------------------- +Mon Feb 8 22:02:03 UTC 2021 - Matej Cepl + +- Update to 3.9.1: + Security bugs: + - Prevented potential DoS attack via CPU and RAM exhaustion + when processing malformed Apple Property List files in binary + format. + - The plistlib module no longer accepts entity declarations in + XML plist files to avoid XML vulnerabilities. This should not + affect users as entity declarations are not used in regular + plist files. + - Add volatile to the accumulator variable in + hmac.compare_digest, making constant-time-defeating + optimizations less likely. + Core and Builtins + - Allow assignment expressions in set literals and set + comprehensions as per PEP 572. Patch by Pablo Galindo. + - Fix a regression introduced by the new parser, where an + unparenthesized walrus operator was not allowed within + generator expressions. + - types.GenericAlias objects can now be the targets of + weakrefs. + - Fixed a bug in the PEG parser that was causing crashes in + debug mode. Now errors are checked in left-recursive rules to + avoid cases where such errors do not get handled in time and + appear as long-distance crashes in other places. + - Fixed a possible crash in the PEG parser when checking for + the ‘!=’ token in the barry_as_flufl rule. Patch by Pablo + Galindo. + - Fix handling of errors during creation of PyFunctionObject, + which resulted in operations on uninitialized memory. Patch + by Yonatan Goldschmidt. + - Fix a bug in the parser, where a curly brace following + a primary didn’t fail immediately. This led to invalid + expressions like a {b} to throw a SyntaxError with a wrong + offset, or invalid expressions ending with a curly brace like + a { to not fail immediately in the REPL. + - Fix possible buffer overflow in the new parser when checking + for continuation lines. Patch by Pablo Galindo. + - Run the parser two times. On the first run, disable all the + rules that only generate better error messages to gain + performance. If there’s a parse failure, run the parser + a second time with those enabled. + - Document the default implementation of object.__eq__. + - Fix peephole optimizer misoptimize conditional jump + + JUMP_IF_NOT_EXC_MATCH pair. + - The garbage collector now tracks all user-defined classes. + Patch by Brandt Bucher. + - Fixed potential issues with removing not completely + initialized module from sys.modules when import fails. + - Star-unpacking is now allowed for with item’s targets in the + PEG parser. + - Fixed stack overflow in issubclass() and isinstance() when + getting the __bases__ attribute leads to infinite recursion. + - When loading a native module and a load failure occurs, + prevent a possible UnicodeDecodeError when not running in + a UTF-8 locale by decoding the load error message using the + current locale’s encoding. + - Correctly count control blocks in ‘except’ in compiler. + Ensures that a syntax error, rather a fatal error, occurs for + deeply nested, named exception handlers. + Library + - types.GenericAlias will now raise a TypeError when attempting + to initialize with a keyword argument. Previously, this would + cause the interpreter to crash if the interpreter was + compiled with debug symbols. This does not affect + interpreters compiled for release. Patch by Ken Jin. + - CGIHTTPRequestHandler.run_cgi() HTTP_ACCEPT improperly + parsed. Replace the special purpose getallmatchingheaders + with generic get_all method and add relevant tests. + - inspect.findsource() now raises OSError instead of IndexError + when co_lineno of a code object is greater than the file + length. This can happen, for example, when a file is edited + after it was imported. PR by Irit Katriel. + - Fix handling of trailing comments by inspect.getsource(). + - ChainMap.__iter__ no longer calls __getitem__ on underlying + maps + - TracebackException no longer holds a reference to the + exception’s traceback object. Consequently, instances of + TracebackException for equivalent but non-equal exceptions + now compare as equal. + - We fixed an issue in pickle.whichmodule in which importing + multiprocessing could change the how pickle identifies which + module an object belongs to, potentially breaking the + unpickling of those objects. + - Clarify the error message for asyncio.IncompleteReadError + when expected is None. + - Extracting a symlink from a tarball should succeed and + overwrite the symlink if it already exists. The fix is to + remove the existing file or symlink before extraction. Based + on patch by Chris AtLee, Jeffrey Kintscher, and Senthil + Kumaran. + - Fixed tkinter.ttk.Style.map(). The function accepts now the + representation of the default state as empty sequence (as + returned by Style.map()). The structure of the result is now + the same on all platform and does not depend on the value of + wantobjects. + - Fix various issues with typing.Literal parameter handling + (flatten, deduplicate, use type to cache key). Patch provided + by Yurii Karabas. + - Fix the threading.Thread class at fork: do nothing if the + thread is already stopped (ex: fork called at Python exit). + Previously, an error was logged in the child process. + - The onerror callback from shutil.rmtree now receives correct + function when os.open fails. + - Fix os.sendfile() on illumos. + - Fixed writing binary Plist files larger than 4 GiB. + - The repr() of typing types containing Generic Alias Types + previously did not show the parameterized types in the + GenericAlias. They have now been changed to do so. + - webbrowser: Ignore NotADirectoryError when calling + xdg-settings. + - binhex.binhex() consisently writes macOS 9 line endings. + - Fix a stack overflow error for asyncio Task or Future repr(). + - The overflow occurs under some circumstances when a Task or + Future recursively returns itself. + - Fix memory leak in subprocess.Popen() in case an uid (gid) + specified in user (group, extra_groups) overflows uid_t + (gid_t). + - Improve asyncio.wait function to create the futures set just + one time. + - InvalidFileException and RecursionError are now the only + errors caused by loading malformed binary Plist file + (previously ValueError and TypeError could be raised in some + specific cases). + - Pickling heap types implemented in C with protocols 0 and + 1 raises now an error instead of producing incorrect data. + - plistlib: fix parsing XML plists with hexadecimal integer + values + - Fix an incorrectly formatted error from + _codecs.charmap_decode() when called with a mapped value + outside the range of valid Unicode code points. PR by Max + Bernstein. + - Fix pickling pure Python datetime.time subclasses. Patch by + Dean Inwood. + - Fixed a bug that was causing ctypes.util.find_library() to + return None when triying to locate a library in an + environment when gcc>=9 is available and ldconfig is not. + Patch by Pablo Galindo + - C14N 2.0 serialisation in xml.etree.ElementTree failed for + unprefixed attributes when a default namespace was defined. + - Fix a bug in the symtable module that was causing + module-scope global variables to not be reported as both + local and global. Patch by Pablo Galindo. + - str() for the type attribute of the tkinter.Event object + always returns now the numeric code returned by Tk instead of + the name of the event type. + - fix tkinter.EventType Enum so all members are strings, and + none are tuples + - Fix SQLite3 segfault when backing up closed database. Patch + contributed by Peter David McCormick. + - Fix the tarfile module to write only basename of TAR file to + GZIP compression header. + - Allow ctypes.wintypes to be imported on non-Windows systems. + - shutil.which() now ignores empty entries in PATHEXT instead + of treating them as a match. + - Fix time-of-check/time-of-action issue in + subprocess.Popen.send_signal. + - Fix --outfile for cProfile / profile not writing the output + file in the original directory when the program being + profiled changes the working directory. PR by Anthony + Sottile. + - ZipFile truncates files to avoid corruption when a shorter + comment is provided in append (“a”) mode. Patch by Jan Mazur. + - Fixed KeyError exception when flattening an email to a string + attempts to replace a non-existent Content-Transfer-Encoding + header. + Documentation + - Fix the URL for the IMAP protocol documents. + - Document __format__ functionality for IP addresses. + - Clarify that subscription expressions are also valid for + certain classes and types in the standard library, and for + user-defined classes and types if the classmethod + __class_getitem__() is provided. + - Documented generic alias type and types.GenericAlias. Also + added an entry in glossary for generic types. + - In Programming FAQ “Sequences (Tuples/Lists)” section, add + “How do you remove multiple items from a list”. + - Fix RemovedInSphinx40Warning when building the documentation. + Patch by Dong-hee Na. + - Update the refcounts info of PyType_FromModuleAndSpec. + - Fix tarfile’s extractfile documentation + - Document some restrictions on the default string + representations of numeric classes. + Tests + - Reenable test_gdb on gdb 9.2 and newer: + https://bugzilla.redhat.com/show_bug.cgi?id=1866884 bug is + fixed in gdb 10.1. + - Fix test_asyncio.test_call_later() race condition: don’t + measure asyncio performance in the call_later() unit test. + The test failed randomly on the CI. + - Include _testinternalcapi module in Windows installer for + test suite + - Fix test_logging.test_race_between_set_target_and_flush(): + the test now waits until all threads complete to avoid + leaking running threads. + - Avoid a test failure in test_lib2to3 if the module has + already imported at the time the test executes. Patch by + Pablo Galindo. + - Tests for CJK codecs no longer call eval() on content + received via HTTP. + - Fix test_site.test_license_exists_at_url(): call + urllib.request.urlcleanup() to reset the global + urllib.request._opener. Patch by Victor Stinner. + - test_ssl: skip test_min_max_version_mismatch when TLS 1.0 is + not available + - Add tests for SIGINT handling in the runpy module. + - Fixed a failure in test_tk.test_widgets.ScaleTest happening + when executing the test with Tk 8.6.10. + Build + - Fix a race condition in “make regen-all” when make -jN option + is used to run jobs in parallel. The clinic.py script now + only use atomic write to write files. Moveover, generated + files are now left unchanged if the content does not change, + to not change the file modification time. + - Update Py_UNREACHABLE to use __builtin_unreachable() if only + the compiler is able to use it. Patch by Dong-hee Na. + - Addressed three compiler warnings found by undefined behavior + sanitizer (ubsan). + IDLE + - Fix reporting offset of the RE error in searchengine. + - Get docstrings for IDLE calltips more often by using + inspect.getdoc. + - Mostly finish using ttk widgets, mainly for editor, settings, + and searches. Some patches by Mark Roseman. + - Use ‘IDLE Shell’ as shell title + - Rewrite the Calltips doc section. + - In calltips, stop reminding that ‘/’ marks the end of + positional-only arguments. + - Typing opening and closing parentheses inside the parentheses + of a function call will no longer cause unnecessary + “flashing” off and on of an existing open call-tip, e.g. when + typed in a string literal. + C API + - Fix potential crash in deallocating method objects when + dynamically allocated PyMethodDef’s lifetime is managed + through the self argument of a PyCFunction. + - Py_FileSystemDefaultEncodeErrors and Py_UTF8Mode are + available again in limited API. +- Readjustet and reapplied patches: + - CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch + - bpo-31046_ensurepip_honours_prefix.patch + - python-3.3.0b1-fix_date_time_compiler.patch + - skip_random_failing_tests.patch + - sphinx-update-removed-function.patch + +------------------------------------------------------------------- +Fri Jan 29 17:22:48 UTC 2021 - Matej Cepl + +- Add CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch fixing + bsc#1181126 (CVE-2021-3177) buffer overflow in PyCArg_repr in + _ctypes/callproc.c, which may lead to remote code execution. + +------------------------------------------------------------------- +Tue Jan 5 09:15:36 UTC 2021 - Matej Cepl + +- (bsc#1180125) We really don't Require python-rpm-macros package. + Unnecessary dependency. + +------------------------------------------------------------------- +Wed Dec 16 16:08:42 UTC 2020 - Matej Cepl + +- Make python39-doc building again +- Add no-skipif-doctests.patch, because SLE-15 version of Sphinx + doesn't know about skipif directive in doctests. + +------------------------------------------------------------------- +Sat Dec 12 14:29:33 UTC 2020 - Matej Cepl + +- Update sphinx-update-removed-function.patch patch to the latest + version in python36. + +------------------------------------------------------------------- +Thu Dec 10 00:26:51 UTC 2020 - Benjamin Greiner + +- Last try before this results in an editwar: + * remove importlib_resources and importlib-metadata + provides/obsoletes + * import importlib_resources is not the same as + import importlib.resources, same for metadata + * The backport packages from PyPI needed for older flavors are + specified as such for setuptools or in pyproject.toml. If a + package requires them they typically add them with a python + version qualifier and the packages have their own version + numbers. + +------------------------------------------------------------------- +Sat Dec 5 16:55:12 UTC 2020 - Matej Cepl + +- Add patch sphinx-update-removed-function.patch to no longer call + a now removed function and to make documentation build independent of + the Sphinx version (bsc#1179630, gh#python/cpython#13236). + +------------------------------------------------------------------- +Fri Nov 13 17:20:08 UTC 2020 - Matej Cepl + +- Don't require packages which break build on SLE-15 although we really + don't need them (python3-python-docs-theme and + python3-sphinxcontrib-qthelp). + +------------------------------------------------------------------- +Fri Oct 9 16:05:50 UTC 2020 - Dominique Leuenberger + +- Fix build with RPM 4.16: error: bare words are no longer + supported, please use "...": x86 == ppc. + +------------------------------------------------------------------- +Tue Oct 6 07:30:56 UTC 2020 - Matej Cepl + +- Update to the final version 3.9.0: + Complete changelog with all (many) + changes from previous version is on + https://docs.python.org/release/3.9.0/whatsnew/3.9.html + Changes from the previous RC versions (not that many) are on + https://docs.python.org/release/3.9.0/whatsnew/changelog.html#changelog + +------------------------------------------------------------------- +Fri Sep 25 06:58:03 UTC 2020 - Dominique Leuenberger + +- Buildrequire timezone only for general flavor. It's used in this + flavor for the test suite. + +------------------------------------------------------------------- +Wed Sep 2 14:39:44 UTC 2020 - Matej Cepl + +- Update to 3.9.0rc1: + * Core and Builtins + - bpo-38156: Handle interrupts that come after EOF + correctly in PyOS_StdioReadline. + * Library + - bpo-41497: Fix potential UnicodeDecodeError in dis + module. + - bpo-41490: Update ensurepip to install pip 20.2.1 and + setuptools 49.2.1. + - bpo-41467: On Windows, fix asyncio recv_into() return + value when the socket/pipe is closed (BrokenPipeError): + return 0 rather than an empty byte string (b''). + - bpo-41425: Make tkinter doc example runnable. + - bpo-41384: Raise TclError instead of TypeError when an + unknown option is passed to tkinter.OptionMenu. + - bpo-38731: Fix NameError in command-line interface of + py_compile. + - bpo-41317: Use add_done_callback() in + asyncio.loop.sock_accept() to unsubscribe reader early on + cancellation. + - bpo-41364: Reduce import overhead of uuid. + - bpo-41341: Recursive evaluation of typing.ForwardRef in + get_type_hints. + - bpo-41182: selector: use DefaultSelector based upon + implementation + - bpo-40726: Handle cases where the end_lineno is None on + ast.increment_lineno(). + * Documentation + - bpo-41045: Add documentation for debug feature of + f-strings. + - bpo-41314: Changed the release when from __future__ + import annotations becomes the default from 4.0 to 3.10 + (following a change in PEP 563). + * Windows + - bpo-41492: Fixes the description that appears in UAC + prompts. + - bpo-40948: Improve post-install message to direct people + to the “py” command. + - bpo-41412: The installer will now fail to install on + Windows 7 and Windows 8. Further, the UCRT dependency is + now always downloaded on demand. + - bpo-40741: Update Windows release to include SQLite + 3.32.3. + * IDLE + - bpo-41468: Improve IDLE run crash error message (which + users should never see). + - bpo-41373: Save files loaded with no line ending, as when + blank, or different line endings, by setting its line + ending to the system default. Fix regression in 3.8.4 and + 3.9.0b4. + +------------------------------------------------------------------- +Tue Sep 1 10:15:06 UTC 2020 - Matej Cepl + +- Synchronize formatting and fixes with python38. + +------------------------------------------------------------------- +Thu Aug 20 15:41:28 UTC 2020 - Andreas Schwab + +- Increase testsuite timeout to account for super long running + test_peg_generator + +------------------------------------------------------------------- +Tue Jul 21 09:53:06 UTC 2020 - Callum Farmer + +- Removed CVE-2019-20907_tarfile-inf-loop.patch: fixed in upstream +- Removed recursion.tar: contained in upstream +- Update to 3.9.0b5: + - bpo-41304: Fixes python3x._pth being ignored on Windows, caused + by the fix for bpo-29778 (CVE-2020-15801). + - bpo-41162: Audit hooks are now cleared later during + finalization to avoid missing events. + - bpo-29778: Ensure python3.dll is loaded from correct locations + when Python is embedded (CVE-2020-15523). + - bpo-39603: Prevent http header injection by rejecting control + characters in http.client.putrequest(…). + - bpo-41295: Resolve a regression in CPython 3.8.4 where defining + “__setattr__” in a multi-inheritance setup and + calling up the hierarchy chain could fail if builtins/extension + types were involved in the base types. + - bpo-41247: Always cache the running loop holder when running + asyncio.set_running_loop. + - bpo-41252: Fix incorrect refcounting in + _ssl.c’s _servername_callback(). + - bpo-41215: Use non-NULL default values in the PEG parser + keyword list to overcome a bug that was ' + preventing Python from being properly compiled when using the + XLC compiler. Patch by Pablo Galindo. + - bpo-41218: Python 3.8.3 had a regression where compiling with + ast.PyCF_ALLOW_TOP_LEVEL_AWAIT would + aggressively mark list comprehension with CO_COROUTINE. Now only + list comprehension making use of async/await will tagged as so. + - bpo-41175: Guard against a NULL pointer dereference within + bytearrayobject triggered by the bytearray() + bytearray() operation. + - bpo-39960: The “hackcheck” that prevents sneaking around a type’s + __setattr__() by calling the superclass method was + rewritten to allow C implemented heap types. + - bpo-41288: Unpickling invalid NEWOBJ_EX opcode with the + C implementation raises now UnpicklingError instead of crashing. + - bpo-39017: Avoid infinite loop when reading specially crafted + TAR files using the tarfile module (CVE-2019-20907, bsc#1174091). + - bpo-41235: Fix the error handling in ssl.SSLContext.load_dh_params(). + - bpo-41207: In distutils.spawn, restore expectation that + DistutilsExecError is raised when the command is not found. + - bpo-39168: Remove the __new__ method of typing.Generic. + - bpo-41194: Fix a crash in the _ast module: it can no longer be + loaded more than once. It now uses a global state rather than a module state. + - bpo-39384: Fixed email.contentmanager to allow set_content() to set a + null string. + - bpo-41300: Save files with non-ascii chars. + Fix regression released in 3.9.0b4 and 3.8.4. + - bpo-37765: Add keywords to module name completion list. + Rewrite Completions section of IDLE doc. + - bpo-40170: Revert PyType_HasFeature() change: it reads + again directly the PyTypeObject.tp_flags + member when the limited C API is not used, rather than always calling + PyType_GetFlags() which hides implementation details. + +------------------------------------------------------------------- +Mon Jul 20 12:06:41 UTC 2020 - Matej Cepl + +- Add CVE-2019-20907_tarfile-inf-loop.patch fixing bsc#1174091 + (CVE-2019-20907, bpo#39017) avoiding possible infinite loop + in specifically crafted tarball. + Add recursion.tar as a testing tarball for the patch. + +------------------------------------------------------------------- +Fri Jul 17 07:07:19 UTC 2020 - Callum Farmer + +- Changed bpo-31046_ensurepip_honours_prefix.patch to include fix from py3.8 + +------------------------------------------------------------------- +Thu Jul 16 21:45:50 UTC 2020 - Callum Farmer + +- Spec file fixes +- Re-added subprocess-raise-timeout.patch: now compatible +- Removed bpo34022-stop_hash-based_invalidation_w_SOURCE_DATE_EPOCH.patch: contained in upstream + +------------------------------------------------------------------- +Wed Jul 15 09:10:42 UTC 2020 - Tomáš Chvátal + +- Fix minor issues found in the staging. + +------------------------------------------------------------------- +Wed Jul 15 06:13:33 UTC 2020 - Tomáš Chvátal + +- Do not set ourselves as primary interpreter + +------------------------------------------------------------------- +Tue Jul 14 20:45:11 UTC 2020 - Matej Cepl + +- Update to 3.9.0b4: + - PEP 584, Union Operators in dict + - PEP 585, Type Hinting Generics In Standard Collections + - PEP 593, Flexible function and variable annotations + - PEP 602, Python adopts a stable annual release cadence + - PEP 615, Support for the IANA Time Zone Database in the + Standard Library + - PEP 616, String methods to remove prefixes and suffixes + - PEP 617, New PEG parser for CPython + - bpo#38379, garbage collection does not block on resurrected + objects; + - bpo#38692, os.pidfd_open added that allows process + management without races and signals; + - bpo#39926, Unicode support updated to version 13.0.0; + - bpo#1635741, when Python is initialized multiple times in + the same process, it does not leak memory anymore; + - A number of Python builtins (range, tuple, set, frozenset, + list, dict) are now sped up using PEP 590 vectorcall; + - A number of Python modules (_abc, audioop, _bz2, _codecs, + _contextvars, _crypt, _functools, _json, _locale, operator, + resource, time, _weakref) now use multiphase initialization + as defined by PEP 489; + - A number of standard library modules (audioop, ast, grp, + _hashlib, pwd, _posixsubprocess, random, select, struct, + termios, zlib) are now using the stable ABI defined by + PEP 384. +- Remove upstreamed patches: + - F00102-lib64.patch + - SUSE-FEDORA-multilib.patch + - OBS_dev-shm.patch + - subprocess-raise-timeout.patch + - bpo36302-sort-module-sources.patch + - bpo40784-Fix-sqlite3-deterministic-test.patch + +------------------------------------------------------------------- +Fri Jul 10 10:55:15 UTC 2020 - Tomáš Chvátal + +- Update pre_checkin.sh and regenerate + +------------------------------------------------------------------- +Fri Jul 10 10:11:39 UTC 2020 - Tomáš Chvátal + +- Convert few dependencies to their pkgconfig counterparts + +------------------------------------------------------------------- +Fri Jul 10 10:08:48 UTC 2020 - Tomáš Chvátal + +- Remove release requirement on libpython, it is not really needed + to be equal as the abi changes with versions + +------------------------------------------------------------------- +Fri Jul 10 10:07:50 UTC 2020 - Tomáš Chvátal + +- Add provides python3-bla on all the subpkgs in case we are + primary provider of the functionality + +------------------------------------------------------------------- +Fri Jul 10 10:02:01 UTC 2020 - Tomáš Chvátal + +- Remove unversioned files from devel subpkg too +- Remove main python3 files from -base based whether we are + primary interpreter or not +- Fix idle to be co-installable +- Add condition to be primary to provide/obsolete python3-* +- Fix doc to build in versioned folder so the pythons can be + installed next to each other + +------------------------------------------------------------------- +Fri Jul 10 07:57:10 UTC 2020 - Tomáš Chvátal + +- Revert the full versioning of calls on the macros. These + are generic so they should really just call python3 X + +------------------------------------------------------------------- +Fri Jul 10 07:56:11 UTC 2020 - Tomáš Chvátal + +- For the doc package we can build with generic flavor, we don't + need the our-interpreter based one + +------------------------------------------------------------------- +Fri Jul 10 07:18:53 UTC 2020 - Tomáš Chvátal + +- Add provides for pytohn3X-typing/etc to allow BR on those still + to work when needed + +------------------------------------------------------------------- +Fri Jul 10 07:14:33 UTC 2020 - Tomáš Chvátal + +- Change macros.python3 to use full versioned 3.8 instead of just 3 + for python interpreter + +------------------------------------------------------------------- +Wed Jul 1 11:50:19 UTC 2020 - Tomáš Chvátal + +- Reduce some now unused conditionals + +------------------------------------------------------------------- +Wed Jul 1 11:00:40 UTC 2020 - Tomáš Chvátal + +- Redux the -base dependencies to match up pre-merge layout + +------------------------------------------------------------------- +Wed Jul 1 09:24:39 UTC 2020 - Tomáš Chvátal + +- Generate baselibs in pre-checkin too + +------------------------------------------------------------------- +Wed Jul 1 09:14:33 UTC 2020 - Tomáš Chvátal + +- Generate the importlib-failed using pre_checking again +- Add back the information about skipped tests on the pre_checkin + output + +------------------------------------------------------------------- +Tue Jun 30 07:11:19 UTC 2020 - Tomáš Chvátal + +- Use %python_pkg_name instead of hardcoding python3 where + applicable +- Sort out preamble with spec-cleaner + +------------------------------------------------------------------- +Mon Jun 29 14:36:10 UTC 2020 - Matej Cepl + +- Calculate required variables instead of relying on their continuous manual update + +------------------------------------------------------------------- +Thu Jun 25 10:44:08 UTC 2020 - Tomáš Chvátal + +- Fix the -base module build again to generate only the deps + we need + +------------------------------------------------------------------- +Wed Jun 17 18:42:51 UTC 2020 - Matej Cepl + +- Replace OBS_dev-shm.patch with the upstream PR#20944 + +------------------------------------------------------------------- +Thu Jun 10 14:30:15 UTC 2020 - Tomáš Chvátal + +- Use the %{python_pkg_name} on more places to allow easier + multiversioning +- Switch to _multibuild approach for easier maintenance of this + package. All is now in one spec file with 3 conditionals: + * bcond_with base + * bcond_with doc + * bcond_with general + +------------------------------------------------------------------- +Mon Jun 8 14:26:00 UTC 2020 - Matej Cepl + +- add requires python3-base on libpython subpackage (bsc#1167008) + +------------------------------------------------------------------- +Fri Jun 5 06:08:12 UTC 2020 - Dirk Mueller + +- build against Sphinx 2.x until python is compatible with + Sphinx 3.x (see gh#python/cpython#19397, bpo#40204) + +------------------------------------------------------------------- +Fri May 29 19:59:01 UTC 2020 - Andreas Stieger + +- Fix build with SQLite 3.32 (bpo#40783) + add bpo40784-Fix-sqlite3-deterministic-test.patch + +------------------------------------------------------------------- +Sun May 17 15:37:35 UTC 2020 - Callum Farmer + +- Update to version 3.8.3: + - Complete list of changes is available at + https://docs.python.org/release/3.8.3/whatsnew/changelog.html#python-3-8-3-final, + but most of them are just bugfixes. + - Removed patch CVE-2020-8492-urllib-ReDoS.patch: contained in upstream + +------------------------------------------------------------------- +Thu Apr 16 12:06:01 UTC 2020 - Matej Cepl + +- Add #!BuildIgnore: gdk-pixbuf-loader-rsvg to python3 SPEC + +------------------------------------------------------------------- +Thu Mar 26 15:36:55 UTC 2020 - Matej Cepl + +- Add patch bsc1167501-invalid-alignment.patch + (bsc#1167501, bpo#40052) to fix alignment in abstract.h header file. + +------------------------------------------------------------------- +Wed Mar 11 11:09:41 UTC 2020 - Andreas Schwab + +- Update list of skipped tests for qemu linux-user build, test_setegid + (test.test_os.PosixUidGidTests) is confusing it + +------------------------------------------------------------------- +Thu Mar 5 18:40:29 UTC 2020 - Matej Cepl + +- Update to 3.8.2: + - Complete list of changes is available at + https://docs.python.org/release/3.8.2/whatsnew/changelog.html#python-3-8-2-final, + but most of them are just bugfixes. + - Updated patches: + - F00102-lib64.patch + - OBS_dev-shm.patch + - SUSE-FEDORA-multilib.patch + - subprocess-raise-timeout.patch + +------------------------------------------------------------------- +Sun Feb 9 00:14:24 CET 2020 - Matej Cepl + +- Add CVE-2020-8492-urllib-ReDoS.patch fixing the security bug + "Python urrlib allowed an HTTP server to conduct Regular + Expression Denial of Service (ReDoS)" (bsc#1162367) + +------------------------------------------------------------------- +Sat Feb 8 22:21:10 CET 2020 - Matej Cepl + +- Add Requires: libpython%{so_version} == %{version}-%{release} + to python3-base to keep both packages always synchronized + (bsc#1162224). + +------------------------------------------------------------------- +Mon Feb 3 20:27:54 UTC 2020 - Tomáš Chvátal + +- Do not pull in bluez in base again, explain the cycle, + it needs to be solved by bluez maintainer for us by providing + just the headers separately + +------------------------------------------------------------------- +Mon Feb 3 19:54:25 UTC 2020 - Tomáš Chvátal + +- Reame idle icons to idle3 in order to not conflict with python2 + variant of the package + * renamed the icons + * renamed icon load in desktop file + +------------------------------------------------------------------- +Thu Jan 16 09:50:03 UTC 2020 - Tomáš Chvátal + +- Add importlib_resources provide/obsolete as it is integral + part of the lang since 3.7 release + +------------------------------------------------------------------- +Mon Jan 13 11:10:47 UTC 2020 - Martin Liška + +- Add -fno-semantic-interposition as it brings speed up: + https://fedoraproject.org/wiki/Changes/PythonNoSemanticInterpositionSpeedup + +------------------------------------------------------------------- +Thu Dec 19 16:25:26 CET 2019 - Matej Cepl + +- Update to 3.8.1: + - This is mainly bugfix release and no significant changes to + API are expected. The full changelog is available on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-1 + - Remove bpo-38688_shutil.copytree_prevent-infinite-recursion.patch, + which is included in the upstream tarball. + +------------------------------------------------------------------- +Thu Dec 19 14:57:32 CET 2019 - Matej Cepl + +- Add bpo-31046_ensurepip_honours_prefix.patch which makes + ensurepip to honour the value of $(prefix). Proposed fix for + bpo#31046.. + +------------------------------------------------------------------- +Tue Dec 10 11:07:16 UTC 2019 - Tomáš Chvátal + +- Move bluez-devel dependency to base as it is needed for + socket.AF_BLUETOOTH and otherwise does not work + +------------------------------------------------------------------- +Mon Dec 2 16:52:32 CET 2019 - Matej Cepl + +- Reintroduce QtHelp with the help of the new BR + python-sphinxcontrib-qthelp. + +------------------------------------------------------------------- +Mon Oct 21 18:51:00 UTC 2019 - Stefan Brüns + +- Fix SUSE-FEDORA-multilib.patch, the platform agnostic infix for + library installation is "lib", not "dir". + +------------------------------------------------------------------- +Thu Oct 17 14:19:20 UTC 2019 - Stefan Brüns + +- Move idle subpackage build from python3-base to python3. + appstream-glib required for packaging introduces considerable + extra dependencies and a build loop via rust/librsvg. +- Correct installation of idle IDE icons: + + idle.png is not the target directory + + non-GNOME-specific icons belong into icons/hicolor +- Add required Name key to idle3 desktop file + +------------------------------------------------------------------- +Tue Oct 15 16:39:12 CEST 2019 - Matej Cepl + +- Update to the final release 3.8.0. . + - New Features: + - Assignment expressions + - Positional-only parameters + - Parallel filesystem cache for compiled bytecode files + - Debug build uses the same ABI as release build + - f-strings support = for self-documenting expressions and + debugging + - PEP 578: Python Runtime Audit Hooks + - PEP 587: Python Initialization Configuration + - Vectorcall: a fast calling protocol for CPython + - Pickle protocol 5 with out-of-band data buffers + - New modules: + - importlib.metadata + - Improved modules: + - ast asyncio, builtins, collections, curses, ctypes, + datetime, functools, gc, gettext, gzip, idelib and IDLE, + inspect, io, json.tool, math, mmap, multiprocessing, os, + os.path, pathlib, pickle, plistlib, py_compile, shlex, + shutil, socket, ssl, statistics, sys, tarfile, threading, + tokenize, tkinter, time, typing, unicodedata, unittest, + venv, weakref, xml + - C API improvements + - bdist_winnst command has been deprecated (use bdist_wheel) +- https://docs.python.org/3.8/whatsnew/3.8.html remains rest of + changes including documentation on how to port your programs to + the current version of Python. + +------------------------------------------------------------------- +Mon Oct 14 15:02:08 CEST 2019 - Matej Cepl + +- Add idle3.appdata.xml and idle3.desktop (originally from + Fedora) to make Idle3 full GUI desktop application. + (bsc#1153830) + +------------------------------------------------------------------- +Wed Oct 9 19:09:16 UTC 2019 - Michael Gorse + +- Drop intltool from BuildRequires. Doesn't appear to be used. + +------------------------------------------------------------------- +Wed Oct 9 10:37:59 UTC 2019 - Tomáš Chvátal + +- Add folder version to allow tarball downloads even for beta/rc + releases + +------------------------------------------------------------------- +Tue Oct 8 14:53:54 CEST 2019 - Matej Cepl + +- Revert patches from Fedora (F00102-lib64.patch and + F00251-change-user-install-location.patch) into their original + prisitine Fedora versions, SUSE-FEDORA-multilib.patch refreshed + accordingly. + +------------------------------------------------------------------- +Mon Oct 7 14:33:30 UTC 2019 - Matej Cepl + +- Correct quotation of platsubdir in Lib/distutils/command/install.py + +------------------------------------------------------------------- +Thu Oct 3 13:59:57 CEST 2019 - Matej Cepl + +- Replace python-3.6.0-multilib.patch with two patches from + Fedora (F00102-lib64.patch and + F00251-change-user-install-location.patch), and our own + SUSE-FEDORA-multilib.patch to allow better cooperation with + Fedora and better upstreaming. +- Add OBS_dev-shm.patch fixing bpo#38377 + +------------------------------------------------------------------- +Thu Oct 3 08:39:18 UTC 2019 - Tomáš Chvátal + +- Pull in just gettext and let solver to sort out between: + gettext-runtime-mini and gettext-runtime + +------------------------------------------------------------------- +Wed Oct 2 15:00:09 CEST 2019 - Matej Cepl + +- Update to 3.8.0rc1. Overall changes from 3.7: + - PEP 572, Assignment expressions + - PEP 570, Positional-only arguments + - PEP 587, Python Initialization Configuration (improved + embedding) + - PEP 590, Vectorcall: a fast calling protocol for CPython + - PEP 578, Runtime audit hooks + - PEP 574, Pickle protocol 5 with out-of-band data + - Typing-related: PEP 591 (Final qualifier), PEP 586 (Literal + types), and PEP 589 (TypedDict) + - Parallel filesystem cache for compiled bytecode + - Debug builds share ABI as release builds, also the 'm' ABI + tag was removed (irrelevant since 3.4), bpo#36707 + - f-strings support a handy = specifier for debugging + - continue is now legal in finally: blocks + - on Windows, the default asyncio event loop is now + ProactorEventLoop + - on macOS, the spawn start method is now used by default in + multiprocessing + - multiprocessing can now use shared memory segments to avoid + pickling costs between processes + - typed_ast is merged back to CPython + - LOAD_GLOBAL is now 40% faster + - pickle now uses Protocol 4 by default, improving performance +- Refreshed patches: + - CVE-2019-5010-null-defer-x509-cert-DOS.patch + - python-3.3.0b1-fix_date_time_compiler.patch + - python-3.6.0-multilib.patch + - subprocess-raise-timeout.patch + +------------------------------------------------------------------- +Wed Sep 25 09:46:41 UTC 2019 - Bernhard Wiedemann + +- Add bpo36302-sort-module-sources.patch (boo#1041090) + +------------------------------------------------------------------- +Tue Sep 10 13:43:18 UTC 2019 - Tomáš Chvátal + +- Try harder obsoleting importlib-metadata + +------------------------------------------------------------------- +Sat Aug 31 00:16:47 CEST 2019 - Matej Cepl + +- Update to 3.8.0b4: + Many bugfixes, full list on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-0-beta-4 + +------------------------------------------------------------------- +Thu Aug 29 06:28:15 UTC 2019 - Guillaume GARDET + +- Re-enable test_threading on aarch64 + +------------------------------------------------------------------- +Sat Aug 17 13:21:15 UTC 2019 - John Vandenberg + +- Remove xrpm from subpackage tk description + +------------------------------------------------------------------- +Tue Aug 6 14:24:55 CEST 2019 - Matej Cepl + +- Update to 3.8.0b3: + Many bugfixes, full list on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-0-beta-3 +- Patches reapplied: + - python-3.3.0b1-fix_date_time_compiler.patch + - python-3.3.0b1-test-posix_fadvise.patch + - python-3.6.0-multilib.patch + - subprocess-raise-timeout.patch + +------------------------------------------------------------------- +Tue Jul 23 13:20:49 UTC 2019 - Matej Cepl + +- Add Provides: python3-importlib-metadata + +------------------------------------------------------------------- +Sun Jul 7 19:08:48 CEST 2019 - Matej Cepl + +- Update to 3.8.0b2: + Many bugfixes, full list on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-0-beta-2 +- Patches included in upstream: + - bpo-37169_PyObject_IsFreed.patch +- Patches reapplied: + - 00251-change-user-install-location.patch + - distutils-reproducible-compile.patch + - python-3.3.0b1-localpath.patch + - python-3.6.0-multilib.patch + +------------------------------------------------------------------- +Tue Jul 2 09:03:04 UTC 2019 - Andreas Schwab + +- Update list of skipped tests for qemu linux-user build +- Don't do profiling in qemu linux-user build + +------------------------------------------------------------------- +Wed Jun 5 12:19:09 CEST 2019 - Matej Cepl + +- Update to 3.8.0b1 (changes since 3.7.*): + - PEP 572, Assignment expressions + - PEP 570, Positional-only arguments + - PEP 587, Python Initialization Configuration (improved embedding) + - PEP 590, Vectorcall: a fast calling protocol for CPython + - PEP 578, Runtime audit hooks + - PEP 574, Pickle protocol 5 with out-of-band data + - Typing-related: PEP 591 (Final qualifier), PEP 586 (Literal + types), and PEP 589 (TypedDict) + - Parallel filesystem cache for compiled bytecode + - Debug builds share ABI as release builds + - f-strings support a handy = specifier for debugging + - continue is now legal in finally: blocks + - multiprocessing can now use shared memory segments to avoid + pickling costs between processes + - typed_ast is merged back to CPython + - LOAD_GLOBAL is now 40% faster + - pickle now uses Protocol 4 by default, improving performance +- Remove patches which were included in the upstream: + - 00251-change-user-install-location.patch + - 00316-mark-bdist_wininst-unsupported.patch + - CVE-2019-9947-no-ctrl-char-http.patch + - raise_SIGING_not_handled.patch + +------------------------------------------------------------------- +Wed May 22 10:53:03 UTC 2019 - Martin Liška + +- Set _lto_cflags to nil as the package is using LTO via --enable-lto. + That will prevent to propage LTO for Python modules that are + built in a separate package. + +------------------------------------------------------------------- +Sat May 4 21:29:20 CEST 2019 - Matej Cepl + +- Update to 3.8.0.a3: + - PEP 572: Assignment Expressions. + - Other (mostly small) changes are on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-0-alpha-3 + +------------------------------------------------------------------- +Mon Apr 29 15:40:34 CEST 2019 - Matej Cepl + +- bsc#1130840 (CVE-2019-9947): add CVE-2019-9947-no-ctrl-char-http.patch + Address the issue by disallowing URL paths with embedded + whitespace or control characters through into the underlying + http client request. Such potentially malicious header + injection URLs now cause a ValueError to be raised. + +------------------------------------------------------------------- +Wed Apr 10 10:22:58 CEST 2019 - Matej Cepl + +- Fix metadata of patches. +- Rename boo1071941-make-install-in-sep-loc.patch to + 00251-change-user-install-location.patch which is the original + name, so it can be looked up in the Fedora VCS. + +------------------------------------------------------------------- +Tue Apr 9 04:55:24 UTC 2019 - John Vandenberg + +- Mark distutils bdist_wininst command unsupported + with 00316-mark-bdist_wininst-unsupported.patch +- Remove Windows bdist_wininst executables from runtime package + +------------------------------------------------------------------- +Tue Apr 9 01:21:45 CEST 2019 - Matej Cepl + +- Update to 3.7.3, which is the maintenance release without any + significant changes in API. + - Updated patches: + - CVE-2019-5010-null-defer-x509-cert-DOS.patch + - distutils-reproducible-compile.patch + - python-3.3.0b1-fix_date_time_compiler.patch + - python-3.6.0-multilib.patch + - raise_SIGING_not_handled.patch + +------------------------------------------------------------------ +Wed Mar 20 14:59:58 UTC 2019 - Matěj Cepl + +- Remove building of Qt Develop help files. + +------------------------------------------------------------------- +Fri Mar 15 15:10:30 CET 2019 - Matej Cepl + +- Return distutils-reproducible-compile.patch which is still + missing (still unfinished bpo#29708). + +------------------------------------------------------------------- +Mon Feb 25 23:30:56 CET 2019 - Matej Cepl + +- Update to 3.8.0a2: + * List of all (mostly small) changes are on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-0-alpha-2 + +------------------------------------------------------------------- +Tue Feb 12 10:25:52 CET 2019 - Matej Cepl + +- Build nis module again. + +------------------------------------------------------------------- +Tue Feb 12 10:06:17 CET 2019 - Matej Cepl + +- Update to 3.8.0a1: + * The most visible change so far is probably the + implementation of PEP 572: Assignment Expressions. For + a detailed list of changes, see: + https://docs.python.org/3.8/whatsnew/changelog.html + * Recover building of nis module properly in python3 package +- Update patches: + * CVE-2019-5010-null-defer-x509-cert-DOS.patch + * python-3.3.0b1-fix_date_time_compiler.patch + * python-3.3.0b1-test-posix_fadvise.patch + * python-3.6.0-multilib.patch + * raise_SIGING_not_handled.patch + +------------------------------------------------------------------- +Wed Jan 30 18:07:49 CET 2019 - mcepl@suse.com + +- Put LICENSE file where it belongs (bsc#1121852) + +------------------------------------------------------------------- +Sat Jan 19 16:19:38 CET 2019 - mcepl@suse.com + +- bsc#1122191: add CVE-2019-5010-null-defer-x509-cert-DOS.patch + fixing bpo-35746. + An exploitable denial-of-service vulnerability exists in the + X509 certificate parser of Python.org Python 2.7.11 / 3.7.2. + A specially crafted X509 certificate can cause a NULL pointer + dereference, resulting in a denial of service. An attacker can + initiate or accept TLS connections using crafted certificates + to trigger this vulnerability. + +------------------------------------------------------------------- +Tue Jan 8 12:51:01 UTC 2019 - Tomáš Chvátal + +- Do not require full gettext in order to avoid pulling in the + glib2 as a dependency + +------------------------------------------------------------------- +Tue Jan 8 12:25:27 UTC 2019 - Tomáš Chvátal + +- Update to 3.7.2: + * bugfix release: + https://docs.python.org/3.7/whatsnew/changelog.html#changelog + +------------------------------------------------------------------- +Wed Jan 2 12:51:48 CET 2019 - mcepl@suse.com + +- Stop applying python-3.6.0-multilib-new.patch (which is still + WIP), and apply the old proven python-3.6.0-multilib.patch + instead. + +------------------------------------------------------------------- +Wed Dec 19 19:29:44 UTC 2018 - Todd R + +- Use upstream-recommended %{_rpmconfigdir}/macros.d directory + for the rpm macros. + +------------------------------------------------------------------- +Mon Dec 17 17:24:49 CET 2018 - mcepl@suse.com + +- Upgrade to 3.7.2rc1: + * bugfix release, for the full list of all changes see + https://docs.python.org/3.7/whatsnew/changelog.html#changelog +- Make run of the test suite more verbose + +------------------------------------------------------------------- +Tue Dec 11 01:52:45 UTC 2018 - Jan Engelhardt + +- Write summaries without em dashes. + +------------------------------------------------------------------- +Mon Dec 3 13:27:54 UTC 2018 - Matěj Cepl + +- Remove python-3.3.0b1-curses-panel.patch it is unnecessary anymore. +- Add boo1071941-make-install-in-sep-loc.patch to make pip and + distutils in user environment install into separate location + (boo#1071941) + + Set values of prefix and exec_prefix in distutils install + command to /usr/local if executable is /usr/bin/python* and RPM + build is not detected to make pip and distutils install into + separate location +- Remove finally python-3.3.3-skip-distutils-test_sysconfig_module.patch +- Remove distutils-reproducible-compile.patch which doesn't make + really much difference in reproducibility (see + gh#python/cpython#8057 and discussion there). + +------------------------------------------------------------------- +Sat Dec 1 00:14:28 CET 2018 - mcepl@suse.com + +- Rename Stop_hash-based_invalidation_w_SOURCE_DATE_EPOCH.patch + to bpo34022-stop_hash-based_invalidation_w_SOURCE_DATE_EPOCH.patch + +------------------------------------------------------------------- +Wed Nov 7 12:10:41 CET 2018 - mcepl@suse.com + +- Add dependency on bluez-devel to build support for Bluetooth + (boo#1109998) + +------------------------------------------------------------------- +Tue Nov 6 13:52:45 CET 2018 - mcepl@suse.com + +- Add devhelp subpackage and split qthelp into another + subpackage. + +------------------------------------------------------------------- +Wed Oct 24 12:38:00 UTC 2018 - Matěj Cepl + +- Remove python-3.0b1-record-rpm.patch and + Python-3.0b1-record-rpm.patch, as they are not needed anymore + +------------------------------------------------------------------- +Tue Oct 23 14:14:16 UTC 2018 - Matej Cepl + +- Switch off test_threading for optimization builds. + +------------------------------------------------------------------- +Mon Oct 22 14:41:59 CEST 2018 - mcepl@suse.com + +- Update to python-3.7.1. This is just a brief overview, complete + changelog available at + https://docs.python.org/3.7/whatsnew/changelog.html#python-3-7-1-final: + Library + bpo-34970: Protect tasks weak set manipulation in asyncio.all_tasks() +- Patches already accepted upstream are removed: + * 00307-allow-to-call-Py_Main-after-Py_Initialize.patch + * 00308-tls-1.3.patch +- New patches added: + * Stop_hash-based_invalidation_w_SOURCE_DATE_EPOCH.patch + * raise_SIGING_not_handled.patch +- All other patches refreshed via quilt. + +------------------------------------------------------------------- +Mon Oct 22 12:22:19 UTC 2018 - Matej Cepl + +- Add raise_SIGING_not_handled.patch to fix bsc#1094814 + +------------------------------------------------------------------- +Wed Oct 17 14:04:35 UTC 2018 - Tomáš Chvátal + +- Add patch to fix importlib return types: + * python3-imp-returntype.patch + +------------------------------------------------------------------- +Mon Oct 15 13:46:32 CEST 2018 - mcepl@suse.com + +- bpo-34022 still not completely fixed, so we have to keep + excluding test_cmd_line_script, + test_multiprocessing_main_handling, and test_runpy from the + test suite. + +------------------------------------------------------------------- +Sun Oct 14 15:57:24 UTC 2018 - Matej Cepl + +- Update to python 3.7.1~rc2: + Core and Builtins + bpo-34879: Fix a possible null pointer dereference in + bytesobject.c. Patch by Zackery Spytz. + bpo-34854: Fixed a crash in compiling string annotations + containing a lambda with a keyword-only argument that + doesn’t have a default value. + bpo-34320: Fix dict(od) didn’t copy iteration order of + OrderedDict. + Library + bpo-34769: Fix for async generators not finalizing when event + loop is in debug mode and garbage collector runs in another + thread. + bpo-34922: Fixed integer overflow in the digest() and + hexdigest() methods for the SHAKE algorithm in the hashlib + module. + bpo-34900: Fixed unittest.TestCase.debug() when used to call + test methods with subtests. Patch by Bruno Oliveira. + bpo-34871: Fix inspect module polluted sys.modules when parsing + __text_signature__ of callable. + bpo-34872: Fix self-cancellation in C implementation of + asyncio.Task + bpo-34819: Use a monotonic clock to compute timeouts in + Executor.map() and as_completed(), in order to prevent + timeouts from deviating when the system clock is adjusted. + bpo-34334: In QueueHandler, clear exc_text from LogRecord to + prevent traceback from being written twice. + bpo-6721: Acquire the logging module’s commonly used internal + locks while fork()ing to avoid deadlocks in the child + process. + bpo-34172: Fix a reference issue inside multiprocessing.Pool + that caused the pool to remain alive if it was deleted + without being closed or terminated explicitly. + Documentation + bpo-32174: chm document displays non-ASCII charaters properly on + some MBCS Windows systems. + Tests + bpo-32962: Fixed test_gdb when Python is compiled with flags + -mcet -fcf-protection -O0. + C API + bpo-34910: Ensure that PyObject_Print() always returns -1 on + error. Patch by Zackery Spytz. + +------------------------------------------------------------------- +Fri Oct 12 20:46:58 CEST 2018 - mcepl@suse.com + +- Add Stop_hash-based_invalidation_w_SOURCE_DATE_EPOCH.patch to + fix problems with SOURCE_DATE_EPOCH variable (bpo-34022) + +------------------------------------------------------------------- +Mon Sep 17 09:44:02 UTC 2018 - Tomáš Chvátal + +- Add patch to fix build with tls1.3 supported openssl + * 00308-tls-1.3.patch +- Add patch to fix Py_Main calls after Py_initialize + * 00307-allow-to-call-Py_Main-after-Py_Initialize.patch + +------------------------------------------------------------------- +Mon Sep 3 15:22:42 UTC 2018 - Matěj Cepl + +- Add -fwrapv to OPTS, which is default for python3 anyway + See for example https://github.com/zopefoundation/persistent/issues/86 + for bugs which are caused by avoiding it. + +------------------------------------------------------------------- +Tue Jul 10 11:12:32 UTC 2018 - mcepl@suse.com + +- Fix ownership of _contextvars, _queue, and _xxtestfuzz + +------------------------------------------------------------------- +Tue Jul 3 15:04:48 UTC 2018 - mcepl@suse.com + +- Switch off LTO for distros with older GCC +- Fix %files + +------------------------------------------------------------------- +Fri Jun 29 14:20:03 UTC 2018 - tchvatal@suse.com + +- Add dependency over libuuid-devel + +------------------------------------------------------------------- +Thu Jun 28 10:42:15 UTC 2018 - mimi.vx@gmail.com + +- update to python 3.7.0 + Complete overview of changes is available on + https://docs.python.org/3/whatsnew/3.7.html, these are just + highlights: + * PEP 563, postponed evaluation of type annotations. + * async and await are now reserved keywords. + * New library modules: + contextvars: PEP 567 – Context Variables + dataclasses: PEP 557 – Data Classes + importlib.resources + * New built-in features: + PEP 553, the new breakpoint() function. + * Python data model improvements: + PEP 562, customization of access to module attributes. + PEP 560, core support for typing module and generic types. + the insertion-order preservation nature of dict objects + has been declared to be an official part of the Python + language spec. + * Significant improvements in the standard library: + The asyncio module has received new features, significant + usability and performance improvements. + The time module gained support for functions with + nanosecond resolution. + * CPython implementation improvements: + Avoiding the use of ASCII as a default text encoding: + PEP 538, legacy C locale coercion + PEP 540, forced UTF-8 runtime mode + PEP 552, deterministic .pycs + the new development runtime mode + PEP 565, improved DeprecationWarning handling + * C API improvements: + PEP 539, new C API for thread-local storage + * Documentation improvements: + PEP 545, Python documentation translations + New documentation translations: Japanese, French, and Korean. +- drop python3-sorted_tar.patch +- drop 0001-allow-for-reproducible-builds-of-python-packages.patch +- refresh python-3.6.0-multilib-new.patch +- refresh subprocess-raise-timeout.patch + * new C API for thread-local storage + * Deterministic pyc files + * Built-in breakpoint() + * Data Classes + * Core support for typing module and generic types + * Customization of access to module attributes + * Postponed evaluation of annotations + * Time functions with nanosecond resolution + * Improved DeprecationWarning handling + * Context Variables + * Avoiding the use of ASCII as a default text encoding + (PEP 538, legacy C locale coercion and PEP 540, forced UTF-8 runtime mode) + * The insertion-order preservation nature of dict objects is now + an official part of the Python language spec. + * Notable performance improvements in many areas. + +------------------------------------------------------------------- +Thu May 17 18:26:42 UTC 2018 - hpj@urpla.net + +- disable lto with gcc versions below 7 (results in link failures) + +------------------------------------------------------------------- +Mon Apr 30 15:23:24 UTC 2018 - jengelh@inai.de + +- Use faster find subcommand execution strategies. + +------------------------------------------------------------------- +Fri Apr 20 16:17:29 UTC 2018 - tchvatal@suse.com + +- Do not mention the testsuite disabling in opts as it was moved to + main pkg so base is test-free + +------------------------------------------------------------------- +Tue Apr 17 08:36:08 UTC 2018 - tchvatal@suse.com + +- As we run in main python package do not generate the pre_checkin + from both now + +------------------------------------------------------------------- +Mon Apr 16 14:11:56 UTC 2018 - tchvatal@suse.com + +- Move the tests from base to generic package wrt bsc#1088573 + * We still fail the whole distro if python3 is not build + * The other archs than x86_64 took couple of hours to unblock + build of other software, this way we work around the issue +- Some tests are still run in -base for the LTO tweaking, but at + least it is not run twice + +------------------------------------------------------------------- +Sat Mar 31 19:41:12 UTC 2018 - mimi.vx@gmail.com + +- update to 3.6.5 + * bugfix release + * see Misc/NEWS for details +- drop ctypes-pass-by-value.patch +- drop fix-localeconv-encoding-for-LC_NUMERIC.patch +- refresh python-3.6.0-multilib-new.patch + +------------------------------------------------------------------ +Wed Mar 7 09:16:39 UTC 2018 - adam@mizerski.pl + +- Created %so_major and %so_minor macros +- Put Tools/gdb/libpython.py script into proper place and ship it with devel + subpackage. + +------------------------------------------------------------------- +Tue Feb 20 15:04:56 UTC 2018 - schwab@suse.de + +- ctypes-pass-by-value.patch: Fix pass by value for structs on aarch64 + +------------------------------------------------------------------- +Tue Feb 20 14:28:00 UTC 2018 - bwiedemann@suse.com + +- Add python3-sorted_tar.patch (boo#1081750) + +------------------------------------------------------------------- +Tue Feb 20 14:08:57 UTC 2018 - tchvatal@suse.com + +- Drop python3-tk and python3-idle recommends to reduce python3 + always pulling X stack bsc#1081751 + +------------------------------------------------------------------- +Wed Feb 7 09:10:03 UTC 2018 - tchvatal@suse.com + +- Add patch to fix glibc 2.27 fail bsc#1079761: + * fix-localeconv-encoding-for-LC_NUMERIC.patch + +------------------------------------------------------------------- +Mon Feb 5 17:14:43 UTC 2018 - normand@linux.vnet.ibm.com + +- Update skip_random_failing_tests.patch (for PowerPC) + to avoid test_call_later failure + +------------------------------------------------------------------- +Wed Jan 24 14:35:58 UTC 2018 - jmatejek@suse.com + +- move XML modules and python3-xml provide to python3-base + (fixes bsc#1077230) +- move ensurepip to base + +------------------------------------------------------------------- +Thu Jan 18 12:31:47 UTC 2018 - normand@linux.vnet.ibm.com + +- Add skip_random_failing_tests.patch only for PowerPC + +------------------------------------------------------------------- +Wed Jan 3 12:18:51 UTC 2018 - jmatejek@suse.com + +- update to 3.6.4 + * bugfix release, over a hundred bugs fixed + * see Misc/NEWS for details +- drop upstreamed python3-ncurses-6.0-accessors.patch +- drop PYTHONSTARTUP hooks that cause spurious startup errors + * fixes bsc#1070738 + * the relevant feature (REPL history) is now built into Python itself + +------------------------------------------------------------------- +Sat Dec 2 11:11:46 UTC 2017 - dimstar@opensuse.org + +- Install 2to3-%{python_version} executable (override defattr of + the -tools package). 2to3 (unversioned) is a symlink and does not + carry permissions (bsc#1070853). + +------------------------------------------------------------------- +Thu Nov 16 11:02:18 UTC 2017 - mimi.vx@gmail.com + +- move 2to3 to python3-tools package + +------------------------------------------------------------------- +Wed Oct 11 13:15:23 UTC 2017 - jmatejek@suse.com + +- update to 3.6.3 + * bugfix release, over a hundred bugs fixed + * see Misc/NEWS for details +- drop upstreamed 0001-3.6-bpo-30714-ALPN-changes-for-OpenSSL-1.1.0f-3093.patch + +------------------------------------------------------------------- +Wed Sep 20 09:54:05 UTC 2017 - dmueller@suse.com + +- drop python-2.7-libffi-aarch64.patch: this patches the intree + copy of libffi which is unused/deleted in the line afterwards +- fix build against system libffi: include flags weren't set + so it actually used the in-tree libffi headers. + +------------------------------------------------------------------- +Thu Sep 14 13:23:10 UTC 2017 - vcizek@suse.com + +- Fix test broken with OpenSSL 1.1 (bsc#1042670) + * add 0001-3.6-bpo-30714-ALPN-changes-for-OpenSSL-1.1.0f-3093.patch + +------------------------------------------------------------------- +Tue Sep 5 11:47:05 UTC 2017 - jengelh@inai.de + +- Update RPM group for python documentation. + +------------------------------------------------------------------- +Thu Aug 31 08:39:31 UTC 2017 - schwab@suse.de + +- fix missing %{?armsuffix} + +------------------------------------------------------------------- +Wed Aug 30 13:41:38 UTC 2017 - jmatejek@suse.com + +- distutils-reproducible-compile.patch: ensure distutils order files + before compiling, which works around bsc#1049186 + +------------------------------------------------------------------- +Thu Aug 17 08:59:05 CEST 2017 - kukuk@suse.de + +- Add libnsl-devel build requires for glibc obsoleting libnsl + +------------------------------------------------------------------- +Thu Aug 3 16:09:26 UTC 2017 - jmatejek@suse.com + +- update to 3.6.2 + * bugfix release, over a hundred bugs fixed + * see Misc/NEWS for details +- drop upstreamed test-socket-aead-kernel49.patch +- add Provides: python3-typing (fixes bsc#1050653) +- drop duplicate Provides: python3 + +------------------------------------------------------------------- +Mon Jun 26 12:10:07 UTC 2017 - jmatejek@suse.com + +- drop db-devel from requirements + +------------------------------------------------------------------- +Tue Jun 20 09:26:52 UTC 2017 - asn@cryptomilk.org + +- Add missing link to python library in config dir (bsc#1040164) + +------------------------------------------------------------------- +Thu Mar 23 12:42:59 UTC 2017 - jmatejek@suse.com + +- update to 3.6.1 + * bugfix release, over a hundred bugs fixed + * never add import location's parent directory to sys.path + * switch to git for version control, build changes related to that + * fix "failed to get random numbers" on old kernels (bsc#1029902) + * several crashes and memory leaks corrected + * f-string are no longer accepted as docstrings + +------------------------------------------------------------------- +Mon Mar 13 14:04:22 UTC 2017 - jmatejek@suse.com + +- prevent regenerating AST at build-time more robustly +- add "--without profileopt" and "--without testsuite" options to python3-base + to allow short circuiting when working on the package + +------------------------------------------------------------------- +Sat Feb 25 20:55:57 UTC 2017 - bwiedemann@suse.com + +- Add 0001-allow-for-reproducible-builds-of-python-packages.patch + upstream https://github.com/python/cpython/pull/296 + +------------------------------------------------------------------- +Wed Feb 8 12:30:20 UTC 2017 - jmatejek@suse.com + +- reenable test_socket with AEAD patch (test-socket-aead-kernel49.patch) +- reintroduce %py3_soflags macro (and better named %cpython3_soabi equivalent) + +------------------------------------------------------------------- +Wed Jan 11 14:57:07 UTC 2017 - jmatejek@suse.com + +- update to 3.6.0 + * PEP 498 Formated string literals + * PEP 515 Underscores in numeric literals + * PEP 526 Syntax for variable annotations + * PEP 525 Asynchronous generators + * PEP 530 Asynchronous comprehensions + * PEP 506 New "secrets" module for safe key generation + * less memory consumed by dicts + * dtrace and systemtap support + * improved asyncio module + * better defaults for ssl + * new hashing algorithms in hashlib + * bytecode format changed to allow more optimizations + * "async" and "await" are on track to be reserved words + * StopIteration from generators is deprecated + * support for openssl < 1.0.2 is deprecated + * os.urandom now blocks when getrandom() blocks + * huge number of new features, bugfixes and optimizations + * see https://docs.python.org/3.6/whatsnew/3.6.html for details +- rework multilib patch: drop Python-3.5.0-multilib.patch, implement + upstreamable python-3.6.0-multilib-new.patch +- refresh python-3.3.0b1-localpath.patch, subprocess-raise-timeout.patch +- drop upstreamed Python-3.5.1-fix_lru_cache_copying.patch +- finally drop python-2.6b1-canonicalize2.patch that was not applied in source + and only kept around in case we needed it in the future. (which we don't, as it seems) +- update import_failed map and baselibs +- build ctypes against system libffi + (buildrequire libffi-devel in python3-base) +- add new key to keyring (signed by keys already in keyring) +- introduced common configure section between python3 and python3-base +- moved pyconfig.h and Makefile to devel subpackage as distutils no longer + need it at runtime +- added python-rpm-macros dependency, regenerated macros file, drop macros.python3.py + because it is not used now +- improve summaries and descriptions (fixes bsc#917607) +- enabled Link-Time Optimization, see what happens +- including skipped_tests.py in pre_checkin.sh run +- run specs through spec-cleaner, rearrange sections + +------------------------------------------------------------------- +Fri Apr 22 17:20:29 UTC 2016 - jmatejek@suse.com + +- move _hashlib and _ssl modules and tests to python3-base +- recommend python3 + +------------------------------------------------------------------- +Tue Mar 15 15:05:23 UTC 2016 - schwab@suse.de + +- Skip test_asyncio under qemu_user_space_build + +------------------------------------------------------------------- +Mon Mar 7 20:38:11 UTC 2016 - toddrme2178@gmail.com + +- Add Python-3.5.1-fix_lru_cache_copying.patch + Fix copying the lru_cache() wrapper object. + Fixes deep-copying lru_cache regression, which worked on + previous versions of python but fails on python 3.5. + This fixes a bunch of packages in devel:languages:python3. + See: https://bugs.python.org/issue25447 + +------------------------------------------------------------------- +Sun Jan 24 00:44:08 UTC 2016 - arichardson.kde@gmail.com + +- Build the docs in .qch format as well + +------------------------------------------------------------------- +Wed Dec 9 07:35:20 UTC 2015 - toddrme2178@gmail.com + +- update to 3.5.1 + * bugfix-only release, dozens of bugs fixed +- Drop upstreamed Python-3.5.0-_Py_atomic_xxx-symbols.patch +- "Python3" to "Python 3" in summary + * This seems cleaner and fixes and rpmlint warning + +------------------------------------------------------------------- +Wed Oct 14 20:21:52 UTC 2015 - toddrme2178@gmail.com + +- Add Python-3.5.0-_Py_atomic_xxx-symbols.patch + This fixes a build error for many packages that use the Python, + C-API. + This patch is already accepted upstream and is slated to appear in + python 3.5.1. + +------------------------------------------------------------------- +Tue Sep 29 15:53:24 UTC 2015 - jmatejek@suse.com + +- update to 3.5.0 + * coroutines with async/await syntax + * matrix multiplication operator `@` + * unpacking generalizations + * new modules `typing` and `zipapp` + * type annotations + * .pyo files replaced by custom suffixes for optimization levels in __pycache__ + * support for memory BIO in ssl module + * performance improvements in several modules + * and many more +- removals and behavior changes + * deprecated `__version__` is removed + * support for .pyo files was removed + * system calls are auto-retried on EINTR + * bare generator expressions in function calls now cause SyntaxError + (change "f(x for x in i)" to "f((x for x in i))" to fix) + * removed undocumented `format` member of private `PyMemoryViewObject` struct + * renamed `PyMemAllocator` to `PyMemAllocatorEx` +- redefine %dynlib macro to reflect that modules now have arch+os as part of name +- module `time` is now built-in +- dropped upstreamed patches: + python-3.4.1-fix-faulthandler.patch + python-3.4.3-test-conditional-ssl.patch + python-fix-short-dh.patch (also dropped dh2048.pem required for this patch) +- updated patch Python-3.3.0b2-multilib.patch to Python-3.5.0-multilib.patch +- python-ncurses-6.0-accessors.patch taken from python 2 to fix build failure + with new gcc + ncurses + +------------------------------------------------------------------- +Wed Sep 9 11:51:22 UTC 2015 - dimstar@opensuse.org + +- Add python3-ncurses-6.0-accessors.patch: Fix build with + NCurses 6.0 and OPAQUE_WINDOW set to 1. + +------------------------------------------------------------------- +Mon Aug 24 17:02:08 UTC 2015 - jmatejek@suse.com + +- improve import_failed hook to do the right thing when invoking + missing modules with "python3 -m modulename" (boo#942751) + +------------------------------------------------------------------- +Thu Jul 23 22:08:10 UTC 2015 - fisiu@opensuse.org + +- Build with --enable-loadable-sqlite-extensions to make it works + as geospatial database. + +------------------------------------------------------------------- +Wed Jul 1 07:07:26 UTC 2015 - dimstar@opensuse.org + +- Fix source list for previous change (add dh2048.pem). + +------------------------------------------------------------------- +Wed Jun 24 06:54:30 UTC 2015 - meissner@suse.com + +- dh2048.pem: added generated 2048 dh parameter set to fix + ssl test (bsc#935856) +- python-fix-short-dh.patch: replace the 512 bits dh parameter set + by 2048 bits to fix build with new openssl 1.0.2c (bsc#935856) + +------------------------------------------------------------------- +Tue May 19 14:59:30 UTC 2015 - schwab@suse.de + +- ctypes-libffi-aarch64.patch: remove upstreamed patch +- python-2.7-libffi-aarch64.patch: Fix argument passing in libffi for + aarch64 + +------------------------------------------------------------------- +Thu May 14 10:58:36 UTC 2015 - jmatejek@suse.com + +- drop the PDF subpackage + (removes the massive texlive dependency, and most likely nobody is + using the PDFs anyway) + +------------------------------------------------------------------- +Thu May 14 09:53:29 UTC 2015 - jmatejek@suse.com + +- python-3.4.3-test-conditional-ssl.patch - restore tests failing because + test_urllib was unconditionally importing ssl (without really needing it) +- restore functionality of multilib patch +- drop libffi-ppc64le.diff because upstream completely changed everything + yet again (sorry ppc64 folks :| ) + + +------------------------------------------------------------------- +Fri May 1 15:11:21 UTC 2015 - mailaender@opensuse.org + +- Update to version 3.4.3 +- Drop upstreamed CVE-2014-4650-CGIHTTPServer-traversal.patch + (bpo#21766) + +------------------------------------------------------------------- +Wed Mar 25 10:57:28 UTC 2015 - rguenther@suse.com + +- Add python-3.4.1-fix-faulthandler.patch, upstream patch for bogus + faulthandler which fails with GCC 5. + +------------------------------------------------------------------- +Sun Jan 11 13:01:30 UTC 2015 - p.drouand@gmail.com + +- asyncio has been merged in python3 main package; provide and + obsolete it +- Remove obsolete AUTHORS section +- Remove redundant %clean section + +------------------------------------------------------------------- +Sat Oct 18 20:14:54 UTC 2014 - crrodriguez@opensuse.org + +- Only pkgconfig(x11) is required for build, not the whole + set of packages provided by xorg-x11-devel metapackage. + +------------------------------------------------------------------- +Mon Oct 13 13:38:20 UTC 2014 - jmatejek@suse.com + +- add %python3_version rpm macro for Fedora compatibility +- add missing argument in import_failed, rename Novell Bugzilla + to SUSE Bugzilla + +------------------------------------------------------------------- +Thu Jul 31 17:24:59 UTC 2014 - dimstar@opensuse.org + +- Rename rpmlintrc to %{name}-rpmlintrc. + Follow the packaging guidelines. + +------------------------------------------------------------------- +Wed Jul 23 16:31:02 UTC 2014 - jmatejek@suse.com + +- CVE-2014-4650-CGIHTTPServer-traversal.patch: CGIHTTPServer file + disclosure and directory traversal through URL-encoded characters + (CVE-2014-4650, bnc#885882) + +------------------------------------------------------------------- +Tue Jul 22 13:55:57 UTC 2014 - jmatejek@suse.com + +- drop python-3.4.1-SUSE-ensurepip.patch for compatibility reasons, + reinstate bundled copies of pip and setuptools + (fixes bnc#885662) +- add more files as sources to silence the validator + +------------------------------------------------------------------- +Wed May 21 11:01:56 UTC 2014 - jmatejek@suse.com + +- update to 3.4.1 + * bugfix-only release, over 300 bugs fixed +- drop upstreamed python-3.4.0rc2-sqlite-3.8.4-tests.patch +- drop upstreamed CVE-2014-2667-mkdir.patch +- include Python release manager keyring and signature file + for the source archive (thus renumbering of source files) + (see https://www.python.org/download/#openpgp-public-keys ) +- move ensurepip to python3, because it transitively requires ssl + +------------------------------------------------------------------- +Fri Apr 4 16:21:40 UTC 2014 - jmatejek@suse.com + +- CVE-2014-2667-mkdir.patch: race condition with reseting umask + in os.makedirs + (CVE-2014-2667, bnc#871152) +- updated multilib patch to include ~/.local/lib64 (bnc#637176) + +------------------------------------------------------------------- +Wed Mar 26 15:24:46 UTC 2014 - jmatejek@suse.com + +- raise timeout value for test_subprocess to 10s (might fix + intermittent build failures in OBS) + +------------------------------------------------------------------- +Mon Mar 24 17:29:31 UTC 2014 - dmueller@suse.com + +- remove blacklisting of test_posix on aarch64: qemu bug is fixed + +------------------------------------------------------------------- +Mon Mar 17 18:26:58 UTC 2014 - jmatejek@suse.com + +- update to 3.4.0 final +- drop upstreamed python-3.4rc2-importlib.patch + +------------------------------------------------------------------- +Sun Mar 16 16:33:25 UTC 2014 - schwab@suse.de + +- Only build with profile-opt if profiling is enabled +- Update test exclusion lists: + * test_ctypes no longer fails on arm + * test_io no longer fails on ppc* + * test_multiprocessing has been split in multiple tests + * test_posix and test_signal fail due to qemu bugs + +------------------------------------------------------------------- +Fri Mar 14 20:26:03 UTC 2014 - andreas.stieger@gmx.de + +- Fix build with SQLite 3.8.4 [bnc#867887], fixing SQLite tests, + adding python-2.7.6-sqlite-3.8.4-tests.patch + +------------------------------------------------------------------- +Thu Feb 27 14:08:40 UTC 2014 - jmatejek@suse.com + +- update to 3.4.0 rc2 + * pre-release bugfixes + * improvements to asyncio library +- drop upstreamed tracemalloc_gcov.patch +- python-3.4rc2-importlib.patch fixes backwards-incompatibility + in the reworked importlib module that blocks build of vim + +------------------------------------------------------------------- +Fri Jan 17 18:45:27 UTC 2014 - jmatejek@suse.com + +- initial commit of 3.4.0 beta 3 + * new stdlib modules: pathlib, enum, statistics, tracemalloc + * asynchronous IO with new asyncio module + * introspection data for builtins + * subprocesses no longer inherit open file descriptors + * standardized metadata for packages + * internal hashing changed to SipHash + * new pickle protocol + * improved handling of codecs + * TLS 1.2 support + * major speed improvements for internal unicode handling + * many bugfixes and optimizations +- see porting guide at: + http://docs.python.org/3.4/whatsnew/3.4.html#porting-to-python-3-4 +- moved several modules to -testsuite subpackage +- updated list of binary extensions, refreshed patches +- tracemalloc_gcov.patch fixes profile-based optimization build +- updated packages and pre_checkin.sh to use ~-version notation + for prereleases +- fix-shebangs part of build process moved to common %prep +- drop python-3.3.2-no-REUSEPORT.patch (upstreamed) +- update baselibs for new soname + +- TODOs: + * require python-pip, make ensurepip work with zypper + +------------------------------------------------------------------- +Wed Dec 4 13:21:26 UTC 2013 - matz@suse.de + +- add ppc64le (ELFv2) support for libffi copy for ctypes module +- Adjust Python-3.3.0b2-multilib.patch for ppc64le (make sys.lib be + "lib64"). +- added patches: + * libffi-ppc64le.diff +------------------------------------------------------------------- +Tue Dec 3 09:51:43 UTC 2013 - adrian@suse.de + +- add ppc64le rules + +------------------------------------------------------------------- +Fri Nov 22 13:17:23 UTC 2013 - speilicke@suse.com + +- Add python-3.3.3-skip-distutils-test_sysconfig_module.patch: + + Disable global and distutils sysconfig comparison test, we deviate + from the default depending on optflags + +------------------------------------------------------------------- +Tue Nov 19 14:28:41 UTC 2013 - jmatejek@suse.com + +- update to 3.3.3 + * bugfix-only release + * many SSL-related fixes + * upstream fix for CVE-2013-4238 + * upstream fixes for CVE-2013-1752 +- move example module xxlimited to python3-testsuite +- drop CVE-2013-4238_py33.patch - it is upstreamed +- remove --with-wide-unicode config option, it is now the default + (and only) choice +- don't touch anything between make and makeinstall +- drop python-3.2b2-buildtime-generate.patch - the issue was caused + by touching things between make and makeinstall +- link pycache entries for import_failed hooks properly + +------------------------------------------------------------------- +Tue Oct 15 17:44:08 UTC 2013 - crrodriguez@opensuse.org + +- build with -DOPENSSL_LOAD_CONF for the same reasons + described in the python2 package. + +------------------------------------------------------------------- +Fri Aug 16 11:35:15 UTC 2013 - jmatejek@suse.com + +- handle NULL bytes in certain fields of SSL certificates + (CVE-2013-4238, bnc#834601) + +------------------------------------------------------------------- +Thu Aug 8 14:54:49 UTC 2013 - dvaleev@suse.com + +- Exclue test_faulthandler from tests on powerpc due to bnc#831629 + +------------------------------------------------------------------- +Thu Jun 13 15:05:34 UTC 2013 - jmatejek@suse.com + +- update to 3.3.2 + * bugfix-only release + * fixes several regressions introduced in 3.3.1 +- switch to xz compression +- move _lzma module to python3-base +- python-3.3.2-no-REUSEPORT.patch to fix build on kernels without SO_REUSEPORT + +------------------------------------------------------------------- +Mon Apr 29 22:32:43 UTC 2013 - schwab@suse.de + +- Readd missing bits from ctypes-libffi-aarch64.patch + +------------------------------------------------------------------- +Sat Apr 13 07:56:51 UTC 2013 - idonmez@suse.com + +- Update to version 3.3.1 + * Fix the –enable-profiling configure switch. + * In IDLE, close the replace dialog after it is used. +- Too many bugfixes to list here, + see See http://hg.python.org/cpython/file/v3.3.0/Misc/NEWS +- Refresh Python-3.3.0b2-multilib.patch +- Refresh python-3.2b2-buildtime-generate.patch +- Drop upstream patches: ctypes-libffi-aarch64.patch, + python-3.2.3rc2-pypirc-secure.patch, python-3.3.0-getdents64.patch + +------------------------------------------------------------------- +Mon Apr 8 11:25:30 UTC 2013 - speilicke@suse.com + +- Exclude sqlite/test and tk/test directories from the respective + sub-packages. These are owned by the testsuite sub-package already + +------------------------------------------------------------------- +Fri Apr 5 12:59:20 UTC 2013 - idonmez@suse.com + +- Add Source URL, see https://en.opensuse.org/title=SourceUrls + +------------------------------------------------------------------- +Wed Apr 3 15:36:04 UTC 2013 - jmatejek@suse.com + +- remove spurious modification of python-3.3.0b1-localpath.patch + that would force installation into /usr/local. + this fixes bnc#809831 + +------------------------------------------------------------------- +Thu Mar 28 18:38:51 UTC 2013 - jmatejek@suse.com + +- replace broken movetogetdents64.diff patch with a correct one + from upstream repo (python-3.3.0-getdents64.patch) + +------------------------------------------------------------------- +Fri Mar 1 07:42:21 UTC 2013 - dmueller@suse.com + +- add ctypes-libffi-aarch64.patch: + * import aarch64 support for libffi in _ctypes module +- add aarch64 to the list of lib64 based archs +- add movetogetdents64.diff: + * port to getdents64, as SYS_getdents is not implemented everywhere + +------------------------------------------------------------------- +Tue Feb 26 08:57:55 UTC 2013 - saschpe@suse.de + +- /etc/rpm/macros.python3 is no %config, it is not meant to be changed + by users. +- Add rpmlintrc with some obvious filters + +------------------------------------------------------------------- +Mon Jan 28 18:14:39 UTC 2013 - jmatejek@suse.com + +- update baselibs for new version of libpython3 + +------------------------------------------------------------------- +Thu Nov 29 17:02:37 UTC 2012 - jmatejek@suse.com + +- fix include path in macros (bnc#787526) +- implement failed import handlers for modules that live in + subpackages - e.g. "import ssl" will now throw a sensible error + message telling you to install "python3" + +------------------------------------------------------------------- +Wed Nov 28 17:02:07 UTC 2012 - jmatejek@suse.com + +- merge python3-xml into python3 +- merge python3-2to3 library into python3-base + and the 2to3 binary into python3-devel + (python3-devel is now in conflict with python-2to3, which + will be dropped) +- enable --with-system-expat for python3, making the xml modules + (and thus python3) depend on expat +- reconfigure tests to disable network and GUI resources, which + the upstream apparently thought is a good idea to enable by default. + this fixes build failures in Factory +- add lzma-devel to build the _lzma module +- moved %dynlib macro definition to common section + +------------------------------------------------------------------- +Mon Nov 5 20:01:46 UTC 2012 - coolo@suse.com + +- buildrequire timezone for the test suite + +------------------------------------------------------------------- +Mon Oct 29 18:21:45 UTC 2012 - dmueller@suse.com + +- disable more checks for qemu builds as they use syscalls not + implemented yet + +------------------------------------------------------------------- +Thu Oct 25 08:14:36 UTC 2012 - Rene.vanPaassen@gmail.com + +- exclude test_math for SLE 11; math library fails on negative + gamma function values close to integers and 0, probably + due to imprecision in -lm on SLE_11_SP2. + +------------------------------------------------------------------- +Tue Oct 16 12:15:34 UTC 2012 - coolo@suse.com + +- buildrequire libbz2-devel explicitly + +------------------------------------------------------------------- +Mon Oct 8 14:33:08 UTC 2012 - jmatejek@suse.com + +- remove distutils.cfg (bnc#658604) + * this changes default prefix for distutils to /usr + * see ML for details: +http://lists.opensuse.org/opensuse-packaging/2012-09/msg00254.html + +------------------------------------------------------------------- +Mon Oct 1 08:53:03 UTC 2012 - idonmez@suse.com + +- Update to final 3.3.0 release + * See http://hg.python.org/cpython/file/v3.3.0/Misc/NEWS + +------------------------------------------------------------------- +Thu Sep 27 12:35:01 UTC 2012 - idonmez@suse.com + +- Correct dependency for python3-testsuite, + python3-tkinter -> python3-tk + +------------------------------------------------------------------- +Thu Aug 23 13:08:11 UTC 2012 - jmatejek@suse.com + +- update to 3.3.0 RC1 + +------------------------------------------------------------------- +Fri Aug 3 12:09:34 UTC 2012 - jmatejek@suse.com + +- update to 3.3.0 beta 1 + * flexible string representation, no longer distinguishing + between wide and narrow Unicode builds + * importlib-based import system + * virtualenv support in core + * namespace packages + * explicit Unicode literals for easier porting + * key-sharing dict implementation reduces memory footprint + of OO code + * hash randomization on by default + * many other new bugfixes and features, check NEWS for details + +- pre_checkin.sh now autofills various version strings in specs +- ship hashlib's fallback modules - those uselessly take up space + when real _hashlib.so from python3 is present, but the space wasted + is only 114kB and it provides python3-base with a working hashlib + module. + (also, this fixes bnc#743787) + +------------------------------------------------------------------- +Fri Jul 27 09:02:41 UTC 2012 - dvaleev@suse.com + +- skip test_io on ppc +- drop test_io ppc patch + +------------------------------------------------------------------- +Thu Jun 28 07:57:58 UTC 2012 - saschpe@suse.de + +- Satisfy source_validator by uncommenting an otherwise unused "Patch" + line + +------------------------------------------------------------------- +Tue Jun 12 15:39:08 UTC 2012 - adrian@suse.de + +- fix logic of checks exclusion + +------------------------------------------------------------------- +Fri May 18 11:50:27 UTC 2012 - idonmez@suse.com + +- update to 3.2.3 + * No changes since rc2 + +------------------------------------------------------------------- +Thu Mar 29 15:44:33 UTC 2012 - jmatejek@suse.com + +- update to 3.2.3rc2 + * fixes several security issues: + * CVE-2012-0845, bnc#747125 + * CVE-2012-1150, bnc#751718 + * CVE-2011-4944, bnc#754447 + * CVE-2011-3389, bnc#754677 +- fix for insecure .pypirc (CVE-2011-4944, bnc#754447) +- disable test_gdb because it is broken by our gdb + +------------------------------------------------------------------- +Thu Feb 16 12:33:12 UTC 2012 - dvaleev@suse.com + +- skip broken test_io test on ppc + +------------------------------------------------------------------- +Wed Jan 18 15:49:47 UTC 2012 - jmatejek@suse.com + +- update to 3.2.2 + * bugfix-only release + * reports "linux2" as sys.platform regardless of Linux kernel +- added pre_checkin.sh to copy common spec sections to python3.spec +- added PACKAGING-NOTES with some helpful info for packagers + +------------------------------------------------------------------- +Sun Dec 25 13:25:01 UTC 2011 - idonmez@suse.com + +- Use system ffi, included one is broken see + http://bugs.python.org/issue11729 and + http://bugs.python.org/issue12081 + +------------------------------------------------------------------- +Fri Dec 9 17:19:55 UTC 2011 - jmatejek@suse.com + +- license.opensuse.org-compatible license headers + +------------------------------------------------------------------- +Fri Dec 2 16:46:44 UTC 2011 - coolo@suse.com + +- add automake as buildrequire to avoid implicit dependency + +------------------------------------------------------------------- +Thu Nov 24 12:42:25 UTC 2011 - agraf@suse.com + +- fix ARM build (exclude some test cases which break for us) + +------------------------------------------------------------------- +Tue Aug 16 17:02:22 UTC 2011 - termim@gmail.com + +- use sysconfig module to get py3_incdir, py3_abiflags, + py3_soflags, python3_sitelib and python3_sitearch + +------------------------------------------------------------------- +Mon Jul 18 16:22:31 UTC 2011 - jmatejek@novell.com + +- update to 3.2.1 + * bugfix-only release, no major changes +- fix build on linux3 platform +- remove upstreamed pybench patch +- install /usr/lib directories in all cases to prevent spurious + "directory not owned" in dependent packages + +------------------------------------------------------------------- +Wed Jun 15 14:16:38 UTC 2011 - jmatejek@novell.com + +- replaced dynamic so version with manual so version, because + autobuild does not support autogeneration + +------------------------------------------------------------------- +Tue May 24 13:39:06 UTC 2011 - jmatejek@novell.com + +- generate macros.python3 at compile-time with fixed values +- don't include bogus values in pyconfig.h, as they can break + third-party packages (bnc#673071) + +------------------------------------------------------------------- +Tue May 17 12:52:51 UTC 2011 - jmatejek@novell.com + +- added Obsoletes: python3 < 3.1 so that the transition from + non-split to split packages goes smoothly + +------------------------------------------------------------------- +Fri May 13 12:38:19 UTC 2011 - jmatejek@novell.com + +- fixed RPM macros to use python3 instead of python +- updated to build --with-wide-unicode (for compatibility with + fedora and our own python 2.x series) + +------------------------------------------------------------------- +Thu Apr 21 03:39:25 UTC 2011 - termim@gmail.com + +- fix python3-base build failure due to pybench.py crash by + python-3.2-pybench.patch +- move pyconfig.h from python3-devel to python3-base package to + make python3-base functional again + +------------------------------------------------------------------- +Wed Mar 23 04:26:28 UTC 2011 - termim@gmail.com + +- update to python 3.2 + * stable ABI, ABI-tagged .so files + * concurrent.futures and many other new or upgraded modules + * PYC repository directories ( __pycache__ ) + * python WSGI 1.0.1 + * Unicode 6.0.0 support + * a great number of bugfixes and assorted improvements + +------------------------------------------------------------------- +Tue Feb 8 19:42:17 CET 2011 - matejcik@suse.cz + +- update to python 3.2 RC2 +- renamed python3-demo to python3-tools, because the demo part + became much smaller than the tools part +- added rpm macros + +------------------------------------------------------------------- +Tue Jan 18 14:13:04 UTC 2011 - jmatejek@novell.com + +- update to python 3.2 beta 2, see NEWS for details +- split off -base package with less dependencies, and a shlib-policy + compliant libpython3 package +- mostly rewritten the spec file with more detailed comments +- cleaned up lists of patches + diff --git a/python311.spec b/python311.spec new file mode 100644 index 0000000..51d6365 --- /dev/null +++ b/python311.spec @@ -0,0 +1,1042 @@ +# +# spec file for package python311 +# +# Copyright (c) 2025 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%global flavor @BUILD_FLAVOR@%{nil} +%if "%{flavor}" == "doc" +%define psuffix -documentation +%bcond_without doc +%bcond_with base +%bcond_with general +%endif +%if "%{flavor}" == "base" +%define psuffix -core +%bcond_with doc +%bcond_without base +%bcond_with general +%endif +%if "%{flavor}" == "" +%define psuffix %{nil} +%bcond_with doc +%bcond_with base +%bcond_without general +%endif + +%if 0%{?do_profiling} && !0%{?want_reproducible_builds} +%bcond_without profileopt +%else +%bcond_with profileopt +%endif + +# Only for Tumbleweed +# https://en.opensuse.org/openSUSE:Python:Externally_managed +%if 0%{?suse_version} > 1600 +%bcond_without externally_managed +%else +%bcond_with externally_managed +%endif + +%define python_pkg_name python311 +%if "%{python_pkg_name}" == "%{primary_python}" +%define primary_interpreter 1 +%else +%define primary_interpreter 0 +%endif + +# Setting up variables +%define _version %(c=%{version}; echo ${c/[a-z]*/}) +%define tar_suffix %(c=%{_version}; echo ${c#%{_version}}) +%define python_version %(echo %{_version}|cut -d. -f1-2) +# based on the current source tarball +%define python_version_abitag %(c=%{python_version}; echo ${c//./}) +# FIXME %%define python_version_soname %%(c=%%{python_version}; echo ${c//./_}) +%define python_version_soname 3_11 +%if 0%(test -n "%{tar_suffix}" && echo 1) +%define _version %(echo "%{_version}~%{tar_suffix}") +%define tarversion %{version} +%else +%define tarversion %{version} +%endif +# We don't process beta signs well +%define folderversion %{tarversion} +%define tarname Python-%{tarversion} +%define sitedir %{_libdir}/python%{python_version} +# three possible ABI kinds: m - pymalloc, d - debug build; see PEP 3149 +%define abi_kind %{nil} +# python ABI version - used in some file names +%define python_abi %{python_version}%{abi_kind} +# soname ABI tag defined in PEP 3149 +%define abi_tag %{python_version_abitag}%{abi_kind} +# version part of "libpython" package +%define so_major 1 +%define so_minor 0 +%define so_version %{python_version_soname}%{abi_kind}-%{so_major}_%{so_minor} +# rpm and python have different ideas about what is an arch-dependent name, so: +%if "%{__isa_name}" == "ppc" +%define archname %(echo %{_arch} | sed s/ppc/powerpc/) +%else +%define archname %{_arch} +%endif +# our arm has Hardware-Floatingpoint +%if "%{_arch}" == "arm" +%define armsuffix hf +%endif +# Decide whether we want to use mpdecimal +%if 0%{?suse_version} >= 1550 +%bcond_without mpdecimal +%else +%bcond_with mpdecimal +%endif +# pyexpat.cpython-35m-x86_64-linux-gnu +# pyexpat.cpython-35m-powerpc64le-linux-gnu +# pyexpat.cpython-35m-armv7-linux-gnueabihf +# _md5.cpython-38m-x86_64-linux-gnu.so +%define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so +Name: %{python_pkg_name}%{psuffix} +Version: 3.11.13 +Release: 0 +Summary: Python 3 Interpreter +License: Python-2.0 +URL: https://www.python.org/ +Source0: https://www.python.org/ftp/python/%{folderversion}/%{tarname}.tar.xz +Source1: https://www.python.org/ftp/python/%{folderversion}/%{tarname}.tar.xz.sigstore +Source2: baselibs.conf +Source3: README.SUSE +Source4: externally_managed.in +Source7: macros.python3 +Source8: import_failed.py +Source9: import_failed.map +Source10: pre_checkin.sh +Source11: skipped_tests.py +Source19: idle3.desktop +Source20: idle3.appdata.xml +# content of bluez-devel: +# 1. sudo zypper --pkg-cache-dir /tmp install -f -d --no-recommends bluez-devel +# 2. rpm2cpio /tmp/*/*/bluez-devel-*.rpm|cpio -idu +# 3. mkdir Vendor && mv usr/include/* Vendor/ +# 4. tar cJf bluez-devel-vendor.tar.xz Vendor/ +Source21: bluez-devel-vendor.tar.xz +Source98: python311-rpmlintrc +# Tarball is signed by the GPG key of Pablo Galindo Salgado (0x64E628F8D684696D) +# https://keybase.io/pablogsal/pgp_keys.asc?fingerprint=a035c8c19219ba821ecea86b64e628f8d684696d +Source99: python.keyring +# The following files are not used in the build. +# They are listed here to work around missing functionality in rpmbuild, +# which would otherwise exclude them from distributed src.rpm files. +Source100: PACKAGING-NOTES +# PATCH-FEATURE-UPSTREAM F00251-change-user-install-location.patch bsc#[0-9]+ mcepl@suse.com +# Fix installation in /usr/local (boo#1071941), originally from Fedora +# https://src.fedoraproject.org/rpms/python3.12/blob/rawhide/f/00251-change-user-install-location.patch +# Set values of prefix and exec_prefix in distutils install command +# to /usr/local if executable is /usr/bin/python* and RPM build +# is not detected to make pip and distutils install into separate location +Patch02: F00251-change-user-install-location.patch +# PATCH-FEATURE-UPSTREAM distutils-reproducible-compile.patch gh#python/cpython#8057 mcepl@suse.com +# Improve reproduceability +Patch03: distutils-reproducible-compile.patch +# support finding packages in /usr/local, install to /usr/local by default +Patch04: python-3.3.0b1-localpath.patch +# replace DATE, TIME and COMPILER by fixed definitions to aid reproducible builds +Patch05: python-3.3.0b1-fix_date_time_compiler.patch +# Raise timeout value for test_subprocess +Patch07: subprocess-raise-timeout.patch +# PATCH-FEATURE-UPSTREAM bpo-31046_ensurepip_honours_prefix.patch bpo#31046 mcepl@suse.com +# ensurepip should honour the value of $(prefix) +Patch08: bpo-31046_ensurepip_honours_prefix.patch +# PATCH-FIX-SLE no-skipif-doctests.patch jsc#SLE-13738 mcepl@suse.com +# SLE-15 version of Sphinx doesn't know about skipif directive in doctests. +Patch09: no-skipif-doctests.patch +# PATCH-FIX-SLE skip-test_pyobject_freed_is_freed.patch mcepl@suse.com +# skip a test failing on SLE-15 +Patch10: skip-test_pyobject_freed_is_freed.patch +# PATCH-FIX-SLE fix_configure_rst.patch bpo#43774 mcepl@suse.com +# remove duplicate link targets and make documentation with old Sphinx in SLE +Patch11: fix_configure_rst.patch +# PATCH-FIX-UPSTREAM skip_if_buildbot-extend.patch gh#python/cpython#103053 mcepl@suse.com +# Skip test_freeze_simple_script +Patch13: skip_if_buildbot-extend.patch +# PATCH-FIX-UPSTREAM bsc1221260-test_asyncio-ResourceWarning.patch bsc#1221260 mcepl@suse.com +# prevent ResourceWarning in test_asyncio tests +Patch15: bsc1221260-test_asyncio-ResourceWarning.patch +# PATCH-FIX-OPENSUSE CVE-2023-52425-libexpat-2.6.0-backport.patch +# This problem on libexpat is patched on SLE without version +# update, this patch changes the tests to match the libexpat provided +# by SUSE +Patch16: CVE-2023-52425-libexpat-2.6.0-backport.patch +Patch17: CVE-2023-52425-remove-reparse_deferral-tests.patch +# PATCH-FIX-UPSTREAM bso1227999-reproducible-builds.patch bsc#1227999 mcepl@suse.com +# reproducibility patches +Patch19: bso1227999-reproducible-builds.patch +# PATCH-FIX-UPSTREAM gh120226-fix-sendfile-test-kernel-610.patch gh#python/cpython#120226 mcepl@suse.com +# Fix test_sendfile_close_peer_in_the_middle_of_receiving on Linux >= 6.10 (GH-120227) +Patch22: gh120226-fix-sendfile-test-kernel-610.patch +# PATCH-FIX-UPSTREAM Add platform triplets for 64-bit LoongArch gh#python/cpython#30939 glaubitz@suse.com +Patch24: add-loongarch64-support.patch +BuildRequires: autoconf-archive +BuildRequires: automake +BuildRequires: crypto-policies-scripts +BuildRequires: fdupes +BuildRequires: gmp-devel +BuildRequires: lzma-devel +BuildRequires: netcfg +BuildRequires: openssl-devel +BuildRequires: pkgconfig +BuildRequires: xz +BuildRequires: pkgconfig(bzip2) +BuildRequires: pkgconfig(expat) +BuildRequires: pkgconfig(libffi) +BuildRequires: pkgconfig(uuid) +BuildRequires: pkgconfig(zlib) +#!BuildIgnore: gdk-pixbuf-loader-rsvg +%if 0%{?suse_version} >= 1550 +# The provider for python(abi) is in rpm-build-python +BuildRequires: rpm-build-python +%endif +%if 0%{?suse_version} >= 1500 && 0%{?suse_version} < 1599 +BuildRequires: pkgconfig(libnsl) +BuildRequires: pkgconfig(libtirpc) +%endif +%if %{with mpdecimal} +BuildRequires: mpdecimal-devel +%endif +%if %{with doc} +BuildRequires: python3-Sphinx >= 4.0.0 +%if 0%{?suse_version} >= 1500 +BuildRequires: python3-python-docs-theme >= 2022.1 +%endif +%endif +%if %{with general} +# required for idle3 (.desktop and .appdata.xml files) +BuildRequires: appstream-glib +BuildRequires: gcc-c++ +BuildRequires: gdbm-devel +BuildRequires: gettext +BuildRequires: readline-devel +BuildRequires: sqlite-devel +BuildRequires: timezone +BuildRequires: pkgconfig(ncurses) +BuildRequires: pkgconfig(tk) +BuildRequires: pkgconfig(x11) +Requires: %{python_pkg_name}-base = %{version} +Provides: %{python_pkg_name}-readline +Provides: %{python_pkg_name}-sqlite3 +Recommends: %{python_pkg_name}-curses +Recommends: %{python_pkg_name}-dbm +Recommends: %{python_pkg_name}-pip +%if %{primary_interpreter} +Provides: python3 = %{python_version} +Provides: python3-readline +Provides: python3-sqlite3 +%endif +%endif +%{?suse_build_hwcaps_libs} + +%description +Python 3 is modern interpreted, object-oriented programming language, +often compared to Tcl, Perl, Scheme, or Java. You can find an overview +of Python in the documentation and tutorials included in the python3-doc +package. + +This package supplies rich command line features provided by readline, +and sqlite3 support for the interpreter core, thus forming a so called +"extended" runtime. +Installing "python3" is sufficient for the vast majority of usecases. +In addition, recommended packages provide UI toolkit support (python3-curses, +python3-tk), legacy UNIX database bindings (python3-dbm), and the IDLE +development environment (python3-idle). + +%package -n %{python_pkg_name}-tk +Summary: TkInter, a Python Tk Interface +Requires: %{python_pkg_name} = %{version} +%if %{primary_interpreter} +Provides: python3-tk = %{version} +%endif + +%description -n %{python_pkg_name}-tk +Python interface to Tk. Tk is the GUI toolkit that comes with Tcl. + +%package -n %{python_pkg_name}-curses +Summary: Python Interface to the (N)Curses Library +Requires: %{python_pkg_name} = %{version} +%if %{primary_interpreter} +Provides: python3-curses +%endif + +%description -n %{python_pkg_name}-curses +An easy to use interface to the (n)curses CUI library. CUI stands for +Console User Interface. + +%package -n %{python_pkg_name}-dbm +Summary: Python Interface to the GDBM Library +Requires: %{python_pkg_name} = %{version} +%if %{primary_interpreter} +Provides: python3-dbm +%endif + +%description -n %{python_pkg_name}-dbm +An easy to use interface for Unix DBM databases, and more specifically, +the GNU implementation GDBM. + +%package -n %{python_pkg_name}-idle +Summary: An Integrated Development Environment for Python +Requires: %{python_pkg_name} = %{version} +Requires: %{python_pkg_name}-tk +%if %{primary_interpreter} +Provides: python3-idle = %{version} +%endif + +%description -n %{python_pkg_name}-idle +IDLE is a Tkinter based integrated development environment for Python. +It features a multi-window text editor with multiple undo, Python +colorizing, and many other things, as well as a Python shell window and +a debugger. + +%package -n %{python_pkg_name}-doc +Summary: Package Documentation for Python 3 +Enhances: %{python_pkg_name} = %{python_version} +%if %{primary_interpreter} +Provides: python3-doc = %{version} +%endif + +%description -n %{python_pkg_name}-doc +Tutorial, Global Module Index, Language Reference, Library Reference, +Extending and Embedding Reference, Python/C API Reference, Documenting +Python, and Macintosh Module Reference in HTML format. + +%package -n %{python_pkg_name}-doc-devhelp +Summary: Additional Package Documentation for Python 3 in devhelp format +%if %{primary_interpreter} +Provides: python3-doc-devhelp = %{version} +%endif + +%description -n %{python_pkg_name}-doc-devhelp +Tutorial, Global Module Index, Language Reference, Library Reference, +Extending and Embedding Reference, Python/C API Reference, Documenting +Python, and Macintosh Module Reference in format for devhelp. + +%package -n %{python_pkg_name}-base +Summary: Python 3 Interpreter and Stdlib Core +Requires: libpython%{so_version} = %{version} +Recommends: %{python_pkg_name} = %{version} +#Recommends: python3-ensurepip +# python 3.1 didn't have a separate python-base, so it is wrongly +# not a conflict to have python3-3.1 and python3-base > 3.1 +Obsoletes: python3 < 3.2 +# no Provides, because python3 is obviously provided by package python3 +# python 3.4 provides asyncio +Provides: %{python_pkg_name}-asyncio = %{version} +# python 3.6 provides typing +Provides: %{python_pkg_name}-typing = %{version} +# python3-xml was merged into python3, now moved into -base +Provides: %{python_pkg_name}-xml = %{version} +%if %{primary_interpreter} +Provides: python3-asyncio = %{version} +Obsoletes: python3-asyncio < %{version} +Provides: python3-base = %{version} +Obsoletes: python3-base < %{version} +Provides: python3-typing = %{version} +Obsoletes: python3-typing < %{version} +Provides: python3-xml = %{version} +Obsoletes: python3-xml < %{version} +%endif + +%description -n %{python_pkg_name}-base +Python is an interpreted, object-oriented programming language, and is +often compared to Tcl, Perl, Scheme, or Java. You can find an overview +of Python in the documentation and tutorials included in the python-doc +package. + +This package contains the interpreter core and most commonly used modules +from the standard library. This is sufficient for many usecases, but it +excludes components that depend on external libraries, most notably XML, +database and UI toolkits support. + +%package -n %{python_pkg_name}-tools +Summary: Python Utility and Demonstration Scripts +Requires: %{python_pkg_name}-base = %{version} +Provides: %{python_pkg_name}-2to3 = %{version} +Provides: %{python_pkg_name}-demo = %{version} +%if %{primary_interpreter} +Provides: python3-2to3 = %{version} +Provides: python3-demo = %{version} +Provides: python3-tools = %{version} +Obsoletes: python3-2to3 < %{version} +Obsoletes: python3-demo < %{version} +%endif + +%description -n %{python_pkg_name}-tools +A number of scripts that are useful for building, testing or extending Python, +and a set of demonstration programs. + +%package -n %{python_pkg_name}-devel +Summary: Include Files and Libraries Mandatory for Building Python Modules +Requires: %{python_pkg_name}-base = %{version} +%if %{primary_interpreter} +Provides: python3-devel = %{version} +%endif + +%description -n %{python_pkg_name}-devel +The Python programming language's interpreter can be extended with +dynamically loaded extensions and can be embedded in other programs. + +This package contains header files, a static library, and development +tools for building Python modules, extending the Python interpreter or +embedding Python in applications. + +This also includes the Python distutils, which were in the Python +package up to version 2.2.2. + +%package -n %{python_pkg_name}-testsuite +Summary: Unit tests for Python and its standard library +Requires: %{python_pkg_name} = %{version} +Requires: %{python_pkg_name}-tk = %{version} +%if %{primary_interpreter} +Provides: python3-testsuite = %{version} +%endif + +%description -n %{python_pkg_name}-testsuite +Unit tests that are useful for verifying integrity and functionality +of the installed Python interpreter and standard library. +They are a documented part of stdlib, as a module 'test'. + +%package -n libpython%{so_version} +Summary: Python Interpreter shared library +Requires: %{python_pkg_name}-base >= %{version} + +%description -n libpython%{so_version} +Python is an interpreted, object-oriented programming language, and is +often compared to Tcl, Perl, Scheme, or Java. You can find an overview +of Python in the documentation and tutorials included in the python-doc +(HTML) or python-doc-pdf (PDF) packages. + +This package contains libpython3.2 shared library for embedding in +other applications. + +%prep +%setup -q -n %{tarname} + +%autopatch -p1 -M 08 +%if 0%{?suse_version} <= 1500 +%patch -P 09 -p1 +%endif +%autopatch -p1 -m 10 + +# drop Autoconf version requirement +sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac + +%if %{primary_interpreter} +# fix shebangs - convert /usr/local/bin/python and /usr/bin/env/python to /usr/bin/python3 +for dir in Lib Tools; do + # find *.py, filter to files that contain bad shebangs + # break up "/""usr" like this to prevent replacing with %%{_prefix} + find $dir -name '*.py' -type f -print0 \ + | xargs -0 grep -lE '^#! *(/''usr/.*bin/(env +)?)?python' \ + | xargs sed -r -i -e '1s@^#![[:space:]]*(/''usr/(local/)?bin/(env +)?)?python([0-9]+(\.[0-9]+)?)?@#!%{_bindir}/python3@' +done +%else +# For non-primary Python, just don't bother (bsc#1193179) and remove all +# those shebangs +for dir in Lib Tools; do + find $dir -name '*.py' -type f -exec sed -i '1{/^#!.*python/ d}' '{}' \; +done +# We shortened the file Lib/pdb.py so we have to move the test breakpoint location +sed -i -e '/Breakpoint 3 at ...pdb.py:97/s/97/96/' Lib/test/test_pdb.py +%endif + +# drop in-tree libffi and expat +rm -r Modules/_ctypes/libffi* Modules/_ctypes/darwin +# Cannot remove it because of gh#python/cpython#92875 +# rm -r Modules/expat + +# drop duplicate README from site-packages +rm Lib/site-packages/README.txt + +# Add vendored bluez-devel files +tar xvf %{SOURCE21} + +# Don't fail on warnings when building documentation +sed -i -e '/^SPHINXERRORHANDLING/s/-W//' Doc/Makefile + +%build +%if %{with doc} +TODAY_DATE=`date -r %{SOURCE0} "+%%B %%d, %%Y"` +# TODO use not date of tarball but date of latest patch + +cd Doc +sed -i "s/^today = .*/today = '$TODAY_DATE'/" conf.py +%make_build -j1 html + +# Build also devhelp files +sphinx-build -a -b devhelp . build/devhelp +rm -rfv build/devhelp/.doctrees +%else +%define _lto_cflags %{nil} +# use rpm_opt_flags +export OPT="%{optflags} -DOPENSSL_LOAD_CONF -fwrapv $(pkg-config --cflags-only-I libffi) -fno-semantic-interposition" + +touch -r %{SOURCE0} Makefile.pre.in + +autoreconf -fvi + +%if 0%{?sles_version} +sed -e 's/-fprofile-correction//' -i Makefile.pre.in +%endif + +export CFLAGS="%{optflags} -IVendor/" + +%configure \ + --with-platlibdir=%{_lib} \ + --docdir=%{_docdir}/python \ + --enable-ipv6 \ + --enable-shared \ + --with-ensurepip=no \ + --with-system-ffi \ + --with-system-expat \ + --with-lto \ +%if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150400 + --with-ssl-default-suites=openssl \ +%endif +%if %{with profileopt} + --enable-optimizations \ +%endif +%if %{with mpdecimal} + --with-system-libmpdec \ +%endif + --enable-loadable-sqlite-extensions + +# prevent make from trying to rebuild PYTHON_FOR_GEN stuff +# %%make_build -t Python/Python-ast.c \ + # Include/Python-ast.h \ + # Objects/typeslots.inc \ + # Python/opcode_targets.h \ + # Include/opcode.h +%make_build + +%if %{with general} +%make_build +%endif +%if %{with base} +%if %{with profileopt} + target=profile-opt +%else + target=all +%endif +LD_LIBRARY_PATH=.:$LD_LIBRARY_PATH \ + %make_build $target +%endif +%endif + +%check +export SUSE_VERSION="0%{?suse_version}" +export SLE_VERSION="0%{?sle_version}" +%if %{with general} +# exclude test_gdb -- it doesn't run in buildservice anyway, and fails on missing debuginfos +# when you install gdb into your test env +EXCLUDE="test_gdb" +# we patch out the message to recommend zypper in and thus this would fail +EXCLUDE="$EXCLUDE test_pydoc" + +%ifarch %{arm} s390x +# test_multiprocessing_forkserver is racy +EXCLUDE="$EXCLUDE test_multiprocessing_forkserver" +%endif +%ifarch ppc ppc64 ppc64le +# exclue test_faulthandler due to bnc#831629 +EXCLUDE="$EXCLUDE test_faulthandler" +%endif +# some tests break in QEMU +%if 0%{?qemu_user_space_build} +EXCLUDE="$EXCLUDE test_faulthandler test_multiprocessing_forkserver test_multiprocessing_spawn test_os test_posix test_signal test_socket test_subprocess" +%endif + +# This test (part of test_uuid) requires real network interfaces +# so that ifconfig output has "HWaddr ". Some kvm instances +# done have any such interface breaking the uuid module. +EXCLUDE="$EXCLUDE test_uuid" + +# bsc#1195140 and bpo#37169 - test_capi is failing on openSUSE, and not sure why +EXCLUDE="$EXCLUDE test_capi" + +# Limit virtual memory to avoid spurious failures +if test $(ulimit -v) = unlimited || test $(ulimit -v) -gt 10000000; then + ulimit -v 11000000 || : +fi + +# test_freeze_simple_script in test.test_tools.test_freeze.TestFreeze +# uses CONFIG_ARGS to run ./configure. +export CONFIG_ARGS="--enable-ipv6 --enable-shared --with-ensurepip=no \ + --with-system-ffi --with-system-expat --with-lto --enable-optimizations \ + --with-system-libmpdec --enable-loadable-sqlite-extensions" + +export PYTHONPATH="$(pwd -P)/Lib" +# Use timeout, like make target buildbottest +# We cannot run tests parallel, because osc build environment doesn’t +# have /dev/shm +%make_build -j1 test TESTOPTS="-u curses -v -x $EXCLUDE --timeout=5400" +# use network, be verbose: +#make test TESTOPTS="-l -u network -v" +%endif + +%install +%if %{with doc} +export PDOCS=%{buildroot}%{_docdir}/python%{python_version} +mkdir -p $PDOCS +# generated docs +rm Doc/build/*/.buildinfo +cp -r Doc/build/html $PDOCS +# misc +install -d -m 755 $PDOCS/Misc +rm Misc/README.AIX +for i in Misc/* ; do + [ -f $i ] && install -c -m 644 $i $PDOCS/Misc/ +done +# devhelp +mkdir -p %{buildroot}%{_datadir}/gtk-doc/html +cp -r Doc/build/devhelp %{buildroot}%{_datadir}/gtk-doc/html/Python%{python_version} +rm -rf %{buildroot}%{_datadir}/gtk-doc/html/Python%{python_version}/.doctrees +%endif +%if %{with general} +%make_install + +# clean out stuff that is in python-base and subpackages + +find %{buildroot}%{_bindir} -mindepth 1 -not -name "*idle3*" -print -delete +rm %{buildroot}%{_libdir}/lib* +rm -r %{buildroot}%{_libdir}/pkgconfig +rm -r %{buildroot}%{_mandir}/* +rm -r %{buildroot}%{_includedir}/* + +rm -r %{buildroot}%{sitedir}/config* +find %{buildroot}%{sitedir} -name "*.egg-info" -delete +rm -r %{buildroot}%{sitedir}/__pycache__ +rm -r %{buildroot}%{sitedir}/site-packages +rm %{buildroot}%{sitedir}/*.* + +for module in \ + asyncio ctypes collections concurrent distutils email encodings \ + ensurepip html http re \ + importlib json logging multiprocessing pydoc_data unittest \ + urllib venv wsgiref lib2to3 test tomllib turtledemo \ + xml xmlrpc zoneinfo __phello__ +do + rm -r %{buildroot}%{sitedir}/$module +done + +for library in \ + array _asyncio audioop binascii _bisect _bz2 cmath _codecs_* \ + _contextvars _crypt _csv _ctypes _datetime _decimal fcntl grp \ + _hashlib _heapq _json _lsprof _lzma math mmap _multibytecodec \ + _multiprocessing _opcode ossaudiodev _pickle _posixshmem \ + _posixsubprocess _queue _random resource select _ssl _socket spwd \ + _statistics _struct syslog termios _testbuffer _testimportmultiple \ + _testmultiphase unicodedata zlib _ctypes_test _testinternalcapi _testcapi \ + _typing _testclinic xxlimited xxlimited_35 \ + _xxtestfuzz _xxsubinterpreters _elementtree pyexpat _md5 _sha1 \ + _sha256 _sha512 _blake2 _sha3 _uuid _zoneinfo +do + eval rm "%{buildroot}%{sitedir}/lib-dynload/$library.*" +done + +# Idle is not packaged in base due to the appstream-glib dependency +# move idle config into /etc +install -d -m 755 %{buildroot}%{_sysconfdir}/idle%{python_version} +( + cd %{buildroot}/%{sitedir}/idlelib/ + for file in *.def ; do + mv $file %{buildroot}%{_sysconfdir}/idle%{python_version}/ + ln -sf %{_sysconfdir}/idle%{python_version}/$file %{buildroot}/%{sitedir}/idlelib/ + done +) + +# keep just idle3.X +rm %{buildroot}%{_bindir}/idle3 + +# install idle icons +for size in 16 32 48 ; do + install -m 644 -D Lib/idlelib/Icons/idle_${size}.png \ + %{buildroot}%{_datadir}/icons/hicolor/${size}x${size}/apps/idle%{python_version}.png +done + +# install idle desktop file +cp %{SOURCE19} idle%{python_version}.desktop +sed -i -e 's:idle3:idle%{python_version}:g' idle%{python_version}.desktop +install -m 644 -D -t %{buildroot}%{_datadir}/applications idle%{python_version}.desktop + +cp %{SOURCE20} idle%{python_version}.appdata.xml +sed -i -e 's:idle3.desktop:idle%{python_version}.desktop:g' idle%{python_version}.appdata.xml +install -m 644 -D -t %{buildroot}%{_datadir}/metainfo idle%{python_version}.appdata.xml +appstream-util validate-relax --nonet %{buildroot}%{_datadir}/metainfo/idle%{python_version}.appdata.xml + +%fdupes %{buildroot}/%{_libdir}/python%{python_version} +%endif +%if %{with base} +%make_install + +# remove .a +find %{buildroot} -name "*.a" -delete + +# install "site-packages" and __pycache__ for third parties +install -d -m 755 %{buildroot}%{sitedir}/site-packages +install -d -m 755 %{buildroot}%{sitedir}/site-packages/__pycache__ +# and their 32bit counterparts explicitly +mkdir -p %{buildroot}%{_prefix}/lib/python%{python_version}/site-packages/__pycache__ + +# cleanup parts that don't belong +for dir in curses dbm sqlite3 tkinter idlelib; do + find "%{buildroot}/%{sitedir}/$dir"/* -maxdepth 0 -name "test" -o -exec rm -rf {} + +done +rm -fv %{buildroot}%{dynlib nis} + +# overwrite the copied binary with a link +ln -sf python%{python_version} %{buildroot}%{_bindir}/python3 + +# decide to ship python3 or just python3.X +%if !%{primary_interpreter} +# base +rm %{buildroot}%{_bindir}/python3 +rm %{buildroot}%{_bindir}/pydoc3 +rm %{buildroot}%{_mandir}/man1/python3.1 +# devel +rm %{buildroot}%{_bindir}/python3-config +rm %{buildroot}%{_libdir}/libpython3.so +rm %{buildroot}%{_libdir}/pkgconfig/{python3,python3-embed}.pc +%endif + +%if %{with externally_managed} +# PEP-0668 mark this as a distro maintained python +sed -e 's,__PYTHONPREFIX__,%{python_pkg_name},' -e 's,__PYTHON__,python%{python_version},' < %{SOURCE4} > %{buildroot}%{sitedir}/EXTERNALLY-MANAGED +%endif + +# link shared library instead of static library that tools expect +ln -s ../../libpython%{python_abi}.so %{buildroot}%{_libdir}/python%{python_version}/config-%{python_abi}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}/libpython%{python_abi}.so + +# delete idle3, which has to many packaging dependencies for base +rm %{buildroot}%{_bindir}/idle3* + +# delete the generic 2to3 binary if we are not primary +%if !%{primary_interpreter} +rm %{buildroot}%{_bindir}/2to3 +%endif + +# replace duplicate .pyo/.pyc with hardlinks +%fdupes %{buildroot}/%{sitedir} + +# documentation +export PDOCS=%{buildroot}%{_docdir}/%{name} +install -d -m 755 $PDOCS +install -c -m 644 %{SOURCE3} $PDOCS/ +install -c -m 644 README.rst $PDOCS/ + +# tools +for x in `find Tools/ \( -not -name Makefile \) -print | sort` ; do + test -d $x && ( install -c -m 755 -d $PDOCS/$x ) \ + || ( install -c -m 644 $x $PDOCS/$x ) +done +# gdb script is shipped with devel subpackage +rm -r $PDOCS/Tools/gdb +# clean up the bat files +find "$PDOCS" -name "*.bat" -delete + +# put gdb helper script into place +install -m 755 -D Tools/gdb/libpython.py %{buildroot}%{_datadir}/gdb/auto-load/%{_libdir}/libpython%{python_abi}.so.%{so_major}.%{so_minor}-gdb.py + +# install devel files to /config +#cp Makefile Makefile.pre.in Makefile.pre $RPM_BUILD_ROOT%%{sitedir}/config-%%{python_abi}/ + +# Remove -IVendor/ from python-config boo#1231795 +sed -i 's/-IVendor\///' %{buildroot}%{_bindir}/python%{python_abi}-config + +# RPM macros +%if %{primary_interpreter} +mkdir -p %{buildroot}%{_rpmconfigdir}/macros.d/ +install -m 644 %{SOURCE7} %{buildroot}%{_rpmconfigdir}/macros.d/ # macros.python3 +%endif + +# import_failed hooks +FAILDIR=%{buildroot}/%{sitedir}/_import_failed +mkdir $FAILDIR +install -m 644 %{SOURCE8} %{SOURCE9} $FAILDIR # import_failed.* +LD_LIBRARY_PATH=. ./python -c "from py_compile import compile; compile('$FAILDIR/import_failed.py', dfile='%{sitedir}/_import_failed/import_failed.py')" +LD_LIBRARY_PATH=. ./python -O -c "from py_compile import compile; compile('$FAILDIR/import_failed.py', dfile='%{sitedir}/_import_failed/import_failed.py')" +( + cd $FAILDIR + while read package modules; do + for module in $modules; do + ln import_failed.py $module.py + pushd __pycache__ + for i in import_failed*; do + ln $i "$module${i#import_failed}" + done + popd + done + done < %{SOURCE9} +) +echo %{sitedir}/_import_failed > %{buildroot}/%{sitedir}/site-packages/zzzz-import-failed-hooks.pth +%endif + +# For the purposes of reproducibility, it is necessary to eliminate any *.pyc files inside documentation dirs +if [ -d %{buildroot}%{_defaultdocdir} ] ; then +find %{buildroot}%{_defaultdocdir} -type f -name \*.pyc -ls -exec rm -vf '{}' \; +fi + +%if %{with general} +%files -n %{python_pkg_name}-tk +%{sitedir}/tkinter +%exclude %{sitedir}/tkinter/test +%{dynlib _tkinter} + +%files -n %{python_pkg_name}-curses +%{sitedir}/curses +%{dynlib _curses} +%{dynlib _curses_panel} + +%files -n %{python_pkg_name}-dbm +%{sitedir}/dbm +%{dynlib _dbm} +%{dynlib _gdbm} + +%files -n %{python_pkg_name} +%dir %{sitedir} +%dir %{sitedir}/lib-dynload +%{sitedir}/sqlite3 +%exclude %{sitedir}/sqlite3/test +%{dynlib readline} +%{dynlib _sqlite3} +%if 0%{?suse_version} < 1599 +%{dynlib nis} +%endif + +%files -n %{python_pkg_name}-idle +%{sitedir}/idlelib +%dir %{_sysconfdir}/idle%{python_version} +%config %{_sysconfdir}/idle%{python_version}/* +%doc Lib/idlelib/README.txt +%doc Lib/idlelib/TODO.txt +%doc Lib/idlelib/extend.txt +%doc Lib/idlelib/ChangeLog +%{_bindir}/idle%{python_version} +%{_datadir}/applications/idle%{python_version}.desktop +%{_datadir}/metainfo/idle%{python_version}.appdata.xml +%{_datadir}/icons/hicolor/*/apps/idle%{python_version}.png +%dir %{_datadir}/icons/hicolor +%dir %{_datadir}/icons/hicolor/16x16 +%dir %{_datadir}/icons/hicolor/32x32 +%dir %{_datadir}/icons/hicolor/48x48 +%dir %{_datadir}/icons/hicolor/*/apps +# endif for if general +%endif + +%if %{with doc} +%files -n %{python_pkg_name}-doc +%dir %{_docdir}/python%{python_version} +%doc %{_docdir}/python%{python_version}/Misc +%doc %{_docdir}/python%{python_version}/html + +%files -n %{python_pkg_name}-doc-devhelp +%dir %{_datadir}/gtk-doc +%dir %{_datadir}/gtk-doc/html +%doc %{_datadir}/gtk-doc/html/Python%{python_version} +%endif + +%if %{with base} +%post -n libpython%{so_version} -p /sbin/ldconfig +%postun -n libpython%{so_version} -p /sbin/ldconfig + +%files -n libpython%{so_version} +%{_libdir}/libpython%{python_abi}.so.%{so_major}.%{so_minor} + +%files -n %{python_pkg_name}-tools +%{sitedir}/turtledemo +%if %{primary_interpreter} +%{_bindir}/2to3 +%endif +%attr(755, root, root)%{_bindir}/2to3-%{python_version} +%doc %{_docdir}/%{name}/Tools + +%files -n %{python_pkg_name}-devel +%{_libdir}/libpython%{python_abi}.so +%if %{primary_interpreter} +%{_libdir}/libpython3.so +%endif +%{_libdir}/pkgconfig/* +%{_includedir}/python%{python_abi} +%{sitedir}/config-%{python_abi}-* +%{_bindir}/python%{python_abi}-config +%if %{primary_interpreter} +%{_bindir}/python3-config +%endif +# Own these directories to not depend on gdb +%dir %{_datadir}/gdb +%dir %{_datadir}/gdb/auto-load +%dir %{_datadir}/gdb/auto-load%{_prefix} +%dir %{_datadir}/gdb/auto-load%{_libdir} +%{_datadir}/gdb/auto-load/%{_libdir}/libpython%{python_abi}.so.%{so_major}.%{so_minor}-gdb.py + +%files -n %{python_pkg_name}-testsuite +%{sitedir}/test +%{sitedir}/*/test +%{sitedir}/*/tests +%{dynlib _ctypes_test} +%{dynlib _testbuffer} +%{dynlib _testcapi} +%{dynlib _testclinic} +%{dynlib _testinternalcapi} +%{dynlib _testimportmultiple} +%{dynlib _testmultiphase} +%{dynlib xxlimited} +# workaround for missing packages +%dir %{sitedir}/sqlite3 +%dir %{sitedir}/tkinter + +%files -n %{python_pkg_name}-base +# docs +%dir %{_docdir}/%{name} +%doc %{_docdir}/%{name}/README.rst +%license LICENSE +%doc %{_docdir}/%{name}/README.SUSE +%if %{primary_interpreter} +%{_mandir}/man1/python3.1%{?ext_man} +%endif +%{_mandir}/man1/python%{python_version}.1%{?ext_man} +%if %{with externally_managed} +# PEP-0668 +%{sitedir}/EXTERNALLY-MANAGED +%endif +# license text, not a doc because the code can use it at run-time +%{sitedir}/LICENSE.txt +# RPM macros +%if %{primary_interpreter} +%{_rpmconfigdir}/macros.d/macros.python3 +%endif +# binary parts +%dir %{sitedir}/lib-dynload +%{dynlib array} +%{dynlib _asyncio} +%{dynlib audioop} +%{dynlib binascii} +%{dynlib _bisect} +%{dynlib _bz2} +%{dynlib cmath} +%{dynlib _codecs_cn} +%{dynlib _codecs_hk} +%{dynlib _codecs_iso2022} +%{dynlib _codecs_jp} +%{dynlib _codecs_kr} +%{dynlib _codecs_tw} +%{dynlib _contextvars} +%{dynlib _crypt} +%{dynlib _csv} +%{dynlib _ctypes} +%{dynlib _datetime} +%{dynlib _decimal} +%{dynlib _elementtree} +%{dynlib fcntl} +%{dynlib grp} +%{dynlib _hashlib} +%{dynlib _heapq} +%{dynlib _json} +%{dynlib _lsprof} +%{dynlib _lzma} +%{dynlib math} +%{dynlib mmap} +%{dynlib _multibytecodec} +%{dynlib _multiprocessing} +%{dynlib _opcode} +%{dynlib ossaudiodev} +%{dynlib _pickle} +%{dynlib _posixshmem} +%{dynlib _posixsubprocess} +%{dynlib pyexpat} +%{dynlib _queue} +%{dynlib _random} +%{dynlib resource} +%{dynlib select} +%{dynlib _socket} +%{dynlib spwd} +%{dynlib _ssl} +%{dynlib _statistics} +%{dynlib _struct} +%{dynlib syslog} +%{dynlib termios} +%{dynlib _typing} +%{dynlib unicodedata} +%{dynlib _uuid} +%{dynlib _xxsubinterpreters} +%{dynlib _xxtestfuzz} +%{dynlib xxlimited_35} +%{dynlib zlib} +%{dynlib _zoneinfo} +# hashlib fallback modules +%{dynlib _blake2} +%{dynlib _md5} +%{dynlib _sha1} +%{dynlib _sha256} +%{dynlib _sha512} +%{dynlib _sha3} +# python parts +%dir %{_prefix}/lib/python%{python_version} +%dir %{_prefix}/lib/python%{python_version}/site-packages +%dir %{_prefix}/lib/python%{python_version}/site-packages/__pycache__ +%dir %{sitedir} +%dir %{sitedir}/site-packages +%dir %{sitedir}/site-packages/__pycache__ +%exclude %{sitedir}/*/test +%exclude %{sitedir}/*/tests +%{sitedir}/*.py +%{sitedir}/asyncio +%{sitedir}/ctypes +%{sitedir}/collections +%{sitedir}/concurrent +%{sitedir}/distutils +%{sitedir}/email +%{sitedir}/encodings +%{sitedir}/ensurepip +%{sitedir}/html +%{sitedir}/http +%{sitedir}/importlib +%{sitedir}/json +%{sitedir}/lib2to3 +%{sitedir}/logging +%{sitedir}/multiprocessing +%{sitedir}/pydoc_data +%{sitedir}/re +%{sitedir}/tomllib +%{sitedir}/unittest +%{sitedir}/urllib +%{sitedir}/venv +%{sitedir}/wsgiref +%{sitedir}/xml +%{sitedir}/xmlrpc +%{sitedir}/zoneinfo +%{sitedir}/__phello__ +%{sitedir}/__pycache__ +# import-failed hooks +%{sitedir}/_import_failed +%{sitedir}/site-packages/zzzz-import-failed-hooks.pth +# symlinks +%if %{primary_interpreter} +%{_bindir}/python3 +%{_bindir}/pydoc3 +%endif +# executables +%attr(755, root, root) %{_bindir}/pydoc%{python_version} +# %%attr(755, root, root) %%{_bindir}/python%%{python_abi} +%attr(755, root, root) %{_bindir}/python%{python_version} +# endif for if base +%endif + +%changelog diff --git a/skip-test_pyobject_freed_is_freed.patch b/skip-test_pyobject_freed_is_freed.patch new file mode 100644 index 0000000..6f48b09 --- /dev/null +++ b/skip-test_pyobject_freed_is_freed.patch @@ -0,0 +1,23 @@ +--- + Lib/test/test_capi/test_misc.py | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/Lib/test/test_capi/test_misc.py ++++ b/Lib/test/test_capi/test_misc.py +@@ -40,6 +40,8 @@ import _testinternalcapi + # Were we compiled --with-pydebug or with #define Py_DEBUG? + Py_DEBUG = hasattr(sys, 'gettotalrefcount') + ++# Which version of the SLE distro we build on? ++SLE_VERSION = int(os.environ.get('SLE_VERSION', '0'), 10) + + NULL = None + +@@ -1281,6 +1283,7 @@ class PyMemDebugTests(unittest.TestCase) + def test_pyobject_forbidden_bytes_is_freed(self): + self.check_pyobject_is_freed('check_pyobject_forbidden_bytes_is_freed') + ++ @unittest.skipIf(0 < SLE_VERSION < 150300, 'Failing on Leap 15.*') + def test_pyobject_freed_is_freed(self): + self.check_pyobject_is_freed('check_pyobject_freed_is_freed') + diff --git a/skip_if_buildbot-extend.patch b/skip_if_buildbot-extend.patch new file mode 100644 index 0000000..fd9a584 --- /dev/null +++ b/skip_if_buildbot-extend.patch @@ -0,0 +1,15 @@ +--- + Lib/test/support/__init__.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/Lib/test/support/__init__.py ++++ b/Lib/test/support/__init__.py +@@ -384,7 +384,7 @@ def skip_if_buildbot(reason=None): + if not reason: + reason = 'not suitable for buildbots' + try: +- isbuildbot = getpass.getuser().lower() == 'buildbot' ++ isbuildbot = getpass.getuser().lower() in ['buildbot', 'abuild'] + except (KeyError, EnvironmentError) as err: + warnings.warn(f'getpass.getuser() failed {err}.', RuntimeWarning) + isbuildbot = False diff --git a/skipped_tests.py b/skipped_tests.py new file mode 100644 index 0000000..47002e6 --- /dev/null +++ b/skipped_tests.py @@ -0,0 +1,69 @@ +#!/usr/bin/python3 +""" +Simple regexp-based skipped test checker. +It lists tests that are mentioned (presumably for exclusion) +in BASE, and in MAIN (presumably for inclusion) +and reports discrepancies. + +This will have a number of +""" + +MAIN = "python39.spec" + +import glob +import re +from os.path import basename + +alltests = set() +qemu_exclusions = set() + +for item in glob.glob("Python-*/Lib/test/test_*"): + testname = basename(item) + if testname.endswith(".py"): + testname = testname[:-3] + alltests.add(testname) + +testre = re.compile(r'[\s"](test_\w+)\b') + +def find_tests_in_spec(specname): + global qemu_exclusions + + found_tests = set() + with open(specname) as spec: + in_qemu = False + for line in spec: + line = line.strip() + if "#" in line: + line = line[:line.index("#")] + tests = set(testre.findall(line)) + found_tests |= tests + if line == "%if 0%{?qemu_user_space_build} > 0": + in_qemu = True + if in_qemu: + if line == "%endif": + in_qemu = False + qemu_exclusions |= tests + return found_tests + +excluded = find_tests_in_spec(MAIN) + +#print("--- excluded tests:", " ".join(sorted(excluded))) +#print("--- included tests:", " ".join(sorted(included))) + +mentioned = excluded +nonexistent = mentioned - alltests +missing = excluded - qemu_exclusions + +print("--- the following tests are excluded for QEMU and not tested in python") +print("--- (that probably means we don't need to worry about them)") +for test in sorted(qemu_exclusions - excluded): + print(test) + +print("--- the following tests might be excluded in python:") +for test in sorted(missing): + print(test) + +if nonexistent: + print("--- the following tests don't exist:") + for test in sorted(nonexistent): + print(test) diff --git a/subprocess-raise-timeout.patch b/subprocess-raise-timeout.patch new file mode 100644 index 0000000..ab29d50 --- /dev/null +++ b/subprocess-raise-timeout.patch @@ -0,0 +1,18 @@ +--- + Lib/test/test_subprocess.py | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +Index: Python-3.11.8/Lib/test/test_subprocess.py +=================================================================== +--- Python-3.11.8.orig/Lib/test/test_subprocess.py ++++ Python-3.11.8/Lib/test/test_subprocess.py +@@ -280,7 +280,8 @@ class ProcessTestCase(BaseTestCase): + "time.sleep(3600)"], + # Some heavily loaded buildbots (sparc Debian 3.x) require + # this much time to start and print. +- timeout=3) ++ # OBS might require even more ++ timeout=10) + self.fail("Expected TimeoutExpired.") + self.assertEqual(c.exception.output, b'BDFL') + -- 2.51.1 From b51967df3e48ea1f6cbfda3c0158df2e0b30fed61d9fb830bbaa1f1253f0235f Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Wed, 25 Jun 2025 19:49:10 +0000 Subject: [PATCH 128/135] Also addresses CVE-2025-4435 (gh#135034, bsc#1244061). OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=185 --- .gitattributes | 23 + .gitignore | 1 + CVE-2023-52425-libexpat-2.6.0-backport.patch | 233 + ...-52425-remove-reparse_deferral-tests.patch | 60 + CVE-2024-9287-venv_path_unquoted.patch | 299 + CVE-2025-0938-sq-brackets-domain-names.patch | 127 + CVE-2025-4516-DecodeError-handler.patch | 504 ++ F00251-change-user-install-location.patch | 215 + PACKAGING-NOTES | 26 + Python-3.11.10.tar.xz | 3 + Python-3.11.10.tar.xz.asc | 16 + Python-3.11.11.tar.xz | 3 + Python-3.11.11.tar.xz.sigstore | 1 + Python-3.11.12.tar.xz | 3 + Python-3.11.12.tar.xz.sigstore | 1 + Python-3.11.13.tar.xz | 3 + Python-3.11.13.tar.xz.sigstore | 1 + README.SUSE | 43 + _multibuild | 4 + add-loongarch64-support.patch | 29 + baselibs.conf | 3 + bluez-devel-vendor.tar.xz | 3 + bpo-31046_ensurepip_honours_prefix.patch | 173 + bsc1221260-test_asyncio-ResourceWarning.patch | 21 + bso1227999-reproducible-builds.patch | 37 + distutils-reproducible-compile.patch | 17 + externally_managed.in | 12 + fix_configure_rst.patch | 40 + ...l-no-stop-ThreadedEchoServer-OSError.patch | 82 + gh120226-fix-sendfile-test-kernel-610.patch | 35 + idle3.appdata.xml | 35 + idle3.desktop | 12 + import_failed.map | 7 + import_failed.py | 23 + macros.python3 | 28 + no-skipif-doctests.patch | 653 ++ pre_checkin.sh | 78 + python-3.3.0b1-fix_date_time_compiler.patch | 27 + python-3.3.0b1-localpath.patch | 13 + python-3.3.0b1-test-posix_fadvise.patch | 17 + python.keyring | 109 + python311-rpmlintrc | 4 + python311.changes | 5624 +++++++++++++++++ python311.spec | 1042 +++ skip-test_pyobject_freed_is_freed.patch | 23 + skip_if_buildbot-extend.patch | 15 + skipped_tests.py | 69 + subprocess-raise-timeout.patch | 18 + 48 files changed, 9815 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 CVE-2023-52425-libexpat-2.6.0-backport.patch create mode 100644 CVE-2023-52425-remove-reparse_deferral-tests.patch create mode 100644 CVE-2024-9287-venv_path_unquoted.patch create mode 100644 CVE-2025-0938-sq-brackets-domain-names.patch create mode 100644 CVE-2025-4516-DecodeError-handler.patch create mode 100644 F00251-change-user-install-location.patch create mode 100644 PACKAGING-NOTES create mode 100644 Python-3.11.10.tar.xz create mode 100644 Python-3.11.10.tar.xz.asc create mode 100644 Python-3.11.11.tar.xz create mode 100644 Python-3.11.11.tar.xz.sigstore create mode 100644 Python-3.11.12.tar.xz create mode 100644 Python-3.11.12.tar.xz.sigstore create mode 100644 Python-3.11.13.tar.xz create mode 100644 Python-3.11.13.tar.xz.sigstore create mode 100644 README.SUSE create mode 100644 _multibuild create mode 100644 add-loongarch64-support.patch create mode 100644 baselibs.conf create mode 100644 bluez-devel-vendor.tar.xz create mode 100644 bpo-31046_ensurepip_honours_prefix.patch create mode 100644 bsc1221260-test_asyncio-ResourceWarning.patch create mode 100644 bso1227999-reproducible-builds.patch create mode 100644 distutils-reproducible-compile.patch create mode 100644 externally_managed.in create mode 100644 fix_configure_rst.patch create mode 100644 gh-126572-test_ssl-no-stop-ThreadedEchoServer-OSError.patch create mode 100644 gh120226-fix-sendfile-test-kernel-610.patch create mode 100644 idle3.appdata.xml create mode 100644 idle3.desktop create mode 100644 import_failed.map create mode 100644 import_failed.py create mode 100644 macros.python3 create mode 100644 no-skipif-doctests.patch create mode 100644 pre_checkin.sh create mode 100644 python-3.3.0b1-fix_date_time_compiler.patch create mode 100644 python-3.3.0b1-localpath.patch create mode 100644 python-3.3.0b1-test-posix_fadvise.patch create mode 100644 python.keyring create mode 100644 python311-rpmlintrc create mode 100644 python311.changes create mode 100644 python311.spec create mode 100644 skip-test_pyobject_freed_is_freed.patch create mode 100644 skip_if_buildbot-extend.patch create mode 100644 skipped_tests.py create mode 100644 subprocess-raise-timeout.patch diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/CVE-2023-52425-libexpat-2.6.0-backport.patch b/CVE-2023-52425-libexpat-2.6.0-backport.patch new file mode 100644 index 0000000..1acc25a --- /dev/null +++ b/CVE-2023-52425-libexpat-2.6.0-backport.patch @@ -0,0 +1,233 @@ +--- + Lib/test/support/__init__.py | 16 ++++++++++++++-- + Lib/test/test_minidom.py | 23 +++++++++-------------- + Lib/test/test_pyexpat.py | 12 +++++------- + Lib/test/test_sax.py | 18 +++++++++--------- + Lib/test/test_xml_etree.py | 12 ------------ + 5 files changed, 37 insertions(+), 44 deletions(-) + +Index: Python-3.11.12/Lib/test/support/__init__.py +=================================================================== +--- Python-3.11.12.orig/Lib/test/support/__init__.py 2025-04-11 10:52:43.191010503 +0200 ++++ Python-3.11.12/Lib/test/support/__init__.py 2025-04-11 10:52:44.802161741 +0200 +@@ -8,6 +8,7 @@ + import functools + import os + import re ++import pyexpat + import stat + import sys + import sysconfig +@@ -56,7 +57,7 @@ + "run_with_tz", "PGO", "missing_compiler_executable", + "ALWAYS_EQ", "NEVER_EQ", "LARGEST", "SMALLEST", + "LOOPBACK_TIMEOUT", "INTERNET_TIMEOUT", "SHORT_TIMEOUT", "LONG_TIMEOUT", +- "skip_on_s390x", ++ "skip_on_s390x", "fails_with_expat_2_6_0", "is_expat_2_6_0" + ] + + +@@ -2244,6 +2245,17 @@ + } + return ignored + +-#Windows doesn't have os.uname() but it doesn't support s390x. ++ ++# Windows doesn't have os.uname() but it doesn't support s390x. + skip_on_s390x = unittest.skipIf(hasattr(os, 'uname') and os.uname().machine == 's390x', + 'skipped on s390x') ++ ++ ++@functools.lru_cache ++def _is_expat_2_6_0(): ++ return hasattr(pyexpat.ParserCreate(), 'SetReparseDeferralEnabled') ++is_expat_2_6_0 = _is_expat_2_6_0() ++ ++fails_with_expat_2_6_0 = (unittest.expectedFailure ++ if is_expat_2_6_0 ++ else lambda test: test) +Index: Python-3.11.12/Lib/test/test_minidom.py +=================================================================== +--- Python-3.11.12.orig/Lib/test/test_minidom.py 2025-04-11 10:52:21.907086938 +0200 ++++ Python-3.11.12/Lib/test/test_minidom.py 2025-04-11 10:52:44.802522893 +0200 +@@ -6,7 +6,6 @@ + from test import support + import unittest + +-import pyexpat + import xml.dom.minidom + + from xml.dom.minidom import parse, Attr, Node, Document, parseString +@@ -1163,13 +1162,11 @@ + + # Verify that character decoding errors raise exceptions instead + # of crashing +- if pyexpat.version_info >= (2, 4, 5): +- self.assertRaises(ExpatError, parseString, +- b'') +- self.assertRaises(ExpatError, parseString, +- b'Comment \xe7a va ? Tr\xe8s bien ?') +- else: +- self.assertRaises(UnicodeDecodeError, parseString, ++ # It doesn’t make any sense to insist on the exact text of the ++ # error message, or even the exact Exception … it is enough that ++ # the error has been discovered. ++ with self.assertRaises((UnicodeDecodeError, ExpatError)): ++ parseString( + b'Comment \xe7a va ? Tr\xe8s bien ?') + + doc.unlink() +@@ -1631,12 +1628,10 @@ + self.confirm(doc2.namespaceURI == xml.dom.EMPTY_NAMESPACE) + + def testExceptionOnSpacesInXMLNSValue(self): +- if pyexpat.version_info >= (2, 4, 5): +- context = self.assertRaisesRegex(ExpatError, 'syntax error') +- else: +- context = self.assertRaisesRegex(ValueError, 'Unsupported syntax') +- +- with context: ++ # It doesn’t make any sense to insist on the exact text of the ++ # error message, or even the exact Exception … it is enough that ++ # the error has been discovered. ++ with self.assertRaises((ExpatError, ValueError)): + parseString('') + + def testDocRemoveChild(self): +Index: Python-3.11.12/Lib/test/test_pyexpat.py +=================================================================== +--- Python-3.11.12.orig/Lib/test/test_pyexpat.py 2025-04-11 10:52:22.076696906 +0200 ++++ Python-3.11.12/Lib/test/test_pyexpat.py 2025-04-11 10:52:44.803228085 +0200 +@@ -14,8 +14,7 @@ + from xml.parsers import expat + from xml.parsers.expat import errors + +-from test.support import sortdict, is_emscripten, is_wasi +- ++from test.support import sortdict, is_emscripten, is_wasi, is_expat_2_6_0 + + class SetAttributeTest(unittest.TestCase): + def setUp(self): +@@ -770,9 +769,8 @@ + self.assertIs(parser.GetReparseDeferralEnabled(), enabled) + + def test_reparse_deferral_enabled(self): +- if expat.version_info < (2, 6, 0): +- self.skipTest(f'Expat {expat.version_info} does not ' +- 'support reparse deferral') ++ if not is_expat_2_6_0: ++ self.skipTest("Linked libexpat doesn't support reparse deferral") + + started = [] + +@@ -801,9 +799,9 @@ + + parser = expat.ParserCreate() + parser.StartElementHandler = start_element +- if expat.version_info >= (2, 6, 0): ++ if is_expat_2_6_0: + parser.SetReparseDeferralEnabled(False) +- self.assertFalse(parser.GetReparseDeferralEnabled()) ++ self.assertFalse(parser.GetReparseDeferralEnabled()) + + for chunk in (b''): + parser.Parse(chunk, False) +Index: Python-3.11.12/Lib/test/test_sax.py +=================================================================== +--- Python-3.11.12.orig/Lib/test/test_sax.py 2025-04-11 10:52:22.111440337 +0200 ++++ Python-3.11.12/Lib/test/test_sax.py 2025-04-11 10:52:44.803567098 +0200 +@@ -19,13 +19,11 @@ + from io import BytesIO, StringIO + import codecs + import os.path +-import pyexpat + import shutil + import sys + from urllib.error import URLError + import urllib.request +-from test.support import os_helper +-from test.support import findfile ++from test.support import os_helper, findfile, is_expat_2_6_0 + from test.support.os_helper import FakePath, TESTFN + + +@@ -1215,10 +1213,10 @@ + + self.assertEqual(result.getvalue(), start + b"text") + +- @unittest.skipIf(pyexpat.version_info < (2, 6, 0), +- f'Expat {pyexpat.version_info} does not ' +- 'support reparse deferral') + def test_flush_reparse_deferral_enabled(self): ++ if not is_expat_2_6_0: ++ self.skipTest("Linked libexpat doesn't support reparse deferral") ++ + result = BytesIO() + xmlgen = XMLGenerator(result) + parser = create_parser() +@@ -1241,6 +1239,9 @@ + self.assertEqual(result.getvalue(), start + b"") + + def test_flush_reparse_deferral_disabled(self): ++ if not is_expat_2_6_0: ++ self.skipTest("Linked libexpat doesn't support reparse deferral") ++ + result = BytesIO() + xmlgen = XMLGenerator(result) + parser = create_parser() +@@ -1249,9 +1250,8 @@ + for chunk in (""): + parser.feed(chunk) + +- if pyexpat.version_info >= (2, 6, 0): +- parser._parser.SetReparseDeferralEnabled(False) +- self.assertEqual(result.getvalue(), start) # i.e. no elements started ++ parser._parser.SetReparseDeferralEnabled(False) ++ self.assertEqual(result.getvalue(), start) # i.e. no elements started + + self.assertFalse(parser._parser.GetReparseDeferralEnabled()) + +Index: Python-3.11.12/Lib/test/test_xml_etree.py +=================================================================== +--- Python-3.11.12.orig/Lib/test/test_xml_etree.py 2025-04-11 10:52:22.425637912 +0200 ++++ Python-3.11.12/Lib/test/test_xml_etree.py 2025-04-11 10:52:44.804234785 +0200 +@@ -13,7 +13,6 @@ + import operator + import os + import pickle +-import pyexpat + import sys + import textwrap + import types +@@ -1424,12 +1423,6 @@ + self.assert_event_tags(parser, [('end', 'root')]) + self.assertIsNone(parser.close()) + +- def test_simple_xml_chunk_1(self): +- self.test_simple_xml(chunk_size=1, flush=True) +- +- def test_simple_xml_chunk_5(self): +- self.test_simple_xml(chunk_size=5, flush=True) +- + def test_simple_xml_chunk_22(self): + self.test_simple_xml(chunk_size=22) + +@@ -1627,9 +1620,6 @@ + with self.assertRaises(ValueError): + ET.XMLPullParser(events=('start', 'end', 'bogus')) + +- @unittest.skipIf(pyexpat.version_info < (2, 6, 0), +- f'Expat {pyexpat.version_info} does not ' +- 'support reparse deferral') + def test_flush_reparse_deferral_enabled(self): + parser = ET.XMLPullParser(events=('start', 'end')) + +@@ -1656,8 +1646,6 @@ + + for chunk in (""): + parser.feed(chunk) +- +- if pyexpat.version_info >= (2, 6, 0): + if not ET is pyET: + self.skipTest(f'XMLParser.(Get|Set)ReparseDeferralEnabled ' + 'methods not available in C') diff --git a/CVE-2023-52425-remove-reparse_deferral-tests.patch b/CVE-2023-52425-remove-reparse_deferral-tests.patch new file mode 100644 index 0000000..553bdf8 --- /dev/null +++ b/CVE-2023-52425-remove-reparse_deferral-tests.patch @@ -0,0 +1,60 @@ +--- + Lib/test/test_pyexpat.py | 2 ++ + Lib/test/test_sax.py | 2 ++ + Lib/test/test_xml_etree.py | 2 ++ + 3 files changed, 6 insertions(+) + +--- a/Lib/test/test_pyexpat.py ++++ b/Lib/test/test_pyexpat.py +@@ -768,6 +768,7 @@ class ReparseDeferralTest(unittest.TestC + parser.SetReparseDeferralEnabled(True) + self.assertIs(parser.GetReparseDeferralEnabled(), enabled) + ++ @unittest.skip('Tests are failing.') + def test_reparse_deferral_enabled(self): + if not is_expat_2_6_0: + self.skipTest("Linked libexpat doesn't support reparse deferral") +@@ -791,6 +792,7 @@ class ReparseDeferralTest(unittest.TestC + + self.assertEqual(started, ['doc']) + ++ @unittest.skip('Tests are failing.') + def test_reparse_deferral_disabled(self): + started = [] + +--- a/Lib/test/test_sax.py ++++ b/Lib/test/test_sax.py +@@ -1213,6 +1213,7 @@ class ExpatReaderTest(XmlTestBase): + + self.assertEqual(result.getvalue(), start + b"text") + ++ @unittest.skip('Tests are failing.') + def test_flush_reparse_deferral_enabled(self): + if not is_expat_2_6_0: + self.skipTest("Linked libexpat doesn't support reparse deferral") +@@ -1238,6 +1239,7 @@ class ExpatReaderTest(XmlTestBase): + + self.assertEqual(result.getvalue(), start + b"") + ++ @unittest.skip('Tests are failing.') + def test_flush_reparse_deferral_disabled(self): + if not is_expat_2_6_0: + self.skipTest("Linked libexpat doesn't support reparse deferral") +--- a/Lib/test/test_xml_etree.py ++++ b/Lib/test/test_xml_etree.py +@@ -1620,6 +1620,7 @@ class XMLPullParserTest(unittest.TestCas + with self.assertRaises(ValueError): + ET.XMLPullParser(events=('start', 'end', 'bogus')) + ++ @unittest.skip('Tests are failing.') + def test_flush_reparse_deferral_enabled(self): + parser = ET.XMLPullParser(events=('start', 'end')) + +@@ -1641,6 +1642,7 @@ class XMLPullParserTest(unittest.TestCas + + self.assert_event_tags(parser, [('end', 'doc')]) + ++ @unittest.skip('Tests are failing.') + def test_flush_reparse_deferral_disabled(self): + parser = ET.XMLPullParser(events=('start', 'end')) + diff --git a/CVE-2024-9287-venv_path_unquoted.patch b/CVE-2024-9287-venv_path_unquoted.patch new file mode 100644 index 0000000..541a907 --- /dev/null +++ b/CVE-2024-9287-venv_path_unquoted.patch @@ -0,0 +1,299 @@ +From 1408cc9bf9e8b19968761548c30b78d37074c21c Mon Sep 17 00:00:00 2001 +From: Y5 <124019959+y5c4l3@users.noreply.github.com> +Date: Tue, 22 Oct 2024 04:48:04 +0800 +Subject: [PATCH] gh-124651: Quote template strings in `venv` activation + scripts (GH-124712) + +This patch properly quotes template strings in `venv` activation +scripts. This mitigates potential command injection. + +(cherry picked from commit d48cc82ed25e26b02eb97c6263d95dcaa1e9111b) +--- + Lib/test/test_venv.py | 81 ++++++++++ + Lib/venv/__init__.py | 42 ++++- + Lib/venv/scripts/common/activate | 8 + Lib/venv/scripts/nt/activate.bat | 6 + Lib/venv/scripts/posix/activate.csh | 8 + Lib/venv/scripts/posix/activate.fish | 8 + Misc/NEWS.d/next/Library/2024-09-28-02-03-04.gh-issue-124651.bLBGtH.rst | 1 + 7 files changed, 134 insertions(+), 20 deletions(-) + create mode 100644 Misc/NEWS.d/next/Library/2024-09-28-02-03-04.gh-issue-124651.bLBGtH.rst + +--- a/Lib/test/test_venv.py ++++ b/Lib/test/test_venv.py +@@ -11,6 +11,7 @@ import os + import os.path + import pathlib + import re ++import shlex + import shutil + import struct + import subprocess +@@ -96,6 +97,10 @@ class BaseTest(unittest.TestCase): + result = f.read() + return result + ++ def assertEndsWith(self, string, tail): ++ if not string.endswith(tail): ++ self.fail(f"String {string!r} does not end with {tail!r}") ++ + class BasicTest(BaseTest): + """Test venv module functionality.""" + +@@ -446,6 +451,82 @@ class BasicTest(BaseTest): + 'import sys; print(sys.executable)']) + self.assertEqual(out.strip(), envpy.encode()) + ++ # gh-124651: test quoted strings ++ @unittest.skipIf(os.name == 'nt', 'contains invalid characters on Windows') ++ def test_special_chars_bash(self): ++ """ ++ Test that the template strings are quoted properly (bash) ++ """ ++ rmtree(self.env_dir) ++ bash = shutil.which('bash') ++ if bash is None: ++ self.skipTest('bash required for this test') ++ env_name = '"\';&&$e|\'"' ++ env_dir = os.path.join(os.path.realpath(self.env_dir), env_name) ++ builder = venv.EnvBuilder(clear=True) ++ builder.create(env_dir) ++ activate = os.path.join(env_dir, self.bindir, 'activate') ++ test_script = os.path.join(self.env_dir, 'test_special_chars.sh') ++ with open(test_script, "w") as f: ++ f.write(f'source {shlex.quote(activate)}\n' ++ 'python -c \'import sys; print(sys.executable)\'\n' ++ 'python -c \'import os; print(os.environ["VIRTUAL_ENV"])\'\n' ++ 'deactivate\n') ++ out, err = check_output([bash, test_script]) ++ lines = out.splitlines() ++ self.assertTrue(env_name.encode() in lines[0]) ++ self.assertEndsWith(lines[1], env_name.encode()) ++ ++ # gh-124651: test quoted strings ++ @unittest.skipIf(os.name == 'nt', 'contains invalid characters on Windows') ++ def test_special_chars_csh(self): ++ """ ++ Test that the template strings are quoted properly (csh) ++ """ ++ rmtree(self.env_dir) ++ csh = shutil.which('tcsh') or shutil.which('csh') ++ if csh is None: ++ self.skipTest('csh required for this test') ++ env_name = '"\';&&$e|\'"' ++ env_dir = os.path.join(os.path.realpath(self.env_dir), env_name) ++ builder = venv.EnvBuilder(clear=True) ++ builder.create(env_dir) ++ activate = os.path.join(env_dir, self.bindir, 'activate.csh') ++ test_script = os.path.join(self.env_dir, 'test_special_chars.csh') ++ with open(test_script, "w") as f: ++ f.write(f'source {shlex.quote(activate)}\n' ++ 'python -c \'import sys; print(sys.executable)\'\n' ++ 'python -c \'import os; print(os.environ["VIRTUAL_ENV"])\'\n' ++ 'deactivate\n') ++ out, err = check_output([csh, test_script]) ++ lines = out.splitlines() ++ self.assertTrue(env_name.encode() in lines[0]) ++ self.assertEndsWith(lines[1], env_name.encode()) ++ ++ # gh-124651: test quoted strings on Windows ++ @unittest.skipUnless(os.name == 'nt', 'only relevant on Windows') ++ def test_special_chars_windows(self): ++ """ ++ Test that the template strings are quoted properly on Windows ++ """ ++ rmtree(self.env_dir) ++ env_name = "'&&^$e" ++ env_dir = os.path.join(os.path.realpath(self.env_dir), env_name) ++ builder = venv.EnvBuilder(clear=True) ++ builder.create(env_dir) ++ activate = os.path.join(env_dir, self.bindir, 'activate.bat') ++ test_batch = os.path.join(self.env_dir, 'test_special_chars.bat') ++ with open(test_batch, "w") as f: ++ f.write('@echo off\n' ++ f'"{activate}" & ' ++ f'{self.exe} -c "import sys; print(sys.executable)" & ' ++ f'{self.exe} -c "import os; print(os.environ[\'VIRTUAL_ENV\'])" & ' ++ 'deactivate') ++ out, err = check_output([test_batch]) ++ lines = out.splitlines() ++ self.assertTrue(env_name.encode() in lines[0]) ++ self.assertEndsWith(lines[1], env_name.encode()) ++ + @unittest.skipUnless(os.name == 'nt', 'only relevant on Windows') + def test_unicode_in_batch_file(self): + """ +--- a/Lib/venv/__init__.py ++++ b/Lib/venv/__init__.py +@@ -11,6 +11,7 @@ import subprocess + import sys + import sysconfig + import types ++import shlex + + + CORE_VENV_DEPS = ('pip', 'setuptools') +@@ -394,11 +395,41 @@ class EnvBuilder: + :param context: The information for the environment creation request + being processed. + """ +- text = text.replace('__VENV_DIR__', context.env_dir) +- text = text.replace('__VENV_NAME__', context.env_name) +- text = text.replace('__VENV_PROMPT__', context.prompt) +- text = text.replace('__VENV_BIN_NAME__', context.bin_name) +- text = text.replace('__VENV_PYTHON__', context.env_exe) ++ replacements = { ++ '__VENV_DIR__': context.env_dir, ++ '__VENV_NAME__': context.env_name, ++ '__VENV_PROMPT__': context.prompt, ++ '__VENV_BIN_NAME__': context.bin_name, ++ '__VENV_PYTHON__': context.env_exe, ++ } ++ ++ def quote_ps1(s): ++ """ ++ This should satisfy PowerShell quoting rules [1], unless the quoted ++ string is passed directly to Windows native commands [2]. ++ [1]: https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_quoting_rules ++ [2]: https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_parsing#passing-arguments-that-contain-quote-characters ++ """ ++ s = s.replace("'", "''") ++ return f"'{s}'" ++ ++ def quote_bat(s): ++ return s ++ ++ # gh-124651: need to quote the template strings properly ++ quote = shlex.quote ++ script_path = context.script_path ++ if script_path.endswith('.ps1'): ++ quote = quote_ps1 ++ elif script_path.endswith('.bat'): ++ quote = quote_bat ++ else: ++ # fallbacks to POSIX shell compliant quote ++ quote = shlex.quote ++ ++ replacements = {key: quote(s) for key, s in replacements.items()} ++ for key, quoted in replacements.items(): ++ text = text.replace(key, quoted) + return text + + def install_scripts(self, context, path): +@@ -438,6 +469,7 @@ class EnvBuilder: + with open(srcfile, 'rb') as f: + data = f.read() + if not srcfile.endswith(('.exe', '.pdb')): ++ context.script_path = srcfile + try: + data = data.decode('utf-8') + data = self.replace_variables(data, context) +--- a/Lib/venv/scripts/common/activate ++++ b/Lib/venv/scripts/common/activate +@@ -35,11 +35,11 @@ deactivate () { + # unset irrelevant variables + deactivate nondestructive + +-VIRTUAL_ENV="__VENV_DIR__" ++VIRTUAL_ENV=__VENV_DIR__ + export VIRTUAL_ENV + + _OLD_VIRTUAL_PATH="$PATH" +-PATH="$VIRTUAL_ENV/__VENV_BIN_NAME__:$PATH" ++PATH="$VIRTUAL_ENV/"__VENV_BIN_NAME__":$PATH" + export PATH + + # unset PYTHONHOME if set +@@ -52,9 +52,9 @@ fi + + if [ -z "${VIRTUAL_ENV_DISABLE_PROMPT:-}" ] ; then + _OLD_VIRTUAL_PS1="${PS1:-}" +- PS1="__VENV_PROMPT__${PS1:-}" ++ PS1=__VENV_PROMPT__"${PS1:-}" + export PS1 +- VIRTUAL_ENV_PROMPT="__VENV_PROMPT__" ++ VIRTUAL_ENV_PROMPT=__VENV_PROMPT__ + export VIRTUAL_ENV_PROMPT + fi + +--- a/Lib/venv/scripts/nt/activate.bat ++++ b/Lib/venv/scripts/nt/activate.bat +@@ -8,7 +8,7 @@ if defined _OLD_CODEPAGE ( + "%SystemRoot%\System32\chcp.com" 65001 > nul + ) + +-set VIRTUAL_ENV=__VENV_DIR__ ++set "VIRTUAL_ENV=__VENV_DIR__" + + if not defined PROMPT set PROMPT=$P$G + +@@ -24,8 +24,8 @@ set PYTHONHOME= + if defined _OLD_VIRTUAL_PATH set PATH=%_OLD_VIRTUAL_PATH% + if not defined _OLD_VIRTUAL_PATH set _OLD_VIRTUAL_PATH=%PATH% + +-set PATH=%VIRTUAL_ENV%\__VENV_BIN_NAME__;%PATH% +-set VIRTUAL_ENV_PROMPT=__VENV_PROMPT__ ++set "PATH=%VIRTUAL_ENV%\__VENV_BIN_NAME__;%PATH%" ++set "VIRTUAL_ENV_PROMPT=__VENV_PROMPT__" + + :END + if defined _OLD_CODEPAGE ( +--- a/Lib/venv/scripts/posix/activate.csh ++++ b/Lib/venv/scripts/posix/activate.csh +@@ -8,17 +8,17 @@ alias deactivate 'test $?_OLD_VIRTUAL_PA + # Unset irrelevant variables. + deactivate nondestructive + +-setenv VIRTUAL_ENV "__VENV_DIR__" ++setenv VIRTUAL_ENV __VENV_DIR__ + + set _OLD_VIRTUAL_PATH="$PATH" +-setenv PATH "$VIRTUAL_ENV/__VENV_BIN_NAME__:$PATH" ++setenv PATH "$VIRTUAL_ENV/"__VENV_BIN_NAME__":$PATH" + + + set _OLD_VIRTUAL_PROMPT="$prompt" + + if (! "$?VIRTUAL_ENV_DISABLE_PROMPT") then +- set prompt = "__VENV_PROMPT__$prompt" +- setenv VIRTUAL_ENV_PROMPT "__VENV_PROMPT__" ++ set prompt = __VENV_PROMPT__"$prompt" ++ setenv VIRTUAL_ENV_PROMPT __VENV_PROMPT__ + endif + + alias pydoc python -m pydoc +--- a/Lib/venv/scripts/posix/activate.fish ++++ b/Lib/venv/scripts/posix/activate.fish +@@ -33,10 +33,10 @@ end + # Unset irrelevant variables. + deactivate nondestructive + +-set -gx VIRTUAL_ENV "__VENV_DIR__" ++set -gx VIRTUAL_ENV __VENV_DIR__ + + set -gx _OLD_VIRTUAL_PATH $PATH +-set -gx PATH "$VIRTUAL_ENV/__VENV_BIN_NAME__" $PATH ++set -gx PATH "$VIRTUAL_ENV/"__VENV_BIN_NAME__ $PATH + + # Unset PYTHONHOME if set. + if set -q PYTHONHOME +@@ -56,7 +56,7 @@ if test -z "$VIRTUAL_ENV_DISABLE_PROMPT" + set -l old_status $status + + # Output the venv prompt; color taken from the blue of the Python logo. +- printf "%s%s%s" (set_color 4B8BBE) "__VENV_PROMPT__" (set_color normal) ++ printf "%s%s%s" (set_color 4B8BBE) __VENV_PROMPT__ (set_color normal) + + # Restore the return status of the previous command. + echo "exit $old_status" | . +@@ -65,5 +65,5 @@ if test -z "$VIRTUAL_ENV_DISABLE_PROMPT" + end + + set -gx _OLD_FISH_PROMPT_OVERRIDE "$VIRTUAL_ENV" +- set -gx VIRTUAL_ENV_PROMPT "__VENV_PROMPT__" ++ set -gx VIRTUAL_ENV_PROMPT __VENV_PROMPT__ + end +--- /dev/null ++++ b/Misc/NEWS.d/next/Library/2024-09-28-02-03-04.gh-issue-124651.bLBGtH.rst +@@ -0,0 +1 @@ ++Properly quote template strings in :mod:`venv` activation scripts. diff --git a/CVE-2025-0938-sq-brackets-domain-names.patch b/CVE-2025-0938-sq-brackets-domain-names.patch new file mode 100644 index 0000000..7db4656 --- /dev/null +++ b/CVE-2025-0938-sq-brackets-domain-names.patch @@ -0,0 +1,127 @@ +From d91e2c740890837edafaee24d68112b776cda9c5 Mon Sep 17 00:00:00 2001 +From: Seth Michael Larson +Date: Fri, 31 Jan 2025 11:41:34 -0600 +Subject: [PATCH] gh-105704: Disallow square brackets (`[` and `]`) in domain + names for parsed URLs (GH-129418) + +* gh-105704: Disallow square brackets ( and ) in domain names for parsed URLs + +* Use Sphinx references + +Co-authored-by: Peter Bierma + +* Add mismatched bracket test cases, fix news format + +* Add more test coverage for ports + +--------- + +(cherry picked from commit d89a5f6a6e65511a5f6e0618c4c30a7aa5aba56a) + +Co-authored-by: Seth Michael Larson +Co-authored-by: Peter Bierma +--- + Lib/test/test_urlparse.py | 37 +++++++++- + Lib/urllib/parse.py | 20 ++++- + Misc/NEWS.d/next/Security/2025-01-28-14-08-03.gh-issue-105704.EnhHxu.rst | 4 + + 3 files changed, 58 insertions(+), 3 deletions(-) + create mode 100644 Misc/NEWS.d/next/Security/2025-01-28-14-08-03.gh-issue-105704.EnhHxu.rst + +--- a/Lib/test/test_urlparse.py ++++ b/Lib/test/test_urlparse.py +@@ -1224,16 +1224,51 @@ class UrlParseTestCase(unittest.TestCase + self.assertRaises(ValueError, urllib.parse.urlsplit, 'Scheme://user@[0439:23af::2309::fae7:1234]/Path?Query') + self.assertRaises(ValueError, urllib.parse.urlsplit, 'Scheme://user@[0439:23af:2309::fae7:1234:2342:438e:192.0.2.146]/Path?Query') + self.assertRaises(ValueError, urllib.parse.urlsplit, 'Scheme://user@]v6a.ip[/Path') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[v6a.ip]') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[v6a.ip].suffix') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[v6a.ip]/') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[v6a.ip].suffix/') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[v6a.ip]?') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[v6a.ip].suffix?') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]/') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix/') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]?') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix?') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]:a') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix:a') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]:a1') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix:a1') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]:1a') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix:1a') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]:') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix:/') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]:?') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://user@prefix.[v6a.ip]') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://user@[v6a.ip].suffix') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[v6a.ip') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://v6a.ip]') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://]v6a.ip[') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://]v6a.ip') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://v6a.ip[') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[v6a.ip') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://v6a.ip].suffix') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix]v6a.ip[suffix') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix]v6a.ip') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://v6a.ip[suffix') + + def test_splitting_bracketed_hosts(self): +- p1 = urllib.parse.urlsplit('scheme://user@[v6a.ip]/path?query') ++ p1 = urllib.parse.urlsplit('scheme://user@[v6a.ip]:1234/path?query') + self.assertEqual(p1.hostname, 'v6a.ip') + self.assertEqual(p1.username, 'user') + self.assertEqual(p1.path, '/path') ++ self.assertEqual(p1.port, 1234) + p2 = urllib.parse.urlsplit('scheme://user@[0439:23af:2309::fae7%test]/path?query') + self.assertEqual(p2.hostname, '0439:23af:2309::fae7%test') + self.assertEqual(p2.username, 'user') + self.assertEqual(p2.path, '/path') ++ self.assertIs(p2.port, None) + p3 = urllib.parse.urlsplit('scheme://user@[0439:23af:2309::fae7:1234:192.0.2.146%test]/path?query') + self.assertEqual(p3.hostname, '0439:23af:2309::fae7:1234:192.0.2.146%test') + self.assertEqual(p3.username, 'user') +--- a/Lib/urllib/parse.py ++++ b/Lib/urllib/parse.py +@@ -436,6 +436,23 @@ def _checknetloc(netloc): + raise ValueError("netloc '" + netloc + "' contains invalid " + + "characters under NFKC normalization") + ++def _check_bracketed_netloc(netloc): ++ # Note that this function must mirror the splitting ++ # done in NetlocResultMixins._hostinfo(). ++ hostname_and_port = netloc.rpartition('@')[2] ++ before_bracket, have_open_br, bracketed = hostname_and_port.partition('[') ++ if have_open_br: ++ # No data is allowed before a bracket. ++ if before_bracket: ++ raise ValueError("Invalid IPv6 URL") ++ hostname, _, port = bracketed.partition(']') ++ # No data is allowed after the bracket but before the port delimiter. ++ if port and not port.startswith(":"): ++ raise ValueError("Invalid IPv6 URL") ++ else: ++ hostname, _, port = hostname_and_port.partition(':') ++ _check_bracketed_host(hostname) ++ + # Valid bracketed hosts are defined in + # https://www.rfc-editor.org/rfc/rfc3986#page-49 and https://url.spec.whatwg.org/ + def _check_bracketed_host(hostname): +@@ -496,8 +513,7 @@ def urlsplit(url, scheme='', allow_fragm + (']' in netloc and '[' not in netloc)): + raise ValueError("Invalid IPv6 URL") + if '[' in netloc and ']' in netloc: +- bracketed_host = netloc.partition('[')[2].partition(']')[0] +- _check_bracketed_host(bracketed_host) ++ _check_bracketed_netloc(netloc) + if allow_fragments and '#' in url: + url, fragment = url.split('#', 1) + if '?' in url: +--- /dev/null ++++ b/Misc/NEWS.d/next/Security/2025-01-28-14-08-03.gh-issue-105704.EnhHxu.rst +@@ -0,0 +1,4 @@ ++When using :func:`urllib.parse.urlsplit` and :func:`urllib.parse.urlparse` host ++parsing would not reject domain names containing square brackets (``[`` and ++``]``). Square brackets are only valid for IPv6 and IPvFuture hosts according to ++`RFC 3986 Section 3.2.2 `__. diff --git a/CVE-2025-4516-DecodeError-handler.patch b/CVE-2025-4516-DecodeError-handler.patch new file mode 100644 index 0000000..fc4b1d6 --- /dev/null +++ b/CVE-2025-4516-DecodeError-handler.patch @@ -0,0 +1,504 @@ +From 0c33e5baedf18ebcb04bc41dff7cfc614d5ea5fe Mon Sep 17 00:00:00 2001 +From: Serhiy Storchaka +Date: Tue, 20 May 2025 15:46:57 +0300 +Subject: [PATCH] [3.11] gh-133767: Fix use-after-free in the unicode-escape + decoder with an error handler (GH-129648) (GH-133944) + +If the error handler is used, a new bytes object is created to set as +the object attribute of UnicodeDecodeError, and that bytes object then +replaces the original data. A pointer to the decoded data will became invalid +after destroying that temporary bytes object. So we need other way to return +the first invalid escape from _PyUnicode_DecodeUnicodeEscapeInternal(). + +_PyBytes_DecodeEscape() does not have such issue, because it does not +use the error handlers registry, but it should be changed for compatibility +with _PyUnicode_DecodeUnicodeEscapeInternal(). +(cherry picked from commit 9f69a58623bd01349a18ba0c7a9cb1dad6a51e8e) +(cherry picked from commit 6279eb8c076d89d3739a6edb393e43c7929b429d) +(cherry picked from commit a75953b347716fff694aa59a7c7c2489fa50d1f5) + +Co-authored-by: Serhiy Storchaka +--- + Include/cpython/bytesobject.h | 4 + Include/cpython/unicodeobject.h | 13 ++ + Lib/test/test_codeccallbacks.py | 39 ++++++ + Lib/test/test_codecs.py | 52 ++++++-- + Misc/NEWS.d/next/Security/2025-05-09-20-22-54.gh-issue-133767.kN2i3Q.rst | 2 + Objects/bytesobject.c | 56 ++++++-- + Objects/unicodeobject.c | 63 +++++++--- + Parser/string_parser.c | 24 ++- + 8 files changed, 197 insertions(+), 56 deletions(-) + create mode 100644 Misc/NEWS.d/next/Security/2025-05-09-20-22-54.gh-issue-133767.kN2i3Q.rst + +--- a/Include/cpython/bytesobject.h ++++ b/Include/cpython/bytesobject.h +@@ -25,6 +25,10 @@ PyAPI_FUNC(PyObject*) _PyBytes_FromHex( + int use_bytearray); + + /* Helper for PyBytes_DecodeEscape that detects invalid escape chars. */ ++PyAPI_FUNC(PyObject*) _PyBytes_DecodeEscape2(const char *, Py_ssize_t, ++ const char *, ++ int *, const char **); ++// Export for binary compatibility. + PyAPI_FUNC(PyObject *) _PyBytes_DecodeEscape(const char *, Py_ssize_t, + const char *, const char **); + +--- a/Include/cpython/unicodeobject.h ++++ b/Include/cpython/unicodeobject.h +@@ -914,6 +914,19 @@ PyAPI_FUNC(PyObject*) _PyUnicode_DecodeU + ); + /* Helper for PyUnicode_DecodeUnicodeEscape that detects invalid escape + chars. */ ++PyAPI_FUNC(PyObject*) _PyUnicode_DecodeUnicodeEscapeInternal2( ++ const char *string, /* Unicode-Escape encoded string */ ++ Py_ssize_t length, /* size of string */ ++ const char *errors, /* error handling */ ++ Py_ssize_t *consumed, /* bytes consumed */ ++ int *first_invalid_escape_char, /* on return, if not -1, contain the first ++ invalid escaped char (<= 0xff) or invalid ++ octal escape (> 0xff) in string. */ ++ const char **first_invalid_escape_ptr); /* on return, if not NULL, may ++ point to the first invalid escaped ++ char in string. ++ May be NULL if errors is not NULL. */ ++// Export for binary compatibility. + PyAPI_FUNC(PyObject*) _PyUnicode_DecodeUnicodeEscapeInternal( + const char *string, /* Unicode-Escape encoded string */ + Py_ssize_t length, /* size of string */ +--- a/Lib/test/test_codeccallbacks.py ++++ b/Lib/test/test_codeccallbacks.py +@@ -1,6 +1,7 @@ + import codecs + import html.entities + import itertools ++import re + import sys + import unicodedata + import unittest +@@ -1124,7 +1125,7 @@ class CodecCallbackTest(unittest.TestCas + text = 'abcghi'*n + text.translate(charmap) + +- def test_mutatingdecodehandler(self): ++ def test_mutating_decode_handler(self): + baddata = [ + ("ascii", b"\xff"), + ("utf-7", b"++"), +@@ -1159,6 +1160,42 @@ class CodecCallbackTest(unittest.TestCas + for (encoding, data) in baddata: + self.assertEqual(data.decode(encoding, "test.mutating"), "\u4242") + ++ def test_mutating_decode_handler_unicode_escape(self): ++ decode = codecs.unicode_escape_decode ++ def mutating(exc): ++ if isinstance(exc, UnicodeDecodeError): ++ r = data.get(exc.object[:exc.end]) ++ if r is not None: ++ exc.object = r[0] + exc.object[exc.end:] ++ return ('\u0404', r[1]) ++ raise AssertionError("don't know how to handle %r" % exc) ++ ++ codecs.register_error('test.mutating2', mutating) ++ data = { ++ br'\x0': (b'\\', 0), ++ br'\x3': (b'xxx\\', 3), ++ br'\x5': (b'x\\', 1), ++ } ++ def check(input, expected, msg): ++ with self.assertWarns(DeprecationWarning) as cm: ++ self.assertEqual(decode(input, 'test.mutating2'), (expected, len(input))) ++ self.assertIn(msg, str(cm.warning)) ++ ++ check(br'\x0n\z', '\u0404\n\\z', r"invalid escape sequence '\z'") ++ check(br'\x0n\501', '\u0404\n\u0141', r"invalid octal escape sequence '\501'") ++ check(br'\x0z', '\u0404\\z', r"invalid escape sequence '\z'") ++ ++ check(br'\x3n\zr', '\u0404\n\\zr', r"invalid escape sequence '\z'") ++ check(br'\x3zr', '\u0404\\zr', r"invalid escape sequence '\z'") ++ check(br'\x3z5', '\u0404\\z5', r"invalid escape sequence '\z'") ++ check(memoryview(br'\x3z5x')[:-1], '\u0404\\z5', r"invalid escape sequence '\z'") ++ check(memoryview(br'\x3z5xy')[:-2], '\u0404\\z5', r"invalid escape sequence '\z'") ++ ++ check(br'\x5n\z', '\u0404\n\\z', r"invalid escape sequence '\z'") ++ check(br'\x5n\501', '\u0404\n\u0141', r"invalid octal escape sequence '\501'") ++ check(br'\x5z', '\u0404\\z', r"invalid escape sequence '\z'") ++ check(memoryview(br'\x5zy')[:-1], '\u0404\\z', r"invalid escape sequence '\z'") ++ + # issue32583 + def test_crashing_decode_handler(self): + # better generating one more character to fill the extra space slot +--- a/Lib/test/test_codecs.py ++++ b/Lib/test/test_codecs.py +@@ -1198,23 +1198,39 @@ class EscapeDecodeTest(unittest.TestCase + check(br"[\1010]", b"[A0]") + check(br"[\x41]", b"[A]") + check(br"[\x410]", b"[A0]") ++ ++ def test_warnings(self): ++ decode = codecs.escape_decode ++ check = coding_checker(self, decode) + for i in range(97, 123): + b = bytes([i]) + if b not in b'abfnrtvx': +- with self.assertWarns(DeprecationWarning): ++ with self.assertWarnsRegex(DeprecationWarning, ++ r"invalid escape sequence '\\%c'" % i): + check(b"\\" + b, b"\\" + b) +- with self.assertWarns(DeprecationWarning): ++ with self.assertWarnsRegex(DeprecationWarning, ++ r"invalid escape sequence '\\%c'" % (i-32)): + check(b"\\" + b.upper(), b"\\" + b.upper()) +- with self.assertWarns(DeprecationWarning): ++ with self.assertWarnsRegex(DeprecationWarning, ++ r"invalid escape sequence '\\8'"): + check(br"\8", b"\\8") + with self.assertWarns(DeprecationWarning): + check(br"\9", b"\\9") +- with self.assertWarns(DeprecationWarning): ++ with self.assertWarnsRegex(DeprecationWarning, ++ r"invalid escape sequence '\\\xfa'") as cm: + check(b"\\\xfa", b"\\\xfa") + for i in range(0o400, 0o1000): +- with self.assertWarns(DeprecationWarning): ++ with self.assertWarnsRegex(DeprecationWarning, ++ r"invalid octal escape sequence '\\%o'" % i): + check(rb'\%o' % i, bytes([i & 0o377])) + ++ with self.assertWarnsRegex(DeprecationWarning, ++ r"invalid escape sequence '\\z'"): ++ self.assertEqual(decode(br'\x\z', 'ignore'), (b'\\z', 4)) ++ with self.assertWarnsRegex(DeprecationWarning, ++ r"invalid octal escape sequence '\\501'"): ++ self.assertEqual(decode(br'\x\501', 'ignore'), (b'A', 6)) ++ + def test_errors(self): + decode = codecs.escape_decode + self.assertRaises(ValueError, decode, br"\x") +@@ -2487,24 +2503,40 @@ class UnicodeEscapeTest(ReadTest, unitte + check(br"[\x410]", "[A0]") + check(br"\u20ac", "\u20ac") + check(br"\U0001d120", "\U0001d120") ++ ++ def test_decode_warnings(self): ++ decode = codecs.unicode_escape_decode ++ check = coding_checker(self, decode) + for i in range(97, 123): + b = bytes([i]) + if b not in b'abfnrtuvx': +- with self.assertWarns(DeprecationWarning): ++ with self.assertWarnsRegex(DeprecationWarning, ++ r"invalid escape sequence '\\%c'" % i): + check(b"\\" + b, "\\" + chr(i)) + if b.upper() not in b'UN': +- with self.assertWarns(DeprecationWarning): ++ with self.assertWarnsRegex(DeprecationWarning, ++ r"invalid escape sequence '\\%c'" % (i-32)): + check(b"\\" + b.upper(), "\\" + chr(i-32)) +- with self.assertWarns(DeprecationWarning): ++ with self.assertWarnsRegex(DeprecationWarning, ++ r"invalid escape sequence '\\8'"): + check(br"\8", "\\8") + with self.assertWarns(DeprecationWarning): + check(br"\9", "\\9") +- with self.assertWarns(DeprecationWarning): ++ with self.assertWarnsRegex(DeprecationWarning, ++ r"invalid escape sequence '\\\xfa'") as cm: + check(b"\\\xfa", "\\\xfa") + for i in range(0o400, 0o1000): +- with self.assertWarns(DeprecationWarning): ++ with self.assertWarnsRegex(DeprecationWarning, ++ r"invalid octal escape sequence '\\%o'" % i): + check(rb'\%o' % i, chr(i)) + ++ with self.assertWarnsRegex(DeprecationWarning, ++ r"invalid escape sequence '\\z'"): ++ self.assertEqual(decode(br'\x\z', 'ignore'), ('\\z', 4)) ++ with self.assertWarnsRegex(DeprecationWarning, ++ r"invalid octal escape sequence '\\501'"): ++ self.assertEqual(decode(br'\x\501', 'ignore'), ('\u0141', 6)) ++ + def test_decode_errors(self): + decode = codecs.unicode_escape_decode + for c, d in (b'x', 2), (b'u', 4), (b'U', 4): +--- /dev/null ++++ b/Misc/NEWS.d/next/Security/2025-05-09-20-22-54.gh-issue-133767.kN2i3Q.rst +@@ -0,0 +1,2 @@ ++Fix use-after-free in the "unicode-escape" decoder with a non-"strict" error ++handler. +--- a/Objects/bytesobject.c ++++ b/Objects/bytesobject.c +@@ -1057,10 +1057,11 @@ _PyBytes_FormatEx(const char *format, Py + } + + /* Unescape a backslash-escaped string. */ +-PyObject *_PyBytes_DecodeEscape(const char *s, ++PyObject *_PyBytes_DecodeEscape2(const char *s, + Py_ssize_t len, + const char *errors, +- const char **first_invalid_escape) ++ int *first_invalid_escape_char, ++ const char **first_invalid_escape_ptr) + { + int c; + char *p; +@@ -1074,7 +1075,8 @@ PyObject *_PyBytes_DecodeEscape(const ch + return NULL; + writer.overallocate = 1; + +- *first_invalid_escape = NULL; ++ *first_invalid_escape_char = -1; ++ *first_invalid_escape_ptr = NULL; + + end = s + len; + while (s < end) { +@@ -1112,9 +1114,10 @@ PyObject *_PyBytes_DecodeEscape(const ch + c = (c<<3) + *s++ - '0'; + } + if (c > 0377) { +- if (*first_invalid_escape == NULL) { +- *first_invalid_escape = s-3; /* Back up 3 chars, since we've +- already incremented s. */ ++ if (*first_invalid_escape_char == -1) { ++ *first_invalid_escape_char = c; ++ /* Back up 3 chars, since we've already incremented s. */ ++ *first_invalid_escape_ptr = s - 3; + } + } + *p++ = c; +@@ -1155,9 +1158,10 @@ PyObject *_PyBytes_DecodeEscape(const ch + break; + + default: +- if (*first_invalid_escape == NULL) { +- *first_invalid_escape = s-1; /* Back up one char, since we've +- already incremented s. */ ++ if (*first_invalid_escape_char == -1) { ++ *first_invalid_escape_char = (unsigned char)s[-1]; ++ /* Back up one char, since we've already incremented s. */ ++ *first_invalid_escape_ptr = s - 1; + } + *p++ = '\\'; + s--; +@@ -1171,23 +1175,39 @@ PyObject *_PyBytes_DecodeEscape(const ch + return NULL; + } + ++// Export for binary compatibility. ++PyObject *_PyBytes_DecodeEscape(const char *s, ++ Py_ssize_t len, ++ const char *errors, ++ const char **first_invalid_escape) ++{ ++ int first_invalid_escape_char; ++ return _PyBytes_DecodeEscape2( ++ s, len, errors, ++ &first_invalid_escape_char, ++ first_invalid_escape); ++} ++ + PyObject *PyBytes_DecodeEscape(const char *s, + Py_ssize_t len, + const char *errors, + Py_ssize_t Py_UNUSED(unicode), + const char *Py_UNUSED(recode_encoding)) + { +- const char* first_invalid_escape; +- PyObject *result = _PyBytes_DecodeEscape(s, len, errors, +- &first_invalid_escape); ++ int first_invalid_escape_char; ++ const char *first_invalid_escape_ptr; ++ PyObject *result = _PyBytes_DecodeEscape2(s, len, errors, ++ &first_invalid_escape_char, ++ &first_invalid_escape_ptr); + if (result == NULL) + return NULL; +- if (first_invalid_escape != NULL) { +- unsigned char c = *first_invalid_escape; +- if ('4' <= c && c <= '7') { ++ if (first_invalid_escape_char != -1) { ++ if (first_invalid_escape_char > 0xff) { ++ char buf[12] = ""; ++ snprintf(buf, sizeof buf, "%o", first_invalid_escape_char); + if (PyErr_WarnFormat(PyExc_DeprecationWarning, 1, +- "invalid octal escape sequence '\\%.3s'", +- first_invalid_escape) < 0) ++ "invalid octal escape sequence '\\%s'", ++ buf) < 0) + { + Py_DECREF(result); + return NULL; +@@ -1196,7 +1216,7 @@ PyObject *PyBytes_DecodeEscape(const cha + else { + if (PyErr_WarnFormat(PyExc_DeprecationWarning, 1, + "invalid escape sequence '\\%c'", +- c) < 0) ++ first_invalid_escape_char) < 0) + { + Py_DECREF(result); + return NULL; +--- a/Objects/unicodeobject.c ++++ b/Objects/unicodeobject.c +@@ -6301,20 +6301,23 @@ PyUnicode_AsUTF16String(PyObject *unicod + static _PyUnicode_Name_CAPI *ucnhash_capi = NULL; + + PyObject * +-_PyUnicode_DecodeUnicodeEscapeInternal(const char *s, ++_PyUnicode_DecodeUnicodeEscapeInternal2(const char *s, + Py_ssize_t size, + const char *errors, + Py_ssize_t *consumed, +- const char **first_invalid_escape) ++ int *first_invalid_escape_char, ++ const char **first_invalid_escape_ptr) + { + const char *starts = s; ++ const char *initial_starts = starts; + _PyUnicodeWriter writer; + const char *end; + PyObject *errorHandler = NULL; + PyObject *exc = NULL; + + // so we can remember if we've seen an invalid escape char or not +- *first_invalid_escape = NULL; ++ *first_invalid_escape_char = -1; ++ *first_invalid_escape_ptr = NULL; + + if (size == 0) { + if (consumed) { +@@ -6402,9 +6405,12 @@ _PyUnicode_DecodeUnicodeEscapeInternal(c + } + } + if (ch > 0377) { +- if (*first_invalid_escape == NULL) { +- *first_invalid_escape = s-3; /* Back up 3 chars, since we've +- already incremented s. */ ++ if (*first_invalid_escape_char == -1) { ++ *first_invalid_escape_char = ch; ++ if (starts == initial_starts) { ++ /* Back up 3 chars, since we've already incremented s. */ ++ *first_invalid_escape_ptr = s - 3; ++ } + } + } + WRITE_CHAR(ch); +@@ -6503,9 +6509,12 @@ _PyUnicode_DecodeUnicodeEscapeInternal(c + goto error; + + default: +- if (*first_invalid_escape == NULL) { +- *first_invalid_escape = s-1; /* Back up one char, since we've +- already incremented s. */ ++ if (*first_invalid_escape_char == -1) { ++ *first_invalid_escape_char = c; ++ if (starts == initial_starts) { ++ /* Back up one char, since we've already incremented s. */ ++ *first_invalid_escape_ptr = s - 1; ++ } + } + WRITE_ASCII_CHAR('\\'); + WRITE_CHAR(c); +@@ -6544,24 +6553,42 @@ _PyUnicode_DecodeUnicodeEscapeInternal(c + return NULL; + } + ++// Export for binary compatibility. ++PyObject * ++_PyUnicode_DecodeUnicodeEscapeInternal(const char *s, ++ Py_ssize_t size, ++ const char *errors, ++ Py_ssize_t *consumed, ++ const char **first_invalid_escape) ++{ ++ int first_invalid_escape_char; ++ return _PyUnicode_DecodeUnicodeEscapeInternal2( ++ s, size, errors, consumed, ++ &first_invalid_escape_char, ++ first_invalid_escape); ++} ++ + PyObject * + _PyUnicode_DecodeUnicodeEscapeStateful(const char *s, + Py_ssize_t size, + const char *errors, + Py_ssize_t *consumed) + { +- const char *first_invalid_escape; +- PyObject *result = _PyUnicode_DecodeUnicodeEscapeInternal(s, size, errors, ++ int first_invalid_escape_char; ++ const char *first_invalid_escape_ptr; ++ PyObject *result = _PyUnicode_DecodeUnicodeEscapeInternal2(s, size, errors, + consumed, +- &first_invalid_escape); ++ &first_invalid_escape_char, ++ &first_invalid_escape_ptr); + if (result == NULL) + return NULL; +- if (first_invalid_escape != NULL) { +- unsigned char c = *first_invalid_escape; +- if ('4' <= c && c <= '7') { ++ if (first_invalid_escape_char != -1) { ++ if (first_invalid_escape_char > 0xff) { ++ char buf[12] = ""; ++ snprintf(buf, sizeof buf, "%o", first_invalid_escape_char); + if (PyErr_WarnFormat(PyExc_DeprecationWarning, 1, +- "invalid octal escape sequence '\\%.3s'", +- first_invalid_escape) < 0) ++ "invalid octal escape sequence '\\%s'", ++ buf) < 0) + { + Py_DECREF(result); + return NULL; +@@ -6570,7 +6597,7 @@ _PyUnicode_DecodeUnicodeEscapeStateful(c + else { + if (PyErr_WarnFormat(PyExc_DeprecationWarning, 1, + "invalid escape sequence '\\%c'", +- c) < 0) ++ first_invalid_escape_char) < 0) + { + Py_DECREF(result); + return NULL; +--- a/Parser/string_parser.c ++++ b/Parser/string_parser.c +@@ -130,12 +130,15 @@ decode_unicode_with_escapes(Parser *pars + len = p - buf; + s = buf; + +- const char *first_invalid_escape; +- v = _PyUnicode_DecodeUnicodeEscapeInternal(s, len, NULL, NULL, &first_invalid_escape); ++ int first_invalid_escape_char; ++ const char *first_invalid_escape_ptr; ++ v = _PyUnicode_DecodeUnicodeEscapeInternal2(s, (Py_ssize_t)len, NULL, NULL, ++ &first_invalid_escape_char, ++ &first_invalid_escape_ptr); + +- if (v != NULL && first_invalid_escape != NULL) { +- if (warn_invalid_escape_sequence(parser, first_invalid_escape, t) < 0) { +- /* We have not decref u before because first_invalid_escape points ++ if (v != NULL && first_invalid_escape_ptr != NULL) { ++ if (warn_invalid_escape_sequence(parser, first_invalid_escape_ptr, t) < 0) { ++ /* We have not decref u before because first_invalid_escape_ptr points + inside u. */ + Py_XDECREF(u); + Py_DECREF(v); +@@ -149,14 +152,17 @@ decode_unicode_with_escapes(Parser *pars + static PyObject * + decode_bytes_with_escapes(Parser *p, const char *s, Py_ssize_t len, Token *t) + { +- const char *first_invalid_escape; +- PyObject *result = _PyBytes_DecodeEscape(s, len, NULL, &first_invalid_escape); ++ int first_invalid_escape_char; ++ const char *first_invalid_escape_ptr; ++ PyObject *result = _PyBytes_DecodeEscape2(s, len, NULL, ++ &first_invalid_escape_char, ++ &first_invalid_escape_ptr); + if (result == NULL) { + return NULL; + } + +- if (first_invalid_escape != NULL) { +- if (warn_invalid_escape_sequence(p, first_invalid_escape, t) < 0) { ++ if (first_invalid_escape_ptr != NULL) { ++ if (warn_invalid_escape_sequence(p, first_invalid_escape_ptr, t) < 0) { + Py_DECREF(result); + return NULL; + } diff --git a/F00251-change-user-install-location.patch b/F00251-change-user-install-location.patch new file mode 100644 index 0000000..fa38a94 --- /dev/null +++ b/F00251-change-user-install-location.patch @@ -0,0 +1,215 @@ +From 910f38d9768d39d4d31426743ae4081ed1ab66b6 Mon Sep 17 00:00:00 2001 +From: Michal Cyprian +Date: Mon, 26 Jun 2017 16:32:56 +0200 +Subject: [PATCH] 00251: Change user install location + +Set values of prefix and exec_prefix in distutils install command +to /usr/local if executable is /usr/bin/python* and RPM build +is not detected to make pip and distutils install into separate location. + +Fedora Change: https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe +--- + Lib/distutils/command/install.py | 15 +++++++++++++-- + Lib/site.py | 9 ++++++++- + 2 files changed, 21 insertions(+), 3 deletions(-) + +Index: Python-3.11.8/Lib/distutils/command/install.py +=================================================================== +--- Python-3.11.8.orig/Lib/distutils/command/install.py ++++ Python-3.11.8/Lib/distutils/command/install.py +@@ -441,8 +441,19 @@ class install(Command): + raise DistutilsOptionError( + "must not supply exec-prefix without prefix") + +- self.prefix = os.path.normpath(sys.prefix) +- self.exec_prefix = os.path.normpath(sys.exec_prefix) ++ # self.prefix is set to sys.prefix + /local/ ++ # if neither RPM build nor virtual environment is ++ # detected to make pip and distutils install packages ++ # into the separate location. ++ if (not (hasattr(sys, 'real_prefix') or ++ sys.prefix != sys.base_prefix) and ++ 'RPM_BUILD_ROOT' not in os.environ): ++ addition = "/local" ++ else: ++ addition = "" ++ ++ self.prefix = os.path.normpath(sys.prefix) + addition ++ self.exec_prefix = os.path.normpath(sys.exec_prefix) + addition + + else: + if self.exec_prefix is None: +Index: Python-3.11.8/Lib/site.py +=================================================================== +--- Python-3.11.8.orig/Lib/site.py ++++ Python-3.11.8/Lib/site.py +@@ -387,8 +387,15 @@ def getsitepackages(prefixes=None): + return sitepackages + + def addsitepackages(known_paths, prefixes=None): +- """Add site-packages to sys.path""" ++ """Add site-packages to sys.path ++ ++ '/usr/local' is included in PREFIXES if RPM build is not detected ++ to make packages installed into this location visible. ++ ++ """ + _trace("Processing global site-packages") ++ if ENABLE_USER_SITE and 'RPM_BUILD_ROOT' not in os.environ: ++ PREFIXES.insert(0, "/usr/local") + for sitedir in getsitepackages(prefixes): + if os.path.isdir(sitedir): + addsitedir(sitedir, known_paths) + +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= +Date: Mon, 15 Feb 2021 12:19:27 +0100 +Subject: [PATCH] 00251: Change user install location +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Set values of base and platbase in sysconfig from /usr +to /usr/local when RPM build is not detected +to make pip and similar tools install into separate location. + +Fedora Change: https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe +Downstream only. + +We've tried to rework in Fedora 36/Python 3.10 to follow https://bugs.python.org/issue43976 +but we have identified serious problems with that approach, +see https://bugzilla.redhat.com/2026979 or https://bugzilla.redhat.com/2097183 + +pypa/distutils integration: https://github.com/pypa/distutils/pull/70 + +Co-authored-by: Petr Viktorin +Co-authored-by: Miro Hrončok +Co-authored-by: Michal Cyprian +Co-authored-by: Lumír Balhar +--- + Lib/site.py | 9 ++++++- + Lib/sysconfig.py | 49 +++++++++++++++++++++++++++++++++++++- + Lib/test/test_sysconfig.py | 17 +++++++++++-- + 3 files changed, 71 insertions(+), 4 deletions(-) + +Index: Python-3.11.9/Lib/sysconfig.py +=================================================================== +--- Python-3.11.9.orig/Lib/sysconfig.py ++++ Python-3.11.9/Lib/sysconfig.py +@@ -103,6 +103,11 @@ if os.name == 'nt': + else: + _INSTALL_SCHEMES['venv'] = _INSTALL_SCHEMES['posix_venv'] + ++# For a brief period of time in the Fedora 36 life cycle, ++# this installation scheme existed and was documented in the release notes. ++# For backwards compatibility, we keep it here (at least on 3.10 and 3.11). ++_INSTALL_SCHEMES['rpm_prefix'] = _INSTALL_SCHEMES['posix_prefix'] ++ + + # NOTE: site.py has copy of this function. + # Sync it when modify this function. +@@ -162,6 +167,19 @@ if _HAS_USER_BASE: + }, + } + ++# This is used by distutils.command.install in the stdlib ++# as well as pypa/distutils (e.g. bundled in setuptools). ++# The self.prefix value is set to sys.prefix + /local/ ++# if neither RPM build nor virtual environment is ++# detected to make distutils install packages ++# into the separate location. ++# https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe ++if (not (hasattr(sys, 'real_prefix') or ++ sys.prefix != sys.base_prefix) and ++ 'RPM_BUILD_ROOT' not in os.environ): ++ _prefix_addition = '/local' ++ ++ + _SCHEME_KEYS = ('stdlib', 'platstdlib', 'purelib', 'platlib', 'include', + 'scripts', 'data') + +@@ -258,11 +276,40 @@ def _extend_dict(target_dict, other_dict + target_dict[key] = value + + ++_CONFIG_VARS_LOCAL = None ++ ++ ++def _config_vars_local(): ++ # This function returns the config vars with prefixes amended to /usr/local ++ # https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe ++ global _CONFIG_VARS_LOCAL ++ if _CONFIG_VARS_LOCAL is None: ++ _CONFIG_VARS_LOCAL = dict(get_config_vars()) ++ _CONFIG_VARS_LOCAL['base'] = '/usr/local' ++ _CONFIG_VARS_LOCAL['platbase'] = '/usr/local' ++ return _CONFIG_VARS_LOCAL ++ ++ + def _expand_vars(scheme, vars): + res = {} + if vars is None: + vars = {} +- _extend_dict(vars, get_config_vars()) ++ ++ # when we are not in a virtual environment or an RPM build ++ # we change '/usr' to '/usr/local' ++ # to avoid surprises, we explicitly check for the /usr/ prefix ++ # Python virtual environments have different prefixes ++ # we only do this for posix_prefix, not to mangle the venv scheme ++ # posix_prefix is used by sudo pip install ++ # we only change the defaults here, so explicit --prefix will take precedence ++ # https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe ++ if (scheme == 'posix_prefix' and ++ _PREFIX == '/usr' and ++ 'RPM_BUILD_ROOT' not in os.environ): ++ _extend_dict(vars, _config_vars_local()) ++ else: ++ _extend_dict(vars, get_config_vars()) ++ + if os.name == 'nt': + # On Windows we want to substitute 'lib' for schemes rather + # than the native value (without modifying vars, in case it +Index: Python-3.11.9/Lib/test/test_sysconfig.py +=================================================================== +--- Python-3.11.9.orig/Lib/test/test_sysconfig.py ++++ Python-3.11.9/Lib/test/test_sysconfig.py +@@ -111,8 +111,19 @@ class TestSysConfig(unittest.TestCase): + for scheme in _INSTALL_SCHEMES: + for name in _INSTALL_SCHEMES[scheme]: + expected = _INSTALL_SCHEMES[scheme][name].format(**config_vars) ++ tested = get_path(name, scheme) ++ # https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe ++ if tested.startswith('/usr/local'): ++ # /usr/local should only be used in posix_prefix ++ self.assertEqual(scheme, 'posix_prefix') ++ # Fedora CI runs tests for venv and virtualenv that check for other prefixes ++ self.assertEqual(sys.prefix, '/usr') ++ # When building the RPM of Python, %check runs this with RPM_BUILD_ROOT set ++ # Fedora CI runs this with RPM_BUILD_ROOT unset ++ self.assertNotIn('RPM_BUILD_ROOT', os.environ) ++ tested = tested.replace('/usr/local', '/usr') + self.assertEqual( +- os.path.normpath(get_path(name, scheme)), ++ os.path.normpath(tested), + os.path.normpath(expected), + ) + +@@ -345,7 +356,7 @@ class TestSysConfig(unittest.TestCase): + self.assertTrue(os.path.isfile(config_h), config_h) + + def test_get_scheme_names(self): +- wanted = ['nt', 'posix_home', 'posix_prefix', 'posix_venv', 'nt_venv', 'venv'] ++ wanted = ['nt', 'posix_home', 'posix_prefix', 'posix_venv', 'nt_venv', 'venv', 'rpm_prefix'] + if HAS_USER_BASE: + wanted.extend(['nt_user', 'osx_framework_user', 'posix_user']) + self.assertEqual(get_scheme_names(), tuple(sorted(wanted))) +@@ -357,6 +368,8 @@ class TestSysConfig(unittest.TestCase): + cmd = "-c", "import sysconfig; print(sysconfig.get_platform())" + self.assertEqual(py.call_real(*cmd), py.call_link(*cmd)) + ++ @unittest.skipIf('RPM_BUILD_ROOT' not in os.environ, ++ "Test doesn't expect Fedora's paths") + def test_user_similar(self): + # Issue #8759: make sure the posix scheme for the users + # is similar to the global posix_prefix one diff --git a/PACKAGING-NOTES b/PACKAGING-NOTES new file mode 100644 index 0000000..e28c88c --- /dev/null +++ b/PACKAGING-NOTES @@ -0,0 +1,26 @@ +Notes for packagers of Python3 +============================== + +0. Faster build turnaround +-------------------------- + +By default, python builds with profile-guided optimization. This needs +an additional run of the test suite and it is generally slow. +PGO build takes around 50 minutes. + +For development, use "--without profileopt" option to disable PGO. This +shortens the build time to ~5 minutes including test suite. + +1. import_failed.map +---------------------- + +This is a mechanism installed as part of python3-base, that places shim modules +on python's path (through a generated zzzz-import-failed-hooks.pth file, so that +it is imported as much at the end as makes sense; and an _import_failed subdir +of /usr/lib/pythonX.Y). Then when the user tries to import a module that is part +of a subpackage, the ImportError will contain a helpful message telling them +which missing subpackage to install. + +This can sometimes cause problems on non-standard configurations, if the pth +gets included too early (for instance if you are using a script to include all +pths by hand in some strange order). Just something to look out for. diff --git a/Python-3.11.10.tar.xz b/Python-3.11.10.tar.xz new file mode 100644 index 0000000..f87e7ad --- /dev/null +++ b/Python-3.11.10.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:07a4356e912900e61a15cb0949a06c4a05012e213ecd6b4e84d0f67aabbee372 +size 20067656 diff --git a/Python-3.11.10.tar.xz.asc b/Python-3.11.10.tar.xz.asc new file mode 100644 index 0000000..243d1b1 --- /dev/null +++ b/Python-3.11.10.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEz9yiRbEEPPKl+Xhl/+h0BBaL2EcFAmbbrO0ACgkQ/+h0BBaL +2Ec+YBAAnQJLKYPjj7Yr7xkFU655Sv86JxeRAdWjnIapbiIuWg3Up8Pd8FTRgHGf +3XdTHw7b03lSjtzJwavzdnDklqAlBIGn9dVieljUIN7NYyNxoYOr/AiatimgSwv7 +dI5mfun5fLKV6ZcdNdQN5PJ3RZtF3I7VfkN2mlfZJHtxl1agdU/TfW2L+qJ7+JPY +cayjq2xKTLRNXOf2iV29GRRovLiqA+Dx0+cAwsScwreHMp3U4k3GkeHVoR6fldV4 +bVAM8GRl3CYVFePiqAbamKP1BSys44JOINWbWyd94JxzEAwXWz//Es0h73AzeRfK +ueORqzdoOGrVc74+HGlAHhqO1Gg7jMMmtkzCEuav+cGHYnMRMOngGR3q47aTJTVb +5UdP0oD4OlADPFVa6q0LCqN/IFlebWMh9pXYw7Wpek63oNuZHTfNPq4S1AUM2HJm +C3yzaOG9VAdYfLneJC4ldY4CVt1FKckfaXp5OAaMr71DI74e4CcEswlUupZJLZKV +TJRjQD15bnXGhHDqU4w3RmzpCWMh2mf4m4VMYQyObl3TtlX+gVvzIhDS5+mXqutB +F1pdXwaHHkTb2PLLxpwOGrnsp8XoW74tsylcYirQg8jSFMbgxfwgIjEIuRGXeDkT +B4QzmQ4SxsbLiH7etV6Fznl1h569Z4DO9OOs4i0ZzIjdhPDQtAs= +=TatG +-----END PGP SIGNATURE----- diff --git a/Python-3.11.11.tar.xz b/Python-3.11.11.tar.xz new file mode 100644 index 0000000..e0581b1 --- /dev/null +++ b/Python-3.11.11.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:2a9920c7a0cd236de33644ed980a13cbbc21058bfdc528febb6081575ed73be3 +size 20085792 diff --git a/Python-3.11.11.tar.xz.sigstore b/Python-3.11.11.tar.xz.sigstore new file mode 100644 index 0000000..782816a --- /dev/null +++ b/Python-3.11.11.tar.xz.sigstore @@ -0,0 +1 @@ +{"mediaType": "application/vnd.dev.sigstore.bundle.v0.3+json", "verificationMaterial": {"certificate": {"rawBytes": "MIICzDCCAlOgAwIBAgIUWcRolJPsPmtJKA6VkjHSj7PtjY8wCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjQxMjAzMTgxOTA1WhcNMjQxMjAzMTgyOTA1WjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEN+fBJCRZIAZiWPBdjyQVD+x5vgmjuuVct1HkPHIBMuEe7wI4mBG2BhJ3fHkpr97efIH6ELMmPV99edyAIZFXR6OCAXIwggFuMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUkutZdHfCCSvGI87mjnBRwZB8ihYwHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4YZD8wIgYDVR0RAQH/BBgwFoEUcGFibG9nc2FsQHB5dGhvbi5vcmcwKQYKKwYBBAGDvzABAQQbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMCsGCisGAQQBg78wAQgEHQwbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMIGKBgorBgEEAdZ5AgQCBHwEegB4AHYA3T0wasbHETJjGR4cmWc3AqJKXrjePK3/h4pygC8p7o4AAAGTjb9QlwAABAMARzBFAiEA4ddSINhYM+p0+DGzRqnA8rVtJF9YgI+9znXiq9fqQNkCIEErcSnQmN8jjErhwWWtcTM5GgH4ka/uk5kdHTycwxj3MAoGCCqGSM49BAMDA2cAMGQCMFmkCEH2pCBpFeFiUi2uA4opcJP6vh/zqb+D0tbxqd+jwbBkuDxDqA9/Ao3UWop+twIwO9o71KAlYWPSPYMeZERM4R8zWlp9mVJPiK3tgOJJi40MNmxwtfsQeQtncqiQLBAH"}, "tlogEntries": [{"logIndex": "153122039", "logId": {"keyId": "wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="}, "kindVersion": {"kind": "hashedrekord", "version": "0.0.1"}, "integratedTime": "1733249946", "inclusionPromise": {"signedEntryTimestamp": "MEUCIBL9zpVJtljIuZtAe8uptLfDmakmbAjy5ELp2q8WJTQ7AiEAv6lIpyJZycHwTS+JHYJFzMVv0SmA8yQ0eMneBivMhPY="}, "inclusionProof": {"logIndex": "31217777", "rootHash": "BMKHBPePzSbNqf2NyF/Ejuyy3troRGpNS41Dqe43nZ0=", "treeSize": "31217778", "hashes": ["lrr8dxmtgD09fnZTo1tMTY00HNKc2ZIpbZa1djDeTes=", "yFxGSg1RDbtZ/eNftnMdBJGNEZmmLyx2ZRDFtAIMHAk=", "GeqsQGnvgc+gcuaIC+vQ5b0RdTyBxBnYTpbeW2AeD+Q=", "dMTPeN/a9xCQQP+Hz7sddW0pPj8n54sfkhcf3XhjrMM=", "XjayhjKU3shP7q7lhmhKDv3Vpi4gJgAPCu0KlEzc9Qo=", "go1dmexQYS5etu69upRRX7IFvuA0rIcT9aYjMstmPIU=", "AYwr74Bm2w383UnS7DdbZUUAhusq28JoxKpWrQ7OvGQ=", "u+yWmGIR6sAH32wiSy22mz1Yf+jfPdBTjFbyRISuTZw=", "3eFC7Gp4fWecybDOAw9uUTrM1xB7YRYRAGsfYkiQbV8=", "1uKk2qjOliHMiTk906jrchP8mXWsRG8apaU1sa0lfh0=", "oOecFfN3YqDOkbijS/ej1WF5Da/Gt/AZNhbwE9uoOE8=", "4lUF0YOu9XkIDXKXA0wMSzd6VeDY3TZAgmoOeWmS2+Y=", "gf+9m552B3PnkWnO0o4KdVvjcT3WVHLrCbf1DoVYKFw="], "checkpoint": {"envelope": "rekor.sigstore.dev - 1193050959916656506\n31217778\nBMKHBPePzSbNqf2NyF/Ejuyy3troRGpNS41Dqe43nZ0=\n\n\u2014 rekor.sigstore.dev wNI9ajBEAiA7ed0HqugBwVpmxDAR1VN35J91/+DeRdj09y5lFY+bRwIgYe07JnZlJvp3MfAMXX3i4XBsZoDRZoXtwfBaRj/8x8s=\n"}}, "canonicalizedBody": "eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiaGFzaGVkcmVrb3JkIiwic3BlYyI6eyJkYXRhIjp7Imhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiIyYTk5MjBjN2EwY2QyMzZkZTMzNjQ0ZWQ5ODBhMTNjYmJjMjEwNThiZmRjNTI4ZmViYjYwODE1NzVlZDczYmUzIn19LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FVUNJRU5KSGllaWs5WkVibW83a0p4ZUhWY2FvVDVYOUxyWG1zRTVxc1I5R1JpSEFpRUFtcHZyV21vUHF5YzRpQ09VYXVmY3dKTllMK1lPTWU0b0NOaWRLVGduT1FBPSIsInB1YmxpY0tleSI6eyJjb250ZW50IjoiTFMwdExTMUNSVWRKVGlCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2sxSlNVTjZSRU5EUVd4UFowRjNTVUpCWjBsVlYyTlNiMnhLVUhOUWJYUktTMEUyVm10cVNGTnFOMUIwYWxrNGQwTm5XVWxMYjFwSmVtb3dSVUYzVFhjS1RucEZWazFDVFVkQk1WVkZRMmhOVFdNeWJHNWpNMUoyWTIxVmRWcEhWakpOVWpSM1NFRlpSRlpSVVVSRmVGWjZZVmRrZW1SSE9YbGFVekZ3WW01U2JBcGpiVEZzV2tkc2FHUkhWWGRJYUdOT1RXcFJlRTFxUVhwTlZHZDRUMVJCTVZkb1kwNU5hbEY0VFdwQmVrMVVaM2xQVkVFeFYycEJRVTFHYTNkRmQxbElDa3R2V2tsNmFqQkRRVkZaU1V0dldrbDZhakJFUVZGalJGRm5RVVZPSzJaQ1NrTlNXa2xCV21sWFVFSmthbmxSVmtRcmVEVjJaMjFxZFhWV1kzUXhTR3NLVUVoSlFrMTFSV1UzZDBrMGJVSkhNa0pvU2pObVNHdHdjamszWldaSlNEWkZURTF0VUZZNU9XVmtlVUZKV2taWVVqWlBRMEZZU1hkblowWjFUVUUwUndwQk1WVmtSSGRGUWk5M1VVVkJkMGxJWjBSQlZFSm5UbFpJVTFWRlJFUkJTMEpuWjNKQ1owVkdRbEZqUkVGNlFXUkNaMDVXU0ZFMFJVWm5VVlZyZFhSYUNtUklaa05EVTNaSFNUZzNiV3B1UWxKM1drSTRhV2haZDBoM1dVUldVakJxUWtKbmQwWnZRVlV6T1ZCd2VqRlphMFZhWWpWeFRtcHdTMFpYYVhocE5Ga0tXa1E0ZDBsbldVUldVakJTUVZGSUwwSkNaM2RHYjBWVlkwZEdhV0pIT1c1ak1rWnpVVWhDTldSSGFIWmlhVFYyWTIxamQwdFJXVXRMZDFsQ1FrRkhSQXAyZWtGQ1FWRlJZbUZJVWpCalNFMDJUSGs1YUZreVRuWmtWelV3WTNrMWJtSXlPVzVpUjFWMVdUSTVkRTFEYzBkRGFYTkhRVkZSUW1jM09IZEJVV2RGQ2toUmQySmhTRkl3WTBoTk5reDVPV2haTWs1MlpGYzFNR041Tlc1aU1qbHVZa2RWZFZreU9YUk5TVWRMUW1kdmNrSm5SVVZCWkZvMVFXZFJRMEpJZDBVS1pXZENORUZJV1VFelZEQjNZWE5pU0VWVVNtcEhValJqYlZkak0wRnhTa3RZY21wbFVFc3pMMmcwY0hsblF6aHdOMjgwUVVGQlIxUnFZamxSYkhkQlFRcENRVTFCVW5wQ1JrRnBSVUUwWkdSVFNVNW9XVTByY0RBclJFZDZVbkZ1UVRoeVZuUktSamxaWjBrck9YcHVXR2x4T1daeFVVNXJRMGxGUlhKalUyNVJDbTFPT0dwcVJYSm9kMWRYZEdOVVRUVkhaMGcwYTJFdmRXczFhMlJJVkhsamQzaHFNMDFCYjBkRFEzRkhVMDAwT1VKQlRVUkJNbU5CVFVkUlEwMUdiV3NLUTBWSU1uQkRRbkJHWlVacFZXa3lkVUUwYjNCalNsQTJkbWd2ZW5GaUswUXdkR0o0Y1dRcmFuZGlRbXQxUkhoRWNVRTVMMEZ2TTFWWGIzQXJkSGRKZHdwUE9XODNNVXRCYkZsWFVGTlFXVTFsV2tWU1RUUlNPSHBYYkhBNWJWWktVR2xMTTNSblQwcEthVFF3VFU1dGVIZDBabk5SWlZGMGJtTnhhVkZNUWtGSUNpMHRMUzB0UlU1RUlFTkZVbFJKUmtsRFFWUkZMUzB0TFMwSyJ9fX19"}]}, "messageSignature": {"messageDigest": {"algorithm": "SHA2_256", "digest": "Kpkgx6DNI23jNkTtmAoTy7whBYv9xSj+u2CBV17XO+M="}, "signature": "MEUCIENJHieik9ZEbmo7kJxeHVcaoT5X9LrXmsE5qsR9GRiHAiEAmpvrWmoPqyc4iCOUaufcwJNYL+YOMe4oCNidKTgnOQA="}} diff --git a/Python-3.11.12.tar.xz b/Python-3.11.12.tar.xz new file mode 100644 index 0000000..e2b3c80 --- /dev/null +++ b/Python-3.11.12.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:849da87af4df137710c1796e276a955f7a85c9f971081067c8f565d15c352a09 +size 20112232 diff --git a/Python-3.11.12.tar.xz.sigstore b/Python-3.11.12.tar.xz.sigstore new file mode 100644 index 0000000..36fb8a6 --- /dev/null +++ b/Python-3.11.12.tar.xz.sigstore @@ -0,0 +1 @@ +{"mediaType": "application/vnd.dev.sigstore.bundle.v0.3+json", "verificationMaterial": {"certificate": {"rawBytes": "MIICzDCCAlOgAwIBAgIUdXXo3kfUuTRxhwfBaDz2hbLdc00wCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjUwNDA4MTUwMzI1WhcNMjUwNDA4MTUxMzI1WjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEChWB96w27HEQAug03xOuj5aVvdcEBkLaseC6PKbhc3lq1vL78o96RMSdWdBSmBQ4OrRHKvop8VRwn4SI6KPIN6OCAXIwggFuMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUDQFNdUPu8lJprLgYTWMF//JnS0owHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4YZD8wIgYDVR0RAQH/BBgwFoEUcGFibG9nc2FsQHB5dGhvbi5vcmcwKQYKKwYBBAGDvzABAQQbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMCsGCisGAQQBg78wAQgEHQwbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMIGKBgorBgEEAdZ5AgQCBHwEegB4AHYA3T0wasbHETJjGR4cmWc3AqJKXrjePK3/h4pygC8p7o4AAAGWFe1zcgAABAMARzBFAiAMLue9b86BfjeZl9ML7LekLskkUPTEhI2ciiZrYgaF/gIhAIt66OYOVpC39L+bRXJd1K+T39IGMxYcKoaDrMk0DX59MAoGCCqGSM49BAMDA2cAMGQCMEJ+IEScHRIlOwToBZxVVJjrSxOVvqRSfUO5hvYNkqhYz97LxxUFWpcB/DMiQJOUbwIwKJRh5d7c30z1XyE5zsjOZZmz37ah6aJtyuHLCn3QKJniWBMxIMy9lbXlRZWZgsf0"}, "tlogEntries": [{"logIndex": "193896942", "logId": {"keyId": "wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="}, "kindVersion": {"kind": "hashedrekord", "version": "0.0.1"}, "integratedTime": "1744124605", "inclusionPromise": {"signedEntryTimestamp": "MEUCIQDBvc4N4pmeJKalSbAgT5X5MiHnHfiFJ3q/ifYIUDQORwIgNCMUBexEGM4B8VSSWkSDK8uZDGqzA7bgurZdWE0z/vc="}, "inclusionProof": {"logIndex": "71992680", "rootHash": "jow4GaqK8wgGK0YaQkHyINNk1eJRvrgCUSax5oC+bgc=", "treeSize": "71992683", "hashes": ["V5p0el9OkIku5PMpzeGtSeSQLNkd4d0DVh6qNlixrlk=", "CbJfH60w3vsS3xzOzbMZQaokwVM+6efm7OCLjQ5og/k=", "fJZsSVsDo+dpw5484/+8Rm3EH3JostySBfLMVDBUZOU=", "/C+wK2WU/SrXLMnuHDzeBP4K+Jlt/S0nAvzvcXJPp30=", "m6j5meZeKpBfFqNeI7qiCogWjT2IT5NZkgJYwot9sRo=", "V7VMIiqIq7yvzO+ic8vLqIJr3+iGA6whYAGN7YvWhsQ=", "2ap6N1WIsMWGC/Zrnzsx//K9223/3B9lLpJP87M+rXE=", "2kwW2rqY/EMS68q/rOjagVYsEMybFHgxIfbokSa8yKU=", "QReFEOB9XSZtDKsjRtA0fGnYGMYD2Z7qn50auG1YlWo=", "K26LG80DXyb+bC58c4Nw00WigG52v0PCsZGY3ExGsts=", "WEm5OgPzJpYROv+4CcrieexCYyQKrLUH3hbxmcQQ+DM=", "7v8qPHNDLerpduaMx06eb/MwgoQwczTn/cYGKX/9wZ4="], "checkpoint": {"envelope": "rekor.sigstore.dev - 1193050959916656506\n71992683\njow4GaqK8wgGK0YaQkHyINNk1eJRvrgCUSax5oC+bgc=\n\n\u2014 rekor.sigstore.dev wNI9ajBGAiEA7u1b4P659JpwuXMf6lhvC1RhOj/ZH7CpYcAQbitQSwUCIQDJrflW8FGweaiB88lSuLfpfD/a6l6jWhUyOQB/mIJ9rA==\n"}}, "canonicalizedBody": "eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiaGFzaGVkcmVrb3JkIiwic3BlYyI6eyJkYXRhIjp7Imhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiI4NDlkYTg3YWY0ZGYxMzc3MTBjMTc5NmUyNzZhOTU1ZjdhODVjOWY5NzEwODEwNjdjOGY1NjVkMTVjMzUyYTA5In19LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FUUNJRnMzQi9oTk9OMVY2TXFaUkxzRmNHNlU2Qjkza2FsL1VLZWsvYkRVb3o2MUFpQWZydmsrWXpjK0hHZGJYemRRQ203cjlKU2RNUCtuR1BOblVCZzFoSnAySVE9PSIsInB1YmxpY0tleSI6eyJjb250ZW50IjoiTFMwdExTMUNSVWRKVGlCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2sxSlNVTjZSRU5EUVd4UFowRjNTVUpCWjBsVlpGaFliek5yWmxWMVZGSjRhSGRtUW1GRWVqSm9Za3hrWXpBd2QwTm5XVWxMYjFwSmVtb3dSVUYzVFhjS1RucEZWazFDVFVkQk1WVkZRMmhOVFdNeWJHNWpNMUoyWTIxVmRWcEhWakpOVWpSM1NFRlpSRlpSVVVSRmVGWjZZVmRrZW1SSE9YbGFVekZ3WW01U2JBcGpiVEZzV2tkc2FHUkhWWGRJYUdOT1RXcFZkMDVFUVRSTlZGVjNUWHBKTVZkb1kwNU5hbFYzVGtSQk5FMVVWWGhOZWtreFYycEJRVTFHYTNkRmQxbElDa3R2V2tsNmFqQkRRVkZaU1V0dldrbDZhakJFUVZGalJGRm5RVVZEYUZkQ09UWjNNamRJUlZGQmRXY3dNM2hQZFdvMVlWWjJaR05GUW10TVlYTmxRellLVUV0aWFHTXpiSEV4ZGt3M09HODVObEpOVTJSWFpFSlRiVUpSTkU5eVVraExkbTl3T0ZaU2QyNDBVMGsyUzFCSlRqWlBRMEZZU1hkblowWjFUVUUwUndwQk1WVmtSSGRGUWk5M1VVVkJkMGxJWjBSQlZFSm5UbFpJVTFWRlJFUkJTMEpuWjNKQ1owVkdRbEZqUkVGNlFXUkNaMDVXU0ZFMFJVWm5VVlZFVVVaT0NtUlZVSFU0YkVwd2NreG5XVlJYVFVZdkwwcHVVekJ2ZDBoM1dVUldVakJxUWtKbmQwWnZRVlV6T1ZCd2VqRlphMFZhWWpWeFRtcHdTMFpYYVhocE5Ga0tXa1E0ZDBsbldVUldVakJTUVZGSUwwSkNaM2RHYjBWVlkwZEdhV0pIT1c1ak1rWnpVVWhDTldSSGFIWmlhVFYyWTIxamQwdFJXVXRMZDFsQ1FrRkhSQXAyZWtGQ1FWRlJZbUZJVWpCalNFMDJUSGs1YUZreVRuWmtWelV3WTNrMWJtSXlPVzVpUjFWMVdUSTVkRTFEYzBkRGFYTkhRVkZSUW1jM09IZEJVV2RGQ2toUmQySmhTRkl3WTBoTk5reDVPV2haTWs1MlpGYzFNR041Tlc1aU1qbHVZa2RWZFZreU9YUk5TVWRMUW1kdmNrSm5SVVZCWkZvMVFXZFJRMEpJZDBVS1pXZENORUZJV1VFelZEQjNZWE5pU0VWVVNtcEhValJqYlZkak0wRnhTa3RZY21wbFVFc3pMMmcwY0hsblF6aHdOMjgwUVVGQlIxZEdaVEY2WTJkQlFRcENRVTFCVW5wQ1JrRnBRVTFNZFdVNVlqZzJRbVpxWlZwc09VMU1OMHhsYTB4emEydFZVRlJGYUVreVkybHBXbkpaWjJGR0wyZEphRUZKZERZMlQxbFBDbFp3UXpNNVRDdGlVbGhLWkRGTEsxUXpPVWxIVFhoWlkwdHZZVVJ5VFdzd1JGZzFPVTFCYjBkRFEzRkhVMDAwT1VKQlRVUkJNbU5CVFVkUlEwMUZTaXNLU1VWVFkwaFNTV3hQZDFSdlFscDRWbFpLYW5KVGVFOVdkbkZTVTJaVlR6Vm9kbGxPYTNGb1dYbzVOMHg0ZUZWR1YzQmpRaTlFVFdsUlNrOVZZbmRKZHdwTFNsSm9OV1EzWXpNd2VqRlllVVUxZW5OcVQxcGFiWG96TjJGb05tRktkSGwxU0V4RGJqTlJTMHB1YVZkQ1RYaEpUWGs1YkdKWWJGSmFWMXBuYzJZd0NpMHRMUzB0UlU1RUlFTkZVbFJKUmtsRFFWUkZMUzB0TFMwSyJ9fX19"}], "timestampVerificationData": {}}, "messageSignature": {"messageDigest": {"algorithm": "SHA2_256", "digest": "hJ2oevTfE3cQwXluJ2qVX3qFyflxCBBnyPVl0Vw1Kgk="}, "signature": "MEQCIFs3B/hNON1V6MqZRLsFcG6U6B93kal/UKek/bDUoz61AiAfrvk+Yzc+HGdbXzdQCm7r9JSdMP+nGPNnUBg1hJp2IQ=="}} diff --git a/Python-3.11.13.tar.xz b/Python-3.11.13.tar.xz new file mode 100644 index 0000000..80a2b4d --- /dev/null +++ b/Python-3.11.13.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:8fb5f9fbc7609fa822cb31549884575db7fd9657cbffb89510b5d7975963a83a +size 20117496 diff --git a/Python-3.11.13.tar.xz.sigstore b/Python-3.11.13.tar.xz.sigstore new file mode 100644 index 0000000..a6d0be7 --- /dev/null +++ b/Python-3.11.13.tar.xz.sigstore @@ -0,0 +1 @@ +{"mediaType": "application/vnd.dev.sigstore.bundle.v0.3+json", "verificationMaterial": {"certificate": {"rawBytes": "MIICzjCCAlSgAwIBAgIUfnOGm4U1QCsCXWiDvPy5Tgni2HUwCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjUwNjAzMTkyNzM1WhcNMjUwNjAzMTkzNzM1WjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEpTsf/wrCdu4Domf4WOtO4CLkj51wmj4iesYv5N6DYhghPjqQFwGYI9gFc/WX6QMIWh5YHU2NGxrmM7KfbAYzz6OCAXMwggFvMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUkQ2/O4Fivj1bTq7NTQczm1RdtYAwHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4YZD8wIgYDVR0RAQH/BBgwFoEUcGFibG9nc2FsQHB5dGhvbi5vcmcwKQYKKwYBBAGDvzABAQQbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMCsGCisGAQQBg78wAQgEHQwbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMIGLBgorBgEEAdZ5AgQCBH0EewB5AHcA3T0wasbHETJjGR4cmWc3AqJKXrjePK3/h4pygC8p7o4AAAGXN0NwGwAABAMASDBGAiEA6pD8PjS+5z2SQre/NS/wOdFSjVMsxvtfF6A1jg+1T3YCIQDC44S/Z3c0dNddM7EkE+A3j7Vft3hqRUoFkNe4U6g5qTAKBggqhkjOPQQDAwNoADBlAjA6lBI2r3KCZFc+2affpH3S3Xj3gMOKh8Lr5Z7TgkGp3Q6QsnExGmJJ0leXhqH6rQkCMQDfxk/6DyhbO7KTrIUfmrbZoa7dV75cresJS69Xk67XN57qsqY52DZj9o4fbUIw4ro="}, "tlogEntries": [{"logIndex": "228953871", "logId": {"keyId": "wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="}, "kindVersion": {"kind": "hashedrekord", "version": "0.0.1"}, "integratedTime": "1748978856", "inclusionPromise": {"signedEntryTimestamp": "MEUCIQC9nXmfcRqyOL2Zmw1zI7+kulTbmDE3Yfzew81mXJGU4QIgF8Uhdg2uzttSA6erOuEchX68PCyJ0cVFHE0XJX2+ZfE="}, "inclusionProof": {"logIndex": "107049609", "rootHash": "Ilofw5POqC/C3zqfrdMQP1DyhNW+UfB9fHdjrbK6qaM=", "treeSize": "107049610", "hashes": ["AcD1iyjU7nuIPqAq29ynz7PEdq6zPXglj6e2tkH+/do=", "1BNDCN01B3dbUo/TfLaQgKIYTvPyrkcrHKd69GxuF2E=", "t59A0CV2pHM2S9AgZgcEA6FbXhgNZGo0jMRIXHiqsJ0=", "bCrkgWpJ8MBic+mIfCRsKi+5XAMqgM8Lc6G0LLfzZ7M=", "4iwdOrGkcqdN0qqZUx/gv8a8qpLMqVj8aXRVmhQ558c=", "mAX/zvx1jR0ujLtDApsQpHyxmoDGidClHMOn0BX1aQA=", "u5LKLBPTYgXZg0fBi6/8LuEeNy3EBAxJF0AkkB4Co6E=", "SPUVncwJRVX/n/RICCYqLpAzraqx7S0eMdXRr1RLRgg=", "uEJFtwcGQJMd9kjQhkXb7gl2WD3WMElCc15uDFvFGxs=", "VdOKzpQhJlpXgijzXANf/hNlje1G/N1kUuVnKNskkso=", "mta5fH/gFwxJ/0fT8yGpn3sFCY0G1RY555Iflm0LInM=", "7v8qPHNDLerpduaMx06eb/MwgoQwczTn/cYGKX/9wZ4="], "checkpoint": {"envelope": "rekor.sigstore.dev - 1193050959916656506\n107049610\nIlofw5POqC/C3zqfrdMQP1DyhNW+UfB9fHdjrbK6qaM=\n\n\u2014 rekor.sigstore.dev wNI9ajBGAiEAjtzTnsnrGx0G3Dg99s89cPUh6EA+cxkicQ9j4qYU60wCIQCKcAL4kdakbq2JrBVgk7bRNf3FoJRrEI6SCjv16f7Crg==\n"}}, "canonicalizedBody": "eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiaGFzaGVkcmVrb3JkIiwic3BlYyI6eyJkYXRhIjp7Imhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiI4ZmI1ZjlmYmM3NjA5ZmE4MjJjYjMxNTQ5ODg0NTc1ZGI3ZmQ5NjU3Y2JmZmI4OTUxMGI1ZDc5NzU5NjNhODNhIn19LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FVUNJUUM5Q1JZRjNSWGUzdDNxQlBJd2UrR3pMMTJCOXVLTjIrRFpWa2JjZW1FTS93SWdPMDFKaVhnbUJxZEN5RVhoM05JUEt5QlRBb2hpcjZHTkhZdXhiSUxKNDlRPSIsInB1YmxpY0tleSI6eyJjb250ZW50IjoiTFMwdExTMUNSVWRKVGlCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2sxSlNVTjZha05EUVd4VFowRjNTVUpCWjBsVlptNVBSMjAwVlRGUlEzTkRXRmRwUkhaUWVUVlVaMjVwTWtoVmQwTm5XVWxMYjFwSmVtb3dSVUYzVFhjS1RucEZWazFDVFVkQk1WVkZRMmhOVFdNeWJHNWpNMUoyWTIxVmRWcEhWakpOVWpSM1NFRlpSRlpSVVVSRmVGWjZZVmRrZW1SSE9YbGFVekZ3WW01U2JBcGpiVEZzV2tkc2FHUkhWWGRJYUdOT1RXcFZkMDVxUVhwTlZHdDVUbnBOTVZkb1kwNU5hbFYzVG1wQmVrMVVhM3BPZWsweFYycEJRVTFHYTNkRmQxbElDa3R2V2tsNmFqQkRRVkZaU1V0dldrbDZhakJFUVZGalJGRm5RVVZ3VkhObUwzZHlRMlIxTkVSdmJXWTBWMDkwVHpSRFRHdHFOVEYzYldvMGFXVnpXWFlLTlU0MlJGbG9aMmhRYW5GUlJuZEhXVWs1WjBaakwxZFlObEZOU1Zkb05WbElWVEpPUjNoeWJVMDNTMlppUVZsNmVqWlBRMEZZVFhkblowWjJUVUUwUndwQk1WVmtSSGRGUWk5M1VVVkJkMGxJWjBSQlZFSm5UbFpJVTFWRlJFUkJTMEpuWjNKQ1owVkdRbEZqUkVGNlFXUkNaMDVXU0ZFMFJVWm5VVlZyVVRJdkNrODBSbWwyYWpGaVZIRTNUbFJSWTNwdE1WSmtkRmxCZDBoM1dVUldVakJxUWtKbmQwWnZRVlV6T1ZCd2VqRlphMFZhWWpWeFRtcHdTMFpYYVhocE5Ga0tXa1E0ZDBsbldVUldVakJTUVZGSUwwSkNaM2RHYjBWVlkwZEdhV0pIT1c1ak1rWnpVVWhDTldSSGFIWmlhVFYyWTIxamQwdFJXVXRMZDFsQ1FrRkhSQXAyZWtGQ1FWRlJZbUZJVWpCalNFMDJUSGs1YUZreVRuWmtWelV3WTNrMWJtSXlPVzVpUjFWMVdUSTVkRTFEYzBkRGFYTkhRVkZSUW1jM09IZEJVV2RGQ2toUmQySmhTRkl3WTBoTk5reDVPV2haTWs1MlpGYzFNR041Tlc1aU1qbHVZa2RWZFZreU9YUk5TVWRNUW1kdmNrSm5SVVZCWkZvMVFXZFJRMEpJTUVVS1pYZENOVUZJWTBFelZEQjNZWE5pU0VWVVNtcEhValJqYlZkak0wRnhTa3RZY21wbFVFc3pMMmcwY0hsblF6aHdOMjgwUVVGQlIxaE9NRTUzUjNkQlFRcENRVTFCVTBSQ1IwRnBSVUUyY0VRNFVHcFRLelY2TWxOUmNtVXZUbE12ZDA5a1JsTnFWazF6ZUhaMFprWTJRVEZxWnlzeFZETlpRMGxSUkVNME5GTXZDbG96WXpCa1RtUmtUVGRGYTBVclFUTnFOMVptZEROb2NWSlZiMFpyVG1VMFZUWm5OWEZVUVV0Q1oyZHhhR3RxVDFCUlVVUkJkMDV2UVVSQ2JFRnFRVFlLYkVKSk1uSXpTME5hUm1Nck1tRm1abkJJTTFNeldHb3paMDFQUzJnNFRISTFXamRVWjJ0SGNETlJObEZ6YmtWNFIyMUtTakJzWlZob2NVZzJjbEZyUXdwTlVVUm1lR3N2TmtSNWFHSlBOMHRVY2tsVlptMXlZbHB2WVRka1ZqYzFZM0psYzBwVE5qbFlhelkzV0U0MU4zRnpjVmsxTWtSYWFqbHZOR1ppVlVsM0NqUnliejBLTFMwdExTMUZUa1FnUTBWU1ZFbEdTVU5CVkVVdExTMHRMUW89In19fX0="}], "timestampVerificationData": {}}, "messageSignature": {"messageDigest": {"algorithm": "SHA2_256", "digest": "j7X5+8dgn6giyzFUmIRXXbf9llfL/7iVELXXl1ljqDo="}, "signature": "MEUCIQC9CRYF3RXe3t3qBPIwe+GzL12B9uKN2+DZVkbcemEM/wIgO01JiXgmBqdCyEXh3NIPKyBTAohir6GNHYuxbILJ49Q="}} diff --git a/README.SUSE b/README.SUSE new file mode 100644 index 0000000..0053bcf --- /dev/null +++ b/README.SUSE @@ -0,0 +1,43 @@ +Python 3 in SUSE +============== + +* Subpackages * + +Python 3 is split into several subpackages, based on external dependencies. +The main package 'python3' has soft dependencies on all subpackages needed to +assemble the standard library; however, these might not all be installed by default. + +If you attempt to import a module that is currently not installed, an ImportError is thrown, +with instructions to install the missing subpackage. Installing the subpackage might result +in installing libraries that the subpackage requires to function. + + +* ensurepip * + +The 'ensurepip' module from Python 3 standard library (PEP 453) is supposed to deploy +a bundled copy of the pip installer. This makes no sense in a managed distribution like SUSE. +Instead, you need to install package 'python3-pip'. Usually this will be installed automatically +with 'python3'. + +Using 'ensurepip' when pip is not installed will result in an ImportError with instructions +to install 'python3-pip'. + + +* Documentation * + +You can find documentation in seprarate packages: python3-doc and +python3-doc-pdf. These contan following documents: + + Tutorial, What's New in Python, Global Module Index, Library Reference, + Macintosh Module Reference, Installing Python Modules, Distributing Python + Modules, Language Reference, Extending and Embedding, Python/C API, + Documenting Python + +The python3-doc package constains many text files from source tarball. + + +* Interactive mode * + +Interactive mode is by default enhanced with of history and command completion. +If you don't like these features, you can unset the PYTHONSTARTUP variable +in your .profile or disable it system wide in /etc/profile.d/python.sh. diff --git a/_multibuild b/_multibuild new file mode 100644 index 0000000..1d50bc4 --- /dev/null +++ b/_multibuild @@ -0,0 +1,4 @@ + + base + doc + diff --git a/add-loongarch64-support.patch b/add-loongarch64-support.patch new file mode 100644 index 0000000..10cc846 --- /dev/null +++ b/add-loongarch64-support.patch @@ -0,0 +1,29 @@ +Description: Add platform triplets for LoongArch. + +--- + configure.ac | 14 ++++++++++++++ + 1 file changed, 14 insertions(+) + +--- a/configure.ac ++++ b/configure.ac +@@ -976,6 +976,20 @@ cat > conftest.c <=6) && defined(_MIPSEL) diff --git a/baselibs.conf b/baselibs.conf new file mode 100644 index 0000000..1793de8 --- /dev/null +++ b/baselibs.conf @@ -0,0 +1,3 @@ +python311-base +python311 +libpython3_11-1_0 diff --git a/bluez-devel-vendor.tar.xz b/bluez-devel-vendor.tar.xz new file mode 100644 index 0000000..57fb3e5 --- /dev/null +++ b/bluez-devel-vendor.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:868fbfba2ddaed62f2c45cf869fe2c648527ac3bac738f4f41f3c2872f5b0211 +size 25040 diff --git a/bpo-31046_ensurepip_honours_prefix.patch b/bpo-31046_ensurepip_honours_prefix.patch new file mode 100644 index 0000000..86882ae --- /dev/null +++ b/bpo-31046_ensurepip_honours_prefix.patch @@ -0,0 +1,173 @@ +From 5754521af1d51aa8e445cba07a093bbc0c88596d Mon Sep 17 00:00:00 2001 +From: Zackery Spytz +Date: Mon, 16 Dec 2019 18:24:08 -0700 +Subject: [PATCH] bpo-31046: ensurepip does not honour the value of $(prefix) + +Co-Authored-By: Xavier de Gaye +--- + Doc/library/ensurepip.rst | 9 +++-- + Lib/ensurepip/__init__.py | 18 +++++++--- + Lib/test/test_ensurepip.py | 11 ++++++ + Makefile.pre.in | 4 +- + Misc/NEWS.d/next/Build/2019-12-16-17-50-42.bpo-31046.XA-Qfr.rst | 1 + 5 files changed, 34 insertions(+), 9 deletions(-) + create mode 100644 Misc/NEWS.d/next/Build/2019-12-16-17-50-42.bpo-31046.XA-Qfr.rst + +Index: Python-3.11.8/Doc/library/ensurepip.rst +=================================================================== +--- Python-3.11.8.orig/Doc/library/ensurepip.rst ++++ Python-3.11.8/Doc/library/ensurepip.rst +@@ -59,7 +59,9 @@ is at least as recent as the one availab + By default, ``pip`` is installed into the current virtual environment + (if one is active) or into the system site packages (if there is no + active virtual environment). The installation location can be controlled +-through two additional command line options: ++through some additional command line options: ++ ++* ``--prefix ``: Installs ``pip`` using the given directory prefix. + + * :samp:`--root {dir}`: Installs ``pip`` relative to the given root directory + rather than the root of the currently active virtual environment (if any) +@@ -92,7 +94,7 @@ Module API + Returns a string specifying the available version of pip that will be + installed when bootstrapping an environment. + +-.. function:: bootstrap(root=None, upgrade=False, user=False, \ ++.. function:: bootstrap(root=None, prefix=None, upgrade=False, user=False, \ + altinstall=False, default_pip=False, \ + verbosity=0) + +@@ -102,6 +104,8 @@ Module API + If *root* is ``None``, then installation uses the default install location + for the current environment. + ++ *prefix* specifies the directory prefix to use when installing. ++ + *upgrade* indicates whether or not to upgrade an existing installation + of an earlier version of ``pip`` to the available version. + +@@ -122,6 +126,8 @@ Module API + *verbosity* controls the level of output to :data:`sys.stdout` from the + bootstrapping operation. + ++ .. versionchanged:: 3.9 the *prefix* parameter was added. ++ + .. audit-event:: ensurepip.bootstrap root ensurepip.bootstrap + + .. note:: +Index: Python-3.11.8/Lib/ensurepip/__init__.py +=================================================================== +--- Python-3.11.8.orig/Lib/ensurepip/__init__.py ++++ Python-3.11.8/Lib/ensurepip/__init__.py +@@ -122,27 +122,27 @@ def _disable_pip_configuration_settings( + os.environ['PIP_CONFIG_FILE'] = os.devnull + + +-def bootstrap(*, root=None, upgrade=False, user=False, ++def bootstrap(*, root=None, prefix=None, upgrade=False, user=False, + altinstall=False, default_pip=False, + verbosity=0): + """ + Bootstrap pip into the current Python installation (or the given root +- directory). ++ and directory prefix). + + Note that calling this function will alter both sys.path and os.environ. + """ + # Discard the return value +- _bootstrap(root=root, upgrade=upgrade, user=user, ++ _bootstrap(root=root, prefix=prefix, upgrade=upgrade, user=user, + altinstall=altinstall, default_pip=default_pip, + verbosity=verbosity) + + +-def _bootstrap(*, root=None, upgrade=False, user=False, ++def _bootstrap(*, root=None, prefix=None, upgrade=False, user=False, + altinstall=False, default_pip=False, + verbosity=0): + """ + Bootstrap pip into the current Python installation (or the given root +- directory). Returns pip command status code. ++ and directory prefix). Returns pip command status code. + + Note that calling this function will alter both sys.path and os.environ. + """ +@@ -192,6 +192,8 @@ def _bootstrap(*, root=None, upgrade=Fal + args = ["install", "--no-cache-dir", "--no-index", "--find-links", tmpdir] + if root: + args += ["--root", root] ++ if prefix: ++ args += ["--prefix", prefix] + if upgrade: + args += ["--upgrade"] + if user: +@@ -267,6 +269,11 @@ def _main(argv=None): + help="Install everything relative to this alternate root directory.", + ) + parser.add_argument( ++ "--prefix", ++ default=None, ++ help="Install everything using this prefix.", ++ ) ++ parser.add_argument( + "--altinstall", + action="store_true", + default=False, +@@ -285,6 +292,7 @@ def _main(argv=None): + + return _bootstrap( + root=args.root, ++ prefix=args.prefix, + upgrade=args.upgrade, + user=args.user, + verbosity=args.verbosity, +Index: Python-3.11.8/Lib/test/test_ensurepip.py +=================================================================== +--- Python-3.11.8.orig/Lib/test/test_ensurepip.py ++++ Python-3.11.8/Lib/test/test_ensurepip.py +@@ -112,6 +112,17 @@ class TestBootstrap(EnsurepipMixin, unit + unittest.mock.ANY, + ) + ++ def test_bootstrapping_with_prefix(self): ++ ensurepip.bootstrap(prefix="/foo/bar/") ++ self.run_pip.assert_called_once_with( ++ [ ++ "install", "--no-cache-dir", "--no-index", "--find-links", ++ unittest.mock.ANY, "--prefix", "/foo/bar/", ++ "setuptools", "pip", ++ ], ++ unittest.mock.ANY, ++ ) ++ + def test_bootstrapping_with_user(self): + ensurepip.bootstrap(user=True) + +Index: Python-3.11.8/Makefile.pre.in +=================================================================== +--- Python-3.11.8.orig/Makefile.pre.in ++++ Python-3.11.8/Makefile.pre.in +@@ -1761,7 +1761,7 @@ install: @FRAMEWORKINSTALLFIRST@ commoni + install|*) ensurepip="" ;; \ + esac; \ + $(RUNSHARED) $(PYTHON_FOR_BUILD) -m ensurepip \ +- $$ensurepip --root=$(DESTDIR)/ ; \ ++ $$ensurepip --root=$(DESTDIR)/ --prefix=$(prefix) ; \ + fi + + altinstall: commoninstall +@@ -1771,7 +1771,7 @@ altinstall: commoninstall + install|*) ensurepip="--altinstall" ;; \ + esac; \ + $(RUNSHARED) $(PYTHON_FOR_BUILD) -m ensurepip \ +- $$ensurepip --root=$(DESTDIR)/ ; \ ++ $$ensurepip --root=$(DESTDIR)/ --prefix=$(prefix) ; \ + fi + + commoninstall: check-clean-src @FRAMEWORKALTINSTALLFIRST@ \ +Index: Python-3.11.8/Misc/NEWS.d/next/Build/2019-12-16-17-50-42.bpo-31046.XA-Qfr.rst +=================================================================== +--- /dev/null ++++ Python-3.11.8/Misc/NEWS.d/next/Build/2019-12-16-17-50-42.bpo-31046.XA-Qfr.rst +@@ -0,0 +1 @@ ++A directory prefix can now be specified when using :mod:`ensurepip`. diff --git a/bsc1221260-test_asyncio-ResourceWarning.patch b/bsc1221260-test_asyncio-ResourceWarning.patch new file mode 100644 index 0000000..15d6b8d --- /dev/null +++ b/bsc1221260-test_asyncio-ResourceWarning.patch @@ -0,0 +1,21 @@ +From a3052035485bd2836e40f5284657ca105382cbfd Mon Sep 17 00:00:00 2001 +From: sobolevn +Date: Tue, 5 Mar 2024 20:24:16 +0300 +Subject: [PATCH] gh-116112: Fix `ResourceWarning` in + `test_asyncio.test_stream` + +Co-authored-by: @CendioOssman +--- + Lib/test/test_asyncio/test_streams.py | 1 + + 1 file changed, 1 insertion(+) + +--- a/Lib/test/test_asyncio/test_streams.py ++++ b/Lib/test/test_asyncio/test_streams.py +@@ -1156,6 +1156,7 @@ os.close(fd) + + def test_unhandled_cancel(self): + async def handle_echo(reader, writer): ++ writer.close() + asyncio.current_task().cancel() + messages = self._basetest_unhandled_exceptions(handle_echo) + self.assertEqual(messages, []) diff --git a/bso1227999-reproducible-builds.patch b/bso1227999-reproducible-builds.patch new file mode 100644 index 0000000..fb33d18 --- /dev/null +++ b/bso1227999-reproducible-builds.patch @@ -0,0 +1,37 @@ +From ac2b8869724d7a57d9b5efbdce2f20423214e8bb Mon Sep 17 00:00:00 2001 +From: "Bernhard M. Wiedemann" +Date: Tue, 16 Jul 2024 21:39:33 +0200 +Subject: [PATCH] Allow to override build date with SOURCE_DATE_EPOCH + +to make builds reproducible. +See https://reproducible-builds.org/ for why this is good +and https://reproducible-builds.org/specs/source-date-epoch/ +for the definition of this variable. +--- + Doc/conf.py | 3 ++- + Doc/library/functions.rst | 2 +- + 2 files changed, 3 insertions(+), 2 deletions(-) + +--- a/Doc/conf.py ++++ b/Doc/conf.py +@@ -316,7 +316,8 @@ html_context = { + } + + # This 'Last updated on:' timestamp is inserted at the bottom of every page. +-html_last_updated_fmt = time.strftime('%b %d, %Y (%H:%M UTC)', time.gmtime()) ++html_time = int(os.environ.get('SOURCE_DATE_EPOCH', time.time())) ++html_last_updated_fmt = time.strftime('%b %d, %Y (%H:%M UTC)', time.gmtime(html_time)) + + # Path to find HTML templates. + templates_path = ['tools/templates'] +--- a/Doc/library/functions.rst ++++ b/Doc/library/functions.rst +@@ -1356,7 +1356,7 @@ are always available. They are listed h + (where :func:`open` is declared), :mod:`os`, :mod:`os.path`, :mod:`tempfile`, + and :mod:`shutil`. + +- .. audit-event:: open file,mode,flags open ++ .. audit-event:: open path,mode,flags open + + The ``mode`` and ``flags`` arguments may have been modified or inferred from + the original call. diff --git a/distutils-reproducible-compile.patch b/distutils-reproducible-compile.patch new file mode 100644 index 0000000..17e8bd2 --- /dev/null +++ b/distutils-reproducible-compile.patch @@ -0,0 +1,17 @@ +--- + Lib/distutils/util.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +Index: Python-3.11.8/Lib/distutils/util.py +=================================================================== +--- Python-3.11.8.orig/Lib/distutils/util.py ++++ Python-3.11.8/Lib/distutils/util.py +@@ -436,7 +436,7 @@ byte_compile(files, optimize=%r, force=% + else: + from py_compile import compile + +- for file in py_files: ++ for file in sorted(py_files): + if file[-3:] != ".py": + # This lets us be lazy and not filter filenames in + # the "install_lib" command. diff --git a/externally_managed.in b/externally_managed.in new file mode 100644 index 0000000..54606b6 --- /dev/null +++ b/externally_managed.in @@ -0,0 +1,12 @@ +[externally-managed] +Error=To install Python packages system-wide, try + zypper install __PYTHONPREFIX__-xyz, where xyz is the package + you are trying to install. + + If you wish to install a non-rpm packaged Python package, + create a virtual environment using __PYTHON__ -m venv path/to/venv. + Then use path/to/venv/bin/python and path/to/venv/bin/pip. + + If you wish to install a non-rpm packaged Python application, + it may be easiest to use `pipx install xyz`, which will manage a + virtual environment for you. Install pipx via `zypper install __PYTHONPREFIX__-pipx` . diff --git a/fix_configure_rst.patch b/fix_configure_rst.patch new file mode 100644 index 0000000..a5fe82c --- /dev/null +++ b/fix_configure_rst.patch @@ -0,0 +1,40 @@ +--- + Doc/using/configure.rst | 3 --- + Misc/NEWS | 2 +- + 2 files changed, 1 insertion(+), 4 deletions(-) + +--- a/Doc/using/configure.rst ++++ b/Doc/using/configure.rst +@@ -43,7 +43,6 @@ General Options + + See :data:`sys.int_info.bits_per_digit `. + +-.. option:: --with-cxx-main + .. option:: --with-cxx-main=COMPILER + + Compile the Python ``main()`` function and link Python executable with C++ +@@ -529,13 +528,11 @@ macOS Options + + See ``Mac/README.rst``. + +-.. option:: --enable-universalsdk + .. option:: --enable-universalsdk=SDKDIR + + Create a universal binary build. *SDKDIR* specifies which macOS SDK should + be used to perform the build (default is no). + +-.. option:: --enable-framework + .. option:: --enable-framework=INSTALLDIR + + Create a Python.framework rather than a traditional Unix install. Optional +--- a/Misc/NEWS ++++ b/Misc/NEWS +@@ -9911,7 +9911,7 @@ C API + - bpo-40939: Removed documentation for the removed ``PyParser_*`` C API. + + - bpo-43795: The list in :ref:`limited-api-list` now shows the public name +- :c:struct:`PyFrameObject` rather than ``_frame``. The non-existing entry ++ :c:type:`PyFrameObject` rather than ``_frame``. The non-existing entry + ``_node`` no longer appears in the list. + + - bpo-44378: :c:func:`Py_IS_TYPE` no longer uses :c:func:`Py_TYPE` to avoid diff --git a/gh-126572-test_ssl-no-stop-ThreadedEchoServer-OSError.patch b/gh-126572-test_ssl-no-stop-ThreadedEchoServer-OSError.patch new file mode 100644 index 0000000..292efba --- /dev/null +++ b/gh-126572-test_ssl-no-stop-ThreadedEchoServer-OSError.patch @@ -0,0 +1,82 @@ +From 3d390148c05a7ea2d401c4633e7d4db75ebf97d9 Mon Sep 17 00:00:00 2001 +From: Petr Viktorin +Date: Thu, 7 Nov 2024 11:07:02 +0100 +Subject: [PATCH] gh-126500: test_ssl: Don't stop ThreadedEchoServer on OSError + in ConnectionHandler; rely on __exit__ (GH-126503) + +If `read()` in the ConnectionHandler thread raises `OSError` (except `ConnectionError`), +the ConnectionHandler shuts down the entire ThreadedEchoServer, +preventing further connections. +It also does that for `EPROTOTYPE` in `wrap_conn`. + +As far as I can see, this is done to avoid the server thread getting stuck, +forgotten, in its accept loop. However, since 2011 (5b95eb90a7167285b6544b50865227c584943c9a) +the server is used as a context manager, and its `__exit__` does `stop()` and `join()`. +(I'm not sure if we *always* used `with` since that commit, but currently we do.) + +Make sure that the context manager *is* used, and remove the `server.stop()` +calls from ConnectionHandler. +(cherry picked from commit c9cda1608edf7664c10f4f467e24591062c2fe62) + +Co-authored-by: Petr Viktorin +--- + Lib/test/test_ssl.py | 17 ++++++++++++----- + 1 file changed, 12 insertions(+), 5 deletions(-) + +Index: Python-3.11.12/Lib/test/test_ssl.py +=================================================================== +--- Python-3.11.12.orig/Lib/test/test_ssl.py 2025-04-19 19:55:02.157545844 +0200 ++++ Python-3.11.12/Lib/test/test_ssl.py 2025-04-19 19:55:05.014552345 +0200 +@@ -2516,7 +2516,6 @@ + # See also http://erickt.github.io/blog/2014/11/19/adventures-in-debugging-a-potential-osx-kernel-bug/ + if e.errno != errno.EPROTOTYPE and sys.platform != "darwin": + self.running = False +- self.server.stop() + self.close() + return False + else: +@@ -2651,10 +2650,6 @@ + self.close() + self.running = False + +- # normally, we'd just stop here, but for the test +- # harness, we want to stop the server +- self.server.stop() +- + def __init__(self, certificate=None, ssl_version=None, + certreqs=None, cacerts=None, + chatty=True, connectionchatty=False, starttls_server=False, +@@ -2688,21 +2683,33 @@ + self.conn_errors = [] + threading.Thread.__init__(self) + self.daemon = True ++ self._in_context = False + + def __enter__(self): ++ if self._in_context: ++ raise ValueError('Re-entering ThreadedEchoServer context') ++ self._in_context = True + self.start(threading.Event()) + self.flag.wait() + return self + + def __exit__(self, *args): ++ assert self._in_context ++ self._in_context = False + self.stop() + self.join() + + def start(self, flag=None): ++ if not self._in_context: ++ raise ValueError( ++ 'ThreadedEchoServer must be used as a context manager') + self.flag = flag + threading.Thread.start(self) + + def run(self): ++ if not self._in_context: ++ raise ValueError( ++ 'ThreadedEchoServer must be used as a context manager') + self.sock.settimeout(1.0) + self.sock.listen(5) + self.active = True diff --git a/gh120226-fix-sendfile-test-kernel-610.patch b/gh120226-fix-sendfile-test-kernel-610.patch new file mode 100644 index 0000000..2eb6f63 --- /dev/null +++ b/gh120226-fix-sendfile-test-kernel-610.patch @@ -0,0 +1,35 @@ +From 1b3f6523a5c83323cdc44031b33a1c062e5dc698 Mon Sep 17 00:00:00 2001 +From: Xi Ruoyao +Date: Fri, 7 Jun 2024 23:51:32 +0800 +Subject: [PATCH] gh-120226: Fix + test_sendfile_close_peer_in_the_middle_of_receiving on Linux >= 6.10 + (GH-120227) + +The worst case is that the kernel buffers 17 pages with a page size of 64k. +(cherry picked from commit a7584245661102a5768c643fbd7db8395fd3c90e) + +Co-authored-by: Xi Ruoyao +--- + Lib/test/test_asyncio/test_sendfile.py | 11 ++++------- + 1 file changed, 4 insertions(+), 7 deletions(-) + +--- a/Lib/test/test_asyncio/test_sendfile.py ++++ b/Lib/test/test_asyncio/test_sendfile.py +@@ -93,13 +93,10 @@ class MyProto(asyncio.Protocol): + + class SendfileBase: + +- # 256 KiB plus small unaligned to buffer chunk +- # Newer versions of Windows seems to have increased its internal +- # buffer and tries to send as much of the data as it can as it +- # has some form of buffering for this which is less than 256KiB +- # on newer server versions and Windows 11. +- # So DATA should be larger than 256 KiB to make this test reliable. +- DATA = b"x" * (1024 * 256 + 1) ++ # Linux >= 6.10 seems buffering up to 17 pages of data. ++ # So DATA should be large enough to make this test reliable even with a ++ # 64 KiB page configuration. ++ DATA = b"x" * (1024 * 17 * 64 + 1) + # Reduce socket buffer size to test on relative small data sets. + BUF_SIZE = 4 * 1024 # 4 KiB + diff --git a/idle3.appdata.xml b/idle3.appdata.xml new file mode 100644 index 0000000..554b7c4 --- /dev/null +++ b/idle3.appdata.xml @@ -0,0 +1,35 @@ + + + + + idle3.desktop + IDLE3 + CC0 + Python-2.0 + Python 3 Integrated Development and Learning Environment + +

+ IDLE is Python’s Integrated Development and Learning Environment. + The GUI is uniform between Windows, Unix, and Mac OS X. + IDLE provides an easy way to start writing, running, and debugging + Python code. +

+

+ IDLE is written in pure Python, and uses the tkinter GUI toolkit. + It provides: +

+
    +
  • a Python shell window (interactive interpreter) with colorizing of code input, output, and error messages,
    • +
  • a multi-window text editor with multiple undo, Python colorizing, smart indent, call tips, auto completion, and other features,
    • +
  • search within any window, replace within editor windows, and search through multiple files (grep),
    • +
  • a debugger with persistent breakpoints, stepping, and viewing of global and local namespaces.
    • +
+ + https://docs.python.org/3/library/idle.html + + http://in.waw.pl/~zbyszek/fedora/idle3-appdata/idle3-main-window.png + http://in.waw.pl/~zbyszek/fedora/idle3-appdata/idle3-class-browser.png + http://in.waw.pl/~zbyszek/fedora/idle3-appdata/idle3-code-viewer.png + + zbyszek@in.waw.pl + diff --git a/idle3.desktop b/idle3.desktop new file mode 100644 index 0000000..43f5a4c --- /dev/null +++ b/idle3.desktop @@ -0,0 +1,12 @@ +[Desktop Entry] +Version=1.0 +Name=IDLE 3 +GenericName=Python 3 IDE +Comment=Python 3 Integrated Development and Learning Environment +Exec=idle3 %F +TryExec=idle3 +Terminal=false +Type=Application +Icon=idle3 +Categories=Development;IDE; +MimeType=text/x-python; diff --git a/import_failed.map b/import_failed.map new file mode 100644 index 0000000..f33690c --- /dev/null +++ b/import_failed.map @@ -0,0 +1,7 @@ +python311-curses: curses _curses _curses_panel +python311-dbm: dbm _dbm _gdbm +python311-idle: idlelib +python311-testsuite: test _ctypes_test _testbuffer _testcapi _testinternalcapi _testimportmultiple _testmultiphase xxlimited +python311-tk: tkinter _tkinter +python311-tools: turtledemo +python311: sqlite3 readline _sqlite3 nis diff --git a/import_failed.py b/import_failed.py new file mode 100644 index 0000000..258b5a5 --- /dev/null +++ b/import_failed.py @@ -0,0 +1,23 @@ +import sys, os +from sysconfig import get_path + +failed_map_path = os.path.join(get_path('stdlib'), '_import_failed', 'import_failed.map') + +if __spec__: + failed_name = __spec__.name +else: + failed_name = __name__ + +with open(failed_map_path) as fd: + for line in fd: + package = line.split(':')[0] + imports = line.split(':')[1] + if failed_name in imports: + raise ImportError(f"""Module '{failed_name}' is not installed. +Use: + sudo zypper install {package} +to install it.""") + +raise ImportError(f"""Module '{failed_name}' is not installed. +It is supposed to be part of python3 distribution, but missing from failed import map. +Please file a bug on the SUSE Bugzilla.""") diff --git a/macros.python3 b/macros.python3 new file mode 100644 index 0000000..2bd193b --- /dev/null +++ b/macros.python3 @@ -0,0 +1,28 @@ +%have_python3 1 + +# commented out legacy macro definitions +#py3_prefix /usr +#py3_incdir /usr/include/python3.5m +#py3_ver 3.5 + +# these should now be provided by macros.python_all +#python3_sitearch /usr/lib64/python3.5/site-packages +#python3_sitelib /usr/lib/python3.5/site-packages +#python3_version 3.5 + +# hard to say if anyone ever used these? +#py3_soflags cpython-35m-x86_64-linux-gnu +#py3_abiflags m +%cpython3_soabi %(python3 -c "import sysconfig; print(sysconfig.get_config_var('SOABI'))") +%py3_soflags %cpython3_soabi + +# compilation macros that might be in use somewhere +%py3_compile(O) \ +find %1 -name '*.pyc' -exec rm -f {} ";"\ +python3 -c "import sys, os, compileall; br='%{buildroot}'; compileall.compile_dir(sys.argv[1], ddir=br and (sys.argv[1][len(os.path.abspath(br)):]+'/') or None)" %1\ +%{-O:\ +find %1 -name '*.pyo' -exec rm -f {} ";"\ +python3 -O -c "import sys, os, compileall; br='%{buildroot}'; compileall.compile_dir(sys.argv[1], ddir=br and (sys.argv[1][len(os.path.abspath(br)):]+'/') or None)" %1\ +} + + diff --git a/no-skipif-doctests.patch b/no-skipif-doctests.patch new file mode 100644 index 0000000..7e412d7 --- /dev/null +++ b/no-skipif-doctests.patch @@ -0,0 +1,653 @@ +only in patch2: +unchanged: +--- + Doc/library/turtle.rst | 82 ------------------------------------------------- + 1 file changed, 82 deletions(-) + +--- a/Doc/library/turtle.rst ++++ b/Doc/library/turtle.rst +@@ -440,7 +440,6 @@ Turtle motion + turtle is headed. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.position() + (0.00,0.00) +@@ -467,7 +466,6 @@ Turtle motion + >>> turtle.goto(0, 0) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.position() + (0.00,0.00) +@@ -486,13 +484,11 @@ Turtle motion + orientation depends on the turtle mode, see :func:`mode`. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.setheading(22) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.heading() + 22.0 +@@ -511,13 +507,11 @@ Turtle motion + orientation depends on the turtle mode, see :func:`mode`. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.setheading(22) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.heading() + 22.0 +@@ -540,13 +534,11 @@ Turtle motion + not change the turtle's orientation. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.goto(0, 0) + + .. doctest:: +- :skipif: _tkinter is None + + >>> tp = turtle.pos() + >>> tp +@@ -570,13 +562,11 @@ Turtle motion + unchanged. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.goto(0, 240) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.position() + (0.00,240.00) +@@ -592,13 +582,11 @@ Turtle motion + Set the turtle's second coordinate to *y*, leave first coordinate unchanged. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.goto(0, 40) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.position() + (0.00,40.00) +@@ -625,7 +613,6 @@ Turtle motion + =================== ==================== + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.setheading(90) + >>> turtle.heading() +@@ -638,14 +625,12 @@ Turtle motion + its start-orientation (which depends on the mode, see :func:`mode`). + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.setheading(90) + >>> turtle.goto(0, -10) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.heading() + 90.0 +@@ -677,7 +662,6 @@ Turtle motion + calculated automatically. May be used to draw regular polygons. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.position() +@@ -706,7 +690,6 @@ Turtle motion + + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.dot() +@@ -724,7 +707,6 @@ Turtle motion + it by calling ``clearstamp(stamp_id)``. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.color("blue") + >>> turtle.stamp() +@@ -740,7 +722,6 @@ Turtle motion + Delete stamp with given *stampid*. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.position() + (150.00,-0.00) +@@ -785,7 +766,6 @@ Turtle motion + undo actions is determined by the size of the undobuffer. + + .. doctest:: +- :skipif: _tkinter is None + + >>> for i in range(4): + ... turtle.fd(50); turtle.lt(80) +@@ -818,7 +798,6 @@ Turtle motion + turtle turn instantly. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.speed() + 3 +@@ -839,7 +818,6 @@ Tell Turtle's state + Return the turtle's current location (x,y) (as a :class:`Vec2D` vector). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.pos() + (440.00,-0.00) +@@ -855,7 +833,6 @@ Tell Turtle's state + orientation which depends on the mode - "standard"/"world" or "logo". + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.goto(10, 10) + >>> turtle.towards(0,0) +@@ -867,7 +844,6 @@ Tell Turtle's state + Return the turtle's x coordinate. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.left(50) +@@ -883,7 +859,6 @@ Tell Turtle's state + Return the turtle's y coordinate. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.left(60) +@@ -900,7 +875,6 @@ Tell Turtle's state + :func:`mode`). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.left(67) +@@ -917,7 +891,6 @@ Tell Turtle's state + other turtle, in turtle step units. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.distance(30,40) +@@ -941,7 +914,6 @@ Settings for measurement + Default value is 360 degrees. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.left(90) +@@ -964,7 +936,6 @@ Settings for measurement + ``degrees(2*math.pi)``. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.left(90) +@@ -975,7 +946,6 @@ Settings for measurement + 1.5707963267948966 + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.degrees(360) +@@ -1011,7 +981,6 @@ Drawing state + thickness. If no argument is given, the current pensize is returned. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.pensize() + 1 +@@ -1043,7 +1012,6 @@ Drawing state + attributes in one statement. + + .. doctest:: +- :skipif: _tkinter is None + :options: +NORMALIZE_WHITESPACE + + >>> turtle.pen(fillcolor="black", pencolor="red", pensize=10) +@@ -1066,7 +1034,6 @@ Drawing state + Return ``True`` if pen is down, ``False`` if it's up. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.penup() + >>> turtle.isdown() +@@ -1107,7 +1074,6 @@ Color control + newly set pencolor. + + .. doctest:: +- :skipif: _tkinter is None + + >>> colormode() + 1.0 +@@ -1156,7 +1122,6 @@ Color control + with the newly set fillcolor. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.fillcolor("violet") + >>> turtle.fillcolor() +@@ -1195,7 +1160,6 @@ Color control + with the newly set colors. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.color("red", "green") + >>> turtle.color() +@@ -1212,7 +1176,6 @@ Filling + ~~~~~~~ + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.home() +@@ -1222,7 +1185,6 @@ Filling + Return fillstate (``True`` if filling, ``False`` else). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.begin_fill() + >>> if turtle.filling(): +@@ -1247,7 +1209,6 @@ Filling + above may be either all yellow or have some white regions. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.color("black", "red") + >>> turtle.begin_fill() +@@ -1264,7 +1225,6 @@ More drawing control + variables to the default values. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.goto(0,-22) + >>> turtle.left(100) +@@ -1315,7 +1275,6 @@ Visibility + drawing observably. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.hideturtle() + +@@ -1326,7 +1285,6 @@ Visibility + Make the turtle visible. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.showturtle() + +@@ -1357,7 +1315,6 @@ Appearance + deal with shapes see Screen method :func:`register_shape`. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.shape() + 'classic' +@@ -1383,7 +1340,6 @@ Appearance + ``resizemode("user")`` is called by :func:`shapesize` when used with arguments. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.resizemode() + 'noresize' +@@ -1407,7 +1363,6 @@ Appearance + of the shape's outline. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.shapesize() + (1.0, 1.0, 1) +@@ -1432,7 +1387,6 @@ Appearance + heading of the turtle are sheared. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.shape("circle") + >>> turtle.shapesize(5,2) +@@ -1449,7 +1403,6 @@ Appearance + change the turtle's heading (direction of movement). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.reset() + >>> turtle.shape("circle") +@@ -1469,7 +1422,6 @@ Appearance + (direction of movement). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.reset() + >>> turtle.shape("circle") +@@ -1495,7 +1447,6 @@ Appearance + turtle (its direction of movement). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.reset() + >>> turtle.shape("circle") +@@ -1524,7 +1475,6 @@ Appearance + given matrix. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle = Turtle() + >>> turtle.shape("square") +@@ -1540,7 +1490,6 @@ Appearance + can be used to define a new shape or components of a compound shape. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.shape("square") + >>> turtle.shapetransform(4, -1, 0, 2) +@@ -1565,7 +1514,6 @@ Using events + procedural way: + + .. doctest:: +- :skipif: _tkinter is None + + >>> def turn(x, y): + ... left(180) +@@ -1586,7 +1534,6 @@ Using events + ``None``, existing bindings are removed. + + .. doctest:: +- :skipif: _tkinter is None + + >>> class MyTurtle(Turtle): + ... def glow(self,x,y): +@@ -1614,7 +1561,6 @@ Using events + mouse-click event on that turtle. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.ondrag(turtle.goto) + +@@ -1642,7 +1588,6 @@ Special Turtle methods + Return the last recorded polygon. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.begin_poly() +@@ -1662,7 +1607,6 @@ Special Turtle methods + turtle properties. + + .. doctest:: +- :skipif: _tkinter is None + + >>> mick = Turtle() + >>> joe = mick.clone() +@@ -1675,7 +1619,6 @@ Special Turtle methods + return the "anonymous turtle": + + .. doctest:: +- :skipif: _tkinter is None + + >>> pet = getturtle() + >>> pet.fd(50) +@@ -1689,7 +1632,6 @@ Special Turtle methods + TurtleScreen methods can then be called for that object. + + .. doctest:: +- :skipif: _tkinter is None + + >>> ts = turtle.getscreen() + >>> ts +@@ -1707,7 +1649,6 @@ Special Turtle methods + ``None``, the undobuffer is disabled. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.setundobuffer(42) + +@@ -1717,7 +1658,6 @@ Special Turtle methods + Return number of entries in the undobuffer. + + .. doctest:: +- :skipif: _tkinter is None + + >>> while undobufferentries(): + ... undo() +@@ -1740,7 +1680,6 @@ below: + For example: + + .. doctest:: +- :skipif: _tkinter is None + + >>> s = Shape("compound") + >>> poly1 = ((0,0),(10,-5),(0,10),(-10,-5)) +@@ -1751,7 +1690,6 @@ below: + 3. Now add the Shape to the Screen's shapelist and use it: + + .. doctest:: +- :skipif: _tkinter is None + + >>> register_shape("myshape", s) + >>> shape("myshape") +@@ -1771,7 +1709,6 @@ Most of the examples in this section ref + ``screen``. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> screen = Screen() +@@ -1788,7 +1725,6 @@ Window control + Set or return background color of the TurtleScreen. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.bgcolor("orange") + >>> screen.bgcolor() +@@ -1880,7 +1816,6 @@ Window control + distorted. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.reset() + >>> screen.setworldcoordinates(-50,-7.5,50,7.5) +@@ -1891,7 +1826,6 @@ Window control + ... left(45); fd(2) # a regular octagon + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> screen.reset() +@@ -1913,7 +1847,6 @@ Animation control + Optional argument: + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.delay() + 10 +@@ -1935,7 +1868,6 @@ Animation control + :func:`delay`). + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.tracer(8, 25) + >>> dist = 2 +@@ -1972,7 +1904,6 @@ Using screen events + must have the focus. (See method :func:`listen`.) + + .. doctest:: +- :skipif: _tkinter is None + + >>> def f(): + ... fd(50) +@@ -1993,7 +1924,6 @@ Using screen events + must have focus. (See method :func:`listen`.) + + .. doctest:: +- :skipif: _tkinter is None + + >>> def f(): + ... fd(50) +@@ -2018,7 +1948,6 @@ Using screen events + named ``turtle``: + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.onclick(turtle.goto) # Subsequently clicking into the TurtleScreen will + >>> # make the turtle move to the clicked point. +@@ -2038,7 +1967,6 @@ Using screen events + Install a timer that calls *fun* after *t* milliseconds. + + .. doctest:: +- :skipif: _tkinter is None + + >>> running = True + >>> def f(): +@@ -2120,7 +2048,6 @@ Settings and special methods + ============ ========================= =================== + + .. doctest:: +- :skipif: _tkinter is None + + >>> mode("logo") # resets turtle heading to north + >>> mode() +@@ -2135,7 +2062,6 @@ Settings and special methods + values of color triples have to be in the range 0..*cmode*. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.colormode(1) + >>> turtle.pencolor(240, 160, 80) +@@ -2156,7 +2082,6 @@ Settings and special methods + do with a Tkinter Canvas. + + .. doctest:: +- :skipif: _tkinter is None + + >>> cv = screen.getcanvas() + >>> cv +@@ -2168,7 +2093,6 @@ Settings and special methods + Return a list of names of all currently available turtle shapes. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.getshapes() + ['arrow', 'blank', 'circle', ..., 'turtle'] +@@ -2192,7 +2116,6 @@ Settings and special methods + coordinates: Install the corresponding polygon shape. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.register_shape("triangle", ((5,-3), (0,5), (-5,-3))) + +@@ -2208,7 +2131,6 @@ Settings and special methods + Return the list of turtles on the screen. + + .. doctest:: +- :skipif: _tkinter is None + + >>> for turtle in screen.turtles(): + ... turtle.color("red") +@@ -2270,7 +2192,6 @@ Methods specific to Screen, not inherite + center window vertically + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.setup (width=200, height=200, startx=0, starty=0) + >>> # sets window to 200x200 pixels, in upper left of screen +@@ -2286,7 +2207,6 @@ Methods specific to Screen, not inherite + Set title of turtle window to *titlestring*. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.title("Welcome to the turtle zoo!") + +@@ -2357,7 +2277,6 @@ Public classes + Example: + + .. doctest:: +- :skipif: _tkinter is None + + >>> poly = ((0,0),(10,-5),(0,10),(-10,-5)) + >>> s = Shape("compound") +@@ -2743,7 +2662,6 @@ Changes since Python 3.0 + + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> for turtle in turtles(): diff --git a/pre_checkin.sh b/pre_checkin.sh new file mode 100644 index 0000000..a2cf992 --- /dev/null +++ b/pre_checkin.sh @@ -0,0 +1,78 @@ +#!/bin/bash + +export LC_ALL=C + +master=python*.spec + +# create import_failed.map from package definitions +pkgname=$(grep python_pkg_name $master |grep define |awk -F' ' '{print $3}') +MAPFILE=import_failed.map +function new_map_line () { + package=$1 + package=$(echo $1 |sed -e "s:%{python_pkg_name}:$pkgname:") + modules=$2 + if [ -z "$package" -o -z "$modules" ]; then + return + fi + if [[ "$package" =~ "-base" ]]; then + return + fi + echo "$package:$modules" >> $MAPFILE.tmp +} + +for spec in *.spec; do + basename=${spec%.spec} + package= + modules= + while read line; do + case $line in + "%files -n "*) + new_map_line $package "$modules" + package=${line#"%files -n "} + modules= + ;; + "%files "*) + new_map_line $package "$modules" + package=$basename-${line#"%files "} + modules= + ;; + "%files") + new_map_line $package "$modules" + package=$basename + modules= + ;; + "%{sitedir}/config-"*) + # ignore + ;; + "%{sitedir}/"*) + word=${line#"%{sitedir}/"} + if ! echo $word | grep -q /; then + modules="$modules $word" + fi + ;; + "%{dynlib "*"}") + word=${line#"%{dynlib "} + word=${word%"}"} + modules="$modules $word" + ;; + esac + done < $spec + new_map_line $package "$modules" +done + +cat $MAPFILE.tmp |sort -u > $MAPFILE +rm $MAPFILE.tmp + +# run test inclusion check +tar xJf Python-*.xz +python3 skipped_tests.py + +# generate baselibs.conf +VERSION=$(grep ^Version $master|awk -F':' '{print $2}' |sed -e 's/ //g') +python_version=${VERSION:0:3} # 3.3 +python_version_abitag=${python_version//./} # 33 +python_version_soname=${python_version//./_} # 3_3 +echo "$pkgname-base" > baselibs.conf +echo "$pkgname" >> baselibs.conf +echo "libpython$python_version_soname-1_0" >> baselibs.conf + diff --git a/python-3.3.0b1-fix_date_time_compiler.patch b/python-3.3.0b1-fix_date_time_compiler.patch new file mode 100644 index 0000000..cda20d7 --- /dev/null +++ b/python-3.3.0b1-fix_date_time_compiler.patch @@ -0,0 +1,27 @@ +--- + Makefile.pre.in | 7 +++++++ + 1 file changed, 7 insertions(+) + +Index: Python-3.11.8/Makefile.pre.in +=================================================================== +--- Python-3.11.8.orig/Makefile.pre.in ++++ Python-3.11.8/Makefile.pre.in +@@ -1240,11 +1240,18 @@ Modules/getbuildinfo.o: $(PARSER_OBJS) \ + $(DTRACE_OBJS) \ + $(srcdir)/Modules/getbuildinfo.c + $(CC) -c $(PY_CORE_CFLAGS) \ ++ -DDATE="\"`date -u -r Makefile.pre.in +"%b %d %Y"`\"" \ ++ -DTIME="\"`date -u -r Makefile.pre.in +"%T"`\"" \ + -DGITVERSION="\"`LC_ALL=C $(GITVERSION)`\"" \ + -DGITTAG="\"`LC_ALL=C $(GITTAG)`\"" \ + -DGITBRANCH="\"`LC_ALL=C $(GITBRANCH)`\"" \ + -o $@ $(srcdir)/Modules/getbuildinfo.c + ++Python/getcompiler.o: $(srcdir)/Python/getcompiler.c Makefile ++ $(CC) -c $(PY_CORE_CFLAGS) \ ++ -DCOMPILER='"[GCC]"' \ ++ -o $@ $(srcdir)/Python/getcompiler.c ++ + Modules/getpath.o: $(srcdir)/Modules/getpath.c Python/frozen_modules/getpath.h Makefile $(PYTHON_HEADERS) + $(CC) -c $(PY_CORE_CFLAGS) -DPYTHONPATH='"$(PYTHONPATH)"' \ + -DPREFIX='"$(prefix)"' \ diff --git a/python-3.3.0b1-localpath.patch b/python-3.3.0b1-localpath.patch new file mode 100644 index 0000000..475497e --- /dev/null +++ b/python-3.3.0b1-localpath.patch @@ -0,0 +1,13 @@ +Index: Python-3.11.8/Lib/site.py +=================================================================== +--- Python-3.11.8.orig/Lib/site.py ++++ Python-3.11.8/Lib/site.py +@@ -77,7 +77,7 @@ import io + import stat + + # Prefixes for site-packages; add additional prefixes like /usr/local here +-PREFIXES = [sys.prefix, sys.exec_prefix] ++PREFIXES = [sys.prefix, sys.exec_prefix, '/usr/local'] + # Enable per user site-packages directory + # set it to False to disable the feature or True to force the feature + ENABLE_USER_SITE = None diff --git a/python-3.3.0b1-test-posix_fadvise.patch b/python-3.3.0b1-test-posix_fadvise.patch new file mode 100644 index 0000000..ac5d553 --- /dev/null +++ b/python-3.3.0b1-test-posix_fadvise.patch @@ -0,0 +1,17 @@ +--- + Lib/test/test_posix.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +Index: Python-3.11.8/Lib/test/test_posix.py +=================================================================== +--- Python-3.11.8.orig/Lib/test/test_posix.py ++++ Python-3.11.8/Lib/test/test_posix.py +@@ -430,7 +430,7 @@ class PosixTester(unittest.TestCase): + def test_posix_fadvise(self): + fd = os.open(os_helper.TESTFN, os.O_RDONLY) + try: +- posix.posix_fadvise(fd, 0, 0, posix.POSIX_FADV_WILLNEED) ++ posix.posix_fadvise(fd, 0, 0, posix.POSIX_FADV_RANDOM) + finally: + os.close(fd) + diff --git a/python.keyring b/python.keyring new file mode 100644 index 0000000..747bc27 --- /dev/null +++ b/python.keyring @@ -0,0 +1,109 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBFq+ToQBEADRYvIVtbK6owynD3j3nxwpW2KEk/p+aDvtXmc2SR2dBcZ8sFW2 +R5vEsG8d3/D3wgv5pcL3KfNNXQYUnXVbobrFUUWQYc79qIsE3MgiPf5NVOtwKPUR +i5g9YJgKvpBxkQfqp3LYGm9ZBtwo3DVLA3yn7KsazCmAgTNFJYw7ku1XxgmIzY6K +5J30DfbJiqDqj4f9GslCCCCH3qiPnuLG/HUyVLHMpbWlaiy9NI0GcaLxjJewHj9w +W2D2lydkxe5JGo7egUkV3ILcuLVSVKA35SKY27dYqfuyqp9tAzaRbjDYjsYdHA6G +BqrNrKBn/GwlFDPrVdcvN3ZSY2wMLTxWE3Axc/FweuHxFnou/80FwX7F3JD+oEQ6 +rofmcxOBCC7J98I7HZAhP9jBn88XIS2hztbLq8d6rZJZRtcz0k61VR0ddO+TrFmf +9rMYCPgCckRtVxeFIVIabrN1IzKynLFeo040h8hSGswd6YKDOVwjJY6Oa6EmVefZ +a8QSt4+M65RSzH6SEPY008F3nJUAK6MEkzTak+tFltZNrVWu8p2xd1j9nmxAwEhZ +/lgbxLqzYgaUWmfyHeZ8yVA0MhHzdiAL8nVUEdG3KecIq0RWCJLGLWWIjd6KAJl1 +yAmhRYKK/sjPDsL3elHsFACfZbyx3o5GGQNlas1FYoPLWbaNGaJtgFTF2QARAQAB +tCtQYWJsbyBHYWxpbmRvIFNhbGdhZG8gPHBhYmxvZ3NhbEBnbWFpbC5jb20+iQJO +BBMBCgA4FiEEoDXIwZIZuoIezqhrZOYo+NaEaW0FAlq+ToQCGwMFCwkIBwMFFQoJ +CAsFFgIDAQACHgECF4AACgkQZOYo+NaEaW2bmA/+PXIap2udLoUVOHxnsIBdqYwp +sv1Aj5lfIJmNhmxPbHShwp1Jg+w4urxe+2Dj5ofKVlIo1i83bQkvnKJMDXDVuc/K +P6zqhBJ3rT4Q3qx2mzX8bIfQoJ2JHuH4lkP+I7doDcHHRyeNASyk72VdQmU4twNw +Ibn8nSNV6ThKHdoPYzVnO2rZUFcGIqH5HNsvR+B7cc1MBCHsgURYwSVhSePIFGlZ +iasdBD6QQkDSe4QWi7AcJFWFElw4kbOKJWxAWsrEk+tMXJVGRjnmL289EmPCx/vx +BqKy7Mse0yWCSRR3vB+O6TB1S5SgEyEgqlYsfGNv1qf/rfRD4KkyCbNU3LhY1Aim +vJP4pDW+KFxTk2Ks8vrx8gOSd2aFqPeO/pFDrpsF7PD62XwsfoXu4xc5V0Giw7r1 +Nai0nax7kOrldNF8TbbtRjW0jmoC7wLIDujAkwDIOroZ0CXA3N4HVHdSbrHm/urX +nyxJXupXAQNwGx64JCBcbF2fp3Kvu1VAXBEFnd01KaopthHcbG5pA50Kl2Vhe+98 +OdezUX42fHkQpQkB7HgtXfm6W1bw6YRBamrNvs1OoHBYmUjlECpe566IIu25Hc8s +x3qA+6eca7iqizyLG+WyMT8ZIYTWGAS59jxwR4esqGczbbZPSAPHFwLbGv7Wr0Rd +TPu5B0FcKpDkTd4IxQW5Ag0EWr5O2gEQAMjLe4CtbSfofmJrz5wfNkMVsZ81Gbqe +MoYd3dtkJnQYERUj8flzBj3ucaxGJ+Cuf7ybh3naPopKvEI1q0vkcgCDqrEgXK// +jKJbP28uPSMGhOG28q4PbamG55gy5FtM3ezzAxPWWKe9qBpV65GMmFy7eBQx2iJs +yiDIOOQQ4kraS+cTqNFimEXAGLCOQRNLcwIZzwAAHoW7HEpNUfVwaBD9kMlbo1ND +I60IKcNrNcmcmRxhJqfxjj8YBMwcKHO6GBE3AVpaE/+UO9zyr4TH+0YuQUgxKlPW +Dkg5XlkDo0S1GyLY5e9ckIDIlkTdDa2pOkoE2yB5MQCEga3YiHrKUVTTWaxn9XVJ +6x5ZjUF6bgSWGkrG5dUqSYoO1iDMuNVjtiujNyf/rvfj5cNxS7/lgxchhQKZHZXL +WVqxlneeVJ6s0P4+ROVG9ga2Sve7aUJ6wXIewZwulBcV2sE/W/DgxHgLBi53CUQt +vEzFzKvo48GnDqL5VYjA7l0HMYHd4GksCLi8E8U6Cgj+imXiM8voL7pHRZfs8mY8 +udR+UT4e1Scl2MYP2qBJ9/17B/X52B3s1EZdqI/r+hfOyqrhPs+dbAN0mtMPn68+ +nrvY1+nscvrSYEP6ZBlc9Hp2mgJdb6IcTvINXBEeLRjgc3pjViva443pkiFp9Axm +ecOckMKP3uSlABEBAAGJBGwEGAEKACAWIQSgNcjBkhm6gh7OqGtk5ij41oRpbQUC +Wr5O2gIbAgJACRBk5ij41oRpbcF0IAQZAQoAHRYhBM/cokWxBDzypfl4Zf/odAQW +i9hHBQJavk7aAAoJEP/odAQWi9hHr7YP/RCLre1CmOoWYpAtoa1yVCeYMDV6eQgL +B488/BEZHQE1zbrYy16XkhORob3JF/kUMjmJW7XaFF8FrWvRcdj/xaUGbOOEulKg +v+8zWfswYQRiZ4/JlwER4vRLi6fTE89MVER6Fkj2ASD4D2cifY+EztD4flV3sq3s +vIogGFaN9IvdrdeptOVGXs1RmAyoTsiS2mKQ6xsGh8B9ZAm55W8fBOGiSzLX21Xk +Ofdw53BrFQxn3cu/JgIKpdeZxgukcvEAI62B6X+YL6Na4j0eqEGLzsNtU1+xeJlo +WtVvmRwnRHGSxF6fzIZ3mk/p/aFiXAEq/xITCTY6tDv7x7pFE/RpdlJZyNJ+R5Y4 +SQiuDsylxNCa/4G5EB6q+7iVYtbEQ9MnZg2phowEE42tlj0rz8/rvDK3LH3xibot +KHIodCWKlWByxH99u2PuHUQ0c1oCVBUE1KkruMpvI236DpU/dvdq4JLSg/fWrys/ +VIjqLZgsIE5g/KO9XqngWHkLcBLh4CNAmHJ8Iia+s+/rfgsejQWB5uJb6eYg2JjB +4WP1EI0rULM6fdrCNB+MJ36wE2Lnb4bfT0phOMgjjH5/Ki7ZCbkxkOsBs4SRjiS+ +weCsmpAtMqodWY/Cnw9pWSA/qLSRD5/mKeb9SO6OZ/OPfAatwnGHsvZ2sAueC6rR +04W5BfXZWrnJUXQP/id/EKE1Ksp5fKoxSCbkKTCig+Sf5Afwe36yFN+niZBqzn5b +BgL/HIKaZM97oDHersPPANeEgS+JVlBf95iKIYnQbZP43FLVbvOuaINhBIVtFO54 +2Y7EYwl41kP7ILDElVy36KAmdQyBAfrjnZiRA70xShOxApLug1L0lxhR3YfmLwNi +RJ0V6KnYDKf0pfdhO9VFyFFWUojX1usn2SmSsXNizsNtvRqHXzPnX0rbJzZ9+N4O +9k1nxygYFG/2R/jGonVmTjRzcAHrAkNJETMWXMA7/8wRMDwluz8j+cCldey9x8Vk +JwgLGnZSbQtVpcFAnm5r/36Gt+9wc1VWMyrUrVr6Z679aqAbG7PMaeR5h5ygMj1k +VqRTYAUPSk1f8bZKRssQkQwEbp9dVIjm9SsR8VT7/tB+UuB85dABxgHfv3psJRT+ +tL8g9V7kSZqQfcLNGmvEVvr2Zl9NtxwXtsFM2OBprxCenwb+e9Ppm1LjfJG/NE72 +mAnOERfDaiLt4bqNo36Ei5sGCJ4Fx61phzNBXzkdRNM47i8J5UZRKFkE91c99BVM +HKUaY61NRK24fR0zP98ftDU82YFw0VRFJpTeBrO5ivN1MlQxUPzUWxKxMxO+20wa +UOXroEw11Tb4SRLGOla1pCl6lCUPJRy9IzadPDgTr/OTMkob/snt/XLdnV5/uQIN +BFq+TvoBEAC8Oy1g6pPWBbrCMhIq7VWY2fjylJ1fwg5BPXkOKVK1dsGYO4QD7oW9 +L0aSqcFSNFGF9Cl0Ri4TFXZC3hnG4HeSXUWApuKdBLn21H3jba36Ay1oGcGfdm0v +Zght4c6BlMVBpGCw2wIkJbUNEy6InMM+O8CCbbaH3iJkJ4141P7pODHignx5AmZI +conMui4YOhC+IXQXynVEv1Juk7erB1Nh1RcRvsA4lb44HWx49lIwe85ejOmoZ0O3 +6f9NJRer6bV0+rHWmg4IV5Q9h/Gn4IhEDZxA0DZl1RQI7dMgaMbIFbXGq7Kgzstz +EUnOoy29hXodxVmwIsMrAiQUYtwJ9hW+ESsw47+W2iPHVgviGWl7r/SgcgMYmf6m +5kiTBtwU7BQPS9G3zwwP2Rm3AA/6g39Q+tQKjOwi1I8+GZsY2On44Zly7BreBNg5 +4gJgdAGcMOYU9etr050clH3UpTYcAEtX++ahtOKhJgLIPNcIAQNlnifqvU0VYpgw +R4YpZ7hgg+AVDzC73PIM0lFI0XiDuqChbxE+K1jmLXWe5iJF0dzgVTwP+PmsifNZ +Wg3+YxSsS+hDMPQ2xPiQN49gT4JJDHcDuyhHyCGYgyMiVJCsku9KrkubbfVRivyN +ZF2Zfo3f+nbrRxsftz0yjAq8byCvb0V0XOpt4pJ/ddlug9ytRxALNwARAQABiQI2 +BBgBCgAgFiEEoDXIwZIZuoIezqhrZOYo+NaEaW0FAlq+TvoCGwwACgkQZOYo+NaE +aW3urA//UQ/cKQ7HvWjcLphzQOZc+6m5YL0wxvZkSjemU7mqjZdpacteIvRAoers +EqXHc208liIBtNfRzoreXdcXNzie65xXkrRnWoHVH/fTWy4lOnHr2CMXLeHjUgg/ +M6PYi8+sARm05YFB8nsYhlhx3IdLhcfeVVbJedQKO0yL3CK1okT30DUVq5Lq6X/K +DC6AxuJR3D6UMSoT0WLaoX8qbhAp88qLynInfBVL18d97h916WPLTPeP0eHwhwND +bYtKDCMDuKQ9XX5+QsNH0RmbxlX274LHrUMMvkLKxcfCBvP+iuqrBeIuoeVzXYJZ +j7ZJtEH79bW44eecl/CY/STFYgSQ2XGTp2BI2q60wAmtKlNhwxY5ena0FgyFl6Tm +5OBHW/Pwo+ndQJGfbrCyWkTgRay9c8er3gl3GQYIBH6X0kCiG7h/Epj0b5CHOPU5 +hCw0kEB8MB4poTIjeiY+Q01472/lQ68CL3DX158hR5d3XaPSIxAN+qFsfB1o316p +yjxhfK1MD/IfrOgjlggPPnc/KmLkCzpgdwKcZwLCdZq9hYBvF1Zs34HbaVMYbWTK +uxLowtXGU43vatCXXqmPOvl4/g4tZD6rysJDgOrHQnEHzT+Napn07s0BRC0IbbNn +FynUrkr5KMSuRz7Hg7xMApENOrb0nqdHSUJ914ZpuMIS6RhJgGu5Ag0EWr5PIAEQ +ALfh9vPD2B+miHDTMADI8aRZ7g9tnzynZYkk3+2sCiiusetsQQ+HIPJ/ASEJB7On +ane9dyT/LTRhrK9qaxgVMimk2COXB/xyh7Mnw7nJgFU0aRSbtX0vbvQz2suSzrQ6 +9mPKzan28JGoClqB0bw1vwf3VjjxHV2dgD57CmqFPv7kAC/2a56dE+etzXattZAL ++2JWTpmfQ0ePRRadtBm0VahQhnU8x0+jvAVrEawqpVW83ozYFyW/0WInM2J7jHgQ +16OosY4lj5L/DxpVxaArhRFoRfWPXfC37iE8Mou/I95isvPQIhp1wTo4jG0KM02B +oIVbp/QRNBQ6WtpOzvJs1gqQiJJTfqbKJXQ3NDEY9crpVS83HJ+Zv99PNsyNkFjG +QpU84U3ZhsI4ygjdY45mpZueqI1RVcRQdu8Hgvoo/78Q/Sir6gMGop3mVdVo2guI +kFcJrXh0Xk3ech4aVqrmKx/mPXGwOAQU0DAul4RW3fKg1QxQE7Tlw3+95Ee/+q5j +HARL0uDbCJpRO8Sl8NDEuL32n/2Ot6kQeCSHrU7KJRYAkTxkKvr8zNow7hFhHFPE +SnHvTnskI6noh0VY6NwMhmLvhm0wKkRxZPzUNc3sgLvbK1NymIZ9aKCZamzhZrmG +vnblEz/OSLwGUua465H3hM1vvBQiartj7+6ZqWIkSmBPABEBAAGJAjYEGAEKACAW +IQSgNcjBkhm6gh7OqGtk5ij41oRpbQUCWr5PIAIbIAAKCRBk5ij41oRpbWmeEACG ++axtDC8UoNp9ORiYwEWLzZWDuugE+ah7DYYGD4Vs633FXVZW3SgM/bFtJ/0Lg8CF +74jI4LMHyIjDzEjcoItwnhBLix+kUoJTvrY58GPydwekLuw1p4KXLqtRs4fsZbNQ +YTknl4jYtRWoxO98x7tun7Gq2gqmJkIB2uj630fKz5cBk6p6oDFKjzyrHe+V7BiK +3okQPaD4x7hq8OnTy7lOy92ZZAqztS4tNEb4DkYW1MpuwsJ7hbBZitc1siI+FVVb +GjVVGZz6ssXoW67Tz8+VxdWJxNLXlv27eMcj4sme5S0th/YYNA5fRRv6zuzqZAru +YNGLpYYU7JLvZJ+3lCwa5j5ycOGBF0GvsGs6gj6h+CHkjR/BgzAgWC+GgUgslt6q +aH04rWtV6rVz+Y91LcrX5P6OM4anmXD3Gp3kl35AypXb4KyASF19+11RUziD4Z7q +wQEWfbwOltNyZv2lD8s2jPr7P02axWRQUbZAEhxRmvOQev/FZPyCF6gqUo/HxRbQ +y3bzmnipyHSv1DlXNfCFCHvN8kGyZnRWARqIKRg+j9ediJgOUqlLhg6KmrTVxd5v +3Dfv52PW2UODDTM20s3cQGuX/UswzMRwPI/+P44iCMwEKdm7duM/5oisZT9Vhy7g +P15MreFZLcZvUVgjqgy0u57cstyGK1Bo9e2sFcK2fA== +=6Zb4 +-----END PGP PUBLIC KEY BLOCK----- diff --git a/python311-rpmlintrc b/python311-rpmlintrc new file mode 100644 index 0000000..6c3d3b0 --- /dev/null +++ b/python311-rpmlintrc @@ -0,0 +1,4 @@ +addFilter("pem-certificate.*/usr/lib.*/python.*/test/*.pem") +addFilter("devel-file-in-non-devel-package.*/usr/lib.*/python.*/tests/*.c") +addFilter("devel-file-in-non-devel-package.*/usr/lib.*/python.*/test/*.cpp") +addFilter("python-bytecode-inconsistent-mtime.*\.pyc") diff --git a/python311.changes b/python311.changes new file mode 100644 index 0000000..4f823b9 --- /dev/null +++ b/python311.changes @@ -0,0 +1,5624 @@ +------------------------------------------------------------------- +Mon Jun 9 17:19:32 UTC 2025 - Matej Cepl + +- Update to 3.11.13: + - Security + - gh-135034: Fixes multiple issues that allowed tarfile + extraction filters (filter="data" and filter="tar") + to be bypassed using crafted symlinks and hard links. + Addresses CVE-2024-12718 (bsc#1244056), CVE-2025-4138 + (bsc#1244059), CVE-2025-4330 (bsc#1244060), and + CVE-2025-4517 (bsc#1244032). Also addresses CVE-2025-4435 + (gh#135034, bsc#1244061). + - gh-133767: Fix use-after-free in the “unicode-escape” + decoder with a non-“strict” error handler (CVE-2025-4516, + bsc#1243273). + - gh-128840: Short-circuit the processing of long IPv6 + addresses early in ipaddress to prevent excessive memory + consumption and a minor denial-of-service. + - Library + - gh-128840: Fix parsing long IPv6 addresses with embedded + IPv4 address. + - gh-134062: ipaddress: fix collisions in __hash__() for + IPv4Network and IPv6Network objects. + - gh-123409: Fix ipaddress.IPv6Address.reverse_pointer output + according to RFC 3596, §2.5. Patch by Bénédikt Tran. + - bpo-43633: Improve the textual representation of + IPv4-mapped IPv6 addresses (RFC 4291 Sections 2.2, 2.5.5.2) + in ipaddress. Patch by Oleksandr Pavliuk. +- Remove upstreamed patches: + - gh-126572-test_ssl-no-stop-ThreadedEchoServer-OSError.patch + - CVE-2025-4516-DecodeError-handler.patch + +------------------------------------------------------------------- +Thu May 22 13:01:17 UTC 2025 - Matej Cepl + +- Add CVE-2025-4516-DecodeError-handler.patch fixing + CVE-2025-4516 (bsc#1243273) blocking DecodeError handling + vulnerability, which could lead to DoS. + +------------------------------------------------------------------- +Sat May 17 10:02:27 UTC 2025 - Matej Cepl + +- Use extended %autopatch. + +------------------------------------------------------------------- +Sat May 10 11:38:24 UTC 2025 - Matej Cepl + +- Remove python-3.3.0b1-test-posix_fadvise.patch (not needed + since kernel 3.6-rc1) + +------------------------------------------------------------------- +Fri Apr 18 14:05:38 UTC 2025 - Matej Cepl + +- Update to 3.11.12: + - gh-131809: Update bundled libexpat to 2.7.1 + - gh-131261: Upgrade to libexpat 2.7.0 + - gh-105704: When using urllib.parse.urlsplit() and + urllib.parse.urlparse() host parsing would not reject domain + names containing square brackets ([ and ]). Square brackets + are only valid for IPv6 and IPvFuture hosts according to RFC + 3986 Section 3.2.2 (bsc#1236705, CVE-2025-0938, + gh#python/cpython#105704). + - gh-121284: Fix bug in the folding of rfc2047 encoded-words + when flattening an email message using a modern email + policy. Previously when an encoded-word was too long for + a line, it would be decoded, split across lines, and + re-encoded. But commas and other special characters in the + original text could be left unencoded and unquoted. This + could theoretically be used to spoof header lines using a + carefully constructed encoded-word if the resulting rendered + email was transmitted or re-parsed. + - gh-80222: Fix bug in the folding of quoted strings + when flattening an email message using a modern email + policy. Previously when a quoted string was folded so that + it spanned more than one line, the surrounding quotes and + internal escapes would be omitted. This could theoretically + be used to spoof header lines using a carefully constructed + quoted string if the resulting rendered email was transmitted + or re-parsed. + - gh-119511: Fix a potential denial of service in the imaplib + module. When connecting to a malicious server, it could + cause an arbitrary amount of memory to be allocated. On many + systems this is harmless as unused virtual memory is only + a mapping, but if this hit a virtual address size limit + it could lead to a MemoryError or other process crash. On + unusual systems or builds where all allocated memory is + touched and backed by actual ram or storage it could’ve + consumed resources doing so until similarly crashing. + - gh-127257: In ssl, system call failures that OpenSSL reports + using ERR_LIB_SYS are now raised as OSError. + - gh-121277: Writers of CPython’s documentation can now use + next as the version for the versionchanged, versionadded, + deprecated directives. + - gh-106883: Disable GC during the _PyThread_CurrentFrames() + and _PyThread_CurrentExceptions() calls to avoid the + interpreter to deadlock. +- Remove upstreamed patch: + - CVE-2025-0938-sq-brackets-domain-names.patch +- Add gh-126572-test_ssl-no-stop-ThreadedEchoServer-OSError.patch + which makes test_ssl not to stop ThreadedEchoServer on OSError, + which makes test_ssl pass with OpenSSL 3.5 (bsc#1241067, + gh#python/cpython!126572) + +------------------------------------------------------------------- +Wed Mar 12 15:05:46 UTC 2025 - Bernhard Wiedemann + +- Allow to disable PGO + +------------------------------------------------------------------- +Mon Mar 10 15:44:31 UTC 2025 - Bernhard Wiedemann + +- Skip PGO with %want_reproducible_builds (bsc#1239210) + +------------------------------------------------------------------- +Tue Feb 4 14:43:13 UTC 2025 - Matej Cepl + +- Add CVE-2025-0938-sq-brackets-domain-names.patch which + disallows square brackets ([ and ]) in domain names for parsed + URLs (bsc#1236705, CVE-2025-0938, gh#python/cpython#105704) + +------------------------------------------------------------------- +Mon Jan 27 09:00:48 UTC 2025 - Daniel Garcia + +- Configure externally_managed with a bcond + https://en.opensuse.org/openSUSE:Python:Externally_managed + bsc#1228165 + +------------------------------------------------------------------- +Wed Dec 4 21:40:41 UTC 2024 - Matej Cepl + +- Update to 3.11.11: + - Tools/Demos + - gh-123418: Update GitHub CI workflows to use OpenSSL 3.0.15 + and multissltests to use 3.0.15, 3.1.7, and 3.2.3. + - Tests + - gh-125041: Re-enable skipped tests for zlib on the + s390x architecture: only skip checks of the compressed + bytes, which can be different between zlib’s software + implementation and the hardware-accelerated implementation. + - Security + - gh-126623: Upgrade libexpat to 2.6.4 + - gh-122792: Changed IPv4-mapped ipaddress.IPv6Address to + consistently use the mapped IPv4 address value for deciding + properties. Properties which have their behavior fixed are + is_multicast, is_reserved, is_link_local, is_global, and + is_unspecified. + - Library + - gh-124651: Properly quote template strings in venv + activation scripts (bsc#1232241, CVE-2024-9287). +- Removed upstreamed patches: + - CVE-2024-9287-venv_path_unquoted.patch + +------------------------------------------------------------------- +Tue Dec 3 08:21:35 UTC 2024 - John Paul Adrian Glaubitz + +- Add add-loongarch64-support.patch to support loongarch64 + +------------------------------------------------------------------- +Mon Dec 2 22:50:07 UTC 2024 - Matej Cepl + +- Fix changelog + +------------------------------------------------------------------- +Mon Nov 11 12:43:40 UTC 2024 - Daniel Garcia + +- Remove -IVendor/ from python-config boo#1231795 + +------------------------------------------------------------------- +Fri Nov 1 16:32:10 UTC 2024 - Matej Cepl + +- Add CVE-2024-9287-venv_path_unquoted.patch to properly quote + path names provided when creating a virtual environment + (bsc#1232241, CVE-2024-9287) + +------------------------------------------------------------------- +Wed Oct 2 16:18:29 UTC 2024 - Matej Cepl + +- Drop .pyc files from docdir for reproducible builds + (bsc#1230906). + +------------------------------------------------------------------- +Mon Sep 9 16:53:07 UTC 2024 - Matej Cepl + +- Update to 3.11.10: + - Security + - gh-123678: Upgrade libexpat to 2.6.3 + - gh-121957: Fixed missing audit events around interactive + use of Python, now also properly firing for ``python -i``, + as well as for ``python -m asyncio``. The event in question + is ``cpython.run_stdin``. + - gh-122133: Authenticate the socket connection for the + ``socket.socketpair()`` fallback on platforms where + ``AF_UNIX`` is not available like Windows. Patch by + Gregory P. Smith and Seth Larson + . Reported by Ellie + - gh-121285: Remove backtracking from tarfile header parsing + for ``hdrcharset``, PAX, and GNU sparse headers + (bsc#1230227, CVE-2024-6232). + - gh-118486: :func:`os.mkdir` on Windows now accepts + *mode* of ``0o700`` to restrict the new directory to + the current user. This fixes CVE-2024-4030 affecting + :func:`tempfile.mkdtemp` in scenarios where the base + temporary directory is more permissive than the default. + - gh-116741: Update bundled libexpat to 2.6.2 + - Library + - gh-123270: Applied a more surgical fix for malformed + payloads in :class:`zipfile.Path` causing infinite loops + (gh-122905) without breaking contents using legitimate + characters (bsc#1229704, CVE-2024-8088). + - gh-123067: Fix quadratic complexity in parsing ``"``-quoted + cookie values with backslashes by :mod:`http.cookies` + (bsc#1229596, CVE-2024-7592). + - gh-122905: :class:`zipfile.Path` objects now sanitize names + from the zipfile. + - gh-121650: :mod:`email` headers with embedded newlines are + now quoted on output. The :mod:`~email.generator` will now + refuse to serialize (write) headers that are unsafely folded + or delimited; see :attr:`~email.policy.Policy.verify_generated_headers`. + (Contributed by Bas Bloemsaat and Petr Viktorin in + :gh:`121650`; CVE-2024-6923, bsc#1228780). + - gh-119506: Fix :meth:`!io.TextIOWrapper.write` method + breaks internal buffer when the method is called again + during flushing internal buffer. + - gh-118643: Fix an AttributeError in the :mod:`email` module + when re-fold a long address list. Also fix more cases of + incorrect encoding of the address separator in the address + list. + - gh-113171: Fixed various false positives and false + negatives in * :attr:`ipaddress.IPv4Address.is_private` + (see these docs for details) * + :attr:`ipaddress.IPv4Address.is_global` * + :attr:`ipaddress.IPv6Address.is_private` * + :attr:`ipaddress.IPv6Address.is_global` Also in the + corresponding :class:`ipaddress.IPv4Network` and + :class:`ipaddress.IPv6Network` attributes. + Fixes bsc#1226448 (CVE-2024-4032). + - gh-102988: :func:`email.utils.getaddresses` and + :func:`email.utils.parseaddr` now return ``('', '')`` + 2-tuples in more situations where invalid email addresses + are encountered instead of potentially inaccurate + values. Add optional *strict* parameter to these two + functions: use ``strict=False`` to get the old behavior, + accept malformed inputs. ``getattr(email.utils, + 'supports_strict_parsing', False)`` can be use to check if + the *strict* paramater is available. Patch by Thomas Dwyer + and Victor Stinner to improve the CVE-2023-27043 fix + (bsc#1210638). + - gh-67693: Fix :func:`urllib.parse.urlunparse` and + :func:`urllib.parse.urlunsplit` for URIs with path starting + with multiple slashes and no authority. Based on patch by + Ashwin Ramaswami. + - Core and Builtins + - gh-112275: A deadlock involving ``pystate.c``'s + ``HEAD_LOCK`` in ``posixmodule.c`` at fork is now + fixed. Patch by ChuBoning based on previous Python 3.12 fix + by Victor Stinner. + - gh-109120: Added handle of incorrect star expressions, e.g + ``f(3, *)``. Patch by Grigoryev Semyon +- Removed upstreamed patches: + - CVE-2023-27043-email-parsing-errors.patch + - CVE-2024-4032-private-IP-addrs.patch + - CVE-2024-6923-email-hdr-inject.patch + - CVE-2024-8088-inf-loop-zipfile_Path.patch + (renamed from CVE-2024-8088-zipfile-Path-sanitization.patch) + - CVE-2024-6232-ReDOS-backtrack-tarfile.patch + - CVE-2024-7592-quad-complex-cookies.patch + +------------------------------------------------------------------- +Mon Sep 2 09:44:26 UTC 2024 - Matej Cepl + +- Add gh120226-fix-sendfile-test-kernel-610.patch to avoid + failing test_sendfile_close_peer_in_the_middle_of_receiving + tests on Linux >= 6.10 (GH-120227). + +------------------------------------------------------------------- +Wed Aug 28 16:54:34 UTC 2024 - Matej Cepl + +- Add CVE-2024-8088-inf-loop-zipfile_Path.patch to prevent + malformed payload to cause infinite loops in zipfile.Path + (bsc#1229704, CVE-2024-8088). + +------------------------------------------------------------------- +Wed Aug 7 12:12:42 UTC 2024 - Matej Cepl + +- Add CVE-2024-6923-email-hdr-inject.patch to prevent email + header injection due to unquoted newlines (bsc#1228780, + CVE-2024-6923). +- %{profileopt} variable is set according to the variable + %{do_profiling} (bsc#1227999) + +------------------------------------------------------------------- +Mon Jul 22 21:20:55 UTC 2024 - Matej Cepl + +- Remove %suse_update_desktop_file macro as it is not useful any + more. + +------------------------------------------------------------------- +Thu Jul 18 22:37:07 UTC 2024 - Matej Cepl + +- Adding bso1227999-reproducible-builds.patch fixing bsc#1227999 + adding reproducibility patches from gh#python/cpython!121872 + and gh#python/cpython!121883. + +------------------------------------------------------------------- +Mon Jul 15 12:14:05 UTC 2024 - Matej Cepl + +- Stop using %%defattr, it seems to be breaking proper executable + attributes on /usr/bin/ scripts (bsc#1227378). + +------------------------------------------------------------------- +Tue Jul 2 10:32:58 UTC 2024 - Daniel Garcia + +- Update F00251-change-user-install-location.patch to make pip and + modern tools install directly in /usr/local when used by the user. + bsc#1225660 + +------------------------------------------------------------------- +Tue Jun 25 21:57:40 UTC 2024 - Matej Cepl + +- Add CVE-2024-4032-private-IP-addrs.patch to fix bsc#1226448 + (CVE-2024-4032) rearranging definition of private v global IP + addresses. + +------------------------------------------------------------------- +Wed May 1 08:39:08 UTC 2024 - Matej Cepl + +- Update CVE-2023-52425-libexpat-2.6.0-backport.patch + so that it uses features sniffing, not just + comparing version number. Include also + support-expat-CVE-2022-25236-patched.patch. +- Add CVE-2023-52425-remove-reparse_deferral-tests.patch skipping + failing tests. +- Refresh patches: + - CVE-2023-27043-email-parsing-errors.patch + - fix_configure_rst.patch + - skip_if_buildbot-extend.patch +- Remove included patch: + - support-expat-CVE-2022-25236-patched.patch + +------------------------------------------------------------------- +Mon Apr 15 10:31:32 UTC 2024 - Daniel Garcia + +- Add CVE-2023-52425-libexpat-2.6.0-backport.patch to fix tests with + patched libexpat below 2.6.0 that doesn't update the version number, + just in SLE. + +------------------------------------------------------------------- +Mon Apr 8 05:44:04 UTC 2024 - Daniel Garcia + +- Remove not needed upstream patches: + * libexpat260.patch + * CVE-2023-6597-TempDir-cleaning-symlink.patch, bsc#1219666 + * CVE-2024-0397-memrace_ssl.SSLContext_cert_store.patch + +- Update to 3.11.9: + * Security + - gh-115398: Allow controlling Expat >=2.6.0 reparse deferral + (CVE-2023-52425, bsc#1219559) by adding five new methods: + xml.etree.ElementTree.XMLParser.flush() + xml.etree.ElementTree.XMLPullParser.flush() + xml.parsers.expat.xmlparser.GetReparseDeferralEnabled() + xml.parsers.expat.xmlparser.SetReparseDeferralEnabled() + xml.sax.expatreader.ExpatParser.flush() + - gh-115399: Update bundled libexpat to 2.6.0 + - gh-115243: Fix possible crashes in collections.deque.index() + when the deque is concurrently modified. + - gh-114572: ssl.SSLContext.cert_store_stats() and + ssl.SSLContext.get_ca_certs() now correctly lock access to the + certificate store, when the ssl.SSLContext is shared across + multiple threads (bsc#1226447, CVE-2024-0397). + * Core and Builtins + - gh-116296: Fix possible refleak in object.__reduce__() internal + error handling. + - gh-116034: Fix location of the error on a failed assertion. + - gh-115823: Properly calculate error ranges in the parser when + raising SyntaxError exceptions caused by invalid byte sequences. + Patch by Pablo Galindo + - gh-112087: For an empty reverse iterator for list will be + reduced to reversed(). Patch by Donghee Na. + - gh-115011: Setters for members with an unsigned integer type now + support the same range of valid values for objects that has a + __index__() method as for int. + - gh-96497: Fix incorrect resolution of mangled class variables + used in assignment expressions in comprehensions. + * Library + - gh-117310: Fixed an unlikely early & extra Py_DECREF triggered + crash in ssl when creating a new _ssl._SSLContext if CPython was + built implausibly such that the default cipher list is empty or + the SSL library it was linked against reports a failure from its + C SSL_CTX_set_cipher_list() API. + - gh-117178: Fix regression in lazy loading of self-referential + modules, introduced in gh-114781. + - gh-117084: Fix zipfile extraction for directory entries with the + name containing backslashes on Windows. + - gh-117110: Fix a bug that prevents subclasses of typing.Any to + be instantiated with arguments. Patch by Chris Fu. + - gh-90872: On Windows, subprocess.Popen.wait() no longer calls + WaitForSingleObject() with a negative timeout: pass 0 ms if the + timeout is negative. Patch by Victor Stinner. + - gh-116957: configparser: Don’t leave ConfigParser values in an + invalid state (stored as a list instead of a str) after an + earlier read raised DuplicateSectionError or + DuplicateOptionError. + - gh-90095: Ignore empty lines and comments in .pdbrc + - gh-116764: Restore support of None and other false values in + urllib.parse functions parse_qs() and parse_qsl(). Also, they + now raise a TypeError for non-zero integers and non-empty + sequences. + - gh-116811: In PathFinder.invalidate_caches, delegate to + MetadataPathFinder.invalidate_caches. + - gh-116600: Fix repr() for global Flag members. + - gh-116484: Change automatically generated tkinter.Checkbutton + widget names to avoid collisions with automatically generated + tkinter.ttk.Checkbutton widget names within the same parent + widget. + - gh-116401: Fix blocking os.fwalk() and shutil.rmtree() on + opening named pipe. + - gh-116143: Fix a race in pydoc _start_server, eliminating a + window in which _start_server can return a thread that is + “serving” but without a docserver set. + - gh-116325: typing: raise SyntaxError instead of AttributeError + on forward references as empty strings. + - gh-90535: Fix support of interval values > 1 in + logging.TimedRotatingFileHandler for when='MIDNIGHT' and + when='Wx'. + - gh-115978: Disable preadv(), readv(), pwritev(), and writev() on + WASI. + - Under wasmtime for WASI 0.2, these functions don’t pass + test_posix + (https://github.com/bytecodealliance/wasmtime/issues/7830). + - gh-88352: Fix the computation of the next rollover time in the + logging.TimedRotatingFileHandler handler. computeRollover() now + always returns a timestamp larger than the specified time and + works correctly during the DST change. doRollover() no longer + overwrite the already rolled over file, saving from data loss + when run at midnight or during repeated time at the DST change. + - gh-87115: Set __main__.__spec__ to None when running a script + with pdb + - gh-76511: Fix UnicodeEncodeError in email.Message.as_string() + that results when a message that claims to be in the ascii + character set actually has non-ascii characters. Non-ascii + characters are now replaced with the U+FFFD replacement + character, like in the replace error handler. + - gh-75988: Fixed unittest.mock.create_autospec() to pass the call + through to the wrapped object to return the real result. + - gh-115881: Fix issue where ast.parse() would incorrectly flag + conditional context managers (such as with (x() if y else z()): + ...) as invalid syntax if feature_version=(3, 8) was passed. + This reverts changes to the grammar made as part of gh-94949. + - gh-115886: Fix silent truncation of the name with an embedded + null character in multiprocessing.shared_memory.SharedMemory. + - gh-115809: Improve algorithm for computing which rolled-over log + files to delete in logging.TimedRotatingFileHandler. It is now + reliable for handlers without namer and with arbitrary + deterministic namer that leaves the datetime part in the file + name unmodified. + - gh-74668: urllib.parse functions parse_qs() and parse_qsl() now + support bytes arguments containing raw and percent-encoded + non-ASCII data. + - gh-67044: csv.writer() now always quotes or escapes '\r' and + '\n', regardless of lineterminator value. + - gh-115712: csv.writer() now quotes empty fields if delimiter is + a space and skipinitialspace is true and raises exception if + quoting is not possible. + - gh-115618: Fix improper decreasing the reference count for None + argument in property methods getter(), setter() and deleter(). + - gh-115570: A DeprecationWarning is no longer omitted on access + to the __doc__ attributes of the deprecated typing.io and + typing.re pseudo-modules. + - gh-112006: Fix inspect.unwrap() for types with the __wrapper__ + data descriptor. + - gh-101293: Support callables with the __call__() method and + types with __new__() and __init__() methods set to class + methods, static methods, bound methods, partial functions, and + other types of methods and descriptors in + inspect.Signature.from_callable(). + - gh-115392: Fix a bug in doctest where incorrect line numbers + would be reported for decorated functions. + - gh-114563: Fix several format() bugs when using the C + implementation of Decimal: * memory leak in some rare cases when + using the z format option (coerce negative 0) * incorrect output + when applying the z format option to type F (fixed-point with + capital NAN / INF) * incorrect output when applying the # format + option (alternate form) + - gh-115197: urllib.request no longer resolves the hostname before + checking it against the system’s proxy bypass list on macOS and + Windows. + - gh-115198: Fix support of Docutils >= 0.19 in distutils. + - gh-115165: Most exceptions are now ignored when attempting to + set the __orig_class__ attribute on objects returned when + calling typing generic aliases (including generic aliases + created using typing.Annotated). Previously only AttributeError + was ignored. Patch by Dave Shawley. + - gh-115133: Fix tests for XMLPullParser with Expat 2.6.0. + - gh-115059: io.BufferedRandom.read1() now flushes the underlying + write buffer. + - gh-79382: Trailing ** no longer allows to match files and + non-existing paths in recursive glob(). + - gh-114763: Protect modules loaded with importlib.util.LazyLoader + from race conditions when multiple threads try to access + attributes before the loading is complete. + - gh-97959: Fix rendering class methods, bound methods, method and + function aliases in pydoc. Class methods no longer have “method + of builtins.type instance” note. Corresponding notes are now + added for class and unbound methods. Method and function aliases + now have references to the module or the class where the origin + was defined if it differs from the current. Bound methods are + now listed in the static methods section. Methods of builtin + classes are now supported as well as methods of Python classes. + - gh-112281: Allow creating union of types for typing.Annotated + with unhashable metadata. + - gh-111775: Fix importlib.resources.simple.ResourceHandle.open() + for text mode, added missed stream argument. + - gh-90095: Make .pdbrc and -c work with any valid pdb commands. + - gh-107155: Fix incorrect output of help(x) where x is a lambda + function, which has an __annotations__ dictionary attribute with + a "return" key. + - gh-105866: Fixed _get_slots bug which caused error when defining + dataclasses with slots and a weakref_slot. + - gh-60346: Fix ArgumentParser inconsistent with parse_known_args. + - gh-100985: Update HTTPSConnection to consistently wrap IPv6 + Addresses when using a proxy. + - gh-100884: email: fix misfolding of comma in address-lists + over multiple lines in combination with unicode encoding + (bsc#1238450 CVE-2025-1795) + - gh-95782: Fix io.BufferedReader.tell(), + io.BufferedReader.seek(), _pyio.BufferedReader.tell(), + io.BufferedRandom.tell(), io.BufferedRandom.seek() and + _pyio.BufferedRandom.tell() being able to return negative + offsets. + - gh-96310: Fix a traceback in argparse when all options in a + mutually exclusive group are suppressed. + - gh-93205: Fixed a bug in + logging.handlers.TimedRotatingFileHandler where multiple + rotating handler instances pointing to files with the same name + but different extensions would conflict and not delete the + correct files. + - bpo-44865: Add missing call to localization function in + argparse. + - bpo-43952: Fix multiprocessing.connection.Listener.accept() to + accept empty bytes as authkey. Not accepting empty bytes as key + causes it to hang indefinitely. + - bpo-42125: linecache: get module name from __spec__ if + available. This allows getting source code for the __main__ + module when a custom loader is used. + - gh-66543: Make mimetypes.guess_type() properly parsing of URLs + with only a host name, URLs containing fragment or query, and + filenames with only a UNC sharepoint on Windows. Based on patch + by Dong-hee Na. + - bpo-33775: Add ‘default’ and ‘version’ help text for + localization in argparse. + * Documentation + - gh-115399: Document CVE-2023-52425 of Expat <2.6.0 under “XML + vulnerabilities”. + - gh-115233: Fix an example for LoggerAdapter in the Logging + Cookbook. + * Tests + - gh-83434: Disable JUnit XML output (--junit-xml=FILE command + line option) in regrtest when hunting for reference leaks (-R + option). Patch by Victor Stinner. + - gh-117187: Fix XML tests for vanilla Expat <2.6.0. + - gh-115979: Update test_importlib so that it passes under WASI + SDK 21. + - gh-116307: Added import helper isolated_modules as CleanImport + does not remove modules imported during the context. + - gh-115720: Leak tests (-R, --huntrleaks) now show a summary of + the number of leaks found in each iteration. + - gh-115122: Add --bisect option to regrtest test runner: run + failed tests with test.bisect_cmd to identify failing tests. + Patch by Victor Stinner. + - gh-115596: Fix ProgramPriorityTests in test_os permanently + changing the process priority. + - gh-115198: Fix test_check_metadata_deprecate in distutils tests + with a newer Docutils. + * Build + - gh-116313: Get WASI builds to work under wasmtime 18 w/ WASI + 0.2/preview2 primitives. + - gh-115167: Avoid vendoring vcruntime140_threads.dll when + building with Visual Studio 2022 version 17.8. + * Windows + - gh-116773: Fix instances of <_overlapped.Overlapped object at + 0xXXX> still has pending operation at deallocation, the process + may crash. + - gh-91227: Fix the asyncio ProactorEventLoop implementation so + that sending a datagram to an address that is not listening does + not prevent receiving any more datagrams. + - gh-115554: The installer now has more strict rules about + updating the Python Launcher for Windows. In general, most users + only have a single launcher installed and will see no + difference. When multiple launchers have been installed, the + option to install the launcher is disabled until all but one + have been removed. Downgrading the launcher (which was never + allowed) is now more obviously blocked. + - gh-115543: Python Launcher for Windows can now detect Python + 3.13 when installed from the Microsoft Store, and will install + Python 3.12 by default when PYLAUNCHER_ALLOW_INSTALL is set. + - gh-115009: Update Windows installer to use SQLite 3.45.1. + * IDLE + - gh-88516: On macOS show a proxy icon in the title bar of editor + windows to match platform behaviour. + * Tools/Demos + - gh-113516: Don’t set LDSHARED when building for WASI. + * C API + - gh-117021: Fix integer overflow in PyLong_AsPid() on non-Windows + 64-bit platforms. + +------------------------------------------------------------------- +Sun Mar 24 07:51:45 UTC 2024 - Matej Cepl + +- Add reference to CVE-2024-0450 (bsc#1221854) to changelog. + +------------------------------------------------------------------- +Fri Mar 22 21:22:27 UTC 2024 - Matej Cepl + +- Because of bsc#1189495 we have to revert use of %autopatch. + +------------------------------------------------------------------- +Tue Mar 12 08:44:47 UTC 2024 - Matej Cepl + +- Rewrite %prep to use %autosetup et al. for compatibility with + rpm 4.20. + +------------------------------------------------------------------- +Tue Mar 12 08:13:34 UTC 2024 - Matej Cepl + +- bsc#1221260 add bsc1221260-test_asyncio-ResourceWarning.patch + to eliminate ResourceWarning which broke the test suite in + test_asyncio. + +------------------------------------------------------------------- +Wed Mar 6 14:13:58 UTC 2024 - Pedro Monreal + +- Use the system-wide crypto-policies [bsc#1211301] + * Use the system default cipher list instead of hardcoded values + * Add the --with-ssl-default-suites=openssl configure option + +------------------------------------------------------------------- +Fri Feb 23 01:06:42 UTC 2024 - Matej Cepl + +- (bsc#1219666, CVE-2023-6597) Add + CVE-2023-6597-TempDir-cleaning-symlink.patch (patch from + gh#python/cpython!99930) fixing symlink bug in cleanup of + tempfile.TemporaryDirectory. + +------------------------------------------------------------------- +Tue Feb 20 22:14:02 UTC 2024 - Matej Cepl + +- Remove double definition of /usr/bin/idle%%{version} in + %%files. + +------------------------------------------------------------------- +Thu Feb 15 10:29:07 UTC 2024 - Daniel Garcia + +- Add upstream patch libexpat260.patch, Fix tests for XMLPullParser + with Expat 2.6.0, gh#python/cpython#115289 + +------------------------------------------------------------------- +Thu Feb 8 07:27:40 UTC 2024 - Daniel Garcia + +- Update to 3.11.8: + - Security + - gh-113659: Skip .pth files with names starting with a dot or + hidden file attribute. + - Core and Builtins + - gh-114887: Changed socket type validation in + create_datagram_endpoint() to accept all non-stream sockets. + This fixes a regression in compatibility with raw sockets. + - gh-114388: Fix a RuntimeWarning emitted when assign an + integer-like value that is not an instance of int to an + attribute that corresponds to a C struct member of type T_UINT + and T_ULONG. Fix a double RuntimeWarning emitted when assign a + negative integer value to an attribute that corresponds to a C + struct member of type T_UINT. + - gh-89811: Check for a valid tp_version_tag before performing + bytecode specializations that rely on this value being usable. + - gh-113602: Fix an error that was causing the parser to try to + overwrite existing errors and crashing in the process. Patch by + Pablo Galindo + - gh-113566: Fix a 3.11-specific crash when the repr of a Future + is requested after the module has already been + garbage-collected. + - gh-106905: Use per AST-parser state rather than global state to + track recursion depth within the AST parser to prevent potential + race condition due to simultaneous parsing. + - The issue primarily showed up in 3.11 by multithreaded users of + ast.parse(). In 3.12 a change to when garbage collection can be + triggered prevented the race condition from occurring. + - gh-112716: Fix SystemError in the import statement and in + __reduce__() methods of builtin types when __builtins__ is not a + dict. + - gh-105967: Workaround a bug in Apple’s macOS platform zlib + library where zlib.crc32() and binascii.crc32() could produce + incorrect results on multi-gigabyte inputs. Including when using + zipfile on zips containing large data. + - gh-94606: Fix UnicodeEncodeError when + email.message.get_payload() reads a message with a Unicode + surrogate character and the message content is not well-formed + for surrogateescape encoding. Patch by Sidney Markowitz. + - Library + - gh-114965: Update bundled pip to 24.0 + - gh-114959: tarfile no longer ignores errors when trying to + extract a directory on top of a file. + - gh-109475: Fix support of explicit option value “–” in argparse + (e.g. --option=--). + - gh-110190: Fix ctypes structs with array on Windows ARM64 + platform by setting MAX_STRUCT_SIZE to 32 in stgdict. Patch by + Diego Russo + - gh-113280: Fix a leak of open socket in rare cases when error + occurred in ssl.SSLSocket creation. + - gh-77749: email.policy.EmailPolicy.fold() now always encodes + non-ASCII characters in headers if utf8 is false. + - gh-114492: Make the result of termios.tcgetattr() reproducible + on Alpine Linux. Previously it could leave a random garbage in + some fields. + - gh-75128: Ignore an OSError in + asyncio.BaseEventLoop.create_server() when IPv6 is available but + the interface cannot actually support it. + - gh-114257: Dismiss the FileNotFound error in + ctypes.util.find_library() and just return None on Linux. + - gh-101438: Avoid reference cycle in ElementTree.iterparse. The + iterator returned by ElementTree.iterparse may hold on to a file + descriptor. The reference cycle prevented prompt clean-up of the + file descriptor if the returned iterator was not exhausted. + - gh-104522: OSError raised when run a subprocess now only has + filename attribute set to cwd if the error was caused by a + failed attempt to change the current directory. + - gh-109534: Fix a reference leak in + asyncio.selector_events.BaseSelectorEventLoop when SSL + handshakes fail. Patch contributed by Jamie Phan. + - gh-114077: Fix possible OverflowError in + socket.socket.sendfile() when pass count larger than 2 GiB on + 32-bit platform. + - gh-114014: Fixed a bug in fractions.Fraction where an invalid + string using d in the decimals part creates a different error + compared to other invalid letters/characters. Patch by Jeremiah + Gabriel Pascual. + - gh-113951: Fix the behavior of tag_unbind() methods of + tkinter.Text and tkinter.Canvas classes with three arguments. + Previously, widget.tag_unbind(tag, sequence, funcid) destroyed + the current binding for sequence, leaving sequence unbound, and + deleted the funcid command. Now it removes only funcid from the + binding for sequence, keeping other commands, and deletes the + funcid command. It leaves sequence unbound only if funcid was + the last bound command. + - gh-113877: Fix tkinter method winfo_pathname() on 64-bit + Windows. + - gh-113781: Silence unraisable AttributeError when warnings are + emitted during Python finalization. + - gh-113594: Fix UnicodeEncodeError in email when re-fold lines + that contain unknown-8bit encoded part followed by + non-unknown-8bit encoded part. + - gh-113538: In asyncio.StreamReaderProtocol.connection_made(), + there is callback that logs an error if the task wrapping the + “connected callback” fails. This callback would itself fail if + the task was cancelled. Prevent this by checking whether the + task was cancelled first. If so, close the transport but don’t + log an error. + - gh-85567: Fix resource warnings for unclosed files in pickle and + pickletools command line interfaces. + - gh-101225: Increase the backlog for + multiprocessing.connection.Listener objects created by + multiprocessing.manager and multiprocessing.resource_sharer to + significantly reduce the risk of getting a connection refused + error when creating a multiprocessing.connection.Connection to + them. + - gh-113543: Make sure that webbrowser.MacOSXOSAScript sends + webbrowser.open audit event. + - gh-113028: When a second reference to a string appears in the + input to pickle, and the Python implementation is in use, we are + guaranteed that a single copy gets pickled and a single object + is shared when reloaded. Previously, in protocol 0, when a + string contained certain characters (e.g. newline) it resulted + in duplicate objects. + - gh-113421: Fix multiprocessing logger for %(filename)s. + - gh-113358: Fix rendering tracebacks for exceptions with a broken + __getattr__. + - gh-113214: Fix an AttributeError during asyncio SSL protocol + aborts in SSL-over-SSL scenarios. + - gh-113246: Update bundled pip to 23.3.2. + - gh-113199: Make http.client.HTTPResponse.read1 and + http.client.HTTPResponse.readline close IO after reading all + data when content length is known. Patch by Illia Volochii. + - gh-113188: Fix shutil.copymode() and shutil.copystat() on + Windows. Previously they worked differenly if dst is a symbolic + link: they modified the permission bits of dst itself rather + than the file it points to if follow_symlinks is true or src is + not a symbolic link, and did not modify the permission bits if + follow_symlinks is false and src is a symbolic link. + - gh-61648: Detect line numbers of properties in doctests. + - gh-112559: signal.signal() and signal.getsignal() no longer call + repr on callable handlers. asyncio.run() and + asyncio.Runner.run() no longer call repr on the task results. + Patch by Yilei Yang. + - gh-110190: Fix ctypes structs with array on PPC64LE platform by + setting MAX_STRUCT_SIZE to 64 in stgdict. Patch by Diego Russo. + - gh-79429: Ignore FileNotFoundError when remove a temporary + directory in the multiprocessing finalizer. + - gh-79325: Fix an infinite recursion error in + tempfile.TemporaryDirectory() cleanup on Windows. + - gh-110190: Fix ctypes structs with array on Arm platform by + setting MAX_STRUCT_SIZE to 32 in stgdict. Patch by Diego Russo. + - gh-81194: Fix a crash in socket.if_indextoname() with specific + value (UINT_MAX). Fix an integer overflow in + socket.if_indextoname() on 64-bit non-Windows platforms. + - gh-75666: Fix the behavior of tkinter widget’s unbind() method + with two arguments. Previously, widget.unbind(sequence, funcid) + destroyed the current binding for sequence, leaving sequence + unbound, and deleted the funcid command. Now it removes only + funcid from the binding for sequence, keeping other commands, + and deletes the funcid command. It leaves sequence unbound only + if funcid was the last bound command. + - gh-110345: Show the Tcl/Tk patchlevel (rather than version) in + tkinter._test(). + - gh-109858: Protect zipfile from “quoted-overlap” zipbomb. It now + raises BadZipFile when try to read an entry that overlaps with + other entry or central directory (bsc#1221854, CVE-2024-0450). + - gh-38807: Fix race condition in trace. Instead of checking if a + directory exists and creating it, directly call os.makedirs() + with the kwarg exist_ok=True. + - gh-75705: Set unixfrom envelope in mailbox.mbox and + mailbox.MMDF. + - gh-105102: Allow ctypes.Union to be nested in ctypes.Structure + when the system endianness is the opposite of the classes. + - gh-104282: Fix null pointer dereference in + lzma._decode_filter_properties() due to improper handling of BCJ + filters with properties of zero length. Patch by Radislav + Chugunov. + - gh-102512: When os.fork() is called from a foreign thread (aka + _DummyThread), the type of the thread in a child process is + changed to _MainThread. Also changed its name and daemonic + status, it can be now joined. + - gh-91133: Fix a bug in tempfile.TemporaryDirectory cleanup, + which now no longer dereferences symlinks when working around + file system permission errors. + - bpo-43153: On Windows, tempfile.TemporaryDirectory previously + masked a PermissionError with NotADirectoryError during + directory cleanup. It now correctly raises PermissionError if + errors are not ignored. Patch by Andrei Kulakov and Ken Jin. + - bpo-35332: The shutil.rmtree() function now ignores errors when + calling os.close() when ignore_errors is True, and os.close() no + longer retried after error. + - bpo-35928: io.TextIOWrapper now correctly handles the decoding + buffer after read() and write(). + - bpo-26791: shutil.move() now moves a symlink into a directory + when that directory is the target of the symlink. This provides + the same behavior as the mv shell command. The previous behavior + raised an exception. Patch by Jeffrey Kintscher. + - bpo-36959: Fix some error messages for invalid ISO format string + combinations in strptime() that referred to directives not + contained in the format string. Patch by Gordon P. Hemsley. + - bpo-18060: Fixed a class inheritance issue that can cause + segfaults when deriving two or more levels of subclasses from a + base class of Structure or Union. + - Documentation + - gh-110746: Improved markup for valid options/values for methods + ttk.treeview.column and ttk.treeview.heading, and for Layouts. + - gh-95649: Document that the asyncio module contains code taken + from v0.16.0 of the uvloop project, as well as the required MIT + licensing information. + - Tests + - gh-109980: Fix test_tarfile_vs_tar in test_shutil for macOS, + where system tar can include more information in the archive + than shutil.make_archive. + - gh-112769: The tests now correctly compare zlib version when + zlib.ZLIB_RUNTIME_VERSION contains non-integer suffixes. For + example zlib-ng defines the version as 1.3.0.zlib-ng. + - gh-105089: Fix + test.test_zipfile.test_core.TestWithDirectory.test_create_directory_with_write + test in AIX by doing a bitwise AND of 0xFFFF on mode , so that + it will be in sync with zinfo.external_attr + - bpo-40648: Test modes that file can get with chmod() on Windows. + - Build + - gh-101778: Fix build error when there’s a dangling symlink in + the directory containing ffi.h. + - gh-112305: Fixed the check-clean-src step performed on out of + tree builds to detect errant $(srcdir)/Python/frozen_modules/*.h + files and recommend appropriate source tree cleanup steps to get + a working build again. + - bpo-11102: The os.major(), os.makedev(), and os.minor() + functions are now available on HP-UX v3. + - bpo-36351: Do not set ipv6type when cross-compiling. + - IDLE + - gh-96905: In idlelib code, stop redefining built-ins ‘dict’ and + ‘object’. + - gh-72284: Improve the lists of features, editor key bindings, + and shell key bingings in the IDLE doc. + - gh-113903: Fix rare failure of test.test_idle, in + test_configdialog. + - gh-113729: Fix the “Help -> IDLE Doc” menu bug in 3.11.7 and + 3.12.1. + - gh-113269: Fix test_editor hang on macOS Catalina. + - gh-112898: Fix processing unsaved files when quitting IDLE on + macOS. + - gh-103820: Revise IDLE bindings so that events from mouse button + 4/5 on non-X11 windowing systems (i.e. Win32 and Aqua) are not + mistaken for scrolling. + - bpo-13586: Enter the selected text when opening the “Replace” + dialog. + - Tools/Demos + - gh-109991: Update GitHub CI workflows to use OpenSSL 3.0.13 and + multissltests to use 1.1.1w, 3.0.13, 3.1.5, and 3.2.1. + - gh-115015: Fix a bug in Argument Clinic that generated incorrect + code for methods with no parameters that use the METH_METHOD | + METH_FASTCALL | METH_KEYWORDS calling convention. Only the + positional parameter count was checked; any keyword argument + passed would be silently accepted. +- Remove upstreamed patches: + - CVE-2024-0450-zipfile-avoid-quoted-overlap-zipbomb.patch +- Refresh all patches: + - CVE-2023-27043-email-parsing-errors.patch + - F00251-change-user-install-location.patch + - bpo-31046_ensurepip_honours_prefix.patch + - distutils-reproducible-compile.patch + - fix_configure_rst.patch + - python-3.3.0b1-fix_date_time_compiler.patch + - python-3.3.0b1-localpath.patch + - python-3.3.0b1-test-posix_fadvise.patch + - skip_if_buildbot-extend.patch + - subprocess-raise-timeout.patch + - support-expat-CVE-2022-25236-patched.patch + +------------------------------------------------------------------- +Tue Dec 19 16:34:50 UTC 2023 - Daniel Garcia + +- Update patch fix_configure_rst.patch +- Update to 3.11.7: + - Core and Builtins + - gh-112625: Fixes a bug where a bytearray object could be cleared + while iterating over an argument in the bytearray.join() method + that could result in reading memory after it was freed. + - gh-112388: Fix an error that was causing the parser to try to + overwrite tokenizer errors. Patch by pablo Galindo + - gh-112387: Fix error positions for decoded strings with + backwards tokenize errors. Patch by Pablo Galindo + - gh-112266: Change docstrings of __dict__ and __weakref__. + - gh-109181: Speed up Traceback object creation by lazily compute + the line number. Patch by Pablo Galindo + - gh-102388: Fix a bug where iso2022_jp_3 and iso2022_jp_2004 + codecs read out of bounds + - gh-111366: Fix an issue in the codeop that was causing + SyntaxError exceptions raised in the presence of invalid syntax + to not contain precise error messages. Patch by Pablo Galindo + - gh-111380: Fix a bug that was causing SyntaxWarning to appear + twice when parsing if invalid syntax is encountered later. Patch + by Pablo galindo + - gh-88116: Traceback location ranges involving wide unicode + characters (like emoji and asian characters) now are properly + highlighted. Patch by Batuhan Taskaya and Pablo Galindo. + - gh-94438: Fix a regression that prevented jumping across is None + and is not None when debugging. Patch by Savannah Ostrowski. + - gh-110696: Fix incorrect error message for invalid argument + unpacking. Patch by Pablo Galindo + - gh-110237: Fix missing error checks for calls to PyList_Append + in _PyEval_MatchClass. + - gh-109216: Fix possible memory leak in BUILD_MAP. + + - Library + - gh-112618: Fix a caching bug relating to typing.Annotated. + Annotated[str, True] is no longer identical to Annotated[str, + 1]. + - gh-112509: Fix edge cases that could cause a key to be present + in both the __required_keys__ and __optional_keys__ attributes + of a typing.TypedDict. Patch by Jelle Zijlstra. + - gh-94722: Fix bug where comparison between instances of DocTest + fails if one of them has None as its lineno. + - gh-112105: Make readline.set_completer_delims() work with + libedit + - gh-111942: Fix SystemError in the TextIOWrapper constructor with + non-encodable “errors” argument in non-debug mode. + - gh-109538: Issue warning message instead of having RuntimeError + be displayed when event loop has already been closed at + StreamWriter.__del__(). + - gh-111942: Fix crashes in io.TextIOWrapper.reconfigure() when + pass invalid arguments, e.g. non-string encoding. + - gh-111804: Remove posix.fallocate() under WASI as the underlying + posix_fallocate() is not available in WASI preview2. + - gh-111841: Fix truncating arguments on an embedded null + character in os.putenv() and os.unsetenv() on Windows. + - gh-111541: Fix doctest for SyntaxError not-builtin subclasses. + - gh-110894: Call loop exception handler for exceptions in + client_connected_cb of asyncio.start_server() so that + applications can handle it. Patch by Kumar Aditya. + - gh-111531: Fix reference leaks in bind_class() and bind_all() + methods of tkinter widgets. + - gh-111356: Added io.text_encoding(), io.DEFAULT_BUFFER_SIZE, and + io.IncrementalNewlineDecoder to io.__all__. + - gh-68166: Remove mention of not supported “vsapi” element type + in tkinter.ttk.Style.element_create(). Add tests for + element_create() and other ttk.Style methods. Add examples for + element_create() in the documentation. + - gh-111251: Fix _blake2 not checking for errors when + initializing. + - gh-111174: Fix crash in io.BytesIO.getbuffer() called repeatedly + for empty BytesIO. + - gh-111187: Postpone removal version for + locale.getdefaultlocale() to Python 3.15. + - gh-111159: Fix doctest output comparison for exceptions with + notes. + - gh-110910: Fix invalid state handling in asyncio.TaskGroup and + asyncio.Timeout. They now raise proper RuntimeError if they are + improperly used and are left in consistent state after this. + - gh-111092: Make turtledemo run without default root enabled. + - gh-110590: Fix a bug in _sre.compile() where TypeError would be + overwritten by OverflowError when the code argument was a list + of non-ints. + - gh-65052: Prevent pdb from crashing when trying to display + undisplayable objects + - gh-110519: Deprecation warning about non-integer number in + gettext now alwais refers to the line in the user code where + gettext function or method is used. Previously it could refer to + a line in gettext code. + - gh-110378: contextmanager() and asynccontextmanager() context + managers now close an invalid underlying generator object that + yields more then one value. + - gh-110365: Fix termios.tcsetattr() bug that was overwritting + existing errors during parsing integers from term list. + - gh-110196: Add __reduce__ method to IPv6Address in order to keep + scope_id + - gh-109747: Improve errors for unsupported look-behind patterns. + Now re.error is raised instead of OverflowError or RuntimeError + for too large width of look-behind pattern. + - gh-109786: Fix possible reference leaks and crash when re-enter + the __next__() method of itertools.pairwise. + - gh-108791: Improved error handling in pdb command line + interface, making it produce more concise error messages. + - gh-73561: Omit the interface scope from an IPv6 address when + used as Host header by http.client. + - gh-86826: zipinfo now supports the full range of values in the + TZ string determined by RFC 8536 and detects all invalid + formats. Both Python and C implementations now raise exceptions + of the same type on invalid data. + - bpo-41422: Fixed memory leaks of pickle.Pickler and + pickle.Unpickler involving cyclic references via the internal + memo mapping. + - bpo-40262: The ssl.SSLSocket.recv_into() method no longer + requires the buffer argument to implement __len__ and supports + buffers with arbitrary item size. + - bpo-35191: Fix unexpected integer truncation in + socket.setblocking() which caused it to interpret multiples of + 2**32 as False. + + - Documentation + - gh-108826: dis module command-line interface is now mentioned in + documentation. + + - Tests + - gh-110367: Make regrtest --verbose3 option compatible with + --huntrleaks -jN options. The ./python -m test -j1 -R 3:3 + --verbose3 command now works as expected. Patch by Victor + Stinner. + - gh-111309: distutils tests can now be run via unittest. + - gh-111165: Remove no longer used functions run_unittest() and + run_doctest() and class BasicTestRunner from the test.support + module. + - gh-110932: Fix regrtest if the SOURCE_DATE_EPOCH environment + variable is defined: use the variable value as the random seed. + Patch by Victor Stinner. + - gh-110995: test_gdb: Fix detection of gdb built without Python + scripting support. Patch by Victor Stinner. + - gh-110918: Test case matching patterns specified by options + --match, --ignore, --matchfile and --ignorefile are now tested + in the order of specification, and the last match determines + whether the test case be run or ignored. + - gh-110647: Fix test_stress_modifying_handlers() of test_signal. + Patch by Victor Stinner. + - gh-103053: Fix test_tools.test_freeze on FreeBSD: run “make + distclean” instead of “make clean” in the copied source + directory to remove also the “python” program. Patch by Victor + Stinner. + - gh-110167: Fix a deadlock in test_socket when server fails with + a timeout but the client is still running in its thread. Don’t + hold a lock to call cleanup functions in doCleanups(). One of + the cleanup function waits until the client completes, whereas + the client could deadlock if it called addCleanup() in such + situation. Patch by Victor Stinner. + - gh-110388: Add tests for tty. + - gh-81002: Add tests for termios. + - gh-110267: Add tests for pickling and copying PyStructSequence + objects. Patched by Xuehai Pan. + - gh-109974: Fix race conditions in test_threading lock tests. + Wait until a condition is met rather than using time.sleep() + with a hardcoded number of seconds. Patch by Victor Stinner. + - gh-109972: Split test_gdb.py file into a test_gdb package made + of multiple tests, so tests can now be run in parallel. Patch by + Victor Stinner. + - gh-104736: Fix test_gdb on Python built with LLVM clang 16 on + Linux ppc64le (ex: Fedora 38). Search patterns in gdb “bt” + command output to detect when gdb fails to retrieve the + traceback. For example, skip a test if Backtrace stopped: frame + did not save the PC is found. Patch by Victor Stinner. + - gh-108927: Fixed order dependence in running tests in the same + process when a test that has submodules (e.g. test_importlib) + follows a test that imports its submodule (e.g. + test_importlib.util) and precedes a test (e.g. test_unittest or + test_compileall) that uses that submodule. + + - Build + - gh-103053: “make check-clean-src” now also checks if the + “python” program is found in the source directory: fail with an + error if it does exist. Patch by Victor Stinner. + - gh-109191: Fix compile error when building with recent versions + of libedit. + + - IDLE + - bpo-35668: Add docstrings to the IDLE debugger module. Fix two + bugs: initialize Idb.botframe (should be in Bdb); in + Idb.in_rpc_code, check whether prev_frame is None before trying + to use it. Greatly expand test_debugger. + + - C API + - gh-112438: Fix support of format units “es”, “et”, “es#”, and + “et#” in nested tuples in PyArg_ParseTuple()-like functions. + - gh-109521: PyImport_GetImporter() now sets RuntimeError if it + fails to get sys.path_hooks or sys.path_importer_cache or they + are not list and dict correspondingly. Previously it could + return NULL without setting error in obscure cases, crash or + raise SystemError if these attributes have wrong type. +------------------------------------------------------------------- +Mon Dec 18 16:20:58 UTC 2023 - Matej Cepl + +- Refresh CVE-2023-27043-email-parsing-errors.patch to + gh#python/cpython!111116, fixing bsc#1210638 (CVE-2023-27043). +- Thus we can remove Revert-gh105127-left-tests.patch, which is + now useless. + +------------------------------------------------------------------- +Wed Nov 15 09:06:16 UTC 2023 - Daniel Garcia + +- Remove not needed patch 103213-fetch-CONFIG_ARGS.patch +- Refresh patches: + - bpo-31046_ensurepip_honours_prefix.patch + - fix_configure_rst.patch + +- Update to 3.11.6: + - Core and Builtins + - gh-109351: Fix crash when compiling an invalid AST involving a + named (walrus) expression. + - gh-109207: Fix a SystemError in __repr__ of symtable entry + object. + - gh-109179: Fix bug where the C traceback display drops notes + from SyntaxError. + - gh-88943: Improve syntax error for non-ASCII character that + follows a numerical literal. It now points on the invalid + non-ASCII character, not on the valid numerical literal. + - gh-108959: Fix caret placement for error locations for subscript + and binary operations that involve non-semantic parentheses and + spaces. Patch by Pablo Galindo + - gh-108520: Fix + multiprocessing.synchronize.SemLock.__setstate__() to properly + initialize multiprocessing.synchronize.SemLock._is_fork_ctx. + This fixes a regression when passing a SemLock accross nested + processes. + - Rename multiprocessing.synchronize.SemLock.is_fork_ctx to + multiprocessing.synchronize.SemLock._is_fork_ctx to avoid + exposing it as public API. + - Library + - gh-110036: On Windows, multiprocessing Popen.terminate() now + catchs PermissionError and get the process exit code. If the + process is still running, raise again the PermissionError. + Otherwise, the process terminated as expected: store its exit + code. Patch by Victor Stinner. + - gh-110038: Fixed an issue that caused KqueueSelector.select() to + not return all the ready events in some cases when a file + descriptor is registered for both read and write. + - gh-109631: re functions such as re.findall(), re.split(), + re.search() and re.sub() which perform short repeated matches + can now be interrupted by user. + - gh-109593: Avoid deadlocking on a reentrant call to the + multiprocessing resource tracker. Such a reentrant call, though + unlikely, can happen if a GC pass invokes the finalizer for a + multiprocessing object such as SemLock. + - gh-109613: Fix os.stat() and os.DirEntry.stat(): check for + exceptions. Previously, on Python built in debug mode, these + functions could trigger a fatal Python error (and abort the + process) when a function succeeded with an exception set. Patch + by Victor Stinner. + - gh-109375: The pdb alias command now prevents registering + aliases without arguments. + - gh-107219: Fix a race condition in concurrent.futures. When a + process in the process pool was terminated abruptly (while the + future was running or pending), close the connection write end. + If the call queue is blocked on sending bytes to a worker + process, closing the connection write end interrupts the send, + so the queue can be closed. Patch by Victor Stinner. + - gh-50644: Attempts to pickle or create a shallow or deep copy of + codecs streams now raise a TypeError. Previously, copying failed + with a RecursionError, while pickling produced wrong results + that eventually caused unpickling to fail with a RecursionError. + - gh-108987: Fix _thread.start_new_thread() race condition. If a + thread is created during Python finalization, the newly spawned + thread now exits immediately instead of trying to access freed + memory and lead to a crash. Patch by Victor Stinner. + - gh-108843: Fix an issue in ast.unparse() when unparsing + f-strings containing many quote types. + - gh-108682: Enum: raise TypeError if super().__new__() is called + from a custom __new__. + - gh-105829: Fix concurrent.futures.ProcessPoolExecutor deadlock + - gh-64662: Fix support for virtual tables in + sqlite3.Connection.iterdump(). Patch by Aviv Palivoda. + - gh-107913: Fix possible losses of errno and winerror values in + OSError exceptions if they were cleared or modified by the + cleanup code before creating the exception object. + - gh-104372: On Linux where subprocess can use the vfork() syscall + for faster spawning, prevent the parent process from blocking + other threads by dropping the GIL while it waits for the + vfork’ed child process exec() outcome. This prevents spawning a + binary from a slow filesystem from blocking the rest of the + application. + - gh-84867: unittest.TestLoader no longer loads test cases from + exact unittest.TestCase and unittest.FunctionTestCase classes. + - Documentation + - gh-109209: The minimum Sphinx version required for the + documentation is now 4.2. + - gh-105052: Update timeit doc to specify that time in seconds is + just the default. + - gh-102823: Document the return type of x // y when x and y have + type float. + - Tests + - gh-110031: Skip test_threading tests using thread+fork if Python + is built with Address Sanitizer (ASAN). Patch by Victor Stinner. + - gh-110088: Fix test_asyncio timeouts: don’t measure the maximum + duration, a test should not measure a CI performance. Only + measure the minimum duration when a task has a timeout or delay. + Add CLOCK_RES to test_asyncio.utils. Patch by Victor Stinner. + - gh-110033: Fix test_interprocess_signal() of test_signal. Make + sure that the subprocess.Popen object is deleted before the test + raising an exception in a signal handler. Otherwise, + Popen.__del__() can get the exception which is logged as + Exception ignored in: ... and the test fails. Patch by Victor + Stinner. + - gh-109594: Fix test_timeout() of + test_concurrent_futures.test_wait. Remove the future which may + or may not complete depending if it takes longer than the + timeout ot not. Keep the second future which does not complete + before wait() timeout. Patch by Victor Stinner. + - gh-109748: Fix test_zippath_from_non_installed_posix() of + test_venv: don’t copy __pycache__/ sub-directories, because they + can be modified by other Python tests running in parallel. Patch + by Victor Stinner. + - gh-103053: Skip test_freeze_simple_script() of + test_tools.test_freeze if Python is built with ./configure + --enable-optimizations, which means with Profile Guided + Optimization (PGO): it just makes the test too slow. The freeze + tool is tested by many other CIs with other (faster) compiler + flags. Patch by Victor Stinner. + - gh-109396: Fix test_socket.test_hmac_sha1() in FIPS mode. Use a + longer key: FIPS mode requires at least of at least 112 bits. + The previous key was only 32 bits. Patch by Victor Stinner. + - gh-104736: Fix test_gdb on Python built with LLVM clang 16 on + Linux ppc64le (ex: Fedora 38). Search patterns in gdb “bt” + command output to detect when gdb fails to retrieve the + traceback. For example, skip a test if Backtrace stopped: frame + did not save the PC is found. Patch by Victor Stinner. + - gh-109237: Fix test_site.test_underpth_basic() when the working + directory contains at least one non-ASCII character: encode the + ._pth file to UTF-8 and enable the UTF-8 Mode to use UTF-8 for + the child process stdout. Patch by Victor Stinner. + - gh-109230: Fix test_pyexpat.test_exception(): it can now be run + from a directory different than Python source code directory. + Before, the test failed in this case. Skip the test if + Modules/pyexpat.c source is not available. Skip also the test on + Python implementations other than CPython. Patch by Victor + Stinner. + - gh-109015: Fix test_asyncio, test_imaplib and test_socket tests + on FreeBSD if the TCP blackhole is enabled (sysctl + net.inet.tcp.blackhole). Skip the few tests which failed with + ETIMEDOUT which such non standard configuration. Currently, the + FreeBSD GCP image enables TCP and UDP blackhole (sysctl + net.inet.tcp.blackhole=2 and sysctl net.inet.udp.blackhole=1). + Patch by Victor Stinner. + - gh-91960: Skip test_gdb if gdb is unable to retrieve Python + frame objects: if a frame is . When Python is + built with “clang -Og”, gdb can fail to retrive the frame + parameter of _PyEval_EvalFrameDefault(). In this case, tests + like py_bt() are likely to fail. Without getting access to + Python frames, python-gdb.py is mostly clueless on retrieving + the Python traceback. Moreover, test_gdb is no longer skipped on + macOS if Python is built with Clang. Patch by Victor Stinner. + - gh-108962: Skip test_tempfile.test_flags() if chflags() fails + with “OSError: [Errno 45] Operation not supported” (ex: on + FreeBSD 13). Patch by Victor Stinner. + - gh-89392: Removed support of test_main() function in tests. They + now always use normal unittest test runner. + - gh-108851: Fix test_tomllib recursion tests for WASI buildbots: + reduce the recursion limit and compute the maximum nested + array/dict depending on the current available recursion limit. + Patch by Victor Stinner. + - gh-108851: Add get_recursion_available() and + get_recursion_depth() functions to the test.support module. + Patch by Victor Stinner. + - gh-108822: regrtest now computes statistics on all tests: + successes, failures and skipped. test_netrc, test_pep646_syntax + and test_xml_etree now return results in their test_main() + function. Patch by Victor Stinner and Alex Waygood. + - gh-108388: Convert test_concurrent_futures to a package of 7 + sub-tests. Patch by Victor Stinner. + - gh-108388: Split test_multiprocessing_fork, + test_multiprocessing_forkserver and test_multiprocessing_spawn + into test packages. Each package is made of 4 sub-tests: + processes, threads, manager and misc. It allows running more + tests in parallel and so reduce the total test duration. Patch + by Victor Stinner. + - gh-101634: When running the Python test suite with -jN option, + if a worker stdout cannot be decoded from the locale encoding + report a failed testn so the exitcode is non-zero. Patch by + Victor Stinner. + - gh-100086: The Python test runner (libregrtest) now logs Python + build information like “debug” vs “release” build, or LTO and + PGO optimizations. Patch by Victor Stinner. + - gh-98903: The Python test suite now fails wit exit code 4 if no + tests ran. It should help detecting typos in test names and test + methods. + - gh-95027: On Windows, when the Python test suite is run with the + -jN option, the ANSI code page is now used as the encoding for + the stdout temporary file, rather than using UTF-8 which can + lead to decoding errors. Patch by Victor Stinner. + - gh-93353: regrtest now checks if a test leaks temporary files or + directories if run with -jN option. Patch by Victor Stinner. + - Build + - gh-63760: Fix Solaris build: no longer redefine the + gethostname() function. Solaris defines the function since 2005. + Patch by Victor Stinner, original patch by Jakub Kulík. + - gh-108740: Fix a race condition in make regen-all. The + deepfreeze.c source and files generated by Argument Clinic are + now generated or updated before generating “global objects”. + Previously, some identifiers may miss depending on the order in + which these files were generated. Patch by Victor Stinner. + - Windows + - gh-109991: Update Windows build to use OpenSSL 3.0.11. + - gh-107565: Update Windows build to use OpenSSL 3.0.10. + - macOS + - gh-109991: Update macOS installer to use OpenSSL 3.0.11. + - Tools/Demos + - gh-109991: Update GitHub CI workflows to use OpenSSL 3.0.11 and + multissltests to use 1.1.1w, 3.0.11, and 3.1.3. + +------------------------------------------------------------------- +Wed Sep 6 07:52:11 UTC 2023 - Daniel Garcia + +- Update to 3.11.5 (bsc#1214692): + - Security + - gh-108310: Fixed an issue where instances of ssl.SSLSocket were + vulnerable to a bypass of the TLS handshake and included + protections (like certificate verification) and treating sent + unencrypted data as if it were post-handshake TLS encrypted data. + Security issue reported as CVE-2023-40217 by Aapo Oksman. Patch by + Gregory P. Smith. + - Core and Builtins + - gh-104432: Fix potential unaligned memory access on C APIs + involving returned sequences of char * pointers within the grp + and socket modules. These were revealed using a + -fsaniziter=alignment build on ARM macOS. Patch by Christopher + Chavez. + - gh-77377: Ensure that multiprocessing synchronization objects + created in a fork context are not sent to a different process + created in a spawn context. This changes a segfault into an + actionable RuntimeError in the parent process. + - gh-106092: Fix a segmentation fault caused by a use-after-free + bug in frame_dealloc when the trashcan delays the deallocation + of a PyFrameObject. + - gh-106719: No longer suppress arbitrary errors in the + __annotations__ getter and setter in the type and module types. + - gh-106723: Propagate frozen_modules to multiprocessing spawned + process interpreters. + - gh-105979: Fix crash in _imp.get_frozen_object() due to improper + exception handling. + - gh-105840: Fix possible crashes when specializing function calls + with too many __defaults__. + - gh-105588: Fix an issue that could result in crashes when + compiling malformed ast nodes. + - gh-105375: Fix bugs in the builtins module where exceptions + could end up being overwritten. + - gh-105375: Fix bug in the compiler where an exception could end + up being overwritten. + - gh-105375: Improve error handling in + PyUnicode_BuildEncodingMap() where an exception could end up + being overwritten. + - gh-105235: Prevent out-of-bounds memory access during + mmap.find() calls. + - gh-101006: Improve error handling when read marshal data. + - Library + - gh-105736: Harmonized the pure Python version of OrderedDict + with the C version. Now, both versions set up their internal + state in __new__. Formerly, the pure Python version did the set + up in __init__. + - gh-107963: Fix multiprocessing.set_forkserver_preload() to check + the given list of modules names. Patch by Dong-hee Na. + - gh-106242: Fixes os.path.normpath() to handle embedded null + characters without truncating the path (bsc#1214693, + CVE-2023-41105). + - gh-107845: tarfile.data_filter() now takes the location of + symlinks into account when determining their target, so it will + no longer reject some valid tarballs with + LinkOutsideDestinationError. + - gh-107715: Fix doctest.DocTestFinder.find() in presence of class + names with special characters. Patch by Gertjan van Zwieten. + - gh-100814: Passing a callable object as an option value to a + Tkinter image now raises the expected TclError instead of an + AttributeError. + - gh-106684: Close asyncio.StreamWriter when it is not closed by + application leading to memory leaks. Patch by Kumar Aditya. + - gh-107077: Seems that in some conditions, OpenSSL will return + SSL_ERROR_SYSCALL instead of SSL_ERROR_SSL when a certification + verification has failed, but the error parameters will still + contain ERR_LIB_SSL and SSL_R_CERTIFICATE_VERIFY_FAILED. We are + now detecting this situation and raising the appropiate + ssl.SSLCertVerificationError. Patch by Pablo Galindo + - gh-107396: tarfiles; Fixed use before assignment of + self.exception for gzip decompression + - gh-62519: Make gettext.pgettext() search plural definitions when + translation is not found. + - gh-83006: Document behavior of shutil.disk_usage() for + non-mounted filesystems on Unix. + - gh-106186: Do not report MultipartInvariantViolationDefect + defect when the email.parser.Parser class is used to parse + emails with headersonly=True. + - gh-106831: Fix potential missing NULL check of d2i_SSL_SESSION + result in _ssl.c. + - gh-106774: Update the bundled copy of pip to version 23.2.1. + - gh-106752: Fixed several bug in zipfile.Path in + name/suffix/suffixes/stem operations when no filename is present + and the Path is not at the root of the zipfile. + - gh-106602: Add __copy__ and __deepcopy__ in enum + - gh-106530: Revert a change to colorsys.rgb_to_hls() that caused + division by zero for certain almost-white inputs. Patch by Terry + Jan Reedy. + - gh-106052: re module: fix the matching of possessive quantifiers + in the case of a subpattern containing backtracking. + - gh-106510: Improve debug output for atomic groups in regular + expressions. + - gh-105497: Fix flag mask inversion when unnamed flags exist. + - gh-90876: Prevent multiprocessing.spawn from failing to import + in environments where sys.executable is None. This regressed in + 3.11 with the addition of support for path-like objects in + multiprocessing. + - gh-106350: Detect possible memory allocation failure in the + libtommath function mp_init() used by the _tkinter module. + - gh-102541: Make pydoc.doc catch bad module ImportError when + output stream is not None. + - gh-106263: Fix crash when calling repr with a manually + constructed SignalDict object. Patch by Charlie Zhao. + - gh-105375: Fix a bug in _Unpickler_SetInputStream() where an + exception could end up being overwritten in case of failure. + - gh-105375: Fix bugs in sys where exceptions could end up being + overwritten because of deferred error handling. + - gh-105605: Harden pyexpat error handling during module + initialisation to prevent exceptions from possibly being + overwritten, and objects from being dereferenced twice. + - gh-105375: Fix bug in decimal where an exception could end up + being overwritten. + - gh-105375: Fix bugs in _datetime where exceptions could be + overwritten in case of module initialisation failure. + - gh-105375: Fix bugs in _ssl initialisation which could lead to + leaked references and overwritten exceptions. + - gh-105375: Fix a bug in array.array where an exception could end + up being overwritten. + - gh-105375: Fix bugs in _ctypes where exceptions could end up + being overwritten. + - gh-105375: Fix a bug in the posix module where an exception + could be overwritten. + - gh-105375: Fix bugs in _elementtree where exceptions could be + overwritten. + - gh-105375: Fix bugs in zoneinfo where exceptions could be + overwritten. + - gh-105375: Fix bugs in pickle where exceptions could be + overwritten. + - gh-105497: Fix flag inversion when alias/mask members exist. + - gh-105375: Fix bugs in pickle where exceptions could be + overwritten. + - gh-103171: Revert undocumented behaviour change with + runtime-checkable protocols decorated with typing.final() in + Python 3.11. The behaviour change had meant that objects would + not be considered instances of these protocols at runtime unless + they had a __final__ attribute. Patch by Alex Waygood. + - gh-105375: Fix a bug in sqlite3 where an exception could be + overwritten in the collation callback. + - gh-105332: Revert pickling method from by-name back to by-value. + - gh-104554: Add RTSPS scheme support in urllib.parse + - gh-100061: Fix a bug that causes wrong matches for regular + expressions with possessive qualifier. + - gh-102541: Hide traceback in help() prompt, when import failed. + - gh-99203: Restore following CPython <= 3.10.5 behavior of + shutil.make_archive(): do not create an empty archive if + root_dir is not a directory, and, in that case, raise + FileNotFoundError or NotADirectoryError regardless of format + choice. Beyond the brought-back behavior, the function may now + also raise these exceptions in dry_run mode. + - gh-94777: Fix hanging multiprocessing ProcessPoolExecutor when a + child process crashes while data is being written in the call + queue. + - bpo-18319: Ensure gettext(msg) retrieve translations even if a + plural form exists. In other words: gettext(msg) == + ngettext(msg, '', 1). + - Documentation + - gh-107008: Document the curses module variables LINES and COLS. + - gh-106948: Add a number of standard external names to + nitpick_ignore. + - gh-54738: Add documentation on how to localize the argparse + module. + - Tests + - gh-105776: Fix test_cppext when the C compiler command -std=c11 + option: remove -std= options from the compiler command. Patch by + Victor Stinner. + - gh-107237: test_logging: Fix test_udp_reconnection() by + increasing the timeout from 100 ms to 5 minutes (LONG_TIMEOUT). + Patch by Victor Stinner. + - gh-101634: When running the Python test suite with -jN option, + if a worker stdout cannot be decoded from the locale encoding + report a failed testn so the exitcode is non-zero. Patch by + Victor Stinner. + - Build + - gh-107814: When calling find_python.bat with -q it did not + properly silence the output of nuget. That is now fixed. + - gh-106881: Check for linux/limits.h before including it in + Modules/posixmodule.c. + - gh-104692: Include commoninstall as a prerequisite for + bininstall + - This ensures that commoninstall is completed before bininstall + is started when parallel builds are used (make -j install), and + so the python3 symlink is only installed after all standard + library modules are installed. + - gh-100340: Allows -Wno-int-conversion for wasm-sdk 17 and + onwards, thus enables building WASI builds once against the + latest sdk. + - Windows + - gh-106242: Fixes realpath() to behave consistently when passed a + path containing an embedded null character on Windows. In strict + mode, it now raises OSError instead of the unexpected + ValueError, and in non-strict mode will make the path absolute. + - gh-106844: Fix integer overflow in _winapi.LCMapStringEx() which + affects ntpath.normcase(). + - gh-99079: Update Windows build to use OpenSSL 3.0.9 + - gh-105436: Ensure that an empty environment block is terminated + by two null characters, as is required by Windows. + - macOS + - gh-107565: Update macOS installer to use OpenSSL 3.0.10. + - gh-99079: Update macOS installer to use OpenSSL 3.0.9. + - Tools/Demos + - gh-107565: Update multissltests and GitHub CI workflows to use + OpenSSL 1.1.1v, 3.0.10, and 3.1.2. + - gh-95065: Argument Clinic now supports overriding automatically + generated signature by using directive @text_signature. See How + to override the generated signature. + - gh-106970: Fix bugs in the Argument Clinic destination + clear command; the destination buffers would never be cleared, + and the destination directive parser would simply continue to + the fault handler after processing the command. Patch by Erlend + E. Aasland. + - C API + - gh-107916: C API functions PyErr_SetFromErrnoWithFilename(), + PyErr_SetExcFromWindowsErrWithFilename() and + PyErr_SetFromWindowsErrWithFilename() save now the error code + before calling PyUnicode_DecodeFSDefault(). + - gh-107915: Such C API functions as PyErr_SetString(), + PyErr_Format(), PyErr_SetFromErrnoWithFilename() and many others + no longer crash or ignore errors if it failed to format the + error message or decode the filename. Instead, they keep a + corresponding error. + - gh-107226: PyModule_AddObjectRef() is now only available in the + limited API version 3.10 or later. + - gh-105375: Fix a bug in PyErr_WarnExplicit() where an exception + could end up being overwritten if the API failed internally. + - gh-99612: Fix PyUnicode_DecodeUTF8Stateful() for ASCII-only + data: *consumed was not set. + +------------------------------------------------------------------- +Thu Aug 10 09:33:26 UTC 2023 - Dirk Müller + +- restrict PEP668 to ALP/Tumbleweed + +------------------------------------------------------------------- +Fri Aug 4 06:37:41 UTC 2023 - Dirk Müller + +- add externally_managed.in to label this build as PEP-668 managed + +------------------------------------------------------------------- +Thu Aug 3 14:53:38 UTC 2023 - Matej Cepl + +- IT MEANS THAT bsc#1210638 STILL HAS NOT BEEN FIXED! +- Add Revert-gh105127-left-tests.patch (gh#python/cpython!106941) + partially reverting CVE-2023-27043-email-parsing-errors.patch, + because of the regression in gh#python/cpython#106669. +- (bsc#1210638, CVE-2023-27043) Add + CVE-2023-27043-email-parsing-errors.patch, which detects email + address parsing errors and returns empty tuple to indicate the + parsing error (old API). (The patch is faulty, + gh#python/cpython#106669, but upstream decided not to just + revert it). + +------------------------------------------------------------------- +Wed Jun 28 19:47:28 UTC 2023 - Matej Cepl + +- Update to Python 3.11.4: + - gh-103142: The version of OpenSSL used in Windows and + Mac installers has been upgraded to 1.1.1u to address + CVE-2023-2650, CVE-2023-0465, CVE-2023-0466, CVE-2023-0464, + as well as CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303 + fixed previously in 1.1.1t (gh-101727). + - gh-102153: urllib.parse.urlsplit() now strips leading C0 + control and space characters following the specification for + URLs defined by WHATWG in response to CVE-2023-24329 + (bsc#1208471). + - gh-99889: Fixed a security in flaw in uu.decode() that could + allow for directory traversal based on the input if no + out_file was specified. + - gh-104049: Do not expose the local on-disk + location in directory indexes produced by + http.client.SimpleHTTPRequestHandler. + - gh-103935: trace.__main__ now uses io.open_code() for files + to be executed instead of raw open(). + - gh-102953: The extraction methods in tarfile, and + shutil.unpack_archive(), have a new filter argument that + allows limiting tar features than may be surprising or + dangerous, such as creating files outside the destination + directory. See Extraction filters for details (fixing + CVE-2007-4559, bsc#1203750). +- Remove upstreamed patches: + - CVE-2007-4559-filter-tarfile_extractall.patch + +------------------------------------------------------------------- +Mon Jun 26 13:02:05 UTC 2023 - Matej Cepl + +- Remove obsolete_python_versioned macro again. This mechanism + has no business to be in Python 3.11, because we have abolished + with it whole interpreter+setuptools+pip product. Python 3.11 + should not be replaced by later versions anymore. + +------------------------------------------------------------------- +Sun Apr 30 18:13:16 UTC 2023 - Matej Cepl + +- Add 103213-fetch-CONFIG_ARGS.patch (gh#python/cpython#103053). +- Add skip_if_buildbot-extend.patch to avoid the bug altogether + (extending what skip_if_buildbot covers). +- Add CVE-2007-4559-filter-tarfile_extractall.patch to fix + bsc#1203750 (CVE-2007-4559) and implementing "PEP 706 – Filter + for tarfile.extractall". + +------------------------------------------------------------------- +Thu Apr 27 21:57:15 UTC 2023 - Matej Cepl + +- Update to 3.11.3: + - Security + - gh-101727: Updated the OpenSSL version used in Windows + and macOS binary release builds to 1.1.1t to address + CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303 per the + OpenSSL 2023-02-07 security advisory. + - Core and Builtins + - gh-101975: Fixed stacktop value on tracing entries to avoid + corruption on garbage collection. + - gh-102701: Fix overflow when creating very large dict. + - gh-102416: Do not memoize incorrectly automatically + generated loop rules in the parser. Patch by Pablo Galindo. + - gh-102356: Fix a bug that caused a crash when deallocating + deeply nested filter objects. Patch by Marta Gómez Macías. + - gh-102397: Fix segfault from race condition in signal + handling during garbage collection. Patch by Kumar Aditya. + - gh-102281: Fix potential nullptr dereference and use of + uninitialized memory in fileutils. Patch by Max Bachmann. + - gh-102126: Fix deadlock at shutdown when clearing thread + states if any finalizer tries to acquire the runtime head + lock. Patch by Kumar Aditya. + - gh-102027: Fix SSE2 and SSE3 detection in _blake2 internal + module. Patch by Max Bachmann. + - gh-101967: Fix possible segfault in + positional_only_passed_as_keyword function, when new list + created. + - gh-101765: Fix SystemError / segmentation fault in iter + __reduce__ when internal access of builtins.__dict__ keys + mutates the iter object. + - gh-101696: Invalidate type version tag in + _PyStaticType_Dealloc for static types, avoiding bug where + a false cache hit could crash the interpreter. Patch by + Kumar Aditya. + - Library + - gh-102549: Don’t ignore exceptions in member type creation. + - gh-102947: Improve traceback when dataclasses.fields() is + called on a non-dataclass. Patch by Alex Waygood + - gh-102780: The asyncio.Timeout context manager now + works reliably even when performing cleanup due to task + cancellation. Previously it could raise a CancelledError + instead of an TimeoutError in such cases. + - gh-88965: typing: Fix a bug relating to substitution in . + Pacustom classes generic over a ParamSpec. Previously, if . + Pathe ParamSpec was substituted with a parameters list that . + Paitself contained a TypeVar, the TypeVar in the parameters . + Palist could not be subsequently substituted. This is now . + Pafixed tch by Nikita Sobolev . + - gh-101979: Fix a bug where parentheses in the metavar + argument to argparse.ArgumentParser.add_argument() were + dropped. Patch by Yeojin Kim. + - gh-102179: Fix os.dup2() error message for negative fds. + - gh-101961: For the binary mode, fileinput.hookcompressed() + doesn’t set the encoding value even if the value is + None. Patch by Gihwan Kim. + - gh-101936: The default value of fp becomes io.BytesIO + if HTTPError is initialized without a designated fp + parameter. Patch by Long Vo. + - gh-102069: Fix __weakref__ descriptor generation for custom + dataclasses. + - gh-101566: In zipfile, apply fix for extractall on the + underlying zipfile after being wrapped in Path. + - gh-101892: Callable iterators no longer raise SystemError + when the callable object exhausts the iterator but forgets + to either return a sentinel value or raise StopIteration. + - gh-97786: Fix potential undefined behaviour in corner cases + of floating-point-to-time conversions. + - gh-101517: Fixed bug where bdb looks up the source line + with linecache with a lineno=None, which causes it to fail + with an unhandled exception. + - gh-101673: Fix a pdb bug where ll clears the changes to + local variables. + - gh-96931: Fix incorrect results from + ssl.SSLSocket.shared_ciphers() + - gh-88233: Correctly preserve “extra” fields in zipfile + regardless of their ordering relative to a zip64 “extra.” + - gh-96127: inspect.signature was raising TypeError on + call with mock objects. Now it correctly returns (*args, + **kwargs) as infered signature. + - gh-95495: When built against OpenSSL 3.0, the ssl module + had a bug where it reported unauthenticated EOFs (i.e. + without close_notify) as a clean TLS-level EOF. It now + raises SSLEOFError, matching the behavior in previous + versions of OpenSSL. The options attribute on SSLContext + also no longer includes OP_IGNORE_UNEXPECTED_EOF by + default. This option may be set to specify the previous + OpenSSL 3.0 behavior. + - gh-94440: Fix a concurrent.futures.process bug where + ProcessPoolExecutor shutdown could hang after a future has + been quickly submitted and canceled. + - Documentation + - gh-103112: Add docstring to http.client.HTTPResponse.read() + to fix pydoc output. + - gh-85417: Update cmath documentation to clarify behaviour + on branch cuts. + - gh-97725: Fix asyncio.Task.print_stack() description for + file=None. Patch by Oleg Iarygin. + - Tests + - gh-102980: Improve test coverage on pdb. + - gh-102537: Adjust the error handling strategy in + test_zoneinfo.TzPathTest.python_tzpath_context. Patch by + Paul Ganssle. + - gh-89792: test_tools now copies up to 10x less source data + to a temporary directory during the freeze test by ignoring + git metadata and other artifacts. It also limits its python + build parallelism based on os.cpu_count instead of hard + coding it as 8 cores. + - gh-101377: Improved test_locale_calendar_formatweekday of + calendar. + - Build + - gh-102711: Fix -Wstrict-prototypes compiler warnings. + +------------------------------------------------------------------- +Fri Mar 3 17:23:35 UTC 2023 - Matej Cepl + +- Update to 3.11.2: + Bug fixes, no changes in API and no security bugs. + +------------------------------------------------------------------- +Wed Mar 1 20:50:04 UTC 2023 - Matej Cepl + +- Add python310 Obsoletes line to obsolete_python_versioned macro. + +------------------------------------------------------------------- +Tue Feb 21 11:34:49 UTC 2023 - Matej Cepl + +- Add provides for readline and sqlite3 to the main Python + package. + +------------------------------------------------------------------- +Thu Jan 26 13:28:24 UTC 2023 - Thorsten Kukuk + +- Disable NIS for new products, it's deprecated and gets removed + +------------------------------------------------------------------- +Tue Jan 24 12:23:34 UTC 2023 - Dirk Müller + +- build GLIBC hwcaps optimized versions of the interpreter + +------------------------------------------------------------------- +Tue Jan 10 11:11:56 UTC 2023 - Matej Cepl + +- Don't fail on Sphinx build warnings. +- For jsc#PED-1570, jsc#PED-2217 and jsc#PED-68, + providing Python 3.11 for SLE-15-SP4. + +------------------------------------------------------------------- +Thu Dec 8 14:59:50 UTC 2022 - Matej Cepl + +- Update to 3.11.1: + - python -m http.server no longer allows terminal control + characters sent within a garbage request to be printed + to the stderr server lo This is done by changing the + http.server BaseHTTPRequestHandler .log_message method to + replace control characters with a \xHH hex escape before + printin + - Avoid publishing list of active per-interpreter audit hooks + via the gc module + - The IDNA codec decoder used on DNS hostnames by socket or + asyncio related name resolution functions no longer involves + a quadratic algorithm. This prevents a potential CPU denial + of service if an out-of-spec excessive length hostname + involving bidirectional characters were decoded. Some + protocols such as urllib http 3xx redirects potentially allow + for an attacker to supply such a name (CVE-2022-45061). + - Update bundled libexpat to 2.5.0 + - Fix a shell code injection vulnerability in the + get-remote-certificate.py example script. The script no + longer uses a shell to run openssl commands. Issue reported + and initial fix by Caleb Shortt. Patch by Victor Stinner. + - Fix a crash when an object which does not have a dictionary + frees its instance values. + - Fix a bug in the tokenizer that could cause infinite + recursion when showing syntax warnings that happen in the + first line of the source. Patch by Pablo Galindo + - Fix an issue that could cause frames to be visible to Python + code as they are being torn down, possibly leading to memory + corruption or hard crashes of the interpreter. + - Fix a reference bug in _imp.create_builtin() after the + creation of the first sub-interpreter for modules builtins + and sys. Patch by Victor Stinner. + - Fixed a bug that was causing a buffer overflow if the + tokenizer copies a line missing the newline caracter from a + file that is as long as the available tokenizer buffer. Patch + by Pablo galindo + - Fix bug where an ExceptionGroup subclass can wrap a + BaseException. + - Fix zip path for venv created from a non-installed python on + POSIX platforms. + - Fix an issue that could potentially cause incorrect error + handling for some bytecode instructions. + - Fix an issue that prevented PyThreadState and + PyInterpreterState memory from being freed properly. + - Fix failure in except* with unhashable exceptions. + - Fix calculation of sys._base_executable when inside a POSIX + virtual environment using copies of the python binary when + the base installation does not provide the executable name + used by the venv. Calculation will fall back to alternative + names (“python”, “python.”). + - Update faulthandler to emit an error message with the proper + unexpected signal number. Patch by Dong-hee Na. + - Fix location of SyntaxError for a try block with both except + and except*. + - Fix the error reporting positions of specialized traceback + anchors when the source line contains Unicode characters. + - Fix subscription of type aliases containing bare generic + types or types like TypeVar: for example tuple[A, T][int] and + tuple[TypeVar, T][int], where A is a generic type, and T is a + type variable. + - Lower the recursion depth for marshal on WASI to support + wasmtime 2.0/main. + - Fix multiple crashes in debug mode when str subclasses are + used instead of str itself. + - Fix an issue where member descriptors (such as those for + __slots__) could behave incorrectly or crash instead of + raising a TypeError when accessed via an instance of an + invalid type. + - Suppress ImportError for invalid query for help() + command. Patch by Dong-hee Na. + - Fix detection of MAC addresses for uuid on certain OSs. Patch + by Chaim Sanders + - Print exception class name instead of its string + representation when raising errors from ctypes calls. + - os.sched_yield() now release the GIL while calling + sched_yield(2). Patch by Dong-hee Na. + - Fix an issue that could delay the specialization of PRECALL + instructions. + - Bugfix: PyFunction_GetAnnotations() should return a borrowed + reference. It was returning a new reference. + - Ensure that all Python frame objects are backed by “complete” + frames. + - Fixed a missing incref/decref pair in + Exception.__setstate__(). Patch by Ofey Chan. + - Fix the Python path configuration used to initialized + sys.path at Python startup. Paths are no longer encoded + to UTF-8/strict to avoid encoding errors if it contains + surrogate characters (bytes paths are decoded with the + surrogateescape error handler). Patch by Victor Stinner. + - Fix overly-broad source position information for chained + comparisons used as branching conditions. + - At Python exit, sometimes a thread holding the GIL can + wait forever for a thread (usually a daemon thread) which + requested to drop the GIL, whereas the thread already + exited. To fix the race condition, the thread which requested + the GIL drop now resets its request before exiting. Issue + discovered and analyzed by Mingliang ZHAO. Patch by Victor + Stinner. + - Fix a possible assertion failure, fatal error, or SystemError + if a line tracing event raises an exception while opcode + tracing is enabled. + - Fix undefined behaviour in C code of null pointer arithmetic. + - Make sure that all frame objects created are created from + valid interpreter frames. Prevents the possibility of invalid + frames in backtraces and signal handlers. + - Disable incorrect pickling of the C implemented classmethod + descriptors. + - On WASI ENOTCAPABLE is now mapped to PermissionError. The + errno modules exposes the new error number. getpath.py now + ignores PermissionError when it cannot open landmark files + pybuilddir.txt and pyenv.cfg. + - Allow pdb to locate source for frozen modules in the standard + library. + - Raise ValueError instead of SystemError when methods of + uninitialized io.IncrementalNewlineDecoder objects are + called. Patch by Oren Milman. + - Fix a possible assertion failure in io.FileIO when the opener + returns an invalid file descriptor. + - Also escape s in the http.server + BaseHTTPRequestHandler.log_message so that it is technically + possible to parse the line and reconstruct what the original + data was. Without this a xHH is ambiguious as to if it is a + hex replacement we put in or the characters r”x” came through + in the original request line. + - asyncio.get_event_loop() now only emits a deprecation warning + when a new event loop was created implicitly. It no longer + emits a deprecation warning if the current event loop was + set. + - Fix bug when calling trace.CoverageResults with valid infile. + - Fix a bug in handling class cleanups in + unittest.TestCase. Now addClassCleanup() uses separate lists + for different TestCase subclasses, and doClassCleanups() only + cleans up the particular class. + - Release the GIL when calling termios APIs to avoid blocking + threads. + - Fix ast.increment_lineno() to also cover ast.TypeIgnore when + changing line numbers. + - Fix bug in urllib.parse.urlparse() that causes URL schemes + that begin with a digit, a plus sign, or a minus sign to be + parsed incorrectly. + - Check the number of arguments in substitution in user + generics containing a TypeVarTuple and one or more TypeVar. + - Fix substitution of ParamSpec followed by TypeVarTuple in + generic aliases. + - Fix substitution of TypeVarTuple and ParamSpec together in + user generics. + - Fixed bug where inspect.signature() reported incorrect + arguments for decorated methods. + - Fix SystemError in ctypes when exception was not set during + __initsubclass__. + - Remove older version of + _SSLProtocolTransport.get_write_buffer_limits in + asyncio.sslproto + - fix negative numbers failing in verify() + - Fix statistics.NormalDist pickle with 0 and 1 protocols. + - enum.auto() is now correctly activated when combined with + other assignment values. E.g. ONE = auto(), 'some text' will + now evaluate as (1, 'some text'). + - Update the bundled copy of pip to version 22.3.1. + - Clean up refleak on failed module initialisation in _zoneinfo + - Clean up refleaks on failed module initialisation in in + _pickle + - Clean up refleak on failed module initialisation in _io. + - Fix memory leak in math.dist() when both points don’t have + the same dimension. Patch by Kumar Aditya. + - [3.11] Applied changes from importlib_metadata 4.11.4 + through 4.13, including compatibility and robustness + fixes for Distribution objects without _normalized_name, + disallowing invalid inputs to Distribution.from_name, and + refined behaviors in PathDistribution._name_from_stem and + PathDistribution._normalized_name. + - Fix argument typechecks in _overlapped.WSAConnect() and + _overlapped.Overlapped.WSASendTo() functions. + - Prevent crashing in traceback when retrieving the byte-offset + for some source files that contain certain unicode + characters. + - Fix internal error in the re module which in very rare + circumstances prevented compilation of a regular expression + containing a conditional expression without the “else” + branch. + - Fix asyncio.StreamWriter.drain() to call + protocol.connection_lost callback only once on Windows. + - Add a mutex to unittest.mock.NonCallableMock to protect + concurrent access to mock attributes. + - Fix hang on Windows in subprocess.wait_closed() in asyncio + with ProactorEventLoop. Patch by Kumar Aditya. + - Fix infinite loop in unittest when a self-referencing chained + exception is raised + - tkinter.Text.count() raises now an exception for options + starting with “-” instead of silently ignoring them. + - On uname_result, restored expectation that _fields and + _asdict would include all six properties including processor. + - A createSocket() method was added to SysLogHandler. + - Fix bug in urllib.parse.urlparse() that causes certain port + numbers containing whitespace, underscores, plus and minus + signs, or non-ASCII digits to be incorrectly accepted. + - Allow venv to pass along PYTHON* variables to ensurepip and + pip when they do not impact path resolution + - On macOS, fix a crash in syslog.syslog() in multi-threaded + applications. On macOS, the libc syslog() function is not + thread-safe, so syslog.syslog() no longer releases the GIL to + call it. Patch by Victor Stinner. + - Allow BUILTINS to be a valid field name for frozen + dataclasses. + - Wrap network errors consistently in urllib FTP support, so + the test suite doesn’t fail when a network is available but + the public internet is not reachable. + - Make sure patch.dict() can be applied on async functions. + - Earlier in 3.11 we deprecated + asyncio.Task.cancel("message"). We realized we were too + harsh, and have undeprecated it. + - Change deprecate warning message in unittest from It is + deprecated to return a value!=None to It is deprecated to + return a value that is not None from a test case + - Fixes AttributeError when subprocess.check_output() is used + with argument input=None and either of the arguments encoding + or errors are used. + - Fix is_private properties in the ipaddress module. Previously + non-private networks (0.0.0.0/0) would return True from this + method; now they correctly return False. + - Avoid spurious tracebacks from asyncio when default executor + cleanup is delayed until after the event loop is closed (e.g. + as the result of a keyboard interrupt). + - Avoid a crash in the C version of + asyncio.Future.remove_done_callback() when an evil argument + is passed. + - Remove tokenize.NL check from tabnanny. + - Fix generation of the default name of + tkinter.Checkbutton. Previously, checkbuttons in different + parent widgets could have the same short name and share + the same state if arguments “name” and “variable” are not + specified. Now they are globally unique. + - Update bundled libexpat to 2.4.9 + - Fix race condition in asyncio where process_exited() called + before the pipe_data_received() leading to inconsistent + output. Patch by Kumar Aditya. + - Fixed check in multiprocessing.resource_tracker that + guarantees that the length of a write to a pipe is not + greater than PIPE_BUF. + - Corrected type annotation for dataclass attribute + pstats.FunctionProfile.ncalls to be str. + - Fix repr of Any subclasses. + - Work around missing socket functions in socket’s __repr__. + - In inspect, fix overeager replacement of “typing.” in + formatting annotations. + - Fix handling of bytes path-like objects in os.ismount(). + - Fix handling compiler warnings (SyntaxWarning and + DeprecationWarning) in codeop.compile_command() when checking + for incomplete input. Previously it emitted warnings and + raised a SyntaxError. Now it always returns None for + incomplete input without emitting any warnings. + - To avoid apparent memory leaks when asyncio.open_connection() + raises, break reference cycles generated by local exception + and future instances (which has exception instance as its + member var). Patch by Dong Uk, Kang. + - Fixed flickering of the turtle window when the tracer is + turned off. Patch by Shin-myoung-serp. + - Fix asyncio subprocess transport to kill process cleanly + when process is blocked and avoid RuntimeError when loop is + closed. Patch by Kumar Aditya. + - Prevent error when activating venv in nested fish instances. + - TarFile.next() now returns None when called on an empty + tarfile. + - Document the optional callback parameter of WeakMethod. Patch + by Géry Ogam. + - Restrict use of sockets instead of pipes for stdin of + subprocesses created by asyncio to AIX platform only. + - shutil.copytree() now applies the ignore_dangling_symlinks + argument recursively. + - Fix IndexError in argparse.ArgumentParser when a store_true + action is given an explicit argument. + - Document that calling variadic functions with ctypes requires + special care on macOS/arm64 (and possibly other platforms). + - Remove extra row + - Clarified the conflicting advice given in the ast + documentation about ast.literal_eval() being “safe” for use + on untrusted input while at the same time warning that it + can crash the process. The latter statement is true and is + deemed unfixable without a large amount of work unsuitable + for a bugfix. So we keep the warning and no longer claim that + literal_eval is safe. + - Restructured the documentation for the os.wait* family of + functions, and improved the docs for os.waitid() with more + explanation of the possible argument constants. + - Skip test_normalization() of test_unicodedata if it + fails to download NormalizationTest.txt file from + pythontest.net. Patch by Victor Stinner. + - Correct test_marsh on (32 bit) x86: test_deterministic sets + was failing. + - Optional big memory tests in test_sqlite3 now catch the + correct sqlite.DataError exception type in case of too large + strings and/or blobs passed. + - Fix a bug in the typing tests where a test relying + on CPython-specific implementation details was not + decorated with @cpython_only and was not skipped on other + implementations. + - Add tests for star-unpacking with PEP 646, and some other + miscellaneous PEP 646 tests. + - Added explicit coverage of Py_Initialize (and hence + Py_InitializeEx) back to the embedding tests (all other + embedding tests migrated to Py_InitializeFromConfig in Python + 3.11) + - Some C API tests were moved into the new Lib/test/test_capi/ + directory. + - Fix -Wimplicit-int, -Wstrict-prototypes, and + -Wimplicit-function-declaration compiler warnings in + configure checks. + - Fix a compilation issue with GCC 12 on macOS. + - Fix -Wimplicit-int compiler warning in configure check for + PTHREAD_SCOPE_SYSTEM. + - Fix a possible fd leak in Programs/_freeze_module.c + introduced in Python 3.11. + - Fix build with PYTHON_FOR_REGEN=python3.8. + - Specify the full path to the source location for make + docclean (needed for cross-builds). + - Don’t use vendored libmpdec headers if --with-system-libmpdec + is passed to configure. Don’t use vendored libexpat headers + if --with-system-expat is passed to !configure. + - Fix the build process of clang compiler for _bootstrap_python + if LTO optimization is applied. Patch by Matthias Görgens and + Dong-hee Na. + - wasm32-emscripten builds for browsers now include + concurrent.futures for asyncio and unittest.mock. + - wasm32-emscripten platform no longer builds resource module, + getresuid(), getresgid(), and their setters. The APIs are + stubs and not functional. + - Updated pegen regeneration script on Windows to find and + use Python 3.9 or higher. Prior to this, pegen regeneration + already required 3.9 or higher, but the script may have used + lower versions of Python. + - Fix a bug in the previous bugfix that caused IDLE to + not start when run with 3.10.8, 3.12.0a1, and at least + Microsoft Python 3.10.2288.0 installed without the Lib/test + package. 3.11.0 was never affected. + - The wasm_build.py script now pre-builds Emscripten ports, + checks for broken EMSDK versions, and warns about pkg-config + env vars. + - The new tool Tools/wasm/wasm_builder.py automates configure, + compile, and test steps for building CPython on WebAssembly + platforms. + - Fix handling of module docstrings in Tools/i18n/pygettext.py. + - PyBUF_* constants were marked as part of Limited API + of Python 3.11+. These were available in 3.11.0 with + Py_LIMITED_API defined for 3.11, and are necessary to use the + buffer API. + - Fix use-after-free in Py_SetPythonHome(NULL), + Py_SetProgramName(NULL) and _Py_SetProgramFullPath(NULL) + function calls. Issue reported by Benedikt Reinartz. Patch by + Victor Stinner. + - Py_InitializeEx now correctly calls PyConfig_Clear after + initializing the interpreter (the omission didn’t cause a + memory leak only because none of the dynamically allocated + config fields are populated by the wrapper function) +- Removed upstreamed patches: + - 98437-sphinx.locale._-as-gettext-in-pyspecific.patch + - CVE-2022-45061-DoS-by-IDNA-decode.patch + +------------------------------------------------------------------- +Wed Nov 9 18:31:23 UTC 2022 - Matej Cepl + +- Add CVE-2022-45061-DoS-by-IDNA-decode.patch to avoid + CVE-2022-45061 (bsc#1205244) allowing DoS by IDNA decoding + extremely long domain names. + +------------------------------------------------------------------- +Tue Oct 25 08:39:47 UTC 2022 - Matej Cepl + +- Update to 3.11.0 (overall changes from 3.10.*): + - General changes + - PEP 657 -- Include Fine-Grained Error Locations in + Tracebacks + - PEP 654 -- Exception Groups and except* + - PEP 680 -- tomllib: Support for Parsing TOML in the + Standard Library + - gh-90908 -- Introduce task groups to asyncio + - gh-34627 -- Atomic grouping ((?>...)) and possessive + quantifiers (*+, ++, ?+, {m,n}+) are now supported in + regular expressions. + - The Faster CPython Project is already yielding some + exciting results. Python 3.11 is up to 10-60% faster than + Python 3.10. On average, we measured a 1.22x speedup on the + standard benchmark suite. See Faster CPython for details. + - Typing and typing language changes + - PEP 673 -- Self Type + - PEP 646 -- Variadic Generics + - PEP 675 -- Arbitrary Literal String Type + - PEP 655 -- Marking individual TypedDict items as required + or potentially-missing + - PEP 681 -- Data Class Transforms +- (just changes from 3.11.0rc2): + - Fix multiplying a list by an integer (list *= int): detect + the integer overflow when the new allocated length is close + to the maximum size. Issue reported by Jordan Limor. Patch by + Victor Stinner. + - On Linux the multiprocessing module returns to using + filesystem backed unix domain sockets for communication + with the forkserver process instead of the Linux abstract + socket namespace. Only code that chooses to use the + “forkserver” start method is affected. Abstract sockets have + no permissions and could allow any user on the system in the + same network namespace (often the whole system) to inject + code into the multiprocessing forkserver process. This was + a potential privilege escalation. Filesystem based socket + permissions restrict this to the forkserver process user as + was the default in Python 3.8 and earlier. This prevents + Linux CVE-2022-42919. + - Fix an issue where several frame objects could be backed by + the same interpreter frame, possibly leading to corrupted + memory and hard crashes of the interpreter. + - Fix possible data corruption or crashes when accessing the + f_back member of newly-created generator or coroutine frames. + - Fix a crash occurring when PyEval_GetFrame() is called while + the topmost Python frame is in a partially-initialized state. + - Fix command line parsing: reject -X int_max_str_digits option + with no value (invalid) when the PYTHONINTMAXSTRDIGITS + environment variable is set to a valid limit. Patch by Victor + Stinner. + - Fix undefined behaviour in _testcapimodule.c. + - When ValueError is raised if an integer is larger than the + limit, mention the sys.set_int_max_str_digits() function in + the error message. Patch by Victor Stinner. + - Correctly raise SyntaxError on exception groups (PEP 654) on + python versions prior to 3.11 + - Document some places where an assignment expression needs + parentheses. + - Update the bundled copies of pip and setuptools to versions + 22.3 and 65.5.0 respectively. + - fix Flag to use boundary CONFORM + - This restores previous Flag behavior of allowing flags with + non-sequential values to be combined; e.g. + - class Skip(Flag): TWO = 2 EIGHT = 8 + - Skip.TWO | Skip.EIGHT -> + - Fix ! in c domain ref target syntax via a conf.py patch, so + it works as intended to disable ref target resolution. + - Update tutorial introduction output to use 3.10+ SyntaxError + invalid range. + +------------------------------------------------------------------- +Fri Oct 21 10:14:03 UTC 2022 - Matej Cepl + +- Add 98437-sphinx.locale._-as-gettext-in-pyspecific.patch to + allow building of documentation with the latest Sphinx 5.3.0 + (gh#python/cpython#98366). + +------------------------------------------------------------------- +Thu Sep 15 08:43:07 UTC 2022 - Matej Cepl + +- Update to 3.11.0rc2: + - Converting between int and str in bases other than 2 + (binary), 4, 8 (octal), 16 (hexadecimal), or 32 such as base + 10 (decimal) now raises a ValueError if the number of digits + in string form is above a limit to avoid potential denial of + service attacks due to the algorithmic complexity. This is + a mitigation for CVE-2020-10735. + This new limit can be configured or disabled by environment + variable, command line flag, or sys APIs. See the integer + string conversion length limitation documentation. The + default limit is 4300 digits in string form. + - Fix case of undefined behavior in ceval.c + - Do not expose KeyWrapper in _functools. + - Ensure that tracing, sys.setrace(), is turned on + immediately. In pre-release versions of 3.11, some tracing + events might have been lost when turning on tracing in a + __del__ method or interrupt. + - Fix use after free in trace refs build mode. Patch by Kumar + Aditya. + - When loading a file with invalid UTF-8 inside a multi-line + string, a correct SyntaxError is emitted. + - Make sure that incomplete frames do not show up in + tracemalloc traces. + - Remove two cases of undefined behavior, by adding NULL + checks. + - Fix possible NULL pointer dereference in + _PyThread_CurrentFrames. Patch by Kumar Aditya. + - Fix AttributeError missing name and obj attributes in + object.__getattribute__(). Patch by Philip Georgi. + - Loading a file with invalid UTF-8 will now report the broken + character at the correct location. + - Fixed a bug that caused _PyCode_GetExtra to return garbage + for negative indexes. Patch by Pablo Galindo + - Fix a deadlock in PyGILState_Ensure() when allocating new + thread state. Patch by Kumar Aditya. + - PyType_Ready() now initializes ht_cached_keys and performs + additional checks to ensure that type objects are properly + configured. This avoids crashes in 3rd party packages that + don’t use regular API to create new types. + - Skip over incomplete frames in PyThreadState_GetFrame(). + - Fix format string in _PyPegen_raise_error_known_location that + can lead to memory corruption on some 64bit systems. The + function was building a tuple with i (int) instead of n + (Py_ssize_t) for Py_ssize_t arguments. + - Fix misleading contents of error message when converting an + all-whitespace string to float. + - ast.parse() will no longer parse function definitions with + positional-only params when passed feature_version less than + (3, 8). Patch by Shantanu Jain. + - Fix incorrect error message in the io module. + - Fix the faulthandler implementation of + faulthandler.register(signal, chain=True) if the sigaction() + function is not available: don’t call the previous signal + handler if it’s NULL. Patch by Victor Stinner. + - Correct conversion of numbers.Rational’s to float. + - Fix TypeVarTuple.__typing_prepare_subst__. TypeError was not + raised when using more than one TypeVarTuple, like [*T, *V] + in type alias substitutions. + - Fix asyncio.streams.StreamReaderProtocol to keep a strong + reference to the created task, so that it’s not garbage + collected + - Fix a performance regression in logging + TimedRotatingFileHandler. Only check for special files when + the rollover time has passed. + - Fix unused localName parameter in the Attr class in + xml.dom.minidom. + - Fix incorrect condition that causes sys.thread_info.name to + be wrong on pthread platforms. + - Remove an incompatible change from bpo-28080 that caused a + regression that ignored the utf8 in ZipInfo.flag_bits. Patch + by Pablo Galindo. + - Fix asyncio.Runner to call asyncio.set_event_loop() only + once to avoid calling attach_loop() multiple times on child + watchers. Patch by Kumar Aditya. + - Fix unittest.IsolatedAsyncioTestCase to set event loop before + calling setup functions. Patch by Kumar Aditya. + - When a task catches asyncio.CancelledError and raises some + other error, the other error should generally not silently be + suppressed. + - Fail gracefully if EPERM or ENOSYS is raised when loading + crypt methods. This may happen when trying to load MD5 on a + Linux kernel with FIPS enabled. + - Allow asyncio.StreamWriter.drain() to be awaited concurrently + by multiple tasks. Patch by Kumar Aditya. + - Fix ast.unparse() when ImportFrom.level is None + - Improve discoverability of the higher level + concurrent.futures module by providing clearer links from the + lower level threading and multiprocessing modules. + - What’s New 3.11 now has instructions for how to provide + compiler and linker flags for Tcl/Tk and OpenSSL on RHEL 7 + and CentOS 7. + - Mitigate the inherent race condition from using + find_unused_port() in testSockName() by trying to find an + unused port a few times before failing. Patch by Ross Burton. + - Build and test with OpenSSL 1.1.1q +- Use support-expat-CVE-2022-25236-patched.patch from the current + version of gh#python/cpython#93900 instead of the old + support-expat-245.patch. +- Reapply fix_configure_rst.patch. + +------------------------------------------------------------------- +Mon Sep 5 08:43:49 UTC 2022 - Andreas Schwab + +- Increase testsuite timeout for test_freeze_simple_script + +------------------------------------------------------------------- +Sat Aug 20 21:31:40 UTC 2022 - Matej Cepl + +- fix import_failed.map to refer to the python 3.11 package versions + +------------------------------------------------------------------- +Sat Aug 20 14:05:21 UTC 2022 - Matej Cepl + +- Update to 3.11.0rc1: + - Core and Builtins + - Update code object hashing and equality to consider all + debugging and exception handling tables. This fixes an + issue where certain non-identical code objects could be + “deduplicated” during compilation. + - _PyPegen_Parser_New now properly detects token memory + allocation errors. Patch by Honglin Zhu. + - Run Python code in tracer/profiler function at full + speed. Fixes slowdown in earlier versions of 3.11. + - Emit a warning in debug mode if an object does not call + PyObject_GC_UnTrack() before deallocation. Patch by Pablo + Galindo. + - Prevented crashes in the AST constructor when + compiling some absurdly long expressions like + "+0"*1000000. RecursionError is now raised instead. Patch + by Pablo Galindo + - ast.AST node positions are now validated when provided to + compile() and other related functions. If invalid positions + are detected, a ValueError will be raised. + - Fix error detection in some builtin functions when keyword + argument name is an instance of a str subclass with + overloaded __eq__ and __hash__. Previously it could cause + SystemError or other undesired behavior. + - Library + - Update bundled pip to 22.2.2. + - Fix asyncio.TaskGroup to propagate exception when + asyncio.CancelledError was replaced with another exception + by a context manger. Patch by Kumar Aditya and Guido van + Rossum. + - Update bundled pip to 22.2.1. + - Fix GC crash when deallocating _lsprof.Profiler by + untracking it before calling any callbacks. Patch by Kumar + Aditya. + - Fix asyncio.run() for asyncio.Task implementations without + uncancel() method. Patch by Kumar Aditya. + - Fix check for existence of os.EFD_CLOEXEC, os.EFD_NONBLOCK + and os.EFD_SEMAPHORE flags on older kernel versions where + these flags are not present. Patch by Kumar Aditya. + - Fix concurrent.futures.Executor.map() to cancel the + currently waiting on future on an error - e.g. TimeoutError + or KeyboardInterrupt. + - Ensure that timeouts scheduled with asyncio.Timeout that + have already expired are delivered promptly. + - Suppress writing an XML declaration in open files + in ElementTree.write() with encoding='unicode' and + xml_declaration=None. + - Fix findtext in the xml module to only give an empty string + when the text attribute is set to None. + - Documentation + - Fix stylesheet not working in Windows CHM htmlhelp docs + and add warning that they are deprecated. Contributed by + C.A.M. Gerlach. + - Update library documentation with availability information + on WebAssembly platforms wasm32-emscripten and wasm32-wasi. + - Use consistent syntax for platform availability. The + directive now supports a content body and emits a warning + when it encounters an unknown platform. + - Document a limitation in ThreadPoolExecutor where its exit + handler is executed before any handlers in atexit. + - Tests + - Lib/test/test_asyncio/test_ssl.py exposed a bug in the + macOS kernel where intense concurrent load on non-blocking + sockets occasionally causes errno.ENOBUFS (“No buffer space + available”) to be emitted. FB11063974 filed with Apple, in + the mean time as a workaround buffer size used in tests on + macOS is decreased to avoid intermittent failures. Patch by + Fantix King. + - Fix problem with test_ssl test_get_ciphers on systems that + require perfect forward secrecy (PFS) ciphers. + - Add a regression test for re exponentional slowdown when + using rjsmin. + - Build + - Fix a regression in configure script that caused some + header checks to ignore custom CPPFLAGS. The regression was + introduced in gh-94802. + - wasm32-wasi builds no longer depend on WASIX’s pthread + stubs. Python now has its own stubbed pthread API. + - Python now detects missing dup function in WASI and works + around some missing errno, select, and socket constants. + - Python now skips missing socket functions and methods on + WASI. WASI can only create sockets from existing fd / + accept and has no netdb. + - Platforms wasm32-unknown-emscripten and wasm32-unknown-wasi + have been promoted to PEP 11 tier 3 platform support. + - IDLE + - Document handling of extensions in Save As dialogs. + - Include prompts when saving Shell (interactive input and + output). + - Fix the Shell context menu copy-with-prompts bug of copying + an extra line when one selects whole lines. + - In the Edit menu, move Select All and add a new separator. + - Enable using IDLE’s module browser with .pyw files. + - Add .pyi as a recognized extension for IDLE on macOS. This + allows opening stub files by double clicking on them in the + Finder. + - C API + - Restore the 3.10 behavior for multiple inheritance of C + extension classes that store their dictionary at the end of + the struct. + - Added PyCode_GetVarnames(), PyCode_GetCellvars() and + PyCode_GetFreevars() for accessing co_varnames, co_cellvars + and co_freevars respectively via the C API. + +------------------------------------------------------------------- +Tue Jul 26 10:37:31 UTC 2022 - Matej Cepl + +- Update to 3.11.0b5: + - Core and Builtins + - gh-93351: ast.AST node positions are now validated when + provided to compile() and other related functions. If + invalid positions are detected, a ValueError will be + raised. + - gh-94438: Fix an issue that caused extended opcode + arguments and some conditional pops to be ignored when + calculating valid jump targets for assignments to the + f_lineno attribute of frame objects. In some cases, this + could cause inconsistent internal state, resulting in a + hard crash of the interpreter. + - gh-95060: Undocumented PyCode_Addr2Location function now + properly returns when addrq argument is less than zero. + - gh-95113: Replace all EXTENDED_ARG_QUICK instructions + with basic EXTENDED_ARG instructions in unquickened + code. Consumers of non-adaptive bytecode should be able to + handle extended arguments the same way they were handled in + CPython 3.10 and older. + - gh-91409: Fix incorrect source location info caused by + certain optimizations in the bytecode compiler. + - gh-94036: Fix incorrect source location info for some + multi-line attribute accesses and method calls. + - gh-94739: Allow jumping within, out of, and across + exception handlers in the debugger. + - gh-94949: ast.parse() will no longer parse parenthesized + context managers when passed feature_version less than (3, + 9). Patch by Shantanu Jain. + - gh-94947: ast.parse() will no longer parse assignment + expressions when passed feature_version less than (3, + 8). Patch by Shantanu Jain. + - gh-91256: Ensures the program name is known for help text + during interpreter startup. + - gh-94869: Fix the column offsets for some expressions in + multi-line f-strings ast nodes. Patch by Pablo Galindo. + - gh-94822: Fix an issue where lookups of metaclass + descriptors may be ignored when an identically-named + attribute also exists on the class itself. + - gh-91153: Fix an issue where a bytearray item assignment + could crash if it’s resized by the new value’s __index__() + method. + - gh-90699: Fix reference counting bug in + bool.__repr__(). Patch by Kumar Aditya. + - Library + - gh-95087: Fix IndexError in parsing invalid date in the + email module. + - gh-95199: Upgrade bundled setuptools to 63.2.0. + - gh-95194: Upgrade bundled pip to 22.2. + - gh-95132: Fix a sqlite3 regression where *args and **kwds + were incorrectly relayed from connect() to the Connection + factory. The regression was introduced in 3.11a1 with PR + 24421 (gh-85128). Patch by Erlend E. Aasland.` + - gh-93157: Fix fileinput module didn’t support errors option + when inplace is true. + - gh-95105: wsgiref.types.InputStream.__iter__() should + return Iterator[bytes], not Iterable[bytes]. Patch by + Shantanu Jain. + - gh-94857: Fix refleak in + _io.TextIOWrapper.reconfigure. Patch by Kumar Aditya. + - gh-94821: Fix binding of unix socket to empty address + on Linux to use an available address from the abstract + namespace, instead of “0”. + - gh-89988: Fix memory leak in pickle.Pickler when looking up + dispatch_table. Patch by Kumar Aditya. + - bpo-47025: Drop support for bytes on sys.path. + - Tests + - gh-95212: Make multiprocessing test case + test_shared_memory_recreate parallel-safe. + - Build + - gh-94847: Fixed _decimal module build issue on GCC when + compiling with LTO and pydebug. Debug builds no longer + force inlining of functions. + - gh-94841: Fix the possible performance regression of + PyObject_Free() compiled with MSVC version 1932. + - gh-94801: configure now uses custom flags like ZLIB_CFLAGS + and ZLIB_LIBS when searching for headers and libraries. + - gh-94773: deepfreeze.py now supports code object with + frozensets that contain incompatible, unsortable types. + - C API + - gh-94930: Fix SystemError raised when + PyArg_ParseTupleAndKeywords() is used with # in (...) but + without PY_SSIZE_T_CLEAN defined. + - gh-94864: Fix PyArg_Parse* with deprecated format units “u” + and “Z”. It returned 1 (success) when warnings are turned + into exceptions. + - gh-94731: Python again uses C-style casts for + most casting operations when compiled with + C++. This may trigger compiler warnings, if they + are enabled with e.g. -Wold-style-cast `` or + ``-Wzero-as-null-pointer-constant options for g++. + +------------------------------------------------------------------- +Thu Jul 21 14:19:53 UTC 2022 - Matej Cepl + +- Switch from %primary_interpreter to prjconf-defined + %primary_python (gh#openSUSE/python-rpm-macros#127). + +------------------------------------------------------------------- +Thu Jul 14 15:37:35 UTC 2022 - Matej Cepl + +- Update to 3.11.0b4: +- Fixes many bugs and adds following more significant changes +- Security + - gh-68966: The deprecated mailcap module now refuses to inject + Coreunsafe text (filenames, MIME types, parameters) into + shell Corecommands. Instead of using such text, it will + warn and act Coreas if a match was not found (or for test + commands, as if the Coretest failed). and Builtins + - gh-93516: Lazily create a table mapping bytecode offsets to + line numbers to speed up calculation of line numbers when + tracing. + - gh-93461: importlib.invalidate_caches() now drops entries + from sys.path_importer_cache with a relative path as + name. This solves a caching issue when a process changes its + current working directory. + - FileFinder no longer inserts a dot in the path, e.g. + /egg/./spam is now /egg/spam. +Library + - gh-93896: Fix asyncio.run() and + unittest.IsolatedAsyncioTestCase to always the set event loop + as it was done in Python 3.10 and earlier. Patch by Kumar + Aditya. + - gh-94101: Manual instantiation of ssl.SSLSession objects is + no longer allowed as it lead to misconfigured instances that + crashed the interpreter when attributes where accessed on + them. + - gh-83658: Make multiprocessing.Pool raise an exception if + maxtasksperchild is not None or a positive int. + - gh-61162: Clarify sqlite3 behavior when Using the connection + as a context manager. +Tools/Demos + - gh-94538: Fix Argument Clinic output to custom file + destinations. Patch by Erlend E. Aasland. +C API + - gh-93937: The following frame functions and type are now + directly available with #include , it’s no longer + needed to add #include : + PyFrame_Check() + PyFrame_GetBack() + PyFrame_GetBuiltins() + PyFrame_GetGenerator() + PyFrame_GetGlobals() + PyFrame_GetLasti() + PyFrame_GetLocals() + PyFrame_Type + +------------------------------------------------------------------- +Tue May 31 20:54:36 UTC 2022 - Matej Cepl + +- Update to 3.11.0b2: + - many small updates +- Add patch support-expat-245.patch: + * Support Expat >= 2.4.4 (jsc#SLE-21253) + +------------------------------------------------------------------- +Tue May 10 15:01:18 UTC 2022 - Matej Cepl + +- Refresh bluez-devel-vendor.tar.xz +- Fix building with system-expat (gh#python/cpython#92875). Nope, + it didn't work, worked around it. + +------------------------------------------------------------------- +Mon May 9 15:09:03 UTC 2022 - Matej Cepl + +- Update to pre-release version 3.11.0b1: + - PEP 657 – Include Fine-Grained Error Locations in Tracebacks + - PEP 654 – Exception Groups and except* + - PEP 673 – Self Type + - PEP 646 – Variadic Generics + - PEP 680– tomllib: Support for Parsing TOML in the Standard Library + - PEP 675– Arbitrary Literal String Type + - PEP 655– Marking individual TypedDict items as required or potentially-missing + - bpo-46752– Introduce task groups to asyncio + - The Faster Cpython Project is already yielding some exciting + results. Python 3.11 is up to 10-60% faster than Python + 3.10. On average, we measured a 1.22x speedup on the standard + benchmark suite. See + https://docs.python.org/3.11/whatsnew/3.11.html#faster-cpython + for details. + +------------------------------------------------------------------- +Thu May 5 14:35:56 UTC 2022 - Matej Cepl + +- Switch primary_interpreter from python38 to python310 + +------------------------------------------------------------------- +Sat Mar 26 22:52:45 UTC 2022 - Matej Cepl + +- Update to 3.10.4: + - bpo-46968: Check for the existence of the “sys/auxv.h” header + in faulthandler to avoid compilation problems in systems + where this header doesn’t exist. Patch by Pablo Galindo + - bpo-23691: Protect the re.finditer() iterator from + re-entering. + - bpo-42369: Fix thread safety of zipfile._SharedFile.tell() to + avoid a “zipfile.BadZipFile: Bad CRC-32 for file” exception + when reading a ZipFile from multiple threads. + - bpo-38256: Fix binascii.crc32() when it is compiled to use + zlib’c crc32 to work properly on inputs 4+GiB in length + instead of returning the wrong result. The workaround prior + to this was to always feed the function data in increments + smaller than 4GiB or to just call the zlib module function. + - bpo-39394: A warning about inline flags not at the start of + the regular expression now contains the position of the flag. + - bpo-47061: Deprecate the various modules listed by PEP 594: + - aifc, asynchat, asyncore, audioop, cgi, cgitb, chunk, crypt, + imghdr, msilib, nntplib, nis, ossaudiodev, pipes, smtpd, + sndhdr, spwd, sunau, telnetlib, uu, xdrlib + - bpo-2604: Fix bug where doctests using globals would fail + when run multiple times. + - bpo-45997: Fix asyncio.Semaphore re-aquiring FIFO order. + - bpo-47022: The asynchat, asyncore and smtpd modules have been + deprecated since at least Python 3.6. Their documentation and + deprecation warnings and have now been updated to note they + will removed in Python 3.12 (PEP 594). + - bpo-46421: Fix a unittest issue where if the command was + invoked as python -m unittest and the filename(s) began with + a dot (.), a ValueError is returned. + - bpo-40296: Fix supporting generic aliases in pydoc. + +- Update to 3.10.3: + - bpo-46940: Avoid overriding AttributeError metadata + information for nested attribute access calls. Patch by Pablo + Galindo. + - bpo-46852: Rename the private undocumented + float.__set_format__() method to float.__setformat__() to fix + a typo introduced in Python 3.7. The method is only used by + test_float. Patch by Victor Stinner. + - bpo-46794: Bump up the libexpat version into 2.4.6 + - bpo-46820: Fix parsing a numeric literal immediately (without + spaces) followed by “not in” keywords, like in 1not in x. Now + the parser only emits a warning, not a syntax error. + - bpo-46762: Fix an assert failure in debug builds when a ‘<’, + ‘>’, or ‘=’ is the last character in an f-string that’s + missing a closing right brace. + - bpo-46724: Make sure that all backwards jumps use the + JUMP_ABSOLUTE instruction, rather than JUMP_FORWARD with an + argument of (2**32)+offset. + - bpo-46732: Correct the docstring for the __bool__() method. + Patch by Jelle Zijlstra. + - bpo-46707: Avoid potential exponential backtracking when + producing some syntax errors involving lots of brackets. + Patch by Pablo Galindo. + - bpo-40479: Add a missing call to va_end() in + Modules/_hashopenssl.c. + - bpo-46615: When iterating over sets internally in + setobject.c, acquire strong references to the resulting items + from the set. This prevents crashes in corner-cases of + various set operations where the set gets mutated. + - bpo-45773: Remove two invalid “peephole” optimizations from + the bytecode compiler. + - bpo-43721: Fix docstrings of getter, setter, and deleter to + clarify that they create a new copy of the property. + - bpo-46503: Fix an assert when parsing some invalid N escape + sequences in f-strings. + - bpo-46417: Fix a race condition on setting a type __bases__ + attribute: the internal function add_subclass() now gets the + PyTypeObject.tp_subclasses member after calling + PyWeakref_NewRef() which can trigger a garbage collection + which can indirectly modify PyTypeObject.tp_subclasses. Patch + by Victor Stinner. + - bpo-46383: Fix invalid signature of _zoneinfo’s module_free + function to resolve a crash on wasm32-emscripten platform. + - bpo-46070: Py_EndInterpreter() now explicitly untracks all + objects currently tracked by the GC. Previously, if an object + was used later by another interpreter, calling + PyObject_GC_UnTrack() on the object crashed if the previous + or the next object of the PyGC_Head structure became + a dangling pointer. Patch by Victor Stinner. + - bpo-46339: Fix a crash in the parser when retrieving the + error text for multi-line f-strings expressions that do not + start in the first line of the string. Patch by Pablo Galindo + - bpo-46240: Correct the error message for unclosed parentheses + when the tokenizer doesn’t reach the end of the source when + the error is reported. Patch by Pablo Galindo + - bpo-46091: Correctly calculate indentation levels for lines + with whitespace character that are ended by line continuation + characters. Patch by Pablo Galindo + - bpo-43253: Fix a crash when closing transports where the + underlying socket handle is already invalid on the Proactor + event loop. + - bpo-47004: Apply bugfixes from importlib_metadata 4.11.3, + including bugfix for EntryPoint.extras, which was returning + match objects and not the extras strings. + - bpo-46985: Upgrade pip wheel bundled with ensurepip (pip + 22.0.4) + - bpo-46968: faulthandler: On Linux 5.14 and newer, dynamically + determine size of signal handler stack size CPython allocates + using getauxval(AT_MINSIGSTKSZ). This changes allows for + Python extension’s request to Linux kernel to use AMX_TILE + instruction set on Sapphire Rapids Xeon processor to succeed, + unblocking use of the ISA in frameworks. + - bpo-46955: Expose asyncio.base_events.Server as + asyncio.Server. Patch by Stefan Zabka. + - bpo-23325: The signal module no longer assumes that SIG_IGN + and SIG_DFL are small int singletons. + - bpo-46932: Update bundled libexpat to 2.4.7 + - bpo-25707: Fixed a file leak in + xml.etree.ElementTree.iterparse() when the iterator is not + exhausted. Patch by Jacob Walls. + - bpo-44886: Inherit asyncio proactor datagram transport from + asyncio.DatagramTransport. + - bpo-46827: Support UDP sockets in asyncio.loop.sock_connect() + for selector-based event loops. Patch by Thomas Grainger. + - bpo-46811: Make test suite support Expat >=2.4.5 + - bpo-46252: Raise TypeError if ssl.SSLSocket is passed to + transport-based APIs. + - bpo-46784: Fix libexpat symbols collisions with user + dynamically loaded or statically linked libexpat in embedded + Python. + - bpo-39327: shutil.rmtree() can now work with VirtualBox + shared folders when running from the guest operating-system. + - bpo-46756: Fix a bug in + urllib.request.HTTPPasswordMgr.find_user_password() and + urllib.request.HTTPPasswordMgrWithPriorAuth.is_authenticated() + which allowed to bypass authorization. For example, access to + URI example.org/foobar was allowed if the user was authorized + for URI example.org/foo. + - bpo-46643: In typing.get_type_hints(), support evaluating + stringified ParamSpecArgs and ParamSpecKwargs annotations. + Patch by Gregory Beauregard. + - bpo-45863: When the tarfile module creates a pax format + archive, it will put an integer representation of timestamps + in the ustar header (if possible) for the benefit of older + unarchivers, in addition to the existing full-precision + timestamps in the pax extended header. + - bpo-46676: Make typing.ParamSpec args and kwargs equal to + themselves. Patch by Gregory Beauregard. + - bpo-46672: Fix NameError in asyncio.gather() when initial + type check fails. + - bpo-46655: In typing.get_type_hints(), support evaluating + bare stringified TypeAlias annotations. Patch by Gregory + Beauregard. + - bpo-45948: Fixed a discrepancy in the C implementation of the + xml.etree.ElementTree module. Now, instantiating an + xml.etree.ElementTree.XMLParser with a target=None keyword + provides a default xml.etree.ElementTree.TreeBuilder target + as the Python implementation does. + - bpo-46521: Fix a bug in the codeop module that was + incorrectly identifying invalid code involving string quotes + as valid code. + - bpo-46581: Brings ParamSpec propagation for GenericAlias in + line with Concatenate (and others). + - bpo-46591: Make the IDLE doc URL on the About IDLE dialog + clickable. + - bpo-46400: expat: Update libexpat from 2.4.1 to 2.4.4 + - bpo-46487: Add the get_write_buffer_limits method to + asyncio.transports.WriteTransport and to the SSL transport. + - bpo-45173: Note the configparser deprecations will be removed + in Python 3.12. + - bpo-46539: In typing.get_type_hints(), support evaluating + stringified ClassVar and Final annotations inside Annotated. + Patch by Gregory Beauregard. + - bpo-46491: Allow typing.Annotated to wrap typing.Final and + typing.ClassVar. Patch by Gregory Beauregard. + - bpo-46436: Fix command-line option -d/--directory in module + http.server which is ignored when combined with command-line + option --cgi. Patch by Géry Ogam. + - bpo-41403: Make mock.patch() raise a TypeError with + a relevant error message on invalid arg. Previously it + allowed a cryptic AttributeError to escape. + - bpo-46474: In importlib.metadata.EntryPoint.pattern, avoid + potential REDoS by limiting ambiguity in consecutive + whitespace. + - bpo-46469: asyncio generic classes now return + types.GenericAlias in __class_getitem__ instead of the same + class. + - bpo-46434: pdb now gracefully handles help when __doc__ is + missing, for example when run with pregenerated optimized + .pyc files. + - bpo-46333: The __eq__() and __hash__() methods of + typing.ForwardRef now honor the module parameter of + typing.ForwardRef. Forward references from different modules + are now differentiated. + - bpo-46246: Add missing __slots__ to + importlib.metadata.DeprecatedList. Patch by Arie Bovenberg. + - bpo-46266: Improve day constants in calendar. + - Now all constants (MONDAY … SUNDAY) are documented, tested, + and added to __all__. + - bpo-46232: The ssl module now handles certificates with bit + strings in DN correctly. + - bpo-43118: Fix a bug in inspect.signature() that was causing + it to fail on some subclasses of classes with + a __text_signature__ referencing module globals. Patch by + Weipeng Hong. + - bpo-26552: Fixed case where failing asyncio.ensure_future() + did not close the coroutine. Patch by Kumar Aditya. + - bpo-21987: Fix an issue with tarfile.TarFile.getmember() + getting a directory name with a trailing slash. + - bpo-20392: Fix inconsistency with uppercase file extensions + in MimeTypes.guess_type(). Patch by Kumar Aditya. + - bpo-46080: Fix exception in argparse help text generation if + a argparse.BooleanOptionalAction argument’s default is + argparse.SUPPRESS and it has help specified. Patch by Felix + Fontein. + - bpo-44439: Fix .write() method of a member file in ZipFile, + when the input data is an object that supports the buffer + protocol, the file length may be wrong. + - bpo-45703: When a namespace package is imported before + another module from the same namespace is created/installed + in a different sys.path location while the program is + running, calling the importlib.invalidate_caches() function + will now also guarantee the new module is noticed. + - bpo-24959: Fix bug where unittest sometimes drops frames from + tracebacks of exceptions raised in tests. + - bpo-44791: Fix substitution of ParamSpec in Concatenate with + different parameter expressions. Substitution with a list of + types returns now a tuple of types. Substitution with + Concatenate returns now a Concatenate with concatenated lists + of arguments. + - bpo-14156: argparse.FileType now supports an argument of ‘-’ + in binary mode, returning the .buffer attribute of + sys.stdin/sys.stdout as appropriate. Modes including ‘x’ and + ‘a’ are treated equivalently to ‘w’ when argument is ‘-’. + Patch contributed by Josh Rosenberg + - bpo-46463: Fixes escape4chm.py script used when building the + CHM documentation file + - bpo-46913: Fix test_faulthandler.test_sigfpe() if Python is + built with undefined behavior sanitizer (UBSAN): disable + UBSAN on the faulthandler_sigfpe() function. Patch by Victor + Stinner. + - bpo-46708: Prevent default asyncio event loop policy + modification warning after test_asyncio execution. + - bpo-46678: The function make_legacy_pyc in + Lib/test/support/import_helper.py no longer fails when + PYTHONPYCACHEPREFIX is set to a directory on a different + device from where tempfiles are stored. + - bpo-46616: Ensures test_importlib.test_windows cleans up + registry keys after completion. + - bpo-44359: test_ftplib now silently ignores socket errors to + prevent logging unhandled threading exceptions. Patch by + Victor Stinner. + - bpo-46542: Fix a Python crash in test_lib2to3 when using + Python built in debug mode: limit the recursion limit. Patch + by Victor Stinner. + - bpo-46576: test_peg_generator now disables compiler + optimization when testing compilation of its own C extensions + to significantly speed up the testing on non-debug builds of + CPython. + - bpo-46542: Fix test_json tests checking for RecursionError: + modify these tests to use support.infinite_recursion(). Patch + by Victor Stinner. + - bpo-13886: Skip test_builtin PTY tests on non-ASCII + characters if the readline module is loaded. The readline + module changes input() behavior, but test_builtin is not + intented to test the readline module. Patch by Victor + Stinner. + - bpo-38472: Fix GCC detection in setup.py when + cross-compiling. The C compiler is now run with LC_ALL=C. + Previously, the detection failed with a German locale. + - bpo-46513: configure no longer uses AC_C_CHAR_UNSIGNED macro + and pyconfig.h no longer defines reserved symbol + __CHAR_UNSIGNED__. + - bpo-45296: Clarify close, quit, and exit in IDLE. In the File + menu, ‘Close’ and ‘Exit’ are now ‘Close Window’ (the current + one) and ‘Exit’ is now ‘Exit IDLE’ (by closing all windows). + In Shell, ‘quit()’ and ‘exit()’ mean ‘close Shell’. If there + are no other windows, this also exits IDLE. + - bpo-45447: Apply IDLE syntax highlighting to pyi files. Patch + by Alex Waygood and Terry Jan Reedy. + - bpo-46433: The internal function _PyType_GetModuleByDef now + correctly handles inheritance patterns involving static + types. + - bpo-14916: Fixed bug in the tokenizer that prevented + PyRun_InteractiveOne from parsing from the provided FD. + +- Remove upstreamed patches: + - support-expat-245.patch + +------------------------------------------------------------------- +Tue Feb 22 05:53:06 UTC 2022 - Steve Kowalik + +- Add patch support-expat-245.patch: + * Support Expat >= 2.4.5 + +------------------------------------------------------------------- +Tue Feb 15 23:05:55 UTC 2022 - Matej Cepl + +- bsc#1195831 Obsolete older "most modern" versions of python + packages (python39 for python310 and so forth). For next + versions it is necessary just to edit the macro. + +------------------------------------------------------------------- +Tue Jan 25 16:09:25 UTC 2022 - Matej Cepl + +- Remove second superfluous BR rpm-build-python + +------------------------------------------------------------------- +Tue Jan 25 16:09:25 UTC 2022 - Matej Cepl + +- Remove second superfluous BR rpm-build-python +- Add fix_configure_rst.patch, which removes duplicate link + targets and make documentation with old Sphinx in SLE +- Skip test_capi (bsc#1195140 and bpo#37169) + +------------------------------------------------------------------- +Wed Jan 19 22:01:51 UTC 2022 - Matej Cepl + +- Update to 3.10.2: + Bugfix only + - bpo#46347 memory leak in PyEval_EvalCodeEx (especially + visible with Cython code) + - and many others + +------------------------------------------------------------------- +Wed Dec 8 13:07:25 UTC 2021 - Matej Cepl + +- Upgrade to 3.10.1 (jsc#SLE-18038): + - PEP 623 – Deprecate and prepare for the removal of the wstr + member in PyUnicodeObject. + - PEP 604 – Allow writing union types as X | Y + - PEP 612 – Parameter Specification Variables + - PEP 626 – Precise line numbers for debugging and other tools. + - PEP 618 – Add Optional Length-Checking To zip. + - bpo-12782: Parenthesized context managers are now officially + allowed. + - PEP 632 – Deprecate distutils module. + - PEP 613 – Explicit Type Aliases + - PEP 634 – Structural Pattern Matching: Specification + - PEP 635 – Structural Pattern Matching: Motivation and + Rationale + - PEP 636 – Structural Pattern Matching: Tutorial + - PEP 644 – Require OpenSSL 1.1.1 or newer + - PEP 624 – Remove Py_UNICODE encoder APIs + - PEP 597 – Add optional EncodingWarning +- Patches readjusted: + - bpo-31046_ensurepip_honours_prefix.patch + - python-3.3.0b1-fix_date_time_compiler.patch + +------------------------------------------------------------------- +Sat Dec 4 18:40:28 UTC 2021 - Matej Cepl + +- Remove pdb_adjust_breakpoints.patch and instead just adjust location + of the test breakpoint in Lib/test/test_pdb.py via sed, because we + have shortened Lib/pdb.py by removing the shebang (bpo#45964). + +------------------------------------------------------------------- +Thu Dec 2 13:51:57 UTC 2021 - Matej Cepl + +- Add pdb_adjust_breakpoints.patch fixing expectd results in + test_pdb_breakpoints_preserved_across_interactive_sessions + (bpo#45964). + +------------------------------------------------------------------- +Mon Nov 29 00:17:07 UTC 2021 - Matej Cepl + +- Remove shebangs from from python-base libraries in _libdir + (bsc#1193179). +- Readjust patches: + - bpo-31046_ensurepip_honours_prefix.patch + - decimal.patch + - python-3.3.0b1-fix_date_time_compiler.patch + +------------------------------------------------------------------- +Tue Nov 16 16:03:43 UTC 2021 - Matej Cepl + +- Move rpm-build-python construct to correct place. + +------------------------------------------------------------------- +Wed Oct 13 08:52:47 UTC 2021 - Dominique Leuenberger + +- BuildRequire rpm-build-python: The provider to inject python(abi) + has been moved there. rpm-build pulls rpm-build-python + automatically in when building anything against python3-base, but + this implies that the initial build of python3-base does not + trigger the automatic installation. + +------------------------------------------------------------------- +Tue Oct 5 22:36:51 UTC 2021 - Matej Cepl + +- Final release of 3.10.0: + Complete list on https://www.python.org/downloads/release/python-3100/, + but highlights are: + - PEP 623 – Deprecate and prepare for the removal of the wstr + member in PyUnicodeObject. + - PEP 604 – Allow writing union types as X | Y + - PEP 612 – Parameter Specification Variables + - PEP 626 – Precise line numbers for debugging and other + tools. + - PEP 618 – Add Optional Length-Checking To zip. + - PEP 632 – Deprecate distutils module. + - PEP 613 – Explicit Type Aliases + - PEP 634 – Structural Pattern Matching: Specification + - PEP 635 – Structural Pattern Matching: Motivation and + Rationale + - PEP 636 – Structural Pattern Matching: Tutorial + - PEP 644 – Require OpenSSL 1.1.1 or newer + - PEP 624 – Remove Py_UNICODE encoder APIs + - PEP 597 – Add optional EncodingWarning + - bpo-12782: Parenthesized context managers are now officially + allowed. + +------------------------------------------------------------------- +Mon Aug 30 12:48:25 UTC 2021 - Matej Cepl + +- Switch on option --with-system-libmpdec (bsc#1189356). + +------------------------------------------------------------------- +Fri Aug 27 13:15:03 UTC 2021 - Andreas Schwab + +- Reenable profileopt with qemu emulation, test_faulthandler is no longer + run during profiling + +------------------------------------------------------------------- +Thu Aug 12 15:11:39 UTC 2021 - Andreas Schwab + +- test_faulthandler is still problematic under qemu linux-user emulation, + disable it there + +------------------------------------------------------------------- +Wed Aug 11 05:57:11 UTC 2021 - Matej Cepl + +- Update to 3.10.0rc1 (the penultimate prerelease), which contains + plenty of small bugfixes among others: + - bpo#38605: from __future__ import annotations (PEP 563) used to be + on this list in previous pre-releases but it has been postponed to + Python 3.11 due to some compatibility concerns. + - bpo-44600: Fix incorrect line numbers while tracing some failed + patterns in match statements. Patch by Charles Burkland. + - plenty of modifications in types.Union + +------------------------------------------------------------------- +Wed Jul 21 13:44:48 UTC 2021 - Matej Cepl + +- Update to 3.10.0b4: + https://docs.python.org/3.10/whatsnew/changelog.html#python-3-10-0-beta-4 +- Remove python3-imp-returntype.patch which has been upstreamed. + +------------------------------------------------------------------- +Mon Jun 7 15:52:44 UTC 2021 - Matej Cepl + +- Update to 3.10.0b2: + - PEP 623 -- Deprecate and prepare for the removal of the wstr + member in PyUnicodeObject. + - PEP 604 -- Allow writing union types as X | Y + - PEP 612 -- Parameter Specification Variables + - PEP 626 -- Precise line numbers for debugging and other + tools. + - PEP 618 -- Add Optional Length-Checking To zip. + - bpo-12782: Parenthesized context managers are now officially + allowed. + - PEP 632 -- Deprecate distutils module. + - PEP 613 -- Explicit Type Aliases + - PEP 634 -- Structural Pattern Matching: Specification + - PEP 635 -- Structural Pattern Matching: Motivation and + Rationale + - PEP 636 -- Structural Pattern Matching: Tutorial + - PEP 644 -- Require OpenSSL 1.1.1 or newer + - PEP 624 -- Remove Py_UNICODE encoder APIs + - PEP 597 -- Add optional EncodingWarning +- Removed patches (assumed upstream): + - sphinx-update-removed-function.patch + +------------------------------------------------------------------- +Sat Jun 5 21:21:38 UTC 2021 - Matej Cepl + +- Revert previous skip over test_capi +- Add skip-test_pyobject_freed_is_freed.patch to skip failing + test on SLE-15. + +------------------------------------------------------------------- +Fri Jun 4 21:36:30 UTC 2021 - Dirk Müller + +- allow build with Sphinx >= 3.x + +------------------------------------------------------------------- +Wed Jun 2 13:12:04 UTC 2021 - Dan Čermák + +- Exclude test_capi on Leap (test fails there) + +------------------------------------------------------------------- +Fri May 21 15:13:59 UTC 2021 - Matej Cepl + +- Stop providing "python" symbol (bsc#1185588), which means + python2 currently. + +------------------------------------------------------------------- +Wed May 5 15:16:58 UTC 2021 - Matej Cepl + +- Update to 3.9.5: + * Security + - bpo-43434: Creating a sqlite3.Connection object now also + produces a sqlite3.connect auditing event. Previously this + event was only produced by sqlite3.connect() calls. Patch + by Erlend E. Aasland. + - bpo-43882: The presence of newline or tab characters in + parts of a URL could allow some forms of attacks. + - Following the controlling specification for URLs defined by + WHATWG urllib.parse() now removes ASCII newlines and tabs + from URLs, preventing such attacks. + - bpo-43472: Ensures interpreter-level audit hooks receive + the cpython.PyInterpreterState_New event when called + through the _xxsubinterpreters module. + - bpo-36384: ipaddress module no longer accepts any leading + zeros in IPv4 address strings. Leading zeros are ambiguous + and interpreted as octal notation by some libraries. For + example the legacy function socket.inet_aton() treats + leading zeros as octal notatation. glibc implementation of + modern inet_pton() does not accept any leading zeros. For + a while the ipaddress module used to accept ambiguous + leading zeros. + - bpo-43075: Fix Regular Expression Denial of Service (ReDoS) + vulnerability in urllib.request.AbstractBasicAuthHandler. + The ReDoS-vulnerable regex has quadratic worst-case + complexity and it allows cause a denial of service when + identifying crafted invalid RFCs. This ReDoS issue is on + the client side and needs remote attackers to control the + HTTP server. + - bpo-42800: Audit hooks are now fired for frame.f_code, + traceback.tb_frame, and generator code/frame attribute + access. + * Core and Builtins + - bpo-43105: Importlib now resolves relative paths when + creating module spec objects from file locations. + - bpo-42924: Fix bytearray repetition incorrectly copying + data from the start of the buffer, even if the data is + offset within the buffer (e.g. after reassigning a slice at + the start of the bytearray to a shorter byte string). + * Library + - bpo-43993: Update bundled pip to 21.1.1. + - bpo-43937: Fixed the turtle module working with non-default + root window. + - bpo-43930: Update bundled pip to 21.1 and setuptools to + 56.0.0 + - bpo-43920: OpenSSL 3.0.0: load_verify_locations() now + returns a consistent error message when cadata contains no + valid certificate. + - bpo-43607: urllib can now convert Windows paths with \\?\ + prefixes into URL paths. + - bpo-43284: platform.win32_ver derives the windows version + from sys.getwindowsversion().platform_version which in turn + derives the version from kernel32.dll (which can be of + a different version than Windows itself). Therefore change + the platform.win32_ver to determine the version using the + platform module’s _syscmd_ver private function to return an + accurate version. + - bpo-42248: [Enum] ensure exceptions raised in _missing__ + are released + - bpo-43799: OpenSSL 3.0.0: define OPENSSL_API_COMPAT 1.1.1 + to suppress deprecation warnings. Python requires OpenSSL + 1.1.1 APIs. + - bpo-43794: Add ssl.OP_IGNORE_UNEXPECTED_EOF constants + (OpenSSL 3.0.0) + - bpo-43789: OpenSSL 3.0.0: Don’t call the password callback + function a second time when first call has signaled an + error condition. + - bpo-43788: The header files for ssl error codes are now + OpenSSL version-specific. Exceptions will now show correct + reason and library codes. The make_ssl_data.py script has + been rewritten to use OpenSSL’s text file with error codes. + - bpo-43655: tkinter dialog windows are now recognized as + dialogs by window managers on macOS and X Window. + - bpo-43534: turtle.textinput() and turtle.numinput() create + now a transient window working on behalf of the canvas + window. + - bpo-43522: Fix problem with hostname_checks_common_name. + OpenSSL does not copy hostflags from struct SSL_CTX to + struct SSL. + - bpo-42967: Allow bytes separator argument in + urllib.parse.parse_qs and urllib.parse.parse_qsl when + parsing str query strings. Previously, this raised + a TypeError. + - bpo-43176: Fixed processing of a dataclass that inherits + from a frozen dataclass with no fields. It is now correctly + detected as an error. + - bpo-41735: Fix thread locks in zlib module may go wrong in + rare case. Patch by Ma Lin. + - bpo-36470: Fix dataclasses with InitVars and replace(). + Patch by Claudiu Popa. + - bpo-32745: Fix a regression in the handling of ctypes’ + ctypes.c_wchar_p type: embedded null characters would cause + a ValueError to be raised. Patch by Zackery Spytz. + * Documentation + - bpo-43959: The documentation on the PyContextVar C-API was + clarified. + - bpo-43938: Update dataclasses documentation to express that + FrozenInstanceError is derived from AttributeError. + - bpo-43755: Update documentation to reflect that + unparenthesized lambda expressions can no longer be the + expression part in an if clause in comprehensions and + generator expressions since Python 3.9. + - bpo-43739: Fixing the example code in + Doc/extending/extending.rst to declare and initialize the + pmodule variable to be of the right type. + * Tests + - bpo-43961: Fix + test_logging.test_namer_rotator_inheritance() on Windows: + use os.replace() rather than os.rename(). Patch by Victor + Stinner. + - bpo-43842: Fix a race condition in the SMTP test of + test_logging. Don’t close a file descriptor (socket) from + a different thread while asyncore.loop() is polling the + file descriptor. Patch by Victor Stinner. + - bpo-43811: Tests multiple OpenSSL versions on GitHub + Actions. Use ccache to speed up testing. + - bpo-43791: OpenSSL 3.0.0: Disable testing of legacy + protocols TLS 1.0 and 1.1. Tests are failing with + TLSV1_ALERT_INTERNAL_ERROR. +- Refreshed patches: + - bpo-31046_ensurepip_honours_prefix.patch + - python-3.3.0b1-fix_date_time_compiler.patch +- Add vendorized files from bluez-devel to enable building support for + Bluetooth. + +------------------------------------------------------------------- +Sun May 2 09:20:06 UTC 2021 - Ben Greiner + +- Make sure to close the import_failed.map file after the exception + has been raised in order to avoid ResourceWarnings when the + failing import is part of a try...except block. + +------------------------------------------------------------------- +Wed Apr 28 16:39:54 UTC 2021 - Matej Cepl + +- Update to 3.9.4: + - bpo#43710: Reverted the fix for https://bugs.python.org/issue42500 + as it changed the PyThreadState struct size and broke the 3.9.x ABI + in the 3.9.3 release (visible on 32-bit platforms using binaries + compiled using an earlier version of Python 3.9.x headers). + - bpo#26053: Fixed bug where the pdb interactive run command echoed + the args from the shell command line, even if those have been + overridden at the pdb prompt. + - bpo#42988 (bsc#1183374) CVE-2021-3426: Remove the getfile + feature of the pydoc module which could be abused to read + arbitrary files on the disk (directory traversal + vulnerability). Moreover, even source code of Python modules + can contain sensitive data like passwords. Vulnerability + reported by David Schwörer. + - bpo#43285: ftplib no longer trusts the IP address value + returned from the server in response to the PASV command by + default. This prevents a malicious FTP server from using the + response to probe IPv4 address and port combinations on the + client network. Code that requires the former vulnerable + behavior may set a trust_server_pasv_ipv4_address attribute + on their ftplib.FTP instances to True to re-enable it. + - bpo#43439: Add audit hooks for gc.get_objects(), + gc.get_referrers() and gc.get_referents(). Patch by Pablo + Galindo. + - bpo#43660: Fix crash that happens when replacing sys.stderr + with a callable that can remove the object while an exception + is being printed. Patch by Pablo Galindo. + - bpo#43555: Report the column offset for SyntaxError for + invalid line continuation characters. Patch by Pablo Galindo. + - bpo#43517: Fix misdetection of circular imports when using + from pkg.mod import attr, which caused false positives in + non-trivial multi-threaded code. + - bpo#35883: Python no longer fails at startup with a fatal + error if a command line argument contains an invalid Unicode + character. The Py_DecodeLocale() function now escapes byte + sequences which would be decoded as Unicode characters + outside the [U+0000; U+10ffff] range. + - bpo#43406: Fix a possible race condition where + PyErr_CheckSignals tries to execute a non-Python signal + handler. + - bpo#42500: Improve handling of exceptions near recursion + limit. Converts a number of Fatal Errors in RecursionErrors. + - bpo#43433: xmlrpc.client.ServerProxy no longer ignores query + and fragment in the URL of the server. + - bpo#35930: Raising an exception raised in a “future” instance + will create reference cycles. + - bpo#43577: Fix deadlock when using ssl.SSLContext debug + callback with ssl.SSLContext.sni_callback(). + - bpo#43521: ast.unparse can now render NaNs and empty sets. + - bpo#43423: subprocess.communicate() no longer raises an + IndexError when there is an empty stdout or stderr IO buffer + during a timeout on Windows. + - bpo#27820: Fixed long-standing bug of smtplib.SMTP where + doing AUTH LOGIN with initial_response_ok=False will fail. + The cause is that SMTP.auth_login _always_ returns a password + if provided with a challenge string, thus non-compliant with + the standard for AUTH LOGIN. Also fixes bug with the test for + smtpd. + - bpo#43332: Improves the networking efficiency of http.client + when using a proxy via set_tunnel(). Fewer small send calls + are made during connection setup. + - bpo#43399: Fix ElementTree.extend not working on iterators + when using the Python implementation + - bpo#43316: The python -m gzip command line application now + properly fails when detecting an unsupported extension. It + exits with a non-zero exit code and prints an error message + to stderr. + - bpo#43260: Fix TextIOWrapper can not flush internal buffer + forever after very large text is written. + - bpo#42782: Fail fast in shutil.move() to avoid creating + destination directories on failure. + - bpo#37193: Fixed memory leak in socketserver.ThreadingMixIn + introduced in Python 3.7. + - bpo#43199: Answer “Why is there no goto?” in the Design and + History FAQ. + - bpo#43407: Clarified that a result from time.monotonic(), + time.perf_counter(), time.process_time(), or + time.thread_time() can be compared with the result from any + following call to the same function - not just the next + immediate call. + - bpo#27646: Clarify that ‘yield from ’ works with any + iterable, not just iterators. + - bpo#36346: Update some deprecated unicode APIs which are + documented as “will be removed in 4.0” to “3.12”. See PEP 623 + for detail. + - bpo#37945: Fix test_getsetlocale_issue1813() of test_locale: + skip the test if setlocale() fails. Patch by Victor Stinner. + - bpo#41561: Add workaround for Ubuntu’s custom OpenSSL + security level policy. + - bpo#43288: Fix test_importlib to correctly skip Unicode file + tests if the fileystem does not support them. + - bpo#43617: Improve configure.ac: Check for presence of + autoconf-archive package and remove our copies of M4 macros. + - bpo#42225: Document that IDLE can fail on Unix either from + misconfigured IP masquerage rules or failure displaying + complex colored (non-ascii) characters. + - bpo#43283: Document why printing to IDLE’s Shell is often + slower than printing to a system terminal and that it can be + made faster by pre-formatting a single string before + printing. + +------------------------------------------------------------------- +Fri Feb 19 16:58:38 UTC 2021 - Matej Cepl + +- Update to 3.9.2: + - bpo#42938 (bsc#1181126): Avoid static buffers when computing + the repr of ctypes.c_double and ctypes.c_longdouble + values. This issue was assigned CVE-2021-3177. + - bpo#42967 (bsc#1182379): Fix web cache poisoning + vulnerability by defaulting the query args separator to &, + and allowing the user to choose a custom separator. This + issue was assigned CVE-2021-23336. +- Upstreamed patches were removed: + - CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch + - bsc1167501-invalid-alignment.patch + - skip_random_failing_tests.patch + - CVE-2019-5010-null-defer-x509-cert-DOS.patch + +------------------------------------------------------------------- +Tue Feb 9 01:37:59 UTC 2021 - Steve Kowalik + +- Add Obsoletes for python3-base when primary interpreter is set to + properly replace it during upgrades. (bsc#1181324) + +------------------------------------------------------------------- +Mon Feb 8 22:02:03 UTC 2021 - Matej Cepl + +- Update to 3.9.1: + Security bugs: + - Prevented potential DoS attack via CPU and RAM exhaustion + when processing malformed Apple Property List files in binary + format. + - The plistlib module no longer accepts entity declarations in + XML plist files to avoid XML vulnerabilities. This should not + affect users as entity declarations are not used in regular + plist files. + - Add volatile to the accumulator variable in + hmac.compare_digest, making constant-time-defeating + optimizations less likely. + Core and Builtins + - Allow assignment expressions in set literals and set + comprehensions as per PEP 572. Patch by Pablo Galindo. + - Fix a regression introduced by the new parser, where an + unparenthesized walrus operator was not allowed within + generator expressions. + - types.GenericAlias objects can now be the targets of + weakrefs. + - Fixed a bug in the PEG parser that was causing crashes in + debug mode. Now errors are checked in left-recursive rules to + avoid cases where such errors do not get handled in time and + appear as long-distance crashes in other places. + - Fixed a possible crash in the PEG parser when checking for + the ‘!=’ token in the barry_as_flufl rule. Patch by Pablo + Galindo. + - Fix handling of errors during creation of PyFunctionObject, + which resulted in operations on uninitialized memory. Patch + by Yonatan Goldschmidt. + - Fix a bug in the parser, where a curly brace following + a primary didn’t fail immediately. This led to invalid + expressions like a {b} to throw a SyntaxError with a wrong + offset, or invalid expressions ending with a curly brace like + a { to not fail immediately in the REPL. + - Fix possible buffer overflow in the new parser when checking + for continuation lines. Patch by Pablo Galindo. + - Run the parser two times. On the first run, disable all the + rules that only generate better error messages to gain + performance. If there’s a parse failure, run the parser + a second time with those enabled. + - Document the default implementation of object.__eq__. + - Fix peephole optimizer misoptimize conditional jump + + JUMP_IF_NOT_EXC_MATCH pair. + - The garbage collector now tracks all user-defined classes. + Patch by Brandt Bucher. + - Fixed potential issues with removing not completely + initialized module from sys.modules when import fails. + - Star-unpacking is now allowed for with item’s targets in the + PEG parser. + - Fixed stack overflow in issubclass() and isinstance() when + getting the __bases__ attribute leads to infinite recursion. + - When loading a native module and a load failure occurs, + prevent a possible UnicodeDecodeError when not running in + a UTF-8 locale by decoding the load error message using the + current locale’s encoding. + - Correctly count control blocks in ‘except’ in compiler. + Ensures that a syntax error, rather a fatal error, occurs for + deeply nested, named exception handlers. + Library + - types.GenericAlias will now raise a TypeError when attempting + to initialize with a keyword argument. Previously, this would + cause the interpreter to crash if the interpreter was + compiled with debug symbols. This does not affect + interpreters compiled for release. Patch by Ken Jin. + - CGIHTTPRequestHandler.run_cgi() HTTP_ACCEPT improperly + parsed. Replace the special purpose getallmatchingheaders + with generic get_all method and add relevant tests. + - inspect.findsource() now raises OSError instead of IndexError + when co_lineno of a code object is greater than the file + length. This can happen, for example, when a file is edited + after it was imported. PR by Irit Katriel. + - Fix handling of trailing comments by inspect.getsource(). + - ChainMap.__iter__ no longer calls __getitem__ on underlying + maps + - TracebackException no longer holds a reference to the + exception’s traceback object. Consequently, instances of + TracebackException for equivalent but non-equal exceptions + now compare as equal. + - We fixed an issue in pickle.whichmodule in which importing + multiprocessing could change the how pickle identifies which + module an object belongs to, potentially breaking the + unpickling of those objects. + - Clarify the error message for asyncio.IncompleteReadError + when expected is None. + - Extracting a symlink from a tarball should succeed and + overwrite the symlink if it already exists. The fix is to + remove the existing file or symlink before extraction. Based + on patch by Chris AtLee, Jeffrey Kintscher, and Senthil + Kumaran. + - Fixed tkinter.ttk.Style.map(). The function accepts now the + representation of the default state as empty sequence (as + returned by Style.map()). The structure of the result is now + the same on all platform and does not depend on the value of + wantobjects. + - Fix various issues with typing.Literal parameter handling + (flatten, deduplicate, use type to cache key). Patch provided + by Yurii Karabas. + - Fix the threading.Thread class at fork: do nothing if the + thread is already stopped (ex: fork called at Python exit). + Previously, an error was logged in the child process. + - The onerror callback from shutil.rmtree now receives correct + function when os.open fails. + - Fix os.sendfile() on illumos. + - Fixed writing binary Plist files larger than 4 GiB. + - The repr() of typing types containing Generic Alias Types + previously did not show the parameterized types in the + GenericAlias. They have now been changed to do so. + - webbrowser: Ignore NotADirectoryError when calling + xdg-settings. + - binhex.binhex() consisently writes macOS 9 line endings. + - Fix a stack overflow error for asyncio Task or Future repr(). + - The overflow occurs under some circumstances when a Task or + Future recursively returns itself. + - Fix memory leak in subprocess.Popen() in case an uid (gid) + specified in user (group, extra_groups) overflows uid_t + (gid_t). + - Improve asyncio.wait function to create the futures set just + one time. + - InvalidFileException and RecursionError are now the only + errors caused by loading malformed binary Plist file + (previously ValueError and TypeError could be raised in some + specific cases). + - Pickling heap types implemented in C with protocols 0 and + 1 raises now an error instead of producing incorrect data. + - plistlib: fix parsing XML plists with hexadecimal integer + values + - Fix an incorrectly formatted error from + _codecs.charmap_decode() when called with a mapped value + outside the range of valid Unicode code points. PR by Max + Bernstein. + - Fix pickling pure Python datetime.time subclasses. Patch by + Dean Inwood. + - Fixed a bug that was causing ctypes.util.find_library() to + return None when triying to locate a library in an + environment when gcc>=9 is available and ldconfig is not. + Patch by Pablo Galindo + - C14N 2.0 serialisation in xml.etree.ElementTree failed for + unprefixed attributes when a default namespace was defined. + - Fix a bug in the symtable module that was causing + module-scope global variables to not be reported as both + local and global. Patch by Pablo Galindo. + - str() for the type attribute of the tkinter.Event object + always returns now the numeric code returned by Tk instead of + the name of the event type. + - fix tkinter.EventType Enum so all members are strings, and + none are tuples + - Fix SQLite3 segfault when backing up closed database. Patch + contributed by Peter David McCormick. + - Fix the tarfile module to write only basename of TAR file to + GZIP compression header. + - Allow ctypes.wintypes to be imported on non-Windows systems. + - shutil.which() now ignores empty entries in PATHEXT instead + of treating them as a match. + - Fix time-of-check/time-of-action issue in + subprocess.Popen.send_signal. + - Fix --outfile for cProfile / profile not writing the output + file in the original directory when the program being + profiled changes the working directory. PR by Anthony + Sottile. + - ZipFile truncates files to avoid corruption when a shorter + comment is provided in append (“a”) mode. Patch by Jan Mazur. + - Fixed KeyError exception when flattening an email to a string + attempts to replace a non-existent Content-Transfer-Encoding + header. + Documentation + - Fix the URL for the IMAP protocol documents. + - Document __format__ functionality for IP addresses. + - Clarify that subscription expressions are also valid for + certain classes and types in the standard library, and for + user-defined classes and types if the classmethod + __class_getitem__() is provided. + - Documented generic alias type and types.GenericAlias. Also + added an entry in glossary for generic types. + - In Programming FAQ “Sequences (Tuples/Lists)” section, add + “How do you remove multiple items from a list”. + - Fix RemovedInSphinx40Warning when building the documentation. + Patch by Dong-hee Na. + - Update the refcounts info of PyType_FromModuleAndSpec. + - Fix tarfile’s extractfile documentation + - Document some restrictions on the default string + representations of numeric classes. + Tests + - Reenable test_gdb on gdb 9.2 and newer: + https://bugzilla.redhat.com/show_bug.cgi?id=1866884 bug is + fixed in gdb 10.1. + - Fix test_asyncio.test_call_later() race condition: don’t + measure asyncio performance in the call_later() unit test. + The test failed randomly on the CI. + - Include _testinternalcapi module in Windows installer for + test suite + - Fix test_logging.test_race_between_set_target_and_flush(): + the test now waits until all threads complete to avoid + leaking running threads. + - Avoid a test failure in test_lib2to3 if the module has + already imported at the time the test executes. Patch by + Pablo Galindo. + - Tests for CJK codecs no longer call eval() on content + received via HTTP. + - Fix test_site.test_license_exists_at_url(): call + urllib.request.urlcleanup() to reset the global + urllib.request._opener. Patch by Victor Stinner. + - test_ssl: skip test_min_max_version_mismatch when TLS 1.0 is + not available + - Add tests for SIGINT handling in the runpy module. + - Fixed a failure in test_tk.test_widgets.ScaleTest happening + when executing the test with Tk 8.6.10. + Build + - Fix a race condition in “make regen-all” when make -jN option + is used to run jobs in parallel. The clinic.py script now + only use atomic write to write files. Moveover, generated + files are now left unchanged if the content does not change, + to not change the file modification time. + - Update Py_UNREACHABLE to use __builtin_unreachable() if only + the compiler is able to use it. Patch by Dong-hee Na. + - Addressed three compiler warnings found by undefined behavior + sanitizer (ubsan). + IDLE + - Fix reporting offset of the RE error in searchengine. + - Get docstrings for IDLE calltips more often by using + inspect.getdoc. + - Mostly finish using ttk widgets, mainly for editor, settings, + and searches. Some patches by Mark Roseman. + - Use ‘IDLE Shell’ as shell title + - Rewrite the Calltips doc section. + - In calltips, stop reminding that ‘/’ marks the end of + positional-only arguments. + - Typing opening and closing parentheses inside the parentheses + of a function call will no longer cause unnecessary + “flashing” off and on of an existing open call-tip, e.g. when + typed in a string literal. + C API + - Fix potential crash in deallocating method objects when + dynamically allocated PyMethodDef’s lifetime is managed + through the self argument of a PyCFunction. + - Py_FileSystemDefaultEncodeErrors and Py_UTF8Mode are + available again in limited API. +- Readjustet and reapplied patches: + - CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch + - bpo-31046_ensurepip_honours_prefix.patch + - python-3.3.0b1-fix_date_time_compiler.patch + - skip_random_failing_tests.patch + - sphinx-update-removed-function.patch + +------------------------------------------------------------------- +Fri Jan 29 17:22:48 UTC 2021 - Matej Cepl + +- Add CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch fixing + bsc#1181126 (CVE-2021-3177) buffer overflow in PyCArg_repr in + _ctypes/callproc.c, which may lead to remote code execution. + +------------------------------------------------------------------- +Tue Jan 5 09:15:36 UTC 2021 - Matej Cepl + +- (bsc#1180125) We really don't Require python-rpm-macros package. + Unnecessary dependency. + +------------------------------------------------------------------- +Wed Dec 16 16:08:42 UTC 2020 - Matej Cepl + +- Make python39-doc building again +- Add no-skipif-doctests.patch, because SLE-15 version of Sphinx + doesn't know about skipif directive in doctests. + +------------------------------------------------------------------- +Sat Dec 12 14:29:33 UTC 2020 - Matej Cepl + +- Update sphinx-update-removed-function.patch patch to the latest + version in python36. + +------------------------------------------------------------------- +Thu Dec 10 00:26:51 UTC 2020 - Benjamin Greiner + +- Last try before this results in an editwar: + * remove importlib_resources and importlib-metadata + provides/obsoletes + * import importlib_resources is not the same as + import importlib.resources, same for metadata + * The backport packages from PyPI needed for older flavors are + specified as such for setuptools or in pyproject.toml. If a + package requires them they typically add them with a python + version qualifier and the packages have their own version + numbers. + +------------------------------------------------------------------- +Sat Dec 5 16:55:12 UTC 2020 - Matej Cepl + +- Add patch sphinx-update-removed-function.patch to no longer call + a now removed function and to make documentation build independent of + the Sphinx version (bsc#1179630, gh#python/cpython#13236). + +------------------------------------------------------------------- +Fri Nov 13 17:20:08 UTC 2020 - Matej Cepl + +- Don't require packages which break build on SLE-15 although we really + don't need them (python3-python-docs-theme and + python3-sphinxcontrib-qthelp). + +------------------------------------------------------------------- +Fri Oct 9 16:05:50 UTC 2020 - Dominique Leuenberger + +- Fix build with RPM 4.16: error: bare words are no longer + supported, please use "...": x86 == ppc. + +------------------------------------------------------------------- +Tue Oct 6 07:30:56 UTC 2020 - Matej Cepl + +- Update to the final version 3.9.0: + Complete changelog with all (many) + changes from previous version is on + https://docs.python.org/release/3.9.0/whatsnew/3.9.html + Changes from the previous RC versions (not that many) are on + https://docs.python.org/release/3.9.0/whatsnew/changelog.html#changelog + +------------------------------------------------------------------- +Fri Sep 25 06:58:03 UTC 2020 - Dominique Leuenberger + +- Buildrequire timezone only for general flavor. It's used in this + flavor for the test suite. + +------------------------------------------------------------------- +Wed Sep 2 14:39:44 UTC 2020 - Matej Cepl + +- Update to 3.9.0rc1: + * Core and Builtins + - bpo-38156: Handle interrupts that come after EOF + correctly in PyOS_StdioReadline. + * Library + - bpo-41497: Fix potential UnicodeDecodeError in dis + module. + - bpo-41490: Update ensurepip to install pip 20.2.1 and + setuptools 49.2.1. + - bpo-41467: On Windows, fix asyncio recv_into() return + value when the socket/pipe is closed (BrokenPipeError): + return 0 rather than an empty byte string (b''). + - bpo-41425: Make tkinter doc example runnable. + - bpo-41384: Raise TclError instead of TypeError when an + unknown option is passed to tkinter.OptionMenu. + - bpo-38731: Fix NameError in command-line interface of + py_compile. + - bpo-41317: Use add_done_callback() in + asyncio.loop.sock_accept() to unsubscribe reader early on + cancellation. + - bpo-41364: Reduce import overhead of uuid. + - bpo-41341: Recursive evaluation of typing.ForwardRef in + get_type_hints. + - bpo-41182: selector: use DefaultSelector based upon + implementation + - bpo-40726: Handle cases where the end_lineno is None on + ast.increment_lineno(). + * Documentation + - bpo-41045: Add documentation for debug feature of + f-strings. + - bpo-41314: Changed the release when from __future__ + import annotations becomes the default from 4.0 to 3.10 + (following a change in PEP 563). + * Windows + - bpo-41492: Fixes the description that appears in UAC + prompts. + - bpo-40948: Improve post-install message to direct people + to the “py” command. + - bpo-41412: The installer will now fail to install on + Windows 7 and Windows 8. Further, the UCRT dependency is + now always downloaded on demand. + - bpo-40741: Update Windows release to include SQLite + 3.32.3. + * IDLE + - bpo-41468: Improve IDLE run crash error message (which + users should never see). + - bpo-41373: Save files loaded with no line ending, as when + blank, or different line endings, by setting its line + ending to the system default. Fix regression in 3.8.4 and + 3.9.0b4. + +------------------------------------------------------------------- +Tue Sep 1 10:15:06 UTC 2020 - Matej Cepl + +- Synchronize formatting and fixes with python38. + +------------------------------------------------------------------- +Thu Aug 20 15:41:28 UTC 2020 - Andreas Schwab + +- Increase testsuite timeout to account for super long running + test_peg_generator + +------------------------------------------------------------------- +Tue Jul 21 09:53:06 UTC 2020 - Callum Farmer + +- Removed CVE-2019-20907_tarfile-inf-loop.patch: fixed in upstream +- Removed recursion.tar: contained in upstream +- Update to 3.9.0b5: + - bpo-41304: Fixes python3x._pth being ignored on Windows, caused + by the fix for bpo-29778 (CVE-2020-15801). + - bpo-41162: Audit hooks are now cleared later during + finalization to avoid missing events. + - bpo-29778: Ensure python3.dll is loaded from correct locations + when Python is embedded (CVE-2020-15523). + - bpo-39603: Prevent http header injection by rejecting control + characters in http.client.putrequest(…). + - bpo-41295: Resolve a regression in CPython 3.8.4 where defining + “__setattr__” in a multi-inheritance setup and + calling up the hierarchy chain could fail if builtins/extension + types were involved in the base types. + - bpo-41247: Always cache the running loop holder when running + asyncio.set_running_loop. + - bpo-41252: Fix incorrect refcounting in + _ssl.c’s _servername_callback(). + - bpo-41215: Use non-NULL default values in the PEG parser + keyword list to overcome a bug that was ' + preventing Python from being properly compiled when using the + XLC compiler. Patch by Pablo Galindo. + - bpo-41218: Python 3.8.3 had a regression where compiling with + ast.PyCF_ALLOW_TOP_LEVEL_AWAIT would + aggressively mark list comprehension with CO_COROUTINE. Now only + list comprehension making use of async/await will tagged as so. + - bpo-41175: Guard against a NULL pointer dereference within + bytearrayobject triggered by the bytearray() + bytearray() operation. + - bpo-39960: The “hackcheck” that prevents sneaking around a type’s + __setattr__() by calling the superclass method was + rewritten to allow C implemented heap types. + - bpo-41288: Unpickling invalid NEWOBJ_EX opcode with the + C implementation raises now UnpicklingError instead of crashing. + - bpo-39017: Avoid infinite loop when reading specially crafted + TAR files using the tarfile module (CVE-2019-20907, bsc#1174091). + - bpo-41235: Fix the error handling in ssl.SSLContext.load_dh_params(). + - bpo-41207: In distutils.spawn, restore expectation that + DistutilsExecError is raised when the command is not found. + - bpo-39168: Remove the __new__ method of typing.Generic. + - bpo-41194: Fix a crash in the _ast module: it can no longer be + loaded more than once. It now uses a global state rather than a module state. + - bpo-39384: Fixed email.contentmanager to allow set_content() to set a + null string. + - bpo-41300: Save files with non-ascii chars. + Fix regression released in 3.9.0b4 and 3.8.4. + - bpo-37765: Add keywords to module name completion list. + Rewrite Completions section of IDLE doc. + - bpo-40170: Revert PyType_HasFeature() change: it reads + again directly the PyTypeObject.tp_flags + member when the limited C API is not used, rather than always calling + PyType_GetFlags() which hides implementation details. + +------------------------------------------------------------------- +Mon Jul 20 12:06:41 UTC 2020 - Matej Cepl + +- Add CVE-2019-20907_tarfile-inf-loop.patch fixing bsc#1174091 + (CVE-2019-20907, bpo#39017) avoiding possible infinite loop + in specifically crafted tarball. + Add recursion.tar as a testing tarball for the patch. + +------------------------------------------------------------------- +Fri Jul 17 07:07:19 UTC 2020 - Callum Farmer + +- Changed bpo-31046_ensurepip_honours_prefix.patch to include fix from py3.8 + +------------------------------------------------------------------- +Thu Jul 16 21:45:50 UTC 2020 - Callum Farmer + +- Spec file fixes +- Re-added subprocess-raise-timeout.patch: now compatible +- Removed bpo34022-stop_hash-based_invalidation_w_SOURCE_DATE_EPOCH.patch: contained in upstream + +------------------------------------------------------------------- +Wed Jul 15 09:10:42 UTC 2020 - Tomáš Chvátal + +- Fix minor issues found in the staging. + +------------------------------------------------------------------- +Wed Jul 15 06:13:33 UTC 2020 - Tomáš Chvátal + +- Do not set ourselves as primary interpreter + +------------------------------------------------------------------- +Tue Jul 14 20:45:11 UTC 2020 - Matej Cepl + +- Update to 3.9.0b4: + - PEP 584, Union Operators in dict + - PEP 585, Type Hinting Generics In Standard Collections + - PEP 593, Flexible function and variable annotations + - PEP 602, Python adopts a stable annual release cadence + - PEP 615, Support for the IANA Time Zone Database in the + Standard Library + - PEP 616, String methods to remove prefixes and suffixes + - PEP 617, New PEG parser for CPython + - bpo#38379, garbage collection does not block on resurrected + objects; + - bpo#38692, os.pidfd_open added that allows process + management without races and signals; + - bpo#39926, Unicode support updated to version 13.0.0; + - bpo#1635741, when Python is initialized multiple times in + the same process, it does not leak memory anymore; + - A number of Python builtins (range, tuple, set, frozenset, + list, dict) are now sped up using PEP 590 vectorcall; + - A number of Python modules (_abc, audioop, _bz2, _codecs, + _contextvars, _crypt, _functools, _json, _locale, operator, + resource, time, _weakref) now use multiphase initialization + as defined by PEP 489; + - A number of standard library modules (audioop, ast, grp, + _hashlib, pwd, _posixsubprocess, random, select, struct, + termios, zlib) are now using the stable ABI defined by + PEP 384. +- Remove upstreamed patches: + - F00102-lib64.patch + - SUSE-FEDORA-multilib.patch + - OBS_dev-shm.patch + - subprocess-raise-timeout.patch + - bpo36302-sort-module-sources.patch + - bpo40784-Fix-sqlite3-deterministic-test.patch + +------------------------------------------------------------------- +Fri Jul 10 10:55:15 UTC 2020 - Tomáš Chvátal + +- Update pre_checkin.sh and regenerate + +------------------------------------------------------------------- +Fri Jul 10 10:11:39 UTC 2020 - Tomáš Chvátal + +- Convert few dependencies to their pkgconfig counterparts + +------------------------------------------------------------------- +Fri Jul 10 10:08:48 UTC 2020 - Tomáš Chvátal + +- Remove release requirement on libpython, it is not really needed + to be equal as the abi changes with versions + +------------------------------------------------------------------- +Fri Jul 10 10:07:50 UTC 2020 - Tomáš Chvátal + +- Add provides python3-bla on all the subpkgs in case we are + primary provider of the functionality + +------------------------------------------------------------------- +Fri Jul 10 10:02:01 UTC 2020 - Tomáš Chvátal + +- Remove unversioned files from devel subpkg too +- Remove main python3 files from -base based whether we are + primary interpreter or not +- Fix idle to be co-installable +- Add condition to be primary to provide/obsolete python3-* +- Fix doc to build in versioned folder so the pythons can be + installed next to each other + +------------------------------------------------------------------- +Fri Jul 10 07:57:10 UTC 2020 - Tomáš Chvátal + +- Revert the full versioning of calls on the macros. These + are generic so they should really just call python3 X + +------------------------------------------------------------------- +Fri Jul 10 07:56:11 UTC 2020 - Tomáš Chvátal + +- For the doc package we can build with generic flavor, we don't + need the our-interpreter based one + +------------------------------------------------------------------- +Fri Jul 10 07:18:53 UTC 2020 - Tomáš Chvátal + +- Add provides for pytohn3X-typing/etc to allow BR on those still + to work when needed + +------------------------------------------------------------------- +Fri Jul 10 07:14:33 UTC 2020 - Tomáš Chvátal + +- Change macros.python3 to use full versioned 3.8 instead of just 3 + for python interpreter + +------------------------------------------------------------------- +Wed Jul 1 11:50:19 UTC 2020 - Tomáš Chvátal + +- Reduce some now unused conditionals + +------------------------------------------------------------------- +Wed Jul 1 11:00:40 UTC 2020 - Tomáš Chvátal + +- Redux the -base dependencies to match up pre-merge layout + +------------------------------------------------------------------- +Wed Jul 1 09:24:39 UTC 2020 - Tomáš Chvátal + +- Generate baselibs in pre-checkin too + +------------------------------------------------------------------- +Wed Jul 1 09:14:33 UTC 2020 - Tomáš Chvátal + +- Generate the importlib-failed using pre_checking again +- Add back the information about skipped tests on the pre_checkin + output + +------------------------------------------------------------------- +Tue Jun 30 07:11:19 UTC 2020 - Tomáš Chvátal + +- Use %python_pkg_name instead of hardcoding python3 where + applicable +- Sort out preamble with spec-cleaner + +------------------------------------------------------------------- +Mon Jun 29 14:36:10 UTC 2020 - Matej Cepl + +- Calculate required variables instead of relying on their continuous manual update + +------------------------------------------------------------------- +Thu Jun 25 10:44:08 UTC 2020 - Tomáš Chvátal + +- Fix the -base module build again to generate only the deps + we need + +------------------------------------------------------------------- +Wed Jun 17 18:42:51 UTC 2020 - Matej Cepl + +- Replace OBS_dev-shm.patch with the upstream PR#20944 + +------------------------------------------------------------------- +Thu Jun 10 14:30:15 UTC 2020 - Tomáš Chvátal + +- Use the %{python_pkg_name} on more places to allow easier + multiversioning +- Switch to _multibuild approach for easier maintenance of this + package. All is now in one spec file with 3 conditionals: + * bcond_with base + * bcond_with doc + * bcond_with general + +------------------------------------------------------------------- +Mon Jun 8 14:26:00 UTC 2020 - Matej Cepl + +- add requires python3-base on libpython subpackage (bsc#1167008) + +------------------------------------------------------------------- +Fri Jun 5 06:08:12 UTC 2020 - Dirk Mueller + +- build against Sphinx 2.x until python is compatible with + Sphinx 3.x (see gh#python/cpython#19397, bpo#40204) + +------------------------------------------------------------------- +Fri May 29 19:59:01 UTC 2020 - Andreas Stieger + +- Fix build with SQLite 3.32 (bpo#40783) + add bpo40784-Fix-sqlite3-deterministic-test.patch + +------------------------------------------------------------------- +Sun May 17 15:37:35 UTC 2020 - Callum Farmer + +- Update to version 3.8.3: + - Complete list of changes is available at + https://docs.python.org/release/3.8.3/whatsnew/changelog.html#python-3-8-3-final, + but most of them are just bugfixes. + - Removed patch CVE-2020-8492-urllib-ReDoS.patch: contained in upstream + +------------------------------------------------------------------- +Thu Apr 16 12:06:01 UTC 2020 - Matej Cepl + +- Add #!BuildIgnore: gdk-pixbuf-loader-rsvg to python3 SPEC + +------------------------------------------------------------------- +Thu Mar 26 15:36:55 UTC 2020 - Matej Cepl + +- Add patch bsc1167501-invalid-alignment.patch + (bsc#1167501, bpo#40052) to fix alignment in abstract.h header file. + +------------------------------------------------------------------- +Wed Mar 11 11:09:41 UTC 2020 - Andreas Schwab + +- Update list of skipped tests for qemu linux-user build, test_setegid + (test.test_os.PosixUidGidTests) is confusing it + +------------------------------------------------------------------- +Thu Mar 5 18:40:29 UTC 2020 - Matej Cepl + +- Update to 3.8.2: + - Complete list of changes is available at + https://docs.python.org/release/3.8.2/whatsnew/changelog.html#python-3-8-2-final, + but most of them are just bugfixes. + - Updated patches: + - F00102-lib64.patch + - OBS_dev-shm.patch + - SUSE-FEDORA-multilib.patch + - subprocess-raise-timeout.patch + +------------------------------------------------------------------- +Sun Feb 9 00:14:24 CET 2020 - Matej Cepl + +- Add CVE-2020-8492-urllib-ReDoS.patch fixing the security bug + "Python urrlib allowed an HTTP server to conduct Regular + Expression Denial of Service (ReDoS)" (bsc#1162367) + +------------------------------------------------------------------- +Sat Feb 8 22:21:10 CET 2020 - Matej Cepl + +- Add Requires: libpython%{so_version} == %{version}-%{release} + to python3-base to keep both packages always synchronized + (bsc#1162224). + +------------------------------------------------------------------- +Mon Feb 3 20:27:54 UTC 2020 - Tomáš Chvátal + +- Do not pull in bluez in base again, explain the cycle, + it needs to be solved by bluez maintainer for us by providing + just the headers separately + +------------------------------------------------------------------- +Mon Feb 3 19:54:25 UTC 2020 - Tomáš Chvátal + +- Reame idle icons to idle3 in order to not conflict with python2 + variant of the package + * renamed the icons + * renamed icon load in desktop file + +------------------------------------------------------------------- +Thu Jan 16 09:50:03 UTC 2020 - Tomáš Chvátal + +- Add importlib_resources provide/obsolete as it is integral + part of the lang since 3.7 release + +------------------------------------------------------------------- +Mon Jan 13 11:10:47 UTC 2020 - Martin Liška + +- Add -fno-semantic-interposition as it brings speed up: + https://fedoraproject.org/wiki/Changes/PythonNoSemanticInterpositionSpeedup + +------------------------------------------------------------------- +Thu Dec 19 16:25:26 CET 2019 - Matej Cepl + +- Update to 3.8.1: + - This is mainly bugfix release and no significant changes to + API are expected. The full changelog is available on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-1 + - Remove bpo-38688_shutil.copytree_prevent-infinite-recursion.patch, + which is included in the upstream tarball. + +------------------------------------------------------------------- +Thu Dec 19 14:57:32 CET 2019 - Matej Cepl + +- Add bpo-31046_ensurepip_honours_prefix.patch which makes + ensurepip to honour the value of $(prefix). Proposed fix for + bpo#31046.. + +------------------------------------------------------------------- +Tue Dec 10 11:07:16 UTC 2019 - Tomáš Chvátal + +- Move bluez-devel dependency to base as it is needed for + socket.AF_BLUETOOTH and otherwise does not work + +------------------------------------------------------------------- +Mon Dec 2 16:52:32 CET 2019 - Matej Cepl + +- Reintroduce QtHelp with the help of the new BR + python-sphinxcontrib-qthelp. + +------------------------------------------------------------------- +Mon Oct 21 18:51:00 UTC 2019 - Stefan Brüns + +- Fix SUSE-FEDORA-multilib.patch, the platform agnostic infix for + library installation is "lib", not "dir". + +------------------------------------------------------------------- +Thu Oct 17 14:19:20 UTC 2019 - Stefan Brüns + +- Move idle subpackage build from python3-base to python3. + appstream-glib required for packaging introduces considerable + extra dependencies and a build loop via rust/librsvg. +- Correct installation of idle IDE icons: + + idle.png is not the target directory + + non-GNOME-specific icons belong into icons/hicolor +- Add required Name key to idle3 desktop file + +------------------------------------------------------------------- +Tue Oct 15 16:39:12 CEST 2019 - Matej Cepl + +- Update to the final release 3.8.0. . + - New Features: + - Assignment expressions + - Positional-only parameters + - Parallel filesystem cache for compiled bytecode files + - Debug build uses the same ABI as release build + - f-strings support = for self-documenting expressions and + debugging + - PEP 578: Python Runtime Audit Hooks + - PEP 587: Python Initialization Configuration + - Vectorcall: a fast calling protocol for CPython + - Pickle protocol 5 with out-of-band data buffers + - New modules: + - importlib.metadata + - Improved modules: + - ast asyncio, builtins, collections, curses, ctypes, + datetime, functools, gc, gettext, gzip, idelib and IDLE, + inspect, io, json.tool, math, mmap, multiprocessing, os, + os.path, pathlib, pickle, plistlib, py_compile, shlex, + shutil, socket, ssl, statistics, sys, tarfile, threading, + tokenize, tkinter, time, typing, unicodedata, unittest, + venv, weakref, xml + - C API improvements + - bdist_winnst command has been deprecated (use bdist_wheel) +- https://docs.python.org/3.8/whatsnew/3.8.html remains rest of + changes including documentation on how to port your programs to + the current version of Python. + +------------------------------------------------------------------- +Mon Oct 14 15:02:08 CEST 2019 - Matej Cepl + +- Add idle3.appdata.xml and idle3.desktop (originally from + Fedora) to make Idle3 full GUI desktop application. + (bsc#1153830) + +------------------------------------------------------------------- +Wed Oct 9 19:09:16 UTC 2019 - Michael Gorse + +- Drop intltool from BuildRequires. Doesn't appear to be used. + +------------------------------------------------------------------- +Wed Oct 9 10:37:59 UTC 2019 - Tomáš Chvátal + +- Add folder version to allow tarball downloads even for beta/rc + releases + +------------------------------------------------------------------- +Tue Oct 8 14:53:54 CEST 2019 - Matej Cepl + +- Revert patches from Fedora (F00102-lib64.patch and + F00251-change-user-install-location.patch) into their original + prisitine Fedora versions, SUSE-FEDORA-multilib.patch refreshed + accordingly. + +------------------------------------------------------------------- +Mon Oct 7 14:33:30 UTC 2019 - Matej Cepl + +- Correct quotation of platsubdir in Lib/distutils/command/install.py + +------------------------------------------------------------------- +Thu Oct 3 13:59:57 CEST 2019 - Matej Cepl + +- Replace python-3.6.0-multilib.patch with two patches from + Fedora (F00102-lib64.patch and + F00251-change-user-install-location.patch), and our own + SUSE-FEDORA-multilib.patch to allow better cooperation with + Fedora and better upstreaming. +- Add OBS_dev-shm.patch fixing bpo#38377 + +------------------------------------------------------------------- +Thu Oct 3 08:39:18 UTC 2019 - Tomáš Chvátal + +- Pull in just gettext and let solver to sort out between: + gettext-runtime-mini and gettext-runtime + +------------------------------------------------------------------- +Wed Oct 2 15:00:09 CEST 2019 - Matej Cepl + +- Update to 3.8.0rc1. Overall changes from 3.7: + - PEP 572, Assignment expressions + - PEP 570, Positional-only arguments + - PEP 587, Python Initialization Configuration (improved + embedding) + - PEP 590, Vectorcall: a fast calling protocol for CPython + - PEP 578, Runtime audit hooks + - PEP 574, Pickle protocol 5 with out-of-band data + - Typing-related: PEP 591 (Final qualifier), PEP 586 (Literal + types), and PEP 589 (TypedDict) + - Parallel filesystem cache for compiled bytecode + - Debug builds share ABI as release builds, also the 'm' ABI + tag was removed (irrelevant since 3.4), bpo#36707 + - f-strings support a handy = specifier for debugging + - continue is now legal in finally: blocks + - on Windows, the default asyncio event loop is now + ProactorEventLoop + - on macOS, the spawn start method is now used by default in + multiprocessing + - multiprocessing can now use shared memory segments to avoid + pickling costs between processes + - typed_ast is merged back to CPython + - LOAD_GLOBAL is now 40% faster + - pickle now uses Protocol 4 by default, improving performance +- Refreshed patches: + - CVE-2019-5010-null-defer-x509-cert-DOS.patch + - python-3.3.0b1-fix_date_time_compiler.patch + - python-3.6.0-multilib.patch + - subprocess-raise-timeout.patch + +------------------------------------------------------------------- +Wed Sep 25 09:46:41 UTC 2019 - Bernhard Wiedemann + +- Add bpo36302-sort-module-sources.patch (boo#1041090) + +------------------------------------------------------------------- +Tue Sep 10 13:43:18 UTC 2019 - Tomáš Chvátal + +- Try harder obsoleting importlib-metadata + +------------------------------------------------------------------- +Sat Aug 31 00:16:47 CEST 2019 - Matej Cepl + +- Update to 3.8.0b4: + Many bugfixes, full list on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-0-beta-4 + +------------------------------------------------------------------- +Thu Aug 29 06:28:15 UTC 2019 - Guillaume GARDET + +- Re-enable test_threading on aarch64 + +------------------------------------------------------------------- +Sat Aug 17 13:21:15 UTC 2019 - John Vandenberg + +- Remove xrpm from subpackage tk description + +------------------------------------------------------------------- +Tue Aug 6 14:24:55 CEST 2019 - Matej Cepl + +- Update to 3.8.0b3: + Many bugfixes, full list on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-0-beta-3 +- Patches reapplied: + - python-3.3.0b1-fix_date_time_compiler.patch + - python-3.3.0b1-test-posix_fadvise.patch + - python-3.6.0-multilib.patch + - subprocess-raise-timeout.patch + +------------------------------------------------------------------- +Tue Jul 23 13:20:49 UTC 2019 - Matej Cepl + +- Add Provides: python3-importlib-metadata + +------------------------------------------------------------------- +Sun Jul 7 19:08:48 CEST 2019 - Matej Cepl + +- Update to 3.8.0b2: + Many bugfixes, full list on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-0-beta-2 +- Patches included in upstream: + - bpo-37169_PyObject_IsFreed.patch +- Patches reapplied: + - 00251-change-user-install-location.patch + - distutils-reproducible-compile.patch + - python-3.3.0b1-localpath.patch + - python-3.6.0-multilib.patch + +------------------------------------------------------------------- +Tue Jul 2 09:03:04 UTC 2019 - Andreas Schwab + +- Update list of skipped tests for qemu linux-user build +- Don't do profiling in qemu linux-user build + +------------------------------------------------------------------- +Wed Jun 5 12:19:09 CEST 2019 - Matej Cepl + +- Update to 3.8.0b1 (changes since 3.7.*): + - PEP 572, Assignment expressions + - PEP 570, Positional-only arguments + - PEP 587, Python Initialization Configuration (improved embedding) + - PEP 590, Vectorcall: a fast calling protocol for CPython + - PEP 578, Runtime audit hooks + - PEP 574, Pickle protocol 5 with out-of-band data + - Typing-related: PEP 591 (Final qualifier), PEP 586 (Literal + types), and PEP 589 (TypedDict) + - Parallel filesystem cache for compiled bytecode + - Debug builds share ABI as release builds + - f-strings support a handy = specifier for debugging + - continue is now legal in finally: blocks + - multiprocessing can now use shared memory segments to avoid + pickling costs between processes + - typed_ast is merged back to CPython + - LOAD_GLOBAL is now 40% faster + - pickle now uses Protocol 4 by default, improving performance +- Remove patches which were included in the upstream: + - 00251-change-user-install-location.patch + - 00316-mark-bdist_wininst-unsupported.patch + - CVE-2019-9947-no-ctrl-char-http.patch + - raise_SIGING_not_handled.patch + +------------------------------------------------------------------- +Wed May 22 10:53:03 UTC 2019 - Martin Liška + +- Set _lto_cflags to nil as the package is using LTO via --enable-lto. + That will prevent to propage LTO for Python modules that are + built in a separate package. + +------------------------------------------------------------------- +Sat May 4 21:29:20 CEST 2019 - Matej Cepl + +- Update to 3.8.0.a3: + - PEP 572: Assignment Expressions. + - Other (mostly small) changes are on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-0-alpha-3 + +------------------------------------------------------------------- +Mon Apr 29 15:40:34 CEST 2019 - Matej Cepl + +- bsc#1130840 (CVE-2019-9947): add CVE-2019-9947-no-ctrl-char-http.patch + Address the issue by disallowing URL paths with embedded + whitespace or control characters through into the underlying + http client request. Such potentially malicious header + injection URLs now cause a ValueError to be raised. + +------------------------------------------------------------------- +Wed Apr 10 10:22:58 CEST 2019 - Matej Cepl + +- Fix metadata of patches. +- Rename boo1071941-make-install-in-sep-loc.patch to + 00251-change-user-install-location.patch which is the original + name, so it can be looked up in the Fedora VCS. + +------------------------------------------------------------------- +Tue Apr 9 04:55:24 UTC 2019 - John Vandenberg + +- Mark distutils bdist_wininst command unsupported + with 00316-mark-bdist_wininst-unsupported.patch +- Remove Windows bdist_wininst executables from runtime package + +------------------------------------------------------------------- +Tue Apr 9 01:21:45 CEST 2019 - Matej Cepl + +- Update to 3.7.3, which is the maintenance release without any + significant changes in API. + - Updated patches: + - CVE-2019-5010-null-defer-x509-cert-DOS.patch + - distutils-reproducible-compile.patch + - python-3.3.0b1-fix_date_time_compiler.patch + - python-3.6.0-multilib.patch + - raise_SIGING_not_handled.patch + +------------------------------------------------------------------ +Wed Mar 20 14:59:58 UTC 2019 - Matěj Cepl + +- Remove building of Qt Develop help files. + +------------------------------------------------------------------- +Fri Mar 15 15:10:30 CET 2019 - Matej Cepl + +- Return distutils-reproducible-compile.patch which is still + missing (still unfinished bpo#29708). + +------------------------------------------------------------------- +Mon Feb 25 23:30:56 CET 2019 - Matej Cepl + +- Update to 3.8.0a2: + * List of all (mostly small) changes are on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-0-alpha-2 + +------------------------------------------------------------------- +Tue Feb 12 10:25:52 CET 2019 - Matej Cepl + +- Build nis module again. + +------------------------------------------------------------------- +Tue Feb 12 10:06:17 CET 2019 - Matej Cepl + +- Update to 3.8.0a1: + * The most visible change so far is probably the + implementation of PEP 572: Assignment Expressions. For + a detailed list of changes, see: + https://docs.python.org/3.8/whatsnew/changelog.html + * Recover building of nis module properly in python3 package +- Update patches: + * CVE-2019-5010-null-defer-x509-cert-DOS.patch + * python-3.3.0b1-fix_date_time_compiler.patch + * python-3.3.0b1-test-posix_fadvise.patch + * python-3.6.0-multilib.patch + * raise_SIGING_not_handled.patch + +------------------------------------------------------------------- +Wed Jan 30 18:07:49 CET 2019 - mcepl@suse.com + +- Put LICENSE file where it belongs (bsc#1121852) + +------------------------------------------------------------------- +Sat Jan 19 16:19:38 CET 2019 - mcepl@suse.com + +- bsc#1122191: add CVE-2019-5010-null-defer-x509-cert-DOS.patch + fixing bpo-35746. + An exploitable denial-of-service vulnerability exists in the + X509 certificate parser of Python.org Python 2.7.11 / 3.7.2. + A specially crafted X509 certificate can cause a NULL pointer + dereference, resulting in a denial of service. An attacker can + initiate or accept TLS connections using crafted certificates + to trigger this vulnerability. + +------------------------------------------------------------------- +Tue Jan 8 12:51:01 UTC 2019 - Tomáš Chvátal + +- Do not require full gettext in order to avoid pulling in the + glib2 as a dependency + +------------------------------------------------------------------- +Tue Jan 8 12:25:27 UTC 2019 - Tomáš Chvátal + +- Update to 3.7.2: + * bugfix release: + https://docs.python.org/3.7/whatsnew/changelog.html#changelog + +------------------------------------------------------------------- +Wed Jan 2 12:51:48 CET 2019 - mcepl@suse.com + +- Stop applying python-3.6.0-multilib-new.patch (which is still + WIP), and apply the old proven python-3.6.0-multilib.patch + instead. + +------------------------------------------------------------------- +Wed Dec 19 19:29:44 UTC 2018 - Todd R + +- Use upstream-recommended %{_rpmconfigdir}/macros.d directory + for the rpm macros. + +------------------------------------------------------------------- +Mon Dec 17 17:24:49 CET 2018 - mcepl@suse.com + +- Upgrade to 3.7.2rc1: + * bugfix release, for the full list of all changes see + https://docs.python.org/3.7/whatsnew/changelog.html#changelog +- Make run of the test suite more verbose + +------------------------------------------------------------------- +Tue Dec 11 01:52:45 UTC 2018 - Jan Engelhardt + +- Write summaries without em dashes. + +------------------------------------------------------------------- +Mon Dec 3 13:27:54 UTC 2018 - Matěj Cepl + +- Remove python-3.3.0b1-curses-panel.patch it is unnecessary anymore. +- Add boo1071941-make-install-in-sep-loc.patch to make pip and + distutils in user environment install into separate location + (boo#1071941) + + Set values of prefix and exec_prefix in distutils install + command to /usr/local if executable is /usr/bin/python* and RPM + build is not detected to make pip and distutils install into + separate location +- Remove finally python-3.3.3-skip-distutils-test_sysconfig_module.patch +- Remove distutils-reproducible-compile.patch which doesn't make + really much difference in reproducibility (see + gh#python/cpython#8057 and discussion there). + +------------------------------------------------------------------- +Sat Dec 1 00:14:28 CET 2018 - mcepl@suse.com + +- Rename Stop_hash-based_invalidation_w_SOURCE_DATE_EPOCH.patch + to bpo34022-stop_hash-based_invalidation_w_SOURCE_DATE_EPOCH.patch + +------------------------------------------------------------------- +Wed Nov 7 12:10:41 CET 2018 - mcepl@suse.com + +- Add dependency on bluez-devel to build support for Bluetooth + (boo#1109998) + +------------------------------------------------------------------- +Tue Nov 6 13:52:45 CET 2018 - mcepl@suse.com + +- Add devhelp subpackage and split qthelp into another + subpackage. + +------------------------------------------------------------------- +Wed Oct 24 12:38:00 UTC 2018 - Matěj Cepl + +- Remove python-3.0b1-record-rpm.patch and + Python-3.0b1-record-rpm.patch, as they are not needed anymore + +------------------------------------------------------------------- +Tue Oct 23 14:14:16 UTC 2018 - Matej Cepl + +- Switch off test_threading for optimization builds. + +------------------------------------------------------------------- +Mon Oct 22 14:41:59 CEST 2018 - mcepl@suse.com + +- Update to python-3.7.1. This is just a brief overview, complete + changelog available at + https://docs.python.org/3.7/whatsnew/changelog.html#python-3-7-1-final: + Library + bpo-34970: Protect tasks weak set manipulation in asyncio.all_tasks() +- Patches already accepted upstream are removed: + * 00307-allow-to-call-Py_Main-after-Py_Initialize.patch + * 00308-tls-1.3.patch +- New patches added: + * Stop_hash-based_invalidation_w_SOURCE_DATE_EPOCH.patch + * raise_SIGING_not_handled.patch +- All other patches refreshed via quilt. + +------------------------------------------------------------------- +Mon Oct 22 12:22:19 UTC 2018 - Matej Cepl + +- Add raise_SIGING_not_handled.patch to fix bsc#1094814 + +------------------------------------------------------------------- +Wed Oct 17 14:04:35 UTC 2018 - Tomáš Chvátal + +- Add patch to fix importlib return types: + * python3-imp-returntype.patch + +------------------------------------------------------------------- +Mon Oct 15 13:46:32 CEST 2018 - mcepl@suse.com + +- bpo-34022 still not completely fixed, so we have to keep + excluding test_cmd_line_script, + test_multiprocessing_main_handling, and test_runpy from the + test suite. + +------------------------------------------------------------------- +Sun Oct 14 15:57:24 UTC 2018 - Matej Cepl + +- Update to python 3.7.1~rc2: + Core and Builtins + bpo-34879: Fix a possible null pointer dereference in + bytesobject.c. Patch by Zackery Spytz. + bpo-34854: Fixed a crash in compiling string annotations + containing a lambda with a keyword-only argument that + doesn’t have a default value. + bpo-34320: Fix dict(od) didn’t copy iteration order of + OrderedDict. + Library + bpo-34769: Fix for async generators not finalizing when event + loop is in debug mode and garbage collector runs in another + thread. + bpo-34922: Fixed integer overflow in the digest() and + hexdigest() methods for the SHAKE algorithm in the hashlib + module. + bpo-34900: Fixed unittest.TestCase.debug() when used to call + test methods with subtests. Patch by Bruno Oliveira. + bpo-34871: Fix inspect module polluted sys.modules when parsing + __text_signature__ of callable. + bpo-34872: Fix self-cancellation in C implementation of + asyncio.Task + bpo-34819: Use a monotonic clock to compute timeouts in + Executor.map() and as_completed(), in order to prevent + timeouts from deviating when the system clock is adjusted. + bpo-34334: In QueueHandler, clear exc_text from LogRecord to + prevent traceback from being written twice. + bpo-6721: Acquire the logging module’s commonly used internal + locks while fork()ing to avoid deadlocks in the child + process. + bpo-34172: Fix a reference issue inside multiprocessing.Pool + that caused the pool to remain alive if it was deleted + without being closed or terminated explicitly. + Documentation + bpo-32174: chm document displays non-ASCII charaters properly on + some MBCS Windows systems. + Tests + bpo-32962: Fixed test_gdb when Python is compiled with flags + -mcet -fcf-protection -O0. + C API + bpo-34910: Ensure that PyObject_Print() always returns -1 on + error. Patch by Zackery Spytz. + +------------------------------------------------------------------- +Fri Oct 12 20:46:58 CEST 2018 - mcepl@suse.com + +- Add Stop_hash-based_invalidation_w_SOURCE_DATE_EPOCH.patch to + fix problems with SOURCE_DATE_EPOCH variable (bpo-34022) + +------------------------------------------------------------------- +Mon Sep 17 09:44:02 UTC 2018 - Tomáš Chvátal + +- Add patch to fix build with tls1.3 supported openssl + * 00308-tls-1.3.patch +- Add patch to fix Py_Main calls after Py_initialize + * 00307-allow-to-call-Py_Main-after-Py_Initialize.patch + +------------------------------------------------------------------- +Mon Sep 3 15:22:42 UTC 2018 - Matěj Cepl + +- Add -fwrapv to OPTS, which is default for python3 anyway + See for example https://github.com/zopefoundation/persistent/issues/86 + for bugs which are caused by avoiding it. + +------------------------------------------------------------------- +Tue Jul 10 11:12:32 UTC 2018 - mcepl@suse.com + +- Fix ownership of _contextvars, _queue, and _xxtestfuzz + +------------------------------------------------------------------- +Tue Jul 3 15:04:48 UTC 2018 - mcepl@suse.com + +- Switch off LTO for distros with older GCC +- Fix %files + +------------------------------------------------------------------- +Fri Jun 29 14:20:03 UTC 2018 - tchvatal@suse.com + +- Add dependency over libuuid-devel + +------------------------------------------------------------------- +Thu Jun 28 10:42:15 UTC 2018 - mimi.vx@gmail.com + +- update to python 3.7.0 + Complete overview of changes is available on + https://docs.python.org/3/whatsnew/3.7.html, these are just + highlights: + * PEP 563, postponed evaluation of type annotations. + * async and await are now reserved keywords. + * New library modules: + contextvars: PEP 567 – Context Variables + dataclasses: PEP 557 – Data Classes + importlib.resources + * New built-in features: + PEP 553, the new breakpoint() function. + * Python data model improvements: + PEP 562, customization of access to module attributes. + PEP 560, core support for typing module and generic types. + the insertion-order preservation nature of dict objects + has been declared to be an official part of the Python + language spec. + * Significant improvements in the standard library: + The asyncio module has received new features, significant + usability and performance improvements. + The time module gained support for functions with + nanosecond resolution. + * CPython implementation improvements: + Avoiding the use of ASCII as a default text encoding: + PEP 538, legacy C locale coercion + PEP 540, forced UTF-8 runtime mode + PEP 552, deterministic .pycs + the new development runtime mode + PEP 565, improved DeprecationWarning handling + * C API improvements: + PEP 539, new C API for thread-local storage + * Documentation improvements: + PEP 545, Python documentation translations + New documentation translations: Japanese, French, and Korean. +- drop python3-sorted_tar.patch +- drop 0001-allow-for-reproducible-builds-of-python-packages.patch +- refresh python-3.6.0-multilib-new.patch +- refresh subprocess-raise-timeout.patch + * new C API for thread-local storage + * Deterministic pyc files + * Built-in breakpoint() + * Data Classes + * Core support for typing module and generic types + * Customization of access to module attributes + * Postponed evaluation of annotations + * Time functions with nanosecond resolution + * Improved DeprecationWarning handling + * Context Variables + * Avoiding the use of ASCII as a default text encoding + (PEP 538, legacy C locale coercion and PEP 540, forced UTF-8 runtime mode) + * The insertion-order preservation nature of dict objects is now + an official part of the Python language spec. + * Notable performance improvements in many areas. + +------------------------------------------------------------------- +Thu May 17 18:26:42 UTC 2018 - hpj@urpla.net + +- disable lto with gcc versions below 7 (results in link failures) + +------------------------------------------------------------------- +Mon Apr 30 15:23:24 UTC 2018 - jengelh@inai.de + +- Use faster find subcommand execution strategies. + +------------------------------------------------------------------- +Fri Apr 20 16:17:29 UTC 2018 - tchvatal@suse.com + +- Do not mention the testsuite disabling in opts as it was moved to + main pkg so base is test-free + +------------------------------------------------------------------- +Tue Apr 17 08:36:08 UTC 2018 - tchvatal@suse.com + +- As we run in main python package do not generate the pre_checkin + from both now + +------------------------------------------------------------------- +Mon Apr 16 14:11:56 UTC 2018 - tchvatal@suse.com + +- Move the tests from base to generic package wrt bsc#1088573 + * We still fail the whole distro if python3 is not build + * The other archs than x86_64 took couple of hours to unblock + build of other software, this way we work around the issue +- Some tests are still run in -base for the LTO tweaking, but at + least it is not run twice + +------------------------------------------------------------------- +Sat Mar 31 19:41:12 UTC 2018 - mimi.vx@gmail.com + +- update to 3.6.5 + * bugfix release + * see Misc/NEWS for details +- drop ctypes-pass-by-value.patch +- drop fix-localeconv-encoding-for-LC_NUMERIC.patch +- refresh python-3.6.0-multilib-new.patch + +------------------------------------------------------------------ +Wed Mar 7 09:16:39 UTC 2018 - adam@mizerski.pl + +- Created %so_major and %so_minor macros +- Put Tools/gdb/libpython.py script into proper place and ship it with devel + subpackage. + +------------------------------------------------------------------- +Tue Feb 20 15:04:56 UTC 2018 - schwab@suse.de + +- ctypes-pass-by-value.patch: Fix pass by value for structs on aarch64 + +------------------------------------------------------------------- +Tue Feb 20 14:28:00 UTC 2018 - bwiedemann@suse.com + +- Add python3-sorted_tar.patch (boo#1081750) + +------------------------------------------------------------------- +Tue Feb 20 14:08:57 UTC 2018 - tchvatal@suse.com + +- Drop python3-tk and python3-idle recommends to reduce python3 + always pulling X stack bsc#1081751 + +------------------------------------------------------------------- +Wed Feb 7 09:10:03 UTC 2018 - tchvatal@suse.com + +- Add patch to fix glibc 2.27 fail bsc#1079761: + * fix-localeconv-encoding-for-LC_NUMERIC.patch + +------------------------------------------------------------------- +Mon Feb 5 17:14:43 UTC 2018 - normand@linux.vnet.ibm.com + +- Update skip_random_failing_tests.patch (for PowerPC) + to avoid test_call_later failure + +------------------------------------------------------------------- +Wed Jan 24 14:35:58 UTC 2018 - jmatejek@suse.com + +- move XML modules and python3-xml provide to python3-base + (fixes bsc#1077230) +- move ensurepip to base + +------------------------------------------------------------------- +Thu Jan 18 12:31:47 UTC 2018 - normand@linux.vnet.ibm.com + +- Add skip_random_failing_tests.patch only for PowerPC + +------------------------------------------------------------------- +Wed Jan 3 12:18:51 UTC 2018 - jmatejek@suse.com + +- update to 3.6.4 + * bugfix release, over a hundred bugs fixed + * see Misc/NEWS for details +- drop upstreamed python3-ncurses-6.0-accessors.patch +- drop PYTHONSTARTUP hooks that cause spurious startup errors + * fixes bsc#1070738 + * the relevant feature (REPL history) is now built into Python itself + +------------------------------------------------------------------- +Sat Dec 2 11:11:46 UTC 2017 - dimstar@opensuse.org + +- Install 2to3-%{python_version} executable (override defattr of + the -tools package). 2to3 (unversioned) is a symlink and does not + carry permissions (bsc#1070853). + +------------------------------------------------------------------- +Thu Nov 16 11:02:18 UTC 2017 - mimi.vx@gmail.com + +- move 2to3 to python3-tools package + +------------------------------------------------------------------- +Wed Oct 11 13:15:23 UTC 2017 - jmatejek@suse.com + +- update to 3.6.3 + * bugfix release, over a hundred bugs fixed + * see Misc/NEWS for details +- drop upstreamed 0001-3.6-bpo-30714-ALPN-changes-for-OpenSSL-1.1.0f-3093.patch + +------------------------------------------------------------------- +Wed Sep 20 09:54:05 UTC 2017 - dmueller@suse.com + +- drop python-2.7-libffi-aarch64.patch: this patches the intree + copy of libffi which is unused/deleted in the line afterwards +- fix build against system libffi: include flags weren't set + so it actually used the in-tree libffi headers. + +------------------------------------------------------------------- +Thu Sep 14 13:23:10 UTC 2017 - vcizek@suse.com + +- Fix test broken with OpenSSL 1.1 (bsc#1042670) + * add 0001-3.6-bpo-30714-ALPN-changes-for-OpenSSL-1.1.0f-3093.patch + +------------------------------------------------------------------- +Tue Sep 5 11:47:05 UTC 2017 - jengelh@inai.de + +- Update RPM group for python documentation. + +------------------------------------------------------------------- +Thu Aug 31 08:39:31 UTC 2017 - schwab@suse.de + +- fix missing %{?armsuffix} + +------------------------------------------------------------------- +Wed Aug 30 13:41:38 UTC 2017 - jmatejek@suse.com + +- distutils-reproducible-compile.patch: ensure distutils order files + before compiling, which works around bsc#1049186 + +------------------------------------------------------------------- +Thu Aug 17 08:59:05 CEST 2017 - kukuk@suse.de + +- Add libnsl-devel build requires for glibc obsoleting libnsl + +------------------------------------------------------------------- +Thu Aug 3 16:09:26 UTC 2017 - jmatejek@suse.com + +- update to 3.6.2 + * bugfix release, over a hundred bugs fixed + * see Misc/NEWS for details +- drop upstreamed test-socket-aead-kernel49.patch +- add Provides: python3-typing (fixes bsc#1050653) +- drop duplicate Provides: python3 + +------------------------------------------------------------------- +Mon Jun 26 12:10:07 UTC 2017 - jmatejek@suse.com + +- drop db-devel from requirements + +------------------------------------------------------------------- +Tue Jun 20 09:26:52 UTC 2017 - asn@cryptomilk.org + +- Add missing link to python library in config dir (bsc#1040164) + +------------------------------------------------------------------- +Thu Mar 23 12:42:59 UTC 2017 - jmatejek@suse.com + +- update to 3.6.1 + * bugfix release, over a hundred bugs fixed + * never add import location's parent directory to sys.path + * switch to git for version control, build changes related to that + * fix "failed to get random numbers" on old kernels (bsc#1029902) + * several crashes and memory leaks corrected + * f-string are no longer accepted as docstrings + +------------------------------------------------------------------- +Mon Mar 13 14:04:22 UTC 2017 - jmatejek@suse.com + +- prevent regenerating AST at build-time more robustly +- add "--without profileopt" and "--without testsuite" options to python3-base + to allow short circuiting when working on the package + +------------------------------------------------------------------- +Sat Feb 25 20:55:57 UTC 2017 - bwiedemann@suse.com + +- Add 0001-allow-for-reproducible-builds-of-python-packages.patch + upstream https://github.com/python/cpython/pull/296 + +------------------------------------------------------------------- +Wed Feb 8 12:30:20 UTC 2017 - jmatejek@suse.com + +- reenable test_socket with AEAD patch (test-socket-aead-kernel49.patch) +- reintroduce %py3_soflags macro (and better named %cpython3_soabi equivalent) + +------------------------------------------------------------------- +Wed Jan 11 14:57:07 UTC 2017 - jmatejek@suse.com + +- update to 3.6.0 + * PEP 498 Formated string literals + * PEP 515 Underscores in numeric literals + * PEP 526 Syntax for variable annotations + * PEP 525 Asynchronous generators + * PEP 530 Asynchronous comprehensions + * PEP 506 New "secrets" module for safe key generation + * less memory consumed by dicts + * dtrace and systemtap support + * improved asyncio module + * better defaults for ssl + * new hashing algorithms in hashlib + * bytecode format changed to allow more optimizations + * "async" and "await" are on track to be reserved words + * StopIteration from generators is deprecated + * support for openssl < 1.0.2 is deprecated + * os.urandom now blocks when getrandom() blocks + * huge number of new features, bugfixes and optimizations + * see https://docs.python.org/3.6/whatsnew/3.6.html for details +- rework multilib patch: drop Python-3.5.0-multilib.patch, implement + upstreamable python-3.6.0-multilib-new.patch +- refresh python-3.3.0b1-localpath.patch, subprocess-raise-timeout.patch +- drop upstreamed Python-3.5.1-fix_lru_cache_copying.patch +- finally drop python-2.6b1-canonicalize2.patch that was not applied in source + and only kept around in case we needed it in the future. (which we don't, as it seems) +- update import_failed map and baselibs +- build ctypes against system libffi + (buildrequire libffi-devel in python3-base) +- add new key to keyring (signed by keys already in keyring) +- introduced common configure section between python3 and python3-base +- moved pyconfig.h and Makefile to devel subpackage as distutils no longer + need it at runtime +- added python-rpm-macros dependency, regenerated macros file, drop macros.python3.py + because it is not used now +- improve summaries and descriptions (fixes bsc#917607) +- enabled Link-Time Optimization, see what happens +- including skipped_tests.py in pre_checkin.sh run +- run specs through spec-cleaner, rearrange sections + +------------------------------------------------------------------- +Fri Apr 22 17:20:29 UTC 2016 - jmatejek@suse.com + +- move _hashlib and _ssl modules and tests to python3-base +- recommend python3 + +------------------------------------------------------------------- +Tue Mar 15 15:05:23 UTC 2016 - schwab@suse.de + +- Skip test_asyncio under qemu_user_space_build + +------------------------------------------------------------------- +Mon Mar 7 20:38:11 UTC 2016 - toddrme2178@gmail.com + +- Add Python-3.5.1-fix_lru_cache_copying.patch + Fix copying the lru_cache() wrapper object. + Fixes deep-copying lru_cache regression, which worked on + previous versions of python but fails on python 3.5. + This fixes a bunch of packages in devel:languages:python3. + See: https://bugs.python.org/issue25447 + +------------------------------------------------------------------- +Sun Jan 24 00:44:08 UTC 2016 - arichardson.kde@gmail.com + +- Build the docs in .qch format as well + +------------------------------------------------------------------- +Wed Dec 9 07:35:20 UTC 2015 - toddrme2178@gmail.com + +- update to 3.5.1 + * bugfix-only release, dozens of bugs fixed +- Drop upstreamed Python-3.5.0-_Py_atomic_xxx-symbols.patch +- "Python3" to "Python 3" in summary + * This seems cleaner and fixes and rpmlint warning + +------------------------------------------------------------------- +Wed Oct 14 20:21:52 UTC 2015 - toddrme2178@gmail.com + +- Add Python-3.5.0-_Py_atomic_xxx-symbols.patch + This fixes a build error for many packages that use the Python, + C-API. + This patch is already accepted upstream and is slated to appear in + python 3.5.1. + +------------------------------------------------------------------- +Tue Sep 29 15:53:24 UTC 2015 - jmatejek@suse.com + +- update to 3.5.0 + * coroutines with async/await syntax + * matrix multiplication operator `@` + * unpacking generalizations + * new modules `typing` and `zipapp` + * type annotations + * .pyo files replaced by custom suffixes for optimization levels in __pycache__ + * support for memory BIO in ssl module + * performance improvements in several modules + * and many more +- removals and behavior changes + * deprecated `__version__` is removed + * support for .pyo files was removed + * system calls are auto-retried on EINTR + * bare generator expressions in function calls now cause SyntaxError + (change "f(x for x in i)" to "f((x for x in i))" to fix) + * removed undocumented `format` member of private `PyMemoryViewObject` struct + * renamed `PyMemAllocator` to `PyMemAllocatorEx` +- redefine %dynlib macro to reflect that modules now have arch+os as part of name +- module `time` is now built-in +- dropped upstreamed patches: + python-3.4.1-fix-faulthandler.patch + python-3.4.3-test-conditional-ssl.patch + python-fix-short-dh.patch (also dropped dh2048.pem required for this patch) +- updated patch Python-3.3.0b2-multilib.patch to Python-3.5.0-multilib.patch +- python-ncurses-6.0-accessors.patch taken from python 2 to fix build failure + with new gcc + ncurses + +------------------------------------------------------------------- +Wed Sep 9 11:51:22 UTC 2015 - dimstar@opensuse.org + +- Add python3-ncurses-6.0-accessors.patch: Fix build with + NCurses 6.0 and OPAQUE_WINDOW set to 1. + +------------------------------------------------------------------- +Mon Aug 24 17:02:08 UTC 2015 - jmatejek@suse.com + +- improve import_failed hook to do the right thing when invoking + missing modules with "python3 -m modulename" (boo#942751) + +------------------------------------------------------------------- +Thu Jul 23 22:08:10 UTC 2015 - fisiu@opensuse.org + +- Build with --enable-loadable-sqlite-extensions to make it works + as geospatial database. + +------------------------------------------------------------------- +Wed Jul 1 07:07:26 UTC 2015 - dimstar@opensuse.org + +- Fix source list for previous change (add dh2048.pem). + +------------------------------------------------------------------- +Wed Jun 24 06:54:30 UTC 2015 - meissner@suse.com + +- dh2048.pem: added generated 2048 dh parameter set to fix + ssl test (bsc#935856) +- python-fix-short-dh.patch: replace the 512 bits dh parameter set + by 2048 bits to fix build with new openssl 1.0.2c (bsc#935856) + +------------------------------------------------------------------- +Tue May 19 14:59:30 UTC 2015 - schwab@suse.de + +- ctypes-libffi-aarch64.patch: remove upstreamed patch +- python-2.7-libffi-aarch64.patch: Fix argument passing in libffi for + aarch64 + +------------------------------------------------------------------- +Thu May 14 10:58:36 UTC 2015 - jmatejek@suse.com + +- drop the PDF subpackage + (removes the massive texlive dependency, and most likely nobody is + using the PDFs anyway) + +------------------------------------------------------------------- +Thu May 14 09:53:29 UTC 2015 - jmatejek@suse.com + +- python-3.4.3-test-conditional-ssl.patch - restore tests failing because + test_urllib was unconditionally importing ssl (without really needing it) +- restore functionality of multilib patch +- drop libffi-ppc64le.diff because upstream completely changed everything + yet again (sorry ppc64 folks :| ) + + +------------------------------------------------------------------- +Fri May 1 15:11:21 UTC 2015 - mailaender@opensuse.org + +- Update to version 3.4.3 +- Drop upstreamed CVE-2014-4650-CGIHTTPServer-traversal.patch + (bpo#21766) + +------------------------------------------------------------------- +Wed Mar 25 10:57:28 UTC 2015 - rguenther@suse.com + +- Add python-3.4.1-fix-faulthandler.patch, upstream patch for bogus + faulthandler which fails with GCC 5. + +------------------------------------------------------------------- +Sun Jan 11 13:01:30 UTC 2015 - p.drouand@gmail.com + +- asyncio has been merged in python3 main package; provide and + obsolete it +- Remove obsolete AUTHORS section +- Remove redundant %clean section + +------------------------------------------------------------------- +Sat Oct 18 20:14:54 UTC 2014 - crrodriguez@opensuse.org + +- Only pkgconfig(x11) is required for build, not the whole + set of packages provided by xorg-x11-devel metapackage. + +------------------------------------------------------------------- +Mon Oct 13 13:38:20 UTC 2014 - jmatejek@suse.com + +- add %python3_version rpm macro for Fedora compatibility +- add missing argument in import_failed, rename Novell Bugzilla + to SUSE Bugzilla + +------------------------------------------------------------------- +Thu Jul 31 17:24:59 UTC 2014 - dimstar@opensuse.org + +- Rename rpmlintrc to %{name}-rpmlintrc. + Follow the packaging guidelines. + +------------------------------------------------------------------- +Wed Jul 23 16:31:02 UTC 2014 - jmatejek@suse.com + +- CVE-2014-4650-CGIHTTPServer-traversal.patch: CGIHTTPServer file + disclosure and directory traversal through URL-encoded characters + (CVE-2014-4650, bnc#885882) + +------------------------------------------------------------------- +Tue Jul 22 13:55:57 UTC 2014 - jmatejek@suse.com + +- drop python-3.4.1-SUSE-ensurepip.patch for compatibility reasons, + reinstate bundled copies of pip and setuptools + (fixes bnc#885662) +- add more files as sources to silence the validator + +------------------------------------------------------------------- +Wed May 21 11:01:56 UTC 2014 - jmatejek@suse.com + +- update to 3.4.1 + * bugfix-only release, over 300 bugs fixed +- drop upstreamed python-3.4.0rc2-sqlite-3.8.4-tests.patch +- drop upstreamed CVE-2014-2667-mkdir.patch +- include Python release manager keyring and signature file + for the source archive (thus renumbering of source files) + (see https://www.python.org/download/#openpgp-public-keys ) +- move ensurepip to python3, because it transitively requires ssl + +------------------------------------------------------------------- +Fri Apr 4 16:21:40 UTC 2014 - jmatejek@suse.com + +- CVE-2014-2667-mkdir.patch: race condition with reseting umask + in os.makedirs + (CVE-2014-2667, bnc#871152) +- updated multilib patch to include ~/.local/lib64 (bnc#637176) + +------------------------------------------------------------------- +Wed Mar 26 15:24:46 UTC 2014 - jmatejek@suse.com + +- raise timeout value for test_subprocess to 10s (might fix + intermittent build failures in OBS) + +------------------------------------------------------------------- +Mon Mar 24 17:29:31 UTC 2014 - dmueller@suse.com + +- remove blacklisting of test_posix on aarch64: qemu bug is fixed + +------------------------------------------------------------------- +Mon Mar 17 18:26:58 UTC 2014 - jmatejek@suse.com + +- update to 3.4.0 final +- drop upstreamed python-3.4rc2-importlib.patch + +------------------------------------------------------------------- +Sun Mar 16 16:33:25 UTC 2014 - schwab@suse.de + +- Only build with profile-opt if profiling is enabled +- Update test exclusion lists: + * test_ctypes no longer fails on arm + * test_io no longer fails on ppc* + * test_multiprocessing has been split in multiple tests + * test_posix and test_signal fail due to qemu bugs + +------------------------------------------------------------------- +Fri Mar 14 20:26:03 UTC 2014 - andreas.stieger@gmx.de + +- Fix build with SQLite 3.8.4 [bnc#867887], fixing SQLite tests, + adding python-2.7.6-sqlite-3.8.4-tests.patch + +------------------------------------------------------------------- +Thu Feb 27 14:08:40 UTC 2014 - jmatejek@suse.com + +- update to 3.4.0 rc2 + * pre-release bugfixes + * improvements to asyncio library +- drop upstreamed tracemalloc_gcov.patch +- python-3.4rc2-importlib.patch fixes backwards-incompatibility + in the reworked importlib module that blocks build of vim + +------------------------------------------------------------------- +Fri Jan 17 18:45:27 UTC 2014 - jmatejek@suse.com + +- initial commit of 3.4.0 beta 3 + * new stdlib modules: pathlib, enum, statistics, tracemalloc + * asynchronous IO with new asyncio module + * introspection data for builtins + * subprocesses no longer inherit open file descriptors + * standardized metadata for packages + * internal hashing changed to SipHash + * new pickle protocol + * improved handling of codecs + * TLS 1.2 support + * major speed improvements for internal unicode handling + * many bugfixes and optimizations +- see porting guide at: + http://docs.python.org/3.4/whatsnew/3.4.html#porting-to-python-3-4 +- moved several modules to -testsuite subpackage +- updated list of binary extensions, refreshed patches +- tracemalloc_gcov.patch fixes profile-based optimization build +- updated packages and pre_checkin.sh to use ~-version notation + for prereleases +- fix-shebangs part of build process moved to common %prep +- drop python-3.3.2-no-REUSEPORT.patch (upstreamed) +- update baselibs for new soname + +- TODOs: + * require python-pip, make ensurepip work with zypper + +------------------------------------------------------------------- +Wed Dec 4 13:21:26 UTC 2013 - matz@suse.de + +- add ppc64le (ELFv2) support for libffi copy for ctypes module +- Adjust Python-3.3.0b2-multilib.patch for ppc64le (make sys.lib be + "lib64"). +- added patches: + * libffi-ppc64le.diff +------------------------------------------------------------------- +Tue Dec 3 09:51:43 UTC 2013 - adrian@suse.de + +- add ppc64le rules + +------------------------------------------------------------------- +Fri Nov 22 13:17:23 UTC 2013 - speilicke@suse.com + +- Add python-3.3.3-skip-distutils-test_sysconfig_module.patch: + + Disable global and distutils sysconfig comparison test, we deviate + from the default depending on optflags + +------------------------------------------------------------------- +Tue Nov 19 14:28:41 UTC 2013 - jmatejek@suse.com + +- update to 3.3.3 + * bugfix-only release + * many SSL-related fixes + * upstream fix for CVE-2013-4238 + * upstream fixes for CVE-2013-1752 +- move example module xxlimited to python3-testsuite +- drop CVE-2013-4238_py33.patch - it is upstreamed +- remove --with-wide-unicode config option, it is now the default + (and only) choice +- don't touch anything between make and makeinstall +- drop python-3.2b2-buildtime-generate.patch - the issue was caused + by touching things between make and makeinstall +- link pycache entries for import_failed hooks properly + +------------------------------------------------------------------- +Tue Oct 15 17:44:08 UTC 2013 - crrodriguez@opensuse.org + +- build with -DOPENSSL_LOAD_CONF for the same reasons + described in the python2 package. + +------------------------------------------------------------------- +Fri Aug 16 11:35:15 UTC 2013 - jmatejek@suse.com + +- handle NULL bytes in certain fields of SSL certificates + (CVE-2013-4238, bnc#834601) + +------------------------------------------------------------------- +Thu Aug 8 14:54:49 UTC 2013 - dvaleev@suse.com + +- Exclue test_faulthandler from tests on powerpc due to bnc#831629 + +------------------------------------------------------------------- +Thu Jun 13 15:05:34 UTC 2013 - jmatejek@suse.com + +- update to 3.3.2 + * bugfix-only release + * fixes several regressions introduced in 3.3.1 +- switch to xz compression +- move _lzma module to python3-base +- python-3.3.2-no-REUSEPORT.patch to fix build on kernels without SO_REUSEPORT + +------------------------------------------------------------------- +Mon Apr 29 22:32:43 UTC 2013 - schwab@suse.de + +- Readd missing bits from ctypes-libffi-aarch64.patch + +------------------------------------------------------------------- +Sat Apr 13 07:56:51 UTC 2013 - idonmez@suse.com + +- Update to version 3.3.1 + * Fix the –enable-profiling configure switch. + * In IDLE, close the replace dialog after it is used. +- Too many bugfixes to list here, + see See http://hg.python.org/cpython/file/v3.3.0/Misc/NEWS +- Refresh Python-3.3.0b2-multilib.patch +- Refresh python-3.2b2-buildtime-generate.patch +- Drop upstream patches: ctypes-libffi-aarch64.patch, + python-3.2.3rc2-pypirc-secure.patch, python-3.3.0-getdents64.patch + +------------------------------------------------------------------- +Mon Apr 8 11:25:30 UTC 2013 - speilicke@suse.com + +- Exclude sqlite/test and tk/test directories from the respective + sub-packages. These are owned by the testsuite sub-package already + +------------------------------------------------------------------- +Fri Apr 5 12:59:20 UTC 2013 - idonmez@suse.com + +- Add Source URL, see https://en.opensuse.org/title=SourceUrls + +------------------------------------------------------------------- +Wed Apr 3 15:36:04 UTC 2013 - jmatejek@suse.com + +- remove spurious modification of python-3.3.0b1-localpath.patch + that would force installation into /usr/local. + this fixes bnc#809831 + +------------------------------------------------------------------- +Thu Mar 28 18:38:51 UTC 2013 - jmatejek@suse.com + +- replace broken movetogetdents64.diff patch with a correct one + from upstream repo (python-3.3.0-getdents64.patch) + +------------------------------------------------------------------- +Fri Mar 1 07:42:21 UTC 2013 - dmueller@suse.com + +- add ctypes-libffi-aarch64.patch: + * import aarch64 support for libffi in _ctypes module +- add aarch64 to the list of lib64 based archs +- add movetogetdents64.diff: + * port to getdents64, as SYS_getdents is not implemented everywhere + +------------------------------------------------------------------- +Tue Feb 26 08:57:55 UTC 2013 - saschpe@suse.de + +- /etc/rpm/macros.python3 is no %config, it is not meant to be changed + by users. +- Add rpmlintrc with some obvious filters + +------------------------------------------------------------------- +Mon Jan 28 18:14:39 UTC 2013 - jmatejek@suse.com + +- update baselibs for new version of libpython3 + +------------------------------------------------------------------- +Thu Nov 29 17:02:37 UTC 2012 - jmatejek@suse.com + +- fix include path in macros (bnc#787526) +- implement failed import handlers for modules that live in + subpackages - e.g. "import ssl" will now throw a sensible error + message telling you to install "python3" + +------------------------------------------------------------------- +Wed Nov 28 17:02:07 UTC 2012 - jmatejek@suse.com + +- merge python3-xml into python3 +- merge python3-2to3 library into python3-base + and the 2to3 binary into python3-devel + (python3-devel is now in conflict with python-2to3, which + will be dropped) +- enable --with-system-expat for python3, making the xml modules + (and thus python3) depend on expat +- reconfigure tests to disable network and GUI resources, which + the upstream apparently thought is a good idea to enable by default. + this fixes build failures in Factory +- add lzma-devel to build the _lzma module +- moved %dynlib macro definition to common section + +------------------------------------------------------------------- +Mon Nov 5 20:01:46 UTC 2012 - coolo@suse.com + +- buildrequire timezone for the test suite + +------------------------------------------------------------------- +Mon Oct 29 18:21:45 UTC 2012 - dmueller@suse.com + +- disable more checks for qemu builds as they use syscalls not + implemented yet + +------------------------------------------------------------------- +Thu Oct 25 08:14:36 UTC 2012 - Rene.vanPaassen@gmail.com + +- exclude test_math for SLE 11; math library fails on negative + gamma function values close to integers and 0, probably + due to imprecision in -lm on SLE_11_SP2. + +------------------------------------------------------------------- +Tue Oct 16 12:15:34 UTC 2012 - coolo@suse.com + +- buildrequire libbz2-devel explicitly + +------------------------------------------------------------------- +Mon Oct 8 14:33:08 UTC 2012 - jmatejek@suse.com + +- remove distutils.cfg (bnc#658604) + * this changes default prefix for distutils to /usr + * see ML for details: +http://lists.opensuse.org/opensuse-packaging/2012-09/msg00254.html + +------------------------------------------------------------------- +Mon Oct 1 08:53:03 UTC 2012 - idonmez@suse.com + +- Update to final 3.3.0 release + * See http://hg.python.org/cpython/file/v3.3.0/Misc/NEWS + +------------------------------------------------------------------- +Thu Sep 27 12:35:01 UTC 2012 - idonmez@suse.com + +- Correct dependency for python3-testsuite, + python3-tkinter -> python3-tk + +------------------------------------------------------------------- +Thu Aug 23 13:08:11 UTC 2012 - jmatejek@suse.com + +- update to 3.3.0 RC1 + +------------------------------------------------------------------- +Fri Aug 3 12:09:34 UTC 2012 - jmatejek@suse.com + +- update to 3.3.0 beta 1 + * flexible string representation, no longer distinguishing + between wide and narrow Unicode builds + * importlib-based import system + * virtualenv support in core + * namespace packages + * explicit Unicode literals for easier porting + * key-sharing dict implementation reduces memory footprint + of OO code + * hash randomization on by default + * many other new bugfixes and features, check NEWS for details + +- pre_checkin.sh now autofills various version strings in specs +- ship hashlib's fallback modules - those uselessly take up space + when real _hashlib.so from python3 is present, but the space wasted + is only 114kB and it provides python3-base with a working hashlib + module. + (also, this fixes bnc#743787) + +------------------------------------------------------------------- +Fri Jul 27 09:02:41 UTC 2012 - dvaleev@suse.com + +- skip test_io on ppc +- drop test_io ppc patch + +------------------------------------------------------------------- +Thu Jun 28 07:57:58 UTC 2012 - saschpe@suse.de + +- Satisfy source_validator by uncommenting an otherwise unused "Patch" + line + +------------------------------------------------------------------- +Tue Jun 12 15:39:08 UTC 2012 - adrian@suse.de + +- fix logic of checks exclusion + +------------------------------------------------------------------- +Fri May 18 11:50:27 UTC 2012 - idonmez@suse.com + +- update to 3.2.3 + * No changes since rc2 + +------------------------------------------------------------------- +Thu Mar 29 15:44:33 UTC 2012 - jmatejek@suse.com + +- update to 3.2.3rc2 + * fixes several security issues: + * CVE-2012-0845, bnc#747125 + * CVE-2012-1150, bnc#751718 + * CVE-2011-4944, bnc#754447 + * CVE-2011-3389, bnc#754677 +- fix for insecure .pypirc (CVE-2011-4944, bnc#754447) +- disable test_gdb because it is broken by our gdb + +------------------------------------------------------------------- +Thu Feb 16 12:33:12 UTC 2012 - dvaleev@suse.com + +- skip broken test_io test on ppc + +------------------------------------------------------------------- +Wed Jan 18 15:49:47 UTC 2012 - jmatejek@suse.com + +- update to 3.2.2 + * bugfix-only release + * reports "linux2" as sys.platform regardless of Linux kernel +- added pre_checkin.sh to copy common spec sections to python3.spec +- added PACKAGING-NOTES with some helpful info for packagers + +------------------------------------------------------------------- +Sun Dec 25 13:25:01 UTC 2011 - idonmez@suse.com + +- Use system ffi, included one is broken see + http://bugs.python.org/issue11729 and + http://bugs.python.org/issue12081 + +------------------------------------------------------------------- +Fri Dec 9 17:19:55 UTC 2011 - jmatejek@suse.com + +- license.opensuse.org-compatible license headers + +------------------------------------------------------------------- +Fri Dec 2 16:46:44 UTC 2011 - coolo@suse.com + +- add automake as buildrequire to avoid implicit dependency + +------------------------------------------------------------------- +Thu Nov 24 12:42:25 UTC 2011 - agraf@suse.com + +- fix ARM build (exclude some test cases which break for us) + +------------------------------------------------------------------- +Tue Aug 16 17:02:22 UTC 2011 - termim@gmail.com + +- use sysconfig module to get py3_incdir, py3_abiflags, + py3_soflags, python3_sitelib and python3_sitearch + +------------------------------------------------------------------- +Mon Jul 18 16:22:31 UTC 2011 - jmatejek@novell.com + +- update to 3.2.1 + * bugfix-only release, no major changes +- fix build on linux3 platform +- remove upstreamed pybench patch +- install /usr/lib directories in all cases to prevent spurious + "directory not owned" in dependent packages + +------------------------------------------------------------------- +Wed Jun 15 14:16:38 UTC 2011 - jmatejek@novell.com + +- replaced dynamic so version with manual so version, because + autobuild does not support autogeneration + +------------------------------------------------------------------- +Tue May 24 13:39:06 UTC 2011 - jmatejek@novell.com + +- generate macros.python3 at compile-time with fixed values +- don't include bogus values in pyconfig.h, as they can break + third-party packages (bnc#673071) + +------------------------------------------------------------------- +Tue May 17 12:52:51 UTC 2011 - jmatejek@novell.com + +- added Obsoletes: python3 < 3.1 so that the transition from + non-split to split packages goes smoothly + +------------------------------------------------------------------- +Fri May 13 12:38:19 UTC 2011 - jmatejek@novell.com + +- fixed RPM macros to use python3 instead of python +- updated to build --with-wide-unicode (for compatibility with + fedora and our own python 2.x series) + +------------------------------------------------------------------- +Thu Apr 21 03:39:25 UTC 2011 - termim@gmail.com + +- fix python3-base build failure due to pybench.py crash by + python-3.2-pybench.patch +- move pyconfig.h from python3-devel to python3-base package to + make python3-base functional again + +------------------------------------------------------------------- +Wed Mar 23 04:26:28 UTC 2011 - termim@gmail.com + +- update to python 3.2 + * stable ABI, ABI-tagged .so files + * concurrent.futures and many other new or upgraded modules + * PYC repository directories ( __pycache__ ) + * python WSGI 1.0.1 + * Unicode 6.0.0 support + * a great number of bugfixes and assorted improvements + +------------------------------------------------------------------- +Tue Feb 8 19:42:17 CET 2011 - matejcik@suse.cz + +- update to python 3.2 RC2 +- renamed python3-demo to python3-tools, because the demo part + became much smaller than the tools part +- added rpm macros + +------------------------------------------------------------------- +Tue Jan 18 14:13:04 UTC 2011 - jmatejek@novell.com + +- update to python 3.2 beta 2, see NEWS for details +- split off -base package with less dependencies, and a shlib-policy + compliant libpython3 package +- mostly rewritten the spec file with more detailed comments +- cleaned up lists of patches + diff --git a/python311.spec b/python311.spec new file mode 100644 index 0000000..51d6365 --- /dev/null +++ b/python311.spec @@ -0,0 +1,1042 @@ +# +# spec file for package python311 +# +# Copyright (c) 2025 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%global flavor @BUILD_FLAVOR@%{nil} +%if "%{flavor}" == "doc" +%define psuffix -documentation +%bcond_without doc +%bcond_with base +%bcond_with general +%endif +%if "%{flavor}" == "base" +%define psuffix -core +%bcond_with doc +%bcond_without base +%bcond_with general +%endif +%if "%{flavor}" == "" +%define psuffix %{nil} +%bcond_with doc +%bcond_with base +%bcond_without general +%endif + +%if 0%{?do_profiling} && !0%{?want_reproducible_builds} +%bcond_without profileopt +%else +%bcond_with profileopt +%endif + +# Only for Tumbleweed +# https://en.opensuse.org/openSUSE:Python:Externally_managed +%if 0%{?suse_version} > 1600 +%bcond_without externally_managed +%else +%bcond_with externally_managed +%endif + +%define python_pkg_name python311 +%if "%{python_pkg_name}" == "%{primary_python}" +%define primary_interpreter 1 +%else +%define primary_interpreter 0 +%endif + +# Setting up variables +%define _version %(c=%{version}; echo ${c/[a-z]*/}) +%define tar_suffix %(c=%{_version}; echo ${c#%{_version}}) +%define python_version %(echo %{_version}|cut -d. -f1-2) +# based on the current source tarball +%define python_version_abitag %(c=%{python_version}; echo ${c//./}) +# FIXME %%define python_version_soname %%(c=%%{python_version}; echo ${c//./_}) +%define python_version_soname 3_11 +%if 0%(test -n "%{tar_suffix}" && echo 1) +%define _version %(echo "%{_version}~%{tar_suffix}") +%define tarversion %{version} +%else +%define tarversion %{version} +%endif +# We don't process beta signs well +%define folderversion %{tarversion} +%define tarname Python-%{tarversion} +%define sitedir %{_libdir}/python%{python_version} +# three possible ABI kinds: m - pymalloc, d - debug build; see PEP 3149 +%define abi_kind %{nil} +# python ABI version - used in some file names +%define python_abi %{python_version}%{abi_kind} +# soname ABI tag defined in PEP 3149 +%define abi_tag %{python_version_abitag}%{abi_kind} +# version part of "libpython" package +%define so_major 1 +%define so_minor 0 +%define so_version %{python_version_soname}%{abi_kind}-%{so_major}_%{so_minor} +# rpm and python have different ideas about what is an arch-dependent name, so: +%if "%{__isa_name}" == "ppc" +%define archname %(echo %{_arch} | sed s/ppc/powerpc/) +%else +%define archname %{_arch} +%endif +# our arm has Hardware-Floatingpoint +%if "%{_arch}" == "arm" +%define armsuffix hf +%endif +# Decide whether we want to use mpdecimal +%if 0%{?suse_version} >= 1550 +%bcond_without mpdecimal +%else +%bcond_with mpdecimal +%endif +# pyexpat.cpython-35m-x86_64-linux-gnu +# pyexpat.cpython-35m-powerpc64le-linux-gnu +# pyexpat.cpython-35m-armv7-linux-gnueabihf +# _md5.cpython-38m-x86_64-linux-gnu.so +%define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so +Name: %{python_pkg_name}%{psuffix} +Version: 3.11.13 +Release: 0 +Summary: Python 3 Interpreter +License: Python-2.0 +URL: https://www.python.org/ +Source0: https://www.python.org/ftp/python/%{folderversion}/%{tarname}.tar.xz +Source1: https://www.python.org/ftp/python/%{folderversion}/%{tarname}.tar.xz.sigstore +Source2: baselibs.conf +Source3: README.SUSE +Source4: externally_managed.in +Source7: macros.python3 +Source8: import_failed.py +Source9: import_failed.map +Source10: pre_checkin.sh +Source11: skipped_tests.py +Source19: idle3.desktop +Source20: idle3.appdata.xml +# content of bluez-devel: +# 1. sudo zypper --pkg-cache-dir /tmp install -f -d --no-recommends bluez-devel +# 2. rpm2cpio /tmp/*/*/bluez-devel-*.rpm|cpio -idu +# 3. mkdir Vendor && mv usr/include/* Vendor/ +# 4. tar cJf bluez-devel-vendor.tar.xz Vendor/ +Source21: bluez-devel-vendor.tar.xz +Source98: python311-rpmlintrc +# Tarball is signed by the GPG key of Pablo Galindo Salgado (0x64E628F8D684696D) +# https://keybase.io/pablogsal/pgp_keys.asc?fingerprint=a035c8c19219ba821ecea86b64e628f8d684696d +Source99: python.keyring +# The following files are not used in the build. +# They are listed here to work around missing functionality in rpmbuild, +# which would otherwise exclude them from distributed src.rpm files. +Source100: PACKAGING-NOTES +# PATCH-FEATURE-UPSTREAM F00251-change-user-install-location.patch bsc#[0-9]+ mcepl@suse.com +# Fix installation in /usr/local (boo#1071941), originally from Fedora +# https://src.fedoraproject.org/rpms/python3.12/blob/rawhide/f/00251-change-user-install-location.patch +# Set values of prefix and exec_prefix in distutils install command +# to /usr/local if executable is /usr/bin/python* and RPM build +# is not detected to make pip and distutils install into separate location +Patch02: F00251-change-user-install-location.patch +# PATCH-FEATURE-UPSTREAM distutils-reproducible-compile.patch gh#python/cpython#8057 mcepl@suse.com +# Improve reproduceability +Patch03: distutils-reproducible-compile.patch +# support finding packages in /usr/local, install to /usr/local by default +Patch04: python-3.3.0b1-localpath.patch +# replace DATE, TIME and COMPILER by fixed definitions to aid reproducible builds +Patch05: python-3.3.0b1-fix_date_time_compiler.patch +# Raise timeout value for test_subprocess +Patch07: subprocess-raise-timeout.patch +# PATCH-FEATURE-UPSTREAM bpo-31046_ensurepip_honours_prefix.patch bpo#31046 mcepl@suse.com +# ensurepip should honour the value of $(prefix) +Patch08: bpo-31046_ensurepip_honours_prefix.patch +# PATCH-FIX-SLE no-skipif-doctests.patch jsc#SLE-13738 mcepl@suse.com +# SLE-15 version of Sphinx doesn't know about skipif directive in doctests. +Patch09: no-skipif-doctests.patch +# PATCH-FIX-SLE skip-test_pyobject_freed_is_freed.patch mcepl@suse.com +# skip a test failing on SLE-15 +Patch10: skip-test_pyobject_freed_is_freed.patch +# PATCH-FIX-SLE fix_configure_rst.patch bpo#43774 mcepl@suse.com +# remove duplicate link targets and make documentation with old Sphinx in SLE +Patch11: fix_configure_rst.patch +# PATCH-FIX-UPSTREAM skip_if_buildbot-extend.patch gh#python/cpython#103053 mcepl@suse.com +# Skip test_freeze_simple_script +Patch13: skip_if_buildbot-extend.patch +# PATCH-FIX-UPSTREAM bsc1221260-test_asyncio-ResourceWarning.patch bsc#1221260 mcepl@suse.com +# prevent ResourceWarning in test_asyncio tests +Patch15: bsc1221260-test_asyncio-ResourceWarning.patch +# PATCH-FIX-OPENSUSE CVE-2023-52425-libexpat-2.6.0-backport.patch +# This problem on libexpat is patched on SLE without version +# update, this patch changes the tests to match the libexpat provided +# by SUSE +Patch16: CVE-2023-52425-libexpat-2.6.0-backport.patch +Patch17: CVE-2023-52425-remove-reparse_deferral-tests.patch +# PATCH-FIX-UPSTREAM bso1227999-reproducible-builds.patch bsc#1227999 mcepl@suse.com +# reproducibility patches +Patch19: bso1227999-reproducible-builds.patch +# PATCH-FIX-UPSTREAM gh120226-fix-sendfile-test-kernel-610.patch gh#python/cpython#120226 mcepl@suse.com +# Fix test_sendfile_close_peer_in_the_middle_of_receiving on Linux >= 6.10 (GH-120227) +Patch22: gh120226-fix-sendfile-test-kernel-610.patch +# PATCH-FIX-UPSTREAM Add platform triplets for 64-bit LoongArch gh#python/cpython#30939 glaubitz@suse.com +Patch24: add-loongarch64-support.patch +BuildRequires: autoconf-archive +BuildRequires: automake +BuildRequires: crypto-policies-scripts +BuildRequires: fdupes +BuildRequires: gmp-devel +BuildRequires: lzma-devel +BuildRequires: netcfg +BuildRequires: openssl-devel +BuildRequires: pkgconfig +BuildRequires: xz +BuildRequires: pkgconfig(bzip2) +BuildRequires: pkgconfig(expat) +BuildRequires: pkgconfig(libffi) +BuildRequires: pkgconfig(uuid) +BuildRequires: pkgconfig(zlib) +#!BuildIgnore: gdk-pixbuf-loader-rsvg +%if 0%{?suse_version} >= 1550 +# The provider for python(abi) is in rpm-build-python +BuildRequires: rpm-build-python +%endif +%if 0%{?suse_version} >= 1500 && 0%{?suse_version} < 1599 +BuildRequires: pkgconfig(libnsl) +BuildRequires: pkgconfig(libtirpc) +%endif +%if %{with mpdecimal} +BuildRequires: mpdecimal-devel +%endif +%if %{with doc} +BuildRequires: python3-Sphinx >= 4.0.0 +%if 0%{?suse_version} >= 1500 +BuildRequires: python3-python-docs-theme >= 2022.1 +%endif +%endif +%if %{with general} +# required for idle3 (.desktop and .appdata.xml files) +BuildRequires: appstream-glib +BuildRequires: gcc-c++ +BuildRequires: gdbm-devel +BuildRequires: gettext +BuildRequires: readline-devel +BuildRequires: sqlite-devel +BuildRequires: timezone +BuildRequires: pkgconfig(ncurses) +BuildRequires: pkgconfig(tk) +BuildRequires: pkgconfig(x11) +Requires: %{python_pkg_name}-base = %{version} +Provides: %{python_pkg_name}-readline +Provides: %{python_pkg_name}-sqlite3 +Recommends: %{python_pkg_name}-curses +Recommends: %{python_pkg_name}-dbm +Recommends: %{python_pkg_name}-pip +%if %{primary_interpreter} +Provides: python3 = %{python_version} +Provides: python3-readline +Provides: python3-sqlite3 +%endif +%endif +%{?suse_build_hwcaps_libs} + +%description +Python 3 is modern interpreted, object-oriented programming language, +often compared to Tcl, Perl, Scheme, or Java. You can find an overview +of Python in the documentation and tutorials included in the python3-doc +package. + +This package supplies rich command line features provided by readline, +and sqlite3 support for the interpreter core, thus forming a so called +"extended" runtime. +Installing "python3" is sufficient for the vast majority of usecases. +In addition, recommended packages provide UI toolkit support (python3-curses, +python3-tk), legacy UNIX database bindings (python3-dbm), and the IDLE +development environment (python3-idle). + +%package -n %{python_pkg_name}-tk +Summary: TkInter, a Python Tk Interface +Requires: %{python_pkg_name} = %{version} +%if %{primary_interpreter} +Provides: python3-tk = %{version} +%endif + +%description -n %{python_pkg_name}-tk +Python interface to Tk. Tk is the GUI toolkit that comes with Tcl. + +%package -n %{python_pkg_name}-curses +Summary: Python Interface to the (N)Curses Library +Requires: %{python_pkg_name} = %{version} +%if %{primary_interpreter} +Provides: python3-curses +%endif + +%description -n %{python_pkg_name}-curses +An easy to use interface to the (n)curses CUI library. CUI stands for +Console User Interface. + +%package -n %{python_pkg_name}-dbm +Summary: Python Interface to the GDBM Library +Requires: %{python_pkg_name} = %{version} +%if %{primary_interpreter} +Provides: python3-dbm +%endif + +%description -n %{python_pkg_name}-dbm +An easy to use interface for Unix DBM databases, and more specifically, +the GNU implementation GDBM. + +%package -n %{python_pkg_name}-idle +Summary: An Integrated Development Environment for Python +Requires: %{python_pkg_name} = %{version} +Requires: %{python_pkg_name}-tk +%if %{primary_interpreter} +Provides: python3-idle = %{version} +%endif + +%description -n %{python_pkg_name}-idle +IDLE is a Tkinter based integrated development environment for Python. +It features a multi-window text editor with multiple undo, Python +colorizing, and many other things, as well as a Python shell window and +a debugger. + +%package -n %{python_pkg_name}-doc +Summary: Package Documentation for Python 3 +Enhances: %{python_pkg_name} = %{python_version} +%if %{primary_interpreter} +Provides: python3-doc = %{version} +%endif + +%description -n %{python_pkg_name}-doc +Tutorial, Global Module Index, Language Reference, Library Reference, +Extending and Embedding Reference, Python/C API Reference, Documenting +Python, and Macintosh Module Reference in HTML format. + +%package -n %{python_pkg_name}-doc-devhelp +Summary: Additional Package Documentation for Python 3 in devhelp format +%if %{primary_interpreter} +Provides: python3-doc-devhelp = %{version} +%endif + +%description -n %{python_pkg_name}-doc-devhelp +Tutorial, Global Module Index, Language Reference, Library Reference, +Extending and Embedding Reference, Python/C API Reference, Documenting +Python, and Macintosh Module Reference in format for devhelp. + +%package -n %{python_pkg_name}-base +Summary: Python 3 Interpreter and Stdlib Core +Requires: libpython%{so_version} = %{version} +Recommends: %{python_pkg_name} = %{version} +#Recommends: python3-ensurepip +# python 3.1 didn't have a separate python-base, so it is wrongly +# not a conflict to have python3-3.1 and python3-base > 3.1 +Obsoletes: python3 < 3.2 +# no Provides, because python3 is obviously provided by package python3 +# python 3.4 provides asyncio +Provides: %{python_pkg_name}-asyncio = %{version} +# python 3.6 provides typing +Provides: %{python_pkg_name}-typing = %{version} +# python3-xml was merged into python3, now moved into -base +Provides: %{python_pkg_name}-xml = %{version} +%if %{primary_interpreter} +Provides: python3-asyncio = %{version} +Obsoletes: python3-asyncio < %{version} +Provides: python3-base = %{version} +Obsoletes: python3-base < %{version} +Provides: python3-typing = %{version} +Obsoletes: python3-typing < %{version} +Provides: python3-xml = %{version} +Obsoletes: python3-xml < %{version} +%endif + +%description -n %{python_pkg_name}-base +Python is an interpreted, object-oriented programming language, and is +often compared to Tcl, Perl, Scheme, or Java. You can find an overview +of Python in the documentation and tutorials included in the python-doc +package. + +This package contains the interpreter core and most commonly used modules +from the standard library. This is sufficient for many usecases, but it +excludes components that depend on external libraries, most notably XML, +database and UI toolkits support. + +%package -n %{python_pkg_name}-tools +Summary: Python Utility and Demonstration Scripts +Requires: %{python_pkg_name}-base = %{version} +Provides: %{python_pkg_name}-2to3 = %{version} +Provides: %{python_pkg_name}-demo = %{version} +%if %{primary_interpreter} +Provides: python3-2to3 = %{version} +Provides: python3-demo = %{version} +Provides: python3-tools = %{version} +Obsoletes: python3-2to3 < %{version} +Obsoletes: python3-demo < %{version} +%endif + +%description -n %{python_pkg_name}-tools +A number of scripts that are useful for building, testing or extending Python, +and a set of demonstration programs. + +%package -n %{python_pkg_name}-devel +Summary: Include Files and Libraries Mandatory for Building Python Modules +Requires: %{python_pkg_name}-base = %{version} +%if %{primary_interpreter} +Provides: python3-devel = %{version} +%endif + +%description -n %{python_pkg_name}-devel +The Python programming language's interpreter can be extended with +dynamically loaded extensions and can be embedded in other programs. + +This package contains header files, a static library, and development +tools for building Python modules, extending the Python interpreter or +embedding Python in applications. + +This also includes the Python distutils, which were in the Python +package up to version 2.2.2. + +%package -n %{python_pkg_name}-testsuite +Summary: Unit tests for Python and its standard library +Requires: %{python_pkg_name} = %{version} +Requires: %{python_pkg_name}-tk = %{version} +%if %{primary_interpreter} +Provides: python3-testsuite = %{version} +%endif + +%description -n %{python_pkg_name}-testsuite +Unit tests that are useful for verifying integrity and functionality +of the installed Python interpreter and standard library. +They are a documented part of stdlib, as a module 'test'. + +%package -n libpython%{so_version} +Summary: Python Interpreter shared library +Requires: %{python_pkg_name}-base >= %{version} + +%description -n libpython%{so_version} +Python is an interpreted, object-oriented programming language, and is +often compared to Tcl, Perl, Scheme, or Java. You can find an overview +of Python in the documentation and tutorials included in the python-doc +(HTML) or python-doc-pdf (PDF) packages. + +This package contains libpython3.2 shared library for embedding in +other applications. + +%prep +%setup -q -n %{tarname} + +%autopatch -p1 -M 08 +%if 0%{?suse_version} <= 1500 +%patch -P 09 -p1 +%endif +%autopatch -p1 -m 10 + +# drop Autoconf version requirement +sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac + +%if %{primary_interpreter} +# fix shebangs - convert /usr/local/bin/python and /usr/bin/env/python to /usr/bin/python3 +for dir in Lib Tools; do + # find *.py, filter to files that contain bad shebangs + # break up "/""usr" like this to prevent replacing with %%{_prefix} + find $dir -name '*.py' -type f -print0 \ + | xargs -0 grep -lE '^#! *(/''usr/.*bin/(env +)?)?python' \ + | xargs sed -r -i -e '1s@^#![[:space:]]*(/''usr/(local/)?bin/(env +)?)?python([0-9]+(\.[0-9]+)?)?@#!%{_bindir}/python3@' +done +%else +# For non-primary Python, just don't bother (bsc#1193179) and remove all +# those shebangs +for dir in Lib Tools; do + find $dir -name '*.py' -type f -exec sed -i '1{/^#!.*python/ d}' '{}' \; +done +# We shortened the file Lib/pdb.py so we have to move the test breakpoint location +sed -i -e '/Breakpoint 3 at ...pdb.py:97/s/97/96/' Lib/test/test_pdb.py +%endif + +# drop in-tree libffi and expat +rm -r Modules/_ctypes/libffi* Modules/_ctypes/darwin +# Cannot remove it because of gh#python/cpython#92875 +# rm -r Modules/expat + +# drop duplicate README from site-packages +rm Lib/site-packages/README.txt + +# Add vendored bluez-devel files +tar xvf %{SOURCE21} + +# Don't fail on warnings when building documentation +sed -i -e '/^SPHINXERRORHANDLING/s/-W//' Doc/Makefile + +%build +%if %{with doc} +TODAY_DATE=`date -r %{SOURCE0} "+%%B %%d, %%Y"` +# TODO use not date of tarball but date of latest patch + +cd Doc +sed -i "s/^today = .*/today = '$TODAY_DATE'/" conf.py +%make_build -j1 html + +# Build also devhelp files +sphinx-build -a -b devhelp . build/devhelp +rm -rfv build/devhelp/.doctrees +%else +%define _lto_cflags %{nil} +# use rpm_opt_flags +export OPT="%{optflags} -DOPENSSL_LOAD_CONF -fwrapv $(pkg-config --cflags-only-I libffi) -fno-semantic-interposition" + +touch -r %{SOURCE0} Makefile.pre.in + +autoreconf -fvi + +%if 0%{?sles_version} +sed -e 's/-fprofile-correction//' -i Makefile.pre.in +%endif + +export CFLAGS="%{optflags} -IVendor/" + +%configure \ + --with-platlibdir=%{_lib} \ + --docdir=%{_docdir}/python \ + --enable-ipv6 \ + --enable-shared \ + --with-ensurepip=no \ + --with-system-ffi \ + --with-system-expat \ + --with-lto \ +%if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150400 + --with-ssl-default-suites=openssl \ +%endif +%if %{with profileopt} + --enable-optimizations \ +%endif +%if %{with mpdecimal} + --with-system-libmpdec \ +%endif + --enable-loadable-sqlite-extensions + +# prevent make from trying to rebuild PYTHON_FOR_GEN stuff +# %%make_build -t Python/Python-ast.c \ + # Include/Python-ast.h \ + # Objects/typeslots.inc \ + # Python/opcode_targets.h \ + # Include/opcode.h +%make_build + +%if %{with general} +%make_build +%endif +%if %{with base} +%if %{with profileopt} + target=profile-opt +%else + target=all +%endif +LD_LIBRARY_PATH=.:$LD_LIBRARY_PATH \ + %make_build $target +%endif +%endif + +%check +export SUSE_VERSION="0%{?suse_version}" +export SLE_VERSION="0%{?sle_version}" +%if %{with general} +# exclude test_gdb -- it doesn't run in buildservice anyway, and fails on missing debuginfos +# when you install gdb into your test env +EXCLUDE="test_gdb" +# we patch out the message to recommend zypper in and thus this would fail +EXCLUDE="$EXCLUDE test_pydoc" + +%ifarch %{arm} s390x +# test_multiprocessing_forkserver is racy +EXCLUDE="$EXCLUDE test_multiprocessing_forkserver" +%endif +%ifarch ppc ppc64 ppc64le +# exclue test_faulthandler due to bnc#831629 +EXCLUDE="$EXCLUDE test_faulthandler" +%endif +# some tests break in QEMU +%if 0%{?qemu_user_space_build} +EXCLUDE="$EXCLUDE test_faulthandler test_multiprocessing_forkserver test_multiprocessing_spawn test_os test_posix test_signal test_socket test_subprocess" +%endif + +# This test (part of test_uuid) requires real network interfaces +# so that ifconfig output has "HWaddr ". Some kvm instances +# done have any such interface breaking the uuid module. +EXCLUDE="$EXCLUDE test_uuid" + +# bsc#1195140 and bpo#37169 - test_capi is failing on openSUSE, and not sure why +EXCLUDE="$EXCLUDE test_capi" + +# Limit virtual memory to avoid spurious failures +if test $(ulimit -v) = unlimited || test $(ulimit -v) -gt 10000000; then + ulimit -v 11000000 || : +fi + +# test_freeze_simple_script in test.test_tools.test_freeze.TestFreeze +# uses CONFIG_ARGS to run ./configure. +export CONFIG_ARGS="--enable-ipv6 --enable-shared --with-ensurepip=no \ + --with-system-ffi --with-system-expat --with-lto --enable-optimizations \ + --with-system-libmpdec --enable-loadable-sqlite-extensions" + +export PYTHONPATH="$(pwd -P)/Lib" +# Use timeout, like make target buildbottest +# We cannot run tests parallel, because osc build environment doesn’t +# have /dev/shm +%make_build -j1 test TESTOPTS="-u curses -v -x $EXCLUDE --timeout=5400" +# use network, be verbose: +#make test TESTOPTS="-l -u network -v" +%endif + +%install +%if %{with doc} +export PDOCS=%{buildroot}%{_docdir}/python%{python_version} +mkdir -p $PDOCS +# generated docs +rm Doc/build/*/.buildinfo +cp -r Doc/build/html $PDOCS +# misc +install -d -m 755 $PDOCS/Misc +rm Misc/README.AIX +for i in Misc/* ; do + [ -f $i ] && install -c -m 644 $i $PDOCS/Misc/ +done +# devhelp +mkdir -p %{buildroot}%{_datadir}/gtk-doc/html +cp -r Doc/build/devhelp %{buildroot}%{_datadir}/gtk-doc/html/Python%{python_version} +rm -rf %{buildroot}%{_datadir}/gtk-doc/html/Python%{python_version}/.doctrees +%endif +%if %{with general} +%make_install + +# clean out stuff that is in python-base and subpackages + +find %{buildroot}%{_bindir} -mindepth 1 -not -name "*idle3*" -print -delete +rm %{buildroot}%{_libdir}/lib* +rm -r %{buildroot}%{_libdir}/pkgconfig +rm -r %{buildroot}%{_mandir}/* +rm -r %{buildroot}%{_includedir}/* + +rm -r %{buildroot}%{sitedir}/config* +find %{buildroot}%{sitedir} -name "*.egg-info" -delete +rm -r %{buildroot}%{sitedir}/__pycache__ +rm -r %{buildroot}%{sitedir}/site-packages +rm %{buildroot}%{sitedir}/*.* + +for module in \ + asyncio ctypes collections concurrent distutils email encodings \ + ensurepip html http re \ + importlib json logging multiprocessing pydoc_data unittest \ + urllib venv wsgiref lib2to3 test tomllib turtledemo \ + xml xmlrpc zoneinfo __phello__ +do + rm -r %{buildroot}%{sitedir}/$module +done + +for library in \ + array _asyncio audioop binascii _bisect _bz2 cmath _codecs_* \ + _contextvars _crypt _csv _ctypes _datetime _decimal fcntl grp \ + _hashlib _heapq _json _lsprof _lzma math mmap _multibytecodec \ + _multiprocessing _opcode ossaudiodev _pickle _posixshmem \ + _posixsubprocess _queue _random resource select _ssl _socket spwd \ + _statistics _struct syslog termios _testbuffer _testimportmultiple \ + _testmultiphase unicodedata zlib _ctypes_test _testinternalcapi _testcapi \ + _typing _testclinic xxlimited xxlimited_35 \ + _xxtestfuzz _xxsubinterpreters _elementtree pyexpat _md5 _sha1 \ + _sha256 _sha512 _blake2 _sha3 _uuid _zoneinfo +do + eval rm "%{buildroot}%{sitedir}/lib-dynload/$library.*" +done + +# Idle is not packaged in base due to the appstream-glib dependency +# move idle config into /etc +install -d -m 755 %{buildroot}%{_sysconfdir}/idle%{python_version} +( + cd %{buildroot}/%{sitedir}/idlelib/ + for file in *.def ; do + mv $file %{buildroot}%{_sysconfdir}/idle%{python_version}/ + ln -sf %{_sysconfdir}/idle%{python_version}/$file %{buildroot}/%{sitedir}/idlelib/ + done +) + +# keep just idle3.X +rm %{buildroot}%{_bindir}/idle3 + +# install idle icons +for size in 16 32 48 ; do + install -m 644 -D Lib/idlelib/Icons/idle_${size}.png \ + %{buildroot}%{_datadir}/icons/hicolor/${size}x${size}/apps/idle%{python_version}.png +done + +# install idle desktop file +cp %{SOURCE19} idle%{python_version}.desktop +sed -i -e 's:idle3:idle%{python_version}:g' idle%{python_version}.desktop +install -m 644 -D -t %{buildroot}%{_datadir}/applications idle%{python_version}.desktop + +cp %{SOURCE20} idle%{python_version}.appdata.xml +sed -i -e 's:idle3.desktop:idle%{python_version}.desktop:g' idle%{python_version}.appdata.xml +install -m 644 -D -t %{buildroot}%{_datadir}/metainfo idle%{python_version}.appdata.xml +appstream-util validate-relax --nonet %{buildroot}%{_datadir}/metainfo/idle%{python_version}.appdata.xml + +%fdupes %{buildroot}/%{_libdir}/python%{python_version} +%endif +%if %{with base} +%make_install + +# remove .a +find %{buildroot} -name "*.a" -delete + +# install "site-packages" and __pycache__ for third parties +install -d -m 755 %{buildroot}%{sitedir}/site-packages +install -d -m 755 %{buildroot}%{sitedir}/site-packages/__pycache__ +# and their 32bit counterparts explicitly +mkdir -p %{buildroot}%{_prefix}/lib/python%{python_version}/site-packages/__pycache__ + +# cleanup parts that don't belong +for dir in curses dbm sqlite3 tkinter idlelib; do + find "%{buildroot}/%{sitedir}/$dir"/* -maxdepth 0 -name "test" -o -exec rm -rf {} + +done +rm -fv %{buildroot}%{dynlib nis} + +# overwrite the copied binary with a link +ln -sf python%{python_version} %{buildroot}%{_bindir}/python3 + +# decide to ship python3 or just python3.X +%if !%{primary_interpreter} +# base +rm %{buildroot}%{_bindir}/python3 +rm %{buildroot}%{_bindir}/pydoc3 +rm %{buildroot}%{_mandir}/man1/python3.1 +# devel +rm %{buildroot}%{_bindir}/python3-config +rm %{buildroot}%{_libdir}/libpython3.so +rm %{buildroot}%{_libdir}/pkgconfig/{python3,python3-embed}.pc +%endif + +%if %{with externally_managed} +# PEP-0668 mark this as a distro maintained python +sed -e 's,__PYTHONPREFIX__,%{python_pkg_name},' -e 's,__PYTHON__,python%{python_version},' < %{SOURCE4} > %{buildroot}%{sitedir}/EXTERNALLY-MANAGED +%endif + +# link shared library instead of static library that tools expect +ln -s ../../libpython%{python_abi}.so %{buildroot}%{_libdir}/python%{python_version}/config-%{python_abi}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}/libpython%{python_abi}.so + +# delete idle3, which has to many packaging dependencies for base +rm %{buildroot}%{_bindir}/idle3* + +# delete the generic 2to3 binary if we are not primary +%if !%{primary_interpreter} +rm %{buildroot}%{_bindir}/2to3 +%endif + +# replace duplicate .pyo/.pyc with hardlinks +%fdupes %{buildroot}/%{sitedir} + +# documentation +export PDOCS=%{buildroot}%{_docdir}/%{name} +install -d -m 755 $PDOCS +install -c -m 644 %{SOURCE3} $PDOCS/ +install -c -m 644 README.rst $PDOCS/ + +# tools +for x in `find Tools/ \( -not -name Makefile \) -print | sort` ; do + test -d $x && ( install -c -m 755 -d $PDOCS/$x ) \ + || ( install -c -m 644 $x $PDOCS/$x ) +done +# gdb script is shipped with devel subpackage +rm -r $PDOCS/Tools/gdb +# clean up the bat files +find "$PDOCS" -name "*.bat" -delete + +# put gdb helper script into place +install -m 755 -D Tools/gdb/libpython.py %{buildroot}%{_datadir}/gdb/auto-load/%{_libdir}/libpython%{python_abi}.so.%{so_major}.%{so_minor}-gdb.py + +# install devel files to /config +#cp Makefile Makefile.pre.in Makefile.pre $RPM_BUILD_ROOT%%{sitedir}/config-%%{python_abi}/ + +# Remove -IVendor/ from python-config boo#1231795 +sed -i 's/-IVendor\///' %{buildroot}%{_bindir}/python%{python_abi}-config + +# RPM macros +%if %{primary_interpreter} +mkdir -p %{buildroot}%{_rpmconfigdir}/macros.d/ +install -m 644 %{SOURCE7} %{buildroot}%{_rpmconfigdir}/macros.d/ # macros.python3 +%endif + +# import_failed hooks +FAILDIR=%{buildroot}/%{sitedir}/_import_failed +mkdir $FAILDIR +install -m 644 %{SOURCE8} %{SOURCE9} $FAILDIR # import_failed.* +LD_LIBRARY_PATH=. ./python -c "from py_compile import compile; compile('$FAILDIR/import_failed.py', dfile='%{sitedir}/_import_failed/import_failed.py')" +LD_LIBRARY_PATH=. ./python -O -c "from py_compile import compile; compile('$FAILDIR/import_failed.py', dfile='%{sitedir}/_import_failed/import_failed.py')" +( + cd $FAILDIR + while read package modules; do + for module in $modules; do + ln import_failed.py $module.py + pushd __pycache__ + for i in import_failed*; do + ln $i "$module${i#import_failed}" + done + popd + done + done < %{SOURCE9} +) +echo %{sitedir}/_import_failed > %{buildroot}/%{sitedir}/site-packages/zzzz-import-failed-hooks.pth +%endif + +# For the purposes of reproducibility, it is necessary to eliminate any *.pyc files inside documentation dirs +if [ -d %{buildroot}%{_defaultdocdir} ] ; then +find %{buildroot}%{_defaultdocdir} -type f -name \*.pyc -ls -exec rm -vf '{}' \; +fi + +%if %{with general} +%files -n %{python_pkg_name}-tk +%{sitedir}/tkinter +%exclude %{sitedir}/tkinter/test +%{dynlib _tkinter} + +%files -n %{python_pkg_name}-curses +%{sitedir}/curses +%{dynlib _curses} +%{dynlib _curses_panel} + +%files -n %{python_pkg_name}-dbm +%{sitedir}/dbm +%{dynlib _dbm} +%{dynlib _gdbm} + +%files -n %{python_pkg_name} +%dir %{sitedir} +%dir %{sitedir}/lib-dynload +%{sitedir}/sqlite3 +%exclude %{sitedir}/sqlite3/test +%{dynlib readline} +%{dynlib _sqlite3} +%if 0%{?suse_version} < 1599 +%{dynlib nis} +%endif + +%files -n %{python_pkg_name}-idle +%{sitedir}/idlelib +%dir %{_sysconfdir}/idle%{python_version} +%config %{_sysconfdir}/idle%{python_version}/* +%doc Lib/idlelib/README.txt +%doc Lib/idlelib/TODO.txt +%doc Lib/idlelib/extend.txt +%doc Lib/idlelib/ChangeLog +%{_bindir}/idle%{python_version} +%{_datadir}/applications/idle%{python_version}.desktop +%{_datadir}/metainfo/idle%{python_version}.appdata.xml +%{_datadir}/icons/hicolor/*/apps/idle%{python_version}.png +%dir %{_datadir}/icons/hicolor +%dir %{_datadir}/icons/hicolor/16x16 +%dir %{_datadir}/icons/hicolor/32x32 +%dir %{_datadir}/icons/hicolor/48x48 +%dir %{_datadir}/icons/hicolor/*/apps +# endif for if general +%endif + +%if %{with doc} +%files -n %{python_pkg_name}-doc +%dir %{_docdir}/python%{python_version} +%doc %{_docdir}/python%{python_version}/Misc +%doc %{_docdir}/python%{python_version}/html + +%files -n %{python_pkg_name}-doc-devhelp +%dir %{_datadir}/gtk-doc +%dir %{_datadir}/gtk-doc/html +%doc %{_datadir}/gtk-doc/html/Python%{python_version} +%endif + +%if %{with base} +%post -n libpython%{so_version} -p /sbin/ldconfig +%postun -n libpython%{so_version} -p /sbin/ldconfig + +%files -n libpython%{so_version} +%{_libdir}/libpython%{python_abi}.so.%{so_major}.%{so_minor} + +%files -n %{python_pkg_name}-tools +%{sitedir}/turtledemo +%if %{primary_interpreter} +%{_bindir}/2to3 +%endif +%attr(755, root, root)%{_bindir}/2to3-%{python_version} +%doc %{_docdir}/%{name}/Tools + +%files -n %{python_pkg_name}-devel +%{_libdir}/libpython%{python_abi}.so +%if %{primary_interpreter} +%{_libdir}/libpython3.so +%endif +%{_libdir}/pkgconfig/* +%{_includedir}/python%{python_abi} +%{sitedir}/config-%{python_abi}-* +%{_bindir}/python%{python_abi}-config +%if %{primary_interpreter} +%{_bindir}/python3-config +%endif +# Own these directories to not depend on gdb +%dir %{_datadir}/gdb +%dir %{_datadir}/gdb/auto-load +%dir %{_datadir}/gdb/auto-load%{_prefix} +%dir %{_datadir}/gdb/auto-load%{_libdir} +%{_datadir}/gdb/auto-load/%{_libdir}/libpython%{python_abi}.so.%{so_major}.%{so_minor}-gdb.py + +%files -n %{python_pkg_name}-testsuite +%{sitedir}/test +%{sitedir}/*/test +%{sitedir}/*/tests +%{dynlib _ctypes_test} +%{dynlib _testbuffer} +%{dynlib _testcapi} +%{dynlib _testclinic} +%{dynlib _testinternalcapi} +%{dynlib _testimportmultiple} +%{dynlib _testmultiphase} +%{dynlib xxlimited} +# workaround for missing packages +%dir %{sitedir}/sqlite3 +%dir %{sitedir}/tkinter + +%files -n %{python_pkg_name}-base +# docs +%dir %{_docdir}/%{name} +%doc %{_docdir}/%{name}/README.rst +%license LICENSE +%doc %{_docdir}/%{name}/README.SUSE +%if %{primary_interpreter} +%{_mandir}/man1/python3.1%{?ext_man} +%endif +%{_mandir}/man1/python%{python_version}.1%{?ext_man} +%if %{with externally_managed} +# PEP-0668 +%{sitedir}/EXTERNALLY-MANAGED +%endif +# license text, not a doc because the code can use it at run-time +%{sitedir}/LICENSE.txt +# RPM macros +%if %{primary_interpreter} +%{_rpmconfigdir}/macros.d/macros.python3 +%endif +# binary parts +%dir %{sitedir}/lib-dynload +%{dynlib array} +%{dynlib _asyncio} +%{dynlib audioop} +%{dynlib binascii} +%{dynlib _bisect} +%{dynlib _bz2} +%{dynlib cmath} +%{dynlib _codecs_cn} +%{dynlib _codecs_hk} +%{dynlib _codecs_iso2022} +%{dynlib _codecs_jp} +%{dynlib _codecs_kr} +%{dynlib _codecs_tw} +%{dynlib _contextvars} +%{dynlib _crypt} +%{dynlib _csv} +%{dynlib _ctypes} +%{dynlib _datetime} +%{dynlib _decimal} +%{dynlib _elementtree} +%{dynlib fcntl} +%{dynlib grp} +%{dynlib _hashlib} +%{dynlib _heapq} +%{dynlib _json} +%{dynlib _lsprof} +%{dynlib _lzma} +%{dynlib math} +%{dynlib mmap} +%{dynlib _multibytecodec} +%{dynlib _multiprocessing} +%{dynlib _opcode} +%{dynlib ossaudiodev} +%{dynlib _pickle} +%{dynlib _posixshmem} +%{dynlib _posixsubprocess} +%{dynlib pyexpat} +%{dynlib _queue} +%{dynlib _random} +%{dynlib resource} +%{dynlib select} +%{dynlib _socket} +%{dynlib spwd} +%{dynlib _ssl} +%{dynlib _statistics} +%{dynlib _struct} +%{dynlib syslog} +%{dynlib termios} +%{dynlib _typing} +%{dynlib unicodedata} +%{dynlib _uuid} +%{dynlib _xxsubinterpreters} +%{dynlib _xxtestfuzz} +%{dynlib xxlimited_35} +%{dynlib zlib} +%{dynlib _zoneinfo} +# hashlib fallback modules +%{dynlib _blake2} +%{dynlib _md5} +%{dynlib _sha1} +%{dynlib _sha256} +%{dynlib _sha512} +%{dynlib _sha3} +# python parts +%dir %{_prefix}/lib/python%{python_version} +%dir %{_prefix}/lib/python%{python_version}/site-packages +%dir %{_prefix}/lib/python%{python_version}/site-packages/__pycache__ +%dir %{sitedir} +%dir %{sitedir}/site-packages +%dir %{sitedir}/site-packages/__pycache__ +%exclude %{sitedir}/*/test +%exclude %{sitedir}/*/tests +%{sitedir}/*.py +%{sitedir}/asyncio +%{sitedir}/ctypes +%{sitedir}/collections +%{sitedir}/concurrent +%{sitedir}/distutils +%{sitedir}/email +%{sitedir}/encodings +%{sitedir}/ensurepip +%{sitedir}/html +%{sitedir}/http +%{sitedir}/importlib +%{sitedir}/json +%{sitedir}/lib2to3 +%{sitedir}/logging +%{sitedir}/multiprocessing +%{sitedir}/pydoc_data +%{sitedir}/re +%{sitedir}/tomllib +%{sitedir}/unittest +%{sitedir}/urllib +%{sitedir}/venv +%{sitedir}/wsgiref +%{sitedir}/xml +%{sitedir}/xmlrpc +%{sitedir}/zoneinfo +%{sitedir}/__phello__ +%{sitedir}/__pycache__ +# import-failed hooks +%{sitedir}/_import_failed +%{sitedir}/site-packages/zzzz-import-failed-hooks.pth +# symlinks +%if %{primary_interpreter} +%{_bindir}/python3 +%{_bindir}/pydoc3 +%endif +# executables +%attr(755, root, root) %{_bindir}/pydoc%{python_version} +# %%attr(755, root, root) %%{_bindir}/python%%{python_abi} +%attr(755, root, root) %{_bindir}/python%{python_version} +# endif for if base +%endif + +%changelog diff --git a/skip-test_pyobject_freed_is_freed.patch b/skip-test_pyobject_freed_is_freed.patch new file mode 100644 index 0000000..6f48b09 --- /dev/null +++ b/skip-test_pyobject_freed_is_freed.patch @@ -0,0 +1,23 @@ +--- + Lib/test/test_capi/test_misc.py | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/Lib/test/test_capi/test_misc.py ++++ b/Lib/test/test_capi/test_misc.py +@@ -40,6 +40,8 @@ import _testinternalcapi + # Were we compiled --with-pydebug or with #define Py_DEBUG? + Py_DEBUG = hasattr(sys, 'gettotalrefcount') + ++# Which version of the SLE distro we build on? ++SLE_VERSION = int(os.environ.get('SLE_VERSION', '0'), 10) + + NULL = None + +@@ -1281,6 +1283,7 @@ class PyMemDebugTests(unittest.TestCase) + def test_pyobject_forbidden_bytes_is_freed(self): + self.check_pyobject_is_freed('check_pyobject_forbidden_bytes_is_freed') + ++ @unittest.skipIf(0 < SLE_VERSION < 150300, 'Failing on Leap 15.*') + def test_pyobject_freed_is_freed(self): + self.check_pyobject_is_freed('check_pyobject_freed_is_freed') + diff --git a/skip_if_buildbot-extend.patch b/skip_if_buildbot-extend.patch new file mode 100644 index 0000000..fd9a584 --- /dev/null +++ b/skip_if_buildbot-extend.patch @@ -0,0 +1,15 @@ +--- + Lib/test/support/__init__.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/Lib/test/support/__init__.py ++++ b/Lib/test/support/__init__.py +@@ -384,7 +384,7 @@ def skip_if_buildbot(reason=None): + if not reason: + reason = 'not suitable for buildbots' + try: +- isbuildbot = getpass.getuser().lower() == 'buildbot' ++ isbuildbot = getpass.getuser().lower() in ['buildbot', 'abuild'] + except (KeyError, EnvironmentError) as err: + warnings.warn(f'getpass.getuser() failed {err}.', RuntimeWarning) + isbuildbot = False diff --git a/skipped_tests.py b/skipped_tests.py new file mode 100644 index 0000000..47002e6 --- /dev/null +++ b/skipped_tests.py @@ -0,0 +1,69 @@ +#!/usr/bin/python3 +""" +Simple regexp-based skipped test checker. +It lists tests that are mentioned (presumably for exclusion) +in BASE, and in MAIN (presumably for inclusion) +and reports discrepancies. + +This will have a number of +""" + +MAIN = "python39.spec" + +import glob +import re +from os.path import basename + +alltests = set() +qemu_exclusions = set() + +for item in glob.glob("Python-*/Lib/test/test_*"): + testname = basename(item) + if testname.endswith(".py"): + testname = testname[:-3] + alltests.add(testname) + +testre = re.compile(r'[\s"](test_\w+)\b') + +def find_tests_in_spec(specname): + global qemu_exclusions + + found_tests = set() + with open(specname) as spec: + in_qemu = False + for line in spec: + line = line.strip() + if "#" in line: + line = line[:line.index("#")] + tests = set(testre.findall(line)) + found_tests |= tests + if line == "%if 0%{?qemu_user_space_build} > 0": + in_qemu = True + if in_qemu: + if line == "%endif": + in_qemu = False + qemu_exclusions |= tests + return found_tests + +excluded = find_tests_in_spec(MAIN) + +#print("--- excluded tests:", " ".join(sorted(excluded))) +#print("--- included tests:", " ".join(sorted(included))) + +mentioned = excluded +nonexistent = mentioned - alltests +missing = excluded - qemu_exclusions + +print("--- the following tests are excluded for QEMU and not tested in python") +print("--- (that probably means we don't need to worry about them)") +for test in sorted(qemu_exclusions - excluded): + print(test) + +print("--- the following tests might be excluded in python:") +for test in sorted(missing): + print(test) + +if nonexistent: + print("--- the following tests don't exist:") + for test in sorted(nonexistent): + print(test) diff --git a/subprocess-raise-timeout.patch b/subprocess-raise-timeout.patch new file mode 100644 index 0000000..ab29d50 --- /dev/null +++ b/subprocess-raise-timeout.patch @@ -0,0 +1,18 @@ +--- + Lib/test/test_subprocess.py | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +Index: Python-3.11.8/Lib/test/test_subprocess.py +=================================================================== +--- Python-3.11.8.orig/Lib/test/test_subprocess.py ++++ Python-3.11.8/Lib/test/test_subprocess.py +@@ -280,7 +280,8 @@ class ProcessTestCase(BaseTestCase): + "time.sleep(3600)"], + # Some heavily loaded buildbots (sparc Debian 3.x) require + # this much time to start and print. +- timeout=3) ++ # OBS might require even more ++ timeout=10) + self.fail("Expected TimeoutExpired.") + self.assertEqual(c.exception.output, b'BDFL') + -- 2.51.1 From 4cd370afa9860e4ad8763b95c9c5ffa4b2b0d951a44dd3c641dfd745ea93e978 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Wed, 2 Jul 2025 14:13:50 +0000 Subject: [PATCH 129/135] Accepting request 1289839 from home:dgarcia:branches:devel:languages:python:Factory - Use one core to build doc. This will make sphinx doc build reproducible. bsc#1243155 OBS-URL: https://build.opensuse.org/request/show/1289839 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=187 --- .gitattributes | 23 + .gitignore | 1 + CVE-2023-52425-libexpat-2.6.0-backport.patch | 233 + ...-52425-remove-reparse_deferral-tests.patch | 60 + CVE-2024-9287-venv_path_unquoted.patch | 299 + CVE-2025-0938-sq-brackets-domain-names.patch | 127 + CVE-2025-4516-DecodeError-handler.patch | 504 ++ F00251-change-user-install-location.patch | 215 + PACKAGING-NOTES | 26 + Python-3.11.10.tar.xz | 3 + Python-3.11.10.tar.xz.asc | 16 + Python-3.11.11.tar.xz | 3 + Python-3.11.11.tar.xz.sigstore | 1 + Python-3.11.12.tar.xz | 3 + Python-3.11.12.tar.xz.sigstore | 1 + Python-3.11.13.tar.xz | 3 + Python-3.11.13.tar.xz.sigstore | 1 + README.SUSE | 43 + _multibuild | 4 + add-loongarch64-support.patch | 29 + baselibs.conf | 3 + bluez-devel-vendor.tar.xz | 3 + bpo-31046_ensurepip_honours_prefix.patch | 173 + bsc1221260-test_asyncio-ResourceWarning.patch | 21 + bso1227999-reproducible-builds.patch | 37 + distutils-reproducible-compile.patch | 17 + externally_managed.in | 12 + fix_configure_rst.patch | 40 + ...l-no-stop-ThreadedEchoServer-OSError.patch | 82 + gh120226-fix-sendfile-test-kernel-610.patch | 35 + idle3.appdata.xml | 35 + idle3.desktop | 12 + import_failed.map | 7 + import_failed.py | 23 + macros.python3 | 28 + no-skipif-doctests.patch | 653 ++ pre_checkin.sh | 78 + python-3.3.0b1-fix_date_time_compiler.patch | 27 + python-3.3.0b1-localpath.patch | 13 + python-3.3.0b1-test-posix_fadvise.patch | 17 + python.keyring | 109 + python311-rpmlintrc | 4 + python311.changes | 5631 +++++++++++++++++ python311.spec | 1042 +++ skip-test_pyobject_freed_is_freed.patch | 23 + skip_if_buildbot-extend.patch | 15 + skipped_tests.py | 69 + subprocess-raise-timeout.patch | 18 + 48 files changed, 9822 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 CVE-2023-52425-libexpat-2.6.0-backport.patch create mode 100644 CVE-2023-52425-remove-reparse_deferral-tests.patch create mode 100644 CVE-2024-9287-venv_path_unquoted.patch create mode 100644 CVE-2025-0938-sq-brackets-domain-names.patch create mode 100644 CVE-2025-4516-DecodeError-handler.patch create mode 100644 F00251-change-user-install-location.patch create mode 100644 PACKAGING-NOTES create mode 100644 Python-3.11.10.tar.xz create mode 100644 Python-3.11.10.tar.xz.asc create mode 100644 Python-3.11.11.tar.xz create mode 100644 Python-3.11.11.tar.xz.sigstore create mode 100644 Python-3.11.12.tar.xz create mode 100644 Python-3.11.12.tar.xz.sigstore create mode 100644 Python-3.11.13.tar.xz create mode 100644 Python-3.11.13.tar.xz.sigstore create mode 100644 README.SUSE create mode 100644 _multibuild create mode 100644 add-loongarch64-support.patch create mode 100644 baselibs.conf create mode 100644 bluez-devel-vendor.tar.xz create mode 100644 bpo-31046_ensurepip_honours_prefix.patch create mode 100644 bsc1221260-test_asyncio-ResourceWarning.patch create mode 100644 bso1227999-reproducible-builds.patch create mode 100644 distutils-reproducible-compile.patch create mode 100644 externally_managed.in create mode 100644 fix_configure_rst.patch create mode 100644 gh-126572-test_ssl-no-stop-ThreadedEchoServer-OSError.patch create mode 100644 gh120226-fix-sendfile-test-kernel-610.patch create mode 100644 idle3.appdata.xml create mode 100644 idle3.desktop create mode 100644 import_failed.map create mode 100644 import_failed.py create mode 100644 macros.python3 create mode 100644 no-skipif-doctests.patch create mode 100644 pre_checkin.sh create mode 100644 python-3.3.0b1-fix_date_time_compiler.patch create mode 100644 python-3.3.0b1-localpath.patch create mode 100644 python-3.3.0b1-test-posix_fadvise.patch create mode 100644 python.keyring create mode 100644 python311-rpmlintrc create mode 100644 python311.changes create mode 100644 python311.spec create mode 100644 skip-test_pyobject_freed_is_freed.patch create mode 100644 skip_if_buildbot-extend.patch create mode 100644 skipped_tests.py create mode 100644 subprocess-raise-timeout.patch diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/CVE-2023-52425-libexpat-2.6.0-backport.patch b/CVE-2023-52425-libexpat-2.6.0-backport.patch new file mode 100644 index 0000000..1acc25a --- /dev/null +++ b/CVE-2023-52425-libexpat-2.6.0-backport.patch @@ -0,0 +1,233 @@ +--- + Lib/test/support/__init__.py | 16 ++++++++++++++-- + Lib/test/test_minidom.py | 23 +++++++++-------------- + Lib/test/test_pyexpat.py | 12 +++++------- + Lib/test/test_sax.py | 18 +++++++++--------- + Lib/test/test_xml_etree.py | 12 ------------ + 5 files changed, 37 insertions(+), 44 deletions(-) + +Index: Python-3.11.12/Lib/test/support/__init__.py +=================================================================== +--- Python-3.11.12.orig/Lib/test/support/__init__.py 2025-04-11 10:52:43.191010503 +0200 ++++ Python-3.11.12/Lib/test/support/__init__.py 2025-04-11 10:52:44.802161741 +0200 +@@ -8,6 +8,7 @@ + import functools + import os + import re ++import pyexpat + import stat + import sys + import sysconfig +@@ -56,7 +57,7 @@ + "run_with_tz", "PGO", "missing_compiler_executable", + "ALWAYS_EQ", "NEVER_EQ", "LARGEST", "SMALLEST", + "LOOPBACK_TIMEOUT", "INTERNET_TIMEOUT", "SHORT_TIMEOUT", "LONG_TIMEOUT", +- "skip_on_s390x", ++ "skip_on_s390x", "fails_with_expat_2_6_0", "is_expat_2_6_0" + ] + + +@@ -2244,6 +2245,17 @@ + } + return ignored + +-#Windows doesn't have os.uname() but it doesn't support s390x. ++ ++# Windows doesn't have os.uname() but it doesn't support s390x. + skip_on_s390x = unittest.skipIf(hasattr(os, 'uname') and os.uname().machine == 's390x', + 'skipped on s390x') ++ ++ ++@functools.lru_cache ++def _is_expat_2_6_0(): ++ return hasattr(pyexpat.ParserCreate(), 'SetReparseDeferralEnabled') ++is_expat_2_6_0 = _is_expat_2_6_0() ++ ++fails_with_expat_2_6_0 = (unittest.expectedFailure ++ if is_expat_2_6_0 ++ else lambda test: test) +Index: Python-3.11.12/Lib/test/test_minidom.py +=================================================================== +--- Python-3.11.12.orig/Lib/test/test_minidom.py 2025-04-11 10:52:21.907086938 +0200 ++++ Python-3.11.12/Lib/test/test_minidom.py 2025-04-11 10:52:44.802522893 +0200 +@@ -6,7 +6,6 @@ + from test import support + import unittest + +-import pyexpat + import xml.dom.minidom + + from xml.dom.minidom import parse, Attr, Node, Document, parseString +@@ -1163,13 +1162,11 @@ + + # Verify that character decoding errors raise exceptions instead + # of crashing +- if pyexpat.version_info >= (2, 4, 5): +- self.assertRaises(ExpatError, parseString, +- b'') +- self.assertRaises(ExpatError, parseString, +- b'Comment \xe7a va ? Tr\xe8s bien ?') +- else: +- self.assertRaises(UnicodeDecodeError, parseString, ++ # It doesn’t make any sense to insist on the exact text of the ++ # error message, or even the exact Exception … it is enough that ++ # the error has been discovered. ++ with self.assertRaises((UnicodeDecodeError, ExpatError)): ++ parseString( + b'Comment \xe7a va ? Tr\xe8s bien ?') + + doc.unlink() +@@ -1631,12 +1628,10 @@ + self.confirm(doc2.namespaceURI == xml.dom.EMPTY_NAMESPACE) + + def testExceptionOnSpacesInXMLNSValue(self): +- if pyexpat.version_info >= (2, 4, 5): +- context = self.assertRaisesRegex(ExpatError, 'syntax error') +- else: +- context = self.assertRaisesRegex(ValueError, 'Unsupported syntax') +- +- with context: ++ # It doesn’t make any sense to insist on the exact text of the ++ # error message, or even the exact Exception … it is enough that ++ # the error has been discovered. ++ with self.assertRaises((ExpatError, ValueError)): + parseString('') + + def testDocRemoveChild(self): +Index: Python-3.11.12/Lib/test/test_pyexpat.py +=================================================================== +--- Python-3.11.12.orig/Lib/test/test_pyexpat.py 2025-04-11 10:52:22.076696906 +0200 ++++ Python-3.11.12/Lib/test/test_pyexpat.py 2025-04-11 10:52:44.803228085 +0200 +@@ -14,8 +14,7 @@ + from xml.parsers import expat + from xml.parsers.expat import errors + +-from test.support import sortdict, is_emscripten, is_wasi +- ++from test.support import sortdict, is_emscripten, is_wasi, is_expat_2_6_0 + + class SetAttributeTest(unittest.TestCase): + def setUp(self): +@@ -770,9 +769,8 @@ + self.assertIs(parser.GetReparseDeferralEnabled(), enabled) + + def test_reparse_deferral_enabled(self): +- if expat.version_info < (2, 6, 0): +- self.skipTest(f'Expat {expat.version_info} does not ' +- 'support reparse deferral') ++ if not is_expat_2_6_0: ++ self.skipTest("Linked libexpat doesn't support reparse deferral") + + started = [] + +@@ -801,9 +799,9 @@ + + parser = expat.ParserCreate() + parser.StartElementHandler = start_element +- if expat.version_info >= (2, 6, 0): ++ if is_expat_2_6_0: + parser.SetReparseDeferralEnabled(False) +- self.assertFalse(parser.GetReparseDeferralEnabled()) ++ self.assertFalse(parser.GetReparseDeferralEnabled()) + + for chunk in (b''): + parser.Parse(chunk, False) +Index: Python-3.11.12/Lib/test/test_sax.py +=================================================================== +--- Python-3.11.12.orig/Lib/test/test_sax.py 2025-04-11 10:52:22.111440337 +0200 ++++ Python-3.11.12/Lib/test/test_sax.py 2025-04-11 10:52:44.803567098 +0200 +@@ -19,13 +19,11 @@ + from io import BytesIO, StringIO + import codecs + import os.path +-import pyexpat + import shutil + import sys + from urllib.error import URLError + import urllib.request +-from test.support import os_helper +-from test.support import findfile ++from test.support import os_helper, findfile, is_expat_2_6_0 + from test.support.os_helper import FakePath, TESTFN + + +@@ -1215,10 +1213,10 @@ + + self.assertEqual(result.getvalue(), start + b"text") + +- @unittest.skipIf(pyexpat.version_info < (2, 6, 0), +- f'Expat {pyexpat.version_info} does not ' +- 'support reparse deferral') + def test_flush_reparse_deferral_enabled(self): ++ if not is_expat_2_6_0: ++ self.skipTest("Linked libexpat doesn't support reparse deferral") ++ + result = BytesIO() + xmlgen = XMLGenerator(result) + parser = create_parser() +@@ -1241,6 +1239,9 @@ + self.assertEqual(result.getvalue(), start + b"") + + def test_flush_reparse_deferral_disabled(self): ++ if not is_expat_2_6_0: ++ self.skipTest("Linked libexpat doesn't support reparse deferral") ++ + result = BytesIO() + xmlgen = XMLGenerator(result) + parser = create_parser() +@@ -1249,9 +1250,8 @@ + for chunk in (""): + parser.feed(chunk) + +- if pyexpat.version_info >= (2, 6, 0): +- parser._parser.SetReparseDeferralEnabled(False) +- self.assertEqual(result.getvalue(), start) # i.e. no elements started ++ parser._parser.SetReparseDeferralEnabled(False) ++ self.assertEqual(result.getvalue(), start) # i.e. no elements started + + self.assertFalse(parser._parser.GetReparseDeferralEnabled()) + +Index: Python-3.11.12/Lib/test/test_xml_etree.py +=================================================================== +--- Python-3.11.12.orig/Lib/test/test_xml_etree.py 2025-04-11 10:52:22.425637912 +0200 ++++ Python-3.11.12/Lib/test/test_xml_etree.py 2025-04-11 10:52:44.804234785 +0200 +@@ -13,7 +13,6 @@ + import operator + import os + import pickle +-import pyexpat + import sys + import textwrap + import types +@@ -1424,12 +1423,6 @@ + self.assert_event_tags(parser, [('end', 'root')]) + self.assertIsNone(parser.close()) + +- def test_simple_xml_chunk_1(self): +- self.test_simple_xml(chunk_size=1, flush=True) +- +- def test_simple_xml_chunk_5(self): +- self.test_simple_xml(chunk_size=5, flush=True) +- + def test_simple_xml_chunk_22(self): + self.test_simple_xml(chunk_size=22) + +@@ -1627,9 +1620,6 @@ + with self.assertRaises(ValueError): + ET.XMLPullParser(events=('start', 'end', 'bogus')) + +- @unittest.skipIf(pyexpat.version_info < (2, 6, 0), +- f'Expat {pyexpat.version_info} does not ' +- 'support reparse deferral') + def test_flush_reparse_deferral_enabled(self): + parser = ET.XMLPullParser(events=('start', 'end')) + +@@ -1656,8 +1646,6 @@ + + for chunk in (""): + parser.feed(chunk) +- +- if pyexpat.version_info >= (2, 6, 0): + if not ET is pyET: + self.skipTest(f'XMLParser.(Get|Set)ReparseDeferralEnabled ' + 'methods not available in C') diff --git a/CVE-2023-52425-remove-reparse_deferral-tests.patch b/CVE-2023-52425-remove-reparse_deferral-tests.patch new file mode 100644 index 0000000..553bdf8 --- /dev/null +++ b/CVE-2023-52425-remove-reparse_deferral-tests.patch @@ -0,0 +1,60 @@ +--- + Lib/test/test_pyexpat.py | 2 ++ + Lib/test/test_sax.py | 2 ++ + Lib/test/test_xml_etree.py | 2 ++ + 3 files changed, 6 insertions(+) + +--- a/Lib/test/test_pyexpat.py ++++ b/Lib/test/test_pyexpat.py +@@ -768,6 +768,7 @@ class ReparseDeferralTest(unittest.TestC + parser.SetReparseDeferralEnabled(True) + self.assertIs(parser.GetReparseDeferralEnabled(), enabled) + ++ @unittest.skip('Tests are failing.') + def test_reparse_deferral_enabled(self): + if not is_expat_2_6_0: + self.skipTest("Linked libexpat doesn't support reparse deferral") +@@ -791,6 +792,7 @@ class ReparseDeferralTest(unittest.TestC + + self.assertEqual(started, ['doc']) + ++ @unittest.skip('Tests are failing.') + def test_reparse_deferral_disabled(self): + started = [] + +--- a/Lib/test/test_sax.py ++++ b/Lib/test/test_sax.py +@@ -1213,6 +1213,7 @@ class ExpatReaderTest(XmlTestBase): + + self.assertEqual(result.getvalue(), start + b"text") + ++ @unittest.skip('Tests are failing.') + def test_flush_reparse_deferral_enabled(self): + if not is_expat_2_6_0: + self.skipTest("Linked libexpat doesn't support reparse deferral") +@@ -1238,6 +1239,7 @@ class ExpatReaderTest(XmlTestBase): + + self.assertEqual(result.getvalue(), start + b"") + ++ @unittest.skip('Tests are failing.') + def test_flush_reparse_deferral_disabled(self): + if not is_expat_2_6_0: + self.skipTest("Linked libexpat doesn't support reparse deferral") +--- a/Lib/test/test_xml_etree.py ++++ b/Lib/test/test_xml_etree.py +@@ -1620,6 +1620,7 @@ class XMLPullParserTest(unittest.TestCas + with self.assertRaises(ValueError): + ET.XMLPullParser(events=('start', 'end', 'bogus')) + ++ @unittest.skip('Tests are failing.') + def test_flush_reparse_deferral_enabled(self): + parser = ET.XMLPullParser(events=('start', 'end')) + +@@ -1641,6 +1642,7 @@ class XMLPullParserTest(unittest.TestCas + + self.assert_event_tags(parser, [('end', 'doc')]) + ++ @unittest.skip('Tests are failing.') + def test_flush_reparse_deferral_disabled(self): + parser = ET.XMLPullParser(events=('start', 'end')) + diff --git a/CVE-2024-9287-venv_path_unquoted.patch b/CVE-2024-9287-venv_path_unquoted.patch new file mode 100644 index 0000000..541a907 --- /dev/null +++ b/CVE-2024-9287-venv_path_unquoted.patch @@ -0,0 +1,299 @@ +From 1408cc9bf9e8b19968761548c30b78d37074c21c Mon Sep 17 00:00:00 2001 +From: Y5 <124019959+y5c4l3@users.noreply.github.com> +Date: Tue, 22 Oct 2024 04:48:04 +0800 +Subject: [PATCH] gh-124651: Quote template strings in `venv` activation + scripts (GH-124712) + +This patch properly quotes template strings in `venv` activation +scripts. This mitigates potential command injection. + +(cherry picked from commit d48cc82ed25e26b02eb97c6263d95dcaa1e9111b) +--- + Lib/test/test_venv.py | 81 ++++++++++ + Lib/venv/__init__.py | 42 ++++- + Lib/venv/scripts/common/activate | 8 + Lib/venv/scripts/nt/activate.bat | 6 + Lib/venv/scripts/posix/activate.csh | 8 + Lib/venv/scripts/posix/activate.fish | 8 + Misc/NEWS.d/next/Library/2024-09-28-02-03-04.gh-issue-124651.bLBGtH.rst | 1 + 7 files changed, 134 insertions(+), 20 deletions(-) + create mode 100644 Misc/NEWS.d/next/Library/2024-09-28-02-03-04.gh-issue-124651.bLBGtH.rst + +--- a/Lib/test/test_venv.py ++++ b/Lib/test/test_venv.py +@@ -11,6 +11,7 @@ import os + import os.path + import pathlib + import re ++import shlex + import shutil + import struct + import subprocess +@@ -96,6 +97,10 @@ class BaseTest(unittest.TestCase): + result = f.read() + return result + ++ def assertEndsWith(self, string, tail): ++ if not string.endswith(tail): ++ self.fail(f"String {string!r} does not end with {tail!r}") ++ + class BasicTest(BaseTest): + """Test venv module functionality.""" + +@@ -446,6 +451,82 @@ class BasicTest(BaseTest): + 'import sys; print(sys.executable)']) + self.assertEqual(out.strip(), envpy.encode()) + ++ # gh-124651: test quoted strings ++ @unittest.skipIf(os.name == 'nt', 'contains invalid characters on Windows') ++ def test_special_chars_bash(self): ++ """ ++ Test that the template strings are quoted properly (bash) ++ """ ++ rmtree(self.env_dir) ++ bash = shutil.which('bash') ++ if bash is None: ++ self.skipTest('bash required for this test') ++ env_name = '"\';&&$e|\'"' ++ env_dir = os.path.join(os.path.realpath(self.env_dir), env_name) ++ builder = venv.EnvBuilder(clear=True) ++ builder.create(env_dir) ++ activate = os.path.join(env_dir, self.bindir, 'activate') ++ test_script = os.path.join(self.env_dir, 'test_special_chars.sh') ++ with open(test_script, "w") as f: ++ f.write(f'source {shlex.quote(activate)}\n' ++ 'python -c \'import sys; print(sys.executable)\'\n' ++ 'python -c \'import os; print(os.environ["VIRTUAL_ENV"])\'\n' ++ 'deactivate\n') ++ out, err = check_output([bash, test_script]) ++ lines = out.splitlines() ++ self.assertTrue(env_name.encode() in lines[0]) ++ self.assertEndsWith(lines[1], env_name.encode()) ++ ++ # gh-124651: test quoted strings ++ @unittest.skipIf(os.name == 'nt', 'contains invalid characters on Windows') ++ def test_special_chars_csh(self): ++ """ ++ Test that the template strings are quoted properly (csh) ++ """ ++ rmtree(self.env_dir) ++ csh = shutil.which('tcsh') or shutil.which('csh') ++ if csh is None: ++ self.skipTest('csh required for this test') ++ env_name = '"\';&&$e|\'"' ++ env_dir = os.path.join(os.path.realpath(self.env_dir), env_name) ++ builder = venv.EnvBuilder(clear=True) ++ builder.create(env_dir) ++ activate = os.path.join(env_dir, self.bindir, 'activate.csh') ++ test_script = os.path.join(self.env_dir, 'test_special_chars.csh') ++ with open(test_script, "w") as f: ++ f.write(f'source {shlex.quote(activate)}\n' ++ 'python -c \'import sys; print(sys.executable)\'\n' ++ 'python -c \'import os; print(os.environ["VIRTUAL_ENV"])\'\n' ++ 'deactivate\n') ++ out, err = check_output([csh, test_script]) ++ lines = out.splitlines() ++ self.assertTrue(env_name.encode() in lines[0]) ++ self.assertEndsWith(lines[1], env_name.encode()) ++ ++ # gh-124651: test quoted strings on Windows ++ @unittest.skipUnless(os.name == 'nt', 'only relevant on Windows') ++ def test_special_chars_windows(self): ++ """ ++ Test that the template strings are quoted properly on Windows ++ """ ++ rmtree(self.env_dir) ++ env_name = "'&&^$e" ++ env_dir = os.path.join(os.path.realpath(self.env_dir), env_name) ++ builder = venv.EnvBuilder(clear=True) ++ builder.create(env_dir) ++ activate = os.path.join(env_dir, self.bindir, 'activate.bat') ++ test_batch = os.path.join(self.env_dir, 'test_special_chars.bat') ++ with open(test_batch, "w") as f: ++ f.write('@echo off\n' ++ f'"{activate}" & ' ++ f'{self.exe} -c "import sys; print(sys.executable)" & ' ++ f'{self.exe} -c "import os; print(os.environ[\'VIRTUAL_ENV\'])" & ' ++ 'deactivate') ++ out, err = check_output([test_batch]) ++ lines = out.splitlines() ++ self.assertTrue(env_name.encode() in lines[0]) ++ self.assertEndsWith(lines[1], env_name.encode()) ++ + @unittest.skipUnless(os.name == 'nt', 'only relevant on Windows') + def test_unicode_in_batch_file(self): + """ +--- a/Lib/venv/__init__.py ++++ b/Lib/venv/__init__.py +@@ -11,6 +11,7 @@ import subprocess + import sys + import sysconfig + import types ++import shlex + + + CORE_VENV_DEPS = ('pip', 'setuptools') +@@ -394,11 +395,41 @@ class EnvBuilder: + :param context: The information for the environment creation request + being processed. + """ +- text = text.replace('__VENV_DIR__', context.env_dir) +- text = text.replace('__VENV_NAME__', context.env_name) +- text = text.replace('__VENV_PROMPT__', context.prompt) +- text = text.replace('__VENV_BIN_NAME__', context.bin_name) +- text = text.replace('__VENV_PYTHON__', context.env_exe) ++ replacements = { ++ '__VENV_DIR__': context.env_dir, ++ '__VENV_NAME__': context.env_name, ++ '__VENV_PROMPT__': context.prompt, ++ '__VENV_BIN_NAME__': context.bin_name, ++ '__VENV_PYTHON__': context.env_exe, ++ } ++ ++ def quote_ps1(s): ++ """ ++ This should satisfy PowerShell quoting rules [1], unless the quoted ++ string is passed directly to Windows native commands [2]. ++ [1]: https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_quoting_rules ++ [2]: https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_parsing#passing-arguments-that-contain-quote-characters ++ """ ++ s = s.replace("'", "''") ++ return f"'{s}'" ++ ++ def quote_bat(s): ++ return s ++ ++ # gh-124651: need to quote the template strings properly ++ quote = shlex.quote ++ script_path = context.script_path ++ if script_path.endswith('.ps1'): ++ quote = quote_ps1 ++ elif script_path.endswith('.bat'): ++ quote = quote_bat ++ else: ++ # fallbacks to POSIX shell compliant quote ++ quote = shlex.quote ++ ++ replacements = {key: quote(s) for key, s in replacements.items()} ++ for key, quoted in replacements.items(): ++ text = text.replace(key, quoted) + return text + + def install_scripts(self, context, path): +@@ -438,6 +469,7 @@ class EnvBuilder: + with open(srcfile, 'rb') as f: + data = f.read() + if not srcfile.endswith(('.exe', '.pdb')): ++ context.script_path = srcfile + try: + data = data.decode('utf-8') + data = self.replace_variables(data, context) +--- a/Lib/venv/scripts/common/activate ++++ b/Lib/venv/scripts/common/activate +@@ -35,11 +35,11 @@ deactivate () { + # unset irrelevant variables + deactivate nondestructive + +-VIRTUAL_ENV="__VENV_DIR__" ++VIRTUAL_ENV=__VENV_DIR__ + export VIRTUAL_ENV + + _OLD_VIRTUAL_PATH="$PATH" +-PATH="$VIRTUAL_ENV/__VENV_BIN_NAME__:$PATH" ++PATH="$VIRTUAL_ENV/"__VENV_BIN_NAME__":$PATH" + export PATH + + # unset PYTHONHOME if set +@@ -52,9 +52,9 @@ fi + + if [ -z "${VIRTUAL_ENV_DISABLE_PROMPT:-}" ] ; then + _OLD_VIRTUAL_PS1="${PS1:-}" +- PS1="__VENV_PROMPT__${PS1:-}" ++ PS1=__VENV_PROMPT__"${PS1:-}" + export PS1 +- VIRTUAL_ENV_PROMPT="__VENV_PROMPT__" ++ VIRTUAL_ENV_PROMPT=__VENV_PROMPT__ + export VIRTUAL_ENV_PROMPT + fi + +--- a/Lib/venv/scripts/nt/activate.bat ++++ b/Lib/venv/scripts/nt/activate.bat +@@ -8,7 +8,7 @@ if defined _OLD_CODEPAGE ( + "%SystemRoot%\System32\chcp.com" 65001 > nul + ) + +-set VIRTUAL_ENV=__VENV_DIR__ ++set "VIRTUAL_ENV=__VENV_DIR__" + + if not defined PROMPT set PROMPT=$P$G + +@@ -24,8 +24,8 @@ set PYTHONHOME= + if defined _OLD_VIRTUAL_PATH set PATH=%_OLD_VIRTUAL_PATH% + if not defined _OLD_VIRTUAL_PATH set _OLD_VIRTUAL_PATH=%PATH% + +-set PATH=%VIRTUAL_ENV%\__VENV_BIN_NAME__;%PATH% +-set VIRTUAL_ENV_PROMPT=__VENV_PROMPT__ ++set "PATH=%VIRTUAL_ENV%\__VENV_BIN_NAME__;%PATH%" ++set "VIRTUAL_ENV_PROMPT=__VENV_PROMPT__" + + :END + if defined _OLD_CODEPAGE ( +--- a/Lib/venv/scripts/posix/activate.csh ++++ b/Lib/venv/scripts/posix/activate.csh +@@ -8,17 +8,17 @@ alias deactivate 'test $?_OLD_VIRTUAL_PA + # Unset irrelevant variables. + deactivate nondestructive + +-setenv VIRTUAL_ENV "__VENV_DIR__" ++setenv VIRTUAL_ENV __VENV_DIR__ + + set _OLD_VIRTUAL_PATH="$PATH" +-setenv PATH "$VIRTUAL_ENV/__VENV_BIN_NAME__:$PATH" ++setenv PATH "$VIRTUAL_ENV/"__VENV_BIN_NAME__":$PATH" + + + set _OLD_VIRTUAL_PROMPT="$prompt" + + if (! "$?VIRTUAL_ENV_DISABLE_PROMPT") then +- set prompt = "__VENV_PROMPT__$prompt" +- setenv VIRTUAL_ENV_PROMPT "__VENV_PROMPT__" ++ set prompt = __VENV_PROMPT__"$prompt" ++ setenv VIRTUAL_ENV_PROMPT __VENV_PROMPT__ + endif + + alias pydoc python -m pydoc +--- a/Lib/venv/scripts/posix/activate.fish ++++ b/Lib/venv/scripts/posix/activate.fish +@@ -33,10 +33,10 @@ end + # Unset irrelevant variables. + deactivate nondestructive + +-set -gx VIRTUAL_ENV "__VENV_DIR__" ++set -gx VIRTUAL_ENV __VENV_DIR__ + + set -gx _OLD_VIRTUAL_PATH $PATH +-set -gx PATH "$VIRTUAL_ENV/__VENV_BIN_NAME__" $PATH ++set -gx PATH "$VIRTUAL_ENV/"__VENV_BIN_NAME__ $PATH + + # Unset PYTHONHOME if set. + if set -q PYTHONHOME +@@ -56,7 +56,7 @@ if test -z "$VIRTUAL_ENV_DISABLE_PROMPT" + set -l old_status $status + + # Output the venv prompt; color taken from the blue of the Python logo. +- printf "%s%s%s" (set_color 4B8BBE) "__VENV_PROMPT__" (set_color normal) ++ printf "%s%s%s" (set_color 4B8BBE) __VENV_PROMPT__ (set_color normal) + + # Restore the return status of the previous command. + echo "exit $old_status" | . +@@ -65,5 +65,5 @@ if test -z "$VIRTUAL_ENV_DISABLE_PROMPT" + end + + set -gx _OLD_FISH_PROMPT_OVERRIDE "$VIRTUAL_ENV" +- set -gx VIRTUAL_ENV_PROMPT "__VENV_PROMPT__" ++ set -gx VIRTUAL_ENV_PROMPT __VENV_PROMPT__ + end +--- /dev/null ++++ b/Misc/NEWS.d/next/Library/2024-09-28-02-03-04.gh-issue-124651.bLBGtH.rst +@@ -0,0 +1 @@ ++Properly quote template strings in :mod:`venv` activation scripts. diff --git a/CVE-2025-0938-sq-brackets-domain-names.patch b/CVE-2025-0938-sq-brackets-domain-names.patch new file mode 100644 index 0000000..7db4656 --- /dev/null +++ b/CVE-2025-0938-sq-brackets-domain-names.patch @@ -0,0 +1,127 @@ +From d91e2c740890837edafaee24d68112b776cda9c5 Mon Sep 17 00:00:00 2001 +From: Seth Michael Larson +Date: Fri, 31 Jan 2025 11:41:34 -0600 +Subject: [PATCH] gh-105704: Disallow square brackets (`[` and `]`) in domain + names for parsed URLs (GH-129418) + +* gh-105704: Disallow square brackets ( and ) in domain names for parsed URLs + +* Use Sphinx references + +Co-authored-by: Peter Bierma + +* Add mismatched bracket test cases, fix news format + +* Add more test coverage for ports + +--------- + +(cherry picked from commit d89a5f6a6e65511a5f6e0618c4c30a7aa5aba56a) + +Co-authored-by: Seth Michael Larson +Co-authored-by: Peter Bierma +--- + Lib/test/test_urlparse.py | 37 +++++++++- + Lib/urllib/parse.py | 20 ++++- + Misc/NEWS.d/next/Security/2025-01-28-14-08-03.gh-issue-105704.EnhHxu.rst | 4 + + 3 files changed, 58 insertions(+), 3 deletions(-) + create mode 100644 Misc/NEWS.d/next/Security/2025-01-28-14-08-03.gh-issue-105704.EnhHxu.rst + +--- a/Lib/test/test_urlparse.py ++++ b/Lib/test/test_urlparse.py +@@ -1224,16 +1224,51 @@ class UrlParseTestCase(unittest.TestCase + self.assertRaises(ValueError, urllib.parse.urlsplit, 'Scheme://user@[0439:23af::2309::fae7:1234]/Path?Query') + self.assertRaises(ValueError, urllib.parse.urlsplit, 'Scheme://user@[0439:23af:2309::fae7:1234:2342:438e:192.0.2.146]/Path?Query') + self.assertRaises(ValueError, urllib.parse.urlsplit, 'Scheme://user@]v6a.ip[/Path') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[v6a.ip]') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[v6a.ip].suffix') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[v6a.ip]/') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[v6a.ip].suffix/') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[v6a.ip]?') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[v6a.ip].suffix?') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]/') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix/') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]?') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix?') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]:a') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix:a') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]:a1') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix:a1') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]:1a') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix:1a') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]:') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix:/') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]:?') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://user@prefix.[v6a.ip]') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://user@[v6a.ip].suffix') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[v6a.ip') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://v6a.ip]') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://]v6a.ip[') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://]v6a.ip') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://v6a.ip[') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[v6a.ip') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://v6a.ip].suffix') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix]v6a.ip[suffix') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix]v6a.ip') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://v6a.ip[suffix') + + def test_splitting_bracketed_hosts(self): +- p1 = urllib.parse.urlsplit('scheme://user@[v6a.ip]/path?query') ++ p1 = urllib.parse.urlsplit('scheme://user@[v6a.ip]:1234/path?query') + self.assertEqual(p1.hostname, 'v6a.ip') + self.assertEqual(p1.username, 'user') + self.assertEqual(p1.path, '/path') ++ self.assertEqual(p1.port, 1234) + p2 = urllib.parse.urlsplit('scheme://user@[0439:23af:2309::fae7%test]/path?query') + self.assertEqual(p2.hostname, '0439:23af:2309::fae7%test') + self.assertEqual(p2.username, 'user') + self.assertEqual(p2.path, '/path') ++ self.assertIs(p2.port, None) + p3 = urllib.parse.urlsplit('scheme://user@[0439:23af:2309::fae7:1234:192.0.2.146%test]/path?query') + self.assertEqual(p3.hostname, '0439:23af:2309::fae7:1234:192.0.2.146%test') + self.assertEqual(p3.username, 'user') +--- a/Lib/urllib/parse.py ++++ b/Lib/urllib/parse.py +@@ -436,6 +436,23 @@ def _checknetloc(netloc): + raise ValueError("netloc '" + netloc + "' contains invalid " + + "characters under NFKC normalization") + ++def _check_bracketed_netloc(netloc): ++ # Note that this function must mirror the splitting ++ # done in NetlocResultMixins._hostinfo(). ++ hostname_and_port = netloc.rpartition('@')[2] ++ before_bracket, have_open_br, bracketed = hostname_and_port.partition('[') ++ if have_open_br: ++ # No data is allowed before a bracket. ++ if before_bracket: ++ raise ValueError("Invalid IPv6 URL") ++ hostname, _, port = bracketed.partition(']') ++ # No data is allowed after the bracket but before the port delimiter. ++ if port and not port.startswith(":"): ++ raise ValueError("Invalid IPv6 URL") ++ else: ++ hostname, _, port = hostname_and_port.partition(':') ++ _check_bracketed_host(hostname) ++ + # Valid bracketed hosts are defined in + # https://www.rfc-editor.org/rfc/rfc3986#page-49 and https://url.spec.whatwg.org/ + def _check_bracketed_host(hostname): +@@ -496,8 +513,7 @@ def urlsplit(url, scheme='', allow_fragm + (']' in netloc and '[' not in netloc)): + raise ValueError("Invalid IPv6 URL") + if '[' in netloc and ']' in netloc: +- bracketed_host = netloc.partition('[')[2].partition(']')[0] +- _check_bracketed_host(bracketed_host) ++ _check_bracketed_netloc(netloc) + if allow_fragments and '#' in url: + url, fragment = url.split('#', 1) + if '?' in url: +--- /dev/null ++++ b/Misc/NEWS.d/next/Security/2025-01-28-14-08-03.gh-issue-105704.EnhHxu.rst +@@ -0,0 +1,4 @@ ++When using :func:`urllib.parse.urlsplit` and :func:`urllib.parse.urlparse` host ++parsing would not reject domain names containing square brackets (``[`` and ++``]``). Square brackets are only valid for IPv6 and IPvFuture hosts according to ++`RFC 3986 Section 3.2.2 `__. diff --git a/CVE-2025-4516-DecodeError-handler.patch b/CVE-2025-4516-DecodeError-handler.patch new file mode 100644 index 0000000..fc4b1d6 --- /dev/null +++ b/CVE-2025-4516-DecodeError-handler.patch @@ -0,0 +1,504 @@ +From 0c33e5baedf18ebcb04bc41dff7cfc614d5ea5fe Mon Sep 17 00:00:00 2001 +From: Serhiy Storchaka +Date: Tue, 20 May 2025 15:46:57 +0300 +Subject: [PATCH] [3.11] gh-133767: Fix use-after-free in the unicode-escape + decoder with an error handler (GH-129648) (GH-133944) + +If the error handler is used, a new bytes object is created to set as +the object attribute of UnicodeDecodeError, and that bytes object then +replaces the original data. A pointer to the decoded data will became invalid +after destroying that temporary bytes object. So we need other way to return +the first invalid escape from _PyUnicode_DecodeUnicodeEscapeInternal(). + +_PyBytes_DecodeEscape() does not have such issue, because it does not +use the error handlers registry, but it should be changed for compatibility +with _PyUnicode_DecodeUnicodeEscapeInternal(). +(cherry picked from commit 9f69a58623bd01349a18ba0c7a9cb1dad6a51e8e) +(cherry picked from commit 6279eb8c076d89d3739a6edb393e43c7929b429d) +(cherry picked from commit a75953b347716fff694aa59a7c7c2489fa50d1f5) + +Co-authored-by: Serhiy Storchaka +--- + Include/cpython/bytesobject.h | 4 + Include/cpython/unicodeobject.h | 13 ++ + Lib/test/test_codeccallbacks.py | 39 ++++++ + Lib/test/test_codecs.py | 52 ++++++-- + Misc/NEWS.d/next/Security/2025-05-09-20-22-54.gh-issue-133767.kN2i3Q.rst | 2 + Objects/bytesobject.c | 56 ++++++-- + Objects/unicodeobject.c | 63 +++++++--- + Parser/string_parser.c | 24 ++- + 8 files changed, 197 insertions(+), 56 deletions(-) + create mode 100644 Misc/NEWS.d/next/Security/2025-05-09-20-22-54.gh-issue-133767.kN2i3Q.rst + +--- a/Include/cpython/bytesobject.h ++++ b/Include/cpython/bytesobject.h +@@ -25,6 +25,10 @@ PyAPI_FUNC(PyObject*) _PyBytes_FromHex( + int use_bytearray); + + /* Helper for PyBytes_DecodeEscape that detects invalid escape chars. */ ++PyAPI_FUNC(PyObject*) _PyBytes_DecodeEscape2(const char *, Py_ssize_t, ++ const char *, ++ int *, const char **); ++// Export for binary compatibility. + PyAPI_FUNC(PyObject *) _PyBytes_DecodeEscape(const char *, Py_ssize_t, + const char *, const char **); + +--- a/Include/cpython/unicodeobject.h ++++ b/Include/cpython/unicodeobject.h +@@ -914,6 +914,19 @@ PyAPI_FUNC(PyObject*) _PyUnicode_DecodeU + ); + /* Helper for PyUnicode_DecodeUnicodeEscape that detects invalid escape + chars. */ ++PyAPI_FUNC(PyObject*) _PyUnicode_DecodeUnicodeEscapeInternal2( ++ const char *string, /* Unicode-Escape encoded string */ ++ Py_ssize_t length, /* size of string */ ++ const char *errors, /* error handling */ ++ Py_ssize_t *consumed, /* bytes consumed */ ++ int *first_invalid_escape_char, /* on return, if not -1, contain the first ++ invalid escaped char (<= 0xff) or invalid ++ octal escape (> 0xff) in string. */ ++ const char **first_invalid_escape_ptr); /* on return, if not NULL, may ++ point to the first invalid escaped ++ char in string. ++ May be NULL if errors is not NULL. */ ++// Export for binary compatibility. + PyAPI_FUNC(PyObject*) _PyUnicode_DecodeUnicodeEscapeInternal( + const char *string, /* Unicode-Escape encoded string */ + Py_ssize_t length, /* size of string */ +--- a/Lib/test/test_codeccallbacks.py ++++ b/Lib/test/test_codeccallbacks.py +@@ -1,6 +1,7 @@ + import codecs + import html.entities + import itertools ++import re + import sys + import unicodedata + import unittest +@@ -1124,7 +1125,7 @@ class CodecCallbackTest(unittest.TestCas + text = 'abcghi'*n + text.translate(charmap) + +- def test_mutatingdecodehandler(self): ++ def test_mutating_decode_handler(self): + baddata = [ + ("ascii", b"\xff"), + ("utf-7", b"++"), +@@ -1159,6 +1160,42 @@ class CodecCallbackTest(unittest.TestCas + for (encoding, data) in baddata: + self.assertEqual(data.decode(encoding, "test.mutating"), "\u4242") + ++ def test_mutating_decode_handler_unicode_escape(self): ++ decode = codecs.unicode_escape_decode ++ def mutating(exc): ++ if isinstance(exc, UnicodeDecodeError): ++ r = data.get(exc.object[:exc.end]) ++ if r is not None: ++ exc.object = r[0] + exc.object[exc.end:] ++ return ('\u0404', r[1]) ++ raise AssertionError("don't know how to handle %r" % exc) ++ ++ codecs.register_error('test.mutating2', mutating) ++ data = { ++ br'\x0': (b'\\', 0), ++ br'\x3': (b'xxx\\', 3), ++ br'\x5': (b'x\\', 1), ++ } ++ def check(input, expected, msg): ++ with self.assertWarns(DeprecationWarning) as cm: ++ self.assertEqual(decode(input, 'test.mutating2'), (expected, len(input))) ++ self.assertIn(msg, str(cm.warning)) ++ ++ check(br'\x0n\z', '\u0404\n\\z', r"invalid escape sequence '\z'") ++ check(br'\x0n\501', '\u0404\n\u0141', r"invalid octal escape sequence '\501'") ++ check(br'\x0z', '\u0404\\z', r"invalid escape sequence '\z'") ++ ++ check(br'\x3n\zr', '\u0404\n\\zr', r"invalid escape sequence '\z'") ++ check(br'\x3zr', '\u0404\\zr', r"invalid escape sequence '\z'") ++ check(br'\x3z5', '\u0404\\z5', r"invalid escape sequence '\z'") ++ check(memoryview(br'\x3z5x')[:-1], '\u0404\\z5', r"invalid escape sequence '\z'") ++ check(memoryview(br'\x3z5xy')[:-2], '\u0404\\z5', r"invalid escape sequence '\z'") ++ ++ check(br'\x5n\z', '\u0404\n\\z', r"invalid escape sequence '\z'") ++ check(br'\x5n\501', '\u0404\n\u0141', r"invalid octal escape sequence '\501'") ++ check(br'\x5z', '\u0404\\z', r"invalid escape sequence '\z'") ++ check(memoryview(br'\x5zy')[:-1], '\u0404\\z', r"invalid escape sequence '\z'") ++ + # issue32583 + def test_crashing_decode_handler(self): + # better generating one more character to fill the extra space slot +--- a/Lib/test/test_codecs.py ++++ b/Lib/test/test_codecs.py +@@ -1198,23 +1198,39 @@ class EscapeDecodeTest(unittest.TestCase + check(br"[\1010]", b"[A0]") + check(br"[\x41]", b"[A]") + check(br"[\x410]", b"[A0]") ++ ++ def test_warnings(self): ++ decode = codecs.escape_decode ++ check = coding_checker(self, decode) + for i in range(97, 123): + b = bytes([i]) + if b not in b'abfnrtvx': +- with self.assertWarns(DeprecationWarning): ++ with self.assertWarnsRegex(DeprecationWarning, ++ r"invalid escape sequence '\\%c'" % i): + check(b"\\" + b, b"\\" + b) +- with self.assertWarns(DeprecationWarning): ++ with self.assertWarnsRegex(DeprecationWarning, ++ r"invalid escape sequence '\\%c'" % (i-32)): + check(b"\\" + b.upper(), b"\\" + b.upper()) +- with self.assertWarns(DeprecationWarning): ++ with self.assertWarnsRegex(DeprecationWarning, ++ r"invalid escape sequence '\\8'"): + check(br"\8", b"\\8") + with self.assertWarns(DeprecationWarning): + check(br"\9", b"\\9") +- with self.assertWarns(DeprecationWarning): ++ with self.assertWarnsRegex(DeprecationWarning, ++ r"invalid escape sequence '\\\xfa'") as cm: + check(b"\\\xfa", b"\\\xfa") + for i in range(0o400, 0o1000): +- with self.assertWarns(DeprecationWarning): ++ with self.assertWarnsRegex(DeprecationWarning, ++ r"invalid octal escape sequence '\\%o'" % i): + check(rb'\%o' % i, bytes([i & 0o377])) + ++ with self.assertWarnsRegex(DeprecationWarning, ++ r"invalid escape sequence '\\z'"): ++ self.assertEqual(decode(br'\x\z', 'ignore'), (b'\\z', 4)) ++ with self.assertWarnsRegex(DeprecationWarning, ++ r"invalid octal escape sequence '\\501'"): ++ self.assertEqual(decode(br'\x\501', 'ignore'), (b'A', 6)) ++ + def test_errors(self): + decode = codecs.escape_decode + self.assertRaises(ValueError, decode, br"\x") +@@ -2487,24 +2503,40 @@ class UnicodeEscapeTest(ReadTest, unitte + check(br"[\x410]", "[A0]") + check(br"\u20ac", "\u20ac") + check(br"\U0001d120", "\U0001d120") ++ ++ def test_decode_warnings(self): ++ decode = codecs.unicode_escape_decode ++ check = coding_checker(self, decode) + for i in range(97, 123): + b = bytes([i]) + if b not in b'abfnrtuvx': +- with self.assertWarns(DeprecationWarning): ++ with self.assertWarnsRegex(DeprecationWarning, ++ r"invalid escape sequence '\\%c'" % i): + check(b"\\" + b, "\\" + chr(i)) + if b.upper() not in b'UN': +- with self.assertWarns(DeprecationWarning): ++ with self.assertWarnsRegex(DeprecationWarning, ++ r"invalid escape sequence '\\%c'" % (i-32)): + check(b"\\" + b.upper(), "\\" + chr(i-32)) +- with self.assertWarns(DeprecationWarning): ++ with self.assertWarnsRegex(DeprecationWarning, ++ r"invalid escape sequence '\\8'"): + check(br"\8", "\\8") + with self.assertWarns(DeprecationWarning): + check(br"\9", "\\9") +- with self.assertWarns(DeprecationWarning): ++ with self.assertWarnsRegex(DeprecationWarning, ++ r"invalid escape sequence '\\\xfa'") as cm: + check(b"\\\xfa", "\\\xfa") + for i in range(0o400, 0o1000): +- with self.assertWarns(DeprecationWarning): ++ with self.assertWarnsRegex(DeprecationWarning, ++ r"invalid octal escape sequence '\\%o'" % i): + check(rb'\%o' % i, chr(i)) + ++ with self.assertWarnsRegex(DeprecationWarning, ++ r"invalid escape sequence '\\z'"): ++ self.assertEqual(decode(br'\x\z', 'ignore'), ('\\z', 4)) ++ with self.assertWarnsRegex(DeprecationWarning, ++ r"invalid octal escape sequence '\\501'"): ++ self.assertEqual(decode(br'\x\501', 'ignore'), ('\u0141', 6)) ++ + def test_decode_errors(self): + decode = codecs.unicode_escape_decode + for c, d in (b'x', 2), (b'u', 4), (b'U', 4): +--- /dev/null ++++ b/Misc/NEWS.d/next/Security/2025-05-09-20-22-54.gh-issue-133767.kN2i3Q.rst +@@ -0,0 +1,2 @@ ++Fix use-after-free in the "unicode-escape" decoder with a non-"strict" error ++handler. +--- a/Objects/bytesobject.c ++++ b/Objects/bytesobject.c +@@ -1057,10 +1057,11 @@ _PyBytes_FormatEx(const char *format, Py + } + + /* Unescape a backslash-escaped string. */ +-PyObject *_PyBytes_DecodeEscape(const char *s, ++PyObject *_PyBytes_DecodeEscape2(const char *s, + Py_ssize_t len, + const char *errors, +- const char **first_invalid_escape) ++ int *first_invalid_escape_char, ++ const char **first_invalid_escape_ptr) + { + int c; + char *p; +@@ -1074,7 +1075,8 @@ PyObject *_PyBytes_DecodeEscape(const ch + return NULL; + writer.overallocate = 1; + +- *first_invalid_escape = NULL; ++ *first_invalid_escape_char = -1; ++ *first_invalid_escape_ptr = NULL; + + end = s + len; + while (s < end) { +@@ -1112,9 +1114,10 @@ PyObject *_PyBytes_DecodeEscape(const ch + c = (c<<3) + *s++ - '0'; + } + if (c > 0377) { +- if (*first_invalid_escape == NULL) { +- *first_invalid_escape = s-3; /* Back up 3 chars, since we've +- already incremented s. */ ++ if (*first_invalid_escape_char == -1) { ++ *first_invalid_escape_char = c; ++ /* Back up 3 chars, since we've already incremented s. */ ++ *first_invalid_escape_ptr = s - 3; + } + } + *p++ = c; +@@ -1155,9 +1158,10 @@ PyObject *_PyBytes_DecodeEscape(const ch + break; + + default: +- if (*first_invalid_escape == NULL) { +- *first_invalid_escape = s-1; /* Back up one char, since we've +- already incremented s. */ ++ if (*first_invalid_escape_char == -1) { ++ *first_invalid_escape_char = (unsigned char)s[-1]; ++ /* Back up one char, since we've already incremented s. */ ++ *first_invalid_escape_ptr = s - 1; + } + *p++ = '\\'; + s--; +@@ -1171,23 +1175,39 @@ PyObject *_PyBytes_DecodeEscape(const ch + return NULL; + } + ++// Export for binary compatibility. ++PyObject *_PyBytes_DecodeEscape(const char *s, ++ Py_ssize_t len, ++ const char *errors, ++ const char **first_invalid_escape) ++{ ++ int first_invalid_escape_char; ++ return _PyBytes_DecodeEscape2( ++ s, len, errors, ++ &first_invalid_escape_char, ++ first_invalid_escape); ++} ++ + PyObject *PyBytes_DecodeEscape(const char *s, + Py_ssize_t len, + const char *errors, + Py_ssize_t Py_UNUSED(unicode), + const char *Py_UNUSED(recode_encoding)) + { +- const char* first_invalid_escape; +- PyObject *result = _PyBytes_DecodeEscape(s, len, errors, +- &first_invalid_escape); ++ int first_invalid_escape_char; ++ const char *first_invalid_escape_ptr; ++ PyObject *result = _PyBytes_DecodeEscape2(s, len, errors, ++ &first_invalid_escape_char, ++ &first_invalid_escape_ptr); + if (result == NULL) + return NULL; +- if (first_invalid_escape != NULL) { +- unsigned char c = *first_invalid_escape; +- if ('4' <= c && c <= '7') { ++ if (first_invalid_escape_char != -1) { ++ if (first_invalid_escape_char > 0xff) { ++ char buf[12] = ""; ++ snprintf(buf, sizeof buf, "%o", first_invalid_escape_char); + if (PyErr_WarnFormat(PyExc_DeprecationWarning, 1, +- "invalid octal escape sequence '\\%.3s'", +- first_invalid_escape) < 0) ++ "invalid octal escape sequence '\\%s'", ++ buf) < 0) + { + Py_DECREF(result); + return NULL; +@@ -1196,7 +1216,7 @@ PyObject *PyBytes_DecodeEscape(const cha + else { + if (PyErr_WarnFormat(PyExc_DeprecationWarning, 1, + "invalid escape sequence '\\%c'", +- c) < 0) ++ first_invalid_escape_char) < 0) + { + Py_DECREF(result); + return NULL; +--- a/Objects/unicodeobject.c ++++ b/Objects/unicodeobject.c +@@ -6301,20 +6301,23 @@ PyUnicode_AsUTF16String(PyObject *unicod + static _PyUnicode_Name_CAPI *ucnhash_capi = NULL; + + PyObject * +-_PyUnicode_DecodeUnicodeEscapeInternal(const char *s, ++_PyUnicode_DecodeUnicodeEscapeInternal2(const char *s, + Py_ssize_t size, + const char *errors, + Py_ssize_t *consumed, +- const char **first_invalid_escape) ++ int *first_invalid_escape_char, ++ const char **first_invalid_escape_ptr) + { + const char *starts = s; ++ const char *initial_starts = starts; + _PyUnicodeWriter writer; + const char *end; + PyObject *errorHandler = NULL; + PyObject *exc = NULL; + + // so we can remember if we've seen an invalid escape char or not +- *first_invalid_escape = NULL; ++ *first_invalid_escape_char = -1; ++ *first_invalid_escape_ptr = NULL; + + if (size == 0) { + if (consumed) { +@@ -6402,9 +6405,12 @@ _PyUnicode_DecodeUnicodeEscapeInternal(c + } + } + if (ch > 0377) { +- if (*first_invalid_escape == NULL) { +- *first_invalid_escape = s-3; /* Back up 3 chars, since we've +- already incremented s. */ ++ if (*first_invalid_escape_char == -1) { ++ *first_invalid_escape_char = ch; ++ if (starts == initial_starts) { ++ /* Back up 3 chars, since we've already incremented s. */ ++ *first_invalid_escape_ptr = s - 3; ++ } + } + } + WRITE_CHAR(ch); +@@ -6503,9 +6509,12 @@ _PyUnicode_DecodeUnicodeEscapeInternal(c + goto error; + + default: +- if (*first_invalid_escape == NULL) { +- *first_invalid_escape = s-1; /* Back up one char, since we've +- already incremented s. */ ++ if (*first_invalid_escape_char == -1) { ++ *first_invalid_escape_char = c; ++ if (starts == initial_starts) { ++ /* Back up one char, since we've already incremented s. */ ++ *first_invalid_escape_ptr = s - 1; ++ } + } + WRITE_ASCII_CHAR('\\'); + WRITE_CHAR(c); +@@ -6544,24 +6553,42 @@ _PyUnicode_DecodeUnicodeEscapeInternal(c + return NULL; + } + ++// Export for binary compatibility. ++PyObject * ++_PyUnicode_DecodeUnicodeEscapeInternal(const char *s, ++ Py_ssize_t size, ++ const char *errors, ++ Py_ssize_t *consumed, ++ const char **first_invalid_escape) ++{ ++ int first_invalid_escape_char; ++ return _PyUnicode_DecodeUnicodeEscapeInternal2( ++ s, size, errors, consumed, ++ &first_invalid_escape_char, ++ first_invalid_escape); ++} ++ + PyObject * + _PyUnicode_DecodeUnicodeEscapeStateful(const char *s, + Py_ssize_t size, + const char *errors, + Py_ssize_t *consumed) + { +- const char *first_invalid_escape; +- PyObject *result = _PyUnicode_DecodeUnicodeEscapeInternal(s, size, errors, ++ int first_invalid_escape_char; ++ const char *first_invalid_escape_ptr; ++ PyObject *result = _PyUnicode_DecodeUnicodeEscapeInternal2(s, size, errors, + consumed, +- &first_invalid_escape); ++ &first_invalid_escape_char, ++ &first_invalid_escape_ptr); + if (result == NULL) + return NULL; +- if (first_invalid_escape != NULL) { +- unsigned char c = *first_invalid_escape; +- if ('4' <= c && c <= '7') { ++ if (first_invalid_escape_char != -1) { ++ if (first_invalid_escape_char > 0xff) { ++ char buf[12] = ""; ++ snprintf(buf, sizeof buf, "%o", first_invalid_escape_char); + if (PyErr_WarnFormat(PyExc_DeprecationWarning, 1, +- "invalid octal escape sequence '\\%.3s'", +- first_invalid_escape) < 0) ++ "invalid octal escape sequence '\\%s'", ++ buf) < 0) + { + Py_DECREF(result); + return NULL; +@@ -6570,7 +6597,7 @@ _PyUnicode_DecodeUnicodeEscapeStateful(c + else { + if (PyErr_WarnFormat(PyExc_DeprecationWarning, 1, + "invalid escape sequence '\\%c'", +- c) < 0) ++ first_invalid_escape_char) < 0) + { + Py_DECREF(result); + return NULL; +--- a/Parser/string_parser.c ++++ b/Parser/string_parser.c +@@ -130,12 +130,15 @@ decode_unicode_with_escapes(Parser *pars + len = p - buf; + s = buf; + +- const char *first_invalid_escape; +- v = _PyUnicode_DecodeUnicodeEscapeInternal(s, len, NULL, NULL, &first_invalid_escape); ++ int first_invalid_escape_char; ++ const char *first_invalid_escape_ptr; ++ v = _PyUnicode_DecodeUnicodeEscapeInternal2(s, (Py_ssize_t)len, NULL, NULL, ++ &first_invalid_escape_char, ++ &first_invalid_escape_ptr); + +- if (v != NULL && first_invalid_escape != NULL) { +- if (warn_invalid_escape_sequence(parser, first_invalid_escape, t) < 0) { +- /* We have not decref u before because first_invalid_escape points ++ if (v != NULL && first_invalid_escape_ptr != NULL) { ++ if (warn_invalid_escape_sequence(parser, first_invalid_escape_ptr, t) < 0) { ++ /* We have not decref u before because first_invalid_escape_ptr points + inside u. */ + Py_XDECREF(u); + Py_DECREF(v); +@@ -149,14 +152,17 @@ decode_unicode_with_escapes(Parser *pars + static PyObject * + decode_bytes_with_escapes(Parser *p, const char *s, Py_ssize_t len, Token *t) + { +- const char *first_invalid_escape; +- PyObject *result = _PyBytes_DecodeEscape(s, len, NULL, &first_invalid_escape); ++ int first_invalid_escape_char; ++ const char *first_invalid_escape_ptr; ++ PyObject *result = _PyBytes_DecodeEscape2(s, len, NULL, ++ &first_invalid_escape_char, ++ &first_invalid_escape_ptr); + if (result == NULL) { + return NULL; + } + +- if (first_invalid_escape != NULL) { +- if (warn_invalid_escape_sequence(p, first_invalid_escape, t) < 0) { ++ if (first_invalid_escape_ptr != NULL) { ++ if (warn_invalid_escape_sequence(p, first_invalid_escape_ptr, t) < 0) { + Py_DECREF(result); + return NULL; + } diff --git a/F00251-change-user-install-location.patch b/F00251-change-user-install-location.patch new file mode 100644 index 0000000..fa38a94 --- /dev/null +++ b/F00251-change-user-install-location.patch @@ -0,0 +1,215 @@ +From 910f38d9768d39d4d31426743ae4081ed1ab66b6 Mon Sep 17 00:00:00 2001 +From: Michal Cyprian +Date: Mon, 26 Jun 2017 16:32:56 +0200 +Subject: [PATCH] 00251: Change user install location + +Set values of prefix and exec_prefix in distutils install command +to /usr/local if executable is /usr/bin/python* and RPM build +is not detected to make pip and distutils install into separate location. + +Fedora Change: https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe +--- + Lib/distutils/command/install.py | 15 +++++++++++++-- + Lib/site.py | 9 ++++++++- + 2 files changed, 21 insertions(+), 3 deletions(-) + +Index: Python-3.11.8/Lib/distutils/command/install.py +=================================================================== +--- Python-3.11.8.orig/Lib/distutils/command/install.py ++++ Python-3.11.8/Lib/distutils/command/install.py +@@ -441,8 +441,19 @@ class install(Command): + raise DistutilsOptionError( + "must not supply exec-prefix without prefix") + +- self.prefix = os.path.normpath(sys.prefix) +- self.exec_prefix = os.path.normpath(sys.exec_prefix) ++ # self.prefix is set to sys.prefix + /local/ ++ # if neither RPM build nor virtual environment is ++ # detected to make pip and distutils install packages ++ # into the separate location. ++ if (not (hasattr(sys, 'real_prefix') or ++ sys.prefix != sys.base_prefix) and ++ 'RPM_BUILD_ROOT' not in os.environ): ++ addition = "/local" ++ else: ++ addition = "" ++ ++ self.prefix = os.path.normpath(sys.prefix) + addition ++ self.exec_prefix = os.path.normpath(sys.exec_prefix) + addition + + else: + if self.exec_prefix is None: +Index: Python-3.11.8/Lib/site.py +=================================================================== +--- Python-3.11.8.orig/Lib/site.py ++++ Python-3.11.8/Lib/site.py +@@ -387,8 +387,15 @@ def getsitepackages(prefixes=None): + return sitepackages + + def addsitepackages(known_paths, prefixes=None): +- """Add site-packages to sys.path""" ++ """Add site-packages to sys.path ++ ++ '/usr/local' is included in PREFIXES if RPM build is not detected ++ to make packages installed into this location visible. ++ ++ """ + _trace("Processing global site-packages") ++ if ENABLE_USER_SITE and 'RPM_BUILD_ROOT' not in os.environ: ++ PREFIXES.insert(0, "/usr/local") + for sitedir in getsitepackages(prefixes): + if os.path.isdir(sitedir): + addsitedir(sitedir, known_paths) + +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= +Date: Mon, 15 Feb 2021 12:19:27 +0100 +Subject: [PATCH] 00251: Change user install location +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Set values of base and platbase in sysconfig from /usr +to /usr/local when RPM build is not detected +to make pip and similar tools install into separate location. + +Fedora Change: https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe +Downstream only. + +We've tried to rework in Fedora 36/Python 3.10 to follow https://bugs.python.org/issue43976 +but we have identified serious problems with that approach, +see https://bugzilla.redhat.com/2026979 or https://bugzilla.redhat.com/2097183 + +pypa/distutils integration: https://github.com/pypa/distutils/pull/70 + +Co-authored-by: Petr Viktorin +Co-authored-by: Miro Hrončok +Co-authored-by: Michal Cyprian +Co-authored-by: Lumír Balhar +--- + Lib/site.py | 9 ++++++- + Lib/sysconfig.py | 49 +++++++++++++++++++++++++++++++++++++- + Lib/test/test_sysconfig.py | 17 +++++++++++-- + 3 files changed, 71 insertions(+), 4 deletions(-) + +Index: Python-3.11.9/Lib/sysconfig.py +=================================================================== +--- Python-3.11.9.orig/Lib/sysconfig.py ++++ Python-3.11.9/Lib/sysconfig.py +@@ -103,6 +103,11 @@ if os.name == 'nt': + else: + _INSTALL_SCHEMES['venv'] = _INSTALL_SCHEMES['posix_venv'] + ++# For a brief period of time in the Fedora 36 life cycle, ++# this installation scheme existed and was documented in the release notes. ++# For backwards compatibility, we keep it here (at least on 3.10 and 3.11). ++_INSTALL_SCHEMES['rpm_prefix'] = _INSTALL_SCHEMES['posix_prefix'] ++ + + # NOTE: site.py has copy of this function. + # Sync it when modify this function. +@@ -162,6 +167,19 @@ if _HAS_USER_BASE: + }, + } + ++# This is used by distutils.command.install in the stdlib ++# as well as pypa/distutils (e.g. bundled in setuptools). ++# The self.prefix value is set to sys.prefix + /local/ ++# if neither RPM build nor virtual environment is ++# detected to make distutils install packages ++# into the separate location. ++# https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe ++if (not (hasattr(sys, 'real_prefix') or ++ sys.prefix != sys.base_prefix) and ++ 'RPM_BUILD_ROOT' not in os.environ): ++ _prefix_addition = '/local' ++ ++ + _SCHEME_KEYS = ('stdlib', 'platstdlib', 'purelib', 'platlib', 'include', + 'scripts', 'data') + +@@ -258,11 +276,40 @@ def _extend_dict(target_dict, other_dict + target_dict[key] = value + + ++_CONFIG_VARS_LOCAL = None ++ ++ ++def _config_vars_local(): ++ # This function returns the config vars with prefixes amended to /usr/local ++ # https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe ++ global _CONFIG_VARS_LOCAL ++ if _CONFIG_VARS_LOCAL is None: ++ _CONFIG_VARS_LOCAL = dict(get_config_vars()) ++ _CONFIG_VARS_LOCAL['base'] = '/usr/local' ++ _CONFIG_VARS_LOCAL['platbase'] = '/usr/local' ++ return _CONFIG_VARS_LOCAL ++ ++ + def _expand_vars(scheme, vars): + res = {} + if vars is None: + vars = {} +- _extend_dict(vars, get_config_vars()) ++ ++ # when we are not in a virtual environment or an RPM build ++ # we change '/usr' to '/usr/local' ++ # to avoid surprises, we explicitly check for the /usr/ prefix ++ # Python virtual environments have different prefixes ++ # we only do this for posix_prefix, not to mangle the venv scheme ++ # posix_prefix is used by sudo pip install ++ # we only change the defaults here, so explicit --prefix will take precedence ++ # https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe ++ if (scheme == 'posix_prefix' and ++ _PREFIX == '/usr' and ++ 'RPM_BUILD_ROOT' not in os.environ): ++ _extend_dict(vars, _config_vars_local()) ++ else: ++ _extend_dict(vars, get_config_vars()) ++ + if os.name == 'nt': + # On Windows we want to substitute 'lib' for schemes rather + # than the native value (without modifying vars, in case it +Index: Python-3.11.9/Lib/test/test_sysconfig.py +=================================================================== +--- Python-3.11.9.orig/Lib/test/test_sysconfig.py ++++ Python-3.11.9/Lib/test/test_sysconfig.py +@@ -111,8 +111,19 @@ class TestSysConfig(unittest.TestCase): + for scheme in _INSTALL_SCHEMES: + for name in _INSTALL_SCHEMES[scheme]: + expected = _INSTALL_SCHEMES[scheme][name].format(**config_vars) ++ tested = get_path(name, scheme) ++ # https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe ++ if tested.startswith('/usr/local'): ++ # /usr/local should only be used in posix_prefix ++ self.assertEqual(scheme, 'posix_prefix') ++ # Fedora CI runs tests for venv and virtualenv that check for other prefixes ++ self.assertEqual(sys.prefix, '/usr') ++ # When building the RPM of Python, %check runs this with RPM_BUILD_ROOT set ++ # Fedora CI runs this with RPM_BUILD_ROOT unset ++ self.assertNotIn('RPM_BUILD_ROOT', os.environ) ++ tested = tested.replace('/usr/local', '/usr') + self.assertEqual( +- os.path.normpath(get_path(name, scheme)), ++ os.path.normpath(tested), + os.path.normpath(expected), + ) + +@@ -345,7 +356,7 @@ class TestSysConfig(unittest.TestCase): + self.assertTrue(os.path.isfile(config_h), config_h) + + def test_get_scheme_names(self): +- wanted = ['nt', 'posix_home', 'posix_prefix', 'posix_venv', 'nt_venv', 'venv'] ++ wanted = ['nt', 'posix_home', 'posix_prefix', 'posix_venv', 'nt_venv', 'venv', 'rpm_prefix'] + if HAS_USER_BASE: + wanted.extend(['nt_user', 'osx_framework_user', 'posix_user']) + self.assertEqual(get_scheme_names(), tuple(sorted(wanted))) +@@ -357,6 +368,8 @@ class TestSysConfig(unittest.TestCase): + cmd = "-c", "import sysconfig; print(sysconfig.get_platform())" + self.assertEqual(py.call_real(*cmd), py.call_link(*cmd)) + ++ @unittest.skipIf('RPM_BUILD_ROOT' not in os.environ, ++ "Test doesn't expect Fedora's paths") + def test_user_similar(self): + # Issue #8759: make sure the posix scheme for the users + # is similar to the global posix_prefix one diff --git a/PACKAGING-NOTES b/PACKAGING-NOTES new file mode 100644 index 0000000..e28c88c --- /dev/null +++ b/PACKAGING-NOTES @@ -0,0 +1,26 @@ +Notes for packagers of Python3 +============================== + +0. Faster build turnaround +-------------------------- + +By default, python builds with profile-guided optimization. This needs +an additional run of the test suite and it is generally slow. +PGO build takes around 50 minutes. + +For development, use "--without profileopt" option to disable PGO. This +shortens the build time to ~5 minutes including test suite. + +1. import_failed.map +---------------------- + +This is a mechanism installed as part of python3-base, that places shim modules +on python's path (through a generated zzzz-import-failed-hooks.pth file, so that +it is imported as much at the end as makes sense; and an _import_failed subdir +of /usr/lib/pythonX.Y). Then when the user tries to import a module that is part +of a subpackage, the ImportError will contain a helpful message telling them +which missing subpackage to install. + +This can sometimes cause problems on non-standard configurations, if the pth +gets included too early (for instance if you are using a script to include all +pths by hand in some strange order). Just something to look out for. diff --git a/Python-3.11.10.tar.xz b/Python-3.11.10.tar.xz new file mode 100644 index 0000000..f87e7ad --- /dev/null +++ b/Python-3.11.10.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:07a4356e912900e61a15cb0949a06c4a05012e213ecd6b4e84d0f67aabbee372 +size 20067656 diff --git a/Python-3.11.10.tar.xz.asc b/Python-3.11.10.tar.xz.asc new file mode 100644 index 0000000..243d1b1 --- /dev/null +++ b/Python-3.11.10.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEz9yiRbEEPPKl+Xhl/+h0BBaL2EcFAmbbrO0ACgkQ/+h0BBaL +2Ec+YBAAnQJLKYPjj7Yr7xkFU655Sv86JxeRAdWjnIapbiIuWg3Up8Pd8FTRgHGf +3XdTHw7b03lSjtzJwavzdnDklqAlBIGn9dVieljUIN7NYyNxoYOr/AiatimgSwv7 +dI5mfun5fLKV6ZcdNdQN5PJ3RZtF3I7VfkN2mlfZJHtxl1agdU/TfW2L+qJ7+JPY +cayjq2xKTLRNXOf2iV29GRRovLiqA+Dx0+cAwsScwreHMp3U4k3GkeHVoR6fldV4 +bVAM8GRl3CYVFePiqAbamKP1BSys44JOINWbWyd94JxzEAwXWz//Es0h73AzeRfK +ueORqzdoOGrVc74+HGlAHhqO1Gg7jMMmtkzCEuav+cGHYnMRMOngGR3q47aTJTVb +5UdP0oD4OlADPFVa6q0LCqN/IFlebWMh9pXYw7Wpek63oNuZHTfNPq4S1AUM2HJm +C3yzaOG9VAdYfLneJC4ldY4CVt1FKckfaXp5OAaMr71DI74e4CcEswlUupZJLZKV +TJRjQD15bnXGhHDqU4w3RmzpCWMh2mf4m4VMYQyObl3TtlX+gVvzIhDS5+mXqutB +F1pdXwaHHkTb2PLLxpwOGrnsp8XoW74tsylcYirQg8jSFMbgxfwgIjEIuRGXeDkT +B4QzmQ4SxsbLiH7etV6Fznl1h569Z4DO9OOs4i0ZzIjdhPDQtAs= +=TatG +-----END PGP SIGNATURE----- diff --git a/Python-3.11.11.tar.xz b/Python-3.11.11.tar.xz new file mode 100644 index 0000000..e0581b1 --- /dev/null +++ b/Python-3.11.11.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:2a9920c7a0cd236de33644ed980a13cbbc21058bfdc528febb6081575ed73be3 +size 20085792 diff --git a/Python-3.11.11.tar.xz.sigstore b/Python-3.11.11.tar.xz.sigstore new file mode 100644 index 0000000..782816a --- /dev/null +++ b/Python-3.11.11.tar.xz.sigstore @@ -0,0 +1 @@ +{"mediaType": "application/vnd.dev.sigstore.bundle.v0.3+json", "verificationMaterial": {"certificate": {"rawBytes": "MIICzDCCAlOgAwIBAgIUWcRolJPsPmtJKA6VkjHSj7PtjY8wCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjQxMjAzMTgxOTA1WhcNMjQxMjAzMTgyOTA1WjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEN+fBJCRZIAZiWPBdjyQVD+x5vgmjuuVct1HkPHIBMuEe7wI4mBG2BhJ3fHkpr97efIH6ELMmPV99edyAIZFXR6OCAXIwggFuMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUkutZdHfCCSvGI87mjnBRwZB8ihYwHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4YZD8wIgYDVR0RAQH/BBgwFoEUcGFibG9nc2FsQHB5dGhvbi5vcmcwKQYKKwYBBAGDvzABAQQbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMCsGCisGAQQBg78wAQgEHQwbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMIGKBgorBgEEAdZ5AgQCBHwEegB4AHYA3T0wasbHETJjGR4cmWc3AqJKXrjePK3/h4pygC8p7o4AAAGTjb9QlwAABAMARzBFAiEA4ddSINhYM+p0+DGzRqnA8rVtJF9YgI+9znXiq9fqQNkCIEErcSnQmN8jjErhwWWtcTM5GgH4ka/uk5kdHTycwxj3MAoGCCqGSM49BAMDA2cAMGQCMFmkCEH2pCBpFeFiUi2uA4opcJP6vh/zqb+D0tbxqd+jwbBkuDxDqA9/Ao3UWop+twIwO9o71KAlYWPSPYMeZERM4R8zWlp9mVJPiK3tgOJJi40MNmxwtfsQeQtncqiQLBAH"}, "tlogEntries": [{"logIndex": "153122039", "logId": {"keyId": "wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="}, "kindVersion": {"kind": "hashedrekord", "version": "0.0.1"}, "integratedTime": "1733249946", "inclusionPromise": {"signedEntryTimestamp": "MEUCIBL9zpVJtljIuZtAe8uptLfDmakmbAjy5ELp2q8WJTQ7AiEAv6lIpyJZycHwTS+JHYJFzMVv0SmA8yQ0eMneBivMhPY="}, "inclusionProof": {"logIndex": "31217777", "rootHash": "BMKHBPePzSbNqf2NyF/Ejuyy3troRGpNS41Dqe43nZ0=", "treeSize": "31217778", "hashes": ["lrr8dxmtgD09fnZTo1tMTY00HNKc2ZIpbZa1djDeTes=", "yFxGSg1RDbtZ/eNftnMdBJGNEZmmLyx2ZRDFtAIMHAk=", "GeqsQGnvgc+gcuaIC+vQ5b0RdTyBxBnYTpbeW2AeD+Q=", "dMTPeN/a9xCQQP+Hz7sddW0pPj8n54sfkhcf3XhjrMM=", "XjayhjKU3shP7q7lhmhKDv3Vpi4gJgAPCu0KlEzc9Qo=", "go1dmexQYS5etu69upRRX7IFvuA0rIcT9aYjMstmPIU=", "AYwr74Bm2w383UnS7DdbZUUAhusq28JoxKpWrQ7OvGQ=", "u+yWmGIR6sAH32wiSy22mz1Yf+jfPdBTjFbyRISuTZw=", "3eFC7Gp4fWecybDOAw9uUTrM1xB7YRYRAGsfYkiQbV8=", "1uKk2qjOliHMiTk906jrchP8mXWsRG8apaU1sa0lfh0=", "oOecFfN3YqDOkbijS/ej1WF5Da/Gt/AZNhbwE9uoOE8=", "4lUF0YOu9XkIDXKXA0wMSzd6VeDY3TZAgmoOeWmS2+Y=", "gf+9m552B3PnkWnO0o4KdVvjcT3WVHLrCbf1DoVYKFw="], "checkpoint": {"envelope": "rekor.sigstore.dev - 1193050959916656506\n31217778\nBMKHBPePzSbNqf2NyF/Ejuyy3troRGpNS41Dqe43nZ0=\n\n\u2014 rekor.sigstore.dev wNI9ajBEAiA7ed0HqugBwVpmxDAR1VN35J91/+DeRdj09y5lFY+bRwIgYe07JnZlJvp3MfAMXX3i4XBsZoDRZoXtwfBaRj/8x8s=\n"}}, "canonicalizedBody": "eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiaGFzaGVkcmVrb3JkIiwic3BlYyI6eyJkYXRhIjp7Imhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiIyYTk5MjBjN2EwY2QyMzZkZTMzNjQ0ZWQ5ODBhMTNjYmJjMjEwNThiZmRjNTI4ZmViYjYwODE1NzVlZDczYmUzIn19LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FVUNJRU5KSGllaWs5WkVibW83a0p4ZUhWY2FvVDVYOUxyWG1zRTVxc1I5R1JpSEFpRUFtcHZyV21vUHF5YzRpQ09VYXVmY3dKTllMK1lPTWU0b0NOaWRLVGduT1FBPSIsInB1YmxpY0tleSI6eyJjb250ZW50IjoiTFMwdExTMUNSVWRKVGlCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2sxSlNVTjZSRU5EUVd4UFowRjNTVUpCWjBsVlYyTlNiMnhLVUhOUWJYUktTMEUyVm10cVNGTnFOMUIwYWxrNGQwTm5XVWxMYjFwSmVtb3dSVUYzVFhjS1RucEZWazFDVFVkQk1WVkZRMmhOVFdNeWJHNWpNMUoyWTIxVmRWcEhWakpOVWpSM1NFRlpSRlpSVVVSRmVGWjZZVmRrZW1SSE9YbGFVekZ3WW01U2JBcGpiVEZzV2tkc2FHUkhWWGRJYUdOT1RXcFJlRTFxUVhwTlZHZDRUMVJCTVZkb1kwNU5hbEY0VFdwQmVrMVVaM2xQVkVFeFYycEJRVTFHYTNkRmQxbElDa3R2V2tsNmFqQkRRVkZaU1V0dldrbDZhakJFUVZGalJGRm5RVVZPSzJaQ1NrTlNXa2xCV21sWFVFSmthbmxSVmtRcmVEVjJaMjFxZFhWV1kzUXhTR3NLVUVoSlFrMTFSV1UzZDBrMGJVSkhNa0pvU2pObVNHdHdjamszWldaSlNEWkZURTF0VUZZNU9XVmtlVUZKV2taWVVqWlBRMEZZU1hkblowWjFUVUUwUndwQk1WVmtSSGRGUWk5M1VVVkJkMGxJWjBSQlZFSm5UbFpJVTFWRlJFUkJTMEpuWjNKQ1owVkdRbEZqUkVGNlFXUkNaMDVXU0ZFMFJVWm5VVlZyZFhSYUNtUklaa05EVTNaSFNUZzNiV3B1UWxKM1drSTRhV2haZDBoM1dVUldVakJxUWtKbmQwWnZRVlV6T1ZCd2VqRlphMFZhWWpWeFRtcHdTMFpYYVhocE5Ga0tXa1E0ZDBsbldVUldVakJTUVZGSUwwSkNaM2RHYjBWVlkwZEdhV0pIT1c1ak1rWnpVVWhDTldSSGFIWmlhVFYyWTIxamQwdFJXVXRMZDFsQ1FrRkhSQXAyZWtGQ1FWRlJZbUZJVWpCalNFMDJUSGs1YUZreVRuWmtWelV3WTNrMWJtSXlPVzVpUjFWMVdUSTVkRTFEYzBkRGFYTkhRVkZSUW1jM09IZEJVV2RGQ2toUmQySmhTRkl3WTBoTk5reDVPV2haTWs1MlpGYzFNR041Tlc1aU1qbHVZa2RWZFZreU9YUk5TVWRMUW1kdmNrSm5SVVZCWkZvMVFXZFJRMEpJZDBVS1pXZENORUZJV1VFelZEQjNZWE5pU0VWVVNtcEhValJqYlZkak0wRnhTa3RZY21wbFVFc3pMMmcwY0hsblF6aHdOMjgwUVVGQlIxUnFZamxSYkhkQlFRcENRVTFCVW5wQ1JrRnBSVUUwWkdSVFNVNW9XVTByY0RBclJFZDZVbkZ1UVRoeVZuUktSamxaWjBrck9YcHVXR2x4T1daeFVVNXJRMGxGUlhKalUyNVJDbTFPT0dwcVJYSm9kMWRYZEdOVVRUVkhaMGcwYTJFdmRXczFhMlJJVkhsamQzaHFNMDFCYjBkRFEzRkhVMDAwT1VKQlRVUkJNbU5CVFVkUlEwMUdiV3NLUTBWSU1uQkRRbkJHWlVacFZXa3lkVUUwYjNCalNsQTJkbWd2ZW5GaUswUXdkR0o0Y1dRcmFuZGlRbXQxUkhoRWNVRTVMMEZ2TTFWWGIzQXJkSGRKZHdwUE9XODNNVXRCYkZsWFVGTlFXVTFsV2tWU1RUUlNPSHBYYkhBNWJWWktVR2xMTTNSblQwcEthVFF3VFU1dGVIZDBabk5SWlZGMGJtTnhhVkZNUWtGSUNpMHRMUzB0UlU1RUlFTkZVbFJKUmtsRFFWUkZMUzB0TFMwSyJ9fX19"}]}, "messageSignature": {"messageDigest": {"algorithm": "SHA2_256", "digest": "Kpkgx6DNI23jNkTtmAoTy7whBYv9xSj+u2CBV17XO+M="}, "signature": "MEUCIENJHieik9ZEbmo7kJxeHVcaoT5X9LrXmsE5qsR9GRiHAiEAmpvrWmoPqyc4iCOUaufcwJNYL+YOMe4oCNidKTgnOQA="}} diff --git a/Python-3.11.12.tar.xz b/Python-3.11.12.tar.xz new file mode 100644 index 0000000..e2b3c80 --- /dev/null +++ b/Python-3.11.12.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:849da87af4df137710c1796e276a955f7a85c9f971081067c8f565d15c352a09 +size 20112232 diff --git a/Python-3.11.12.tar.xz.sigstore b/Python-3.11.12.tar.xz.sigstore new file mode 100644 index 0000000..36fb8a6 --- /dev/null +++ b/Python-3.11.12.tar.xz.sigstore @@ -0,0 +1 @@ +{"mediaType": "application/vnd.dev.sigstore.bundle.v0.3+json", "verificationMaterial": {"certificate": {"rawBytes": "MIICzDCCAlOgAwIBAgIUdXXo3kfUuTRxhwfBaDz2hbLdc00wCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjUwNDA4MTUwMzI1WhcNMjUwNDA4MTUxMzI1WjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEChWB96w27HEQAug03xOuj5aVvdcEBkLaseC6PKbhc3lq1vL78o96RMSdWdBSmBQ4OrRHKvop8VRwn4SI6KPIN6OCAXIwggFuMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUDQFNdUPu8lJprLgYTWMF//JnS0owHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4YZD8wIgYDVR0RAQH/BBgwFoEUcGFibG9nc2FsQHB5dGhvbi5vcmcwKQYKKwYBBAGDvzABAQQbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMCsGCisGAQQBg78wAQgEHQwbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMIGKBgorBgEEAdZ5AgQCBHwEegB4AHYA3T0wasbHETJjGR4cmWc3AqJKXrjePK3/h4pygC8p7o4AAAGWFe1zcgAABAMARzBFAiAMLue9b86BfjeZl9ML7LekLskkUPTEhI2ciiZrYgaF/gIhAIt66OYOVpC39L+bRXJd1K+T39IGMxYcKoaDrMk0DX59MAoGCCqGSM49BAMDA2cAMGQCMEJ+IEScHRIlOwToBZxVVJjrSxOVvqRSfUO5hvYNkqhYz97LxxUFWpcB/DMiQJOUbwIwKJRh5d7c30z1XyE5zsjOZZmz37ah6aJtyuHLCn3QKJniWBMxIMy9lbXlRZWZgsf0"}, "tlogEntries": [{"logIndex": "193896942", "logId": {"keyId": "wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="}, "kindVersion": {"kind": "hashedrekord", "version": "0.0.1"}, "integratedTime": "1744124605", "inclusionPromise": {"signedEntryTimestamp": "MEUCIQDBvc4N4pmeJKalSbAgT5X5MiHnHfiFJ3q/ifYIUDQORwIgNCMUBexEGM4B8VSSWkSDK8uZDGqzA7bgurZdWE0z/vc="}, "inclusionProof": {"logIndex": "71992680", "rootHash": "jow4GaqK8wgGK0YaQkHyINNk1eJRvrgCUSax5oC+bgc=", "treeSize": "71992683", "hashes": ["V5p0el9OkIku5PMpzeGtSeSQLNkd4d0DVh6qNlixrlk=", "CbJfH60w3vsS3xzOzbMZQaokwVM+6efm7OCLjQ5og/k=", "fJZsSVsDo+dpw5484/+8Rm3EH3JostySBfLMVDBUZOU=", "/C+wK2WU/SrXLMnuHDzeBP4K+Jlt/S0nAvzvcXJPp30=", "m6j5meZeKpBfFqNeI7qiCogWjT2IT5NZkgJYwot9sRo=", "V7VMIiqIq7yvzO+ic8vLqIJr3+iGA6whYAGN7YvWhsQ=", "2ap6N1WIsMWGC/Zrnzsx//K9223/3B9lLpJP87M+rXE=", "2kwW2rqY/EMS68q/rOjagVYsEMybFHgxIfbokSa8yKU=", "QReFEOB9XSZtDKsjRtA0fGnYGMYD2Z7qn50auG1YlWo=", "K26LG80DXyb+bC58c4Nw00WigG52v0PCsZGY3ExGsts=", "WEm5OgPzJpYROv+4CcrieexCYyQKrLUH3hbxmcQQ+DM=", "7v8qPHNDLerpduaMx06eb/MwgoQwczTn/cYGKX/9wZ4="], "checkpoint": {"envelope": "rekor.sigstore.dev - 1193050959916656506\n71992683\njow4GaqK8wgGK0YaQkHyINNk1eJRvrgCUSax5oC+bgc=\n\n\u2014 rekor.sigstore.dev wNI9ajBGAiEA7u1b4P659JpwuXMf6lhvC1RhOj/ZH7CpYcAQbitQSwUCIQDJrflW8FGweaiB88lSuLfpfD/a6l6jWhUyOQB/mIJ9rA==\n"}}, "canonicalizedBody": "eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiaGFzaGVkcmVrb3JkIiwic3BlYyI6eyJkYXRhIjp7Imhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiI4NDlkYTg3YWY0ZGYxMzc3MTBjMTc5NmUyNzZhOTU1ZjdhODVjOWY5NzEwODEwNjdjOGY1NjVkMTVjMzUyYTA5In19LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FUUNJRnMzQi9oTk9OMVY2TXFaUkxzRmNHNlU2Qjkza2FsL1VLZWsvYkRVb3o2MUFpQWZydmsrWXpjK0hHZGJYemRRQ203cjlKU2RNUCtuR1BOblVCZzFoSnAySVE9PSIsInB1YmxpY0tleSI6eyJjb250ZW50IjoiTFMwdExTMUNSVWRKVGlCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2sxSlNVTjZSRU5EUVd4UFowRjNTVUpCWjBsVlpGaFliek5yWmxWMVZGSjRhSGRtUW1GRWVqSm9Za3hrWXpBd2QwTm5XVWxMYjFwSmVtb3dSVUYzVFhjS1RucEZWazFDVFVkQk1WVkZRMmhOVFdNeWJHNWpNMUoyWTIxVmRWcEhWakpOVWpSM1NFRlpSRlpSVVVSRmVGWjZZVmRrZW1SSE9YbGFVekZ3WW01U2JBcGpiVEZzV2tkc2FHUkhWWGRJYUdOT1RXcFZkMDVFUVRSTlZGVjNUWHBKTVZkb1kwNU5hbFYzVGtSQk5FMVVWWGhOZWtreFYycEJRVTFHYTNkRmQxbElDa3R2V2tsNmFqQkRRVkZaU1V0dldrbDZhakJFUVZGalJGRm5RVVZEYUZkQ09UWjNNamRJUlZGQmRXY3dNM2hQZFdvMVlWWjJaR05GUW10TVlYTmxRellLVUV0aWFHTXpiSEV4ZGt3M09HODVObEpOVTJSWFpFSlRiVUpSTkU5eVVraExkbTl3T0ZaU2QyNDBVMGsyUzFCSlRqWlBRMEZZU1hkblowWjFUVUUwUndwQk1WVmtSSGRGUWk5M1VVVkJkMGxJWjBSQlZFSm5UbFpJVTFWRlJFUkJTMEpuWjNKQ1owVkdRbEZqUkVGNlFXUkNaMDVXU0ZFMFJVWm5VVlZFVVVaT0NtUlZVSFU0YkVwd2NreG5XVlJYVFVZdkwwcHVVekJ2ZDBoM1dVUldVakJxUWtKbmQwWnZRVlV6T1ZCd2VqRlphMFZhWWpWeFRtcHdTMFpYYVhocE5Ga0tXa1E0ZDBsbldVUldVakJTUVZGSUwwSkNaM2RHYjBWVlkwZEdhV0pIT1c1ak1rWnpVVWhDTldSSGFIWmlhVFYyWTIxamQwdFJXVXRMZDFsQ1FrRkhSQXAyZWtGQ1FWRlJZbUZJVWpCalNFMDJUSGs1YUZreVRuWmtWelV3WTNrMWJtSXlPVzVpUjFWMVdUSTVkRTFEYzBkRGFYTkhRVkZSUW1jM09IZEJVV2RGQ2toUmQySmhTRkl3WTBoTk5reDVPV2haTWs1MlpGYzFNR041Tlc1aU1qbHVZa2RWZFZreU9YUk5TVWRMUW1kdmNrSm5SVVZCWkZvMVFXZFJRMEpJZDBVS1pXZENORUZJV1VFelZEQjNZWE5pU0VWVVNtcEhValJqYlZkak0wRnhTa3RZY21wbFVFc3pMMmcwY0hsblF6aHdOMjgwUVVGQlIxZEdaVEY2WTJkQlFRcENRVTFCVW5wQ1JrRnBRVTFNZFdVNVlqZzJRbVpxWlZwc09VMU1OMHhsYTB4emEydFZVRlJGYUVreVkybHBXbkpaWjJGR0wyZEphRUZKZERZMlQxbFBDbFp3UXpNNVRDdGlVbGhLWkRGTEsxUXpPVWxIVFhoWlkwdHZZVVJ5VFdzd1JGZzFPVTFCYjBkRFEzRkhVMDAwT1VKQlRVUkJNbU5CVFVkUlEwMUZTaXNLU1VWVFkwaFNTV3hQZDFSdlFscDRWbFpLYW5KVGVFOVdkbkZTVTJaVlR6Vm9kbGxPYTNGb1dYbzVOMHg0ZUZWR1YzQmpRaTlFVFdsUlNrOVZZbmRKZHdwTFNsSm9OV1EzWXpNd2VqRlllVVUxZW5OcVQxcGFiWG96TjJGb05tRktkSGwxU0V4RGJqTlJTMHB1YVZkQ1RYaEpUWGs1YkdKWWJGSmFWMXBuYzJZd0NpMHRMUzB0UlU1RUlFTkZVbFJKUmtsRFFWUkZMUzB0TFMwSyJ9fX19"}], "timestampVerificationData": {}}, "messageSignature": {"messageDigest": {"algorithm": "SHA2_256", "digest": "hJ2oevTfE3cQwXluJ2qVX3qFyflxCBBnyPVl0Vw1Kgk="}, "signature": "MEQCIFs3B/hNON1V6MqZRLsFcG6U6B93kal/UKek/bDUoz61AiAfrvk+Yzc+HGdbXzdQCm7r9JSdMP+nGPNnUBg1hJp2IQ=="}} diff --git a/Python-3.11.13.tar.xz b/Python-3.11.13.tar.xz new file mode 100644 index 0000000..80a2b4d --- /dev/null +++ b/Python-3.11.13.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:8fb5f9fbc7609fa822cb31549884575db7fd9657cbffb89510b5d7975963a83a +size 20117496 diff --git a/Python-3.11.13.tar.xz.sigstore b/Python-3.11.13.tar.xz.sigstore new file mode 100644 index 0000000..a6d0be7 --- /dev/null +++ b/Python-3.11.13.tar.xz.sigstore @@ -0,0 +1 @@ +{"mediaType": "application/vnd.dev.sigstore.bundle.v0.3+json", "verificationMaterial": {"certificate": {"rawBytes": "MIICzjCCAlSgAwIBAgIUfnOGm4U1QCsCXWiDvPy5Tgni2HUwCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjUwNjAzMTkyNzM1WhcNMjUwNjAzMTkzNzM1WjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEpTsf/wrCdu4Domf4WOtO4CLkj51wmj4iesYv5N6DYhghPjqQFwGYI9gFc/WX6QMIWh5YHU2NGxrmM7KfbAYzz6OCAXMwggFvMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUkQ2/O4Fivj1bTq7NTQczm1RdtYAwHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4YZD8wIgYDVR0RAQH/BBgwFoEUcGFibG9nc2FsQHB5dGhvbi5vcmcwKQYKKwYBBAGDvzABAQQbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMCsGCisGAQQBg78wAQgEHQwbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMIGLBgorBgEEAdZ5AgQCBH0EewB5AHcA3T0wasbHETJjGR4cmWc3AqJKXrjePK3/h4pygC8p7o4AAAGXN0NwGwAABAMASDBGAiEA6pD8PjS+5z2SQre/NS/wOdFSjVMsxvtfF6A1jg+1T3YCIQDC44S/Z3c0dNddM7EkE+A3j7Vft3hqRUoFkNe4U6g5qTAKBggqhkjOPQQDAwNoADBlAjA6lBI2r3KCZFc+2affpH3S3Xj3gMOKh8Lr5Z7TgkGp3Q6QsnExGmJJ0leXhqH6rQkCMQDfxk/6DyhbO7KTrIUfmrbZoa7dV75cresJS69Xk67XN57qsqY52DZj9o4fbUIw4ro="}, "tlogEntries": [{"logIndex": "228953871", "logId": {"keyId": "wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="}, "kindVersion": {"kind": "hashedrekord", "version": "0.0.1"}, "integratedTime": "1748978856", "inclusionPromise": {"signedEntryTimestamp": "MEUCIQC9nXmfcRqyOL2Zmw1zI7+kulTbmDE3Yfzew81mXJGU4QIgF8Uhdg2uzttSA6erOuEchX68PCyJ0cVFHE0XJX2+ZfE="}, "inclusionProof": {"logIndex": "107049609", "rootHash": "Ilofw5POqC/C3zqfrdMQP1DyhNW+UfB9fHdjrbK6qaM=", "treeSize": "107049610", "hashes": ["AcD1iyjU7nuIPqAq29ynz7PEdq6zPXglj6e2tkH+/do=", "1BNDCN01B3dbUo/TfLaQgKIYTvPyrkcrHKd69GxuF2E=", "t59A0CV2pHM2S9AgZgcEA6FbXhgNZGo0jMRIXHiqsJ0=", "bCrkgWpJ8MBic+mIfCRsKi+5XAMqgM8Lc6G0LLfzZ7M=", "4iwdOrGkcqdN0qqZUx/gv8a8qpLMqVj8aXRVmhQ558c=", "mAX/zvx1jR0ujLtDApsQpHyxmoDGidClHMOn0BX1aQA=", "u5LKLBPTYgXZg0fBi6/8LuEeNy3EBAxJF0AkkB4Co6E=", "SPUVncwJRVX/n/RICCYqLpAzraqx7S0eMdXRr1RLRgg=", "uEJFtwcGQJMd9kjQhkXb7gl2WD3WMElCc15uDFvFGxs=", "VdOKzpQhJlpXgijzXANf/hNlje1G/N1kUuVnKNskkso=", "mta5fH/gFwxJ/0fT8yGpn3sFCY0G1RY555Iflm0LInM=", "7v8qPHNDLerpduaMx06eb/MwgoQwczTn/cYGKX/9wZ4="], "checkpoint": {"envelope": "rekor.sigstore.dev - 1193050959916656506\n107049610\nIlofw5POqC/C3zqfrdMQP1DyhNW+UfB9fHdjrbK6qaM=\n\n\u2014 rekor.sigstore.dev wNI9ajBGAiEAjtzTnsnrGx0G3Dg99s89cPUh6EA+cxkicQ9j4qYU60wCIQCKcAL4kdakbq2JrBVgk7bRNf3FoJRrEI6SCjv16f7Crg==\n"}}, "canonicalizedBody": "eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiaGFzaGVkcmVrb3JkIiwic3BlYyI6eyJkYXRhIjp7Imhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiI4ZmI1ZjlmYmM3NjA5ZmE4MjJjYjMxNTQ5ODg0NTc1ZGI3ZmQ5NjU3Y2JmZmI4OTUxMGI1ZDc5NzU5NjNhODNhIn19LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FVUNJUUM5Q1JZRjNSWGUzdDNxQlBJd2UrR3pMMTJCOXVLTjIrRFpWa2JjZW1FTS93SWdPMDFKaVhnbUJxZEN5RVhoM05JUEt5QlRBb2hpcjZHTkhZdXhiSUxKNDlRPSIsInB1YmxpY0tleSI6eyJjb250ZW50IjoiTFMwdExTMUNSVWRKVGlCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2sxSlNVTjZha05EUVd4VFowRjNTVUpCWjBsVlptNVBSMjAwVlRGUlEzTkRXRmRwUkhaUWVUVlVaMjVwTWtoVmQwTm5XVWxMYjFwSmVtb3dSVUYzVFhjS1RucEZWazFDVFVkQk1WVkZRMmhOVFdNeWJHNWpNMUoyWTIxVmRWcEhWakpOVWpSM1NFRlpSRlpSVVVSRmVGWjZZVmRrZW1SSE9YbGFVekZ3WW01U2JBcGpiVEZzV2tkc2FHUkhWWGRJYUdOT1RXcFZkMDVxUVhwTlZHdDVUbnBOTVZkb1kwNU5hbFYzVG1wQmVrMVVhM3BPZWsweFYycEJRVTFHYTNkRmQxbElDa3R2V2tsNmFqQkRRVkZaU1V0dldrbDZhakJFUVZGalJGRm5RVVZ3VkhObUwzZHlRMlIxTkVSdmJXWTBWMDkwVHpSRFRHdHFOVEYzYldvMGFXVnpXWFlLTlU0MlJGbG9aMmhRYW5GUlJuZEhXVWs1WjBaakwxZFlObEZOU1Zkb05WbElWVEpPUjNoeWJVMDNTMlppUVZsNmVqWlBRMEZZVFhkblowWjJUVUUwUndwQk1WVmtSSGRGUWk5M1VVVkJkMGxJWjBSQlZFSm5UbFpJVTFWRlJFUkJTMEpuWjNKQ1owVkdRbEZqUkVGNlFXUkNaMDVXU0ZFMFJVWm5VVlZyVVRJdkNrODBSbWwyYWpGaVZIRTNUbFJSWTNwdE1WSmtkRmxCZDBoM1dVUldVakJxUWtKbmQwWnZRVlV6T1ZCd2VqRlphMFZhWWpWeFRtcHdTMFpYYVhocE5Ga0tXa1E0ZDBsbldVUldVakJTUVZGSUwwSkNaM2RHYjBWVlkwZEdhV0pIT1c1ak1rWnpVVWhDTldSSGFIWmlhVFYyWTIxamQwdFJXVXRMZDFsQ1FrRkhSQXAyZWtGQ1FWRlJZbUZJVWpCalNFMDJUSGs1YUZreVRuWmtWelV3WTNrMWJtSXlPVzVpUjFWMVdUSTVkRTFEYzBkRGFYTkhRVkZSUW1jM09IZEJVV2RGQ2toUmQySmhTRkl3WTBoTk5reDVPV2haTWs1MlpGYzFNR041Tlc1aU1qbHVZa2RWZFZreU9YUk5TVWRNUW1kdmNrSm5SVVZCWkZvMVFXZFJRMEpJTUVVS1pYZENOVUZJWTBFelZEQjNZWE5pU0VWVVNtcEhValJqYlZkak0wRnhTa3RZY21wbFVFc3pMMmcwY0hsblF6aHdOMjgwUVVGQlIxaE9NRTUzUjNkQlFRcENRVTFCVTBSQ1IwRnBSVUUyY0VRNFVHcFRLelY2TWxOUmNtVXZUbE12ZDA5a1JsTnFWazF6ZUhaMFprWTJRVEZxWnlzeFZETlpRMGxSUkVNME5GTXZDbG96WXpCa1RtUmtUVGRGYTBVclFUTnFOMVptZEROb2NWSlZiMFpyVG1VMFZUWm5OWEZVUVV0Q1oyZHhhR3RxVDFCUlVVUkJkMDV2UVVSQ2JFRnFRVFlLYkVKSk1uSXpTME5hUm1Nck1tRm1abkJJTTFNeldHb3paMDFQUzJnNFRISTFXamRVWjJ0SGNETlJObEZ6YmtWNFIyMUtTakJzWlZob2NVZzJjbEZyUXdwTlVVUm1lR3N2TmtSNWFHSlBOMHRVY2tsVlptMXlZbHB2WVRka1ZqYzFZM0psYzBwVE5qbFlhelkzV0U0MU4zRnpjVmsxTWtSYWFqbHZOR1ppVlVsM0NqUnliejBLTFMwdExTMUZUa1FnUTBWU1ZFbEdTVU5CVkVVdExTMHRMUW89In19fX0="}], "timestampVerificationData": {}}, "messageSignature": {"messageDigest": {"algorithm": "SHA2_256", "digest": "j7X5+8dgn6giyzFUmIRXXbf9llfL/7iVELXXl1ljqDo="}, "signature": "MEUCIQC9CRYF3RXe3t3qBPIwe+GzL12B9uKN2+DZVkbcemEM/wIgO01JiXgmBqdCyEXh3NIPKyBTAohir6GNHYuxbILJ49Q="}} diff --git a/README.SUSE b/README.SUSE new file mode 100644 index 0000000..0053bcf --- /dev/null +++ b/README.SUSE @@ -0,0 +1,43 @@ +Python 3 in SUSE +============== + +* Subpackages * + +Python 3 is split into several subpackages, based on external dependencies. +The main package 'python3' has soft dependencies on all subpackages needed to +assemble the standard library; however, these might not all be installed by default. + +If you attempt to import a module that is currently not installed, an ImportError is thrown, +with instructions to install the missing subpackage. Installing the subpackage might result +in installing libraries that the subpackage requires to function. + + +* ensurepip * + +The 'ensurepip' module from Python 3 standard library (PEP 453) is supposed to deploy +a bundled copy of the pip installer. This makes no sense in a managed distribution like SUSE. +Instead, you need to install package 'python3-pip'. Usually this will be installed automatically +with 'python3'. + +Using 'ensurepip' when pip is not installed will result in an ImportError with instructions +to install 'python3-pip'. + + +* Documentation * + +You can find documentation in seprarate packages: python3-doc and +python3-doc-pdf. These contan following documents: + + Tutorial, What's New in Python, Global Module Index, Library Reference, + Macintosh Module Reference, Installing Python Modules, Distributing Python + Modules, Language Reference, Extending and Embedding, Python/C API, + Documenting Python + +The python3-doc package constains many text files from source tarball. + + +* Interactive mode * + +Interactive mode is by default enhanced with of history and command completion. +If you don't like these features, you can unset the PYTHONSTARTUP variable +in your .profile or disable it system wide in /etc/profile.d/python.sh. diff --git a/_multibuild b/_multibuild new file mode 100644 index 0000000..1d50bc4 --- /dev/null +++ b/_multibuild @@ -0,0 +1,4 @@ + + base + doc + diff --git a/add-loongarch64-support.patch b/add-loongarch64-support.patch new file mode 100644 index 0000000..10cc846 --- /dev/null +++ b/add-loongarch64-support.patch @@ -0,0 +1,29 @@ +Description: Add platform triplets for LoongArch. + +--- + configure.ac | 14 ++++++++++++++ + 1 file changed, 14 insertions(+) + +--- a/configure.ac ++++ b/configure.ac +@@ -976,6 +976,20 @@ cat > conftest.c <=6) && defined(_MIPSEL) diff --git a/baselibs.conf b/baselibs.conf new file mode 100644 index 0000000..1793de8 --- /dev/null +++ b/baselibs.conf @@ -0,0 +1,3 @@ +python311-base +python311 +libpython3_11-1_0 diff --git a/bluez-devel-vendor.tar.xz b/bluez-devel-vendor.tar.xz new file mode 100644 index 0000000..57fb3e5 --- /dev/null +++ b/bluez-devel-vendor.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:868fbfba2ddaed62f2c45cf869fe2c648527ac3bac738f4f41f3c2872f5b0211 +size 25040 diff --git a/bpo-31046_ensurepip_honours_prefix.patch b/bpo-31046_ensurepip_honours_prefix.patch new file mode 100644 index 0000000..86882ae --- /dev/null +++ b/bpo-31046_ensurepip_honours_prefix.patch @@ -0,0 +1,173 @@ +From 5754521af1d51aa8e445cba07a093bbc0c88596d Mon Sep 17 00:00:00 2001 +From: Zackery Spytz +Date: Mon, 16 Dec 2019 18:24:08 -0700 +Subject: [PATCH] bpo-31046: ensurepip does not honour the value of $(prefix) + +Co-Authored-By: Xavier de Gaye +--- + Doc/library/ensurepip.rst | 9 +++-- + Lib/ensurepip/__init__.py | 18 +++++++--- + Lib/test/test_ensurepip.py | 11 ++++++ + Makefile.pre.in | 4 +- + Misc/NEWS.d/next/Build/2019-12-16-17-50-42.bpo-31046.XA-Qfr.rst | 1 + 5 files changed, 34 insertions(+), 9 deletions(-) + create mode 100644 Misc/NEWS.d/next/Build/2019-12-16-17-50-42.bpo-31046.XA-Qfr.rst + +Index: Python-3.11.8/Doc/library/ensurepip.rst +=================================================================== +--- Python-3.11.8.orig/Doc/library/ensurepip.rst ++++ Python-3.11.8/Doc/library/ensurepip.rst +@@ -59,7 +59,9 @@ is at least as recent as the one availab + By default, ``pip`` is installed into the current virtual environment + (if one is active) or into the system site packages (if there is no + active virtual environment). The installation location can be controlled +-through two additional command line options: ++through some additional command line options: ++ ++* ``--prefix ``: Installs ``pip`` using the given directory prefix. + + * :samp:`--root {dir}`: Installs ``pip`` relative to the given root directory + rather than the root of the currently active virtual environment (if any) +@@ -92,7 +94,7 @@ Module API + Returns a string specifying the available version of pip that will be + installed when bootstrapping an environment. + +-.. function:: bootstrap(root=None, upgrade=False, user=False, \ ++.. function:: bootstrap(root=None, prefix=None, upgrade=False, user=False, \ + altinstall=False, default_pip=False, \ + verbosity=0) + +@@ -102,6 +104,8 @@ Module API + If *root* is ``None``, then installation uses the default install location + for the current environment. + ++ *prefix* specifies the directory prefix to use when installing. ++ + *upgrade* indicates whether or not to upgrade an existing installation + of an earlier version of ``pip`` to the available version. + +@@ -122,6 +126,8 @@ Module API + *verbosity* controls the level of output to :data:`sys.stdout` from the + bootstrapping operation. + ++ .. versionchanged:: 3.9 the *prefix* parameter was added. ++ + .. audit-event:: ensurepip.bootstrap root ensurepip.bootstrap + + .. note:: +Index: Python-3.11.8/Lib/ensurepip/__init__.py +=================================================================== +--- Python-3.11.8.orig/Lib/ensurepip/__init__.py ++++ Python-3.11.8/Lib/ensurepip/__init__.py +@@ -122,27 +122,27 @@ def _disable_pip_configuration_settings( + os.environ['PIP_CONFIG_FILE'] = os.devnull + + +-def bootstrap(*, root=None, upgrade=False, user=False, ++def bootstrap(*, root=None, prefix=None, upgrade=False, user=False, + altinstall=False, default_pip=False, + verbosity=0): + """ + Bootstrap pip into the current Python installation (or the given root +- directory). ++ and directory prefix). + + Note that calling this function will alter both sys.path and os.environ. + """ + # Discard the return value +- _bootstrap(root=root, upgrade=upgrade, user=user, ++ _bootstrap(root=root, prefix=prefix, upgrade=upgrade, user=user, + altinstall=altinstall, default_pip=default_pip, + verbosity=verbosity) + + +-def _bootstrap(*, root=None, upgrade=False, user=False, ++def _bootstrap(*, root=None, prefix=None, upgrade=False, user=False, + altinstall=False, default_pip=False, + verbosity=0): + """ + Bootstrap pip into the current Python installation (or the given root +- directory). Returns pip command status code. ++ and directory prefix). Returns pip command status code. + + Note that calling this function will alter both sys.path and os.environ. + """ +@@ -192,6 +192,8 @@ def _bootstrap(*, root=None, upgrade=Fal + args = ["install", "--no-cache-dir", "--no-index", "--find-links", tmpdir] + if root: + args += ["--root", root] ++ if prefix: ++ args += ["--prefix", prefix] + if upgrade: + args += ["--upgrade"] + if user: +@@ -267,6 +269,11 @@ def _main(argv=None): + help="Install everything relative to this alternate root directory.", + ) + parser.add_argument( ++ "--prefix", ++ default=None, ++ help="Install everything using this prefix.", ++ ) ++ parser.add_argument( + "--altinstall", + action="store_true", + default=False, +@@ -285,6 +292,7 @@ def _main(argv=None): + + return _bootstrap( + root=args.root, ++ prefix=args.prefix, + upgrade=args.upgrade, + user=args.user, + verbosity=args.verbosity, +Index: Python-3.11.8/Lib/test/test_ensurepip.py +=================================================================== +--- Python-3.11.8.orig/Lib/test/test_ensurepip.py ++++ Python-3.11.8/Lib/test/test_ensurepip.py +@@ -112,6 +112,17 @@ class TestBootstrap(EnsurepipMixin, unit + unittest.mock.ANY, + ) + ++ def test_bootstrapping_with_prefix(self): ++ ensurepip.bootstrap(prefix="/foo/bar/") ++ self.run_pip.assert_called_once_with( ++ [ ++ "install", "--no-cache-dir", "--no-index", "--find-links", ++ unittest.mock.ANY, "--prefix", "/foo/bar/", ++ "setuptools", "pip", ++ ], ++ unittest.mock.ANY, ++ ) ++ + def test_bootstrapping_with_user(self): + ensurepip.bootstrap(user=True) + +Index: Python-3.11.8/Makefile.pre.in +=================================================================== +--- Python-3.11.8.orig/Makefile.pre.in ++++ Python-3.11.8/Makefile.pre.in +@@ -1761,7 +1761,7 @@ install: @FRAMEWORKINSTALLFIRST@ commoni + install|*) ensurepip="" ;; \ + esac; \ + $(RUNSHARED) $(PYTHON_FOR_BUILD) -m ensurepip \ +- $$ensurepip --root=$(DESTDIR)/ ; \ ++ $$ensurepip --root=$(DESTDIR)/ --prefix=$(prefix) ; \ + fi + + altinstall: commoninstall +@@ -1771,7 +1771,7 @@ altinstall: commoninstall + install|*) ensurepip="--altinstall" ;; \ + esac; \ + $(RUNSHARED) $(PYTHON_FOR_BUILD) -m ensurepip \ +- $$ensurepip --root=$(DESTDIR)/ ; \ ++ $$ensurepip --root=$(DESTDIR)/ --prefix=$(prefix) ; \ + fi + + commoninstall: check-clean-src @FRAMEWORKALTINSTALLFIRST@ \ +Index: Python-3.11.8/Misc/NEWS.d/next/Build/2019-12-16-17-50-42.bpo-31046.XA-Qfr.rst +=================================================================== +--- /dev/null ++++ Python-3.11.8/Misc/NEWS.d/next/Build/2019-12-16-17-50-42.bpo-31046.XA-Qfr.rst +@@ -0,0 +1 @@ ++A directory prefix can now be specified when using :mod:`ensurepip`. diff --git a/bsc1221260-test_asyncio-ResourceWarning.patch b/bsc1221260-test_asyncio-ResourceWarning.patch new file mode 100644 index 0000000..15d6b8d --- /dev/null +++ b/bsc1221260-test_asyncio-ResourceWarning.patch @@ -0,0 +1,21 @@ +From a3052035485bd2836e40f5284657ca105382cbfd Mon Sep 17 00:00:00 2001 +From: sobolevn +Date: Tue, 5 Mar 2024 20:24:16 +0300 +Subject: [PATCH] gh-116112: Fix `ResourceWarning` in + `test_asyncio.test_stream` + +Co-authored-by: @CendioOssman +--- + Lib/test/test_asyncio/test_streams.py | 1 + + 1 file changed, 1 insertion(+) + +--- a/Lib/test/test_asyncio/test_streams.py ++++ b/Lib/test/test_asyncio/test_streams.py +@@ -1156,6 +1156,7 @@ os.close(fd) + + def test_unhandled_cancel(self): + async def handle_echo(reader, writer): ++ writer.close() + asyncio.current_task().cancel() + messages = self._basetest_unhandled_exceptions(handle_echo) + self.assertEqual(messages, []) diff --git a/bso1227999-reproducible-builds.patch b/bso1227999-reproducible-builds.patch new file mode 100644 index 0000000..fb33d18 --- /dev/null +++ b/bso1227999-reproducible-builds.patch @@ -0,0 +1,37 @@ +From ac2b8869724d7a57d9b5efbdce2f20423214e8bb Mon Sep 17 00:00:00 2001 +From: "Bernhard M. Wiedemann" +Date: Tue, 16 Jul 2024 21:39:33 +0200 +Subject: [PATCH] Allow to override build date with SOURCE_DATE_EPOCH + +to make builds reproducible. +See https://reproducible-builds.org/ for why this is good +and https://reproducible-builds.org/specs/source-date-epoch/ +for the definition of this variable. +--- + Doc/conf.py | 3 ++- + Doc/library/functions.rst | 2 +- + 2 files changed, 3 insertions(+), 2 deletions(-) + +--- a/Doc/conf.py ++++ b/Doc/conf.py +@@ -316,7 +316,8 @@ html_context = { + } + + # This 'Last updated on:' timestamp is inserted at the bottom of every page. +-html_last_updated_fmt = time.strftime('%b %d, %Y (%H:%M UTC)', time.gmtime()) ++html_time = int(os.environ.get('SOURCE_DATE_EPOCH', time.time())) ++html_last_updated_fmt = time.strftime('%b %d, %Y (%H:%M UTC)', time.gmtime(html_time)) + + # Path to find HTML templates. + templates_path = ['tools/templates'] +--- a/Doc/library/functions.rst ++++ b/Doc/library/functions.rst +@@ -1356,7 +1356,7 @@ are always available. They are listed h + (where :func:`open` is declared), :mod:`os`, :mod:`os.path`, :mod:`tempfile`, + and :mod:`shutil`. + +- .. audit-event:: open file,mode,flags open ++ .. audit-event:: open path,mode,flags open + + The ``mode`` and ``flags`` arguments may have been modified or inferred from + the original call. diff --git a/distutils-reproducible-compile.patch b/distutils-reproducible-compile.patch new file mode 100644 index 0000000..17e8bd2 --- /dev/null +++ b/distutils-reproducible-compile.patch @@ -0,0 +1,17 @@ +--- + Lib/distutils/util.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +Index: Python-3.11.8/Lib/distutils/util.py +=================================================================== +--- Python-3.11.8.orig/Lib/distutils/util.py ++++ Python-3.11.8/Lib/distutils/util.py +@@ -436,7 +436,7 @@ byte_compile(files, optimize=%r, force=% + else: + from py_compile import compile + +- for file in py_files: ++ for file in sorted(py_files): + if file[-3:] != ".py": + # This lets us be lazy and not filter filenames in + # the "install_lib" command. diff --git a/externally_managed.in b/externally_managed.in new file mode 100644 index 0000000..54606b6 --- /dev/null +++ b/externally_managed.in @@ -0,0 +1,12 @@ +[externally-managed] +Error=To install Python packages system-wide, try + zypper install __PYTHONPREFIX__-xyz, where xyz is the package + you are trying to install. + + If you wish to install a non-rpm packaged Python package, + create a virtual environment using __PYTHON__ -m venv path/to/venv. + Then use path/to/venv/bin/python and path/to/venv/bin/pip. + + If you wish to install a non-rpm packaged Python application, + it may be easiest to use `pipx install xyz`, which will manage a + virtual environment for you. Install pipx via `zypper install __PYTHONPREFIX__-pipx` . diff --git a/fix_configure_rst.patch b/fix_configure_rst.patch new file mode 100644 index 0000000..a5fe82c --- /dev/null +++ b/fix_configure_rst.patch @@ -0,0 +1,40 @@ +--- + Doc/using/configure.rst | 3 --- + Misc/NEWS | 2 +- + 2 files changed, 1 insertion(+), 4 deletions(-) + +--- a/Doc/using/configure.rst ++++ b/Doc/using/configure.rst +@@ -43,7 +43,6 @@ General Options + + See :data:`sys.int_info.bits_per_digit `. + +-.. option:: --with-cxx-main + .. option:: --with-cxx-main=COMPILER + + Compile the Python ``main()`` function and link Python executable with C++ +@@ -529,13 +528,11 @@ macOS Options + + See ``Mac/README.rst``. + +-.. option:: --enable-universalsdk + .. option:: --enable-universalsdk=SDKDIR + + Create a universal binary build. *SDKDIR* specifies which macOS SDK should + be used to perform the build (default is no). + +-.. option:: --enable-framework + .. option:: --enable-framework=INSTALLDIR + + Create a Python.framework rather than a traditional Unix install. Optional +--- a/Misc/NEWS ++++ b/Misc/NEWS +@@ -9911,7 +9911,7 @@ C API + - bpo-40939: Removed documentation for the removed ``PyParser_*`` C API. + + - bpo-43795: The list in :ref:`limited-api-list` now shows the public name +- :c:struct:`PyFrameObject` rather than ``_frame``. The non-existing entry ++ :c:type:`PyFrameObject` rather than ``_frame``. The non-existing entry + ``_node`` no longer appears in the list. + + - bpo-44378: :c:func:`Py_IS_TYPE` no longer uses :c:func:`Py_TYPE` to avoid diff --git a/gh-126572-test_ssl-no-stop-ThreadedEchoServer-OSError.patch b/gh-126572-test_ssl-no-stop-ThreadedEchoServer-OSError.patch new file mode 100644 index 0000000..292efba --- /dev/null +++ b/gh-126572-test_ssl-no-stop-ThreadedEchoServer-OSError.patch @@ -0,0 +1,82 @@ +From 3d390148c05a7ea2d401c4633e7d4db75ebf97d9 Mon Sep 17 00:00:00 2001 +From: Petr Viktorin +Date: Thu, 7 Nov 2024 11:07:02 +0100 +Subject: [PATCH] gh-126500: test_ssl: Don't stop ThreadedEchoServer on OSError + in ConnectionHandler; rely on __exit__ (GH-126503) + +If `read()` in the ConnectionHandler thread raises `OSError` (except `ConnectionError`), +the ConnectionHandler shuts down the entire ThreadedEchoServer, +preventing further connections. +It also does that for `EPROTOTYPE` in `wrap_conn`. + +As far as I can see, this is done to avoid the server thread getting stuck, +forgotten, in its accept loop. However, since 2011 (5b95eb90a7167285b6544b50865227c584943c9a) +the server is used as a context manager, and its `__exit__` does `stop()` and `join()`. +(I'm not sure if we *always* used `with` since that commit, but currently we do.) + +Make sure that the context manager *is* used, and remove the `server.stop()` +calls from ConnectionHandler. +(cherry picked from commit c9cda1608edf7664c10f4f467e24591062c2fe62) + +Co-authored-by: Petr Viktorin +--- + Lib/test/test_ssl.py | 17 ++++++++++++----- + 1 file changed, 12 insertions(+), 5 deletions(-) + +Index: Python-3.11.12/Lib/test/test_ssl.py +=================================================================== +--- Python-3.11.12.orig/Lib/test/test_ssl.py 2025-04-19 19:55:02.157545844 +0200 ++++ Python-3.11.12/Lib/test/test_ssl.py 2025-04-19 19:55:05.014552345 +0200 +@@ -2516,7 +2516,6 @@ + # See also http://erickt.github.io/blog/2014/11/19/adventures-in-debugging-a-potential-osx-kernel-bug/ + if e.errno != errno.EPROTOTYPE and sys.platform != "darwin": + self.running = False +- self.server.stop() + self.close() + return False + else: +@@ -2651,10 +2650,6 @@ + self.close() + self.running = False + +- # normally, we'd just stop here, but for the test +- # harness, we want to stop the server +- self.server.stop() +- + def __init__(self, certificate=None, ssl_version=None, + certreqs=None, cacerts=None, + chatty=True, connectionchatty=False, starttls_server=False, +@@ -2688,21 +2683,33 @@ + self.conn_errors = [] + threading.Thread.__init__(self) + self.daemon = True ++ self._in_context = False + + def __enter__(self): ++ if self._in_context: ++ raise ValueError('Re-entering ThreadedEchoServer context') ++ self._in_context = True + self.start(threading.Event()) + self.flag.wait() + return self + + def __exit__(self, *args): ++ assert self._in_context ++ self._in_context = False + self.stop() + self.join() + + def start(self, flag=None): ++ if not self._in_context: ++ raise ValueError( ++ 'ThreadedEchoServer must be used as a context manager') + self.flag = flag + threading.Thread.start(self) + + def run(self): ++ if not self._in_context: ++ raise ValueError( ++ 'ThreadedEchoServer must be used as a context manager') + self.sock.settimeout(1.0) + self.sock.listen(5) + self.active = True diff --git a/gh120226-fix-sendfile-test-kernel-610.patch b/gh120226-fix-sendfile-test-kernel-610.patch new file mode 100644 index 0000000..2eb6f63 --- /dev/null +++ b/gh120226-fix-sendfile-test-kernel-610.patch @@ -0,0 +1,35 @@ +From 1b3f6523a5c83323cdc44031b33a1c062e5dc698 Mon Sep 17 00:00:00 2001 +From: Xi Ruoyao +Date: Fri, 7 Jun 2024 23:51:32 +0800 +Subject: [PATCH] gh-120226: Fix + test_sendfile_close_peer_in_the_middle_of_receiving on Linux >= 6.10 + (GH-120227) + +The worst case is that the kernel buffers 17 pages with a page size of 64k. +(cherry picked from commit a7584245661102a5768c643fbd7db8395fd3c90e) + +Co-authored-by: Xi Ruoyao +--- + Lib/test/test_asyncio/test_sendfile.py | 11 ++++------- + 1 file changed, 4 insertions(+), 7 deletions(-) + +--- a/Lib/test/test_asyncio/test_sendfile.py ++++ b/Lib/test/test_asyncio/test_sendfile.py +@@ -93,13 +93,10 @@ class MyProto(asyncio.Protocol): + + class SendfileBase: + +- # 256 KiB plus small unaligned to buffer chunk +- # Newer versions of Windows seems to have increased its internal +- # buffer and tries to send as much of the data as it can as it +- # has some form of buffering for this which is less than 256KiB +- # on newer server versions and Windows 11. +- # So DATA should be larger than 256 KiB to make this test reliable. +- DATA = b"x" * (1024 * 256 + 1) ++ # Linux >= 6.10 seems buffering up to 17 pages of data. ++ # So DATA should be large enough to make this test reliable even with a ++ # 64 KiB page configuration. ++ DATA = b"x" * (1024 * 17 * 64 + 1) + # Reduce socket buffer size to test on relative small data sets. + BUF_SIZE = 4 * 1024 # 4 KiB + diff --git a/idle3.appdata.xml b/idle3.appdata.xml new file mode 100644 index 0000000..554b7c4 --- /dev/null +++ b/idle3.appdata.xml @@ -0,0 +1,35 @@ + + + + + idle3.desktop + IDLE3 + CC0 + Python-2.0 + Python 3 Integrated Development and Learning Environment + +

+ IDLE is Python’s Integrated Development and Learning Environment. + The GUI is uniform between Windows, Unix, and Mac OS X. + IDLE provides an easy way to start writing, running, and debugging + Python code. +

+

+ IDLE is written in pure Python, and uses the tkinter GUI toolkit. + It provides: +

+
    +
  • a Python shell window (interactive interpreter) with colorizing of code input, output, and error messages,
    • +
  • a multi-window text editor with multiple undo, Python colorizing, smart indent, call tips, auto completion, and other features,
    • +
  • search within any window, replace within editor windows, and search through multiple files (grep),
    • +
  • a debugger with persistent breakpoints, stepping, and viewing of global and local namespaces.
    • +
+ + https://docs.python.org/3/library/idle.html + + http://in.waw.pl/~zbyszek/fedora/idle3-appdata/idle3-main-window.png + http://in.waw.pl/~zbyszek/fedora/idle3-appdata/idle3-class-browser.png + http://in.waw.pl/~zbyszek/fedora/idle3-appdata/idle3-code-viewer.png + + zbyszek@in.waw.pl + diff --git a/idle3.desktop b/idle3.desktop new file mode 100644 index 0000000..43f5a4c --- /dev/null +++ b/idle3.desktop @@ -0,0 +1,12 @@ +[Desktop Entry] +Version=1.0 +Name=IDLE 3 +GenericName=Python 3 IDE +Comment=Python 3 Integrated Development and Learning Environment +Exec=idle3 %F +TryExec=idle3 +Terminal=false +Type=Application +Icon=idle3 +Categories=Development;IDE; +MimeType=text/x-python; diff --git a/import_failed.map b/import_failed.map new file mode 100644 index 0000000..f33690c --- /dev/null +++ b/import_failed.map @@ -0,0 +1,7 @@ +python311-curses: curses _curses _curses_panel +python311-dbm: dbm _dbm _gdbm +python311-idle: idlelib +python311-testsuite: test _ctypes_test _testbuffer _testcapi _testinternalcapi _testimportmultiple _testmultiphase xxlimited +python311-tk: tkinter _tkinter +python311-tools: turtledemo +python311: sqlite3 readline _sqlite3 nis diff --git a/import_failed.py b/import_failed.py new file mode 100644 index 0000000..258b5a5 --- /dev/null +++ b/import_failed.py @@ -0,0 +1,23 @@ +import sys, os +from sysconfig import get_path + +failed_map_path = os.path.join(get_path('stdlib'), '_import_failed', 'import_failed.map') + +if __spec__: + failed_name = __spec__.name +else: + failed_name = __name__ + +with open(failed_map_path) as fd: + for line in fd: + package = line.split(':')[0] + imports = line.split(':')[1] + if failed_name in imports: + raise ImportError(f"""Module '{failed_name}' is not installed. +Use: + sudo zypper install {package} +to install it.""") + +raise ImportError(f"""Module '{failed_name}' is not installed. +It is supposed to be part of python3 distribution, but missing from failed import map. +Please file a bug on the SUSE Bugzilla.""") diff --git a/macros.python3 b/macros.python3 new file mode 100644 index 0000000..2bd193b --- /dev/null +++ b/macros.python3 @@ -0,0 +1,28 @@ +%have_python3 1 + +# commented out legacy macro definitions +#py3_prefix /usr +#py3_incdir /usr/include/python3.5m +#py3_ver 3.5 + +# these should now be provided by macros.python_all +#python3_sitearch /usr/lib64/python3.5/site-packages +#python3_sitelib /usr/lib/python3.5/site-packages +#python3_version 3.5 + +# hard to say if anyone ever used these? +#py3_soflags cpython-35m-x86_64-linux-gnu +#py3_abiflags m +%cpython3_soabi %(python3 -c "import sysconfig; print(sysconfig.get_config_var('SOABI'))") +%py3_soflags %cpython3_soabi + +# compilation macros that might be in use somewhere +%py3_compile(O) \ +find %1 -name '*.pyc' -exec rm -f {} ";"\ +python3 -c "import sys, os, compileall; br='%{buildroot}'; compileall.compile_dir(sys.argv[1], ddir=br and (sys.argv[1][len(os.path.abspath(br)):]+'/') or None)" %1\ +%{-O:\ +find %1 -name '*.pyo' -exec rm -f {} ";"\ +python3 -O -c "import sys, os, compileall; br='%{buildroot}'; compileall.compile_dir(sys.argv[1], ddir=br and (sys.argv[1][len(os.path.abspath(br)):]+'/') or None)" %1\ +} + + diff --git a/no-skipif-doctests.patch b/no-skipif-doctests.patch new file mode 100644 index 0000000..7e412d7 --- /dev/null +++ b/no-skipif-doctests.patch @@ -0,0 +1,653 @@ +only in patch2: +unchanged: +--- + Doc/library/turtle.rst | 82 ------------------------------------------------- + 1 file changed, 82 deletions(-) + +--- a/Doc/library/turtle.rst ++++ b/Doc/library/turtle.rst +@@ -440,7 +440,6 @@ Turtle motion + turtle is headed. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.position() + (0.00,0.00) +@@ -467,7 +466,6 @@ Turtle motion + >>> turtle.goto(0, 0) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.position() + (0.00,0.00) +@@ -486,13 +484,11 @@ Turtle motion + orientation depends on the turtle mode, see :func:`mode`. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.setheading(22) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.heading() + 22.0 +@@ -511,13 +507,11 @@ Turtle motion + orientation depends on the turtle mode, see :func:`mode`. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.setheading(22) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.heading() + 22.0 +@@ -540,13 +534,11 @@ Turtle motion + not change the turtle's orientation. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.goto(0, 0) + + .. doctest:: +- :skipif: _tkinter is None + + >>> tp = turtle.pos() + >>> tp +@@ -570,13 +562,11 @@ Turtle motion + unchanged. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.goto(0, 240) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.position() + (0.00,240.00) +@@ -592,13 +582,11 @@ Turtle motion + Set the turtle's second coordinate to *y*, leave first coordinate unchanged. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.goto(0, 40) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.position() + (0.00,40.00) +@@ -625,7 +613,6 @@ Turtle motion + =================== ==================== + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.setheading(90) + >>> turtle.heading() +@@ -638,14 +625,12 @@ Turtle motion + its start-orientation (which depends on the mode, see :func:`mode`). + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.setheading(90) + >>> turtle.goto(0, -10) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.heading() + 90.0 +@@ -677,7 +662,6 @@ Turtle motion + calculated automatically. May be used to draw regular polygons. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.position() +@@ -706,7 +690,6 @@ Turtle motion + + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.dot() +@@ -724,7 +707,6 @@ Turtle motion + it by calling ``clearstamp(stamp_id)``. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.color("blue") + >>> turtle.stamp() +@@ -740,7 +722,6 @@ Turtle motion + Delete stamp with given *stampid*. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.position() + (150.00,-0.00) +@@ -785,7 +766,6 @@ Turtle motion + undo actions is determined by the size of the undobuffer. + + .. doctest:: +- :skipif: _tkinter is None + + >>> for i in range(4): + ... turtle.fd(50); turtle.lt(80) +@@ -818,7 +798,6 @@ Turtle motion + turtle turn instantly. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.speed() + 3 +@@ -839,7 +818,6 @@ Tell Turtle's state + Return the turtle's current location (x,y) (as a :class:`Vec2D` vector). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.pos() + (440.00,-0.00) +@@ -855,7 +833,6 @@ Tell Turtle's state + orientation which depends on the mode - "standard"/"world" or "logo". + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.goto(10, 10) + >>> turtle.towards(0,0) +@@ -867,7 +844,6 @@ Tell Turtle's state + Return the turtle's x coordinate. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.left(50) +@@ -883,7 +859,6 @@ Tell Turtle's state + Return the turtle's y coordinate. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.left(60) +@@ -900,7 +875,6 @@ Tell Turtle's state + :func:`mode`). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.left(67) +@@ -917,7 +891,6 @@ Tell Turtle's state + other turtle, in turtle step units. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.distance(30,40) +@@ -941,7 +914,6 @@ Settings for measurement + Default value is 360 degrees. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.left(90) +@@ -964,7 +936,6 @@ Settings for measurement + ``degrees(2*math.pi)``. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.left(90) +@@ -975,7 +946,6 @@ Settings for measurement + 1.5707963267948966 + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.degrees(360) +@@ -1011,7 +981,6 @@ Drawing state + thickness. If no argument is given, the current pensize is returned. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.pensize() + 1 +@@ -1043,7 +1012,6 @@ Drawing state + attributes in one statement. + + .. doctest:: +- :skipif: _tkinter is None + :options: +NORMALIZE_WHITESPACE + + >>> turtle.pen(fillcolor="black", pencolor="red", pensize=10) +@@ -1066,7 +1034,6 @@ Drawing state + Return ``True`` if pen is down, ``False`` if it's up. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.penup() + >>> turtle.isdown() +@@ -1107,7 +1074,6 @@ Color control + newly set pencolor. + + .. doctest:: +- :skipif: _tkinter is None + + >>> colormode() + 1.0 +@@ -1156,7 +1122,6 @@ Color control + with the newly set fillcolor. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.fillcolor("violet") + >>> turtle.fillcolor() +@@ -1195,7 +1160,6 @@ Color control + with the newly set colors. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.color("red", "green") + >>> turtle.color() +@@ -1212,7 +1176,6 @@ Filling + ~~~~~~~ + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.home() +@@ -1222,7 +1185,6 @@ Filling + Return fillstate (``True`` if filling, ``False`` else). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.begin_fill() + >>> if turtle.filling(): +@@ -1247,7 +1209,6 @@ Filling + above may be either all yellow or have some white regions. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.color("black", "red") + >>> turtle.begin_fill() +@@ -1264,7 +1225,6 @@ More drawing control + variables to the default values. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.goto(0,-22) + >>> turtle.left(100) +@@ -1315,7 +1275,6 @@ Visibility + drawing observably. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.hideturtle() + +@@ -1326,7 +1285,6 @@ Visibility + Make the turtle visible. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.showturtle() + +@@ -1357,7 +1315,6 @@ Appearance + deal with shapes see Screen method :func:`register_shape`. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.shape() + 'classic' +@@ -1383,7 +1340,6 @@ Appearance + ``resizemode("user")`` is called by :func:`shapesize` when used with arguments. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.resizemode() + 'noresize' +@@ -1407,7 +1363,6 @@ Appearance + of the shape's outline. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.shapesize() + (1.0, 1.0, 1) +@@ -1432,7 +1387,6 @@ Appearance + heading of the turtle are sheared. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.shape("circle") + >>> turtle.shapesize(5,2) +@@ -1449,7 +1403,6 @@ Appearance + change the turtle's heading (direction of movement). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.reset() + >>> turtle.shape("circle") +@@ -1469,7 +1422,6 @@ Appearance + (direction of movement). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.reset() + >>> turtle.shape("circle") +@@ -1495,7 +1447,6 @@ Appearance + turtle (its direction of movement). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.reset() + >>> turtle.shape("circle") +@@ -1524,7 +1475,6 @@ Appearance + given matrix. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle = Turtle() + >>> turtle.shape("square") +@@ -1540,7 +1490,6 @@ Appearance + can be used to define a new shape or components of a compound shape. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.shape("square") + >>> turtle.shapetransform(4, -1, 0, 2) +@@ -1565,7 +1514,6 @@ Using events + procedural way: + + .. doctest:: +- :skipif: _tkinter is None + + >>> def turn(x, y): + ... left(180) +@@ -1586,7 +1534,6 @@ Using events + ``None``, existing bindings are removed. + + .. doctest:: +- :skipif: _tkinter is None + + >>> class MyTurtle(Turtle): + ... def glow(self,x,y): +@@ -1614,7 +1561,6 @@ Using events + mouse-click event on that turtle. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.ondrag(turtle.goto) + +@@ -1642,7 +1588,6 @@ Special Turtle methods + Return the last recorded polygon. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.begin_poly() +@@ -1662,7 +1607,6 @@ Special Turtle methods + turtle properties. + + .. doctest:: +- :skipif: _tkinter is None + + >>> mick = Turtle() + >>> joe = mick.clone() +@@ -1675,7 +1619,6 @@ Special Turtle methods + return the "anonymous turtle": + + .. doctest:: +- :skipif: _tkinter is None + + >>> pet = getturtle() + >>> pet.fd(50) +@@ -1689,7 +1632,6 @@ Special Turtle methods + TurtleScreen methods can then be called for that object. + + .. doctest:: +- :skipif: _tkinter is None + + >>> ts = turtle.getscreen() + >>> ts +@@ -1707,7 +1649,6 @@ Special Turtle methods + ``None``, the undobuffer is disabled. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.setundobuffer(42) + +@@ -1717,7 +1658,6 @@ Special Turtle methods + Return number of entries in the undobuffer. + + .. doctest:: +- :skipif: _tkinter is None + + >>> while undobufferentries(): + ... undo() +@@ -1740,7 +1680,6 @@ below: + For example: + + .. doctest:: +- :skipif: _tkinter is None + + >>> s = Shape("compound") + >>> poly1 = ((0,0),(10,-5),(0,10),(-10,-5)) +@@ -1751,7 +1690,6 @@ below: + 3. Now add the Shape to the Screen's shapelist and use it: + + .. doctest:: +- :skipif: _tkinter is None + + >>> register_shape("myshape", s) + >>> shape("myshape") +@@ -1771,7 +1709,6 @@ Most of the examples in this section ref + ``screen``. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> screen = Screen() +@@ -1788,7 +1725,6 @@ Window control + Set or return background color of the TurtleScreen. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.bgcolor("orange") + >>> screen.bgcolor() +@@ -1880,7 +1816,6 @@ Window control + distorted. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.reset() + >>> screen.setworldcoordinates(-50,-7.5,50,7.5) +@@ -1891,7 +1826,6 @@ Window control + ... left(45); fd(2) # a regular octagon + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> screen.reset() +@@ -1913,7 +1847,6 @@ Animation control + Optional argument: + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.delay() + 10 +@@ -1935,7 +1868,6 @@ Animation control + :func:`delay`). + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.tracer(8, 25) + >>> dist = 2 +@@ -1972,7 +1904,6 @@ Using screen events + must have the focus. (See method :func:`listen`.) + + .. doctest:: +- :skipif: _tkinter is None + + >>> def f(): + ... fd(50) +@@ -1993,7 +1924,6 @@ Using screen events + must have focus. (See method :func:`listen`.) + + .. doctest:: +- :skipif: _tkinter is None + + >>> def f(): + ... fd(50) +@@ -2018,7 +1948,6 @@ Using screen events + named ``turtle``: + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.onclick(turtle.goto) # Subsequently clicking into the TurtleScreen will + >>> # make the turtle move to the clicked point. +@@ -2038,7 +1967,6 @@ Using screen events + Install a timer that calls *fun* after *t* milliseconds. + + .. doctest:: +- :skipif: _tkinter is None + + >>> running = True + >>> def f(): +@@ -2120,7 +2048,6 @@ Settings and special methods + ============ ========================= =================== + + .. doctest:: +- :skipif: _tkinter is None + + >>> mode("logo") # resets turtle heading to north + >>> mode() +@@ -2135,7 +2062,6 @@ Settings and special methods + values of color triples have to be in the range 0..*cmode*. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.colormode(1) + >>> turtle.pencolor(240, 160, 80) +@@ -2156,7 +2082,6 @@ Settings and special methods + do with a Tkinter Canvas. + + .. doctest:: +- :skipif: _tkinter is None + + >>> cv = screen.getcanvas() + >>> cv +@@ -2168,7 +2093,6 @@ Settings and special methods + Return a list of names of all currently available turtle shapes. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.getshapes() + ['arrow', 'blank', 'circle', ..., 'turtle'] +@@ -2192,7 +2116,6 @@ Settings and special methods + coordinates: Install the corresponding polygon shape. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.register_shape("triangle", ((5,-3), (0,5), (-5,-3))) + +@@ -2208,7 +2131,6 @@ Settings and special methods + Return the list of turtles on the screen. + + .. doctest:: +- :skipif: _tkinter is None + + >>> for turtle in screen.turtles(): + ... turtle.color("red") +@@ -2270,7 +2192,6 @@ Methods specific to Screen, not inherite + center window vertically + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.setup (width=200, height=200, startx=0, starty=0) + >>> # sets window to 200x200 pixels, in upper left of screen +@@ -2286,7 +2207,6 @@ Methods specific to Screen, not inherite + Set title of turtle window to *titlestring*. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.title("Welcome to the turtle zoo!") + +@@ -2357,7 +2277,6 @@ Public classes + Example: + + .. doctest:: +- :skipif: _tkinter is None + + >>> poly = ((0,0),(10,-5),(0,10),(-10,-5)) + >>> s = Shape("compound") +@@ -2743,7 +2662,6 @@ Changes since Python 3.0 + + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> for turtle in turtles(): diff --git a/pre_checkin.sh b/pre_checkin.sh new file mode 100644 index 0000000..a2cf992 --- /dev/null +++ b/pre_checkin.sh @@ -0,0 +1,78 @@ +#!/bin/bash + +export LC_ALL=C + +master=python*.spec + +# create import_failed.map from package definitions +pkgname=$(grep python_pkg_name $master |grep define |awk -F' ' '{print $3}') +MAPFILE=import_failed.map +function new_map_line () { + package=$1 + package=$(echo $1 |sed -e "s:%{python_pkg_name}:$pkgname:") + modules=$2 + if [ -z "$package" -o -z "$modules" ]; then + return + fi + if [[ "$package" =~ "-base" ]]; then + return + fi + echo "$package:$modules" >> $MAPFILE.tmp +} + +for spec in *.spec; do + basename=${spec%.spec} + package= + modules= + while read line; do + case $line in + "%files -n "*) + new_map_line $package "$modules" + package=${line#"%files -n "} + modules= + ;; + "%files "*) + new_map_line $package "$modules" + package=$basename-${line#"%files "} + modules= + ;; + "%files") + new_map_line $package "$modules" + package=$basename + modules= + ;; + "%{sitedir}/config-"*) + # ignore + ;; + "%{sitedir}/"*) + word=${line#"%{sitedir}/"} + if ! echo $word | grep -q /; then + modules="$modules $word" + fi + ;; + "%{dynlib "*"}") + word=${line#"%{dynlib "} + word=${word%"}"} + modules="$modules $word" + ;; + esac + done < $spec + new_map_line $package "$modules" +done + +cat $MAPFILE.tmp |sort -u > $MAPFILE +rm $MAPFILE.tmp + +# run test inclusion check +tar xJf Python-*.xz +python3 skipped_tests.py + +# generate baselibs.conf +VERSION=$(grep ^Version $master|awk -F':' '{print $2}' |sed -e 's/ //g') +python_version=${VERSION:0:3} # 3.3 +python_version_abitag=${python_version//./} # 33 +python_version_soname=${python_version//./_} # 3_3 +echo "$pkgname-base" > baselibs.conf +echo "$pkgname" >> baselibs.conf +echo "libpython$python_version_soname-1_0" >> baselibs.conf + diff --git a/python-3.3.0b1-fix_date_time_compiler.patch b/python-3.3.0b1-fix_date_time_compiler.patch new file mode 100644 index 0000000..cda20d7 --- /dev/null +++ b/python-3.3.0b1-fix_date_time_compiler.patch @@ -0,0 +1,27 @@ +--- + Makefile.pre.in | 7 +++++++ + 1 file changed, 7 insertions(+) + +Index: Python-3.11.8/Makefile.pre.in +=================================================================== +--- Python-3.11.8.orig/Makefile.pre.in ++++ Python-3.11.8/Makefile.pre.in +@@ -1240,11 +1240,18 @@ Modules/getbuildinfo.o: $(PARSER_OBJS) \ + $(DTRACE_OBJS) \ + $(srcdir)/Modules/getbuildinfo.c + $(CC) -c $(PY_CORE_CFLAGS) \ ++ -DDATE="\"`date -u -r Makefile.pre.in +"%b %d %Y"`\"" \ ++ -DTIME="\"`date -u -r Makefile.pre.in +"%T"`\"" \ + -DGITVERSION="\"`LC_ALL=C $(GITVERSION)`\"" \ + -DGITTAG="\"`LC_ALL=C $(GITTAG)`\"" \ + -DGITBRANCH="\"`LC_ALL=C $(GITBRANCH)`\"" \ + -o $@ $(srcdir)/Modules/getbuildinfo.c + ++Python/getcompiler.o: $(srcdir)/Python/getcompiler.c Makefile ++ $(CC) -c $(PY_CORE_CFLAGS) \ ++ -DCOMPILER='"[GCC]"' \ ++ -o $@ $(srcdir)/Python/getcompiler.c ++ + Modules/getpath.o: $(srcdir)/Modules/getpath.c Python/frozen_modules/getpath.h Makefile $(PYTHON_HEADERS) + $(CC) -c $(PY_CORE_CFLAGS) -DPYTHONPATH='"$(PYTHONPATH)"' \ + -DPREFIX='"$(prefix)"' \ diff --git a/python-3.3.0b1-localpath.patch b/python-3.3.0b1-localpath.patch new file mode 100644 index 0000000..475497e --- /dev/null +++ b/python-3.3.0b1-localpath.patch @@ -0,0 +1,13 @@ +Index: Python-3.11.8/Lib/site.py +=================================================================== +--- Python-3.11.8.orig/Lib/site.py ++++ Python-3.11.8/Lib/site.py +@@ -77,7 +77,7 @@ import io + import stat + + # Prefixes for site-packages; add additional prefixes like /usr/local here +-PREFIXES = [sys.prefix, sys.exec_prefix] ++PREFIXES = [sys.prefix, sys.exec_prefix, '/usr/local'] + # Enable per user site-packages directory + # set it to False to disable the feature or True to force the feature + ENABLE_USER_SITE = None diff --git a/python-3.3.0b1-test-posix_fadvise.patch b/python-3.3.0b1-test-posix_fadvise.patch new file mode 100644 index 0000000..ac5d553 --- /dev/null +++ b/python-3.3.0b1-test-posix_fadvise.patch @@ -0,0 +1,17 @@ +--- + Lib/test/test_posix.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +Index: Python-3.11.8/Lib/test/test_posix.py +=================================================================== +--- Python-3.11.8.orig/Lib/test/test_posix.py ++++ Python-3.11.8/Lib/test/test_posix.py +@@ -430,7 +430,7 @@ class PosixTester(unittest.TestCase): + def test_posix_fadvise(self): + fd = os.open(os_helper.TESTFN, os.O_RDONLY) + try: +- posix.posix_fadvise(fd, 0, 0, posix.POSIX_FADV_WILLNEED) ++ posix.posix_fadvise(fd, 0, 0, posix.POSIX_FADV_RANDOM) + finally: + os.close(fd) + diff --git a/python.keyring b/python.keyring new file mode 100644 index 0000000..747bc27 --- /dev/null +++ b/python.keyring @@ -0,0 +1,109 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBFq+ToQBEADRYvIVtbK6owynD3j3nxwpW2KEk/p+aDvtXmc2SR2dBcZ8sFW2 +R5vEsG8d3/D3wgv5pcL3KfNNXQYUnXVbobrFUUWQYc79qIsE3MgiPf5NVOtwKPUR +i5g9YJgKvpBxkQfqp3LYGm9ZBtwo3DVLA3yn7KsazCmAgTNFJYw7ku1XxgmIzY6K +5J30DfbJiqDqj4f9GslCCCCH3qiPnuLG/HUyVLHMpbWlaiy9NI0GcaLxjJewHj9w +W2D2lydkxe5JGo7egUkV3ILcuLVSVKA35SKY27dYqfuyqp9tAzaRbjDYjsYdHA6G +BqrNrKBn/GwlFDPrVdcvN3ZSY2wMLTxWE3Axc/FweuHxFnou/80FwX7F3JD+oEQ6 +rofmcxOBCC7J98I7HZAhP9jBn88XIS2hztbLq8d6rZJZRtcz0k61VR0ddO+TrFmf +9rMYCPgCckRtVxeFIVIabrN1IzKynLFeo040h8hSGswd6YKDOVwjJY6Oa6EmVefZ +a8QSt4+M65RSzH6SEPY008F3nJUAK6MEkzTak+tFltZNrVWu8p2xd1j9nmxAwEhZ +/lgbxLqzYgaUWmfyHeZ8yVA0MhHzdiAL8nVUEdG3KecIq0RWCJLGLWWIjd6KAJl1 +yAmhRYKK/sjPDsL3elHsFACfZbyx3o5GGQNlas1FYoPLWbaNGaJtgFTF2QARAQAB +tCtQYWJsbyBHYWxpbmRvIFNhbGdhZG8gPHBhYmxvZ3NhbEBnbWFpbC5jb20+iQJO +BBMBCgA4FiEEoDXIwZIZuoIezqhrZOYo+NaEaW0FAlq+ToQCGwMFCwkIBwMFFQoJ +CAsFFgIDAQACHgECF4AACgkQZOYo+NaEaW2bmA/+PXIap2udLoUVOHxnsIBdqYwp +sv1Aj5lfIJmNhmxPbHShwp1Jg+w4urxe+2Dj5ofKVlIo1i83bQkvnKJMDXDVuc/K +P6zqhBJ3rT4Q3qx2mzX8bIfQoJ2JHuH4lkP+I7doDcHHRyeNASyk72VdQmU4twNw +Ibn8nSNV6ThKHdoPYzVnO2rZUFcGIqH5HNsvR+B7cc1MBCHsgURYwSVhSePIFGlZ +iasdBD6QQkDSe4QWi7AcJFWFElw4kbOKJWxAWsrEk+tMXJVGRjnmL289EmPCx/vx +BqKy7Mse0yWCSRR3vB+O6TB1S5SgEyEgqlYsfGNv1qf/rfRD4KkyCbNU3LhY1Aim +vJP4pDW+KFxTk2Ks8vrx8gOSd2aFqPeO/pFDrpsF7PD62XwsfoXu4xc5V0Giw7r1 +Nai0nax7kOrldNF8TbbtRjW0jmoC7wLIDujAkwDIOroZ0CXA3N4HVHdSbrHm/urX +nyxJXupXAQNwGx64JCBcbF2fp3Kvu1VAXBEFnd01KaopthHcbG5pA50Kl2Vhe+98 +OdezUX42fHkQpQkB7HgtXfm6W1bw6YRBamrNvs1OoHBYmUjlECpe566IIu25Hc8s +x3qA+6eca7iqizyLG+WyMT8ZIYTWGAS59jxwR4esqGczbbZPSAPHFwLbGv7Wr0Rd +TPu5B0FcKpDkTd4IxQW5Ag0EWr5O2gEQAMjLe4CtbSfofmJrz5wfNkMVsZ81Gbqe +MoYd3dtkJnQYERUj8flzBj3ucaxGJ+Cuf7ybh3naPopKvEI1q0vkcgCDqrEgXK// +jKJbP28uPSMGhOG28q4PbamG55gy5FtM3ezzAxPWWKe9qBpV65GMmFy7eBQx2iJs +yiDIOOQQ4kraS+cTqNFimEXAGLCOQRNLcwIZzwAAHoW7HEpNUfVwaBD9kMlbo1ND +I60IKcNrNcmcmRxhJqfxjj8YBMwcKHO6GBE3AVpaE/+UO9zyr4TH+0YuQUgxKlPW +Dkg5XlkDo0S1GyLY5e9ckIDIlkTdDa2pOkoE2yB5MQCEga3YiHrKUVTTWaxn9XVJ +6x5ZjUF6bgSWGkrG5dUqSYoO1iDMuNVjtiujNyf/rvfj5cNxS7/lgxchhQKZHZXL +WVqxlneeVJ6s0P4+ROVG9ga2Sve7aUJ6wXIewZwulBcV2sE/W/DgxHgLBi53CUQt +vEzFzKvo48GnDqL5VYjA7l0HMYHd4GksCLi8E8U6Cgj+imXiM8voL7pHRZfs8mY8 +udR+UT4e1Scl2MYP2qBJ9/17B/X52B3s1EZdqI/r+hfOyqrhPs+dbAN0mtMPn68+ +nrvY1+nscvrSYEP6ZBlc9Hp2mgJdb6IcTvINXBEeLRjgc3pjViva443pkiFp9Axm +ecOckMKP3uSlABEBAAGJBGwEGAEKACAWIQSgNcjBkhm6gh7OqGtk5ij41oRpbQUC +Wr5O2gIbAgJACRBk5ij41oRpbcF0IAQZAQoAHRYhBM/cokWxBDzypfl4Zf/odAQW +i9hHBQJavk7aAAoJEP/odAQWi9hHr7YP/RCLre1CmOoWYpAtoa1yVCeYMDV6eQgL +B488/BEZHQE1zbrYy16XkhORob3JF/kUMjmJW7XaFF8FrWvRcdj/xaUGbOOEulKg +v+8zWfswYQRiZ4/JlwER4vRLi6fTE89MVER6Fkj2ASD4D2cifY+EztD4flV3sq3s +vIogGFaN9IvdrdeptOVGXs1RmAyoTsiS2mKQ6xsGh8B9ZAm55W8fBOGiSzLX21Xk +Ofdw53BrFQxn3cu/JgIKpdeZxgukcvEAI62B6X+YL6Na4j0eqEGLzsNtU1+xeJlo +WtVvmRwnRHGSxF6fzIZ3mk/p/aFiXAEq/xITCTY6tDv7x7pFE/RpdlJZyNJ+R5Y4 +SQiuDsylxNCa/4G5EB6q+7iVYtbEQ9MnZg2phowEE42tlj0rz8/rvDK3LH3xibot +KHIodCWKlWByxH99u2PuHUQ0c1oCVBUE1KkruMpvI236DpU/dvdq4JLSg/fWrys/ +VIjqLZgsIE5g/KO9XqngWHkLcBLh4CNAmHJ8Iia+s+/rfgsejQWB5uJb6eYg2JjB +4WP1EI0rULM6fdrCNB+MJ36wE2Lnb4bfT0phOMgjjH5/Ki7ZCbkxkOsBs4SRjiS+ +weCsmpAtMqodWY/Cnw9pWSA/qLSRD5/mKeb9SO6OZ/OPfAatwnGHsvZ2sAueC6rR +04W5BfXZWrnJUXQP/id/EKE1Ksp5fKoxSCbkKTCig+Sf5Afwe36yFN+niZBqzn5b +BgL/HIKaZM97oDHersPPANeEgS+JVlBf95iKIYnQbZP43FLVbvOuaINhBIVtFO54 +2Y7EYwl41kP7ILDElVy36KAmdQyBAfrjnZiRA70xShOxApLug1L0lxhR3YfmLwNi +RJ0V6KnYDKf0pfdhO9VFyFFWUojX1usn2SmSsXNizsNtvRqHXzPnX0rbJzZ9+N4O +9k1nxygYFG/2R/jGonVmTjRzcAHrAkNJETMWXMA7/8wRMDwluz8j+cCldey9x8Vk +JwgLGnZSbQtVpcFAnm5r/36Gt+9wc1VWMyrUrVr6Z679aqAbG7PMaeR5h5ygMj1k +VqRTYAUPSk1f8bZKRssQkQwEbp9dVIjm9SsR8VT7/tB+UuB85dABxgHfv3psJRT+ +tL8g9V7kSZqQfcLNGmvEVvr2Zl9NtxwXtsFM2OBprxCenwb+e9Ppm1LjfJG/NE72 +mAnOERfDaiLt4bqNo36Ei5sGCJ4Fx61phzNBXzkdRNM47i8J5UZRKFkE91c99BVM +HKUaY61NRK24fR0zP98ftDU82YFw0VRFJpTeBrO5ivN1MlQxUPzUWxKxMxO+20wa +UOXroEw11Tb4SRLGOla1pCl6lCUPJRy9IzadPDgTr/OTMkob/snt/XLdnV5/uQIN +BFq+TvoBEAC8Oy1g6pPWBbrCMhIq7VWY2fjylJ1fwg5BPXkOKVK1dsGYO4QD7oW9 +L0aSqcFSNFGF9Cl0Ri4TFXZC3hnG4HeSXUWApuKdBLn21H3jba36Ay1oGcGfdm0v +Zght4c6BlMVBpGCw2wIkJbUNEy6InMM+O8CCbbaH3iJkJ4141P7pODHignx5AmZI +conMui4YOhC+IXQXynVEv1Juk7erB1Nh1RcRvsA4lb44HWx49lIwe85ejOmoZ0O3 +6f9NJRer6bV0+rHWmg4IV5Q9h/Gn4IhEDZxA0DZl1RQI7dMgaMbIFbXGq7Kgzstz +EUnOoy29hXodxVmwIsMrAiQUYtwJ9hW+ESsw47+W2iPHVgviGWl7r/SgcgMYmf6m +5kiTBtwU7BQPS9G3zwwP2Rm3AA/6g39Q+tQKjOwi1I8+GZsY2On44Zly7BreBNg5 +4gJgdAGcMOYU9etr050clH3UpTYcAEtX++ahtOKhJgLIPNcIAQNlnifqvU0VYpgw +R4YpZ7hgg+AVDzC73PIM0lFI0XiDuqChbxE+K1jmLXWe5iJF0dzgVTwP+PmsifNZ +Wg3+YxSsS+hDMPQ2xPiQN49gT4JJDHcDuyhHyCGYgyMiVJCsku9KrkubbfVRivyN +ZF2Zfo3f+nbrRxsftz0yjAq8byCvb0V0XOpt4pJ/ddlug9ytRxALNwARAQABiQI2 +BBgBCgAgFiEEoDXIwZIZuoIezqhrZOYo+NaEaW0FAlq+TvoCGwwACgkQZOYo+NaE +aW3urA//UQ/cKQ7HvWjcLphzQOZc+6m5YL0wxvZkSjemU7mqjZdpacteIvRAoers +EqXHc208liIBtNfRzoreXdcXNzie65xXkrRnWoHVH/fTWy4lOnHr2CMXLeHjUgg/ +M6PYi8+sARm05YFB8nsYhlhx3IdLhcfeVVbJedQKO0yL3CK1okT30DUVq5Lq6X/K +DC6AxuJR3D6UMSoT0WLaoX8qbhAp88qLynInfBVL18d97h916WPLTPeP0eHwhwND +bYtKDCMDuKQ9XX5+QsNH0RmbxlX274LHrUMMvkLKxcfCBvP+iuqrBeIuoeVzXYJZ +j7ZJtEH79bW44eecl/CY/STFYgSQ2XGTp2BI2q60wAmtKlNhwxY5ena0FgyFl6Tm +5OBHW/Pwo+ndQJGfbrCyWkTgRay9c8er3gl3GQYIBH6X0kCiG7h/Epj0b5CHOPU5 +hCw0kEB8MB4poTIjeiY+Q01472/lQ68CL3DX158hR5d3XaPSIxAN+qFsfB1o316p +yjxhfK1MD/IfrOgjlggPPnc/KmLkCzpgdwKcZwLCdZq9hYBvF1Zs34HbaVMYbWTK +uxLowtXGU43vatCXXqmPOvl4/g4tZD6rysJDgOrHQnEHzT+Napn07s0BRC0IbbNn +FynUrkr5KMSuRz7Hg7xMApENOrb0nqdHSUJ914ZpuMIS6RhJgGu5Ag0EWr5PIAEQ +ALfh9vPD2B+miHDTMADI8aRZ7g9tnzynZYkk3+2sCiiusetsQQ+HIPJ/ASEJB7On +ane9dyT/LTRhrK9qaxgVMimk2COXB/xyh7Mnw7nJgFU0aRSbtX0vbvQz2suSzrQ6 +9mPKzan28JGoClqB0bw1vwf3VjjxHV2dgD57CmqFPv7kAC/2a56dE+etzXattZAL ++2JWTpmfQ0ePRRadtBm0VahQhnU8x0+jvAVrEawqpVW83ozYFyW/0WInM2J7jHgQ +16OosY4lj5L/DxpVxaArhRFoRfWPXfC37iE8Mou/I95isvPQIhp1wTo4jG0KM02B +oIVbp/QRNBQ6WtpOzvJs1gqQiJJTfqbKJXQ3NDEY9crpVS83HJ+Zv99PNsyNkFjG +QpU84U3ZhsI4ygjdY45mpZueqI1RVcRQdu8Hgvoo/78Q/Sir6gMGop3mVdVo2guI +kFcJrXh0Xk3ech4aVqrmKx/mPXGwOAQU0DAul4RW3fKg1QxQE7Tlw3+95Ee/+q5j +HARL0uDbCJpRO8Sl8NDEuL32n/2Ot6kQeCSHrU7KJRYAkTxkKvr8zNow7hFhHFPE +SnHvTnskI6noh0VY6NwMhmLvhm0wKkRxZPzUNc3sgLvbK1NymIZ9aKCZamzhZrmG +vnblEz/OSLwGUua465H3hM1vvBQiartj7+6ZqWIkSmBPABEBAAGJAjYEGAEKACAW +IQSgNcjBkhm6gh7OqGtk5ij41oRpbQUCWr5PIAIbIAAKCRBk5ij41oRpbWmeEACG ++axtDC8UoNp9ORiYwEWLzZWDuugE+ah7DYYGD4Vs633FXVZW3SgM/bFtJ/0Lg8CF +74jI4LMHyIjDzEjcoItwnhBLix+kUoJTvrY58GPydwekLuw1p4KXLqtRs4fsZbNQ +YTknl4jYtRWoxO98x7tun7Gq2gqmJkIB2uj630fKz5cBk6p6oDFKjzyrHe+V7BiK +3okQPaD4x7hq8OnTy7lOy92ZZAqztS4tNEb4DkYW1MpuwsJ7hbBZitc1siI+FVVb +GjVVGZz6ssXoW67Tz8+VxdWJxNLXlv27eMcj4sme5S0th/YYNA5fRRv6zuzqZAru +YNGLpYYU7JLvZJ+3lCwa5j5ycOGBF0GvsGs6gj6h+CHkjR/BgzAgWC+GgUgslt6q +aH04rWtV6rVz+Y91LcrX5P6OM4anmXD3Gp3kl35AypXb4KyASF19+11RUziD4Z7q +wQEWfbwOltNyZv2lD8s2jPr7P02axWRQUbZAEhxRmvOQev/FZPyCF6gqUo/HxRbQ +y3bzmnipyHSv1DlXNfCFCHvN8kGyZnRWARqIKRg+j9ediJgOUqlLhg6KmrTVxd5v +3Dfv52PW2UODDTM20s3cQGuX/UswzMRwPI/+P44iCMwEKdm7duM/5oisZT9Vhy7g +P15MreFZLcZvUVgjqgy0u57cstyGK1Bo9e2sFcK2fA== +=6Zb4 +-----END PGP PUBLIC KEY BLOCK----- diff --git a/python311-rpmlintrc b/python311-rpmlintrc new file mode 100644 index 0000000..6c3d3b0 --- /dev/null +++ b/python311-rpmlintrc @@ -0,0 +1,4 @@ +addFilter("pem-certificate.*/usr/lib.*/python.*/test/*.pem") +addFilter("devel-file-in-non-devel-package.*/usr/lib.*/python.*/tests/*.c") +addFilter("devel-file-in-non-devel-package.*/usr/lib.*/python.*/test/*.cpp") +addFilter("python-bytecode-inconsistent-mtime.*\.pyc") diff --git a/python311.changes b/python311.changes new file mode 100644 index 0000000..1f16727 --- /dev/null +++ b/python311.changes @@ -0,0 +1,5631 @@ +------------------------------------------------------------------- +Tue Jul 1 08:19:52 UTC 2025 - Daniel Garcia + +- Use one core to build doc. This will make sphinx doc build + reproducible. + bsc#1243155 + +------------------------------------------------------------------- +Mon Jun 9 17:19:32 UTC 2025 - Matej Cepl + +- Update to 3.11.13: + - Security + - gh-135034: Fixes multiple issues that allowed tarfile + extraction filters (filter="data" and filter="tar") + to be bypassed using crafted symlinks and hard links. + Addresses CVE-2024-12718 (bsc#1244056), CVE-2025-4138 + (bsc#1244059), CVE-2025-4330 (bsc#1244060), and + CVE-2025-4517 (bsc#1244032). Also addresses CVE-2025-4435 + (gh#135034, bsc#1244061). + - gh-133767: Fix use-after-free in the “unicode-escape” + decoder with a non-“strict” error handler (CVE-2025-4516, + bsc#1243273). + - gh-128840: Short-circuit the processing of long IPv6 + addresses early in ipaddress to prevent excessive memory + consumption and a minor denial-of-service. + - Library + - gh-128840: Fix parsing long IPv6 addresses with embedded + IPv4 address. + - gh-134062: ipaddress: fix collisions in __hash__() for + IPv4Network and IPv6Network objects. + - gh-123409: Fix ipaddress.IPv6Address.reverse_pointer output + according to RFC 3596, §2.5. Patch by Bénédikt Tran. + - bpo-43633: Improve the textual representation of + IPv4-mapped IPv6 addresses (RFC 4291 Sections 2.2, 2.5.5.2) + in ipaddress. Patch by Oleksandr Pavliuk. +- Remove upstreamed patches: + - gh-126572-test_ssl-no-stop-ThreadedEchoServer-OSError.patch + - CVE-2025-4516-DecodeError-handler.patch + +------------------------------------------------------------------- +Thu May 22 13:01:17 UTC 2025 - Matej Cepl + +- Add CVE-2025-4516-DecodeError-handler.patch fixing + CVE-2025-4516 (bsc#1243273) blocking DecodeError handling + vulnerability, which could lead to DoS. + +------------------------------------------------------------------- +Sat May 17 10:02:27 UTC 2025 - Matej Cepl + +- Use extended %autopatch. + +------------------------------------------------------------------- +Sat May 10 11:38:24 UTC 2025 - Matej Cepl + +- Remove python-3.3.0b1-test-posix_fadvise.patch (not needed + since kernel 3.6-rc1) + +------------------------------------------------------------------- +Fri Apr 18 14:05:38 UTC 2025 - Matej Cepl + +- Update to 3.11.12: + - gh-131809: Update bundled libexpat to 2.7.1 + - gh-131261: Upgrade to libexpat 2.7.0 + - gh-105704: When using urllib.parse.urlsplit() and + urllib.parse.urlparse() host parsing would not reject domain + names containing square brackets ([ and ]). Square brackets + are only valid for IPv6 and IPvFuture hosts according to RFC + 3986 Section 3.2.2 (bsc#1236705, CVE-2025-0938, + gh#python/cpython#105704). + - gh-121284: Fix bug in the folding of rfc2047 encoded-words + when flattening an email message using a modern email + policy. Previously when an encoded-word was too long for + a line, it would be decoded, split across lines, and + re-encoded. But commas and other special characters in the + original text could be left unencoded and unquoted. This + could theoretically be used to spoof header lines using a + carefully constructed encoded-word if the resulting rendered + email was transmitted or re-parsed. + - gh-80222: Fix bug in the folding of quoted strings + when flattening an email message using a modern email + policy. Previously when a quoted string was folded so that + it spanned more than one line, the surrounding quotes and + internal escapes would be omitted. This could theoretically + be used to spoof header lines using a carefully constructed + quoted string if the resulting rendered email was transmitted + or re-parsed. + - gh-119511: Fix a potential denial of service in the imaplib + module. When connecting to a malicious server, it could + cause an arbitrary amount of memory to be allocated. On many + systems this is harmless as unused virtual memory is only + a mapping, but if this hit a virtual address size limit + it could lead to a MemoryError or other process crash. On + unusual systems or builds where all allocated memory is + touched and backed by actual ram or storage it could’ve + consumed resources doing so until similarly crashing. + - gh-127257: In ssl, system call failures that OpenSSL reports + using ERR_LIB_SYS are now raised as OSError. + - gh-121277: Writers of CPython’s documentation can now use + next as the version for the versionchanged, versionadded, + deprecated directives. + - gh-106883: Disable GC during the _PyThread_CurrentFrames() + and _PyThread_CurrentExceptions() calls to avoid the + interpreter to deadlock. +- Remove upstreamed patch: + - CVE-2025-0938-sq-brackets-domain-names.patch +- Add gh-126572-test_ssl-no-stop-ThreadedEchoServer-OSError.patch + which makes test_ssl not to stop ThreadedEchoServer on OSError, + which makes test_ssl pass with OpenSSL 3.5 (bsc#1241067, + gh#python/cpython!126572) + +------------------------------------------------------------------- +Wed Mar 12 15:05:46 UTC 2025 - Bernhard Wiedemann + +- Allow to disable PGO + +------------------------------------------------------------------- +Mon Mar 10 15:44:31 UTC 2025 - Bernhard Wiedemann + +- Skip PGO with %want_reproducible_builds (bsc#1239210) + +------------------------------------------------------------------- +Tue Feb 4 14:43:13 UTC 2025 - Matej Cepl + +- Add CVE-2025-0938-sq-brackets-domain-names.patch which + disallows square brackets ([ and ]) in domain names for parsed + URLs (bsc#1236705, CVE-2025-0938, gh#python/cpython#105704) + +------------------------------------------------------------------- +Mon Jan 27 09:00:48 UTC 2025 - Daniel Garcia + +- Configure externally_managed with a bcond + https://en.opensuse.org/openSUSE:Python:Externally_managed + bsc#1228165 + +------------------------------------------------------------------- +Wed Dec 4 21:40:41 UTC 2024 - Matej Cepl + +- Update to 3.11.11: + - Tools/Demos + - gh-123418: Update GitHub CI workflows to use OpenSSL 3.0.15 + and multissltests to use 3.0.15, 3.1.7, and 3.2.3. + - Tests + - gh-125041: Re-enable skipped tests for zlib on the + s390x architecture: only skip checks of the compressed + bytes, which can be different between zlib’s software + implementation and the hardware-accelerated implementation. + - Security + - gh-126623: Upgrade libexpat to 2.6.4 + - gh-122792: Changed IPv4-mapped ipaddress.IPv6Address to + consistently use the mapped IPv4 address value for deciding + properties. Properties which have their behavior fixed are + is_multicast, is_reserved, is_link_local, is_global, and + is_unspecified. + - Library + - gh-124651: Properly quote template strings in venv + activation scripts (bsc#1232241, CVE-2024-9287). +- Removed upstreamed patches: + - CVE-2024-9287-venv_path_unquoted.patch + +------------------------------------------------------------------- +Tue Dec 3 08:21:35 UTC 2024 - John Paul Adrian Glaubitz + +- Add add-loongarch64-support.patch to support loongarch64 + +------------------------------------------------------------------- +Mon Dec 2 22:50:07 UTC 2024 - Matej Cepl + +- Fix changelog + +------------------------------------------------------------------- +Mon Nov 11 12:43:40 UTC 2024 - Daniel Garcia + +- Remove -IVendor/ from python-config boo#1231795 + +------------------------------------------------------------------- +Fri Nov 1 16:32:10 UTC 2024 - Matej Cepl + +- Add CVE-2024-9287-venv_path_unquoted.patch to properly quote + path names provided when creating a virtual environment + (bsc#1232241, CVE-2024-9287) + +------------------------------------------------------------------- +Wed Oct 2 16:18:29 UTC 2024 - Matej Cepl + +- Drop .pyc files from docdir for reproducible builds + (bsc#1230906). + +------------------------------------------------------------------- +Mon Sep 9 16:53:07 UTC 2024 - Matej Cepl + +- Update to 3.11.10: + - Security + - gh-123678: Upgrade libexpat to 2.6.3 + - gh-121957: Fixed missing audit events around interactive + use of Python, now also properly firing for ``python -i``, + as well as for ``python -m asyncio``. The event in question + is ``cpython.run_stdin``. + - gh-122133: Authenticate the socket connection for the + ``socket.socketpair()`` fallback on platforms where + ``AF_UNIX`` is not available like Windows. Patch by + Gregory P. Smith and Seth Larson + . Reported by Ellie + - gh-121285: Remove backtracking from tarfile header parsing + for ``hdrcharset``, PAX, and GNU sparse headers + (bsc#1230227, CVE-2024-6232). + - gh-118486: :func:`os.mkdir` on Windows now accepts + *mode* of ``0o700`` to restrict the new directory to + the current user. This fixes CVE-2024-4030 affecting + :func:`tempfile.mkdtemp` in scenarios where the base + temporary directory is more permissive than the default. + - gh-116741: Update bundled libexpat to 2.6.2 + - Library + - gh-123270: Applied a more surgical fix for malformed + payloads in :class:`zipfile.Path` causing infinite loops + (gh-122905) without breaking contents using legitimate + characters (bsc#1229704, CVE-2024-8088). + - gh-123067: Fix quadratic complexity in parsing ``"``-quoted + cookie values with backslashes by :mod:`http.cookies` + (bsc#1229596, CVE-2024-7592). + - gh-122905: :class:`zipfile.Path` objects now sanitize names + from the zipfile. + - gh-121650: :mod:`email` headers with embedded newlines are + now quoted on output. The :mod:`~email.generator` will now + refuse to serialize (write) headers that are unsafely folded + or delimited; see :attr:`~email.policy.Policy.verify_generated_headers`. + (Contributed by Bas Bloemsaat and Petr Viktorin in + :gh:`121650`; CVE-2024-6923, bsc#1228780). + - gh-119506: Fix :meth:`!io.TextIOWrapper.write` method + breaks internal buffer when the method is called again + during flushing internal buffer. + - gh-118643: Fix an AttributeError in the :mod:`email` module + when re-fold a long address list. Also fix more cases of + incorrect encoding of the address separator in the address + list. + - gh-113171: Fixed various false positives and false + negatives in * :attr:`ipaddress.IPv4Address.is_private` + (see these docs for details) * + :attr:`ipaddress.IPv4Address.is_global` * + :attr:`ipaddress.IPv6Address.is_private` * + :attr:`ipaddress.IPv6Address.is_global` Also in the + corresponding :class:`ipaddress.IPv4Network` and + :class:`ipaddress.IPv6Network` attributes. + Fixes bsc#1226448 (CVE-2024-4032). + - gh-102988: :func:`email.utils.getaddresses` and + :func:`email.utils.parseaddr` now return ``('', '')`` + 2-tuples in more situations where invalid email addresses + are encountered instead of potentially inaccurate + values. Add optional *strict* parameter to these two + functions: use ``strict=False`` to get the old behavior, + accept malformed inputs. ``getattr(email.utils, + 'supports_strict_parsing', False)`` can be use to check if + the *strict* paramater is available. Patch by Thomas Dwyer + and Victor Stinner to improve the CVE-2023-27043 fix + (bsc#1210638). + - gh-67693: Fix :func:`urllib.parse.urlunparse` and + :func:`urllib.parse.urlunsplit` for URIs with path starting + with multiple slashes and no authority. Based on patch by + Ashwin Ramaswami. + - Core and Builtins + - gh-112275: A deadlock involving ``pystate.c``'s + ``HEAD_LOCK`` in ``posixmodule.c`` at fork is now + fixed. Patch by ChuBoning based on previous Python 3.12 fix + by Victor Stinner. + - gh-109120: Added handle of incorrect star expressions, e.g + ``f(3, *)``. Patch by Grigoryev Semyon +- Removed upstreamed patches: + - CVE-2023-27043-email-parsing-errors.patch + - CVE-2024-4032-private-IP-addrs.patch + - CVE-2024-6923-email-hdr-inject.patch + - CVE-2024-8088-inf-loop-zipfile_Path.patch + (renamed from CVE-2024-8088-zipfile-Path-sanitization.patch) + - CVE-2024-6232-ReDOS-backtrack-tarfile.patch + - CVE-2024-7592-quad-complex-cookies.patch + +------------------------------------------------------------------- +Mon Sep 2 09:44:26 UTC 2024 - Matej Cepl + +- Add gh120226-fix-sendfile-test-kernel-610.patch to avoid + failing test_sendfile_close_peer_in_the_middle_of_receiving + tests on Linux >= 6.10 (GH-120227). + +------------------------------------------------------------------- +Wed Aug 28 16:54:34 UTC 2024 - Matej Cepl + +- Add CVE-2024-8088-inf-loop-zipfile_Path.patch to prevent + malformed payload to cause infinite loops in zipfile.Path + (bsc#1229704, CVE-2024-8088). + +------------------------------------------------------------------- +Wed Aug 7 12:12:42 UTC 2024 - Matej Cepl + +- Add CVE-2024-6923-email-hdr-inject.patch to prevent email + header injection due to unquoted newlines (bsc#1228780, + CVE-2024-6923). +- %{profileopt} variable is set according to the variable + %{do_profiling} (bsc#1227999) + +------------------------------------------------------------------- +Mon Jul 22 21:20:55 UTC 2024 - Matej Cepl + +- Remove %suse_update_desktop_file macro as it is not useful any + more. + +------------------------------------------------------------------- +Thu Jul 18 22:37:07 UTC 2024 - Matej Cepl + +- Adding bso1227999-reproducible-builds.patch fixing bsc#1227999 + adding reproducibility patches from gh#python/cpython!121872 + and gh#python/cpython!121883. + +------------------------------------------------------------------- +Mon Jul 15 12:14:05 UTC 2024 - Matej Cepl + +- Stop using %%defattr, it seems to be breaking proper executable + attributes on /usr/bin/ scripts (bsc#1227378). + +------------------------------------------------------------------- +Tue Jul 2 10:32:58 UTC 2024 - Daniel Garcia + +- Update F00251-change-user-install-location.patch to make pip and + modern tools install directly in /usr/local when used by the user. + bsc#1225660 + +------------------------------------------------------------------- +Tue Jun 25 21:57:40 UTC 2024 - Matej Cepl + +- Add CVE-2024-4032-private-IP-addrs.patch to fix bsc#1226448 + (CVE-2024-4032) rearranging definition of private v global IP + addresses. + +------------------------------------------------------------------- +Wed May 1 08:39:08 UTC 2024 - Matej Cepl + +- Update CVE-2023-52425-libexpat-2.6.0-backport.patch + so that it uses features sniffing, not just + comparing version number. Include also + support-expat-CVE-2022-25236-patched.patch. +- Add CVE-2023-52425-remove-reparse_deferral-tests.patch skipping + failing tests. +- Refresh patches: + - CVE-2023-27043-email-parsing-errors.patch + - fix_configure_rst.patch + - skip_if_buildbot-extend.patch +- Remove included patch: + - support-expat-CVE-2022-25236-patched.patch + +------------------------------------------------------------------- +Mon Apr 15 10:31:32 UTC 2024 - Daniel Garcia + +- Add CVE-2023-52425-libexpat-2.6.0-backport.patch to fix tests with + patched libexpat below 2.6.0 that doesn't update the version number, + just in SLE. + +------------------------------------------------------------------- +Mon Apr 8 05:44:04 UTC 2024 - Daniel Garcia + +- Remove not needed upstream patches: + * libexpat260.patch + * CVE-2023-6597-TempDir-cleaning-symlink.patch, bsc#1219666 + * CVE-2024-0397-memrace_ssl.SSLContext_cert_store.patch + +- Update to 3.11.9: + * Security + - gh-115398: Allow controlling Expat >=2.6.0 reparse deferral + (CVE-2023-52425, bsc#1219559) by adding five new methods: + xml.etree.ElementTree.XMLParser.flush() + xml.etree.ElementTree.XMLPullParser.flush() + xml.parsers.expat.xmlparser.GetReparseDeferralEnabled() + xml.parsers.expat.xmlparser.SetReparseDeferralEnabled() + xml.sax.expatreader.ExpatParser.flush() + - gh-115399: Update bundled libexpat to 2.6.0 + - gh-115243: Fix possible crashes in collections.deque.index() + when the deque is concurrently modified. + - gh-114572: ssl.SSLContext.cert_store_stats() and + ssl.SSLContext.get_ca_certs() now correctly lock access to the + certificate store, when the ssl.SSLContext is shared across + multiple threads (bsc#1226447, CVE-2024-0397). + * Core and Builtins + - gh-116296: Fix possible refleak in object.__reduce__() internal + error handling. + - gh-116034: Fix location of the error on a failed assertion. + - gh-115823: Properly calculate error ranges in the parser when + raising SyntaxError exceptions caused by invalid byte sequences. + Patch by Pablo Galindo + - gh-112087: For an empty reverse iterator for list will be + reduced to reversed(). Patch by Donghee Na. + - gh-115011: Setters for members with an unsigned integer type now + support the same range of valid values for objects that has a + __index__() method as for int. + - gh-96497: Fix incorrect resolution of mangled class variables + used in assignment expressions in comprehensions. + * Library + - gh-117310: Fixed an unlikely early & extra Py_DECREF triggered + crash in ssl when creating a new _ssl._SSLContext if CPython was + built implausibly such that the default cipher list is empty or + the SSL library it was linked against reports a failure from its + C SSL_CTX_set_cipher_list() API. + - gh-117178: Fix regression in lazy loading of self-referential + modules, introduced in gh-114781. + - gh-117084: Fix zipfile extraction for directory entries with the + name containing backslashes on Windows. + - gh-117110: Fix a bug that prevents subclasses of typing.Any to + be instantiated with arguments. Patch by Chris Fu. + - gh-90872: On Windows, subprocess.Popen.wait() no longer calls + WaitForSingleObject() with a negative timeout: pass 0 ms if the + timeout is negative. Patch by Victor Stinner. + - gh-116957: configparser: Don’t leave ConfigParser values in an + invalid state (stored as a list instead of a str) after an + earlier read raised DuplicateSectionError or + DuplicateOptionError. + - gh-90095: Ignore empty lines and comments in .pdbrc + - gh-116764: Restore support of None and other false values in + urllib.parse functions parse_qs() and parse_qsl(). Also, they + now raise a TypeError for non-zero integers and non-empty + sequences. + - gh-116811: In PathFinder.invalidate_caches, delegate to + MetadataPathFinder.invalidate_caches. + - gh-116600: Fix repr() for global Flag members. + - gh-116484: Change automatically generated tkinter.Checkbutton + widget names to avoid collisions with automatically generated + tkinter.ttk.Checkbutton widget names within the same parent + widget. + - gh-116401: Fix blocking os.fwalk() and shutil.rmtree() on + opening named pipe. + - gh-116143: Fix a race in pydoc _start_server, eliminating a + window in which _start_server can return a thread that is + “serving” but without a docserver set. + - gh-116325: typing: raise SyntaxError instead of AttributeError + on forward references as empty strings. + - gh-90535: Fix support of interval values > 1 in + logging.TimedRotatingFileHandler for when='MIDNIGHT' and + when='Wx'. + - gh-115978: Disable preadv(), readv(), pwritev(), and writev() on + WASI. + - Under wasmtime for WASI 0.2, these functions don’t pass + test_posix + (https://github.com/bytecodealliance/wasmtime/issues/7830). + - gh-88352: Fix the computation of the next rollover time in the + logging.TimedRotatingFileHandler handler. computeRollover() now + always returns a timestamp larger than the specified time and + works correctly during the DST change. doRollover() no longer + overwrite the already rolled over file, saving from data loss + when run at midnight or during repeated time at the DST change. + - gh-87115: Set __main__.__spec__ to None when running a script + with pdb + - gh-76511: Fix UnicodeEncodeError in email.Message.as_string() + that results when a message that claims to be in the ascii + character set actually has non-ascii characters. Non-ascii + characters are now replaced with the U+FFFD replacement + character, like in the replace error handler. + - gh-75988: Fixed unittest.mock.create_autospec() to pass the call + through to the wrapped object to return the real result. + - gh-115881: Fix issue where ast.parse() would incorrectly flag + conditional context managers (such as with (x() if y else z()): + ...) as invalid syntax if feature_version=(3, 8) was passed. + This reverts changes to the grammar made as part of gh-94949. + - gh-115886: Fix silent truncation of the name with an embedded + null character in multiprocessing.shared_memory.SharedMemory. + - gh-115809: Improve algorithm for computing which rolled-over log + files to delete in logging.TimedRotatingFileHandler. It is now + reliable for handlers without namer and with arbitrary + deterministic namer that leaves the datetime part in the file + name unmodified. + - gh-74668: urllib.parse functions parse_qs() and parse_qsl() now + support bytes arguments containing raw and percent-encoded + non-ASCII data. + - gh-67044: csv.writer() now always quotes or escapes '\r' and + '\n', regardless of lineterminator value. + - gh-115712: csv.writer() now quotes empty fields if delimiter is + a space and skipinitialspace is true and raises exception if + quoting is not possible. + - gh-115618: Fix improper decreasing the reference count for None + argument in property methods getter(), setter() and deleter(). + - gh-115570: A DeprecationWarning is no longer omitted on access + to the __doc__ attributes of the deprecated typing.io and + typing.re pseudo-modules. + - gh-112006: Fix inspect.unwrap() for types with the __wrapper__ + data descriptor. + - gh-101293: Support callables with the __call__() method and + types with __new__() and __init__() methods set to class + methods, static methods, bound methods, partial functions, and + other types of methods and descriptors in + inspect.Signature.from_callable(). + - gh-115392: Fix a bug in doctest where incorrect line numbers + would be reported for decorated functions. + - gh-114563: Fix several format() bugs when using the C + implementation of Decimal: * memory leak in some rare cases when + using the z format option (coerce negative 0) * incorrect output + when applying the z format option to type F (fixed-point with + capital NAN / INF) * incorrect output when applying the # format + option (alternate form) + - gh-115197: urllib.request no longer resolves the hostname before + checking it against the system’s proxy bypass list on macOS and + Windows. + - gh-115198: Fix support of Docutils >= 0.19 in distutils. + - gh-115165: Most exceptions are now ignored when attempting to + set the __orig_class__ attribute on objects returned when + calling typing generic aliases (including generic aliases + created using typing.Annotated). Previously only AttributeError + was ignored. Patch by Dave Shawley. + - gh-115133: Fix tests for XMLPullParser with Expat 2.6.0. + - gh-115059: io.BufferedRandom.read1() now flushes the underlying + write buffer. + - gh-79382: Trailing ** no longer allows to match files and + non-existing paths in recursive glob(). + - gh-114763: Protect modules loaded with importlib.util.LazyLoader + from race conditions when multiple threads try to access + attributes before the loading is complete. + - gh-97959: Fix rendering class methods, bound methods, method and + function aliases in pydoc. Class methods no longer have “method + of builtins.type instance” note. Corresponding notes are now + added for class and unbound methods. Method and function aliases + now have references to the module or the class where the origin + was defined if it differs from the current. Bound methods are + now listed in the static methods section. Methods of builtin + classes are now supported as well as methods of Python classes. + - gh-112281: Allow creating union of types for typing.Annotated + with unhashable metadata. + - gh-111775: Fix importlib.resources.simple.ResourceHandle.open() + for text mode, added missed stream argument. + - gh-90095: Make .pdbrc and -c work with any valid pdb commands. + - gh-107155: Fix incorrect output of help(x) where x is a lambda + function, which has an __annotations__ dictionary attribute with + a "return" key. + - gh-105866: Fixed _get_slots bug which caused error when defining + dataclasses with slots and a weakref_slot. + - gh-60346: Fix ArgumentParser inconsistent with parse_known_args. + - gh-100985: Update HTTPSConnection to consistently wrap IPv6 + Addresses when using a proxy. + - gh-100884: email: fix misfolding of comma in address-lists + over multiple lines in combination with unicode encoding + (bsc#1238450 CVE-2025-1795) + - gh-95782: Fix io.BufferedReader.tell(), + io.BufferedReader.seek(), _pyio.BufferedReader.tell(), + io.BufferedRandom.tell(), io.BufferedRandom.seek() and + _pyio.BufferedRandom.tell() being able to return negative + offsets. + - gh-96310: Fix a traceback in argparse when all options in a + mutually exclusive group are suppressed. + - gh-93205: Fixed a bug in + logging.handlers.TimedRotatingFileHandler where multiple + rotating handler instances pointing to files with the same name + but different extensions would conflict and not delete the + correct files. + - bpo-44865: Add missing call to localization function in + argparse. + - bpo-43952: Fix multiprocessing.connection.Listener.accept() to + accept empty bytes as authkey. Not accepting empty bytes as key + causes it to hang indefinitely. + - bpo-42125: linecache: get module name from __spec__ if + available. This allows getting source code for the __main__ + module when a custom loader is used. + - gh-66543: Make mimetypes.guess_type() properly parsing of URLs + with only a host name, URLs containing fragment or query, and + filenames with only a UNC sharepoint on Windows. Based on patch + by Dong-hee Na. + - bpo-33775: Add ‘default’ and ‘version’ help text for + localization in argparse. + * Documentation + - gh-115399: Document CVE-2023-52425 of Expat <2.6.0 under “XML + vulnerabilities”. + - gh-115233: Fix an example for LoggerAdapter in the Logging + Cookbook. + * Tests + - gh-83434: Disable JUnit XML output (--junit-xml=FILE command + line option) in regrtest when hunting for reference leaks (-R + option). Patch by Victor Stinner. + - gh-117187: Fix XML tests for vanilla Expat <2.6.0. + - gh-115979: Update test_importlib so that it passes under WASI + SDK 21. + - gh-116307: Added import helper isolated_modules as CleanImport + does not remove modules imported during the context. + - gh-115720: Leak tests (-R, --huntrleaks) now show a summary of + the number of leaks found in each iteration. + - gh-115122: Add --bisect option to regrtest test runner: run + failed tests with test.bisect_cmd to identify failing tests. + Patch by Victor Stinner. + - gh-115596: Fix ProgramPriorityTests in test_os permanently + changing the process priority. + - gh-115198: Fix test_check_metadata_deprecate in distutils tests + with a newer Docutils. + * Build + - gh-116313: Get WASI builds to work under wasmtime 18 w/ WASI + 0.2/preview2 primitives. + - gh-115167: Avoid vendoring vcruntime140_threads.dll when + building with Visual Studio 2022 version 17.8. + * Windows + - gh-116773: Fix instances of <_overlapped.Overlapped object at + 0xXXX> still has pending operation at deallocation, the process + may crash. + - gh-91227: Fix the asyncio ProactorEventLoop implementation so + that sending a datagram to an address that is not listening does + not prevent receiving any more datagrams. + - gh-115554: The installer now has more strict rules about + updating the Python Launcher for Windows. In general, most users + only have a single launcher installed and will see no + difference. When multiple launchers have been installed, the + option to install the launcher is disabled until all but one + have been removed. Downgrading the launcher (which was never + allowed) is now more obviously blocked. + - gh-115543: Python Launcher for Windows can now detect Python + 3.13 when installed from the Microsoft Store, and will install + Python 3.12 by default when PYLAUNCHER_ALLOW_INSTALL is set. + - gh-115009: Update Windows installer to use SQLite 3.45.1. + * IDLE + - gh-88516: On macOS show a proxy icon in the title bar of editor + windows to match platform behaviour. + * Tools/Demos + - gh-113516: Don’t set LDSHARED when building for WASI. + * C API + - gh-117021: Fix integer overflow in PyLong_AsPid() on non-Windows + 64-bit platforms. + +------------------------------------------------------------------- +Sun Mar 24 07:51:45 UTC 2024 - Matej Cepl + +- Add reference to CVE-2024-0450 (bsc#1221854) to changelog. + +------------------------------------------------------------------- +Fri Mar 22 21:22:27 UTC 2024 - Matej Cepl + +- Because of bsc#1189495 we have to revert use of %autopatch. + +------------------------------------------------------------------- +Tue Mar 12 08:44:47 UTC 2024 - Matej Cepl + +- Rewrite %prep to use %autosetup et al. for compatibility with + rpm 4.20. + +------------------------------------------------------------------- +Tue Mar 12 08:13:34 UTC 2024 - Matej Cepl + +- bsc#1221260 add bsc1221260-test_asyncio-ResourceWarning.patch + to eliminate ResourceWarning which broke the test suite in + test_asyncio. + +------------------------------------------------------------------- +Wed Mar 6 14:13:58 UTC 2024 - Pedro Monreal + +- Use the system-wide crypto-policies [bsc#1211301] + * Use the system default cipher list instead of hardcoded values + * Add the --with-ssl-default-suites=openssl configure option + +------------------------------------------------------------------- +Fri Feb 23 01:06:42 UTC 2024 - Matej Cepl + +- (bsc#1219666, CVE-2023-6597) Add + CVE-2023-6597-TempDir-cleaning-symlink.patch (patch from + gh#python/cpython!99930) fixing symlink bug in cleanup of + tempfile.TemporaryDirectory. + +------------------------------------------------------------------- +Tue Feb 20 22:14:02 UTC 2024 - Matej Cepl + +- Remove double definition of /usr/bin/idle%%{version} in + %%files. + +------------------------------------------------------------------- +Thu Feb 15 10:29:07 UTC 2024 - Daniel Garcia + +- Add upstream patch libexpat260.patch, Fix tests for XMLPullParser + with Expat 2.6.0, gh#python/cpython#115289 + +------------------------------------------------------------------- +Thu Feb 8 07:27:40 UTC 2024 - Daniel Garcia + +- Update to 3.11.8: + - Security + - gh-113659: Skip .pth files with names starting with a dot or + hidden file attribute. + - Core and Builtins + - gh-114887: Changed socket type validation in + create_datagram_endpoint() to accept all non-stream sockets. + This fixes a regression in compatibility with raw sockets. + - gh-114388: Fix a RuntimeWarning emitted when assign an + integer-like value that is not an instance of int to an + attribute that corresponds to a C struct member of type T_UINT + and T_ULONG. Fix a double RuntimeWarning emitted when assign a + negative integer value to an attribute that corresponds to a C + struct member of type T_UINT. + - gh-89811: Check for a valid tp_version_tag before performing + bytecode specializations that rely on this value being usable. + - gh-113602: Fix an error that was causing the parser to try to + overwrite existing errors and crashing in the process. Patch by + Pablo Galindo + - gh-113566: Fix a 3.11-specific crash when the repr of a Future + is requested after the module has already been + garbage-collected. + - gh-106905: Use per AST-parser state rather than global state to + track recursion depth within the AST parser to prevent potential + race condition due to simultaneous parsing. + - The issue primarily showed up in 3.11 by multithreaded users of + ast.parse(). In 3.12 a change to when garbage collection can be + triggered prevented the race condition from occurring. + - gh-112716: Fix SystemError in the import statement and in + __reduce__() methods of builtin types when __builtins__ is not a + dict. + - gh-105967: Workaround a bug in Apple’s macOS platform zlib + library where zlib.crc32() and binascii.crc32() could produce + incorrect results on multi-gigabyte inputs. Including when using + zipfile on zips containing large data. + - gh-94606: Fix UnicodeEncodeError when + email.message.get_payload() reads a message with a Unicode + surrogate character and the message content is not well-formed + for surrogateescape encoding. Patch by Sidney Markowitz. + - Library + - gh-114965: Update bundled pip to 24.0 + - gh-114959: tarfile no longer ignores errors when trying to + extract a directory on top of a file. + - gh-109475: Fix support of explicit option value “–” in argparse + (e.g. --option=--). + - gh-110190: Fix ctypes structs with array on Windows ARM64 + platform by setting MAX_STRUCT_SIZE to 32 in stgdict. Patch by + Diego Russo + - gh-113280: Fix a leak of open socket in rare cases when error + occurred in ssl.SSLSocket creation. + - gh-77749: email.policy.EmailPolicy.fold() now always encodes + non-ASCII characters in headers if utf8 is false. + - gh-114492: Make the result of termios.tcgetattr() reproducible + on Alpine Linux. Previously it could leave a random garbage in + some fields. + - gh-75128: Ignore an OSError in + asyncio.BaseEventLoop.create_server() when IPv6 is available but + the interface cannot actually support it. + - gh-114257: Dismiss the FileNotFound error in + ctypes.util.find_library() and just return None on Linux. + - gh-101438: Avoid reference cycle in ElementTree.iterparse. The + iterator returned by ElementTree.iterparse may hold on to a file + descriptor. The reference cycle prevented prompt clean-up of the + file descriptor if the returned iterator was not exhausted. + - gh-104522: OSError raised when run a subprocess now only has + filename attribute set to cwd if the error was caused by a + failed attempt to change the current directory. + - gh-109534: Fix a reference leak in + asyncio.selector_events.BaseSelectorEventLoop when SSL + handshakes fail. Patch contributed by Jamie Phan. + - gh-114077: Fix possible OverflowError in + socket.socket.sendfile() when pass count larger than 2 GiB on + 32-bit platform. + - gh-114014: Fixed a bug in fractions.Fraction where an invalid + string using d in the decimals part creates a different error + compared to other invalid letters/characters. Patch by Jeremiah + Gabriel Pascual. + - gh-113951: Fix the behavior of tag_unbind() methods of + tkinter.Text and tkinter.Canvas classes with three arguments. + Previously, widget.tag_unbind(tag, sequence, funcid) destroyed + the current binding for sequence, leaving sequence unbound, and + deleted the funcid command. Now it removes only funcid from the + binding for sequence, keeping other commands, and deletes the + funcid command. It leaves sequence unbound only if funcid was + the last bound command. + - gh-113877: Fix tkinter method winfo_pathname() on 64-bit + Windows. + - gh-113781: Silence unraisable AttributeError when warnings are + emitted during Python finalization. + - gh-113594: Fix UnicodeEncodeError in email when re-fold lines + that contain unknown-8bit encoded part followed by + non-unknown-8bit encoded part. + - gh-113538: In asyncio.StreamReaderProtocol.connection_made(), + there is callback that logs an error if the task wrapping the + “connected callback” fails. This callback would itself fail if + the task was cancelled. Prevent this by checking whether the + task was cancelled first. If so, close the transport but don’t + log an error. + - gh-85567: Fix resource warnings for unclosed files in pickle and + pickletools command line interfaces. + - gh-101225: Increase the backlog for + multiprocessing.connection.Listener objects created by + multiprocessing.manager and multiprocessing.resource_sharer to + significantly reduce the risk of getting a connection refused + error when creating a multiprocessing.connection.Connection to + them. + - gh-113543: Make sure that webbrowser.MacOSXOSAScript sends + webbrowser.open audit event. + - gh-113028: When a second reference to a string appears in the + input to pickle, and the Python implementation is in use, we are + guaranteed that a single copy gets pickled and a single object + is shared when reloaded. Previously, in protocol 0, when a + string contained certain characters (e.g. newline) it resulted + in duplicate objects. + - gh-113421: Fix multiprocessing logger for %(filename)s. + - gh-113358: Fix rendering tracebacks for exceptions with a broken + __getattr__. + - gh-113214: Fix an AttributeError during asyncio SSL protocol + aborts in SSL-over-SSL scenarios. + - gh-113246: Update bundled pip to 23.3.2. + - gh-113199: Make http.client.HTTPResponse.read1 and + http.client.HTTPResponse.readline close IO after reading all + data when content length is known. Patch by Illia Volochii. + - gh-113188: Fix shutil.copymode() and shutil.copystat() on + Windows. Previously they worked differenly if dst is a symbolic + link: they modified the permission bits of dst itself rather + than the file it points to if follow_symlinks is true or src is + not a symbolic link, and did not modify the permission bits if + follow_symlinks is false and src is a symbolic link. + - gh-61648: Detect line numbers of properties in doctests. + - gh-112559: signal.signal() and signal.getsignal() no longer call + repr on callable handlers. asyncio.run() and + asyncio.Runner.run() no longer call repr on the task results. + Patch by Yilei Yang. + - gh-110190: Fix ctypes structs with array on PPC64LE platform by + setting MAX_STRUCT_SIZE to 64 in stgdict. Patch by Diego Russo. + - gh-79429: Ignore FileNotFoundError when remove a temporary + directory in the multiprocessing finalizer. + - gh-79325: Fix an infinite recursion error in + tempfile.TemporaryDirectory() cleanup on Windows. + - gh-110190: Fix ctypes structs with array on Arm platform by + setting MAX_STRUCT_SIZE to 32 in stgdict. Patch by Diego Russo. + - gh-81194: Fix a crash in socket.if_indextoname() with specific + value (UINT_MAX). Fix an integer overflow in + socket.if_indextoname() on 64-bit non-Windows platforms. + - gh-75666: Fix the behavior of tkinter widget’s unbind() method + with two arguments. Previously, widget.unbind(sequence, funcid) + destroyed the current binding for sequence, leaving sequence + unbound, and deleted the funcid command. Now it removes only + funcid from the binding for sequence, keeping other commands, + and deletes the funcid command. It leaves sequence unbound only + if funcid was the last bound command. + - gh-110345: Show the Tcl/Tk patchlevel (rather than version) in + tkinter._test(). + - gh-109858: Protect zipfile from “quoted-overlap” zipbomb. It now + raises BadZipFile when try to read an entry that overlaps with + other entry or central directory (bsc#1221854, CVE-2024-0450). + - gh-38807: Fix race condition in trace. Instead of checking if a + directory exists and creating it, directly call os.makedirs() + with the kwarg exist_ok=True. + - gh-75705: Set unixfrom envelope in mailbox.mbox and + mailbox.MMDF. + - gh-105102: Allow ctypes.Union to be nested in ctypes.Structure + when the system endianness is the opposite of the classes. + - gh-104282: Fix null pointer dereference in + lzma._decode_filter_properties() due to improper handling of BCJ + filters with properties of zero length. Patch by Radislav + Chugunov. + - gh-102512: When os.fork() is called from a foreign thread (aka + _DummyThread), the type of the thread in a child process is + changed to _MainThread. Also changed its name and daemonic + status, it can be now joined. + - gh-91133: Fix a bug in tempfile.TemporaryDirectory cleanup, + which now no longer dereferences symlinks when working around + file system permission errors. + - bpo-43153: On Windows, tempfile.TemporaryDirectory previously + masked a PermissionError with NotADirectoryError during + directory cleanup. It now correctly raises PermissionError if + errors are not ignored. Patch by Andrei Kulakov and Ken Jin. + - bpo-35332: The shutil.rmtree() function now ignores errors when + calling os.close() when ignore_errors is True, and os.close() no + longer retried after error. + - bpo-35928: io.TextIOWrapper now correctly handles the decoding + buffer after read() and write(). + - bpo-26791: shutil.move() now moves a symlink into a directory + when that directory is the target of the symlink. This provides + the same behavior as the mv shell command. The previous behavior + raised an exception. Patch by Jeffrey Kintscher. + - bpo-36959: Fix some error messages for invalid ISO format string + combinations in strptime() that referred to directives not + contained in the format string. Patch by Gordon P. Hemsley. + - bpo-18060: Fixed a class inheritance issue that can cause + segfaults when deriving two or more levels of subclasses from a + base class of Structure or Union. + - Documentation + - gh-110746: Improved markup for valid options/values for methods + ttk.treeview.column and ttk.treeview.heading, and for Layouts. + - gh-95649: Document that the asyncio module contains code taken + from v0.16.0 of the uvloop project, as well as the required MIT + licensing information. + - Tests + - gh-109980: Fix test_tarfile_vs_tar in test_shutil for macOS, + where system tar can include more information in the archive + than shutil.make_archive. + - gh-112769: The tests now correctly compare zlib version when + zlib.ZLIB_RUNTIME_VERSION contains non-integer suffixes. For + example zlib-ng defines the version as 1.3.0.zlib-ng. + - gh-105089: Fix + test.test_zipfile.test_core.TestWithDirectory.test_create_directory_with_write + test in AIX by doing a bitwise AND of 0xFFFF on mode , so that + it will be in sync with zinfo.external_attr + - bpo-40648: Test modes that file can get with chmod() on Windows. + - Build + - gh-101778: Fix build error when there’s a dangling symlink in + the directory containing ffi.h. + - gh-112305: Fixed the check-clean-src step performed on out of + tree builds to detect errant $(srcdir)/Python/frozen_modules/*.h + files and recommend appropriate source tree cleanup steps to get + a working build again. + - bpo-11102: The os.major(), os.makedev(), and os.minor() + functions are now available on HP-UX v3. + - bpo-36351: Do not set ipv6type when cross-compiling. + - IDLE + - gh-96905: In idlelib code, stop redefining built-ins ‘dict’ and + ‘object’. + - gh-72284: Improve the lists of features, editor key bindings, + and shell key bingings in the IDLE doc. + - gh-113903: Fix rare failure of test.test_idle, in + test_configdialog. + - gh-113729: Fix the “Help -> IDLE Doc” menu bug in 3.11.7 and + 3.12.1. + - gh-113269: Fix test_editor hang on macOS Catalina. + - gh-112898: Fix processing unsaved files when quitting IDLE on + macOS. + - gh-103820: Revise IDLE bindings so that events from mouse button + 4/5 on non-X11 windowing systems (i.e. Win32 and Aqua) are not + mistaken for scrolling. + - bpo-13586: Enter the selected text when opening the “Replace” + dialog. + - Tools/Demos + - gh-109991: Update GitHub CI workflows to use OpenSSL 3.0.13 and + multissltests to use 1.1.1w, 3.0.13, 3.1.5, and 3.2.1. + - gh-115015: Fix a bug in Argument Clinic that generated incorrect + code for methods with no parameters that use the METH_METHOD | + METH_FASTCALL | METH_KEYWORDS calling convention. Only the + positional parameter count was checked; any keyword argument + passed would be silently accepted. +- Remove upstreamed patches: + - CVE-2024-0450-zipfile-avoid-quoted-overlap-zipbomb.patch +- Refresh all patches: + - CVE-2023-27043-email-parsing-errors.patch + - F00251-change-user-install-location.patch + - bpo-31046_ensurepip_honours_prefix.patch + - distutils-reproducible-compile.patch + - fix_configure_rst.patch + - python-3.3.0b1-fix_date_time_compiler.patch + - python-3.3.0b1-localpath.patch + - python-3.3.0b1-test-posix_fadvise.patch + - skip_if_buildbot-extend.patch + - subprocess-raise-timeout.patch + - support-expat-CVE-2022-25236-patched.patch + +------------------------------------------------------------------- +Tue Dec 19 16:34:50 UTC 2023 - Daniel Garcia + +- Update patch fix_configure_rst.patch +- Update to 3.11.7: + - Core and Builtins + - gh-112625: Fixes a bug where a bytearray object could be cleared + while iterating over an argument in the bytearray.join() method + that could result in reading memory after it was freed. + - gh-112388: Fix an error that was causing the parser to try to + overwrite tokenizer errors. Patch by pablo Galindo + - gh-112387: Fix error positions for decoded strings with + backwards tokenize errors. Patch by Pablo Galindo + - gh-112266: Change docstrings of __dict__ and __weakref__. + - gh-109181: Speed up Traceback object creation by lazily compute + the line number. Patch by Pablo Galindo + - gh-102388: Fix a bug where iso2022_jp_3 and iso2022_jp_2004 + codecs read out of bounds + - gh-111366: Fix an issue in the codeop that was causing + SyntaxError exceptions raised in the presence of invalid syntax + to not contain precise error messages. Patch by Pablo Galindo + - gh-111380: Fix a bug that was causing SyntaxWarning to appear + twice when parsing if invalid syntax is encountered later. Patch + by Pablo galindo + - gh-88116: Traceback location ranges involving wide unicode + characters (like emoji and asian characters) now are properly + highlighted. Patch by Batuhan Taskaya and Pablo Galindo. + - gh-94438: Fix a regression that prevented jumping across is None + and is not None when debugging. Patch by Savannah Ostrowski. + - gh-110696: Fix incorrect error message for invalid argument + unpacking. Patch by Pablo Galindo + - gh-110237: Fix missing error checks for calls to PyList_Append + in _PyEval_MatchClass. + - gh-109216: Fix possible memory leak in BUILD_MAP. + + - Library + - gh-112618: Fix a caching bug relating to typing.Annotated. + Annotated[str, True] is no longer identical to Annotated[str, + 1]. + - gh-112509: Fix edge cases that could cause a key to be present + in both the __required_keys__ and __optional_keys__ attributes + of a typing.TypedDict. Patch by Jelle Zijlstra. + - gh-94722: Fix bug where comparison between instances of DocTest + fails if one of them has None as its lineno. + - gh-112105: Make readline.set_completer_delims() work with + libedit + - gh-111942: Fix SystemError in the TextIOWrapper constructor with + non-encodable “errors” argument in non-debug mode. + - gh-109538: Issue warning message instead of having RuntimeError + be displayed when event loop has already been closed at + StreamWriter.__del__(). + - gh-111942: Fix crashes in io.TextIOWrapper.reconfigure() when + pass invalid arguments, e.g. non-string encoding. + - gh-111804: Remove posix.fallocate() under WASI as the underlying + posix_fallocate() is not available in WASI preview2. + - gh-111841: Fix truncating arguments on an embedded null + character in os.putenv() and os.unsetenv() on Windows. + - gh-111541: Fix doctest for SyntaxError not-builtin subclasses. + - gh-110894: Call loop exception handler for exceptions in + client_connected_cb of asyncio.start_server() so that + applications can handle it. Patch by Kumar Aditya. + - gh-111531: Fix reference leaks in bind_class() and bind_all() + methods of tkinter widgets. + - gh-111356: Added io.text_encoding(), io.DEFAULT_BUFFER_SIZE, and + io.IncrementalNewlineDecoder to io.__all__. + - gh-68166: Remove mention of not supported “vsapi” element type + in tkinter.ttk.Style.element_create(). Add tests for + element_create() and other ttk.Style methods. Add examples for + element_create() in the documentation. + - gh-111251: Fix _blake2 not checking for errors when + initializing. + - gh-111174: Fix crash in io.BytesIO.getbuffer() called repeatedly + for empty BytesIO. + - gh-111187: Postpone removal version for + locale.getdefaultlocale() to Python 3.15. + - gh-111159: Fix doctest output comparison for exceptions with + notes. + - gh-110910: Fix invalid state handling in asyncio.TaskGroup and + asyncio.Timeout. They now raise proper RuntimeError if they are + improperly used and are left in consistent state after this. + - gh-111092: Make turtledemo run without default root enabled. + - gh-110590: Fix a bug in _sre.compile() where TypeError would be + overwritten by OverflowError when the code argument was a list + of non-ints. + - gh-65052: Prevent pdb from crashing when trying to display + undisplayable objects + - gh-110519: Deprecation warning about non-integer number in + gettext now alwais refers to the line in the user code where + gettext function or method is used. Previously it could refer to + a line in gettext code. + - gh-110378: contextmanager() and asynccontextmanager() context + managers now close an invalid underlying generator object that + yields more then one value. + - gh-110365: Fix termios.tcsetattr() bug that was overwritting + existing errors during parsing integers from term list. + - gh-110196: Add __reduce__ method to IPv6Address in order to keep + scope_id + - gh-109747: Improve errors for unsupported look-behind patterns. + Now re.error is raised instead of OverflowError or RuntimeError + for too large width of look-behind pattern. + - gh-109786: Fix possible reference leaks and crash when re-enter + the __next__() method of itertools.pairwise. + - gh-108791: Improved error handling in pdb command line + interface, making it produce more concise error messages. + - gh-73561: Omit the interface scope from an IPv6 address when + used as Host header by http.client. + - gh-86826: zipinfo now supports the full range of values in the + TZ string determined by RFC 8536 and detects all invalid + formats. Both Python and C implementations now raise exceptions + of the same type on invalid data. + - bpo-41422: Fixed memory leaks of pickle.Pickler and + pickle.Unpickler involving cyclic references via the internal + memo mapping. + - bpo-40262: The ssl.SSLSocket.recv_into() method no longer + requires the buffer argument to implement __len__ and supports + buffers with arbitrary item size. + - bpo-35191: Fix unexpected integer truncation in + socket.setblocking() which caused it to interpret multiples of + 2**32 as False. + + - Documentation + - gh-108826: dis module command-line interface is now mentioned in + documentation. + + - Tests + - gh-110367: Make regrtest --verbose3 option compatible with + --huntrleaks -jN options. The ./python -m test -j1 -R 3:3 + --verbose3 command now works as expected. Patch by Victor + Stinner. + - gh-111309: distutils tests can now be run via unittest. + - gh-111165: Remove no longer used functions run_unittest() and + run_doctest() and class BasicTestRunner from the test.support + module. + - gh-110932: Fix regrtest if the SOURCE_DATE_EPOCH environment + variable is defined: use the variable value as the random seed. + Patch by Victor Stinner. + - gh-110995: test_gdb: Fix detection of gdb built without Python + scripting support. Patch by Victor Stinner. + - gh-110918: Test case matching patterns specified by options + --match, --ignore, --matchfile and --ignorefile are now tested + in the order of specification, and the last match determines + whether the test case be run or ignored. + - gh-110647: Fix test_stress_modifying_handlers() of test_signal. + Patch by Victor Stinner. + - gh-103053: Fix test_tools.test_freeze on FreeBSD: run “make + distclean” instead of “make clean” in the copied source + directory to remove also the “python” program. Patch by Victor + Stinner. + - gh-110167: Fix a deadlock in test_socket when server fails with + a timeout but the client is still running in its thread. Don’t + hold a lock to call cleanup functions in doCleanups(). One of + the cleanup function waits until the client completes, whereas + the client could deadlock if it called addCleanup() in such + situation. Patch by Victor Stinner. + - gh-110388: Add tests for tty. + - gh-81002: Add tests for termios. + - gh-110267: Add tests for pickling and copying PyStructSequence + objects. Patched by Xuehai Pan. + - gh-109974: Fix race conditions in test_threading lock tests. + Wait until a condition is met rather than using time.sleep() + with a hardcoded number of seconds. Patch by Victor Stinner. + - gh-109972: Split test_gdb.py file into a test_gdb package made + of multiple tests, so tests can now be run in parallel. Patch by + Victor Stinner. + - gh-104736: Fix test_gdb on Python built with LLVM clang 16 on + Linux ppc64le (ex: Fedora 38). Search patterns in gdb “bt” + command output to detect when gdb fails to retrieve the + traceback. For example, skip a test if Backtrace stopped: frame + did not save the PC is found. Patch by Victor Stinner. + - gh-108927: Fixed order dependence in running tests in the same + process when a test that has submodules (e.g. test_importlib) + follows a test that imports its submodule (e.g. + test_importlib.util) and precedes a test (e.g. test_unittest or + test_compileall) that uses that submodule. + + - Build + - gh-103053: “make check-clean-src” now also checks if the + “python” program is found in the source directory: fail with an + error if it does exist. Patch by Victor Stinner. + - gh-109191: Fix compile error when building with recent versions + of libedit. + + - IDLE + - bpo-35668: Add docstrings to the IDLE debugger module. Fix two + bugs: initialize Idb.botframe (should be in Bdb); in + Idb.in_rpc_code, check whether prev_frame is None before trying + to use it. Greatly expand test_debugger. + + - C API + - gh-112438: Fix support of format units “es”, “et”, “es#”, and + “et#” in nested tuples in PyArg_ParseTuple()-like functions. + - gh-109521: PyImport_GetImporter() now sets RuntimeError if it + fails to get sys.path_hooks or sys.path_importer_cache or they + are not list and dict correspondingly. Previously it could + return NULL without setting error in obscure cases, crash or + raise SystemError if these attributes have wrong type. +------------------------------------------------------------------- +Mon Dec 18 16:20:58 UTC 2023 - Matej Cepl + +- Refresh CVE-2023-27043-email-parsing-errors.patch to + gh#python/cpython!111116, fixing bsc#1210638 (CVE-2023-27043). +- Thus we can remove Revert-gh105127-left-tests.patch, which is + now useless. + +------------------------------------------------------------------- +Wed Nov 15 09:06:16 UTC 2023 - Daniel Garcia + +- Remove not needed patch 103213-fetch-CONFIG_ARGS.patch +- Refresh patches: + - bpo-31046_ensurepip_honours_prefix.patch + - fix_configure_rst.patch + +- Update to 3.11.6: + - Core and Builtins + - gh-109351: Fix crash when compiling an invalid AST involving a + named (walrus) expression. + - gh-109207: Fix a SystemError in __repr__ of symtable entry + object. + - gh-109179: Fix bug where the C traceback display drops notes + from SyntaxError. + - gh-88943: Improve syntax error for non-ASCII character that + follows a numerical literal. It now points on the invalid + non-ASCII character, not on the valid numerical literal. + - gh-108959: Fix caret placement for error locations for subscript + and binary operations that involve non-semantic parentheses and + spaces. Patch by Pablo Galindo + - gh-108520: Fix + multiprocessing.synchronize.SemLock.__setstate__() to properly + initialize multiprocessing.synchronize.SemLock._is_fork_ctx. + This fixes a regression when passing a SemLock accross nested + processes. + - Rename multiprocessing.synchronize.SemLock.is_fork_ctx to + multiprocessing.synchronize.SemLock._is_fork_ctx to avoid + exposing it as public API. + - Library + - gh-110036: On Windows, multiprocessing Popen.terminate() now + catchs PermissionError and get the process exit code. If the + process is still running, raise again the PermissionError. + Otherwise, the process terminated as expected: store its exit + code. Patch by Victor Stinner. + - gh-110038: Fixed an issue that caused KqueueSelector.select() to + not return all the ready events in some cases when a file + descriptor is registered for both read and write. + - gh-109631: re functions such as re.findall(), re.split(), + re.search() and re.sub() which perform short repeated matches + can now be interrupted by user. + - gh-109593: Avoid deadlocking on a reentrant call to the + multiprocessing resource tracker. Such a reentrant call, though + unlikely, can happen if a GC pass invokes the finalizer for a + multiprocessing object such as SemLock. + - gh-109613: Fix os.stat() and os.DirEntry.stat(): check for + exceptions. Previously, on Python built in debug mode, these + functions could trigger a fatal Python error (and abort the + process) when a function succeeded with an exception set. Patch + by Victor Stinner. + - gh-109375: The pdb alias command now prevents registering + aliases without arguments. + - gh-107219: Fix a race condition in concurrent.futures. When a + process in the process pool was terminated abruptly (while the + future was running or pending), close the connection write end. + If the call queue is blocked on sending bytes to a worker + process, closing the connection write end interrupts the send, + so the queue can be closed. Patch by Victor Stinner. + - gh-50644: Attempts to pickle or create a shallow or deep copy of + codecs streams now raise a TypeError. Previously, copying failed + with a RecursionError, while pickling produced wrong results + that eventually caused unpickling to fail with a RecursionError. + - gh-108987: Fix _thread.start_new_thread() race condition. If a + thread is created during Python finalization, the newly spawned + thread now exits immediately instead of trying to access freed + memory and lead to a crash. Patch by Victor Stinner. + - gh-108843: Fix an issue in ast.unparse() when unparsing + f-strings containing many quote types. + - gh-108682: Enum: raise TypeError if super().__new__() is called + from a custom __new__. + - gh-105829: Fix concurrent.futures.ProcessPoolExecutor deadlock + - gh-64662: Fix support for virtual tables in + sqlite3.Connection.iterdump(). Patch by Aviv Palivoda. + - gh-107913: Fix possible losses of errno and winerror values in + OSError exceptions if they were cleared or modified by the + cleanup code before creating the exception object. + - gh-104372: On Linux where subprocess can use the vfork() syscall + for faster spawning, prevent the parent process from blocking + other threads by dropping the GIL while it waits for the + vfork’ed child process exec() outcome. This prevents spawning a + binary from a slow filesystem from blocking the rest of the + application. + - gh-84867: unittest.TestLoader no longer loads test cases from + exact unittest.TestCase and unittest.FunctionTestCase classes. + - Documentation + - gh-109209: The minimum Sphinx version required for the + documentation is now 4.2. + - gh-105052: Update timeit doc to specify that time in seconds is + just the default. + - gh-102823: Document the return type of x // y when x and y have + type float. + - Tests + - gh-110031: Skip test_threading tests using thread+fork if Python + is built with Address Sanitizer (ASAN). Patch by Victor Stinner. + - gh-110088: Fix test_asyncio timeouts: don’t measure the maximum + duration, a test should not measure a CI performance. Only + measure the minimum duration when a task has a timeout or delay. + Add CLOCK_RES to test_asyncio.utils. Patch by Victor Stinner. + - gh-110033: Fix test_interprocess_signal() of test_signal. Make + sure that the subprocess.Popen object is deleted before the test + raising an exception in a signal handler. Otherwise, + Popen.__del__() can get the exception which is logged as + Exception ignored in: ... and the test fails. Patch by Victor + Stinner. + - gh-109594: Fix test_timeout() of + test_concurrent_futures.test_wait. Remove the future which may + or may not complete depending if it takes longer than the + timeout ot not. Keep the second future which does not complete + before wait() timeout. Patch by Victor Stinner. + - gh-109748: Fix test_zippath_from_non_installed_posix() of + test_venv: don’t copy __pycache__/ sub-directories, because they + can be modified by other Python tests running in parallel. Patch + by Victor Stinner. + - gh-103053: Skip test_freeze_simple_script() of + test_tools.test_freeze if Python is built with ./configure + --enable-optimizations, which means with Profile Guided + Optimization (PGO): it just makes the test too slow. The freeze + tool is tested by many other CIs with other (faster) compiler + flags. Patch by Victor Stinner. + - gh-109396: Fix test_socket.test_hmac_sha1() in FIPS mode. Use a + longer key: FIPS mode requires at least of at least 112 bits. + The previous key was only 32 bits. Patch by Victor Stinner. + - gh-104736: Fix test_gdb on Python built with LLVM clang 16 on + Linux ppc64le (ex: Fedora 38). Search patterns in gdb “bt” + command output to detect when gdb fails to retrieve the + traceback. For example, skip a test if Backtrace stopped: frame + did not save the PC is found. Patch by Victor Stinner. + - gh-109237: Fix test_site.test_underpth_basic() when the working + directory contains at least one non-ASCII character: encode the + ._pth file to UTF-8 and enable the UTF-8 Mode to use UTF-8 for + the child process stdout. Patch by Victor Stinner. + - gh-109230: Fix test_pyexpat.test_exception(): it can now be run + from a directory different than Python source code directory. + Before, the test failed in this case. Skip the test if + Modules/pyexpat.c source is not available. Skip also the test on + Python implementations other than CPython. Patch by Victor + Stinner. + - gh-109015: Fix test_asyncio, test_imaplib and test_socket tests + on FreeBSD if the TCP blackhole is enabled (sysctl + net.inet.tcp.blackhole). Skip the few tests which failed with + ETIMEDOUT which such non standard configuration. Currently, the + FreeBSD GCP image enables TCP and UDP blackhole (sysctl + net.inet.tcp.blackhole=2 and sysctl net.inet.udp.blackhole=1). + Patch by Victor Stinner. + - gh-91960: Skip test_gdb if gdb is unable to retrieve Python + frame objects: if a frame is . When Python is + built with “clang -Og”, gdb can fail to retrive the frame + parameter of _PyEval_EvalFrameDefault(). In this case, tests + like py_bt() are likely to fail. Without getting access to + Python frames, python-gdb.py is mostly clueless on retrieving + the Python traceback. Moreover, test_gdb is no longer skipped on + macOS if Python is built with Clang. Patch by Victor Stinner. + - gh-108962: Skip test_tempfile.test_flags() if chflags() fails + with “OSError: [Errno 45] Operation not supported” (ex: on + FreeBSD 13). Patch by Victor Stinner. + - gh-89392: Removed support of test_main() function in tests. They + now always use normal unittest test runner. + - gh-108851: Fix test_tomllib recursion tests for WASI buildbots: + reduce the recursion limit and compute the maximum nested + array/dict depending on the current available recursion limit. + Patch by Victor Stinner. + - gh-108851: Add get_recursion_available() and + get_recursion_depth() functions to the test.support module. + Patch by Victor Stinner. + - gh-108822: regrtest now computes statistics on all tests: + successes, failures and skipped. test_netrc, test_pep646_syntax + and test_xml_etree now return results in their test_main() + function. Patch by Victor Stinner and Alex Waygood. + - gh-108388: Convert test_concurrent_futures to a package of 7 + sub-tests. Patch by Victor Stinner. + - gh-108388: Split test_multiprocessing_fork, + test_multiprocessing_forkserver and test_multiprocessing_spawn + into test packages. Each package is made of 4 sub-tests: + processes, threads, manager and misc. It allows running more + tests in parallel and so reduce the total test duration. Patch + by Victor Stinner. + - gh-101634: When running the Python test suite with -jN option, + if a worker stdout cannot be decoded from the locale encoding + report a failed testn so the exitcode is non-zero. Patch by + Victor Stinner. + - gh-100086: The Python test runner (libregrtest) now logs Python + build information like “debug” vs “release” build, or LTO and + PGO optimizations. Patch by Victor Stinner. + - gh-98903: The Python test suite now fails wit exit code 4 if no + tests ran. It should help detecting typos in test names and test + methods. + - gh-95027: On Windows, when the Python test suite is run with the + -jN option, the ANSI code page is now used as the encoding for + the stdout temporary file, rather than using UTF-8 which can + lead to decoding errors. Patch by Victor Stinner. + - gh-93353: regrtest now checks if a test leaks temporary files or + directories if run with -jN option. Patch by Victor Stinner. + - Build + - gh-63760: Fix Solaris build: no longer redefine the + gethostname() function. Solaris defines the function since 2005. + Patch by Victor Stinner, original patch by Jakub Kulík. + - gh-108740: Fix a race condition in make regen-all. The + deepfreeze.c source and files generated by Argument Clinic are + now generated or updated before generating “global objects”. + Previously, some identifiers may miss depending on the order in + which these files were generated. Patch by Victor Stinner. + - Windows + - gh-109991: Update Windows build to use OpenSSL 3.0.11. + - gh-107565: Update Windows build to use OpenSSL 3.0.10. + - macOS + - gh-109991: Update macOS installer to use OpenSSL 3.0.11. + - Tools/Demos + - gh-109991: Update GitHub CI workflows to use OpenSSL 3.0.11 and + multissltests to use 1.1.1w, 3.0.11, and 3.1.3. + +------------------------------------------------------------------- +Wed Sep 6 07:52:11 UTC 2023 - Daniel Garcia + +- Update to 3.11.5 (bsc#1214692): + - Security + - gh-108310: Fixed an issue where instances of ssl.SSLSocket were + vulnerable to a bypass of the TLS handshake and included + protections (like certificate verification) and treating sent + unencrypted data as if it were post-handshake TLS encrypted data. + Security issue reported as CVE-2023-40217 by Aapo Oksman. Patch by + Gregory P. Smith. + - Core and Builtins + - gh-104432: Fix potential unaligned memory access on C APIs + involving returned sequences of char * pointers within the grp + and socket modules. These were revealed using a + -fsaniziter=alignment build on ARM macOS. Patch by Christopher + Chavez. + - gh-77377: Ensure that multiprocessing synchronization objects + created in a fork context are not sent to a different process + created in a spawn context. This changes a segfault into an + actionable RuntimeError in the parent process. + - gh-106092: Fix a segmentation fault caused by a use-after-free + bug in frame_dealloc when the trashcan delays the deallocation + of a PyFrameObject. + - gh-106719: No longer suppress arbitrary errors in the + __annotations__ getter and setter in the type and module types. + - gh-106723: Propagate frozen_modules to multiprocessing spawned + process interpreters. + - gh-105979: Fix crash in _imp.get_frozen_object() due to improper + exception handling. + - gh-105840: Fix possible crashes when specializing function calls + with too many __defaults__. + - gh-105588: Fix an issue that could result in crashes when + compiling malformed ast nodes. + - gh-105375: Fix bugs in the builtins module where exceptions + could end up being overwritten. + - gh-105375: Fix bug in the compiler where an exception could end + up being overwritten. + - gh-105375: Improve error handling in + PyUnicode_BuildEncodingMap() where an exception could end up + being overwritten. + - gh-105235: Prevent out-of-bounds memory access during + mmap.find() calls. + - gh-101006: Improve error handling when read marshal data. + - Library + - gh-105736: Harmonized the pure Python version of OrderedDict + with the C version. Now, both versions set up their internal + state in __new__. Formerly, the pure Python version did the set + up in __init__. + - gh-107963: Fix multiprocessing.set_forkserver_preload() to check + the given list of modules names. Patch by Dong-hee Na. + - gh-106242: Fixes os.path.normpath() to handle embedded null + characters without truncating the path (bsc#1214693, + CVE-2023-41105). + - gh-107845: tarfile.data_filter() now takes the location of + symlinks into account when determining their target, so it will + no longer reject some valid tarballs with + LinkOutsideDestinationError. + - gh-107715: Fix doctest.DocTestFinder.find() in presence of class + names with special characters. Patch by Gertjan van Zwieten. + - gh-100814: Passing a callable object as an option value to a + Tkinter image now raises the expected TclError instead of an + AttributeError. + - gh-106684: Close asyncio.StreamWriter when it is not closed by + application leading to memory leaks. Patch by Kumar Aditya. + - gh-107077: Seems that in some conditions, OpenSSL will return + SSL_ERROR_SYSCALL instead of SSL_ERROR_SSL when a certification + verification has failed, but the error parameters will still + contain ERR_LIB_SSL and SSL_R_CERTIFICATE_VERIFY_FAILED. We are + now detecting this situation and raising the appropiate + ssl.SSLCertVerificationError. Patch by Pablo Galindo + - gh-107396: tarfiles; Fixed use before assignment of + self.exception for gzip decompression + - gh-62519: Make gettext.pgettext() search plural definitions when + translation is not found. + - gh-83006: Document behavior of shutil.disk_usage() for + non-mounted filesystems on Unix. + - gh-106186: Do not report MultipartInvariantViolationDefect + defect when the email.parser.Parser class is used to parse + emails with headersonly=True. + - gh-106831: Fix potential missing NULL check of d2i_SSL_SESSION + result in _ssl.c. + - gh-106774: Update the bundled copy of pip to version 23.2.1. + - gh-106752: Fixed several bug in zipfile.Path in + name/suffix/suffixes/stem operations when no filename is present + and the Path is not at the root of the zipfile. + - gh-106602: Add __copy__ and __deepcopy__ in enum + - gh-106530: Revert a change to colorsys.rgb_to_hls() that caused + division by zero for certain almost-white inputs. Patch by Terry + Jan Reedy. + - gh-106052: re module: fix the matching of possessive quantifiers + in the case of a subpattern containing backtracking. + - gh-106510: Improve debug output for atomic groups in regular + expressions. + - gh-105497: Fix flag mask inversion when unnamed flags exist. + - gh-90876: Prevent multiprocessing.spawn from failing to import + in environments where sys.executable is None. This regressed in + 3.11 with the addition of support for path-like objects in + multiprocessing. + - gh-106350: Detect possible memory allocation failure in the + libtommath function mp_init() used by the _tkinter module. + - gh-102541: Make pydoc.doc catch bad module ImportError when + output stream is not None. + - gh-106263: Fix crash when calling repr with a manually + constructed SignalDict object. Patch by Charlie Zhao. + - gh-105375: Fix a bug in _Unpickler_SetInputStream() where an + exception could end up being overwritten in case of failure. + - gh-105375: Fix bugs in sys where exceptions could end up being + overwritten because of deferred error handling. + - gh-105605: Harden pyexpat error handling during module + initialisation to prevent exceptions from possibly being + overwritten, and objects from being dereferenced twice. + - gh-105375: Fix bug in decimal where an exception could end up + being overwritten. + - gh-105375: Fix bugs in _datetime where exceptions could be + overwritten in case of module initialisation failure. + - gh-105375: Fix bugs in _ssl initialisation which could lead to + leaked references and overwritten exceptions. + - gh-105375: Fix a bug in array.array where an exception could end + up being overwritten. + - gh-105375: Fix bugs in _ctypes where exceptions could end up + being overwritten. + - gh-105375: Fix a bug in the posix module where an exception + could be overwritten. + - gh-105375: Fix bugs in _elementtree where exceptions could be + overwritten. + - gh-105375: Fix bugs in zoneinfo where exceptions could be + overwritten. + - gh-105375: Fix bugs in pickle where exceptions could be + overwritten. + - gh-105497: Fix flag inversion when alias/mask members exist. + - gh-105375: Fix bugs in pickle where exceptions could be + overwritten. + - gh-103171: Revert undocumented behaviour change with + runtime-checkable protocols decorated with typing.final() in + Python 3.11. The behaviour change had meant that objects would + not be considered instances of these protocols at runtime unless + they had a __final__ attribute. Patch by Alex Waygood. + - gh-105375: Fix a bug in sqlite3 where an exception could be + overwritten in the collation callback. + - gh-105332: Revert pickling method from by-name back to by-value. + - gh-104554: Add RTSPS scheme support in urllib.parse + - gh-100061: Fix a bug that causes wrong matches for regular + expressions with possessive qualifier. + - gh-102541: Hide traceback in help() prompt, when import failed. + - gh-99203: Restore following CPython <= 3.10.5 behavior of + shutil.make_archive(): do not create an empty archive if + root_dir is not a directory, and, in that case, raise + FileNotFoundError or NotADirectoryError regardless of format + choice. Beyond the brought-back behavior, the function may now + also raise these exceptions in dry_run mode. + - gh-94777: Fix hanging multiprocessing ProcessPoolExecutor when a + child process crashes while data is being written in the call + queue. + - bpo-18319: Ensure gettext(msg) retrieve translations even if a + plural form exists. In other words: gettext(msg) == + ngettext(msg, '', 1). + - Documentation + - gh-107008: Document the curses module variables LINES and COLS. + - gh-106948: Add a number of standard external names to + nitpick_ignore. + - gh-54738: Add documentation on how to localize the argparse + module. + - Tests + - gh-105776: Fix test_cppext when the C compiler command -std=c11 + option: remove -std= options from the compiler command. Patch by + Victor Stinner. + - gh-107237: test_logging: Fix test_udp_reconnection() by + increasing the timeout from 100 ms to 5 minutes (LONG_TIMEOUT). + Patch by Victor Stinner. + - gh-101634: When running the Python test suite with -jN option, + if a worker stdout cannot be decoded from the locale encoding + report a failed testn so the exitcode is non-zero. Patch by + Victor Stinner. + - Build + - gh-107814: When calling find_python.bat with -q it did not + properly silence the output of nuget. That is now fixed. + - gh-106881: Check for linux/limits.h before including it in + Modules/posixmodule.c. + - gh-104692: Include commoninstall as a prerequisite for + bininstall + - This ensures that commoninstall is completed before bininstall + is started when parallel builds are used (make -j install), and + so the python3 symlink is only installed after all standard + library modules are installed. + - gh-100340: Allows -Wno-int-conversion for wasm-sdk 17 and + onwards, thus enables building WASI builds once against the + latest sdk. + - Windows + - gh-106242: Fixes realpath() to behave consistently when passed a + path containing an embedded null character on Windows. In strict + mode, it now raises OSError instead of the unexpected + ValueError, and in non-strict mode will make the path absolute. + - gh-106844: Fix integer overflow in _winapi.LCMapStringEx() which + affects ntpath.normcase(). + - gh-99079: Update Windows build to use OpenSSL 3.0.9 + - gh-105436: Ensure that an empty environment block is terminated + by two null characters, as is required by Windows. + - macOS + - gh-107565: Update macOS installer to use OpenSSL 3.0.10. + - gh-99079: Update macOS installer to use OpenSSL 3.0.9. + - Tools/Demos + - gh-107565: Update multissltests and GitHub CI workflows to use + OpenSSL 1.1.1v, 3.0.10, and 3.1.2. + - gh-95065: Argument Clinic now supports overriding automatically + generated signature by using directive @text_signature. See How + to override the generated signature. + - gh-106970: Fix bugs in the Argument Clinic destination + clear command; the destination buffers would never be cleared, + and the destination directive parser would simply continue to + the fault handler after processing the command. Patch by Erlend + E. Aasland. + - C API + - gh-107916: C API functions PyErr_SetFromErrnoWithFilename(), + PyErr_SetExcFromWindowsErrWithFilename() and + PyErr_SetFromWindowsErrWithFilename() save now the error code + before calling PyUnicode_DecodeFSDefault(). + - gh-107915: Such C API functions as PyErr_SetString(), + PyErr_Format(), PyErr_SetFromErrnoWithFilename() and many others + no longer crash or ignore errors if it failed to format the + error message or decode the filename. Instead, they keep a + corresponding error. + - gh-107226: PyModule_AddObjectRef() is now only available in the + limited API version 3.10 or later. + - gh-105375: Fix a bug in PyErr_WarnExplicit() where an exception + could end up being overwritten if the API failed internally. + - gh-99612: Fix PyUnicode_DecodeUTF8Stateful() for ASCII-only + data: *consumed was not set. + +------------------------------------------------------------------- +Thu Aug 10 09:33:26 UTC 2023 - Dirk Müller + +- restrict PEP668 to ALP/Tumbleweed + +------------------------------------------------------------------- +Fri Aug 4 06:37:41 UTC 2023 - Dirk Müller + +- add externally_managed.in to label this build as PEP-668 managed + +------------------------------------------------------------------- +Thu Aug 3 14:53:38 UTC 2023 - Matej Cepl + +- IT MEANS THAT bsc#1210638 STILL HAS NOT BEEN FIXED! +- Add Revert-gh105127-left-tests.patch (gh#python/cpython!106941) + partially reverting CVE-2023-27043-email-parsing-errors.patch, + because of the regression in gh#python/cpython#106669. +- (bsc#1210638, CVE-2023-27043) Add + CVE-2023-27043-email-parsing-errors.patch, which detects email + address parsing errors and returns empty tuple to indicate the + parsing error (old API). (The patch is faulty, + gh#python/cpython#106669, but upstream decided not to just + revert it). + +------------------------------------------------------------------- +Wed Jun 28 19:47:28 UTC 2023 - Matej Cepl + +- Update to Python 3.11.4: + - gh-103142: The version of OpenSSL used in Windows and + Mac installers has been upgraded to 1.1.1u to address + CVE-2023-2650, CVE-2023-0465, CVE-2023-0466, CVE-2023-0464, + as well as CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303 + fixed previously in 1.1.1t (gh-101727). + - gh-102153: urllib.parse.urlsplit() now strips leading C0 + control and space characters following the specification for + URLs defined by WHATWG in response to CVE-2023-24329 + (bsc#1208471). + - gh-99889: Fixed a security in flaw in uu.decode() that could + allow for directory traversal based on the input if no + out_file was specified. + - gh-104049: Do not expose the local on-disk + location in directory indexes produced by + http.client.SimpleHTTPRequestHandler. + - gh-103935: trace.__main__ now uses io.open_code() for files + to be executed instead of raw open(). + - gh-102953: The extraction methods in tarfile, and + shutil.unpack_archive(), have a new filter argument that + allows limiting tar features than may be surprising or + dangerous, such as creating files outside the destination + directory. See Extraction filters for details (fixing + CVE-2007-4559, bsc#1203750). +- Remove upstreamed patches: + - CVE-2007-4559-filter-tarfile_extractall.patch + +------------------------------------------------------------------- +Mon Jun 26 13:02:05 UTC 2023 - Matej Cepl + +- Remove obsolete_python_versioned macro again. This mechanism + has no business to be in Python 3.11, because we have abolished + with it whole interpreter+setuptools+pip product. Python 3.11 + should not be replaced by later versions anymore. + +------------------------------------------------------------------- +Sun Apr 30 18:13:16 UTC 2023 - Matej Cepl + +- Add 103213-fetch-CONFIG_ARGS.patch (gh#python/cpython#103053). +- Add skip_if_buildbot-extend.patch to avoid the bug altogether + (extending what skip_if_buildbot covers). +- Add CVE-2007-4559-filter-tarfile_extractall.patch to fix + bsc#1203750 (CVE-2007-4559) and implementing "PEP 706 – Filter + for tarfile.extractall". + +------------------------------------------------------------------- +Thu Apr 27 21:57:15 UTC 2023 - Matej Cepl + +- Update to 3.11.3: + - Security + - gh-101727: Updated the OpenSSL version used in Windows + and macOS binary release builds to 1.1.1t to address + CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303 per the + OpenSSL 2023-02-07 security advisory. + - Core and Builtins + - gh-101975: Fixed stacktop value on tracing entries to avoid + corruption on garbage collection. + - gh-102701: Fix overflow when creating very large dict. + - gh-102416: Do not memoize incorrectly automatically + generated loop rules in the parser. Patch by Pablo Galindo. + - gh-102356: Fix a bug that caused a crash when deallocating + deeply nested filter objects. Patch by Marta Gómez Macías. + - gh-102397: Fix segfault from race condition in signal + handling during garbage collection. Patch by Kumar Aditya. + - gh-102281: Fix potential nullptr dereference and use of + uninitialized memory in fileutils. Patch by Max Bachmann. + - gh-102126: Fix deadlock at shutdown when clearing thread + states if any finalizer tries to acquire the runtime head + lock. Patch by Kumar Aditya. + - gh-102027: Fix SSE2 and SSE3 detection in _blake2 internal + module. Patch by Max Bachmann. + - gh-101967: Fix possible segfault in + positional_only_passed_as_keyword function, when new list + created. + - gh-101765: Fix SystemError / segmentation fault in iter + __reduce__ when internal access of builtins.__dict__ keys + mutates the iter object. + - gh-101696: Invalidate type version tag in + _PyStaticType_Dealloc for static types, avoiding bug where + a false cache hit could crash the interpreter. Patch by + Kumar Aditya. + - Library + - gh-102549: Don’t ignore exceptions in member type creation. + - gh-102947: Improve traceback when dataclasses.fields() is + called on a non-dataclass. Patch by Alex Waygood + - gh-102780: The asyncio.Timeout context manager now + works reliably even when performing cleanup due to task + cancellation. Previously it could raise a CancelledError + instead of an TimeoutError in such cases. + - gh-88965: typing: Fix a bug relating to substitution in . + Pacustom classes generic over a ParamSpec. Previously, if . + Pathe ParamSpec was substituted with a parameters list that . + Paitself contained a TypeVar, the TypeVar in the parameters . + Palist could not be subsequently substituted. This is now . + Pafixed tch by Nikita Sobolev . + - gh-101979: Fix a bug where parentheses in the metavar + argument to argparse.ArgumentParser.add_argument() were + dropped. Patch by Yeojin Kim. + - gh-102179: Fix os.dup2() error message for negative fds. + - gh-101961: For the binary mode, fileinput.hookcompressed() + doesn’t set the encoding value even if the value is + None. Patch by Gihwan Kim. + - gh-101936: The default value of fp becomes io.BytesIO + if HTTPError is initialized without a designated fp + parameter. Patch by Long Vo. + - gh-102069: Fix __weakref__ descriptor generation for custom + dataclasses. + - gh-101566: In zipfile, apply fix for extractall on the + underlying zipfile after being wrapped in Path. + - gh-101892: Callable iterators no longer raise SystemError + when the callable object exhausts the iterator but forgets + to either return a sentinel value or raise StopIteration. + - gh-97786: Fix potential undefined behaviour in corner cases + of floating-point-to-time conversions. + - gh-101517: Fixed bug where bdb looks up the source line + with linecache with a lineno=None, which causes it to fail + with an unhandled exception. + - gh-101673: Fix a pdb bug where ll clears the changes to + local variables. + - gh-96931: Fix incorrect results from + ssl.SSLSocket.shared_ciphers() + - gh-88233: Correctly preserve “extra” fields in zipfile + regardless of their ordering relative to a zip64 “extra.” + - gh-96127: inspect.signature was raising TypeError on + call with mock objects. Now it correctly returns (*args, + **kwargs) as infered signature. + - gh-95495: When built against OpenSSL 3.0, the ssl module + had a bug where it reported unauthenticated EOFs (i.e. + without close_notify) as a clean TLS-level EOF. It now + raises SSLEOFError, matching the behavior in previous + versions of OpenSSL. The options attribute on SSLContext + also no longer includes OP_IGNORE_UNEXPECTED_EOF by + default. This option may be set to specify the previous + OpenSSL 3.0 behavior. + - gh-94440: Fix a concurrent.futures.process bug where + ProcessPoolExecutor shutdown could hang after a future has + been quickly submitted and canceled. + - Documentation + - gh-103112: Add docstring to http.client.HTTPResponse.read() + to fix pydoc output. + - gh-85417: Update cmath documentation to clarify behaviour + on branch cuts. + - gh-97725: Fix asyncio.Task.print_stack() description for + file=None. Patch by Oleg Iarygin. + - Tests + - gh-102980: Improve test coverage on pdb. + - gh-102537: Adjust the error handling strategy in + test_zoneinfo.TzPathTest.python_tzpath_context. Patch by + Paul Ganssle. + - gh-89792: test_tools now copies up to 10x less source data + to a temporary directory during the freeze test by ignoring + git metadata and other artifacts. It also limits its python + build parallelism based on os.cpu_count instead of hard + coding it as 8 cores. + - gh-101377: Improved test_locale_calendar_formatweekday of + calendar. + - Build + - gh-102711: Fix -Wstrict-prototypes compiler warnings. + +------------------------------------------------------------------- +Fri Mar 3 17:23:35 UTC 2023 - Matej Cepl + +- Update to 3.11.2: + Bug fixes, no changes in API and no security bugs. + +------------------------------------------------------------------- +Wed Mar 1 20:50:04 UTC 2023 - Matej Cepl + +- Add python310 Obsoletes line to obsolete_python_versioned macro. + +------------------------------------------------------------------- +Tue Feb 21 11:34:49 UTC 2023 - Matej Cepl + +- Add provides for readline and sqlite3 to the main Python + package. + +------------------------------------------------------------------- +Thu Jan 26 13:28:24 UTC 2023 - Thorsten Kukuk + +- Disable NIS for new products, it's deprecated and gets removed + +------------------------------------------------------------------- +Tue Jan 24 12:23:34 UTC 2023 - Dirk Müller + +- build GLIBC hwcaps optimized versions of the interpreter + +------------------------------------------------------------------- +Tue Jan 10 11:11:56 UTC 2023 - Matej Cepl + +- Don't fail on Sphinx build warnings. +- For jsc#PED-1570, jsc#PED-2217 and jsc#PED-68, + providing Python 3.11 for SLE-15-SP4. + +------------------------------------------------------------------- +Thu Dec 8 14:59:50 UTC 2022 - Matej Cepl + +- Update to 3.11.1: + - python -m http.server no longer allows terminal control + characters sent within a garbage request to be printed + to the stderr server lo This is done by changing the + http.server BaseHTTPRequestHandler .log_message method to + replace control characters with a \xHH hex escape before + printin + - Avoid publishing list of active per-interpreter audit hooks + via the gc module + - The IDNA codec decoder used on DNS hostnames by socket or + asyncio related name resolution functions no longer involves + a quadratic algorithm. This prevents a potential CPU denial + of service if an out-of-spec excessive length hostname + involving bidirectional characters were decoded. Some + protocols such as urllib http 3xx redirects potentially allow + for an attacker to supply such a name (CVE-2022-45061). + - Update bundled libexpat to 2.5.0 + - Fix a shell code injection vulnerability in the + get-remote-certificate.py example script. The script no + longer uses a shell to run openssl commands. Issue reported + and initial fix by Caleb Shortt. Patch by Victor Stinner. + - Fix a crash when an object which does not have a dictionary + frees its instance values. + - Fix a bug in the tokenizer that could cause infinite + recursion when showing syntax warnings that happen in the + first line of the source. Patch by Pablo Galindo + - Fix an issue that could cause frames to be visible to Python + code as they are being torn down, possibly leading to memory + corruption or hard crashes of the interpreter. + - Fix a reference bug in _imp.create_builtin() after the + creation of the first sub-interpreter for modules builtins + and sys. Patch by Victor Stinner. + - Fixed a bug that was causing a buffer overflow if the + tokenizer copies a line missing the newline caracter from a + file that is as long as the available tokenizer buffer. Patch + by Pablo galindo + - Fix bug where an ExceptionGroup subclass can wrap a + BaseException. + - Fix zip path for venv created from a non-installed python on + POSIX platforms. + - Fix an issue that could potentially cause incorrect error + handling for some bytecode instructions. + - Fix an issue that prevented PyThreadState and + PyInterpreterState memory from being freed properly. + - Fix failure in except* with unhashable exceptions. + - Fix calculation of sys._base_executable when inside a POSIX + virtual environment using copies of the python binary when + the base installation does not provide the executable name + used by the venv. Calculation will fall back to alternative + names (“python”, “python.”). + - Update faulthandler to emit an error message with the proper + unexpected signal number. Patch by Dong-hee Na. + - Fix location of SyntaxError for a try block with both except + and except*. + - Fix the error reporting positions of specialized traceback + anchors when the source line contains Unicode characters. + - Fix subscription of type aliases containing bare generic + types or types like TypeVar: for example tuple[A, T][int] and + tuple[TypeVar, T][int], where A is a generic type, and T is a + type variable. + - Lower the recursion depth for marshal on WASI to support + wasmtime 2.0/main. + - Fix multiple crashes in debug mode when str subclasses are + used instead of str itself. + - Fix an issue where member descriptors (such as those for + __slots__) could behave incorrectly or crash instead of + raising a TypeError when accessed via an instance of an + invalid type. + - Suppress ImportError for invalid query for help() + command. Patch by Dong-hee Na. + - Fix detection of MAC addresses for uuid on certain OSs. Patch + by Chaim Sanders + - Print exception class name instead of its string + representation when raising errors from ctypes calls. + - os.sched_yield() now release the GIL while calling + sched_yield(2). Patch by Dong-hee Na. + - Fix an issue that could delay the specialization of PRECALL + instructions. + - Bugfix: PyFunction_GetAnnotations() should return a borrowed + reference. It was returning a new reference. + - Ensure that all Python frame objects are backed by “complete” + frames. + - Fixed a missing incref/decref pair in + Exception.__setstate__(). Patch by Ofey Chan. + - Fix the Python path configuration used to initialized + sys.path at Python startup. Paths are no longer encoded + to UTF-8/strict to avoid encoding errors if it contains + surrogate characters (bytes paths are decoded with the + surrogateescape error handler). Patch by Victor Stinner. + - Fix overly-broad source position information for chained + comparisons used as branching conditions. + - At Python exit, sometimes a thread holding the GIL can + wait forever for a thread (usually a daemon thread) which + requested to drop the GIL, whereas the thread already + exited. To fix the race condition, the thread which requested + the GIL drop now resets its request before exiting. Issue + discovered and analyzed by Mingliang ZHAO. Patch by Victor + Stinner. + - Fix a possible assertion failure, fatal error, or SystemError + if a line tracing event raises an exception while opcode + tracing is enabled. + - Fix undefined behaviour in C code of null pointer arithmetic. + - Make sure that all frame objects created are created from + valid interpreter frames. Prevents the possibility of invalid + frames in backtraces and signal handlers. + - Disable incorrect pickling of the C implemented classmethod + descriptors. + - On WASI ENOTCAPABLE is now mapped to PermissionError. The + errno modules exposes the new error number. getpath.py now + ignores PermissionError when it cannot open landmark files + pybuilddir.txt and pyenv.cfg. + - Allow pdb to locate source for frozen modules in the standard + library. + - Raise ValueError instead of SystemError when methods of + uninitialized io.IncrementalNewlineDecoder objects are + called. Patch by Oren Milman. + - Fix a possible assertion failure in io.FileIO when the opener + returns an invalid file descriptor. + - Also escape s in the http.server + BaseHTTPRequestHandler.log_message so that it is technically + possible to parse the line and reconstruct what the original + data was. Without this a xHH is ambiguious as to if it is a + hex replacement we put in or the characters r”x” came through + in the original request line. + - asyncio.get_event_loop() now only emits a deprecation warning + when a new event loop was created implicitly. It no longer + emits a deprecation warning if the current event loop was + set. + - Fix bug when calling trace.CoverageResults with valid infile. + - Fix a bug in handling class cleanups in + unittest.TestCase. Now addClassCleanup() uses separate lists + for different TestCase subclasses, and doClassCleanups() only + cleans up the particular class. + - Release the GIL when calling termios APIs to avoid blocking + threads. + - Fix ast.increment_lineno() to also cover ast.TypeIgnore when + changing line numbers. + - Fix bug in urllib.parse.urlparse() that causes URL schemes + that begin with a digit, a plus sign, or a minus sign to be + parsed incorrectly. + - Check the number of arguments in substitution in user + generics containing a TypeVarTuple and one or more TypeVar. + - Fix substitution of ParamSpec followed by TypeVarTuple in + generic aliases. + - Fix substitution of TypeVarTuple and ParamSpec together in + user generics. + - Fixed bug where inspect.signature() reported incorrect + arguments for decorated methods. + - Fix SystemError in ctypes when exception was not set during + __initsubclass__. + - Remove older version of + _SSLProtocolTransport.get_write_buffer_limits in + asyncio.sslproto + - fix negative numbers failing in verify() + - Fix statistics.NormalDist pickle with 0 and 1 protocols. + - enum.auto() is now correctly activated when combined with + other assignment values. E.g. ONE = auto(), 'some text' will + now evaluate as (1, 'some text'). + - Update the bundled copy of pip to version 22.3.1. + - Clean up refleak on failed module initialisation in _zoneinfo + - Clean up refleaks on failed module initialisation in in + _pickle + - Clean up refleak on failed module initialisation in _io. + - Fix memory leak in math.dist() when both points don’t have + the same dimension. Patch by Kumar Aditya. + - [3.11] Applied changes from importlib_metadata 4.11.4 + through 4.13, including compatibility and robustness + fixes for Distribution objects without _normalized_name, + disallowing invalid inputs to Distribution.from_name, and + refined behaviors in PathDistribution._name_from_stem and + PathDistribution._normalized_name. + - Fix argument typechecks in _overlapped.WSAConnect() and + _overlapped.Overlapped.WSASendTo() functions. + - Prevent crashing in traceback when retrieving the byte-offset + for some source files that contain certain unicode + characters. + - Fix internal error in the re module which in very rare + circumstances prevented compilation of a regular expression + containing a conditional expression without the “else” + branch. + - Fix asyncio.StreamWriter.drain() to call + protocol.connection_lost callback only once on Windows. + - Add a mutex to unittest.mock.NonCallableMock to protect + concurrent access to mock attributes. + - Fix hang on Windows in subprocess.wait_closed() in asyncio + with ProactorEventLoop. Patch by Kumar Aditya. + - Fix infinite loop in unittest when a self-referencing chained + exception is raised + - tkinter.Text.count() raises now an exception for options + starting with “-” instead of silently ignoring them. + - On uname_result, restored expectation that _fields and + _asdict would include all six properties including processor. + - A createSocket() method was added to SysLogHandler. + - Fix bug in urllib.parse.urlparse() that causes certain port + numbers containing whitespace, underscores, plus and minus + signs, or non-ASCII digits to be incorrectly accepted. + - Allow venv to pass along PYTHON* variables to ensurepip and + pip when they do not impact path resolution + - On macOS, fix a crash in syslog.syslog() in multi-threaded + applications. On macOS, the libc syslog() function is not + thread-safe, so syslog.syslog() no longer releases the GIL to + call it. Patch by Victor Stinner. + - Allow BUILTINS to be a valid field name for frozen + dataclasses. + - Wrap network errors consistently in urllib FTP support, so + the test suite doesn’t fail when a network is available but + the public internet is not reachable. + - Make sure patch.dict() can be applied on async functions. + - Earlier in 3.11 we deprecated + asyncio.Task.cancel("message"). We realized we were too + harsh, and have undeprecated it. + - Change deprecate warning message in unittest from It is + deprecated to return a value!=None to It is deprecated to + return a value that is not None from a test case + - Fixes AttributeError when subprocess.check_output() is used + with argument input=None and either of the arguments encoding + or errors are used. + - Fix is_private properties in the ipaddress module. Previously + non-private networks (0.0.0.0/0) would return True from this + method; now they correctly return False. + - Avoid spurious tracebacks from asyncio when default executor + cleanup is delayed until after the event loop is closed (e.g. + as the result of a keyboard interrupt). + - Avoid a crash in the C version of + asyncio.Future.remove_done_callback() when an evil argument + is passed. + - Remove tokenize.NL check from tabnanny. + - Fix generation of the default name of + tkinter.Checkbutton. Previously, checkbuttons in different + parent widgets could have the same short name and share + the same state if arguments “name” and “variable” are not + specified. Now they are globally unique. + - Update bundled libexpat to 2.4.9 + - Fix race condition in asyncio where process_exited() called + before the pipe_data_received() leading to inconsistent + output. Patch by Kumar Aditya. + - Fixed check in multiprocessing.resource_tracker that + guarantees that the length of a write to a pipe is not + greater than PIPE_BUF. + - Corrected type annotation for dataclass attribute + pstats.FunctionProfile.ncalls to be str. + - Fix repr of Any subclasses. + - Work around missing socket functions in socket’s __repr__. + - In inspect, fix overeager replacement of “typing.” in + formatting annotations. + - Fix handling of bytes path-like objects in os.ismount(). + - Fix handling compiler warnings (SyntaxWarning and + DeprecationWarning) in codeop.compile_command() when checking + for incomplete input. Previously it emitted warnings and + raised a SyntaxError. Now it always returns None for + incomplete input without emitting any warnings. + - To avoid apparent memory leaks when asyncio.open_connection() + raises, break reference cycles generated by local exception + and future instances (which has exception instance as its + member var). Patch by Dong Uk, Kang. + - Fixed flickering of the turtle window when the tracer is + turned off. Patch by Shin-myoung-serp. + - Fix asyncio subprocess transport to kill process cleanly + when process is blocked and avoid RuntimeError when loop is + closed. Patch by Kumar Aditya. + - Prevent error when activating venv in nested fish instances. + - TarFile.next() now returns None when called on an empty + tarfile. + - Document the optional callback parameter of WeakMethod. Patch + by Géry Ogam. + - Restrict use of sockets instead of pipes for stdin of + subprocesses created by asyncio to AIX platform only. + - shutil.copytree() now applies the ignore_dangling_symlinks + argument recursively. + - Fix IndexError in argparse.ArgumentParser when a store_true + action is given an explicit argument. + - Document that calling variadic functions with ctypes requires + special care on macOS/arm64 (and possibly other platforms). + - Remove extra row + - Clarified the conflicting advice given in the ast + documentation about ast.literal_eval() being “safe” for use + on untrusted input while at the same time warning that it + can crash the process. The latter statement is true and is + deemed unfixable without a large amount of work unsuitable + for a bugfix. So we keep the warning and no longer claim that + literal_eval is safe. + - Restructured the documentation for the os.wait* family of + functions, and improved the docs for os.waitid() with more + explanation of the possible argument constants. + - Skip test_normalization() of test_unicodedata if it + fails to download NormalizationTest.txt file from + pythontest.net. Patch by Victor Stinner. + - Correct test_marsh on (32 bit) x86: test_deterministic sets + was failing. + - Optional big memory tests in test_sqlite3 now catch the + correct sqlite.DataError exception type in case of too large + strings and/or blobs passed. + - Fix a bug in the typing tests where a test relying + on CPython-specific implementation details was not + decorated with @cpython_only and was not skipped on other + implementations. + - Add tests for star-unpacking with PEP 646, and some other + miscellaneous PEP 646 tests. + - Added explicit coverage of Py_Initialize (and hence + Py_InitializeEx) back to the embedding tests (all other + embedding tests migrated to Py_InitializeFromConfig in Python + 3.11) + - Some C API tests were moved into the new Lib/test/test_capi/ + directory. + - Fix -Wimplicit-int, -Wstrict-prototypes, and + -Wimplicit-function-declaration compiler warnings in + configure checks. + - Fix a compilation issue with GCC 12 on macOS. + - Fix -Wimplicit-int compiler warning in configure check for + PTHREAD_SCOPE_SYSTEM. + - Fix a possible fd leak in Programs/_freeze_module.c + introduced in Python 3.11. + - Fix build with PYTHON_FOR_REGEN=python3.8. + - Specify the full path to the source location for make + docclean (needed for cross-builds). + - Don’t use vendored libmpdec headers if --with-system-libmpdec + is passed to configure. Don’t use vendored libexpat headers + if --with-system-expat is passed to !configure. + - Fix the build process of clang compiler for _bootstrap_python + if LTO optimization is applied. Patch by Matthias Görgens and + Dong-hee Na. + - wasm32-emscripten builds for browsers now include + concurrent.futures for asyncio and unittest.mock. + - wasm32-emscripten platform no longer builds resource module, + getresuid(), getresgid(), and their setters. The APIs are + stubs and not functional. + - Updated pegen regeneration script on Windows to find and + use Python 3.9 or higher. Prior to this, pegen regeneration + already required 3.9 or higher, but the script may have used + lower versions of Python. + - Fix a bug in the previous bugfix that caused IDLE to + not start when run with 3.10.8, 3.12.0a1, and at least + Microsoft Python 3.10.2288.0 installed without the Lib/test + package. 3.11.0 was never affected. + - The wasm_build.py script now pre-builds Emscripten ports, + checks for broken EMSDK versions, and warns about pkg-config + env vars. + - The new tool Tools/wasm/wasm_builder.py automates configure, + compile, and test steps for building CPython on WebAssembly + platforms. + - Fix handling of module docstrings in Tools/i18n/pygettext.py. + - PyBUF_* constants were marked as part of Limited API + of Python 3.11+. These were available in 3.11.0 with + Py_LIMITED_API defined for 3.11, and are necessary to use the + buffer API. + - Fix use-after-free in Py_SetPythonHome(NULL), + Py_SetProgramName(NULL) and _Py_SetProgramFullPath(NULL) + function calls. Issue reported by Benedikt Reinartz. Patch by + Victor Stinner. + - Py_InitializeEx now correctly calls PyConfig_Clear after + initializing the interpreter (the omission didn’t cause a + memory leak only because none of the dynamically allocated + config fields are populated by the wrapper function) +- Removed upstreamed patches: + - 98437-sphinx.locale._-as-gettext-in-pyspecific.patch + - CVE-2022-45061-DoS-by-IDNA-decode.patch + +------------------------------------------------------------------- +Wed Nov 9 18:31:23 UTC 2022 - Matej Cepl + +- Add CVE-2022-45061-DoS-by-IDNA-decode.patch to avoid + CVE-2022-45061 (bsc#1205244) allowing DoS by IDNA decoding + extremely long domain names. + +------------------------------------------------------------------- +Tue Oct 25 08:39:47 UTC 2022 - Matej Cepl + +- Update to 3.11.0 (overall changes from 3.10.*): + - General changes + - PEP 657 -- Include Fine-Grained Error Locations in + Tracebacks + - PEP 654 -- Exception Groups and except* + - PEP 680 -- tomllib: Support for Parsing TOML in the + Standard Library + - gh-90908 -- Introduce task groups to asyncio + - gh-34627 -- Atomic grouping ((?>...)) and possessive + quantifiers (*+, ++, ?+, {m,n}+) are now supported in + regular expressions. + - The Faster CPython Project is already yielding some + exciting results. Python 3.11 is up to 10-60% faster than + Python 3.10. On average, we measured a 1.22x speedup on the + standard benchmark suite. See Faster CPython for details. + - Typing and typing language changes + - PEP 673 -- Self Type + - PEP 646 -- Variadic Generics + - PEP 675 -- Arbitrary Literal String Type + - PEP 655 -- Marking individual TypedDict items as required + or potentially-missing + - PEP 681 -- Data Class Transforms +- (just changes from 3.11.0rc2): + - Fix multiplying a list by an integer (list *= int): detect + the integer overflow when the new allocated length is close + to the maximum size. Issue reported by Jordan Limor. Patch by + Victor Stinner. + - On Linux the multiprocessing module returns to using + filesystem backed unix domain sockets for communication + with the forkserver process instead of the Linux abstract + socket namespace. Only code that chooses to use the + “forkserver” start method is affected. Abstract sockets have + no permissions and could allow any user on the system in the + same network namespace (often the whole system) to inject + code into the multiprocessing forkserver process. This was + a potential privilege escalation. Filesystem based socket + permissions restrict this to the forkserver process user as + was the default in Python 3.8 and earlier. This prevents + Linux CVE-2022-42919. + - Fix an issue where several frame objects could be backed by + the same interpreter frame, possibly leading to corrupted + memory and hard crashes of the interpreter. + - Fix possible data corruption or crashes when accessing the + f_back member of newly-created generator or coroutine frames. + - Fix a crash occurring when PyEval_GetFrame() is called while + the topmost Python frame is in a partially-initialized state. + - Fix command line parsing: reject -X int_max_str_digits option + with no value (invalid) when the PYTHONINTMAXSTRDIGITS + environment variable is set to a valid limit. Patch by Victor + Stinner. + - Fix undefined behaviour in _testcapimodule.c. + - When ValueError is raised if an integer is larger than the + limit, mention the sys.set_int_max_str_digits() function in + the error message. Patch by Victor Stinner. + - Correctly raise SyntaxError on exception groups (PEP 654) on + python versions prior to 3.11 + - Document some places where an assignment expression needs + parentheses. + - Update the bundled copies of pip and setuptools to versions + 22.3 and 65.5.0 respectively. + - fix Flag to use boundary CONFORM + - This restores previous Flag behavior of allowing flags with + non-sequential values to be combined; e.g. + - class Skip(Flag): TWO = 2 EIGHT = 8 + - Skip.TWO | Skip.EIGHT -> + - Fix ! in c domain ref target syntax via a conf.py patch, so + it works as intended to disable ref target resolution. + - Update tutorial introduction output to use 3.10+ SyntaxError + invalid range. + +------------------------------------------------------------------- +Fri Oct 21 10:14:03 UTC 2022 - Matej Cepl + +- Add 98437-sphinx.locale._-as-gettext-in-pyspecific.patch to + allow building of documentation with the latest Sphinx 5.3.0 + (gh#python/cpython#98366). + +------------------------------------------------------------------- +Thu Sep 15 08:43:07 UTC 2022 - Matej Cepl + +- Update to 3.11.0rc2: + - Converting between int and str in bases other than 2 + (binary), 4, 8 (octal), 16 (hexadecimal), or 32 such as base + 10 (decimal) now raises a ValueError if the number of digits + in string form is above a limit to avoid potential denial of + service attacks due to the algorithmic complexity. This is + a mitigation for CVE-2020-10735. + This new limit can be configured or disabled by environment + variable, command line flag, or sys APIs. See the integer + string conversion length limitation documentation. The + default limit is 4300 digits in string form. + - Fix case of undefined behavior in ceval.c + - Do not expose KeyWrapper in _functools. + - Ensure that tracing, sys.setrace(), is turned on + immediately. In pre-release versions of 3.11, some tracing + events might have been lost when turning on tracing in a + __del__ method or interrupt. + - Fix use after free in trace refs build mode. Patch by Kumar + Aditya. + - When loading a file with invalid UTF-8 inside a multi-line + string, a correct SyntaxError is emitted. + - Make sure that incomplete frames do not show up in + tracemalloc traces. + - Remove two cases of undefined behavior, by adding NULL + checks. + - Fix possible NULL pointer dereference in + _PyThread_CurrentFrames. Patch by Kumar Aditya. + - Fix AttributeError missing name and obj attributes in + object.__getattribute__(). Patch by Philip Georgi. + - Loading a file with invalid UTF-8 will now report the broken + character at the correct location. + - Fixed a bug that caused _PyCode_GetExtra to return garbage + for negative indexes. Patch by Pablo Galindo + - Fix a deadlock in PyGILState_Ensure() when allocating new + thread state. Patch by Kumar Aditya. + - PyType_Ready() now initializes ht_cached_keys and performs + additional checks to ensure that type objects are properly + configured. This avoids crashes in 3rd party packages that + don’t use regular API to create new types. + - Skip over incomplete frames in PyThreadState_GetFrame(). + - Fix format string in _PyPegen_raise_error_known_location that + can lead to memory corruption on some 64bit systems. The + function was building a tuple with i (int) instead of n + (Py_ssize_t) for Py_ssize_t arguments. + - Fix misleading contents of error message when converting an + all-whitespace string to float. + - ast.parse() will no longer parse function definitions with + positional-only params when passed feature_version less than + (3, 8). Patch by Shantanu Jain. + - Fix incorrect error message in the io module. + - Fix the faulthandler implementation of + faulthandler.register(signal, chain=True) if the sigaction() + function is not available: don’t call the previous signal + handler if it’s NULL. Patch by Victor Stinner. + - Correct conversion of numbers.Rational’s to float. + - Fix TypeVarTuple.__typing_prepare_subst__. TypeError was not + raised when using more than one TypeVarTuple, like [*T, *V] + in type alias substitutions. + - Fix asyncio.streams.StreamReaderProtocol to keep a strong + reference to the created task, so that it’s not garbage + collected + - Fix a performance regression in logging + TimedRotatingFileHandler. Only check for special files when + the rollover time has passed. + - Fix unused localName parameter in the Attr class in + xml.dom.minidom. + - Fix incorrect condition that causes sys.thread_info.name to + be wrong on pthread platforms. + - Remove an incompatible change from bpo-28080 that caused a + regression that ignored the utf8 in ZipInfo.flag_bits. Patch + by Pablo Galindo. + - Fix asyncio.Runner to call asyncio.set_event_loop() only + once to avoid calling attach_loop() multiple times on child + watchers. Patch by Kumar Aditya. + - Fix unittest.IsolatedAsyncioTestCase to set event loop before + calling setup functions. Patch by Kumar Aditya. + - When a task catches asyncio.CancelledError and raises some + other error, the other error should generally not silently be + suppressed. + - Fail gracefully if EPERM or ENOSYS is raised when loading + crypt methods. This may happen when trying to load MD5 on a + Linux kernel with FIPS enabled. + - Allow asyncio.StreamWriter.drain() to be awaited concurrently + by multiple tasks. Patch by Kumar Aditya. + - Fix ast.unparse() when ImportFrom.level is None + - Improve discoverability of the higher level + concurrent.futures module by providing clearer links from the + lower level threading and multiprocessing modules. + - What’s New 3.11 now has instructions for how to provide + compiler and linker flags for Tcl/Tk and OpenSSL on RHEL 7 + and CentOS 7. + - Mitigate the inherent race condition from using + find_unused_port() in testSockName() by trying to find an + unused port a few times before failing. Patch by Ross Burton. + - Build and test with OpenSSL 1.1.1q +- Use support-expat-CVE-2022-25236-patched.patch from the current + version of gh#python/cpython#93900 instead of the old + support-expat-245.patch. +- Reapply fix_configure_rst.patch. + +------------------------------------------------------------------- +Mon Sep 5 08:43:49 UTC 2022 - Andreas Schwab + +- Increase testsuite timeout for test_freeze_simple_script + +------------------------------------------------------------------- +Sat Aug 20 21:31:40 UTC 2022 - Matej Cepl + +- fix import_failed.map to refer to the python 3.11 package versions + +------------------------------------------------------------------- +Sat Aug 20 14:05:21 UTC 2022 - Matej Cepl + +- Update to 3.11.0rc1: + - Core and Builtins + - Update code object hashing and equality to consider all + debugging and exception handling tables. This fixes an + issue where certain non-identical code objects could be + “deduplicated” during compilation. + - _PyPegen_Parser_New now properly detects token memory + allocation errors. Patch by Honglin Zhu. + - Run Python code in tracer/profiler function at full + speed. Fixes slowdown in earlier versions of 3.11. + - Emit a warning in debug mode if an object does not call + PyObject_GC_UnTrack() before deallocation. Patch by Pablo + Galindo. + - Prevented crashes in the AST constructor when + compiling some absurdly long expressions like + "+0"*1000000. RecursionError is now raised instead. Patch + by Pablo Galindo + - ast.AST node positions are now validated when provided to + compile() and other related functions. If invalid positions + are detected, a ValueError will be raised. + - Fix error detection in some builtin functions when keyword + argument name is an instance of a str subclass with + overloaded __eq__ and __hash__. Previously it could cause + SystemError or other undesired behavior. + - Library + - Update bundled pip to 22.2.2. + - Fix asyncio.TaskGroup to propagate exception when + asyncio.CancelledError was replaced with another exception + by a context manger. Patch by Kumar Aditya and Guido van + Rossum. + - Update bundled pip to 22.2.1. + - Fix GC crash when deallocating _lsprof.Profiler by + untracking it before calling any callbacks. Patch by Kumar + Aditya. + - Fix asyncio.run() for asyncio.Task implementations without + uncancel() method. Patch by Kumar Aditya. + - Fix check for existence of os.EFD_CLOEXEC, os.EFD_NONBLOCK + and os.EFD_SEMAPHORE flags on older kernel versions where + these flags are not present. Patch by Kumar Aditya. + - Fix concurrent.futures.Executor.map() to cancel the + currently waiting on future on an error - e.g. TimeoutError + or KeyboardInterrupt. + - Ensure that timeouts scheduled with asyncio.Timeout that + have already expired are delivered promptly. + - Suppress writing an XML declaration in open files + in ElementTree.write() with encoding='unicode' and + xml_declaration=None. + - Fix findtext in the xml module to only give an empty string + when the text attribute is set to None. + - Documentation + - Fix stylesheet not working in Windows CHM htmlhelp docs + and add warning that they are deprecated. Contributed by + C.A.M. Gerlach. + - Update library documentation with availability information + on WebAssembly platforms wasm32-emscripten and wasm32-wasi. + - Use consistent syntax for platform availability. The + directive now supports a content body and emits a warning + when it encounters an unknown platform. + - Document a limitation in ThreadPoolExecutor where its exit + handler is executed before any handlers in atexit. + - Tests + - Lib/test/test_asyncio/test_ssl.py exposed a bug in the + macOS kernel where intense concurrent load on non-blocking + sockets occasionally causes errno.ENOBUFS (“No buffer space + available”) to be emitted. FB11063974 filed with Apple, in + the mean time as a workaround buffer size used in tests on + macOS is decreased to avoid intermittent failures. Patch by + Fantix King. + - Fix problem with test_ssl test_get_ciphers on systems that + require perfect forward secrecy (PFS) ciphers. + - Add a regression test for re exponentional slowdown when + using rjsmin. + - Build + - Fix a regression in configure script that caused some + header checks to ignore custom CPPFLAGS. The regression was + introduced in gh-94802. + - wasm32-wasi builds no longer depend on WASIX’s pthread + stubs. Python now has its own stubbed pthread API. + - Python now detects missing dup function in WASI and works + around some missing errno, select, and socket constants. + - Python now skips missing socket functions and methods on + WASI. WASI can only create sockets from existing fd / + accept and has no netdb. + - Platforms wasm32-unknown-emscripten and wasm32-unknown-wasi + have been promoted to PEP 11 tier 3 platform support. + - IDLE + - Document handling of extensions in Save As dialogs. + - Include prompts when saving Shell (interactive input and + output). + - Fix the Shell context menu copy-with-prompts bug of copying + an extra line when one selects whole lines. + - In the Edit menu, move Select All and add a new separator. + - Enable using IDLE’s module browser with .pyw files. + - Add .pyi as a recognized extension for IDLE on macOS. This + allows opening stub files by double clicking on them in the + Finder. + - C API + - Restore the 3.10 behavior for multiple inheritance of C + extension classes that store their dictionary at the end of + the struct. + - Added PyCode_GetVarnames(), PyCode_GetCellvars() and + PyCode_GetFreevars() for accessing co_varnames, co_cellvars + and co_freevars respectively via the C API. + +------------------------------------------------------------------- +Tue Jul 26 10:37:31 UTC 2022 - Matej Cepl + +- Update to 3.11.0b5: + - Core and Builtins + - gh-93351: ast.AST node positions are now validated when + provided to compile() and other related functions. If + invalid positions are detected, a ValueError will be + raised. + - gh-94438: Fix an issue that caused extended opcode + arguments and some conditional pops to be ignored when + calculating valid jump targets for assignments to the + f_lineno attribute of frame objects. In some cases, this + could cause inconsistent internal state, resulting in a + hard crash of the interpreter. + - gh-95060: Undocumented PyCode_Addr2Location function now + properly returns when addrq argument is less than zero. + - gh-95113: Replace all EXTENDED_ARG_QUICK instructions + with basic EXTENDED_ARG instructions in unquickened + code. Consumers of non-adaptive bytecode should be able to + handle extended arguments the same way they were handled in + CPython 3.10 and older. + - gh-91409: Fix incorrect source location info caused by + certain optimizations in the bytecode compiler. + - gh-94036: Fix incorrect source location info for some + multi-line attribute accesses and method calls. + - gh-94739: Allow jumping within, out of, and across + exception handlers in the debugger. + - gh-94949: ast.parse() will no longer parse parenthesized + context managers when passed feature_version less than (3, + 9). Patch by Shantanu Jain. + - gh-94947: ast.parse() will no longer parse assignment + expressions when passed feature_version less than (3, + 8). Patch by Shantanu Jain. + - gh-91256: Ensures the program name is known for help text + during interpreter startup. + - gh-94869: Fix the column offsets for some expressions in + multi-line f-strings ast nodes. Patch by Pablo Galindo. + - gh-94822: Fix an issue where lookups of metaclass + descriptors may be ignored when an identically-named + attribute also exists on the class itself. + - gh-91153: Fix an issue where a bytearray item assignment + could crash if it’s resized by the new value’s __index__() + method. + - gh-90699: Fix reference counting bug in + bool.__repr__(). Patch by Kumar Aditya. + - Library + - gh-95087: Fix IndexError in parsing invalid date in the + email module. + - gh-95199: Upgrade bundled setuptools to 63.2.0. + - gh-95194: Upgrade bundled pip to 22.2. + - gh-95132: Fix a sqlite3 regression where *args and **kwds + were incorrectly relayed from connect() to the Connection + factory. The regression was introduced in 3.11a1 with PR + 24421 (gh-85128). Patch by Erlend E. Aasland.` + - gh-93157: Fix fileinput module didn’t support errors option + when inplace is true. + - gh-95105: wsgiref.types.InputStream.__iter__() should + return Iterator[bytes], not Iterable[bytes]. Patch by + Shantanu Jain. + - gh-94857: Fix refleak in + _io.TextIOWrapper.reconfigure. Patch by Kumar Aditya. + - gh-94821: Fix binding of unix socket to empty address + on Linux to use an available address from the abstract + namespace, instead of “0”. + - gh-89988: Fix memory leak in pickle.Pickler when looking up + dispatch_table. Patch by Kumar Aditya. + - bpo-47025: Drop support for bytes on sys.path. + - Tests + - gh-95212: Make multiprocessing test case + test_shared_memory_recreate parallel-safe. + - Build + - gh-94847: Fixed _decimal module build issue on GCC when + compiling with LTO and pydebug. Debug builds no longer + force inlining of functions. + - gh-94841: Fix the possible performance regression of + PyObject_Free() compiled with MSVC version 1932. + - gh-94801: configure now uses custom flags like ZLIB_CFLAGS + and ZLIB_LIBS when searching for headers and libraries. + - gh-94773: deepfreeze.py now supports code object with + frozensets that contain incompatible, unsortable types. + - C API + - gh-94930: Fix SystemError raised when + PyArg_ParseTupleAndKeywords() is used with # in (...) but + without PY_SSIZE_T_CLEAN defined. + - gh-94864: Fix PyArg_Parse* with deprecated format units “u” + and “Z”. It returned 1 (success) when warnings are turned + into exceptions. + - gh-94731: Python again uses C-style casts for + most casting operations when compiled with + C++. This may trigger compiler warnings, if they + are enabled with e.g. -Wold-style-cast `` or + ``-Wzero-as-null-pointer-constant options for g++. + +------------------------------------------------------------------- +Thu Jul 21 14:19:53 UTC 2022 - Matej Cepl + +- Switch from %primary_interpreter to prjconf-defined + %primary_python (gh#openSUSE/python-rpm-macros#127). + +------------------------------------------------------------------- +Thu Jul 14 15:37:35 UTC 2022 - Matej Cepl + +- Update to 3.11.0b4: +- Fixes many bugs and adds following more significant changes +- Security + - gh-68966: The deprecated mailcap module now refuses to inject + Coreunsafe text (filenames, MIME types, parameters) into + shell Corecommands. Instead of using such text, it will + warn and act Coreas if a match was not found (or for test + commands, as if the Coretest failed). and Builtins + - gh-93516: Lazily create a table mapping bytecode offsets to + line numbers to speed up calculation of line numbers when + tracing. + - gh-93461: importlib.invalidate_caches() now drops entries + from sys.path_importer_cache with a relative path as + name. This solves a caching issue when a process changes its + current working directory. + - FileFinder no longer inserts a dot in the path, e.g. + /egg/./spam is now /egg/spam. +Library + - gh-93896: Fix asyncio.run() and + unittest.IsolatedAsyncioTestCase to always the set event loop + as it was done in Python 3.10 and earlier. Patch by Kumar + Aditya. + - gh-94101: Manual instantiation of ssl.SSLSession objects is + no longer allowed as it lead to misconfigured instances that + crashed the interpreter when attributes where accessed on + them. + - gh-83658: Make multiprocessing.Pool raise an exception if + maxtasksperchild is not None or a positive int. + - gh-61162: Clarify sqlite3 behavior when Using the connection + as a context manager. +Tools/Demos + - gh-94538: Fix Argument Clinic output to custom file + destinations. Patch by Erlend E. Aasland. +C API + - gh-93937: The following frame functions and type are now + directly available with #include , it’s no longer + needed to add #include : + PyFrame_Check() + PyFrame_GetBack() + PyFrame_GetBuiltins() + PyFrame_GetGenerator() + PyFrame_GetGlobals() + PyFrame_GetLasti() + PyFrame_GetLocals() + PyFrame_Type + +------------------------------------------------------------------- +Tue May 31 20:54:36 UTC 2022 - Matej Cepl + +- Update to 3.11.0b2: + - many small updates +- Add patch support-expat-245.patch: + * Support Expat >= 2.4.4 (jsc#SLE-21253) + +------------------------------------------------------------------- +Tue May 10 15:01:18 UTC 2022 - Matej Cepl + +- Refresh bluez-devel-vendor.tar.xz +- Fix building with system-expat (gh#python/cpython#92875). Nope, + it didn't work, worked around it. + +------------------------------------------------------------------- +Mon May 9 15:09:03 UTC 2022 - Matej Cepl + +- Update to pre-release version 3.11.0b1: + - PEP 657 – Include Fine-Grained Error Locations in Tracebacks + - PEP 654 – Exception Groups and except* + - PEP 673 – Self Type + - PEP 646 – Variadic Generics + - PEP 680– tomllib: Support for Parsing TOML in the Standard Library + - PEP 675– Arbitrary Literal String Type + - PEP 655– Marking individual TypedDict items as required or potentially-missing + - bpo-46752– Introduce task groups to asyncio + - The Faster Cpython Project is already yielding some exciting + results. Python 3.11 is up to 10-60% faster than Python + 3.10. On average, we measured a 1.22x speedup on the standard + benchmark suite. See + https://docs.python.org/3.11/whatsnew/3.11.html#faster-cpython + for details. + +------------------------------------------------------------------- +Thu May 5 14:35:56 UTC 2022 - Matej Cepl + +- Switch primary_interpreter from python38 to python310 + +------------------------------------------------------------------- +Sat Mar 26 22:52:45 UTC 2022 - Matej Cepl + +- Update to 3.10.4: + - bpo-46968: Check for the existence of the “sys/auxv.h” header + in faulthandler to avoid compilation problems in systems + where this header doesn’t exist. Patch by Pablo Galindo + - bpo-23691: Protect the re.finditer() iterator from + re-entering. + - bpo-42369: Fix thread safety of zipfile._SharedFile.tell() to + avoid a “zipfile.BadZipFile: Bad CRC-32 for file” exception + when reading a ZipFile from multiple threads. + - bpo-38256: Fix binascii.crc32() when it is compiled to use + zlib’c crc32 to work properly on inputs 4+GiB in length + instead of returning the wrong result. The workaround prior + to this was to always feed the function data in increments + smaller than 4GiB or to just call the zlib module function. + - bpo-39394: A warning about inline flags not at the start of + the regular expression now contains the position of the flag. + - bpo-47061: Deprecate the various modules listed by PEP 594: + - aifc, asynchat, asyncore, audioop, cgi, cgitb, chunk, crypt, + imghdr, msilib, nntplib, nis, ossaudiodev, pipes, smtpd, + sndhdr, spwd, sunau, telnetlib, uu, xdrlib + - bpo-2604: Fix bug where doctests using globals would fail + when run multiple times. + - bpo-45997: Fix asyncio.Semaphore re-aquiring FIFO order. + - bpo-47022: The asynchat, asyncore and smtpd modules have been + deprecated since at least Python 3.6. Their documentation and + deprecation warnings and have now been updated to note they + will removed in Python 3.12 (PEP 594). + - bpo-46421: Fix a unittest issue where if the command was + invoked as python -m unittest and the filename(s) began with + a dot (.), a ValueError is returned. + - bpo-40296: Fix supporting generic aliases in pydoc. + +- Update to 3.10.3: + - bpo-46940: Avoid overriding AttributeError metadata + information for nested attribute access calls. Patch by Pablo + Galindo. + - bpo-46852: Rename the private undocumented + float.__set_format__() method to float.__setformat__() to fix + a typo introduced in Python 3.7. The method is only used by + test_float. Patch by Victor Stinner. + - bpo-46794: Bump up the libexpat version into 2.4.6 + - bpo-46820: Fix parsing a numeric literal immediately (without + spaces) followed by “not in” keywords, like in 1not in x. Now + the parser only emits a warning, not a syntax error. + - bpo-46762: Fix an assert failure in debug builds when a ‘<’, + ‘>’, or ‘=’ is the last character in an f-string that’s + missing a closing right brace. + - bpo-46724: Make sure that all backwards jumps use the + JUMP_ABSOLUTE instruction, rather than JUMP_FORWARD with an + argument of (2**32)+offset. + - bpo-46732: Correct the docstring for the __bool__() method. + Patch by Jelle Zijlstra. + - bpo-46707: Avoid potential exponential backtracking when + producing some syntax errors involving lots of brackets. + Patch by Pablo Galindo. + - bpo-40479: Add a missing call to va_end() in + Modules/_hashopenssl.c. + - bpo-46615: When iterating over sets internally in + setobject.c, acquire strong references to the resulting items + from the set. This prevents crashes in corner-cases of + various set operations where the set gets mutated. + - bpo-45773: Remove two invalid “peephole” optimizations from + the bytecode compiler. + - bpo-43721: Fix docstrings of getter, setter, and deleter to + clarify that they create a new copy of the property. + - bpo-46503: Fix an assert when parsing some invalid N escape + sequences in f-strings. + - bpo-46417: Fix a race condition on setting a type __bases__ + attribute: the internal function add_subclass() now gets the + PyTypeObject.tp_subclasses member after calling + PyWeakref_NewRef() which can trigger a garbage collection + which can indirectly modify PyTypeObject.tp_subclasses. Patch + by Victor Stinner. + - bpo-46383: Fix invalid signature of _zoneinfo’s module_free + function to resolve a crash on wasm32-emscripten platform. + - bpo-46070: Py_EndInterpreter() now explicitly untracks all + objects currently tracked by the GC. Previously, if an object + was used later by another interpreter, calling + PyObject_GC_UnTrack() on the object crashed if the previous + or the next object of the PyGC_Head structure became + a dangling pointer. Patch by Victor Stinner. + - bpo-46339: Fix a crash in the parser when retrieving the + error text for multi-line f-strings expressions that do not + start in the first line of the string. Patch by Pablo Galindo + - bpo-46240: Correct the error message for unclosed parentheses + when the tokenizer doesn’t reach the end of the source when + the error is reported. Patch by Pablo Galindo + - bpo-46091: Correctly calculate indentation levels for lines + with whitespace character that are ended by line continuation + characters. Patch by Pablo Galindo + - bpo-43253: Fix a crash when closing transports where the + underlying socket handle is already invalid on the Proactor + event loop. + - bpo-47004: Apply bugfixes from importlib_metadata 4.11.3, + including bugfix for EntryPoint.extras, which was returning + match objects and not the extras strings. + - bpo-46985: Upgrade pip wheel bundled with ensurepip (pip + 22.0.4) + - bpo-46968: faulthandler: On Linux 5.14 and newer, dynamically + determine size of signal handler stack size CPython allocates + using getauxval(AT_MINSIGSTKSZ). This changes allows for + Python extension’s request to Linux kernel to use AMX_TILE + instruction set on Sapphire Rapids Xeon processor to succeed, + unblocking use of the ISA in frameworks. + - bpo-46955: Expose asyncio.base_events.Server as + asyncio.Server. Patch by Stefan Zabka. + - bpo-23325: The signal module no longer assumes that SIG_IGN + and SIG_DFL are small int singletons. + - bpo-46932: Update bundled libexpat to 2.4.7 + - bpo-25707: Fixed a file leak in + xml.etree.ElementTree.iterparse() when the iterator is not + exhausted. Patch by Jacob Walls. + - bpo-44886: Inherit asyncio proactor datagram transport from + asyncio.DatagramTransport. + - bpo-46827: Support UDP sockets in asyncio.loop.sock_connect() + for selector-based event loops. Patch by Thomas Grainger. + - bpo-46811: Make test suite support Expat >=2.4.5 + - bpo-46252: Raise TypeError if ssl.SSLSocket is passed to + transport-based APIs. + - bpo-46784: Fix libexpat symbols collisions with user + dynamically loaded or statically linked libexpat in embedded + Python. + - bpo-39327: shutil.rmtree() can now work with VirtualBox + shared folders when running from the guest operating-system. + - bpo-46756: Fix a bug in + urllib.request.HTTPPasswordMgr.find_user_password() and + urllib.request.HTTPPasswordMgrWithPriorAuth.is_authenticated() + which allowed to bypass authorization. For example, access to + URI example.org/foobar was allowed if the user was authorized + for URI example.org/foo. + - bpo-46643: In typing.get_type_hints(), support evaluating + stringified ParamSpecArgs and ParamSpecKwargs annotations. + Patch by Gregory Beauregard. + - bpo-45863: When the tarfile module creates a pax format + archive, it will put an integer representation of timestamps + in the ustar header (if possible) for the benefit of older + unarchivers, in addition to the existing full-precision + timestamps in the pax extended header. + - bpo-46676: Make typing.ParamSpec args and kwargs equal to + themselves. Patch by Gregory Beauregard. + - bpo-46672: Fix NameError in asyncio.gather() when initial + type check fails. + - bpo-46655: In typing.get_type_hints(), support evaluating + bare stringified TypeAlias annotations. Patch by Gregory + Beauregard. + - bpo-45948: Fixed a discrepancy in the C implementation of the + xml.etree.ElementTree module. Now, instantiating an + xml.etree.ElementTree.XMLParser with a target=None keyword + provides a default xml.etree.ElementTree.TreeBuilder target + as the Python implementation does. + - bpo-46521: Fix a bug in the codeop module that was + incorrectly identifying invalid code involving string quotes + as valid code. + - bpo-46581: Brings ParamSpec propagation for GenericAlias in + line with Concatenate (and others). + - bpo-46591: Make the IDLE doc URL on the About IDLE dialog + clickable. + - bpo-46400: expat: Update libexpat from 2.4.1 to 2.4.4 + - bpo-46487: Add the get_write_buffer_limits method to + asyncio.transports.WriteTransport and to the SSL transport. + - bpo-45173: Note the configparser deprecations will be removed + in Python 3.12. + - bpo-46539: In typing.get_type_hints(), support evaluating + stringified ClassVar and Final annotations inside Annotated. + Patch by Gregory Beauregard. + - bpo-46491: Allow typing.Annotated to wrap typing.Final and + typing.ClassVar. Patch by Gregory Beauregard. + - bpo-46436: Fix command-line option -d/--directory in module + http.server which is ignored when combined with command-line + option --cgi. Patch by Géry Ogam. + - bpo-41403: Make mock.patch() raise a TypeError with + a relevant error message on invalid arg. Previously it + allowed a cryptic AttributeError to escape. + - bpo-46474: In importlib.metadata.EntryPoint.pattern, avoid + potential REDoS by limiting ambiguity in consecutive + whitespace. + - bpo-46469: asyncio generic classes now return + types.GenericAlias in __class_getitem__ instead of the same + class. + - bpo-46434: pdb now gracefully handles help when __doc__ is + missing, for example when run with pregenerated optimized + .pyc files. + - bpo-46333: The __eq__() and __hash__() methods of + typing.ForwardRef now honor the module parameter of + typing.ForwardRef. Forward references from different modules + are now differentiated. + - bpo-46246: Add missing __slots__ to + importlib.metadata.DeprecatedList. Patch by Arie Bovenberg. + - bpo-46266: Improve day constants in calendar. + - Now all constants (MONDAY … SUNDAY) are documented, tested, + and added to __all__. + - bpo-46232: The ssl module now handles certificates with bit + strings in DN correctly. + - bpo-43118: Fix a bug in inspect.signature() that was causing + it to fail on some subclasses of classes with + a __text_signature__ referencing module globals. Patch by + Weipeng Hong. + - bpo-26552: Fixed case where failing asyncio.ensure_future() + did not close the coroutine. Patch by Kumar Aditya. + - bpo-21987: Fix an issue with tarfile.TarFile.getmember() + getting a directory name with a trailing slash. + - bpo-20392: Fix inconsistency with uppercase file extensions + in MimeTypes.guess_type(). Patch by Kumar Aditya. + - bpo-46080: Fix exception in argparse help text generation if + a argparse.BooleanOptionalAction argument’s default is + argparse.SUPPRESS and it has help specified. Patch by Felix + Fontein. + - bpo-44439: Fix .write() method of a member file in ZipFile, + when the input data is an object that supports the buffer + protocol, the file length may be wrong. + - bpo-45703: When a namespace package is imported before + another module from the same namespace is created/installed + in a different sys.path location while the program is + running, calling the importlib.invalidate_caches() function + will now also guarantee the new module is noticed. + - bpo-24959: Fix bug where unittest sometimes drops frames from + tracebacks of exceptions raised in tests. + - bpo-44791: Fix substitution of ParamSpec in Concatenate with + different parameter expressions. Substitution with a list of + types returns now a tuple of types. Substitution with + Concatenate returns now a Concatenate with concatenated lists + of arguments. + - bpo-14156: argparse.FileType now supports an argument of ‘-’ + in binary mode, returning the .buffer attribute of + sys.stdin/sys.stdout as appropriate. Modes including ‘x’ and + ‘a’ are treated equivalently to ‘w’ when argument is ‘-’. + Patch contributed by Josh Rosenberg + - bpo-46463: Fixes escape4chm.py script used when building the + CHM documentation file + - bpo-46913: Fix test_faulthandler.test_sigfpe() if Python is + built with undefined behavior sanitizer (UBSAN): disable + UBSAN on the faulthandler_sigfpe() function. Patch by Victor + Stinner. + - bpo-46708: Prevent default asyncio event loop policy + modification warning after test_asyncio execution. + - bpo-46678: The function make_legacy_pyc in + Lib/test/support/import_helper.py no longer fails when + PYTHONPYCACHEPREFIX is set to a directory on a different + device from where tempfiles are stored. + - bpo-46616: Ensures test_importlib.test_windows cleans up + registry keys after completion. + - bpo-44359: test_ftplib now silently ignores socket errors to + prevent logging unhandled threading exceptions. Patch by + Victor Stinner. + - bpo-46542: Fix a Python crash in test_lib2to3 when using + Python built in debug mode: limit the recursion limit. Patch + by Victor Stinner. + - bpo-46576: test_peg_generator now disables compiler + optimization when testing compilation of its own C extensions + to significantly speed up the testing on non-debug builds of + CPython. + - bpo-46542: Fix test_json tests checking for RecursionError: + modify these tests to use support.infinite_recursion(). Patch + by Victor Stinner. + - bpo-13886: Skip test_builtin PTY tests on non-ASCII + characters if the readline module is loaded. The readline + module changes input() behavior, but test_builtin is not + intented to test the readline module. Patch by Victor + Stinner. + - bpo-38472: Fix GCC detection in setup.py when + cross-compiling. The C compiler is now run with LC_ALL=C. + Previously, the detection failed with a German locale. + - bpo-46513: configure no longer uses AC_C_CHAR_UNSIGNED macro + and pyconfig.h no longer defines reserved symbol + __CHAR_UNSIGNED__. + - bpo-45296: Clarify close, quit, and exit in IDLE. In the File + menu, ‘Close’ and ‘Exit’ are now ‘Close Window’ (the current + one) and ‘Exit’ is now ‘Exit IDLE’ (by closing all windows). + In Shell, ‘quit()’ and ‘exit()’ mean ‘close Shell’. If there + are no other windows, this also exits IDLE. + - bpo-45447: Apply IDLE syntax highlighting to pyi files. Patch + by Alex Waygood and Terry Jan Reedy. + - bpo-46433: The internal function _PyType_GetModuleByDef now + correctly handles inheritance patterns involving static + types. + - bpo-14916: Fixed bug in the tokenizer that prevented + PyRun_InteractiveOne from parsing from the provided FD. + +- Remove upstreamed patches: + - support-expat-245.patch + +------------------------------------------------------------------- +Tue Feb 22 05:53:06 UTC 2022 - Steve Kowalik + +- Add patch support-expat-245.patch: + * Support Expat >= 2.4.5 + +------------------------------------------------------------------- +Tue Feb 15 23:05:55 UTC 2022 - Matej Cepl + +- bsc#1195831 Obsolete older "most modern" versions of python + packages (python39 for python310 and so forth). For next + versions it is necessary just to edit the macro. + +------------------------------------------------------------------- +Tue Jan 25 16:09:25 UTC 2022 - Matej Cepl + +- Remove second superfluous BR rpm-build-python + +------------------------------------------------------------------- +Tue Jan 25 16:09:25 UTC 2022 - Matej Cepl + +- Remove second superfluous BR rpm-build-python +- Add fix_configure_rst.patch, which removes duplicate link + targets and make documentation with old Sphinx in SLE +- Skip test_capi (bsc#1195140 and bpo#37169) + +------------------------------------------------------------------- +Wed Jan 19 22:01:51 UTC 2022 - Matej Cepl + +- Update to 3.10.2: + Bugfix only + - bpo#46347 memory leak in PyEval_EvalCodeEx (especially + visible with Cython code) + - and many others + +------------------------------------------------------------------- +Wed Dec 8 13:07:25 UTC 2021 - Matej Cepl + +- Upgrade to 3.10.1 (jsc#SLE-18038): + - PEP 623 – Deprecate and prepare for the removal of the wstr + member in PyUnicodeObject. + - PEP 604 – Allow writing union types as X | Y + - PEP 612 – Parameter Specification Variables + - PEP 626 – Precise line numbers for debugging and other tools. + - PEP 618 – Add Optional Length-Checking To zip. + - bpo-12782: Parenthesized context managers are now officially + allowed. + - PEP 632 – Deprecate distutils module. + - PEP 613 – Explicit Type Aliases + - PEP 634 – Structural Pattern Matching: Specification + - PEP 635 – Structural Pattern Matching: Motivation and + Rationale + - PEP 636 – Structural Pattern Matching: Tutorial + - PEP 644 – Require OpenSSL 1.1.1 or newer + - PEP 624 – Remove Py_UNICODE encoder APIs + - PEP 597 – Add optional EncodingWarning +- Patches readjusted: + - bpo-31046_ensurepip_honours_prefix.patch + - python-3.3.0b1-fix_date_time_compiler.patch + +------------------------------------------------------------------- +Sat Dec 4 18:40:28 UTC 2021 - Matej Cepl + +- Remove pdb_adjust_breakpoints.patch and instead just adjust location + of the test breakpoint in Lib/test/test_pdb.py via sed, because we + have shortened Lib/pdb.py by removing the shebang (bpo#45964). + +------------------------------------------------------------------- +Thu Dec 2 13:51:57 UTC 2021 - Matej Cepl + +- Add pdb_adjust_breakpoints.patch fixing expectd results in + test_pdb_breakpoints_preserved_across_interactive_sessions + (bpo#45964). + +------------------------------------------------------------------- +Mon Nov 29 00:17:07 UTC 2021 - Matej Cepl + +- Remove shebangs from from python-base libraries in _libdir + (bsc#1193179). +- Readjust patches: + - bpo-31046_ensurepip_honours_prefix.patch + - decimal.patch + - python-3.3.0b1-fix_date_time_compiler.patch + +------------------------------------------------------------------- +Tue Nov 16 16:03:43 UTC 2021 - Matej Cepl + +- Move rpm-build-python construct to correct place. + +------------------------------------------------------------------- +Wed Oct 13 08:52:47 UTC 2021 - Dominique Leuenberger + +- BuildRequire rpm-build-python: The provider to inject python(abi) + has been moved there. rpm-build pulls rpm-build-python + automatically in when building anything against python3-base, but + this implies that the initial build of python3-base does not + trigger the automatic installation. + +------------------------------------------------------------------- +Tue Oct 5 22:36:51 UTC 2021 - Matej Cepl + +- Final release of 3.10.0: + Complete list on https://www.python.org/downloads/release/python-3100/, + but highlights are: + - PEP 623 – Deprecate and prepare for the removal of the wstr + member in PyUnicodeObject. + - PEP 604 – Allow writing union types as X | Y + - PEP 612 – Parameter Specification Variables + - PEP 626 – Precise line numbers for debugging and other + tools. + - PEP 618 – Add Optional Length-Checking To zip. + - PEP 632 – Deprecate distutils module. + - PEP 613 – Explicit Type Aliases + - PEP 634 – Structural Pattern Matching: Specification + - PEP 635 – Structural Pattern Matching: Motivation and + Rationale + - PEP 636 – Structural Pattern Matching: Tutorial + - PEP 644 – Require OpenSSL 1.1.1 or newer + - PEP 624 – Remove Py_UNICODE encoder APIs + - PEP 597 – Add optional EncodingWarning + - bpo-12782: Parenthesized context managers are now officially + allowed. + +------------------------------------------------------------------- +Mon Aug 30 12:48:25 UTC 2021 - Matej Cepl + +- Switch on option --with-system-libmpdec (bsc#1189356). + +------------------------------------------------------------------- +Fri Aug 27 13:15:03 UTC 2021 - Andreas Schwab + +- Reenable profileopt with qemu emulation, test_faulthandler is no longer + run during profiling + +------------------------------------------------------------------- +Thu Aug 12 15:11:39 UTC 2021 - Andreas Schwab + +- test_faulthandler is still problematic under qemu linux-user emulation, + disable it there + +------------------------------------------------------------------- +Wed Aug 11 05:57:11 UTC 2021 - Matej Cepl + +- Update to 3.10.0rc1 (the penultimate prerelease), which contains + plenty of small bugfixes among others: + - bpo#38605: from __future__ import annotations (PEP 563) used to be + on this list in previous pre-releases but it has been postponed to + Python 3.11 due to some compatibility concerns. + - bpo-44600: Fix incorrect line numbers while tracing some failed + patterns in match statements. Patch by Charles Burkland. + - plenty of modifications in types.Union + +------------------------------------------------------------------- +Wed Jul 21 13:44:48 UTC 2021 - Matej Cepl + +- Update to 3.10.0b4: + https://docs.python.org/3.10/whatsnew/changelog.html#python-3-10-0-beta-4 +- Remove python3-imp-returntype.patch which has been upstreamed. + +------------------------------------------------------------------- +Mon Jun 7 15:52:44 UTC 2021 - Matej Cepl + +- Update to 3.10.0b2: + - PEP 623 -- Deprecate and prepare for the removal of the wstr + member in PyUnicodeObject. + - PEP 604 -- Allow writing union types as X | Y + - PEP 612 -- Parameter Specification Variables + - PEP 626 -- Precise line numbers for debugging and other + tools. + - PEP 618 -- Add Optional Length-Checking To zip. + - bpo-12782: Parenthesized context managers are now officially + allowed. + - PEP 632 -- Deprecate distutils module. + - PEP 613 -- Explicit Type Aliases + - PEP 634 -- Structural Pattern Matching: Specification + - PEP 635 -- Structural Pattern Matching: Motivation and + Rationale + - PEP 636 -- Structural Pattern Matching: Tutorial + - PEP 644 -- Require OpenSSL 1.1.1 or newer + - PEP 624 -- Remove Py_UNICODE encoder APIs + - PEP 597 -- Add optional EncodingWarning +- Removed patches (assumed upstream): + - sphinx-update-removed-function.patch + +------------------------------------------------------------------- +Sat Jun 5 21:21:38 UTC 2021 - Matej Cepl + +- Revert previous skip over test_capi +- Add skip-test_pyobject_freed_is_freed.patch to skip failing + test on SLE-15. + +------------------------------------------------------------------- +Fri Jun 4 21:36:30 UTC 2021 - Dirk Müller + +- allow build with Sphinx >= 3.x + +------------------------------------------------------------------- +Wed Jun 2 13:12:04 UTC 2021 - Dan Čermák + +- Exclude test_capi on Leap (test fails there) + +------------------------------------------------------------------- +Fri May 21 15:13:59 UTC 2021 - Matej Cepl + +- Stop providing "python" symbol (bsc#1185588), which means + python2 currently. + +------------------------------------------------------------------- +Wed May 5 15:16:58 UTC 2021 - Matej Cepl + +- Update to 3.9.5: + * Security + - bpo-43434: Creating a sqlite3.Connection object now also + produces a sqlite3.connect auditing event. Previously this + event was only produced by sqlite3.connect() calls. Patch + by Erlend E. Aasland. + - bpo-43882: The presence of newline or tab characters in + parts of a URL could allow some forms of attacks. + - Following the controlling specification for URLs defined by + WHATWG urllib.parse() now removes ASCII newlines and tabs + from URLs, preventing such attacks. + - bpo-43472: Ensures interpreter-level audit hooks receive + the cpython.PyInterpreterState_New event when called + through the _xxsubinterpreters module. + - bpo-36384: ipaddress module no longer accepts any leading + zeros in IPv4 address strings. Leading zeros are ambiguous + and interpreted as octal notation by some libraries. For + example the legacy function socket.inet_aton() treats + leading zeros as octal notatation. glibc implementation of + modern inet_pton() does not accept any leading zeros. For + a while the ipaddress module used to accept ambiguous + leading zeros. + - bpo-43075: Fix Regular Expression Denial of Service (ReDoS) + vulnerability in urllib.request.AbstractBasicAuthHandler. + The ReDoS-vulnerable regex has quadratic worst-case + complexity and it allows cause a denial of service when + identifying crafted invalid RFCs. This ReDoS issue is on + the client side and needs remote attackers to control the + HTTP server. + - bpo-42800: Audit hooks are now fired for frame.f_code, + traceback.tb_frame, and generator code/frame attribute + access. + * Core and Builtins + - bpo-43105: Importlib now resolves relative paths when + creating module spec objects from file locations. + - bpo-42924: Fix bytearray repetition incorrectly copying + data from the start of the buffer, even if the data is + offset within the buffer (e.g. after reassigning a slice at + the start of the bytearray to a shorter byte string). + * Library + - bpo-43993: Update bundled pip to 21.1.1. + - bpo-43937: Fixed the turtle module working with non-default + root window. + - bpo-43930: Update bundled pip to 21.1 and setuptools to + 56.0.0 + - bpo-43920: OpenSSL 3.0.0: load_verify_locations() now + returns a consistent error message when cadata contains no + valid certificate. + - bpo-43607: urllib can now convert Windows paths with \\?\ + prefixes into URL paths. + - bpo-43284: platform.win32_ver derives the windows version + from sys.getwindowsversion().platform_version which in turn + derives the version from kernel32.dll (which can be of + a different version than Windows itself). Therefore change + the platform.win32_ver to determine the version using the + platform module’s _syscmd_ver private function to return an + accurate version. + - bpo-42248: [Enum] ensure exceptions raised in _missing__ + are released + - bpo-43799: OpenSSL 3.0.0: define OPENSSL_API_COMPAT 1.1.1 + to suppress deprecation warnings. Python requires OpenSSL + 1.1.1 APIs. + - bpo-43794: Add ssl.OP_IGNORE_UNEXPECTED_EOF constants + (OpenSSL 3.0.0) + - bpo-43789: OpenSSL 3.0.0: Don’t call the password callback + function a second time when first call has signaled an + error condition. + - bpo-43788: The header files for ssl error codes are now + OpenSSL version-specific. Exceptions will now show correct + reason and library codes. The make_ssl_data.py script has + been rewritten to use OpenSSL’s text file with error codes. + - bpo-43655: tkinter dialog windows are now recognized as + dialogs by window managers on macOS and X Window. + - bpo-43534: turtle.textinput() and turtle.numinput() create + now a transient window working on behalf of the canvas + window. + - bpo-43522: Fix problem with hostname_checks_common_name. + OpenSSL does not copy hostflags from struct SSL_CTX to + struct SSL. + - bpo-42967: Allow bytes separator argument in + urllib.parse.parse_qs and urllib.parse.parse_qsl when + parsing str query strings. Previously, this raised + a TypeError. + - bpo-43176: Fixed processing of a dataclass that inherits + from a frozen dataclass with no fields. It is now correctly + detected as an error. + - bpo-41735: Fix thread locks in zlib module may go wrong in + rare case. Patch by Ma Lin. + - bpo-36470: Fix dataclasses with InitVars and replace(). + Patch by Claudiu Popa. + - bpo-32745: Fix a regression in the handling of ctypes’ + ctypes.c_wchar_p type: embedded null characters would cause + a ValueError to be raised. Patch by Zackery Spytz. + * Documentation + - bpo-43959: The documentation on the PyContextVar C-API was + clarified. + - bpo-43938: Update dataclasses documentation to express that + FrozenInstanceError is derived from AttributeError. + - bpo-43755: Update documentation to reflect that + unparenthesized lambda expressions can no longer be the + expression part in an if clause in comprehensions and + generator expressions since Python 3.9. + - bpo-43739: Fixing the example code in + Doc/extending/extending.rst to declare and initialize the + pmodule variable to be of the right type. + * Tests + - bpo-43961: Fix + test_logging.test_namer_rotator_inheritance() on Windows: + use os.replace() rather than os.rename(). Patch by Victor + Stinner. + - bpo-43842: Fix a race condition in the SMTP test of + test_logging. Don’t close a file descriptor (socket) from + a different thread while asyncore.loop() is polling the + file descriptor. Patch by Victor Stinner. + - bpo-43811: Tests multiple OpenSSL versions on GitHub + Actions. Use ccache to speed up testing. + - bpo-43791: OpenSSL 3.0.0: Disable testing of legacy + protocols TLS 1.0 and 1.1. Tests are failing with + TLSV1_ALERT_INTERNAL_ERROR. +- Refreshed patches: + - bpo-31046_ensurepip_honours_prefix.patch + - python-3.3.0b1-fix_date_time_compiler.patch +- Add vendorized files from bluez-devel to enable building support for + Bluetooth. + +------------------------------------------------------------------- +Sun May 2 09:20:06 UTC 2021 - Ben Greiner + +- Make sure to close the import_failed.map file after the exception + has been raised in order to avoid ResourceWarnings when the + failing import is part of a try...except block. + +------------------------------------------------------------------- +Wed Apr 28 16:39:54 UTC 2021 - Matej Cepl + +- Update to 3.9.4: + - bpo#43710: Reverted the fix for https://bugs.python.org/issue42500 + as it changed the PyThreadState struct size and broke the 3.9.x ABI + in the 3.9.3 release (visible on 32-bit platforms using binaries + compiled using an earlier version of Python 3.9.x headers). + - bpo#26053: Fixed bug where the pdb interactive run command echoed + the args from the shell command line, even if those have been + overridden at the pdb prompt. + - bpo#42988 (bsc#1183374) CVE-2021-3426: Remove the getfile + feature of the pydoc module which could be abused to read + arbitrary files on the disk (directory traversal + vulnerability). Moreover, even source code of Python modules + can contain sensitive data like passwords. Vulnerability + reported by David Schwörer. + - bpo#43285: ftplib no longer trusts the IP address value + returned from the server in response to the PASV command by + default. This prevents a malicious FTP server from using the + response to probe IPv4 address and port combinations on the + client network. Code that requires the former vulnerable + behavior may set a trust_server_pasv_ipv4_address attribute + on their ftplib.FTP instances to True to re-enable it. + - bpo#43439: Add audit hooks for gc.get_objects(), + gc.get_referrers() and gc.get_referents(). Patch by Pablo + Galindo. + - bpo#43660: Fix crash that happens when replacing sys.stderr + with a callable that can remove the object while an exception + is being printed. Patch by Pablo Galindo. + - bpo#43555: Report the column offset for SyntaxError for + invalid line continuation characters. Patch by Pablo Galindo. + - bpo#43517: Fix misdetection of circular imports when using + from pkg.mod import attr, which caused false positives in + non-trivial multi-threaded code. + - bpo#35883: Python no longer fails at startup with a fatal + error if a command line argument contains an invalid Unicode + character. The Py_DecodeLocale() function now escapes byte + sequences which would be decoded as Unicode characters + outside the [U+0000; U+10ffff] range. + - bpo#43406: Fix a possible race condition where + PyErr_CheckSignals tries to execute a non-Python signal + handler. + - bpo#42500: Improve handling of exceptions near recursion + limit. Converts a number of Fatal Errors in RecursionErrors. + - bpo#43433: xmlrpc.client.ServerProxy no longer ignores query + and fragment in the URL of the server. + - bpo#35930: Raising an exception raised in a “future” instance + will create reference cycles. + - bpo#43577: Fix deadlock when using ssl.SSLContext debug + callback with ssl.SSLContext.sni_callback(). + - bpo#43521: ast.unparse can now render NaNs and empty sets. + - bpo#43423: subprocess.communicate() no longer raises an + IndexError when there is an empty stdout or stderr IO buffer + during a timeout on Windows. + - bpo#27820: Fixed long-standing bug of smtplib.SMTP where + doing AUTH LOGIN with initial_response_ok=False will fail. + The cause is that SMTP.auth_login _always_ returns a password + if provided with a challenge string, thus non-compliant with + the standard for AUTH LOGIN. Also fixes bug with the test for + smtpd. + - bpo#43332: Improves the networking efficiency of http.client + when using a proxy via set_tunnel(). Fewer small send calls + are made during connection setup. + - bpo#43399: Fix ElementTree.extend not working on iterators + when using the Python implementation + - bpo#43316: The python -m gzip command line application now + properly fails when detecting an unsupported extension. It + exits with a non-zero exit code and prints an error message + to stderr. + - bpo#43260: Fix TextIOWrapper can not flush internal buffer + forever after very large text is written. + - bpo#42782: Fail fast in shutil.move() to avoid creating + destination directories on failure. + - bpo#37193: Fixed memory leak in socketserver.ThreadingMixIn + introduced in Python 3.7. + - bpo#43199: Answer “Why is there no goto?” in the Design and + History FAQ. + - bpo#43407: Clarified that a result from time.monotonic(), + time.perf_counter(), time.process_time(), or + time.thread_time() can be compared with the result from any + following call to the same function - not just the next + immediate call. + - bpo#27646: Clarify that ‘yield from ’ works with any + iterable, not just iterators. + - bpo#36346: Update some deprecated unicode APIs which are + documented as “will be removed in 4.0” to “3.12”. See PEP 623 + for detail. + - bpo#37945: Fix test_getsetlocale_issue1813() of test_locale: + skip the test if setlocale() fails. Patch by Victor Stinner. + - bpo#41561: Add workaround for Ubuntu’s custom OpenSSL + security level policy. + - bpo#43288: Fix test_importlib to correctly skip Unicode file + tests if the fileystem does not support them. + - bpo#43617: Improve configure.ac: Check for presence of + autoconf-archive package and remove our copies of M4 macros. + - bpo#42225: Document that IDLE can fail on Unix either from + misconfigured IP masquerage rules or failure displaying + complex colored (non-ascii) characters. + - bpo#43283: Document why printing to IDLE’s Shell is often + slower than printing to a system terminal and that it can be + made faster by pre-formatting a single string before + printing. + +------------------------------------------------------------------- +Fri Feb 19 16:58:38 UTC 2021 - Matej Cepl + +- Update to 3.9.2: + - bpo#42938 (bsc#1181126): Avoid static buffers when computing + the repr of ctypes.c_double and ctypes.c_longdouble + values. This issue was assigned CVE-2021-3177. + - bpo#42967 (bsc#1182379): Fix web cache poisoning + vulnerability by defaulting the query args separator to &, + and allowing the user to choose a custom separator. This + issue was assigned CVE-2021-23336. +- Upstreamed patches were removed: + - CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch + - bsc1167501-invalid-alignment.patch + - skip_random_failing_tests.patch + - CVE-2019-5010-null-defer-x509-cert-DOS.patch + +------------------------------------------------------------------- +Tue Feb 9 01:37:59 UTC 2021 - Steve Kowalik + +- Add Obsoletes for python3-base when primary interpreter is set to + properly replace it during upgrades. (bsc#1181324) + +------------------------------------------------------------------- +Mon Feb 8 22:02:03 UTC 2021 - Matej Cepl + +- Update to 3.9.1: + Security bugs: + - Prevented potential DoS attack via CPU and RAM exhaustion + when processing malformed Apple Property List files in binary + format. + - The plistlib module no longer accepts entity declarations in + XML plist files to avoid XML vulnerabilities. This should not + affect users as entity declarations are not used in regular + plist files. + - Add volatile to the accumulator variable in + hmac.compare_digest, making constant-time-defeating + optimizations less likely. + Core and Builtins + - Allow assignment expressions in set literals and set + comprehensions as per PEP 572. Patch by Pablo Galindo. + - Fix a regression introduced by the new parser, where an + unparenthesized walrus operator was not allowed within + generator expressions. + - types.GenericAlias objects can now be the targets of + weakrefs. + - Fixed a bug in the PEG parser that was causing crashes in + debug mode. Now errors are checked in left-recursive rules to + avoid cases where such errors do not get handled in time and + appear as long-distance crashes in other places. + - Fixed a possible crash in the PEG parser when checking for + the ‘!=’ token in the barry_as_flufl rule. Patch by Pablo + Galindo. + - Fix handling of errors during creation of PyFunctionObject, + which resulted in operations on uninitialized memory. Patch + by Yonatan Goldschmidt. + - Fix a bug in the parser, where a curly brace following + a primary didn’t fail immediately. This led to invalid + expressions like a {b} to throw a SyntaxError with a wrong + offset, or invalid expressions ending with a curly brace like + a { to not fail immediately in the REPL. + - Fix possible buffer overflow in the new parser when checking + for continuation lines. Patch by Pablo Galindo. + - Run the parser two times. On the first run, disable all the + rules that only generate better error messages to gain + performance. If there’s a parse failure, run the parser + a second time with those enabled. + - Document the default implementation of object.__eq__. + - Fix peephole optimizer misoptimize conditional jump + + JUMP_IF_NOT_EXC_MATCH pair. + - The garbage collector now tracks all user-defined classes. + Patch by Brandt Bucher. + - Fixed potential issues with removing not completely + initialized module from sys.modules when import fails. + - Star-unpacking is now allowed for with item’s targets in the + PEG parser. + - Fixed stack overflow in issubclass() and isinstance() when + getting the __bases__ attribute leads to infinite recursion. + - When loading a native module and a load failure occurs, + prevent a possible UnicodeDecodeError when not running in + a UTF-8 locale by decoding the load error message using the + current locale’s encoding. + - Correctly count control blocks in ‘except’ in compiler. + Ensures that a syntax error, rather a fatal error, occurs for + deeply nested, named exception handlers. + Library + - types.GenericAlias will now raise a TypeError when attempting + to initialize with a keyword argument. Previously, this would + cause the interpreter to crash if the interpreter was + compiled with debug symbols. This does not affect + interpreters compiled for release. Patch by Ken Jin. + - CGIHTTPRequestHandler.run_cgi() HTTP_ACCEPT improperly + parsed. Replace the special purpose getallmatchingheaders + with generic get_all method and add relevant tests. + - inspect.findsource() now raises OSError instead of IndexError + when co_lineno of a code object is greater than the file + length. This can happen, for example, when a file is edited + after it was imported. PR by Irit Katriel. + - Fix handling of trailing comments by inspect.getsource(). + - ChainMap.__iter__ no longer calls __getitem__ on underlying + maps + - TracebackException no longer holds a reference to the + exception’s traceback object. Consequently, instances of + TracebackException for equivalent but non-equal exceptions + now compare as equal. + - We fixed an issue in pickle.whichmodule in which importing + multiprocessing could change the how pickle identifies which + module an object belongs to, potentially breaking the + unpickling of those objects. + - Clarify the error message for asyncio.IncompleteReadError + when expected is None. + - Extracting a symlink from a tarball should succeed and + overwrite the symlink if it already exists. The fix is to + remove the existing file or symlink before extraction. Based + on patch by Chris AtLee, Jeffrey Kintscher, and Senthil + Kumaran. + - Fixed tkinter.ttk.Style.map(). The function accepts now the + representation of the default state as empty sequence (as + returned by Style.map()). The structure of the result is now + the same on all platform and does not depend on the value of + wantobjects. + - Fix various issues with typing.Literal parameter handling + (flatten, deduplicate, use type to cache key). Patch provided + by Yurii Karabas. + - Fix the threading.Thread class at fork: do nothing if the + thread is already stopped (ex: fork called at Python exit). + Previously, an error was logged in the child process. + - The onerror callback from shutil.rmtree now receives correct + function when os.open fails. + - Fix os.sendfile() on illumos. + - Fixed writing binary Plist files larger than 4 GiB. + - The repr() of typing types containing Generic Alias Types + previously did not show the parameterized types in the + GenericAlias. They have now been changed to do so. + - webbrowser: Ignore NotADirectoryError when calling + xdg-settings. + - binhex.binhex() consisently writes macOS 9 line endings. + - Fix a stack overflow error for asyncio Task or Future repr(). + - The overflow occurs under some circumstances when a Task or + Future recursively returns itself. + - Fix memory leak in subprocess.Popen() in case an uid (gid) + specified in user (group, extra_groups) overflows uid_t + (gid_t). + - Improve asyncio.wait function to create the futures set just + one time. + - InvalidFileException and RecursionError are now the only + errors caused by loading malformed binary Plist file + (previously ValueError and TypeError could be raised in some + specific cases). + - Pickling heap types implemented in C with protocols 0 and + 1 raises now an error instead of producing incorrect data. + - plistlib: fix parsing XML plists with hexadecimal integer + values + - Fix an incorrectly formatted error from + _codecs.charmap_decode() when called with a mapped value + outside the range of valid Unicode code points. PR by Max + Bernstein. + - Fix pickling pure Python datetime.time subclasses. Patch by + Dean Inwood. + - Fixed a bug that was causing ctypes.util.find_library() to + return None when triying to locate a library in an + environment when gcc>=9 is available and ldconfig is not. + Patch by Pablo Galindo + - C14N 2.0 serialisation in xml.etree.ElementTree failed for + unprefixed attributes when a default namespace was defined. + - Fix a bug in the symtable module that was causing + module-scope global variables to not be reported as both + local and global. Patch by Pablo Galindo. + - str() for the type attribute of the tkinter.Event object + always returns now the numeric code returned by Tk instead of + the name of the event type. + - fix tkinter.EventType Enum so all members are strings, and + none are tuples + - Fix SQLite3 segfault when backing up closed database. Patch + contributed by Peter David McCormick. + - Fix the tarfile module to write only basename of TAR file to + GZIP compression header. + - Allow ctypes.wintypes to be imported on non-Windows systems. + - shutil.which() now ignores empty entries in PATHEXT instead + of treating them as a match. + - Fix time-of-check/time-of-action issue in + subprocess.Popen.send_signal. + - Fix --outfile for cProfile / profile not writing the output + file in the original directory when the program being + profiled changes the working directory. PR by Anthony + Sottile. + - ZipFile truncates files to avoid corruption when a shorter + comment is provided in append (“a”) mode. Patch by Jan Mazur. + - Fixed KeyError exception when flattening an email to a string + attempts to replace a non-existent Content-Transfer-Encoding + header. + Documentation + - Fix the URL for the IMAP protocol documents. + - Document __format__ functionality for IP addresses. + - Clarify that subscription expressions are also valid for + certain classes and types in the standard library, and for + user-defined classes and types if the classmethod + __class_getitem__() is provided. + - Documented generic alias type and types.GenericAlias. Also + added an entry in glossary for generic types. + - In Programming FAQ “Sequences (Tuples/Lists)” section, add + “How do you remove multiple items from a list”. + - Fix RemovedInSphinx40Warning when building the documentation. + Patch by Dong-hee Na. + - Update the refcounts info of PyType_FromModuleAndSpec. + - Fix tarfile’s extractfile documentation + - Document some restrictions on the default string + representations of numeric classes. + Tests + - Reenable test_gdb on gdb 9.2 and newer: + https://bugzilla.redhat.com/show_bug.cgi?id=1866884 bug is + fixed in gdb 10.1. + - Fix test_asyncio.test_call_later() race condition: don’t + measure asyncio performance in the call_later() unit test. + The test failed randomly on the CI. + - Include _testinternalcapi module in Windows installer for + test suite + - Fix test_logging.test_race_between_set_target_and_flush(): + the test now waits until all threads complete to avoid + leaking running threads. + - Avoid a test failure in test_lib2to3 if the module has + already imported at the time the test executes. Patch by + Pablo Galindo. + - Tests for CJK codecs no longer call eval() on content + received via HTTP. + - Fix test_site.test_license_exists_at_url(): call + urllib.request.urlcleanup() to reset the global + urllib.request._opener. Patch by Victor Stinner. + - test_ssl: skip test_min_max_version_mismatch when TLS 1.0 is + not available + - Add tests for SIGINT handling in the runpy module. + - Fixed a failure in test_tk.test_widgets.ScaleTest happening + when executing the test with Tk 8.6.10. + Build + - Fix a race condition in “make regen-all” when make -jN option + is used to run jobs in parallel. The clinic.py script now + only use atomic write to write files. Moveover, generated + files are now left unchanged if the content does not change, + to not change the file modification time. + - Update Py_UNREACHABLE to use __builtin_unreachable() if only + the compiler is able to use it. Patch by Dong-hee Na. + - Addressed three compiler warnings found by undefined behavior + sanitizer (ubsan). + IDLE + - Fix reporting offset of the RE error in searchengine. + - Get docstrings for IDLE calltips more often by using + inspect.getdoc. + - Mostly finish using ttk widgets, mainly for editor, settings, + and searches. Some patches by Mark Roseman. + - Use ‘IDLE Shell’ as shell title + - Rewrite the Calltips doc section. + - In calltips, stop reminding that ‘/’ marks the end of + positional-only arguments. + - Typing opening and closing parentheses inside the parentheses + of a function call will no longer cause unnecessary + “flashing” off and on of an existing open call-tip, e.g. when + typed in a string literal. + C API + - Fix potential crash in deallocating method objects when + dynamically allocated PyMethodDef’s lifetime is managed + through the self argument of a PyCFunction. + - Py_FileSystemDefaultEncodeErrors and Py_UTF8Mode are + available again in limited API. +- Readjustet and reapplied patches: + - CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch + - bpo-31046_ensurepip_honours_prefix.patch + - python-3.3.0b1-fix_date_time_compiler.patch + - skip_random_failing_tests.patch + - sphinx-update-removed-function.patch + +------------------------------------------------------------------- +Fri Jan 29 17:22:48 UTC 2021 - Matej Cepl + +- Add CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch fixing + bsc#1181126 (CVE-2021-3177) buffer overflow in PyCArg_repr in + _ctypes/callproc.c, which may lead to remote code execution. + +------------------------------------------------------------------- +Tue Jan 5 09:15:36 UTC 2021 - Matej Cepl + +- (bsc#1180125) We really don't Require python-rpm-macros package. + Unnecessary dependency. + +------------------------------------------------------------------- +Wed Dec 16 16:08:42 UTC 2020 - Matej Cepl + +- Make python39-doc building again +- Add no-skipif-doctests.patch, because SLE-15 version of Sphinx + doesn't know about skipif directive in doctests. + +------------------------------------------------------------------- +Sat Dec 12 14:29:33 UTC 2020 - Matej Cepl + +- Update sphinx-update-removed-function.patch patch to the latest + version in python36. + +------------------------------------------------------------------- +Thu Dec 10 00:26:51 UTC 2020 - Benjamin Greiner + +- Last try before this results in an editwar: + * remove importlib_resources and importlib-metadata + provides/obsoletes + * import importlib_resources is not the same as + import importlib.resources, same for metadata + * The backport packages from PyPI needed for older flavors are + specified as such for setuptools or in pyproject.toml. If a + package requires them they typically add them with a python + version qualifier and the packages have their own version + numbers. + +------------------------------------------------------------------- +Sat Dec 5 16:55:12 UTC 2020 - Matej Cepl + +- Add patch sphinx-update-removed-function.patch to no longer call + a now removed function and to make documentation build independent of + the Sphinx version (bsc#1179630, gh#python/cpython#13236). + +------------------------------------------------------------------- +Fri Nov 13 17:20:08 UTC 2020 - Matej Cepl + +- Don't require packages which break build on SLE-15 although we really + don't need them (python3-python-docs-theme and + python3-sphinxcontrib-qthelp). + +------------------------------------------------------------------- +Fri Oct 9 16:05:50 UTC 2020 - Dominique Leuenberger + +- Fix build with RPM 4.16: error: bare words are no longer + supported, please use "...": x86 == ppc. + +------------------------------------------------------------------- +Tue Oct 6 07:30:56 UTC 2020 - Matej Cepl + +- Update to the final version 3.9.0: + Complete changelog with all (many) + changes from previous version is on + https://docs.python.org/release/3.9.0/whatsnew/3.9.html + Changes from the previous RC versions (not that many) are on + https://docs.python.org/release/3.9.0/whatsnew/changelog.html#changelog + +------------------------------------------------------------------- +Fri Sep 25 06:58:03 UTC 2020 - Dominique Leuenberger + +- Buildrequire timezone only for general flavor. It's used in this + flavor for the test suite. + +------------------------------------------------------------------- +Wed Sep 2 14:39:44 UTC 2020 - Matej Cepl + +- Update to 3.9.0rc1: + * Core and Builtins + - bpo-38156: Handle interrupts that come after EOF + correctly in PyOS_StdioReadline. + * Library + - bpo-41497: Fix potential UnicodeDecodeError in dis + module. + - bpo-41490: Update ensurepip to install pip 20.2.1 and + setuptools 49.2.1. + - bpo-41467: On Windows, fix asyncio recv_into() return + value when the socket/pipe is closed (BrokenPipeError): + return 0 rather than an empty byte string (b''). + - bpo-41425: Make tkinter doc example runnable. + - bpo-41384: Raise TclError instead of TypeError when an + unknown option is passed to tkinter.OptionMenu. + - bpo-38731: Fix NameError in command-line interface of + py_compile. + - bpo-41317: Use add_done_callback() in + asyncio.loop.sock_accept() to unsubscribe reader early on + cancellation. + - bpo-41364: Reduce import overhead of uuid. + - bpo-41341: Recursive evaluation of typing.ForwardRef in + get_type_hints. + - bpo-41182: selector: use DefaultSelector based upon + implementation + - bpo-40726: Handle cases where the end_lineno is None on + ast.increment_lineno(). + * Documentation + - bpo-41045: Add documentation for debug feature of + f-strings. + - bpo-41314: Changed the release when from __future__ + import annotations becomes the default from 4.0 to 3.10 + (following a change in PEP 563). + * Windows + - bpo-41492: Fixes the description that appears in UAC + prompts. + - bpo-40948: Improve post-install message to direct people + to the “py” command. + - bpo-41412: The installer will now fail to install on + Windows 7 and Windows 8. Further, the UCRT dependency is + now always downloaded on demand. + - bpo-40741: Update Windows release to include SQLite + 3.32.3. + * IDLE + - bpo-41468: Improve IDLE run crash error message (which + users should never see). + - bpo-41373: Save files loaded with no line ending, as when + blank, or different line endings, by setting its line + ending to the system default. Fix regression in 3.8.4 and + 3.9.0b4. + +------------------------------------------------------------------- +Tue Sep 1 10:15:06 UTC 2020 - Matej Cepl + +- Synchronize formatting and fixes with python38. + +------------------------------------------------------------------- +Thu Aug 20 15:41:28 UTC 2020 - Andreas Schwab + +- Increase testsuite timeout to account for super long running + test_peg_generator + +------------------------------------------------------------------- +Tue Jul 21 09:53:06 UTC 2020 - Callum Farmer + +- Removed CVE-2019-20907_tarfile-inf-loop.patch: fixed in upstream +- Removed recursion.tar: contained in upstream +- Update to 3.9.0b5: + - bpo-41304: Fixes python3x._pth being ignored on Windows, caused + by the fix for bpo-29778 (CVE-2020-15801). + - bpo-41162: Audit hooks are now cleared later during + finalization to avoid missing events. + - bpo-29778: Ensure python3.dll is loaded from correct locations + when Python is embedded (CVE-2020-15523). + - bpo-39603: Prevent http header injection by rejecting control + characters in http.client.putrequest(…). + - bpo-41295: Resolve a regression in CPython 3.8.4 where defining + “__setattr__” in a multi-inheritance setup and + calling up the hierarchy chain could fail if builtins/extension + types were involved in the base types. + - bpo-41247: Always cache the running loop holder when running + asyncio.set_running_loop. + - bpo-41252: Fix incorrect refcounting in + _ssl.c’s _servername_callback(). + - bpo-41215: Use non-NULL default values in the PEG parser + keyword list to overcome a bug that was ' + preventing Python from being properly compiled when using the + XLC compiler. Patch by Pablo Galindo. + - bpo-41218: Python 3.8.3 had a regression where compiling with + ast.PyCF_ALLOW_TOP_LEVEL_AWAIT would + aggressively mark list comprehension with CO_COROUTINE. Now only + list comprehension making use of async/await will tagged as so. + - bpo-41175: Guard against a NULL pointer dereference within + bytearrayobject triggered by the bytearray() + bytearray() operation. + - bpo-39960: The “hackcheck” that prevents sneaking around a type’s + __setattr__() by calling the superclass method was + rewritten to allow C implemented heap types. + - bpo-41288: Unpickling invalid NEWOBJ_EX opcode with the + C implementation raises now UnpicklingError instead of crashing. + - bpo-39017: Avoid infinite loop when reading specially crafted + TAR files using the tarfile module (CVE-2019-20907, bsc#1174091). + - bpo-41235: Fix the error handling in ssl.SSLContext.load_dh_params(). + - bpo-41207: In distutils.spawn, restore expectation that + DistutilsExecError is raised when the command is not found. + - bpo-39168: Remove the __new__ method of typing.Generic. + - bpo-41194: Fix a crash in the _ast module: it can no longer be + loaded more than once. It now uses a global state rather than a module state. + - bpo-39384: Fixed email.contentmanager to allow set_content() to set a + null string. + - bpo-41300: Save files with non-ascii chars. + Fix regression released in 3.9.0b4 and 3.8.4. + - bpo-37765: Add keywords to module name completion list. + Rewrite Completions section of IDLE doc. + - bpo-40170: Revert PyType_HasFeature() change: it reads + again directly the PyTypeObject.tp_flags + member when the limited C API is not used, rather than always calling + PyType_GetFlags() which hides implementation details. + +------------------------------------------------------------------- +Mon Jul 20 12:06:41 UTC 2020 - Matej Cepl + +- Add CVE-2019-20907_tarfile-inf-loop.patch fixing bsc#1174091 + (CVE-2019-20907, bpo#39017) avoiding possible infinite loop + in specifically crafted tarball. + Add recursion.tar as a testing tarball for the patch. + +------------------------------------------------------------------- +Fri Jul 17 07:07:19 UTC 2020 - Callum Farmer + +- Changed bpo-31046_ensurepip_honours_prefix.patch to include fix from py3.8 + +------------------------------------------------------------------- +Thu Jul 16 21:45:50 UTC 2020 - Callum Farmer + +- Spec file fixes +- Re-added subprocess-raise-timeout.patch: now compatible +- Removed bpo34022-stop_hash-based_invalidation_w_SOURCE_DATE_EPOCH.patch: contained in upstream + +------------------------------------------------------------------- +Wed Jul 15 09:10:42 UTC 2020 - Tomáš Chvátal + +- Fix minor issues found in the staging. + +------------------------------------------------------------------- +Wed Jul 15 06:13:33 UTC 2020 - Tomáš Chvátal + +- Do not set ourselves as primary interpreter + +------------------------------------------------------------------- +Tue Jul 14 20:45:11 UTC 2020 - Matej Cepl + +- Update to 3.9.0b4: + - PEP 584, Union Operators in dict + - PEP 585, Type Hinting Generics In Standard Collections + - PEP 593, Flexible function and variable annotations + - PEP 602, Python adopts a stable annual release cadence + - PEP 615, Support for the IANA Time Zone Database in the + Standard Library + - PEP 616, String methods to remove prefixes and suffixes + - PEP 617, New PEG parser for CPython + - bpo#38379, garbage collection does not block on resurrected + objects; + - bpo#38692, os.pidfd_open added that allows process + management without races and signals; + - bpo#39926, Unicode support updated to version 13.0.0; + - bpo#1635741, when Python is initialized multiple times in + the same process, it does not leak memory anymore; + - A number of Python builtins (range, tuple, set, frozenset, + list, dict) are now sped up using PEP 590 vectorcall; + - A number of Python modules (_abc, audioop, _bz2, _codecs, + _contextvars, _crypt, _functools, _json, _locale, operator, + resource, time, _weakref) now use multiphase initialization + as defined by PEP 489; + - A number of standard library modules (audioop, ast, grp, + _hashlib, pwd, _posixsubprocess, random, select, struct, + termios, zlib) are now using the stable ABI defined by + PEP 384. +- Remove upstreamed patches: + - F00102-lib64.patch + - SUSE-FEDORA-multilib.patch + - OBS_dev-shm.patch + - subprocess-raise-timeout.patch + - bpo36302-sort-module-sources.patch + - bpo40784-Fix-sqlite3-deterministic-test.patch + +------------------------------------------------------------------- +Fri Jul 10 10:55:15 UTC 2020 - Tomáš Chvátal + +- Update pre_checkin.sh and regenerate + +------------------------------------------------------------------- +Fri Jul 10 10:11:39 UTC 2020 - Tomáš Chvátal + +- Convert few dependencies to their pkgconfig counterparts + +------------------------------------------------------------------- +Fri Jul 10 10:08:48 UTC 2020 - Tomáš Chvátal + +- Remove release requirement on libpython, it is not really needed + to be equal as the abi changes with versions + +------------------------------------------------------------------- +Fri Jul 10 10:07:50 UTC 2020 - Tomáš Chvátal + +- Add provides python3-bla on all the subpkgs in case we are + primary provider of the functionality + +------------------------------------------------------------------- +Fri Jul 10 10:02:01 UTC 2020 - Tomáš Chvátal + +- Remove unversioned files from devel subpkg too +- Remove main python3 files from -base based whether we are + primary interpreter or not +- Fix idle to be co-installable +- Add condition to be primary to provide/obsolete python3-* +- Fix doc to build in versioned folder so the pythons can be + installed next to each other + +------------------------------------------------------------------- +Fri Jul 10 07:57:10 UTC 2020 - Tomáš Chvátal + +- Revert the full versioning of calls on the macros. These + are generic so they should really just call python3 X + +------------------------------------------------------------------- +Fri Jul 10 07:56:11 UTC 2020 - Tomáš Chvátal + +- For the doc package we can build with generic flavor, we don't + need the our-interpreter based one + +------------------------------------------------------------------- +Fri Jul 10 07:18:53 UTC 2020 - Tomáš Chvátal + +- Add provides for pytohn3X-typing/etc to allow BR on those still + to work when needed + +------------------------------------------------------------------- +Fri Jul 10 07:14:33 UTC 2020 - Tomáš Chvátal + +- Change macros.python3 to use full versioned 3.8 instead of just 3 + for python interpreter + +------------------------------------------------------------------- +Wed Jul 1 11:50:19 UTC 2020 - Tomáš Chvátal + +- Reduce some now unused conditionals + +------------------------------------------------------------------- +Wed Jul 1 11:00:40 UTC 2020 - Tomáš Chvátal + +- Redux the -base dependencies to match up pre-merge layout + +------------------------------------------------------------------- +Wed Jul 1 09:24:39 UTC 2020 - Tomáš Chvátal + +- Generate baselibs in pre-checkin too + +------------------------------------------------------------------- +Wed Jul 1 09:14:33 UTC 2020 - Tomáš Chvátal + +- Generate the importlib-failed using pre_checking again +- Add back the information about skipped tests on the pre_checkin + output + +------------------------------------------------------------------- +Tue Jun 30 07:11:19 UTC 2020 - Tomáš Chvátal + +- Use %python_pkg_name instead of hardcoding python3 where + applicable +- Sort out preamble with spec-cleaner + +------------------------------------------------------------------- +Mon Jun 29 14:36:10 UTC 2020 - Matej Cepl + +- Calculate required variables instead of relying on their continuous manual update + +------------------------------------------------------------------- +Thu Jun 25 10:44:08 UTC 2020 - Tomáš Chvátal + +- Fix the -base module build again to generate only the deps + we need + +------------------------------------------------------------------- +Wed Jun 17 18:42:51 UTC 2020 - Matej Cepl + +- Replace OBS_dev-shm.patch with the upstream PR#20944 + +------------------------------------------------------------------- +Thu Jun 10 14:30:15 UTC 2020 - Tomáš Chvátal + +- Use the %{python_pkg_name} on more places to allow easier + multiversioning +- Switch to _multibuild approach for easier maintenance of this + package. All is now in one spec file with 3 conditionals: + * bcond_with base + * bcond_with doc + * bcond_with general + +------------------------------------------------------------------- +Mon Jun 8 14:26:00 UTC 2020 - Matej Cepl + +- add requires python3-base on libpython subpackage (bsc#1167008) + +------------------------------------------------------------------- +Fri Jun 5 06:08:12 UTC 2020 - Dirk Mueller + +- build against Sphinx 2.x until python is compatible with + Sphinx 3.x (see gh#python/cpython#19397, bpo#40204) + +------------------------------------------------------------------- +Fri May 29 19:59:01 UTC 2020 - Andreas Stieger + +- Fix build with SQLite 3.32 (bpo#40783) + add bpo40784-Fix-sqlite3-deterministic-test.patch + +------------------------------------------------------------------- +Sun May 17 15:37:35 UTC 2020 - Callum Farmer + +- Update to version 3.8.3: + - Complete list of changes is available at + https://docs.python.org/release/3.8.3/whatsnew/changelog.html#python-3-8-3-final, + but most of them are just bugfixes. + - Removed patch CVE-2020-8492-urllib-ReDoS.patch: contained in upstream + +------------------------------------------------------------------- +Thu Apr 16 12:06:01 UTC 2020 - Matej Cepl + +- Add #!BuildIgnore: gdk-pixbuf-loader-rsvg to python3 SPEC + +------------------------------------------------------------------- +Thu Mar 26 15:36:55 UTC 2020 - Matej Cepl + +- Add patch bsc1167501-invalid-alignment.patch + (bsc#1167501, bpo#40052) to fix alignment in abstract.h header file. + +------------------------------------------------------------------- +Wed Mar 11 11:09:41 UTC 2020 - Andreas Schwab + +- Update list of skipped tests for qemu linux-user build, test_setegid + (test.test_os.PosixUidGidTests) is confusing it + +------------------------------------------------------------------- +Thu Mar 5 18:40:29 UTC 2020 - Matej Cepl + +- Update to 3.8.2: + - Complete list of changes is available at + https://docs.python.org/release/3.8.2/whatsnew/changelog.html#python-3-8-2-final, + but most of them are just bugfixes. + - Updated patches: + - F00102-lib64.patch + - OBS_dev-shm.patch + - SUSE-FEDORA-multilib.patch + - subprocess-raise-timeout.patch + +------------------------------------------------------------------- +Sun Feb 9 00:14:24 CET 2020 - Matej Cepl + +- Add CVE-2020-8492-urllib-ReDoS.patch fixing the security bug + "Python urrlib allowed an HTTP server to conduct Regular + Expression Denial of Service (ReDoS)" (bsc#1162367) + +------------------------------------------------------------------- +Sat Feb 8 22:21:10 CET 2020 - Matej Cepl + +- Add Requires: libpython%{so_version} == %{version}-%{release} + to python3-base to keep both packages always synchronized + (bsc#1162224). + +------------------------------------------------------------------- +Mon Feb 3 20:27:54 UTC 2020 - Tomáš Chvátal + +- Do not pull in bluez in base again, explain the cycle, + it needs to be solved by bluez maintainer for us by providing + just the headers separately + +------------------------------------------------------------------- +Mon Feb 3 19:54:25 UTC 2020 - Tomáš Chvátal + +- Reame idle icons to idle3 in order to not conflict with python2 + variant of the package + * renamed the icons + * renamed icon load in desktop file + +------------------------------------------------------------------- +Thu Jan 16 09:50:03 UTC 2020 - Tomáš Chvátal + +- Add importlib_resources provide/obsolete as it is integral + part of the lang since 3.7 release + +------------------------------------------------------------------- +Mon Jan 13 11:10:47 UTC 2020 - Martin Liška + +- Add -fno-semantic-interposition as it brings speed up: + https://fedoraproject.org/wiki/Changes/PythonNoSemanticInterpositionSpeedup + +------------------------------------------------------------------- +Thu Dec 19 16:25:26 CET 2019 - Matej Cepl + +- Update to 3.8.1: + - This is mainly bugfix release and no significant changes to + API are expected. The full changelog is available on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-1 + - Remove bpo-38688_shutil.copytree_prevent-infinite-recursion.patch, + which is included in the upstream tarball. + +------------------------------------------------------------------- +Thu Dec 19 14:57:32 CET 2019 - Matej Cepl + +- Add bpo-31046_ensurepip_honours_prefix.patch which makes + ensurepip to honour the value of $(prefix). Proposed fix for + bpo#31046.. + +------------------------------------------------------------------- +Tue Dec 10 11:07:16 UTC 2019 - Tomáš Chvátal + +- Move bluez-devel dependency to base as it is needed for + socket.AF_BLUETOOTH and otherwise does not work + +------------------------------------------------------------------- +Mon Dec 2 16:52:32 CET 2019 - Matej Cepl + +- Reintroduce QtHelp with the help of the new BR + python-sphinxcontrib-qthelp. + +------------------------------------------------------------------- +Mon Oct 21 18:51:00 UTC 2019 - Stefan Brüns + +- Fix SUSE-FEDORA-multilib.patch, the platform agnostic infix for + library installation is "lib", not "dir". + +------------------------------------------------------------------- +Thu Oct 17 14:19:20 UTC 2019 - Stefan Brüns + +- Move idle subpackage build from python3-base to python3. + appstream-glib required for packaging introduces considerable + extra dependencies and a build loop via rust/librsvg. +- Correct installation of idle IDE icons: + + idle.png is not the target directory + + non-GNOME-specific icons belong into icons/hicolor +- Add required Name key to idle3 desktop file + +------------------------------------------------------------------- +Tue Oct 15 16:39:12 CEST 2019 - Matej Cepl + +- Update to the final release 3.8.0. . + - New Features: + - Assignment expressions + - Positional-only parameters + - Parallel filesystem cache for compiled bytecode files + - Debug build uses the same ABI as release build + - f-strings support = for self-documenting expressions and + debugging + - PEP 578: Python Runtime Audit Hooks + - PEP 587: Python Initialization Configuration + - Vectorcall: a fast calling protocol for CPython + - Pickle protocol 5 with out-of-band data buffers + - New modules: + - importlib.metadata + - Improved modules: + - ast asyncio, builtins, collections, curses, ctypes, + datetime, functools, gc, gettext, gzip, idelib and IDLE, + inspect, io, json.tool, math, mmap, multiprocessing, os, + os.path, pathlib, pickle, plistlib, py_compile, shlex, + shutil, socket, ssl, statistics, sys, tarfile, threading, + tokenize, tkinter, time, typing, unicodedata, unittest, + venv, weakref, xml + - C API improvements + - bdist_winnst command has been deprecated (use bdist_wheel) +- https://docs.python.org/3.8/whatsnew/3.8.html remains rest of + changes including documentation on how to port your programs to + the current version of Python. + +------------------------------------------------------------------- +Mon Oct 14 15:02:08 CEST 2019 - Matej Cepl + +- Add idle3.appdata.xml and idle3.desktop (originally from + Fedora) to make Idle3 full GUI desktop application. + (bsc#1153830) + +------------------------------------------------------------------- +Wed Oct 9 19:09:16 UTC 2019 - Michael Gorse + +- Drop intltool from BuildRequires. Doesn't appear to be used. + +------------------------------------------------------------------- +Wed Oct 9 10:37:59 UTC 2019 - Tomáš Chvátal + +- Add folder version to allow tarball downloads even for beta/rc + releases + +------------------------------------------------------------------- +Tue Oct 8 14:53:54 CEST 2019 - Matej Cepl + +- Revert patches from Fedora (F00102-lib64.patch and + F00251-change-user-install-location.patch) into their original + prisitine Fedora versions, SUSE-FEDORA-multilib.patch refreshed + accordingly. + +------------------------------------------------------------------- +Mon Oct 7 14:33:30 UTC 2019 - Matej Cepl + +- Correct quotation of platsubdir in Lib/distutils/command/install.py + +------------------------------------------------------------------- +Thu Oct 3 13:59:57 CEST 2019 - Matej Cepl + +- Replace python-3.6.0-multilib.patch with two patches from + Fedora (F00102-lib64.patch and + F00251-change-user-install-location.patch), and our own + SUSE-FEDORA-multilib.patch to allow better cooperation with + Fedora and better upstreaming. +- Add OBS_dev-shm.patch fixing bpo#38377 + +------------------------------------------------------------------- +Thu Oct 3 08:39:18 UTC 2019 - Tomáš Chvátal + +- Pull in just gettext and let solver to sort out between: + gettext-runtime-mini and gettext-runtime + +------------------------------------------------------------------- +Wed Oct 2 15:00:09 CEST 2019 - Matej Cepl + +- Update to 3.8.0rc1. Overall changes from 3.7: + - PEP 572, Assignment expressions + - PEP 570, Positional-only arguments + - PEP 587, Python Initialization Configuration (improved + embedding) + - PEP 590, Vectorcall: a fast calling protocol for CPython + - PEP 578, Runtime audit hooks + - PEP 574, Pickle protocol 5 with out-of-band data + - Typing-related: PEP 591 (Final qualifier), PEP 586 (Literal + types), and PEP 589 (TypedDict) + - Parallel filesystem cache for compiled bytecode + - Debug builds share ABI as release builds, also the 'm' ABI + tag was removed (irrelevant since 3.4), bpo#36707 + - f-strings support a handy = specifier for debugging + - continue is now legal in finally: blocks + - on Windows, the default asyncio event loop is now + ProactorEventLoop + - on macOS, the spawn start method is now used by default in + multiprocessing + - multiprocessing can now use shared memory segments to avoid + pickling costs between processes + - typed_ast is merged back to CPython + - LOAD_GLOBAL is now 40% faster + - pickle now uses Protocol 4 by default, improving performance +- Refreshed patches: + - CVE-2019-5010-null-defer-x509-cert-DOS.patch + - python-3.3.0b1-fix_date_time_compiler.patch + - python-3.6.0-multilib.patch + - subprocess-raise-timeout.patch + +------------------------------------------------------------------- +Wed Sep 25 09:46:41 UTC 2019 - Bernhard Wiedemann + +- Add bpo36302-sort-module-sources.patch (boo#1041090) + +------------------------------------------------------------------- +Tue Sep 10 13:43:18 UTC 2019 - Tomáš Chvátal + +- Try harder obsoleting importlib-metadata + +------------------------------------------------------------------- +Sat Aug 31 00:16:47 CEST 2019 - Matej Cepl + +- Update to 3.8.0b4: + Many bugfixes, full list on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-0-beta-4 + +------------------------------------------------------------------- +Thu Aug 29 06:28:15 UTC 2019 - Guillaume GARDET + +- Re-enable test_threading on aarch64 + +------------------------------------------------------------------- +Sat Aug 17 13:21:15 UTC 2019 - John Vandenberg + +- Remove xrpm from subpackage tk description + +------------------------------------------------------------------- +Tue Aug 6 14:24:55 CEST 2019 - Matej Cepl + +- Update to 3.8.0b3: + Many bugfixes, full list on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-0-beta-3 +- Patches reapplied: + - python-3.3.0b1-fix_date_time_compiler.patch + - python-3.3.0b1-test-posix_fadvise.patch + - python-3.6.0-multilib.patch + - subprocess-raise-timeout.patch + +------------------------------------------------------------------- +Tue Jul 23 13:20:49 UTC 2019 - Matej Cepl + +- Add Provides: python3-importlib-metadata + +------------------------------------------------------------------- +Sun Jul 7 19:08:48 CEST 2019 - Matej Cepl + +- Update to 3.8.0b2: + Many bugfixes, full list on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-0-beta-2 +- Patches included in upstream: + - bpo-37169_PyObject_IsFreed.patch +- Patches reapplied: + - 00251-change-user-install-location.patch + - distutils-reproducible-compile.patch + - python-3.3.0b1-localpath.patch + - python-3.6.0-multilib.patch + +------------------------------------------------------------------- +Tue Jul 2 09:03:04 UTC 2019 - Andreas Schwab + +- Update list of skipped tests for qemu linux-user build +- Don't do profiling in qemu linux-user build + +------------------------------------------------------------------- +Wed Jun 5 12:19:09 CEST 2019 - Matej Cepl + +- Update to 3.8.0b1 (changes since 3.7.*): + - PEP 572, Assignment expressions + - PEP 570, Positional-only arguments + - PEP 587, Python Initialization Configuration (improved embedding) + - PEP 590, Vectorcall: a fast calling protocol for CPython + - PEP 578, Runtime audit hooks + - PEP 574, Pickle protocol 5 with out-of-band data + - Typing-related: PEP 591 (Final qualifier), PEP 586 (Literal + types), and PEP 589 (TypedDict) + - Parallel filesystem cache for compiled bytecode + - Debug builds share ABI as release builds + - f-strings support a handy = specifier for debugging + - continue is now legal in finally: blocks + - multiprocessing can now use shared memory segments to avoid + pickling costs between processes + - typed_ast is merged back to CPython + - LOAD_GLOBAL is now 40% faster + - pickle now uses Protocol 4 by default, improving performance +- Remove patches which were included in the upstream: + - 00251-change-user-install-location.patch + - 00316-mark-bdist_wininst-unsupported.patch + - CVE-2019-9947-no-ctrl-char-http.patch + - raise_SIGING_not_handled.patch + +------------------------------------------------------------------- +Wed May 22 10:53:03 UTC 2019 - Martin Liška + +- Set _lto_cflags to nil as the package is using LTO via --enable-lto. + That will prevent to propage LTO for Python modules that are + built in a separate package. + +------------------------------------------------------------------- +Sat May 4 21:29:20 CEST 2019 - Matej Cepl + +- Update to 3.8.0.a3: + - PEP 572: Assignment Expressions. + - Other (mostly small) changes are on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-0-alpha-3 + +------------------------------------------------------------------- +Mon Apr 29 15:40:34 CEST 2019 - Matej Cepl + +- bsc#1130840 (CVE-2019-9947): add CVE-2019-9947-no-ctrl-char-http.patch + Address the issue by disallowing URL paths with embedded + whitespace or control characters through into the underlying + http client request. Such potentially malicious header + injection URLs now cause a ValueError to be raised. + +------------------------------------------------------------------- +Wed Apr 10 10:22:58 CEST 2019 - Matej Cepl + +- Fix metadata of patches. +- Rename boo1071941-make-install-in-sep-loc.patch to + 00251-change-user-install-location.patch which is the original + name, so it can be looked up in the Fedora VCS. + +------------------------------------------------------------------- +Tue Apr 9 04:55:24 UTC 2019 - John Vandenberg + +- Mark distutils bdist_wininst command unsupported + with 00316-mark-bdist_wininst-unsupported.patch +- Remove Windows bdist_wininst executables from runtime package + +------------------------------------------------------------------- +Tue Apr 9 01:21:45 CEST 2019 - Matej Cepl + +- Update to 3.7.3, which is the maintenance release without any + significant changes in API. + - Updated patches: + - CVE-2019-5010-null-defer-x509-cert-DOS.patch + - distutils-reproducible-compile.patch + - python-3.3.0b1-fix_date_time_compiler.patch + - python-3.6.0-multilib.patch + - raise_SIGING_not_handled.patch + +------------------------------------------------------------------ +Wed Mar 20 14:59:58 UTC 2019 - Matěj Cepl + +- Remove building of Qt Develop help files. + +------------------------------------------------------------------- +Fri Mar 15 15:10:30 CET 2019 - Matej Cepl + +- Return distutils-reproducible-compile.patch which is still + missing (still unfinished bpo#29708). + +------------------------------------------------------------------- +Mon Feb 25 23:30:56 CET 2019 - Matej Cepl + +- Update to 3.8.0a2: + * List of all (mostly small) changes are on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-0-alpha-2 + +------------------------------------------------------------------- +Tue Feb 12 10:25:52 CET 2019 - Matej Cepl + +- Build nis module again. + +------------------------------------------------------------------- +Tue Feb 12 10:06:17 CET 2019 - Matej Cepl + +- Update to 3.8.0a1: + * The most visible change so far is probably the + implementation of PEP 572: Assignment Expressions. For + a detailed list of changes, see: + https://docs.python.org/3.8/whatsnew/changelog.html + * Recover building of nis module properly in python3 package +- Update patches: + * CVE-2019-5010-null-defer-x509-cert-DOS.patch + * python-3.3.0b1-fix_date_time_compiler.patch + * python-3.3.0b1-test-posix_fadvise.patch + * python-3.6.0-multilib.patch + * raise_SIGING_not_handled.patch + +------------------------------------------------------------------- +Wed Jan 30 18:07:49 CET 2019 - mcepl@suse.com + +- Put LICENSE file where it belongs (bsc#1121852) + +------------------------------------------------------------------- +Sat Jan 19 16:19:38 CET 2019 - mcepl@suse.com + +- bsc#1122191: add CVE-2019-5010-null-defer-x509-cert-DOS.patch + fixing bpo-35746. + An exploitable denial-of-service vulnerability exists in the + X509 certificate parser of Python.org Python 2.7.11 / 3.7.2. + A specially crafted X509 certificate can cause a NULL pointer + dereference, resulting in a denial of service. An attacker can + initiate or accept TLS connections using crafted certificates + to trigger this vulnerability. + +------------------------------------------------------------------- +Tue Jan 8 12:51:01 UTC 2019 - Tomáš Chvátal + +- Do not require full gettext in order to avoid pulling in the + glib2 as a dependency + +------------------------------------------------------------------- +Tue Jan 8 12:25:27 UTC 2019 - Tomáš Chvátal + +- Update to 3.7.2: + * bugfix release: + https://docs.python.org/3.7/whatsnew/changelog.html#changelog + +------------------------------------------------------------------- +Wed Jan 2 12:51:48 CET 2019 - mcepl@suse.com + +- Stop applying python-3.6.0-multilib-new.patch (which is still + WIP), and apply the old proven python-3.6.0-multilib.patch + instead. + +------------------------------------------------------------------- +Wed Dec 19 19:29:44 UTC 2018 - Todd R + +- Use upstream-recommended %{_rpmconfigdir}/macros.d directory + for the rpm macros. + +------------------------------------------------------------------- +Mon Dec 17 17:24:49 CET 2018 - mcepl@suse.com + +- Upgrade to 3.7.2rc1: + * bugfix release, for the full list of all changes see + https://docs.python.org/3.7/whatsnew/changelog.html#changelog +- Make run of the test suite more verbose + +------------------------------------------------------------------- +Tue Dec 11 01:52:45 UTC 2018 - Jan Engelhardt + +- Write summaries without em dashes. + +------------------------------------------------------------------- +Mon Dec 3 13:27:54 UTC 2018 - Matěj Cepl + +- Remove python-3.3.0b1-curses-panel.patch it is unnecessary anymore. +- Add boo1071941-make-install-in-sep-loc.patch to make pip and + distutils in user environment install into separate location + (boo#1071941) + + Set values of prefix and exec_prefix in distutils install + command to /usr/local if executable is /usr/bin/python* and RPM + build is not detected to make pip and distutils install into + separate location +- Remove finally python-3.3.3-skip-distutils-test_sysconfig_module.patch +- Remove distutils-reproducible-compile.patch which doesn't make + really much difference in reproducibility (see + gh#python/cpython#8057 and discussion there). + +------------------------------------------------------------------- +Sat Dec 1 00:14:28 CET 2018 - mcepl@suse.com + +- Rename Stop_hash-based_invalidation_w_SOURCE_DATE_EPOCH.patch + to bpo34022-stop_hash-based_invalidation_w_SOURCE_DATE_EPOCH.patch + +------------------------------------------------------------------- +Wed Nov 7 12:10:41 CET 2018 - mcepl@suse.com + +- Add dependency on bluez-devel to build support for Bluetooth + (boo#1109998) + +------------------------------------------------------------------- +Tue Nov 6 13:52:45 CET 2018 - mcepl@suse.com + +- Add devhelp subpackage and split qthelp into another + subpackage. + +------------------------------------------------------------------- +Wed Oct 24 12:38:00 UTC 2018 - Matěj Cepl + +- Remove python-3.0b1-record-rpm.patch and + Python-3.0b1-record-rpm.patch, as they are not needed anymore + +------------------------------------------------------------------- +Tue Oct 23 14:14:16 UTC 2018 - Matej Cepl + +- Switch off test_threading for optimization builds. + +------------------------------------------------------------------- +Mon Oct 22 14:41:59 CEST 2018 - mcepl@suse.com + +- Update to python-3.7.1. This is just a brief overview, complete + changelog available at + https://docs.python.org/3.7/whatsnew/changelog.html#python-3-7-1-final: + Library + bpo-34970: Protect tasks weak set manipulation in asyncio.all_tasks() +- Patches already accepted upstream are removed: + * 00307-allow-to-call-Py_Main-after-Py_Initialize.patch + * 00308-tls-1.3.patch +- New patches added: + * Stop_hash-based_invalidation_w_SOURCE_DATE_EPOCH.patch + * raise_SIGING_not_handled.patch +- All other patches refreshed via quilt. + +------------------------------------------------------------------- +Mon Oct 22 12:22:19 UTC 2018 - Matej Cepl + +- Add raise_SIGING_not_handled.patch to fix bsc#1094814 + +------------------------------------------------------------------- +Wed Oct 17 14:04:35 UTC 2018 - Tomáš Chvátal + +- Add patch to fix importlib return types: + * python3-imp-returntype.patch + +------------------------------------------------------------------- +Mon Oct 15 13:46:32 CEST 2018 - mcepl@suse.com + +- bpo-34022 still not completely fixed, so we have to keep + excluding test_cmd_line_script, + test_multiprocessing_main_handling, and test_runpy from the + test suite. + +------------------------------------------------------------------- +Sun Oct 14 15:57:24 UTC 2018 - Matej Cepl + +- Update to python 3.7.1~rc2: + Core and Builtins + bpo-34879: Fix a possible null pointer dereference in + bytesobject.c. Patch by Zackery Spytz. + bpo-34854: Fixed a crash in compiling string annotations + containing a lambda with a keyword-only argument that + doesn’t have a default value. + bpo-34320: Fix dict(od) didn’t copy iteration order of + OrderedDict. + Library + bpo-34769: Fix for async generators not finalizing when event + loop is in debug mode and garbage collector runs in another + thread. + bpo-34922: Fixed integer overflow in the digest() and + hexdigest() methods for the SHAKE algorithm in the hashlib + module. + bpo-34900: Fixed unittest.TestCase.debug() when used to call + test methods with subtests. Patch by Bruno Oliveira. + bpo-34871: Fix inspect module polluted sys.modules when parsing + __text_signature__ of callable. + bpo-34872: Fix self-cancellation in C implementation of + asyncio.Task + bpo-34819: Use a monotonic clock to compute timeouts in + Executor.map() and as_completed(), in order to prevent + timeouts from deviating when the system clock is adjusted. + bpo-34334: In QueueHandler, clear exc_text from LogRecord to + prevent traceback from being written twice. + bpo-6721: Acquire the logging module’s commonly used internal + locks while fork()ing to avoid deadlocks in the child + process. + bpo-34172: Fix a reference issue inside multiprocessing.Pool + that caused the pool to remain alive if it was deleted + without being closed or terminated explicitly. + Documentation + bpo-32174: chm document displays non-ASCII charaters properly on + some MBCS Windows systems. + Tests + bpo-32962: Fixed test_gdb when Python is compiled with flags + -mcet -fcf-protection -O0. + C API + bpo-34910: Ensure that PyObject_Print() always returns -1 on + error. Patch by Zackery Spytz. + +------------------------------------------------------------------- +Fri Oct 12 20:46:58 CEST 2018 - mcepl@suse.com + +- Add Stop_hash-based_invalidation_w_SOURCE_DATE_EPOCH.patch to + fix problems with SOURCE_DATE_EPOCH variable (bpo-34022) + +------------------------------------------------------------------- +Mon Sep 17 09:44:02 UTC 2018 - Tomáš Chvátal + +- Add patch to fix build with tls1.3 supported openssl + * 00308-tls-1.3.patch +- Add patch to fix Py_Main calls after Py_initialize + * 00307-allow-to-call-Py_Main-after-Py_Initialize.patch + +------------------------------------------------------------------- +Mon Sep 3 15:22:42 UTC 2018 - Matěj Cepl + +- Add -fwrapv to OPTS, which is default for python3 anyway + See for example https://github.com/zopefoundation/persistent/issues/86 + for bugs which are caused by avoiding it. + +------------------------------------------------------------------- +Tue Jul 10 11:12:32 UTC 2018 - mcepl@suse.com + +- Fix ownership of _contextvars, _queue, and _xxtestfuzz + +------------------------------------------------------------------- +Tue Jul 3 15:04:48 UTC 2018 - mcepl@suse.com + +- Switch off LTO for distros with older GCC +- Fix %files + +------------------------------------------------------------------- +Fri Jun 29 14:20:03 UTC 2018 - tchvatal@suse.com + +- Add dependency over libuuid-devel + +------------------------------------------------------------------- +Thu Jun 28 10:42:15 UTC 2018 - mimi.vx@gmail.com + +- update to python 3.7.0 + Complete overview of changes is available on + https://docs.python.org/3/whatsnew/3.7.html, these are just + highlights: + * PEP 563, postponed evaluation of type annotations. + * async and await are now reserved keywords. + * New library modules: + contextvars: PEP 567 – Context Variables + dataclasses: PEP 557 – Data Classes + importlib.resources + * New built-in features: + PEP 553, the new breakpoint() function. + * Python data model improvements: + PEP 562, customization of access to module attributes. + PEP 560, core support for typing module and generic types. + the insertion-order preservation nature of dict objects + has been declared to be an official part of the Python + language spec. + * Significant improvements in the standard library: + The asyncio module has received new features, significant + usability and performance improvements. + The time module gained support for functions with + nanosecond resolution. + * CPython implementation improvements: + Avoiding the use of ASCII as a default text encoding: + PEP 538, legacy C locale coercion + PEP 540, forced UTF-8 runtime mode + PEP 552, deterministic .pycs + the new development runtime mode + PEP 565, improved DeprecationWarning handling + * C API improvements: + PEP 539, new C API for thread-local storage + * Documentation improvements: + PEP 545, Python documentation translations + New documentation translations: Japanese, French, and Korean. +- drop python3-sorted_tar.patch +- drop 0001-allow-for-reproducible-builds-of-python-packages.patch +- refresh python-3.6.0-multilib-new.patch +- refresh subprocess-raise-timeout.patch + * new C API for thread-local storage + * Deterministic pyc files + * Built-in breakpoint() + * Data Classes + * Core support for typing module and generic types + * Customization of access to module attributes + * Postponed evaluation of annotations + * Time functions with nanosecond resolution + * Improved DeprecationWarning handling + * Context Variables + * Avoiding the use of ASCII as a default text encoding + (PEP 538, legacy C locale coercion and PEP 540, forced UTF-8 runtime mode) + * The insertion-order preservation nature of dict objects is now + an official part of the Python language spec. + * Notable performance improvements in many areas. + +------------------------------------------------------------------- +Thu May 17 18:26:42 UTC 2018 - hpj@urpla.net + +- disable lto with gcc versions below 7 (results in link failures) + +------------------------------------------------------------------- +Mon Apr 30 15:23:24 UTC 2018 - jengelh@inai.de + +- Use faster find subcommand execution strategies. + +------------------------------------------------------------------- +Fri Apr 20 16:17:29 UTC 2018 - tchvatal@suse.com + +- Do not mention the testsuite disabling in opts as it was moved to + main pkg so base is test-free + +------------------------------------------------------------------- +Tue Apr 17 08:36:08 UTC 2018 - tchvatal@suse.com + +- As we run in main python package do not generate the pre_checkin + from both now + +------------------------------------------------------------------- +Mon Apr 16 14:11:56 UTC 2018 - tchvatal@suse.com + +- Move the tests from base to generic package wrt bsc#1088573 + * We still fail the whole distro if python3 is not build + * The other archs than x86_64 took couple of hours to unblock + build of other software, this way we work around the issue +- Some tests are still run in -base for the LTO tweaking, but at + least it is not run twice + +------------------------------------------------------------------- +Sat Mar 31 19:41:12 UTC 2018 - mimi.vx@gmail.com + +- update to 3.6.5 + * bugfix release + * see Misc/NEWS for details +- drop ctypes-pass-by-value.patch +- drop fix-localeconv-encoding-for-LC_NUMERIC.patch +- refresh python-3.6.0-multilib-new.patch + +------------------------------------------------------------------ +Wed Mar 7 09:16:39 UTC 2018 - adam@mizerski.pl + +- Created %so_major and %so_minor macros +- Put Tools/gdb/libpython.py script into proper place and ship it with devel + subpackage. + +------------------------------------------------------------------- +Tue Feb 20 15:04:56 UTC 2018 - schwab@suse.de + +- ctypes-pass-by-value.patch: Fix pass by value for structs on aarch64 + +------------------------------------------------------------------- +Tue Feb 20 14:28:00 UTC 2018 - bwiedemann@suse.com + +- Add python3-sorted_tar.patch (boo#1081750) + +------------------------------------------------------------------- +Tue Feb 20 14:08:57 UTC 2018 - tchvatal@suse.com + +- Drop python3-tk and python3-idle recommends to reduce python3 + always pulling X stack bsc#1081751 + +------------------------------------------------------------------- +Wed Feb 7 09:10:03 UTC 2018 - tchvatal@suse.com + +- Add patch to fix glibc 2.27 fail bsc#1079761: + * fix-localeconv-encoding-for-LC_NUMERIC.patch + +------------------------------------------------------------------- +Mon Feb 5 17:14:43 UTC 2018 - normand@linux.vnet.ibm.com + +- Update skip_random_failing_tests.patch (for PowerPC) + to avoid test_call_later failure + +------------------------------------------------------------------- +Wed Jan 24 14:35:58 UTC 2018 - jmatejek@suse.com + +- move XML modules and python3-xml provide to python3-base + (fixes bsc#1077230) +- move ensurepip to base + +------------------------------------------------------------------- +Thu Jan 18 12:31:47 UTC 2018 - normand@linux.vnet.ibm.com + +- Add skip_random_failing_tests.patch only for PowerPC + +------------------------------------------------------------------- +Wed Jan 3 12:18:51 UTC 2018 - jmatejek@suse.com + +- update to 3.6.4 + * bugfix release, over a hundred bugs fixed + * see Misc/NEWS for details +- drop upstreamed python3-ncurses-6.0-accessors.patch +- drop PYTHONSTARTUP hooks that cause spurious startup errors + * fixes bsc#1070738 + * the relevant feature (REPL history) is now built into Python itself + +------------------------------------------------------------------- +Sat Dec 2 11:11:46 UTC 2017 - dimstar@opensuse.org + +- Install 2to3-%{python_version} executable (override defattr of + the -tools package). 2to3 (unversioned) is a symlink and does not + carry permissions (bsc#1070853). + +------------------------------------------------------------------- +Thu Nov 16 11:02:18 UTC 2017 - mimi.vx@gmail.com + +- move 2to3 to python3-tools package + +------------------------------------------------------------------- +Wed Oct 11 13:15:23 UTC 2017 - jmatejek@suse.com + +- update to 3.6.3 + * bugfix release, over a hundred bugs fixed + * see Misc/NEWS for details +- drop upstreamed 0001-3.6-bpo-30714-ALPN-changes-for-OpenSSL-1.1.0f-3093.patch + +------------------------------------------------------------------- +Wed Sep 20 09:54:05 UTC 2017 - dmueller@suse.com + +- drop python-2.7-libffi-aarch64.patch: this patches the intree + copy of libffi which is unused/deleted in the line afterwards +- fix build against system libffi: include flags weren't set + so it actually used the in-tree libffi headers. + +------------------------------------------------------------------- +Thu Sep 14 13:23:10 UTC 2017 - vcizek@suse.com + +- Fix test broken with OpenSSL 1.1 (bsc#1042670) + * add 0001-3.6-bpo-30714-ALPN-changes-for-OpenSSL-1.1.0f-3093.patch + +------------------------------------------------------------------- +Tue Sep 5 11:47:05 UTC 2017 - jengelh@inai.de + +- Update RPM group for python documentation. + +------------------------------------------------------------------- +Thu Aug 31 08:39:31 UTC 2017 - schwab@suse.de + +- fix missing %{?armsuffix} + +------------------------------------------------------------------- +Wed Aug 30 13:41:38 UTC 2017 - jmatejek@suse.com + +- distutils-reproducible-compile.patch: ensure distutils order files + before compiling, which works around bsc#1049186 + +------------------------------------------------------------------- +Thu Aug 17 08:59:05 CEST 2017 - kukuk@suse.de + +- Add libnsl-devel build requires for glibc obsoleting libnsl + +------------------------------------------------------------------- +Thu Aug 3 16:09:26 UTC 2017 - jmatejek@suse.com + +- update to 3.6.2 + * bugfix release, over a hundred bugs fixed + * see Misc/NEWS for details +- drop upstreamed test-socket-aead-kernel49.patch +- add Provides: python3-typing (fixes bsc#1050653) +- drop duplicate Provides: python3 + +------------------------------------------------------------------- +Mon Jun 26 12:10:07 UTC 2017 - jmatejek@suse.com + +- drop db-devel from requirements + +------------------------------------------------------------------- +Tue Jun 20 09:26:52 UTC 2017 - asn@cryptomilk.org + +- Add missing link to python library in config dir (bsc#1040164) + +------------------------------------------------------------------- +Thu Mar 23 12:42:59 UTC 2017 - jmatejek@suse.com + +- update to 3.6.1 + * bugfix release, over a hundred bugs fixed + * never add import location's parent directory to sys.path + * switch to git for version control, build changes related to that + * fix "failed to get random numbers" on old kernels (bsc#1029902) + * several crashes and memory leaks corrected + * f-string are no longer accepted as docstrings + +------------------------------------------------------------------- +Mon Mar 13 14:04:22 UTC 2017 - jmatejek@suse.com + +- prevent regenerating AST at build-time more robustly +- add "--without profileopt" and "--without testsuite" options to python3-base + to allow short circuiting when working on the package + +------------------------------------------------------------------- +Sat Feb 25 20:55:57 UTC 2017 - bwiedemann@suse.com + +- Add 0001-allow-for-reproducible-builds-of-python-packages.patch + upstream https://github.com/python/cpython/pull/296 + +------------------------------------------------------------------- +Wed Feb 8 12:30:20 UTC 2017 - jmatejek@suse.com + +- reenable test_socket with AEAD patch (test-socket-aead-kernel49.patch) +- reintroduce %py3_soflags macro (and better named %cpython3_soabi equivalent) + +------------------------------------------------------------------- +Wed Jan 11 14:57:07 UTC 2017 - jmatejek@suse.com + +- update to 3.6.0 + * PEP 498 Formated string literals + * PEP 515 Underscores in numeric literals + * PEP 526 Syntax for variable annotations + * PEP 525 Asynchronous generators + * PEP 530 Asynchronous comprehensions + * PEP 506 New "secrets" module for safe key generation + * less memory consumed by dicts + * dtrace and systemtap support + * improved asyncio module + * better defaults for ssl + * new hashing algorithms in hashlib + * bytecode format changed to allow more optimizations + * "async" and "await" are on track to be reserved words + * StopIteration from generators is deprecated + * support for openssl < 1.0.2 is deprecated + * os.urandom now blocks when getrandom() blocks + * huge number of new features, bugfixes and optimizations + * see https://docs.python.org/3.6/whatsnew/3.6.html for details +- rework multilib patch: drop Python-3.5.0-multilib.patch, implement + upstreamable python-3.6.0-multilib-new.patch +- refresh python-3.3.0b1-localpath.patch, subprocess-raise-timeout.patch +- drop upstreamed Python-3.5.1-fix_lru_cache_copying.patch +- finally drop python-2.6b1-canonicalize2.patch that was not applied in source + and only kept around in case we needed it in the future. (which we don't, as it seems) +- update import_failed map and baselibs +- build ctypes against system libffi + (buildrequire libffi-devel in python3-base) +- add new key to keyring (signed by keys already in keyring) +- introduced common configure section between python3 and python3-base +- moved pyconfig.h and Makefile to devel subpackage as distutils no longer + need it at runtime +- added python-rpm-macros dependency, regenerated macros file, drop macros.python3.py + because it is not used now +- improve summaries and descriptions (fixes bsc#917607) +- enabled Link-Time Optimization, see what happens +- including skipped_tests.py in pre_checkin.sh run +- run specs through spec-cleaner, rearrange sections + +------------------------------------------------------------------- +Fri Apr 22 17:20:29 UTC 2016 - jmatejek@suse.com + +- move _hashlib and _ssl modules and tests to python3-base +- recommend python3 + +------------------------------------------------------------------- +Tue Mar 15 15:05:23 UTC 2016 - schwab@suse.de + +- Skip test_asyncio under qemu_user_space_build + +------------------------------------------------------------------- +Mon Mar 7 20:38:11 UTC 2016 - toddrme2178@gmail.com + +- Add Python-3.5.1-fix_lru_cache_copying.patch + Fix copying the lru_cache() wrapper object. + Fixes deep-copying lru_cache regression, which worked on + previous versions of python but fails on python 3.5. + This fixes a bunch of packages in devel:languages:python3. + See: https://bugs.python.org/issue25447 + +------------------------------------------------------------------- +Sun Jan 24 00:44:08 UTC 2016 - arichardson.kde@gmail.com + +- Build the docs in .qch format as well + +------------------------------------------------------------------- +Wed Dec 9 07:35:20 UTC 2015 - toddrme2178@gmail.com + +- update to 3.5.1 + * bugfix-only release, dozens of bugs fixed +- Drop upstreamed Python-3.5.0-_Py_atomic_xxx-symbols.patch +- "Python3" to "Python 3" in summary + * This seems cleaner and fixes and rpmlint warning + +------------------------------------------------------------------- +Wed Oct 14 20:21:52 UTC 2015 - toddrme2178@gmail.com + +- Add Python-3.5.0-_Py_atomic_xxx-symbols.patch + This fixes a build error for many packages that use the Python, + C-API. + This patch is already accepted upstream and is slated to appear in + python 3.5.1. + +------------------------------------------------------------------- +Tue Sep 29 15:53:24 UTC 2015 - jmatejek@suse.com + +- update to 3.5.0 + * coroutines with async/await syntax + * matrix multiplication operator `@` + * unpacking generalizations + * new modules `typing` and `zipapp` + * type annotations + * .pyo files replaced by custom suffixes for optimization levels in __pycache__ + * support for memory BIO in ssl module + * performance improvements in several modules + * and many more +- removals and behavior changes + * deprecated `__version__` is removed + * support for .pyo files was removed + * system calls are auto-retried on EINTR + * bare generator expressions in function calls now cause SyntaxError + (change "f(x for x in i)" to "f((x for x in i))" to fix) + * removed undocumented `format` member of private `PyMemoryViewObject` struct + * renamed `PyMemAllocator` to `PyMemAllocatorEx` +- redefine %dynlib macro to reflect that modules now have arch+os as part of name +- module `time` is now built-in +- dropped upstreamed patches: + python-3.4.1-fix-faulthandler.patch + python-3.4.3-test-conditional-ssl.patch + python-fix-short-dh.patch (also dropped dh2048.pem required for this patch) +- updated patch Python-3.3.0b2-multilib.patch to Python-3.5.0-multilib.patch +- python-ncurses-6.0-accessors.patch taken from python 2 to fix build failure + with new gcc + ncurses + +------------------------------------------------------------------- +Wed Sep 9 11:51:22 UTC 2015 - dimstar@opensuse.org + +- Add python3-ncurses-6.0-accessors.patch: Fix build with + NCurses 6.0 and OPAQUE_WINDOW set to 1. + +------------------------------------------------------------------- +Mon Aug 24 17:02:08 UTC 2015 - jmatejek@suse.com + +- improve import_failed hook to do the right thing when invoking + missing modules with "python3 -m modulename" (boo#942751) + +------------------------------------------------------------------- +Thu Jul 23 22:08:10 UTC 2015 - fisiu@opensuse.org + +- Build with --enable-loadable-sqlite-extensions to make it works + as geospatial database. + +------------------------------------------------------------------- +Wed Jul 1 07:07:26 UTC 2015 - dimstar@opensuse.org + +- Fix source list for previous change (add dh2048.pem). + +------------------------------------------------------------------- +Wed Jun 24 06:54:30 UTC 2015 - meissner@suse.com + +- dh2048.pem: added generated 2048 dh parameter set to fix + ssl test (bsc#935856) +- python-fix-short-dh.patch: replace the 512 bits dh parameter set + by 2048 bits to fix build with new openssl 1.0.2c (bsc#935856) + +------------------------------------------------------------------- +Tue May 19 14:59:30 UTC 2015 - schwab@suse.de + +- ctypes-libffi-aarch64.patch: remove upstreamed patch +- python-2.7-libffi-aarch64.patch: Fix argument passing in libffi for + aarch64 + +------------------------------------------------------------------- +Thu May 14 10:58:36 UTC 2015 - jmatejek@suse.com + +- drop the PDF subpackage + (removes the massive texlive dependency, and most likely nobody is + using the PDFs anyway) + +------------------------------------------------------------------- +Thu May 14 09:53:29 UTC 2015 - jmatejek@suse.com + +- python-3.4.3-test-conditional-ssl.patch - restore tests failing because + test_urllib was unconditionally importing ssl (without really needing it) +- restore functionality of multilib patch +- drop libffi-ppc64le.diff because upstream completely changed everything + yet again (sorry ppc64 folks :| ) + + +------------------------------------------------------------------- +Fri May 1 15:11:21 UTC 2015 - mailaender@opensuse.org + +- Update to version 3.4.3 +- Drop upstreamed CVE-2014-4650-CGIHTTPServer-traversal.patch + (bpo#21766) + +------------------------------------------------------------------- +Wed Mar 25 10:57:28 UTC 2015 - rguenther@suse.com + +- Add python-3.4.1-fix-faulthandler.patch, upstream patch for bogus + faulthandler which fails with GCC 5. + +------------------------------------------------------------------- +Sun Jan 11 13:01:30 UTC 2015 - p.drouand@gmail.com + +- asyncio has been merged in python3 main package; provide and + obsolete it +- Remove obsolete AUTHORS section +- Remove redundant %clean section + +------------------------------------------------------------------- +Sat Oct 18 20:14:54 UTC 2014 - crrodriguez@opensuse.org + +- Only pkgconfig(x11) is required for build, not the whole + set of packages provided by xorg-x11-devel metapackage. + +------------------------------------------------------------------- +Mon Oct 13 13:38:20 UTC 2014 - jmatejek@suse.com + +- add %python3_version rpm macro for Fedora compatibility +- add missing argument in import_failed, rename Novell Bugzilla + to SUSE Bugzilla + +------------------------------------------------------------------- +Thu Jul 31 17:24:59 UTC 2014 - dimstar@opensuse.org + +- Rename rpmlintrc to %{name}-rpmlintrc. + Follow the packaging guidelines. + +------------------------------------------------------------------- +Wed Jul 23 16:31:02 UTC 2014 - jmatejek@suse.com + +- CVE-2014-4650-CGIHTTPServer-traversal.patch: CGIHTTPServer file + disclosure and directory traversal through URL-encoded characters + (CVE-2014-4650, bnc#885882) + +------------------------------------------------------------------- +Tue Jul 22 13:55:57 UTC 2014 - jmatejek@suse.com + +- drop python-3.4.1-SUSE-ensurepip.patch for compatibility reasons, + reinstate bundled copies of pip and setuptools + (fixes bnc#885662) +- add more files as sources to silence the validator + +------------------------------------------------------------------- +Wed May 21 11:01:56 UTC 2014 - jmatejek@suse.com + +- update to 3.4.1 + * bugfix-only release, over 300 bugs fixed +- drop upstreamed python-3.4.0rc2-sqlite-3.8.4-tests.patch +- drop upstreamed CVE-2014-2667-mkdir.patch +- include Python release manager keyring and signature file + for the source archive (thus renumbering of source files) + (see https://www.python.org/download/#openpgp-public-keys ) +- move ensurepip to python3, because it transitively requires ssl + +------------------------------------------------------------------- +Fri Apr 4 16:21:40 UTC 2014 - jmatejek@suse.com + +- CVE-2014-2667-mkdir.patch: race condition with reseting umask + in os.makedirs + (CVE-2014-2667, bnc#871152) +- updated multilib patch to include ~/.local/lib64 (bnc#637176) + +------------------------------------------------------------------- +Wed Mar 26 15:24:46 UTC 2014 - jmatejek@suse.com + +- raise timeout value for test_subprocess to 10s (might fix + intermittent build failures in OBS) + +------------------------------------------------------------------- +Mon Mar 24 17:29:31 UTC 2014 - dmueller@suse.com + +- remove blacklisting of test_posix on aarch64: qemu bug is fixed + +------------------------------------------------------------------- +Mon Mar 17 18:26:58 UTC 2014 - jmatejek@suse.com + +- update to 3.4.0 final +- drop upstreamed python-3.4rc2-importlib.patch + +------------------------------------------------------------------- +Sun Mar 16 16:33:25 UTC 2014 - schwab@suse.de + +- Only build with profile-opt if profiling is enabled +- Update test exclusion lists: + * test_ctypes no longer fails on arm + * test_io no longer fails on ppc* + * test_multiprocessing has been split in multiple tests + * test_posix and test_signal fail due to qemu bugs + +------------------------------------------------------------------- +Fri Mar 14 20:26:03 UTC 2014 - andreas.stieger@gmx.de + +- Fix build with SQLite 3.8.4 [bnc#867887], fixing SQLite tests, + adding python-2.7.6-sqlite-3.8.4-tests.patch + +------------------------------------------------------------------- +Thu Feb 27 14:08:40 UTC 2014 - jmatejek@suse.com + +- update to 3.4.0 rc2 + * pre-release bugfixes + * improvements to asyncio library +- drop upstreamed tracemalloc_gcov.patch +- python-3.4rc2-importlib.patch fixes backwards-incompatibility + in the reworked importlib module that blocks build of vim + +------------------------------------------------------------------- +Fri Jan 17 18:45:27 UTC 2014 - jmatejek@suse.com + +- initial commit of 3.4.0 beta 3 + * new stdlib modules: pathlib, enum, statistics, tracemalloc + * asynchronous IO with new asyncio module + * introspection data for builtins + * subprocesses no longer inherit open file descriptors + * standardized metadata for packages + * internal hashing changed to SipHash + * new pickle protocol + * improved handling of codecs + * TLS 1.2 support + * major speed improvements for internal unicode handling + * many bugfixes and optimizations +- see porting guide at: + http://docs.python.org/3.4/whatsnew/3.4.html#porting-to-python-3-4 +- moved several modules to -testsuite subpackage +- updated list of binary extensions, refreshed patches +- tracemalloc_gcov.patch fixes profile-based optimization build +- updated packages and pre_checkin.sh to use ~-version notation + for prereleases +- fix-shebangs part of build process moved to common %prep +- drop python-3.3.2-no-REUSEPORT.patch (upstreamed) +- update baselibs for new soname + +- TODOs: + * require python-pip, make ensurepip work with zypper + +------------------------------------------------------------------- +Wed Dec 4 13:21:26 UTC 2013 - matz@suse.de + +- add ppc64le (ELFv2) support for libffi copy for ctypes module +- Adjust Python-3.3.0b2-multilib.patch for ppc64le (make sys.lib be + "lib64"). +- added patches: + * libffi-ppc64le.diff +------------------------------------------------------------------- +Tue Dec 3 09:51:43 UTC 2013 - adrian@suse.de + +- add ppc64le rules + +------------------------------------------------------------------- +Fri Nov 22 13:17:23 UTC 2013 - speilicke@suse.com + +- Add python-3.3.3-skip-distutils-test_sysconfig_module.patch: + + Disable global and distutils sysconfig comparison test, we deviate + from the default depending on optflags + +------------------------------------------------------------------- +Tue Nov 19 14:28:41 UTC 2013 - jmatejek@suse.com + +- update to 3.3.3 + * bugfix-only release + * many SSL-related fixes + * upstream fix for CVE-2013-4238 + * upstream fixes for CVE-2013-1752 +- move example module xxlimited to python3-testsuite +- drop CVE-2013-4238_py33.patch - it is upstreamed +- remove --with-wide-unicode config option, it is now the default + (and only) choice +- don't touch anything between make and makeinstall +- drop python-3.2b2-buildtime-generate.patch - the issue was caused + by touching things between make and makeinstall +- link pycache entries for import_failed hooks properly + +------------------------------------------------------------------- +Tue Oct 15 17:44:08 UTC 2013 - crrodriguez@opensuse.org + +- build with -DOPENSSL_LOAD_CONF for the same reasons + described in the python2 package. + +------------------------------------------------------------------- +Fri Aug 16 11:35:15 UTC 2013 - jmatejek@suse.com + +- handle NULL bytes in certain fields of SSL certificates + (CVE-2013-4238, bnc#834601) + +------------------------------------------------------------------- +Thu Aug 8 14:54:49 UTC 2013 - dvaleev@suse.com + +- Exclue test_faulthandler from tests on powerpc due to bnc#831629 + +------------------------------------------------------------------- +Thu Jun 13 15:05:34 UTC 2013 - jmatejek@suse.com + +- update to 3.3.2 + * bugfix-only release + * fixes several regressions introduced in 3.3.1 +- switch to xz compression +- move _lzma module to python3-base +- python-3.3.2-no-REUSEPORT.patch to fix build on kernels without SO_REUSEPORT + +------------------------------------------------------------------- +Mon Apr 29 22:32:43 UTC 2013 - schwab@suse.de + +- Readd missing bits from ctypes-libffi-aarch64.patch + +------------------------------------------------------------------- +Sat Apr 13 07:56:51 UTC 2013 - idonmez@suse.com + +- Update to version 3.3.1 + * Fix the –enable-profiling configure switch. + * In IDLE, close the replace dialog after it is used. +- Too many bugfixes to list here, + see See http://hg.python.org/cpython/file/v3.3.0/Misc/NEWS +- Refresh Python-3.3.0b2-multilib.patch +- Refresh python-3.2b2-buildtime-generate.patch +- Drop upstream patches: ctypes-libffi-aarch64.patch, + python-3.2.3rc2-pypirc-secure.patch, python-3.3.0-getdents64.patch + +------------------------------------------------------------------- +Mon Apr 8 11:25:30 UTC 2013 - speilicke@suse.com + +- Exclude sqlite/test and tk/test directories from the respective + sub-packages. These are owned by the testsuite sub-package already + +------------------------------------------------------------------- +Fri Apr 5 12:59:20 UTC 2013 - idonmez@suse.com + +- Add Source URL, see https://en.opensuse.org/title=SourceUrls + +------------------------------------------------------------------- +Wed Apr 3 15:36:04 UTC 2013 - jmatejek@suse.com + +- remove spurious modification of python-3.3.0b1-localpath.patch + that would force installation into /usr/local. + this fixes bnc#809831 + +------------------------------------------------------------------- +Thu Mar 28 18:38:51 UTC 2013 - jmatejek@suse.com + +- replace broken movetogetdents64.diff patch with a correct one + from upstream repo (python-3.3.0-getdents64.patch) + +------------------------------------------------------------------- +Fri Mar 1 07:42:21 UTC 2013 - dmueller@suse.com + +- add ctypes-libffi-aarch64.patch: + * import aarch64 support for libffi in _ctypes module +- add aarch64 to the list of lib64 based archs +- add movetogetdents64.diff: + * port to getdents64, as SYS_getdents is not implemented everywhere + +------------------------------------------------------------------- +Tue Feb 26 08:57:55 UTC 2013 - saschpe@suse.de + +- /etc/rpm/macros.python3 is no %config, it is not meant to be changed + by users. +- Add rpmlintrc with some obvious filters + +------------------------------------------------------------------- +Mon Jan 28 18:14:39 UTC 2013 - jmatejek@suse.com + +- update baselibs for new version of libpython3 + +------------------------------------------------------------------- +Thu Nov 29 17:02:37 UTC 2012 - jmatejek@suse.com + +- fix include path in macros (bnc#787526) +- implement failed import handlers for modules that live in + subpackages - e.g. "import ssl" will now throw a sensible error + message telling you to install "python3" + +------------------------------------------------------------------- +Wed Nov 28 17:02:07 UTC 2012 - jmatejek@suse.com + +- merge python3-xml into python3 +- merge python3-2to3 library into python3-base + and the 2to3 binary into python3-devel + (python3-devel is now in conflict with python-2to3, which + will be dropped) +- enable --with-system-expat for python3, making the xml modules + (and thus python3) depend on expat +- reconfigure tests to disable network and GUI resources, which + the upstream apparently thought is a good idea to enable by default. + this fixes build failures in Factory +- add lzma-devel to build the _lzma module +- moved %dynlib macro definition to common section + +------------------------------------------------------------------- +Mon Nov 5 20:01:46 UTC 2012 - coolo@suse.com + +- buildrequire timezone for the test suite + +------------------------------------------------------------------- +Mon Oct 29 18:21:45 UTC 2012 - dmueller@suse.com + +- disable more checks for qemu builds as they use syscalls not + implemented yet + +------------------------------------------------------------------- +Thu Oct 25 08:14:36 UTC 2012 - Rene.vanPaassen@gmail.com + +- exclude test_math for SLE 11; math library fails on negative + gamma function values close to integers and 0, probably + due to imprecision in -lm on SLE_11_SP2. + +------------------------------------------------------------------- +Tue Oct 16 12:15:34 UTC 2012 - coolo@suse.com + +- buildrequire libbz2-devel explicitly + +------------------------------------------------------------------- +Mon Oct 8 14:33:08 UTC 2012 - jmatejek@suse.com + +- remove distutils.cfg (bnc#658604) + * this changes default prefix for distutils to /usr + * see ML for details: +http://lists.opensuse.org/opensuse-packaging/2012-09/msg00254.html + +------------------------------------------------------------------- +Mon Oct 1 08:53:03 UTC 2012 - idonmez@suse.com + +- Update to final 3.3.0 release + * See http://hg.python.org/cpython/file/v3.3.0/Misc/NEWS + +------------------------------------------------------------------- +Thu Sep 27 12:35:01 UTC 2012 - idonmez@suse.com + +- Correct dependency for python3-testsuite, + python3-tkinter -> python3-tk + +------------------------------------------------------------------- +Thu Aug 23 13:08:11 UTC 2012 - jmatejek@suse.com + +- update to 3.3.0 RC1 + +------------------------------------------------------------------- +Fri Aug 3 12:09:34 UTC 2012 - jmatejek@suse.com + +- update to 3.3.0 beta 1 + * flexible string representation, no longer distinguishing + between wide and narrow Unicode builds + * importlib-based import system + * virtualenv support in core + * namespace packages + * explicit Unicode literals for easier porting + * key-sharing dict implementation reduces memory footprint + of OO code + * hash randomization on by default + * many other new bugfixes and features, check NEWS for details + +- pre_checkin.sh now autofills various version strings in specs +- ship hashlib's fallback modules - those uselessly take up space + when real _hashlib.so from python3 is present, but the space wasted + is only 114kB and it provides python3-base with a working hashlib + module. + (also, this fixes bnc#743787) + +------------------------------------------------------------------- +Fri Jul 27 09:02:41 UTC 2012 - dvaleev@suse.com + +- skip test_io on ppc +- drop test_io ppc patch + +------------------------------------------------------------------- +Thu Jun 28 07:57:58 UTC 2012 - saschpe@suse.de + +- Satisfy source_validator by uncommenting an otherwise unused "Patch" + line + +------------------------------------------------------------------- +Tue Jun 12 15:39:08 UTC 2012 - adrian@suse.de + +- fix logic of checks exclusion + +------------------------------------------------------------------- +Fri May 18 11:50:27 UTC 2012 - idonmez@suse.com + +- update to 3.2.3 + * No changes since rc2 + +------------------------------------------------------------------- +Thu Mar 29 15:44:33 UTC 2012 - jmatejek@suse.com + +- update to 3.2.3rc2 + * fixes several security issues: + * CVE-2012-0845, bnc#747125 + * CVE-2012-1150, bnc#751718 + * CVE-2011-4944, bnc#754447 + * CVE-2011-3389, bnc#754677 +- fix for insecure .pypirc (CVE-2011-4944, bnc#754447) +- disable test_gdb because it is broken by our gdb + +------------------------------------------------------------------- +Thu Feb 16 12:33:12 UTC 2012 - dvaleev@suse.com + +- skip broken test_io test on ppc + +------------------------------------------------------------------- +Wed Jan 18 15:49:47 UTC 2012 - jmatejek@suse.com + +- update to 3.2.2 + * bugfix-only release + * reports "linux2" as sys.platform regardless of Linux kernel +- added pre_checkin.sh to copy common spec sections to python3.spec +- added PACKAGING-NOTES with some helpful info for packagers + +------------------------------------------------------------------- +Sun Dec 25 13:25:01 UTC 2011 - idonmez@suse.com + +- Use system ffi, included one is broken see + http://bugs.python.org/issue11729 and + http://bugs.python.org/issue12081 + +------------------------------------------------------------------- +Fri Dec 9 17:19:55 UTC 2011 - jmatejek@suse.com + +- license.opensuse.org-compatible license headers + +------------------------------------------------------------------- +Fri Dec 2 16:46:44 UTC 2011 - coolo@suse.com + +- add automake as buildrequire to avoid implicit dependency + +------------------------------------------------------------------- +Thu Nov 24 12:42:25 UTC 2011 - agraf@suse.com + +- fix ARM build (exclude some test cases which break for us) + +------------------------------------------------------------------- +Tue Aug 16 17:02:22 UTC 2011 - termim@gmail.com + +- use sysconfig module to get py3_incdir, py3_abiflags, + py3_soflags, python3_sitelib and python3_sitearch + +------------------------------------------------------------------- +Mon Jul 18 16:22:31 UTC 2011 - jmatejek@novell.com + +- update to 3.2.1 + * bugfix-only release, no major changes +- fix build on linux3 platform +- remove upstreamed pybench patch +- install /usr/lib directories in all cases to prevent spurious + "directory not owned" in dependent packages + +------------------------------------------------------------------- +Wed Jun 15 14:16:38 UTC 2011 - jmatejek@novell.com + +- replaced dynamic so version with manual so version, because + autobuild does not support autogeneration + +------------------------------------------------------------------- +Tue May 24 13:39:06 UTC 2011 - jmatejek@novell.com + +- generate macros.python3 at compile-time with fixed values +- don't include bogus values in pyconfig.h, as they can break + third-party packages (bnc#673071) + +------------------------------------------------------------------- +Tue May 17 12:52:51 UTC 2011 - jmatejek@novell.com + +- added Obsoletes: python3 < 3.1 so that the transition from + non-split to split packages goes smoothly + +------------------------------------------------------------------- +Fri May 13 12:38:19 UTC 2011 - jmatejek@novell.com + +- fixed RPM macros to use python3 instead of python +- updated to build --with-wide-unicode (for compatibility with + fedora and our own python 2.x series) + +------------------------------------------------------------------- +Thu Apr 21 03:39:25 UTC 2011 - termim@gmail.com + +- fix python3-base build failure due to pybench.py crash by + python-3.2-pybench.patch +- move pyconfig.h from python3-devel to python3-base package to + make python3-base functional again + +------------------------------------------------------------------- +Wed Mar 23 04:26:28 UTC 2011 - termim@gmail.com + +- update to python 3.2 + * stable ABI, ABI-tagged .so files + * concurrent.futures and many other new or upgraded modules + * PYC repository directories ( __pycache__ ) + * python WSGI 1.0.1 + * Unicode 6.0.0 support + * a great number of bugfixes and assorted improvements + +------------------------------------------------------------------- +Tue Feb 8 19:42:17 CET 2011 - matejcik@suse.cz + +- update to python 3.2 RC2 +- renamed python3-demo to python3-tools, because the demo part + became much smaller than the tools part +- added rpm macros + +------------------------------------------------------------------- +Tue Jan 18 14:13:04 UTC 2011 - jmatejek@novell.com + +- update to python 3.2 beta 2, see NEWS for details +- split off -base package with less dependencies, and a shlib-policy + compliant libpython3 package +- mostly rewritten the spec file with more detailed comments +- cleaned up lists of patches + diff --git a/python311.spec b/python311.spec new file mode 100644 index 0000000..0a68887 --- /dev/null +++ b/python311.spec @@ -0,0 +1,1042 @@ +# +# spec file for package python311 +# +# Copyright (c) 2025 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%global flavor @BUILD_FLAVOR@%{nil} +%if "%{flavor}" == "doc" +%define psuffix -documentation +%bcond_without doc +%bcond_with base +%bcond_with general +%endif +%if "%{flavor}" == "base" +%define psuffix -core +%bcond_with doc +%bcond_without base +%bcond_with general +%endif +%if "%{flavor}" == "" +%define psuffix %{nil} +%bcond_with doc +%bcond_with base +%bcond_without general +%endif + +%if 0%{?do_profiling} && !0%{?want_reproducible_builds} +%bcond_without profileopt +%else +%bcond_with profileopt +%endif + +# Only for Tumbleweed +# https://en.opensuse.org/openSUSE:Python:Externally_managed +%if 0%{?suse_version} > 1600 +%bcond_without externally_managed +%else +%bcond_with externally_managed +%endif + +%define python_pkg_name python311 +%if "%{python_pkg_name}" == "%{primary_python}" +%define primary_interpreter 1 +%else +%define primary_interpreter 0 +%endif + +# Setting up variables +%define _version %(c=%{version}; echo ${c/[a-z]*/}) +%define tar_suffix %(c=%{_version}; echo ${c#%{_version}}) +%define python_version %(echo %{_version}|cut -d. -f1-2) +# based on the current source tarball +%define python_version_abitag %(c=%{python_version}; echo ${c//./}) +# FIXME %%define python_version_soname %%(c=%%{python_version}; echo ${c//./_}) +%define python_version_soname 3_11 +%if 0%(test -n "%{tar_suffix}" && echo 1) +%define _version %(echo "%{_version}~%{tar_suffix}") +%define tarversion %{version} +%else +%define tarversion %{version} +%endif +# We don't process beta signs well +%define folderversion %{tarversion} +%define tarname Python-%{tarversion} +%define sitedir %{_libdir}/python%{python_version} +# three possible ABI kinds: m - pymalloc, d - debug build; see PEP 3149 +%define abi_kind %{nil} +# python ABI version - used in some file names +%define python_abi %{python_version}%{abi_kind} +# soname ABI tag defined in PEP 3149 +%define abi_tag %{python_version_abitag}%{abi_kind} +# version part of "libpython" package +%define so_major 1 +%define so_minor 0 +%define so_version %{python_version_soname}%{abi_kind}-%{so_major}_%{so_minor} +# rpm and python have different ideas about what is an arch-dependent name, so: +%if "%{__isa_name}" == "ppc" +%define archname %(echo %{_arch} | sed s/ppc/powerpc/) +%else +%define archname %{_arch} +%endif +# our arm has Hardware-Floatingpoint +%if "%{_arch}" == "arm" +%define armsuffix hf +%endif +# Decide whether we want to use mpdecimal +%if 0%{?suse_version} >= 1550 +%bcond_without mpdecimal +%else +%bcond_with mpdecimal +%endif +# pyexpat.cpython-35m-x86_64-linux-gnu +# pyexpat.cpython-35m-powerpc64le-linux-gnu +# pyexpat.cpython-35m-armv7-linux-gnueabihf +# _md5.cpython-38m-x86_64-linux-gnu.so +%define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so +Name: %{python_pkg_name}%{psuffix} +Version: 3.11.13 +Release: 0 +Summary: Python 3 Interpreter +License: Python-2.0 +URL: https://www.python.org/ +Source0: https://www.python.org/ftp/python/%{folderversion}/%{tarname}.tar.xz +Source1: https://www.python.org/ftp/python/%{folderversion}/%{tarname}.tar.xz.sigstore +Source2: baselibs.conf +Source3: README.SUSE +Source4: externally_managed.in +Source7: macros.python3 +Source8: import_failed.py +Source9: import_failed.map +Source10: pre_checkin.sh +Source11: skipped_tests.py +Source19: idle3.desktop +Source20: idle3.appdata.xml +# content of bluez-devel: +# 1. sudo zypper --pkg-cache-dir /tmp install -f -d --no-recommends bluez-devel +# 2. rpm2cpio /tmp/*/*/bluez-devel-*.rpm|cpio -idu +# 3. mkdir Vendor && mv usr/include/* Vendor/ +# 4. tar cJf bluez-devel-vendor.tar.xz Vendor/ +Source21: bluez-devel-vendor.tar.xz +Source98: python311-rpmlintrc +# Tarball is signed by the GPG key of Pablo Galindo Salgado (0x64E628F8D684696D) +# https://keybase.io/pablogsal/pgp_keys.asc?fingerprint=a035c8c19219ba821ecea86b64e628f8d684696d +Source99: python.keyring +# The following files are not used in the build. +# They are listed here to work around missing functionality in rpmbuild, +# which would otherwise exclude them from distributed src.rpm files. +Source100: PACKAGING-NOTES +# PATCH-FEATURE-UPSTREAM F00251-change-user-install-location.patch bsc#[0-9]+ mcepl@suse.com +# Fix installation in /usr/local (boo#1071941), originally from Fedora +# https://src.fedoraproject.org/rpms/python3.12/blob/rawhide/f/00251-change-user-install-location.patch +# Set values of prefix and exec_prefix in distutils install command +# to /usr/local if executable is /usr/bin/python* and RPM build +# is not detected to make pip and distutils install into separate location +Patch02: F00251-change-user-install-location.patch +# PATCH-FEATURE-UPSTREAM distutils-reproducible-compile.patch gh#python/cpython#8057 mcepl@suse.com +# Improve reproduceability +Patch03: distutils-reproducible-compile.patch +# support finding packages in /usr/local, install to /usr/local by default +Patch04: python-3.3.0b1-localpath.patch +# replace DATE, TIME and COMPILER by fixed definitions to aid reproducible builds +Patch05: python-3.3.0b1-fix_date_time_compiler.patch +# Raise timeout value for test_subprocess +Patch07: subprocess-raise-timeout.patch +# PATCH-FEATURE-UPSTREAM bpo-31046_ensurepip_honours_prefix.patch bpo#31046 mcepl@suse.com +# ensurepip should honour the value of $(prefix) +Patch08: bpo-31046_ensurepip_honours_prefix.patch +# PATCH-FIX-SLE no-skipif-doctests.patch jsc#SLE-13738 mcepl@suse.com +# SLE-15 version of Sphinx doesn't know about skipif directive in doctests. +Patch09: no-skipif-doctests.patch +# PATCH-FIX-SLE skip-test_pyobject_freed_is_freed.patch mcepl@suse.com +# skip a test failing on SLE-15 +Patch10: skip-test_pyobject_freed_is_freed.patch +# PATCH-FIX-SLE fix_configure_rst.patch bpo#43774 mcepl@suse.com +# remove duplicate link targets and make documentation with old Sphinx in SLE +Patch11: fix_configure_rst.patch +# PATCH-FIX-UPSTREAM skip_if_buildbot-extend.patch gh#python/cpython#103053 mcepl@suse.com +# Skip test_freeze_simple_script +Patch13: skip_if_buildbot-extend.patch +# PATCH-FIX-UPSTREAM bsc1221260-test_asyncio-ResourceWarning.patch bsc#1221260 mcepl@suse.com +# prevent ResourceWarning in test_asyncio tests +Patch15: bsc1221260-test_asyncio-ResourceWarning.patch +# PATCH-FIX-OPENSUSE CVE-2023-52425-libexpat-2.6.0-backport.patch +# This problem on libexpat is patched on SLE without version +# update, this patch changes the tests to match the libexpat provided +# by SUSE +Patch16: CVE-2023-52425-libexpat-2.6.0-backport.patch +Patch17: CVE-2023-52425-remove-reparse_deferral-tests.patch +# PATCH-FIX-UPSTREAM bso1227999-reproducible-builds.patch bsc#1227999 mcepl@suse.com +# reproducibility patches +Patch19: bso1227999-reproducible-builds.patch +# PATCH-FIX-UPSTREAM gh120226-fix-sendfile-test-kernel-610.patch gh#python/cpython#120226 mcepl@suse.com +# Fix test_sendfile_close_peer_in_the_middle_of_receiving on Linux >= 6.10 (GH-120227) +Patch22: gh120226-fix-sendfile-test-kernel-610.patch +# PATCH-FIX-UPSTREAM Add platform triplets for 64-bit LoongArch gh#python/cpython#30939 glaubitz@suse.com +Patch24: add-loongarch64-support.patch +BuildRequires: autoconf-archive +BuildRequires: automake +BuildRequires: crypto-policies-scripts +BuildRequires: fdupes +BuildRequires: gmp-devel +BuildRequires: lzma-devel +BuildRequires: netcfg +BuildRequires: openssl-devel +BuildRequires: pkgconfig +BuildRequires: xz +BuildRequires: pkgconfig(bzip2) +BuildRequires: pkgconfig(expat) +BuildRequires: pkgconfig(libffi) +BuildRequires: pkgconfig(uuid) +BuildRequires: pkgconfig(zlib) +#!BuildIgnore: gdk-pixbuf-loader-rsvg +%if 0%{?suse_version} >= 1550 +# The provider for python(abi) is in rpm-build-python +BuildRequires: rpm-build-python +%endif +%if 0%{?suse_version} >= 1500 && 0%{?suse_version} < 1599 +BuildRequires: pkgconfig(libnsl) +BuildRequires: pkgconfig(libtirpc) +%endif +%if %{with mpdecimal} +BuildRequires: mpdecimal-devel +%endif +%if %{with doc} +BuildRequires: python3-Sphinx >= 4.0.0 +%if 0%{?suse_version} >= 1500 +BuildRequires: python3-python-docs-theme >= 2022.1 +%endif +%endif +%if %{with general} +# required for idle3 (.desktop and .appdata.xml files) +BuildRequires: appstream-glib +BuildRequires: gcc-c++ +BuildRequires: gdbm-devel +BuildRequires: gettext +BuildRequires: readline-devel +BuildRequires: sqlite-devel +BuildRequires: timezone +BuildRequires: pkgconfig(ncurses) +BuildRequires: pkgconfig(tk) +BuildRequires: pkgconfig(x11) +Requires: %{python_pkg_name}-base = %{version} +Provides: %{python_pkg_name}-readline +Provides: %{python_pkg_name}-sqlite3 +Recommends: %{python_pkg_name}-curses +Recommends: %{python_pkg_name}-dbm +Recommends: %{python_pkg_name}-pip +%if %{primary_interpreter} +Provides: python3 = %{python_version} +Provides: python3-readline +Provides: python3-sqlite3 +%endif +%endif +%{?suse_build_hwcaps_libs} + +%description +Python 3 is modern interpreted, object-oriented programming language, +often compared to Tcl, Perl, Scheme, or Java. You can find an overview +of Python in the documentation and tutorials included in the python3-doc +package. + +This package supplies rich command line features provided by readline, +and sqlite3 support for the interpreter core, thus forming a so called +"extended" runtime. +Installing "python3" is sufficient for the vast majority of usecases. +In addition, recommended packages provide UI toolkit support (python3-curses, +python3-tk), legacy UNIX database bindings (python3-dbm), and the IDLE +development environment (python3-idle). + +%package -n %{python_pkg_name}-tk +Summary: TkInter, a Python Tk Interface +Requires: %{python_pkg_name} = %{version} +%if %{primary_interpreter} +Provides: python3-tk = %{version} +%endif + +%description -n %{python_pkg_name}-tk +Python interface to Tk. Tk is the GUI toolkit that comes with Tcl. + +%package -n %{python_pkg_name}-curses +Summary: Python Interface to the (N)Curses Library +Requires: %{python_pkg_name} = %{version} +%if %{primary_interpreter} +Provides: python3-curses +%endif + +%description -n %{python_pkg_name}-curses +An easy to use interface to the (n)curses CUI library. CUI stands for +Console User Interface. + +%package -n %{python_pkg_name}-dbm +Summary: Python Interface to the GDBM Library +Requires: %{python_pkg_name} = %{version} +%if %{primary_interpreter} +Provides: python3-dbm +%endif + +%description -n %{python_pkg_name}-dbm +An easy to use interface for Unix DBM databases, and more specifically, +the GNU implementation GDBM. + +%package -n %{python_pkg_name}-idle +Summary: An Integrated Development Environment for Python +Requires: %{python_pkg_name} = %{version} +Requires: %{python_pkg_name}-tk +%if %{primary_interpreter} +Provides: python3-idle = %{version} +%endif + +%description -n %{python_pkg_name}-idle +IDLE is a Tkinter based integrated development environment for Python. +It features a multi-window text editor with multiple undo, Python +colorizing, and many other things, as well as a Python shell window and +a debugger. + +%package -n %{python_pkg_name}-doc +Summary: Package Documentation for Python 3 +Enhances: %{python_pkg_name} = %{python_version} +%if %{primary_interpreter} +Provides: python3-doc = %{version} +%endif + +%description -n %{python_pkg_name}-doc +Tutorial, Global Module Index, Language Reference, Library Reference, +Extending and Embedding Reference, Python/C API Reference, Documenting +Python, and Macintosh Module Reference in HTML format. + +%package -n %{python_pkg_name}-doc-devhelp +Summary: Additional Package Documentation for Python 3 in devhelp format +%if %{primary_interpreter} +Provides: python3-doc-devhelp = %{version} +%endif + +%description -n %{python_pkg_name}-doc-devhelp +Tutorial, Global Module Index, Language Reference, Library Reference, +Extending and Embedding Reference, Python/C API Reference, Documenting +Python, and Macintosh Module Reference in format for devhelp. + +%package -n %{python_pkg_name}-base +Summary: Python 3 Interpreter and Stdlib Core +Requires: libpython%{so_version} = %{version} +Recommends: %{python_pkg_name} = %{version} +#Recommends: python3-ensurepip +# python 3.1 didn't have a separate python-base, so it is wrongly +# not a conflict to have python3-3.1 and python3-base > 3.1 +Obsoletes: python3 < 3.2 +# no Provides, because python3 is obviously provided by package python3 +# python 3.4 provides asyncio +Provides: %{python_pkg_name}-asyncio = %{version} +# python 3.6 provides typing +Provides: %{python_pkg_name}-typing = %{version} +# python3-xml was merged into python3, now moved into -base +Provides: %{python_pkg_name}-xml = %{version} +%if %{primary_interpreter} +Provides: python3-asyncio = %{version} +Obsoletes: python3-asyncio < %{version} +Provides: python3-base = %{version} +Obsoletes: python3-base < %{version} +Provides: python3-typing = %{version} +Obsoletes: python3-typing < %{version} +Provides: python3-xml = %{version} +Obsoletes: python3-xml < %{version} +%endif + +%description -n %{python_pkg_name}-base +Python is an interpreted, object-oriented programming language, and is +often compared to Tcl, Perl, Scheme, or Java. You can find an overview +of Python in the documentation and tutorials included in the python-doc +package. + +This package contains the interpreter core and most commonly used modules +from the standard library. This is sufficient for many usecases, but it +excludes components that depend on external libraries, most notably XML, +database and UI toolkits support. + +%package -n %{python_pkg_name}-tools +Summary: Python Utility and Demonstration Scripts +Requires: %{python_pkg_name}-base = %{version} +Provides: %{python_pkg_name}-2to3 = %{version} +Provides: %{python_pkg_name}-demo = %{version} +%if %{primary_interpreter} +Provides: python3-2to3 = %{version} +Provides: python3-demo = %{version} +Provides: python3-tools = %{version} +Obsoletes: python3-2to3 < %{version} +Obsoletes: python3-demo < %{version} +%endif + +%description -n %{python_pkg_name}-tools +A number of scripts that are useful for building, testing or extending Python, +and a set of demonstration programs. + +%package -n %{python_pkg_name}-devel +Summary: Include Files and Libraries Mandatory for Building Python Modules +Requires: %{python_pkg_name}-base = %{version} +%if %{primary_interpreter} +Provides: python3-devel = %{version} +%endif + +%description -n %{python_pkg_name}-devel +The Python programming language's interpreter can be extended with +dynamically loaded extensions and can be embedded in other programs. + +This package contains header files, a static library, and development +tools for building Python modules, extending the Python interpreter or +embedding Python in applications. + +This also includes the Python distutils, which were in the Python +package up to version 2.2.2. + +%package -n %{python_pkg_name}-testsuite +Summary: Unit tests for Python and its standard library +Requires: %{python_pkg_name} = %{version} +Requires: %{python_pkg_name}-tk = %{version} +%if %{primary_interpreter} +Provides: python3-testsuite = %{version} +%endif + +%description -n %{python_pkg_name}-testsuite +Unit tests that are useful for verifying integrity and functionality +of the installed Python interpreter and standard library. +They are a documented part of stdlib, as a module 'test'. + +%package -n libpython%{so_version} +Summary: Python Interpreter shared library +Requires: %{python_pkg_name}-base >= %{version} + +%description -n libpython%{so_version} +Python is an interpreted, object-oriented programming language, and is +often compared to Tcl, Perl, Scheme, or Java. You can find an overview +of Python in the documentation and tutorials included in the python-doc +(HTML) or python-doc-pdf (PDF) packages. + +This package contains libpython3.2 shared library for embedding in +other applications. + +%prep +%setup -q -n %{tarname} + +%autopatch -p1 -M 08 +%if 0%{?suse_version} <= 1500 +%patch -P 09 -p1 +%endif +%autopatch -p1 -m 10 + +# drop Autoconf version requirement +sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac + +%if %{primary_interpreter} +# fix shebangs - convert /usr/local/bin/python and /usr/bin/env/python to /usr/bin/python3 +for dir in Lib Tools; do + # find *.py, filter to files that contain bad shebangs + # break up "/""usr" like this to prevent replacing with %%{_prefix} + find $dir -name '*.py' -type f -print0 \ + | xargs -0 grep -lE '^#! *(/''usr/.*bin/(env +)?)?python' \ + | xargs sed -r -i -e '1s@^#![[:space:]]*(/''usr/(local/)?bin/(env +)?)?python([0-9]+(\.[0-9]+)?)?@#!%{_bindir}/python3@' +done +%else +# For non-primary Python, just don't bother (bsc#1193179) and remove all +# those shebangs +for dir in Lib Tools; do + find $dir -name '*.py' -type f -exec sed -i '1{/^#!.*python/ d}' '{}' \; +done +# We shortened the file Lib/pdb.py so we have to move the test breakpoint location +sed -i -e '/Breakpoint 3 at ...pdb.py:97/s/97/96/' Lib/test/test_pdb.py +%endif + +# drop in-tree libffi and expat +rm -r Modules/_ctypes/libffi* Modules/_ctypes/darwin +# Cannot remove it because of gh#python/cpython#92875 +# rm -r Modules/expat + +# drop duplicate README from site-packages +rm Lib/site-packages/README.txt + +# Add vendored bluez-devel files +tar xvf %{SOURCE21} + +# Don't fail on warnings when building documentation +sed -i -e '/^SPHINXERRORHANDLING/s/-W//' Doc/Makefile + +%build +%if %{with doc} +TODAY_DATE=`date -r %{SOURCE0} "+%%B %%d, %%Y"` +# TODO use not date of tarball but date of latest patch + +cd Doc +sed -i "s/^today = .*/today = '$TODAY_DATE'/" conf.py +%make_build -j1 JOBS=1 html + +# Build also devhelp files +sphinx-build -a -b devhelp . build/devhelp +rm -rfv build/devhelp/.doctrees +%else +%define _lto_cflags %{nil} +# use rpm_opt_flags +export OPT="%{optflags} -DOPENSSL_LOAD_CONF -fwrapv $(pkg-config --cflags-only-I libffi) -fno-semantic-interposition" + +touch -r %{SOURCE0} Makefile.pre.in + +autoreconf -fvi + +%if 0%{?sles_version} +sed -e 's/-fprofile-correction//' -i Makefile.pre.in +%endif + +export CFLAGS="%{optflags} -IVendor/" + +%configure \ + --with-platlibdir=%{_lib} \ + --docdir=%{_docdir}/python \ + --enable-ipv6 \ + --enable-shared \ + --with-ensurepip=no \ + --with-system-ffi \ + --with-system-expat \ + --with-lto \ +%if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150400 + --with-ssl-default-suites=openssl \ +%endif +%if %{with profileopt} + --enable-optimizations \ +%endif +%if %{with mpdecimal} + --with-system-libmpdec \ +%endif + --enable-loadable-sqlite-extensions + +# prevent make from trying to rebuild PYTHON_FOR_GEN stuff +# %%make_build -t Python/Python-ast.c \ + # Include/Python-ast.h \ + # Objects/typeslots.inc \ + # Python/opcode_targets.h \ + # Include/opcode.h +%make_build + +%if %{with general} +%make_build +%endif +%if %{with base} +%if %{with profileopt} + target=profile-opt +%else + target=all +%endif +LD_LIBRARY_PATH=.:$LD_LIBRARY_PATH \ + %make_build $target +%endif +%endif + +%check +export SUSE_VERSION="0%{?suse_version}" +export SLE_VERSION="0%{?sle_version}" +%if %{with general} +# exclude test_gdb -- it doesn't run in buildservice anyway, and fails on missing debuginfos +# when you install gdb into your test env +EXCLUDE="test_gdb" +# we patch out the message to recommend zypper in and thus this would fail +EXCLUDE="$EXCLUDE test_pydoc" + +%ifarch %{arm} s390x +# test_multiprocessing_forkserver is racy +EXCLUDE="$EXCLUDE test_multiprocessing_forkserver" +%endif +%ifarch ppc ppc64 ppc64le +# exclue test_faulthandler due to bnc#831629 +EXCLUDE="$EXCLUDE test_faulthandler" +%endif +# some tests break in QEMU +%if 0%{?qemu_user_space_build} +EXCLUDE="$EXCLUDE test_faulthandler test_multiprocessing_forkserver test_multiprocessing_spawn test_os test_posix test_signal test_socket test_subprocess" +%endif + +# This test (part of test_uuid) requires real network interfaces +# so that ifconfig output has "HWaddr ". Some kvm instances +# done have any such interface breaking the uuid module. +EXCLUDE="$EXCLUDE test_uuid" + +# bsc#1195140 and bpo#37169 - test_capi is failing on openSUSE, and not sure why +EXCLUDE="$EXCLUDE test_capi" + +# Limit virtual memory to avoid spurious failures +if test $(ulimit -v) = unlimited || test $(ulimit -v) -gt 10000000; then + ulimit -v 11000000 || : +fi + +# test_freeze_simple_script in test.test_tools.test_freeze.TestFreeze +# uses CONFIG_ARGS to run ./configure. +export CONFIG_ARGS="--enable-ipv6 --enable-shared --with-ensurepip=no \ + --with-system-ffi --with-system-expat --with-lto --enable-optimizations \ + --with-system-libmpdec --enable-loadable-sqlite-extensions" + +export PYTHONPATH="$(pwd -P)/Lib" +# Use timeout, like make target buildbottest +# We cannot run tests parallel, because osc build environment doesn’t +# have /dev/shm +%make_build -j1 test TESTOPTS="-u curses -v -x $EXCLUDE --timeout=5400" +# use network, be verbose: +#make test TESTOPTS="-l -u network -v" +%endif + +%install +%if %{with doc} +export PDOCS=%{buildroot}%{_docdir}/python%{python_version} +mkdir -p $PDOCS +# generated docs +rm Doc/build/*/.buildinfo +cp -r Doc/build/html $PDOCS +# misc +install -d -m 755 $PDOCS/Misc +rm Misc/README.AIX +for i in Misc/* ; do + [ -f $i ] && install -c -m 644 $i $PDOCS/Misc/ +done +# devhelp +mkdir -p %{buildroot}%{_datadir}/gtk-doc/html +cp -r Doc/build/devhelp %{buildroot}%{_datadir}/gtk-doc/html/Python%{python_version} +rm -rf %{buildroot}%{_datadir}/gtk-doc/html/Python%{python_version}/.doctrees +%endif +%if %{with general} +%make_install + +# clean out stuff that is in python-base and subpackages + +find %{buildroot}%{_bindir} -mindepth 1 -not -name "*idle3*" -print -delete +rm %{buildroot}%{_libdir}/lib* +rm -r %{buildroot}%{_libdir}/pkgconfig +rm -r %{buildroot}%{_mandir}/* +rm -r %{buildroot}%{_includedir}/* + +rm -r %{buildroot}%{sitedir}/config* +find %{buildroot}%{sitedir} -name "*.egg-info" -delete +rm -r %{buildroot}%{sitedir}/__pycache__ +rm -r %{buildroot}%{sitedir}/site-packages +rm %{buildroot}%{sitedir}/*.* + +for module in \ + asyncio ctypes collections concurrent distutils email encodings \ + ensurepip html http re \ + importlib json logging multiprocessing pydoc_data unittest \ + urllib venv wsgiref lib2to3 test tomllib turtledemo \ + xml xmlrpc zoneinfo __phello__ +do + rm -r %{buildroot}%{sitedir}/$module +done + +for library in \ + array _asyncio audioop binascii _bisect _bz2 cmath _codecs_* \ + _contextvars _crypt _csv _ctypes _datetime _decimal fcntl grp \ + _hashlib _heapq _json _lsprof _lzma math mmap _multibytecodec \ + _multiprocessing _opcode ossaudiodev _pickle _posixshmem \ + _posixsubprocess _queue _random resource select _ssl _socket spwd \ + _statistics _struct syslog termios _testbuffer _testimportmultiple \ + _testmultiphase unicodedata zlib _ctypes_test _testinternalcapi _testcapi \ + _typing _testclinic xxlimited xxlimited_35 \ + _xxtestfuzz _xxsubinterpreters _elementtree pyexpat _md5 _sha1 \ + _sha256 _sha512 _blake2 _sha3 _uuid _zoneinfo +do + eval rm "%{buildroot}%{sitedir}/lib-dynload/$library.*" +done + +# Idle is not packaged in base due to the appstream-glib dependency +# move idle config into /etc +install -d -m 755 %{buildroot}%{_sysconfdir}/idle%{python_version} +( + cd %{buildroot}/%{sitedir}/idlelib/ + for file in *.def ; do + mv $file %{buildroot}%{_sysconfdir}/idle%{python_version}/ + ln -sf %{_sysconfdir}/idle%{python_version}/$file %{buildroot}/%{sitedir}/idlelib/ + done +) + +# keep just idle3.X +rm %{buildroot}%{_bindir}/idle3 + +# install idle icons +for size in 16 32 48 ; do + install -m 644 -D Lib/idlelib/Icons/idle_${size}.png \ + %{buildroot}%{_datadir}/icons/hicolor/${size}x${size}/apps/idle%{python_version}.png +done + +# install idle desktop file +cp %{SOURCE19} idle%{python_version}.desktop +sed -i -e 's:idle3:idle%{python_version}:g' idle%{python_version}.desktop +install -m 644 -D -t %{buildroot}%{_datadir}/applications idle%{python_version}.desktop + +cp %{SOURCE20} idle%{python_version}.appdata.xml +sed -i -e 's:idle3.desktop:idle%{python_version}.desktop:g' idle%{python_version}.appdata.xml +install -m 644 -D -t %{buildroot}%{_datadir}/metainfo idle%{python_version}.appdata.xml +appstream-util validate-relax --nonet %{buildroot}%{_datadir}/metainfo/idle%{python_version}.appdata.xml + +%fdupes %{buildroot}/%{_libdir}/python%{python_version} +%endif +%if %{with base} +%make_install + +# remove .a +find %{buildroot} -name "*.a" -delete + +# install "site-packages" and __pycache__ for third parties +install -d -m 755 %{buildroot}%{sitedir}/site-packages +install -d -m 755 %{buildroot}%{sitedir}/site-packages/__pycache__ +# and their 32bit counterparts explicitly +mkdir -p %{buildroot}%{_prefix}/lib/python%{python_version}/site-packages/__pycache__ + +# cleanup parts that don't belong +for dir in curses dbm sqlite3 tkinter idlelib; do + find "%{buildroot}/%{sitedir}/$dir"/* -maxdepth 0 -name "test" -o -exec rm -rf {} + +done +rm -fv %{buildroot}%{dynlib nis} + +# overwrite the copied binary with a link +ln -sf python%{python_version} %{buildroot}%{_bindir}/python3 + +# decide to ship python3 or just python3.X +%if !%{primary_interpreter} +# base +rm %{buildroot}%{_bindir}/python3 +rm %{buildroot}%{_bindir}/pydoc3 +rm %{buildroot}%{_mandir}/man1/python3.1 +# devel +rm %{buildroot}%{_bindir}/python3-config +rm %{buildroot}%{_libdir}/libpython3.so +rm %{buildroot}%{_libdir}/pkgconfig/{python3,python3-embed}.pc +%endif + +%if %{with externally_managed} +# PEP-0668 mark this as a distro maintained python +sed -e 's,__PYTHONPREFIX__,%{python_pkg_name},' -e 's,__PYTHON__,python%{python_version},' < %{SOURCE4} > %{buildroot}%{sitedir}/EXTERNALLY-MANAGED +%endif + +# link shared library instead of static library that tools expect +ln -s ../../libpython%{python_abi}.so %{buildroot}%{_libdir}/python%{python_version}/config-%{python_abi}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}/libpython%{python_abi}.so + +# delete idle3, which has to many packaging dependencies for base +rm %{buildroot}%{_bindir}/idle3* + +# delete the generic 2to3 binary if we are not primary +%if !%{primary_interpreter} +rm %{buildroot}%{_bindir}/2to3 +%endif + +# replace duplicate .pyo/.pyc with hardlinks +%fdupes %{buildroot}/%{sitedir} + +# documentation +export PDOCS=%{buildroot}%{_docdir}/%{name} +install -d -m 755 $PDOCS +install -c -m 644 %{SOURCE3} $PDOCS/ +install -c -m 644 README.rst $PDOCS/ + +# tools +for x in `find Tools/ \( -not -name Makefile \) -print | sort` ; do + test -d $x && ( install -c -m 755 -d $PDOCS/$x ) \ + || ( install -c -m 644 $x $PDOCS/$x ) +done +# gdb script is shipped with devel subpackage +rm -r $PDOCS/Tools/gdb +# clean up the bat files +find "$PDOCS" -name "*.bat" -delete + +# put gdb helper script into place +install -m 755 -D Tools/gdb/libpython.py %{buildroot}%{_datadir}/gdb/auto-load/%{_libdir}/libpython%{python_abi}.so.%{so_major}.%{so_minor}-gdb.py + +# install devel files to /config +#cp Makefile Makefile.pre.in Makefile.pre $RPM_BUILD_ROOT%%{sitedir}/config-%%{python_abi}/ + +# Remove -IVendor/ from python-config boo#1231795 +sed -i 's/-IVendor\///' %{buildroot}%{_bindir}/python%{python_abi}-config + +# RPM macros +%if %{primary_interpreter} +mkdir -p %{buildroot}%{_rpmconfigdir}/macros.d/ +install -m 644 %{SOURCE7} %{buildroot}%{_rpmconfigdir}/macros.d/ # macros.python3 +%endif + +# import_failed hooks +FAILDIR=%{buildroot}/%{sitedir}/_import_failed +mkdir $FAILDIR +install -m 644 %{SOURCE8} %{SOURCE9} $FAILDIR # import_failed.* +LD_LIBRARY_PATH=. ./python -c "from py_compile import compile; compile('$FAILDIR/import_failed.py', dfile='%{sitedir}/_import_failed/import_failed.py')" +LD_LIBRARY_PATH=. ./python -O -c "from py_compile import compile; compile('$FAILDIR/import_failed.py', dfile='%{sitedir}/_import_failed/import_failed.py')" +( + cd $FAILDIR + while read package modules; do + for module in $modules; do + ln import_failed.py $module.py + pushd __pycache__ + for i in import_failed*; do + ln $i "$module${i#import_failed}" + done + popd + done + done < %{SOURCE9} +) +echo %{sitedir}/_import_failed > %{buildroot}/%{sitedir}/site-packages/zzzz-import-failed-hooks.pth +%endif + +# For the purposes of reproducibility, it is necessary to eliminate any *.pyc files inside documentation dirs +if [ -d %{buildroot}%{_defaultdocdir} ] ; then +find %{buildroot}%{_defaultdocdir} -type f -name \*.pyc -ls -exec rm -vf '{}' \; +fi + +%if %{with general} +%files -n %{python_pkg_name}-tk +%{sitedir}/tkinter +%exclude %{sitedir}/tkinter/test +%{dynlib _tkinter} + +%files -n %{python_pkg_name}-curses +%{sitedir}/curses +%{dynlib _curses} +%{dynlib _curses_panel} + +%files -n %{python_pkg_name}-dbm +%{sitedir}/dbm +%{dynlib _dbm} +%{dynlib _gdbm} + +%files -n %{python_pkg_name} +%dir %{sitedir} +%dir %{sitedir}/lib-dynload +%{sitedir}/sqlite3 +%exclude %{sitedir}/sqlite3/test +%{dynlib readline} +%{dynlib _sqlite3} +%if 0%{?suse_version} < 1599 +%{dynlib nis} +%endif + +%files -n %{python_pkg_name}-idle +%{sitedir}/idlelib +%dir %{_sysconfdir}/idle%{python_version} +%config %{_sysconfdir}/idle%{python_version}/* +%doc Lib/idlelib/README.txt +%doc Lib/idlelib/TODO.txt +%doc Lib/idlelib/extend.txt +%doc Lib/idlelib/ChangeLog +%{_bindir}/idle%{python_version} +%{_datadir}/applications/idle%{python_version}.desktop +%{_datadir}/metainfo/idle%{python_version}.appdata.xml +%{_datadir}/icons/hicolor/*/apps/idle%{python_version}.png +%dir %{_datadir}/icons/hicolor +%dir %{_datadir}/icons/hicolor/16x16 +%dir %{_datadir}/icons/hicolor/32x32 +%dir %{_datadir}/icons/hicolor/48x48 +%dir %{_datadir}/icons/hicolor/*/apps +# endif for if general +%endif + +%if %{with doc} +%files -n %{python_pkg_name}-doc +%dir %{_docdir}/python%{python_version} +%doc %{_docdir}/python%{python_version}/Misc +%doc %{_docdir}/python%{python_version}/html + +%files -n %{python_pkg_name}-doc-devhelp +%dir %{_datadir}/gtk-doc +%dir %{_datadir}/gtk-doc/html +%doc %{_datadir}/gtk-doc/html/Python%{python_version} +%endif + +%if %{with base} +%post -n libpython%{so_version} -p /sbin/ldconfig +%postun -n libpython%{so_version} -p /sbin/ldconfig + +%files -n libpython%{so_version} +%{_libdir}/libpython%{python_abi}.so.%{so_major}.%{so_minor} + +%files -n %{python_pkg_name}-tools +%{sitedir}/turtledemo +%if %{primary_interpreter} +%{_bindir}/2to3 +%endif +%attr(755, root, root)%{_bindir}/2to3-%{python_version} +%doc %{_docdir}/%{name}/Tools + +%files -n %{python_pkg_name}-devel +%{_libdir}/libpython%{python_abi}.so +%if %{primary_interpreter} +%{_libdir}/libpython3.so +%endif +%{_libdir}/pkgconfig/* +%{_includedir}/python%{python_abi} +%{sitedir}/config-%{python_abi}-* +%{_bindir}/python%{python_abi}-config +%if %{primary_interpreter} +%{_bindir}/python3-config +%endif +# Own these directories to not depend on gdb +%dir %{_datadir}/gdb +%dir %{_datadir}/gdb/auto-load +%dir %{_datadir}/gdb/auto-load%{_prefix} +%dir %{_datadir}/gdb/auto-load%{_libdir} +%{_datadir}/gdb/auto-load/%{_libdir}/libpython%{python_abi}.so.%{so_major}.%{so_minor}-gdb.py + +%files -n %{python_pkg_name}-testsuite +%{sitedir}/test +%{sitedir}/*/test +%{sitedir}/*/tests +%{dynlib _ctypes_test} +%{dynlib _testbuffer} +%{dynlib _testcapi} +%{dynlib _testclinic} +%{dynlib _testinternalcapi} +%{dynlib _testimportmultiple} +%{dynlib _testmultiphase} +%{dynlib xxlimited} +# workaround for missing packages +%dir %{sitedir}/sqlite3 +%dir %{sitedir}/tkinter + +%files -n %{python_pkg_name}-base +# docs +%dir %{_docdir}/%{name} +%doc %{_docdir}/%{name}/README.rst +%license LICENSE +%doc %{_docdir}/%{name}/README.SUSE +%if %{primary_interpreter} +%{_mandir}/man1/python3.1%{?ext_man} +%endif +%{_mandir}/man1/python%{python_version}.1%{?ext_man} +%if %{with externally_managed} +# PEP-0668 +%{sitedir}/EXTERNALLY-MANAGED +%endif +# license text, not a doc because the code can use it at run-time +%{sitedir}/LICENSE.txt +# RPM macros +%if %{primary_interpreter} +%{_rpmconfigdir}/macros.d/macros.python3 +%endif +# binary parts +%dir %{sitedir}/lib-dynload +%{dynlib array} +%{dynlib _asyncio} +%{dynlib audioop} +%{dynlib binascii} +%{dynlib _bisect} +%{dynlib _bz2} +%{dynlib cmath} +%{dynlib _codecs_cn} +%{dynlib _codecs_hk} +%{dynlib _codecs_iso2022} +%{dynlib _codecs_jp} +%{dynlib _codecs_kr} +%{dynlib _codecs_tw} +%{dynlib _contextvars} +%{dynlib _crypt} +%{dynlib _csv} +%{dynlib _ctypes} +%{dynlib _datetime} +%{dynlib _decimal} +%{dynlib _elementtree} +%{dynlib fcntl} +%{dynlib grp} +%{dynlib _hashlib} +%{dynlib _heapq} +%{dynlib _json} +%{dynlib _lsprof} +%{dynlib _lzma} +%{dynlib math} +%{dynlib mmap} +%{dynlib _multibytecodec} +%{dynlib _multiprocessing} +%{dynlib _opcode} +%{dynlib ossaudiodev} +%{dynlib _pickle} +%{dynlib _posixshmem} +%{dynlib _posixsubprocess} +%{dynlib pyexpat} +%{dynlib _queue} +%{dynlib _random} +%{dynlib resource} +%{dynlib select} +%{dynlib _socket} +%{dynlib spwd} +%{dynlib _ssl} +%{dynlib _statistics} +%{dynlib _struct} +%{dynlib syslog} +%{dynlib termios} +%{dynlib _typing} +%{dynlib unicodedata} +%{dynlib _uuid} +%{dynlib _xxsubinterpreters} +%{dynlib _xxtestfuzz} +%{dynlib xxlimited_35} +%{dynlib zlib} +%{dynlib _zoneinfo} +# hashlib fallback modules +%{dynlib _blake2} +%{dynlib _md5} +%{dynlib _sha1} +%{dynlib _sha256} +%{dynlib _sha512} +%{dynlib _sha3} +# python parts +%dir %{_prefix}/lib/python%{python_version} +%dir %{_prefix}/lib/python%{python_version}/site-packages +%dir %{_prefix}/lib/python%{python_version}/site-packages/__pycache__ +%dir %{sitedir} +%dir %{sitedir}/site-packages +%dir %{sitedir}/site-packages/__pycache__ +%exclude %{sitedir}/*/test +%exclude %{sitedir}/*/tests +%{sitedir}/*.py +%{sitedir}/asyncio +%{sitedir}/ctypes +%{sitedir}/collections +%{sitedir}/concurrent +%{sitedir}/distutils +%{sitedir}/email +%{sitedir}/encodings +%{sitedir}/ensurepip +%{sitedir}/html +%{sitedir}/http +%{sitedir}/importlib +%{sitedir}/json +%{sitedir}/lib2to3 +%{sitedir}/logging +%{sitedir}/multiprocessing +%{sitedir}/pydoc_data +%{sitedir}/re +%{sitedir}/tomllib +%{sitedir}/unittest +%{sitedir}/urllib +%{sitedir}/venv +%{sitedir}/wsgiref +%{sitedir}/xml +%{sitedir}/xmlrpc +%{sitedir}/zoneinfo +%{sitedir}/__phello__ +%{sitedir}/__pycache__ +# import-failed hooks +%{sitedir}/_import_failed +%{sitedir}/site-packages/zzzz-import-failed-hooks.pth +# symlinks +%if %{primary_interpreter} +%{_bindir}/python3 +%{_bindir}/pydoc3 +%endif +# executables +%attr(755, root, root) %{_bindir}/pydoc%{python_version} +# %%attr(755, root, root) %%{_bindir}/python%%{python_abi} +%attr(755, root, root) %{_bindir}/python%{python_version} +# endif for if base +%endif + +%changelog diff --git a/skip-test_pyobject_freed_is_freed.patch b/skip-test_pyobject_freed_is_freed.patch new file mode 100644 index 0000000..6f48b09 --- /dev/null +++ b/skip-test_pyobject_freed_is_freed.patch @@ -0,0 +1,23 @@ +--- + Lib/test/test_capi/test_misc.py | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/Lib/test/test_capi/test_misc.py ++++ b/Lib/test/test_capi/test_misc.py +@@ -40,6 +40,8 @@ import _testinternalcapi + # Were we compiled --with-pydebug or with #define Py_DEBUG? + Py_DEBUG = hasattr(sys, 'gettotalrefcount') + ++# Which version of the SLE distro we build on? ++SLE_VERSION = int(os.environ.get('SLE_VERSION', '0'), 10) + + NULL = None + +@@ -1281,6 +1283,7 @@ class PyMemDebugTests(unittest.TestCase) + def test_pyobject_forbidden_bytes_is_freed(self): + self.check_pyobject_is_freed('check_pyobject_forbidden_bytes_is_freed') + ++ @unittest.skipIf(0 < SLE_VERSION < 150300, 'Failing on Leap 15.*') + def test_pyobject_freed_is_freed(self): + self.check_pyobject_is_freed('check_pyobject_freed_is_freed') + diff --git a/skip_if_buildbot-extend.patch b/skip_if_buildbot-extend.patch new file mode 100644 index 0000000..fd9a584 --- /dev/null +++ b/skip_if_buildbot-extend.patch @@ -0,0 +1,15 @@ +--- + Lib/test/support/__init__.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/Lib/test/support/__init__.py ++++ b/Lib/test/support/__init__.py +@@ -384,7 +384,7 @@ def skip_if_buildbot(reason=None): + if not reason: + reason = 'not suitable for buildbots' + try: +- isbuildbot = getpass.getuser().lower() == 'buildbot' ++ isbuildbot = getpass.getuser().lower() in ['buildbot', 'abuild'] + except (KeyError, EnvironmentError) as err: + warnings.warn(f'getpass.getuser() failed {err}.', RuntimeWarning) + isbuildbot = False diff --git a/skipped_tests.py b/skipped_tests.py new file mode 100644 index 0000000..47002e6 --- /dev/null +++ b/skipped_tests.py @@ -0,0 +1,69 @@ +#!/usr/bin/python3 +""" +Simple regexp-based skipped test checker. +It lists tests that are mentioned (presumably for exclusion) +in BASE, and in MAIN (presumably for inclusion) +and reports discrepancies. + +This will have a number of +""" + +MAIN = "python39.spec" + +import glob +import re +from os.path import basename + +alltests = set() +qemu_exclusions = set() + +for item in glob.glob("Python-*/Lib/test/test_*"): + testname = basename(item) + if testname.endswith(".py"): + testname = testname[:-3] + alltests.add(testname) + +testre = re.compile(r'[\s"](test_\w+)\b') + +def find_tests_in_spec(specname): + global qemu_exclusions + + found_tests = set() + with open(specname) as spec: + in_qemu = False + for line in spec: + line = line.strip() + if "#" in line: + line = line[:line.index("#")] + tests = set(testre.findall(line)) + found_tests |= tests + if line == "%if 0%{?qemu_user_space_build} > 0": + in_qemu = True + if in_qemu: + if line == "%endif": + in_qemu = False + qemu_exclusions |= tests + return found_tests + +excluded = find_tests_in_spec(MAIN) + +#print("--- excluded tests:", " ".join(sorted(excluded))) +#print("--- included tests:", " ".join(sorted(included))) + +mentioned = excluded +nonexistent = mentioned - alltests +missing = excluded - qemu_exclusions + +print("--- the following tests are excluded for QEMU and not tested in python") +print("--- (that probably means we don't need to worry about them)") +for test in sorted(qemu_exclusions - excluded): + print(test) + +print("--- the following tests might be excluded in python:") +for test in sorted(missing): + print(test) + +if nonexistent: + print("--- the following tests don't exist:") + for test in sorted(nonexistent): + print(test) diff --git a/subprocess-raise-timeout.patch b/subprocess-raise-timeout.patch new file mode 100644 index 0000000..ab29d50 --- /dev/null +++ b/subprocess-raise-timeout.patch @@ -0,0 +1,18 @@ +--- + Lib/test/test_subprocess.py | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +Index: Python-3.11.8/Lib/test/test_subprocess.py +=================================================================== +--- Python-3.11.8.orig/Lib/test/test_subprocess.py ++++ Python-3.11.8/Lib/test/test_subprocess.py +@@ -280,7 +280,8 @@ class ProcessTestCase(BaseTestCase): + "time.sleep(3600)"], + # Some heavily loaded buildbots (sparc Debian 3.x) require + # this much time to start and print. +- timeout=3) ++ # OBS might require even more ++ timeout=10) + self.fail("Expected TimeoutExpired.") + self.assertEqual(c.exception.output, b'BDFL') + -- 2.51.1 From 420a5bd2d2c36a2e4ff695697270d2efaf62e2bfdfc30ca2153754c7b127121e Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Wed, 2 Jul 2025 15:58:03 +0000 Subject: [PATCH 130/135] - Add CVE-2025-6069-quad-complex-HTMLParser.patch to avoid worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser (CVE-2025-6069, bsc#1244705). OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=188 --- CVE-2025-6069-quad-complex-HTMLParser.patch | 187 ++++++++++++++++++++ python311.changes | 7 + python311.spec | 3 + 3 files changed, 197 insertions(+) create mode 100644 CVE-2025-6069-quad-complex-HTMLParser.patch diff --git a/CVE-2025-6069-quad-complex-HTMLParser.patch b/CVE-2025-6069-quad-complex-HTMLParser.patch new file mode 100644 index 0000000..c044f5f --- /dev/null +++ b/CVE-2025-6069-quad-complex-HTMLParser.patch @@ -0,0 +1,187 @@ +From 9043edabc7e2f0dd655146e0a4571e2a0b2906af Mon Sep 17 00:00:00 2001 +From: Serhiy Storchaka +Date: Fri, 13 Jun 2025 19:57:48 +0300 +Subject: [PATCH] gh-135462: Fix quadratic complexity in processing special + input in HTMLParser (GH-135464) + +End-of-file errors are now handled according to the HTML5 specs -- +comments and declarations are automatically closed, tags are ignored. +(cherry picked from commit 6eb6c5dbfb528bd07d77b60fd71fd05d81d45c41) + +Co-authored-by: Serhiy Storchaka +--- + Lib/html/parser.py | 41 ++++++-- + Lib/test/test_htmlparser.py | 49 +++++++--- + Misc/NEWS.d/next/Security/2025-06-13-15-55-22.gh-issue-135462.KBeJpc.rst | 4 + 3 files changed, 73 insertions(+), 21 deletions(-) + create mode 100644 Misc/NEWS.d/next/Security/2025-06-13-15-55-22.gh-issue-135462.KBeJpc.rst + +Index: Python-3.11.13/Lib/html/parser.py +=================================================================== +--- Python-3.11.13.orig/Lib/html/parser.py 2025-07-02 17:11:09.096534277 +0200 ++++ Python-3.11.13/Lib/html/parser.py 2025-07-02 17:11:16.977433541 +0200 +@@ -25,6 +25,7 @@ + charref = re.compile('&#(?:[0-9]+|[xX][0-9a-fA-F]+)[^0-9a-fA-F]') + + starttagopen = re.compile('<[a-zA-Z]') ++endtagopen = re.compile('') + commentclose = re.compile(r'--\s*>') + # Note: +@@ -176,7 +177,7 @@ + k = self.parse_pi(i) + elif startswith("', i + 1) +- if k < 0: +- k = rawdata.find('<', i + 1) +- if k < 0: +- k = i + 1 ++ if starttagopen.match(rawdata, i): # < + letter ++ pass ++ elif startswith("'), +- ('comment', '/img'), +- ('endtag', 'html<')]) ++ ('data', '\n')]) + + def test_starttag_junk_chars(self): ++ self._run_check("<", [('data', '<')]) ++ self._run_check("<>", [('data', '<>')]) ++ self._run_check("< >", [('data', '< >')]) ++ self._run_check("< ", [('data', '< ')]) + self._run_check("", []) ++ self._run_check("<$>", [('data', '<$>')]) + self._run_check("", [('comment', '$')]) + self._run_check("", [('endtag', 'a')]) ++ self._run_check("", [('starttag', 'a", [('endtag', 'a'", [('data', "'", []) ++ self._run_check("", [('starttag', 'a$b', [])]) + self._run_check("", [('startendtag', 'a$b', [])]) + self._run_check("", [('starttag', 'a$b', [])]) + self._run_check("", [('startendtag', 'a$b', [])]) ++ self._run_check("", [('endtag', 'a$b')]) + + def test_slashes_in_starttag(self): + self._run_check('', [('startendtag', 'a', [('foo', 'var')])]) +@@ -544,6 +552,7 @@ + '' + '') + expected = [ ++ ('comment', 'ELEMENT br EMPTY'), + ('comment', ' not really a comment '), + ('comment', ' not a comment either --'), + ('comment', ' -- close enough --'), +@@ -598,6 +607,26 @@ + ('endtag', 'a'), ('data', ' bar & baz')] + ) + ++ @support.requires_resource('cpu') ++ def test_eof_no_quadratic_complexity(self): ++ # Each of these examples used to take about an hour. ++ # Now they take a fraction of a second. ++ def check(source): ++ parser = html.parser.HTMLParser() ++ parser.feed(source) ++ parser.close() ++ n = 120_000 ++ check(" + +- Add CVE-2025-6069-quad-complex-HTMLParser.patch to avoid worst + case quadratic complexity when processing certain crafted + malformed inputs with HTMLParser (CVE-2025-6069, bsc#1244705). + ------------------------------------------------------------------- Tue Jul 1 08:19:52 UTC 2025 - Daniel Garcia diff --git a/python311.spec b/python311.spec index 0a68887..13520fe 100644 --- a/python311.spec +++ b/python311.spec @@ -186,6 +186,9 @@ Patch19: bso1227999-reproducible-builds.patch Patch22: gh120226-fix-sendfile-test-kernel-610.patch # PATCH-FIX-UPSTREAM Add platform triplets for 64-bit LoongArch gh#python/cpython#30939 glaubitz@suse.com Patch24: add-loongarch64-support.patch +# PATCH-FIX-UPSTREAM CVE-2025-6069-quad-complex-HTMLParser.patch bsc#1244705 mcepl@suse.com +# avoid quadratic complexity when processing malformed inputs with HTMLParser +Patch25: CVE-2025-6069-quad-complex-HTMLParser.patch BuildRequires: autoconf-archive BuildRequires: automake BuildRequires: crypto-policies-scripts -- 2.51.1 From 1bf3058aba6daf3b4e34521798da32b01cb5f2de4fb4cbcb80f7b6ff8ca9910b Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Wed, 2 Jul 2025 16:13:50 +0000 Subject: [PATCH 131/135] Fix tests OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=189 --- CVE-2025-6069-quad-complex-HTMLParser.patch | 33 +++++++++++---------- 1 file changed, 18 insertions(+), 15 deletions(-) diff --git a/CVE-2025-6069-quad-complex-HTMLParser.patch b/CVE-2025-6069-quad-complex-HTMLParser.patch index c044f5f..1a731c8 100644 --- a/CVE-2025-6069-quad-complex-HTMLParser.patch +++ b/CVE-2025-6069-quad-complex-HTMLParser.patch @@ -10,16 +10,16 @@ comments and declarations are automatically closed, tags are ignored. Co-authored-by: Serhiy Storchaka --- - Lib/html/parser.py | 41 ++++++-- - Lib/test/test_htmlparser.py | 49 +++++++--- + Lib/html/parser.py | 41 +++++--- + Lib/test/test_htmlparser.py | 51 +++++++--- Misc/NEWS.d/next/Security/2025-06-13-15-55-22.gh-issue-135462.KBeJpc.rst | 4 - 3 files changed, 73 insertions(+), 21 deletions(-) + 3 files changed, 74 insertions(+), 22 deletions(-) create mode 100644 Misc/NEWS.d/next/Security/2025-06-13-15-55-22.gh-issue-135462.KBeJpc.rst Index: Python-3.11.13/Lib/html/parser.py =================================================================== ---- Python-3.11.13.orig/Lib/html/parser.py 2025-07-02 17:11:09.096534277 +0200 -+++ Python-3.11.13/Lib/html/parser.py 2025-07-02 17:11:16.977433541 +0200 +--- Python-3.11.13.orig/Lib/html/parser.py 2025-07-02 18:12:07.084569398 +0200 ++++ Python-3.11.13/Lib/html/parser.py 2025-07-02 18:12:12.582519793 +0200 @@ -25,6 +25,7 @@ charref = re.compile('&#(?:[0-9]+|[xX][0-9a-fA-F]+)[^0-9a-fA-F]') @@ -85,8 +85,8 @@ Index: Python-3.11.13/Lib/html/parser.py match = charref.match(rawdata, i) Index: Python-3.11.13/Lib/test/test_htmlparser.py =================================================================== ---- Python-3.11.13.orig/Lib/test/test_htmlparser.py 2025-07-02 17:11:10.487699349 +0200 -+++ Python-3.11.13/Lib/test/test_htmlparser.py 2025-07-02 17:12:43.419502465 +0200 +--- Python-3.11.13.orig/Lib/test/test_htmlparser.py 2025-07-02 18:12:08.523658593 +0200 ++++ Python-3.11.13/Lib/test/test_htmlparser.py 2025-07-02 18:13:32.674943007 +0200 @@ -4,6 +4,8 @@ import pprint import unittest @@ -141,14 +141,17 @@ Index: Python-3.11.13/Lib/test/test_htmlparser.py def test_slashes_in_starttag(self): self._run_check('', [('startendtag', 'a', [('foo', 'var')])]) -@@ -544,6 +552,7 @@ - '' - '') - expected = [ -+ ('comment', 'ELEMENT br EMPTY'), - ('comment', ' not really a comment '), - ('comment', ' not a comment either --'), +@@ -549,8 +557,9 @@ ('comment', ' -- close enough --'), + ('comment', ''), + ('comment', '<-- this was an empty comment'), +- ('comment', '!! another bogus comment !!!'), ++ ('comment', '!! another bogus comment !!!') + ] ++ + self._run_check(html, expected) + + def test_broken_condcoms(self): @@ -598,6 +607,26 @@ ('endtag', 'a'), ('data', ' bar & baz')] ) @@ -179,7 +182,7 @@ Index: Python-3.11.13/Lib/test/test_htmlparser.py Index: Python-3.11.13/Misc/NEWS.d/next/Security/2025-06-13-15-55-22.gh-issue-135462.KBeJpc.rst =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ Python-3.11.13/Misc/NEWS.d/next/Security/2025-06-13-15-55-22.gh-issue-135462.KBeJpc.rst 2025-07-02 17:11:16.978605629 +0200 ++++ Python-3.11.13/Misc/NEWS.d/next/Security/2025-06-13-15-55-22.gh-issue-135462.KBeJpc.rst 2025-07-02 18:12:12.583386736 +0200 @@ -0,0 +1,4 @@ +Fix quadratic complexity in processing specially crafted input in +:class:`html.parser.HTMLParser`. End-of-file errors are now handled according -- 2.51.1 From 0c195902ddafc387c15c71516501dda16e599de7abed559ccc9a88266ee2adf4 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Fri, 1 Aug 2025 20:18:10 +0000 Subject: [PATCH 132/135] - Add CVE-2025-8194-tarfile-no-neg-offsets.patch which now validates archives to ensure member offsets are non-negative (gh#python/cpython#130577, CVE-2025-8194, bsc#1247249). OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=191 --- .gitattributes | 23 + .gitignore | 1 + CVE-2023-52425-libexpat-2.6.0-backport.patch | 233 + ...-52425-remove-reparse_deferral-tests.patch | 60 + CVE-2024-9287-venv_path_unquoted.patch | 299 + CVE-2025-0938-sq-brackets-domain-names.patch | 127 + CVE-2025-4516-DecodeError-handler.patch | 504 ++ CVE-2025-6069-quad-complex-HTMLParser.patch | 190 + CVE-2025-8194-tarfile-no-neg-offsets.patch | 212 + F00251-change-user-install-location.patch | 215 + PACKAGING-NOTES | 26 + Python-3.11.10.tar.xz | 3 + Python-3.11.10.tar.xz.asc | 16 + Python-3.11.11.tar.xz | 3 + Python-3.11.11.tar.xz.sigstore | 1 + Python-3.11.12.tar.xz | 3 + Python-3.11.12.tar.xz.sigstore | 1 + Python-3.11.13.tar.xz | 3 + Python-3.11.13.tar.xz.sigstore | 1 + README.SUSE | 43 + _multibuild | 4 + add-loongarch64-support.patch | 29 + baselibs.conf | 3 + bluez-devel-vendor.tar.xz | 3 + bpo-31046_ensurepip_honours_prefix.patch | 173 + bsc1221260-test_asyncio-ResourceWarning.patch | 21 + bso1227999-reproducible-builds.patch | 37 + distutils-reproducible-compile.patch | 17 + externally_managed.in | 12 + fix_configure_rst.patch | 40 + ...l-no-stop-ThreadedEchoServer-OSError.patch | 82 + gh120226-fix-sendfile-test-kernel-610.patch | 35 + idle3.appdata.xml | 35 + idle3.desktop | 12 + import_failed.map | 7 + import_failed.py | 23 + macros.python3 | 28 + no-skipif-doctests.patch | 653 ++ pre_checkin.sh | 78 + python-3.3.0b1-fix_date_time_compiler.patch | 27 + python-3.3.0b1-localpath.patch | 13 + python-3.3.0b1-test-posix_fadvise.patch | 17 + python.keyring | 109 + python311-rpmlintrc | 4 + python311.changes | 5645 +++++++++++++++++ python311.spec | 1048 +++ skip-test_pyobject_freed_is_freed.patch | 23 + skip_if_buildbot-extend.patch | 15 + skipped_tests.py | 69 + subprocess-raise-timeout.patch | 18 + 50 files changed, 10244 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 CVE-2023-52425-libexpat-2.6.0-backport.patch create mode 100644 CVE-2023-52425-remove-reparse_deferral-tests.patch create mode 100644 CVE-2024-9287-venv_path_unquoted.patch create mode 100644 CVE-2025-0938-sq-brackets-domain-names.patch create mode 100644 CVE-2025-4516-DecodeError-handler.patch create mode 100644 CVE-2025-6069-quad-complex-HTMLParser.patch create mode 100644 CVE-2025-8194-tarfile-no-neg-offsets.patch create mode 100644 F00251-change-user-install-location.patch create mode 100644 PACKAGING-NOTES create mode 100644 Python-3.11.10.tar.xz create mode 100644 Python-3.11.10.tar.xz.asc create mode 100644 Python-3.11.11.tar.xz create mode 100644 Python-3.11.11.tar.xz.sigstore create mode 100644 Python-3.11.12.tar.xz create mode 100644 Python-3.11.12.tar.xz.sigstore create mode 100644 Python-3.11.13.tar.xz create mode 100644 Python-3.11.13.tar.xz.sigstore create mode 100644 README.SUSE create mode 100644 _multibuild create mode 100644 add-loongarch64-support.patch create mode 100644 baselibs.conf create mode 100644 bluez-devel-vendor.tar.xz create mode 100644 bpo-31046_ensurepip_honours_prefix.patch create mode 100644 bsc1221260-test_asyncio-ResourceWarning.patch create mode 100644 bso1227999-reproducible-builds.patch create mode 100644 distutils-reproducible-compile.patch create mode 100644 externally_managed.in create mode 100644 fix_configure_rst.patch create mode 100644 gh-126572-test_ssl-no-stop-ThreadedEchoServer-OSError.patch create mode 100644 gh120226-fix-sendfile-test-kernel-610.patch create mode 100644 idle3.appdata.xml create mode 100644 idle3.desktop create mode 100644 import_failed.map create mode 100644 import_failed.py create mode 100644 macros.python3 create mode 100644 no-skipif-doctests.patch create mode 100644 pre_checkin.sh create mode 100644 python-3.3.0b1-fix_date_time_compiler.patch create mode 100644 python-3.3.0b1-localpath.patch create mode 100644 python-3.3.0b1-test-posix_fadvise.patch create mode 100644 python.keyring create mode 100644 python311-rpmlintrc create mode 100644 python311.changes create mode 100644 python311.spec create mode 100644 skip-test_pyobject_freed_is_freed.patch create mode 100644 skip_if_buildbot-extend.patch create mode 100644 skipped_tests.py create mode 100644 subprocess-raise-timeout.patch diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/CVE-2023-52425-libexpat-2.6.0-backport.patch b/CVE-2023-52425-libexpat-2.6.0-backport.patch new file mode 100644 index 0000000..1acc25a --- /dev/null +++ b/CVE-2023-52425-libexpat-2.6.0-backport.patch @@ -0,0 +1,233 @@ +--- + Lib/test/support/__init__.py | 16 ++++++++++++++-- + Lib/test/test_minidom.py | 23 +++++++++-------------- + Lib/test/test_pyexpat.py | 12 +++++------- + Lib/test/test_sax.py | 18 +++++++++--------- + Lib/test/test_xml_etree.py | 12 ------------ + 5 files changed, 37 insertions(+), 44 deletions(-) + +Index: Python-3.11.12/Lib/test/support/__init__.py +=================================================================== +--- Python-3.11.12.orig/Lib/test/support/__init__.py 2025-04-11 10:52:43.191010503 +0200 ++++ Python-3.11.12/Lib/test/support/__init__.py 2025-04-11 10:52:44.802161741 +0200 +@@ -8,6 +8,7 @@ + import functools + import os + import re ++import pyexpat + import stat + import sys + import sysconfig +@@ -56,7 +57,7 @@ + "run_with_tz", "PGO", "missing_compiler_executable", + "ALWAYS_EQ", "NEVER_EQ", "LARGEST", "SMALLEST", + "LOOPBACK_TIMEOUT", "INTERNET_TIMEOUT", "SHORT_TIMEOUT", "LONG_TIMEOUT", +- "skip_on_s390x", ++ "skip_on_s390x", "fails_with_expat_2_6_0", "is_expat_2_6_0" + ] + + +@@ -2244,6 +2245,17 @@ + } + return ignored + +-#Windows doesn't have os.uname() but it doesn't support s390x. ++ ++# Windows doesn't have os.uname() but it doesn't support s390x. + skip_on_s390x = unittest.skipIf(hasattr(os, 'uname') and os.uname().machine == 's390x', + 'skipped on s390x') ++ ++ ++@functools.lru_cache ++def _is_expat_2_6_0(): ++ return hasattr(pyexpat.ParserCreate(), 'SetReparseDeferralEnabled') ++is_expat_2_6_0 = _is_expat_2_6_0() ++ ++fails_with_expat_2_6_0 = (unittest.expectedFailure ++ if is_expat_2_6_0 ++ else lambda test: test) +Index: Python-3.11.12/Lib/test/test_minidom.py +=================================================================== +--- Python-3.11.12.orig/Lib/test/test_minidom.py 2025-04-11 10:52:21.907086938 +0200 ++++ Python-3.11.12/Lib/test/test_minidom.py 2025-04-11 10:52:44.802522893 +0200 +@@ -6,7 +6,6 @@ + from test import support + import unittest + +-import pyexpat + import xml.dom.minidom + + from xml.dom.minidom import parse, Attr, Node, Document, parseString +@@ -1163,13 +1162,11 @@ + + # Verify that character decoding errors raise exceptions instead + # of crashing +- if pyexpat.version_info >= (2, 4, 5): +- self.assertRaises(ExpatError, parseString, +- b'') +- self.assertRaises(ExpatError, parseString, +- b'Comment \xe7a va ? Tr\xe8s bien ?') +- else: +- self.assertRaises(UnicodeDecodeError, parseString, ++ # It doesn’t make any sense to insist on the exact text of the ++ # error message, or even the exact Exception … it is enough that ++ # the error has been discovered. ++ with self.assertRaises((UnicodeDecodeError, ExpatError)): ++ parseString( + b'Comment \xe7a va ? Tr\xe8s bien ?') + + doc.unlink() +@@ -1631,12 +1628,10 @@ + self.confirm(doc2.namespaceURI == xml.dom.EMPTY_NAMESPACE) + + def testExceptionOnSpacesInXMLNSValue(self): +- if pyexpat.version_info >= (2, 4, 5): +- context = self.assertRaisesRegex(ExpatError, 'syntax error') +- else: +- context = self.assertRaisesRegex(ValueError, 'Unsupported syntax') +- +- with context: ++ # It doesn’t make any sense to insist on the exact text of the ++ # error message, or even the exact Exception … it is enough that ++ # the error has been discovered. ++ with self.assertRaises((ExpatError, ValueError)): + parseString('') + + def testDocRemoveChild(self): +Index: Python-3.11.12/Lib/test/test_pyexpat.py +=================================================================== +--- Python-3.11.12.orig/Lib/test/test_pyexpat.py 2025-04-11 10:52:22.076696906 +0200 ++++ Python-3.11.12/Lib/test/test_pyexpat.py 2025-04-11 10:52:44.803228085 +0200 +@@ -14,8 +14,7 @@ + from xml.parsers import expat + from xml.parsers.expat import errors + +-from test.support import sortdict, is_emscripten, is_wasi +- ++from test.support import sortdict, is_emscripten, is_wasi, is_expat_2_6_0 + + class SetAttributeTest(unittest.TestCase): + def setUp(self): +@@ -770,9 +769,8 @@ + self.assertIs(parser.GetReparseDeferralEnabled(), enabled) + + def test_reparse_deferral_enabled(self): +- if expat.version_info < (2, 6, 0): +- self.skipTest(f'Expat {expat.version_info} does not ' +- 'support reparse deferral') ++ if not is_expat_2_6_0: ++ self.skipTest("Linked libexpat doesn't support reparse deferral") + + started = [] + +@@ -801,9 +799,9 @@ + + parser = expat.ParserCreate() + parser.StartElementHandler = start_element +- if expat.version_info >= (2, 6, 0): ++ if is_expat_2_6_0: + parser.SetReparseDeferralEnabled(False) +- self.assertFalse(parser.GetReparseDeferralEnabled()) ++ self.assertFalse(parser.GetReparseDeferralEnabled()) + + for chunk in (b''): + parser.Parse(chunk, False) +Index: Python-3.11.12/Lib/test/test_sax.py +=================================================================== +--- Python-3.11.12.orig/Lib/test/test_sax.py 2025-04-11 10:52:22.111440337 +0200 ++++ Python-3.11.12/Lib/test/test_sax.py 2025-04-11 10:52:44.803567098 +0200 +@@ -19,13 +19,11 @@ + from io import BytesIO, StringIO + import codecs + import os.path +-import pyexpat + import shutil + import sys + from urllib.error import URLError + import urllib.request +-from test.support import os_helper +-from test.support import findfile ++from test.support import os_helper, findfile, is_expat_2_6_0 + from test.support.os_helper import FakePath, TESTFN + + +@@ -1215,10 +1213,10 @@ + + self.assertEqual(result.getvalue(), start + b"text") + +- @unittest.skipIf(pyexpat.version_info < (2, 6, 0), +- f'Expat {pyexpat.version_info} does not ' +- 'support reparse deferral') + def test_flush_reparse_deferral_enabled(self): ++ if not is_expat_2_6_0: ++ self.skipTest("Linked libexpat doesn't support reparse deferral") ++ + result = BytesIO() + xmlgen = XMLGenerator(result) + parser = create_parser() +@@ -1241,6 +1239,9 @@ + self.assertEqual(result.getvalue(), start + b"") + + def test_flush_reparse_deferral_disabled(self): ++ if not is_expat_2_6_0: ++ self.skipTest("Linked libexpat doesn't support reparse deferral") ++ + result = BytesIO() + xmlgen = XMLGenerator(result) + parser = create_parser() +@@ -1249,9 +1250,8 @@ + for chunk in (""): + parser.feed(chunk) + +- if pyexpat.version_info >= (2, 6, 0): +- parser._parser.SetReparseDeferralEnabled(False) +- self.assertEqual(result.getvalue(), start) # i.e. no elements started ++ parser._parser.SetReparseDeferralEnabled(False) ++ self.assertEqual(result.getvalue(), start) # i.e. no elements started + + self.assertFalse(parser._parser.GetReparseDeferralEnabled()) + +Index: Python-3.11.12/Lib/test/test_xml_etree.py +=================================================================== +--- Python-3.11.12.orig/Lib/test/test_xml_etree.py 2025-04-11 10:52:22.425637912 +0200 ++++ Python-3.11.12/Lib/test/test_xml_etree.py 2025-04-11 10:52:44.804234785 +0200 +@@ -13,7 +13,6 @@ + import operator + import os + import pickle +-import pyexpat + import sys + import textwrap + import types +@@ -1424,12 +1423,6 @@ + self.assert_event_tags(parser, [('end', 'root')]) + self.assertIsNone(parser.close()) + +- def test_simple_xml_chunk_1(self): +- self.test_simple_xml(chunk_size=1, flush=True) +- +- def test_simple_xml_chunk_5(self): +- self.test_simple_xml(chunk_size=5, flush=True) +- + def test_simple_xml_chunk_22(self): + self.test_simple_xml(chunk_size=22) + +@@ -1627,9 +1620,6 @@ + with self.assertRaises(ValueError): + ET.XMLPullParser(events=('start', 'end', 'bogus')) + +- @unittest.skipIf(pyexpat.version_info < (2, 6, 0), +- f'Expat {pyexpat.version_info} does not ' +- 'support reparse deferral') + def test_flush_reparse_deferral_enabled(self): + parser = ET.XMLPullParser(events=('start', 'end')) + +@@ -1656,8 +1646,6 @@ + + for chunk in (""): + parser.feed(chunk) +- +- if pyexpat.version_info >= (2, 6, 0): + if not ET is pyET: + self.skipTest(f'XMLParser.(Get|Set)ReparseDeferralEnabled ' + 'methods not available in C') diff --git a/CVE-2023-52425-remove-reparse_deferral-tests.patch b/CVE-2023-52425-remove-reparse_deferral-tests.patch new file mode 100644 index 0000000..553bdf8 --- /dev/null +++ b/CVE-2023-52425-remove-reparse_deferral-tests.patch @@ -0,0 +1,60 @@ +--- + Lib/test/test_pyexpat.py | 2 ++ + Lib/test/test_sax.py | 2 ++ + Lib/test/test_xml_etree.py | 2 ++ + 3 files changed, 6 insertions(+) + +--- a/Lib/test/test_pyexpat.py ++++ b/Lib/test/test_pyexpat.py +@@ -768,6 +768,7 @@ class ReparseDeferralTest(unittest.TestC + parser.SetReparseDeferralEnabled(True) + self.assertIs(parser.GetReparseDeferralEnabled(), enabled) + ++ @unittest.skip('Tests are failing.') + def test_reparse_deferral_enabled(self): + if not is_expat_2_6_0: + self.skipTest("Linked libexpat doesn't support reparse deferral") +@@ -791,6 +792,7 @@ class ReparseDeferralTest(unittest.TestC + + self.assertEqual(started, ['doc']) + ++ @unittest.skip('Tests are failing.') + def test_reparse_deferral_disabled(self): + started = [] + +--- a/Lib/test/test_sax.py ++++ b/Lib/test/test_sax.py +@@ -1213,6 +1213,7 @@ class ExpatReaderTest(XmlTestBase): + + self.assertEqual(result.getvalue(), start + b"text") + ++ @unittest.skip('Tests are failing.') + def test_flush_reparse_deferral_enabled(self): + if not is_expat_2_6_0: + self.skipTest("Linked libexpat doesn't support reparse deferral") +@@ -1238,6 +1239,7 @@ class ExpatReaderTest(XmlTestBase): + + self.assertEqual(result.getvalue(), start + b"") + ++ @unittest.skip('Tests are failing.') + def test_flush_reparse_deferral_disabled(self): + if not is_expat_2_6_0: + self.skipTest("Linked libexpat doesn't support reparse deferral") +--- a/Lib/test/test_xml_etree.py ++++ b/Lib/test/test_xml_etree.py +@@ -1620,6 +1620,7 @@ class XMLPullParserTest(unittest.TestCas + with self.assertRaises(ValueError): + ET.XMLPullParser(events=('start', 'end', 'bogus')) + ++ @unittest.skip('Tests are failing.') + def test_flush_reparse_deferral_enabled(self): + parser = ET.XMLPullParser(events=('start', 'end')) + +@@ -1641,6 +1642,7 @@ class XMLPullParserTest(unittest.TestCas + + self.assert_event_tags(parser, [('end', 'doc')]) + ++ @unittest.skip('Tests are failing.') + def test_flush_reparse_deferral_disabled(self): + parser = ET.XMLPullParser(events=('start', 'end')) + diff --git a/CVE-2024-9287-venv_path_unquoted.patch b/CVE-2024-9287-venv_path_unquoted.patch new file mode 100644 index 0000000..541a907 --- /dev/null +++ b/CVE-2024-9287-venv_path_unquoted.patch @@ -0,0 +1,299 @@ +From 1408cc9bf9e8b19968761548c30b78d37074c21c Mon Sep 17 00:00:00 2001 +From: Y5 <124019959+y5c4l3@users.noreply.github.com> +Date: Tue, 22 Oct 2024 04:48:04 +0800 +Subject: [PATCH] gh-124651: Quote template strings in `venv` activation + scripts (GH-124712) + +This patch properly quotes template strings in `venv` activation +scripts. This mitigates potential command injection. + +(cherry picked from commit d48cc82ed25e26b02eb97c6263d95dcaa1e9111b) +--- + Lib/test/test_venv.py | 81 ++++++++++ + Lib/venv/__init__.py | 42 ++++- + Lib/venv/scripts/common/activate | 8 + Lib/venv/scripts/nt/activate.bat | 6 + Lib/venv/scripts/posix/activate.csh | 8 + Lib/venv/scripts/posix/activate.fish | 8 + Misc/NEWS.d/next/Library/2024-09-28-02-03-04.gh-issue-124651.bLBGtH.rst | 1 + 7 files changed, 134 insertions(+), 20 deletions(-) + create mode 100644 Misc/NEWS.d/next/Library/2024-09-28-02-03-04.gh-issue-124651.bLBGtH.rst + +--- a/Lib/test/test_venv.py ++++ b/Lib/test/test_venv.py +@@ -11,6 +11,7 @@ import os + import os.path + import pathlib + import re ++import shlex + import shutil + import struct + import subprocess +@@ -96,6 +97,10 @@ class BaseTest(unittest.TestCase): + result = f.read() + return result + ++ def assertEndsWith(self, string, tail): ++ if not string.endswith(tail): ++ self.fail(f"String {string!r} does not end with {tail!r}") ++ + class BasicTest(BaseTest): + """Test venv module functionality.""" + +@@ -446,6 +451,82 @@ class BasicTest(BaseTest): + 'import sys; print(sys.executable)']) + self.assertEqual(out.strip(), envpy.encode()) + ++ # gh-124651: test quoted strings ++ @unittest.skipIf(os.name == 'nt', 'contains invalid characters on Windows') ++ def test_special_chars_bash(self): ++ """ ++ Test that the template strings are quoted properly (bash) ++ """ ++ rmtree(self.env_dir) ++ bash = shutil.which('bash') ++ if bash is None: ++ self.skipTest('bash required for this test') ++ env_name = '"\';&&$e|\'"' ++ env_dir = os.path.join(os.path.realpath(self.env_dir), env_name) ++ builder = venv.EnvBuilder(clear=True) ++ builder.create(env_dir) ++ activate = os.path.join(env_dir, self.bindir, 'activate') ++ test_script = os.path.join(self.env_dir, 'test_special_chars.sh') ++ with open(test_script, "w") as f: ++ f.write(f'source {shlex.quote(activate)}\n' ++ 'python -c \'import sys; print(sys.executable)\'\n' ++ 'python -c \'import os; print(os.environ["VIRTUAL_ENV"])\'\n' ++ 'deactivate\n') ++ out, err = check_output([bash, test_script]) ++ lines = out.splitlines() ++ self.assertTrue(env_name.encode() in lines[0]) ++ self.assertEndsWith(lines[1], env_name.encode()) ++ ++ # gh-124651: test quoted strings ++ @unittest.skipIf(os.name == 'nt', 'contains invalid characters on Windows') ++ def test_special_chars_csh(self): ++ """ ++ Test that the template strings are quoted properly (csh) ++ """ ++ rmtree(self.env_dir) ++ csh = shutil.which('tcsh') or shutil.which('csh') ++ if csh is None: ++ self.skipTest('csh required for this test') ++ env_name = '"\';&&$e|\'"' ++ env_dir = os.path.join(os.path.realpath(self.env_dir), env_name) ++ builder = venv.EnvBuilder(clear=True) ++ builder.create(env_dir) ++ activate = os.path.join(env_dir, self.bindir, 'activate.csh') ++ test_script = os.path.join(self.env_dir, 'test_special_chars.csh') ++ with open(test_script, "w") as f: ++ f.write(f'source {shlex.quote(activate)}\n' ++ 'python -c \'import sys; print(sys.executable)\'\n' ++ 'python -c \'import os; print(os.environ["VIRTUAL_ENV"])\'\n' ++ 'deactivate\n') ++ out, err = check_output([csh, test_script]) ++ lines = out.splitlines() ++ self.assertTrue(env_name.encode() in lines[0]) ++ self.assertEndsWith(lines[1], env_name.encode()) ++ ++ # gh-124651: test quoted strings on Windows ++ @unittest.skipUnless(os.name == 'nt', 'only relevant on Windows') ++ def test_special_chars_windows(self): ++ """ ++ Test that the template strings are quoted properly on Windows ++ """ ++ rmtree(self.env_dir) ++ env_name = "'&&^$e" ++ env_dir = os.path.join(os.path.realpath(self.env_dir), env_name) ++ builder = venv.EnvBuilder(clear=True) ++ builder.create(env_dir) ++ activate = os.path.join(env_dir, self.bindir, 'activate.bat') ++ test_batch = os.path.join(self.env_dir, 'test_special_chars.bat') ++ with open(test_batch, "w") as f: ++ f.write('@echo off\n' ++ f'"{activate}" & ' ++ f'{self.exe} -c "import sys; print(sys.executable)" & ' ++ f'{self.exe} -c "import os; print(os.environ[\'VIRTUAL_ENV\'])" & ' ++ 'deactivate') ++ out, err = check_output([test_batch]) ++ lines = out.splitlines() ++ self.assertTrue(env_name.encode() in lines[0]) ++ self.assertEndsWith(lines[1], env_name.encode()) ++ + @unittest.skipUnless(os.name == 'nt', 'only relevant on Windows') + def test_unicode_in_batch_file(self): + """ +--- a/Lib/venv/__init__.py ++++ b/Lib/venv/__init__.py +@@ -11,6 +11,7 @@ import subprocess + import sys + import sysconfig + import types ++import shlex + + + CORE_VENV_DEPS = ('pip', 'setuptools') +@@ -394,11 +395,41 @@ class EnvBuilder: + :param context: The information for the environment creation request + being processed. + """ +- text = text.replace('__VENV_DIR__', context.env_dir) +- text = text.replace('__VENV_NAME__', context.env_name) +- text = text.replace('__VENV_PROMPT__', context.prompt) +- text = text.replace('__VENV_BIN_NAME__', context.bin_name) +- text = text.replace('__VENV_PYTHON__', context.env_exe) ++ replacements = { ++ '__VENV_DIR__': context.env_dir, ++ '__VENV_NAME__': context.env_name, ++ '__VENV_PROMPT__': context.prompt, ++ '__VENV_BIN_NAME__': context.bin_name, ++ '__VENV_PYTHON__': context.env_exe, ++ } ++ ++ def quote_ps1(s): ++ """ ++ This should satisfy PowerShell quoting rules [1], unless the quoted ++ string is passed directly to Windows native commands [2]. ++ [1]: https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_quoting_rules ++ [2]: https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_parsing#passing-arguments-that-contain-quote-characters ++ """ ++ s = s.replace("'", "''") ++ return f"'{s}'" ++ ++ def quote_bat(s): ++ return s ++ ++ # gh-124651: need to quote the template strings properly ++ quote = shlex.quote ++ script_path = context.script_path ++ if script_path.endswith('.ps1'): ++ quote = quote_ps1 ++ elif script_path.endswith('.bat'): ++ quote = quote_bat ++ else: ++ # fallbacks to POSIX shell compliant quote ++ quote = shlex.quote ++ ++ replacements = {key: quote(s) for key, s in replacements.items()} ++ for key, quoted in replacements.items(): ++ text = text.replace(key, quoted) + return text + + def install_scripts(self, context, path): +@@ -438,6 +469,7 @@ class EnvBuilder: + with open(srcfile, 'rb') as f: + data = f.read() + if not srcfile.endswith(('.exe', '.pdb')): ++ context.script_path = srcfile + try: + data = data.decode('utf-8') + data = self.replace_variables(data, context) +--- a/Lib/venv/scripts/common/activate ++++ b/Lib/venv/scripts/common/activate +@@ -35,11 +35,11 @@ deactivate () { + # unset irrelevant variables + deactivate nondestructive + +-VIRTUAL_ENV="__VENV_DIR__" ++VIRTUAL_ENV=__VENV_DIR__ + export VIRTUAL_ENV + + _OLD_VIRTUAL_PATH="$PATH" +-PATH="$VIRTUAL_ENV/__VENV_BIN_NAME__:$PATH" ++PATH="$VIRTUAL_ENV/"__VENV_BIN_NAME__":$PATH" + export PATH + + # unset PYTHONHOME if set +@@ -52,9 +52,9 @@ fi + + if [ -z "${VIRTUAL_ENV_DISABLE_PROMPT:-}" ] ; then + _OLD_VIRTUAL_PS1="${PS1:-}" +- PS1="__VENV_PROMPT__${PS1:-}" ++ PS1=__VENV_PROMPT__"${PS1:-}" + export PS1 +- VIRTUAL_ENV_PROMPT="__VENV_PROMPT__" ++ VIRTUAL_ENV_PROMPT=__VENV_PROMPT__ + export VIRTUAL_ENV_PROMPT + fi + +--- a/Lib/venv/scripts/nt/activate.bat ++++ b/Lib/venv/scripts/nt/activate.bat +@@ -8,7 +8,7 @@ if defined _OLD_CODEPAGE ( + "%SystemRoot%\System32\chcp.com" 65001 > nul + ) + +-set VIRTUAL_ENV=__VENV_DIR__ ++set "VIRTUAL_ENV=__VENV_DIR__" + + if not defined PROMPT set PROMPT=$P$G + +@@ -24,8 +24,8 @@ set PYTHONHOME= + if defined _OLD_VIRTUAL_PATH set PATH=%_OLD_VIRTUAL_PATH% + if not defined _OLD_VIRTUAL_PATH set _OLD_VIRTUAL_PATH=%PATH% + +-set PATH=%VIRTUAL_ENV%\__VENV_BIN_NAME__;%PATH% +-set VIRTUAL_ENV_PROMPT=__VENV_PROMPT__ ++set "PATH=%VIRTUAL_ENV%\__VENV_BIN_NAME__;%PATH%" ++set "VIRTUAL_ENV_PROMPT=__VENV_PROMPT__" + + :END + if defined _OLD_CODEPAGE ( +--- a/Lib/venv/scripts/posix/activate.csh ++++ b/Lib/venv/scripts/posix/activate.csh +@@ -8,17 +8,17 @@ alias deactivate 'test $?_OLD_VIRTUAL_PA + # Unset irrelevant variables. + deactivate nondestructive + +-setenv VIRTUAL_ENV "__VENV_DIR__" ++setenv VIRTUAL_ENV __VENV_DIR__ + + set _OLD_VIRTUAL_PATH="$PATH" +-setenv PATH "$VIRTUAL_ENV/__VENV_BIN_NAME__:$PATH" ++setenv PATH "$VIRTUAL_ENV/"__VENV_BIN_NAME__":$PATH" + + + set _OLD_VIRTUAL_PROMPT="$prompt" + + if (! "$?VIRTUAL_ENV_DISABLE_PROMPT") then +- set prompt = "__VENV_PROMPT__$prompt" +- setenv VIRTUAL_ENV_PROMPT "__VENV_PROMPT__" ++ set prompt = __VENV_PROMPT__"$prompt" ++ setenv VIRTUAL_ENV_PROMPT __VENV_PROMPT__ + endif + + alias pydoc python -m pydoc +--- a/Lib/venv/scripts/posix/activate.fish ++++ b/Lib/venv/scripts/posix/activate.fish +@@ -33,10 +33,10 @@ end + # Unset irrelevant variables. + deactivate nondestructive + +-set -gx VIRTUAL_ENV "__VENV_DIR__" ++set -gx VIRTUAL_ENV __VENV_DIR__ + + set -gx _OLD_VIRTUAL_PATH $PATH +-set -gx PATH "$VIRTUAL_ENV/__VENV_BIN_NAME__" $PATH ++set -gx PATH "$VIRTUAL_ENV/"__VENV_BIN_NAME__ $PATH + + # Unset PYTHONHOME if set. + if set -q PYTHONHOME +@@ -56,7 +56,7 @@ if test -z "$VIRTUAL_ENV_DISABLE_PROMPT" + set -l old_status $status + + # Output the venv prompt; color taken from the blue of the Python logo. +- printf "%s%s%s" (set_color 4B8BBE) "__VENV_PROMPT__" (set_color normal) ++ printf "%s%s%s" (set_color 4B8BBE) __VENV_PROMPT__ (set_color normal) + + # Restore the return status of the previous command. + echo "exit $old_status" | . +@@ -65,5 +65,5 @@ if test -z "$VIRTUAL_ENV_DISABLE_PROMPT" + end + + set -gx _OLD_FISH_PROMPT_OVERRIDE "$VIRTUAL_ENV" +- set -gx VIRTUAL_ENV_PROMPT "__VENV_PROMPT__" ++ set -gx VIRTUAL_ENV_PROMPT __VENV_PROMPT__ + end +--- /dev/null ++++ b/Misc/NEWS.d/next/Library/2024-09-28-02-03-04.gh-issue-124651.bLBGtH.rst +@@ -0,0 +1 @@ ++Properly quote template strings in :mod:`venv` activation scripts. diff --git a/CVE-2025-0938-sq-brackets-domain-names.patch b/CVE-2025-0938-sq-brackets-domain-names.patch new file mode 100644 index 0000000..7db4656 --- /dev/null +++ b/CVE-2025-0938-sq-brackets-domain-names.patch @@ -0,0 +1,127 @@ +From d91e2c740890837edafaee24d68112b776cda9c5 Mon Sep 17 00:00:00 2001 +From: Seth Michael Larson +Date: Fri, 31 Jan 2025 11:41:34 -0600 +Subject: [PATCH] gh-105704: Disallow square brackets (`[` and `]`) in domain + names for parsed URLs (GH-129418) + +* gh-105704: Disallow square brackets ( and ) in domain names for parsed URLs + +* Use Sphinx references + +Co-authored-by: Peter Bierma + +* Add mismatched bracket test cases, fix news format + +* Add more test coverage for ports + +--------- + +(cherry picked from commit d89a5f6a6e65511a5f6e0618c4c30a7aa5aba56a) + +Co-authored-by: Seth Michael Larson +Co-authored-by: Peter Bierma +--- + Lib/test/test_urlparse.py | 37 +++++++++- + Lib/urllib/parse.py | 20 ++++- + Misc/NEWS.d/next/Security/2025-01-28-14-08-03.gh-issue-105704.EnhHxu.rst | 4 + + 3 files changed, 58 insertions(+), 3 deletions(-) + create mode 100644 Misc/NEWS.d/next/Security/2025-01-28-14-08-03.gh-issue-105704.EnhHxu.rst + +--- a/Lib/test/test_urlparse.py ++++ b/Lib/test/test_urlparse.py +@@ -1224,16 +1224,51 @@ class UrlParseTestCase(unittest.TestCase + self.assertRaises(ValueError, urllib.parse.urlsplit, 'Scheme://user@[0439:23af::2309::fae7:1234]/Path?Query') + self.assertRaises(ValueError, urllib.parse.urlsplit, 'Scheme://user@[0439:23af:2309::fae7:1234:2342:438e:192.0.2.146]/Path?Query') + self.assertRaises(ValueError, urllib.parse.urlsplit, 'Scheme://user@]v6a.ip[/Path') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[v6a.ip]') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[v6a.ip].suffix') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[v6a.ip]/') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[v6a.ip].suffix/') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[v6a.ip]?') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[v6a.ip].suffix?') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]/') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix/') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]?') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix?') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]:a') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix:a') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]:a1') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix:a1') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]:1a') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix:1a') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]:') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix:/') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]:?') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://user@prefix.[v6a.ip]') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://user@[v6a.ip].suffix') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[v6a.ip') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://v6a.ip]') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://]v6a.ip[') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://]v6a.ip') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://v6a.ip[') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[v6a.ip') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://v6a.ip].suffix') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix]v6a.ip[suffix') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix]v6a.ip') ++ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://v6a.ip[suffix') + + def test_splitting_bracketed_hosts(self): +- p1 = urllib.parse.urlsplit('scheme://user@[v6a.ip]/path?query') ++ p1 = urllib.parse.urlsplit('scheme://user@[v6a.ip]:1234/path?query') + self.assertEqual(p1.hostname, 'v6a.ip') + self.assertEqual(p1.username, 'user') + self.assertEqual(p1.path, '/path') ++ self.assertEqual(p1.port, 1234) + p2 = urllib.parse.urlsplit('scheme://user@[0439:23af:2309::fae7%test]/path?query') + self.assertEqual(p2.hostname, '0439:23af:2309::fae7%test') + self.assertEqual(p2.username, 'user') + self.assertEqual(p2.path, '/path') ++ self.assertIs(p2.port, None) + p3 = urllib.parse.urlsplit('scheme://user@[0439:23af:2309::fae7:1234:192.0.2.146%test]/path?query') + self.assertEqual(p3.hostname, '0439:23af:2309::fae7:1234:192.0.2.146%test') + self.assertEqual(p3.username, 'user') +--- a/Lib/urllib/parse.py ++++ b/Lib/urllib/parse.py +@@ -436,6 +436,23 @@ def _checknetloc(netloc): + raise ValueError("netloc '" + netloc + "' contains invalid " + + "characters under NFKC normalization") + ++def _check_bracketed_netloc(netloc): ++ # Note that this function must mirror the splitting ++ # done in NetlocResultMixins._hostinfo(). ++ hostname_and_port = netloc.rpartition('@')[2] ++ before_bracket, have_open_br, bracketed = hostname_and_port.partition('[') ++ if have_open_br: ++ # No data is allowed before a bracket. ++ if before_bracket: ++ raise ValueError("Invalid IPv6 URL") ++ hostname, _, port = bracketed.partition(']') ++ # No data is allowed after the bracket but before the port delimiter. ++ if port and not port.startswith(":"): ++ raise ValueError("Invalid IPv6 URL") ++ else: ++ hostname, _, port = hostname_and_port.partition(':') ++ _check_bracketed_host(hostname) ++ + # Valid bracketed hosts are defined in + # https://www.rfc-editor.org/rfc/rfc3986#page-49 and https://url.spec.whatwg.org/ + def _check_bracketed_host(hostname): +@@ -496,8 +513,7 @@ def urlsplit(url, scheme='', allow_fragm + (']' in netloc and '[' not in netloc)): + raise ValueError("Invalid IPv6 URL") + if '[' in netloc and ']' in netloc: +- bracketed_host = netloc.partition('[')[2].partition(']')[0] +- _check_bracketed_host(bracketed_host) ++ _check_bracketed_netloc(netloc) + if allow_fragments and '#' in url: + url, fragment = url.split('#', 1) + if '?' in url: +--- /dev/null ++++ b/Misc/NEWS.d/next/Security/2025-01-28-14-08-03.gh-issue-105704.EnhHxu.rst +@@ -0,0 +1,4 @@ ++When using :func:`urllib.parse.urlsplit` and :func:`urllib.parse.urlparse` host ++parsing would not reject domain names containing square brackets (``[`` and ++``]``). Square brackets are only valid for IPv6 and IPvFuture hosts according to ++`RFC 3986 Section 3.2.2 `__. diff --git a/CVE-2025-4516-DecodeError-handler.patch b/CVE-2025-4516-DecodeError-handler.patch new file mode 100644 index 0000000..fc4b1d6 --- /dev/null +++ b/CVE-2025-4516-DecodeError-handler.patch @@ -0,0 +1,504 @@ +From 0c33e5baedf18ebcb04bc41dff7cfc614d5ea5fe Mon Sep 17 00:00:00 2001 +From: Serhiy Storchaka +Date: Tue, 20 May 2025 15:46:57 +0300 +Subject: [PATCH] [3.11] gh-133767: Fix use-after-free in the unicode-escape + decoder with an error handler (GH-129648) (GH-133944) + +If the error handler is used, a new bytes object is created to set as +the object attribute of UnicodeDecodeError, and that bytes object then +replaces the original data. A pointer to the decoded data will became invalid +after destroying that temporary bytes object. So we need other way to return +the first invalid escape from _PyUnicode_DecodeUnicodeEscapeInternal(). + +_PyBytes_DecodeEscape() does not have such issue, because it does not +use the error handlers registry, but it should be changed for compatibility +with _PyUnicode_DecodeUnicodeEscapeInternal(). +(cherry picked from commit 9f69a58623bd01349a18ba0c7a9cb1dad6a51e8e) +(cherry picked from commit 6279eb8c076d89d3739a6edb393e43c7929b429d) +(cherry picked from commit a75953b347716fff694aa59a7c7c2489fa50d1f5) + +Co-authored-by: Serhiy Storchaka +--- + Include/cpython/bytesobject.h | 4 + Include/cpython/unicodeobject.h | 13 ++ + Lib/test/test_codeccallbacks.py | 39 ++++++ + Lib/test/test_codecs.py | 52 ++++++-- + Misc/NEWS.d/next/Security/2025-05-09-20-22-54.gh-issue-133767.kN2i3Q.rst | 2 + Objects/bytesobject.c | 56 ++++++-- + Objects/unicodeobject.c | 63 +++++++--- + Parser/string_parser.c | 24 ++- + 8 files changed, 197 insertions(+), 56 deletions(-) + create mode 100644 Misc/NEWS.d/next/Security/2025-05-09-20-22-54.gh-issue-133767.kN2i3Q.rst + +--- a/Include/cpython/bytesobject.h ++++ b/Include/cpython/bytesobject.h +@@ -25,6 +25,10 @@ PyAPI_FUNC(PyObject*) _PyBytes_FromHex( + int use_bytearray); + + /* Helper for PyBytes_DecodeEscape that detects invalid escape chars. */ ++PyAPI_FUNC(PyObject*) _PyBytes_DecodeEscape2(const char *, Py_ssize_t, ++ const char *, ++ int *, const char **); ++// Export for binary compatibility. + PyAPI_FUNC(PyObject *) _PyBytes_DecodeEscape(const char *, Py_ssize_t, + const char *, const char **); + +--- a/Include/cpython/unicodeobject.h ++++ b/Include/cpython/unicodeobject.h +@@ -914,6 +914,19 @@ PyAPI_FUNC(PyObject*) _PyUnicode_DecodeU + ); + /* Helper for PyUnicode_DecodeUnicodeEscape that detects invalid escape + chars. */ ++PyAPI_FUNC(PyObject*) _PyUnicode_DecodeUnicodeEscapeInternal2( ++ const char *string, /* Unicode-Escape encoded string */ ++ Py_ssize_t length, /* size of string */ ++ const char *errors, /* error handling */ ++ Py_ssize_t *consumed, /* bytes consumed */ ++ int *first_invalid_escape_char, /* on return, if not -1, contain the first ++ invalid escaped char (<= 0xff) or invalid ++ octal escape (> 0xff) in string. */ ++ const char **first_invalid_escape_ptr); /* on return, if not NULL, may ++ point to the first invalid escaped ++ char in string. ++ May be NULL if errors is not NULL. */ ++// Export for binary compatibility. + PyAPI_FUNC(PyObject*) _PyUnicode_DecodeUnicodeEscapeInternal( + const char *string, /* Unicode-Escape encoded string */ + Py_ssize_t length, /* size of string */ +--- a/Lib/test/test_codeccallbacks.py ++++ b/Lib/test/test_codeccallbacks.py +@@ -1,6 +1,7 @@ + import codecs + import html.entities + import itertools ++import re + import sys + import unicodedata + import unittest +@@ -1124,7 +1125,7 @@ class CodecCallbackTest(unittest.TestCas + text = 'abcghi'*n + text.translate(charmap) + +- def test_mutatingdecodehandler(self): ++ def test_mutating_decode_handler(self): + baddata = [ + ("ascii", b"\xff"), + ("utf-7", b"++"), +@@ -1159,6 +1160,42 @@ class CodecCallbackTest(unittest.TestCas + for (encoding, data) in baddata: + self.assertEqual(data.decode(encoding, "test.mutating"), "\u4242") + ++ def test_mutating_decode_handler_unicode_escape(self): ++ decode = codecs.unicode_escape_decode ++ def mutating(exc): ++ if isinstance(exc, UnicodeDecodeError): ++ r = data.get(exc.object[:exc.end]) ++ if r is not None: ++ exc.object = r[0] + exc.object[exc.end:] ++ return ('\u0404', r[1]) ++ raise AssertionError("don't know how to handle %r" % exc) ++ ++ codecs.register_error('test.mutating2', mutating) ++ data = { ++ br'\x0': (b'\\', 0), ++ br'\x3': (b'xxx\\', 3), ++ br'\x5': (b'x\\', 1), ++ } ++ def check(input, expected, msg): ++ with self.assertWarns(DeprecationWarning) as cm: ++ self.assertEqual(decode(input, 'test.mutating2'), (expected, len(input))) ++ self.assertIn(msg, str(cm.warning)) ++ ++ check(br'\x0n\z', '\u0404\n\\z', r"invalid escape sequence '\z'") ++ check(br'\x0n\501', '\u0404\n\u0141', r"invalid octal escape sequence '\501'") ++ check(br'\x0z', '\u0404\\z', r"invalid escape sequence '\z'") ++ ++ check(br'\x3n\zr', '\u0404\n\\zr', r"invalid escape sequence '\z'") ++ check(br'\x3zr', '\u0404\\zr', r"invalid escape sequence '\z'") ++ check(br'\x3z5', '\u0404\\z5', r"invalid escape sequence '\z'") ++ check(memoryview(br'\x3z5x')[:-1], '\u0404\\z5', r"invalid escape sequence '\z'") ++ check(memoryview(br'\x3z5xy')[:-2], '\u0404\\z5', r"invalid escape sequence '\z'") ++ ++ check(br'\x5n\z', '\u0404\n\\z', r"invalid escape sequence '\z'") ++ check(br'\x5n\501', '\u0404\n\u0141', r"invalid octal escape sequence '\501'") ++ check(br'\x5z', '\u0404\\z', r"invalid escape sequence '\z'") ++ check(memoryview(br'\x5zy')[:-1], '\u0404\\z', r"invalid escape sequence '\z'") ++ + # issue32583 + def test_crashing_decode_handler(self): + # better generating one more character to fill the extra space slot +--- a/Lib/test/test_codecs.py ++++ b/Lib/test/test_codecs.py +@@ -1198,23 +1198,39 @@ class EscapeDecodeTest(unittest.TestCase + check(br"[\1010]", b"[A0]") + check(br"[\x41]", b"[A]") + check(br"[\x410]", b"[A0]") ++ ++ def test_warnings(self): ++ decode = codecs.escape_decode ++ check = coding_checker(self, decode) + for i in range(97, 123): + b = bytes([i]) + if b not in b'abfnrtvx': +- with self.assertWarns(DeprecationWarning): ++ with self.assertWarnsRegex(DeprecationWarning, ++ r"invalid escape sequence '\\%c'" % i): + check(b"\\" + b, b"\\" + b) +- with self.assertWarns(DeprecationWarning): ++ with self.assertWarnsRegex(DeprecationWarning, ++ r"invalid escape sequence '\\%c'" % (i-32)): + check(b"\\" + b.upper(), b"\\" + b.upper()) +- with self.assertWarns(DeprecationWarning): ++ with self.assertWarnsRegex(DeprecationWarning, ++ r"invalid escape sequence '\\8'"): + check(br"\8", b"\\8") + with self.assertWarns(DeprecationWarning): + check(br"\9", b"\\9") +- with self.assertWarns(DeprecationWarning): ++ with self.assertWarnsRegex(DeprecationWarning, ++ r"invalid escape sequence '\\\xfa'") as cm: + check(b"\\\xfa", b"\\\xfa") + for i in range(0o400, 0o1000): +- with self.assertWarns(DeprecationWarning): ++ with self.assertWarnsRegex(DeprecationWarning, ++ r"invalid octal escape sequence '\\%o'" % i): + check(rb'\%o' % i, bytes([i & 0o377])) + ++ with self.assertWarnsRegex(DeprecationWarning, ++ r"invalid escape sequence '\\z'"): ++ self.assertEqual(decode(br'\x\z', 'ignore'), (b'\\z', 4)) ++ with self.assertWarnsRegex(DeprecationWarning, ++ r"invalid octal escape sequence '\\501'"): ++ self.assertEqual(decode(br'\x\501', 'ignore'), (b'A', 6)) ++ + def test_errors(self): + decode = codecs.escape_decode + self.assertRaises(ValueError, decode, br"\x") +@@ -2487,24 +2503,40 @@ class UnicodeEscapeTest(ReadTest, unitte + check(br"[\x410]", "[A0]") + check(br"\u20ac", "\u20ac") + check(br"\U0001d120", "\U0001d120") ++ ++ def test_decode_warnings(self): ++ decode = codecs.unicode_escape_decode ++ check = coding_checker(self, decode) + for i in range(97, 123): + b = bytes([i]) + if b not in b'abfnrtuvx': +- with self.assertWarns(DeprecationWarning): ++ with self.assertWarnsRegex(DeprecationWarning, ++ r"invalid escape sequence '\\%c'" % i): + check(b"\\" + b, "\\" + chr(i)) + if b.upper() not in b'UN': +- with self.assertWarns(DeprecationWarning): ++ with self.assertWarnsRegex(DeprecationWarning, ++ r"invalid escape sequence '\\%c'" % (i-32)): + check(b"\\" + b.upper(), "\\" + chr(i-32)) +- with self.assertWarns(DeprecationWarning): ++ with self.assertWarnsRegex(DeprecationWarning, ++ r"invalid escape sequence '\\8'"): + check(br"\8", "\\8") + with self.assertWarns(DeprecationWarning): + check(br"\9", "\\9") +- with self.assertWarns(DeprecationWarning): ++ with self.assertWarnsRegex(DeprecationWarning, ++ r"invalid escape sequence '\\\xfa'") as cm: + check(b"\\\xfa", "\\\xfa") + for i in range(0o400, 0o1000): +- with self.assertWarns(DeprecationWarning): ++ with self.assertWarnsRegex(DeprecationWarning, ++ r"invalid octal escape sequence '\\%o'" % i): + check(rb'\%o' % i, chr(i)) + ++ with self.assertWarnsRegex(DeprecationWarning, ++ r"invalid escape sequence '\\z'"): ++ self.assertEqual(decode(br'\x\z', 'ignore'), ('\\z', 4)) ++ with self.assertWarnsRegex(DeprecationWarning, ++ r"invalid octal escape sequence '\\501'"): ++ self.assertEqual(decode(br'\x\501', 'ignore'), ('\u0141', 6)) ++ + def test_decode_errors(self): + decode = codecs.unicode_escape_decode + for c, d in (b'x', 2), (b'u', 4), (b'U', 4): +--- /dev/null ++++ b/Misc/NEWS.d/next/Security/2025-05-09-20-22-54.gh-issue-133767.kN2i3Q.rst +@@ -0,0 +1,2 @@ ++Fix use-after-free in the "unicode-escape" decoder with a non-"strict" error ++handler. +--- a/Objects/bytesobject.c ++++ b/Objects/bytesobject.c +@@ -1057,10 +1057,11 @@ _PyBytes_FormatEx(const char *format, Py + } + + /* Unescape a backslash-escaped string. */ +-PyObject *_PyBytes_DecodeEscape(const char *s, ++PyObject *_PyBytes_DecodeEscape2(const char *s, + Py_ssize_t len, + const char *errors, +- const char **first_invalid_escape) ++ int *first_invalid_escape_char, ++ const char **first_invalid_escape_ptr) + { + int c; + char *p; +@@ -1074,7 +1075,8 @@ PyObject *_PyBytes_DecodeEscape(const ch + return NULL; + writer.overallocate = 1; + +- *first_invalid_escape = NULL; ++ *first_invalid_escape_char = -1; ++ *first_invalid_escape_ptr = NULL; + + end = s + len; + while (s < end) { +@@ -1112,9 +1114,10 @@ PyObject *_PyBytes_DecodeEscape(const ch + c = (c<<3) + *s++ - '0'; + } + if (c > 0377) { +- if (*first_invalid_escape == NULL) { +- *first_invalid_escape = s-3; /* Back up 3 chars, since we've +- already incremented s. */ ++ if (*first_invalid_escape_char == -1) { ++ *first_invalid_escape_char = c; ++ /* Back up 3 chars, since we've already incremented s. */ ++ *first_invalid_escape_ptr = s - 3; + } + } + *p++ = c; +@@ -1155,9 +1158,10 @@ PyObject *_PyBytes_DecodeEscape(const ch + break; + + default: +- if (*first_invalid_escape == NULL) { +- *first_invalid_escape = s-1; /* Back up one char, since we've +- already incremented s. */ ++ if (*first_invalid_escape_char == -1) { ++ *first_invalid_escape_char = (unsigned char)s[-1]; ++ /* Back up one char, since we've already incremented s. */ ++ *first_invalid_escape_ptr = s - 1; + } + *p++ = '\\'; + s--; +@@ -1171,23 +1175,39 @@ PyObject *_PyBytes_DecodeEscape(const ch + return NULL; + } + ++// Export for binary compatibility. ++PyObject *_PyBytes_DecodeEscape(const char *s, ++ Py_ssize_t len, ++ const char *errors, ++ const char **first_invalid_escape) ++{ ++ int first_invalid_escape_char; ++ return _PyBytes_DecodeEscape2( ++ s, len, errors, ++ &first_invalid_escape_char, ++ first_invalid_escape); ++} ++ + PyObject *PyBytes_DecodeEscape(const char *s, + Py_ssize_t len, + const char *errors, + Py_ssize_t Py_UNUSED(unicode), + const char *Py_UNUSED(recode_encoding)) + { +- const char* first_invalid_escape; +- PyObject *result = _PyBytes_DecodeEscape(s, len, errors, +- &first_invalid_escape); ++ int first_invalid_escape_char; ++ const char *first_invalid_escape_ptr; ++ PyObject *result = _PyBytes_DecodeEscape2(s, len, errors, ++ &first_invalid_escape_char, ++ &first_invalid_escape_ptr); + if (result == NULL) + return NULL; +- if (first_invalid_escape != NULL) { +- unsigned char c = *first_invalid_escape; +- if ('4' <= c && c <= '7') { ++ if (first_invalid_escape_char != -1) { ++ if (first_invalid_escape_char > 0xff) { ++ char buf[12] = ""; ++ snprintf(buf, sizeof buf, "%o", first_invalid_escape_char); + if (PyErr_WarnFormat(PyExc_DeprecationWarning, 1, +- "invalid octal escape sequence '\\%.3s'", +- first_invalid_escape) < 0) ++ "invalid octal escape sequence '\\%s'", ++ buf) < 0) + { + Py_DECREF(result); + return NULL; +@@ -1196,7 +1216,7 @@ PyObject *PyBytes_DecodeEscape(const cha + else { + if (PyErr_WarnFormat(PyExc_DeprecationWarning, 1, + "invalid escape sequence '\\%c'", +- c) < 0) ++ first_invalid_escape_char) < 0) + { + Py_DECREF(result); + return NULL; +--- a/Objects/unicodeobject.c ++++ b/Objects/unicodeobject.c +@@ -6301,20 +6301,23 @@ PyUnicode_AsUTF16String(PyObject *unicod + static _PyUnicode_Name_CAPI *ucnhash_capi = NULL; + + PyObject * +-_PyUnicode_DecodeUnicodeEscapeInternal(const char *s, ++_PyUnicode_DecodeUnicodeEscapeInternal2(const char *s, + Py_ssize_t size, + const char *errors, + Py_ssize_t *consumed, +- const char **first_invalid_escape) ++ int *first_invalid_escape_char, ++ const char **first_invalid_escape_ptr) + { + const char *starts = s; ++ const char *initial_starts = starts; + _PyUnicodeWriter writer; + const char *end; + PyObject *errorHandler = NULL; + PyObject *exc = NULL; + + // so we can remember if we've seen an invalid escape char or not +- *first_invalid_escape = NULL; ++ *first_invalid_escape_char = -1; ++ *first_invalid_escape_ptr = NULL; + + if (size == 0) { + if (consumed) { +@@ -6402,9 +6405,12 @@ _PyUnicode_DecodeUnicodeEscapeInternal(c + } + } + if (ch > 0377) { +- if (*first_invalid_escape == NULL) { +- *first_invalid_escape = s-3; /* Back up 3 chars, since we've +- already incremented s. */ ++ if (*first_invalid_escape_char == -1) { ++ *first_invalid_escape_char = ch; ++ if (starts == initial_starts) { ++ /* Back up 3 chars, since we've already incremented s. */ ++ *first_invalid_escape_ptr = s - 3; ++ } + } + } + WRITE_CHAR(ch); +@@ -6503,9 +6509,12 @@ _PyUnicode_DecodeUnicodeEscapeInternal(c + goto error; + + default: +- if (*first_invalid_escape == NULL) { +- *first_invalid_escape = s-1; /* Back up one char, since we've +- already incremented s. */ ++ if (*first_invalid_escape_char == -1) { ++ *first_invalid_escape_char = c; ++ if (starts == initial_starts) { ++ /* Back up one char, since we've already incremented s. */ ++ *first_invalid_escape_ptr = s - 1; ++ } + } + WRITE_ASCII_CHAR('\\'); + WRITE_CHAR(c); +@@ -6544,24 +6553,42 @@ _PyUnicode_DecodeUnicodeEscapeInternal(c + return NULL; + } + ++// Export for binary compatibility. ++PyObject * ++_PyUnicode_DecodeUnicodeEscapeInternal(const char *s, ++ Py_ssize_t size, ++ const char *errors, ++ Py_ssize_t *consumed, ++ const char **first_invalid_escape) ++{ ++ int first_invalid_escape_char; ++ return _PyUnicode_DecodeUnicodeEscapeInternal2( ++ s, size, errors, consumed, ++ &first_invalid_escape_char, ++ first_invalid_escape); ++} ++ + PyObject * + _PyUnicode_DecodeUnicodeEscapeStateful(const char *s, + Py_ssize_t size, + const char *errors, + Py_ssize_t *consumed) + { +- const char *first_invalid_escape; +- PyObject *result = _PyUnicode_DecodeUnicodeEscapeInternal(s, size, errors, ++ int first_invalid_escape_char; ++ const char *first_invalid_escape_ptr; ++ PyObject *result = _PyUnicode_DecodeUnicodeEscapeInternal2(s, size, errors, + consumed, +- &first_invalid_escape); ++ &first_invalid_escape_char, ++ &first_invalid_escape_ptr); + if (result == NULL) + return NULL; +- if (first_invalid_escape != NULL) { +- unsigned char c = *first_invalid_escape; +- if ('4' <= c && c <= '7') { ++ if (first_invalid_escape_char != -1) { ++ if (first_invalid_escape_char > 0xff) { ++ char buf[12] = ""; ++ snprintf(buf, sizeof buf, "%o", first_invalid_escape_char); + if (PyErr_WarnFormat(PyExc_DeprecationWarning, 1, +- "invalid octal escape sequence '\\%.3s'", +- first_invalid_escape) < 0) ++ "invalid octal escape sequence '\\%s'", ++ buf) < 0) + { + Py_DECREF(result); + return NULL; +@@ -6570,7 +6597,7 @@ _PyUnicode_DecodeUnicodeEscapeStateful(c + else { + if (PyErr_WarnFormat(PyExc_DeprecationWarning, 1, + "invalid escape sequence '\\%c'", +- c) < 0) ++ first_invalid_escape_char) < 0) + { + Py_DECREF(result); + return NULL; +--- a/Parser/string_parser.c ++++ b/Parser/string_parser.c +@@ -130,12 +130,15 @@ decode_unicode_with_escapes(Parser *pars + len = p - buf; + s = buf; + +- const char *first_invalid_escape; +- v = _PyUnicode_DecodeUnicodeEscapeInternal(s, len, NULL, NULL, &first_invalid_escape); ++ int first_invalid_escape_char; ++ const char *first_invalid_escape_ptr; ++ v = _PyUnicode_DecodeUnicodeEscapeInternal2(s, (Py_ssize_t)len, NULL, NULL, ++ &first_invalid_escape_char, ++ &first_invalid_escape_ptr); + +- if (v != NULL && first_invalid_escape != NULL) { +- if (warn_invalid_escape_sequence(parser, first_invalid_escape, t) < 0) { +- /* We have not decref u before because first_invalid_escape points ++ if (v != NULL && first_invalid_escape_ptr != NULL) { ++ if (warn_invalid_escape_sequence(parser, first_invalid_escape_ptr, t) < 0) { ++ /* We have not decref u before because first_invalid_escape_ptr points + inside u. */ + Py_XDECREF(u); + Py_DECREF(v); +@@ -149,14 +152,17 @@ decode_unicode_with_escapes(Parser *pars + static PyObject * + decode_bytes_with_escapes(Parser *p, const char *s, Py_ssize_t len, Token *t) + { +- const char *first_invalid_escape; +- PyObject *result = _PyBytes_DecodeEscape(s, len, NULL, &first_invalid_escape); ++ int first_invalid_escape_char; ++ const char *first_invalid_escape_ptr; ++ PyObject *result = _PyBytes_DecodeEscape2(s, len, NULL, ++ &first_invalid_escape_char, ++ &first_invalid_escape_ptr); + if (result == NULL) { + return NULL; + } + +- if (first_invalid_escape != NULL) { +- if (warn_invalid_escape_sequence(p, first_invalid_escape, t) < 0) { ++ if (first_invalid_escape_ptr != NULL) { ++ if (warn_invalid_escape_sequence(p, first_invalid_escape_ptr, t) < 0) { + Py_DECREF(result); + return NULL; + } diff --git a/CVE-2025-6069-quad-complex-HTMLParser.patch b/CVE-2025-6069-quad-complex-HTMLParser.patch new file mode 100644 index 0000000..1a731c8 --- /dev/null +++ b/CVE-2025-6069-quad-complex-HTMLParser.patch @@ -0,0 +1,190 @@ +From 9043edabc7e2f0dd655146e0a4571e2a0b2906af Mon Sep 17 00:00:00 2001 +From: Serhiy Storchaka +Date: Fri, 13 Jun 2025 19:57:48 +0300 +Subject: [PATCH] gh-135462: Fix quadratic complexity in processing special + input in HTMLParser (GH-135464) + +End-of-file errors are now handled according to the HTML5 specs -- +comments and declarations are automatically closed, tags are ignored. +(cherry picked from commit 6eb6c5dbfb528bd07d77b60fd71fd05d81d45c41) + +Co-authored-by: Serhiy Storchaka +--- + Lib/html/parser.py | 41 +++++--- + Lib/test/test_htmlparser.py | 51 +++++++--- + Misc/NEWS.d/next/Security/2025-06-13-15-55-22.gh-issue-135462.KBeJpc.rst | 4 + 3 files changed, 74 insertions(+), 22 deletions(-) + create mode 100644 Misc/NEWS.d/next/Security/2025-06-13-15-55-22.gh-issue-135462.KBeJpc.rst + +Index: Python-3.11.13/Lib/html/parser.py +=================================================================== +--- Python-3.11.13.orig/Lib/html/parser.py 2025-07-02 18:12:07.084569398 +0200 ++++ Python-3.11.13/Lib/html/parser.py 2025-07-02 18:12:12.582519793 +0200 +@@ -25,6 +25,7 @@ + charref = re.compile('&#(?:[0-9]+|[xX][0-9a-fA-F]+)[^0-9a-fA-F]') + + starttagopen = re.compile('<[a-zA-Z]') ++endtagopen = re.compile('') + commentclose = re.compile(r'--\s*>') + # Note: +@@ -176,7 +177,7 @@ + k = self.parse_pi(i) + elif startswith("', i + 1) +- if k < 0: +- k = rawdata.find('<', i + 1) +- if k < 0: +- k = i + 1 ++ if starttagopen.match(rawdata, i): # < + letter ++ pass ++ elif startswith("'), +- ('comment', '/img'), +- ('endtag', 'html<')]) ++ ('data', '\n')]) + + def test_starttag_junk_chars(self): ++ self._run_check("<", [('data', '<')]) ++ self._run_check("<>", [('data', '<>')]) ++ self._run_check("< >", [('data', '< >')]) ++ self._run_check("< ", [('data', '< ')]) + self._run_check("", []) ++ self._run_check("<$>", [('data', '<$>')]) + self._run_check("", [('comment', '$')]) + self._run_check("", [('endtag', 'a')]) ++ self._run_check("", [('starttag', 'a", [('endtag', 'a'", [('data', "'", []) ++ self._run_check("", [('starttag', 'a$b', [])]) + self._run_check("", [('startendtag', 'a$b', [])]) + self._run_check("", [('starttag', 'a$b', [])]) + self._run_check("", [('startendtag', 'a$b', [])]) ++ self._run_check("", [('endtag', 'a$b')]) + + def test_slashes_in_starttag(self): + self._run_check('', [('startendtag', 'a', [('foo', 'var')])]) +@@ -549,8 +557,9 @@ + ('comment', ' -- close enough --'), + ('comment', ''), + ('comment', '<-- this was an empty comment'), +- ('comment', '!! another bogus comment !!!'), ++ ('comment', '!! another bogus comment !!!') + ] ++ + self._run_check(html, expected) + + def test_broken_condcoms(self): +@@ -598,6 +607,26 @@ + ('endtag', 'a'), ('data', ' bar & baz')] + ) + ++ @support.requires_resource('cpu') ++ def test_eof_no_quadratic_complexity(self): ++ # Each of these examples used to take about an hour. ++ # Now they take a fraction of a second. ++ def check(source): ++ parser = html.parser.HTMLParser() ++ parser.feed(source) ++ parser.close() ++ n = 120_000 ++ check(" +Date: Mon, 28 Jul 2025 17:37:26 +0200 +Subject: [PATCH] gh-130577: tarfile now validates archives to ensure member + offsets are non-negative (GH-137027) (cherry picked from commit + 7040aa54f14676938970e10c5f74ea93cd56aa38) + +Co-authored-by: Alexander Urieles +Co-authored-by: Gregory P. Smith +--- + Lib/tarfile.py | 3 + Lib/test/test_tarfile.py | 156 ++++++++++ + Misc/NEWS.d/next/Library/2025-07-23-00-35-29.gh-issue-130577.c7EITy.rst | 3 + 3 files changed, 162 insertions(+) + create mode 100644 Misc/NEWS.d/next/Library/2025-07-23-00-35-29.gh-issue-130577.c7EITy.rst + +Index: Python-3.11.13/Lib/tarfile.py +=================================================================== +--- Python-3.11.13.orig/Lib/tarfile.py 2025-08-01 22:17:38.141397067 +0200 ++++ Python-3.11.13/Lib/tarfile.py 2025-08-01 22:17:42.375160009 +0200 +@@ -1613,6 +1613,9 @@ + """Round up a byte count by BLOCKSIZE and return it, + e.g. _block(834) => 1024. + """ ++ # Only non-negative offsets are allowed ++ if count < 0: ++ raise InvalidHeaderError("invalid offset") + blocks, remainder = divmod(count, BLOCKSIZE) + if remainder: + blocks += 1 +Index: Python-3.11.13/Lib/test/test_tarfile.py +=================================================================== +--- Python-3.11.13.orig/Lib/test/test_tarfile.py 2025-08-01 22:17:39.582120870 +0200 ++++ Python-3.11.13/Lib/test/test_tarfile.py 2025-08-01 22:17:42.375846065 +0200 +@@ -50,6 +50,7 @@ + xzname = os.path.join(TEMPDIR, "testtar.tar.xz") + tmpname = os.path.join(TEMPDIR, "tmp.tar") + dotlessname = os.path.join(TEMPDIR, "testtar") ++SPACE = b" " + + sha256_regtype = ( + "e09e4bc8b3c9d9177e77256353b36c159f5f040531bbd4b024a8f9b9196c71ce" +@@ -4386,6 +4387,161 @@ + ar.extractall(self.testdir, filter='fully_trusted') + + ++class OffsetValidationTests(unittest.TestCase): ++ tarname = tmpname ++ invalid_posix_header = ( ++ # name: 100 bytes ++ tarfile.NUL * tarfile.LENGTH_NAME ++ # mode, space, null terminator: 8 bytes ++ + b"000755" + SPACE + tarfile.NUL ++ # uid, space, null terminator: 8 bytes ++ + b"000001" + SPACE + tarfile.NUL ++ # gid, space, null terminator: 8 bytes ++ + b"000001" + SPACE + tarfile.NUL ++ # size, space: 12 bytes ++ + b"\xff" * 11 + SPACE ++ # mtime, space: 12 bytes ++ + tarfile.NUL * 11 + SPACE ++ # chksum: 8 bytes ++ + b"0011407" + tarfile.NUL ++ # type: 1 byte ++ + tarfile.REGTYPE ++ # linkname: 100 bytes ++ + tarfile.NUL * tarfile.LENGTH_LINK ++ # magic: 6 bytes, version: 2 bytes ++ + tarfile.POSIX_MAGIC ++ # uname: 32 bytes ++ + tarfile.NUL * 32 ++ # gname: 32 bytes ++ + tarfile.NUL * 32 ++ # devmajor, space, null terminator: 8 bytes ++ + tarfile.NUL * 6 + SPACE + tarfile.NUL ++ # devminor, space, null terminator: 8 bytes ++ + tarfile.NUL * 6 + SPACE + tarfile.NUL ++ # prefix: 155 bytes ++ + tarfile.NUL * tarfile.LENGTH_PREFIX ++ # padding: 12 bytes ++ + tarfile.NUL * 12 ++ ) ++ invalid_gnu_header = ( ++ # name: 100 bytes ++ tarfile.NUL * tarfile.LENGTH_NAME ++ # mode, null terminator: 8 bytes ++ + b"0000755" + tarfile.NUL ++ # uid, null terminator: 8 bytes ++ + b"0000001" + tarfile.NUL ++ # gid, space, null terminator: 8 bytes ++ + b"0000001" + tarfile.NUL ++ # size, space: 12 bytes ++ + b"\xff" * 11 + SPACE ++ # mtime, space: 12 bytes ++ + tarfile.NUL * 11 + SPACE ++ # chksum: 8 bytes ++ + b"0011327" + tarfile.NUL ++ # type: 1 byte ++ + tarfile.REGTYPE ++ # linkname: 100 bytes ++ + tarfile.NUL * tarfile.LENGTH_LINK ++ # magic: 8 bytes ++ + tarfile.GNU_MAGIC ++ # uname: 32 bytes ++ + tarfile.NUL * 32 ++ # gname: 32 bytes ++ + tarfile.NUL * 32 ++ # devmajor, null terminator: 8 bytes ++ + tarfile.NUL * 8 ++ # devminor, null terminator: 8 bytes ++ + tarfile.NUL * 8 ++ # padding: 167 bytes ++ + tarfile.NUL * 167 ++ ) ++ invalid_v7_header = ( ++ # name: 100 bytes ++ tarfile.NUL * tarfile.LENGTH_NAME ++ # mode, space, null terminator: 8 bytes ++ + b"000755" + SPACE + tarfile.NUL ++ # uid, space, null terminator: 8 bytes ++ + b"000001" + SPACE + tarfile.NUL ++ # gid, space, null terminator: 8 bytes ++ + b"000001" + SPACE + tarfile.NUL ++ # size, space: 12 bytes ++ + b"\xff" * 11 + SPACE ++ # mtime, space: 12 bytes ++ + tarfile.NUL * 11 + SPACE ++ # chksum: 8 bytes ++ + b"0010070" + tarfile.NUL ++ # type: 1 byte ++ + tarfile.REGTYPE ++ # linkname: 100 bytes ++ + tarfile.NUL * tarfile.LENGTH_LINK ++ # padding: 255 bytes ++ + tarfile.NUL * 255 ++ ) ++ valid_gnu_header = tarfile.TarInfo("filename").tobuf(tarfile.GNU_FORMAT) ++ data_block = b"\xff" * tarfile.BLOCKSIZE ++ ++ def _write_buffer(self, buffer): ++ with open(self.tarname, "wb") as f: ++ f.write(buffer) ++ ++ def _get_members(self, ignore_zeros=None): ++ with open(self.tarname, "rb") as f: ++ with tarfile.open( ++ mode="r", fileobj=f, ignore_zeros=ignore_zeros ++ ) as tar: ++ return tar.getmembers() ++ ++ def _assert_raises_read_error_exception(self): ++ with self.assertRaisesRegex( ++ tarfile.ReadError, "file could not be opened successfully" ++ ): ++ self._get_members() ++ ++ def test_invalid_offset_header_validations(self): ++ for tar_format, invalid_header in ( ++ ("posix", self.invalid_posix_header), ++ ("gnu", self.invalid_gnu_header), ++ ("v7", self.invalid_v7_header), ++ ): ++ with self.subTest(format=tar_format): ++ self._write_buffer(invalid_header) ++ self._assert_raises_read_error_exception() ++ ++ def test_early_stop_at_invalid_offset_header(self): ++ buffer = self.valid_gnu_header + self.invalid_gnu_header + self.valid_gnu_header ++ self._write_buffer(buffer) ++ members = self._get_members() ++ self.assertEqual(len(members), 1) ++ self.assertEqual(members[0].name, "filename") ++ self.assertEqual(members[0].offset, 0) ++ ++ def test_ignore_invalid_archive(self): ++ # 3 invalid headers with their respective data ++ buffer = (self.invalid_gnu_header + self.data_block) * 3 ++ self._write_buffer(buffer) ++ members = self._get_members(ignore_zeros=True) ++ self.assertEqual(len(members), 0) ++ ++ def test_ignore_invalid_offset_headers(self): ++ for first_block, second_block, expected_offset in ( ++ ( ++ (self.valid_gnu_header), ++ (self.invalid_gnu_header + self.data_block), ++ 0, ++ ), ++ ( ++ (self.invalid_gnu_header + self.data_block), ++ (self.valid_gnu_header), ++ 1024, ++ ), ++ ): ++ self._write_buffer(first_block + second_block) ++ members = self._get_members(ignore_zeros=True) ++ self.assertEqual(len(members), 1) ++ self.assertEqual(members[0].name, "filename") ++ self.assertEqual(members[0].offset, expected_offset) ++ ++ + def setUpModule(): + os_helper.unlink(TEMPDIR) + os.makedirs(TEMPDIR) +Index: Python-3.11.13/Misc/NEWS.d/next/Library/2025-07-23-00-35-29.gh-issue-130577.c7EITy.rst +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ Python-3.11.13/Misc/NEWS.d/next/Library/2025-07-23-00-35-29.gh-issue-130577.c7EITy.rst 2025-08-01 22:17:42.376340965 +0200 +@@ -0,0 +1,3 @@ ++:mod:`tarfile` now validates archives to ensure member offsets are ++non-negative. (Contributed by Alexander Enrique Urieles Nieto in ++:gh:`130577`.) diff --git a/F00251-change-user-install-location.patch b/F00251-change-user-install-location.patch new file mode 100644 index 0000000..fa38a94 --- /dev/null +++ b/F00251-change-user-install-location.patch @@ -0,0 +1,215 @@ +From 910f38d9768d39d4d31426743ae4081ed1ab66b6 Mon Sep 17 00:00:00 2001 +From: Michal Cyprian +Date: Mon, 26 Jun 2017 16:32:56 +0200 +Subject: [PATCH] 00251: Change user install location + +Set values of prefix and exec_prefix in distutils install command +to /usr/local if executable is /usr/bin/python* and RPM build +is not detected to make pip and distutils install into separate location. + +Fedora Change: https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe +--- + Lib/distutils/command/install.py | 15 +++++++++++++-- + Lib/site.py | 9 ++++++++- + 2 files changed, 21 insertions(+), 3 deletions(-) + +Index: Python-3.11.8/Lib/distutils/command/install.py +=================================================================== +--- Python-3.11.8.orig/Lib/distutils/command/install.py ++++ Python-3.11.8/Lib/distutils/command/install.py +@@ -441,8 +441,19 @@ class install(Command): + raise DistutilsOptionError( + "must not supply exec-prefix without prefix") + +- self.prefix = os.path.normpath(sys.prefix) +- self.exec_prefix = os.path.normpath(sys.exec_prefix) ++ # self.prefix is set to sys.prefix + /local/ ++ # if neither RPM build nor virtual environment is ++ # detected to make pip and distutils install packages ++ # into the separate location. ++ if (not (hasattr(sys, 'real_prefix') or ++ sys.prefix != sys.base_prefix) and ++ 'RPM_BUILD_ROOT' not in os.environ): ++ addition = "/local" ++ else: ++ addition = "" ++ ++ self.prefix = os.path.normpath(sys.prefix) + addition ++ self.exec_prefix = os.path.normpath(sys.exec_prefix) + addition + + else: + if self.exec_prefix is None: +Index: Python-3.11.8/Lib/site.py +=================================================================== +--- Python-3.11.8.orig/Lib/site.py ++++ Python-3.11.8/Lib/site.py +@@ -387,8 +387,15 @@ def getsitepackages(prefixes=None): + return sitepackages + + def addsitepackages(known_paths, prefixes=None): +- """Add site-packages to sys.path""" ++ """Add site-packages to sys.path ++ ++ '/usr/local' is included in PREFIXES if RPM build is not detected ++ to make packages installed into this location visible. ++ ++ """ + _trace("Processing global site-packages") ++ if ENABLE_USER_SITE and 'RPM_BUILD_ROOT' not in os.environ: ++ PREFIXES.insert(0, "/usr/local") + for sitedir in getsitepackages(prefixes): + if os.path.isdir(sitedir): + addsitedir(sitedir, known_paths) + +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= +Date: Mon, 15 Feb 2021 12:19:27 +0100 +Subject: [PATCH] 00251: Change user install location +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Set values of base and platbase in sysconfig from /usr +to /usr/local when RPM build is not detected +to make pip and similar tools install into separate location. + +Fedora Change: https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe +Downstream only. + +We've tried to rework in Fedora 36/Python 3.10 to follow https://bugs.python.org/issue43976 +but we have identified serious problems with that approach, +see https://bugzilla.redhat.com/2026979 or https://bugzilla.redhat.com/2097183 + +pypa/distutils integration: https://github.com/pypa/distutils/pull/70 + +Co-authored-by: Petr Viktorin +Co-authored-by: Miro Hrončok +Co-authored-by: Michal Cyprian +Co-authored-by: Lumír Balhar +--- + Lib/site.py | 9 ++++++- + Lib/sysconfig.py | 49 +++++++++++++++++++++++++++++++++++++- + Lib/test/test_sysconfig.py | 17 +++++++++++-- + 3 files changed, 71 insertions(+), 4 deletions(-) + +Index: Python-3.11.9/Lib/sysconfig.py +=================================================================== +--- Python-3.11.9.orig/Lib/sysconfig.py ++++ Python-3.11.9/Lib/sysconfig.py +@@ -103,6 +103,11 @@ if os.name == 'nt': + else: + _INSTALL_SCHEMES['venv'] = _INSTALL_SCHEMES['posix_venv'] + ++# For a brief period of time in the Fedora 36 life cycle, ++# this installation scheme existed and was documented in the release notes. ++# For backwards compatibility, we keep it here (at least on 3.10 and 3.11). ++_INSTALL_SCHEMES['rpm_prefix'] = _INSTALL_SCHEMES['posix_prefix'] ++ + + # NOTE: site.py has copy of this function. + # Sync it when modify this function. +@@ -162,6 +167,19 @@ if _HAS_USER_BASE: + }, + } + ++# This is used by distutils.command.install in the stdlib ++# as well as pypa/distutils (e.g. bundled in setuptools). ++# The self.prefix value is set to sys.prefix + /local/ ++# if neither RPM build nor virtual environment is ++# detected to make distutils install packages ++# into the separate location. ++# https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe ++if (not (hasattr(sys, 'real_prefix') or ++ sys.prefix != sys.base_prefix) and ++ 'RPM_BUILD_ROOT' not in os.environ): ++ _prefix_addition = '/local' ++ ++ + _SCHEME_KEYS = ('stdlib', 'platstdlib', 'purelib', 'platlib', 'include', + 'scripts', 'data') + +@@ -258,11 +276,40 @@ def _extend_dict(target_dict, other_dict + target_dict[key] = value + + ++_CONFIG_VARS_LOCAL = None ++ ++ ++def _config_vars_local(): ++ # This function returns the config vars with prefixes amended to /usr/local ++ # https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe ++ global _CONFIG_VARS_LOCAL ++ if _CONFIG_VARS_LOCAL is None: ++ _CONFIG_VARS_LOCAL = dict(get_config_vars()) ++ _CONFIG_VARS_LOCAL['base'] = '/usr/local' ++ _CONFIG_VARS_LOCAL['platbase'] = '/usr/local' ++ return _CONFIG_VARS_LOCAL ++ ++ + def _expand_vars(scheme, vars): + res = {} + if vars is None: + vars = {} +- _extend_dict(vars, get_config_vars()) ++ ++ # when we are not in a virtual environment or an RPM build ++ # we change '/usr' to '/usr/local' ++ # to avoid surprises, we explicitly check for the /usr/ prefix ++ # Python virtual environments have different prefixes ++ # we only do this for posix_prefix, not to mangle the venv scheme ++ # posix_prefix is used by sudo pip install ++ # we only change the defaults here, so explicit --prefix will take precedence ++ # https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe ++ if (scheme == 'posix_prefix' and ++ _PREFIX == '/usr' and ++ 'RPM_BUILD_ROOT' not in os.environ): ++ _extend_dict(vars, _config_vars_local()) ++ else: ++ _extend_dict(vars, get_config_vars()) ++ + if os.name == 'nt': + # On Windows we want to substitute 'lib' for schemes rather + # than the native value (without modifying vars, in case it +Index: Python-3.11.9/Lib/test/test_sysconfig.py +=================================================================== +--- Python-3.11.9.orig/Lib/test/test_sysconfig.py ++++ Python-3.11.9/Lib/test/test_sysconfig.py +@@ -111,8 +111,19 @@ class TestSysConfig(unittest.TestCase): + for scheme in _INSTALL_SCHEMES: + for name in _INSTALL_SCHEMES[scheme]: + expected = _INSTALL_SCHEMES[scheme][name].format(**config_vars) ++ tested = get_path(name, scheme) ++ # https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe ++ if tested.startswith('/usr/local'): ++ # /usr/local should only be used in posix_prefix ++ self.assertEqual(scheme, 'posix_prefix') ++ # Fedora CI runs tests for venv and virtualenv that check for other prefixes ++ self.assertEqual(sys.prefix, '/usr') ++ # When building the RPM of Python, %check runs this with RPM_BUILD_ROOT set ++ # Fedora CI runs this with RPM_BUILD_ROOT unset ++ self.assertNotIn('RPM_BUILD_ROOT', os.environ) ++ tested = tested.replace('/usr/local', '/usr') + self.assertEqual( +- os.path.normpath(get_path(name, scheme)), ++ os.path.normpath(tested), + os.path.normpath(expected), + ) + +@@ -345,7 +356,7 @@ class TestSysConfig(unittest.TestCase): + self.assertTrue(os.path.isfile(config_h), config_h) + + def test_get_scheme_names(self): +- wanted = ['nt', 'posix_home', 'posix_prefix', 'posix_venv', 'nt_venv', 'venv'] ++ wanted = ['nt', 'posix_home', 'posix_prefix', 'posix_venv', 'nt_venv', 'venv', 'rpm_prefix'] + if HAS_USER_BASE: + wanted.extend(['nt_user', 'osx_framework_user', 'posix_user']) + self.assertEqual(get_scheme_names(), tuple(sorted(wanted))) +@@ -357,6 +368,8 @@ class TestSysConfig(unittest.TestCase): + cmd = "-c", "import sysconfig; print(sysconfig.get_platform())" + self.assertEqual(py.call_real(*cmd), py.call_link(*cmd)) + ++ @unittest.skipIf('RPM_BUILD_ROOT' not in os.environ, ++ "Test doesn't expect Fedora's paths") + def test_user_similar(self): + # Issue #8759: make sure the posix scheme for the users + # is similar to the global posix_prefix one diff --git a/PACKAGING-NOTES b/PACKAGING-NOTES new file mode 100644 index 0000000..e28c88c --- /dev/null +++ b/PACKAGING-NOTES @@ -0,0 +1,26 @@ +Notes for packagers of Python3 +============================== + +0. Faster build turnaround +-------------------------- + +By default, python builds with profile-guided optimization. This needs +an additional run of the test suite and it is generally slow. +PGO build takes around 50 minutes. + +For development, use "--without profileopt" option to disable PGO. This +shortens the build time to ~5 minutes including test suite. + +1. import_failed.map +---------------------- + +This is a mechanism installed as part of python3-base, that places shim modules +on python's path (through a generated zzzz-import-failed-hooks.pth file, so that +it is imported as much at the end as makes sense; and an _import_failed subdir +of /usr/lib/pythonX.Y). Then when the user tries to import a module that is part +of a subpackage, the ImportError will contain a helpful message telling them +which missing subpackage to install. + +This can sometimes cause problems on non-standard configurations, if the pth +gets included too early (for instance if you are using a script to include all +pths by hand in some strange order). Just something to look out for. diff --git a/Python-3.11.10.tar.xz b/Python-3.11.10.tar.xz new file mode 100644 index 0000000..f87e7ad --- /dev/null +++ b/Python-3.11.10.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:07a4356e912900e61a15cb0949a06c4a05012e213ecd6b4e84d0f67aabbee372 +size 20067656 diff --git a/Python-3.11.10.tar.xz.asc b/Python-3.11.10.tar.xz.asc new file mode 100644 index 0000000..243d1b1 --- /dev/null +++ b/Python-3.11.10.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEz9yiRbEEPPKl+Xhl/+h0BBaL2EcFAmbbrO0ACgkQ/+h0BBaL +2Ec+YBAAnQJLKYPjj7Yr7xkFU655Sv86JxeRAdWjnIapbiIuWg3Up8Pd8FTRgHGf +3XdTHw7b03lSjtzJwavzdnDklqAlBIGn9dVieljUIN7NYyNxoYOr/AiatimgSwv7 +dI5mfun5fLKV6ZcdNdQN5PJ3RZtF3I7VfkN2mlfZJHtxl1agdU/TfW2L+qJ7+JPY +cayjq2xKTLRNXOf2iV29GRRovLiqA+Dx0+cAwsScwreHMp3U4k3GkeHVoR6fldV4 +bVAM8GRl3CYVFePiqAbamKP1BSys44JOINWbWyd94JxzEAwXWz//Es0h73AzeRfK +ueORqzdoOGrVc74+HGlAHhqO1Gg7jMMmtkzCEuav+cGHYnMRMOngGR3q47aTJTVb +5UdP0oD4OlADPFVa6q0LCqN/IFlebWMh9pXYw7Wpek63oNuZHTfNPq4S1AUM2HJm +C3yzaOG9VAdYfLneJC4ldY4CVt1FKckfaXp5OAaMr71DI74e4CcEswlUupZJLZKV +TJRjQD15bnXGhHDqU4w3RmzpCWMh2mf4m4VMYQyObl3TtlX+gVvzIhDS5+mXqutB +F1pdXwaHHkTb2PLLxpwOGrnsp8XoW74tsylcYirQg8jSFMbgxfwgIjEIuRGXeDkT +B4QzmQ4SxsbLiH7etV6Fznl1h569Z4DO9OOs4i0ZzIjdhPDQtAs= +=TatG +-----END PGP SIGNATURE----- diff --git a/Python-3.11.11.tar.xz b/Python-3.11.11.tar.xz new file mode 100644 index 0000000..e0581b1 --- /dev/null +++ b/Python-3.11.11.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:2a9920c7a0cd236de33644ed980a13cbbc21058bfdc528febb6081575ed73be3 +size 20085792 diff --git a/Python-3.11.11.tar.xz.sigstore b/Python-3.11.11.tar.xz.sigstore new file mode 100644 index 0000000..782816a --- /dev/null +++ b/Python-3.11.11.tar.xz.sigstore @@ -0,0 +1 @@ +{"mediaType": "application/vnd.dev.sigstore.bundle.v0.3+json", "verificationMaterial": {"certificate": {"rawBytes": "MIICzDCCAlOgAwIBAgIUWcRolJPsPmtJKA6VkjHSj7PtjY8wCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjQxMjAzMTgxOTA1WhcNMjQxMjAzMTgyOTA1WjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEN+fBJCRZIAZiWPBdjyQVD+x5vgmjuuVct1HkPHIBMuEe7wI4mBG2BhJ3fHkpr97efIH6ELMmPV99edyAIZFXR6OCAXIwggFuMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUkutZdHfCCSvGI87mjnBRwZB8ihYwHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4YZD8wIgYDVR0RAQH/BBgwFoEUcGFibG9nc2FsQHB5dGhvbi5vcmcwKQYKKwYBBAGDvzABAQQbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMCsGCisGAQQBg78wAQgEHQwbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMIGKBgorBgEEAdZ5AgQCBHwEegB4AHYA3T0wasbHETJjGR4cmWc3AqJKXrjePK3/h4pygC8p7o4AAAGTjb9QlwAABAMARzBFAiEA4ddSINhYM+p0+DGzRqnA8rVtJF9YgI+9znXiq9fqQNkCIEErcSnQmN8jjErhwWWtcTM5GgH4ka/uk5kdHTycwxj3MAoGCCqGSM49BAMDA2cAMGQCMFmkCEH2pCBpFeFiUi2uA4opcJP6vh/zqb+D0tbxqd+jwbBkuDxDqA9/Ao3UWop+twIwO9o71KAlYWPSPYMeZERM4R8zWlp9mVJPiK3tgOJJi40MNmxwtfsQeQtncqiQLBAH"}, "tlogEntries": [{"logIndex": "153122039", "logId": {"keyId": "wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="}, "kindVersion": {"kind": "hashedrekord", "version": "0.0.1"}, "integratedTime": "1733249946", "inclusionPromise": {"signedEntryTimestamp": "MEUCIBL9zpVJtljIuZtAe8uptLfDmakmbAjy5ELp2q8WJTQ7AiEAv6lIpyJZycHwTS+JHYJFzMVv0SmA8yQ0eMneBivMhPY="}, "inclusionProof": {"logIndex": "31217777", "rootHash": "BMKHBPePzSbNqf2NyF/Ejuyy3troRGpNS41Dqe43nZ0=", "treeSize": "31217778", "hashes": ["lrr8dxmtgD09fnZTo1tMTY00HNKc2ZIpbZa1djDeTes=", "yFxGSg1RDbtZ/eNftnMdBJGNEZmmLyx2ZRDFtAIMHAk=", "GeqsQGnvgc+gcuaIC+vQ5b0RdTyBxBnYTpbeW2AeD+Q=", "dMTPeN/a9xCQQP+Hz7sddW0pPj8n54sfkhcf3XhjrMM=", "XjayhjKU3shP7q7lhmhKDv3Vpi4gJgAPCu0KlEzc9Qo=", "go1dmexQYS5etu69upRRX7IFvuA0rIcT9aYjMstmPIU=", "AYwr74Bm2w383UnS7DdbZUUAhusq28JoxKpWrQ7OvGQ=", "u+yWmGIR6sAH32wiSy22mz1Yf+jfPdBTjFbyRISuTZw=", "3eFC7Gp4fWecybDOAw9uUTrM1xB7YRYRAGsfYkiQbV8=", "1uKk2qjOliHMiTk906jrchP8mXWsRG8apaU1sa0lfh0=", "oOecFfN3YqDOkbijS/ej1WF5Da/Gt/AZNhbwE9uoOE8=", "4lUF0YOu9XkIDXKXA0wMSzd6VeDY3TZAgmoOeWmS2+Y=", "gf+9m552B3PnkWnO0o4KdVvjcT3WVHLrCbf1DoVYKFw="], "checkpoint": {"envelope": "rekor.sigstore.dev - 1193050959916656506\n31217778\nBMKHBPePzSbNqf2NyF/Ejuyy3troRGpNS41Dqe43nZ0=\n\n\u2014 rekor.sigstore.dev wNI9ajBEAiA7ed0HqugBwVpmxDAR1VN35J91/+DeRdj09y5lFY+bRwIgYe07JnZlJvp3MfAMXX3i4XBsZoDRZoXtwfBaRj/8x8s=\n"}}, "canonicalizedBody": "eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiaGFzaGVkcmVrb3JkIiwic3BlYyI6eyJkYXRhIjp7Imhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiIyYTk5MjBjN2EwY2QyMzZkZTMzNjQ0ZWQ5ODBhMTNjYmJjMjEwNThiZmRjNTI4ZmViYjYwODE1NzVlZDczYmUzIn19LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FVUNJRU5KSGllaWs5WkVibW83a0p4ZUhWY2FvVDVYOUxyWG1zRTVxc1I5R1JpSEFpRUFtcHZyV21vUHF5YzRpQ09VYXVmY3dKTllMK1lPTWU0b0NOaWRLVGduT1FBPSIsInB1YmxpY0tleSI6eyJjb250ZW50IjoiTFMwdExTMUNSVWRKVGlCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2sxSlNVTjZSRU5EUVd4UFowRjNTVUpCWjBsVlYyTlNiMnhLVUhOUWJYUktTMEUyVm10cVNGTnFOMUIwYWxrNGQwTm5XVWxMYjFwSmVtb3dSVUYzVFhjS1RucEZWazFDVFVkQk1WVkZRMmhOVFdNeWJHNWpNMUoyWTIxVmRWcEhWakpOVWpSM1NFRlpSRlpSVVVSRmVGWjZZVmRrZW1SSE9YbGFVekZ3WW01U2JBcGpiVEZzV2tkc2FHUkhWWGRJYUdOT1RXcFJlRTFxUVhwTlZHZDRUMVJCTVZkb1kwNU5hbEY0VFdwQmVrMVVaM2xQVkVFeFYycEJRVTFHYTNkRmQxbElDa3R2V2tsNmFqQkRRVkZaU1V0dldrbDZhakJFUVZGalJGRm5RVVZPSzJaQ1NrTlNXa2xCV21sWFVFSmthbmxSVmtRcmVEVjJaMjFxZFhWV1kzUXhTR3NLVUVoSlFrMTFSV1UzZDBrMGJVSkhNa0pvU2pObVNHdHdjamszWldaSlNEWkZURTF0VUZZNU9XVmtlVUZKV2taWVVqWlBRMEZZU1hkblowWjFUVUUwUndwQk1WVmtSSGRGUWk5M1VVVkJkMGxJWjBSQlZFSm5UbFpJVTFWRlJFUkJTMEpuWjNKQ1owVkdRbEZqUkVGNlFXUkNaMDVXU0ZFMFJVWm5VVlZyZFhSYUNtUklaa05EVTNaSFNUZzNiV3B1UWxKM1drSTRhV2haZDBoM1dVUldVakJxUWtKbmQwWnZRVlV6T1ZCd2VqRlphMFZhWWpWeFRtcHdTMFpYYVhocE5Ga0tXa1E0ZDBsbldVUldVakJTUVZGSUwwSkNaM2RHYjBWVlkwZEdhV0pIT1c1ak1rWnpVVWhDTldSSGFIWmlhVFYyWTIxamQwdFJXVXRMZDFsQ1FrRkhSQXAyZWtGQ1FWRlJZbUZJVWpCalNFMDJUSGs1YUZreVRuWmtWelV3WTNrMWJtSXlPVzVpUjFWMVdUSTVkRTFEYzBkRGFYTkhRVkZSUW1jM09IZEJVV2RGQ2toUmQySmhTRkl3WTBoTk5reDVPV2haTWs1MlpGYzFNR041Tlc1aU1qbHVZa2RWZFZreU9YUk5TVWRMUW1kdmNrSm5SVVZCWkZvMVFXZFJRMEpJZDBVS1pXZENORUZJV1VFelZEQjNZWE5pU0VWVVNtcEhValJqYlZkak0wRnhTa3RZY21wbFVFc3pMMmcwY0hsblF6aHdOMjgwUVVGQlIxUnFZamxSYkhkQlFRcENRVTFCVW5wQ1JrRnBSVUUwWkdSVFNVNW9XVTByY0RBclJFZDZVbkZ1UVRoeVZuUktSamxaWjBrck9YcHVXR2x4T1daeFVVNXJRMGxGUlhKalUyNVJDbTFPT0dwcVJYSm9kMWRYZEdOVVRUVkhaMGcwYTJFdmRXczFhMlJJVkhsamQzaHFNMDFCYjBkRFEzRkhVMDAwT1VKQlRVUkJNbU5CVFVkUlEwMUdiV3NLUTBWSU1uQkRRbkJHWlVacFZXa3lkVUUwYjNCalNsQTJkbWd2ZW5GaUswUXdkR0o0Y1dRcmFuZGlRbXQxUkhoRWNVRTVMMEZ2TTFWWGIzQXJkSGRKZHdwUE9XODNNVXRCYkZsWFVGTlFXVTFsV2tWU1RUUlNPSHBYYkhBNWJWWktVR2xMTTNSblQwcEthVFF3VFU1dGVIZDBabk5SWlZGMGJtTnhhVkZNUWtGSUNpMHRMUzB0UlU1RUlFTkZVbFJKUmtsRFFWUkZMUzB0TFMwSyJ9fX19"}]}, "messageSignature": {"messageDigest": {"algorithm": "SHA2_256", "digest": "Kpkgx6DNI23jNkTtmAoTy7whBYv9xSj+u2CBV17XO+M="}, "signature": "MEUCIENJHieik9ZEbmo7kJxeHVcaoT5X9LrXmsE5qsR9GRiHAiEAmpvrWmoPqyc4iCOUaufcwJNYL+YOMe4oCNidKTgnOQA="}} diff --git a/Python-3.11.12.tar.xz b/Python-3.11.12.tar.xz new file mode 100644 index 0000000..e2b3c80 --- /dev/null +++ b/Python-3.11.12.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:849da87af4df137710c1796e276a955f7a85c9f971081067c8f565d15c352a09 +size 20112232 diff --git a/Python-3.11.12.tar.xz.sigstore b/Python-3.11.12.tar.xz.sigstore new file mode 100644 index 0000000..36fb8a6 --- /dev/null +++ b/Python-3.11.12.tar.xz.sigstore @@ -0,0 +1 @@ +{"mediaType": "application/vnd.dev.sigstore.bundle.v0.3+json", "verificationMaterial": {"certificate": {"rawBytes": "MIICzDCCAlOgAwIBAgIUdXXo3kfUuTRxhwfBaDz2hbLdc00wCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjUwNDA4MTUwMzI1WhcNMjUwNDA4MTUxMzI1WjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEChWB96w27HEQAug03xOuj5aVvdcEBkLaseC6PKbhc3lq1vL78o96RMSdWdBSmBQ4OrRHKvop8VRwn4SI6KPIN6OCAXIwggFuMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUDQFNdUPu8lJprLgYTWMF//JnS0owHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4YZD8wIgYDVR0RAQH/BBgwFoEUcGFibG9nc2FsQHB5dGhvbi5vcmcwKQYKKwYBBAGDvzABAQQbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMCsGCisGAQQBg78wAQgEHQwbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMIGKBgorBgEEAdZ5AgQCBHwEegB4AHYA3T0wasbHETJjGR4cmWc3AqJKXrjePK3/h4pygC8p7o4AAAGWFe1zcgAABAMARzBFAiAMLue9b86BfjeZl9ML7LekLskkUPTEhI2ciiZrYgaF/gIhAIt66OYOVpC39L+bRXJd1K+T39IGMxYcKoaDrMk0DX59MAoGCCqGSM49BAMDA2cAMGQCMEJ+IEScHRIlOwToBZxVVJjrSxOVvqRSfUO5hvYNkqhYz97LxxUFWpcB/DMiQJOUbwIwKJRh5d7c30z1XyE5zsjOZZmz37ah6aJtyuHLCn3QKJniWBMxIMy9lbXlRZWZgsf0"}, "tlogEntries": [{"logIndex": "193896942", "logId": {"keyId": "wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="}, "kindVersion": {"kind": "hashedrekord", "version": "0.0.1"}, "integratedTime": "1744124605", "inclusionPromise": {"signedEntryTimestamp": "MEUCIQDBvc4N4pmeJKalSbAgT5X5MiHnHfiFJ3q/ifYIUDQORwIgNCMUBexEGM4B8VSSWkSDK8uZDGqzA7bgurZdWE0z/vc="}, "inclusionProof": {"logIndex": "71992680", "rootHash": "jow4GaqK8wgGK0YaQkHyINNk1eJRvrgCUSax5oC+bgc=", "treeSize": "71992683", "hashes": ["V5p0el9OkIku5PMpzeGtSeSQLNkd4d0DVh6qNlixrlk=", "CbJfH60w3vsS3xzOzbMZQaokwVM+6efm7OCLjQ5og/k=", "fJZsSVsDo+dpw5484/+8Rm3EH3JostySBfLMVDBUZOU=", "/C+wK2WU/SrXLMnuHDzeBP4K+Jlt/S0nAvzvcXJPp30=", "m6j5meZeKpBfFqNeI7qiCogWjT2IT5NZkgJYwot9sRo=", "V7VMIiqIq7yvzO+ic8vLqIJr3+iGA6whYAGN7YvWhsQ=", "2ap6N1WIsMWGC/Zrnzsx//K9223/3B9lLpJP87M+rXE=", "2kwW2rqY/EMS68q/rOjagVYsEMybFHgxIfbokSa8yKU=", "QReFEOB9XSZtDKsjRtA0fGnYGMYD2Z7qn50auG1YlWo=", "K26LG80DXyb+bC58c4Nw00WigG52v0PCsZGY3ExGsts=", "WEm5OgPzJpYROv+4CcrieexCYyQKrLUH3hbxmcQQ+DM=", "7v8qPHNDLerpduaMx06eb/MwgoQwczTn/cYGKX/9wZ4="], "checkpoint": {"envelope": "rekor.sigstore.dev - 1193050959916656506\n71992683\njow4GaqK8wgGK0YaQkHyINNk1eJRvrgCUSax5oC+bgc=\n\n\u2014 rekor.sigstore.dev wNI9ajBGAiEA7u1b4P659JpwuXMf6lhvC1RhOj/ZH7CpYcAQbitQSwUCIQDJrflW8FGweaiB88lSuLfpfD/a6l6jWhUyOQB/mIJ9rA==\n"}}, "canonicalizedBody": "eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiaGFzaGVkcmVrb3JkIiwic3BlYyI6eyJkYXRhIjp7Imhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiI4NDlkYTg3YWY0ZGYxMzc3MTBjMTc5NmUyNzZhOTU1ZjdhODVjOWY5NzEwODEwNjdjOGY1NjVkMTVjMzUyYTA5In19LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FUUNJRnMzQi9oTk9OMVY2TXFaUkxzRmNHNlU2Qjkza2FsL1VLZWsvYkRVb3o2MUFpQWZydmsrWXpjK0hHZGJYemRRQ203cjlKU2RNUCtuR1BOblVCZzFoSnAySVE9PSIsInB1YmxpY0tleSI6eyJjb250ZW50IjoiTFMwdExTMUNSVWRKVGlCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2sxSlNVTjZSRU5EUVd4UFowRjNTVUpCWjBsVlpGaFliek5yWmxWMVZGSjRhSGRtUW1GRWVqSm9Za3hrWXpBd2QwTm5XVWxMYjFwSmVtb3dSVUYzVFhjS1RucEZWazFDVFVkQk1WVkZRMmhOVFdNeWJHNWpNMUoyWTIxVmRWcEhWakpOVWpSM1NFRlpSRlpSVVVSRmVGWjZZVmRrZW1SSE9YbGFVekZ3WW01U2JBcGpiVEZzV2tkc2FHUkhWWGRJYUdOT1RXcFZkMDVFUVRSTlZGVjNUWHBKTVZkb1kwNU5hbFYzVGtSQk5FMVVWWGhOZWtreFYycEJRVTFHYTNkRmQxbElDa3R2V2tsNmFqQkRRVkZaU1V0dldrbDZhakJFUVZGalJGRm5RVVZEYUZkQ09UWjNNamRJUlZGQmRXY3dNM2hQZFdvMVlWWjJaR05GUW10TVlYTmxRellLVUV0aWFHTXpiSEV4ZGt3M09HODVObEpOVTJSWFpFSlRiVUpSTkU5eVVraExkbTl3T0ZaU2QyNDBVMGsyUzFCSlRqWlBRMEZZU1hkblowWjFUVUUwUndwQk1WVmtSSGRGUWk5M1VVVkJkMGxJWjBSQlZFSm5UbFpJVTFWRlJFUkJTMEpuWjNKQ1owVkdRbEZqUkVGNlFXUkNaMDVXU0ZFMFJVWm5VVlZFVVVaT0NtUlZVSFU0YkVwd2NreG5XVlJYVFVZdkwwcHVVekJ2ZDBoM1dVUldVakJxUWtKbmQwWnZRVlV6T1ZCd2VqRlphMFZhWWpWeFRtcHdTMFpYYVhocE5Ga0tXa1E0ZDBsbldVUldVakJTUVZGSUwwSkNaM2RHYjBWVlkwZEdhV0pIT1c1ak1rWnpVVWhDTldSSGFIWmlhVFYyWTIxamQwdFJXVXRMZDFsQ1FrRkhSQXAyZWtGQ1FWRlJZbUZJVWpCalNFMDJUSGs1YUZreVRuWmtWelV3WTNrMWJtSXlPVzVpUjFWMVdUSTVkRTFEYzBkRGFYTkhRVkZSUW1jM09IZEJVV2RGQ2toUmQySmhTRkl3WTBoTk5reDVPV2haTWs1MlpGYzFNR041Tlc1aU1qbHVZa2RWZFZreU9YUk5TVWRMUW1kdmNrSm5SVVZCWkZvMVFXZFJRMEpJZDBVS1pXZENORUZJV1VFelZEQjNZWE5pU0VWVVNtcEhValJqYlZkak0wRnhTa3RZY21wbFVFc3pMMmcwY0hsblF6aHdOMjgwUVVGQlIxZEdaVEY2WTJkQlFRcENRVTFCVW5wQ1JrRnBRVTFNZFdVNVlqZzJRbVpxWlZwc09VMU1OMHhsYTB4emEydFZVRlJGYUVreVkybHBXbkpaWjJGR0wyZEphRUZKZERZMlQxbFBDbFp3UXpNNVRDdGlVbGhLWkRGTEsxUXpPVWxIVFhoWlkwdHZZVVJ5VFdzd1JGZzFPVTFCYjBkRFEzRkhVMDAwT1VKQlRVUkJNbU5CVFVkUlEwMUZTaXNLU1VWVFkwaFNTV3hQZDFSdlFscDRWbFpLYW5KVGVFOVdkbkZTVTJaVlR6Vm9kbGxPYTNGb1dYbzVOMHg0ZUZWR1YzQmpRaTlFVFdsUlNrOVZZbmRKZHdwTFNsSm9OV1EzWXpNd2VqRlllVVUxZW5OcVQxcGFiWG96TjJGb05tRktkSGwxU0V4RGJqTlJTMHB1YVZkQ1RYaEpUWGs1YkdKWWJGSmFWMXBuYzJZd0NpMHRMUzB0UlU1RUlFTkZVbFJKUmtsRFFWUkZMUzB0TFMwSyJ9fX19"}], "timestampVerificationData": {}}, "messageSignature": {"messageDigest": {"algorithm": "SHA2_256", "digest": "hJ2oevTfE3cQwXluJ2qVX3qFyflxCBBnyPVl0Vw1Kgk="}, "signature": "MEQCIFs3B/hNON1V6MqZRLsFcG6U6B93kal/UKek/bDUoz61AiAfrvk+Yzc+HGdbXzdQCm7r9JSdMP+nGPNnUBg1hJp2IQ=="}} diff --git a/Python-3.11.13.tar.xz b/Python-3.11.13.tar.xz new file mode 100644 index 0000000..80a2b4d --- /dev/null +++ b/Python-3.11.13.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:8fb5f9fbc7609fa822cb31549884575db7fd9657cbffb89510b5d7975963a83a +size 20117496 diff --git a/Python-3.11.13.tar.xz.sigstore b/Python-3.11.13.tar.xz.sigstore new file mode 100644 index 0000000..a6d0be7 --- /dev/null +++ b/Python-3.11.13.tar.xz.sigstore @@ -0,0 +1 @@ +{"mediaType": "application/vnd.dev.sigstore.bundle.v0.3+json", "verificationMaterial": {"certificate": {"rawBytes": "MIICzjCCAlSgAwIBAgIUfnOGm4U1QCsCXWiDvPy5Tgni2HUwCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjUwNjAzMTkyNzM1WhcNMjUwNjAzMTkzNzM1WjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEpTsf/wrCdu4Domf4WOtO4CLkj51wmj4iesYv5N6DYhghPjqQFwGYI9gFc/WX6QMIWh5YHU2NGxrmM7KfbAYzz6OCAXMwggFvMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUkQ2/O4Fivj1bTq7NTQczm1RdtYAwHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4YZD8wIgYDVR0RAQH/BBgwFoEUcGFibG9nc2FsQHB5dGhvbi5vcmcwKQYKKwYBBAGDvzABAQQbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMCsGCisGAQQBg78wAQgEHQwbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMIGLBgorBgEEAdZ5AgQCBH0EewB5AHcA3T0wasbHETJjGR4cmWc3AqJKXrjePK3/h4pygC8p7o4AAAGXN0NwGwAABAMASDBGAiEA6pD8PjS+5z2SQre/NS/wOdFSjVMsxvtfF6A1jg+1T3YCIQDC44S/Z3c0dNddM7EkE+A3j7Vft3hqRUoFkNe4U6g5qTAKBggqhkjOPQQDAwNoADBlAjA6lBI2r3KCZFc+2affpH3S3Xj3gMOKh8Lr5Z7TgkGp3Q6QsnExGmJJ0leXhqH6rQkCMQDfxk/6DyhbO7KTrIUfmrbZoa7dV75cresJS69Xk67XN57qsqY52DZj9o4fbUIw4ro="}, "tlogEntries": [{"logIndex": "228953871", "logId": {"keyId": "wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="}, "kindVersion": {"kind": "hashedrekord", "version": "0.0.1"}, "integratedTime": "1748978856", "inclusionPromise": {"signedEntryTimestamp": "MEUCIQC9nXmfcRqyOL2Zmw1zI7+kulTbmDE3Yfzew81mXJGU4QIgF8Uhdg2uzttSA6erOuEchX68PCyJ0cVFHE0XJX2+ZfE="}, "inclusionProof": {"logIndex": "107049609", "rootHash": "Ilofw5POqC/C3zqfrdMQP1DyhNW+UfB9fHdjrbK6qaM=", "treeSize": "107049610", "hashes": ["AcD1iyjU7nuIPqAq29ynz7PEdq6zPXglj6e2tkH+/do=", "1BNDCN01B3dbUo/TfLaQgKIYTvPyrkcrHKd69GxuF2E=", "t59A0CV2pHM2S9AgZgcEA6FbXhgNZGo0jMRIXHiqsJ0=", "bCrkgWpJ8MBic+mIfCRsKi+5XAMqgM8Lc6G0LLfzZ7M=", "4iwdOrGkcqdN0qqZUx/gv8a8qpLMqVj8aXRVmhQ558c=", "mAX/zvx1jR0ujLtDApsQpHyxmoDGidClHMOn0BX1aQA=", "u5LKLBPTYgXZg0fBi6/8LuEeNy3EBAxJF0AkkB4Co6E=", "SPUVncwJRVX/n/RICCYqLpAzraqx7S0eMdXRr1RLRgg=", "uEJFtwcGQJMd9kjQhkXb7gl2WD3WMElCc15uDFvFGxs=", "VdOKzpQhJlpXgijzXANf/hNlje1G/N1kUuVnKNskkso=", "mta5fH/gFwxJ/0fT8yGpn3sFCY0G1RY555Iflm0LInM=", "7v8qPHNDLerpduaMx06eb/MwgoQwczTn/cYGKX/9wZ4="], "checkpoint": {"envelope": "rekor.sigstore.dev - 1193050959916656506\n107049610\nIlofw5POqC/C3zqfrdMQP1DyhNW+UfB9fHdjrbK6qaM=\n\n\u2014 rekor.sigstore.dev wNI9ajBGAiEAjtzTnsnrGx0G3Dg99s89cPUh6EA+cxkicQ9j4qYU60wCIQCKcAL4kdakbq2JrBVgk7bRNf3FoJRrEI6SCjv16f7Crg==\n"}}, "canonicalizedBody": "eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiaGFzaGVkcmVrb3JkIiwic3BlYyI6eyJkYXRhIjp7Imhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiI4ZmI1ZjlmYmM3NjA5ZmE4MjJjYjMxNTQ5ODg0NTc1ZGI3ZmQ5NjU3Y2JmZmI4OTUxMGI1ZDc5NzU5NjNhODNhIn19LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FVUNJUUM5Q1JZRjNSWGUzdDNxQlBJd2UrR3pMMTJCOXVLTjIrRFpWa2JjZW1FTS93SWdPMDFKaVhnbUJxZEN5RVhoM05JUEt5QlRBb2hpcjZHTkhZdXhiSUxKNDlRPSIsInB1YmxpY0tleSI6eyJjb250ZW50IjoiTFMwdExTMUNSVWRKVGlCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2sxSlNVTjZha05EUVd4VFowRjNTVUpCWjBsVlptNVBSMjAwVlRGUlEzTkRXRmRwUkhaUWVUVlVaMjVwTWtoVmQwTm5XVWxMYjFwSmVtb3dSVUYzVFhjS1RucEZWazFDVFVkQk1WVkZRMmhOVFdNeWJHNWpNMUoyWTIxVmRWcEhWakpOVWpSM1NFRlpSRlpSVVVSRmVGWjZZVmRrZW1SSE9YbGFVekZ3WW01U2JBcGpiVEZzV2tkc2FHUkhWWGRJYUdOT1RXcFZkMDVxUVhwTlZHdDVUbnBOTVZkb1kwNU5hbFYzVG1wQmVrMVVhM3BPZWsweFYycEJRVTFHYTNkRmQxbElDa3R2V2tsNmFqQkRRVkZaU1V0dldrbDZhakJFUVZGalJGRm5RVVZ3VkhObUwzZHlRMlIxTkVSdmJXWTBWMDkwVHpSRFRHdHFOVEYzYldvMGFXVnpXWFlLTlU0MlJGbG9aMmhRYW5GUlJuZEhXVWs1WjBaakwxZFlObEZOU1Zkb05WbElWVEpPUjNoeWJVMDNTMlppUVZsNmVqWlBRMEZZVFhkblowWjJUVUUwUndwQk1WVmtSSGRGUWk5M1VVVkJkMGxJWjBSQlZFSm5UbFpJVTFWRlJFUkJTMEpuWjNKQ1owVkdRbEZqUkVGNlFXUkNaMDVXU0ZFMFJVWm5VVlZyVVRJdkNrODBSbWwyYWpGaVZIRTNUbFJSWTNwdE1WSmtkRmxCZDBoM1dVUldVakJxUWtKbmQwWnZRVlV6T1ZCd2VqRlphMFZhWWpWeFRtcHdTMFpYYVhocE5Ga0tXa1E0ZDBsbldVUldVakJTUVZGSUwwSkNaM2RHYjBWVlkwZEdhV0pIT1c1ak1rWnpVVWhDTldSSGFIWmlhVFYyWTIxamQwdFJXVXRMZDFsQ1FrRkhSQXAyZWtGQ1FWRlJZbUZJVWpCalNFMDJUSGs1YUZreVRuWmtWelV3WTNrMWJtSXlPVzVpUjFWMVdUSTVkRTFEYzBkRGFYTkhRVkZSUW1jM09IZEJVV2RGQ2toUmQySmhTRkl3WTBoTk5reDVPV2haTWs1MlpGYzFNR041Tlc1aU1qbHVZa2RWZFZreU9YUk5TVWRNUW1kdmNrSm5SVVZCWkZvMVFXZFJRMEpJTUVVS1pYZENOVUZJWTBFelZEQjNZWE5pU0VWVVNtcEhValJqYlZkak0wRnhTa3RZY21wbFVFc3pMMmcwY0hsblF6aHdOMjgwUVVGQlIxaE9NRTUzUjNkQlFRcENRVTFCVTBSQ1IwRnBSVUUyY0VRNFVHcFRLelY2TWxOUmNtVXZUbE12ZDA5a1JsTnFWazF6ZUhaMFprWTJRVEZxWnlzeFZETlpRMGxSUkVNME5GTXZDbG96WXpCa1RtUmtUVGRGYTBVclFUTnFOMVptZEROb2NWSlZiMFpyVG1VMFZUWm5OWEZVUVV0Q1oyZHhhR3RxVDFCUlVVUkJkMDV2UVVSQ2JFRnFRVFlLYkVKSk1uSXpTME5hUm1Nck1tRm1abkJJTTFNeldHb3paMDFQUzJnNFRISTFXamRVWjJ0SGNETlJObEZ6YmtWNFIyMUtTakJzWlZob2NVZzJjbEZyUXdwTlVVUm1lR3N2TmtSNWFHSlBOMHRVY2tsVlptMXlZbHB2WVRka1ZqYzFZM0psYzBwVE5qbFlhelkzV0U0MU4zRnpjVmsxTWtSYWFqbHZOR1ppVlVsM0NqUnliejBLTFMwdExTMUZUa1FnUTBWU1ZFbEdTVU5CVkVVdExTMHRMUW89In19fX0="}], "timestampVerificationData": {}}, "messageSignature": {"messageDigest": {"algorithm": "SHA2_256", "digest": "j7X5+8dgn6giyzFUmIRXXbf9llfL/7iVELXXl1ljqDo="}, "signature": "MEUCIQC9CRYF3RXe3t3qBPIwe+GzL12B9uKN2+DZVkbcemEM/wIgO01JiXgmBqdCyEXh3NIPKyBTAohir6GNHYuxbILJ49Q="}} diff --git a/README.SUSE b/README.SUSE new file mode 100644 index 0000000..0053bcf --- /dev/null +++ b/README.SUSE @@ -0,0 +1,43 @@ +Python 3 in SUSE +============== + +* Subpackages * + +Python 3 is split into several subpackages, based on external dependencies. +The main package 'python3' has soft dependencies on all subpackages needed to +assemble the standard library; however, these might not all be installed by default. + +If you attempt to import a module that is currently not installed, an ImportError is thrown, +with instructions to install the missing subpackage. Installing the subpackage might result +in installing libraries that the subpackage requires to function. + + +* ensurepip * + +The 'ensurepip' module from Python 3 standard library (PEP 453) is supposed to deploy +a bundled copy of the pip installer. This makes no sense in a managed distribution like SUSE. +Instead, you need to install package 'python3-pip'. Usually this will be installed automatically +with 'python3'. + +Using 'ensurepip' when pip is not installed will result in an ImportError with instructions +to install 'python3-pip'. + + +* Documentation * + +You can find documentation in seprarate packages: python3-doc and +python3-doc-pdf. These contan following documents: + + Tutorial, What's New in Python, Global Module Index, Library Reference, + Macintosh Module Reference, Installing Python Modules, Distributing Python + Modules, Language Reference, Extending and Embedding, Python/C API, + Documenting Python + +The python3-doc package constains many text files from source tarball. + + +* Interactive mode * + +Interactive mode is by default enhanced with of history and command completion. +If you don't like these features, you can unset the PYTHONSTARTUP variable +in your .profile or disable it system wide in /etc/profile.d/python.sh. diff --git a/_multibuild b/_multibuild new file mode 100644 index 0000000..1d50bc4 --- /dev/null +++ b/_multibuild @@ -0,0 +1,4 @@ + + base + doc + diff --git a/add-loongarch64-support.patch b/add-loongarch64-support.patch new file mode 100644 index 0000000..10cc846 --- /dev/null +++ b/add-loongarch64-support.patch @@ -0,0 +1,29 @@ +Description: Add platform triplets for LoongArch. + +--- + configure.ac | 14 ++++++++++++++ + 1 file changed, 14 insertions(+) + +--- a/configure.ac ++++ b/configure.ac +@@ -976,6 +976,20 @@ cat > conftest.c <=6) && defined(_MIPSEL) diff --git a/baselibs.conf b/baselibs.conf new file mode 100644 index 0000000..1793de8 --- /dev/null +++ b/baselibs.conf @@ -0,0 +1,3 @@ +python311-base +python311 +libpython3_11-1_0 diff --git a/bluez-devel-vendor.tar.xz b/bluez-devel-vendor.tar.xz new file mode 100644 index 0000000..57fb3e5 --- /dev/null +++ b/bluez-devel-vendor.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:868fbfba2ddaed62f2c45cf869fe2c648527ac3bac738f4f41f3c2872f5b0211 +size 25040 diff --git a/bpo-31046_ensurepip_honours_prefix.patch b/bpo-31046_ensurepip_honours_prefix.patch new file mode 100644 index 0000000..86882ae --- /dev/null +++ b/bpo-31046_ensurepip_honours_prefix.patch @@ -0,0 +1,173 @@ +From 5754521af1d51aa8e445cba07a093bbc0c88596d Mon Sep 17 00:00:00 2001 +From: Zackery Spytz +Date: Mon, 16 Dec 2019 18:24:08 -0700 +Subject: [PATCH] bpo-31046: ensurepip does not honour the value of $(prefix) + +Co-Authored-By: Xavier de Gaye +--- + Doc/library/ensurepip.rst | 9 +++-- + Lib/ensurepip/__init__.py | 18 +++++++--- + Lib/test/test_ensurepip.py | 11 ++++++ + Makefile.pre.in | 4 +- + Misc/NEWS.d/next/Build/2019-12-16-17-50-42.bpo-31046.XA-Qfr.rst | 1 + 5 files changed, 34 insertions(+), 9 deletions(-) + create mode 100644 Misc/NEWS.d/next/Build/2019-12-16-17-50-42.bpo-31046.XA-Qfr.rst + +Index: Python-3.11.8/Doc/library/ensurepip.rst +=================================================================== +--- Python-3.11.8.orig/Doc/library/ensurepip.rst ++++ Python-3.11.8/Doc/library/ensurepip.rst +@@ -59,7 +59,9 @@ is at least as recent as the one availab + By default, ``pip`` is installed into the current virtual environment + (if one is active) or into the system site packages (if there is no + active virtual environment). The installation location can be controlled +-through two additional command line options: ++through some additional command line options: ++ ++* ``--prefix ``: Installs ``pip`` using the given directory prefix. + + * :samp:`--root {dir}`: Installs ``pip`` relative to the given root directory + rather than the root of the currently active virtual environment (if any) +@@ -92,7 +94,7 @@ Module API + Returns a string specifying the available version of pip that will be + installed when bootstrapping an environment. + +-.. function:: bootstrap(root=None, upgrade=False, user=False, \ ++.. function:: bootstrap(root=None, prefix=None, upgrade=False, user=False, \ + altinstall=False, default_pip=False, \ + verbosity=0) + +@@ -102,6 +104,8 @@ Module API + If *root* is ``None``, then installation uses the default install location + for the current environment. + ++ *prefix* specifies the directory prefix to use when installing. ++ + *upgrade* indicates whether or not to upgrade an existing installation + of an earlier version of ``pip`` to the available version. + +@@ -122,6 +126,8 @@ Module API + *verbosity* controls the level of output to :data:`sys.stdout` from the + bootstrapping operation. + ++ .. versionchanged:: 3.9 the *prefix* parameter was added. ++ + .. audit-event:: ensurepip.bootstrap root ensurepip.bootstrap + + .. note:: +Index: Python-3.11.8/Lib/ensurepip/__init__.py +=================================================================== +--- Python-3.11.8.orig/Lib/ensurepip/__init__.py ++++ Python-3.11.8/Lib/ensurepip/__init__.py +@@ -122,27 +122,27 @@ def _disable_pip_configuration_settings( + os.environ['PIP_CONFIG_FILE'] = os.devnull + + +-def bootstrap(*, root=None, upgrade=False, user=False, ++def bootstrap(*, root=None, prefix=None, upgrade=False, user=False, + altinstall=False, default_pip=False, + verbosity=0): + """ + Bootstrap pip into the current Python installation (or the given root +- directory). ++ and directory prefix). + + Note that calling this function will alter both sys.path and os.environ. + """ + # Discard the return value +- _bootstrap(root=root, upgrade=upgrade, user=user, ++ _bootstrap(root=root, prefix=prefix, upgrade=upgrade, user=user, + altinstall=altinstall, default_pip=default_pip, + verbosity=verbosity) + + +-def _bootstrap(*, root=None, upgrade=False, user=False, ++def _bootstrap(*, root=None, prefix=None, upgrade=False, user=False, + altinstall=False, default_pip=False, + verbosity=0): + """ + Bootstrap pip into the current Python installation (or the given root +- directory). Returns pip command status code. ++ and directory prefix). Returns pip command status code. + + Note that calling this function will alter both sys.path and os.environ. + """ +@@ -192,6 +192,8 @@ def _bootstrap(*, root=None, upgrade=Fal + args = ["install", "--no-cache-dir", "--no-index", "--find-links", tmpdir] + if root: + args += ["--root", root] ++ if prefix: ++ args += ["--prefix", prefix] + if upgrade: + args += ["--upgrade"] + if user: +@@ -267,6 +269,11 @@ def _main(argv=None): + help="Install everything relative to this alternate root directory.", + ) + parser.add_argument( ++ "--prefix", ++ default=None, ++ help="Install everything using this prefix.", ++ ) ++ parser.add_argument( + "--altinstall", + action="store_true", + default=False, +@@ -285,6 +292,7 @@ def _main(argv=None): + + return _bootstrap( + root=args.root, ++ prefix=args.prefix, + upgrade=args.upgrade, + user=args.user, + verbosity=args.verbosity, +Index: Python-3.11.8/Lib/test/test_ensurepip.py +=================================================================== +--- Python-3.11.8.orig/Lib/test/test_ensurepip.py ++++ Python-3.11.8/Lib/test/test_ensurepip.py +@@ -112,6 +112,17 @@ class TestBootstrap(EnsurepipMixin, unit + unittest.mock.ANY, + ) + ++ def test_bootstrapping_with_prefix(self): ++ ensurepip.bootstrap(prefix="/foo/bar/") ++ self.run_pip.assert_called_once_with( ++ [ ++ "install", "--no-cache-dir", "--no-index", "--find-links", ++ unittest.mock.ANY, "--prefix", "/foo/bar/", ++ "setuptools", "pip", ++ ], ++ unittest.mock.ANY, ++ ) ++ + def test_bootstrapping_with_user(self): + ensurepip.bootstrap(user=True) + +Index: Python-3.11.8/Makefile.pre.in +=================================================================== +--- Python-3.11.8.orig/Makefile.pre.in ++++ Python-3.11.8/Makefile.pre.in +@@ -1761,7 +1761,7 @@ install: @FRAMEWORKINSTALLFIRST@ commoni + install|*) ensurepip="" ;; \ + esac; \ + $(RUNSHARED) $(PYTHON_FOR_BUILD) -m ensurepip \ +- $$ensurepip --root=$(DESTDIR)/ ; \ ++ $$ensurepip --root=$(DESTDIR)/ --prefix=$(prefix) ; \ + fi + + altinstall: commoninstall +@@ -1771,7 +1771,7 @@ altinstall: commoninstall + install|*) ensurepip="--altinstall" ;; \ + esac; \ + $(RUNSHARED) $(PYTHON_FOR_BUILD) -m ensurepip \ +- $$ensurepip --root=$(DESTDIR)/ ; \ ++ $$ensurepip --root=$(DESTDIR)/ --prefix=$(prefix) ; \ + fi + + commoninstall: check-clean-src @FRAMEWORKALTINSTALLFIRST@ \ +Index: Python-3.11.8/Misc/NEWS.d/next/Build/2019-12-16-17-50-42.bpo-31046.XA-Qfr.rst +=================================================================== +--- /dev/null ++++ Python-3.11.8/Misc/NEWS.d/next/Build/2019-12-16-17-50-42.bpo-31046.XA-Qfr.rst +@@ -0,0 +1 @@ ++A directory prefix can now be specified when using :mod:`ensurepip`. diff --git a/bsc1221260-test_asyncio-ResourceWarning.patch b/bsc1221260-test_asyncio-ResourceWarning.patch new file mode 100644 index 0000000..15d6b8d --- /dev/null +++ b/bsc1221260-test_asyncio-ResourceWarning.patch @@ -0,0 +1,21 @@ +From a3052035485bd2836e40f5284657ca105382cbfd Mon Sep 17 00:00:00 2001 +From: sobolevn +Date: Tue, 5 Mar 2024 20:24:16 +0300 +Subject: [PATCH] gh-116112: Fix `ResourceWarning` in + `test_asyncio.test_stream` + +Co-authored-by: @CendioOssman +--- + Lib/test/test_asyncio/test_streams.py | 1 + + 1 file changed, 1 insertion(+) + +--- a/Lib/test/test_asyncio/test_streams.py ++++ b/Lib/test/test_asyncio/test_streams.py +@@ -1156,6 +1156,7 @@ os.close(fd) + + def test_unhandled_cancel(self): + async def handle_echo(reader, writer): ++ writer.close() + asyncio.current_task().cancel() + messages = self._basetest_unhandled_exceptions(handle_echo) + self.assertEqual(messages, []) diff --git a/bso1227999-reproducible-builds.patch b/bso1227999-reproducible-builds.patch new file mode 100644 index 0000000..fb33d18 --- /dev/null +++ b/bso1227999-reproducible-builds.patch @@ -0,0 +1,37 @@ +From ac2b8869724d7a57d9b5efbdce2f20423214e8bb Mon Sep 17 00:00:00 2001 +From: "Bernhard M. Wiedemann" +Date: Tue, 16 Jul 2024 21:39:33 +0200 +Subject: [PATCH] Allow to override build date with SOURCE_DATE_EPOCH + +to make builds reproducible. +See https://reproducible-builds.org/ for why this is good +and https://reproducible-builds.org/specs/source-date-epoch/ +for the definition of this variable. +--- + Doc/conf.py | 3 ++- + Doc/library/functions.rst | 2 +- + 2 files changed, 3 insertions(+), 2 deletions(-) + +--- a/Doc/conf.py ++++ b/Doc/conf.py +@@ -316,7 +316,8 @@ html_context = { + } + + # This 'Last updated on:' timestamp is inserted at the bottom of every page. +-html_last_updated_fmt = time.strftime('%b %d, %Y (%H:%M UTC)', time.gmtime()) ++html_time = int(os.environ.get('SOURCE_DATE_EPOCH', time.time())) ++html_last_updated_fmt = time.strftime('%b %d, %Y (%H:%M UTC)', time.gmtime(html_time)) + + # Path to find HTML templates. + templates_path = ['tools/templates'] +--- a/Doc/library/functions.rst ++++ b/Doc/library/functions.rst +@@ -1356,7 +1356,7 @@ are always available. They are listed h + (where :func:`open` is declared), :mod:`os`, :mod:`os.path`, :mod:`tempfile`, + and :mod:`shutil`. + +- .. audit-event:: open file,mode,flags open ++ .. audit-event:: open path,mode,flags open + + The ``mode`` and ``flags`` arguments may have been modified or inferred from + the original call. diff --git a/distutils-reproducible-compile.patch b/distutils-reproducible-compile.patch new file mode 100644 index 0000000..17e8bd2 --- /dev/null +++ b/distutils-reproducible-compile.patch @@ -0,0 +1,17 @@ +--- + Lib/distutils/util.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +Index: Python-3.11.8/Lib/distutils/util.py +=================================================================== +--- Python-3.11.8.orig/Lib/distutils/util.py ++++ Python-3.11.8/Lib/distutils/util.py +@@ -436,7 +436,7 @@ byte_compile(files, optimize=%r, force=% + else: + from py_compile import compile + +- for file in py_files: ++ for file in sorted(py_files): + if file[-3:] != ".py": + # This lets us be lazy and not filter filenames in + # the "install_lib" command. diff --git a/externally_managed.in b/externally_managed.in new file mode 100644 index 0000000..54606b6 --- /dev/null +++ b/externally_managed.in @@ -0,0 +1,12 @@ +[externally-managed] +Error=To install Python packages system-wide, try + zypper install __PYTHONPREFIX__-xyz, where xyz is the package + you are trying to install. + + If you wish to install a non-rpm packaged Python package, + create a virtual environment using __PYTHON__ -m venv path/to/venv. + Then use path/to/venv/bin/python and path/to/venv/bin/pip. + + If you wish to install a non-rpm packaged Python application, + it may be easiest to use `pipx install xyz`, which will manage a + virtual environment for you. Install pipx via `zypper install __PYTHONPREFIX__-pipx` . diff --git a/fix_configure_rst.patch b/fix_configure_rst.patch new file mode 100644 index 0000000..a5fe82c --- /dev/null +++ b/fix_configure_rst.patch @@ -0,0 +1,40 @@ +--- + Doc/using/configure.rst | 3 --- + Misc/NEWS | 2 +- + 2 files changed, 1 insertion(+), 4 deletions(-) + +--- a/Doc/using/configure.rst ++++ b/Doc/using/configure.rst +@@ -43,7 +43,6 @@ General Options + + See :data:`sys.int_info.bits_per_digit `. + +-.. option:: --with-cxx-main + .. option:: --with-cxx-main=COMPILER + + Compile the Python ``main()`` function and link Python executable with C++ +@@ -529,13 +528,11 @@ macOS Options + + See ``Mac/README.rst``. + +-.. option:: --enable-universalsdk + .. option:: --enable-universalsdk=SDKDIR + + Create a universal binary build. *SDKDIR* specifies which macOS SDK should + be used to perform the build (default is no). + +-.. option:: --enable-framework + .. option:: --enable-framework=INSTALLDIR + + Create a Python.framework rather than a traditional Unix install. Optional +--- a/Misc/NEWS ++++ b/Misc/NEWS +@@ -9911,7 +9911,7 @@ C API + - bpo-40939: Removed documentation for the removed ``PyParser_*`` C API. + + - bpo-43795: The list in :ref:`limited-api-list` now shows the public name +- :c:struct:`PyFrameObject` rather than ``_frame``. The non-existing entry ++ :c:type:`PyFrameObject` rather than ``_frame``. The non-existing entry + ``_node`` no longer appears in the list. + + - bpo-44378: :c:func:`Py_IS_TYPE` no longer uses :c:func:`Py_TYPE` to avoid diff --git a/gh-126572-test_ssl-no-stop-ThreadedEchoServer-OSError.patch b/gh-126572-test_ssl-no-stop-ThreadedEchoServer-OSError.patch new file mode 100644 index 0000000..292efba --- /dev/null +++ b/gh-126572-test_ssl-no-stop-ThreadedEchoServer-OSError.patch @@ -0,0 +1,82 @@ +From 3d390148c05a7ea2d401c4633e7d4db75ebf97d9 Mon Sep 17 00:00:00 2001 +From: Petr Viktorin +Date: Thu, 7 Nov 2024 11:07:02 +0100 +Subject: [PATCH] gh-126500: test_ssl: Don't stop ThreadedEchoServer on OSError + in ConnectionHandler; rely on __exit__ (GH-126503) + +If `read()` in the ConnectionHandler thread raises `OSError` (except `ConnectionError`), +the ConnectionHandler shuts down the entire ThreadedEchoServer, +preventing further connections. +It also does that for `EPROTOTYPE` in `wrap_conn`. + +As far as I can see, this is done to avoid the server thread getting stuck, +forgotten, in its accept loop. However, since 2011 (5b95eb90a7167285b6544b50865227c584943c9a) +the server is used as a context manager, and its `__exit__` does `stop()` and `join()`. +(I'm not sure if we *always* used `with` since that commit, but currently we do.) + +Make sure that the context manager *is* used, and remove the `server.stop()` +calls from ConnectionHandler. +(cherry picked from commit c9cda1608edf7664c10f4f467e24591062c2fe62) + +Co-authored-by: Petr Viktorin +--- + Lib/test/test_ssl.py | 17 ++++++++++++----- + 1 file changed, 12 insertions(+), 5 deletions(-) + +Index: Python-3.11.12/Lib/test/test_ssl.py +=================================================================== +--- Python-3.11.12.orig/Lib/test/test_ssl.py 2025-04-19 19:55:02.157545844 +0200 ++++ Python-3.11.12/Lib/test/test_ssl.py 2025-04-19 19:55:05.014552345 +0200 +@@ -2516,7 +2516,6 @@ + # See also http://erickt.github.io/blog/2014/11/19/adventures-in-debugging-a-potential-osx-kernel-bug/ + if e.errno != errno.EPROTOTYPE and sys.platform != "darwin": + self.running = False +- self.server.stop() + self.close() + return False + else: +@@ -2651,10 +2650,6 @@ + self.close() + self.running = False + +- # normally, we'd just stop here, but for the test +- # harness, we want to stop the server +- self.server.stop() +- + def __init__(self, certificate=None, ssl_version=None, + certreqs=None, cacerts=None, + chatty=True, connectionchatty=False, starttls_server=False, +@@ -2688,21 +2683,33 @@ + self.conn_errors = [] + threading.Thread.__init__(self) + self.daemon = True ++ self._in_context = False + + def __enter__(self): ++ if self._in_context: ++ raise ValueError('Re-entering ThreadedEchoServer context') ++ self._in_context = True + self.start(threading.Event()) + self.flag.wait() + return self + + def __exit__(self, *args): ++ assert self._in_context ++ self._in_context = False + self.stop() + self.join() + + def start(self, flag=None): ++ if not self._in_context: ++ raise ValueError( ++ 'ThreadedEchoServer must be used as a context manager') + self.flag = flag + threading.Thread.start(self) + + def run(self): ++ if not self._in_context: ++ raise ValueError( ++ 'ThreadedEchoServer must be used as a context manager') + self.sock.settimeout(1.0) + self.sock.listen(5) + self.active = True diff --git a/gh120226-fix-sendfile-test-kernel-610.patch b/gh120226-fix-sendfile-test-kernel-610.patch new file mode 100644 index 0000000..2eb6f63 --- /dev/null +++ b/gh120226-fix-sendfile-test-kernel-610.patch @@ -0,0 +1,35 @@ +From 1b3f6523a5c83323cdc44031b33a1c062e5dc698 Mon Sep 17 00:00:00 2001 +From: Xi Ruoyao +Date: Fri, 7 Jun 2024 23:51:32 +0800 +Subject: [PATCH] gh-120226: Fix + test_sendfile_close_peer_in_the_middle_of_receiving on Linux >= 6.10 + (GH-120227) + +The worst case is that the kernel buffers 17 pages with a page size of 64k. +(cherry picked from commit a7584245661102a5768c643fbd7db8395fd3c90e) + +Co-authored-by: Xi Ruoyao +--- + Lib/test/test_asyncio/test_sendfile.py | 11 ++++------- + 1 file changed, 4 insertions(+), 7 deletions(-) + +--- a/Lib/test/test_asyncio/test_sendfile.py ++++ b/Lib/test/test_asyncio/test_sendfile.py +@@ -93,13 +93,10 @@ class MyProto(asyncio.Protocol): + + class SendfileBase: + +- # 256 KiB plus small unaligned to buffer chunk +- # Newer versions of Windows seems to have increased its internal +- # buffer and tries to send as much of the data as it can as it +- # has some form of buffering for this which is less than 256KiB +- # on newer server versions and Windows 11. +- # So DATA should be larger than 256 KiB to make this test reliable. +- DATA = b"x" * (1024 * 256 + 1) ++ # Linux >= 6.10 seems buffering up to 17 pages of data. ++ # So DATA should be large enough to make this test reliable even with a ++ # 64 KiB page configuration. ++ DATA = b"x" * (1024 * 17 * 64 + 1) + # Reduce socket buffer size to test on relative small data sets. + BUF_SIZE = 4 * 1024 # 4 KiB + diff --git a/idle3.appdata.xml b/idle3.appdata.xml new file mode 100644 index 0000000..554b7c4 --- /dev/null +++ b/idle3.appdata.xml @@ -0,0 +1,35 @@ + + + + + idle3.desktop + IDLE3 + CC0 + Python-2.0 + Python 3 Integrated Development and Learning Environment + +

+ IDLE is Python’s Integrated Development and Learning Environment. + The GUI is uniform between Windows, Unix, and Mac OS X. + IDLE provides an easy way to start writing, running, and debugging + Python code. +

+

+ IDLE is written in pure Python, and uses the tkinter GUI toolkit. + It provides: +

+
    +
  • a Python shell window (interactive interpreter) with colorizing of code input, output, and error messages,
    • +
  • a multi-window text editor with multiple undo, Python colorizing, smart indent, call tips, auto completion, and other features,
    • +
  • search within any window, replace within editor windows, and search through multiple files (grep),
    • +
  • a debugger with persistent breakpoints, stepping, and viewing of global and local namespaces.
    • +
+ + https://docs.python.org/3/library/idle.html + + http://in.waw.pl/~zbyszek/fedora/idle3-appdata/idle3-main-window.png + http://in.waw.pl/~zbyszek/fedora/idle3-appdata/idle3-class-browser.png + http://in.waw.pl/~zbyszek/fedora/idle3-appdata/idle3-code-viewer.png + + zbyszek@in.waw.pl + diff --git a/idle3.desktop b/idle3.desktop new file mode 100644 index 0000000..43f5a4c --- /dev/null +++ b/idle3.desktop @@ -0,0 +1,12 @@ +[Desktop Entry] +Version=1.0 +Name=IDLE 3 +GenericName=Python 3 IDE +Comment=Python 3 Integrated Development and Learning Environment +Exec=idle3 %F +TryExec=idle3 +Terminal=false +Type=Application +Icon=idle3 +Categories=Development;IDE; +MimeType=text/x-python; diff --git a/import_failed.map b/import_failed.map new file mode 100644 index 0000000..f33690c --- /dev/null +++ b/import_failed.map @@ -0,0 +1,7 @@ +python311-curses: curses _curses _curses_panel +python311-dbm: dbm _dbm _gdbm +python311-idle: idlelib +python311-testsuite: test _ctypes_test _testbuffer _testcapi _testinternalcapi _testimportmultiple _testmultiphase xxlimited +python311-tk: tkinter _tkinter +python311-tools: turtledemo +python311: sqlite3 readline _sqlite3 nis diff --git a/import_failed.py b/import_failed.py new file mode 100644 index 0000000..258b5a5 --- /dev/null +++ b/import_failed.py @@ -0,0 +1,23 @@ +import sys, os +from sysconfig import get_path + +failed_map_path = os.path.join(get_path('stdlib'), '_import_failed', 'import_failed.map') + +if __spec__: + failed_name = __spec__.name +else: + failed_name = __name__ + +with open(failed_map_path) as fd: + for line in fd: + package = line.split(':')[0] + imports = line.split(':')[1] + if failed_name in imports: + raise ImportError(f"""Module '{failed_name}' is not installed. +Use: + sudo zypper install {package} +to install it.""") + +raise ImportError(f"""Module '{failed_name}' is not installed. +It is supposed to be part of python3 distribution, but missing from failed import map. +Please file a bug on the SUSE Bugzilla.""") diff --git a/macros.python3 b/macros.python3 new file mode 100644 index 0000000..2bd193b --- /dev/null +++ b/macros.python3 @@ -0,0 +1,28 @@ +%have_python3 1 + +# commented out legacy macro definitions +#py3_prefix /usr +#py3_incdir /usr/include/python3.5m +#py3_ver 3.5 + +# these should now be provided by macros.python_all +#python3_sitearch /usr/lib64/python3.5/site-packages +#python3_sitelib /usr/lib/python3.5/site-packages +#python3_version 3.5 + +# hard to say if anyone ever used these? +#py3_soflags cpython-35m-x86_64-linux-gnu +#py3_abiflags m +%cpython3_soabi %(python3 -c "import sysconfig; print(sysconfig.get_config_var('SOABI'))") +%py3_soflags %cpython3_soabi + +# compilation macros that might be in use somewhere +%py3_compile(O) \ +find %1 -name '*.pyc' -exec rm -f {} ";"\ +python3 -c "import sys, os, compileall; br='%{buildroot}'; compileall.compile_dir(sys.argv[1], ddir=br and (sys.argv[1][len(os.path.abspath(br)):]+'/') or None)" %1\ +%{-O:\ +find %1 -name '*.pyo' -exec rm -f {} ";"\ +python3 -O -c "import sys, os, compileall; br='%{buildroot}'; compileall.compile_dir(sys.argv[1], ddir=br and (sys.argv[1][len(os.path.abspath(br)):]+'/') or None)" %1\ +} + + diff --git a/no-skipif-doctests.patch b/no-skipif-doctests.patch new file mode 100644 index 0000000..7e412d7 --- /dev/null +++ b/no-skipif-doctests.patch @@ -0,0 +1,653 @@ +only in patch2: +unchanged: +--- + Doc/library/turtle.rst | 82 ------------------------------------------------- + 1 file changed, 82 deletions(-) + +--- a/Doc/library/turtle.rst ++++ b/Doc/library/turtle.rst +@@ -440,7 +440,6 @@ Turtle motion + turtle is headed. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.position() + (0.00,0.00) +@@ -467,7 +466,6 @@ Turtle motion + >>> turtle.goto(0, 0) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.position() + (0.00,0.00) +@@ -486,13 +484,11 @@ Turtle motion + orientation depends on the turtle mode, see :func:`mode`. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.setheading(22) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.heading() + 22.0 +@@ -511,13 +507,11 @@ Turtle motion + orientation depends on the turtle mode, see :func:`mode`. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.setheading(22) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.heading() + 22.0 +@@ -540,13 +534,11 @@ Turtle motion + not change the turtle's orientation. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.goto(0, 0) + + .. doctest:: +- :skipif: _tkinter is None + + >>> tp = turtle.pos() + >>> tp +@@ -570,13 +562,11 @@ Turtle motion + unchanged. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.goto(0, 240) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.position() + (0.00,240.00) +@@ -592,13 +582,11 @@ Turtle motion + Set the turtle's second coordinate to *y*, leave first coordinate unchanged. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.goto(0, 40) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.position() + (0.00,40.00) +@@ -625,7 +613,6 @@ Turtle motion + =================== ==================== + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.setheading(90) + >>> turtle.heading() +@@ -638,14 +625,12 @@ Turtle motion + its start-orientation (which depends on the mode, see :func:`mode`). + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.setheading(90) + >>> turtle.goto(0, -10) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.heading() + 90.0 +@@ -677,7 +662,6 @@ Turtle motion + calculated automatically. May be used to draw regular polygons. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.position() +@@ -706,7 +690,6 @@ Turtle motion + + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.dot() +@@ -724,7 +707,6 @@ Turtle motion + it by calling ``clearstamp(stamp_id)``. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.color("blue") + >>> turtle.stamp() +@@ -740,7 +722,6 @@ Turtle motion + Delete stamp with given *stampid*. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.position() + (150.00,-0.00) +@@ -785,7 +766,6 @@ Turtle motion + undo actions is determined by the size of the undobuffer. + + .. doctest:: +- :skipif: _tkinter is None + + >>> for i in range(4): + ... turtle.fd(50); turtle.lt(80) +@@ -818,7 +798,6 @@ Turtle motion + turtle turn instantly. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.speed() + 3 +@@ -839,7 +818,6 @@ Tell Turtle's state + Return the turtle's current location (x,y) (as a :class:`Vec2D` vector). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.pos() + (440.00,-0.00) +@@ -855,7 +833,6 @@ Tell Turtle's state + orientation which depends on the mode - "standard"/"world" or "logo". + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.goto(10, 10) + >>> turtle.towards(0,0) +@@ -867,7 +844,6 @@ Tell Turtle's state + Return the turtle's x coordinate. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.left(50) +@@ -883,7 +859,6 @@ Tell Turtle's state + Return the turtle's y coordinate. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.left(60) +@@ -900,7 +875,6 @@ Tell Turtle's state + :func:`mode`). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.left(67) +@@ -917,7 +891,6 @@ Tell Turtle's state + other turtle, in turtle step units. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.distance(30,40) +@@ -941,7 +914,6 @@ Settings for measurement + Default value is 360 degrees. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.left(90) +@@ -964,7 +936,6 @@ Settings for measurement + ``degrees(2*math.pi)``. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.left(90) +@@ -975,7 +946,6 @@ Settings for measurement + 1.5707963267948966 + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.degrees(360) +@@ -1011,7 +981,6 @@ Drawing state + thickness. If no argument is given, the current pensize is returned. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.pensize() + 1 +@@ -1043,7 +1012,6 @@ Drawing state + attributes in one statement. + + .. doctest:: +- :skipif: _tkinter is None + :options: +NORMALIZE_WHITESPACE + + >>> turtle.pen(fillcolor="black", pencolor="red", pensize=10) +@@ -1066,7 +1034,6 @@ Drawing state + Return ``True`` if pen is down, ``False`` if it's up. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.penup() + >>> turtle.isdown() +@@ -1107,7 +1074,6 @@ Color control + newly set pencolor. + + .. doctest:: +- :skipif: _tkinter is None + + >>> colormode() + 1.0 +@@ -1156,7 +1122,6 @@ Color control + with the newly set fillcolor. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.fillcolor("violet") + >>> turtle.fillcolor() +@@ -1195,7 +1160,6 @@ Color control + with the newly set colors. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.color("red", "green") + >>> turtle.color() +@@ -1212,7 +1176,6 @@ Filling + ~~~~~~~ + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.home() +@@ -1222,7 +1185,6 @@ Filling + Return fillstate (``True`` if filling, ``False`` else). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.begin_fill() + >>> if turtle.filling(): +@@ -1247,7 +1209,6 @@ Filling + above may be either all yellow or have some white regions. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.color("black", "red") + >>> turtle.begin_fill() +@@ -1264,7 +1225,6 @@ More drawing control + variables to the default values. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.goto(0,-22) + >>> turtle.left(100) +@@ -1315,7 +1275,6 @@ Visibility + drawing observably. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.hideturtle() + +@@ -1326,7 +1285,6 @@ Visibility + Make the turtle visible. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.showturtle() + +@@ -1357,7 +1315,6 @@ Appearance + deal with shapes see Screen method :func:`register_shape`. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.shape() + 'classic' +@@ -1383,7 +1340,6 @@ Appearance + ``resizemode("user")`` is called by :func:`shapesize` when used with arguments. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.resizemode() + 'noresize' +@@ -1407,7 +1363,6 @@ Appearance + of the shape's outline. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.shapesize() + (1.0, 1.0, 1) +@@ -1432,7 +1387,6 @@ Appearance + heading of the turtle are sheared. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.shape("circle") + >>> turtle.shapesize(5,2) +@@ -1449,7 +1403,6 @@ Appearance + change the turtle's heading (direction of movement). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.reset() + >>> turtle.shape("circle") +@@ -1469,7 +1422,6 @@ Appearance + (direction of movement). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.reset() + >>> turtle.shape("circle") +@@ -1495,7 +1447,6 @@ Appearance + turtle (its direction of movement). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.reset() + >>> turtle.shape("circle") +@@ -1524,7 +1475,6 @@ Appearance + given matrix. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle = Turtle() + >>> turtle.shape("square") +@@ -1540,7 +1490,6 @@ Appearance + can be used to define a new shape or components of a compound shape. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.shape("square") + >>> turtle.shapetransform(4, -1, 0, 2) +@@ -1565,7 +1514,6 @@ Using events + procedural way: + + .. doctest:: +- :skipif: _tkinter is None + + >>> def turn(x, y): + ... left(180) +@@ -1586,7 +1534,6 @@ Using events + ``None``, existing bindings are removed. + + .. doctest:: +- :skipif: _tkinter is None + + >>> class MyTurtle(Turtle): + ... def glow(self,x,y): +@@ -1614,7 +1561,6 @@ Using events + mouse-click event on that turtle. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.ondrag(turtle.goto) + +@@ -1642,7 +1588,6 @@ Special Turtle methods + Return the last recorded polygon. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.begin_poly() +@@ -1662,7 +1607,6 @@ Special Turtle methods + turtle properties. + + .. doctest:: +- :skipif: _tkinter is None + + >>> mick = Turtle() + >>> joe = mick.clone() +@@ -1675,7 +1619,6 @@ Special Turtle methods + return the "anonymous turtle": + + .. doctest:: +- :skipif: _tkinter is None + + >>> pet = getturtle() + >>> pet.fd(50) +@@ -1689,7 +1632,6 @@ Special Turtle methods + TurtleScreen methods can then be called for that object. + + .. doctest:: +- :skipif: _tkinter is None + + >>> ts = turtle.getscreen() + >>> ts +@@ -1707,7 +1649,6 @@ Special Turtle methods + ``None``, the undobuffer is disabled. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.setundobuffer(42) + +@@ -1717,7 +1658,6 @@ Special Turtle methods + Return number of entries in the undobuffer. + + .. doctest:: +- :skipif: _tkinter is None + + >>> while undobufferentries(): + ... undo() +@@ -1740,7 +1680,6 @@ below: + For example: + + .. doctest:: +- :skipif: _tkinter is None + + >>> s = Shape("compound") + >>> poly1 = ((0,0),(10,-5),(0,10),(-10,-5)) +@@ -1751,7 +1690,6 @@ below: + 3. Now add the Shape to the Screen's shapelist and use it: + + .. doctest:: +- :skipif: _tkinter is None + + >>> register_shape("myshape", s) + >>> shape("myshape") +@@ -1771,7 +1709,6 @@ Most of the examples in this section ref + ``screen``. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> screen = Screen() +@@ -1788,7 +1725,6 @@ Window control + Set or return background color of the TurtleScreen. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.bgcolor("orange") + >>> screen.bgcolor() +@@ -1880,7 +1816,6 @@ Window control + distorted. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.reset() + >>> screen.setworldcoordinates(-50,-7.5,50,7.5) +@@ -1891,7 +1826,6 @@ Window control + ... left(45); fd(2) # a regular octagon + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> screen.reset() +@@ -1913,7 +1847,6 @@ Animation control + Optional argument: + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.delay() + 10 +@@ -1935,7 +1868,6 @@ Animation control + :func:`delay`). + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.tracer(8, 25) + >>> dist = 2 +@@ -1972,7 +1904,6 @@ Using screen events + must have the focus. (See method :func:`listen`.) + + .. doctest:: +- :skipif: _tkinter is None + + >>> def f(): + ... fd(50) +@@ -1993,7 +1924,6 @@ Using screen events + must have focus. (See method :func:`listen`.) + + .. doctest:: +- :skipif: _tkinter is None + + >>> def f(): + ... fd(50) +@@ -2018,7 +1948,6 @@ Using screen events + named ``turtle``: + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.onclick(turtle.goto) # Subsequently clicking into the TurtleScreen will + >>> # make the turtle move to the clicked point. +@@ -2038,7 +1967,6 @@ Using screen events + Install a timer that calls *fun* after *t* milliseconds. + + .. doctest:: +- :skipif: _tkinter is None + + >>> running = True + >>> def f(): +@@ -2120,7 +2048,6 @@ Settings and special methods + ============ ========================= =================== + + .. doctest:: +- :skipif: _tkinter is None + + >>> mode("logo") # resets turtle heading to north + >>> mode() +@@ -2135,7 +2062,6 @@ Settings and special methods + values of color triples have to be in the range 0..*cmode*. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.colormode(1) + >>> turtle.pencolor(240, 160, 80) +@@ -2156,7 +2082,6 @@ Settings and special methods + do with a Tkinter Canvas. + + .. doctest:: +- :skipif: _tkinter is None + + >>> cv = screen.getcanvas() + >>> cv +@@ -2168,7 +2093,6 @@ Settings and special methods + Return a list of names of all currently available turtle shapes. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.getshapes() + ['arrow', 'blank', 'circle', ..., 'turtle'] +@@ -2192,7 +2116,6 @@ Settings and special methods + coordinates: Install the corresponding polygon shape. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.register_shape("triangle", ((5,-3), (0,5), (-5,-3))) + +@@ -2208,7 +2131,6 @@ Settings and special methods + Return the list of turtles on the screen. + + .. doctest:: +- :skipif: _tkinter is None + + >>> for turtle in screen.turtles(): + ... turtle.color("red") +@@ -2270,7 +2192,6 @@ Methods specific to Screen, not inherite + center window vertically + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.setup (width=200, height=200, startx=0, starty=0) + >>> # sets window to 200x200 pixels, in upper left of screen +@@ -2286,7 +2207,6 @@ Methods specific to Screen, not inherite + Set title of turtle window to *titlestring*. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.title("Welcome to the turtle zoo!") + +@@ -2357,7 +2277,6 @@ Public classes + Example: + + .. doctest:: +- :skipif: _tkinter is None + + >>> poly = ((0,0),(10,-5),(0,10),(-10,-5)) + >>> s = Shape("compound") +@@ -2743,7 +2662,6 @@ Changes since Python 3.0 + + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> for turtle in turtles(): diff --git a/pre_checkin.sh b/pre_checkin.sh new file mode 100644 index 0000000..a2cf992 --- /dev/null +++ b/pre_checkin.sh @@ -0,0 +1,78 @@ +#!/bin/bash + +export LC_ALL=C + +master=python*.spec + +# create import_failed.map from package definitions +pkgname=$(grep python_pkg_name $master |grep define |awk -F' ' '{print $3}') +MAPFILE=import_failed.map +function new_map_line () { + package=$1 + package=$(echo $1 |sed -e "s:%{python_pkg_name}:$pkgname:") + modules=$2 + if [ -z "$package" -o -z "$modules" ]; then + return + fi + if [[ "$package" =~ "-base" ]]; then + return + fi + echo "$package:$modules" >> $MAPFILE.tmp +} + +for spec in *.spec; do + basename=${spec%.spec} + package= + modules= + while read line; do + case $line in + "%files -n "*) + new_map_line $package "$modules" + package=${line#"%files -n "} + modules= + ;; + "%files "*) + new_map_line $package "$modules" + package=$basename-${line#"%files "} + modules= + ;; + "%files") + new_map_line $package "$modules" + package=$basename + modules= + ;; + "%{sitedir}/config-"*) + # ignore + ;; + "%{sitedir}/"*) + word=${line#"%{sitedir}/"} + if ! echo $word | grep -q /; then + modules="$modules $word" + fi + ;; + "%{dynlib "*"}") + word=${line#"%{dynlib "} + word=${word%"}"} + modules="$modules $word" + ;; + esac + done < $spec + new_map_line $package "$modules" +done + +cat $MAPFILE.tmp |sort -u > $MAPFILE +rm $MAPFILE.tmp + +# run test inclusion check +tar xJf Python-*.xz +python3 skipped_tests.py + +# generate baselibs.conf +VERSION=$(grep ^Version $master|awk -F':' '{print $2}' |sed -e 's/ //g') +python_version=${VERSION:0:3} # 3.3 +python_version_abitag=${python_version//./} # 33 +python_version_soname=${python_version//./_} # 3_3 +echo "$pkgname-base" > baselibs.conf +echo "$pkgname" >> baselibs.conf +echo "libpython$python_version_soname-1_0" >> baselibs.conf + diff --git a/python-3.3.0b1-fix_date_time_compiler.patch b/python-3.3.0b1-fix_date_time_compiler.patch new file mode 100644 index 0000000..cda20d7 --- /dev/null +++ b/python-3.3.0b1-fix_date_time_compiler.patch @@ -0,0 +1,27 @@ +--- + Makefile.pre.in | 7 +++++++ + 1 file changed, 7 insertions(+) + +Index: Python-3.11.8/Makefile.pre.in +=================================================================== +--- Python-3.11.8.orig/Makefile.pre.in ++++ Python-3.11.8/Makefile.pre.in +@@ -1240,11 +1240,18 @@ Modules/getbuildinfo.o: $(PARSER_OBJS) \ + $(DTRACE_OBJS) \ + $(srcdir)/Modules/getbuildinfo.c + $(CC) -c $(PY_CORE_CFLAGS) \ ++ -DDATE="\"`date -u -r Makefile.pre.in +"%b %d %Y"`\"" \ ++ -DTIME="\"`date -u -r Makefile.pre.in +"%T"`\"" \ + -DGITVERSION="\"`LC_ALL=C $(GITVERSION)`\"" \ + -DGITTAG="\"`LC_ALL=C $(GITTAG)`\"" \ + -DGITBRANCH="\"`LC_ALL=C $(GITBRANCH)`\"" \ + -o $@ $(srcdir)/Modules/getbuildinfo.c + ++Python/getcompiler.o: $(srcdir)/Python/getcompiler.c Makefile ++ $(CC) -c $(PY_CORE_CFLAGS) \ ++ -DCOMPILER='"[GCC]"' \ ++ -o $@ $(srcdir)/Python/getcompiler.c ++ + Modules/getpath.o: $(srcdir)/Modules/getpath.c Python/frozen_modules/getpath.h Makefile $(PYTHON_HEADERS) + $(CC) -c $(PY_CORE_CFLAGS) -DPYTHONPATH='"$(PYTHONPATH)"' \ + -DPREFIX='"$(prefix)"' \ diff --git a/python-3.3.0b1-localpath.patch b/python-3.3.0b1-localpath.patch new file mode 100644 index 0000000..475497e --- /dev/null +++ b/python-3.3.0b1-localpath.patch @@ -0,0 +1,13 @@ +Index: Python-3.11.8/Lib/site.py +=================================================================== +--- Python-3.11.8.orig/Lib/site.py ++++ Python-3.11.8/Lib/site.py +@@ -77,7 +77,7 @@ import io + import stat + + # Prefixes for site-packages; add additional prefixes like /usr/local here +-PREFIXES = [sys.prefix, sys.exec_prefix] ++PREFIXES = [sys.prefix, sys.exec_prefix, '/usr/local'] + # Enable per user site-packages directory + # set it to False to disable the feature or True to force the feature + ENABLE_USER_SITE = None diff --git a/python-3.3.0b1-test-posix_fadvise.patch b/python-3.3.0b1-test-posix_fadvise.patch new file mode 100644 index 0000000..ac5d553 --- /dev/null +++ b/python-3.3.0b1-test-posix_fadvise.patch @@ -0,0 +1,17 @@ +--- + Lib/test/test_posix.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +Index: Python-3.11.8/Lib/test/test_posix.py +=================================================================== +--- Python-3.11.8.orig/Lib/test/test_posix.py ++++ Python-3.11.8/Lib/test/test_posix.py +@@ -430,7 +430,7 @@ class PosixTester(unittest.TestCase): + def test_posix_fadvise(self): + fd = os.open(os_helper.TESTFN, os.O_RDONLY) + try: +- posix.posix_fadvise(fd, 0, 0, posix.POSIX_FADV_WILLNEED) ++ posix.posix_fadvise(fd, 0, 0, posix.POSIX_FADV_RANDOM) + finally: + os.close(fd) + diff --git a/python.keyring b/python.keyring new file mode 100644 index 0000000..747bc27 --- /dev/null +++ b/python.keyring @@ -0,0 +1,109 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBFq+ToQBEADRYvIVtbK6owynD3j3nxwpW2KEk/p+aDvtXmc2SR2dBcZ8sFW2 +R5vEsG8d3/D3wgv5pcL3KfNNXQYUnXVbobrFUUWQYc79qIsE3MgiPf5NVOtwKPUR +i5g9YJgKvpBxkQfqp3LYGm9ZBtwo3DVLA3yn7KsazCmAgTNFJYw7ku1XxgmIzY6K +5J30DfbJiqDqj4f9GslCCCCH3qiPnuLG/HUyVLHMpbWlaiy9NI0GcaLxjJewHj9w +W2D2lydkxe5JGo7egUkV3ILcuLVSVKA35SKY27dYqfuyqp9tAzaRbjDYjsYdHA6G +BqrNrKBn/GwlFDPrVdcvN3ZSY2wMLTxWE3Axc/FweuHxFnou/80FwX7F3JD+oEQ6 +rofmcxOBCC7J98I7HZAhP9jBn88XIS2hztbLq8d6rZJZRtcz0k61VR0ddO+TrFmf +9rMYCPgCckRtVxeFIVIabrN1IzKynLFeo040h8hSGswd6YKDOVwjJY6Oa6EmVefZ +a8QSt4+M65RSzH6SEPY008F3nJUAK6MEkzTak+tFltZNrVWu8p2xd1j9nmxAwEhZ +/lgbxLqzYgaUWmfyHeZ8yVA0MhHzdiAL8nVUEdG3KecIq0RWCJLGLWWIjd6KAJl1 +yAmhRYKK/sjPDsL3elHsFACfZbyx3o5GGQNlas1FYoPLWbaNGaJtgFTF2QARAQAB +tCtQYWJsbyBHYWxpbmRvIFNhbGdhZG8gPHBhYmxvZ3NhbEBnbWFpbC5jb20+iQJO +BBMBCgA4FiEEoDXIwZIZuoIezqhrZOYo+NaEaW0FAlq+ToQCGwMFCwkIBwMFFQoJ +CAsFFgIDAQACHgECF4AACgkQZOYo+NaEaW2bmA/+PXIap2udLoUVOHxnsIBdqYwp +sv1Aj5lfIJmNhmxPbHShwp1Jg+w4urxe+2Dj5ofKVlIo1i83bQkvnKJMDXDVuc/K +P6zqhBJ3rT4Q3qx2mzX8bIfQoJ2JHuH4lkP+I7doDcHHRyeNASyk72VdQmU4twNw +Ibn8nSNV6ThKHdoPYzVnO2rZUFcGIqH5HNsvR+B7cc1MBCHsgURYwSVhSePIFGlZ +iasdBD6QQkDSe4QWi7AcJFWFElw4kbOKJWxAWsrEk+tMXJVGRjnmL289EmPCx/vx +BqKy7Mse0yWCSRR3vB+O6TB1S5SgEyEgqlYsfGNv1qf/rfRD4KkyCbNU3LhY1Aim +vJP4pDW+KFxTk2Ks8vrx8gOSd2aFqPeO/pFDrpsF7PD62XwsfoXu4xc5V0Giw7r1 +Nai0nax7kOrldNF8TbbtRjW0jmoC7wLIDujAkwDIOroZ0CXA3N4HVHdSbrHm/urX +nyxJXupXAQNwGx64JCBcbF2fp3Kvu1VAXBEFnd01KaopthHcbG5pA50Kl2Vhe+98 +OdezUX42fHkQpQkB7HgtXfm6W1bw6YRBamrNvs1OoHBYmUjlECpe566IIu25Hc8s +x3qA+6eca7iqizyLG+WyMT8ZIYTWGAS59jxwR4esqGczbbZPSAPHFwLbGv7Wr0Rd +TPu5B0FcKpDkTd4IxQW5Ag0EWr5O2gEQAMjLe4CtbSfofmJrz5wfNkMVsZ81Gbqe +MoYd3dtkJnQYERUj8flzBj3ucaxGJ+Cuf7ybh3naPopKvEI1q0vkcgCDqrEgXK// +jKJbP28uPSMGhOG28q4PbamG55gy5FtM3ezzAxPWWKe9qBpV65GMmFy7eBQx2iJs +yiDIOOQQ4kraS+cTqNFimEXAGLCOQRNLcwIZzwAAHoW7HEpNUfVwaBD9kMlbo1ND +I60IKcNrNcmcmRxhJqfxjj8YBMwcKHO6GBE3AVpaE/+UO9zyr4TH+0YuQUgxKlPW +Dkg5XlkDo0S1GyLY5e9ckIDIlkTdDa2pOkoE2yB5MQCEga3YiHrKUVTTWaxn9XVJ +6x5ZjUF6bgSWGkrG5dUqSYoO1iDMuNVjtiujNyf/rvfj5cNxS7/lgxchhQKZHZXL +WVqxlneeVJ6s0P4+ROVG9ga2Sve7aUJ6wXIewZwulBcV2sE/W/DgxHgLBi53CUQt +vEzFzKvo48GnDqL5VYjA7l0HMYHd4GksCLi8E8U6Cgj+imXiM8voL7pHRZfs8mY8 +udR+UT4e1Scl2MYP2qBJ9/17B/X52B3s1EZdqI/r+hfOyqrhPs+dbAN0mtMPn68+ +nrvY1+nscvrSYEP6ZBlc9Hp2mgJdb6IcTvINXBEeLRjgc3pjViva443pkiFp9Axm +ecOckMKP3uSlABEBAAGJBGwEGAEKACAWIQSgNcjBkhm6gh7OqGtk5ij41oRpbQUC +Wr5O2gIbAgJACRBk5ij41oRpbcF0IAQZAQoAHRYhBM/cokWxBDzypfl4Zf/odAQW +i9hHBQJavk7aAAoJEP/odAQWi9hHr7YP/RCLre1CmOoWYpAtoa1yVCeYMDV6eQgL +B488/BEZHQE1zbrYy16XkhORob3JF/kUMjmJW7XaFF8FrWvRcdj/xaUGbOOEulKg +v+8zWfswYQRiZ4/JlwER4vRLi6fTE89MVER6Fkj2ASD4D2cifY+EztD4flV3sq3s +vIogGFaN9IvdrdeptOVGXs1RmAyoTsiS2mKQ6xsGh8B9ZAm55W8fBOGiSzLX21Xk +Ofdw53BrFQxn3cu/JgIKpdeZxgukcvEAI62B6X+YL6Na4j0eqEGLzsNtU1+xeJlo +WtVvmRwnRHGSxF6fzIZ3mk/p/aFiXAEq/xITCTY6tDv7x7pFE/RpdlJZyNJ+R5Y4 +SQiuDsylxNCa/4G5EB6q+7iVYtbEQ9MnZg2phowEE42tlj0rz8/rvDK3LH3xibot +KHIodCWKlWByxH99u2PuHUQ0c1oCVBUE1KkruMpvI236DpU/dvdq4JLSg/fWrys/ +VIjqLZgsIE5g/KO9XqngWHkLcBLh4CNAmHJ8Iia+s+/rfgsejQWB5uJb6eYg2JjB +4WP1EI0rULM6fdrCNB+MJ36wE2Lnb4bfT0phOMgjjH5/Ki7ZCbkxkOsBs4SRjiS+ +weCsmpAtMqodWY/Cnw9pWSA/qLSRD5/mKeb9SO6OZ/OPfAatwnGHsvZ2sAueC6rR +04W5BfXZWrnJUXQP/id/EKE1Ksp5fKoxSCbkKTCig+Sf5Afwe36yFN+niZBqzn5b +BgL/HIKaZM97oDHersPPANeEgS+JVlBf95iKIYnQbZP43FLVbvOuaINhBIVtFO54 +2Y7EYwl41kP7ILDElVy36KAmdQyBAfrjnZiRA70xShOxApLug1L0lxhR3YfmLwNi +RJ0V6KnYDKf0pfdhO9VFyFFWUojX1usn2SmSsXNizsNtvRqHXzPnX0rbJzZ9+N4O +9k1nxygYFG/2R/jGonVmTjRzcAHrAkNJETMWXMA7/8wRMDwluz8j+cCldey9x8Vk +JwgLGnZSbQtVpcFAnm5r/36Gt+9wc1VWMyrUrVr6Z679aqAbG7PMaeR5h5ygMj1k +VqRTYAUPSk1f8bZKRssQkQwEbp9dVIjm9SsR8VT7/tB+UuB85dABxgHfv3psJRT+ +tL8g9V7kSZqQfcLNGmvEVvr2Zl9NtxwXtsFM2OBprxCenwb+e9Ppm1LjfJG/NE72 +mAnOERfDaiLt4bqNo36Ei5sGCJ4Fx61phzNBXzkdRNM47i8J5UZRKFkE91c99BVM +HKUaY61NRK24fR0zP98ftDU82YFw0VRFJpTeBrO5ivN1MlQxUPzUWxKxMxO+20wa +UOXroEw11Tb4SRLGOla1pCl6lCUPJRy9IzadPDgTr/OTMkob/snt/XLdnV5/uQIN +BFq+TvoBEAC8Oy1g6pPWBbrCMhIq7VWY2fjylJ1fwg5BPXkOKVK1dsGYO4QD7oW9 +L0aSqcFSNFGF9Cl0Ri4TFXZC3hnG4HeSXUWApuKdBLn21H3jba36Ay1oGcGfdm0v +Zght4c6BlMVBpGCw2wIkJbUNEy6InMM+O8CCbbaH3iJkJ4141P7pODHignx5AmZI +conMui4YOhC+IXQXynVEv1Juk7erB1Nh1RcRvsA4lb44HWx49lIwe85ejOmoZ0O3 +6f9NJRer6bV0+rHWmg4IV5Q9h/Gn4IhEDZxA0DZl1RQI7dMgaMbIFbXGq7Kgzstz +EUnOoy29hXodxVmwIsMrAiQUYtwJ9hW+ESsw47+W2iPHVgviGWl7r/SgcgMYmf6m +5kiTBtwU7BQPS9G3zwwP2Rm3AA/6g39Q+tQKjOwi1I8+GZsY2On44Zly7BreBNg5 +4gJgdAGcMOYU9etr050clH3UpTYcAEtX++ahtOKhJgLIPNcIAQNlnifqvU0VYpgw +R4YpZ7hgg+AVDzC73PIM0lFI0XiDuqChbxE+K1jmLXWe5iJF0dzgVTwP+PmsifNZ +Wg3+YxSsS+hDMPQ2xPiQN49gT4JJDHcDuyhHyCGYgyMiVJCsku9KrkubbfVRivyN +ZF2Zfo3f+nbrRxsftz0yjAq8byCvb0V0XOpt4pJ/ddlug9ytRxALNwARAQABiQI2 +BBgBCgAgFiEEoDXIwZIZuoIezqhrZOYo+NaEaW0FAlq+TvoCGwwACgkQZOYo+NaE +aW3urA//UQ/cKQ7HvWjcLphzQOZc+6m5YL0wxvZkSjemU7mqjZdpacteIvRAoers +EqXHc208liIBtNfRzoreXdcXNzie65xXkrRnWoHVH/fTWy4lOnHr2CMXLeHjUgg/ +M6PYi8+sARm05YFB8nsYhlhx3IdLhcfeVVbJedQKO0yL3CK1okT30DUVq5Lq6X/K +DC6AxuJR3D6UMSoT0WLaoX8qbhAp88qLynInfBVL18d97h916WPLTPeP0eHwhwND +bYtKDCMDuKQ9XX5+QsNH0RmbxlX274LHrUMMvkLKxcfCBvP+iuqrBeIuoeVzXYJZ +j7ZJtEH79bW44eecl/CY/STFYgSQ2XGTp2BI2q60wAmtKlNhwxY5ena0FgyFl6Tm +5OBHW/Pwo+ndQJGfbrCyWkTgRay9c8er3gl3GQYIBH6X0kCiG7h/Epj0b5CHOPU5 +hCw0kEB8MB4poTIjeiY+Q01472/lQ68CL3DX158hR5d3XaPSIxAN+qFsfB1o316p +yjxhfK1MD/IfrOgjlggPPnc/KmLkCzpgdwKcZwLCdZq9hYBvF1Zs34HbaVMYbWTK +uxLowtXGU43vatCXXqmPOvl4/g4tZD6rysJDgOrHQnEHzT+Napn07s0BRC0IbbNn +FynUrkr5KMSuRz7Hg7xMApENOrb0nqdHSUJ914ZpuMIS6RhJgGu5Ag0EWr5PIAEQ +ALfh9vPD2B+miHDTMADI8aRZ7g9tnzynZYkk3+2sCiiusetsQQ+HIPJ/ASEJB7On +ane9dyT/LTRhrK9qaxgVMimk2COXB/xyh7Mnw7nJgFU0aRSbtX0vbvQz2suSzrQ6 +9mPKzan28JGoClqB0bw1vwf3VjjxHV2dgD57CmqFPv7kAC/2a56dE+etzXattZAL ++2JWTpmfQ0ePRRadtBm0VahQhnU8x0+jvAVrEawqpVW83ozYFyW/0WInM2J7jHgQ +16OosY4lj5L/DxpVxaArhRFoRfWPXfC37iE8Mou/I95isvPQIhp1wTo4jG0KM02B +oIVbp/QRNBQ6WtpOzvJs1gqQiJJTfqbKJXQ3NDEY9crpVS83HJ+Zv99PNsyNkFjG +QpU84U3ZhsI4ygjdY45mpZueqI1RVcRQdu8Hgvoo/78Q/Sir6gMGop3mVdVo2guI +kFcJrXh0Xk3ech4aVqrmKx/mPXGwOAQU0DAul4RW3fKg1QxQE7Tlw3+95Ee/+q5j +HARL0uDbCJpRO8Sl8NDEuL32n/2Ot6kQeCSHrU7KJRYAkTxkKvr8zNow7hFhHFPE +SnHvTnskI6noh0VY6NwMhmLvhm0wKkRxZPzUNc3sgLvbK1NymIZ9aKCZamzhZrmG +vnblEz/OSLwGUua465H3hM1vvBQiartj7+6ZqWIkSmBPABEBAAGJAjYEGAEKACAW +IQSgNcjBkhm6gh7OqGtk5ij41oRpbQUCWr5PIAIbIAAKCRBk5ij41oRpbWmeEACG ++axtDC8UoNp9ORiYwEWLzZWDuugE+ah7DYYGD4Vs633FXVZW3SgM/bFtJ/0Lg8CF +74jI4LMHyIjDzEjcoItwnhBLix+kUoJTvrY58GPydwekLuw1p4KXLqtRs4fsZbNQ +YTknl4jYtRWoxO98x7tun7Gq2gqmJkIB2uj630fKz5cBk6p6oDFKjzyrHe+V7BiK +3okQPaD4x7hq8OnTy7lOy92ZZAqztS4tNEb4DkYW1MpuwsJ7hbBZitc1siI+FVVb +GjVVGZz6ssXoW67Tz8+VxdWJxNLXlv27eMcj4sme5S0th/YYNA5fRRv6zuzqZAru +YNGLpYYU7JLvZJ+3lCwa5j5ycOGBF0GvsGs6gj6h+CHkjR/BgzAgWC+GgUgslt6q +aH04rWtV6rVz+Y91LcrX5P6OM4anmXD3Gp3kl35AypXb4KyASF19+11RUziD4Z7q +wQEWfbwOltNyZv2lD8s2jPr7P02axWRQUbZAEhxRmvOQev/FZPyCF6gqUo/HxRbQ +y3bzmnipyHSv1DlXNfCFCHvN8kGyZnRWARqIKRg+j9ediJgOUqlLhg6KmrTVxd5v +3Dfv52PW2UODDTM20s3cQGuX/UswzMRwPI/+P44iCMwEKdm7duM/5oisZT9Vhy7g +P15MreFZLcZvUVgjqgy0u57cstyGK1Bo9e2sFcK2fA== +=6Zb4 +-----END PGP PUBLIC KEY BLOCK----- diff --git a/python311-rpmlintrc b/python311-rpmlintrc new file mode 100644 index 0000000..6c3d3b0 --- /dev/null +++ b/python311-rpmlintrc @@ -0,0 +1,4 @@ +addFilter("pem-certificate.*/usr/lib.*/python.*/test/*.pem") +addFilter("devel-file-in-non-devel-package.*/usr/lib.*/python.*/tests/*.c") +addFilter("devel-file-in-non-devel-package.*/usr/lib.*/python.*/test/*.cpp") +addFilter("python-bytecode-inconsistent-mtime.*\.pyc") diff --git a/python311.changes b/python311.changes new file mode 100644 index 0000000..c4ce322 --- /dev/null +++ b/python311.changes @@ -0,0 +1,5645 @@ +------------------------------------------------------------------- +Fri Aug 1 20:09:24 UTC 2025 - Matej Cepl + +- Add CVE-2025-8194-tarfile-no-neg-offsets.patch which now + validates archives to ensure member offsets are non-negative + (gh#python/cpython#130577, CVE-2025-8194, bsc#1247249). + +------------------------------------------------------------------- +Wed Jul 2 14:47:20 UTC 2025 - Matej Cepl + +- Add CVE-2025-6069-quad-complex-HTMLParser.patch to avoid worst + case quadratic complexity when processing certain crafted + malformed inputs with HTMLParser (CVE-2025-6069, bsc#1244705). + +------------------------------------------------------------------- +Tue Jul 1 08:19:52 UTC 2025 - Daniel Garcia + +- Use one core to build doc. This will make sphinx doc build + reproducible. + bsc#1243155 + +------------------------------------------------------------------- +Mon Jun 9 17:19:32 UTC 2025 - Matej Cepl + +- Update to 3.11.13: + - Security + - gh-135034: Fixes multiple issues that allowed tarfile + extraction filters (filter="data" and filter="tar") + to be bypassed using crafted symlinks and hard links. + Addresses CVE-2024-12718 (bsc#1244056), CVE-2025-4138 + (bsc#1244059), CVE-2025-4330 (bsc#1244060), and + CVE-2025-4517 (bsc#1244032). Also addresses CVE-2025-4435 + (gh#135034, bsc#1244061). + - gh-133767: Fix use-after-free in the “unicode-escape” + decoder with a non-“strict” error handler (CVE-2025-4516, + bsc#1243273). + - gh-128840: Short-circuit the processing of long IPv6 + addresses early in ipaddress to prevent excessive memory + consumption and a minor denial-of-service. + - Library + - gh-128840: Fix parsing long IPv6 addresses with embedded + IPv4 address. + - gh-134062: ipaddress: fix collisions in __hash__() for + IPv4Network and IPv6Network objects. + - gh-123409: Fix ipaddress.IPv6Address.reverse_pointer output + according to RFC 3596, §2.5. Patch by Bénédikt Tran. + - bpo-43633: Improve the textual representation of + IPv4-mapped IPv6 addresses (RFC 4291 Sections 2.2, 2.5.5.2) + in ipaddress. Patch by Oleksandr Pavliuk. +- Remove upstreamed patches: + - gh-126572-test_ssl-no-stop-ThreadedEchoServer-OSError.patch + - CVE-2025-4516-DecodeError-handler.patch + +------------------------------------------------------------------- +Thu May 22 13:01:17 UTC 2025 - Matej Cepl + +- Add CVE-2025-4516-DecodeError-handler.patch fixing + CVE-2025-4516 (bsc#1243273) blocking DecodeError handling + vulnerability, which could lead to DoS. + +------------------------------------------------------------------- +Sat May 17 10:02:27 UTC 2025 - Matej Cepl + +- Use extended %autopatch. + +------------------------------------------------------------------- +Sat May 10 11:38:24 UTC 2025 - Matej Cepl + +- Remove python-3.3.0b1-test-posix_fadvise.patch (not needed + since kernel 3.6-rc1) + +------------------------------------------------------------------- +Fri Apr 18 14:05:38 UTC 2025 - Matej Cepl + +- Update to 3.11.12: + - gh-131809: Update bundled libexpat to 2.7.1 + - gh-131261: Upgrade to libexpat 2.7.0 + - gh-105704: When using urllib.parse.urlsplit() and + urllib.parse.urlparse() host parsing would not reject domain + names containing square brackets ([ and ]). Square brackets + are only valid for IPv6 and IPvFuture hosts according to RFC + 3986 Section 3.2.2 (bsc#1236705, CVE-2025-0938, + gh#python/cpython#105704). + - gh-121284: Fix bug in the folding of rfc2047 encoded-words + when flattening an email message using a modern email + policy. Previously when an encoded-word was too long for + a line, it would be decoded, split across lines, and + re-encoded. But commas and other special characters in the + original text could be left unencoded and unquoted. This + could theoretically be used to spoof header lines using a + carefully constructed encoded-word if the resulting rendered + email was transmitted or re-parsed. + - gh-80222: Fix bug in the folding of quoted strings + when flattening an email message using a modern email + policy. Previously when a quoted string was folded so that + it spanned more than one line, the surrounding quotes and + internal escapes would be omitted. This could theoretically + be used to spoof header lines using a carefully constructed + quoted string if the resulting rendered email was transmitted + or re-parsed. + - gh-119511: Fix a potential denial of service in the imaplib + module. When connecting to a malicious server, it could + cause an arbitrary amount of memory to be allocated. On many + systems this is harmless as unused virtual memory is only + a mapping, but if this hit a virtual address size limit + it could lead to a MemoryError or other process crash. On + unusual systems or builds where all allocated memory is + touched and backed by actual ram or storage it could’ve + consumed resources doing so until similarly crashing. + - gh-127257: In ssl, system call failures that OpenSSL reports + using ERR_LIB_SYS are now raised as OSError. + - gh-121277: Writers of CPython’s documentation can now use + next as the version for the versionchanged, versionadded, + deprecated directives. + - gh-106883: Disable GC during the _PyThread_CurrentFrames() + and _PyThread_CurrentExceptions() calls to avoid the + interpreter to deadlock. +- Remove upstreamed patch: + - CVE-2025-0938-sq-brackets-domain-names.patch +- Add gh-126572-test_ssl-no-stop-ThreadedEchoServer-OSError.patch + which makes test_ssl not to stop ThreadedEchoServer on OSError, + which makes test_ssl pass with OpenSSL 3.5 (bsc#1241067, + gh#python/cpython!126572) + +------------------------------------------------------------------- +Wed Mar 12 15:05:46 UTC 2025 - Bernhard Wiedemann + +- Allow to disable PGO + +------------------------------------------------------------------- +Mon Mar 10 15:44:31 UTC 2025 - Bernhard Wiedemann + +- Skip PGO with %want_reproducible_builds (bsc#1239210) + +------------------------------------------------------------------- +Tue Feb 4 14:43:13 UTC 2025 - Matej Cepl + +- Add CVE-2025-0938-sq-brackets-domain-names.patch which + disallows square brackets ([ and ]) in domain names for parsed + URLs (bsc#1236705, CVE-2025-0938, gh#python/cpython#105704) + +------------------------------------------------------------------- +Mon Jan 27 09:00:48 UTC 2025 - Daniel Garcia + +- Configure externally_managed with a bcond + https://en.opensuse.org/openSUSE:Python:Externally_managed + bsc#1228165 + +------------------------------------------------------------------- +Wed Dec 4 21:40:41 UTC 2024 - Matej Cepl + +- Update to 3.11.11: + - Tools/Demos + - gh-123418: Update GitHub CI workflows to use OpenSSL 3.0.15 + and multissltests to use 3.0.15, 3.1.7, and 3.2.3. + - Tests + - gh-125041: Re-enable skipped tests for zlib on the + s390x architecture: only skip checks of the compressed + bytes, which can be different between zlib’s software + implementation and the hardware-accelerated implementation. + - Security + - gh-126623: Upgrade libexpat to 2.6.4 + - gh-122792: Changed IPv4-mapped ipaddress.IPv6Address to + consistently use the mapped IPv4 address value for deciding + properties. Properties which have their behavior fixed are + is_multicast, is_reserved, is_link_local, is_global, and + is_unspecified. + - Library + - gh-124651: Properly quote template strings in venv + activation scripts (bsc#1232241, CVE-2024-9287). +- Removed upstreamed patches: + - CVE-2024-9287-venv_path_unquoted.patch + +------------------------------------------------------------------- +Tue Dec 3 08:21:35 UTC 2024 - John Paul Adrian Glaubitz + +- Add add-loongarch64-support.patch to support loongarch64 + +------------------------------------------------------------------- +Mon Dec 2 22:50:07 UTC 2024 - Matej Cepl + +- Fix changelog + +------------------------------------------------------------------- +Mon Nov 11 12:43:40 UTC 2024 - Daniel Garcia + +- Remove -IVendor/ from python-config boo#1231795 + +------------------------------------------------------------------- +Fri Nov 1 16:32:10 UTC 2024 - Matej Cepl + +- Add CVE-2024-9287-venv_path_unquoted.patch to properly quote + path names provided when creating a virtual environment + (bsc#1232241, CVE-2024-9287) + +------------------------------------------------------------------- +Wed Oct 2 16:18:29 UTC 2024 - Matej Cepl + +- Drop .pyc files from docdir for reproducible builds + (bsc#1230906). + +------------------------------------------------------------------- +Mon Sep 9 16:53:07 UTC 2024 - Matej Cepl + +- Update to 3.11.10: + - Security + - gh-123678: Upgrade libexpat to 2.6.3 + - gh-121957: Fixed missing audit events around interactive + use of Python, now also properly firing for ``python -i``, + as well as for ``python -m asyncio``. The event in question + is ``cpython.run_stdin``. + - gh-122133: Authenticate the socket connection for the + ``socket.socketpair()`` fallback on platforms where + ``AF_UNIX`` is not available like Windows. Patch by + Gregory P. Smith and Seth Larson + . Reported by Ellie + - gh-121285: Remove backtracking from tarfile header parsing + for ``hdrcharset``, PAX, and GNU sparse headers + (bsc#1230227, CVE-2024-6232). + - gh-118486: :func:`os.mkdir` on Windows now accepts + *mode* of ``0o700`` to restrict the new directory to + the current user. This fixes CVE-2024-4030 affecting + :func:`tempfile.mkdtemp` in scenarios where the base + temporary directory is more permissive than the default. + - gh-116741: Update bundled libexpat to 2.6.2 + - Library + - gh-123270: Applied a more surgical fix for malformed + payloads in :class:`zipfile.Path` causing infinite loops + (gh-122905) without breaking contents using legitimate + characters (bsc#1229704, CVE-2024-8088). + - gh-123067: Fix quadratic complexity in parsing ``"``-quoted + cookie values with backslashes by :mod:`http.cookies` + (bsc#1229596, CVE-2024-7592). + - gh-122905: :class:`zipfile.Path` objects now sanitize names + from the zipfile. + - gh-121650: :mod:`email` headers with embedded newlines are + now quoted on output. The :mod:`~email.generator` will now + refuse to serialize (write) headers that are unsafely folded + or delimited; see :attr:`~email.policy.Policy.verify_generated_headers`. + (Contributed by Bas Bloemsaat and Petr Viktorin in + :gh:`121650`; CVE-2024-6923, bsc#1228780). + - gh-119506: Fix :meth:`!io.TextIOWrapper.write` method + breaks internal buffer when the method is called again + during flushing internal buffer. + - gh-118643: Fix an AttributeError in the :mod:`email` module + when re-fold a long address list. Also fix more cases of + incorrect encoding of the address separator in the address + list. + - gh-113171: Fixed various false positives and false + negatives in * :attr:`ipaddress.IPv4Address.is_private` + (see these docs for details) * + :attr:`ipaddress.IPv4Address.is_global` * + :attr:`ipaddress.IPv6Address.is_private` * + :attr:`ipaddress.IPv6Address.is_global` Also in the + corresponding :class:`ipaddress.IPv4Network` and + :class:`ipaddress.IPv6Network` attributes. + Fixes bsc#1226448 (CVE-2024-4032). + - gh-102988: :func:`email.utils.getaddresses` and + :func:`email.utils.parseaddr` now return ``('', '')`` + 2-tuples in more situations where invalid email addresses + are encountered instead of potentially inaccurate + values. Add optional *strict* parameter to these two + functions: use ``strict=False`` to get the old behavior, + accept malformed inputs. ``getattr(email.utils, + 'supports_strict_parsing', False)`` can be use to check if + the *strict* paramater is available. Patch by Thomas Dwyer + and Victor Stinner to improve the CVE-2023-27043 fix + (bsc#1210638). + - gh-67693: Fix :func:`urllib.parse.urlunparse` and + :func:`urllib.parse.urlunsplit` for URIs with path starting + with multiple slashes and no authority. Based on patch by + Ashwin Ramaswami. + - Core and Builtins + - gh-112275: A deadlock involving ``pystate.c``'s + ``HEAD_LOCK`` in ``posixmodule.c`` at fork is now + fixed. Patch by ChuBoning based on previous Python 3.12 fix + by Victor Stinner. + - gh-109120: Added handle of incorrect star expressions, e.g + ``f(3, *)``. Patch by Grigoryev Semyon +- Removed upstreamed patches: + - CVE-2023-27043-email-parsing-errors.patch + - CVE-2024-4032-private-IP-addrs.patch + - CVE-2024-6923-email-hdr-inject.patch + - CVE-2024-8088-inf-loop-zipfile_Path.patch + (renamed from CVE-2024-8088-zipfile-Path-sanitization.patch) + - CVE-2024-6232-ReDOS-backtrack-tarfile.patch + - CVE-2024-7592-quad-complex-cookies.patch + +------------------------------------------------------------------- +Mon Sep 2 09:44:26 UTC 2024 - Matej Cepl + +- Add gh120226-fix-sendfile-test-kernel-610.patch to avoid + failing test_sendfile_close_peer_in_the_middle_of_receiving + tests on Linux >= 6.10 (GH-120227). + +------------------------------------------------------------------- +Wed Aug 28 16:54:34 UTC 2024 - Matej Cepl + +- Add CVE-2024-8088-inf-loop-zipfile_Path.patch to prevent + malformed payload to cause infinite loops in zipfile.Path + (bsc#1229704, CVE-2024-8088). + +------------------------------------------------------------------- +Wed Aug 7 12:12:42 UTC 2024 - Matej Cepl + +- Add CVE-2024-6923-email-hdr-inject.patch to prevent email + header injection due to unquoted newlines (bsc#1228780, + CVE-2024-6923). +- %{profileopt} variable is set according to the variable + %{do_profiling} (bsc#1227999) + +------------------------------------------------------------------- +Mon Jul 22 21:20:55 UTC 2024 - Matej Cepl + +- Remove %suse_update_desktop_file macro as it is not useful any + more. + +------------------------------------------------------------------- +Thu Jul 18 22:37:07 UTC 2024 - Matej Cepl + +- Adding bso1227999-reproducible-builds.patch fixing bsc#1227999 + adding reproducibility patches from gh#python/cpython!121872 + and gh#python/cpython!121883. + +------------------------------------------------------------------- +Mon Jul 15 12:14:05 UTC 2024 - Matej Cepl + +- Stop using %%defattr, it seems to be breaking proper executable + attributes on /usr/bin/ scripts (bsc#1227378). + +------------------------------------------------------------------- +Tue Jul 2 10:32:58 UTC 2024 - Daniel Garcia + +- Update F00251-change-user-install-location.patch to make pip and + modern tools install directly in /usr/local when used by the user. + bsc#1225660 + +------------------------------------------------------------------- +Tue Jun 25 21:57:40 UTC 2024 - Matej Cepl + +- Add CVE-2024-4032-private-IP-addrs.patch to fix bsc#1226448 + (CVE-2024-4032) rearranging definition of private v global IP + addresses. + +------------------------------------------------------------------- +Wed May 1 08:39:08 UTC 2024 - Matej Cepl + +- Update CVE-2023-52425-libexpat-2.6.0-backport.patch + so that it uses features sniffing, not just + comparing version number. Include also + support-expat-CVE-2022-25236-patched.patch. +- Add CVE-2023-52425-remove-reparse_deferral-tests.patch skipping + failing tests. +- Refresh patches: + - CVE-2023-27043-email-parsing-errors.patch + - fix_configure_rst.patch + - skip_if_buildbot-extend.patch +- Remove included patch: + - support-expat-CVE-2022-25236-patched.patch + +------------------------------------------------------------------- +Mon Apr 15 10:31:32 UTC 2024 - Daniel Garcia + +- Add CVE-2023-52425-libexpat-2.6.0-backport.patch to fix tests with + patched libexpat below 2.6.0 that doesn't update the version number, + just in SLE. + +------------------------------------------------------------------- +Mon Apr 8 05:44:04 UTC 2024 - Daniel Garcia + +- Remove not needed upstream patches: + * libexpat260.patch + * CVE-2023-6597-TempDir-cleaning-symlink.patch, bsc#1219666 + * CVE-2024-0397-memrace_ssl.SSLContext_cert_store.patch + +- Update to 3.11.9: + * Security + - gh-115398: Allow controlling Expat >=2.6.0 reparse deferral + (CVE-2023-52425, bsc#1219559) by adding five new methods: + xml.etree.ElementTree.XMLParser.flush() + xml.etree.ElementTree.XMLPullParser.flush() + xml.parsers.expat.xmlparser.GetReparseDeferralEnabled() + xml.parsers.expat.xmlparser.SetReparseDeferralEnabled() + xml.sax.expatreader.ExpatParser.flush() + - gh-115399: Update bundled libexpat to 2.6.0 + - gh-115243: Fix possible crashes in collections.deque.index() + when the deque is concurrently modified. + - gh-114572: ssl.SSLContext.cert_store_stats() and + ssl.SSLContext.get_ca_certs() now correctly lock access to the + certificate store, when the ssl.SSLContext is shared across + multiple threads (bsc#1226447, CVE-2024-0397). + * Core and Builtins + - gh-116296: Fix possible refleak in object.__reduce__() internal + error handling. + - gh-116034: Fix location of the error on a failed assertion. + - gh-115823: Properly calculate error ranges in the parser when + raising SyntaxError exceptions caused by invalid byte sequences. + Patch by Pablo Galindo + - gh-112087: For an empty reverse iterator for list will be + reduced to reversed(). Patch by Donghee Na. + - gh-115011: Setters for members with an unsigned integer type now + support the same range of valid values for objects that has a + __index__() method as for int. + - gh-96497: Fix incorrect resolution of mangled class variables + used in assignment expressions in comprehensions. + * Library + - gh-117310: Fixed an unlikely early & extra Py_DECREF triggered + crash in ssl when creating a new _ssl._SSLContext if CPython was + built implausibly such that the default cipher list is empty or + the SSL library it was linked against reports a failure from its + C SSL_CTX_set_cipher_list() API. + - gh-117178: Fix regression in lazy loading of self-referential + modules, introduced in gh-114781. + - gh-117084: Fix zipfile extraction for directory entries with the + name containing backslashes on Windows. + - gh-117110: Fix a bug that prevents subclasses of typing.Any to + be instantiated with arguments. Patch by Chris Fu. + - gh-90872: On Windows, subprocess.Popen.wait() no longer calls + WaitForSingleObject() with a negative timeout: pass 0 ms if the + timeout is negative. Patch by Victor Stinner. + - gh-116957: configparser: Don’t leave ConfigParser values in an + invalid state (stored as a list instead of a str) after an + earlier read raised DuplicateSectionError or + DuplicateOptionError. + - gh-90095: Ignore empty lines and comments in .pdbrc + - gh-116764: Restore support of None and other false values in + urllib.parse functions parse_qs() and parse_qsl(). Also, they + now raise a TypeError for non-zero integers and non-empty + sequences. + - gh-116811: In PathFinder.invalidate_caches, delegate to + MetadataPathFinder.invalidate_caches. + - gh-116600: Fix repr() for global Flag members. + - gh-116484: Change automatically generated tkinter.Checkbutton + widget names to avoid collisions with automatically generated + tkinter.ttk.Checkbutton widget names within the same parent + widget. + - gh-116401: Fix blocking os.fwalk() and shutil.rmtree() on + opening named pipe. + - gh-116143: Fix a race in pydoc _start_server, eliminating a + window in which _start_server can return a thread that is + “serving” but without a docserver set. + - gh-116325: typing: raise SyntaxError instead of AttributeError + on forward references as empty strings. + - gh-90535: Fix support of interval values > 1 in + logging.TimedRotatingFileHandler for when='MIDNIGHT' and + when='Wx'. + - gh-115978: Disable preadv(), readv(), pwritev(), and writev() on + WASI. + - Under wasmtime for WASI 0.2, these functions don’t pass + test_posix + (https://github.com/bytecodealliance/wasmtime/issues/7830). + - gh-88352: Fix the computation of the next rollover time in the + logging.TimedRotatingFileHandler handler. computeRollover() now + always returns a timestamp larger than the specified time and + works correctly during the DST change. doRollover() no longer + overwrite the already rolled over file, saving from data loss + when run at midnight or during repeated time at the DST change. + - gh-87115: Set __main__.__spec__ to None when running a script + with pdb + - gh-76511: Fix UnicodeEncodeError in email.Message.as_string() + that results when a message that claims to be in the ascii + character set actually has non-ascii characters. Non-ascii + characters are now replaced with the U+FFFD replacement + character, like in the replace error handler. + - gh-75988: Fixed unittest.mock.create_autospec() to pass the call + through to the wrapped object to return the real result. + - gh-115881: Fix issue where ast.parse() would incorrectly flag + conditional context managers (such as with (x() if y else z()): + ...) as invalid syntax if feature_version=(3, 8) was passed. + This reverts changes to the grammar made as part of gh-94949. + - gh-115886: Fix silent truncation of the name with an embedded + null character in multiprocessing.shared_memory.SharedMemory. + - gh-115809: Improve algorithm for computing which rolled-over log + files to delete in logging.TimedRotatingFileHandler. It is now + reliable for handlers without namer and with arbitrary + deterministic namer that leaves the datetime part in the file + name unmodified. + - gh-74668: urllib.parse functions parse_qs() and parse_qsl() now + support bytes arguments containing raw and percent-encoded + non-ASCII data. + - gh-67044: csv.writer() now always quotes or escapes '\r' and + '\n', regardless of lineterminator value. + - gh-115712: csv.writer() now quotes empty fields if delimiter is + a space and skipinitialspace is true and raises exception if + quoting is not possible. + - gh-115618: Fix improper decreasing the reference count for None + argument in property methods getter(), setter() and deleter(). + - gh-115570: A DeprecationWarning is no longer omitted on access + to the __doc__ attributes of the deprecated typing.io and + typing.re pseudo-modules. + - gh-112006: Fix inspect.unwrap() for types with the __wrapper__ + data descriptor. + - gh-101293: Support callables with the __call__() method and + types with __new__() and __init__() methods set to class + methods, static methods, bound methods, partial functions, and + other types of methods and descriptors in + inspect.Signature.from_callable(). + - gh-115392: Fix a bug in doctest where incorrect line numbers + would be reported for decorated functions. + - gh-114563: Fix several format() bugs when using the C + implementation of Decimal: * memory leak in some rare cases when + using the z format option (coerce negative 0) * incorrect output + when applying the z format option to type F (fixed-point with + capital NAN / INF) * incorrect output when applying the # format + option (alternate form) + - gh-115197: urllib.request no longer resolves the hostname before + checking it against the system’s proxy bypass list on macOS and + Windows. + - gh-115198: Fix support of Docutils >= 0.19 in distutils. + - gh-115165: Most exceptions are now ignored when attempting to + set the __orig_class__ attribute on objects returned when + calling typing generic aliases (including generic aliases + created using typing.Annotated). Previously only AttributeError + was ignored. Patch by Dave Shawley. + - gh-115133: Fix tests for XMLPullParser with Expat 2.6.0. + - gh-115059: io.BufferedRandom.read1() now flushes the underlying + write buffer. + - gh-79382: Trailing ** no longer allows to match files and + non-existing paths in recursive glob(). + - gh-114763: Protect modules loaded with importlib.util.LazyLoader + from race conditions when multiple threads try to access + attributes before the loading is complete. + - gh-97959: Fix rendering class methods, bound methods, method and + function aliases in pydoc. Class methods no longer have “method + of builtins.type instance” note. Corresponding notes are now + added for class and unbound methods. Method and function aliases + now have references to the module or the class where the origin + was defined if it differs from the current. Bound methods are + now listed in the static methods section. Methods of builtin + classes are now supported as well as methods of Python classes. + - gh-112281: Allow creating union of types for typing.Annotated + with unhashable metadata. + - gh-111775: Fix importlib.resources.simple.ResourceHandle.open() + for text mode, added missed stream argument. + - gh-90095: Make .pdbrc and -c work with any valid pdb commands. + - gh-107155: Fix incorrect output of help(x) where x is a lambda + function, which has an __annotations__ dictionary attribute with + a "return" key. + - gh-105866: Fixed _get_slots bug which caused error when defining + dataclasses with slots and a weakref_slot. + - gh-60346: Fix ArgumentParser inconsistent with parse_known_args. + - gh-100985: Update HTTPSConnection to consistently wrap IPv6 + Addresses when using a proxy. + - gh-100884: email: fix misfolding of comma in address-lists + over multiple lines in combination with unicode encoding + (bsc#1238450 CVE-2025-1795) + - gh-95782: Fix io.BufferedReader.tell(), + io.BufferedReader.seek(), _pyio.BufferedReader.tell(), + io.BufferedRandom.tell(), io.BufferedRandom.seek() and + _pyio.BufferedRandom.tell() being able to return negative + offsets. + - gh-96310: Fix a traceback in argparse when all options in a + mutually exclusive group are suppressed. + - gh-93205: Fixed a bug in + logging.handlers.TimedRotatingFileHandler where multiple + rotating handler instances pointing to files with the same name + but different extensions would conflict and not delete the + correct files. + - bpo-44865: Add missing call to localization function in + argparse. + - bpo-43952: Fix multiprocessing.connection.Listener.accept() to + accept empty bytes as authkey. Not accepting empty bytes as key + causes it to hang indefinitely. + - bpo-42125: linecache: get module name from __spec__ if + available. This allows getting source code for the __main__ + module when a custom loader is used. + - gh-66543: Make mimetypes.guess_type() properly parsing of URLs + with only a host name, URLs containing fragment or query, and + filenames with only a UNC sharepoint on Windows. Based on patch + by Dong-hee Na. + - bpo-33775: Add ‘default’ and ‘version’ help text for + localization in argparse. + * Documentation + - gh-115399: Document CVE-2023-52425 of Expat <2.6.0 under “XML + vulnerabilities”. + - gh-115233: Fix an example for LoggerAdapter in the Logging + Cookbook. + * Tests + - gh-83434: Disable JUnit XML output (--junit-xml=FILE command + line option) in regrtest when hunting for reference leaks (-R + option). Patch by Victor Stinner. + - gh-117187: Fix XML tests for vanilla Expat <2.6.0. + - gh-115979: Update test_importlib so that it passes under WASI + SDK 21. + - gh-116307: Added import helper isolated_modules as CleanImport + does not remove modules imported during the context. + - gh-115720: Leak tests (-R, --huntrleaks) now show a summary of + the number of leaks found in each iteration. + - gh-115122: Add --bisect option to regrtest test runner: run + failed tests with test.bisect_cmd to identify failing tests. + Patch by Victor Stinner. + - gh-115596: Fix ProgramPriorityTests in test_os permanently + changing the process priority. + - gh-115198: Fix test_check_metadata_deprecate in distutils tests + with a newer Docutils. + * Build + - gh-116313: Get WASI builds to work under wasmtime 18 w/ WASI + 0.2/preview2 primitives. + - gh-115167: Avoid vendoring vcruntime140_threads.dll when + building with Visual Studio 2022 version 17.8. + * Windows + - gh-116773: Fix instances of <_overlapped.Overlapped object at + 0xXXX> still has pending operation at deallocation, the process + may crash. + - gh-91227: Fix the asyncio ProactorEventLoop implementation so + that sending a datagram to an address that is not listening does + not prevent receiving any more datagrams. + - gh-115554: The installer now has more strict rules about + updating the Python Launcher for Windows. In general, most users + only have a single launcher installed and will see no + difference. When multiple launchers have been installed, the + option to install the launcher is disabled until all but one + have been removed. Downgrading the launcher (which was never + allowed) is now more obviously blocked. + - gh-115543: Python Launcher for Windows can now detect Python + 3.13 when installed from the Microsoft Store, and will install + Python 3.12 by default when PYLAUNCHER_ALLOW_INSTALL is set. + - gh-115009: Update Windows installer to use SQLite 3.45.1. + * IDLE + - gh-88516: On macOS show a proxy icon in the title bar of editor + windows to match platform behaviour. + * Tools/Demos + - gh-113516: Don’t set LDSHARED when building for WASI. + * C API + - gh-117021: Fix integer overflow in PyLong_AsPid() on non-Windows + 64-bit platforms. + +------------------------------------------------------------------- +Sun Mar 24 07:51:45 UTC 2024 - Matej Cepl + +- Add reference to CVE-2024-0450 (bsc#1221854) to changelog. + +------------------------------------------------------------------- +Fri Mar 22 21:22:27 UTC 2024 - Matej Cepl + +- Because of bsc#1189495 we have to revert use of %autopatch. + +------------------------------------------------------------------- +Tue Mar 12 08:44:47 UTC 2024 - Matej Cepl + +- Rewrite %prep to use %autosetup et al. for compatibility with + rpm 4.20. + +------------------------------------------------------------------- +Tue Mar 12 08:13:34 UTC 2024 - Matej Cepl + +- bsc#1221260 add bsc1221260-test_asyncio-ResourceWarning.patch + to eliminate ResourceWarning which broke the test suite in + test_asyncio. + +------------------------------------------------------------------- +Wed Mar 6 14:13:58 UTC 2024 - Pedro Monreal + +- Use the system-wide crypto-policies [bsc#1211301] + * Use the system default cipher list instead of hardcoded values + * Add the --with-ssl-default-suites=openssl configure option + +------------------------------------------------------------------- +Fri Feb 23 01:06:42 UTC 2024 - Matej Cepl + +- (bsc#1219666, CVE-2023-6597) Add + CVE-2023-6597-TempDir-cleaning-symlink.patch (patch from + gh#python/cpython!99930) fixing symlink bug in cleanup of + tempfile.TemporaryDirectory. + +------------------------------------------------------------------- +Tue Feb 20 22:14:02 UTC 2024 - Matej Cepl + +- Remove double definition of /usr/bin/idle%%{version} in + %%files. + +------------------------------------------------------------------- +Thu Feb 15 10:29:07 UTC 2024 - Daniel Garcia + +- Add upstream patch libexpat260.patch, Fix tests for XMLPullParser + with Expat 2.6.0, gh#python/cpython#115289 + +------------------------------------------------------------------- +Thu Feb 8 07:27:40 UTC 2024 - Daniel Garcia + +- Update to 3.11.8: + - Security + - gh-113659: Skip .pth files with names starting with a dot or + hidden file attribute. + - Core and Builtins + - gh-114887: Changed socket type validation in + create_datagram_endpoint() to accept all non-stream sockets. + This fixes a regression in compatibility with raw sockets. + - gh-114388: Fix a RuntimeWarning emitted when assign an + integer-like value that is not an instance of int to an + attribute that corresponds to a C struct member of type T_UINT + and T_ULONG. Fix a double RuntimeWarning emitted when assign a + negative integer value to an attribute that corresponds to a C + struct member of type T_UINT. + - gh-89811: Check for a valid tp_version_tag before performing + bytecode specializations that rely on this value being usable. + - gh-113602: Fix an error that was causing the parser to try to + overwrite existing errors and crashing in the process. Patch by + Pablo Galindo + - gh-113566: Fix a 3.11-specific crash when the repr of a Future + is requested after the module has already been + garbage-collected. + - gh-106905: Use per AST-parser state rather than global state to + track recursion depth within the AST parser to prevent potential + race condition due to simultaneous parsing. + - The issue primarily showed up in 3.11 by multithreaded users of + ast.parse(). In 3.12 a change to when garbage collection can be + triggered prevented the race condition from occurring. + - gh-112716: Fix SystemError in the import statement and in + __reduce__() methods of builtin types when __builtins__ is not a + dict. + - gh-105967: Workaround a bug in Apple’s macOS platform zlib + library where zlib.crc32() and binascii.crc32() could produce + incorrect results on multi-gigabyte inputs. Including when using + zipfile on zips containing large data. + - gh-94606: Fix UnicodeEncodeError when + email.message.get_payload() reads a message with a Unicode + surrogate character and the message content is not well-formed + for surrogateescape encoding. Patch by Sidney Markowitz. + - Library + - gh-114965: Update bundled pip to 24.0 + - gh-114959: tarfile no longer ignores errors when trying to + extract a directory on top of a file. + - gh-109475: Fix support of explicit option value “–” in argparse + (e.g. --option=--). + - gh-110190: Fix ctypes structs with array on Windows ARM64 + platform by setting MAX_STRUCT_SIZE to 32 in stgdict. Patch by + Diego Russo + - gh-113280: Fix a leak of open socket in rare cases when error + occurred in ssl.SSLSocket creation. + - gh-77749: email.policy.EmailPolicy.fold() now always encodes + non-ASCII characters in headers if utf8 is false. + - gh-114492: Make the result of termios.tcgetattr() reproducible + on Alpine Linux. Previously it could leave a random garbage in + some fields. + - gh-75128: Ignore an OSError in + asyncio.BaseEventLoop.create_server() when IPv6 is available but + the interface cannot actually support it. + - gh-114257: Dismiss the FileNotFound error in + ctypes.util.find_library() and just return None on Linux. + - gh-101438: Avoid reference cycle in ElementTree.iterparse. The + iterator returned by ElementTree.iterparse may hold on to a file + descriptor. The reference cycle prevented prompt clean-up of the + file descriptor if the returned iterator was not exhausted. + - gh-104522: OSError raised when run a subprocess now only has + filename attribute set to cwd if the error was caused by a + failed attempt to change the current directory. + - gh-109534: Fix a reference leak in + asyncio.selector_events.BaseSelectorEventLoop when SSL + handshakes fail. Patch contributed by Jamie Phan. + - gh-114077: Fix possible OverflowError in + socket.socket.sendfile() when pass count larger than 2 GiB on + 32-bit platform. + - gh-114014: Fixed a bug in fractions.Fraction where an invalid + string using d in the decimals part creates a different error + compared to other invalid letters/characters. Patch by Jeremiah + Gabriel Pascual. + - gh-113951: Fix the behavior of tag_unbind() methods of + tkinter.Text and tkinter.Canvas classes with three arguments. + Previously, widget.tag_unbind(tag, sequence, funcid) destroyed + the current binding for sequence, leaving sequence unbound, and + deleted the funcid command. Now it removes only funcid from the + binding for sequence, keeping other commands, and deletes the + funcid command. It leaves sequence unbound only if funcid was + the last bound command. + - gh-113877: Fix tkinter method winfo_pathname() on 64-bit + Windows. + - gh-113781: Silence unraisable AttributeError when warnings are + emitted during Python finalization. + - gh-113594: Fix UnicodeEncodeError in email when re-fold lines + that contain unknown-8bit encoded part followed by + non-unknown-8bit encoded part. + - gh-113538: In asyncio.StreamReaderProtocol.connection_made(), + there is callback that logs an error if the task wrapping the + “connected callback” fails. This callback would itself fail if + the task was cancelled. Prevent this by checking whether the + task was cancelled first. If so, close the transport but don’t + log an error. + - gh-85567: Fix resource warnings for unclosed files in pickle and + pickletools command line interfaces. + - gh-101225: Increase the backlog for + multiprocessing.connection.Listener objects created by + multiprocessing.manager and multiprocessing.resource_sharer to + significantly reduce the risk of getting a connection refused + error when creating a multiprocessing.connection.Connection to + them. + - gh-113543: Make sure that webbrowser.MacOSXOSAScript sends + webbrowser.open audit event. + - gh-113028: When a second reference to a string appears in the + input to pickle, and the Python implementation is in use, we are + guaranteed that a single copy gets pickled and a single object + is shared when reloaded. Previously, in protocol 0, when a + string contained certain characters (e.g. newline) it resulted + in duplicate objects. + - gh-113421: Fix multiprocessing logger for %(filename)s. + - gh-113358: Fix rendering tracebacks for exceptions with a broken + __getattr__. + - gh-113214: Fix an AttributeError during asyncio SSL protocol + aborts in SSL-over-SSL scenarios. + - gh-113246: Update bundled pip to 23.3.2. + - gh-113199: Make http.client.HTTPResponse.read1 and + http.client.HTTPResponse.readline close IO after reading all + data when content length is known. Patch by Illia Volochii. + - gh-113188: Fix shutil.copymode() and shutil.copystat() on + Windows. Previously they worked differenly if dst is a symbolic + link: they modified the permission bits of dst itself rather + than the file it points to if follow_symlinks is true or src is + not a symbolic link, and did not modify the permission bits if + follow_symlinks is false and src is a symbolic link. + - gh-61648: Detect line numbers of properties in doctests. + - gh-112559: signal.signal() and signal.getsignal() no longer call + repr on callable handlers. asyncio.run() and + asyncio.Runner.run() no longer call repr on the task results. + Patch by Yilei Yang. + - gh-110190: Fix ctypes structs with array on PPC64LE platform by + setting MAX_STRUCT_SIZE to 64 in stgdict. Patch by Diego Russo. + - gh-79429: Ignore FileNotFoundError when remove a temporary + directory in the multiprocessing finalizer. + - gh-79325: Fix an infinite recursion error in + tempfile.TemporaryDirectory() cleanup on Windows. + - gh-110190: Fix ctypes structs with array on Arm platform by + setting MAX_STRUCT_SIZE to 32 in stgdict. Patch by Diego Russo. + - gh-81194: Fix a crash in socket.if_indextoname() with specific + value (UINT_MAX). Fix an integer overflow in + socket.if_indextoname() on 64-bit non-Windows platforms. + - gh-75666: Fix the behavior of tkinter widget’s unbind() method + with two arguments. Previously, widget.unbind(sequence, funcid) + destroyed the current binding for sequence, leaving sequence + unbound, and deleted the funcid command. Now it removes only + funcid from the binding for sequence, keeping other commands, + and deletes the funcid command. It leaves sequence unbound only + if funcid was the last bound command. + - gh-110345: Show the Tcl/Tk patchlevel (rather than version) in + tkinter._test(). + - gh-109858: Protect zipfile from “quoted-overlap” zipbomb. It now + raises BadZipFile when try to read an entry that overlaps with + other entry or central directory (bsc#1221854, CVE-2024-0450). + - gh-38807: Fix race condition in trace. Instead of checking if a + directory exists and creating it, directly call os.makedirs() + with the kwarg exist_ok=True. + - gh-75705: Set unixfrom envelope in mailbox.mbox and + mailbox.MMDF. + - gh-105102: Allow ctypes.Union to be nested in ctypes.Structure + when the system endianness is the opposite of the classes. + - gh-104282: Fix null pointer dereference in + lzma._decode_filter_properties() due to improper handling of BCJ + filters with properties of zero length. Patch by Radislav + Chugunov. + - gh-102512: When os.fork() is called from a foreign thread (aka + _DummyThread), the type of the thread in a child process is + changed to _MainThread. Also changed its name and daemonic + status, it can be now joined. + - gh-91133: Fix a bug in tempfile.TemporaryDirectory cleanup, + which now no longer dereferences symlinks when working around + file system permission errors. + - bpo-43153: On Windows, tempfile.TemporaryDirectory previously + masked a PermissionError with NotADirectoryError during + directory cleanup. It now correctly raises PermissionError if + errors are not ignored. Patch by Andrei Kulakov and Ken Jin. + - bpo-35332: The shutil.rmtree() function now ignores errors when + calling os.close() when ignore_errors is True, and os.close() no + longer retried after error. + - bpo-35928: io.TextIOWrapper now correctly handles the decoding + buffer after read() and write(). + - bpo-26791: shutil.move() now moves a symlink into a directory + when that directory is the target of the symlink. This provides + the same behavior as the mv shell command. The previous behavior + raised an exception. Patch by Jeffrey Kintscher. + - bpo-36959: Fix some error messages for invalid ISO format string + combinations in strptime() that referred to directives not + contained in the format string. Patch by Gordon P. Hemsley. + - bpo-18060: Fixed a class inheritance issue that can cause + segfaults when deriving two or more levels of subclasses from a + base class of Structure or Union. + - Documentation + - gh-110746: Improved markup for valid options/values for methods + ttk.treeview.column and ttk.treeview.heading, and for Layouts. + - gh-95649: Document that the asyncio module contains code taken + from v0.16.0 of the uvloop project, as well as the required MIT + licensing information. + - Tests + - gh-109980: Fix test_tarfile_vs_tar in test_shutil for macOS, + where system tar can include more information in the archive + than shutil.make_archive. + - gh-112769: The tests now correctly compare zlib version when + zlib.ZLIB_RUNTIME_VERSION contains non-integer suffixes. For + example zlib-ng defines the version as 1.3.0.zlib-ng. + - gh-105089: Fix + test.test_zipfile.test_core.TestWithDirectory.test_create_directory_with_write + test in AIX by doing a bitwise AND of 0xFFFF on mode , so that + it will be in sync with zinfo.external_attr + - bpo-40648: Test modes that file can get with chmod() on Windows. + - Build + - gh-101778: Fix build error when there’s a dangling symlink in + the directory containing ffi.h. + - gh-112305: Fixed the check-clean-src step performed on out of + tree builds to detect errant $(srcdir)/Python/frozen_modules/*.h + files and recommend appropriate source tree cleanup steps to get + a working build again. + - bpo-11102: The os.major(), os.makedev(), and os.minor() + functions are now available on HP-UX v3. + - bpo-36351: Do not set ipv6type when cross-compiling. + - IDLE + - gh-96905: In idlelib code, stop redefining built-ins ‘dict’ and + ‘object’. + - gh-72284: Improve the lists of features, editor key bindings, + and shell key bingings in the IDLE doc. + - gh-113903: Fix rare failure of test.test_idle, in + test_configdialog. + - gh-113729: Fix the “Help -> IDLE Doc” menu bug in 3.11.7 and + 3.12.1. + - gh-113269: Fix test_editor hang on macOS Catalina. + - gh-112898: Fix processing unsaved files when quitting IDLE on + macOS. + - gh-103820: Revise IDLE bindings so that events from mouse button + 4/5 on non-X11 windowing systems (i.e. Win32 and Aqua) are not + mistaken for scrolling. + - bpo-13586: Enter the selected text when opening the “Replace” + dialog. + - Tools/Demos + - gh-109991: Update GitHub CI workflows to use OpenSSL 3.0.13 and + multissltests to use 1.1.1w, 3.0.13, 3.1.5, and 3.2.1. + - gh-115015: Fix a bug in Argument Clinic that generated incorrect + code for methods with no parameters that use the METH_METHOD | + METH_FASTCALL | METH_KEYWORDS calling convention. Only the + positional parameter count was checked; any keyword argument + passed would be silently accepted. +- Remove upstreamed patches: + - CVE-2024-0450-zipfile-avoid-quoted-overlap-zipbomb.patch +- Refresh all patches: + - CVE-2023-27043-email-parsing-errors.patch + - F00251-change-user-install-location.patch + - bpo-31046_ensurepip_honours_prefix.patch + - distutils-reproducible-compile.patch + - fix_configure_rst.patch + - python-3.3.0b1-fix_date_time_compiler.patch + - python-3.3.0b1-localpath.patch + - python-3.3.0b1-test-posix_fadvise.patch + - skip_if_buildbot-extend.patch + - subprocess-raise-timeout.patch + - support-expat-CVE-2022-25236-patched.patch + +------------------------------------------------------------------- +Tue Dec 19 16:34:50 UTC 2023 - Daniel Garcia + +- Update patch fix_configure_rst.patch +- Update to 3.11.7: + - Core and Builtins + - gh-112625: Fixes a bug where a bytearray object could be cleared + while iterating over an argument in the bytearray.join() method + that could result in reading memory after it was freed. + - gh-112388: Fix an error that was causing the parser to try to + overwrite tokenizer errors. Patch by pablo Galindo + - gh-112387: Fix error positions for decoded strings with + backwards tokenize errors. Patch by Pablo Galindo + - gh-112266: Change docstrings of __dict__ and __weakref__. + - gh-109181: Speed up Traceback object creation by lazily compute + the line number. Patch by Pablo Galindo + - gh-102388: Fix a bug where iso2022_jp_3 and iso2022_jp_2004 + codecs read out of bounds + - gh-111366: Fix an issue in the codeop that was causing + SyntaxError exceptions raised in the presence of invalid syntax + to not contain precise error messages. Patch by Pablo Galindo + - gh-111380: Fix a bug that was causing SyntaxWarning to appear + twice when parsing if invalid syntax is encountered later. Patch + by Pablo galindo + - gh-88116: Traceback location ranges involving wide unicode + characters (like emoji and asian characters) now are properly + highlighted. Patch by Batuhan Taskaya and Pablo Galindo. + - gh-94438: Fix a regression that prevented jumping across is None + and is not None when debugging. Patch by Savannah Ostrowski. + - gh-110696: Fix incorrect error message for invalid argument + unpacking. Patch by Pablo Galindo + - gh-110237: Fix missing error checks for calls to PyList_Append + in _PyEval_MatchClass. + - gh-109216: Fix possible memory leak in BUILD_MAP. + + - Library + - gh-112618: Fix a caching bug relating to typing.Annotated. + Annotated[str, True] is no longer identical to Annotated[str, + 1]. + - gh-112509: Fix edge cases that could cause a key to be present + in both the __required_keys__ and __optional_keys__ attributes + of a typing.TypedDict. Patch by Jelle Zijlstra. + - gh-94722: Fix bug where comparison between instances of DocTest + fails if one of them has None as its lineno. + - gh-112105: Make readline.set_completer_delims() work with + libedit + - gh-111942: Fix SystemError in the TextIOWrapper constructor with + non-encodable “errors” argument in non-debug mode. + - gh-109538: Issue warning message instead of having RuntimeError + be displayed when event loop has already been closed at + StreamWriter.__del__(). + - gh-111942: Fix crashes in io.TextIOWrapper.reconfigure() when + pass invalid arguments, e.g. non-string encoding. + - gh-111804: Remove posix.fallocate() under WASI as the underlying + posix_fallocate() is not available in WASI preview2. + - gh-111841: Fix truncating arguments on an embedded null + character in os.putenv() and os.unsetenv() on Windows. + - gh-111541: Fix doctest for SyntaxError not-builtin subclasses. + - gh-110894: Call loop exception handler for exceptions in + client_connected_cb of asyncio.start_server() so that + applications can handle it. Patch by Kumar Aditya. + - gh-111531: Fix reference leaks in bind_class() and bind_all() + methods of tkinter widgets. + - gh-111356: Added io.text_encoding(), io.DEFAULT_BUFFER_SIZE, and + io.IncrementalNewlineDecoder to io.__all__. + - gh-68166: Remove mention of not supported “vsapi” element type + in tkinter.ttk.Style.element_create(). Add tests for + element_create() and other ttk.Style methods. Add examples for + element_create() in the documentation. + - gh-111251: Fix _blake2 not checking for errors when + initializing. + - gh-111174: Fix crash in io.BytesIO.getbuffer() called repeatedly + for empty BytesIO. + - gh-111187: Postpone removal version for + locale.getdefaultlocale() to Python 3.15. + - gh-111159: Fix doctest output comparison for exceptions with + notes. + - gh-110910: Fix invalid state handling in asyncio.TaskGroup and + asyncio.Timeout. They now raise proper RuntimeError if they are + improperly used and are left in consistent state after this. + - gh-111092: Make turtledemo run without default root enabled. + - gh-110590: Fix a bug in _sre.compile() where TypeError would be + overwritten by OverflowError when the code argument was a list + of non-ints. + - gh-65052: Prevent pdb from crashing when trying to display + undisplayable objects + - gh-110519: Deprecation warning about non-integer number in + gettext now alwais refers to the line in the user code where + gettext function or method is used. Previously it could refer to + a line in gettext code. + - gh-110378: contextmanager() and asynccontextmanager() context + managers now close an invalid underlying generator object that + yields more then one value. + - gh-110365: Fix termios.tcsetattr() bug that was overwritting + existing errors during parsing integers from term list. + - gh-110196: Add __reduce__ method to IPv6Address in order to keep + scope_id + - gh-109747: Improve errors for unsupported look-behind patterns. + Now re.error is raised instead of OverflowError or RuntimeError + for too large width of look-behind pattern. + - gh-109786: Fix possible reference leaks and crash when re-enter + the __next__() method of itertools.pairwise. + - gh-108791: Improved error handling in pdb command line + interface, making it produce more concise error messages. + - gh-73561: Omit the interface scope from an IPv6 address when + used as Host header by http.client. + - gh-86826: zipinfo now supports the full range of values in the + TZ string determined by RFC 8536 and detects all invalid + formats. Both Python and C implementations now raise exceptions + of the same type on invalid data. + - bpo-41422: Fixed memory leaks of pickle.Pickler and + pickle.Unpickler involving cyclic references via the internal + memo mapping. + - bpo-40262: The ssl.SSLSocket.recv_into() method no longer + requires the buffer argument to implement __len__ and supports + buffers with arbitrary item size. + - bpo-35191: Fix unexpected integer truncation in + socket.setblocking() which caused it to interpret multiples of + 2**32 as False. + + - Documentation + - gh-108826: dis module command-line interface is now mentioned in + documentation. + + - Tests + - gh-110367: Make regrtest --verbose3 option compatible with + --huntrleaks -jN options. The ./python -m test -j1 -R 3:3 + --verbose3 command now works as expected. Patch by Victor + Stinner. + - gh-111309: distutils tests can now be run via unittest. + - gh-111165: Remove no longer used functions run_unittest() and + run_doctest() and class BasicTestRunner from the test.support + module. + - gh-110932: Fix regrtest if the SOURCE_DATE_EPOCH environment + variable is defined: use the variable value as the random seed. + Patch by Victor Stinner. + - gh-110995: test_gdb: Fix detection of gdb built without Python + scripting support. Patch by Victor Stinner. + - gh-110918: Test case matching patterns specified by options + --match, --ignore, --matchfile and --ignorefile are now tested + in the order of specification, and the last match determines + whether the test case be run or ignored. + - gh-110647: Fix test_stress_modifying_handlers() of test_signal. + Patch by Victor Stinner. + - gh-103053: Fix test_tools.test_freeze on FreeBSD: run “make + distclean” instead of “make clean” in the copied source + directory to remove also the “python” program. Patch by Victor + Stinner. + - gh-110167: Fix a deadlock in test_socket when server fails with + a timeout but the client is still running in its thread. Don’t + hold a lock to call cleanup functions in doCleanups(). One of + the cleanup function waits until the client completes, whereas + the client could deadlock if it called addCleanup() in such + situation. Patch by Victor Stinner. + - gh-110388: Add tests for tty. + - gh-81002: Add tests for termios. + - gh-110267: Add tests for pickling and copying PyStructSequence + objects. Patched by Xuehai Pan. + - gh-109974: Fix race conditions in test_threading lock tests. + Wait until a condition is met rather than using time.sleep() + with a hardcoded number of seconds. Patch by Victor Stinner. + - gh-109972: Split test_gdb.py file into a test_gdb package made + of multiple tests, so tests can now be run in parallel. Patch by + Victor Stinner. + - gh-104736: Fix test_gdb on Python built with LLVM clang 16 on + Linux ppc64le (ex: Fedora 38). Search patterns in gdb “bt” + command output to detect when gdb fails to retrieve the + traceback. For example, skip a test if Backtrace stopped: frame + did not save the PC is found. Patch by Victor Stinner. + - gh-108927: Fixed order dependence in running tests in the same + process when a test that has submodules (e.g. test_importlib) + follows a test that imports its submodule (e.g. + test_importlib.util) and precedes a test (e.g. test_unittest or + test_compileall) that uses that submodule. + + - Build + - gh-103053: “make check-clean-src” now also checks if the + “python” program is found in the source directory: fail with an + error if it does exist. Patch by Victor Stinner. + - gh-109191: Fix compile error when building with recent versions + of libedit. + + - IDLE + - bpo-35668: Add docstrings to the IDLE debugger module. Fix two + bugs: initialize Idb.botframe (should be in Bdb); in + Idb.in_rpc_code, check whether prev_frame is None before trying + to use it. Greatly expand test_debugger. + + - C API + - gh-112438: Fix support of format units “es”, “et”, “es#”, and + “et#” in nested tuples in PyArg_ParseTuple()-like functions. + - gh-109521: PyImport_GetImporter() now sets RuntimeError if it + fails to get sys.path_hooks or sys.path_importer_cache or they + are not list and dict correspondingly. Previously it could + return NULL without setting error in obscure cases, crash or + raise SystemError if these attributes have wrong type. +------------------------------------------------------------------- +Mon Dec 18 16:20:58 UTC 2023 - Matej Cepl + +- Refresh CVE-2023-27043-email-parsing-errors.patch to + gh#python/cpython!111116, fixing bsc#1210638 (CVE-2023-27043). +- Thus we can remove Revert-gh105127-left-tests.patch, which is + now useless. + +------------------------------------------------------------------- +Wed Nov 15 09:06:16 UTC 2023 - Daniel Garcia + +- Remove not needed patch 103213-fetch-CONFIG_ARGS.patch +- Refresh patches: + - bpo-31046_ensurepip_honours_prefix.patch + - fix_configure_rst.patch + +- Update to 3.11.6: + - Core and Builtins + - gh-109351: Fix crash when compiling an invalid AST involving a + named (walrus) expression. + - gh-109207: Fix a SystemError in __repr__ of symtable entry + object. + - gh-109179: Fix bug where the C traceback display drops notes + from SyntaxError. + - gh-88943: Improve syntax error for non-ASCII character that + follows a numerical literal. It now points on the invalid + non-ASCII character, not on the valid numerical literal. + - gh-108959: Fix caret placement for error locations for subscript + and binary operations that involve non-semantic parentheses and + spaces. Patch by Pablo Galindo + - gh-108520: Fix + multiprocessing.synchronize.SemLock.__setstate__() to properly + initialize multiprocessing.synchronize.SemLock._is_fork_ctx. + This fixes a regression when passing a SemLock accross nested + processes. + - Rename multiprocessing.synchronize.SemLock.is_fork_ctx to + multiprocessing.synchronize.SemLock._is_fork_ctx to avoid + exposing it as public API. + - Library + - gh-110036: On Windows, multiprocessing Popen.terminate() now + catchs PermissionError and get the process exit code. If the + process is still running, raise again the PermissionError. + Otherwise, the process terminated as expected: store its exit + code. Patch by Victor Stinner. + - gh-110038: Fixed an issue that caused KqueueSelector.select() to + not return all the ready events in some cases when a file + descriptor is registered for both read and write. + - gh-109631: re functions such as re.findall(), re.split(), + re.search() and re.sub() which perform short repeated matches + can now be interrupted by user. + - gh-109593: Avoid deadlocking on a reentrant call to the + multiprocessing resource tracker. Such a reentrant call, though + unlikely, can happen if a GC pass invokes the finalizer for a + multiprocessing object such as SemLock. + - gh-109613: Fix os.stat() and os.DirEntry.stat(): check for + exceptions. Previously, on Python built in debug mode, these + functions could trigger a fatal Python error (and abort the + process) when a function succeeded with an exception set. Patch + by Victor Stinner. + - gh-109375: The pdb alias command now prevents registering + aliases without arguments. + - gh-107219: Fix a race condition in concurrent.futures. When a + process in the process pool was terminated abruptly (while the + future was running or pending), close the connection write end. + If the call queue is blocked on sending bytes to a worker + process, closing the connection write end interrupts the send, + so the queue can be closed. Patch by Victor Stinner. + - gh-50644: Attempts to pickle or create a shallow or deep copy of + codecs streams now raise a TypeError. Previously, copying failed + with a RecursionError, while pickling produced wrong results + that eventually caused unpickling to fail with a RecursionError. + - gh-108987: Fix _thread.start_new_thread() race condition. If a + thread is created during Python finalization, the newly spawned + thread now exits immediately instead of trying to access freed + memory and lead to a crash. Patch by Victor Stinner. + - gh-108843: Fix an issue in ast.unparse() when unparsing + f-strings containing many quote types. + - gh-108682: Enum: raise TypeError if super().__new__() is called + from a custom __new__. + - gh-105829: Fix concurrent.futures.ProcessPoolExecutor deadlock + - gh-64662: Fix support for virtual tables in + sqlite3.Connection.iterdump(). Patch by Aviv Palivoda. + - gh-107913: Fix possible losses of errno and winerror values in + OSError exceptions if they were cleared or modified by the + cleanup code before creating the exception object. + - gh-104372: On Linux where subprocess can use the vfork() syscall + for faster spawning, prevent the parent process from blocking + other threads by dropping the GIL while it waits for the + vfork’ed child process exec() outcome. This prevents spawning a + binary from a slow filesystem from blocking the rest of the + application. + - gh-84867: unittest.TestLoader no longer loads test cases from + exact unittest.TestCase and unittest.FunctionTestCase classes. + - Documentation + - gh-109209: The minimum Sphinx version required for the + documentation is now 4.2. + - gh-105052: Update timeit doc to specify that time in seconds is + just the default. + - gh-102823: Document the return type of x // y when x and y have + type float. + - Tests + - gh-110031: Skip test_threading tests using thread+fork if Python + is built with Address Sanitizer (ASAN). Patch by Victor Stinner. + - gh-110088: Fix test_asyncio timeouts: don’t measure the maximum + duration, a test should not measure a CI performance. Only + measure the minimum duration when a task has a timeout or delay. + Add CLOCK_RES to test_asyncio.utils. Patch by Victor Stinner. + - gh-110033: Fix test_interprocess_signal() of test_signal. Make + sure that the subprocess.Popen object is deleted before the test + raising an exception in a signal handler. Otherwise, + Popen.__del__() can get the exception which is logged as + Exception ignored in: ... and the test fails. Patch by Victor + Stinner. + - gh-109594: Fix test_timeout() of + test_concurrent_futures.test_wait. Remove the future which may + or may not complete depending if it takes longer than the + timeout ot not. Keep the second future which does not complete + before wait() timeout. Patch by Victor Stinner. + - gh-109748: Fix test_zippath_from_non_installed_posix() of + test_venv: don’t copy __pycache__/ sub-directories, because they + can be modified by other Python tests running in parallel. Patch + by Victor Stinner. + - gh-103053: Skip test_freeze_simple_script() of + test_tools.test_freeze if Python is built with ./configure + --enable-optimizations, which means with Profile Guided + Optimization (PGO): it just makes the test too slow. The freeze + tool is tested by many other CIs with other (faster) compiler + flags. Patch by Victor Stinner. + - gh-109396: Fix test_socket.test_hmac_sha1() in FIPS mode. Use a + longer key: FIPS mode requires at least of at least 112 bits. + The previous key was only 32 bits. Patch by Victor Stinner. + - gh-104736: Fix test_gdb on Python built with LLVM clang 16 on + Linux ppc64le (ex: Fedora 38). Search patterns in gdb “bt” + command output to detect when gdb fails to retrieve the + traceback. For example, skip a test if Backtrace stopped: frame + did not save the PC is found. Patch by Victor Stinner. + - gh-109237: Fix test_site.test_underpth_basic() when the working + directory contains at least one non-ASCII character: encode the + ._pth file to UTF-8 and enable the UTF-8 Mode to use UTF-8 for + the child process stdout. Patch by Victor Stinner. + - gh-109230: Fix test_pyexpat.test_exception(): it can now be run + from a directory different than Python source code directory. + Before, the test failed in this case. Skip the test if + Modules/pyexpat.c source is not available. Skip also the test on + Python implementations other than CPython. Patch by Victor + Stinner. + - gh-109015: Fix test_asyncio, test_imaplib and test_socket tests + on FreeBSD if the TCP blackhole is enabled (sysctl + net.inet.tcp.blackhole). Skip the few tests which failed with + ETIMEDOUT which such non standard configuration. Currently, the + FreeBSD GCP image enables TCP and UDP blackhole (sysctl + net.inet.tcp.blackhole=2 and sysctl net.inet.udp.blackhole=1). + Patch by Victor Stinner. + - gh-91960: Skip test_gdb if gdb is unable to retrieve Python + frame objects: if a frame is . When Python is + built with “clang -Og”, gdb can fail to retrive the frame + parameter of _PyEval_EvalFrameDefault(). In this case, tests + like py_bt() are likely to fail. Without getting access to + Python frames, python-gdb.py is mostly clueless on retrieving + the Python traceback. Moreover, test_gdb is no longer skipped on + macOS if Python is built with Clang. Patch by Victor Stinner. + - gh-108962: Skip test_tempfile.test_flags() if chflags() fails + with “OSError: [Errno 45] Operation not supported” (ex: on + FreeBSD 13). Patch by Victor Stinner. + - gh-89392: Removed support of test_main() function in tests. They + now always use normal unittest test runner. + - gh-108851: Fix test_tomllib recursion tests for WASI buildbots: + reduce the recursion limit and compute the maximum nested + array/dict depending on the current available recursion limit. + Patch by Victor Stinner. + - gh-108851: Add get_recursion_available() and + get_recursion_depth() functions to the test.support module. + Patch by Victor Stinner. + - gh-108822: regrtest now computes statistics on all tests: + successes, failures and skipped. test_netrc, test_pep646_syntax + and test_xml_etree now return results in their test_main() + function. Patch by Victor Stinner and Alex Waygood. + - gh-108388: Convert test_concurrent_futures to a package of 7 + sub-tests. Patch by Victor Stinner. + - gh-108388: Split test_multiprocessing_fork, + test_multiprocessing_forkserver and test_multiprocessing_spawn + into test packages. Each package is made of 4 sub-tests: + processes, threads, manager and misc. It allows running more + tests in parallel and so reduce the total test duration. Patch + by Victor Stinner. + - gh-101634: When running the Python test suite with -jN option, + if a worker stdout cannot be decoded from the locale encoding + report a failed testn so the exitcode is non-zero. Patch by + Victor Stinner. + - gh-100086: The Python test runner (libregrtest) now logs Python + build information like “debug” vs “release” build, or LTO and + PGO optimizations. Patch by Victor Stinner. + - gh-98903: The Python test suite now fails wit exit code 4 if no + tests ran. It should help detecting typos in test names and test + methods. + - gh-95027: On Windows, when the Python test suite is run with the + -jN option, the ANSI code page is now used as the encoding for + the stdout temporary file, rather than using UTF-8 which can + lead to decoding errors. Patch by Victor Stinner. + - gh-93353: regrtest now checks if a test leaks temporary files or + directories if run with -jN option. Patch by Victor Stinner. + - Build + - gh-63760: Fix Solaris build: no longer redefine the + gethostname() function. Solaris defines the function since 2005. + Patch by Victor Stinner, original patch by Jakub Kulík. + - gh-108740: Fix a race condition in make regen-all. The + deepfreeze.c source and files generated by Argument Clinic are + now generated or updated before generating “global objects”. + Previously, some identifiers may miss depending on the order in + which these files were generated. Patch by Victor Stinner. + - Windows + - gh-109991: Update Windows build to use OpenSSL 3.0.11. + - gh-107565: Update Windows build to use OpenSSL 3.0.10. + - macOS + - gh-109991: Update macOS installer to use OpenSSL 3.0.11. + - Tools/Demos + - gh-109991: Update GitHub CI workflows to use OpenSSL 3.0.11 and + multissltests to use 1.1.1w, 3.0.11, and 3.1.3. + +------------------------------------------------------------------- +Wed Sep 6 07:52:11 UTC 2023 - Daniel Garcia + +- Update to 3.11.5 (bsc#1214692): + - Security + - gh-108310: Fixed an issue where instances of ssl.SSLSocket were + vulnerable to a bypass of the TLS handshake and included + protections (like certificate verification) and treating sent + unencrypted data as if it were post-handshake TLS encrypted data. + Security issue reported as CVE-2023-40217 by Aapo Oksman. Patch by + Gregory P. Smith. + - Core and Builtins + - gh-104432: Fix potential unaligned memory access on C APIs + involving returned sequences of char * pointers within the grp + and socket modules. These were revealed using a + -fsaniziter=alignment build on ARM macOS. Patch by Christopher + Chavez. + - gh-77377: Ensure that multiprocessing synchronization objects + created in a fork context are not sent to a different process + created in a spawn context. This changes a segfault into an + actionable RuntimeError in the parent process. + - gh-106092: Fix a segmentation fault caused by a use-after-free + bug in frame_dealloc when the trashcan delays the deallocation + of a PyFrameObject. + - gh-106719: No longer suppress arbitrary errors in the + __annotations__ getter and setter in the type and module types. + - gh-106723: Propagate frozen_modules to multiprocessing spawned + process interpreters. + - gh-105979: Fix crash in _imp.get_frozen_object() due to improper + exception handling. + - gh-105840: Fix possible crashes when specializing function calls + with too many __defaults__. + - gh-105588: Fix an issue that could result in crashes when + compiling malformed ast nodes. + - gh-105375: Fix bugs in the builtins module where exceptions + could end up being overwritten. + - gh-105375: Fix bug in the compiler where an exception could end + up being overwritten. + - gh-105375: Improve error handling in + PyUnicode_BuildEncodingMap() where an exception could end up + being overwritten. + - gh-105235: Prevent out-of-bounds memory access during + mmap.find() calls. + - gh-101006: Improve error handling when read marshal data. + - Library + - gh-105736: Harmonized the pure Python version of OrderedDict + with the C version. Now, both versions set up their internal + state in __new__. Formerly, the pure Python version did the set + up in __init__. + - gh-107963: Fix multiprocessing.set_forkserver_preload() to check + the given list of modules names. Patch by Dong-hee Na. + - gh-106242: Fixes os.path.normpath() to handle embedded null + characters without truncating the path (bsc#1214693, + CVE-2023-41105). + - gh-107845: tarfile.data_filter() now takes the location of + symlinks into account when determining their target, so it will + no longer reject some valid tarballs with + LinkOutsideDestinationError. + - gh-107715: Fix doctest.DocTestFinder.find() in presence of class + names with special characters. Patch by Gertjan van Zwieten. + - gh-100814: Passing a callable object as an option value to a + Tkinter image now raises the expected TclError instead of an + AttributeError. + - gh-106684: Close asyncio.StreamWriter when it is not closed by + application leading to memory leaks. Patch by Kumar Aditya. + - gh-107077: Seems that in some conditions, OpenSSL will return + SSL_ERROR_SYSCALL instead of SSL_ERROR_SSL when a certification + verification has failed, but the error parameters will still + contain ERR_LIB_SSL and SSL_R_CERTIFICATE_VERIFY_FAILED. We are + now detecting this situation and raising the appropiate + ssl.SSLCertVerificationError. Patch by Pablo Galindo + - gh-107396: tarfiles; Fixed use before assignment of + self.exception for gzip decompression + - gh-62519: Make gettext.pgettext() search plural definitions when + translation is not found. + - gh-83006: Document behavior of shutil.disk_usage() for + non-mounted filesystems on Unix. + - gh-106186: Do not report MultipartInvariantViolationDefect + defect when the email.parser.Parser class is used to parse + emails with headersonly=True. + - gh-106831: Fix potential missing NULL check of d2i_SSL_SESSION + result in _ssl.c. + - gh-106774: Update the bundled copy of pip to version 23.2.1. + - gh-106752: Fixed several bug in zipfile.Path in + name/suffix/suffixes/stem operations when no filename is present + and the Path is not at the root of the zipfile. + - gh-106602: Add __copy__ and __deepcopy__ in enum + - gh-106530: Revert a change to colorsys.rgb_to_hls() that caused + division by zero for certain almost-white inputs. Patch by Terry + Jan Reedy. + - gh-106052: re module: fix the matching of possessive quantifiers + in the case of a subpattern containing backtracking. + - gh-106510: Improve debug output for atomic groups in regular + expressions. + - gh-105497: Fix flag mask inversion when unnamed flags exist. + - gh-90876: Prevent multiprocessing.spawn from failing to import + in environments where sys.executable is None. This regressed in + 3.11 with the addition of support for path-like objects in + multiprocessing. + - gh-106350: Detect possible memory allocation failure in the + libtommath function mp_init() used by the _tkinter module. + - gh-102541: Make pydoc.doc catch bad module ImportError when + output stream is not None. + - gh-106263: Fix crash when calling repr with a manually + constructed SignalDict object. Patch by Charlie Zhao. + - gh-105375: Fix a bug in _Unpickler_SetInputStream() where an + exception could end up being overwritten in case of failure. + - gh-105375: Fix bugs in sys where exceptions could end up being + overwritten because of deferred error handling. + - gh-105605: Harden pyexpat error handling during module + initialisation to prevent exceptions from possibly being + overwritten, and objects from being dereferenced twice. + - gh-105375: Fix bug in decimal where an exception could end up + being overwritten. + - gh-105375: Fix bugs in _datetime where exceptions could be + overwritten in case of module initialisation failure. + - gh-105375: Fix bugs in _ssl initialisation which could lead to + leaked references and overwritten exceptions. + - gh-105375: Fix a bug in array.array where an exception could end + up being overwritten. + - gh-105375: Fix bugs in _ctypes where exceptions could end up + being overwritten. + - gh-105375: Fix a bug in the posix module where an exception + could be overwritten. + - gh-105375: Fix bugs in _elementtree where exceptions could be + overwritten. + - gh-105375: Fix bugs in zoneinfo where exceptions could be + overwritten. + - gh-105375: Fix bugs in pickle where exceptions could be + overwritten. + - gh-105497: Fix flag inversion when alias/mask members exist. + - gh-105375: Fix bugs in pickle where exceptions could be + overwritten. + - gh-103171: Revert undocumented behaviour change with + runtime-checkable protocols decorated with typing.final() in + Python 3.11. The behaviour change had meant that objects would + not be considered instances of these protocols at runtime unless + they had a __final__ attribute. Patch by Alex Waygood. + - gh-105375: Fix a bug in sqlite3 where an exception could be + overwritten in the collation callback. + - gh-105332: Revert pickling method from by-name back to by-value. + - gh-104554: Add RTSPS scheme support in urllib.parse + - gh-100061: Fix a bug that causes wrong matches for regular + expressions with possessive qualifier. + - gh-102541: Hide traceback in help() prompt, when import failed. + - gh-99203: Restore following CPython <= 3.10.5 behavior of + shutil.make_archive(): do not create an empty archive if + root_dir is not a directory, and, in that case, raise + FileNotFoundError or NotADirectoryError regardless of format + choice. Beyond the brought-back behavior, the function may now + also raise these exceptions in dry_run mode. + - gh-94777: Fix hanging multiprocessing ProcessPoolExecutor when a + child process crashes while data is being written in the call + queue. + - bpo-18319: Ensure gettext(msg) retrieve translations even if a + plural form exists. In other words: gettext(msg) == + ngettext(msg, '', 1). + - Documentation + - gh-107008: Document the curses module variables LINES and COLS. + - gh-106948: Add a number of standard external names to + nitpick_ignore. + - gh-54738: Add documentation on how to localize the argparse + module. + - Tests + - gh-105776: Fix test_cppext when the C compiler command -std=c11 + option: remove -std= options from the compiler command. Patch by + Victor Stinner. + - gh-107237: test_logging: Fix test_udp_reconnection() by + increasing the timeout from 100 ms to 5 minutes (LONG_TIMEOUT). + Patch by Victor Stinner. + - gh-101634: When running the Python test suite with -jN option, + if a worker stdout cannot be decoded from the locale encoding + report a failed testn so the exitcode is non-zero. Patch by + Victor Stinner. + - Build + - gh-107814: When calling find_python.bat with -q it did not + properly silence the output of nuget. That is now fixed. + - gh-106881: Check for linux/limits.h before including it in + Modules/posixmodule.c. + - gh-104692: Include commoninstall as a prerequisite for + bininstall + - This ensures that commoninstall is completed before bininstall + is started when parallel builds are used (make -j install), and + so the python3 symlink is only installed after all standard + library modules are installed. + - gh-100340: Allows -Wno-int-conversion for wasm-sdk 17 and + onwards, thus enables building WASI builds once against the + latest sdk. + - Windows + - gh-106242: Fixes realpath() to behave consistently when passed a + path containing an embedded null character on Windows. In strict + mode, it now raises OSError instead of the unexpected + ValueError, and in non-strict mode will make the path absolute. + - gh-106844: Fix integer overflow in _winapi.LCMapStringEx() which + affects ntpath.normcase(). + - gh-99079: Update Windows build to use OpenSSL 3.0.9 + - gh-105436: Ensure that an empty environment block is terminated + by two null characters, as is required by Windows. + - macOS + - gh-107565: Update macOS installer to use OpenSSL 3.0.10. + - gh-99079: Update macOS installer to use OpenSSL 3.0.9. + - Tools/Demos + - gh-107565: Update multissltests and GitHub CI workflows to use + OpenSSL 1.1.1v, 3.0.10, and 3.1.2. + - gh-95065: Argument Clinic now supports overriding automatically + generated signature by using directive @text_signature. See How + to override the generated signature. + - gh-106970: Fix bugs in the Argument Clinic destination + clear command; the destination buffers would never be cleared, + and the destination directive parser would simply continue to + the fault handler after processing the command. Patch by Erlend + E. Aasland. + - C API + - gh-107916: C API functions PyErr_SetFromErrnoWithFilename(), + PyErr_SetExcFromWindowsErrWithFilename() and + PyErr_SetFromWindowsErrWithFilename() save now the error code + before calling PyUnicode_DecodeFSDefault(). + - gh-107915: Such C API functions as PyErr_SetString(), + PyErr_Format(), PyErr_SetFromErrnoWithFilename() and many others + no longer crash or ignore errors if it failed to format the + error message or decode the filename. Instead, they keep a + corresponding error. + - gh-107226: PyModule_AddObjectRef() is now only available in the + limited API version 3.10 or later. + - gh-105375: Fix a bug in PyErr_WarnExplicit() where an exception + could end up being overwritten if the API failed internally. + - gh-99612: Fix PyUnicode_DecodeUTF8Stateful() for ASCII-only + data: *consumed was not set. + +------------------------------------------------------------------- +Thu Aug 10 09:33:26 UTC 2023 - Dirk Müller + +- restrict PEP668 to ALP/Tumbleweed + +------------------------------------------------------------------- +Fri Aug 4 06:37:41 UTC 2023 - Dirk Müller + +- add externally_managed.in to label this build as PEP-668 managed + +------------------------------------------------------------------- +Thu Aug 3 14:53:38 UTC 2023 - Matej Cepl + +- IT MEANS THAT bsc#1210638 STILL HAS NOT BEEN FIXED! +- Add Revert-gh105127-left-tests.patch (gh#python/cpython!106941) + partially reverting CVE-2023-27043-email-parsing-errors.patch, + because of the regression in gh#python/cpython#106669. +- (bsc#1210638, CVE-2023-27043) Add + CVE-2023-27043-email-parsing-errors.patch, which detects email + address parsing errors and returns empty tuple to indicate the + parsing error (old API). (The patch is faulty, + gh#python/cpython#106669, but upstream decided not to just + revert it). + +------------------------------------------------------------------- +Wed Jun 28 19:47:28 UTC 2023 - Matej Cepl + +- Update to Python 3.11.4: + - gh-103142: The version of OpenSSL used in Windows and + Mac installers has been upgraded to 1.1.1u to address + CVE-2023-2650, CVE-2023-0465, CVE-2023-0466, CVE-2023-0464, + as well as CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303 + fixed previously in 1.1.1t (gh-101727). + - gh-102153: urllib.parse.urlsplit() now strips leading C0 + control and space characters following the specification for + URLs defined by WHATWG in response to CVE-2023-24329 + (bsc#1208471). + - gh-99889: Fixed a security in flaw in uu.decode() that could + allow for directory traversal based on the input if no + out_file was specified. + - gh-104049: Do not expose the local on-disk + location in directory indexes produced by + http.client.SimpleHTTPRequestHandler. + - gh-103935: trace.__main__ now uses io.open_code() for files + to be executed instead of raw open(). + - gh-102953: The extraction methods in tarfile, and + shutil.unpack_archive(), have a new filter argument that + allows limiting tar features than may be surprising or + dangerous, such as creating files outside the destination + directory. See Extraction filters for details (fixing + CVE-2007-4559, bsc#1203750). +- Remove upstreamed patches: + - CVE-2007-4559-filter-tarfile_extractall.patch + +------------------------------------------------------------------- +Mon Jun 26 13:02:05 UTC 2023 - Matej Cepl + +- Remove obsolete_python_versioned macro again. This mechanism + has no business to be in Python 3.11, because we have abolished + with it whole interpreter+setuptools+pip product. Python 3.11 + should not be replaced by later versions anymore. + +------------------------------------------------------------------- +Sun Apr 30 18:13:16 UTC 2023 - Matej Cepl + +- Add 103213-fetch-CONFIG_ARGS.patch (gh#python/cpython#103053). +- Add skip_if_buildbot-extend.patch to avoid the bug altogether + (extending what skip_if_buildbot covers). +- Add CVE-2007-4559-filter-tarfile_extractall.patch to fix + bsc#1203750 (CVE-2007-4559) and implementing "PEP 706 – Filter + for tarfile.extractall". + +------------------------------------------------------------------- +Thu Apr 27 21:57:15 UTC 2023 - Matej Cepl + +- Update to 3.11.3: + - Security + - gh-101727: Updated the OpenSSL version used in Windows + and macOS binary release builds to 1.1.1t to address + CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303 per the + OpenSSL 2023-02-07 security advisory. + - Core and Builtins + - gh-101975: Fixed stacktop value on tracing entries to avoid + corruption on garbage collection. + - gh-102701: Fix overflow when creating very large dict. + - gh-102416: Do not memoize incorrectly automatically + generated loop rules in the parser. Patch by Pablo Galindo. + - gh-102356: Fix a bug that caused a crash when deallocating + deeply nested filter objects. Patch by Marta Gómez Macías. + - gh-102397: Fix segfault from race condition in signal + handling during garbage collection. Patch by Kumar Aditya. + - gh-102281: Fix potential nullptr dereference and use of + uninitialized memory in fileutils. Patch by Max Bachmann. + - gh-102126: Fix deadlock at shutdown when clearing thread + states if any finalizer tries to acquire the runtime head + lock. Patch by Kumar Aditya. + - gh-102027: Fix SSE2 and SSE3 detection in _blake2 internal + module. Patch by Max Bachmann. + - gh-101967: Fix possible segfault in + positional_only_passed_as_keyword function, when new list + created. + - gh-101765: Fix SystemError / segmentation fault in iter + __reduce__ when internal access of builtins.__dict__ keys + mutates the iter object. + - gh-101696: Invalidate type version tag in + _PyStaticType_Dealloc for static types, avoiding bug where + a false cache hit could crash the interpreter. Patch by + Kumar Aditya. + - Library + - gh-102549: Don’t ignore exceptions in member type creation. + - gh-102947: Improve traceback when dataclasses.fields() is + called on a non-dataclass. Patch by Alex Waygood + - gh-102780: The asyncio.Timeout context manager now + works reliably even when performing cleanup due to task + cancellation. Previously it could raise a CancelledError + instead of an TimeoutError in such cases. + - gh-88965: typing: Fix a bug relating to substitution in . + Pacustom classes generic over a ParamSpec. Previously, if . + Pathe ParamSpec was substituted with a parameters list that . + Paitself contained a TypeVar, the TypeVar in the parameters . + Palist could not be subsequently substituted. This is now . + Pafixed tch by Nikita Sobolev . + - gh-101979: Fix a bug where parentheses in the metavar + argument to argparse.ArgumentParser.add_argument() were + dropped. Patch by Yeojin Kim. + - gh-102179: Fix os.dup2() error message for negative fds. + - gh-101961: For the binary mode, fileinput.hookcompressed() + doesn’t set the encoding value even if the value is + None. Patch by Gihwan Kim. + - gh-101936: The default value of fp becomes io.BytesIO + if HTTPError is initialized without a designated fp + parameter. Patch by Long Vo. + - gh-102069: Fix __weakref__ descriptor generation for custom + dataclasses. + - gh-101566: In zipfile, apply fix for extractall on the + underlying zipfile after being wrapped in Path. + - gh-101892: Callable iterators no longer raise SystemError + when the callable object exhausts the iterator but forgets + to either return a sentinel value or raise StopIteration. + - gh-97786: Fix potential undefined behaviour in corner cases + of floating-point-to-time conversions. + - gh-101517: Fixed bug where bdb looks up the source line + with linecache with a lineno=None, which causes it to fail + with an unhandled exception. + - gh-101673: Fix a pdb bug where ll clears the changes to + local variables. + - gh-96931: Fix incorrect results from + ssl.SSLSocket.shared_ciphers() + - gh-88233: Correctly preserve “extra” fields in zipfile + regardless of their ordering relative to a zip64 “extra.” + - gh-96127: inspect.signature was raising TypeError on + call with mock objects. Now it correctly returns (*args, + **kwargs) as infered signature. + - gh-95495: When built against OpenSSL 3.0, the ssl module + had a bug where it reported unauthenticated EOFs (i.e. + without close_notify) as a clean TLS-level EOF. It now + raises SSLEOFError, matching the behavior in previous + versions of OpenSSL. The options attribute on SSLContext + also no longer includes OP_IGNORE_UNEXPECTED_EOF by + default. This option may be set to specify the previous + OpenSSL 3.0 behavior. + - gh-94440: Fix a concurrent.futures.process bug where + ProcessPoolExecutor shutdown could hang after a future has + been quickly submitted and canceled. + - Documentation + - gh-103112: Add docstring to http.client.HTTPResponse.read() + to fix pydoc output. + - gh-85417: Update cmath documentation to clarify behaviour + on branch cuts. + - gh-97725: Fix asyncio.Task.print_stack() description for + file=None. Patch by Oleg Iarygin. + - Tests + - gh-102980: Improve test coverage on pdb. + - gh-102537: Adjust the error handling strategy in + test_zoneinfo.TzPathTest.python_tzpath_context. Patch by + Paul Ganssle. + - gh-89792: test_tools now copies up to 10x less source data + to a temporary directory during the freeze test by ignoring + git metadata and other artifacts. It also limits its python + build parallelism based on os.cpu_count instead of hard + coding it as 8 cores. + - gh-101377: Improved test_locale_calendar_formatweekday of + calendar. + - Build + - gh-102711: Fix -Wstrict-prototypes compiler warnings. + +------------------------------------------------------------------- +Fri Mar 3 17:23:35 UTC 2023 - Matej Cepl + +- Update to 3.11.2: + Bug fixes, no changes in API and no security bugs. + +------------------------------------------------------------------- +Wed Mar 1 20:50:04 UTC 2023 - Matej Cepl + +- Add python310 Obsoletes line to obsolete_python_versioned macro. + +------------------------------------------------------------------- +Tue Feb 21 11:34:49 UTC 2023 - Matej Cepl + +- Add provides for readline and sqlite3 to the main Python + package. + +------------------------------------------------------------------- +Thu Jan 26 13:28:24 UTC 2023 - Thorsten Kukuk + +- Disable NIS for new products, it's deprecated and gets removed + +------------------------------------------------------------------- +Tue Jan 24 12:23:34 UTC 2023 - Dirk Müller + +- build GLIBC hwcaps optimized versions of the interpreter + +------------------------------------------------------------------- +Tue Jan 10 11:11:56 UTC 2023 - Matej Cepl + +- Don't fail on Sphinx build warnings. +- For jsc#PED-1570, jsc#PED-2217 and jsc#PED-68, + providing Python 3.11 for SLE-15-SP4. + +------------------------------------------------------------------- +Thu Dec 8 14:59:50 UTC 2022 - Matej Cepl + +- Update to 3.11.1: + - python -m http.server no longer allows terminal control + characters sent within a garbage request to be printed + to the stderr server lo This is done by changing the + http.server BaseHTTPRequestHandler .log_message method to + replace control characters with a \xHH hex escape before + printin + - Avoid publishing list of active per-interpreter audit hooks + via the gc module + - The IDNA codec decoder used on DNS hostnames by socket or + asyncio related name resolution functions no longer involves + a quadratic algorithm. This prevents a potential CPU denial + of service if an out-of-spec excessive length hostname + involving bidirectional characters were decoded. Some + protocols such as urllib http 3xx redirects potentially allow + for an attacker to supply such a name (CVE-2022-45061). + - Update bundled libexpat to 2.5.0 + - Fix a shell code injection vulnerability in the + get-remote-certificate.py example script. The script no + longer uses a shell to run openssl commands. Issue reported + and initial fix by Caleb Shortt. Patch by Victor Stinner. + - Fix a crash when an object which does not have a dictionary + frees its instance values. + - Fix a bug in the tokenizer that could cause infinite + recursion when showing syntax warnings that happen in the + first line of the source. Patch by Pablo Galindo + - Fix an issue that could cause frames to be visible to Python + code as they are being torn down, possibly leading to memory + corruption or hard crashes of the interpreter. + - Fix a reference bug in _imp.create_builtin() after the + creation of the first sub-interpreter for modules builtins + and sys. Patch by Victor Stinner. + - Fixed a bug that was causing a buffer overflow if the + tokenizer copies a line missing the newline caracter from a + file that is as long as the available tokenizer buffer. Patch + by Pablo galindo + - Fix bug where an ExceptionGroup subclass can wrap a + BaseException. + - Fix zip path for venv created from a non-installed python on + POSIX platforms. + - Fix an issue that could potentially cause incorrect error + handling for some bytecode instructions. + - Fix an issue that prevented PyThreadState and + PyInterpreterState memory from being freed properly. + - Fix failure in except* with unhashable exceptions. + - Fix calculation of sys._base_executable when inside a POSIX + virtual environment using copies of the python binary when + the base installation does not provide the executable name + used by the venv. Calculation will fall back to alternative + names (“python”, “python.”). + - Update faulthandler to emit an error message with the proper + unexpected signal number. Patch by Dong-hee Na. + - Fix location of SyntaxError for a try block with both except + and except*. + - Fix the error reporting positions of specialized traceback + anchors when the source line contains Unicode characters. + - Fix subscription of type aliases containing bare generic + types or types like TypeVar: for example tuple[A, T][int] and + tuple[TypeVar, T][int], where A is a generic type, and T is a + type variable. + - Lower the recursion depth for marshal on WASI to support + wasmtime 2.0/main. + - Fix multiple crashes in debug mode when str subclasses are + used instead of str itself. + - Fix an issue where member descriptors (such as those for + __slots__) could behave incorrectly or crash instead of + raising a TypeError when accessed via an instance of an + invalid type. + - Suppress ImportError for invalid query for help() + command. Patch by Dong-hee Na. + - Fix detection of MAC addresses for uuid on certain OSs. Patch + by Chaim Sanders + - Print exception class name instead of its string + representation when raising errors from ctypes calls. + - os.sched_yield() now release the GIL while calling + sched_yield(2). Patch by Dong-hee Na. + - Fix an issue that could delay the specialization of PRECALL + instructions. + - Bugfix: PyFunction_GetAnnotations() should return a borrowed + reference. It was returning a new reference. + - Ensure that all Python frame objects are backed by “complete” + frames. + - Fixed a missing incref/decref pair in + Exception.__setstate__(). Patch by Ofey Chan. + - Fix the Python path configuration used to initialized + sys.path at Python startup. Paths are no longer encoded + to UTF-8/strict to avoid encoding errors if it contains + surrogate characters (bytes paths are decoded with the + surrogateescape error handler). Patch by Victor Stinner. + - Fix overly-broad source position information for chained + comparisons used as branching conditions. + - At Python exit, sometimes a thread holding the GIL can + wait forever for a thread (usually a daemon thread) which + requested to drop the GIL, whereas the thread already + exited. To fix the race condition, the thread which requested + the GIL drop now resets its request before exiting. Issue + discovered and analyzed by Mingliang ZHAO. Patch by Victor + Stinner. + - Fix a possible assertion failure, fatal error, or SystemError + if a line tracing event raises an exception while opcode + tracing is enabled. + - Fix undefined behaviour in C code of null pointer arithmetic. + - Make sure that all frame objects created are created from + valid interpreter frames. Prevents the possibility of invalid + frames in backtraces and signal handlers. + - Disable incorrect pickling of the C implemented classmethod + descriptors. + - On WASI ENOTCAPABLE is now mapped to PermissionError. The + errno modules exposes the new error number. getpath.py now + ignores PermissionError when it cannot open landmark files + pybuilddir.txt and pyenv.cfg. + - Allow pdb to locate source for frozen modules in the standard + library. + - Raise ValueError instead of SystemError when methods of + uninitialized io.IncrementalNewlineDecoder objects are + called. Patch by Oren Milman. + - Fix a possible assertion failure in io.FileIO when the opener + returns an invalid file descriptor. + - Also escape s in the http.server + BaseHTTPRequestHandler.log_message so that it is technically + possible to parse the line and reconstruct what the original + data was. Without this a xHH is ambiguious as to if it is a + hex replacement we put in or the characters r”x” came through + in the original request line. + - asyncio.get_event_loop() now only emits a deprecation warning + when a new event loop was created implicitly. It no longer + emits a deprecation warning if the current event loop was + set. + - Fix bug when calling trace.CoverageResults with valid infile. + - Fix a bug in handling class cleanups in + unittest.TestCase. Now addClassCleanup() uses separate lists + for different TestCase subclasses, and doClassCleanups() only + cleans up the particular class. + - Release the GIL when calling termios APIs to avoid blocking + threads. + - Fix ast.increment_lineno() to also cover ast.TypeIgnore when + changing line numbers. + - Fix bug in urllib.parse.urlparse() that causes URL schemes + that begin with a digit, a plus sign, or a minus sign to be + parsed incorrectly. + - Check the number of arguments in substitution in user + generics containing a TypeVarTuple and one or more TypeVar. + - Fix substitution of ParamSpec followed by TypeVarTuple in + generic aliases. + - Fix substitution of TypeVarTuple and ParamSpec together in + user generics. + - Fixed bug where inspect.signature() reported incorrect + arguments for decorated methods. + - Fix SystemError in ctypes when exception was not set during + __initsubclass__. + - Remove older version of + _SSLProtocolTransport.get_write_buffer_limits in + asyncio.sslproto + - fix negative numbers failing in verify() + - Fix statistics.NormalDist pickle with 0 and 1 protocols. + - enum.auto() is now correctly activated when combined with + other assignment values. E.g. ONE = auto(), 'some text' will + now evaluate as (1, 'some text'). + - Update the bundled copy of pip to version 22.3.1. + - Clean up refleak on failed module initialisation in _zoneinfo + - Clean up refleaks on failed module initialisation in in + _pickle + - Clean up refleak on failed module initialisation in _io. + - Fix memory leak in math.dist() when both points don’t have + the same dimension. Patch by Kumar Aditya. + - [3.11] Applied changes from importlib_metadata 4.11.4 + through 4.13, including compatibility and robustness + fixes for Distribution objects without _normalized_name, + disallowing invalid inputs to Distribution.from_name, and + refined behaviors in PathDistribution._name_from_stem and + PathDistribution._normalized_name. + - Fix argument typechecks in _overlapped.WSAConnect() and + _overlapped.Overlapped.WSASendTo() functions. + - Prevent crashing in traceback when retrieving the byte-offset + for some source files that contain certain unicode + characters. + - Fix internal error in the re module which in very rare + circumstances prevented compilation of a regular expression + containing a conditional expression without the “else” + branch. + - Fix asyncio.StreamWriter.drain() to call + protocol.connection_lost callback only once on Windows. + - Add a mutex to unittest.mock.NonCallableMock to protect + concurrent access to mock attributes. + - Fix hang on Windows in subprocess.wait_closed() in asyncio + with ProactorEventLoop. Patch by Kumar Aditya. + - Fix infinite loop in unittest when a self-referencing chained + exception is raised + - tkinter.Text.count() raises now an exception for options + starting with “-” instead of silently ignoring them. + - On uname_result, restored expectation that _fields and + _asdict would include all six properties including processor. + - A createSocket() method was added to SysLogHandler. + - Fix bug in urllib.parse.urlparse() that causes certain port + numbers containing whitespace, underscores, plus and minus + signs, or non-ASCII digits to be incorrectly accepted. + - Allow venv to pass along PYTHON* variables to ensurepip and + pip when they do not impact path resolution + - On macOS, fix a crash in syslog.syslog() in multi-threaded + applications. On macOS, the libc syslog() function is not + thread-safe, so syslog.syslog() no longer releases the GIL to + call it. Patch by Victor Stinner. + - Allow BUILTINS to be a valid field name for frozen + dataclasses. + - Wrap network errors consistently in urllib FTP support, so + the test suite doesn’t fail when a network is available but + the public internet is not reachable. + - Make sure patch.dict() can be applied on async functions. + - Earlier in 3.11 we deprecated + asyncio.Task.cancel("message"). We realized we were too + harsh, and have undeprecated it. + - Change deprecate warning message in unittest from It is + deprecated to return a value!=None to It is deprecated to + return a value that is not None from a test case + - Fixes AttributeError when subprocess.check_output() is used + with argument input=None and either of the arguments encoding + or errors are used. + - Fix is_private properties in the ipaddress module. Previously + non-private networks (0.0.0.0/0) would return True from this + method; now they correctly return False. + - Avoid spurious tracebacks from asyncio when default executor + cleanup is delayed until after the event loop is closed (e.g. + as the result of a keyboard interrupt). + - Avoid a crash in the C version of + asyncio.Future.remove_done_callback() when an evil argument + is passed. + - Remove tokenize.NL check from tabnanny. + - Fix generation of the default name of + tkinter.Checkbutton. Previously, checkbuttons in different + parent widgets could have the same short name and share + the same state if arguments “name” and “variable” are not + specified. Now they are globally unique. + - Update bundled libexpat to 2.4.9 + - Fix race condition in asyncio where process_exited() called + before the pipe_data_received() leading to inconsistent + output. Patch by Kumar Aditya. + - Fixed check in multiprocessing.resource_tracker that + guarantees that the length of a write to a pipe is not + greater than PIPE_BUF. + - Corrected type annotation for dataclass attribute + pstats.FunctionProfile.ncalls to be str. + - Fix repr of Any subclasses. + - Work around missing socket functions in socket’s __repr__. + - In inspect, fix overeager replacement of “typing.” in + formatting annotations. + - Fix handling of bytes path-like objects in os.ismount(). + - Fix handling compiler warnings (SyntaxWarning and + DeprecationWarning) in codeop.compile_command() when checking + for incomplete input. Previously it emitted warnings and + raised a SyntaxError. Now it always returns None for + incomplete input without emitting any warnings. + - To avoid apparent memory leaks when asyncio.open_connection() + raises, break reference cycles generated by local exception + and future instances (which has exception instance as its + member var). Patch by Dong Uk, Kang. + - Fixed flickering of the turtle window when the tracer is + turned off. Patch by Shin-myoung-serp. + - Fix asyncio subprocess transport to kill process cleanly + when process is blocked and avoid RuntimeError when loop is + closed. Patch by Kumar Aditya. + - Prevent error when activating venv in nested fish instances. + - TarFile.next() now returns None when called on an empty + tarfile. + - Document the optional callback parameter of WeakMethod. Patch + by Géry Ogam. + - Restrict use of sockets instead of pipes for stdin of + subprocesses created by asyncio to AIX platform only. + - shutil.copytree() now applies the ignore_dangling_symlinks + argument recursively. + - Fix IndexError in argparse.ArgumentParser when a store_true + action is given an explicit argument. + - Document that calling variadic functions with ctypes requires + special care on macOS/arm64 (and possibly other platforms). + - Remove extra row + - Clarified the conflicting advice given in the ast + documentation about ast.literal_eval() being “safe” for use + on untrusted input while at the same time warning that it + can crash the process. The latter statement is true and is + deemed unfixable without a large amount of work unsuitable + for a bugfix. So we keep the warning and no longer claim that + literal_eval is safe. + - Restructured the documentation for the os.wait* family of + functions, and improved the docs for os.waitid() with more + explanation of the possible argument constants. + - Skip test_normalization() of test_unicodedata if it + fails to download NormalizationTest.txt file from + pythontest.net. Patch by Victor Stinner. + - Correct test_marsh on (32 bit) x86: test_deterministic sets + was failing. + - Optional big memory tests in test_sqlite3 now catch the + correct sqlite.DataError exception type in case of too large + strings and/or blobs passed. + - Fix a bug in the typing tests where a test relying + on CPython-specific implementation details was not + decorated with @cpython_only and was not skipped on other + implementations. + - Add tests for star-unpacking with PEP 646, and some other + miscellaneous PEP 646 tests. + - Added explicit coverage of Py_Initialize (and hence + Py_InitializeEx) back to the embedding tests (all other + embedding tests migrated to Py_InitializeFromConfig in Python + 3.11) + - Some C API tests were moved into the new Lib/test/test_capi/ + directory. + - Fix -Wimplicit-int, -Wstrict-prototypes, and + -Wimplicit-function-declaration compiler warnings in + configure checks. + - Fix a compilation issue with GCC 12 on macOS. + - Fix -Wimplicit-int compiler warning in configure check for + PTHREAD_SCOPE_SYSTEM. + - Fix a possible fd leak in Programs/_freeze_module.c + introduced in Python 3.11. + - Fix build with PYTHON_FOR_REGEN=python3.8. + - Specify the full path to the source location for make + docclean (needed for cross-builds). + - Don’t use vendored libmpdec headers if --with-system-libmpdec + is passed to configure. Don’t use vendored libexpat headers + if --with-system-expat is passed to !configure. + - Fix the build process of clang compiler for _bootstrap_python + if LTO optimization is applied. Patch by Matthias Görgens and + Dong-hee Na. + - wasm32-emscripten builds for browsers now include + concurrent.futures for asyncio and unittest.mock. + - wasm32-emscripten platform no longer builds resource module, + getresuid(), getresgid(), and their setters. The APIs are + stubs and not functional. + - Updated pegen regeneration script on Windows to find and + use Python 3.9 or higher. Prior to this, pegen regeneration + already required 3.9 or higher, but the script may have used + lower versions of Python. + - Fix a bug in the previous bugfix that caused IDLE to + not start when run with 3.10.8, 3.12.0a1, and at least + Microsoft Python 3.10.2288.0 installed without the Lib/test + package. 3.11.0 was never affected. + - The wasm_build.py script now pre-builds Emscripten ports, + checks for broken EMSDK versions, and warns about pkg-config + env vars. + - The new tool Tools/wasm/wasm_builder.py automates configure, + compile, and test steps for building CPython on WebAssembly + platforms. + - Fix handling of module docstrings in Tools/i18n/pygettext.py. + - PyBUF_* constants were marked as part of Limited API + of Python 3.11+. These were available in 3.11.0 with + Py_LIMITED_API defined for 3.11, and are necessary to use the + buffer API. + - Fix use-after-free in Py_SetPythonHome(NULL), + Py_SetProgramName(NULL) and _Py_SetProgramFullPath(NULL) + function calls. Issue reported by Benedikt Reinartz. Patch by + Victor Stinner. + - Py_InitializeEx now correctly calls PyConfig_Clear after + initializing the interpreter (the omission didn’t cause a + memory leak only because none of the dynamically allocated + config fields are populated by the wrapper function) +- Removed upstreamed patches: + - 98437-sphinx.locale._-as-gettext-in-pyspecific.patch + - CVE-2022-45061-DoS-by-IDNA-decode.patch + +------------------------------------------------------------------- +Wed Nov 9 18:31:23 UTC 2022 - Matej Cepl + +- Add CVE-2022-45061-DoS-by-IDNA-decode.patch to avoid + CVE-2022-45061 (bsc#1205244) allowing DoS by IDNA decoding + extremely long domain names. + +------------------------------------------------------------------- +Tue Oct 25 08:39:47 UTC 2022 - Matej Cepl + +- Update to 3.11.0 (overall changes from 3.10.*): + - General changes + - PEP 657 -- Include Fine-Grained Error Locations in + Tracebacks + - PEP 654 -- Exception Groups and except* + - PEP 680 -- tomllib: Support for Parsing TOML in the + Standard Library + - gh-90908 -- Introduce task groups to asyncio + - gh-34627 -- Atomic grouping ((?>...)) and possessive + quantifiers (*+, ++, ?+, {m,n}+) are now supported in + regular expressions. + - The Faster CPython Project is already yielding some + exciting results. Python 3.11 is up to 10-60% faster than + Python 3.10. On average, we measured a 1.22x speedup on the + standard benchmark suite. See Faster CPython for details. + - Typing and typing language changes + - PEP 673 -- Self Type + - PEP 646 -- Variadic Generics + - PEP 675 -- Arbitrary Literal String Type + - PEP 655 -- Marking individual TypedDict items as required + or potentially-missing + - PEP 681 -- Data Class Transforms +- (just changes from 3.11.0rc2): + - Fix multiplying a list by an integer (list *= int): detect + the integer overflow when the new allocated length is close + to the maximum size. Issue reported by Jordan Limor. Patch by + Victor Stinner. + - On Linux the multiprocessing module returns to using + filesystem backed unix domain sockets for communication + with the forkserver process instead of the Linux abstract + socket namespace. Only code that chooses to use the + “forkserver” start method is affected. Abstract sockets have + no permissions and could allow any user on the system in the + same network namespace (often the whole system) to inject + code into the multiprocessing forkserver process. This was + a potential privilege escalation. Filesystem based socket + permissions restrict this to the forkserver process user as + was the default in Python 3.8 and earlier. This prevents + Linux CVE-2022-42919. + - Fix an issue where several frame objects could be backed by + the same interpreter frame, possibly leading to corrupted + memory and hard crashes of the interpreter. + - Fix possible data corruption or crashes when accessing the + f_back member of newly-created generator or coroutine frames. + - Fix a crash occurring when PyEval_GetFrame() is called while + the topmost Python frame is in a partially-initialized state. + - Fix command line parsing: reject -X int_max_str_digits option + with no value (invalid) when the PYTHONINTMAXSTRDIGITS + environment variable is set to a valid limit. Patch by Victor + Stinner. + - Fix undefined behaviour in _testcapimodule.c. + - When ValueError is raised if an integer is larger than the + limit, mention the sys.set_int_max_str_digits() function in + the error message. Patch by Victor Stinner. + - Correctly raise SyntaxError on exception groups (PEP 654) on + python versions prior to 3.11 + - Document some places where an assignment expression needs + parentheses. + - Update the bundled copies of pip and setuptools to versions + 22.3 and 65.5.0 respectively. + - fix Flag to use boundary CONFORM + - This restores previous Flag behavior of allowing flags with + non-sequential values to be combined; e.g. + - class Skip(Flag): TWO = 2 EIGHT = 8 + - Skip.TWO | Skip.EIGHT -> + - Fix ! in c domain ref target syntax via a conf.py patch, so + it works as intended to disable ref target resolution. + - Update tutorial introduction output to use 3.10+ SyntaxError + invalid range. + +------------------------------------------------------------------- +Fri Oct 21 10:14:03 UTC 2022 - Matej Cepl + +- Add 98437-sphinx.locale._-as-gettext-in-pyspecific.patch to + allow building of documentation with the latest Sphinx 5.3.0 + (gh#python/cpython#98366). + +------------------------------------------------------------------- +Thu Sep 15 08:43:07 UTC 2022 - Matej Cepl + +- Update to 3.11.0rc2: + - Converting between int and str in bases other than 2 + (binary), 4, 8 (octal), 16 (hexadecimal), or 32 such as base + 10 (decimal) now raises a ValueError if the number of digits + in string form is above a limit to avoid potential denial of + service attacks due to the algorithmic complexity. This is + a mitigation for CVE-2020-10735. + This new limit can be configured or disabled by environment + variable, command line flag, or sys APIs. See the integer + string conversion length limitation documentation. The + default limit is 4300 digits in string form. + - Fix case of undefined behavior in ceval.c + - Do not expose KeyWrapper in _functools. + - Ensure that tracing, sys.setrace(), is turned on + immediately. In pre-release versions of 3.11, some tracing + events might have been lost when turning on tracing in a + __del__ method or interrupt. + - Fix use after free in trace refs build mode. Patch by Kumar + Aditya. + - When loading a file with invalid UTF-8 inside a multi-line + string, a correct SyntaxError is emitted. + - Make sure that incomplete frames do not show up in + tracemalloc traces. + - Remove two cases of undefined behavior, by adding NULL + checks. + - Fix possible NULL pointer dereference in + _PyThread_CurrentFrames. Patch by Kumar Aditya. + - Fix AttributeError missing name and obj attributes in + object.__getattribute__(). Patch by Philip Georgi. + - Loading a file with invalid UTF-8 will now report the broken + character at the correct location. + - Fixed a bug that caused _PyCode_GetExtra to return garbage + for negative indexes. Patch by Pablo Galindo + - Fix a deadlock in PyGILState_Ensure() when allocating new + thread state. Patch by Kumar Aditya. + - PyType_Ready() now initializes ht_cached_keys and performs + additional checks to ensure that type objects are properly + configured. This avoids crashes in 3rd party packages that + don’t use regular API to create new types. + - Skip over incomplete frames in PyThreadState_GetFrame(). + - Fix format string in _PyPegen_raise_error_known_location that + can lead to memory corruption on some 64bit systems. The + function was building a tuple with i (int) instead of n + (Py_ssize_t) for Py_ssize_t arguments. + - Fix misleading contents of error message when converting an + all-whitespace string to float. + - ast.parse() will no longer parse function definitions with + positional-only params when passed feature_version less than + (3, 8). Patch by Shantanu Jain. + - Fix incorrect error message in the io module. + - Fix the faulthandler implementation of + faulthandler.register(signal, chain=True) if the sigaction() + function is not available: don’t call the previous signal + handler if it’s NULL. Patch by Victor Stinner. + - Correct conversion of numbers.Rational’s to float. + - Fix TypeVarTuple.__typing_prepare_subst__. TypeError was not + raised when using more than one TypeVarTuple, like [*T, *V] + in type alias substitutions. + - Fix asyncio.streams.StreamReaderProtocol to keep a strong + reference to the created task, so that it’s not garbage + collected + - Fix a performance regression in logging + TimedRotatingFileHandler. Only check for special files when + the rollover time has passed. + - Fix unused localName parameter in the Attr class in + xml.dom.minidom. + - Fix incorrect condition that causes sys.thread_info.name to + be wrong on pthread platforms. + - Remove an incompatible change from bpo-28080 that caused a + regression that ignored the utf8 in ZipInfo.flag_bits. Patch + by Pablo Galindo. + - Fix asyncio.Runner to call asyncio.set_event_loop() only + once to avoid calling attach_loop() multiple times on child + watchers. Patch by Kumar Aditya. + - Fix unittest.IsolatedAsyncioTestCase to set event loop before + calling setup functions. Patch by Kumar Aditya. + - When a task catches asyncio.CancelledError and raises some + other error, the other error should generally not silently be + suppressed. + - Fail gracefully if EPERM or ENOSYS is raised when loading + crypt methods. This may happen when trying to load MD5 on a + Linux kernel with FIPS enabled. + - Allow asyncio.StreamWriter.drain() to be awaited concurrently + by multiple tasks. Patch by Kumar Aditya. + - Fix ast.unparse() when ImportFrom.level is None + - Improve discoverability of the higher level + concurrent.futures module by providing clearer links from the + lower level threading and multiprocessing modules. + - What’s New 3.11 now has instructions for how to provide + compiler and linker flags for Tcl/Tk and OpenSSL on RHEL 7 + and CentOS 7. + - Mitigate the inherent race condition from using + find_unused_port() in testSockName() by trying to find an + unused port a few times before failing. Patch by Ross Burton. + - Build and test with OpenSSL 1.1.1q +- Use support-expat-CVE-2022-25236-patched.patch from the current + version of gh#python/cpython#93900 instead of the old + support-expat-245.patch. +- Reapply fix_configure_rst.patch. + +------------------------------------------------------------------- +Mon Sep 5 08:43:49 UTC 2022 - Andreas Schwab + +- Increase testsuite timeout for test_freeze_simple_script + +------------------------------------------------------------------- +Sat Aug 20 21:31:40 UTC 2022 - Matej Cepl + +- fix import_failed.map to refer to the python 3.11 package versions + +------------------------------------------------------------------- +Sat Aug 20 14:05:21 UTC 2022 - Matej Cepl + +- Update to 3.11.0rc1: + - Core and Builtins + - Update code object hashing and equality to consider all + debugging and exception handling tables. This fixes an + issue where certain non-identical code objects could be + “deduplicated” during compilation. + - _PyPegen_Parser_New now properly detects token memory + allocation errors. Patch by Honglin Zhu. + - Run Python code in tracer/profiler function at full + speed. Fixes slowdown in earlier versions of 3.11. + - Emit a warning in debug mode if an object does not call + PyObject_GC_UnTrack() before deallocation. Patch by Pablo + Galindo. + - Prevented crashes in the AST constructor when + compiling some absurdly long expressions like + "+0"*1000000. RecursionError is now raised instead. Patch + by Pablo Galindo + - ast.AST node positions are now validated when provided to + compile() and other related functions. If invalid positions + are detected, a ValueError will be raised. + - Fix error detection in some builtin functions when keyword + argument name is an instance of a str subclass with + overloaded __eq__ and __hash__. Previously it could cause + SystemError or other undesired behavior. + - Library + - Update bundled pip to 22.2.2. + - Fix asyncio.TaskGroup to propagate exception when + asyncio.CancelledError was replaced with another exception + by a context manger. Patch by Kumar Aditya and Guido van + Rossum. + - Update bundled pip to 22.2.1. + - Fix GC crash when deallocating _lsprof.Profiler by + untracking it before calling any callbacks. Patch by Kumar + Aditya. + - Fix asyncio.run() for asyncio.Task implementations without + uncancel() method. Patch by Kumar Aditya. + - Fix check for existence of os.EFD_CLOEXEC, os.EFD_NONBLOCK + and os.EFD_SEMAPHORE flags on older kernel versions where + these flags are not present. Patch by Kumar Aditya. + - Fix concurrent.futures.Executor.map() to cancel the + currently waiting on future on an error - e.g. TimeoutError + or KeyboardInterrupt. + - Ensure that timeouts scheduled with asyncio.Timeout that + have already expired are delivered promptly. + - Suppress writing an XML declaration in open files + in ElementTree.write() with encoding='unicode' and + xml_declaration=None. + - Fix findtext in the xml module to only give an empty string + when the text attribute is set to None. + - Documentation + - Fix stylesheet not working in Windows CHM htmlhelp docs + and add warning that they are deprecated. Contributed by + C.A.M. Gerlach. + - Update library documentation with availability information + on WebAssembly platforms wasm32-emscripten and wasm32-wasi. + - Use consistent syntax for platform availability. The + directive now supports a content body and emits a warning + when it encounters an unknown platform. + - Document a limitation in ThreadPoolExecutor where its exit + handler is executed before any handlers in atexit. + - Tests + - Lib/test/test_asyncio/test_ssl.py exposed a bug in the + macOS kernel where intense concurrent load on non-blocking + sockets occasionally causes errno.ENOBUFS (“No buffer space + available”) to be emitted. FB11063974 filed with Apple, in + the mean time as a workaround buffer size used in tests on + macOS is decreased to avoid intermittent failures. Patch by + Fantix King. + - Fix problem with test_ssl test_get_ciphers on systems that + require perfect forward secrecy (PFS) ciphers. + - Add a regression test for re exponentional slowdown when + using rjsmin. + - Build + - Fix a regression in configure script that caused some + header checks to ignore custom CPPFLAGS. The regression was + introduced in gh-94802. + - wasm32-wasi builds no longer depend on WASIX’s pthread + stubs. Python now has its own stubbed pthread API. + - Python now detects missing dup function in WASI and works + around some missing errno, select, and socket constants. + - Python now skips missing socket functions and methods on + WASI. WASI can only create sockets from existing fd / + accept and has no netdb. + - Platforms wasm32-unknown-emscripten and wasm32-unknown-wasi + have been promoted to PEP 11 tier 3 platform support. + - IDLE + - Document handling of extensions in Save As dialogs. + - Include prompts when saving Shell (interactive input and + output). + - Fix the Shell context menu copy-with-prompts bug of copying + an extra line when one selects whole lines. + - In the Edit menu, move Select All and add a new separator. + - Enable using IDLE’s module browser with .pyw files. + - Add .pyi as a recognized extension for IDLE on macOS. This + allows opening stub files by double clicking on them in the + Finder. + - C API + - Restore the 3.10 behavior for multiple inheritance of C + extension classes that store their dictionary at the end of + the struct. + - Added PyCode_GetVarnames(), PyCode_GetCellvars() and + PyCode_GetFreevars() for accessing co_varnames, co_cellvars + and co_freevars respectively via the C API. + +------------------------------------------------------------------- +Tue Jul 26 10:37:31 UTC 2022 - Matej Cepl + +- Update to 3.11.0b5: + - Core and Builtins + - gh-93351: ast.AST node positions are now validated when + provided to compile() and other related functions. If + invalid positions are detected, a ValueError will be + raised. + - gh-94438: Fix an issue that caused extended opcode + arguments and some conditional pops to be ignored when + calculating valid jump targets for assignments to the + f_lineno attribute of frame objects. In some cases, this + could cause inconsistent internal state, resulting in a + hard crash of the interpreter. + - gh-95060: Undocumented PyCode_Addr2Location function now + properly returns when addrq argument is less than zero. + - gh-95113: Replace all EXTENDED_ARG_QUICK instructions + with basic EXTENDED_ARG instructions in unquickened + code. Consumers of non-adaptive bytecode should be able to + handle extended arguments the same way they were handled in + CPython 3.10 and older. + - gh-91409: Fix incorrect source location info caused by + certain optimizations in the bytecode compiler. + - gh-94036: Fix incorrect source location info for some + multi-line attribute accesses and method calls. + - gh-94739: Allow jumping within, out of, and across + exception handlers in the debugger. + - gh-94949: ast.parse() will no longer parse parenthesized + context managers when passed feature_version less than (3, + 9). Patch by Shantanu Jain. + - gh-94947: ast.parse() will no longer parse assignment + expressions when passed feature_version less than (3, + 8). Patch by Shantanu Jain. + - gh-91256: Ensures the program name is known for help text + during interpreter startup. + - gh-94869: Fix the column offsets for some expressions in + multi-line f-strings ast nodes. Patch by Pablo Galindo. + - gh-94822: Fix an issue where lookups of metaclass + descriptors may be ignored when an identically-named + attribute also exists on the class itself. + - gh-91153: Fix an issue where a bytearray item assignment + could crash if it’s resized by the new value’s __index__() + method. + - gh-90699: Fix reference counting bug in + bool.__repr__(). Patch by Kumar Aditya. + - Library + - gh-95087: Fix IndexError in parsing invalid date in the + email module. + - gh-95199: Upgrade bundled setuptools to 63.2.0. + - gh-95194: Upgrade bundled pip to 22.2. + - gh-95132: Fix a sqlite3 regression where *args and **kwds + were incorrectly relayed from connect() to the Connection + factory. The regression was introduced in 3.11a1 with PR + 24421 (gh-85128). Patch by Erlend E. Aasland.` + - gh-93157: Fix fileinput module didn’t support errors option + when inplace is true. + - gh-95105: wsgiref.types.InputStream.__iter__() should + return Iterator[bytes], not Iterable[bytes]. Patch by + Shantanu Jain. + - gh-94857: Fix refleak in + _io.TextIOWrapper.reconfigure. Patch by Kumar Aditya. + - gh-94821: Fix binding of unix socket to empty address + on Linux to use an available address from the abstract + namespace, instead of “0”. + - gh-89988: Fix memory leak in pickle.Pickler when looking up + dispatch_table. Patch by Kumar Aditya. + - bpo-47025: Drop support for bytes on sys.path. + - Tests + - gh-95212: Make multiprocessing test case + test_shared_memory_recreate parallel-safe. + - Build + - gh-94847: Fixed _decimal module build issue on GCC when + compiling with LTO and pydebug. Debug builds no longer + force inlining of functions. + - gh-94841: Fix the possible performance regression of + PyObject_Free() compiled with MSVC version 1932. + - gh-94801: configure now uses custom flags like ZLIB_CFLAGS + and ZLIB_LIBS when searching for headers and libraries. + - gh-94773: deepfreeze.py now supports code object with + frozensets that contain incompatible, unsortable types. + - C API + - gh-94930: Fix SystemError raised when + PyArg_ParseTupleAndKeywords() is used with # in (...) but + without PY_SSIZE_T_CLEAN defined. + - gh-94864: Fix PyArg_Parse* with deprecated format units “u” + and “Z”. It returned 1 (success) when warnings are turned + into exceptions. + - gh-94731: Python again uses C-style casts for + most casting operations when compiled with + C++. This may trigger compiler warnings, if they + are enabled with e.g. -Wold-style-cast `` or + ``-Wzero-as-null-pointer-constant options for g++. + +------------------------------------------------------------------- +Thu Jul 21 14:19:53 UTC 2022 - Matej Cepl + +- Switch from %primary_interpreter to prjconf-defined + %primary_python (gh#openSUSE/python-rpm-macros#127). + +------------------------------------------------------------------- +Thu Jul 14 15:37:35 UTC 2022 - Matej Cepl + +- Update to 3.11.0b4: +- Fixes many bugs and adds following more significant changes +- Security + - gh-68966: The deprecated mailcap module now refuses to inject + Coreunsafe text (filenames, MIME types, parameters) into + shell Corecommands. Instead of using such text, it will + warn and act Coreas if a match was not found (or for test + commands, as if the Coretest failed). and Builtins + - gh-93516: Lazily create a table mapping bytecode offsets to + line numbers to speed up calculation of line numbers when + tracing. + - gh-93461: importlib.invalidate_caches() now drops entries + from sys.path_importer_cache with a relative path as + name. This solves a caching issue when a process changes its + current working directory. + - FileFinder no longer inserts a dot in the path, e.g. + /egg/./spam is now /egg/spam. +Library + - gh-93896: Fix asyncio.run() and + unittest.IsolatedAsyncioTestCase to always the set event loop + as it was done in Python 3.10 and earlier. Patch by Kumar + Aditya. + - gh-94101: Manual instantiation of ssl.SSLSession objects is + no longer allowed as it lead to misconfigured instances that + crashed the interpreter when attributes where accessed on + them. + - gh-83658: Make multiprocessing.Pool raise an exception if + maxtasksperchild is not None or a positive int. + - gh-61162: Clarify sqlite3 behavior when Using the connection + as a context manager. +Tools/Demos + - gh-94538: Fix Argument Clinic output to custom file + destinations. Patch by Erlend E. Aasland. +C API + - gh-93937: The following frame functions and type are now + directly available with #include , it’s no longer + needed to add #include : + PyFrame_Check() + PyFrame_GetBack() + PyFrame_GetBuiltins() + PyFrame_GetGenerator() + PyFrame_GetGlobals() + PyFrame_GetLasti() + PyFrame_GetLocals() + PyFrame_Type + +------------------------------------------------------------------- +Tue May 31 20:54:36 UTC 2022 - Matej Cepl + +- Update to 3.11.0b2: + - many small updates +- Add patch support-expat-245.patch: + * Support Expat >= 2.4.4 (jsc#SLE-21253) + +------------------------------------------------------------------- +Tue May 10 15:01:18 UTC 2022 - Matej Cepl + +- Refresh bluez-devel-vendor.tar.xz +- Fix building with system-expat (gh#python/cpython#92875). Nope, + it didn't work, worked around it. + +------------------------------------------------------------------- +Mon May 9 15:09:03 UTC 2022 - Matej Cepl + +- Update to pre-release version 3.11.0b1: + - PEP 657 – Include Fine-Grained Error Locations in Tracebacks + - PEP 654 – Exception Groups and except* + - PEP 673 – Self Type + - PEP 646 – Variadic Generics + - PEP 680– tomllib: Support for Parsing TOML in the Standard Library + - PEP 675– Arbitrary Literal String Type + - PEP 655– Marking individual TypedDict items as required or potentially-missing + - bpo-46752– Introduce task groups to asyncio + - The Faster Cpython Project is already yielding some exciting + results. Python 3.11 is up to 10-60% faster than Python + 3.10. On average, we measured a 1.22x speedup on the standard + benchmark suite. See + https://docs.python.org/3.11/whatsnew/3.11.html#faster-cpython + for details. + +------------------------------------------------------------------- +Thu May 5 14:35:56 UTC 2022 - Matej Cepl + +- Switch primary_interpreter from python38 to python310 + +------------------------------------------------------------------- +Sat Mar 26 22:52:45 UTC 2022 - Matej Cepl + +- Update to 3.10.4: + - bpo-46968: Check for the existence of the “sys/auxv.h” header + in faulthandler to avoid compilation problems in systems + where this header doesn’t exist. Patch by Pablo Galindo + - bpo-23691: Protect the re.finditer() iterator from + re-entering. + - bpo-42369: Fix thread safety of zipfile._SharedFile.tell() to + avoid a “zipfile.BadZipFile: Bad CRC-32 for file” exception + when reading a ZipFile from multiple threads. + - bpo-38256: Fix binascii.crc32() when it is compiled to use + zlib’c crc32 to work properly on inputs 4+GiB in length + instead of returning the wrong result. The workaround prior + to this was to always feed the function data in increments + smaller than 4GiB or to just call the zlib module function. + - bpo-39394: A warning about inline flags not at the start of + the regular expression now contains the position of the flag. + - bpo-47061: Deprecate the various modules listed by PEP 594: + - aifc, asynchat, asyncore, audioop, cgi, cgitb, chunk, crypt, + imghdr, msilib, nntplib, nis, ossaudiodev, pipes, smtpd, + sndhdr, spwd, sunau, telnetlib, uu, xdrlib + - bpo-2604: Fix bug where doctests using globals would fail + when run multiple times. + - bpo-45997: Fix asyncio.Semaphore re-aquiring FIFO order. + - bpo-47022: The asynchat, asyncore and smtpd modules have been + deprecated since at least Python 3.6. Their documentation and + deprecation warnings and have now been updated to note they + will removed in Python 3.12 (PEP 594). + - bpo-46421: Fix a unittest issue where if the command was + invoked as python -m unittest and the filename(s) began with + a dot (.), a ValueError is returned. + - bpo-40296: Fix supporting generic aliases in pydoc. + +- Update to 3.10.3: + - bpo-46940: Avoid overriding AttributeError metadata + information for nested attribute access calls. Patch by Pablo + Galindo. + - bpo-46852: Rename the private undocumented + float.__set_format__() method to float.__setformat__() to fix + a typo introduced in Python 3.7. The method is only used by + test_float. Patch by Victor Stinner. + - bpo-46794: Bump up the libexpat version into 2.4.6 + - bpo-46820: Fix parsing a numeric literal immediately (without + spaces) followed by “not in” keywords, like in 1not in x. Now + the parser only emits a warning, not a syntax error. + - bpo-46762: Fix an assert failure in debug builds when a ‘<’, + ‘>’, or ‘=’ is the last character in an f-string that’s + missing a closing right brace. + - bpo-46724: Make sure that all backwards jumps use the + JUMP_ABSOLUTE instruction, rather than JUMP_FORWARD with an + argument of (2**32)+offset. + - bpo-46732: Correct the docstring for the __bool__() method. + Patch by Jelle Zijlstra. + - bpo-46707: Avoid potential exponential backtracking when + producing some syntax errors involving lots of brackets. + Patch by Pablo Galindo. + - bpo-40479: Add a missing call to va_end() in + Modules/_hashopenssl.c. + - bpo-46615: When iterating over sets internally in + setobject.c, acquire strong references to the resulting items + from the set. This prevents crashes in corner-cases of + various set operations where the set gets mutated. + - bpo-45773: Remove two invalid “peephole” optimizations from + the bytecode compiler. + - bpo-43721: Fix docstrings of getter, setter, and deleter to + clarify that they create a new copy of the property. + - bpo-46503: Fix an assert when parsing some invalid N escape + sequences in f-strings. + - bpo-46417: Fix a race condition on setting a type __bases__ + attribute: the internal function add_subclass() now gets the + PyTypeObject.tp_subclasses member after calling + PyWeakref_NewRef() which can trigger a garbage collection + which can indirectly modify PyTypeObject.tp_subclasses. Patch + by Victor Stinner. + - bpo-46383: Fix invalid signature of _zoneinfo’s module_free + function to resolve a crash on wasm32-emscripten platform. + - bpo-46070: Py_EndInterpreter() now explicitly untracks all + objects currently tracked by the GC. Previously, if an object + was used later by another interpreter, calling + PyObject_GC_UnTrack() on the object crashed if the previous + or the next object of the PyGC_Head structure became + a dangling pointer. Patch by Victor Stinner. + - bpo-46339: Fix a crash in the parser when retrieving the + error text for multi-line f-strings expressions that do not + start in the first line of the string. Patch by Pablo Galindo + - bpo-46240: Correct the error message for unclosed parentheses + when the tokenizer doesn’t reach the end of the source when + the error is reported. Patch by Pablo Galindo + - bpo-46091: Correctly calculate indentation levels for lines + with whitespace character that are ended by line continuation + characters. Patch by Pablo Galindo + - bpo-43253: Fix a crash when closing transports where the + underlying socket handle is already invalid on the Proactor + event loop. + - bpo-47004: Apply bugfixes from importlib_metadata 4.11.3, + including bugfix for EntryPoint.extras, which was returning + match objects and not the extras strings. + - bpo-46985: Upgrade pip wheel bundled with ensurepip (pip + 22.0.4) + - bpo-46968: faulthandler: On Linux 5.14 and newer, dynamically + determine size of signal handler stack size CPython allocates + using getauxval(AT_MINSIGSTKSZ). This changes allows for + Python extension’s request to Linux kernel to use AMX_TILE + instruction set on Sapphire Rapids Xeon processor to succeed, + unblocking use of the ISA in frameworks. + - bpo-46955: Expose asyncio.base_events.Server as + asyncio.Server. Patch by Stefan Zabka. + - bpo-23325: The signal module no longer assumes that SIG_IGN + and SIG_DFL are small int singletons. + - bpo-46932: Update bundled libexpat to 2.4.7 + - bpo-25707: Fixed a file leak in + xml.etree.ElementTree.iterparse() when the iterator is not + exhausted. Patch by Jacob Walls. + - bpo-44886: Inherit asyncio proactor datagram transport from + asyncio.DatagramTransport. + - bpo-46827: Support UDP sockets in asyncio.loop.sock_connect() + for selector-based event loops. Patch by Thomas Grainger. + - bpo-46811: Make test suite support Expat >=2.4.5 + - bpo-46252: Raise TypeError if ssl.SSLSocket is passed to + transport-based APIs. + - bpo-46784: Fix libexpat symbols collisions with user + dynamically loaded or statically linked libexpat in embedded + Python. + - bpo-39327: shutil.rmtree() can now work with VirtualBox + shared folders when running from the guest operating-system. + - bpo-46756: Fix a bug in + urllib.request.HTTPPasswordMgr.find_user_password() and + urllib.request.HTTPPasswordMgrWithPriorAuth.is_authenticated() + which allowed to bypass authorization. For example, access to + URI example.org/foobar was allowed if the user was authorized + for URI example.org/foo. + - bpo-46643: In typing.get_type_hints(), support evaluating + stringified ParamSpecArgs and ParamSpecKwargs annotations. + Patch by Gregory Beauregard. + - bpo-45863: When the tarfile module creates a pax format + archive, it will put an integer representation of timestamps + in the ustar header (if possible) for the benefit of older + unarchivers, in addition to the existing full-precision + timestamps in the pax extended header. + - bpo-46676: Make typing.ParamSpec args and kwargs equal to + themselves. Patch by Gregory Beauregard. + - bpo-46672: Fix NameError in asyncio.gather() when initial + type check fails. + - bpo-46655: In typing.get_type_hints(), support evaluating + bare stringified TypeAlias annotations. Patch by Gregory + Beauregard. + - bpo-45948: Fixed a discrepancy in the C implementation of the + xml.etree.ElementTree module. Now, instantiating an + xml.etree.ElementTree.XMLParser with a target=None keyword + provides a default xml.etree.ElementTree.TreeBuilder target + as the Python implementation does. + - bpo-46521: Fix a bug in the codeop module that was + incorrectly identifying invalid code involving string quotes + as valid code. + - bpo-46581: Brings ParamSpec propagation for GenericAlias in + line with Concatenate (and others). + - bpo-46591: Make the IDLE doc URL on the About IDLE dialog + clickable. + - bpo-46400: expat: Update libexpat from 2.4.1 to 2.4.4 + - bpo-46487: Add the get_write_buffer_limits method to + asyncio.transports.WriteTransport and to the SSL transport. + - bpo-45173: Note the configparser deprecations will be removed + in Python 3.12. + - bpo-46539: In typing.get_type_hints(), support evaluating + stringified ClassVar and Final annotations inside Annotated. + Patch by Gregory Beauregard. + - bpo-46491: Allow typing.Annotated to wrap typing.Final and + typing.ClassVar. Patch by Gregory Beauregard. + - bpo-46436: Fix command-line option -d/--directory in module + http.server which is ignored when combined with command-line + option --cgi. Patch by Géry Ogam. + - bpo-41403: Make mock.patch() raise a TypeError with + a relevant error message on invalid arg. Previously it + allowed a cryptic AttributeError to escape. + - bpo-46474: In importlib.metadata.EntryPoint.pattern, avoid + potential REDoS by limiting ambiguity in consecutive + whitespace. + - bpo-46469: asyncio generic classes now return + types.GenericAlias in __class_getitem__ instead of the same + class. + - bpo-46434: pdb now gracefully handles help when __doc__ is + missing, for example when run with pregenerated optimized + .pyc files. + - bpo-46333: The __eq__() and __hash__() methods of + typing.ForwardRef now honor the module parameter of + typing.ForwardRef. Forward references from different modules + are now differentiated. + - bpo-46246: Add missing __slots__ to + importlib.metadata.DeprecatedList. Patch by Arie Bovenberg. + - bpo-46266: Improve day constants in calendar. + - Now all constants (MONDAY … SUNDAY) are documented, tested, + and added to __all__. + - bpo-46232: The ssl module now handles certificates with bit + strings in DN correctly. + - bpo-43118: Fix a bug in inspect.signature() that was causing + it to fail on some subclasses of classes with + a __text_signature__ referencing module globals. Patch by + Weipeng Hong. + - bpo-26552: Fixed case where failing asyncio.ensure_future() + did not close the coroutine. Patch by Kumar Aditya. + - bpo-21987: Fix an issue with tarfile.TarFile.getmember() + getting a directory name with a trailing slash. + - bpo-20392: Fix inconsistency with uppercase file extensions + in MimeTypes.guess_type(). Patch by Kumar Aditya. + - bpo-46080: Fix exception in argparse help text generation if + a argparse.BooleanOptionalAction argument’s default is + argparse.SUPPRESS and it has help specified. Patch by Felix + Fontein. + - bpo-44439: Fix .write() method of a member file in ZipFile, + when the input data is an object that supports the buffer + protocol, the file length may be wrong. + - bpo-45703: When a namespace package is imported before + another module from the same namespace is created/installed + in a different sys.path location while the program is + running, calling the importlib.invalidate_caches() function + will now also guarantee the new module is noticed. + - bpo-24959: Fix bug where unittest sometimes drops frames from + tracebacks of exceptions raised in tests. + - bpo-44791: Fix substitution of ParamSpec in Concatenate with + different parameter expressions. Substitution with a list of + types returns now a tuple of types. Substitution with + Concatenate returns now a Concatenate with concatenated lists + of arguments. + - bpo-14156: argparse.FileType now supports an argument of ‘-’ + in binary mode, returning the .buffer attribute of + sys.stdin/sys.stdout as appropriate. Modes including ‘x’ and + ‘a’ are treated equivalently to ‘w’ when argument is ‘-’. + Patch contributed by Josh Rosenberg + - bpo-46463: Fixes escape4chm.py script used when building the + CHM documentation file + - bpo-46913: Fix test_faulthandler.test_sigfpe() if Python is + built with undefined behavior sanitizer (UBSAN): disable + UBSAN on the faulthandler_sigfpe() function. Patch by Victor + Stinner. + - bpo-46708: Prevent default asyncio event loop policy + modification warning after test_asyncio execution. + - bpo-46678: The function make_legacy_pyc in + Lib/test/support/import_helper.py no longer fails when + PYTHONPYCACHEPREFIX is set to a directory on a different + device from where tempfiles are stored. + - bpo-46616: Ensures test_importlib.test_windows cleans up + registry keys after completion. + - bpo-44359: test_ftplib now silently ignores socket errors to + prevent logging unhandled threading exceptions. Patch by + Victor Stinner. + - bpo-46542: Fix a Python crash in test_lib2to3 when using + Python built in debug mode: limit the recursion limit. Patch + by Victor Stinner. + - bpo-46576: test_peg_generator now disables compiler + optimization when testing compilation of its own C extensions + to significantly speed up the testing on non-debug builds of + CPython. + - bpo-46542: Fix test_json tests checking for RecursionError: + modify these tests to use support.infinite_recursion(). Patch + by Victor Stinner. + - bpo-13886: Skip test_builtin PTY tests on non-ASCII + characters if the readline module is loaded. The readline + module changes input() behavior, but test_builtin is not + intented to test the readline module. Patch by Victor + Stinner. + - bpo-38472: Fix GCC detection in setup.py when + cross-compiling. The C compiler is now run with LC_ALL=C. + Previously, the detection failed with a German locale. + - bpo-46513: configure no longer uses AC_C_CHAR_UNSIGNED macro + and pyconfig.h no longer defines reserved symbol + __CHAR_UNSIGNED__. + - bpo-45296: Clarify close, quit, and exit in IDLE. In the File + menu, ‘Close’ and ‘Exit’ are now ‘Close Window’ (the current + one) and ‘Exit’ is now ‘Exit IDLE’ (by closing all windows). + In Shell, ‘quit()’ and ‘exit()’ mean ‘close Shell’. If there + are no other windows, this also exits IDLE. + - bpo-45447: Apply IDLE syntax highlighting to pyi files. Patch + by Alex Waygood and Terry Jan Reedy. + - bpo-46433: The internal function _PyType_GetModuleByDef now + correctly handles inheritance patterns involving static + types. + - bpo-14916: Fixed bug in the tokenizer that prevented + PyRun_InteractiveOne from parsing from the provided FD. + +- Remove upstreamed patches: + - support-expat-245.patch + +------------------------------------------------------------------- +Tue Feb 22 05:53:06 UTC 2022 - Steve Kowalik + +- Add patch support-expat-245.patch: + * Support Expat >= 2.4.5 + +------------------------------------------------------------------- +Tue Feb 15 23:05:55 UTC 2022 - Matej Cepl + +- bsc#1195831 Obsolete older "most modern" versions of python + packages (python39 for python310 and so forth). For next + versions it is necessary just to edit the macro. + +------------------------------------------------------------------- +Tue Jan 25 16:09:25 UTC 2022 - Matej Cepl + +- Remove second superfluous BR rpm-build-python + +------------------------------------------------------------------- +Tue Jan 25 16:09:25 UTC 2022 - Matej Cepl + +- Remove second superfluous BR rpm-build-python +- Add fix_configure_rst.patch, which removes duplicate link + targets and make documentation with old Sphinx in SLE +- Skip test_capi (bsc#1195140 and bpo#37169) + +------------------------------------------------------------------- +Wed Jan 19 22:01:51 UTC 2022 - Matej Cepl + +- Update to 3.10.2: + Bugfix only + - bpo#46347 memory leak in PyEval_EvalCodeEx (especially + visible with Cython code) + - and many others + +------------------------------------------------------------------- +Wed Dec 8 13:07:25 UTC 2021 - Matej Cepl + +- Upgrade to 3.10.1 (jsc#SLE-18038): + - PEP 623 – Deprecate and prepare for the removal of the wstr + member in PyUnicodeObject. + - PEP 604 – Allow writing union types as X | Y + - PEP 612 – Parameter Specification Variables + - PEP 626 – Precise line numbers for debugging and other tools. + - PEP 618 – Add Optional Length-Checking To zip. + - bpo-12782: Parenthesized context managers are now officially + allowed. + - PEP 632 – Deprecate distutils module. + - PEP 613 – Explicit Type Aliases + - PEP 634 – Structural Pattern Matching: Specification + - PEP 635 – Structural Pattern Matching: Motivation and + Rationale + - PEP 636 – Structural Pattern Matching: Tutorial + - PEP 644 – Require OpenSSL 1.1.1 or newer + - PEP 624 – Remove Py_UNICODE encoder APIs + - PEP 597 – Add optional EncodingWarning +- Patches readjusted: + - bpo-31046_ensurepip_honours_prefix.patch + - python-3.3.0b1-fix_date_time_compiler.patch + +------------------------------------------------------------------- +Sat Dec 4 18:40:28 UTC 2021 - Matej Cepl + +- Remove pdb_adjust_breakpoints.patch and instead just adjust location + of the test breakpoint in Lib/test/test_pdb.py via sed, because we + have shortened Lib/pdb.py by removing the shebang (bpo#45964). + +------------------------------------------------------------------- +Thu Dec 2 13:51:57 UTC 2021 - Matej Cepl + +- Add pdb_adjust_breakpoints.patch fixing expectd results in + test_pdb_breakpoints_preserved_across_interactive_sessions + (bpo#45964). + +------------------------------------------------------------------- +Mon Nov 29 00:17:07 UTC 2021 - Matej Cepl + +- Remove shebangs from from python-base libraries in _libdir + (bsc#1193179). +- Readjust patches: + - bpo-31046_ensurepip_honours_prefix.patch + - decimal.patch + - python-3.3.0b1-fix_date_time_compiler.patch + +------------------------------------------------------------------- +Tue Nov 16 16:03:43 UTC 2021 - Matej Cepl + +- Move rpm-build-python construct to correct place. + +------------------------------------------------------------------- +Wed Oct 13 08:52:47 UTC 2021 - Dominique Leuenberger + +- BuildRequire rpm-build-python: The provider to inject python(abi) + has been moved there. rpm-build pulls rpm-build-python + automatically in when building anything against python3-base, but + this implies that the initial build of python3-base does not + trigger the automatic installation. + +------------------------------------------------------------------- +Tue Oct 5 22:36:51 UTC 2021 - Matej Cepl + +- Final release of 3.10.0: + Complete list on https://www.python.org/downloads/release/python-3100/, + but highlights are: + - PEP 623 – Deprecate and prepare for the removal of the wstr + member in PyUnicodeObject. + - PEP 604 – Allow writing union types as X | Y + - PEP 612 – Parameter Specification Variables + - PEP 626 – Precise line numbers for debugging and other + tools. + - PEP 618 – Add Optional Length-Checking To zip. + - PEP 632 – Deprecate distutils module. + - PEP 613 – Explicit Type Aliases + - PEP 634 – Structural Pattern Matching: Specification + - PEP 635 – Structural Pattern Matching: Motivation and + Rationale + - PEP 636 – Structural Pattern Matching: Tutorial + - PEP 644 – Require OpenSSL 1.1.1 or newer + - PEP 624 – Remove Py_UNICODE encoder APIs + - PEP 597 – Add optional EncodingWarning + - bpo-12782: Parenthesized context managers are now officially + allowed. + +------------------------------------------------------------------- +Mon Aug 30 12:48:25 UTC 2021 - Matej Cepl + +- Switch on option --with-system-libmpdec (bsc#1189356). + +------------------------------------------------------------------- +Fri Aug 27 13:15:03 UTC 2021 - Andreas Schwab + +- Reenable profileopt with qemu emulation, test_faulthandler is no longer + run during profiling + +------------------------------------------------------------------- +Thu Aug 12 15:11:39 UTC 2021 - Andreas Schwab + +- test_faulthandler is still problematic under qemu linux-user emulation, + disable it there + +------------------------------------------------------------------- +Wed Aug 11 05:57:11 UTC 2021 - Matej Cepl + +- Update to 3.10.0rc1 (the penultimate prerelease), which contains + plenty of small bugfixes among others: + - bpo#38605: from __future__ import annotations (PEP 563) used to be + on this list in previous pre-releases but it has been postponed to + Python 3.11 due to some compatibility concerns. + - bpo-44600: Fix incorrect line numbers while tracing some failed + patterns in match statements. Patch by Charles Burkland. + - plenty of modifications in types.Union + +------------------------------------------------------------------- +Wed Jul 21 13:44:48 UTC 2021 - Matej Cepl + +- Update to 3.10.0b4: + https://docs.python.org/3.10/whatsnew/changelog.html#python-3-10-0-beta-4 +- Remove python3-imp-returntype.patch which has been upstreamed. + +------------------------------------------------------------------- +Mon Jun 7 15:52:44 UTC 2021 - Matej Cepl + +- Update to 3.10.0b2: + - PEP 623 -- Deprecate and prepare for the removal of the wstr + member in PyUnicodeObject. + - PEP 604 -- Allow writing union types as X | Y + - PEP 612 -- Parameter Specification Variables + - PEP 626 -- Precise line numbers for debugging and other + tools. + - PEP 618 -- Add Optional Length-Checking To zip. + - bpo-12782: Parenthesized context managers are now officially + allowed. + - PEP 632 -- Deprecate distutils module. + - PEP 613 -- Explicit Type Aliases + - PEP 634 -- Structural Pattern Matching: Specification + - PEP 635 -- Structural Pattern Matching: Motivation and + Rationale + - PEP 636 -- Structural Pattern Matching: Tutorial + - PEP 644 -- Require OpenSSL 1.1.1 or newer + - PEP 624 -- Remove Py_UNICODE encoder APIs + - PEP 597 -- Add optional EncodingWarning +- Removed patches (assumed upstream): + - sphinx-update-removed-function.patch + +------------------------------------------------------------------- +Sat Jun 5 21:21:38 UTC 2021 - Matej Cepl + +- Revert previous skip over test_capi +- Add skip-test_pyobject_freed_is_freed.patch to skip failing + test on SLE-15. + +------------------------------------------------------------------- +Fri Jun 4 21:36:30 UTC 2021 - Dirk Müller + +- allow build with Sphinx >= 3.x + +------------------------------------------------------------------- +Wed Jun 2 13:12:04 UTC 2021 - Dan Čermák + +- Exclude test_capi on Leap (test fails there) + +------------------------------------------------------------------- +Fri May 21 15:13:59 UTC 2021 - Matej Cepl + +- Stop providing "python" symbol (bsc#1185588), which means + python2 currently. + +------------------------------------------------------------------- +Wed May 5 15:16:58 UTC 2021 - Matej Cepl + +- Update to 3.9.5: + * Security + - bpo-43434: Creating a sqlite3.Connection object now also + produces a sqlite3.connect auditing event. Previously this + event was only produced by sqlite3.connect() calls. Patch + by Erlend E. Aasland. + - bpo-43882: The presence of newline or tab characters in + parts of a URL could allow some forms of attacks. + - Following the controlling specification for URLs defined by + WHATWG urllib.parse() now removes ASCII newlines and tabs + from URLs, preventing such attacks. + - bpo-43472: Ensures interpreter-level audit hooks receive + the cpython.PyInterpreterState_New event when called + through the _xxsubinterpreters module. + - bpo-36384: ipaddress module no longer accepts any leading + zeros in IPv4 address strings. Leading zeros are ambiguous + and interpreted as octal notation by some libraries. For + example the legacy function socket.inet_aton() treats + leading zeros as octal notatation. glibc implementation of + modern inet_pton() does not accept any leading zeros. For + a while the ipaddress module used to accept ambiguous + leading zeros. + - bpo-43075: Fix Regular Expression Denial of Service (ReDoS) + vulnerability in urllib.request.AbstractBasicAuthHandler. + The ReDoS-vulnerable regex has quadratic worst-case + complexity and it allows cause a denial of service when + identifying crafted invalid RFCs. This ReDoS issue is on + the client side and needs remote attackers to control the + HTTP server. + - bpo-42800: Audit hooks are now fired for frame.f_code, + traceback.tb_frame, and generator code/frame attribute + access. + * Core and Builtins + - bpo-43105: Importlib now resolves relative paths when + creating module spec objects from file locations. + - bpo-42924: Fix bytearray repetition incorrectly copying + data from the start of the buffer, even if the data is + offset within the buffer (e.g. after reassigning a slice at + the start of the bytearray to a shorter byte string). + * Library + - bpo-43993: Update bundled pip to 21.1.1. + - bpo-43937: Fixed the turtle module working with non-default + root window. + - bpo-43930: Update bundled pip to 21.1 and setuptools to + 56.0.0 + - bpo-43920: OpenSSL 3.0.0: load_verify_locations() now + returns a consistent error message when cadata contains no + valid certificate. + - bpo-43607: urllib can now convert Windows paths with \\?\ + prefixes into URL paths. + - bpo-43284: platform.win32_ver derives the windows version + from sys.getwindowsversion().platform_version which in turn + derives the version from kernel32.dll (which can be of + a different version than Windows itself). Therefore change + the platform.win32_ver to determine the version using the + platform module’s _syscmd_ver private function to return an + accurate version. + - bpo-42248: [Enum] ensure exceptions raised in _missing__ + are released + - bpo-43799: OpenSSL 3.0.0: define OPENSSL_API_COMPAT 1.1.1 + to suppress deprecation warnings. Python requires OpenSSL + 1.1.1 APIs. + - bpo-43794: Add ssl.OP_IGNORE_UNEXPECTED_EOF constants + (OpenSSL 3.0.0) + - bpo-43789: OpenSSL 3.0.0: Don’t call the password callback + function a second time when first call has signaled an + error condition. + - bpo-43788: The header files for ssl error codes are now + OpenSSL version-specific. Exceptions will now show correct + reason and library codes. The make_ssl_data.py script has + been rewritten to use OpenSSL’s text file with error codes. + - bpo-43655: tkinter dialog windows are now recognized as + dialogs by window managers on macOS and X Window. + - bpo-43534: turtle.textinput() and turtle.numinput() create + now a transient window working on behalf of the canvas + window. + - bpo-43522: Fix problem with hostname_checks_common_name. + OpenSSL does not copy hostflags from struct SSL_CTX to + struct SSL. + - bpo-42967: Allow bytes separator argument in + urllib.parse.parse_qs and urllib.parse.parse_qsl when + parsing str query strings. Previously, this raised + a TypeError. + - bpo-43176: Fixed processing of a dataclass that inherits + from a frozen dataclass with no fields. It is now correctly + detected as an error. + - bpo-41735: Fix thread locks in zlib module may go wrong in + rare case. Patch by Ma Lin. + - bpo-36470: Fix dataclasses with InitVars and replace(). + Patch by Claudiu Popa. + - bpo-32745: Fix a regression in the handling of ctypes’ + ctypes.c_wchar_p type: embedded null characters would cause + a ValueError to be raised. Patch by Zackery Spytz. + * Documentation + - bpo-43959: The documentation on the PyContextVar C-API was + clarified. + - bpo-43938: Update dataclasses documentation to express that + FrozenInstanceError is derived from AttributeError. + - bpo-43755: Update documentation to reflect that + unparenthesized lambda expressions can no longer be the + expression part in an if clause in comprehensions and + generator expressions since Python 3.9. + - bpo-43739: Fixing the example code in + Doc/extending/extending.rst to declare and initialize the + pmodule variable to be of the right type. + * Tests + - bpo-43961: Fix + test_logging.test_namer_rotator_inheritance() on Windows: + use os.replace() rather than os.rename(). Patch by Victor + Stinner. + - bpo-43842: Fix a race condition in the SMTP test of + test_logging. Don’t close a file descriptor (socket) from + a different thread while asyncore.loop() is polling the + file descriptor. Patch by Victor Stinner. + - bpo-43811: Tests multiple OpenSSL versions on GitHub + Actions. Use ccache to speed up testing. + - bpo-43791: OpenSSL 3.0.0: Disable testing of legacy + protocols TLS 1.0 and 1.1. Tests are failing with + TLSV1_ALERT_INTERNAL_ERROR. +- Refreshed patches: + - bpo-31046_ensurepip_honours_prefix.patch + - python-3.3.0b1-fix_date_time_compiler.patch +- Add vendorized files from bluez-devel to enable building support for + Bluetooth. + +------------------------------------------------------------------- +Sun May 2 09:20:06 UTC 2021 - Ben Greiner + +- Make sure to close the import_failed.map file after the exception + has been raised in order to avoid ResourceWarnings when the + failing import is part of a try...except block. + +------------------------------------------------------------------- +Wed Apr 28 16:39:54 UTC 2021 - Matej Cepl + +- Update to 3.9.4: + - bpo#43710: Reverted the fix for https://bugs.python.org/issue42500 + as it changed the PyThreadState struct size and broke the 3.9.x ABI + in the 3.9.3 release (visible on 32-bit platforms using binaries + compiled using an earlier version of Python 3.9.x headers). + - bpo#26053: Fixed bug where the pdb interactive run command echoed + the args from the shell command line, even if those have been + overridden at the pdb prompt. + - bpo#42988 (bsc#1183374) CVE-2021-3426: Remove the getfile + feature of the pydoc module which could be abused to read + arbitrary files on the disk (directory traversal + vulnerability). Moreover, even source code of Python modules + can contain sensitive data like passwords. Vulnerability + reported by David Schwörer. + - bpo#43285: ftplib no longer trusts the IP address value + returned from the server in response to the PASV command by + default. This prevents a malicious FTP server from using the + response to probe IPv4 address and port combinations on the + client network. Code that requires the former vulnerable + behavior may set a trust_server_pasv_ipv4_address attribute + on their ftplib.FTP instances to True to re-enable it. + - bpo#43439: Add audit hooks for gc.get_objects(), + gc.get_referrers() and gc.get_referents(). Patch by Pablo + Galindo. + - bpo#43660: Fix crash that happens when replacing sys.stderr + with a callable that can remove the object while an exception + is being printed. Patch by Pablo Galindo. + - bpo#43555: Report the column offset for SyntaxError for + invalid line continuation characters. Patch by Pablo Galindo. + - bpo#43517: Fix misdetection of circular imports when using + from pkg.mod import attr, which caused false positives in + non-trivial multi-threaded code. + - bpo#35883: Python no longer fails at startup with a fatal + error if a command line argument contains an invalid Unicode + character. The Py_DecodeLocale() function now escapes byte + sequences which would be decoded as Unicode characters + outside the [U+0000; U+10ffff] range. + - bpo#43406: Fix a possible race condition where + PyErr_CheckSignals tries to execute a non-Python signal + handler. + - bpo#42500: Improve handling of exceptions near recursion + limit. Converts a number of Fatal Errors in RecursionErrors. + - bpo#43433: xmlrpc.client.ServerProxy no longer ignores query + and fragment in the URL of the server. + - bpo#35930: Raising an exception raised in a “future” instance + will create reference cycles. + - bpo#43577: Fix deadlock when using ssl.SSLContext debug + callback with ssl.SSLContext.sni_callback(). + - bpo#43521: ast.unparse can now render NaNs and empty sets. + - bpo#43423: subprocess.communicate() no longer raises an + IndexError when there is an empty stdout or stderr IO buffer + during a timeout on Windows. + - bpo#27820: Fixed long-standing bug of smtplib.SMTP where + doing AUTH LOGIN with initial_response_ok=False will fail. + The cause is that SMTP.auth_login _always_ returns a password + if provided with a challenge string, thus non-compliant with + the standard for AUTH LOGIN. Also fixes bug with the test for + smtpd. + - bpo#43332: Improves the networking efficiency of http.client + when using a proxy via set_tunnel(). Fewer small send calls + are made during connection setup. + - bpo#43399: Fix ElementTree.extend not working on iterators + when using the Python implementation + - bpo#43316: The python -m gzip command line application now + properly fails when detecting an unsupported extension. It + exits with a non-zero exit code and prints an error message + to stderr. + - bpo#43260: Fix TextIOWrapper can not flush internal buffer + forever after very large text is written. + - bpo#42782: Fail fast in shutil.move() to avoid creating + destination directories on failure. + - bpo#37193: Fixed memory leak in socketserver.ThreadingMixIn + introduced in Python 3.7. + - bpo#43199: Answer “Why is there no goto?” in the Design and + History FAQ. + - bpo#43407: Clarified that a result from time.monotonic(), + time.perf_counter(), time.process_time(), or + time.thread_time() can be compared with the result from any + following call to the same function - not just the next + immediate call. + - bpo#27646: Clarify that ‘yield from ’ works with any + iterable, not just iterators. + - bpo#36346: Update some deprecated unicode APIs which are + documented as “will be removed in 4.0” to “3.12”. See PEP 623 + for detail. + - bpo#37945: Fix test_getsetlocale_issue1813() of test_locale: + skip the test if setlocale() fails. Patch by Victor Stinner. + - bpo#41561: Add workaround for Ubuntu’s custom OpenSSL + security level policy. + - bpo#43288: Fix test_importlib to correctly skip Unicode file + tests if the fileystem does not support them. + - bpo#43617: Improve configure.ac: Check for presence of + autoconf-archive package and remove our copies of M4 macros. + - bpo#42225: Document that IDLE can fail on Unix either from + misconfigured IP masquerage rules or failure displaying + complex colored (non-ascii) characters. + - bpo#43283: Document why printing to IDLE’s Shell is often + slower than printing to a system terminal and that it can be + made faster by pre-formatting a single string before + printing. + +------------------------------------------------------------------- +Fri Feb 19 16:58:38 UTC 2021 - Matej Cepl + +- Update to 3.9.2: + - bpo#42938 (bsc#1181126): Avoid static buffers when computing + the repr of ctypes.c_double and ctypes.c_longdouble + values. This issue was assigned CVE-2021-3177. + - bpo#42967 (bsc#1182379): Fix web cache poisoning + vulnerability by defaulting the query args separator to &, + and allowing the user to choose a custom separator. This + issue was assigned CVE-2021-23336. +- Upstreamed patches were removed: + - CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch + - bsc1167501-invalid-alignment.patch + - skip_random_failing_tests.patch + - CVE-2019-5010-null-defer-x509-cert-DOS.patch + +------------------------------------------------------------------- +Tue Feb 9 01:37:59 UTC 2021 - Steve Kowalik + +- Add Obsoletes for python3-base when primary interpreter is set to + properly replace it during upgrades. (bsc#1181324) + +------------------------------------------------------------------- +Mon Feb 8 22:02:03 UTC 2021 - Matej Cepl + +- Update to 3.9.1: + Security bugs: + - Prevented potential DoS attack via CPU and RAM exhaustion + when processing malformed Apple Property List files in binary + format. + - The plistlib module no longer accepts entity declarations in + XML plist files to avoid XML vulnerabilities. This should not + affect users as entity declarations are not used in regular + plist files. + - Add volatile to the accumulator variable in + hmac.compare_digest, making constant-time-defeating + optimizations less likely. + Core and Builtins + - Allow assignment expressions in set literals and set + comprehensions as per PEP 572. Patch by Pablo Galindo. + - Fix a regression introduced by the new parser, where an + unparenthesized walrus operator was not allowed within + generator expressions. + - types.GenericAlias objects can now be the targets of + weakrefs. + - Fixed a bug in the PEG parser that was causing crashes in + debug mode. Now errors are checked in left-recursive rules to + avoid cases where such errors do not get handled in time and + appear as long-distance crashes in other places. + - Fixed a possible crash in the PEG parser when checking for + the ‘!=’ token in the barry_as_flufl rule. Patch by Pablo + Galindo. + - Fix handling of errors during creation of PyFunctionObject, + which resulted in operations on uninitialized memory. Patch + by Yonatan Goldschmidt. + - Fix a bug in the parser, where a curly brace following + a primary didn’t fail immediately. This led to invalid + expressions like a {b} to throw a SyntaxError with a wrong + offset, or invalid expressions ending with a curly brace like + a { to not fail immediately in the REPL. + - Fix possible buffer overflow in the new parser when checking + for continuation lines. Patch by Pablo Galindo. + - Run the parser two times. On the first run, disable all the + rules that only generate better error messages to gain + performance. If there’s a parse failure, run the parser + a second time with those enabled. + - Document the default implementation of object.__eq__. + - Fix peephole optimizer misoptimize conditional jump + + JUMP_IF_NOT_EXC_MATCH pair. + - The garbage collector now tracks all user-defined classes. + Patch by Brandt Bucher. + - Fixed potential issues with removing not completely + initialized module from sys.modules when import fails. + - Star-unpacking is now allowed for with item’s targets in the + PEG parser. + - Fixed stack overflow in issubclass() and isinstance() when + getting the __bases__ attribute leads to infinite recursion. + - When loading a native module and a load failure occurs, + prevent a possible UnicodeDecodeError when not running in + a UTF-8 locale by decoding the load error message using the + current locale’s encoding. + - Correctly count control blocks in ‘except’ in compiler. + Ensures that a syntax error, rather a fatal error, occurs for + deeply nested, named exception handlers. + Library + - types.GenericAlias will now raise a TypeError when attempting + to initialize with a keyword argument. Previously, this would + cause the interpreter to crash if the interpreter was + compiled with debug symbols. This does not affect + interpreters compiled for release. Patch by Ken Jin. + - CGIHTTPRequestHandler.run_cgi() HTTP_ACCEPT improperly + parsed. Replace the special purpose getallmatchingheaders + with generic get_all method and add relevant tests. + - inspect.findsource() now raises OSError instead of IndexError + when co_lineno of a code object is greater than the file + length. This can happen, for example, when a file is edited + after it was imported. PR by Irit Katriel. + - Fix handling of trailing comments by inspect.getsource(). + - ChainMap.__iter__ no longer calls __getitem__ on underlying + maps + - TracebackException no longer holds a reference to the + exception’s traceback object. Consequently, instances of + TracebackException for equivalent but non-equal exceptions + now compare as equal. + - We fixed an issue in pickle.whichmodule in which importing + multiprocessing could change the how pickle identifies which + module an object belongs to, potentially breaking the + unpickling of those objects. + - Clarify the error message for asyncio.IncompleteReadError + when expected is None. + - Extracting a symlink from a tarball should succeed and + overwrite the symlink if it already exists. The fix is to + remove the existing file or symlink before extraction. Based + on patch by Chris AtLee, Jeffrey Kintscher, and Senthil + Kumaran. + - Fixed tkinter.ttk.Style.map(). The function accepts now the + representation of the default state as empty sequence (as + returned by Style.map()). The structure of the result is now + the same on all platform and does not depend on the value of + wantobjects. + - Fix various issues with typing.Literal parameter handling + (flatten, deduplicate, use type to cache key). Patch provided + by Yurii Karabas. + - Fix the threading.Thread class at fork: do nothing if the + thread is already stopped (ex: fork called at Python exit). + Previously, an error was logged in the child process. + - The onerror callback from shutil.rmtree now receives correct + function when os.open fails. + - Fix os.sendfile() on illumos. + - Fixed writing binary Plist files larger than 4 GiB. + - The repr() of typing types containing Generic Alias Types + previously did not show the parameterized types in the + GenericAlias. They have now been changed to do so. + - webbrowser: Ignore NotADirectoryError when calling + xdg-settings. + - binhex.binhex() consisently writes macOS 9 line endings. + - Fix a stack overflow error for asyncio Task or Future repr(). + - The overflow occurs under some circumstances when a Task or + Future recursively returns itself. + - Fix memory leak in subprocess.Popen() in case an uid (gid) + specified in user (group, extra_groups) overflows uid_t + (gid_t). + - Improve asyncio.wait function to create the futures set just + one time. + - InvalidFileException and RecursionError are now the only + errors caused by loading malformed binary Plist file + (previously ValueError and TypeError could be raised in some + specific cases). + - Pickling heap types implemented in C with protocols 0 and + 1 raises now an error instead of producing incorrect data. + - plistlib: fix parsing XML plists with hexadecimal integer + values + - Fix an incorrectly formatted error from + _codecs.charmap_decode() when called with a mapped value + outside the range of valid Unicode code points. PR by Max + Bernstein. + - Fix pickling pure Python datetime.time subclasses. Patch by + Dean Inwood. + - Fixed a bug that was causing ctypes.util.find_library() to + return None when triying to locate a library in an + environment when gcc>=9 is available and ldconfig is not. + Patch by Pablo Galindo + - C14N 2.0 serialisation in xml.etree.ElementTree failed for + unprefixed attributes when a default namespace was defined. + - Fix a bug in the symtable module that was causing + module-scope global variables to not be reported as both + local and global. Patch by Pablo Galindo. + - str() for the type attribute of the tkinter.Event object + always returns now the numeric code returned by Tk instead of + the name of the event type. + - fix tkinter.EventType Enum so all members are strings, and + none are tuples + - Fix SQLite3 segfault when backing up closed database. Patch + contributed by Peter David McCormick. + - Fix the tarfile module to write only basename of TAR file to + GZIP compression header. + - Allow ctypes.wintypes to be imported on non-Windows systems. + - shutil.which() now ignores empty entries in PATHEXT instead + of treating them as a match. + - Fix time-of-check/time-of-action issue in + subprocess.Popen.send_signal. + - Fix --outfile for cProfile / profile not writing the output + file in the original directory when the program being + profiled changes the working directory. PR by Anthony + Sottile. + - ZipFile truncates files to avoid corruption when a shorter + comment is provided in append (“a”) mode. Patch by Jan Mazur. + - Fixed KeyError exception when flattening an email to a string + attempts to replace a non-existent Content-Transfer-Encoding + header. + Documentation + - Fix the URL for the IMAP protocol documents. + - Document __format__ functionality for IP addresses. + - Clarify that subscription expressions are also valid for + certain classes and types in the standard library, and for + user-defined classes and types if the classmethod + __class_getitem__() is provided. + - Documented generic alias type and types.GenericAlias. Also + added an entry in glossary for generic types. + - In Programming FAQ “Sequences (Tuples/Lists)” section, add + “How do you remove multiple items from a list”. + - Fix RemovedInSphinx40Warning when building the documentation. + Patch by Dong-hee Na. + - Update the refcounts info of PyType_FromModuleAndSpec. + - Fix tarfile’s extractfile documentation + - Document some restrictions on the default string + representations of numeric classes. + Tests + - Reenable test_gdb on gdb 9.2 and newer: + https://bugzilla.redhat.com/show_bug.cgi?id=1866884 bug is + fixed in gdb 10.1. + - Fix test_asyncio.test_call_later() race condition: don’t + measure asyncio performance in the call_later() unit test. + The test failed randomly on the CI. + - Include _testinternalcapi module in Windows installer for + test suite + - Fix test_logging.test_race_between_set_target_and_flush(): + the test now waits until all threads complete to avoid + leaking running threads. + - Avoid a test failure in test_lib2to3 if the module has + already imported at the time the test executes. Patch by + Pablo Galindo. + - Tests for CJK codecs no longer call eval() on content + received via HTTP. + - Fix test_site.test_license_exists_at_url(): call + urllib.request.urlcleanup() to reset the global + urllib.request._opener. Patch by Victor Stinner. + - test_ssl: skip test_min_max_version_mismatch when TLS 1.0 is + not available + - Add tests for SIGINT handling in the runpy module. + - Fixed a failure in test_tk.test_widgets.ScaleTest happening + when executing the test with Tk 8.6.10. + Build + - Fix a race condition in “make regen-all” when make -jN option + is used to run jobs in parallel. The clinic.py script now + only use atomic write to write files. Moveover, generated + files are now left unchanged if the content does not change, + to not change the file modification time. + - Update Py_UNREACHABLE to use __builtin_unreachable() if only + the compiler is able to use it. Patch by Dong-hee Na. + - Addressed three compiler warnings found by undefined behavior + sanitizer (ubsan). + IDLE + - Fix reporting offset of the RE error in searchengine. + - Get docstrings for IDLE calltips more often by using + inspect.getdoc. + - Mostly finish using ttk widgets, mainly for editor, settings, + and searches. Some patches by Mark Roseman. + - Use ‘IDLE Shell’ as shell title + - Rewrite the Calltips doc section. + - In calltips, stop reminding that ‘/’ marks the end of + positional-only arguments. + - Typing opening and closing parentheses inside the parentheses + of a function call will no longer cause unnecessary + “flashing” off and on of an existing open call-tip, e.g. when + typed in a string literal. + C API + - Fix potential crash in deallocating method objects when + dynamically allocated PyMethodDef’s lifetime is managed + through the self argument of a PyCFunction. + - Py_FileSystemDefaultEncodeErrors and Py_UTF8Mode are + available again in limited API. +- Readjustet and reapplied patches: + - CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch + - bpo-31046_ensurepip_honours_prefix.patch + - python-3.3.0b1-fix_date_time_compiler.patch + - skip_random_failing_tests.patch + - sphinx-update-removed-function.patch + +------------------------------------------------------------------- +Fri Jan 29 17:22:48 UTC 2021 - Matej Cepl + +- Add CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch fixing + bsc#1181126 (CVE-2021-3177) buffer overflow in PyCArg_repr in + _ctypes/callproc.c, which may lead to remote code execution. + +------------------------------------------------------------------- +Tue Jan 5 09:15:36 UTC 2021 - Matej Cepl + +- (bsc#1180125) We really don't Require python-rpm-macros package. + Unnecessary dependency. + +------------------------------------------------------------------- +Wed Dec 16 16:08:42 UTC 2020 - Matej Cepl + +- Make python39-doc building again +- Add no-skipif-doctests.patch, because SLE-15 version of Sphinx + doesn't know about skipif directive in doctests. + +------------------------------------------------------------------- +Sat Dec 12 14:29:33 UTC 2020 - Matej Cepl + +- Update sphinx-update-removed-function.patch patch to the latest + version in python36. + +------------------------------------------------------------------- +Thu Dec 10 00:26:51 UTC 2020 - Benjamin Greiner + +- Last try before this results in an editwar: + * remove importlib_resources and importlib-metadata + provides/obsoletes + * import importlib_resources is not the same as + import importlib.resources, same for metadata + * The backport packages from PyPI needed for older flavors are + specified as such for setuptools or in pyproject.toml. If a + package requires them they typically add them with a python + version qualifier and the packages have their own version + numbers. + +------------------------------------------------------------------- +Sat Dec 5 16:55:12 UTC 2020 - Matej Cepl + +- Add patch sphinx-update-removed-function.patch to no longer call + a now removed function and to make documentation build independent of + the Sphinx version (bsc#1179630, gh#python/cpython#13236). + +------------------------------------------------------------------- +Fri Nov 13 17:20:08 UTC 2020 - Matej Cepl + +- Don't require packages which break build on SLE-15 although we really + don't need them (python3-python-docs-theme and + python3-sphinxcontrib-qthelp). + +------------------------------------------------------------------- +Fri Oct 9 16:05:50 UTC 2020 - Dominique Leuenberger + +- Fix build with RPM 4.16: error: bare words are no longer + supported, please use "...": x86 == ppc. + +------------------------------------------------------------------- +Tue Oct 6 07:30:56 UTC 2020 - Matej Cepl + +- Update to the final version 3.9.0: + Complete changelog with all (many) + changes from previous version is on + https://docs.python.org/release/3.9.0/whatsnew/3.9.html + Changes from the previous RC versions (not that many) are on + https://docs.python.org/release/3.9.0/whatsnew/changelog.html#changelog + +------------------------------------------------------------------- +Fri Sep 25 06:58:03 UTC 2020 - Dominique Leuenberger + +- Buildrequire timezone only for general flavor. It's used in this + flavor for the test suite. + +------------------------------------------------------------------- +Wed Sep 2 14:39:44 UTC 2020 - Matej Cepl + +- Update to 3.9.0rc1: + * Core and Builtins + - bpo-38156: Handle interrupts that come after EOF + correctly in PyOS_StdioReadline. + * Library + - bpo-41497: Fix potential UnicodeDecodeError in dis + module. + - bpo-41490: Update ensurepip to install pip 20.2.1 and + setuptools 49.2.1. + - bpo-41467: On Windows, fix asyncio recv_into() return + value when the socket/pipe is closed (BrokenPipeError): + return 0 rather than an empty byte string (b''). + - bpo-41425: Make tkinter doc example runnable. + - bpo-41384: Raise TclError instead of TypeError when an + unknown option is passed to tkinter.OptionMenu. + - bpo-38731: Fix NameError in command-line interface of + py_compile. + - bpo-41317: Use add_done_callback() in + asyncio.loop.sock_accept() to unsubscribe reader early on + cancellation. + - bpo-41364: Reduce import overhead of uuid. + - bpo-41341: Recursive evaluation of typing.ForwardRef in + get_type_hints. + - bpo-41182: selector: use DefaultSelector based upon + implementation + - bpo-40726: Handle cases where the end_lineno is None on + ast.increment_lineno(). + * Documentation + - bpo-41045: Add documentation for debug feature of + f-strings. + - bpo-41314: Changed the release when from __future__ + import annotations becomes the default from 4.0 to 3.10 + (following a change in PEP 563). + * Windows + - bpo-41492: Fixes the description that appears in UAC + prompts. + - bpo-40948: Improve post-install message to direct people + to the “py” command. + - bpo-41412: The installer will now fail to install on + Windows 7 and Windows 8. Further, the UCRT dependency is + now always downloaded on demand. + - bpo-40741: Update Windows release to include SQLite + 3.32.3. + * IDLE + - bpo-41468: Improve IDLE run crash error message (which + users should never see). + - bpo-41373: Save files loaded with no line ending, as when + blank, or different line endings, by setting its line + ending to the system default. Fix regression in 3.8.4 and + 3.9.0b4. + +------------------------------------------------------------------- +Tue Sep 1 10:15:06 UTC 2020 - Matej Cepl + +- Synchronize formatting and fixes with python38. + +------------------------------------------------------------------- +Thu Aug 20 15:41:28 UTC 2020 - Andreas Schwab + +- Increase testsuite timeout to account for super long running + test_peg_generator + +------------------------------------------------------------------- +Tue Jul 21 09:53:06 UTC 2020 - Callum Farmer + +- Removed CVE-2019-20907_tarfile-inf-loop.patch: fixed in upstream +- Removed recursion.tar: contained in upstream +- Update to 3.9.0b5: + - bpo-41304: Fixes python3x._pth being ignored on Windows, caused + by the fix for bpo-29778 (CVE-2020-15801). + - bpo-41162: Audit hooks are now cleared later during + finalization to avoid missing events. + - bpo-29778: Ensure python3.dll is loaded from correct locations + when Python is embedded (CVE-2020-15523). + - bpo-39603: Prevent http header injection by rejecting control + characters in http.client.putrequest(…). + - bpo-41295: Resolve a regression in CPython 3.8.4 where defining + “__setattr__” in a multi-inheritance setup and + calling up the hierarchy chain could fail if builtins/extension + types were involved in the base types. + - bpo-41247: Always cache the running loop holder when running + asyncio.set_running_loop. + - bpo-41252: Fix incorrect refcounting in + _ssl.c’s _servername_callback(). + - bpo-41215: Use non-NULL default values in the PEG parser + keyword list to overcome a bug that was ' + preventing Python from being properly compiled when using the + XLC compiler. Patch by Pablo Galindo. + - bpo-41218: Python 3.8.3 had a regression where compiling with + ast.PyCF_ALLOW_TOP_LEVEL_AWAIT would + aggressively mark list comprehension with CO_COROUTINE. Now only + list comprehension making use of async/await will tagged as so. + - bpo-41175: Guard against a NULL pointer dereference within + bytearrayobject triggered by the bytearray() + bytearray() operation. + - bpo-39960: The “hackcheck” that prevents sneaking around a type’s + __setattr__() by calling the superclass method was + rewritten to allow C implemented heap types. + - bpo-41288: Unpickling invalid NEWOBJ_EX opcode with the + C implementation raises now UnpicklingError instead of crashing. + - bpo-39017: Avoid infinite loop when reading specially crafted + TAR files using the tarfile module (CVE-2019-20907, bsc#1174091). + - bpo-41235: Fix the error handling in ssl.SSLContext.load_dh_params(). + - bpo-41207: In distutils.spawn, restore expectation that + DistutilsExecError is raised when the command is not found. + - bpo-39168: Remove the __new__ method of typing.Generic. + - bpo-41194: Fix a crash in the _ast module: it can no longer be + loaded more than once. It now uses a global state rather than a module state. + - bpo-39384: Fixed email.contentmanager to allow set_content() to set a + null string. + - bpo-41300: Save files with non-ascii chars. + Fix regression released in 3.9.0b4 and 3.8.4. + - bpo-37765: Add keywords to module name completion list. + Rewrite Completions section of IDLE doc. + - bpo-40170: Revert PyType_HasFeature() change: it reads + again directly the PyTypeObject.tp_flags + member when the limited C API is not used, rather than always calling + PyType_GetFlags() which hides implementation details. + +------------------------------------------------------------------- +Mon Jul 20 12:06:41 UTC 2020 - Matej Cepl + +- Add CVE-2019-20907_tarfile-inf-loop.patch fixing bsc#1174091 + (CVE-2019-20907, bpo#39017) avoiding possible infinite loop + in specifically crafted tarball. + Add recursion.tar as a testing tarball for the patch. + +------------------------------------------------------------------- +Fri Jul 17 07:07:19 UTC 2020 - Callum Farmer + +- Changed bpo-31046_ensurepip_honours_prefix.patch to include fix from py3.8 + +------------------------------------------------------------------- +Thu Jul 16 21:45:50 UTC 2020 - Callum Farmer + +- Spec file fixes +- Re-added subprocess-raise-timeout.patch: now compatible +- Removed bpo34022-stop_hash-based_invalidation_w_SOURCE_DATE_EPOCH.patch: contained in upstream + +------------------------------------------------------------------- +Wed Jul 15 09:10:42 UTC 2020 - Tomáš Chvátal + +- Fix minor issues found in the staging. + +------------------------------------------------------------------- +Wed Jul 15 06:13:33 UTC 2020 - Tomáš Chvátal + +- Do not set ourselves as primary interpreter + +------------------------------------------------------------------- +Tue Jul 14 20:45:11 UTC 2020 - Matej Cepl + +- Update to 3.9.0b4: + - PEP 584, Union Operators in dict + - PEP 585, Type Hinting Generics In Standard Collections + - PEP 593, Flexible function and variable annotations + - PEP 602, Python adopts a stable annual release cadence + - PEP 615, Support for the IANA Time Zone Database in the + Standard Library + - PEP 616, String methods to remove prefixes and suffixes + - PEP 617, New PEG parser for CPython + - bpo#38379, garbage collection does not block on resurrected + objects; + - bpo#38692, os.pidfd_open added that allows process + management without races and signals; + - bpo#39926, Unicode support updated to version 13.0.0; + - bpo#1635741, when Python is initialized multiple times in + the same process, it does not leak memory anymore; + - A number of Python builtins (range, tuple, set, frozenset, + list, dict) are now sped up using PEP 590 vectorcall; + - A number of Python modules (_abc, audioop, _bz2, _codecs, + _contextvars, _crypt, _functools, _json, _locale, operator, + resource, time, _weakref) now use multiphase initialization + as defined by PEP 489; + - A number of standard library modules (audioop, ast, grp, + _hashlib, pwd, _posixsubprocess, random, select, struct, + termios, zlib) are now using the stable ABI defined by + PEP 384. +- Remove upstreamed patches: + - F00102-lib64.patch + - SUSE-FEDORA-multilib.patch + - OBS_dev-shm.patch + - subprocess-raise-timeout.patch + - bpo36302-sort-module-sources.patch + - bpo40784-Fix-sqlite3-deterministic-test.patch + +------------------------------------------------------------------- +Fri Jul 10 10:55:15 UTC 2020 - Tomáš Chvátal + +- Update pre_checkin.sh and regenerate + +------------------------------------------------------------------- +Fri Jul 10 10:11:39 UTC 2020 - Tomáš Chvátal + +- Convert few dependencies to their pkgconfig counterparts + +------------------------------------------------------------------- +Fri Jul 10 10:08:48 UTC 2020 - Tomáš Chvátal + +- Remove release requirement on libpython, it is not really needed + to be equal as the abi changes with versions + +------------------------------------------------------------------- +Fri Jul 10 10:07:50 UTC 2020 - Tomáš Chvátal + +- Add provides python3-bla on all the subpkgs in case we are + primary provider of the functionality + +------------------------------------------------------------------- +Fri Jul 10 10:02:01 UTC 2020 - Tomáš Chvátal + +- Remove unversioned files from devel subpkg too +- Remove main python3 files from -base based whether we are + primary interpreter or not +- Fix idle to be co-installable +- Add condition to be primary to provide/obsolete python3-* +- Fix doc to build in versioned folder so the pythons can be + installed next to each other + +------------------------------------------------------------------- +Fri Jul 10 07:57:10 UTC 2020 - Tomáš Chvátal + +- Revert the full versioning of calls on the macros. These + are generic so they should really just call python3 X + +------------------------------------------------------------------- +Fri Jul 10 07:56:11 UTC 2020 - Tomáš Chvátal + +- For the doc package we can build with generic flavor, we don't + need the our-interpreter based one + +------------------------------------------------------------------- +Fri Jul 10 07:18:53 UTC 2020 - Tomáš Chvátal + +- Add provides for pytohn3X-typing/etc to allow BR on those still + to work when needed + +------------------------------------------------------------------- +Fri Jul 10 07:14:33 UTC 2020 - Tomáš Chvátal + +- Change macros.python3 to use full versioned 3.8 instead of just 3 + for python interpreter + +------------------------------------------------------------------- +Wed Jul 1 11:50:19 UTC 2020 - Tomáš Chvátal + +- Reduce some now unused conditionals + +------------------------------------------------------------------- +Wed Jul 1 11:00:40 UTC 2020 - Tomáš Chvátal + +- Redux the -base dependencies to match up pre-merge layout + +------------------------------------------------------------------- +Wed Jul 1 09:24:39 UTC 2020 - Tomáš Chvátal + +- Generate baselibs in pre-checkin too + +------------------------------------------------------------------- +Wed Jul 1 09:14:33 UTC 2020 - Tomáš Chvátal + +- Generate the importlib-failed using pre_checking again +- Add back the information about skipped tests on the pre_checkin + output + +------------------------------------------------------------------- +Tue Jun 30 07:11:19 UTC 2020 - Tomáš Chvátal + +- Use %python_pkg_name instead of hardcoding python3 where + applicable +- Sort out preamble with spec-cleaner + +------------------------------------------------------------------- +Mon Jun 29 14:36:10 UTC 2020 - Matej Cepl + +- Calculate required variables instead of relying on their continuous manual update + +------------------------------------------------------------------- +Thu Jun 25 10:44:08 UTC 2020 - Tomáš Chvátal + +- Fix the -base module build again to generate only the deps + we need + +------------------------------------------------------------------- +Wed Jun 17 18:42:51 UTC 2020 - Matej Cepl + +- Replace OBS_dev-shm.patch with the upstream PR#20944 + +------------------------------------------------------------------- +Thu Jun 10 14:30:15 UTC 2020 - Tomáš Chvátal + +- Use the %{python_pkg_name} on more places to allow easier + multiversioning +- Switch to _multibuild approach for easier maintenance of this + package. All is now in one spec file with 3 conditionals: + * bcond_with base + * bcond_with doc + * bcond_with general + +------------------------------------------------------------------- +Mon Jun 8 14:26:00 UTC 2020 - Matej Cepl + +- add requires python3-base on libpython subpackage (bsc#1167008) + +------------------------------------------------------------------- +Fri Jun 5 06:08:12 UTC 2020 - Dirk Mueller + +- build against Sphinx 2.x until python is compatible with + Sphinx 3.x (see gh#python/cpython#19397, bpo#40204) + +------------------------------------------------------------------- +Fri May 29 19:59:01 UTC 2020 - Andreas Stieger + +- Fix build with SQLite 3.32 (bpo#40783) + add bpo40784-Fix-sqlite3-deterministic-test.patch + +------------------------------------------------------------------- +Sun May 17 15:37:35 UTC 2020 - Callum Farmer + +- Update to version 3.8.3: + - Complete list of changes is available at + https://docs.python.org/release/3.8.3/whatsnew/changelog.html#python-3-8-3-final, + but most of them are just bugfixes. + - Removed patch CVE-2020-8492-urllib-ReDoS.patch: contained in upstream + +------------------------------------------------------------------- +Thu Apr 16 12:06:01 UTC 2020 - Matej Cepl + +- Add #!BuildIgnore: gdk-pixbuf-loader-rsvg to python3 SPEC + +------------------------------------------------------------------- +Thu Mar 26 15:36:55 UTC 2020 - Matej Cepl + +- Add patch bsc1167501-invalid-alignment.patch + (bsc#1167501, bpo#40052) to fix alignment in abstract.h header file. + +------------------------------------------------------------------- +Wed Mar 11 11:09:41 UTC 2020 - Andreas Schwab + +- Update list of skipped tests for qemu linux-user build, test_setegid + (test.test_os.PosixUidGidTests) is confusing it + +------------------------------------------------------------------- +Thu Mar 5 18:40:29 UTC 2020 - Matej Cepl + +- Update to 3.8.2: + - Complete list of changes is available at + https://docs.python.org/release/3.8.2/whatsnew/changelog.html#python-3-8-2-final, + but most of them are just bugfixes. + - Updated patches: + - F00102-lib64.patch + - OBS_dev-shm.patch + - SUSE-FEDORA-multilib.patch + - subprocess-raise-timeout.patch + +------------------------------------------------------------------- +Sun Feb 9 00:14:24 CET 2020 - Matej Cepl + +- Add CVE-2020-8492-urllib-ReDoS.patch fixing the security bug + "Python urrlib allowed an HTTP server to conduct Regular + Expression Denial of Service (ReDoS)" (bsc#1162367) + +------------------------------------------------------------------- +Sat Feb 8 22:21:10 CET 2020 - Matej Cepl + +- Add Requires: libpython%{so_version} == %{version}-%{release} + to python3-base to keep both packages always synchronized + (bsc#1162224). + +------------------------------------------------------------------- +Mon Feb 3 20:27:54 UTC 2020 - Tomáš Chvátal + +- Do not pull in bluez in base again, explain the cycle, + it needs to be solved by bluez maintainer for us by providing + just the headers separately + +------------------------------------------------------------------- +Mon Feb 3 19:54:25 UTC 2020 - Tomáš Chvátal + +- Reame idle icons to idle3 in order to not conflict with python2 + variant of the package + * renamed the icons + * renamed icon load in desktop file + +------------------------------------------------------------------- +Thu Jan 16 09:50:03 UTC 2020 - Tomáš Chvátal + +- Add importlib_resources provide/obsolete as it is integral + part of the lang since 3.7 release + +------------------------------------------------------------------- +Mon Jan 13 11:10:47 UTC 2020 - Martin Liška + +- Add -fno-semantic-interposition as it brings speed up: + https://fedoraproject.org/wiki/Changes/PythonNoSemanticInterpositionSpeedup + +------------------------------------------------------------------- +Thu Dec 19 16:25:26 CET 2019 - Matej Cepl + +- Update to 3.8.1: + - This is mainly bugfix release and no significant changes to + API are expected. The full changelog is available on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-1 + - Remove bpo-38688_shutil.copytree_prevent-infinite-recursion.patch, + which is included in the upstream tarball. + +------------------------------------------------------------------- +Thu Dec 19 14:57:32 CET 2019 - Matej Cepl + +- Add bpo-31046_ensurepip_honours_prefix.patch which makes + ensurepip to honour the value of $(prefix). Proposed fix for + bpo#31046.. + +------------------------------------------------------------------- +Tue Dec 10 11:07:16 UTC 2019 - Tomáš Chvátal + +- Move bluez-devel dependency to base as it is needed for + socket.AF_BLUETOOTH and otherwise does not work + +------------------------------------------------------------------- +Mon Dec 2 16:52:32 CET 2019 - Matej Cepl + +- Reintroduce QtHelp with the help of the new BR + python-sphinxcontrib-qthelp. + +------------------------------------------------------------------- +Mon Oct 21 18:51:00 UTC 2019 - Stefan Brüns + +- Fix SUSE-FEDORA-multilib.patch, the platform agnostic infix for + library installation is "lib", not "dir". + +------------------------------------------------------------------- +Thu Oct 17 14:19:20 UTC 2019 - Stefan Brüns + +- Move idle subpackage build from python3-base to python3. + appstream-glib required for packaging introduces considerable + extra dependencies and a build loop via rust/librsvg. +- Correct installation of idle IDE icons: + + idle.png is not the target directory + + non-GNOME-specific icons belong into icons/hicolor +- Add required Name key to idle3 desktop file + +------------------------------------------------------------------- +Tue Oct 15 16:39:12 CEST 2019 - Matej Cepl + +- Update to the final release 3.8.0. . + - New Features: + - Assignment expressions + - Positional-only parameters + - Parallel filesystem cache for compiled bytecode files + - Debug build uses the same ABI as release build + - f-strings support = for self-documenting expressions and + debugging + - PEP 578: Python Runtime Audit Hooks + - PEP 587: Python Initialization Configuration + - Vectorcall: a fast calling protocol for CPython + - Pickle protocol 5 with out-of-band data buffers + - New modules: + - importlib.metadata + - Improved modules: + - ast asyncio, builtins, collections, curses, ctypes, + datetime, functools, gc, gettext, gzip, idelib and IDLE, + inspect, io, json.tool, math, mmap, multiprocessing, os, + os.path, pathlib, pickle, plistlib, py_compile, shlex, + shutil, socket, ssl, statistics, sys, tarfile, threading, + tokenize, tkinter, time, typing, unicodedata, unittest, + venv, weakref, xml + - C API improvements + - bdist_winnst command has been deprecated (use bdist_wheel) +- https://docs.python.org/3.8/whatsnew/3.8.html remains rest of + changes including documentation on how to port your programs to + the current version of Python. + +------------------------------------------------------------------- +Mon Oct 14 15:02:08 CEST 2019 - Matej Cepl + +- Add idle3.appdata.xml and idle3.desktop (originally from + Fedora) to make Idle3 full GUI desktop application. + (bsc#1153830) + +------------------------------------------------------------------- +Wed Oct 9 19:09:16 UTC 2019 - Michael Gorse + +- Drop intltool from BuildRequires. Doesn't appear to be used. + +------------------------------------------------------------------- +Wed Oct 9 10:37:59 UTC 2019 - Tomáš Chvátal + +- Add folder version to allow tarball downloads even for beta/rc + releases + +------------------------------------------------------------------- +Tue Oct 8 14:53:54 CEST 2019 - Matej Cepl + +- Revert patches from Fedora (F00102-lib64.patch and + F00251-change-user-install-location.patch) into their original + prisitine Fedora versions, SUSE-FEDORA-multilib.patch refreshed + accordingly. + +------------------------------------------------------------------- +Mon Oct 7 14:33:30 UTC 2019 - Matej Cepl + +- Correct quotation of platsubdir in Lib/distutils/command/install.py + +------------------------------------------------------------------- +Thu Oct 3 13:59:57 CEST 2019 - Matej Cepl + +- Replace python-3.6.0-multilib.patch with two patches from + Fedora (F00102-lib64.patch and + F00251-change-user-install-location.patch), and our own + SUSE-FEDORA-multilib.patch to allow better cooperation with + Fedora and better upstreaming. +- Add OBS_dev-shm.patch fixing bpo#38377 + +------------------------------------------------------------------- +Thu Oct 3 08:39:18 UTC 2019 - Tomáš Chvátal + +- Pull in just gettext and let solver to sort out between: + gettext-runtime-mini and gettext-runtime + +------------------------------------------------------------------- +Wed Oct 2 15:00:09 CEST 2019 - Matej Cepl + +- Update to 3.8.0rc1. Overall changes from 3.7: + - PEP 572, Assignment expressions + - PEP 570, Positional-only arguments + - PEP 587, Python Initialization Configuration (improved + embedding) + - PEP 590, Vectorcall: a fast calling protocol for CPython + - PEP 578, Runtime audit hooks + - PEP 574, Pickle protocol 5 with out-of-band data + - Typing-related: PEP 591 (Final qualifier), PEP 586 (Literal + types), and PEP 589 (TypedDict) + - Parallel filesystem cache for compiled bytecode + - Debug builds share ABI as release builds, also the 'm' ABI + tag was removed (irrelevant since 3.4), bpo#36707 + - f-strings support a handy = specifier for debugging + - continue is now legal in finally: blocks + - on Windows, the default asyncio event loop is now + ProactorEventLoop + - on macOS, the spawn start method is now used by default in + multiprocessing + - multiprocessing can now use shared memory segments to avoid + pickling costs between processes + - typed_ast is merged back to CPython + - LOAD_GLOBAL is now 40% faster + - pickle now uses Protocol 4 by default, improving performance +- Refreshed patches: + - CVE-2019-5010-null-defer-x509-cert-DOS.patch + - python-3.3.0b1-fix_date_time_compiler.patch + - python-3.6.0-multilib.patch + - subprocess-raise-timeout.patch + +------------------------------------------------------------------- +Wed Sep 25 09:46:41 UTC 2019 - Bernhard Wiedemann + +- Add bpo36302-sort-module-sources.patch (boo#1041090) + +------------------------------------------------------------------- +Tue Sep 10 13:43:18 UTC 2019 - Tomáš Chvátal + +- Try harder obsoleting importlib-metadata + +------------------------------------------------------------------- +Sat Aug 31 00:16:47 CEST 2019 - Matej Cepl + +- Update to 3.8.0b4: + Many bugfixes, full list on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-0-beta-4 + +------------------------------------------------------------------- +Thu Aug 29 06:28:15 UTC 2019 - Guillaume GARDET + +- Re-enable test_threading on aarch64 + +------------------------------------------------------------------- +Sat Aug 17 13:21:15 UTC 2019 - John Vandenberg + +- Remove xrpm from subpackage tk description + +------------------------------------------------------------------- +Tue Aug 6 14:24:55 CEST 2019 - Matej Cepl + +- Update to 3.8.0b3: + Many bugfixes, full list on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-0-beta-3 +- Patches reapplied: + - python-3.3.0b1-fix_date_time_compiler.patch + - python-3.3.0b1-test-posix_fadvise.patch + - python-3.6.0-multilib.patch + - subprocess-raise-timeout.patch + +------------------------------------------------------------------- +Tue Jul 23 13:20:49 UTC 2019 - Matej Cepl + +- Add Provides: python3-importlib-metadata + +------------------------------------------------------------------- +Sun Jul 7 19:08:48 CEST 2019 - Matej Cepl + +- Update to 3.8.0b2: + Many bugfixes, full list on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-0-beta-2 +- Patches included in upstream: + - bpo-37169_PyObject_IsFreed.patch +- Patches reapplied: + - 00251-change-user-install-location.patch + - distutils-reproducible-compile.patch + - python-3.3.0b1-localpath.patch + - python-3.6.0-multilib.patch + +------------------------------------------------------------------- +Tue Jul 2 09:03:04 UTC 2019 - Andreas Schwab + +- Update list of skipped tests for qemu linux-user build +- Don't do profiling in qemu linux-user build + +------------------------------------------------------------------- +Wed Jun 5 12:19:09 CEST 2019 - Matej Cepl + +- Update to 3.8.0b1 (changes since 3.7.*): + - PEP 572, Assignment expressions + - PEP 570, Positional-only arguments + - PEP 587, Python Initialization Configuration (improved embedding) + - PEP 590, Vectorcall: a fast calling protocol for CPython + - PEP 578, Runtime audit hooks + - PEP 574, Pickle protocol 5 with out-of-band data + - Typing-related: PEP 591 (Final qualifier), PEP 586 (Literal + types), and PEP 589 (TypedDict) + - Parallel filesystem cache for compiled bytecode + - Debug builds share ABI as release builds + - f-strings support a handy = specifier for debugging + - continue is now legal in finally: blocks + - multiprocessing can now use shared memory segments to avoid + pickling costs between processes + - typed_ast is merged back to CPython + - LOAD_GLOBAL is now 40% faster + - pickle now uses Protocol 4 by default, improving performance +- Remove patches which were included in the upstream: + - 00251-change-user-install-location.patch + - 00316-mark-bdist_wininst-unsupported.patch + - CVE-2019-9947-no-ctrl-char-http.patch + - raise_SIGING_not_handled.patch + +------------------------------------------------------------------- +Wed May 22 10:53:03 UTC 2019 - Martin Liška + +- Set _lto_cflags to nil as the package is using LTO via --enable-lto. + That will prevent to propage LTO for Python modules that are + built in a separate package. + +------------------------------------------------------------------- +Sat May 4 21:29:20 CEST 2019 - Matej Cepl + +- Update to 3.8.0.a3: + - PEP 572: Assignment Expressions. + - Other (mostly small) changes are on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-0-alpha-3 + +------------------------------------------------------------------- +Mon Apr 29 15:40:34 CEST 2019 - Matej Cepl + +- bsc#1130840 (CVE-2019-9947): add CVE-2019-9947-no-ctrl-char-http.patch + Address the issue by disallowing URL paths with embedded + whitespace or control characters through into the underlying + http client request. Such potentially malicious header + injection URLs now cause a ValueError to be raised. + +------------------------------------------------------------------- +Wed Apr 10 10:22:58 CEST 2019 - Matej Cepl + +- Fix metadata of patches. +- Rename boo1071941-make-install-in-sep-loc.patch to + 00251-change-user-install-location.patch which is the original + name, so it can be looked up in the Fedora VCS. + +------------------------------------------------------------------- +Tue Apr 9 04:55:24 UTC 2019 - John Vandenberg + +- Mark distutils bdist_wininst command unsupported + with 00316-mark-bdist_wininst-unsupported.patch +- Remove Windows bdist_wininst executables from runtime package + +------------------------------------------------------------------- +Tue Apr 9 01:21:45 CEST 2019 - Matej Cepl + +- Update to 3.7.3, which is the maintenance release without any + significant changes in API. + - Updated patches: + - CVE-2019-5010-null-defer-x509-cert-DOS.patch + - distutils-reproducible-compile.patch + - python-3.3.0b1-fix_date_time_compiler.patch + - python-3.6.0-multilib.patch + - raise_SIGING_not_handled.patch + +------------------------------------------------------------------ +Wed Mar 20 14:59:58 UTC 2019 - Matěj Cepl + +- Remove building of Qt Develop help files. + +------------------------------------------------------------------- +Fri Mar 15 15:10:30 CET 2019 - Matej Cepl + +- Return distutils-reproducible-compile.patch which is still + missing (still unfinished bpo#29708). + +------------------------------------------------------------------- +Mon Feb 25 23:30:56 CET 2019 - Matej Cepl + +- Update to 3.8.0a2: + * List of all (mostly small) changes are on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-0-alpha-2 + +------------------------------------------------------------------- +Tue Feb 12 10:25:52 CET 2019 - Matej Cepl + +- Build nis module again. + +------------------------------------------------------------------- +Tue Feb 12 10:06:17 CET 2019 - Matej Cepl + +- Update to 3.8.0a1: + * The most visible change so far is probably the + implementation of PEP 572: Assignment Expressions. For + a detailed list of changes, see: + https://docs.python.org/3.8/whatsnew/changelog.html + * Recover building of nis module properly in python3 package +- Update patches: + * CVE-2019-5010-null-defer-x509-cert-DOS.patch + * python-3.3.0b1-fix_date_time_compiler.patch + * python-3.3.0b1-test-posix_fadvise.patch + * python-3.6.0-multilib.patch + * raise_SIGING_not_handled.patch + +------------------------------------------------------------------- +Wed Jan 30 18:07:49 CET 2019 - mcepl@suse.com + +- Put LICENSE file where it belongs (bsc#1121852) + +------------------------------------------------------------------- +Sat Jan 19 16:19:38 CET 2019 - mcepl@suse.com + +- bsc#1122191: add CVE-2019-5010-null-defer-x509-cert-DOS.patch + fixing bpo-35746. + An exploitable denial-of-service vulnerability exists in the + X509 certificate parser of Python.org Python 2.7.11 / 3.7.2. + A specially crafted X509 certificate can cause a NULL pointer + dereference, resulting in a denial of service. An attacker can + initiate or accept TLS connections using crafted certificates + to trigger this vulnerability. + +------------------------------------------------------------------- +Tue Jan 8 12:51:01 UTC 2019 - Tomáš Chvátal + +- Do not require full gettext in order to avoid pulling in the + glib2 as a dependency + +------------------------------------------------------------------- +Tue Jan 8 12:25:27 UTC 2019 - Tomáš Chvátal + +- Update to 3.7.2: + * bugfix release: + https://docs.python.org/3.7/whatsnew/changelog.html#changelog + +------------------------------------------------------------------- +Wed Jan 2 12:51:48 CET 2019 - mcepl@suse.com + +- Stop applying python-3.6.0-multilib-new.patch (which is still + WIP), and apply the old proven python-3.6.0-multilib.patch + instead. + +------------------------------------------------------------------- +Wed Dec 19 19:29:44 UTC 2018 - Todd R + +- Use upstream-recommended %{_rpmconfigdir}/macros.d directory + for the rpm macros. + +------------------------------------------------------------------- +Mon Dec 17 17:24:49 CET 2018 - mcepl@suse.com + +- Upgrade to 3.7.2rc1: + * bugfix release, for the full list of all changes see + https://docs.python.org/3.7/whatsnew/changelog.html#changelog +- Make run of the test suite more verbose + +------------------------------------------------------------------- +Tue Dec 11 01:52:45 UTC 2018 - Jan Engelhardt + +- Write summaries without em dashes. + +------------------------------------------------------------------- +Mon Dec 3 13:27:54 UTC 2018 - Matěj Cepl + +- Remove python-3.3.0b1-curses-panel.patch it is unnecessary anymore. +- Add boo1071941-make-install-in-sep-loc.patch to make pip and + distutils in user environment install into separate location + (boo#1071941) + + Set values of prefix and exec_prefix in distutils install + command to /usr/local if executable is /usr/bin/python* and RPM + build is not detected to make pip and distutils install into + separate location +- Remove finally python-3.3.3-skip-distutils-test_sysconfig_module.patch +- Remove distutils-reproducible-compile.patch which doesn't make + really much difference in reproducibility (see + gh#python/cpython#8057 and discussion there). + +------------------------------------------------------------------- +Sat Dec 1 00:14:28 CET 2018 - mcepl@suse.com + +- Rename Stop_hash-based_invalidation_w_SOURCE_DATE_EPOCH.patch + to bpo34022-stop_hash-based_invalidation_w_SOURCE_DATE_EPOCH.patch + +------------------------------------------------------------------- +Wed Nov 7 12:10:41 CET 2018 - mcepl@suse.com + +- Add dependency on bluez-devel to build support for Bluetooth + (boo#1109998) + +------------------------------------------------------------------- +Tue Nov 6 13:52:45 CET 2018 - mcepl@suse.com + +- Add devhelp subpackage and split qthelp into another + subpackage. + +------------------------------------------------------------------- +Wed Oct 24 12:38:00 UTC 2018 - Matěj Cepl + +- Remove python-3.0b1-record-rpm.patch and + Python-3.0b1-record-rpm.patch, as they are not needed anymore + +------------------------------------------------------------------- +Tue Oct 23 14:14:16 UTC 2018 - Matej Cepl + +- Switch off test_threading for optimization builds. + +------------------------------------------------------------------- +Mon Oct 22 14:41:59 CEST 2018 - mcepl@suse.com + +- Update to python-3.7.1. This is just a brief overview, complete + changelog available at + https://docs.python.org/3.7/whatsnew/changelog.html#python-3-7-1-final: + Library + bpo-34970: Protect tasks weak set manipulation in asyncio.all_tasks() +- Patches already accepted upstream are removed: + * 00307-allow-to-call-Py_Main-after-Py_Initialize.patch + * 00308-tls-1.3.patch +- New patches added: + * Stop_hash-based_invalidation_w_SOURCE_DATE_EPOCH.patch + * raise_SIGING_not_handled.patch +- All other patches refreshed via quilt. + +------------------------------------------------------------------- +Mon Oct 22 12:22:19 UTC 2018 - Matej Cepl + +- Add raise_SIGING_not_handled.patch to fix bsc#1094814 + +------------------------------------------------------------------- +Wed Oct 17 14:04:35 UTC 2018 - Tomáš Chvátal + +- Add patch to fix importlib return types: + * python3-imp-returntype.patch + +------------------------------------------------------------------- +Mon Oct 15 13:46:32 CEST 2018 - mcepl@suse.com + +- bpo-34022 still not completely fixed, so we have to keep + excluding test_cmd_line_script, + test_multiprocessing_main_handling, and test_runpy from the + test suite. + +------------------------------------------------------------------- +Sun Oct 14 15:57:24 UTC 2018 - Matej Cepl + +- Update to python 3.7.1~rc2: + Core and Builtins + bpo-34879: Fix a possible null pointer dereference in + bytesobject.c. Patch by Zackery Spytz. + bpo-34854: Fixed a crash in compiling string annotations + containing a lambda with a keyword-only argument that + doesn’t have a default value. + bpo-34320: Fix dict(od) didn’t copy iteration order of + OrderedDict. + Library + bpo-34769: Fix for async generators not finalizing when event + loop is in debug mode and garbage collector runs in another + thread. + bpo-34922: Fixed integer overflow in the digest() and + hexdigest() methods for the SHAKE algorithm in the hashlib + module. + bpo-34900: Fixed unittest.TestCase.debug() when used to call + test methods with subtests. Patch by Bruno Oliveira. + bpo-34871: Fix inspect module polluted sys.modules when parsing + __text_signature__ of callable. + bpo-34872: Fix self-cancellation in C implementation of + asyncio.Task + bpo-34819: Use a monotonic clock to compute timeouts in + Executor.map() and as_completed(), in order to prevent + timeouts from deviating when the system clock is adjusted. + bpo-34334: In QueueHandler, clear exc_text from LogRecord to + prevent traceback from being written twice. + bpo-6721: Acquire the logging module’s commonly used internal + locks while fork()ing to avoid deadlocks in the child + process. + bpo-34172: Fix a reference issue inside multiprocessing.Pool + that caused the pool to remain alive if it was deleted + without being closed or terminated explicitly. + Documentation + bpo-32174: chm document displays non-ASCII charaters properly on + some MBCS Windows systems. + Tests + bpo-32962: Fixed test_gdb when Python is compiled with flags + -mcet -fcf-protection -O0. + C API + bpo-34910: Ensure that PyObject_Print() always returns -1 on + error. Patch by Zackery Spytz. + +------------------------------------------------------------------- +Fri Oct 12 20:46:58 CEST 2018 - mcepl@suse.com + +- Add Stop_hash-based_invalidation_w_SOURCE_DATE_EPOCH.patch to + fix problems with SOURCE_DATE_EPOCH variable (bpo-34022) + +------------------------------------------------------------------- +Mon Sep 17 09:44:02 UTC 2018 - Tomáš Chvátal + +- Add patch to fix build with tls1.3 supported openssl + * 00308-tls-1.3.patch +- Add patch to fix Py_Main calls after Py_initialize + * 00307-allow-to-call-Py_Main-after-Py_Initialize.patch + +------------------------------------------------------------------- +Mon Sep 3 15:22:42 UTC 2018 - Matěj Cepl + +- Add -fwrapv to OPTS, which is default for python3 anyway + See for example https://github.com/zopefoundation/persistent/issues/86 + for bugs which are caused by avoiding it. + +------------------------------------------------------------------- +Tue Jul 10 11:12:32 UTC 2018 - mcepl@suse.com + +- Fix ownership of _contextvars, _queue, and _xxtestfuzz + +------------------------------------------------------------------- +Tue Jul 3 15:04:48 UTC 2018 - mcepl@suse.com + +- Switch off LTO for distros with older GCC +- Fix %files + +------------------------------------------------------------------- +Fri Jun 29 14:20:03 UTC 2018 - tchvatal@suse.com + +- Add dependency over libuuid-devel + +------------------------------------------------------------------- +Thu Jun 28 10:42:15 UTC 2018 - mimi.vx@gmail.com + +- update to python 3.7.0 + Complete overview of changes is available on + https://docs.python.org/3/whatsnew/3.7.html, these are just + highlights: + * PEP 563, postponed evaluation of type annotations. + * async and await are now reserved keywords. + * New library modules: + contextvars: PEP 567 – Context Variables + dataclasses: PEP 557 – Data Classes + importlib.resources + * New built-in features: + PEP 553, the new breakpoint() function. + * Python data model improvements: + PEP 562, customization of access to module attributes. + PEP 560, core support for typing module and generic types. + the insertion-order preservation nature of dict objects + has been declared to be an official part of the Python + language spec. + * Significant improvements in the standard library: + The asyncio module has received new features, significant + usability and performance improvements. + The time module gained support for functions with + nanosecond resolution. + * CPython implementation improvements: + Avoiding the use of ASCII as a default text encoding: + PEP 538, legacy C locale coercion + PEP 540, forced UTF-8 runtime mode + PEP 552, deterministic .pycs + the new development runtime mode + PEP 565, improved DeprecationWarning handling + * C API improvements: + PEP 539, new C API for thread-local storage + * Documentation improvements: + PEP 545, Python documentation translations + New documentation translations: Japanese, French, and Korean. +- drop python3-sorted_tar.patch +- drop 0001-allow-for-reproducible-builds-of-python-packages.patch +- refresh python-3.6.0-multilib-new.patch +- refresh subprocess-raise-timeout.patch + * new C API for thread-local storage + * Deterministic pyc files + * Built-in breakpoint() + * Data Classes + * Core support for typing module and generic types + * Customization of access to module attributes + * Postponed evaluation of annotations + * Time functions with nanosecond resolution + * Improved DeprecationWarning handling + * Context Variables + * Avoiding the use of ASCII as a default text encoding + (PEP 538, legacy C locale coercion and PEP 540, forced UTF-8 runtime mode) + * The insertion-order preservation nature of dict objects is now + an official part of the Python language spec. + * Notable performance improvements in many areas. + +------------------------------------------------------------------- +Thu May 17 18:26:42 UTC 2018 - hpj@urpla.net + +- disable lto with gcc versions below 7 (results in link failures) + +------------------------------------------------------------------- +Mon Apr 30 15:23:24 UTC 2018 - jengelh@inai.de + +- Use faster find subcommand execution strategies. + +------------------------------------------------------------------- +Fri Apr 20 16:17:29 UTC 2018 - tchvatal@suse.com + +- Do not mention the testsuite disabling in opts as it was moved to + main pkg so base is test-free + +------------------------------------------------------------------- +Tue Apr 17 08:36:08 UTC 2018 - tchvatal@suse.com + +- As we run in main python package do not generate the pre_checkin + from both now + +------------------------------------------------------------------- +Mon Apr 16 14:11:56 UTC 2018 - tchvatal@suse.com + +- Move the tests from base to generic package wrt bsc#1088573 + * We still fail the whole distro if python3 is not build + * The other archs than x86_64 took couple of hours to unblock + build of other software, this way we work around the issue +- Some tests are still run in -base for the LTO tweaking, but at + least it is not run twice + +------------------------------------------------------------------- +Sat Mar 31 19:41:12 UTC 2018 - mimi.vx@gmail.com + +- update to 3.6.5 + * bugfix release + * see Misc/NEWS for details +- drop ctypes-pass-by-value.patch +- drop fix-localeconv-encoding-for-LC_NUMERIC.patch +- refresh python-3.6.0-multilib-new.patch + +------------------------------------------------------------------ +Wed Mar 7 09:16:39 UTC 2018 - adam@mizerski.pl + +- Created %so_major and %so_minor macros +- Put Tools/gdb/libpython.py script into proper place and ship it with devel + subpackage. + +------------------------------------------------------------------- +Tue Feb 20 15:04:56 UTC 2018 - schwab@suse.de + +- ctypes-pass-by-value.patch: Fix pass by value for structs on aarch64 + +------------------------------------------------------------------- +Tue Feb 20 14:28:00 UTC 2018 - bwiedemann@suse.com + +- Add python3-sorted_tar.patch (boo#1081750) + +------------------------------------------------------------------- +Tue Feb 20 14:08:57 UTC 2018 - tchvatal@suse.com + +- Drop python3-tk and python3-idle recommends to reduce python3 + always pulling X stack bsc#1081751 + +------------------------------------------------------------------- +Wed Feb 7 09:10:03 UTC 2018 - tchvatal@suse.com + +- Add patch to fix glibc 2.27 fail bsc#1079761: + * fix-localeconv-encoding-for-LC_NUMERIC.patch + +------------------------------------------------------------------- +Mon Feb 5 17:14:43 UTC 2018 - normand@linux.vnet.ibm.com + +- Update skip_random_failing_tests.patch (for PowerPC) + to avoid test_call_later failure + +------------------------------------------------------------------- +Wed Jan 24 14:35:58 UTC 2018 - jmatejek@suse.com + +- move XML modules and python3-xml provide to python3-base + (fixes bsc#1077230) +- move ensurepip to base + +------------------------------------------------------------------- +Thu Jan 18 12:31:47 UTC 2018 - normand@linux.vnet.ibm.com + +- Add skip_random_failing_tests.patch only for PowerPC + +------------------------------------------------------------------- +Wed Jan 3 12:18:51 UTC 2018 - jmatejek@suse.com + +- update to 3.6.4 + * bugfix release, over a hundred bugs fixed + * see Misc/NEWS for details +- drop upstreamed python3-ncurses-6.0-accessors.patch +- drop PYTHONSTARTUP hooks that cause spurious startup errors + * fixes bsc#1070738 + * the relevant feature (REPL history) is now built into Python itself + +------------------------------------------------------------------- +Sat Dec 2 11:11:46 UTC 2017 - dimstar@opensuse.org + +- Install 2to3-%{python_version} executable (override defattr of + the -tools package). 2to3 (unversioned) is a symlink and does not + carry permissions (bsc#1070853). + +------------------------------------------------------------------- +Thu Nov 16 11:02:18 UTC 2017 - mimi.vx@gmail.com + +- move 2to3 to python3-tools package + +------------------------------------------------------------------- +Wed Oct 11 13:15:23 UTC 2017 - jmatejek@suse.com + +- update to 3.6.3 + * bugfix release, over a hundred bugs fixed + * see Misc/NEWS for details +- drop upstreamed 0001-3.6-bpo-30714-ALPN-changes-for-OpenSSL-1.1.0f-3093.patch + +------------------------------------------------------------------- +Wed Sep 20 09:54:05 UTC 2017 - dmueller@suse.com + +- drop python-2.7-libffi-aarch64.patch: this patches the intree + copy of libffi which is unused/deleted in the line afterwards +- fix build against system libffi: include flags weren't set + so it actually used the in-tree libffi headers. + +------------------------------------------------------------------- +Thu Sep 14 13:23:10 UTC 2017 - vcizek@suse.com + +- Fix test broken with OpenSSL 1.1 (bsc#1042670) + * add 0001-3.6-bpo-30714-ALPN-changes-for-OpenSSL-1.1.0f-3093.patch + +------------------------------------------------------------------- +Tue Sep 5 11:47:05 UTC 2017 - jengelh@inai.de + +- Update RPM group for python documentation. + +------------------------------------------------------------------- +Thu Aug 31 08:39:31 UTC 2017 - schwab@suse.de + +- fix missing %{?armsuffix} + +------------------------------------------------------------------- +Wed Aug 30 13:41:38 UTC 2017 - jmatejek@suse.com + +- distutils-reproducible-compile.patch: ensure distutils order files + before compiling, which works around bsc#1049186 + +------------------------------------------------------------------- +Thu Aug 17 08:59:05 CEST 2017 - kukuk@suse.de + +- Add libnsl-devel build requires for glibc obsoleting libnsl + +------------------------------------------------------------------- +Thu Aug 3 16:09:26 UTC 2017 - jmatejek@suse.com + +- update to 3.6.2 + * bugfix release, over a hundred bugs fixed + * see Misc/NEWS for details +- drop upstreamed test-socket-aead-kernel49.patch +- add Provides: python3-typing (fixes bsc#1050653) +- drop duplicate Provides: python3 + +------------------------------------------------------------------- +Mon Jun 26 12:10:07 UTC 2017 - jmatejek@suse.com + +- drop db-devel from requirements + +------------------------------------------------------------------- +Tue Jun 20 09:26:52 UTC 2017 - asn@cryptomilk.org + +- Add missing link to python library in config dir (bsc#1040164) + +------------------------------------------------------------------- +Thu Mar 23 12:42:59 UTC 2017 - jmatejek@suse.com + +- update to 3.6.1 + * bugfix release, over a hundred bugs fixed + * never add import location's parent directory to sys.path + * switch to git for version control, build changes related to that + * fix "failed to get random numbers" on old kernels (bsc#1029902) + * several crashes and memory leaks corrected + * f-string are no longer accepted as docstrings + +------------------------------------------------------------------- +Mon Mar 13 14:04:22 UTC 2017 - jmatejek@suse.com + +- prevent regenerating AST at build-time more robustly +- add "--without profileopt" and "--without testsuite" options to python3-base + to allow short circuiting when working on the package + +------------------------------------------------------------------- +Sat Feb 25 20:55:57 UTC 2017 - bwiedemann@suse.com + +- Add 0001-allow-for-reproducible-builds-of-python-packages.patch + upstream https://github.com/python/cpython/pull/296 + +------------------------------------------------------------------- +Wed Feb 8 12:30:20 UTC 2017 - jmatejek@suse.com + +- reenable test_socket with AEAD patch (test-socket-aead-kernel49.patch) +- reintroduce %py3_soflags macro (and better named %cpython3_soabi equivalent) + +------------------------------------------------------------------- +Wed Jan 11 14:57:07 UTC 2017 - jmatejek@suse.com + +- update to 3.6.0 + * PEP 498 Formated string literals + * PEP 515 Underscores in numeric literals + * PEP 526 Syntax for variable annotations + * PEP 525 Asynchronous generators + * PEP 530 Asynchronous comprehensions + * PEP 506 New "secrets" module for safe key generation + * less memory consumed by dicts + * dtrace and systemtap support + * improved asyncio module + * better defaults for ssl + * new hashing algorithms in hashlib + * bytecode format changed to allow more optimizations + * "async" and "await" are on track to be reserved words + * StopIteration from generators is deprecated + * support for openssl < 1.0.2 is deprecated + * os.urandom now blocks when getrandom() blocks + * huge number of new features, bugfixes and optimizations + * see https://docs.python.org/3.6/whatsnew/3.6.html for details +- rework multilib patch: drop Python-3.5.0-multilib.patch, implement + upstreamable python-3.6.0-multilib-new.patch +- refresh python-3.3.0b1-localpath.patch, subprocess-raise-timeout.patch +- drop upstreamed Python-3.5.1-fix_lru_cache_copying.patch +- finally drop python-2.6b1-canonicalize2.patch that was not applied in source + and only kept around in case we needed it in the future. (which we don't, as it seems) +- update import_failed map and baselibs +- build ctypes against system libffi + (buildrequire libffi-devel in python3-base) +- add new key to keyring (signed by keys already in keyring) +- introduced common configure section between python3 and python3-base +- moved pyconfig.h and Makefile to devel subpackage as distutils no longer + need it at runtime +- added python-rpm-macros dependency, regenerated macros file, drop macros.python3.py + because it is not used now +- improve summaries and descriptions (fixes bsc#917607) +- enabled Link-Time Optimization, see what happens +- including skipped_tests.py in pre_checkin.sh run +- run specs through spec-cleaner, rearrange sections + +------------------------------------------------------------------- +Fri Apr 22 17:20:29 UTC 2016 - jmatejek@suse.com + +- move _hashlib and _ssl modules and tests to python3-base +- recommend python3 + +------------------------------------------------------------------- +Tue Mar 15 15:05:23 UTC 2016 - schwab@suse.de + +- Skip test_asyncio under qemu_user_space_build + +------------------------------------------------------------------- +Mon Mar 7 20:38:11 UTC 2016 - toddrme2178@gmail.com + +- Add Python-3.5.1-fix_lru_cache_copying.patch + Fix copying the lru_cache() wrapper object. + Fixes deep-copying lru_cache regression, which worked on + previous versions of python but fails on python 3.5. + This fixes a bunch of packages in devel:languages:python3. + See: https://bugs.python.org/issue25447 + +------------------------------------------------------------------- +Sun Jan 24 00:44:08 UTC 2016 - arichardson.kde@gmail.com + +- Build the docs in .qch format as well + +------------------------------------------------------------------- +Wed Dec 9 07:35:20 UTC 2015 - toddrme2178@gmail.com + +- update to 3.5.1 + * bugfix-only release, dozens of bugs fixed +- Drop upstreamed Python-3.5.0-_Py_atomic_xxx-symbols.patch +- "Python3" to "Python 3" in summary + * This seems cleaner and fixes and rpmlint warning + +------------------------------------------------------------------- +Wed Oct 14 20:21:52 UTC 2015 - toddrme2178@gmail.com + +- Add Python-3.5.0-_Py_atomic_xxx-symbols.patch + This fixes a build error for many packages that use the Python, + C-API. + This patch is already accepted upstream and is slated to appear in + python 3.5.1. + +------------------------------------------------------------------- +Tue Sep 29 15:53:24 UTC 2015 - jmatejek@suse.com + +- update to 3.5.0 + * coroutines with async/await syntax + * matrix multiplication operator `@` + * unpacking generalizations + * new modules `typing` and `zipapp` + * type annotations + * .pyo files replaced by custom suffixes for optimization levels in __pycache__ + * support for memory BIO in ssl module + * performance improvements in several modules + * and many more +- removals and behavior changes + * deprecated `__version__` is removed + * support for .pyo files was removed + * system calls are auto-retried on EINTR + * bare generator expressions in function calls now cause SyntaxError + (change "f(x for x in i)" to "f((x for x in i))" to fix) + * removed undocumented `format` member of private `PyMemoryViewObject` struct + * renamed `PyMemAllocator` to `PyMemAllocatorEx` +- redefine %dynlib macro to reflect that modules now have arch+os as part of name +- module `time` is now built-in +- dropped upstreamed patches: + python-3.4.1-fix-faulthandler.patch + python-3.4.3-test-conditional-ssl.patch + python-fix-short-dh.patch (also dropped dh2048.pem required for this patch) +- updated patch Python-3.3.0b2-multilib.patch to Python-3.5.0-multilib.patch +- python-ncurses-6.0-accessors.patch taken from python 2 to fix build failure + with new gcc + ncurses + +------------------------------------------------------------------- +Wed Sep 9 11:51:22 UTC 2015 - dimstar@opensuse.org + +- Add python3-ncurses-6.0-accessors.patch: Fix build with + NCurses 6.0 and OPAQUE_WINDOW set to 1. + +------------------------------------------------------------------- +Mon Aug 24 17:02:08 UTC 2015 - jmatejek@suse.com + +- improve import_failed hook to do the right thing when invoking + missing modules with "python3 -m modulename" (boo#942751) + +------------------------------------------------------------------- +Thu Jul 23 22:08:10 UTC 2015 - fisiu@opensuse.org + +- Build with --enable-loadable-sqlite-extensions to make it works + as geospatial database. + +------------------------------------------------------------------- +Wed Jul 1 07:07:26 UTC 2015 - dimstar@opensuse.org + +- Fix source list for previous change (add dh2048.pem). + +------------------------------------------------------------------- +Wed Jun 24 06:54:30 UTC 2015 - meissner@suse.com + +- dh2048.pem: added generated 2048 dh parameter set to fix + ssl test (bsc#935856) +- python-fix-short-dh.patch: replace the 512 bits dh parameter set + by 2048 bits to fix build with new openssl 1.0.2c (bsc#935856) + +------------------------------------------------------------------- +Tue May 19 14:59:30 UTC 2015 - schwab@suse.de + +- ctypes-libffi-aarch64.patch: remove upstreamed patch +- python-2.7-libffi-aarch64.patch: Fix argument passing in libffi for + aarch64 + +------------------------------------------------------------------- +Thu May 14 10:58:36 UTC 2015 - jmatejek@suse.com + +- drop the PDF subpackage + (removes the massive texlive dependency, and most likely nobody is + using the PDFs anyway) + +------------------------------------------------------------------- +Thu May 14 09:53:29 UTC 2015 - jmatejek@suse.com + +- python-3.4.3-test-conditional-ssl.patch - restore tests failing because + test_urllib was unconditionally importing ssl (without really needing it) +- restore functionality of multilib patch +- drop libffi-ppc64le.diff because upstream completely changed everything + yet again (sorry ppc64 folks :| ) + + +------------------------------------------------------------------- +Fri May 1 15:11:21 UTC 2015 - mailaender@opensuse.org + +- Update to version 3.4.3 +- Drop upstreamed CVE-2014-4650-CGIHTTPServer-traversal.patch + (bpo#21766) + +------------------------------------------------------------------- +Wed Mar 25 10:57:28 UTC 2015 - rguenther@suse.com + +- Add python-3.4.1-fix-faulthandler.patch, upstream patch for bogus + faulthandler which fails with GCC 5. + +------------------------------------------------------------------- +Sun Jan 11 13:01:30 UTC 2015 - p.drouand@gmail.com + +- asyncio has been merged in python3 main package; provide and + obsolete it +- Remove obsolete AUTHORS section +- Remove redundant %clean section + +------------------------------------------------------------------- +Sat Oct 18 20:14:54 UTC 2014 - crrodriguez@opensuse.org + +- Only pkgconfig(x11) is required for build, not the whole + set of packages provided by xorg-x11-devel metapackage. + +------------------------------------------------------------------- +Mon Oct 13 13:38:20 UTC 2014 - jmatejek@suse.com + +- add %python3_version rpm macro for Fedora compatibility +- add missing argument in import_failed, rename Novell Bugzilla + to SUSE Bugzilla + +------------------------------------------------------------------- +Thu Jul 31 17:24:59 UTC 2014 - dimstar@opensuse.org + +- Rename rpmlintrc to %{name}-rpmlintrc. + Follow the packaging guidelines. + +------------------------------------------------------------------- +Wed Jul 23 16:31:02 UTC 2014 - jmatejek@suse.com + +- CVE-2014-4650-CGIHTTPServer-traversal.patch: CGIHTTPServer file + disclosure and directory traversal through URL-encoded characters + (CVE-2014-4650, bnc#885882) + +------------------------------------------------------------------- +Tue Jul 22 13:55:57 UTC 2014 - jmatejek@suse.com + +- drop python-3.4.1-SUSE-ensurepip.patch for compatibility reasons, + reinstate bundled copies of pip and setuptools + (fixes bnc#885662) +- add more files as sources to silence the validator + +------------------------------------------------------------------- +Wed May 21 11:01:56 UTC 2014 - jmatejek@suse.com + +- update to 3.4.1 + * bugfix-only release, over 300 bugs fixed +- drop upstreamed python-3.4.0rc2-sqlite-3.8.4-tests.patch +- drop upstreamed CVE-2014-2667-mkdir.patch +- include Python release manager keyring and signature file + for the source archive (thus renumbering of source files) + (see https://www.python.org/download/#openpgp-public-keys ) +- move ensurepip to python3, because it transitively requires ssl + +------------------------------------------------------------------- +Fri Apr 4 16:21:40 UTC 2014 - jmatejek@suse.com + +- CVE-2014-2667-mkdir.patch: race condition with reseting umask + in os.makedirs + (CVE-2014-2667, bnc#871152) +- updated multilib patch to include ~/.local/lib64 (bnc#637176) + +------------------------------------------------------------------- +Wed Mar 26 15:24:46 UTC 2014 - jmatejek@suse.com + +- raise timeout value for test_subprocess to 10s (might fix + intermittent build failures in OBS) + +------------------------------------------------------------------- +Mon Mar 24 17:29:31 UTC 2014 - dmueller@suse.com + +- remove blacklisting of test_posix on aarch64: qemu bug is fixed + +------------------------------------------------------------------- +Mon Mar 17 18:26:58 UTC 2014 - jmatejek@suse.com + +- update to 3.4.0 final +- drop upstreamed python-3.4rc2-importlib.patch + +------------------------------------------------------------------- +Sun Mar 16 16:33:25 UTC 2014 - schwab@suse.de + +- Only build with profile-opt if profiling is enabled +- Update test exclusion lists: + * test_ctypes no longer fails on arm + * test_io no longer fails on ppc* + * test_multiprocessing has been split in multiple tests + * test_posix and test_signal fail due to qemu bugs + +------------------------------------------------------------------- +Fri Mar 14 20:26:03 UTC 2014 - andreas.stieger@gmx.de + +- Fix build with SQLite 3.8.4 [bnc#867887], fixing SQLite tests, + adding python-2.7.6-sqlite-3.8.4-tests.patch + +------------------------------------------------------------------- +Thu Feb 27 14:08:40 UTC 2014 - jmatejek@suse.com + +- update to 3.4.0 rc2 + * pre-release bugfixes + * improvements to asyncio library +- drop upstreamed tracemalloc_gcov.patch +- python-3.4rc2-importlib.patch fixes backwards-incompatibility + in the reworked importlib module that blocks build of vim + +------------------------------------------------------------------- +Fri Jan 17 18:45:27 UTC 2014 - jmatejek@suse.com + +- initial commit of 3.4.0 beta 3 + * new stdlib modules: pathlib, enum, statistics, tracemalloc + * asynchronous IO with new asyncio module + * introspection data for builtins + * subprocesses no longer inherit open file descriptors + * standardized metadata for packages + * internal hashing changed to SipHash + * new pickle protocol + * improved handling of codecs + * TLS 1.2 support + * major speed improvements for internal unicode handling + * many bugfixes and optimizations +- see porting guide at: + http://docs.python.org/3.4/whatsnew/3.4.html#porting-to-python-3-4 +- moved several modules to -testsuite subpackage +- updated list of binary extensions, refreshed patches +- tracemalloc_gcov.patch fixes profile-based optimization build +- updated packages and pre_checkin.sh to use ~-version notation + for prereleases +- fix-shebangs part of build process moved to common %prep +- drop python-3.3.2-no-REUSEPORT.patch (upstreamed) +- update baselibs for new soname + +- TODOs: + * require python-pip, make ensurepip work with zypper + +------------------------------------------------------------------- +Wed Dec 4 13:21:26 UTC 2013 - matz@suse.de + +- add ppc64le (ELFv2) support for libffi copy for ctypes module +- Adjust Python-3.3.0b2-multilib.patch for ppc64le (make sys.lib be + "lib64"). +- added patches: + * libffi-ppc64le.diff +------------------------------------------------------------------- +Tue Dec 3 09:51:43 UTC 2013 - adrian@suse.de + +- add ppc64le rules + +------------------------------------------------------------------- +Fri Nov 22 13:17:23 UTC 2013 - speilicke@suse.com + +- Add python-3.3.3-skip-distutils-test_sysconfig_module.patch: + + Disable global and distutils sysconfig comparison test, we deviate + from the default depending on optflags + +------------------------------------------------------------------- +Tue Nov 19 14:28:41 UTC 2013 - jmatejek@suse.com + +- update to 3.3.3 + * bugfix-only release + * many SSL-related fixes + * upstream fix for CVE-2013-4238 + * upstream fixes for CVE-2013-1752 +- move example module xxlimited to python3-testsuite +- drop CVE-2013-4238_py33.patch - it is upstreamed +- remove --with-wide-unicode config option, it is now the default + (and only) choice +- don't touch anything between make and makeinstall +- drop python-3.2b2-buildtime-generate.patch - the issue was caused + by touching things between make and makeinstall +- link pycache entries for import_failed hooks properly + +------------------------------------------------------------------- +Tue Oct 15 17:44:08 UTC 2013 - crrodriguez@opensuse.org + +- build with -DOPENSSL_LOAD_CONF for the same reasons + described in the python2 package. + +------------------------------------------------------------------- +Fri Aug 16 11:35:15 UTC 2013 - jmatejek@suse.com + +- handle NULL bytes in certain fields of SSL certificates + (CVE-2013-4238, bnc#834601) + +------------------------------------------------------------------- +Thu Aug 8 14:54:49 UTC 2013 - dvaleev@suse.com + +- Exclue test_faulthandler from tests on powerpc due to bnc#831629 + +------------------------------------------------------------------- +Thu Jun 13 15:05:34 UTC 2013 - jmatejek@suse.com + +- update to 3.3.2 + * bugfix-only release + * fixes several regressions introduced in 3.3.1 +- switch to xz compression +- move _lzma module to python3-base +- python-3.3.2-no-REUSEPORT.patch to fix build on kernels without SO_REUSEPORT + +------------------------------------------------------------------- +Mon Apr 29 22:32:43 UTC 2013 - schwab@suse.de + +- Readd missing bits from ctypes-libffi-aarch64.patch + +------------------------------------------------------------------- +Sat Apr 13 07:56:51 UTC 2013 - idonmez@suse.com + +- Update to version 3.3.1 + * Fix the –enable-profiling configure switch. + * In IDLE, close the replace dialog after it is used. +- Too many bugfixes to list here, + see See http://hg.python.org/cpython/file/v3.3.0/Misc/NEWS +- Refresh Python-3.3.0b2-multilib.patch +- Refresh python-3.2b2-buildtime-generate.patch +- Drop upstream patches: ctypes-libffi-aarch64.patch, + python-3.2.3rc2-pypirc-secure.patch, python-3.3.0-getdents64.patch + +------------------------------------------------------------------- +Mon Apr 8 11:25:30 UTC 2013 - speilicke@suse.com + +- Exclude sqlite/test and tk/test directories from the respective + sub-packages. These are owned by the testsuite sub-package already + +------------------------------------------------------------------- +Fri Apr 5 12:59:20 UTC 2013 - idonmez@suse.com + +- Add Source URL, see https://en.opensuse.org/title=SourceUrls + +------------------------------------------------------------------- +Wed Apr 3 15:36:04 UTC 2013 - jmatejek@suse.com + +- remove spurious modification of python-3.3.0b1-localpath.patch + that would force installation into /usr/local. + this fixes bnc#809831 + +------------------------------------------------------------------- +Thu Mar 28 18:38:51 UTC 2013 - jmatejek@suse.com + +- replace broken movetogetdents64.diff patch with a correct one + from upstream repo (python-3.3.0-getdents64.patch) + +------------------------------------------------------------------- +Fri Mar 1 07:42:21 UTC 2013 - dmueller@suse.com + +- add ctypes-libffi-aarch64.patch: + * import aarch64 support for libffi in _ctypes module +- add aarch64 to the list of lib64 based archs +- add movetogetdents64.diff: + * port to getdents64, as SYS_getdents is not implemented everywhere + +------------------------------------------------------------------- +Tue Feb 26 08:57:55 UTC 2013 - saschpe@suse.de + +- /etc/rpm/macros.python3 is no %config, it is not meant to be changed + by users. +- Add rpmlintrc with some obvious filters + +------------------------------------------------------------------- +Mon Jan 28 18:14:39 UTC 2013 - jmatejek@suse.com + +- update baselibs for new version of libpython3 + +------------------------------------------------------------------- +Thu Nov 29 17:02:37 UTC 2012 - jmatejek@suse.com + +- fix include path in macros (bnc#787526) +- implement failed import handlers for modules that live in + subpackages - e.g. "import ssl" will now throw a sensible error + message telling you to install "python3" + +------------------------------------------------------------------- +Wed Nov 28 17:02:07 UTC 2012 - jmatejek@suse.com + +- merge python3-xml into python3 +- merge python3-2to3 library into python3-base + and the 2to3 binary into python3-devel + (python3-devel is now in conflict with python-2to3, which + will be dropped) +- enable --with-system-expat for python3, making the xml modules + (and thus python3) depend on expat +- reconfigure tests to disable network and GUI resources, which + the upstream apparently thought is a good idea to enable by default. + this fixes build failures in Factory +- add lzma-devel to build the _lzma module +- moved %dynlib macro definition to common section + +------------------------------------------------------------------- +Mon Nov 5 20:01:46 UTC 2012 - coolo@suse.com + +- buildrequire timezone for the test suite + +------------------------------------------------------------------- +Mon Oct 29 18:21:45 UTC 2012 - dmueller@suse.com + +- disable more checks for qemu builds as they use syscalls not + implemented yet + +------------------------------------------------------------------- +Thu Oct 25 08:14:36 UTC 2012 - Rene.vanPaassen@gmail.com + +- exclude test_math for SLE 11; math library fails on negative + gamma function values close to integers and 0, probably + due to imprecision in -lm on SLE_11_SP2. + +------------------------------------------------------------------- +Tue Oct 16 12:15:34 UTC 2012 - coolo@suse.com + +- buildrequire libbz2-devel explicitly + +------------------------------------------------------------------- +Mon Oct 8 14:33:08 UTC 2012 - jmatejek@suse.com + +- remove distutils.cfg (bnc#658604) + * this changes default prefix for distutils to /usr + * see ML for details: +http://lists.opensuse.org/opensuse-packaging/2012-09/msg00254.html + +------------------------------------------------------------------- +Mon Oct 1 08:53:03 UTC 2012 - idonmez@suse.com + +- Update to final 3.3.0 release + * See http://hg.python.org/cpython/file/v3.3.0/Misc/NEWS + +------------------------------------------------------------------- +Thu Sep 27 12:35:01 UTC 2012 - idonmez@suse.com + +- Correct dependency for python3-testsuite, + python3-tkinter -> python3-tk + +------------------------------------------------------------------- +Thu Aug 23 13:08:11 UTC 2012 - jmatejek@suse.com + +- update to 3.3.0 RC1 + +------------------------------------------------------------------- +Fri Aug 3 12:09:34 UTC 2012 - jmatejek@suse.com + +- update to 3.3.0 beta 1 + * flexible string representation, no longer distinguishing + between wide and narrow Unicode builds + * importlib-based import system + * virtualenv support in core + * namespace packages + * explicit Unicode literals for easier porting + * key-sharing dict implementation reduces memory footprint + of OO code + * hash randomization on by default + * many other new bugfixes and features, check NEWS for details + +- pre_checkin.sh now autofills various version strings in specs +- ship hashlib's fallback modules - those uselessly take up space + when real _hashlib.so from python3 is present, but the space wasted + is only 114kB and it provides python3-base with a working hashlib + module. + (also, this fixes bnc#743787) + +------------------------------------------------------------------- +Fri Jul 27 09:02:41 UTC 2012 - dvaleev@suse.com + +- skip test_io on ppc +- drop test_io ppc patch + +------------------------------------------------------------------- +Thu Jun 28 07:57:58 UTC 2012 - saschpe@suse.de + +- Satisfy source_validator by uncommenting an otherwise unused "Patch" + line + +------------------------------------------------------------------- +Tue Jun 12 15:39:08 UTC 2012 - adrian@suse.de + +- fix logic of checks exclusion + +------------------------------------------------------------------- +Fri May 18 11:50:27 UTC 2012 - idonmez@suse.com + +- update to 3.2.3 + * No changes since rc2 + +------------------------------------------------------------------- +Thu Mar 29 15:44:33 UTC 2012 - jmatejek@suse.com + +- update to 3.2.3rc2 + * fixes several security issues: + * CVE-2012-0845, bnc#747125 + * CVE-2012-1150, bnc#751718 + * CVE-2011-4944, bnc#754447 + * CVE-2011-3389, bnc#754677 +- fix for insecure .pypirc (CVE-2011-4944, bnc#754447) +- disable test_gdb because it is broken by our gdb + +------------------------------------------------------------------- +Thu Feb 16 12:33:12 UTC 2012 - dvaleev@suse.com + +- skip broken test_io test on ppc + +------------------------------------------------------------------- +Wed Jan 18 15:49:47 UTC 2012 - jmatejek@suse.com + +- update to 3.2.2 + * bugfix-only release + * reports "linux2" as sys.platform regardless of Linux kernel +- added pre_checkin.sh to copy common spec sections to python3.spec +- added PACKAGING-NOTES with some helpful info for packagers + +------------------------------------------------------------------- +Sun Dec 25 13:25:01 UTC 2011 - idonmez@suse.com + +- Use system ffi, included one is broken see + http://bugs.python.org/issue11729 and + http://bugs.python.org/issue12081 + +------------------------------------------------------------------- +Fri Dec 9 17:19:55 UTC 2011 - jmatejek@suse.com + +- license.opensuse.org-compatible license headers + +------------------------------------------------------------------- +Fri Dec 2 16:46:44 UTC 2011 - coolo@suse.com + +- add automake as buildrequire to avoid implicit dependency + +------------------------------------------------------------------- +Thu Nov 24 12:42:25 UTC 2011 - agraf@suse.com + +- fix ARM build (exclude some test cases which break for us) + +------------------------------------------------------------------- +Tue Aug 16 17:02:22 UTC 2011 - termim@gmail.com + +- use sysconfig module to get py3_incdir, py3_abiflags, + py3_soflags, python3_sitelib and python3_sitearch + +------------------------------------------------------------------- +Mon Jul 18 16:22:31 UTC 2011 - jmatejek@novell.com + +- update to 3.2.1 + * bugfix-only release, no major changes +- fix build on linux3 platform +- remove upstreamed pybench patch +- install /usr/lib directories in all cases to prevent spurious + "directory not owned" in dependent packages + +------------------------------------------------------------------- +Wed Jun 15 14:16:38 UTC 2011 - jmatejek@novell.com + +- replaced dynamic so version with manual so version, because + autobuild does not support autogeneration + +------------------------------------------------------------------- +Tue May 24 13:39:06 UTC 2011 - jmatejek@novell.com + +- generate macros.python3 at compile-time with fixed values +- don't include bogus values in pyconfig.h, as they can break + third-party packages (bnc#673071) + +------------------------------------------------------------------- +Tue May 17 12:52:51 UTC 2011 - jmatejek@novell.com + +- added Obsoletes: python3 < 3.1 so that the transition from + non-split to split packages goes smoothly + +------------------------------------------------------------------- +Fri May 13 12:38:19 UTC 2011 - jmatejek@novell.com + +- fixed RPM macros to use python3 instead of python +- updated to build --with-wide-unicode (for compatibility with + fedora and our own python 2.x series) + +------------------------------------------------------------------- +Thu Apr 21 03:39:25 UTC 2011 - termim@gmail.com + +- fix python3-base build failure due to pybench.py crash by + python-3.2-pybench.patch +- move pyconfig.h from python3-devel to python3-base package to + make python3-base functional again + +------------------------------------------------------------------- +Wed Mar 23 04:26:28 UTC 2011 - termim@gmail.com + +- update to python 3.2 + * stable ABI, ABI-tagged .so files + * concurrent.futures and many other new or upgraded modules + * PYC repository directories ( __pycache__ ) + * python WSGI 1.0.1 + * Unicode 6.0.0 support + * a great number of bugfixes and assorted improvements + +------------------------------------------------------------------- +Tue Feb 8 19:42:17 CET 2011 - matejcik@suse.cz + +- update to python 3.2 RC2 +- renamed python3-demo to python3-tools, because the demo part + became much smaller than the tools part +- added rpm macros + +------------------------------------------------------------------- +Tue Jan 18 14:13:04 UTC 2011 - jmatejek@novell.com + +- update to python 3.2 beta 2, see NEWS for details +- split off -base package with less dependencies, and a shlib-policy + compliant libpython3 package +- mostly rewritten the spec file with more detailed comments +- cleaned up lists of patches + diff --git a/python311.spec b/python311.spec new file mode 100644 index 0000000..00f4a4d --- /dev/null +++ b/python311.spec @@ -0,0 +1,1048 @@ +# +# spec file for package python311 +# +# Copyright (c) 2025 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%global flavor @BUILD_FLAVOR@%{nil} +%if "%{flavor}" == "doc" +%define psuffix -documentation +%bcond_without doc +%bcond_with base +%bcond_with general +%endif +%if "%{flavor}" == "base" +%define psuffix -core +%bcond_with doc +%bcond_without base +%bcond_with general +%endif +%if "%{flavor}" == "" +%define psuffix %{nil} +%bcond_with doc +%bcond_with base +%bcond_without general +%endif + +%if 0%{?do_profiling} && !0%{?want_reproducible_builds} +%bcond_without profileopt +%else +%bcond_with profileopt +%endif + +# Only for Tumbleweed +# https://en.opensuse.org/openSUSE:Python:Externally_managed +%if 0%{?suse_version} > 1600 +%bcond_without externally_managed +%else +%bcond_with externally_managed +%endif + +%define python_pkg_name python311 +%if "%{python_pkg_name}" == "%{primary_python}" +%define primary_interpreter 1 +%else +%define primary_interpreter 0 +%endif + +# Setting up variables +%define _version %(c=%{version}; echo ${c/[a-z]*/}) +%define tar_suffix %(c=%{_version}; echo ${c#%{_version}}) +%define python_version %(echo %{_version}|cut -d. -f1-2) +# based on the current source tarball +%define python_version_abitag %(c=%{python_version}; echo ${c//./}) +# FIXME %%define python_version_soname %%(c=%%{python_version}; echo ${c//./_}) +%define python_version_soname 3_11 +%if 0%(test -n "%{tar_suffix}" && echo 1) +%define _version %(echo "%{_version}~%{tar_suffix}") +%define tarversion %{version} +%else +%define tarversion %{version} +%endif +# We don't process beta signs well +%define folderversion %{tarversion} +%define tarname Python-%{tarversion} +%define sitedir %{_libdir}/python%{python_version} +# three possible ABI kinds: m - pymalloc, d - debug build; see PEP 3149 +%define abi_kind %{nil} +# python ABI version - used in some file names +%define python_abi %{python_version}%{abi_kind} +# soname ABI tag defined in PEP 3149 +%define abi_tag %{python_version_abitag}%{abi_kind} +# version part of "libpython" package +%define so_major 1 +%define so_minor 0 +%define so_version %{python_version_soname}%{abi_kind}-%{so_major}_%{so_minor} +# rpm and python have different ideas about what is an arch-dependent name, so: +%if "%{__isa_name}" == "ppc" +%define archname %(echo %{_arch} | sed s/ppc/powerpc/) +%else +%define archname %{_arch} +%endif +# our arm has Hardware-Floatingpoint +%if "%{_arch}" == "arm" +%define armsuffix hf +%endif +# Decide whether we want to use mpdecimal +%if 0%{?suse_version} >= 1550 +%bcond_without mpdecimal +%else +%bcond_with mpdecimal +%endif +# pyexpat.cpython-35m-x86_64-linux-gnu +# pyexpat.cpython-35m-powerpc64le-linux-gnu +# pyexpat.cpython-35m-armv7-linux-gnueabihf +# _md5.cpython-38m-x86_64-linux-gnu.so +%define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so +Name: %{python_pkg_name}%{psuffix} +Version: 3.11.13 +Release: 0 +Summary: Python 3 Interpreter +License: Python-2.0 +URL: https://www.python.org/ +Source0: https://www.python.org/ftp/python/%{folderversion}/%{tarname}.tar.xz +Source1: https://www.python.org/ftp/python/%{folderversion}/%{tarname}.tar.xz.sigstore +Source2: baselibs.conf +Source3: README.SUSE +Source4: externally_managed.in +Source7: macros.python3 +Source8: import_failed.py +Source9: import_failed.map +Source10: pre_checkin.sh +Source11: skipped_tests.py +Source19: idle3.desktop +Source20: idle3.appdata.xml +# content of bluez-devel: +# 1. sudo zypper --pkg-cache-dir /tmp install -f -d --no-recommends bluez-devel +# 2. rpm2cpio /tmp/*/*/bluez-devel-*.rpm|cpio -idu +# 3. mkdir Vendor && mv usr/include/* Vendor/ +# 4. tar cJf bluez-devel-vendor.tar.xz Vendor/ +Source21: bluez-devel-vendor.tar.xz +Source98: python311-rpmlintrc +# Tarball is signed by the GPG key of Pablo Galindo Salgado (0x64E628F8D684696D) +# https://keybase.io/pablogsal/pgp_keys.asc?fingerprint=a035c8c19219ba821ecea86b64e628f8d684696d +Source99: python.keyring +# The following files are not used in the build. +# They are listed here to work around missing functionality in rpmbuild, +# which would otherwise exclude them from distributed src.rpm files. +Source100: PACKAGING-NOTES +# PATCH-FEATURE-UPSTREAM F00251-change-user-install-location.patch bsc#[0-9]+ mcepl@suse.com +# Fix installation in /usr/local (boo#1071941), originally from Fedora +# https://src.fedoraproject.org/rpms/python3.12/blob/rawhide/f/00251-change-user-install-location.patch +# Set values of prefix and exec_prefix in distutils install command +# to /usr/local if executable is /usr/bin/python* and RPM build +# is not detected to make pip and distutils install into separate location +Patch02: F00251-change-user-install-location.patch +# PATCH-FEATURE-UPSTREAM distutils-reproducible-compile.patch gh#python/cpython#8057 mcepl@suse.com +# Improve reproduceability +Patch03: distutils-reproducible-compile.patch +# support finding packages in /usr/local, install to /usr/local by default +Patch04: python-3.3.0b1-localpath.patch +# replace DATE, TIME and COMPILER by fixed definitions to aid reproducible builds +Patch05: python-3.3.0b1-fix_date_time_compiler.patch +# Raise timeout value for test_subprocess +Patch07: subprocess-raise-timeout.patch +# PATCH-FEATURE-UPSTREAM bpo-31046_ensurepip_honours_prefix.patch bpo#31046 mcepl@suse.com +# ensurepip should honour the value of $(prefix) +Patch08: bpo-31046_ensurepip_honours_prefix.patch +# PATCH-FIX-SLE no-skipif-doctests.patch jsc#SLE-13738 mcepl@suse.com +# SLE-15 version of Sphinx doesn't know about skipif directive in doctests. +Patch09: no-skipif-doctests.patch +# PATCH-FIX-SLE skip-test_pyobject_freed_is_freed.patch mcepl@suse.com +# skip a test failing on SLE-15 +Patch10: skip-test_pyobject_freed_is_freed.patch +# PATCH-FIX-SLE fix_configure_rst.patch bpo#43774 mcepl@suse.com +# remove duplicate link targets and make documentation with old Sphinx in SLE +Patch11: fix_configure_rst.patch +# PATCH-FIX-UPSTREAM skip_if_buildbot-extend.patch gh#python/cpython#103053 mcepl@suse.com +# Skip test_freeze_simple_script +Patch13: skip_if_buildbot-extend.patch +# PATCH-FIX-UPSTREAM bsc1221260-test_asyncio-ResourceWarning.patch bsc#1221260 mcepl@suse.com +# prevent ResourceWarning in test_asyncio tests +Patch15: bsc1221260-test_asyncio-ResourceWarning.patch +# PATCH-FIX-OPENSUSE CVE-2023-52425-libexpat-2.6.0-backport.patch +# This problem on libexpat is patched on SLE without version +# update, this patch changes the tests to match the libexpat provided +# by SUSE +Patch16: CVE-2023-52425-libexpat-2.6.0-backport.patch +Patch17: CVE-2023-52425-remove-reparse_deferral-tests.patch +# PATCH-FIX-UPSTREAM bso1227999-reproducible-builds.patch bsc#1227999 mcepl@suse.com +# reproducibility patches +Patch19: bso1227999-reproducible-builds.patch +# PATCH-FIX-UPSTREAM gh120226-fix-sendfile-test-kernel-610.patch gh#python/cpython#120226 mcepl@suse.com +# Fix test_sendfile_close_peer_in_the_middle_of_receiving on Linux >= 6.10 (GH-120227) +Patch22: gh120226-fix-sendfile-test-kernel-610.patch +# PATCH-FIX-UPSTREAM Add platform triplets for 64-bit LoongArch gh#python/cpython#30939 glaubitz@suse.com +Patch24: add-loongarch64-support.patch +# PATCH-FIX-UPSTREAM CVE-2025-6069-quad-complex-HTMLParser.patch bsc#1244705 mcepl@suse.com +# avoid quadratic complexity when processing malformed inputs with HTMLParser +Patch25: CVE-2025-6069-quad-complex-HTMLParser.patch +# PATCH-FIX-UPSTREAM CVE-2025-8194-tarfile-no-neg-offsets.patch bsc#1247249 mcepl@suse.com +# tarfile now validates archives to ensure member offsets are non-negative +Patch26: CVE-2025-8194-tarfile-no-neg-offsets.patch +BuildRequires: autoconf-archive +BuildRequires: automake +BuildRequires: crypto-policies-scripts +BuildRequires: fdupes +BuildRequires: gmp-devel +BuildRequires: lzma-devel +BuildRequires: netcfg +BuildRequires: openssl-devel +BuildRequires: pkgconfig +BuildRequires: xz +BuildRequires: pkgconfig(bzip2) +BuildRequires: pkgconfig(expat) +BuildRequires: pkgconfig(libffi) +BuildRequires: pkgconfig(uuid) +BuildRequires: pkgconfig(zlib) +#!BuildIgnore: gdk-pixbuf-loader-rsvg +%if 0%{?suse_version} >= 1550 +# The provider for python(abi) is in rpm-build-python +BuildRequires: rpm-build-python +%endif +%if 0%{?suse_version} >= 1500 && 0%{?suse_version} < 1599 +BuildRequires: pkgconfig(libnsl) +BuildRequires: pkgconfig(libtirpc) +%endif +%if %{with mpdecimal} +BuildRequires: mpdecimal-devel +%endif +%if %{with doc} +BuildRequires: python3-Sphinx >= 4.0.0 +%if 0%{?suse_version} >= 1500 +BuildRequires: python3-python-docs-theme >= 2022.1 +%endif +%endif +%if %{with general} +# required for idle3 (.desktop and .appdata.xml files) +BuildRequires: appstream-glib +BuildRequires: gcc-c++ +BuildRequires: gdbm-devel +BuildRequires: gettext +BuildRequires: readline-devel +BuildRequires: sqlite-devel +BuildRequires: timezone +BuildRequires: pkgconfig(ncurses) +BuildRequires: pkgconfig(tk) +BuildRequires: pkgconfig(x11) +Requires: %{python_pkg_name}-base = %{version} +Provides: %{python_pkg_name}-readline +Provides: %{python_pkg_name}-sqlite3 +Recommends: %{python_pkg_name}-curses +Recommends: %{python_pkg_name}-dbm +Recommends: %{python_pkg_name}-pip +%if %{primary_interpreter} +Provides: python3 = %{python_version} +Provides: python3-readline +Provides: python3-sqlite3 +%endif +%endif +%{?suse_build_hwcaps_libs} + +%description +Python 3 is modern interpreted, object-oriented programming language, +often compared to Tcl, Perl, Scheme, or Java. You can find an overview +of Python in the documentation and tutorials included in the python3-doc +package. + +This package supplies rich command line features provided by readline, +and sqlite3 support for the interpreter core, thus forming a so called +"extended" runtime. +Installing "python3" is sufficient for the vast majority of usecases. +In addition, recommended packages provide UI toolkit support (python3-curses, +python3-tk), legacy UNIX database bindings (python3-dbm), and the IDLE +development environment (python3-idle). + +%package -n %{python_pkg_name}-tk +Summary: TkInter, a Python Tk Interface +Requires: %{python_pkg_name} = %{version} +%if %{primary_interpreter} +Provides: python3-tk = %{version} +%endif + +%description -n %{python_pkg_name}-tk +Python interface to Tk. Tk is the GUI toolkit that comes with Tcl. + +%package -n %{python_pkg_name}-curses +Summary: Python Interface to the (N)Curses Library +Requires: %{python_pkg_name} = %{version} +%if %{primary_interpreter} +Provides: python3-curses +%endif + +%description -n %{python_pkg_name}-curses +An easy to use interface to the (n)curses CUI library. CUI stands for +Console User Interface. + +%package -n %{python_pkg_name}-dbm +Summary: Python Interface to the GDBM Library +Requires: %{python_pkg_name} = %{version} +%if %{primary_interpreter} +Provides: python3-dbm +%endif + +%description -n %{python_pkg_name}-dbm +An easy to use interface for Unix DBM databases, and more specifically, +the GNU implementation GDBM. + +%package -n %{python_pkg_name}-idle +Summary: An Integrated Development Environment for Python +Requires: %{python_pkg_name} = %{version} +Requires: %{python_pkg_name}-tk +%if %{primary_interpreter} +Provides: python3-idle = %{version} +%endif + +%description -n %{python_pkg_name}-idle +IDLE is a Tkinter based integrated development environment for Python. +It features a multi-window text editor with multiple undo, Python +colorizing, and many other things, as well as a Python shell window and +a debugger. + +%package -n %{python_pkg_name}-doc +Summary: Package Documentation for Python 3 +Enhances: %{python_pkg_name} = %{python_version} +%if %{primary_interpreter} +Provides: python3-doc = %{version} +%endif + +%description -n %{python_pkg_name}-doc +Tutorial, Global Module Index, Language Reference, Library Reference, +Extending and Embedding Reference, Python/C API Reference, Documenting +Python, and Macintosh Module Reference in HTML format. + +%package -n %{python_pkg_name}-doc-devhelp +Summary: Additional Package Documentation for Python 3 in devhelp format +%if %{primary_interpreter} +Provides: python3-doc-devhelp = %{version} +%endif + +%description -n %{python_pkg_name}-doc-devhelp +Tutorial, Global Module Index, Language Reference, Library Reference, +Extending and Embedding Reference, Python/C API Reference, Documenting +Python, and Macintosh Module Reference in format for devhelp. + +%package -n %{python_pkg_name}-base +Summary: Python 3 Interpreter and Stdlib Core +Requires: libpython%{so_version} = %{version} +Recommends: %{python_pkg_name} = %{version} +#Recommends: python3-ensurepip +# python 3.1 didn't have a separate python-base, so it is wrongly +# not a conflict to have python3-3.1 and python3-base > 3.1 +Obsoletes: python3 < 3.2 +# no Provides, because python3 is obviously provided by package python3 +# python 3.4 provides asyncio +Provides: %{python_pkg_name}-asyncio = %{version} +# python 3.6 provides typing +Provides: %{python_pkg_name}-typing = %{version} +# python3-xml was merged into python3, now moved into -base +Provides: %{python_pkg_name}-xml = %{version} +%if %{primary_interpreter} +Provides: python3-asyncio = %{version} +Obsoletes: python3-asyncio < %{version} +Provides: python3-base = %{version} +Obsoletes: python3-base < %{version} +Provides: python3-typing = %{version} +Obsoletes: python3-typing < %{version} +Provides: python3-xml = %{version} +Obsoletes: python3-xml < %{version} +%endif + +%description -n %{python_pkg_name}-base +Python is an interpreted, object-oriented programming language, and is +often compared to Tcl, Perl, Scheme, or Java. You can find an overview +of Python in the documentation and tutorials included in the python-doc +package. + +This package contains the interpreter core and most commonly used modules +from the standard library. This is sufficient for many usecases, but it +excludes components that depend on external libraries, most notably XML, +database and UI toolkits support. + +%package -n %{python_pkg_name}-tools +Summary: Python Utility and Demonstration Scripts +Requires: %{python_pkg_name}-base = %{version} +Provides: %{python_pkg_name}-2to3 = %{version} +Provides: %{python_pkg_name}-demo = %{version} +%if %{primary_interpreter} +Provides: python3-2to3 = %{version} +Provides: python3-demo = %{version} +Provides: python3-tools = %{version} +Obsoletes: python3-2to3 < %{version} +Obsoletes: python3-demo < %{version} +%endif + +%description -n %{python_pkg_name}-tools +A number of scripts that are useful for building, testing or extending Python, +and a set of demonstration programs. + +%package -n %{python_pkg_name}-devel +Summary: Include Files and Libraries Mandatory for Building Python Modules +Requires: %{python_pkg_name}-base = %{version} +%if %{primary_interpreter} +Provides: python3-devel = %{version} +%endif + +%description -n %{python_pkg_name}-devel +The Python programming language's interpreter can be extended with +dynamically loaded extensions and can be embedded in other programs. + +This package contains header files, a static library, and development +tools for building Python modules, extending the Python interpreter or +embedding Python in applications. + +This also includes the Python distutils, which were in the Python +package up to version 2.2.2. + +%package -n %{python_pkg_name}-testsuite +Summary: Unit tests for Python and its standard library +Requires: %{python_pkg_name} = %{version} +Requires: %{python_pkg_name}-tk = %{version} +%if %{primary_interpreter} +Provides: python3-testsuite = %{version} +%endif + +%description -n %{python_pkg_name}-testsuite +Unit tests that are useful for verifying integrity and functionality +of the installed Python interpreter and standard library. +They are a documented part of stdlib, as a module 'test'. + +%package -n libpython%{so_version} +Summary: Python Interpreter shared library +Requires: %{python_pkg_name}-base >= %{version} + +%description -n libpython%{so_version} +Python is an interpreted, object-oriented programming language, and is +often compared to Tcl, Perl, Scheme, or Java. You can find an overview +of Python in the documentation and tutorials included in the python-doc +(HTML) or python-doc-pdf (PDF) packages. + +This package contains libpython3.2 shared library for embedding in +other applications. + +%prep +%setup -q -n %{tarname} + +%autopatch -p1 -M 08 +%if 0%{?suse_version} <= 1500 +%patch -P 09 -p1 +%endif +%autopatch -p1 -m 10 + +# drop Autoconf version requirement +sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac + +%if %{primary_interpreter} +# fix shebangs - convert /usr/local/bin/python and /usr/bin/env/python to /usr/bin/python3 +for dir in Lib Tools; do + # find *.py, filter to files that contain bad shebangs + # break up "/""usr" like this to prevent replacing with %%{_prefix} + find $dir -name '*.py' -type f -print0 \ + | xargs -0 grep -lE '^#! *(/''usr/.*bin/(env +)?)?python' \ + | xargs sed -r -i -e '1s@^#![[:space:]]*(/''usr/(local/)?bin/(env +)?)?python([0-9]+(\.[0-9]+)?)?@#!%{_bindir}/python3@' +done +%else +# For non-primary Python, just don't bother (bsc#1193179) and remove all +# those shebangs +for dir in Lib Tools; do + find $dir -name '*.py' -type f -exec sed -i '1{/^#!.*python/ d}' '{}' \; +done +# We shortened the file Lib/pdb.py so we have to move the test breakpoint location +sed -i -e '/Breakpoint 3 at ...pdb.py:97/s/97/96/' Lib/test/test_pdb.py +%endif + +# drop in-tree libffi and expat +rm -r Modules/_ctypes/libffi* Modules/_ctypes/darwin +# Cannot remove it because of gh#python/cpython#92875 +# rm -r Modules/expat + +# drop duplicate README from site-packages +rm Lib/site-packages/README.txt + +# Add vendored bluez-devel files +tar xvf %{SOURCE21} + +# Don't fail on warnings when building documentation +sed -i -e '/^SPHINXERRORHANDLING/s/-W//' Doc/Makefile + +%build +%if %{with doc} +TODAY_DATE=`date -r %{SOURCE0} "+%%B %%d, %%Y"` +# TODO use not date of tarball but date of latest patch + +cd Doc +sed -i "s/^today = .*/today = '$TODAY_DATE'/" conf.py +%make_build -j1 JOBS=1 html + +# Build also devhelp files +sphinx-build -a -b devhelp . build/devhelp +rm -rfv build/devhelp/.doctrees +%else +%define _lto_cflags %{nil} +# use rpm_opt_flags +export OPT="%{optflags} -DOPENSSL_LOAD_CONF -fwrapv $(pkg-config --cflags-only-I libffi) -fno-semantic-interposition" + +touch -r %{SOURCE0} Makefile.pre.in + +autoreconf -fvi + +%if 0%{?sles_version} +sed -e 's/-fprofile-correction//' -i Makefile.pre.in +%endif + +export CFLAGS="%{optflags} -IVendor/" + +%configure \ + --with-platlibdir=%{_lib} \ + --docdir=%{_docdir}/python \ + --enable-ipv6 \ + --enable-shared \ + --with-ensurepip=no \ + --with-system-ffi \ + --with-system-expat \ + --with-lto \ +%if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150400 + --with-ssl-default-suites=openssl \ +%endif +%if %{with profileopt} + --enable-optimizations \ +%endif +%if %{with mpdecimal} + --with-system-libmpdec \ +%endif + --enable-loadable-sqlite-extensions + +# prevent make from trying to rebuild PYTHON_FOR_GEN stuff +# %%make_build -t Python/Python-ast.c \ + # Include/Python-ast.h \ + # Objects/typeslots.inc \ + # Python/opcode_targets.h \ + # Include/opcode.h +%make_build + +%if %{with general} +%make_build +%endif +%if %{with base} +%if %{with profileopt} + target=profile-opt +%else + target=all +%endif +LD_LIBRARY_PATH=.:$LD_LIBRARY_PATH \ + %make_build $target +%endif +%endif + +%check +export SUSE_VERSION="0%{?suse_version}" +export SLE_VERSION="0%{?sle_version}" +%if %{with general} +# exclude test_gdb -- it doesn't run in buildservice anyway, and fails on missing debuginfos +# when you install gdb into your test env +EXCLUDE="test_gdb" +# we patch out the message to recommend zypper in and thus this would fail +EXCLUDE="$EXCLUDE test_pydoc" + +%ifarch %{arm} s390x +# test_multiprocessing_forkserver is racy +EXCLUDE="$EXCLUDE test_multiprocessing_forkserver" +%endif +%ifarch ppc ppc64 ppc64le +# exclue test_faulthandler due to bnc#831629 +EXCLUDE="$EXCLUDE test_faulthandler" +%endif +# some tests break in QEMU +%if 0%{?qemu_user_space_build} +EXCLUDE="$EXCLUDE test_faulthandler test_multiprocessing_forkserver test_multiprocessing_spawn test_os test_posix test_signal test_socket test_subprocess" +%endif + +# This test (part of test_uuid) requires real network interfaces +# so that ifconfig output has "HWaddr ". Some kvm instances +# done have any such interface breaking the uuid module. +EXCLUDE="$EXCLUDE test_uuid" + +# bsc#1195140 and bpo#37169 - test_capi is failing on openSUSE, and not sure why +EXCLUDE="$EXCLUDE test_capi" + +# Limit virtual memory to avoid spurious failures +if test $(ulimit -v) = unlimited || test $(ulimit -v) -gt 10000000; then + ulimit -v 11000000 || : +fi + +# test_freeze_simple_script in test.test_tools.test_freeze.TestFreeze +# uses CONFIG_ARGS to run ./configure. +export CONFIG_ARGS="--enable-ipv6 --enable-shared --with-ensurepip=no \ + --with-system-ffi --with-system-expat --with-lto --enable-optimizations \ + --with-system-libmpdec --enable-loadable-sqlite-extensions" + +export PYTHONPATH="$(pwd -P)/Lib" +# Use timeout, like make target buildbottest +# We cannot run tests parallel, because osc build environment doesn’t +# have /dev/shm +%make_build -j1 test TESTOPTS="-u curses -v -x $EXCLUDE --timeout=5400" +# use network, be verbose: +#make test TESTOPTS="-l -u network -v" +%endif + +%install +%if %{with doc} +export PDOCS=%{buildroot}%{_docdir}/python%{python_version} +mkdir -p $PDOCS +# generated docs +rm Doc/build/*/.buildinfo +cp -r Doc/build/html $PDOCS +# misc +install -d -m 755 $PDOCS/Misc +rm Misc/README.AIX +for i in Misc/* ; do + [ -f $i ] && install -c -m 644 $i $PDOCS/Misc/ +done +# devhelp +mkdir -p %{buildroot}%{_datadir}/gtk-doc/html +cp -r Doc/build/devhelp %{buildroot}%{_datadir}/gtk-doc/html/Python%{python_version} +rm -rf %{buildroot}%{_datadir}/gtk-doc/html/Python%{python_version}/.doctrees +%endif +%if %{with general} +%make_install + +# clean out stuff that is in python-base and subpackages + +find %{buildroot}%{_bindir} -mindepth 1 -not -name "*idle3*" -print -delete +rm %{buildroot}%{_libdir}/lib* +rm -r %{buildroot}%{_libdir}/pkgconfig +rm -r %{buildroot}%{_mandir}/* +rm -r %{buildroot}%{_includedir}/* + +rm -r %{buildroot}%{sitedir}/config* +find %{buildroot}%{sitedir} -name "*.egg-info" -delete +rm -r %{buildroot}%{sitedir}/__pycache__ +rm -r %{buildroot}%{sitedir}/site-packages +rm %{buildroot}%{sitedir}/*.* + +for module in \ + asyncio ctypes collections concurrent distutils email encodings \ + ensurepip html http re \ + importlib json logging multiprocessing pydoc_data unittest \ + urllib venv wsgiref lib2to3 test tomllib turtledemo \ + xml xmlrpc zoneinfo __phello__ +do + rm -r %{buildroot}%{sitedir}/$module +done + +for library in \ + array _asyncio audioop binascii _bisect _bz2 cmath _codecs_* \ + _contextvars _crypt _csv _ctypes _datetime _decimal fcntl grp \ + _hashlib _heapq _json _lsprof _lzma math mmap _multibytecodec \ + _multiprocessing _opcode ossaudiodev _pickle _posixshmem \ + _posixsubprocess _queue _random resource select _ssl _socket spwd \ + _statistics _struct syslog termios _testbuffer _testimportmultiple \ + _testmultiphase unicodedata zlib _ctypes_test _testinternalcapi _testcapi \ + _typing _testclinic xxlimited xxlimited_35 \ + _xxtestfuzz _xxsubinterpreters _elementtree pyexpat _md5 _sha1 \ + _sha256 _sha512 _blake2 _sha3 _uuid _zoneinfo +do + eval rm "%{buildroot}%{sitedir}/lib-dynload/$library.*" +done + +# Idle is not packaged in base due to the appstream-glib dependency +# move idle config into /etc +install -d -m 755 %{buildroot}%{_sysconfdir}/idle%{python_version} +( + cd %{buildroot}/%{sitedir}/idlelib/ + for file in *.def ; do + mv $file %{buildroot}%{_sysconfdir}/idle%{python_version}/ + ln -sf %{_sysconfdir}/idle%{python_version}/$file %{buildroot}/%{sitedir}/idlelib/ + done +) + +# keep just idle3.X +rm %{buildroot}%{_bindir}/idle3 + +# install idle icons +for size in 16 32 48 ; do + install -m 644 -D Lib/idlelib/Icons/idle_${size}.png \ + %{buildroot}%{_datadir}/icons/hicolor/${size}x${size}/apps/idle%{python_version}.png +done + +# install idle desktop file +cp %{SOURCE19} idle%{python_version}.desktop +sed -i -e 's:idle3:idle%{python_version}:g' idle%{python_version}.desktop +install -m 644 -D -t %{buildroot}%{_datadir}/applications idle%{python_version}.desktop + +cp %{SOURCE20} idle%{python_version}.appdata.xml +sed -i -e 's:idle3.desktop:idle%{python_version}.desktop:g' idle%{python_version}.appdata.xml +install -m 644 -D -t %{buildroot}%{_datadir}/metainfo idle%{python_version}.appdata.xml +appstream-util validate-relax --nonet %{buildroot}%{_datadir}/metainfo/idle%{python_version}.appdata.xml + +%fdupes %{buildroot}/%{_libdir}/python%{python_version} +%endif +%if %{with base} +%make_install + +# remove .a +find %{buildroot} -name "*.a" -delete + +# install "site-packages" and __pycache__ for third parties +install -d -m 755 %{buildroot}%{sitedir}/site-packages +install -d -m 755 %{buildroot}%{sitedir}/site-packages/__pycache__ +# and their 32bit counterparts explicitly +mkdir -p %{buildroot}%{_prefix}/lib/python%{python_version}/site-packages/__pycache__ + +# cleanup parts that don't belong +for dir in curses dbm sqlite3 tkinter idlelib; do + find "%{buildroot}/%{sitedir}/$dir"/* -maxdepth 0 -name "test" -o -exec rm -rf {} + +done +rm -fv %{buildroot}%{dynlib nis} + +# overwrite the copied binary with a link +ln -sf python%{python_version} %{buildroot}%{_bindir}/python3 + +# decide to ship python3 or just python3.X +%if !%{primary_interpreter} +# base +rm %{buildroot}%{_bindir}/python3 +rm %{buildroot}%{_bindir}/pydoc3 +rm %{buildroot}%{_mandir}/man1/python3.1 +# devel +rm %{buildroot}%{_bindir}/python3-config +rm %{buildroot}%{_libdir}/libpython3.so +rm %{buildroot}%{_libdir}/pkgconfig/{python3,python3-embed}.pc +%endif + +%if %{with externally_managed} +# PEP-0668 mark this as a distro maintained python +sed -e 's,__PYTHONPREFIX__,%{python_pkg_name},' -e 's,__PYTHON__,python%{python_version},' < %{SOURCE4} > %{buildroot}%{sitedir}/EXTERNALLY-MANAGED +%endif + +# link shared library instead of static library that tools expect +ln -s ../../libpython%{python_abi}.so %{buildroot}%{_libdir}/python%{python_version}/config-%{python_abi}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}/libpython%{python_abi}.so + +# delete idle3, which has to many packaging dependencies for base +rm %{buildroot}%{_bindir}/idle3* + +# delete the generic 2to3 binary if we are not primary +%if !%{primary_interpreter} +rm %{buildroot}%{_bindir}/2to3 +%endif + +# replace duplicate .pyo/.pyc with hardlinks +%fdupes %{buildroot}/%{sitedir} + +# documentation +export PDOCS=%{buildroot}%{_docdir}/%{name} +install -d -m 755 $PDOCS +install -c -m 644 %{SOURCE3} $PDOCS/ +install -c -m 644 README.rst $PDOCS/ + +# tools +for x in `find Tools/ \( -not -name Makefile \) -print | sort` ; do + test -d $x && ( install -c -m 755 -d $PDOCS/$x ) \ + || ( install -c -m 644 $x $PDOCS/$x ) +done +# gdb script is shipped with devel subpackage +rm -r $PDOCS/Tools/gdb +# clean up the bat files +find "$PDOCS" -name "*.bat" -delete + +# put gdb helper script into place +install -m 755 -D Tools/gdb/libpython.py %{buildroot}%{_datadir}/gdb/auto-load/%{_libdir}/libpython%{python_abi}.so.%{so_major}.%{so_minor}-gdb.py + +# install devel files to /config +#cp Makefile Makefile.pre.in Makefile.pre $RPM_BUILD_ROOT%%{sitedir}/config-%%{python_abi}/ + +# Remove -IVendor/ from python-config boo#1231795 +sed -i 's/-IVendor\///' %{buildroot}%{_bindir}/python%{python_abi}-config + +# RPM macros +%if %{primary_interpreter} +mkdir -p %{buildroot}%{_rpmconfigdir}/macros.d/ +install -m 644 %{SOURCE7} %{buildroot}%{_rpmconfigdir}/macros.d/ # macros.python3 +%endif + +# import_failed hooks +FAILDIR=%{buildroot}/%{sitedir}/_import_failed +mkdir $FAILDIR +install -m 644 %{SOURCE8} %{SOURCE9} $FAILDIR # import_failed.* +LD_LIBRARY_PATH=. ./python -c "from py_compile import compile; compile('$FAILDIR/import_failed.py', dfile='%{sitedir}/_import_failed/import_failed.py')" +LD_LIBRARY_PATH=. ./python -O -c "from py_compile import compile; compile('$FAILDIR/import_failed.py', dfile='%{sitedir}/_import_failed/import_failed.py')" +( + cd $FAILDIR + while read package modules; do + for module in $modules; do + ln import_failed.py $module.py + pushd __pycache__ + for i in import_failed*; do + ln $i "$module${i#import_failed}" + done + popd + done + done < %{SOURCE9} +) +echo %{sitedir}/_import_failed > %{buildroot}/%{sitedir}/site-packages/zzzz-import-failed-hooks.pth +%endif + +# For the purposes of reproducibility, it is necessary to eliminate any *.pyc files inside documentation dirs +if [ -d %{buildroot}%{_defaultdocdir} ] ; then +find %{buildroot}%{_defaultdocdir} -type f -name \*.pyc -ls -exec rm -vf '{}' \; +fi + +%if %{with general} +%files -n %{python_pkg_name}-tk +%{sitedir}/tkinter +%exclude %{sitedir}/tkinter/test +%{dynlib _tkinter} + +%files -n %{python_pkg_name}-curses +%{sitedir}/curses +%{dynlib _curses} +%{dynlib _curses_panel} + +%files -n %{python_pkg_name}-dbm +%{sitedir}/dbm +%{dynlib _dbm} +%{dynlib _gdbm} + +%files -n %{python_pkg_name} +%dir %{sitedir} +%dir %{sitedir}/lib-dynload +%{sitedir}/sqlite3 +%exclude %{sitedir}/sqlite3/test +%{dynlib readline} +%{dynlib _sqlite3} +%if 0%{?suse_version} < 1599 +%{dynlib nis} +%endif + +%files -n %{python_pkg_name}-idle +%{sitedir}/idlelib +%dir %{_sysconfdir}/idle%{python_version} +%config %{_sysconfdir}/idle%{python_version}/* +%doc Lib/idlelib/README.txt +%doc Lib/idlelib/TODO.txt +%doc Lib/idlelib/extend.txt +%doc Lib/idlelib/ChangeLog +%{_bindir}/idle%{python_version} +%{_datadir}/applications/idle%{python_version}.desktop +%{_datadir}/metainfo/idle%{python_version}.appdata.xml +%{_datadir}/icons/hicolor/*/apps/idle%{python_version}.png +%dir %{_datadir}/icons/hicolor +%dir %{_datadir}/icons/hicolor/16x16 +%dir %{_datadir}/icons/hicolor/32x32 +%dir %{_datadir}/icons/hicolor/48x48 +%dir %{_datadir}/icons/hicolor/*/apps +# endif for if general +%endif + +%if %{with doc} +%files -n %{python_pkg_name}-doc +%dir %{_docdir}/python%{python_version} +%doc %{_docdir}/python%{python_version}/Misc +%doc %{_docdir}/python%{python_version}/html + +%files -n %{python_pkg_name}-doc-devhelp +%dir %{_datadir}/gtk-doc +%dir %{_datadir}/gtk-doc/html +%doc %{_datadir}/gtk-doc/html/Python%{python_version} +%endif + +%if %{with base} +%post -n libpython%{so_version} -p /sbin/ldconfig +%postun -n libpython%{so_version} -p /sbin/ldconfig + +%files -n libpython%{so_version} +%{_libdir}/libpython%{python_abi}.so.%{so_major}.%{so_minor} + +%files -n %{python_pkg_name}-tools +%{sitedir}/turtledemo +%if %{primary_interpreter} +%{_bindir}/2to3 +%endif +%attr(755, root, root)%{_bindir}/2to3-%{python_version} +%doc %{_docdir}/%{name}/Tools + +%files -n %{python_pkg_name}-devel +%{_libdir}/libpython%{python_abi}.so +%if %{primary_interpreter} +%{_libdir}/libpython3.so +%endif +%{_libdir}/pkgconfig/* +%{_includedir}/python%{python_abi} +%{sitedir}/config-%{python_abi}-* +%{_bindir}/python%{python_abi}-config +%if %{primary_interpreter} +%{_bindir}/python3-config +%endif +# Own these directories to not depend on gdb +%dir %{_datadir}/gdb +%dir %{_datadir}/gdb/auto-load +%dir %{_datadir}/gdb/auto-load%{_prefix} +%dir %{_datadir}/gdb/auto-load%{_libdir} +%{_datadir}/gdb/auto-load/%{_libdir}/libpython%{python_abi}.so.%{so_major}.%{so_minor}-gdb.py + +%files -n %{python_pkg_name}-testsuite +%{sitedir}/test +%{sitedir}/*/test +%{sitedir}/*/tests +%{dynlib _ctypes_test} +%{dynlib _testbuffer} +%{dynlib _testcapi} +%{dynlib _testclinic} +%{dynlib _testinternalcapi} +%{dynlib _testimportmultiple} +%{dynlib _testmultiphase} +%{dynlib xxlimited} +# workaround for missing packages +%dir %{sitedir}/sqlite3 +%dir %{sitedir}/tkinter + +%files -n %{python_pkg_name}-base +# docs +%dir %{_docdir}/%{name} +%doc %{_docdir}/%{name}/README.rst +%license LICENSE +%doc %{_docdir}/%{name}/README.SUSE +%if %{primary_interpreter} +%{_mandir}/man1/python3.1%{?ext_man} +%endif +%{_mandir}/man1/python%{python_version}.1%{?ext_man} +%if %{with externally_managed} +# PEP-0668 +%{sitedir}/EXTERNALLY-MANAGED +%endif +# license text, not a doc because the code can use it at run-time +%{sitedir}/LICENSE.txt +# RPM macros +%if %{primary_interpreter} +%{_rpmconfigdir}/macros.d/macros.python3 +%endif +# binary parts +%dir %{sitedir}/lib-dynload +%{dynlib array} +%{dynlib _asyncio} +%{dynlib audioop} +%{dynlib binascii} +%{dynlib _bisect} +%{dynlib _bz2} +%{dynlib cmath} +%{dynlib _codecs_cn} +%{dynlib _codecs_hk} +%{dynlib _codecs_iso2022} +%{dynlib _codecs_jp} +%{dynlib _codecs_kr} +%{dynlib _codecs_tw} +%{dynlib _contextvars} +%{dynlib _crypt} +%{dynlib _csv} +%{dynlib _ctypes} +%{dynlib _datetime} +%{dynlib _decimal} +%{dynlib _elementtree} +%{dynlib fcntl} +%{dynlib grp} +%{dynlib _hashlib} +%{dynlib _heapq} +%{dynlib _json} +%{dynlib _lsprof} +%{dynlib _lzma} +%{dynlib math} +%{dynlib mmap} +%{dynlib _multibytecodec} +%{dynlib _multiprocessing} +%{dynlib _opcode} +%{dynlib ossaudiodev} +%{dynlib _pickle} +%{dynlib _posixshmem} +%{dynlib _posixsubprocess} +%{dynlib pyexpat} +%{dynlib _queue} +%{dynlib _random} +%{dynlib resource} +%{dynlib select} +%{dynlib _socket} +%{dynlib spwd} +%{dynlib _ssl} +%{dynlib _statistics} +%{dynlib _struct} +%{dynlib syslog} +%{dynlib termios} +%{dynlib _typing} +%{dynlib unicodedata} +%{dynlib _uuid} +%{dynlib _xxsubinterpreters} +%{dynlib _xxtestfuzz} +%{dynlib xxlimited_35} +%{dynlib zlib} +%{dynlib _zoneinfo} +# hashlib fallback modules +%{dynlib _blake2} +%{dynlib _md5} +%{dynlib _sha1} +%{dynlib _sha256} +%{dynlib _sha512} +%{dynlib _sha3} +# python parts +%dir %{_prefix}/lib/python%{python_version} +%dir %{_prefix}/lib/python%{python_version}/site-packages +%dir %{_prefix}/lib/python%{python_version}/site-packages/__pycache__ +%dir %{sitedir} +%dir %{sitedir}/site-packages +%dir %{sitedir}/site-packages/__pycache__ +%exclude %{sitedir}/*/test +%exclude %{sitedir}/*/tests +%{sitedir}/*.py +%{sitedir}/asyncio +%{sitedir}/ctypes +%{sitedir}/collections +%{sitedir}/concurrent +%{sitedir}/distutils +%{sitedir}/email +%{sitedir}/encodings +%{sitedir}/ensurepip +%{sitedir}/html +%{sitedir}/http +%{sitedir}/importlib +%{sitedir}/json +%{sitedir}/lib2to3 +%{sitedir}/logging +%{sitedir}/multiprocessing +%{sitedir}/pydoc_data +%{sitedir}/re +%{sitedir}/tomllib +%{sitedir}/unittest +%{sitedir}/urllib +%{sitedir}/venv +%{sitedir}/wsgiref +%{sitedir}/xml +%{sitedir}/xmlrpc +%{sitedir}/zoneinfo +%{sitedir}/__phello__ +%{sitedir}/__pycache__ +# import-failed hooks +%{sitedir}/_import_failed +%{sitedir}/site-packages/zzzz-import-failed-hooks.pth +# symlinks +%if %{primary_interpreter} +%{_bindir}/python3 +%{_bindir}/pydoc3 +%endif +# executables +%attr(755, root, root) %{_bindir}/pydoc%{python_version} +# %%attr(755, root, root) %%{_bindir}/python%%{python_abi} +%attr(755, root, root) %{_bindir}/python%{python_version} +# endif for if base +%endif + +%changelog diff --git a/skip-test_pyobject_freed_is_freed.patch b/skip-test_pyobject_freed_is_freed.patch new file mode 100644 index 0000000..6f48b09 --- /dev/null +++ b/skip-test_pyobject_freed_is_freed.patch @@ -0,0 +1,23 @@ +--- + Lib/test/test_capi/test_misc.py | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/Lib/test/test_capi/test_misc.py ++++ b/Lib/test/test_capi/test_misc.py +@@ -40,6 +40,8 @@ import _testinternalcapi + # Were we compiled --with-pydebug or with #define Py_DEBUG? + Py_DEBUG = hasattr(sys, 'gettotalrefcount') + ++# Which version of the SLE distro we build on? ++SLE_VERSION = int(os.environ.get('SLE_VERSION', '0'), 10) + + NULL = None + +@@ -1281,6 +1283,7 @@ class PyMemDebugTests(unittest.TestCase) + def test_pyobject_forbidden_bytes_is_freed(self): + self.check_pyobject_is_freed('check_pyobject_forbidden_bytes_is_freed') + ++ @unittest.skipIf(0 < SLE_VERSION < 150300, 'Failing on Leap 15.*') + def test_pyobject_freed_is_freed(self): + self.check_pyobject_is_freed('check_pyobject_freed_is_freed') + diff --git a/skip_if_buildbot-extend.patch b/skip_if_buildbot-extend.patch new file mode 100644 index 0000000..fd9a584 --- /dev/null +++ b/skip_if_buildbot-extend.patch @@ -0,0 +1,15 @@ +--- + Lib/test/support/__init__.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/Lib/test/support/__init__.py ++++ b/Lib/test/support/__init__.py +@@ -384,7 +384,7 @@ def skip_if_buildbot(reason=None): + if not reason: + reason = 'not suitable for buildbots' + try: +- isbuildbot = getpass.getuser().lower() == 'buildbot' ++ isbuildbot = getpass.getuser().lower() in ['buildbot', 'abuild'] + except (KeyError, EnvironmentError) as err: + warnings.warn(f'getpass.getuser() failed {err}.', RuntimeWarning) + isbuildbot = False diff --git a/skipped_tests.py b/skipped_tests.py new file mode 100644 index 0000000..47002e6 --- /dev/null +++ b/skipped_tests.py @@ -0,0 +1,69 @@ +#!/usr/bin/python3 +""" +Simple regexp-based skipped test checker. +It lists tests that are mentioned (presumably for exclusion) +in BASE, and in MAIN (presumably for inclusion) +and reports discrepancies. + +This will have a number of +""" + +MAIN = "python39.spec" + +import glob +import re +from os.path import basename + +alltests = set() +qemu_exclusions = set() + +for item in glob.glob("Python-*/Lib/test/test_*"): + testname = basename(item) + if testname.endswith(".py"): + testname = testname[:-3] + alltests.add(testname) + +testre = re.compile(r'[\s"](test_\w+)\b') + +def find_tests_in_spec(specname): + global qemu_exclusions + + found_tests = set() + with open(specname) as spec: + in_qemu = False + for line in spec: + line = line.strip() + if "#" in line: + line = line[:line.index("#")] + tests = set(testre.findall(line)) + found_tests |= tests + if line == "%if 0%{?qemu_user_space_build} > 0": + in_qemu = True + if in_qemu: + if line == "%endif": + in_qemu = False + qemu_exclusions |= tests + return found_tests + +excluded = find_tests_in_spec(MAIN) + +#print("--- excluded tests:", " ".join(sorted(excluded))) +#print("--- included tests:", " ".join(sorted(included))) + +mentioned = excluded +nonexistent = mentioned - alltests +missing = excluded - qemu_exclusions + +print("--- the following tests are excluded for QEMU and not tested in python") +print("--- (that probably means we don't need to worry about them)") +for test in sorted(qemu_exclusions - excluded): + print(test) + +print("--- the following tests might be excluded in python:") +for test in sorted(missing): + print(test) + +if nonexistent: + print("--- the following tests don't exist:") + for test in sorted(nonexistent): + print(test) diff --git a/subprocess-raise-timeout.patch b/subprocess-raise-timeout.patch new file mode 100644 index 0000000..ab29d50 --- /dev/null +++ b/subprocess-raise-timeout.patch @@ -0,0 +1,18 @@ +--- + Lib/test/test_subprocess.py | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +Index: Python-3.11.8/Lib/test/test_subprocess.py +=================================================================== +--- Python-3.11.8.orig/Lib/test/test_subprocess.py ++++ Python-3.11.8/Lib/test/test_subprocess.py +@@ -280,7 +280,8 @@ class ProcessTestCase(BaseTestCase): + "time.sleep(3600)"], + # Some heavily loaded buildbots (sparc Debian 3.x) require + # this much time to start and print. +- timeout=3) ++ # OBS might require even more ++ timeout=10) + self.fail("Expected TimeoutExpired.") + self.assertEqual(c.exception.output, b'BDFL') + -- 2.51.1 From 6077f92a3dea57b654668adc225e43921df7b7ff353bf01bb959e81b344ba489 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Fri, 1 Aug 2025 20:22:03 +0000 Subject: [PATCH 133/135] update the patch OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=192 --- CVE-2025-8194-tarfile-no-neg-offsets.patch | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/CVE-2025-8194-tarfile-no-neg-offsets.patch b/CVE-2025-8194-tarfile-no-neg-offsets.patch index 9c71df4..be7c783 100644 --- a/CVE-2025-8194-tarfile-no-neg-offsets.patch +++ b/CVE-2025-8194-tarfile-no-neg-offsets.patch @@ -1,4 +1,4 @@ -From 28d130238bfb5604eef4b594d597f7b5ec951eba Mon Sep 17 00:00:00 2001 +From cb3519590c62f9b1abf7f31b92ec37d4b725ce15 Mon Sep 17 00:00:00 2001 From: Alexander Urieles Date: Mon, 28 Jul 2025 17:37:26 +0200 Subject: [PATCH] gh-130577: tarfile now validates archives to ensure member @@ -16,8 +16,8 @@ Co-authored-by: Gregory P. Smith Index: Python-3.11.13/Lib/tarfile.py =================================================================== ---- Python-3.11.13.orig/Lib/tarfile.py 2025-08-01 22:17:38.141397067 +0200 -+++ Python-3.11.13/Lib/tarfile.py 2025-08-01 22:17:42.375160009 +0200 +--- Python-3.11.13.orig/Lib/tarfile.py 2025-08-01 22:21:29.158050900 +0200 ++++ Python-3.11.13/Lib/tarfile.py 2025-08-01 22:21:33.121079687 +0200 @@ -1613,6 +1613,9 @@ """Round up a byte count by BLOCKSIZE and return it, e.g. _block(834) => 1024. @@ -30,8 +30,8 @@ Index: Python-3.11.13/Lib/tarfile.py blocks += 1 Index: Python-3.11.13/Lib/test/test_tarfile.py =================================================================== ---- Python-3.11.13.orig/Lib/test/test_tarfile.py 2025-08-01 22:17:39.582120870 +0200 -+++ Python-3.11.13/Lib/test/test_tarfile.py 2025-08-01 22:17:42.375846065 +0200 +--- Python-3.11.13.orig/Lib/test/test_tarfile.py 2025-08-01 22:21:30.644301786 +0200 ++++ Python-3.11.13/Lib/test/test_tarfile.py 2025-08-01 22:21:33.121718600 +0200 @@ -50,6 +50,7 @@ xzname = os.path.join(TEMPDIR, "testtar.tar.xz") tmpname = os.path.join(TEMPDIR, "tmp.tar") @@ -205,7 +205,7 @@ Index: Python-3.11.13/Lib/test/test_tarfile.py Index: Python-3.11.13/Misc/NEWS.d/next/Library/2025-07-23-00-35-29.gh-issue-130577.c7EITy.rst =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ Python-3.11.13/Misc/NEWS.d/next/Library/2025-07-23-00-35-29.gh-issue-130577.c7EITy.rst 2025-08-01 22:17:42.376340965 +0200 ++++ Python-3.11.13/Misc/NEWS.d/next/Library/2025-07-23-00-35-29.gh-issue-130577.c7EITy.rst 2025-08-01 22:21:33.122108946 +0200 @@ -0,0 +1,3 @@ +:mod:`tarfile` now validates archives to ensure member offsets are +non-negative. (Contributed by Alexander Enrique Urieles Nieto in -- 2.51.1 From 5c22d91c837788f2a5e1d2d224ffac8eb84347987cfdbb28a8994457905c469d Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Thu, 18 Sep 2025 13:55:02 +0000 Subject: [PATCH 134/135] - Require AppStream to validate appdata file instead of deprecated appstream-glib. - Update idle3.appdata.xml to pass the more pedantic appstreamcli. OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=194 --- .gitattributes | 23 + .gitignore | 1 + CVE-2023-52425-libexpat-2.6.0-backport.patch | 233 + ...-52425-remove-reparse_deferral-tests.patch | 60 + CVE-2025-6069-quad-complex-HTMLParser.patch | 190 + CVE-2025-8194-tarfile-no-neg-offsets.patch | 212 + F00251-change-user-install-location.patch | 215 + PACKAGING-NOTES | 26 + Python-3.11.13.tar.xz | 3 + Python-3.11.13.tar.xz.sigstore | 1 + README.SUSE | 43 + _multibuild | 4 + add-loongarch64-support.patch | 29 + baselibs.conf | 3 + bluez-devel-vendor.tar.xz | 3 + bpo-31046_ensurepip_honours_prefix.patch | 173 + bsc1221260-test_asyncio-ResourceWarning.patch | 21 + bso1227999-reproducible-builds.patch | 37 + distutils-reproducible-compile.patch | 17 + externally_managed.in | 12 + fix_configure_rst.patch | 40 + gh120226-fix-sendfile-test-kernel-610.patch | 35 + idle3.appdata.xml | 51 + idle3.desktop | 12 + import_failed.map | 7 + import_failed.py | 23 + macros.python3 | 28 + no-skipif-doctests.patch | 653 ++ pre_checkin.sh | 78 + python-3.3.0b1-fix_date_time_compiler.patch | 27 + python-3.3.0b1-localpath.patch | 13 + python.keyring | 109 + python311-rpmlintrc | 4 + python311.changes | 5652 +++++++++++++++++ python311.spec | 1048 +++ skip-test_pyobject_freed_is_freed.patch | 23 + skip_if_buildbot-extend.patch | 15 + skipped_tests.py | 69 + subprocess-raise-timeout.patch | 18 + 39 files changed, 9211 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 CVE-2023-52425-libexpat-2.6.0-backport.patch create mode 100644 CVE-2023-52425-remove-reparse_deferral-tests.patch create mode 100644 CVE-2025-6069-quad-complex-HTMLParser.patch create mode 100644 CVE-2025-8194-tarfile-no-neg-offsets.patch create mode 100644 F00251-change-user-install-location.patch create mode 100644 PACKAGING-NOTES create mode 100644 Python-3.11.13.tar.xz create mode 100644 Python-3.11.13.tar.xz.sigstore create mode 100644 README.SUSE create mode 100644 _multibuild create mode 100644 add-loongarch64-support.patch create mode 100644 baselibs.conf create mode 100644 bluez-devel-vendor.tar.xz create mode 100644 bpo-31046_ensurepip_honours_prefix.patch create mode 100644 bsc1221260-test_asyncio-ResourceWarning.patch create mode 100644 bso1227999-reproducible-builds.patch create mode 100644 distutils-reproducible-compile.patch create mode 100644 externally_managed.in create mode 100644 fix_configure_rst.patch create mode 100644 gh120226-fix-sendfile-test-kernel-610.patch create mode 100644 idle3.appdata.xml create mode 100644 idle3.desktop create mode 100644 import_failed.map create mode 100644 import_failed.py create mode 100644 macros.python3 create mode 100644 no-skipif-doctests.patch create mode 100644 pre_checkin.sh create mode 100644 python-3.3.0b1-fix_date_time_compiler.patch create mode 100644 python-3.3.0b1-localpath.patch create mode 100644 python.keyring create mode 100644 python311-rpmlintrc create mode 100644 python311.changes create mode 100644 python311.spec create mode 100644 skip-test_pyobject_freed_is_freed.patch create mode 100644 skip_if_buildbot-extend.patch create mode 100644 skipped_tests.py create mode 100644 subprocess-raise-timeout.patch diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/CVE-2023-52425-libexpat-2.6.0-backport.patch b/CVE-2023-52425-libexpat-2.6.0-backport.patch new file mode 100644 index 0000000..1acc25a --- /dev/null +++ b/CVE-2023-52425-libexpat-2.6.0-backport.patch @@ -0,0 +1,233 @@ +--- + Lib/test/support/__init__.py | 16 ++++++++++++++-- + Lib/test/test_minidom.py | 23 +++++++++-------------- + Lib/test/test_pyexpat.py | 12 +++++------- + Lib/test/test_sax.py | 18 +++++++++--------- + Lib/test/test_xml_etree.py | 12 ------------ + 5 files changed, 37 insertions(+), 44 deletions(-) + +Index: Python-3.11.12/Lib/test/support/__init__.py +=================================================================== +--- Python-3.11.12.orig/Lib/test/support/__init__.py 2025-04-11 10:52:43.191010503 +0200 ++++ Python-3.11.12/Lib/test/support/__init__.py 2025-04-11 10:52:44.802161741 +0200 +@@ -8,6 +8,7 @@ + import functools + import os + import re ++import pyexpat + import stat + import sys + import sysconfig +@@ -56,7 +57,7 @@ + "run_with_tz", "PGO", "missing_compiler_executable", + "ALWAYS_EQ", "NEVER_EQ", "LARGEST", "SMALLEST", + "LOOPBACK_TIMEOUT", "INTERNET_TIMEOUT", "SHORT_TIMEOUT", "LONG_TIMEOUT", +- "skip_on_s390x", ++ "skip_on_s390x", "fails_with_expat_2_6_0", "is_expat_2_6_0" + ] + + +@@ -2244,6 +2245,17 @@ + } + return ignored + +-#Windows doesn't have os.uname() but it doesn't support s390x. ++ ++# Windows doesn't have os.uname() but it doesn't support s390x. + skip_on_s390x = unittest.skipIf(hasattr(os, 'uname') and os.uname().machine == 's390x', + 'skipped on s390x') ++ ++ ++@functools.lru_cache ++def _is_expat_2_6_0(): ++ return hasattr(pyexpat.ParserCreate(), 'SetReparseDeferralEnabled') ++is_expat_2_6_0 = _is_expat_2_6_0() ++ ++fails_with_expat_2_6_0 = (unittest.expectedFailure ++ if is_expat_2_6_0 ++ else lambda test: test) +Index: Python-3.11.12/Lib/test/test_minidom.py +=================================================================== +--- Python-3.11.12.orig/Lib/test/test_minidom.py 2025-04-11 10:52:21.907086938 +0200 ++++ Python-3.11.12/Lib/test/test_minidom.py 2025-04-11 10:52:44.802522893 +0200 +@@ -6,7 +6,6 @@ + from test import support + import unittest + +-import pyexpat + import xml.dom.minidom + + from xml.dom.minidom import parse, Attr, Node, Document, parseString +@@ -1163,13 +1162,11 @@ + + # Verify that character decoding errors raise exceptions instead + # of crashing +- if pyexpat.version_info >= (2, 4, 5): +- self.assertRaises(ExpatError, parseString, +- b'') +- self.assertRaises(ExpatError, parseString, +- b'Comment \xe7a va ? Tr\xe8s bien ?') +- else: +- self.assertRaises(UnicodeDecodeError, parseString, ++ # It doesn’t make any sense to insist on the exact text of the ++ # error message, or even the exact Exception … it is enough that ++ # the error has been discovered. ++ with self.assertRaises((UnicodeDecodeError, ExpatError)): ++ parseString( + b'Comment \xe7a va ? Tr\xe8s bien ?') + + doc.unlink() +@@ -1631,12 +1628,10 @@ + self.confirm(doc2.namespaceURI == xml.dom.EMPTY_NAMESPACE) + + def testExceptionOnSpacesInXMLNSValue(self): +- if pyexpat.version_info >= (2, 4, 5): +- context = self.assertRaisesRegex(ExpatError, 'syntax error') +- else: +- context = self.assertRaisesRegex(ValueError, 'Unsupported syntax') +- +- with context: ++ # It doesn’t make any sense to insist on the exact text of the ++ # error message, or even the exact Exception … it is enough that ++ # the error has been discovered. ++ with self.assertRaises((ExpatError, ValueError)): + parseString('') + + def testDocRemoveChild(self): +Index: Python-3.11.12/Lib/test/test_pyexpat.py +=================================================================== +--- Python-3.11.12.orig/Lib/test/test_pyexpat.py 2025-04-11 10:52:22.076696906 +0200 ++++ Python-3.11.12/Lib/test/test_pyexpat.py 2025-04-11 10:52:44.803228085 +0200 +@@ -14,8 +14,7 @@ + from xml.parsers import expat + from xml.parsers.expat import errors + +-from test.support import sortdict, is_emscripten, is_wasi +- ++from test.support import sortdict, is_emscripten, is_wasi, is_expat_2_6_0 + + class SetAttributeTest(unittest.TestCase): + def setUp(self): +@@ -770,9 +769,8 @@ + self.assertIs(parser.GetReparseDeferralEnabled(), enabled) + + def test_reparse_deferral_enabled(self): +- if expat.version_info < (2, 6, 0): +- self.skipTest(f'Expat {expat.version_info} does not ' +- 'support reparse deferral') ++ if not is_expat_2_6_0: ++ self.skipTest("Linked libexpat doesn't support reparse deferral") + + started = [] + +@@ -801,9 +799,9 @@ + + parser = expat.ParserCreate() + parser.StartElementHandler = start_element +- if expat.version_info >= (2, 6, 0): ++ if is_expat_2_6_0: + parser.SetReparseDeferralEnabled(False) +- self.assertFalse(parser.GetReparseDeferralEnabled()) ++ self.assertFalse(parser.GetReparseDeferralEnabled()) + + for chunk in (b''): + parser.Parse(chunk, False) +Index: Python-3.11.12/Lib/test/test_sax.py +=================================================================== +--- Python-3.11.12.orig/Lib/test/test_sax.py 2025-04-11 10:52:22.111440337 +0200 ++++ Python-3.11.12/Lib/test/test_sax.py 2025-04-11 10:52:44.803567098 +0200 +@@ -19,13 +19,11 @@ + from io import BytesIO, StringIO + import codecs + import os.path +-import pyexpat + import shutil + import sys + from urllib.error import URLError + import urllib.request +-from test.support import os_helper +-from test.support import findfile ++from test.support import os_helper, findfile, is_expat_2_6_0 + from test.support.os_helper import FakePath, TESTFN + + +@@ -1215,10 +1213,10 @@ + + self.assertEqual(result.getvalue(), start + b"text") + +- @unittest.skipIf(pyexpat.version_info < (2, 6, 0), +- f'Expat {pyexpat.version_info} does not ' +- 'support reparse deferral') + def test_flush_reparse_deferral_enabled(self): ++ if not is_expat_2_6_0: ++ self.skipTest("Linked libexpat doesn't support reparse deferral") ++ + result = BytesIO() + xmlgen = XMLGenerator(result) + parser = create_parser() +@@ -1241,6 +1239,9 @@ + self.assertEqual(result.getvalue(), start + b"") + + def test_flush_reparse_deferral_disabled(self): ++ if not is_expat_2_6_0: ++ self.skipTest("Linked libexpat doesn't support reparse deferral") ++ + result = BytesIO() + xmlgen = XMLGenerator(result) + parser = create_parser() +@@ -1249,9 +1250,8 @@ + for chunk in (""): + parser.feed(chunk) + +- if pyexpat.version_info >= (2, 6, 0): +- parser._parser.SetReparseDeferralEnabled(False) +- self.assertEqual(result.getvalue(), start) # i.e. no elements started ++ parser._parser.SetReparseDeferralEnabled(False) ++ self.assertEqual(result.getvalue(), start) # i.e. no elements started + + self.assertFalse(parser._parser.GetReparseDeferralEnabled()) + +Index: Python-3.11.12/Lib/test/test_xml_etree.py +=================================================================== +--- Python-3.11.12.orig/Lib/test/test_xml_etree.py 2025-04-11 10:52:22.425637912 +0200 ++++ Python-3.11.12/Lib/test/test_xml_etree.py 2025-04-11 10:52:44.804234785 +0200 +@@ -13,7 +13,6 @@ + import operator + import os + import pickle +-import pyexpat + import sys + import textwrap + import types +@@ -1424,12 +1423,6 @@ + self.assert_event_tags(parser, [('end', 'root')]) + self.assertIsNone(parser.close()) + +- def test_simple_xml_chunk_1(self): +- self.test_simple_xml(chunk_size=1, flush=True) +- +- def test_simple_xml_chunk_5(self): +- self.test_simple_xml(chunk_size=5, flush=True) +- + def test_simple_xml_chunk_22(self): + self.test_simple_xml(chunk_size=22) + +@@ -1627,9 +1620,6 @@ + with self.assertRaises(ValueError): + ET.XMLPullParser(events=('start', 'end', 'bogus')) + +- @unittest.skipIf(pyexpat.version_info < (2, 6, 0), +- f'Expat {pyexpat.version_info} does not ' +- 'support reparse deferral') + def test_flush_reparse_deferral_enabled(self): + parser = ET.XMLPullParser(events=('start', 'end')) + +@@ -1656,8 +1646,6 @@ + + for chunk in (""): + parser.feed(chunk) +- +- if pyexpat.version_info >= (2, 6, 0): + if not ET is pyET: + self.skipTest(f'XMLParser.(Get|Set)ReparseDeferralEnabled ' + 'methods not available in C') diff --git a/CVE-2023-52425-remove-reparse_deferral-tests.patch b/CVE-2023-52425-remove-reparse_deferral-tests.patch new file mode 100644 index 0000000..553bdf8 --- /dev/null +++ b/CVE-2023-52425-remove-reparse_deferral-tests.patch @@ -0,0 +1,60 @@ +--- + Lib/test/test_pyexpat.py | 2 ++ + Lib/test/test_sax.py | 2 ++ + Lib/test/test_xml_etree.py | 2 ++ + 3 files changed, 6 insertions(+) + +--- a/Lib/test/test_pyexpat.py ++++ b/Lib/test/test_pyexpat.py +@@ -768,6 +768,7 @@ class ReparseDeferralTest(unittest.TestC + parser.SetReparseDeferralEnabled(True) + self.assertIs(parser.GetReparseDeferralEnabled(), enabled) + ++ @unittest.skip('Tests are failing.') + def test_reparse_deferral_enabled(self): + if not is_expat_2_6_0: + self.skipTest("Linked libexpat doesn't support reparse deferral") +@@ -791,6 +792,7 @@ class ReparseDeferralTest(unittest.TestC + + self.assertEqual(started, ['doc']) + ++ @unittest.skip('Tests are failing.') + def test_reparse_deferral_disabled(self): + started = [] + +--- a/Lib/test/test_sax.py ++++ b/Lib/test/test_sax.py +@@ -1213,6 +1213,7 @@ class ExpatReaderTest(XmlTestBase): + + self.assertEqual(result.getvalue(), start + b"text") + ++ @unittest.skip('Tests are failing.') + def test_flush_reparse_deferral_enabled(self): + if not is_expat_2_6_0: + self.skipTest("Linked libexpat doesn't support reparse deferral") +@@ -1238,6 +1239,7 @@ class ExpatReaderTest(XmlTestBase): + + self.assertEqual(result.getvalue(), start + b"") + ++ @unittest.skip('Tests are failing.') + def test_flush_reparse_deferral_disabled(self): + if not is_expat_2_6_0: + self.skipTest("Linked libexpat doesn't support reparse deferral") +--- a/Lib/test/test_xml_etree.py ++++ b/Lib/test/test_xml_etree.py +@@ -1620,6 +1620,7 @@ class XMLPullParserTest(unittest.TestCas + with self.assertRaises(ValueError): + ET.XMLPullParser(events=('start', 'end', 'bogus')) + ++ @unittest.skip('Tests are failing.') + def test_flush_reparse_deferral_enabled(self): + parser = ET.XMLPullParser(events=('start', 'end')) + +@@ -1641,6 +1642,7 @@ class XMLPullParserTest(unittest.TestCas + + self.assert_event_tags(parser, [('end', 'doc')]) + ++ @unittest.skip('Tests are failing.') + def test_flush_reparse_deferral_disabled(self): + parser = ET.XMLPullParser(events=('start', 'end')) + diff --git a/CVE-2025-6069-quad-complex-HTMLParser.patch b/CVE-2025-6069-quad-complex-HTMLParser.patch new file mode 100644 index 0000000..1a731c8 --- /dev/null +++ b/CVE-2025-6069-quad-complex-HTMLParser.patch @@ -0,0 +1,190 @@ +From 9043edabc7e2f0dd655146e0a4571e2a0b2906af Mon Sep 17 00:00:00 2001 +From: Serhiy Storchaka +Date: Fri, 13 Jun 2025 19:57:48 +0300 +Subject: [PATCH] gh-135462: Fix quadratic complexity in processing special + input in HTMLParser (GH-135464) + +End-of-file errors are now handled according to the HTML5 specs -- +comments and declarations are automatically closed, tags are ignored. +(cherry picked from commit 6eb6c5dbfb528bd07d77b60fd71fd05d81d45c41) + +Co-authored-by: Serhiy Storchaka +--- + Lib/html/parser.py | 41 +++++--- + Lib/test/test_htmlparser.py | 51 +++++++--- + Misc/NEWS.d/next/Security/2025-06-13-15-55-22.gh-issue-135462.KBeJpc.rst | 4 + 3 files changed, 74 insertions(+), 22 deletions(-) + create mode 100644 Misc/NEWS.d/next/Security/2025-06-13-15-55-22.gh-issue-135462.KBeJpc.rst + +Index: Python-3.11.13/Lib/html/parser.py +=================================================================== +--- Python-3.11.13.orig/Lib/html/parser.py 2025-07-02 18:12:07.084569398 +0200 ++++ Python-3.11.13/Lib/html/parser.py 2025-07-02 18:12:12.582519793 +0200 +@@ -25,6 +25,7 @@ + charref = re.compile('&#(?:[0-9]+|[xX][0-9a-fA-F]+)[^0-9a-fA-F]') + + starttagopen = re.compile('<[a-zA-Z]') ++endtagopen = re.compile('') + commentclose = re.compile(r'--\s*>') + # Note: +@@ -176,7 +177,7 @@ + k = self.parse_pi(i) + elif startswith("', i + 1) +- if k < 0: +- k = rawdata.find('<', i + 1) +- if k < 0: +- k = i + 1 ++ if starttagopen.match(rawdata, i): # < + letter ++ pass ++ elif startswith("'), +- ('comment', '/img'), +- ('endtag', 'html<')]) ++ ('data', '\n')]) + + def test_starttag_junk_chars(self): ++ self._run_check("<", [('data', '<')]) ++ self._run_check("<>", [('data', '<>')]) ++ self._run_check("< >", [('data', '< >')]) ++ self._run_check("< ", [('data', '< ')]) + self._run_check("", []) ++ self._run_check("<$>", [('data', '<$>')]) + self._run_check("", [('comment', '$')]) + self._run_check("", [('endtag', 'a')]) ++ self._run_check("", [('starttag', 'a", [('endtag', 'a'", [('data', "'", []) ++ self._run_check("", [('starttag', 'a$b', [])]) + self._run_check("", [('startendtag', 'a$b', [])]) + self._run_check("", [('starttag', 'a$b', [])]) + self._run_check("", [('startendtag', 'a$b', [])]) ++ self._run_check("", [('endtag', 'a$b')]) + + def test_slashes_in_starttag(self): + self._run_check('', [('startendtag', 'a', [('foo', 'var')])]) +@@ -549,8 +557,9 @@ + ('comment', ' -- close enough --'), + ('comment', ''), + ('comment', '<-- this was an empty comment'), +- ('comment', '!! another bogus comment !!!'), ++ ('comment', '!! another bogus comment !!!') + ] ++ + self._run_check(html, expected) + + def test_broken_condcoms(self): +@@ -598,6 +607,26 @@ + ('endtag', 'a'), ('data', ' bar & baz')] + ) + ++ @support.requires_resource('cpu') ++ def test_eof_no_quadratic_complexity(self): ++ # Each of these examples used to take about an hour. ++ # Now they take a fraction of a second. ++ def check(source): ++ parser = html.parser.HTMLParser() ++ parser.feed(source) ++ parser.close() ++ n = 120_000 ++ check(" +Date: Mon, 28 Jul 2025 17:37:26 +0200 +Subject: [PATCH] gh-130577: tarfile now validates archives to ensure member + offsets are non-negative (GH-137027) (cherry picked from commit + 7040aa54f14676938970e10c5f74ea93cd56aa38) + +Co-authored-by: Alexander Urieles +Co-authored-by: Gregory P. Smith +--- + Lib/tarfile.py | 3 + Lib/test/test_tarfile.py | 156 ++++++++++ + Misc/NEWS.d/next/Library/2025-07-23-00-35-29.gh-issue-130577.c7EITy.rst | 3 + 3 files changed, 162 insertions(+) + create mode 100644 Misc/NEWS.d/next/Library/2025-07-23-00-35-29.gh-issue-130577.c7EITy.rst + +Index: Python-3.11.13/Lib/tarfile.py +=================================================================== +--- Python-3.11.13.orig/Lib/tarfile.py 2025-08-01 22:21:29.158050900 +0200 ++++ Python-3.11.13/Lib/tarfile.py 2025-08-01 22:21:33.121079687 +0200 +@@ -1613,6 +1613,9 @@ + """Round up a byte count by BLOCKSIZE and return it, + e.g. _block(834) => 1024. + """ ++ # Only non-negative offsets are allowed ++ if count < 0: ++ raise InvalidHeaderError("invalid offset") + blocks, remainder = divmod(count, BLOCKSIZE) + if remainder: + blocks += 1 +Index: Python-3.11.13/Lib/test/test_tarfile.py +=================================================================== +--- Python-3.11.13.orig/Lib/test/test_tarfile.py 2025-08-01 22:21:30.644301786 +0200 ++++ Python-3.11.13/Lib/test/test_tarfile.py 2025-08-01 22:21:33.121718600 +0200 +@@ -50,6 +50,7 @@ + xzname = os.path.join(TEMPDIR, "testtar.tar.xz") + tmpname = os.path.join(TEMPDIR, "tmp.tar") + dotlessname = os.path.join(TEMPDIR, "testtar") ++SPACE = b" " + + sha256_regtype = ( + "e09e4bc8b3c9d9177e77256353b36c159f5f040531bbd4b024a8f9b9196c71ce" +@@ -4386,6 +4387,161 @@ + ar.extractall(self.testdir, filter='fully_trusted') + + ++class OffsetValidationTests(unittest.TestCase): ++ tarname = tmpname ++ invalid_posix_header = ( ++ # name: 100 bytes ++ tarfile.NUL * tarfile.LENGTH_NAME ++ # mode, space, null terminator: 8 bytes ++ + b"000755" + SPACE + tarfile.NUL ++ # uid, space, null terminator: 8 bytes ++ + b"000001" + SPACE + tarfile.NUL ++ # gid, space, null terminator: 8 bytes ++ + b"000001" + SPACE + tarfile.NUL ++ # size, space: 12 bytes ++ + b"\xff" * 11 + SPACE ++ # mtime, space: 12 bytes ++ + tarfile.NUL * 11 + SPACE ++ # chksum: 8 bytes ++ + b"0011407" + tarfile.NUL ++ # type: 1 byte ++ + tarfile.REGTYPE ++ # linkname: 100 bytes ++ + tarfile.NUL * tarfile.LENGTH_LINK ++ # magic: 6 bytes, version: 2 bytes ++ + tarfile.POSIX_MAGIC ++ # uname: 32 bytes ++ + tarfile.NUL * 32 ++ # gname: 32 bytes ++ + tarfile.NUL * 32 ++ # devmajor, space, null terminator: 8 bytes ++ + tarfile.NUL * 6 + SPACE + tarfile.NUL ++ # devminor, space, null terminator: 8 bytes ++ + tarfile.NUL * 6 + SPACE + tarfile.NUL ++ # prefix: 155 bytes ++ + tarfile.NUL * tarfile.LENGTH_PREFIX ++ # padding: 12 bytes ++ + tarfile.NUL * 12 ++ ) ++ invalid_gnu_header = ( ++ # name: 100 bytes ++ tarfile.NUL * tarfile.LENGTH_NAME ++ # mode, null terminator: 8 bytes ++ + b"0000755" + tarfile.NUL ++ # uid, null terminator: 8 bytes ++ + b"0000001" + tarfile.NUL ++ # gid, space, null terminator: 8 bytes ++ + b"0000001" + tarfile.NUL ++ # size, space: 12 bytes ++ + b"\xff" * 11 + SPACE ++ # mtime, space: 12 bytes ++ + tarfile.NUL * 11 + SPACE ++ # chksum: 8 bytes ++ + b"0011327" + tarfile.NUL ++ # type: 1 byte ++ + tarfile.REGTYPE ++ # linkname: 100 bytes ++ + tarfile.NUL * tarfile.LENGTH_LINK ++ # magic: 8 bytes ++ + tarfile.GNU_MAGIC ++ # uname: 32 bytes ++ + tarfile.NUL * 32 ++ # gname: 32 bytes ++ + tarfile.NUL * 32 ++ # devmajor, null terminator: 8 bytes ++ + tarfile.NUL * 8 ++ # devminor, null terminator: 8 bytes ++ + tarfile.NUL * 8 ++ # padding: 167 bytes ++ + tarfile.NUL * 167 ++ ) ++ invalid_v7_header = ( ++ # name: 100 bytes ++ tarfile.NUL * tarfile.LENGTH_NAME ++ # mode, space, null terminator: 8 bytes ++ + b"000755" + SPACE + tarfile.NUL ++ # uid, space, null terminator: 8 bytes ++ + b"000001" + SPACE + tarfile.NUL ++ # gid, space, null terminator: 8 bytes ++ + b"000001" + SPACE + tarfile.NUL ++ # size, space: 12 bytes ++ + b"\xff" * 11 + SPACE ++ # mtime, space: 12 bytes ++ + tarfile.NUL * 11 + SPACE ++ # chksum: 8 bytes ++ + b"0010070" + tarfile.NUL ++ # type: 1 byte ++ + tarfile.REGTYPE ++ # linkname: 100 bytes ++ + tarfile.NUL * tarfile.LENGTH_LINK ++ # padding: 255 bytes ++ + tarfile.NUL * 255 ++ ) ++ valid_gnu_header = tarfile.TarInfo("filename").tobuf(tarfile.GNU_FORMAT) ++ data_block = b"\xff" * tarfile.BLOCKSIZE ++ ++ def _write_buffer(self, buffer): ++ with open(self.tarname, "wb") as f: ++ f.write(buffer) ++ ++ def _get_members(self, ignore_zeros=None): ++ with open(self.tarname, "rb") as f: ++ with tarfile.open( ++ mode="r", fileobj=f, ignore_zeros=ignore_zeros ++ ) as tar: ++ return tar.getmembers() ++ ++ def _assert_raises_read_error_exception(self): ++ with self.assertRaisesRegex( ++ tarfile.ReadError, "file could not be opened successfully" ++ ): ++ self._get_members() ++ ++ def test_invalid_offset_header_validations(self): ++ for tar_format, invalid_header in ( ++ ("posix", self.invalid_posix_header), ++ ("gnu", self.invalid_gnu_header), ++ ("v7", self.invalid_v7_header), ++ ): ++ with self.subTest(format=tar_format): ++ self._write_buffer(invalid_header) ++ self._assert_raises_read_error_exception() ++ ++ def test_early_stop_at_invalid_offset_header(self): ++ buffer = self.valid_gnu_header + self.invalid_gnu_header + self.valid_gnu_header ++ self._write_buffer(buffer) ++ members = self._get_members() ++ self.assertEqual(len(members), 1) ++ self.assertEqual(members[0].name, "filename") ++ self.assertEqual(members[0].offset, 0) ++ ++ def test_ignore_invalid_archive(self): ++ # 3 invalid headers with their respective data ++ buffer = (self.invalid_gnu_header + self.data_block) * 3 ++ self._write_buffer(buffer) ++ members = self._get_members(ignore_zeros=True) ++ self.assertEqual(len(members), 0) ++ ++ def test_ignore_invalid_offset_headers(self): ++ for first_block, second_block, expected_offset in ( ++ ( ++ (self.valid_gnu_header), ++ (self.invalid_gnu_header + self.data_block), ++ 0, ++ ), ++ ( ++ (self.invalid_gnu_header + self.data_block), ++ (self.valid_gnu_header), ++ 1024, ++ ), ++ ): ++ self._write_buffer(first_block + second_block) ++ members = self._get_members(ignore_zeros=True) ++ self.assertEqual(len(members), 1) ++ self.assertEqual(members[0].name, "filename") ++ self.assertEqual(members[0].offset, expected_offset) ++ ++ + def setUpModule(): + os_helper.unlink(TEMPDIR) + os.makedirs(TEMPDIR) +Index: Python-3.11.13/Misc/NEWS.d/next/Library/2025-07-23-00-35-29.gh-issue-130577.c7EITy.rst +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ Python-3.11.13/Misc/NEWS.d/next/Library/2025-07-23-00-35-29.gh-issue-130577.c7EITy.rst 2025-08-01 22:21:33.122108946 +0200 +@@ -0,0 +1,3 @@ ++:mod:`tarfile` now validates archives to ensure member offsets are ++non-negative. (Contributed by Alexander Enrique Urieles Nieto in ++:gh:`130577`.) diff --git a/F00251-change-user-install-location.patch b/F00251-change-user-install-location.patch new file mode 100644 index 0000000..fa38a94 --- /dev/null +++ b/F00251-change-user-install-location.patch @@ -0,0 +1,215 @@ +From 910f38d9768d39d4d31426743ae4081ed1ab66b6 Mon Sep 17 00:00:00 2001 +From: Michal Cyprian +Date: Mon, 26 Jun 2017 16:32:56 +0200 +Subject: [PATCH] 00251: Change user install location + +Set values of prefix and exec_prefix in distutils install command +to /usr/local if executable is /usr/bin/python* and RPM build +is not detected to make pip and distutils install into separate location. + +Fedora Change: https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe +--- + Lib/distutils/command/install.py | 15 +++++++++++++-- + Lib/site.py | 9 ++++++++- + 2 files changed, 21 insertions(+), 3 deletions(-) + +Index: Python-3.11.8/Lib/distutils/command/install.py +=================================================================== +--- Python-3.11.8.orig/Lib/distutils/command/install.py ++++ Python-3.11.8/Lib/distutils/command/install.py +@@ -441,8 +441,19 @@ class install(Command): + raise DistutilsOptionError( + "must not supply exec-prefix without prefix") + +- self.prefix = os.path.normpath(sys.prefix) +- self.exec_prefix = os.path.normpath(sys.exec_prefix) ++ # self.prefix is set to sys.prefix + /local/ ++ # if neither RPM build nor virtual environment is ++ # detected to make pip and distutils install packages ++ # into the separate location. ++ if (not (hasattr(sys, 'real_prefix') or ++ sys.prefix != sys.base_prefix) and ++ 'RPM_BUILD_ROOT' not in os.environ): ++ addition = "/local" ++ else: ++ addition = "" ++ ++ self.prefix = os.path.normpath(sys.prefix) + addition ++ self.exec_prefix = os.path.normpath(sys.exec_prefix) + addition + + else: + if self.exec_prefix is None: +Index: Python-3.11.8/Lib/site.py +=================================================================== +--- Python-3.11.8.orig/Lib/site.py ++++ Python-3.11.8/Lib/site.py +@@ -387,8 +387,15 @@ def getsitepackages(prefixes=None): + return sitepackages + + def addsitepackages(known_paths, prefixes=None): +- """Add site-packages to sys.path""" ++ """Add site-packages to sys.path ++ ++ '/usr/local' is included in PREFIXES if RPM build is not detected ++ to make packages installed into this location visible. ++ ++ """ + _trace("Processing global site-packages") ++ if ENABLE_USER_SITE and 'RPM_BUILD_ROOT' not in os.environ: ++ PREFIXES.insert(0, "/usr/local") + for sitedir in getsitepackages(prefixes): + if os.path.isdir(sitedir): + addsitedir(sitedir, known_paths) + +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= +Date: Mon, 15 Feb 2021 12:19:27 +0100 +Subject: [PATCH] 00251: Change user install location +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Set values of base and platbase in sysconfig from /usr +to /usr/local when RPM build is not detected +to make pip and similar tools install into separate location. + +Fedora Change: https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe +Downstream only. + +We've tried to rework in Fedora 36/Python 3.10 to follow https://bugs.python.org/issue43976 +but we have identified serious problems with that approach, +see https://bugzilla.redhat.com/2026979 or https://bugzilla.redhat.com/2097183 + +pypa/distutils integration: https://github.com/pypa/distutils/pull/70 + +Co-authored-by: Petr Viktorin +Co-authored-by: Miro Hrončok +Co-authored-by: Michal Cyprian +Co-authored-by: Lumír Balhar +--- + Lib/site.py | 9 ++++++- + Lib/sysconfig.py | 49 +++++++++++++++++++++++++++++++++++++- + Lib/test/test_sysconfig.py | 17 +++++++++++-- + 3 files changed, 71 insertions(+), 4 deletions(-) + +Index: Python-3.11.9/Lib/sysconfig.py +=================================================================== +--- Python-3.11.9.orig/Lib/sysconfig.py ++++ Python-3.11.9/Lib/sysconfig.py +@@ -103,6 +103,11 @@ if os.name == 'nt': + else: + _INSTALL_SCHEMES['venv'] = _INSTALL_SCHEMES['posix_venv'] + ++# For a brief period of time in the Fedora 36 life cycle, ++# this installation scheme existed and was documented in the release notes. ++# For backwards compatibility, we keep it here (at least on 3.10 and 3.11). ++_INSTALL_SCHEMES['rpm_prefix'] = _INSTALL_SCHEMES['posix_prefix'] ++ + + # NOTE: site.py has copy of this function. + # Sync it when modify this function. +@@ -162,6 +167,19 @@ if _HAS_USER_BASE: + }, + } + ++# This is used by distutils.command.install in the stdlib ++# as well as pypa/distutils (e.g. bundled in setuptools). ++# The self.prefix value is set to sys.prefix + /local/ ++# if neither RPM build nor virtual environment is ++# detected to make distutils install packages ++# into the separate location. ++# https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe ++if (not (hasattr(sys, 'real_prefix') or ++ sys.prefix != sys.base_prefix) and ++ 'RPM_BUILD_ROOT' not in os.environ): ++ _prefix_addition = '/local' ++ ++ + _SCHEME_KEYS = ('stdlib', 'platstdlib', 'purelib', 'platlib', 'include', + 'scripts', 'data') + +@@ -258,11 +276,40 @@ def _extend_dict(target_dict, other_dict + target_dict[key] = value + + ++_CONFIG_VARS_LOCAL = None ++ ++ ++def _config_vars_local(): ++ # This function returns the config vars with prefixes amended to /usr/local ++ # https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe ++ global _CONFIG_VARS_LOCAL ++ if _CONFIG_VARS_LOCAL is None: ++ _CONFIG_VARS_LOCAL = dict(get_config_vars()) ++ _CONFIG_VARS_LOCAL['base'] = '/usr/local' ++ _CONFIG_VARS_LOCAL['platbase'] = '/usr/local' ++ return _CONFIG_VARS_LOCAL ++ ++ + def _expand_vars(scheme, vars): + res = {} + if vars is None: + vars = {} +- _extend_dict(vars, get_config_vars()) ++ ++ # when we are not in a virtual environment or an RPM build ++ # we change '/usr' to '/usr/local' ++ # to avoid surprises, we explicitly check for the /usr/ prefix ++ # Python virtual environments have different prefixes ++ # we only do this for posix_prefix, not to mangle the venv scheme ++ # posix_prefix is used by sudo pip install ++ # we only change the defaults here, so explicit --prefix will take precedence ++ # https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe ++ if (scheme == 'posix_prefix' and ++ _PREFIX == '/usr' and ++ 'RPM_BUILD_ROOT' not in os.environ): ++ _extend_dict(vars, _config_vars_local()) ++ else: ++ _extend_dict(vars, get_config_vars()) ++ + if os.name == 'nt': + # On Windows we want to substitute 'lib' for schemes rather + # than the native value (without modifying vars, in case it +Index: Python-3.11.9/Lib/test/test_sysconfig.py +=================================================================== +--- Python-3.11.9.orig/Lib/test/test_sysconfig.py ++++ Python-3.11.9/Lib/test/test_sysconfig.py +@@ -111,8 +111,19 @@ class TestSysConfig(unittest.TestCase): + for scheme in _INSTALL_SCHEMES: + for name in _INSTALL_SCHEMES[scheme]: + expected = _INSTALL_SCHEMES[scheme][name].format(**config_vars) ++ tested = get_path(name, scheme) ++ # https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe ++ if tested.startswith('/usr/local'): ++ # /usr/local should only be used in posix_prefix ++ self.assertEqual(scheme, 'posix_prefix') ++ # Fedora CI runs tests for venv and virtualenv that check for other prefixes ++ self.assertEqual(sys.prefix, '/usr') ++ # When building the RPM of Python, %check runs this with RPM_BUILD_ROOT set ++ # Fedora CI runs this with RPM_BUILD_ROOT unset ++ self.assertNotIn('RPM_BUILD_ROOT', os.environ) ++ tested = tested.replace('/usr/local', '/usr') + self.assertEqual( +- os.path.normpath(get_path(name, scheme)), ++ os.path.normpath(tested), + os.path.normpath(expected), + ) + +@@ -345,7 +356,7 @@ class TestSysConfig(unittest.TestCase): + self.assertTrue(os.path.isfile(config_h), config_h) + + def test_get_scheme_names(self): +- wanted = ['nt', 'posix_home', 'posix_prefix', 'posix_venv', 'nt_venv', 'venv'] ++ wanted = ['nt', 'posix_home', 'posix_prefix', 'posix_venv', 'nt_venv', 'venv', 'rpm_prefix'] + if HAS_USER_BASE: + wanted.extend(['nt_user', 'osx_framework_user', 'posix_user']) + self.assertEqual(get_scheme_names(), tuple(sorted(wanted))) +@@ -357,6 +368,8 @@ class TestSysConfig(unittest.TestCase): + cmd = "-c", "import sysconfig; print(sysconfig.get_platform())" + self.assertEqual(py.call_real(*cmd), py.call_link(*cmd)) + ++ @unittest.skipIf('RPM_BUILD_ROOT' not in os.environ, ++ "Test doesn't expect Fedora's paths") + def test_user_similar(self): + # Issue #8759: make sure the posix scheme for the users + # is similar to the global posix_prefix one diff --git a/PACKAGING-NOTES b/PACKAGING-NOTES new file mode 100644 index 0000000..e28c88c --- /dev/null +++ b/PACKAGING-NOTES @@ -0,0 +1,26 @@ +Notes for packagers of Python3 +============================== + +0. Faster build turnaround +-------------------------- + +By default, python builds with profile-guided optimization. This needs +an additional run of the test suite and it is generally slow. +PGO build takes around 50 minutes. + +For development, use "--without profileopt" option to disable PGO. This +shortens the build time to ~5 minutes including test suite. + +1. import_failed.map +---------------------- + +This is a mechanism installed as part of python3-base, that places shim modules +on python's path (through a generated zzzz-import-failed-hooks.pth file, so that +it is imported as much at the end as makes sense; and an _import_failed subdir +of /usr/lib/pythonX.Y). Then when the user tries to import a module that is part +of a subpackage, the ImportError will contain a helpful message telling them +which missing subpackage to install. + +This can sometimes cause problems on non-standard configurations, if the pth +gets included too early (for instance if you are using a script to include all +pths by hand in some strange order). Just something to look out for. diff --git a/Python-3.11.13.tar.xz b/Python-3.11.13.tar.xz new file mode 100644 index 0000000..80a2b4d --- /dev/null +++ b/Python-3.11.13.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:8fb5f9fbc7609fa822cb31549884575db7fd9657cbffb89510b5d7975963a83a +size 20117496 diff --git a/Python-3.11.13.tar.xz.sigstore b/Python-3.11.13.tar.xz.sigstore new file mode 100644 index 0000000..a6d0be7 --- /dev/null +++ b/Python-3.11.13.tar.xz.sigstore @@ -0,0 +1 @@ +{"mediaType": "application/vnd.dev.sigstore.bundle.v0.3+json", "verificationMaterial": {"certificate": {"rawBytes": "MIICzjCCAlSgAwIBAgIUfnOGm4U1QCsCXWiDvPy5Tgni2HUwCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjUwNjAzMTkyNzM1WhcNMjUwNjAzMTkzNzM1WjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEpTsf/wrCdu4Domf4WOtO4CLkj51wmj4iesYv5N6DYhghPjqQFwGYI9gFc/WX6QMIWh5YHU2NGxrmM7KfbAYzz6OCAXMwggFvMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUkQ2/O4Fivj1bTq7NTQczm1RdtYAwHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4YZD8wIgYDVR0RAQH/BBgwFoEUcGFibG9nc2FsQHB5dGhvbi5vcmcwKQYKKwYBBAGDvzABAQQbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMCsGCisGAQQBg78wAQgEHQwbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMIGLBgorBgEEAdZ5AgQCBH0EewB5AHcA3T0wasbHETJjGR4cmWc3AqJKXrjePK3/h4pygC8p7o4AAAGXN0NwGwAABAMASDBGAiEA6pD8PjS+5z2SQre/NS/wOdFSjVMsxvtfF6A1jg+1T3YCIQDC44S/Z3c0dNddM7EkE+A3j7Vft3hqRUoFkNe4U6g5qTAKBggqhkjOPQQDAwNoADBlAjA6lBI2r3KCZFc+2affpH3S3Xj3gMOKh8Lr5Z7TgkGp3Q6QsnExGmJJ0leXhqH6rQkCMQDfxk/6DyhbO7KTrIUfmrbZoa7dV75cresJS69Xk67XN57qsqY52DZj9o4fbUIw4ro="}, "tlogEntries": [{"logIndex": "228953871", "logId": {"keyId": "wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="}, "kindVersion": {"kind": "hashedrekord", "version": "0.0.1"}, "integratedTime": "1748978856", "inclusionPromise": {"signedEntryTimestamp": "MEUCIQC9nXmfcRqyOL2Zmw1zI7+kulTbmDE3Yfzew81mXJGU4QIgF8Uhdg2uzttSA6erOuEchX68PCyJ0cVFHE0XJX2+ZfE="}, "inclusionProof": {"logIndex": "107049609", "rootHash": "Ilofw5POqC/C3zqfrdMQP1DyhNW+UfB9fHdjrbK6qaM=", "treeSize": "107049610", "hashes": ["AcD1iyjU7nuIPqAq29ynz7PEdq6zPXglj6e2tkH+/do=", "1BNDCN01B3dbUo/TfLaQgKIYTvPyrkcrHKd69GxuF2E=", "t59A0CV2pHM2S9AgZgcEA6FbXhgNZGo0jMRIXHiqsJ0=", "bCrkgWpJ8MBic+mIfCRsKi+5XAMqgM8Lc6G0LLfzZ7M=", "4iwdOrGkcqdN0qqZUx/gv8a8qpLMqVj8aXRVmhQ558c=", "mAX/zvx1jR0ujLtDApsQpHyxmoDGidClHMOn0BX1aQA=", "u5LKLBPTYgXZg0fBi6/8LuEeNy3EBAxJF0AkkB4Co6E=", "SPUVncwJRVX/n/RICCYqLpAzraqx7S0eMdXRr1RLRgg=", "uEJFtwcGQJMd9kjQhkXb7gl2WD3WMElCc15uDFvFGxs=", "VdOKzpQhJlpXgijzXANf/hNlje1G/N1kUuVnKNskkso=", "mta5fH/gFwxJ/0fT8yGpn3sFCY0G1RY555Iflm0LInM=", "7v8qPHNDLerpduaMx06eb/MwgoQwczTn/cYGKX/9wZ4="], "checkpoint": {"envelope": "rekor.sigstore.dev - 1193050959916656506\n107049610\nIlofw5POqC/C3zqfrdMQP1DyhNW+UfB9fHdjrbK6qaM=\n\n\u2014 rekor.sigstore.dev wNI9ajBGAiEAjtzTnsnrGx0G3Dg99s89cPUh6EA+cxkicQ9j4qYU60wCIQCKcAL4kdakbq2JrBVgk7bRNf3FoJRrEI6SCjv16f7Crg==\n"}}, "canonicalizedBody": "eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiaGFzaGVkcmVrb3JkIiwic3BlYyI6eyJkYXRhIjp7Imhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiI4ZmI1ZjlmYmM3NjA5ZmE4MjJjYjMxNTQ5ODg0NTc1ZGI3ZmQ5NjU3Y2JmZmI4OTUxMGI1ZDc5NzU5NjNhODNhIn19LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FVUNJUUM5Q1JZRjNSWGUzdDNxQlBJd2UrR3pMMTJCOXVLTjIrRFpWa2JjZW1FTS93SWdPMDFKaVhnbUJxZEN5RVhoM05JUEt5QlRBb2hpcjZHTkhZdXhiSUxKNDlRPSIsInB1YmxpY0tleSI6eyJjb250ZW50IjoiTFMwdExTMUNSVWRKVGlCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2sxSlNVTjZha05EUVd4VFowRjNTVUpCWjBsVlptNVBSMjAwVlRGUlEzTkRXRmRwUkhaUWVUVlVaMjVwTWtoVmQwTm5XVWxMYjFwSmVtb3dSVUYzVFhjS1RucEZWazFDVFVkQk1WVkZRMmhOVFdNeWJHNWpNMUoyWTIxVmRWcEhWakpOVWpSM1NFRlpSRlpSVVVSRmVGWjZZVmRrZW1SSE9YbGFVekZ3WW01U2JBcGpiVEZzV2tkc2FHUkhWWGRJYUdOT1RXcFZkMDVxUVhwTlZHdDVUbnBOTVZkb1kwNU5hbFYzVG1wQmVrMVVhM3BPZWsweFYycEJRVTFHYTNkRmQxbElDa3R2V2tsNmFqQkRRVkZaU1V0dldrbDZhakJFUVZGalJGRm5RVVZ3VkhObUwzZHlRMlIxTkVSdmJXWTBWMDkwVHpSRFRHdHFOVEYzYldvMGFXVnpXWFlLTlU0MlJGbG9aMmhRYW5GUlJuZEhXVWs1WjBaakwxZFlObEZOU1Zkb05WbElWVEpPUjNoeWJVMDNTMlppUVZsNmVqWlBRMEZZVFhkblowWjJUVUUwUndwQk1WVmtSSGRGUWk5M1VVVkJkMGxJWjBSQlZFSm5UbFpJVTFWRlJFUkJTMEpuWjNKQ1owVkdRbEZqUkVGNlFXUkNaMDVXU0ZFMFJVWm5VVlZyVVRJdkNrODBSbWwyYWpGaVZIRTNUbFJSWTNwdE1WSmtkRmxCZDBoM1dVUldVakJxUWtKbmQwWnZRVlV6T1ZCd2VqRlphMFZhWWpWeFRtcHdTMFpYYVhocE5Ga0tXa1E0ZDBsbldVUldVakJTUVZGSUwwSkNaM2RHYjBWVlkwZEdhV0pIT1c1ak1rWnpVVWhDTldSSGFIWmlhVFYyWTIxamQwdFJXVXRMZDFsQ1FrRkhSQXAyZWtGQ1FWRlJZbUZJVWpCalNFMDJUSGs1YUZreVRuWmtWelV3WTNrMWJtSXlPVzVpUjFWMVdUSTVkRTFEYzBkRGFYTkhRVkZSUW1jM09IZEJVV2RGQ2toUmQySmhTRkl3WTBoTk5reDVPV2haTWs1MlpGYzFNR041Tlc1aU1qbHVZa2RWZFZreU9YUk5TVWRNUW1kdmNrSm5SVVZCWkZvMVFXZFJRMEpJTUVVS1pYZENOVUZJWTBFelZEQjNZWE5pU0VWVVNtcEhValJqYlZkak0wRnhTa3RZY21wbFVFc3pMMmcwY0hsblF6aHdOMjgwUVVGQlIxaE9NRTUzUjNkQlFRcENRVTFCVTBSQ1IwRnBSVUUyY0VRNFVHcFRLelY2TWxOUmNtVXZUbE12ZDA5a1JsTnFWazF6ZUhaMFprWTJRVEZxWnlzeFZETlpRMGxSUkVNME5GTXZDbG96WXpCa1RtUmtUVGRGYTBVclFUTnFOMVptZEROb2NWSlZiMFpyVG1VMFZUWm5OWEZVUVV0Q1oyZHhhR3RxVDFCUlVVUkJkMDV2UVVSQ2JFRnFRVFlLYkVKSk1uSXpTME5hUm1Nck1tRm1abkJJTTFNeldHb3paMDFQUzJnNFRISTFXamRVWjJ0SGNETlJObEZ6YmtWNFIyMUtTakJzWlZob2NVZzJjbEZyUXdwTlVVUm1lR3N2TmtSNWFHSlBOMHRVY2tsVlptMXlZbHB2WVRka1ZqYzFZM0psYzBwVE5qbFlhelkzV0U0MU4zRnpjVmsxTWtSYWFqbHZOR1ppVlVsM0NqUnliejBLTFMwdExTMUZUa1FnUTBWU1ZFbEdTVU5CVkVVdExTMHRMUW89In19fX0="}], "timestampVerificationData": {}}, "messageSignature": {"messageDigest": {"algorithm": "SHA2_256", "digest": "j7X5+8dgn6giyzFUmIRXXbf9llfL/7iVELXXl1ljqDo="}, "signature": "MEUCIQC9CRYF3RXe3t3qBPIwe+GzL12B9uKN2+DZVkbcemEM/wIgO01JiXgmBqdCyEXh3NIPKyBTAohir6GNHYuxbILJ49Q="}} diff --git a/README.SUSE b/README.SUSE new file mode 100644 index 0000000..0053bcf --- /dev/null +++ b/README.SUSE @@ -0,0 +1,43 @@ +Python 3 in SUSE +============== + +* Subpackages * + +Python 3 is split into several subpackages, based on external dependencies. +The main package 'python3' has soft dependencies on all subpackages needed to +assemble the standard library; however, these might not all be installed by default. + +If you attempt to import a module that is currently not installed, an ImportError is thrown, +with instructions to install the missing subpackage. Installing the subpackage might result +in installing libraries that the subpackage requires to function. + + +* ensurepip * + +The 'ensurepip' module from Python 3 standard library (PEP 453) is supposed to deploy +a bundled copy of the pip installer. This makes no sense in a managed distribution like SUSE. +Instead, you need to install package 'python3-pip'. Usually this will be installed automatically +with 'python3'. + +Using 'ensurepip' when pip is not installed will result in an ImportError with instructions +to install 'python3-pip'. + + +* Documentation * + +You can find documentation in seprarate packages: python3-doc and +python3-doc-pdf. These contan following documents: + + Tutorial, What's New in Python, Global Module Index, Library Reference, + Macintosh Module Reference, Installing Python Modules, Distributing Python + Modules, Language Reference, Extending and Embedding, Python/C API, + Documenting Python + +The python3-doc package constains many text files from source tarball. + + +* Interactive mode * + +Interactive mode is by default enhanced with of history and command completion. +If you don't like these features, you can unset the PYTHONSTARTUP variable +in your .profile or disable it system wide in /etc/profile.d/python.sh. diff --git a/_multibuild b/_multibuild new file mode 100644 index 0000000..1d50bc4 --- /dev/null +++ b/_multibuild @@ -0,0 +1,4 @@ + + base + doc + diff --git a/add-loongarch64-support.patch b/add-loongarch64-support.patch new file mode 100644 index 0000000..10cc846 --- /dev/null +++ b/add-loongarch64-support.patch @@ -0,0 +1,29 @@ +Description: Add platform triplets for LoongArch. + +--- + configure.ac | 14 ++++++++++++++ + 1 file changed, 14 insertions(+) + +--- a/configure.ac ++++ b/configure.ac +@@ -976,6 +976,20 @@ cat > conftest.c <=6) && defined(_MIPSEL) diff --git a/baselibs.conf b/baselibs.conf new file mode 100644 index 0000000..1793de8 --- /dev/null +++ b/baselibs.conf @@ -0,0 +1,3 @@ +python311-base +python311 +libpython3_11-1_0 diff --git a/bluez-devel-vendor.tar.xz b/bluez-devel-vendor.tar.xz new file mode 100644 index 0000000..57fb3e5 --- /dev/null +++ b/bluez-devel-vendor.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:868fbfba2ddaed62f2c45cf869fe2c648527ac3bac738f4f41f3c2872f5b0211 +size 25040 diff --git a/bpo-31046_ensurepip_honours_prefix.patch b/bpo-31046_ensurepip_honours_prefix.patch new file mode 100644 index 0000000..86882ae --- /dev/null +++ b/bpo-31046_ensurepip_honours_prefix.patch @@ -0,0 +1,173 @@ +From 5754521af1d51aa8e445cba07a093bbc0c88596d Mon Sep 17 00:00:00 2001 +From: Zackery Spytz +Date: Mon, 16 Dec 2019 18:24:08 -0700 +Subject: [PATCH] bpo-31046: ensurepip does not honour the value of $(prefix) + +Co-Authored-By: Xavier de Gaye +--- + Doc/library/ensurepip.rst | 9 +++-- + Lib/ensurepip/__init__.py | 18 +++++++--- + Lib/test/test_ensurepip.py | 11 ++++++ + Makefile.pre.in | 4 +- + Misc/NEWS.d/next/Build/2019-12-16-17-50-42.bpo-31046.XA-Qfr.rst | 1 + 5 files changed, 34 insertions(+), 9 deletions(-) + create mode 100644 Misc/NEWS.d/next/Build/2019-12-16-17-50-42.bpo-31046.XA-Qfr.rst + +Index: Python-3.11.8/Doc/library/ensurepip.rst +=================================================================== +--- Python-3.11.8.orig/Doc/library/ensurepip.rst ++++ Python-3.11.8/Doc/library/ensurepip.rst +@@ -59,7 +59,9 @@ is at least as recent as the one availab + By default, ``pip`` is installed into the current virtual environment + (if one is active) or into the system site packages (if there is no + active virtual environment). The installation location can be controlled +-through two additional command line options: ++through some additional command line options: ++ ++* ``--prefix ``: Installs ``pip`` using the given directory prefix. + + * :samp:`--root {dir}`: Installs ``pip`` relative to the given root directory + rather than the root of the currently active virtual environment (if any) +@@ -92,7 +94,7 @@ Module API + Returns a string specifying the available version of pip that will be + installed when bootstrapping an environment. + +-.. function:: bootstrap(root=None, upgrade=False, user=False, \ ++.. function:: bootstrap(root=None, prefix=None, upgrade=False, user=False, \ + altinstall=False, default_pip=False, \ + verbosity=0) + +@@ -102,6 +104,8 @@ Module API + If *root* is ``None``, then installation uses the default install location + for the current environment. + ++ *prefix* specifies the directory prefix to use when installing. ++ + *upgrade* indicates whether or not to upgrade an existing installation + of an earlier version of ``pip`` to the available version. + +@@ -122,6 +126,8 @@ Module API + *verbosity* controls the level of output to :data:`sys.stdout` from the + bootstrapping operation. + ++ .. versionchanged:: 3.9 the *prefix* parameter was added. ++ + .. audit-event:: ensurepip.bootstrap root ensurepip.bootstrap + + .. note:: +Index: Python-3.11.8/Lib/ensurepip/__init__.py +=================================================================== +--- Python-3.11.8.orig/Lib/ensurepip/__init__.py ++++ Python-3.11.8/Lib/ensurepip/__init__.py +@@ -122,27 +122,27 @@ def _disable_pip_configuration_settings( + os.environ['PIP_CONFIG_FILE'] = os.devnull + + +-def bootstrap(*, root=None, upgrade=False, user=False, ++def bootstrap(*, root=None, prefix=None, upgrade=False, user=False, + altinstall=False, default_pip=False, + verbosity=0): + """ + Bootstrap pip into the current Python installation (or the given root +- directory). ++ and directory prefix). + + Note that calling this function will alter both sys.path and os.environ. + """ + # Discard the return value +- _bootstrap(root=root, upgrade=upgrade, user=user, ++ _bootstrap(root=root, prefix=prefix, upgrade=upgrade, user=user, + altinstall=altinstall, default_pip=default_pip, + verbosity=verbosity) + + +-def _bootstrap(*, root=None, upgrade=False, user=False, ++def _bootstrap(*, root=None, prefix=None, upgrade=False, user=False, + altinstall=False, default_pip=False, + verbosity=0): + """ + Bootstrap pip into the current Python installation (or the given root +- directory). Returns pip command status code. ++ and directory prefix). Returns pip command status code. + + Note that calling this function will alter both sys.path and os.environ. + """ +@@ -192,6 +192,8 @@ def _bootstrap(*, root=None, upgrade=Fal + args = ["install", "--no-cache-dir", "--no-index", "--find-links", tmpdir] + if root: + args += ["--root", root] ++ if prefix: ++ args += ["--prefix", prefix] + if upgrade: + args += ["--upgrade"] + if user: +@@ -267,6 +269,11 @@ def _main(argv=None): + help="Install everything relative to this alternate root directory.", + ) + parser.add_argument( ++ "--prefix", ++ default=None, ++ help="Install everything using this prefix.", ++ ) ++ parser.add_argument( + "--altinstall", + action="store_true", + default=False, +@@ -285,6 +292,7 @@ def _main(argv=None): + + return _bootstrap( + root=args.root, ++ prefix=args.prefix, + upgrade=args.upgrade, + user=args.user, + verbosity=args.verbosity, +Index: Python-3.11.8/Lib/test/test_ensurepip.py +=================================================================== +--- Python-3.11.8.orig/Lib/test/test_ensurepip.py ++++ Python-3.11.8/Lib/test/test_ensurepip.py +@@ -112,6 +112,17 @@ class TestBootstrap(EnsurepipMixin, unit + unittest.mock.ANY, + ) + ++ def test_bootstrapping_with_prefix(self): ++ ensurepip.bootstrap(prefix="/foo/bar/") ++ self.run_pip.assert_called_once_with( ++ [ ++ "install", "--no-cache-dir", "--no-index", "--find-links", ++ unittest.mock.ANY, "--prefix", "/foo/bar/", ++ "setuptools", "pip", ++ ], ++ unittest.mock.ANY, ++ ) ++ + def test_bootstrapping_with_user(self): + ensurepip.bootstrap(user=True) + +Index: Python-3.11.8/Makefile.pre.in +=================================================================== +--- Python-3.11.8.orig/Makefile.pre.in ++++ Python-3.11.8/Makefile.pre.in +@@ -1761,7 +1761,7 @@ install: @FRAMEWORKINSTALLFIRST@ commoni + install|*) ensurepip="" ;; \ + esac; \ + $(RUNSHARED) $(PYTHON_FOR_BUILD) -m ensurepip \ +- $$ensurepip --root=$(DESTDIR)/ ; \ ++ $$ensurepip --root=$(DESTDIR)/ --prefix=$(prefix) ; \ + fi + + altinstall: commoninstall +@@ -1771,7 +1771,7 @@ altinstall: commoninstall + install|*) ensurepip="--altinstall" ;; \ + esac; \ + $(RUNSHARED) $(PYTHON_FOR_BUILD) -m ensurepip \ +- $$ensurepip --root=$(DESTDIR)/ ; \ ++ $$ensurepip --root=$(DESTDIR)/ --prefix=$(prefix) ; \ + fi + + commoninstall: check-clean-src @FRAMEWORKALTINSTALLFIRST@ \ +Index: Python-3.11.8/Misc/NEWS.d/next/Build/2019-12-16-17-50-42.bpo-31046.XA-Qfr.rst +=================================================================== +--- /dev/null ++++ Python-3.11.8/Misc/NEWS.d/next/Build/2019-12-16-17-50-42.bpo-31046.XA-Qfr.rst +@@ -0,0 +1 @@ ++A directory prefix can now be specified when using :mod:`ensurepip`. diff --git a/bsc1221260-test_asyncio-ResourceWarning.patch b/bsc1221260-test_asyncio-ResourceWarning.patch new file mode 100644 index 0000000..15d6b8d --- /dev/null +++ b/bsc1221260-test_asyncio-ResourceWarning.patch @@ -0,0 +1,21 @@ +From a3052035485bd2836e40f5284657ca105382cbfd Mon Sep 17 00:00:00 2001 +From: sobolevn +Date: Tue, 5 Mar 2024 20:24:16 +0300 +Subject: [PATCH] gh-116112: Fix `ResourceWarning` in + `test_asyncio.test_stream` + +Co-authored-by: @CendioOssman +--- + Lib/test/test_asyncio/test_streams.py | 1 + + 1 file changed, 1 insertion(+) + +--- a/Lib/test/test_asyncio/test_streams.py ++++ b/Lib/test/test_asyncio/test_streams.py +@@ -1156,6 +1156,7 @@ os.close(fd) + + def test_unhandled_cancel(self): + async def handle_echo(reader, writer): ++ writer.close() + asyncio.current_task().cancel() + messages = self._basetest_unhandled_exceptions(handle_echo) + self.assertEqual(messages, []) diff --git a/bso1227999-reproducible-builds.patch b/bso1227999-reproducible-builds.patch new file mode 100644 index 0000000..fb33d18 --- /dev/null +++ b/bso1227999-reproducible-builds.patch @@ -0,0 +1,37 @@ +From ac2b8869724d7a57d9b5efbdce2f20423214e8bb Mon Sep 17 00:00:00 2001 +From: "Bernhard M. Wiedemann" +Date: Tue, 16 Jul 2024 21:39:33 +0200 +Subject: [PATCH] Allow to override build date with SOURCE_DATE_EPOCH + +to make builds reproducible. +See https://reproducible-builds.org/ for why this is good +and https://reproducible-builds.org/specs/source-date-epoch/ +for the definition of this variable. +--- + Doc/conf.py | 3 ++- + Doc/library/functions.rst | 2 +- + 2 files changed, 3 insertions(+), 2 deletions(-) + +--- a/Doc/conf.py ++++ b/Doc/conf.py +@@ -316,7 +316,8 @@ html_context = { + } + + # This 'Last updated on:' timestamp is inserted at the bottom of every page. +-html_last_updated_fmt = time.strftime('%b %d, %Y (%H:%M UTC)', time.gmtime()) ++html_time = int(os.environ.get('SOURCE_DATE_EPOCH', time.time())) ++html_last_updated_fmt = time.strftime('%b %d, %Y (%H:%M UTC)', time.gmtime(html_time)) + + # Path to find HTML templates. + templates_path = ['tools/templates'] +--- a/Doc/library/functions.rst ++++ b/Doc/library/functions.rst +@@ -1356,7 +1356,7 @@ are always available. They are listed h + (where :func:`open` is declared), :mod:`os`, :mod:`os.path`, :mod:`tempfile`, + and :mod:`shutil`. + +- .. audit-event:: open file,mode,flags open ++ .. audit-event:: open path,mode,flags open + + The ``mode`` and ``flags`` arguments may have been modified or inferred from + the original call. diff --git a/distutils-reproducible-compile.patch b/distutils-reproducible-compile.patch new file mode 100644 index 0000000..17e8bd2 --- /dev/null +++ b/distutils-reproducible-compile.patch @@ -0,0 +1,17 @@ +--- + Lib/distutils/util.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +Index: Python-3.11.8/Lib/distutils/util.py +=================================================================== +--- Python-3.11.8.orig/Lib/distutils/util.py ++++ Python-3.11.8/Lib/distutils/util.py +@@ -436,7 +436,7 @@ byte_compile(files, optimize=%r, force=% + else: + from py_compile import compile + +- for file in py_files: ++ for file in sorted(py_files): + if file[-3:] != ".py": + # This lets us be lazy and not filter filenames in + # the "install_lib" command. diff --git a/externally_managed.in b/externally_managed.in new file mode 100644 index 0000000..54606b6 --- /dev/null +++ b/externally_managed.in @@ -0,0 +1,12 @@ +[externally-managed] +Error=To install Python packages system-wide, try + zypper install __PYTHONPREFIX__-xyz, where xyz is the package + you are trying to install. + + If you wish to install a non-rpm packaged Python package, + create a virtual environment using __PYTHON__ -m venv path/to/venv. + Then use path/to/venv/bin/python and path/to/venv/bin/pip. + + If you wish to install a non-rpm packaged Python application, + it may be easiest to use `pipx install xyz`, which will manage a + virtual environment for you. Install pipx via `zypper install __PYTHONPREFIX__-pipx` . diff --git a/fix_configure_rst.patch b/fix_configure_rst.patch new file mode 100644 index 0000000..a5fe82c --- /dev/null +++ b/fix_configure_rst.patch @@ -0,0 +1,40 @@ +--- + Doc/using/configure.rst | 3 --- + Misc/NEWS | 2 +- + 2 files changed, 1 insertion(+), 4 deletions(-) + +--- a/Doc/using/configure.rst ++++ b/Doc/using/configure.rst +@@ -43,7 +43,6 @@ General Options + + See :data:`sys.int_info.bits_per_digit `. + +-.. option:: --with-cxx-main + .. option:: --with-cxx-main=COMPILER + + Compile the Python ``main()`` function and link Python executable with C++ +@@ -529,13 +528,11 @@ macOS Options + + See ``Mac/README.rst``. + +-.. option:: --enable-universalsdk + .. option:: --enable-universalsdk=SDKDIR + + Create a universal binary build. *SDKDIR* specifies which macOS SDK should + be used to perform the build (default is no). + +-.. option:: --enable-framework + .. option:: --enable-framework=INSTALLDIR + + Create a Python.framework rather than a traditional Unix install. Optional +--- a/Misc/NEWS ++++ b/Misc/NEWS +@@ -9911,7 +9911,7 @@ C API + - bpo-40939: Removed documentation for the removed ``PyParser_*`` C API. + + - bpo-43795: The list in :ref:`limited-api-list` now shows the public name +- :c:struct:`PyFrameObject` rather than ``_frame``. The non-existing entry ++ :c:type:`PyFrameObject` rather than ``_frame``. The non-existing entry + ``_node`` no longer appears in the list. + + - bpo-44378: :c:func:`Py_IS_TYPE` no longer uses :c:func:`Py_TYPE` to avoid diff --git a/gh120226-fix-sendfile-test-kernel-610.patch b/gh120226-fix-sendfile-test-kernel-610.patch new file mode 100644 index 0000000..2eb6f63 --- /dev/null +++ b/gh120226-fix-sendfile-test-kernel-610.patch @@ -0,0 +1,35 @@ +From 1b3f6523a5c83323cdc44031b33a1c062e5dc698 Mon Sep 17 00:00:00 2001 +From: Xi Ruoyao +Date: Fri, 7 Jun 2024 23:51:32 +0800 +Subject: [PATCH] gh-120226: Fix + test_sendfile_close_peer_in_the_middle_of_receiving on Linux >= 6.10 + (GH-120227) + +The worst case is that the kernel buffers 17 pages with a page size of 64k. +(cherry picked from commit a7584245661102a5768c643fbd7db8395fd3c90e) + +Co-authored-by: Xi Ruoyao +--- + Lib/test/test_asyncio/test_sendfile.py | 11 ++++------- + 1 file changed, 4 insertions(+), 7 deletions(-) + +--- a/Lib/test/test_asyncio/test_sendfile.py ++++ b/Lib/test/test_asyncio/test_sendfile.py +@@ -93,13 +93,10 @@ class MyProto(asyncio.Protocol): + + class SendfileBase: + +- # 256 KiB plus small unaligned to buffer chunk +- # Newer versions of Windows seems to have increased its internal +- # buffer and tries to send as much of the data as it can as it +- # has some form of buffering for this which is less than 256KiB +- # on newer server versions and Windows 11. +- # So DATA should be larger than 256 KiB to make this test reliable. +- DATA = b"x" * (1024 * 256 + 1) ++ # Linux >= 6.10 seems buffering up to 17 pages of data. ++ # So DATA should be large enough to make this test reliable even with a ++ # 64 KiB page configuration. ++ DATA = b"x" * (1024 * 17 * 64 + 1) + # Reduce socket buffer size to test on relative small data sets. + BUF_SIZE = 4 * 1024 # 4 KiB + diff --git a/idle3.appdata.xml b/idle3.appdata.xml new file mode 100644 index 0000000..b494f1e --- /dev/null +++ b/idle3.appdata.xml @@ -0,0 +1,51 @@ + + + + org.python.IDLE3 + idle3.desktop + + IDLE3 + Python 3 Integrated Development and Learning Environment + + +

+ IDLE is Python’s Integrated Development and Learning Environment. + The GUI is uniform between Windows, Unix, and macOS. + IDLE provides an easy way to start writing, running, and debugging + Python code. +

+

+ IDLE is written in pure Python, and uses the tkinter GUI toolkit. + It provides: +

+
    +
  • a Python shell window (interactive interpreter) with colorizing of code input, output, and error messages,
    • +
  • a multi-window text editor with multiple undo, Python colorizing, smart indent, call tips, auto completion, and other features,
    • +
  • search within any window, replace within editor windows, and search through multiple files (grep),
    • +
  • a debugger with persistent breakpoints, stepping, and viewing of global and local namespaces.
    • +
+ + + + Python Software Foundation + + + https://docs.python.org/3/library/idle.html + + + + https://in.waw.pl/~zbyszek/fedora/idle3-appdata/idle3-main-window.png + + + https://in.waw.pl/~zbyszek/fedora/idle3-appdata/idle3-class-browser.png + + + https://in.waw.pl/~zbyszek/fedora/idle3-appdata/idle3-code-viewer.png + + + + Python-2.0 + CC0-1.0 + zbyszek@in.waw.pl + + diff --git a/idle3.desktop b/idle3.desktop new file mode 100644 index 0000000..43f5a4c --- /dev/null +++ b/idle3.desktop @@ -0,0 +1,12 @@ +[Desktop Entry] +Version=1.0 +Name=IDLE 3 +GenericName=Python 3 IDE +Comment=Python 3 Integrated Development and Learning Environment +Exec=idle3 %F +TryExec=idle3 +Terminal=false +Type=Application +Icon=idle3 +Categories=Development;IDE; +MimeType=text/x-python; diff --git a/import_failed.map b/import_failed.map new file mode 100644 index 0000000..f33690c --- /dev/null +++ b/import_failed.map @@ -0,0 +1,7 @@ +python311-curses: curses _curses _curses_panel +python311-dbm: dbm _dbm _gdbm +python311-idle: idlelib +python311-testsuite: test _ctypes_test _testbuffer _testcapi _testinternalcapi _testimportmultiple _testmultiphase xxlimited +python311-tk: tkinter _tkinter +python311-tools: turtledemo +python311: sqlite3 readline _sqlite3 nis diff --git a/import_failed.py b/import_failed.py new file mode 100644 index 0000000..258b5a5 --- /dev/null +++ b/import_failed.py @@ -0,0 +1,23 @@ +import sys, os +from sysconfig import get_path + +failed_map_path = os.path.join(get_path('stdlib'), '_import_failed', 'import_failed.map') + +if __spec__: + failed_name = __spec__.name +else: + failed_name = __name__ + +with open(failed_map_path) as fd: + for line in fd: + package = line.split(':')[0] + imports = line.split(':')[1] + if failed_name in imports: + raise ImportError(f"""Module '{failed_name}' is not installed. +Use: + sudo zypper install {package} +to install it.""") + +raise ImportError(f"""Module '{failed_name}' is not installed. +It is supposed to be part of python3 distribution, but missing from failed import map. +Please file a bug on the SUSE Bugzilla.""") diff --git a/macros.python3 b/macros.python3 new file mode 100644 index 0000000..2bd193b --- /dev/null +++ b/macros.python3 @@ -0,0 +1,28 @@ +%have_python3 1 + +# commented out legacy macro definitions +#py3_prefix /usr +#py3_incdir /usr/include/python3.5m +#py3_ver 3.5 + +# these should now be provided by macros.python_all +#python3_sitearch /usr/lib64/python3.5/site-packages +#python3_sitelib /usr/lib/python3.5/site-packages +#python3_version 3.5 + +# hard to say if anyone ever used these? +#py3_soflags cpython-35m-x86_64-linux-gnu +#py3_abiflags m +%cpython3_soabi %(python3 -c "import sysconfig; print(sysconfig.get_config_var('SOABI'))") +%py3_soflags %cpython3_soabi + +# compilation macros that might be in use somewhere +%py3_compile(O) \ +find %1 -name '*.pyc' -exec rm -f {} ";"\ +python3 -c "import sys, os, compileall; br='%{buildroot}'; compileall.compile_dir(sys.argv[1], ddir=br and (sys.argv[1][len(os.path.abspath(br)):]+'/') or None)" %1\ +%{-O:\ +find %1 -name '*.pyo' -exec rm -f {} ";"\ +python3 -O -c "import sys, os, compileall; br='%{buildroot}'; compileall.compile_dir(sys.argv[1], ddir=br and (sys.argv[1][len(os.path.abspath(br)):]+'/') or None)" %1\ +} + + diff --git a/no-skipif-doctests.patch b/no-skipif-doctests.patch new file mode 100644 index 0000000..7e412d7 --- /dev/null +++ b/no-skipif-doctests.patch @@ -0,0 +1,653 @@ +only in patch2: +unchanged: +--- + Doc/library/turtle.rst | 82 ------------------------------------------------- + 1 file changed, 82 deletions(-) + +--- a/Doc/library/turtle.rst ++++ b/Doc/library/turtle.rst +@@ -440,7 +440,6 @@ Turtle motion + turtle is headed. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.position() + (0.00,0.00) +@@ -467,7 +466,6 @@ Turtle motion + >>> turtle.goto(0, 0) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.position() + (0.00,0.00) +@@ -486,13 +484,11 @@ Turtle motion + orientation depends on the turtle mode, see :func:`mode`. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.setheading(22) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.heading() + 22.0 +@@ -511,13 +507,11 @@ Turtle motion + orientation depends on the turtle mode, see :func:`mode`. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.setheading(22) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.heading() + 22.0 +@@ -540,13 +534,11 @@ Turtle motion + not change the turtle's orientation. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.goto(0, 0) + + .. doctest:: +- :skipif: _tkinter is None + + >>> tp = turtle.pos() + >>> tp +@@ -570,13 +562,11 @@ Turtle motion + unchanged. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.goto(0, 240) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.position() + (0.00,240.00) +@@ -592,13 +582,11 @@ Turtle motion + Set the turtle's second coordinate to *y*, leave first coordinate unchanged. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.goto(0, 40) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.position() + (0.00,40.00) +@@ -625,7 +613,6 @@ Turtle motion + =================== ==================== + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.setheading(90) + >>> turtle.heading() +@@ -638,14 +625,12 @@ Turtle motion + its start-orientation (which depends on the mode, see :func:`mode`). + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.setheading(90) + >>> turtle.goto(0, -10) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.heading() + 90.0 +@@ -677,7 +662,6 @@ Turtle motion + calculated automatically. May be used to draw regular polygons. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.position() +@@ -706,7 +690,6 @@ Turtle motion + + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.dot() +@@ -724,7 +707,6 @@ Turtle motion + it by calling ``clearstamp(stamp_id)``. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.color("blue") + >>> turtle.stamp() +@@ -740,7 +722,6 @@ Turtle motion + Delete stamp with given *stampid*. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.position() + (150.00,-0.00) +@@ -785,7 +766,6 @@ Turtle motion + undo actions is determined by the size of the undobuffer. + + .. doctest:: +- :skipif: _tkinter is None + + >>> for i in range(4): + ... turtle.fd(50); turtle.lt(80) +@@ -818,7 +798,6 @@ Turtle motion + turtle turn instantly. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.speed() + 3 +@@ -839,7 +818,6 @@ Tell Turtle's state + Return the turtle's current location (x,y) (as a :class:`Vec2D` vector). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.pos() + (440.00,-0.00) +@@ -855,7 +833,6 @@ Tell Turtle's state + orientation which depends on the mode - "standard"/"world" or "logo". + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.goto(10, 10) + >>> turtle.towards(0,0) +@@ -867,7 +844,6 @@ Tell Turtle's state + Return the turtle's x coordinate. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.left(50) +@@ -883,7 +859,6 @@ Tell Turtle's state + Return the turtle's y coordinate. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.left(60) +@@ -900,7 +875,6 @@ Tell Turtle's state + :func:`mode`). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.left(67) +@@ -917,7 +891,6 @@ Tell Turtle's state + other turtle, in turtle step units. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.distance(30,40) +@@ -941,7 +914,6 @@ Settings for measurement + Default value is 360 degrees. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.left(90) +@@ -964,7 +936,6 @@ Settings for measurement + ``degrees(2*math.pi)``. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.left(90) +@@ -975,7 +946,6 @@ Settings for measurement + 1.5707963267948966 + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.degrees(360) +@@ -1011,7 +981,6 @@ Drawing state + thickness. If no argument is given, the current pensize is returned. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.pensize() + 1 +@@ -1043,7 +1012,6 @@ Drawing state + attributes in one statement. + + .. doctest:: +- :skipif: _tkinter is None + :options: +NORMALIZE_WHITESPACE + + >>> turtle.pen(fillcolor="black", pencolor="red", pensize=10) +@@ -1066,7 +1034,6 @@ Drawing state + Return ``True`` if pen is down, ``False`` if it's up. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.penup() + >>> turtle.isdown() +@@ -1107,7 +1074,6 @@ Color control + newly set pencolor. + + .. doctest:: +- :skipif: _tkinter is None + + >>> colormode() + 1.0 +@@ -1156,7 +1122,6 @@ Color control + with the newly set fillcolor. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.fillcolor("violet") + >>> turtle.fillcolor() +@@ -1195,7 +1160,6 @@ Color control + with the newly set colors. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.color("red", "green") + >>> turtle.color() +@@ -1212,7 +1176,6 @@ Filling + ~~~~~~~ + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.home() +@@ -1222,7 +1185,6 @@ Filling + Return fillstate (``True`` if filling, ``False`` else). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.begin_fill() + >>> if turtle.filling(): +@@ -1247,7 +1209,6 @@ Filling + above may be either all yellow or have some white regions. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.color("black", "red") + >>> turtle.begin_fill() +@@ -1264,7 +1225,6 @@ More drawing control + variables to the default values. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.goto(0,-22) + >>> turtle.left(100) +@@ -1315,7 +1275,6 @@ Visibility + drawing observably. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.hideturtle() + +@@ -1326,7 +1285,6 @@ Visibility + Make the turtle visible. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.showturtle() + +@@ -1357,7 +1315,6 @@ Appearance + deal with shapes see Screen method :func:`register_shape`. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.shape() + 'classic' +@@ -1383,7 +1340,6 @@ Appearance + ``resizemode("user")`` is called by :func:`shapesize` when used with arguments. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.resizemode() + 'noresize' +@@ -1407,7 +1363,6 @@ Appearance + of the shape's outline. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.shapesize() + (1.0, 1.0, 1) +@@ -1432,7 +1387,6 @@ Appearance + heading of the turtle are sheared. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.shape("circle") + >>> turtle.shapesize(5,2) +@@ -1449,7 +1403,6 @@ Appearance + change the turtle's heading (direction of movement). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.reset() + >>> turtle.shape("circle") +@@ -1469,7 +1422,6 @@ Appearance + (direction of movement). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.reset() + >>> turtle.shape("circle") +@@ -1495,7 +1447,6 @@ Appearance + turtle (its direction of movement). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.reset() + >>> turtle.shape("circle") +@@ -1524,7 +1475,6 @@ Appearance + given matrix. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle = Turtle() + >>> turtle.shape("square") +@@ -1540,7 +1490,6 @@ Appearance + can be used to define a new shape or components of a compound shape. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.shape("square") + >>> turtle.shapetransform(4, -1, 0, 2) +@@ -1565,7 +1514,6 @@ Using events + procedural way: + + .. doctest:: +- :skipif: _tkinter is None + + >>> def turn(x, y): + ... left(180) +@@ -1586,7 +1534,6 @@ Using events + ``None``, existing bindings are removed. + + .. doctest:: +- :skipif: _tkinter is None + + >>> class MyTurtle(Turtle): + ... def glow(self,x,y): +@@ -1614,7 +1561,6 @@ Using events + mouse-click event on that turtle. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.ondrag(turtle.goto) + +@@ -1642,7 +1588,6 @@ Special Turtle methods + Return the last recorded polygon. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.begin_poly() +@@ -1662,7 +1607,6 @@ Special Turtle methods + turtle properties. + + .. doctest:: +- :skipif: _tkinter is None + + >>> mick = Turtle() + >>> joe = mick.clone() +@@ -1675,7 +1619,6 @@ Special Turtle methods + return the "anonymous turtle": + + .. doctest:: +- :skipif: _tkinter is None + + >>> pet = getturtle() + >>> pet.fd(50) +@@ -1689,7 +1632,6 @@ Special Turtle methods + TurtleScreen methods can then be called for that object. + + .. doctest:: +- :skipif: _tkinter is None + + >>> ts = turtle.getscreen() + >>> ts +@@ -1707,7 +1649,6 @@ Special Turtle methods + ``None``, the undobuffer is disabled. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.setundobuffer(42) + +@@ -1717,7 +1658,6 @@ Special Turtle methods + Return number of entries in the undobuffer. + + .. doctest:: +- :skipif: _tkinter is None + + >>> while undobufferentries(): + ... undo() +@@ -1740,7 +1680,6 @@ below: + For example: + + .. doctest:: +- :skipif: _tkinter is None + + >>> s = Shape("compound") + >>> poly1 = ((0,0),(10,-5),(0,10),(-10,-5)) +@@ -1751,7 +1690,6 @@ below: + 3. Now add the Shape to the Screen's shapelist and use it: + + .. doctest:: +- :skipif: _tkinter is None + + >>> register_shape("myshape", s) + >>> shape("myshape") +@@ -1771,7 +1709,6 @@ Most of the examples in this section ref + ``screen``. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> screen = Screen() +@@ -1788,7 +1725,6 @@ Window control + Set or return background color of the TurtleScreen. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.bgcolor("orange") + >>> screen.bgcolor() +@@ -1880,7 +1816,6 @@ Window control + distorted. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.reset() + >>> screen.setworldcoordinates(-50,-7.5,50,7.5) +@@ -1891,7 +1826,6 @@ Window control + ... left(45); fd(2) # a regular octagon + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> screen.reset() +@@ -1913,7 +1847,6 @@ Animation control + Optional argument: + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.delay() + 10 +@@ -1935,7 +1868,6 @@ Animation control + :func:`delay`). + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.tracer(8, 25) + >>> dist = 2 +@@ -1972,7 +1904,6 @@ Using screen events + must have the focus. (See method :func:`listen`.) + + .. doctest:: +- :skipif: _tkinter is None + + >>> def f(): + ... fd(50) +@@ -1993,7 +1924,6 @@ Using screen events + must have focus. (See method :func:`listen`.) + + .. doctest:: +- :skipif: _tkinter is None + + >>> def f(): + ... fd(50) +@@ -2018,7 +1948,6 @@ Using screen events + named ``turtle``: + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.onclick(turtle.goto) # Subsequently clicking into the TurtleScreen will + >>> # make the turtle move to the clicked point. +@@ -2038,7 +1967,6 @@ Using screen events + Install a timer that calls *fun* after *t* milliseconds. + + .. doctest:: +- :skipif: _tkinter is None + + >>> running = True + >>> def f(): +@@ -2120,7 +2048,6 @@ Settings and special methods + ============ ========================= =================== + + .. doctest:: +- :skipif: _tkinter is None + + >>> mode("logo") # resets turtle heading to north + >>> mode() +@@ -2135,7 +2062,6 @@ Settings and special methods + values of color triples have to be in the range 0..*cmode*. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.colormode(1) + >>> turtle.pencolor(240, 160, 80) +@@ -2156,7 +2082,6 @@ Settings and special methods + do with a Tkinter Canvas. + + .. doctest:: +- :skipif: _tkinter is None + + >>> cv = screen.getcanvas() + >>> cv +@@ -2168,7 +2093,6 @@ Settings and special methods + Return a list of names of all currently available turtle shapes. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.getshapes() + ['arrow', 'blank', 'circle', ..., 'turtle'] +@@ -2192,7 +2116,6 @@ Settings and special methods + coordinates: Install the corresponding polygon shape. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.register_shape("triangle", ((5,-3), (0,5), (-5,-3))) + +@@ -2208,7 +2131,6 @@ Settings and special methods + Return the list of turtles on the screen. + + .. doctest:: +- :skipif: _tkinter is None + + >>> for turtle in screen.turtles(): + ... turtle.color("red") +@@ -2270,7 +2192,6 @@ Methods specific to Screen, not inherite + center window vertically + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.setup (width=200, height=200, startx=0, starty=0) + >>> # sets window to 200x200 pixels, in upper left of screen +@@ -2286,7 +2207,6 @@ Methods specific to Screen, not inherite + Set title of turtle window to *titlestring*. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.title("Welcome to the turtle zoo!") + +@@ -2357,7 +2277,6 @@ Public classes + Example: + + .. doctest:: +- :skipif: _tkinter is None + + >>> poly = ((0,0),(10,-5),(0,10),(-10,-5)) + >>> s = Shape("compound") +@@ -2743,7 +2662,6 @@ Changes since Python 3.0 + + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> for turtle in turtles(): diff --git a/pre_checkin.sh b/pre_checkin.sh new file mode 100644 index 0000000..a2cf992 --- /dev/null +++ b/pre_checkin.sh @@ -0,0 +1,78 @@ +#!/bin/bash + +export LC_ALL=C + +master=python*.spec + +# create import_failed.map from package definitions +pkgname=$(grep python_pkg_name $master |grep define |awk -F' ' '{print $3}') +MAPFILE=import_failed.map +function new_map_line () { + package=$1 + package=$(echo $1 |sed -e "s:%{python_pkg_name}:$pkgname:") + modules=$2 + if [ -z "$package" -o -z "$modules" ]; then + return + fi + if [[ "$package" =~ "-base" ]]; then + return + fi + echo "$package:$modules" >> $MAPFILE.tmp +} + +for spec in *.spec; do + basename=${spec%.spec} + package= + modules= + while read line; do + case $line in + "%files -n "*) + new_map_line $package "$modules" + package=${line#"%files -n "} + modules= + ;; + "%files "*) + new_map_line $package "$modules" + package=$basename-${line#"%files "} + modules= + ;; + "%files") + new_map_line $package "$modules" + package=$basename + modules= + ;; + "%{sitedir}/config-"*) + # ignore + ;; + "%{sitedir}/"*) + word=${line#"%{sitedir}/"} + if ! echo $word | grep -q /; then + modules="$modules $word" + fi + ;; + "%{dynlib "*"}") + word=${line#"%{dynlib "} + word=${word%"}"} + modules="$modules $word" + ;; + esac + done < $spec + new_map_line $package "$modules" +done + +cat $MAPFILE.tmp |sort -u > $MAPFILE +rm $MAPFILE.tmp + +# run test inclusion check +tar xJf Python-*.xz +python3 skipped_tests.py + +# generate baselibs.conf +VERSION=$(grep ^Version $master|awk -F':' '{print $2}' |sed -e 's/ //g') +python_version=${VERSION:0:3} # 3.3 +python_version_abitag=${python_version//./} # 33 +python_version_soname=${python_version//./_} # 3_3 +echo "$pkgname-base" > baselibs.conf +echo "$pkgname" >> baselibs.conf +echo "libpython$python_version_soname-1_0" >> baselibs.conf + diff --git a/python-3.3.0b1-fix_date_time_compiler.patch b/python-3.3.0b1-fix_date_time_compiler.patch new file mode 100644 index 0000000..cda20d7 --- /dev/null +++ b/python-3.3.0b1-fix_date_time_compiler.patch @@ -0,0 +1,27 @@ +--- + Makefile.pre.in | 7 +++++++ + 1 file changed, 7 insertions(+) + +Index: Python-3.11.8/Makefile.pre.in +=================================================================== +--- Python-3.11.8.orig/Makefile.pre.in ++++ Python-3.11.8/Makefile.pre.in +@@ -1240,11 +1240,18 @@ Modules/getbuildinfo.o: $(PARSER_OBJS) \ + $(DTRACE_OBJS) \ + $(srcdir)/Modules/getbuildinfo.c + $(CC) -c $(PY_CORE_CFLAGS) \ ++ -DDATE="\"`date -u -r Makefile.pre.in +"%b %d %Y"`\"" \ ++ -DTIME="\"`date -u -r Makefile.pre.in +"%T"`\"" \ + -DGITVERSION="\"`LC_ALL=C $(GITVERSION)`\"" \ + -DGITTAG="\"`LC_ALL=C $(GITTAG)`\"" \ + -DGITBRANCH="\"`LC_ALL=C $(GITBRANCH)`\"" \ + -o $@ $(srcdir)/Modules/getbuildinfo.c + ++Python/getcompiler.o: $(srcdir)/Python/getcompiler.c Makefile ++ $(CC) -c $(PY_CORE_CFLAGS) \ ++ -DCOMPILER='"[GCC]"' \ ++ -o $@ $(srcdir)/Python/getcompiler.c ++ + Modules/getpath.o: $(srcdir)/Modules/getpath.c Python/frozen_modules/getpath.h Makefile $(PYTHON_HEADERS) + $(CC) -c $(PY_CORE_CFLAGS) -DPYTHONPATH='"$(PYTHONPATH)"' \ + -DPREFIX='"$(prefix)"' \ diff --git a/python-3.3.0b1-localpath.patch b/python-3.3.0b1-localpath.patch new file mode 100644 index 0000000..475497e --- /dev/null +++ b/python-3.3.0b1-localpath.patch @@ -0,0 +1,13 @@ +Index: Python-3.11.8/Lib/site.py +=================================================================== +--- Python-3.11.8.orig/Lib/site.py ++++ Python-3.11.8/Lib/site.py +@@ -77,7 +77,7 @@ import io + import stat + + # Prefixes for site-packages; add additional prefixes like /usr/local here +-PREFIXES = [sys.prefix, sys.exec_prefix] ++PREFIXES = [sys.prefix, sys.exec_prefix, '/usr/local'] + # Enable per user site-packages directory + # set it to False to disable the feature or True to force the feature + ENABLE_USER_SITE = None diff --git a/python.keyring b/python.keyring new file mode 100644 index 0000000..747bc27 --- /dev/null +++ b/python.keyring @@ -0,0 +1,109 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBFq+ToQBEADRYvIVtbK6owynD3j3nxwpW2KEk/p+aDvtXmc2SR2dBcZ8sFW2 +R5vEsG8d3/D3wgv5pcL3KfNNXQYUnXVbobrFUUWQYc79qIsE3MgiPf5NVOtwKPUR +i5g9YJgKvpBxkQfqp3LYGm9ZBtwo3DVLA3yn7KsazCmAgTNFJYw7ku1XxgmIzY6K +5J30DfbJiqDqj4f9GslCCCCH3qiPnuLG/HUyVLHMpbWlaiy9NI0GcaLxjJewHj9w +W2D2lydkxe5JGo7egUkV3ILcuLVSVKA35SKY27dYqfuyqp9tAzaRbjDYjsYdHA6G +BqrNrKBn/GwlFDPrVdcvN3ZSY2wMLTxWE3Axc/FweuHxFnou/80FwX7F3JD+oEQ6 +rofmcxOBCC7J98I7HZAhP9jBn88XIS2hztbLq8d6rZJZRtcz0k61VR0ddO+TrFmf +9rMYCPgCckRtVxeFIVIabrN1IzKynLFeo040h8hSGswd6YKDOVwjJY6Oa6EmVefZ +a8QSt4+M65RSzH6SEPY008F3nJUAK6MEkzTak+tFltZNrVWu8p2xd1j9nmxAwEhZ +/lgbxLqzYgaUWmfyHeZ8yVA0MhHzdiAL8nVUEdG3KecIq0RWCJLGLWWIjd6KAJl1 +yAmhRYKK/sjPDsL3elHsFACfZbyx3o5GGQNlas1FYoPLWbaNGaJtgFTF2QARAQAB +tCtQYWJsbyBHYWxpbmRvIFNhbGdhZG8gPHBhYmxvZ3NhbEBnbWFpbC5jb20+iQJO +BBMBCgA4FiEEoDXIwZIZuoIezqhrZOYo+NaEaW0FAlq+ToQCGwMFCwkIBwMFFQoJ +CAsFFgIDAQACHgECF4AACgkQZOYo+NaEaW2bmA/+PXIap2udLoUVOHxnsIBdqYwp +sv1Aj5lfIJmNhmxPbHShwp1Jg+w4urxe+2Dj5ofKVlIo1i83bQkvnKJMDXDVuc/K +P6zqhBJ3rT4Q3qx2mzX8bIfQoJ2JHuH4lkP+I7doDcHHRyeNASyk72VdQmU4twNw +Ibn8nSNV6ThKHdoPYzVnO2rZUFcGIqH5HNsvR+B7cc1MBCHsgURYwSVhSePIFGlZ +iasdBD6QQkDSe4QWi7AcJFWFElw4kbOKJWxAWsrEk+tMXJVGRjnmL289EmPCx/vx +BqKy7Mse0yWCSRR3vB+O6TB1S5SgEyEgqlYsfGNv1qf/rfRD4KkyCbNU3LhY1Aim +vJP4pDW+KFxTk2Ks8vrx8gOSd2aFqPeO/pFDrpsF7PD62XwsfoXu4xc5V0Giw7r1 +Nai0nax7kOrldNF8TbbtRjW0jmoC7wLIDujAkwDIOroZ0CXA3N4HVHdSbrHm/urX +nyxJXupXAQNwGx64JCBcbF2fp3Kvu1VAXBEFnd01KaopthHcbG5pA50Kl2Vhe+98 +OdezUX42fHkQpQkB7HgtXfm6W1bw6YRBamrNvs1OoHBYmUjlECpe566IIu25Hc8s +x3qA+6eca7iqizyLG+WyMT8ZIYTWGAS59jxwR4esqGczbbZPSAPHFwLbGv7Wr0Rd +TPu5B0FcKpDkTd4IxQW5Ag0EWr5O2gEQAMjLe4CtbSfofmJrz5wfNkMVsZ81Gbqe +MoYd3dtkJnQYERUj8flzBj3ucaxGJ+Cuf7ybh3naPopKvEI1q0vkcgCDqrEgXK// +jKJbP28uPSMGhOG28q4PbamG55gy5FtM3ezzAxPWWKe9qBpV65GMmFy7eBQx2iJs +yiDIOOQQ4kraS+cTqNFimEXAGLCOQRNLcwIZzwAAHoW7HEpNUfVwaBD9kMlbo1ND +I60IKcNrNcmcmRxhJqfxjj8YBMwcKHO6GBE3AVpaE/+UO9zyr4TH+0YuQUgxKlPW +Dkg5XlkDo0S1GyLY5e9ckIDIlkTdDa2pOkoE2yB5MQCEga3YiHrKUVTTWaxn9XVJ +6x5ZjUF6bgSWGkrG5dUqSYoO1iDMuNVjtiujNyf/rvfj5cNxS7/lgxchhQKZHZXL +WVqxlneeVJ6s0P4+ROVG9ga2Sve7aUJ6wXIewZwulBcV2sE/W/DgxHgLBi53CUQt +vEzFzKvo48GnDqL5VYjA7l0HMYHd4GksCLi8E8U6Cgj+imXiM8voL7pHRZfs8mY8 +udR+UT4e1Scl2MYP2qBJ9/17B/X52B3s1EZdqI/r+hfOyqrhPs+dbAN0mtMPn68+ +nrvY1+nscvrSYEP6ZBlc9Hp2mgJdb6IcTvINXBEeLRjgc3pjViva443pkiFp9Axm +ecOckMKP3uSlABEBAAGJBGwEGAEKACAWIQSgNcjBkhm6gh7OqGtk5ij41oRpbQUC +Wr5O2gIbAgJACRBk5ij41oRpbcF0IAQZAQoAHRYhBM/cokWxBDzypfl4Zf/odAQW +i9hHBQJavk7aAAoJEP/odAQWi9hHr7YP/RCLre1CmOoWYpAtoa1yVCeYMDV6eQgL +B488/BEZHQE1zbrYy16XkhORob3JF/kUMjmJW7XaFF8FrWvRcdj/xaUGbOOEulKg +v+8zWfswYQRiZ4/JlwER4vRLi6fTE89MVER6Fkj2ASD4D2cifY+EztD4flV3sq3s +vIogGFaN9IvdrdeptOVGXs1RmAyoTsiS2mKQ6xsGh8B9ZAm55W8fBOGiSzLX21Xk +Ofdw53BrFQxn3cu/JgIKpdeZxgukcvEAI62B6X+YL6Na4j0eqEGLzsNtU1+xeJlo +WtVvmRwnRHGSxF6fzIZ3mk/p/aFiXAEq/xITCTY6tDv7x7pFE/RpdlJZyNJ+R5Y4 +SQiuDsylxNCa/4G5EB6q+7iVYtbEQ9MnZg2phowEE42tlj0rz8/rvDK3LH3xibot +KHIodCWKlWByxH99u2PuHUQ0c1oCVBUE1KkruMpvI236DpU/dvdq4JLSg/fWrys/ +VIjqLZgsIE5g/KO9XqngWHkLcBLh4CNAmHJ8Iia+s+/rfgsejQWB5uJb6eYg2JjB +4WP1EI0rULM6fdrCNB+MJ36wE2Lnb4bfT0phOMgjjH5/Ki7ZCbkxkOsBs4SRjiS+ +weCsmpAtMqodWY/Cnw9pWSA/qLSRD5/mKeb9SO6OZ/OPfAatwnGHsvZ2sAueC6rR +04W5BfXZWrnJUXQP/id/EKE1Ksp5fKoxSCbkKTCig+Sf5Afwe36yFN+niZBqzn5b +BgL/HIKaZM97oDHersPPANeEgS+JVlBf95iKIYnQbZP43FLVbvOuaINhBIVtFO54 +2Y7EYwl41kP7ILDElVy36KAmdQyBAfrjnZiRA70xShOxApLug1L0lxhR3YfmLwNi +RJ0V6KnYDKf0pfdhO9VFyFFWUojX1usn2SmSsXNizsNtvRqHXzPnX0rbJzZ9+N4O +9k1nxygYFG/2R/jGonVmTjRzcAHrAkNJETMWXMA7/8wRMDwluz8j+cCldey9x8Vk +JwgLGnZSbQtVpcFAnm5r/36Gt+9wc1VWMyrUrVr6Z679aqAbG7PMaeR5h5ygMj1k +VqRTYAUPSk1f8bZKRssQkQwEbp9dVIjm9SsR8VT7/tB+UuB85dABxgHfv3psJRT+ +tL8g9V7kSZqQfcLNGmvEVvr2Zl9NtxwXtsFM2OBprxCenwb+e9Ppm1LjfJG/NE72 +mAnOERfDaiLt4bqNo36Ei5sGCJ4Fx61phzNBXzkdRNM47i8J5UZRKFkE91c99BVM +HKUaY61NRK24fR0zP98ftDU82YFw0VRFJpTeBrO5ivN1MlQxUPzUWxKxMxO+20wa +UOXroEw11Tb4SRLGOla1pCl6lCUPJRy9IzadPDgTr/OTMkob/snt/XLdnV5/uQIN +BFq+TvoBEAC8Oy1g6pPWBbrCMhIq7VWY2fjylJ1fwg5BPXkOKVK1dsGYO4QD7oW9 +L0aSqcFSNFGF9Cl0Ri4TFXZC3hnG4HeSXUWApuKdBLn21H3jba36Ay1oGcGfdm0v +Zght4c6BlMVBpGCw2wIkJbUNEy6InMM+O8CCbbaH3iJkJ4141P7pODHignx5AmZI +conMui4YOhC+IXQXynVEv1Juk7erB1Nh1RcRvsA4lb44HWx49lIwe85ejOmoZ0O3 +6f9NJRer6bV0+rHWmg4IV5Q9h/Gn4IhEDZxA0DZl1RQI7dMgaMbIFbXGq7Kgzstz +EUnOoy29hXodxVmwIsMrAiQUYtwJ9hW+ESsw47+W2iPHVgviGWl7r/SgcgMYmf6m +5kiTBtwU7BQPS9G3zwwP2Rm3AA/6g39Q+tQKjOwi1I8+GZsY2On44Zly7BreBNg5 +4gJgdAGcMOYU9etr050clH3UpTYcAEtX++ahtOKhJgLIPNcIAQNlnifqvU0VYpgw +R4YpZ7hgg+AVDzC73PIM0lFI0XiDuqChbxE+K1jmLXWe5iJF0dzgVTwP+PmsifNZ +Wg3+YxSsS+hDMPQ2xPiQN49gT4JJDHcDuyhHyCGYgyMiVJCsku9KrkubbfVRivyN +ZF2Zfo3f+nbrRxsftz0yjAq8byCvb0V0XOpt4pJ/ddlug9ytRxALNwARAQABiQI2 +BBgBCgAgFiEEoDXIwZIZuoIezqhrZOYo+NaEaW0FAlq+TvoCGwwACgkQZOYo+NaE +aW3urA//UQ/cKQ7HvWjcLphzQOZc+6m5YL0wxvZkSjemU7mqjZdpacteIvRAoers +EqXHc208liIBtNfRzoreXdcXNzie65xXkrRnWoHVH/fTWy4lOnHr2CMXLeHjUgg/ +M6PYi8+sARm05YFB8nsYhlhx3IdLhcfeVVbJedQKO0yL3CK1okT30DUVq5Lq6X/K +DC6AxuJR3D6UMSoT0WLaoX8qbhAp88qLynInfBVL18d97h916WPLTPeP0eHwhwND +bYtKDCMDuKQ9XX5+QsNH0RmbxlX274LHrUMMvkLKxcfCBvP+iuqrBeIuoeVzXYJZ +j7ZJtEH79bW44eecl/CY/STFYgSQ2XGTp2BI2q60wAmtKlNhwxY5ena0FgyFl6Tm +5OBHW/Pwo+ndQJGfbrCyWkTgRay9c8er3gl3GQYIBH6X0kCiG7h/Epj0b5CHOPU5 +hCw0kEB8MB4poTIjeiY+Q01472/lQ68CL3DX158hR5d3XaPSIxAN+qFsfB1o316p +yjxhfK1MD/IfrOgjlggPPnc/KmLkCzpgdwKcZwLCdZq9hYBvF1Zs34HbaVMYbWTK +uxLowtXGU43vatCXXqmPOvl4/g4tZD6rysJDgOrHQnEHzT+Napn07s0BRC0IbbNn +FynUrkr5KMSuRz7Hg7xMApENOrb0nqdHSUJ914ZpuMIS6RhJgGu5Ag0EWr5PIAEQ +ALfh9vPD2B+miHDTMADI8aRZ7g9tnzynZYkk3+2sCiiusetsQQ+HIPJ/ASEJB7On +ane9dyT/LTRhrK9qaxgVMimk2COXB/xyh7Mnw7nJgFU0aRSbtX0vbvQz2suSzrQ6 +9mPKzan28JGoClqB0bw1vwf3VjjxHV2dgD57CmqFPv7kAC/2a56dE+etzXattZAL ++2JWTpmfQ0ePRRadtBm0VahQhnU8x0+jvAVrEawqpVW83ozYFyW/0WInM2J7jHgQ +16OosY4lj5L/DxpVxaArhRFoRfWPXfC37iE8Mou/I95isvPQIhp1wTo4jG0KM02B +oIVbp/QRNBQ6WtpOzvJs1gqQiJJTfqbKJXQ3NDEY9crpVS83HJ+Zv99PNsyNkFjG +QpU84U3ZhsI4ygjdY45mpZueqI1RVcRQdu8Hgvoo/78Q/Sir6gMGop3mVdVo2guI +kFcJrXh0Xk3ech4aVqrmKx/mPXGwOAQU0DAul4RW3fKg1QxQE7Tlw3+95Ee/+q5j +HARL0uDbCJpRO8Sl8NDEuL32n/2Ot6kQeCSHrU7KJRYAkTxkKvr8zNow7hFhHFPE +SnHvTnskI6noh0VY6NwMhmLvhm0wKkRxZPzUNc3sgLvbK1NymIZ9aKCZamzhZrmG +vnblEz/OSLwGUua465H3hM1vvBQiartj7+6ZqWIkSmBPABEBAAGJAjYEGAEKACAW +IQSgNcjBkhm6gh7OqGtk5ij41oRpbQUCWr5PIAIbIAAKCRBk5ij41oRpbWmeEACG ++axtDC8UoNp9ORiYwEWLzZWDuugE+ah7DYYGD4Vs633FXVZW3SgM/bFtJ/0Lg8CF +74jI4LMHyIjDzEjcoItwnhBLix+kUoJTvrY58GPydwekLuw1p4KXLqtRs4fsZbNQ +YTknl4jYtRWoxO98x7tun7Gq2gqmJkIB2uj630fKz5cBk6p6oDFKjzyrHe+V7BiK +3okQPaD4x7hq8OnTy7lOy92ZZAqztS4tNEb4DkYW1MpuwsJ7hbBZitc1siI+FVVb +GjVVGZz6ssXoW67Tz8+VxdWJxNLXlv27eMcj4sme5S0th/YYNA5fRRv6zuzqZAru +YNGLpYYU7JLvZJ+3lCwa5j5ycOGBF0GvsGs6gj6h+CHkjR/BgzAgWC+GgUgslt6q +aH04rWtV6rVz+Y91LcrX5P6OM4anmXD3Gp3kl35AypXb4KyASF19+11RUziD4Z7q +wQEWfbwOltNyZv2lD8s2jPr7P02axWRQUbZAEhxRmvOQev/FZPyCF6gqUo/HxRbQ +y3bzmnipyHSv1DlXNfCFCHvN8kGyZnRWARqIKRg+j9ediJgOUqlLhg6KmrTVxd5v +3Dfv52PW2UODDTM20s3cQGuX/UswzMRwPI/+P44iCMwEKdm7duM/5oisZT9Vhy7g +P15MreFZLcZvUVgjqgy0u57cstyGK1Bo9e2sFcK2fA== +=6Zb4 +-----END PGP PUBLIC KEY BLOCK----- diff --git a/python311-rpmlintrc b/python311-rpmlintrc new file mode 100644 index 0000000..6c3d3b0 --- /dev/null +++ b/python311-rpmlintrc @@ -0,0 +1,4 @@ +addFilter("pem-certificate.*/usr/lib.*/python.*/test/*.pem") +addFilter("devel-file-in-non-devel-package.*/usr/lib.*/python.*/tests/*.c") +addFilter("devel-file-in-non-devel-package.*/usr/lib.*/python.*/test/*.cpp") +addFilter("python-bytecode-inconsistent-mtime.*\.pyc") diff --git a/python311.changes b/python311.changes new file mode 100644 index 0000000..c2ddfe2 --- /dev/null +++ b/python311.changes @@ -0,0 +1,5652 @@ +------------------------------------------------------------------- +Thu Sep 18 08:15:31 UTC 2025 - Dominique Leuenberger + +- Require AppStream to validate appdata file instead of deprecated + appstream-glib. +- Update idle3.appdata.xml to pass the more pedantic appstreamcli. + +------------------------------------------------------------------- +Fri Aug 1 20:09:24 UTC 2025 - Matej Cepl + +- Add CVE-2025-8194-tarfile-no-neg-offsets.patch which now + validates archives to ensure member offsets are non-negative + (gh#python/cpython#130577, CVE-2025-8194, bsc#1247249). + +------------------------------------------------------------------- +Wed Jul 2 14:47:20 UTC 2025 - Matej Cepl + +- Add CVE-2025-6069-quad-complex-HTMLParser.patch to avoid worst + case quadratic complexity when processing certain crafted + malformed inputs with HTMLParser (CVE-2025-6069, bsc#1244705). + +------------------------------------------------------------------- +Tue Jul 1 08:19:52 UTC 2025 - Daniel Garcia + +- Use one core to build doc. This will make sphinx doc build + reproducible. + bsc#1243155 + +------------------------------------------------------------------- +Mon Jun 9 17:19:32 UTC 2025 - Matej Cepl + +- Update to 3.11.13: + - Security + - gh-135034: Fixes multiple issues that allowed tarfile + extraction filters (filter="data" and filter="tar") + to be bypassed using crafted symlinks and hard links. + Addresses CVE-2024-12718 (bsc#1244056), CVE-2025-4138 + (bsc#1244059), CVE-2025-4330 (bsc#1244060), and + CVE-2025-4517 (bsc#1244032). Also addresses CVE-2025-4435 + (gh#135034, bsc#1244061). + - gh-133767: Fix use-after-free in the “unicode-escape” + decoder with a non-“strict” error handler (CVE-2025-4516, + bsc#1243273). + - gh-128840: Short-circuit the processing of long IPv6 + addresses early in ipaddress to prevent excessive memory + consumption and a minor denial-of-service. + - Library + - gh-128840: Fix parsing long IPv6 addresses with embedded + IPv4 address. + - gh-134062: ipaddress: fix collisions in __hash__() for + IPv4Network and IPv6Network objects. + - gh-123409: Fix ipaddress.IPv6Address.reverse_pointer output + according to RFC 3596, §2.5. Patch by Bénédikt Tran. + - bpo-43633: Improve the textual representation of + IPv4-mapped IPv6 addresses (RFC 4291 Sections 2.2, 2.5.5.2) + in ipaddress. Patch by Oleksandr Pavliuk. +- Remove upstreamed patches: + - gh-126572-test_ssl-no-stop-ThreadedEchoServer-OSError.patch + - CVE-2025-4516-DecodeError-handler.patch + +------------------------------------------------------------------- +Thu May 22 13:01:17 UTC 2025 - Matej Cepl + +- Add CVE-2025-4516-DecodeError-handler.patch fixing + CVE-2025-4516 (bsc#1243273) blocking DecodeError handling + vulnerability, which could lead to DoS. + +------------------------------------------------------------------- +Sat May 17 10:02:27 UTC 2025 - Matej Cepl + +- Use extended %autopatch. + +------------------------------------------------------------------- +Sat May 10 11:38:24 UTC 2025 - Matej Cepl + +- Remove python-3.3.0b1-test-posix_fadvise.patch (not needed + since kernel 3.6-rc1) + +------------------------------------------------------------------- +Fri Apr 18 14:05:38 UTC 2025 - Matej Cepl + +- Update to 3.11.12: + - gh-131809: Update bundled libexpat to 2.7.1 + - gh-131261: Upgrade to libexpat 2.7.0 + - gh-105704: When using urllib.parse.urlsplit() and + urllib.parse.urlparse() host parsing would not reject domain + names containing square brackets ([ and ]). Square brackets + are only valid for IPv6 and IPvFuture hosts according to RFC + 3986 Section 3.2.2 (bsc#1236705, CVE-2025-0938, + gh#python/cpython#105704). + - gh-121284: Fix bug in the folding of rfc2047 encoded-words + when flattening an email message using a modern email + policy. Previously when an encoded-word was too long for + a line, it would be decoded, split across lines, and + re-encoded. But commas and other special characters in the + original text could be left unencoded and unquoted. This + could theoretically be used to spoof header lines using a + carefully constructed encoded-word if the resulting rendered + email was transmitted or re-parsed. + - gh-80222: Fix bug in the folding of quoted strings + when flattening an email message using a modern email + policy. Previously when a quoted string was folded so that + it spanned more than one line, the surrounding quotes and + internal escapes would be omitted. This could theoretically + be used to spoof header lines using a carefully constructed + quoted string if the resulting rendered email was transmitted + or re-parsed. + - gh-119511: Fix a potential denial of service in the imaplib + module. When connecting to a malicious server, it could + cause an arbitrary amount of memory to be allocated. On many + systems this is harmless as unused virtual memory is only + a mapping, but if this hit a virtual address size limit + it could lead to a MemoryError or other process crash. On + unusual systems or builds where all allocated memory is + touched and backed by actual ram or storage it could’ve + consumed resources doing so until similarly crashing. + - gh-127257: In ssl, system call failures that OpenSSL reports + using ERR_LIB_SYS are now raised as OSError. + - gh-121277: Writers of CPython’s documentation can now use + next as the version for the versionchanged, versionadded, + deprecated directives. + - gh-106883: Disable GC during the _PyThread_CurrentFrames() + and _PyThread_CurrentExceptions() calls to avoid the + interpreter to deadlock. +- Remove upstreamed patch: + - CVE-2025-0938-sq-brackets-domain-names.patch +- Add gh-126572-test_ssl-no-stop-ThreadedEchoServer-OSError.patch + which makes test_ssl not to stop ThreadedEchoServer on OSError, + which makes test_ssl pass with OpenSSL 3.5 (bsc#1241067, + gh#python/cpython!126572) + +------------------------------------------------------------------- +Wed Mar 12 15:05:46 UTC 2025 - Bernhard Wiedemann + +- Allow to disable PGO + +------------------------------------------------------------------- +Mon Mar 10 15:44:31 UTC 2025 - Bernhard Wiedemann + +- Skip PGO with %want_reproducible_builds (bsc#1239210) + +------------------------------------------------------------------- +Tue Feb 4 14:43:13 UTC 2025 - Matej Cepl + +- Add CVE-2025-0938-sq-brackets-domain-names.patch which + disallows square brackets ([ and ]) in domain names for parsed + URLs (bsc#1236705, CVE-2025-0938, gh#python/cpython#105704) + +------------------------------------------------------------------- +Mon Jan 27 09:00:48 UTC 2025 - Daniel Garcia + +- Configure externally_managed with a bcond + https://en.opensuse.org/openSUSE:Python:Externally_managed + bsc#1228165 + +------------------------------------------------------------------- +Wed Dec 4 21:40:41 UTC 2024 - Matej Cepl + +- Update to 3.11.11: + - Tools/Demos + - gh-123418: Update GitHub CI workflows to use OpenSSL 3.0.15 + and multissltests to use 3.0.15, 3.1.7, and 3.2.3. + - Tests + - gh-125041: Re-enable skipped tests for zlib on the + s390x architecture: only skip checks of the compressed + bytes, which can be different between zlib’s software + implementation and the hardware-accelerated implementation. + - Security + - gh-126623: Upgrade libexpat to 2.6.4 + - gh-122792: Changed IPv4-mapped ipaddress.IPv6Address to + consistently use the mapped IPv4 address value for deciding + properties. Properties which have their behavior fixed are + is_multicast, is_reserved, is_link_local, is_global, and + is_unspecified. + - Library + - gh-124651: Properly quote template strings in venv + activation scripts (bsc#1232241, CVE-2024-9287). +- Removed upstreamed patches: + - CVE-2024-9287-venv_path_unquoted.patch + +------------------------------------------------------------------- +Tue Dec 3 08:21:35 UTC 2024 - John Paul Adrian Glaubitz + +- Add add-loongarch64-support.patch to support loongarch64 + +------------------------------------------------------------------- +Mon Dec 2 22:50:07 UTC 2024 - Matej Cepl + +- Fix changelog + +------------------------------------------------------------------- +Mon Nov 11 12:43:40 UTC 2024 - Daniel Garcia + +- Remove -IVendor/ from python-config boo#1231795 + +------------------------------------------------------------------- +Fri Nov 1 16:32:10 UTC 2024 - Matej Cepl + +- Add CVE-2024-9287-venv_path_unquoted.patch to properly quote + path names provided when creating a virtual environment + (bsc#1232241, CVE-2024-9287) + +------------------------------------------------------------------- +Wed Oct 2 16:18:29 UTC 2024 - Matej Cepl + +- Drop .pyc files from docdir for reproducible builds + (bsc#1230906). + +------------------------------------------------------------------- +Mon Sep 9 16:53:07 UTC 2024 - Matej Cepl + +- Update to 3.11.10: + - Security + - gh-123678: Upgrade libexpat to 2.6.3 + - gh-121957: Fixed missing audit events around interactive + use of Python, now also properly firing for ``python -i``, + as well as for ``python -m asyncio``. The event in question + is ``cpython.run_stdin``. + - gh-122133: Authenticate the socket connection for the + ``socket.socketpair()`` fallback on platforms where + ``AF_UNIX`` is not available like Windows. Patch by + Gregory P. Smith and Seth Larson + . Reported by Ellie + - gh-121285: Remove backtracking from tarfile header parsing + for ``hdrcharset``, PAX, and GNU sparse headers + (bsc#1230227, CVE-2024-6232). + - gh-118486: :func:`os.mkdir` on Windows now accepts + *mode* of ``0o700`` to restrict the new directory to + the current user. This fixes CVE-2024-4030 affecting + :func:`tempfile.mkdtemp` in scenarios where the base + temporary directory is more permissive than the default. + - gh-116741: Update bundled libexpat to 2.6.2 + - Library + - gh-123270: Applied a more surgical fix for malformed + payloads in :class:`zipfile.Path` causing infinite loops + (gh-122905) without breaking contents using legitimate + characters (bsc#1229704, CVE-2024-8088). + - gh-123067: Fix quadratic complexity in parsing ``"``-quoted + cookie values with backslashes by :mod:`http.cookies` + (bsc#1229596, CVE-2024-7592). + - gh-122905: :class:`zipfile.Path` objects now sanitize names + from the zipfile. + - gh-121650: :mod:`email` headers with embedded newlines are + now quoted on output. The :mod:`~email.generator` will now + refuse to serialize (write) headers that are unsafely folded + or delimited; see :attr:`~email.policy.Policy.verify_generated_headers`. + (Contributed by Bas Bloemsaat and Petr Viktorin in + :gh:`121650`; CVE-2024-6923, bsc#1228780). + - gh-119506: Fix :meth:`!io.TextIOWrapper.write` method + breaks internal buffer when the method is called again + during flushing internal buffer. + - gh-118643: Fix an AttributeError in the :mod:`email` module + when re-fold a long address list. Also fix more cases of + incorrect encoding of the address separator in the address + list. + - gh-113171: Fixed various false positives and false + negatives in * :attr:`ipaddress.IPv4Address.is_private` + (see these docs for details) * + :attr:`ipaddress.IPv4Address.is_global` * + :attr:`ipaddress.IPv6Address.is_private` * + :attr:`ipaddress.IPv6Address.is_global` Also in the + corresponding :class:`ipaddress.IPv4Network` and + :class:`ipaddress.IPv6Network` attributes. + Fixes bsc#1226448 (CVE-2024-4032). + - gh-102988: :func:`email.utils.getaddresses` and + :func:`email.utils.parseaddr` now return ``('', '')`` + 2-tuples in more situations where invalid email addresses + are encountered instead of potentially inaccurate + values. Add optional *strict* parameter to these two + functions: use ``strict=False`` to get the old behavior, + accept malformed inputs. ``getattr(email.utils, + 'supports_strict_parsing', False)`` can be use to check if + the *strict* paramater is available. Patch by Thomas Dwyer + and Victor Stinner to improve the CVE-2023-27043 fix + (bsc#1210638). + - gh-67693: Fix :func:`urllib.parse.urlunparse` and + :func:`urllib.parse.urlunsplit` for URIs with path starting + with multiple slashes and no authority. Based on patch by + Ashwin Ramaswami. + - Core and Builtins + - gh-112275: A deadlock involving ``pystate.c``'s + ``HEAD_LOCK`` in ``posixmodule.c`` at fork is now + fixed. Patch by ChuBoning based on previous Python 3.12 fix + by Victor Stinner. + - gh-109120: Added handle of incorrect star expressions, e.g + ``f(3, *)``. Patch by Grigoryev Semyon +- Removed upstreamed patches: + - CVE-2023-27043-email-parsing-errors.patch + - CVE-2024-4032-private-IP-addrs.patch + - CVE-2024-6923-email-hdr-inject.patch + - CVE-2024-8088-inf-loop-zipfile_Path.patch + (renamed from CVE-2024-8088-zipfile-Path-sanitization.patch) + - CVE-2024-6232-ReDOS-backtrack-tarfile.patch + - CVE-2024-7592-quad-complex-cookies.patch + +------------------------------------------------------------------- +Mon Sep 2 09:44:26 UTC 2024 - Matej Cepl + +- Add gh120226-fix-sendfile-test-kernel-610.patch to avoid + failing test_sendfile_close_peer_in_the_middle_of_receiving + tests on Linux >= 6.10 (GH-120227). + +------------------------------------------------------------------- +Wed Aug 28 16:54:34 UTC 2024 - Matej Cepl + +- Add CVE-2024-8088-inf-loop-zipfile_Path.patch to prevent + malformed payload to cause infinite loops in zipfile.Path + (bsc#1229704, CVE-2024-8088). + +------------------------------------------------------------------- +Wed Aug 7 12:12:42 UTC 2024 - Matej Cepl + +- Add CVE-2024-6923-email-hdr-inject.patch to prevent email + header injection due to unquoted newlines (bsc#1228780, + CVE-2024-6923). +- %{profileopt} variable is set according to the variable + %{do_profiling} (bsc#1227999) + +------------------------------------------------------------------- +Mon Jul 22 21:20:55 UTC 2024 - Matej Cepl + +- Remove %suse_update_desktop_file macro as it is not useful any + more. + +------------------------------------------------------------------- +Thu Jul 18 22:37:07 UTC 2024 - Matej Cepl + +- Adding bso1227999-reproducible-builds.patch fixing bsc#1227999 + adding reproducibility patches from gh#python/cpython!121872 + and gh#python/cpython!121883. + +------------------------------------------------------------------- +Mon Jul 15 12:14:05 UTC 2024 - Matej Cepl + +- Stop using %%defattr, it seems to be breaking proper executable + attributes on /usr/bin/ scripts (bsc#1227378). + +------------------------------------------------------------------- +Tue Jul 2 10:32:58 UTC 2024 - Daniel Garcia + +- Update F00251-change-user-install-location.patch to make pip and + modern tools install directly in /usr/local when used by the user. + bsc#1225660 + +------------------------------------------------------------------- +Tue Jun 25 21:57:40 UTC 2024 - Matej Cepl + +- Add CVE-2024-4032-private-IP-addrs.patch to fix bsc#1226448 + (CVE-2024-4032) rearranging definition of private v global IP + addresses. + +------------------------------------------------------------------- +Wed May 1 08:39:08 UTC 2024 - Matej Cepl + +- Update CVE-2023-52425-libexpat-2.6.0-backport.patch + so that it uses features sniffing, not just + comparing version number. Include also + support-expat-CVE-2022-25236-patched.patch. +- Add CVE-2023-52425-remove-reparse_deferral-tests.patch skipping + failing tests. +- Refresh patches: + - CVE-2023-27043-email-parsing-errors.patch + - fix_configure_rst.patch + - skip_if_buildbot-extend.patch +- Remove included patch: + - support-expat-CVE-2022-25236-patched.patch + +------------------------------------------------------------------- +Mon Apr 15 10:31:32 UTC 2024 - Daniel Garcia + +- Add CVE-2023-52425-libexpat-2.6.0-backport.patch to fix tests with + patched libexpat below 2.6.0 that doesn't update the version number, + just in SLE. + +------------------------------------------------------------------- +Mon Apr 8 05:44:04 UTC 2024 - Daniel Garcia + +- Remove not needed upstream patches: + * libexpat260.patch + * CVE-2023-6597-TempDir-cleaning-symlink.patch, bsc#1219666 + * CVE-2024-0397-memrace_ssl.SSLContext_cert_store.patch + +- Update to 3.11.9: + * Security + - gh-115398: Allow controlling Expat >=2.6.0 reparse deferral + (CVE-2023-52425, bsc#1219559) by adding five new methods: + xml.etree.ElementTree.XMLParser.flush() + xml.etree.ElementTree.XMLPullParser.flush() + xml.parsers.expat.xmlparser.GetReparseDeferralEnabled() + xml.parsers.expat.xmlparser.SetReparseDeferralEnabled() + xml.sax.expatreader.ExpatParser.flush() + - gh-115399: Update bundled libexpat to 2.6.0 + - gh-115243: Fix possible crashes in collections.deque.index() + when the deque is concurrently modified. + - gh-114572: ssl.SSLContext.cert_store_stats() and + ssl.SSLContext.get_ca_certs() now correctly lock access to the + certificate store, when the ssl.SSLContext is shared across + multiple threads (bsc#1226447, CVE-2024-0397). + * Core and Builtins + - gh-116296: Fix possible refleak in object.__reduce__() internal + error handling. + - gh-116034: Fix location of the error on a failed assertion. + - gh-115823: Properly calculate error ranges in the parser when + raising SyntaxError exceptions caused by invalid byte sequences. + Patch by Pablo Galindo + - gh-112087: For an empty reverse iterator for list will be + reduced to reversed(). Patch by Donghee Na. + - gh-115011: Setters for members with an unsigned integer type now + support the same range of valid values for objects that has a + __index__() method as for int. + - gh-96497: Fix incorrect resolution of mangled class variables + used in assignment expressions in comprehensions. + * Library + - gh-117310: Fixed an unlikely early & extra Py_DECREF triggered + crash in ssl when creating a new _ssl._SSLContext if CPython was + built implausibly such that the default cipher list is empty or + the SSL library it was linked against reports a failure from its + C SSL_CTX_set_cipher_list() API. + - gh-117178: Fix regression in lazy loading of self-referential + modules, introduced in gh-114781. + - gh-117084: Fix zipfile extraction for directory entries with the + name containing backslashes on Windows. + - gh-117110: Fix a bug that prevents subclasses of typing.Any to + be instantiated with arguments. Patch by Chris Fu. + - gh-90872: On Windows, subprocess.Popen.wait() no longer calls + WaitForSingleObject() with a negative timeout: pass 0 ms if the + timeout is negative. Patch by Victor Stinner. + - gh-116957: configparser: Don’t leave ConfigParser values in an + invalid state (stored as a list instead of a str) after an + earlier read raised DuplicateSectionError or + DuplicateOptionError. + - gh-90095: Ignore empty lines and comments in .pdbrc + - gh-116764: Restore support of None and other false values in + urllib.parse functions parse_qs() and parse_qsl(). Also, they + now raise a TypeError for non-zero integers and non-empty + sequences. + - gh-116811: In PathFinder.invalidate_caches, delegate to + MetadataPathFinder.invalidate_caches. + - gh-116600: Fix repr() for global Flag members. + - gh-116484: Change automatically generated tkinter.Checkbutton + widget names to avoid collisions with automatically generated + tkinter.ttk.Checkbutton widget names within the same parent + widget. + - gh-116401: Fix blocking os.fwalk() and shutil.rmtree() on + opening named pipe. + - gh-116143: Fix a race in pydoc _start_server, eliminating a + window in which _start_server can return a thread that is + “serving” but without a docserver set. + - gh-116325: typing: raise SyntaxError instead of AttributeError + on forward references as empty strings. + - gh-90535: Fix support of interval values > 1 in + logging.TimedRotatingFileHandler for when='MIDNIGHT' and + when='Wx'. + - gh-115978: Disable preadv(), readv(), pwritev(), and writev() on + WASI. + - Under wasmtime for WASI 0.2, these functions don’t pass + test_posix + (https://github.com/bytecodealliance/wasmtime/issues/7830). + - gh-88352: Fix the computation of the next rollover time in the + logging.TimedRotatingFileHandler handler. computeRollover() now + always returns a timestamp larger than the specified time and + works correctly during the DST change. doRollover() no longer + overwrite the already rolled over file, saving from data loss + when run at midnight or during repeated time at the DST change. + - gh-87115: Set __main__.__spec__ to None when running a script + with pdb + - gh-76511: Fix UnicodeEncodeError in email.Message.as_string() + that results when a message that claims to be in the ascii + character set actually has non-ascii characters. Non-ascii + characters are now replaced with the U+FFFD replacement + character, like in the replace error handler. + - gh-75988: Fixed unittest.mock.create_autospec() to pass the call + through to the wrapped object to return the real result. + - gh-115881: Fix issue where ast.parse() would incorrectly flag + conditional context managers (such as with (x() if y else z()): + ...) as invalid syntax if feature_version=(3, 8) was passed. + This reverts changes to the grammar made as part of gh-94949. + - gh-115886: Fix silent truncation of the name with an embedded + null character in multiprocessing.shared_memory.SharedMemory. + - gh-115809: Improve algorithm for computing which rolled-over log + files to delete in logging.TimedRotatingFileHandler. It is now + reliable for handlers without namer and with arbitrary + deterministic namer that leaves the datetime part in the file + name unmodified. + - gh-74668: urllib.parse functions parse_qs() and parse_qsl() now + support bytes arguments containing raw and percent-encoded + non-ASCII data. + - gh-67044: csv.writer() now always quotes or escapes '\r' and + '\n', regardless of lineterminator value. + - gh-115712: csv.writer() now quotes empty fields if delimiter is + a space and skipinitialspace is true and raises exception if + quoting is not possible. + - gh-115618: Fix improper decreasing the reference count for None + argument in property methods getter(), setter() and deleter(). + - gh-115570: A DeprecationWarning is no longer omitted on access + to the __doc__ attributes of the deprecated typing.io and + typing.re pseudo-modules. + - gh-112006: Fix inspect.unwrap() for types with the __wrapper__ + data descriptor. + - gh-101293: Support callables with the __call__() method and + types with __new__() and __init__() methods set to class + methods, static methods, bound methods, partial functions, and + other types of methods and descriptors in + inspect.Signature.from_callable(). + - gh-115392: Fix a bug in doctest where incorrect line numbers + would be reported for decorated functions. + - gh-114563: Fix several format() bugs when using the C + implementation of Decimal: * memory leak in some rare cases when + using the z format option (coerce negative 0) * incorrect output + when applying the z format option to type F (fixed-point with + capital NAN / INF) * incorrect output when applying the # format + option (alternate form) + - gh-115197: urllib.request no longer resolves the hostname before + checking it against the system’s proxy bypass list on macOS and + Windows. + - gh-115198: Fix support of Docutils >= 0.19 in distutils. + - gh-115165: Most exceptions are now ignored when attempting to + set the __orig_class__ attribute on objects returned when + calling typing generic aliases (including generic aliases + created using typing.Annotated). Previously only AttributeError + was ignored. Patch by Dave Shawley. + - gh-115133: Fix tests for XMLPullParser with Expat 2.6.0. + - gh-115059: io.BufferedRandom.read1() now flushes the underlying + write buffer. + - gh-79382: Trailing ** no longer allows to match files and + non-existing paths in recursive glob(). + - gh-114763: Protect modules loaded with importlib.util.LazyLoader + from race conditions when multiple threads try to access + attributes before the loading is complete. + - gh-97959: Fix rendering class methods, bound methods, method and + function aliases in pydoc. Class methods no longer have “method + of builtins.type instance” note. Corresponding notes are now + added for class and unbound methods. Method and function aliases + now have references to the module or the class where the origin + was defined if it differs from the current. Bound methods are + now listed in the static methods section. Methods of builtin + classes are now supported as well as methods of Python classes. + - gh-112281: Allow creating union of types for typing.Annotated + with unhashable metadata. + - gh-111775: Fix importlib.resources.simple.ResourceHandle.open() + for text mode, added missed stream argument. + - gh-90095: Make .pdbrc and -c work with any valid pdb commands. + - gh-107155: Fix incorrect output of help(x) where x is a lambda + function, which has an __annotations__ dictionary attribute with + a "return" key. + - gh-105866: Fixed _get_slots bug which caused error when defining + dataclasses with slots and a weakref_slot. + - gh-60346: Fix ArgumentParser inconsistent with parse_known_args. + - gh-100985: Update HTTPSConnection to consistently wrap IPv6 + Addresses when using a proxy. + - gh-100884: email: fix misfolding of comma in address-lists + over multiple lines in combination with unicode encoding + (bsc#1238450 CVE-2025-1795) + - gh-95782: Fix io.BufferedReader.tell(), + io.BufferedReader.seek(), _pyio.BufferedReader.tell(), + io.BufferedRandom.tell(), io.BufferedRandom.seek() and + _pyio.BufferedRandom.tell() being able to return negative + offsets. + - gh-96310: Fix a traceback in argparse when all options in a + mutually exclusive group are suppressed. + - gh-93205: Fixed a bug in + logging.handlers.TimedRotatingFileHandler where multiple + rotating handler instances pointing to files with the same name + but different extensions would conflict and not delete the + correct files. + - bpo-44865: Add missing call to localization function in + argparse. + - bpo-43952: Fix multiprocessing.connection.Listener.accept() to + accept empty bytes as authkey. Not accepting empty bytes as key + causes it to hang indefinitely. + - bpo-42125: linecache: get module name from __spec__ if + available. This allows getting source code for the __main__ + module when a custom loader is used. + - gh-66543: Make mimetypes.guess_type() properly parsing of URLs + with only a host name, URLs containing fragment or query, and + filenames with only a UNC sharepoint on Windows. Based on patch + by Dong-hee Na. + - bpo-33775: Add ‘default’ and ‘version’ help text for + localization in argparse. + * Documentation + - gh-115399: Document CVE-2023-52425 of Expat <2.6.0 under “XML + vulnerabilities”. + - gh-115233: Fix an example for LoggerAdapter in the Logging + Cookbook. + * Tests + - gh-83434: Disable JUnit XML output (--junit-xml=FILE command + line option) in regrtest when hunting for reference leaks (-R + option). Patch by Victor Stinner. + - gh-117187: Fix XML tests for vanilla Expat <2.6.0. + - gh-115979: Update test_importlib so that it passes under WASI + SDK 21. + - gh-116307: Added import helper isolated_modules as CleanImport + does not remove modules imported during the context. + - gh-115720: Leak tests (-R, --huntrleaks) now show a summary of + the number of leaks found in each iteration. + - gh-115122: Add --bisect option to regrtest test runner: run + failed tests with test.bisect_cmd to identify failing tests. + Patch by Victor Stinner. + - gh-115596: Fix ProgramPriorityTests in test_os permanently + changing the process priority. + - gh-115198: Fix test_check_metadata_deprecate in distutils tests + with a newer Docutils. + * Build + - gh-116313: Get WASI builds to work under wasmtime 18 w/ WASI + 0.2/preview2 primitives. + - gh-115167: Avoid vendoring vcruntime140_threads.dll when + building with Visual Studio 2022 version 17.8. + * Windows + - gh-116773: Fix instances of <_overlapped.Overlapped object at + 0xXXX> still has pending operation at deallocation, the process + may crash. + - gh-91227: Fix the asyncio ProactorEventLoop implementation so + that sending a datagram to an address that is not listening does + not prevent receiving any more datagrams. + - gh-115554: The installer now has more strict rules about + updating the Python Launcher for Windows. In general, most users + only have a single launcher installed and will see no + difference. When multiple launchers have been installed, the + option to install the launcher is disabled until all but one + have been removed. Downgrading the launcher (which was never + allowed) is now more obviously blocked. + - gh-115543: Python Launcher for Windows can now detect Python + 3.13 when installed from the Microsoft Store, and will install + Python 3.12 by default when PYLAUNCHER_ALLOW_INSTALL is set. + - gh-115009: Update Windows installer to use SQLite 3.45.1. + * IDLE + - gh-88516: On macOS show a proxy icon in the title bar of editor + windows to match platform behaviour. + * Tools/Demos + - gh-113516: Don’t set LDSHARED when building for WASI. + * C API + - gh-117021: Fix integer overflow in PyLong_AsPid() on non-Windows + 64-bit platforms. + +------------------------------------------------------------------- +Sun Mar 24 07:51:45 UTC 2024 - Matej Cepl + +- Add reference to CVE-2024-0450 (bsc#1221854) to changelog. + +------------------------------------------------------------------- +Fri Mar 22 21:22:27 UTC 2024 - Matej Cepl + +- Because of bsc#1189495 we have to revert use of %autopatch. + +------------------------------------------------------------------- +Tue Mar 12 08:44:47 UTC 2024 - Matej Cepl + +- Rewrite %prep to use %autosetup et al. for compatibility with + rpm 4.20. + +------------------------------------------------------------------- +Tue Mar 12 08:13:34 UTC 2024 - Matej Cepl + +- bsc#1221260 add bsc1221260-test_asyncio-ResourceWarning.patch + to eliminate ResourceWarning which broke the test suite in + test_asyncio. + +------------------------------------------------------------------- +Wed Mar 6 14:13:58 UTC 2024 - Pedro Monreal + +- Use the system-wide crypto-policies [bsc#1211301] + * Use the system default cipher list instead of hardcoded values + * Add the --with-ssl-default-suites=openssl configure option + +------------------------------------------------------------------- +Fri Feb 23 01:06:42 UTC 2024 - Matej Cepl + +- (bsc#1219666, CVE-2023-6597) Add + CVE-2023-6597-TempDir-cleaning-symlink.patch (patch from + gh#python/cpython!99930) fixing symlink bug in cleanup of + tempfile.TemporaryDirectory. + +------------------------------------------------------------------- +Tue Feb 20 22:14:02 UTC 2024 - Matej Cepl + +- Remove double definition of /usr/bin/idle%%{version} in + %%files. + +------------------------------------------------------------------- +Thu Feb 15 10:29:07 UTC 2024 - Daniel Garcia + +- Add upstream patch libexpat260.patch, Fix tests for XMLPullParser + with Expat 2.6.0, gh#python/cpython#115289 + +------------------------------------------------------------------- +Thu Feb 8 07:27:40 UTC 2024 - Daniel Garcia + +- Update to 3.11.8: + - Security + - gh-113659: Skip .pth files with names starting with a dot or + hidden file attribute. + - Core and Builtins + - gh-114887: Changed socket type validation in + create_datagram_endpoint() to accept all non-stream sockets. + This fixes a regression in compatibility with raw sockets. + - gh-114388: Fix a RuntimeWarning emitted when assign an + integer-like value that is not an instance of int to an + attribute that corresponds to a C struct member of type T_UINT + and T_ULONG. Fix a double RuntimeWarning emitted when assign a + negative integer value to an attribute that corresponds to a C + struct member of type T_UINT. + - gh-89811: Check for a valid tp_version_tag before performing + bytecode specializations that rely on this value being usable. + - gh-113602: Fix an error that was causing the parser to try to + overwrite existing errors and crashing in the process. Patch by + Pablo Galindo + - gh-113566: Fix a 3.11-specific crash when the repr of a Future + is requested after the module has already been + garbage-collected. + - gh-106905: Use per AST-parser state rather than global state to + track recursion depth within the AST parser to prevent potential + race condition due to simultaneous parsing. + - The issue primarily showed up in 3.11 by multithreaded users of + ast.parse(). In 3.12 a change to when garbage collection can be + triggered prevented the race condition from occurring. + - gh-112716: Fix SystemError in the import statement and in + __reduce__() methods of builtin types when __builtins__ is not a + dict. + - gh-105967: Workaround a bug in Apple’s macOS platform zlib + library where zlib.crc32() and binascii.crc32() could produce + incorrect results on multi-gigabyte inputs. Including when using + zipfile on zips containing large data. + - gh-94606: Fix UnicodeEncodeError when + email.message.get_payload() reads a message with a Unicode + surrogate character and the message content is not well-formed + for surrogateescape encoding. Patch by Sidney Markowitz. + - Library + - gh-114965: Update bundled pip to 24.0 + - gh-114959: tarfile no longer ignores errors when trying to + extract a directory on top of a file. + - gh-109475: Fix support of explicit option value “–” in argparse + (e.g. --option=--). + - gh-110190: Fix ctypes structs with array on Windows ARM64 + platform by setting MAX_STRUCT_SIZE to 32 in stgdict. Patch by + Diego Russo + - gh-113280: Fix a leak of open socket in rare cases when error + occurred in ssl.SSLSocket creation. + - gh-77749: email.policy.EmailPolicy.fold() now always encodes + non-ASCII characters in headers if utf8 is false. + - gh-114492: Make the result of termios.tcgetattr() reproducible + on Alpine Linux. Previously it could leave a random garbage in + some fields. + - gh-75128: Ignore an OSError in + asyncio.BaseEventLoop.create_server() when IPv6 is available but + the interface cannot actually support it. + - gh-114257: Dismiss the FileNotFound error in + ctypes.util.find_library() and just return None on Linux. + - gh-101438: Avoid reference cycle in ElementTree.iterparse. The + iterator returned by ElementTree.iterparse may hold on to a file + descriptor. The reference cycle prevented prompt clean-up of the + file descriptor if the returned iterator was not exhausted. + - gh-104522: OSError raised when run a subprocess now only has + filename attribute set to cwd if the error was caused by a + failed attempt to change the current directory. + - gh-109534: Fix a reference leak in + asyncio.selector_events.BaseSelectorEventLoop when SSL + handshakes fail. Patch contributed by Jamie Phan. + - gh-114077: Fix possible OverflowError in + socket.socket.sendfile() when pass count larger than 2 GiB on + 32-bit platform. + - gh-114014: Fixed a bug in fractions.Fraction where an invalid + string using d in the decimals part creates a different error + compared to other invalid letters/characters. Patch by Jeremiah + Gabriel Pascual. + - gh-113951: Fix the behavior of tag_unbind() methods of + tkinter.Text and tkinter.Canvas classes with three arguments. + Previously, widget.tag_unbind(tag, sequence, funcid) destroyed + the current binding for sequence, leaving sequence unbound, and + deleted the funcid command. Now it removes only funcid from the + binding for sequence, keeping other commands, and deletes the + funcid command. It leaves sequence unbound only if funcid was + the last bound command. + - gh-113877: Fix tkinter method winfo_pathname() on 64-bit + Windows. + - gh-113781: Silence unraisable AttributeError when warnings are + emitted during Python finalization. + - gh-113594: Fix UnicodeEncodeError in email when re-fold lines + that contain unknown-8bit encoded part followed by + non-unknown-8bit encoded part. + - gh-113538: In asyncio.StreamReaderProtocol.connection_made(), + there is callback that logs an error if the task wrapping the + “connected callback” fails. This callback would itself fail if + the task was cancelled. Prevent this by checking whether the + task was cancelled first. If so, close the transport but don’t + log an error. + - gh-85567: Fix resource warnings for unclosed files in pickle and + pickletools command line interfaces. + - gh-101225: Increase the backlog for + multiprocessing.connection.Listener objects created by + multiprocessing.manager and multiprocessing.resource_sharer to + significantly reduce the risk of getting a connection refused + error when creating a multiprocessing.connection.Connection to + them. + - gh-113543: Make sure that webbrowser.MacOSXOSAScript sends + webbrowser.open audit event. + - gh-113028: When a second reference to a string appears in the + input to pickle, and the Python implementation is in use, we are + guaranteed that a single copy gets pickled and a single object + is shared when reloaded. Previously, in protocol 0, when a + string contained certain characters (e.g. newline) it resulted + in duplicate objects. + - gh-113421: Fix multiprocessing logger for %(filename)s. + - gh-113358: Fix rendering tracebacks for exceptions with a broken + __getattr__. + - gh-113214: Fix an AttributeError during asyncio SSL protocol + aborts in SSL-over-SSL scenarios. + - gh-113246: Update bundled pip to 23.3.2. + - gh-113199: Make http.client.HTTPResponse.read1 and + http.client.HTTPResponse.readline close IO after reading all + data when content length is known. Patch by Illia Volochii. + - gh-113188: Fix shutil.copymode() and shutil.copystat() on + Windows. Previously they worked differenly if dst is a symbolic + link: they modified the permission bits of dst itself rather + than the file it points to if follow_symlinks is true or src is + not a symbolic link, and did not modify the permission bits if + follow_symlinks is false and src is a symbolic link. + - gh-61648: Detect line numbers of properties in doctests. + - gh-112559: signal.signal() and signal.getsignal() no longer call + repr on callable handlers. asyncio.run() and + asyncio.Runner.run() no longer call repr on the task results. + Patch by Yilei Yang. + - gh-110190: Fix ctypes structs with array on PPC64LE platform by + setting MAX_STRUCT_SIZE to 64 in stgdict. Patch by Diego Russo. + - gh-79429: Ignore FileNotFoundError when remove a temporary + directory in the multiprocessing finalizer. + - gh-79325: Fix an infinite recursion error in + tempfile.TemporaryDirectory() cleanup on Windows. + - gh-110190: Fix ctypes structs with array on Arm platform by + setting MAX_STRUCT_SIZE to 32 in stgdict. Patch by Diego Russo. + - gh-81194: Fix a crash in socket.if_indextoname() with specific + value (UINT_MAX). Fix an integer overflow in + socket.if_indextoname() on 64-bit non-Windows platforms. + - gh-75666: Fix the behavior of tkinter widget’s unbind() method + with two arguments. Previously, widget.unbind(sequence, funcid) + destroyed the current binding for sequence, leaving sequence + unbound, and deleted the funcid command. Now it removes only + funcid from the binding for sequence, keeping other commands, + and deletes the funcid command. It leaves sequence unbound only + if funcid was the last bound command. + - gh-110345: Show the Tcl/Tk patchlevel (rather than version) in + tkinter._test(). + - gh-109858: Protect zipfile from “quoted-overlap” zipbomb. It now + raises BadZipFile when try to read an entry that overlaps with + other entry or central directory (bsc#1221854, CVE-2024-0450). + - gh-38807: Fix race condition in trace. Instead of checking if a + directory exists and creating it, directly call os.makedirs() + with the kwarg exist_ok=True. + - gh-75705: Set unixfrom envelope in mailbox.mbox and + mailbox.MMDF. + - gh-105102: Allow ctypes.Union to be nested in ctypes.Structure + when the system endianness is the opposite of the classes. + - gh-104282: Fix null pointer dereference in + lzma._decode_filter_properties() due to improper handling of BCJ + filters with properties of zero length. Patch by Radislav + Chugunov. + - gh-102512: When os.fork() is called from a foreign thread (aka + _DummyThread), the type of the thread in a child process is + changed to _MainThread. Also changed its name and daemonic + status, it can be now joined. + - gh-91133: Fix a bug in tempfile.TemporaryDirectory cleanup, + which now no longer dereferences symlinks when working around + file system permission errors. + - bpo-43153: On Windows, tempfile.TemporaryDirectory previously + masked a PermissionError with NotADirectoryError during + directory cleanup. It now correctly raises PermissionError if + errors are not ignored. Patch by Andrei Kulakov and Ken Jin. + - bpo-35332: The shutil.rmtree() function now ignores errors when + calling os.close() when ignore_errors is True, and os.close() no + longer retried after error. + - bpo-35928: io.TextIOWrapper now correctly handles the decoding + buffer after read() and write(). + - bpo-26791: shutil.move() now moves a symlink into a directory + when that directory is the target of the symlink. This provides + the same behavior as the mv shell command. The previous behavior + raised an exception. Patch by Jeffrey Kintscher. + - bpo-36959: Fix some error messages for invalid ISO format string + combinations in strptime() that referred to directives not + contained in the format string. Patch by Gordon P. Hemsley. + - bpo-18060: Fixed a class inheritance issue that can cause + segfaults when deriving two or more levels of subclasses from a + base class of Structure or Union. + - Documentation + - gh-110746: Improved markup for valid options/values for methods + ttk.treeview.column and ttk.treeview.heading, and for Layouts. + - gh-95649: Document that the asyncio module contains code taken + from v0.16.0 of the uvloop project, as well as the required MIT + licensing information. + - Tests + - gh-109980: Fix test_tarfile_vs_tar in test_shutil for macOS, + where system tar can include more information in the archive + than shutil.make_archive. + - gh-112769: The tests now correctly compare zlib version when + zlib.ZLIB_RUNTIME_VERSION contains non-integer suffixes. For + example zlib-ng defines the version as 1.3.0.zlib-ng. + - gh-105089: Fix + test.test_zipfile.test_core.TestWithDirectory.test_create_directory_with_write + test in AIX by doing a bitwise AND of 0xFFFF on mode , so that + it will be in sync with zinfo.external_attr + - bpo-40648: Test modes that file can get with chmod() on Windows. + - Build + - gh-101778: Fix build error when there’s a dangling symlink in + the directory containing ffi.h. + - gh-112305: Fixed the check-clean-src step performed on out of + tree builds to detect errant $(srcdir)/Python/frozen_modules/*.h + files and recommend appropriate source tree cleanup steps to get + a working build again. + - bpo-11102: The os.major(), os.makedev(), and os.minor() + functions are now available on HP-UX v3. + - bpo-36351: Do not set ipv6type when cross-compiling. + - IDLE + - gh-96905: In idlelib code, stop redefining built-ins ‘dict’ and + ‘object’. + - gh-72284: Improve the lists of features, editor key bindings, + and shell key bingings in the IDLE doc. + - gh-113903: Fix rare failure of test.test_idle, in + test_configdialog. + - gh-113729: Fix the “Help -> IDLE Doc” menu bug in 3.11.7 and + 3.12.1. + - gh-113269: Fix test_editor hang on macOS Catalina. + - gh-112898: Fix processing unsaved files when quitting IDLE on + macOS. + - gh-103820: Revise IDLE bindings so that events from mouse button + 4/5 on non-X11 windowing systems (i.e. Win32 and Aqua) are not + mistaken for scrolling. + - bpo-13586: Enter the selected text when opening the “Replace” + dialog. + - Tools/Demos + - gh-109991: Update GitHub CI workflows to use OpenSSL 3.0.13 and + multissltests to use 1.1.1w, 3.0.13, 3.1.5, and 3.2.1. + - gh-115015: Fix a bug in Argument Clinic that generated incorrect + code for methods with no parameters that use the METH_METHOD | + METH_FASTCALL | METH_KEYWORDS calling convention. Only the + positional parameter count was checked; any keyword argument + passed would be silently accepted. +- Remove upstreamed patches: + - CVE-2024-0450-zipfile-avoid-quoted-overlap-zipbomb.patch +- Refresh all patches: + - CVE-2023-27043-email-parsing-errors.patch + - F00251-change-user-install-location.patch + - bpo-31046_ensurepip_honours_prefix.patch + - distutils-reproducible-compile.patch + - fix_configure_rst.patch + - python-3.3.0b1-fix_date_time_compiler.patch + - python-3.3.0b1-localpath.patch + - python-3.3.0b1-test-posix_fadvise.patch + - skip_if_buildbot-extend.patch + - subprocess-raise-timeout.patch + - support-expat-CVE-2022-25236-patched.patch + +------------------------------------------------------------------- +Tue Dec 19 16:34:50 UTC 2023 - Daniel Garcia + +- Update patch fix_configure_rst.patch +- Update to 3.11.7: + - Core and Builtins + - gh-112625: Fixes a bug where a bytearray object could be cleared + while iterating over an argument in the bytearray.join() method + that could result in reading memory after it was freed. + - gh-112388: Fix an error that was causing the parser to try to + overwrite tokenizer errors. Patch by pablo Galindo + - gh-112387: Fix error positions for decoded strings with + backwards tokenize errors. Patch by Pablo Galindo + - gh-112266: Change docstrings of __dict__ and __weakref__. + - gh-109181: Speed up Traceback object creation by lazily compute + the line number. Patch by Pablo Galindo + - gh-102388: Fix a bug where iso2022_jp_3 and iso2022_jp_2004 + codecs read out of bounds + - gh-111366: Fix an issue in the codeop that was causing + SyntaxError exceptions raised in the presence of invalid syntax + to not contain precise error messages. Patch by Pablo Galindo + - gh-111380: Fix a bug that was causing SyntaxWarning to appear + twice when parsing if invalid syntax is encountered later. Patch + by Pablo galindo + - gh-88116: Traceback location ranges involving wide unicode + characters (like emoji and asian characters) now are properly + highlighted. Patch by Batuhan Taskaya and Pablo Galindo. + - gh-94438: Fix a regression that prevented jumping across is None + and is not None when debugging. Patch by Savannah Ostrowski. + - gh-110696: Fix incorrect error message for invalid argument + unpacking. Patch by Pablo Galindo + - gh-110237: Fix missing error checks for calls to PyList_Append + in _PyEval_MatchClass. + - gh-109216: Fix possible memory leak in BUILD_MAP. + + - Library + - gh-112618: Fix a caching bug relating to typing.Annotated. + Annotated[str, True] is no longer identical to Annotated[str, + 1]. + - gh-112509: Fix edge cases that could cause a key to be present + in both the __required_keys__ and __optional_keys__ attributes + of a typing.TypedDict. Patch by Jelle Zijlstra. + - gh-94722: Fix bug where comparison between instances of DocTest + fails if one of them has None as its lineno. + - gh-112105: Make readline.set_completer_delims() work with + libedit + - gh-111942: Fix SystemError in the TextIOWrapper constructor with + non-encodable “errors” argument in non-debug mode. + - gh-109538: Issue warning message instead of having RuntimeError + be displayed when event loop has already been closed at + StreamWriter.__del__(). + - gh-111942: Fix crashes in io.TextIOWrapper.reconfigure() when + pass invalid arguments, e.g. non-string encoding. + - gh-111804: Remove posix.fallocate() under WASI as the underlying + posix_fallocate() is not available in WASI preview2. + - gh-111841: Fix truncating arguments on an embedded null + character in os.putenv() and os.unsetenv() on Windows. + - gh-111541: Fix doctest for SyntaxError not-builtin subclasses. + - gh-110894: Call loop exception handler for exceptions in + client_connected_cb of asyncio.start_server() so that + applications can handle it. Patch by Kumar Aditya. + - gh-111531: Fix reference leaks in bind_class() and bind_all() + methods of tkinter widgets. + - gh-111356: Added io.text_encoding(), io.DEFAULT_BUFFER_SIZE, and + io.IncrementalNewlineDecoder to io.__all__. + - gh-68166: Remove mention of not supported “vsapi” element type + in tkinter.ttk.Style.element_create(). Add tests for + element_create() and other ttk.Style methods. Add examples for + element_create() in the documentation. + - gh-111251: Fix _blake2 not checking for errors when + initializing. + - gh-111174: Fix crash in io.BytesIO.getbuffer() called repeatedly + for empty BytesIO. + - gh-111187: Postpone removal version for + locale.getdefaultlocale() to Python 3.15. + - gh-111159: Fix doctest output comparison for exceptions with + notes. + - gh-110910: Fix invalid state handling in asyncio.TaskGroup and + asyncio.Timeout. They now raise proper RuntimeError if they are + improperly used and are left in consistent state after this. + - gh-111092: Make turtledemo run without default root enabled. + - gh-110590: Fix a bug in _sre.compile() where TypeError would be + overwritten by OverflowError when the code argument was a list + of non-ints. + - gh-65052: Prevent pdb from crashing when trying to display + undisplayable objects + - gh-110519: Deprecation warning about non-integer number in + gettext now alwais refers to the line in the user code where + gettext function or method is used. Previously it could refer to + a line in gettext code. + - gh-110378: contextmanager() and asynccontextmanager() context + managers now close an invalid underlying generator object that + yields more then one value. + - gh-110365: Fix termios.tcsetattr() bug that was overwritting + existing errors during parsing integers from term list. + - gh-110196: Add __reduce__ method to IPv6Address in order to keep + scope_id + - gh-109747: Improve errors for unsupported look-behind patterns. + Now re.error is raised instead of OverflowError or RuntimeError + for too large width of look-behind pattern. + - gh-109786: Fix possible reference leaks and crash when re-enter + the __next__() method of itertools.pairwise. + - gh-108791: Improved error handling in pdb command line + interface, making it produce more concise error messages. + - gh-73561: Omit the interface scope from an IPv6 address when + used as Host header by http.client. + - gh-86826: zipinfo now supports the full range of values in the + TZ string determined by RFC 8536 and detects all invalid + formats. Both Python and C implementations now raise exceptions + of the same type on invalid data. + - bpo-41422: Fixed memory leaks of pickle.Pickler and + pickle.Unpickler involving cyclic references via the internal + memo mapping. + - bpo-40262: The ssl.SSLSocket.recv_into() method no longer + requires the buffer argument to implement __len__ and supports + buffers with arbitrary item size. + - bpo-35191: Fix unexpected integer truncation in + socket.setblocking() which caused it to interpret multiples of + 2**32 as False. + + - Documentation + - gh-108826: dis module command-line interface is now mentioned in + documentation. + + - Tests + - gh-110367: Make regrtest --verbose3 option compatible with + --huntrleaks -jN options. The ./python -m test -j1 -R 3:3 + --verbose3 command now works as expected. Patch by Victor + Stinner. + - gh-111309: distutils tests can now be run via unittest. + - gh-111165: Remove no longer used functions run_unittest() and + run_doctest() and class BasicTestRunner from the test.support + module. + - gh-110932: Fix regrtest if the SOURCE_DATE_EPOCH environment + variable is defined: use the variable value as the random seed. + Patch by Victor Stinner. + - gh-110995: test_gdb: Fix detection of gdb built without Python + scripting support. Patch by Victor Stinner. + - gh-110918: Test case matching patterns specified by options + --match, --ignore, --matchfile and --ignorefile are now tested + in the order of specification, and the last match determines + whether the test case be run or ignored. + - gh-110647: Fix test_stress_modifying_handlers() of test_signal. + Patch by Victor Stinner. + - gh-103053: Fix test_tools.test_freeze on FreeBSD: run “make + distclean” instead of “make clean” in the copied source + directory to remove also the “python” program. Patch by Victor + Stinner. + - gh-110167: Fix a deadlock in test_socket when server fails with + a timeout but the client is still running in its thread. Don’t + hold a lock to call cleanup functions in doCleanups(). One of + the cleanup function waits until the client completes, whereas + the client could deadlock if it called addCleanup() in such + situation. Patch by Victor Stinner. + - gh-110388: Add tests for tty. + - gh-81002: Add tests for termios. + - gh-110267: Add tests for pickling and copying PyStructSequence + objects. Patched by Xuehai Pan. + - gh-109974: Fix race conditions in test_threading lock tests. + Wait until a condition is met rather than using time.sleep() + with a hardcoded number of seconds. Patch by Victor Stinner. + - gh-109972: Split test_gdb.py file into a test_gdb package made + of multiple tests, so tests can now be run in parallel. Patch by + Victor Stinner. + - gh-104736: Fix test_gdb on Python built with LLVM clang 16 on + Linux ppc64le (ex: Fedora 38). Search patterns in gdb “bt” + command output to detect when gdb fails to retrieve the + traceback. For example, skip a test if Backtrace stopped: frame + did not save the PC is found. Patch by Victor Stinner. + - gh-108927: Fixed order dependence in running tests in the same + process when a test that has submodules (e.g. test_importlib) + follows a test that imports its submodule (e.g. + test_importlib.util) and precedes a test (e.g. test_unittest or + test_compileall) that uses that submodule. + + - Build + - gh-103053: “make check-clean-src” now also checks if the + “python” program is found in the source directory: fail with an + error if it does exist. Patch by Victor Stinner. + - gh-109191: Fix compile error when building with recent versions + of libedit. + + - IDLE + - bpo-35668: Add docstrings to the IDLE debugger module. Fix two + bugs: initialize Idb.botframe (should be in Bdb); in + Idb.in_rpc_code, check whether prev_frame is None before trying + to use it. Greatly expand test_debugger. + + - C API + - gh-112438: Fix support of format units “es”, “et”, “es#”, and + “et#” in nested tuples in PyArg_ParseTuple()-like functions. + - gh-109521: PyImport_GetImporter() now sets RuntimeError if it + fails to get sys.path_hooks or sys.path_importer_cache or they + are not list and dict correspondingly. Previously it could + return NULL without setting error in obscure cases, crash or + raise SystemError if these attributes have wrong type. +------------------------------------------------------------------- +Mon Dec 18 16:20:58 UTC 2023 - Matej Cepl + +- Refresh CVE-2023-27043-email-parsing-errors.patch to + gh#python/cpython!111116, fixing bsc#1210638 (CVE-2023-27043). +- Thus we can remove Revert-gh105127-left-tests.patch, which is + now useless. + +------------------------------------------------------------------- +Wed Nov 15 09:06:16 UTC 2023 - Daniel Garcia + +- Remove not needed patch 103213-fetch-CONFIG_ARGS.patch +- Refresh patches: + - bpo-31046_ensurepip_honours_prefix.patch + - fix_configure_rst.patch + +- Update to 3.11.6: + - Core and Builtins + - gh-109351: Fix crash when compiling an invalid AST involving a + named (walrus) expression. + - gh-109207: Fix a SystemError in __repr__ of symtable entry + object. + - gh-109179: Fix bug where the C traceback display drops notes + from SyntaxError. + - gh-88943: Improve syntax error for non-ASCII character that + follows a numerical literal. It now points on the invalid + non-ASCII character, not on the valid numerical literal. + - gh-108959: Fix caret placement for error locations for subscript + and binary operations that involve non-semantic parentheses and + spaces. Patch by Pablo Galindo + - gh-108520: Fix + multiprocessing.synchronize.SemLock.__setstate__() to properly + initialize multiprocessing.synchronize.SemLock._is_fork_ctx. + This fixes a regression when passing a SemLock accross nested + processes. + - Rename multiprocessing.synchronize.SemLock.is_fork_ctx to + multiprocessing.synchronize.SemLock._is_fork_ctx to avoid + exposing it as public API. + - Library + - gh-110036: On Windows, multiprocessing Popen.terminate() now + catchs PermissionError and get the process exit code. If the + process is still running, raise again the PermissionError. + Otherwise, the process terminated as expected: store its exit + code. Patch by Victor Stinner. + - gh-110038: Fixed an issue that caused KqueueSelector.select() to + not return all the ready events in some cases when a file + descriptor is registered for both read and write. + - gh-109631: re functions such as re.findall(), re.split(), + re.search() and re.sub() which perform short repeated matches + can now be interrupted by user. + - gh-109593: Avoid deadlocking on a reentrant call to the + multiprocessing resource tracker. Such a reentrant call, though + unlikely, can happen if a GC pass invokes the finalizer for a + multiprocessing object such as SemLock. + - gh-109613: Fix os.stat() and os.DirEntry.stat(): check for + exceptions. Previously, on Python built in debug mode, these + functions could trigger a fatal Python error (and abort the + process) when a function succeeded with an exception set. Patch + by Victor Stinner. + - gh-109375: The pdb alias command now prevents registering + aliases without arguments. + - gh-107219: Fix a race condition in concurrent.futures. When a + process in the process pool was terminated abruptly (while the + future was running or pending), close the connection write end. + If the call queue is blocked on sending bytes to a worker + process, closing the connection write end interrupts the send, + so the queue can be closed. Patch by Victor Stinner. + - gh-50644: Attempts to pickle or create a shallow or deep copy of + codecs streams now raise a TypeError. Previously, copying failed + with a RecursionError, while pickling produced wrong results + that eventually caused unpickling to fail with a RecursionError. + - gh-108987: Fix _thread.start_new_thread() race condition. If a + thread is created during Python finalization, the newly spawned + thread now exits immediately instead of trying to access freed + memory and lead to a crash. Patch by Victor Stinner. + - gh-108843: Fix an issue in ast.unparse() when unparsing + f-strings containing many quote types. + - gh-108682: Enum: raise TypeError if super().__new__() is called + from a custom __new__. + - gh-105829: Fix concurrent.futures.ProcessPoolExecutor deadlock + - gh-64662: Fix support for virtual tables in + sqlite3.Connection.iterdump(). Patch by Aviv Palivoda. + - gh-107913: Fix possible losses of errno and winerror values in + OSError exceptions if they were cleared or modified by the + cleanup code before creating the exception object. + - gh-104372: On Linux where subprocess can use the vfork() syscall + for faster spawning, prevent the parent process from blocking + other threads by dropping the GIL while it waits for the + vfork’ed child process exec() outcome. This prevents spawning a + binary from a slow filesystem from blocking the rest of the + application. + - gh-84867: unittest.TestLoader no longer loads test cases from + exact unittest.TestCase and unittest.FunctionTestCase classes. + - Documentation + - gh-109209: The minimum Sphinx version required for the + documentation is now 4.2. + - gh-105052: Update timeit doc to specify that time in seconds is + just the default. + - gh-102823: Document the return type of x // y when x and y have + type float. + - Tests + - gh-110031: Skip test_threading tests using thread+fork if Python + is built with Address Sanitizer (ASAN). Patch by Victor Stinner. + - gh-110088: Fix test_asyncio timeouts: don’t measure the maximum + duration, a test should not measure a CI performance. Only + measure the minimum duration when a task has a timeout or delay. + Add CLOCK_RES to test_asyncio.utils. Patch by Victor Stinner. + - gh-110033: Fix test_interprocess_signal() of test_signal. Make + sure that the subprocess.Popen object is deleted before the test + raising an exception in a signal handler. Otherwise, + Popen.__del__() can get the exception which is logged as + Exception ignored in: ... and the test fails. Patch by Victor + Stinner. + - gh-109594: Fix test_timeout() of + test_concurrent_futures.test_wait. Remove the future which may + or may not complete depending if it takes longer than the + timeout ot not. Keep the second future which does not complete + before wait() timeout. Patch by Victor Stinner. + - gh-109748: Fix test_zippath_from_non_installed_posix() of + test_venv: don’t copy __pycache__/ sub-directories, because they + can be modified by other Python tests running in parallel. Patch + by Victor Stinner. + - gh-103053: Skip test_freeze_simple_script() of + test_tools.test_freeze if Python is built with ./configure + --enable-optimizations, which means with Profile Guided + Optimization (PGO): it just makes the test too slow. The freeze + tool is tested by many other CIs with other (faster) compiler + flags. Patch by Victor Stinner. + - gh-109396: Fix test_socket.test_hmac_sha1() in FIPS mode. Use a + longer key: FIPS mode requires at least of at least 112 bits. + The previous key was only 32 bits. Patch by Victor Stinner. + - gh-104736: Fix test_gdb on Python built with LLVM clang 16 on + Linux ppc64le (ex: Fedora 38). Search patterns in gdb “bt” + command output to detect when gdb fails to retrieve the + traceback. For example, skip a test if Backtrace stopped: frame + did not save the PC is found. Patch by Victor Stinner. + - gh-109237: Fix test_site.test_underpth_basic() when the working + directory contains at least one non-ASCII character: encode the + ._pth file to UTF-8 and enable the UTF-8 Mode to use UTF-8 for + the child process stdout. Patch by Victor Stinner. + - gh-109230: Fix test_pyexpat.test_exception(): it can now be run + from a directory different than Python source code directory. + Before, the test failed in this case. Skip the test if + Modules/pyexpat.c source is not available. Skip also the test on + Python implementations other than CPython. Patch by Victor + Stinner. + - gh-109015: Fix test_asyncio, test_imaplib and test_socket tests + on FreeBSD if the TCP blackhole is enabled (sysctl + net.inet.tcp.blackhole). Skip the few tests which failed with + ETIMEDOUT which such non standard configuration. Currently, the + FreeBSD GCP image enables TCP and UDP blackhole (sysctl + net.inet.tcp.blackhole=2 and sysctl net.inet.udp.blackhole=1). + Patch by Victor Stinner. + - gh-91960: Skip test_gdb if gdb is unable to retrieve Python + frame objects: if a frame is . When Python is + built with “clang -Og”, gdb can fail to retrive the frame + parameter of _PyEval_EvalFrameDefault(). In this case, tests + like py_bt() are likely to fail. Without getting access to + Python frames, python-gdb.py is mostly clueless on retrieving + the Python traceback. Moreover, test_gdb is no longer skipped on + macOS if Python is built with Clang. Patch by Victor Stinner. + - gh-108962: Skip test_tempfile.test_flags() if chflags() fails + with “OSError: [Errno 45] Operation not supported” (ex: on + FreeBSD 13). Patch by Victor Stinner. + - gh-89392: Removed support of test_main() function in tests. They + now always use normal unittest test runner. + - gh-108851: Fix test_tomllib recursion tests for WASI buildbots: + reduce the recursion limit and compute the maximum nested + array/dict depending on the current available recursion limit. + Patch by Victor Stinner. + - gh-108851: Add get_recursion_available() and + get_recursion_depth() functions to the test.support module. + Patch by Victor Stinner. + - gh-108822: regrtest now computes statistics on all tests: + successes, failures and skipped. test_netrc, test_pep646_syntax + and test_xml_etree now return results in their test_main() + function. Patch by Victor Stinner and Alex Waygood. + - gh-108388: Convert test_concurrent_futures to a package of 7 + sub-tests. Patch by Victor Stinner. + - gh-108388: Split test_multiprocessing_fork, + test_multiprocessing_forkserver and test_multiprocessing_spawn + into test packages. Each package is made of 4 sub-tests: + processes, threads, manager and misc. It allows running more + tests in parallel and so reduce the total test duration. Patch + by Victor Stinner. + - gh-101634: When running the Python test suite with -jN option, + if a worker stdout cannot be decoded from the locale encoding + report a failed testn so the exitcode is non-zero. Patch by + Victor Stinner. + - gh-100086: The Python test runner (libregrtest) now logs Python + build information like “debug” vs “release” build, or LTO and + PGO optimizations. Patch by Victor Stinner. + - gh-98903: The Python test suite now fails wit exit code 4 if no + tests ran. It should help detecting typos in test names and test + methods. + - gh-95027: On Windows, when the Python test suite is run with the + -jN option, the ANSI code page is now used as the encoding for + the stdout temporary file, rather than using UTF-8 which can + lead to decoding errors. Patch by Victor Stinner. + - gh-93353: regrtest now checks if a test leaks temporary files or + directories if run with -jN option. Patch by Victor Stinner. + - Build + - gh-63760: Fix Solaris build: no longer redefine the + gethostname() function. Solaris defines the function since 2005. + Patch by Victor Stinner, original patch by Jakub Kulík. + - gh-108740: Fix a race condition in make regen-all. The + deepfreeze.c source and files generated by Argument Clinic are + now generated or updated before generating “global objects”. + Previously, some identifiers may miss depending on the order in + which these files were generated. Patch by Victor Stinner. + - Windows + - gh-109991: Update Windows build to use OpenSSL 3.0.11. + - gh-107565: Update Windows build to use OpenSSL 3.0.10. + - macOS + - gh-109991: Update macOS installer to use OpenSSL 3.0.11. + - Tools/Demos + - gh-109991: Update GitHub CI workflows to use OpenSSL 3.0.11 and + multissltests to use 1.1.1w, 3.0.11, and 3.1.3. + +------------------------------------------------------------------- +Wed Sep 6 07:52:11 UTC 2023 - Daniel Garcia + +- Update to 3.11.5 (bsc#1214692): + - Security + - gh-108310: Fixed an issue where instances of ssl.SSLSocket were + vulnerable to a bypass of the TLS handshake and included + protections (like certificate verification) and treating sent + unencrypted data as if it were post-handshake TLS encrypted data. + Security issue reported as CVE-2023-40217 by Aapo Oksman. Patch by + Gregory P. Smith. + - Core and Builtins + - gh-104432: Fix potential unaligned memory access on C APIs + involving returned sequences of char * pointers within the grp + and socket modules. These were revealed using a + -fsaniziter=alignment build on ARM macOS. Patch by Christopher + Chavez. + - gh-77377: Ensure that multiprocessing synchronization objects + created in a fork context are not sent to a different process + created in a spawn context. This changes a segfault into an + actionable RuntimeError in the parent process. + - gh-106092: Fix a segmentation fault caused by a use-after-free + bug in frame_dealloc when the trashcan delays the deallocation + of a PyFrameObject. + - gh-106719: No longer suppress arbitrary errors in the + __annotations__ getter and setter in the type and module types. + - gh-106723: Propagate frozen_modules to multiprocessing spawned + process interpreters. + - gh-105979: Fix crash in _imp.get_frozen_object() due to improper + exception handling. + - gh-105840: Fix possible crashes when specializing function calls + with too many __defaults__. + - gh-105588: Fix an issue that could result in crashes when + compiling malformed ast nodes. + - gh-105375: Fix bugs in the builtins module where exceptions + could end up being overwritten. + - gh-105375: Fix bug in the compiler where an exception could end + up being overwritten. + - gh-105375: Improve error handling in + PyUnicode_BuildEncodingMap() where an exception could end up + being overwritten. + - gh-105235: Prevent out-of-bounds memory access during + mmap.find() calls. + - gh-101006: Improve error handling when read marshal data. + - Library + - gh-105736: Harmonized the pure Python version of OrderedDict + with the C version. Now, both versions set up their internal + state in __new__. Formerly, the pure Python version did the set + up in __init__. + - gh-107963: Fix multiprocessing.set_forkserver_preload() to check + the given list of modules names. Patch by Dong-hee Na. + - gh-106242: Fixes os.path.normpath() to handle embedded null + characters without truncating the path (bsc#1214693, + CVE-2023-41105). + - gh-107845: tarfile.data_filter() now takes the location of + symlinks into account when determining their target, so it will + no longer reject some valid tarballs with + LinkOutsideDestinationError. + - gh-107715: Fix doctest.DocTestFinder.find() in presence of class + names with special characters. Patch by Gertjan van Zwieten. + - gh-100814: Passing a callable object as an option value to a + Tkinter image now raises the expected TclError instead of an + AttributeError. + - gh-106684: Close asyncio.StreamWriter when it is not closed by + application leading to memory leaks. Patch by Kumar Aditya. + - gh-107077: Seems that in some conditions, OpenSSL will return + SSL_ERROR_SYSCALL instead of SSL_ERROR_SSL when a certification + verification has failed, but the error parameters will still + contain ERR_LIB_SSL and SSL_R_CERTIFICATE_VERIFY_FAILED. We are + now detecting this situation and raising the appropiate + ssl.SSLCertVerificationError. Patch by Pablo Galindo + - gh-107396: tarfiles; Fixed use before assignment of + self.exception for gzip decompression + - gh-62519: Make gettext.pgettext() search plural definitions when + translation is not found. + - gh-83006: Document behavior of shutil.disk_usage() for + non-mounted filesystems on Unix. + - gh-106186: Do not report MultipartInvariantViolationDefect + defect when the email.parser.Parser class is used to parse + emails with headersonly=True. + - gh-106831: Fix potential missing NULL check of d2i_SSL_SESSION + result in _ssl.c. + - gh-106774: Update the bundled copy of pip to version 23.2.1. + - gh-106752: Fixed several bug in zipfile.Path in + name/suffix/suffixes/stem operations when no filename is present + and the Path is not at the root of the zipfile. + - gh-106602: Add __copy__ and __deepcopy__ in enum + - gh-106530: Revert a change to colorsys.rgb_to_hls() that caused + division by zero for certain almost-white inputs. Patch by Terry + Jan Reedy. + - gh-106052: re module: fix the matching of possessive quantifiers + in the case of a subpattern containing backtracking. + - gh-106510: Improve debug output for atomic groups in regular + expressions. + - gh-105497: Fix flag mask inversion when unnamed flags exist. + - gh-90876: Prevent multiprocessing.spawn from failing to import + in environments where sys.executable is None. This regressed in + 3.11 with the addition of support for path-like objects in + multiprocessing. + - gh-106350: Detect possible memory allocation failure in the + libtommath function mp_init() used by the _tkinter module. + - gh-102541: Make pydoc.doc catch bad module ImportError when + output stream is not None. + - gh-106263: Fix crash when calling repr with a manually + constructed SignalDict object. Patch by Charlie Zhao. + - gh-105375: Fix a bug in _Unpickler_SetInputStream() where an + exception could end up being overwritten in case of failure. + - gh-105375: Fix bugs in sys where exceptions could end up being + overwritten because of deferred error handling. + - gh-105605: Harden pyexpat error handling during module + initialisation to prevent exceptions from possibly being + overwritten, and objects from being dereferenced twice. + - gh-105375: Fix bug in decimal where an exception could end up + being overwritten. + - gh-105375: Fix bugs in _datetime where exceptions could be + overwritten in case of module initialisation failure. + - gh-105375: Fix bugs in _ssl initialisation which could lead to + leaked references and overwritten exceptions. + - gh-105375: Fix a bug in array.array where an exception could end + up being overwritten. + - gh-105375: Fix bugs in _ctypes where exceptions could end up + being overwritten. + - gh-105375: Fix a bug in the posix module where an exception + could be overwritten. + - gh-105375: Fix bugs in _elementtree where exceptions could be + overwritten. + - gh-105375: Fix bugs in zoneinfo where exceptions could be + overwritten. + - gh-105375: Fix bugs in pickle where exceptions could be + overwritten. + - gh-105497: Fix flag inversion when alias/mask members exist. + - gh-105375: Fix bugs in pickle where exceptions could be + overwritten. + - gh-103171: Revert undocumented behaviour change with + runtime-checkable protocols decorated with typing.final() in + Python 3.11. The behaviour change had meant that objects would + not be considered instances of these protocols at runtime unless + they had a __final__ attribute. Patch by Alex Waygood. + - gh-105375: Fix a bug in sqlite3 where an exception could be + overwritten in the collation callback. + - gh-105332: Revert pickling method from by-name back to by-value. + - gh-104554: Add RTSPS scheme support in urllib.parse + - gh-100061: Fix a bug that causes wrong matches for regular + expressions with possessive qualifier. + - gh-102541: Hide traceback in help() prompt, when import failed. + - gh-99203: Restore following CPython <= 3.10.5 behavior of + shutil.make_archive(): do not create an empty archive if + root_dir is not a directory, and, in that case, raise + FileNotFoundError or NotADirectoryError regardless of format + choice. Beyond the brought-back behavior, the function may now + also raise these exceptions in dry_run mode. + - gh-94777: Fix hanging multiprocessing ProcessPoolExecutor when a + child process crashes while data is being written in the call + queue. + - bpo-18319: Ensure gettext(msg) retrieve translations even if a + plural form exists. In other words: gettext(msg) == + ngettext(msg, '', 1). + - Documentation + - gh-107008: Document the curses module variables LINES and COLS. + - gh-106948: Add a number of standard external names to + nitpick_ignore. + - gh-54738: Add documentation on how to localize the argparse + module. + - Tests + - gh-105776: Fix test_cppext when the C compiler command -std=c11 + option: remove -std= options from the compiler command. Patch by + Victor Stinner. + - gh-107237: test_logging: Fix test_udp_reconnection() by + increasing the timeout from 100 ms to 5 minutes (LONG_TIMEOUT). + Patch by Victor Stinner. + - gh-101634: When running the Python test suite with -jN option, + if a worker stdout cannot be decoded from the locale encoding + report a failed testn so the exitcode is non-zero. Patch by + Victor Stinner. + - Build + - gh-107814: When calling find_python.bat with -q it did not + properly silence the output of nuget. That is now fixed. + - gh-106881: Check for linux/limits.h before including it in + Modules/posixmodule.c. + - gh-104692: Include commoninstall as a prerequisite for + bininstall + - This ensures that commoninstall is completed before bininstall + is started when parallel builds are used (make -j install), and + so the python3 symlink is only installed after all standard + library modules are installed. + - gh-100340: Allows -Wno-int-conversion for wasm-sdk 17 and + onwards, thus enables building WASI builds once against the + latest sdk. + - Windows + - gh-106242: Fixes realpath() to behave consistently when passed a + path containing an embedded null character on Windows. In strict + mode, it now raises OSError instead of the unexpected + ValueError, and in non-strict mode will make the path absolute. + - gh-106844: Fix integer overflow in _winapi.LCMapStringEx() which + affects ntpath.normcase(). + - gh-99079: Update Windows build to use OpenSSL 3.0.9 + - gh-105436: Ensure that an empty environment block is terminated + by two null characters, as is required by Windows. + - macOS + - gh-107565: Update macOS installer to use OpenSSL 3.0.10. + - gh-99079: Update macOS installer to use OpenSSL 3.0.9. + - Tools/Demos + - gh-107565: Update multissltests and GitHub CI workflows to use + OpenSSL 1.1.1v, 3.0.10, and 3.1.2. + - gh-95065: Argument Clinic now supports overriding automatically + generated signature by using directive @text_signature. See How + to override the generated signature. + - gh-106970: Fix bugs in the Argument Clinic destination + clear command; the destination buffers would never be cleared, + and the destination directive parser would simply continue to + the fault handler after processing the command. Patch by Erlend + E. Aasland. + - C API + - gh-107916: C API functions PyErr_SetFromErrnoWithFilename(), + PyErr_SetExcFromWindowsErrWithFilename() and + PyErr_SetFromWindowsErrWithFilename() save now the error code + before calling PyUnicode_DecodeFSDefault(). + - gh-107915: Such C API functions as PyErr_SetString(), + PyErr_Format(), PyErr_SetFromErrnoWithFilename() and many others + no longer crash or ignore errors if it failed to format the + error message or decode the filename. Instead, they keep a + corresponding error. + - gh-107226: PyModule_AddObjectRef() is now only available in the + limited API version 3.10 or later. + - gh-105375: Fix a bug in PyErr_WarnExplicit() where an exception + could end up being overwritten if the API failed internally. + - gh-99612: Fix PyUnicode_DecodeUTF8Stateful() for ASCII-only + data: *consumed was not set. + +------------------------------------------------------------------- +Thu Aug 10 09:33:26 UTC 2023 - Dirk Müller + +- restrict PEP668 to ALP/Tumbleweed + +------------------------------------------------------------------- +Fri Aug 4 06:37:41 UTC 2023 - Dirk Müller + +- add externally_managed.in to label this build as PEP-668 managed + +------------------------------------------------------------------- +Thu Aug 3 14:53:38 UTC 2023 - Matej Cepl + +- IT MEANS THAT bsc#1210638 STILL HAS NOT BEEN FIXED! +- Add Revert-gh105127-left-tests.patch (gh#python/cpython!106941) + partially reverting CVE-2023-27043-email-parsing-errors.patch, + because of the regression in gh#python/cpython#106669. +- (bsc#1210638, CVE-2023-27043) Add + CVE-2023-27043-email-parsing-errors.patch, which detects email + address parsing errors and returns empty tuple to indicate the + parsing error (old API). (The patch is faulty, + gh#python/cpython#106669, but upstream decided not to just + revert it). + +------------------------------------------------------------------- +Wed Jun 28 19:47:28 UTC 2023 - Matej Cepl + +- Update to Python 3.11.4: + - gh-103142: The version of OpenSSL used in Windows and + Mac installers has been upgraded to 1.1.1u to address + CVE-2023-2650, CVE-2023-0465, CVE-2023-0466, CVE-2023-0464, + as well as CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303 + fixed previously in 1.1.1t (gh-101727). + - gh-102153: urllib.parse.urlsplit() now strips leading C0 + control and space characters following the specification for + URLs defined by WHATWG in response to CVE-2023-24329 + (bsc#1208471). + - gh-99889: Fixed a security in flaw in uu.decode() that could + allow for directory traversal based on the input if no + out_file was specified. + - gh-104049: Do not expose the local on-disk + location in directory indexes produced by + http.client.SimpleHTTPRequestHandler. + - gh-103935: trace.__main__ now uses io.open_code() for files + to be executed instead of raw open(). + - gh-102953: The extraction methods in tarfile, and + shutil.unpack_archive(), have a new filter argument that + allows limiting tar features than may be surprising or + dangerous, such as creating files outside the destination + directory. See Extraction filters for details (fixing + CVE-2007-4559, bsc#1203750). +- Remove upstreamed patches: + - CVE-2007-4559-filter-tarfile_extractall.patch + +------------------------------------------------------------------- +Mon Jun 26 13:02:05 UTC 2023 - Matej Cepl + +- Remove obsolete_python_versioned macro again. This mechanism + has no business to be in Python 3.11, because we have abolished + with it whole interpreter+setuptools+pip product. Python 3.11 + should not be replaced by later versions anymore. + +------------------------------------------------------------------- +Sun Apr 30 18:13:16 UTC 2023 - Matej Cepl + +- Add 103213-fetch-CONFIG_ARGS.patch (gh#python/cpython#103053). +- Add skip_if_buildbot-extend.patch to avoid the bug altogether + (extending what skip_if_buildbot covers). +- Add CVE-2007-4559-filter-tarfile_extractall.patch to fix + bsc#1203750 (CVE-2007-4559) and implementing "PEP 706 – Filter + for tarfile.extractall". + +------------------------------------------------------------------- +Thu Apr 27 21:57:15 UTC 2023 - Matej Cepl + +- Update to 3.11.3: + - Security + - gh-101727: Updated the OpenSSL version used in Windows + and macOS binary release builds to 1.1.1t to address + CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303 per the + OpenSSL 2023-02-07 security advisory. + - Core and Builtins + - gh-101975: Fixed stacktop value on tracing entries to avoid + corruption on garbage collection. + - gh-102701: Fix overflow when creating very large dict. + - gh-102416: Do not memoize incorrectly automatically + generated loop rules in the parser. Patch by Pablo Galindo. + - gh-102356: Fix a bug that caused a crash when deallocating + deeply nested filter objects. Patch by Marta Gómez Macías. + - gh-102397: Fix segfault from race condition in signal + handling during garbage collection. Patch by Kumar Aditya. + - gh-102281: Fix potential nullptr dereference and use of + uninitialized memory in fileutils. Patch by Max Bachmann. + - gh-102126: Fix deadlock at shutdown when clearing thread + states if any finalizer tries to acquire the runtime head + lock. Patch by Kumar Aditya. + - gh-102027: Fix SSE2 and SSE3 detection in _blake2 internal + module. Patch by Max Bachmann. + - gh-101967: Fix possible segfault in + positional_only_passed_as_keyword function, when new list + created. + - gh-101765: Fix SystemError / segmentation fault in iter + __reduce__ when internal access of builtins.__dict__ keys + mutates the iter object. + - gh-101696: Invalidate type version tag in + _PyStaticType_Dealloc for static types, avoiding bug where + a false cache hit could crash the interpreter. Patch by + Kumar Aditya. + - Library + - gh-102549: Don’t ignore exceptions in member type creation. + - gh-102947: Improve traceback when dataclasses.fields() is + called on a non-dataclass. Patch by Alex Waygood + - gh-102780: The asyncio.Timeout context manager now + works reliably even when performing cleanup due to task + cancellation. Previously it could raise a CancelledError + instead of an TimeoutError in such cases. + - gh-88965: typing: Fix a bug relating to substitution in . + Pacustom classes generic over a ParamSpec. Previously, if . + Pathe ParamSpec was substituted with a parameters list that . + Paitself contained a TypeVar, the TypeVar in the parameters . + Palist could not be subsequently substituted. This is now . + Pafixed tch by Nikita Sobolev . + - gh-101979: Fix a bug where parentheses in the metavar + argument to argparse.ArgumentParser.add_argument() were + dropped. Patch by Yeojin Kim. + - gh-102179: Fix os.dup2() error message for negative fds. + - gh-101961: For the binary mode, fileinput.hookcompressed() + doesn’t set the encoding value even if the value is + None. Patch by Gihwan Kim. + - gh-101936: The default value of fp becomes io.BytesIO + if HTTPError is initialized without a designated fp + parameter. Patch by Long Vo. + - gh-102069: Fix __weakref__ descriptor generation for custom + dataclasses. + - gh-101566: In zipfile, apply fix for extractall on the + underlying zipfile after being wrapped in Path. + - gh-101892: Callable iterators no longer raise SystemError + when the callable object exhausts the iterator but forgets + to either return a sentinel value or raise StopIteration. + - gh-97786: Fix potential undefined behaviour in corner cases + of floating-point-to-time conversions. + - gh-101517: Fixed bug where bdb looks up the source line + with linecache with a lineno=None, which causes it to fail + with an unhandled exception. + - gh-101673: Fix a pdb bug where ll clears the changes to + local variables. + - gh-96931: Fix incorrect results from + ssl.SSLSocket.shared_ciphers() + - gh-88233: Correctly preserve “extra” fields in zipfile + regardless of their ordering relative to a zip64 “extra.” + - gh-96127: inspect.signature was raising TypeError on + call with mock objects. Now it correctly returns (*args, + **kwargs) as infered signature. + - gh-95495: When built against OpenSSL 3.0, the ssl module + had a bug where it reported unauthenticated EOFs (i.e. + without close_notify) as a clean TLS-level EOF. It now + raises SSLEOFError, matching the behavior in previous + versions of OpenSSL. The options attribute on SSLContext + also no longer includes OP_IGNORE_UNEXPECTED_EOF by + default. This option may be set to specify the previous + OpenSSL 3.0 behavior. + - gh-94440: Fix a concurrent.futures.process bug where + ProcessPoolExecutor shutdown could hang after a future has + been quickly submitted and canceled. + - Documentation + - gh-103112: Add docstring to http.client.HTTPResponse.read() + to fix pydoc output. + - gh-85417: Update cmath documentation to clarify behaviour + on branch cuts. + - gh-97725: Fix asyncio.Task.print_stack() description for + file=None. Patch by Oleg Iarygin. + - Tests + - gh-102980: Improve test coverage on pdb. + - gh-102537: Adjust the error handling strategy in + test_zoneinfo.TzPathTest.python_tzpath_context. Patch by + Paul Ganssle. + - gh-89792: test_tools now copies up to 10x less source data + to a temporary directory during the freeze test by ignoring + git metadata and other artifacts. It also limits its python + build parallelism based on os.cpu_count instead of hard + coding it as 8 cores. + - gh-101377: Improved test_locale_calendar_formatweekday of + calendar. + - Build + - gh-102711: Fix -Wstrict-prototypes compiler warnings. + +------------------------------------------------------------------- +Fri Mar 3 17:23:35 UTC 2023 - Matej Cepl + +- Update to 3.11.2: + Bug fixes, no changes in API and no security bugs. + +------------------------------------------------------------------- +Wed Mar 1 20:50:04 UTC 2023 - Matej Cepl + +- Add python310 Obsoletes line to obsolete_python_versioned macro. + +------------------------------------------------------------------- +Tue Feb 21 11:34:49 UTC 2023 - Matej Cepl + +- Add provides for readline and sqlite3 to the main Python + package. + +------------------------------------------------------------------- +Thu Jan 26 13:28:24 UTC 2023 - Thorsten Kukuk + +- Disable NIS for new products, it's deprecated and gets removed + +------------------------------------------------------------------- +Tue Jan 24 12:23:34 UTC 2023 - Dirk Müller + +- build GLIBC hwcaps optimized versions of the interpreter + +------------------------------------------------------------------- +Tue Jan 10 11:11:56 UTC 2023 - Matej Cepl + +- Don't fail on Sphinx build warnings. +- For jsc#PED-1570, jsc#PED-2217 and jsc#PED-68, + providing Python 3.11 for SLE-15-SP4. + +------------------------------------------------------------------- +Thu Dec 8 14:59:50 UTC 2022 - Matej Cepl + +- Update to 3.11.1: + - python -m http.server no longer allows terminal control + characters sent within a garbage request to be printed + to the stderr server lo This is done by changing the + http.server BaseHTTPRequestHandler .log_message method to + replace control characters with a \xHH hex escape before + printin + - Avoid publishing list of active per-interpreter audit hooks + via the gc module + - The IDNA codec decoder used on DNS hostnames by socket or + asyncio related name resolution functions no longer involves + a quadratic algorithm. This prevents a potential CPU denial + of service if an out-of-spec excessive length hostname + involving bidirectional characters were decoded. Some + protocols such as urllib http 3xx redirects potentially allow + for an attacker to supply such a name (CVE-2022-45061). + - Update bundled libexpat to 2.5.0 + - Fix a shell code injection vulnerability in the + get-remote-certificate.py example script. The script no + longer uses a shell to run openssl commands. Issue reported + and initial fix by Caleb Shortt. Patch by Victor Stinner. + - Fix a crash when an object which does not have a dictionary + frees its instance values. + - Fix a bug in the tokenizer that could cause infinite + recursion when showing syntax warnings that happen in the + first line of the source. Patch by Pablo Galindo + - Fix an issue that could cause frames to be visible to Python + code as they are being torn down, possibly leading to memory + corruption or hard crashes of the interpreter. + - Fix a reference bug in _imp.create_builtin() after the + creation of the first sub-interpreter for modules builtins + and sys. Patch by Victor Stinner. + - Fixed a bug that was causing a buffer overflow if the + tokenizer copies a line missing the newline caracter from a + file that is as long as the available tokenizer buffer. Patch + by Pablo galindo + - Fix bug where an ExceptionGroup subclass can wrap a + BaseException. + - Fix zip path for venv created from a non-installed python on + POSIX platforms. + - Fix an issue that could potentially cause incorrect error + handling for some bytecode instructions. + - Fix an issue that prevented PyThreadState and + PyInterpreterState memory from being freed properly. + - Fix failure in except* with unhashable exceptions. + - Fix calculation of sys._base_executable when inside a POSIX + virtual environment using copies of the python binary when + the base installation does not provide the executable name + used by the venv. Calculation will fall back to alternative + names (“python”, “python.”). + - Update faulthandler to emit an error message with the proper + unexpected signal number. Patch by Dong-hee Na. + - Fix location of SyntaxError for a try block with both except + and except*. + - Fix the error reporting positions of specialized traceback + anchors when the source line contains Unicode characters. + - Fix subscription of type aliases containing bare generic + types or types like TypeVar: for example tuple[A, T][int] and + tuple[TypeVar, T][int], where A is a generic type, and T is a + type variable. + - Lower the recursion depth for marshal on WASI to support + wasmtime 2.0/main. + - Fix multiple crashes in debug mode when str subclasses are + used instead of str itself. + - Fix an issue where member descriptors (such as those for + __slots__) could behave incorrectly or crash instead of + raising a TypeError when accessed via an instance of an + invalid type. + - Suppress ImportError for invalid query for help() + command. Patch by Dong-hee Na. + - Fix detection of MAC addresses for uuid on certain OSs. Patch + by Chaim Sanders + - Print exception class name instead of its string + representation when raising errors from ctypes calls. + - os.sched_yield() now release the GIL while calling + sched_yield(2). Patch by Dong-hee Na. + - Fix an issue that could delay the specialization of PRECALL + instructions. + - Bugfix: PyFunction_GetAnnotations() should return a borrowed + reference. It was returning a new reference. + - Ensure that all Python frame objects are backed by “complete” + frames. + - Fixed a missing incref/decref pair in + Exception.__setstate__(). Patch by Ofey Chan. + - Fix the Python path configuration used to initialized + sys.path at Python startup. Paths are no longer encoded + to UTF-8/strict to avoid encoding errors if it contains + surrogate characters (bytes paths are decoded with the + surrogateescape error handler). Patch by Victor Stinner. + - Fix overly-broad source position information for chained + comparisons used as branching conditions. + - At Python exit, sometimes a thread holding the GIL can + wait forever for a thread (usually a daemon thread) which + requested to drop the GIL, whereas the thread already + exited. To fix the race condition, the thread which requested + the GIL drop now resets its request before exiting. Issue + discovered and analyzed by Mingliang ZHAO. Patch by Victor + Stinner. + - Fix a possible assertion failure, fatal error, or SystemError + if a line tracing event raises an exception while opcode + tracing is enabled. + - Fix undefined behaviour in C code of null pointer arithmetic. + - Make sure that all frame objects created are created from + valid interpreter frames. Prevents the possibility of invalid + frames in backtraces and signal handlers. + - Disable incorrect pickling of the C implemented classmethod + descriptors. + - On WASI ENOTCAPABLE is now mapped to PermissionError. The + errno modules exposes the new error number. getpath.py now + ignores PermissionError when it cannot open landmark files + pybuilddir.txt and pyenv.cfg. + - Allow pdb to locate source for frozen modules in the standard + library. + - Raise ValueError instead of SystemError when methods of + uninitialized io.IncrementalNewlineDecoder objects are + called. Patch by Oren Milman. + - Fix a possible assertion failure in io.FileIO when the opener + returns an invalid file descriptor. + - Also escape s in the http.server + BaseHTTPRequestHandler.log_message so that it is technically + possible to parse the line and reconstruct what the original + data was. Without this a xHH is ambiguious as to if it is a + hex replacement we put in or the characters r”x” came through + in the original request line. + - asyncio.get_event_loop() now only emits a deprecation warning + when a new event loop was created implicitly. It no longer + emits a deprecation warning if the current event loop was + set. + - Fix bug when calling trace.CoverageResults with valid infile. + - Fix a bug in handling class cleanups in + unittest.TestCase. Now addClassCleanup() uses separate lists + for different TestCase subclasses, and doClassCleanups() only + cleans up the particular class. + - Release the GIL when calling termios APIs to avoid blocking + threads. + - Fix ast.increment_lineno() to also cover ast.TypeIgnore when + changing line numbers. + - Fix bug in urllib.parse.urlparse() that causes URL schemes + that begin with a digit, a plus sign, or a minus sign to be + parsed incorrectly. + - Check the number of arguments in substitution in user + generics containing a TypeVarTuple and one or more TypeVar. + - Fix substitution of ParamSpec followed by TypeVarTuple in + generic aliases. + - Fix substitution of TypeVarTuple and ParamSpec together in + user generics. + - Fixed bug where inspect.signature() reported incorrect + arguments for decorated methods. + - Fix SystemError in ctypes when exception was not set during + __initsubclass__. + - Remove older version of + _SSLProtocolTransport.get_write_buffer_limits in + asyncio.sslproto + - fix negative numbers failing in verify() + - Fix statistics.NormalDist pickle with 0 and 1 protocols. + - enum.auto() is now correctly activated when combined with + other assignment values. E.g. ONE = auto(), 'some text' will + now evaluate as (1, 'some text'). + - Update the bundled copy of pip to version 22.3.1. + - Clean up refleak on failed module initialisation in _zoneinfo + - Clean up refleaks on failed module initialisation in in + _pickle + - Clean up refleak on failed module initialisation in _io. + - Fix memory leak in math.dist() when both points don’t have + the same dimension. Patch by Kumar Aditya. + - [3.11] Applied changes from importlib_metadata 4.11.4 + through 4.13, including compatibility and robustness + fixes for Distribution objects without _normalized_name, + disallowing invalid inputs to Distribution.from_name, and + refined behaviors in PathDistribution._name_from_stem and + PathDistribution._normalized_name. + - Fix argument typechecks in _overlapped.WSAConnect() and + _overlapped.Overlapped.WSASendTo() functions. + - Prevent crashing in traceback when retrieving the byte-offset + for some source files that contain certain unicode + characters. + - Fix internal error in the re module which in very rare + circumstances prevented compilation of a regular expression + containing a conditional expression without the “else” + branch. + - Fix asyncio.StreamWriter.drain() to call + protocol.connection_lost callback only once on Windows. + - Add a mutex to unittest.mock.NonCallableMock to protect + concurrent access to mock attributes. + - Fix hang on Windows in subprocess.wait_closed() in asyncio + with ProactorEventLoop. Patch by Kumar Aditya. + - Fix infinite loop in unittest when a self-referencing chained + exception is raised + - tkinter.Text.count() raises now an exception for options + starting with “-” instead of silently ignoring them. + - On uname_result, restored expectation that _fields and + _asdict would include all six properties including processor. + - A createSocket() method was added to SysLogHandler. + - Fix bug in urllib.parse.urlparse() that causes certain port + numbers containing whitespace, underscores, plus and minus + signs, or non-ASCII digits to be incorrectly accepted. + - Allow venv to pass along PYTHON* variables to ensurepip and + pip when they do not impact path resolution + - On macOS, fix a crash in syslog.syslog() in multi-threaded + applications. On macOS, the libc syslog() function is not + thread-safe, so syslog.syslog() no longer releases the GIL to + call it. Patch by Victor Stinner. + - Allow BUILTINS to be a valid field name for frozen + dataclasses. + - Wrap network errors consistently in urllib FTP support, so + the test suite doesn’t fail when a network is available but + the public internet is not reachable. + - Make sure patch.dict() can be applied on async functions. + - Earlier in 3.11 we deprecated + asyncio.Task.cancel("message"). We realized we were too + harsh, and have undeprecated it. + - Change deprecate warning message in unittest from It is + deprecated to return a value!=None to It is deprecated to + return a value that is not None from a test case + - Fixes AttributeError when subprocess.check_output() is used + with argument input=None and either of the arguments encoding + or errors are used. + - Fix is_private properties in the ipaddress module. Previously + non-private networks (0.0.0.0/0) would return True from this + method; now they correctly return False. + - Avoid spurious tracebacks from asyncio when default executor + cleanup is delayed until after the event loop is closed (e.g. + as the result of a keyboard interrupt). + - Avoid a crash in the C version of + asyncio.Future.remove_done_callback() when an evil argument + is passed. + - Remove tokenize.NL check from tabnanny. + - Fix generation of the default name of + tkinter.Checkbutton. Previously, checkbuttons in different + parent widgets could have the same short name and share + the same state if arguments “name” and “variable” are not + specified. Now they are globally unique. + - Update bundled libexpat to 2.4.9 + - Fix race condition in asyncio where process_exited() called + before the pipe_data_received() leading to inconsistent + output. Patch by Kumar Aditya. + - Fixed check in multiprocessing.resource_tracker that + guarantees that the length of a write to a pipe is not + greater than PIPE_BUF. + - Corrected type annotation for dataclass attribute + pstats.FunctionProfile.ncalls to be str. + - Fix repr of Any subclasses. + - Work around missing socket functions in socket’s __repr__. + - In inspect, fix overeager replacement of “typing.” in + formatting annotations. + - Fix handling of bytes path-like objects in os.ismount(). + - Fix handling compiler warnings (SyntaxWarning and + DeprecationWarning) in codeop.compile_command() when checking + for incomplete input. Previously it emitted warnings and + raised a SyntaxError. Now it always returns None for + incomplete input without emitting any warnings. + - To avoid apparent memory leaks when asyncio.open_connection() + raises, break reference cycles generated by local exception + and future instances (which has exception instance as its + member var). Patch by Dong Uk, Kang. + - Fixed flickering of the turtle window when the tracer is + turned off. Patch by Shin-myoung-serp. + - Fix asyncio subprocess transport to kill process cleanly + when process is blocked and avoid RuntimeError when loop is + closed. Patch by Kumar Aditya. + - Prevent error when activating venv in nested fish instances. + - TarFile.next() now returns None when called on an empty + tarfile. + - Document the optional callback parameter of WeakMethod. Patch + by Géry Ogam. + - Restrict use of sockets instead of pipes for stdin of + subprocesses created by asyncio to AIX platform only. + - shutil.copytree() now applies the ignore_dangling_symlinks + argument recursively. + - Fix IndexError in argparse.ArgumentParser when a store_true + action is given an explicit argument. + - Document that calling variadic functions with ctypes requires + special care on macOS/arm64 (and possibly other platforms). + - Remove extra row + - Clarified the conflicting advice given in the ast + documentation about ast.literal_eval() being “safe” for use + on untrusted input while at the same time warning that it + can crash the process. The latter statement is true and is + deemed unfixable without a large amount of work unsuitable + for a bugfix. So we keep the warning and no longer claim that + literal_eval is safe. + - Restructured the documentation for the os.wait* family of + functions, and improved the docs for os.waitid() with more + explanation of the possible argument constants. + - Skip test_normalization() of test_unicodedata if it + fails to download NormalizationTest.txt file from + pythontest.net. Patch by Victor Stinner. + - Correct test_marsh on (32 bit) x86: test_deterministic sets + was failing. + - Optional big memory tests in test_sqlite3 now catch the + correct sqlite.DataError exception type in case of too large + strings and/or blobs passed. + - Fix a bug in the typing tests where a test relying + on CPython-specific implementation details was not + decorated with @cpython_only and was not skipped on other + implementations. + - Add tests for star-unpacking with PEP 646, and some other + miscellaneous PEP 646 tests. + - Added explicit coverage of Py_Initialize (and hence + Py_InitializeEx) back to the embedding tests (all other + embedding tests migrated to Py_InitializeFromConfig in Python + 3.11) + - Some C API tests were moved into the new Lib/test/test_capi/ + directory. + - Fix -Wimplicit-int, -Wstrict-prototypes, and + -Wimplicit-function-declaration compiler warnings in + configure checks. + - Fix a compilation issue with GCC 12 on macOS. + - Fix -Wimplicit-int compiler warning in configure check for + PTHREAD_SCOPE_SYSTEM. + - Fix a possible fd leak in Programs/_freeze_module.c + introduced in Python 3.11. + - Fix build with PYTHON_FOR_REGEN=python3.8. + - Specify the full path to the source location for make + docclean (needed for cross-builds). + - Don’t use vendored libmpdec headers if --with-system-libmpdec + is passed to configure. Don’t use vendored libexpat headers + if --with-system-expat is passed to !configure. + - Fix the build process of clang compiler for _bootstrap_python + if LTO optimization is applied. Patch by Matthias Görgens and + Dong-hee Na. + - wasm32-emscripten builds for browsers now include + concurrent.futures for asyncio and unittest.mock. + - wasm32-emscripten platform no longer builds resource module, + getresuid(), getresgid(), and their setters. The APIs are + stubs and not functional. + - Updated pegen regeneration script on Windows to find and + use Python 3.9 or higher. Prior to this, pegen regeneration + already required 3.9 or higher, but the script may have used + lower versions of Python. + - Fix a bug in the previous bugfix that caused IDLE to + not start when run with 3.10.8, 3.12.0a1, and at least + Microsoft Python 3.10.2288.0 installed without the Lib/test + package. 3.11.0 was never affected. + - The wasm_build.py script now pre-builds Emscripten ports, + checks for broken EMSDK versions, and warns about pkg-config + env vars. + - The new tool Tools/wasm/wasm_builder.py automates configure, + compile, and test steps for building CPython on WebAssembly + platforms. + - Fix handling of module docstrings in Tools/i18n/pygettext.py. + - PyBUF_* constants were marked as part of Limited API + of Python 3.11+. These were available in 3.11.0 with + Py_LIMITED_API defined for 3.11, and are necessary to use the + buffer API. + - Fix use-after-free in Py_SetPythonHome(NULL), + Py_SetProgramName(NULL) and _Py_SetProgramFullPath(NULL) + function calls. Issue reported by Benedikt Reinartz. Patch by + Victor Stinner. + - Py_InitializeEx now correctly calls PyConfig_Clear after + initializing the interpreter (the omission didn’t cause a + memory leak only because none of the dynamically allocated + config fields are populated by the wrapper function) +- Removed upstreamed patches: + - 98437-sphinx.locale._-as-gettext-in-pyspecific.patch + - CVE-2022-45061-DoS-by-IDNA-decode.patch + +------------------------------------------------------------------- +Wed Nov 9 18:31:23 UTC 2022 - Matej Cepl + +- Add CVE-2022-45061-DoS-by-IDNA-decode.patch to avoid + CVE-2022-45061 (bsc#1205244) allowing DoS by IDNA decoding + extremely long domain names. + +------------------------------------------------------------------- +Tue Oct 25 08:39:47 UTC 2022 - Matej Cepl + +- Update to 3.11.0 (overall changes from 3.10.*): + - General changes + - PEP 657 -- Include Fine-Grained Error Locations in + Tracebacks + - PEP 654 -- Exception Groups and except* + - PEP 680 -- tomllib: Support for Parsing TOML in the + Standard Library + - gh-90908 -- Introduce task groups to asyncio + - gh-34627 -- Atomic grouping ((?>...)) and possessive + quantifiers (*+, ++, ?+, {m,n}+) are now supported in + regular expressions. + - The Faster CPython Project is already yielding some + exciting results. Python 3.11 is up to 10-60% faster than + Python 3.10. On average, we measured a 1.22x speedup on the + standard benchmark suite. See Faster CPython for details. + - Typing and typing language changes + - PEP 673 -- Self Type + - PEP 646 -- Variadic Generics + - PEP 675 -- Arbitrary Literal String Type + - PEP 655 -- Marking individual TypedDict items as required + or potentially-missing + - PEP 681 -- Data Class Transforms +- (just changes from 3.11.0rc2): + - Fix multiplying a list by an integer (list *= int): detect + the integer overflow when the new allocated length is close + to the maximum size. Issue reported by Jordan Limor. Patch by + Victor Stinner. + - On Linux the multiprocessing module returns to using + filesystem backed unix domain sockets for communication + with the forkserver process instead of the Linux abstract + socket namespace. Only code that chooses to use the + “forkserver” start method is affected. Abstract sockets have + no permissions and could allow any user on the system in the + same network namespace (often the whole system) to inject + code into the multiprocessing forkserver process. This was + a potential privilege escalation. Filesystem based socket + permissions restrict this to the forkserver process user as + was the default in Python 3.8 and earlier. This prevents + Linux CVE-2022-42919. + - Fix an issue where several frame objects could be backed by + the same interpreter frame, possibly leading to corrupted + memory and hard crashes of the interpreter. + - Fix possible data corruption or crashes when accessing the + f_back member of newly-created generator or coroutine frames. + - Fix a crash occurring when PyEval_GetFrame() is called while + the topmost Python frame is in a partially-initialized state. + - Fix command line parsing: reject -X int_max_str_digits option + with no value (invalid) when the PYTHONINTMAXSTRDIGITS + environment variable is set to a valid limit. Patch by Victor + Stinner. + - Fix undefined behaviour in _testcapimodule.c. + - When ValueError is raised if an integer is larger than the + limit, mention the sys.set_int_max_str_digits() function in + the error message. Patch by Victor Stinner. + - Correctly raise SyntaxError on exception groups (PEP 654) on + python versions prior to 3.11 + - Document some places where an assignment expression needs + parentheses. + - Update the bundled copies of pip and setuptools to versions + 22.3 and 65.5.0 respectively. + - fix Flag to use boundary CONFORM + - This restores previous Flag behavior of allowing flags with + non-sequential values to be combined; e.g. + - class Skip(Flag): TWO = 2 EIGHT = 8 + - Skip.TWO | Skip.EIGHT -> + - Fix ! in c domain ref target syntax via a conf.py patch, so + it works as intended to disable ref target resolution. + - Update tutorial introduction output to use 3.10+ SyntaxError + invalid range. + +------------------------------------------------------------------- +Fri Oct 21 10:14:03 UTC 2022 - Matej Cepl + +- Add 98437-sphinx.locale._-as-gettext-in-pyspecific.patch to + allow building of documentation with the latest Sphinx 5.3.0 + (gh#python/cpython#98366). + +------------------------------------------------------------------- +Thu Sep 15 08:43:07 UTC 2022 - Matej Cepl + +- Update to 3.11.0rc2: + - Converting between int and str in bases other than 2 + (binary), 4, 8 (octal), 16 (hexadecimal), or 32 such as base + 10 (decimal) now raises a ValueError if the number of digits + in string form is above a limit to avoid potential denial of + service attacks due to the algorithmic complexity. This is + a mitigation for CVE-2020-10735. + This new limit can be configured or disabled by environment + variable, command line flag, or sys APIs. See the integer + string conversion length limitation documentation. The + default limit is 4300 digits in string form. + - Fix case of undefined behavior in ceval.c + - Do not expose KeyWrapper in _functools. + - Ensure that tracing, sys.setrace(), is turned on + immediately. In pre-release versions of 3.11, some tracing + events might have been lost when turning on tracing in a + __del__ method or interrupt. + - Fix use after free in trace refs build mode. Patch by Kumar + Aditya. + - When loading a file with invalid UTF-8 inside a multi-line + string, a correct SyntaxError is emitted. + - Make sure that incomplete frames do not show up in + tracemalloc traces. + - Remove two cases of undefined behavior, by adding NULL + checks. + - Fix possible NULL pointer dereference in + _PyThread_CurrentFrames. Patch by Kumar Aditya. + - Fix AttributeError missing name and obj attributes in + object.__getattribute__(). Patch by Philip Georgi. + - Loading a file with invalid UTF-8 will now report the broken + character at the correct location. + - Fixed a bug that caused _PyCode_GetExtra to return garbage + for negative indexes. Patch by Pablo Galindo + - Fix a deadlock in PyGILState_Ensure() when allocating new + thread state. Patch by Kumar Aditya. + - PyType_Ready() now initializes ht_cached_keys and performs + additional checks to ensure that type objects are properly + configured. This avoids crashes in 3rd party packages that + don’t use regular API to create new types. + - Skip over incomplete frames in PyThreadState_GetFrame(). + - Fix format string in _PyPegen_raise_error_known_location that + can lead to memory corruption on some 64bit systems. The + function was building a tuple with i (int) instead of n + (Py_ssize_t) for Py_ssize_t arguments. + - Fix misleading contents of error message when converting an + all-whitespace string to float. + - ast.parse() will no longer parse function definitions with + positional-only params when passed feature_version less than + (3, 8). Patch by Shantanu Jain. + - Fix incorrect error message in the io module. + - Fix the faulthandler implementation of + faulthandler.register(signal, chain=True) if the sigaction() + function is not available: don’t call the previous signal + handler if it’s NULL. Patch by Victor Stinner. + - Correct conversion of numbers.Rational’s to float. + - Fix TypeVarTuple.__typing_prepare_subst__. TypeError was not + raised when using more than one TypeVarTuple, like [*T, *V] + in type alias substitutions. + - Fix asyncio.streams.StreamReaderProtocol to keep a strong + reference to the created task, so that it’s not garbage + collected + - Fix a performance regression in logging + TimedRotatingFileHandler. Only check for special files when + the rollover time has passed. + - Fix unused localName parameter in the Attr class in + xml.dom.minidom. + - Fix incorrect condition that causes sys.thread_info.name to + be wrong on pthread platforms. + - Remove an incompatible change from bpo-28080 that caused a + regression that ignored the utf8 in ZipInfo.flag_bits. Patch + by Pablo Galindo. + - Fix asyncio.Runner to call asyncio.set_event_loop() only + once to avoid calling attach_loop() multiple times on child + watchers. Patch by Kumar Aditya. + - Fix unittest.IsolatedAsyncioTestCase to set event loop before + calling setup functions. Patch by Kumar Aditya. + - When a task catches asyncio.CancelledError and raises some + other error, the other error should generally not silently be + suppressed. + - Fail gracefully if EPERM or ENOSYS is raised when loading + crypt methods. This may happen when trying to load MD5 on a + Linux kernel with FIPS enabled. + - Allow asyncio.StreamWriter.drain() to be awaited concurrently + by multiple tasks. Patch by Kumar Aditya. + - Fix ast.unparse() when ImportFrom.level is None + - Improve discoverability of the higher level + concurrent.futures module by providing clearer links from the + lower level threading and multiprocessing modules. + - What’s New 3.11 now has instructions for how to provide + compiler and linker flags for Tcl/Tk and OpenSSL on RHEL 7 + and CentOS 7. + - Mitigate the inherent race condition from using + find_unused_port() in testSockName() by trying to find an + unused port a few times before failing. Patch by Ross Burton. + - Build and test with OpenSSL 1.1.1q +- Use support-expat-CVE-2022-25236-patched.patch from the current + version of gh#python/cpython#93900 instead of the old + support-expat-245.patch. +- Reapply fix_configure_rst.patch. + +------------------------------------------------------------------- +Mon Sep 5 08:43:49 UTC 2022 - Andreas Schwab + +- Increase testsuite timeout for test_freeze_simple_script + +------------------------------------------------------------------- +Sat Aug 20 21:31:40 UTC 2022 - Matej Cepl + +- fix import_failed.map to refer to the python 3.11 package versions + +------------------------------------------------------------------- +Sat Aug 20 14:05:21 UTC 2022 - Matej Cepl + +- Update to 3.11.0rc1: + - Core and Builtins + - Update code object hashing and equality to consider all + debugging and exception handling tables. This fixes an + issue where certain non-identical code objects could be + “deduplicated” during compilation. + - _PyPegen_Parser_New now properly detects token memory + allocation errors. Patch by Honglin Zhu. + - Run Python code in tracer/profiler function at full + speed. Fixes slowdown in earlier versions of 3.11. + - Emit a warning in debug mode if an object does not call + PyObject_GC_UnTrack() before deallocation. Patch by Pablo + Galindo. + - Prevented crashes in the AST constructor when + compiling some absurdly long expressions like + "+0"*1000000. RecursionError is now raised instead. Patch + by Pablo Galindo + - ast.AST node positions are now validated when provided to + compile() and other related functions. If invalid positions + are detected, a ValueError will be raised. + - Fix error detection in some builtin functions when keyword + argument name is an instance of a str subclass with + overloaded __eq__ and __hash__. Previously it could cause + SystemError or other undesired behavior. + - Library + - Update bundled pip to 22.2.2. + - Fix asyncio.TaskGroup to propagate exception when + asyncio.CancelledError was replaced with another exception + by a context manger. Patch by Kumar Aditya and Guido van + Rossum. + - Update bundled pip to 22.2.1. + - Fix GC crash when deallocating _lsprof.Profiler by + untracking it before calling any callbacks. Patch by Kumar + Aditya. + - Fix asyncio.run() for asyncio.Task implementations without + uncancel() method. Patch by Kumar Aditya. + - Fix check for existence of os.EFD_CLOEXEC, os.EFD_NONBLOCK + and os.EFD_SEMAPHORE flags on older kernel versions where + these flags are not present. Patch by Kumar Aditya. + - Fix concurrent.futures.Executor.map() to cancel the + currently waiting on future on an error - e.g. TimeoutError + or KeyboardInterrupt. + - Ensure that timeouts scheduled with asyncio.Timeout that + have already expired are delivered promptly. + - Suppress writing an XML declaration in open files + in ElementTree.write() with encoding='unicode' and + xml_declaration=None. + - Fix findtext in the xml module to only give an empty string + when the text attribute is set to None. + - Documentation + - Fix stylesheet not working in Windows CHM htmlhelp docs + and add warning that they are deprecated. Contributed by + C.A.M. Gerlach. + - Update library documentation with availability information + on WebAssembly platforms wasm32-emscripten and wasm32-wasi. + - Use consistent syntax for platform availability. The + directive now supports a content body and emits a warning + when it encounters an unknown platform. + - Document a limitation in ThreadPoolExecutor where its exit + handler is executed before any handlers in atexit. + - Tests + - Lib/test/test_asyncio/test_ssl.py exposed a bug in the + macOS kernel where intense concurrent load on non-blocking + sockets occasionally causes errno.ENOBUFS (“No buffer space + available”) to be emitted. FB11063974 filed with Apple, in + the mean time as a workaround buffer size used in tests on + macOS is decreased to avoid intermittent failures. Patch by + Fantix King. + - Fix problem with test_ssl test_get_ciphers on systems that + require perfect forward secrecy (PFS) ciphers. + - Add a regression test for re exponentional slowdown when + using rjsmin. + - Build + - Fix a regression in configure script that caused some + header checks to ignore custom CPPFLAGS. The regression was + introduced in gh-94802. + - wasm32-wasi builds no longer depend on WASIX’s pthread + stubs. Python now has its own stubbed pthread API. + - Python now detects missing dup function in WASI and works + around some missing errno, select, and socket constants. + - Python now skips missing socket functions and methods on + WASI. WASI can only create sockets from existing fd / + accept and has no netdb. + - Platforms wasm32-unknown-emscripten and wasm32-unknown-wasi + have been promoted to PEP 11 tier 3 platform support. + - IDLE + - Document handling of extensions in Save As dialogs. + - Include prompts when saving Shell (interactive input and + output). + - Fix the Shell context menu copy-with-prompts bug of copying + an extra line when one selects whole lines. + - In the Edit menu, move Select All and add a new separator. + - Enable using IDLE’s module browser with .pyw files. + - Add .pyi as a recognized extension for IDLE on macOS. This + allows opening stub files by double clicking on them in the + Finder. + - C API + - Restore the 3.10 behavior for multiple inheritance of C + extension classes that store their dictionary at the end of + the struct. + - Added PyCode_GetVarnames(), PyCode_GetCellvars() and + PyCode_GetFreevars() for accessing co_varnames, co_cellvars + and co_freevars respectively via the C API. + +------------------------------------------------------------------- +Tue Jul 26 10:37:31 UTC 2022 - Matej Cepl + +- Update to 3.11.0b5: + - Core and Builtins + - gh-93351: ast.AST node positions are now validated when + provided to compile() and other related functions. If + invalid positions are detected, a ValueError will be + raised. + - gh-94438: Fix an issue that caused extended opcode + arguments and some conditional pops to be ignored when + calculating valid jump targets for assignments to the + f_lineno attribute of frame objects. In some cases, this + could cause inconsistent internal state, resulting in a + hard crash of the interpreter. + - gh-95060: Undocumented PyCode_Addr2Location function now + properly returns when addrq argument is less than zero. + - gh-95113: Replace all EXTENDED_ARG_QUICK instructions + with basic EXTENDED_ARG instructions in unquickened + code. Consumers of non-adaptive bytecode should be able to + handle extended arguments the same way they were handled in + CPython 3.10 and older. + - gh-91409: Fix incorrect source location info caused by + certain optimizations in the bytecode compiler. + - gh-94036: Fix incorrect source location info for some + multi-line attribute accesses and method calls. + - gh-94739: Allow jumping within, out of, and across + exception handlers in the debugger. + - gh-94949: ast.parse() will no longer parse parenthesized + context managers when passed feature_version less than (3, + 9). Patch by Shantanu Jain. + - gh-94947: ast.parse() will no longer parse assignment + expressions when passed feature_version less than (3, + 8). Patch by Shantanu Jain. + - gh-91256: Ensures the program name is known for help text + during interpreter startup. + - gh-94869: Fix the column offsets for some expressions in + multi-line f-strings ast nodes. Patch by Pablo Galindo. + - gh-94822: Fix an issue where lookups of metaclass + descriptors may be ignored when an identically-named + attribute also exists on the class itself. + - gh-91153: Fix an issue where a bytearray item assignment + could crash if it’s resized by the new value’s __index__() + method. + - gh-90699: Fix reference counting bug in + bool.__repr__(). Patch by Kumar Aditya. + - Library + - gh-95087: Fix IndexError in parsing invalid date in the + email module. + - gh-95199: Upgrade bundled setuptools to 63.2.0. + - gh-95194: Upgrade bundled pip to 22.2. + - gh-95132: Fix a sqlite3 regression where *args and **kwds + were incorrectly relayed from connect() to the Connection + factory. The regression was introduced in 3.11a1 with PR + 24421 (gh-85128). Patch by Erlend E. Aasland.` + - gh-93157: Fix fileinput module didn’t support errors option + when inplace is true. + - gh-95105: wsgiref.types.InputStream.__iter__() should + return Iterator[bytes], not Iterable[bytes]. Patch by + Shantanu Jain. + - gh-94857: Fix refleak in + _io.TextIOWrapper.reconfigure. Patch by Kumar Aditya. + - gh-94821: Fix binding of unix socket to empty address + on Linux to use an available address from the abstract + namespace, instead of “0”. + - gh-89988: Fix memory leak in pickle.Pickler when looking up + dispatch_table. Patch by Kumar Aditya. + - bpo-47025: Drop support for bytes on sys.path. + - Tests + - gh-95212: Make multiprocessing test case + test_shared_memory_recreate parallel-safe. + - Build + - gh-94847: Fixed _decimal module build issue on GCC when + compiling with LTO and pydebug. Debug builds no longer + force inlining of functions. + - gh-94841: Fix the possible performance regression of + PyObject_Free() compiled with MSVC version 1932. + - gh-94801: configure now uses custom flags like ZLIB_CFLAGS + and ZLIB_LIBS when searching for headers and libraries. + - gh-94773: deepfreeze.py now supports code object with + frozensets that contain incompatible, unsortable types. + - C API + - gh-94930: Fix SystemError raised when + PyArg_ParseTupleAndKeywords() is used with # in (...) but + without PY_SSIZE_T_CLEAN defined. + - gh-94864: Fix PyArg_Parse* with deprecated format units “u” + and “Z”. It returned 1 (success) when warnings are turned + into exceptions. + - gh-94731: Python again uses C-style casts for + most casting operations when compiled with + C++. This may trigger compiler warnings, if they + are enabled with e.g. -Wold-style-cast `` or + ``-Wzero-as-null-pointer-constant options for g++. + +------------------------------------------------------------------- +Thu Jul 21 14:19:53 UTC 2022 - Matej Cepl + +- Switch from %primary_interpreter to prjconf-defined + %primary_python (gh#openSUSE/python-rpm-macros#127). + +------------------------------------------------------------------- +Thu Jul 14 15:37:35 UTC 2022 - Matej Cepl + +- Update to 3.11.0b4: +- Fixes many bugs and adds following more significant changes +- Security + - gh-68966: The deprecated mailcap module now refuses to inject + Coreunsafe text (filenames, MIME types, parameters) into + shell Corecommands. Instead of using such text, it will + warn and act Coreas if a match was not found (or for test + commands, as if the Coretest failed). and Builtins + - gh-93516: Lazily create a table mapping bytecode offsets to + line numbers to speed up calculation of line numbers when + tracing. + - gh-93461: importlib.invalidate_caches() now drops entries + from sys.path_importer_cache with a relative path as + name. This solves a caching issue when a process changes its + current working directory. + - FileFinder no longer inserts a dot in the path, e.g. + /egg/./spam is now /egg/spam. +Library + - gh-93896: Fix asyncio.run() and + unittest.IsolatedAsyncioTestCase to always the set event loop + as it was done in Python 3.10 and earlier. Patch by Kumar + Aditya. + - gh-94101: Manual instantiation of ssl.SSLSession objects is + no longer allowed as it lead to misconfigured instances that + crashed the interpreter when attributes where accessed on + them. + - gh-83658: Make multiprocessing.Pool raise an exception if + maxtasksperchild is not None or a positive int. + - gh-61162: Clarify sqlite3 behavior when Using the connection + as a context manager. +Tools/Demos + - gh-94538: Fix Argument Clinic output to custom file + destinations. Patch by Erlend E. Aasland. +C API + - gh-93937: The following frame functions and type are now + directly available with #include , it’s no longer + needed to add #include : + PyFrame_Check() + PyFrame_GetBack() + PyFrame_GetBuiltins() + PyFrame_GetGenerator() + PyFrame_GetGlobals() + PyFrame_GetLasti() + PyFrame_GetLocals() + PyFrame_Type + +------------------------------------------------------------------- +Tue May 31 20:54:36 UTC 2022 - Matej Cepl + +- Update to 3.11.0b2: + - many small updates +- Add patch support-expat-245.patch: + * Support Expat >= 2.4.4 (jsc#SLE-21253) + +------------------------------------------------------------------- +Tue May 10 15:01:18 UTC 2022 - Matej Cepl + +- Refresh bluez-devel-vendor.tar.xz +- Fix building with system-expat (gh#python/cpython#92875). Nope, + it didn't work, worked around it. + +------------------------------------------------------------------- +Mon May 9 15:09:03 UTC 2022 - Matej Cepl + +- Update to pre-release version 3.11.0b1: + - PEP 657 – Include Fine-Grained Error Locations in Tracebacks + - PEP 654 – Exception Groups and except* + - PEP 673 – Self Type + - PEP 646 – Variadic Generics + - PEP 680– tomllib: Support for Parsing TOML in the Standard Library + - PEP 675– Arbitrary Literal String Type + - PEP 655– Marking individual TypedDict items as required or potentially-missing + - bpo-46752– Introduce task groups to asyncio + - The Faster Cpython Project is already yielding some exciting + results. Python 3.11 is up to 10-60% faster than Python + 3.10. On average, we measured a 1.22x speedup on the standard + benchmark suite. See + https://docs.python.org/3.11/whatsnew/3.11.html#faster-cpython + for details. + +------------------------------------------------------------------- +Thu May 5 14:35:56 UTC 2022 - Matej Cepl + +- Switch primary_interpreter from python38 to python310 + +------------------------------------------------------------------- +Sat Mar 26 22:52:45 UTC 2022 - Matej Cepl + +- Update to 3.10.4: + - bpo-46968: Check for the existence of the “sys/auxv.h” header + in faulthandler to avoid compilation problems in systems + where this header doesn’t exist. Patch by Pablo Galindo + - bpo-23691: Protect the re.finditer() iterator from + re-entering. + - bpo-42369: Fix thread safety of zipfile._SharedFile.tell() to + avoid a “zipfile.BadZipFile: Bad CRC-32 for file” exception + when reading a ZipFile from multiple threads. + - bpo-38256: Fix binascii.crc32() when it is compiled to use + zlib’c crc32 to work properly on inputs 4+GiB in length + instead of returning the wrong result. The workaround prior + to this was to always feed the function data in increments + smaller than 4GiB or to just call the zlib module function. + - bpo-39394: A warning about inline flags not at the start of + the regular expression now contains the position of the flag. + - bpo-47061: Deprecate the various modules listed by PEP 594: + - aifc, asynchat, asyncore, audioop, cgi, cgitb, chunk, crypt, + imghdr, msilib, nntplib, nis, ossaudiodev, pipes, smtpd, + sndhdr, spwd, sunau, telnetlib, uu, xdrlib + - bpo-2604: Fix bug where doctests using globals would fail + when run multiple times. + - bpo-45997: Fix asyncio.Semaphore re-aquiring FIFO order. + - bpo-47022: The asynchat, asyncore and smtpd modules have been + deprecated since at least Python 3.6. Their documentation and + deprecation warnings and have now been updated to note they + will removed in Python 3.12 (PEP 594). + - bpo-46421: Fix a unittest issue where if the command was + invoked as python -m unittest and the filename(s) began with + a dot (.), a ValueError is returned. + - bpo-40296: Fix supporting generic aliases in pydoc. + +- Update to 3.10.3: + - bpo-46940: Avoid overriding AttributeError metadata + information for nested attribute access calls. Patch by Pablo + Galindo. + - bpo-46852: Rename the private undocumented + float.__set_format__() method to float.__setformat__() to fix + a typo introduced in Python 3.7. The method is only used by + test_float. Patch by Victor Stinner. + - bpo-46794: Bump up the libexpat version into 2.4.6 + - bpo-46820: Fix parsing a numeric literal immediately (without + spaces) followed by “not in” keywords, like in 1not in x. Now + the parser only emits a warning, not a syntax error. + - bpo-46762: Fix an assert failure in debug builds when a ‘<’, + ‘>’, or ‘=’ is the last character in an f-string that’s + missing a closing right brace. + - bpo-46724: Make sure that all backwards jumps use the + JUMP_ABSOLUTE instruction, rather than JUMP_FORWARD with an + argument of (2**32)+offset. + - bpo-46732: Correct the docstring for the __bool__() method. + Patch by Jelle Zijlstra. + - bpo-46707: Avoid potential exponential backtracking when + producing some syntax errors involving lots of brackets. + Patch by Pablo Galindo. + - bpo-40479: Add a missing call to va_end() in + Modules/_hashopenssl.c. + - bpo-46615: When iterating over sets internally in + setobject.c, acquire strong references to the resulting items + from the set. This prevents crashes in corner-cases of + various set operations where the set gets mutated. + - bpo-45773: Remove two invalid “peephole” optimizations from + the bytecode compiler. + - bpo-43721: Fix docstrings of getter, setter, and deleter to + clarify that they create a new copy of the property. + - bpo-46503: Fix an assert when parsing some invalid N escape + sequences in f-strings. + - bpo-46417: Fix a race condition on setting a type __bases__ + attribute: the internal function add_subclass() now gets the + PyTypeObject.tp_subclasses member after calling + PyWeakref_NewRef() which can trigger a garbage collection + which can indirectly modify PyTypeObject.tp_subclasses. Patch + by Victor Stinner. + - bpo-46383: Fix invalid signature of _zoneinfo’s module_free + function to resolve a crash on wasm32-emscripten platform. + - bpo-46070: Py_EndInterpreter() now explicitly untracks all + objects currently tracked by the GC. Previously, if an object + was used later by another interpreter, calling + PyObject_GC_UnTrack() on the object crashed if the previous + or the next object of the PyGC_Head structure became + a dangling pointer. Patch by Victor Stinner. + - bpo-46339: Fix a crash in the parser when retrieving the + error text for multi-line f-strings expressions that do not + start in the first line of the string. Patch by Pablo Galindo + - bpo-46240: Correct the error message for unclosed parentheses + when the tokenizer doesn’t reach the end of the source when + the error is reported. Patch by Pablo Galindo + - bpo-46091: Correctly calculate indentation levels for lines + with whitespace character that are ended by line continuation + characters. Patch by Pablo Galindo + - bpo-43253: Fix a crash when closing transports where the + underlying socket handle is already invalid on the Proactor + event loop. + - bpo-47004: Apply bugfixes from importlib_metadata 4.11.3, + including bugfix for EntryPoint.extras, which was returning + match objects and not the extras strings. + - bpo-46985: Upgrade pip wheel bundled with ensurepip (pip + 22.0.4) + - bpo-46968: faulthandler: On Linux 5.14 and newer, dynamically + determine size of signal handler stack size CPython allocates + using getauxval(AT_MINSIGSTKSZ). This changes allows for + Python extension’s request to Linux kernel to use AMX_TILE + instruction set on Sapphire Rapids Xeon processor to succeed, + unblocking use of the ISA in frameworks. + - bpo-46955: Expose asyncio.base_events.Server as + asyncio.Server. Patch by Stefan Zabka. + - bpo-23325: The signal module no longer assumes that SIG_IGN + and SIG_DFL are small int singletons. + - bpo-46932: Update bundled libexpat to 2.4.7 + - bpo-25707: Fixed a file leak in + xml.etree.ElementTree.iterparse() when the iterator is not + exhausted. Patch by Jacob Walls. + - bpo-44886: Inherit asyncio proactor datagram transport from + asyncio.DatagramTransport. + - bpo-46827: Support UDP sockets in asyncio.loop.sock_connect() + for selector-based event loops. Patch by Thomas Grainger. + - bpo-46811: Make test suite support Expat >=2.4.5 + - bpo-46252: Raise TypeError if ssl.SSLSocket is passed to + transport-based APIs. + - bpo-46784: Fix libexpat symbols collisions with user + dynamically loaded or statically linked libexpat in embedded + Python. + - bpo-39327: shutil.rmtree() can now work with VirtualBox + shared folders when running from the guest operating-system. + - bpo-46756: Fix a bug in + urllib.request.HTTPPasswordMgr.find_user_password() and + urllib.request.HTTPPasswordMgrWithPriorAuth.is_authenticated() + which allowed to bypass authorization. For example, access to + URI example.org/foobar was allowed if the user was authorized + for URI example.org/foo. + - bpo-46643: In typing.get_type_hints(), support evaluating + stringified ParamSpecArgs and ParamSpecKwargs annotations. + Patch by Gregory Beauregard. + - bpo-45863: When the tarfile module creates a pax format + archive, it will put an integer representation of timestamps + in the ustar header (if possible) for the benefit of older + unarchivers, in addition to the existing full-precision + timestamps in the pax extended header. + - bpo-46676: Make typing.ParamSpec args and kwargs equal to + themselves. Patch by Gregory Beauregard. + - bpo-46672: Fix NameError in asyncio.gather() when initial + type check fails. + - bpo-46655: In typing.get_type_hints(), support evaluating + bare stringified TypeAlias annotations. Patch by Gregory + Beauregard. + - bpo-45948: Fixed a discrepancy in the C implementation of the + xml.etree.ElementTree module. Now, instantiating an + xml.etree.ElementTree.XMLParser with a target=None keyword + provides a default xml.etree.ElementTree.TreeBuilder target + as the Python implementation does. + - bpo-46521: Fix a bug in the codeop module that was + incorrectly identifying invalid code involving string quotes + as valid code. + - bpo-46581: Brings ParamSpec propagation for GenericAlias in + line with Concatenate (and others). + - bpo-46591: Make the IDLE doc URL on the About IDLE dialog + clickable. + - bpo-46400: expat: Update libexpat from 2.4.1 to 2.4.4 + - bpo-46487: Add the get_write_buffer_limits method to + asyncio.transports.WriteTransport and to the SSL transport. + - bpo-45173: Note the configparser deprecations will be removed + in Python 3.12. + - bpo-46539: In typing.get_type_hints(), support evaluating + stringified ClassVar and Final annotations inside Annotated. + Patch by Gregory Beauregard. + - bpo-46491: Allow typing.Annotated to wrap typing.Final and + typing.ClassVar. Patch by Gregory Beauregard. + - bpo-46436: Fix command-line option -d/--directory in module + http.server which is ignored when combined with command-line + option --cgi. Patch by Géry Ogam. + - bpo-41403: Make mock.patch() raise a TypeError with + a relevant error message on invalid arg. Previously it + allowed a cryptic AttributeError to escape. + - bpo-46474: In importlib.metadata.EntryPoint.pattern, avoid + potential REDoS by limiting ambiguity in consecutive + whitespace. + - bpo-46469: asyncio generic classes now return + types.GenericAlias in __class_getitem__ instead of the same + class. + - bpo-46434: pdb now gracefully handles help when __doc__ is + missing, for example when run with pregenerated optimized + .pyc files. + - bpo-46333: The __eq__() and __hash__() methods of + typing.ForwardRef now honor the module parameter of + typing.ForwardRef. Forward references from different modules + are now differentiated. + - bpo-46246: Add missing __slots__ to + importlib.metadata.DeprecatedList. Patch by Arie Bovenberg. + - bpo-46266: Improve day constants in calendar. + - Now all constants (MONDAY … SUNDAY) are documented, tested, + and added to __all__. + - bpo-46232: The ssl module now handles certificates with bit + strings in DN correctly. + - bpo-43118: Fix a bug in inspect.signature() that was causing + it to fail on some subclasses of classes with + a __text_signature__ referencing module globals. Patch by + Weipeng Hong. + - bpo-26552: Fixed case where failing asyncio.ensure_future() + did not close the coroutine. Patch by Kumar Aditya. + - bpo-21987: Fix an issue with tarfile.TarFile.getmember() + getting a directory name with a trailing slash. + - bpo-20392: Fix inconsistency with uppercase file extensions + in MimeTypes.guess_type(). Patch by Kumar Aditya. + - bpo-46080: Fix exception in argparse help text generation if + a argparse.BooleanOptionalAction argument’s default is + argparse.SUPPRESS and it has help specified. Patch by Felix + Fontein. + - bpo-44439: Fix .write() method of a member file in ZipFile, + when the input data is an object that supports the buffer + protocol, the file length may be wrong. + - bpo-45703: When a namespace package is imported before + another module from the same namespace is created/installed + in a different sys.path location while the program is + running, calling the importlib.invalidate_caches() function + will now also guarantee the new module is noticed. + - bpo-24959: Fix bug where unittest sometimes drops frames from + tracebacks of exceptions raised in tests. + - bpo-44791: Fix substitution of ParamSpec in Concatenate with + different parameter expressions. Substitution with a list of + types returns now a tuple of types. Substitution with + Concatenate returns now a Concatenate with concatenated lists + of arguments. + - bpo-14156: argparse.FileType now supports an argument of ‘-’ + in binary mode, returning the .buffer attribute of + sys.stdin/sys.stdout as appropriate. Modes including ‘x’ and + ‘a’ are treated equivalently to ‘w’ when argument is ‘-’. + Patch contributed by Josh Rosenberg + - bpo-46463: Fixes escape4chm.py script used when building the + CHM documentation file + - bpo-46913: Fix test_faulthandler.test_sigfpe() if Python is + built with undefined behavior sanitizer (UBSAN): disable + UBSAN on the faulthandler_sigfpe() function. Patch by Victor + Stinner. + - bpo-46708: Prevent default asyncio event loop policy + modification warning after test_asyncio execution. + - bpo-46678: The function make_legacy_pyc in + Lib/test/support/import_helper.py no longer fails when + PYTHONPYCACHEPREFIX is set to a directory on a different + device from where tempfiles are stored. + - bpo-46616: Ensures test_importlib.test_windows cleans up + registry keys after completion. + - bpo-44359: test_ftplib now silently ignores socket errors to + prevent logging unhandled threading exceptions. Patch by + Victor Stinner. + - bpo-46542: Fix a Python crash in test_lib2to3 when using + Python built in debug mode: limit the recursion limit. Patch + by Victor Stinner. + - bpo-46576: test_peg_generator now disables compiler + optimization when testing compilation of its own C extensions + to significantly speed up the testing on non-debug builds of + CPython. + - bpo-46542: Fix test_json tests checking for RecursionError: + modify these tests to use support.infinite_recursion(). Patch + by Victor Stinner. + - bpo-13886: Skip test_builtin PTY tests on non-ASCII + characters if the readline module is loaded. The readline + module changes input() behavior, but test_builtin is not + intented to test the readline module. Patch by Victor + Stinner. + - bpo-38472: Fix GCC detection in setup.py when + cross-compiling. The C compiler is now run with LC_ALL=C. + Previously, the detection failed with a German locale. + - bpo-46513: configure no longer uses AC_C_CHAR_UNSIGNED macro + and pyconfig.h no longer defines reserved symbol + __CHAR_UNSIGNED__. + - bpo-45296: Clarify close, quit, and exit in IDLE. In the File + menu, ‘Close’ and ‘Exit’ are now ‘Close Window’ (the current + one) and ‘Exit’ is now ‘Exit IDLE’ (by closing all windows). + In Shell, ‘quit()’ and ‘exit()’ mean ‘close Shell’. If there + are no other windows, this also exits IDLE. + - bpo-45447: Apply IDLE syntax highlighting to pyi files. Patch + by Alex Waygood and Terry Jan Reedy. + - bpo-46433: The internal function _PyType_GetModuleByDef now + correctly handles inheritance patterns involving static + types. + - bpo-14916: Fixed bug in the tokenizer that prevented + PyRun_InteractiveOne from parsing from the provided FD. + +- Remove upstreamed patches: + - support-expat-245.patch + +------------------------------------------------------------------- +Tue Feb 22 05:53:06 UTC 2022 - Steve Kowalik + +- Add patch support-expat-245.patch: + * Support Expat >= 2.4.5 + +------------------------------------------------------------------- +Tue Feb 15 23:05:55 UTC 2022 - Matej Cepl + +- bsc#1195831 Obsolete older "most modern" versions of python + packages (python39 for python310 and so forth). For next + versions it is necessary just to edit the macro. + +------------------------------------------------------------------- +Tue Jan 25 16:09:25 UTC 2022 - Matej Cepl + +- Remove second superfluous BR rpm-build-python + +------------------------------------------------------------------- +Tue Jan 25 16:09:25 UTC 2022 - Matej Cepl + +- Remove second superfluous BR rpm-build-python +- Add fix_configure_rst.patch, which removes duplicate link + targets and make documentation with old Sphinx in SLE +- Skip test_capi (bsc#1195140 and bpo#37169) + +------------------------------------------------------------------- +Wed Jan 19 22:01:51 UTC 2022 - Matej Cepl + +- Update to 3.10.2: + Bugfix only + - bpo#46347 memory leak in PyEval_EvalCodeEx (especially + visible with Cython code) + - and many others + +------------------------------------------------------------------- +Wed Dec 8 13:07:25 UTC 2021 - Matej Cepl + +- Upgrade to 3.10.1 (jsc#SLE-18038): + - PEP 623 – Deprecate and prepare for the removal of the wstr + member in PyUnicodeObject. + - PEP 604 – Allow writing union types as X | Y + - PEP 612 – Parameter Specification Variables + - PEP 626 – Precise line numbers for debugging and other tools. + - PEP 618 – Add Optional Length-Checking To zip. + - bpo-12782: Parenthesized context managers are now officially + allowed. + - PEP 632 – Deprecate distutils module. + - PEP 613 – Explicit Type Aliases + - PEP 634 – Structural Pattern Matching: Specification + - PEP 635 – Structural Pattern Matching: Motivation and + Rationale + - PEP 636 – Structural Pattern Matching: Tutorial + - PEP 644 – Require OpenSSL 1.1.1 or newer + - PEP 624 – Remove Py_UNICODE encoder APIs + - PEP 597 – Add optional EncodingWarning +- Patches readjusted: + - bpo-31046_ensurepip_honours_prefix.patch + - python-3.3.0b1-fix_date_time_compiler.patch + +------------------------------------------------------------------- +Sat Dec 4 18:40:28 UTC 2021 - Matej Cepl + +- Remove pdb_adjust_breakpoints.patch and instead just adjust location + of the test breakpoint in Lib/test/test_pdb.py via sed, because we + have shortened Lib/pdb.py by removing the shebang (bpo#45964). + +------------------------------------------------------------------- +Thu Dec 2 13:51:57 UTC 2021 - Matej Cepl + +- Add pdb_adjust_breakpoints.patch fixing expectd results in + test_pdb_breakpoints_preserved_across_interactive_sessions + (bpo#45964). + +------------------------------------------------------------------- +Mon Nov 29 00:17:07 UTC 2021 - Matej Cepl + +- Remove shebangs from from python-base libraries in _libdir + (bsc#1193179). +- Readjust patches: + - bpo-31046_ensurepip_honours_prefix.patch + - decimal.patch + - python-3.3.0b1-fix_date_time_compiler.patch + +------------------------------------------------------------------- +Tue Nov 16 16:03:43 UTC 2021 - Matej Cepl + +- Move rpm-build-python construct to correct place. + +------------------------------------------------------------------- +Wed Oct 13 08:52:47 UTC 2021 - Dominique Leuenberger + +- BuildRequire rpm-build-python: The provider to inject python(abi) + has been moved there. rpm-build pulls rpm-build-python + automatically in when building anything against python3-base, but + this implies that the initial build of python3-base does not + trigger the automatic installation. + +------------------------------------------------------------------- +Tue Oct 5 22:36:51 UTC 2021 - Matej Cepl + +- Final release of 3.10.0: + Complete list on https://www.python.org/downloads/release/python-3100/, + but highlights are: + - PEP 623 – Deprecate and prepare for the removal of the wstr + member in PyUnicodeObject. + - PEP 604 – Allow writing union types as X | Y + - PEP 612 – Parameter Specification Variables + - PEP 626 – Precise line numbers for debugging and other + tools. + - PEP 618 – Add Optional Length-Checking To zip. + - PEP 632 – Deprecate distutils module. + - PEP 613 – Explicit Type Aliases + - PEP 634 – Structural Pattern Matching: Specification + - PEP 635 – Structural Pattern Matching: Motivation and + Rationale + - PEP 636 – Structural Pattern Matching: Tutorial + - PEP 644 – Require OpenSSL 1.1.1 or newer + - PEP 624 – Remove Py_UNICODE encoder APIs + - PEP 597 – Add optional EncodingWarning + - bpo-12782: Parenthesized context managers are now officially + allowed. + +------------------------------------------------------------------- +Mon Aug 30 12:48:25 UTC 2021 - Matej Cepl + +- Switch on option --with-system-libmpdec (bsc#1189356). + +------------------------------------------------------------------- +Fri Aug 27 13:15:03 UTC 2021 - Andreas Schwab + +- Reenable profileopt with qemu emulation, test_faulthandler is no longer + run during profiling + +------------------------------------------------------------------- +Thu Aug 12 15:11:39 UTC 2021 - Andreas Schwab + +- test_faulthandler is still problematic under qemu linux-user emulation, + disable it there + +------------------------------------------------------------------- +Wed Aug 11 05:57:11 UTC 2021 - Matej Cepl + +- Update to 3.10.0rc1 (the penultimate prerelease), which contains + plenty of small bugfixes among others: + - bpo#38605: from __future__ import annotations (PEP 563) used to be + on this list in previous pre-releases but it has been postponed to + Python 3.11 due to some compatibility concerns. + - bpo-44600: Fix incorrect line numbers while tracing some failed + patterns in match statements. Patch by Charles Burkland. + - plenty of modifications in types.Union + +------------------------------------------------------------------- +Wed Jul 21 13:44:48 UTC 2021 - Matej Cepl + +- Update to 3.10.0b4: + https://docs.python.org/3.10/whatsnew/changelog.html#python-3-10-0-beta-4 +- Remove python3-imp-returntype.patch which has been upstreamed. + +------------------------------------------------------------------- +Mon Jun 7 15:52:44 UTC 2021 - Matej Cepl + +- Update to 3.10.0b2: + - PEP 623 -- Deprecate and prepare for the removal of the wstr + member in PyUnicodeObject. + - PEP 604 -- Allow writing union types as X | Y + - PEP 612 -- Parameter Specification Variables + - PEP 626 -- Precise line numbers for debugging and other + tools. + - PEP 618 -- Add Optional Length-Checking To zip. + - bpo-12782: Parenthesized context managers are now officially + allowed. + - PEP 632 -- Deprecate distutils module. + - PEP 613 -- Explicit Type Aliases + - PEP 634 -- Structural Pattern Matching: Specification + - PEP 635 -- Structural Pattern Matching: Motivation and + Rationale + - PEP 636 -- Structural Pattern Matching: Tutorial + - PEP 644 -- Require OpenSSL 1.1.1 or newer + - PEP 624 -- Remove Py_UNICODE encoder APIs + - PEP 597 -- Add optional EncodingWarning +- Removed patches (assumed upstream): + - sphinx-update-removed-function.patch + +------------------------------------------------------------------- +Sat Jun 5 21:21:38 UTC 2021 - Matej Cepl + +- Revert previous skip over test_capi +- Add skip-test_pyobject_freed_is_freed.patch to skip failing + test on SLE-15. + +------------------------------------------------------------------- +Fri Jun 4 21:36:30 UTC 2021 - Dirk Müller + +- allow build with Sphinx >= 3.x + +------------------------------------------------------------------- +Wed Jun 2 13:12:04 UTC 2021 - Dan Čermák + +- Exclude test_capi on Leap (test fails there) + +------------------------------------------------------------------- +Fri May 21 15:13:59 UTC 2021 - Matej Cepl + +- Stop providing "python" symbol (bsc#1185588), which means + python2 currently. + +------------------------------------------------------------------- +Wed May 5 15:16:58 UTC 2021 - Matej Cepl + +- Update to 3.9.5: + * Security + - bpo-43434: Creating a sqlite3.Connection object now also + produces a sqlite3.connect auditing event. Previously this + event was only produced by sqlite3.connect() calls. Patch + by Erlend E. Aasland. + - bpo-43882: The presence of newline or tab characters in + parts of a URL could allow some forms of attacks. + - Following the controlling specification for URLs defined by + WHATWG urllib.parse() now removes ASCII newlines and tabs + from URLs, preventing such attacks. + - bpo-43472: Ensures interpreter-level audit hooks receive + the cpython.PyInterpreterState_New event when called + through the _xxsubinterpreters module. + - bpo-36384: ipaddress module no longer accepts any leading + zeros in IPv4 address strings. Leading zeros are ambiguous + and interpreted as octal notation by some libraries. For + example the legacy function socket.inet_aton() treats + leading zeros as octal notatation. glibc implementation of + modern inet_pton() does not accept any leading zeros. For + a while the ipaddress module used to accept ambiguous + leading zeros. + - bpo-43075: Fix Regular Expression Denial of Service (ReDoS) + vulnerability in urllib.request.AbstractBasicAuthHandler. + The ReDoS-vulnerable regex has quadratic worst-case + complexity and it allows cause a denial of service when + identifying crafted invalid RFCs. This ReDoS issue is on + the client side and needs remote attackers to control the + HTTP server. + - bpo-42800: Audit hooks are now fired for frame.f_code, + traceback.tb_frame, and generator code/frame attribute + access. + * Core and Builtins + - bpo-43105: Importlib now resolves relative paths when + creating module spec objects from file locations. + - bpo-42924: Fix bytearray repetition incorrectly copying + data from the start of the buffer, even if the data is + offset within the buffer (e.g. after reassigning a slice at + the start of the bytearray to a shorter byte string). + * Library + - bpo-43993: Update bundled pip to 21.1.1. + - bpo-43937: Fixed the turtle module working with non-default + root window. + - bpo-43930: Update bundled pip to 21.1 and setuptools to + 56.0.0 + - bpo-43920: OpenSSL 3.0.0: load_verify_locations() now + returns a consistent error message when cadata contains no + valid certificate. + - bpo-43607: urllib can now convert Windows paths with \\?\ + prefixes into URL paths. + - bpo-43284: platform.win32_ver derives the windows version + from sys.getwindowsversion().platform_version which in turn + derives the version from kernel32.dll (which can be of + a different version than Windows itself). Therefore change + the platform.win32_ver to determine the version using the + platform module’s _syscmd_ver private function to return an + accurate version. + - bpo-42248: [Enum] ensure exceptions raised in _missing__ + are released + - bpo-43799: OpenSSL 3.0.0: define OPENSSL_API_COMPAT 1.1.1 + to suppress deprecation warnings. Python requires OpenSSL + 1.1.1 APIs. + - bpo-43794: Add ssl.OP_IGNORE_UNEXPECTED_EOF constants + (OpenSSL 3.0.0) + - bpo-43789: OpenSSL 3.0.0: Don’t call the password callback + function a second time when first call has signaled an + error condition. + - bpo-43788: The header files for ssl error codes are now + OpenSSL version-specific. Exceptions will now show correct + reason and library codes. The make_ssl_data.py script has + been rewritten to use OpenSSL’s text file with error codes. + - bpo-43655: tkinter dialog windows are now recognized as + dialogs by window managers on macOS and X Window. + - bpo-43534: turtle.textinput() and turtle.numinput() create + now a transient window working on behalf of the canvas + window. + - bpo-43522: Fix problem with hostname_checks_common_name. + OpenSSL does not copy hostflags from struct SSL_CTX to + struct SSL. + - bpo-42967: Allow bytes separator argument in + urllib.parse.parse_qs and urllib.parse.parse_qsl when + parsing str query strings. Previously, this raised + a TypeError. + - bpo-43176: Fixed processing of a dataclass that inherits + from a frozen dataclass with no fields. It is now correctly + detected as an error. + - bpo-41735: Fix thread locks in zlib module may go wrong in + rare case. Patch by Ma Lin. + - bpo-36470: Fix dataclasses with InitVars and replace(). + Patch by Claudiu Popa. + - bpo-32745: Fix a regression in the handling of ctypes’ + ctypes.c_wchar_p type: embedded null characters would cause + a ValueError to be raised. Patch by Zackery Spytz. + * Documentation + - bpo-43959: The documentation on the PyContextVar C-API was + clarified. + - bpo-43938: Update dataclasses documentation to express that + FrozenInstanceError is derived from AttributeError. + - bpo-43755: Update documentation to reflect that + unparenthesized lambda expressions can no longer be the + expression part in an if clause in comprehensions and + generator expressions since Python 3.9. + - bpo-43739: Fixing the example code in + Doc/extending/extending.rst to declare and initialize the + pmodule variable to be of the right type. + * Tests + - bpo-43961: Fix + test_logging.test_namer_rotator_inheritance() on Windows: + use os.replace() rather than os.rename(). Patch by Victor + Stinner. + - bpo-43842: Fix a race condition in the SMTP test of + test_logging. Don’t close a file descriptor (socket) from + a different thread while asyncore.loop() is polling the + file descriptor. Patch by Victor Stinner. + - bpo-43811: Tests multiple OpenSSL versions on GitHub + Actions. Use ccache to speed up testing. + - bpo-43791: OpenSSL 3.0.0: Disable testing of legacy + protocols TLS 1.0 and 1.1. Tests are failing with + TLSV1_ALERT_INTERNAL_ERROR. +- Refreshed patches: + - bpo-31046_ensurepip_honours_prefix.patch + - python-3.3.0b1-fix_date_time_compiler.patch +- Add vendorized files from bluez-devel to enable building support for + Bluetooth. + +------------------------------------------------------------------- +Sun May 2 09:20:06 UTC 2021 - Ben Greiner + +- Make sure to close the import_failed.map file after the exception + has been raised in order to avoid ResourceWarnings when the + failing import is part of a try...except block. + +------------------------------------------------------------------- +Wed Apr 28 16:39:54 UTC 2021 - Matej Cepl + +- Update to 3.9.4: + - bpo#43710: Reverted the fix for https://bugs.python.org/issue42500 + as it changed the PyThreadState struct size and broke the 3.9.x ABI + in the 3.9.3 release (visible on 32-bit platforms using binaries + compiled using an earlier version of Python 3.9.x headers). + - bpo#26053: Fixed bug where the pdb interactive run command echoed + the args from the shell command line, even if those have been + overridden at the pdb prompt. + - bpo#42988 (bsc#1183374) CVE-2021-3426: Remove the getfile + feature of the pydoc module which could be abused to read + arbitrary files on the disk (directory traversal + vulnerability). Moreover, even source code of Python modules + can contain sensitive data like passwords. Vulnerability + reported by David Schwörer. + - bpo#43285: ftplib no longer trusts the IP address value + returned from the server in response to the PASV command by + default. This prevents a malicious FTP server from using the + response to probe IPv4 address and port combinations on the + client network. Code that requires the former vulnerable + behavior may set a trust_server_pasv_ipv4_address attribute + on their ftplib.FTP instances to True to re-enable it. + - bpo#43439: Add audit hooks for gc.get_objects(), + gc.get_referrers() and gc.get_referents(). Patch by Pablo + Galindo. + - bpo#43660: Fix crash that happens when replacing sys.stderr + with a callable that can remove the object while an exception + is being printed. Patch by Pablo Galindo. + - bpo#43555: Report the column offset for SyntaxError for + invalid line continuation characters. Patch by Pablo Galindo. + - bpo#43517: Fix misdetection of circular imports when using + from pkg.mod import attr, which caused false positives in + non-trivial multi-threaded code. + - bpo#35883: Python no longer fails at startup with a fatal + error if a command line argument contains an invalid Unicode + character. The Py_DecodeLocale() function now escapes byte + sequences which would be decoded as Unicode characters + outside the [U+0000; U+10ffff] range. + - bpo#43406: Fix a possible race condition where + PyErr_CheckSignals tries to execute a non-Python signal + handler. + - bpo#42500: Improve handling of exceptions near recursion + limit. Converts a number of Fatal Errors in RecursionErrors. + - bpo#43433: xmlrpc.client.ServerProxy no longer ignores query + and fragment in the URL of the server. + - bpo#35930: Raising an exception raised in a “future” instance + will create reference cycles. + - bpo#43577: Fix deadlock when using ssl.SSLContext debug + callback with ssl.SSLContext.sni_callback(). + - bpo#43521: ast.unparse can now render NaNs and empty sets. + - bpo#43423: subprocess.communicate() no longer raises an + IndexError when there is an empty stdout or stderr IO buffer + during a timeout on Windows. + - bpo#27820: Fixed long-standing bug of smtplib.SMTP where + doing AUTH LOGIN with initial_response_ok=False will fail. + The cause is that SMTP.auth_login _always_ returns a password + if provided with a challenge string, thus non-compliant with + the standard for AUTH LOGIN. Also fixes bug with the test for + smtpd. + - bpo#43332: Improves the networking efficiency of http.client + when using a proxy via set_tunnel(). Fewer small send calls + are made during connection setup. + - bpo#43399: Fix ElementTree.extend not working on iterators + when using the Python implementation + - bpo#43316: The python -m gzip command line application now + properly fails when detecting an unsupported extension. It + exits with a non-zero exit code and prints an error message + to stderr. + - bpo#43260: Fix TextIOWrapper can not flush internal buffer + forever after very large text is written. + - bpo#42782: Fail fast in shutil.move() to avoid creating + destination directories on failure. + - bpo#37193: Fixed memory leak in socketserver.ThreadingMixIn + introduced in Python 3.7. + - bpo#43199: Answer “Why is there no goto?” in the Design and + History FAQ. + - bpo#43407: Clarified that a result from time.monotonic(), + time.perf_counter(), time.process_time(), or + time.thread_time() can be compared with the result from any + following call to the same function - not just the next + immediate call. + - bpo#27646: Clarify that ‘yield from ’ works with any + iterable, not just iterators. + - bpo#36346: Update some deprecated unicode APIs which are + documented as “will be removed in 4.0” to “3.12”. See PEP 623 + for detail. + - bpo#37945: Fix test_getsetlocale_issue1813() of test_locale: + skip the test if setlocale() fails. Patch by Victor Stinner. + - bpo#41561: Add workaround for Ubuntu’s custom OpenSSL + security level policy. + - bpo#43288: Fix test_importlib to correctly skip Unicode file + tests if the fileystem does not support them. + - bpo#43617: Improve configure.ac: Check for presence of + autoconf-archive package and remove our copies of M4 macros. + - bpo#42225: Document that IDLE can fail on Unix either from + misconfigured IP masquerage rules or failure displaying + complex colored (non-ascii) characters. + - bpo#43283: Document why printing to IDLE’s Shell is often + slower than printing to a system terminal and that it can be + made faster by pre-formatting a single string before + printing. + +------------------------------------------------------------------- +Fri Feb 19 16:58:38 UTC 2021 - Matej Cepl + +- Update to 3.9.2: + - bpo#42938 (bsc#1181126): Avoid static buffers when computing + the repr of ctypes.c_double and ctypes.c_longdouble + values. This issue was assigned CVE-2021-3177. + - bpo#42967 (bsc#1182379): Fix web cache poisoning + vulnerability by defaulting the query args separator to &, + and allowing the user to choose a custom separator. This + issue was assigned CVE-2021-23336. +- Upstreamed patches were removed: + - CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch + - bsc1167501-invalid-alignment.patch + - skip_random_failing_tests.patch + - CVE-2019-5010-null-defer-x509-cert-DOS.patch + +------------------------------------------------------------------- +Tue Feb 9 01:37:59 UTC 2021 - Steve Kowalik + +- Add Obsoletes for python3-base when primary interpreter is set to + properly replace it during upgrades. (bsc#1181324) + +------------------------------------------------------------------- +Mon Feb 8 22:02:03 UTC 2021 - Matej Cepl + +- Update to 3.9.1: + Security bugs: + - Prevented potential DoS attack via CPU and RAM exhaustion + when processing malformed Apple Property List files in binary + format. + - The plistlib module no longer accepts entity declarations in + XML plist files to avoid XML vulnerabilities. This should not + affect users as entity declarations are not used in regular + plist files. + - Add volatile to the accumulator variable in + hmac.compare_digest, making constant-time-defeating + optimizations less likely. + Core and Builtins + - Allow assignment expressions in set literals and set + comprehensions as per PEP 572. Patch by Pablo Galindo. + - Fix a regression introduced by the new parser, where an + unparenthesized walrus operator was not allowed within + generator expressions. + - types.GenericAlias objects can now be the targets of + weakrefs. + - Fixed a bug in the PEG parser that was causing crashes in + debug mode. Now errors are checked in left-recursive rules to + avoid cases where such errors do not get handled in time and + appear as long-distance crashes in other places. + - Fixed a possible crash in the PEG parser when checking for + the ‘!=’ token in the barry_as_flufl rule. Patch by Pablo + Galindo. + - Fix handling of errors during creation of PyFunctionObject, + which resulted in operations on uninitialized memory. Patch + by Yonatan Goldschmidt. + - Fix a bug in the parser, where a curly brace following + a primary didn’t fail immediately. This led to invalid + expressions like a {b} to throw a SyntaxError with a wrong + offset, or invalid expressions ending with a curly brace like + a { to not fail immediately in the REPL. + - Fix possible buffer overflow in the new parser when checking + for continuation lines. Patch by Pablo Galindo. + - Run the parser two times. On the first run, disable all the + rules that only generate better error messages to gain + performance. If there’s a parse failure, run the parser + a second time with those enabled. + - Document the default implementation of object.__eq__. + - Fix peephole optimizer misoptimize conditional jump + + JUMP_IF_NOT_EXC_MATCH pair. + - The garbage collector now tracks all user-defined classes. + Patch by Brandt Bucher. + - Fixed potential issues with removing not completely + initialized module from sys.modules when import fails. + - Star-unpacking is now allowed for with item’s targets in the + PEG parser. + - Fixed stack overflow in issubclass() and isinstance() when + getting the __bases__ attribute leads to infinite recursion. + - When loading a native module and a load failure occurs, + prevent a possible UnicodeDecodeError when not running in + a UTF-8 locale by decoding the load error message using the + current locale’s encoding. + - Correctly count control blocks in ‘except’ in compiler. + Ensures that a syntax error, rather a fatal error, occurs for + deeply nested, named exception handlers. + Library + - types.GenericAlias will now raise a TypeError when attempting + to initialize with a keyword argument. Previously, this would + cause the interpreter to crash if the interpreter was + compiled with debug symbols. This does not affect + interpreters compiled for release. Patch by Ken Jin. + - CGIHTTPRequestHandler.run_cgi() HTTP_ACCEPT improperly + parsed. Replace the special purpose getallmatchingheaders + with generic get_all method and add relevant tests. + - inspect.findsource() now raises OSError instead of IndexError + when co_lineno of a code object is greater than the file + length. This can happen, for example, when a file is edited + after it was imported. PR by Irit Katriel. + - Fix handling of trailing comments by inspect.getsource(). + - ChainMap.__iter__ no longer calls __getitem__ on underlying + maps + - TracebackException no longer holds a reference to the + exception’s traceback object. Consequently, instances of + TracebackException for equivalent but non-equal exceptions + now compare as equal. + - We fixed an issue in pickle.whichmodule in which importing + multiprocessing could change the how pickle identifies which + module an object belongs to, potentially breaking the + unpickling of those objects. + - Clarify the error message for asyncio.IncompleteReadError + when expected is None. + - Extracting a symlink from a tarball should succeed and + overwrite the symlink if it already exists. The fix is to + remove the existing file or symlink before extraction. Based + on patch by Chris AtLee, Jeffrey Kintscher, and Senthil + Kumaran. + - Fixed tkinter.ttk.Style.map(). The function accepts now the + representation of the default state as empty sequence (as + returned by Style.map()). The structure of the result is now + the same on all platform and does not depend on the value of + wantobjects. + - Fix various issues with typing.Literal parameter handling + (flatten, deduplicate, use type to cache key). Patch provided + by Yurii Karabas. + - Fix the threading.Thread class at fork: do nothing if the + thread is already stopped (ex: fork called at Python exit). + Previously, an error was logged in the child process. + - The onerror callback from shutil.rmtree now receives correct + function when os.open fails. + - Fix os.sendfile() on illumos. + - Fixed writing binary Plist files larger than 4 GiB. + - The repr() of typing types containing Generic Alias Types + previously did not show the parameterized types in the + GenericAlias. They have now been changed to do so. + - webbrowser: Ignore NotADirectoryError when calling + xdg-settings. + - binhex.binhex() consisently writes macOS 9 line endings. + - Fix a stack overflow error for asyncio Task or Future repr(). + - The overflow occurs under some circumstances when a Task or + Future recursively returns itself. + - Fix memory leak in subprocess.Popen() in case an uid (gid) + specified in user (group, extra_groups) overflows uid_t + (gid_t). + - Improve asyncio.wait function to create the futures set just + one time. + - InvalidFileException and RecursionError are now the only + errors caused by loading malformed binary Plist file + (previously ValueError and TypeError could be raised in some + specific cases). + - Pickling heap types implemented in C with protocols 0 and + 1 raises now an error instead of producing incorrect data. + - plistlib: fix parsing XML plists with hexadecimal integer + values + - Fix an incorrectly formatted error from + _codecs.charmap_decode() when called with a mapped value + outside the range of valid Unicode code points. PR by Max + Bernstein. + - Fix pickling pure Python datetime.time subclasses. Patch by + Dean Inwood. + - Fixed a bug that was causing ctypes.util.find_library() to + return None when triying to locate a library in an + environment when gcc>=9 is available and ldconfig is not. + Patch by Pablo Galindo + - C14N 2.0 serialisation in xml.etree.ElementTree failed for + unprefixed attributes when a default namespace was defined. + - Fix a bug in the symtable module that was causing + module-scope global variables to not be reported as both + local and global. Patch by Pablo Galindo. + - str() for the type attribute of the tkinter.Event object + always returns now the numeric code returned by Tk instead of + the name of the event type. + - fix tkinter.EventType Enum so all members are strings, and + none are tuples + - Fix SQLite3 segfault when backing up closed database. Patch + contributed by Peter David McCormick. + - Fix the tarfile module to write only basename of TAR file to + GZIP compression header. + - Allow ctypes.wintypes to be imported on non-Windows systems. + - shutil.which() now ignores empty entries in PATHEXT instead + of treating them as a match. + - Fix time-of-check/time-of-action issue in + subprocess.Popen.send_signal. + - Fix --outfile for cProfile / profile not writing the output + file in the original directory when the program being + profiled changes the working directory. PR by Anthony + Sottile. + - ZipFile truncates files to avoid corruption when a shorter + comment is provided in append (“a”) mode. Patch by Jan Mazur. + - Fixed KeyError exception when flattening an email to a string + attempts to replace a non-existent Content-Transfer-Encoding + header. + Documentation + - Fix the URL for the IMAP protocol documents. + - Document __format__ functionality for IP addresses. + - Clarify that subscription expressions are also valid for + certain classes and types in the standard library, and for + user-defined classes and types if the classmethod + __class_getitem__() is provided. + - Documented generic alias type and types.GenericAlias. Also + added an entry in glossary for generic types. + - In Programming FAQ “Sequences (Tuples/Lists)” section, add + “How do you remove multiple items from a list”. + - Fix RemovedInSphinx40Warning when building the documentation. + Patch by Dong-hee Na. + - Update the refcounts info of PyType_FromModuleAndSpec. + - Fix tarfile’s extractfile documentation + - Document some restrictions on the default string + representations of numeric classes. + Tests + - Reenable test_gdb on gdb 9.2 and newer: + https://bugzilla.redhat.com/show_bug.cgi?id=1866884 bug is + fixed in gdb 10.1. + - Fix test_asyncio.test_call_later() race condition: don’t + measure asyncio performance in the call_later() unit test. + The test failed randomly on the CI. + - Include _testinternalcapi module in Windows installer for + test suite + - Fix test_logging.test_race_between_set_target_and_flush(): + the test now waits until all threads complete to avoid + leaking running threads. + - Avoid a test failure in test_lib2to3 if the module has + already imported at the time the test executes. Patch by + Pablo Galindo. + - Tests for CJK codecs no longer call eval() on content + received via HTTP. + - Fix test_site.test_license_exists_at_url(): call + urllib.request.urlcleanup() to reset the global + urllib.request._opener. Patch by Victor Stinner. + - test_ssl: skip test_min_max_version_mismatch when TLS 1.0 is + not available + - Add tests for SIGINT handling in the runpy module. + - Fixed a failure in test_tk.test_widgets.ScaleTest happening + when executing the test with Tk 8.6.10. + Build + - Fix a race condition in “make regen-all” when make -jN option + is used to run jobs in parallel. The clinic.py script now + only use atomic write to write files. Moveover, generated + files are now left unchanged if the content does not change, + to not change the file modification time. + - Update Py_UNREACHABLE to use __builtin_unreachable() if only + the compiler is able to use it. Patch by Dong-hee Na. + - Addressed three compiler warnings found by undefined behavior + sanitizer (ubsan). + IDLE + - Fix reporting offset of the RE error in searchengine. + - Get docstrings for IDLE calltips more often by using + inspect.getdoc. + - Mostly finish using ttk widgets, mainly for editor, settings, + and searches. Some patches by Mark Roseman. + - Use ‘IDLE Shell’ as shell title + - Rewrite the Calltips doc section. + - In calltips, stop reminding that ‘/’ marks the end of + positional-only arguments. + - Typing opening and closing parentheses inside the parentheses + of a function call will no longer cause unnecessary + “flashing” off and on of an existing open call-tip, e.g. when + typed in a string literal. + C API + - Fix potential crash in deallocating method objects when + dynamically allocated PyMethodDef’s lifetime is managed + through the self argument of a PyCFunction. + - Py_FileSystemDefaultEncodeErrors and Py_UTF8Mode are + available again in limited API. +- Readjustet and reapplied patches: + - CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch + - bpo-31046_ensurepip_honours_prefix.patch + - python-3.3.0b1-fix_date_time_compiler.patch + - skip_random_failing_tests.patch + - sphinx-update-removed-function.patch + +------------------------------------------------------------------- +Fri Jan 29 17:22:48 UTC 2021 - Matej Cepl + +- Add CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch fixing + bsc#1181126 (CVE-2021-3177) buffer overflow in PyCArg_repr in + _ctypes/callproc.c, which may lead to remote code execution. + +------------------------------------------------------------------- +Tue Jan 5 09:15:36 UTC 2021 - Matej Cepl + +- (bsc#1180125) We really don't Require python-rpm-macros package. + Unnecessary dependency. + +------------------------------------------------------------------- +Wed Dec 16 16:08:42 UTC 2020 - Matej Cepl + +- Make python39-doc building again +- Add no-skipif-doctests.patch, because SLE-15 version of Sphinx + doesn't know about skipif directive in doctests. + +------------------------------------------------------------------- +Sat Dec 12 14:29:33 UTC 2020 - Matej Cepl + +- Update sphinx-update-removed-function.patch patch to the latest + version in python36. + +------------------------------------------------------------------- +Thu Dec 10 00:26:51 UTC 2020 - Benjamin Greiner + +- Last try before this results in an editwar: + * remove importlib_resources and importlib-metadata + provides/obsoletes + * import importlib_resources is not the same as + import importlib.resources, same for metadata + * The backport packages from PyPI needed for older flavors are + specified as such for setuptools or in pyproject.toml. If a + package requires them they typically add them with a python + version qualifier and the packages have their own version + numbers. + +------------------------------------------------------------------- +Sat Dec 5 16:55:12 UTC 2020 - Matej Cepl + +- Add patch sphinx-update-removed-function.patch to no longer call + a now removed function and to make documentation build independent of + the Sphinx version (bsc#1179630, gh#python/cpython#13236). + +------------------------------------------------------------------- +Fri Nov 13 17:20:08 UTC 2020 - Matej Cepl + +- Don't require packages which break build on SLE-15 although we really + don't need them (python3-python-docs-theme and + python3-sphinxcontrib-qthelp). + +------------------------------------------------------------------- +Fri Oct 9 16:05:50 UTC 2020 - Dominique Leuenberger + +- Fix build with RPM 4.16: error: bare words are no longer + supported, please use "...": x86 == ppc. + +------------------------------------------------------------------- +Tue Oct 6 07:30:56 UTC 2020 - Matej Cepl + +- Update to the final version 3.9.0: + Complete changelog with all (many) + changes from previous version is on + https://docs.python.org/release/3.9.0/whatsnew/3.9.html + Changes from the previous RC versions (not that many) are on + https://docs.python.org/release/3.9.0/whatsnew/changelog.html#changelog + +------------------------------------------------------------------- +Fri Sep 25 06:58:03 UTC 2020 - Dominique Leuenberger + +- Buildrequire timezone only for general flavor. It's used in this + flavor for the test suite. + +------------------------------------------------------------------- +Wed Sep 2 14:39:44 UTC 2020 - Matej Cepl + +- Update to 3.9.0rc1: + * Core and Builtins + - bpo-38156: Handle interrupts that come after EOF + correctly in PyOS_StdioReadline. + * Library + - bpo-41497: Fix potential UnicodeDecodeError in dis + module. + - bpo-41490: Update ensurepip to install pip 20.2.1 and + setuptools 49.2.1. + - bpo-41467: On Windows, fix asyncio recv_into() return + value when the socket/pipe is closed (BrokenPipeError): + return 0 rather than an empty byte string (b''). + - bpo-41425: Make tkinter doc example runnable. + - bpo-41384: Raise TclError instead of TypeError when an + unknown option is passed to tkinter.OptionMenu. + - bpo-38731: Fix NameError in command-line interface of + py_compile. + - bpo-41317: Use add_done_callback() in + asyncio.loop.sock_accept() to unsubscribe reader early on + cancellation. + - bpo-41364: Reduce import overhead of uuid. + - bpo-41341: Recursive evaluation of typing.ForwardRef in + get_type_hints. + - bpo-41182: selector: use DefaultSelector based upon + implementation + - bpo-40726: Handle cases where the end_lineno is None on + ast.increment_lineno(). + * Documentation + - bpo-41045: Add documentation for debug feature of + f-strings. + - bpo-41314: Changed the release when from __future__ + import annotations becomes the default from 4.0 to 3.10 + (following a change in PEP 563). + * Windows + - bpo-41492: Fixes the description that appears in UAC + prompts. + - bpo-40948: Improve post-install message to direct people + to the “py” command. + - bpo-41412: The installer will now fail to install on + Windows 7 and Windows 8. Further, the UCRT dependency is + now always downloaded on demand. + - bpo-40741: Update Windows release to include SQLite + 3.32.3. + * IDLE + - bpo-41468: Improve IDLE run crash error message (which + users should never see). + - bpo-41373: Save files loaded with no line ending, as when + blank, or different line endings, by setting its line + ending to the system default. Fix regression in 3.8.4 and + 3.9.0b4. + +------------------------------------------------------------------- +Tue Sep 1 10:15:06 UTC 2020 - Matej Cepl + +- Synchronize formatting and fixes with python38. + +------------------------------------------------------------------- +Thu Aug 20 15:41:28 UTC 2020 - Andreas Schwab + +- Increase testsuite timeout to account for super long running + test_peg_generator + +------------------------------------------------------------------- +Tue Jul 21 09:53:06 UTC 2020 - Callum Farmer + +- Removed CVE-2019-20907_tarfile-inf-loop.patch: fixed in upstream +- Removed recursion.tar: contained in upstream +- Update to 3.9.0b5: + - bpo-41304: Fixes python3x._pth being ignored on Windows, caused + by the fix for bpo-29778 (CVE-2020-15801). + - bpo-41162: Audit hooks are now cleared later during + finalization to avoid missing events. + - bpo-29778: Ensure python3.dll is loaded from correct locations + when Python is embedded (CVE-2020-15523). + - bpo-39603: Prevent http header injection by rejecting control + characters in http.client.putrequest(…). + - bpo-41295: Resolve a regression in CPython 3.8.4 where defining + “__setattr__” in a multi-inheritance setup and + calling up the hierarchy chain could fail if builtins/extension + types were involved in the base types. + - bpo-41247: Always cache the running loop holder when running + asyncio.set_running_loop. + - bpo-41252: Fix incorrect refcounting in + _ssl.c’s _servername_callback(). + - bpo-41215: Use non-NULL default values in the PEG parser + keyword list to overcome a bug that was ' + preventing Python from being properly compiled when using the + XLC compiler. Patch by Pablo Galindo. + - bpo-41218: Python 3.8.3 had a regression where compiling with + ast.PyCF_ALLOW_TOP_LEVEL_AWAIT would + aggressively mark list comprehension with CO_COROUTINE. Now only + list comprehension making use of async/await will tagged as so. + - bpo-41175: Guard against a NULL pointer dereference within + bytearrayobject triggered by the bytearray() + bytearray() operation. + - bpo-39960: The “hackcheck” that prevents sneaking around a type’s + __setattr__() by calling the superclass method was + rewritten to allow C implemented heap types. + - bpo-41288: Unpickling invalid NEWOBJ_EX opcode with the + C implementation raises now UnpicklingError instead of crashing. + - bpo-39017: Avoid infinite loop when reading specially crafted + TAR files using the tarfile module (CVE-2019-20907, bsc#1174091). + - bpo-41235: Fix the error handling in ssl.SSLContext.load_dh_params(). + - bpo-41207: In distutils.spawn, restore expectation that + DistutilsExecError is raised when the command is not found. + - bpo-39168: Remove the __new__ method of typing.Generic. + - bpo-41194: Fix a crash in the _ast module: it can no longer be + loaded more than once. It now uses a global state rather than a module state. + - bpo-39384: Fixed email.contentmanager to allow set_content() to set a + null string. + - bpo-41300: Save files with non-ascii chars. + Fix regression released in 3.9.0b4 and 3.8.4. + - bpo-37765: Add keywords to module name completion list. + Rewrite Completions section of IDLE doc. + - bpo-40170: Revert PyType_HasFeature() change: it reads + again directly the PyTypeObject.tp_flags + member when the limited C API is not used, rather than always calling + PyType_GetFlags() which hides implementation details. + +------------------------------------------------------------------- +Mon Jul 20 12:06:41 UTC 2020 - Matej Cepl + +- Add CVE-2019-20907_tarfile-inf-loop.patch fixing bsc#1174091 + (CVE-2019-20907, bpo#39017) avoiding possible infinite loop + in specifically crafted tarball. + Add recursion.tar as a testing tarball for the patch. + +------------------------------------------------------------------- +Fri Jul 17 07:07:19 UTC 2020 - Callum Farmer + +- Changed bpo-31046_ensurepip_honours_prefix.patch to include fix from py3.8 + +------------------------------------------------------------------- +Thu Jul 16 21:45:50 UTC 2020 - Callum Farmer + +- Spec file fixes +- Re-added subprocess-raise-timeout.patch: now compatible +- Removed bpo34022-stop_hash-based_invalidation_w_SOURCE_DATE_EPOCH.patch: contained in upstream + +------------------------------------------------------------------- +Wed Jul 15 09:10:42 UTC 2020 - Tomáš Chvátal + +- Fix minor issues found in the staging. + +------------------------------------------------------------------- +Wed Jul 15 06:13:33 UTC 2020 - Tomáš Chvátal + +- Do not set ourselves as primary interpreter + +------------------------------------------------------------------- +Tue Jul 14 20:45:11 UTC 2020 - Matej Cepl + +- Update to 3.9.0b4: + - PEP 584, Union Operators in dict + - PEP 585, Type Hinting Generics In Standard Collections + - PEP 593, Flexible function and variable annotations + - PEP 602, Python adopts a stable annual release cadence + - PEP 615, Support for the IANA Time Zone Database in the + Standard Library + - PEP 616, String methods to remove prefixes and suffixes + - PEP 617, New PEG parser for CPython + - bpo#38379, garbage collection does not block on resurrected + objects; + - bpo#38692, os.pidfd_open added that allows process + management without races and signals; + - bpo#39926, Unicode support updated to version 13.0.0; + - bpo#1635741, when Python is initialized multiple times in + the same process, it does not leak memory anymore; + - A number of Python builtins (range, tuple, set, frozenset, + list, dict) are now sped up using PEP 590 vectorcall; + - A number of Python modules (_abc, audioop, _bz2, _codecs, + _contextvars, _crypt, _functools, _json, _locale, operator, + resource, time, _weakref) now use multiphase initialization + as defined by PEP 489; + - A number of standard library modules (audioop, ast, grp, + _hashlib, pwd, _posixsubprocess, random, select, struct, + termios, zlib) are now using the stable ABI defined by + PEP 384. +- Remove upstreamed patches: + - F00102-lib64.patch + - SUSE-FEDORA-multilib.patch + - OBS_dev-shm.patch + - subprocess-raise-timeout.patch + - bpo36302-sort-module-sources.patch + - bpo40784-Fix-sqlite3-deterministic-test.patch + +------------------------------------------------------------------- +Fri Jul 10 10:55:15 UTC 2020 - Tomáš Chvátal + +- Update pre_checkin.sh and regenerate + +------------------------------------------------------------------- +Fri Jul 10 10:11:39 UTC 2020 - Tomáš Chvátal + +- Convert few dependencies to their pkgconfig counterparts + +------------------------------------------------------------------- +Fri Jul 10 10:08:48 UTC 2020 - Tomáš Chvátal + +- Remove release requirement on libpython, it is not really needed + to be equal as the abi changes with versions + +------------------------------------------------------------------- +Fri Jul 10 10:07:50 UTC 2020 - Tomáš Chvátal + +- Add provides python3-bla on all the subpkgs in case we are + primary provider of the functionality + +------------------------------------------------------------------- +Fri Jul 10 10:02:01 UTC 2020 - Tomáš Chvátal + +- Remove unversioned files from devel subpkg too +- Remove main python3 files from -base based whether we are + primary interpreter or not +- Fix idle to be co-installable +- Add condition to be primary to provide/obsolete python3-* +- Fix doc to build in versioned folder so the pythons can be + installed next to each other + +------------------------------------------------------------------- +Fri Jul 10 07:57:10 UTC 2020 - Tomáš Chvátal + +- Revert the full versioning of calls on the macros. These + are generic so they should really just call python3 X + +------------------------------------------------------------------- +Fri Jul 10 07:56:11 UTC 2020 - Tomáš Chvátal + +- For the doc package we can build with generic flavor, we don't + need the our-interpreter based one + +------------------------------------------------------------------- +Fri Jul 10 07:18:53 UTC 2020 - Tomáš Chvátal + +- Add provides for pytohn3X-typing/etc to allow BR on those still + to work when needed + +------------------------------------------------------------------- +Fri Jul 10 07:14:33 UTC 2020 - Tomáš Chvátal + +- Change macros.python3 to use full versioned 3.8 instead of just 3 + for python interpreter + +------------------------------------------------------------------- +Wed Jul 1 11:50:19 UTC 2020 - Tomáš Chvátal + +- Reduce some now unused conditionals + +------------------------------------------------------------------- +Wed Jul 1 11:00:40 UTC 2020 - Tomáš Chvátal + +- Redux the -base dependencies to match up pre-merge layout + +------------------------------------------------------------------- +Wed Jul 1 09:24:39 UTC 2020 - Tomáš Chvátal + +- Generate baselibs in pre-checkin too + +------------------------------------------------------------------- +Wed Jul 1 09:14:33 UTC 2020 - Tomáš Chvátal + +- Generate the importlib-failed using pre_checking again +- Add back the information about skipped tests on the pre_checkin + output + +------------------------------------------------------------------- +Tue Jun 30 07:11:19 UTC 2020 - Tomáš Chvátal + +- Use %python_pkg_name instead of hardcoding python3 where + applicable +- Sort out preamble with spec-cleaner + +------------------------------------------------------------------- +Mon Jun 29 14:36:10 UTC 2020 - Matej Cepl + +- Calculate required variables instead of relying on their continuous manual update + +------------------------------------------------------------------- +Thu Jun 25 10:44:08 UTC 2020 - Tomáš Chvátal + +- Fix the -base module build again to generate only the deps + we need + +------------------------------------------------------------------- +Wed Jun 17 18:42:51 UTC 2020 - Matej Cepl + +- Replace OBS_dev-shm.patch with the upstream PR#20944 + +------------------------------------------------------------------- +Thu Jun 10 14:30:15 UTC 2020 - Tomáš Chvátal + +- Use the %{python_pkg_name} on more places to allow easier + multiversioning +- Switch to _multibuild approach for easier maintenance of this + package. All is now in one spec file with 3 conditionals: + * bcond_with base + * bcond_with doc + * bcond_with general + +------------------------------------------------------------------- +Mon Jun 8 14:26:00 UTC 2020 - Matej Cepl + +- add requires python3-base on libpython subpackage (bsc#1167008) + +------------------------------------------------------------------- +Fri Jun 5 06:08:12 UTC 2020 - Dirk Mueller + +- build against Sphinx 2.x until python is compatible with + Sphinx 3.x (see gh#python/cpython#19397, bpo#40204) + +------------------------------------------------------------------- +Fri May 29 19:59:01 UTC 2020 - Andreas Stieger + +- Fix build with SQLite 3.32 (bpo#40783) + add bpo40784-Fix-sqlite3-deterministic-test.patch + +------------------------------------------------------------------- +Sun May 17 15:37:35 UTC 2020 - Callum Farmer + +- Update to version 3.8.3: + - Complete list of changes is available at + https://docs.python.org/release/3.8.3/whatsnew/changelog.html#python-3-8-3-final, + but most of them are just bugfixes. + - Removed patch CVE-2020-8492-urllib-ReDoS.patch: contained in upstream + +------------------------------------------------------------------- +Thu Apr 16 12:06:01 UTC 2020 - Matej Cepl + +- Add #!BuildIgnore: gdk-pixbuf-loader-rsvg to python3 SPEC + +------------------------------------------------------------------- +Thu Mar 26 15:36:55 UTC 2020 - Matej Cepl + +- Add patch bsc1167501-invalid-alignment.patch + (bsc#1167501, bpo#40052) to fix alignment in abstract.h header file. + +------------------------------------------------------------------- +Wed Mar 11 11:09:41 UTC 2020 - Andreas Schwab + +- Update list of skipped tests for qemu linux-user build, test_setegid + (test.test_os.PosixUidGidTests) is confusing it + +------------------------------------------------------------------- +Thu Mar 5 18:40:29 UTC 2020 - Matej Cepl + +- Update to 3.8.2: + - Complete list of changes is available at + https://docs.python.org/release/3.8.2/whatsnew/changelog.html#python-3-8-2-final, + but most of them are just bugfixes. + - Updated patches: + - F00102-lib64.patch + - OBS_dev-shm.patch + - SUSE-FEDORA-multilib.patch + - subprocess-raise-timeout.patch + +------------------------------------------------------------------- +Sun Feb 9 00:14:24 CET 2020 - Matej Cepl + +- Add CVE-2020-8492-urllib-ReDoS.patch fixing the security bug + "Python urrlib allowed an HTTP server to conduct Regular + Expression Denial of Service (ReDoS)" (bsc#1162367) + +------------------------------------------------------------------- +Sat Feb 8 22:21:10 CET 2020 - Matej Cepl + +- Add Requires: libpython%{so_version} == %{version}-%{release} + to python3-base to keep both packages always synchronized + (bsc#1162224). + +------------------------------------------------------------------- +Mon Feb 3 20:27:54 UTC 2020 - Tomáš Chvátal + +- Do not pull in bluez in base again, explain the cycle, + it needs to be solved by bluez maintainer for us by providing + just the headers separately + +------------------------------------------------------------------- +Mon Feb 3 19:54:25 UTC 2020 - Tomáš Chvátal + +- Reame idle icons to idle3 in order to not conflict with python2 + variant of the package + * renamed the icons + * renamed icon load in desktop file + +------------------------------------------------------------------- +Thu Jan 16 09:50:03 UTC 2020 - Tomáš Chvátal + +- Add importlib_resources provide/obsolete as it is integral + part of the lang since 3.7 release + +------------------------------------------------------------------- +Mon Jan 13 11:10:47 UTC 2020 - Martin Liška + +- Add -fno-semantic-interposition as it brings speed up: + https://fedoraproject.org/wiki/Changes/PythonNoSemanticInterpositionSpeedup + +------------------------------------------------------------------- +Thu Dec 19 16:25:26 CET 2019 - Matej Cepl + +- Update to 3.8.1: + - This is mainly bugfix release and no significant changes to + API are expected. The full changelog is available on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-1 + - Remove bpo-38688_shutil.copytree_prevent-infinite-recursion.patch, + which is included in the upstream tarball. + +------------------------------------------------------------------- +Thu Dec 19 14:57:32 CET 2019 - Matej Cepl + +- Add bpo-31046_ensurepip_honours_prefix.patch which makes + ensurepip to honour the value of $(prefix). Proposed fix for + bpo#31046.. + +------------------------------------------------------------------- +Tue Dec 10 11:07:16 UTC 2019 - Tomáš Chvátal + +- Move bluez-devel dependency to base as it is needed for + socket.AF_BLUETOOTH and otherwise does not work + +------------------------------------------------------------------- +Mon Dec 2 16:52:32 CET 2019 - Matej Cepl + +- Reintroduce QtHelp with the help of the new BR + python-sphinxcontrib-qthelp. + +------------------------------------------------------------------- +Mon Oct 21 18:51:00 UTC 2019 - Stefan Brüns + +- Fix SUSE-FEDORA-multilib.patch, the platform agnostic infix for + library installation is "lib", not "dir". + +------------------------------------------------------------------- +Thu Oct 17 14:19:20 UTC 2019 - Stefan Brüns + +- Move idle subpackage build from python3-base to python3. + appstream-glib required for packaging introduces considerable + extra dependencies and a build loop via rust/librsvg. +- Correct installation of idle IDE icons: + + idle.png is not the target directory + + non-GNOME-specific icons belong into icons/hicolor +- Add required Name key to idle3 desktop file + +------------------------------------------------------------------- +Tue Oct 15 16:39:12 CEST 2019 - Matej Cepl + +- Update to the final release 3.8.0. . + - New Features: + - Assignment expressions + - Positional-only parameters + - Parallel filesystem cache for compiled bytecode files + - Debug build uses the same ABI as release build + - f-strings support = for self-documenting expressions and + debugging + - PEP 578: Python Runtime Audit Hooks + - PEP 587: Python Initialization Configuration + - Vectorcall: a fast calling protocol for CPython + - Pickle protocol 5 with out-of-band data buffers + - New modules: + - importlib.metadata + - Improved modules: + - ast asyncio, builtins, collections, curses, ctypes, + datetime, functools, gc, gettext, gzip, idelib and IDLE, + inspect, io, json.tool, math, mmap, multiprocessing, os, + os.path, pathlib, pickle, plistlib, py_compile, shlex, + shutil, socket, ssl, statistics, sys, tarfile, threading, + tokenize, tkinter, time, typing, unicodedata, unittest, + venv, weakref, xml + - C API improvements + - bdist_winnst command has been deprecated (use bdist_wheel) +- https://docs.python.org/3.8/whatsnew/3.8.html remains rest of + changes including documentation on how to port your programs to + the current version of Python. + +------------------------------------------------------------------- +Mon Oct 14 15:02:08 CEST 2019 - Matej Cepl + +- Add idle3.appdata.xml and idle3.desktop (originally from + Fedora) to make Idle3 full GUI desktop application. + (bsc#1153830) + +------------------------------------------------------------------- +Wed Oct 9 19:09:16 UTC 2019 - Michael Gorse + +- Drop intltool from BuildRequires. Doesn't appear to be used. + +------------------------------------------------------------------- +Wed Oct 9 10:37:59 UTC 2019 - Tomáš Chvátal + +- Add folder version to allow tarball downloads even for beta/rc + releases + +------------------------------------------------------------------- +Tue Oct 8 14:53:54 CEST 2019 - Matej Cepl + +- Revert patches from Fedora (F00102-lib64.patch and + F00251-change-user-install-location.patch) into their original + prisitine Fedora versions, SUSE-FEDORA-multilib.patch refreshed + accordingly. + +------------------------------------------------------------------- +Mon Oct 7 14:33:30 UTC 2019 - Matej Cepl + +- Correct quotation of platsubdir in Lib/distutils/command/install.py + +------------------------------------------------------------------- +Thu Oct 3 13:59:57 CEST 2019 - Matej Cepl + +- Replace python-3.6.0-multilib.patch with two patches from + Fedora (F00102-lib64.patch and + F00251-change-user-install-location.patch), and our own + SUSE-FEDORA-multilib.patch to allow better cooperation with + Fedora and better upstreaming. +- Add OBS_dev-shm.patch fixing bpo#38377 + +------------------------------------------------------------------- +Thu Oct 3 08:39:18 UTC 2019 - Tomáš Chvátal + +- Pull in just gettext and let solver to sort out between: + gettext-runtime-mini and gettext-runtime + +------------------------------------------------------------------- +Wed Oct 2 15:00:09 CEST 2019 - Matej Cepl + +- Update to 3.8.0rc1. Overall changes from 3.7: + - PEP 572, Assignment expressions + - PEP 570, Positional-only arguments + - PEP 587, Python Initialization Configuration (improved + embedding) + - PEP 590, Vectorcall: a fast calling protocol for CPython + - PEP 578, Runtime audit hooks + - PEP 574, Pickle protocol 5 with out-of-band data + - Typing-related: PEP 591 (Final qualifier), PEP 586 (Literal + types), and PEP 589 (TypedDict) + - Parallel filesystem cache for compiled bytecode + - Debug builds share ABI as release builds, also the 'm' ABI + tag was removed (irrelevant since 3.4), bpo#36707 + - f-strings support a handy = specifier for debugging + - continue is now legal in finally: blocks + - on Windows, the default asyncio event loop is now + ProactorEventLoop + - on macOS, the spawn start method is now used by default in + multiprocessing + - multiprocessing can now use shared memory segments to avoid + pickling costs between processes + - typed_ast is merged back to CPython + - LOAD_GLOBAL is now 40% faster + - pickle now uses Protocol 4 by default, improving performance +- Refreshed patches: + - CVE-2019-5010-null-defer-x509-cert-DOS.patch + - python-3.3.0b1-fix_date_time_compiler.patch + - python-3.6.0-multilib.patch + - subprocess-raise-timeout.patch + +------------------------------------------------------------------- +Wed Sep 25 09:46:41 UTC 2019 - Bernhard Wiedemann + +- Add bpo36302-sort-module-sources.patch (boo#1041090) + +------------------------------------------------------------------- +Tue Sep 10 13:43:18 UTC 2019 - Tomáš Chvátal + +- Try harder obsoleting importlib-metadata + +------------------------------------------------------------------- +Sat Aug 31 00:16:47 CEST 2019 - Matej Cepl + +- Update to 3.8.0b4: + Many bugfixes, full list on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-0-beta-4 + +------------------------------------------------------------------- +Thu Aug 29 06:28:15 UTC 2019 - Guillaume GARDET + +- Re-enable test_threading on aarch64 + +------------------------------------------------------------------- +Sat Aug 17 13:21:15 UTC 2019 - John Vandenberg + +- Remove xrpm from subpackage tk description + +------------------------------------------------------------------- +Tue Aug 6 14:24:55 CEST 2019 - Matej Cepl + +- Update to 3.8.0b3: + Many bugfixes, full list on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-0-beta-3 +- Patches reapplied: + - python-3.3.0b1-fix_date_time_compiler.patch + - python-3.3.0b1-test-posix_fadvise.patch + - python-3.6.0-multilib.patch + - subprocess-raise-timeout.patch + +------------------------------------------------------------------- +Tue Jul 23 13:20:49 UTC 2019 - Matej Cepl + +- Add Provides: python3-importlib-metadata + +------------------------------------------------------------------- +Sun Jul 7 19:08:48 CEST 2019 - Matej Cepl + +- Update to 3.8.0b2: + Many bugfixes, full list on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-0-beta-2 +- Patches included in upstream: + - bpo-37169_PyObject_IsFreed.patch +- Patches reapplied: + - 00251-change-user-install-location.patch + - distutils-reproducible-compile.patch + - python-3.3.0b1-localpath.patch + - python-3.6.0-multilib.patch + +------------------------------------------------------------------- +Tue Jul 2 09:03:04 UTC 2019 - Andreas Schwab + +- Update list of skipped tests for qemu linux-user build +- Don't do profiling in qemu linux-user build + +------------------------------------------------------------------- +Wed Jun 5 12:19:09 CEST 2019 - Matej Cepl + +- Update to 3.8.0b1 (changes since 3.7.*): + - PEP 572, Assignment expressions + - PEP 570, Positional-only arguments + - PEP 587, Python Initialization Configuration (improved embedding) + - PEP 590, Vectorcall: a fast calling protocol for CPython + - PEP 578, Runtime audit hooks + - PEP 574, Pickle protocol 5 with out-of-band data + - Typing-related: PEP 591 (Final qualifier), PEP 586 (Literal + types), and PEP 589 (TypedDict) + - Parallel filesystem cache for compiled bytecode + - Debug builds share ABI as release builds + - f-strings support a handy = specifier for debugging + - continue is now legal in finally: blocks + - multiprocessing can now use shared memory segments to avoid + pickling costs between processes + - typed_ast is merged back to CPython + - LOAD_GLOBAL is now 40% faster + - pickle now uses Protocol 4 by default, improving performance +- Remove patches which were included in the upstream: + - 00251-change-user-install-location.patch + - 00316-mark-bdist_wininst-unsupported.patch + - CVE-2019-9947-no-ctrl-char-http.patch + - raise_SIGING_not_handled.patch + +------------------------------------------------------------------- +Wed May 22 10:53:03 UTC 2019 - Martin Liška + +- Set _lto_cflags to nil as the package is using LTO via --enable-lto. + That will prevent to propage LTO for Python modules that are + built in a separate package. + +------------------------------------------------------------------- +Sat May 4 21:29:20 CEST 2019 - Matej Cepl + +- Update to 3.8.0.a3: + - PEP 572: Assignment Expressions. + - Other (mostly small) changes are on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-0-alpha-3 + +------------------------------------------------------------------- +Mon Apr 29 15:40:34 CEST 2019 - Matej Cepl + +- bsc#1130840 (CVE-2019-9947): add CVE-2019-9947-no-ctrl-char-http.patch + Address the issue by disallowing URL paths with embedded + whitespace or control characters through into the underlying + http client request. Such potentially malicious header + injection URLs now cause a ValueError to be raised. + +------------------------------------------------------------------- +Wed Apr 10 10:22:58 CEST 2019 - Matej Cepl + +- Fix metadata of patches. +- Rename boo1071941-make-install-in-sep-loc.patch to + 00251-change-user-install-location.patch which is the original + name, so it can be looked up in the Fedora VCS. + +------------------------------------------------------------------- +Tue Apr 9 04:55:24 UTC 2019 - John Vandenberg + +- Mark distutils bdist_wininst command unsupported + with 00316-mark-bdist_wininst-unsupported.patch +- Remove Windows bdist_wininst executables from runtime package + +------------------------------------------------------------------- +Tue Apr 9 01:21:45 CEST 2019 - Matej Cepl + +- Update to 3.7.3, which is the maintenance release without any + significant changes in API. + - Updated patches: + - CVE-2019-5010-null-defer-x509-cert-DOS.patch + - distutils-reproducible-compile.patch + - python-3.3.0b1-fix_date_time_compiler.patch + - python-3.6.0-multilib.patch + - raise_SIGING_not_handled.patch + +------------------------------------------------------------------ +Wed Mar 20 14:59:58 UTC 2019 - Matěj Cepl + +- Remove building of Qt Develop help files. + +------------------------------------------------------------------- +Fri Mar 15 15:10:30 CET 2019 - Matej Cepl + +- Return distutils-reproducible-compile.patch which is still + missing (still unfinished bpo#29708). + +------------------------------------------------------------------- +Mon Feb 25 23:30:56 CET 2019 - Matej Cepl + +- Update to 3.8.0a2: + * List of all (mostly small) changes are on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-0-alpha-2 + +------------------------------------------------------------------- +Tue Feb 12 10:25:52 CET 2019 - Matej Cepl + +- Build nis module again. + +------------------------------------------------------------------- +Tue Feb 12 10:06:17 CET 2019 - Matej Cepl + +- Update to 3.8.0a1: + * The most visible change so far is probably the + implementation of PEP 572: Assignment Expressions. For + a detailed list of changes, see: + https://docs.python.org/3.8/whatsnew/changelog.html + * Recover building of nis module properly in python3 package +- Update patches: + * CVE-2019-5010-null-defer-x509-cert-DOS.patch + * python-3.3.0b1-fix_date_time_compiler.patch + * python-3.3.0b1-test-posix_fadvise.patch + * python-3.6.0-multilib.patch + * raise_SIGING_not_handled.patch + +------------------------------------------------------------------- +Wed Jan 30 18:07:49 CET 2019 - mcepl@suse.com + +- Put LICENSE file where it belongs (bsc#1121852) + +------------------------------------------------------------------- +Sat Jan 19 16:19:38 CET 2019 - mcepl@suse.com + +- bsc#1122191: add CVE-2019-5010-null-defer-x509-cert-DOS.patch + fixing bpo-35746. + An exploitable denial-of-service vulnerability exists in the + X509 certificate parser of Python.org Python 2.7.11 / 3.7.2. + A specially crafted X509 certificate can cause a NULL pointer + dereference, resulting in a denial of service. An attacker can + initiate or accept TLS connections using crafted certificates + to trigger this vulnerability. + +------------------------------------------------------------------- +Tue Jan 8 12:51:01 UTC 2019 - Tomáš Chvátal + +- Do not require full gettext in order to avoid pulling in the + glib2 as a dependency + +------------------------------------------------------------------- +Tue Jan 8 12:25:27 UTC 2019 - Tomáš Chvátal + +- Update to 3.7.2: + * bugfix release: + https://docs.python.org/3.7/whatsnew/changelog.html#changelog + +------------------------------------------------------------------- +Wed Jan 2 12:51:48 CET 2019 - mcepl@suse.com + +- Stop applying python-3.6.0-multilib-new.patch (which is still + WIP), and apply the old proven python-3.6.0-multilib.patch + instead. + +------------------------------------------------------------------- +Wed Dec 19 19:29:44 UTC 2018 - Todd R + +- Use upstream-recommended %{_rpmconfigdir}/macros.d directory + for the rpm macros. + +------------------------------------------------------------------- +Mon Dec 17 17:24:49 CET 2018 - mcepl@suse.com + +- Upgrade to 3.7.2rc1: + * bugfix release, for the full list of all changes see + https://docs.python.org/3.7/whatsnew/changelog.html#changelog +- Make run of the test suite more verbose + +------------------------------------------------------------------- +Tue Dec 11 01:52:45 UTC 2018 - Jan Engelhardt + +- Write summaries without em dashes. + +------------------------------------------------------------------- +Mon Dec 3 13:27:54 UTC 2018 - Matěj Cepl + +- Remove python-3.3.0b1-curses-panel.patch it is unnecessary anymore. +- Add boo1071941-make-install-in-sep-loc.patch to make pip and + distutils in user environment install into separate location + (boo#1071941) + + Set values of prefix and exec_prefix in distutils install + command to /usr/local if executable is /usr/bin/python* and RPM + build is not detected to make pip and distutils install into + separate location +- Remove finally python-3.3.3-skip-distutils-test_sysconfig_module.patch +- Remove distutils-reproducible-compile.patch which doesn't make + really much difference in reproducibility (see + gh#python/cpython#8057 and discussion there). + +------------------------------------------------------------------- +Sat Dec 1 00:14:28 CET 2018 - mcepl@suse.com + +- Rename Stop_hash-based_invalidation_w_SOURCE_DATE_EPOCH.patch + to bpo34022-stop_hash-based_invalidation_w_SOURCE_DATE_EPOCH.patch + +------------------------------------------------------------------- +Wed Nov 7 12:10:41 CET 2018 - mcepl@suse.com + +- Add dependency on bluez-devel to build support for Bluetooth + (boo#1109998) + +------------------------------------------------------------------- +Tue Nov 6 13:52:45 CET 2018 - mcepl@suse.com + +- Add devhelp subpackage and split qthelp into another + subpackage. + +------------------------------------------------------------------- +Wed Oct 24 12:38:00 UTC 2018 - Matěj Cepl + +- Remove python-3.0b1-record-rpm.patch and + Python-3.0b1-record-rpm.patch, as they are not needed anymore + +------------------------------------------------------------------- +Tue Oct 23 14:14:16 UTC 2018 - Matej Cepl + +- Switch off test_threading for optimization builds. + +------------------------------------------------------------------- +Mon Oct 22 14:41:59 CEST 2018 - mcepl@suse.com + +- Update to python-3.7.1. This is just a brief overview, complete + changelog available at + https://docs.python.org/3.7/whatsnew/changelog.html#python-3-7-1-final: + Library + bpo-34970: Protect tasks weak set manipulation in asyncio.all_tasks() +- Patches already accepted upstream are removed: + * 00307-allow-to-call-Py_Main-after-Py_Initialize.patch + * 00308-tls-1.3.patch +- New patches added: + * Stop_hash-based_invalidation_w_SOURCE_DATE_EPOCH.patch + * raise_SIGING_not_handled.patch +- All other patches refreshed via quilt. + +------------------------------------------------------------------- +Mon Oct 22 12:22:19 UTC 2018 - Matej Cepl + +- Add raise_SIGING_not_handled.patch to fix bsc#1094814 + +------------------------------------------------------------------- +Wed Oct 17 14:04:35 UTC 2018 - Tomáš Chvátal + +- Add patch to fix importlib return types: + * python3-imp-returntype.patch + +------------------------------------------------------------------- +Mon Oct 15 13:46:32 CEST 2018 - mcepl@suse.com + +- bpo-34022 still not completely fixed, so we have to keep + excluding test_cmd_line_script, + test_multiprocessing_main_handling, and test_runpy from the + test suite. + +------------------------------------------------------------------- +Sun Oct 14 15:57:24 UTC 2018 - Matej Cepl + +- Update to python 3.7.1~rc2: + Core and Builtins + bpo-34879: Fix a possible null pointer dereference in + bytesobject.c. Patch by Zackery Spytz. + bpo-34854: Fixed a crash in compiling string annotations + containing a lambda with a keyword-only argument that + doesn’t have a default value. + bpo-34320: Fix dict(od) didn’t copy iteration order of + OrderedDict. + Library + bpo-34769: Fix for async generators not finalizing when event + loop is in debug mode and garbage collector runs in another + thread. + bpo-34922: Fixed integer overflow in the digest() and + hexdigest() methods for the SHAKE algorithm in the hashlib + module. + bpo-34900: Fixed unittest.TestCase.debug() when used to call + test methods with subtests. Patch by Bruno Oliveira. + bpo-34871: Fix inspect module polluted sys.modules when parsing + __text_signature__ of callable. + bpo-34872: Fix self-cancellation in C implementation of + asyncio.Task + bpo-34819: Use a monotonic clock to compute timeouts in + Executor.map() and as_completed(), in order to prevent + timeouts from deviating when the system clock is adjusted. + bpo-34334: In QueueHandler, clear exc_text from LogRecord to + prevent traceback from being written twice. + bpo-6721: Acquire the logging module’s commonly used internal + locks while fork()ing to avoid deadlocks in the child + process. + bpo-34172: Fix a reference issue inside multiprocessing.Pool + that caused the pool to remain alive if it was deleted + without being closed or terminated explicitly. + Documentation + bpo-32174: chm document displays non-ASCII charaters properly on + some MBCS Windows systems. + Tests + bpo-32962: Fixed test_gdb when Python is compiled with flags + -mcet -fcf-protection -O0. + C API + bpo-34910: Ensure that PyObject_Print() always returns -1 on + error. Patch by Zackery Spytz. + +------------------------------------------------------------------- +Fri Oct 12 20:46:58 CEST 2018 - mcepl@suse.com + +- Add Stop_hash-based_invalidation_w_SOURCE_DATE_EPOCH.patch to + fix problems with SOURCE_DATE_EPOCH variable (bpo-34022) + +------------------------------------------------------------------- +Mon Sep 17 09:44:02 UTC 2018 - Tomáš Chvátal + +- Add patch to fix build with tls1.3 supported openssl + * 00308-tls-1.3.patch +- Add patch to fix Py_Main calls after Py_initialize + * 00307-allow-to-call-Py_Main-after-Py_Initialize.patch + +------------------------------------------------------------------- +Mon Sep 3 15:22:42 UTC 2018 - Matěj Cepl + +- Add -fwrapv to OPTS, which is default for python3 anyway + See for example https://github.com/zopefoundation/persistent/issues/86 + for bugs which are caused by avoiding it. + +------------------------------------------------------------------- +Tue Jul 10 11:12:32 UTC 2018 - mcepl@suse.com + +- Fix ownership of _contextvars, _queue, and _xxtestfuzz + +------------------------------------------------------------------- +Tue Jul 3 15:04:48 UTC 2018 - mcepl@suse.com + +- Switch off LTO for distros with older GCC +- Fix %files + +------------------------------------------------------------------- +Fri Jun 29 14:20:03 UTC 2018 - tchvatal@suse.com + +- Add dependency over libuuid-devel + +------------------------------------------------------------------- +Thu Jun 28 10:42:15 UTC 2018 - mimi.vx@gmail.com + +- update to python 3.7.0 + Complete overview of changes is available on + https://docs.python.org/3/whatsnew/3.7.html, these are just + highlights: + * PEP 563, postponed evaluation of type annotations. + * async and await are now reserved keywords. + * New library modules: + contextvars: PEP 567 – Context Variables + dataclasses: PEP 557 – Data Classes + importlib.resources + * New built-in features: + PEP 553, the new breakpoint() function. + * Python data model improvements: + PEP 562, customization of access to module attributes. + PEP 560, core support for typing module and generic types. + the insertion-order preservation nature of dict objects + has been declared to be an official part of the Python + language spec. + * Significant improvements in the standard library: + The asyncio module has received new features, significant + usability and performance improvements. + The time module gained support for functions with + nanosecond resolution. + * CPython implementation improvements: + Avoiding the use of ASCII as a default text encoding: + PEP 538, legacy C locale coercion + PEP 540, forced UTF-8 runtime mode + PEP 552, deterministic .pycs + the new development runtime mode + PEP 565, improved DeprecationWarning handling + * C API improvements: + PEP 539, new C API for thread-local storage + * Documentation improvements: + PEP 545, Python documentation translations + New documentation translations: Japanese, French, and Korean. +- drop python3-sorted_tar.patch +- drop 0001-allow-for-reproducible-builds-of-python-packages.patch +- refresh python-3.6.0-multilib-new.patch +- refresh subprocess-raise-timeout.patch + * new C API for thread-local storage + * Deterministic pyc files + * Built-in breakpoint() + * Data Classes + * Core support for typing module and generic types + * Customization of access to module attributes + * Postponed evaluation of annotations + * Time functions with nanosecond resolution + * Improved DeprecationWarning handling + * Context Variables + * Avoiding the use of ASCII as a default text encoding + (PEP 538, legacy C locale coercion and PEP 540, forced UTF-8 runtime mode) + * The insertion-order preservation nature of dict objects is now + an official part of the Python language spec. + * Notable performance improvements in many areas. + +------------------------------------------------------------------- +Thu May 17 18:26:42 UTC 2018 - hpj@urpla.net + +- disable lto with gcc versions below 7 (results in link failures) + +------------------------------------------------------------------- +Mon Apr 30 15:23:24 UTC 2018 - jengelh@inai.de + +- Use faster find subcommand execution strategies. + +------------------------------------------------------------------- +Fri Apr 20 16:17:29 UTC 2018 - tchvatal@suse.com + +- Do not mention the testsuite disabling in opts as it was moved to + main pkg so base is test-free + +------------------------------------------------------------------- +Tue Apr 17 08:36:08 UTC 2018 - tchvatal@suse.com + +- As we run in main python package do not generate the pre_checkin + from both now + +------------------------------------------------------------------- +Mon Apr 16 14:11:56 UTC 2018 - tchvatal@suse.com + +- Move the tests from base to generic package wrt bsc#1088573 + * We still fail the whole distro if python3 is not build + * The other archs than x86_64 took couple of hours to unblock + build of other software, this way we work around the issue +- Some tests are still run in -base for the LTO tweaking, but at + least it is not run twice + +------------------------------------------------------------------- +Sat Mar 31 19:41:12 UTC 2018 - mimi.vx@gmail.com + +- update to 3.6.5 + * bugfix release + * see Misc/NEWS for details +- drop ctypes-pass-by-value.patch +- drop fix-localeconv-encoding-for-LC_NUMERIC.patch +- refresh python-3.6.0-multilib-new.patch + +------------------------------------------------------------------ +Wed Mar 7 09:16:39 UTC 2018 - adam@mizerski.pl + +- Created %so_major and %so_minor macros +- Put Tools/gdb/libpython.py script into proper place and ship it with devel + subpackage. + +------------------------------------------------------------------- +Tue Feb 20 15:04:56 UTC 2018 - schwab@suse.de + +- ctypes-pass-by-value.patch: Fix pass by value for structs on aarch64 + +------------------------------------------------------------------- +Tue Feb 20 14:28:00 UTC 2018 - bwiedemann@suse.com + +- Add python3-sorted_tar.patch (boo#1081750) + +------------------------------------------------------------------- +Tue Feb 20 14:08:57 UTC 2018 - tchvatal@suse.com + +- Drop python3-tk and python3-idle recommends to reduce python3 + always pulling X stack bsc#1081751 + +------------------------------------------------------------------- +Wed Feb 7 09:10:03 UTC 2018 - tchvatal@suse.com + +- Add patch to fix glibc 2.27 fail bsc#1079761: + * fix-localeconv-encoding-for-LC_NUMERIC.patch + +------------------------------------------------------------------- +Mon Feb 5 17:14:43 UTC 2018 - normand@linux.vnet.ibm.com + +- Update skip_random_failing_tests.patch (for PowerPC) + to avoid test_call_later failure + +------------------------------------------------------------------- +Wed Jan 24 14:35:58 UTC 2018 - jmatejek@suse.com + +- move XML modules and python3-xml provide to python3-base + (fixes bsc#1077230) +- move ensurepip to base + +------------------------------------------------------------------- +Thu Jan 18 12:31:47 UTC 2018 - normand@linux.vnet.ibm.com + +- Add skip_random_failing_tests.patch only for PowerPC + +------------------------------------------------------------------- +Wed Jan 3 12:18:51 UTC 2018 - jmatejek@suse.com + +- update to 3.6.4 + * bugfix release, over a hundred bugs fixed + * see Misc/NEWS for details +- drop upstreamed python3-ncurses-6.0-accessors.patch +- drop PYTHONSTARTUP hooks that cause spurious startup errors + * fixes bsc#1070738 + * the relevant feature (REPL history) is now built into Python itself + +------------------------------------------------------------------- +Sat Dec 2 11:11:46 UTC 2017 - dimstar@opensuse.org + +- Install 2to3-%{python_version} executable (override defattr of + the -tools package). 2to3 (unversioned) is a symlink and does not + carry permissions (bsc#1070853). + +------------------------------------------------------------------- +Thu Nov 16 11:02:18 UTC 2017 - mimi.vx@gmail.com + +- move 2to3 to python3-tools package + +------------------------------------------------------------------- +Wed Oct 11 13:15:23 UTC 2017 - jmatejek@suse.com + +- update to 3.6.3 + * bugfix release, over a hundred bugs fixed + * see Misc/NEWS for details +- drop upstreamed 0001-3.6-bpo-30714-ALPN-changes-for-OpenSSL-1.1.0f-3093.patch + +------------------------------------------------------------------- +Wed Sep 20 09:54:05 UTC 2017 - dmueller@suse.com + +- drop python-2.7-libffi-aarch64.patch: this patches the intree + copy of libffi which is unused/deleted in the line afterwards +- fix build against system libffi: include flags weren't set + so it actually used the in-tree libffi headers. + +------------------------------------------------------------------- +Thu Sep 14 13:23:10 UTC 2017 - vcizek@suse.com + +- Fix test broken with OpenSSL 1.1 (bsc#1042670) + * add 0001-3.6-bpo-30714-ALPN-changes-for-OpenSSL-1.1.0f-3093.patch + +------------------------------------------------------------------- +Tue Sep 5 11:47:05 UTC 2017 - jengelh@inai.de + +- Update RPM group for python documentation. + +------------------------------------------------------------------- +Thu Aug 31 08:39:31 UTC 2017 - schwab@suse.de + +- fix missing %{?armsuffix} + +------------------------------------------------------------------- +Wed Aug 30 13:41:38 UTC 2017 - jmatejek@suse.com + +- distutils-reproducible-compile.patch: ensure distutils order files + before compiling, which works around bsc#1049186 + +------------------------------------------------------------------- +Thu Aug 17 08:59:05 CEST 2017 - kukuk@suse.de + +- Add libnsl-devel build requires for glibc obsoleting libnsl + +------------------------------------------------------------------- +Thu Aug 3 16:09:26 UTC 2017 - jmatejek@suse.com + +- update to 3.6.2 + * bugfix release, over a hundred bugs fixed + * see Misc/NEWS for details +- drop upstreamed test-socket-aead-kernel49.patch +- add Provides: python3-typing (fixes bsc#1050653) +- drop duplicate Provides: python3 + +------------------------------------------------------------------- +Mon Jun 26 12:10:07 UTC 2017 - jmatejek@suse.com + +- drop db-devel from requirements + +------------------------------------------------------------------- +Tue Jun 20 09:26:52 UTC 2017 - asn@cryptomilk.org + +- Add missing link to python library in config dir (bsc#1040164) + +------------------------------------------------------------------- +Thu Mar 23 12:42:59 UTC 2017 - jmatejek@suse.com + +- update to 3.6.1 + * bugfix release, over a hundred bugs fixed + * never add import location's parent directory to sys.path + * switch to git for version control, build changes related to that + * fix "failed to get random numbers" on old kernels (bsc#1029902) + * several crashes and memory leaks corrected + * f-string are no longer accepted as docstrings + +------------------------------------------------------------------- +Mon Mar 13 14:04:22 UTC 2017 - jmatejek@suse.com + +- prevent regenerating AST at build-time more robustly +- add "--without profileopt" and "--without testsuite" options to python3-base + to allow short circuiting when working on the package + +------------------------------------------------------------------- +Sat Feb 25 20:55:57 UTC 2017 - bwiedemann@suse.com + +- Add 0001-allow-for-reproducible-builds-of-python-packages.patch + upstream https://github.com/python/cpython/pull/296 + +------------------------------------------------------------------- +Wed Feb 8 12:30:20 UTC 2017 - jmatejek@suse.com + +- reenable test_socket with AEAD patch (test-socket-aead-kernel49.patch) +- reintroduce %py3_soflags macro (and better named %cpython3_soabi equivalent) + +------------------------------------------------------------------- +Wed Jan 11 14:57:07 UTC 2017 - jmatejek@suse.com + +- update to 3.6.0 + * PEP 498 Formated string literals + * PEP 515 Underscores in numeric literals + * PEP 526 Syntax for variable annotations + * PEP 525 Asynchronous generators + * PEP 530 Asynchronous comprehensions + * PEP 506 New "secrets" module for safe key generation + * less memory consumed by dicts + * dtrace and systemtap support + * improved asyncio module + * better defaults for ssl + * new hashing algorithms in hashlib + * bytecode format changed to allow more optimizations + * "async" and "await" are on track to be reserved words + * StopIteration from generators is deprecated + * support for openssl < 1.0.2 is deprecated + * os.urandom now blocks when getrandom() blocks + * huge number of new features, bugfixes and optimizations + * see https://docs.python.org/3.6/whatsnew/3.6.html for details +- rework multilib patch: drop Python-3.5.0-multilib.patch, implement + upstreamable python-3.6.0-multilib-new.patch +- refresh python-3.3.0b1-localpath.patch, subprocess-raise-timeout.patch +- drop upstreamed Python-3.5.1-fix_lru_cache_copying.patch +- finally drop python-2.6b1-canonicalize2.patch that was not applied in source + and only kept around in case we needed it in the future. (which we don't, as it seems) +- update import_failed map and baselibs +- build ctypes against system libffi + (buildrequire libffi-devel in python3-base) +- add new key to keyring (signed by keys already in keyring) +- introduced common configure section between python3 and python3-base +- moved pyconfig.h and Makefile to devel subpackage as distutils no longer + need it at runtime +- added python-rpm-macros dependency, regenerated macros file, drop macros.python3.py + because it is not used now +- improve summaries and descriptions (fixes bsc#917607) +- enabled Link-Time Optimization, see what happens +- including skipped_tests.py in pre_checkin.sh run +- run specs through spec-cleaner, rearrange sections + +------------------------------------------------------------------- +Fri Apr 22 17:20:29 UTC 2016 - jmatejek@suse.com + +- move _hashlib and _ssl modules and tests to python3-base +- recommend python3 + +------------------------------------------------------------------- +Tue Mar 15 15:05:23 UTC 2016 - schwab@suse.de + +- Skip test_asyncio under qemu_user_space_build + +------------------------------------------------------------------- +Mon Mar 7 20:38:11 UTC 2016 - toddrme2178@gmail.com + +- Add Python-3.5.1-fix_lru_cache_copying.patch + Fix copying the lru_cache() wrapper object. + Fixes deep-copying lru_cache regression, which worked on + previous versions of python but fails on python 3.5. + This fixes a bunch of packages in devel:languages:python3. + See: https://bugs.python.org/issue25447 + +------------------------------------------------------------------- +Sun Jan 24 00:44:08 UTC 2016 - arichardson.kde@gmail.com + +- Build the docs in .qch format as well + +------------------------------------------------------------------- +Wed Dec 9 07:35:20 UTC 2015 - toddrme2178@gmail.com + +- update to 3.5.1 + * bugfix-only release, dozens of bugs fixed +- Drop upstreamed Python-3.5.0-_Py_atomic_xxx-symbols.patch +- "Python3" to "Python 3" in summary + * This seems cleaner and fixes and rpmlint warning + +------------------------------------------------------------------- +Wed Oct 14 20:21:52 UTC 2015 - toddrme2178@gmail.com + +- Add Python-3.5.0-_Py_atomic_xxx-symbols.patch + This fixes a build error for many packages that use the Python, + C-API. + This patch is already accepted upstream and is slated to appear in + python 3.5.1. + +------------------------------------------------------------------- +Tue Sep 29 15:53:24 UTC 2015 - jmatejek@suse.com + +- update to 3.5.0 + * coroutines with async/await syntax + * matrix multiplication operator `@` + * unpacking generalizations + * new modules `typing` and `zipapp` + * type annotations + * .pyo files replaced by custom suffixes for optimization levels in __pycache__ + * support for memory BIO in ssl module + * performance improvements in several modules + * and many more +- removals and behavior changes + * deprecated `__version__` is removed + * support for .pyo files was removed + * system calls are auto-retried on EINTR + * bare generator expressions in function calls now cause SyntaxError + (change "f(x for x in i)" to "f((x for x in i))" to fix) + * removed undocumented `format` member of private `PyMemoryViewObject` struct + * renamed `PyMemAllocator` to `PyMemAllocatorEx` +- redefine %dynlib macro to reflect that modules now have arch+os as part of name +- module `time` is now built-in +- dropped upstreamed patches: + python-3.4.1-fix-faulthandler.patch + python-3.4.3-test-conditional-ssl.patch + python-fix-short-dh.patch (also dropped dh2048.pem required for this patch) +- updated patch Python-3.3.0b2-multilib.patch to Python-3.5.0-multilib.patch +- python-ncurses-6.0-accessors.patch taken from python 2 to fix build failure + with new gcc + ncurses + +------------------------------------------------------------------- +Wed Sep 9 11:51:22 UTC 2015 - dimstar@opensuse.org + +- Add python3-ncurses-6.0-accessors.patch: Fix build with + NCurses 6.0 and OPAQUE_WINDOW set to 1. + +------------------------------------------------------------------- +Mon Aug 24 17:02:08 UTC 2015 - jmatejek@suse.com + +- improve import_failed hook to do the right thing when invoking + missing modules with "python3 -m modulename" (boo#942751) + +------------------------------------------------------------------- +Thu Jul 23 22:08:10 UTC 2015 - fisiu@opensuse.org + +- Build with --enable-loadable-sqlite-extensions to make it works + as geospatial database. + +------------------------------------------------------------------- +Wed Jul 1 07:07:26 UTC 2015 - dimstar@opensuse.org + +- Fix source list for previous change (add dh2048.pem). + +------------------------------------------------------------------- +Wed Jun 24 06:54:30 UTC 2015 - meissner@suse.com + +- dh2048.pem: added generated 2048 dh parameter set to fix + ssl test (bsc#935856) +- python-fix-short-dh.patch: replace the 512 bits dh parameter set + by 2048 bits to fix build with new openssl 1.0.2c (bsc#935856) + +------------------------------------------------------------------- +Tue May 19 14:59:30 UTC 2015 - schwab@suse.de + +- ctypes-libffi-aarch64.patch: remove upstreamed patch +- python-2.7-libffi-aarch64.patch: Fix argument passing in libffi for + aarch64 + +------------------------------------------------------------------- +Thu May 14 10:58:36 UTC 2015 - jmatejek@suse.com + +- drop the PDF subpackage + (removes the massive texlive dependency, and most likely nobody is + using the PDFs anyway) + +------------------------------------------------------------------- +Thu May 14 09:53:29 UTC 2015 - jmatejek@suse.com + +- python-3.4.3-test-conditional-ssl.patch - restore tests failing because + test_urllib was unconditionally importing ssl (without really needing it) +- restore functionality of multilib patch +- drop libffi-ppc64le.diff because upstream completely changed everything + yet again (sorry ppc64 folks :| ) + + +------------------------------------------------------------------- +Fri May 1 15:11:21 UTC 2015 - mailaender@opensuse.org + +- Update to version 3.4.3 +- Drop upstreamed CVE-2014-4650-CGIHTTPServer-traversal.patch + (bpo#21766) + +------------------------------------------------------------------- +Wed Mar 25 10:57:28 UTC 2015 - rguenther@suse.com + +- Add python-3.4.1-fix-faulthandler.patch, upstream patch for bogus + faulthandler which fails with GCC 5. + +------------------------------------------------------------------- +Sun Jan 11 13:01:30 UTC 2015 - p.drouand@gmail.com + +- asyncio has been merged in python3 main package; provide and + obsolete it +- Remove obsolete AUTHORS section +- Remove redundant %clean section + +------------------------------------------------------------------- +Sat Oct 18 20:14:54 UTC 2014 - crrodriguez@opensuse.org + +- Only pkgconfig(x11) is required for build, not the whole + set of packages provided by xorg-x11-devel metapackage. + +------------------------------------------------------------------- +Mon Oct 13 13:38:20 UTC 2014 - jmatejek@suse.com + +- add %python3_version rpm macro for Fedora compatibility +- add missing argument in import_failed, rename Novell Bugzilla + to SUSE Bugzilla + +------------------------------------------------------------------- +Thu Jul 31 17:24:59 UTC 2014 - dimstar@opensuse.org + +- Rename rpmlintrc to %{name}-rpmlintrc. + Follow the packaging guidelines. + +------------------------------------------------------------------- +Wed Jul 23 16:31:02 UTC 2014 - jmatejek@suse.com + +- CVE-2014-4650-CGIHTTPServer-traversal.patch: CGIHTTPServer file + disclosure and directory traversal through URL-encoded characters + (CVE-2014-4650, bnc#885882) + +------------------------------------------------------------------- +Tue Jul 22 13:55:57 UTC 2014 - jmatejek@suse.com + +- drop python-3.4.1-SUSE-ensurepip.patch for compatibility reasons, + reinstate bundled copies of pip and setuptools + (fixes bnc#885662) +- add more files as sources to silence the validator + +------------------------------------------------------------------- +Wed May 21 11:01:56 UTC 2014 - jmatejek@suse.com + +- update to 3.4.1 + * bugfix-only release, over 300 bugs fixed +- drop upstreamed python-3.4.0rc2-sqlite-3.8.4-tests.patch +- drop upstreamed CVE-2014-2667-mkdir.patch +- include Python release manager keyring and signature file + for the source archive (thus renumbering of source files) + (see https://www.python.org/download/#openpgp-public-keys ) +- move ensurepip to python3, because it transitively requires ssl + +------------------------------------------------------------------- +Fri Apr 4 16:21:40 UTC 2014 - jmatejek@suse.com + +- CVE-2014-2667-mkdir.patch: race condition with reseting umask + in os.makedirs + (CVE-2014-2667, bnc#871152) +- updated multilib patch to include ~/.local/lib64 (bnc#637176) + +------------------------------------------------------------------- +Wed Mar 26 15:24:46 UTC 2014 - jmatejek@suse.com + +- raise timeout value for test_subprocess to 10s (might fix + intermittent build failures in OBS) + +------------------------------------------------------------------- +Mon Mar 24 17:29:31 UTC 2014 - dmueller@suse.com + +- remove blacklisting of test_posix on aarch64: qemu bug is fixed + +------------------------------------------------------------------- +Mon Mar 17 18:26:58 UTC 2014 - jmatejek@suse.com + +- update to 3.4.0 final +- drop upstreamed python-3.4rc2-importlib.patch + +------------------------------------------------------------------- +Sun Mar 16 16:33:25 UTC 2014 - schwab@suse.de + +- Only build with profile-opt if profiling is enabled +- Update test exclusion lists: + * test_ctypes no longer fails on arm + * test_io no longer fails on ppc* + * test_multiprocessing has been split in multiple tests + * test_posix and test_signal fail due to qemu bugs + +------------------------------------------------------------------- +Fri Mar 14 20:26:03 UTC 2014 - andreas.stieger@gmx.de + +- Fix build with SQLite 3.8.4 [bnc#867887], fixing SQLite tests, + adding python-2.7.6-sqlite-3.8.4-tests.patch + +------------------------------------------------------------------- +Thu Feb 27 14:08:40 UTC 2014 - jmatejek@suse.com + +- update to 3.4.0 rc2 + * pre-release bugfixes + * improvements to asyncio library +- drop upstreamed tracemalloc_gcov.patch +- python-3.4rc2-importlib.patch fixes backwards-incompatibility + in the reworked importlib module that blocks build of vim + +------------------------------------------------------------------- +Fri Jan 17 18:45:27 UTC 2014 - jmatejek@suse.com + +- initial commit of 3.4.0 beta 3 + * new stdlib modules: pathlib, enum, statistics, tracemalloc + * asynchronous IO with new asyncio module + * introspection data for builtins + * subprocesses no longer inherit open file descriptors + * standardized metadata for packages + * internal hashing changed to SipHash + * new pickle protocol + * improved handling of codecs + * TLS 1.2 support + * major speed improvements for internal unicode handling + * many bugfixes and optimizations +- see porting guide at: + http://docs.python.org/3.4/whatsnew/3.4.html#porting-to-python-3-4 +- moved several modules to -testsuite subpackage +- updated list of binary extensions, refreshed patches +- tracemalloc_gcov.patch fixes profile-based optimization build +- updated packages and pre_checkin.sh to use ~-version notation + for prereleases +- fix-shebangs part of build process moved to common %prep +- drop python-3.3.2-no-REUSEPORT.patch (upstreamed) +- update baselibs for new soname + +- TODOs: + * require python-pip, make ensurepip work with zypper + +------------------------------------------------------------------- +Wed Dec 4 13:21:26 UTC 2013 - matz@suse.de + +- add ppc64le (ELFv2) support for libffi copy for ctypes module +- Adjust Python-3.3.0b2-multilib.patch for ppc64le (make sys.lib be + "lib64"). +- added patches: + * libffi-ppc64le.diff +------------------------------------------------------------------- +Tue Dec 3 09:51:43 UTC 2013 - adrian@suse.de + +- add ppc64le rules + +------------------------------------------------------------------- +Fri Nov 22 13:17:23 UTC 2013 - speilicke@suse.com + +- Add python-3.3.3-skip-distutils-test_sysconfig_module.patch: + + Disable global and distutils sysconfig comparison test, we deviate + from the default depending on optflags + +------------------------------------------------------------------- +Tue Nov 19 14:28:41 UTC 2013 - jmatejek@suse.com + +- update to 3.3.3 + * bugfix-only release + * many SSL-related fixes + * upstream fix for CVE-2013-4238 + * upstream fixes for CVE-2013-1752 +- move example module xxlimited to python3-testsuite +- drop CVE-2013-4238_py33.patch - it is upstreamed +- remove --with-wide-unicode config option, it is now the default + (and only) choice +- don't touch anything between make and makeinstall +- drop python-3.2b2-buildtime-generate.patch - the issue was caused + by touching things between make and makeinstall +- link pycache entries for import_failed hooks properly + +------------------------------------------------------------------- +Tue Oct 15 17:44:08 UTC 2013 - crrodriguez@opensuse.org + +- build with -DOPENSSL_LOAD_CONF for the same reasons + described in the python2 package. + +------------------------------------------------------------------- +Fri Aug 16 11:35:15 UTC 2013 - jmatejek@suse.com + +- handle NULL bytes in certain fields of SSL certificates + (CVE-2013-4238, bnc#834601) + +------------------------------------------------------------------- +Thu Aug 8 14:54:49 UTC 2013 - dvaleev@suse.com + +- Exclue test_faulthandler from tests on powerpc due to bnc#831629 + +------------------------------------------------------------------- +Thu Jun 13 15:05:34 UTC 2013 - jmatejek@suse.com + +- update to 3.3.2 + * bugfix-only release + * fixes several regressions introduced in 3.3.1 +- switch to xz compression +- move _lzma module to python3-base +- python-3.3.2-no-REUSEPORT.patch to fix build on kernels without SO_REUSEPORT + +------------------------------------------------------------------- +Mon Apr 29 22:32:43 UTC 2013 - schwab@suse.de + +- Readd missing bits from ctypes-libffi-aarch64.patch + +------------------------------------------------------------------- +Sat Apr 13 07:56:51 UTC 2013 - idonmez@suse.com + +- Update to version 3.3.1 + * Fix the –enable-profiling configure switch. + * In IDLE, close the replace dialog after it is used. +- Too many bugfixes to list here, + see See http://hg.python.org/cpython/file/v3.3.0/Misc/NEWS +- Refresh Python-3.3.0b2-multilib.patch +- Refresh python-3.2b2-buildtime-generate.patch +- Drop upstream patches: ctypes-libffi-aarch64.patch, + python-3.2.3rc2-pypirc-secure.patch, python-3.3.0-getdents64.patch + +------------------------------------------------------------------- +Mon Apr 8 11:25:30 UTC 2013 - speilicke@suse.com + +- Exclude sqlite/test and tk/test directories from the respective + sub-packages. These are owned by the testsuite sub-package already + +------------------------------------------------------------------- +Fri Apr 5 12:59:20 UTC 2013 - idonmez@suse.com + +- Add Source URL, see https://en.opensuse.org/title=SourceUrls + +------------------------------------------------------------------- +Wed Apr 3 15:36:04 UTC 2013 - jmatejek@suse.com + +- remove spurious modification of python-3.3.0b1-localpath.patch + that would force installation into /usr/local. + this fixes bnc#809831 + +------------------------------------------------------------------- +Thu Mar 28 18:38:51 UTC 2013 - jmatejek@suse.com + +- replace broken movetogetdents64.diff patch with a correct one + from upstream repo (python-3.3.0-getdents64.patch) + +------------------------------------------------------------------- +Fri Mar 1 07:42:21 UTC 2013 - dmueller@suse.com + +- add ctypes-libffi-aarch64.patch: + * import aarch64 support for libffi in _ctypes module +- add aarch64 to the list of lib64 based archs +- add movetogetdents64.diff: + * port to getdents64, as SYS_getdents is not implemented everywhere + +------------------------------------------------------------------- +Tue Feb 26 08:57:55 UTC 2013 - saschpe@suse.de + +- /etc/rpm/macros.python3 is no %config, it is not meant to be changed + by users. +- Add rpmlintrc with some obvious filters + +------------------------------------------------------------------- +Mon Jan 28 18:14:39 UTC 2013 - jmatejek@suse.com + +- update baselibs for new version of libpython3 + +------------------------------------------------------------------- +Thu Nov 29 17:02:37 UTC 2012 - jmatejek@suse.com + +- fix include path in macros (bnc#787526) +- implement failed import handlers for modules that live in + subpackages - e.g. "import ssl" will now throw a sensible error + message telling you to install "python3" + +------------------------------------------------------------------- +Wed Nov 28 17:02:07 UTC 2012 - jmatejek@suse.com + +- merge python3-xml into python3 +- merge python3-2to3 library into python3-base + and the 2to3 binary into python3-devel + (python3-devel is now in conflict with python-2to3, which + will be dropped) +- enable --with-system-expat for python3, making the xml modules + (and thus python3) depend on expat +- reconfigure tests to disable network and GUI resources, which + the upstream apparently thought is a good idea to enable by default. + this fixes build failures in Factory +- add lzma-devel to build the _lzma module +- moved %dynlib macro definition to common section + +------------------------------------------------------------------- +Mon Nov 5 20:01:46 UTC 2012 - coolo@suse.com + +- buildrequire timezone for the test suite + +------------------------------------------------------------------- +Mon Oct 29 18:21:45 UTC 2012 - dmueller@suse.com + +- disable more checks for qemu builds as they use syscalls not + implemented yet + +------------------------------------------------------------------- +Thu Oct 25 08:14:36 UTC 2012 - Rene.vanPaassen@gmail.com + +- exclude test_math for SLE 11; math library fails on negative + gamma function values close to integers and 0, probably + due to imprecision in -lm on SLE_11_SP2. + +------------------------------------------------------------------- +Tue Oct 16 12:15:34 UTC 2012 - coolo@suse.com + +- buildrequire libbz2-devel explicitly + +------------------------------------------------------------------- +Mon Oct 8 14:33:08 UTC 2012 - jmatejek@suse.com + +- remove distutils.cfg (bnc#658604) + * this changes default prefix for distutils to /usr + * see ML for details: +http://lists.opensuse.org/opensuse-packaging/2012-09/msg00254.html + +------------------------------------------------------------------- +Mon Oct 1 08:53:03 UTC 2012 - idonmez@suse.com + +- Update to final 3.3.0 release + * See http://hg.python.org/cpython/file/v3.3.0/Misc/NEWS + +------------------------------------------------------------------- +Thu Sep 27 12:35:01 UTC 2012 - idonmez@suse.com + +- Correct dependency for python3-testsuite, + python3-tkinter -> python3-tk + +------------------------------------------------------------------- +Thu Aug 23 13:08:11 UTC 2012 - jmatejek@suse.com + +- update to 3.3.0 RC1 + +------------------------------------------------------------------- +Fri Aug 3 12:09:34 UTC 2012 - jmatejek@suse.com + +- update to 3.3.0 beta 1 + * flexible string representation, no longer distinguishing + between wide and narrow Unicode builds + * importlib-based import system + * virtualenv support in core + * namespace packages + * explicit Unicode literals for easier porting + * key-sharing dict implementation reduces memory footprint + of OO code + * hash randomization on by default + * many other new bugfixes and features, check NEWS for details + +- pre_checkin.sh now autofills various version strings in specs +- ship hashlib's fallback modules - those uselessly take up space + when real _hashlib.so from python3 is present, but the space wasted + is only 114kB and it provides python3-base with a working hashlib + module. + (also, this fixes bnc#743787) + +------------------------------------------------------------------- +Fri Jul 27 09:02:41 UTC 2012 - dvaleev@suse.com + +- skip test_io on ppc +- drop test_io ppc patch + +------------------------------------------------------------------- +Thu Jun 28 07:57:58 UTC 2012 - saschpe@suse.de + +- Satisfy source_validator by uncommenting an otherwise unused "Patch" + line + +------------------------------------------------------------------- +Tue Jun 12 15:39:08 UTC 2012 - adrian@suse.de + +- fix logic of checks exclusion + +------------------------------------------------------------------- +Fri May 18 11:50:27 UTC 2012 - idonmez@suse.com + +- update to 3.2.3 + * No changes since rc2 + +------------------------------------------------------------------- +Thu Mar 29 15:44:33 UTC 2012 - jmatejek@suse.com + +- update to 3.2.3rc2 + * fixes several security issues: + * CVE-2012-0845, bnc#747125 + * CVE-2012-1150, bnc#751718 + * CVE-2011-4944, bnc#754447 + * CVE-2011-3389, bnc#754677 +- fix for insecure .pypirc (CVE-2011-4944, bnc#754447) +- disable test_gdb because it is broken by our gdb + +------------------------------------------------------------------- +Thu Feb 16 12:33:12 UTC 2012 - dvaleev@suse.com + +- skip broken test_io test on ppc + +------------------------------------------------------------------- +Wed Jan 18 15:49:47 UTC 2012 - jmatejek@suse.com + +- update to 3.2.2 + * bugfix-only release + * reports "linux2" as sys.platform regardless of Linux kernel +- added pre_checkin.sh to copy common spec sections to python3.spec +- added PACKAGING-NOTES with some helpful info for packagers + +------------------------------------------------------------------- +Sun Dec 25 13:25:01 UTC 2011 - idonmez@suse.com + +- Use system ffi, included one is broken see + http://bugs.python.org/issue11729 and + http://bugs.python.org/issue12081 + +------------------------------------------------------------------- +Fri Dec 9 17:19:55 UTC 2011 - jmatejek@suse.com + +- license.opensuse.org-compatible license headers + +------------------------------------------------------------------- +Fri Dec 2 16:46:44 UTC 2011 - coolo@suse.com + +- add automake as buildrequire to avoid implicit dependency + +------------------------------------------------------------------- +Thu Nov 24 12:42:25 UTC 2011 - agraf@suse.com + +- fix ARM build (exclude some test cases which break for us) + +------------------------------------------------------------------- +Tue Aug 16 17:02:22 UTC 2011 - termim@gmail.com + +- use sysconfig module to get py3_incdir, py3_abiflags, + py3_soflags, python3_sitelib and python3_sitearch + +------------------------------------------------------------------- +Mon Jul 18 16:22:31 UTC 2011 - jmatejek@novell.com + +- update to 3.2.1 + * bugfix-only release, no major changes +- fix build on linux3 platform +- remove upstreamed pybench patch +- install /usr/lib directories in all cases to prevent spurious + "directory not owned" in dependent packages + +------------------------------------------------------------------- +Wed Jun 15 14:16:38 UTC 2011 - jmatejek@novell.com + +- replaced dynamic so version with manual so version, because + autobuild does not support autogeneration + +------------------------------------------------------------------- +Tue May 24 13:39:06 UTC 2011 - jmatejek@novell.com + +- generate macros.python3 at compile-time with fixed values +- don't include bogus values in pyconfig.h, as they can break + third-party packages (bnc#673071) + +------------------------------------------------------------------- +Tue May 17 12:52:51 UTC 2011 - jmatejek@novell.com + +- added Obsoletes: python3 < 3.1 so that the transition from + non-split to split packages goes smoothly + +------------------------------------------------------------------- +Fri May 13 12:38:19 UTC 2011 - jmatejek@novell.com + +- fixed RPM macros to use python3 instead of python +- updated to build --with-wide-unicode (for compatibility with + fedora and our own python 2.x series) + +------------------------------------------------------------------- +Thu Apr 21 03:39:25 UTC 2011 - termim@gmail.com + +- fix python3-base build failure due to pybench.py crash by + python-3.2-pybench.patch +- move pyconfig.h from python3-devel to python3-base package to + make python3-base functional again + +------------------------------------------------------------------- +Wed Mar 23 04:26:28 UTC 2011 - termim@gmail.com + +- update to python 3.2 + * stable ABI, ABI-tagged .so files + * concurrent.futures and many other new or upgraded modules + * PYC repository directories ( __pycache__ ) + * python WSGI 1.0.1 + * Unicode 6.0.0 support + * a great number of bugfixes and assorted improvements + +------------------------------------------------------------------- +Tue Feb 8 19:42:17 CET 2011 - matejcik@suse.cz + +- update to python 3.2 RC2 +- renamed python3-demo to python3-tools, because the demo part + became much smaller than the tools part +- added rpm macros + +------------------------------------------------------------------- +Tue Jan 18 14:13:04 UTC 2011 - jmatejek@novell.com + +- update to python 3.2 beta 2, see NEWS for details +- split off -base package with less dependencies, and a shlib-policy + compliant libpython3 package +- mostly rewritten the spec file with more detailed comments +- cleaned up lists of patches + diff --git a/python311.spec b/python311.spec new file mode 100644 index 0000000..ad48945 --- /dev/null +++ b/python311.spec @@ -0,0 +1,1048 @@ +# +# spec file for package python311 +# +# Copyright (c) 2025 SUSE LLC and contributors +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%global flavor @BUILD_FLAVOR@%{nil} +%if "%{flavor}" == "doc" +%define psuffix -documentation +%bcond_without doc +%bcond_with base +%bcond_with general +%endif +%if "%{flavor}" == "base" +%define psuffix -core +%bcond_with doc +%bcond_without base +%bcond_with general +%endif +%if "%{flavor}" == "" +%define psuffix %{nil} +%bcond_with doc +%bcond_with base +%bcond_without general +%endif + +%if 0%{?do_profiling} && !0%{?want_reproducible_builds} +%bcond_without profileopt +%else +%bcond_with profileopt +%endif + +# Only for Tumbleweed +# https://en.opensuse.org/openSUSE:Python:Externally_managed +%if 0%{?suse_version} > 1600 +%bcond_without externally_managed +%else +%bcond_with externally_managed +%endif + +%define python_pkg_name python311 +%if "%{python_pkg_name}" == "%{primary_python}" +%define primary_interpreter 1 +%else +%define primary_interpreter 0 +%endif + +# Setting up variables +%define _version %(c=%{version}; echo ${c/[a-z]*/}) +%define tar_suffix %(c=%{_version}; echo ${c#%{_version}}) +%define python_version %(echo %{_version}|cut -d. -f1-2) +# based on the current source tarball +%define python_version_abitag %(c=%{python_version}; echo ${c//./}) +# FIXME %%define python_version_soname %%(c=%%{python_version}; echo ${c//./_}) +%define python_version_soname 3_11 +%if 0%(test -n "%{tar_suffix}" && echo 1) +%define _version %(echo "%{_version}~%{tar_suffix}") +%define tarversion %{version} +%else +%define tarversion %{version} +%endif +# We don't process beta signs well +%define folderversion %{tarversion} +%define tarname Python-%{tarversion} +%define sitedir %{_libdir}/python%{python_version} +# three possible ABI kinds: m - pymalloc, d - debug build; see PEP 3149 +%define abi_kind %{nil} +# python ABI version - used in some file names +%define python_abi %{python_version}%{abi_kind} +# soname ABI tag defined in PEP 3149 +%define abi_tag %{python_version_abitag}%{abi_kind} +# version part of "libpython" package +%define so_major 1 +%define so_minor 0 +%define so_version %{python_version_soname}%{abi_kind}-%{so_major}_%{so_minor} +# rpm and python have different ideas about what is an arch-dependent name, so: +%if "%{__isa_name}" == "ppc" +%define archname %(echo %{_arch} | sed s/ppc/powerpc/) +%else +%define archname %{_arch} +%endif +# our arm has Hardware-Floatingpoint +%if "%{_arch}" == "arm" +%define armsuffix hf +%endif +# Decide whether we want to use mpdecimal +%if 0%{?suse_version} >= 1550 +%bcond_without mpdecimal +%else +%bcond_with mpdecimal +%endif +# pyexpat.cpython-35m-x86_64-linux-gnu +# pyexpat.cpython-35m-powerpc64le-linux-gnu +# pyexpat.cpython-35m-armv7-linux-gnueabihf +# _md5.cpython-38m-x86_64-linux-gnu.so +%define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so +Name: %{python_pkg_name}%{psuffix} +Version: 3.11.13 +Release: 0 +Summary: Python 3 Interpreter +License: Python-2.0 +URL: https://www.python.org/ +Source0: https://www.python.org/ftp/python/%{folderversion}/%{tarname}.tar.xz +Source1: https://www.python.org/ftp/python/%{folderversion}/%{tarname}.tar.xz.sigstore +Source2: baselibs.conf +Source3: README.SUSE +Source4: externally_managed.in +Source7: macros.python3 +Source8: import_failed.py +Source9: import_failed.map +Source10: pre_checkin.sh +Source11: skipped_tests.py +Source19: idle3.desktop +Source20: idle3.appdata.xml +# content of bluez-devel: +# 1. sudo zypper --pkg-cache-dir /tmp install -f -d --no-recommends bluez-devel +# 2. rpm2cpio /tmp/*/*/bluez-devel-*.rpm|cpio -idu +# 3. mkdir Vendor && mv usr/include/* Vendor/ +# 4. tar cJf bluez-devel-vendor.tar.xz Vendor/ +Source21: bluez-devel-vendor.tar.xz +Source98: python311-rpmlintrc +# Tarball is signed by the GPG key of Pablo Galindo Salgado (0x64E628F8D684696D) +# https://keybase.io/pablogsal/pgp_keys.asc?fingerprint=a035c8c19219ba821ecea86b64e628f8d684696d +Source99: python.keyring +# The following files are not used in the build. +# They are listed here to work around missing functionality in rpmbuild, +# which would otherwise exclude them from distributed src.rpm files. +Source100: PACKAGING-NOTES +# PATCH-FEATURE-UPSTREAM F00251-change-user-install-location.patch bsc#[0-9]+ mcepl@suse.com +# Fix installation in /usr/local (boo#1071941), originally from Fedora +# https://src.fedoraproject.org/rpms/python3.12/blob/rawhide/f/00251-change-user-install-location.patch +# Set values of prefix and exec_prefix in distutils install command +# to /usr/local if executable is /usr/bin/python* and RPM build +# is not detected to make pip and distutils install into separate location +Patch02: F00251-change-user-install-location.patch +# PATCH-FEATURE-UPSTREAM distutils-reproducible-compile.patch gh#python/cpython#8057 mcepl@suse.com +# Improve reproduceability +Patch03: distutils-reproducible-compile.patch +# support finding packages in /usr/local, install to /usr/local by default +Patch04: python-3.3.0b1-localpath.patch +# replace DATE, TIME and COMPILER by fixed definitions to aid reproducible builds +Patch05: python-3.3.0b1-fix_date_time_compiler.patch +# Raise timeout value for test_subprocess +Patch07: subprocess-raise-timeout.patch +# PATCH-FEATURE-UPSTREAM bpo-31046_ensurepip_honours_prefix.patch bpo#31046 mcepl@suse.com +# ensurepip should honour the value of $(prefix) +Patch08: bpo-31046_ensurepip_honours_prefix.patch +# PATCH-FIX-SLE no-skipif-doctests.patch jsc#SLE-13738 mcepl@suse.com +# SLE-15 version of Sphinx doesn't know about skipif directive in doctests. +Patch09: no-skipif-doctests.patch +# PATCH-FIX-SLE skip-test_pyobject_freed_is_freed.patch mcepl@suse.com +# skip a test failing on SLE-15 +Patch10: skip-test_pyobject_freed_is_freed.patch +# PATCH-FIX-SLE fix_configure_rst.patch bpo#43774 mcepl@suse.com +# remove duplicate link targets and make documentation with old Sphinx in SLE +Patch11: fix_configure_rst.patch +# PATCH-FIX-UPSTREAM skip_if_buildbot-extend.patch gh#python/cpython#103053 mcepl@suse.com +# Skip test_freeze_simple_script +Patch13: skip_if_buildbot-extend.patch +# PATCH-FIX-UPSTREAM bsc1221260-test_asyncio-ResourceWarning.patch bsc#1221260 mcepl@suse.com +# prevent ResourceWarning in test_asyncio tests +Patch15: bsc1221260-test_asyncio-ResourceWarning.patch +# PATCH-FIX-OPENSUSE CVE-2023-52425-libexpat-2.6.0-backport.patch +# This problem on libexpat is patched on SLE without version +# update, this patch changes the tests to match the libexpat provided +# by SUSE +Patch16: CVE-2023-52425-libexpat-2.6.0-backport.patch +Patch17: CVE-2023-52425-remove-reparse_deferral-tests.patch +# PATCH-FIX-UPSTREAM bso1227999-reproducible-builds.patch bsc#1227999 mcepl@suse.com +# reproducibility patches +Patch19: bso1227999-reproducible-builds.patch +# PATCH-FIX-UPSTREAM gh120226-fix-sendfile-test-kernel-610.patch gh#python/cpython#120226 mcepl@suse.com +# Fix test_sendfile_close_peer_in_the_middle_of_receiving on Linux >= 6.10 (GH-120227) +Patch22: gh120226-fix-sendfile-test-kernel-610.patch +# PATCH-FIX-UPSTREAM Add platform triplets for 64-bit LoongArch gh#python/cpython#30939 glaubitz@suse.com +Patch24: add-loongarch64-support.patch +# PATCH-FIX-UPSTREAM CVE-2025-6069-quad-complex-HTMLParser.patch bsc#1244705 mcepl@suse.com +# avoid quadratic complexity when processing malformed inputs with HTMLParser +Patch25: CVE-2025-6069-quad-complex-HTMLParser.patch +# PATCH-FIX-UPSTREAM CVE-2025-8194-tarfile-no-neg-offsets.patch bsc#1247249 mcepl@suse.com +# tarfile now validates archives to ensure member offsets are non-negative +Patch26: CVE-2025-8194-tarfile-no-neg-offsets.patch +BuildRequires: autoconf-archive +BuildRequires: automake +BuildRequires: crypto-policies-scripts +BuildRequires: fdupes +BuildRequires: gmp-devel +BuildRequires: lzma-devel +BuildRequires: netcfg +BuildRequires: openssl-devel +BuildRequires: pkgconfig +BuildRequires: xz +BuildRequires: pkgconfig(bzip2) +BuildRequires: pkgconfig(expat) +BuildRequires: pkgconfig(libffi) +BuildRequires: pkgconfig(uuid) +BuildRequires: pkgconfig(zlib) +#!BuildIgnore: gdk-pixbuf-loader-rsvg +%if 0%{?suse_version} >= 1550 +# The provider for python(abi) is in rpm-build-python +BuildRequires: rpm-build-python +%endif +%if 0%{?suse_version} >= 1500 && 0%{?suse_version} < 1599 +BuildRequires: pkgconfig(libnsl) +BuildRequires: pkgconfig(libtirpc) +%endif +%if %{with mpdecimal} +BuildRequires: mpdecimal-devel +%endif +%if %{with doc} +BuildRequires: python3-Sphinx >= 4.0.0 +%if 0%{?suse_version} >= 1500 +BuildRequires: python3-python-docs-theme >= 2022.1 +%endif +%endif +%if %{with general} +# required for idle3 (.desktop and .appdata.xml files) +BuildRequires: AppStream +BuildRequires: gcc-c++ +BuildRequires: gdbm-devel +BuildRequires: gettext +BuildRequires: readline-devel +BuildRequires: sqlite-devel +BuildRequires: timezone +BuildRequires: pkgconfig(ncurses) +BuildRequires: pkgconfig(tk) +BuildRequires: pkgconfig(x11) +Requires: %{python_pkg_name}-base = %{version} +Provides: %{python_pkg_name}-readline +Provides: %{python_pkg_name}-sqlite3 +Recommends: %{python_pkg_name}-curses +Recommends: %{python_pkg_name}-dbm +Recommends: %{python_pkg_name}-pip +%if %{primary_interpreter} +Provides: python3 = %{python_version} +Provides: python3-readline +Provides: python3-sqlite3 +%endif +%endif +%{?suse_build_hwcaps_libs} + +%description +Python 3 is modern interpreted, object-oriented programming language, +often compared to Tcl, Perl, Scheme, or Java. You can find an overview +of Python in the documentation and tutorials included in the python3-doc +package. + +This package supplies rich command line features provided by readline, +and sqlite3 support for the interpreter core, thus forming a so called +"extended" runtime. +Installing "python3" is sufficient for the vast majority of usecases. +In addition, recommended packages provide UI toolkit support (python3-curses, +python3-tk), legacy UNIX database bindings (python3-dbm), and the IDLE +development environment (python3-idle). + +%package -n %{python_pkg_name}-tk +Summary: TkInter, a Python Tk Interface +Requires: %{python_pkg_name} = %{version} +%if %{primary_interpreter} +Provides: python3-tk = %{version} +%endif + +%description -n %{python_pkg_name}-tk +Python interface to Tk. Tk is the GUI toolkit that comes with Tcl. + +%package -n %{python_pkg_name}-curses +Summary: Python Interface to the (N)Curses Library +Requires: %{python_pkg_name} = %{version} +%if %{primary_interpreter} +Provides: python3-curses +%endif + +%description -n %{python_pkg_name}-curses +An easy to use interface to the (n)curses CUI library. CUI stands for +Console User Interface. + +%package -n %{python_pkg_name}-dbm +Summary: Python Interface to the GDBM Library +Requires: %{python_pkg_name} = %{version} +%if %{primary_interpreter} +Provides: python3-dbm +%endif + +%description -n %{python_pkg_name}-dbm +An easy to use interface for Unix DBM databases, and more specifically, +the GNU implementation GDBM. + +%package -n %{python_pkg_name}-idle +Summary: An Integrated Development Environment for Python +Requires: %{python_pkg_name} = %{version} +Requires: %{python_pkg_name}-tk +%if %{primary_interpreter} +Provides: python3-idle = %{version} +%endif + +%description -n %{python_pkg_name}-idle +IDLE is a Tkinter based integrated development environment for Python. +It features a multi-window text editor with multiple undo, Python +colorizing, and many other things, as well as a Python shell window and +a debugger. + +%package -n %{python_pkg_name}-doc +Summary: Package Documentation for Python 3 +Enhances: %{python_pkg_name} = %{python_version} +%if %{primary_interpreter} +Provides: python3-doc = %{version} +%endif + +%description -n %{python_pkg_name}-doc +Tutorial, Global Module Index, Language Reference, Library Reference, +Extending and Embedding Reference, Python/C API Reference, Documenting +Python, and Macintosh Module Reference in HTML format. + +%package -n %{python_pkg_name}-doc-devhelp +Summary: Additional Package Documentation for Python 3 in devhelp format +%if %{primary_interpreter} +Provides: python3-doc-devhelp = %{version} +%endif + +%description -n %{python_pkg_name}-doc-devhelp +Tutorial, Global Module Index, Language Reference, Library Reference, +Extending and Embedding Reference, Python/C API Reference, Documenting +Python, and Macintosh Module Reference in format for devhelp. + +%package -n %{python_pkg_name}-base +Summary: Python 3 Interpreter and Stdlib Core +Requires: libpython%{so_version} = %{version} +Recommends: %{python_pkg_name} = %{version} +#Recommends: python3-ensurepip +# python 3.1 didn't have a separate python-base, so it is wrongly +# not a conflict to have python3-3.1 and python3-base > 3.1 +Obsoletes: python3 < 3.2 +# no Provides, because python3 is obviously provided by package python3 +# python 3.4 provides asyncio +Provides: %{python_pkg_name}-asyncio = %{version} +# python 3.6 provides typing +Provides: %{python_pkg_name}-typing = %{version} +# python3-xml was merged into python3, now moved into -base +Provides: %{python_pkg_name}-xml = %{version} +%if %{primary_interpreter} +Provides: python3-asyncio = %{version} +Obsoletes: python3-asyncio < %{version} +Provides: python3-base = %{version} +Obsoletes: python3-base < %{version} +Provides: python3-typing = %{version} +Obsoletes: python3-typing < %{version} +Provides: python3-xml = %{version} +Obsoletes: python3-xml < %{version} +%endif + +%description -n %{python_pkg_name}-base +Python is an interpreted, object-oriented programming language, and is +often compared to Tcl, Perl, Scheme, or Java. You can find an overview +of Python in the documentation and tutorials included in the python-doc +package. + +This package contains the interpreter core and most commonly used modules +from the standard library. This is sufficient for many usecases, but it +excludes components that depend on external libraries, most notably XML, +database and UI toolkits support. + +%package -n %{python_pkg_name}-tools +Summary: Python Utility and Demonstration Scripts +Requires: %{python_pkg_name}-base = %{version} +Provides: %{python_pkg_name}-2to3 = %{version} +Provides: %{python_pkg_name}-demo = %{version} +%if %{primary_interpreter} +Provides: python3-2to3 = %{version} +Provides: python3-demo = %{version} +Provides: python3-tools = %{version} +Obsoletes: python3-2to3 < %{version} +Obsoletes: python3-demo < %{version} +%endif + +%description -n %{python_pkg_name}-tools +A number of scripts that are useful for building, testing or extending Python, +and a set of demonstration programs. + +%package -n %{python_pkg_name}-devel +Summary: Include Files and Libraries Mandatory for Building Python Modules +Requires: %{python_pkg_name}-base = %{version} +%if %{primary_interpreter} +Provides: python3-devel = %{version} +%endif + +%description -n %{python_pkg_name}-devel +The Python programming language's interpreter can be extended with +dynamically loaded extensions and can be embedded in other programs. + +This package contains header files, a static library, and development +tools for building Python modules, extending the Python interpreter or +embedding Python in applications. + +This also includes the Python distutils, which were in the Python +package up to version 2.2.2. + +%package -n %{python_pkg_name}-testsuite +Summary: Unit tests for Python and its standard library +Requires: %{python_pkg_name} = %{version} +Requires: %{python_pkg_name}-tk = %{version} +%if %{primary_interpreter} +Provides: python3-testsuite = %{version} +%endif + +%description -n %{python_pkg_name}-testsuite +Unit tests that are useful for verifying integrity and functionality +of the installed Python interpreter and standard library. +They are a documented part of stdlib, as a module 'test'. + +%package -n libpython%{so_version} +Summary: Python Interpreter shared library +Requires: %{python_pkg_name}-base >= %{version} + +%description -n libpython%{so_version} +Python is an interpreted, object-oriented programming language, and is +often compared to Tcl, Perl, Scheme, or Java. You can find an overview +of Python in the documentation and tutorials included in the python-doc +(HTML) or python-doc-pdf (PDF) packages. + +This package contains libpython3.2 shared library for embedding in +other applications. + +%prep +%setup -q -n %{tarname} + +%autopatch -p1 -M 08 +%if 0%{?suse_version} <= 1500 +%patch -P 09 -p1 +%endif +%autopatch -p1 -m 10 + +# drop Autoconf version requirement +sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac + +%if %{primary_interpreter} +# fix shebangs - convert /usr/local/bin/python and /usr/bin/env/python to /usr/bin/python3 +for dir in Lib Tools; do + # find *.py, filter to files that contain bad shebangs + # break up "/""usr" like this to prevent replacing with %%{_prefix} + find $dir -name '*.py' -type f -print0 \ + | xargs -0 grep -lE '^#! *(/''usr/.*bin/(env +)?)?python' \ + | xargs sed -r -i -e '1s@^#![[:space:]]*(/''usr/(local/)?bin/(env +)?)?python([0-9]+(\.[0-9]+)?)?@#!%{_bindir}/python3@' +done +%else +# For non-primary Python, just don't bother (bsc#1193179) and remove all +# those shebangs +for dir in Lib Tools; do + find $dir -name '*.py' -type f -exec sed -i '1{/^#!.*python/ d}' '{}' \; +done +# We shortened the file Lib/pdb.py so we have to move the test breakpoint location +sed -i -e '/Breakpoint 3 at ...pdb.py:97/s/97/96/' Lib/test/test_pdb.py +%endif + +# drop in-tree libffi and expat +rm -r Modules/_ctypes/libffi* Modules/_ctypes/darwin +# Cannot remove it because of gh#python/cpython#92875 +# rm -r Modules/expat + +# drop duplicate README from site-packages +rm Lib/site-packages/README.txt + +# Add vendored bluez-devel files +tar xvf %{SOURCE21} + +# Don't fail on warnings when building documentation +sed -i -e '/^SPHINXERRORHANDLING/s/-W//' Doc/Makefile + +%build +%if %{with doc} +TODAY_DATE=`date -r %{SOURCE0} "+%%B %%d, %%Y"` +# TODO use not date of tarball but date of latest patch + +cd Doc +sed -i "s/^today = .*/today = '$TODAY_DATE'/" conf.py +%make_build -j1 JOBS=1 html + +# Build also devhelp files +sphinx-build -a -b devhelp . build/devhelp +rm -rfv build/devhelp/.doctrees +%else +%define _lto_cflags %{nil} +# use rpm_opt_flags +export OPT="%{optflags} -DOPENSSL_LOAD_CONF -fwrapv $(pkg-config --cflags-only-I libffi) -fno-semantic-interposition" + +touch -r %{SOURCE0} Makefile.pre.in + +autoreconf -fvi + +%if 0%{?sles_version} +sed -e 's/-fprofile-correction//' -i Makefile.pre.in +%endif + +export CFLAGS="%{optflags} -IVendor/" + +%configure \ + --with-platlibdir=%{_lib} \ + --docdir=%{_docdir}/python \ + --enable-ipv6 \ + --enable-shared \ + --with-ensurepip=no \ + --with-system-ffi \ + --with-system-expat \ + --with-lto \ +%if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150400 + --with-ssl-default-suites=openssl \ +%endif +%if %{with profileopt} + --enable-optimizations \ +%endif +%if %{with mpdecimal} + --with-system-libmpdec \ +%endif + --enable-loadable-sqlite-extensions + +# prevent make from trying to rebuild PYTHON_FOR_GEN stuff +# %%make_build -t Python/Python-ast.c \ + # Include/Python-ast.h \ + # Objects/typeslots.inc \ + # Python/opcode_targets.h \ + # Include/opcode.h +%make_build + +%if %{with general} +%make_build +%endif +%if %{with base} +%if %{with profileopt} + target=profile-opt +%else + target=all +%endif +LD_LIBRARY_PATH=.:$LD_LIBRARY_PATH \ + %make_build $target +%endif +%endif + +%check +export SUSE_VERSION="0%{?suse_version}" +export SLE_VERSION="0%{?sle_version}" +%if %{with general} +# exclude test_gdb -- it doesn't run in buildservice anyway, and fails on missing debuginfos +# when you install gdb into your test env +EXCLUDE="test_gdb" +# we patch out the message to recommend zypper in and thus this would fail +EXCLUDE="$EXCLUDE test_pydoc" + +%ifarch %{arm} s390x +# test_multiprocessing_forkserver is racy +EXCLUDE="$EXCLUDE test_multiprocessing_forkserver" +%endif +%ifarch ppc ppc64 ppc64le +# exclue test_faulthandler due to bnc#831629 +EXCLUDE="$EXCLUDE test_faulthandler" +%endif +# some tests break in QEMU +%if 0%{?qemu_user_space_build} +EXCLUDE="$EXCLUDE test_faulthandler test_multiprocessing_forkserver test_multiprocessing_spawn test_os test_posix test_signal test_socket test_subprocess" +%endif + +# This test (part of test_uuid) requires real network interfaces +# so that ifconfig output has "HWaddr ". Some kvm instances +# done have any such interface breaking the uuid module. +EXCLUDE="$EXCLUDE test_uuid" + +# bsc#1195140 and bpo#37169 - test_capi is failing on openSUSE, and not sure why +EXCLUDE="$EXCLUDE test_capi" + +# Limit virtual memory to avoid spurious failures +if test $(ulimit -v) = unlimited || test $(ulimit -v) -gt 10000000; then + ulimit -v 11000000 || : +fi + +# test_freeze_simple_script in test.test_tools.test_freeze.TestFreeze +# uses CONFIG_ARGS to run ./configure. +export CONFIG_ARGS="--enable-ipv6 --enable-shared --with-ensurepip=no \ + --with-system-ffi --with-system-expat --with-lto --enable-optimizations \ + --with-system-libmpdec --enable-loadable-sqlite-extensions" + +export PYTHONPATH="$(pwd -P)/Lib" +# Use timeout, like make target buildbottest +# We cannot run tests parallel, because osc build environment doesn’t +# have /dev/shm +%make_build -j1 test TESTOPTS="-u curses -v -x $EXCLUDE --timeout=5400" +# use network, be verbose: +#make test TESTOPTS="-l -u network -v" +%endif + +%install +%if %{with doc} +export PDOCS=%{buildroot}%{_docdir}/python%{python_version} +mkdir -p $PDOCS +# generated docs +rm Doc/build/*/.buildinfo +cp -r Doc/build/html $PDOCS +# misc +install -d -m 755 $PDOCS/Misc +rm Misc/README.AIX +for i in Misc/* ; do + [ -f $i ] && install -c -m 644 $i $PDOCS/Misc/ +done +# devhelp +mkdir -p %{buildroot}%{_datadir}/gtk-doc/html +cp -r Doc/build/devhelp %{buildroot}%{_datadir}/gtk-doc/html/Python%{python_version} +rm -rf %{buildroot}%{_datadir}/gtk-doc/html/Python%{python_version}/.doctrees +%endif +%if %{with general} +%make_install + +# clean out stuff that is in python-base and subpackages + +find %{buildroot}%{_bindir} -mindepth 1 -not -name "*idle3*" -print -delete +rm %{buildroot}%{_libdir}/lib* +rm -r %{buildroot}%{_libdir}/pkgconfig +rm -r %{buildroot}%{_mandir}/* +rm -r %{buildroot}%{_includedir}/* + +rm -r %{buildroot}%{sitedir}/config* +find %{buildroot}%{sitedir} -name "*.egg-info" -delete +rm -r %{buildroot}%{sitedir}/__pycache__ +rm -r %{buildroot}%{sitedir}/site-packages +rm %{buildroot}%{sitedir}/*.* + +for module in \ + asyncio ctypes collections concurrent distutils email encodings \ + ensurepip html http re \ + importlib json logging multiprocessing pydoc_data unittest \ + urllib venv wsgiref lib2to3 test tomllib turtledemo \ + xml xmlrpc zoneinfo __phello__ +do + rm -r %{buildroot}%{sitedir}/$module +done + +for library in \ + array _asyncio audioop binascii _bisect _bz2 cmath _codecs_* \ + _contextvars _crypt _csv _ctypes _datetime _decimal fcntl grp \ + _hashlib _heapq _json _lsprof _lzma math mmap _multibytecodec \ + _multiprocessing _opcode ossaudiodev _pickle _posixshmem \ + _posixsubprocess _queue _random resource select _ssl _socket spwd \ + _statistics _struct syslog termios _testbuffer _testimportmultiple \ + _testmultiphase unicodedata zlib _ctypes_test _testinternalcapi _testcapi \ + _typing _testclinic xxlimited xxlimited_35 \ + _xxtestfuzz _xxsubinterpreters _elementtree pyexpat _md5 _sha1 \ + _sha256 _sha512 _blake2 _sha3 _uuid _zoneinfo +do + eval rm "%{buildroot}%{sitedir}/lib-dynload/$library.*" +done + +# Idle is not packaged in base due to the appstream-glib dependency +# move idle config into /etc +install -d -m 755 %{buildroot}%{_sysconfdir}/idle%{python_version} +( + cd %{buildroot}/%{sitedir}/idlelib/ + for file in *.def ; do + mv $file %{buildroot}%{_sysconfdir}/idle%{python_version}/ + ln -sf %{_sysconfdir}/idle%{python_version}/$file %{buildroot}/%{sitedir}/idlelib/ + done +) + +# keep just idle3.X +rm %{buildroot}%{_bindir}/idle3 + +# install idle icons +for size in 16 32 48 ; do + install -m 644 -D Lib/idlelib/Icons/idle_${size}.png \ + %{buildroot}%{_datadir}/icons/hicolor/${size}x${size}/apps/idle%{python_version}.png +done + +# install idle desktop file +cp %{SOURCE19} idle%{python_version}.desktop +sed -i -e 's:idle3:idle%{python_version}:g' idle%{python_version}.desktop +install -m 644 -D -t %{buildroot}%{_datadir}/applications idle%{python_version}.desktop + +cp %{SOURCE20} idle%{python_version}.appdata.xml +sed -i -e 's:idle3.desktop:idle%{python_version}.desktop:g' idle%{python_version}.appdata.xml +install -m 644 -D -t %{buildroot}%{_datadir}/metainfo idle%{python_version}.appdata.xml +appstreamcli validate --no-net %{buildroot}%{_datadir}/metainfo/idle%{python_version}.appdata.xml + +%fdupes %{buildroot}/%{_libdir}/python%{python_version} +%endif +%if %{with base} +%make_install + +# remove .a +find %{buildroot} -name "*.a" -delete + +# install "site-packages" and __pycache__ for third parties +install -d -m 755 %{buildroot}%{sitedir}/site-packages +install -d -m 755 %{buildroot}%{sitedir}/site-packages/__pycache__ +# and their 32bit counterparts explicitly +mkdir -p %{buildroot}%{_prefix}/lib/python%{python_version}/site-packages/__pycache__ + +# cleanup parts that don't belong +for dir in curses dbm sqlite3 tkinter idlelib; do + find "%{buildroot}/%{sitedir}/$dir"/* -maxdepth 0 -name "test" -o -exec rm -rf {} + +done +rm -fv %{buildroot}%{dynlib nis} + +# overwrite the copied binary with a link +ln -sf python%{python_version} %{buildroot}%{_bindir}/python3 + +# decide to ship python3 or just python3.X +%if !%{primary_interpreter} +# base +rm %{buildroot}%{_bindir}/python3 +rm %{buildroot}%{_bindir}/pydoc3 +rm %{buildroot}%{_mandir}/man1/python3.1 +# devel +rm %{buildroot}%{_bindir}/python3-config +rm %{buildroot}%{_libdir}/libpython3.so +rm %{buildroot}%{_libdir}/pkgconfig/{python3,python3-embed}.pc +%endif + +%if %{with externally_managed} +# PEP-0668 mark this as a distro maintained python +sed -e 's,__PYTHONPREFIX__,%{python_pkg_name},' -e 's,__PYTHON__,python%{python_version},' < %{SOURCE4} > %{buildroot}%{sitedir}/EXTERNALLY-MANAGED +%endif + +# link shared library instead of static library that tools expect +ln -s ../../libpython%{python_abi}.so %{buildroot}%{_libdir}/python%{python_version}/config-%{python_abi}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}/libpython%{python_abi}.so + +# delete idle3, which has to many packaging dependencies for base +rm %{buildroot}%{_bindir}/idle3* + +# delete the generic 2to3 binary if we are not primary +%if !%{primary_interpreter} +rm %{buildroot}%{_bindir}/2to3 +%endif + +# replace duplicate .pyo/.pyc with hardlinks +%fdupes %{buildroot}/%{sitedir} + +# documentation +export PDOCS=%{buildroot}%{_docdir}/%{name} +install -d -m 755 $PDOCS +install -c -m 644 %{SOURCE3} $PDOCS/ +install -c -m 644 README.rst $PDOCS/ + +# tools +for x in `find Tools/ \( -not -name Makefile \) -print | sort` ; do + test -d $x && ( install -c -m 755 -d $PDOCS/$x ) \ + || ( install -c -m 644 $x $PDOCS/$x ) +done +# gdb script is shipped with devel subpackage +rm -r $PDOCS/Tools/gdb +# clean up the bat files +find "$PDOCS" -name "*.bat" -delete + +# put gdb helper script into place +install -m 755 -D Tools/gdb/libpython.py %{buildroot}%{_datadir}/gdb/auto-load/%{_libdir}/libpython%{python_abi}.so.%{so_major}.%{so_minor}-gdb.py + +# install devel files to /config +#cp Makefile Makefile.pre.in Makefile.pre $RPM_BUILD_ROOT%%{sitedir}/config-%%{python_abi}/ + +# Remove -IVendor/ from python-config boo#1231795 +sed -i 's/-IVendor\///' %{buildroot}%{_bindir}/python%{python_abi}-config + +# RPM macros +%if %{primary_interpreter} +mkdir -p %{buildroot}%{_rpmconfigdir}/macros.d/ +install -m 644 %{SOURCE7} %{buildroot}%{_rpmconfigdir}/macros.d/ # macros.python3 +%endif + +# import_failed hooks +FAILDIR=%{buildroot}/%{sitedir}/_import_failed +mkdir $FAILDIR +install -m 644 %{SOURCE8} %{SOURCE9} $FAILDIR # import_failed.* +LD_LIBRARY_PATH=. ./python -c "from py_compile import compile; compile('$FAILDIR/import_failed.py', dfile='%{sitedir}/_import_failed/import_failed.py')" +LD_LIBRARY_PATH=. ./python -O -c "from py_compile import compile; compile('$FAILDIR/import_failed.py', dfile='%{sitedir}/_import_failed/import_failed.py')" +( + cd $FAILDIR + while read package modules; do + for module in $modules; do + ln import_failed.py $module.py + pushd __pycache__ + for i in import_failed*; do + ln $i "$module${i#import_failed}" + done + popd + done + done < %{SOURCE9} +) +echo %{sitedir}/_import_failed > %{buildroot}/%{sitedir}/site-packages/zzzz-import-failed-hooks.pth +%endif + +# For the purposes of reproducibility, it is necessary to eliminate any *.pyc files inside documentation dirs +if [ -d %{buildroot}%{_defaultdocdir} ] ; then +find %{buildroot}%{_defaultdocdir} -type f -name \*.pyc -ls -exec rm -vf '{}' \; +fi + +%if %{with general} +%files -n %{python_pkg_name}-tk +%{sitedir}/tkinter +%exclude %{sitedir}/tkinter/test +%{dynlib _tkinter} + +%files -n %{python_pkg_name}-curses +%{sitedir}/curses +%{dynlib _curses} +%{dynlib _curses_panel} + +%files -n %{python_pkg_name}-dbm +%{sitedir}/dbm +%{dynlib _dbm} +%{dynlib _gdbm} + +%files -n %{python_pkg_name} +%dir %{sitedir} +%dir %{sitedir}/lib-dynload +%{sitedir}/sqlite3 +%exclude %{sitedir}/sqlite3/test +%{dynlib readline} +%{dynlib _sqlite3} +%if 0%{?suse_version} < 1599 +%{dynlib nis} +%endif + +%files -n %{python_pkg_name}-idle +%{sitedir}/idlelib +%dir %{_sysconfdir}/idle%{python_version} +%config %{_sysconfdir}/idle%{python_version}/* +%doc Lib/idlelib/README.txt +%doc Lib/idlelib/TODO.txt +%doc Lib/idlelib/extend.txt +%doc Lib/idlelib/ChangeLog +%{_bindir}/idle%{python_version} +%{_datadir}/applications/idle%{python_version}.desktop +%{_datadir}/metainfo/idle%{python_version}.appdata.xml +%{_datadir}/icons/hicolor/*/apps/idle%{python_version}.png +%dir %{_datadir}/icons/hicolor +%dir %{_datadir}/icons/hicolor/16x16 +%dir %{_datadir}/icons/hicolor/32x32 +%dir %{_datadir}/icons/hicolor/48x48 +%dir %{_datadir}/icons/hicolor/*/apps +# endif for if general +%endif + +%if %{with doc} +%files -n %{python_pkg_name}-doc +%dir %{_docdir}/python%{python_version} +%doc %{_docdir}/python%{python_version}/Misc +%doc %{_docdir}/python%{python_version}/html + +%files -n %{python_pkg_name}-doc-devhelp +%dir %{_datadir}/gtk-doc +%dir %{_datadir}/gtk-doc/html +%doc %{_datadir}/gtk-doc/html/Python%{python_version} +%endif + +%if %{with base} +%post -n libpython%{so_version} -p /sbin/ldconfig +%postun -n libpython%{so_version} -p /sbin/ldconfig + +%files -n libpython%{so_version} +%{_libdir}/libpython%{python_abi}.so.%{so_major}.%{so_minor} + +%files -n %{python_pkg_name}-tools +%{sitedir}/turtledemo +%if %{primary_interpreter} +%{_bindir}/2to3 +%endif +%attr(755, root, root)%{_bindir}/2to3-%{python_version} +%doc %{_docdir}/%{name}/Tools + +%files -n %{python_pkg_name}-devel +%{_libdir}/libpython%{python_abi}.so +%if %{primary_interpreter} +%{_libdir}/libpython3.so +%endif +%{_libdir}/pkgconfig/* +%{_includedir}/python%{python_abi} +%{sitedir}/config-%{python_abi}-* +%{_bindir}/python%{python_abi}-config +%if %{primary_interpreter} +%{_bindir}/python3-config +%endif +# Own these directories to not depend on gdb +%dir %{_datadir}/gdb +%dir %{_datadir}/gdb/auto-load +%dir %{_datadir}/gdb/auto-load%{_prefix} +%dir %{_datadir}/gdb/auto-load%{_libdir} +%{_datadir}/gdb/auto-load/%{_libdir}/libpython%{python_abi}.so.%{so_major}.%{so_minor}-gdb.py + +%files -n %{python_pkg_name}-testsuite +%{sitedir}/test +%{sitedir}/*/test +%{sitedir}/*/tests +%{dynlib _ctypes_test} +%{dynlib _testbuffer} +%{dynlib _testcapi} +%{dynlib _testclinic} +%{dynlib _testinternalcapi} +%{dynlib _testimportmultiple} +%{dynlib _testmultiphase} +%{dynlib xxlimited} +# workaround for missing packages +%dir %{sitedir}/sqlite3 +%dir %{sitedir}/tkinter + +%files -n %{python_pkg_name}-base +# docs +%dir %{_docdir}/%{name} +%doc %{_docdir}/%{name}/README.rst +%license LICENSE +%doc %{_docdir}/%{name}/README.SUSE +%if %{primary_interpreter} +%{_mandir}/man1/python3.1%{?ext_man} +%endif +%{_mandir}/man1/python%{python_version}.1%{?ext_man} +%if %{with externally_managed} +# PEP-0668 +%{sitedir}/EXTERNALLY-MANAGED +%endif +# license text, not a doc because the code can use it at run-time +%{sitedir}/LICENSE.txt +# RPM macros +%if %{primary_interpreter} +%{_rpmconfigdir}/macros.d/macros.python3 +%endif +# binary parts +%dir %{sitedir}/lib-dynload +%{dynlib array} +%{dynlib _asyncio} +%{dynlib audioop} +%{dynlib binascii} +%{dynlib _bisect} +%{dynlib _bz2} +%{dynlib cmath} +%{dynlib _codecs_cn} +%{dynlib _codecs_hk} +%{dynlib _codecs_iso2022} +%{dynlib _codecs_jp} +%{dynlib _codecs_kr} +%{dynlib _codecs_tw} +%{dynlib _contextvars} +%{dynlib _crypt} +%{dynlib _csv} +%{dynlib _ctypes} +%{dynlib _datetime} +%{dynlib _decimal} +%{dynlib _elementtree} +%{dynlib fcntl} +%{dynlib grp} +%{dynlib _hashlib} +%{dynlib _heapq} +%{dynlib _json} +%{dynlib _lsprof} +%{dynlib _lzma} +%{dynlib math} +%{dynlib mmap} +%{dynlib _multibytecodec} +%{dynlib _multiprocessing} +%{dynlib _opcode} +%{dynlib ossaudiodev} +%{dynlib _pickle} +%{dynlib _posixshmem} +%{dynlib _posixsubprocess} +%{dynlib pyexpat} +%{dynlib _queue} +%{dynlib _random} +%{dynlib resource} +%{dynlib select} +%{dynlib _socket} +%{dynlib spwd} +%{dynlib _ssl} +%{dynlib _statistics} +%{dynlib _struct} +%{dynlib syslog} +%{dynlib termios} +%{dynlib _typing} +%{dynlib unicodedata} +%{dynlib _uuid} +%{dynlib _xxsubinterpreters} +%{dynlib _xxtestfuzz} +%{dynlib xxlimited_35} +%{dynlib zlib} +%{dynlib _zoneinfo} +# hashlib fallback modules +%{dynlib _blake2} +%{dynlib _md5} +%{dynlib _sha1} +%{dynlib _sha256} +%{dynlib _sha512} +%{dynlib _sha3} +# python parts +%dir %{_prefix}/lib/python%{python_version} +%dir %{_prefix}/lib/python%{python_version}/site-packages +%dir %{_prefix}/lib/python%{python_version}/site-packages/__pycache__ +%dir %{sitedir} +%dir %{sitedir}/site-packages +%dir %{sitedir}/site-packages/__pycache__ +%exclude %{sitedir}/*/test +%exclude %{sitedir}/*/tests +%{sitedir}/*.py +%{sitedir}/asyncio +%{sitedir}/ctypes +%{sitedir}/collections +%{sitedir}/concurrent +%{sitedir}/distutils +%{sitedir}/email +%{sitedir}/encodings +%{sitedir}/ensurepip +%{sitedir}/html +%{sitedir}/http +%{sitedir}/importlib +%{sitedir}/json +%{sitedir}/lib2to3 +%{sitedir}/logging +%{sitedir}/multiprocessing +%{sitedir}/pydoc_data +%{sitedir}/re +%{sitedir}/tomllib +%{sitedir}/unittest +%{sitedir}/urllib +%{sitedir}/venv +%{sitedir}/wsgiref +%{sitedir}/xml +%{sitedir}/xmlrpc +%{sitedir}/zoneinfo +%{sitedir}/__phello__ +%{sitedir}/__pycache__ +# import-failed hooks +%{sitedir}/_import_failed +%{sitedir}/site-packages/zzzz-import-failed-hooks.pth +# symlinks +%if %{primary_interpreter} +%{_bindir}/python3 +%{_bindir}/pydoc3 +%endif +# executables +%attr(755, root, root) %{_bindir}/pydoc%{python_version} +# %%attr(755, root, root) %%{_bindir}/python%%{python_abi} +%attr(755, root, root) %{_bindir}/python%{python_version} +# endif for if base +%endif + +%changelog diff --git a/skip-test_pyobject_freed_is_freed.patch b/skip-test_pyobject_freed_is_freed.patch new file mode 100644 index 0000000..6f48b09 --- /dev/null +++ b/skip-test_pyobject_freed_is_freed.patch @@ -0,0 +1,23 @@ +--- + Lib/test/test_capi/test_misc.py | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/Lib/test/test_capi/test_misc.py ++++ b/Lib/test/test_capi/test_misc.py +@@ -40,6 +40,8 @@ import _testinternalcapi + # Were we compiled --with-pydebug or with #define Py_DEBUG? + Py_DEBUG = hasattr(sys, 'gettotalrefcount') + ++# Which version of the SLE distro we build on? ++SLE_VERSION = int(os.environ.get('SLE_VERSION', '0'), 10) + + NULL = None + +@@ -1281,6 +1283,7 @@ class PyMemDebugTests(unittest.TestCase) + def test_pyobject_forbidden_bytes_is_freed(self): + self.check_pyobject_is_freed('check_pyobject_forbidden_bytes_is_freed') + ++ @unittest.skipIf(0 < SLE_VERSION < 150300, 'Failing on Leap 15.*') + def test_pyobject_freed_is_freed(self): + self.check_pyobject_is_freed('check_pyobject_freed_is_freed') + diff --git a/skip_if_buildbot-extend.patch b/skip_if_buildbot-extend.patch new file mode 100644 index 0000000..fd9a584 --- /dev/null +++ b/skip_if_buildbot-extend.patch @@ -0,0 +1,15 @@ +--- + Lib/test/support/__init__.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/Lib/test/support/__init__.py ++++ b/Lib/test/support/__init__.py +@@ -384,7 +384,7 @@ def skip_if_buildbot(reason=None): + if not reason: + reason = 'not suitable for buildbots' + try: +- isbuildbot = getpass.getuser().lower() == 'buildbot' ++ isbuildbot = getpass.getuser().lower() in ['buildbot', 'abuild'] + except (KeyError, EnvironmentError) as err: + warnings.warn(f'getpass.getuser() failed {err}.', RuntimeWarning) + isbuildbot = False diff --git a/skipped_tests.py b/skipped_tests.py new file mode 100644 index 0000000..47002e6 --- /dev/null +++ b/skipped_tests.py @@ -0,0 +1,69 @@ +#!/usr/bin/python3 +""" +Simple regexp-based skipped test checker. +It lists tests that are mentioned (presumably for exclusion) +in BASE, and in MAIN (presumably for inclusion) +and reports discrepancies. + +This will have a number of +""" + +MAIN = "python39.spec" + +import glob +import re +from os.path import basename + +alltests = set() +qemu_exclusions = set() + +for item in glob.glob("Python-*/Lib/test/test_*"): + testname = basename(item) + if testname.endswith(".py"): + testname = testname[:-3] + alltests.add(testname) + +testre = re.compile(r'[\s"](test_\w+)\b') + +def find_tests_in_spec(specname): + global qemu_exclusions + + found_tests = set() + with open(specname) as spec: + in_qemu = False + for line in spec: + line = line.strip() + if "#" in line: + line = line[:line.index("#")] + tests = set(testre.findall(line)) + found_tests |= tests + if line == "%if 0%{?qemu_user_space_build} > 0": + in_qemu = True + if in_qemu: + if line == "%endif": + in_qemu = False + qemu_exclusions |= tests + return found_tests + +excluded = find_tests_in_spec(MAIN) + +#print("--- excluded tests:", " ".join(sorted(excluded))) +#print("--- included tests:", " ".join(sorted(included))) + +mentioned = excluded +nonexistent = mentioned - alltests +missing = excluded - qemu_exclusions + +print("--- the following tests are excluded for QEMU and not tested in python") +print("--- (that probably means we don't need to worry about them)") +for test in sorted(qemu_exclusions - excluded): + print(test) + +print("--- the following tests might be excluded in python:") +for test in sorted(missing): + print(test) + +if nonexistent: + print("--- the following tests don't exist:") + for test in sorted(nonexistent): + print(test) diff --git a/subprocess-raise-timeout.patch b/subprocess-raise-timeout.patch new file mode 100644 index 0000000..ab29d50 --- /dev/null +++ b/subprocess-raise-timeout.patch @@ -0,0 +1,18 @@ +--- + Lib/test/test_subprocess.py | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +Index: Python-3.11.8/Lib/test/test_subprocess.py +=================================================================== +--- Python-3.11.8.orig/Lib/test/test_subprocess.py ++++ Python-3.11.8/Lib/test/test_subprocess.py +@@ -280,7 +280,8 @@ class ProcessTestCase(BaseTestCase): + "time.sleep(3600)"], + # Some heavily loaded buildbots (sparc Debian 3.x) require + # this much time to start and print. +- timeout=3) ++ # OBS might require even more ++ timeout=10) + self.fail("Expected TimeoutExpired.") + self.assertEqual(c.exception.output, b'BDFL') + -- 2.51.1 From e86b781354d7349f62282fcb631170a5f8fdb02245203c42115d78bd8613b364 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mark=C3=A9ta=20Machov=C3=A1?= Date: Mon, 22 Sep 2025 09:07:56 +0000 Subject: [PATCH 135/135] - Drop AppStream buildrequires and don't run appstreamcli validate as part of the build process: the appdata.xml is not updated by source directly, so we have more contol. Having Appstream or the deprecated appstream-glib result in a build cycle. OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=195 --- python311.changes | 8 ++++++++ python311.spec | 3 --- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/python311.changes b/python311.changes index c2ddfe2..6a31432 100644 --- a/python311.changes +++ b/python311.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Fri Sep 19 14:38:03 UTC 2025 - Dominique Leuenberger + +- Drop AppStream buildrequires and don't run appstreamcli validate + as part of the build process: the appdata.xml is not updated by + source directly, so we have more contol. Having Appstream or the + deprecated appstream-glib result in a build cycle. + ------------------------------------------------------------------- Thu Sep 18 08:15:31 UTC 2025 - Dominique Leuenberger diff --git a/python311.spec b/python311.spec index ad48945..88c360e 100644 --- a/python311.spec +++ b/python311.spec @@ -226,8 +226,6 @@ BuildRequires: python3-python-docs-theme >= 2022.1 %endif %endif %if %{with general} -# required for idle3 (.desktop and .appdata.xml files) -BuildRequires: AppStream BuildRequires: gcc-c++ BuildRequires: gdbm-devel BuildRequires: gettext @@ -685,7 +683,6 @@ install -m 644 -D -t %{buildroot}%{_datadir}/applications idle%{python_version}. cp %{SOURCE20} idle%{python_version}.appdata.xml sed -i -e 's:idle3.desktop:idle%{python_version}.desktop:g' idle%{python_version}.appdata.xml install -m 644 -D -t %{buildroot}%{_datadir}/metainfo idle%{python_version}.appdata.xml -appstreamcli validate --no-net %{buildroot}%{_datadir}/metainfo/idle%{python_version}.appdata.xml %fdupes %{buildroot}/%{_libdir}/python%{python_version} %endif -- 2.51.1